From 12fb29f951709daa53423eaef69d558d6890a3f0 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Tue, 22 Nov 2011 11:53:49 -0600 Subject: [PATCH] [libpng15] Reject invalid compression flag, method when reading the iTXt chunk. --- ANNOUNCE | 2 +- CHANGES | 2 +- png.h | 14 ++++++++------ pngrutil.c | 4 ++-- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 6c2660b31..95a7b1a1e 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -105,7 +105,7 @@ Version 1.5.7beta05 [November 22, 2011] (Frank Busse). Allow row_stride==0 to indicate default stride in simplified API. Added MINGW support to CMakeLists.txt - Reject invalid compression flag when reading the iTXt chunk. + Reject invalid compression flag or method when reading the iTXt chunk. Send comments/corrections/commendations to png-mng-implement at lists.sf.net: (subscription required; visit diff --git a/CHANGES b/CHANGES index 752961c6c..8242dbe35 100644 --- a/CHANGES +++ b/CHANGES @@ -3750,7 +3750,7 @@ Version 1.5.7beta05 [November 22, 2011] (Frank Busse). Allow row_stride==0 to indicate default stride in simplified API. Added MINGW support to CMakeLists.txt - Reject invalid compression flag when reading the iTXt chunk. + Reject invalid compression flag or method when reading the iTXt chunk. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/png.h b/png.h index 1b0776988..bcb5610a4 100644 --- a/png.h +++ b/png.h @@ -1,7 +1,7 @@ /* png.h - header file for PNG reference library * - * libpng version 1.5.7beta05 - November 21, 2011 + * libpng version 1.5.7beta05 - November 22, 2011 * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -11,7 +11,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.5.7beta05 - November 21, 2011: Glenn + * libpng versions 0.97, January 1998, through 1.5.7beta05 - November 22, 2011: Glenn * See also "Contributing Authors", below. * * Note about libpng version numbers: @@ -195,7 +195,7 @@ * * This code is released under the libpng license. * - * libpng versions 1.2.6, August 15, 2004, through 1.5.7beta05, November 21, 2011, are + * libpng versions 1.2.6, August 15, 2004, through 1.5.7beta05, November 22, 2011, are * Copyright (c) 2004, 2006-2011 Glenn Randers-Pehrson, and are * distributed according to the same disclaimer and license as libpng-1.2.5 * with the following individual added to the list of Contributing Authors: @@ -307,7 +307,7 @@ * Y2K compliance in libpng: * ========================= * - * November 21, 2011 + * November 22, 2011 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. @@ -373,7 +373,7 @@ /* Version information for png.h - this should match the version in png.c */ #define PNG_LIBPNG_VER_STRING "1.5.7beta05" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.5.7beta05 - November 21, 2011\n" + " libpng version 1.5.7beta05 - November 22, 2011\n" #define PNG_LIBPNG_VER_SONUM 15 #define PNG_LIBPNG_VER_DLLNUM 15 @@ -620,7 +620,9 @@ typedef png_sPLT_t FAR * FAR * png_sPLT_tpp; * default without iTXt support. Also note that when iTXt *is* supported, * the "lang" and "lang_key" fields contain NULL pointers when the * "compression" field contains * PNG_TEXT_COMPRESSION_NONE or - * PNG_TEXT_COMPRESSION_zTXt. + * PNG_TEXT_COMPRESSION_zTXt. Note that the "compression value" is not the + * same as what appears in the PNG tEXt/zTXt/iTXt chunk's "compression flag" + * which is always 0 or 1, or its "compression method" which is always 0. */ typedef struct png_text_struct { diff --git a/pngrutil.c b/pngrutil.c index 16c628059..68093822a 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -2540,9 +2540,9 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) comp_type = *lang++; } - if (comp_flag && comp_flag != PNG_TEXT_COMPRESSION_zTXt) + if (comp_type || (comp_flag && comp_flag != PNG_TEXT_COMPRESSION_zTXt)) { - png_warning(png_ptr, "Unknown iTXt compression type"); + png_warning(png_ptr, "Unknown iTXt compression type or method"); png_free(png_ptr, png_ptr->chunkdata); png_ptr->chunkdata = NULL; return;