diff options
| author | dinoex <dinoex@FreeBSD.org> | 2008-08-12 22:21:12 +0800 |
|---|---|---|
| committer | dinoex <dinoex@FreeBSD.org> | 2008-08-12 22:21:12 +0800 |
| commit | 9e0648cfea9782ebffae195532c7cd354761a73a (patch) | |
| tree | 6f54b8ae75a01a1d5f926c2f5d3f21ebd7833aa9 /print | |
| parent | 79d7489ed4eeb8a16d03539195c606f20e1afff0 (diff) | |
| download | freebsd-ports-gnome-9e0648cfea9782ebffae195532c7cd354761a73a.tar.gz freebsd-ports-gnome-9e0648cfea9782ebffae195532c7cd354761a73a.tar.zst freebsd-ports-gnome-9e0648cfea9782ebffae195532c7cd354761a73a.zip | |
- Security fix
PR: 126447
Submitted by: Tsurutani Naoki
Obtained from: http://www.cups.org/str.php?L2790
Diffstat (limited to 'print')
| -rw-r--r-- | print/cups-base/Makefile | 2 | ||||
| -rw-r--r-- | print/cups-base/files/patch-str2790 | 72 |
2 files changed, 73 insertions, 1 deletions
diff --git a/print/cups-base/Makefile b/print/cups-base/Makefile index 6c2a539d7022..e593adbd7ca6 100644 --- a/print/cups-base/Makefile +++ b/print/cups-base/Makefile @@ -7,7 +7,7 @@ PORTNAME= cups PORTVERSION= 1.3.7 -PORTREVISION= 3 +PORTREVISION= 4 DISTVERSIONSUFFIX= -source CATEGORIES= print MASTER_SITES= EASYSW/${PORTNAME}/${DISTVERSION} diff --git a/print/cups-base/files/patch-str2790 b/print/cups-base/files/patch-str2790 new file mode 100644 index 000000000000..107b0fa95c1b --- /dev/null +++ b/print/cups-base/files/patch-str2790 @@ -0,0 +1,72 @@ +Index: image-png.c +=================================================================== +--- filter/image-png.c (revision 7434) ++++ filter/image-png.c (working copy) +@@ -3,7 +3,7 @@ + * + * PNG image routines for the Common UNIX Printing System (CUPS). + * +- * Copyright 2007 by Apple Inc. ++ * Copyright 2007-2008 by Apple Inc. + * Copyright 1993-2007 by Easy Software Products. + * + * These coded instructions, statements, and computer programs are the +@@ -170,16 +170,56 @@ + * Interlaced images must be loaded all at once... + */ + ++ size_t bufsize; /* Size of buffer */ ++ ++ + if (color_type == PNG_COLOR_TYPE_GRAY || + color_type == PNG_COLOR_TYPE_GRAY_ALPHA) +- in = malloc(img->xsize * img->ysize); ++ { ++ bufsize = img->xsize * img->ysize; ++ ++ if ((bufsize / img->ysize) != img->xsize) ++ { ++ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", ++ (unsigned)width, (unsigned)height); ++ fclose(fp); ++ return (1); ++ } ++ } + else +- in = malloc(img->xsize * img->ysize * 3); ++ { ++ bufsize = img->xsize * img->ysize * 3; ++ ++ if ((bufsize / (img->ysize * 3)) != img->xsize) ++ { ++ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n", ++ (unsigned)width, (unsigned)height); ++ fclose(fp); ++ return (1); ++ } ++ } ++ ++ in = malloc(bufsize); + } + + bpp = cupsImageGetDepth(img); + out = malloc(img->xsize * bpp); + ++ if (!in || !out) ++ { ++ fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr); ++ ++ if (in) ++ free(in); ++ ++ if (out) ++ free(out); ++ ++ fclose(fp); ++ ++ return (1); ++ } ++ + /* + * Read the image, interlacing as needed... + */ |