diff options
| author | fredb <fredb> | 2002-12-19 21:25:09 +0000 |
|---|---|---|
| committer | fredb <fredb> | 2002-12-19 21:25:09 +0000 |
| commit | c3a3d90574408272754f3d06da918b5ffc766034 (patch) | |
| tree | a40c6d14dd96d19b3a84817bcb495f785a4a38f3 /graphics/png | |
| parent | 34b747e7561b6bd7e4d9179865d4cbcfe6e83a24 (diff) | |
| download | pkgsrc-c3a3d90574408272754f3d06da918b5ffc766034.tar.gz | |
Fix a buffer overrun in png_do_read_filler() with 16-bit samples, as
reported to the png-implement mailing list by Glenn Randers-Pehrson:
ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212
[Glenn Randers-Pehrson is the original author and chief maintainer of
libpng.]
From the discussion in the archive, it appears to be unlikely that the
bug could be exploited by a malicious web-server, chiefly because the
operation that triggers it is more likely to be carried out by an image
manipulation program (i.e. pngcrush), than by a web browser.
Diffstat (limited to 'graphics/png')
| -rw-r--r-- | graphics/png/Makefile | 3 | ||||
| -rw-r--r-- | graphics/png/distinfo | 3 | ||||
| -rw-r--r-- | graphics/png/patches/patch-ac | 26 |
3 files changed, 30 insertions, 2 deletions
diff --git a/graphics/png/Makefile b/graphics/png/Makefile index ccdb7128913..9ee5fb8bc3d 100644 --- a/graphics/png/Makefile +++ b/graphics/png/Makefile @@ -1,9 +1,10 @@ -# $NetBSD: Makefile,v 1.44 2002/11/06 21:30:20 fredb Exp $ +# $NetBSD: Makefile,v 1.45 2002/12/19 21:25:09 fredb Exp $ # On update, don't forget to increase shared library major/minor's in # accordance with changes (patch-aa). DISTNAME= libpng-1.2.5 PKGNAME= ${DISTNAME:S/lib//} +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} \ http://www.libpng.org/pub/png/src/ \ diff --git a/graphics/png/distinfo b/graphics/png/distinfo index e9f789e66b6..c17be0fdc8e 100644 --- a/graphics/png/distinfo +++ b/graphics/png/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.11 2002/11/06 21:30:20 fredb Exp $ +$NetBSD: distinfo,v 1.12 2002/12/19 21:25:09 fredb Exp $ SHA1 (libpng-1.2.5.tar.bz2) = 6752eaf1a604edbbb0149b781155ef9cb47d80c3 Size (libpng-1.2.5.tar.bz2) = 378030 bytes SHA1 (patch-aa) = 6cc8354eccd61a4355d64ca456dc950f379701ad SHA1 (patch-ab) = be7dc4a3e21c0056a913c5f1488528558024e6ea +SHA1 (patch-ac) = 4ed570271a509747d300d38207b08e07f1adff3d diff --git a/graphics/png/patches/patch-ac b/graphics/png/patches/patch-ac new file mode 100644 index 00000000000..5a5ad4a364d --- /dev/null +++ b/graphics/png/patches/patch-ac @@ -0,0 +1,26 @@ +$NetBSD: patch-ac,v 1.1 2002/12/19 21:25:10 fredb Exp $ + +--- pngrtran.c.orig Thu Oct 3 06:32:29 2002 ++++ pngrtran.c +@@ -1965,8 +1965,8 @@ png_do_read_filler(png_row_infop row_inf + /* This changes the data from RRGGBB to RRGGBBXX */ + if (flags & PNG_FLAG_FILLER_AFTER) + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 1; i < row_width; i++) + { + *(--dp) = hi_filler; +@@ -1987,8 +1987,8 @@ png_do_read_filler(png_row_infop row_inf + /* This changes the data from RRGGBB to XXRRGGBB */ + else + { +- png_bytep sp = row + (png_size_t)row_width * 3; +- png_bytep dp = sp + (png_size_t)row_width; ++ png_bytep sp = row + (png_size_t)row_width * 6; ++ png_bytep dp = sp + (png_size_t)row_width * 2; + for (i = 0; i < row_width; i++) + { + *(--dp) = *(--sp); |