cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[Libpng16] Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2017-08-05 19:58:41 -05:00
parent 13bc0b6b1f
commit 1ebe4f75cc
3 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ANNOUNCE
View File

@ -1,4 +1,4 @@
Libpng 1.6.32beta11 - August 5, 2017 Libpng 1.6.32beta11 - August 6, 2017
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -80,11 +80,12 @@ Version 1.6.32beta10 [August 5, 2017]
Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
num_exif argument to png_get_eXIf_1() (Github Issue 171). num_exif argument to png_get_eXIf_1() (Github Issue 171).
Version 1.6.32beta11 [August 5, 2017] Version 1.6.32beta11 [August 6, 2017]
Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
Make pngtest --strict, --relax, --xfail options imply -m (multiple). Make pngtest --strict, --relax, --xfail options imply -m (multiple).
Removed unused chunk_name parameter from png_check_chunk_length(). Removed unused chunk_name parameter from png_check_chunk_length().
Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

3
CHANGES
View File

@ -5963,11 +5963,12 @@ Version 1.6.32beta10 [August 5, 2017]
Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the
num_exif argument to png_get_eXIf_1() (Github Issue 171). num_exif argument to png_get_eXIf_1() (Github Issue 171).
Version 1.6.32beta11 [August 5, 2017] Version 1.6.32beta11 [August 6, 2017]
Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks().
Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers.
Make pngtest --strict, --relax, --xfail options imply -m (multiple). Make pngtest --strict, --relax, --xfail options imply -m (multiple).
Removed unused chunk_name parameter from png_check_chunk_length(). Removed unused chunk_name parameter from png_check_chunk_length().
Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

3
pngrutil.c
View File

@ -2030,6 +2030,8 @@ png_handle_eXIf(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
return; return;
} }
info_ptr->free_me |= PNG_FREE_EXIF;
info_ptr->eXIf_buf = png_voidcast(png_bytep, info_ptr->eXIf_buf = png_voidcast(png_bytep,
png_malloc_warn(png_ptr, length)); png_malloc_warn(png_ptr, length));
@ -2040,7 +2042,6 @@ png_handle_eXIf(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
return; return;
} }
info_ptr->free_me |= PNG_FREE_EXIF;
for (i = 0; i < length; i++) for (i = 0; i < length; i++)
{ {
png_byte buf[1]; png_byte buf[1];