From bc1dad25f16fdcecf8d49c7458667117371deacd Mon Sep 17 00:00:00 2001
From: giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>
Date: Sat, 24 Dec 2022 00:18:17 +0000
Subject: Release 10.86.37

git-svn-id: http://svn.code.sf.net/p/netpbm/code/stable@4482 9d0c8265-081b-0410-96cb-a4ca84ce46f8
---
 converter/other/fitstopnm.c     | 9 ++++++---
 converter/ppm/ppmtompeg/frame.c | 1 -
 doc/HISTORY                     | 8 ++++++++
 version.mk                      | 2 +-
 4 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/converter/other/fitstopnm.c b/converter/other/fitstopnm.c
index bdf5c78a..e7de4311 100644
--- a/converter/other/fitstopnm.c
+++ b/converter/other/fitstopnm.c
@@ -358,7 +358,7 @@ readCard(FILE * const ifP,
     size_t bytesRead;
 
     bytesRead = fread(buf, 1, 80, ifP);
-    if (bytesRead == 0)
+    if (bytesRead < 80)
         pm_error("error reading header");
 }
 
@@ -380,12 +380,15 @@ readFitsHeader(FILE *               const ifP,
   
     while (!seenEnd) {
         unsigned int i;
+
         for (i = 0; i < 36; ++i) {
-            char buf[80];
+            char buf[81];
             char c;
 
-            readCard(ifP, buf);
+            readCard(ifP, buf); /* Reads into first 80 elements of buf[] */
     
+            buf[80] = '\0'; /* Make ASCIIZ string */
+
             if (sscanf(buf, "SIMPLE = %c", &c) == 1) {
                 if (c == 'T' || c == 't')
                     hP->simple = 1;
diff --git a/converter/ppm/ppmtompeg/frame.c b/converter/ppm/ppmtompeg/frame.c
index f91f2cc6..f5a0d39d 100644
--- a/converter/ppm/ppmtompeg/frame.c
+++ b/converter/ppm/ppmtompeg/frame.c
@@ -842,5 +842,4 @@ Frame_Resize(MpegFrame * const omf,
                 exit(1);
 
     free(frameAP);
-    free(mf);
 }
diff --git a/doc/HISTORY b/doc/HISTORY
index 1a1fbfaf..cd7139df 100644
--- a/doc/HISTORY
+++ b/doc/HISTORY
@@ -4,6 +4,14 @@ Netpbm.
 CHANGE HISTORY 
 --------------
 
+22.12.24 BJH  Release 10.86.36
+
+              ppmtompeg: Fix crash with resize option because of invalid
+              memory free.
+
+              fitstopnm: fix invalid memory reference (nonterminated ASCIIZ
+              string).
+
 22.09.24 BJH  Release 10.86.35
 
               pnmindex: fix shell injection vulnerabilities.  Broken since
diff --git a/version.mk b/version.mk
index bff791a6..013a10a9 100644
--- a/version.mk
+++ b/version.mk
@@ -1,3 +1,3 @@
 NETPBM_MAJOR_RELEASE = 10
 NETPBM_MINOR_RELEASE = 86
-NETPBM_POINT_RELEASE = 35
+NETPBM_POINT_RELEASE = 36
-- 
cgit 1.4.1