[netpbm] - fix ppmtopict buffer underflow - fix memory corruption in pnmtopclxl
Jindrich Novy
jnovy at fedoraproject.org
Wed Jun 13 13:46:35 UTC 2012
commit 123a01124f98861542e84f27b62bbc0e08571ac5
Author: Jindrich Novy <jnovy at redhat.com>
Date: Wed Jun 13 15:49:08 2012 +0200
- fix ppmtopict buffer underflow
- fix memory corruption in pnmtopclxl
netpbm-pnmtopclxl.patch | 16 ++++++++++++++++
netpbm-ppmtopict.patch | 12 ++++++++++++
netpbm.spec | 11 ++++++++++-
3 files changed, 38 insertions(+), 1 deletions(-)
---
diff --git a/netpbm-pnmtopclxl.patch b/netpbm-pnmtopclxl.patch
new file mode 100644
index 0000000..dc67040
--- /dev/null
+++ b/netpbm-pnmtopclxl.patch
@@ -0,0 +1,16 @@
+diff -up netpbm-10.58.01/converter/other/pnmtopclxl.c.pnmtopclxl netpbm-10.58.01/converter/other/pnmtopclxl.c
+--- netpbm-10.58.01/converter/other/pnmtopclxl.c.pnmtopclxl 2012-04-09 15:31:42.000000000 +0200
++++ netpbm-10.58.01/converter/other/pnmtopclxl.c 2012-06-13 15:39:17.566141565 +0200
+@@ -269,10 +269,10 @@ XY_RLEnew(size_t const size) {
+
+ MALLOCVAR(rleP);
+ if (rleP) {
+- rleP->fbuf = malloc(size);
++ rleP->fbufsize = MAX(1024, size);
++ rleP->fbuf = malloc(rleP->fbufsize);
+
+ if (rleP->fbuf) {
+- rleP->fbufsize = MAX(1024, size);
+ retval = rleP;
+ } else
+ retval = NULL;
diff --git a/netpbm-ppmtopict.patch b/netpbm-ppmtopict.patch
new file mode 100644
index 0000000..97b7d2b
--- /dev/null
+++ b/netpbm-ppmtopict.patch
@@ -0,0 +1,12 @@
+diff -up netpbm-10.58.01/converter/ppm/ppmtopict.c.ppmtopict netpbm-10.58.01/converter/ppm/ppmtopict.c
+--- netpbm-10.58.01/converter/ppm/ppmtopict.c.ppmtopict 2012-06-13 09:52:42.000000000 +0200
++++ netpbm-10.58.01/converter/ppm/ppmtopict.c 2012-06-13 11:33:11.134747363 +0200
+@@ -200,7 +200,7 @@ putRow(FILE * const ifP,
+ pixel * const rowpixels,
+ char * const packed) {
+
+- unsigned int i;
++ int i;
+ unsigned int count;
+ unsigned int run;
+ unsigned int rep;
diff --git a/netpbm.spec b/netpbm.spec
index 4637b2f..f460d6d 100644
--- a/netpbm.spec
+++ b/netpbm.spec
@@ -1,7 +1,7 @@
Summary: A library for handling different graphics file formats
Name: netpbm
Version: 10.58.01
-Release: 2%{?dist}
+Release: 3%{?dist}
# See copyright_summary for details
License: BSD and GPLv2 and IJG and MIT and Public Domain
Group: System Environment/Libraries
@@ -31,6 +31,8 @@ Patch20: netpbm-noppmtompeg.patch
Patch21: netpbm-cmuwtopbm.patch
Patch22: netpbm-pamtojpeg2k.patch
Patch23: netpbm-manfix.patch
+Patch24: netpbm-ppmtopict.patch
+Patch25: netpbm-pnmtopclxl.patch
BuildRequires: libjpeg-devel, libpng-devel, libtiff-devel, flex
BuildRequires: libX11-devel, python, jasper-devel, libxml2-devel
@@ -102,6 +104,8 @@ netpbm-doc. You'll also need to install the netpbm-progs package.
%patch21 -p1 -b .cmuwtopbmfix
%patch22 -p1 -b .pamtojpeg2kfix
%patch23 -p1 -b .manfix
+%patch24 -p1 -b .ppmtopict
+%patch25 -p1 -b .pnmtopclxl
sed -i 's/STRIPFLAG = -s/STRIPFLAG =/g' config.mk.in
rm -rf converter/other/jpeg2000/libjasper/
@@ -131,6 +135,7 @@ sed -i -e 's/^SUBDIRS = libjasper/SUBDIRS =/' converter/other/jpeg2000/Makefile
EOF
TOP=`pwd`
+
make \
CC="%{__cc}" \
LDFLAGS="-L$TOP/pbm -L$TOP/pgm -L$TOP/pnm -L$TOP/ppm" \
@@ -245,6 +250,10 @@ rm -rf $RPM_BUILD_ROOT
%doc userguide/*
%changelog
+* Wed Jun 13 2012 Jindrich Novy <jnovy at redhat.com> 10.58.01-3
+- fix ppmtopict buffer underflow
+- fix memory corruption in pnmtopclxl
+
* Sun May 06 2012 Jindrich Novy <jnovy at redhat.com> 10.58.01-2
- rebuild against new libtiff
More information about the scm-commits
mailing list