Attachment 158826 Details for Bug 201513 – graphics/libwmf -- libwmf-0.2.8.4_14.patch

[patch] graphics/libwmf -- libwmf-0.2.8.4_14.patch

libwmf-0.2.8.4_14.patch (text/plain), 17.85 KB, created by Jason Unovitch on 2015-07-16 02:46:53 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jason Unovitch

Created: 2015-07-16 02:46:53 UTC

Size: 17.85 KB

patch

obsolete

>Index: Makefile
>===================================================================
>--- Makefile	(revision 392107)
>+++ Makefile	(working copy)
>@@ -3,11 +3,11 @@
> 
> PORTNAME=	libwmf
> PORTVERSION=	0.2.8.4
>-PORTREVISION=	13
>+PORTREVISION=	14
> CATEGORIES=	graphics
> MASTER_SITES=	SF/wvware/${PORTNAME}/${PORTVERSION}
> 
>-MAINTAINER=	ports@FreeBSD.org
>+MAINTAINER=	jason.unovitch@gmail.com
> COMMENT=	Tools and library for converting Microsoft WMF (windows metafile)
> 
> LICENSE=	GPLv2 # or later
>@@ -36,6 +36,18 @@
> X11_USE=	XORG=x11
> X11_CONFIGURE_OFF=--with-x=no
> 
>+EXTRA_PATCHES=	${FILESDIR}/libwmf-0.2.8.4-CVE-2007-0455.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-CVE-2007-2756.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-CVE-2007-3472.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-CVE-2007-3473.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-CVE-2007-3477.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-CVE-2009-3546.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-CAN-2004-0941.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-rh1227243-CVE-2015-0848.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-deb784205-CVE-2015-4695.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-deb784192-CVE-2015-4696.patch:-p1 \
>+		${FILESDIR}/libwmf-0.2.8.4-rh1227243-CVE-2015-4588.patch:-p1
>+
> .include <bsd.port.options.mk>
> 
> post-patch:
>Index: files/libwmf-0.2.8.4-CAN-2004-0941.patch
>===================================================================
>--- files/libwmf-0.2.8.4-CAN-2004-0941.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-CAN-2004-0941.patch	(working copy)
>@@ -0,0 +1,17 @@
>+--- libwmf-0.2.8.4/src/extra/gd/gd_png.c	2004-11-11 14:02:37.407589824 -0500
>++++ libwmf-0.2.8.4/src/extra/gd/gd_png.c	2004-11-11 14:04:29.672522960 -0500
>+@@ -188,6 +188,14 @@
>+ 
>+   png_get_IHDR (png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
>+ 		&interlace_type, NULL, NULL);
>++  if (overflow2(sizeof (int), width)) 
>++    {
>++      return NULL;
>++    }
>++  if (overflow2(sizeof (int) * width, height)) 
>++    {
>++      return NULL;
>++    }  
>+   if ((color_type == PNG_COLOR_TYPE_RGB) ||
>+       (color_type == PNG_COLOR_TYPE_RGB_ALPHA))
>+     {
>
>Property changes on: files/libwmf-0.2.8.4-CAN-2004-0941.patch
>___________________________________________________________________
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-CVE-2007-0455.patch
>===================================================================
>--- files/libwmf-0.2.8.4-CVE-2007-0455.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-CVE-2007-0455.patch	(working copy)
>@@ -0,0 +1,11 @@
>+--- libwmf-0.2.8.4/src/extra/gd/gdft.c	2010-12-06 11:18:26.000000000 +0000
>++++ libwmf-0.2.8.4/src/extra/gd/gdft.c	2010-12-06 11:21:09.000000000 +0000
>+@@ -811,7 +811,7 @@
>+ 	    {
>+ 	      ch = c & 0xFF;	/* don't extend sign */
>+ 	    }
>+-	  next++;
>++	  if (*next) next++;
>+ 	}
>+       else
>+ 	{
>
>Property changes on: files/libwmf-0.2.8.4-CVE-2007-0455.patch
>___________________________________________________________________
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-CVE-2007-2756.patch
>===================================================================
>--- files/libwmf-0.2.8.4-CVE-2007-2756.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-CVE-2007-2756.patch	(working copy)
>@@ -0,0 +1,16 @@
>+--- libwmf-0.2.8.4/src/extra/gd/gd_png.c	1 Apr 2007 20:41:01 -0000	1.21.2.1
>++++ libwmf-0.2.8.4/src/extra/gd/gd_png.c	16 May 2007 19:06:11 -0000
>+@@ -78,8 +78,11 @@
>+ gdPngReadData (png_structp png_ptr,
>+ 	       png_bytep data, png_size_t length)
>+ {
>+-  gdGetBuf (data, length, (gdIOCtx *)
>+-	    png_get_io_ptr (png_ptr));
>++  int check;
>++  check = gdGetBuf (data, length, (gdIOCtx *) png_get_io_ptr (png_ptr));
>++  if (check != length) {
>++    png_error(png_ptr, "Read Error: truncated data");
>++  }
>+ }
>+ 
>+ static void
>
>Property changes on: files/libwmf-0.2.8.4-CVE-2007-2756.patch
>___________________________________________________________________
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-CVE-2007-3472.patch
>===================================================================
>--- files/libwmf-0.2.8.4-CVE-2007-3472.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-CVE-2007-3472.patch	(working copy)
>@@ -0,0 +1,61 @@
>+Patch modified slightly from upstream CentOS version
>+
>+--- libwmf-0.2.8.4/src/extra/gd/gd.c
>++++ libwmf-0.2.8.4/src/extra/gd/gd.c
>+@@ -106,6 +106,18 @@
>+   gdImagePtr im;
>+   unsigned long cpa_size;
>+ 
>++  if (overflow2(sx, sy)) {
>++    return NULL;
>++  }
>++
>++  if (overflow2(sizeof (int *), sy)) {
>++    return NULL;
>++  }
>++
>++  if (overflow2(sizeof(int), sx)) {
>++    return NULL;
>++  }
>++
>+   im = (gdImage *) gdMalloc (sizeof (gdImage));
>+   if (im == 0) return 0;
>+   memset (im, 0, sizeof (gdImage));
>+--- libwmf-0.2.8.4/src/extra/gd/gdhelpers.c	2010-12-06 11:47:31.000000000 +0000
>++++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.c	2010-12-06 11:48:04.000000000 +0000
>+@@ -2,6 +2,7 @@
>+ #include "gdhelpers.h"
>+ #include <stdlib.h>
>+ #include <string.h>
>++#include <limits.h>
>+ 
>+ /* TBB: gd_strtok_r is not portable; provide an implementation */
>+ 
>+@@ -94,3 +95,18 @@
>+ {
>+   free (ptr);
>+ }
>++
>++int overflow2(int a, int b)
>++{
>++	if(a < 0 || b < 0) {
>++		fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n");
>++		return 1;
>++	}
>++	if(b == 0)
>++		return 0;
>++	if(a > INT_MAX / b) {
>++		fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
>++		return 1;
>++	}
>++	return 0;
>++}
>+--- libwmf-0.2.8.4/src/extra/gd/gdhelpers.h	2010-12-06 11:47:17.000000000 +0000
>++++ libwmf-0.2.8.4/src/extra/gd/gdhelpers.h	2010-12-06 11:48:36.000000000 +0000
>+@@ -15,4 +15,6 @@
>+ void *gdMalloc(size_t size);
>+ void *gdRealloc(void *ptr, size_t size);
>+ 
>++int overflow2(int a, int b);
>++
>+ #endif /* GDHELPERS_H */
>
>Property changes on: files/libwmf-0.2.8.4-CVE-2007-3472.patch
>___________________________________________________________________
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-CVE-2007-3473.patch
>===================================================================
>--- files/libwmf-0.2.8.4-CVE-2007-3473.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-CVE-2007-3473.patch	(working copy)
>@@ -0,0 +1,13 @@
>+--- libwmf-0.2.8.4/src/extra/gd/gd.c
>++++ libwmf-0.2.8.4/src/extra/gd/gd.c
>+@@ -2483,6 +2483,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm (FILE * fd)
>+     }
>+   bytes = (w * h / 8) + 1;
>+   im = gdImageCreate (w, h);
>++  if (!im) {
>++    return 0;
>++  }
>++
>+   gdImageColorAllocate (im, 255, 255, 255);
>+   gdImageColorAllocate (im, 0, 0, 0);
>+   x = 0;
>
>Property changes on: files/libwmf-0.2.8.4-CVE-2007-3473.patch
>___________________________________________________________________
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-CVE-2007-3477.patch
>===================================================================
>--- files/libwmf-0.2.8.4-CVE-2007-3477.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-CVE-2007-3477.patch	(working copy)
>@@ -0,0 +1,38 @@
>+--- libwmf-0.2.8.4/src/extra/gd/gd.c
>++++ libwmf-0.2.8.4/src/extra/gd/gd.c
>+@@ -1335,10 +1335,31 @@
>+   int w2, h2;
>+   w2 = w / 2;
>+   h2 = h / 2;
>+-  while (e < s)
>+-    {
>+-      e += 360;
>+-    }
>++
>++  if ((s % 360)  == (e % 360)) {
>++         s = 0; e = 360;
>++  } else {
>++         if (s > 360) {
>++                 s = s % 360;
>++         }
>++
>++         if (e > 360) {
>++                 e = e % 360;
>++         }
>++
>++         while (s < 0) {
>++                 s += 360;
>++         }
>++
>++         while (e < s) {
>++                 e += 360;
>++         }
>++
>++         if (s == e) {
>++                 s = 0; e = 360;
>++         }
>++  }
>++
>+   for (i = s; (i <= e); i++)
>+     {
>+       int x, y;
>
>Property changes on: files/libwmf-0.2.8.4-CVE-2007-3477.patch
>___________________________________________________________________
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-CVE-2009-3546.patch
>===================================================================
>--- files/libwmf-0.2.8.4-CVE-2009-3546.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-CVE-2009-3546.patch	(working copy)
>@@ -0,0 +1,13 @@
>+--- libwmf-0.2.8.4/src/extra/gd/gd_gd.c	2010-12-06 14:56:06.000000000 +0000
>++++ libwmf-0.2.8.4/src/extra/gd/gd_gd.c	2010-12-06 14:57:04.000000000 +0000
>+@@ -42,6 +42,10 @@
>+ 	    {
>+ 	      goto fail1;
>+ 	    }
>++	  if (&im->colorsTotal > gdMaxColors)
>++	    {
>++	      goto fail1;
>++	    }
>+ 	}
>+       /* Int to accommodate truecolor single-color transparency */
>+       if (!gdGetInt (&im->transparent, in))
>
>Property changes on: files/libwmf-0.2.8.4-CVE-2009-3546.patch
>___________________________________________________________________
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-deb784192-CVE-2015-4696.patch
>===================================================================
>--- files/libwmf-0.2.8.4-deb784192-CVE-2015-4696.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-deb784192-CVE-2015-4696.patch	(working copy)
>@@ -0,0 +1,20 @@
>+--- libwmf-0.2.8.4/src/player/meta.h
>++++ libwmf-0.2.8.4/src/player/meta.h
>+ 
>++		if (FR->region_clip) FR->region_clip (API,&polyrect);
>++
>+ 		wmf_free (API,polyrect.TL);
>+ 		wmf_free (API,polyrect.BR);
>+ 	}
>+@@ -2593,9 +2595,10 @@
>+ 		polyrect.BR = 0;
>+ 
>+ 		polyrect.count = 0;
>++	
>++		if (FR->region_clip) FR->region_clip (API,&polyrect);
>+ 	}
>+ 
>+-	if (FR->region_clip) FR->region_clip (API,&polyrect);
>+ 
>+ 	return (changed);
>+ }
>
>Property changes on: files/libwmf-0.2.8.4-deb784192-CVE-2015-4696.patch
>___________________________________________________________________
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-deb784205-CVE-2015-4695.patch
>===================================================================
>--- files/libwmf-0.2.8.4-deb784205-CVE-2015-4695.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-deb784205-CVE-2015-4695.patch	(working copy)
>@@ -0,0 +1,58 @@
>+Index: libwmf-0.2.8.4/src/player/meta.h
>+===================================================================
>+--- libwmf-0.2.8.4.orig/src/player/meta.h
>++++ libwmf-0.2.8.4/src/player/meta.h
>+@@ -1565,7 +1565,7 @@ static int meta_rgn_create (wmfAPI* API,
>+ 	objects = P->objects;
>+ 
>+ 	i = 0;
>+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
>++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
>+ 
>+ 	if (i == NUM_OBJECTS (API))
>+ 	{	WMF_ERROR (API,"Object out of range!");
>+@@ -2142,7 +2142,7 @@ static int meta_dib_brush (wmfAPI* API,w
>+ 	objects = P->objects;
>+ 
>+ 	i = 0;
>+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
>++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
>+ 
>+ 	if (i == NUM_OBJECTS (API))
>+ 	{	WMF_ERROR (API,"Object out of range!");
>+@@ -3067,7 +3067,7 @@ static int meta_pen_create (wmfAPI* API,
>+ 	objects = P->objects;
>+ 
>+ 	i = 0;
>+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
>++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
>+ 
>+ 	if (i == NUM_OBJECTS (API))
>+ 	{	WMF_ERROR (API,"Object out of range!");
>+@@ -3181,7 +3181,7 @@ static int meta_brush_create (wmfAPI* AP
>+ 	objects = P->objects;
>+ 
>+ 	i = 0;
>+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
>++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
>+ 
>+ 	if (i == NUM_OBJECTS (API))
>+ 	{	WMF_ERROR (API,"Object out of range!");
>+@@ -3288,7 +3288,7 @@ static int meta_font_create (wmfAPI* API
>+ 	objects = P->objects;
>+ 
>+ 	i = 0;
>+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
>++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
>+ 
>+ 	if (i == NUM_OBJECTS (API))
>+ 	{	WMF_ERROR (API,"Object out of range!");
>+@@ -3396,7 +3396,7 @@ static int meta_palette_create (wmfAPI*
>+ 	objects = P->objects;
>+ 
>+ 	i = 0;
>+-	while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
>++	while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;
>+ 
>+ 	if (i == NUM_OBJECTS (API))
>+ 	{	WMF_ERROR (API,"Object out of range!");
>
>Property changes on: files/libwmf-0.2.8.4-deb784205-CVE-2015-4695.patch
>___________________________________________________________________
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-rh1227243-CVE-2015-0848.patch
>===================================================================
>--- files/libwmf-0.2.8.4-rh1227243-CVE-2015-0848.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-rh1227243-CVE-2015-0848.patch	(working copy)
>@@ -0,0 +1,20 @@
>+--- libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-02 11:35:04.072201795 +0100
>++++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-02 11:35:20.647406414 +0100
>+@@ -1145,8 +1143,15 @@
>+ 		}
>+ 	}
>+ 	else
>+-	{	/* Convert run-length encoded raster pixels. */
>+-		DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
>++	{
>++		if (bmp_info.bits_per_pixel == 8)	/* Convert run-length encoded raster pixels. */
>++		{
>++			DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
>++		}
>++		else
>++		{	WMF_ERROR (API,"Unexpected pixel depth");
>++			API->err = wmf_E_BadFormat;
>++		}
>+ 	}
>+ 
>+ 	if (ERR (API))
>
>Property changes on: files/libwmf-0.2.8.4-rh1227243-CVE-2015-0848.patch
>___________________________________________________________________
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property
>Index: files/libwmf-0.2.8.4-rh1227243-CVE-2015-4588.patch
>===================================================================
>--- files/libwmf-0.2.8.4-rh1227243-CVE-2015-4588.patch	(revision 0)
>+++ files/libwmf-0.2.8.4-rh1227243-CVE-2015-4588.patch	(working copy)
>@@ -0,0 +1,111 @@
>+diff -ru libwmf-0.2.8.4/src/ipa/ipa/bmp.h libwmf-0.2.8.4/src/ipa/ipa/bmp.h
>+--- libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-03 09:30:59.410501271 +0100
>++++ libwmf-0.2.8.4/src/ipa/ipa/bmp.h	2015-06-03 09:31:05.775572630 +0100
>+@@ -859,7 +859,7 @@
>+ %
>+ %
>+ */
>+-static void DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
>++static int DecodeImage (wmfAPI* API,wmfBMP* bmp,BMPSource* src,unsigned int compression,unsigned char* pixels)
>+ {	int byte;
>+ 	int count;
>+ 	int i;
>+@@ -870,12 +870,14 @@
>+ 	U32 u;
>+ 
>+ 	unsigned char* q;
>++	unsigned char* end;
>+ 
>+ 	for (u = 0; u < ((U32) bmp->width * (U32) bmp->height); u++) pixels[u] = 0;
>+ 
>+ 	byte = 0;
>+ 	x = 0;
>+ 	q = pixels;
>++	end = pixels + bmp->width * bmp->height;
>+ 
>+ 	for (y = 0; y < bmp->height; )
>+ 	{	count = ReadBlobByte (src);
>+@@ -884,7 +886,10 @@
>+ 		{	/* Encoded mode. */
>+ 			byte = ReadBlobByte (src);
>+ 			for (i = 0; i < count; i++)
>+-			{	if (compression == 1)
>++			{	
>++				if (q == end)
>++					return 0;
>++			 	if (compression == 1)
>+ 				{	(*(q++)) = (unsigned char) byte;
>+ 				}
>+ 				else
>+@@ -896,13 +901,15 @@
>+ 		else
>+ 		{	/* Escape mode. */
>+ 			count = ReadBlobByte (src);
>+-			if (count == 0x01) return;
>++			if (count == 0x01) return 1;
>+ 			switch (count)
>+ 			{
>+ 			case 0x00:
>+ 			 {	/* End of line. */
>+ 				x = 0;
>+ 				y++;
>++				if (y >= bmp->height)
>++					return 0;
>+ 				q = pixels + y * bmp->width;
>+ 				break;
>+ 			 }
>+@@ -910,13 +917,20 @@
>+ 			 {	/* Delta mode. */
>+ 				x += ReadBlobByte (src);
>+ 				y += ReadBlobByte (src);
>++				if (y >= bmp->height)
>++					return 0;
>++				if (x >= bmp->width)
>++					return 0;
>+ 				q = pixels + y * bmp->width + x;
>+ 				break;
>+ 			 }
>+ 			default:
>+ 			 {	/* Absolute mode. */
>+ 				for (i = 0; i < count; i++)
>+-				{	if (compression == 1)
>++				{
>++					if (q == end)
>++						return 0;
>++					if (compression == 1)
>+ 					{	(*(q++)) = ReadBlobByte (src);
>+ 					}
>+ 					else
>+@@ -943,7 +957,7 @@
>+ 	byte = ReadBlobByte (src);  /* end of line */
>+ 	byte = ReadBlobByte (src);
>+ 
>+-	return;
>++	return 1;
>+ }
>+ 
>+ /*
>+@@ -1146,7 +1160,10 @@
>+ 	{
>+ 		if (bmp_info.bits_per_pixel == 8)	/* Convert run-length encoded raster pixels. */
>+ 		{
>+-			DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image);
>++			if (!DecodeImage (API,bmp,src,(unsigned int) bmp_info.compression,data->image))
>++			{	WMF_ERROR (API,"corrupt bmp");
>++				API->err = wmf_E_BadFormat;
>++			}
>+ 		}
>+ 		else
>+ 		{	WMF_ERROR (API,"Unexpected pixel depth");
>+diff -ru libwmf-0.2.8.4/src/ipa/ipa.h libwmf-0.2.8.4/src/ipa/ipa.h
>+--- libwmf-0.2.8.4/src/ipa/ipa.h	2015-06-03 09:30:59.410501271 +0100
>++++ libwmf-0.2.8.4/src/ipa/ipa.h	2015-06-03 09:31:08.687605277 +0100
>+@@ -48,7 +48,7 @@
>+ static unsigned short ReadBlobLSBShort (BMPSource*);
>+ static unsigned long  ReadBlobLSBLong (BMPSource*);
>+ static long           TellBlob (BMPSource*);
>+-static void           DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
>++static int            DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
>+ static void           ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
>+ static int            ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
>+ static void           SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);
>
>Property changes on: files/libwmf-0.2.8.4-rh1227243-CVE-2015-4588.patch
>___________________________________________________________________
>Added: svn:mime-type
>## -0,0 +1 ##
>+text/plain
>\ No newline at end of property
>Added: svn:eol-style
>## -0,0 +1 ##
>+native
>\ No newline at end of property

Actions: View | Diff

Attachments on bug 201513: 158781 | 158782 | 158825 | 158826 | 158898 | 160788