Overview

File libpng-1.2.31-CVE-2009-0040.patch of Package libpng12-0

diff -u3p -r -N -x CVS -x '.mozconfig*' -x configure libpng-1.2.34-orig/pngread.c libpng-1.2.34/pngread.c
--- libpng-1.2.34-orig/pngread.c	2008-12-18 05:45:16.179589000 -0600
+++ libpng-1.2.34/pngread.c	2009-02-18 14:50:30.608903719 -0600
@@ -1437,6 +1437,8 @@ png_read_png(png_structp png_ptr, png_in
 #ifdef PNG_FREE_ME_SUPPORTED
       info_ptr->free_me |= PNG_FREE_ROWS;
 #endif
+      png_memset(info_ptr->row_pointers, 0, info_ptr->height
+         * png_sizeof(png_bytep));
       for (row = 0; row < (int)info_ptr->height; row++)
       {
          info_ptr->row_pointers[row] = (png_bytep)png_malloc(png_ptr,
diff -u3p -r -N -x CVS -x '.mozconfig*' -x configure libpng-1.2.34-orig/pngrtran.c libpng-1.2.34/pngrtran.c
--- libpng-1.2.34-orig/pngrtran.c	2008-12-18 05:45:16.208928000 -0600
+++ libpng-1.2.34/pngrtran.c	2009-02-18 14:49:03.939239335 -0600
@@ -4128,11 +4128,14 @@ png_build_gamma_table(png_structp png_pt
      png_ptr->gamma_16_table = (png_uint_16pp)png_malloc(png_ptr,
         (png_uint_32)(num * png_sizeof(png_uint_16p)));
 
+
      if (png_ptr->transformations & (PNG_16_TO_8 | PNG_BACKGROUND))
      {
         double fin, fout;
         png_uint_32 last, max;
 
+        png_memset(png_ptr->gamma_16_table, 0, num * png_sizeof(png_uint_16p)); 
+
         for (i = 0; i < num; i++)
         {
            png_ptr->gamma_16_table[i] = (png_uint_16p)png_malloc(png_ptr,
@@ -4188,6 +4191,8 @@ png_build_gamma_table(png_structp png_pt
         png_ptr->gamma_16_to_1 = (png_uint_16pp)png_malloc(png_ptr,
            (png_uint_32)(num * png_sizeof(png_uint_16p )));
 
+        png_memset(png_ptr->gamma_16_to_1, 0, num * png_sizeof(png_uint_16p)); 
+
         for (i = 0; i < num; i++)
         {
            png_ptr->gamma_16_to_1[i] = (png_uint_16p)png_malloc(png_ptr,
@@ -4211,6 +4216,9 @@ png_build_gamma_table(png_structp png_pt
         png_ptr->gamma_16_from_1 = (png_uint_16pp)png_malloc(png_ptr,
            (png_uint_32)(num * png_sizeof(png_uint_16p)));
 
+        png_memset(png_ptr->gamma_16_from_1, 0,
+           num * png_sizeof(png_uint_16p)); 
+
         for (i = 0; i < num; i++)
         {
            png_ptr->gamma_16_from_1[i] = (png_uint_16p)png_malloc(png_ptr,
diff -u3p -r -N -x CVS -x '.mozconfig*' -x configure libpng-1.2.34-orig/pngset.c libpng-1.2.34/pngset.c
--- libpng-1.2.34-orig/pngset.c	2008-12-18 05:45:16.238484000 -0600
+++ libpng-1.2.34/pngset.c	2009-02-18 14:51:27.025302233 -0600
@@ -382,7 +382,7 @@ png_set_pCAL(png_structp png_ptr, png_in
       return;
    }
 
-   info_ptr->pcal_params[nparams] = NULL;
+   png_memset(info_ptr->pcal_params, 0, (nparams + 1) * png_sizeof(png_charp));
 
    for (i = 0; i < nparams; i++)
    {
openSUSE Build Service is sponsored by
Places