diff options
Diffstat (limited to 'meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch')
-rw-r--r-- | meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch b/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch new file mode 100644 index 0000000000..5a0f51e269 --- /dev/null +++ b/meta/recipes-multimedia/libpng/libpng/04-CVE-2011-2692.patch | |||
@@ -0,0 +1,29 @@ | |||
1 | This patch is taken from upstream and is a fix for CVE CVE-2011-2962 | ||
2 | |||
3 | Description: fix denial of service and possible arbitrary code | ||
4 | execution via invalid sCAL chunks | ||
5 | Origin: upstream, http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 | ||
6 | |||
7 | Upstream-Status: Backport | ||
8 | |||
9 | Signed-off-by: Joshua Lock <josh@linux.intel.com> | ||
10 | |||
11 | Index: libpng-1.2.44/pngrutil.c | ||
12 | =================================================================== | ||
13 | --- libpng-1.2.44.orig/pngrutil.c 2011-07-26 08:19:22.619498085 -0400 | ||
14 | +++ libpng-1.2.44/pngrutil.c 2011-07-26 08:19:26.909498086 -0400 | ||
15 | @@ -1812,6 +1812,14 @@ | ||
16 | return; | ||
17 | } | ||
18 | |||
19 | + /* Need unit type, width, \0, height: minimum 4 bytes */ | ||
20 | + else if (length < 4) | ||
21 | + { | ||
22 | + png_warning(png_ptr, "sCAL chunk too short"); | ||
23 | + png_crc_finish(png_ptr, length); | ||
24 | + return; | ||
25 | + } | ||
26 | + | ||
27 | png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)", | ||
28 | length + 1); | ||
29 | png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1); | ||