[freeimage] 01/07: Fix CVE-2016-5864: apply patch from wheezy-security.

Ghislain Vaillant ghisvail-guest at moszumanska.debian.org
Mon Oct 10 14:18:31 UTC 2016 

This is an automated email from the git hooks/post-receive script.

ghisvail-guest pushed a commit to branch master
in repository freeimage.

commit e36d16e72a452e0f20ec661a894e26b2e3c0f4de
Author: Ghislain Antony Vaillant <ghisvail at gmail.com>
Date:   Mon Oct 10 08:25:22 2016 +0100

    Fix CVE-2016-5864: apply patch from wheezy-security.
    
    Gbp-Dch: short
    Closes: #839827
    Thanks: Salvatore Bonaccorso, Balint Reczey and Chris Lamb
---
 debian/patches/Fix-CVE-2016-5684.patch | 34 ++++++++++++++++++++++++++++++++++
 debian/patches/series                  |  1 +
 2 files changed, 35 insertions(+)

diff --git a/debian/patches/Fix-CVE-2016-5684.patch b/debian/patches/Fix-CVE-2016-5684.patch
new file mode 100644
index 0000000..2fc02d7
--- /dev/null
+++ b/debian/patches/Fix-CVE-2016-5684.patch
@@ -0,0 +1,34 @@
+From: Debian Science Maintainers
+ <debian-science-maintainers at lists.alioth.debian.org>
+Date: Mon, 10 Oct 2016 08:22:44 +0100
+Subject: CVE-2016-5684
+
+---
+ Source/FreeImage/PluginXPM.cpp | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/Source/FreeImage/PluginXPM.cpp b/Source/FreeImage/PluginXPM.cpp
+index a698321..cc7bd07 100644
+--- a/Source/FreeImage/PluginXPM.cpp
++++ b/Source/FreeImage/PluginXPM.cpp
+@@ -181,6 +181,11 @@ Load(FreeImageIO *io, fi_handle handle, int page, int flags, void *data) {
+ 		}
+ 		free(str);
+ 
++		// check info string
++		if((width <= 0) || (height <= 0) || (colors <= 0) || (cpp <= 0)) {
++			throw "Improperly formed info string";
++		}
++
+         if (colors > 256) {
+ 			dib = FreeImage_AllocateHeader(header_only, width, height, 24, FI_RGBA_RED_MASK, FI_RGBA_GREEN_MASK, FI_RGBA_BLUE_MASK);
+ 		} else {
+@@ -193,7 +198,7 @@ Load(FreeImageIO *io, fi_handle handle, int page, int flags, void *data) {
+ 			FILE_RGBA rgba;
+ 
+ 			str = ReadString(io, handle);
+-			if(!str)
++			if(!str || (strlen(str) < (size_t)cpp))
+ 				throw "Error reading color strings";
+ 
+ 			std::string chrs(str,cpp); //create a string for the color chars using the first cpp chars
diff --git a/debian/patches/series b/debian/patches/series
index f756876..dc77e78 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ Fix-missing-cstdio-include-in-testsuite.patch
 Fix-endianness-detection.patch
 Fix-CVE-2015-0852.patch
 Fix-encoding-of-fi-header.patch
+Fix-CVE-2016-5684.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-science/packages/freeimage.git

More information about the debian-science-commits mailing list