From eb657ae68fb93b02dedaab80dc5249983efe62af Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Sat, 22 Feb 2014 21:59:40 -0600 Subject: [PATCH] [libpng16] Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk after recognizing the IDAT chunk, which avoids an infinite loop while reading a datastream whose first IDAT chunk is of zero-length. --- ANNOUNCE | 10 +++++++--- CHANGES | 8 ++++++-- pngpread.c | 5 +++-- pngrutil.c | 4 +++- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 2a0ffa8a1..ddccdc090 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.6.10beta02 - February 21, 2014 +Libpng 1.6.10beta02 - February 23, 2014 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -55,7 +55,7 @@ Version 1.6.10beta01 [February 9, 2014] and it adds corresponding code to pngimage.c to handle such options by not attempting to test them. -Version 1.6.10beta02 [February 21, 2014] +Version 1.6.10beta02 [February 23, 2014] Moved redefines of png_error(), png_warning(), png_chunk_error(), and png_chunk_warning() from pngpriv.h to png.h to make them visible to libpng-calling applications. @@ -74,7 +74,11 @@ Version 1.6.10beta02 [February 21, 2014] support older Clang versions (Jeremy Sequoia). Treat CRC error handling with png_set_crc_action(), instead of with png_set_benign_errors(), which has been the case since libpng-1.6.0beta18. - Use a user warning handler in contrib/gregbook/readpng2.c instead of default. + Use a user warning handler in contrib/gregbook/readpng2.c instead of default, + so warnings will be put on stderr even if libpng has CONSOLE_IO disabled. + Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk + after recognizing the IDAT chunk, which avoids an infinite loop while + reading a datastream whose first IDAT chunk is of zero-length. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index f04c9a5f1..bf84027e5 100644 --- a/CHANGES +++ b/CHANGES @@ -4829,7 +4829,7 @@ Version 1.6.10beta01 [February 9, 2014] and it adds corresponding code to pngimage.c to handle such options by not attempting to test them. -Version 1.6.10beta02 [February 21, 2014] +Version 1.6.10beta02 [February 23, 2014] Moved redefines of png_error(), png_warning(), png_chunk_error(), and png_chunk_warning() from pngpriv.h to png.h to make them visible to libpng-calling applications. @@ -4848,7 +4848,11 @@ Version 1.6.10beta02 [February 21, 2014] support older Clang versions (Jeremy Sequoia). Treat CRC error handling with png_set_crc_action(), instead of with png_set_benign_errors(), which has been the case since libpng-1.6.0beta18. - Use a user warning handler in contrib/gregbook/readpng2.c instead of default. + Use a user warning handler in contrib/gregbook/readpng2.c instead of default, + so warnings will be put on stderr even if libpng has CONSOLE_IO disabled. + Added png_ptr->process_mode = PNG_READ_IDAT_MODE in png_push_read_chunk + after recognizing the IDAT chunk, which avoids an infinite loop while + reading a datastream whose first IDAT chunk is of zero-length. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngpread.c b/pngpread.c index 94856e90f..99beebb30 100644 --- a/pngpread.c +++ b/pngpread.c @@ -1,8 +1,8 @@ /* pngpread.c - read a png file in push mode * - * Last changed in libpng 1.6.8 [December 19, 2013] - * Copyright (c) 1998-2013 Glenn Randers-Pehrson + * Last changed in libpng 1.6.10 [(PENDING RELEASE)] + * Copyright (c) 1998-2014 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -234,6 +234,7 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr) png_error(png_ptr, "Missing PLTE before IDAT"); png_ptr->mode |= PNG_HAVE_IDAT; + png_ptr->process_mode = PNG_READ_IDAT_MODE; if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT)) if (png_ptr->push_length == 0) diff --git a/pngrutil.c b/pngrutil.c index 73d6c0b1c..111aa980a 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -228,7 +228,7 @@ png_crc_finish(png_structrp png_ptr, png_uint_32 skip) else { - png_chunk_benign_error(png_ptr, "CRC error"); + png_chunk_error(png_ptr, "CRC error"); return (0); } @@ -322,6 +322,8 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn) { #ifdef PNG_ERROR_TEXT_SUPPORTED png_chunk_error(png_ptr, "insufficient memory to read chunk"); +#else + png_err(png_ptr); #endif } }