[pkgsrc/trunk]: pkgsrc/graphics/gdk-pixbuf pull in boundary check from gdk2-p...

[drochner <drochner%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/b73ab766ca54
branches:  trunk
changeset: 591078:b73ab766ca54
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Wed Aug 03 10:01:25 2011 +0000

description:
pull in boundary check from gdk2-pixbuf to fix a possible buffer
overflow by invalid GIF images, see redhat bug#727081
bump PKGREV

diffstat:

 graphics/gdk-pixbuf/Makefile         |   4 ++--
 graphics/gdk-pixbuf/distinfo         |   4 ++--
 graphics/gdk-pixbuf/patches/patch-af |  13 ++++++++++++-
 3 files changed, 16 insertions(+), 5 deletions(-)

diffs (58 lines):

diff -r d220971e0acc -r b73ab766ca54 graphics/gdk-pixbuf/Makefile
--- a/graphics/gdk-pixbuf/Makefile      Wed Aug 03 09:30:48 2011 +0000
+++ b/graphics/gdk-pixbuf/Makefile      Wed Aug 03 10:01:25 2011 +0000
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.42 2011/04/22 13:42:11 obache Exp $
+# $NetBSD: Makefile,v 1.43 2011/08/03 10:01:25 drochner Exp $
 #
 PKG_DESTDIR_SUPPORT=   user-destdir
 
 .include "Makefile.common"
 
-PKGREVISION=   14
+PKGREVISION=   15
 COMMENT=       The GNOME image loading library
 
 # XXX hopefully there is no x.gnome-config.x in PATH
diff -r d220971e0acc -r b73ab766ca54 graphics/gdk-pixbuf/distinfo
--- a/graphics/gdk-pixbuf/distinfo      Wed Aug 03 09:30:48 2011 +0000
+++ b/graphics/gdk-pixbuf/distinfo      Wed Aug 03 10:01:25 2011 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.21 2011/01/19 12:45:22 ryoon Exp $
+$NetBSD: distinfo,v 1.22 2011/08/03 10:01:25 drochner Exp $
 
 SHA1 (gdk-pixbuf-0.22.0.tar.bz2) = 495324afb5abebc14567ffd5a6cd72333bcc7f5b
 RMD160 (gdk-pixbuf-0.22.0.tar.bz2) = 0e56a0f883fd8e3fb4d49b9a38f984b95cd96ece
@@ -8,7 +8,7 @@
 SHA1 (patch-ac) = 16fc33898fc1cb10b3e11ee26e7ea046d1f68032
 SHA1 (patch-ad) = 5c834eceaea7cef2ae964bba586c1e90ea4d0684
 SHA1 (patch-ae) = 8331a216051cd1bbfbeee7d2b54ab9e51be6f38d
-SHA1 (patch-af) = af8bf66d1cc445bdf7affaa119fd4c24e96e53c7
+SHA1 (patch-af) = f24e32ffa74ba14717c8e779a282803734e6fb17
 SHA1 (patch-ag) = 387e1f3f96f53a1afe21ab3a419b729125f269fb
 SHA1 (patch-ah) = 37df772bd4c818eb2dd567169598436467ea4f1c
 SHA1 (patch-ai) = 33e6c261933028472ce722b086280518cd1ac915
diff -r d220971e0acc -r b73ab766ca54 graphics/gdk-pixbuf/patches/patch-af
--- a/graphics/gdk-pixbuf/patches/patch-af      Wed Aug 03 09:30:48 2011 +0000
+++ b/graphics/gdk-pixbuf/patches/patch-af      Wed Aug 03 10:01:25 2011 +0000
@@ -1,4 +1,4 @@
-$NetBSD: patch-af,v 1.1 2005/01/15 00:10:41 cube Exp $
+$NetBSD: patch-af,v 1.2 2011/08/03 10:01:25 drochner Exp $
 
 --- gdk-pixbuf/io-gif.c.orig   2002-12-18 19:49:01.000000000 +0000
 +++ gdk-pixbuf/io-gif.c
@@ -11,3 +11,14 @@
                return;
  
        /* The frame is completely off-bounds */
+@@ -944,6 +944,10 @@ gif_prepare_lzw (GifContext *context)
+               return -1;
+       }
+ 
++      if (context->lzw_set_code_size > MAX_LZW_BITS) {
++              return -1;
++      }
++
+       context->lzw_code_size = context->lzw_set_code_size + 1;
+       context->lzw_clear_code = 1 << context->lzw_set_code_size;
+       context->lzw_end_code = context->lzw_clear_code + 1;