From 33de006e127ffc330f12396bf6732682f804d115 Mon Sep 17 00:00:00 2001 From: Cosmin Truta Date: Sun, 20 Nov 2022 00:56:35 +0200 Subject: [PATCH] Turn large PNG chunks into benign errors Import Chromium commit https://chromium.googlesource.com/chromium/src/+/e87a02987101e2dbe319a4aba6b52470f7624b4a Add the author to the list of libpng contributing authors. Portions from the original commit message follow: *** A recent change to libpng [1] (included in Chromium with the recent libpng update [2]) turns chunks that are bigger than PNG_USER_CHUNK_MALLOC_MAX into failures. Although this matches the intent of PNG_USER_CHUNK_MALLOC_MAX, it also causes images which used to be viewable in Chromium to fail. Changing to a benign error allows us to display these images once again. Though it means we do allow libpng to allocate more than PNG_USER_CHUNK_MALLOC_MAX, it matches the behavior prior to [2] (when we were using 1.6.22), and it does not regress crbug.com/117369 [1] https://github.com/glennrp/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55 [2] https://chromium.googlesource.com/chromium/src/+/f82653a473f8de5fc86d0f2ecc75f6237e61946b *** Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=827754 Co-authored-by: Leon Scroggins III Signed-off-by: Cosmin Truta --- AUTHORS | 3 ++- pngrutil.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/AUTHORS b/AUTHORS index e6a58d245..9a8e3869e 100644 --- a/AUTHORS +++ b/AUTHORS @@ -35,9 +35,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/pngrutil.c b/pngrutil.c index ca060dd15..068ab193a 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -3186,7 +3186,7 @@ png_check_chunk_length(png_const_structrp png_ptr, png_uint_32 length) { png_debug2(0," length = %lu, limit = %lu", (unsigned long)length,(unsigned long)limit); - png_chunk_error(png_ptr, "chunk data is too large"); + png_benign_error(png_ptr, "chunk data is too large"); } }