r7672 - in trunk/BOOK: general/graphlib introduction/welcome

Bruce Dubbs bruce.dubbs at gmail.com
Fri Dec 26 23:40:00 PST 2008


Bruce Dubbs wrote:
> ag at linuxfromscratch.org wrote:
>> Author: ag
>> Date: 2008-12-27 00:14:05 -0700 (Sat, 27 Dec 2008)
>> New Revision: 7672
>>
>> Modified:
>>    trunk/BOOK/general/graphlib/imlib2.xml
>>    trunk/BOOK/introduction/welcome/changelog.xml
>> Log:
>> Apply a patch to imlib2 to fix CVE-2008-5187
> 
> Ag, you are missing the instruction to actually apply the patch -- e.g.
> patch -Np1 -i ../mlib2-1.4.2-CVE-2008-5187.patch

Also, the patch you uploaded is wrong.  It should be:

ndex: /trunk/imlib2/src/modules/loaders/loader_xpm.c
===================================================================
--- /trunk/imlib2/src/modules/loaders/loader_xpm.c (revision 35900)
+++ /trunk/imlib2/src/modules/loaders/loader_xpm.c (revision 37744)
@@ -254,6 +254,6 @@
                                }
                              ptr = im->data;
-                            end = ptr + (sizeof(DATA32) * w * h);
                              pixels = w * h;
+                            end = ptr + (pixels);
                           }
                         else

Although the parens around the pixels variable do nothing.  Your patch has the 
end= statement one line too soon.

   -- Bruce



More information about the blfs-book mailing list