SDL_image: backported a fixed version of thresh's patch [24741]

NEWS

@@ -12,6 +12,7 @@ Security updates:
  --- FIXME: THE FOLLOWING ISSUES HAVE NOT BEEN FIXED YET ---
  * Mozilla and ActiveX plugins (VideoLAN-0802, CVE-2007-6683)
  * Real RTSP overflows (CVE-2008-0295, CVE-2008-0296)
+ * Fixed buffer overflow in the SDL_image library (CVE-2006-4484)
 
 Audio filter:
  * Fixed DTS to S/PDIF converter

extras/contrib/src/Makefile

 #***************************************************************************
 # src/Makefile : Dearchive and compile all files necessary
 # ***************************************************************************
-# Copyright (C) 2003 - 2007 the VideoLAN team
+# Copyright (C) 2003 - 2008 the VideoLAN team
 # $Id$
 #
 # Authors: Christophe Massiot <massiot@via.ecp.fr>
@@ -1823,6 +1823,7 @@ SDL_image-$(SDL_IMAGE_VERSION).tar.gz:
 SDL_image: SDL_image-$(SDL_IMAGE_VERSION).tar.gz 
 	$(EXTRACT_GZ)
 	patch -p 0 < Patches/SDL_image.patch
+	patch -p0 < Patches/SDL_image-CVE-2006-4484.patch
 
 .SDL_image: SDL_image .SDL .png .jpeg .tiff
 	(cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) --enable-tif --disable-sdltest CFLAGS="$(CFLAGS)" && make && make install)

extras/contrib/src/Patches/SDL_image-CVE-2006-4484.patch

+--- SDL_image/IMG_gif.orig.c	2008-02-01 11:58:19.000000000 +0100
++++ SDL_image/IMG_gif.c	2008-02-01 11:58:28.000000000 +0100
+@@ -415,6 +415,10 @@
+     static int table[2][(1 << MAX_LWZ_BITS)];
+     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
+     register int i;
++    
++    /* Fixed buffer overflow found by Michael Skladnikiewicz */
++    if( input_code_size > MAX_LWZ_BITS )
++        return -1;
+ 
+     if (flag) {
+ 	set_code_size = input_code_size;