Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 170150 Details for
Bug 244808
media-libs/libpng <1.2.33 "png_handle_tEXt()" Memory Leak Vulnerability (CVE-2008-6218)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
libpng-1.2.33rc02-1.2.33rc01.patch
libpng-1.2.33rc02-1.2.33rc01.patch (text/plain), 3.29 KB, created by
Robert Buchholz (RETIRED)
on 2008-10-28 19:39:06 UTC
(
hide
)
Description:
libpng-1.2.33rc02-1.2.33rc01.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-10-28 19:39:06 UTC
Size:
3.29 KB
patch
obsolete
>diff -u libpng-1.2.33rc01/example.c libpng-1.2.33rc02/example.c >--- libpng-1.2.33rc01/example.c 2008-10-15 11:07:47.987973956 -0500 >+++ libpng-1.2.33rc02/example.c 2008-10-23 16:52:12.317552567 -0500 >@@ -2,7 +2,7 @@ > #if 0 /* in case someone actually tries to compile this */ > > /* example.c - an example of using libpng >- * Last changed in libpng 1.2.33 [October 15, 2008] >+ * Last changed in libpng 1.2.33 [October 23, 2008] > * This file has been placed in the public domain by the authors. > * Maintained 1998-2008 Glenn Randers-Pehrson > * Maintained 1996, 1997 Andreas Dilger) >diff -u libpng-1.2.33rc01/png.h libpng-1.2.33rc02/png.h >--- libpng-1.2.33rc01/png.h 2008-10-15 11:07:47.972126307 -0500 >+++ libpng-1.2.33rc02/png.h 2008-10-23 16:52:12.302030344 -0500 >@@ -208,6 +208,7 @@ > * 1.0.40 10 10040 10.so.0.40[.0] > * 1.2.32 13 10232 12.so.0.32[.0] > * 1.2.33beta01-02 13 10233 12.so.0.33[.0] >+ * 1.2.33rc01-02 13 10233 12.so.0.33[.0] > * > * Henceforth the source version will match the shared-library major > * and minor numbers; the shared-library major version number will be >only in patch2: >unchanged: >--- libpng-1.2.32/pngrutil.c 2008-09-18 04:48:01.842178854 -0500 >+++ libpng-1.2.33rc02/pngrutil.c 2008-10-23 16:52:12.394086698 -0500 >@@ -1,8 +1,8 @@ > > /* pngrutil.c - utilities to read a PNG file > * >- * Last changed in libpng 1.2.31 [August 19, 2008] >+ * Last changed in libpng 1.2.33 [October 23, 2008] > * For conditions of distribution and use, see copyright notice in png.h > * Copyright (c) 1998-2008 Glenn Randers-Pehrson > * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) > * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) >@@ -1939,23 +1939,26 @@ > length = (png_uint_32)65535L; > } > #endif > >- key = (png_charp)png_malloc_warn(png_ptr, length + 1); >- if (key == NULL) >+ png_free(png_ptr,png_ptr->chunkdata); >+ png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1); >+ if (png_ptr->chunkdata == NULL) > { > png_warning(png_ptr, "No memory to process text chunk."); > return; > } > slength = (png_size_t)length; >- png_crc_read(png_ptr, (png_bytep)key, slength); >+ png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); > > if (png_crc_finish(png_ptr, skip)) > { >- png_free(png_ptr, key); >+ png_free(png_ptr, png_ptr->chunkdata); >+ png_ptr->chunkdata = NULL; > return; > } > >+ key = png_ptr->chunkdata; > key[slength] = 0x00; > > for (text = key; *text; text++) > /* empty loop to find end of key */ ; >@@ -1967,9 +1970,10 @@ > (png_uint_32)png_sizeof(png_text)); > if (text_ptr == NULL) > { > png_warning(png_ptr, "Not enough memory to process text chunk."); >- png_free(png_ptr, key); >+ png_free(png_ptr, png_ptr->chunkdata); >+ png_ptr->chunkdata = NULL; > return; > } > text_ptr->compression = PNG_TEXT_COMPRESSION_NONE; > text_ptr->key = key; >@@ -1982,9 +1986,10 @@ > text_ptr->text_length = png_strlen(text); > > ret = png_set_text_2(png_ptr, info_ptr, text_ptr, 1); > >- png_free(png_ptr, key); >+ png_free(png_ptr, png_ptr->chunkdata); >+ png_ptr->chunkdata = NULL; > png_free(png_ptr, text_ptr); > if (ret) > png_warning(png_ptr, "Insufficient memory to process text chunk."); > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 244808
: 170150