From b142ab5a0b4d5f88c658aeac1ee1c2752d72891f Mon Sep 17 00:00:00 2001
From: "mingli.yu@windriver.com" <mingli.yu@windriver.com>
Date: Wed, 20 Jul 2016 14:00:07 +0800
Subject: python-imaging: Fix CVE-2016-2533

* PCD decoder overruns the shuffle buffer, Fixes #568
the patch comes from:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
---
 .../python-imaging-CVE-2016-2533.patch             | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch

(limited to 'meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch')

diff --git a/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch b/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch
new file mode 100644
index 0000000000..b01136f9ac
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python-imaging/python-imaging-CVE-2016-2533.patch
@@ -0,0 +1,38 @@
+python-imaging: CVE-2016-2533
+
+the patch comes from:
+https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2533
+https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4#diff-8ff6909c159597e22288ad818938fd6b
+
+PCD decoder overruns the shuffle buffer, Fixes #568
+
+Signed-off-by: Li Wang <li.wang@windriver.com>
+---
+ libImaging/PcdDecode.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libImaging/PcdDecode.c b/libImaging/PcdDecode.c
+index b6898e3..c02d005 100644
+--- a/libImaging/PcdDecode.c
++++ b/libImaging/PcdDecode.c
+@@ -47,7 +47,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ 	    out[0] = ptr[x];
+ 	    out[1] = ptr[(x+4*state->xsize)/2];
+ 	    out[2] = ptr[(x+5*state->xsize)/2];
+-	    out += 4;
++	    out += 3;
+ 	}
+ 
+ 	state->shuffle((UINT8*) im->image[state->y],
+@@ -62,7 +62,7 @@ ImagingPcdDecode(Imaging im, ImagingCodecState state, UINT8* buf, int bytes)
+ 	    out[0] = ptr[x+state->xsize];
+ 	    out[1] = ptr[(x+4*state->xsize)/2];
+ 	    out[2] = ptr[(x+5*state->xsize)/2];
+-	    out += 4;
++	    out += 3;
+ 	}
+ 
+ 	state->shuffle((UINT8*) im->image[state->y],
+-- 
+1.7.9.5
+
-- 
cgit v1.2.3-54-g00ecf