wok-current view gdk-pixbuf/stuff/CVE-2022-48622.patch @ rev 25708
Downgrade gdk-pixbuf to 2.42.6 (mtpaint segfault thank ceel), backport patch for CVE-2022-48622
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Sun Jun 02 13:33:59 2024 +0000 (5 months ago) |
| parents | |
| children |
line source
1 diff --git a/gdk-pixbuf/io-ani.c b/gdk-pixbuf/io-ani.c
2 index c6c4642cf4490aaaa7ef78a2f20a6ec2ad169a61..cfafd7b1961b5cfad08475dc3cb5f5916277f33b 100644
3 --- a/gdk-pixbuf/io-ani.c
4 +++ b/gdk-pixbuf/io-ani.c
5 @@ -295,6 +295,23 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
7 if (context->chunk_id == TAG_anih)
8 {
9 + if (context->chunk_size < 36)
10 + {
11 + g_set_error_literal (error,
12 + GDK_PIXBUF_ERROR,
13 + GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
14 + _("Malformed chunk in animation"));
15 + return FALSE;
16 + }
17 + if (context->animation)
18 + {
19 + g_set_error_literal (error,
20 + GDK_PIXBUF_ERROR,
21 + GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
22 + _("Invalid header in animation"));
23 + return FALSE;
24 + }
25 +
26 context->HeaderSize = read_int32 (context);
27 context->NumFrames = read_int32 (context);
28 context->NumSteps = read_int32 (context);
29 @@ -436,7 +453,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
30 }
31 else if (context->chunk_id == TAG_INAM)
32 {
33 - if (!context->animation)
34 + if (!context->animation || context->title)
35 {
36 g_set_error_literal (error,
37 GDK_PIXBUF_ERROR,
38 @@ -463,7 +480,7 @@ ani_load_chunk (AniLoaderContext *context, GError **error)
39 }
40 else if (context->chunk_id == TAG_IART)
41 {
42 - if (!context->animation)
43 + if (!context->animation || context->author)
44 {
45 g_set_error_literal (error,
46 GDK_PIXBUF_ERROR,
47 diff --git a/tests/test-images/fail/CVE-2022-48622.ani b/tests/test-images/fail/CVE-2022-48622.ani
48 new file mode 100644
49 index 0000000000000000000000000000000000000000..276b5b989f1e9ec9185e49eb45f710ee38278eb2
50 Binary files /dev/null and b/tests/test-images/fail/CVE-2022-48622.ani differ