aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/netpbm-CVE-2017-2587.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/netpbm-CVE-2017-2587.patch')
-rw-r--r--gnu/packages/patches/netpbm-CVE-2017-2587.patch35
1 files changed, 35 insertions, 0 deletions
diff --git a/gnu/packages/patches/netpbm-CVE-2017-2587.patch b/gnu/packages/patches/netpbm-CVE-2017-2587.patch
new file mode 100644
index 0000000000..70fa508f60
--- /dev/null
+++ b/gnu/packages/patches/netpbm-CVE-2017-2587.patch
@@ -0,0 +1,35 @@
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Thu, 28 Feb 2019 20:29:00 +0100
+Subject: [PATCH] netpbm: Fix CVE-2017-2587.
+
+Copied verbatim from Debian[0].
+
+[0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2587.patch
+
+---
+diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c
+--- old/converter/other/svgtopam.c 2017-02-08 12:11:02.593690917 +0100
++++ new/converter/other/svgtopam.c 2017-02-08 13:49:38.319029371 +0100
+@@ -771,12 +771,17 @@ createCanvas(unsigned int const width,
+
+ MALLOCVAR_NOFAIL(canvasP);
+
+- canvasP->width = width;
+- canvasP->height = height;
+- canvasP->pixels = ppm_allocarray(width, height);
+- canvasP->maxval = maxval;
++ if(canvasP != NULL){
++ canvasP->width = width;
++ canvasP->height = height;
++ canvasP->pixels = ppm_allocarray(width, height);
++ canvasP->maxval = maxval;
++
++ *canvasPP = canvasP;
++ } else {
++ pm_error("can't allocate memory for canvas");
++ }
+
+- *canvasPP = canvasP;
+ }
+
+
generated by cgit v1.2.3 (git 2.25.4) at 2024-11-06 01:55:23 +0000