cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[libpng16] Add a memset() in png_read_buffer()

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2017-09-19 18:52:21 -05:00
parent 066cb34268
commit 397c7eea38
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pngrutil.c
View File

@ -314,6 +314,7 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn)
if (buffer != NULL) if (buffer != NULL)
{ {
memset(buffer, 0, new_size); /* just in case */
png_ptr->read_buffer = buffer; png_ptr->read_buffer = buffer;
png_ptr->read_buffer_size = new_size; png_ptr->read_buffer_size = new_size;
} }
@ -670,8 +671,8 @@ png_decompress_chunk(png_structrp png_ptr,
(terminate != 0); (terminate != 0);
png_bytep text = png_voidcast(png_bytep, png_malloc_base(png_ptr, png_bytep text = png_voidcast(png_bytep, png_malloc_base(png_ptr,
buffer_size)); buffer_size));
/* attempt to stop an oss-fuzz "use of uninitialized value" /* Stop an oss-fuzz "use of uninitialized value" detection
* in png_set_text_2() and png_icc_check_tag_table() * in png_set_text_2()
*/ */
memset(text, 0, buffer_size); memset(text, 0, buffer_size);
@ -1480,7 +1481,7 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
/* Now read the tag table; a variable size buffer is /* Now read the tag table; a variable size buffer is
* needed at this point, allocate one for the whole * needed at this point, allocate one for the whole
* profile. The header check has already validated * profile. The header check has already validated
* that none of these stuff will overflow. * that none of this stuff will overflow.
*/ */
const png_uint_32 tag_count = png_get_uint_32( const png_uint_32 tag_count = png_get_uint_32(
profile_header+128); profile_header+128);