Merge pull request #12049 from ISylvox/libpng-1.6.33

Update LibPNG to v1.6.33
This commit is contained in:
Rémi Verschelde 2017-10-12 13:03:36 +02:00 committed by GitHub
commit d68cc72925
11 changed files with 88 additions and 78 deletions

View File

@ -121,7 +121,7 @@ Files extracted from upstream source:
## libpng ## libpng
- Upstream: http://libpng.org/pub/png/libpng.html - Upstream: http://libpng.org/pub/png/libpng.html
- Version: 1.6.32 - Version: 1.6.33
- License: libpng/zlib - License: libpng/zlib
Files extracted from upstream source: Files extracted from upstream source:

View File

@ -10,8 +10,8 @@ this sentence.
This code is released under the libpng license. This code is released under the libpng license.
libpng versions 1.0.7, July 1, 2000 through 1.6.23, June 9, 2016 are libpng versions 1.0.7, July 1, 2000 through 1.6.33, September 28, 2017 are
Copyright (c) 2000-2002, 2004, 2006-2016 Glenn Randers-Pehrson, are Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are
derived from libpng-1.0.6, and are distributed according to the same derived from libpng-1.0.6, and are distributed according to the same
disclaimer and license as libpng-1.0.6 with the following individuals disclaimer and license as libpng-1.0.6 with the following individuals
added to the list of Contributing Authors: added to the list of Contributing Authors:
@ -22,6 +22,9 @@ added to the list of Contributing Authors:
Cosmin Truta Cosmin Truta
Gilles Vollant Gilles Vollant
James Yu James Yu
Mandar Sahastrabuddhe
Google Inc.
Vadim Barkov
and with the following additions to the disclaimer: and with the following additions to the disclaimer:
@ -127,4 +130,4 @@ any encryption software. See the EAR, paragraphs 734.3(b)(3) and
Glenn Randers-Pehrson Glenn Randers-Pehrson
glennrp at users.sourceforge.net glennrp at users.sourceforge.net
June 9, 2016 September 28, 2017

View File

@ -1,7 +1,7 @@
/* png.c - location for general purpose libpng functions /* png.c - location for general purpose libpng functions
* *
* Last changed in libpng 1.6.32 [August 24, 2017] * Last changed in libpng 1.6.33 [September 28, 2017]
* Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -14,7 +14,7 @@
#include "pngpriv.h" #include "pngpriv.h"
/* Generate a compiler error if there is an old png.h in the search path. */ /* Generate a compiler error if there is an old png.h in the search path. */
typedef png_libpng_version_1_6_32 Your_png_h_is_not_version_1_6_32; typedef png_libpng_version_1_6_33 Your_png_h_is_not_version_1_6_33;
#ifdef __GNUC__ #ifdef __GNUC__
/* The version tests may need to be added to, but the problem warning has /* The version tests may need to be added to, but the problem warning has
@ -816,14 +816,14 @@ png_get_copyright(png_const_structrp png_ptr)
#else #else
# ifdef __STDC__ # ifdef __STDC__
return PNG_STRING_NEWLINE \ return PNG_STRING_NEWLINE \
"libpng version 1.6.32 - August 24, 2017" PNG_STRING_NEWLINE \ "libpng version 1.6.33 - September 28, 2017" PNG_STRING_NEWLINE \
"Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson" \ "Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson" \
PNG_STRING_NEWLINE \ PNG_STRING_NEWLINE \
"Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
"Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
PNG_STRING_NEWLINE; PNG_STRING_NEWLINE;
# else # else
return "libpng version 1.6.32 - August 24, 2017\ return "libpng version 1.6.33 - September 28, 2017\
Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson\ Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson\
Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1996-1997 Andreas Dilger\
Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
@ -1913,12 +1913,12 @@ png_colorspace_set_sRGB(png_const_structrp png_ptr, png_colorspacerp colorspace,
*/ */
if (intent < 0 || intent >= PNG_sRGB_INTENT_LAST) if (intent < 0 || intent >= PNG_sRGB_INTENT_LAST)
return png_icc_profile_error(png_ptr, colorspace, "sRGB", return png_icc_profile_error(png_ptr, colorspace, "sRGB",
(unsigned)intent, "invalid sRGB rendering intent"); (png_alloc_size_t)intent, "invalid sRGB rendering intent");
if ((colorspace->flags & PNG_COLORSPACE_HAVE_INTENT) != 0 && if ((colorspace->flags & PNG_COLORSPACE_HAVE_INTENT) != 0 &&
colorspace->rendering_intent != intent) colorspace->rendering_intent != intent)
return png_icc_profile_error(png_ptr, colorspace, "sRGB", return png_icc_profile_error(png_ptr, colorspace, "sRGB",
(unsigned)intent, "inconsistent rendering intents"); (png_alloc_size_t)intent, "inconsistent rendering intents");
if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != 0) if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != 0)
{ {
@ -1979,7 +1979,6 @@ icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace,
if (profile_length < 132) if (profile_length < 132)
return png_icc_profile_error(png_ptr, colorspace, name, profile_length, return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
"too short"); "too short");
return 1; return 1;
} }
@ -2224,15 +2223,6 @@ png_icc_check_tag_table(png_const_structrp png_ptr, png_colorspacerp colorspace,
* being in range. All defined tag types have an 8 byte header - a 4 byte * being in range. All defined tag types have an 8 byte header - a 4 byte
* type signature then 0. * type signature then 0.
*/ */
if ((tag_start & 3) != 0)
{
/* CNHP730S.icc shipped with Microsoft Windows 64 violates this, it is
* only a warning here because libpng does not care about the
* alignment.
*/
(void)png_icc_profile_error(png_ptr, NULL, name, tag_id,
"ICC profile tag start not a multiple of 4");
}
/* This is a hard error; potentially it can cause read outside the /* This is a hard error; potentially it can cause read outside the
* profile. * profile.
@ -2240,6 +2230,16 @@ png_icc_check_tag_table(png_const_structrp png_ptr, png_colorspacerp colorspace,
if (tag_start > profile_length || tag_length > profile_length - tag_start) if (tag_start > profile_length || tag_length > profile_length - tag_start)
return png_icc_profile_error(png_ptr, colorspace, name, tag_id, return png_icc_profile_error(png_ptr, colorspace, name, tag_id,
"ICC profile tag outside profile"); "ICC profile tag outside profile");
if ((tag_start & 3) != 0)
{
/* CNHP730S.icc shipped with Microsoft Windows 64 violates this; it is
* only a warning here because libpng does not care about the
* alignment.
*/
(void)png_icc_profile_error(png_ptr, NULL, name, tag_id,
"ICC profile tag start not a multiple of 4");
}
} }
return 1; /* success, maybe with warnings */ return 1; /* success, maybe with warnings */
@ -3761,7 +3761,7 @@ png_log16bit(png_uint_32 x)
* of getting this accuracy in practice. * of getting this accuracy in practice.
* *
* To deal with this the following exp() function works out the exponent of the * To deal with this the following exp() function works out the exponent of the
* frational part of the logarithm by using an accurate 32-bit value from the * fractional part of the logarithm by using an accurate 32-bit value from the
* top four fractional bits then multiplying in the remaining bits. * top four fractional bits then multiplying in the remaining bits.
*/ */
static const png_uint_32 static const png_uint_32

View File

@ -1,7 +1,7 @@
/* png.h - header file for PNG reference library /* png.h - header file for PNG reference library
* *
* libpng version 1.6.32, August 24, 2017 * libpng version 1.6.33, September 28, 2017
* *
* Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
@ -12,7 +12,7 @@
* Authors and maintainers: * Authors and maintainers:
* libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat
* libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger
* libpng versions 0.97, January 1998, through 1.6.32, August 24, 2017: * libpng versions 0.97, January 1998, through 1.6.33, September 28, 2017:
* Glenn Randers-Pehrson. * Glenn Randers-Pehrson.
* See also "Contributing Authors", below. * See also "Contributing Authors", below.
*/ */
@ -25,7 +25,7 @@
* *
* This code is released under the libpng license. * This code is released under the libpng license.
* *
* libpng versions 1.0.7, July 1, 2000 through 1.6.32, August 24, 2017 are * libpng versions 1.0.7, July 1, 2000 through 1.6.33, September 28, 2017 are
* Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are * Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are
* derived from libpng-1.0.6, and are distributed according to the same * derived from libpng-1.0.6, and are distributed according to the same
* disclaimer and license as libpng-1.0.6 with the following individuals * disclaimer and license as libpng-1.0.6 with the following individuals
@ -213,7 +213,7 @@
* ... * ...
* 1.5.28 15 10527 15.so.15.28[.0] * 1.5.28 15 10527 15.so.15.28[.0]
* ... * ...
* 1.6.32 16 10632 16.so.16.32[.0] * 1.6.33 16 10633 16.so.16.33[.0]
* *
* Henceforth the source version will match the shared-library major * Henceforth the source version will match the shared-library major
* and minor numbers; the shared-library major version number will be * and minor numbers; the shared-library major version number will be
@ -241,13 +241,13 @@
* Y2K compliance in libpng: * Y2K compliance in libpng:
* ========================= * =========================
* *
* August 24, 2017 * September 28, 2017
* *
* Since the PNG Development group is an ad-hoc body, we can't make * Since the PNG Development group is an ad-hoc body, we can't make
* an official declaration. * an official declaration.
* *
* This is your unofficial assurance that libpng from version 0.71 and * This is your unofficial assurance that libpng from version 0.71 and
* upward through 1.6.32 are Y2K compliant. It is my belief that * upward through 1.6.33 are Y2K compliant. It is my belief that
* earlier versions were also Y2K compliant. * earlier versions were also Y2K compliant.
* *
* Libpng only has two year fields. One is a 2-byte unsigned integer * Libpng only has two year fields. One is a 2-byte unsigned integer
@ -309,8 +309,8 @@
*/ */
/* Version information for png.h - this should match the version in png.c */ /* Version information for png.h - this should match the version in png.c */
#define PNG_LIBPNG_VER_STRING "1.6.32" #define PNG_LIBPNG_VER_STRING "1.6.33"
#define PNG_HEADER_VERSION_STRING " libpng version 1.6.32 - August 24, 2017\n" #define PNG_HEADER_VERSION_STRING " libpng version 1.6.33 - September 28, 2017\n"
#define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_SONUM 16
#define PNG_LIBPNG_VER_DLLNUM 16 #define PNG_LIBPNG_VER_DLLNUM 16
@ -318,7 +318,7 @@
/* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */
#define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MAJOR 1
#define PNG_LIBPNG_VER_MINOR 6 #define PNG_LIBPNG_VER_MINOR 6
#define PNG_LIBPNG_VER_RELEASE 32 #define PNG_LIBPNG_VER_RELEASE 33
/* This should match the numeric part of the final component of /* This should match the numeric part of the final component of
* PNG_LIBPNG_VER_STRING, omitting any leading zero: * PNG_LIBPNG_VER_STRING, omitting any leading zero:
@ -349,7 +349,7 @@
* version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.0 was mis-numbered 100 instead of 10000). From
* version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release
*/ */
#define PNG_LIBPNG_VER 10632 /* 1.6.32 */ #define PNG_LIBPNG_VER 10633 /* 1.6.33 */
/* Library configuration: these options cannot be changed after /* Library configuration: these options cannot be changed after
* the library has been built. * the library has been built.
@ -459,7 +459,7 @@ extern "C" {
/* This triggers a compiler error in png.c, if png.c and png.h /* This triggers a compiler error in png.c, if png.c and png.h
* do not agree upon the version number. * do not agree upon the version number.
*/ */
typedef char* png_libpng_version_1_6_32; typedef char* png_libpng_version_1_6_33;
/* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info.
* *
@ -2819,6 +2819,8 @@ typedef struct
# define PNG_FORMAT_FLAG_AFIRST 0x20U /* alpha channel comes first */ # define PNG_FORMAT_FLAG_AFIRST 0x20U /* alpha channel comes first */
#endif #endif
#define PNG_FORMAT_FLAG_ASSOCIATED_ALPHA 0x40U /* alpha channel is associated */
/* Commonly used formats have predefined macros. /* Commonly used formats have predefined macros.
* *
* First the single byte (sRGB) formats: * First the single byte (sRGB) formats:

View File

@ -1,7 +1,7 @@
/* pngconf.h - machine configurable file for libpng /* pngconf.h - machine configurable file for libpng
* *
* libpng version 1.6.32, August 24, 2017 * libpng version 1.6.33, September 28, 2017
* *
* Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)

View File

@ -1,8 +1,8 @@
/* libpng 1.6.32 STANDARD API DEFINITION */ /* libpng 1.6.33 STANDARD API DEFINITION */
/* pnglibconf.h - library build configuration */ /* pnglibconf.h - library build configuration */
/* Libpng version 1.6.32 - August 24, 2017 */ /* Libpng version 1.6.33 - September 28, 2017 */
/* Copyright (c) 1998-2017 Glenn Randers-Pehrson */ /* Copyright (c) 1998-2017 Glenn Randers-Pehrson */

View File

@ -1,7 +1,7 @@
/* pngread.c - read a PNG file /* pngread.c - read a PNG file
* *
* Last changed in libpng 1.6.32 [August 24, 2017] * Last changed in libpng 1.6.33 [September 28, 2017]
* Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -3759,7 +3759,13 @@ png_image_read_direct(png_voidp argument)
mode = PNG_ALPHA_PNG; mode = PNG_ALPHA_PNG;
output_gamma = PNG_DEFAULT_sRGB; output_gamma = PNG_DEFAULT_sRGB;
} }
if ((change & PNG_FORMAT_FLAG_ASSOCIATED_ALPHA) != 0)
{
mode = PNG_ALPHA_OPTIMIZED;
change &= ~PNG_FORMAT_FLAG_ASSOCIATED_ALPHA;
}
/* If 'do_local_background' is set check for the presence of gamma /* If 'do_local_background' is set check for the presence of gamma
* correction; this is part of the work-round for the libpng bug * correction; this is part of the work-round for the libpng bug
* described above. * described above.
@ -3985,6 +3991,10 @@ png_image_read_direct(png_voidp argument)
else if (do_local_compose != 0) /* internal error */ else if (do_local_compose != 0) /* internal error */
png_error(png_ptr, "png_image_read: alpha channel lost"); png_error(png_ptr, "png_image_read: alpha channel lost");
if ((format & PNG_FORMAT_FLAG_ASSOCIATED_ALPHA) != 0) {
info_format |= PNG_FORMAT_FLAG_ASSOCIATED_ALPHA;
}
if (info_ptr->bit_depth == 16) if (info_ptr->bit_depth == 16)
info_format |= PNG_FORMAT_FLAG_LINEAR; info_format |= PNG_FORMAT_FLAG_LINEAR;

View File

@ -1,7 +1,7 @@
/* pngrtran.c - transforms the data in a row for PNG readers /* pngrtran.c - transforms the data in a row for PNG readers
* *
* Last changed in libpng 1.6.31 [July 27, 2017] * Last changed in libpng 1.6.33 [September 28, 2017]
* Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -430,7 +430,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette,
int i; int i;
png_ptr->quantize_index = (png_bytep)png_malloc(png_ptr, png_ptr->quantize_index = (png_bytep)png_malloc(png_ptr,
(png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); (png_alloc_size_t)((png_uint_32)num_palette * (sizeof (png_byte))));
for (i = 0; i < num_palette; i++) for (i = 0; i < num_palette; i++)
png_ptr->quantize_index[i] = (png_byte)i; png_ptr->quantize_index[i] = (png_byte)i;
} }
@ -447,7 +447,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette,
/* Initialize an array to sort colors */ /* Initialize an array to sort colors */
png_ptr->quantize_sort = (png_bytep)png_malloc(png_ptr, png_ptr->quantize_sort = (png_bytep)png_malloc(png_ptr,
(png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); (png_alloc_size_t)((png_uint_32)num_palette * (sizeof (png_byte))));
/* Initialize the quantize_sort array */ /* Initialize the quantize_sort array */
for (i = 0; i < num_palette; i++) for (i = 0; i < num_palette; i++)
@ -581,9 +581,11 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette,
/* Initialize palette index arrays */ /* Initialize palette index arrays */
png_ptr->index_to_palette = (png_bytep)png_malloc(png_ptr, png_ptr->index_to_palette = (png_bytep)png_malloc(png_ptr,
(png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); (png_alloc_size_t)((png_uint_32)num_palette *
(sizeof (png_byte))));
png_ptr->palette_to_index = (png_bytep)png_malloc(png_ptr, png_ptr->palette_to_index = (png_bytep)png_malloc(png_ptr,
(png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); (png_alloc_size_t)((png_uint_32)num_palette *
(sizeof (png_byte))));
/* Initialize the sort array */ /* Initialize the sort array */
for (i = 0; i < num_palette; i++) for (i = 0; i < num_palette; i++)
@ -592,7 +594,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette,
png_ptr->palette_to_index[i] = (png_byte)i; png_ptr->palette_to_index[i] = (png_byte)i;
} }
hash = (png_dsortpp)png_calloc(png_ptr, (png_uint_32)(769 * hash = (png_dsortpp)png_calloc(png_ptr, (png_alloc_size_t)(769 *
(sizeof (png_dsortp)))); (sizeof (png_dsortp))));
num_new_palette = num_palette; num_new_palette = num_palette;
@ -623,7 +625,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette,
{ {
t = (png_dsortp)png_malloc_warn(png_ptr, t = (png_dsortp)png_malloc_warn(png_ptr,
(png_uint_32)(sizeof (png_dsort))); (png_alloc_size_t)(sizeof (png_dsort)));
if (t == NULL) if (t == NULL)
break; break;
@ -748,9 +750,9 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette,
png_size_t num_entries = ((png_size_t)1 << total_bits); png_size_t num_entries = ((png_size_t)1 << total_bits);
png_ptr->palette_lookup = (png_bytep)png_calloc(png_ptr, png_ptr->palette_lookup = (png_bytep)png_calloc(png_ptr,
(png_uint_32)(num_entries * (sizeof (png_byte)))); (png_alloc_size_t)(num_entries * (sizeof (png_byte))));
distance = (png_bytep)png_malloc(png_ptr, (png_uint_32)(num_entries * distance = (png_bytep)png_malloc(png_ptr, (png_alloc_size_t)(num_entries *
(sizeof (png_byte)))); (sizeof (png_byte))));
memset(distance, 0xff, num_entries * (sizeof (png_byte))); memset(distance, 0xff, num_entries * (sizeof (png_byte)));
@ -3322,7 +3324,7 @@ png_do_compose(png_row_infop row_info, png_bytep row, png_structrp png_ptr)
== png_ptr->trans_color.gray) == png_ptr->trans_color.gray)
{ {
unsigned int tmp = *sp & (0x0f0f >> (4 - shift)); unsigned int tmp = *sp & (0x0f0f >> (4 - shift));
tmp |= tmp |=
(unsigned int)(png_ptr->background.gray << shift); (unsigned int)(png_ptr->background.gray << shift);
*sp = (png_byte)(tmp & 0xff); *sp = (png_byte)(tmp & 0xff);
} }

View File

@ -1,7 +1,7 @@
/* pngrutil.c - utilities to read a PNG file /* pngrutil.c - utilities to read a PNG file
* *
* Last changed in libpng 1.6.32 [August 24, 2017] * Last changed in libpng 1.6.33 [September 28, 2017]
* Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -314,6 +314,7 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn)
if (buffer != NULL) if (buffer != NULL)
{ {
memset(buffer, 0, new_size); /* just in case */
png_ptr->read_buffer = buffer; png_ptr->read_buffer = buffer;
png_ptr->read_buffer_size = new_size; png_ptr->read_buffer_size = new_size;
} }
@ -673,6 +674,8 @@ png_decompress_chunk(png_structrp png_ptr,
if (text != NULL) if (text != NULL)
{ {
memset(text, 0, buffer_size);
ret = png_inflate(png_ptr, png_ptr->chunk_name, 1/*finish*/, ret = png_inflate(png_ptr, png_ptr->chunk_name, 1/*finish*/,
png_ptr->read_buffer + prefix_size, &lzsize, png_ptr->read_buffer + prefix_size, &lzsize,
text + prefix_size, newlength); text + prefix_size, newlength);
@ -736,9 +739,7 @@ png_decompress_chunk(png_structrp png_ptr,
{ {
/* inflateReset failed, store the error message */ /* inflateReset failed, store the error message */
png_zstream_error(png_ptr, ret); png_zstream_error(png_ptr, ret);
ret = PNG_UNEXPECTED_ZLIB_RETURN;
if (ret == Z_STREAM_END)
ret = PNG_UNEXPECTED_ZLIB_RETURN;
} }
} }
@ -1476,7 +1477,7 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
/* Now read the tag table; a variable size buffer is /* Now read the tag table; a variable size buffer is
* needed at this point, allocate one for the whole * needed at this point, allocate one for the whole
* profile. The header check has already validated * profile. The header check has already validated
* that none of these stuff will overflow. * that none of this stuff will overflow.
*/ */
const png_uint_32 tag_count = png_get_uint_32( const png_uint_32 tag_count = png_get_uint_32(
profile_header+128); profile_header+128);
@ -1583,19 +1584,11 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
return; return;
} }
} }
if (errmsg == NULL)
else if (size > 0)
errmsg = "truncated";
#ifndef __COVERITY__
else
errmsg = png_ptr->zstream.msg; errmsg = png_ptr->zstream.msg;
#endif
} }
/* else png_icc_check_tag_table output an error */ /* else png_icc_check_tag_table output an error */
} }
else /* profile truncated */ else /* profile truncated */
errmsg = png_ptr->zstream.msg; errmsg = png_ptr->zstream.msg;
} }
@ -3144,28 +3137,28 @@ png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length)
{ {
png_alloc_size_t limit = PNG_UINT_31_MAX; png_alloc_size_t limit = PNG_UINT_31_MAX;
if (png_ptr->chunk_name != png_IDAT)
{
# ifdef PNG_SET_USER_LIMITS_SUPPORTED # ifdef PNG_SET_USER_LIMITS_SUPPORTED
if (png_ptr->user_chunk_malloc_max > 0 && if (png_ptr->user_chunk_malloc_max > 0 &&
png_ptr->user_chunk_malloc_max < limit) png_ptr->user_chunk_malloc_max < limit)
limit = png_ptr->user_chunk_malloc_max; limit = png_ptr->user_chunk_malloc_max;
# elif PNG_USER_CHUNK_MALLOC_MAX > 0 # elif PNG_USER_CHUNK_MALLOC_MAX > 0
if (PNG_USER_CHUNK_MALLOC_MAX < limit) if (PNG_USER_CHUNK_MALLOC_MAX < limit)
limit = PNG_USER_CHUNK_MALLOC_MAX; limit = PNG_USER_CHUNK_MALLOC_MAX;
# endif # endif
} if (png_ptr->chunk_name == png_IDAT)
else
{ {
png_alloc_size_t idat_limit = PNG_UINT_31_MAX;
size_t row_factor = size_t row_factor =
(png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
+ 1 + (png_ptr->interlaced? 6: 0)); + 1 + (png_ptr->interlaced? 6: 0));
if (png_ptr->height > PNG_UINT_32_MAX/row_factor) if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
limit=PNG_UINT_31_MAX; idat_limit=PNG_UINT_31_MAX;
else else
limit = png_ptr->height * row_factor; idat_limit = png_ptr->height * row_factor;
limit += 6 + 5*(limit/32566+1); /* zlib+deflate overhead */ row_factor = row_factor > 32566? 32566 : row_factor;
limit=limit < PNG_UINT_31_MAX? limit : PNG_UINT_31_MAX; idat_limit += 6 + 5*(idat_limit/row_factor+1); /* zlib+deflate overhead */
idat_limit=idat_limit < PNG_UINT_31_MAX? idat_limit : PNG_UINT_31_MAX;
limit = limit < idat_limit? idat_limit : limit;
} }
if (length > limit) if (length > limit)

View File

@ -1,7 +1,7 @@
/* pngtrans.c - transforms the data in a row (used by both readers and writers) /* pngtrans.c - transforms the data in a row (used by both readers and writers)
* *
* Last changed in libpng 1.6.30 [June 28, 2017] * Last changed in libpng 1.6.33 [September 28, 2017]
* Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -609,7 +609,7 @@ png_do_strip_channel(png_row_infop row_info, png_bytep row, int at_start)
return; /* The filler channel has gone already */ return; /* The filler channel has gone already */
/* Fix the rowbytes value. */ /* Fix the rowbytes value. */
row_info->rowbytes = (unsigned int)(dp-row); row_info->rowbytes = (png_size_t)(dp-row);
} }
#endif #endif
@ -708,7 +708,7 @@ png_do_check_palette_indexes(png_structrp png_ptr, png_row_infop row_info)
* forms produced on either GCC or MSVC. * forms produced on either GCC or MSVC.
*/ */
int padding = PNG_PADBITS(row_info->pixel_depth, row_info->width); int padding = PNG_PADBITS(row_info->pixel_depth, row_info->width);
png_bytep rp = png_ptr->row_buf + row_info->rowbytes; png_bytep rp = png_ptr->row_buf + row_info->rowbytes - 1;
switch (row_info->bit_depth) switch (row_info->bit_depth)
{ {

View File

@ -1940,7 +1940,7 @@ png_image_write_main(png_voidp argument)
int colormap = (format & PNG_FORMAT_FLAG_COLORMAP); int colormap = (format & PNG_FORMAT_FLAG_COLORMAP);
int linear = !colormap && (format & PNG_FORMAT_FLAG_LINEAR); /* input */ int linear = !colormap && (format & PNG_FORMAT_FLAG_LINEAR); /* input */
int alpha = !colormap && (format & PNG_FORMAT_FLAG_ALPHA); int alpha = !colormap && (format & PNG_FORMAT_FLAG_ALPHA);
int write_16bit = linear && !colormap && (display->convert_to_8bit == 0); int write_16bit = linear && (display->convert_to_8bit == 0);
# ifdef PNG_BENIGN_ERRORS_SUPPORTED # ifdef PNG_BENIGN_ERRORS_SUPPORTED
/* Make sure we error out on any bad situation */ /* Make sure we error out on any bad situation */