File: CVE-2023-36308.patch

package info (click to toggle)
golang-github-disintegration-imaging 1.6.2-3
  • links: PTS, VCS
  • area: main
  • in suites: experimental, forky, sid, trixie
  • size: 2,548 kB
  • sloc: makefile: 3
file content (24 lines) | stat: -rw-r--r-- 882 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
 
From: Kovid Goyal <kovid@kovidgoyal.net>
Origin: other, https://github.com/disintegration/imaging/commit/68f6e7d85d4eded72af15aa66f93a74a7f4b8fcd
Bug: https://github.com/disintegration/imaging/issues/165
Bug-Debian: https://bugs.debian.org/1069062
Acked-by: Maytham Alsudany <maytham@debian.org>
Subject: [PATCH] Fix CVE-2023-36308

---
 scanner.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scanner.go b/scanner.go
index 37d92ce..84de2fc 100644
--- a/scanner.go
+++ b/scanner.go
@@ -18,7 +18,7 @@ func newScanner(img image.Image) *scanner {
 		h:     img.Bounds().Dy(),
 	}
 	if img, ok := img.(*image.Paletted); ok {
-		s.palette = make([]color.NRGBA, len(img.Palette))
+		s.palette = make([]color.NRGBA, max(256, len(img.Palette)))
 		for i := 0; i < len(img.Palette); i++ {
 			s.palette[i] = color.NRGBAModel.Convert(img.Palette[i]).(color.NRGBA)
 		}