Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Libpng
提交
d46b5709
T
Third Party Libpng
项目概览
OpenHarmony
/
Third Party Libpng
大约 1 年 前同步成功
通知
4
Star
22
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Libpng
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
d46b5709
编写于
5月 20, 2015
作者:
G
Glenn Randers-Pehrson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
[libpng16] Avoid a harmless potential integer overflow in png_XYZ_from_xy().
上级
918d23f6
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
33 addition
and
24 deletion
+33
-24
ANNOUNCE
ANNOUNCE
+3
-2
CHANGES
CHANGES
+21
-14
png.c
png.c
+9
-8
未找到文件。
ANNOUNCE
浏览文件 @
d46b5709
Libpng 1.6.18beta04 - May
9
, 2015
Libpng 1.6.18beta04 - May
20
, 2015
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
...
...
@@ -46,11 +46,12 @@ Version 1.6.18beta03 [May 6, 2015]
and an example PNG generation tool, contrib/examples/genpng.c
(John Bowler).
Version 1.6.18beta04 [May
9
, 2015]
Version 1.6.18beta04 [May
20
, 2015]
PNG_RELEASE_BUILD replaces tests where the code depended on the build base
type and can be defined on the command line, allowing testing in beta
builds (John Bowler).
Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c
Avoid a harmless potential integer overflow in png_XYZ_from_xy().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
...
...
CHANGES
浏览文件 @
d46b5709
#if 0
CHANGES - changes for libpng
Version 0.2
version 0.1 [March 29, 1995]
initial work-in-progress release
version 0.2 [April 1, 1995]
added reader into png.h
fixed small problems in stub file
Version 0.3
version 0.3 [April 8, 1995]
added pull reader
split up pngwrite.c to several files
added pnglib.txt
...
...
@@ -14,9 +17,9 @@ Version 0.3
fixed some bugs in writer
interfaced with zlib 0.5
added K&R support
added check for 64 KB blocks for 16
-
bit machines
added check for 64 KB blocks for 16
bit machines
Version 0.4
version 0.4 [April 26, 1995]
cleaned up code and commented code
simplified time handling into png_time
created png_color_16 and png_color_8 to handle color needs
...
...
@@ -27,28 +30,29 @@ Version 0.4
cleaned up zTXt reader and writer (using zlib's Reset functions)
split transformations into pngrtran.c and pngwtran.c
Version 0.5
version 0.5 [April 30, 1995]
interfaced with zlib 0.8
fixed many reading and writing bugs
saved using 3 spaces instead of tabs
Version 0.6
version 0.6 [May 1, 1995]
first beta release
added png_large_malloc() and png_large_free()
added png_size_t
cleaned up some compiler warnings
added png_start_read_image()
Version 0.7
version 0.7 [June 24, 1995]
cleaned up lots of bugs
finished dithering and other stuff
added test program
changed name from pnglib to libpng
Version 0.71 [June
, 1995]
version 0.71 [June 26
, 1995]
changed pngtest.png for zlib 0.93
fixed error in libpng.txt and example.c
Version 0.8
version 0.8 [August 20, 1995]
cleaned up some bugs
added png_set_filler()
split up pngstub.c into pngmem.c, pngio.c, and pngerror.c
...
...
@@ -1449,8 +1453,9 @@ Version 1.2.6beta4 [July 28, 2004]
Use png_malloc instead of png_zalloc to allocate the pallete.
Version 1.0.16rc1 and 1.2.6rc1 [August 4, 2004]
Fixed buffer overflow vulnerability in png_handle_tRNS()
Fixed integer arithmetic overflow vulnerability in png_read_png().
Fixed buffer overflow vulnerability (CVE-2004-0597) in png_handle_tRNS().
Fixed NULL dereference vulnerability (CVE-2004-0598) in png_handle_iCCP().
Fixed integer overflow vulnerability (CVE-2004-0599) in png_read_png().
Fixed some harmless bugs in png_handle_sBIT, etc, that would cause
duplicate chunk types to go undetected.
Fixed some timestamps in the -config version
...
...
@@ -5226,11 +5231,12 @@ Version 1.6.18beta03 [May 6, 2015]
and an example PNG generation tool, contrib/examples/genpng.c
(John Bowler).
Version 1.6.18beta04 [May
9
, 2015]
Version 1.6.18beta04 [May
20
, 2015]
PNG_RELEASE_BUILD replaces tests where the code depended on the build base
type and can be defined on the command line, allowing testing in beta
builds (John Bowler).
Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c
Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds.
Avoid a harmless potential integer overflow in png_XYZ_from_xy().
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
...
...
@@ -5239,3 +5245,4 @@ to subscribe)
or to glennrp at users.sourceforge.net
Glenn R-P
#endif
png.c
浏览文件 @
d46b5709
...
...
@@ -766,13 +766,13 @@ png_get_copyright(png_const_structrp png_ptr)
#else
# ifdef __STDC__
return
PNG_STRING_NEWLINE
\
"libpng version 1.6.18beta04 - May
9
, 2015"
PNG_STRING_NEWLINE
\
"libpng version 1.6.18beta04 - May
20
, 2015"
PNG_STRING_NEWLINE
\
"Copyright (c) 1998-2015 Glenn Randers-Pehrson"
PNG_STRING_NEWLINE
\
"Copyright (c) 1996-1997 Andreas Dilger"
PNG_STRING_NEWLINE
\
"Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."
\
PNG_STRING_NEWLINE
;
# else
return
"libpng version 1.6.18beta04 - May
9
, 2015\
return
"libpng version 1.6.18beta04 - May
20
, 2015\
Copyright (c) 1998-2015 Glenn Randers-Pehrson\
Copyright (c) 1996-1997 Andreas Dilger\
Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."
;
...
...
@@ -1235,16 +1235,17 @@ png_XYZ_from_xy(png_XYZ *XYZ, const png_xy *xy)
/* Check xy and, implicitly, z. Note that wide gamut color spaces typically
* have end points with 0 tristimulus values (these are impossible end
* points, but they are used to cover the possible colors.)
* points, but they are used to cover the possible colors). We check
* xy->whitey against 5, not 0, to avoid a possible integer overflow.
*/
if
(
xy
->
redx
<
0
||
xy
->
redx
>
PNG_FP_1
)
return
1
;
if
(
xy
->
redy
<
0
||
xy
->
redy
>
PNG_FP_1
-
xy
->
redx
)
return
1
;
if
(
xy
->
redx
<
0
||
xy
->
redx
>
PNG_FP_1
)
return
1
;
if
(
xy
->
redy
<
0
||
xy
->
redy
>
PNG_FP_1
-
xy
->
redx
)
return
1
;
if
(
xy
->
greenx
<
0
||
xy
->
greenx
>
PNG_FP_1
)
return
1
;
if
(
xy
->
greeny
<
0
||
xy
->
greeny
>
PNG_FP_1
-
xy
->
greenx
)
return
1
;
if
(
xy
->
bluex
<
0
||
xy
->
bluex
>
PNG_FP_1
)
return
1
;
if
(
xy
->
bluey
<
0
||
xy
->
bluey
>
PNG_FP_1
-
xy
->
bluex
)
return
1
;
if
(
xy
->
bluex
<
0
||
xy
->
bluex
>
PNG_FP_1
)
return
1
;
if
(
xy
->
bluey
<
0
||
xy
->
bluey
>
PNG_FP_1
-
xy
->
bluex
)
return
1
;
if
(
xy
->
whitex
<
0
||
xy
->
whitex
>
PNG_FP_1
)
return
1
;
if
(
xy
->
whitey
<
0
||
xy
->
whitey
>
PNG_FP_1
-
xy
->
whitex
)
return
1
;
if
(
xy
->
whitey
<
5
||
xy
->
whitey
>
PNG_FP_1
-
xy
->
whitex
)
return
1
;
/* The reverse calculation is more difficult because the original tristimulus
* value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录