Giter VIP home page Giter VIP logo

Comments (5)

glennrp avatar glennrp commented on September 26, 2024

Thanks; it looks OK to me. This didn't make it into libpng-1.6.25 which I
released today, so it''ll have to go into the next beta. You can submit a
pull request if you like, but I could just use the referenced patch.

Glenn

On Thu, Sep 1, 2016 at 2:41 PM, dan sinclair [email protected]
wrote:

Given a correctly crafted PNG it is possible that the params passed into
png_set_pCAL fail...

from libpng.

dj2 avatar dj2 commented on September 26, 2024

Feel free to grab the patch, otherwise I can put up the pull request on Monday or Tuesday.

from libpng.

jbowler avatar jbowler commented on September 26, 2024

It's an API, the caller has to do any required clean-up. Historically png_handle_ has checked the parameters so that png_set_ does not error out, this design is of course totally bogus but it is what it is (I'm working on a new design for 1.7, but it is a major rewrite.)

The rule of thumb is that png_handle_ has to stash all the memory it allocates in png_struct before calling png_set_ and png_handle_pCAL is violating this and allocating memory unnecessarily; it can (and should) stack allocate 'params'.

BTW, even if it wasn't an API a called function should never de-allocate data allocated in the caller, at least not in C.

from libpng.

jbowler avatar jbowler commented on September 26, 2024

IRC the same issue was found with sPLT (which is a core chunk, not an extension) and this lead to 'png_chunk_report' which does the right thing. In the past png_set_ was written to call png_warning after the first memory allocation (i.e. inside png_set_) so error handling was somewhat weird. png_chunk_benign_error does not work in png_set_ both because it is not a benign error in write and because, IRC, it doesn't actually build if PNG_NO_READ.

I'm testing a patch that should fix it correctly, without the need to stack-allocate. I've reviewed pngrutil.c; this seems to be the only case left of this bug (though it is very easy to introduce new instances; after all this one was introduced by adding the check on the parameter format in pngset.c without duplicating it in pngrutil.c (all the other checks are repeated in png_handle_pCAL!)

from libpng.

glennrp avatar glennrp commented on September 26, 2024

John's patch has been applied to the head of the libpng16 branch of glennrp/libpng; see #135

from libpng.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.