unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob 70fa508f606ebe3a41c93ec21b0a99016f5c6322 1065 bytes (raw)
name: patches/netpbm-CVE-2017-2587.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

 
From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Thu, 28 Feb 2019 20:29:00 +0100
Subject: [PATCH] netpbm: Fix CVE-2017-2587.

Copied verbatim from Debian[0].

[0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2587.patch

---
diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c
--- old/converter/other/svgtopam.c	2017-02-08 12:11:02.593690917 +0100
+++ new/converter/other/svgtopam.c	2017-02-08 13:49:38.319029371 +0100
@@ -771,12 +771,17 @@ createCanvas(unsigned int const width,
 
     MALLOCVAR_NOFAIL(canvasP);
 
-    canvasP->width  = width;
-    canvasP->height = height;
-    canvasP->pixels = ppm_allocarray(width, height);
-    canvasP->maxval = maxval;
+    if(canvasP != NULL){
+        canvasP->width  = width;
+        canvasP->height = height;
+        canvasP->pixels = ppm_allocarray(width, height);
+        canvasP->maxval = maxval;
+
+        *canvasPP = canvasP;
+    } else {
+       pm_error("can't allocate memory for canvas");
+    }
 
-    *canvasPP = canvasP;
 }
 
 

debug log:

solving 70fa508f606ebe3a41c93ec21b0a99016f5c6322 ...
found 70fa508f606ebe3a41c93ec21b0a99016f5c6322 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).