Репозитории ALT
| S: | 2.4.7-alt1 |
| 5.1: | 1.4.2-alt1.M51.2 |
| 4.1: | 1.3.10-alt0.M41.4 |
| +updates: | 1.3.9-alt1.M41.1 |
| 4.0: | 1.2.12-alt6.M40.9 |
| +updates: | 1.2.12-alt6.M40.8 |
| 3.0: | 1.1.20-alt14.1 |
Группа :: Система/Серверы
Пакет: cups
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: cups-1.2.12-CVE-2008-1722.patch
Скачать
Скачать
diff -up cups-1.2.4/filter/image-png.c.CVE-2008-1722 cups-1.2.4/filter/image-png.c
--- cups-1.2.4/filter/image-png.c.CVE-2008-1722 2006-05-11 12:41:36.000000000 +0100
+++ cups-1.2.4/filter/image-png.c 2008-05-13 11:01:32.000000000 +0100
@@ -3,6 +3,7 @@
*
* PNG image routines for the Common UNIX Printing System (CUPS).
*
+ * Copyright 2007-2008 by Apple Inc.
* Copyright 1993-2006 by Easy Software Products.
*
* These coded instructions, statements, and computer programs are the
@@ -179,16 +180,56 @@ _cupsImageReadPNG(
* Interlaced images must be loaded all at once...
*/
+ size_t bufsize; /* Size of buffer */
+
+
if (color_type == PNG_COLOR_TYPE_GRAY ||
color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
- in = malloc(img->xsize * img->ysize);
+ {+ bufsize = img->xsize * img->ysize;
+
+ if ((bufsize / img->ysize) != img->xsize)
+ {+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ (unsigned)img->xsize, (unsigned)img->ysize);
+ fclose(fp);
+ return (1);
+ }
+ }
else
- in = malloc(img->xsize * img->ysize * 3);
+ {+ bufsize = img->xsize * img->ysize * 3;
+
+ if ((bufsize / (img->ysize * 3)) != img->xsize)
+ {+ fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
+ (unsigned)img->xsize, (unsigned)img->ysize);
+ fclose(fp);
+ return (1);
+ }
+ }
+
+ in = malloc(bufsize);
}
bpp = cupsImageGetDepth(img);
out = malloc(img->xsize * bpp);
+ if (!in || !out)
+ {+ fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr);+
+ if (in)
+ free(in);
+
+ if (out)
+ free(out);
+
+ fclose(fp);
+
+ return (1);
+ }
+
/*
* Read the image, interlacing as needed...
*/