Hello community, here is the log from the commit of package swftools for openSUSE:Factory checked in at 2017-05-04 08:55:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/swftools (Old) and /work/SRC/openSUSE:Factory/.swftools.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "swftools" Thu May 4 08:55:25 2017 rev:4 rq:492426 version:0.9.2 Changes: -------- --- /work/SRC/openSUSE:Factory/swftools/swftools.changes 2015-01-30 17:50:17.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.swftools.new/swftools.changes 2017-05-04 08:55:27.028116920 +0200 @@ -1,0 +2,7 @@ +Tue May 2 09:42:53 UTC 2017 - [email protected] + +- Add 0001-Fix-an-integer-overflow-issue-in-png.c.patch, + 0001-Fix-an-off-by-one-error-in-png.c.patch + [CVE-2017-8400, boo#1037050], [CVE-2017-8401, boo#1037051] + +------------------------------------------------------------------- New: ---- 0001-Fix-an-integer-overflow-issue-in-png.c.patch 0001-Fix-an-off-by-one-error-in-png.c.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ swftools.spec ++++++ --- /var/tmp/diff_new_pack.XTuYEo/_old 2017-05-04 08:55:27.911992268 +0200 +++ /var/tmp/diff_new_pack.XTuYEo/_new 2017-05-04 08:55:27.915991704 +0200 @@ -1,7 +1,7 @@ # # spec file for package swftools # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,6 +30,8 @@ Patch1: %name-make-destdir.patch Patch2: %name-makefile-install.diff Patch3: 0001-build-support-for-giflib-5.x.patch +Patch4: 0001-Fix-an-integer-overflow-issue-in-png.c.patch +Patch5: 0001-Fix-an-off-by-one-error-in-png.c.patch BuildRequires: fftw3-devel BuildRequires: fontconfig-devel BuildRequires: freetype2-devel @@ -52,7 +54,7 @@ %prep %setup -q -%patch -P 1 -P 2 -P 3 -p1 +%patch -P 1 -P 2 -P 3 -P 4 -P 5 -p1 %build %configure --disable-warnings ++++++ 0001-Fix-an-integer-overflow-issue-in-png.c.patch ++++++ >From 7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a Mon Sep 17 00:00:00 2001 From: Matthias Kramm <[email protected]> Date: Wed, 26 Apr 2017 09:02:20 -0700 Subject: [PATCH] Fix an integer overflow issue in png.c This aims to fix https://github.com/matthiaskramm/swftools/issues/13 --- lib/png.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/png.c b/lib/png.c index 66eebb44..44a4b425 100644 --- a/lib/png.c +++ b/lib/png.c @@ -575,8 +575,12 @@ EXPORT int png_load(const char*sname, unsigned*destwidth, unsigned*destheight, u *destwidth = header.width; *destheight = header.height; - - data2 = (unsigned char*)malloc(header.width*header.height*4); + + unsigned long long alloclen_64 = (unsigned long long)header.width * header.height * 4; + if (alloclen_64 > 0xffffffffl) { + return 0; + } + data2 = (unsigned char*)malloc((size_t)alloclen_64); if(header.mode == 4) { -- 2.12.2 ++++++ 0001-Fix-an-off-by-one-error-in-png.c.patch ++++++ >From 392fb1f3cd9a5b167787c551615c651c3f5326f2 Mon Sep 17 00:00:00 2001 From: Matthias Kramm <[email protected]> Date: Wed, 26 Apr 2017 09:08:44 -0700 Subject: [PATCH] Fix an off-by-one error in png.c This aims to fix https://github.com/matthiaskramm/swftools/issues/14 --- lib/png.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/png.c b/lib/png.c index 44a4b425..4bf29585 100644 --- a/lib/png.c +++ b/lib/png.c @@ -499,7 +499,7 @@ EXPORT int png_load(const char*sname, unsigned*destwidth, unsigned*destheight, u return 0; } - unsigned long long imagedatalen_64 = ((unsigned long long)header.width + 1) * header.height * bypp; + unsigned long long imagedatalen_64 = ((unsigned long long)header.width + 1) * header.height * bypp + 1; if(imagedatalen_64 > 0xffffffff) return 0; unsigned long imagedatalen = (unsigned long)imagedatalen_64; -- 2.12.2
