[libpng14] Fixed the recently reported 1's complement security issue by

replacing the value that is illegal in the PNG spec, in both signed and unsigned values, with 0. Illegal unsigned values (anything greater than or equal to 0x80000000) can still pass through, but since these are not illegal in ANSI-C (unlike 0x80000000 in the signed case) the checking that occurs later can catch them (John Bowler). Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert Seacord).
2025-07-10 18:04:09 +02:00 · 2015-08-19 12:47:00 -05:00
parent 9ef7029447
commit 41de766f12
7 changed files with 55 additions and 26 deletions
--- a/png.h
+++ b/png.h
@@ -1,7 +1,7 @@

 /* png.h - header file for PNG reference library
 *
- * libpng version 1.4.17beta01, July 13, 2015
+ * libpng version 1.4.17beta01, August 19, 2015
 *
 * Copyright (c) 1998-2015 Glenn Randers-Pehrson
 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
@@ -12,7 +12,7 @@
 * Authors and maintainers:
 *  libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat
 *  libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger
- *  libpng versions 0.97, January 1998, through 1.4.17beta01, July 13, 2015: Glenn
+ *  libpng versions 0.97, January 1998, through 1.4.17beta01, August 19, 2015: Glenn
 *  See also "Contributing Authors", below.
 *
 * Note about libpng version numbers:
@@ -215,7 +215,7 @@
 *
 * This code is released under the libpng license.
 *
- * libpng versions 1.0.7, July 1, 2000, through 1.4.17beta01, July 13, 2015, are
+ * libpng versions 1.0.7, July 1, 2000, through 1.4.17beta01, August 19, 2015, are
 * Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, and are
 * distributed according to the same disclaimer and license as libpng-1.0.6
 * with the following individuals added to the list of Contributing Authors:
@@ -322,7 +322,7 @@
 * Y2K compliance in libpng:
 * =========================
 *
- *    July 13, 2015
+ *    August 19, 2015
 *
 *    Since the PNG Development group is an ad-hoc body, we can't make
 *    an official declaration.
@@ -386,7 +386,7 @@
 /* Version information for png.h - this should match the version in png.c */
 #define PNG_LIBPNG_VER_STRING "1.4.17beta01"
 #define PNG_HEADER_VERSION_STRING \
-   " libpng version 1.4.17beta01 - July 13, 2015\n"
+   " libpng version 1.4.17beta01 - August 19, 2015\n"

 #define PNG_LIBPNG_VER_SONUM   14
 #define PNG_LIBPNG_VER_DLLNUM  14
@@ -2650,7 +2650,7 @@ PNG_EXPORT(png_bytep,png_get_io_chunk_name)

 #  define png_get_int_32(buf) \
     ((png_int_32)((*(buf) & 0x80) \
-      ? -((png_int_32)((png_get_uint_32(buf) ^ 0xffffffffL) + 1)) \
+      ? -((png_int_32)(((png_get_uint_32(buf)^0xffffffffU)+1U)&0x7fffffffU)) \
      : (png_int_32)png_get_uint_32(buf)))
 #else
 PNG_EXPORT(png_uint_32,png_get_uint_32) PNGARG((png_bytep buf));