| commit | 91d144f4cdfff848a38884e491aee47f20b0e542 | |
| author | Diego Hernan Borghetti <bdiego@gmail.com> | |
| Wed, 16 Apr 2008 19:47:37 +0000 (16 16:47 -0300) | ||
| committer | Diego Hernan Borghetti <bdiego@gmail.com> | |
| Wed, 16 Apr 2008 19:47:37 +0000 (16 16:47 -0300) | ||
| tree | 863c547fb3af963c0625880d27594e9965fe2d42 | treesnapshot (tar.gz zip) |
| parent | 61fc8823bc21bfee4b911673a2028787952cf10b | commitdiff |
This fixes a Buffer Overflow Vulnerability reported by
Secunia Research
SAID: SA29818 (http://secunia.com/advisories/29818/)
Credit: Stefan Cornelius, Secunia Research
The old code trys to do a sscanf %s %d %s %d from a line in the
image file.
Now it copies over that line to a max buffer of size 540 chars before doing
the sscanf.
(I just picked a constant that was siginficatly large)
It also checks to see if it gets all 4 values if not return NULL.
Kent
Author: Kent Mein
SVN revision: r14432
Date: 2008-04-15 12:52:18 -0300 (Tue, 15 Apr 2008)
Secunia Research
SAID: SA29818 (http://secunia.com/advisories/29818/)
Credit: Stefan Cornelius, Secunia Research
The old code trys to do a sscanf %s %d %s %d from a line in the
image file.
Now it copies over that line to a max buffer of size 540 chars before doing
the sscanf.
(I just picked a constant that was siginficatly large)
It also checks to see if it gets all 4 values if not return NULL.
Kent
Author: Kent Mein
SVN revision: r14432
Date: 2008-04-15 12:52:18 -0300 (Tue, 15 Apr 2008)
| source/blender/imbuf/intern/radiance_hdr.c | diffblobblamehistory |