summaryrefslogtreecommitdiffstats
path: root/abs/extra-testing/wxgtk/overflow.patch
diff options
context:
space:
mode:
Diffstat (limited to 'abs/extra-testing/wxgtk/overflow.patch')
-rw-r--r--abs/extra-testing/wxgtk/overflow.patch66
1 files changed, 0 insertions, 66 deletions
diff --git a/abs/extra-testing/wxgtk/overflow.patch b/abs/extra-testing/wxgtk/overflow.patch
deleted file mode 100644
index 543bdff..0000000
--- a/abs/extra-testing/wxgtk/overflow.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Index: /wxWidgets/branches/WX_2_8_BRANCH/src/common/imagpng.cpp
-===================================================================
---- /wxWidgets/branches/WX_2_8_BRANCH/src/common/imagpng.cpp (revision 53479)
-+++ /wxWidgets/branches/WX_2_8_BRANCH/src/common/imagpng.cpp (revision 60875)
-@@ -569,5 +569,7 @@
- goto error;
-
-- lines = (unsigned char **)malloc( (size_t)(height * sizeof(unsigned char *)) );
-+ // initialize all line pointers to NULL to ensure that they can be safely
-+ // free()d if an error occurs before all of them could be allocated
-+ lines = (unsigned char **)calloc(height, sizeof(unsigned char *));
- if ( !lines )
- goto error;
-@@ -576,9 +578,5 @@
- {
- if ((lines[i] = (unsigned char *)malloc( (size_t)(width * (sizeof(unsigned char) * 4)))) == NULL)
-- {
-- for ( unsigned int n = 0; n < i; n++ )
-- free( lines[n] );
- goto error;
-- }
- }
-
-Index: /wxWidgets/branches/WX_2_8_BRANCH/src/common/imagtiff.cpp
-===================================================================
---- /wxWidgets/branches/WX_2_8_BRANCH/src/common/imagtiff.cpp (revision 48694)
-+++ /wxWidgets/branches/WX_2_8_BRANCH/src/common/imagtiff.cpp (revision 60876)
-@@ -262,5 +262,4 @@
-
- uint32 w, h;
-- uint32 npixels;
- uint32 *raster;
-
-@@ -276,7 +275,18 @@
- samplesInfo[0] == EXTRASAMPLE_UNASSALPHA));
-
-- npixels = w * h;
--
-- raster = (uint32*) _TIFFmalloc( npixels * sizeof(uint32) );
-+ // guard against integer overflow during multiplication which could result
-+ // in allocating a too small buffer and then overflowing it
-+ const double bytesNeeded = w * h * sizeof(uint32);
-+ if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
-+ {
-+ if ( verbose )
-+ wxLogError( _("TIFF: Image size is abnormally big.") );
-+
-+ TIFFClose(tif);
-+
-+ return false;
-+ }
-+
-+ raster = (uint32*) _TIFFmalloc( bytesNeeded );
-
- if (!raster)
-Index: /wxWidgets/branches/WX_2_8_BRANCH/src/common/imagtiff.cpp
-===================================================================
---- /wxWidgets/branches/WX_2_8_BRANCH/src/common/imagtiff.cpp (revision 60876)
-+++ /wxWidgets/branches/WX_2_8_BRANCH/src/common/imagtiff.cpp (revision 60897)
-@@ -277,5 +277,5 @@
- // guard against integer overflow during multiplication which could result
- // in allocating a too small buffer and then overflowing it
-- const double bytesNeeded = w * h * sizeof(uint32);
-+ const double bytesNeeded = (double)w * (double)h * sizeof(uint32);
- if ( bytesNeeded >= 4294967295U /* UINT32_MAX */ )
- {
generated by cgit v0.12 at 2024-04-30 18:03:34 (GMT)