Overview

File mgetty-CVE-2019-1010190.patch of Package mgetty.12102

From daf1913522efdebb239cd799892c9f9e1dc5af12 Mon Sep 17 00:00:00 2001
From: Gert Doering <gert@greenie.muc.de>
Date: Thu, 30 Aug 2018 23:53:34 +0200
Subject: [PATCH] Handle invalid PBM files more gracefully.

A PBM file with a negative line width in the header could lead
to a crash due to array overrun in putwhitespan() (depending on
optimization and architecture).  Add check for negative values
for width and height - if yes, abort with error message.

Found and reported by Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 g3/pbm2g3.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/g3/pbm2g3.c b/g3/pbm2g3.c
index b188b81..54a6386 100644
--- a/g3/pbm2g3.c
+++ b/g3/pbm2g3.c
@@ -449,6 +449,12 @@ int main _P2( (argc, argv), int argc, char ** argv )
 	exit(4);
     }
 
+    if ( pbm_xsize <= 0 || pbm_ysize <= 0 )
+    {
+	fprintf( stderr, "%s: malformed PBM file (negative width or height)\n", argv[0] );
+	exit(4);
+    }
+
     /* unsupported bitmap types */
     
     if ( pbm_type == pgm || pbm_type == pgm_raw )
-- 
2.22.0
openSUSE Build Service is sponsored by
Places