diff --git a/media/libpng/CHANGES b/media/libpng/CHANGES index a2f367a5f04f..4b82118910ef 100644 --- a/media/libpng/CHANGES +++ b/media/libpng/CHANGES @@ -833,7 +833,7 @@ Version 1.0.7beta11 [May 7, 2000] Removed the new PNG_CREATED_READ_STRUCT and PNG_CREATED_WRITE_STRUCT modes which are no longer used. Eliminated the three new members of png_text when PNG_LEGACY_SUPPORTED is - defined or when neither PNG_READ_iTXt_SUPPORTED nor PNG_WRITE_iTXT_SUPPORTED + defined or when neither PNG_READ_iTXt_SUPPORTED nor PNG_WRITE_iTXt_SUPPORTED is defined. Made PNG_NO_READ|WRITE_iTXt the default setting, to avoid memory overrun when old applications fill the info_ptr->text structure directly. @@ -5908,6 +5908,139 @@ Version 1.6.31rc02 [July 25, 2017] Version 1.6.31 [July 27, 2017] No changes. +Version 1.6.32beta01 [July 31, 2017] + Avoid possible NULL dereference in png_handle_eXIf when benign_errors + are allowed. Avoid leaking the input buffer "eXIf_buf". + Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif + to arguments for png_get_eXIf() and png_set_eXIf(). + Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in + pngwrite.c, and made various other fixes to png_write_eXIf(). + Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and + png_set_eXIf_1(), respectively, to avoid breaking API compatibility + with libpng-1.6.31. + +Version 1.6.32beta02 [August 1, 2017] + Updated contrib/libtests/pngunknown.c with eXIf chunk. + +Version 1.6.32beta03 [August 2, 2017] + Initialized btoa[] in pngstest.c + Stop memory leak when returning from png_handle_eXIf() with an error + (Bug report from the OSS-fuzz project). + +Version 1.6.32beta04 [August 2, 2017] + Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). + Update libpng.3 and libpng-manual.txt about eXIf functions. + +Version 1.6.32beta05 [August 2, 2017] + Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. + +Version 1.6.32beta06 [August 2, 2017] + Removed png_get_eXIf_1() and png_set_eXIf_1(). + +Version 1.6.32beta07 [August 3, 2017] + Check length of all chunks except IDAT against user limit to fix an + OSS-fuzz issue (Fixes CVE-2017-12652). + +Version 1.6.32beta08 [August 3, 2017] + Check length of IDAT against maximum possible IDAT size, accounting + for height, rowbytes, interlacing and zlib/deflate overhead. + Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) + does not work (the eXIf chunk data can contain zeroes). + +Version 1.6.32beta09 [August 3, 2017] + Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation, + no longer using deprecated cmake LOCATION feature (Clifford Yapp). + Fixed five-byte error in the calculation of IDAT maximum possible size. + +Version 1.6.32beta10 [August 5, 2017] + Moved chunk-length check into a png_check_chunk_length() private + function (Suggested by Max Stepin). + Moved bad pngs from tests to contrib/libtests/crashers + Moved testing of bad pngs into a separate tests/pngtest-badpngs script + Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL + in the output but PASS for the libpng test. + Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp). + Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the + num_exif argument to png_get_eXIf_1() (Github Issue 171). + +Version 1.6.32beta11 [August 7, 2017] + Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). + Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. + Make pngtest --strict, --relax, --xfail options imply -m (multiple). + Removed unused chunk_name parameter from png_check_chunk_length(). + Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. + Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. + Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. + Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. + Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account + for the minimum 'deflate' stream, and relocate the test to a point + after the keyword has been read. + Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". + +Version 1.6.32rc01 [August 18, 2017] + Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, + one for each known chunk type, with length = 2GB-1. + Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts + in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, + and 162707). + Renamed chunks in contrib/testpngs/crashers to avoid having files whose + names differ only in case; this causes problems with some platforms + (github issue #172). + +Version 1.6.32rc02 [August 22, 2017] + Added contrib/oss-fuzz directory which contains files used by the oss-fuzz + project (https://github.com/google/oss-fuzz/tree/master/projects/libpng). + +Version 1.6.32 [August 24, 2017] + No changes. + +Version 1.6.33beta01 [August 28, 2017] + Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing + parenthesis in contrib/pngminus/pnm2png.c (bug report by Christian Hesse). + Fixed off-by-one error in png_do_check_palette_indexes() (Bug report + by Mick P., Source Forge Issue #269). + +Version 1.6.33beta02 [September 3, 2017] + Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc + to fix shortlived oss-fuzz issue 3234. + Compute a larger limit on IDAT because some applications write a deflate + buffer for each row (Bug report by Andrew Church). + Use current date (DATE) instead of release-date (RDATE) in last + changed date of contrib/oss-fuzz files. + Enabled ARM support in CMakeLists.txt (Bernd Kuhls). + +Version 1.6.33beta03 [September 14, 2017] + Fixed incorrect typecast of some arguments to png_malloc() and + png_calloc() that were png_uint_32 instead of png_alloc_size_t + (Bug report by "irwir" in Github libpng issue #175). + Use pnglibconf.h.prebuilt when building for ANDROID with cmake (Github + issue 162, by rcdailey). + +Version 1.6.33rc01 [September 20, 2017] + Initialize memory allocated by png_inflate to zero, using memset, to + stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2() + due to truncated iTXt or zTXt chunk. + Initialize memory allocated by png_read_buffer to zero, using memset, to + stop an oss-fuzz "use of uninitialized value" detection in + png_icc_check_tag_table() due to truncated iCCP chunk. + Removed a redundant test (suggested by "irwir" in Github issue #180). + +Version 1.6.33rc02 [September 23, 2017] + Added an interlaced version of each file in contrib/pngsuite. + Relocate new memset() call in pngrutil.c. + Removed more redundant tests (suggested by "irwir" in Github issue #180). + Add support for loading images with associated alpha in the Simplified + API (Samuel Williams). + +Version 1.6.33 [September 28, 2017] + Revert contrib/oss-fuzz/libpng_read_fuzzer.cc to libpng-1.6.32 state. + Initialize png_handler.row_ptr in contrib/oss-fuzz/libpng_read_fuzzer.cc + Add end_info structure and png_read_end() to the libpng fuzzer. + +Version 1.6.34 [September 29, 2017] + Removed contrib/pngsuite/i*.png; some of these were incorrect and caused + test failures. + Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement diff --git a/media/libpng/LICENSE b/media/libpng/LICENSE index c1749f0b620c..9124a015ac22 100644 --- a/media/libpng/LICENSE +++ b/media/libpng/LICENSE @@ -20,7 +20,7 @@ surrounding them in the modified libpng source files. This code is released under the libpng license. -libpng versions 1.0.7, July 1, 2000 through 1.6.31, July 27, 2017 are +libpng versions 1.0.7, July 1, 2000 through 1.6.34, September 29, 2017 are Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are derived from libpng-1.0.6, and are distributed according to the same disclaimer and license as libpng-1.0.6 with the following individuals @@ -140,4 +140,4 @@ any encryption software. See the EAR, paragraphs 734.3(b)(3) and Glenn Randers-Pehrson glennrp at users.sourceforge.net -April 1, 2017 +September 29, 2017 diff --git a/media/libpng/MOZCHANGES b/media/libpng/MOZCHANGES index 6ee7e15f3555..da86bb8bf70f 100644 --- a/media/libpng/MOZCHANGES +++ b/media/libpng/MOZCHANGES @@ -1,6 +1,10 @@ Changes made to pristine libpng source by mozilla.org developers. +2017/08/30 -- Synced with libpng-1.6.34 (bug #1402057). + +2017/03/18 -- Synced with libpng-1.6.31 (bug #1377118). + 2017/03/18 -- Synced with libpng-1.6.29 (bug #1348356). 2017/01/06 -- Synced with libpng-1.6.28 (bug #1328354). diff --git a/media/libpng/README b/media/libpng/README index 1f68cfa64a86..0da5a5ef8399 100644 --- a/media/libpng/README +++ b/media/libpng/README @@ -1,4 +1,4 @@ -README for libpng version 1.6.31 - July 27, 2017 (shared library 16.0) +README for libpng version 1.6.34 - September 29, 2017 (shared library 16.0) See the note about version numbers near the top of png.h See INSTALL for instructions on how to install libpng. diff --git a/media/libpng/apng.patch b/media/libpng/apng.patch index 196d8a718af8..abbd03f882b3 100644 --- a/media/libpng/apng.patch +++ b/media/libpng/apng.patch @@ -14,7 +14,7 @@ Index: LICENSE + This code is released under the libpng license. - libpng versions 1.0.7, July 1, 2000 through 1.6.31, July 27, 2017 are + libpng versions 1.0.7, July 1, 2000 through 1.6.34, September 29, 2017 are Index: pngread.c =================================================================== --- pngread.c @@ -29,7 +29,7 @@ Index: pngread.c png_ptr->idat_size = length; break; } -@@ -250,6 +253,17 @@ +@@ -255,6 +258,17 @@ png_handle_iTXt(png_ptr, info_ptr, length); #endif @@ -47,7 +47,7 @@ Index: pngread.c else png_handle_unknown(png_ptr, info_ptr, length, PNG_HANDLE_CHUNK_AS_DEFAULT); -@@ -257,6 +271,72 @@ +@@ -262,6 +276,72 @@ } #endif /* SEQUENTIAL_READ */ @@ -124,7 +124,7 @@ Index: pngget.c =================================================================== --- pngget.c +++ pngget.c -@@ -1234,4 +1234,166 @@ +@@ -1245,4 +1245,166 @@ # endif #endif @@ -295,12 +295,12 @@ Index: png.c =================================================================== --- png.c +++ png.c -@@ -806,17 +806,21 @@ +@@ -816,17 +816,21 @@ #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ -- "libpng version 1.6.31 - July 27, 2017" PNG_STRING_NEWLINE \ -+ "libpng version 1.6.31+apng - July 27, 2017" PNG_STRING_NEWLINE \ +- "libpng version 1.6.34 - September 29, 2017" PNG_STRING_NEWLINE \ ++ "libpng version 1.6.34+apng - September 29, 2017" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ @@ -310,8 +310,8 @@ Index: png.c + "Portions Copyright (c) 2006-2007 Andrew Smith" PNG_STRING_NEWLINE \ + "Portions Copyright (c) 2008-2017 Max Stepin" PNG_STRING_NEWLINE ; # else -- return "libpng version 1.6.31 - July 27, 2017\ -+ return "libpng version 1.6.31+apng - July 27, 2017\ +- return "libpng version 1.6.34 - September 29, 2017\ ++ return "libpng version 1.6.34+apng - September 29, 2017\ Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ - Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; @@ -337,16 +337,16 @@ Index: png.h + * * This code is released under the libpng license. * - * libpng versions 1.0.7, July 1, 2000 through 1.6.31, July 27, 2017 are + * libpng versions 1.0.7, July 1, 2000 through 1.6.34, September 29, 2017 are @@ -309,8 +315,9 @@ */ /* Version information for png.h - this should match the version in png.c */ --#define PNG_LIBPNG_VER_STRING "1.6.31" --#define PNG_HEADER_VERSION_STRING " libpng version 1.6.31 - July 27, 2017\n" -+#define PNG_LIBPNG_VER_STRING "1.6.31+apng" +-#define PNG_LIBPNG_VER_STRING "1.6.34" +-#define PNG_HEADER_VERSION_STRING " libpng version 1.6.34 - September 29, 2017\n" ++#define PNG_LIBPNG_VER_STRING "1.6.34+apng" +#define PNG_HEADER_VERSION_STRING \ -+ " libpng version 1.6.31+apng - July 27, 2017\n" ++ " libpng version 1.6.34+apng - September 29, 2017\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -401,7 +401,7 @@ Index: png.h /* The following callback receives png_uint_32 row_number, int pass for the * png_bytep data of the row. When transforming an interlaced image the -@@ -3251,6 +3281,75 @@ +@@ -3258,6 +3288,75 @@ * END OF HARDWARE AND SOFTWARE OPTIONS ******************************************************************************/ @@ -477,14 +477,14 @@ Index: png.h /* Maintainer: Put new public prototypes here ^, in libpng.3, in project * defs, and in scripts/symbols.def. */ -@@ -3259,7 +3358,11 @@ +@@ -3266,7 +3365,11 @@ * one to use is one more than this.) */ #ifdef PNG_EXPORT_LAST_ORDINAL +#ifdef PNG_APNG_SUPPORTED -+ PNG_EXPORT_LAST_ORDINAL(267); ++ PNG_EXPORT_LAST_ORDINAL(269); +#else - PNG_EXPORT_LAST_ORDINAL(247); + PNG_EXPORT_LAST_ORDINAL(249); +#endif /* APNG */ #endif @@ -521,7 +521,7 @@ Index: pngpriv.h /* The following will work on (signed char*) strings, whereas the get_uint_32 * macro will fail on top-bit-set values because of the sign extension. */ -@@ -1607,6 +1621,49 @@ +@@ -1615,6 +1629,49 @@ #endif /* PROGRESSIVE_READ */ @@ -575,7 +575,7 @@ Index: pnginfo.h =================================================================== --- pnginfo.h +++ pnginfo.h -@@ -260,5 +260,18 @@ +@@ -263,5 +263,18 @@ png_bytepp row_pointers; /* the image bits */ #endif @@ -641,7 +641,7 @@ Index: pngwrite.c #ifdef PNG_GAMMA_SUPPORTED # ifdef PNG_WRITE_gAMA_SUPPORTED if ((info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID) == 0 && -@@ -360,6 +364,11 @@ +@@ -365,6 +369,11 @@ if ((png_ptr->mode & PNG_HAVE_IDAT) == 0) png_error(png_ptr, "No IDATs written into file"); @@ -653,7 +653,7 @@ Index: pngwrite.c #ifdef PNG_WRITE_CHECK_FOR_INVALID_INDEX_SUPPORTED if (png_ptr->num_palette_max > png_ptr->num_palette) png_benign_error(png_ptr, "Wrote palette index exceeding num_palette"); -@@ -2382,4 +2391,42 @@ +@@ -2393,4 +2402,42 @@ } #endif /* SIMPLIFIED_WRITE_STDIO */ #endif /* SIMPLIFIED_WRITE */ @@ -700,7 +700,7 @@ Index: pngpread.c =================================================================== --- pngpread.c +++ pngpread.c -@@ -194,6 +194,89 @@ +@@ -195,6 +195,89 @@ chunk_name = png_ptr->chunk_name; @@ -790,7 +790,7 @@ Index: pngpread.c if (chunk_name == png_IDAT) { if ((png_ptr->mode & PNG_AFTER_IDAT) != 0) -@@ -260,6 +343,9 @@ +@@ -261,6 +344,9 @@ else if (chunk_name == png_IDAT) { @@ -800,7 +800,7 @@ Index: pngpread.c png_ptr->idat_size = png_ptr->push_length; png_ptr->process_mode = PNG_READ_IDAT_MODE; png_push_have_info(png_ptr, info_ptr); -@@ -406,6 +492,20 @@ +@@ -407,6 +493,20 @@ } #endif @@ -821,7 +821,7 @@ Index: pngpread.c else { PNG_PUSH_SAVE_BUFFER_IF_FULL -@@ -538,7 +638,11 @@ +@@ -539,7 +639,11 @@ png_byte chunk_tag[4]; /* TODO: this code can be commoned up with the same code in push_read */ @@ -833,7 +833,7 @@ Index: pngpread.c png_push_fill_buffer(png_ptr, chunk_length, 4); png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length); png_reset_crc(png_ptr); -@@ -546,17 +650,60 @@ +@@ -547,17 +651,60 @@ png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag); png_ptr->mode |= PNG_HAVE_CHUNK_HEADER; @@ -894,7 +894,7 @@ Index: pngpread.c } if (png_ptr->idat_size != 0 && png_ptr->save_buffer_size != 0) -@@ -630,6 +777,16 @@ +@@ -631,6 +778,16 @@ if (!(buffer_length > 0) || buffer == NULL) png_error(png_ptr, "No IDAT data (internal error)"); @@ -911,7 +911,7 @@ Index: pngpread.c /* This routine must process all the data it has been given * before returning, calling the row callback as required to * handle the uncompressed results. -@@ -1084,6 +1241,18 @@ +@@ -1085,6 +1242,18 @@ png_set_read_fn(png_ptr, progressive_ptr, png_push_fill_buffer); } @@ -934,7 +934,7 @@ Index: pngset.c =================================================================== --- pngset.c +++ pngset.c -@@ -274,6 +274,11 @@ +@@ -288,6 +288,11 @@ info_ptr->pixel_depth = (png_byte)(info_ptr->channels * info_ptr->bit_depth); info_ptr->rowbytes = PNG_ROWBYTES(info_ptr->pixel_depth, width); @@ -946,7 +946,7 @@ Index: pngset.c } #ifdef PNG_oFFs_SUPPORTED -@@ -1144,6 +1149,146 @@ +@@ -1158,6 +1163,146 @@ } #endif /* sPLT */ @@ -1097,7 +1097,7 @@ Index: pngrutil.c =================================================================== --- pngrutil.c +++ pngrutil.c -@@ -861,6 +861,11 @@ +@@ -865,6 +865,11 @@ filter_type = buf[11]; interlace_type = buf[12]; @@ -1109,7 +1109,7 @@ Index: pngrutil.c /* Set internal variables */ png_ptr->width = width; png_ptr->height = height; -@@ -2802,6 +2807,180 @@ +@@ -2840,6 +2845,180 @@ } #endif @@ -1290,7 +1290,19 @@ Index: pngrutil.c #ifdef PNG_READ_UNKNOWN_CHUNKS_SUPPORTED /* Utility function for png_handle_unknown; set up png_ptr::unknown_chunk */ static int -@@ -4070,6 +4249,38 @@ +@@ -3145,7 +3324,11 @@ + if (PNG_USER_CHUNK_MALLOC_MAX < limit) + limit = PNG_USER_CHUNK_MALLOC_MAX; + # endif ++#ifdef PNG_READ_APNG_SUPPORTED ++ if (png_ptr->chunk_name == png_IDAT || png_ptr->chunk_name == png_fdAT) ++#else + if (png_ptr->chunk_name == png_IDAT) ++#endif + { + png_alloc_size_t idat_limit = PNG_UINT_31_MAX; + size_t row_factor = +@@ -4146,6 +4329,38 @@ uInt avail_in; png_bytep buffer; @@ -1329,7 +1341,7 @@ Index: pngrutil.c while (png_ptr->idat_size == 0) { png_crc_finish(png_ptr, 0); -@@ -4081,6 +4292,7 @@ +@@ -4157,6 +4372,7 @@ if (png_ptr->chunk_name != png_IDAT) png_error(png_ptr, "Not enough image data"); } @@ -1337,7 +1349,7 @@ Index: pngrutil.c avail_in = png_ptr->IDAT_read_size; -@@ -4144,6 +4356,9 @@ +@@ -4220,6 +4436,9 @@ png_ptr->mode |= PNG_AFTER_IDAT; png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED; @@ -1347,7 +1359,7 @@ Index: pngrutil.c if (png_ptr->zstream.avail_in > 0 || png_ptr->idat_size > 0) png_chunk_benign_error(png_ptr, "Extra compressed data"); -@@ -4582,4 +4797,80 @@ +@@ -4658,4 +4877,80 @@ png_ptr->flags |= PNG_FLAG_ROW_INIT; } @@ -1480,7 +1492,7 @@ Index: pngwutil.c png_ptr->zstream.avail_out = 0; png_ptr->zstream.next_out = NULL; png_ptr->mode |= PNG_HAVE_IDAT | PNG_AFTER_IDAT; -@@ -1896,6 +1921,82 @@ +@@ -1887,6 +1912,82 @@ } #endif @@ -1563,7 +1575,7 @@ Index: pngwutil.c /* Initializes the row writing capability of libpng */ void /* PRIVATE */ png_write_start_row(png_structrp png_ptr) -@@ -2790,4 +2891,39 @@ +@@ -2781,4 +2882,39 @@ } #endif /* WRITE_FLUSH */ } @@ -1607,27 +1619,27 @@ Index: scripts/symbols.def =================================================================== --- scripts/symbols.def +++ scripts/symbols.def -@@ -252,3 +252,23 @@ - png_image_write_to_memory @245 - png_get_eXIf @246 +@@ -254,3 +254,23 @@ png_set_eXIf @247 -+ png_get_acTL @248 -+ png_set_acTL @249 -+ png_get_num_frames @250 -+ png_get_num_plays @251 -+ png_get_next_frame_fcTL @252 -+ png_set_next_frame_fcTL @253 -+ png_get_next_frame_width @254 -+ png_get_next_frame_height @255 -+ png_get_next_frame_x_offset @256 -+ png_get_next_frame_y_offset @257 -+ png_get_next_frame_delay_num @258 -+ png_get_next_frame_delay_den @259 -+ png_get_next_frame_dispose_op @260 -+ png_get_next_frame_blend_op @261 -+ png_get_first_frame_is_hidden @262 -+ png_set_first_frame_is_hidden @263 -+ png_read_frame_head @264 -+ png_set_progressive_frame_fn @265 -+ png_write_frame_head @266 -+ png_write_frame_tail @267 + png_get_eXIf_1 @248 + png_set_eXIf_1 @249 ++ png_get_acTL @250 ++ png_set_acTL @251 ++ png_get_num_frames @252 ++ png_get_num_plays @253 ++ png_get_next_frame_fcTL @254 ++ png_set_next_frame_fcTL @255 ++ png_get_next_frame_width @256 ++ png_get_next_frame_height @257 ++ png_get_next_frame_x_offset @258 ++ png_get_next_frame_y_offset @259 ++ png_get_next_frame_delay_num @260 ++ png_get_next_frame_delay_den @261 ++ png_get_next_frame_dispose_op @262 ++ png_get_next_frame_blend_op @263 ++ png_get_first_frame_is_hidden @264 ++ png_set_first_frame_is_hidden @265 ++ png_read_frame_head @266 ++ png_set_progressive_frame_fn @267 ++ png_write_frame_head @268 ++ png_write_frame_tail @269 diff --git a/media/libpng/libpng-manual.txt b/media/libpng/libpng-manual.txt index b81d2a680536..d4407ef2ea07 100644 --- a/media/libpng/libpng-manual.txt +++ b/media/libpng/libpng-manual.txt @@ -1,6 +1,6 @@ libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.6.31 - July 27, 2017 + libpng version 1.6.34 - September 29, 2017 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2017 Glenn Randers-Pehrson @@ -11,7 +11,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.6.31 - July 27, 2017 + libpng versions 0.97, January 1998, through 1.6.34 - September 29, 2017 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2017 Glenn Randers-Pehrson @@ -688,8 +688,9 @@ where 0x7fffffffL means unlimited. You can retrieve this limit with chunk_cache_max = png_get_chunk_cache_max(png_ptr); Libpng imposes a limit of 8 Megabytes (8,000,000 bytes) on the amount of -memory that a compressed chunk other than IDAT can occupy, when decompressed. -You can change this limit with +memory that any chunk other than IDAT can occupy, originally or when +decompressed (prior to libpng-1.6.32 the limit was only applied to compressed +chunks after decompression). You can change this limit with png_set_chunk_malloc_max(png_ptr, user_chunk_malloc_max); @@ -985,8 +986,17 @@ premultiplication. png_set_alpha_mode(pp, PNG_ALPHA_PNG, PNG_DEFAULT_sRGB); -This is the default libpng handling of the alpha channel - it is not -pre-multiplied into the color components. In addition the call states +Choices for the alpha_mode are + + PNG_ALPHA_PNG 0 /* according to the PNG standard */ + PNG_ALPHA_STANDARD 1 /* according to Porter/Duff */ + PNG_ALPHA_ASSOCIATED 1 /* as above; this is the normal practice */ + PNG_ALPHA_PREMULTIPLIED 1 /* as above */ + PNG_ALPHA_OPTIMIZED 2 /* 'PNG' for opaque pixels, else 'STANDARD' */ + PNG_ALPHA_BROKEN 3 /* the alpha channel is gamma encoded */ + +PNG_ALPHA_PNG is the default libpng handling of the alpha channel. It is not +pre-multiplied into the color components. In addition the call states that the output is for a sRGB system and causes all PNG files without gAMA chunks to be assumed to be encoded using sRGB. @@ -1001,7 +1011,7 @@ early Mac systems behaved. This is the classic Jim Blinn approach and will work in academic environments where everything is done by the book. It has the shortcoming of assuming that input PNG data with no gamma information is linear - this -is unlikely to be correct unless the PNG files where generated locally. +is unlikely to be correct unless the PNG files were generated locally. Most of the time the output precision will be so low as to show significant banding in dark areas of the image. @@ -1453,7 +1463,7 @@ png_set_rgb_to_gray()). the single transparent color for non-paletted images (PNG_INFO_tRNS) - png_get_eXIf(png_ptr, info_ptr, &exif); + png_get_eXIf_1(png_ptr, info_ptr, &num_exif, &exif); (PNG_INFO_eXIf) exif - Exif profile (array of png_byte) @@ -3103,9 +3113,9 @@ width, height, bit_depth, and color_type must be the same in each call. single transparent color for non-paletted images (PNG_INFO_tRNS) - png_set_eXIf(png_ptr, info_ptr, exif); + png_set_eXIf_1(png_ptr, info_ptr, num_exif, exif); - hist - Exif profile (array of + exif - Exif profile (array of png_byte) (PNG_INFO_eXIf) png_set_hIST(png_ptr, info_ptr, hist); @@ -5404,7 +5414,7 @@ Since the PNG Development group is an ad-hoc body, we can't make an official declaration. This is your unofficial assurance that libpng from version 0.71 and -upward through 1.6.31 are Y2K compliant. It is my belief that earlier +upward through 1.6.34 are Y2K compliant. It is my belief that earlier versions were also Y2K compliant. Libpng only has two year fields. One is a 2-byte unsigned integer diff --git a/media/libpng/png.c b/media/libpng/png.c index 61d723cc6917..ea7730231899 100644 --- a/media/libpng/png.c +++ b/media/libpng/png.c @@ -1,7 +1,7 @@ /* png.c - location for general purpose libpng functions * - * Last changed in libpng 1.6.31 [July 27, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -14,7 +14,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_31 Your_png_h_is_not_version_1_6_31; +typedef png_libpng_version_1_6_34 Your_png_h_is_not_version_1_6_34; #ifdef __GNUC__ /* The version tests may need to be added to, but the problem warning has @@ -619,8 +619,18 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, /* Free any eXIf entry */ if (((mask & PNG_FREE_EXIF) & info_ptr->free_me) != 0) { - png_free(png_ptr, info_ptr->exif); - info_ptr->exif = NULL; +# ifdef PNG_READ_eXIf_SUPPORTED + if (info_ptr->eXIf_buf) + { + png_free(png_ptr, info_ptr->eXIf_buf); + info_ptr->eXIf_buf = NULL; + } +# endif + if (info_ptr->exif) + { + png_free(png_ptr, info_ptr->exif); + info_ptr->exif = NULL; + } info_ptr->valid &= ~PNG_INFO_eXIf; } #endif @@ -806,7 +816,7 @@ png_get_copyright(png_const_structrp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.31+apng - July 27, 2017" PNG_STRING_NEWLINE \ + "libpng version 1.6.34+apng - September 29, 2017" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ @@ -815,7 +825,7 @@ png_get_copyright(png_const_structrp png_ptr) "Portions Copyright (c) 2006-2007 Andrew Smith" PNG_STRING_NEWLINE \ "Portions Copyright (c) 2008-2017 Max Stepin" PNG_STRING_NEWLINE ; # else - return "libpng version 1.6.31+apng - July 27, 2017\ + return "libpng version 1.6.34+apng - September 29, 2017\ Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.\ @@ -1907,12 +1917,12 @@ png_colorspace_set_sRGB(png_const_structrp png_ptr, png_colorspacerp colorspace, */ if (intent < 0 || intent >= PNG_sRGB_INTENT_LAST) return png_icc_profile_error(png_ptr, colorspace, "sRGB", - (unsigned)intent, "invalid sRGB rendering intent"); + (png_alloc_size_t)intent, "invalid sRGB rendering intent"); if ((colorspace->flags & PNG_COLORSPACE_HAVE_INTENT) != 0 && colorspace->rendering_intent != intent) return png_icc_profile_error(png_ptr, colorspace, "sRGB", - (unsigned)intent, "inconsistent rendering intents"); + (png_alloc_size_t)intent, "inconsistent rendering intents"); if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != 0) { @@ -1973,7 +1983,6 @@ icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace, if (profile_length < 132) return png_icc_profile_error(png_ptr, colorspace, name, profile_length, "too short"); - return 1; } @@ -2218,15 +2227,6 @@ png_icc_check_tag_table(png_const_structrp png_ptr, png_colorspacerp colorspace, * being in range. All defined tag types have an 8 byte header - a 4 byte * type signature then 0. */ - if ((tag_start & 3) != 0) - { - /* CNHP730S.icc shipped with Microsoft Windows 64 violates this, it is - * only a warning here because libpng does not care about the - * alignment. - */ - (void)png_icc_profile_error(png_ptr, NULL, name, tag_id, - "ICC profile tag start not a multiple of 4"); - } /* This is a hard error; potentially it can cause read outside the * profile. @@ -2234,6 +2234,16 @@ png_icc_check_tag_table(png_const_structrp png_ptr, png_colorspacerp colorspace, if (tag_start > profile_length || tag_length > profile_length - tag_start) return png_icc_profile_error(png_ptr, colorspace, name, tag_id, "ICC profile tag outside profile"); + + if ((tag_start & 3) != 0) + { + /* CNHP730S.icc shipped with Microsoft Windows 64 violates this; it is + * only a warning here because libpng does not care about the + * alignment. + */ + (void)png_icc_profile_error(png_ptr, NULL, name, tag_id, + "ICC profile tag start not a multiple of 4"); + } } return 1; /* success, maybe with warnings */ @@ -3755,7 +3765,7 @@ png_log16bit(png_uint_32 x) * of getting this accuracy in practice. * * To deal with this the following exp() function works out the exponent of the - * frational part of the logarithm by using an accurate 32-bit value from the + * fractional part of the logarithm by using an accurate 32-bit value from the * top four fractional bits then multiplying in the remaining bits. */ static const png_uint_32 diff --git a/media/libpng/png.h b/media/libpng/png.h index 2f93f64a92f2..38befc3fe5eb 100644 --- a/media/libpng/png.h +++ b/media/libpng/png.h @@ -1,7 +1,7 @@ /* png.h - header file for PNG reference library * - * libpng version 1.6.31, July 27, 2017 + * libpng version 1.6.34, September 29, 2017 * * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) @@ -12,7 +12,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.6.31, July 27, 2017: + * libpng versions 0.97, January 1998, through 1.6.34, September 29, 2017: * Glenn Randers-Pehrson. * See also "Contributing Authors", below. */ @@ -31,7 +31,7 @@ * * This code is released under the libpng license. * - * libpng versions 1.0.7, July 1, 2000 through 1.6.31, July 27, 2017 are + * libpng versions 1.0.7, July 1, 2000 through 1.6.34, September 29, 2017 are * Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are * derived from libpng-1.0.6, and are distributed according to the same * disclaimer and license as libpng-1.0.6 with the following individuals @@ -215,11 +215,11 @@ * ... * 1.0.19 10 10019 10.so.0.19[.0] * ... - * 1.2.57 13 10257 12.so.0.57[.0] + * 1.2.59 13 10257 12.so.0.59[.0] * ... - * 1.5.28 15 10527 15.so.15.28[.0] + * 1.5.30 15 10527 15.so.15.30[.0] * ... - * 1.6.31 16 10631 16.so.16.31[.0] + * 1.6.34 16 10633 16.so.16.34[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be @@ -247,13 +247,13 @@ * Y2K compliance in libpng: * ========================= * - * July 27, 2017 + * September 29, 2017 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.6.31 are Y2K compliant. It is my belief that + * upward through 1.6.34 are Y2K compliant. It is my belief that * earlier versions were also Y2K compliant. * * Libpng only has two year fields. One is a 2-byte unsigned integer @@ -315,9 +315,9 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.31+apng" +#define PNG_LIBPNG_VER_STRING "1.6.34+apng" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.6.31+apng - July 27, 2017\n" + " libpng version 1.6.34+apng - September 29, 2017\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -325,7 +325,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 6 -#define PNG_LIBPNG_VER_RELEASE 31 +#define PNG_LIBPNG_VER_RELEASE 34 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: @@ -356,7 +356,7 @@ * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10631 /* 1.6.31 */ +#define PNG_LIBPNG_VER 10634 /* 1.6.34 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -481,7 +481,7 @@ extern "C" { /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_6_31; +typedef char* png_libpng_version_1_6_34; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. * @@ -2044,6 +2044,11 @@ PNG_EXPORT(246, png_uint_32, png_get_eXIf, (png_const_structrp png_ptr, png_inforp info_ptr, png_bytep *exif)); PNG_EXPORT(247, void, png_set_eXIf, (png_const_structrp png_ptr, png_inforp info_ptr, const png_bytep exif)); + +PNG_EXPORT(248, png_uint_32, png_get_eXIf_1, (png_const_structrp png_ptr, + png_const_inforp info_ptr, png_uint_32 *num_exif, png_bytep *exif)); +PNG_EXPORT(249, void, png_set_eXIf_1, (png_const_structrp png_ptr, + png_inforp info_ptr, const png_uint_32 num_exif, const png_bytep exif)); #endif #ifdef PNG_gAMA_SUPPORTED @@ -2844,6 +2849,8 @@ typedef struct # define PNG_FORMAT_FLAG_AFIRST 0x20U /* alpha channel comes first */ #endif +#define PNG_FORMAT_FLAG_ASSOCIATED_ALPHA 0x40U /* alpha channel is associated */ + /* Commonly used formats have predefined macros. * * First the single byte (sRGB) formats: @@ -3359,9 +3366,9 @@ PNG_EXPORT(267, void, png_write_frame_tail, (png_structp png_ptr, */ #ifdef PNG_EXPORT_LAST_ORDINAL #ifdef PNG_APNG_SUPPORTED - PNG_EXPORT_LAST_ORDINAL(267); + PNG_EXPORT_LAST_ORDINAL(269); #else - PNG_EXPORT_LAST_ORDINAL(247); + PNG_EXPORT_LAST_ORDINAL(249); #endif /* APNG */ #endif diff --git a/media/libpng/pngconf.h b/media/libpng/pngconf.h index af6e80c990df..d13b13e57ae3 100644 --- a/media/libpng/pngconf.h +++ b/media/libpng/pngconf.h @@ -1,7 +1,7 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.6.31, July 27, 2017 + * libpng version 1.6.34, September 29, 2017 * * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) diff --git a/media/libpng/pngget.c b/media/libpng/pngget.c index 89907d56a856..288aaa64875b 100644 --- a/media/libpng/pngget.c +++ b/media/libpng/pngget.c @@ -1,8 +1,8 @@ /* pngget.c - retrieval of values from info struct * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.32 [August 24, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -777,12 +777,23 @@ png_get_sPLT(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 PNGAPI png_get_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, png_bytep *exif) +{ + png_warning(png_ptr, "png_get_eXIf does not work; use png_get_eXIf_1"); + PNG_UNUSED(info_ptr) + PNG_UNUSED(exif) + return 0; +} + +png_uint_32 PNGAPI +png_get_eXIf_1(png_const_structrp png_ptr, png_const_inforp info_ptr, + png_uint_32 *num_exif, png_bytep *exif) { png_debug1(1, "in %s retrieval function", "eXIf"); if (png_ptr != NULL && info_ptr != NULL && (info_ptr->valid & PNG_INFO_eXIf) != 0 && exif != NULL) { + *num_exif = info_ptr->num_exif; *exif = info_ptr->exif; return (PNG_INFO_eXIf); } diff --git a/media/libpng/pnginfo.h b/media/libpng/pnginfo.h index 21b8c3580617..233ee1a7be12 100644 --- a/media/libpng/pnginfo.h +++ b/media/libpng/pnginfo.h @@ -186,8 +186,11 @@ defined(PNG_READ_BACKGROUND_SUPPORTED) #endif #ifdef PNG_eXIf_SUPPORTED - int num_exif; + int num_exif; /* Added at libpng-1.6.31 */ png_bytep exif; +# ifdef PNG_READ_eXIf_SUPPORTED + png_bytep eXIf_buf; /* Added at libpng-1.6.32 */ +# endif #endif #ifdef PNG_hIST_SUPPORTED diff --git a/media/libpng/pngpread.c b/media/libpng/pngpread.c index a61ad9289026..ee6617996edf 100644 --- a/media/libpng/pngpread.c +++ b/media/libpng/pngpread.c @@ -1,8 +1,8 @@ /* pngpread.c - read a png file in push mode * - * Last changed in libpng 1.6.24 [August 4, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.32 [August 24, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -189,6 +189,7 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr) png_crc_read(png_ptr, chunk_tag, 4); png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag); png_check_chunk_name(png_ptr, png_ptr->chunk_name); + png_check_chunk_length(png_ptr, png_ptr->push_length); png_ptr->mode |= PNG_HAVE_CHUNK_HEADER; } diff --git a/media/libpng/pngpriv.h b/media/libpng/pngpriv.h index 9c8d40b27e0f..2262c0671569 100644 --- a/media/libpng/pngpriv.h +++ b/media/libpng/pngpriv.h @@ -1,7 +1,7 @@ /* pngpriv.h - private declarations for use inside libpng * - * Last changed in libpng 1.6.31 [July 27, 2017] + * Last changed in libpng 1.6.32 [August 24, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -1157,6 +1157,11 @@ PNG_INTERNAL_FUNCTION(void,png_write_sRGB,(png_structrp png_ptr, int intent),PNG_EMPTY); #endif +#ifdef PNG_WRITE_eXIf_SUPPORTED +PNG_INTERNAL_FUNCTION(void,png_write_eXIf,(png_structrp png_ptr, + png_bytep exif, int num_exif),PNG_EMPTY); +#endif + #ifdef PNG_WRITE_iCCP_SUPPORTED PNG_INTERNAL_FUNCTION(void,png_write_iCCP,(png_structrp png_ptr, png_const_charp name, png_const_bytep profile), PNG_EMPTY); @@ -1536,8 +1541,11 @@ PNG_INTERNAL_FUNCTION(void,png_handle_zTXt,(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length),PNG_EMPTY); #endif -PNG_INTERNAL_FUNCTION(void,png_check_chunk_name,(png_structrp png_ptr, - png_uint_32 chunk_name),PNG_EMPTY); +PNG_INTERNAL_FUNCTION(void,png_check_chunk_name,(png_const_structrp png_ptr, + const png_uint_32 chunk_name),PNG_EMPTY); + +PNG_INTERNAL_FUNCTION(void,png_check_chunk_length,(png_const_structrp png_ptr, + const png_uint_32 chunk_length),PNG_EMPTY); PNG_INTERNAL_FUNCTION(void,png_handle_unknown,(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length, int keep),PNG_EMPTY); diff --git a/media/libpng/pngread.c b/media/libpng/pngread.c index 51a5d66cf234..98ff0940be4f 100644 --- a/media/libpng/pngread.c +++ b/media/libpng/pngread.c @@ -1,7 +1,7 @@ /* pngread.c - read a PNG file * - * Last changed in libpng 1.6.31 [July 27, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -178,6 +178,11 @@ png_read_info(png_structrp png_ptr, png_inforp info_ptr) png_handle_cHRM(png_ptr, info_ptr, length); #endif +#ifdef PNG_READ_eXIf_SUPPORTED + else if (chunk_name == png_eXIf) + png_handle_eXIf(png_ptr, info_ptr, length); +#endif + #ifdef PNG_READ_gAMA_SUPPORTED else if (chunk_name == png_gAMA) png_handle_gAMA(png_ptr, info_ptr, length); @@ -614,6 +619,7 @@ png_read_row(png_structrp png_ptr, png_bytep row, png_bytep dsp_row) png_error(png_ptr, "Invalid attempt to read row data"); /* Fill the row with IDAT data: */ + png_ptr->row_buf[0]=255; /* to force error if no data was found */ png_read_IDAT_data(png_ptr, png_ptr->row_buf, row_info.rowbytes + 1); if (png_ptr->row_buf[0] > PNG_FILTER_VALUE_NONE) @@ -922,6 +928,11 @@ png_read_end(png_structrp png_ptr, png_inforp info_ptr) png_handle_cHRM(png_ptr, info_ptr, length); #endif +#ifdef PNG_READ_eXIf_SUPPORTED + else if (chunk_name == png_eXIf) + png_handle_eXIf(png_ptr, info_ptr, length); +#endif + #ifdef PNG_READ_gAMA_SUPPORTED else if (chunk_name == png_gAMA) png_handle_gAMA(png_ptr, info_ptr, length); @@ -3828,7 +3839,13 @@ png_image_read_direct(png_voidp argument) mode = PNG_ALPHA_PNG; output_gamma = PNG_DEFAULT_sRGB; } - + + if ((change & PNG_FORMAT_FLAG_ASSOCIATED_ALPHA) != 0) + { + mode = PNG_ALPHA_OPTIMIZED; + change &= ~PNG_FORMAT_FLAG_ASSOCIATED_ALPHA; + } + /* If 'do_local_background' is set check for the presence of gamma * correction; this is part of the work-round for the libpng bug * described above. @@ -4054,6 +4071,10 @@ png_image_read_direct(png_voidp argument) else if (do_local_compose != 0) /* internal error */ png_error(png_ptr, "png_image_read: alpha channel lost"); + if ((format & PNG_FORMAT_FLAG_ASSOCIATED_ALPHA) != 0) { + info_format |= PNG_FORMAT_FLAG_ASSOCIATED_ALPHA; + } + if (info_ptr->bit_depth == 16) info_format |= PNG_FORMAT_FLAG_LINEAR; diff --git a/media/libpng/pngrtran.c b/media/libpng/pngrtran.c index 9a30ddf22bd9..c1896503130e 100644 --- a/media/libpng/pngrtran.c +++ b/media/libpng/pngrtran.c @@ -1,7 +1,7 @@ /* pngrtran.c - transforms the data in a row for PNG readers * - * Last changed in libpng 1.6.31 [July 27, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -430,7 +430,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, int i; png_ptr->quantize_index = (png_bytep)png_malloc(png_ptr, - (png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); + (png_alloc_size_t)((png_uint_32)num_palette * (sizeof (png_byte)))); for (i = 0; i < num_palette; i++) png_ptr->quantize_index[i] = (png_byte)i; } @@ -447,7 +447,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, /* Initialize an array to sort colors */ png_ptr->quantize_sort = (png_bytep)png_malloc(png_ptr, - (png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); + (png_alloc_size_t)((png_uint_32)num_palette * (sizeof (png_byte)))); /* Initialize the quantize_sort array */ for (i = 0; i < num_palette; i++) @@ -581,9 +581,11 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, /* Initialize palette index arrays */ png_ptr->index_to_palette = (png_bytep)png_malloc(png_ptr, - (png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); + (png_alloc_size_t)((png_uint_32)num_palette * + (sizeof (png_byte)))); png_ptr->palette_to_index = (png_bytep)png_malloc(png_ptr, - (png_uint_32)((png_uint_32)num_palette * (sizeof (png_byte)))); + (png_alloc_size_t)((png_uint_32)num_palette * + (sizeof (png_byte)))); /* Initialize the sort array */ for (i = 0; i < num_palette; i++) @@ -592,7 +594,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, png_ptr->palette_to_index[i] = (png_byte)i; } - hash = (png_dsortpp)png_calloc(png_ptr, (png_uint_32)(769 * + hash = (png_dsortpp)png_calloc(png_ptr, (png_alloc_size_t)(769 * (sizeof (png_dsortp)))); num_new_palette = num_palette; @@ -623,7 +625,7 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, { t = (png_dsortp)png_malloc_warn(png_ptr, - (png_uint_32)(sizeof (png_dsort))); + (png_alloc_size_t)(sizeof (png_dsort))); if (t == NULL) break; @@ -748,9 +750,9 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette, png_size_t num_entries = ((png_size_t)1 << total_bits); png_ptr->palette_lookup = (png_bytep)png_calloc(png_ptr, - (png_uint_32)(num_entries * (sizeof (png_byte)))); + (png_alloc_size_t)(num_entries * (sizeof (png_byte)))); - distance = (png_bytep)png_malloc(png_ptr, (png_uint_32)(num_entries * + distance = (png_bytep)png_malloc(png_ptr, (png_alloc_size_t)(num_entries * (sizeof (png_byte)))); memset(distance, 0xff, num_entries * (sizeof (png_byte))); @@ -3322,7 +3324,7 @@ png_do_compose(png_row_infop row_info, png_bytep row, png_structrp png_ptr) == png_ptr->trans_color.gray) { unsigned int tmp = *sp & (0x0f0f >> (4 - shift)); - tmp |= + tmp |= (unsigned int)(png_ptr->background.gray << shift); *sp = (png_byte)(tmp & 0xff); } diff --git a/media/libpng/pngrutil.c b/media/libpng/pngrutil.c index 17626947999d..825dc0c439ac 100644 --- a/media/libpng/pngrutil.c +++ b/media/libpng/pngrutil.c @@ -1,7 +1,7 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.6.31 [July 27, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -181,6 +181,9 @@ png_read_chunk_header(png_structrp png_ptr) /* Check to see if chunk name is valid. */ png_check_chunk_name(png_ptr, png_ptr->chunk_name); + /* Check for too-large chunk length */ + png_check_chunk_length(png_ptr, length); + #ifdef PNG_IO_STATE_SUPPORTED png_ptr->io_state = PNG_IO_READING | PNG_IO_CHUNK_DATA; #endif @@ -311,6 +314,7 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn) if (buffer != NULL) { + memset(buffer, 0, new_size); /* just in case */ png_ptr->read_buffer = buffer; png_ptr->read_buffer_size = new_size; } @@ -670,6 +674,8 @@ png_decompress_chunk(png_structrp png_ptr, if (text != NULL) { + memset(text, 0, buffer_size); + ret = png_inflate(png_ptr, png_ptr->chunk_name, 1/*finish*/, png_ptr->read_buffer + prefix_size, &lzsize, text + prefix_size, newlength); @@ -733,9 +739,7 @@ png_decompress_chunk(png_structrp png_ptr, { /* inflateReset failed, store the error message */ png_zstream_error(png_ptr, ret); - - if (ret == Z_STREAM_END) - ret = PNG_UNEXPECTED_ZLIB_RETURN; + ret = PNG_UNEXPECTED_ZLIB_RETURN; } } @@ -1382,11 +1386,13 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) * chunk is just ignored, so does not invalidate the color space. An * alternative is to set the 'invalid' flags at the start of this routine * and only clear them in they were not set before and all the tests pass. - * The minimum 'deflate' stream is assumed to be just the 2 byte header and - * 4 byte checksum. The keyword must be at least one character and there is - * a terminator (0) byte and the compression method. */ - if (length < 9) + + /* The keyword must be at least one character and there is a + * terminator (0) byte and the compression method byte, and the + * 'zlib' datastream is at least 11 bytes. + */ + if (length < 14) { png_crc_finish(png_ptr, length); png_chunk_benign_error(png_ptr, "too short"); @@ -1418,6 +1424,16 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) png_crc_read(png_ptr, (png_bytep)keyword, read_length); length -= read_length; + /* The minimum 'zlib' stream is assumed to be just the 2 byte header, + * 5 bytes minimum 'deflate' stream, and the 4 byte checksum. + */ + if (length < 11) + { + png_crc_finish(png_ptr, length); + png_chunk_benign_error(png_ptr, "too short"); + return; + } + keyword_length = 0; while (keyword_length < 80 && keyword_length < read_length && keyword[keyword_length] != 0) @@ -1436,7 +1452,7 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) if (png_inflate_claim(png_ptr, png_iCCP) == Z_OK) { - Byte profile_header[132]; + Byte profile_header[132]={0}; Byte local_buffer[PNG_INFLATE_BUF_SIZE]; png_alloc_size_t size = (sizeof profile_header); @@ -1466,7 +1482,7 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) /* Now read the tag table; a variable size buffer is * needed at this point, allocate one for the whole * profile. The header check has already validated - * that none of these stuff will overflow. + * that none of this stuff will overflow. */ const png_uint_32 tag_count = png_get_uint_32( profile_header+128); @@ -1573,19 +1589,11 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) return; } } - - else if (size > 0) - errmsg = "truncated"; - -#ifndef __COVERITY__ - else + if (errmsg == NULL) errmsg = png_ptr->zstream.msg; -#endif } - /* else png_icc_check_tag_table output an error */ } - else /* profile truncated */ errmsg = png_ptr->zstream.msg; } @@ -2019,36 +2027,61 @@ void /* PRIVATE */ png_handle_eXIf(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) { unsigned int i; - png_bytep eXIf_buf; png_debug(1, "in png_handle_eXIf"); if ((png_ptr->mode & PNG_HAVE_IHDR) == 0) png_chunk_error(png_ptr, "missing IHDR"); - else if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_eXIf) != 0) + if (length < 2) + { + png_crc_finish(png_ptr, length); + png_chunk_benign_error(png_ptr, "too short"); + return; + } + + else if (info_ptr == NULL || (info_ptr->valid & PNG_INFO_eXIf) != 0) { png_crc_finish(png_ptr, length); png_chunk_benign_error(png_ptr, "duplicate"); return; } - eXIf_buf = png_voidcast(png_bytep, + info_ptr->free_me |= PNG_FREE_EXIF; + + info_ptr->eXIf_buf = png_voidcast(png_bytep, png_malloc_warn(png_ptr, length)); + if (info_ptr->eXIf_buf == NULL) + { + png_crc_finish(png_ptr, length); + png_chunk_benign_error(png_ptr, "out of memory"); + return; + } + for (i = 0; i < length; i++) { png_byte buf[1]; png_crc_read(png_ptr, buf, 1); - eXIf_buf[i] = buf[0]; + info_ptr->eXIf_buf[i] = buf[0]; + if (i == 1 && buf[0] != 'M' && buf[0] != 'I' + && info_ptr->eXIf_buf[0] != buf[0]) + { + png_crc_finish(png_ptr, length); + png_chunk_benign_error(png_ptr, "incorrect byte-order specifier"); + png_free(png_ptr, info_ptr->eXIf_buf); + info_ptr->eXIf_buf = NULL; + return; + } } if (png_crc_finish(png_ptr, 0) != 0) return; - info_ptr->num_exif = length; + png_set_eXIf_1(png_ptr, info_ptr, length, info_ptr->eXIf_buf); - png_set_eXIf(png_ptr, info_ptr, eXIf_buf); + png_free(png_ptr, info_ptr->eXIf_buf); + info_ptr->eXIf_buf = NULL; } #endif @@ -2629,23 +2662,28 @@ png_handle_zTXt(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) { png_text text; - /* It worked; png_ptr->read_buffer now looks like a tEXt chunk except - * for the extra compression type byte and the fact that it isn't - * necessarily '\0' terminated. - */ - buffer = png_ptr->read_buffer; - buffer[uncompressed_length+(keyword_length+2)] = 0; + if (png_ptr->read_buffer == NULL) + errmsg="Read failure in png_handle_zTXt"; + else + { + /* It worked; png_ptr->read_buffer now looks like a tEXt chunk + * except for the extra compression type byte and the fact that + * it isn't necessarily '\0' terminated. + */ + buffer = png_ptr->read_buffer; + buffer[uncompressed_length+(keyword_length+2)] = 0; - text.compression = PNG_TEXT_COMPRESSION_zTXt; - text.key = (png_charp)buffer; - text.text = (png_charp)(buffer + keyword_length+2); - text.text_length = uncompressed_length; - text.itxt_length = 0; - text.lang = NULL; - text.lang_key = NULL; + text.compression = PNG_TEXT_COMPRESSION_zTXt; + text.key = (png_charp)buffer; + text.text = (png_charp)(buffer + keyword_length+2); + text.text_length = uncompressed_length; + text.itxt_length = 0; + text.lang = NULL; + text.lang_key = NULL; - if (png_set_text_2(png_ptr, info_ptr, &text, 1) != 0) - errmsg = "insufficient memory"; + if (png_set_text_2(png_ptr, info_ptr, &text, 1) != 0) + errmsg = "insufficient memory"; + } } else @@ -3255,20 +3293,62 @@ png_handle_unknown(png_structrp png_ptr, png_inforp info_ptr, */ void /* PRIVATE */ -png_check_chunk_name(png_structrp png_ptr, png_uint_32 chunk_name) +png_check_chunk_name(png_const_structrp png_ptr, const png_uint_32 chunk_name) { int i; + png_uint_32 cn=chunk_name; png_debug(1, "in png_check_chunk_name"); for (i=1; i<=4; ++i) { - int c = chunk_name & 0xff; + int c = cn & 0xff; if (c < 65 || c > 122 || (c > 90 && c < 97)) png_chunk_error(png_ptr, "invalid chunk type"); - chunk_name >>= 8; + cn >>= 8; + } +} + +void /* PRIVATE */ +png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length) +{ + png_alloc_size_t limit = PNG_UINT_31_MAX; + +# ifdef PNG_SET_USER_LIMITS_SUPPORTED + if (png_ptr->user_chunk_malloc_max > 0 && + png_ptr->user_chunk_malloc_max < limit) + limit = png_ptr->user_chunk_malloc_max; +# elif PNG_USER_CHUNK_MALLOC_MAX > 0 + if (PNG_USER_CHUNK_MALLOC_MAX < limit) + limit = PNG_USER_CHUNK_MALLOC_MAX; +# endif +#ifdef PNG_READ_APNG_SUPPORTED + if (png_ptr->chunk_name == png_IDAT || png_ptr->chunk_name == png_fdAT) +#else + if (png_ptr->chunk_name == png_IDAT) +#endif + { + png_alloc_size_t idat_limit = PNG_UINT_31_MAX; + size_t row_factor = + (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) + + 1 + (png_ptr->interlaced? 6: 0)); + if (png_ptr->height > PNG_UINT_32_MAX/row_factor) + idat_limit=PNG_UINT_31_MAX; + else + idat_limit = png_ptr->height * row_factor; + row_factor = row_factor > 32566? 32566 : row_factor; + idat_limit += 6 + 5*(idat_limit/row_factor+1); /* zlib+deflate overhead */ + idat_limit=idat_limit < PNG_UINT_31_MAX? idat_limit : PNG_UINT_31_MAX; + limit = limit < idat_limit? idat_limit : limit; + } + + if (length > limit) + { + png_debug2(0," length = %lu, limit = %lu", + (unsigned long)length,(unsigned long)limit); + png_chunk_error(png_ptr, "chunk data is too large"); } } diff --git a/media/libpng/pngset.c b/media/libpng/pngset.c index 92cdb0e4ba3d..f05be25d0f3e 100644 --- a/media/libpng/pngset.c +++ b/media/libpng/pngset.c @@ -1,7 +1,7 @@ /* pngset.c - storage of image information into info struct * - * Last changed in libpng 1.6.30 [June 28, 2017] + * Last changed in libpng 1.6.32 [August 24, 2017] * Copyright (c) 1998-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -138,6 +138,15 @@ png_set_cHRM_XYZ(png_const_structrp png_ptr, png_inforp info_ptr, double red_X, void PNGAPI png_set_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, const png_bytep eXIf_buf) +{ + png_warning(png_ptr, "png_set_eXIf does not work; use png_set_eXIf_1"); + PNG_UNUSED(info_ptr) + PNG_UNUSED(eXIf_buf) +} + +void PNGAPI +png_set_eXIf_1(png_const_structrp png_ptr, png_inforp info_ptr, + const png_uint_32 num_exif, const png_bytep eXIf_buf) { int i; @@ -146,7 +155,13 @@ png_set_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, if (png_ptr == NULL || info_ptr == NULL) return; - png_free_data(png_ptr, info_ptr, PNG_FREE_EXIF, 0); + if (info_ptr->exif) + { + png_free(png_ptr, info_ptr->exif); + info_ptr->exif = NULL; + } + + info_ptr->num_exif = num_exif; info_ptr->exif = png_voidcast(png_bytep, png_malloc_warn(png_ptr, info_ptr->num_exif)); @@ -154,13 +169,12 @@ png_set_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, if (info_ptr->exif == NULL) { png_warning(png_ptr, "Insufficient memory for eXIf chunk data"); - return; } info_ptr->free_me |= PNG_FREE_EXIF; - for (i = 0; i < info_ptr->num_exif; i++) + for (i = 0; i < (int) info_ptr->num_exif; i++) info_ptr->exif[i] = eXIf_buf[i]; info_ptr->valid |= PNG_INFO_eXIf; @@ -1533,6 +1547,7 @@ png_set_keep_unknown_chunks(png_structrp png_ptr, int keep, static PNG_CONST png_byte chunks_to_ignore[] = { 98, 75, 71, 68, '\0', /* bKGD */ 99, 72, 82, 77, '\0', /* cHRM */ + 101, 88, 73, 102, '\0', /* eXIf */ 103, 65, 77, 65, '\0', /* gAMA */ 104, 73, 83, 84, '\0', /* hIST */ 105, 67, 67, 80, '\0', /* iCCP */ diff --git a/media/libpng/pngstruct.h b/media/libpng/pngstruct.h index 4d6fcd722bbc..cea217103e82 100644 --- a/media/libpng/pngstruct.h +++ b/media/libpng/pngstruct.h @@ -1,7 +1,7 @@ /* pngstruct.h - header file for PNG reference library * - * Last changed in libpng 1.6.28 [January 5, 2017] + * Last changed in libpng 1.6.32 [August 24, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -500,8 +500,5 @@ struct png_struct_def png_colorspace colorspace; #endif #endif - -/* New member added in libpng-1.6.31 */ - int num_exif; }; #endif /* PNGSTRUCT_H */ diff --git a/media/libpng/pngtrans.c b/media/libpng/pngtrans.c index 326ac33f0e94..6882f0fd7b70 100644 --- a/media/libpng/pngtrans.c +++ b/media/libpng/pngtrans.c @@ -1,7 +1,7 @@ /* pngtrans.c - transforms the data in a row (used by both readers and writers) * - * Last changed in libpng 1.6.30 [June 28, 2017] + * Last changed in libpng 1.6.33 [September 28, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -609,7 +609,7 @@ png_do_strip_channel(png_row_infop row_info, png_bytep row, int at_start) return; /* The filler channel has gone already */ /* Fix the rowbytes value. */ - row_info->rowbytes = (unsigned int)(dp-row); + row_info->rowbytes = (png_size_t)(dp-row); } #endif @@ -708,7 +708,7 @@ png_do_check_palette_indexes(png_structrp png_ptr, png_row_infop row_info) * forms produced on either GCC or MSVC. */ int padding = PNG_PADBITS(row_info->pixel_depth, row_info->width); - png_bytep rp = png_ptr->row_buf + row_info->rowbytes; + png_bytep rp = png_ptr->row_buf + row_info->rowbytes - 1; switch (row_info->bit_depth) { diff --git a/media/libpng/pngwrite.c b/media/libpng/pngwrite.c index e451769d31c5..352a0a1b3081 100644 --- a/media/libpng/pngwrite.c +++ b/media/libpng/pngwrite.c @@ -1,7 +1,7 @@ /* pngwrite.c - general routines to write a PNG file * - * Last changed in libpng 1.6.31 [July 27, 2017] + * Last changed in libpng 1.6.32 [August 24, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -241,6 +241,11 @@ png_write_info(png_structrp png_ptr, png_const_inforp info_ptr) png_write_bKGD(png_ptr, &(info_ptr->background), info_ptr->color_type); #endif +#ifdef PNG_WRITE_eXIf_SUPPORTED + if ((info_ptr->valid & PNG_INFO_eXIf) != 0) + png_write_eXIf(png_ptr, info_ptr->exif, info_ptr->num_exif); +#endif + #ifdef PNG_WRITE_hIST_SUPPORTED if ((info_ptr->valid & PNG_INFO_hIST) != 0) png_write_hIST(png_ptr, info_ptr->hist, info_ptr->num_palette); @@ -441,6 +446,12 @@ png_write_end(png_structrp png_ptr, png_inforp info_ptr) } } #endif + +#ifdef PNG_WRITE_eXIf_SUPPORTED + if ((info_ptr->valid & PNG_INFO_eXIf) != 0) + png_write_eXIf(png_ptr, info_ptr->exif, info_ptr->num_exif); +#endif + #ifdef PNG_WRITE_UNKNOWN_CHUNKS_SUPPORTED write_unknown_chunks(png_ptr, info_ptr, PNG_AFTER_IDAT); #endif @@ -1938,7 +1949,7 @@ png_image_write_main(png_voidp argument) int colormap = (format & PNG_FORMAT_FLAG_COLORMAP); int linear = !colormap && (format & PNG_FORMAT_FLAG_LINEAR); /* input */ int alpha = !colormap && (format & PNG_FORMAT_FLAG_ALPHA); - int write_16bit = linear && !colormap && (display->convert_to_8bit == 0); + int write_16bit = linear && (display->convert_to_8bit == 0); # ifdef PNG_BENIGN_ERRORS_SUPPORTED /* Make sure we error out on any bad situation */ diff --git a/media/libpng/pngwutil.c b/media/libpng/pngwutil.c index fc2817df1acf..c72b116d3b28 100644 --- a/media/libpng/pngwutil.c +++ b/media/libpng/pngwutil.c @@ -1,8 +1,8 @@ /* pngwutil.c - utilities to write a PNG file * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.32 [August 24, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -1504,24 +1504,15 @@ void /* PRIVATE */ png_write_eXIf(png_structrp png_ptr, png_bytep exif, int num_exif) { int i; - png_byte buf[3]; + png_byte buf[1]; png_debug(1, "in png_write_eXIf"); - if (num_exif > (int)png_ptr->num_exif) - { - png_debug2(3, "num_exif = %d, png_ptr->num_exif = %d", num_exif, - png_ptr->num_exif); - - png_warning(png_ptr, "Invalid number of exif bytes specified"); - return; - } - png_write_chunk_header(png_ptr, png_eXIf, (png_uint_32)(num_exif)); for (i = 0; i < num_exif; i++) { - buf[i] = exif[i]; + buf[0] = exif[i]; png_write_chunk_data(png_ptr, buf, (png_size_t)1); } diff --git a/old-configure.in b/old-configure.in index 9af75ca7efe3..a6f9c2b42fb8 100644 --- a/old-configure.in +++ b/old-configure.in @@ -46,7 +46,7 @@ _SUBDIR_CONFIG_ARGS="$ac_configure_args" dnl Set the version number of the libs included with mozilla dnl ======================================================== MOZJPEG=62 -MOZPNG=10631 +MOZPNG=10634 NSPR_VERSION=4 NSPR_MINVER=4.17 NSS_VERSION=3