Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/x11-libs/wxGTK/files/wxGTK-2.8.10.1-CVE-2009-2369.patch
diff options
context:
space:
mode:
Diffstat (limited to 'x11-libs/wxGTK/files/wxGTK-2.8.10.1-CVE-2009-2369.patch')
-rw-r--r--x11-libs/wxGTK/files/wxGTK-2.8.10.1-CVE-2009-2369.patch59
1 files changed, 0 insertions, 59 deletions
diff --git a/x11-libs/wxGTK/files/wxGTK-2.8.10.1-CVE-2009-2369.patch b/x11-libs/wxGTK/files/wxGTK-2.8.10.1-CVE-2009-2369.patch
deleted file mode 100644
index 42392c8bb3d4..000000000000
--- a/x11-libs/wxGTK/files/wxGTK-2.8.10.1-CVE-2009-2369.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-diff -Naurp wxPython-src-2.8.10.1-orig/src/common/imagpng.cpp wxPython-src-2.8.10.1/src/common/imagpng.cpp
---- wxPython-src-2.8.10.1-orig/src/common/imagpng.cpp 2008-05-11 22:26:45.000000000 -0600
-+++ wxPython-src-2.8.10.1/src/common/imagpng.cpp 2009-07-18 19:54:13.128547627 -0600
-@@ -568,18 +568,16 @@ wxPNGHandler::LoadFile(wxImage *image,
- if (!image->Ok())
- goto error;
-
-- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
-+ // initialize all line pointers to NULL to ensure that they can be safely
-+ // free()d if an error occurs before all of them could be allocated
-+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
- if ( !lines )
- goto error;
-
- for (i = 0; i < height; i++)
- {
- if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
-- {
-- for ( unsigned int n = 0; n < i; n++ )
-- free( lines[n] );
- goto error;
-- }
- }
-
- png_read_image( png_ptr, lines );
-diff -Naurp wxPython-src-2.8.10.1-orig/src/common/imagtiff.cpp wxPython-src-2.8.10.1/src/common/imagtiff.cpp
---- wxPython-src-2.8.10.1-orig/src/common/imagtiff.cpp 2007-09-21 14:27:05.000000000 -0600
-+++ wxPython-src-2.8.10.1/src/common/imagtiff.cpp 2009-07-18 19:54:35.801832862 -0600
-@@ -261,7 +261,6 @@ bool wxTIFFHandler::LoadFile( wxImage *i
- }
-
- uint32 w, h;
-- uint32 npixels;
- uint32 *raster;
-
- TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
-@@ -275,9 +274,20 @@ bool wxTIFFHandler::LoadFile( wxImage *i
- (samplesInfo[0] == EXTRASAMPLE_ASSOCALPHA ||
- samplesInfo[0] == EXTRASAMPLE_UNASSALPHA));
-
-- npixels = w * h;
-+ // guard against integer overflow during multiplication which could result
-+ // in allocating a too small buffer and then overflowing it
-+ const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
-+ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
-+ {
-+ if ( verbose )
-+ wxLogError( _("TIFF: Image size is abnormally big.") );
-+
-+ TIFFClose(tif);
-+
-+ return false;
-+ }
-
-- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
-+ raster = (uint32*) _TIFFmalloc( bytesNeeded );
-
- if (!raster)
- {