[libpng12] Fixed undefined behavior in png_push_save_buffer(). Do not call
memcpy() with a null source, even if count is zero (Leon Scroggins III).
This commit is contained in:
Glenn Randers-Pehrson
parent
08e993c056
commit
01a1fd6ea5
6
ANNOUNCE
6
ANNOUNCE
@ -1,5 +1,5 @@
|
||||
|
||||
Libpng 1.2.57beta01 - March 1, 2016
|
||||
Libpng 1.2.57beta01 - June 4, 2016
|
||||
|
||||
This is not intended to be a public release. It will be replaced
|
||||
within a few weeks by a public version or by another test version.
|
||||
@ -40,8 +40,10 @@ Other information:
|
||||
|
||||
Changes since the last public release (1.2.56):
|
||||
|
||||
version 1.2.57beta01 [March 1, 2016]
|
||||
version 1.2.57beta01 [June 4, 2016]
|
||||
Fix typos in libpng.3 synopses (Eric S. Raymond).
|
||||
Fixed undefined behavior in png_push_save_buffer(). Do not call
|
||||
memcpy() with a null source, even if count is zero (Leon Scroggins III).
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
||||
4
CHANGES
4
CHANGES
@ -2920,8 +2920,10 @@ version 1.2.56rc01 [December 14, 2015]
|
||||
version 1.2.56 [December 17, 2015]
|
||||
No changes.
|
||||
|
||||
version 1.2.57beta01 [March 1, 2016]
|
||||
version 1.2.57beta01 [June 4, 2016]
|
||||
Fix typos in libpng.3 synopses (Eric S. Raymond).
|
||||
Fixed undefined behavior in png_push_save_buffer(). Do not call
|
||||
memcpy() with a null source, even if count is zero (Leon Scroggins III).
|
||||
|
||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||
(subscription required; visit
|
||||
|
||||
11
pngpread.c
11
pngpread.c
@ -1,8 +1,8 @@
|
||||
|
||||
/* pngpread.c - read a png file in push mode
|
||||
*
|
||||
* Last changed in libpng 1.2.44 [June 26, 2010]
|
||||
* Copyright (c) 1998-2002,2004,2006-2010 Glenn Randers-Pehrson
|
||||
* Last changed in libpng 1.2.57 [(TO BE RELEASED)]
|
||||
* Copyright (c) 1998-2002,2004,2006-2010,2016 Glenn Randers-Pehrson
|
||||
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
|
||||
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
|
||||
*
|
||||
@ -687,7 +687,12 @@ png_push_save_buffer(png_structp png_ptr)
|
||||
}
|
||||
else
|
||||
{
|
||||
png_memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
|
||||
if (old_buffer)
|
||||
png_memcpy(png_ptr->save_buffer, old_buffer,
|
||||
png_ptr->save_buffer_size);
|
||||
else if (png_ptr->save_buffer_size)
|
||||
png_error(png_ptr, "save_buffer error");
|
||||
png_memcpy(png_ptr->save_buffer, old_buffer,png_ptr->save_buffer_size);
|
||||
png_free(png_ptr, old_buffer);
|
||||
png_ptr->save_buffer_max = new_max;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user