rpms/gif2png/F-12 gif2png.spec, 1.11, 1.12 gif2png-overflow.patch, 1.2, 1.3
ensc
ensc at fedoraproject.org
Tue Jan 5 19:52:37 UTC 2010
Author: ensc
Update of /cvs/extras/rpms/gif2png/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv3316/F-12
Modified Files:
gif2png.spec gif2png-overflow.patch
Log Message:
- catch another possible overflow when appending a numbered suffix
(detected to Tomas Hoger)
Index: gif2png.spec
===================================================================
RCS file: /cvs/extras/rpms/gif2png/F-12/gif2png.spec,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -p -r1.11 -r1.12
--- gif2png.spec 2 Jan 2010 11:35:32 -0000 1.11
+++ gif2png.spec 5 Jan 2010 19:52:37 -0000 1.12
@@ -3,7 +3,7 @@
Summary: A GIF to PNG converter
Name: gif2png
Version: 2.5.1
-Release: %release_func 1201
+Release: %release_func 1202
License: BSD
Group: Applications/Multimedia
URL: http://www.catb.org/~esr/gif2png/
@@ -77,6 +77,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Tue Jan 5 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 2.5.1-1202
+- catch another possible overflow when appending a numbered suffix
+ (detected to Tomas Hoger)
+
* Sat Jan 2 2010 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 2.5.1-1201
- changed -overflow patch to abort on bad filenames instead of
processing truncated ones
gif2png-overflow.patch:
gif2png.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
Index: gif2png-overflow.patch
===================================================================
RCS file: /cvs/extras/rpms/gif2png/F-12/gif2png-overflow.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -p -r1.2 -r1.3
--- gif2png-overflow.patch 2 Jan 2010 11:35:32 -0000 1.2
+++ gif2png-overflow.patch 5 Jan 2010 19:52:37 -0000 1.3
@@ -19,11 +19,13 @@ Index: gif2png-2.5.2/gif2png.c
if (strcmp(file_ext, ".gif") != 0 && strcmp(file_ext, ".GIF") != 0 &&
strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) {
/* try to derive basename */
-@@ -874,6 +877,12 @@ int main(int argc, char *argv[])
+@@ -874,6 +877,14 @@ int main(int argc, char *argv[])
}
} else {
for (i = ac;i<argc; i++) {
-+ if (strlen(argv[i]) >= sizeof name - sizeof ".gif") {
++ /* make sure that there is enough space for a '.p<NUM>' suffix;
++ this check catches also the '.gif' case below. */
++ if (strlen(argv[i]) >= sizeof name - sizeof ".p" - 3 * sizeof(int)) {
+ fprintf(stderr, "%s: name too long\n", argv[i]);
+ errors = 1;
+ continue;
More information about the fedora-extras-commits
mailing list