Avoid leaking params if any entry bad.

The call to png_set_pCAL can call into png_error for several reasons. This CL verifies that the params are valid before calling into png_set_pCAL. BUG=chromium:636214 Review-Url: https://codereview.chromium.org/2292313003
author: dsinclair <dsinclair@chromium.org> 2016-09-06 08:56:46 -0700
committer: Commit bot <commit-bot@chromium.org> 2016-09-06 08:56:46 -0700
commit: 8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8 (patch)
tree: c074706de18d6edeb1d5937614172ea826d2e05f
parent: 155c88006a4367bb09631c3ca4983ef48e06bc62 (diff)
download: pdfium-8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8.tar.xz
3 files changed, 65 insertions, 5 deletions
diff --git a/third_party/libpng16/0003-check-errors-in-set-pcal.patch b/third_party/libpng16/0003-check-errors-in-set-pcal.patch
new file mode 100644
index 0000000000..58e27ba623
--- /dev/null
+++ b/third_party/libpng16/0003-check-errors-in-set-pcal.patch
@@ -0,0 +1,47 @@
+diff --git a/pngset.c b/pngset.c
+index cccd9cd..83d6ce2 100644
+--- a/pngset.c
++++ b/pngset.c
+@@ -283,17 +283,29 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforpinfo_ptr,
+ 
+    /* Check that the type matches the specification. */
+    if (type < 0 || type > 3)
+-      png_error(png_ptr, "Invalid pCAL equation type");
++   {
++      png_chunk_report(png_ptr, "Invalid pCAL equation type",
++            PNG_CHUNK_WRITE_ERROR);
++      return;
++   }
+ 
+    if (nparams < 0 || nparams > 255)
+-      png_error(png_ptr, "Invalid pCAL parameter count");
++   {
++      png_chunk_report(png_ptr, "Invalid pCAL parameter count",
++            PNG_CHUNK_WRITE_ERROR);
++      return;
++   }
+ 
+    /* Validate params[nparams] */
+    for (i=0; i<nparams; ++i)
+    {
+       if (params[i] == NULL ||
+           !png_check_fp_string(params[i], strlen(params[i])))
+-         png_error(png_ptr, "Invalid format for pCAL parameter");
++      {
++         png_chunk_report(png_ptr, "Invalid format for pCAL parameter",
++               PNG_CHUNK_WRITE_ERROR);
++         return;
++      }
+    }
+ 
+    info_ptr->pcal_purpose = png_voidcast(png_charp,
+@@ -301,8 +313,8 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforpinfo_ptr,
+ 
+    if (info_ptr->pcal_purpose == NULL)
+    {
+-      png_warning(png_ptr, "Insufficient memory for pCAL purpose");
+-
++      png_chunk_report(png_ptr, "Insufficient memory for pCAL purpose",
++            PNG_CHUNK_WRITE_ERROR);
+       return;
+    }
diff --git a/third_party/libpng16/README.pdfium b/third_party/libpng16/README.pdfium
index 733867b782..47af52f8b6 100644
--- a/third_party/libpng16/README.pdfium
+++ b/third_party/libpng16/README.pdfium
@@ -17,3 +17,4 @@ pnglibconf.h: a copy of libpng's scripts/pnglibconf.h.prebuilt.
 pngprefix.h: manually-created redefinitions to avoid conflicts with Chromium.
 0000-build-config.patch: Local build configuration changes.
 0002-static-png-gt.patch: Unconditionally use static png_gt() in png.c to avoid compilation warning.
+0003-check-errors-in-set-pcal.patch: Backported github.com/glennrp/libpng/pull/135
diff --git a/third_party/libpng16/pngset.c b/third_party/libpng16/pngset.c
index 303328f87e..1c51270cc5 100644
--- a/third_party/libpng16/pngset.c
+++ b/third_party/libpng16/pngset.c
@@ -283,17 +283,29 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforp info_ptr,
 
    /* Check that the type matches the specification. */
    if (type < 0 || type > 3)
-      png_error(png_ptr, "Invalid pCAL equation type");
+   {
+      png_chunk_report(png_ptr, "Invalid pCAL equation type",
+            PNG_CHUNK_WRITE_ERROR);
+      return;
+   }
 
    if (nparams < 0 || nparams > 255)
-      png_error(png_ptr, "Invalid pCAL parameter count");
+   {
+      png_chunk_report(png_ptr, "Invalid pCAL parameter count",
+            PNG_CHUNK_WRITE_ERROR);
+      return;
+   }
 
    /* Validate params[nparams] */
    for (i=0; i<nparams; ++i)
    {
       if (params[i] == NULL ||
           !png_check_fp_string(params[i], strlen(params[i])))
-         png_error(png_ptr, "Invalid format for pCAL parameter");
+      {
+         png_chunk_report(png_ptr, "Invalid format for pCAL parameter",
+               PNG_CHUNK_WRITE_ERROR);
+         return;
+      }
    }
 
    info_ptr->pcal_purpose = png_voidcast(png_charp,
@@ -301,8 +313,8 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforp info_ptr,
 
    if (info_ptr->pcal_purpose == NULL)
    {
-      png_warning(png_ptr, "Insufficient memory for pCAL purpose");
-
+      png_chunk_report(png_ptr, "Insufficient memory for pCAL purpose",
+            PNG_CHUNK_WRITE_ERROR);
       return;
    }
author	dsinclair <dsinclair@chromium.org>	2016-09-06 08:56:46 -0700
committer	Commit bot <commit-bot@chromium.org>	2016-09-06 08:56:46 -0700
commit	8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8 (patch)
tree	c074706de18d6edeb1d5937614172ea826d2e05f
parent	155c88006a4367bb09631c3ca4983ef48e06bc62 (diff)
download	pdfium-8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8.tar.xz