Skip to content

T
Third Party Libpng

OpenHarmony / Third Party Libpng
大约 1 年 前同步成功

通知 4
Star 22
Fork 0
T
Third Party Libpng

体验新版 GitCode,发现更多精彩内容 >>

提交 095b4ce1 编写于 作者: G Glenn Randers-Pehrson
浏览文件
操作

[libpng16] Disabled new limit test on IDAT chunks. It was producing too small 

a limit for some files.
上级 bfdabdac
隐藏空白更改
内联 并排
Showing with 18 addition and 2 deletion
pngpread.c
浏览文件 @ 095b4ce1
...@@ -226,14 +226,19 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr) ...@@ -226,14 +226,19 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
if (chunk_name == png_IDAT) if (chunk_name == png_IDAT)
{ {
#if 0 /* some pngtests are failing */
size_t row_factor = size_t row_factor =
(png_ptr->rowbytes + 1 + (png_ptr->interlaced? 6: 0)); (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
+ 1 + (png_ptr->interlaced? 6: 0));
if (png_ptr->height > PNG_UINT_32_MAX/row_factor) if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
limit=PNG_UINT_31_MAX; limit=PNG_UINT_31_MAX;
else else
limit = png_ptr->height * row_factor; limit = png_ptr->height * row_factor;
limit += 6 + 5*limit/32566; /* zlib+deflate overhead */ limit += 6 + 5*limit/32566; /* zlib+deflate overhead */
limit=limit < PNG_UINT_31_MAX? limit : PNG_UINT_31_MAX; limit=limit < PNG_UINT_31_MAX? limit : PNG_UINT_31_MAX;
#else
limit=PNG_UINT_31_MAX;
#endif
} }
else else
{ {
...@@ -247,7 +252,11 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr) ...@@ -247,7 +252,11 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
# endif # endif
} }
if (png_ptr->push_length > limit) if (png_ptr->push_length > limit)
{
printf(" png_ptr->push_length = %lu, limit = %lu\n",
(unsigned long)png_ptr->push_length,(unsigned long)limit);
png_chunk_error(png_ptr, "chunk data is too large"); png_chunk_error(png_ptr, "chunk data is too large");
}
if (chunk_name == png_IHDR) if (chunk_name == png_IHDR)
{ {
......
pngrutil.c
浏览文件 @ 095b4ce1
...@@ -196,18 +196,25 @@ png_read_chunk_header(png_structrp png_ptr) ...@@ -196,18 +196,25 @@ png_read_chunk_header(png_structrp png_ptr)
} }
else else
{ {
#if 0 /* some pngtests are failing */
size_t row_factor = size_t row_factor =
(png_ptr->rowbytes + 1 + (png_ptr->interlaced? 6: 0)); (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
+ 1 + (png_ptr->interlaced? 6: 0));
if (png_ptr->height > PNG_UINT_32_MAX/row_factor) if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
limit=PNG_UINT_31_MAX; limit=PNG_UINT_31_MAX;
else else
limit = png_ptr->height * row_factor; limit = png_ptr->height * row_factor;
limit += 6 + 5*limit/32566; /* zlib+deflate overhead */ limit += 6 + 5*limit/32566; /* zlib+deflate overhead */
limit=limit < PNG_UINT_31_MAX? limit : PNG_UINT_31_MAX; limit=limit < PNG_UINT_31_MAX? limit : PNG_UINT_31_MAX;
#else
limit=PNG_UINT_31_MAX;
#endif
} }
if (length > limit) if (length > limit)
{ {
printf(" length = %lu, limit = %lu\n",
(unsigned long)length,(unsigned long)limit);
png_chunk_error(png_ptr, "chunk data is too large"); png_chunk_error(png_ptr, "chunk data is too large");
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册