From aae435f2646be610ec6cecf490ea30129ac759c9 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Wed, 18 Jun 2025 23:01:12 +0800
Subject: [PATCH] fix CVE-2025-6199

---
 backport-CVE-2025-6199.patch | 30 ++++++++++++++++++++++++++++++
 gdk-pixbuf2.spec             |  6 +++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-6199.patch

diff --git a/backport-CVE-2025-6199.patch b/backport-CVE-2025-6199.patch
new file mode 100644
index 0000000..e242f83
--- /dev/null
+++ b/backport-CVE-2025-6199.patch
@@ -0,0 +1,30 @@
+From c4986342b241cdc075259565f3fa7a7597d32a32 Mon Sep 17 00:00:00 2001
+From: lumi <lumi@suwi.moe>
+Date: Sat, 7 Jun 2025 22:27:06 +0200
+Subject: [PATCH] lzw: Fix reporting of bytes written in decoder
+
+When the LZW decoder encounters an invalid code, it stops
+processing the image and returns the whole buffer size.
+It should return the amount of bytes written, instead.
+
+Fixes #257
+---
+ gdk-pixbuf/lzw.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
+index 15293560b..4f3dd8beb 100644
+--- a/gdk-pixbuf/lzw.c
++++ b/gdk-pixbuf/lzw.c
+@@ -208,7 +208,7 @@ lzw_decoder_feed (LZWDecoder *self,
+                                 /* Invalid code received - just stop here */
+                                 if (self->code >= self->code_table_size) {
+                                         self->last_code = self->eoi_code;
+-                                        return output_length;
++                                        return n_written;
+                                 }
+ 
+                                 /* Convert codeword into indexes */
+-- 
+GitLab
+
diff --git a/gdk-pixbuf2.spec b/gdk-pixbuf2.spec
index 622bed8..95c6099 100644
--- a/gdk-pixbuf2.spec
+++ b/gdk-pixbuf2.spec
@@ -2,7 +2,7 @@
 
 Name:           gdk-pixbuf2
 Version:        2.42.6
-Release:        7
+Release:        8
 Summary:        gdk is a multi-platform toolkit for creating graphical user interfaces.
 License:        LGPLv2+
 URL:            https://gitlab.gnome.org/GNOME/gdk-pixbuf
@@ -12,6 +12,7 @@ Source1:        invalid-colors.gif
 Patch6000:	backport-CVE-2021-46829.patch
 Patch6001:	backport-CVE-2021-44648.patch
 Patch6002:	backport-CVE-2022-48622.patch
+Patch6003:      backport-CVE-2025-6199.patch
 
 BuildRequires:  docbook-style-xsl
 BuildRequires:  gettext
@@ -131,6 +132,9 @@ gdk-pixbuf-query-loaders-%{__isa_bits} --update-cache
 %{_mandir}/man1/gdk-pixbuf-csource.1*
 
 %changelog
+* Wed Jun 18 2025 Funda Wang <fundawang@yeah.net> - 2.42.6-8
+- fix CVE-2025-6199
+
 * Wed Jun 26 2024 liningjie <liningjie@xfusion.com> - 2.42.6-7
 - Fix CVE-2022-48622
 
-- 
Gitee