diff --git a/contrib/gregbook/readpng.c b/contrib/gregbook/readpng.c index e6a01c6f7..fad9b536a 100644 --- a/contrib/gregbook/readpng.c +++ b/contrib/gregbook/readpng.c @@ -4,7 +4,7 @@ --------------------------------------------------------------------------- - Copyright (c) 1998-2007 Greg Roelofs. All rights reserved. + Copyright (c) 1998-2007,2017 Greg Roelofs. All rights reserved. This software is provided "as is," without warranty of any kind, express or implied. In no event shall the author or contributors diff --git a/contrib/gregbook/readpng2.c b/contrib/gregbook/readpng2.c index 4d5e38fe2..5d13e1530 100644 --- a/contrib/gregbook/readpng2.c +++ b/contrib/gregbook/readpng2.c @@ -55,6 +55,7 @@ Changelog: 2015-11-12 - Check return value of png_get_bKGD() (Glenn R-P) + 2017-04-22 - Guard against integer overflow (Glenn R-P) ---------------------------------------------------------------------------*/ diff --git a/contrib/gregbook/readppm.c b/contrib/gregbook/readppm.c index 3a41f3e1d..52e702777 100644 --- a/contrib/gregbook/readppm.c +++ b/contrib/gregbook/readppm.c @@ -9,7 +9,7 @@ --------------------------------------------------------------------------- - Copyright (c) 1998-2007 Greg Roelofs. All rights reserved. + Copyright (c) 1998-2007,2017 Greg Roelofs. All rights reserved. This software is provided "as is," without warranty of any kind, express or implied. In no event shall the author or contributors diff --git a/contrib/gregbook/rpng-win.c b/contrib/gregbook/rpng-win.c index 313beaff1..4254c17ef 100644 --- a/contrib/gregbook/rpng-win.c +++ b/contrib/gregbook/rpng-win.c @@ -24,10 +24,11 @@ - 1.10: enabled "message window"/console (thanks to David Geldreich) - 2.00: dual-licensed (added GNU GPL) - 2.01: fixed improper display of usage screen on PNG error(s) + - 2.02: check for integer overflow (Glenn R-P) --------------------------------------------------------------------------- - Copyright (c) 1998-2008 Greg Roelofs. All rights reserved. + Copyright (c) 1998-2008, 2017 Greg Roelofs. All rights reserved. This software is provided "as is," without warranty of any kind, express or implied. In no event shall the author or contributors diff --git a/contrib/gregbook/rpng-x.c b/contrib/gregbook/rpng-x.c index ddd7c58d6..92effaa6d 100644 --- a/contrib/gregbook/rpng-x.c +++ b/contrib/gregbook/rpng-x.c @@ -28,10 +28,11 @@ - 2.01: fixed improper display of usage screen on PNG error(s) - 2.02: Added "void(argc);" statement to quiet pedantic compiler warnings about unused variable (GR-P) + - 2.03: check for integer overflow (Glenn R-P) --------------------------------------------------------------------------- - Copyright (c) 1998-2008 Greg Roelofs. All rights reserved. + Copyright (c) 1998-2008, 2017 Greg Roelofs. All rights reserved. This software is provided "as is," without warranty of any kind, express or implied. In no event shall the author or contributors diff --git a/contrib/gregbook/rpng2-win.c b/contrib/gregbook/rpng2-win.c index 8720bb011..ed6b526ec 100644 --- a/contrib/gregbook/rpng2-win.c +++ b/contrib/gregbook/rpng2-win.c @@ -33,12 +33,11 @@ - 2.02: fixed improper display of usage screen on PNG error(s); fixed unexpected-EOF and file-read-error cases - 2.03: removed runtime MMX-enabling/disabling and obsolete -mmx* options - - 2.04: - (GR-P) + - 2.04: check for integer overflow (Glenn R-P) --------------------------------------------------------------------------- - Copyright (c) 1998-2008 Greg Roelofs. All rights reserved. + Copyright (c) 1998-2008, 2017 Greg Roelofs. All rights reserved. This software is provided "as is," without warranty of any kind, express or implied. In no event shall the author or contributors diff --git a/contrib/gregbook/rpng2-x.c b/contrib/gregbook/rpng2-x.c index 2585203b4..af944c0f2 100644 --- a/contrib/gregbook/rpng2-x.c +++ b/contrib/gregbook/rpng2-x.c @@ -44,9 +44,11 @@ - 2.04: Added "void(foo);" statements to quiet pedantic compiler warnings about unused variables (GR-P) - 2.05: Use nanosleep() instead of usleep(), which is deprecated (GR-P). + - 2.06: check for integer overflow (Glenn R-P) --------------------------------------------------------------------------- - Copyright (c) 1998-2010, 2014-2015 Greg Roelofs. All rights reserved. + Copyright (c) 1998-2010, 2014-2015, 2017 Greg Roelofs. All rights + reserved. This software is provided "as is," without warranty of any kind, express or implied. In no event shall the author or contributors diff --git a/contrib/gregbook/wpng.c b/contrib/gregbook/wpng.c index 3b5b8118d..a8f367fb8 100644 --- a/contrib/gregbook/wpng.c +++ b/contrib/gregbook/wpng.c @@ -29,6 +29,7 @@ - 1.04: fixed DOS/OS2/Win32 detection, including partial Cygwin fix (see http://home.att.net/~perlspinr/diffs/GregBook_cygwin.diff) - 2.00: dual-licensed (added GNU GPL) + - 2.01: check for integer overflow (Glenn R-P) [REPORTED BUG (win32 only): "contrib/gregbook/wpng.c - cmd line dose not work! In order to do something useful I needed to redirect @@ -38,7 +39,7 @@ --------------------------------------------------------------------------- - Copyright (c) 1998-2007 Greg Roelofs. All rights reserved. + Copyright (c) 1998-2007, 2017 Greg Roelofs. All rights reserved. This software is provided "as is," without warranty of any kind, express or implied. In no event shall the author or contributors @@ -705,14 +706,15 @@ int main(int argc, char **argv) ulg image_bytes; /* Guard against integer overflow */ - if (wpng_info_height > ((size_t)(-1)/rowbytes) { + if (wpng_info_height > ((size_t)(-1)/rowbytes || + wpng_info_height > ((ulg)(-1)/rowbytes) { fprintf(stderr, PROGNAME ": image_data buffer too large\n"); writepng_cleanup(&wpng_info); wpng_cleanup(); exit(5); } - image_bytes = rowbytes * wpng_info.height; /* overflow? */ + image_bytes = rowbytes * wpng_info.height; wpng_info.image_data = (uch *)malloc(image_bytes); wpng_info.row_pointers = (uch **)malloc(wpng_info.height*sizeof(uch *)); diff --git a/contrib/gregbook/writepng.c b/contrib/gregbook/writepng.c index c5c953479..055c74374 100644 --- a/contrib/gregbook/writepng.c +++ b/contrib/gregbook/writepng.c @@ -4,7 +4,7 @@ --------------------------------------------------------------------------- - Copyright (c) 1998-2007 Greg Roelofs. All rights reserved. + Copyright (c) 1998-2007, 2017 Greg Roelofs. All rights reserved. This software is provided "as is," without warranty of any kind, express or implied. In no event shall the author or contributors diff --git a/contrib/pngminus/png2pnm.c b/contrib/pngminus/png2pnm.c index 4f01a5ebd..c9f16237d 100644 --- a/contrib/pngminus/png2pnm.c +++ b/contrib/pngminus/png2pnm.c @@ -3,6 +3,7 @@ * copyright (C) 1999 by Willem van Schaik * * version 1.0 - 1999.10.15 - First version. + * 1.1 - 2017.04.22 - Add buffer-size check (Glenn Randers-Pehrson) * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, diff --git a/contrib/pngminus/pnm2png.c b/contrib/pngminus/pnm2png.c index 7346d57a7..adc32069d 100644 --- a/contrib/pngminus/pnm2png.c +++ b/contrib/pngminus/pnm2png.c @@ -4,6 +4,7 @@ * * version 1.0 - 1999.10.15 - First version. * version 1.1 - 2015.07.29 - Fixed leaks (Glenn Randers-Pehrson) + * version 1.2 - 2017.04.22 - Add buffer-size check * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, diff --git a/contrib/visupng/PngFile.c b/contrib/visupng/PngFile.c index dde2a421d..d46318f44 100644 --- a/contrib/visupng/PngFile.c +++ b/contrib/visupng/PngFile.c @@ -2,7 +2,7 @@ * PNGFILE.C -- Image File Functions *------------------------------------- * - * Copyright 2000, Willem van Schaik. + * Copyright 2000,2017 Willem van Schaik. * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer diff --git a/contrib/visupng/VisualPng.c b/contrib/visupng/VisualPng.c index 03b3d8539..20e1625fa 100644 --- a/contrib/visupng/VisualPng.c +++ b/contrib/visupng/VisualPng.c @@ -2,7 +2,7 @@ * VisualPng.C -- Shows a PNG image *------------------------------------ * - * Copyright 2000, Willem van Schaik. + * Copyright 2000,2017 Willem van Schaik. * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer