mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2025-01-01 09:02:59 -05:00
8830740643
* gnu/packages/patches/icecat-CVE-2015-0822.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-1.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-2.patch, gnu/packages/patches/icecat-CVE-2015-0827-pt-3.patch, gnu/packages/patches/icecat-CVE-2015-0831-pt-1.patch, gnu/packages/patches/icecat-CVE-2015-0831-pt-2.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-01.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-02.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-03.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-04.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-05.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-06.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-07.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-08.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-09.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-10.patch, gnu/packages/patches/icecat-CVE-2015-0836-pt-11.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
54 lines
2.1 KiB
Diff
54 lines
2.1 KiB
Diff
From 94899f849e50a765bb26420f5c70d49002d6673f Mon Sep 17 00:00:00 2001
|
|
From: Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
|
|
Date: Mon, 26 Jan 2015 16:07:00 -0500
|
|
Subject: [PATCH] Bug 1117406 - Fix handling of out-of-range PNG tRNS values.
|
|
r=jmuizelaar, a=abillings
|
|
|
|
---
|
|
image/decoders/nsPNGDecoder.cpp | 22 ++++++++++++----------
|
|
1 file changed, 12 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/image/decoders/nsPNGDecoder.cpp b/image/decoders/nsPNGDecoder.cpp
|
|
index acaa835..8e6bc2d 100644
|
|
--- a/image/decoders/nsPNGDecoder.cpp
|
|
+++ b/image/decoders/nsPNGDecoder.cpp
|
|
@@ -528,24 +528,26 @@ nsPNGDecoder::info_callback(png_structp png_ptr, png_infop info_ptr)
|
|
png_set_expand(png_ptr);
|
|
|
|
if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS)) {
|
|
- int sample_max = (1 << bit_depth);
|
|
png_color_16p trans_values;
|
|
png_get_tRNS(png_ptr, info_ptr, &trans, &num_trans, &trans_values);
|
|
/* libpng doesn't reject a tRNS chunk with out-of-range samples
|
|
so we check it here to avoid setting up a useless opacity
|
|
- channel or producing unexpected transparent pixels when using
|
|
- libpng-1.2.19 through 1.2.26 (bug #428045) */
|
|
- if ((color_type == PNG_COLOR_TYPE_GRAY &&
|
|
- (int)trans_values->gray > sample_max) ||
|
|
- (color_type == PNG_COLOR_TYPE_RGB &&
|
|
- ((int)trans_values->red > sample_max ||
|
|
- (int)trans_values->green > sample_max ||
|
|
- (int)trans_values->blue > sample_max)))
|
|
+ channel or producing unexpected transparent pixels (bug #428045) */
|
|
+ if (bit_depth < 16) {
|
|
+ png_uint_16 sample_max = (1 << bit_depth) - 1;
|
|
+ if ((color_type == PNG_COLOR_TYPE_GRAY &&
|
|
+ trans_values->gray > sample_max) ||
|
|
+ (color_type == PNG_COLOR_TYPE_RGB &&
|
|
+ (trans_values->red > sample_max ||
|
|
+ trans_values->green > sample_max ||
|
|
+ trans_values->blue > sample_max)))
|
|
{
|
|
/* clear the tRNS valid flag and release tRNS memory */
|
|
png_free_data(png_ptr, info_ptr, PNG_FREE_TRNS, 0);
|
|
+ num_trans = 0;
|
|
}
|
|
- else
|
|
+ }
|
|
+ if (num_trans != 0)
|
|
png_set_expand(png_ptr);
|
|
}
|
|
|
|
--
|
|
2.2.1
|
|
|