Bug#861693: swftools: diff for NMU version 0.9.2+git20130725-4.1

Sat, 27 May 2017 04:55:16 -0700 

Control: tags 861693 + pending

Dear maintainer,

I've prepared an NMU for swftools (versioned as 0.9.2+git20130725-4.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards,
Salvatore

diff -Nru swftools-0.9.2+git20130725/debian/changelog swftools-0.9.2+git20130725/debian/changelog
--- swftools-0.9.2+git20130725/debian/changelog	2016-01-04 23:07:22.000000000 +0100
+++ swftools-0.9.2+git20130725/debian/changelog	2017-05-27 13:25:12.000000000 +0200
@@ -1,3 +1,10 @@
+swftools (0.9.2+git20130725-4.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * Fix an integer overflow issue in png.c (CVE-2017-8400) (Closes: #861693)
+
+ -- Salvatore Bonaccorso <car...@debian.org>  Sat, 27 May 2017 13:25:12 +0200
+
 swftools (0.9.2+git20130725-4) unstable; urgency=medium
 
   * Build using giflib5 (patch by Matthias Klose <d...@ubuntu.com>)
diff -Nru swftools-0.9.2+git20130725/debian/patches/Fix-an-integer-overflow-issue-in-png.c.patch swftools-0.9.2+git20130725/debian/patches/Fix-an-integer-overflow-issue-in-png.c.patch
--- swftools-0.9.2+git20130725/debian/patches/Fix-an-integer-overflow-issue-in-png.c.patch	1970-01-01 01:00:00.000000000 +0100
+++ swftools-0.9.2+git20130725/debian/patches/Fix-an-integer-overflow-issue-in-png.c.patch	2017-05-06 17:39:04.000000000 +0200
@@ -0,0 +1,32 @@
+From 7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a Mon Sep 17 00:00:00 2001
+From: Matthias Kramm <kr...@quiss.org>
+Date: Wed, 26 Apr 2017 09:02:20 -0700
+Subject: [PATCH] Fix an integer overflow issue in png.c
+
+This aims to fix https://github.com/matthiaskramm/swftools/issues/13
+---
+ lib/png.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/lib/png.c b/lib/png.c
+index 66eebb4..44a4b42 100644
+--- a/lib/png.c
++++ b/lib/png.c
+@@ -575,8 +575,12 @@ EXPORT int png_load(const char*sname, unsigned*destwidth, unsigned*destheight, u
+ 
+     *destwidth = header.width;
+     *destheight = header.height;
+-	
+-    data2 = (unsigned char*)malloc(header.width*header.height*4);
++
++    unsigned long long alloclen_64 = (unsigned long long)header.width * header.height * 4;
++    if (alloclen_64 > 0xffffffffl) {
++        return 0;
++    }
++    data2 = (unsigned char*)malloc((size_t)alloclen_64);
+ 
+     if(header.mode == 4)
+     {
+-- 
+2.1.4
+
diff -Nru swftools-0.9.2+git20130725/debian/patches/series swftools-0.9.2+git20130725/debian/patches/series
--- swftools-0.9.2+git20130725/debian/patches/series	2016-01-04 22:46:04.000000000 +0100
+++ swftools-0.9.2+git20130725/debian/patches/series	2017-05-27 13:24:58.000000000 +0200
@@ -7,3 +7,4 @@
 spelling.patch
 remove-fontconfig.patch
 giflib5.patch
+Fix-an-integer-overflow-issue-in-png.c.patch

Reply via email to