Files
@ 2bc57e31aaf1
Branch filter:
Location: ohnobinki_overlay/media-libs/sdl-image/files/sdl-image-1.2.6-DOS.patch - annotation
2bc57e31aaf1
1.4 KiB
text/x-diff
dev-lang/squirrel: import from sunrise
5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 | --- trunk/SDL_image/IMG_gif.c 2007/02/13 10:09:17 2970
+++ trunk/SDL_image/IMG_gif.c 2007/12/28 16:43:56 3462
@@ -418,6 +418,10 @@
static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
register int i;
+ /* Fixed buffer overflow found by Michael Skladnikiewicz */
+ if (input_code_size > MAX_LWZ_BITS)
+ return -1;
+
if (flag) {
set_code_size = input_code_size;
code_size = set_code_size + 1;
--- trunk/SDL_image/IMG_lbm.c 2007/07/20 04:37:11 3341
+++ trunk/SDL_image/IMG_lbm.c 2008/01/03 20:05:34 3521
@@ -28,6 +28,7 @@
EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
(http://www.multimania.com/mavati) in December 2003.
Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
+ Buffer overflow fix in RLE decompression by David Raulo in January 2008.
*/
#include <stdio.h>
@@ -328,7 +329,7 @@
count ^= 0xFF;
count += 2; /* now it */
- if ( !SDL_RWread( src, &color, 1, 1 ) )
+ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
{
error="error reading BODY chunk";
goto done;
@@ -339,7 +340,7 @@
{
++count;
- if ( !SDL_RWread( src, ptr, count, 1 ) )
+ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
{
error="error reading BODY chunk";
goto done;
|