mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng17] Handle zero-length PLTE chunk or NULL palette with png_error()

Browse Source 
instead of png_chunk_report(), which by default issues a warning
rather than an error, leading to later reading from a NULL pointer
(png_ptr->palette) in png_do_expand_palette().
This commit is contained in:
Glenn Randers-Pehrson
2013-12-15 08:47:52 -06:00
parent 3adf438f39
commit 1faa6ff32c
4 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
ANNOUNCE
View File

@@ -1,5 +1,5 @@
Libpng 1.7.0beta24 - December 14, 2013 Libpng 1.7.0beta24 - December 15, 2013
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@@ -437,7 +437,7 @@ Version 1.7.0beta23 [November 24, 2013]
This reverts to the previous 'static' implementation and works round This reverts to the previous 'static' implementation and works round
the 'unused static function' warning by using PNG_UNUSED(). the 'unused static function' warning by using PNG_UNUSED().
Version 1.7.0beta24 [December 14, 2013] Version 1.7.0beta24 [December 15, 2013]
Removed or marked PNG_UNUSED some harmless "dead assignments" reported Removed or marked PNG_UNUSED some harmless "dead assignments" reported
by clang scan-build. by clang scan-build.
Changed tabs to 3 spaces in png_debug macros and changed '"%s"m' Changed tabs to 3 spaces in png_debug macros and changed '"%s"m'
@@ -456,6 +456,10 @@ Version 1.7.0beta24 [December 14, 2013]
segment of the DLL by 1208 bytes, about 0.6%. It also simplifies segment of the DLL by 1208 bytes, about 0.6%. It also simplifies
maintenance by removing the declarations from pngpriv.h and allowing maintenance by removing the declarations from pngpriv.h and allowing
easier changes to the internal interfaces. easier changes to the internal interfaces.
Handle zero-length PLTE chunk or NULL palette with png_error()
instead of png_chunk_report(), which by default issues a warning
rather than an error, leading to later reading from a NULL pointer
(png_ptr->palette) in png_do_expand_palette().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

6
CHANGES
View File

@@ -4726,7 +4726,7 @@ Version 1.7.0beta23 [November 24, 2013]
This reverts to the previous 'static' implementation and works round This reverts to the previous 'static' implementation and works round
the 'unused static function' warning by using PNG_UNUSED(). the 'unused static function' warning by using PNG_UNUSED().
Version 1.7.0beta24 [December 14, 2013] Version 1.7.0beta24 [December 15, 2013]
Removed or marked PNG_UNUSED some harmless "dead assignments" reported Removed or marked PNG_UNUSED some harmless "dead assignments" reported
by clang scan-build. by clang scan-build.
Changed tabs to 3 spaces in png_debug macros and changed '"%s"m' Changed tabs to 3 spaces in png_debug macros and changed '"%s"m'
@@ -4745,6 +4745,10 @@ Version 1.7.0beta24 [December 14, 2013]
segment of the DLL by 1208 bytes, about 0.6%. It also simplifies segment of the DLL by 1208 bytes, about 0.6%. It also simplifies
maintenance by removing the declarations from pngpriv.h and allowing maintenance by removing the declarations from pngpriv.h and allowing
easier changes to the internal interfaces. easier changes to the internal interfaces.
Handle zero-length PLTE chunk or NULL palette with png_error()
instead of png_chunk_report(), which by default issues a warning
rather than an error, leading to later reading from a NULL pointer
(png_ptr->palette) in png_do_expand_palette().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

3
pngrtran.c
View File

@@ -1839,6 +1839,9 @@ png_read_transform_info(png_structrp png_ptr, png_inforp info_ptr)
info_ptr->bit_depth = 8; info_ptr->bit_depth = 8;
info_ptr->num_trans = 0; info_ptr->num_trans = 0;
if (png_ptr->palette == NULL)
png_error (png_ptr, "Palette is NULL in indexed image");
} }
else else
{ {

2
pngset.c
View File

@@ -528,7 +528,7 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
# endif # endif
)) ))
{ {
png_chunk_report(png_ptr, "Invalid palette", PNG_CHUNK_ERROR); png_error(png_ptr, "Invalid palette");
return; return;
} }