rpms / libpng

Clone
Source Code
GIT

Blame SOURCES/libpng-CVE-2013-6954.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c9 c9-beta
  1.   8387286b89d0652f353467c4083b8393560956d5
  2.   SOURCES
  3.   libpng-CVE-2013-6954.patch
Blob History Raw
bbd536 
diff --git a/pngrtran.c b/pngrtran.c
bbd536 
index 5673193..04eecee 100644
bbd536 
--- a/pngrtran.c
bbd536 
+++ b/pngrtran.c
bbd536 
@@ -1900,6 +1900,9 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr)
bbd536
bbd536 
          info_ptr->bit_depth = 8;
bbd536 
          info_ptr->num_trans = 0;
bbd536 
+
bbd536 
+         if (png_ptr->palette == NULL)
bbd536 
+            png_error (png_ptr, "Palette is NULL in indexed image");
bbd536 
       }
bbd536 
       else
bbd536 
       {
bbd536 
diff --git a/pngset.c b/pngset.c
bbd536 
index 4177e62..3876103 100644
bbd536 
--- a/pngset.c
bbd536 
+++ b/pngset.c
bbd536 
@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
bbd536 
          return;
bbd536 
       }
bbd536 
    }
bbd536 
+   if ((num_palette > 0 && palette == NULL) ||
bbd536 
+      (num_palette == 0
bbd536 
+ #       ifdef PNG_MNG_FEATURES_SUPPORTED
bbd536 
+            && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
bbd536 
+ #       endif
bbd536 
+      ))
bbd536 
+   {
bbd536 
+      png_error(png_ptr, "Invalid palette");
bbd536 
+      return;
bbd536 
+   }
bbd536
bbd536 
    /* It may not actually be necessary to set png_ptr->palette here;
bbd536 
     * we do it for backward compatibility with the way the png_handle_tRNS

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation