diff options
| author | Dirk Meyer <dinoex@FreeBSD.org> | 2012-02-17 14:26:02 +0000 |
|---|---|---|
| committer | Dirk Meyer <dinoex@FreeBSD.org> | 2012-02-17 14:26:02 +0000 |
| commit | 9fc776f5990c1f4c6d472e9587e357773f7fd1c8 (patch) | |
| tree | f272ea3e15579805eaddc2a9ce7e7bcd6ec09533 /graphics/png | |
| parent | fa2545d1b21807444fd2c124b6cd166409d70626 (diff) | |
| download | ports-9fc776f5990c1f4c6d472e9587e357773f7fd1c8.tar.gz ports-9fc776f5990c1f4c6d472e9587e357773f7fd1c8.zip | |
- Security patch
Security: CVE-2011-3026
Obtained from: Debian
Notes
Notes:
svn path=/head/; revision=291575
Diffstat (limited to 'graphics/png')
| -rw-r--r-- | graphics/png/Makefile | 1 | ||||
| -rw-r--r-- | graphics/png/files/patch-pngrutil.c | 20 |
2 files changed, 21 insertions, 0 deletions
diff --git a/graphics/png/Makefile b/graphics/png/Makefile index 63af3dc525be..bd8456327e00 100644 --- a/graphics/png/Makefile +++ b/graphics/png/Makefile @@ -7,6 +7,7 @@ PORTNAME= png PORTVERSION= 1.4.8 +PORTREVISION= 1 CATEGORIES= graphics MASTER_SITES= SF/lib${PORTNAME}/lib${PORTNAME}14/${PORTVERSION} DISTNAME= lib${PORTNAME}-${PORTVERSION} diff --git a/graphics/png/files/patch-pngrutil.c b/graphics/png/files/patch-pngrutil.c new file mode 100644 index 000000000000..677cbfd3919b --- /dev/null +++ b/graphics/png/files/patch-pngrutil.c @@ -0,0 +1,20 @@ +---pngrutil.c.orig 2012/02/10 19:43:42 121491 ++++ pngrutil.c 2012/02/10 19:45:46 121492 +@@ -363,8 +363,15 @@ + { + /* Success (maybe) - really uncompress the chunk. */ + png_size_t new_size = 0; +- png_charp text = png_malloc_warn(png_ptr, +- prefix_size + expanded_size + 1); ++ png_charp text = NULL; ++ /* Need to check for both truncation (64-bit platforms) and integer ++ * overflow. ++ */ ++ if (prefix_size + expanded_size > prefix_size && ++ prefix_size + expanded_size < 0xffffffffU) ++ { ++ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1); ++ } + + if (text != NULL) + { |