Chromium Code Reviews
Help | Chromium Project | Sign in
(619)

Side by Side Diff: third_party/libpng/pngrutil.c

Issue 9363013: Fix integer issues in a way that caters for both 32-bit and 64-bit. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 2 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « third_party/libpng/README.chromium ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 1
2 /* pngrutil.c - utilities to read a PNG file 2 /* pngrutil.c - utilities to read a PNG file
3 * 3 *
4 * Last changed in libpng 1.2.45 [July 7, 2011] 4 * Last changed in libpng 1.2.45 [July 7, 2011]
5 * Copyright (c) 1998-2011 Glenn Randers-Pehrson 5 * Copyright (c) 1998-2011 Glenn Randers-Pehrson
6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) 6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) 7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
8 * 8 *
9 * This code is released under the libpng license. 9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer 10 * For conditions of distribution and use, see the disclaimer
(...skipping 345 matching lines...) Expand 10 before | Expand all | Expand 10 after
356 * error case below. 356 * error case below.
357 */ 357 */
358 #if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \ 358 #if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \
359 defined(PNG_USER_CHUNK_MALLOC_MAX) 359 defined(PNG_USER_CHUNK_MALLOC_MAX)
360 else 360 else
361 #endif 361 #endif
362 if (expanded_size > 0) 362 if (expanded_size > 0)
363 { 363 {
364 /* Success (maybe) - really uncompress the chunk. */ 364 /* Success (maybe) - really uncompress the chunk. */
365 png_size_t new_size = 0; 365 png_size_t new_size = 0;
366 png_charp text = png_malloc_warn(png_ptr, 366 png_charp text = NULL;
367 prefix_size + expanded_size + 1); 367 /* Need to check for both truncation (64-bit platforms) and integer
368 * overflow.
369 */
370 if (prefix_size + expanded_size > prefix_size &&
371 prefix_size + expanded_size < 0xffffffffU)
372 {
373 text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
374 }
368 375
369 if (text != NULL) 376 if (text != NULL)
370 { 377 {
371 png_memcpy(text, png_ptr->chunkdata, prefix_size); 378 png_memcpy(text, png_ptr->chunkdata, prefix_size);
372 new_size = png_inflate(png_ptr, 379 new_size = png_inflate(png_ptr,
373 (png_bytep)(png_ptr->chunkdata + prefix_size), 380 (png_bytep)(png_ptr->chunkdata + prefix_size),
374 chunklength - prefix_size, 381 chunklength - prefix_size,
375 (png_bytep)(text + prefix_size), expanded_size); 382 (png_bytep)(text + prefix_size), expanded_size);
376 text[prefix_size + expanded_size] = 0; /* just in case */ 383 text[prefix_size + expanded_size] = 0; /* just in case */
377 384
(...skipping 3003 matching lines...) Expand 10 before | Expand all | Expand 10 after
3381 png_debug1(3, "height = %lu,", png_ptr->height); 3388 png_debug1(3, "height = %lu,", png_ptr->height);
3382 png_debug1(3, "iwidth = %lu,", png_ptr->iwidth); 3389 png_debug1(3, "iwidth = %lu,", png_ptr->iwidth);
3383 png_debug1(3, "num_rows = %lu,", png_ptr->num_rows); 3390 png_debug1(3, "num_rows = %lu,", png_ptr->num_rows);
3384 png_debug1(3, "rowbytes = %lu,", png_ptr->rowbytes); 3391 png_debug1(3, "rowbytes = %lu,", png_ptr->rowbytes);
3385 png_debug1(3, "irowbytes = %lu", 3392 png_debug1(3, "irowbytes = %lu",
3386 PNG_ROWBYTES(png_ptr->pixel_depth, png_ptr->iwidth) + 1); 3393 PNG_ROWBYTES(png_ptr->pixel_depth, png_ptr->iwidth) + 1);
3387 3394
3388 png_ptr->flags |= PNG_FLAG_ROW_INIT; 3395 png_ptr->flags |= PNG_FLAG_ROW_INIT;
3389 } 3396 }
3390 #endif /* PNG_READ_SUPPORTED */ 3397 #endif /* PNG_READ_SUPPORTED */
OLDNEW
« no previous file with comments | « third_party/libpng/README.chromium ('k') | no next file » | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1280:2d3e6564b7b6