From f1dbd5545c3f16a96bada77bd280b637cc0bf550 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@cl.no>
Date: Wed, 19 Jul 2017 22:54:48 +0200
Subject: [PATCH] icns: Fix possible integer underflow
Make sure blocklen is greater than or equal to the size of an IcnsBlockHeader.
https://bugzilla.gnome.org/show_bug.cgi?id=779016
---
gdk-pixbuf/io-icns.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/gdk-pixbuf/io-icns.c b/gdk-pixbuf/io-icns.c
index a432e46..3ff6e2e 100644
--- a/gdk-pixbuf/io-icns.c
+++ b/gdk-pixbuf/io-icns.c
@@ -98,6 +98,9 @@ load_resources (unsigned size, IN gpointer data, gsize datalen,
if (blocklen > icnslen - (current - bytes))
return FALSE;
+ if (blocklen < sizeof (IcnsBlockHeader))
+ return FALSE;
+
switch (size)
{
case 256:
--
2.12.0
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
03071ba7f1804025347bef3d95314472
>
files
>
3
