diff options
author | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2017-08-05 20:15:52 -0500 |
---|---|---|
committer | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2017-08-05 20:15:52 -0500 |
commit | c5c778bcfc21182cf3896dcfa044e494d4f9b96c (patch) | |
tree | 7e44988820d22d27d026d48aada24718e38b9977 | |
parent | 1ebe4f75cc71de97bd97b8bd7347224e004fb2fe (diff) | |
download | libpng-c5c778bcfc21182cf3896dcfa044e494d4f9b96c.tar.gz |
[libpng16] Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue.
-rw-r--r-- | ANNOUNCE | 1 | ||||
-rw-r--r-- | CHANGES | 1 | ||||
-rw-r--r-- | pngrutil.c | 2 |
3 files changed, 3 insertions, 1 deletions
@@ -86,6 +86,7 @@ Version 1.6.32beta11 [August 6, 2017] Make pngtest --strict, --relax, --xfail options imply -m (multiple). Removed unused chunk_name parameter from png_check_chunk_length(). Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. + Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit @@ -5969,6 +5969,7 @@ Version 1.6.32beta11 [August 6, 2017] Make pngtest --strict, --relax, --xfail options imply -m (multiple). Removed unused chunk_name parameter from png_check_chunk_length(). Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. + Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngrutil.c b/pngrutil.c index 81c67ae7d..2cb0d0d7e 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -1434,7 +1434,7 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) if (png_inflate_claim(png_ptr, png_iCCP) == Z_OK) { - Byte profile_header[132]; + Byte profile_header[132]={0}; Byte local_buffer[PNG_INFLATE_BUF_SIZE]; png_alloc_size_t size = (sizeof profile_header); |