38 lines
1.0 KiB
Diff
38 lines
1.0 KiB
Diff
|
Fix CVE-2016-10087, a null pointer dereference in png_set_text_2():
|
||
|
|
||
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10087
|
||
|
http://seclists.org/oss-sec/2016/q4/777
|
||
|
|
||
|
Patch adapted from upstream source repository:
|
||
|
|
||
|
https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb/
|
||
|
|
||
|
From 812768d7a9c973452222d454634496b25ed415eb Mon Sep 17 00:00:00 2001
|
||
|
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
|
||
|
Date: Thu, 29 Dec 2016 07:51:33 -0600
|
||
|
Subject: [PATCH] [libpng16] Fixed a potential null pointer dereference in
|
||
|
png_set_text_2()
|
||
|
|
||
|
(bug report and patch by Patrick Keshishian).
|
||
|
---
|
||
|
ANNOUNCE | 2 ++
|
||
|
CHANGES | 2 ++
|
||
|
png.c | 1 +
|
||
|
3 files changed, 5 insertions(+)
|
||
|
|
||
|
diff --git a/png.c b/png.c
|
||
|
index 8afc28fc2..2e05de159 100644
|
||
|
--- a/png.c
|
||
|
+++ b/png.c
|
||
|
@@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
|
||
|
png_free(png_ptr, info_ptr->text);
|
||
|
info_ptr->text = NULL;
|
||
|
info_ptr->num_text = 0;
|
||
|
+ info_ptr->max_text = 0;
|
||
|
}
|
||
|
}
|
||
|
#endif
|
||
|
--
|
||
|
2.11.0
|
||
|
|