/[packages]/cauldron/graphicsmagick/current/SOURCES/GraphicsMagick-1.3.16-CVE-2012-3438.patch
ViewVC logotype

Contents of /cauldron/graphicsmagick/current/SOURCES/GraphicsMagick-1.3.16-CVE-2012-3438.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 289832 - (show annotations) (download)
Sat Sep 8 02:17:15 2012 UTC (8 years, 6 months ago) by luigiwalser
File size: 2540 byte(s)
add upstream patch to fix CVE-2012-3438
1
2 # HG changeset patch
3 # User Glenn Randers-Pehrson <glennrp@simple...>
4 # Date 1343491548 18000
5 # Node ID d6e469d02cd260b6531e86a8a6c8a5a2b9ff51cb
6 # Parent fe9e2eb655ce8b85abfd9b88d20a8a1648ad71e7
7 coders/png.c: Some typecasts were inconsistent with libpng-1.4 and later.
8
9 diff -r fe9e2eb655ce -r d6e469d02cd2 coders/png.c
10 --- a/coders/png.c Thu Jul 26 20:24:26 2012 -0500
11 +++ b/coders/png.c Sat Jul 28 11:05:48 2012 -0500
12 @@ -1360,7 +1360,11 @@
13 }
14
15 #ifdef PNG_USER_MEM_SUPPORTED
16 -static png_voidp png_IM_malloc(png_structp png_ptr,png_uint_32 size)
17 +#if PNG_LIBPNG_VER >= 14000
18 +static png_voidp png_IM_malloc(png_structp png_ptr,png_alloc_size_t size)
19 +#else
20 +static png_voidp png_IM_malloc(png_structp png_ptr,png_size_t size)
21 +#endif
22 {
23 (void) png_ptr;
24 return MagickAllocateMemory(png_voidp,(size_t) size);
25 @@ -6169,12 +6173,22 @@
26 (void) printf("writing raw profile: type=%.1024s, length=%lu\n",
27 profile_type, (unsigned long)length);
28 }
29 - text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
30 +#if PNG_LIBPNG_VER >= 14000
31 + text=(png_textp) png_malloc(ping,(png_alloc_size_t) sizeof(png_text));
32 +#else
33 + text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
34 +#endif
35 description_length=strlen((const char *) profile_description);
36 allocated_length=(png_uint_32) (length*2 + (length >> 5) + 20
37 + description_length);
38 - text[0].text=(png_charp) png_malloc(ping,allocated_length);
39 - text[0].key=(png_charp) png_malloc(ping, (png_uint_32) 80);
40 +#if PNG_LIBPNG_VER >= 14000
41 + text[0].text=(png_charp) png_malloc(ping,
42 + (png_alloc_size_t) allocated_length);
43 + text[0].key=(png_charp) png_malloc(ping, (png_alloc_size_t) 80);
44 +#else
45 + text[0].text=(png_charp) png_malloc(ping, (png_size_t) allocated_length);
46 + text[0].key=(png_charp) png_malloc(ping, (png_size_t) 80);
47 +#endif
48 text[0].key[0]='\0';
49 (void) strcat(text[0].key, "Raw profile type ");
50 (void) strncat(text[0].key, (const char *) profile_type, 61);
51 @@ -7620,7 +7634,12 @@
52
53 if (*attribute->key == '[')
54 continue;
55 - text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
56 +#if PNG_LIBPNG_VER >= 14000
57 + text=(png_textp) png_malloc(ping,
58 + (png_alloc_size_t) sizeof(png_text));
59 +#else
60 + text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
61 +#endif
62 text[0].key=attribute->key;
63 text[0].text=attribute->value;
64 text[0].text_length=strlen(attribute->value);
65

  ViewVC Help
Powered by ViewVC 1.1.28