diff --git a/ANNOUNCE b/ANNOUNCE index c7ed2274c..f2d985351 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.35beta01 - September 29, 2017 +Libpng 1.6.35beta01 - October 1, 2017 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -24,8 +24,10 @@ Other information: Changes since the last public release (1.6.34): -Version 1.6.35beta01 [September 29, 2017] - Restored 21 of the contrib/pngsuite/i*.png, which were correct. +Version 1.6.35beta01 [October 1, 2017] + Restored 21 of the contrib/pngsuite/i*.png, which do not cause test + failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png. + Clone zlib into the oss-fuzz zlib project and build zlib alongside libpng. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 2fb2f1e6b..eaaef6f99 100644 --- a/CHANGES +++ b/CHANGES @@ -6038,11 +6038,12 @@ Version 1.6.33 [September 28, 2017] Add end_info structure and png_read_end() to the libpng fuzzer. Version 1.6.34 [September 29, 2017] - Removed contrib/pngsuite/i*.png; some of these were incorrect and caused - test failures. + Removed contrib/pngsuite/i*.png; some of caused test failures. -Version 1.6.35beta01 [September 29, 2017] - Restored 21 of the contrib/pngsuite/i*.png, which were correct. +Version 1.6.35beta01 [October 1, 2017] + Restored 21 of the contrib/pngsuite/i*.png, which do not cause test + failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png. + Clone zlib into the oss-fuzz zlib project and build zlib alongside libpng. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/contrib/oss-fuzz/Dockerfile b/contrib/oss-fuzz/Dockerfile index 7e4d1ebff..f5bc1a985 100644 --- a/contrib/oss-fuzz/Dockerfile +++ b/contrib/oss-fuzz/Dockerfile @@ -16,9 +16,10 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER glennrp@gmail.com -RUN apt-get update && apt-get install -y make autoconf automake libtool zlib1g-dev +RUN apt-get update && \ + apt-get install -y make autoconf automake libtool +RUN git clone --depth 1 https://github.com/madler/zlib.git RUN git clone --depth 1 https://github.com/glennrp/libpng.git -RUN (cd libpng; git log | head -1) +RUN cp libpng/contrib/oss-fuzz/build.sh $SRC WORKDIR libpng -COPY build.sh $SRC/ diff --git a/contrib/oss-fuzz/README.txt b/contrib/oss-fuzz/README.txt index a2b673665..3b3656fbb 100644 --- a/contrib/oss-fuzz/README.txt +++ b/contrib/oss-fuzz/README.txt @@ -24,13 +24,13 @@ The files are Filename or derived Copyright License ========================= ========== ================ ========== Dockerfile* derived 2017, Glenn R-P Apache 2.0 - build.sh* derived 2017, Glenn R-P Apache 2.0 + build.sh derived 2017, Glenn R-P Apache 2.0 libpng_read_fuzzer.cc derived 2017, Glenn R-P Chromium libpng_read_fuzzer.options original 2015, Chrome Devs Chromium png.dict original 2015, Chrome Devs Chromium README.txt (this file) original 2017, Glenn R-P libpng - * Dockerfile and build.sh are copies of the files used by oss-fuzz. + * Dockerfile is a copy of the file used by oss-fuzz. build.sh, png.dict and libpng_read_fuzzer.* are the actual files used by oss-fuzz, which retrieves them from the libpng repository at Github. diff --git a/contrib/oss-fuzz/build.sh b/contrib/oss-fuzz/build.sh index d2137b13e..300a7e83e 100755 --- a/contrib/oss-fuzz/build.sh +++ b/contrib/oss-fuzz/build.sh @@ -14,12 +14,13 @@ # See the License for the specific language governing permissions and # limitations under the License. # -# Last changed in libpng 1.6.33 [September 28, 2017] +# Last changed in libpng 1.6.35 [October 1, 2017] # -# Revisions by Glenn Randers-Pehson, 2017: +# Revisions by Glenn Randers-Pehrson, 2017: # 1. Build only the library, not the tools (changed "make -j$(nproc) all" to # "make -j$(nproc) libpng16.la"). # 2. Disabled WARNING and WRITE options in pnglibconf.dfa. +# 3. Build zlib alongside libpng ################################################################################ # Disable logging via library build configuration control. @@ -30,14 +31,17 @@ cat scripts/pnglibconf.dfa | \ > scripts/pnglibconf.dfa.temp mv scripts/pnglibconf.dfa.temp scripts/pnglibconf.dfa -# build the library. +# build zlib library. +(cd ../zlib; ./configure; make -j$(nproc) clean; make -j$(nproc) all) + +# build the libpng library. autoreconf -f -i -./configure +CPPFLAGS="-I../zlib" LDFLAGS="-L../zlib" ./configure make -j$(nproc) clean make -j$(nproc) libpng16.la # build libpng_read_fuzzer. -$CXX $CXXFLAGS -std=c++11 -I. \ +$CXX $CXXFLAGS -std=c++11 -I. -I../zlib -L../zlib \ $SRC/libpng/contrib/oss-fuzz/libpng_read_fuzzer.cc \ -o $OUT/libpng_read_fuzzer \ -lFuzzingEngine .libs/libpng16.a -lz diff --git a/contrib/oss-fuzz/libpng_read_fuzzer.cc b/contrib/oss-fuzz/libpng_read_fuzzer.cc index 78c7c9ff0..92c550c04 100644 --- a/contrib/oss-fuzz/libpng_read_fuzzer.cc +++ b/contrib/oss-fuzz/libpng_read_fuzzer.cc @@ -5,7 +5,7 @@ // Use of this source code is governed by a BSD-style license that may // be found in the LICENSE file https://cs.chromium.org/chromium/src/LICENSE -// Last changed in libpng 1.6.32 [August 24, 2017] +// Last changed in libpng 1.6.34 [September 27, 2017] // The modifications in 2017 by Glenn Randers-Pehrson include // 1. addition of a PNG_CLEANUP macro, @@ -138,7 +138,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { png_read_info(png_handler.png_ptr, png_handler.info_ptr); png_handler.row_ptr = png_malloc( png_handler.png_ptr, png_get_rowbytes(png_handler.png_ptr, - png_handler.info_ptr)); + png_handler.info_ptr)); // reset error handler to put png_deleter into scope. if (setjmp(png_jmpbuf(png_handler.png_ptr))) {