Fix another bug in png_do_read_filler() regarding 16-big *grayscale*

images (and bump package to 1.2.5nb2). The following is taken directly from the png-implement mailing list... Date: Fri, 20 Dec 2002 11:26:31 -0500 From: Glenn Randers-Pehrson <glennrp@comcast.net> Reply-To: png-implement@ccrc.wustl.edu To: png-implement@ccrc.wustl.edu Subject: Re: [png-implement] bug in png_read_filler() with 16-bit samples At 01:01 AM 12/5/02 -0500, Glenn Randers-Pehrson wrote: >A bug has turned up in png_read_filler() with 16-bit samples. >The starting offsets for the loops are calculated incorrectly >which causes a buffer overrun beyond the beginning of the row >buffer. > >To fix, at lines 1968 and 1990, >change "row_width * 3" to "row_width * 6" >and at lines 1969 and 1991, >change "row_width;" to "row_width * 2;" This is only half of the story. Adding an alpha channel to 16-bit *grayscale* images with png_do_read_filler() exhibits the same bug, and pngcrush crashes if I try to do it. To fix, at lines 1892, 1893, 1910, and 1911 of pngrtran.c change "row_width" to "row_width * 2" Note that applications that do not add an alpha channel via png_set_filler(), and any applications that do, but reduce 16-bit samples to 8 bit via png_set_strip_16() are invulnerable to the bug. Pngcrush is the only application that I know of that uses png_set_filler() without also using png_set_strip_16(). Glenn -- Send the message body "help" to png-implement-request@ccrc.wustl.edu
author: fredb <fredb> 2002-12-20 17:54:27 +0000
committer: fredb <fredb> 2002-12-20 17:54:27 +0000
commit: 84b77f2b82815adb6c5a5abbbb6bfcfa4d6ec34a (patch)
tree: d230cb6717e2525528c959b151cb46862da0770b /graphics
parent: 12c14881401dd3a249c5a1658734a69cc1fb29c0 (diff)
download: pkgsrc-84b77f2b82815adb6c5a5abbbb6bfcfa4d6ec34a.tar.gz
3 files changed, 29 insertions, 7 deletions
diff --git a/graphics/png/Makefile b/graphics/png/Makefile
index 9ee5fb8bc3d..5994badf1ab 100644
--- a/graphics/png/Makefile
+++ b/graphics/png/Makefile
@@ -1,10 +1,10 @@
-# $NetBSD: Makefile,v 1.45 2002/12/19 21:25:09 fredb Exp $
+# $NetBSD: Makefile,v 1.46 2002/12/20 17:54:27 fredb Exp $
 
 # On update, don't forget to increase shared library major/minor's in
 # accordance with changes (patch-aa).
 DISTNAME=	libpng-1.2.5
 PKGNAME=	${DISTNAME:S/lib//}
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	graphics
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=libpng/} \
 		http://www.libpng.org/pub/png/src/ \
diff --git a/graphics/png/distinfo b/graphics/png/distinfo
index c17be0fdc8e..eabace9dbaa 100644
--- a/graphics/png/distinfo
+++ b/graphics/png/distinfo
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.12 2002/12/19 21:25:09 fredb Exp $
+$NetBSD: distinfo,v 1.13 2002/12/20 17:54:27 fredb Exp $
 
 SHA1 (libpng-1.2.5.tar.bz2) = 6752eaf1a604edbbb0149b781155ef9cb47d80c3
 Size (libpng-1.2.5.tar.bz2) = 378030 bytes
 SHA1 (patch-aa) = 6cc8354eccd61a4355d64ca456dc950f379701ad
 SHA1 (patch-ab) = be7dc4a3e21c0056a913c5f1488528558024e6ea
-SHA1 (patch-ac) = 4ed570271a509747d300d38207b08e07f1adff3d
+SHA1 (patch-ac) = 96e42c626b9aec1f2d68f920f147463ca77da27c
diff --git a/graphics/png/patches/patch-ac b/graphics/png/patches/patch-ac
index 5a5ad4a364d..72fe92534b9 100644
--- a/graphics/png/patches/patch-ac
+++ b/graphics/png/patches/patch-ac
@@ -1,8 +1,30 @@
-$NetBSD: patch-ac,v 1.1 2002/12/19 21:25:10 fredb Exp $
+$NetBSD: patch-ac,v 1.2 2002/12/20 17:54:28 fredb Exp $
 
 --- pngrtran.c.orig	Thu Oct  3 06:32:29 2002
 +++ pngrtran.c
-@@ -1965,8 +1965,8 @@ png_do_read_filler(png_row_infop row_inf
+@@ -1889,8 +1889,8 @@
+          /* This changes the data from GG to GGXX */
+          if (flags & PNG_FLAG_FILLER_AFTER)
+          {
+-            png_bytep sp = row + (png_size_t)row_width;
+-            png_bytep dp = sp  + (png_size_t)row_width;
++            png_bytep sp = row + (png_size_t)row_width * 2;
++            png_bytep dp = sp  + (png_size_t)row_width * 2;
+             for (i = 1; i < row_width; i++)
+             {
+                *(--dp) = hi_filler;
+@@ -1907,8 +1907,8 @@
+          /* This changes the data from GG to XXGG */
+          else
+          {
+-            png_bytep sp = row + (png_size_t)row_width;
+-            png_bytep dp = sp  + (png_size_t)row_width;
++            png_bytep sp = row + (png_size_t)row_width * 2;
++            png_bytep dp = sp  + (png_size_t)row_width * 2;
+             for (i = 0; i < row_width; i++)
+             {
+                *(--dp) = *(--sp);
+@@ -1965,8 +1965,8 @@
           /* This changes the data from RRGGBB to RRGGBBXX */
           if (flags & PNG_FLAG_FILLER_AFTER)
           {
@@ -13,7 +35,7 @@ $NetBSD: patch-ac,v 1.1 2002/12/19 21:25:10 fredb Exp $
              for (i = 1; i < row_width; i++)
              {
                 *(--dp) = hi_filler;
-@@ -1987,8 +1987,8 @@ png_do_read_filler(png_row_infop row_inf
+@@ -1987,8 +1987,8 @@
           /* This changes the data from RRGGBB to XXRRGGBB */
           else
           {
author	fredb <fredb>	2002-12-20 17:54:27 +0000
committer	fredb <fredb>	2002-12-20 17:54:27 +0000
commit	84b77f2b82815adb6c5a5abbbb6bfcfa4d6ec34a (patch)
tree	d230cb6717e2525528c959b151cb46862da0770b /graphics
parent	12c14881401dd3a249c5a1658734a69cc1fb29c0 (diff)
download	pkgsrc-84b77f2b82815adb6c5a5abbbb6bfcfa4d6ec34a.tar.gz