1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From: lumi <lumi@suwi.moe>
Date: Sat, 7 Jun 2025 22:27:06 +0200
Subject: lzw: Fix reporting of bytes written in decoder
When the LZW decoder encounters an invalid code, it stops
processing the image and returns the whole buffer size.
It should return the amount of bytes written, instead.
Bug: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/257
Bug-CVE: https://security-tracker.debian.org/tracker/CVE-2025-6199
Bug-Debian: https://bugs.debian.org/1107994
Origin: upstream, 2.43.2, commit:c4986342b241cdc075259565f3fa7a7597d32a32
---
gdk-pixbuf/lzw.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
index 1529356..4f3dd8b 100644
--- a/gdk-pixbuf/lzw.c
+++ b/gdk-pixbuf/lzw.c
@@ -208,7 +208,7 @@ lzw_decoder_feed (LZWDecoder *self,
/* Invalid code received - just stop here */
if (self->code >= self->code_table_size) {
self->last_code = self->eoi_code;
- return output_length;
+ return n_written;
}
/* Convert codeword into indexes */
|
