summary refs log tree commit diff
path: root/gnu/packages/patches/libpng-CVE-2016-10087.patch
blob: 8093b3e448f3665c5fe966d2ba4d5b47f22ca8fe (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
http://seclists.org/oss-sec/2016/q4/777

Patch adapted from upstream source repository:

https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/

From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Thu, 29 Dec 2016 07:51:33 -0600
Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
 png_set_text_2()

(bug report and patch by Patrick Keshishian).
---
 ANNOUNCE | 2 ++
 CHANGES  | 2 ++
 png.c    | 1 +
 3 files changed, 5 insertions(+)

diff --git a/png.c b/png.c
index 8afc28fc2..2e05de159 100644
--- a/png.c
+++ b/png.c
@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
          png_free(png_ptr, info_ptr->text);
          info_ptr->text = NULL;
          info_ptr->num_text = 0;
+         info_ptr->max_text = 0;
       }
    }
 #endif
-- 
2.11.0