Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(215)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/libpng/pngpread.c

Issue 2040433002: Fix undefined behavior in libpng (Closed) Base URL: https://skia.googlesource.com/skia.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/libpng/README.google ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 1
2 /* pngpread.c - read a png file in push mode 2 /* pngpread.c - read a png file in push mode
3 * 3 *
4 * Last changed in libpng 1.6.18 [July 23, 2015] 4 * Last changed in libpng 1.6.18 [July 23, 2015]
5 * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson 5 * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson
6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) 6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) 7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
8 * 8 *
9 * This code is released under the libpng license. 9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer 10 * For conditions of distribution and use, see the disclaimer
(...skipping 481 matching lines...) Expand 10 before | Expand all | Expand 10 after
492 old_buffer = png_ptr->save_buffer; 492 old_buffer = png_ptr->save_buffer;
493 png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, 493 png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
494 (png_size_t)new_max); 494 (png_size_t)new_max);
495 495
496 if (png_ptr->save_buffer == NULL) 496 if (png_ptr->save_buffer == NULL)
497 { 497 {
498 png_free(png_ptr, old_buffer); 498 png_free(png_ptr, old_buffer);
499 png_error(png_ptr, "Insufficient memory for save_buffer"); 499 png_error(png_ptr, "Insufficient memory for save_buffer");
500 } 500 }
501 501
502 #if 0
503 // This is the code checked into libpng. Calling memcpy with a null
504 // source is undefined, even if count is 0, but libpng does not
505 // currently check for null or 0. The Skia fix is below.
506 // skbug.com/5390
502 memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size); 507 memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
508 #else
509 if (old_buffer)
510 memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
511 else if (png_ptr->save_buffer_size)
512 png_error(png_ptr, "save_buffer error");
513 #endif
503 png_free(png_ptr, old_buffer); 514 png_free(png_ptr, old_buffer);
504 png_ptr->save_buffer_max = new_max; 515 png_ptr->save_buffer_max = new_max;
505 } 516 }
506 if (png_ptr->current_buffer_size) 517 if (png_ptr->current_buffer_size)
507 { 518 {
508 memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size, 519 memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size,
509 png_ptr->current_buffer_ptr, png_ptr->current_buffer_size); 520 png_ptr->current_buffer_ptr, png_ptr->current_buffer_size);
510 png_ptr->save_buffer_size += png_ptr->current_buffer_size; 521 png_ptr->save_buffer_size += png_ptr->current_buffer_size;
511 png_ptr->current_buffer_size = 0; 522 png_ptr->current_buffer_size = 0;
512 } 523 }
(...skipping 563 matching lines...) Expand 10 before | Expand all | Expand 10 after
1076 1087
1077 png_voidp PNGAPI 1088 png_voidp PNGAPI
1078 png_get_progressive_ptr(png_const_structrp png_ptr) 1089 png_get_progressive_ptr(png_const_structrp png_ptr)
1079 { 1090 {
1080 if (png_ptr == NULL) 1091 if (png_ptr == NULL)
1081 return (NULL); 1092 return (NULL);
1082 1093
1083 return png_ptr->io_ptr; 1094 return png_ptr->io_ptr;
1084 } 1095 }
1085 #endif /* PROGRESSIVE_READ */ 1096 #endif /* PROGRESSIVE_READ */
OLDNEW
« no previous file with comments | « third_party/libpng/README.google ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698