Fix error in handling of bad zlib CMINFO field

Signed-off-by: John Bowler <jbowler@acm.org>
2015-11-25 12:59:42 -08:00 · 2015-11-25 12:59:42 -08:00 · f5778c8fbb
commit f5778c8fbb
parent 92ec30a3b1
1 changed files with 6 additions and 5 deletions
--- a/contrib/tools/pngfix.c
+++ b/contrib/tools/pngfix.c
@ -2221,7 +2221,7 @@ zlib_init(struct zlib *zlib, struct IDAT *idat, struct chunk *chunk,
   /* These values are sticky across reset (in addition to the stuff in the
    * first block, which is actually constant.)
    */
-   zlib->file_bits = 16;
+   zlib->file_bits = 24;
   zlib->ok_bits = 16; /* unset */
   zlib->cksum = 0; /* set when a checksum error is detected */

@ -2304,10 +2304,12 @@ zlib_advance(struct zlib *zlib, png_uint_32 nbytes)
               zlib->file_bits = file_bits;

               /* Check against the existing value - it may not need to be
-                * changed.
+                * changed.  Note that a bogus file_bits is allowed through once,
+                * to see if it works, but the window_bits value is set to 15,
+                * the maximum.
                */
               if (new_bits == 0) /* no change */
-                  zlib->window_bits = file_bits;
+                  zlib->window_bits = ((file_bits > 15) ? 15 : file_bits);

               else if (new_bits != file_bits) /* rewrite required */
                  bIn = (png_byte)((bIn & 0xf) + ((new_bits-8) << 4));
@ -2328,8 +2330,7 @@ zlib_advance(struct zlib *zlib, png_uint_32 nbytes)
               if (bIn != b2)
               {
                  /* If the first byte wasn't changed this indicates an error in
-                   * the checksum calculation; signal this by setting file_bits
-                   * (not window_bits) to 0.
+                   * the checksum calculation; signal this by setting 'cksum'.
                   */
                  if (zlib->file_bits == zlib->window_bits)
                     zlib->cksum = 1;