diff options
author | Cosmin Truta <ctruta@gmail.com> | 2022-11-20 00:56:35 +0200 |
---|---|---|
committer | Cosmin Truta <ctruta@gmail.com> | 2022-11-20 00:56:35 +0200 |
commit | 33de006e127ffc330f12396bf6732682f804d115 (patch) | |
tree | 8aab0e0c6ec2f393c7316476c40920c4006eebe1 | |
parent | 9b5488054bc9fc750178e9b90ffea25e71d3348b (diff) | |
download | libpng-33de006e127ffc330f12396bf6732682f804d115.tar.gz |
Turn large PNG chunks into benign errors
Import Chromium commit
https://chromium.googlesource.com/chromium/src/+/e87a02987101e2dbe319a4aba6b52470f7624b4a
Add the author to the list of libpng contributing authors.
Portions from the original commit message follow:
***
A recent change to libpng [1] (included in Chromium with the recent
libpng update [2]) turns chunks that are bigger than
PNG_USER_CHUNK_MALLOC_MAX into failures. Although this matches the
intent of PNG_USER_CHUNK_MALLOC_MAX, it also causes images which used to
be viewable in Chromium to fail. Changing to a benign error allows us to
display these images once again. Though it means we do allow libpng to
allocate more than PNG_USER_CHUNK_MALLOC_MAX, it matches the behavior
prior to [2] (when we were using 1.6.22), and it does not regress
crbug.com/117369
[1] https://github.com/glennrp/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55
[2] https://chromium.googlesource.com/chromium/src/+/f82653a473f8de5fc86d0f2ecc75f6237e61946b
***
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=827754
Co-authored-by: Leon Scroggins III <scroggo@google.com>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
-rw-r--r-- | AUTHORS | 3 | ||||
-rw-r--r-- | pngrutil.c | 2 |
2 files changed, 3 insertions, 2 deletions
@@ -35,9 +35,10 @@ Authors, for copyright and licensing purposes. * Arm Holdings - Richard Townsend * Google Inc. + - Dan Field + - Leon Scroggins III - Matt Sarett - Mike Klein - - Dan Field - Sami Boukortt The build projects, the build scripts, the test scripts, and other diff --git a/pngrutil.c b/pngrutil.c index ca060dd15..068ab193a 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -3186,7 +3186,7 @@ png_check_chunk_length(png_const_structrp png_ptr, png_uint_32 length) { png_debug2(0," length = %lu, limit = %lu", (unsigned long)length,(unsigned long)limit); - png_chunk_error(png_ptr, "chunk data is too large"); + png_benign_error(png_ptr, "chunk data is too large"); } } |