cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[libpng16] Corrected the width limit calculation in png_check_IHDR().

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2014-12-23 14:33:02 -06:00
parent 66c1ec5a26
commit 6b5abbe58e
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ANNOUNCE
View File

@ -27,6 +27,7 @@ Changes since the last public release (1.6.16):
Version 1.6.17beta01 [December 23, 2014] Version 1.6.17beta01 [December 23, 2014]
Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h
Corrected the width limit calculation in png_check_IHDR().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

1
CHANGES
View File

@ -5127,6 +5127,7 @@ Version 1.6.16 [December 22, 2014]
Version 1.6.17beta01 [December 23, 2014] Version 1.6.17beta01 [December 23, 2014]
Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h
Corrected the width limit calculation in png_check_IHDR().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

16
png.c
View File

@ -769,13 +769,13 @@ png_get_copyright(png_const_structrp png_ptr)
#else #else
# ifdef __STDC__ # ifdef __STDC__
return PNG_STRING_NEWLINE \ return PNG_STRING_NEWLINE \
"libpng version 1.6.17beta01 - December 22, 2014" PNG_STRING_NEWLINE \ "libpng version 1.6.17beta01 - December 23, 2014" PNG_STRING_NEWLINE \
"Copyright (c) 1998-2014 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2014 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
"Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
"Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
PNG_STRING_NEWLINE; PNG_STRING_NEWLINE;
# else # else
return "libpng version 1.6.17beta01 - December 22, 2014\ return "libpng version 1.6.17beta01 - December 23, 2014\
Copyright (c) 1998-2014 Glenn Randers-Pehrson\ Copyright (c) 1998-2014 Glenn Randers-Pehrson\
Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1996-1997 Andreas Dilger\
Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
@ -2492,12 +2492,12 @@ png_check_IHDR(png_const_structrp png_ptr,
error = 1; error = 1;
} }
else if (png_gt(width, else if (png_gt(((width + 7) & (~7)),
(PNG_SIZE_MAX >> 3) /* 8-byte RGBA pixels */ ((PNG_SIZE_MAX
- 48 /* big_row_buf hack */ - 48 /* big_row_buf hack */
- 1 /* filter byte */ - 1) /* filter byte */
- 7*8 /* rounding width to multiple of 8 pix */ / 8) /* 8-byte RGBA pixels */
- 8)) /* extra max_pixel_depth pad */ - 1)) /* extra max_pixel_depth pad */
{ {
/* The size of the row must be within the limits of this architecture. /* The size of the row must be within the limits of this architecture.
* Because the read code can perform arbitrary transformations the * Because the read code can perform arbitrary transformations the