- Security patch
Security: CVE-2011-3026 Obtained from: Debian
This commit is contained in:
Dirk Meyer
parent
fa2545d1b2
commit
9fc776f599
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=291575
2 changed files with 21 additions and 0 deletions
|
|
@ -7,6 +7,7 @@
|
|||
|
||||
PORTNAME= png
|
||||
PORTVERSION= 1.4.8
|
||||
PORTREVISION= 1
|
||||
CATEGORIES= graphics
|
||||
MASTER_SITES= SF/lib${PORTNAME}/lib${PORTNAME}14/${PORTVERSION}
|
||||
DISTNAME= lib${PORTNAME}-${PORTVERSION}
|
||||
|
|
|
|||
20
graphics/png/files/patch-pngrutil.c
Normal file
20
graphics/png/files/patch-pngrutil.c
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
---pngrutil.c.orig 2012/02/10 19:43:42 121491
|
||||
+++ pngrutil.c 2012/02/10 19:45:46 121492
|
||||
@@ -363,8 +363,15 @@
|
||||
{
|
||||
/* Success (maybe) - really uncompress the chunk. */
|
||||
png_size_t new_size = 0;
|
||||
- png_charp text = png_malloc_warn(png_ptr,
|
||||
- prefix_size + expanded_size + 1);
|
||||
+ png_charp text = NULL;
|
||||
+ /* Need to check for both truncation (64-bit platforms) and integer
|
||||
+ * overflow.
|
||||
+ */
|
||||
+ if (prefix_size + expanded_size > prefix_size &&
|
||||
+ prefix_size + expanded_size < 0xffffffffU)
|
||||
+ {
|
||||
+ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
|
||||
+ }
|
||||
|
||||
if (text != NULL)
|
||||
{
|
||||
Loading…
Reference in a new issue