From 3efb0bdd5c79f5dcb21495e9b444721603ae93f0 Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Mon, 17 Sep 2018 10:12:53 +0200 Subject: libpng: fix for CVE-2018-13785 ref: https://nvd.nist.gov/vuln/detail/CVE-2018-13785 Change-Id: I1e4f17816bca50dd405ac7ee7c16d8d9aa7e0b21 Signed-off-by: Sona Sarmadi --- .../libpng/libpng/CVE-2018-13785.patch | 40 ++++++++++++++++++++++ recipes-multimedia/libpng/libpng_%.bbappend | 5 +++ 2 files changed, 45 insertions(+) create mode 100644 recipes-multimedia/libpng/libpng/CVE-2018-13785.patch create mode 100644 recipes-multimedia/libpng/libpng_%.bbappend diff --git a/recipes-multimedia/libpng/libpng/CVE-2018-13785.patch b/recipes-multimedia/libpng/libpng/CVE-2018-13785.patch new file mode 100644 index 0000000..0d8aaf8 --- /dev/null +++ b/recipes-multimedia/libpng/libpng/CVE-2018-13785.patch @@ -0,0 +1,40 @@ +From 8a05766cb74af05c04c53e6c9d60c13fc4d59bf2 Mon Sep 17 00:00:00 2001 +From: Cosmin Truta +Date: Sun, 17 Jun 2018 22:56:29 -0400 +Subject: [PATCH] [libpng16] Fix the calculation of row_factor in + png_check_chunk_length + +(Bug report by Thuan Pham, SourceForge issue #278) + +CVE: CVE-2018-13785 +Upstream-Status: Backport + +Signed-off-by: Sona Sarmadi +--- + pngrutil.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/pngrutil.c b/pngrutil.c +index 95571b5..5ba995a 100644 +--- a/pngrutil.c ++++ b/pngrutil.c +@@ -3167,10 +3167,13 @@ png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length) + { + png_alloc_size_t idat_limit = PNG_UINT_31_MAX; + size_t row_factor = +- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) +- + 1 + (png_ptr->interlaced? 6: 0)); ++ (size_t)png_ptr->width ++ * (size_t)png_ptr->channels ++ * (png_ptr->bit_depth > 8? 2: 1) ++ + 1 ++ + (png_ptr->interlaced? 6: 0); + if (png_ptr->height > PNG_UINT_32_MAX/row_factor) +- idat_limit=PNG_UINT_31_MAX; ++ idat_limit = PNG_UINT_31_MAX; + else + idat_limit = png_ptr->height * row_factor; + row_factor = row_factor > 32566? 32566 : row_factor; +-- +1.9.1 + diff --git a/recipes-multimedia/libpng/libpng_%.bbappend b/recipes-multimedia/libpng/libpng_%.bbappend new file mode 100644 index 0000000..948941d --- /dev/null +++ b/recipes-multimedia/libpng/libpng_%.bbappend @@ -0,0 +1,5 @@ +# look for files in the layer first +FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" + +SRC_URI += "file://CVE-2018-13785.patch \ + " -- cgit v1.2.3-54-g00ecf