diff options
Diffstat (limited to 'meta/recipes-multimedia/libpng/libpng/02-CVE-2011-2501.patch')
-rw-r--r-- | meta/recipes-multimedia/libpng/libpng/02-CVE-2011-2501.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/02-CVE-2011-2501.patch b/meta/recipes-multimedia/libpng/libpng/02-CVE-2011-2501.patch new file mode 100644 index 0000000000..c4f98c69a4 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/02-CVE-2011-2501.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | This patch is taken from upstream and is a fix for CVE CVE-2011-2501 | ||
2 | |||
3 | Description: fix denial of service via error message data | ||
4 | Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af | ||
5 | |||
6 | Upstream-Status: Backport | ||
7 | |||
8 | Signed-off-by: Joshua Lock <josh@linux.intel.com> | ||
9 | |||
10 | Index: libpng-1.2.44/pngerror.c | ||
11 | =================================================================== | ||
12 | --- libpng-1.2.44.orig/pngerror.c 2011-07-26 08:18:20.769498103 -0400 | ||
13 | +++ libpng-1.2.44/pngerror.c 2011-07-26 08:18:32.819498098 -0400 | ||
14 | @@ -181,8 +181,13 @@ | ||
15 | { | ||
16 | buffer[iout++] = ':'; | ||
17 | buffer[iout++] = ' '; | ||
18 | - png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT); | ||
19 | - buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0'; | ||
20 | + | ||
21 | + iin = 0; | ||
22 | + while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0') | ||
23 | + buffer[iout++] = error_message[iin++]; | ||
24 | + | ||
25 | + /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */ | ||
26 | + buffer[iout] = '\0'; | ||
27 | } | ||
28 | } | ||
29 | |||