28 lines
965 B
Text
28 lines
965 B
Text
$NetBSD: patch-ba,v 1.2 2010/02/16 17:38:14 taca Exp $
|
|
|
|
deal with CVE-2009-2369.
|
|
|
|
--- src/common/imagpng.cpp.orig 2009-03-06 13:17:40.000000000 +0100
|
|
+++ src/common/imagpng.cpp
|
|
@@ -568,18 +568,16 @@ wxPNGHandler::LoadFile(wxImage *image,
|
|
if (!image->Ok())
|
|
goto error;
|
|
|
|
- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
|
|
+ // initialize all line pointers to NULL to ensure that they can be safely
|
|
+ // free()d if an error occurs before all of them could be allocated
|
|
+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
|
|
if ( !lines )
|
|
goto error;
|
|
|
|
for (i = 0; i < height; i++)
|
|
{
|
|
if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
|
|
- {
|
|
- for ( unsigned int n = 0; n < i; n++ )
|
|
- free( lines[n] );
|
|
goto error;
|
|
- }
|
|
}
|
|
|
|
png_read_image( png_ptr, lines );
|