rpms / libpng

Clone
Source Code
GIT

Blame SOURCES/libpng-CVE-2013-6954.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c9 c9-beta
  1.   c7-beta
  2.   SOURCES
  3.   libpng-CVE-2013-6954.patch
Blob History Raw
1f379d 
diff --git a/pngrtran.c b/pngrtran.c
1f379d 
index 5673193..04eecee 100644
1f379d 
--- a/pngrtran.c
1f379d 
+++ b/pngrtran.c
1f379d 
@@ -1900,6 +1900,9 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr)
1f379d
1f379d 
          info_ptr->bit_depth = 8;
1f379d 
          info_ptr->num_trans = 0;
1f379d 
+
1f379d 
+         if (png_ptr->palette == NULL)
1f379d 
+            png_error (png_ptr, "Palette is NULL in indexed image");
1f379d 
       }
1f379d 
       else
1f379d 
       {
1f379d 
diff --git a/pngset.c b/pngset.c
1f379d 
index 4177e62..3876103 100644
1f379d 
--- a/pngset.c
1f379d 
+++ b/pngset.c
1f379d 
@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
1f379d 
          return;
1f379d 
       }
1f379d 
    }
1f379d 
+   if ((num_palette > 0 && palette == NULL) ||
1f379d 
+      (num_palette == 0
1f379d 
+ #       ifdef PNG_MNG_FEATURES_SUPPORTED
1f379d 
+            && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
1f379d 
+ #       endif
1f379d 
+      ))
1f379d 
+   {
1f379d 
+      png_error(png_ptr, "Invalid palette");
1f379d 
+      return;
1f379d 
+   }
1f379d
1f379d 
    /* It may not actually be necessary to set png_ptr->palette here;
1f379d 
     * we do it for backward compatibility with the way the png_handle_tRNS

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation