[libpng16] Attempt to isolate an oss-fuzz issue in png_set_text_2

2017-09-08 09:34:08 -05:00 · 2017-09-08 09:34:08 -05:00 · 3789cba2f2
commit 3789cba2f2
parent 8592873f24
2 changed files with 11 additions and 3 deletions
--- a/png.c
+++ b/png.c
@ -1,7 +1,7 @@

 /* png.c - location for general purpose libpng functions
 *
- * Last changed in libpng 1.6.32 [August 24, 2017]
+ * Last changed in libpng 1.6.33 [(PENDING RELEASE)]
 * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
--- a/pngset.c
+++ b/pngset.c
@ -1,7 +1,7 @@

 /* pngset.c - storage of image information into info struct
 *
- * Last changed in libpng 1.6.32 [August 24, 2017]
+ * Last changed in libpng 1.6.33 [(PENDING RELEASE)]
 * Copyright (c) 1998-2017 Glenn Randers-Pehrson
 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -837,6 +837,9 @@ png_set_text_2(png_const_structrp png_ptr, png_inforp info_ptr,
      size_t lang_len, lang_key_len;
      png_textp textp = &(info_ptr->text[info_ptr->num_text]);

+      int text_is_null=0;
+      int text_0_is_0=0;
+
      if (text_ptr[i].key == NULL)
          continue;

@ -881,7 +884,12 @@ png_set_text_2(png_const_structrp png_ptr, png_inforp info_ptr,
      }
 #  endif

-      if (text_ptr[i].text == NULL || text_ptr[i].text[0] == '\0')
+      if (text_ptr[i].text == NULL)
+         text_is_null=1;
+      if (text_ptr[i].text[0] == '\0')
+         text_0_is_0=1;
+
+      if (text_is_null || text_0_is_0)
      {
         text_length = 0;
 #  ifdef PNG_iTXt_SUPPORTED