mirror of
https://git.code.sf.net/p/libpng/code.git
synced 2025-07-10 18:04:09 +02:00
d288a1dd36
The subtracts in PNG_XYZ_from_xy are producing integer overflow with some valid but extreme xy values. This re-introduces the previous checks, but with less limited bounds; sufficient to accomodate the ACEScg end points (ACES AP1), but not for the ACES AP0 end points. Those were not working anyway because libpng reads the cHRM parameters as unsigned values, so they must always be at least 0. A better solution requires recognizing reasonable negative values (ones which violate the current spec) and allowing them too, at least on read. Reviewed-by: Cosmin Truta <ctruta@gmail.com> Signed-off-by: John Bowler <jbowler@acm.org> Signed-off-by: Cosmin Truta <ctruta@gmail.com>
155 KiB
155 KiB