1 diff -up cups-1.3.7/filter/image-png.c.CVE-2008-1722 cups-1.3.7/filter/image-png.c
2 --- cups-1.3.7/filter/image-png.c.CVE-2008-1722 2007-07-11 22:46:42.000000000 +0100
3 +++ cups-1.3.7/filter/image-png.c 2008-05-09 11:27:45.000000000 +0100
6 * PNG image routines for the Common UNIX Printing System (CUPS).
8 - * Copyright 2007 by Apple Inc.
9 + * Copyright 2007-2008 by Apple Inc.
10 * Copyright 1993-2007 by Easy Software Products.
12 * These coded instructions, statements, and computer programs are the
13 @@ -170,16 +170,56 @@ _cupsImageReadPNG(
14 * Interlaced images must be loaded all at once...
17 + size_t bufsize; /* Size of buffer */
20 if (color_type == PNG_COLOR_TYPE_GRAY ||
21 color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
22 - in = malloc(img->xsize * img->ysize);
24 + bufsize = img->xsize * img->ysize;
26 + if ((bufsize / img->ysize) != img->xsize)
28 + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
29 + (unsigned)img->xsize, (unsigned)img->ysize);
35 - in = malloc(img->xsize * img->ysize * 3);
37 + bufsize = img->xsize * img->ysize * 3;
39 + if ((bufsize / (img->ysize * 3)) != img->xsize)
41 + fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
42 + (unsigned)img->xsize, (unsigned)img->ysize);
48 + in = malloc(bufsize);
51 bpp = cupsImageGetDepth(img);
52 out = malloc(img->xsize * bpp);
56 + fputs("DEBUG: Unable to allocate memory for PNG image!\n", stderr);
70 * Read the image, interlacing as needed...