diff --git a/media/libpng/CHANGES b/media/libpng/CHANGES index 2e4d2bb292c6..8e589f64c5f3 100644 --- a/media/libpng/CHANGES +++ b/media/libpng/CHANGES @@ -5409,11 +5409,81 @@ Version 1.6.19rc03 [November 3, 2015] Version 1.6.19rc04 [November 5, 2015] Fixed new bug with CRC error after reading an over-length palette - (bug report by Cosmin Truta). + (bug report by Cosmin Truta) (CVE-2015-8126). Version 1.6.19 [November 12, 2015] Cleaned up coding style in png_handle_PLTE(). +Version 1.6.20beta01 [November 20, 2015] + Avoid potential pointer overflow/underflow in png_handle_sPLT() and + png_handle_pCAL() (Bug report by John Regehr). + +Version 1.6.20beta02 [November 23, 2015] + Fixed incorrect implementation of png_set_PLTE() that uses png_ptr + not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126 + vulnerability. Fixes CVE-2015-8472. + +Version 1.6.20beta03 [November 24, 2015] + Backported tests from libpng-1.7.0beta69. + +Version 1.6.20rc01 [November 26, 2015] + Fixed an error in handling of bad zlib CMINFO field in pngfix, found by + American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't + immediately fault a bad CMINFO field; instead a 'too far back' error + happens later (at least some times). pngfix failed to limit CMINFO to + the allowed values but then assumed that window_bits was in range, + triggering an assert. The bug is mostly harmless; the PNG file cannot + be fixed. + +Version 1.6.20rc02 [November 29, 2015] + In libpng 1.6 zlib initialization was changed to use the window size + in the zlib stream, not a fixed value. This causes some invalid images, + where CINFO is too large, to display 'correctly' if the rest of the + data is valid. This provides a workaround for zlib versions where the + error arises (ones that support the API change to use the window size + in the stream). + +Version 1.6.20 [December 3, 2015] + No changes. + +Version 1.6.21beta01 [December 11, 2015] + Fixed syntax "$(command)" in tests/pngstest that some shells other than + bash could not parse (Bug report by Nelson Beebe). Use `command` instead. + +Version 1.6.21beta02 [December 14, 2015] + Moved png_check_keyword() from pngwutil.c to pngset.c + Removed LE/BE dependencies in pngvalid, to 'fix' the current problem + in the BigEndian tests by not testing it, making the BE code the same + as the LE version. + Fixes to pngvalid for various reduced build configurations (eliminate unused + statics) and a fix for the case in rgb_to_gray when the digitize option + reduces graylo to 0, producing a large error. + +Version 1.6.21beta03 [December 18, 2015] + Widened the 'limit' check on the internally calculated error limits in + the 'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error + checks) and changed the check to only operate in non-release builds + (base build type not RC or RELEASE.) + Fixed undefined behavior in pngvalid.c, undefined because + (png_byte) << shift is undefined if it changes the signed bit + (because png_byte is promoted to int). The libpng exported functions + png_get_uint_32 and png_get_uint_16 handle this. (Bug reported by + David Drysdale as a result of reports from UBSAN in clang 3.8). + This changes pngvalid to use BE random numbers; this used to produce + errors but these should not be fixed as a result of the previous changes. + +Version 1.6.21rc01 [January 4, 2016] + In projects/vstudio, combined readme.txt and WARNING into README.txt + +Version 1.6.21rc02 [January 7, 2016] + Relocated assert() in contrib/tools/pngfix.c, bug found by American + Fuzzy Lop, reported by Brian Carpenter. + Marked 'limit' UNUSED in transform_range_check(). This only affects + release builds. + +Version 1.6.21 [January 15, 2016] + Worked around a false-positive Coverity issue in pngvalid.c. + Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement diff --git a/media/libpng/LICENSE b/media/libpng/LICENSE index 284101126d90..c8c835b8b880 100644 --- a/media/libpng/LICENSE +++ b/media/libpng/LICENSE @@ -20,8 +20,8 @@ surrounding them in the modified libpng source files. This code is released under the libpng license. -libpng versions 1.0.7, July 1, 2000, through 1.6.19, November 12, 2015, are -Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are +libpng versions 1.0.7, July 1, 2000, through 1.6.21, January 15, 2016, are +Copyright (c) 2000-2002, 2004, 2006-2016 Glenn Randers-Pehrson, are derived from libpng-1.0.6, and are distributed according to the same disclaimer and license as libpng-1.0.6 with the following individuals added to the list of Contributing Authors: @@ -119,4 +119,4 @@ the additional disclaimers inserted at version 1.0.7. Glenn Randers-Pehrson glennrp at users.sourceforge.net -November 12, 2015 +January 15, 2016 diff --git a/media/libpng/MOZCHANGES b/media/libpng/MOZCHANGES index 10bfeee732f5..cf3b0f26a527 100644 --- a/media/libpng/MOZCHANGES +++ b/media/libpng/MOZCHANGES @@ -1,6 +1,8 @@ Changes made to pristine libpng source by mozilla.org developers. +2016/01/16 -- Synced with libpng-1.6.21 (bug #1230757). + 2015/11/12 -- Synced with libpng-1.6.19 (bug #1224244). 2015/07/30 -- Synced with libpng-1.6.18 (bug #1186977). diff --git a/media/libpng/README b/media/libpng/README index 17484e0fd78a..176928fbc986 100644 --- a/media/libpng/README +++ b/media/libpng/README @@ -1,4 +1,4 @@ -README for libpng version 1.6.19 - November 12, 2015 (shared library 16.0) +README for libpng version 1.6.21 - January 15, 2016 (shared library 16.0) See the note about version numbers near the top of png.h See INSTALL for instructions on how to install libpng. diff --git a/media/libpng/apng.patch b/media/libpng/apng.patch index e3ddd498da01..a71d32eddfcc 100644 --- a/media/libpng/apng.patch +++ b/media/libpng/apng.patch @@ -14,7 +14,7 @@ Index: LICENSE + This code is released under the libpng license. - libpng versions 1.0.7, July 1, 2000, through 1.6.19, November 12, 2015, are + libpng versions 1.0.7, July 1, 2000, through 1.6.21, January 15, 2016, are Index: pngread.c =================================================================== --- pngread.c @@ -295,13 +295,14 @@ Index: png.c =================================================================== --- png.c +++ png.c -@@ -775,16 +775,20 @@ +@@ -775,17 +775,21 @@ #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ -- "libpng version 1.6.19 - November 12, 2015" PNG_STRING_NEWLINE \ -+ "libpng version 1.6.19+apng - November 12, 2015" PNG_STRING_NEWLINE \ - "Copyright (c) 1998-2015 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ +- "libpng version 1.6.21 - January 15, 2016" PNG_STRING_NEWLINE \ ++ "libpng version 1.6.21+apng - January 15, 2016" PNG_STRING_NEWLINE \ + "Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson" \ + PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ - PNG_STRING_NEWLINE; @@ -309,9 +310,9 @@ Index: png.c + "Portions Copyright (c) 2006-2007 Andrew Smith" PNG_STRING_NEWLINE \ + "Portions Copyright (c) 2008-2015 Max Stepin" PNG_STRING_NEWLINE ; # else -- return "libpng version 1.6.19 - November 12, 2015\ -+ return "libpng version 1.6.19+apng - November 12, 2015\ - Copyright (c) 1998-2015 Glenn Randers-Pehrson\ +- return "libpng version 1.6.21 - January 15, 2016\ ++ return "libpng version 1.6.21+apng - January 15, 2016\ + Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ - Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; + Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.\ @@ -324,7 +325,7 @@ Index: png.h =================================================================== --- png.h +++ png.h -@@ -22,6 +22,12 @@ +@@ -23,6 +23,12 @@ * If you modify libpng you may insert additional notices immediately following * this sentence. * @@ -336,20 +337,20 @@ Index: png.h + * * This code is released under the libpng license. * - * libpng versions 1.0.7, July 1, 2000, through 1.6.19, November 12, 2015, are -@@ -281,9 +287,9 @@ + * libpng versions 1.0.7, July 1, 2000, through 1.6.21, January 15, 2016, are +@@ -282,9 +288,9 @@ */ /* Version information for png.h - this should match the version in png.c */ --#define PNG_LIBPNG_VER_STRING "1.6.19" -+#define PNG_LIBPNG_VER_STRING "1.6.19+apng" +-#define PNG_LIBPNG_VER_STRING "1.6.21" ++#define PNG_LIBPNG_VER_STRING "1.6.21+apng" #define PNG_HEADER_VERSION_STRING \ -- " libpng version 1.6.19 - November 12, 2015\n" -+ " libpng version 1.6.19+apng - November 12, 2015\n" +- " libpng version 1.6.21 - January 15, 2016\n" ++ " libpng version 1.6.21+apng - January 15, 2016\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 -@@ -334,6 +340,10 @@ +@@ -335,6 +341,10 @@ # include "pnglibconf.h" #endif @@ -360,7 +361,7 @@ Index: png.h #ifndef PNG_VERSION_INFO_ONLY /* Machine specific configuration. */ # include "pngconf.h" -@@ -429,6 +439,17 @@ +@@ -430,6 +440,17 @@ * See pngconf.h for base types that vary by machine/system */ @@ -378,7 +379,7 @@ Index: png.h /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -@@ -751,6 +772,10 @@ +@@ -752,6 +773,10 @@ #if INT_MAX >= 0x8000 /* else this might break */ #define PNG_INFO_IDAT 0x8000 /* ESR, 1.0.6 */ #endif @@ -389,7 +390,7 @@ Index: png.h /* This is used for the transformation routines, as some of them * change these values for the row. It also should enable using -@@ -788,6 +813,10 @@ +@@ -789,6 +814,10 @@ #ifdef PNG_PROGRESSIVE_READ_SUPPORTED typedef PNG_CALLBACK(void, *png_progressive_info_ptr, (png_structp, png_infop)); typedef PNG_CALLBACK(void, *png_progressive_end_ptr, (png_structp, png_infop)); @@ -400,7 +401,7 @@ Index: png.h /* The following callback receives png_uint_32 row_number, int pass for the * png_bytep data of the row. When transforming an interlaced image the -@@ -3109,6 +3138,75 @@ +@@ -3110,6 +3139,75 @@ * END OF HARDWARE AND SOFTWARE OPTIONS ******************************************************************************/ @@ -476,7 +477,7 @@ Index: png.h /* Maintainer: Put new public prototypes here ^, in libpng.3, in project * defs, and in scripts/symbols.def. */ -@@ -3117,7 +3215,11 @@ +@@ -3118,7 +3216,11 @@ * one to use is one more than this.) */ #ifdef PNG_EXPORT_LAST_ORDINAL @@ -520,7 +521,7 @@ Index: pngpriv.h /* The following will work on (signed char*) strings, whereas the get_uint_32 * macro will fail on top-bit-set values because of the sign extension. */ -@@ -1433,6 +1447,49 @@ +@@ -1441,6 +1455,49 @@ #endif /* PROGRESSIVE_READ */ @@ -597,7 +598,7 @@ Index: pngstruct.h =================================================================== --- pngstruct.h +++ pngstruct.h -@@ -400,6 +400,27 @@ +@@ -403,6 +403,27 @@ png_byte filter_type; #endif @@ -1096,7 +1097,7 @@ Index: pngrutil.c =================================================================== --- pngrutil.c +++ pngrutil.c -@@ -824,6 +824,11 @@ +@@ -855,6 +855,11 @@ filter_type = buf[11]; interlace_type = buf[12]; @@ -1108,7 +1109,7 @@ Index: pngrutil.c /* Set internal variables */ png_ptr->width = width; png_ptr->height = height; -@@ -2724,6 +2729,180 @@ +@@ -2755,6 +2760,180 @@ } #endif @@ -1289,7 +1290,7 @@ Index: pngrutil.c #ifdef PNG_READ_UNKNOWN_CHUNKS_SUPPORTED /* Utility function for png_handle_unknown; set up png_ptr::unknown_chunk */ static int -@@ -3983,6 +4162,38 @@ +@@ -4014,6 +4193,38 @@ uInt avail_in; png_bytep buffer; @@ -1328,7 +1329,7 @@ Index: pngrutil.c while (png_ptr->idat_size == 0) { png_crc_finish(png_ptr, 0); -@@ -3994,6 +4205,7 @@ +@@ -4025,6 +4236,7 @@ if (png_ptr->chunk_name != png_IDAT) png_error(png_ptr, "Not enough image data"); } @@ -1336,7 +1337,7 @@ Index: pngrutil.c avail_in = png_ptr->IDAT_read_size; -@@ -4057,6 +4269,9 @@ +@@ -4088,6 +4300,9 @@ png_ptr->mode |= PNG_AFTER_IDAT; png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED; @@ -1346,7 +1347,7 @@ Index: pngrutil.c if (png_ptr->zstream.avail_in > 0 || png_ptr->idat_size > 0) png_chunk_benign_error(png_ptr, "Extra compressed data"); -@@ -4495,4 +4710,80 @@ +@@ -4526,4 +4741,80 @@ png_ptr->flags |= PNG_FLAG_ROW_INIT; } @@ -1431,7 +1432,7 @@ Index: pngwutil.c =================================================================== --- pngwutil.c +++ pngwutil.c -@@ -901,6 +901,11 @@ +@@ -817,6 +817,11 @@ /* Write the chunk */ png_write_complete_chunk(png_ptr, png_IHDR, buf, (png_size_t)13); @@ -1443,7 +1444,7 @@ Index: pngwutil.c if ((png_ptr->do_filter) == PNG_NO_FILTERS) { if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE || -@@ -1082,7 +1087,15 @@ +@@ -998,7 +1003,15 @@ optimize_cmf(data, png_image_size(png_ptr)); #endif @@ -1459,7 +1460,7 @@ Index: pngwutil.c png_ptr->mode |= PNG_HAVE_IDAT; png_ptr->zstream.next_out = data; -@@ -1128,7 +1141,15 @@ +@@ -1044,7 +1057,15 @@ optimize_cmf(data, png_image_size(png_ptr)); #endif @@ -1475,7 +1476,7 @@ Index: pngwutil.c png_ptr->zstream.avail_out = 0; png_ptr->zstream.next_out = NULL; png_ptr->mode |= PNG_HAVE_IDAT | PNG_AFTER_IDAT; -@@ -1941,6 +1962,82 @@ +@@ -1857,6 +1878,82 @@ } #endif @@ -1558,7 +1559,7 @@ Index: pngwutil.c /* Initializes the row writing capability of libpng */ void /* PRIVATE */ png_write_start_row(png_structrp png_ptr) -@@ -2706,4 +2803,39 @@ +@@ -2622,4 +2719,39 @@ } #endif /* WRITE_FLUSH */ } diff --git a/media/libpng/arm/linux.c b/media/libpng/arm/linux.c index abae9e33bf68..94f9bb1e09fa 100644 --- a/media/libpng/arm/linux.c +++ b/media/libpng/arm/linux.c @@ -72,7 +72,7 @@ png_have_neon(png_structp png_ptr) state = Colon; break; } - + /* did not match 'feature' */ state = SkipLine; /* FALL THROUGH */ diff --git a/media/libpng/libpng-manual.txt b/media/libpng/libpng-manual.txt index bc7a441cf28a..1e838bd7722f 100644 --- a/media/libpng/libpng-manual.txt +++ b/media/libpng/libpng-manual.txt @@ -1,9 +1,9 @@ libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.6.19 - November 12, 2015 + libpng version 1.6.21 - January 15, 2016 Updated and distributed by Glenn Randers-Pehrson - Copyright (c) 1998-2015 Glenn Randers-Pehrson + Copyright (c) 1998-2016 Glenn Randers-Pehrson This document is released under the libpng license. For conditions of distribution and use, see the disclaimer @@ -11,9 +11,9 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.6.19 - November 12, 2015 + libpng versions 0.97, January 1998, through 1.6.21 - January 15, 2016 Updated and distributed by Glenn Randers-Pehrson - Copyright (c) 1998-2015 Glenn Randers-Pehrson + Copyright (c) 1998-2016 Glenn Randers-Pehrson libpng 1.0 beta 6 - version 0.96 - May 28, 1997 Updated and distributed by Andreas Dilger @@ -2960,6 +2960,7 @@ width, height, bit_depth, and color_type must be the same in each call. (array of png_color) num_palette - number of entries in the palette + png_set_gAMA(png_ptr, info_ptr, file_gamma); png_set_gAMA_fixed(png_ptr, info_ptr, int_file_gamma); @@ -4897,7 +4898,7 @@ a set of "safe" limits is applied in pngpriv.h. These can be overridden by application calls to png_set_user_limits(), png_set_user_chunk_cache_max(), and/or png_set_user_malloc_max() that increase or decrease the limits. Also, in libpng-1.5.10 the default width and height limits were increased -from 1,000,000 to 0x7ffffff (i.e., made unlimited). Therefore, the +from 1,000,000 to 0x7fffffff (i.e., made unlimited). Therefore, the limits are now default safe png_user_width_max 0x7fffffff 1,000,000 @@ -5077,6 +5078,10 @@ enforced. The sRGB chunk is allowed to appear in images with any color type and is interpreted by libpng to convey a one-tracer-curve gray profile or a three-tracer-curve RGB profile as appropriate. +Libpng 1.5.x erroneously used /MD for Debug DLL builds; if you used the debug +builds in your app and you changed your app to use /MD you will need to +change it back to /MDd for libpng 1.6.x. + Prior to libpng-1.6.0 a warning would be issued if the iTXt chunk contained an empty language field or an empty translated keyword. Both of these are allowed by the PNG specification, so these warnings are no longer issued. @@ -5323,7 +5328,7 @@ Since the PNG Development group is an ad-hoc body, we can't make an official declaration. This is your unofficial assurance that libpng from version 0.71 and -upward through 1.6.19 are Y2K compliant. It is my belief that earlier +upward through 1.6.21 are Y2K compliant. It is my belief that earlier versions were also Y2K compliant. Libpng only has two year fields. One is a 2-byte unsigned integer diff --git a/media/libpng/png.c b/media/libpng/png.c index 6e745485275b..91df6f4c8ac4 100644 --- a/media/libpng/png.c +++ b/media/libpng/png.c @@ -2,7 +2,7 @@ /* png.c - location for general purpose libpng functions * * Last changed in libpng 1.6.19 [November 12, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -14,7 +14,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_19 Your_png_h_is_not_version_1_6_19; +typedef png_libpng_version_1_6_21 Your_png_h_is_not_version_1_6_21; /* Tells libpng that we have already handled the first "num_bytes" bytes * of the PNG file signature. If the PNG data is embedded into another @@ -775,16 +775,17 @@ png_get_copyright(png_const_structrp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.19+apng - November 12, 2015" PNG_STRING_NEWLINE \ - "Copyright (c) 1998-2015 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ + "libpng version 1.6.21+apng - January 15, 2016" PNG_STRING_NEWLINE \ + "Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson" \ + PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE \ "Portions Copyright (c) 2006-2007 Andrew Smith" PNG_STRING_NEWLINE \ "Portions Copyright (c) 2008-2015 Max Stepin" PNG_STRING_NEWLINE ; # else - return "libpng version 1.6.19+apng - November 12, 2015\ - Copyright (c) 1998-2015 Glenn Randers-Pehrson\ + return "libpng version 1.6.21+apng - January 15, 2016\ + Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.\ Portions Copyright (c) 2006-2007 Andrew Smith\ @@ -2347,7 +2348,7 @@ png_compare_ICC_profile_with_sRGB(png_const_structrp png_ptr, * Fall through to "no match". */ png_chunk_report(png_ptr, - "Not recognizing known sRGB profile that has been edited", + "Not recognizing known sRGB profile that has been edited", PNG_CHUNK_WARNING); break; # endif diff --git a/media/libpng/png.h b/media/libpng/png.h index 67a5f5635bc6..9fa276778a34 100644 --- a/media/libpng/png.h +++ b/media/libpng/png.h @@ -1,9 +1,9 @@ /* png.h - header file for PNG reference library * - * libpng version 1.6.19, November 12, 2015 + * libpng version 1.6.21, January 15, 2016 * - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -12,7 +12,8 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.6.19, November 12, 2015: Glenn + * libpng versions 0.97, January 1998, through 1.6.21, January 15, 2016: + * Glenn Randers-Pehrson. * See also "Contributing Authors", below. */ @@ -22,10 +23,6 @@ * If you modify libpng you may insert additional notices immediately following * this sentence. * - * pnglibconf.h and moz.build are distributed under the Mozilla Public License, - * v. 2.0. If a copy of the MPL was not distributed with this file, You can - * obtain one at http://mozilla.org/MPL/2.0/. - * * This modified version of libpng code adds animated PNG support and is * released under the libpng license described below. The modifications are * Copyright (c) 2006-2007 Andrew Smith, Copyright (c) 2008-2015 Max Stepin, @@ -34,8 +31,8 @@ * * This code is released under the libpng license. * - * libpng versions 1.0.7, July 1, 2000, through 1.6.19, November 12, 2015, are - * Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are + * libpng versions 1.0.7, July 1, 2000, through 1.6.21, January 15, 2016, are + * Copyright (c) 2000-2002, 2004, 2006-2016 Glenn Randers-Pehrson, are * derived from libpng-1.0.6, and are distributed according to the same * disclaimer and license as libpng-1.0.6 with the following individuals * added to the list of Contributing Authors: @@ -195,7 +192,7 @@ * ... * 1.5.23 15 10523 15.so.15.23[.0] * ... - * 1.6.19 16 10619 16.so.16.19[.0] + * 1.6.21 16 10621 16.so.16.21[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be @@ -223,13 +220,13 @@ * Y2K compliance in libpng: * ========================= * - * November 12, 2015 + * January 15, 2016 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.6.19 are Y2K compliant. It is my belief that + * upward through 1.6.21 are Y2K compliant. It is my belief that * earlier versions were also Y2K compliant. * * Libpng only has two year fields. One is a 2-byte unsigned integer @@ -291,9 +288,9 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.19+apng" +#define PNG_LIBPNG_VER_STRING "1.6.21+apng" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.6.19+apng - November 12, 2015\n" + " libpng version 1.6.21+apng - January 15, 2016\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -301,7 +298,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 6 -#define PNG_LIBPNG_VER_RELEASE 19 +#define PNG_LIBPNG_VER_RELEASE 21 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: @@ -332,7 +329,7 @@ * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10619 /* 1.6.19 */ +#define PNG_LIBPNG_VER 10621 /* 1.6.21 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -457,7 +454,7 @@ extern "C" { /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_6_19; +typedef char* png_libpng_version_1_6_21; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. * diff --git a/media/libpng/pngconf.h b/media/libpng/pngconf.h index f1b795b47840..934465455273 100644 --- a/media/libpng/pngconf.h +++ b/media/libpng/pngconf.h @@ -1,9 +1,9 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.6.19, July 23, 2015 + * libpng version 1.6.21, January 15, 2016 * - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pngdebug.h b/media/libpng/pngdebug.h index 6a01b106ede3..15a7ed0c95f0 100644 --- a/media/libpng/pngdebug.h +++ b/media/libpng/pngdebug.h @@ -2,7 +2,7 @@ /* pngdebug.h - Debugging macros for libpng, also used in pngtest.c * * Last changed in libpng 1.6.8 [December 19, 2013] - * Copyright (c) 1998-2013 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2013 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pngerror.c b/media/libpng/pngerror.c index 0781866a8934..6904bea1a23e 100644 --- a/media/libpng/pngerror.c +++ b/media/libpng/pngerror.c @@ -2,7 +2,7 @@ /* pngerror.c - stub functions for i/o and memory allocation * * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2014 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -768,7 +768,7 @@ png_longjmp,(png_const_structrp png_ptr, int val),PNG_NORETURN) /* If control reaches this point, png_longjmp() must not return. The only * choice is to terminate the whole process (or maybe the thread); to do - * this the ANSI-C abort() function is used unless a different method is + * this the ANSI-C abort() function is used unless a different method is * implemented by overriding the default configuration setting for * PNG_ABORT(). */ diff --git a/media/libpng/pngget.c b/media/libpng/pngget.c index 49bedb51851a..95b2b3b2e107 100644 --- a/media/libpng/pngget.c +++ b/media/libpng/pngget.c @@ -2,7 +2,7 @@ /* pngget.c - retrieval of values from info struct * * Last changed in libpng 1.6.17 [March 26, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pnginfo.h b/media/libpng/pnginfo.h index bb38ddb6fd8a..4b52a11b55a9 100644 --- a/media/libpng/pnginfo.h +++ b/media/libpng/pnginfo.h @@ -2,7 +2,7 @@ /* pnginfo.h - header file for PNG reference library * * Last changed in libpng 1.6.1 [March 28, 2013] - * Copyright (c) 1998-2013 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2013 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -223,7 +223,7 @@ defined(PNG_READ_BACKGROUND_SUPPORTED) /* Storage for unknown chunks that the library doesn't recognize. */ png_unknown_chunkp unknown_chunks; - /* The type of this field is limited by the type of + /* The type of this field is limited by the type of * png_struct::user_chunk_cache_max, else overflow can occur. */ int unknown_chunks_num; diff --git a/media/libpng/pngmem.c b/media/libpng/pngmem.c index 45ac5579b211..7bcfd005072b 100644 --- a/media/libpng/pngmem.c +++ b/media/libpng/pngmem.c @@ -2,7 +2,7 @@ /* pngmem.c - stub functions for memory allocation * * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2014 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pngpread.c b/media/libpng/pngpread.c index 348a453d2758..b11b3f72c4a6 100644 --- a/media/libpng/pngpread.c +++ b/media/libpng/pngpread.c @@ -2,7 +2,7 @@ /* pngpread.c - read a png file in push mode * * Last changed in libpng 1.6.18 [July 23, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -133,7 +133,7 @@ png_process_some_data(png_structrp png_ptr, png_inforp info_ptr) void /* PRIVATE */ png_push_read_sig(png_structrp png_ptr, png_inforp info_ptr) { - png_size_t num_checked = png_ptr->sig_bytes, /* SAFE, does not exceed 8 */ + png_size_t num_checked = png_ptr->sig_bytes, /* SAFE, does not exceed 8 */ num_to_check = 8 - num_checked; if (png_ptr->buffer_size < num_to_check) @@ -819,7 +819,7 @@ png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer, * change the current behavior (see comments in inflate.c * for why this doesn't happen at present with zlib 1.2.5). */ - ret = inflate(&png_ptr->zstream, Z_SYNC_FLUSH); + ret = PNG_INFLATE(png_ptr, Z_SYNC_FLUSH); /* Check for any failure before proceeding. */ if (ret != Z_OK && ret != Z_STREAM_END) diff --git a/media/libpng/pngpriv.h b/media/libpng/pngpriv.h index a9bdae15bdb9..6ead7805539c 100644 --- a/media/libpng/pngpriv.h +++ b/media/libpng/pngpriv.h @@ -1,8 +1,8 @@ /* pngpriv.h - private declarations for use inside libpng * - * Last changed in libpng 1.6.18 [July 23, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Last changed in libpng 1.6.21 [January 15, 2016] + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -1229,6 +1229,14 @@ PNG_INTERNAL_FUNCTION(void,png_read_finish_row,(png_structrp png_ptr), /* Initialize the row buffers, etc. */ PNG_INTERNAL_FUNCTION(void,png_read_start_row,(png_structrp png_ptr),PNG_EMPTY); +#if PNG_ZLIB_VERNUM >= 0x1240 +PNG_INTERNAL_FUNCTION(int,png_zlib_inflate,(png_structrp png_ptr, int flush), + PNG_EMPTY); +# define PNG_INFLATE(pp, flush) png_zlib_inflate(pp, flush) +#else /* Zlib < 1.2.4 */ +# define PNG_INFLATE(pp, flush) inflate(&(pp)->zstream, flush) +#endif /* Zlib < 1.2.4 */ + #ifdef PNG_READ_TRANSFORMS_SUPPORTED /* Optional call to update the users info structure */ PNG_INTERNAL_FUNCTION(void,png_read_transform_info,(png_structrp png_ptr, @@ -1966,6 +1974,9 @@ PNG_INTERNAL_FUNCTION(void, png_init_filter_functions_neon, (png_structp png_ptr, unsigned int bpp), PNG_EMPTY); #endif +PNG_INTERNAL_FUNCTION(png_uint_32, png_check_keyword, (png_structrp png_ptr, + png_const_charp key, png_bytep new_key), PNG_EMPTY); + /* Maintainer: Put new private prototypes here ^ */ #include "pngdebug.h" diff --git a/media/libpng/pngread.c b/media/libpng/pngread.c index 28cfba575637..a6b4f67c40ca 100644 --- a/media/libpng/pngread.c +++ b/media/libpng/pngread.c @@ -2,7 +2,7 @@ /* pngread.c - read a PNG file * * Last changed in libpng 1.6.17 [March 26, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -2918,7 +2918,6 @@ png_image_read_colormap(png_voidp argument) default: png_error(png_ptr, "invalid PNG color type"); /*NOT REACHED*/ - break; } /* Now deal with the output processing */ diff --git a/media/libpng/pngrio.c b/media/libpng/pngrio.c index 38f7fd49d68e..5101d54a6240 100644 --- a/media/libpng/pngrio.c +++ b/media/libpng/pngrio.c @@ -2,7 +2,7 @@ /* pngrio.c - functions for data input * * Last changed in libpng 1.6.17 [March 26, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pngrtran.c b/media/libpng/pngrtran.c index f129ef129c03..e23317886395 100644 --- a/media/libpng/pngrtran.c +++ b/media/libpng/pngrtran.c @@ -2,7 +2,7 @@ /* pngrtran.c - transforms the data in a row for PNG readers * * Last changed in libpng 1.6.19 [November 12, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pngrutil.c b/media/libpng/pngrutil.c index e21dda1ef193..98423a547946 100644 --- a/media/libpng/pngrutil.c +++ b/media/libpng/pngrutil.c @@ -1,8 +1,8 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.6.19 [November 12, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Last changed in libpng 1.6.20 [December 3, 2014] + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -377,10 +377,16 @@ png_inflate_claim(png_structrp png_ptr, png_uint_32 owner) if (((png_ptr->options >> PNG_MAXIMUM_INFLATE_WINDOW) & 3) == PNG_OPTION_ON) + { window_bits = 15; + png_ptr->zstream_start = 0; /* fixed window size */ + } else + { window_bits = 0; + png_ptr->zstream_start = 1; + } # else # define window_bits 0 # endif @@ -429,6 +435,31 @@ png_inflate_claim(png_structrp png_ptr, png_uint_32 owner) #endif } +#if PNG_ZLIB_VERNUM >= 0x1240 +/* Handle the start of the inflate stream if we called inflateInit2(strm,0); + * in this case some zlib versions skip validation of the CINFO field and, in + * certain circumstances, libpng may end up displaying an invalid image, in + * contrast to implementations that call zlib in the normal way (e.g. libpng + * 1.5). + */ +int /* PRIVATE */ +png_zlib_inflate(png_structrp png_ptr, int flush) +{ + if (png_ptr->zstream_start && png_ptr->zstream.avail_in > 0) + { + if ((*png_ptr->zstream.next_in >> 4) > 7) + { + png_ptr->zstream.msg = "invalid window size (libpng)"; + return Z_DATA_ERROR; + } + + png_ptr->zstream_start = 0; + } + + return inflate(&png_ptr->zstream, flush); +} +#endif /* Zlib >= 1.2.4 */ + #ifdef PNG_READ_COMPRESSED_TEXT_SUPPORTED /* png_inflate now returns zlib error codes including Z_OK and Z_STREAM_END to * allow the caller to do multiple calls if required. If the 'finish' flag is @@ -522,7 +553,7 @@ png_inflate(png_structrp png_ptr, png_uint_32 owner, int finish, * the previous chunk of input data. Tell zlib if we have reached the * end of the output buffer. */ - ret = inflate(&png_ptr->zstream, avail_out > 0 ? Z_NO_FLUSH : + ret = PNG_INFLATE(png_ptr, avail_out > 0 ? Z_NO_FLUSH : (finish ? Z_FINISH : Z_SYNC_FLUSH)); } while (ret == Z_OK); @@ -771,7 +802,7 @@ png_inflate_read(png_structrp png_ptr, png_bytep read_buffer, uInt read_size, * the available output is produced; this allows reading of truncated * streams. */ - ret = inflate(&png_ptr->zstream, + ret = PNG_INFLATE(png_ptr, *chunk_bytes > 0 ? Z_NO_FLUSH : (finish ? Z_FINISH : Z_SYNC_FLUSH)); } while (ret == Z_OK && (*out_size > 0 || png_ptr->zstream.avail_out > 0)); @@ -1675,7 +1706,7 @@ png_handle_sPLT(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) ++entry_start; /* A sample depth should follow the separator, and we should be on it */ - if (entry_start > buffer + length - 2) + if (length < 2U || entry_start > buffer + (length - 2U)) { png_warning(png_ptr, "malformed sPLT chunk"); return; @@ -2179,7 +2210,7 @@ png_handle_pCAL(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) /* We need to have at least 12 bytes after the purpose string * in order to get the parameter information. */ - if (endptr <= buf + 12) + if (endptr - buf <= 12) { png_chunk_benign_error(png_ptr, "invalid"); return; @@ -4251,7 +4282,7 @@ png_read_IDAT_data(png_structrp png_ptr, png_bytep output, * * TODO: deal more elegantly with truncated IDAT lists. */ - ret = inflate(&png_ptr->zstream, Z_NO_FLUSH); + ret = PNG_INFLATE(png_ptr, Z_NO_FLUSH); /* Take the unconsumed output back. */ if (output != NULL) diff --git a/media/libpng/pngset.c b/media/libpng/pngset.c index 339bebd28269..4d4351716382 100644 --- a/media/libpng/pngset.c +++ b/media/libpng/pngset.c @@ -1,7 +1,7 @@ /* pngset.c - storage of image information into info struct * - * Last changed in libpng 1.6.19 [November 12, 2015] + * Last changed in libpng 1.6.21 [January 15, 2016] * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -525,8 +525,8 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr, if (png_ptr == NULL || info_ptr == NULL) return; - max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? - (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; + max_palette_length = (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? + (1 << info_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; if (num_palette < 0 || num_palette > (int) max_palette_length) { @@ -1718,7 +1718,7 @@ png_set_user_limits (png_structrp png_ptr, png_uint_32 user_width_max, { /* Images with dimensions larger than these limits will be * rejected by png_set_IHDR(). To accept any PNG datastream - * regardless of dimensions, set both limits to 0x7ffffff. + * regardless of dimensions, set both limits to 0x7fffffff. */ if (png_ptr == NULL) return; @@ -1789,4 +1789,88 @@ png_set_check_for_invalid_index(png_structrp png_ptr, int allowed) png_ptr->num_palette_max = -1; } #endif + +#if defined(PNG_TEXT_SUPPORTED) || defined(PNG_pCAL_SUPPORTED) || \ + defined(PNG_iCCP_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) +/* Check that the tEXt or zTXt keyword is valid per PNG 1.0 specification, + * and if invalid, correct the keyword rather than discarding the entire + * chunk. The PNG 1.0 specification requires keywords 1-79 characters in + * length, forbids leading or trailing whitespace, multiple internal spaces, + * and the non-break space (0x80) from ISO 8859-1. Returns keyword length. + * + * The 'new_key' buffer must be 80 characters in size (for the keyword plus a + * trailing '\0'). If this routine returns 0 then there was no keyword, or a + * valid one could not be generated, and the caller must png_error. + */ +png_uint_32 /* PRIVATE */ +png_check_keyword(png_structrp png_ptr, png_const_charp key, png_bytep new_key) +{ + png_const_charp orig_key = key; + png_uint_32 key_len = 0; + int bad_character = 0; + int space = 1; + + png_debug(1, "in png_check_keyword"); + + if (key == NULL) + { + *new_key = 0; + return 0; + } + + while (*key && key_len < 79) + { + png_byte ch = (png_byte)*key++; + + if ((ch > 32 && ch <= 126) || (ch >= 161 /*&& ch <= 255*/)) + *new_key++ = ch, ++key_len, space = 0; + + else if (space == 0) + { + /* A space or an invalid character when one wasn't seen immediately + * before; output just a space. + */ + *new_key++ = 32, ++key_len, space = 1; + + /* If the character was not a space then it is invalid. */ + if (ch != 32) + bad_character = ch; + } + + else if (bad_character == 0) + bad_character = ch; /* just skip it, record the first error */ + } + + if (key_len > 0 && space != 0) /* trailing space */ + { + --key_len, --new_key; + if (bad_character == 0) + bad_character = 32; + } + + /* Terminate the keyword */ + *new_key = 0; + + if (key_len == 0) + return 0; + +#ifdef PNG_WARNINGS_SUPPORTED + /* Try to only output one warning per keyword: */ + if (*key != 0) /* keyword too long */ + png_warning(png_ptr, "keyword truncated"); + + else if (bad_character != 0) + { + PNG_WARNING_PARAMETERS(p) + + png_warning_parameter(p, 1, orig_key); + png_warning_parameter_signed(p, 2, PNG_NUMBER_FORMAT_02x, bad_character); + + png_formatted_warning(png_ptr, p, "keyword \"@1\": bad character '0x@2'"); + } +#endif /* WARNINGS */ + + return key_len; +} +#endif /* TEXT || pCAL || iCCP || sPLT */ #endif /* READ || WRITE */ diff --git a/media/libpng/pngstruct.h b/media/libpng/pngstruct.h index ec08ed16d465..38258f1ee9ab 100644 --- a/media/libpng/pngstruct.h +++ b/media/libpng/pngstruct.h @@ -2,7 +2,7 @@ /* pngstruct.h - header file for PNG reference library * * Last changed in libpng 1.6.18 [July 23, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -263,6 +263,9 @@ struct png_struct_def /* pixel depth used for the row buffers */ png_byte transformed_pixel_depth; /* pixel depth after read/write transforms */ +#if PNG_ZLIB_VERNUM >= 0x1240 + png_byte zstream_start; /* at start of an input zlib stream */ +#endif /* Zlib >= 1.2.4 */ #if defined(PNG_READ_FILLER_SUPPORTED) || defined(PNG_WRITE_FILLER_SUPPORTED) png_uint_16 filler; /* filler bytes for pixel expansion */ #endif diff --git a/media/libpng/pngtrans.c b/media/libpng/pngtrans.c index 0c0d92d8fd6d..7f8cc455d338 100644 --- a/media/libpng/pngtrans.c +++ b/media/libpng/pngtrans.c @@ -2,7 +2,7 @@ /* pngtrans.c - transforms the data in a row (used by both readers and writers) * * Last changed in libpng 1.6.18 [July 23, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pngwio.c b/media/libpng/pngwio.c index db76e6b8d788..586c03b72189 100644 --- a/media/libpng/pngwio.c +++ b/media/libpng/pngwio.c @@ -2,7 +2,7 @@ /* pngwio.c - functions for data output * * Last changed in libpng 1.6.15 [November 20, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2014 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pngwrite.c b/media/libpng/pngwrite.c index 47834e7a19f8..33e10eb58990 100644 --- a/media/libpng/pngwrite.c +++ b/media/libpng/pngwrite.c @@ -2,7 +2,7 @@ /* pngwrite.c - general routines to write a PNG file * * Last changed in libpng 1.6.19 [November 12, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pngwtran.c b/media/libpng/pngwtran.c index 5dc949157d41..038a2ef5dcd5 100644 --- a/media/libpng/pngwtran.c +++ b/media/libpng/pngwtran.c @@ -2,7 +2,7 @@ /* pngwtran.c - transforms the data in a row for PNG writers * * Last changed in libpng 1.6.18 [July 23, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/media/libpng/pngwutil.c b/media/libpng/pngwutil.c index 39cd7b922993..ca15fddf8d2c 100644 --- a/media/libpng/pngwutil.c +++ b/media/libpng/pngwutil.c @@ -1,8 +1,8 @@ /* pngwutil.c - utilities to write a PNG file * - * Last changed in libpng 1.6.19 [November 12, 2015] - * Copyright (c) 1998-2015 Glenn Randers-Pehrson + * Last changed in libpng 1.6.21 [January 15, 2016] + * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -665,90 +665,6 @@ png_write_compressed_data_out(png_structrp png_ptr, compression_state *comp) } #endif /* WRITE_COMPRESSED_TEXT */ -#if defined(PNG_WRITE_TEXT_SUPPORTED) || defined(PNG_WRITE_pCAL_SUPPORTED) || \ - defined(PNG_WRITE_iCCP_SUPPORTED) || defined(PNG_WRITE_sPLT_SUPPORTED) -/* Check that the tEXt or zTXt keyword is valid per PNG 1.0 specification, - * and if invalid, correct the keyword rather than discarding the entire - * chunk. The PNG 1.0 specification requires keywords 1-79 characters in - * length, forbids leading or trailing whitespace, multiple internal spaces, - * and the non-break space (0x80) from ISO 8859-1. Returns keyword length. - * - * The 'new_key' buffer must be 80 characters in size (for the keyword plus a - * trailing '\0'). If this routine returns 0 then there was no keyword, or a - * valid one could not be generated, and the caller must png_error. - */ -static png_uint_32 -png_check_keyword(png_structrp png_ptr, png_const_charp key, png_bytep new_key) -{ - png_const_charp orig_key = key; - png_uint_32 key_len = 0; - int bad_character = 0; - int space = 1; - - png_debug(1, "in png_check_keyword"); - - if (key == NULL) - { - *new_key = 0; - return 0; - } - - while (*key && key_len < 79) - { - png_byte ch = (png_byte)*key++; - - if ((ch > 32 && ch <= 126) || (ch >= 161 /*&& ch <= 255*/)) - *new_key++ = ch, ++key_len, space = 0; - - else if (space == 0) - { - /* A space or an invalid character when one wasn't seen immediately - * before; output just a space. - */ - *new_key++ = 32, ++key_len, space = 1; - - /* If the character was not a space then it is invalid. */ - if (ch != 32) - bad_character = ch; - } - - else if (bad_character == 0) - bad_character = ch; /* just skip it, record the first error */ - } - - if (key_len > 0 && space != 0) /* trailing space */ - { - --key_len, --new_key; - if (bad_character == 0) - bad_character = 32; - } - - /* Terminate the keyword */ - *new_key = 0; - - if (key_len == 0) - return 0; - -#ifdef PNG_WARNINGS_SUPPORTED - /* Try to only output one warning per keyword: */ - if (*key != 0) /* keyword too long */ - png_warning(png_ptr, "keyword truncated"); - - else if (bad_character != 0) - { - PNG_WARNING_PARAMETERS(p) - - png_warning_parameter(p, 1, orig_key); - png_warning_parameter_signed(p, 2, PNG_NUMBER_FORMAT_02x, bad_character); - - png_formatted_warning(png_ptr, p, "keyword \"@1\": bad character '0x@2'"); - } -#endif /* WARNINGS */ - - return key_len; -} -#endif /* WRITE_TEXT || WRITE_pCAL || WRITE_iCCP || WRITE_sPLT */ - /* Write the IHDR chunk, and update the png_struct with the necessary * information. Note that the rest of this code depends upon this * information being correct. @@ -2660,7 +2576,7 @@ png_write_find_filter(png_structrp png_ptr, png_row_infop row_info) if (filter_to_do == PNG_FILTER_SUB) /* It's the only filter so no testing is needed */ { - (void) png_setup_sub_row(png_ptr, bpp, row_bytes, mins); + (void) png_setup_sub_row(png_ptr, bpp, row_bytes, mins); best_row = png_ptr->try_row; } @@ -2669,7 +2585,7 @@ png_write_find_filter(png_structrp png_ptr, png_row_infop row_info) png_size_t sum; png_size_t lmins = mins; - sum = png_setup_sub_row(png_ptr, bpp, row_bytes, lmins); + sum = png_setup_sub_row(png_ptr, bpp, row_bytes, lmins); if (sum < mins) { @@ -2695,7 +2611,7 @@ png_write_find_filter(png_structrp png_ptr, png_row_infop row_info) png_size_t sum; png_size_t lmins = mins; - sum = png_setup_up_row(png_ptr, row_bytes, lmins); + sum = png_setup_up_row(png_ptr, row_bytes, lmins); if (sum < mins) {