pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/print/cups fix a possible integer overflow in buffer s...
details: https://anonhg.NetBSD.org/pkgsrc/rev/1059866b16fe
branches: trunk
changeset: 541116:1059866b16fe
user: drochner <drochner%pkgsrc.org@localhost>
date: Tue Apr 15 17:26:23 2008 +0000
description:
fix a possible integer overflow in buffer size calculation, from upstream,
bump PKGREVISION
diffstat:
print/cups/Makefile | 3 +-
print/cups/distinfo | 3 +-
print/cups/patches/patch-au | 72 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 76 insertions(+), 2 deletions(-)
diffs (107 lines):
diff -r 2507ec902884 -r 1059866b16fe print/cups/Makefile
--- a/print/cups/Makefile Tue Apr 15 16:49:56 2008 +0000
+++ b/print/cups/Makefile Tue Apr 15 17:26:23 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.133 2008/04/03 04:06:27 markd Exp $
+# $NetBSD: Makefile,v 1.134 2008/04/15 17:26:23 drochner Exp $
#
# The CUPS author is very good about taking back changes into the main
# CUPS distribution. The correct place to send patches or bug-fixes is:
@@ -6,6 +6,7 @@
DISTNAME= cups-${DIST_VERS}-source
PKGNAME= cups-${VERS}
+PKGREVISION= 1
BASE_VERS= 1.3.7
DIST_VERS= ${BASE_VERS}
VERS= ${DIST_VERS:S/-/./g}
diff -r 2507ec902884 -r 1059866b16fe print/cups/distinfo
--- a/print/cups/distinfo Tue Apr 15 16:49:56 2008 +0000
+++ b/print/cups/distinfo Tue Apr 15 17:26:23 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.55 2008/04/03 04:06:27 markd Exp $
+$NetBSD: distinfo,v 1.56 2008/04/15 17:26:23 drochner Exp $
SHA1 (cups-1.3.7-source.tar.bz2) = 4267822cdad2fdad44ff0885587132250bcf8dff
RMD160 (cups-1.3.7-source.tar.bz2) = 7d3bd9dbe91e787f7032b770e576ab31cfcf6588
@@ -10,3 +10,4 @@
SHA1 (patch-an) = 5c12e6de5d83659011c6050786049756e4aa4b49
SHA1 (patch-ao) = 4fc204e312bf8752f3f3b4fd73ec1e4f166ae2d3
SHA1 (patch-at) = eea32b989402c353f5f1644348c1042a3d4ddfa1
+SHA1 (patch-au) = 0c32755a4979e5a44b1773c9fd1fb75bcf919cef
diff -r 2507ec902884 -r 1059866b16fe print/cups/patches/patch-au
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/print/cups/patches/patch-au Tue Apr 15 17:26:23 2008 +0000
@@ -0,0 +1,72 @@
+$NetBSD: patch-au,v 1.11 2008/04/15 17:26:23 drochner Exp $
+
+--- ./filter/image-png.c.orig 2007-07-11 23:46:42.000000000 +0200
++++ ./filter/image-png.c
+@@ -3,7 +3,7 @@
+ *
+ * PNG image routines for the Common UNIX Printing System (CUPS).
+ *
+- * Copyright 2007 by Apple Inc.
++ * Copyright 2007-2008 by Apple Inc.
+ * Copyright 1993-2007 by Easy Software Products.
+ *
+ * These coded instructions, statements, and computer programs are the
+@@ -170,16 +170,56 @@ _cupsImageReadPNG(
+ * Interlaced images must be loaded all at once...
+ */
+
++ size_t bufsize; /* Size of buffer */
++
++
+ if (color_type == PNG_COLOR_TYPE_GRAY ||
+ color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
+- in = malloc(img->xsize * img->ysize);
++ {
++ bufsize = img->xsize * img->ysize;
++
++ if ((bufsize / img->ysize) != img->xsize)
++ {
++ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
++ (unsigned)width, (unsigned)height);
++ fclose(fp);
++ return (1);
++ }
++ }
+ else
+- in = malloc(img->xsize * img->ysize * 3);
++ {
++ bufsize = img->xsize * img->ysize * 3;
++
++ if ((bufsize / (img->ysize * 3)) != img->xsize)
++ {
++ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
++ (unsigned)width, (unsigned)height);
++ fclose(fp);
++ return (1);
++ }
++ }
++
++ in = malloc(bufsize);
+ }
+
+ bpp = cupsImageGetDepth(img);
+ out = malloc(img->xsize * bpp);
+
++ if (!in || !out)
++ {
++ fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr);
++
++ if (in)
++ free(in);
++
++ if (out)
++ free(out);
++
++ fclose(fp);
++
++ return (1);
++ }
++
+ /*
+ * Read the image, interlacing as needed...
+ */
Home |
Main Index |
Thread Index |
Old Index