John Bowler 7a0fe97841 Change image size checks ...

This covers the case where PNG_IMAGE_BUFFER_SIZE can overflow in the application
as a result of the application using an increased 'row_stride'; previously
png_image_finish_read only checked for overflow on the base calculation of
components.  (I.e. it checked for overflow of a png_alloc_size_t number on the
total number of pixel components in the output format, not the possibly padded
row length and not the number of bytes, which for linear formats is twice the
number of components.)

2016-06-11 10:12:59 -07:00

141 KiB

Raw Blame History

View Raw