Subject: CVS commit: pkgsrc/graphics/png
To: None <pkgsrc-changes@netbsd.org>
From: Frederick Bruckman <fredb@netbsd.org>
List: pkgsrc-changes
Date: 12/20/2002 19:54:29
Module Name: pkgsrc
Committed By: fredb
Date: Fri Dec 20 17:54:28 UTC 2002
Modified Files:
pkgsrc/graphics/png: Makefile distinfo
pkgsrc/graphics/png/patches: patch-ac
Log Message:
Fix another bug in png_do_read_filler() regarding 16-big *grayscale*
images (and bump package to 1.2.5nb2). The following is taken directly
from the png-implement mailing list...
Date: Fri, 20 Dec 2002 11:26:31 -0500
From: Glenn Randers-Pehrson <glennrp@comcast.net>
Reply-To: png-implement@ccrc.wustl.edu
To: png-implement@ccrc.wustl.edu
Subject: Re: [png-implement] bug in png_read_filler() with 16-bit samples
At 01:01 AM 12/5/02 -0500, Glenn Randers-Pehrson wrote:
>A bug has turned up in png_read_filler() with 16-bit samples.
>The starting offsets for the loops are calculated incorrectly
>which causes a buffer overrun beyond the beginning of the row
>buffer.
>
>To fix, at lines 1968 and 1990,
>change "row_width * 3" to "row_width * 6"
>and at lines 1969 and 1991,
>change "row_width;" to "row_width * 2;"
This is only half of the story. Adding an alpha channel to
16-bit *grayscale* images with png_do_read_filler() exhibits
the same bug, and pngcrush crashes if I try to do it.
To fix, at lines 1892, 1893, 1910, and 1911 of pngrtran.c
change "row_width" to "row_width * 2"
Note that applications that do not add an alpha channel via
png_set_filler(), and any applications that do, but reduce 16-bit
samples to 8 bit via png_set_strip_16() are invulnerable to
the bug. Pngcrush is the only application that I know of
that uses png_set_filler() without also using png_set_strip_16().
Glenn
--
Send the message body "help" to png-implement-request@ccrc.wustl.edu
To generate a diff of this commit:
cvs rdiff -r1.45 -r1.46 pkgsrc/graphics/png/Makefile
cvs rdiff -r1.12 -r1.13 pkgsrc/graphics/png/distinfo
cvs rdiff -r1.1 -r1.2 pkgsrc/graphics/png/patches/patch-ac
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.