Compare commits
No commits in common. "c8" and "c8-beta" have entirely different histories.
@ -1,34 +0,0 @@
|
|||||||
From 3e8d3382937e0c2891478f3a58bd225de3a53ba5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gabriele Barbero <barbero.gabriele03@gmail.com>
|
|
||||||
Date: Fri, 5 Dec 2025 00:20:22 +0100
|
|
||||||
Subject: [PATCH] ZDI-CAN-28266: guard against buffer overflow
|
|
||||||
|
|
||||||
In rgbe_read_new_rle we check whether there is still space in the buffer,
|
|
||||||
but we do not verify that the run length fits within the remaining capacity.
|
|
||||||
This can lead to a buffer overflow. This patch adds a check to ensure that
|
|
||||||
the run length does not exceed the available space.
|
|
||||||
---
|
|
||||||
libs/rgbe/rgbe.c | 7 +++++++
|
|
||||||
1 file changed, 7 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/libs/rgbe/rgbe.c b/libs/rgbe/rgbe.c
|
|
||||||
index 890eb64..8f29778 100644
|
|
||||||
--- a/libs/rgbe/rgbe.c
|
|
||||||
+++ b/libs/rgbe/rgbe.c
|
|
||||||
@@ -650,6 +650,13 @@ rgbe_read_new_rle (const rgbe_file *file,
|
|
||||||
|
|
||||||
data++;
|
|
||||||
|
|
||||||
+ /* Check if there's enought space in the buffer to avoid OOB */
|
|
||||||
+ if (length > (pixels + RGBE_NUM_RGBE * linesize - pixoffset[component]) / RGBE_NUM_RGBE)
|
|
||||||
+ {
|
|
||||||
+ g_warning ("Buffer overflow detected.");
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* A compressed run */
|
|
||||||
if (rle)
|
|
||||||
{
|
|
||||||
--
|
|
||||||
2.52.0
|
|
||||||
|
|
||||||
@ -16,7 +16,7 @@
|
|||||||
Summary: A graph based image processing framework
|
Summary: A graph based image processing framework
|
||||||
Name: gegl
|
Name: gegl
|
||||||
Version: 0.2.0
|
Version: 0.2.0
|
||||||
Release: 40%{?dist}
|
Release: 39%{?dist}
|
||||||
|
|
||||||
# Compute some version related macros
|
# Compute some version related macros
|
||||||
# Ugly hack, you need to get your quoting backslashes/percent signs straight
|
# Ugly hack, you need to get your quoting backslashes/percent signs straight
|
||||||
@ -37,8 +37,6 @@ Patch4: gegl-0.2.0-linker-flags.patch
|
|||||||
Patch5: gegl-0.2.0-libopenraw.patch
|
Patch5: gegl-0.2.0-libopenraw.patch
|
||||||
Patch6: gegl-0.2.0-ppc64-rand-fix.patch
|
Patch6: gegl-0.2.0-ppc64-rand-fix.patch
|
||||||
Patch7: gegl-build-without-exiv2.patch
|
Patch7: gegl-build-without-exiv2.patch
|
||||||
# https://github.com/GNOME/gegl/commit/d32f1badb4bde1d6e8137f687d9ee1195768d4ed
|
|
||||||
Patch8: gegl-0.2.0-CVE-2026-2050.patch
|
|
||||||
BuildRequires: asciidoc
|
BuildRequires: asciidoc
|
||||||
BuildRequires: babl-devel >= 0.1.10
|
BuildRequires: babl-devel >= 0.1.10
|
||||||
BuildRequires: cairo-devel
|
BuildRequires: cairo-devel
|
||||||
@ -222,10 +220,6 @@ make check
|
|||||||
%{_libdir}/pkgconfig/%{name}-%{apiver}.pc
|
%{_libdir}/pkgconfig/%{name}-%{apiver}.pc
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Jun 25 2026 RHEL Packaging Agent <redhat-ymir-agent@redhat.com> - 0.2.0-40
|
|
||||||
- Fix buffer overflow in rgbe_read_new_rle() (CVE-2026-2050)
|
|
||||||
Resolves: RHEL-188260
|
|
||||||
|
|
||||||
* Mon Nov 04 2019 Jan Grulich <jgrulich@redhat.com> - 0.2.0-39
|
* Mon Nov 04 2019 Jan Grulich <jgrulich@redhat.com> - 0.2.0-39
|
||||||
- Build without exiv2
|
- Build without exiv2
|
||||||
Resolves: bz#1767748
|
Resolves: bz#1767748
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user