This patch is adapted from commit a11f47475e6443b7f32d21f2271f28f417e2ac04 and fixes CVE-2018-5711. From a11f47475e6443b7f32d21f2271f28f417e2ac04 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" Date: Wed, 29 Nov 2017 19:37:38 +0100 Subject: [PATCH] Fix #420: Potential infinite loop in gdImageCreateFromGifCtx Due to a signedness confusion in `GetCode_` a corrupt GIF file can trigger an infinite loop. Furthermore we make sure that a GIF without any palette entries is treated as invalid *after* open palette entries have been removed. CVE-2018-5711 See also https://bugs.php.net/bug.php?id=75571. --- src/gd_gif_in.c | 12 ++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c index daf26e7..0a8bd71 100644 --- a/src/gd_gif_in.c +++ b/src/gd_gif_in.c @@ -335,11 +335,6 @@ terminated: return 0; } - if(!im->colorsTotal) { - gdImageDestroy(im); - return 0; - } - /* Check for open colors at the end, so * we can reduce colorsTotal and ultimately * BitsPerPixel */ @@ -351,6 +346,11 @@ terminated: } } + if(!im->colorsTotal) { + gdImageDestroy(im); + return 0; + } + return im; } @@ -447,7 +447,7 @@ static int GetCode_(gdIOCtx *fd, CODE_STATIC_DATA *scd, int code_size, int flag, int *ZeroDataBlockP) { int i, j, ret; - unsigned char count; + int count; if(flag) { scd->curbit = 0; -- 2.13.6 diff
path: root/tests/import-github.scm
AgeCommit message (Expand)Author
2022-12-26upstream-updater: Rename record field....The next commits will make the functions, which are currently importing the latest version of a package, change into importing the latest or a given version of the package (for those updaters supporting specifying a version). Thus the name ‘latest‘ is no longer appropriate. * guix/upstream.scm (upstream-updater) Rename field [latest] to [import]. (lookup-updater, package-latest-release) Adjust fieldname accordingly. * guix/gnu-maintenance.scm (%gnu-updater, %gnu-ftp-updater, %savannah-updater, %sourceforge-updater, %xorg-updater, %kernel.org-updater, %generic-html-updater), guix/import/cpan.scm (%cpan-updater), guix/import/cran.scm (%cran-updater, %bioconductor-updater), guix/import/crate.scm (%crate-updater), guix/import/egg.scm (%egg-updater), guix/import/elpa.scm (%elpa-updater), guix/import/gem.scm (%gem-updater), guix/import/git.scm (%generic-git-updater), guix/import/github.scm (%github-updater), guix/import/gnome.scm (%gnome-updater), guix/import/hackage.scm (%hackage-updater), guix/import/hexpm.scm (%hexpm-updater), guix/import/kde.scm (%kde-updater), guix/import/launchpad.scm (%launchpad-updater), guix/import/minetest.scm (%minetest-updater), guix/import/opam.scm (%opam-updater), guix/import/pypi.scm (%pypi-updater), guix/import/stackage.scm (%stackage-updater), tests/import-github.scm (found-sexp) tests/transformations.scm ("options->transformation, with-latest"): Adjust fieldname accordingly. Hartmut Goebel