head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.8
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.6
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.4
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.2
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2010Q4:1.1.0.28
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.26
	pkgsrc-2010Q3-base:1.1
	pkgsrc-2010Q2:1.1.0.24
	pkgsrc-2010Q2-base:1.1
	pkgsrc-2010Q1:1.1.0.22
	pkgsrc-2010Q1-base:1.1
	pkgsrc-2009Q4:1.1.0.20
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2009Q3:1.1.0.18
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.16
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.14
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.12
	pkgsrc-2008Q4-base:1.1
	pkgsrc-2008Q3:1.1.0.10
	pkgsrc-2008Q3-base:1.1
	cube-native-xorg:1.1.0.8
	cube-native-xorg-base:1.1
	pkgsrc-2008Q2:1.1.0.6
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.4
	pkgsrc-2008Q1:1.1.0.2
	pkgsrc-2008Q1-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2011.03.06.16.20.00;	author wiz;	state dead;
branches;
next	1.1;

1.1
date	2008.03.23.14.27.51;	author tonnerre;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Remove remaining parts of gimp1 and gimp-print (GTK1 cleanup).
@
text
@$NetBSD: patch-ab,v 1.1 2008/03/23 14:27:51 tonnerre Exp $

Fix Sun RAS buffer overflow (CVE-2007-2356).

--- plug-ins/common/sunras.c.orig	2003-01-15 03:04:01.000000000 +0100
+++ plug-ins/common/sunras.c
@@@@ -101,7 +101,7 @@@@ static gint   save_image (gchar   *filen
                           gint32   image_ID,
                           gint32   drawable_ID);
 
-static void set_color_table (gint32, L_SUNFILEHEADER *, unsigned char *);
+static void set_color_table (gint32, L_SUNFILEHEADER *, const guchar *);
 
 static gint32 create_new_image (char *filename, guint width, guint height,
 				GimpImageBaseType type, gint32 *layer_ID, GimpDrawable **drawable,
@@@@ -872,7 +872,7 @@@@ write_sun_cols (FILE            *ofp,
 static void
 set_color_table (gint32           image_ID,
 		 L_SUNFILEHEADER *sunhdr,
-		 guchar          *suncolmap)
+		 const guchar    *suncolmap)
 {
   int ncols, j;
   guchar ColorMap[256*3];
@@@@ -880,7 +880,7 @@@@ set_color_table (gint32           image_
   ncols = sunhdr->l_ras_maplength / 3;
   if (ncols <= 0) return;
 
-  for (j = 0; j < ncols; j++)
+  for (j = 0; j < MIN(ncols, 256); j++)
     {
       ColorMap[j*3]   = suncolmap[j];
       ColorMap[j*3+1] = suncolmap[j+ncols];
@


1.1
log
@Fix Sun RAS buffer overflow (CVE-2007-2356). This was fixed in gimp2 but
gimp1 was forgotten.
Approved-by: gdt, joerg
@
text
@d1 1
a1 1
$NetBSD$
@