/[packages]/updates/6/advancecomp/current/SOURCES/advancecomp-2.1-git-png-overread.patch
ViewVC logotype

Contents of /updates/6/advancecomp/current/SOURCES/advancecomp-2.1-git-png-overread.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1379787 - (show annotations) (download)
Sat Mar 23 13:12:43 2019 UTC (16 months, 2 weeks ago) by danf
File size: 814 byte(s)
Fixed a buffer over-read on malformed PNG files (bug #24535)
1 Portions of the patch not actually fixing the bug were removed.
2
3 From fcf71a89265c78fc26243574dda3a872574a5c02 Mon Sep 17 00:00:00 2001
4 From: Andrea Mazzoleni <amadvance@gmail.com>
5 Date: Fri, 1 Mar 2019 20:40:25 +0100
6 Subject: [PATCH] Fix a buffer overflow with image of invalid size
7
8 ---
9 doc/history.d | 4 ++-- (removed)
10 lib/png.c | 5 +++++
11 2 files changed, 7 insertions(+), 2 deletions(-)
12
13 diff --git a/lib/png.c b/lib/png.c
14 index cbf140b..f888a28 100644
15 --- a/lib/png.c
16 +++ b/lib/png.c
17 @@ -656,6 +656,11 @@ adv_error adv_png_read_ihdr(
18 }
19 *pix_pixel = pixel;
20
21 + if (width_align < width) {
22 + error_unsupported_set("Invalid image size");
23 + goto err;
24 + }
25 +
26 if (data[10] != 0) { /* compression */
27 error_unsupported_set("Unsupported compression, %d instead of 0", (unsigned)data[10]);
28 goto err;

  ViewVC Help
Powered by ViewVC 1.1.28