[libpng16] Added png_ptr->process_mode = PNG_READ_IDAT_MODE in
png_push_read_chunk after recognizing the IDAT chunk, which avoids an infinite loop while reading a datastream whose first IDAT chunk is of zero-length.
This commit is contained in:
Glenn Randers-Pehrson
parent
f5df058bee
commit
eb657ae68f
10
ANNOUNCE
10
ANNOUNCE
@ -1,5 +1,5 @@
|
||||
|
||||
Libpng 1.6.10beta02 - February 21, 2014
|
||||
Libpng 1.6.10beta02 - February 23, 2014
|
||||
|
||||
This is not intended to be a public release. It will be replaced
|
||||
within a few weeks by a public version or by another test version.
|
||||
@ -55,7 +55,7 @@ Version 1.6.10beta01 [February 9, 2014]
|
||||
and it adds corresponding code to pngimage.c to handle such options
|
||||
by not attempting to test them.
|
||||
|
||||
Version 1.6.10beta02 [February 21, 2014]
|
||||
Version 1.6.10beta02 [February 23, 2014]
|
||||
Moved redefines of png_error(), png_warning(), png_chunk_error(),
|
||||
and png_chunk_warning() from pngpriv.h to png.h to make them visible
|
||||
to libpng-calling applications.
|
||||
@ -74,7 +74,11 @@ Version 1.6.10beta02 [February 21, 2014]
|
||||
support older Clang versions (Jeremy Sequoia).
|
||||
Treat CRC error handling with png_set_crc_action(), instead of with
|
||||
png_set_benign_errors(), which has been the case since libpng-1.6.0beta18.
|
||||
Use a user warning handler in contrib/gregbook/readpng2.c instead of default.
|
||||
Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
|
||||
so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
|
||||
Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
|
||||
after recognizing the IDAT chunk, which avoids an infinite loop while
|
||||
reading a datastream whose first IDAT chunk is of zero-length.
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
||||
8
CHANGES
8
CHANGES
@ -4829,7 +4829,7 @@ Version 1.6.10beta01 [February 9, 2014]
|
||||
and it adds corresponding code to pngimage.c to handle such options
|
||||
by not attempting to test them.
|
||||
|
||||
Version 1.6.10beta02 [February 21, 2014]
|
||||
Version 1.6.10beta02 [February 23, 2014]
|
||||
Moved redefines of png_error(), png_warning(), png_chunk_error(),
|
||||
and png_chunk_warning() from pngpriv.h to png.h to make them visible
|
||||
to libpng-calling applications.
|
||||
@ -4848,7 +4848,11 @@ Version 1.6.10beta02 [February 21, 2014]
|
||||
support older Clang versions (Jeremy Sequoia).
|
||||
Treat CRC error handling with png_set_crc_action(), instead of with
|
||||
png_set_benign_errors(), which has been the case since libpng-1.6.0beta18.
|
||||
Use a user warning handler in contrib/gregbook/readpng2.c instead of default.
|
||||
Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
|
||||
so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
|
||||
Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
|
||||
after recognizing the IDAT chunk, which avoids an infinite loop while
|
||||
reading a datastream whose first IDAT chunk is of zero-length.
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
|
||||
/* pngpread.c - read a png file in push mode
|
||||
*
|
||||
* Last changed in libpng 1.6.8 [December 19, 2013]
|
||||
* Copyright (c) 1998-2013 Glenn Randers-Pehrson
|
||||
* Last changed in libpng 1.6.10 [(PENDING RELEASE)]
|
||||
* Copyright (c) 1998-2014 Glenn Randers-Pehrson
|
||||
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
|
||||
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
|
||||
*
|
||||
@ -234,6 +234,7 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
|
||||
png_error(png_ptr, "Missing PLTE before IDAT");
|
||||
|
||||
png_ptr->mode |= PNG_HAVE_IDAT;
|
||||
png_ptr->process_mode = PNG_READ_IDAT_MODE;
|
||||
|
||||
if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
|
||||
if (png_ptr->push_length == 0)
|
||||
|
||||
@ -228,7 +228,7 @@ png_crc_finish(png_structrp png_ptr, png_uint_32 skip)
|
||||
|
||||
else
|
||||
{
|
||||
png_chunk_benign_error(png_ptr, "CRC error");
|
||||
png_chunk_error(png_ptr, "CRC error");
|
||||
return (0);
|
||||
}
|
||||
|
||||
@ -322,6 +322,8 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn)
|
||||
{
|
||||
#ifdef PNG_ERROR_TEXT_SUPPORTED
|
||||
png_chunk_error(png_ptr, "insufficient memory to read chunk");
|
||||
#else
|
||||
png_err(png_ptr);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user