From 2bb97f407c1145c850416a3bfbcc8cf124e68a19 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sat, 16 Apr 2016 03:51:22 -0400
Subject: [PATCH] gd2: handle corrupt images better (CVE-2016-3074)
Make sure we do some range checking on corrupted chunks.
Thanks to Hans Jerry Illikainen <hji@dyntopia.com> for indepth report
and reproducer information. Made for easy test case writing :).
---
src/gd_gd2.c | 2 ++
1 files changed, 2 insertions(+), 0 deletion(-)
diff --git a/src/gd_gd2.c b/src/gd_gd2.c
index 6f28461..a50b33d 100644
--- a/src/gd_gd2.c
+++ b/src/gd_gd2.c
@@ -165,6 +165,8 @@ _gd2GetHeader (gdIOCtxPtr in, int *sx, int *sy,
if (gdGetInt (&cidx[i].size, in) != 1) {
goto fail2;
};
+ if (cidx[i].offset < 0 || cidx[i].size < 0)
+ goto fail2;
};
*chunkIdx = cidx;
};
distrib
>
Mageia
>
5
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
960943e7c34bca76f5c375480eb883bd
>
files
>
1
