From cc085343ec7074fad4f0d125c29beda5d824b2c8 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Sat, 7 Mar 2015 12:24:35 -0600 Subject: [PATCH] [libpng17] Stopped a potential memory leak in png_set_unknown_chunks(). Breaks tests/pngunknown-sAPI so it's temporarily marked SKIP. --- ANNOUNCE | 6 ++++-- CHANGES | 4 +++- pngset.c | 13 ++++++++++++- tests/pngunknown-sAPI | 2 ++ 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index a17436a1a..60aa5ab21 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.7.0beta55 - March 6, 2015 +Libpng 1.7.0beta55 - March 7, 2015 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -739,9 +739,11 @@ Version 1.7.0beta54 [March 4, 2015] Visual Studio (Sergey Kosarevsky) Merged pngwrite.c with libpng-1.6.17beta06/pngwrite.c -Version 1.7.0beta55 [March 6, 2015] +Version 1.7.0beta55 [March 7, 2015] Removed some comments that the configure script did not handle properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt. + Stopped a potential memory leak in png_set_unknown_chunks(). Breaks + tests/pngunknown-sAPI so it's temporarily marked SKIP. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 540424fca..410c70802 100644 --- a/CHANGES +++ b/CHANGES @@ -5029,9 +5029,11 @@ Version 1.7.0beta54 [March 4, 2015] Visual Studio (Sergey Kosarevsky) Merged pngwrite.c with libpng-1.6.17beta06/pngwrite.c -Version 1.7.0beta55 [March 6, 2015] +Version 1.7.0beta55 [March 7, 2015] Removed some comments that the configure script did not handle properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt. + Stopped a potential memory leak in png_set_unknown_chunks(). Breaks + tests/pngunknown-sAPI so it's temporarily marked SKIP. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngset.c b/pngset.c index 524e9f1c9..bd975d15b 100644 --- a/pngset.c +++ b/pngset.c @@ -1213,6 +1213,17 @@ png_set_unknown_chunks(png_structrp png_ptr, return; } + if ((np->location & (PNG_HAVE_IHDR|PNG_HAVE_PLTE|PNG_AFTER_IDAT)) == 0) + { + png_free(png_ptr, np); + np = NULL; + png_chunk_report(png_ptr, + "invalid chunk location in png_set_unknown_chunks", + PNG_CHUNK_WRITE_ERROR); + + return; + } + png_free(png_ptr, info_ptr->unknown_chunks); info_ptr->unknown_chunks = np; /* safe because it is initialized */ info_ptr->free_me |= PNG_FREE_UNKN; @@ -1289,7 +1300,7 @@ png_set_unknown_chunk_location(png_const_structrp png_ptr, png_inforp info_ptr, else if (png_ptr != NULL) png_app_warning(png_ptr, "unknown chunk index out of range"); } -#endif +#endif /* STORE_UNKNOWN_CHUNKS */ #ifdef PNG_MNG_FEATURES_SUPPORTED diff --git a/tests/pngunknown-sAPI b/tests/pngunknown-sAPI index e087ef25a..3d759c3d4 100755 --- a/tests/pngunknown-sAPI +++ b/tests/pngunknown-sAPI @@ -1,2 +1,4 @@ #!/bin/sh +code=77 # skipped +exit 77 exec ./pngunknown bKGD=save cHRM=save gAMA=save all=discard iCCP=save sBIT=save sRGB=save "${srcdir}/pngtest.png"