mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng15] Fixed a minor bug in types to malloc and major bug in handling

Browse Source 
compressed iTXt. Compressed iTXt could not be handled. Change was made
earlier but omitted from libpng-1.5.14beta02 distributions.
This commit is contained in:
Glenn Randers-Pehrson
2012-12-15 11:09:44 -06:00
parent c53980584e
commit a2669c39c3
4 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
pngrutil.c
View File

@@ -2452,7 +2452,7 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_textp text_ptr;
png_charp key, lang, text, lang_key;
int comp_flag;
int comp_type = 0;
int comp_type;
int ret;
png_size_t slength, prefix_len, data_len;
@@ -2533,15 +2533,24 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
else
comp_flag = *lang++;
comp_type = *lang++;
/* 1.5.14: The spec says "for uncompressed text decoders shall ignore [the
* compression type]". The compression flag shall be 0 (no compression) or
* 1 (compressed with method 0 - deflate.)
*/
if (comp_flag != 0 && comp_flag != 1)
{
comp_flag = *lang++;
comp_type = *lang++;
png_warning(png_ptr, "invalid iTXt compression flag");
png_free(png_ptr, png_ptr->chunkdata);
png_ptr->chunkdata = NULL;
return;
}
if (comp_type || (comp_flag && comp_flag != PNG_TEXT_COMPRESSION_zTXt))
if (comp_flag/*compressed*/ && comp_type != 0)
{
png_warning(png_ptr, "Unknown iTXt compression type or method");
png_warning(png_ptr, "unknown iTXt compression type");
png_free(png_ptr, png_ptr->chunkdata);
png_ptr->chunkdata = NULL;
return;
@@ -2577,7 +2586,7 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
key=png_ptr->chunkdata;
if (comp_flag)
if (comp_flag/*compressed*/)
png_decompress_chunk(png_ptr, comp_type,
(size_t)length, prefix_len, &data_len);
@@ -2595,7 +2604,8 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
text_ptr->compression = (int)comp_flag + 1;
text_ptr->compression =
(comp_flag ? PNG_ITXT_COMPRESSION_zTXt : PNG_ITXT_COMPRESSION_NONE);
text_ptr->lang_key = png_ptr->chunkdata + (lang_key - key);
text_ptr->lang = png_ptr->chunkdata + (lang - key);
text_ptr->itxt_length = data_len;