diff --git a/ANNOUNCE b/ANNOUNCE index be2aefccd..b0bf2ed16 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -28,6 +28,10 @@ Changes since the last public release (1.6.31): Version 1.6.32beta01 [July 31, 2017] Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". + Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif + to arguments for png_get_eXIf() and png_set_eXIf(). + Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in + pngwrite.c, and made various other fixes to png_write_eXIf(). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index bfda466b9..a8a98fe47 100644 --- a/CHANGES +++ b/CHANGES @@ -5911,6 +5911,10 @@ Version 1.6.31 [July 27, 2017] Version 1.6.32beta01 [July 31, 2017] Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". + Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif + to arguments for png_get_eXIf() and png_set_eXIf(). + Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in + pngwrite.c, and made various other fixes to png_write_eXIf(). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngget.c b/pngget.c index ace9e6351..177302406 100644 --- a/pngget.c +++ b/pngget.c @@ -776,13 +776,14 @@ png_get_sPLT(png_const_structrp png_ptr, png_inforp info_ptr, #ifdef PNG_eXIf_SUPPORTED png_uint_32 PNGAPI png_get_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, - png_bytep *exif) + png_uint_32 *num_exif, png_bytep *exif) { png_debug1(1, "in %s retrieval function", "eXIf"); if (png_ptr != NULL && info_ptr != NULL && (info_ptr->valid & PNG_INFO_eXIf) != 0 && exif != NULL) { + *num_exif = info_ptr->num_exif; *exif = info_ptr->exif; return (PNG_INFO_eXIf); } diff --git a/pngrutil.c b/pngrutil.c index c9e1dd401..340275fc0 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -2041,9 +2041,7 @@ png_handle_eXIf(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) if (png_crc_finish(png_ptr, 0) != 0) return; - info_ptr->num_exif = length; - - png_set_eXIf(png_ptr, info_ptr, eXIf_buf); + png_set_eXIf(png_ptr, info_ptr, length, eXIf_buf); png_free(png_ptr, eXIf_buf); } diff --git a/pngset.c b/pngset.c index 998473557..a6a22067d 100644 --- a/pngset.c +++ b/pngset.c @@ -137,7 +137,7 @@ png_set_cHRM_XYZ(png_const_structrp png_ptr, png_inforp info_ptr, double red_X, #ifdef PNG_eXIf_SUPPORTED void PNGAPI png_set_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, - const png_bytep eXIf_buf) + const png_uint_32 num_exif, const png_bytep eXIf_buf) { int i; @@ -148,6 +148,8 @@ png_set_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, png_free_data(png_ptr, info_ptr, PNG_FREE_EXIF, 0); + info_ptr->num_exif = num_exif; + info_ptr->exif = png_voidcast(png_bytep, png_malloc_warn(png_ptr, info_ptr->num_exif)); @@ -160,7 +162,7 @@ png_set_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, info_ptr->free_me |= PNG_FREE_EXIF; - for (i = 0; i < info_ptr->num_exif; i++) + for (i = 0; i < (int) num_exif; i++) info_ptr->exif[i] = eXIf_buf[i]; info_ptr->valid |= PNG_INFO_eXIf; diff --git a/pngtest.c b/pngtest.c index 68b5895d2..0b091fa51 100644 --- a/pngtest.c +++ b/pngtest.c @@ -1195,9 +1195,14 @@ test_one_file(PNG_CONST char *inname, PNG_CONST char *outname) #ifdef PNG_eXIf_SUPPORTED { png_bytep exif; + png_uint_32 exif_length; - if (png_get_eXIf(read_ptr, read_info_ptr, &exif) != 0) - png_set_eXIf(write_ptr, write_info_ptr, exif); + if (png_get_eXIf(read_ptr, read_info_ptr, &exif_length, &exif) != 0) + { + printf(" eXIf type %c%c, %d bytes\n",exif[0],exif[1], + (int)exif_length); + png_set_eXIf(write_ptr, write_info_ptr, exif_length, exif); + } } #endif #ifdef PNG_hIST_SUPPORTED @@ -1406,6 +1411,10 @@ test_one_file(PNG_CONST char *inname, PNG_CONST char *outname) write_chunks(write_ptr, before_IDAT); /* after PLTE */ + png_write_info(write_ptr, write_end_info_ptr); + + write_chunks(write_ptr, after_IDAT); /* after IDAT */ + #ifdef PNG_COMPRESSION_COMPAT /* Test the 'compatibility' setting here, if it is available. */ png_set_compression(write_ptr, PNG_COMPRESSION_COMPAT); @@ -1541,9 +1550,14 @@ test_one_file(PNG_CONST char *inname, PNG_CONST char *outname) #ifdef PNG_eXIf_SUPPORTED { png_bytep exif; + png_uint_32 exif_length; - if (png_get_eXIf(read_ptr, end_info_ptr, &exif) != 0) - png_set_eXIf(write_ptr, write_end_info_ptr, exif); + if (png_get_eXIf(read_ptr, end_info_ptr, &exif_length, &exif) != 0) + { + printf(" eXIf type %c%c, %d bytes\n",exif[0],exif[1], + (int)exif_length); + png_set_eXIf(write_ptr, write_end_info_ptr, exif_length, exif); + } } #endif #ifdef PNG_tIME_SUPPORTED diff --git a/pngwrite.c b/pngwrite.c index 70d47c4ca..100abc2ab 100644 --- a/pngwrite.c +++ b/pngwrite.c @@ -237,6 +237,11 @@ png_write_info(png_structrp png_ptr, png_const_inforp info_ptr) png_write_bKGD(png_ptr, &(info_ptr->background), info_ptr->color_type); #endif +#ifdef PNG_WRITE_eXIf_SUPPORTED + if ((info_ptr->valid & PNG_INFO_eXIf) != 0) + png_write_eXIf(png_ptr, info_ptr->exif, info_ptr->num_exif); +#endif + #ifdef PNG_WRITE_hIST_SUPPORTED if ((info_ptr->valid & PNG_INFO_hIST) != 0) png_write_hIST(png_ptr, info_ptr->hist, info_ptr->num_palette); @@ -432,6 +437,12 @@ png_write_end(png_structrp png_ptr, png_inforp info_ptr) } } #endif + +#ifdef PNG_WRITE_eXIf_SUPPORTED + if ((info_ptr->valid & PNG_INFO_eXIf) != 0) + png_write_eXIf(png_ptr, info_ptr->exif, info_ptr->num_exif); +#endif + #ifdef PNG_WRITE_UNKNOWN_CHUNKS_SUPPORTED write_unknown_chunks(png_ptr, info_ptr, PNG_AFTER_IDAT); #endif diff --git a/pngwutil.c b/pngwutil.c index 348bb524d..d0884175a 100644 --- a/pngwutil.c +++ b/pngwutil.c @@ -1479,24 +1479,15 @@ void /* PRIVATE */ png_write_eXIf(png_structrp png_ptr, png_bytep exif, int num_exif) { int i; - png_byte buf[3]; + png_byte buf[1]; png_debug(1, "in png_write_eXIf"); - if (num_exif > (int)png_ptr->num_exif) - { - png_debug2(3, "num_exif = %d, png_ptr->num_exif = %d", num_exif, - png_ptr->num_exif); - - png_warning(png_ptr, "Invalid number of exif bytes specified"); - return; - } - png_write_chunk_header(png_ptr, png_eXIf, (png_uint_32)(num_exif)); for (i = 0; i < num_exif; i++) { - buf[i] = exif[i]; + buf[0] = exif[i]; png_write_chunk_data(png_ptr, buf, (png_size_t)1); }