$OpenBSD: patch-src_modules_loaders_loader_lbm_c,v 1.1 2006/11/20 09:21:09 bernd Exp $

Fix for CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809.
Should be fixed in >1.3.0.

--- src/modules/loaders/loader_lbm.c.orig	Wed Sep  6 13:34:49 2006
+++ src/modules/loaders/loader_lbm.c	Mon Nov  6 10:41:32 2006
@@ -421,7 +421,10 @@ ILBM    ilbm;
 
         im->w = L2RWORD(ilbm.bmhd.data);
         im->h = L2RWORD(ilbm.bmhd.data + 2);
-        if (im->w <= 0 || im->h <= 0) ok = 0;
+	if ((im->w < 1) || (im->h < 1) || (im->w > 8192) || (im->h > 8192))
+	  {
+	     ok = 0;
+	  }
 
         ilbm.depth = ilbm.bmhd.data[8];
         if (ilbm.depth < 1 || (ilbm.depth > 8 && ilbm.depth != 24 && ilbm.depth != 32)) ok = 0; /* Only 1 to 8, 24, or 32 planes. */
