diff options
| author | drochner <drochner@pkgsrc.org> | 2012-02-18 15:16:59 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2012-02-18 15:16:59 +0000 |
| commit | 63152061ecdcb4723fe18ee0b7811a1f19bb2273 (patch) | |
| tree | 8ec7e59191a06974425e22b276e98c0955a181ce /graphics | |
| parent | efd8d11be89562583d0fc4b382be5d65f2a719b1 (diff) | |
| download | pkgsrc-63152061ecdcb4723fe18ee0b7811a1f19bb2273.tar.gz | |
fix possible buffer overflow due to integer overflow in malloc()
size calculation (2011-3026), patch from Chromium via Redhat/Debian
bump PKGREV
Diffstat (limited to 'graphics')
| -rw-r--r-- | graphics/png/Makefile | 3 | ||||
| -rw-r--r-- | graphics/png/distinfo | 3 | ||||
| -rw-r--r-- | graphics/png/patches/patch-CVE-2011-3026 | 24 |
3 files changed, 28 insertions, 2 deletions
diff --git a/graphics/png/Makefile b/graphics/png/Makefile index c1c04b9b205..92836d5c5a7 100644 --- a/graphics/png/Makefile +++ b/graphics/png/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.143 2012/02/01 23:05:19 wiz Exp $ +# $NetBSD: Makefile,v 1.144 2012/02/18 15:16:59 drochner Exp $ DISTNAME= libpng-1.5.8 PKGNAME= ${DISTNAME:S/lib//} +PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/} \ ftp://ftp.fu-berlin.de/unix/graphics/png/src/ diff --git a/graphics/png/distinfo b/graphics/png/distinfo index e5907893168..f428bb7c298 100644 --- a/graphics/png/distinfo +++ b/graphics/png/distinfo @@ -1,6 +1,7 @@ -$NetBSD: distinfo,v 1.90 2012/02/01 23:05:19 wiz Exp $ +$NetBSD: distinfo,v 1.91 2012/02/18 15:16:59 drochner Exp $ SHA1 (libpng-1.5.8.tar.bz2) = 46fdc2ab3fef9cf0949b1d7374cda9ea37ed5419 RMD160 (libpng-1.5.8.tar.bz2) = 643ef6a0720e51a1dc326971db35846d02bbca10 Size (libpng-1.5.8.tar.bz2) = 865525 bytes +SHA1 (patch-CVE-2011-3026) = d91733f3d3a7305eb530c7bc37955231bfda9a21 SHA1 (patch-aa) = aaf79ebb8a18448c096c17ae9b02da02bc537db2 diff --git a/graphics/png/patches/patch-CVE-2011-3026 b/graphics/png/patches/patch-CVE-2011-3026 new file mode 100644 index 00000000000..513e6fc2543 --- /dev/null +++ b/graphics/png/patches/patch-CVE-2011-3026 @@ -0,0 +1,24 @@ +$NetBSD: patch-CVE-2011-3026,v 1.1 2012/02/18 15:16:59 drochner Exp $ + +from chromium rev.121492 + +--- pngrutil.c.orig 2012-02-01 05:00:34.000000000 +0000 ++++ pngrutil.c +@@ -457,8 +457,15 @@ png_decompress_chunk(png_structp png_ptr + { + /* Success (maybe) - really uncompress the chunk. */ + png_size_t new_size = 0; +- png_charp text = (png_charp)png_malloc_warn(png_ptr, +- prefix_size + expanded_size + 1); ++ png_charp text = NULL; ++ /* Need to check for both truncation (64-bit platforms) and integer ++ * overflow. ++ */ ++ if (prefix_size + expanded_size > prefix_size && ++ prefix_size + expanded_size < 0xffffffffU) ++ { ++ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1); ++ } + + if (text != NULL) + { |