[pkgsrc/trunk]: pkgsrc/x11/wxGTK28 add patches from upstream to fix a double ...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/x11/wxGTK28 add patches from upstream to fix a double ...
From: drochner <drochner%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 08:06:29 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ad4ae360d176
branches:  trunk
changeset: 562564:ad4ae360d176
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Sat Aug 01 14:03:19 2009 +0000

description:
add patches from upstream to fix a double free() and an integer overflow
(http://secunia.com/advisories/35292/)
bump PKGREVISION

diffstat:

 x11/wxGTK28/Makefile         |   4 +++-
 x11/wxGTK28/distinfo         |   4 +++-
 x11/wxGTK28/patches/patch-ba |  26 ++++++++++++++++++++++++++
 x11/wxGTK28/patches/patch-bb |  35 +++++++++++++++++++++++++++++++++++
 4 files changed, 67 insertions(+), 2 deletions(-)

diffs (99 lines):

diff -r a1fd97cf2aca -r ad4ae360d176 x11/wxGTK28/Makefile
--- a/x11/wxGTK28/Makefile      Sat Aug 01 13:33:27 2009 +0000
+++ b/x11/wxGTK28/Makefile      Sat Aug 01 14:03:19 2009 +0000
@@ -1,8 +1,10 @@
-# $NetBSD: Makefile,v 1.3 2009/03/23 00:38:55 joerg Exp $
+# $NetBSD: Makefile,v 1.4 2009/08/01 14:03:19 drochner Exp $
 #
 
 .include "../../x11/wxGTK28/Makefile.common"
 
+PKGREVISION=   1
+
 PKGNAME=               ${DISTNAME:S/wxGTK/wxGTK28/}
 COMMENT=               GTK-based implementation of the wxWidgets GUI library
 
diff -r a1fd97cf2aca -r ad4ae360d176 x11/wxGTK28/distinfo
--- a/x11/wxGTK28/distinfo      Sat Aug 01 13:33:27 2009 +0000
+++ b/x11/wxGTK28/distinfo      Sat Aug 01 14:03:19 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.4 2009/05/15 07:08:59 adam Exp $
+$NetBSD: distinfo,v 1.5 2009/08/01 14:03:19 drochner Exp $
 
 SHA1 (wxGTK-2.8.10-libtool.diff.bz2) = 62ff30c26efdd73252bed2d07b82a9b9d3ef890f
 RMD160 (wxGTK-2.8.10-libtool.diff.bz2) = 64e1c32caa4bd6a0503bce4764e3ddc1cba68f8a
@@ -9,3 +9,5 @@
 SHA1 (patch-aa) = 1a30c79f07ea8ea5dff02fad9b5e1ba8dadde01a
 SHA1 (patch-ab) = 82960daef0616824718f3c04929871aeb0e258a2
 SHA1 (patch-ac) = 50cf253797f2dee8b9dab08d138d0070e25e7a8c
+SHA1 (patch-ba) = e47f8613835ce309daff09ae3265d44f37493579
+SHA1 (patch-bb) = 52df734a1df364dc5599a2b9252a15b87cae13b1
diff -r a1fd97cf2aca -r ad4ae360d176 x11/wxGTK28/patches/patch-ba
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK28/patches/patch-ba      Sat Aug 01 14:03:19 2009 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-ba,v 1.1 2009/08/01 14:03:19 drochner Exp $
+
+--- src/common/imagpng.cpp.orig        2009-03-06 13:17:40.000000000 +0100
++++ src/common/imagpng.cpp
+@@ -568,18 +568,16 @@ wxPNGHandler::LoadFile(wxImage *image,
+     if (!image->Ok())
+         goto error;
+ 
+-    lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
++    // initialize all line pointers to NULL to ensure that they can be safely
++    // free()d if an error occurs before all of them could be allocated
++    lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
+     if ( !lines )
+         goto error;
+ 
+     for (i = 0; i < height; i++)
+     {
+         if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
+-        {
+-            for ( unsigned int n = 0; n < i; n++ )
+-                free( lines[n] );
+             goto error;
+-        }
+     }
+ 
+     png_read_image( png_ptr, lines );
diff -r a1fd97cf2aca -r ad4ae360d176 x11/wxGTK28/patches/patch-bb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/x11/wxGTK28/patches/patch-bb      Sat Aug 01 14:03:19 2009 +0000
@@ -0,0 +1,35 @@
+$NetBSD: patch-bb,v 1.1 2009/08/01 14:03:19 drochner Exp $
+
+--- src/common/imagtiff.cpp.orig       2009-03-06 13:17:40.000000000 +0100
++++ src/common/imagtiff.cpp
+@@ -261,7 +261,6 @@ bool wxTIFFHandler::LoadFile( wxImage *i
+     }
+ 
+     uint32 w, h;
+-    uint32 npixels;
+     uint32 *raster;
+ 
+     TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
+@@ -275,9 +274,20 @@ bool wxTIFFHandler::LoadFile( wxImage *i
+                            (samplesInfo[0] == EXTRASAMPLE_ASSOCALPHA ||
+                             samplesInfo[0] == EXTRASAMPLE_UNASSALPHA));
+ 
+-    npixels = w * h;
++    // guard against integer overflow during multiplication which could result
++    // in allocating a too small buffer and then overflowing it
++    const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
++    if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
++    {
++      if ( verbose )
++          wxLogError( _("TIFF: Image size is abnormally big.") );
++
++      TIFFClose(tif);
++
++      return false;
++    }
+ 
+-    raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
++    raster = (uint32*) _TIFFmalloc( bytesNeeded );
+ 
+     if (!raster)
+     {

Prev by Date: [pkgsrc/trunk]: pkgsrc/textproc/p5-Search-Xapian Update to 1.0.14.0. From the...
Next by Date: [pkgsrc/trunk]: pkgsrc/audio +ezstream
Previous by Thread: [pkgsrc/trunk]: pkgsrc/textproc/p5-Search-Xapian Update to 1.0.14.0. From the...
Next by Thread: [pkgsrc/trunk]: pkgsrc/audio +ezstream
Indexes:

Home | Main Index | Thread Index | Old Index