Bug#857086: unblock: icoutils/0.31.2-1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock icoutils 0.31.2-1, which contains various security fixes.
diff -Nru icoutils-0.31.1/AUTHORS icoutils-0.31.2/AUTHORS
--- icoutils-0.31.1/AUTHORS 2013-05-19 13:17:31.000000000 +0100
+++ icoutils-0.31.2/AUTHORS 2017-03-06 21:27:25.000000000 +0000
@@ -20,8 +20,11 @@
Marcin Siennicki
- BMP extraction support for wrestool
+Martin Gieseking <martin.gieseking@uos.de>
+ - Security fixes
+ - Miscellaneous fixes and improvements
+
Joel Holdsworth<joel@airwebreathe.org.uk>
-Martin Gieseking
Martin Storsjö<martin@martin.st>
Mathew Eis <mathew.eis@gmail.com>
Sebastián Puebla <spuebla@hotmail.com>
@@ -33,3 +36,7 @@
Markus Schölzel <m-schoelzel@web.de>
Richard W.M. Jones <rjones@redhat.com>
- man page improvements
+
+Jerzy Kramarz <op7ica@gmail.com>
+ - pointing out various crashes/bugs exploitable for DoS
+ purposes
diff -Nru icoutils-0.31.1/NEWS icoutils-0.31.2/NEWS
--- icoutils-0.31.1/NEWS 2017-01-08 14:44:57.000000000 +0000
+++ icoutils-0.31.2/NEWS 2017-03-06 21:32:05.000000000 +0000
@@ -1,3 +1,8 @@
+2017-03-06: icoutils 0.31.2 released.
+ Various security fixes from Martin Gieseking,
+ issues found by Jerzy Kramarz
+ (CVE-2017-6009, CVE-2017-6010, CVE-2017-6011).
+
2017-01-08: icoutils 0.31.1 released.
Security fixes:
Colin Watson, Debian bug #850017
diff -Nru icoutils-0.31.1/configure icoutils-0.31.2/configure
--- icoutils-0.31.1/configure 2017-01-08 14:40:28.000000000 +0000
+++ icoutils-0.31.2/configure 2017-03-06 21:28:08.000000000 +0000
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for icoutils 0.31.1.
+# Generated by GNU Autoconf 2.69 for icoutils 0.31.2.
#
# Report bugs to <frank.richter@gmail.com>.
#
@@ -580,8 +580,8 @@
# Identity of this package.
PACKAGE_NAME='icoutils'
PACKAGE_TARNAME='icoutils'
-PACKAGE_VERSION='0.31.1'
-PACKAGE_STRING='icoutils 0.31.1'
+PACKAGE_VERSION='0.31.2'
+PACKAGE_STRING='icoutils 0.31.2'
PACKAGE_BUGREPORT='frank.richter@gmail.com'
PACKAGE_URL=''
@@ -1948,7 +1948,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures icoutils 0.31.1 to adapt to many kinds of systems.
+\`configure' configures icoutils 0.31.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -2018,7 +2018,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of icoutils 0.31.1:";;
+ short | recursive ) echo "Configuration of icoutils 0.31.2:";;
esac
cat <<\_ACEOF
@@ -2128,7 +2128,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-icoutils configure 0.31.1
+icoutils configure 0.31.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2780,7 +2780,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by icoutils $as_me 0.31.1, which was
+It was created by icoutils $as_me 0.31.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3670,7 +3670,7 @@
# Define the identity of the package.
PACKAGE='icoutils'
- VERSION='0.31.1'
+ VERSION='0.31.2'
cat >>confdefs.h <<_ACEOF
@@ -20061,7 +20061,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by icoutils $as_me 0.31.1, which was
+This file was extended by icoutils $as_me 0.31.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -20127,7 +20127,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-icoutils config.status 0.31.1
+icoutils config.status 0.31.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -Nru icoutils-0.31.1/configure.ac icoutils-0.31.2/configure.ac
--- icoutils-0.31.1/configure.ac 2017-01-08 14:39:40.000000000 +0000
+++ icoutils-0.31.2/configure.ac 2017-03-06 21:27:54.000000000 +0000
@@ -1,7 +1,7 @@
# -*- Autoconf -*-
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
-AC_INIT(icoutils, 0.31.1, frank.richter@gmail.com)
+AC_INIT(icoutils, 0.31.2, frank.richter@gmail.com)
AC_CONFIG_MACRO_DIR([m4]) # doesn't seem to have any effect at the moment
AC_CONFIG_SRCDIR([icotool/icotool.h])
AC_CONFIG_HEADER([config.h])
diff -Nru icoutils-0.31.1/debian/.git-dpm icoutils-0.31.2/debian/.git-dpm
--- icoutils-0.31.1/debian/.git-dpm 2017-01-09 18:24:36.000000000 +0000
+++ icoutils-0.31.2/debian/.git-dpm 2017-03-07 17:30:30.000000000 +0000
@@ -1,8 +1,8 @@
# see git-dpm(1) from git-dpm package
-f704125a5652f867d4f2acf45a52dc53b2c77fce
-f704125a5652f867d4f2acf45a52dc53b2c77fce
-f704125a5652f867d4f2acf45a52dc53b2c77fce
-f704125a5652f867d4f2acf45a52dc53b2c77fce
-icoutils_0.31.1.orig.tar.bz2
-751aa911164aea06e3b88cb1625aad8e0a96f5d0
-573484
+c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9
+c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9
+c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9
+c50ee01e3bbbc846f7b17e7de1d7c092e7b950c9
+icoutils_0.31.2.orig.tar.bz2
+49391e2187ea9850893e042b69444e6b4cc5f9aa
+573585
diff -Nru icoutils-0.31.1/debian/changelog icoutils-0.31.2/debian/changelog
--- icoutils-0.31.1/debian/changelog 2017-01-09 18:31:05.000000000 +0000
+++ icoutils-0.31.2/debian/changelog 2017-03-07 22:18:53.000000000 +0000
@@ -1,3 +1,12 @@
+icoutils (0.31.2-1) unstable; urgency=high
+
+ * New upstream release.
+ - CVE-2017-6009, CVE-2017-6010, CVE-2017-6011: Various security fixes
+ from Martin Gieseking, issues found by Jerzy Kramarz (closes: #854050,
+ #854054).
+
+ -- Colin Watson <cjwatson@debian.org> Tue, 07 Mar 2017 22:18:53 +0000
+
icoutils (0.31.1-1) unstable; urgency=high
* New upstream release.
diff -Nru icoutils-0.31.1/extresso/extresso icoutils-0.31.2/extresso/extresso
--- icoutils-0.31.1/extresso/extresso 2017-01-08 14:40:54.000000000 +0000
+++ icoutils-0.31.2/extresso/extresso 2017-03-06 21:33:59.000000000 +0000
@@ -71,7 +71,7 @@
exit;
}
if ($arg_version) {
- print "$PROGRAM (icoutils) 0.31.1\n";
+ print "$PROGRAM (icoutils) 0.31.2\n";
print "Written by Oskar Liljeblad.\n\n";
print "Copyright (C) 1998-2005 Oskar Liljeblad.\n";
print "This is free software; see the source for copying conditions. There is NO\n";
diff -Nru icoutils-0.31.1/extresso/genresscript icoutils-0.31.2/extresso/genresscript
--- icoutils-0.31.1/extresso/genresscript 2017-01-08 14:40:54.000000000 +0000
+++ icoutils-0.31.2/extresso/genresscript 2017-03-06 21:33:59.000000000 +0000
@@ -58,7 +58,7 @@
exit;
}
if ($arg_version) {
- print "$PROGRAM (icoutils) 0.31.1\n";
+ print "$PROGRAM (icoutils) 0.31.2\n";
print "Written by Oskar Liljeblad.\n\n";
print "Copyright (C) 1998-2005 Oskar Liljeblad.\n";
print "This is free software; see the source for copying conditions. There is NO\n";
diff -Nru icoutils-0.31.1/icotool/extract.c icoutils-0.31.2/icotool/extract.c
--- icoutils-0.31.1/icotool/extract.c 2012-08-23 15:47:06.000000000 +0100
+++ icoutils-0.31.2/icotool/extract.c 2017-03-06 21:23:33.000000000 +0000
@@ -138,7 +138,8 @@
Win32RGBQuad *palette = NULL;
uint32_t palette_count = 0;
uint32_t image_size, mask_size;
- uint32_t width, height, bit_count;
+ int32_t width, height;
+ uint32_t bit_count;
uint8_t *image_data = NULL, *mask_data = NULL;
png_structp png_ptr = NULL;
png_infop info_ptr = NULL;
@@ -154,16 +155,23 @@
/* Vista icon: it's just a raw PNG */
if (bitmap.size == ICO_PNG_MAGIC)
{
+ uint32_t unsigned_width, unsigned_height;
fseek(in, offset, SEEK_SET);
image_size = entries[c].dib_size;
image_data = xmalloc(image_size);
if (!xfread(image_data, image_size, in))
goto done;
-
- if (!read_png (image_data, image_size, &bit_count, &width, &height))
+
+ if (!read_png (image_data, image_size, &bit_count, &unsigned_width, &unsigned_height))
goto done;
-
+
+ width = (int32_t)unsigned_width;
+ height = (int32_t)unsigned_height;
+ if ((bitmap.width > INT32_MAX/4) || (bitmap.height > INT32_MAX)) {
+ warn(_("PNG too large"));
+ goto done;
+ }
completed++;
if (!filter(completed, width, height, bitmap.bit_count, palette_count, dir.type == 1,
@@ -229,11 +237,19 @@
if (bitmap.clr_used != 0 || bitmap.bit_count < 24) {
palette_count = (bitmap.clr_used != 0 ? bitmap.clr_used : 1 << bitmap.bit_count);
+ if (palette_count > 256) {
+ warn(_("palette too large"));
+ goto done;
+ }
palette = xmalloc(sizeof(Win32RGBQuad) * palette_count);
if (!xfread(palette, sizeof(Win32RGBQuad) * palette_count, in))
goto done;
offset += sizeof(Win32RGBQuad) * palette_count;
}
+ if (abs(bitmap.width) > INT32_MAX/max(4, bitmap.bit_count)) {
+ warn(_("bitmap width too large"));
+ goto done;
+ }
width = bitmap.width;
height = abs(bitmap.height)/2;
Binary files /tmp/_uaDpX67gW/icoutils-0.31.1/po/en@boldquot.gmo and /tmp/f9PmotVM7d/icoutils-0.31.2/po/en@boldquot.gmo differ
diff -Nru icoutils-0.31.1/po/en@boldquot.po icoutils-0.31.2/po/en@boldquot.po
--- icoutils-0.31.1/po/en@boldquot.po 2017-01-08 14:46:32.000000000 +0000
+++ icoutils-0.31.2/po/en@boldquot.po 2017-03-06 21:34:48.000000000 +0000
@@ -30,10 +30,10 @@
#
msgid ""
msgstr ""
-"Project-Id-Version: icoutils 0.31.1\n"
+"Project-Id-Version: icoutils 0.31.2\n"
"Report-Msgid-Bugs-To: frank.richter@gmail.com\n"
-"POT-Creation-Date: 2017-01-08 15:40+0100\n"
-"PO-Revision-Date: 2017-01-08 15:40+0100\n"
+"POT-Creation-Date: 2017-03-06 22:34+0100\n"
+"PO-Revision-Date: 2017-03-06 22:34+0100\n"
"Last-Translator: Automatically generated\n"
"Language-Team: none\n"
"Language: en@boldquot\n"
@@ -315,11 +315,11 @@
msgid "not a png file"
msgstr "not a png file"
-#: icotool/create.c:125 icotool/extract.c:273 icotool/extract.c:449
+#: icotool/create.c:125 icotool/extract.c:289 icotool/extract.c:465
msgid "cannot initialize PNG library"
msgstr "cannot initialize PNG library"
-#: icotool/create.c:130 icotool/extract.c:278 icotool/extract.c:454
+#: icotool/create.c:130 icotool/extract.c:294 icotool/extract.c:470
msgid "cannot create PNG info structure - out of memory"
msgstr "cannot create PNG info structure - out of memory"
@@ -328,12 +328,12 @@
msgid "cannot decrease bit depth from %d to %d, bit depth not changed"
msgstr "cannot decrease bit depth from %d to %d, bit depth not changed"
-#: icotool/create.c:258 icotool/extract.c:191 icotool/extract.c:288
+#: icotool/create.c:258 icotool/extract.c:199 icotool/extract.c:304
msgid "cannot create file"
msgstr "cannot create file"
#: icotool/create.c:267 icotool/create.c:309 icotool/create.c:319
-#: icotool/create.c:393 icotool/extract.c:199
+#: icotool/create.c:393 icotool/extract.c:207
msgid "cannot write to file"
msgstr "cannot write to file"
@@ -353,60 +353,72 @@
msgid "reserved is not zero"
msgstr "reserved is not zero"
-#: icotool/extract.c:178 icotool/extract.c:339
+#: icotool/extract.c:172
+msgid "PNG too large"
+msgstr "PNG too large"
+
+#: icotool/extract.c:186 icotool/extract.c:355
#, c-format
msgid "--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d"
msgstr ""
"--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d"
-#: icotool/extract.c:182 icotool/extract.c:343
+#: icotool/extract.c:190 icotool/extract.c:359
#, c-format
msgid " --hotspot-x=%d --hotspot-y=%d"
msgstr " --hotspot-x=%d --hotspot-y=%d"
-#: icotool/extract.c:208
+#: icotool/extract.c:216
msgid "bitmap header is too short"
msgstr "bitmap header is too short"
-#: icotool/extract.c:212
+#: icotool/extract.c:220
msgid "compressed image data not supported"
msgstr "compressed image data not supported"
-#: icotool/extract.c:216
+#: icotool/extract.c:224
msgid "x_pels_per_meter field in bitmap should be zero"
msgstr "x_pels_per_meter field in bitmap should be zero"
-#: icotool/extract.c:218
+#: icotool/extract.c:226
msgid "y_pels_per_meter field in bitmap should be zero"
msgstr "y_pels_per_meter field in bitmap should be zero"
-#: icotool/extract.c:220
+#: icotool/extract.c:228
msgid "clr_important field in bitmap should be zero"
msgstr "clr_important field in bitmap should be zero"
-#: icotool/extract.c:222
+#: icotool/extract.c:230
msgid "planes field in bitmap should be one"
msgstr "planes field in bitmap should be one"
-#: icotool/extract.c:225
+#: icotool/extract.c:233
#, c-format
msgid "skipping %d bytes of extended bitmap header"
msgstr "skipping %d bytes of extended bitmap header"
-#: icotool/extract.c:245
+#: icotool/extract.c:241
+msgid "palette too large"
+msgstr "palette too large"
+
+#: icotool/extract.c:250
+msgid "bitmap width too large"
+msgstr "bitmap width too large"
+
+#: icotool/extract.c:261
#, c-format
msgid "incorrect total size of bitmap (%d specified; %d real)"
msgstr "incorrect total size of bitmap (%d specified; %d real)"
-#: icotool/extract.c:392
+#: icotool/extract.c:408
msgid "offset of bitmap header incorrect (too low)"
msgstr "offset of bitmap header incorrect (too low)"
-#: icotool/extract.c:396
+#: icotool/extract.c:412
msgid "invalid data at expected offset (unrecoverable)"
msgstr "invalid data at expected offset (unrecoverable)"
-#: icotool/extract.c:399
+#: icotool/extract.c:415
#, c-format
msgid "skipping %u bytes of garbage at %u"
msgstr "skipping %u bytes of garbage at %u"
@@ -788,31 +800,31 @@
msgid "%s: --language has no effect because file is 16-bit binary"
msgstr "%s: --language has no effect because file is 16-bit binary"
-#: wrestool/restable.c:121
+#: wrestool/restable.c:132
#, c-format
msgid "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n"
msgstr "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n"
-#: wrestool/restable.c:124
+#: wrestool/restable.c:135
msgid " --language="
msgstr " --language="
-#: wrestool/restable.c:318
+#: wrestool/restable.c:329
#, c-format
msgid "%s: resource table invalid, ignoring remaining entries"
msgstr "%s: resource table invalid, ignoring remaining entries"
-#: wrestool/restable.c:384 wrestool/restable.c:465
+#: wrestool/restable.c:395 wrestool/restable.c:478
#, c-format
msgid "%s: not a PE or NE library"
msgstr "%s: not a PE or NE library"
-#: wrestool/restable.c:400
+#: wrestool/restable.c:412
#, c-format
msgid "%s: no resource directory found"
msgstr "%s: no resource directory found"
-#: wrestool/restable.c:455
+#: wrestool/restable.c:468
#, c-format
msgid "%s: file contains no resources"
msgstr "%s: file contains no resources"
Binary files /tmp/_uaDpX67gW/icoutils-0.31.1/po/en@quot.gmo and /tmp/f9PmotVM7d/icoutils-0.31.2/po/en@quot.gmo differ
diff -Nru icoutils-0.31.1/po/en@quot.po icoutils-0.31.2/po/en@quot.po
--- icoutils-0.31.1/po/en@quot.po 2017-01-08 14:46:32.000000000 +0000
+++ icoutils-0.31.2/po/en@quot.po 2017-03-06 21:34:48.000000000 +0000
@@ -27,10 +27,10 @@
#
msgid ""
msgstr ""
-"Project-Id-Version: icoutils 0.31.1\n"
+"Project-Id-Version: icoutils 0.31.2\n"
"Report-Msgid-Bugs-To: frank.richter@gmail.com\n"
-"POT-Creation-Date: 2017-01-08 15:40+0100\n"
-"PO-Revision-Date: 2017-01-08 15:40+0100\n"
+"POT-Creation-Date: 2017-03-06 22:34+0100\n"
+"PO-Revision-Date: 2017-03-06 22:34+0100\n"
"Last-Translator: Automatically generated\n"
"Language-Team: none\n"
"Language: en@quot\n"
@@ -312,11 +312,11 @@
msgid "not a png file"
msgstr "not a png file"
-#: icotool/create.c:125 icotool/extract.c:273 icotool/extract.c:449
+#: icotool/create.c:125 icotool/extract.c:289 icotool/extract.c:465
msgid "cannot initialize PNG library"
msgstr "cannot initialize PNG library"
-#: icotool/create.c:130 icotool/extract.c:278 icotool/extract.c:454
+#: icotool/create.c:130 icotool/extract.c:294 icotool/extract.c:470
msgid "cannot create PNG info structure - out of memory"
msgstr "cannot create PNG info structure - out of memory"
@@ -325,12 +325,12 @@
msgid "cannot decrease bit depth from %d to %d, bit depth not changed"
msgstr "cannot decrease bit depth from %d to %d, bit depth not changed"
-#: icotool/create.c:258 icotool/extract.c:191 icotool/extract.c:288
+#: icotool/create.c:258 icotool/extract.c:199 icotool/extract.c:304
msgid "cannot create file"
msgstr "cannot create file"
#: icotool/create.c:267 icotool/create.c:309 icotool/create.c:319
-#: icotool/create.c:393 icotool/extract.c:199
+#: icotool/create.c:393 icotool/extract.c:207
msgid "cannot write to file"
msgstr "cannot write to file"
@@ -350,60 +350,72 @@
msgid "reserved is not zero"
msgstr "reserved is not zero"
-#: icotool/extract.c:178 icotool/extract.c:339
+#: icotool/extract.c:172
+msgid "PNG too large"
+msgstr "PNG too large"
+
+#: icotool/extract.c:186 icotool/extract.c:355
#, c-format
msgid "--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d"
msgstr ""
"--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d"
-#: icotool/extract.c:182 icotool/extract.c:343
+#: icotool/extract.c:190 icotool/extract.c:359
#, c-format
msgid " --hotspot-x=%d --hotspot-y=%d"
msgstr " --hotspot-x=%d --hotspot-y=%d"
-#: icotool/extract.c:208
+#: icotool/extract.c:216
msgid "bitmap header is too short"
msgstr "bitmap header is too short"
-#: icotool/extract.c:212
+#: icotool/extract.c:220
msgid "compressed image data not supported"
msgstr "compressed image data not supported"
-#: icotool/extract.c:216
+#: icotool/extract.c:224
msgid "x_pels_per_meter field in bitmap should be zero"
msgstr "x_pels_per_meter field in bitmap should be zero"
-#: icotool/extract.c:218
+#: icotool/extract.c:226
msgid "y_pels_per_meter field in bitmap should be zero"
msgstr "y_pels_per_meter field in bitmap should be zero"
-#: icotool/extract.c:220
+#: icotool/extract.c:228
msgid "clr_important field in bitmap should be zero"
msgstr "clr_important field in bitmap should be zero"
-#: icotool/extract.c:222
+#: icotool/extract.c:230
msgid "planes field in bitmap should be one"
msgstr "planes field in bitmap should be one"
-#: icotool/extract.c:225
+#: icotool/extract.c:233
#, c-format
msgid "skipping %d bytes of extended bitmap header"
msgstr "skipping %d bytes of extended bitmap header"
-#: icotool/extract.c:245
+#: icotool/extract.c:241
+msgid "palette too large"
+msgstr "palette too large"
+
+#: icotool/extract.c:250
+msgid "bitmap width too large"
+msgstr "bitmap width too large"
+
+#: icotool/extract.c:261
#, c-format
msgid "incorrect total size of bitmap (%d specified; %d real)"
msgstr "incorrect total size of bitmap (%d specified; %d real)"
-#: icotool/extract.c:392
+#: icotool/extract.c:408
msgid "offset of bitmap header incorrect (too low)"
msgstr "offset of bitmap header incorrect (too low)"
-#: icotool/extract.c:396
+#: icotool/extract.c:412
msgid "invalid data at expected offset (unrecoverable)"
msgstr "invalid data at expected offset (unrecoverable)"
-#: icotool/extract.c:399
+#: icotool/extract.c:415
#, c-format
msgid "skipping %u bytes of garbage at %u"
msgstr "skipping %u bytes of garbage at %u"
@@ -783,31 +795,31 @@
msgid "%s: --language has no effect because file is 16-bit binary"
msgstr "%s: --language has no effect because file is 16-bit binary"
-#: wrestool/restable.c:121
+#: wrestool/restable.c:132
#, c-format
msgid "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n"
msgstr "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n"
-#: wrestool/restable.c:124
+#: wrestool/restable.c:135
msgid " --language="
msgstr " --language="
-#: wrestool/restable.c:318
+#: wrestool/restable.c:329
#, c-format
msgid "%s: resource table invalid, ignoring remaining entries"
msgstr "%s: resource table invalid, ignoring remaining entries"
-#: wrestool/restable.c:384 wrestool/restable.c:465
+#: wrestool/restable.c:395 wrestool/restable.c:478
#, c-format
msgid "%s: not a PE or NE library"
msgstr "%s: not a PE or NE library"
-#: wrestool/restable.c:400
+#: wrestool/restable.c:412
#, c-format
msgid "%s: no resource directory found"
msgstr "%s: no resource directory found"
-#: wrestool/restable.c:455
+#: wrestool/restable.c:468
#, c-format
msgid "%s: file contains no resources"
msgstr "%s: file contains no resources"
diff -Nru icoutils-0.31.1/po/icoutils.pot icoutils-0.31.2/po/icoutils.pot
--- icoutils-0.31.1/po/icoutils.pot 2017-01-08 14:40:55.000000000 +0000
+++ icoutils-0.31.2/po/icoutils.pot 2017-03-06 21:34:19.000000000 +0000
@@ -6,9 +6,9 @@
#, fuzzy
msgid ""
msgstr ""
-"Project-Id-Version: icoutils 0.31.1\n"
+"Project-Id-Version: icoutils 0.31.2\n"
"Report-Msgid-Bugs-To: frank.richter@gmail.com\n"
-"POT-Creation-Date: 2017-01-08 15:40+0100\n"
+"POT-Creation-Date: 2017-03-06 22:34+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -259,11 +259,11 @@
msgid "not a png file"
msgstr ""
-#: icotool/create.c:125 icotool/extract.c:273 icotool/extract.c:449
+#: icotool/create.c:125 icotool/extract.c:289 icotool/extract.c:465
msgid "cannot initialize PNG library"
msgstr ""
-#: icotool/create.c:130 icotool/extract.c:278 icotool/extract.c:454
+#: icotool/create.c:130 icotool/extract.c:294 icotool/extract.c:470
msgid "cannot create PNG info structure - out of memory"
msgstr ""
@@ -272,12 +272,12 @@
msgid "cannot decrease bit depth from %d to %d, bit depth not changed"
msgstr ""
-#: icotool/create.c:258 icotool/extract.c:191 icotool/extract.c:288
+#: icotool/create.c:258 icotool/extract.c:199 icotool/extract.c:304
msgid "cannot create file"
msgstr ""
#: icotool/create.c:267 icotool/create.c:309 icotool/create.c:319
-#: icotool/create.c:393 icotool/extract.c:199
+#: icotool/create.c:393 icotool/extract.c:207
msgid "cannot write to file"
msgstr ""
@@ -297,59 +297,71 @@
msgid "reserved is not zero"
msgstr ""
-#: icotool/extract.c:178 icotool/extract.c:339
+#: icotool/extract.c:172
+msgid "PNG too large"
+msgstr ""
+
+#: icotool/extract.c:186 icotool/extract.c:355
#, c-format
msgid "--%s --index=%d --width=%d --height=%d --bit-depth=%d --palette-size=%d"
msgstr ""
-#: icotool/extract.c:182 icotool/extract.c:343
+#: icotool/extract.c:190 icotool/extract.c:359
#, c-format
msgid " --hotspot-x=%d --hotspot-y=%d"
msgstr ""
-#: icotool/extract.c:208
+#: icotool/extract.c:216
msgid "bitmap header is too short"
msgstr ""
-#: icotool/extract.c:212
+#: icotool/extract.c:220
msgid "compressed image data not supported"
msgstr ""
-#: icotool/extract.c:216
+#: icotool/extract.c:224
msgid "x_pels_per_meter field in bitmap should be zero"
msgstr ""
-#: icotool/extract.c:218
+#: icotool/extract.c:226
msgid "y_pels_per_meter field in bitmap should be zero"
msgstr ""
-#: icotool/extract.c:220
+#: icotool/extract.c:228
msgid "clr_important field in bitmap should be zero"
msgstr ""
-#: icotool/extract.c:222
+#: icotool/extract.c:230
msgid "planes field in bitmap should be one"
msgstr ""
-#: icotool/extract.c:225
+#: icotool/extract.c:233
#, c-format
msgid "skipping %d bytes of extended bitmap header"
msgstr ""
-#: icotool/extract.c:245
+#: icotool/extract.c:241
+msgid "palette too large"
+msgstr ""
+
+#: icotool/extract.c:250
+msgid "bitmap width too large"
+msgstr ""
+
+#: icotool/extract.c:261
#, c-format
msgid "incorrect total size of bitmap (%d specified; %d real)"
msgstr ""
-#: icotool/extract.c:392
+#: icotool/extract.c:408
msgid "offset of bitmap header incorrect (too low)"
msgstr ""
-#: icotool/extract.c:396
+#: icotool/extract.c:412
msgid "invalid data at expected offset (unrecoverable)"
msgstr ""
-#: icotool/extract.c:399
+#: icotool/extract.c:415
#, c-format
msgid "skipping %u bytes of garbage at %u"
msgstr ""
@@ -707,31 +719,31 @@
msgid "%s: --language has no effect because file is 16-bit binary"
msgstr ""
-#: wrestool/restable.c:121
+#: wrestool/restable.c:132
#, c-format
msgid "--type=%s --name=%s%s%s [%s%s%soffset=0x%x size=%d]\n"
msgstr ""
-#: wrestool/restable.c:124
+#: wrestool/restable.c:135
msgid " --language="
msgstr ""
-#: wrestool/restable.c:318
+#: wrestool/restable.c:329
#, c-format
msgid "%s: resource table invalid, ignoring remaining entries"
msgstr ""
-#: wrestool/restable.c:384 wrestool/restable.c:465
+#: wrestool/restable.c:395 wrestool/restable.c:478
#, c-format
msgid "%s: not a PE or NE library"
msgstr ""
-#: wrestool/restable.c:400
+#: wrestool/restable.c:412
#, c-format
msgid "%s: no resource directory found"
msgstr ""
-#: wrestool/restable.c:455
+#: wrestool/restable.c:468
#, c-format
msgid "%s: file contains no resources"
msgstr ""
diff -Nru icoutils-0.31.1/wrestool/fileread.c icoutils-0.31.2/wrestool/fileread.c
--- icoutils-0.31.1/wrestool/fileread.c 2017-01-08 14:10:59.000000000 +0000
+++ icoutils-0.31.2/wrestool/fileread.c 2017-03-06 20:05:04.000000000 +0000
@@ -42,8 +42,8 @@
/*debug("check_offset: size=%x vs %x offset=%x size=%x\n",
need_size, total_size, (char *) offset - memory, size);*/
- if (((memory <= memory_end) && (block <= block_end))
- && ((block < memory) || (block >= memory_end) || (block_end > memory_end))) {
+ if (((memory > memory_end) || (block > block_end))
+ || (block < memory) || (block >= memory_end) || (block_end > memory_end)) {
warn(_("%s: premature end"), name);
return false;
}
diff -Nru icoutils-0.31.1/wrestool/restable.c icoutils-0.31.2/wrestool/restable.c
--- icoutils-0.31.1/wrestool/restable.c 2012-08-23 15:47:06.000000000 +0100
+++ icoutils-0.31.2/wrestool/restable.c 2017-03-06 21:10:52.000000000 +0000
@@ -41,6 +41,13 @@
static WinResource *list_resources (WinLibrary *fi, WinResource *res, int *count);
static bool compare_resource_id (WinResource *wr, char *id);
+/* Check whether access to a PE_SECTIONS is allowed */
+#define RETURN_IF_BAD_PE_SECTIONS(ret, module) \
+ do { \
+ RETURN_IF_BAD_POINTER(ret, PE_HEADER(module)->optional_header); \
+ RETURN_IF_BAD_POINTER(ret, PE_HEADER(module)->file_header.size_of_optional_header); \
+ } while(0)
+
/* do_resources:
* Do something for each resource matching type, name and lang.
*/
@@ -80,9 +87,13 @@
wr = list_resources (fi, base, &rescnt);
if (wr == NULL)
return;
+ if (!check_offset(fi->memory, fi->total_size, fi->name, &wr[0], sizeof(WinResource)))
+ return;
/* process each resource listed */
for (c = 0 ; c < rescnt ; c++) {
+ if (!check_offset(fi->memory, fi->total_size, fi->name, &wr[c], sizeof(WinResource)))
+ break;
/* (over)write the corresponding WinResource holder with the current */
memcpy(WINRESOURCE_BY_LEVEL(wr[c].level), wr+c, sizeof(WinResource));
@@ -223,7 +234,7 @@
/* translate id into a string */
snprintf(wr->id, WINRES_ID_MAXLEN, "%d", value & ~NE_RESOURCE_NAME_IS_NUMERIC);
} else { /* ASCII string id */
- int len;
+ unsigned char len;
char *mem = (char *) NE_HEADER(fi->memory)
+ NE_HEADER(fi->memory)->rsrctab
+ value;
@@ -388,6 +399,7 @@
/* falls through */
}
+ RETURN_IF_BAD_OFFSET(false, MZ_HEADER(fi->memory), sizeof(Win32ImageNTHeaders));
/* check for OS2 (Win16) header signature `NE' */
RETURN_IF_BAD_POINTER(false, NE_HEADER(fi->memory)->magic);
if (NE_HEADER(fi->memory)->magic == IMAGE_OS2_SIGNATURE) {
@@ -419,7 +431,7 @@
/* allocate new memory */
fi->total_size = calc_vma_size(fi);
- if (fi->total_size == 0) {
+ if (fi->total_size <= 0) {
/* calc_vma_size has reported error */
return false;
}
@@ -427,7 +439,8 @@
/* relocate memory, start from last section */
pe_header = PE_HEADER(fi->memory);
- RETURN_IF_BAD_POINTER(false, pe_header->file_header.number_of_sections);
+ RETURN_IF_BAD_POINTER(false, pe_header->file_header.number_of_sections);
+ RETURN_IF_BAD_PE_SECTIONS(false, fi->memory);
/* we don't need to do OFFSET checking for the sections.
* calc_vma_size has already done that */
@@ -487,6 +500,7 @@
if (segcount == 0)
return fi->total_size;
+ RETURN_IF_BAD_PE_SECTIONS(-1, fi->memory);
seg = PE_SECTIONS(fi->memory);
RETURN_IF_BAD_POINTER(-1, *seg);
unblock icoutils/0.31.2-1
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: