From daa97ebf4256bb4be82dbc774b178b7ac0ca8fd6 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Mon, 26 Dec 2016 19:28:24 -0600 Subject: [PATCH] [libpng15] Update CHANGES and ANNOUNCE --- ANNOUNCE | 17 +++++++++++++++++ CHANGES | 23 +++++++++++++++++++++++ 2 files changed, 40 insertions(+) diff --git a/ANNOUNCE b/ANNOUNCE index b902d7b38..5300c75db 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -34,6 +34,23 @@ version 1.5.28beta01 [December 27, 2016] Added "Common linking failures" section to INSTALL. Merge contrib/pngminim/*/makefile with libpng-1.6.24 Minor editing of INSTALL, (whitespace, added copyright line) + Removed the use of a macro containing the pre-processor 'defined' + operator. It is unclear whether this is valid; a macro that + "generates" 'defined' is not permitted, but the use of the word + "generates" within the C90 standard seems to imply more than simple + substitution of an expression itself containing a well-formed defined + operation. + Previously the pngtrans.c code always resulted in an unsigned arithmetic + overflow. This is well defined but produces errors from clang with the + option to detect unsigned overflow. As the expression only gets + evaluated once per row in this version of libpng it is easier just + to rewrite it. + The previous version of png.c produced a signed overflow as a result of + both the "& 0xffff" on the most significant bits of a negative argument; + this converted (-1) into 65535 which resulted in a subsequent overflow. + Since signed overflow is undefined in C90 the code has been modified to + correctly calculate a signed result. This requires changing the 'hi' + result parameter to a signed value. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index c358afbaf..909e644da 100644 --- a/CHANGES +++ b/CHANGES @@ -4504,6 +4504,29 @@ version 1.5.28beta01 [December 27, 2016] Added "Common linking failures" section to INSTALL. Merge contrib/pngminim/*/makefile with libpng-1.6.24 Minor editing of INSTALL, (whitespace, added copyright line) + Removed the use of a macro containing the pre-processor 'defined' + operator. It is unclear whether this is valid; a macro that + "generates" 'defined' is not permitted, but the use of the word + "generates" within the C90 standard seems to imply more than simple + substitution of an expression itself containing a well-formed defined + operation. + Previously the pngtrans.c code always resulted in an unsigned arithmetic + overflow. This is well defined but produces errors from clang with the + option to detect unsigned overflow. As the expression only gets + evaluated once per row in this version of libpng it is easier just + to rewrite it. + The previous version of png.c produced a signed overflow as a result of + both the "& 0xffff" on the most significant bits of a negative argument; + this converted (-1) into 65535 which resulted in a subsequent overflow. + Since signed overflow is undefined in C90 the code has been modified to + correctly calculate a signed result. This requires changing the 'hi' + result parameter to a signed value. + +This has been code reviewed solely by the author. A further code review +is highly desireable. Nevertheless the code compiles without warnings +from clang and without the prior detection of an overflow. Since it no +longer truncates any of the intermediate values this should be enough to +ensure that it is correct. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit