[legacy] Check for up->location !PNG_AFTER_IDAT when writing unknown chunks

before IDAT.
This commit is contained in:
Glenn Randers-Pehrson 2011-06-07 15:35:48 -05:00
parent 950f965bca
commit d13542a3ee
3 changed files with 5 additions and 0 deletions

View File

@ -108,6 +108,8 @@ version 1.2.45beta01 [June 7, 2011]
report by Frank Busse, related to CVE-2004-0421). report by Frank Busse, related to CVE-2004-0421).
Pass "" instead of '\0' to png_default_error() in png_err(). This mistake Pass "" instead of '\0' to png_default_error() in png_err(). This mistake
was introduced in libpng-1.2.20beta01. was introduced in libpng-1.2.20beta01.
Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
before IDAT.
(subscription required; visit (subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement https://lists.sourceforge.net/lists/listinfo/png-mng-implement

View File

@ -2709,6 +2709,8 @@ version 1.2.45beta01 [June 7, 2011]
report by Frank Busse, related to CVE-2004-0421). report by Frank Busse, related to CVE-2004-0421).
Pass "" instead of '\0' to png_default_error() in png_err(). This mistake Pass "" instead of '\0' to png_default_error() in png_err(). This mistake
was introduced in libpng-1.2.20beta01. was introduced in libpng-1.2.20beta01.
Check for up->location !PNG_AFTER_IDAT when writing unknown chunks
before IDAT.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit (subscription required; visit

View File

@ -295,6 +295,7 @@ png_write_info(png_structp png_ptr, png_infop info_ptr)
if (keep != PNG_HANDLE_CHUNK_NEVER && if (keep != PNG_HANDLE_CHUNK_NEVER &&
up->location && (up->location & PNG_HAVE_PLTE) && up->location && (up->location & PNG_HAVE_PLTE) &&
!(up->location & PNG_HAVE_IDAT) && !(up->location & PNG_HAVE_IDAT) &&
!(up->location & PNG_AFTER_IDAT) &&
((up->name[3] & 0x20) || keep == PNG_HANDLE_CHUNK_ALWAYS || ((up->name[3] & 0x20) || keep == PNG_HANDLE_CHUNK_ALWAYS ||
(png_ptr->flags & PNG_FLAG_KEEP_UNSAFE_CHUNKS))) (png_ptr->flags & PNG_FLAG_KEEP_UNSAFE_CHUNKS)))
{ {