| OLD | NEW |
|---|
| 1 | 1 |
| 2 /* pngrutil.c - utilities to read a PNG file | 2 /* pngrutil.c - utilities to read a PNG file |
| 3 * | 3 * |
| 4 * Last changed in libpng 1.2.45 [July 7, 2011] | 4 * Last changed in libpng 1.2.45 [July 7, 2011] |
| 5 * Copyright (c) 1998-2011 Glenn Randers-Pehrson | 5 * Copyright (c) 1998-2011 Glenn Randers-Pehrson |
| 6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) | 6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) |
| 7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) | 7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) |
| 8 * | 8 * |
| 9 * This code is released under the libpng license. | 9 * This code is released under the libpng license. |
| 10 * For conditions of distribution and use, see the disclaimer | 10 * For conditions of distribution and use, see the disclaimer |
| (...skipping 345 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 356 * error case below. | 356 * error case below. |
| 357 */ | 357 */ |
| 358 #if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \ | 358 #if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \ |
| 359 defined(PNG_USER_CHUNK_MALLOC_MAX) | 359 defined(PNG_USER_CHUNK_MALLOC_MAX) |
| 360 else | 360 else |
| 361 #endif | 361 #endif |
| 362 if (expanded_size > 0) | 362 if (expanded_size > 0) |
| 363 { | 363 { |
| 364 /* Success (maybe) - really uncompress the chunk. */ | 364 /* Success (maybe) - really uncompress the chunk. */ |
| 365 png_size_t new_size = 0; | 365 png_size_t new_size = 0; |
| 366 png_charp text = png_malloc_warn(png_ptr, | 366 png_charp text = NULL; |
| 367 prefix_size + expanded_size + 1); | 367 /* Need to check for both truncation (64-bit platforms) and integer |
| 368 * overflow. |
| 369 */ |
| 370 if (prefix_size + expanded_size > prefix_size && |
| 371 prefix_size + expanded_size < 0xffffffffU) |
| 372 { |
| 373 text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1); |
| 374 } |
| 368 | 375 |
| 369 if (text != NULL) | 376 if (text != NULL) |
| 370 { | 377 { |
| 371 png_memcpy(text, png_ptr->chunkdata, prefix_size); | 378 png_memcpy(text, png_ptr->chunkdata, prefix_size); |
| 372 new_size = png_inflate(png_ptr, | 379 new_size = png_inflate(png_ptr, |
| 373 (png_bytep)(png_ptr->chunkdata + prefix_size), | 380 (png_bytep)(png_ptr->chunkdata + prefix_size), |
| 374 chunklength - prefix_size, | 381 chunklength - prefix_size, |
| 375 (png_bytep)(text + prefix_size), expanded_size); | 382 (png_bytep)(text + prefix_size), expanded_size); |
| 376 text[prefix_size + expanded_size] = 0; /* just in case */ | 383 text[prefix_size + expanded_size] = 0; /* just in case */ |
| 377 | 384 |
| (...skipping 3003 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3381 png_debug1(3, "height = %lu,", png_ptr->height); | 3388 png_debug1(3, "height = %lu,", png_ptr->height); |
| 3382 png_debug1(3, "iwidth = %lu,", png_ptr->iwidth); | 3389 png_debug1(3, "iwidth = %lu,", png_ptr->iwidth); |
| 3383 png_debug1(3, "num_rows = %lu,", png_ptr->num_rows); | 3390 png_debug1(3, "num_rows = %lu,", png_ptr->num_rows); |
| 3384 png_debug1(3, "rowbytes = %lu,", png_ptr->rowbytes); | 3391 png_debug1(3, "rowbytes = %lu,", png_ptr->rowbytes); |
| 3385 png_debug1(3, "irowbytes = %lu", | 3392 png_debug1(3, "irowbytes = %lu", |
| 3386 PNG_ROWBYTES(png_ptr->pixel_depth, png_ptr->iwidth) + 1); | 3393 PNG_ROWBYTES(png_ptr->pixel_depth, png_ptr->iwidth) + 1); |
| 3387 | 3394 |
| 3388 png_ptr->flags |= PNG_FLAG_ROW_INIT; | 3395 png_ptr->flags |= PNG_FLAG_ROW_INIT; |
| 3389 } | 3396 } |
| 3390 #endif /* PNG_READ_SUPPORTED */ | 3397 #endif /* PNG_READ_SUPPORTED */ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9363013:
Fix integer issues in a way that caters for both 32-bit and 64-bit. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/