$OpenBSD: patch-src_modules_loaders_loader_jpeg_c,v 1.1 2006/11/20 09:21:09 bernd Exp $

Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
Should be fixed in >1.3.0.

--- src/modules/loaders/loader_jpeg.c.orig	Tue Sep  5 02:37:07 2006
+++ src/modules/loaders/loader_jpeg.c	Mon Nov  6 10:41:32 2006
@@ -92,6 +92,12 @@ load(ImlibImage * im, ImlibProgressFunct
      {
         im->w = w = cinfo.output_width;
         im->h = h = cinfo.output_height;
+	if ((w < 1) || (h < 1) || (w > 8192) || (h > 8192))
+	  {
+             jpeg_destroy_decompress(&cinfo);
+             fclose(f);
+             return 0;
+	  }
         UNSET_FLAG(im->flags, F_HAS_ALPHA);
         im->format = strdup("jpeg");
      }
