AuroraMiddleware/libpng
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4,089 Commits 1 Branch 0 Tags 22 MiB
master
Commit Graph

702 Commits

Author SHA1 Message Date
skal
eb6767273a Fix memory leak if eXIf has incorrect crc 
Problem description:
Imagine a bitstream with an eXIf data segment that has invalid CRC.
If png_crc_finish() fails at line 2090, info_ptr->eXIf_buf is not freed
(despite the free_me setting at line 2062) because png_free_data() is
not called. png_read_info() is actually looping several time over the
png_eXIf chunk, calling png_handle_eXIf() several time in a row without
freeing the buffer.

This patch fixes the problem by leaving info_ptr's content in a clean
state in case of failure, as it is done at line 2084.
 2020-04-27 00:16:36 -04:00
Cosmin Truta
ceb327789b Remove top-level const from function-scope variables 
As per the const correctness rules, top-level const-ness of data
in automatic scopes does not propagate outside of these scopes
(unlike const-ness at lower levels, such as pointers to const data).

Previously, const was used liberally, but inconsistently across the
libpng codebase. Using const wherever applicable is not incorrect.
However, _consistent_ use of const is difficult to maintain in such
conditions.

In conclusion, we shall continue to use const only where doing so is
strictly necessary:

1. If a function guarantees that it will not modify an argument
   passed by pointer, the corresponding function parameter should be
   a pointer-to-const (const T *).

2. Static data should not be modified, therefore it should be const.

Reference:
Google C++ Style Guide
https://google.github.io/styleguide/cppguide.html#Use_of_const
 2018-08-18 22:47:16 -04:00
Cosmin Truta
1ef8882814 Replace the remaining uses of PNG_CONST with const 
In v1.6.0, compiler support for const became a requirement.
It should be used consistently. To maintain backwards compatibility,
PNG_CONST is still maintained in deprecated form.
 2018-08-18 21:01:02 -04:00
Cosmin Truta
a873893279 Remove the "last changed" version information from source comments 
This information is maintained by the version control system.
 2018-07-28 18:47:21 -04:00
Cosmin Truta
46aedd8961 Release libpng version 1.6.35 2018-07-15 23:58:00 -04:00
Cosmin Truta
8a05766cb7 [libpng16] Fix the calculation of row_factor in png_check_chunk_length 
(Bug report by Thuan Pham, SourceForge issue #278)
 2018-06-17 22:56:29 -04:00
Cosmin Truta
a74aa9a002 [libpng16] Replace the remaining uses of png_size_t with size_t 
In v1.6.0, size_t became a required type. It should be used
consistently. To maintain backwards compatibility, png_size_t
is still maintained in deprecated form.
 2018-06-17 22:37:44 -04:00
Glenn Randers-Pehrson
84e6e35675 [libpng16] Fix potential problem with bKGD (Cosmin Truta) 2018-01-07 17:43:09 -06:00
Unknown
f23b41d7b1 Misc. typos 
Some are user facing. Some are in actual code. Most are in source comments. Also, please double check the changes in contrib/tools/pngfix.c
 2017-11-03 00:52:06 -04:00
Glenn Randers-Pehrson
7125401411 [libpng16] Undo recent pngrutil.c change that did not fix oss-fuzz issue 2017-10-31 20:58:19 -05:00
Glenn Randers-Pehrson
7ee802a5a2 [libpng16] Initialize trans_color.red, green, and blue == trans_color.gray 
in attempt to stop an oss-fuzz "use of ininitialized value" issue
 2017-10-29 17:49:38 -05:00
Glenn Randers-Pehrson
2f8b82ebca [libpng16] Revert recent changes that did not help with oss-fuzz issues 2017-10-29 10:30:42 -05:00
Glenn Randers-Pehrson
aea0ec4346 [libpng16] Initialize tRNS read buffers in pngrutil.c 2017-10-20 19:38:03 -05:00
Glenn Randers-Pehrson
9bddba26de [libpng16] Initialize entire palette array to zero in png_handle_PLTE(). 2017-10-17 16:22:22 -05:00
Glenn Randers-Pehrson
2ee8cb0559 [libpng16] Imported from libpng-1.6.33.tar 2017-09-28 13:58:30 -05:00
Glenn Randers-Pehrson
3d2d0b52a3 [libpng16] Fix Coverity defect regarding errmsg in pngrutil.c 2017-09-23 21:22:18 -05:00
Glenn Randers-Pehrson
90dd185aed [libpng16] Removed more redundant tests (suggested by "irwir" in Github issue #180). 2017-09-22 17:29:59 -05:00
Glenn Randers-Pehrson
0165badb9d [libpng16] Relocate new memset() call in pngrutil.c (irwir). 2017-09-22 15:21:36 -05:00
Glenn Randers-Pehrson
5efa483265 [libpng16] Removed a redundant test (suggested by "irwir" in Github issue #180). 2017-09-20 15:53:38 -05:00
Glenn Randers-Pehrson
5f0c9fabbc [libpng16] Bump version to 1.6.33rc01 2017-09-20 15:50:17 -05:00
Glenn Randers-Pehrson
397c7eea38 [libpng16] Add a memset() in png_read_buffer() 2017-09-19 18:52:21 -05:00
Glenn Randers-Pehrson
066cb34268 [libpng16] Fix some comments 2017-09-19 15:52:36 -05:00
Glenn Randers-Pehrson
721b96ef90 [libpng16] zero out memory allocated by png_inflate 2017-09-18 14:23:41 -05:00
Glenn Randers-Pehrson
c2c8b398a9 [libpng16] Imported from libpng-1.6.33beta02.tar 2017-09-02 19:48:19 -05:00
Glenn Randers-Pehrson
eb2f42aa97 [libpng16] Compute a larger limit on IDAT because some applications write a 
deflate buffer for each row (Bug report by Andrew Church).
 2017-08-31 11:14:23 -05:00
Glenn Randers-Pehrson
58720d3c06 [libpng16] Fix "last changed" dates 2017-08-29 12:29:03 -05:00
Glenn Randers-Pehrson
f6ca33d42c [libpng16] Bump version to 1.6.33beta01 2017-08-25 18:54:30 -05:00
Glenn Randers-Pehrson
df7e9dae0c [libpng16] Imported from libpng-1.6.32.tar 2017-08-24 16:39:02 -05:00
Glenn Randers-Pehrson
c362a8c80e [libpng16] Free eXIf_buf when detecting bad byte-order specifier. 2017-08-07 06:31:58 -05:00
Glenn Randers-Pehrson
33787340a4 Fix typo (1 should be 2) in png_handle_eXIf 2017-08-06 10:35:23 -05:00
Glenn Randers-Pehrson
cf713fb0ab [libpng16] Check that the eXIf chunk has at least 2 bytes and begins 
with "II" or "MM".
 2017-08-06 10:24:04 -05:00
Glenn Randers-Pehrson
c82ae40e9f [libpng16] Test or 11 bytes instead of 14 after the iCCP keyword has been read. 2017-08-06 08:37:48 -05:00
Glenn Randers-Pehrson
099558d100 [libpng16] Relocate the iCCP length test to a point after reading the keyword 2017-08-06 08:25:56 -05:00
Glenn Randers-Pehrson
8ed418b042 [libpng16] Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), 
to account for the minimum 'deflate' stream.
 2017-08-06 07:59:02 -05:00
Glenn Randers-Pehrson
39d84f4f6a [lbpng16] Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. 2017-08-05 20:51:23 -05:00
Glenn Randers-Pehrson
c5c778bcfc [libpng16] Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. 2017-08-05 20:15:52 -05:00
Glenn Randers-Pehrson
1ebe4f75cc [Libpng16] Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. 2017-08-05 19:58:41 -05:00
Glenn Randers-Pehrson
13bc0b6b1f [libpng16] Make png_check_chunk_length|name() parameters const 2017-08-05 15:35:45 -05:00
Glenn Randers-Pehrson
fcd1bb9312 [libpng16] Removed unused chunk_name parameter from png_check_chunk_length(). 2017-08-05 15:08:40 -05:00
Glenn Randers-Pehrson
2dca15686f [libpng16] Moved chunk-length check into a png_check_chunk_length() private 
function (Suggested by Max Stepin).
 2017-08-04 14:09:27 -05:00
Glenn Randers-Pehrson
469317d9bd [libpng16] Removed a left-over debugging "printf" statement from pngrutil.c 2017-08-04 12:14:39 -05:00
Glenn Randers-Pehrson
2dbef2f2a9 [libpng16] Restored IDAT length check. Previously the calculated limit was five 
bytes too small (neglected to account for a partial DEFLATE buffer)
 2017-08-03 18:03:12 -05:00
Glenn Randers-Pehrson
4ac8b5e0d6 [libpng16] Use png_debug2() instead of printf() for bug reporting. 2017-08-03 16:29:58 -05:00
Glenn Randers-Pehrson
095b4ce16b [libpng16] Disabled new limit test on IDAT chunks. It was producing too small 
a limit for some files.
 2017-08-03 12:43:56 -05:00
Glenn Randers-Pehrson
d930d36155 [libpng16] Restored png_get_eXIf_1() and png_set_eXIf_1() because strlen(eXIf_buf) 
does not work (the eXIf chunk data can contain zeroes).
 2017-08-03 10:29:10 -05:00
Glenn Randers-Pehrson
a1fe2c9848 [libpng16] Check length of IDAT against maximum possible IDAT size, accounting 
for height, rowbytes, interlacing and zlib/deflate overhead.
 2017-08-03 10:01:35 -05:00
Glenn Randers-Pehrson
347538efbd [libng16] Check length of all chunks except IDAT against user limit. 2017-08-02 19:21:19 -05:00
Glenn Randers-Pehrson
3fa1df48a1 [libpng16] Removed png_get_eXIf_1() and png_set_eXIf_1(). 2017-08-02 17:27:41 -05:00
Glenn Randers-Pehrson
fd6b87253c [libpng16] Eliminate local eXIf_buf from png_handle_eXIf() 2017-08-02 06:35:15 -05:00
Glenn Randers-Pehrson
71a56180e5 [libpng16] Stop memory leak when returning from png_handle_eXIf() with an error 
(Bug report from the OSS-fuzz project).
 2017-08-01 21:42:16 -05:00