cheng/libpng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f0b453bc3e
libpng/contrib/tools
History
John Bowler f0b453bc3e [libpng16] pngfix zero-length IDAT fix 
When an input file contains a zero length IDAT and pngfix is not applying the
IDAT rechunking (--max) option pngfix will go into a loop writing the zero
length IDAT for ever.

This is a fairly minor issue for interactive use; zero length IDAT is very rare,
the problem is obvious (pngfix hangs) and the fix (use --max, or --max=4096
etc), while not obvious, is easy.

For non-interactive use, e.g. trying to automatically repair a PNG that cannot
be read by libpng, there are security consequences:

1) pngfix hangs.  This may permit a DoS attack.
2) When the --out option is used pngfix will just keep writing.  This is a very
likely DoS scenario.

Signed-off-by: John Bowler <jbowler@acm.org>
2016-09-01 07:22:40 -07:00
..
checksum-icc.c [libpng16] Bump version to 1.6.1beta05 2013-03-02 15:03:15 -06:00
chkfmt [libpng16] Fix permission on reindent; add license info to contrib/tools/chkfmt 2016-07-14 18:53:30 -05:00
cvtcolor.c [libpng16] Bump version to 1.6.1beta05 2013-03-02 15:03:15 -06:00
genpng.c [libpng16] Imported from libpng-1.6.20rc01.tar 2015-11-26 07:04:24 -06:00
intgamma.sh [libpng16] Changed file permissions of contrib/tools/intgamma.sh from 2014-06-07 14:47:02 -05:00
makesRGB.c [libpng16] Bump version to 1.6.1beta05 2013-03-02 15:03:15 -06:00
png-fix-itxt.c [libpng16] Imported from libpng-1.6.20rc01.tar 2015-11-26 07:04:24 -06:00
pngcp.c [libpng16] Imported from libpng-1.6.24.tar 2016-08-03 21:32:26 -05:00
pngfix.c [libpng16] pngfix zero-length IDAT fix 2016-09-01 07:22:40 -07:00
README.txt [libpng] Fixed some trivial typos in the contrib/tools subdirectory. 2011-11-29 07:44:48 -06:00
reindent [libpng16] Imported from libpng-1.6.24beta06.tar 2016-07-19 17:00:00 -05:00
sRGB.h [libpng16] Bump version to 1.6.1beta05 2013-03-02 15:03:15 -06:00

README.txt 

This directory (contrib/tools) contains tools used by the authors of libpng.

Code and data placed in this directory is not required to build libpng,
however the code in this directory has been used to generate data or code in
the body of the libpng source.  The source code identifies where this has
been done.  Code in this directory may not compile on all operating systems
that libpng supports.

NO COPYRIGHT RIGHTS ARE CLAIMED TO ANY OF THE FILES IN THIS DIRECTORY.

To the extent possible under law, the authors have waived all copyright and
related or neighboring rights to this work.  This work is published from:
United States.

The files may be used freely in any way.

The source code and comments in this directory are the original work of the
people named below.  No other person or organization has made contributions to
the work in this directory.

ORIGINAL AUTHORS
    The following people have contributed to the code in this directory.  None
    of the people below claim any rights with regard to the contents of this
    directory.

    John Bowler <jbowler@acm.org>