[SCM] libgig/master: Add patch to fix CVE-2017-12951. (Closes: #877651)

Fri Oct 13 20:40:22 UTC 2017

The following commit has been merged in the master branch:
commit 5ff664d1f2a1800dfe0e32c477e22ba5c81347f0
Author: Jaromír Mikeš <mira.mikes at seznam.cz>
Date:   Fri Oct 13 22:23:22 2017 +0200

    Add patch to fix CVE-2017-12951. (Closes: #877651)

diff --git a/debian/patches/CVE-2017-12951.patch b/debian/patches/CVE-2017-12951.patch
new file mode 100644
index 0000000..28ff6f1
--- /dev/null
+++ b/debian/patches/CVE-2017-12951.patch
@@ -0,0 +1,43 @@
+Description: Avoid some crashes
+  https://security-tracker.debian.org/tracker/CVE-2017-12951
+  http://seclists.org/fulldisclosure/2017/Aug/39
+Author: Jaromír Mikeš <mira.mikes at seznam.cz>
+
+Index: libgig/src/gig.cpp
+===================================================================
+--- libgig.orig/src/gig.cpp
++++ libgig/src/gig.cpp
+@@ -2045,6 +2045,33 @@ namespace {
+     // get the corresponding velocity table from the table map or create & calculate that table if it doesn't exist yet
+     double* DimensionRegion::GetVelocityTable(curve_type_t curveType, uint8_t depth, uint8_t scaling)
+     {
++        // sanity check input parameters
++        // (fallback to some default parameters on ill input)
++        switch (curveType) {
++            case curve_type_nonlinear:
++            case curve_type_linear:
++                if (depth > 4) {
++                    printf("Warning: Invalid depth (0x%x) for velocity curve type (0x%x).\n", depth, curveType);
++                    depth   = 0;
++                    scaling = 0;
++                }
++                break;
++            case curve_type_special:
++                if (depth > 5) {
++                    printf("Warning: Invalid depth (0x%x) for velocity curve type 'special'.\n", depth);
++                    depth   = 0;
++                    scaling = 0;
++                }
++                break;
++            case curve_type_unknown:
++            default:
++                printf("Warning: Unknown velocity curve type (0x%x).\n", curveType);
++                curveType = curve_type_linear;
++                depth     = 0;
++                scaling   = 0;
++                break;
++        }
++
+         double* table;
+         uint32_t tableKey = (curveType<<16) | (depth<<8) | scaling;
+         if (pVelocityTables->count(tableKey)) { // if key exists
diff --git a/debian/patches/series b/debian/patches/series
index 4078684..f61745c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,5 @@
 04-spelling.patch
 05-fix-libdir.patch
 CVE-2017-12952.diff
+CVE-2017-12951.patch
+CVE-2017-12954.patch

-- 
libgig packaging

