From 200dedbe5840fa9fb7e7f24c96d12458f296dc0d Mon Sep 17 00:00:00 2001 From: George Hazan Date: Fri, 4 Aug 2017 13:13:55 +0300 Subject: update to libpng 1.6.31 --- plugins/AdvaImg/src/LibPNG/example.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'plugins/AdvaImg/src/LibPNG/example.c') diff --git a/plugins/AdvaImg/src/LibPNG/example.c b/plugins/AdvaImg/src/LibPNG/example.c index 13bb8eb1d3..d0afe51c81 100644 --- a/plugins/AdvaImg/src/LibPNG/example.c +++ b/plugins/AdvaImg/src/LibPNG/example.c @@ -114,13 +114,13 @@ int main(int argc, const char **argv) else { - /* Calling png_free_image is optional unless the simplified API was + /* Calling png_image_free is optional unless the simplified API was * not run to completion. In this case if there wasn't enough * memory for 'buffer' we didn't complete the read, so we must free * the image: */ if (buffer == NULL) - png_free_image(&image); + png_image_free(&image); else free(buffer); @@ -983,6 +983,11 @@ void write_png(char *file_name /* , ... other image information ... */) png_uint_32 k, height, width; /* In this example, "image" is a one-dimensional array of bytes */ + + /* Guard against integer overflow */ + if (height > PNG_SIZE_MAX/(width*bytes_per_pixel)) { + png_error(png_ptr, "Image_data buffer would be too large"); + } png_byte image[height*width*bytes_per_pixel]; png_bytep row_pointers[height]; -- cgit v1.2.3