f22fcf7b70
Tested in a bulk build by (thanks!) and ok sthen@ jasper@. Diff looks alright to steven@.
30 lines
1.1 KiB
Plaintext
30 lines
1.1 KiB
Plaintext
$OpenBSD: patch-src_common_imagpng_cpp,v 1.2 2009/09/10 21:23:28 landry Exp $
|
|
|
|
Security fix for part 1 or SA35292 (wxWidgets Double Free Vulnerability).
|
|
Patch from upstream svn -r60875.
|
|
|
|
--- src/common/imagpng.cpp.orig Fri Mar 6 13:10:56 2009
|
|
+++ src/common/imagpng.cpp Fri Sep 4 23:57:40 2009
|
|
@@ -568,18 +568,16 @@ wxPNGHandler::LoadFile(wxImage *image,
|
|
if (!image->Ok())
|
|
goto error;
|
|
|
|
- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
|
|
+ // initialize all line pointers to NULL to ensure that they can be safely
|
|
+ // free()d if an error occurs before all of them could be allocated
|
|
+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
|
|
if ( !lines )
|
|
goto error;
|
|
|
|
for (i = 0; i < height; i++)
|
|
{
|
|
if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
|
|
- {
|
|
- for ( unsigned int n = 0; n < i; n++ )
|
|
- free( lines[n] );
|
|
goto error;
|
|
- }
|
|
}
|
|
|
|
png_read_image( png_ptr, lines );
|