|
|
@@ -1,6 +1,62 @@
|
|
|
---- Tk-804.027/PNG/libpng/pngrtran.c.orig Wed Oct 2 20:20:24 2002
|
|
|
-+++ Tk-804.027/PNG/libpng/pngrtran.c Wed Jan 15 11:30:23 2003
|
|
|
-@@ -1965,8 +1965,8 @@
|
|
|
+Index: Tk-PNG-2.005/libpng/pngconf.h
|
|
|
+--- Tk-PNG-2.005/libpng/pngconf.h.orig 2004-07-01 13:18:23 +0200
|
|
|
++++ Tk-PNG-2.005/libpng/pngconf.h 2004-07-01 13:30:50 +0200
|
|
|
+@@ -119,10 +119,6 @@
|
|
|
+ #define _PNG_SAVE_BSD_SOURCE
|
|
|
+ #undef _BSD_SOURCE
|
|
|
+ #endif
|
|
|
+-#ifdef _SETJMP_H
|
|
|
+-__png.h__ already includes setjmp.h
|
|
|
+-__dont__ include it again
|
|
|
+-#endif
|
|
|
+ #endif /* __linux__ */
|
|
|
+
|
|
|
+ /* include setjmp.h for error handling */
|
|
|
+Index: Tk-PNG-2.005/libpng/pngerror.c
|
|
|
+--- Tk-PNG-2.005/libpng/pngerror.c.orig 2004-07-01 13:18:23 +0200
|
|
|
++++ Tk-PNG-2.005/libpng/pngerror.c 2004-07-01 13:34:07 +0200
|
|
|
+@@ -82,10 +82,13 @@
|
|
|
+ if (message == NULL)
|
|
|
+ buffer[iout] = 0;
|
|
|
+ else {
|
|
|
++ png_size_t len;
|
|
|
++ if ((len = png_strlen(error_message)) > 63)
|
|
|
++ len = 63;
|
|
|
+ buffer[iout++] = ':';
|
|
|
+ buffer[iout++] = ' ';
|
|
|
+- png_memcpy(buffer+iout, message, 64);
|
|
|
+- buffer[iout+63] = 0;
|
|
|
++ png_memcpy(buffer+iout, error_message, len);
|
|
|
++ buffer[iout+len] = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+Index: Tk-PNG-2.005/libpng/pngrtran.c
|
|
|
+--- Tk-PNG-2.005/libpng/pngrtran.c.orig 2000-04-21 20:57:35 +0200
|
|
|
++++ Tk-PNG-2.005/libpng/pngrtran.c 2004-07-01 13:18:23 +0200
|
|
|
+@@ -1783,8 +1783,8 @@
|
|
|
+ /* This changes the data from GG to GGXX */
|
|
|
+ if (flags & PNG_FLAG_FILLER_AFTER)
|
|
|
+ {
|
|
|
+- png_bytep sp = row + (png_size_t)row_width;
|
|
|
+- png_bytep dp = sp + (png_size_t)row_width;
|
|
|
++ png_bytep sp = row + (png_size_t)row_width * 2;
|
|
|
++ png_bytep dp = sp + (png_size_t)row_width * 2;
|
|
|
+ for (i = 1; i < row_width; i++)
|
|
|
+ {
|
|
|
+ *(--dp) = hi_filler;
|
|
|
+@@ -1801,8 +1801,8 @@
|
|
|
+ /* This changes the data from GG to XXGG */
|
|
|
+ else
|
|
|
+ {
|
|
|
+- png_bytep sp = row + (png_size_t)row_width;
|
|
|
+- png_bytep dp = sp + (png_size_t)row_width;
|
|
|
++ png_bytep sp = row + (png_size_t)row_width * 2;
|
|
|
++ png_bytep dp = sp + (png_size_t)row_width * 2;
|
|
|
+ for (i = 0; i < row_width; i++)
|
|
|
+ {
|
|
|
+ *(--dp) = *(--sp);
|
|
|
+@@ -1859,8 +1859,8 @@
|
|
|
/* This changes the data from RRGGBB to RRGGBBXX */
|
|
|
if (flags & PNG_FLAG_FILLER_AFTER)
|
|
|
{
|
|
|
@@ -11,7 +67,7 @@
|
|
|
for (i = 1; i < row_width; i++)
|
|
|
{
|
|
|
*(--dp) = hi_filler;
|
|
|
-@@ -1987,8 +1987,8 @@
|
|
|
+@@ -1881,8 +1881,8 @@
|
|
|
/* This changes the data from RRGGBB to XXRRGGBB */
|
|
|
else
|
|
|
{
|
|
|
@@ -22,13 +78,23 @@
|
|
|
for (i = 0; i < row_width; i++)
|
|
|
{
|
|
|
*(--dp) = *(--sp);
|
|
|
-
|
|
|
-Steve G <linux_4ever@yahoo.com>
|
|
|
-Libpng accesses memory that is out of bounds when creating an error message
|
|
|
-
|
|
|
-Index: pngerror.c
|
|
|
---- Tk-804.027/PNG/libpng/pngerror.c.orig 2002-10-03 13:32:27.000000000 +0200
|
|
|
-+++ Tk-804.027/PNG/libpng/pngerror.c 2004-04-28 13:24:22.000000000 +0200
|
|
|
+Index: Tk-804.027/PNG/libpng/pngconf.h
|
|
|
+--- Tk-804.027/PNG/libpng/pngconf.h.orig 2003-11-29 12:39:30 +0100
|
|
|
++++ Tk-804.027/PNG/libpng/pngconf.h 2004-07-01 13:36:23 +0200
|
|
|
+@@ -251,10 +251,6 @@
|
|
|
+ # define PNG_SAVE_BSD_SOURCE
|
|
|
+ # undef _BSD_SOURCE
|
|
|
+ # endif
|
|
|
+-# ifdef _SETJMP_H
|
|
|
+- __png.h__ already includes setjmp.h;
|
|
|
+- __dont__ include it again.;
|
|
|
+-# endif
|
|
|
+ # endif /* __linux__ */
|
|
|
+
|
|
|
+ /* include setjmp.h for error handling */
|
|
|
+Index: Tk-804.027/PNG/libpng/pngerror.c
|
|
|
+--- Tk-804.027/PNG/libpng/pngerror.c.orig 2003-11-29 12:39:30 +0100
|
|
|
++++ Tk-804.027/PNG/libpng/pngerror.c 2004-07-01 13:36:23 +0200
|
|
|
@@ -135,10 +135,13 @@
|
|
|
buffer[iout] = 0;
|
|
|
else
|
|
|
@@ -45,8 +111,31 @@ Index: pngerror.c
|
|
|
}
|
|
|
}
|
|
|
|
|
|
---- Tk-PNG-2.005/libpng/pngrtran.c.orig Wed Oct 2 20:20:24 2002
|
|
|
-+++ Tk-PNG-2.005/libpng/pngrtran.c Wed Jan 15 11:30:23 2003
|
|
|
+Index: Tk-804.027/PNG/libpng/pngrtran.c
|
|
|
+--- Tk-804.027/PNG/libpng/pngrtran.c.orig 2003-11-29 12:39:31 +0100
|
|
|
++++ Tk-804.027/PNG/libpng/pngrtran.c 2004-07-01 13:36:23 +0200
|
|
|
+@@ -1889,8 +1889,8 @@
|
|
|
+ /* This changes the data from GG to GGXX */
|
|
|
+ if (flags & PNG_FLAG_FILLER_AFTER)
|
|
|
+ {
|
|
|
+- png_bytep sp = row + (png_size_t)row_width;
|
|
|
+- png_bytep dp = sp + (png_size_t)row_width;
|
|
|
++ png_bytep sp = row + (png_size_t)row_width * 2;
|
|
|
++ png_bytep dp = sp + (png_size_t)row_width * 2;
|
|
|
+ for (i = 1; i < row_width; i++)
|
|
|
+ {
|
|
|
+ *(--dp) = hi_filler;
|
|
|
+@@ -1907,8 +1907,8 @@
|
|
|
+ /* This changes the data from GG to XXGG */
|
|
|
+ else
|
|
|
+ {
|
|
|
+- png_bytep sp = row + (png_size_t)row_width;
|
|
|
+- png_bytep dp = sp + (png_size_t)row_width;
|
|
|
++ png_bytep sp = row + (png_size_t)row_width * 2;
|
|
|
++ png_bytep dp = sp + (png_size_t)row_width * 2;
|
|
|
+ for (i = 0; i < row_width; i++)
|
|
|
+ {
|
|
|
+ *(--dp) = *(--sp);
|
|
|
@@ -1965,8 +1965,8 @@
|
|
|
/* This changes the data from RRGGBB to RRGGBBXX */
|
|
|
if (flags & PNG_FLAG_FILLER_AFTER)
|
|
|
@@ -69,29 +158,3 @@ Index: pngerror.c
|
|
|
for (i = 0; i < row_width; i++)
|
|
|
{
|
|
|
*(--dp) = *(--sp);
|
|
|
-
|
|
|
-Steve G <linux_4ever@yahoo.com>
|
|
|
-Libpng accesses memory that is out of bounds when creating an error message
|
|
|
-
|
|
|
-Index: pngerror.c
|
|
|
---- Tk-PNG-2.005/libpng/pngerror.c.orig 2004-04-29 15:33:33.000000000 +0200
|
|
|
-+++ Tk-PNG-2.005/libpng/pngerror.c 2004-04-29 15:35:46.000000000 +0200
|
|
|
-@@ -81,11 +81,15 @@
|
|
|
-
|
|
|
- if (message == NULL)
|
|
|
- buffer[iout] = 0;
|
|
|
-- else {
|
|
|
-+ else
|
|
|
-+ {
|
|
|
-+ png_size_t len;
|
|
|
-+ if ((len = png_strlen(message)) > 63)
|
|
|
-+ len = 63;
|
|
|
- buffer[iout++] = ':';
|
|
|
- buffer[iout++] = ' ';
|
|
|
-- png_memcpy(buffer+iout, message, 64);
|
|
|
-- buffer[iout+63] = 0;
|
|
|
-+ png_memcpy(buffer+iout, message, len);
|
|
|
-+ buffer[iout+len] = 0;
|
|
|
- }
|
|
|
- }
|
|
|
-
|
Thorsten Hohmeier