summaryrefslogtreecommitdiffstats
path: root/third_party/libpng/pngrutil.c
diff options
context:
space:
mode:
authormhm@chromium.org <mhm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-06-01 22:41:42 +0000
committermhm@chromium.org <mhm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-06-01 22:41:42 +0000
commit07aa910d904da92ba9d461d4f867b9438ace6ce0 (patch)
tree4c4efa14aa4a652b9a27724f1d79f4a73d3ba77e /third_party/libpng/pngrutil.c
parentf4145d43019e7ba00c539e54ac7fb57944f17915 (diff)
downloadchromium_src-07aa910d904da92ba9d461d4f867b9438ace6ce0.zip
chromium_src-07aa910d904da92ba9d461d4f867b9438ace6ce0.tar.gz
chromium_src-07aa910d904da92ba9d461d4f867b9438ace6ce0.tar.bz2
Security bug for libpng, update needed to 1.2.36
There's a new version of libpng, 1.2.36 which fixes a security bug. Chrome/Chromium still runs on 1.2.35 it seems BUG=13046 TEST=Ran tests Review URL: http://codereview.chromium.org/112080 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17365 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party/libpng/pngrutil.c')
-rw-r--r--third_party/libpng/pngrutil.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/third_party/libpng/pngrutil.c b/third_party/libpng/pngrutil.c
index 5fafde6..f6f9859 100644
--- a/third_party/libpng/pngrutil.c
+++ b/third_party/libpng/pngrutil.c
@@ -1,9 +1,9 @@
/* pngrutil.c - utilities to read a PNG file
*
- * Last changed in libpng 1.2.34 [December 18, 2008]
+ * Last changed in libpng 1.2.36 [May 7, 2009]
* For conditions of distribution and use, see copyright notice in png.h
- * Copyright (c) 1998-2008 Glenn Randers-Pehrson
+ * Copyright (c) 1998-2009 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
*
@@ -3187,9 +3187,11 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED)
if (row_bytes + 64 > png_ptr->old_big_row_buf_size)
{
png_free(png_ptr, png_ptr->big_row_buf);
- png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes+64);
- png_ptr->row_buf = png_ptr->big_row_buf+32;
- png_ptr->old_big_row_buf_size = row_bytes+64;
+ png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes + 64);
+ if (png_ptr->interlaced)
+ png_memset(png_ptr->big_row_buf, 0, png_ptr->rowbytes + 64);
+ png_ptr->row_buf = png_ptr->big_row_buf + 32;
+ png_ptr->old_big_row_buf_size = row_bytes + 64;
}
#ifdef PNG_MAX_MALLOC_64K