From 2f56fe4071c3edf1c37d5bb44f61b83df3097d6b Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Tue, 13 Jan 2015 09:25:48 -0600 Subject: [PATCH] [libpng16] Made the check for out-of-range values in png_set_tRNS() detect values that are exactly 2^bit_depth, and work on 16-bit platforms. --- ANNOUNCE | 8 ++++++-- CHANGES | 4 +++- pngset.c | 25 ++++++++++++++----------- 3 files changed, 23 insertions(+), 14 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index dacac7865..d35457a71 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.17beta01 - January 11, 2015 +Libpng 1.6.17beta01 - January 13, 2015 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -25,7 +25,7 @@ Other information: Changes since the last public release (1.6.16): -Version 1.6.17beta01 [January 11, 2015] +Version 1.6.17beta01 [January 13, 2015] Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h Corrected the width limit calculation in png_check_IHDR(). Removed user limits from pngfix. Also pass NULL pointers to @@ -34,6 +34,10 @@ Version 1.6.17beta01 [January 11, 2015] Regenerated configure scripts in the *.tar distributions with libtool-2.4.4 Implement previously untested cases of libpng transforms in pngvalid.c Fixed byte order in 2-byte filler, in png_do_read_filler(). + Made the check for out-of-range values in png_set_tRNS() detect + values that are exactly 2^bit_depth, and work on 16-bit platforms. + Made the check for out-of-range values in png_set_tRNS() detect + values that are exactly 2^bit_depth, and work on 16-bit platforms. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index f2d341992..1925dcd8b 100644 --- a/CHANGES +++ b/CHANGES @@ -5126,7 +5126,7 @@ Version 1.6.16rc03 [December 21, 2014] Version 1.6.16 [December 22, 2014] No changes. -Version 1.6.17beta01 [January 11, 2015] +Version 1.6.17beta01 [January 13, 2015] Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h Corrected the width limit calculation in png_check_IHDR(). Removed user limits from pngfix. Also pass NULL pointers to @@ -5135,6 +5135,8 @@ Version 1.6.17beta01 [January 11, 2015] Regenerated configure scripts in the *.tar distributions with libtool-2.4.4 Implement previously untested cases of libpng transforms in pngvalid.c Fixed byte order in 2-byte filler, in png_do_read_filler(). + Made the check for out-of-range values in png_set_tRNS() detect + values that are exactly 2^bit_depth, and work on 16-bit platforms. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngset.c b/pngset.c index 2f1f550da..cbbbb7b5a 100644 --- a/pngset.c +++ b/pngset.c @@ -945,21 +945,24 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr, if (trans_color != NULL) { - int sample_max = (1 << info_ptr->bit_depth); + if (info_ptr->bit_depth < 16) + { + unsigned int sample_max = (1U << info_ptr->bit_depth) - 1U; - if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY && - trans_color->gray > sample_max) || - (info_ptr->color_type == PNG_COLOR_TYPE_RGB && - (trans_color->red > sample_max || - trans_color->green > sample_max || - trans_color->blue > sample_max))) - png_warning(png_ptr, - "tRNS chunk has out-of-range samples for bit_depth"); - - info_ptr->trans_color = *trans_color; + if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY && + trans_color->gray > sample_max) || + (info_ptr->color_type == PNG_COLOR_TYPE_RGB && + (trans_color->red > sample_max || + trans_color->green > sample_max || + trans_color->blue > sample_max))) + png_warning(png_ptr, + "tRNS chunk has out-of-range samples for bit_depth"); + } if (num_trans == 0) num_trans = 1; + + info_ptr->trans_color = *trans_color; } info_ptr->num_trans = (png_uint_16)num_trans;