From 07aa910d904da92ba9d461d4f867b9438ace6ce0 Mon Sep 17 00:00:00 2001 From: "mhm@chromium.org" Date: Mon, 1 Jun 2009 22:41:42 +0000 Subject: Security bug for libpng, update needed to 1.2.36 There's a new version of libpng, 1.2.36 which fixes a security bug. Chrome/Chromium still runs on 1.2.35 it seems BUG=13046 TEST=Ran tests Review URL: http://codereview.chromium.org/112080 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17365 0039d316-1c4b-4281-b951-d872f2087c98 --- third_party/libpng/png.h | 150 ++++++++++++++++++++++++++--------------------- 1 file changed, 83 insertions(+), 67 deletions(-) (limited to 'third_party/libpng/png.h') diff --git a/third_party/libpng/png.h b/third_party/libpng/png.h index 1de4ddd..267677a 100644 --- a/third_party/libpng/png.h +++ b/third_party/libpng/png.h @@ -1,6 +1,6 @@ /* png.h - header file for PNG reference library * - * libpng version 1.2.35 - February 14, 2009 + * libpng version 1.2.36 - May 7, 2009 * Copyright (c) 1998-2009 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -8,7 +8,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.2.35 - February 14, 2009: Glenn + * libpng versions 0.97, January 1998, through 1.2.36 - May 7, 2009: Glenn * See also "Contributing Authors", below. * * Note about libpng version numbers: @@ -222,6 +222,10 @@ * 1.2.35rc01-02 13 10235 12.so.0.35[.0] * 1.0.43 10 10043 10.so.0.43[.0] * 1.2.35 13 10235 12.so.0.35[.0] + * 1.2.36beta01-05 13 10236 12.so.0.36[.0] + * 1.2.36rc01 13 10236 12.so.0.36[.0] + * 1.0.44 10 10044 10.so.0.44[.0] + * 1.2.36 13 10236 12.so.0.36[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be @@ -251,8 +255,8 @@ * If you modify libpng you may insert additional notices immediately following * this sentence. * - * libpng versions 1.2.6, August 15, 2004, through 1.2.35, February 14, 2009, are - * Copyright (c) 2004, 2006-2008 Glenn Randers-Pehrson, and are + * libpng versions 1.2.6, August 15, 2004, through 1.2.36, May 7, 2009, are + * Copyright (c) 2004, 2006-2009 Glenn Randers-Pehrson, and are * distributed according to the same disclaimer and license as libpng-1.2.5 * with the following individual added to the list of Contributing Authors: * @@ -363,13 +367,13 @@ * Y2K compliance in libpng: * ========================= * - * February 14, 2009 + * May 7, 2009 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.2.35 are Y2K compliant. It is my belief that earlier + * upward through 1.2.36 are Y2K compliant. It is my belief that earlier * versions were also Y2K compliant. * * Libpng only has three year fields. One is a 2-byte unsigned integer @@ -425,9 +429,9 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.2.35" +#define PNG_LIBPNG_VER_STRING "1.2.36" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.2.35 - February 14, 2009\n" + " libpng version 1.2.36 - May 7, 2009\n" #define PNG_LIBPNG_VER_SONUM 0 #define PNG_LIBPNG_VER_DLLNUM 13 @@ -435,7 +439,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 2 -#define PNG_LIBPNG_VER_RELEASE 35 +#define PNG_LIBPNG_VER_RELEASE 36 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: */ @@ -463,7 +467,7 @@ * Versions 0.7 through 1.0.0 were in the range 0 to 100 here (only * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10235 /* 1.2.35 */ +#define PNG_LIBPNG_VER 10236 /* 1.2.36 */ #ifndef PNG_VERSION_INFO_ONLY /* include the compression library's header */ @@ -1487,7 +1491,7 @@ struct png_struct_def /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef png_structp version_1_2_35; +typedef png_structp version_1_2_36; typedef png_struct FAR * FAR * png_structpp; @@ -1987,6 +1991,11 @@ extern PNG_EXPORT(png_voidp,png_get_error_ptr) PNGARG((png_structp png_ptr)); * If buffered output is not used, then output_flush_fn can be set to NULL. * If PNG_WRITE_FLUSH_SUPPORTED is not defined at libpng compile time * output_flush_fn will be ignored (and thus can be NULL). + * It is probably a mistake to use NULL for output_flush_fn if + * write_data_fn is not also NULL unless you have built libpng with + * PNG_WRITE_FLUSH_SUPPORTED undefined, because in this case libpng's + * default flush function, which uses the standard *FILE structure, will + * be used. */ extern PNG_EXPORT(void,png_set_write_fn) PNGARG((png_structp png_ptr, png_voidp io_ptr, png_rw_ptr write_data_fn, png_flush_ptr output_flush_fn)); @@ -2556,64 +2565,72 @@ extern PNG_EXPORT(void, png_write_png) PNGARG((png_structp png_ptr, #ifndef PNG_DEBUG_FILE #define PNG_DEBUG_FILE stderr #endif /* PNG_DEBUG_FILE */ + #if (PNG_DEBUG > 1) -#ifndef png_debug /* Note: ["%s"m PNG_STRING_NEWLINE] probably does not work on * non-ISO compilers */ -#ifdef __STDC__ -#define png_debug(l,m) \ -{ \ - int num_tabs=l; \ - fprintf(PNG_DEBUG_FILE,"%s"m PNG_STRING_NEWLINE,(num_tabs==1 ? "\t" : \ - (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":"")))); \ -} -#endif -#ifndef png_debug1 -#define png_debug1(l,m,p1) \ -{ \ - int num_tabs=l; \ - fprintf(PNG_DEBUG_FILE,"%s"m PNG_STRING_NEWLINE,(num_tabs==1 ? "\t" : \ - (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))),p1); \ -} -#endif -#ifndef png_debug2 -#define png_debug2(l,m,p1,p2) \ -{ \ - int num_tabs=l; \ - fprintf(PNG_DEBUG_FILE,"%s"m PNG_STRING_NEWLINE,(num_tabs==1 ? "\t" : \ - (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))),p1,p2); \ -} -#endif -#else /* __STDC __ */ -#ifndef png_debug -#define png_debug(l,m) \ - int num_tabs=l; \ - char format[256]; \ - snprintf(format,256,"%s%s%s",(num_tabs==1 ? "\t" : \ - (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))), \ - m,PNG_STRING_NEWLINE); \ - fprintf(PNG_DEBUG_FILE,format); -#endif -#ifndef png_debug1 -#define png_debug1(l,m,p1) \ - int num_tabs=l; \ - char format[256]; \ - snprintf(format,256,"%s%s%s",(num_tabs==1 ? "\t" : \ - (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))), \ - m,PNG_STRING_NEWLINE); \ - fprintf(PNG_DEBUG_FILE,format,p1); -#endif -#ifndef png_debug2 -#define png_debug2(l,m,p1,p2) \ - int num_tabs=l; \ - char format[256]; \ - snprintf(format,256,"%s%s%s",(num_tabs==1 ? "\t" : \ - (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))), \ - m,PNG_STRING_NEWLINE); \ - fprintf(PNG_DEBUG_FILE,format,p1,p2); -#endif -#endif /* __STDC __ */ +# ifdef __STDC__ +# ifndef png_debug +# define png_debug(l,m) \ + { \ + int num_tabs=l; \ + fprintf(PNG_DEBUG_FILE,"%s"m PNG_STRING_NEWLINE,(num_tabs==1 ? "\t" : \ + (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":"")))); \ + } +# endif +# ifndef png_debug1 +# define png_debug1(l,m,p1) \ + { \ + int num_tabs=l; \ + fprintf(PNG_DEBUG_FILE,"%s"m PNG_STRING_NEWLINE,(num_tabs==1 ? "\t" : \ + (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))),p1); \ + } +# endif +# ifndef png_debug2 +# define png_debug2(l,m,p1,p2) \ + { \ + int num_tabs=l; \ + fprintf(PNG_DEBUG_FILE,"%s"m PNG_STRING_NEWLINE,(num_tabs==1 ? "\t" : \ + (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))),p1,p2); \ + } +# endif +# else /* __STDC __ */ +# ifndef png_debug +# define png_debug(l,m) \ + { \ + int num_tabs=l; \ + char format[256]; \ + snprintf(format,256,"%s%s%s",(num_tabs==1 ? "\t" : \ + (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))), \ + m,PNG_STRING_NEWLINE); \ + fprintf(PNG_DEBUG_FILE,format); \ + } +# endif +# ifndef png_debug1 +# define png_debug1(l,m,p1) \ + { \ + int num_tabs=l; \ + char format[256]; \ + snprintf(format,256,"%s%s%s",(num_tabs==1 ? "\t" : \ + (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))), \ + m,PNG_STRING_NEWLINE); \ + fprintf(PNG_DEBUG_FILE,format,p1); \ + } +# endif +# ifndef png_debug2 +# define png_debug2(l,m,p1,p2) \ + { \ + int num_tabs=l; \ + char format[256]; \ + snprintf(format,256,"%s%s%s",(num_tabs==1 ? "\t" : \ + (num_tabs==2 ? "\t\t":(num_tabs>2 ? "\t\t\t":""))), \ + m,PNG_STRING_NEWLINE); \ + fprintf(PNG_DEBUG_FILE,format,p1,p2); \ + } +# endif +# endif /* __STDC __ */ #endif /* (PNG_DEBUG > 1) */ + #endif /* _MSC_VER */ #endif /* (PNG_DEBUG > 0) */ #endif /* PNG_DEBUG */ @@ -2708,6 +2725,7 @@ extern PNG_EXPORT(void,png_set_mmx_thresholds) #if !defined(PNG_1_0_X) /* png.c, pnggccrd.c, or pngvcrd.c */ extern PNG_EXPORT(int,png_mmx_support) PNGARG((void)); +#endif /* PNG_1_0_X */ #endif /* PNG_ASSEMBLER_CODE_SUPPORTED */ /* Strip the prepended error numbers ("#nnn ") from error and warning @@ -2717,8 +2735,6 @@ extern PNG_EXPORT(void,png_set_strip_error_numbers) PNGARG((png_structp png_ptr, png_uint_32 strip_mode)); #endif -#endif /* PNG_1_0_X */ - /* Added at libpng-1.2.6 */ #ifdef PNG_SET_USER_LIMITS_SUPPORTED extern PNG_EXPORT(void,png_set_user_limits) PNGARG((png_structp -- cgit v1.1