From 6038b802772420ac1f8bde7a508ad0a1b4752a6a Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Thu, 8 Mar 2012 10:40:07 -0600 Subject: [PATCH] [libpng16] Reject iCCP chunk after the first, even if the first one is invalid. --- ANNOUNCE | 6 ++++-- CHANGES | 6 ++++-- pngpriv.h | 1 + pngrutil.c | 5 ++++- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 03eda163e..4a0fdde4e 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.6.0beta17 - March 6, 2012 +Libpng 1.6.0beta17 - March 8, 2012 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -286,7 +286,9 @@ Version 1.6.0beta16 [March 6, 2012] If the call to deflateInit2() is wrong a png_warning will be issued (in fact this is harmless, but the PNG data produced may be sub-optimal). -Version 1.6.0beta17 [March 6, 2012] +Version 1.6.0beta17 [March 8, 2012] + Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition. + Reject iCCP chunk after the first, even if the first one is invalid. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index e9c8499b5..2e118e50e 100644 --- a/CHANGES +++ b/CHANGES @@ -3889,7 +3889,7 @@ Version 1.6.0beta07 [January 28, 2012] Freeze libtool files in the 'scripts' directory. This version of autogen.sh attempts to dissuade people from running it when it is not, or should not, be necessary. In fact, autogen.sh does not work when run in a libpng - directory extracted from atar distribution anymore. You must run it in + directory extracted from a tar distribution anymore. You must run it in a GIT clone instead. Added two images to contrib/pngsuite (1-bit and 2-bit transparent grayscale), and renamed three whose names were inconsistent with those in @@ -4037,7 +4037,9 @@ Version 1.6.0beta16 [March 6, 2012] If the call to deflateInit2() is wrong a png_warning will be issued (in fact this is harmless, but the PNG data produced may be sub-optimal). -Version 1.6.0beta17 [March 6, 2012] +Version 1.6.0beta17 [March 8, 2012] + Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition. + Reject iCCP chunk after the first, even if the first one is invalid. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngpriv.h b/pngpriv.h index 3e351f3a6..af5dae017 100644 --- a/pngpriv.h +++ b/pngpriv.h @@ -466,6 +466,7 @@ typedef const png_uint_16p * png_const_uint_16pp; #define PNG_BACKGROUND_IS_GRAY 0x800 #define PNG_HAVE_PNG_SIGNATURE 0x1000 #define PNG_HAVE_CHUNK_AFTER_IDAT 0x2000 /* Have another chunk after IDAT */ +#define PNG_HAVE_iCCP 0x4000 /* Flags for the transformations the PNG library does on the image data */ #define PNG_BGR 0x0001 diff --git a/pngrutil.c b/pngrutil.c index 2be25e106..fd89c895d 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -1359,13 +1359,16 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) return; } - if (info_ptr != NULL && (info_ptr->valid & (PNG_INFO_iCCP|PNG_INFO_sRGB))) + if ((png_ptr->mode & PNG_HAVE_iCCP) || (info_ptr != NULL && + (info_ptr->valid & (PNG_INFO_iCCP|PNG_INFO_sRGB)))) { png_crc_finish(png_ptr, length); png_chunk_benign_error(png_ptr, "Duplicate color profile"); return; } + png_ptr->mode |= PNG_HAVE_iCCP; + png_free(png_ptr, png_ptr->chunkdata); /* TODO: read the chunk in pieces, validating it as we go. */ png_ptr->chunkdata = png_voidcast(png_charp, png_malloc(png_ptr, length));