Fix for CAN-2004-0421:
Steve Grubb reports a buffer read overrun in libpng's png_format_buffer function. A specially constructed PNG image processed by an application using libpng may trigger the buffer read overrun and possibly result in an application crash. ok brad@
This commit is contained in:
parent
c7f4eb31b7
commit
f0431b4d0c
@ -1,9 +1,9 @@
|
||||
# $OpenBSD: Makefile,v 1.44 2004/02/24 23:18:57 brad Exp $
|
||||
# $OpenBSD: Makefile,v 1.45 2004/05/03 05:13:04 robert Exp $
|
||||
|
||||
COMMENT= "library for manipulating PNG images"
|
||||
|
||||
DISTNAME= libpng-1.2.5
|
||||
PKGNAME= ${DISTNAME:S/lib//}p2
|
||||
PKGNAME= ${DISTNAME:S/lib//}p3
|
||||
CATEGORIES= graphics
|
||||
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=libpng/}
|
||||
|
||||
|
20
graphics/png/patches/patch-pngerror_c
Normal file
20
graphics/png/patches/patch-pngerror_c
Normal file
@ -0,0 +1,20 @@
|
||||
$OpenBSD: patch-pngerror_c,v 1.1 2004/05/03 05:13:04 robert Exp $
|
||||
--- pngerror.c.orig Sun May 2 22:47:58 2004
|
||||
+++ pngerror.c Sun May 2 22:49:36 2004
|
||||
@@ -135,10 +135,14 @@
|
||||
buffer[iout] = 0;
|
||||
else
|
||||
{
|
||||
+ int len = strlen(error_message);
|
||||
+
|
||||
+ if (len > 64)
|
||||
+ len = 64;
|
||||
buffer[iout++] = ':';
|
||||
buffer[iout++] = ' ';
|
||||
- png_memcpy(buffer+iout, error_message, 64);
|
||||
- buffer[iout+63] = 0;
|
||||
+ png_memcpy(buffer+iout, error_message, len);
|
||||
+ buffer[iout+len-1] = 0;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user