pull fix from upstream (Philip Lafleur <plafleur@cvs.gnome.org>)
* app/paint/gimpink-blob.c (blob_make_convex): Check if the array index is legal before using it, not the other way around. Fixes bug #144856. fixes out of bounds read noticed by Alf Schlichting <a.schlichting@lemarit.com> with malloc.conf ok brad@
This commit is contained in:
parent
de8b8eebad
commit
2ac5c3f75f
21
graphics/gimp/stable/patches/patch-app_blob_c
Normal file
21
graphics/gimp/stable/patches/patch-app_blob_c
Normal file
@ -0,0 +1,21 @@
|
||||
$OpenBSD: patch-app_blob_c,v 1.1 2004/08/04 03:58:13 david Exp $
|
||||
--- app/blob.c.orig Sat Dec 16 15:36:51 2000
|
||||
+++ app/blob.c Wed Jul 28 12:08:51 2004
|
||||
@@ -239,7 +239,7 @@ blob_make_convex (Blob *b, EdgeType *pre
|
||||
{
|
||||
present[i2] &= ~EDGE_LEFT;
|
||||
i2 = i1;
|
||||
- while (!(present[--i1] & EDGE_LEFT) && i1>=start);
|
||||
+ while ((--i1) >= start && (! (present[i1] & EDGE_LEFT)));
|
||||
|
||||
if (i1<start)
|
||||
{
|
||||
@@ -279,7 +279,7 @@ blob_make_convex (Blob *b, EdgeType *pre
|
||||
{
|
||||
present[i2] &= ~EDGE_RIGHT;
|
||||
i2 = i1;
|
||||
- while (!(present[--i1] & EDGE_RIGHT) && i1>=start);
|
||||
+ while ((--i1) >= start && (! (present[i1] & EDGE_RIGHT)));
|
||||
|
||||
if (i1<start)
|
||||
{
|
Loading…
Reference in New Issue
Block a user