[libpng15] Validate time settings passed to pngset()

and png_convert_to_rfc1123(). (Frank Busse).
2025-07-10 18:04:09 +02:00 · 2011-11-19 15:08:04 -06:00
parent bd2fa5def6
commit 29fca795b9
4 changed files with 31 additions and 9 deletions
--- a/pngset.c
+++ b/pngset.c
@@ -864,6 +864,15 @@ png_set_tIME(png_structp png_ptr, png_infop info_ptr, png_const_timep mod_time)
       (png_ptr->mode & PNG_WROTE_tIME))
      return;

+   if (mod_time->month == 0   || mod_time->month > 12  ||
+       mod_time->day   == 0   || mod_time->day   > 31  ||
+       mod_time->hour  > 23   || mod_time->minute > 59 ||
+       mod_time->second > 60)
+   {
+      png_warning(png_ptr, "Ignoring invalid time value");
+      return;
+   }
+
   png_memcpy(&(info_ptr->mod_time), mod_time, png_sizeof(png_time));
   info_ptr->valid |= PNG_INFO_tIME;
 }