From d683af0f12e75b8a3f67cd693eede34c4704cac9 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Thu, 3 Aug 2017 16:04:22 -0500 Subject: [PATCH] [libpng16] Temporarily disable IDAT length-limiting. --- ANNOUNCE | 3 ++- CHANGES | 3 ++- pngpread.c | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 58d79c9ad..ba356dbcb 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -54,7 +54,7 @@ Version 1.6.32beta05 [August 2, 2017] Version 1.6.32beta06 [August 2, 2017] Removed png_get_eXIf_1() and png_set_eXIf_1(). -Version 1.6.32beta07 [Auguest 3, 2017] +Version 1.6.32beta07 [August 3, 2017] Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue. @@ -65,6 +65,7 @@ Version 1.6.32beta08 [August 3, 2017] does not work (the eXIf chunk data can contain zeroes). Version 1.6.32beta09 [August 3, 2017] + Temporarily disable IDAT length-limiting. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index dadd665d1..f958b5ad1 100644 --- a/CHANGES +++ b/CHANGES @@ -5937,7 +5937,7 @@ Version 1.6.32beta05 [August 2, 2017] Version 1.6.32beta06 [August 2, 2017] Removed png_get_eXIf_1() and png_set_eXIf_1(). -Version 1.6.32beta07 [Auguest 3, 2017] +Version 1.6.32beta07 [August 3, 2017] Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue. @@ -5948,6 +5948,7 @@ Version 1.6.32beta08 [August 3, 2017] does not work (the eXIf chunk data can contain zeroes). Version 1.6.32beta09 [August 3, 2017] + Temporarily disable IDAT length-limiting. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngpread.c b/pngpread.c index 6445623d5..17a92d776 100644 --- a/pngpread.c +++ b/pngpread.c @@ -2,7 +2,7 @@ /* pngpread.c - read a png file in push mode * * Last changed in libpng 1.6.24 [August 4, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) *