Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:pgajdos:maintenance:htmldoc
htmldoc.openSUSE_Backports_SLE-15-SP3_Update
htmldoc-CVE-2022-27114.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File htmldoc-CVE-2022-27114.patch of Package htmldoc.openSUSE_Backports_SLE-15-SP3_Update
Index: htmldoc-1.9.12/htmldoc/image.cxx =================================================================== --- htmldoc-1.9.12.orig/htmldoc/image.cxx +++ htmldoc-1.9.12/htmldoc/image.cxx @@ -26,6 +26,13 @@ extern "C" { /* Workaround for JPEG hea /* + * Limits... + */ + +#define IMAGE_MAX_DIM 37837 // Maximum dimension - sqrt(4GiB / 3) + + +/* * GIF definitions... */ @@ -926,7 +933,7 @@ image_load_bmp(image_t *img, /* I - Imag colors_used = (int)read_dword(fp); read_dword(fp); - if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192 || info_size < 0) + if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM || info_size < 0) return (-1); if (info_size > 40) @@ -1278,7 +1285,7 @@ image_load_gif(image_t *img, /* I - Imag img->height = (buf[9] << 8) | buf[8]; ncolors = 2 << (buf[10] & 0x07); - if (img->width <= 0 || img->width > 32767 || img->height <= 0 || img->height > 32767) + if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM) return (-1); // If we are writing an encrypted PDF file, bump the use count so we create @@ -1359,6 +1366,9 @@ image_load_gif(image_t *img, /* I - Imag if (!load_data) return (0); + if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM) + return (-1); + img->pixels = (uchar *)malloc((size_t)(img->width * img->height * img->depth)); if (img->pixels == NULL) return (-1); @@ -1439,6 +1449,12 @@ JSAMPROW row; /* Sample row pointer * img->height = (int)cinfo.output_height; img->depth = (int)cinfo.output_components; + if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM) + { + jpeg_destroy_decompress(&cinfo); + return (-1); + } + if (!load_data) { jpeg_destroy_decompress(&cinfo); @@ -1593,6 +1609,12 @@ image_load_png(image_t *img, /* I - Imag img->width = (int)png_get_image_width(pp, info); img->height = (int)png_get_image_height(pp, info); + if (img->width <= 0 || img->width > IMAGE_MAX_DIM || img->height <= 0 || img->height > IMAGE_MAX_DIM) + { + png_destroy_read_struct(&pp, &info, NULL); + return (-1); + } + if (color_type & PNG_COLOR_MASK_ALPHA) { if ((PSLevel == 0 && PDFVersion >= 14) || PSLevel == 3)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor