Imported Upstream version 1.6.36

[platform/upstream/libpng.git] / contrib / visupng / PngFile.c

diff --git a/contrib/visupng/PngFile.c b/contrib/visupng/PngFile.c
index dcde18a..cf943f3 100644 (file)
--- a/contrib/visupng/PngFile.c
+++ b/contrib/visupng/PngFile.c
@@ -2,7 +2,7 @@
  *  PNGFILE.C -- Image File Functions
  *-------------------------------------
  *
- * Copyright 2000, Willem van Schaik.
+ * Copyright 2000,2017 Willem van Schaik.
  *
  * This code is released under the libpng license.
  * For conditions of distribution and use, see the disclaimer
@@ -236,6 +236,10 @@ BOOL PngLoadImage (PTSTR pstrFileName, png_byte **ppbImageData,
             free (pbImageData);
             pbImageData = NULL;
         }
+        if ((*piHeight) > ((size_t)(-1))/ulRowBytes) {
+        {
+            png_error(png_ptr, "Visual PNG: image is too big");
+        }
         if ((pbImageData = (png_byte *) malloc(ulRowBytes * (*piHeight)
                             * sizeof(png_byte))) == NULL)
         {
@@ -406,15 +410,14 @@ BOOL PngSaveImage (PTSTR pstrFileName, png_byte *pDiData,
 #ifndef PNG_STDIO_SUPPORTED
 
 static void
-png_read_data(png_structp png_ptr, png_bytep data, png_size_t length)
+png_read_data(png_structp png_ptr, png_bytep data, size_t length)
 {
-   png_size_t check;
+   size_t check;
 
-   /* fread() returns 0 on error, so it is OK to store this in a png_size_t
+   /* fread() returns 0 on error, so it is OK to store this in a size_t
     * instead of an int, which is what fread() actually returns.
     */
-   check = (png_size_t)fread(data, (png_size_t)1, length,
-      (FILE *)png_ptr->io_ptr);
+   check = fread(data, 1, length, (FILE *)png_ptr->io_ptr);
 
    if (check != length)
    {
@@ -423,7 +426,7 @@ png_read_data(png_structp png_ptr, png_bytep data, png_size_t length)
 }
 
 static void
-png_write_data(png_structp png_ptr, png_bytep data, png_size_t length)
+png_write_data(png_structp png_ptr, png_bytep data, size_t length)
 {
    png_uint_32 check;