mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng16] Attempt to debug Uninitialized Memory Read in png_set_text_2(),

Browse Source 
detected by the oss-fuzz project.
This commit is contained in:
Glenn Randers-Pehrson
2017-09-12 08:52:44 -05:00
parent 61d29bfc80
commit 76b269b1f4
3 changed files with 11 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
pngset.c
View File

@@ -886,10 +886,11 @@ png_set_text_2(png_const_structrp png_ptr, png_inforp info_ptr,
if (text_ptr[i].text == NULL)
text_is_null=1;
else if (text_ptr[i].text[0] == '\0')
else if (text_ptr[i].text[0] == '\0') /* FIX THIS */
text_0_is_0=1;
if (text_is_null)
/* oss-fuzz complains of UMR on the reference to text_0_is_0 */
if (text_is_null || text_0_is_0)
{
text_length = 0;
# ifdef PNG_iTXt_SUPPORTED
@@ -900,18 +901,6 @@ png_set_text_2(png_const_structrp png_ptr, png_inforp info_ptr,
# endif
textp->compression = PNG_TEXT_COMPRESSION_NONE;
}
else if (text_0_is_0)
{
text_length = 0;
# ifdef PNG_iTXt_SUPPORTED
if (text_ptr[i].compression > 0)
textp->compression = PNG_ITXT_COMPRESSION_NONE;
else
# endif
textp->compression = PNG_TEXT_COMPRESSION_NONE;
}
else
{
text_length = strlen(text_ptr[i].text);