[libpng16] Fixed an overflow in png_combine_row with very wide interlaced
images.
This commit is contained in:
parent
06ee38423b
commit
dc294204b6
19
ANNOUNCE
19
ANNOUNCE
@ -1,4 +1,4 @@
|
|||||||
Libpng 1.6.16rc02 - December 21, 2014
|
Libpng 1.6.16rc03 - December 21, 2014
|
||||||
|
|
||||||
This is not intended to be a public release. It will be replaced
|
This is not intended to be a public release. It will be replaced
|
||||||
within a few weeks by a public version or by another test version.
|
within a few weeks by a public version or by another test version.
|
||||||
@ -8,20 +8,20 @@ Files available for download:
|
|||||||
Source files with LF line endings (for Unix/Linux) and with a
|
Source files with LF line endings (for Unix/Linux) and with a
|
||||||
"configure" script
|
"configure" script
|
||||||
|
|
||||||
1.6.16rc02.tar.xz (LZMA-compressed, recommended)
|
1.6.16rc03.tar.xz (LZMA-compressed, recommended)
|
||||||
1.6.16rc02.tar.gz
|
1.6.16rc03.tar.gz
|
||||||
|
|
||||||
Source files with CRLF line endings (for Windows), without the
|
Source files with CRLF line endings (for Windows), without the
|
||||||
"configure" script
|
"configure" script
|
||||||
|
|
||||||
lp1616r02.7z (LZMA-compressed, recommended)
|
lp1616r03.7z (LZMA-compressed, recommended)
|
||||||
lp1616r02.zip
|
lp1616r03.zip
|
||||||
|
|
||||||
Other information:
|
Other information:
|
||||||
|
|
||||||
1.6.16rc02-README.txt
|
1.6.16rc03-README.txt
|
||||||
1.6.16rc02-LICENSE.txt
|
1.6.16rc03-LICENSE.txt
|
||||||
libpng-1.6.16rc02-*.asc (armored detached GPG signatures)
|
libpng-1.6.16rc03-*.asc (armored detached GPG signatures)
|
||||||
|
|
||||||
Changes since the last public release (1.6.15):
|
Changes since the last public release (1.6.15):
|
||||||
|
|
||||||
@ -45,6 +45,9 @@ Version 1.6.16rc01 [December 21, 2014]
|
|||||||
Version 1.6.16rc02 [December 21, 2014]
|
Version 1.6.16rc02 [December 21, 2014]
|
||||||
Undid the update to pngrutil.c in 1.6.16rc01.
|
Undid the update to pngrutil.c in 1.6.16rc01.
|
||||||
|
|
||||||
|
Version 1.6.16rc03 [December 21, 2014]
|
||||||
|
Fixed an overflow in png_combine_row with very wide interlaced images.
|
||||||
|
|
||||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||||
(subscription required; visit
|
(subscription required; visit
|
||||||
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
|
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
|
||||||
|
3
CHANGES
3
CHANGES
@ -5119,6 +5119,9 @@ Version 1.6.16rc01 [December 21, 2014]
|
|||||||
Version 1.6.16rc02 [December 21, 2014]
|
Version 1.6.16rc02 [December 21, 2014]
|
||||||
Undid the update to pngrutil.c in 1.6.16rc01.
|
Undid the update to pngrutil.c in 1.6.16rc01.
|
||||||
|
|
||||||
|
Version 1.6.16rc03 [December 21, 2014]
|
||||||
|
Fixed an overflow in png_combine_row with very wide interlaced images.
|
||||||
|
|
||||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||||
(subscription required; visit
|
(subscription required; visit
|
||||||
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
|
https://lists.sourceforge.net/lists/listinfo/png-mng-implement
|
||||||
|
@ -3003,7 +3003,7 @@ png_combine_row(png_const_structrp png_ptr, png_bytep dp, int display)
|
|||||||
{
|
{
|
||||||
unsigned int pixel_depth = png_ptr->transformed_pixel_depth;
|
unsigned int pixel_depth = png_ptr->transformed_pixel_depth;
|
||||||
png_const_bytep sp = png_ptr->row_buf + 1;
|
png_const_bytep sp = png_ptr->row_buf + 1;
|
||||||
png_uint_32 row_width = png_ptr->width;
|
png_alloc_size_t row_width = png_ptr->width;
|
||||||
unsigned int pass = png_ptr->pass;
|
unsigned int pass = png_ptr->pass;
|
||||||
png_bytep end_ptr = 0;
|
png_bytep end_ptr = 0;
|
||||||
png_byte end_byte = 0;
|
png_byte end_byte = 0;
|
||||||
@ -3278,7 +3278,7 @@ png_combine_row(png_const_structrp png_ptr, png_bytep dp, int display)
|
|||||||
|
|
||||||
/* But don't allow this number to exceed the actual row width. */
|
/* But don't allow this number to exceed the actual row width. */
|
||||||
if (bytes_to_copy > row_width)
|
if (bytes_to_copy > row_width)
|
||||||
bytes_to_copy = row_width;
|
bytes_to_copy = (unsigned int)/*SAFE*/row_width;
|
||||||
}
|
}
|
||||||
|
|
||||||
else /* normal row; Adam7 only ever gives us one pixel to copy. */
|
else /* normal row; Adam7 only ever gives us one pixel to copy. */
|
||||||
@ -3458,7 +3458,7 @@ png_combine_row(png_const_structrp png_ptr, png_bytep dp, int display)
|
|||||||
dp += bytes_to_jump;
|
dp += bytes_to_jump;
|
||||||
row_width -= bytes_to_jump;
|
row_width -= bytes_to_jump;
|
||||||
if (bytes_to_copy > row_width)
|
if (bytes_to_copy > row_width)
|
||||||
bytes_to_copy = row_width;
|
bytes_to_copy = (unsigned int)/*SAFE*/row_width;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user