From 34df4eb5adc75377a3af0443cabbee61e2fb1ec4 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Tue, 7 May 2013 13:50:50 -0500 Subject: [PATCH] [libpng16] Check for EOF in contrib/pngminus/pnm2png.c (Paul Stewart). --- ANNOUNCE | 1 + CHANGES | 1 + contrib/pngminus/pnm2png.c | 45 ++++++++++++++++++++++++++++---------- 3 files changed, 35 insertions(+), 12 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 9c63dcfe8..baafd51cb 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -51,6 +51,7 @@ Version 1.6.3beta05 [May 7, 2013] the windowBits setting in the zlib header. Zlib-1.2.8 and earlier don't allow us to decrease the windowBits, so undid the improvement in beta04. + Check for EOF in contrib/pngminus/pnm2png.c (Paul Stewart). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 662432d44..a263feb12 100644 --- a/CHANGES +++ b/CHANGES @@ -4534,6 +4534,7 @@ Version 1.6.3beta05 [May 7, 2013] the windowBits setting in the zlib header. Zlib-1.2.8 and earlier don't allow us to decrease the windowBits, so undid the improvement in beta04. + Check for EOF in contrib/pngminus/pnm2png.c (Paul Stewart). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/contrib/pngminus/pnm2png.c b/contrib/pngminus/pnm2png.c index 4cdfad831..76f394fbb 100644 --- a/contrib/pngminus/pnm2png.c +++ b/contrib/pngminus/pnm2png.c @@ -18,6 +18,7 @@ #include #include #endif +#include #ifndef BOOL #define BOOL unsigned char @@ -197,6 +198,9 @@ BOOL pnm2png (FILE *pnm_file, FILE *png_file, FILE *alpha_file, BOOL interlace, char height_token[16]; char maxval_token[16]; int color_type; + unsigned long ul_width, ul_alpha_width; + unsigned long ul_height, ul_alpha_height; + unsigned long ul_maxval; png_uint_32 width, alpha_width; png_uint_32 height, alpha_height; png_uint_32 maxval; @@ -227,11 +231,15 @@ BOOL pnm2png (FILE *pnm_file, FILE *png_file, FILE *alpha_file, BOOL interlace, raw = (type_token[1] == '5'); color_type = PNG_COLOR_TYPE_GRAY; get_token(pnm_file, width_token); - sscanf (width_token, "%lu", &width); + sscanf (width_token, "%lu", &ul_width); + width = (png_uint_32) ul_width; get_token(pnm_file, height_token); - sscanf (height_token, "%lu", &height); + sscanf (height_token, "%lu", &ul_height); + height = (png_uint_32) ul_height; get_token(pnm_file, maxval_token); - sscanf (maxval_token, "%lu", &maxval); + sscanf (maxval_token, "%lu", &ul_maxval); + maxval = (png_uint_32) ul_maxval; + if (maxval <= 1) bit_depth = 1; else if (maxval <= 3) @@ -248,11 +256,14 @@ BOOL pnm2png (FILE *pnm_file, FILE *png_file, FILE *alpha_file, BOOL interlace, raw = (type_token[1] == '6'); color_type = PNG_COLOR_TYPE_RGB; get_token(pnm_file, width_token); - sscanf (width_token, "%lu", &width); + sscanf (width_token, "%lu", &ul_width); + width = (png_uint_32) ul_width; get_token(pnm_file, height_token); - sscanf (height_token, "%lu", &height); + sscanf (height_token, "%lu", &ul_height); + height = (png_uint_32) ul_height; get_token(pnm_file, maxval_token); - sscanf (maxval_token, "%lu", &maxval); + sscanf (maxval_token, "%lu", &ul_maxval); + maxval = (png_uint_32) ul_maxval; if (maxval <= 1) bit_depth = 1; else if (maxval <= 3) @@ -287,15 +298,18 @@ BOOL pnm2png (FILE *pnm_file, FILE *png_file, FILE *alpha_file, BOOL interlace, { alpha_raw = (type_token[1] == '5'); get_token(alpha_file, width_token); - sscanf (width_token, "%lu", &alpha_width); + sscanf (width_token, "%lu", &ul_alpha_width); + alpha_width=(png_uint_32) ul_alpha_width; if (alpha_width != width) return FALSE; get_token(alpha_file, height_token); - sscanf (height_token, "%lu", &alpha_height); + sscanf (height_token, "%lu", &ul_alpha_height); + alpha_height = (png_uint_32) ul_alpha_height; if (alpha_height != height) return FALSE; get_token(alpha_file, maxval_token); - sscanf (maxval_token, "%lu", &maxval); + sscanf (maxval_token, "%lu", &ul_maxval); + maxval = (png_uint_32) ul_maxval; if (maxval <= 1) alpha_depth = 1; else if (maxval <= 3) @@ -446,19 +460,24 @@ BOOL pnm2png (FILE *pnm_file, FILE *png_file, FILE *alpha_file, BOOL interlace, void get_token(FILE *pnm_file, char *token) { int i = 0; + int ret; /* remove white-space */ do { - token[i] = (unsigned char) fgetc (pnm_file); + ret = fgetc(pnm_file); + if (ret == EOF) break; + token[i] = (unsigned char) ret; } while ((token[i] == '\n') || (token[i] == '\r') || (token[i] == ' ')); /* read string */ do { + ret = fgetc(pnm_file); + if (ret == EOF) break; i++; - token[i] = (unsigned char) fgetc (pnm_file); + token[i] = (unsigned char) ret; } while ((token[i] != '\n') && (token[i] != '\r') && (token[i] != ' ')); @@ -510,6 +529,7 @@ png_uint_32 get_value (FILE *pnm_file, int depth) { static png_uint_32 mask = 0; png_byte token[16]; + unsigned long ul_ret_value; png_uint_32 ret_value; int i = 0; @@ -518,7 +538,8 @@ png_uint_32 get_value (FILE *pnm_file, int depth) mask = (mask << 1) | 0x01; get_token (pnm_file, (char *) token); - sscanf ((const char *) token, "%lu", &ret_value); + sscanf ((const char *) token, "%lu", &ul_ret_value); + ret_value = (png_uint_32) ul_ret_value; ret_value &= mask;