[packages/giflib] - added git patch (hardening, uninitialized memory usage fixes); release 2

qboosh qboosh at pld-linux.org
Sun Jan 31 22:20:42 CET 2016 

commit 17f98a3eb94ab14fb9f29c9d5dec03a538f1501a
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Sun Jan 31 22:23:08 2016 +0100

    - added git patch (hardening, uninitialized memory usage fixes); release 2

 giflib-git.patch | 152 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 giflib.spec      |   4 +-
 2 files changed, 155 insertions(+), 1 deletion(-)
---
diff --git a/giflib.spec b/giflib.spec
index 135a1d1..b560882 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -6,11 +6,12 @@ Summary(ru.UTF-8):	Библиотека для работы с GIF-файлам
 Summary(uk.UTF-8):	Бібліотека для роботи з GIF-файлами
 Name:		giflib
 Version:	5.1.2
-Release:	1
+Release:	2
 License:	MIT-like
 Group:		Libraries
 Source0:	http://downloads.sourceforge.net/giflib/%{name}-%{version}.tar.bz2
 # Source0-md5:	323a9f11ab56c8a2d1715376410ce376
+Patch0:		%{name}-git.patch
 URL:		http://sourceforge.net/projects/giflib/
 BuildRequires:	autoconf >= 2.59-9
 BuildRequires:	automake
@@ -138,6 +139,7 @@ Цей пакет містить різноманітні програми дл
 
 %prep
 %setup -q
+%patch0 -p1
 
 %build
 %{__libtoolize}
diff --git a/giflib-git.patch b/giflib-git.patch
new file mode 100644
index 0000000..371d6af
--- /dev/null
+++ b/giflib-git.patch
@@ -0,0 +1,152 @@
+diff --git a/Makefile.am b/Makefile.am
+index 4bd3131..84a6555 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -38,3 +38,9 @@ release: distcheck
+ 	cd doc; make website
+ 	shipper version=@VERSION@ | sh -e -x
+ 	rm -fr doc/staging
++
++# Refresh the wbsite
++refresh:
++	cd doc; make website
++	shipper -w version=@VERSION@ | sh -e -x
++	rm -fr doc/staging
+diff --git a/NEWS b/NEWS
+index 89d6f24..7a4b8d1 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,5 +1,25 @@
+ 			GIFLIB NEWS
+ 
++Repository head
++===============
++
++As of this version the library and code has been seriously abused by fuzzers,
++smoking out crash bugs (now fixed) induced by various kinds of severely
++malformed GIF.
++
++Code Fixes
++----------
++
++* Prevent malloc randomess from causing the header output routine to emit
++  a GIF89 version string even when no GIF89 features are present. Only
++  breaks tests, not production code, but it's odd this wasn't caught sooner.
++
++* Prevent malloc randomess from producing sporadic failures by causing
++  sanity checks added in 5.1.2 to misfire.
++
++* Bulletproof gif2rgb against 0-height images. Addressed SF bug #78:
++  Heap overflow in gif2rgb with images of size 0.
++
+ Version 5.1.2
+ =============
+ 
+@@ -146,7 +166,7 @@ Documentation and polish
+ 
+ Retirements
+ -----------
+-* gifinter is gone.  Use convert -interlace from the ImageMagic suite.
++* gifinter is gone.  Use convert -interlace from the ImageMagick suite.
+ 
+ Code Fixes
+ ----------
+#diff --git a/doc/index.html b/doc/index.html
+#index 7643f85..47299b3 100644
+#--- a/doc/index.html
+#+++ b/doc/index.html
+#@@ -113,8 +113,8 @@ pages, or ask to join the project as a developer) is <a
+# href="https://sourceforge.net/projects/giflib/">here</a>.
+# 
+# <p>If you appreciate this project, and especially if you make money
+#-from it, please <a href="http://gittip.com/esr">leave a tip to support
+#-continuing maintainance</a>.</p>
+#+from it, please <a href="https://www.patreon.com/esr">support
+#+continuing maintainance on Patreon</a>.</p>
+# 
+# </body>
+# </html>
+diff --git a/history.asc b/history.asc
+index 78c64fe..31f7e4a 100644
+--- a/history.asc
++++ b/history.asc
+@@ -59,6 +59,12 @@ items from 18 years of backlog.  It made the library thread-safe, added
+ direct support for GIF89 graphics control blocks, and tossed out large
+ amounts of obsolete utility code.
+ 
++More recent version of the code (5.1.0 and onwards) have been hardened
++by both static analysis and fuzz testing.  While these failed to turn
++up bugs in normal rendering cases, they did uncover some crash and
++corruption bugs that could be tickled by carefully crafted malformed
++GIFs.
++
+ This code is very old, very stable, and *everywhere* - browsers
+ game consoles, smartphones, pretty much everything that opens an
+ HTTP port and does graphics uses it.
+diff --git a/lib/dgif_lib.c b/lib/dgif_lib.c
+index 42cf4ab..e22925e 100644
+--- a/lib/dgif_lib.c
++++ b/lib/dgif_lib.c
+@@ -97,6 +97,9 @@ DGifOpenFileHandle(int FileHandle, int *Error)
+         free((char *)GifFile);
+         return NULL;
+     }
++
++    /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType));
++
+ #ifdef _WIN32
+     _setmode(FileHandle, O_BINARY);    /* Make sure it is in binary mode. */
+ #endif /* _WIN32 */
+@@ -179,6 +182,7 @@ DGifOpen(void *userData, InputFunc readFunc, int *Error)
+         free((char *)GifFile);
+         return NULL;
+     }
++    /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType));
+ 
+     GifFile->Private = (void *)Private;
+     Private->FileHandle = 0;
+diff --git a/lib/egif_lib.c b/lib/egif_lib.c
+index 39a62b2..18f954f 100644
+--- a/lib/egif_lib.c
++++ b/lib/egif_lib.c
+@@ -103,6 +103,7 @@ EGifOpenFileHandle(const int FileHandle, int *Error)
+ 	    *Error = E_GIF_ERR_NOT_ENOUGH_MEM;
+         return NULL;
+     }
++    /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType));
+     if ((Private->HashTable = _InitHashTable()) == NULL) {
+         free(GifFile);
+         free(Private);
+@@ -121,6 +122,7 @@ EGifOpenFileHandle(const int FileHandle, int *Error)
+     Private->FileHandle = FileHandle;
+     Private->File = f;
+     Private->FileState = FILE_STATE_WRITE;
++    Private->gif89 = false;
+ 
+     Private->Write = (OutputFunc) 0;    /* No user write routine (MRB) */
+     GifFile->UserData = (void *)NULL;    /* No user write handle (MRB) */
+@@ -157,6 +159,8 @@ EGifOpen(void *userData, OutputFunc writeFunc, int *Error)
+         return NULL;
+     }
+ 
++    memset(Private, '\0', sizeof(GifFilePrivateType));
++
+     Private->HashTable = _InitHashTable();
+     if (Private->HashTable == NULL) {
+         free (GifFile);
+diff --git a/util/gif2rgb.c b/util/gif2rgb.c
+index 1489435..f3f21ac 100644
+--- a/util/gif2rgb.c
++++ b/util/gif2rgb.c
+@@ -378,6 +378,11 @@ static void GIF2RGB(int NumFiles, char *FileName,
+ 	}
+     }
+ 
++    if (GifFile->SHeight == 0 || GifFile->SWidth == 0) {
++	fprintf(stderr, "Image of width or height 0\n");
++	exit(EXIT_FAILURE);
++    }
++
+     /* 
+      * Allocate the screen as vector of column of rows. Note this
+      * screen is device independent - it's the screen defined by the
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/giflib.git/commitdiff/17f98a3eb94ab14fb9f29c9d5dec03a538f1501a

More information about the pld-cvs-commit mailing list