mirror of
https://git.code.sf.net/p/libpng/code.git
synced 2025-07-10 18:04:09 +02:00
[devel] Require 48 bytes, not 64 bytes, for big_row_buf in overflow checks.
Also removed two obsolete comments from png.c
This commit is contained in:
Glenn Randers-Pehrson
7
ANNOUNCE
7
ANNOUNCE
@@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
Libpng 1.5.0beta54 - October 18, 2010
|
Libpng 1.5.0beta54 - October 23, 2010
|
||||||
|
|
||||||
This is not intended to be a public release. It will be replaced
|
This is not intended to be a public release. It will be replaced
|
||||||
within a few weeks by a public version or by another test version.
|
within a few weeks by a public version or by another test version.
|
||||||
@@ -226,7 +226,7 @@ version 1.5.0beta24 [May 7, 2010]
|
|||||||
offset of the png_ptr->rowbuf pointer into png_ptr->big_row_buf.
|
offset of the png_ptr->rowbuf pointer into png_ptr->big_row_buf.
|
||||||
Added more blank lines for readability.
|
Added more blank lines for readability.
|
||||||
|
|
||||||
version 1.5.0beta25 [October 18, 2010]
|
version 1.5.0beta25 [October 23, 2010]
|
||||||
In pngpread.c: png_push_have_row() add check for new_row > height
|
In pngpread.c: png_push_have_row() add check for new_row > height
|
||||||
Removed the now-redundant check for out-of-bounds new_row from example.c
|
Removed the now-redundant check for out-of-bounds new_row from example.c
|
||||||
|
|
||||||
@@ -432,7 +432,8 @@ Version 1.5.0beta53 [October 18, 2010]
|
|||||||
Revised and renamed the typedef in png.h and png.c that was designed
|
Revised and renamed the typedef in png.h and png.c that was designed
|
||||||
to catch library and header mismatch.
|
to catch library and header mismatch.
|
||||||
|
|
||||||
Version 1.5.0beta54 [October 18, 2010]
|
Version 1.5.0beta54 [October 23, 2010]
|
||||||
|
Require 48 bytes, not 64 bytes, for big_row_buf in overflow checks.
|
||||||
|
|
||||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net:
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net:
|
||||||
(subscription required; visit
|
(subscription required; visit
|
||||||
|
|||||||
3
CHANGES
3
CHANGES
@@ -3070,7 +3070,8 @@ Version 1.5.0beta53 [October 18, 2010]
|
|||||||
Revised and renamed the typedef in png.h and png.c that was designed
|
Revised and renamed the typedef in png.h and png.c that was designed
|
||||||
to catch library and header mismatch.
|
to catch library and header mismatch.
|
||||||
|
|
||||||
Version 1.5.0beta54 [October 18, 2010]
|
Version 1.5.0beta54 [October 23, 2010]
|
||||||
|
Require 48 bytes, not 64 bytes, for big_row_buf in overflow checks.
|
||||||
|
|
||||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||||
(subscription required; visit
|
(subscription required; visit
|
||||||
|
|||||||
12
png.c
12
png.c
@@ -16,10 +16,6 @@
|
|||||||
/* Generate a compiler error if there is an old png.h in the search path. */
|
/* Generate a compiler error if there is an old png.h in the search path. */
|
||||||
typedef png_libpng_version_1_5_0beta54 Your_png_h_is_not_version_1_5_0beta54;
|
typedef png_libpng_version_1_5_0beta54 Your_png_h_is_not_version_1_5_0beta54;
|
||||||
|
|
||||||
/* Version information for C files. This had better match the version
|
|
||||||
* string defined in png.h.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* Tells libpng that we have already handled the first "num_bytes" bytes
|
/* Tells libpng that we have already handled the first "num_bytes" bytes
|
||||||
* of the PNG file signature. If the PNG data is embedded into another
|
* of the PNG file signature. If the PNG data is embedded into another
|
||||||
* stream we can set num_bytes = 8 so that libpng will not attempt to read
|
* stream we can set num_bytes = 8 so that libpng will not attempt to read
|
||||||
@@ -72,7 +68,7 @@ png_sig_cmp(png_const_bytep sig, png_size_t start, png_size_t num_to_check)
|
|||||||
#endif /* PNG_READ_SUPPORTED */
|
#endif /* PNG_READ_SUPPORTED */
|
||||||
|
|
||||||
#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
|
#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
|
||||||
/* Function to allocate memory for zlib and clear it to 0. */
|
/* Function to allocate memory for zlib */
|
||||||
PNG_FUNCTION(voidpf /* PRIVATE */,
|
PNG_FUNCTION(voidpf /* PRIVATE */,
|
||||||
png_zalloc,(voidpf png_ptr, uInt items, uInt size),PNG_ALLOCATED)
|
png_zalloc,(voidpf png_ptr, uInt items, uInt size),PNG_ALLOCATED)
|
||||||
{
|
{
|
||||||
@@ -560,13 +556,13 @@ png_get_copyright(png_structp png_ptr)
|
|||||||
#else
|
#else
|
||||||
# ifdef __STDC__
|
# ifdef __STDC__
|
||||||
return PNG_STRING_NEWLINE \
|
return PNG_STRING_NEWLINE \
|
||||||
"libpng version 1.5.0beta54 - October 18, 2010" PNG_STRING_NEWLINE \
|
"libpng version 1.5.0beta54 - October 23, 2010" PNG_STRING_NEWLINE \
|
||||||
"Copyright (c) 1998-2010 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
|
"Copyright (c) 1998-2010 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
|
||||||
"Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
|
"Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
|
||||||
"Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
|
"Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
|
||||||
PNG_STRING_NEWLINE;
|
PNG_STRING_NEWLINE;
|
||||||
# else
|
# else
|
||||||
return "libpng version 1.5.0beta54 - October 18, 2010\
|
return "libpng version 1.5.0beta54 - October 23, 2010\
|
||||||
Copyright (c) 1998-2010 Glenn Randers-Pehrson\
|
Copyright (c) 1998-2010 Glenn Randers-Pehrson\
|
||||||
Copyright (c) 1996-1997 Andreas Dilger\
|
Copyright (c) 1996-1997 Andreas Dilger\
|
||||||
Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
|
Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
|
||||||
@@ -802,7 +798,7 @@ png_check_IHDR(png_structp png_ptr,
|
|||||||
|
|
||||||
if (width > (PNG_UINT_32_MAX
|
if (width > (PNG_UINT_32_MAX
|
||||||
>> 3) /* 8-byte RGBA pixels */
|
>> 3) /* 8-byte RGBA pixels */
|
||||||
- 64 /* bigrowbuf hack */
|
- 48 /* bigrowbuf hack */
|
||||||
- 1 /* filter byte */
|
- 1 /* filter byte */
|
||||||
- 7*8 /* rounding of width to multiple of 8 pixels */
|
- 7*8 /* rounding of width to multiple of 8 pixels */
|
||||||
- 8) /* extra max_pixel_depth pad */
|
- 8) /* extra max_pixel_depth pad */
|
||||||
|
|||||||
2
pngset.c
2
pngset.c
@@ -203,7 +203,7 @@ png_set_IHDR(png_structp png_ptr, png_infop info_ptr,
|
|||||||
/* Check for potential overflow */
|
/* Check for potential overflow */
|
||||||
if (width > (PNG_UINT_32_MAX
|
if (width > (PNG_UINT_32_MAX
|
||||||
>> 3) /* 8-byte RRGGBBAA pixels */
|
>> 3) /* 8-byte RRGGBBAA pixels */
|
||||||
- 64 /* bigrowbuf hack */
|
- 48 /* bigrowbuf hack */
|
||||||
- 1 /* filter byte */
|
- 1 /* filter byte */
|
||||||
- 7*8 /* rounding of width to multiple of 8 pixels */
|
- 7*8 /* rounding of width to multiple of 8 pixels */
|
||||||
- 8) /* extra max_pixel_depth pad */
|
- 8) /* extra max_pixel_depth pad */
|
||||||
|
|||||||
Reference in New Issue
Block a user