From 2ac5c3f75fd30138bdfcda52bff000e5efc62068 Mon Sep 17 00:00:00 2001 From: david Date: Wed, 4 Aug 2004 03:58:13 +0000 Subject: [PATCH] pull fix from upstream (Philip Lafleur ) * app/paint/gimpink-blob.c (blob_make_convex): Check if the array index is legal before using it, not the other way around. Fixes bug #144856. fixes out of bounds read noticed by Alf Schlichting with malloc.conf ok brad@ --- graphics/gimp/stable/patches/patch-app_blob_c | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 graphics/gimp/stable/patches/patch-app_blob_c diff --git a/graphics/gimp/stable/patches/patch-app_blob_c b/graphics/gimp/stable/patches/patch-app_blob_c new file mode 100644 index 00000000000..7f85edfd55f --- /dev/null +++ b/graphics/gimp/stable/patches/patch-app_blob_c @@ -0,0 +1,21 @@ +$OpenBSD: patch-app_blob_c,v 1.1 2004/08/04 03:58:13 david Exp $ +--- app/blob.c.orig Sat Dec 16 15:36:51 2000 ++++ app/blob.c Wed Jul 28 12:08:51 2004 +@@ -239,7 +239,7 @@ blob_make_convex (Blob *b, EdgeType *pre + { + present[i2] &= ~EDGE_LEFT; + i2 = i1; +- while (!(present[--i1] & EDGE_LEFT) && i1>=start); ++ while ((--i1) >= start && (! (present[i1] & EDGE_LEFT))); + + if (i1=start); ++ while ((--i1) >= start && (! (present[i1] & EDGE_RIGHT))); + + if (i1