Moved testing of bad pngs into a separate tests/pngtest-badpngs script
Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL
in the output but PASS for the libpng test.
result when integers appear on both sides of a compare. Worked around the
others by forcing the strict-overflow setting in the relevant functions to
a level where they are not reported.
Changed "FALL THROUGH" comments to "FALLTHROUGH" because GCC doesn't like
the space.
Worked around some C-style casts from (void*) because g++ 5.4.0 objects
to them.
Increased the buffer size for 'sprint' to pass the gcc 7.1.0 'sprint
overflow' check that is on by default with -Wall -Wextra.
Configure libpng with "configure --enable-intel-sse" or compile
libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it. This patch was
previously applied to libpng-1.6.28rc03 but withdrawn to allow time for QA.
This removes the use of a macro containing the pre-processor 'defined'
operator. It is unclear whether this is valid; a macro which
"generates" 'defined' is not permitted, but the use of the work
"generates" within the C90 standard seems to imply more than simple
substitution of an expression itself containing a well-formed defined
operation.
Signed-off-by: John Bowler <jbowler@acm.org>
Remove all currently detected cases of unsigned overflow. Detection is
runtime, so test case dependent. The changes to pngvalid.c eliminate
spurious and probably invalid tests with one while loop exception.
Apart from that and the change to the dependence on the intended
unsigned overflow in pngtrans.c the changes are limited to altering the
meme for an unsigned 'x' from:
while (x-- > 0)
to
for (; x > 0; --x)
This works because, in all cases, the control variable is not used in
the loop. The 'while' meme was, at one time, warn'ed by GCC so it is
probably a good change, for some weird religious value of good.
Signed-off-by: John Bowler <jbowler@acm.org>
When an input file contains a zero length IDAT and pngfix is not applying the
IDAT rechunking (--max) option pngfix will go into a loop writing the zero
length IDAT for ever.
This is a fairly minor issue for interactive use; zero length IDAT is very rare,
the problem is obvious (pngfix hangs) and the fix (use --max, or --max=4096
etc), while not obvious, is easy.
For non-interactive use, e.g. trying to automatically repair a PNG that cannot
be read by libpng, there are security consequences:
1) pngfix hangs. This may permit a DoS attack.
2) When the --out option is used pngfix will just keep writing. This is a very
likely DoS scenario.
Signed-off-by: John Bowler <jbowler@acm.org>