diff --git a/ANNOUNCE b/ANNOUNCE index 8dc1536b0..b7481033f 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.5.3beta08 - May 13, 2011 +Libpng 1.5.3beta08 - May 16, 2011 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -112,7 +112,7 @@ Version 1.5.3beta07 [May 11, 2011] Check for up->location !PNG_AFTER_IDAT when writing unknown chunks before IDAT. -Version 1.5.3beta08 [May 13, 2011] +Version 1.5.3beta08 [May 16, 2011] Improved "pngvalid --speed" to exclude more of pngvalid from the time. Documented png_set_alpha_mode(), other changes in libpng.3/libpng-manual.txt The cHRM chunk now sets the defaults for png_set_rgb_to_gray() (when negative @@ -122,6 +122,10 @@ Version 1.5.3beta08 [May 13, 2011] png_set_background(), allowing the latter to be used before the file header is read. It never performed any useful function to override the default anyway. + Added memory overwrite and palette image checks to pngvalid.c + Previously palette image code was poorly checked, since the transformation code + has a special palette path in most cases this was a severe weakness. + Minor cleanup and some extra checking in pngrutil.c and pngrtran.c Send comments/corrections/commendations to png-mng-implement at lists.sf.net: (subscription required; visit diff --git a/CHANGES b/CHANGES index 5f3b1e988..942ba4e51 100644 --- a/CHANGES +++ b/CHANGES @@ -3371,7 +3371,7 @@ Version 1.5.3beta07 [May 11, 2011] Check for up->location !PNG_AFTER_IDAT when writing unknown chunks before IDAT. -Version 1.5.3beta08 [May 13, 2011] +Version 1.5.3beta08 [May 16, 2011] Improved "pngvalid --speed" to exclude more of pngvalid from the time. Documented png_set_alpha_mode(), other changes in libpng.3/libpng-manual.txt The cHRM chunk now sets the defaults for png_set_rgb_to_gray() (when negative @@ -3381,6 +3381,10 @@ Version 1.5.3beta08 [May 13, 2011] png_set_background(), allowing the latter to be used before the file header is read. It never performed any useful function to override the default anyway. + Added memory overwrite and palette image checks to pngvalid.c + Previously palette image code was poorly checked, since the transformation code + has a special palette path in most cases this was a severe weakness. + Minor cleanup and some extra checking in pngrutil.c and pngrtran.c Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngrtran.c b/pngrtran.c index da01c748c..5ef85aa95 100644 --- a/pngrtran.c +++ b/pngrtran.c @@ -1781,7 +1781,7 @@ png_read_transform_info(png_structp png_ptr, png_infop info_ptr) if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) { /* This check must match what actually happens in - * png_do_expand_palette; if it every checks the tRNS chunk to see if + * png_do_expand_palette; if it ever checks the tRNS chunk to see if * it is all opaque we must do the same (at present it does not.) */ if (png_ptr->num_trans > 0) diff --git a/pngvalid.c b/pngvalid.c index 629221879..078740e01 100644 --- a/pngvalid.c +++ b/pngvalid.c @@ -854,8 +854,8 @@ store_ensure_image(png_store *ps, png_structp pp, int nImages, png_size_t cbRow, ps->cb_image = cb; } - /* We have an adequate sized image, lay out the rows. There are 2 bytes at - * the start and three at the end of each (this ensures tha the row alignment + /* We have an adequate sized image; lay out the rows. There are 2 bytes at + * the start and three at the end of each (this ensures that the row alignment * starts out odd - 2+1 and changes for larger images on each row.) */ ps->cb_row = cbRow; @@ -867,7 +867,7 @@ store_ensure_image(png_store *ps, png_structp pp, int nImages, png_size_t cbRow, */ memset(ps->image, 0xff, cb); - /* Then put the marks go in. */ + /* Then put in the marks. */ while (--nImages >= 0) { png_uint_32 y; @@ -2086,7 +2086,7 @@ set_modifier_for_read(png_modifier *pm, png_infopp ppi, png_uint_32 id, * time for the same test - it depends on what previous tests have been run - * but a given set of arguments to pngvalid will always produce the same palette * at the same test! This is why pseudo-random number generators are useful for - * testing. + * testing.) * * The store must be open for write when this is called, otherwise an internal * error will occur. This routine contains its own magic number seed, so the @@ -2235,7 +2235,7 @@ init_standard_palette(png_store *ps, png_structp pp, png_infop pi, int npalette, } } -/* The number of passes is related to the interlace type. There wass no libpng +/* The number of passes is related to the interlace type. There was no libpng * API to determine this prior to 1.5, so we need an inquiry function: */ static int @@ -4872,7 +4872,7 @@ image_transform_png_set_tRNS_to_alpha_mod(PNG_CONST image_transform *this, image_pixel_convert_PLTE(that); /* This effectively does an 'expand' only if there is some transparency to - * covert to an alpha channel. + * convert to an alpha channel. */ if (that->have_tRNS) image_pixel_add_alpha(that, &display->this); @@ -5329,7 +5329,7 @@ image_transform_png_set_background_set(PNG_CONST image_transform *this, else back.gray = (png_uint_16)that->background_colour.red; - + # ifdef PNG_FLOATING_POINT_SUPPORTED png_set_background(pp, &back, PNG_BACKGROUND_GAMMA_FILE, 1/*need expand*/, 0);