Comments (5)
Thanks; it looks OK to me. This didn't make it into libpng-1.6.25 which I
released today, so it''ll have to go into the next beta. You can submit a
pull request if you like, but I could just use the referenced patch.
Glenn
On Thu, Sep 1, 2016 at 2:41 PM, dan sinclair [email protected]
wrote:
Given a correctly crafted PNG it is possible that the params passed into
png_set_pCAL fail...
from libpng.
Feel free to grab the patch, otherwise I can put up the pull request on Monday or Tuesday.
from libpng.
It's an API, the caller has to do any required clean-up. Historically png_handle_ has checked the parameters so that png_set_ does not error out, this design is of course totally bogus but it is what it is (I'm working on a new design for 1.7, but it is a major rewrite.)
The rule of thumb is that png_handle_ has to stash all the memory it allocates in png_struct before calling png_set_ and png_handle_pCAL is violating this and allocating memory unnecessarily; it can (and should) stack allocate 'params'.
BTW, even if it wasn't an API a called function should never de-allocate data allocated in the caller, at least not in C.
from libpng.
IRC the same issue was found with sPLT (which is a core chunk, not an extension) and this lead to 'png_chunk_report' which does the right thing. In the past png_set_ was written to call png_warning after the first memory allocation (i.e. inside png_set_) so error handling was somewhat weird. png_chunk_benign_error does not work in png_set_ both because it is not a benign error in write and because, IRC, it doesn't actually build if PNG_NO_READ.
I'm testing a patch that should fix it correctly, without the need to stack-allocate. I've reviewed pngrutil.c; this seems to be the only case left of this bug (though it is very easy to introduce new instances; after all this one was introduced by adding the check on the parameter format in pngset.c without duplicating it in pngrutil.c (all the other checks are repeated in png_handle_pCAL!)
from libpng.
John's patch has been applied to the head of the libpng16 branch of glennrp/libpng; see #135
from libpng.
Related Issues (20)
- bug: png_check_sig API changed in 1.6.41 HOT 13
- How to disable warnings
- libpng: APIs that are currently used HOT 8
- 1.6.42: test sute fails in one unit HOT 39
- LoongArch LSX: Follow up on checking for compiler intrinsics inside ./configure HOT 6
- Possible miscalculation of buffer length in `png_icc_profile_error` HOT 3
- Questions about choosing zlib over other compression algorithms and other issues HOT 6
- Use PNG_ABORT instead of abort in png_safe_error HOT 3
- CMake: How to configure options for pnglibconf generation? HOT 4
- Need to restore STDERR in pngtest.c HOT 3
- 16-bit channels, possible issue? HOT 7
- Minor Syntax Issues in the `/libpng/contrib/gregbook` HOT 1
- Possible integer overflow in pngtests.c HOT 2
- Implicit fallthroughs HOT 8
- libpng version 1.6.43 dll only worked on the debugged version.crashed with the released version. HOT 3
- [Build][CMake][Windows] Issue to build on Windows when cygwin (awk ) is present in the PATH HOT 4
- libpng-1.6.43.tar.gz is corrupt HOT 2
- Sovereign Tech Fund: Fellowship for Maintainers
- Potential Vulnerability in libpng Leading to Hang or Infinite Loop when Processing Malformed PNG Files HOT 4
- png_set_cHRM() fails when using ACEScg coordinates HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libpng.