Blame SOURCES/libpng-CVE-2013-6954.patch

1f379d
diff --git a/pngrtran.c b/pngrtran.c
1f379d
index 5673193..04eecee 100644
1f379d
--- a/pngrtran.c
1f379d
+++ b/pngrtran.c
1f379d
@@ -1900,6 +1900,9 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr)
1f379d
 
1f379d
          info_ptr->bit_depth = 8;
1f379d
          info_ptr->num_trans = 0;
1f379d
+
1f379d
+         if (png_ptr->palette == NULL)
1f379d
+            png_error (png_ptr, "Palette is NULL in indexed image");
1f379d
       }
1f379d
       else
1f379d
       {
1f379d
diff --git a/pngset.c b/pngset.c
1f379d
index 4177e62..3876103 100644
1f379d
--- a/pngset.c
1f379d
+++ b/pngset.c
1f379d
@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
1f379d
          return;
1f379d
       }
1f379d
    }
1f379d
+   if ((num_palette > 0 && palette == NULL) ||
1f379d
+      (num_palette == 0
1f379d
+ #       ifdef PNG_MNG_FEATURES_SUPPORTED
1f379d
+            && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
1f379d
+ #       endif
1f379d
+      ))
1f379d
+   {
1f379d
+      png_error(png_ptr, "Invalid palette");
1f379d
+      return;
1f379d
+   }
1f379d
 
1f379d
    /* It may not actually be necessary to set png_ptr->palette here;
1f379d
     * we do it for backward compatibility with the way the png_handle_tRNS