mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng14] Avoid out-of-bounds memory access in png_user_version_check().

Browse Source 
Simplified and future-proofed png_user_version_check().
This commit is contained in:
Glenn Randers-Pehrson
2014-11-06 08:12:12 -06:00
parent 852b1140b9
commit 893653512f
4 changed files with 32 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
pngwrite.c
View File

@@ -480,7 +480,6 @@ png_create_write_struct_2(png_const_charp user_png_ver, png_voidp error_ptr,
jmp_buf jmpbuf;
#endif
#endif
int i;
png_debug(1, "in png_create_write_struct");
@@ -519,14 +518,20 @@ png_create_write_struct_2(png_const_charp user_png_ver, png_voidp error_ptr,
#endif /* PNG_USER_MEM_SUPPORTED */
png_set_error_fn(png_ptr, error_ptr, error_fn, warn_fn);
if (user_png_ver)
if (user_png_ver != NULL)
{
i = 0;
int i = -1;
int found_dots = 0;
do
{
if (user_png_ver[i] != png_libpng_ver[i])
i++;
if (user_png_ver[i] != PNG_LIBPNG_VER_STRING[i])
png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
} while (png_libpng_ver[i++]);
if (user_png_ver[i] == '.')
found_dots++;
} while (found_dots < 2 && user_png_ver[i] != 0 &&
PNG_LIBPNG_VER_STRING[i] != 0);
}
if (png_ptr->flags & PNG_FLAG_LIBRARY_MISMATCH)