diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2021-05-31 20:59:14 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2021-05-31 20:59:14 +0100 |
| commit | e748ba9741f6540f4675c23e3e37b73e822c13a4 (patch) | |
| tree | 23dece8beabb3a3d7c6c0273b0eb40b21c62a889 /media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch | |
| parent | 908778078736bd36f7a60a2d576d415cb8e000fa (diff) | |
gentoo resync : 31.05.2021
Diffstat (limited to 'media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch')
| -rw-r--r-- | media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch b/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch new file mode 100644 index 000000000000..5305a6bdf21c --- /dev/null +++ b/media-libs/libcaca/files/Fix-a-problem-in-the-caca_resize-overflow-detection-.patch @@ -0,0 +1,135 @@ +From: Sam Hocevar <sam@hocevar.net> +Date: Fri, 26 Feb 2021 12:40:06 +0100 +Subject: [2/2] Fix a problem in the caca_resize() overflow detection and add + several unit tests. +Origin: https://github.com/cacalabs/libcaca/commit/e4968ba6e93e9fd35429eb16895c785c51072015 +Bug: https://github.com/cacalabs/libcaca/issues/52 +Bug-Debian: https://bugs.debian.org/983686 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-3410 + +--- + caca/canvas.c | 16 ++++++++-------- + test/canvas.cpp | 18 +++++++++++++++--- + tools/makefont.c | 22 +++++++++++++++++++--- + 3 files changed, 42 insertions(+), 14 deletions(-) + +--- a/caca/canvas.c ++++ b/caca/canvas.c +@@ -367,6 +367,14 @@ int caca_resize(caca_canvas_t *cv, int w + { + int x, y, f, old_width, old_height, old_size; + ++ /* Check for overflow */ ++ int new_size = width * height; ++ if (new_size < 0 || (width > 0 && new_size / width != height)) ++ { ++ seterrno(EOVERFLOW); ++ return -1; ++ } ++ + old_width = cv->width; + old_height = cv->height; + old_size = old_width * old_height; +@@ -377,14 +385,6 @@ int caca_resize(caca_canvas_t *cv, int w + * dirty rectangle handling */ + cv->width = width; + cv->height = height; +- int new_size = width * height; +- +- /* Check for overflow */ +- if (new_size / width != height) +- { +- seterrno(EOVERFLOW); +- return -1; +- } + + /* If width or height is smaller (or both), we have the opportunity to + * reduce or even remove dirty rectangles */ +--- a/test/canvas.cpp ++++ b/test/canvas.cpp +@@ -16,6 +16,7 @@ + #include <cppunit/TestCaller.h> + #include <cppunit/TestCase.h> + #include <cppunit/TestSuite.h> ++#include <climits> + + #include "caca.h" + +@@ -53,18 +54,29 @@ public: + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 0); + +- caca_set_canvas_size(cv, 1, 1); ++ int ret = caca_set_canvas_size(cv, 1, 1); ++ CPPUNIT_ASSERT_EQUAL(ret, 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 1); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 1); + +- caca_set_canvas_size(cv, 1234, 1001); ++ ret = caca_set_canvas_size(cv, 1234, 1001); ++ CPPUNIT_ASSERT_EQUAL(ret, 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 1234); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 1001); + +- caca_set_canvas_size(cv, 0, 0); ++ ret = caca_set_canvas_size(cv, 0, 0); ++ CPPUNIT_ASSERT_EQUAL(ret, 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_width(cv), 0); + CPPUNIT_ASSERT_EQUAL(caca_get_canvas_height(cv), 0); + ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, -1, 50)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, 50, -1)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, -1, -1)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, INT_MAX / 2, 3)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, 3, INT_MAX / 2)); ++ CPPUNIT_ASSERT_EQUAL(-1, caca_set_canvas_size(cv, INT_MAX / 2, INT_MAX / 2)); ++ CPPUNIT_ASSERT_EQUAL(0, caca_set_canvas_size(cv, 0, 0)); ++ + caca_free_canvas(cv); + } + +--- a/tools/makefont.c ++++ b/tools/makefont.c +@@ -40,7 +40,8 @@ + * and the UTF-8 glyphs necessary for canvas rotation and mirroring. */ + static unsigned int const blocklist[] = + { +- 0x0000, 0x0080, /* Basic latin: A, B, C, a, b, c */ ++ 0x0020, 0x0080, /* Basic latin: A, B, C, a, b, c */ ++#if 0 + 0x0080, 0x0100, /* Latin-1 Supplement: Ä, Ç, å, ß */ + 0x0100, 0x0180, /* Latin Extended-A: Ā č Ō œ */ + 0x0180, 0x0250, /* Latin Extended-B: Ǝ Ƹ */ +@@ -63,6 +64,7 @@ static unsigned int const blocklist[] = + 0x30a0, 0x3100, /* Katakana: ロ ル */ + 0xff00, 0xfff0, /* Halfwidth and Fullwidth Forms: A, B, C, a, b, c */ + 0x10400, 0x10450, /* Deseret: 𐐒 𐐋 */ ++#endif + 0, 0 + }; + +@@ -317,8 +319,22 @@ int main(int argc, char *argv[]) + printf_unicode(>ab[n]); + + if(gtab[n].same_as == n) +- printf_hex(" */ %s\n", +- glyph_data + gtab[n].data_offset, gtab[n].data_size); ++ { ++ char const *lut = " .:nmW@"; ++ printf("\n"); ++ for (int y = 0; y < height; ++y) ++ { ++ for (int x = 0; x < gtab[n].data_width; ++x) ++ { ++ int val = glyph_data[gtab[n].data_offset + y * gtab[n].data_width + x]; ++ char ch = lut[val * val * 7 / 256 / 256]; ++ printf("%c%c", ch, ch); ++ } ++ printf("\n"); ++ } ++ //printf_hex(" */ %s\n", ++ // glyph_data + gtab[n].data_offset, gtab[n].data_size); ++ } + else + { + printf(" is "); |