SECURITY FIX for CVE-2008-5187

another buffer overflow in the xpm loader
2009-01-13 17:43:28 +00:00 · 2009-01-13 17:43:28 +00:00 · 62cf59b910
commit 62cf59b910
parent 7eef10366c
2 changed files with 23 additions and 5 deletions
--- a/graphics/imlib2/Makefile
+++ b/graphics/imlib2/Makefile
@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.20 2008/08/24 09:01:51 brad Exp $
+# $OpenBSD: Makefile,v 1.21 2009/01/13 17:43:28 jasper Exp $

 COMMENT=	image manipulation library

 DISTNAME=	imlib2-1.4.0
-PKGNAME=	${DISTNAME}p0
+PKGNAME=	${DISTNAME}p1
 SHARED_LIBS=	Imlib2	5.0	# .5.0
 CATEGORIES=	graphics

--- a/graphics/imlib2/patches/patch-src_modules_loaders_loader_xpm_c
+++ b/graphics/imlib2/patches/patch-src_modules_loaders_loader_xpm_c
@ -1,6 +1,24 @@
-$OpenBSD: patch-src_modules_loaders_loader_xpm_c,v 1.3 2008/06/09 18:24:21 naddy Exp $
--- src/modules/loaders/loader_xpm.c.orig	Mon Jun  9 12:17:49 2008
-+++ src/modules/loaders/loader_xpm.c	Mon Jun  9 12:19:13 2008
+$OpenBSD: patch-src_modules_loaders_loader_xpm_c,v 1.4 2009/01/13 17:43:29 jasper Exp $
+
+Chunk at line 246:
+CVE-2008-5187, Buffer overflow in the xpm loader.
+Patch from Debian's original bug report, #505714
+
+Chunk at line 284:
+Buffer overflow, see: http://secunia.com/secunia_research/2008-25/advisory/
+
+--- src/modules/loaders/loader_xpm.c.orig	Tue Apr 10 00:40:40 2007
+++ src/modules/loaders/loader_xpm.c	Tue Jan 13 18:34:23 2009
+@@ -246,8 +246,8 @@ load(ImlibImage * im, ImlibProgressFunction progress, 
+                                  return 0;
+                               }
+                             ptr = im->data;
+-                            end = ptr + (sizeof(DATA32) * w * h);
+                             pixels = w * h;
+			    end = ptr + pixels;
+                          }
+                        else
+                          {
@@ -284,7 +284,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, 
                                  if (line[k] != ' ')
                                    {