cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[master] Check for sCAL chunk too short.

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2011-06-18 14:51:09 -05:00
parent af96543688
commit 61a2d8a2a7
3 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ANNOUNCE
View File

@ -49,7 +49,8 @@ version 1.4.8beta04 [June 7, 2011]
Frank Busse, related to CVE-2004-0421).
version 1.4.8beta05 [June 18, 2011]
Fixed error in "ACCURATE" 16-to-8 scaling.
Fixed error in "ACCURATE" 16-to-8 scaling (John Bowler).
Check for sCAL chunk too short.
Send comments/corrections/commendations to glennrp at users.sourceforge.net
or to png-mng-implement at lists.sf.net (subscription required; visit

3
CHANGES
View File

@ -2817,7 +2817,8 @@ version 1.4.8beta04 [June 7, 2011]
Frank Busse, related to CVE-2004-0421).
version 1.4.8beta05 [June 18, 2011]
Fixed error in "ACCURATE" 16-to-8 scaling.
Fixed error in "ACCURATE" 16-to-8 scaling (John Bowler).
Check for sCAL chunk too short.
Send comments/corrections/commendations to glennrp at users.sourceforge.net
or to png-mng-implement at lists.sf.net (subscription required; visit

8
pngrutil.c
View File

@ -1861,6 +1861,14 @@ png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
/* Need unit type, width, \0, height: minimum 4 bytes */
else if (length < 4)
{
png_warning(png_ptr, "sCAL chunk too short");
png_crc_finish(png_ptr, length);
return;
}
png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)",
(unsigned long)(length + 1));
png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1);