Overview

File GraphicsMagick-1.3.12-CVE-2012-3438.patch of Package GraphicsMagick.openSUSE_12.1_Update

http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/raw-diff/d6e469d02cd2/coders/png.c
Index: GraphicsMagick-1.3.12/coders/png.c
===================================================================
--- GraphicsMagick-1.3.12.orig/coders/png.c
+++ GraphicsMagick-1.3.12/coders/png.c
@@ -1370,7 +1370,11 @@ static void PNGWarningHandler(png_struct
 }
 
 #ifdef PNG_USER_MEM_SUPPORTED
-static png_voidp png_IM_malloc(png_structp png_ptr,png_uint_32 size)
+#if PNG_LIBPNG_VER >= 14000
+static png_voidp png_IM_malloc(png_structp png_ptr,png_alloc_size_t size)
+#else
+static png_voidp png_IM_malloc(png_structp png_ptr,png_size_t size)
+#endif
 {
 #if (PNG_LIBPNG_VER < 10011)
   png_voidp
@@ -6102,12 +6106,21 @@ png_write_raw_profile(const ImageInfo *i
                     profile_type, (unsigned long)length);
     }
 #if (PNG_LIBPNG_VER > 10005)
-  text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
+# if PNG_LIBPNG_VER >= 14000
+  text=(png_textp) png_malloc(ping,(png_alloc_size_t) sizeof(png_text));
+# else
+  text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
+# endif
   description_length=strlen((const char *) profile_description);
   allocated_length=(png_uint_32) (length*2 + (length >> 5) + 20
                                   + description_length);
-  text[0].text=(png_charp) png_malloc(ping,allocated_length);
-  text[0].key=(png_charp) png_malloc(ping, (png_uint_32) 80);
+# if PNG_LIBPNG_VER >= 14000
+  text[0].text=(png_charp) png_malloc(ping, (png_alloc_size_t) allocated_length);
+  text[0].key=(png_charp) png_malloc(ping, (png_alloc_size_t) 80);
+# else
+  text[0].text=(png_charp) png_malloc(ping, (png_size_t) allocated_length);
+  text[0].key=(png_charp) png_malloc(ping, (png_size_t) 80);
+# endif
   text[0].key[0]='\0';
   (void) strcat(text[0].key, "Raw profile type ");
   (void) strncat(text[0].key, (const char *) profile_type, 61);
@@ -7503,7 +7516,11 @@ static MagickPassFail WriteOnePNGImage(M
       if (*attribute->key == '[')
         continue;
 #if (PNG_LIBPNG_VER > 10005)
-      text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
+# if PNG_LIBPNG_VER >= 14000
+      text=(png_textp) png_malloc(ping, (png_alloc_size_t) sizeof(png_text));
+# else
+      text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
+# endif
       text[0].key=attribute->key;
       text[0].text=attribute->value;
       text[0].text_length=strlen(attribute->value);
openSUSE Build Service is sponsored by
Places