diff --git a/ANNOUNCE b/ANNOUNCE index 3cbe5a926..8b510abf1 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.32 - August 24, 2017 +Libpng 1.6.33 - September 28, 2017 This is a public release of libpng, intended for use in production codes. @@ -7,79 +7,53 @@ Files available for download: Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.6.32.tar.xz (LZMA-compressed, recommended) - libpng-1.6.32.tar.gz + libpng-1.6.33.tar.xz (LZMA-compressed, recommended) + libpng-1.6.33.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script - lpng1632.7z (LZMA-compressed, recommended) - lpng1632.zip + lpng1633.7z (LZMA-compressed, recommended) + lpng1633.zip Other information: - libpng-1.6.32-README.txt - libpng-1.6.32-LICENSE.txt - libpng-1.6.32-*.asc (armored detached GPG signatures) + libpng-1.6.33-README.txt + libpng-1.6.33-LICENSE.txt + libpng-1.6.33-*.asc (armored detached GPG signatures) -Changes since the last public release (1.6.31): - Avoid possible NULL dereference in png_handle_eXIf when benign_errors - are allowed. Avoid leaking the input buffer "eXIf_buf". - Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif - to arguments for png_get_eXIf() and png_set_eXIf(). - Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in - pngwrite.c, and made various other fixes to png_write_eXIf(). - Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and - png_set_eXIf_1(), respectively, to avoid breaking API compatibility - with libpng-1.6.31. - Updated contrib/libtests/pngunknown.c with eXIf chunk. - Initialized btoa[] in pngstest.c - Stop memory leak when returning from png_handle_eXIf() with an error - (Bug report from the OSS-fuzz project). - Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). - Update libpng.3 and libpng-manual.txt about eXIf functions. - Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. - Removed png_get_eXIf_1() and png_set_eXIf_1(). - Check length of all chunks except IDAT against user limit to fix an - OSS-fuzz issue. - Check length of IDAT against maximum possible IDAT size, accounting - for height, rowbytes, interlacing and zlib/deflate overhead. - Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) - does not work (the eXIf chunk data can contain zeroes). - Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation, - no longer using deprecated cmake LOCATION feature (Clifford Yapp). - Fixed five-byte error in the calculation of IDAT maximum possible size. - Moved chunk-length check into a png_check_chunk_length() private - function (Suggested by Max Stepin). - Moved bad pngs from tests to contrib/libtests/crashers - Moved testing of bad pngs into a separate tests/pngtest-badpngs script - Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL - in the output but PASS for the libpng test. - Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp). - Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the - num_exif argument to png_get_eXIf_1() (Github Issue 171). - Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). - Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. - Make pngtest --strict, --relax, --xfail options imply -m (multiple). - Removed unused chunk_name parameter from png_check_chunk_length(). - Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. - Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. - Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. - Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. - Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account - for the minimum 'deflate' stream, and relocate the test to a point - after the keyword has been read. - Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". - Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, - one for each known chunk type, with length = 2GB-1. - Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts - in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, - and 162707). - Renamed chunks in contrib/testpngs/crashers to avoid having files whose - names differ only in case; this causes problems with some platforms - (github issue #172). - Added contrib/oss-fuzz directory which contains files used by the oss-fuzz - project (https://github.com/google/oss-fuzz/tree/master/projects/libpng). +Changes since the last public release (1.6.32): + Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing + parenthesis in contrib/pngminus/pnm2png.c (bug report by Christian Hesse). + Fixed off-by-one error in png_do_check_palette_indexes() (Bug report + by Mick P., Source Forge Issue #269). + Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc + to fix shortlived oss-fuzz issue 3234. + Compute a larger limit on IDAT because some applications write a deflate + buffer for each row (Bug report by Andrew Church). + Use current date (DATE) instead of release-date (RDATE) in last + changed date of contrib/oss-fuzz files. + Enabled ARM support in CMakeLists.txt (Bernd Kuhls). + Fixed incorrect typecast of some arguments to png_malloc() and + png_calloc() that were png_uint_32 instead of png_alloc_size_t + (Bug report by "irwir" in Github libpng issue #175). + Use pnglibconf.h.prebuilt when building for ANDROID with cmake (Github + issue 162, by rcdailey). + Initialize memory allocated by png_inflate to zero, using memset, to + stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() + due to truncated iTXt or zTXt chunk. + Initialize memory allocated by png_read_buffer to zero, using memset, to + stop an oss-fuzz "use of uninitialized value" detection in + png_icc_check_tag_table() due to truncated iCCP chunk. + Removed a redundant test (suggested by "irwir" in Github issue #180). + Added an interlaced version of each file in contrib/pngsuite. + Relocate new memset() call in pngrutil.c. + Removed more redundant tests (suggested by "irwir" in Github issue #180). + Add support for loading images with associated alpha in the Simplified + API (Samuel Williams). + Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state. + Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc + Add end_info structure and png_read_end() to the libpng fuzzer. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 14e60dd26..4238bf088 100644 --- a/CHANGES +++ b/CHANGES @@ -833,7 +833,7 @@ Version 1.0.7beta11 [May 7, 2000] Removed the new PNG_CREATED_READ_STRUCT and PNG_CREATED_WRITE_STRUCT modes which are no longer used. Eliminated the three new members of png_text when PNG_LEGACY_SUPPORTED is - defined or when neither PNG_READ_iTXt_SUPPORTED nor PNG_WRITE_iTXT_SUPPORTED + defined or when neither PNG_READ_iTXt_SUPPORTED nor PNG_WRITE_iTXt_SUPPORTED is defined. Made PNG_NO_READ|WRITE_iTXt the default setting, to avoid memory overrun when old applications fill the info_ptr->text structure directly. @@ -5939,7 +5939,7 @@ Version 1.6.32beta06 [August 2, 2017] Version 1.6.32beta07 [August 3, 2017] Check length of all chunks except IDAT against user limit to fix an - OSS-fuzz issue. + OSS-fuzz issue (Fixes CVE-2017-12652). Version 1.6.32beta08 [August 3, 2017] Check length of IDAT against maximum possible IDAT size, accounting @@ -5994,6 +5994,49 @@ Version 1.6.32rc02 [August 22, 2017] Version 1.6.32 [August 24, 2017] No changes. +Version 1.6.33beta01 [August 28, 2017] + Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing + parenthesis in contrib/pngminus/pnm2png.c (bug report by Christian Hesse). + Fixed off-by-one error in png_do_check_palette_indexes() (Bug report + by Mick P., Source Forge Issue #269). + +Version 1.6.33beta02 [September 3, 2017] + Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc + to fix shortlived oss-fuzz issue 3234. + Compute a larger limit on IDAT because some applications write a deflate + buffer for each row (Bug report by Andrew Church). + Use current date (DATE) instead of release-date (RDATE) in last + changed date of contrib/oss-fuzz files. + Enabled ARM support in CMakeLists.txt (Bernd Kuhls). + +Version 1.6.33beta03 [September 14, 2017] + Fixed incorrect typecast of some arguments to png_malloc() and + png_calloc() that were png_uint_32 instead of png_alloc_size_t + (Bug report by "irwir" in Github libpng issue #175). + Use pnglibconf.h.prebuilt when building for ANDROID with cmake (Github + issue 162, by rcdailey). + +Version 1.6.33rc01 [September 20, 2017] + Initialize memory allocated by png_inflate to zero, using memset, to + stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() + due to truncated iTXt or zTXt chunk. + Initialize memory allocated by png_read_buffer to zero, using memset, to + stop an oss-fuzz "use of uninitialized value" detection in + png_icc_check_tag_table() due to truncated iCCP chunk. + Removed a redundant test (suggested by "irwir" in Github issue #180). + +Version 1.6.33rc02 [September 23, 2017] + Added an interlaced version of each file in contrib/pngsuite. + Relocate new memset() call in pngrutil.c. + Removed more redundant tests (suggested by "irwir" in Github issue #180). + Add support for loading images with associated alpha in the Simplified + API (Samuel Williams). + +Version 1.6.33 [September 28, 2017] + Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state. + Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc + Add end_info structure and png_read_end() to the libpng fuzzer. + Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement diff --git a/CMakeLists.txt b/CMakeLists.txt index 7a51f0064..4fcbc3588 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -31,12 +31,12 @@ endif(POLICY CMP0054) set(CMAKE_CONFIGURATION_TYPES "Release;Debug;MinSizeRel;RelWithDebInfo") -project(libpng C) +project(libpng ASM C) enable_testing() set(PNGLIB_MAJOR 1) set(PNGLIB_MINOR 6) -set(PNGLIB_RELEASE 32) +set(PNGLIB_RELEASE 33) set(PNGLIB_NAME libpng${PNGLIB_MAJOR}${PNGLIB_MINOR}) set(PNGLIB_VERSION ${PNGLIB_MAJOR}.${PNGLIB_MINOR}.${PNGLIB_RELEASE}) @@ -262,7 +262,7 @@ find_program(AWK NAMES gawk awk) include_directories(${CMAKE_CURRENT_BINARY_DIR}) -if(NOT AWK) +if(NOT AWK OR ANDROID) # No awk available to generate sources; use pre-built pnglibconf.h configure_file(${CMAKE_CURRENT_SOURCE_DIR}/scripts/pnglibconf.h.prebuilt ${CMAKE_CURRENT_BINARY_DIR}/pnglibconf.h) @@ -441,7 +441,7 @@ else() "${CMAKE_CURRENT_BINARY_DIR}/scripts/symbols.chk" "${CMAKE_CURRENT_BINARY_DIR}/scripts/symbols.out" "${CMAKE_CURRENT_BINARY_DIR}/scripts/vers.out") -endif(NOT AWK) +endif(NOT AWK OR ANDROID) # OUR SOURCES set(libpng_public_hdrs @@ -455,7 +455,7 @@ set(libpng_private_hdrs pnginfo.h pngstruct.h ) -if(AWK) +if(AWK AND NOT ANDROID) list(APPEND libpng_private_hdrs "${CMAKE_CURRENT_BINARY_DIR}/pngprefix.h") endif() set(libpng_sources @@ -844,7 +844,7 @@ endif(NOT WIN32 OR CYGWIN OR MINGW) # SET UP LINKS if(PNG_SHARED) set_target_properties(png PROPERTIES -# VERSION 16.${PNGLIB_RELEASE}.1.6.32 +# VERSION 16.${PNGLIB_RELEASE}.1.6.33 VERSION 16.${PNGLIB_RELEASE}.0 SOVERSION 16 CLEAN_DIRECT_OUTPUT 1) diff --git a/LICENSE b/LICENSE index e803911d3..57c366fee 100644 --- a/LICENSE +++ b/LICENSE @@ -10,7 +10,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.0.7, July 1, 2000 through 1.6.32, August 24, 2017 are +libpng versions 1.0.7, July 1, 2000 through 1.6.33, September 28, 2017 are Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are derived from libpng-1.0.6, and are distributed according to the same disclaimer and license as libpng-1.0.6 with the following individuals @@ -130,4 +130,4 @@ any encryption software. See the EAR, paragraphs 734.3(b)(3) and Glenn Randers-Pehrson glennrp at users.sourceforge.net -April 1, 2017 +September 28, 2017 diff --git a/README b/README index 71292715e..0f03aa6e4 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -README for libpng version 1.6.32 - August 24, 2017 (shared library 16.0) +README for libpng version 1.6.33 - September 28, 2017 (shared library 16.0) See the note about version numbers near the top of png.h See INSTALL for instructions on how to install libpng. diff --git a/configure.ac b/configure.ac index 4f0eed439..9bb505388 100644 --- a/configure.ac +++ b/configure.ac @@ -25,7 +25,7 @@ AC_PREREQ([2.68]) dnl Version number stuff here: -AC_INIT([libpng],[1.6.32],[png-mng-implement@lists.sourceforge.net]) +AC_INIT([libpng],[1.6.33],[png-mng-implement@lists.sourceforge.net]) AC_CONFIG_MACRO_DIR([scripts]) # libpng does not follow GNU file name conventions (hence 'foreign') @@ -46,10 +46,10 @@ dnl automake, so the following is not necessary (and is not defined anyway): dnl AM_PREREQ([1.11.2]) dnl stop configure from automagically running automake -PNGLIB_VERSION=1.6.32 +PNGLIB_VERSION=1.6.33 PNGLIB_MAJOR=1 PNGLIB_MINOR=6 -PNGLIB_RELEASE=32 +PNGLIB_RELEASE=33 dnl End of version number stuff diff --git a/contrib/oss-fuzz/Dockerfile b/contrib/oss-fuzz/Dockerfile new file mode 100644 index 000000000..7e4d1ebff --- /dev/null +++ b/contrib/oss-fuzz/Dockerfile @@ -0,0 +1,24 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER glennrp@gmail.com +RUN apt-get update && apt-get install -y make autoconf automake libtool zlib1g-dev + +RUN git clone --depth 1 https://github.com/glennrp/libpng.git +RUN (cd libpng; git log | head -1) +WORKDIR libpng +COPY build.sh $SRC/ diff --git a/contrib/oss-fuzz/README.txt b/contrib/oss-fuzz/README.txt index a75cba487..a2b673665 100644 --- a/contrib/oss-fuzz/README.txt +++ b/contrib/oss-fuzz/README.txt @@ -1,4 +1,4 @@ -Last changed in libpng 1.6.32 [August 24, 2017] +Last changed in libpng 1.6.33 [September 28, 2017] Copyright (c) 2017 Glenn Randers-Pehrson This code is released under the libpng license. @@ -13,7 +13,7 @@ They were licensed by Google Inc, using the BSD-like Chromium license, which may be found at https://cs.chromium.org/chromium/src/LICENSE, or, if noted in the source, under the Apache-2.0 license, which may be found at http://www.apache.org/licenses/LICENSE-2.0 . -If they have been modified, the derivatives are copyright Glenn Randers-Pehson +If they have been modified, the derivatives are copyright Glenn Randers-Pehrson and are released under the same licenses as the originals. Several of the original files (libpng_read_fuzzer.options, png.dict, project.yaml) had no licensing information; we assumed that these were under the Chromium @@ -23,10 +23,15 @@ The files are Original Filename or derived Copyright License ========================= ========== ================ ========== - build.sh derived 2017, Glenn R-P Apache 2.0 + Dockerfile* derived 2017, Glenn R-P Apache 2.0 + build.sh* derived 2017, Glenn R-P Apache 2.0 libpng_read_fuzzer.cc derived 2017, Glenn R-P Chromium libpng_read_fuzzer.options original 2015, Chrome Devs Chromium png.dict original 2015, Chrome Devs Chromium - README.txt (this file) original 2017, GLenn R-P libpng + README.txt (this file) original 2017, Glenn R-P libpng -To do: exercise the progressive reader. + * Dockerfile and build.sh are copies of the files used by oss-fuzz. + png.dict and libpng_read_fuzzer.* are the actual files used by oss-fuzz, + which retrieves them from the libpng repository at Github. + +To do: exercise the progressive reader and the png encoder. diff --git a/contrib/oss-fuzz/build.sh b/contrib/oss-fuzz/build.sh index cf5a9dad5..d2137b13e 100755 --- a/contrib/oss-fuzz/build.sh +++ b/contrib/oss-fuzz/build.sh @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# Last changed in libpng 1.6.32 [August 24, 2017] +# Last changed in libpng 1.6.33 [September 28, 2017] # # Revisions by Glenn Randers-Pehson, 2017: # 1. Build only the library, not the tools (changed "make -j$(nproc) all" to @@ -38,10 +38,13 @@ make -j$(nproc) libpng16.la # build libpng_read_fuzzer. $CXX $CXXFLAGS -std=c++11 -I. \ - $SRC/libpng_read_fuzzer.cc -o $OUT/libpng_read_fuzzer \ + $SRC/libpng/contrib/oss-fuzz/libpng_read_fuzzer.cc \ + -o $OUT/libpng_read_fuzzer \ -lFuzzingEngine .libs/libpng16.a -lz # add seed corpus. -find $SRC/libpng/contrib/pngsuite -name "*.png" | xargs zip $OUT/libpng_read_fuzzer_seed_corpus.zip +find $SRC/libpng -name "*.png" | grep -v crashers | \ + xargs zip $OUT/libpng_read_fuzzer_seed_corpus.zip -cp $SRC/*.dict $SRC/*.options $OUT/ +cp $SRC/libpng/contrib/oss-fuzz/*.dict \ + $SRC/libpng/contrib/oss-fuzz/*.options $OUT/ diff --git a/contrib/oss-fuzz/libpng_read_fuzzer.cc b/contrib/oss-fuzz/libpng_read_fuzzer.cc index c1b16249d..78c7c9ff0 100644 --- a/contrib/oss-fuzz/libpng_read_fuzzer.cc +++ b/contrib/oss-fuzz/libpng_read_fuzzer.cc @@ -12,6 +12,7 @@ // 2. setting the option to ignore ADLER32 checksums, // 3. adding "#include " which is needed on some platforms // to provide memcpy(). +// 4. adding read_end_info() and creating an end_info structure. #include #include @@ -23,14 +24,23 @@ #include "png.h" #define PNG_CLEANUP \ - if(png_handler.png_ptr) \ - { \ - if (png_handler.info_ptr) \ - png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr,\ - nullptr); \ - else \ - png_destroy_read_struct(&png_handler.png_ptr, nullptr, nullptr); \ - } + if(png_handler.png_ptr) \ + { \ + if (png_handler.row_ptr) \ + png_free(png_handler.png_ptr, png_handler.row_ptr); \ + if (png_handler.end_info_ptr) \ + png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr,\ + &png_handler.end_info_ptr); \ + else if (png_handler.info_ptr) \ + png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr,\ + nullptr); \ + else \ + png_destroy_read_struct(&png_handler.png_ptr, nullptr, nullptr); \ + png_handler.png_ptr = nullptr; \ + png_handler.row_ptr = nullptr; \ + png_handler.info_ptr = nullptr; \ + png_handler.end_info_ptr = nullptr; \ + } struct BufState { const uint8_t* data; @@ -40,16 +50,19 @@ struct BufState { struct PngObjectHandler { png_infop info_ptr = nullptr; png_structp png_ptr = nullptr; + png_infop end_info_ptr = nullptr; png_voidp row_ptr = nullptr; BufState* buf_state = nullptr; ~PngObjectHandler() { - if (row_ptr && png_ptr) { + if (row_ptr) png_free(png_ptr, row_ptr); - } - if (png_ptr && info_ptr) { + if (end_info_ptr) + png_destroy_read_struct(&png_ptr, &info_ptr, &end_info_ptr); + else if (info_ptr) png_destroy_read_struct(&png_ptr, &info_ptr, nullptr); - } + else + png_destroy_read_struct(&png_ptr, nullptr, nullptr); delete buf_state; } }; @@ -81,6 +94,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { } PngObjectHandler png_handler; + png_handler.png_ptr = nullptr; + png_handler.row_ptr = nullptr; + png_handler.info_ptr = nullptr; + png_handler.end_info_ptr = nullptr; + png_handler.png_ptr = png_create_read_struct (PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr); if (!png_handler.png_ptr) { @@ -93,6 +111,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { return 0; } + png_handler.end_info_ptr = png_create_info_struct(png_handler.png_ptr); + if (!png_handler.end_info_ptr) { + PNG_CLEANUP + return 0; + } + png_set_crc_action(png_handler.png_ptr, PNG_CRC_QUIET_USE, PNG_CRC_QUIET_USE); #ifdef PNG_IGNORE_ADLER32 png_set_option(png_handler.png_ptr, PNG_IGNORE_ADLER32, PNG_OPTION_ON); @@ -149,6 +173,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { } } + png_read_end(png_handler.png_ptr, png_handler.end_info_ptr); + PNG_CLEANUP return 0; } diff --git a/contrib/oss-fuzz/newcc b/contrib/oss-fuzz/newcc new file mode 100644 index 000000000..0fc9e206c --- /dev/null +++ b/contrib/oss-fuzz/newcc @@ -0,0 +1,190 @@ + +// libpng_read_fuzzer.cc +// Copyright 2017 Glenn Randers-Pehrson +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that may +// be found in the LICENSE file https://cs.chromium.org/chromium/src/LICENSE + +// Last changed in libpng 1.6.33beta03 [September 27, 2017] + +// The modifications in 2017 by Glenn Randers-Pehrson include +// 1. addition of a PNG_CLEANUP macro, +// 2. setting the option to ignore ADLER32 checksums, +// 3. adding "#include " which is needed on some platforms +// to provide memcpy(). +// 4. adding read_end_info() and creating an end_info structure. + +#include +#include +#include + +#include + +#define PNG_INTERNAL +#include "png.h" + +struct BufState { + const uint8_t* data; + size_t bytes_left; +}; + +struct PngObjectHandler { + png_infop info_ptr = nullptr; + png_structp png_ptr = nullptr; + png_infop end_info_ptr = nullptr; + png_voidp row_ptr = nullptr; + BufState* buf_state = nullptr; + + ~PngObjectHandler() { + if (row_ptr) + png_free(png_ptr, row_ptr); + if (end_info_ptr) + png_destroy_read_struct(&png_ptr, &info_ptr, &end_info_ptr); + else if (info_ptr) + png_destroy_read_struct(&png_ptr, &info_ptr, nullptr); + else + png_destroy_read_struct(&png_ptr, nullptr, nullptr); + delete buf_state; + } +}; + +void user_read_data(png_structp png_ptr, png_bytep data, png_size_t length) { + BufState* buf_state = static_cast(png_get_io_ptr(png_ptr)); + if (length > buf_state->bytes_left) { + png_error(png_ptr, "read error"); + } + memcpy(data, buf_state->data, length); + buf_state->bytes_left -= length; + buf_state->data += length; +} + +static const int kPngHeaderSize = 8; + +// Entry point for LibFuzzer. +// Roughly follows the libpng book example: +// http://www.libpng.org/pub/png/book/chapter13.html + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + if (size < kPngHeaderSize) { + return 0; + } + + std::vector v(data, data + size); + if (png_sig_cmp(v.data(), 0, kPngHeaderSize)) { + // not a PNG. + return 0; + } + + PngObjectHandler png_handler; + png_handler.png_ptr = nullptr; + png_handler.row_ptr = nullptr; + png_handler.info_ptr = nullptr; + png_handler.end_info_ptr = nullptr; + + png_handler.png_ptr = png_create_read_struct + (PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr); + if (!png_handler.png_ptr) { + return 0; + } + +#define PNG_CLEANUP \ + if(png_handler.png_ptr) \ + { \ + if (png_handler.row_ptr) \ + png_free(png_handler.png_ptr, png_handler.row_ptr); \ + if (png_handler.end_info_ptr) \ + png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr,\ + &png_handler.end_info_ptr); \ + else if (png_handler.info_ptr) \ + png_destroy_read_struct(&png_handler.png_ptr, &png_handler.info_ptr,\ + nullptr); \ + else \ + png_destroy_read_struct(&png_handler.png_ptr, nullptr, nullptr); \ + png_handler.png_ptr = nullptr; \ + png_handler.row_ptr = nullptr; \ + png_handler.info_ptr = nullptr; \ + png_handler.end_info_ptr = nullptr; \ + } + + png_handler.info_ptr = png_create_info_struct(png_handler.png_ptr); + if (!png_handler.info_ptr) { + PNG_CLEANUP + return 0; + } + + png_handler.end_info_ptr = png_create_info_struct(png_handler.png_ptr); + if (!png_handler.end_info_ptr) { + PNG_CLEANUP + return 0; + } + + /* Treat benign errors as warnings */ + png_set_benign_errors(png_handler.png_ptr, 1); + + png_set_crc_action(png_handler.png_ptr, PNG_CRC_QUIET_USE, PNG_CRC_QUIET_USE); + +#ifdef PNG_IGNORE_ADLER32 + png_set_option(png_handler.png_ptr, PNG_IGNORE_ADLER32, PNG_OPTION_ON); +#endif + + // Setting up reading from buffer. + png_handler.buf_state = new BufState(); + png_handler.buf_state->data = data + kPngHeaderSize; + png_handler.buf_state->bytes_left = size - kPngHeaderSize; + png_set_read_fn(png_handler.png_ptr, png_handler.buf_state, user_read_data); + png_set_sig_bytes(png_handler.png_ptr, kPngHeaderSize); + + if (setjmp(png_jmpbuf(png_handler.png_ptr))) { + PNG_CLEANUP + return 0; + } + + // Reading. + png_read_info(png_handler.png_ptr, png_handler.info_ptr); + png_read_update_info(png_handler.png_ptr, png_handler.info_ptr); + png_handler.row_ptr = png_malloc( + png_handler.png_ptr, png_get_rowbytes(png_handler.png_ptr, + png_handler.info_ptr)); + + // reset error handler to put png_deleter into scope. + if (setjmp(png_jmpbuf(png_handler.png_ptr))) { + PNG_CLEANUP + return 0; + } + + png_uint_32 width, height; + int bit_depth, color_type, interlace_type, compression_type; + int filter_type; + + if (!png_get_IHDR(png_handler.png_ptr, png_handler.info_ptr, &width, + &height, &bit_depth, &color_type, &interlace_type, + &compression_type, &filter_type)) { + PNG_CLEANUP + return 0; + } + + // This is going to be too slow. + if (width && height > 100000000 / width) { + PNG_CLEANUP + return 0; + } + + int passes = png_set_interlace_handling(png_handler.png_ptr); + png_start_read_image(png_handler.png_ptr); + + /* To do: prevent the optimizer from removing this code entirely */ + for (int pass = 0; pass < passes; ++pass) { + for (png_uint_32 y = 0; y < height; ++y) { + png_read_row(png_handler.png_ptr, + static_cast(png_handler.row_ptr), nullptr); + } + } + + png_read_end(png_handler.png_ptr, png_handler.end_info_ptr); + + PNG_CLEANUP + + /* TO do: exercise the progressive reader here */ + + return 0; +} diff --git a/contrib/pngminus/png2pnm.c b/contrib/pngminus/png2pnm.c index 39a9f4673..1420a783b 100644 --- a/contrib/pngminus/png2pnm.c +++ b/contrib/pngminus/png2pnm.c @@ -5,7 +5,8 @@ * version 1.0 - 1999.10.15 - First version. * 1.1 - 2017.04.22 - Add buffer-size check (Glenn Randers-Pehrson) * 1.2 - 2017.08.24 - Fix potential overflow in buffer-size check - (Glenn Randers-Pehrson) + * (Glenn Randers-Pehrson) + * 1.3 - 2017.08.28 - Add PNGMINUS_UNUSED (Christian Hesse) * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, @@ -44,6 +45,7 @@ #define PNG_DEBUG 0 #endif + #include "png.h" /* Define png_jmpbuf() in case we are using a pre-1.0.6 version of libpng */ @@ -51,6 +53,14 @@ # define png_jmpbuf(png_ptr) ((png_ptr)->jmpbuf) #endif +#ifndef PNGMINUS_UNUSED +/* Unused formal parameter warnings are silenced using the following macro + * which is expected to have no bad effects on performance (optimizing + * compilers will probably remove it entirely). + */ +# define PNGMINUS_UNUSED(param) (void)param +#endif + /* function prototypes */ int main (int argc, char *argv[]); @@ -443,7 +453,7 @@ BOOL png2pnm (FILE *png_file, FILE *pnm_file, FILE *alpha_file, if (png_pixels != (unsigned char*) NULL) free (png_pixels); - PNG_UNUSED(raw) /* to quiet a Coverity defect */ + PNGMINUS_UNUSED(raw); /* to quiet a Coverity defect */ return TRUE; } /* end of source */ diff --git a/contrib/pngminus/pnm2png.c b/contrib/pngminus/pnm2png.c index 1b550b8cf..0d2caef96 100644 --- a/contrib/pngminus/pnm2png.c +++ b/contrib/pngminus/pnm2png.c @@ -7,6 +7,7 @@ * version 1.2 - 2017.04.22 - Add buffer-size check * 1.3 - 2017.08.24 - Fix potential overflow in buffer-size check * (Glenn Randers-Pehrson) + * 1.4 - 2017.08.28 - Add PNGMINUS_UNUSED (Christian Hesse) * * Permission to use, copy, modify, and distribute this software and * its documentation for any purpose and without fee is hereby granted, @@ -50,6 +51,15 @@ # define png_jmpbuf(png_ptr) ((png_ptr)->jmpbuf) #endif +#ifndef PNGMINUS_UNUSED +/* Unused formal parameter warnings are silenced using the following macro + * which is expected to have no bad effects on performance (optimizing + * compilers will probably remove it entirely). + */ +# define PNGMINUS_UNUSED(param) (void)param +#endif + + /* function prototypes */ int main (int argc, char *argv[]); @@ -376,13 +386,13 @@ BOOL pnm2png (FILE *pnm_file, FILE *png_file, FILE *alpha_file, BOOL interlace, /* row_bytes is the width x number of channels x (bit-depth / 8) */ row_bytes = width * channels * ((bit_depth <= 8) ? 1 : 2); - if ((row_bytes == 0 || (size_t)height > ((size_t)(-1))/(size_t)row_bytes) + if ((row_bytes == 0 || (size_t)height > ((size_t)(-1))/(size_t)row_bytes)) { /* too big */ return FALSE; } if ((png_pixels = (png_byte *) - malloc (row_bytes * height * sizeof (png_byte))) == NULL) + malloc ((size_t)row_bytes * (size_t)height * sizeof (png_byte))) == NULL) return FALSE; /* read data from PNM file */ @@ -513,7 +523,7 @@ BOOL pnm2png (FILE *pnm_file, FILE *png_file, FILE *alpha_file, BOOL interlace, if (png_pixels != (unsigned char*) NULL) free (png_pixels); - PNG_UNUSED(raw) /* Quiet a Coverity defect */ + PNGMINUS_UNUSED(raw); /* Quiet a Coverity defect */ return TRUE; } /* end of pnm2png */ diff --git a/contrib/pngsuite/README b/contrib/pngsuite/README index 53ba5c8f7..930aeae03 100644 --- a/contrib/pngsuite/README +++ b/contrib/pngsuite/README @@ -16,6 +16,8 @@ chunks, etc. The "ft*.png" images are "free/libre" replacements for the transparent corresponding t*.png images in the PngSuite. +The "i*.png" images are the same complete set, but interlaced. + The images in this directory represent the basic PNG color-types: grayscale (1-16 bit deep), full color (8 or 16 bit), paletted (1-8 bit) and grayscale or color images with alpha channel. You diff --git a/contrib/pngsuite/ibasn0g01.png b/contrib/pngsuite/ibasn0g01.png new file mode 100644 index 000000000..828fa7603 Binary files /dev/null and b/contrib/pngsuite/ibasn0g01.png differ diff --git a/contrib/pngsuite/ibasn0g02.png b/contrib/pngsuite/ibasn0g02.png new file mode 100644 index 000000000..7fc17e3a1 Binary files /dev/null and b/contrib/pngsuite/ibasn0g02.png differ diff --git a/contrib/pngsuite/ibasn0g04.png b/contrib/pngsuite/ibasn0g04.png new file mode 100644 index 000000000..1beade28f Binary files /dev/null and b/contrib/pngsuite/ibasn0g04.png differ diff --git a/contrib/pngsuite/ibasn0g08.png b/contrib/pngsuite/ibasn0g08.png new file mode 100644 index 000000000..90b5305e6 Binary files /dev/null and b/contrib/pngsuite/ibasn0g08.png differ diff --git a/contrib/pngsuite/ibasn0g16.png b/contrib/pngsuite/ibasn0g16.png new file mode 100644 index 000000000..c82f230ee Binary files /dev/null and b/contrib/pngsuite/ibasn0g16.png differ diff --git a/contrib/pngsuite/ibasn2c08.png b/contrib/pngsuite/ibasn2c08.png new file mode 100644 index 000000000..05d468885 Binary files /dev/null and b/contrib/pngsuite/ibasn2c08.png differ diff --git a/contrib/pngsuite/ibasn2c16.png b/contrib/pngsuite/ibasn2c16.png new file mode 100644 index 000000000..399f1be5e Binary files /dev/null and b/contrib/pngsuite/ibasn2c16.png differ diff --git a/contrib/pngsuite/ibasn3p01.png b/contrib/pngsuite/ibasn3p01.png new file mode 100644 index 000000000..f91e7233e Binary files /dev/null and b/contrib/pngsuite/ibasn3p01.png differ diff --git a/contrib/pngsuite/ibasn3p02.png b/contrib/pngsuite/ibasn3p02.png new file mode 100644 index 000000000..0f9ce76e6 Binary files /dev/null and b/contrib/pngsuite/ibasn3p02.png differ diff --git a/contrib/pngsuite/ibasn3p04.png b/contrib/pngsuite/ibasn3p04.png new file mode 100644 index 000000000..b2ca72074 Binary files /dev/null and b/contrib/pngsuite/ibasn3p04.png differ diff --git a/contrib/pngsuite/ibasn3p08.png b/contrib/pngsuite/ibasn3p08.png new file mode 100644 index 000000000..6df8370aa Binary files /dev/null and b/contrib/pngsuite/ibasn3p08.png differ diff --git a/contrib/pngsuite/ibasn4a08.png b/contrib/pngsuite/ibasn4a08.png new file mode 100644 index 000000000..bda8e3c65 Binary files /dev/null and b/contrib/pngsuite/ibasn4a08.png differ diff --git a/contrib/pngsuite/ibasn4a16.png b/contrib/pngsuite/ibasn4a16.png new file mode 100644 index 000000000..500f9128e Binary files /dev/null and b/contrib/pngsuite/ibasn4a16.png differ diff --git a/contrib/pngsuite/ibasn6a08.png b/contrib/pngsuite/ibasn6a08.png new file mode 100644 index 000000000..258f94050 Binary files /dev/null and b/contrib/pngsuite/ibasn6a08.png differ diff --git a/contrib/pngsuite/ibasn6a16.png b/contrib/pngsuite/ibasn6a16.png new file mode 100644 index 000000000..e4de69fef Binary files /dev/null and b/contrib/pngsuite/ibasn6a16.png differ diff --git a/contrib/pngsuite/iftbbn0g01.png b/contrib/pngsuite/iftbbn0g01.png new file mode 100644 index 000000000..6eb27d10e Binary files /dev/null and b/contrib/pngsuite/iftbbn0g01.png differ diff --git a/contrib/pngsuite/iftbbn0g02.png b/contrib/pngsuite/iftbbn0g02.png new file mode 100644 index 000000000..46ba49777 Binary files /dev/null and b/contrib/pngsuite/iftbbn0g02.png differ diff --git a/contrib/pngsuite/iftbbn0g04.png b/contrib/pngsuite/iftbbn0g04.png new file mode 100644 index 000000000..e9db0ad50 Binary files /dev/null and b/contrib/pngsuite/iftbbn0g04.png differ diff --git a/contrib/pngsuite/iftbbn2c16.png b/contrib/pngsuite/iftbbn2c16.png new file mode 100644 index 000000000..64a9cdf2f Binary files /dev/null and b/contrib/pngsuite/iftbbn2c16.png differ diff --git a/contrib/pngsuite/iftbbn3p08.png b/contrib/pngsuite/iftbbn3p08.png new file mode 100644 index 000000000..47d6eeb3c Binary files /dev/null and b/contrib/pngsuite/iftbbn3p08.png differ diff --git a/contrib/pngsuite/iftbgn2c16.png b/contrib/pngsuite/iftbgn2c16.png new file mode 100644 index 000000000..64a9cdf2f Binary files /dev/null and b/contrib/pngsuite/iftbgn2c16.png differ diff --git a/contrib/pngsuite/iftbgn3p08.png b/contrib/pngsuite/iftbgn3p08.png new file mode 100644 index 000000000..47d6eeb3c Binary files /dev/null and b/contrib/pngsuite/iftbgn3p08.png differ diff --git a/contrib/pngsuite/iftbrn2c08.png b/contrib/pngsuite/iftbrn2c08.png new file mode 100644 index 000000000..08ebbae2c Binary files /dev/null and b/contrib/pngsuite/iftbrn2c08.png differ diff --git a/contrib/pngsuite/iftbwn0g16.png b/contrib/pngsuite/iftbwn0g16.png new file mode 100644 index 000000000..4b7537e30 Binary files /dev/null and b/contrib/pngsuite/iftbwn0g16.png differ diff --git a/contrib/pngsuite/iftbwn3p08.png b/contrib/pngsuite/iftbwn3p08.png new file mode 100644 index 000000000..47d6eeb3c Binary files /dev/null and b/contrib/pngsuite/iftbwn3p08.png differ diff --git a/contrib/pngsuite/iftbyn3p08.png b/contrib/pngsuite/iftbyn3p08.png new file mode 100644 index 000000000..47d6eeb3c Binary files /dev/null and b/contrib/pngsuite/iftbyn3p08.png differ diff --git a/contrib/pngsuite/iftp0n0g08.png b/contrib/pngsuite/iftp0n0g08.png new file mode 100644 index 000000000..aa826b863 Binary files /dev/null and b/contrib/pngsuite/iftp0n0g08.png differ diff --git a/contrib/pngsuite/iftp0n2c08.png b/contrib/pngsuite/iftp0n2c08.png new file mode 100644 index 000000000..b12bd0a7f Binary files /dev/null and b/contrib/pngsuite/iftp0n2c08.png differ diff --git a/contrib/pngsuite/iftp0n3p08.png b/contrib/pngsuite/iftp0n3p08.png new file mode 100644 index 000000000..37aa0cb0d Binary files /dev/null and b/contrib/pngsuite/iftp0n3p08.png differ diff --git a/contrib/pngsuite/iftp1n3p08.png b/contrib/pngsuite/iftp1n3p08.png new file mode 100644 index 000000000..47d6eeb3c Binary files /dev/null and b/contrib/pngsuite/iftp1n3p08.png differ diff --git a/libpng-manual.txt b/libpng-manual.txt index e34b1436f..d5cfe97cf 100644 --- a/libpng-manual.txt +++ b/libpng-manual.txt @@ -1,6 +1,6 @@ libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.6.32 - August 24, 2017 + libpng version 1.6.33 - September 28, 2017 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2017 Glenn Randers-Pehrson @@ -11,7 +11,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.6.32 - August 24, 2017 + libpng versions 0.97, January 1998, through 1.6.33 - September 28, 2017 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2017 Glenn Randers-Pehrson @@ -986,8 +986,17 @@ premultiplication. png_set_alpha_mode(pp, PNG_ALPHA_PNG, PNG_DEFAULT_sRGB); -This is the default libpng handling of the alpha channel - it is not -pre-multiplied into the color components. In addition the call states +Choices for the alpha_mode are + + PNG_ALPHA_PNG 0 /* according to the PNG standard */ + PNG_ALPHA_STANDARD 1 /* according to Porter/Duff */ + PNG_ALPHA_ASSOCIATED 1 /* as above; this is the normal practice */ + PNG_ALPHA_PREMULTIPLIED 1 /* as above */ + PNG_ALPHA_OPTIMIZED 2 /* 'PNG' for opaque pixels, else 'STANDARD' */ + PNG_ALPHA_BROKEN 3 /* the alpha channel is gamma encoded */ + +PNG_ALPHA_PNG is the default libpng handling of the alpha channel. It is not +pre-multiplied into the color components. In addition the call states that the output is for a sRGB system and causes all PNG files without gAMA chunks to be assumed to be encoded using sRGB. @@ -1002,7 +1011,7 @@ early Mac systems behaved. This is the classic Jim Blinn approach and will work in academic environments where everything is done by the book. It has the shortcoming of assuming that input PNG data with no gamma information is linear - this -is unlikely to be correct unless the PNG files where generated locally. +is unlikely to be correct unless the PNG files were generated locally. Most of the time the output precision will be so low as to show significant banding in dark areas of the image. @@ -5405,7 +5414,7 @@ Since the PNG Development group is an ad-hoc body, we can't make an official declaration. This is your unofficial assurance that libpng from version 0.71 and -upward through 1.6.32 are Y2K compliant. It is my belief that earlier +upward through 1.6.33 are Y2K compliant. It is my belief that earlier versions were also Y2K compliant. Libpng only has two year fields. One is a 2-byte unsigned integer diff --git a/libpng.3 b/libpng.3 index 899d8eacc..03f9282fe 100644 --- a/libpng.3 +++ b/libpng.3 @@ -1,6 +1,6 @@ -.TH LIBPNG 3 "August 24, 2017" +.TH LIBPNG 3 "September 28, 2017" .SH NAME -libpng \- Portable Network Graphics (PNG) Reference Library 1.6.32 +libpng \- Portable Network Graphics (PNG) Reference Library 1.6.33 .SH SYNOPSIS \fB #include \fP @@ -518,7 +518,7 @@ Following is a copy of the libpng-manual.txt file that accompanies libpng. .SH LIBPNG.TXT libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.6.32 - August 24, 2017 + libpng version 1.6.33 - September 28, 2017 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2017 Glenn Randers-Pehrson @@ -529,7 +529,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.6.32 - August 24, 2017 + libpng versions 0.97, January 1998, through 1.6.33 - September 28, 2017 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2017 Glenn Randers-Pehrson @@ -1504,8 +1504,17 @@ premultiplication. png_set_alpha_mode(pp, PNG_ALPHA_PNG, PNG_DEFAULT_sRGB); -This is the default libpng handling of the alpha channel - it is not -pre-multiplied into the color components. In addition the call states +Choices for the alpha_mode are + + PNG_ALPHA_PNG 0 /* according to the PNG standard */ + PNG_ALPHA_STANDARD 1 /* according to Porter/Duff */ + PNG_ALPHA_ASSOCIATED 1 /* as above; this is the normal practice */ + PNG_ALPHA_PREMULTIPLIED 1 /* as above */ + PNG_ALPHA_OPTIMIZED 2 /* 'PNG' for opaque pixels, else 'STANDARD' */ + PNG_ALPHA_BROKEN 3 /* the alpha channel is gamma encoded */ + +PNG_ALPHA_PNG is the default libpng handling of the alpha channel. It is not +pre-multiplied into the color components. In addition the call states that the output is for a sRGB system and causes all PNG files without gAMA chunks to be assumed to be encoded using sRGB. @@ -1520,7 +1529,7 @@ early Mac systems behaved. This is the classic Jim Blinn approach and will work in academic environments where everything is done by the book. It has the shortcoming of assuming that input PNG data with no gamma information is linear - this -is unlikely to be correct unless the PNG files where generated locally. +is unlikely to be correct unless the PNG files were generated locally. Most of the time the output precision will be so low as to show significant banding in dark areas of the image. @@ -5923,7 +5932,7 @@ Since the PNG Development group is an ad-hoc body, we can't make an official declaration. This is your unofficial assurance that libpng from version 0.71 and -upward through 1.6.32 are Y2K compliant. It is my belief that earlier +upward through 1.6.33 are Y2K compliant. It is my belief that earlier versions were also Y2K compliant. Libpng only has two year fields. One is a 2-byte unsigned integer @@ -6025,7 +6034,7 @@ the first widely used release: ... 1.5.28 15 10528 15.so.15.28[.0] ... - 1.6.32 16 10632 16.so.16.32[.0] + 1.6.33 16 10633 16.so.16.33[.0] Henceforth the source version will match the shared-library minor and patch numbers; the shared-library major version number will be @@ -6081,7 +6090,7 @@ possible without all of you. Thanks to Frank J. T. Wojcik for helping with the documentation. -Libpng version 1.6.32 - August 24, 2017: +Libpng version 1.6.33 - September 28, 2017: Initially created in 1995 by Guy Eric Schalnat, then of Group 42, Inc. Currently maintained by Glenn Randers-Pehrson (glennrp at users.sourceforge.net). @@ -6106,7 +6115,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.0.7, July 1, 2000 through 1.6.32, August 24, 2017 are +libpng versions 1.0.7, July 1, 2000 through 1.6.33, September 28, 2017 are Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are derived from libpng-1.0.6, and are distributed according to the same disclaimer and license as libpng-1.0.6 with the following individuals @@ -6234,7 +6243,7 @@ files "pngbar.png" and "pngbar.jpg (88x31) and "pngnow.png" (98x31). Glenn Randers-Pehrson glennrp at users.sourceforge.net -August 24, 2017 +September 28, 2017 .\" end of man page diff --git a/libpngpf.3 b/libpngpf.3 index ab84577e4..03b7f600f 100644 --- a/libpngpf.3 +++ b/libpngpf.3 @@ -1,6 +1,6 @@ .TH LIBPNGPF 3 "April 1, 2017" .SH NAME -libpng \- Portable Network Graphics (PNG) Reference Library 1.6.32 +libpng \- Portable Network Graphics (PNG) Reference Library 1.6.33 (private functions) .SH SYNOPSIS \fB\fB#include \fI\fI"pngpriv.h" diff --git a/png.c b/png.c index 2352df13c..55134729c 100644 --- a/png.c +++ b/png.c @@ -1,7 +1,7 @@ /* png.c - location for general purpose libpng functions * - * Last changed in libpng 1.6.32 [August 24, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -14,7 +14,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_32 Your_png_h_is_not_version_1_6_32; +typedef png_libpng_version_1_6_33 Your_png_h_is_not_version_1_6_33; #ifdef __GNUC__ /* The version tests may need to be added to, but the problem warning has @@ -816,14 +816,14 @@ png_get_copyright(png_const_structrp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.32 - August 24, 2017" PNG_STRING_NEWLINE \ + "libpng version 1.6.33 - September 28, 2017" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.6.32 - August 24, 2017\ + return "libpng version 1.6.33 - September 28, 2017\ Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; @@ -1913,12 +1913,12 @@ png_colorspace_set_sRGB(png_const_structrp png_ptr, png_colorspacerp colorspace, */ if (intent < 0 || intent >= PNG_sRGB_INTENT_LAST) return png_icc_profile_error(png_ptr, colorspace, "sRGB", - (unsigned)intent, "invalid sRGB rendering intent"); + (png_alloc_size_t)intent, "invalid sRGB rendering intent"); if ((colorspace->flags & PNG_COLORSPACE_HAVE_INTENT) != 0 && colorspace->rendering_intent != intent) return png_icc_profile_error(png_ptr, colorspace, "sRGB", - (unsigned)intent, "inconsistent rendering intents"); + (png_alloc_size_t)intent, "inconsistent rendering intents"); if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != 0) { @@ -1979,7 +1979,6 @@ icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace, if (profile_length < 132) return png_icc_profile_error(png_ptr, colorspace, name, profile_length, "too short"); - return 1; } @@ -2224,15 +2223,6 @@ png_icc_check_tag_table(png_const_structrp png_ptr, png_colorspacerp colorspace, * being in range. All defined tag types have an 8 byte header - a 4 byte * type signature then 0. */ - if ((tag_start & 3) != 0) - { - /* CNHP730S.icc shipped with Microsoft Windows 64 violates this, it is - * only a warning here because libpng does not care about the - * alignment. - */ - (void)png_icc_profile_error(png_ptr, NULL, name, tag_id, - "ICC profile tag start not a multiple of 4"); - } /* This is a hard error; potentially it can cause read outside the * profile. @@ -2240,6 +2230,16 @@ png_icc_check_tag_table(png_const_structrp png_ptr, png_colorspacerp colorspace, if (tag_start > profile_length || tag_length > profile_length - tag_start) return png_icc_profile_error(png_ptr, colorspace, name, tag_id, "ICC profile tag outside profile"); + + if ((tag_start & 3) != 0) + { + /* CNHP730S.icc shipped with Microsoft Windows 64 violates this; it is + * only a warning here because libpng does not care about the + * alignment. + */ + (void)png_icc_profile_error(png_ptr, NULL, name, tag_id, + "ICC profile tag start not a multiple of 4"); + } } return 1; /* success, maybe with warnings */ @@ -3761,7 +3761,7 @@ png_log16bit(png_uint_32 x) * of getting this accuracy in practice. * * To deal with this the following exp() function works out the exponent of the - * frational part of the logarithm by using an accurate 32-bit value from the + * fractional part of the logarithm by using an accurate 32-bit value from the * top four fractional bits then multiplying in the remaining bits. */ static const png_uint_32 diff --git a/png.h b/png.h index 51ac8abe7..a5f142b89 100644 --- a/png.h +++ b/png.h @@ -1,7 +1,7 @@ /* png.h - header file for PNG reference library * - * libpng version 1.6.32, August 24, 2017 + * libpng version 1.6.33, September 28, 2017 * * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) @@ -12,7 +12,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.6.32, August 24, 2017: + * libpng versions 0.97, January 1998, through 1.6.33, September 28, 2017: * Glenn Randers-Pehrson. * See also "Contributing Authors", below. */ @@ -25,7 +25,7 @@ * * This code is released under the libpng license. * - * libpng versions 1.0.7, July 1, 2000 through 1.6.32, August 24, 2017 are + * libpng versions 1.0.7, July 1, 2000 through 1.6.33, September 28, 2017 are * Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are * derived from libpng-1.0.6, and are distributed according to the same * disclaimer and license as libpng-1.0.6 with the following individuals @@ -213,7 +213,7 @@ * ... * 1.5.28 15 10527 15.so.15.28[.0] * ... - * 1.6.32 16 10632 16.so.16.32[.0] + * 1.6.33 16 10633 16.so.16.33[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be @@ -241,13 +241,13 @@ * Y2K compliance in libpng: * ========================= * - * August 24, 2017 + * September 28, 2017 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.6.32 are Y2K compliant. It is my belief that + * upward through 1.6.33 are Y2K compliant. It is my belief that * earlier versions were also Y2K compliant. * * Libpng only has two year fields. One is a 2-byte unsigned integer @@ -309,8 +309,8 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.32" -#define PNG_HEADER_VERSION_STRING " libpng version 1.6.32 - August 24, 2017\n" +#define PNG_LIBPNG_VER_STRING "1.6.33" +#define PNG_HEADER_VERSION_STRING " libpng version 1.6.33 - September 28, 2017\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -318,7 +318,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 6 -#define PNG_LIBPNG_VER_RELEASE 32 +#define PNG_LIBPNG_VER_RELEASE 33 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: @@ -349,7 +349,7 @@ * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10632 /* 1.6.32 */ +#define PNG_LIBPNG_VER 10633 /* 1.6.33 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -459,7 +459,7 @@ extern "C" { /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_6_32; +typedef char* png_libpng_version_1_6_33; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. * @@ -2819,6 +2819,8 @@ typedef struct # define PNG_FORMAT_FLAG_AFIRST 0x20U /* alpha channel comes first */ #endif +#define PNG_FORMAT_FLAG_ASSOCIATED_ALPHA 0x40U /* alpha channel is associated */ + /* Commonly used formats have predefined macros. * * First the single byte (sRGB) formats: diff --git a/pngconf.h b/pngconf.h index c0f15547b..e99e827dd 100644 --- a/pngconf.h +++ b/pngconf.h @@ -1,7 +1,7 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.6.32, August 24, 2017 + * libpng version 1.6.33, September 28, 2017 * * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) diff --git a/pngread.c b/pngread.c index e34ddd99a..da32e9ad9 100644 --- a/pngread.c +++ b/pngread.c @@ -1,7 +1,7 @@ /* pngread.c - read a PNG file * - * Last changed in libpng 1.6.32 [August 24, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -3759,7 +3759,13 @@ png_image_read_direct(png_voidp argument) mode = PNG_ALPHA_PNG; output_gamma = PNG_DEFAULT_sRGB; } - + + if ((change & PNG_FORMAT_FLAG_ASSOCIATED_ALPHA) != 0) + { + mode = PNG_ALPHA_OPTIMIZED; + change &= ~PNG_FORMAT_FLAG_ASSOCIATED_ALPHA; + } + /* If 'do_local_background' is set check for the presence of gamma * correction; this is part of the work-round for the libpng bug * described above. @@ -3985,6 +3991,10 @@ png_image_read_direct(png_voidp argument) else if (do_local_compose != 0) /* internal error */ png_error(png_ptr, "png_image_read: alpha channel lost"); + if ((format & PNG_FORMAT_FLAG_ASSOCIATED_ALPHA) != 0) { + info_format |= PNG_FORMAT_FLAG_ASSOCIATED_ALPHA; + } + if (info_ptr->bit_depth == 16) info_format |= PNG_FORMAT_FLAG_LINEAR; diff --git a/pngrtran.c b/pngrtran.c index 9a30ddf22..c18965031 100644 --- a/pngrtran.c +++ b/pngrtran.c @@ -1,7 +1,7 @@ /* pngrtran.c - transforms the data in a row for PNG readers * - * Last changed in libpng 1.6.31 [July 27, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -430,7 +430,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, int i; png_ptr->quantize_index = (png_bytep)png_malloc(png_ptr, - (png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); + (png_alloc_size_t)((png_uint_32)num_palette * (sizeof (png_byte)))); for (i = 0; i < num_palette; i++) png_ptr->quantize_index[i] = (png_byte)i; } @@ -447,7 +447,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, /* Initialize an array to sort colors */ png_ptr->quantize_sort = (png_bytep)png_malloc(png_ptr, - (png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); + (png_alloc_size_t)((png_uint_32)num_palette * (sizeof (png_byte)))); /* Initialize the quantize_sort array */ for (i = 0; i < num_palette; i++) @@ -581,9 +581,11 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, /* Initialize palette index arrays */ png_ptr->index_to_palette = (png_bytep)png_malloc(png_ptr, - (png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); + (png_alloc_size_t)((png_uint_32)num_palette * + (sizeof (png_byte)))); png_ptr->palette_to_index = (png_bytep)png_malloc(png_ptr, - (png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); + (png_alloc_size_t)((png_uint_32)num_palette * + (sizeof (png_byte)))); /* Initialize the sort array */ for (i = 0; i < num_palette; i++) @@ -592,7 +594,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, png_ptr->palette_to_index[i] = (png_byte)i; } - hash = (png_dsortpp)png_calloc(png_ptr, (png_uint_32)(769 * + hash = (png_dsortpp)png_calloc(png_ptr, (png_alloc_size_t)(769 * (sizeof (png_dsortp)))); num_new_palette = num_palette; @@ -623,7 +625,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, { t = (png_dsortp)png_malloc_warn(png_ptr, - (png_uint_32)(sizeof (png_dsort))); + (png_alloc_size_t)(sizeof (png_dsort))); if (t == NULL) break; @@ -748,9 +750,9 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, png_size_t num_entries = ((png_size_t)1 << total_bits); png_ptr->palette_lookup = (png_bytep)png_calloc(png_ptr, - (png_uint_32)(num_entries * (sizeof (png_byte)))); + (png_alloc_size_t)(num_entries * (sizeof (png_byte)))); - distance = (png_bytep)png_malloc(png_ptr, (png_uint_32)(num_entries * + distance = (png_bytep)png_malloc(png_ptr, (png_alloc_size_t)(num_entries * (sizeof (png_byte)))); memset(distance, 0xff, num_entries * (sizeof (png_byte))); @@ -3322,7 +3324,7 @@ png_do_compose(png_row_infop row_info, png_bytep row, png_structrp png_ptr) == png_ptr->trans_color.gray) { unsigned int tmp = *sp & (0x0f0f >> (4 - shift)); - tmp |= + tmp |= (unsigned int)(png_ptr->background.gray << shift); *sp = (png_byte)(tmp & 0xff); } diff --git a/pngrutil.c b/pngrutil.c index a4fa71457..8692933bd 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -1,7 +1,7 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.6.32 [August 24, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -314,6 +314,7 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn) if (buffer != NULL) { + memset(buffer, 0, new_size); /* just in case */ png_ptr->read_buffer = buffer; png_ptr->read_buffer_size = new_size; } @@ -673,6 +674,8 @@ png_decompress_chunk(png_structrp png_ptr, if (text != NULL) { + memset(text, 0, buffer_size); + ret = png_inflate(png_ptr, png_ptr->chunk_name, 1/*finish*/, png_ptr->read_buffer + prefix_size, &lzsize, text + prefix_size, newlength); @@ -736,9 +739,7 @@ png_decompress_chunk(png_structrp png_ptr, { /* inflateReset failed, store the error message */ png_zstream_error(png_ptr, ret); - - if (ret == Z_STREAM_END) - ret = PNG_UNEXPECTED_ZLIB_RETURN; + ret = PNG_UNEXPECTED_ZLIB_RETURN; } } @@ -1476,7 +1477,7 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) /* Now read the tag table; a variable size buffer is * needed at this point, allocate one for the whole * profile. The header check has already validated - * that none of these stuff will overflow. + * that none of this stuff will overflow. */ const png_uint_32 tag_count = png_get_uint_32( profile_header+128); @@ -1583,19 +1584,11 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) return; } } - - else if (size > 0) - errmsg = "truncated"; - -#ifndef __COVERITY__ - else + if (errmsg == NULL) errmsg = png_ptr->zstream.msg; -#endif } - /* else png_icc_check_tag_table output an error */ } - else /* profile truncated */ errmsg = png_ptr->zstream.msg; } @@ -3144,28 +3137,28 @@ png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length) { png_alloc_size_t limit = PNG_UINT_31_MAX; - if (png_ptr->chunk_name != png_IDAT) - { # ifdef PNG_SET_USER_LIMITS_SUPPORTED - if (png_ptr->user_chunk_malloc_max > 0 && - png_ptr->user_chunk_malloc_max < limit) - limit = png_ptr->user_chunk_malloc_max; + if (png_ptr->user_chunk_malloc_max > 0 && + png_ptr->user_chunk_malloc_max < limit) + limit = png_ptr->user_chunk_malloc_max; # elif PNG_USER_CHUNK_MALLOC_MAX > 0 - if (PNG_USER_CHUNK_MALLOC_MAX < limit) - limit = PNG_USER_CHUNK_MALLOC_MAX; + if (PNG_USER_CHUNK_MALLOC_MAX < limit) + limit = PNG_USER_CHUNK_MALLOC_MAX; # endif - } - else + if (png_ptr->chunk_name == png_IDAT) { + png_alloc_size_t idat_limit = PNG_UINT_31_MAX; size_t row_factor = (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) + 1 + (png_ptr->interlaced? 6: 0)); if (png_ptr->height > PNG_UINT_32_MAX/row_factor) - limit=PNG_UINT_31_MAX; + idat_limit=PNG_UINT_31_MAX; else - limit = png_ptr->height * row_factor; - limit += 6 + 5*(limit/32566+1); /* zlib+deflate overhead */ - limit=limit < PNG_UINT_31_MAX? limit : PNG_UINT_31_MAX; + idat_limit = png_ptr->height * row_factor; + row_factor = row_factor > 32566? 32566 : row_factor; + idat_limit += 6 + 5*(idat_limit/row_factor+1); /* zlib+deflate overhead */ + idat_limit=idat_limit < PNG_UINT_31_MAX? idat_limit : PNG_UINT_31_MAX; + limit = limit < idat_limit? idat_limit : limit; } if (length > limit) diff --git a/pngtest.c b/pngtest.c index ce53345e1..d91fee149 100644 --- a/pngtest.c +++ b/pngtest.c @@ -2153,4 +2153,4 @@ main(void) #endif /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_32 Your_png_h_is_not_version_1_6_32; +typedef png_libpng_version_1_6_33 Your_png_h_is_not_version_1_6_33; diff --git a/pngtrans.c b/pngtrans.c index 326ac33f0..6882f0fd7 100644 --- a/pngtrans.c +++ b/pngtrans.c @@ -1,7 +1,7 @@ /* pngtrans.c - transforms the data in a row (used by both readers and writers) * - * Last changed in libpng 1.6.30 [June 28, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -609,7 +609,7 @@ png_do_strip_channel(png_row_infop row_info, png_bytep row, int at_start) return; /* The filler channel has gone already */ /* Fix the rowbytes value. */ - row_info->rowbytes = (unsigned int)(dp-row); + row_info->rowbytes = (png_size_t)(dp-row); } #endif @@ -708,7 +708,7 @@ png_do_check_palette_indexes(png_structrp png_ptr, png_row_infop row_info) * forms produced on either GCC or MSVC. */ int padding = PNG_PADBITS(row_info->pixel_depth, row_info->width); - png_bytep rp = png_ptr->row_buf + row_info->rowbytes; + png_bytep rp = png_ptr->row_buf + row_info->rowbytes - 1; switch (row_info->bit_depth) { diff --git a/pngwrite.c b/pngwrite.c index a7662acb7..a16d77ce0 100644 --- a/pngwrite.c +++ b/pngwrite.c @@ -1940,7 +1940,7 @@ png_image_write_main(png_voidp argument) int colormap = (format & PNG_FORMAT_FLAG_COLORMAP); int linear = !colormap && (format & PNG_FORMAT_FLAG_LINEAR); /* input */ int alpha = !colormap && (format & PNG_FORMAT_FLAG_ALPHA); - int write_16bit = linear && !colormap && (display->convert_to_8bit == 0); + int write_16bit = linear && (display->convert_to_8bit == 0); # ifdef PNG_BENIGN_ERRORS_SUPPORTED /* Make sure we error out on any bad situation */ diff --git a/projects/vstudio/README.txt b/projects/vstudio/README.txt index e68f242da..3e2c37dc5 100644 --- a/projects/vstudio/README.txt +++ b/projects/vstudio/README.txt @@ -1,7 +1,7 @@ VisualStudio instructions -libpng version 1.6.32 - August 24, 2017 +libpng version 1.6.33 - September 28, 2017 Copyright (c) 2010,2013,2015 Glenn Randers-Pehrson diff --git a/projects/vstudio/zlib.props b/projects/vstudio/zlib.props index 2b2d69088..b794131fd 100644 --- a/projects/vstudio/zlib.props +++ b/projects/vstudio/zlib.props @@ -2,7 +2,7 @@