summaryrefslogtreecommitdiffstats
path: root/package/imlib2/0002-fix-CVE-2011-5326.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/imlib2/0002-fix-CVE-2011-5326.patch')
-rw-r--r--package/imlib2/0002-fix-CVE-2011-5326.patch104
1 files changed, 104 insertions, 0 deletions
diff --git a/package/imlib2/0002-fix-CVE-2011-5326.patch b/package/imlib2/0002-fix-CVE-2011-5326.patch
new file mode 100644
index 0000000000..ed9c9b2707
--- /dev/null
+++ b/package/imlib2/0002-fix-CVE-2011-5326.patch
@@ -0,0 +1,104 @@
+From c94d83ccab15d5ef02f88d42dce38ed3f0892882 Mon Sep 17 00:00:00 2001
+From: Kim Woelders <kim@woelders.dk>
+Date: Wed, 6 Apr 2016 17:42:17 +0200
+Subject: [PATCH] Fix potential divide-by-zero in imlib_image_draw_ellipse().
+
+Attempting to draw a 2x1 ellipse with e.g. imlib_image_draw_ellipse(x, y, 2, 1)
+causes a divide-by-zero.
+It seems happy enough to draw 1x1, 1x2 and 2x2, but not 2x1.
+
+Patch by Simon Lees.
+
+https://bugs.debian.org/639414
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+---
+ src/lib/ellipse.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/src/lib/ellipse.c b/src/lib/ellipse.c
+index cd90268..ddb410b 100644
+--- a/src/lib/ellipse.c
++++ b/src/lib/ellipse.c
+@@ -71,6 +71,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color,
+ if (IN_RANGE(rx, by, clw, clh))
+ pfunc(color, bp + len);
+
++ if (dx < 1)
++ dx = 1;
++
+ dy += b2;
+ yy -= ((dy << 16) / dx);
+ lx--;
+@@ -123,6 +126,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color,
+ if (IN_RANGE(rx, by, clw, clh))
+ pfunc(color, bp + len);
+
++ if (dy < 1)
++ dy = 1;
++
+ dx -= a2;
+ xx += ((dx << 16) / dy);
+ ty++;
+@@ -222,6 +228,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color,
+ if (IN_RANGE(rx, by, clw, clh))
+ pfunc(col1, bp + len);
+
++ if (dx < 1)
++ dx = 1;
++
+ dy += b2;
+ yy -= ((dy << 16) / dx);
+ lx--;
+@@ -295,6 +304,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color,
+ if (IN_RANGE(rx, by, clw, clh))
+ pfunc(col1, bp + len);
+
++ if (dy < 1)
++ dy = 1;
++
+ dx -= a2;
+ xx += ((dx << 16) / dy);
+ ty++;
+@@ -395,6 +407,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color,
+ if (IN_RANGE(rx, by, clw, clh))
+ pfunc(color, bp + len);
+
++ if (dx < 1)
++ dx = 1;
++
+ dy += b2;
+ yy -= ((dy << 16) / dx);
+ lx--;
+@@ -453,6 +468,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color,
+ if (((unsigned)by < (unsigned)clh) && (len > 0))
+ sfunc(color, bpp, len);
+
++ if (dy < 1)
++ dy = 1;
++
+ dx -= a2;
+ xx += ((dx << 16) / dy);
+ ty++;
+@@ -556,6 +574,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color,
+ if (IN_RANGE(rx, by, clw, clh))
+ pfunc(col1, bp + len);
+
++ if (dx < 1)
++ dx = 1;
++
+ dy += b2;
+ yy -= ((dy << 16) / dx);
+ lx--;
+@@ -629,6 +650,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color,
+ if (IN_RANGE(rx, by, clw, clh))
+ pfunc(col1, bp + len);
+
++ if (dy < 1)
++ dy = 1;
++
+ dx -= a2;
+ xx += ((dx << 16) / dy);
+ ty++;
+--
+2.7.3
+
OpenPOWER on IntegriCloud