diff --git a/LICENSE b/LICENSE index 97e3dd55b..448b3b694 100644 --- a/LICENSE +++ b/LICENSE @@ -10,7 +10,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.0.7, July 1, 2000 through 1.6.30beta02, April 1, 2017 are +libpng versions 1.0.7, July 1, 2000 through 1.6.30beta02, April 22, 2017 are Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are derived from libpng-1.0.6, and are distributed according to the same disclaimer and license as libpng-1.0.6 with the following individuals @@ -130,4 +130,4 @@ any encryption software. See the EAR, paragraphs 734.3(b)(3) and Glenn Randers-Pehrson glennrp at users.sourceforge.net -April 1, 2017 +April 22, 2017 diff --git a/README b/README index b6dfb98d9..f826061d6 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -README for libpng version 1.6.30beta02 - April 1, 2017 (shared library 16.0) +README for libpng version 1.6.30beta02 - April 22, 2017 (shared library 16.0) See the note about version numbers near the top of png.h See INSTALL for instructions on how to install libpng. diff --git a/example.c b/example.c index edc8ba2d9..a71000fa0 100644 --- a/example.c +++ b/example.c @@ -983,6 +983,11 @@ void write_png(char *file_name /* , ... other image information ... */) png_uint_32 k, height, width; /* In this example, "image" is a one-dimensional array of bytes */ + + /* Guard against integer overflow */ + if (height > PNG_SIZE_MAX/(width*bytes_per_pixel)) { + png_error(png_ptr, "Image_data buffer would be too large"); + } png_byte image[height*width*bytes_per_pixel]; png_bytep row_pointers[height]; diff --git a/libpngpf.3 b/libpngpf.3 index 93b781c26..1e4432c23 100644 --- a/libpngpf.3 +++ b/libpngpf.3 @@ -1,4 +1,4 @@ -.TH LIBPNGPF 3 "April 19, 2017" +.TH LIBPNGPF 3 "April 22, 2017" .SH NAME libpng \- Portable Network Graphics (PNG) Reference Library 1.6.30beta02 (private functions) diff --git a/png.5 b/png.5 index b0cbd2cfa..e44a844b7 100644 --- a/png.5 +++ b/png.5 @@ -1,4 +1,4 @@ -.TH PNG 5 "April 1, 2017" +.TH PNG 5 "April 22, 2017" .SH NAME png \- Portable Network Graphics (PNG) format .SH DESCRIPTION diff --git a/png.c b/png.c index df53e1042..df018bea7 100644 --- a/png.c +++ b/png.c @@ -776,14 +776,14 @@ png_get_copyright(png_const_structrp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.30beta02 - April 1, 2017" PNG_STRING_NEWLINE \ + "libpng version 1.6.30beta02 - April 22, 2017" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.6.30beta02 - April 1, 2017\ + return "libpng version 1.6.30beta02 - April 22, 2017\ Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; diff --git a/png.h b/png.h index 5b57f4bfc..8511ea56a 100644 --- a/png.h +++ b/png.h @@ -1,7 +1,7 @@ /* png.h - header file for PNG reference library * - * libpng version 1.6.30beta02, April 1, 2017 + * libpng version 1.6.30beta02, April 22, 2017 * * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) @@ -12,7 +12,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.6.30beta02, April 1, 2017: + * libpng versions 0.97, January 1998, through 1.6.30beta02, April 22, 2017: * Glenn Randers-Pehrson. * See also "Contributing Authors", below. */ @@ -25,7 +25,7 @@ * * This code is released under the libpng license. * - * libpng versions 1.0.7, July 1, 2000 through 1.6.30beta02, April 1, 2017 are + * libpng versions 1.0.7, July 1, 2000 through 1.6.30beta02, April 22, 2017 are * Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are * derived from libpng-1.0.6, and are distributed according to the same * disclaimer and license as libpng-1.0.6 with the following individuals @@ -241,7 +241,7 @@ * Y2K compliance in libpng: * ========================= * - * April 1, 2017 + * April 22, 2017 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. @@ -310,7 +310,7 @@ /* Version information for png.h - this should match the version in png.c */ #define PNG_LIBPNG_VER_STRING "1.6.30beta02" -#define PNG_HEADER_VERSION_STRING " libpng version 1.6.30beta02 - April 1, 2017\n" +#define PNG_HEADER_VERSION_STRING " libpng version 1.6.30beta02 - April 22, 2017\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 diff --git a/pngconf.h b/pngconf.h index 78f7a59dc..bbca8df33 100644 --- a/pngconf.h +++ b/pngconf.h @@ -1,7 +1,7 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.6.30beta02, April 1, 2017 + * libpng version 1.6.30beta02, April 22, 2017 * * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) diff --git a/pngrutil.c b/pngrutil.c index c1b8579e8..f60545bf9 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -2537,6 +2537,9 @@ png_handle_zTXt(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) if ((png_ptr->mode & PNG_HAVE_IDAT) != 0) png_ptr->mode |= PNG_AFTER_IDAT; + /* Note, "length" is sufficient here; we won't be adding + * a null terminator later. + */ buffer = png_read_buffer(png_ptr, length, 2/*silent*/); if (buffer == NULL) diff --git a/projects/vstudio/README.txt b/projects/vstudio/README.txt index 8cc9d25cd..cc39f503b 100644 --- a/projects/vstudio/README.txt +++ b/projects/vstudio/README.txt @@ -1,7 +1,7 @@ VisualStudio instructions -libpng version 1.6.30beta02 - April 1, 2017 +libpng version 1.6.30beta02 - April 22, 2017 Copyright (c) 2010,2013,2015 Glenn Randers-Pehrson diff --git a/projects/vstudio/zlib.props b/projects/vstudio/zlib.props index ed54bb11b..f9b2ab4e7 100644 --- a/projects/vstudio/zlib.props +++ b/projects/vstudio/zlib.props @@ -2,7 +2,7 @@