diff --git a/ANNOUNCE b/ANNOUNCE index 4317f36ed..0a57eff19 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -39,7 +39,11 @@ Version 1.6.20beta03 [November 25, 2015] Version 1.6.20rc01 [November 25, 2015] Fixed an error in handling of bad zlib CMINFO field, found by American - Fuzzy Lop. + Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't immediately + fault a bad CMINFO field; instead a 'too far back' error happens later + (at least some times). pngfix failed to limit CMINFO to the allowed + values but then assumed that window_bits was in range, triggering an + assert. The bug is mostly harmless; the file can't be fixed. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 6c67dab25..20f17292d 100644 --- a/CHANGES +++ b/CHANGES @@ -5428,7 +5428,11 @@ Version 1.6.20beta03 [November 24, 2015] Version 1.6.20rc01 [November 25, 2015] Fixed an error in handling of bad zlib CMINFO field, found by American - Fuzzy Lop. + Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't immediately + fault a bad CMINFO field; instead a 'too far back' error happens later + (at least some times). pngfix failed to limit CMINFO to the allowed + values but then assumed that window_bits was in range, triggering an + assert. The bug is mostly harmless; the file can't be fixed. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/contrib/libtests/readpng.c b/contrib/libtests/readpng.c index 9d2a5be73..3336d4e21 100644 --- a/contrib/libtests/readpng.c +++ b/contrib/libtests/readpng.c @@ -62,6 +62,7 @@ read_png(FILE *fp) { png_size_t rowbytes = png_get_rowbytes(png_ptr, info_ptr); + /* Failure to initialize these is harmless */ row = malloc(rowbytes); display = malloc(rowbytes); @@ -73,7 +74,7 @@ read_png(FILE *fp) # ifdef PNG_READ_INTERLACING_SUPPORTED int passes = png_set_interlace_handling(png_ptr); # else /* !READ_INTERLACING */ - int passes = png_get_interlace_type(png_ptr, info_ptr) == + int passes = png_get_interlace_type(png_ptr, info_ptr) == PNG_INTERLACE_ADAM7 ? PNG_INTERLACE_ADAM7_PASSES : 1; # endif /* !READ_INTERLACING */ int pass; diff --git a/contrib/tools/pngfix.c b/contrib/tools/pngfix.c index 3cdf81a1a..5135fd391 100644 --- a/contrib/tools/pngfix.c +++ b/contrib/tools/pngfix.c @@ -2,7 +2,7 @@ * * Copyright (c) 2014-2015 John Cunningham Bowler * - * Last changed in libpng 1.6.18 [July 23, 2015] + * Last changed in libpng 1.6.20 [(PENDING RELEASE)] * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer