Google Git
Sign in
skia / third_party / libpng / c357fb70b5de63862a9737c645a83e2d980c2e75
commitc357fb70b5de63862a9737c645a83e2d980c2e75[log] [tgz]
authorGlenn Randers-Pehrson <glennrp at users.sourceforge.net>Wed Aug 19 12:52:39 2015 -0500
committerGlenn Randers-Pehrson <glennrp at users.sourceforge.net>Wed Aug 19 12:52:39 2015 -0500
tree7b6ab3784232fcea0aa49e7e743bea5c59dc7c77
parenta88dec67f23385c91e94db9fd6422f4993b37847 [diff]
[lbipng15] Fixed the recently reported 1's complement security issue by

  replacing the value that is illegal in the PNG spec, in both signed and
  unsigned values, with 0. Illegal unsigned values (anything greater than or
  equal to  0x80000000) can still pass through, but since these are not illegal
  in ANSI-C (unlike 0x80000000 in the signed case) the checking that
  occurs later can catch them (John Bowler).

Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
  Seacord).
7 files changed
tree: 7b6ab3784232fcea0aa49e7e743bea5c59dc7c77
  1. arm/
  2. contrib/
  3. projects/
  4. scripts/
  5. aclocal.m4
  6. ANNOUNCE
  7. autogen.sh
  8. CHANGES
  9. CMakeLists.txt
  10. compile
  11. config.guess
  12. config.h.in
  13. config.sub
  14. configure
  15. configure.ac
  16. depcomp
  17. example.c
  18. INSTALL
  19. install-sh
  20. libpng-config.in
  21. libpng-manual.txt
  22. libpng.3
  23. libpng.pc.in
  24. libpngpf.3
  25. LICENSE
  26. ltmain.sh
  27. Makefile.am
  28. Makefile.in
  29. missing
  30. png.5
  31. png.c
  32. png.h
  33. pngbar.jpg
  34. pngbar.png
  35. pngconf.h
  36. pngdebug.h
  37. pngerror.c
  38. pngget.c
  39. pnginfo.h
  40. pngmem.c
  41. pngnow.png
  42. pngpread.c
  43. pngpriv.h
  44. pngread.c
  45. pngrio.c
  46. pngrtran.c
  47. pngrutil.c
  48. pngset.c
  49. pngstruct.h
  50. pngtest.c
  51. pngtest.png
  52. pngtrans.c
  53. pngusr.dfa
  54. pngwio.c
  55. pngwrite.c
  56. pngwtran.c
  57. pngwutil.c
  58. README
  59. test-pngtest.sh
  60. test-pngvalid-full.sh
  61. test-pngvalid-simple.sh
  62. TODO