36 lines
1.0 KiB
Diff
36 lines
1.0 KiB
Diff
From: Tobias Geerinckx-Rice <me@tobias.gr>
|
|
Date: Thu, 28 Feb 2019 20:29:00 +0100
|
|
Subject: [PATCH] netpbm: Fix CVE-2017-2587.
|
|
|
|
Copied verbatim from Debian[0].
|
|
|
|
[0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2587.patch
|
|
|
|
---
|
|
diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c
|
|
--- old/converter/other/svgtopam.c 2017-02-08 12:11:02.593690917 +0100
|
|
+++ new/converter/other/svgtopam.c 2017-02-08 13:49:38.319029371 +0100
|
|
@@ -771,12 +771,17 @@ createCanvas(unsigned int const width,
|
|
|
|
MALLOCVAR_NOFAIL(canvasP);
|
|
|
|
- canvasP->width = width;
|
|
- canvasP->height = height;
|
|
- canvasP->pixels = ppm_allocarray(width, height);
|
|
- canvasP->maxval = maxval;
|
|
+ if(canvasP != NULL){
|
|
+ canvasP->width = width;
|
|
+ canvasP->height = height;
|
|
+ canvasP->pixels = ppm_allocarray(width, height);
|
|
+ canvasP->maxval = maxval;
|
|
+
|
|
+ *canvasPP = canvasP;
|
|
+ } else {
|
|
+ pm_error("can't allocate memory for canvas");
|
|
+ }
|
|
|
|
- *canvasPP = canvasP;
|
|
}
|
|
|
|
|