From c0fc0dfc45137c6da4082da2846c6f69c14d5114 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Wed, 13 Oct 2010 07:14:12 -0500 Subject: [PATCH] [master] Check for out-of-range text compression mode in png_set_text(). --- ANNOUNCE | 7 ++++--- CHANGES | 5 +++-- pngset.c | 9 ++++++++- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 35ce27188..62dad4aa8 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.4.5beta04 - October 8, 2010 +Libpng 1.4.5beta04 - October 13, 2010 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -38,9 +38,10 @@ version 1.4.5beta02 [October 5, 2010] version 1.4.5beta03 [October 8, 2010] Wrapped long lines in CMakeLists.txt and introduced ${libpng_public_hdrs} - Undid Makefile revision of 1.4.5beta02. + Undid Makefile.am revision of 1.4.5beta02. -version 1.4.5beta04 [October 8, 2010] +version 1.4.5beta04 [October 13, 2010] + Check for out-of-range text compression mode in png_set_text(). Send comments/corrections/commendations to glennrp at users.sourceforge.net or to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index b8cef2119..ddaf2db47 100644 --- a/CHANGES +++ b/CHANGES @@ -2692,9 +2692,10 @@ version 1.4.5beta02 [October 5, 2010] version 1.4.5beta03 [October 8, 2010] Wrapped long lines in CMakeLists.txt and introduced ${libpng_public_hdrs} - Undid Makefile revision of 1.4.5beta02. + Undid Makefile.am revision of 1.4.5beta02. -version 1.4.5beta04 [October 8, 2010] +version 1.4.5beta04 [October 13, 2010] + Check for out-of-range text compression mode in png_set_text(). Send comments/corrections/commendations to glennrp at users.sourceforge.net or to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngset.c b/pngset.c index 1f972c4ed..dad70661f 100644 --- a/pngset.c +++ b/pngset.c @@ -1,7 +1,7 @@ /* pngset.c - storage of image information into info struct * - * Last changed in libpng 1.4.1 [February 25, 2010] + * Last changed in libpng 1.4.5 [October 13, 2010] * Copyright (c) 1998-2010 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -690,6 +690,13 @@ png_set_text_2(png_structp png_ptr, png_infop info_ptr, png_textp text_ptr, if (text_ptr[i].key == NULL) continue; + if (text_ptr[i].compression < PNG_TEXT_COMPRESSION_NONE || + text_ptr[i].compression >= PNG_TEXT_COMPRESSION_LAST) + { + png_warning(png_ptr, "text compression mode is out of range"); + continue; + } + key_len = png_strlen(text_ptr[i].key); if (text_ptr[i].compression <= 0)