diff --git a/ANNOUNCE b/ANNOUNCE index 284970eb5..1057fee67 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.6.0beta05 - January 11, 2012 +Libpng 1.6.0beta05 - January 15, 2012 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -104,8 +104,10 @@ Version 1.6.0beta04 [December 30, 2011] Revised contrib/pngminus/pnm2png.c to avoid warnings when png_uint_32 and unsigned long are of different sizes. -Version 1.6.0beta05 [January 11, 2012] +Version 1.6.0beta05 [January 15, 2012] Updated manual with description of the simplified API (copied from png.h) + Fix bug in pngerror.c: some long warnings were being improperly truncated + (bug introduced in libpng-1.5.3beta05). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index d2784883a..b83ff8c20 100644 --- a/CHANGES +++ b/CHANGES @@ -3855,8 +3855,10 @@ Version 1.6.0beta04 [December 30, 2011] Revised contrib/pngminus/pnm2png.c to avoid warnings when png_uint_32 and unsigned long are of different sizes. -Version 1.6.0beta05 [January 11, 2012] +Version 1.6.0beta05 [January 15, 2012] Updated manual with description of the simplified API (copied from png.h) + Fix bug in pngerror.c: some long warnings were being improperly truncated + (bug introduced in libpng-1.5.3beta05). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngerror.c b/pngerror.c index 434495335..622b41307 100644 --- a/pngerror.c +++ b/pngerror.c @@ -286,32 +286,35 @@ png_formatted_warning(png_const_structrp png_ptr, png_warning_parameters p, /* The internal buffer is just 128 bytes - enough for all our messages, * overflow doesn't happen because this code checks! */ - size_t i; + size_t i = 0; /* Index in the msg[] buffer: */ char msg[128]; - for (i=0; i<(sizeof msg)-1 && *message != '\0'; ++i) + /* Each iteration through the following loop writes at most one character + * to msg[i++] then returns here to validate that there is still space for + * the trailing '\0'. It may (in the case of a parameter) read more than + * one character from message[]; it must check for '\0' and continue to the + * test if it finds the end of string. + */ + while (i<(sizeof msg)-1 && *message != '\0') { - if (*message == '@') + /* '@' at end of string is now just printed (previously it was skipped); + * it is an error in the calling code to terminate the string with @. + */ + if (p != NULL && *message == '@' && message[1] != '\0') { - int parameter = -1; - switch (*++message) - { - case '1': - parameter = 0; - break; + int parameter_char = *++message; /* Consume the '@' */ + static const char valid_parameters[] = "123456789"; + int parameter = 0; - case '2': - parameter = 1; - break; + /* Search for the parameter digit, the index in the string is the + * parameter to use. + */ + while (valid_parameters[parameter] != parameter_char && + valid_parameters[parameter] != '\0') + ++parameter; - case '\0': - continue; /* To break out of the for loop above. */ - - default: - break; - } - - if (parameter >= 0 && parameter < PNG_WARNING_PARAMETER_COUNT) + /* If the parameter digit is out of range it will just get printed. */ + if (parameter < PNG_WARNING_PARAMETER_COUNT) { /* Append this parameter */ png_const_charp parm = p[parameter]; @@ -321,28 +324,32 @@ png_formatted_warning(png_const_structrp png_ptr, png_warning_parameters p, * that parm[] has been initialized, so there is no guarantee of a * trailing '\0': */ - for (; i<(sizeof msg)-1 && parm != '\0' && parm < pend; ++i) - msg[i] = *parm++; + while (i<(sizeof msg)-1 && *parm != '\0' && parm < pend) + msg[i++] = *parm++; + /* Consume the parameter digit too: */ ++message; continue; } /* else not a parameter and there is a character after the @ sign; just - * copy that. + * copy that. This is known not to be '\0' because of the test above. */ } /* At this point *message can't be '\0', even in the bad parameter case * above where there is a lone '@' at the end of the message string. */ - msg[i] = *message++; + msg[i++] = *message++; } /* i is always less than (sizeof msg), so: */ msg[i] = '\0'; - /* And this is the formatted message: */ + /* And this is the formatted message, it may be larger than + * PNG_MAX_ERROR_TEXT, but that is only used for 'chunk' errors and these are + * not (currently) formatted. + */ png_warning(png_ptr, msg); } #endif /* PNG_WARNINGS_SUPPORTED */ diff --git a/pngpriv.h b/pngpriv.h index bea62c910..b5e44ae7c 100644 --- a/pngpriv.h +++ b/pngpriv.h @@ -1411,7 +1411,7 @@ PNG_EXTERN png_charp png_format_number(png_const_charp start, png_charp end, #ifdef PNG_WARNINGS_SUPPORTED /* New defines and members adding in libpng-1.5.4 */ # define PNG_WARNING_PARAMETER_SIZE 32 -# define PNG_WARNING_PARAMETER_COUNT 8 +# define PNG_WARNING_PARAMETER_COUNT 8 /* Maximum 9; see pngerror.c */ /* An l-value of this type has to be passed to the APIs below to cache the * values of the parameters to a formatted warning message.