diff options
author | drochner <drochner@pkgsrc.org> | 2009-08-01 14:03:19 +0000 |
---|---|---|
committer | drochner <drochner@pkgsrc.org> | 2009-08-01 14:03:19 +0000 |
commit | 13cde9924379354cabc779b0b7a1af139c2eaa6b (patch) | |
tree | 3119c4954f30dec43f732f59ce36eb4d3a0cc626 /x11/wxGTK28 | |
parent | ec7cdb728962ab6a507431515e694094278b89b7 (diff) | |
download | pkgsrc-13cde9924379354cabc779b0b7a1af139c2eaa6b.tar.gz |
add patches from upstream to fix a double free() and an integer overflow
(http://secunia.com/advisories/35292/)
bump PKGREVISION
Diffstat (limited to 'x11/wxGTK28')
-rw-r--r-- | x11/wxGTK28/Makefile | 4 | ||||
-rw-r--r-- | x11/wxGTK28/distinfo | 4 | ||||
-rw-r--r-- | x11/wxGTK28/patches/patch-ba | 26 | ||||
-rw-r--r-- | x11/wxGTK28/patches/patch-bb | 35 |
4 files changed, 67 insertions, 2 deletions
diff --git a/x11/wxGTK28/Makefile b/x11/wxGTK28/Makefile index 170d6bdfd68..52f5aa73390 100644 --- a/x11/wxGTK28/Makefile +++ b/x11/wxGTK28/Makefile @@ -1,8 +1,10 @@ -# $NetBSD: Makefile,v 1.3 2009/03/23 00:38:55 joerg Exp $ +# $NetBSD: Makefile,v 1.4 2009/08/01 14:03:19 drochner Exp $ # .include "../../x11/wxGTK28/Makefile.common" +PKGREVISION= 1 + PKGNAME= ${DISTNAME:S/wxGTK/wxGTK28/} COMMENT= GTK-based implementation of the wxWidgets GUI library diff --git a/x11/wxGTK28/distinfo b/x11/wxGTK28/distinfo index 81ec27cba43..04a75d25648 100644 --- a/x11/wxGTK28/distinfo +++ b/x11/wxGTK28/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.4 2009/05/15 07:08:59 adam Exp $ +$NetBSD: distinfo,v 1.5 2009/08/01 14:03:19 drochner Exp $ SHA1 (wxGTK-2.8.10-libtool.diff.bz2) = 62ff30c26efdd73252bed2d07b82a9b9d3ef890f RMD160 (wxGTK-2.8.10-libtool.diff.bz2) = 64e1c32caa4bd6a0503bce4764e3ddc1cba68f8a @@ -9,3 +9,5 @@ Size (wxGTK-2.8.10.tar.bz2) = 9365627 bytes SHA1 (patch-aa) = 1a30c79f07ea8ea5dff02fad9b5e1ba8dadde01a SHA1 (patch-ab) = 82960daef0616824718f3c04929871aeb0e258a2 SHA1 (patch-ac) = 50cf253797f2dee8b9dab08d138d0070e25e7a8c +SHA1 (patch-ba) = e47f8613835ce309daff09ae3265d44f37493579 +SHA1 (patch-bb) = 52df734a1df364dc5599a2b9252a15b87cae13b1 diff --git a/x11/wxGTK28/patches/patch-ba b/x11/wxGTK28/patches/patch-ba new file mode 100644 index 00000000000..2b1b0022d01 --- /dev/null +++ b/x11/wxGTK28/patches/patch-ba @@ -0,0 +1,26 @@ +$NetBSD: patch-ba,v 1.1 2009/08/01 14:03:19 drochner Exp $ + +--- src/common/imagpng.cpp.orig 2009-03-06 13:17:40.000000000 +0100 ++++ src/common/imagpng.cpp +@@ -568,18 +568,16 @@ wxPNGHandler::LoadFile(wxImage *image, + if (!image->Ok()) + goto error; + +- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) ); ++ // initialize all line pointers to NULL to ensure that they can be safely ++ // free()d if an error occurs before all of them could be allocated ++ lines = (unsigned char **)calloc(height, sizeof(unsigned char *)); + if ( !lines ) + goto error; + + for (i = 0; i < height; i++) + { + if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL) +- { +- for ( unsigned int n = 0; n < i; n++ ) +- free( lines[n] ); + goto error; +- } + } + + png_read_image( png_ptr, lines ); diff --git a/x11/wxGTK28/patches/patch-bb b/x11/wxGTK28/patches/patch-bb new file mode 100644 index 00000000000..68753862039 --- /dev/null +++ b/x11/wxGTK28/patches/patch-bb @@ -0,0 +1,35 @@ +$NetBSD: patch-bb,v 1.1 2009/08/01 14:03:19 drochner Exp $ + +--- src/common/imagtiff.cpp.orig 2009-03-06 13:17:40.000000000 +0100 ++++ src/common/imagtiff.cpp +@@ -261,7 +261,6 @@ bool wxTIFFHandler::LoadFile( wxImage *i + } + + uint32 w, h; +- uint32 npixels; + uint32 *raster; + + TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w ); +@@ -275,9 +274,20 @@ bool wxTIFFHandler::LoadFile( wxImage *i + (samplesInfo[0] == EXTRASAMPLE_ASSOCALPHA || + samplesInfo[0] == EXTRASAMPLE_UNASSALPHA)); + +- npixels = w * h; ++ // guard against integer overflow during multiplication which could result ++ // in allocating a too small buffer and then overflowing it ++ const double bytesNeeded = (double)w * (double)h * sizeof(uint32); ++ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ ) ++ { ++ if ( verbose ) ++ wxLogError( _("TIFF: Image size is abnormally big.") ); ++ ++ TIFFClose(tif); ++ ++ return false; ++ } + +- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) ); ++ raster = (uint32*) _TIFFmalloc( bytesNeeded ); + + if (!raster) + { |