Navigation:
Browse pkgsrc
(this page)| 2003-08-29 22:49:31 by Johnny C. Lam | Files touched by this commit (1) |
Log message: The checks for MIPSPro and including gcc.buildlink3.mk have moved to bsd.pkg.mk, so no need for the same logic here. |
| 2003-07-17 23:50:07 by grant beattie | Files touched by this commit (1504) |
Log message: s/netbsd.org/NetBSD.org/ |
| 2003-06-12 17:40:32 by Jan Schaumann | Files touched by this commit (1) |
Log message: Under IRIX, we don't need gcc's buildlink. MIPSPro does just fine. |
| 2003-05-28 14:51:30 by grant beattie | Files touched by this commit (1) |
Log message: include gcc.buildlink2.mk, allows this to build on NetBSD with gcc 3.3. |
| 2003-02-17 16:28:04 by Dieter Baron | Files touched by this commit (19) |
Log message: convert to use test target from bsd.pkg.mk addresses PR pkg/19416 |
| 2002-12-20 18:54:28 by Frederick Bruckman | Files touched by this commit (3) |
Log message:
Fix another bug in png_do_read_filler() regarding 16-big *grayscale*
images (and bump package to 1.2.5nb2). The following is taken directly
from the png-implement mailing list...
Date: Fri, 20 Dec 2002 11:26:31 -0500
From: Glenn Randers-Pehrson <glennrp@comcast.net>
Reply-To: png-implement@ccrc.wustl.edu
To: png-implement@ccrc.wustl.edu
Subject: Re: [png-implement] bug in png_read_filler() with 16-bit samples
At 01:01 AM 12/5/02 -0500, Glenn Randers-Pehrson wrote:
>A bug has turned up in png_read_filler() with 16-bit samples.
>The starting offsets for the loops are calculated incorrectly
>which causes a buffer overrun beyond the beginning of the row
>buffer.
>
>To fix, at lines 1968 and 1990,
>change "row_width * 3" to "row_width * 6"
>and at lines 1969 and 1991,
>change "row_width;" to "row_width * 2;"
This is only half of the story. Adding an alpha channel to
16-bit *grayscale* images with png_do_read_filler() exhibits
the same bug, and pngcrush crashes if I try to do it.
To fix, at lines 1892, 1893, 1910, and 1911 of pngrtran.c
change "row_width" to "row_width * 2"
Note that applications that do not add an alpha channel via
png_set_filler(), and any applications that do, but reduce 16-bit
samples to 8 bit via png_set_strip_16() are invulnerable to
the bug. Pngcrush is the only application that I know of
that uses png_set_filler() without also using png_set_strip_16().
Glenn
--
Send the message body "help" to png-implement-request@ccrc.wustl.edu
|
| 2002-12-19 22:25:10 by Frederick Bruckman | Files touched by this commit (3) |
Log message: Fix a buffer overrun in png_do_read_filler() with 16-bit samples, as reported to the png-implement mailing list by Glenn Randers-Pehrson: ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-implement.200212 [Glenn Randers-Pehrson is the original author and chief maintainer of libpng.] >From the discussion in the archive, it appears to be unlikely that the bug could be exploited by a malicious web-server, chiefly because the operation that triggers it is more likely to be carried out by an image manipulation program (i.e. pngcrush), than by a web browser. |
| 2002-11-26 22:39:15 by Chris Pinnock | Files touched by this commit (1) |
Log message: NetBSD tag. |
| 2002-11-06 22:30:20 by Frederick Bruckman | Files touched by this commit (3) |
Log message: Update to png 1.2.5: * Changed png_error() to png_warning() about "Too much data" in pngpread.c and about "Extra compressed data" in pngrutil.c. * Prevent png_ptr->pass from exceeding 7 in png_push_finish_row(). * Updated png.c and pnggccrd.c handling of return from png_mmx_support() [Doesn't apply to the package.] * Only issue png_warning() about "Too much data" in pngpread.c when avail_in is nonzero. * Relocated two misplaced PNGAPI lines in pngtest.c Update submitted by Stefan Krüger in PR/18926. |
| 2002-10-09 16:37:17 by Thomas Klausner | Files touched by this commit (1) |
Log message: Unused. |
New packages: