pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/x11/kdelibs3 fix buffer overflow by corrupt PCX files,...
details: https://anonhg.NetBSD.org/pkgsrc/rev/544432878750
branches: trunk
changeset: 492426:544432878750
user: drochner <drochner%pkgsrc.org@localhost>
date: Tue Apr 12 11:00:03 2005 +0000
description:
fix buffer overflow by corrupt PCX files, leading to crashes or code
injection, see http://bugs.kde.org/show_bug.cgi?id=102328
bump PKGREVISION
diffstat:
x11/kdelibs3/Makefile | 3 +-
x11/kdelibs3/distinfo | 9 +-
x11/kdelibs3/patches/patch-da | 13 ++
x11/kdelibs3/patches/patch-db | 16 +++
x11/kdelibs3/patches/patch-dc | 44 +++++++++
x11/kdelibs3/patches/patch-dd | 14 ++
x11/kdelibs3/patches/patch-de | 197 ++++++++++++++++++++++++++++++++++++++++++
x11/kdelibs3/patches/patch-df | 22 ++++
x11/kdelibs3/patches/patch-dg | 13 ++
9 files changed, 329 insertions(+), 2 deletions(-)
diffs (truncated from 379 to 300 lines):
diff -r c852c5f09dd1 -r 544432878750 x11/kdelibs3/Makefile
--- a/x11/kdelibs3/Makefile Tue Apr 12 10:13:36 2005 +0000
+++ b/x11/kdelibs3/Makefile Tue Apr 12 11:00:03 2005 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.80 2005/04/11 21:48:11 tv Exp $
+# $NetBSD: Makefile,v 1.81 2005/04/12 11:00:03 drochner Exp $
DISTNAME= kdelibs-${_KDE_VERSION}
+PKGREVISION= 1
CATEGORIES= x11
COMMENT= Support libraries for the KDE integrated X11 desktop
diff -r c852c5f09dd1 -r 544432878750 x11/kdelibs3/distinfo
--- a/x11/kdelibs3/distinfo Tue Apr 12 10:13:36 2005 +0000
+++ b/x11/kdelibs3/distinfo Tue Apr 12 11:00:03 2005 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.52 2005/03/23 21:37:48 markd Exp $
+$NetBSD: distinfo,v 1.53 2005/04/12 11:00:03 drochner Exp $
SHA1 (kdelibs-3.4.0.tar.bz2) = ca3ded4105a500dae5170ccf85cd62af98b33961
RMD160 (kdelibs-3.4.0.tar.bz2) = 75917f60d115d770b5a8aa3922591e118c6bfdf0
@@ -18,3 +18,10 @@
SHA1 (patch-ce) = e9f7a348b0e4be1475ba8f56a8b474f139eb7781
SHA1 (patch-cf) = 0409b64ee00f355bfc2056e596b519a241fcf522
SHA1 (patch-cg) = e68fc3f4147b1c4760669318319e59bcf67cea51
+SHA1 (patch-da) = f84186eb73af08023f7d9960c2086a60d5042e14
+SHA1 (patch-db) = 3235276a2aad256e59d2c83d49785cb672433abc
+SHA1 (patch-dc) = c4976f2883d35d7dd366c356eeac07d17d672068
+SHA1 (patch-dd) = 161bf22a8e4178fd01e08f98be3a6534a6c74895
+SHA1 (patch-de) = 6765fbda3d248e164d5694fe54fb85c7a28d6a34
+SHA1 (patch-df) = 4c7c73e8942e6842f58420bbe5b9491e7116002d
+SHA1 (patch-dg) = de05b75ab2f7d41fb0feaccd74cb460ef8a3412c
diff -r c852c5f09dd1 -r 544432878750 x11/kdelibs3/patches/patch-da
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-da Tue Apr 12 11:00:03 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-da,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/exr.cpp.orig 2004-11-22 04:48:27.000000000 +0100
++++ kimgio/exr.cpp
+@@ -136,6 +136,8 @@ KDE_EXPORT void kimgio_exr_read( QImageI
+ file.readPixels (dw.min.y, dw.max.y);
+
+ QImage image(width, height, 32, 0, QImage::BigEndian);
++ if( image.isNull())
++ return;
+
+ // somehow copy pixels into image
+ for ( int y=0; y < height; y++ ) {
diff -r c852c5f09dd1 -r 544432878750 x11/kdelibs3/patches/patch-db
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-db Tue Apr 12 11:00:03 2005 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-db,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/jp2.cpp.orig 2004-11-22 04:48:27.000000000 +0100
++++ kimgio/jp2.cpp
+@@ -157,8 +157,9 @@ namespace {
+ void
+ draw_view_gray( gs_t& gs, QImage& qti )
+ {
+- qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ),
+- 8, 256 );
++ if( !qti.create( jas_image_width( gs.image ), jas_image_height( gs.image ),
++ 8, 256 ))
++ return;
+ for( int i = 0; i < 256; ++i )
+ qti.setColor( i, qRgb( i, i, i ) );
+
diff -r c852c5f09dd1 -r 544432878750 x11/kdelibs3/patches/patch-dc
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-dc Tue Apr 12 11:00:03 2005 +0000
@@ -0,0 +1,44 @@
+$NetBSD: patch-dc,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/pcx.cpp.orig 2004-11-22 04:48:27.000000000 +0100
++++ kimgio/pcx.cpp
+@@ -134,7 +134,8 @@ static void readImage1( QDataStream &s )
+ {
+ QByteArray buf( header.BytesPerLine );
+
+- img.create( w, h, 1, 2, QImage::BigEndian );
++ if( !img.create( w, h, 1, 2, QImage::BigEndian ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
+@@ -160,7 +161,8 @@ static void readImage4( QDataStream &s )
+ QByteArray buf( header.BytesPerLine*4 );
+ QByteArray pixbuf( w );
+
+- img.create( w, h, 8, 16, QImage::IgnoreEndian );
++ if( !img.create( w, h, 8, 16, QImage::IgnoreEndian ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
+@@ -196,7 +198,8 @@ static void readImage8( QDataStream &s )
+ {
+ QByteArray buf( header.BytesPerLine );
+
+- img.create( w, h, 8, 256, QImage::IgnoreEndian );
++ if( !img.create( w, h, 8, 256, QImage::IgnoreEndian ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
+@@ -236,7 +239,8 @@ static void readImage24( QDataStream &s
+ QByteArray g_buf( header.BytesPerLine );
+ QByteArray b_buf( header.BytesPerLine );
+
+- img.create( w, h, 32 );
++ if( !img.create( w, h, 32 ))
++ return;
+
+ for ( int y=0; y<h; ++y )
+ {
diff -r c852c5f09dd1 -r 544432878750 x11/kdelibs3/patches/patch-dd
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-dd Tue Apr 12 11:00:03 2005 +0000
@@ -0,0 +1,14 @@
+$NetBSD: patch-dd,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/tiffr.cpp.orig 2004-11-22 04:52:18.000000000 +0100
++++ kimgio/tiffr.cpp
+@@ -84,6 +84,9 @@ KDE_EXPORT void kimgio_tiff_read( QImage
+ return;
+
+ QImage image( width, height, 32 );
++ if( image.isNull()) {
++ return;
++ }
+ data = (uint32 *)image.bits();
+
+ //Sven: changed to %ld for 64bit machines
diff -r c852c5f09dd1 -r 544432878750 x11/kdelibs3/patches/patch-de
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/kdelibs3/patches/patch-de Tue Apr 12 11:00:03 2005 +0000
@@ -0,0 +1,197 @@
+$NetBSD: patch-de,v 1.1 2005/04/12 11:00:03 drochner Exp $
+
+--- kimgio/xcf.cpp.orig 2004-11-22 04:48:27.000000000 +0100
++++ kimgio/xcf.cpp
+@@ -401,7 +401,8 @@ bool XCFImageFormat::loadLayer(QDataStre
+ // Allocate the individual tile QImages based on the size and type
+ // of this layer.
+
+- composeTiles(xcf_image);
++ if( !composeTiles(xcf_image))
++ return false;
+ xcf_io.device()->at(layer.hierarchy_offset);
+
+ // As tiles are loaded, they are copied into the layers tiles by
+@@ -425,7 +426,8 @@ bool XCFImageFormat::loadLayer(QDataStre
+ // of the QImage.
+
+ if (!xcf_image.initialized) {
+- initializeImage(xcf_image);
++ if( !initializeImage(xcf_image))
++ return false;
+ copyLayerToImage(xcf_image);
+ xcf_image.initialized = true;
+ } else
+@@ -516,7 +518,7 @@ bool XCFImageFormat::loadLayerProperties
+ * QImage structures for each of them.
+ * \param xcf_image contains the current layer.
+ */
+-void XCFImageFormat::composeTiles(XCFImage& xcf_image)
++bool XCFImageFormat::composeTiles(XCFImage& xcf_image)
+ {
+ Layer& layer(xcf_image.layer);
+
+@@ -556,48 +558,67 @@ void XCFImageFormat::composeTiles(XCFIma
+ switch (layer.type) {
+ case RGB_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 32, 0);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ layer.image_tiles[j][i].setAlphaBuffer(false);
+ break;
+
+ case RGBA_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 32, 0);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ layer.image_tiles[j][i].setAlphaBuffer(true);
+ break;
+
+ case GRAY_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, 256);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.image_tiles[j][i]);
+ break;
+
+ case GRAYA_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8, 256);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.image_tiles[j][i]);
+
+ layer.alpha_tiles[j][i] = QImage( tile_width, tile_height, 8, 256);
++ if( layer.alpha_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.alpha_tiles[j][i]);
+ break;
+
+ case INDEXED_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height, 8,
+ xcf_image.num_colors);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ setPalette(xcf_image, layer.image_tiles[j][i]);
+ break;
+
+ case INDEXEDA_GIMAGE:
+ layer.image_tiles[j][i] = QImage(tile_width, tile_height,8,
+ xcf_image.num_colors);
++ if( layer.image_tiles[j][i].isNull())
++ return false;
+ setPalette(xcf_image, layer.image_tiles[j][i]);
+
+ layer.alpha_tiles[j][i] = QImage(tile_width, tile_height, 8, 256);
++ if( layer.alpha_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.alpha_tiles[j][i]);
+ }
+
+ if (layer.mask_offset != 0) {
+ layer.mask_tiles[j][i] = QImage(tile_width, tile_height, 8, 256);
++ if( layer.mask_tiles[j][i].isNull())
++ return false;
+ setGrayPalette(layer.mask_tiles[j][i]);
+ }
+ }
+ }
++ return true;
+ }
+
+
+@@ -1072,7 +1093,7 @@ void XCFImageFormat::assignMaskBytes(Lay
+ * For indexed images, translucency is an all or nothing effect.
+ * \param xcf_image contains image info and bottom-most layer.
+ */
+-void XCFImageFormat::initializeImage(XCFImage& xcf_image)
++bool XCFImageFormat::initializeImage(XCFImage& xcf_image)
+ {
+ // (Aliases to make the code look a little better.)
+ Layer& layer(xcf_image.layer);
+@@ -1082,12 +1103,16 @@ void XCFImageFormat::initializeImage(XCF
+ case RGB_GIMAGE:
+ if (layer.opacity == OPAQUE_OPACITY) {
+ image.create( xcf_image.width, xcf_image.height, 32);
++ if( image.isNull())
++ return false;
+ image.fill(qRgb(255, 255, 255));
+ break;
+ } // else, fall through to 32-bit representation
+
+ case RGBA_GIMAGE:
+ image.create(xcf_image.width, xcf_image.height, 32);
++ if( image.isNull())
++ return false;
+ image.fill(qRgba(255, 255, 255, 0));
+ // Turning this on prevents fill() from affecting the alpha channel,
+ // by the way.
+@@ -1097,6 +1122,8 @@ void XCFImageFormat::initializeImage(XCF
+ case GRAY_GIMAGE:
+ if (layer.opacity == OPAQUE_OPACITY) {
+ image.create(xcf_image.width, xcf_image.height, 8, 256);
++ if( image.isNull())
++ return false;
+ setGrayPalette(image);
+ image.fill(255);
+ break;
+@@ -1104,6 +1131,8 @@ void XCFImageFormat::initializeImage(XCF
+
+ case GRAYA_GIMAGE:
+ image.create(xcf_image.width, xcf_image.height, 32);
++ if( image.isNull())
++ return false;
+ image.fill(qRgba(255, 255, 255, 0));
+ image.setAlphaBuffer(true);
+ break;
+@@ -1125,12 +1154,16 @@ void XCFImageFormat::initializeImage(XCF
+ image.create(xcf_image.width, xcf_image.height,
+ 1, xcf_image.num_colors,
+ QImage::LittleEndian);
++ if( image.isNull())
++ return false;
+ image.fill(0);
+ setPalette(xcf_image, image);
+ } else if (xcf_image.num_colors <= 256) {
+ image.create(xcf_image.width, xcf_image.height,
+ 8, xcf_image.num_colors,
+ QImage::LittleEndian);
++ if( image.isNull())
++ return false;
+ image.fill(0);
+ setPalette(xcf_image, image);
Home |
Main Index |
Thread Index |
Old Index