From 07aa910d904da92ba9d461d4f867b9438ace6ce0 Mon Sep 17 00:00:00 2001 From: "mhm@chromium.org" Date: Mon, 1 Jun 2009 22:41:42 +0000 Subject: Security bug for libpng, update needed to 1.2.36 There's a new version of libpng, 1.2.36 which fixes a security bug. Chrome/Chromium still runs on 1.2.35 it seems BUG=13046 TEST=Ran tests Review URL: http://codereview.chromium.org/112080 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17365 0039d316-1c4b-4281-b951-d872f2087c98 --- third_party/libpng/pngread.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'third_party/libpng/pngread.c') diff --git a/third_party/libpng/pngread.c b/third_party/libpng/pngread.c index ace91ba..8e9c0cb 100644 --- a/third_party/libpng/pngread.c +++ b/third_party/libpng/pngread.c @@ -1434,11 +1434,11 @@ png_read_png(png_structp png_ptr, png_infop info_ptr, { info_ptr->row_pointers = (png_bytepp)png_malloc(png_ptr, info_ptr->height * png_sizeof(png_bytep)); + png_memset(info_ptr->row_pointers, 0, info_ptr->height + * png_sizeof(png_bytep)); #ifdef PNG_FREE_ME_SUPPORTED info_ptr->free_me |= PNG_FREE_ROWS; #endif - png_memset(info_ptr->row_pointers, 0, info_ptr->height - * png_sizeof(png_bytep)); for (row = 0; row < (int)info_ptr->height; row++) info_ptr->row_pointers[row] = (png_bytep)png_malloc(png_ptr, png_get_rowbytes(png_ptr, info_ptr)); -- cgit v1.1