From a2669c39c3fdcc3924fa31f63242353d41d97cbe Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Sat, 15 Dec 2012 11:09:44 -0600 Subject: [PATCH] [libpng15] Fixed a minor bug in types to malloc and major bug in handling compressed iTXt. Compressed iTXt could not be handled. Change was made earlier but omitted from libpng-1.5.14beta02 distributions. --- ANNOUNCE | 6 +++--- CHANGES | 6 +++--- pngrutil.c | 26 ++++++++++++++++++-------- pngwutil.c | 11 ++++------- 4 files changed, 28 insertions(+), 21 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 0f591e8b1..8f46f1fa9 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -36,17 +36,17 @@ Version 1.5.14beta02 [December 15, 2012] Added missing "-" in front of DNO_GZIP in contrib/pngminim/*/makefile. Check for png_ptr==NULL earlier in png_zalloc(). Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS(). - Fixed a minor bug in types to malloc and major bug in handling compressed - iTXt. Compressed iTXt could not be handled. Rearranged building of ARM NEON optimizations. The ARM specific code is split out entirely to the arm subdirectory and changes to configure.ac and Makefile.am to add new stuff are reduced. Now material code changes, although for build test purposes, --enable-arm-neon now builds on non-ARM systems. - Rebuilt Makefile.in, configure, etc., with autoconf-2.69 and automake-1.2.5. + Rebuilt Makefile.in, configure, etc., with autoconf-2.69 and automake-1.12.5. Fixed cases of unquoted DESTDIR in Makefile.am Version 1.5.14beta03 [December 15, 2012] + Fixed a minor bug in types to malloc and major bug in handling compressed + iTXt. Compressed iTXt could not be handled. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 950db3c82..4c934ac54 100644 --- a/CHANGES +++ b/CHANGES @@ -3929,17 +3929,17 @@ Version 1.5.14beta02 [December 15, 2012] Added missing "-" in front of DNO_GZIP in contrib/pngminim/*/makefile. Check for png_ptr==NULL earlier in png_zalloc(). Ignore, with a warning, out-of-range value of num_trans in png_set_tRNS(). - Fixed a minor bug in types to malloc and major bug in handling compressed - iTXt. Compressed iTXt could not be handled. Rearranged building of ARM NEON optimizations. The ARM specific code is split out entirely to the arm subdirectory and changes to configure.ac and Makefile.am to add new stuff are reduced. Now material code changes, although for build test purposes, --enable-arm-neon now builds on non-ARM systems. - Rebuilt Makefile.in, configure, etc., with autoconf-2.69 and automake-1.2.5. + Rebuilt Makefile.in, configure, etc., with autoconf-2.69 and automake-1.12.5. Fixed cases of unquoted DESTDIR in Makefile.am Version 1.5.14beta03 [December 15, 2012] + Fixed a minor bug in types to malloc and major bug in handling compressed + iTXt. Compressed iTXt could not be handled. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngrutil.c b/pngrutil.c index 16c078a40..2b0cf2302 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -2452,7 +2452,7 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) png_textp text_ptr; png_charp key, lang, text, lang_key; int comp_flag; - int comp_type = 0; + int comp_type; int ret; png_size_t slength, prefix_len, data_len; @@ -2533,15 +2533,24 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - else + comp_flag = *lang++; + comp_type = *lang++; + + /* 1.5.14: The spec says "for uncompressed text decoders shall ignore [the + * compression type]". The compression flag shall be 0 (no compression) or + * 1 (compressed with method 0 - deflate.) + */ + if (comp_flag != 0 && comp_flag != 1) { - comp_flag = *lang++; - comp_type = *lang++; + png_warning(png_ptr, "invalid iTXt compression flag"); + png_free(png_ptr, png_ptr->chunkdata); + png_ptr->chunkdata = NULL; + return; } - if (comp_type || (comp_flag && comp_flag != PNG_TEXT_COMPRESSION_zTXt)) + if (comp_flag/*compressed*/ && comp_type != 0) { - png_warning(png_ptr, "Unknown iTXt compression type or method"); + png_warning(png_ptr, "unknown iTXt compression type"); png_free(png_ptr, png_ptr->chunkdata); png_ptr->chunkdata = NULL; return; @@ -2577,7 +2586,7 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) key=png_ptr->chunkdata; - if (comp_flag) + if (comp_flag/*compressed*/) png_decompress_chunk(png_ptr, comp_type, (size_t)length, prefix_len, &data_len); @@ -2595,7 +2604,8 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - text_ptr->compression = (int)comp_flag + 1; + text_ptr->compression = + (comp_flag ? PNG_ITXT_COMPRESSION_zTXt : PNG_ITXT_COMPRESSION_NONE); text_ptr->lang_key = png_ptr->chunkdata + (lang_key - key); text_ptr->lang = png_ptr->chunkdata + (lang - key); text_ptr->itxt_length = data_len; diff --git a/pngwutil.c b/pngwutil.c index 24145cec6..ac2e69e5c 100644 --- a/pngwutil.c +++ b/pngwutil.c @@ -460,24 +460,21 @@ png_text_compress(png_structp png_ptr, old_ptr = comp->output_ptr; comp->output_ptr = (png_bytepp)png_malloc(png_ptr, - (png_alloc_size_t) - (comp->max_output_ptr * png_sizeof(png_charpp))); + (comp->max_output_ptr * png_sizeof(png_bytep))); png_memcpy(comp->output_ptr, old_ptr, old_max - * png_sizeof(png_charp)); + * png_sizeof(png_bytep)); png_free(png_ptr, old_ptr); } else comp->output_ptr = (png_bytepp)png_malloc(png_ptr, - (png_alloc_size_t) - (comp->max_output_ptr * png_sizeof(png_charp))); + (comp->max_output_ptr * png_sizeof(png_bytep))); } /* Save the data */ comp->output_ptr[comp->num_output_ptr] = - (png_bytep)png_malloc(png_ptr, - (png_alloc_size_t)png_ptr->zbuf_size); + (png_bytep)png_malloc(png_ptr, png_ptr->zbuf_size); png_memcpy(comp->output_ptr[comp->num_output_ptr], png_ptr->zbuf, png_ptr->zbuf_size);