cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[devel] Check for out-of-range text compression mode in png_set_text().

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2010-10-13 06:55:30 -05:00
parent bc363eca41
commit e34f80e5aa
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.5.0beta50 - October 12, 2010 Libpng 1.5.0beta50 - October 13, 2010
This is not intended to be a public release. It will be replaced This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version. within a few weeks by a public version or by another test version.
@ -226,7 +226,7 @@ version 1.5.0beta24 [May 7, 2010]
offset of the png_ptr->rowbuf pointer into png_ptr->big_row_buf. offset of the png_ptr->rowbuf pointer into png_ptr->big_row_buf.
Added more blank lines for readability. Added more blank lines for readability.
version 1.5.0beta25 [October 12, 2010] version 1.5.0beta25 [October 13, 2010]
In pngpread.c: png_push_have_row() add check for new_row > height In pngpread.c: png_push_have_row() add check for new_row > height
Removed the now-redundant check for out-of-bounds new_row from example.c Removed the now-redundant check for out-of-bounds new_row from example.c
@ -408,10 +408,11 @@ Version 1.5.0beta48 [October 4, 2010]
Version 1.5.0beta49 [October 8, 2010] Version 1.5.0beta49 [October 8, 2010]
Undid Makefile.am revision of 1.5.0beta48. Undid Makefile.am revision of 1.5.0beta48.
Version 1.5.0beta50 [October 12, 2010] Version 1.5.0beta50 [October 13, 2010]
Revised Makefile.in to account for mkinstalldirs being removed. Revised Makefile.in to account for mkinstalldirs being removed.
Added some "(unsigned long)" typecasts in printf statements in pngvalid.c. Added some "(unsigned long)" typecasts in printf statements in pngvalid.c.
Suppressed a compiler warning in png_handle_sPLT(). Suppressed a compiler warning in png_handle_sPLT().
Check for out-of-range text compression mode in png_set_text().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net: Send comments/corrections/commendations to png-mng-implement at lists.sf.net:
(subscription required; visit (subscription required; visit

3
CHANGES
View File

@ -3046,10 +3046,11 @@ Version 1.5.0beta48 [October 4, 2010]
Version 1.5.0beta49 [October 8, 2010] Version 1.5.0beta49 [October 8, 2010]
Undid Makefile.am revision of 1.5.0beta48. Undid Makefile.am revision of 1.5.0beta48.
Version 1.5.0beta50 [October 12, 2010] Version 1.5.0beta50 [October 13, 2010]
Revised Makefile.in to account for mkinstalldirs being removed. Revised Makefile.in to account for mkinstalldirs being removed.
Added some "(unsigned long)" typecasts in printf statements in pngvalid.c. Added some "(unsigned long)" typecasts in printf statements in pngvalid.c.
Suppressed a compiler warning in png_handle_sPLT(). Suppressed a compiler warning in png_handle_sPLT().
Check for out-of-range text compression mode in png_set_text().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

8
pngset.c
View File

@ -1,7 +1,7 @@
/* pngset.c - storage of image information into info struct /* pngset.c - storage of image information into info struct
* *
* Last changed in libpng 1.5.0 [October 8, 2010] * Last changed in libpng 1.5.0 [October 13, 2010]
* Copyright (c) 1998-2010 Glenn Randers-Pehrson * Copyright (c) 1998-2010 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -679,6 +679,12 @@ png_set_text_2(png_structp png_ptr, png_infop info_ptr,
key_len = png_strlen(text_ptr[i].key); key_len = png_strlen(text_ptr[i].key);
if (text_ptr[i].compression >= PNG_TEXT_COMPRESSION_LAST)
{
png_warning(png_ptr, "text compression mode is out of range");
continue;
}
if (text_ptr[i].compression <= 0) if (text_ptr[i].compression <= 0)
{ {
lang_len = 0; lang_len = 0;