MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

gdk-pixbuf: Security fix CVE-2015-7674

Browse Source 
CVE-2015-7674 Heap overflow with a gif file in gdk-pixbuf < 2.32.1

(From OE-Core master rev: f2b16d0f9c3ad67fdf63e9e41f42a6d54f1043e4)

(From OE-Core rev: 50602eebe1150819c320b6b611dcd792573eb55a)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Armin Kuster 2016-01-31 07:14:33 -08:00 committed by Richard Purdie
parent d192c62891
commit 2f9a715583
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2015-7674.patch Normal file
View File

@ -0,0 +1,39 @@
From e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa Mon Sep 17 00:00:00 2001
From: Benjamin Otte <otte@redhat.com>
Date: Tue, 22 Sep 2015 22:44:51 +0200
Subject: [PATCH] pixops: Don't overflow variables when shifting them
If we shift by 16 bits we need to be sure those 16 bits actually exist.
They do now.
Upstream-status: Backport
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa
CVE: CVE-2015-7674
Signed-off-by: Armin Kuster <akuster@mvista.com>
---
gdk-pixbuf/pixops/pixops.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
Index: gdk-pixbuf-2.30.8/gdk-pixbuf/pixops/pixops.c
===================================================================
--- gdk-pixbuf-2.30.8.orig/gdk-pixbuf/pixops/pixops.c
+++ gdk-pixbuf-2.30.8/gdk-pixbuf/pixops/pixops.c
@@ -264,11 +264,11 @@ pixops_scale_nearest (guchar *des
double scale_x,
double scale_y)
{
- int i;
- int x;
- int x_step = (1 << SCALE_SHIFT) / scale_x;
- int y_step = (1 << SCALE_SHIFT) / scale_y;
- int xmax, xstart, xstop, x_pos, y_pos;
+ gint64 i;
+ gint64 x;
+ gint64 x_step = (1 << SCALE_SHIFT) / scale_x;
+ gint64 y_step = (1 << SCALE_SHIFT) / scale_y;
+ gint64 xmax, xstart, xstop, x_pos, y_pos;
const guchar *p;
#define INNER_LOOP(SRC_CHANNELS,DEST_CHANNELS,ASSIGN_PIXEL) \

1
meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.30.8.bb
View File

@ -19,6 +19,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://run-ptest \
file://fatal-loader.patch \
file://0001-pixops-Be-more-careful-about-integer-overflow.patch \
file://CVE-2015-7674.patch \
"
SRC_URI[md5sum] = "4fed0d54432f1b69fc6e66e608bd5542"