pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/print/cups fix a possible integer overflow in buffer s...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/1059866b16fe
branches:  trunk
changeset: 541116:1059866b16fe
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Tue Apr 15 17:26:23 2008 +0000

description:
fix a possible integer overflow in buffer size calculation, from upstream,
bump PKGREVISION

diffstat:

 print/cups/Makefile         |   3 +-
 print/cups/distinfo         |   3 +-
 print/cups/patches/patch-au |  72 +++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 76 insertions(+), 2 deletions(-)

diffs (107 lines):

diff -r 2507ec902884 -r 1059866b16fe print/cups/Makefile
--- a/print/cups/Makefile       Tue Apr 15 16:49:56 2008 +0000
+++ b/print/cups/Makefile       Tue Apr 15 17:26:23 2008 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.133 2008/04/03 04:06:27 markd Exp $
+# $NetBSD: Makefile,v 1.134 2008/04/15 17:26:23 drochner Exp $
 #
 # The CUPS author is very good about taking back changes into the main
 # CUPS distribution.  The correct place to send patches or bug-fixes is:
@@ -6,6 +6,7 @@
 
 DISTNAME=      cups-${DIST_VERS}-source
 PKGNAME=       cups-${VERS}
+PKGREVISION=   1
 BASE_VERS=     1.3.7
 DIST_VERS=     ${BASE_VERS}
 VERS=          ${DIST_VERS:S/-/./g}
diff -r 2507ec902884 -r 1059866b16fe print/cups/distinfo
--- a/print/cups/distinfo       Tue Apr 15 16:49:56 2008 +0000
+++ b/print/cups/distinfo       Tue Apr 15 17:26:23 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.55 2008/04/03 04:06:27 markd Exp $
+$NetBSD: distinfo,v 1.56 2008/04/15 17:26:23 drochner Exp $
 
 SHA1 (cups-1.3.7-source.tar.bz2) = 4267822cdad2fdad44ff0885587132250bcf8dff
 RMD160 (cups-1.3.7-source.tar.bz2) = 7d3bd9dbe91e787f7032b770e576ab31cfcf6588
@@ -10,3 +10,4 @@
 SHA1 (patch-an) = 5c12e6de5d83659011c6050786049756e4aa4b49
 SHA1 (patch-ao) = 4fc204e312bf8752f3f3b4fd73ec1e4f166ae2d3
 SHA1 (patch-at) = eea32b989402c353f5f1644348c1042a3d4ddfa1
+SHA1 (patch-au) = 0c32755a4979e5a44b1773c9fd1fb75bcf919cef
diff -r 2507ec902884 -r 1059866b16fe print/cups/patches/patch-au
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/print/cups/patches/patch-au       Tue Apr 15 17:26:23 2008 +0000
@@ -0,0 +1,72 @@
+$NetBSD: patch-au,v 1.11 2008/04/15 17:26:23 drochner Exp $
+
+--- ./filter/image-png.c.orig  2007-07-11 23:46:42.000000000 +0200
++++ ./filter/image-png.c
+@@ -3,7 +3,7 @@
+  *
+  *   PNG image routines for the Common UNIX Printing System (CUPS).
+  *
+- *   Copyright 2007 by Apple Inc.
++ *   Copyright 2007-2008 by Apple Inc.
+  *   Copyright 1993-2007 by Easy Software Products.
+  *
+  *   These coded instructions, statements, and computer programs are the
+@@ -170,16 +170,56 @@ _cupsImageReadPNG(
+     * Interlaced images must be loaded all at once...
+     */
+ 
++    size_t bufsize;                   /* Size of buffer */
++
++
+     if (color_type == PNG_COLOR_TYPE_GRAY ||
+       color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
+-      in = malloc(img->xsize * img->ysize);
++    {
++      bufsize = img->xsize * img->ysize;
++
++      if ((bufsize / img->ysize) != img->xsize)
++      {
++      fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
++              (unsigned)width, (unsigned)height);
++      fclose(fp);
++      return (1);
++      }
++    }
+     else
+-      in = malloc(img->xsize * img->ysize * 3);
++    {
++      bufsize = img->xsize * img->ysize * 3;
++
++      if ((bufsize / (img->ysize * 3)) != img->xsize)
++      {
++      fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
++              (unsigned)width, (unsigned)height);
++      fclose(fp);
++      return (1);
++      }
++    }
++
++    in = malloc(bufsize);
+   }
+ 
+   bpp = cupsImageGetDepth(img);
+   out = malloc(img->xsize * bpp);
+ 
++  if (!in || !out)
++  {
++    fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr);
++
++    if (in)
++      free(in);
++
++    if (out)
++      free(out);
++
++    fclose(fp);
++
++    return (1);
++  }
++
+  /*
+   * Read the image, interlacing as needed...
+   */



Home | Main Index | Thread Index | Old Index