1 files changed, 45 insertions, 0 deletions

diff --git a/main/gdk-pixbuf/CVE-2017-2862.patch b/main/gdk-pixbuf/CVE-2017-2862.patch
new file mode 100644
index 0000000000..f41f5124f3
--- /dev/null
+++ b/main/gdk-pixbuf/CVE-2017-2862.patch
@@ -0,0 +1,45 @@
+Backport of c2a40a92fe3df4111ed9da51fe3368c079b86926 and
+6dd89e126a277460faafc1f679db44ccf78446fb
+
+--- gdk-pixbuf-2.36.5.orig/gdk-pixbuf/io-jpeg.c
++++ gdk-pixbuf-2.36.5/gdk-pixbuf/io-jpeg.c
+@@ -1026,6 +1026,7 @@ gdk_pixbuf__jpeg_image_load_increment (g
+ 		/* try to load jpeg header */
+ 		if (!context->got_header) {
+ 			int rc;
++			gboolean has_alpha;
+ 		
+ 			jpeg_save_markers (cinfo, JPEG_APP0+1, 0xffff);
+ 			jpeg_save_markers (cinfo, JPEG_APP0+2, 0xffff);
+@@ -1063,10 +1064,27 @@ gdk_pixbuf__jpeg_image_load_increment (g
+ 				}
+ 			}
+ 			jpeg_calc_output_dimensions (cinfo);
+-			
+-			context->pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB, 
+-							  cinfo->output_components == 4 ? TRUE : FALSE,
+-							  8, 
++
++			if (cinfo->output_components == 3) {
++				has_alpha = FALSE;
++			} else if (cinfo->output_components == 4) {
++				has_alpha = TRUE;
++			} else if (cinfo->output_components == 1 &&
++				   cinfo->out_color_space == JCS_GRAYSCALE) {
++				has_alpha = FALSE;
++			} else {
++				g_set_error (error,
++					     GDK_PIXBUF_ERROR,
++					     GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
++					     _("Unsupported number of color components (%d)"),
++					     cinfo->output_components);
++				retval = FALSE;
++				goto out;
++			}
++
++			context->pixbuf = gdk_pixbuf_new (GDK_COLORSPACE_RGB,
++							  has_alpha,
++							  8,
+ 							  cinfo->output_width,
+ 							  cinfo->output_height);
+