Overview

File GraphicsMagick-1.3.15-CVE-2012-3438.patch of Package GraphicsMagick.openSUSE_12.2_Update

http://graphicsmagick.hg.sourceforge.net/hgweb/graphicsmagick/graphicsmagick/raw-diff/d6e469d02cd2/coders/png.c
diff -r aab86f5baef7 -r d6e469d02cd2 coders/png.c
--- a/coders/png.c	Thu Jun 07 06:24:09 2012 -0500
+++ b/coders/png.c	Sat Jul 28 11:05:48 2012 -0500
@@ -1360,7 +1360,11 @@
 }
 
 #ifdef PNG_USER_MEM_SUPPORTED
-static png_voidp png_IM_malloc(png_structp png_ptr,png_uint_32 size)
+#if PNG_LIBPNG_VER >= 14000
+static png_voidp png_IM_malloc(png_structp png_ptr,png_alloc_size_t size)
+#else
+static png_voidp png_IM_malloc(png_structp png_ptr,png_size_t size)
+#endif
 {
   (void) png_ptr;
   return MagickAllocateMemory(png_voidp,(size_t) size);
@@ -6169,12 +6173,22 @@
       (void) printf("writing raw profile: type=%.1024s, length=%lu\n",
                     profile_type, (unsigned long)length);
     }
-  text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
+#if PNG_LIBPNG_VER >= 14000
+  text=(png_textp) png_malloc(ping,(png_alloc_size_t) sizeof(png_text));
+#else
+  text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
+#endif
   description_length=strlen((const char *) profile_description);
   allocated_length=(png_uint_32) (length*2 + (length >> 5) + 20
                                   + description_length);
-  text[0].text=(png_charp) png_malloc(ping,allocated_length);
-  text[0].key=(png_charp) png_malloc(ping, (png_uint_32) 80);
+#if PNG_LIBPNG_VER >= 14000
+   text[0].text=(png_charp) png_malloc(ping,
+      (png_alloc_size_t) allocated_length);
+   text[0].key=(png_charp) png_malloc(ping, (png_alloc_size_t) 80);
+#else
+   text[0].text=(png_charp) png_malloc(ping, (png_size_t) allocated_length);
+   text[0].key=(png_charp) png_malloc(ping, (png_size_t) 80);
+#endif
   text[0].key[0]='\0';
   (void) strcat(text[0].key, "Raw profile type ");
   (void) strncat(text[0].key, (const char *) profile_type, 61);
@@ -7620,7 +7634,12 @@
 
       if (*attribute->key == '[')
         continue;
-      text=(png_textp) png_malloc(ping,(png_uint_32) sizeof(png_text));
+#if PNG_LIBPNG_VER >= 14000
+            text=(png_textp) png_malloc(ping,
+                 (png_alloc_size_t) sizeof(png_text));
+#else
+            text=(png_textp) png_malloc(ping,(png_size_t) sizeof(png_text));
+#endif
       text[0].key=attribute->key;
       text[0].text=attribute->value;
       text[0].text_length=strlen(attribute->value);
openSUSE Build Service is sponsored by
Places