diff --git a/contrib/conftest/nocompile-limits.dfa b/contrib/conftest/nocompile-limits.dfa new file mode 100644 index 000000000..24e1e2e08 --- /dev/null +++ b/contrib/conftest/nocompile-limits.dfa @@ -0,0 +1,21 @@ +# nolimits.dfa +# Build time configuration of libpng +# +# Author: John Bowler +# Copyright: (c) John Bowler, 2025 +# +# Usage rights: +# To the extent possible under law, the author has waived all copyright and +# related or neighboring rights to this work. This work is published from: +# United States. +# +# Build libpng without any limits and without run-time settable limits. Turning +# USER_LIMITS off reduces libpng code size by allowing compile-time elimination +# of some checking code. +# +option USER_LIMITS off + +@# define PNG_USER_WIDTH_MAX PNG_UINT_31_MAX +@# define PNG_USER_HEIGHT_MAX PNG_UINT_31_MAX +@# define PNG_USER_CHUNK_CACHE_MAX 0 +@# define PNG_USER_CHUNK_MALLOC_MAX 0 diff --git a/contrib/conftest/nolimits.dfa b/contrib/conftest/nolimits.dfa new file mode 100644 index 000000000..5b37fcf72 --- /dev/null +++ b/contrib/conftest/nolimits.dfa @@ -0,0 +1,19 @@ +# nolimits.dfa +# Build time configuration of libpng +# +# Author: John Bowler +# Copyright: (c) John Bowler, 2025 +# +# Usage rights: +# To the extent possible under law, the author has waived all copyright and +# related or neighboring rights to this work. This work is published from: +# United States. +# +# Build libpng without any limits. With these settigs run-time limits are still +# possible. +# +@# define PNG_USER_WIDTH_MAX PNG_UINT_31_MAX +@# define PNG_USER_HEIGHT_MAX PNG_UINT_31_MAX +@# define PNG_USER_CHUNK_CACHE_MAX 0 +@# define PNG_USER_CHUNK_MALLOC_MAX 0 + diff --git a/png.c b/png.c index f261753bc..d28dbcbb1 100644 --- a/png.c +++ b/png.c @@ -1600,21 +1600,9 @@ png_icc_check_length(png_const_structrp png_ptr, png_const_charp name, * the caller supplies the profile buffer so libpng doesn't allocate it. See * the call to icc_check_length below (the write case). */ -# ifdef PNG_SET_USER_LIMITS_SUPPORTED - else if (png_ptr->user_chunk_malloc_max > 0 && - png_ptr->user_chunk_malloc_max < profile_length) - return png_icc_profile_error(png_ptr, name, profile_length, - "exceeds application limits"); -# elif PNG_USER_CHUNK_MALLOC_MAX > 0 - else if (PNG_USER_CHUNK_MALLOC_MAX < profile_length) - return png_icc_profile_error(png_ptr, name, profile_length, - "exceeds libpng limits"); -# else /* !SET_USER_LIMITS */ - /* This will get compiled out on all 32-bit and better systems. */ - else if (PNG_SIZE_MAX < profile_length) - return png_icc_profile_error(png_ptr, name, profile_length, - "exceeds system limits"); -# endif /* !SET_USER_LIMITS */ + if (profile_length > png_chunk_max(png_ptr)) + return png_icc_profile_error(png_ptr, name, profile_length, + "profile too long"); return 1; } diff --git a/pngrutil.c b/pngrutil.c index e1354b70c..d0f3ed35d 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -4228,7 +4228,7 @@ png_read_IDAT_data(png_structrp png_ptr, png_bytep output, avail_in = png_ptr->IDAT_read_size; if (avail_in > png_chunk_max(png_ptr)) - avail_in = png_chunk_max(png_ptr); + avail_in = (uInt)/*SAFE*/png_chunk_max(png_ptr); if (avail_in > png_ptr->idat_size) avail_in = (uInt)png_ptr->idat_size; diff --git a/pngtest.c b/pngtest.c index 6477f4b90..e126049f6 100644 --- a/pngtest.c +++ b/pngtest.c @@ -2137,6 +2137,7 @@ main(int argc, char *argv[]) fprintf(STDERR, " libpng FAILS test\n"); dummy_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, NULL, NULL, NULL); +#ifdef PNG_USER_LIMITS_SUPPORTED fprintf(STDERR, " Default limits:\n"); fprintf(STDERR, " width_max = %lu\n", (unsigned long) png_get_user_width_max(dummy_ptr)); @@ -2152,6 +2153,7 @@ main(int argc, char *argv[]) else fprintf(STDERR, " malloc_max = %lu\n", (unsigned long) png_get_chunk_malloc_max(dummy_ptr)); +#endif png_destroy_read_struct(&dummy_ptr, NULL, NULL); return (ierror != 0);