39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
python-imaging: CVE-2016-2533
|
|
|
|
the patch comes from:
|
|
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
|
|
https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
|
|
|
|
PCD decoder overruns the shuffle buffer, Fixes #568
|
|
|
|
Signed-off-by: Li Wang <li.wang@windriver.com>
|
|
---
|
|
libImaging/PcdDecode.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/libImaging/PcdDecode.c b/libImaging/PcdDecode.c
|
|
index b6898e3..c02d005 100644
|
|
--- a/libImaging/PcdDecode.c
|
|
+++ b/libImaging/PcdDecode.c
|
|
@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
|
|
out[0] = ptr[x];
|
|
out[1] = ptr[(x+4*state->xsize)/2];
|
|
out[2] = ptr[(x+5*state->xsize)/2];
|
|
- out += 4;
|
|
+ out += 3;
|
|
}
|
|
|
|
state->shuffle((UINT8*) im->image[state->y],
|
|
@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
|
|
out[0] = ptr[x+state->xsize];
|
|
out[1] = ptr[(x+4*state->xsize)/2];
|
|
out[2] = ptr[(x+5*state->xsize)/2];
|
|
- out += 4;
|
|
+ out += 3;
|
|
}
|
|
|
|
state->shuffle((UINT8*) im->image[state->y],
|
|
--
|
|
1.7.9.5
|
|
|