head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.24 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.22 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.20 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.18 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.16 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.14 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.12 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.10 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.8 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.6 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.4 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.2 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.1.0.8 pkgsrc-2007Q2-base:1.1 pkgsrc-2007Q1:1.1.0.6 pkgsrc-2007Q1-base:1.1 pkgsrc-2006Q4:1.1.0.4 pkgsrc-2006Q4-base:1.1 pkgsrc-2006Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2007.09.18.19.18.12; author drochner; state dead; branches; next 1.1; 1.1 date 2006.11.24.12.46.12; author drochner; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2006.11.24.12.46.12; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2006.11.29.17.16.35; author ghen; state Exp; branches; next ; desc @@ 1.2 log @update to 1.4.0 changes: security fixes, and a few crashes fixed @ text @$NetBSD: patch-cg,v 1.1 2006/11/24 12:46:12 drochner Exp $ --- src/modules/loaders/loader_tiff.c.orig 2006-09-05 02:37:07.000000000 +0200 +++ src/modules/loaders/loader_tiff.c @@@@ -75,7 +75,7 @@@@ static void raster(TIFFRGBAImage_Extra * img, uint32 * rast, uint32 x, uint32 y, uint32 w, uint32 h) { - uint32 image_width, image_height; + int image_width, image_height; uint32 *pixel, pixel_value; int i, j, dy, rast_offset; DATA32 *buffer_pixel, *buffer = img->image->data; @@@@ -202,8 +202,16 @@@@ load(ImlibImage * im, ImlibProgressFunct } rgba_image.image = im; - im->w = width = rgba_image.rgba.width; - im->h = height = rgba_image.rgba.height; + width = rgba_image.rgba.width; + height = rgba_image.rgba.height; + if (width < 1 || height < 1 || width >= 16384 || height >= 16384) + { + TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image); + TIFFClose(tif); + return 0; + } + im->w = width; + im->h = height; rgba_image.num_pixels = num_pixels = width * height; if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED) SET_FLAG(im->flags, F_HAS_ALPHA); @ 1.1 log @fix some insufficient validation of graphics files, patches from Ubuntu (CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809) update to 1.3.0 (no changelog available) @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-cg was added on branch pkgsrc-2006Q3 on 2006-11-24 12:46:12 +0000 @ text @d1 32 @ 1.1.2.2 log @Pullup ticket 1926 - requested by drochner security update for imlib2 - pkgsrc/graphics/imlib2/Makefile 1.41 - pkgsrc/graphics/imlib2/PLIST 1.8 - pkgsrc/graphics/imlib2/distinfo 1.17 - pkgsrc/graphics/imlib2/patches/patch-aa removed - pkgsrc/graphics/imlib2/patches/patch-ba removed - pkgsrc/graphics/imlib2/patches/patch-bb removed - pkgsrc/graphics/imlib2/patches/patch-bc removed - pkgsrc/graphics/imlib2/patches/patch-bd removed - pkgsrc/graphics/imlib2/patches/patch-ca 1.1 - pkgsrc/graphics/imlib2/patches/patch-cb 1.1 - pkgsrc/graphics/imlib2/patches/patch-cc 1.1 - pkgsrc/graphics/imlib2/patches/patch-cd 1.1 - pkgsrc/graphics/imlib2/patches/patch-ce 1.1 - pkgsrc/graphics/imlib2/patches/patch-cf 1.1 - pkgsrc/graphics/imlib2/patches/patch-cg 1.1 Module Name: pkgsrc Committed By: drochner Date: Fri Nov 24 12:46:12 UTC 2006 Modified Files: pkgsrc/graphics/imlib2: Makefile PLIST distinfo Added Files: pkgsrc/graphics/imlib2/patches: patch-ca patch-cb patch-cc patch-cd patch-ce patch-cf patch-cg Removed Files: pkgsrc/graphics/imlib2/patches: patch-ba patch-bb patch-bc patch-bd Log Message: fix some insufficient validation of graphics files, patches from Ubuntu (CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809) update to 1.3.0 (no changelog available) --- Module Name: pkgsrc Committed By: drochner Date: Wed Nov 29 15:37:09 UTC 2006 Removed Files: pkgsrc/graphics/imlib2/patches: patch-aa Log Message: remove stale patchfile, pointed out by Kouichirou Hiratsuka @ text @a0 32 $NetBSD: patch-cg,v 1.1.2.1 2006/11/29 17:16:35 ghen Exp $ --- src/modules/loaders/loader_tiff.c.orig 2006-09-05 02:37:07.000000000 +0200 +++ src/modules/loaders/loader_tiff.c @@@@ -75,7 +75,7 @@@@ static void raster(TIFFRGBAImage_Extra * img, uint32 * rast, uint32 x, uint32 y, uint32 w, uint32 h) { - uint32 image_width, image_height; + int image_width, image_height; uint32 *pixel, pixel_value; int i, j, dy, rast_offset; DATA32 *buffer_pixel, *buffer = img->image->data; @@@@ -202,8 +202,16 @@@@ load(ImlibImage * im, ImlibProgressFunct } rgba_image.image = im; - im->w = width = rgba_image.rgba.width; - im->h = height = rgba_image.rgba.height; + width = rgba_image.rgba.width; + height = rgba_image.rgba.height; + if (width < 1 || height < 1 || width >= 16384 || height >= 16384) + { + TIFFRGBAImageEnd((TIFFRGBAImage *) & rgba_image); + TIFFClose(tif); + return 0; + } + im->w = width; + im->h = height; rgba_image.num_pixels = num_pixels = width * height; if (rgba_image.rgba.alpha != EXTRASAMPLE_UNSPECIFIED) SET_FLAG(im->flags, F_HAS_ALPHA); @