代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/libpng12 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 4d4f4721088414b72233aaf1ab19941666cdc76d Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Mon, 7 Aug 2017 05:51:12 -0500
Subject: [PATCH] [libpng12] Added png_check_chunk_length() function.
---
png.h | 17 ++++++++++-------
pngpread.c | 1 +
pngrutil.c | 38 ++++++++++++++++++++++++++++++++++++++
5 files changed, 55 insertions(+), 11 deletions(-)
diff --git a/png.h b/png.h
index b2461323a..09a4ad7e1 100644
--- a/png.h
+++ b/png.h
@@ -3409,6 +3409,9 @@ PNG_EXTERN void png_handle_unknown PNGARG((png_structp png_ptr,
PNG_EXTERN void png_check_chunk_name PNGARG((png_structp png_ptr,
png_bytep chunk_name)) PNG_PRIVATE;
+PNG_EXTERN void png_check_chunk_length PNGARG((png_structp png_ptr,
+ png_uint_32 chunk_length)) PNG_PRIVATE;
+
/* Handle the transformations for reading and writing */
PNG_EXTERN void png_do_read_transformations
PNGARG((png_structp png_ptr)) PNG_PRIVATE;
diff --git a/pngpread.c b/pngpread.c
index ec2aa7d4b..319a3140d 100644
--- a/pngpread.c
+++ b/pngpread.c
@@ -205,6 +205,7 @@ png_push_read_chunk(png_structp png_ptr, png_infop info_ptr)
png_reset_crc(png_ptr);
png_crc_read(png_ptr, png_ptr->chunk_name, 4);
png_check_chunk_name(png_ptr, png_ptr->chunk_name);
+ png_check_chunk_length(png_ptr, png_ptr->push_length);
png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
}
diff --git a/pngrutil.c b/pngrutil.c
index 36ba4efb7..9011f7063 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -131,6 +131,9 @@ png_read_chunk_header(png_structp png_ptr)
/* Check to see if chunk name is valid */
png_check_chunk_name(png_ptr, png_ptr->chunk_name);
+ /* Check for too-large chunk length */
+ png_check_chunk_length(png_ptr, length);
+
return length;
}
@@ -2506,6 +2509,41 @@ png_check_chunk_name(png_structp png_ptr, png_bytep chunk_name)
}
}
+void /* PRIVATE */
+png_check_chunk_length(png_structp png_ptr, png_uint_32 length)
+{
+ png_uint_32 limit = PNG_UINT_31_MAX;
+
+ /* if (png_ptr->chunk_name != "IDAT") */
+ if (png_ptr->chunk_name[0] != 73 || png_ptr->chunk_name[1] !=68 ||
+ png_ptr->chunk_name[2] != 65 || png_ptr->chunk_name[3] !=84)
+ {
+# if PNG_USER_CHUNK_MALLOC_MAX > 0
+ if (PNG_USER_CHUNK_MALLOC_MAX < limit)
+ limit = PNG_USER_CHUNK_MALLOC_MAX;
+# endif
+ }
+ else
+ {
+ size_t row_factor =
+ (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1)
+ + 1 + (png_ptr->interlaced? 6: 0));
+ if (png_ptr->height > PNG_UINT_32_MAX/row_factor)
+ limit=PNG_UINT_31_MAX;
+ else
+ limit = png_ptr->height * row_factor;
+ limit += 6 + 5*(limit/32566+1); /* zlib+deflate overhead */
+ limit=limit < PNG_UINT_31_MAX? limit : PNG_UINT_31_MAX;
+ }
+ if (length > limit)
+ {
+ png_debug2(0," length = %lu, limit = %lu",
+ (unsigned long)length,(unsigned long)limit);
+ png_chunk_error(png_ptr, "chunk data is too large");
+ }
+}
+
+
/* Combines the row recently read in with the existing pixels in the
row. This routine takes care of alpha and transparency if requested.
This routine also handles the two methods of progressive display
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手