cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[libpng16] Reject iCCP chunk after the first, even if the first one is invalid.

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2012-03-08 10:40:07 -06:00
parent b57c1c9e6e
commit 6038b80277
4 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.6.0beta17 - March 6, 2012 Libpng 1.6.0beta17 - March 8, 2012
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -286,7 +286,9 @@ Version 1.6.0beta16 [March 6, 2012]
If the call to deflateInit2() is wrong a png_warning will be issued If the call to deflateInit2() is wrong a png_warning will be issued
(in fact this is harmless, but the PNG data produced may be sub-optimal). (in fact this is harmless, but the PNG data produced may be sub-optimal).
Version 1.6.0beta17 [March 6, 2012] Version 1.6.0beta17 [March 8, 2012]
Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
Reject iCCP chunk after the first, even if the first one is invalid.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

6
CHANGES
View File

@ -3889,7 +3889,7 @@ Version 1.6.0beta07 [January 28, 2012]
Freeze libtool files in the 'scripts' directory. This version of autogen.sh Freeze libtool files in the 'scripts' directory. This version of autogen.sh
attempts to dissuade people from running it when it is not, or should not, attempts to dissuade people from running it when it is not, or should not,
be necessary. In fact, autogen.sh does not work when run in a libpng be necessary. In fact, autogen.sh does not work when run in a libpng
directory extracted from atar distribution anymore. You must run it in directory extracted from a tar distribution anymore. You must run it in
a GIT clone instead. a GIT clone instead.
Added two images to contrib/pngsuite (1-bit and 2-bit transparent grayscale), Added two images to contrib/pngsuite (1-bit and 2-bit transparent grayscale),
and renamed three whose names were inconsistent with those in and renamed three whose names were inconsistent with those in
@ -4037,7 +4037,9 @@ Version 1.6.0beta16 [March 6, 2012]
If the call to deflateInit2() is wrong a png_warning will be issued If the call to deflateInit2() is wrong a png_warning will be issued
(in fact this is harmless, but the PNG data produced may be sub-optimal). (in fact this is harmless, but the PNG data produced may be sub-optimal).
Version 1.6.0beta17 [March 6, 2012] Version 1.6.0beta17 [March 8, 2012]
Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
Reject iCCP chunk after the first, even if the first one is invalid.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

1
pngpriv.h
View File

@ -466,6 +466,7 @@ typedef const png_uint_16p * png_const_uint_16pp;
#define PNG_BACKGROUND_IS_GRAY 0x800 #define PNG_BACKGROUND_IS_GRAY 0x800
#define PNG_HAVE_PNG_SIGNATURE 0x1000 #define PNG_HAVE_PNG_SIGNATURE 0x1000
#define PNG_HAVE_CHUNK_AFTER_IDAT 0x2000 /* Have another chunk after IDAT */ #define PNG_HAVE_CHUNK_AFTER_IDAT 0x2000 /* Have another chunk after IDAT */
#define PNG_HAVE_iCCP 0x4000
/* Flags for the transformations the PNG library does on the image data */ /* Flags for the transformations the PNG library does on the image data */
#define PNG_BGR 0x0001 #define PNG_BGR 0x0001

5
pngrutil.c
View File

@ -1359,13 +1359,16 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
return; return;
} }
if (info_ptr != NULL && (info_ptr->valid & (PNG_INFO_iCCP|PNG_INFO_sRGB))) if ((png_ptr->mode & PNG_HAVE_iCCP) || (info_ptr != NULL &&
(info_ptr->valid & (PNG_INFO_iCCP|PNG_INFO_sRGB))))
{ {
png_crc_finish(png_ptr, length); png_crc_finish(png_ptr, length);
png_chunk_benign_error(png_ptr, "Duplicate color profile"); png_chunk_benign_error(png_ptr, "Duplicate color profile");
return; return;
} }
png_ptr->mode |= PNG_HAVE_iCCP;
png_free(png_ptr, png_ptr->chunkdata); png_free(png_ptr, png_ptr->chunkdata);
/* TODO: read the chunk in pieces, validating it as we go. */ /* TODO: read the chunk in pieces, validating it as we go. */
png_ptr->chunkdata = png_voidcast(png_charp, png_malloc(png_ptr, length)); png_ptr->chunkdata = png_voidcast(png_charp, png_malloc(png_ptr, length));