Fix a bug in png handling using a patch from John Bowler <jbowler@acm.org>.

Addresses PR 44940. Bump PKGREVISION for links-gui.
2011-05-11 16:46:15 +00:00 · 2011-05-11 16:46:15 +00:00 · 75026433e3
commit 75026433e3
parent 3249f647ca
3 changed files with 48 additions and 2 deletions
--- a/www/links-gui/Makefile
+++ b/www/links-gui/Makefile
@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.63 2011/05/02 13:17:47 wiz Exp $
+# $NetBSD: Makefile,v 1.64 2011/05/11 16:46:16 wiz Exp $
 #

 PKGNAME=	${DISTNAME:S/links/&-gui/}
+PKGREVISION=	1
 COMMENT=	Lynx-like text and graphics WWW browser

 CONFLICTS+=	links-[0-9]* elinks-0.3*
--- a/www/links/distinfo
+++ b/www/links/distinfo
@ -1,7 +1,8 @@
-$NetBSD: distinfo,v 1.54 2011/05/02 13:17:47 wiz Exp $
+$NetBSD: distinfo,v 1.55 2011/05/11 16:46:15 wiz Exp $

 SHA1 (links-2.3pre2.tar.bz2) = 5bc210f746559725565bec1d4748b5c56b263ee5
 RMD160 (links-2.3pre2.tar.bz2) = 800032cf852382b70aa29e6f9a0c2b86bde5b74f
 Size (links-2.3pre2.tar.bz2) = 3832710 bytes
 SHA1 (patch-aa) = 45b6a12bcef9a229cf1b7f2b777c14786b3c5b81
 SHA1 (patch-ab) = a2d461c9d8b6300469ab6195886830fdd63be837
+SHA1 (patch-dip.c) = 52299aeb395e7e33a359cd8af1d55c0a49b3c186
--- a/www/links/patches/patch-dip.c
+++ b/www/links/patches/patch-dip.c
@ -0,0 +1,44 @@
+$NetBSD: patch-dip.c,v 1.1 2011/05/11 16:46:16 wiz Exp $
+
+From John Bowler <jbowler@acm.org>:
+It's two bugs: one, the obvious one, in the two calls to
+png_set_rgb_to_gray() in dip.c; that should be *DIVIDED* by 256,
+not multiplied!
+                                                                                                                                                                                                                    
+The other is that there is *NO* error handling, no call to setjmp();
+so when png_error is called the call stack ends up destroyed and,
+apparently, the program dies in create_read_struct_2, right after
+the comment that explains why libpng is about to call abort() ;-)
+                                                                                                                                                                                                                    
+The attached patch fixes both problems, but links will still error
+out on a png_error (just with an OOM message, not an abort()).
+
+--- dip.c.orig	2011-04-19 15:17:48.000000000 +0000
+++ dip.c
+@@ -1422,6 +1422,8 @@ unsigned char *png_data, int png_length,
+ 	
+ 	png_ptr=png_create_read_struct(PNG_LIBPNG_VER_STRING,
+ 			NULL, my_png_error, my_png_warning);
+	if (setjmp(png_jmpbuf(png_ptr)))
+	    overalloc(); /* some error detected by libpng */
+ 	info_ptr=png_create_info_struct(png_ptr);
+ 	png_set_read_fn(png_ptr,&work,(png_rw_ptr)&read_stored_data);
+ 	png_read_info(png_ptr, info_ptr);
+@@ -1448,7 +1450,7 @@ unsigned char *png_data, int png_length,
+ 		if (color_type==PNG_COLOR_TYPE_PALETTE){
+ 			png_set_expand(png_ptr);
+ #ifdef HAVE_PNG_SET_RGB_TO_GRAY
+-			png_set_rgb_to_gray(png_ptr,1,54.0*256,183.0*256);
+			png_set_rgb_to_gray(png_ptr,1,54.0/256,183.0/256);
+ #else
+ 			goto end;
+ #endif
+@@ -1459,7 +1461,7 @@ unsigned char *png_data, int png_length,
+ 		if (color_type==PNG_COLOR_TYPE_RGB ||
+ 			color_type==PNG_COLOR_TYPE_RGB_ALPHA){
+ #ifdef HAVE_PNG_SET_RGB_TO_GRAY
+-			png_set_rgb_to_gray(png_ptr, 1, 54.0*256, 183.0*256);
+			png_set_rgb_to_gray(png_ptr, 1, 54.0/256, 183.0/256);
+ #else
+ 			goto end;
+ #endif