summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch
blob: b01136f9ac39cd9f520fda80d9177bfd8ae2c8b0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
python-imaging: CVE-2016-2533

the patch comes from:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b

PCD decoder overruns the shuffle buffer, Fixes #568

Signed-off-by: Li Wang <li.wang@windriver.com>
---
 libImaging/PcdDecode.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libImaging/PcdDecode.c b/libImaging/PcdDecode.c
index b6898e3..c02d005 100644
--- a/libImaging/PcdDecode.c
+++ b/libImaging/PcdDecode.c
@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
 	    out[0] = ptr[x];
 	    out[1] = ptr[(x+4*state->xsize)/2];
 	    out[2] = ptr[(x+5*state->xsize)/2];
-	    out += 4;
+	    out += 3;
 	}
 
 	state->shuffle((UINT8*) im->image[state->y],
@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
 	    out[0] = ptr[x+state->xsize];
 	    out[1] = ptr[(x+4*state->xsize)/2];
 	    out[2] = ptr[(x+5*state->xsize)/2];
-	    out += 4;
+	    out += 3;
 	}
 
 	state->shuffle((UINT8*) im->image[state->y],
-- 
1.7.9.5