[libpng16] Check for 0 return from png_get_rowbytes() in contrib/pngminus/*.c

to stop some Coverity issues (162705, 162706, and 162707).
2025-07-10 18:04:09 +02:00 · 2017-08-07 14:22:56 -05:00 · 2017-08-07 14:22:56 -05:00 · 646fad9d55
commit 646fad9d55
parent 06ec4252a4
4 changed files with 22 additions and 10 deletions
--- a/22
+++ b/22
@ -1,4 +1,4 @@
-Libpng 1.6.32beta11 - August 7, 2017
+Libpng 1.6.32beta12 - August 7, 2017

 This is not intended to be a public release. It will be replaced
 within a few weeks by a public version or by another test version.
@ -8,20 +8,20 @@ Files available for download:
 Source files with LF line endings (for Unix/Linux) and with a
 "configure" script

-   1.6.32beta11.tar.xz (LZMA-compressed, recommended)
-   1.6.32beta11.tar.gz
+   1.6.32beta12.tar.xz (LZMA-compressed, recommended)
+   1.6.32beta12.tar.gz

 Source files with CRLF line endings (for Windows), without the
 "configure" script

-   lp1632b11.7z  (LZMA-compressed, recommended)
-   lp1632b11.zip
+   lp1632b12.7z  (LZMA-compressed, recommended)
+   lp1632b12.zip

 Other information:

-   1.6.32beta11-README.txt
-   1.6.32beta11-LICENSE.txt
-   libpng-1.6.32beta11-*.asc (armored detached GPG signatures)
+   1.6.32beta12-README.txt
+   1.6.32beta12-LICENSE.txt
+   libpng-1.6.32beta12-*.asc (armored detached GPG signatures)

 Changes since the last public release (1.6.31):

@ -94,6 +94,12 @@ Version 1.6.32beta11 [August 7, 2017]
    after the keyword has been read.
  Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".

+Version 1.6.32beta12 [August 7, 2017]
+  Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
+    one for each known chunk type, with length = 2GB-1.
+  Check for 0 return from png_get_rowbytes() in contrib/pngminus/*.c to stop
+    some Coverity issues (162705, 162706, and 162707).
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
--- a/6
+++ b/6
@ -5977,6 +5977,12 @@ Version 1.6.32beta11 [August 7, 2017]
    after the keyword has been read.
  Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM".

+Version 1.6.32beta12 [August 7, 2017]
+  Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers,
+    one for each known chunk type, with length = 2GB-1.
+  Check for 0 return from png_get_rowbytes() in contrib/pngminus/*.c to stop
+    some Coverity issues (162705, 162706, and 162707).
+
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement
--- a/contrib/pngminus/png2pnm.c
+++ b/contrib/pngminus/png2pnm.c
@ -321,7 +321,7 @@ BOOL png2pnm (FILE *png_file, FILE *pnm_file, FILE *alpha_file,
  /* row_bytes is the width x number of channels x (bit-depth / 8) */
  row_bytes = png_get_rowbytes (png_ptr, info_ptr);

-  if (height > ((size_t)(-1))/row_bytes) /* too big */ {
+  if (!row_bytes || height > ((size_t)(-1))/row_bytes) /* too big */ {
    png_destroy_read_struct (&png_ptr, &info_ptr, NULL);
    return FALSE;
  }
--- a/contrib/pngminus/pnm2png.c
+++ b/contrib/pngminus/pnm2png.c
@ -374,7 +374,7 @@ BOOL pnm2png (FILE *pnm_file, FILE *png_file, FILE *alpha_file, BOOL interlace,
    /* row_bytes is the width x number of channels x (bit-depth / 8) */
    row_bytes = width * channels * ((bit_depth <= 8) ? 1 : 2);

-  if (height > ((size_t)(-1))/row_bytes) /* too big */ {
+  if (!rowbytes || height > ((size_t)(-1))/row_bytes) /* too big */ {
    return FALSE;
  }
  if ((png_pixels = (png_byte *)