From a4d439b97507b54d7f08543e03eb8f006ea73bc5 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Mon, 27 Jul 2009 22:27:30 -0500 Subject: [PATCH] [master] Avoid a possible NULL dereference in debug build, in png_set_text_2() (bug introduced in libpng-0.95, discovered by Evan Rouault) --- ANNOUNCE | 6 ++++-- CHANGES | 4 +++- pngrutil.c | 2 +- pngset.c | 5 +++-- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index ce124099d..4c92da63a 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.2.39beta02 - July 25, 2009 +Libpng 1.2.39beta02 - July 28, 2009 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -46,7 +46,9 @@ Changes since the last public release (1.2.38): version 1.2.39beta01 [July 25, 2009] Added a prototype for png_64bit_product() in png.c -version 1.2.39beta02 [July 25, 2009] +version 1.2.39beta02 [July 28, 2009] + Avoid a possible NULL dereference in debug build, in png_set_text_2(). + (bug introduced in libpng-0.95, discovered by Evan Rouault) Send comments/corrections/commendations to png-mng-implement at lists.sf.net diff --git a/CHANGES b/CHANGES index 957ec59e4..337f73b25 100644 --- a/CHANGES +++ b/CHANGES @@ -2435,7 +2435,9 @@ version 1.0.47 and 1.2.38 [July 16, 2009] version 1.2.39beta01 [July 25, 2009] Added a prototype for png_64bit_product() in png.c -version 1.2.39beta02 [July 25, 2009] +version 1.2.39beta02 [July 28, 2009] + Avoid a possible NULL dereference in debug build, in png_set_text_2(). + (bug introduced in libpng-0.95, discovered by Evan Rouault) Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngrutil.c b/pngrutil.c index f8de15fa9..583caccdf 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -1,7 +1,7 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.2.38 [July 25, 2009] + * Last changed in libpng 1.2.38 [June 16, 2009] * Copyright (c) 1998-2009 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) diff --git a/pngset.c b/pngset.c index 48e8bbbf0..47b6f5141 100644 --- a/pngset.c +++ b/pngset.c @@ -1,7 +1,7 @@ /* pngset.c - storage of image information into info struct * - * Last changed in libpng 1.2.38 [July 16, 2009] + * Last changed in libpng 1.2.39 [July 28, 2009] * Copyright (c) 1998-2009 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -708,7 +708,8 @@ png_set_text_2(png_structp png_ptr, png_infop info_ptr, png_textp text_ptr, { int i; - png_debug1(1, "in %s storage function", (png_ptr->chunk_name[0] == '\0' ? + png_debug1(1, "in %s storage function", ((png_ptr == NULL || + png_ptr->chunk_name[0] == '\0') ? "text" : (png_const_charp)png_ptr->chunk_name)); if (png_ptr == NULL || info_ptr == NULL || num_text == 0)