mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng16] Added png_ptr->process_mode = PNG_READ_IDAT_MODE in

Browse Source 
png_push_read_chunk after recognizing the IDAT chunk, which avoids an
infinite loop while reading a datastream whose first IDAT chunk is of
zero-length.
This commit is contained in:
Glenn Randers-Pehrson 2014-02-22 21:59:40 -06:00
parent f5df058bee
commit eb657ae68f
4 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.6.10beta02 - February 21, 2014 Libpng 1.6.10beta02 - February 23, 2014
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -55,7 +55,7 @@ Version 1.6.10beta01 [February 9, 2014]
and it adds corresponding code to pngimage.c to handle such options and it adds corresponding code to pngimage.c to handle such options
by not attempting to test them. by not attempting to test them.
Version 1.6.10beta02 [February 21, 2014] Version 1.6.10beta02 [February 23, 2014]
Moved redefines of png_error(), png_warning(), png_chunk_error(), Moved redefines of png_error(), png_warning(), png_chunk_error(),
and png_chunk_warning() from pngpriv.h to png.h to make them visible and png_chunk_warning() from pngpriv.h to png.h to make them visible
to libpng-calling applications. to libpng-calling applications.
@ -74,7 +74,11 @@ Version 1.6.10beta02 [February 21, 2014]
support older Clang versions (Jeremy Sequoia). support older Clang versions (Jeremy Sequoia).
Treat CRC error handling with png_set_crc_action(), instead of with Treat CRC error handling with png_set_crc_action(), instead of with
png_set_benign_errors(), which has been the case since libpng-1.6.0beta18. png_set_benign_errors(), which has been the case since libpng-1.6.0beta18.
Use a user warning handler in contrib/gregbook/readpng2.c instead of default. Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
after recognizing the IDAT chunk, which avoids an infinite loop while
reading a datastream whose first IDAT chunk is of zero-length.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

8
CHANGES
View File

@ -4829,7 +4829,7 @@ Version 1.6.10beta01 [February 9, 2014]
and it adds corresponding code to pngimage.c to handle such options and it adds corresponding code to pngimage.c to handle such options
by not attempting to test them. by not attempting to test them.
Version 1.6.10beta02 [February 21, 2014] Version 1.6.10beta02 [February 23, 2014]
Moved redefines of png_error(), png_warning(), png_chunk_error(), Moved redefines of png_error(), png_warning(), png_chunk_error(),
and png_chunk_warning() from pngpriv.h to png.h to make them visible and png_chunk_warning() from pngpriv.h to png.h to make them visible
to libpng-calling applications. to libpng-calling applications.
@ -4848,7 +4848,11 @@ Version 1.6.10beta02 [February 21, 2014]
support older Clang versions (Jeremy Sequoia). support older Clang versions (Jeremy Sequoia).
Treat CRC error handling with png_set_crc_action(), instead of with Treat CRC error handling with png_set_crc_action(), instead of with
png_set_benign_errors(), which has been the case since libpng-1.6.0beta18. png_set_benign_errors(), which has been the case since libpng-1.6.0beta18.
Use a user warning handler in contrib/gregbook/readpng2.c instead of default. Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
after recognizing the IDAT chunk, which avoids an infinite loop while
reading a datastream whose first IDAT chunk is of zero-length.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

5
pngpread.c
View File

@ -1,8 +1,8 @@
/* pngpread.c - read a png file in push mode /* pngpread.c - read a png file in push mode
* *
* Last changed in libpng 1.6.8 [December 19, 2013] * Last changed in libpng 1.6.10 [(PENDING RELEASE)]
* Copyright (c) 1998-2013 Glenn Randers-Pehrson * Copyright (c) 1998-2014 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
* *
@ -234,6 +234,7 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
png_error(png_ptr, "Missing PLTE before IDAT"); png_error(png_ptr, "Missing PLTE before IDAT");
png_ptr->mode |= PNG_HAVE_IDAT; png_ptr->mode |= PNG_HAVE_IDAT;
png_ptr->process_mode = PNG_READ_IDAT_MODE;
if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT)) if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
if (png_ptr->push_length == 0) if (png_ptr->push_length == 0)

4
pngrutil.c
View File

@ -228,7 +228,7 @@ png_crc_finish(png_structrp png_ptr, png_uint_32 skip)
else else
{ {
png_chunk_benign_error(png_ptr, "CRC error"); png_chunk_error(png_ptr, "CRC error");
return (0); return (0);
} }
@ -322,6 +322,8 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn)
{ {
#ifdef PNG_ERROR_TEXT_SUPPORTED #ifdef PNG_ERROR_TEXT_SUPPORTED
png_chunk_error(png_ptr, "insufficient memory to read chunk"); png_chunk_error(png_ptr, "insufficient memory to read chunk");
#else
png_err(png_ptr);
#endif #endif
} }
} }