- update to 10.47.17

- add couple of missign overflow checks
This commit is contained in:
Jindrich Novy 2010-07-12 07:16:21 +00:00
parent e498cdb11e
commit 6e4c1e5a53
4 changed files with 103 additions and 3 deletions

View File

@ -1 +1 @@
netpbm-10.47.16.tar.xz netpbm-10.47.17.tar.xz

View File

@ -878,6 +878,102 @@ diff -up netpbm-10.47.04/converter/ppm/ppmtomitsu.c.security netpbm-10.47.04/con
medias.maxcols *= 2; medias.maxcols *= 2;
medias.maxrows *= 2; medias.maxrows *= 2;
} }
diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c
--- netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c.security 2009-10-21 13:39:09.000000000 +0200
+++ netpbm-10.47.04/converter/ppm/ppmtompeg/iframe.c 2009-10-21 15:09:33.000000000 +0200
@@ -800,7 +800,8 @@ BlockComputeSNR(MpegFrame * const curren
if (needs_init) {
int ysz = (Fsize_y>>3) * sizeof(int32 *);
int xsz = (Fsize_x>>3);
-
+
+ overflow2((Fsize_y>>3), sizeof(int32 *));
needs_init = FALSE;
for (y=0; y<3; y++) {
varDiff[y] = ratio[y] = total[y] = 0.0;
@@ -819,6 +820,7 @@ BlockComputeSNR(MpegFrame * const curren
fprintf(stderr, "Out of memory in BlockComputeSNR\n");
exit(-1);
}
+ overflow2(xsz,4);
for (y = 0; y < ySize[0]>>3; y++) {
SignalY[y] = (int32 *) calloc(xsz,4);
SignalCr[y] = (int32 *) calloc(xsz,4);
diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c
--- netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c.security 2009-10-21 13:39:10.000000000 +0200
+++ netpbm-10.47.04/converter/ppm/ppmtompeg/parallel.c 2009-10-21 15:09:33.000000000 +0200
@@ -2161,7 +2161,9 @@ DecodeServer(int const numInput
const char * error;
/* should keep list of port numbers to notify when frames become ready */
-
+
+ overflow2(numInputFiles, sizeof(int));
+ overflow2(numInputFiles, sizeof(boolean));
ready = (boolean *) calloc(numInputFiles, sizeof(boolean));
waitMachine = (int *) calloc(numInputFiles, sizeof(int));
waitPort = (int *) malloc(numMachines*sizeof(int));
diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c
--- netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c.security 2009-10-21 13:39:10.000000000 +0200
+++ netpbm-10.47.04/converter/ppm/ppmtompeg/psearch.c 2009-10-21 15:09:33.000000000 +0200
@@ -216,7 +216,14 @@ SetSearchRange(int const pixelsP, int co
int const max_search = max(searchRangeP, searchRangeB);
int index;
-
+
+ overflow2(searchRangeP, 2);
+ overflow2(searchRangeB, 2);
+ overflow_add(searchRangeP*2, 3);
+ overflow_add(searchRangeB*2, 3);
+ overflow2(2*searchRangeB+3, sizeof(int));
+ overflow2(2*searchRangeP+3, sizeof(int));
+
pmvHistogram = (int **) malloc((2*searchRangeP+3)*sizeof(int *));
bbmvHistogram = (int **) malloc((2*searchRangeB+3)*sizeof(int *));
bfmvHistogram = (int **) malloc((2*searchRangeB+3)*sizeof(int *));
@@ -800,6 +807,9 @@ ShowPMVHistogram(fpointer)
int *columnTotals;
int rowTotal;
+ overflow2(searchRangeP, 2);
+ overflow_add(searchRangeP*2, 3);
+ overflow2(searchRangeP*2+3, sizeof(int));
columnTotals = (int *) calloc(2*searchRangeP+3, sizeof(int));
#ifdef COMPLETE_DISPLAY
@@ -847,6 +857,9 @@ ShowBBMVHistogram(fpointer)
fprintf(fpointer, "B-frame Backwards:\n");
+ overflow2(searchRangeB, 2);
+ overflow_add(searchRangeB*2, 3);
+ overflow2(searchRangeB*2+3, sizeof(int));
columnTotals = (int *) calloc(2*searchRangeB+3, sizeof(int));
#ifdef COMPLETE_DISPLAY
@@ -894,6 +907,9 @@ ShowBFMVHistogram(fpointer)
fprintf(fpointer, "B-frame Forwards:\n");
+ overflow2(searchRangeB, 2);
+ overflow_add(searchRangeB*2, 3);
+ overflow2(searchRangeB*2+3, sizeof(int));
columnTotals = (int *) calloc(2*searchRangeB+3, sizeof(int));
#ifdef COMPLETE_DISPLAY
diff -up netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c.security netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c
--- netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c.security 2009-10-21 13:39:10.000000000 +0200
+++ netpbm-10.47.04/converter/ppm/ppmtompeg/rgbtoycc.c 2009-10-21 15:09:33.000000000 +0200
@@ -72,6 +72,8 @@ compute_mult_tables(const pixval maxval)
}
table_maxval = maxval;
+ overflow_add(table_maxval, 1);
+ overflow2(table_maxval+1, sizeof(float));
mult299 = malloc((table_maxval+1)*sizeof(float));
mult587 = malloc((table_maxval+1)*sizeof(float));
mult114 = malloc((table_maxval+1)*sizeof(float));
diff -up netpbm-10.47.04/converter/ppm/ppmtopcx.c.security netpbm-10.47.04/converter/ppm/ppmtopcx.c diff -up netpbm-10.47.04/converter/ppm/ppmtopcx.c.security netpbm-10.47.04/converter/ppm/ppmtopcx.c
--- netpbm-10.47.04/converter/ppm/ppmtopcx.c.security 2009-10-21 13:39:10.000000000 +0200 --- netpbm-10.47.04/converter/ppm/ppmtopcx.c.security 2009-10-21 13:39:10.000000000 +0200
+++ netpbm-10.47.04/converter/ppm/ppmtopcx.c 2009-10-21 15:09:33.000000000 +0200 +++ netpbm-10.47.04/converter/ppm/ppmtopcx.c 2009-10-21 15:09:33.000000000 +0200

View File

@ -1,6 +1,6 @@
Summary: A library for handling different graphics file formats Summary: A library for handling different graphics file formats
Name: netpbm Name: netpbm
Version: 10.47.16 Version: 10.47.17
Release: 1%{?dist} Release: 1%{?dist}
# See copyright_summary for details # See copyright_summary for details
License: BSD and GPLv2 and IJG and MIT and Public Domain License: BSD and GPLv2 and IJG and MIT and Public Domain
@ -251,6 +251,10 @@ rm -rf $RPM_BUILD_ROOT
%doc userguide/* %doc userguide/*
%changelog %changelog
* Mon Jul 12 2010 Jindrich Novy <jnovy@redhat.com> 10.47.17-1
- update to 10.47.17
- add couple of missign overflow checks
* Fri Jun 18 2010 Jindrich Novy <jnovy@redhat.com> 10.47.16-1 * Fri Jun 18 2010 Jindrich Novy <jnovy@redhat.com> 10.47.16-1
- update to 10.47.16 - update to 10.47.16
- fixes pbmtext - fixes pbmtext

View File

@ -1 +1 @@
41be70b9506fcb414821850732be7909 netpbm-10.47.16.tar.xz 993ad1befc3b2f2ba8c80d78f9323707 netpbm-10.47.17.tar.xz