diff options
| author | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2017-09-19 18:52:21 -0500 |
|---|---|---|
| committer | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2017-09-19 18:52:21 -0500 |
| commit | 397c7eea385c22b6033e0310badfadbd9f578422 (patch) | |
| tree | b51d163cff745f87bd0f22048af6df3a6ff12138 /pngrutil.c | |
| parent | 066cb342681eff0a9330254d25a84aa4aa76b11c (diff) | |
| download | libpng-397c7eea385c22b6033e0310badfadbd9f578422.tar.gz | |
[libpng16] Add a memset() in png_read_buffer()
Diffstat (limited to 'pngrutil.c')
| -rw-r--r-- | pngrutil.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/pngrutil.c b/pngrutil.c index 098b4e26d..03b711599 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -314,6 +314,7 @@ png_read_buffer(png_structrp png_ptr, png_alloc_size_t new_size, int warn) if (buffer != NULL) { + memset(buffer, 0, new_size); /* just in case */ png_ptr->read_buffer = buffer; png_ptr->read_buffer_size = new_size; } @@ -670,8 +671,8 @@ png_decompress_chunk(png_structrp png_ptr, (terminate != 0); png_bytep text = png_voidcast(png_bytep, png_malloc_base(png_ptr, buffer_size)); - /* attempt to stop an oss-fuzz "use of uninitialized value" - * in png_set_text_2() and png_icc_check_tag_table() + /* Stop an oss-fuzz "use of uninitialized value" detection + * in png_set_text_2() */ memset(text, 0, buffer_size); @@ -1480,7 +1481,7 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) /* Now read the tag table; a variable size buffer is * needed at this point, allocate one for the whole * profile. The header check has already validated - * that none of these stuff will overflow. + * that none of this stuff will overflow. */ const png_uint_32 tag_count = png_get_uint_32( profile_header+128); |