[libpng16] Quieted Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,

pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt would only work with iTXt chunks with length 255 or less.

[libpng16] Quieted Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt would only work with iTXt chunks with length 255 or less.
b26b51d1 · Glenn Randers-Pehrson · f50b593a · b26b51d1 · b26b51d1 · b26b51d1
6 changed file
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -80,6 +80,9 @@ Version 1.6.18beta07 [June 3, 2015]
    being lost over the setjmp (John Bowler).
  Fixed NO_WRITE_FILTER and -Wconversion build breaks (John Bowler).
  Fix g++ build breaks (John Bowler).
+  Quieted Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
+    pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
+    would only work with iTXt chunks with length 255 or less.
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

--- a/CHANGES
+++ b/CHANGES
@@ -5265,6 +5265,9 @@ Version 1.6.18beta07 [June 3, 2015]
    being lost over the setjmp (John Bowler).
  Fixed NO_WRITE_FILTER and -Wconversion build breaks (John Bowler).
  Fix g++ build breaks (John Bowler).
+  Quieted Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
+    pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
+    would only work with iTXt chunks with length 255 or less.
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

--- a/contrib/libtests/pngimage.c
+++ b/contrib/libtests/pngimage.c
 /* pngimage.c
 *
- * Copyright (c) 2014 John Cunningham Bowler
+ * Copyright (c) 2015 John Cunningham Bowler
 *
- * Last changed in libpng 1.6.10 [March 6, 2014]
+ * Last changed in libpng 1.6.18 [(PENDING RELEASE)]
 *
 * This code is released under the libpng license.
 * For conditions of distribution and use, see the disclaimer
@@ -1120,8 +1120,8 @@ compare_read(struct display *dp, int applied_transforms)
         {
            int b;
-            case 16: /* Two bytes per component, bit-endian */
+            case 16: /* Two bytes per component, big-endian */
-               for (b = (bpp >> 4); b > 0; )
+               for (b = (bpp >> 4); b > 0; --b)
               {
                  unsigned int sig = (unsigned int)(0xffff0000 >> sig_bits[b]);

--- a/contrib/libtests/pngstest.c
+++ b/contrib/libtests/pngstest.c
 /*-
 * pngstest.c
 *
- * Copyright (c) 2013-2014 John Cunningham Bowler
+ * Copyright (c) 2013-2015 John Cunningham Bowler
 *
- * Last changed in libpng 1.6.16 [December 22, 2014]
+ * Last changed in libpng 1.6.18 [(PENDING RELEASE)]
 *
 * This code is released under the libpng license.
 * For conditions of distribution and use, see the disclaimer
@@ -615,7 +615,7 @@ freeimage(Image *image)
   if (image->tmpfile_name[0] != 0 && (image->opts & KEEP_TMPFILES) == 0)
   {
-      remove(image->tmpfile_name);
+      (void)remove(image->tmpfile_name);
      image->tmpfile_name[0] = 0;
   }
 }
@@ -2828,7 +2828,7 @@ compare_two_images(Image *a, Image *b, int via_linear,
            else if (y >= b->image.colormap_entries)
            {
-               if ((a->opts & ACCUMULATE) == 0)
+               if ((b->opts & ACCUMULATE) == 0)
                  {
                  char pindex[9];
                  sprintf(pindex, "%lu[%lu]", (unsigned long)y,
@@ -3175,7 +3175,9 @@ read_one_file(Image *image)
               if (cb > 0)
               {
+#ifndef __COVERITY__
                  if ((unsigned long int)cb <= (size_t)~(size_t)0)
+#endif
                  {
                     png_bytep b = voidcast(png_bytep, malloc((size_t)cb));
@@ -3588,7 +3590,7 @@ main(int argc, char **argv)
            }
            /* Safe: checked above */
-            strcpy(tmpf, argv[c]);
+            strncpy(tmpf, argv[c], sizeof (tmpf)-1);
         }
         else

--- a/contrib/libtests/pngvalid.c
+++ b/contrib/libtests/pngvalid.c
 /* pngvalid.c - validate libpng by constructing then reading png files.
 *
- * Last changed in libpng 1.6.17 [(PENDING RELEASE)]
+ * Last changed in libpng 1.6.18 [(PENDING RELEASE)]
 * Copyright (c) 2014-2015 Glenn Randers-Pehrson
 * Written by John Cunningham Bowler
 *
@@ -1319,7 +1319,10 @@ store_current_palette(png_store *ps, int *npalette)
    * operation.)
    */
   if (ps->current == NULL)
+   {
      store_log(ps, ps->pread, "no current stream for palette", 1);
+      return NULL;
+   }
   /* The result may be null if there is no palette. */
   *npalette = ps->current->npalette;

--- a/contrib/tools/pngfix.c
+++ b/contrib/tools/pngfix.c
@@ -2,7 +2,7 @@
 *
 * Copyright (c) 2014-2015 John Cunningham Bowler
 *
- * Last changed in libpng 1.6.17 [(PENDING RELEASE)]
+ * Last changed in libpng 1.6.18 [(PENDING RELEASE)]
 *
 * This code is released under the libpng license.
 * For conditions of distribution and use, see the disclaimer
@@ -3853,6 +3853,7 @@ usage(const char *prog)
 int
 main(int argc, const char **argv)
 {
+   char temp_name[FILENAME_MAX+1];
   const char *  prog = *argv;
   const char *  outfile = NULL;
   const char *  suffix = NULL;
@@ -3955,7 +3956,6 @@ main(int argc, const char **argv)
      else
      {
         size_t outlen = strlen(*argv);
-         char temp_name[FILENAME_MAX+1];
         if (outfile == NULL) /* else this takes precedence */
         {