mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng15] Fixed an overflow in png_combine_row with very wide interlaced

Browse Source 
images.
This commit is contained in:
John Bowler 2014-12-21 16:40:33 -06:00 committed by Glenn Randers-Pehrson
parent 90238dfe7a
commit 7a6bbfd649
3 changed files with 19 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.5.21rc02 - December 21, 2014
Libpng 1.5.21rc03 - December 21, 2014
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
@ -9,21 +9,21 @@ Files available for download:
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
1.5.21rc02.tar.xz (LZMA-compressed, recommended)
1.5.21rc02.tar.gz
1.5.21rc02.tar.bz2
1.5.21rc03.tar.xz (LZMA-compressed, recommended)
1.5.21rc03.tar.gz
1.5.21rc03.tar.bz2
Source files with CRLF line endings (for Windows), without the
"configure" script
lp1521r02.7z (LZMA-compressed, recommended)
lp1521r02.zip
lp1521r03.7z (LZMA-compressed, recommended)
lp1521r03.zip
Other information:
1.5.21rc02-README.txt
1.5.21rc02-LICENSE.txt
libpng-1.5.21rc02-*.asc (armored detached GPG signatures)
1.5.21rc03-README.txt
1.5.21rc03-LICENSE.txt
libpng-1.5.21rc03-*.asc (armored detached GPG signatures)
Changes since the last public release (1.5.20):
@ -36,7 +36,10 @@ Version 1.5.21rc01 [December 21, 2014]
(Bug report by Alex Eubanks).
Version 1.5.21rc02 [December 21, 2014]
Undid the update to pngrutil.c in 1.6.16rc01.
Undid the update to pngrutil.c in 1.5.21rc01.
Version 1.5.21rc03 [December 21, 2014]
Fixed an overflow in png_combine_row with very wide interlaced images.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit

3
CHANGES
View File

@ -4284,6 +4284,9 @@ Version 1.5.21rc01 [December 21, 2014]
Version 1.5.21rc02 [December 21, 2014]
Undid the update to pngrutil.c in 1.6.16rc01.
Version 1.5.21rc03 [December 21, 2014]
Fixed an overflow in png_combine_row with very wide interlaced images.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement

6
pngrutil.c
View File

@ -2805,7 +2805,7 @@ png_combine_row(png_structp png_ptr, png_bytep dp, int display)
{
unsigned int pixel_depth = png_ptr->transformed_pixel_depth;
png_const_bytep sp = png_ptr->row_buf + 1;
png_uint_32 row_width = png_ptr->width;
png_alloc_size_t row_width = png_ptr->width;
unsigned int pass = png_ptr->pass;
png_bytep end_ptr = 0;
png_byte end_byte = 0;
@ -3078,7 +3078,7 @@ png_combine_row(png_structp png_ptr, png_bytep dp, int display)
/* But don't allow this number to exceed the actual row width. */
if (bytes_to_copy > row_width)
bytes_to_copy = row_width;
bytes_to_copy = (unsigned int)/*SAFE*/row_width;
}
else /* normal row; Adam7 only ever gives us one pixel to copy. */
@ -3256,7 +3256,7 @@ png_combine_row(png_structp png_ptr, png_bytep dp, int display)
dp += bytes_to_jump;
row_width -= bytes_to_jump;
if (bytes_to_copy > row_width)
bytes_to_copy = row_width;
bytes_to_copy = (unsigned int)/*SAFE*/row_width;
}
}