From 389c1f20adbc5807f4cccf198eceb3d8bd8a27cf Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Fri, 12 Feb 2010 14:14:15 -0600 Subject: [PATCH] [devel] Revised png_measure_compressed_chunk() too break from "while" and issue a png_warning on over limit. --- pngrutil.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/pngrutil.c b/pngrutil.c index 86286e4d4..1e103341d 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -224,11 +224,8 @@ png_measure_decompressed_chunk(png_structp png_ptr, int comp_type, { ret = inflate(&png_ptr->zstream, Z_PARTIAL_FLUSH); if (ret != Z_OK && ret != Z_STREAM_END) - { - inflateReset(&png_ptr->zstream); - png_ptr->zstream.avail_in = 0; break; - } + if (!png_ptr->zstream.avail_out || ret == Z_STREAM_END) { if (text == NULL) /* Initialize the decompression buffer */ @@ -249,9 +246,10 @@ png_measure_decompressed_chunk(png_structp png_ptr, int comp_type, text_size >= PNG_USER_CHUNK_MALLOC_MAX - 1) #endif { - inflateReset(&png_ptr->zstream); - png_ptr->zstream.avail_in = 0; - return 0; + png_warning(png_ptr, + "Exceeded malloc limit while expanding chunk"); + text_size = 0; + break; } } }