Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 302317 Details for
Bug 404197
<media-libs/libpng-{1.2.47,1.5.9}: libpng "png_decompress_chunk()" Integer Overflow Vulnerability (CVE-2011-3026)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix from mozilla.org
patch-from-firefox.patch (text/plain), 893 bytes, created by
Torsten Kaiser
on 2012-02-18 09:35:08 UTC
(
hide
)
Description:
Fix from mozilla.org
Filename:
MIME Type:
Creator:
Torsten Kaiser
Created:
2012-02-18 09:35:08 UTC
Size:
893 bytes
patch
obsolete
>diff -ur firefox-10.0.1/media/libpng/pngrutil.c firefox-10.0.2/media/libpng/pngrutil.c >--- firefox-10.0.1/media/libpng/pngrutil.c 2012-02-08 15:16:36.000000000 +0100 >+++ firefox-10.0.2/media/libpng/pngrutil.c 2012-02-16 07:40:46.000000000 +0100 >@@ -401,8 +401,15 @@ > { > /* Success (maybe) - really uncompress the chunk. */ > png_size_t new_size = 0; >- png_charp text = png_malloc_warn(png_ptr, >- prefix_size + expanded_size + 1); >+ png_charp text = NULL; >+ /* Need to check for both truncation (64-bit platforms) and integer >+ * overflow. >+ */ >+ if (prefix_size + expanded_size > prefix_size && >+ prefix_size + expanded_size < 0xffffffffU) >+ { >+ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1); >+ } > > if (text != NULL) > {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=302317">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 404197
: 302317
