Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:11.4:Update
libpng14
libpng14-1.4.4-CVE-2011-3026.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libpng14-1.4.4-CVE-2011-3026.patch of Package libpng14
Index: libpng-1.4.4/pngrutil.c =================================================================== --- libpng-1.4.4.orig/pngrutil.c +++ libpng-1.4.4/pngrutil.c @@ -325,15 +325,18 @@ png_decompress_chunk(png_structp png_ptr /* Now check the limits on this chunk - if the limit fails the * compressed data will be removed, the prefix will remain. */ + if (prefix_size >= (~(png_size_t)0) - 1 || + expanded_size >= (~(png_size_t)0) - 1 - prefix_size #ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED - if (png_ptr->user_chunk_malloc_max && + || (png_ptr->user_chunk_malloc_max && (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1)) #else # ifdef PNG_USER_CHUNK_MALLOC_MAX - if ((PNG_USER_CHUNK_MALLOC_MAX > 0) && + || ((PNG_USER_CHUNK_MALLOC_MAX > 0) && prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1) # endif #endif + ) png_warning(png_ptr, "Exceeded size limit while expanding chunk"); /* If the size is zero either there was an error and a message @@ -341,11 +344,7 @@ png_decompress_chunk(png_structp png_ptr * and we have nothing to do - the code will exit through the * error case below. */ -#if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \ - defined(PNG_USER_CHUNK_MALLOC_MAX) - else -#endif - if (expanded_size > 0) + else if (expanded_size > 0) { /* Success (maybe) - really uncompress the chunk. */ png_size_t new_size = 0;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor