fix overflow bug #346501

(Portage version: 2.1.9.25/cvs/Linux i686)

3 files changed, 72 insertions, 1 deletions

diff --git a/media-gfx/gif2png/ChangeLog b/media-gfx/gif2png/ChangeLog
index 8fdb7c840dff..9fd553bc7a04 100644
--- a/media-gfx/gif2png/ChangeLog
+++ b/media-gfx/gif2png/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-gfx/gif2png
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/gif2png/ChangeLog,v 1.17 2010/01/07 22:08:36 fauli Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gif2png/ChangeLog,v 1.18 2010/12/03 09:41:07 maekke Exp $
+
+*gif2png-2.5.1-r1 (03 Dec 2010)
+
+  03 Dec 2010; Markus Meier <maekke@gentoo.org> +gif2png-2.5.1-r1.ebuild,
+  +files/gif2png-2.5.1-overflow.patch:
+  fix overflow bug #346501
 
   07 Jan 2010; Christian Faulhammer <fauli@gentoo.org> gif2png-2.5.1.ebuild:
   Transfer Prefix keywords
diff --git a/media-gfx/gif2png/files/gif2png-2.5.1-overflow.patch b/media-gfx/gif2png/files/gif2png-2.5.1-overflow.patch
new file mode 100644
index 000000000000..aff1e588e208
--- /dev/null
+++ b/media-gfx/gif2png/files/gif2png-2.5.1-overflow.patch
@@ -0,0 +1,36 @@
+Fixes cmdline buffer overflow described in
+
+http://lists.grok.org.uk/pipermail/full-disclosure/2009-December/072002.html
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550978
+
+Index: gif2png-2.5.3/gif2png.c
+===================================================================
+--- gif2png-2.5.3.orig/gif2png.c
++++ gif2png-2.5.3/gif2png.c
+@@ -675,7 +675,10 @@ int processfile(char *fname, FILE *fp)
+ 
+     strcpy(outname, fname);
+ 
+-    file_ext = outname+strlen(outname)-4;
++    file_ext = outname+strlen(outname);
++    if (file_ext >= outname + 4)
++	file_ext -= 4;
++
+     if (strcmp(file_ext, ".gif") != 0 && strcmp(file_ext, ".GIF") != 0 &&
+ 	strcmp(file_ext, "_gif") != 0 && strcmp(file_ext, "_GIF") != 0) {
+ 	/* try to derive basename */
+@@ -863,6 +866,14 @@ int main(int argc, char *argv[])
+ 	}
+     } else {
+ 	for (i = ac;i<argc; i++) {
++	    /* make sure that there is enough space for a '.p<NUM>' suffix;
++	       this check catches also the '.gif' case below. */
++	    if (strlen(argv[i]) >= sizeof name - sizeof ".p" - 3 * sizeof(int)) {
++		fprintf(stderr, "%s: name too long\n", argv[i]);
++		errors = 1;
++		continue;
++	    }
++
+ 	    strcpy(name, argv[i]);
+ 	    if ((fp = fopen(name, "rb")) == NULL) {
+ 		/* retry with .gif appended */
diff --git a/media-gfx/gif2png/gif2png-2.5.1-r1.ebuild b/media-gfx/gif2png/gif2png-2.5.1-r1.ebuild
new file mode 100644
index 000000000000..5f5712959225
--- /dev/null
+++ b/media-gfx/gif2png/gif2png-2.5.1-r1.ebuild
@@ -0,0 +1,29 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/gif2png/gif2png-2.5.1-r1.ebuild,v 1.1 2010/12/03 09:41:07 maekke Exp $
+
+inherit eutils
+
+DESCRIPTION="Converts images from gif format to png format"
+HOMEPAGE="http://catb.org/~esr/gif2png/"
+SRC_URI="http://catb.org/~esr/${PN}/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos"
+IUSE=""
+
+DEPEND="media-libs/libpng"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	# bug 139338 - gif2png won't compile with libpng-1.2.12
+	epatch "${FILESDIR}"/${P}-libpng.patch
+	epatch "${FILESDIR}"/${P}-overflow.patch
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die
+	dodoc AUTHORS ChangeLog NEWS README
+}