media-gfx/gimp/files/gimp-2.6.12-CVE-2012-2763.patch - platform/external/gentoo/overlays/gentoo - Git at Google

 Fix for CVE-2012-2763 for GIMP 2.6.x by mancha. Based on commit
 76155d79df8d497. Thanks to muks, Kevin, and Ankh for identifying
 the relevant code change.

 Ref: Fixed potential buffer overflow in readstr_upto().

 ================================================

 --- a/plug-ins/script-fu/tinyscheme/scheme.c.orig	2012-06-30
 +++ b/plug-ins/script-fu/tinyscheme/scheme.c		2012-06-30
 @@ -1727,7 +1727,8 @@ static char *readstr_upto(scheme *sc, ch
      c = inchar(sc);
      len = g_unichar_to_utf8(c, p);
      p += len;
 -  } while (c && !is_one_of(delim, c));
 +  } while ((p - sc->strbuff < sizeof(sc->strbuff)) &&
 +           (c && !is_one_of(delim, c)));

    if(p==sc->strbuff+2 && c_prev=='\\')
      *p = '\0';
	Fix for CVE-2012-2763 for GIMP 2.6.x by mancha. Based on commit
	76155d79df8d497. Thanks to muks, Kevin, and Ankh for identifying
	the relevant code change.

	Ref: Fixed potential buffer overflow in readstr_upto().

	================================================

	--- a/plug-ins/script-fu/tinyscheme/scheme.c.orig 2012-06-30
	+++ b/plug-ins/script-fu/tinyscheme/scheme.c 2012-06-30
	@@ -1727,7 +1727,8 @@ static char readstr_upto(scheme sc, ch
	c = inchar(sc);
	len = g_unichar_to_utf8(c, p);
	p += len;
	- } while (c && !is_one_of(delim, c));
	+ } while ((p - sc->strbuff < sizeof(sc->strbuff)) &&
	+ (c && !is_one_of(delim, c)));

	if(p==sc->strbuff+2 && c_prev=='\\')
	*p = '\0';