mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng12] Avoid out-of-bounds memory access while checking version string in

Browse Source 
pngread.c and pngwrite.c
This commit is contained in:
Glenn Randers-Pehrson
2014-11-06 08:26:18 -06:00
parent ee6be87332
commit afd39b47f7
4 changed files with 34 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
pngwrite.c
View File

@@ -525,15 +525,23 @@ png_create_write_struct_2(png_const_charp user_png_ver, png_voidp error_ptr,
#endif /* PNG_USER_MEM_SUPPORTED */
png_set_error_fn(png_ptr, error_ptr, error_fn, warn_fn);
if (user_png_ver)
if (user_png_ver != NULL)
{
i = 0;
int found_dots = 0;
i = -1;
do
{
if (user_png_ver[i] != png_libpng_ver[i])
i++;
if (user_png_ver[i] != PNG_LIBPNG_VER_STRING[i])
png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
} while (png_libpng_ver[i++]);
if (user_png_ver[i] == '.')
found_dots++;
} while (found_dots < 2 && user_png_ver[i] != 0 &&
PNG_LIBPNG_VER_STRING[i] != 0);
}
else
png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
if (png_ptr->flags & PNG_FLAG_LIBRARY_MISMATCH)
{
@@ -684,8 +692,9 @@ png_write_init_3(png_structpp ptr_ptr, png_const_charp user_png_ver,
png_warning(png_ptr,
"Application uses deprecated png_write_init() and should be recompiled.");
#endif
}
} while (png_libpng_ver[i++]);
}
i++;
} while (png_libpng_ver[i] != 0 && user_png_ver[i] != 0);
png_debug(1, "in png_write_init_3");