cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[libpng16] Nullify trans_color with out-of-range value, to stop oss-fuzz issue.

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2017-10-15 11:04:53 -05:00
parent ccc77d2a8d
commit 2be0f33e7c
3 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ANNOUNCE
View File

@ -1,4 +1,4 @@
Libpng 1.6.35beta01 - October 12, 2017
Libpng 1.6.35beta01 - October 15, 2017
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
@ -24,11 +24,12 @@ Other information:
Changes since the last public release (1.6.34):
Version 1.6.35beta01 [October 12, 2017]
Version 1.6.35beta01 [October 15, 2017]
Restored 21 of the contrib/pngsuite/i*.png, which do not cause test
failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
Added calls to png_set_*() transforms commonly used by browsers to
the fuzzer.
Nullify trans_color with out-of-range value.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit

3
CHANGES
View File

@ -6040,11 +6040,12 @@ Version 1.6.33 [September 28, 2017]
Version 1.6.34 [September 29, 2017]
Removed contrib/pngsuite/i*.png; some of caused test failures.
Version 1.6.35beta01 [October 12, 2017]
Version 1.6.35beta01 [October 15, 2017]
Restored 21 of the contrib/pngsuite/i*.png, which do not cause test
failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
Added calls to png_set_*() transforms commonly used by browsers to
the fuzzer.
Nullify trans_color with out-of-range value.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit

7
pngset.c
View File

@ -1025,7 +1025,6 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
if (trans_color != NULL)
{
#ifdef PNG_WARNINGS_SUPPORTED
if (info_ptr->bit_depth < 16)
{
int sample_max = (1 << info_ptr->bit_depth) - 1;
@ -1036,14 +1035,16 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
(trans_color->red > sample_max ||
trans_color->green > sample_max ||
trans_color->blue > sample_max)))
{
png_warning(png_ptr,
"tRNS chunk has out-of-range samples for bit_depth");
trans_color = NULL;
}
}
#endif
info_ptr->trans_color = *trans_color;
if (num_trans == 0)
if (num_trans == 0 && trans_color != NULL)
num_trans = 1;
}