Google Git
Sign in
skia / third_party / libpng / 41de766f12f2cf1009656537036585735991eda3
commit41de766f12f2cf1009656537036585735991eda3[log] [tgz]
authorGlenn Randers-Pehrson <glennrp at users.sourceforge.net>Wed Aug 19 12:47:00 2015 -0500
committerGlenn Randers-Pehrson <glennrp at users.sourceforge.net>Wed Aug 19 12:47:00 2015 -0500
treeb6c8927a2a9bedd1c509646576888760ec4ceb50
parent9ef702944712e01aa20019c4d2ba1f03089083c8 [diff]
[libpng14] Fixed the recently reported 1's complement security issue by

replacing the value that is illegal in the PNG spec, in both signed and
unsigned values, with 0. Illegal unsigned values (anything greater than or equal
to  0x80000000) can still pass through, but since these are not illegal
in ANSI-C (unlike 0x80000000 in the signed case) the checking that
occurs later can catch them (John Bowler).

Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
Seacord).
7 files changed
tree: b6c8927a2a9bedd1c509646576888760ec4ceb50
  1. contrib/
  2. projects/
  3. scripts/
  4. aclocal.m4
  5. ANNOUNCE
  6. autogen.sh
  7. CHANGES
  8. CMakeLists.txt
  9. compile
  10. config.guess
  11. config.h.in
  12. config.sub
  13. configure
  14. configure.ac
  15. depcomp
  16. example.c
  17. INSTALL
  18. install-sh
  19. libpng-1.4.17beta01.txt
  20. libpng-config.in
  21. libpng.3
  22. libpng.pc.in
  23. libpngpf.3
  24. LICENSE
  25. ltmain.sh
  26. Makefile.am
  27. Makefile.in
  28. missing
  29. png.5
  30. png.c
  31. png.h
  32. pngbar.jpg
  33. pngbar.png
  34. pngconf.h
  35. pngerror.c
  36. pngget.c
  37. pngmem.c
  38. pngnow.png
  39. pngpread.c
  40. pngpriv.h
  41. pngread.c
  42. pngrio.c
  43. pngrtran.c
  44. pngrutil.c
  45. pngset.c
  46. pngtest.c
  47. pngtest.png
  48. pngtrans.c
  49. pngwio.c
  50. pngwrite.c
  51. pngwtran.c
  52. pngwutil.c
  53. README
  54. sunfix-makefile.patch
  55. sunfix.patch
  56. test-driver
  57. test-pngtest.sh
  58. TODO