+++ /dev/null
-From 37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 Mon Sep 17 00:00:00 2001
-From: Kim Woelders <kim@woelders.dk>
-Date: Sun, 3 Apr 2016 19:40:25 +0200
-Subject: [PATCH] GIF loader: Fix out-of-bound reads from colormap.
-
-Bug-Debian: http://bugs.debian.org/785369
-Note: removes all special-casing from the inner loop, optimize for common case.
-Author: Yuriy M. Kaminskiy <yumkam+debian@gmail.com>
-Reported-By: Jakub Wilk <jwilk@debian.org>
-
-Thanks to Bernhard U:belacker <bernhardu@vr-web.de> for analysis.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
----
- src/modules/loaders/loader_gif.c | 31 +++++++++++++++++--------------
- 1 file changed, 17 insertions(+), 14 deletions(-)
-
-diff --git a/src/modules/loaders/loader_gif.c b/src/modules/loaders/loader_gif.c
-index 638df59..4f08d64 100644
---- a/src/modules/loaders/loader_gif.c
-+++ b/src/modules/loaders/loader_gif.c
-@@ -141,8 +141,24 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
-
- if (im->loader || immediate_load || progress)
- {
-+ DATA32 colormap[256];
-+
- bg = gif->SBackGroundColor;
- cmap = (gif->Image.ColorMap ? gif->Image.ColorMap : gif->SColorMap);
-+ memset (colormap, 0, sizeof(colormap));
-+ if (cmap != NULL)
-+ {
-+ for (i = cmap->ColorCount > 256 ? 256 : cmap->ColorCount; i-- > 0;)
-+ {
-+ r = cmap->Colors[i].Red;
-+ g = cmap->Colors[i].Green;
-+ b = cmap->Colors[i].Blue;
-+ colormap[i] = (0xff << 24) | (r << 16) | (g << 8) | b;
-+ }
-+ /* if bg > cmap->ColorCount, it is transparent black already */
-+ if (transp >= 0 && transp < 256)
-+ colormap[transp] = bg >= 0 && bg < 256 ? colormap[bg] & 0x00ffffff : 0x00000000;
-+ }
- im->data = (DATA32 *) malloc(sizeof(DATA32) * w * h);
- if (!im->data)
- goto quit;
-@@ -161,20 +177,7 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
- {
- for (j = 0; j < w; j++)
- {
-- if (rows[i][j] == transp)
-- {
-- r = cmap->Colors[bg].Red;
-- g = cmap->Colors[bg].Green;
-- b = cmap->Colors[bg].Blue;
-- *ptr++ = 0x00ffffff & ((r << 16) | (g << 8) | b);
-- }
-- else
-- {
-- r = cmap->Colors[rows[i][j]].Red;
-- g = cmap->Colors[rows[i][j]].Green;
-- b = cmap->Colors[rows[i][j]].Blue;
-- *ptr++ = (0xff << 24) | (r << 16) | (g << 8) | b;
-- }
-+ *ptr++ = colormap[rows[i][j]];
- per += per_inc;
- if (progress && (((int)per) != last_per)
- && (((int)per) % progress_granularity == 0))
---
-2.7.3
-
+++ /dev/null
-From c94d83ccab15d5ef02f88d42dce38ed3f0892882 Mon Sep 17 00:00:00 2001
-From: Kim Woelders <kim@woelders.dk>
-Date: Wed, 6 Apr 2016 17:42:17 +0200
-Subject: [PATCH] Fix potential divide-by-zero in imlib_image_draw_ellipse().
-
-Attempting to draw a 2x1 ellipse with e.g. imlib_image_draw_ellipse(x, y, 2, 1)
-causes a divide-by-zero.
-It seems happy enough to draw 1x1, 1x2 and 2x2, but not 2x1.
-
-Patch by Simon Lees.
-
-https://bugs.debian.org/639414
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
----
- src/lib/ellipse.c | 24 ++++++++++++++++++++++++
- 1 file changed, 24 insertions(+)
-
-diff --git a/src/lib/ellipse.c b/src/lib/ellipse.c
-index cd90268..ddb410b 100644
---- a/src/lib/ellipse.c
-+++ b/src/lib/ellipse.c
-@@ -71,6 +71,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color,
- if (IN_RANGE(rx, by, clw, clh))
- pfunc(color, bp + len);
-
-+ if (dx < 1)
-+ dx = 1;
-+
- dy += b2;
- yy -= ((dy << 16) / dx);
- lx--;
-@@ -123,6 +126,9 @@ __imlib_Ellipse_DrawToData(int xc, int yc, int a, int b, DATA32 color,
- if (IN_RANGE(rx, by, clw, clh))
- pfunc(color, bp + len);
-
-+ if (dy < 1)
-+ dy = 1;
-+
- dx -= a2;
- xx += ((dx << 16) / dy);
- ty++;
-@@ -222,6 +228,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color,
- if (IN_RANGE(rx, by, clw, clh))
- pfunc(col1, bp + len);
-
-+ if (dx < 1)
-+ dx = 1;
-+
- dy += b2;
- yy -= ((dy << 16) / dx);
- lx--;
-@@ -295,6 +304,9 @@ __imlib_Ellipse_DrawToData_AA(int xc, int yc, int a, int b, DATA32 color,
- if (IN_RANGE(rx, by, clw, clh))
- pfunc(col1, bp + len);
-
-+ if (dy < 1)
-+ dy = 1;
-+
- dx -= a2;
- xx += ((dx << 16) / dy);
- ty++;
-@@ -395,6 +407,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color,
- if (IN_RANGE(rx, by, clw, clh))
- pfunc(color, bp + len);
-
-+ if (dx < 1)
-+ dx = 1;
-+
- dy += b2;
- yy -= ((dy << 16) / dx);
- lx--;
-@@ -453,6 +468,9 @@ __imlib_Ellipse_FillToData(int xc, int yc, int a, int b, DATA32 color,
- if (((unsigned)by < (unsigned)clh) && (len > 0))
- sfunc(color, bpp, len);
-
-+ if (dy < 1)
-+ dy = 1;
-+
- dx -= a2;
- xx += ((dx << 16) / dy);
- ty++;
-@@ -556,6 +574,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color,
- if (IN_RANGE(rx, by, clw, clh))
- pfunc(col1, bp + len);
-
-+ if (dx < 1)
-+ dx = 1;
-+
- dy += b2;
- yy -= ((dy << 16) / dx);
- lx--;
-@@ -629,6 +650,9 @@ __imlib_Ellipse_FillToData_AA(int xc, int yc, int a, int b, DATA32 color,
- if (IN_RANGE(rx, by, clw, clh))
- pfunc(col1, bp + len);
-
-+ if (dy < 1)
-+ dy = 1;
-+
- dx -= a2;
- xx += ((dx << 16) / dy);
- ty++;
---
-2.7.3
-
projects / buildroot.git / commitdiff