diff options
-rw-r--r-- | converter/other/fitstopnm.c | 9 | ||||
-rw-r--r-- | converter/ppm/ppmtompeg/frame.c | 1 | ||||
-rw-r--r-- | doc/HISTORY | 8 | ||||
-rw-r--r-- | version.mk | 2 |
4 files changed, 15 insertions, 5 deletions
diff --git a/converter/other/fitstopnm.c b/converter/other/fitstopnm.c index bdf5c78a..e7de4311 100644 --- a/converter/other/fitstopnm.c +++ b/converter/other/fitstopnm.c @@ -358,7 +358,7 @@ readCard(FILE * const ifP, size_t bytesRead; bytesRead = fread(buf, 1, 80, ifP); - if (bytesRead == 0) + if (bytesRead < 80) pm_error("error reading header"); } @@ -380,12 +380,15 @@ readFitsHeader(FILE * const ifP, while (!seenEnd) { unsigned int i; + for (i = 0; i < 36; ++i) { - char buf[80]; + char buf[81]; char c; - readCard(ifP, buf); + readCard(ifP, buf); /* Reads into first 80 elements of buf[] */ + buf[80] = '\0'; /* Make ASCIIZ string */ + if (sscanf(buf, "SIMPLE = %c", &c) == 1) { if (c == 'T' || c == 't') hP->simple = 1; diff --git a/converter/ppm/ppmtompeg/frame.c b/converter/ppm/ppmtompeg/frame.c index f91f2cc6..f5a0d39d 100644 --- a/converter/ppm/ppmtompeg/frame.c +++ b/converter/ppm/ppmtompeg/frame.c @@ -842,5 +842,4 @@ Frame_Resize(MpegFrame * const omf, exit(1); free(frameAP); - free(mf); } diff --git a/doc/HISTORY b/doc/HISTORY index 1a1fbfaf..cd7139df 100644 --- a/doc/HISTORY +++ b/doc/HISTORY @@ -4,6 +4,14 @@ Netpbm. CHANGE HISTORY -------------- +22.12.24 BJH Release 10.86.36 + + ppmtompeg: Fix crash with resize option because of invalid + memory free. + + fitstopnm: fix invalid memory reference (nonterminated ASCIIZ + string). + 22.09.24 BJH Release 10.86.35 pnmindex: fix shell injection vulnerabilities. Broken since diff --git a/version.mk b/version.mk index bff791a6..013a10a9 100644 --- a/version.mk +++ b/version.mk @@ -1,3 +1,3 @@ NETPBM_MAJOR_RELEASE = 10 NETPBM_MINOR_RELEASE = 86 -NETPBM_POINT_RELEASE = 35 +NETPBM_POINT_RELEASE = 36 |