summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libpng/libpng-1.6.16/CVE-2015-8472.patch
blob: 404f012b022a2aa5f4361aa44a5029fd36845656 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
From 9f2ad4928e47036cf1ac9b8fe45a491f15be2324 Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Wed, 4 Nov 2015 23:47:42 -0600
Subject: [PATCH] [libpng16] Fixed new bug with CRC error after reading an
 over-length palette.

Upstream-Status: Backport
CVE: CVE-2015-8472 

https://github.com/glennrp/libpng/commit/9f2ad4928e47036cf1ac9b8fe45a491f15be2324
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 pngrutil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: libpng-1.6.17/pngrutil.c
===================================================================
--- libpng-1.6.17.orig/pngrutil.c
+++ libpng-1.6.17/pngrutil.c
@@ -973,7 +973,7 @@ png_handle_PLTE(png_structrp png_ptr, pn
    if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
 #endif
    {
-      png_crc_finish(png_ptr, 0);
+      png_crc_finish(png_ptr, (int) length - num * 3);
    }
 
 #ifndef PNG_READ_OPT_PLTE_SUPPORTED