From: Michael Gilbert <mgilbert@debian.org>
Date: Mon, 9 Sep 2013 17:34:32 +0200
Subject: Fix_CVE-2012-4433

Multiple buffer overflow issues.

Closes: #692435
---
 operations/external/ppm-load.c | 62 ++++++++++++++++++++++++++++++++++++------
 1 file changed, 53 insertions(+), 9 deletions(-)

diff --git a/operations/external/ppm-load.c b/operations/external/ppm-load.c
index efe6d56..465096d 100644
--- a/operations/external/ppm-load.c
+++ b/operations/external/ppm-load.c
@@ -36,6 +36,7 @@ gegl_chant_file_path (path, _("File"), "", _("Path of file to load."))
 #include "gegl-chant.h"
 #include <stdio.h>
 #include <stdlib.h>
+#include <errno.h>
 
 typedef enum {
   PIXMAP_ASCII  = 51,
@@ -44,8 +45,8 @@ typedef enum {
 
 typedef struct {
 	map_type   type;
-	gint       width;
-	gint       height;
+	glong      width;
+	glong      height;
         gsize      numsamples; /* width * height * channels */
         gsize      bpc;        /* bytes per channel */
 	guchar    *data;
</td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=f91e1046c4050c0947429b9141c80024c261d7b5'>refs</a><a href='/guix/log/tests/go.scm'>log</a><a class='active' href='/guix/tree/tests/go.scm?id=f91e1046c4050c0947429b9141c80024c261d7b5'>tree</a><a href='/guix/commit/tests/go.scm?id=f91e1046c4050c0947429b9141c80024c261d7b5'>commit</a><a href='/guix/diff/tests/go.scm?id=f91e1046c4050c0947429b9141c80024c261d7b5'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/go.scm'>
<input type='hidden' name='id' value='f91e1046c4050c0947429b9141c80024c261d7b5'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/tree/?id=f91e1046c4050c0947429b9141c80024c261d7b5'>root</a>/<a href='/guix/tree/tests?id=f91e1046c4050c0947429b9141c80024c261d7b5'>tests</a>/<a href='/guix/tree/tests/go.scm?id=f91e1046c4050c0947429b9141c80024c261d7b5'>go.scm</a></div><div class='content'>blob: e5780e68b0ad3034693fdc815ddafb5b8cb7c998 (<a href='/guix/about/tests/go.scm?id=f91e1046c4050c0947429b9141c80024c261d7b5'>about</a>) (<a href='/guix/plain/tests/go.scm?id=f91e1046c4050c0947429b9141c80024c261d7b5'>plain</a>)
<table summary='blob content' class='blob'>
<tr><td class='linenumbers'><pre><a id='n1' href='#n1'>1</a>
<a id='n2' href='#n2'>2</a>
<a id='n3' href='#n3'>3</a>
<a id='n4' href='#n4'>4</a>
<a id='n5' href='#n5'>5</a>
<a id='n6' href='#n6'>6</a>
<a id='n7' href='#n7'>7</a>
<a id='n8' href='#n8'>8</a>
<a id='n9' href='#n9'>9</a>
<a id='n10' href='#n10'>10</a>
<a id='n11' href='#n11'>11</a>
<a id='n12' href='#n12'>12</a>
<a id='n13' href='#n13'>13</a>
<a id='n14' href='#n14'>14</a>
<a id='n15' href='#n15'>15</a>
<a id='n16' href='#n16'>16</a>
<a id='n17' href='#n17'>17</a>
<a id='n18' href='#n18'>18</a>
<a id='n19' href='#n19'>19</a>
<a id='n20' href='#n20'>20</a>
<a id='n21' href='#n21'>21</a>
<a id='n22' href='#n22'>22</a>
<a id='n23' href='#n23'>23</a>
<a id='n24' href='#n24'>24</a>
<a id='n25' href='#n25'>25</a>
<a id='n26' href='#n26'>26</a>
<a id='n27' href='#n27'>27</a>
<a id='n28' href='#n28'>28</a>
<a id='n29' href='#n29'>29</