From c9fd075c89c06e6c917c6f4de6b8eccae1366f23 Mon Sep 17 00:00:00 2001 From: John Bowler Date: Mon, 16 Mar 2015 16:31:13 -0500 Subject: [PATCH] [libpng16] Fix bug in calculation of maxbits, in png_write_sBIT, introduced in libpng-1.6.17beta01 (John Bowler). --- ANNOUNCE | 8 ++++++-- CHANGES | 6 +++++- pngwutil.c | 4 ++-- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 4bf43ad36..6e82c9722 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.17rc04 - March 15, 2015 +Libpng 1.6.17rc04 - March 16, 2015 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -39,6 +39,8 @@ Version 1.6.17beta01 [January 29, 2015] Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and pngset.c to avoid warnings about dead code. + Added "& 0xff" to many instances of expressions that are typecast + to (png_byte), to avoid Coverity gripes. Version 1.6.17beta02 [February 7, 2015] Work around one more Coverity-scan dead-code warning. @@ -77,9 +79,11 @@ Version 1.6.17rc03 [March 12, 2015] Updated CMakeLists.txt to add OSX framework, change YES/NO to ON/OFF for consistency, and remove some useless tests (Alexey Petruchik). -Version 1.6.17rc04 [March 15, 2015] +Version 1.6.17rc04 [March 16, 2015] Remove pnglibconf.h, pnglibconf.c, and pnglibconf.out instead of pnglibconf.* in "make clean" (Cosmin). + Fix bug in calculation of maxbits, in png_write_sBIT, introduced + in libpng-1.6.17beta01 (John Bowler). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index eb7172ace..7c2560f3c 100644 --- a/CHANGES +++ b/CHANGES @@ -5140,6 +5140,8 @@ Version 1.6.17beta01 [January 29, 2015] Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and pngset.c to avoid warnings about dead code. + Added "& 0xff" to many instances of expressions that are typecast + to (png_byte), to avoid Coverity gripes. Version 1.6.17beta02 [February 7, 2015] Work around one more Coverity-scan dead-code warning. @@ -5178,9 +5180,11 @@ Version 1.6.17rc03 [March 12, 2015] Updated CMakeLists.txt to add OSX framework, change YES/NO to ON/OFF for consistency, and remove some useless tests (Alexey Petruchik). -Version 1.6.17rc04 [March 15, 2015] +Version 1.6.17rc04 [March 16, 2015] Remove pnglibconf.h, pnglibconf.c, and pnglibconf.out instead of pnglibconf.* in "make clean" (Cosmin). + Fix bug in calculation of maxbits, in png_write_sBIT, introduced + in libpng-1.6.17beta01 (John Bowler). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngwutil.c b/pngwutil.c index 3595944fe..3fe2ba791 100644 --- a/pngwutil.c +++ b/pngwutil.c @@ -1348,8 +1348,8 @@ png_write_sBIT(png_structrp png_ptr, png_const_color_8p sbit, int color_type) { png_byte maxbits; - maxbits = color_type==PNG_COLOR_TYPE_PALETTE ? 8 : - (png_byte)(png_ptr->usr_bit_depth & 0xff); + maxbits = (png_byte)((color_type==PNG_COLOR_TYPE_PALETTE ? 8 : + png_ptr->usr_bit_depth) & 0xff); if (sbit->red == 0 || sbit->red > maxbits || sbit->green == 0 || sbit->green > maxbits ||