summaryrefslogtreecommitdiff
path: root/x11/wxGTK28
diff options
context:
space:
mode:
authordrochner <drochner@pkgsrc.org>2009-08-01 14:03:19 +0000
committerdrochner <drochner@pkgsrc.org>2009-08-01 14:03:19 +0000
commit13cde9924379354cabc779b0b7a1af139c2eaa6b (patch)
tree3119c4954f30dec43f732f59ce36eb4d3a0cc626 /x11/wxGTK28
parentec7cdb728962ab6a507431515e694094278b89b7 (diff)
downloadpkgsrc-13cde9924379354cabc779b0b7a1af139c2eaa6b.tar.gz
add patches from upstream to fix a double free() and an integer overflow
(http://secunia.com/advisories/35292/) bump PKGREVISION
Diffstat (limited to 'x11/wxGTK28')
-rw-r--r--x11/wxGTK28/Makefile4
-rw-r--r--x11/wxGTK28/distinfo4
-rw-r--r--x11/wxGTK28/patches/patch-ba26
-rw-r--r--x11/wxGTK28/patches/patch-bb35
4 files changed, 67 insertions, 2 deletions
diff --git a/x11/wxGTK28/Makefile b/x11/wxGTK28/Makefile
index 170d6bdfd68..52f5aa73390 100644
--- a/x11/wxGTK28/Makefile
+++ b/x11/wxGTK28/Makefile
@@ -1,8 +1,10 @@
-# $NetBSD: Makefile,v 1.3 2009/03/23 00:38:55 joerg Exp $
+# $NetBSD: Makefile,v 1.4 2009/08/01 14:03:19 drochner Exp $
#
.include "../../x11/wxGTK28/Makefile.common"
+PKGREVISION= 1
+
PKGNAME= ${DISTNAME:S/wxGTK/wxGTK28/}
COMMENT= GTK-based implementation of the wxWidgets GUI library
diff --git a/x11/wxGTK28/distinfo b/x11/wxGTK28/distinfo
index 81ec27cba43..04a75d25648 100644
--- a/x11/wxGTK28/distinfo
+++ b/x11/wxGTK28/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2009/05/15 07:08:59 adam Exp $
+$NetBSD: distinfo,v 1.5 2009/08/01 14:03:19 drochner Exp $
SHA1 (wxGTK-2.8.10-libtool.diff.bz2) = 62ff30c26efdd73252bed2d07b82a9b9d3ef890f
RMD160 (wxGTK-2.8.10-libtool.diff.bz2) = 64e1c32caa4bd6a0503bce4764e3ddc1cba68f8a
@@ -9,3 +9,5 @@ Size (wxGTK-2.8.10.tar.bz2) = 9365627 bytes
SHA1 (patch-aa) = 1a30c79f07ea8ea5dff02fad9b5e1ba8dadde01a
SHA1 (patch-ab) = 82960daef0616824718f3c04929871aeb0e258a2
SHA1 (patch-ac) = 50cf253797f2dee8b9dab08d138d0070e25e7a8c
+SHA1 (patch-ba) = e47f8613835ce309daff09ae3265d44f37493579
+SHA1 (patch-bb) = 52df734a1df364dc5599a2b9252a15b87cae13b1
diff --git a/x11/wxGTK28/patches/patch-ba b/x11/wxGTK28/patches/patch-ba
new file mode 100644
index 00000000000..2b1b0022d01
--- /dev/null
+++ b/x11/wxGTK28/patches/patch-ba
@@ -0,0 +1,26 @@
+$NetBSD: patch-ba,v 1.1 2009/08/01 14:03:19 drochner Exp $
+
+--- src/common/imagpng.cpp.orig 2009-03-06 13:17:40.000000000 +0100
++++ src/common/imagpng.cpp
+@@ -568,18 +568,16 @@ wxPNGHandler::LoadFile(wxImage *image,
+ if (!image->Ok())
+ goto error;
+
+- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
++ // initialize all line pointers to NULL to ensure that they can be safely
++ // free()d if an error occurs before all of them could be allocated
++ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
+ if ( !lines )
+ goto error;
+
+ for (i = 0; i < height; i++)
+ {
+ if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
+- {
+- for ( unsigned int n = 0; n < i; n++ )
+- free( lines[n] );
+ goto error;
+- }
+ }
+
+ png_read_image( png_ptr, lines );
diff --git a/x11/wxGTK28/patches/patch-bb b/x11/wxGTK28/patches/patch-bb
new file mode 100644
index 00000000000..68753862039
--- /dev/null
+++ b/x11/wxGTK28/patches/patch-bb
@@ -0,0 +1,35 @@
+$NetBSD: patch-bb,v 1.1 2009/08/01 14:03:19 drochner Exp $
+
+--- src/common/imagtiff.cpp.orig 2009-03-06 13:17:40.000000000 +0100
++++ src/common/imagtiff.cpp
+@@ -261,7 +261,6 @@ bool wxTIFFHandler::LoadFile( wxImage *i
+ }
+
+ uint32 w, h;
+- uint32 npixels;
+ uint32 *raster;
+
+ TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
+@@ -275,9 +274,20 @@ bool wxTIFFHandler::LoadFile( wxImage *i
+ (samplesInfo[0] == EXTRASAMPLE_ASSOCALPHA ||
+ samplesInfo[0] == EXTRASAMPLE_UNASSALPHA));
+
+- npixels = w * h;
++ // guard against integer overflow during multiplication which could result
++ // in allocating a too small buffer and then overflowing it
++ const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
++ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
++ {
++ if ( verbose )
++ wxLogError( _("TIFF: Image size is abnormally big.") );
++
++ TIFFClose(tif);
++
++ return false;
++ }
+
+- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
++ raster = (uint32*) _TIFFmalloc( bytesNeeded );
+
+ if (!raster)
+ {