From 18cf5b649bfd68cdb9529586efa65bec84aa5325 Mon Sep 17 00:00:00 2001 From: Brian Pepple Date: Jan 25 2008 15:00:30 +0000 Subject: - Add patch to fix buffer-overflow. (#430239) --- diff --git a/SDL_image-buffer-overflow.patch b/SDL_image-buffer-overflow.patch new file mode 100644 index 0000000..0be82dc --- /dev/null +++ b/SDL_image-buffer-overflow.patch @@ -0,0 +1,13 @@ +--- trunk/SDL_image/IMG_gif.c 2007/12/28 08:17:23 3461 ++++ trunk/SDL_image/IMG_gif.c 2007/12/28 16:43:56 3462 +@@ -418,6 +418,10 @@ + static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp; + register int i; + ++ /* Fixed buffer overflow found by Michael Skladnikiewicz */ ++ if (input_code_size > MAX_LWZ_BITS) ++ return -1; ++ + if (flag) { + set_code_size = input_code_size; + code_size = set_code_size + 1; diff --git a/SDL_image.spec b/SDL_image.spec index e6a99c4..cc4f725 100644 --- a/SDL_image.spec +++ b/SDL_image.spec @@ -1,13 +1,14 @@ Name: SDL_image Version: 1.2.6 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Image loading library for SDL Group: System Environment/Libraries License: LGPLv2+ URL: http://www.libsdl.org/projects/SDL_image/ Source0: http://www.libsdl.org/projects/%{name}/release/%{name}-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) +Patch0: %{name}-buffer-overflow.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: SDL-devel >= 1.2.10 BuildRequires: libjpeg-devel @@ -36,7 +37,7 @@ developing applications that use %{name}. %prep %setup -q - +%patch0 -p2 -b .overflow %build # XCF support is crashy in 1.2.4 @@ -82,6 +83,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Jan 24 2008 Brian Pepple - 1.2.6-4 +- Add patch to fix buffer-overflow. (#430239) + * Tue Aug 21 2007 Brian Pepple - 1.2.6-3 - Rebuild.