package/gd: fix CVE-2021-38115
read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD) through 2.3.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
parent
d02d60071d
commit
0eebfba388
@ -0,0 +1,29 @@
|
||||
From 8b111b2b4a4842179be66db68d84dda91a246032 Mon Sep 17 00:00:00 2001
|
||||
From: maryam ebrahimzadeh <maryam.ebr@student.sharif.edu>
|
||||
Date: Mon, 19 Jul 2021 10:07:13 +0430
|
||||
Subject: [PATCH] fix read out-of-bands in reading tga header file
|
||||
|
||||
[Retrieved from:
|
||||
https://github.com/libgd/libgd/commit/8b111b2b4a4842179be66db68d84dda91a246032]
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
---
|
||||
src/gd_tga.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/gd_tga.c b/src/gd_tga.c
|
||||
index cae9428da..286febb28 100644
|
||||
--- a/src/gd_tga.c
|
||||
+++ b/src/gd_tga.c
|
||||
@@ -191,7 +191,11 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
|
||||
return -1;
|
||||
}
|
||||
|
||||
- gdGetBuf(tga->ident, tga->identsize, ctx);
|
||||
+
|
||||
+ if (gdGetBuf(tga->ident, tga->identsize, ctx) != tga->identsize) {
|
||||
+ gd_error("fail to read header ident");
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
|
||||
return 1;
|
@ -15,6 +15,9 @@ GD_CPE_ID_PRODUCT = libgd
|
||||
GD_CONF_OPTS = --without-x --disable-rpath --disable-werror
|
||||
GD_DEPENDENCIES = host-pkgconf
|
||||
|
||||
# 0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
|
||||
GD_IGNORE_CVES += CVE-2021-38115
|
||||
|
||||
# gd forgets to link utilities with -pthread even though it uses
|
||||
# pthreads, causing linking errors with static linking
|
||||
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
|
||||
|
Loading…
Reference in New Issue
Block a user