[libpng17] Fixed new Coverity defect, potential NULL dereference of "ps"

in pngwutil.c; Added temporary workaround for Coverity "Dead code" defect.
2025-07-10 18:04:09 +02:00 · 2016-01-07 09:24:56 -06:00 · 2016-01-07 09:24:56 -06:00 · 6d5f00571d
commit 6d5f00571d
parent 4705951df1
3 changed files with 13 additions and 4 deletions
--- a/6
+++ b/6
@ -1,5 +1,5 @@

-Libpng 1.7.0beta76 - January 6, 2016
+Libpng 1.7.0beta76 - January 7, 2016

 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@ -1139,7 +1139,7 @@ Version 1.7.0beta75 [December 21, 2015]
    struct; put the check that relies on pz->list being non-NULL
    second (David Drysdale).

-Version 1.7.0beta76 [January 6, 2016]
+Version 1.7.0beta76 [January 7, 2016]
  Corrected the options handling. Setting the new, higher, option
    bits triggered the byte check (which is no longer necessary).
  Added NULL pz->list test to png_zlib_compress_validate().  This seems
@ -1169,6 +1169,8 @@ Version 1.7.0beta76 [January 6, 2016]
    Fuzzy Lop, reported by Brian Carpenter.
  Marked 'limit' UNUSED in transform_range_check().  This only affects
    release builds.
+  Fixed new Coverity defect, potential NULL dereference of "ps" in pngwutil.c
+  Added temporary workaround for Coverity "Dead code" defect.

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/4
+++ b/4
@ -5438,7 +5438,7 @@ Version 1.7.0beta75 [December 21, 2015]
    struct; put the check that relies on pz->list being non-NULL
    second (David Drysdale).

-Version 1.7.0beta76 [January 6, 2016]
+Version 1.7.0beta76 [January 7, 2016]
  Corrected the options handling. Setting the new, higher, option
    bits triggered the byte check (which is no longer necessary).
  Added NULL pz->list test to png_zlib_compress_validate().  This seems
@ -5468,6 +5468,8 @@ Version 1.7.0beta76 [January 6, 2016]
    Fuzzy Lop, reported by Brian Carpenter.
  Marked 'limit' UNUSED in transform_range_check().  This only affects
    release builds.
+  Fixed new Coverity defect, potential NULL dereference of "ps" in pngwutil.c
+  Added temporary workaround for Coverity "Dead code" defect.

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/pngwutil.c
+++ b/pngwutil.c
@ -2258,7 +2258,7 @@ png_start_IDAT(png_structrp png_ptr)
      /* Default both filter_mask and zlib_strategy here, now that png_ptr has
       * all the IHDR fields set.
       */
-      if (ps->filter_mask == PNG_NO_FILTERS/*unset*/)
+      if (ps && ps->filter_mask == PNG_NO_FILTERS/*unset*/)
      {
         /* If there is no filter selection algorithm enabled then the only
          * option is PNG_FILTER_NONE.
@ -3257,7 +3257,12 @@ select_filter_methodically_better(png_structrp png_ptr, png_zlib_compressp pz,
               ret = deflate(&zs, flush);
            } while (ret == Z_OK && zs.avail_out == 0U);

+#if 0
+            /* TODO: fix this (Coverity issue Z_STREAM_END is dead code) */
            if (ret == (flush == Z_FINISH ? Z_STREAM_END : Z_OK))
+#else
+            if (ret == Z_OK)
+#endif /* 0 */
            {
               /* This cannot underflow because the check above is performed
                * before adding 'avail_out' to l: