rpms/wxGTK/F-10 wxGTK-2.8.10-CVE-2009-2369.patch, NONE, 1.1 wxGTK.spec, 1.42, 1.43
Dan Horák
sharkcz at fedoraproject.org
Wed Jul 15 17:55:06 UTC 2009
- Previous message (by thread): rpms/valide/F-11 import.log, NONE, 1.1 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 valide.spec, 1.1, 1.2
- Next message (by thread): rpms/valide/F-10 .cvsignore, 1.2, 1.3 import.log, 1.1, 1.2 sources, 1.2, 1.3 valide.spec, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sharkcz
Update of /cvs/pkgs/rpms/wxGTK/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv4364
Modified Files:
wxGTK.spec
Added Files:
wxGTK-2.8.10-CVE-2009-2369.patch
Log Message:
* Wed Jul 15 2009 Dan Horák <dan[at]danny.cz> - 2.8.10-2
- add fix for CVE-2009-2369 (#511279)
wxGTK-2.8.10-CVE-2009-2369.patch:
--- NEW FILE wxGTK-2.8.10-CVE-2009-2369.patch ---
Index: src/common/imagpng.cpp
===================================================================
--- src/common/imagpng.cpp (revision 60874)
+++ src/common/imagpng.cpp (revision 60875)
@@ -568,18 +568,16 @@
if (!image->Ok())
goto error;
- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
+ // initialize all line pointers to NULL to ensure that they can be safely
+ // free()d if an error occurs before all of them could be allocated
+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
if ( !lines )
goto error;
for (i = 0; i < height; i++)
{
if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
- {
- for ( unsigned int n = 0; n < i; n++ )
- free( lines[n] );
goto error;
- }
}
png_read_image( png_ptr, lines );
Index: src/common/imagtiff.cpp
===================================================================
--- src/common/imagtiff.cpp (revision 60875)
+++ src/common/imagtiff.cpp (revision 60876)
@@ -261,7 +261,6 @@
}
uint32 w, h;
- uint32 npixels;
uint32 *raster;
TIFFGetField( tif, TIFFTAG_IMAGEWIDTH, &w );
@@ -275,10 +274,21 @@
(samplesInfo[0] == EXTRASAMPLE_ASSOCALPHA ||
samplesInfo[0] == EXTRASAMPLE_UNASSALPHA));
- npixels = w * h;
+ // guard against integer overflow during multiplication which could result
+ // in allocating a too small buffer and then overflowing it
+ const double bytesNeeded = w * h * sizeof(uint32);
+ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
+ {
+ if ( verbose )
+ wxLogError( _("TIFF: Image size is abnormally big.") );
- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
+ TIFFClose(tif);
+ return false;
+ }
+
+ raster = (uint32*) _TIFFmalloc( bytesNeeded );
+
if (!raster)
{
if (verbose)
Index: src/common/imagtiff.cpp
===================================================================
--- src/common/imagtiff.cpp (revision 60896)
+++ src/common/imagtiff.cpp (revision 60897)
@@ -276,7 +276,7 @@
// guard against integer overflow during multiplication which could result
// in allocating a too small buffer and then overflowing it
- const double bytesNeeded = w * h * sizeof(uint32);
+ const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
{
if ( verbose )
Index: wxGTK.spec
===================================================================
RCS file: /cvs/pkgs/rpms/wxGTK/F-10/wxGTK.spec,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -p -r1.42 -r1.43
--- wxGTK.spec 22 May 2009 11:28:57 -0000 1.42
+++ wxGTK.spec 15 Jul 2009 17:55:06 -0000 1.43
@@ -6,7 +6,7 @@
Name: wxGTK
Version: 2.8.10
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: GTK2 port of the wxWidgets GUI library
# The wxWindows licence is the LGPL with a specific exemption allowing
# distribution of derived binaries under any terms. (This will eventually
@@ -16,6 +16,9 @@ Group: System Environment/Libra
URL: http://www.wxwidgets.org/
Source0: http://dl.sf.net/wxwindows/%{name}-%{version}.tar.bz2
+# http://trac.wxwidgets.org/ticket/10993
+Patch0: %{name}-2.8.10-CVE-2009-2369.patch
+
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gtk2-devel, zlib-devel >= 1.1.4
@@ -124,6 +127,7 @@ libraries or the X Window System.
%prep
%setup -q
+%patch0 -p0 -b .CVE-2009-2369
sed -i -e 's|/usr/lib\b|%{_libdir}|' wx-config.in configure
@@ -257,6 +261,7 @@ rm -rf $RPM_BUILD_ROOT
%endif
%files -n wxBase
+%defattr(-,root,root,-)
%doc docs/changes.txt docs/gpl.txt docs/lgpl.txt docs/licence.txt
%doc docs/licendoc.txt docs/preamble.txt docs/readme.txt
%{_libdir}/libwx_baseu-*.so.*
@@ -265,6 +270,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Wed Jul 15 2009 Dan Horák <dan[at]danny.cz> - 2.8.10-2
+- add fix for CVE-2009-2369 (#511279)
+
* Fri May 22 2009 Dan Horak <dan[at]danny.cz> - 2.8.10-1
- update to 2.8.10
- Previous message (by thread): rpms/valide/F-11 import.log, NONE, 1.1 .cvsignore, 1.2, 1.3 sources, 1.2, 1.3 valide.spec, 1.1, 1.2
- Next message (by thread): rpms/valide/F-10 .cvsignore, 1.2, 1.3 import.log, 1.1, 1.2 sources, 1.2, 1.3 valide.spec, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list