[libpng16] Fixed undefined behavior in png_push_save_buffer(). Do not call

memcpy() with a null source, even if count is zero (Leon Scroggins III).
author: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> 2016-06-03 18:40:42 -0500
committer: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> 2016-06-03 18:40:42 -0500
commit: 89158b9ad12a67e86bcc77119aeead6bc4d04dd6 (patch)
tree: 7c2c1b54417ed3579bce6554e660dbdebfa4a231 /pngpread.c
parent: 1fdac25f66f885bb59766309e2cc6775ae5a1197 (diff)
download: libpng-89158b9ad12a67e86bcc77119aeead6bc4d04dd6.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/pngpread.c b/pngpread.c
index 2e0208813..557153366 100644
--- a/pngpread.c
+++ b/pngpread.c
@@ -501,7 +501,10 @@ png_push_save_buffer(png_structrp png_ptr)
          png_error(png_ptr, "Insufficient memory for save_buffer");
       }
 
-      memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
+      if (old_buffer)
+         memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
+      else if (png_ptr->save_buffer_size)
+         png_error(png_ptr, "save_buffer error");
       png_free(png_ptr, old_buffer);
       png_ptr->save_buffer_max = new_max;
    }
author	Glenn Randers-Pehrson <glennrp at users.sourceforge.net>	2016-06-03 18:40:42 -0500
committer	Glenn Randers-Pehrson <glennrp at users.sourceforge.net>	2016-06-03 18:40:42 -0500
commit	89158b9ad12a67e86bcc77119aeead6bc4d04dd6 (patch)
tree	7c2c1b54417ed3579bce6554e660dbdebfa4a231 /pngpread.c
parent	1fdac25f66f885bb59766309e2cc6775ae5a1197 (diff)
download	libpng-89158b9ad12a67e86bcc77119aeead6bc4d04dd6.tar.gz