Sophie

Sophie

distrib > Mageia > 5 > i586 > by-pkgid > 0c7fee42f0df13ab6e14334bc36f2056 > files > 3

libpng12-1.2.55-1.mga5.src.rpm

http://sourceforge.net/p/libpng/code/ci/1a3d6e3cf3082a0da998dbf402d384a589488859
http://sourceforge.net/p/libpng/code/ci/77a817bfc298a221e3e623acf73c2a1e726c4ec6
http://sourceforge.net/p/libpng/code/ci/bec9ca9b8aa0cf16d2cde1757379afbe9adbe7d9
Index: pngset.c
===================================================================
--- pngset.c.orig	2014-04-22 16:08:23.458978035 +0200
+++ pngset.c	2014-04-22 16:09:15.921977136 +0200
@@ -986,9 +986,17 @@
    if (png_ptr == NULL || info_ptr == NULL || num_unknowns == 0)
       return;
 
-   np = (png_unknown_chunkp)png_malloc_warn(png_ptr,
-       (png_uint_32)((info_ptr->unknown_chunks_num + num_unknowns) *
-       png_sizeof(png_unknown_chunk)));
+   if (num_unknowns < 0 ||
+       num_unknowns > INT_MAX-info_ptr->unknown_chunks_num ||
+      (unsigned int)/*SAFE*/(num_unknowns +/*SAFE*/
+            info_ptr->unknown_chunks_num) >=
+         PNG_SIZE_MAX/png_sizeof(png_unknown_chunk))
+      np=NULL;
+
+   else
+      np = (png_unknown_chunkp)png_malloc_warn(png_ptr,
+          (png_size_t)(info_ptr->unknown_chunks_num + num_unknowns) *
+          png_sizeof(png_unknown_chunk));
    if (np == NULL)
    {
       png_warning(png_ptr,

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional