diff options
Diffstat (limited to 'pngrutil.c')
| -rw-r--r-- | pngrutil.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/pngrutil.c b/pngrutil.c index 113589c69..ac3101bfb 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -1,7 +1,7 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.4.6 [March 8, 2011] + * Last changed in libpng 1.4.8 [July 7, 2011] * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -1861,6 +1861,14 @@ png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } + /* Need unit type, width, \0, height: minimum 4 bytes */ + else if (length < 4) + { + png_warning(png_ptr, "sCAL chunk too short"); + png_crc_finish(png_ptr, length); + return; + } + png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)", (unsigned long)(length + 1)); png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1); |