slackware-current/patches/source/libcaca/libcaca-0.99.beta20-CVE-2022-0856.patch
Patrick J Volkerding 8587721dc4 Wed Oct 11 22:22:40 UTC 2023
patches/packages/libcaca-0.99.beta20-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed a crash bug (a crafted file defining width of zero leads to divide by
  zero and a crash). Seems to be merely a bug rather than a security issue, but
  I'd been meaning to get beta20 building so this was a good excuse.
  Thanks to marav.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-0856
  (* Security fix *)
2023-10-12 13:30:43 +02:00

38 lines
1.1 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From d33a9ca2b7e9f32483c1aee4c3944c56206d456b Mon Sep 17 00:00:00 2001
From: Josef Moellers <jmoellers@suse.de>
Date: Fri, 18 Mar 2022 11:52:22 +0100
Subject: [PATCH] Prevent a divide-by-zero by checking for a zero width or
height.
---
src/img2txt.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/img2txt.c b/src/img2txt.c
index b8a25899..b9d5ba24 100644
--- a/src/img2txt.c
+++ b/src/img2txt.c
@@ -177,7 +177,13 @@ int main(int argc, char **argv)
}
/* Assume a 6×10 font */
- if(!cols && !lines)
+ if(!i->w || !i->h)
+ {
+ fprintf(stderr, "%s: image size is 0\n", argv[0]);
+ lines = 0;
+ cols = 0;
+ }
+ else if(!cols && !lines)
{
cols = 60;
lines = cols * i->h * font_width / i->w / font_height;
@@ -214,7 +220,7 @@ int main(int argc, char **argv)
export = caca_export_canvas_to_memory(cv, format?format:"ansi", &len);
if(!export)
{
- fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format);
+ fprintf(stderr, "%s: Can't export to format '%s'\n", argv[0], format?format:"ansi");
}
else
{