From 167b5e4c279099d43a2dcb9593bf061b93a87e11 Mon Sep 17 00:00:00 2001 From: "Robert C. Seacord" Date: Mon, 17 Aug 2015 21:20:34 -0500 Subject: [PATCH] [libpng16] Safely convert num_bytes to a png_byte in png_set_sig_bytes() --- ANNOUNCE | 2 ++ CHANGES | 2 ++ png.c | 6 ++++-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 5f389a3cd..d0af1be35 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -55,6 +55,8 @@ Version 1.6.19beta02 [August 18, 2015] on a 16-bit system. It also adds back various switch default clauses for GCC; GCC errors out if they are not present (with an appropriately high level of warnings). + Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert + Seacord). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 8cc524d63..8eb80ae2b 100644 --- a/CHANGES +++ b/CHANGES @@ -5335,6 +5335,8 @@ Version 1.6.19beta02 [August 18, 2015] on a 16-bit system. It also adds back various switch default clauses for GCC; GCC errors out if they are not present (with an appropriately high level of warnings). + Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert + Seacord). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/png.c b/png.c index 47b9e2deb..c57b071a9 100644 --- a/png.c +++ b/png.c @@ -26,15 +26,17 @@ typedef png_libpng_version_1_6_19beta02 Your_png_h_is_not_version_1_6_19beta02; void PNGAPI png_set_sig_bytes(png_structrp png_ptr, int num_bytes) { + unsigned int nb = (unsigned int)num_bytes; + png_debug(1, "in png_set_sig_bytes"); if (png_ptr == NULL) return; - if (num_bytes > 8) + if (nb > 8) png_error(png_ptr, "Too many bytes for PNG signature"); - png_ptr->sig_bytes = (png_byte)((num_bytes < 0 ? 0 : num_bytes) & 0xff); + png_ptr->sig_bytes = (png_byte)nb; } /* Checks whether the supplied bytes match the PNG signature. We allow