[seamonkey] Added fix for mozbz#727401 - libpng crash - fixed in 2.7.2
Martin Stransky
stransky at fedoraproject.org
Fri Feb 24 14:16:24 UTC 2012
commit 348c4d0896d6a519cb7f8223443994e24def727c
Author: Martin Stransky <stransky at anakreon.cz>
Date: Fri Feb 24 15:16:18 2012 +0100
Added fix for mozbz#727401 - libpng crash - fixed in 2.7.2
mozilla-727401.patch | 38 ++++++++++++++++++++++++++++++++++++++
seamonkey.spec | 10 +++++++++-
2 files changed, 47 insertions(+), 1 deletions(-)
---
diff --git a/mozilla-727401.patch b/mozilla-727401.patch
new file mode 100644
index 0000000..df7ff6d
--- /dev/null
+++ b/mozilla-727401.patch
@@ -0,0 +1,38 @@
+# HG changeset patch
+# User Benjamin Smedberg <benjamin at smedbergs.us>
+# Date 1329314881 18000
+# Node ID 355163c56ea5ad5037ac6da754252aaea67d2217
+# Parent 81f6b9cbb2a92ac08d1ccc0c1b44d6a5c28f6e2a
+Bug 727401 - import libpng overflow patch from http://codereview.chromium.org/9363013
+
+diff --git a/media/libpng/pngrutil.c b/media/libpng/pngrutil.c
+--- a/media/libpng/pngrutil.c
++++ b/media/libpng/pngrutil.c
+@@ -396,18 +396,25 @@ png_decompress_chunk(png_structp png_ptr
+ #if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \
+ defined(PNG_USER_CHUNK_MALLOC_MAX)
+ else
+ #endif
+ if (expanded_size > 0)
+ {
+ /* Success (maybe) - really uncompress the chunk. */
+ png_size_t new_size = 0;
+- png_charp text = png_malloc_warn(png_ptr,
+- prefix_size + expanded_size + 1);
++ png_charp text = NULL;
++ /* Need to check for both truncation (64-bit platforms) and integer
++ * overflow.
++ */
++ if (prefix_size + expanded_size > prefix_size &&
++ prefix_size + expanded_size < 0xffffffffU)
++ {
++ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
++ }
+
+ if (text != NULL)
+ {
+ png_memcpy(text, png_ptr->chunkdata, prefix_size);
+ new_size = png_inflate(png_ptr,
+ (png_bytep)(png_ptr->chunkdata + prefix_size),
+ chunklength - prefix_size,
+ (png_bytep)(text + prefix_size), expanded_size);
diff --git a/seamonkey.spec b/seamonkey.spec
index b6074af..228d63d 100644
--- a/seamonkey.spec
+++ b/seamonkey.spec
@@ -16,7 +16,7 @@
Name: seamonkey
Summary: Web browser, e-mail, news, IRC client, HTML editor
Version: 2.7.1
-Release: 1%{?dist}
+Release: 2%{?dist}
URL: http://www.mozilla.org/projects/seamonkey/
License: MPLv1.1
Group: Applications/Internet
@@ -37,6 +37,7 @@ Source100: find-external-requires
Patch1: xulrunner-10.0-gcc47.patch
Patch5: seamonkey-8.0-enable-addons.patch
+Patch6: mozilla-727401.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: nspr-devel >= %{minimum_build_nspr_version}
@@ -105,6 +106,10 @@ cd ..
%patch5 -p2 -b .addons
+pushd mozilla
+%patch6 -p1 -b .727401
+popd
+
%{__rm} -f .mozconfig
%{__cp} %{SOURCE10} .mozconfig
@@ -355,6 +360,9 @@ update-desktop-database %{_datadir}/applications
%changelog
+* Fri Feb 24 2012 Martin Stransky <stransky at redhat.com> 2.7.1-2
+- Added fix for mozbz#727401 - libpng crash
+
* Tue Feb 14 2012 Martin Stransky <stransky at redhat.com> 2.7.1-1
- Update to 2.7.1
More information about the scm-commits
mailing list