mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng15] Imported from libpng-1.5.9rc01.tar

Browse Source
This commit is contained in:
Glenn Randers-Pehrson
2012-02-17 13:30:33 -06:00
parent a08f60352c
commit 0207529f27
29 changed files with 109 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
pngrutil.c
View File

@@ -1,8 +1,8 @@
/* pngrutil.c - utilities to read a PNG file
*
* Last changed in libpng 1.5.7 [December 15, 2011]
* Copyright (c) 1998-2011 Glenn Randers-Pehrson
* Last changed in libpng 1.5.9 [(PENDING RELEASE)]
* Copyright (c) 1998-2012 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
*
@@ -432,15 +432,18 @@ png_decompress_chunk(png_structp png_ptr, int comp_type,
/* Now check the limits on this chunk - if the limit fails the
* compressed data will be removed, the prefix will remain.
*/
if (prefix_size >= (~(png_size_t)0) - 1 ||
expanded_size >= (~(png_size_t)0) - 1 - prefix_size
#ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
if (png_ptr->user_chunk_malloc_max &&
|| (png_ptr->user_chunk_malloc_max &&
(prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1))
#else
# ifdef PNG_USER_CHUNK_MALLOC_MAX
if ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
|| ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1)
# endif
#endif
)
png_warning(png_ptr, "Exceeded size limit while expanding chunk");
/* If the size is zero either there was an error and a message
@@ -448,12 +451,7 @@ png_decompress_chunk(png_structp png_ptr, int comp_type,
* and we have nothing to do - the code will exit through the
* error case below.
*/
#if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \
defined(PNG_USER_CHUNK_MALLOC_MAX)
else if (expanded_size > 0)
#else
if (expanded_size > 0)
#endif
{
/* Success (maybe) - really uncompress the chunk. */
png_size_t new_size = 0;
@@ -1279,7 +1277,7 @@ png_handle_iCCP(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_free(png_ptr, png_ptr->chunkdata);
png_ptr->chunkdata = (png_charp)png_malloc(png_ptr, length + 1);
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, skip))
@@ -1429,7 +1427,7 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
* that the PNG_MAX_MALLOC_64K test is enabled in this case, but this is a
* potential breakage point if the types in pngconf.h aren't exactly right.
*/
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, skip))
@@ -1956,7 +1954,7 @@ png_handle_pCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, 0))
@@ -2105,7 +2103,7 @@ png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
png_ptr->chunkdata[slength] = 0x00; /* Null terminate the last string */
@@ -2265,7 +2263,7 @@ png_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, skip))
@@ -2373,7 +2371,7 @@ png_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, 0))
@@ -2504,7 +2502,7 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
slength = (png_size_t)length;
slength = length;
png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength);
if (png_crc_finish(png_ptr, 0))