rpms/SDL_image/devel SDL_image-buffer-overflow.patch, NONE, 1.1 SDL_image.spec, 1.14, 1.15

Brian Pepple (bpepple) fedora-extras-commits at redhat.com
Fri Jan 25 14:50:06 UTC 2008 

Author: bpepple

Update of /cvs/pkgs/rpms/SDL_image/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv5061

Modified Files:
	SDL_image.spec 
Added Files:
	SDL_image-buffer-overflow.patch 
Log Message:
* Thu Jan 24 2008 Brian Pepple <bpepple at fedoraproject.org> - 1.2.6-4
- Add patch to fix buffer-overflow. (#430238)


SDL_image-buffer-overflow.patch:

--- NEW FILE SDL_image-buffer-overflow.patch ---
--- trunk/SDL_image/IMG_gif.c	2007/12/28 08:17:23	3461
+++ trunk/SDL_image/IMG_gif.c	2007/12/28 16:43:56	3462
@@ -418,6 +418,10 @@
     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
     register int i;
 
+    /* Fixed buffer overflow found by Michael Skladnikiewicz */
+    if (input_code_size > MAX_LWZ_BITS)
+        return -1;
+
     if (flag) {
 	set_code_size = input_code_size;
 	code_size = set_code_size + 1;


Index: SDL_image.spec
===================================================================
RCS file: /cvs/pkgs/rpms/SDL_image/devel/SDL_image.spec,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- SDL_image.spec	21 Aug 2007 17:27:51 -0000	1.14
+++ SDL_image.spec	25 Jan 2008 14:49:23 -0000	1.15
@@ -1,12 +1,13 @@
 Name:		SDL_image
 Version:	1.2.6
-Release:	3%{?dist}
+Release:	4%{?dist}
 Summary:	Image loading library for SDL
 
 Group:		System Environment/Libraries
 License:	LGPLv2+
 URL:		http://www.libsdl.org/projects/SDL_image/
 Source0:	http://www.libsdl.org/projects/%{name}/release/%{name}-%{version}.tar.gz
+Patch0:		%{name}-buffer-overflow.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires: 	SDL-devel >= 1.2.10
@@ -36,7 +37,7 @@
 
 %prep
 %setup -q
-
+%patch0 -p2 -b .overflow
 
 %build
 # XCF support is crashy in 1.2.4
@@ -82,6 +83,9 @@
 
 
 %changelog
+* Thu Jan 24 2008 Brian Pepple <bpepple at fedoraproject.org> - 1.2.6-4
+- Add patch to fix buffer-overflow. (#430238)
+
 * Tue Aug 21 2007 Brian Pepple <bpepple at fedoraproject.org> - 1.2.6-3
 - Rebuild.

More information about the fedora-extras-commits mailing list