Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(252)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/libpng16/pngset.c

Issue 2292313003: Avoid leaking params if any entry bad. (Closed)
Patch Set: Update patch Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/libpng16/README.pdfium ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 1
2 /* pngset.c - storage of image information into info struct 2 /* pngset.c - storage of image information into info struct
3 * 3 *
4 * Last changed in libpng 1.6.21 [January 15, 2016] 4 * Last changed in libpng 1.6.21 [January 15, 2016]
5 * Copyright (c) 1998-2015 Glenn Randers-Pehrson 5 * Copyright (c) 1998-2015 Glenn Randers-Pehrson
6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) 6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) 7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
8 * 8 *
9 * This code is released under the libpng license. 9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer 10 * For conditions of distribution and use, see the disclaimer
(...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after
276 return; 276 return;
277 277
278 length = strlen(purpose) + 1; 278 length = strlen(purpose) + 1;
279 png_debug1(3, "allocating purpose for info (%lu bytes)", 279 png_debug1(3, "allocating purpose for info (%lu bytes)",
280 (unsigned long)length); 280 (unsigned long)length);
281 281
282 /* TODO: validate format of calibration name and unit name */ 282 /* TODO: validate format of calibration name and unit name */
283 283
284 /* Check that the type matches the specification. */ 284 /* Check that the type matches the specification. */
285 if (type < 0 || type > 3) 285 if (type < 0 || type > 3)
286 png_error(png_ptr, "Invalid pCAL equation type"); 286 {
287 png_chunk_report(png_ptr, "Invalid pCAL equation type",
288 PNG_CHUNK_WRITE_ERROR);
289 return;
290 }
287 291
288 if (nparams < 0 || nparams > 255) 292 if (nparams < 0 || nparams > 255)
289 png_error(png_ptr, "Invalid pCAL parameter count"); 293 {
294 png_chunk_report(png_ptr, "Invalid pCAL parameter count",
295 PNG_CHUNK_WRITE_ERROR);
296 return;
297 }
290 298
291 /* Validate params[nparams] */ 299 /* Validate params[nparams] */
292 for (i=0; i<nparams; ++i) 300 for (i=0; i<nparams; ++i)
293 { 301 {
294 if (params[i] == NULL || 302 if (params[i] == NULL ||
295 !png_check_fp_string(params[i], strlen(params[i]))) 303 !png_check_fp_string(params[i], strlen(params[i])))
296 png_error(png_ptr, "Invalid format for pCAL parameter"); 304 {
305 png_chunk_report(png_ptr, "Invalid format for pCAL parameter",
306 PNG_CHUNK_WRITE_ERROR);
307 return;
308 }
297 } 309 }
298 310
299 info_ptr->pcal_purpose = png_voidcast(png_charp, 311 info_ptr->pcal_purpose = png_voidcast(png_charp,
300 png_malloc_warn(png_ptr, length)); 312 png_malloc_warn(png_ptr, length));
301 313
302 if (info_ptr->pcal_purpose == NULL) 314 if (info_ptr->pcal_purpose == NULL)
303 { 315 {
304 png_warning(png_ptr, "Insufficient memory for pCAL purpose"); 316 png_chunk_report(png_ptr, "Insufficient memory for pCAL purpose",
305 317 PNG_CHUNK_WRITE_ERROR);
306 return; 318 return;
307 } 319 }
308 320
309 memcpy(info_ptr->pcal_purpose, purpose, length); 321 memcpy(info_ptr->pcal_purpose, purpose, length);
310 322
311 png_debug(3, "storing X0, X1, type, and nparams in info"); 323 png_debug(3, "storing X0, X1, type, and nparams in info");
312 info_ptr->pcal_X0 = X0; 324 info_ptr->pcal_X0 = X0;
313 info_ptr->pcal_X1 = X1; 325 info_ptr->pcal_X1 = X1;
314 info_ptr->pcal_type = (png_byte)type; 326 info_ptr->pcal_type = (png_byte)type;
315 info_ptr->pcal_nparams = (png_byte)nparams; 327 info_ptr->pcal_nparams = (png_byte)nparams;
(...skipping 1409 matching lines...) Expand 10 before | Expand all | Expand 10 after
1725 png_warning_parameter_signed(p, 2, PNG_NUMBER_FORMAT_02x, bad_character); 1737 png_warning_parameter_signed(p, 2, PNG_NUMBER_FORMAT_02x, bad_character);
1726 1738
1727 png_formatted_warning(png_ptr, p, "keyword \"@1\": bad character '0x@2'"); 1739 png_formatted_warning(png_ptr, p, "keyword \"@1\": bad character '0x@2'");
1728 } 1740 }
1729 #endif /* WARNINGS */ 1741 #endif /* WARNINGS */
1730 1742
1731 return key_len; 1743 return key_len;
1732 } 1744 }
1733 #endif /* TEXT || pCAL || iCCP || sPLT */ 1745 #endif /* TEXT || pCAL || iCCP || sPLT */
1734 #endif /* READ || WRITE */ 1746 #endif /* READ || WRITE */
OLDNEW
« no previous file with comments | « third_party/libpng16/README.pdfium ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698