mirror of
https://git.code.sf.net/p/libpng/code.git
synced 2025-07-10 18:04:09 +02:00
[libpng15] Added PNG_SAFE_LIMITS feature to pnglibconf.dfa
and code in pngconf.h to reset the user limits to safe ones if PNG_SAFE_LIMITS is defined.
This commit is contained in:
Glenn Randers-Pehrson
parent
d57dc304c4
commit
8ae616fa97
6
ANNOUNCE
6
ANNOUNCE
@ -1,5 +1,5 @@
|
||||
|
||||
Libpng 1.5.10beta01 - February 21, 2012
|
||||
Libpng 1.5.10beta01 - February 23, 2012
|
||||
|
||||
This is not intended to be a public release. It will be replaced
|
||||
within a few weeks by a public version or by another test version.
|
||||
@ -26,7 +26,7 @@ Other information:
|
||||
|
||||
Changes since the last public release (1.5.9):
|
||||
|
||||
Version 1.5.10beta01 [February 21, 2012]
|
||||
Version 1.5.10beta01 [February 23, 2012]
|
||||
Removed two useless #ifdef directives from pngread.c and one from pngrutil.c
|
||||
Always put the CMAKE_LIBRARY in "lib" (removed special WIN32 case).
|
||||
Removed empty vstudio/pngstest directory (Clifford Yapp).
|
||||
@ -35,6 +35,8 @@ Version 1.5.10beta01 [February 21, 2012]
|
||||
now that png_ptr->buffer is inaccessible to applications, the special
|
||||
handling is no longer useful.
|
||||
Fixed bug with png_handle_hIST with odd chunk length (Frank Busse).
|
||||
Added PNG_SAFE_LIMITS feature to pnglibconf.dfa and code in pngconf.h
|
||||
to reset the user limits to safe ones if PNG_SAFE_LIMITS is defined.
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net:
|
||||
(subscription required; visit
|
||||
|
||||
11
CHANGES
11
CHANGES
@ -3803,14 +3803,15 @@ Version 1.5.9beta02 [February 16, 2012]
|
||||
Removed tests for no-longer-used *_EMPTY_PLTE_SUPPORTED from pngstruct.h
|
||||
|
||||
Version 1.5.9rc01 [February 17, 2012]
|
||||
Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test
|
||||
on iCCP chunk length. Also removed spurious casts that may hide problems
|
||||
on 16-bit systems.
|
||||
Fixed CVE-2011-3026 buffer overrun bug. This bug was introduced when
|
||||
iCCP chunk support was added at libpng-1.0.6. Deal more correctly with the
|
||||
test on iCCP chunk length. Also removed spurious casts that may hide
|
||||
problems on 16-bit systems.
|
||||
|
||||
Version 1.5.9 [February 18, 2012]
|
||||
No changes.
|
||||
|
||||
Version 1.5.10beta01 [February 21, 2012]
|
||||
Version 1.5.10beta01 [February 23, 2012]
|
||||
Removed two useless #ifdef directives from pngread.c and one from pngrutil.c
|
||||
Always put the CMAKE_LIBRARY in "lib" (removed special WIN32 case).
|
||||
Removed empty vstudio/pngstest directory (Clifford Yapp).
|
||||
@ -3819,6 +3820,8 @@ Version 1.5.10beta01 [February 21, 2012]
|
||||
now that png_ptr->buffer is inaccessible to applications, the special
|
||||
handling is no longer useful.
|
||||
Fixed bug with png_handle_hIST with odd chunk length (Frank Busse).
|
||||
Added PNG_SAFE_LIMITS feature to pnglibconf.dfa and code in pngconf.h
|
||||
to reset the user limits to safe ones if PNG_SAFE_LIMITS is defined.
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
||||
22
pngconf.h
22
pngconf.h
@ -1,7 +1,7 @@
|
||||
|
||||
/* pngconf.h - machine configurable file for libpng
|
||||
*
|
||||
* libpng version 1.5.10beta01 - February 19, 2012
|
||||
* libpng version 1.5.10beta01 - February 23, 2012
|
||||
*
|
||||
* Copyright (c) 1998-2012 Glenn Randers-Pehrson
|
||||
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
|
||||
@ -22,6 +22,26 @@
|
||||
#ifndef PNGCONF_H
|
||||
#define PNGCONF_H
|
||||
|
||||
/* Feature added at libpng-1.5.10 */
|
||||
#ifdef PNG_SAFE_LIMITS_SUPPORTED
|
||||
# ifdef PNG_USER_WIDTH_MAX
|
||||
# undef PNG_USER_WIDTH_MAX
|
||||
# define PNG_USER_WIDTH_MAX 1000000L
|
||||
# endif
|
||||
# ifdef PNG_USER_HEIGHT_MAX
|
||||
# undef PNG_USER_HEIGHT_MAX
|
||||
# define PNG_USER_HEIGHT_MAX 1000000L
|
||||
# endif
|
||||
# ifdef PNG_USER_CHUNK_MALLOC_MAX
|
||||
# undef PNG_USER_CHUNK_MALLOC_MAX
|
||||
# define PNG_USER_CHUNK_MALLOC_MAX 4000000L
|
||||
# endif
|
||||
# ifdef PNG_USER_CHUNK_CACHE_MAX
|
||||
# undef PNG_USER_CHUNK_CACHE_MAX
|
||||
# define PNG_USER_CHUNK_CACHE_MAX 128
|
||||
# endif
|
||||
#endif
|
||||
|
||||
#ifndef PNG_BUILDING_SYMBOL_TABLE
|
||||
/* PNG_NO_LIMITS_H may be used to turn off the use of the standard C
|
||||
* definition file for machine specific limits, this may impact the
|
||||
|
||||
@ -260,6 +260,9 @@ option USER_LIMITS
|
||||
|
||||
option SET_USER_LIMITS requires USER_LIMITS
|
||||
|
||||
# Added at libpng-1.5.10
|
||||
option SAFE_LIMITS requires USER_LIMITS
|
||||
|
||||
# Feature added at libpng-1.4.0, this flag added at 1.4.1
|
||||
option SET_USER_LIMITS enables SET_CHUNK_CACHE_LIMIT
|
||||
# Feature added at libpng-1.4.1, this flag added at 1.4.1
|
||||
@ -269,8 +272,8 @@ option SET_USER_LIMITS enables SET_CHUNK_MALLOC_LIMIT
|
||||
# Added at libpng-1.0.16 and 1.2.6. To accept all valid PNGs no matter
|
||||
# how large, set these two limits to 0x7fffffff
|
||||
|
||||
setting USER_WIDTH_MAX default 1000000
|
||||
setting USER_HEIGHT_MAX default 1000000
|
||||
setting USER_WIDTH_MAX default 0x7fffffff
|
||||
setting USER_HEIGHT_MAX default 0x7fffffff
|
||||
|
||||
# Added at libpng-1.2.43. To accept all valid PNGs no matter
|
||||
# how large, set these two limits to 0.
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
|
||||
/* pnglibconf.h - library build configuration */
|
||||
|
||||
/* Libpng 1.5.10beta01 - February 19, 2012 */
|
||||
/* Libpng 1.5.10beta01 - February 23, 2012 */
|
||||
|
||||
/* Copyright (c) 1998-2011 Glenn Randers-Pehrson */
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user