Package: imlib2 / 1.4.6-2+deb8u2

CVE-2014-9762.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
From: Markus Koschany <apo@debian.org>
Date: Mon, 21 Mar 2016 22:40:04 +0100
Subject: CVE-2014-9762

Fix segmentation fault on images without colormap.

Origin: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56
---
 src/modules/loaders/loader_gif.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c
index 45ff0b9..ff78d22 100644
--- a/src/modules/loaders/loader_gif.c
+++ b/src/modules/loaders/loader_gif.c
@@ -154,6 +154,19 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
              free(rows);
              return 0;
           }
+        if (!cmap)
+          {
+             /* No colormap? Now what?? Let's clear the image (and not segv) */
+             memset(im->data, 0, sizeof(DATA32) * w * h);
+             DGifCloseFile(gif);
+             for (i = 0; i < h; i++)
+               {
+                  free(rows[i]);
+               }
+               free(rows);
+               return 1;
+          }
+
         ptr = im->data;
         per_inc = 100.0 / (((float)w) * h);
         for (i = 0; i < h; i++)