Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:17490
htmldoc.openSUSE_Backports_SLE-15-SP3_Update
htmldoc-CVE-2021-40985.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File htmldoc-CVE-2021-40985.patch of Package htmldoc.openSUSE_Backports_SLE-15-SP3_Update
From f12b9666e582a8e7b70f11b28e5ffc49ad625d43 Mon Sep 17 00:00:00 2001 From: Michael R Sweet <michael.r.sweet@gmail.com> Date: Sat, 11 Sep 2021 18:12:33 -0400 Subject: [PATCH] Fix BMP crash bug (Issue #444) diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx index 337c0cc5..d44d1ba3 100644 --- a/htmldoc/image.cxx +++ b/htmldoc/image.cxx @@ -915,6 +915,9 @@ image_load_bmp(image_t *img, /* I - Image to load into */ colors_used = (int)read_dword(fp); read_dword(fp); + if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192) + return (-1); + if (info_size > 40) for (info_size -= 40; info_size > 0; info_size --) getc(fp); @@ -926,7 +929,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */ fread(colormap, (size_t)colors_used, 4, fp); // Setup image and buffers... - img->depth = gray ? 1 : 3; + img->depth = gray ? 1 : 3; // If this image is indexed and we are writing an encrypted PDF file, bump the use count so // we create an image object (Acrobat 6 bug workaround) @@ -1076,7 +1079,7 @@ image_load_bmp(image_t *img, /* I - Image to load into */ if (bit == 0xf0) { if (color < 0) - temp = getc(fp); + temp = getc(fp) & 255; else temp = color;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor