cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[libpng16] Reject iCCP chunk after the first, even if the first one is invalid.

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2012-03-08 10:40:07 -06:00
parent b57c1c9e6e
commit 6038b80277
4 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.6.0beta17 - March 6, 2012 Libpng 1.6.0beta17 - March 8, 2012
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -286,7 +286,9 @@ Version 1.6.0beta16 [March 6, 2012]
If the call to deflateInit2() is wrong a png_warning will be issued If the call to deflateInit2() is wrong a png_warning will be issued
(in fact this is harmless, but the PNG data produced may be sub-optimal). (in fact this is harmless, but the PNG data produced may be sub-optimal).
Version 1.6.0beta17 [March 6, 2012] Version 1.6.0beta17 [March 8, 2012]
Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
Reject iCCP chunk after the first, even if the first one is invalid.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

4
CHANGES
View File

@ -4037,7 +4037,9 @@ Version 1.6.0beta16 [March 6, 2012]
If the call to deflateInit2() is wrong a png_warning will be issued If the call to deflateInit2() is wrong a png_warning will be issued
(in fact this is harmless, but the PNG data produced may be sub-optimal). (in fact this is harmless, but the PNG data produced may be sub-optimal).
Version 1.6.0beta17 [March 6, 2012] Version 1.6.0beta17 [March 8, 2012]
Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
Reject iCCP chunk after the first, even if the first one is invalid.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

1
pngpriv.h
View File

@ -466,6 +466,7 @@ typedef const png_uint_16p * png_const_uint_16pp;
#define PNG_BACKGROUND_IS_GRAY 0x800 #define PNG_BACKGROUND_IS_GRAY 0x800
#define PNG_HAVE_PNG_SIGNATURE 0x1000 #define PNG_HAVE_PNG_SIGNATURE 0x1000
#define PNG_HAVE_CHUNK_AFTER_IDAT 0x2000 /* Have another chunk after IDAT */ #define PNG_HAVE_CHUNK_AFTER_IDAT 0x2000 /* Have another chunk after IDAT */
#define PNG_HAVE_iCCP 0x4000
/* Flags for the transformations the PNG library does on the image data */ /* Flags for the transformations the PNG library does on the image data */
#define PNG_BGR 0x0001 #define PNG_BGR 0x0001

5
pngrutil.c
View File

@ -1359,13 +1359,16 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
return; return;
} }
if (info_ptr != NULL && (info_ptr->valid & (PNG_INFO_iCCP|PNG_INFO_sRGB))) if ((png_ptr->mode & PNG_HAVE_iCCP) || (info_ptr != NULL &&
(info_ptr->valid & (PNG_INFO_iCCP|PNG_INFO_sRGB))))
{ {
png_crc_finish(png_ptr, length); png_crc_finish(png_ptr, length);
png_chunk_benign_error(png_ptr, "Duplicate color profile"); png_chunk_benign_error(png_ptr, "Duplicate color profile");
return; return;
} }
png_ptr->mode |= PNG_HAVE_iCCP;
png_free(png_ptr, png_ptr->chunkdata); png_free(png_ptr, png_ptr->chunkdata);
/* TODO: read the chunk in pieces, validating it as we go. */ /* TODO: read the chunk in pieces, validating it as we go. */
png_ptr->chunkdata = png_voidcast(png_charp, png_malloc(png_ptr, length)); png_ptr->chunkdata = png_voidcast(png_charp, png_malloc(png_ptr, length));