| Patrick Williams | ddad1a1 | 2017-02-23 20:36:32 -0600 | [diff] [blame] | 1 | python-imaging: CVE-2016-2533 |
| 2 | |
| 3 | the patch comes from: |
| 4 | https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533 |
| 5 | https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b |
| 6 | |
| 7 | PCD decoder overruns the shuffle buffer, Fixes #568 |
| 8 | |
| 9 | Signed-off-by: Li Wang <li.wang@windriver.com> |
| 10 | --- |
| 11 | libImaging/PcdDecode.c | 4 ++-- |
| 12 | 1 file changed, 2 insertions(+), 2 deletions(-) |
| 13 | |
| 14 | diff --git a/libImaging/PcdDecode.c b/libImaging/PcdDecode.c |
| 15 | index b6898e3..c02d005 100644 |
| 16 | --- a/libImaging/PcdDecode.c |
| 17 | +++ b/libImaging/PcdDecode.c |
| 18 | @@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) |
| 19 | out[0] = ptr[x]; |
| 20 | out[1] = ptr[(x+4*state->xsize)/2]; |
| 21 | out[2] = ptr[(x+5*state->xsize)/2]; |
| 22 | - out += 4; |
| 23 | + out += 3; |
| 24 | } |
| 25 | |
| 26 | state->shuffle((UINT8*) im->image[state->y], |
| 27 | @@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes) |
| 28 | out[0] = ptr[x+state->xsize]; |
| 29 | out[1] = ptr[(x+4*state->xsize)/2]; |
| 30 | out[2] = ptr[(x+5*state->xsize)/2]; |
| 31 | - out += 4; |
| 32 | + out += 3; |
| 33 | } |
| 34 | |
| 35 | state->shuffle((UINT8*) im->image[state->y], |
| 36 | -- |
| 37 | 1.7.9.5 |
| 38 | |