| From e87a02987101e2dbe319a4aba6b52470f7624b4a Mon Sep 17 00:00:00 2001 |
| From: Leon Scroggins III <scroggo@google.com> |
| Date: Wed, 18 Apr 2018 21:45:46 +0000 |
| Subject: [PATCH] Turn large PNG chunks into benign errors |
| |
| Bug: 827754 |
| |
| A recent change to libpng [1] (included in Chromium with the recent |
| libpng update [2]) turns chunks that are bigger than |
| PNG_USER_CHUNK_MALLOC_MAX into failures. Although this matches the |
| intent of PNG_USER_CHUNK_MALLOC_MAX, it also causes images which used to |
| be viewable in Chromium to fail. Changing to a benign error allows us to |
| display these images once again. Though it means we do allow libpng to |
| allocate more than PNG_USER_CHUNK_MALLOC_MAX, it matches the behavior |
| prior to [2] (when we were using 1.6.22), and it does not regress |
| crbug.com/117369 |
| |
| Add a regression test. The image is supplied in the bug, and has approval |
| to be checked in [3]. |
| |
| [1] https://github.com/glennrp/libpng/commit/347538efbdc21b8df684ebd92d37400b3ce85d55 |
| [2] https://chromium.googlesource.com/chromium/src/+/f82653a473f8de5fc86d0f2ecc75f6237e61946b |
| [3] https://bugs.chromium.org/p/chromium/issues/detail?id=827754#c15 |
| |
| Change-Id: Iaae884b42a94bdec6e1cfad97d46ef820a75a5f8 |
| Reviewed-on: https://chromium-review.googlesource.com/1014027 |
| Commit-Queue: Leon Scroggins <scroggo@chromium.org> |
| Reviewed-by: Noel Gordon <noel@chromium.org> |
| Cr-Commit-Position: refs/heads/master@{#551838} |
| --- |
| |
| diff --git a/third_party/libpng/pngrutil.c b/third_party/libpng/pngrutil.c |
| index 8692933..2210ffc 100644 |
| --- a/third_party/libpng/pngrutil.c |
| +++ b/third_party/libpng/pngrutil.c |
| @@ -3165,7 +3165,7 @@ |
| { |
| png_debug2(0," length = %lu, limit = %lu", |
| (unsigned long)length,(unsigned long)limit); |
| - png_chunk_error(png_ptr, "chunk data is too large"); |
| + png_benign_error(png_ptr, "chunk data is too large"); |
| } |
| } |
| |