File libpng14-1.4.4-CVE-2011-2690.patch of Package libpng14.import4949

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blobdiff;f=pngrtran.c;h=6bce578dfad3d9121d35cf4893298bb2fce5cd84;hp=0a01db8ba91694f7e27428be157f760e7c5fbc27;hb=cc1d4d0dbc727f60b7ae5320776c05e668fd40e3;hpb=070434c04512948f7eb4acf09a36a6f06000f456
Index: pngrtran.c
===================================================================
--- pngrtran.c.orig
+++ pngrtran.c
@@ -660,10 +660,14 @@ void PNGAPI
 png_set_rgb_to_gray(png_structp png_ptr, int error_action, double red,
    double green)
 {
-   int red_fixed = (int)((float)red*100000.0 + 0.5);
-   int green_fixed = (int)((float)green*100000.0 + 0.5);
+   int red_fixed, green_fixed;
    if (png_ptr == NULL)
       return;
+   if (red > 21474.83647 || red < -21474.83648 ||
+       green > 21474.83647 || green < -21474.83648)
+      png_error(png_ptr, "ignoring out of range rgb_to_gray coefficients");
+   red_fixed = (int)((float)red*100000.0 + 0.5);
+   green_fixed = (int)((float)green*100000.0 + 0.5);
    png_set_rgb_to_gray_fixed(png_ptr, error_action, red_fixed, green_fixed);
 }
 #endif
openSUSE Build Service is sponsored by