From c5c778bcfc21182cf3896dcfa044e494d4f9b96c Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Sat, 5 Aug 2017 20:15:52 -0500 Subject: [PATCH] [libpng16] Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. --- ANNOUNCE | 1 + CHANGES | 1 + pngrutil.c | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ANNOUNCE b/ANNOUNCE index c990951d0..a6045d77d 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -86,6 +86,7 @@ Version 1.6.32beta11 [August 6, 2017] Make pngtest --strict, --relax, --xfail options imply -m (multiple). Removed unused chunk_name parameter from png_check_chunk_length(). Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. + Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 818f00bb5..e15d30b35 100644 --- a/CHANGES +++ b/CHANGES @@ -5969,6 +5969,7 @@ Version 1.6.32beta11 [August 6, 2017] Make pngtest --strict, --relax, --xfail options imply -m (multiple). Removed unused chunk_name parameter from png_check_chunk_length(). Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. + Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngrutil.c b/pngrutil.c index 81c67ae7d..2cb0d0d7e 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -1434,7 +1434,7 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) if (png_inflate_claim(png_ptr, png_iCCP) == Z_OK) { - Byte profile_header[132]; + Byte profile_header[132]={0}; Byte local_buffer[PNG_INFLATE_BUF_SIZE]; png_alloc_size_t size = (sizeof profile_header);