libpng15/libpng15-CVE-2013-6954.patch
DistroBaker 5e92c38c8f Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/libpng15.git#d9682aaa6bdd7a2d64006f2e33dea3ee071a7bb6
2021-02-22 12:20:16 +01:00

22 lines
645 B
Diff

diff --git a/pngset.c b/pngset.c
index 4177e62..3876103 100644
--- a/pngset.c
+++ b/pngset.c
@@ -524,6 +524,16 @@ png_set_PLTE(png_structp png_ptr, png_infop info_ptr,
return;
}
}
+ if ((num_palette > 0 && palette == NULL) ||
+ (num_palette == 0
+ # ifdef PNG_MNG_FEATURES_SUPPORTED
+ && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
+ # endif
+ ))
+ {
+ png_error(png_ptr, "Invalid palette");
+ return;
+ }
/* It may not actually be necessary to set png_ptr->palette here;
* we do it for backward compatibility with the way the png_handle_tRNS