[libpng16] Fix bug in pngerror.c: some long warnings were being improperly
truncated (bug introduced in libpng-1.5.3beta05).
diff --git a/ANNOUNCE b/ANNOUNCE
index 284970e..1057fee 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -1,5 +1,5 @@
-Libpng 1.6.0beta05 - January 11, 2012
+Libpng 1.6.0beta05 - January 15, 2012
This is not intended to be a public release. It will be replaced
within a few weeks by a public version or by another test version.
@@ -104,8 +104,10 @@
Revised contrib/pngminus/pnm2png.c to avoid warnings when png_uint_32
and unsigned long are of different sizes.
-Version 1.6.0beta05 [January 11, 2012]
+Version 1.6.0beta05 [January 15, 2012]
Updated manual with description of the simplified API (copied from png.h)
+ Fix bug in pngerror.c: some long warnings were being improperly truncated
+ (bug introduced in libpng-1.5.3beta05).
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
diff --git a/CHANGES b/CHANGES
index d278488..b83ff8c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3855,8 +3855,10 @@
Revised contrib/pngminus/pnm2png.c to avoid warnings when png_uint_32
and unsigned long are of different sizes.
-Version 1.6.0beta05 [January 11, 2012]
+Version 1.6.0beta05 [January 15, 2012]
Updated manual with description of the simplified API (copied from png.h)
+ Fix bug in pngerror.c: some long warnings were being improperly truncated
+ (bug introduced in libpng-1.5.3beta05).
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
diff --git a/pngerror.c b/pngerror.c
index 4344953..622b413 100644
--- a/pngerror.c
+++ b/pngerror.c
@@ -286,32 +286,35 @@
/* The internal buffer is just 128 bytes - enough for all our messages,
* overflow doesn't happen because this code checks!
*/
- size_t i;
+ size_t i = 0; /* Index in the msg[] buffer: */
char msg[128];
- for (i=0; i<(sizeof msg)-1 && *message != '\0'; ++i)
+ /* Each iteration through the following loop writes at most one character
+ * to msg[i++] then returns here to validate that there is still space for
+ * the trailing '\0'. It may (in the case of a parameter) read more than
+ * one character from message[]; it must check for '\0' and continue to the
+ * test if it finds the end of string.
+ */
+ while (i<(sizeof msg)-1 && *message != '\0')
{
- if (*message == '@')
+ /* '@' at end of string is now just printed (previously it was skipped);
+ * it is an error in the calling code to terminate the string with @.
+ */
+ if (p != NULL && *message == '@' && message[1] != '\0')
{
- int parameter = -1;
- switch (*++message)
- {
- case '1':
- parameter = 0;
- break;
+ int parameter_char = *++message; /* Consume the '@' */
+ static const char valid_parameters[] = "123456789";
+ int parameter = 0;
- case '2':
- parameter = 1;
- break;
+ /* Search for the parameter digit, the index in the string is the
+ * parameter to use.
+ */
+ while (valid_parameters[parameter] != parameter_char &&
+ valid_parameters[parameter] != '\0')
+ ++parameter;
- case '\0':
- continue; /* To break out of the for loop above. */
-
- default:
- break;
- }
-
- if (parameter >= 0 && parameter < PNG_WARNING_PARAMETER_COUNT)
+ /* If the parameter digit is out of range it will just get printed. */
+ if (parameter < PNG_WARNING_PARAMETER_COUNT)
{
/* Append this parameter */
png_const_charp parm = p[parameter];
@@ -321,28 +324,32 @@
* that parm[] has been initialized, so there is no guarantee of a
* trailing '\0':
*/
- for (; i<(sizeof msg)-1 && parm != '\0' && parm < pend; ++i)
- msg[i] = *parm++;
+ while (i<(sizeof msg)-1 && *parm != '\0' && parm < pend)
+ msg[i++] = *parm++;
+ /* Consume the parameter digit too: */
++message;
continue;
}
/* else not a parameter and there is a character after the @ sign; just
- * copy that.
+ * copy that. This is known not to be '\0' because of the test above.
*/
}
/* At this point *message can't be '\0', even in the bad parameter case
* above where there is a lone '@' at the end of the message string.
*/
- msg[i] = *message++;
+ msg[i++] = *message++;
}
/* i is always less than (sizeof msg), so: */
msg[i] = '\0';
- /* And this is the formatted message: */
+ /* And this is the formatted message, it may be larger than
+ * PNG_MAX_ERROR_TEXT, but that is only used for 'chunk' errors and these are
+ * not (currently) formatted.
+ */
png_warning(png_ptr, msg);
}
#endif /* PNG_WARNINGS_SUPPORTED */
diff --git a/pngpriv.h b/pngpriv.h
index bea62c9..b5e44ae 100644
--- a/pngpriv.h
+++ b/pngpriv.h
@@ -1411,7 +1411,7 @@
#ifdef PNG_WARNINGS_SUPPORTED
/* New defines and members adding in libpng-1.5.4 */
# define PNG_WARNING_PARAMETER_SIZE 32
-# define PNG_WARNING_PARAMETER_COUNT 8
+# define PNG_WARNING_PARAMETER_COUNT 8 /* Maximum 9; see pngerror.c */
/* An l-value of this type has to be passed to the APIs below to cache the
* values of the parameters to a formatted warning message.
