head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.8
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2012Q4:1.3.0.6
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2011Q4:1.3.0.4
	pkgsrc-2011Q4-base:1.3
	pkgsrc-2011Q2:1.3.0.2
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2010Q4:1.2.0.32
	pkgsrc-2010Q4-base:1.2
	pkgsrc-2010Q3:1.2.0.30
	pkgsrc-2010Q3-base:1.2
	pkgsrc-2010Q2:1.2.0.28
	pkgsrc-2010Q2-base:1.2
	pkgsrc-2010Q1:1.2.0.26
	pkgsrc-2010Q1-base:1.2
	pkgsrc-2009Q4:1.2.0.24
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q3:1.2.0.22
	pkgsrc-2009Q3-base:1.2
	pkgsrc-2009Q2:1.2.0.20
	pkgsrc-2009Q2-base:1.2
	pkgsrc-2009Q1:1.2.0.18
	pkgsrc-2009Q1-base:1.2
	pkgsrc-2008Q4:1.2.0.16
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.14
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.12
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.2.0.10
	pkgsrc-2008Q2-base:1.2
	cwrapper:1.2.0.8
	pkgsrc-2008Q1:1.2.0.6
	pkgsrc-2008Q1-base:1.2
	pkgsrc-2007Q4:1.2.0.4
	pkgsrc-2007Q4-base:1.2
	pkgsrc-2007Q3:1.2.0.2
	pkgsrc-2007Q3-base:1.2;
locks; strict;
comment	@# @;


1.3
date	2011.03.06.16.20.00;	author wiz;	state dead;
branches;
next	1.2;

1.2
date	2007.07.30.07.56.27;	author joerg;	state Exp;
branches;
next	1.1;

1.1
date	2007.07.04.13.44.11;	author lkundrak;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Remove remaining parts of gimp1 and gimp-print (GTK1 cleanup).
@
text
@$NetBSD: patch-ae,v 1.2 2007/07/30 07:56:27 joerg Exp $

Fix for CVE-2007-2949 heap overflow from upstream.

--- plug-ins/common/psd.c.orig	2007-07-04 15:41:06.000000000 +0200
+++ plug-ins/common/psd.c
@@@@ -1200,6 +1200,12 @@@@ seek_to_and_unpack_pixeldata(FILE* fd, g
   width = psd_image.layer[layeri].channel[channeli].width;
   height = psd_image.layer[layeri].channel[channeli].height;
 
+  if (width > 0x7FFF || height > 0x7FFF)
+    {
+      g_message ("Error: Invalid channel dimensions");
+      gimp_quit ();
+    }
+
   IFDBG
     {
       printf("\t\t\tLayer (%d) Channel (%d:%d) Compression: %d (%s)\n",
@


1.2
log
@G_INTMAX16 doesn't exist. Assume for now that it means 0x7fff.
No cookie for lkundrak.
@
text
@d1 1
a1 1
$NetBSD: patch-ae,v 1.1 2007/07/04 13:44:11 lkundrak Exp $
@


1.1
log
@Security for CVE-2007-2949 heap overflow. Bump PKGREVISION.
@
text
@d1 1
a1 1
$NetBSD$
d11 1
a11 1
+  if (width > G_MAXINT16 || height > G_MAXINT16)
@