diff options
author | Rémi Verschelde <rverschelde@gmail.com> | 2017-01-05 22:27:46 +0100 |
---|---|---|
committer | Rémi Verschelde <rverschelde@gmail.com> | 2017-01-05 22:27:53 +0100 |
commit | a0141fa823aeaba0a99ac2e004496b081204313b (patch) | |
tree | bc1c4aa88d2ea0894745d686c92680bb78bb7765 /thirdparty/libpng | |
parent | 495d059a744b268b0355d0cbfbb9ef30fec865e2 (diff) |
libpng: Update to upstream 1.6.28
Fixes a NULL pointer dereference bug (CVE-2016-10087).
Diffstat (limited to 'thirdparty/libpng')
-rw-r--r-- | thirdparty/libpng/png.c | 23 | ||||
-rw-r--r-- | thirdparty/libpng/png.h | 44 | ||||
-rw-r--r-- | thirdparty/libpng/pngconf.h | 2 | ||||
-rw-r--r-- | thirdparty/libpng/pnglibconf.h | 4 | ||||
-rw-r--r-- | thirdparty/libpng/pngrutil.c | 23 | ||||
-rw-r--r-- | thirdparty/libpng/pngstruct.h | 6 |
6 files changed, 45 insertions, 57 deletions
diff --git a/thirdparty/libpng/png.c b/thirdparty/libpng/png.c index 6d5633cc09..78ce39f46d 100644 --- a/thirdparty/libpng/png.c +++ b/thirdparty/libpng/png.c @@ -1,8 +1,8 @@ /* png.c - location for general purpose libpng functions * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.28 [January 5, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -14,7 +14,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_26 Your_png_h_is_not_version_1_6_26; +typedef png_libpng_version_1_6_28 Your_png_h_is_not_version_1_6_28; /* Tells libpng that we have already handled the first "num_bytes" bytes * of the PNG file signature. If the PNG data is embedded into another @@ -477,6 +477,7 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, png_free(png_ptr, info_ptr->text); info_ptr->text = NULL; info_ptr->num_text = 0; + info_ptr->max_text = 0; } } #endif @@ -775,15 +776,15 @@ png_get_copyright(png_const_structrp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.26 - October 20, 2016" PNG_STRING_NEWLINE \ - "Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson" \ + "libpng version 1.6.28 - January 5, 2017" PNG_STRING_NEWLINE \ + "Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.6.26 - October 20, 2016\ - Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson\ + return "libpng version 1.6.28 - January 5, 2017\ + Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; # endif @@ -4259,11 +4260,11 @@ png_set_option(png_structrp png_ptr, int option, int onoff) if (png_ptr != NULL && option >= 0 && option < PNG_OPTION_NEXT && (option & 1) == 0) { - int mask = 3 << option; - int setting = (2 + (onoff != 0)) << option; - int current = png_ptr->options; + png_uint_32 mask = 3 << option; + png_uint_32 setting = (2 + (onoff != 0)) << option; + png_uint_32 current = png_ptr->options; - png_ptr->options = (png_byte)(((current & ~mask) | setting) & 0xff); + png_ptr->options = (png_uint_32)(((current & ~mask) | setting) & 0xff); return (current & mask) >> option; } diff --git a/thirdparty/libpng/png.h b/thirdparty/libpng/png.h index f0944631e0..e4cf032816 100644 --- a/thirdparty/libpng/png.h +++ b/thirdparty/libpng/png.h @@ -1,9 +1,9 @@ /* png.h - header file for PNG reference library * - * libpng version 1.6.26, October 20, 2016 + * libpng version 1.6.28, January 5, 2017 * - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -12,7 +12,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.6.26, October 20, 2016: + * libpng versions 0.97, January 1998, through 1.6.28, January 5, 2017: * Glenn Randers-Pehrson. * See also "Contributing Authors", below. */ @@ -25,12 +25,8 @@ * * This code is released under the libpng license. * - * Some files in the "contrib" directory and some configure-generated - * files that are distributed with libpng have other copyright owners and - * are released under other open source licenses. - * - * libpng versions 1.0.7, July 1, 2000 through 1.6.26, October 20, 2016 are - * Copyright (c) 2000-2002, 2004, 2006-2016 Glenn Randers-Pehrson, are + * libpng versions 1.0.7, July 1, 2000 through 1.6.28, January 5, 2017 are + * Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are * derived from libpng-1.0.6, and are distributed according to the same * disclaimer and license as libpng-1.0.6 with the following individuals * added to the list of Contributing Authors: @@ -52,10 +48,10 @@ * risk of satisfactory quality, performance, accuracy, and effort is with * the user. * - * Some files in the "contrib" directory have other copyright owners and + * Some files in the "contrib" directory and some configure-generated + * files that are distributed with libpng have other copyright owners and * are released under other open source licenses. * - * * libpng versions 0.97, January 1998, through 1.0.6, March 20, 2000, are * Copyright (c) 1998-2000 Glenn Randers-Pehrson, are derived from * libpng-0.96, and are distributed according to the same disclaimer and @@ -66,9 +62,6 @@ * Glenn Randers-Pehrson * Willem van Schaik * - * Some files in the "scripts" directory have different copyright owners - * but are also released under this license. - * * libpng versions 0.89, June 1996, through 0.96, May 1997, are * Copyright (c) 1996-1997 Andreas Dilger, are derived from libpng-0.88, * and are distributed according to the same disclaimer and license as @@ -214,11 +207,11 @@ * ... * 1.0.19 10 10019 10.so.0.19[.0] * ... - * 1.2.56 13 10256 12.so.0.56[.0] + * 1.2.57 13 10257 12.so.0.57[.0] * ... - * 1.5.27 15 10527 15.so.15.27[.0] + * 1.5.28 15 10527 15.so.15.28[.0] * ... - * 1.6.26 16 10626 16.so.16.26[.0] + * 1.6.28 16 10628 16.so.16.28[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be @@ -246,13 +239,13 @@ * Y2K compliance in libpng: * ========================= * - * October 20, 2016 + * January 5, 2017 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.6.26 are Y2K compliant. It is my belief that + * upward through 1.6.28 are Y2K compliant. It is my belief that * earlier versions were also Y2K compliant. * * Libpng only has two year fields. One is a 2-byte unsigned integer @@ -314,8 +307,8 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.26" -#define PNG_HEADER_VERSION_STRING " libpng version 1.6.26 - October 20, 2016\n" +#define PNG_LIBPNG_VER_STRING "1.6.28" +#define PNG_HEADER_VERSION_STRING " libpng version 1.6.28 - January 5, 2017\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -323,7 +316,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 6 -#define PNG_LIBPNG_VER_RELEASE 26 +#define PNG_LIBPNG_VER_RELEASE 28 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: @@ -354,7 +347,7 @@ * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10626 /* 1.6.26 */ +#define PNG_LIBPNG_VER 10628 /* 1.6.28 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -464,7 +457,7 @@ extern "C" { /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_6_26; +typedef char* png_libpng_version_1_6_28; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. * @@ -3230,7 +3223,8 @@ PNG_EXPORT(245, int, png_image_write_to_memory, (png_imagep image, void *memory, #ifdef PNG_MIPS_MSA_API_SUPPORTED # define PNG_MIPS_MSA 6 /* HARDWARE: MIPS Msa SIMD instructions supported */ #endif -#define PNG_OPTION_NEXT 8 /* Next option - numbers must be even */ +#define PNG_IGNORE_ADLER32 8 +#define PNG_OPTION_NEXT 10 /* Next option - numbers must be even */ /* Return values: NOTE: there are four values and 'off' is *not* zero */ #define PNG_OPTION_UNSET 0 /* Unset - defaults to off */ diff --git a/thirdparty/libpng/pngconf.h b/thirdparty/libpng/pngconf.h index 5c891eb8b8..5e8b40bcfb 100644 --- a/thirdparty/libpng/pngconf.h +++ b/thirdparty/libpng/pngconf.h @@ -1,7 +1,7 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.6.26, October 20, 2016 + * libpng version 1.6.28, January 5, 2017 * * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) diff --git a/thirdparty/libpng/pnglibconf.h b/thirdparty/libpng/pnglibconf.h index ba7805ff59..ee70573605 100644 --- a/thirdparty/libpng/pnglibconf.h +++ b/thirdparty/libpng/pnglibconf.h @@ -1,8 +1,8 @@ -/* libpng 1.6.26 STANDARD API DEFINITION */ +/* libpng 1.6.28 STANDARD API DEFINITION */ /* pnglibconf.h - library build configuration */ -/* Libpng version 1.6.26 - October 20, 2016 */ +/* Libpng version 1.6.28 - January 5, 2017 */ /* Copyright (c) 1998-2015 Glenn Randers-Pehrson */ diff --git a/thirdparty/libpng/pngrutil.c b/thirdparty/libpng/pngrutil.c index fb5f5f083d..bee0ea1158 100644 --- a/thirdparty/libpng/pngrutil.c +++ b/thirdparty/libpng/pngrutil.c @@ -1,7 +1,7 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.6.26 [October 20, 2016] + * Last changed in libpng 1.6.27 [January 5, 2017] * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -418,9 +418,10 @@ png_inflate_claim(png_structrp png_ptr, png_uint_32 owner) png_ptr->flags |= PNG_FLAG_ZSTREAM_INITIALIZED; } -#if ZLIB_VERNUM >= 0x1281 - /* Turn off validation of the ADLER32 checksum */ - if ((png_ptr->flags & PNG_FLAG_CRC_CRITICAL_IGNORE) != 0) +#if ZLIB_VERNUM >= 0x1281 && \ + defined(PNG_SET_OPTION_SUPPORTED) && defined(PNG_IGNORE_ADLER32) + if (((png_ptr->options >> PNG_IGNORE_ADLER32) & 3) == PNG_OPTION_ON) + /* Turn off validation of the ADLER32 checksum in IDAT chunks */ ret = inflateValidate(&png_ptr->zstream, 0); #endif @@ -716,7 +717,7 @@ png_decompress_chunk(png_structrp png_ptr, * the extra space may otherwise be used as a Trojan Horse. */ if (ret == Z_STREAM_END && - chunklength - prefix_size != lzsize) + chunklength - prefix_size != lzsize) png_chunk_benign_error(png_ptr, "extra compressed data"); } @@ -826,7 +827,7 @@ png_inflate_read(png_structrp png_ptr, png_bytep read_buffer, uInt read_size, return Z_STREAM_ERROR; } } -#endif +#endif /* READ_iCCP */ /* Read and check the IDHR chunk */ @@ -4107,15 +4108,7 @@ png_read_IDAT_data(png_structrp png_ptr, png_bytep output, png_zstream_error(png_ptr, ret); if (output != NULL) - { - if(!strncmp(png_ptr->zstream.msg,"incorrect data check",20)) - { - png_chunk_benign_error(png_ptr, "ADLER32 checksum mismatch"); - continue; - } - else - png_chunk_error(png_ptr, png_ptr->zstream.msg); - } + png_chunk_error(png_ptr, png_ptr->zstream.msg); else /* checking */ { diff --git a/thirdparty/libpng/pngstruct.h b/thirdparty/libpng/pngstruct.h index 55516eaaa1..749d7e35b1 100644 --- a/thirdparty/libpng/pngstruct.h +++ b/thirdparty/libpng/pngstruct.h @@ -1,8 +1,8 @@ /* pngstruct.h - header file for PNG reference library * - * Last changed in libpng 1.6.24 [August 4, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.28 [January 5, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -353,7 +353,7 @@ struct png_struct_def /* Options */ #ifdef PNG_SET_OPTION_SUPPORTED - png_byte options; /* On/off state (up to 4 options) */ + png_uint_32 options; /* On/off state (up to 16 options) */ #endif #if PNG_LIBPNG_VER < 10700 |