Overview

File htmldoc-CVE-2021-43579.patch of Package htmldoc.17472

From 27d08989a5a567155d506ac870ae7d8cc88fa58b Mon Sep 17 00:00:00 2001
From: Michael R Sweet <msweet@msweet.org>
Date: Fri, 5 Nov 2021 09:35:10 -0400
Subject: [PATCH] Fix potential BMP stack overflow (Issue #453)
Index: htmldoc-1.9.12/htmldoc/image.cxx
===================================================================
--- htmldoc-1.9.12.orig/htmldoc/image.cxx	2022-02-10 13:12:12.294535213 +0100
+++ htmldoc-1.9.12/htmldoc/image.cxx	2022-02-10 13:12:12.302535260 +0100
@@ -915,16 +915,20 @@ image_load_bmp(image_t *img,	/* I - Imag
   colors_used      = (int)read_dword(fp);
   read_dword(fp);
 
-  if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192)
+  if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192 || info_size < 0)
     return (-1);
 
   if (info_size > 40)
+  {
     for (info_size -= 40; info_size > 0; info_size --)
       getc(fp);
+  }
 
   // Get colormap...
   if (colors_used == 0 && depth <= 8)
     colors_used = 1 << depth;
+  else if (colors_used < 0 || colors_used > 256)
+    return (-1);
 
   fread(colormap, (size_t)colors_used, 4, fp);
openSUSE Build Service is sponsored by
Places