Bug 694869: Fix indetermisms with broken PNG files.

This bug shows 2 problems with our data handling. Firstly, if a zip file entry has less data in the stream than it is declared to have, we would leave the end of the data uninitialised. We now put out a warning, and blank it with zeros. Secondly, if the PNG decompression fails to decode enough data, we don't notice. Now we give a warning and blank the remaining pixels.
author: Robin Watts <robin.watts@artifex.com> 2014-01-03 18:17:11 +0000
committer: Robin Watts <robin.watts@artifex.com> 2014-01-06 13:13:42 +0000
commit: 016adfa063293281a0896c62bf22e406b09ddf21 (patch)
tree: e123429880bc07006a853e23783deec080cc2840 /source/fitz/load-png.c
parent: 0bfa2ce884eed8bef83fb23cf2e25dae81a2207e (diff)
download: mupdf-016adfa063293281a0896c62bf22e406b09ddf21.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/source/fitz/load-png.c b/source/fitz/load-png.c
index ad22e128..984dbed2 100644
--- a/source/fitz/load-png.c
+++ b/source/fitz/load-png.c
@@ -452,6 +452,13 @@ png_read_image(fz_context *ctx, struct info *info, unsigned char *p, unsigned in
 			p += size + 12;
 			total -= size + 12;
 		}
+		if (stm.avail_out != 0)
+		{
+			memset(stm.next_out, 0xff, stm.avail_out);
+			fz_warn(ctx, "missing pixel data in png image; possibly truncated");
+		}
+		else if (total <= 8)
+			fz_warn(ctx, "missing IEND chunk in png image; possibly truncated");
 	}
 	fz_catch(ctx)
 	{
author	Robin Watts <robin.watts@artifex.com>	2014-01-03 18:17:11 +0000
committer	Robin Watts <robin.watts@artifex.com>	2014-01-06 13:13:42 +0000
commit	016adfa063293281a0896c62bf22e406b09ddf21 (patch)
tree	e123429880bc07006a853e23783deec080cc2840 /source/fitz/load-png.c
parent	0bfa2ce884eed8bef83fb23cf2e25dae81a2207e (diff)
download	mupdf-016adfa063293281a0896c62bf22e406b09ddf21.tar.xz