diff options
Diffstat (limited to 'recipes-multimedia/libpng/libpng/CVE-2018-13785.patch')
-rw-r--r-- | recipes-multimedia/libpng/libpng/CVE-2018-13785.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/recipes-multimedia/libpng/libpng/CVE-2018-13785.patch b/recipes-multimedia/libpng/libpng/CVE-2018-13785.patch new file mode 100644 index 0000000..0d8aaf8 --- /dev/null +++ b/recipes-multimedia/libpng/libpng/CVE-2018-13785.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From 8a05766cb74af05c04c53e6c9d60c13fc4d59bf2 Mon Sep 17 00:00:00 2001 | ||
2 | From: Cosmin Truta <ctruta@gmail.com> | ||
3 | Date: Sun, 17 Jun 2018 22:56:29 -0400 | ||
4 | Subject: [PATCH] [libpng16] Fix the calculation of row_factor in | ||
5 | png_check_chunk_length | ||
6 | |||
7 | (Bug report by Thuan Pham, SourceForge issue #278) | ||
8 | |||
9 | CVE: CVE-2018-13785 | ||
10 | Upstream-Status: Backport | ||
11 | |||
12 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
13 | --- | ||
14 | pngrutil.c | 9 ++++++--- | ||
15 | 1 file changed, 6 insertions(+), 3 deletions(-) | ||
16 | |||
17 | diff --git a/pngrutil.c b/pngrutil.c | ||
18 | index 95571b5..5ba995a 100644 | ||
19 | --- a/pngrutil.c | ||
20 | +++ b/pngrutil.c | ||
21 | @@ -3167,10 +3167,13 @@ png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length) | ||
22 | { | ||
23 | png_alloc_size_t idat_limit = PNG_UINT_31_MAX; | ||
24 | size_t row_factor = | ||
25 | - (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) | ||
26 | - + 1 + (png_ptr->interlaced? 6: 0)); | ||
27 | + (size_t)png_ptr->width | ||
28 | + * (size_t)png_ptr->channels | ||
29 | + * (png_ptr->bit_depth > 8? 2: 1) | ||
30 | + + 1 | ||
31 | + + (png_ptr->interlaced? 6: 0); | ||
32 | if (png_ptr->height > PNG_UINT_32_MAX/row_factor) | ||
33 | - idat_limit=PNG_UINT_31_MAX; | ||
34 | + idat_limit = PNG_UINT_31_MAX; | ||
35 | else | ||
36 | idat_limit = png_ptr->height * row_factor; | ||
37 | row_factor = row_factor > 32566? 32566 : row_factor; | ||
38 | -- | ||
39 | 1.9.1 | ||
40 | |||