Bug#453258: Crash on invalid color in CSS

Michal Čihař Tue, 27 Nov 2007 20:33:00 -0800

Package: libgtkhtml2-0
Version: 2.11.1-1
Severity: important
Tags: patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi

html_color_new_from_name function crashes if color contains just "rgb" 
string. Attached patch fixes the crash.

- -- 
        Michal Čihař | http://cihar.com | http://blog.cihar.com


- -- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-3-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libgtkhtml2-0 depends on:
ii  libatk1.0-0             1.20.0-1         The ATK accessibility toolkit
ii  libc6                   2.7-2            GNU C Library: Shared libraries
ii  libcairo2               1.4.10-1         The Cairo 2D vector graphics libra
ii  libfontconfig1          2.5.0-2          generic font configuration library
ii  libfreetype6            2.3.5-1+b1       FreeType 2 font engine, shared lib
ii  libgail-common          1.20.2-1         GNOME Accessibility Implementation
ii  libgail18               1.20.2-1         GNOME Accessibility Implementation
ii  libglib2.0-0            2.14.4-1         The GLib library of C routines
ii  libgtk2.0-0             2.12.1-3         The GTK+ graphical user interface 
ii  libpango1.0-0           1.18.3-1         Layout and rendering of internatio
ii  libpng12-0              1.2.15~beta5-3   PNG library - runtime
ii  libx11-6                2:1.0.3-7        X11 client-side library
ii  libxml2                 2.6.30.dfsg-3    GNOME XML library
ii  libxrender1             1:0.9.4-1        X Rendering Extension client libra
ii  zlib1g                  1:1.2.3.3.dfsg-7 compression library - runtime

libgtkhtml2-0 recommends no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHTOkf3DVS6DbnVgQRAqstAJ0Q3QyavfgtmnC62HVKy8sO4R1xegCeNb7j
PdoawIBn/luIHTnytyjxtSU=
=ATMk
-----END PGP SIGNATURE-----

--- libgtkhtml2-2.11.1.orig/libgtkhtml/graphics/htmlcolor.c
+++ libgtkhtml2-2.11.1/libgtkhtml/graphics/htmlcolor.c
@@ -328,7 +328,9 @@
        else if (strstr (color_name, "rgb")) {
                gchar *ptr;
                
-               ptr = strstr (color_name, "(") + 1;
+               ptr = strstr (color_name, "(");
+               if (ptr == NULL) return NULL;
+               ptr++;
                while (*ptr && *ptr == ' ') ptr++;
                red = strtol (ptr, &ptr, 10);
                ptr++;

Bug#453258: Crash on invalid color in CSS

Reply via email to