diff options
Diffstat (limited to 'net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch')
-rw-r--r-- | net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch new file mode 100644 index 000000000000..843456f2eebd --- /dev/null +++ b/net-print/cups/files/cups-1.4.8-CVE-2011-2896.patch @@ -0,0 +1,37 @@ +Source: Upstream http://cups.org/str.php?L3914 +Reason: Avoid GIF reader loop (CVE-2011-2896) +Upstream: Fixed in trunk + +diff -up cups-1.4.8/filter/image-gif.c.CVE-2011-2896 cups-1.4.8/filter/image-gif.c +--- cups-1.4.8/filter/image-gif.c.CVE-2011-2896 2011-06-20 21:37:51.000000000 +0100 ++++ cups-1.4.8/filter/image-gif.c 2011-08-19 11:33:37.547911212 +0100 +@@ -648,11 +648,13 @@ gif_read_lzw(FILE *fp, /* I - File to + + if (code == max_code) + { +- *sp++ = firstcode; +- code = oldcode; ++ if (sp < (stack + 8192)) ++ *sp++ = firstcode; ++ ++ code = oldcode; + } + +- while (code >= clear_code) ++ while (code >= clear_code && sp < (stack + 8192)) + { + *sp++ = table[1][code]; + if (code == table[0][code]) +@@ -661,8 +663,10 @@ gif_read_lzw(FILE *fp, /* I - File to + code = table[0][code]; + } + +- *sp++ = firstcode = table[1][code]; +- code = max_code; ++ if (sp < (stack + 8192)) ++ *sp++ = firstcode = table[1][code]; ++ ++ code = max_code; + + if (code < 4096) + { |