Hi Christopher,
On Tue, May 10, 2005 at 09:28:36AM -0400, Christopher Martin wrote:
> > > As for kdelibs, the sole change between 4:3.3.2-5 and 4:3.3.2-6 is that
> > > we added a very small patch (from upstream) to upstream's latest
> > > security fix, which caused regressions reading some image files.
> > > Definitely worth getting into Sarge, even if the problem doesn't seem
> > > to have security implications.
> > > 23_kimgio_fix.diff
> > > --- kde.orig/kimgio/rgb.cpp
> > > +++ kde.patched/kimgio/rgb.cpp
> > > @@ -272,7 +272,8 @@ bool SGIImage::readImage(QImage& img)
> > > // sanity ckeck
> > > if (m_rle)
> > > for (uint o = 0; o < m_numrows; o++)
> > > - if (m_starttab[o] + m_lengthtab[o] >=
> > > m_data.size()) {
> > > + // do not convert to >=
> > > + if (m_starttab[o] + m_lengthtab[o] >
> > > m_data.size()) {
> > > kdDebug(399) << "image corrupt (sanity
> > > check failed)" << endl;
> > > return false;
> > > }
> > The accompanying changelog isn't very enlightening; what filetypes are
> > broken, and why? Can you offer a pointer to discussion of this bug?
> Certainly. The security advisory can be found at
> http://www.kde.org/info/security/advisory-20050504-1.txt. In summary, most
> RGB files (an older SGI format, but it's still around) can no longer be
> read. The one-line change (from upstream) we added between -5 and -6 fixes
> this regression.
Ok, also approved.
Thanks,
--
Steve Langasek
postmodern programmer
Attachment:
signature.asc
Description: Digital signature