[libpng16] Made the check for out-of-range values in png_set_tRNS() detect

values that are exactly 2^bit_depth, and work on 16-bit platforms.

ANNOUNCE

@@ -1,4 +1,4 @@
-Libpng 1.6.17beta01 - January 11, 2015
+Libpng 1.6.17beta01 - January 13, 2015
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -25,7 +25,7 @@ Other information:
 
 Changes since the last public release (1.6.16):
 
-Version 1.6.17beta01 [January 11, 2015]
+Version 1.6.17beta01 [January 13, 2015]
   Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h
   Corrected the width limit calculation in png_check_IHDR().
   Removed user limits from pngfix. Also pass NULL pointers to
@@ -34,6 +34,10 @@ Version 1.6.17beta01 [January 11, 2015]
   Regenerated configure scripts in the *.tar distributions with libtool-2.4.4
   Implement previously untested cases of libpng transforms in pngvalid.c
   Fixed byte order in 2-byte filler, in png_do_read_filler().
+  Made the check for out-of-range values in png_set_tRNS() detect
+    values that are exactly 2^bit_depth, and work on 16-bit platforms.
+  Made the check for out-of-range values in png_set_tRNS() detect
+    values that are exactly 2^bit_depth, and work on 16-bit platforms.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

CHANGES

@@ -5126,7 +5126,7 @@ Version 1.6.16rc03 [December 21, 2014]
 Version 1.6.16 [December 22, 2014]
   No changes.
 
-Version 1.6.17beta01 [January 11, 2015]
+Version 1.6.17beta01 [January 13, 2015]
   Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h
   Corrected the width limit calculation in png_check_IHDR().
   Removed user limits from pngfix. Also pass NULL pointers to
@@ -5135,6 +5135,8 @@ Version 1.6.17beta01 [January 11, 2015]
   Regenerated configure scripts in the *.tar distributions with libtool-2.4.4
   Implement previously untested cases of libpng transforms in pngvalid.c
   Fixed byte order in 2-byte filler, in png_do_read_filler().
+  Made the check for out-of-range values in png_set_tRNS() detect
+    values that are exactly 2^bit_depth, and work on 16-bit platforms.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

pngset.c

@@ -945,21 +945,24 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
 
    if (trans_color != NULL)
    {
-      int sample_max = (1 << info_ptr->bit_depth);
+      if (info_ptr->bit_depth < 16)
+      {
+         unsigned int sample_max = (1U << info_ptr->bit_depth) - 1U;
 
-      if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY &&
-          trans_color->gray > sample_max) ||
-          (info_ptr->color_type == PNG_COLOR_TYPE_RGB &&
-          (trans_color->red > sample_max ||
-          trans_color->green > sample_max ||
-          trans_color->blue > sample_max)))
-         png_warning(png_ptr,
-            "tRNS chunk has out-of-range samples for bit_depth");
-
-      info_ptr->trans_color = *trans_color;
+         if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY &&
+             trans_color->gray > sample_max) ||
+             (info_ptr->color_type == PNG_COLOR_TYPE_RGB &&
+             (trans_color->red > sample_max ||
+             trans_color->green > sample_max ||
+             trans_color->blue > sample_max)))
+           png_warning(png_ptr,
+              "tRNS chunk has out-of-range samples for bit_depth");
+      }
 
       if (num_trans == 0)
          num_trans = 1;
+
+      info_ptr->trans_color = *trans_color;
    }
 
    info_ptr->num_trans = (png_uint_16)num_trans;