cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[libpng16] Initialize entire palette array to zero in png_handle_PLTE().

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2017-10-17 16:22:22 -05:00
parent 3b5bcea010
commit 9bddba26de
4 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ANNOUNCE
View File

@ -1,4 +1,4 @@
Libpng 1.6.35beta01 - October 16, 2017 Libpng 1.6.35beta01 - October 17, 2017
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -24,12 +24,12 @@ Other information:
Changes since the last public release (1.6.34): Changes since the last public release (1.6.34):
Version 1.6.35beta01 [October 16, 2017] Version 1.6.35beta01 [October 17, 2017]
Restored 21 of the contrib/pngsuite/i*.png, which do not cause test Restored 21 of the contrib/pngsuite/i*.png, which do not cause test
failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png. failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
Added calls to png_set_*() transforms commonly used by browsers to Added calls to png_set_*() transforms commonly used by browsers to
the fuzzer. the fuzzer.
Do not enable tRNS having trans_color with out-of-range value. Initialize entire palette array to zero in png_handle_PLTE().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

4
CHANGES
View File

@ -6040,12 +6040,12 @@ Version 1.6.33 [September 28, 2017]
Version 1.6.34 [September 29, 2017] Version 1.6.34 [September 29, 2017]
Removed contrib/pngsuite/i*.png; some of caused test failures. Removed contrib/pngsuite/i*.png; some of caused test failures.
Version 1.6.35beta01 [October 16, 2017] Version 1.6.35beta01 [October 17, 2017]
Restored 21 of the contrib/pngsuite/i*.png, which do not cause test Restored 21 of the contrib/pngsuite/i*.png, which do not cause test
failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png. failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png.
Added calls to png_set_*() transforms commonly used by browsers to Added calls to png_set_*() transforms commonly used by browsers to
the fuzzer. the fuzzer.
Do not enable tRNS having trans_color with out-of-range value. Initialize entire palette array to zero in png_handle_PLTE().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

4
pngrutil.c
View File

@ -1,7 +1,7 @@
/* pngrutil.c - utilities to read a PNG file /* pngrutil.c - utilities to read a PNG file
* *
* Last changed in libpng 1.6.33 [September 28, 2017] * Last changed in libpng 1.6.35 [(PENDING RELEASE)]
* Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -912,7 +912,7 @@ png_handle_IHDR(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
void /* PRIVATE */ void /* PRIVATE */
png_handle_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) png_handle_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
{ {
png_color palette[PNG_MAX_PALETTE_LENGTH]; png_color palette[PNG_MAX_PALETTE_LENGTH] = {0};
int max_palette_length, num, i; int max_palette_length, num, i;
#ifdef PNG_POINTER_INDEXING_SUPPORTED #ifdef PNG_POINTER_INDEXING_SUPPORTED
png_colorp pal_ptr; png_colorp pal_ptr;

4
pngset.c
View File

@ -1,7 +1,7 @@
/* pngset.c - storage of image information into info struct /* pngset.c - storage of image information into info struct
* *
* Last changed in libpng 1.6.35 [(PENDING RELEASE)] * Last changed in libpng 1.6.32 [August 24, 2017]
* Copyright (c) 1998-2017 Glenn Randers-Pehrson * Copyright (c) 1998-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -1025,6 +1025,7 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
if (trans_color != NULL) if (trans_color != NULL)
{ {
#ifdef PNG_WARNINGS_SUPPORTED
if (info_ptr->bit_depth < 16) if (info_ptr->bit_depth < 16)
{ {
int sample_max = (1 << info_ptr->bit_depth) - 1; int sample_max = (1 << info_ptr->bit_depth) - 1;
@ -1038,6 +1039,7 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
png_warning(png_ptr, png_warning(png_ptr,
"tRNS chunk has out-of-range samples for bit_depth"); "tRNS chunk has out-of-range samples for bit_depth");
} }
#endif
info_ptr->trans_color = *trans_color; info_ptr->trans_color = *trans_color;