rpms
/
mingw-libjpeg-turbo
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eba9d4c993'
${ noResults }
mingw-libjpeg-turbo/CVE-2021-20205.patch

73 lines
3.1 KiB
Raw Normal View History Unescape

Backport patch for CVE-2021-20205
4 years ago
diff -rupN --no-dereference libjpeg-turbo-2.0.90/cderror.h libjpeg-turbo-2.0.90-new/cderror.h
--- libjpeg-turbo-2.0.90/cderror.h 2020-11-25 04:56:19.000000000 +0100
+++ libjpeg-turbo-2.0.90-new/cderror.h 2021-04-12 10:20:58.463111547 +0200
@@ -1,9 +1,11 @@
/*
* cderror.h
*
+ * This file was part of the Independent JPEG Group's software:
* Copyright (C) 1994-1997, Thomas G. Lane.
* Modified 2009-2017 by Guido Vollbeding.
- * This file is part of the Independent JPEG Group's software.
+ * libjpeg-turbo Modifications:
+ * Copyright (C) 2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -60,6 +62,7 @@ JMESSAGE(JTRC_BMP_OS2_MAPPED, "%ux%u 8-b
JMESSAGE(JERR_GIF_BUG, "GIF output got confused")
JMESSAGE(JERR_GIF_CODESIZE, "Bogus GIF codesize %d")
JMESSAGE(JERR_GIF_COLORSPACE, "GIF output must be grayscale or RGB")
+JMESSAGE(JERR_GIF_EMPTY, "Empty GIF image")
JMESSAGE(JERR_GIF_IMAGENOTFOUND, "Too few images in GIF file")
JMESSAGE(JERR_GIF_NOT, "Not a GIF file")
JMESSAGE(JTRC_GIF, "%ux%ux%d GIF image")
diff -rupN --no-dereference libjpeg-turbo-2.0.90/ChangeLog.md libjpeg-turbo-2.0.90-new/ChangeLog.md
--- libjpeg-turbo-2.0.90/ChangeLog.md 2020-11-25 04:56:19.000000000 +0100
+++ libjpeg-turbo-2.0.90-new/ChangeLog.md 2021-04-12 10:20:58.463111547 +0200
@@ -140,6 +140,10 @@ been reverted.
15. The build system can now be used to generate a universal x86-64 + Armv8
libjpeg-turbo SDK package for both iOS and macOS.
+4. Fixed a floating point exception that occurred when attempting to compress a
+specially-crafted malformed GIF image with a specified image width of 0 using
+cjpeg.
+
2.0.6
=====
diff -rupN --no-dereference libjpeg-turbo-2.0.90/rdgif.c libjpeg-turbo-2.0.90-new/rdgif.c
--- libjpeg-turbo-2.0.90/rdgif.c 2020-11-25 04:56:19.000000000 +0100
+++ libjpeg-turbo-2.0.90-new/rdgif.c 2021-04-12 10:20:58.463111547 +0200
@@ -1,9 +1,11 @@
/*
* rdgif.c
*
+ * This file was part of the Independent JPEG Group's software:
* Copyright (C) 1991-1997, Thomas G. Lane.
* Modified 2019 by Guido Vollbeding.
- * This file is part of the Independent JPEG Group's software.
+ * libjpeg-turbo Modifications:
+ * Copyright (C) 2021, D. R. Commander.
* For conditions of distribution and use, see the accompanying README.ijg
* file.
*
@@ -404,6 +406,8 @@ start_input_gif(j_compress_ptr cinfo, cj
ERREXIT(cinfo, JERR_INPUT_EOF);
width = LM_to_uint(hdrbuf, 0);
height = LM_to_uint(hdrbuf, 2);
+ if (width == 0 || height == 0)
+ ERREXIT(cinfo, JERR_GIF_EMPTY);
/* we ignore the color resolution, sort flag, and background color index */
aspectRatio = UCH(hdrbuf[6]);
if (aspectRatio != 0 && aspectRatio != 49)
@@ -446,6 +450,8 @@ start_input_gif(j_compress_ptr cinfo, cj
/* we ignore top/left position info, also sort flag */
width = LM_to_uint(hdrbuf, 4);
height = LM_to_uint(hdrbuf, 6);
+ if (width == 0 || height == 0)
+ ERREXIT(cinfo, JERR_GIF_EMPTY);
source->is_interlaced = (BitSet(hdrbuf[8], INTERLACE) != 0);
/* Read local colormap if header indicates it is present */