cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[libpng16] Revert recent changes that did not help with oss-fuzz issues

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2017-10-29 10:30:42 -05:00
parent aea0ec4346
commit 2f8b82ebca
4 changed files with 9 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ANNOUNCE
View File

@ -1,4 +1,4 @@
Libpng 1.6.35beta01 - October 17, 2017 Libpng 1.6.35beta01 - October 29, 2017
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -24,12 +24,11 @@ Other information:
Changes since the last public release (1.6.34): Changes since the last public release (1.6.34):
Version 1.6.35beta01 [October 17, 2017] Version 1.6.35beta01 [October 29, 2017]
Restored 21 of the contrib/pngsuite/i*.png, which do not cause test Restored 21 of the contrib/pngsuite/i*.png, which do not cause test
failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png. failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
Added calls to png_set_*() transforms commonly used by browsers to Added calls to png_set_*() transforms commonly used by browsers to
the fuzzer. the fuzzer.
Initialize entire palette array to zero in png_handle_PLTE().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

3
CHANGES
View File

@ -6040,12 +6040,11 @@ Version 1.6.33 [September 28, 2017]
Version 1.6.34 [September 29, 2017] Version 1.6.34 [September 29, 2017]
Removed contrib/pngsuite/i*.png; some of caused test failures. Removed contrib/pngsuite/i*.png; some of caused test failures.
Version 1.6.35beta01 [October 17, 2017] Version 1.6.35beta01 [October 29, 2017]
Restored 21 of the contrib/pngsuite/i*.png, which do not cause test Restored 21 of the contrib/pngsuite/i*.png, which do not cause test
failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png. failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
Added calls to png_set_*() transforms commonly used by browsers to Added calls to png_set_*() transforms commonly used by browsers to
the fuzzer. the fuzzer.
Initialize entire palette array to zero in png_handle_PLTE().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

10
pngrutil.c
View File

@ -1,7 +1,7 @@
/* pngrutil.c - utilities to read a PNG file /* pngrutil.c - utilities to read a PNG file
* *
* Last changed in libpng 1.6.35 [(PENDING RELEASE)] * Last changed in libpng 1.6.33 [September 28, 2017]
* Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -912,7 +912,7 @@ png_handle_IHDR(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
void /* PRIVATE */ void /* PRIVATE */
png_handle_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) png_handle_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
{ {
png_color palette[PNG_MAX_PALETTE_LENGTH] = {0}; png_color palette[PNG_MAX_PALETTE_LENGTH];
int max_palette_length, num, i; int max_palette_length, num, i;
#ifdef PNG_POINTER_INDEXING_SUPPORTED #ifdef PNG_POINTER_INDEXING_SUPPORTED
png_colorp pal_ptr; png_colorp pal_ptr;
@ -1817,7 +1817,7 @@ png_handle_sPLT(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
void /* PRIVATE */ void /* PRIVATE */
png_handle_tRNS(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) png_handle_tRNS(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
{ {
png_byte readbuf[PNG_MAX_PALETTE_LENGTH]={0}; png_byte readbuf[PNG_MAX_PALETTE_LENGTH];
png_debug(1, "in png_handle_tRNS"); png_debug(1, "in png_handle_tRNS");
@ -1840,7 +1840,7 @@ png_handle_tRNS(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
if (png_ptr->color_type == PNG_COLOR_TYPE_GRAY) if (png_ptr->color_type == PNG_COLOR_TYPE_GRAY)
{ {
png_byte buf[2]={0}; png_byte buf[2];
if (length != 2) if (length != 2)
{ {
@ -1856,7 +1856,7 @@ png_handle_tRNS(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
else if (png_ptr->color_type == PNG_COLOR_TYPE_RGB) else if (png_ptr->color_type == PNG_COLOR_TYPE_RGB)
{ {
png_byte buf[6]={0}; png_byte buf[6];
if (length != 6) if (length != 6)
{ {

2
pngset.c
View File

@ -1017,7 +1017,7 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
{ {
/* Changed from num_trans to PNG_MAX_PALETTE_LENGTH in version 1.2.1 */ /* Changed from num_trans to PNG_MAX_PALETTE_LENGTH in version 1.2.1 */
info_ptr->trans_alpha = png_voidcast(png_bytep, info_ptr->trans_alpha = png_voidcast(png_bytep,
png_calloc(png_ptr, PNG_MAX_PALETTE_LENGTH)); png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
memcpy(info_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans); memcpy(info_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans);
} }
png_ptr->trans_alpha = info_ptr->trans_alpha; png_ptr->trans_alpha = info_ptr->trans_alpha;