Commit Graph

89 Commits

Author SHA1 Message Date
John Bowler
f0b453bc3e [libpng16] pngfix zero-length IDAT fix
When an input file contains a zero length IDAT and pngfix is not applying the
IDAT rechunking (--max) option pngfix will go into a loop writing the zero
length IDAT for ever.

This is a fairly minor issue for interactive use; zero length IDAT is very rare,
the problem is obvious (pngfix hangs) and the fix (use --max, or --max=4096
etc), while not obvious, is easy.

For non-interactive use, e.g. trying to automatically repair a PNG that cannot
be read by libpng, there are security consequences:

1) pngfix hangs.  This may permit a DoS attack.
2) When the --out option is used pngfix will just keep writing.  This is a very
likely DoS scenario.

Signed-off-by: John Bowler <jbowler@acm.org>
2016-09-01 07:22:40 -07:00
Glenn Randers-Pehrson
b50d5cea2b [libpng16] Imported from libpng-1.6.24.tar 2016-08-03 21:32:26 -05:00
Glenn Randers-Pehrson
ee079481c9 [libpng16] Imported from libpng-1.6.24beta06.tar 2016-07-19 17:00:00 -05:00
Glenn Randers-Pehrson
34c783e2fe [libpng16] Fix permission on reindent; add license info to contrib/tools/chkfmt 2016-07-14 18:53:30 -05:00
Glenn Randers-Pehrson
82d0009885 [libpng16] Add PD license to new "reindent" tool; remove unused environment var
I didn't intend to distribute this but it leaked into the libpng16 source,
so here it is.
2016-07-14 17:40:37 -05:00
Glenn Randers-Pehrson
3c7c436303 [libpng16] Imported from libpng-1.6.24beta05.tar 2016-07-14 09:55:35 -05:00
John Bowler
cfc19ff1b6 pngcp bug fixes
The fixed size buffer for the file name being processed could have a byte
written beyond the end; a bug where the test was updated without changing the
size of the buffer.  This commit reduces the buffer to the system maximum.

png_getrowbytes could, in theory, return 0; probably only if there is a bug in
libpng but the code now checks.

Signed-off-by: John Bowler <jbowler@acm.org>
2016-07-03 13:49:36 -07:00
Glenn Randers-Pehrson
b733c50bc0 [libpng16] Updated CHANGES and ANNOUNCE 2016-07-01 18:42:07 -05:00
John Bowler
a93744423d pngcp.c: correct total time output
Signed-off-by: John Bowler <jbowler@acm.org>
2016-07-01 11:29:58 -07:00
John Bowler
9957c45073 pngcp: add high resolution timing
If PNG_PNGCP_TIMING_SUPPORTED is defined maximal resolution CPU time logging of
png_read_png and png_write_png is enabled via the --time command line option.
This is not on by default but is enabled by contrib/conftests/pngcp.dfa

Signed-off-by: John Bowler <jbowler@acm.org>
2016-07-01 11:29:45 -07:00
John Bowler
0ac91cc657 pngcp: tool to copy PNG files
This adds pngcp to the build together with a pngcp.dfa configuration test; the
test revealed some configuration bugs which are fixed by corrections to the
_SUPPORTED macros.

pngcp builds on all tested configurations and a number of bugs have been fixed
to make this happen relative to the version in libpng 1.7 contrib/examples.
pngcp.dfa will have to be different for 1.7 but pngcp.c should work fine (not
yet tested).  pngcp itself is still missing a usage message; this is a
preliminary version, although since it behaves the same way as 'cp' most unoids
shouldn't have a problem using it correctly.

Signed-off-by: John Bowler <jbowler@acm.org>
2016-07-01 11:27:43 -07:00
Glenn Randers-Pehrson
95d2726ecc [libpng16] Update change dates in pngvalid.c and pngfix.c 2016-01-18 09:24:23 -06:00
Glenn Randers-Pehrson
5031c77d85 [libpng16] Bump version to 1.6.22beta01 2016-01-16 08:00:09 -06:00
Glenn Randers-Pehrson
fc0786a442 [libpng16] Imported from libpng-1.6.21.tar 2016-01-15 13:51:06 -06:00
Glenn Randers-Pehrson
ecc022ee5f [libpng16] Bump version to libpng-1.6.21rc02.tar 2016-01-06 13:26:32 -06:00
Glenn Randers-Pehrson
0de0101fdd [libpng16] Bump version to 1.6.21beta01 2015-12-08 22:19:15 -06:00
Glenn Randers-Pehrson
5b6a6f914b [libpng16] Imported from libpng-1.6.20.tar 2015-12-02 22:30:37 -06:00
Glenn Randers-Pehrson
e7092bc59c [libpng16] Imported from libpng-1.6.20rc01.tar 2015-11-26 07:04:24 -06:00
Glenn Randers-Pehrson
87049cbf84 [libpng16] Update CHANGES, ANNOUNCE, minor editing of contrib/*/*.c 2015-11-25 15:55:01 -06:00
John Bowler
f5778c8fbb Fix error in handling of bad zlib CMINFO field
Signed-off-by: John Bowler <jbowler@acm.org>
2015-11-25 12:59:42 -08:00
John Bowler
c3e7e7d715 [libpng16] tests backported from libpng 1.7
This updates libpng16 with all the test changes from libpng17,
including changes to pngvalid.c to ensure that the original,
distributed, version of contrib/visupng/cexcept.h can be used.

pngvalid contains the correction to the use of SAVE/STORE_
UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7.  More
tests contain the --strict option to detect warnings and the
pngvalid-standard test has been corrected so that it does not
turn on progresive-read (there is a separate test which does
that.)

Some signed/unsigned fixes have been made.

Signed-off-by: John Bowler <jbowler@acm.org>
2015-09-15 15:38:52 -07:00
Glenn Randers-Pehrson
8b83ff3704 [libpng16] Change "n bit" to "n-bit" in comments. 2015-08-13 20:57:18 -05:00
Glenn Randers-Pehrson
e6172809bd [libpng16] Imported from libpng-1.6.18.tar 2015-07-22 22:40:52 -05:00
Glenn Randers-Pehrson
a390897ba4 [libpng16] Fixed a new signed-unsigned comparison in pngrtran.c (Max Stepin).
Removed some useless typecasts from contrib/tools/png-fix-itxt.c
2015-07-01 14:06:39 -05:00
Glenn Randers-Pehrson
9d4ea3014b [libpng16] Imported from libpng-1.6.18beta08.tar 2015-06-30 10:54:44 -05:00
Glenn Randers-Pehrson
f6e7551f06 [libpng16] Eliminated the final two Coverity defects (insecure temporary file
handling in contrib/libtests/pngstest.c; possible overflow of
unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure"
file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will
continue to be used.
2015-06-10 07:05:18 -05:00
Glenn Randers-Pehrson
867f2ec058 [libpng16] Imported from libpng-1.6.18beta07.tar 2015-06-06 17:03:14 -05:00
Glenn Randers-Pehrson
b26b51d154 [libpng16] Quieted Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
would only work with iTXt chunks with length 255 or less.
2015-06-03 16:07:01 -05:00
Glenn Randers-Pehrson
b66de48b3b [libpng16] Changed png_voidcast(), etc., to voidcast(), etc., in
contrib/tools/pngfix.c to avoid confusion with the libpng private macros.
2015-05-30 22:57:33 -05:00
John Bowler
0f12df19a1 [libpng16] Added PNG generation tool, fixed unitialized pointer in
simpleover. Also added a comment to png.h pointing out that the pointer must
 be set to NULL!  (simpleover crashes with any slightly complex command lines
 without this fix.)
2015-05-04 19:58:41 -05:00
Glenn Randers-Pehrson
218a6fe9e5 [libpng16] Bump version to 1.6.18beta01 2015-03-26 08:55:25 -05:00
Glenn Randers-Pehrson
c98f7fb4e3 [libpng16] Imported from libpng-1.6.17.tar 2015-03-26 08:11:12 -05:00
Glenn Randers-Pehrson
bc27b2f432 [libpng16] Imported from libpng-1.6.17rc02.tar 2015-03-09 09:20:46 -05:00
Glenn Randers-Pehrson
494e75ac83 [libpng16] Fixed some typos in the pngfix usage message. 2015-02-26 10:39:13 -06:00
Glenn Randers-Pehrson
018b4fccb9 [libpng16] Happy New Year! Update copyright year. 2014-12-31 18:45:23 -06:00
John Bowler
6a6eb354ff [libpng16] Removed user limits from pngfix. Also pass NULL pointers to
png_read_row to skip the unnecessary row de-interlace stuff.
2014-12-24 18:54:08 -06:00
Glenn Randers-Pehrson
f43b5e3709 [libpng16] Imported from libpng-1.6.16beta03.tar 2014-12-20 19:21:32 -06:00
Glenn Randers-Pehrson
f1b547a509 [libpng16] Use png_get_libpng_ver(NULL), not PNG_LIBPNG_VER_STRING 2014-11-04 23:33:46 -06:00
Glenn Randers-Pehrson
edb772fd6d [libpng16] Imported from libpng-1.6.14.tar 2014-10-22 19:32:52 -05:00
Glenn Randers-Pehrson
0df3198719 [libpng16] Imported from libpng-1.6.14beta01.tar 2014-09-14 14:23:32 -05:00
Glenn Randers-Pehrson
3a05d2df0f [libpng16] Add "#include <setjmp.h>" to contrib/tools/pngfix.c (John Bowler) 2014-09-11 07:39:24 -05:00
Glenn Randers-Pehrson
de5e34f3ce [libpng16] Add #include <setjmp.h> to contrib/tools/pngfix.c to allow "make" to
complete without setjmp support (bug report by Claudio Fontana)
2014-09-10 21:34:34 -05:00
Glenn Randers-Pehrson
0a3c788b51 [libpng16] Don't build contrib/tools/pngfix.c without setjmp support. 2014-09-10 17:27:53 -05:00
Glenn Randers-Pehrson
79b7e4e621 [libpng16] Changed file permissions of contrib/tools/intgamma.sh from
0644 to 0755 (Cosmin).
2014-06-07 14:47:02 -05:00
Glenn Randers-Pehrson
ee6050ecb4 [libpng16] Imported from libpng-1.6.11rc02.tar 2014-06-03 22:02:34 -05:00
Glenn Randers-Pehrson
7a0ca967b4 [libpng16] Bump version to 1.6.11beta04 2014-04-06 14:18:13 -05:00
Glenn Randers-Pehrson
478062d9b5 [libpng16] Imported from libpng-1.6.11beta03.tar 2014-04-06 14:17:58 -05:00
Glenn Randers-Pehrson
4df37bfa4f [libpng16] Imported from libpng-1.6.10.tar 2014-03-06 12:49:17 -06:00
Glenn Randers-Pehrson
9eec159ab0 [libpng16] Imported from libpng-1.6.10beta01.tar 2014-02-09 13:00:23 -06:00
John Bowler
414d7b5f7d [libpng16] Backport recent changes from libpng-1.7.0beta30 and beta31. 2014-02-06 11:39:25 -06:00