diff options
| author | dsinclair <dsinclair@chromium.org> | 2016-09-06 08:56:46 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-09-06 08:56:46 -0700 |
| commit | 8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8 (patch) | |
| tree | c074706de18d6edeb1d5937614172ea826d2e05f /third_party/libpng16/0003-check-errors-in-set-pcal.patch | |
| parent | 155c88006a4367bb09631c3ca4983ef48e06bc62 (diff) | |
| download | pdfium-8e783a6b2c165b5d3dcdf9e4d4c2526ac18c77c8.tar.xz | |
Avoid leaking params if any entry bad.
The call to png_set_pCAL can call into png_error for several reasons. This CL
verifies that the params are valid before calling into png_set_pCAL.
BUG=chromium:636214
Review-Url: https://codereview.chromium.org/2292313003
Diffstat (limited to 'third_party/libpng16/0003-check-errors-in-set-pcal.patch')
| -rw-r--r-- | third_party/libpng16/0003-check-errors-in-set-pcal.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/third_party/libpng16/0003-check-errors-in-set-pcal.patch b/third_party/libpng16/0003-check-errors-in-set-pcal.patch new file mode 100644 index 0000000000..58e27ba623 --- /dev/null +++ b/third_party/libpng16/0003-check-errors-in-set-pcal.patch @@ -0,0 +1,47 @@ +diff --git a/pngset.c b/pngset.c +index cccd9cd..83d6ce2 100644 +--- a/pngset.c ++++ b/pngset.c +@@ -283,17 +283,29 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforpinfo_ptr, + + /* Check that the type matches the specification. */ + if (type < 0 || type > 3) +- png_error(png_ptr, "Invalid pCAL equation type"); ++ { ++ png_chunk_report(png_ptr, "Invalid pCAL equation type", ++ PNG_CHUNK_WRITE_ERROR); ++ return; ++ } + + if (nparams < 0 || nparams > 255) +- png_error(png_ptr, "Invalid pCAL parameter count"); ++ { ++ png_chunk_report(png_ptr, "Invalid pCAL parameter count", ++ PNG_CHUNK_WRITE_ERROR); ++ return; ++ } + + /* Validate params[nparams] */ + for (i=0; i<nparams; ++i) + { + if (params[i] == NULL || + !png_check_fp_string(params[i], strlen(params[i]))) +- png_error(png_ptr, "Invalid format for pCAL parameter"); ++ { ++ png_chunk_report(png_ptr, "Invalid format for pCAL parameter", ++ PNG_CHUNK_WRITE_ERROR); ++ return; ++ } + } + + info_ptr->pcal_purpose = png_voidcast(png_charp, +@@ -301,8 +313,8 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforpinfo_ptr, + + if (info_ptr->pcal_purpose == NULL) + { +- png_warning(png_ptr, "Insufficient memory for pCAL purpose"); +- ++ png_chunk_report(png_ptr, "Insufficient memory for pCAL purpose", ++ PNG_CHUNK_WRITE_ERROR); + return; + } |