[xulrunner/f15] Added fix for mozbz#727401
Martin Stransky
stransky at fedoraproject.org
Thu Feb 16 11:44:41 UTC 2012
commit b01ac6acd67d5133e6e9d57917c1995cf12058f0
Author: Martin Stransky <stransky at redhat.com>
Date: Thu Feb 16 12:43:58 2012 +0100
Added fix for mozbz#727401
mozilla-727401.patch | 38 ++++++++++++++++++++++++++++++++++++++
xulrunner.spec | 8 ++++++--
2 files changed, 44 insertions(+), 2 deletions(-)
---
diff --git a/mozilla-727401.patch b/mozilla-727401.patch
new file mode 100644
index 0000000..df7ff6d
--- /dev/null
+++ b/mozilla-727401.patch
@@ -0,0 +1,38 @@
+# HG changeset patch
+# User Benjamin Smedberg <benjamin at smedbergs.us>
+# Date 1329314881 18000
+# Node ID 355163c56ea5ad5037ac6da754252aaea67d2217
+# Parent 81f6b9cbb2a92ac08d1ccc0c1b44d6a5c28f6e2a
+Bug 727401 - import libpng overflow patch from http://codereview.chromium.org/9363013
+
+diff --git a/media/libpng/pngrutil.c b/media/libpng/pngrutil.c
+--- a/media/libpng/pngrutil.c
++++ b/media/libpng/pngrutil.c
+@@ -396,18 +396,25 @@ png_decompress_chunk(png_structp png_ptr
+ #if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \
+ defined(PNG_USER_CHUNK_MALLOC_MAX)
+ else
+ #endif
+ if (expanded_size > 0)
+ {
+ /* Success (maybe) - really uncompress the chunk. */
+ png_size_t new_size = 0;
+- png_charp text = png_malloc_warn(png_ptr,
+- prefix_size + expanded_size + 1);
++ png_charp text = NULL;
++ /* Need to check for both truncation (64-bit platforms) and integer
++ * overflow.
++ */
++ if (prefix_size + expanded_size > prefix_size &&
++ prefix_size + expanded_size < 0xffffffffU)
++ {
++ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
++ }
+
+ if (text != NULL)
+ {
+ png_memcpy(text, png_ptr->chunkdata, prefix_size);
+ new_size = png_inflate(png_ptr,
+ (png_bytep)(png_ptr->chunkdata + prefix_size),
+ chunklength - prefix_size,
+ (png_bytep)(text + prefix_size), expanded_size);
diff --git a/xulrunner.spec b/xulrunner.spec
index 49da3f8..cea743f 100644
--- a/xulrunner.spec
+++ b/xulrunner.spec
@@ -61,7 +61,7 @@
Summary: XUL Runtime for Gecko Applications
Name: xulrunner
Version: 10.0.1
-Release: 2%{?pre_tag}%{?dist}
+Release: 3%{?pre_tag}%{?dist}
URL: http://developer.mozilla.org/En/XULRunner
License: MPLv1.1 or GPLv2+ or LGPLv2+
Group: Applications/Internet
@@ -99,7 +99,7 @@ Patch43: mozilla-file.patch
# Needed to detect/use libvpx-1.0.0
# https://bugzilla.mozilla.org/show_bug.cgi?id=722127
Patch44: mozilla-722127.patch
-
+Patch45: mozilla-727401.patch
# ---------------------------------------------------
@@ -232,6 +232,7 @@ sed -e 's/__RPM_VERSION_INTERNAL__/%{gecko_dir_ver}/' %{P:%%PATCH0} \
%patch42 -p1 -b .706724
%patch43 -p1 -b .file
%patch44 -p2 -b .vpx1.0.0
+%patch45 -p1 -b .727401
%{__rm} -f .mozconfig
%{__cp} %{SOURCE10} .mozconfig
@@ -458,6 +459,9 @@ fi
#---------------------------------------------------------------------
%changelog
+* Tue Feb 16 2012 Martin Stransky <stransky at redhat.com> - 10.0.1-3
+- Added fix for mozbz#727401
+
* Tue Feb 14 2012 Martin Stransky <stransky at redhat.com> - 10.0.1-2
- Allow network manager to handle the offline status
More information about the scm-commits
mailing list