[libpng16] Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.

3 files changed, 3 insertions, 1 deletions

diff --git a/ANNOUNCE b/ANNOUNCE
index c990951d0..a6045d77d 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -86,6 +86,7 @@ Version 1.6.32beta11 [August 6, 2017]
   Make pngtest --strict, --relax, --xfail options imply -m (multiple).
   Removed unused chunk_name parameter from png_check_chunk_length().
   Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
+  Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/CHANGES b/CHANGES
index 818f00bb5..e15d30b35 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5969,6 +5969,7 @@ Version 1.6.32beta11 [August 6, 2017]
   Make pngtest --strict, --relax, --xfail options imply -m (multiple).
   Removed unused chunk_name parameter from png_check_chunk_length().
   Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak.
+  Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/pngrutil.c b/pngrutil.c
index 81c67ae7d..2cb0d0d7e 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -1434,7 +1434,7 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
 
             if (png_inflate_claim(png_ptr, png_iCCP) == Z_OK)
             {
-               Byte profile_header[132];
+               Byte profile_header[132]={0};
                Byte local_buffer[PNG_INFLATE_BUF_SIZE];
                png_alloc_size_t size = (sizeof profile_header);