mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[lbipng15] Fixed the recently reported 1's complement security issue by

Browse Source 
replacing the value that is illegal in the PNG spec, in both signed and
  unsigned values, with 0. Illegal unsigned values (anything greater than or
  equal to  0x80000000) can still pass through, but since these are not illegal
  in ANSI-C (unlike 0x80000000 in the signed case) the checking that
  occurs later can catch them (John Bowler).

Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
  Seacord).
This commit is contained in:
Glenn Randers-Pehrson
2015-08-19 12:52:39 -05:00
parent a88dec67f2
commit c357fb70b5
7 changed files with 40 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
libpng.3
View File

@@ -1,4 +1,4 @@
.TH LIBPNG 3 "August 18, 2015"
.TH LIBPNG 3 "August 19, 2015"
.SH NAME
libpng \- Portable Network Graphics (PNG) Reference Library 1.5.24beta01
.SH SYNOPSIS
@@ -496,7 +496,7 @@ Following is a copy of the libpng-manual.txt file that accompanies libpng.
.SH LIBPNG.TXT
Libpng-manual.txt - A description on how to use and modify libpng
libpng version 1.5.24beta01 - August 18, 2015
libpng version 1.5.24beta01 - August 19, 2015
Updated and distributed by Glenn Randers-Pehrson
<glennrp at users.sourceforge.net>
Copyright (c) 1998-2014 Glenn Randers-Pehrson
@@ -507,7 +507,7 @@ Libpng-manual.txt - A description on how to use and modify libpng
Based on:
libpng versions 0.97, January 1998, through 1.5.24beta01 - August 18, 2015
libpng versions 0.97, January 1998, through 1.5.24beta01 - August 19, 2015
Updated and distributed by Glenn Randers-Pehrson
Copyright (c) 1998-2014 Glenn Randers-Pehrson
@@ -4997,7 +4997,7 @@ Other rules can be inferred by inspecting the libpng source.
.SH XIV. Y2K Compliance in libpng
August 18, 2015
August 19, 2015
Since the PNG Development group is an ad-hoc body, we can't make
an official declaration.
@@ -5310,7 +5310,7 @@ possible without all of you.
Thanks to Frank J. T. Wojcik for helping with the documentation.
Libpng version 1.5.24beta01 - August 18, 2015:
Libpng version 1.5.24beta01 - August 19, 2015:
Initially created in 1995 by Guy Eric Schalnat, then of Group 42, Inc.
Currently maintained by Glenn Randers-Pehrson (glennrp at users.sourceforge.net).
@@ -5333,7 +5333,7 @@ this sentence.
This code is released under the libpng license.
libpng versions 1.0.7, July 1, 2000, through 1.5.24beta01, August 18, 2015, are
libpng versions 1.0.7, July 1, 2000, through 1.5.24beta01, August 19, 2015, are
Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, and are
distributed according to the same disclaimer and license as libpng-1.0.6
with the following individuals added to the list of Contributing Authors:
@@ -5426,7 +5426,7 @@ the additional disclaimers inserted at version 1.0.7.
Glenn Randers-Pehrson
glennrp at users.sourceforge.net
August 18, 2015
August 19, 2015
.\" end of man page