summaryrefslogtreecommitdiff
path: root/graphics/png
diff options
context:
space:
mode:
authorfredb <fredb@pkgsrc.org>2002-12-19 21:25:09 +0000
committerfredb <fredb@pkgsrc.org>2002-12-19 21:25:09 +0000
commitef1cddb8ab59289f7f6078aac2647477c16f3682 (patch)
treea40c6d14dd96d19b3a84817bcb495f785a4a38f3 /graphics/png
parent39d32aa51005d17a05a61e307c6203960e77bd5e (diff)
downloadpkgsrc-ef1cddb8ab59289f7f6078aac2647477c16f3682.tar.gz
Fix a buffer overrun in png_do_read_filler() with 16-bit samples, as
reported to the png-implement mailing list by Glenn Randers-Pehrson: ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212 [Glenn Randers-Pehrson is the original author and chief maintainer of libpng.] From the discussion in the archive, it appears to be unlikely that the bug could be exploited by a malicious web-server, chiefly because the operation that triggers it is more likely to be carried out by an image manipulation program (i.e. pngcrush), than by a web browser.
Diffstat (limited to 'graphics/png')
-rw-r--r--graphics/png/Makefile3
-rw-r--r--graphics/png/distinfo3
-rw-r--r--graphics/png/patches/patch-ac26
3 files changed, 30 insertions, 2 deletions
diff --git a/graphics/png/Makefile b/graphics/png/Makefile
index ccdb7128913..9ee5fb8bc3d 100644
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@@ -1,9 +1,10 @@
-# $NetBSD: Makefile,v 1.44 2002/11/06 21:30:20 fredb Exp $
+# $NetBSD: Makefile,v 1.45 2002/12/19 21:25:09 fredb Exp $
# On update, don't forget to increase shared library major/minor's in
# accordance with changes (patch-aa).
DISTNAME= libpng-1.2.5
PKGNAME= ${DISTNAME:S/lib//}
+PKGREVISION= 1
CATEGORIES= graphics
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} \
http://www.libpng.org/pub/png/src/ \
diff --git a/graphics/png/distinfo b/graphics/png/distinfo
index e9f789e66b6..c17be0fdc8e 100644
--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@@ -1,6 +1,7 @@
-$NetBSD: distinfo,v 1.11 2002/11/06 21:30:20 fredb Exp $
+$NetBSD: distinfo,v 1.12 2002/12/19 21:25:09 fredb Exp $
SHA1 (libpng-1.2.5.tar.bz2) = 6752eaf1a604edbbb0149b781155ef9cb47d80c3
Size (libpng-1.2.5.tar.bz2) = 378030 bytes
SHA1 (patch-aa) = 6cc8354eccd61a4355d64ca456dc950f379701ad
SHA1 (patch-ab) = be7dc4a3e21c0056a913c5f1488528558024e6ea
+SHA1 (patch-ac) = 4ed570271a509747d300d38207b08e07f1adff3d
diff --git a/graphics/png/patches/patch-ac b/graphics/png/patches/patch-ac
new file mode 100644
index 00000000000..5a5ad4a364d
--- /dev/null
+++ b/graphics/png/patches/patch-ac
@@ -0,0 +1,26 @@
+$NetBSD: patch-ac,v 1.1 2002/12/19 21:25:10 fredb Exp $
+
+--- pngrtran.c.orig Thu Oct 3 06:32:29 2002
++++ pngrtran.c
+@@ -1965,8 +1965,8 @@ png_do_read_filler(png_row_infop row_inf
+ /* This changes the data from RRGGBB to RRGGBBXX */
+ if (flags & PNG_FLAG_FILLER_AFTER)
+ {
+- png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 6;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 1; i < row_width; i++)
+ {
+ *(--dp) = hi_filler;
+@@ -1987,8 +1987,8 @@ png_do_read_filler(png_row_infop row_inf
+ /* This changes the data from RRGGBB to XXRRGGBB */
+ else
+ {
+- png_bytep sp = row + (png_size_t)row_width * 3;
+- png_bytep dp = sp + (png_size_t)row_width;
++ png_bytep sp = row + (png_size_t)row_width * 6;
++ png_bytep dp = sp + (png_size_t)row_width * 2;
+ for (i = 0; i < row_width; i++)
+ {
+ *(--dp) = *(--sp);