From 2ea11e22358edda8d3f846f183b97f8395593410 Mon Sep 17 00:00:00 2001
From: John Bowler <jbowler@acm.org>
Date: Tue, 16 Jan 2024 14:59:02 -0800
Subject: [PATCH] Palette index checking fixes

The palette index checking function is called by default but only if
some *other* transformation is happening.  This makes the 'get palette
max' public API disfunctional (sometimes it works, sometimes it returns
0) and causes the supposed default behaviour of checking the palette
index only to work sometimes.  It works in pngtest, it doesn't work in
pngcp.

The check in pngread also has an off-by-one error; the number recorded
is the highest index found so it should be checked to ensure that it is
less than the palette length but it was checked for being greater.

The pull request includes a set of 8 files which all have the full range
of possible indices including one (the highest) which is invalid because
the PLTE chunk is one short of the maximum for each bit depth.

Signed-off-by: John Bowler <jbowler@acm.org>
---
 contrib/testpngs/badpal/small-palette-1.png | Bin 0 -> 271 bytes
 contrib/testpngs/badpal/small-palette-2.png | Bin 0 -> 277 bytes
 contrib/testpngs/badpal/small-palette-4.png | Bin 0 -> 315 bytes
 contrib/testpngs/badpal/small-palette-8.png | Bin 0 -> 1035 bytes
 contrib/testpngs/badpal/test-palette-1.png  | Bin 0 -> 432 bytes
 contrib/testpngs/badpal/test-palette-2.png  | Bin 0 -> 499 bytes
 contrib/testpngs/badpal/test-palette-4.png  | Bin 0 -> 591 bytes
 contrib/testpngs/badpal/test-palette-8.png  | Bin 0 -> 2731 bytes
 pngread.c                                   |   4 ++--
 9 files changed, 2 insertions(+), 2 deletions(-)
 create mode 100644 contrib/testpngs/badpal/small-palette-1.png
 create mode 100644 contrib/testpngs/badpal/small-palette-2.png
 create mode 100644 contrib/testpngs/badpal/small-palette-4.png
 create mode 100644 contrib/testpngs/badpal/small-palette-8.png
 create mode 100644 contrib/testpngs/badpal/test-palette-1.png
 create mode 100644 contrib/testpngs/badpal/test-palette-2.png
 create mode 100644 contrib/testpngs/badpal/test-palette-4.png
 create mode 100644 contrib/testpngs/badpal/test-palette-8.png

diff --git a/contrib/testpngs/badpal/small-palette-1.png b/contrib/testpngs/badpal/small-palette-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..7e9dbfd095b3b7be8eca6022373724914d7f9005
GIT binary patch
literal 271
zcmeAS@N?(olHy`uVBq!ia0vp^OhC-Y$P6UUy?J{QNHGWagt-1^V32&oX%6HXmbgZg
zIOi8s7G<VqlrXGRFfuSS)&UZxK*GpG!7D!_Pr<n~FE2AMJtHw!!70ByC$&f`tn(jG
zb4g}MM2Syka%x^NP?~{}AvKSIf#bSvk1t=df<Wu~PmdU7cIQs75Nw(5rNq;?k=uVg
zXKcN_b~4vJiA1j3omF}6TphD&wN~U5^xnJFUodO)w7&MuB}qkj2eadr@t1ABbzkY>
z`?iJWZtXMbOV$vded_WFUSlJzrW-TXssZii@^o<w;kcfBf{}qCk0CeW!`l@=Q3g*}
KKbLh*2~7ZlLtRV&

literal 0
HcmV?d00001

diff --git a/contrib/testpngs/badpal/small-palette-2.png b/contrib/testpngs/badpal/small-palette-2.png
new file mode 100644
index 0000000000000000000000000000000000000000..6629164d70975e601b046829b848cac5a0e66471
GIT binary patch
literal 277
zcmeAS@N?(olHy`uVBq!ia0vp^EI`c2#0(@`f}Y0#Db4_&5ZC|z|2H&%aQZ@(1fZZ{
ziEBiObACZ(QD%BZ3ByVSBLhQY9Ux%}B#cZHyz(>h6r4-*@-p+%GZJ$Zobt<aQj4_0
zI{yJRmt=-Sl=x&Or{)y{r5P9*Qu7!XIIipV`0_O?2(+&M^oUVrckc8G!ItS>N<57l
zx&7C3#@5?wCv)ACNaVWRS(WF`)iJA9Yeh~$@4ZX?1+z9!>ucX!l2nv;FgtD;f7#|+
z_mv*LZ(Dfo);^=YWDW7zr!Jr1H8#>}x-ny|8qj_&PZ!4!j_b)2*ccdO8Dvzd-X;S@
O89ZJ6T-G@yGywn%Bw&dE

literal 0
HcmV?d00001

diff --git a/contrib/testpngs/badpal/small-palette-4.png b/contrib/testpngs/badpal/small-palette-4.png
new file mode 100644
index 0000000000000000000000000000000000000000..7401dc70b1f56da59b1d07031617557084b82e5f
GIT binary patch
literal 315
zcmeAS@N?(olHy`uVBq!ia0vp^0zk~j!VDx;!;N!*lx~1ei0l9V|M&0z-_Y>i!2!hD
zKYxEi!+wVZkPwgs1P)-i{Ru$Y!SiHKEKs9iiEBiObACZ(QD%BZ3ByVSBLhQY9Ux%}
zB#cZHyz(>h6r4-*@-p+%GZJ$Zobt<aQj4_0I{yJRmt=-Sl=x&Or{)y{r5P9*Qu7!X
zIIipV`0_O?2(+&M^oUVrckc8G!ItS>N<57lx&7C3#@5?wCv)ACNaVWRS(WF`)iJA9
zYeh~$@4ZX?1+z9!>ucX!l2nv;FgtD;f7#|+_mv*LZ(Dfo);^=YWDW7zr!Jr1H8#>}
sx-ny|8qj_oPZ!4!j_b)OAx#Vn%$FEGp3Lbu4-{wcboFyt=akR{03LI9OaK4?

literal 0
HcmV?d00001

diff --git a/contrib/testpngs/badpal/small-palette-8.png b/contrib/testpngs/badpal/small-palette-8.png
new file mode 100644
index 0000000000000000000000000000000000000000..a45338713146ab5b5a5a18cd5fdd3e7165e13531
GIT binary patch
literal 1035
zcmW+#!E0Pa7=NiCb!~J!S)`Pq2a&kKBvmN6IJO(QDK!ofmOVt7ZZ`A<w=cu`T-PP7
zldS8ytlOake5FemBw$=nhmb=K3l1Ja#e)Ox!BU|^{09cat3KyBhmT?Ao8SDt-}n1^
zWa;X3?xkE11k;Pf!n;8*<+s7q>8E^ry2}@W;M70l`tm}Wrp~3-rpBaNr%I(#rb48g
zr;MePri7#zrwFAGrT}Ew?!?)NGsjLJIW=-}=)}Nr?pWQ?sv{+biw?~@n0MfO2JI%+
zKD1_RwX$l@%EXGk<=nE^($JC>i-|=A3olua&v>|FW5>oE7`<=Qu8})N^bF^QH4Lp8
zQZcw}(2{`#1LiZ*?nqmu&A!%Bt3*qoMOSmKSyNM{NvJW^sH`E;pqN$YM#}Cfv#WHX
z)IBBpN^}(GinSDt6^RrM6{;w>qChE=!wscPq}h>LNY$6JD@9v!F4?A}O-W*jnM5@S
zLkX&xc5WbSUzncIU7<QcwuRUdoC|hG&`m*F0yhO}2p9`c&xH2cc{zNAp0wxTp?$Vr
zjC0C4;T&_0IES2r|GVPq%*M<#m~JxFVsev-J3g1OEk@gnbQtb3)MK#Ez#wa(t5O?M
zQ=^(u6;s)yV$%at)~2*eNuOdt(GG<P1;ec0u0-q#F%_aiq9P(=B3hmWVI4yIgxn)I
zA!wJtJpx9VIb0E2f=wA~idBdu!=mXaW7fq~V3J@gG1|vaVQ`c=$;~5MKxPT)GEx;J
zYe+PFeTelC-9cm*;eCV-5F8_LoY~Ihp}ho60crx(3X~xfu@?ifKBNgGdk`y##t=S)
zV3K*%od-4#%skLVph`eifv9`s02=^01Y`v85kSWPPQZ7M;+~&}*?6HGU)f-v)Yor@
zaWH~&X!c^>hc|qfdmUce2qSpqqbORBZiY8*!OI&T*VgJYrQW~(alF1<j<2t;u0<dE
zYd>adQ4pN|{k1ROey$BcNB#BZ)VcAkr1`>U$+Zh-who?sM?Lf2r*FQxntO8gM(&SZ
zE4rHd;=%2iZ)<Gu<Tt?{9Da4Tdl*;h(N7<||IPD_!^if*iTnKPUmyQCcX#!b7l*%0
xexANKH?#fd{`W8Y|IaKI-da98S*@Ns34-nIsZ+DJ|Gw|fgT;lV!Vj0}_J10t>cap4

literal 0
HcmV?d00001

diff --git a/contrib/testpngs/badpal/test-palette-1.png b/contrib/testpngs/badpal/test-palette-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..614fd97bba7a550cdbec9847ddb01c556afd54f4
GIT binary patch
literal 432
zcmeAS@N?(olHy`uVBq!ia0vp^4j|0P3?wHke>@jRF$egBxc+BgkbJ~x4&)k^xJHyX
z=ND8KWu|A8FsxKCGB7mO0TQM_!pKCyD?cMo!MQXqFEcMaBQaOODZe}?wMZ+h^B+)i
zNoGhyiBD#7YF;r=nt_oaHIIRT<GOB-FJH5QK<oNXj~Hck=T5H>Y?<z*#M8Ku+kZW0
zY`wj9GS@wcM6TPNReA1Q9kXh+R^$})-n-OaFl+O)zV^)}Nkw@Fv*VWWmu<dvU+Lld
zwuR?z?KA32))1e4>hcL*V<WAm8#C6b0qtMy>EaloG0}I@LEgg(0xZ3M9=sINIJ(p^
zQ?pg*(--BW#i!@BeULg?VNqt;w?EYF&`+-w#t*C1x2Qk-r}Aa0!cw<QFQ(|Mn&dh?
zC2+FNF4gW`TY{1UIVG+|gfK5N72DcyT&lb3fR}GaS7L<lqO2L$T2@HPWjkHr&1Rl|
z<IH;w%O+>ZWd36-c+QvZPzYCJNxJDMD4Qsx-x$oeG~lvcpO)tIU9Wu}cz*Dxd(FM-
X^mopLawjjKvl%>H{an^LB{Ts5Eh(oV

literal 0
HcmV?d00001

diff --git a/contrib/testpngs/badpal/test-palette-2.png b/contrib/testpngs/badpal/test-palette-2.png
new file mode 100644
index 0000000000000000000000000000000000000000..a7e996464bf4e47c5870b64c1a1f5cbeff2198fd
GIT binary patch
literal 499
zcmeAS@N?(olHy`uVBq!ia0vp^4j|0L3?#3!&-4XSoB=)|uK)l4Z)gDF^o1%3KtaP2
z*N775{DR7&%=C;BhLs9N28PBuK*AJA7?~(|<!9t6IG5(-W#*-4B<3nO<(KEA7HNfb
z{sU?*$qb1o@ySe1%_{~<GcYow<}omET-WXK<!e?DXkGv55u?oR-02m9Ez`Y}cp5iy
z`>*GWt+&@s=DH`5$aTB3D$kv(V^*!!ikyPpdzbnPW^JC<*S@(VsVMJYcHA=lvdy>d
zD?NPQw(#7oeMWuB8sf80T|U8UY^2q6W5!xFp#3jAT^vI!dQ-1#6g*_W!+OF0Ajg}-
z93l=7s-sEpM!TSfK>AB>zjwO}Wa2+1MF%nD_}%>`k!#)d{Pqie!;R91PuG4qKBJ?3
zegBT0-zsOMJP)mz2%#n@Nog*c2qx4z7H}$MG;z#QX!2A+AXY&RF&71ekADOhJFidY
z@YqxD;&5m#hsO?KM$U32g@=ADt|CoJT#kaRFIx5}t*8kTSM#2J_T;y(4No|pPEh5M
z(%@Xm5`D>0*e%FwlHaAGsXHd!n)D|~F32G&DX1lAS<s27SD%a{{_FkwxA?2u4C`B>
QKtD5hy85}Sb4q9e0P*9)G5`Po

literal 0
HcmV?d00001

diff --git a/contrib/testpngs/badpal/test-palette-4.png b/contrib/testpngs/badpal/test-palette-4.png
new file mode 100644
index 0000000000000000000000000000000000000000..39853bfce9a6d4095b7e26e66f216e54769cb890
GIT binary patch
literal 591
zcmeAS@N?(olHy`uVBq!ia0vp^4j|0J3?w7mbKU|e-2k5u*Z=?j@8AEwq2a%S1BkVM
z{{DuB{SFBrAs`C~9Kdq>6M(dX=gFQ}phm+I*N775{DR7&%=C;BhLs9N28PBuK*AJA
z7?~(|<!9t6IG5(-W#*-4B<3nO<(KEA7HNfb{sU?*$qb1o@ySe1%_{~<GcYow<}omE
zT-WXK<!e?DXkGv55u?oR-02m9Ez`Y}cp5iy`>*GWt+&@s=DH`5$aTB3D$kv(V^*!!
zikyPpdzbnPW^JC<*S@(VsVMJYcHA=lvdy>dD?NPQw(#7oeMWuB8sf80T|U8UY^2q6
zW5!xF1_nk2PZ!4!kIvR>7b6cDNVGnD%+|)sAuV8Lke6`dzz)V#=GSc3c-Kfrm@UY2
zxZALc@xj;f;;OsPb7%jtTz)Aw;z;PNC&z=ba{sN5@~%9^pD8>2VO$W0;j$^knzw&l
zdJ{i8wpLH|`IICcN0wXDSQ@seIySU0?AhBa(6EkKks+4diN%BCz;SgB#uwEBOc%Z@
zxHPnIOb}>TpD(~<z@xyDAmPx#z{zMK<H&KqqDi2kkVTP6h2_C>7AJ;foGlDK!W@DM
ziVXYHfvV2~RnKz-ss6FML7?HaXv_YCc8B&a`R%hipls#ew4HCaF(<p9<6kRVU0(3!
z;^y}2^7Y~hW=%OAKP5^WvlicI+qs@OTw~j$oRvSLN{(i&zBz68Z`&P=i+x|;cy(ig
RDKM@WJYD@<);T3K0RT&1?}`8b

literal 0
HcmV?d00001

diff --git a/contrib/testpngs/badpal/test-palette-8.png b/contrib/testpngs/badpal/test-palette-8.png
new file mode 100644
index 0000000000000000000000000000000000000000..20f0b52688d3415dcbcf19e03393bd7a3aad80e9
GIT binary patch
literal 2731
zcmXxl3sBT%9suwKMG-{e489+vj!G+dM5W@3ZY(f>pyVt9SFuEp0}fomx&k7wL4*|-
zOewbOi8N<Xkb;d$M^w&6#9eStjTRls%hYm?ZMDr|?*!|zx$l27x3lvn^CiFk<NLBh
zCABTW%VWNWMx*hHiVWMX(YT;X7mfQQ^e3w|F;1g#ouFdk!c|pO6jhd0Nm4~o6$F*%
zRgP0xR%IBKrd5hkNm3;U6~|Q!gQt}zirlM6Rz+-Agl2`WQ@Cn{WfexR(0ddrULhkD
zVuOMQDA;01t@O%rw=8wYq96+mGH;PNv&^zGW02_#nM#sLN+!Z&e4UI1Kp%=#k~<{n
zq9is+LcPS-N?fJHvJ#Ug(b*D}B9Vy_u}#9mBy0mTt+b1>AWBW5$cutS<T;Tui7YEJ
z1tQIeRE9{>B9SQKl!!&bgi5m@HwaR_AX)^WM&Qi?S1z!uz!VC!L7;R3nIRA<0-hvb
z@vt3A9WPsWsg@TxUNG~#iRa3AmgSiuo-W`i15YwMk<H^7Jhlh+PO0W(GbdGYqKOmA
zIlheJN;#J0m=caI;;2H7EZ~Sd4mWU^9yS{79oh~wA!-`+fl{NV(T8DKnq?`LC0UkW
zS)66D|DB4WXJi8-<uPIbBNQ@x5yO?BXBnoHq01PmoFPpNQOV$D2CIf6RQAwv1}$aN
zB0~!XnlGTaB9xeB%4pg|Q)ZgvXrh+JEi_gK=dHw3auOw_P+|rp=qTPmafPT0iYcdP
zGey-<q=h2tDZGKgn&IV8B1xGdr9@JsNg;#e8ImhNEt8Ciq&bqZkR(qMO(ZUmSUbE)
z$_7FXBcyGFm`DgI1fNZCd1yX@sU+xHf~qITCW5#~;2i{Jh1X6Az~yzg6o!iwE+pZ6
z2F@AKX5fq&r!6?ufRh4Fbl`Y5j`hMjsw~Fj08H9|iIJEPkMVmjPLFmDW2!N_4x^ee
zvK=F=7~YGuerKpezlT+Z@I*ss4s$@CnVw<LG~=s@RciuJco&7$LHL%O3>_Z2U#H8|
zrDyEki@%?fpPi;(5nt&<*pL~QXo$&7P1Ef|x6w~5O{dYg_pPkjI-?B7%7vFdxGe10
zYbls{*s^8G^wNu-vBI=nMy-FU$K$!XJq9ZabrBv%P8P2?m(5f^{+44-wtaTY)MiN0
z>pHVOYV^))8<3YgQ7TT~8~A4RvDCNc)Y*G`yw<E<ap=1f=a*|VQ(B|KHpdm5`eisZ
zzka7r#gnGY`{$wtmR9!$MGaobUC?)V@8JKxsi*i{W8yQvp}x8O{cno<PJUqDQ`7&g
zePFryeEs#Z)Of#iOLqUR;h}v61%(IRjQ{@n+4P=SbA3*2jD7s^{R{s((sQop!K#b7
zqthy1doEqpbf)oax=%pdmB<Gv*68B_JFdm_>!13^wZ>iD^5`#*vL3eX=-4(~_@4zq
z*$=No_5S(p&abl{UE4aC_sd4Zi-%XE`*gzx|NY`oN32{j@n-D#U{k*EdC0Z==L2W=
zH62?t(4IBexWDDIl_!I<2F~O*RCxW|*Rr!I@BGPkzf5TP@T~sq(OGtj|IS83^C!!W
z&hh{740HO>yq_|g-?<&-_R??pt!}F=?3wv!mAkj6*X=sLe1@XGVoy0szIpHQN1rcV
zKQx@wmcB1H&;Ij|bWVDm)iz*X-4?$5!NjB~_gxwFM(G9id*|jd+NE=%Y-*S5p*N=K
zrEZhQycc<Ry8r6CcKU2=NL#cn0Ka0q<(^0~YEKP-KQ;hphyc)C1%O-R2_Sd|fRarB
zZcYYps}ev|Er41-08KFfV(Xy-zt#&t@dg04=>YEh6~Ld`0JNn8cy<SXR1X#SU~d4%
z_W*Rd0=QWYAlwYVJO_X!06^d_sE~XaW)O?k1F(7kuzw0*M+<<K1OR=l0EAsoA-Nr9
z5KBS;bWH(Zs|K*O4nSQnfc9(vIm1vvz6>*n#Tx;1&j4_*9>A^+03G=N#$EtWhM|Jo
z4l{^GEduHd7XY1Q076XwOx^&vg#dg*pn^6JW-vP79MoIW0Nkzx@Ie!RrdR;dDFA#3
zRM6(b3`QrMgL=~qfYl5j+5*552tY^zkbE5~h<PxBaRSakwRr)!TL)lgJAn2a0Ll;m
z`8re(^I-;~3g@79P6E(n0uaFg;Cun_n*eBwp@Q)h%%D2p98{|(fPYv3BnSY6WB~Ht
z0f@y=!8isps7^QswQDMXZVo^!4}jMK5Q_j9C!m7*3T99z;2hL$ZvYYxAXx+;8Ud&d
z0O|x(P{+JykNe&j*Sd^oCs(V%8ICz`jffr#)YP7FzRRY?Ryk`<jCzMx8v}F>^URUt
z>UpaE;dtMO&G%!%d8BI8bf!wXJl(N5YJ{`THzp2@kG!-cpCFv}s!>a0mAE$DVT~FQ
z?#(wI7#M&4o6VadN)A_yhQ?L-Hl#Z6Wg`)p^RzK{$8!s9-f=-CXBtOCcU1efWI5=x
zk%+7X+N9y}(cf)>iA0IDVl+CwD!DDy@x`){guU~`?7QRp5848gf=Zq?jz%X`CwF8y
zen=Zh$XOs3g-n{wzFBj8hUblmpSF~_eeVo9d()LMez~1?xuOlfeL*wCw=PZ8{2II6
z1;xO>IbbEZ65_eZuug3X(2RBa&p>HLd^}N_i$_aQnz`X!D9zU|J5hWu9OCgMyHU#R
zGZFPY%^>QXFc(qNJ3fep&T>WcEjuJQ@aa^v^4r_N=<c(40>!ER?r5dV#~s}*wY#Bs
z)klM(i+vi3>z{g~=zNK~FVVh6-HSpI>Ryg`j7ljh15v55PyA4tgLW7;<T%8AJ&RBr
zemVtFoxU8=gftWC`-L4=`u_>-{6SxV*3;Lc?#0?mur2ZHA$`L_NWb|NN}m(B5v6ah
zU5U~UuJA-Ly~Yc!d*-9`=hL9q_)CXTn&>o?%z5V$i>^J>4x#IqFWi1~s+!!|srn;r
Tm*dg@O-)qzwy>|>rw{!X#lb%;

literal 0
HcmV?d00001

diff --git a/pngread.c b/pngread.c
index 96996ced5..dc62df098 100644
--- a/pngread.c
+++ b/pngread.c
@@ -568,7 +568,7 @@ png_read_row(png_structrp png_ptr, png_bytep row, png_bytep dsp_row)
 #endif
 
 #ifdef PNG_READ_TRANSFORMS_SUPPORTED
-   if (png_ptr->transformations)
+   if (png_ptr->transformations || png_ptr->num_palette_max >= 0)
       png_do_read_transformations(png_ptr, &row_info);
 #endif
 
@@ -785,7 +785,7 @@ png_read_end(png_structrp png_ptr, png_inforp info_ptr)
 #ifdef PNG_READ_CHECK_FOR_INVALID_INDEX_SUPPORTED
    /* Report invalid palette index; added at libng-1.5.10 */
    if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE &&
-       png_ptr->num_palette_max > png_ptr->num_palette)
+       png_ptr->num_palette_max >= png_ptr->num_palette)
       png_benign_error(png_ptr, "Read palette index exceeding num_palette");
 #endif