diff options
author | Dan Andresan <Dan.Andresan@enea.com> | 2018-10-29 12:01:08 +0100 |
---|---|---|
committer | Gerrit Code Review <gerrit2@sestogerrit02> | 2018-10-29 12:01:08 +0100 |
commit | 1fd90264695d95bc6a84409283cd6d002c0b0e35 (patch) | |
tree | 3c68f0135854e61128e2adf7b9270a179bd89063 /recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch | |
parent | c1d3038ebc3595d452dd987ce985446b75b944db (diff) | |
parent | af4aca51dcef02ca7b07fd0f77d0f8c856dc54b5 (diff) | |
download | meta-el-common-1fd90264695d95bc6a84409283cd6d002c0b0e35.tar.gz |
Merge "gdk-pixbuf: Fix CVE-2017-6311" into pyro
Diffstat (limited to 'recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch')
-rw-r--r-- | recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch b/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch new file mode 100644 index 0000000..25d55ad --- /dev/null +++ b/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2017-6311.patch | |||
@@ -0,0 +1,109 @@ | |||
1 | From 725afb9a926553b664a1cb1270d38de133f659e1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Andreas Wellving <andreas.wellving@enea.com> | ||
3 | Date: Mon, 22 Oct 2018 12:21:56 +0200 | ||
4 | Subject: [PATCH] ico: Return an error when the ICO didn't load | ||
5 | |||
6 | If we don't even read enough data to fill the header, return an | ||
7 | error. This doesn't cover everything that could go wrong with | ||
8 | the ICO incremental loader, but this is a good first throw. | ||
9 | |||
10 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/7586553] | ||
11 | |||
12 | thumbnailer: Update skeleton to fix a possible crash | ||
13 | |||
14 | If the loader returns a NULL pixbuf without returning an | ||
15 | error, the skeleton would crash trying to print the error. | ||
16 | Print that the thumbnailer is broken instead. | ||
17 | |||
18 | https://bugzilla.gnome.org/show_bug.cgi?id=778204 | ||
19 | |||
20 | Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/gdk-pixbuf/commit/57362ed] | ||
21 | |||
22 | CVE: CVE-2017-6311 | ||
23 | Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> | ||
24 | --- | ||
25 | gdk-pixbuf/io-ico.c | 11 ++++++++++- | ||
26 | thumbnailer/gnome-thumbnailer-skeleton.c | 14 ++++++++++++-- | ||
27 | 2 files changed, 22 insertions(+), 3 deletions(-) | ||
28 | |||
29 | diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c | ||
30 | index 2b0441f..68295a3 100644 | ||
31 | --- a/gdk-pixbuf/io-ico.c | ||
32 | +++ b/gdk-pixbuf/io-ico.c | ||
33 | @@ -605,6 +605,7 @@ gdk_pixbuf__ico_image_stop_load(gpointer data, | ||
34 | { | ||
35 | struct ico_progressive_state *context = | ||
36 | (struct ico_progressive_state *) data; | ||
37 | + gboolean ret = TRUE; | ||
38 | |||
39 | /* FIXME this thing needs to report errors if | ||
40 | * we have unused image data | ||
41 | @@ -612,8 +613,16 @@ gdk_pixbuf__ico_image_stop_load(gpointer data, | ||
42 | |||
43 | g_return_val_if_fail(context != NULL, TRUE); | ||
44 | |||
45 | + if (context->HeaderDone < context->HeaderSize) { | ||
46 | + g_set_error_literal (error, | ||
47 | + GDK_PIXBUF_ERROR, | ||
48 | + GDK_PIXBUF_ERROR_CORRUPT_IMAGE, | ||
49 | + _("ICO image was truncated or incomplete.")); | ||
50 | + ret = FALSE; | ||
51 | + } | ||
52 | + | ||
53 | context_free (context); | ||
54 | - return TRUE; | ||
55 | + return ret; | ||
56 | } | ||
57 | |||
58 | static void | ||
59 | diff --git a/thumbnailer/gnome-thumbnailer-skeleton.c b/thumbnailer/gnome-thumbnailer-skeleton.c | ||
60 | index d686432..73da53e 100644 | ||
61 | --- a/thumbnailer/gnome-thumbnailer-skeleton.c | ||
62 | +++ b/thumbnailer/gnome-thumbnailer-skeleton.c | ||
63 | @@ -37,6 +37,7 @@ static int output_size = 256; | ||
64 | static gboolean g_fatal_warnings = FALSE; | ||
65 | static char **filenames = NULL; | ||
66 | |||
67 | +#if !GDK_PIXBUF_CHECK_VERSION(2,36,5) | ||
68 | /** | ||
69 | * gnome_desktop_thumbnail_scale_down_pixbuf: | ||
70 | * @pixbuf: a #GdkPixbuf | ||
71 | @@ -178,6 +179,7 @@ gnome_desktop_thumbnail_scale_down_pixbuf (GdkPixbuf *pixbuf, | ||
72 | |||
73 | return dest_pixbuf; | ||
74 | } | ||
75 | +#endif | ||
76 | |||
77 | static char * | ||
78 | get_target_uri (GFile *file) | ||
79 | @@ -291,9 +293,16 @@ int main (int argc, char **argv) | ||
80 | |||
81 | scale = (double)output_size / MAX (width, height); | ||
82 | |||
83 | +#if !GDK_PIXBUF_CHECK_VERSION(2,36,5) | ||
84 | scaled = gnome_desktop_thumbnail_scale_down_pixbuf (pixbuf, | ||
85 | floor (width * scale + 0.5), | ||
86 | floor (height * scale + 0.5)); | ||
87 | +#else | ||
88 | + scaled = gdk_pixbuf_scale_simple (pixbuf, | ||
89 | + floor (width * scale + 0.5), | ||
90 | + floor (height * scale + 0.5), | ||
91 | + GDK_INTERP_HYPER); | ||
92 | +#endif | ||
93 | gdk_pixbuf_copy_options (pixbuf, scaled); | ||
94 | g_object_unref (pixbuf); | ||
95 | pixbuf = scaled; | ||
96 | @@ -316,8 +325,9 @@ int main (int argc, char **argv) | ||
97 | g_free (input_filename); | ||
98 | |||
99 | if (!pixbuf) { | ||
100 | - g_warning ("Could not thumbnail '%s': %s", filenames[0], error->message); | ||
101 | - g_error_free (error); | ||
102 | + g_warning ("Could not thumbnail '%s': %s", filenames[0], | ||
103 | + error ? error->message : "Thumbnailer failed without returning an error"); | ||
104 | + g_clear_error (&error); | ||
105 | g_strfreev (filenames); | ||
106 | return 1; | ||
107 | } | ||
108 | |||
109 | |||