cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[devel] Check for out-of-range text compression mode in png_set_text().

Browse Source
This commit is contained in:
Glenn Randers-Pehrson 2010-10-13 06:55:30 -05:00
parent bc363eca41
commit e34f80e5aa
3 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ANNOUNCE
View File

@ -1,5 +1,5 @@
Libpng 1.5.0beta50 - October 12, 2010
Libpng 1.5.0beta50 - October 13, 2010
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
@ -226,7 +226,7 @@ version 1.5.0beta24 [May 7, 2010]
offset of the png_ptr->rowbuf pointer into png_ptr->big_row_buf.
Added more blank lines for readability.
version 1.5.0beta25 [October 12, 2010]
version 1.5.0beta25 [October 13, 2010]
In pngpread.c: png_push_have_row() add check for new_row > height
Removed the now-redundant check for out-of-bounds new_row from example.c
@ -408,10 +408,11 @@ Version 1.5.0beta48 [October 4, 2010]
Version 1.5.0beta49 [October 8, 2010]
Undid Makefile.am revision of 1.5.0beta48.
Version 1.5.0beta50 [October 12, 2010]
Version 1.5.0beta50 [October 13, 2010]
Revised Makefile.in to account for mkinstalldirs being removed.
Added some "(unsigned long)" typecasts in printf statements in pngvalid.c.
Suppressed a compiler warning in png_handle_sPLT().
Check for out-of-range text compression mode in png_set_text().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net:
(subscription required; visit

3
CHANGES
View File

@ -3046,10 +3046,11 @@ Version 1.5.0beta48 [October 4, 2010]
Version 1.5.0beta49 [October 8, 2010]
Undid Makefile.am revision of 1.5.0beta48.
Version 1.5.0beta50 [October 12, 2010]
Version 1.5.0beta50 [October 13, 2010]
Revised Makefile.in to account for mkinstalldirs being removed.
Added some "(unsigned long)" typecasts in printf statements in pngvalid.c.
Suppressed a compiler warning in png_handle_sPLT().
Check for out-of-range text compression mode in png_set_text().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit

8
pngset.c
View File

@ -1,7 +1,7 @@
/* pngset.c - storage of image information into info struct
*
* Last changed in libpng 1.5.0 [October 8, 2010]
* Last changed in libpng 1.5.0 [October 13, 2010]
* Copyright (c) 1998-2010 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -679,6 +679,12 @@ png_set_text_2(png_structp png_ptr, png_infop info_ptr,
key_len = png_strlen(text_ptr[i].key);
if (text_ptr[i].compression >= PNG_TEXT_COMPRESSION_LAST)
{
png_warning(png_ptr, "text compression mode is out of range");
continue;
}
if (text_ptr[i].compression <= 0)
{
lang_len = 0;