NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f439b47ed6
kumquat-buildroot/package/giflib/0003-Fix-CVE-2023-39742.patch
Adam Duskett 74253ffee5 package/giflib/0003-Fix-CVE-2023-39742.patch: New security patch 
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
[yann.morin.1998@free.fr: extend GIFLIB_IGNORE_CVES]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-12-18 17:42:50 +01:00

37 lines
1.0 KiB
Diff
Raw Blame History

From 4288b993ee9df6550a367fe06ede3c003dc7bbc6 Mon Sep 17 00:00:00 2001
From: Sandro Mani <manisandro@gmail.com>
Date: Tue, 5 Dec 2023 16:35:40 -0700
Subject: [PATCH] Fix CVE-2023-39742
From: giflib-5.2.1-17.fc39.src.rpm
Fix segmentation faults due to non correct checking for args
Fixes: https://nvd.nist.gov/vuln/detail/CVE-2023-39742
Upstream: https://sourceforge.net/p/giflib/bugs/166/
Signed-off-by: Sandro Mani <manisandro@gmail.com>
Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com>
---
getarg.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/getarg.c b/getarg.c
index d569f6c..51fbe0b 100644
--- a/getarg.c
+++ b/getarg.c
@@ -307,6 +307,12 @@ GAGetParmeters(void *Parameters[],
int i = 0, ScanRes;
while (!(ISSPACE(CtrlStrCopy[i]))) {
+
+ if ((*argv) == argv_end) {
+ GAErrorToken = Option;
+ return CMD_ERR_NumRead;
+ }
+
switch (CtrlStrCopy[i + 1]) {
case 'd': /* Get signed integers. */
ScanRes = sscanf(*((*argv)++), "%d",
--
2.43.0
Reference in New Issue View Git Blame Copy Permalink