Bug#695237: unblock: gimp/2.8.2-2
Package: release.debian.org
Followup-For: Bug #695237
Hello Moritz,
you should provide a diff which shows the changes made from 2.8.2-1
to 2.8.2-2, otherwise the release team won't probably unblock
your package.
I have created the diff from the debian packaging VCS [1] and I am
attaching the generated diff.
Cheers,
Adrian
> [1] git://anonscm.debian.org/collab-maint/gimp.git
diff --git a/debian/changelog b/debian/changelog
index 5b1c141..6d63d2c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+gimp (2.8.2-2) unstable; urgency=high
+
+ * xwd-corruption.patch:
+ - Fix memory corruption bug when reading XWD files (Closes: #693977)
+
+ -- Ari Pollak <ari@debian.org> Fri, 23 Nov 2012 14:33:20 -0500
+
gimp (2.8.2-1) unstable; urgency=high
* Imported Upstream version 2.8.2
diff --git a/debian/patches/series b/debian/patches/series
index 65e0b16..9154ea8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
01_hurd_ftbfs.patch
+xwd-corruption.patch
diff --git a/debian/patches/xwd-corruption.patch b/debian/patches/xwd-corruption.patch
new file mode 100644
index 0000000..7ad85f0
--- /dev/null
+++ b/debian/patches/xwd-corruption.patch
@@ -0,0 +1,174 @@
+From 2873262fccba12af144ed96ed91be144d92ff2e1
+From: Michael Natterer <mitch@gimp.org>
+Date: Wed, 07 Nov 2012 23:16:31 +0000
+Subject: Bug 687392 - Memory corruption vulnerability when reading XWD files
+Bug-Debian: http://bugs.debian.org/693977
+
+Applied and enhanced patch from andres which makes file-xwd detect
+this kind of file corruption and abort loading with an error message.
+(cherry picked from commit 0b35f6a082a0b3c372c568ea6bde39a4796acde2)
+---
+diff --git a/plug-ins/common/file-xwd.c b/plug-ins/common/file-xwd.c
+index 4e8a95e..f91d757 100644
+--- a/plug-ins/common/file-xwd.c
++++ b/plug-ins/common/file-xwd.c
+@@ -186,11 +186,13 @@ static gint32 load_xwd_f2_d16_b16 (const gchar *,
+ static gint32 load_xwd_f2_d24_b32 (const gchar *,
+ FILE *,
+ L_XWDFILEHEADER *,
+- L_XWDCOLOR *);
++ L_XWDCOLOR *,
++ GError **);
+ static gint32 load_xwd_f1_d24_b1 (const gchar *,
+ FILE *,
+ L_XWDFILEHEADER *,
+- L_XWDCOLOR *);
++ L_XWDCOLOR *,
++ GError **);
+
+ static L_CARD32 read_card32 (FILE *,
+ gint *);
+@@ -540,7 +542,8 @@ load_image (const gchar *filename,
+ case 1: /* Single plane pixmap */
+ if ((depth <= 24) && (bpp == 1))
+ {
+- image_ID = load_xwd_f1_d24_b1 (filename, ifp, &xwdhdr, xwdcolmap);
++ image_ID = load_xwd_f1_d24_b1 (filename, ifp, &xwdhdr, xwdcolmap,
++ error);
+ }
+ break;
+
+@@ -559,7 +562,8 @@ load_image (const gchar *filename,
+ }
+ else if ((depth <= 24) && ((bpp == 24) || (bpp == 32)))
+ {
+- image_ID = load_xwd_f2_d24_b32 (filename, ifp, &xwdhdr, xwdcolmap);
++ image_ID = load_xwd_f2_d24_b32 (filename, ifp, &xwdhdr, xwdcolmap,
++ error);
+ }
+ break;
+ }
+@@ -570,7 +574,7 @@ load_image (const gchar *filename,
+ if (xwdcolmap)
+ g_free (xwdcolmap);
+
+- if (image_ID == -1)
++ if (image_ID == -1 && ! (error && *error))
+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
+ _("XWD-file %s has format %d, depth %d and bits per pixel %d. "
+ "Currently this is not supported."),
+@@ -1624,10 +1628,11 @@ load_xwd_f2_d16_b16 (const gchar *filename,
+ /* Load XWD with pixmap_format 2, pixmap_depth up to 24, bits_per_pixel 24/32 */
+
+ static gint32
+-load_xwd_f2_d24_b32 (const gchar *filename,
+- FILE *ifp,
+- L_XWDFILEHEADER *xwdhdr,
+- L_XWDCOLOR *xwdcolmap)
++load_xwd_f2_d24_b32 (const gchar *filename,
++ FILE *ifp,
++ L_XWDFILEHEADER *xwdhdr,
++ L_XWDCOLOR *xwdcolmap,
++ GError **error)
+ {
+ register guchar *dest, lsbyte_first;
+ gint width, height, linepad, i, j, c0, c1, c2, c3;
+@@ -1652,12 +1657,6 @@ load_xwd_f2_d24_b32 (const gchar *filename,
+ width = xwdhdr->l_pixmap_width;
+ height = xwdhdr->l_pixmap_height;
+
+- image_ID = create_new_image (filename, width, height, GIMP_RGB,
+- &layer_ID, &drawable, &pixel_rgn);
+-
+- tile_height = gimp_tile_height ();
+- data = g_malloc (tile_height * width * 3);
+-
+ redmask = xwdhdr->l_red_mask;
+ greenmask = xwdhdr->l_green_mask;
+ bluemask = xwdhdr->l_blue_mask;
+@@ -1685,6 +1684,22 @@ load_xwd_f2_d24_b32 (const gchar *filename,
+ maxblue = 0; while (bluemask >> (blueshift + maxblue)) maxblue++;
+ maxblue = (1 << maxblue) - 1;
+
++ if (maxred > sizeof (redmap) ||
++ maxgreen > sizeof (greenmap) ||
++ maxblue > sizeof (bluemap))
++ {
++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
++ _("XWD-file %s is corrupt."),
++ gimp_filename_to_utf8 (filename));
++ return -1;
++ }
++
++ image_ID = create_new_image (filename, width, height, GIMP_RGB,
++ &layer_ID, &drawable, &pixel_rgn);
++
++ tile_height = gimp_tile_height ();
++ data = g_malloc (tile_height * width * 3);
++
+ /* Set map-arrays for red, green, blue */
+ for (red = 0; red <= maxred; red++)
+ redmap[red] = (red * 255) / maxred;
+@@ -1825,10 +1840,11 @@ load_xwd_f2_d24_b32 (const gchar *filename,
+ /* Load XWD with pixmap_format 1, pixmap_depth up to 24, bits_per_pixel 1 */
+
+ static gint32
+-load_xwd_f1_d24_b1 (const gchar *filename,
+- FILE *ifp,
+- L_XWDFILEHEADER *xwdhdr,
+- L_XWDCOLOR *xwdcolmap)
++load_xwd_f1_d24_b1 (const gchar *filename,
++ FILE *ifp,
++ L_XWDFILEHEADER *xwdhdr,
++ L_XWDCOLOR *xwdcolmap,
++ GError **error)
+ {
+ register guchar *dest, outmask, inmask, do_reverse;
+ gint width, height, i, j, plane, fromright;
+@@ -1863,13 +1879,6 @@ load_xwd_f1_d24_b1 (const gchar *filename,
+ indexed = (xwdhdr->l_pixmap_depth <= 8);
+ bytes_per_pixel = (indexed ? 1 : 3);
+
+- image_ID = create_new_image (filename, width, height,
+- indexed ? GIMP_INDEXED : GIMP_RGB,
+- &layer_ID, &drawable, &pixel_rgn);
+-
+- tile_height = gimp_tile_height ();
+- data = g_malloc (tile_height * width * bytes_per_pixel);
+-
+ for (j = 0; j < 256; j++) /* Create an array for reversing bits */
+ {
+ inmask = 0;
+@@ -1913,6 +1922,16 @@ load_xwd_f1_d24_b1 (const gchar *filename,
+ maxblue = 0; while (bluemask >> (blueshift + maxblue)) maxblue++;
+ maxblue = (1 << maxblue) - 1;
+
++ if (maxred > sizeof (redmap) ||
++ maxgreen > sizeof (greenmap) ||
++ maxblue > sizeof (bluemap))
++ {
++ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
++ _("XWD-file %s is corrupt."),
++ gimp_filename_to_utf8 (filename));
++ return -1;
++ }
++
+ /* Set map-arrays for red, green, blue */
+ for (red = 0; red <= maxred; red++)
+ redmap[red] = (red * 255) / maxred;
+@@ -1922,6 +1941,13 @@ load_xwd_f1_d24_b1 (const gchar *filename,
+ bluemap[blue] = (blue * 255) / maxblue;
+ }
+
++ image_ID = create_new_image (filename, width, height,
++ indexed ? GIMP_INDEXED : GIMP_RGB,
++ &layer_ID, &drawable, &pixel_rgn);
++
++ tile_height = gimp_tile_height ();
++ data = g_malloc (tile_height * width * bytes_per_pixel);
++
+ ncols = xwdhdr->l_colormap_entries;
+ if (xwdhdr->l_ncolors < ncols)
+ ncols = xwdhdr->l_ncolors;
+--
+cgit v0.9.0.2
Reply to: