Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(46)

Unified Diff: third_party/libpng/pngpread.c

Issue 2040433002: Fix undefined behavior in libpng (Closed) Base URL: https://skia.googlesource.com/skia.git@master
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/libpng/README.google ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/libpng/pngpread.c
diff --git a/third_party/libpng/pngpread.c b/third_party/libpng/pngpread.c
index 0dc1e53c2247a2b3bf621f818b793a9ed087c321..0266cbe43a8240c1d324a0e134c22fdbd7c54211 100644
--- a/third_party/libpng/pngpread.c
+++ b/third_party/libpng/pngpread.c
@@ -499,7 +499,18 @@ png_push_save_buffer(png_structrp png_ptr)
png_error(png_ptr, "Insufficient memory for save_buffer");
}
+#if 0
+ // This is the code checked into libpng. Calling memcpy with a null
+ // source is undefined, even if count is 0, but libpng does not
+ // currently check for null or 0. The Skia fix is below.
+ // skbug.com/5390
memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
+#else
+ if (old_buffer)
+ memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
+ else if (png_ptr->save_buffer_size)
+ png_error(png_ptr, "save_buffer error");
+#endif
png_free(png_ptr, old_buffer);
png_ptr->save_buffer_max = new_max;
}
« no previous file with comments | « third_party/libpng/README.google ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698