rpms/libpng
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2018-13785 (#1599944)

Browse Source
This commit is contained in:
Nikola Forró 2018-08-01 15:01:49 +02:00
parent 8f6a49ed49
commit 5bedc9e43f
2 changed files with 41 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
libpng-CVE-2018-13785.patch Normal file
View File

@ -0,0 +1,35 @@
From 3a50b3eca60a9e2c80c1f08d268ed628d80eb5ba Mon Sep 17 00:00:00 2001
From: Cosmin Truta <ctruta@gmail.com>
Date: Sun, 17 Jun 2018 22:56:29 -0400
Subject: [PATCH] [libpng16] Fix the calculation of row_factor in
png_check_chunk_length
(Bug report by Thuan Pham, SourceForge issue #278)
---
pngrutil.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/pngrutil.c b/pngrutil.c
index 8692933..eab2973 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -3149,10 +3149,13 @@ png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length)
{
png_alloc_size_t idat_limit = PNG_UINT_31_MAX;
size_t row_factor =
- (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
- + 1 + (png_ptr->interlaced? 6: 0));
+ (size_t)png_ptr->width
+ * (size_t)png_ptr->channels
+ * (png_ptr->bit_depth > 8? 2: 1)
+ + 1
+ + (png_ptr->interlaced? 6: 0);
if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
- idat_limit=PNG_UINT_31_MAX;
+ idat_limit = PNG_UINT_31_MAX;
else
idat_limit = png_ptr->height * row_factor;
row_factor = row_factor > 32566? 32566 : row_factor;
--
2.17.1

7
libpng.spec
View File

@ -2,7 +2,7 @@ Summary: A library of functions for manipulating PNG image format files
Name: libpng Name: libpng
Epoch: 2 Epoch: 2
Version: 1.6.34 Version: 1.6.34
Release: 5%{?dist} Release: 6%{?dist}
License: zlib License: zlib
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.libpng.org/pub/png/ URL: http://www.libpng.org/pub/png/
@ -13,6 +13,7 @@ Source0: https://ftp-osl.osuosl.org/pub/libpng/src/libpng16/libpng-%{versi
Source1: pngusr.dfa Source1: pngusr.dfa
Patch0: libpng-multilib.patch Patch0: libpng-multilib.patch
Patch1: libpng-fix-arm-neon.patch Patch1: libpng-fix-arm-neon.patch
Patch2: libpng-CVE-2018-13785.patch
BuildRequires: gcc BuildRequires: gcc
@ -68,6 +69,7 @@ cp -p %{SOURCE1} .
%patch0 -p1 %patch0 -p1
%patch1 -p1 -b .arm %patch1 -p1 -b .arm
%patch2 -p1 -b .CVE-2018-13785
%build %build
autoreconf -vif autoreconf -vif
@ -109,6 +111,9 @@ make check
%{_bindir}/pngfix %{_bindir}/pngfix
%changelog %changelog
* Wed Aug 01 2018 Nikola Forró <nforro@redhat.com> - 2:1.6.34-6
- Fix CVE-2018-13785 (#1599944)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.34-5 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:1.6.34-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild