[libpng16] Reject iCCP chunk after the first, even if the first one is invalid.
This commit is contained in:
parent
b57c1c9e6e
commit
6038b80277
6
ANNOUNCE
6
ANNOUNCE
@ -1,5 +1,5 @@
|
||||
|
||||
Libpng 1.6.0beta17 - March 6, 2012
|
||||
Libpng 1.6.0beta17 - March 8, 2012
|
||||
|
||||
This is not intended to be a public release. It will be replaced
|
||||
within a few weeks by a public version or by another test version.
|
||||
@ -286,7 +286,9 @@ Version 1.6.0beta16 [March 6, 2012]
|
||||
If the call to deflateInit2() is wrong a png_warning will be issued
|
||||
(in fact this is harmless, but the PNG data produced may be sub-optimal).
|
||||
|
||||
Version 1.6.0beta17 [March 6, 2012]
|
||||
Version 1.6.0beta17 [March 8, 2012]
|
||||
Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
|
||||
Reject iCCP chunk after the first, even if the first one is invalid.
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
6
CHANGES
6
CHANGES
@ -3889,7 +3889,7 @@ Version 1.6.0beta07 [January 28, 2012]
|
||||
Freeze libtool files in the 'scripts' directory. This version of autogen.sh
|
||||
attempts to dissuade people from running it when it is not, or should not,
|
||||
be necessary. In fact, autogen.sh does not work when run in a libpng
|
||||
directory extracted from atar distribution anymore. You must run it in
|
||||
directory extracted from a tar distribution anymore. You must run it in
|
||||
a GIT clone instead.
|
||||
Added two images to contrib/pngsuite (1-bit and 2-bit transparent grayscale),
|
||||
and renamed three whose names were inconsistent with those in
|
||||
@ -4037,7 +4037,9 @@ Version 1.6.0beta16 [March 6, 2012]
|
||||
If the call to deflateInit2() is wrong a png_warning will be issued
|
||||
(in fact this is harmless, but the PNG data produced may be sub-optimal).
|
||||
|
||||
Version 1.6.0beta17 [March 6, 2012]
|
||||
Version 1.6.0beta17 [March 8, 2012]
|
||||
Fixed PNG_LIBPNG_BUILD_BASE_TYPE definition.
|
||||
Reject iCCP chunk after the first, even if the first one is invalid.
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
@ -466,6 +466,7 @@ typedef const png_uint_16p * png_const_uint_16pp;
|
||||
#define PNG_BACKGROUND_IS_GRAY 0x800
|
||||
#define PNG_HAVE_PNG_SIGNATURE 0x1000
|
||||
#define PNG_HAVE_CHUNK_AFTER_IDAT 0x2000 /* Have another chunk after IDAT */
|
||||
#define PNG_HAVE_iCCP 0x4000
|
||||
|
||||
/* Flags for the transformations the PNG library does on the image data */
|
||||
#define PNG_BGR 0x0001
|
||||
|
@ -1359,13 +1359,16 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
|
||||
return;
|
||||
}
|
||||
|
||||
if (info_ptr != NULL && (info_ptr->valid & (PNG_INFO_iCCP|PNG_INFO_sRGB)))
|
||||
if ((png_ptr->mode & PNG_HAVE_iCCP) || (info_ptr != NULL &&
|
||||
(info_ptr->valid & (PNG_INFO_iCCP|PNG_INFO_sRGB))))
|
||||
{
|
||||
png_crc_finish(png_ptr, length);
|
||||
png_chunk_benign_error(png_ptr, "Duplicate color profile");
|
||||
return;
|
||||
}
|
||||
|
||||
png_ptr->mode |= PNG_HAVE_iCCP;
|
||||
|
||||
png_free(png_ptr, png_ptr->chunkdata);
|
||||
/* TODO: read the chunk in pieces, validating it as we go. */
|
||||
png_ptr->chunkdata = png_voidcast(png_charp, png_malloc(png_ptr, length));
|
||||
|
Loading…
Reference in New Issue
Block a user