Merge branch 'upstream' into tizen

[platform/upstream/libpng.git] / contrib / tools / genpng.c

diff --git a/contrib/tools/genpng.c b/contrib/tools/genpng.c
index ce43260..c43bea9 100644 (file)
--- a/contrib/tools/genpng.c
+++ b/contrib/tools/genpng.c
@@ -1,7 +1,8 @@
-/*- genpng
+/* genpng
  *
  * COPYRIGHT: Written by John Cunningham Bowler, 2015.
- * To the extent possible under law, the author has waived all copyright and
+ * Revised by Glenn Randers-Pehrson, 2017, to add buffer-size check.
+ * To the extent possible under law, the authors have waived all copyright and
  * related or neighboring rights to this work.  This work is published from:
  * United States.
  *
@@ -68,6 +69,7 @@
  * joins are mitres; the outside of the lines are continued to the point of
  * intersection.
  */
+
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
@@ -452,7 +454,7 @@ check_square(const struct arg *arg, double x, double y)
  * { inside_circle_filled, check_circle_filled },
  * { inside_circle, check_circle }
  *
- * The functions here are analoguous to the square ones; however, they check
+ * The functions here are analogous to the square ones; however, they check
  * the corresponding ellipse as opposed to the rectangle.
  */
 static int
@@ -783,6 +785,19 @@ main(int argc, const char **argv)
          return 1;
       }
 
+#if 1
+     /* TO do: determine whether this guard against overflow is necessary.
+      * This comment in png.h indicates that it should be safe: "libpng will
+      * refuse to process an image where such an overflow would occur", but
+      * I don't see where the image gets rejected when the buffer is too
+      * large before the malloc is attempted.
+      */
+      if (image.height > ((size_t)(-1))/(8*image.width)) {
+         fprintf(stderr, "genpng: image buffer would be too big");
+         return 1;
+      }
+#endif
+
       /* Create the buffer: */
       buffer = malloc(PNG_IMAGE_SIZE(image));