diff --git a/ANNOUNCE b/ANNOUNCE index 26a2c3635..ee8840fe6 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.7.0beta79 - February 14, 2016 +Libpng 1.7.0beta79 - March 7, 2016 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -1239,7 +1239,7 @@ Version 1.7.0beta78 [January 23, 2016] 32 bits of address space when size_t/ptrdiff_t are 64 bit types. Revised workaround for false-positive Coverity issue in pngvalid.c. -Version 1.7.0beta79 [February 14, 2016] +Version 1.7.0beta79 [March 7, 2016] Only use exit(77) in configure builds. Corrected error in PNG_IMAGE_PNG_SIZE_MAX. This new macro underreported the palette size because it failed to take into account that the memory @@ -1261,7 +1261,8 @@ Version 1.7.0beta79 [February 14, 2016] the application makes (previously low windowBits settings would get reset to higher values.) Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h - (Robert C. Seacord). Various other flags in png.h made unsigned as well. + (Robert C. Seacord). Various other flags in png.h made unsigned as well. + Fixed some misleading indentation (Krishnaraj Bhat). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index c01869702..810678fe9 100644 --- a/CHANGES +++ b/CHANGES @@ -4922,7 +4922,8 @@ Version 1.7.0beta40 [November 6, 2014] (bug report by Marcin Juszkiewicz, fix by John Bowler). Use png_get_libpng_ver(NULL) instead of PNG_LIBPNG_VER_STRING in example.c, pngtest.c, and applications in the contrib directory. - Avoid out-of-bounds memory access in png_user_version_check(). + Fixed an out-of-range read in png_user_version_check() (Bug report from + Qixue Xiao, CVE-2015-8540). Simplified and future-proofed png_user_version_check(). Fixed GCC unsigned int->float warnings. Various versions of GCC seem to generate warnings when an unsigned value is implicitly @@ -5538,7 +5539,7 @@ Version 1.7.0beta78 [January 23, 2016] 32 bits of address space when size_t/ptrdiff_t are 64 bit types. Revised workaround for false-positive Coverity issue in pngvalid.c. -Version 1.7.0beta79 [February 14, 2016] +Version 1.7.0beta79 [March 7, 2016] Only use exit(77) in configure builds. Corrected error in PNG_IMAGE_PNG_SIZE_MAX. This new macro underreported the palette size because it failed to take into account that the memory @@ -5560,7 +5561,8 @@ Version 1.7.0beta79 [February 14, 2016] the application makes (previously low windowBits settings would get reset to higher values.) Changed PNG_INFO_cHNK and PNG_FREE_cHNK from 0xnnnn to 0xnnnnU in png.h - (Robert C. Seacord). Various other flags in png.h made unsigned as well. + (Robert C. Seacord). Various other flags in png.h made unsigned as well. + Fixed some misleading indentation (Krishnaraj Bhat). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/contrib/libtests/pngvalid.c b/contrib/libtests/pngvalid.c index c82c269fd..fa25e3961 100644 --- a/contrib/libtests/pngvalid.c +++ b/contrib/libtests/pngvalid.c @@ -3307,10 +3307,10 @@ init_standard_palette(png_store *ps, png_structp pp, png_infop pi, int npalette, for (; i<256; ++i) tRNS[i] = 24; -# ifdef PNG_WRITE_tRNS_SUPPORTED - if (j > 0) - png_set_tRNS(pp, pi, tRNS, j, 0/*color*/); -# endif +#ifdef PNG_WRITE_tRNS_SUPPORTED + if (j > 0) + png_set_tRNS(pp, pi, tRNS, j, 0/*color*/); +#endif } } @@ -7937,11 +7937,11 @@ image_transform_png_set_background_set(const image_transform *this, else back.gray = (png_uint_16)data.red; -# ifdef PNG_FLOATING_POINT_SUPPORTED - png_set_background(pp, &back, PNG_BACKGROUND_GAMMA_FILE, expand, 0); -# else - png_set_background_fixed(pp, &back, PNG_BACKGROUND_GAMMA_FILE, expand, 0); -# endif +#ifdef PNG_FLOATING_POINT_SUPPORTED + png_set_background(pp, &back, PNG_BACKGROUND_GAMMA_FILE, expand, 0); +#else + png_set_background_fixed(pp, &back, PNG_BACKGROUND_GAMMA_FILE, expand, 0); +#endif this->next->set(this->next, that, pp, pi); } diff --git a/pngget.c b/pngget.c index 1940c258a..c8a4c1f51 100644 --- a/pngget.c +++ b/pngget.c @@ -1140,6 +1140,7 @@ png_get_user_chunk_ptr(png_const_structrp png_ptr) { if (png_ptr) return png_ptr->user_chunk_ptr; + return NULL; } #endif @@ -1151,9 +1152,10 @@ png_get_compression_buffer_size(png_const_structrp png_ptr) return 0; # if defined(PNG_SEQUENTIAL_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) - return png_ptr->IDAT_size; + return png_ptr->IDAT_size; + # else - return PNG_IDAT_READ_SIZE; /* progressive reader */ + return PNG_IDAT_READ_SIZE; /* progressive reader */ # endif } diff --git a/pngread.c b/pngread.c index 4557b2efe..8cd02e2c1 100644 --- a/pngread.c +++ b/pngread.c @@ -122,29 +122,29 @@ png_create_read_struct_2,(png_const_charp user_png_ver, png_voidp error_ptr, /* Added in libpng-1.6.0; this can be used to detect a read structure if * required (it will be zero in a write structure.) */ -# ifdef PNG_SEQUENTIAL_READ_SUPPORTED - png_ptr->IDAT_size = PNG_IDAT_READ_SIZE; -# endif /* SEQUENTIAL_READ */ +# ifdef PNG_SEQUENTIAL_READ_SUPPORTED + png_ptr->IDAT_size = PNG_IDAT_READ_SIZE; +# endif /* SEQUENTIAL_READ */ -# ifdef PNG_BENIGN_READ_ERRORS_SUPPORTED - png_ptr->flags |= PNG_FLAG_BENIGN_ERRORS_WARN; - png_ptr->flags |= PNG_FLAG_APP_WARNINGS_WARN; +# ifdef PNG_BENIGN_READ_ERRORS_SUPPORTED + png_ptr->flags |= PNG_FLAG_BENIGN_ERRORS_WARN; + png_ptr->flags |= PNG_FLAG_APP_WARNINGS_WARN; - /* In stable builds only warn if an application error can be completely - * handled. - */ -# if PNG_RELEASE_BUILD - png_ptr->flags |= PNG_FLAG_APP_ERRORS_WARN; -# endif -# endif /* BENIGN_READ_ERRORS */ + /* In stable builds only warn if an application error can be completely + * handled. + */ +# if PNG_RELEASE_BUILD + png_ptr->flags |= PNG_FLAG_APP_ERRORS_WARN; +# endif +# endif /* BENIGN_READ_ERRORS */ -# ifdef PNG_READ_GAMMA_SUPPORTED - /* Default gamma correction values: */ -#if 0 /*NYI*/ - png_ptr->gamma_accuracy = PNG_DEFAULT_GAMMA_ACCURACY; -#endif /*NYI*/ - png_ptr->gamma_threshold = PNG_GAMMA_THRESHOLD_FIXED; -# endif /* READ_GAMMA */ +# ifdef PNG_READ_GAMMA_SUPPORTED + /* Default gamma correction values: */ +# if 0 /*NYI*/ + png_ptr->gamma_accuracy = PNG_DEFAULT_GAMMA_ACCURACY; +# endif /*NYI*/ + png_ptr->gamma_threshold = PNG_GAMMA_THRESHOLD_FIXED; +# endif /* READ_GAMMA */ } return png_ptr; @@ -1883,17 +1883,17 @@ png_create_colormap_entry(png_image_read_control *display, /* Store the value. */ { -# ifdef PNG_FORMAT_AFIRST_SUPPORTED - const int afirst = (image->format & PNG_FORMAT_FLAG_AFIRST) != 0 && - (image->format & PNG_FORMAT_FLAG_ALPHA) != 0; -# else -# define afirst 0 -# endif -# ifdef PNG_FORMAT_BGR_SUPPORTED - const int bgr = (image->format & PNG_FORMAT_FLAG_BGR) != 0 ? 2 : 0; -# else -# define bgr 0 -# endif +# ifdef PNG_FORMAT_AFIRST_SUPPORTED + const int afirst = (image->format & PNG_FORMAT_FLAG_AFIRST) != 0 && + (image->format & PNG_FORMAT_FLAG_ALPHA) != 0; +# else +# define afirst 0 +# endif +# ifdef PNG_FORMAT_BGR_SUPPORTED + const int bgr = (image->format & PNG_FORMAT_FLAG_BGR) != 0 ? 2 : 0; +# else +# define bgr 0 +# endif if (output_encoding == P_LINEAR) { @@ -1981,12 +1981,12 @@ png_create_colormap_entry(png_image_read_control *display, } } -# ifdef afirst -# undef afirst -# endif -# ifdef bgr -# undef bgr -# endif +# ifdef afirst +# undef afirst +# endif +# ifdef bgr +# undef bgr +# endif } # undef png_ptr @@ -3629,11 +3629,11 @@ png_image_read_background(png_voidp argument) unsigned int outchannels = 1+preserve_alpha; int swap_alpha = 0; -# ifdef PNG_SIMPLIFIED_READ_AFIRST_SUPPORTED - if (preserve_alpha != 0 && - (image->format & PNG_FORMAT_FLAG_AFIRST) != 0) - swap_alpha = 1; -# endif +#ifdef PNG_SIMPLIFIED_READ_AFIRST_SUPPORTED + if (preserve_alpha != 0 && + (image->format & PNG_FORMAT_FLAG_AFIRST) != 0) + swap_alpha = 1; +#endif for (pass = 0; pass < passes; ++pass) { @@ -3917,15 +3917,15 @@ png_image_read_direct(png_voidp argument) else filler = 255; -# ifdef PNG_FORMAT_AFIRST_SUPPORTED - if ((format & PNG_FORMAT_FLAG_AFIRST) != 0) - { - where = PNG_FILLER_BEFORE; - change &= PNG_BIC_MASK(PNG_FORMAT_FLAG_AFIRST); - } +#ifdef PNG_FORMAT_AFIRST_SUPPORTED + if ((format & PNG_FORMAT_FLAG_AFIRST) != 0) + { + where = PNG_FILLER_BEFORE; + change &= PNG_BIC_MASK(PNG_FORMAT_FLAG_AFIRST); + } - else -# endif + else +#endif where = PNG_FILLER_AFTER; png_set_add_alpha(png_ptr, filler, where); @@ -3941,45 +3941,45 @@ png_image_read_direct(png_voidp argument) */ png_set_alpha_mode_fixed(png_ptr, mode, output_gamma); -# ifdef PNG_FORMAT_BGR_SUPPORTED - if ((change & PNG_FORMAT_FLAG_BGR) != 0) +# ifdef PNG_FORMAT_BGR_SUPPORTED + if ((change & PNG_FORMAT_FLAG_BGR) != 0) + { + /* Check only the output format; PNG is never BGR; don't do this if + * the output is gray, but fix up the 'format' value in that case. + */ + if ((format & PNG_FORMAT_FLAG_COLOR) != 0) + png_set_bgr(png_ptr); + + else + format &= PNG_BIC_MASK(PNG_FORMAT_FLAG_BGR); + + change &= PNG_BIC_MASK(PNG_FORMAT_FLAG_BGR); + } +# endif + +# ifdef PNG_FORMAT_AFIRST_SUPPORTED + if ((change & PNG_FORMAT_FLAG_AFIRST) != 0) + { + /* Only relevant if there is an alpha channel - it's particularly + * important to handle this correctly because do_local_compose may + * be set above and then libpng will keep the alpha channel for this + * code to remove. + */ + if ((format & PNG_FORMAT_FLAG_ALPHA) != 0) { - /* Check only the output format; PNG is never BGR; don't do this if - * the output is gray, but fix up the 'format' value in that case. + /* Disable this if doing a local background, + * TODO: remove this when local background is no longer required. */ - if ((format & PNG_FORMAT_FLAG_COLOR) != 0) - png_set_bgr(png_ptr); - - else - format &= PNG_BIC_MASK(PNG_FORMAT_FLAG_BGR); - - change &= PNG_BIC_MASK(PNG_FORMAT_FLAG_BGR); + if (do_local_background != 2) + png_set_swap_alpha(png_ptr); } -# endif -# ifdef PNG_FORMAT_AFIRST_SUPPORTED - if ((change & PNG_FORMAT_FLAG_AFIRST) != 0) - { - /* Only relevant if there is an alpha channel - it's particularly - * important to handle this correctly because do_local_compose may - * be set above and then libpng will keep the alpha channel for this - * code to remove. - */ - if ((format & PNG_FORMAT_FLAG_ALPHA) != 0) - { - /* Disable this if doing a local background, - * TODO: remove this when local background is no longer required. - */ - if (do_local_background != 2) - png_set_swap_alpha(png_ptr); - } + else + format &= PNG_BIC_MASK(PNG_FORMAT_FLAG_AFIRST); - else - format &= PNG_BIC_MASK(PNG_FORMAT_FLAG_AFIRST); - - change &= PNG_BIC_MASK(PNG_FORMAT_FLAG_AFIRST); - } -# endif + change &= PNG_BIC_MASK(PNG_FORMAT_FLAG_AFIRST); + } +# endif /* If the *output* is 16-bit then we need to check for a byte-swap on this * architecture. @@ -4039,16 +4039,16 @@ png_image_read_direct(png_voidp argument) default: impossible("unexpected bit depth"); break; } -# ifdef PNG_FORMAT_AFIRST_SUPPORTED - if (do_local_background == 2) - { - /* do_local_background should be handling the swap: */ - affirm(!(out_format & PNG_FORMAT_FLAG_AFIRST)); +# ifdef PNG_FORMAT_AFIRST_SUPPORTED + if (do_local_background == 2) + { + /* do_local_background should be handling the swap: */ + affirm(!(out_format & PNG_FORMAT_FLAG_AFIRST)); - if ((format & PNG_FORMAT_FLAG_AFIRST) != 0) - out_format |= PNG_FORMAT_FLAG_AFIRST; - } -# endif + if ((format & PNG_FORMAT_FLAG_AFIRST) != 0) + out_format |= PNG_FORMAT_FLAG_AFIRST; + } +# endif /* This is actually an internal error. */ affirm(out_format == format /* else unimplemented transformations */);