mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

IDAT read buffering correction

Browse Source 
The sequential read code failed to read to the end of the IDAT stream in about
1/820 cases, resulting in a spurious warning.  The
png_set_compression_buffer_size API also would not work (or do bad things) if
the size of a zlib uInt was less than 32 bits.

This includes a quiet API change to alter png_set_compression_buffer_size to use
a png_alloc_size_t, not png_size_t and implement the correct checks.

Signed-off-by: John Bowler <jbowler@acm.org>
This commit is contained in:
John Bowler
2016-01-10 13:51:29 -08:00
parent e393f19527
commit 1afbb57994
5 changed files with 37 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pngset.c
View File

@@ -1596,16 +1596,17 @@ png_set_rows(png_const_structrp png_ptr, png_inforp info_ptr,
#endif
void PNGAPI
png_set_compression_buffer_size(png_structrp png_ptr, png_size_t size)
png_set_compression_buffer_size(png_structrp png_ptr, png_alloc_size_t size)
{
if (png_ptr == NULL)
return;
if (size == 0 || size > PNG_UINT_31_MAX)
if (size == 0 ||
size > (png_ptr->read_struct ? ZLIB_IO_MAX : PNG_UINT_31_MAX))
png_error(png_ptr, "invalid compression buffer size");
# if (defined PNG_SEQUENTIAL_READ_SUPPORTED) || defined PNG_WRITE_SUPPORTED
png_ptr->IDAT_size = (uInt)/*SAFE*/size;
png_ptr->IDAT_size = (png_uint_32)/*SAFE*/size;
# endif /* SEQUENTIAL_READ || WRITE */
}