Overview

File netpbm-CVE-2017-2581.patch of Package netpbm

Index: netpbm-10.66.3/converter/other/bmptopnm.c
===================================================================
--- netpbm-10.66.3.orig/converter/other/bmptopnm.c	2017-06-09 08:09:14.097985963 +0200
+++ netpbm-10.66.3/converter/other/bmptopnm.c	2017-06-09 08:22:29.016324594 +0200
@@ -369,12 +369,19 @@ readWindowsBasic40ByteInfoHeader(FILE *
     int colorsimportant;   /* ColorsImportant value from header */
     int colorsused;        /* ColorsUsed value from header */
     unsigned short planesField, bitCountField;
-
+    int32_t colsField;
+ 
     headerP->class = C_WIN;
 
-    headerP->cols = GetLong(ifP);
-    if (headerP->cols == 0)
-        pm_error("Invalid BMP file: says width is zero");
+    pm_readlittlelong2(ifP, &colsField);
+
+    if (colsField == 0)
+         pm_error("Invalid BMP file: says width is zero");
+    else if (colsField < 0)
+        pm_error("Invalid BMP file: says width is negative (%d)", colsField);
+    else
+        headerP->cols = (unsigned int)colsField;
+
     {
         long const cy = GetLong(ifP);
openSUSE Build Service is sponsored by
Places