diff --git a/libpng-manual.txt b/libpng-manual.txt index 55adf3bc8..df7124cb8 100644 --- a/libpng-manual.txt +++ b/libpng-manual.txt @@ -1,6 +1,6 @@ libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.7.0beta45 - December 23, 2014 + libpng version 1.7.0beta45 - December 24, 2014 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2014 Glenn Randers-Pehrson @@ -11,7 +11,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.7.0beta45 - December 23, 2014 + libpng versions 0.97, January 1998, through 1.7.0beta45 - December 24, 2014 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2014 Glenn Randers-Pehrson @@ -648,7 +648,7 @@ User limits The PNG specification allows the width and height of an image to be as large as 2^31-1 (0x7fffffff), or about 2.147 billion rows and columns. Since very few applications really need to process such large images, -we have imposed an arbitrary 1-million limit on rows and columns. +we have imposed an arbitrary 640000 limit on rows and columns. Larger images will be rejected immediately with a png_error() call. If you wish to change this limit, you can use @@ -5106,6 +5106,17 @@ length, which resulted in PNG files that cannot be read beyond the bad iTXt chunk. This error was fixed in libpng-1.6.3, and a tool (called contrib/tools/png-fix-itxt) has been added to the libpng distribution. +Starting with libpng-1.6.17, the PNG_SAFE_LIMITS macro was eliminated +and safe limits are used by default (users who need larger limits +can still override them at compile time or run time, as described above). + +The new limits are + default + png_user_width_max 640,000 + png_user_height_max 640,000 + png_user_chunk_cache_max 128 + png_user_chunk_malloc_max 8,000,000 + XIII. Changes to Libpng from version 1.6.x to 1.7.x Some functions that were deprecated in libpng-1.6.0 were removed: @@ -5309,7 +5320,7 @@ Other rules can be inferred by inspecting the libpng source. XVII. Y2K Compliance in libpng -December 23, 2014 +December 24, 2014 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. diff --git a/libpng.3 b/libpng.3 index 1f232069a..e45a561e8 100644 --- a/libpng.3 +++ b/libpng.3 @@ -1,4 +1,4 @@ -.TH LIBPNG 3 "December 23, 2014" +.TH LIBPNG 3 "December 24, 2014" .SH NAME libpng \- Portable Network Graphics (PNG) Reference Library 1.7.0beta45 .SH SYNOPSIS @@ -494,7 +494,7 @@ Following is a copy of the libpng-manual.txt file that accompanies libpng. .SH LIBPNG.TXT libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.7.0beta45 - December 23, 2014 + libpng version 1.7.0beta45 - December 24, 2014 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2014 Glenn Randers-Pehrson @@ -505,7 +505,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.7.0beta45 - December 23, 2014 + libpng versions 0.97, January 1998, through 1.7.0beta45 - December 24, 2014 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2014 Glenn Randers-Pehrson @@ -1142,7 +1142,7 @@ callback function: The PNG specification allows the width and height of an image to be as large as 2^(31\-1 (0x7fffffff), or about 2.147 billion rows and columns. Since very few applications really need to process such large images, -we have imposed an arbitrary 1-million limit on rows and columns. +we have imposed an arbitrary 640000 limit on rows and columns. Larger images will be rejected immediately with a png_error() call. If you wish to change this limit, you can use @@ -5600,6 +5600,17 @@ length, which resulted in PNG files that cannot be read beyond the bad iTXt chunk. This error was fixed in libpng-1.6.3, and a tool (called contrib/tools/png-fix-itxt) has been added to the libpng distribution. +Starting with libpng-1.6.17, the PNG_SAFE_LIMITS macro was eliminated +and safe limits are used by default (users who need larger limits +can still override them at compile time or run time, as described above). + +The new limits are + default + png_user_width_max 640,000 + png_user_height_max 640,000 + png_user_chunk_cache_max 128 + png_user_chunk_malloc_max 8,000,000 + .SH XIII. Changes to Libpng from version 1.6.x to 1.7.x Some functions that were deprecated in libpng-1.6.0 were removed: @@ -5803,7 +5814,7 @@ Other rules can be inferred by inspecting the libpng source. .SH XVII. Y2K Compliance in libpng -December 23, 2014 +December 24, 2014 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. @@ -6073,7 +6084,7 @@ possible without all of you. Thanks to Frank J. T. Wojcik for helping with the documentation. -Libpng version 1.7.0beta45 - December 23, 2014: +Libpng version 1.7.0beta45 - December 24, 2014: Initially created in 1995 by Guy Eric Schalnat, then of Group 42, Inc. Currently maintained by Glenn Randers-Pehrson (glennrp at users.sourceforge.net). @@ -6096,7 +6107,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.2.6, August 15, 2004, through 1.7.0beta45, December 23, 2014, are +libpng versions 1.2.6, August 15, 2004, through 1.7.0beta45, December 24, 2014, are Copyright (c) 2004,2006-2007 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.2.5 with the following individual added to the list of Contributing Authors @@ -6195,7 +6206,7 @@ certification mark of the Open Source Initiative. Glenn Randers-Pehrson glennrp at users.sourceforge.net -December 23, 2014 +December 24, 2014 .\" end of man page diff --git a/pngpriv.h b/pngpriv.h index ace4e3c50..135cf008b 100644 --- a/pngpriv.h +++ b/pngpriv.h @@ -347,17 +347,9 @@ /* SECURITY and SAFETY: * - * libpng is built with support for certain internal limits on both individual - * items and totals. These are documented in scripts/pnglibconf.dfa of the + * libpng is built with support for internal limits on image dimensions and + * memory usage. These are documented in scripts/pnglibconf.dfa of the * source and recorded in the machine generated header file pnglibconf.h. - * By default there are no limits, however if the macro PNG_SAFE_LIMITS is - * set when the library is built a different, system specific, lower set of - * limits will be used. - */ - -/* Moved to pngpriv.h at libpng-1.5.0 */ -/* NOTE: some of these may have been used in external applications as - * these definitions were exposed in pngconf.h prior to 1.5. */ /* If you are running on a machine where you cannot allocate more diff --git a/scripts/pnglibconf.dfa b/scripts/pnglibconf.dfa index 4d7e1bc2d..6d1c5dd40 100644 --- a/scripts/pnglibconf.dfa +++ b/scripts/pnglibconf.dfa @@ -381,11 +381,10 @@ option IO_STATE option USER_LIMITS requires READ -# The default settings given below for the limits mean that libpng will not -# limit the size of images or the size of data in ancilliary chunks beyond the -# specification or implementation limits. This does lead to security issues if -# PNG files come from untrusted sources. Settings have the following -# interpretations: +# The default settings given below for the limits mean that libpng will +# limit the size of images or the size of data in ancilliary chunks to less +# than the specification or implementation limits. Settings have the +# following interpretations: # # USER_WIDTH_MAX: maximum width of an image that will be read # USER_HEIGHT_MAX: maximum height