From 217d38cdeac95e069e34ae2e7359f0b6e75cd365 Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Sat, 7 Mar 2015 10:35:03 -0600 Subject: [PATCH] [libpng16] Stopped a potential memory leak in png_set_unknown_chunks(). Breaks tests/pngunknown-sAPI so it's temporarily marked SKIP. --- ANNOUNCE | 6 ++++-- CHANGES | 4 +++- png.c | 4 ++-- pngset.c | 13 ++++++++++++- tests/pngunknown-sAPI | 2 ++ 5 files changed, 23 insertions(+), 6 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 7db535c04..0f91cdced 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.17rc02 - March 6, 2015 +Libpng 1.6.17rc02 - March 7, 2015 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -68,9 +68,11 @@ Version 1.6.17beta06 [February 27, 2015] Version 1.6.17rc01 [March 4, 2015] No changes. -Version 1.6.17rc02 [March 6, 2015] +Version 1.6.17rc02 [March 7, 2015] Removed some comments that the configure script did not handle properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt. + Stopped a potential memory leak in png_set_unknown_chunks(). Breaks + tests/pngunknown-sAPI so it's temporarily marked SKIP. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 82bb92514..478e21873 100644 --- a/CHANGES +++ b/CHANGES @@ -5169,9 +5169,11 @@ Version 1.6.17beta06 [February 27, 2015] Version 1.6.17rc01 [March 4, 2015] No changes. -Version 1.6.17rc02 [March 6, 2015] +Version 1.6.17rc02 [March 7, 2015] Removed some comments that the configure script did not handle properly from scripts/pnglibconf.dfa and pnglibconf.h.prebuilt. + Stopped a potential memory leak in png_set_unknown_chunks(). Breaks + tests/pngunknown-sAPI so it's temporarily marked SKIP. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/png.c b/png.c index 58e8cec33..0889763fb 100644 --- a/png.c +++ b/png.c @@ -772,13 +772,13 @@ png_get_copyright(png_const_structrp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.17rc02 - March 6, 2015" PNG_STRING_NEWLINE \ + "libpng version 1.6.17rc02 - March 7, 2015" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2015 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.6.17rc02 - March 6, 2015\ + return "libpng version 1.6.17rc02 - March 7, 2015\ Copyright (c) 1998-2015 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; diff --git a/pngset.c b/pngset.c index 57407301c..2b9164603 100644 --- a/pngset.c +++ b/pngset.c @@ -1180,6 +1180,17 @@ png_set_unknown_chunks(png_const_structrp png_ptr, return; } + if ((np->location & (PNG_HAVE_IHDR|PNG_HAVE_PLTE|PNG_AFTER_IDAT)) == 0) + { + png_free(png_ptr, np); + np = NULL; + png_chunk_report(png_ptr, + "invalid chunk location in png_set_unknown_chunks", + PNG_CHUNK_WRITE_ERROR); + + return; + } + png_free(png_ptr, info_ptr->unknown_chunks); info_ptr->unknown_chunks = np; /* safe because it is initialized */ info_ptr->free_me |= PNG_FREE_UNKN; @@ -1254,7 +1265,7 @@ png_set_unknown_chunk_location(png_const_structrp png_ptr, png_inforp info_ptr, check_location(png_ptr, location); } } -#endif +#endif /* STORE_UNKNOWN_CHUNKS */ #ifdef PNG_MNG_FEATURES_SUPPORTED diff --git a/tests/pngunknown-sAPI b/tests/pngunknown-sAPI index e087ef25a..3d759c3d4 100755 --- a/tests/pngunknown-sAPI +++ b/tests/pngunknown-sAPI @@ -1,2 +1,4 @@ #!/bin/sh +code=77 # skipped +exit 77 exec ./pngunknown bKGD=save cHRM=save gAMA=save all=discard iCCP=save sBIT=save sRGB=save "${srcdir}/pngtest.png" -- GitLab