Package: htmldoc / 1.9.11-4+deb11u3

CVE-2022-0534-1.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
commit 776cf0fc4c760f1fb7b966ce28dc92dd7d44ed50
Author: Michael R Sweet <michael.r.sweet@gmail.com>
Date:   Fri Jan 7 10:21:58 2022 -0500

    Fix potential stack overflow with GIF images (Issue #463)

Index: htmldoc-1.9.11/htmldoc/image.cxx
===================================================================
--- htmldoc-1.9.11.orig/htmldoc/image.cxx	2022-02-26 01:11:08.773261658 +0100
+++ htmldoc-1.9.11/htmldoc/image.cxx	2022-02-26 01:11:08.773261658 +0100
@@ -213,8 +213,7 @@
 
     if (done)
     {
-      progress_error(HD_ERROR_READ_ERROR,
-                     "Not enough data left to read GIF compression code.");
+      progress_error(HD_ERROR_READ_ERROR, "Not enough data left to read GIF compression code.");
       return (-1);	/* Sorry, no more... */
     }
 
@@ -238,7 +237,7 @@
     * Read in another buffer...
     */
 
-    if ((count = gif_get_block (fp, buf + last_byte)) <= 0)
+    if ((count = gif_get_block(fp, buf + last_byte)) <= 0)
     {
      /*
       * Whoops, no more data!
@@ -252,7 +251,7 @@
     * Update buffer state...
     */
 
-    curbit    = (curbit - lastbit) + 8 * last_byte;
+    curbit    = curbit + 8 * last_byte - lastbit;
     last_byte += (unsigned)count;
     lastbit   = last_byte * 8;
   }