[libpng16] Initialize trans_color.red, green, and blue == trans_color.gray

in attempt to stop an oss-fuzz "use of ininitialized value" issue
2017-10-29 17:49:38 -05:00 · 2017-10-29 17:49:38 -05:00 · 7ee802a5a2
commit 7ee802a5a2
parent 2f8b82ebca
3 changed files with 5 additions and 0 deletions
--- a/1
+++ b/1
@ -29,6 +29,7 @@ Version 1.6.35beta01 [October 29, 2017]
    failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
  Added calls to png_set_*() transforms commonly used by browsers to
    the fuzzer.
+  Initialize trans_color.red, green, and blue == trans_color.gray

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/1
+++ b/1
@ -6045,6 +6045,7 @@ Version 1.6.35beta01 [October 29, 2017]
    failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
  Added calls to png_set_*() transforms commonly used by browsers to
    the fuzzer.
+  Initialize trans_color.red, green, and blue == trans_color.gray

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/pngrutil.c
+++ b/pngrutil.c
@ -1852,6 +1852,9 @@ png_handle_tRNS(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
      png_crc_read(png_ptr, buf, 2);
      png_ptr->num_trans = 1;
      png_ptr->trans_color.gray = png_get_uint_16(buf);
+      png_ptr->trans_color.red = png_ptr->trans_color.gray;
+      png_ptr->trans_color.green = png_ptr->trans_color.gray;
+      png_ptr->trans_color.blue = png_ptr->trans_color.gray;
   }

   else if (png_ptr->color_type == PNG_COLOR_TYPE_RGB)