mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng17] Fixed two Coverity issues in pngcp.c.

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2016-07-04 12:30:10 -05:00
parent 86a3c4fb14
commit ce67b437ea
3 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.7.0beta82 - July 3, 2016 Libpng 1.7.0beta82 - July 4, 2016
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -1380,7 +1380,7 @@ Version 1.7.0beta81 [June 11, 2016]
Avoid potential overflow of the PNG_IMAGE_SIZE macro. This macro Avoid potential overflow of the PNG_IMAGE_SIZE macro. This macro
is not used within libpng, but is used in some of the examples. is not used within libpng, but is used in some of the examples.
Version 1.7.0beta82 [July 3, 2016] Version 1.7.0beta82 [July 4, 2016]
Put the SKIP definition in the correct place. It needs to come after the Put the SKIP definition in the correct place. It needs to come after the
png.h include (see all the other .c files in contrib/libtests) because it png.h include (see all the other .c files in contrib/libtests) because it
depends on PNG_LIBPNG_VER. depends on PNG_LIBPNG_VER.
@ -1388,6 +1388,7 @@ Version 1.7.0beta82 [July 3, 2016]
with a pngcp.dfa configuration test (John Bowler) with a pngcp.dfa configuration test (John Bowler)
Added a "Common linking failures" section to the INSTALL document. Added a "Common linking failures" section to the INSTALL document.
Relocated misplaced #endif in png.c sRGB profile checking. Relocated misplaced #endif in png.c sRGB profile checking.
Fixed two Coverity issues in pngcp.c.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

3
CHANGES
View File

@ -5680,7 +5680,7 @@ Version 1.7.0beta81 [June 11, 2016]
Avoid potential overflow of the PNG_IMAGE_SIZE macro. This macro Avoid potential overflow of the PNG_IMAGE_SIZE macro. This macro
is not used within libpng, but is used in some of the examples. is not used within libpng, but is used in some of the examples.
Version 1.7.0beta82 [July 3, 2016] Version 1.7.0beta82 [July 4, 2016]
Put the SKIP definition in the correct place. It needs to come after the Put the SKIP definition in the correct place. It needs to come after the
png.h include (see all the other .c files in contrib/libtests) because it png.h include (see all the other .c files in contrib/libtests) because it
depends on PNG_LIBPNG_VER. depends on PNG_LIBPNG_VER.
@ -5688,6 +5688,7 @@ Version 1.7.0beta82 [July 3, 2016]
with a pngcp.dfa configuration test (John Bowler) with a pngcp.dfa configuration test (John Bowler)
Added a "Common linking failures" section to the INSTALL document. Added a "Common linking failures" section to the INSTALL document.
Relocated misplaced #endif in png.c sRGB profile checking. Relocated misplaced #endif in png.c sRGB profile checking.
Fixed two Coverity issues in pngcp.c.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

15
contrib/tools/pngcp.c
View File

@ -475,7 +475,7 @@ struct display
char curr[32*SL]; /* current options being tested */ char curr[32*SL]; /* current options being tested */
char best[32*SL]; /* best options */ char best[32*SL]; /* best options */
char namebuf[FILENAME_MAX+1]; /* output file name */ char namebuf[FILENAME_MAX]; /* output file name */
}; };
static void static void
@ -1639,7 +1639,7 @@ makename(struct display *dp, const char *dir, const char *infile)
{ {
size_t dsize = strlen(dir); size_t dsize = strlen(dir);
if (dsize < FILENAME_MAX+2) if (dsize <= (sizeof dp->namebuf)-2) /* Allow for name + '/' + '\0' */
{ {
size_t isize = strlen(infile); size_t isize = strlen(infile);
size_t istart = isize-1; size_t istart = isize-1;
@ -1659,7 +1659,7 @@ makename(struct display *dp, const char *dir, const char *infile)
isize -= istart; isize -= istart;
infile += istart; infile += istart;
if (dsize+isize <= FILENAME_MAX) if (dsize+isize < (sizeof dp->namebuf)) /* dsize + infile + '\0' */
{ {
memcpy(dp->namebuf+dsize, infile, isize+1); memcpy(dp->namebuf+dsize, infile, isize+1);
@ -1670,7 +1670,7 @@ makename(struct display *dp, const char *dir, const char *infile)
else else
{ {
dp->namebuf[dsize] = 0; dp->namebuf[dsize] = 0; /* allowed for: -2 at start */
display_log(dp, USER_ERROR, "%s%s: output file name too long", display_log(dp, USER_ERROR, "%s%s: output file name too long",
dp->namebuf, infile); dp->namebuf, infile);
} }
@ -1799,8 +1799,15 @@ read_png(struct display *dp, const char *filename)
dp->bpp = png_get_bit_depth(dp->read_pp, dp->ip) * dp->bpp = png_get_bit_depth(dp->read_pp, dp->ip) *
png_get_channels(dp->read_pp, dp->ip); png_get_channels(dp->read_pp, dp->ip);
{ {
/* png_get_rowbytes should never return 0 because the value is set by the
* first call to png_set_IHDR, which should have happened by now, but just
* in case:
*/
png_alloc_size_t rb = png_get_rowbytes(dp->read_pp, dp->ip); png_alloc_size_t rb = png_get_rowbytes(dp->read_pp, dp->ip);
if (rb == 0)
png_error(dp->read_pp, "invalid row byte count from libpng");
/* The size calc can overflow. */ /* The size calc can overflow. */
if ((MAX_SIZE-dp->h)/rb < dp->h) if ((MAX_SIZE-dp->h)/rb < dp->h)
png_error(dp->read_pp, "image too large"); png_error(dp->read_pp, "image too large");