summaryrefslogtreecommitdiff
path: root/third_party/libpng16/0004-invalid-icc.patch
diff options
context:
space:
mode:
authorLei Zhang <thestig@chromium.org>2018-09-04 22:42:56 +0000
committerChromium commit bot <commit-bot@chromium.org>2018-09-04 22:42:56 +0000
commit424621e3129f7029283f72e953fe0c69f982d257 (patch)
tree47d64c877a652cffd8d6da60982f2f706a07ee22 /third_party/libpng16/0004-invalid-icc.patch
parentd51c66c57a4fa6033f025d6ddd5d17a7d4e1d001 (diff)
downloadpdfium-chromium/3543.tar.xz
Revert "Update libpng from 1.6.22 -> 1.6.34"chromium/3543
This reverts commit 6b2e2f0ec7c5f629c5270d14c2339197af7392d8. Reason for revert: Broke Chromium integration. Original change's description: > Update libpng from 1.6.22 -> 1.6.34 > > Updates third_party/libpng16 to Chromium's third_party/libpng @ > e87a02987101e2dbe319a4aba6b52470f7624b4a and applies PDFium specific > patches. > > BUG=chromium:880322 > > Change-Id: I6724f55099c70a79da6d6e4863b9c6c9157ec571 > Reviewed-on: https://pdfium-review.googlesource.com/41910 > Reviewed-by: Lei Zhang <thestig@chromium.org> > Commit-Queue: Ryan Harrison <rharrison@chromium.org> TBR=thestig@chromium.org,rharrison@chromium.org Change-Id: I2fd1f78e5d07ca983b2430bf078544185292ee1d No-Presubmit: true No-Tree-Checks: true No-Try: true Bug: chromium:880322 Reviewed-on: https://pdfium-review.googlesource.com/41970 Reviewed-by: Lei Zhang <thestig@chromium.org> Commit-Queue: Lei Zhang <thestig@chromium.org>
Diffstat (limited to 'third_party/libpng16/0004-invalid-icc.patch')
-rw-r--r--third_party/libpng16/0004-invalid-icc.patch81
1 files changed, 81 insertions, 0 deletions
diff --git a/third_party/libpng16/0004-invalid-icc.patch b/third_party/libpng16/0004-invalid-icc.patch
new file mode 100644
index 0000000000..0052c8e0f7
--- /dev/null
+++ b/third_party/libpng16/0004-invalid-icc.patch
@@ -0,0 +1,81 @@
+diff --git a/png.c b/png.c
+index 35e14f63d..01d8d9bae 100644
+--- a/png.c
++++ b/png.c
+@@ -1931,8 +1931,8 @@ png_colorspace_set_sRGB(png_const_structrp png_ptr, png_colorspacerp colorspace,
+ static const png_byte D50_nCIEXYZ[12] =
+ { 0x00, 0x00, 0xf6, 0xd6, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0xd3, 0x2d };
+
+-int /* PRIVATE */
+-png_icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace,
++static int /* bool */
++icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace,
+ png_const_charp name, png_uint_32 profile_length)
+ {
+ if (profile_length < 132)
+@@ -1942,6 +1942,40 @@ png_icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace,
+ return 1;
+ }
+
++#ifdef PNG_READ_iCCP_SUPPORTED
++int /* PRIVATE */
++png_icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace,
++ png_const_charp name, png_uint_32 profile_length)
++{
++ if (!icc_check_length(png_ptr, colorspace, name, profile_length))
++ return 0;
++
++ /* This needs to be here because the 'normal' check is in
++ * png_decompress_chunk, yet this happens after the attempt to
++ * png_malloc_base the required data. We only need this on read; on write
++ * the caller supplies the profile buffer so libpng doesn't allocate it. See
++ * the call to icc_check_length below (the write case).
++ */
++# ifdef PNG_SET_USER_LIMITS_SUPPORTED
++ else if (png_ptr->user_chunk_malloc_max > 0 &&
++ png_ptr->user_chunk_malloc_max < profile_length)
++ return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
++ "exceeds application limits");
++# elif PNG_USER_CHUNK_MALLOC_MAX > 0
++ else if (PNG_USER_CHUNK_MALLOC_MAX < profile_length)
++ return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
++ "exceeds libpng limits");
++# else /* !SET_USER_LIMITS */
++ /* This will get compiled out on all 32-bit and better systems. */
++ else if (PNG_SIZE_MAX < profile_length)
++ return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
++ "exceeds system limits");
++# endif /* !SET_USER_LIMITS */
++
++ return 1;
++}
++#endif /* READ_iCCP */
++
+ int /* PRIVATE */
+ png_icc_check_header(png_const_structrp png_ptr, png_colorspacerp colorspace,
+ png_const_charp name, png_uint_32 profile_length,
+@@ -2379,7 +2413,7 @@ png_colorspace_set_ICC(png_const_structrp png_ptr, png_colorspacerp colorspace,
+ if ((colorspace->flags & PNG_COLORSPACE_INVALID) != 0)
+ return 0;
+
+- if (png_icc_check_length(png_ptr, colorspace, name, profile_length) != 0 &&
++ if (icc_check_length(png_ptr, colorspace, name, profile_length) != 0 &&
+ png_icc_check_header(png_ptr, colorspace, name, profile_length, profile,
+ color_type) != 0 &&
+ png_icc_check_tag_table(png_ptr, colorspace, name, profile_length,
+diff --git a/pngpriv.h b/pngpriv.h
+index 9ea023fea..633671352 100644
+--- a/pngpriv.h
++++ b/pngpriv.h
+@@ -1541,9 +1541,11 @@ PNG_INTERNAL_FUNCTION(int,png_colorspace_set_ICC,(png_const_structrp png_ptr,
+ /* The 'name' is used for information only */
+
+ /* Routines for checking parts of an ICC profile. */
++#ifdef PNG_READ_iCCP_SUPPORTED
+ PNG_INTERNAL_FUNCTION(int,png_icc_check_length,(png_const_structrp png_ptr,
+ png_colorspacerp colorspace, png_const_charp name,
+ png_uint_32 profile_length), PNG_EMPTY);
++#endif /* READ_iCCP */
+ PNG_INTERNAL_FUNCTION(int,png_icc_check_header,(png_const_structrp png_ptr,
+ png_colorspacerp colorspace, png_const_charp name,
+ png_uint_32 profile_length,