mirror of
https://git.code.sf.net/p/libpng/code.git
synced 2025-07-10 18:04:09 +02:00
92a7c79db2
The code now validates the ICC profile length against the user chunk limit before the buffer is allocated, as opposed to doing it while the buffer is read. This removes the potential to consume virtual address space with a carefully crafted ICC profile; only an issue on 32-bit systems where a valid profile can be up to 2^32-4 bytes in length. libpng never writes beyond the application supplied limit, but previously it did allocate a buffer of the size specified in the profile header. The exploitability of this is almost zero; the address space is released as soon as the PNG read completes. Also clean up PNG_DEBUG compile of pngtest.c. Signed-off-by: John Bowler <jbowler@acm.org>
39 lines
1.0 KiB
Plaintext
39 lines
1.0 KiB
Plaintext
Libpng 1.6.25beta01 - August 10, 2016
|
|
|
|
This is not intended to be a public release. It will be replaced
|
|
within a few weeks by a public version or by another test version.
|
|
|
|
Files available for download:
|
|
|
|
Source files with LF line endings (for Unix/Linux) and with a
|
|
"configure" script
|
|
|
|
1.6.25beta01.tar.xz (LZMA-compressed, recommended)
|
|
1.6.25beta01.tar.gz
|
|
|
|
Source files with CRLF line endings (for Windows), without the
|
|
"configure" script
|
|
|
|
lp1625b01.7z (LZMA-compressed, recommended)
|
|
lp1625b01.zip
|
|
|
|
Other information:
|
|
|
|
1.6.25beta01-README.txt
|
|
1.6.25beta01-LICENSE.txt
|
|
libpng-1.6.25beta01-*.asc (armored detached GPG signatures)
|
|
|
|
Changes since the last public release (1.6.24):
|
|
|
|
Version 1.6.25beta01 [August 10, 2016]
|
|
Reject oversized iCCP profile immediately.
|
|
Clean up PNG_DEBUG compile of pngtest.c.
|
|
|
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
|
(subscription required; visit
|
|
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
|
|
to subscribe)
|
|
or to glennrp at users.sourceforge.net
|
|
|
|
Glenn R-P
|