Summary: | media-libs/libpng memleaks on certain pngs | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | torindel |
Component: | [OLD] Library | Assignee: | Gentoo's Team for Core System packages <base-system> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | Normal | ||
Version: | 2006.1 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
Patch for libpng-1.2.13 and 1.2.14
libpng 1.2.14 vs 1.2.15rc5 diff |
Description
torindel
2006-12-27 08:13:22 UTC
Created attachment 104809 [details, diff]
Patch for libpng-1.2.13 and 1.2.14
where did this patch come from ? This was my patch i sent it to current libpng maintainer too. Heres reply i got: from glennrp@comcast.net <glennrp@comcast.net> to torindel <torindel@gmail.com> date Dec 27, 2006 5:39 PM subject Re: libpng memleak mailed-by comcast.net Already fixed in libpng-1.2.15rc4 We didn't change the type of embedded_profile_len but did add the (png_byte) typecasting. Please see if rc4 works for you. GLenn -------------- Original message ---------------------- From: torindel <torindel@gmail.com> > Hey, > on amd64 with certain png files png_write_iCCP tryies to malloc about > 2^64 +/- 128 bytes because of unspecified variable types where | > operates signed values and produces negative value, heres patch vs > 1.2.14: > > --- > pngwutil.c.orig 2006-11-28 17:25:59.000000000 +0100 > +++ pngwutil.c 2006-12-27 15:47:53.000000000 +0100 > @@ -733,7 +733,7 @@ png_write_iCCP(png_structp png_ptr, png_ > png_size_t name_len; > png_charp new_name; > > compression_state comp; > - int embedded_profile_len = 0; > + unsigned int embedded_profile_len = 0; > > png_debug(1, "in png_write_iCCP\n"); > > @@ -757,8 +757,8 @@ png_write_iCCP(png_structp png_ptr, png_ > > profile_len = 0; > > if (profile_len > 3) > - embedded_profile_len = ((*(profile ))<<24) | ((*(profile+1))<<16) | > - ((*(profile+2))<< 8) | ((*(profile+3)) ); > > + embedded_profile_len = (((png_byte)(*(profile)))<<24) | > (((png_byte)(*(profile+1)))<<16) | > + (((png_byte)(*(profile+2)))<< 8) | ((png_byte)(*(profile+3))); > > if (profile_len < embedded_profile_len) > > { Solution would be either masking everything pre libpng-1.2.15rc4 in portage or applying my patch to above. This bug appears even during normal emerges (making docs) or during normal work with apps using libpng. eg.: imagemagick was emerged vs broken libpng and you start emergeing gimp-help with USE="imagemagick". Result? convert from imagemagick ebuild either segfaults or memleaks while emerge. yeah, masking versions doesnt make any sense at all Created attachment 105035 [details, diff]
libpng 1.2.14 vs 1.2.15rc5 diff
fixed in 1.2.14-r1 fix it in 1.2.13 and 1.2.12 too no |