mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

tools: Fix a buffer overflow involving a file name in pngfix

Browse Source 
Reported-by: Guoxiang Niu (@niugx), EaglEye Team
Reported-by: Riccardo Mori <patacca@autistici.org>
Reviewed-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
This commit is contained in:
Alberto Barbaro 2022-07-05 08:04:26 +01:00 committed by Cosmin Truta
parent 77c3a39299
commit 8a5732fcb3
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
contrib/tools/pngfix.c
View File

@ -3961,6 +3961,14 @@ main(int argc, const char **argv)
{ {
size_t outlen = strlen(*argv); size_t outlen = strlen(*argv);
if (outlen > FILENAME_MAX)
{
fprintf(stderr, "%s: output file name too long: %s%s%s\n",
prog, prefix, *argv, suffix ? suffix : "");
global.status_code |= WRITE_ERROR;
continue;
}
if (outfile == NULL) /* else this takes precedence */ if (outfile == NULL) /* else this takes precedence */
{ {
/* Consider the prefix/suffix options */ /* Consider the prefix/suffix options */
@ -4046,4 +4054,3 @@ main(void)
return 77; return 77;
} }
#endif /* PNG_SETJMP_SUPPORTED */ #endif /* PNG_SETJMP_SUPPORTED */