1 Security fix, which we should be able to drop once it's packaged in a tarball

     2 

     3 From 9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 Mon Sep 17 00:00:00 2001

     4 From: Ignacio Casal Quinteiro <[email protected]>

     5 Date: Sun, 16 Apr 2017 13:56:09 +0200

     6 Subject: tknzr: support only max long rgb values

     7 

     8 This fixes a possible out of bound when reading rgbs which

     9 are longer than the support MAXLONG

    10 ---

    11  src/cr-tknzr.c | 10 ++++++++++

    12  1 file changed, 10 insertions(+)

    13 

    14 diff --git a/src/cr-tknzr.c b/src/cr-tknzr.c

    15 index 1a7cfeb..1548c35 100644

    16 --- a/src/cr-tknzr.c

    17 +++ b/src/cr-tknzr.c

    18 @@ -1279,6 +1279,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)

    19          status = cr_tknzr_parse_num (a_this, &num);

    20          ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));

    21  

    22 +        if (num->val > G_MAXLONG) {

    23 +                status = CR_PARSING_ERROR;

    24 +                goto error;

    25 +        }

    26 +

    27          red = num->val;

    28          cr_num_destroy (num);

    29          num = NULL;

    30 @@ -1298,6 +1303,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)

    31                  status = cr_tknzr_parse_num (a_this, &num);

    32                  ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));

    33  

    34 +                if (num->val > G_MAXLONG) {

    35 +                        status = CR_PARSING_ERROR;

    36 +                        goto error;

    37 +                }

    38 +

    39                  PEEK_BYTE (a_this, 1, &next_bytes[0]);

    40                  if (next_bytes[0] == '%') {

    41                          SKIP_CHARS (a_this, 1);

    42 --