git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/blob

   1 From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
   2 From: Chris Liddell <chris.liddell@artifex.com>
   3 Date: Mon, 17 Jul 2023 14:06:37 +0100
   4 Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
   5  devices/gdevpcx.c
   6
   7 Bounds check the buffer, before dereferencing the pointer.
   8
   9 CVE: CVE-2023-38559
  10 Upstream-Status: Backport
  11 Signed-off-by: Ross Burton <ross.burton@arm.com>
  12 ---
  13  base/gdevdevn.c | 2 +-
  14  1 file changed, 1 insertion(+), 1 deletion(-)
  15
  16 diff --git a/base/gdevdevn.c b/base/gdevdevn.c
  17 index 7b14d9c71..6351fb77a 100644
  18 --- a/base/gdevdevn.c
  19 +++ b/base/gdevdevn.c
  20 @@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
  21          byte data = *from;
  22
  23          from += step;
  24 -        if (data != *from || from == end) {
  25 +        if (from >= end || data != *from) {
  26              if (data >= 0xc0)
  27                  gp_fputc(0xc1, file);
  28          } else {
  29 --
  30 2.34.1
  31