mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng17] Made the check for out-of-range values in png_set_tRNS() work on

Browse Source 
16-bit platforms.
This commit is contained in:
Glenn Randers-Pehrson 2015-01-07 18:59:10 -06:00
parent 3e04e189d8
commit 56e6741b25
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.7.0beta47 - January 2, 2015 Libpng 1.7.0beta47 - January 8, 2015
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -687,7 +687,9 @@ Version 1.7.0beta46 [January 2, 2015]
Fixed byte order in 2-byte filler, in png_do_read_filler(). Fixed byte order in 2-byte filler, in png_do_read_filler().
Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins). Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
Version 1.7.0beta47 [January 2, 2015] Version 1.7.0beta47 [January 8, 2015]
Made the check for out-of-range values in png_set_tRNS() work on
16-bit platforms.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

6
CHANGES
View File

@ -4956,7 +4956,7 @@ Version 1.7.0beta43 [December 18, 2014]
Version 1.7.0beta44 [December 23, 2014] Version 1.7.0beta44 [December 23, 2014]
Restored a test on width that was removed from png.c at libpng-1.6.9 Restored a test on width that was removed from png.c at libpng-1.6.9
(Bug report by Alex Eubanks). (Bug report by Alex Eubanks, CVE-2014-9495).
Fixed an overflow in png_combine_row with very wide interlaced images. Fixed an overflow in png_combine_row with very wide interlaced images.
Corrected the width limit calculation in png_check_IHDR(). Corrected the width limit calculation in png_check_IHDR().
Removed extraneous handling of PNG_SAFE_LIMITS_SUPPORTED from pngconf.h Removed extraneous handling of PNG_SAFE_LIMITS_SUPPORTED from pngconf.h
@ -4976,7 +4976,9 @@ Version 1.7.0beta46 [January 2, 2015]
Fixed byte order in 2-byte filler, in png_do_read_filler(). Fixed byte order in 2-byte filler, in png_do_read_filler().
Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins). Allow user to call png_get_IHDR() with NULL arguments (Reuben Hawkins).
Version 1.7.0beta47 [January 2, 2015] Version 1.7.0beta47 [January 8, 2015]
Made the check for out-of-range values in png_set_tRNS() work on
16-bit platforms.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

4
pngset.c
View File

@ -987,9 +987,9 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
info_ptr->valid &= ~PNG_INFO_tRNS; info_ptr->valid &= ~PNG_INFO_tRNS;
info_ptr->num_trans = 0; /* for png_get_tRNS */ info_ptr->num_trans = 0; /* for png_get_tRNS */
if (trans_color != NULL) if (trans_color != NULL && info_ptr->bit_depth < 16)
{ {
int sample_max = (1 << info_ptr->bit_depth); png_uint_16 sample_max = (1 << info_ptr->bit_depth) - 1;
if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY && if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY &&
trans_color->gray <= sample_max) || trans_color->gray <= sample_max) ||