Package: imlib2 / 1.4.6-2+deb8u2

CVE-2014-9764.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
From: Markus Koschany <apo@debian.org>
Date: Mon, 21 Mar 2016 22:41:45 +0100
Subject: CVE-2014-9764

Fix segfault when opening specially crafted input with feh.

Origin: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49
---
 src/modules/loaders/loader_gif.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c
index ff78d22..bf26da3 100644
--- a/src/modules/loaders/loader_gif.c
+++ b/src/modules/loaders/loader_gif.c
@@ -136,6 +136,11 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
      {
         UNSET_FLAG(im->flags, F_HAS_ALPHA);
      }
+   if (!rows)
+     {
+        DGifCloseFile(gif);
+        return 0;
+     }
    /* set the format string member to the lower-case full extension */
    /* name for the format - so example names would be: */
    /* "png", "jpeg", "tiff", "ppm", "pgm", "pbm", "gif", "xpm" ... */