47 lines
1.6 KiB
Text
47 lines
1.6 KiB
Text
$NetBSD: patch-ao,v 1.2 2011/01/24 09:38:13 wiz Exp $
|
|
|
|
Fix build with png-1.5.
|
|
deal with CVE-2009-2369.
|
|
|
|
--- src/common/imagpng.cpp.orig 2003-09-21 11:31:39.000000000 +0000
|
|
+++ src/common/imagpng.cpp
|
|
@@ -167,7 +167,7 @@ bool wxPNGHandler::LoadFile( wxImage *im
|
|
image->Destroy();
|
|
|
|
png_structp png_ptr = png_create_read_struct( PNG_LIBPNG_VER_STRING,
|
|
- (voidp) NULL,
|
|
+ NULL,
|
|
(png_error_ptr) NULL,
|
|
(png_error_ptr) NULL );
|
|
if (!png_ptr)
|
|
@@ -186,7 +186,7 @@ bool wxPNGHandler::LoadFile( wxImage *im
|
|
if (setjmp(wxinfo.jmpbuf))
|
|
goto error_nolines;
|
|
|
|
- if (info_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
|
|
+ if (png_get_color_type( png_ptr, info_ptr ) == PNG_COLOR_TYPE_RGB_ALPHA)
|
|
goto error_nolines;
|
|
|
|
png_uint_32 width,height;
|
|
@@ -213,18 +213,16 @@ bool wxPNGHandler::LoadFile( wxImage *im
|
|
if (!image->Ok())
|
|
goto error_nolines;
|
|
|
|
- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
|
|
+ // initialize all line pointers to NULL to ensure that they can be safely
|
|
+ // free()d if an error occurs before all of them could be allocated
|
|
+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
|
|
if (lines == NULL)
|
|
goto error_nolines;
|
|
|
|
for (i = 0; i < height; i++)
|
|
{
|
|
if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
|
|
- {
|
|
- for ( unsigned int n = 0; n < i; n++ )
|
|
- free( lines[n] );
|
|
goto error;
|
|
- }
|
|
}
|
|
|
|
// loaded successfully!
|