Files
@ 76f27d7c2928
Branch filter:
Location: ohnobinki_overlay/media-libs/sdl-image/files/sdl-image-1.2.6-DOS.patch - annotation
76f27d7c2928
1.4 KiB
text/x-diff
net-irc/unrealircd: appended to the unrealircd-system-cares.patch to fix the prototype of a callback function in res.c
this should fix a segfault in unrealircd when clients connect. I have no idea how unrealircd didn't segfault when statically lunk because I don't think unrealircd changed the API of c-ares except to add a function that tells it config-info
this should fix a segfault in unrealircd when clients connect. I have no idea how unrealircd didn't segfault when statically lunk because I don't think unrealircd changed the API of c-ares except to add a function that tells it config-info
5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 5a1af5749a73 | --- trunk/SDL_image/IMG_gif.c 2007/02/13 10:09:17 2970
+++ trunk/SDL_image/IMG_gif.c 2007/12/28 16:43:56 3462
@@ -418,6 +418,10 @@
static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
register int i;
+ /* Fixed buffer overflow found by Michael Skladnikiewicz */
+ if (input_code_size > MAX_LWZ_BITS)
+ return -1;
+
if (flag) {
set_code_size = input_code_size;
code_size = set_code_size + 1;
--- trunk/SDL_image/IMG_lbm.c 2007/07/20 04:37:11 3341
+++ trunk/SDL_image/IMG_lbm.c 2008/01/03 20:05:34 3521
@@ -28,6 +28,7 @@
EHB and HAM (specific Amiga graphic chip modes) support added by Marc Le Douarain
(http://www.multimania.com/mavati) in December 2003.
Stencil and colorkey fixes by David Raulo (david.raulo AT free DOT fr) in February 2004.
+ Buffer overflow fix in RLE decompression by David Raulo in January 2008.
*/
#include <stdio.h>
@@ -328,7 +329,7 @@
count ^= 0xFF;
count += 2; /* now it */
- if ( !SDL_RWread( src, &color, 1, 1 ) )
+ if ( ( count > remainingbytes ) || !SDL_RWread( src, &color, 1, 1 ) )
{
error="error reading BODY chunk";
goto done;
@@ -339,7 +340,7 @@
{
++count;
- if ( !SDL_RWread( src, ptr, count, 1 ) )
+ if ( ( count > remainingbytes ) || !SDL_RWread( src, ptr, count, 1 ) )
{
error="error reading BODY chunk";
goto done;
|