File: 78_CVE-2008-3639.dpatch

package info (click to toggle)
cupsys 1.2.7-4%2Betch9
  • links: PTS
  • area: main
  • in suites: etch
  • size: 20,436 kB
  • ctags: 10,404
  • sloc: ansic: 97,130; cpp: 49,167; java: 6,199; sh: 4,723; makefile: 1,918; lisp: 232; perl: 145; python: 119; php: 28
file content (43 lines) | stat: -rw-r--r-- 1,256 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
#! /bin/sh /usr/share/dpatch/dpatch-run
## CVE-2008-3639_sgi_filter_overflow.dpatch by Martin Pitt <mpitt@debian.org>
##
## DP: Fix buffer overflow due to unchecked boundary in the SGI filter.
## DP: (CVE-2008-3639, STR #2918)
@DPATCH@
diff -urNad lenny~/filter/image-sgilib.c lenny/filter/image-sgilib.c
--- lenny~/filter/image-sgilib.c	2008-07-12 00:48:49.000000000 +0200
+++ lenny/filter/image-sgilib.c	2008-10-08 09:07:25.000000000 +0200
@@ -640,13 +640,14 @@
     if (ch & 128)
     {
       for (i = 0; i < count; i ++, row ++, xsize --, length ++)
-        *row = getc(fp);
+        if (xsize > 0)
+	  *row = getc(fp);
     }
     else
     {
       ch = getc(fp);
       length ++;
-      for (i = 0; i < count; i ++, row ++, xsize --)
+      for (i = 0; i < count && xsize > 0; i ++, row ++, xsize --)
         *row = ch;
     }
   }
@@ -685,13 +686,14 @@
     if (ch & 128)
     {
       for (i = 0; i < count; i ++, row ++, xsize --, length ++)
-        *row = getshort(fp);
+        if (xsize > 0)
+	  *row = getshort(fp);
     }
     else
     {
       ch = getshort(fp);
       length ++;
-      for (i = 0; i < count; i ++, row ++, xsize --)
+      for (i = 0; i < count && xsize > 0; i ++, row ++, xsize --)
         *row = ch;
     }
   }