Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 30918 Details for
Bug 49887
media-libs/libpng : Denial of Service vulnerability
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
files/libpng-1.0.15-gentoo.diff
libpng-1.0.15-gentoo.diff (text/plain), 2.36 KB, created by
Thierry Carrez (RETIRED)
on 2004-05-07 03:13:57 UTC
(
hide
)
Description:
files/libpng-1.0.15-gentoo.diff
Filename:
MIME Type:
Creator:
Thierry Carrez (RETIRED)
Created:
2004-05-07 03:13:57 UTC
Size:
2.36 KB
patch
obsolete
>diff -urN libpng-1.0.15-old/pngconf.h libpng-1.0.15/pngconf.h >--- libpng-1.0.15-old/pngconf.h 2002-10-03 04:13:12.000000000 -0700 >+++ libpng-1.0.15/pngconf.h 2003-01-16 08:57:40.000000000 -0800 >@@ -254,8 +254,13 @@ > # undef _BSD_SOURCE > # endif > # ifdef _SETJMP_H >- __png.h__ already includes setjmp.h; >- __dont__ include it again.; >+/* Explanation added by debian maintainer Philippe Troin <phil@fifi.org>. >+ There are two versions of setjmp, depending wether or not we compile for >+ BSD. They are incompatible and can cause crashes. The PNG people force >+ here a unique behavior for setjmp. It fou get the error below, >+ then include <png.h> before <setjmp.h>. >+*/ >+#error png.h already includes setjmp.h with some additional fixup. > # endif > # endif /* __linux__ */ > >diff -urN libpng-1.0.15-old/pngrtran.c libpng-1.0.15/pngrtran.c >--- libpng-1.0.15-old/pngrtran.c 2002-10-03 04:13:15.000000000 -0700 >+++ libpng-1.0.15/pngrtran.c 2003-01-16 08:57:40.000000000 -0800 >@@ -1965,8 +1965,8 @@ > /* This changes the data from RRGGBB to RRGGBBXX */ > if (flags & PNG_FLAG_FILLER_AFTER) > { >- png_bytep sp = row + (png_size_t)row_width * 3; >- png_bytep dp = sp + (png_size_t)row_width; >+ png_bytep sp = row + (png_size_t)row_width * 6; >+ png_bytep dp = sp + (png_size_t)row_width * 2; > for (i = 1; i < row_width; i++) > { > *(--dp) = hi_filler; >@@ -1987,8 +1987,8 @@ > /* This changes the data from RRGGBB to XXRRGGBB */ > else > { >- png_bytep sp = row + (png_size_t)row_width * 3; >- png_bytep dp = sp + (png_size_t)row_width; >+ png_bytep sp = row + (png_size_t)row_width * 6; >+ png_bytep dp = sp + (png_size_t)row_width * 2; > for (i = 0; i < row_width; i++) > { > *(--dp) = *(--sp); >--- libpng-1.0.15-old/pngerror.c 2002-10-03 05:32:27.000000000 -0600 >+++ libpng-1.0.15/pngerror.c 2004-04-29 09:26:18.000000000 -0600 >@@ -135,10 +135,12 @@ > buffer[iout] = 0; > else > { >+ png_size_t len = strnlen(error_message, 63); >+ > buffer[iout++] = ':'; > buffer[iout++] = ' '; >- png_memcpy(buffer+iout, error_message, 64); >- buffer[iout+63] = 0; >+ png_memcpy(buffer+iout, error_message, len); >+ buffer[iout+len] = 0; > } > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=30918">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 49887
:
30917
| 30918
