File bnc#724628-0002-file-gif-load-fix-type-overflow... of Package gimp.817

Overview Repositories Revisions Requests Users Attributes Meta

File bnc#724628-0002-file-gif-load-fix-type-overflow-CVE-2012-3481.patch of Package gimp.817

From 407606bdbb404c0a1bf14751a394459e1bedfc08 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com>
Date: Tue, 14 Aug 2012 15:27:39 +0200
Subject: [PATCH 2/2] file-gif-load: fix type overflow (CVE-2012-3481)

Cast variables properly to avoid overflowing when computing how much
memory to allocate.
---
 plug-ins/common/file-gif-load.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plug-ins/common/file-gif-load.c b/plug-ins/common/file-gif-load.c
index 909b184..b46ba08 100644
--- a/plug-ins/common/file-gif-load.c
+++ b/plug-ins/common/file-gif-load.c
@@ -1033,9 +1033,9 @@ ReadImage (FILE        *fd,
   }
 
   if (alpha_frame)
-    dest = (guchar *) g_malloc (len * height * (promote_to_rgb ? 4 : 2));
+    dest = (guchar *) g_malloc ((gsize)len * (gsize)height * (promote_to_rgb ? 4 : 2));
   else
-    dest = (guchar *) g_malloc (len * height);
+    dest = (guchar *) g_malloc ((gsize)len * (gsize)height);
 
 #ifdef GIFDEBUG
     g_print ("GIF: reading %d by %d%s GIF image, ncols=%d\n",
-- 
1.7.11.4

Places

File bnc#724628-0002-file-gif-load-fix-type-overflow-CVE-2012-3481.patch of Package gimp.817

Places