Merge pull request #268192 from risicle/ris-zbar-CVE-2023-40889-CVE-2023-40890

zbar: add patches for CVE-2023-40889 & CVE-2023-40890
This commit is contained in:
7c6f434c 2023-11-18 07:55:21 +00:00 committed by GitHub
commit ad6f7c6a70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 49 additions and 0 deletions

View File

@ -0,0 +1,17 @@
Simple bounds checks for CVE-2023-40889, based on third-party
fix by Remi Meier @
https://github.com/Raemi/zbar/commit/5e8acc6974f17e56c3ddaa5509870beb8d7a599c
--- a/zbar/qrcode/qrdec.c
+++ b/zbar/qrcode/qrdec.c
@@ -3900,8 +3900,8 @@ void qr_reader_match_centers(qr_reader *_reader,qr_code_data_list *_qrlist,
/*TODO: We might be able to accelerate this step significantly by
considering the remaining finder centers in a more intelligent order,
based on the first finder center we just chose.*/
- for(j=i+1;!mark[i]&&j<_ncenters;j++){
- for(k=j+1;!mark[j]&&k<_ncenters;k++)if(!mark[k]){
+ for(j=i+1; i < _ncenters && !mark[i]&&j<_ncenters;j++){
+ for(k=j+1; j < _ncenters && !mark[j]&&k<_ncenters;k++)if(!mark[k]){
qr_finder_center *c[3];
qr_code_data qrdata;
int version;

View File

@ -0,0 +1,26 @@
Simple bounds checks for CVE-2023-40890
--- a/zbar/decoder/databar.c
+++ b/zbar/decoder/databar.c
@@ -23,6 +23,8 @@
#include <config.h>
#include <zbar.h>
+#include <stdlib.h>
+#include <stdio.h>
#ifdef DEBUG_DATABAR
# define DEBUG_LEVEL (DEBUG_DATABAR)
@@ -691,6 +693,12 @@ lookup_sequence (databar_segment_t *seg,
fixed = -1;
s <<= 1;
dbprintf(2, "%x", s);
+
+ if (i > 20) {
+ fprintf(stderr, "Bug: Out-of-bounds condition detected\n");
+ exit(99);
+ }
+
seq[i++] = s++;
seq[i++] = s;
}

View File

@ -1,6 +1,7 @@
{ stdenv
, lib
, fetchFromGitHub
, fetchpatch
, imagemagickBig
, pkg-config
, withXorg ? true
@ -42,6 +43,11 @@ stdenv.mkDerivation rec {
sha256 = "sha256-VhVrngAX7pXZp+szqv95R6RGAJojp3svdbaRKigGb0w=";
};
patches = [
./0.23.92-CVE-2023-40889.patch
./0.23.92-CVE-2023-40890.patch
];
nativeBuildInputs = [
pkg-config
xmlto