summaryrefslogtreecommitdiffstats
path: root/debian/patches/0069-video-readers-png-Refuse-to-handle-multiple-image-he.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/0069-video-readers-png-Refuse-to-handle-multiple-image-he.patch')
-rw-r--r--debian/patches/0069-video-readers-png-Refuse-to-handle-multiple-image-he.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/debian/patches/0069-video-readers-png-Refuse-to-handle-multiple-image-he.patch b/debian/patches/0069-video-readers-png-Refuse-to-handle-multiple-image-he.patch
new file mode 100644
index 0000000..1c0aba1
--- /dev/null
+++ b/debian/patches/0069-video-readers-png-Refuse-to-handle-multiple-image-he.patch
@@ -0,0 +1,27 @@
+From 5e496e28b3c76666c98b737153f9b0c2bedf489d Mon Sep 17 00:00:00 2001
+From: Daniel Axtens <dja@axtens.net>
+Date: Tue, 6 Jul 2021 14:13:40 +1000
+Subject: video/readers/png: Refuse to handle multiple image headers
+
+This causes the bitmap to be leaked. Do not permit multiple image headers.
+
+Signed-off-by: Daniel Axtens <dja@axtens.net>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+---
+ grub-core/video/readers/png.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/grub-core/video/readers/png.c b/grub-core/video/readers/png.c
+index e2a6b1cf3..8955b8ecf 100644
+--- a/grub-core/video/readers/png.c
++++ b/grub-core/video/readers/png.c
+@@ -258,6 +258,9 @@ grub_png_decode_image_header (struct grub_png_data *data)
+ int color_bits;
+ enum grub_video_blit_format blt;
+
++ if (data->image_width || data->image_height)
++ return grub_error (GRUB_ERR_BAD_FILE_TYPE, "png: two image headers found");
++
+ data->image_width = grub_png_get_dword (data);
+ data->image_height = grub_png_get_dword (data);
+