[libpng16] Added png_ptr->process_mode = PNG_READ_IDAT_MODE in

png_push_read_chunk after recognizing the IDAT chunk, which avoids an
infinite loop while reading a datastream whose first IDAT chunk is of
zero-length.

ANNOUNCE

@@ -1,5 +1,5 @@
 
-Libpng 1.6.10beta02 - February 21, 2014
+Libpng 1.6.10beta02 - February 23, 2014
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -55,7 +55,7 @@ Version 1.6.10beta01 [February 9, 2014]
     and it adds corresponding code to pngimage.c to handle such options
     by not attempting to test them.
 
-Version 1.6.10beta02 [February 21, 2014]
+Version 1.6.10beta02 [February 23, 2014]
   Moved redefines of png_error(), png_warning(), png_chunk_error(),
     and png_chunk_warning() from pngpriv.h to png.h to make them visible
     to libpng-calling applications.
@@ -74,7 +74,11 @@ Version 1.6.10beta02 [February 21, 2014]
     support older Clang versions (Jeremy Sequoia).
   Treat CRC error handling with png_set_crc_action(), instead of with
     png_set_benign_errors(), which has been the case since libpng-1.6.0beta18.
-  Use a user warning handler in contrib/gregbook/readpng2.c instead of default.
+  Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
+    so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
+  Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
+    after recognizing the IDAT chunk, which avoids an infinite loop while
+    reading a datastream whose first IDAT chunk is of zero-length.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

CHANGES

@@ -4829,7 +4829,7 @@ Version 1.6.10beta01 [February 9, 2014]
     and it adds corresponding code to pngimage.c to handle such options
     by not attempting to test them.
 
-Version 1.6.10beta02 [February 21, 2014]
+Version 1.6.10beta02 [February 23, 2014]
   Moved redefines of png_error(), png_warning(), png_chunk_error(),
     and png_chunk_warning() from pngpriv.h to png.h to make them visible
     to libpng-calling applications.
@@ -4848,7 +4848,11 @@ Version 1.6.10beta02 [February 21, 2014]
     support older Clang versions (Jeremy Sequoia).
   Treat CRC error handling with png_set_crc_action(), instead of with
     png_set_benign_errors(), which has been the case since libpng-1.6.0beta18.
-  Use a user warning handler in contrib/gregbook/readpng2.c instead of default.
+  Use a user warning handler in contrib/gregbook/readpng2.c instead of default,
+    so warnings will be put on stderr even if libpng has CONSOLE_IO disabled.
+  Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk
+    after recognizing the IDAT chunk, which avoids an infinite loop while
+    reading a datastream whose first IDAT chunk is of zero-length.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

pngpread.c

@@ -1,8 +1,8 @@
 
 /* pngpread.c - read a png file in push mode
  *
- * Last changed in libpng 1.6.8 [December 19, 2013]
- * Copyright (c) 1998-2013 Glenn Randers-Pehrson
+ * Last changed in libpng 1.6.10 [(PENDING RELEASE)]
+ * Copyright (c) 1998-2014 Glenn Randers-Pehrson
  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
  *
@@ -234,6 +234,7 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
          png_error(png_ptr, "Missing PLTE before IDAT");
 
       png_ptr->mode |= PNG_HAVE_IDAT;
+      png_ptr->process_mode = PNG_READ_IDAT_MODE;
 
       if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
          if (png_ptr->push_length == 0)

pngrutil.c

@@ -228,7 +228,7 @@ png_crc_finish(png_structrp png_ptr, png_uint_32 skip)
 
       else
       {
-         png_chunk_benign_error(png_ptr, "CRC error");
+         png_chunk_error(png_ptr, "CRC error");
          return (0);
       }
 
@@ -322,6 +322,8 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn)
          {
 #ifdef PNG_ERROR_TEXT_SUPPORTED
              png_chunk_error(png_ptr, "insufficient memory to read chunk");
+#else
+             png_err(png_ptr);
 #endif
          }
       }