- update to 10.47.17

- add couple of missign overflow checks

.cvsignore

@@ -1 +1 @@
-netpbm-10.47.16.tar.xz
+netpbm-10.47.17.tar.xz

netpbm-security-code.patch

@@ -878,6 +878,102 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtomitsu.c.security netpbm-10.47.04/con
          medias.maxcols *= 2;
          medias.maxrows *= 2;
      }
+diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c
+--- netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c.security	2009-10-21 13:39:09.000000000 +0200
++++ netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c	2009-10-21 15:09:33.000000000 +0200
+@@ -800,7 +800,8 @@ BlockComputeSNR(MpegFrame * const curren
+     if (needs_init) {
+         int ysz = (Fsize_y>>3) * sizeof(int32 *);
+         int xsz = (Fsize_x>>3);
+-    
++
++	overflow2((Fsize_y>>3), sizeof(int32 *));
+         needs_init = FALSE;
+         for (y=0; y<3; y++) {
+             varDiff[y] = ratio[y] = total[y] = 0.0;
+@@ -819,6 +820,7 @@ BlockComputeSNR(MpegFrame * const curren
+             fprintf(stderr, "Out of memory in BlockComputeSNR\n");
+             exit(-1);
+         }
++	overflow2(xsz,4);
+         for (y = 0; y < ySize[0]>>3; y++) {
+             SignalY[y]  = (int32 *) calloc(xsz,4);
+             SignalCr[y]  = (int32 *) calloc(xsz,4);
+diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c
+--- netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c.security	2009-10-21 13:39:10.000000000 +0200
++++ netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c	2009-10-21 15:09:33.000000000 +0200
+@@ -2161,7 +2161,9 @@ DecodeServer(int          const numInput
+     const char * error;
+ 
+     /* should keep list of port numbers to notify when frames become ready */
+-
++  
++    overflow2(numInputFiles, sizeof(int));
++    overflow2(numInputFiles, sizeof(boolean));
+     ready = (boolean *) calloc(numInputFiles, sizeof(boolean));
+     waitMachine = (int *) calloc(numInputFiles, sizeof(int));
+     waitPort = (int *) malloc(numMachines*sizeof(int));
+diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c
+--- netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c.security	2009-10-21 13:39:10.000000000 +0200
++++ netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c	2009-10-21 15:09:33.000000000 +0200
+@@ -216,7 +216,14 @@ SetSearchRange(int const pixelsP, int co
+         int const max_search = max(searchRangeP, searchRangeB);
+ 
+         int index;
+-    
++
++        overflow2(searchRangeP, 2);
++        overflow2(searchRangeB, 2);
++        overflow_add(searchRangeP*2, 3);
++        overflow_add(searchRangeB*2, 3);
++        overflow2(2*searchRangeB+3, sizeof(int));
++        overflow2(2*searchRangeP+3, sizeof(int));
++
+         pmvHistogram = (int **) malloc((2*searchRangeP+3)*sizeof(int *));
+         bbmvHistogram = (int **) malloc((2*searchRangeB+3)*sizeof(int *));
+         bfmvHistogram = (int **) malloc((2*searchRangeB+3)*sizeof(int *));
+@@ -800,6 +807,9 @@ ShowPMVHistogram(fpointer)
+     int *columnTotals;
+     int rowTotal;
+ 
++    overflow2(searchRangeP, 2);
++    overflow_add(searchRangeP*2,  3);
++    overflow2(searchRangeP*2+3, sizeof(int));
+     columnTotals = (int *) calloc(2*searchRangeP+3, sizeof(int));
+ 
+ #ifdef COMPLETE_DISPLAY
+@@ -847,6 +857,9 @@ ShowBBMVHistogram(fpointer)
+ 
+     fprintf(fpointer, "B-frame Backwards:\n");
+ 
++    overflow2(searchRangeB, 2);
++    overflow_add(searchRangeB*2,  3);
++    overflow2(searchRangeB*2+3, sizeof(int));
+     columnTotals = (int *) calloc(2*searchRangeB+3, sizeof(int));
+ 
+ #ifdef COMPLETE_DISPLAY
+@@ -894,6 +907,9 @@ ShowBFMVHistogram(fpointer)
+ 
+     fprintf(fpointer, "B-frame Forwards:\n");
+ 
++    overflow2(searchRangeB, 2);
++    overflow_add(searchRangeB*2,  3);
++    overflow2(searchRangeB*2+3, sizeof(int));
+     columnTotals = (int *) calloc(2*searchRangeB+3, sizeof(int));
+ 
+ #ifdef COMPLETE_DISPLAY
+diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c
+--- netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c.security	2009-10-21 13:39:10.000000000 +0200
++++ netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c	2009-10-21 15:09:33.000000000 +0200
+@@ -72,6 +72,8 @@ compute_mult_tables(const pixval maxval)
+         } 
+         table_maxval = maxval;
+ 
++	overflow_add(table_maxval, 1);
++	overflow2(table_maxval+1, sizeof(float));
+         mult299   = malloc((table_maxval+1)*sizeof(float));
+         mult587   = malloc((table_maxval+1)*sizeof(float));
+         mult114   = malloc((table_maxval+1)*sizeof(float));
 diff -up netpbm-10.47.04/converter/ppm/ppmtopcx.c.security netpbm-10.47.04/converter/ppm/ppmtopcx.c
 --- netpbm-10.47.04/converter/ppm/ppmtopcx.c.security	2009-10-21 13:39:10.000000000 +0200
 +++ netpbm-10.47.04/converter/ppm/ppmtopcx.c	2009-10-21 15:09:33.000000000 +0200

netpbm.spec

@@ -1,6 +1,6 @@
 Summary: A library for handling different graphics file formats
 Name: netpbm
-Version: 10.47.16
+Version: 10.47.17
 Release: 1%{?dist}
 # See copyright_summary for details
 License: BSD and GPLv2 and IJG and MIT and Public Domain
@@ -251,6 +251,10 @@ rm -rf $RPM_BUILD_ROOT
 %doc userguide/*
 
 %changelog
+* Mon Jul 12 2010 Jindrich Novy <jnovy@redhat.com> 10.47.17-1
+- update to 10.47.17
+- add couple of missign overflow checks
+
 * Fri Jun 18 2010 Jindrich Novy <jnovy@redhat.com> 10.47.16-1
 - update to 10.47.16
 - fixes pbmtext

sources

@@ -1 +1 @@
-41be70b9506fcb414821850732be7909  netpbm-10.47.16.tar.xz
+993ad1befc3b2f2ba8c80d78f9323707  netpbm-10.47.17.tar.xz