diff options
author | SlowRiot <rain.backnet@gmail.com> | 2014-11-28 01:22:36 +0000 |
---|---|---|
committer | SlowRiot <rain.backnet@gmail.com> | 2014-11-28 01:22:36 +0000 |
commit | f1de0a2a71d2fbc68a6452c3609552148bb6a19a (patch) | |
tree | 51e6c6653de7c7dfe386c4e5e8406533d8ac506a /lodepng.cpp | |
parent | 2662c53205a1de640ea67fd8c50fa2d22fe8b9f0 (diff) | |
parent | d515dbdfeba0f3c02deb17dce5ca1f958fc0befb (diff) |
Merge https://github.com/lvandeve/lodepng
# By Lode
# Via Lode
* https://github.com/lvandeve/lodepng:
various fixes
Conflicts:
lodepng.cpp
Diffstat (limited to 'lodepng.cpp')
-rw-r--r-- | lodepng.cpp | 42 |
1 files changed, 29 insertions, 13 deletions
diff --git a/lodepng.cpp b/lodepng.cpp index f319be7..b5d0b42 100644 --- a/lodepng.cpp +++ b/lodepng.cpp @@ -1,5 +1,5 @@ /* -LodePNG version 20141120 +LodePNG version 20141126 Copyright (c) 2005-2014 Lode Vandevenne @@ -37,7 +37,7 @@ Rename this file to lodepng.cpp to use it for C++, or to lodepng.c to use it for #include <fstream> #endif /*LODEPNG_COMPILE_CPP*/ -#define VERSION_STRING "20141120" +#define VERSION_STRING "20141126" #if defined(_MSC_VER) && (_MSC_VER >= 1310) /*Visual Studio: A few warning types are not desired here.*/ #pragma warning( disable : 4244 ) /*implicit conversions: not warned by gcc -Wall -Wextra and requires too much casts*/ @@ -119,6 +119,13 @@ Example: if(!uivector_resizev(&frequencies_ll, 286, 0)) ERROR_BREAK(83); if(error) return error;\ } +/*Set error var to the error code, and return from the void function.*/ +#define CERROR_RETURN(errorvar, code)\ +{\ + errorvar = code;\ + return;\ +} + /* About uivector, ucvector and string: -All of them wrap dynamic arrays or text strings in a similar way. @@ -573,7 +580,8 @@ static unsigned HuffmanTree_make2DTree(HuffmanTree* tree) for(i = 0; i != tree->lengths[n]; ++i) /*the bits for this code*/ { unsigned char bit = (unsigned char)((tree->tree1d[n] >> (tree->lengths[n] - i - 1)) & 1); - if(treepos > tree->numcodes - 2) return 55; /*oversubscribed, see comment in lodepng_error_text*/ + /*oversubscribed, see comment in lodepng_error_text*/ + if(treepos > 2147483647 || treepos + 2 > tree->numcodes) return 55; if(tree->tree2d[2 * treepos + bit] == 32767) /*not yet filled in*/ { if(i + 1 == tree->lengths[n]) /*last bit*/ @@ -852,8 +860,8 @@ unsigned lodepng_huffman_code_lengths(unsigned* lengths, const unsigned* frequen if(!error) { - /*calculate the lenghts of each symbol, as the amount of times a coin of each symbol is used*/ - for(i = 0; i != numpresent - 1; ++i) + /*calculate the lengths of each symbol, as the amount of times a coin of each symbol is used*/ + for(i = 0; i + 1 < numpresent; ++i) { Coin* coin = &coins[i]; for(j = 0; j < coin->symbols.size; ++j) ++lengths[coin->symbols.data[j]]; @@ -1216,14 +1224,15 @@ static unsigned inflateHuffmanBlock(ucvector* out, const unsigned char* in, size static unsigned inflateNoCompression(ucvector* out, const unsigned char* in, size_t* bp, size_t* pos, size_t inlength) { - /*go to first boundary of byte*/ size_t p; unsigned LEN, NLEN, n, error = 0; + + /*go to first boundary of byte*/ while(((*bp) & 0x7) != 0) ++(*bp); p = (*bp) / 8; /*byte position*/ /*read LEN (2 bytes) and NLEN (2 bytes)*/ - if(p >= inlength - 4) return 52; /*error, bit pointer will jump past memory*/ + if(p + 4 >= inlength) return 52; /*error, bit pointer will jump past memory*/ LEN = in[p] + 256u * in[p + 1]; p += 2; NLEN = in[p] + 256u * in[p + 1]; p += 2; @@ -3863,7 +3872,7 @@ unsigned lodepng_inspect(unsigned* w, unsigned* h, LodePNGState* state, { CERROR_RETURN_ERROR(state->error, 48); /*error: the given data is empty*/ } - if(insize < 29) + if(insize < 33) { CERROR_RETURN_ERROR(state->error, 27); /*error: the data length is smaller than the length of a PNG header*/ } @@ -3891,6 +3900,11 @@ unsigned lodepng_inspect(unsigned* w, unsigned* h, LodePNGState* state, info->filter_method = in[27]; info->interlace_method = in[28]; + if(*w == 0 || *h == 0) + { + CERROR_RETURN_ERROR(state->error, 93); + } + if(!state->decoder.ignore_crc) { unsigned CRC = lodepng_read32bitInt(&in[29]); @@ -4503,11 +4517,12 @@ static void decodeGeneric(unsigned char** out, unsigned* w, unsigned* h, if(state->error) return; numpixels = *w * *h; - if(*h != 0 && numpixels / *h != *w) - { - state->error = 92; /*multiplication overflow*/ - return; - } + + /*multiplication overflow*/ + if(*h != 0 && numpixels / *h != *w) CERROR_RETURN(state->error, 92); + /*multiplication overflow possible further below. Allows up to 2^31-1 pixel + bytes with 16-bit RGBA, the rest is room for filter bytes.*/ + if(numpixels > 268435455) CERROR_RETURN(state->error, 92); ucvector_init(&idat); chunk = &in[33]; /*first byte of the first chunk after the header*/ @@ -5968,6 +5983,7 @@ const char* lodepng_error_text(unsigned code) case 90: return "windowsize must be a power of two"; case 91: return "invalid decompressed idat size"; case 92: return "too many pixels, not supported"; + case 93: return "zero width or height is invalid"; } return "unknown error code"; } |