All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Anuj Mittal" <anuj.mittal@intel.com>
To: "changqing.li@windriver.com" <changqing.li@windriver.com>,
	"openembedded-core@lists.openembedded.org"
	<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH][hardknott] gdk-pixbuf: fix CVE-2021-20240
Date: Fri, 23 Apr 2021 06:14:24 +0000	[thread overview]
Message-ID: <e7bea6f909e7a01cb51cb8e59ce188c35e4b4601.camel@intel.com> (raw)
In-Reply-To: <a5c51b81-9a7c-f661-7d4f-8be9db04dc44@windriver.com>

On Fri, 2021-04-23 at 14:02 +0800, Changqing Li wrote:
> 
> On 4/23/21 1:54 PM, Mittal, Anuj wrote:
> > [Please note: This e-mail is from an EXTERNAL e-mail address]
> > 
> > This should be proposed for master too. We're still at 2.40.0
> > there.
> > 
> > Thanks,
> > 
> > Anuj
> I plan to  upgrade gdk-pixbuf on master to 2.42.6, which already fix 
> this CVE.

Great, thanks!

> > 
> > On Thu, 2021-04-22 at 16:09 +0800, Changqing Li wrote:
> > > From: Changqing Li <changqing.li@windriver.com>
> > > 
> > > Signed-off-by: Changqing Li <changqing.li@windriver.com>
> > > ---
> > >   .../gdk-pixbuf/CVE-2021-20240.patch           | 40
> > > +++++++++++++++++++
> > >   .../gdk-pixbuf/gdk-pixbuf_2.40.0.bb           |  1 +
> > >   2 files changed, 41 insertions(+)
> > >   create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-
> > > pixbuf/CVE-
> > > 2021-20240.patch
> > > 
> > > diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
> > > 20240.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
> > > 20240.patch
> > > new file mode 100644
> > > index 0000000000..fe594b24bb
> > > --- /dev/null
> > > +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
> > > 20240.patch
> > > @@ -0,0 +1,40 @@
> > > +From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17
> > > 00:00:00
> > > 2001
> > > +From: Emmanuele Bassi <ebassi@gnome.org>
> > > +Date: Wed, 1 Apr 2020 18:11:55 +0100
> > > +Subject: [PATCH] Check the memset length argument
> > > +
> > > +Avoid overflows by using the checked multiplication macro for
> > > gsize.
> > > +
> > > +Fixes: #132
> > > +
> > > +Upstream-Status: Backported
> > > [
> > > https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e
> > > ]
> > > +CVE: CVE-2021-20240
> > > +
> > > +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> > > +---
> > > + gdk-pixbuf/io-gif-animation.c | 6 +++++-
> > > + 1 file changed, 5 insertions(+), 1 deletion(-)
> > > +
> > > +diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-
> > > animation.c
> > > +index c9db3c66e..49674fd2e 100644
> > > +--- a/gdk-pixbuf/io-gif-animation.c
> > > ++++ b/gdk-pixbuf/io-gif-animation.c
> > > +@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf
> > > (GdkPixbufAnimationIter *anim_iter)
> > > +
> > > +         /* If no rendered frame, render the first frame */
> > > +         if (anim->last_frame == NULL) {
> > > ++                gsize len = 0;
> > > +                 if (anim->last_frame_data == NULL)
> > > +                         anim->last_frame_data = gdk_pixbuf_new
> > > (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height);
> > > +                 if (anim->last_frame_data == NULL)
> > > +                         return NULL;
> > > +-                memset (gdk_pixbuf_get_pixels (anim-
> > > > last_frame_data), 0, gdk_pixbuf_get_rowstride (anim-
> > > > last_frame_data) * anim->height);
> > > ++                if (g_size_checked_mul (&len,
> > > gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height))
> > > ++                        memset (gdk_pixbuf_get_pixels (anim-
> > > > last_frame_data), 0, len);
> > > ++                else
> > > ++                        return NULL;
> > > +                 composite_frame (anim, g_list_nth_data (anim-
> > > > frames, 0));
> > > +         }
> > > +
> > > +--
> > > +GitLab
> > > diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> > > b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> > > index 226e1c7b89..f01da32e71 100644
> > > --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> > > +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> > > @@ -26,6 +26,7 @@ SRC_URI =
> > > "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
> > > 
> > > file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch
> > >  \
> > >              file://missing-test-data.patch \
> > >              file://CVE-2020-29385.patch \
> > > +           file://CVE-2021-20240.patch \
> > >              "
> > > 
> > >   SRC_URI_append_class-target = " \
> > > 
> > > 
> > > 


      reply	other threads:[~2021-04-23  6:14 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-22  8:09 [PATCH][hardknott] gdk-pixbuf: fix CVE-2021-20240 Changqing Li
2021-04-23  5:54 ` [OE-core] " Anuj Mittal
2021-04-23  6:02   ` Changqing Li
2021-04-23  6:14     ` Anuj Mittal [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=e7bea6f909e7a01cb51cb8e59ce188c35e4b4601.camel@intel.com \
    --to=anuj.mittal@intel.com \
    --cc=changqing.li@windriver.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.