[libpng15] Merged pngtest.c with libpng-1.6.17/pngtest.c

Display user limits in the output from pngtest. Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column and 1-million-row default limits in pnglibconf.dfa, that can be reset by the user at build time or run time. This provides a more robust defense against DOS and as-yet undiscovered overflows.
2025-07-10 18:04:09 +02:00 · 2015-02-16 22:56:30 -06:00
parent c34f3658a7
commit 8a6253ed6f
7 changed files with 151 additions and 133 deletions
--- a/scripts/pnglibconf.dfa
+++ b/scripts/pnglibconf.dfa
@@ -282,41 +282,32 @@ option IO_STATE

 #option READ_BIG_ENDIAN disabled

-# Allow users to control limits on what the READ code will
-# read:
-
-# Added at libpng-1.2.43; adds limit fields to png_struct,
-# allows some usages of these fields
-
-option USER_LIMITS
-
-# Added at libpng-1.2.6; adds setting APIs, allows additional
-# usage of this field (UTSL)
-
-option SET_USER_LIMITS requires USER_LIMITS
-
-# Feature added at libpng-1.4.0, this flag added at 1.4.1
-option SET_USER_LIMITS enables SET_CHUNK_CACHE_LIMIT
-# Feature added at libpng-1.4.1, this flag added at 1.4.1
-
-option SET_USER_LIMITS enables SET_CHUNK_MALLOC_LIMIT
-
-# Libpng limits.
+# Libpng limits: limit the size of images and data on read.
 #
-# If these settings are *not* set libpng will not limit the size of
-# images or the size of data in ancilliary chunks.  This does lead to
-# security issues if PNG files come from untrusted sources.
-setting USER_WIDTH_MAX
-setting USER_HEIGHT_MAX
-setting USER_CHUNK_CACHE_MAX
-setting USER_CHUNK_MALLOC_MAX
+# If this option is disabled all the limit checking code will be disabled:

-# To default all these settings to values that are large but probably
-# safe turn the SAFE_LIMITS option on; this will cause the value in
-# pngpriv.h to be used.  Individual values can also be set, simply set
-# them in pngusr.dfa with '@#define PNG_setting value' lines.
-option SAFE_LIMITS enables USER_LIMITS disabled
-= SAFE_LIMITS SAFE_LIMITS
+option USER_LIMITS requires READ
+
+# The default settings given below for the limits mean that libpng will
+# limit the size of images or the size of data in ancilliary chunks to less
+# than the specification or implementation limits. Settings have the
+# following interpretations:
+#
+# USER_WIDTH_MAX: maximum width of an image that will be read
+# USER_HEIGHT_MAX: maximum height
+# USER_CHUNK_MALLOC_MAX: maximum in-memory (decompressed) size of a single chunk
+# USER_CHUNK_CACHE_MAX: maximum number of chunks to be cached
+#
+# Only chunks that are variable in number are counted towards the
+# USER_CHUNK_CACHE_MAX limit
+setting USER_WIDTH_MAX default        1000000 /* Use 0x7fffffff for unlimited */
+setting USER_HEIGHT_MAX default       1000000 /* Use 0x7fffffff for unlimited */
+setting USER_CHUNK_CACHE_MAX default     1000 /* Use 0 for unlimited */
+setting USER_CHUNK_MALLOC_MAX default 8000000 /* Use 0 for unlimited */
+
+# If this option is enabled APIs to set the above limits at run time are added;
+# without this the hardwired (compile time) limits will be used.
+option SET_USER_LIMITS requires USER_LIMITS

 # All of the following options relate to code capabilities for
 # processing image data before creating a PNG or after reading one.