SOURCES: SDL_image-buffer-overflow.patch (NEW) - CVE-2007-6697 (st...

sls Thu, 27 Mar 2008 18:48:38 -0700

Author: sls                          Date: Fri Mar 28 01:58:27 2008 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- CVE-2007-6697 (stolen from Fedora; #430238)


---- Files affected:
SOURCES:
   SDL_image-buffer-overflow.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/SDL_image-buffer-overflow.patch
diff -u /dev/null SOURCES/SDL_image-buffer-overflow.patch:1.1
--- /dev/null   Fri Mar 28 02:58:27 2008
+++ SOURCES/SDL_image-buffer-overflow.patch     Fri Mar 28 02:58:22 2008
@@ -0,0 +1,13 @@
+--- trunk/SDL_image/IMG_gif.c  2007/12/28 08:17:23     3461
++++ trunk/SDL_image/IMG_gif.c  2007/12/28 16:43:56     3462
+@@ -418,6 +418,10 @@
+     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
+     register int i;
+ 
++    /* Fixed buffer overflow found by Michael Skladnikiewicz */
++    if (input_code_size > MAX_LWZ_BITS)
++        return -1;
++
+     if (flag) {
+       set_code_size = input_code_size;
+       code_size = set_code_size + 1;
================================================================
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit

SOURCES: SDL_image-buffer-overflow.patch (NEW) - CVE-2007-6697 (st...

Reply via email to