summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2004-11-01 02:39:08 +0000
committerMike Frysinger <vapier@gentoo.org>2004-11-01 02:39:08 +0000
commitfbe7d0bf3d2461ae2570cb6a47eef621abb6a274 (patch)
treec912704ff93114b36eb9867b37c36042c431413a
parentRestore changelog entries from when it was xfree-drm. (Manifest recommit) (diff)
downloadgentoo-2-fbe7d0bf3d2461ae2570cb6a47eef621abb6a274.tar.gz
gentoo-2-fbe7d0bf3d2461ae2570cb6a47eef621abb6a274.tar.bz2
gentoo-2-fbe7d0bf3d2461ae2570cb6a47eef621abb6a274.zip
Backwards port png overflow fix from gd-2.x #69070.
-rw-r--r--media-libs/gd/ChangeLog6
-rw-r--r--media-libs/gd/files/1.8.4-png-overflows.patch65
-rw-r--r--media-libs/gd/gd-1.8.4-r2.ebuild5
3 files changed, 73 insertions, 3 deletions
diff --git a/media-libs/gd/ChangeLog b/media-libs/gd/ChangeLog
index 62752149c0b4..a6608fea3059 100644
--- a/media-libs/gd/ChangeLog
+++ b/media-libs/gd/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for media-libs/gd
# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/gd/ChangeLog,v 1.12 2004/11/01 01:53:32 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/gd/ChangeLog,v 1.13 2004/11/01 02:39:08 vapier Exp $
+
+ 31 Oct 2004; Mike Frysinger <vapier@gentoo.org>
+ +files/1.8.4-png-overflows.patch, gd-1.8.4-r2.ebuild:
+ Backwards port png overflow fix from gd-2.x #69070.
*gd-2.0.31 (31 Oct 2004)
diff --git a/media-libs/gd/files/1.8.4-png-overflows.patch b/media-libs/gd/files/1.8.4-png-overflows.patch
new file mode 100644
index 000000000000..365d6a76a731
--- /dev/null
+++ b/media-libs/gd/files/1.8.4-png-overflows.patch
@@ -0,0 +1,65 @@
+--- gd-1.8.4/gd_png.c 2001-02-06 14:44:02.000000000 -0500
++++ gd-1.8.4/gd_png.c.new 2004-10-31 21:36:03.939822448 -0500
+@@ -11,6 +11,23 @@
+
+ #ifdef HAVE_LIBPNG
+
++#include <limits.h>
++
++int overflow2(int a, int b)
++{
++ if(a < 0 || b < 0) {
++ fprintf(stderr, "gd warning: one parameter to a memory allocation multiplication is negative, failing operation gracefully\n");
++ return 1;
++ }
++ if(b == 0)
++ return 0;
++ if(a > INT_MAX / b) {
++ fprintf(stderr, "gd warning: product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
++ return 1;
++ }
++ return 0;
++}
++
+ /*---------------------------------------------------------------------------
+
+ gd_png.c Copyright 1999 Greg Roelofs and Thomas Boutell
+@@ -342,11 +359,20 @@
+
+ /* allocate space for the PNG image data */
+ rowbytes = png_get_rowbytes(png_ptr, info_ptr);
++ if (overflow2(rowbytes, height)) {
++ png_destroy_read_struct (&png_ptr, &info_ptr, NULL);
++ return NULL;
++ }
+ if ((image_data = (png_bytep)gdMalloc(rowbytes*height)) == NULL) {
+ fprintf(stderr, "gd-png error: cannot allocate image data\n");
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+ return NULL;
+ }
++ if (overflow2(height, sizeof (png_bytep))) {
++ png_destroy_read_struct (&png_ptr, &info_ptr, NULL);
++ gdFree (image_data);
++ return NULL;
++ }
+ if ((row_pointers = (png_bytepp)gdMalloc(height*sizeof(png_bytep))) == NULL) {
+ fprintf(stderr, "gd-png error: cannot allocate row pointers\n");
+ png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
+@@ -577,10 +603,17 @@
+ * interlaced images, but interlacing causes some serious complications. */
+ if (remap) {
+ png_bytep *row_pointers;
++ if (overflow2(sizeof (png_bytep), height)) {
++ return;
++ }
+ row_pointers = gdMalloc(sizeof(png_bytep) * height);
+ if (row_pointers == NULL) {
+ fprintf(stderr, "gd-png error: unable to allocate row_pointers\n");
+ }
++ if (overflow2(width, height)) {
++ fprintf(stderr, "gd-png error: unable to allocate rows\n");
++ return;
++ }
+ for (j = 0; j < height; ++j) {
+ if ((row_pointers[j] = (png_bytep)gdMalloc(width)) == NULL) {
+ fprintf(stderr, "gd-png error: unable to allocate rows\n");
diff --git a/media-libs/gd/gd-1.8.4-r2.ebuild b/media-libs/gd/gd-1.8.4-r2.ebuild
index 61f2628b9928..bcd63dcd6f7a 100644
--- a/media-libs/gd/gd-1.8.4-r2.ebuild
+++ b/media-libs/gd/gd-1.8.4-r2.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2004 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/gd/gd-1.8.4-r2.ebuild,v 1.3 2004/10/31 11:07:35 hansmi Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/gd/gd-1.8.4-r2.ebuild,v 1.4 2004/11/01 02:39:08 vapier Exp $
inherit eutils toolchain-funcs
@@ -10,7 +10,7 @@ SRC_URI="http://www.boutell.com/gd/http/${P}.tar.gz"
LICENSE="|| ( as-is BSD )"
SLOT="0"
-KEYWORDS="x86 ppc sparc hppa amd64 alpha ia64"
+KEYWORDS="alpha amd64 hppa ia64 ppc sparc x86"
IUSE="X truetype freetype-version-1 jpeg"
DEPEND="media-libs/libpng
@@ -24,6 +24,7 @@ DEPEND="media-libs/libpng
src_unpack() {
unpack ${A}
cd ${S}
+ epatch ${FILESDIR}/${PV}-png-overflows.patch
local compopts
local libsopts