[libpng16] Added PNG_SECURE feature to pnglibconf.dfa and new pngusr.dfa file
to reset the user limits to safe ones if PNG_SECURE is defined.
This commit is contained in:
parent
17ba5de88f
commit
10c0693210
6
ANNOUNCE
6
ANNOUNCE
@ -1,5 +1,5 @@
|
||||
|
||||
Libpng 1.6.0beta13 - February 21, 2012
|
||||
Libpng 1.6.0beta13 - February 24, 2012
|
||||
|
||||
This is not intended to be a public release. It will be replaced
|
||||
within a few weeks by a public version or by another test version.
|
||||
@ -219,11 +219,13 @@ Version 1.6.0beta12 [February 18, 2012]
|
||||
on iCCP chunk length. Also removed spurious casts that may hide problems
|
||||
on 16-bit systems.
|
||||
|
||||
Version 1.6.0beta13 [February 21, 2012]
|
||||
Version 1.6.0beta13 [February 24, 2012]
|
||||
Eliminated redundant png_push_read_tEXt|zTXt|iTXt|unknown code from
|
||||
pngpread.c and use the sequential png_handle_tEXt, etc., in pngrutil.c;
|
||||
now that png_ptr->buffer is inaccessible to applications, the special
|
||||
handling is no longer useful.
|
||||
Added PNG_SECURE feature to pnglibconf.dfa and new pngusr.dfa file
|
||||
to reset the user limits to safe ones if PNG_SECURE is defined.
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
11
CHANGES
11
CHANGES
@ -3966,15 +3966,18 @@ Version 1.6.0beta12 [February 18, 2012]
|
||||
Do not increase num_palette on invalid_index.
|
||||
Relocated check for invalid palette index to pngrtran.c, after unpacking
|
||||
the sub-8-bit pixels.
|
||||
Fixed CVE-2011-3026 buffer overrun bug. Deal more correctly with the test
|
||||
on iCCP chunk length. Also removed spurious casts that may hide problems
|
||||
on 16-bit systems.
|
||||
Fixed CVE-2011-3026 buffer overrun bug. This bug was introduced when
|
||||
iCCP chunk support was added at libpng-1.0.6. Deal more correctly with the
|
||||
test on iCCP chunk length. Also removed spurious casts that may hide
|
||||
problems on 16-bit systems.
|
||||
|
||||
Version 1.6.0beta13 [February 21, 2012]
|
||||
Version 1.6.0beta13 [February 24, 2012]
|
||||
Eliminated redundant png_push_read_tEXt|zTXt|iTXt|unknown code from
|
||||
pngpread.c and use the sequential png_handle_tEXt, etc., in pngrutil.c;
|
||||
now that png_ptr->buffer is inaccessible to applications, the special
|
||||
handling is no longer useful.
|
||||
Added PNG_SECURE feature to pnglibconf.dfa and new pngusr.dfa file
|
||||
to reset the user limits to safe ones if PNG_SECURE is defined.
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
16
pngusr.dfa
Normal file
16
pngusr.dfa
Normal file
@ -0,0 +1,16 @@
|
||||
# pngusr.dfa
|
||||
#
|
||||
# Build time configuration of libpng
|
||||
#
|
||||
# Enter build configuration options in this file
|
||||
#
|
||||
# Security settings: by default these limits are unset, you can change them
|
||||
# here by entering the appropriate values as #defines preceded by '@' (to cause
|
||||
# them to be passed through to the build of pnglibconf.h)
|
||||
@#ifdef PNG_SECURE
|
||||
@ /* Relatively secure values */
|
||||
@# define PNG_USER_WIDTH_MAX 1000000
|
||||
@# define PNG_USER_HEIGHT_MAX 1000000
|
||||
@# define PNG_USER_CHUNK_CACHE_MAX 128
|
||||
@# define PNG_USER_CHUNK_MALLOC_MAX 8000000
|
||||
@#endif
|
@ -276,8 +276,8 @@ option SET_USER_LIMITS enables SET_CHUNK_MALLOC_LIMIT
|
||||
# Added at libpng-1.0.16 and 1.2.6. To accept all valid PNGs no matter
|
||||
# how large, set these two limits to 0x7fffffff
|
||||
|
||||
setting USER_WIDTH_MAX default 1000000
|
||||
setting USER_HEIGHT_MAX default 1000000
|
||||
setting USER_WIDTH_MAX default 0x7fffffff
|
||||
setting USER_HEIGHT_MAX default 0x7fffffff
|
||||
|
||||
# Added at libpng-1.2.43. To accept all valid PNGs no matter
|
||||
# how large, set these two limits to 0.
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
/* pnglibconf.h - library build configuration */
|
||||
|
||||
/* Libpng 1.6.0beta13 - February 19, 2012 */
|
||||
/* Libpng 1.6.0beta13 - February 24, 2012 */
|
||||
|
||||
/* Copyright (c) 1998-2012 Glenn Randers-Pehrson */
|
||||
|
||||
@ -33,8 +33,8 @@
|
||||
#define PNG_sCAL_PRECISION 5
|
||||
#define PNG_USER_CHUNK_CACHE_MAX 0
|
||||
#define PNG_USER_CHUNK_MALLOC_MAX 0
|
||||
#define PNG_USER_HEIGHT_MAX 1000000
|
||||
#define PNG_USER_WIDTH_MAX 1000000
|
||||
#define PNG_USER_HEIGHT_MAX 0x7fffffff
|
||||
#define PNG_USER_WIDTH_MAX 0x7fffffff
|
||||
#define PNG_WEIGHT_SHIFT 8
|
||||
#define PNG_ZBUF_SIZE 8192
|
||||
/* end of settings */
|
||||
|
@ -42,13 +42,13 @@ pnglibconf.h: pnglibconf.dfn
|
||||
$(COPY) dfn3.out $@
|
||||
$(DELETE) dfn.c dfn1.out dfn2.out dfn3.out
|
||||
|
||||
pnglibconf.dfn: $(srcdir)/scripts/pnglibconf.dfa $(srcdir)/scripts/options.awk $(srcdir)/pngconf.h $(DFA_XTRA)
|
||||
pnglibconf.dfn: $(srcdir)/scripts/pnglibconf.dfa $(srcdir)/scripts/options.awk $(srcdir)/pngconf.h $(srcdir)/pngusr.dfa
|
||||
$(DELETE) $@ dfn1.out dfn2.out
|
||||
$(ECHO) "Calling $(AWK) from scripts/pnglibconf.mak" >&2
|
||||
$(ECHO) "If 'awk' crashes try a better awk (e.g. AWK='nawk')" >&2
|
||||
$(AWK) -f $(srcdir)/scripts/options.awk out=dfn1.out version=search\
|
||||
$(srcdir)/pngconf.h $(srcdir)/scripts/pnglibconf.dfa\
|
||||
$(DFA_XTRA) 1>&2
|
||||
$(srcdir)/pngusr.dfa $(DFA_XTRA) 1>&2
|
||||
$(AWK) -f $(srcdir)/scripts/options.awk out=dfn2.out dfn1.out 1>&2
|
||||
$(COPY) dfn2.out $@
|
||||
$(DELETE) dfn1.out dfn2.out
|
||||
|
Loading…
Reference in New Issue
Block a user