From: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Date: Wed, 6 May 2015 12:19:59 +0000 (+0000)
Subject: cupsRasterReadHeader did not fully validate the raster header (STR #4596)
X-Git-Tag: v2.2b1~316
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=33076d249bcac412a87c23e2b4df5e234a217fd9;p=thirdparty%2Fcups.git

cupsRasterReadHeader did not fully validate the raster header (STR #4596)



git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12607 a1ca3aef-8c08-0410-bb20-df032aa958be
---

diff --git a/CHANGES-2.0.txt b/CHANGES-2.0.txt
index 08d1ca39cc..a522c423d7 100644
--- a/CHANGES-2.0.txt
+++ b/CHANGES-2.0.txt
@@ -12,6 +12,8 @@ CHANGES IN CUPS V2.0.3
 	- Fixed lpadmin when both -m and -o are used (STR #4578)
 	- The web interface always showed support for 2-sided printing
 	  (STR #4595)
+	- cupsRasterReadHeader did not fully validate the raster header
+	  (STR #4596)
 	- Added Russian translation (STR #4577)
 
 
diff --git a/filter/raster.c b/filter/raster.c
index f455f47570..024eedf741 100644
--- a/filter/raster.c
+++ b/filter/raster.c
@@ -970,7 +970,7 @@ cups_raster_read_header(
 
   cups_raster_update(r);
 
-  return (r->header.cupsBytesPerLine != 0 && r->header.cupsHeight != 0 && (r->header.cupsBytesPerLine % r->bpp) == 0);
+  return (r->header.cupsBitsPerPixel != 0 && r->header.cupsBitsPerColor != 0 && r->header.cupsBytesPerLine != 0 && r->header.cupsHeight != 0 && (r->header.cupsBytesPerLine % r->bpp) == 0);
 }
 
 
@@ -1240,6 +1240,9 @@ cups_raster_update(cups_raster_t *r)	/* I - Raster stream */
   else
     r->bpp = (r->header.cupsBitsPerColor + 7) / 8;
 
+  if (r->bpp == 0)
+    r->bpp = 1;
+
  /*
   * Set the number of remaining rows...
   */