From d5f32fb264befcc370e58b17f6cec5801dcf4feb Mon Sep 17 00:00:00 2001 From: David Capello Date: Wed, 29 Feb 2012 21:49:13 -0300 Subject: [PATCH] Update libpng to 1.5.9 which fixes a serious vulnerability. --- third_party/libpng/LICENSE | 4 +- third_party/libpng/README | 4 +- third_party/libpng/libpng-manual.txt | 8 ++-- third_party/libpng/png.c | 6 +-- third_party/libpng/png.h | 30 +++++++----- third_party/libpng/pngconf.h | 4 +- third_party/libpng/pngerror.c | 69 ++++++++++++++++------------ third_party/libpng/pngget.c | 2 +- third_party/libpng/pngpread.c | 19 ++++---- third_party/libpng/pngpriv.h | 2 +- third_party/libpng/pngrutil.c | 34 +++++++------- third_party/libpng/pngstruct.h | 6 +-- third_party/libpng/pngtest.c | 4 +- 13 files changed, 100 insertions(+), 92 deletions(-) diff --git a/third_party/libpng/LICENSE b/third_party/libpng/LICENSE index e23bca425..dd43d3bf2 100644 --- a/third_party/libpng/LICENSE +++ b/third_party/libpng/LICENSE @@ -10,7 +10,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.2.6, August 15, 2004, through 1.5.7, December 15, 2011, are +libpng versions 1.2.6, August 15, 2004, through 1.5.9, February 18, 2012, are Copyright (c) 2004, 2006-2011 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.2.5 with the following individual added to the list of Contributing Authors @@ -108,4 +108,4 @@ certification mark of the Open Source Initiative. Glenn Randers-Pehrson glennrp at users.sourceforge.net -December 15, 2011 +February 18, 2012 diff --git a/third_party/libpng/README b/third_party/libpng/README index 448a0de17..ac682fecc 100644 --- a/third_party/libpng/README +++ b/third_party/libpng/README @@ -1,4 +1,4 @@ -README for libpng version 1.5.7 - December 15, 2011 (shared library 15.0) +README for libpng version 1.5.9 - February 18, 2012 (shared library 15.0) See the note about version numbers near the top of png.h See INSTALL for instructions on how to install libpng. @@ -105,7 +105,7 @@ based in a large way on Guy's and Andreas' earlier work), and the PNG development group. Send comments/corrections/commendations to png-mng-implement at -lists.sourceforge.net (subscription required; visit +lists.sourceforge.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement to subscribe) or to glennrp at users.sourceforge.net diff --git a/third_party/libpng/libpng-manual.txt b/third_party/libpng/libpng-manual.txt index 59690d255..7a66f1d5c 100644 --- a/third_party/libpng/libpng-manual.txt +++ b/third_party/libpng/libpng-manual.txt @@ -1,6 +1,6 @@ libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.5.7 - December 15, 2011 + libpng version 1.5.9 - February 18, 2012 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2011 Glenn Randers-Pehrson @@ -11,7 +11,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.5.7 - December 15, 2011 + libpng versions 0.97, January 1998, through 1.5.9 - February 18, 2012 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2011 Glenn Randers-Pehrson @@ -4573,13 +4573,13 @@ Other rules can be inferred by inspecting the libpng source. XIV. Y2K Compliance in libpng -December 15, 2011 +February 18, 2012 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. This is your unofficial assurance that libpng from version 0.71 and -upward through 1.5.7 are Y2K compliant. It is my belief that earlier +upward through 1.5.9 are Y2K compliant. It is my belief that earlier versions were also Y2K compliant. Libpng only has three year fields. One is a 2-byte unsigned integer that diff --git a/third_party/libpng/png.c b/third_party/libpng/png.c index 08074485b..ca1de4866 100644 --- a/third_party/libpng/png.c +++ b/third_party/libpng/png.c @@ -14,7 +14,7 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_5_7 Your_png_h_is_not_version_1_5_7; +typedef png_libpng_version_1_5_9 Your_png_h_is_not_version_1_5_9; /* Tells libpng that we have already handled the first "num_bytes" bytes * of the PNG file signature. If the PNG data is embedded into another @@ -655,13 +655,13 @@ png_get_copyright(png_const_structp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.5.7 - December 15, 2011" PNG_STRING_NEWLINE \ + "libpng version 1.5.9 - February 18, 2012" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2011 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.5.7 - December 15, 2011\ + return "libpng version 1.5.9 - February 18, 2012\ Copyright (c) 1998-2011 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; diff --git a/third_party/libpng/png.h b/third_party/libpng/png.h index e22ec5c5d..5617c9720 100644 --- a/third_party/libpng/png.h +++ b/third_party/libpng/png.h @@ -1,8 +1,8 @@ /* png.h - header file for PNG reference library * - * libpng version 1.5.7 - December 15, 2011 - * Copyright (c) 1998-2011 Glenn Randers-Pehrson + * libpng version 1.5.9 - February 18, 2012 + * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -11,7 +11,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89c, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.5.7 - December 15, 2011: Glenn + * libpng versions 0.97, January 1998, through 1.5.9 - February 18, 2012: Glenn * See also "Contributing Authors", below. * * Note about libpng version numbers: @@ -166,6 +166,12 @@ * 1.5.7beta01-05 15 10507 15.so.15.7[.0] * 1.5.7rc01-03 15 10507 15.so.15.7[.0] * 1.5.7 15 10507 15.so.15.7[.0] + * 1.5.8beta01 15 10508 15.so.15.8[.0] + * 1.5.8rc01 15 10508 15.so.15.8[.0] + * 1.5.8 15 10508 15.so.15.8[.0] + * 1.5.9beta01-02 15 10509 15.so.15.9[.0] + * 1.5.9rc01 15 10509 15.so.15.9[.0] + * 1.5.9 15 10509 15.so.15.9[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be @@ -197,8 +203,8 @@ * * This code is released under the libpng license. * - * libpng versions 1.2.6, August 15, 2004, through 1.5.7, December 15, 2011, are - * Copyright (c) 2004, 2006-2011 Glenn Randers-Pehrson, and are + * libpng versions 1.2.6, August 15, 2004, through 1.5.9, February 18, 2012, are + * Copyright (c) 2004, 2006-2012 Glenn Randers-Pehrson, and are * distributed according to the same disclaimer and license as libpng-1.2.5 * with the following individual added to the list of Contributing Authors: * @@ -309,13 +315,13 @@ * Y2K compliance in libpng: * ========================= * - * December 15, 2011 + * February 18, 2012 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.5.7 are Y2K compliant. It is my belief that + * upward through 1.5.9 are Y2K compliant. It is my belief that * earlier versions were also Y2K compliant. * * Libpng only has two year fields. One is a 2-byte unsigned integer @@ -373,9 +379,9 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.5.7" +#define PNG_LIBPNG_VER_STRING "1.5.9" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.5.7 - December 15, 2011\n" + " libpng version 1.5.9 - February 18, 2012\n" #define PNG_LIBPNG_VER_SONUM 15 #define PNG_LIBPNG_VER_DLLNUM 15 @@ -383,7 +389,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 5 -#define PNG_LIBPNG_VER_RELEASE 7 +#define PNG_LIBPNG_VER_RELEASE 9 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: @@ -414,7 +420,7 @@ * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10507 /* 1.5.7 */ +#define PNG_LIBPNG_VER 10509 /* 1.5.9 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -536,7 +542,7 @@ extern "C" { /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_5_7; +typedef char* png_libpng_version_1_5_9; /* Three color definitions. The order of the red, green, and blue, (and the * exact size) is not important, although the size of the fields need to diff --git a/third_party/libpng/pngconf.h b/third_party/libpng/pngconf.h index d07054de2..1aa268bee 100644 --- a/third_party/libpng/pngconf.h +++ b/third_party/libpng/pngconf.h @@ -1,9 +1,9 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.5.7 - December 15, 2011 + * libpng version 1.5.9 - February 18, 2012 * - * Copyright (c) 1998-2011 Glenn Randers-Pehrson + * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * diff --git a/third_party/libpng/pngerror.c b/third_party/libpng/pngerror.c index 7604bddf1..95002f84f 100644 --- a/third_party/libpng/pngerror.c +++ b/third_party/libpng/pngerror.c @@ -1,8 +1,8 @@ /* pngerror.c - stub functions for i/o and memory allocation * - * Last changed in libpng 1.5.7 [December 15, 2011] - * Copyright (c) 1998-2011 Glenn Randers-Pehrson + * Last changed in libpng 1.5.8 [February 1, 2011] + * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -281,35 +281,40 @@ void png_formatted_warning(png_structp png_ptr, png_warning_parameters p, png_const_charp message) { - /* The internal buffer is just 128 bytes - enough for all our messages, - * overflow doesn't happen because this code checks! + /* The internal buffer is just 192 bytes - enough for all our messages, + * overflow doesn't happen because this code checks! If someone figures + * out how to send us a message longer than 192 bytes, all that will + * happen is that the message will be truncated appropriately. */ - size_t i; - char msg[128]; + size_t i = 0; /* Index in the msg[] buffer: */ + char msg[192]; - for (i=0; i<(sizeof msg)-1 && *message != '\0'; ++i) + /* Each iteration through the following loop writes at most one character + * to msg[i++] then returns here to validate that there is still space for + * the trailing '\0'. It may (in the case of a parameter) read more than + * one character from message[]; it must check for '\0' and continue to the + * test if it finds the end of string. + */ + while (i<(sizeof msg)-1 && *message != '\0') { - if (*message == '@') + /* '@' at end of string is now just printed (previously it was skipped); + * it is an error in the calling code to terminate the string with @. + */ + if (p != NULL && *message == '@' && message[1] != '\0') { - int parameter = -1; - switch (*++message) - { - case '1': - parameter = 0; - break; + int parameter_char = *++message; /* Consume the '@' */ + static const char valid_parameters[] = "123456789"; + int parameter = 0; - case '2': - parameter = 1; - break; + /* Search for the parameter digit, the index in the string is the + * parameter to use. + */ + while (valid_parameters[parameter] != parameter_char && + valid_parameters[parameter] != '\0') + ++parameter; - case '\0': - continue; /* To break out of the for loop above. */ - - default: - break; - } - - if (parameter >= 0 && parameter < PNG_WARNING_PARAMETER_COUNT) + /* If the parameter digit is out of range it will just get printed. */ + if (parameter < PNG_WARNING_PARAMETER_COUNT) { /* Append this parameter */ png_const_charp parm = p[parameter]; @@ -319,28 +324,32 @@ png_formatted_warning(png_structp png_ptr, png_warning_parameters p, * that parm[] has been initialized, so there is no guarantee of a * trailing '\0': */ - for (; i<(sizeof msg)-1 && parm != '\0' && parm < pend; ++i) - msg[i] = *parm++; + while (i<(sizeof msg)-1 && *parm != '\0' && parm < pend) + msg[i++] = *parm++; + /* Consume the parameter digit too: */ ++message; continue; } /* else not a parameter and there is a character after the @ sign; just - * copy that. + * copy that. This is known not to be '\0' because of the test above. */ } /* At this point *message can't be '\0', even in the bad parameter case * above where there is a lone '@' at the end of the message string. */ - msg[i] = *message++; + msg[i++] = *message++; } /* i is always less than (sizeof msg), so: */ msg[i] = '\0'; - /* And this is the formatted message: */ + /* And this is the formatted message, it may be larger than + * PNG_MAX_ERROR_TEXT, but that is only used for 'chunk' errors and these are + * not (currently) formatted. + */ png_warning(png_ptr, msg); } #endif /* PNG_WARNINGS_SUPPORTED */ diff --git a/third_party/libpng/pngget.c b/third_party/libpng/pngget.c index 9dfccfdaa..43400cda7 100644 --- a/third_party/libpng/pngget.c +++ b/third_party/libpng/pngget.c @@ -683,7 +683,7 @@ png_get_iCCP(png_const_structp png_ptr, png_const_infop info_ptr, if (png_ptr != NULL && info_ptr != NULL && (info_ptr->valid & PNG_INFO_iCCP) && name != NULL && compression_type != NULL && profile != NULL && - proflen != NULL) + proflen != NULL) { *name = info_ptr->iccp_name; *profile = info_ptr->iccp_profile; diff --git a/third_party/libpng/pngpread.c b/third_party/libpng/pngpread.c index 20d3f236e..95a2082e4 100644 --- a/third_party/libpng/pngpread.c +++ b/third_party/libpng/pngpread.c @@ -1,7 +1,7 @@ /* pngpread.c - read a png file in push mode * - * Last changed in libpng 1.5.7 [December 15, 2011] + * Last changed in libpng 1.5.9 [February 18, 2012] * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -730,8 +730,7 @@ png_push_save_buffer(png_structp png_ptr) new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256; old_buffer = png_ptr->save_buffer; - png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, - (png_size_t)new_max); + png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, new_max); if (png_ptr->save_buffer == NULL) { @@ -1201,6 +1200,7 @@ png_push_process_row(png_structp png_ptr) void /* PRIVATE */ png_read_push_finish_row(png_structp png_ptr) { +#ifdef PNG_READ_INTERLACING_SUPPORTED /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */ /* Start of interlace block */ @@ -1219,6 +1219,7 @@ png_read_push_finish_row(png_structp png_ptr) * it, uncomment it here and in png.h static PNG_CONST png_byte FARDATA png_pass_height[] = {8, 8, 4, 4, 2, 2, 1}; */ +#endif png_ptr->row_number++; if (png_ptr->row_number < png_ptr->num_rows) @@ -1285,8 +1286,7 @@ png_push_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 } #endif - png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1384,8 +1384,7 @@ png_push_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 } #endif - png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1586,8 +1585,7 @@ png_push_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 } #endif - png_ptr->current_text = (png_charp)png_malloc(png_ptr, - (png_size_t)(length + 1)); + png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1); png_ptr->current_text[length] = '\0'; png_ptr->current_text_ptr = png_ptr->current_text; png_ptr->current_text_size = (png_size_t)length; @@ -1732,8 +1730,7 @@ png_push_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 */ PNG_CSTRING_FROM_CHUNK(png_ptr->unknown_chunk.name, png_ptr->chunk_name); - /* The following cast should be safe because of the check above. */ - png_ptr->unknown_chunk.size = (png_size_t)length; + png_ptr->unknown_chunk.size = length; if (length == 0) png_ptr->unknown_chunk.data = NULL; diff --git a/third_party/libpng/pngpriv.h b/third_party/libpng/pngpriv.h index 4b27a0764..67e486c57 100644 --- a/third_party/libpng/pngpriv.h +++ b/third_party/libpng/pngpriv.h @@ -1536,7 +1536,7 @@ PNG_EXTERN void png_ascii_from_fixed PNGARG((png_structp png_ptr, #define PNG_FP_IS_ZERO(state) (((state) & PNG_FP_Z_MASK) == PNG_FP_SAW_DIGIT) #define PNG_FP_IS_POSITIVE(state) (((state) & PNG_FP_NZ_MASK) == PNG_FP_Z_MASK) #define PNG_FP_IS_NEGATIVE(state) (((state) & PNG_FP_NZ_MASK) == PNG_FP_NZ_MASK) - + /* The actual parser. This can be called repeatedly, it updates * the index into the string and the state variable (which must * be initialzed to 0). It returns a result code, as above. There diff --git a/third_party/libpng/pngrutil.c b/third_party/libpng/pngrutil.c index 6055ffeb0..d6c0e0350 100644 --- a/third_party/libpng/pngrutil.c +++ b/third_party/libpng/pngrutil.c @@ -1,8 +1,8 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.5.7 [December 15, 2011] - * Copyright (c) 1998-2011 Glenn Randers-Pehrson + * Last changed in libpng 1.5.9 [February 18, 2012] + * Copyright (c) 1998-2012 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -432,15 +432,18 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, /* Now check the limits on this chunk - if the limit fails the * compressed data will be removed, the prefix will remain. */ + if (prefix_size >= (~(png_size_t)0) - 1 || + expanded_size >= (~(png_size_t)0) - 1 - prefix_size #ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED - if (png_ptr->user_chunk_malloc_max && + || (png_ptr->user_chunk_malloc_max && (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1)) #else # ifdef PNG_USER_CHUNK_MALLOC_MAX - if ((PNG_USER_CHUNK_MALLOC_MAX > 0) && + || ((PNG_USER_CHUNK_MALLOC_MAX > 0) && prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1) # endif #endif + ) png_warning(png_ptr, "Exceeded size limit while expanding chunk"); /* If the size is zero either there was an error and a message @@ -448,12 +451,7 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, * and we have nothing to do - the code will exit through the * error case below. */ -#if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \ - defined(PNG_USER_CHUNK_MALLOC_MAX) else if (expanded_size > 0) -#else - if (expanded_size > 0) -#endif { /* Success (maybe) - really uncompress the chunk. */ png_size_t new_size = 0; @@ -1219,7 +1217,7 @@ png_handle_sRGB(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) */ png_ptr->rgb_to_gray_red_coeff = 6968; /* 0.212639005871510 */ png_ptr->rgb_to_gray_green_coeff = 23434; /* 0.715168678767756 */ - /* png_ptr->rgb_to_gray_blue_coeff = 2366; 0.072192315360734 */ + /* png_ptr->rgb_to_gray_blue_coeff = 2366; 0.072192315360734 */ /* The following keeps the cHRM chunk from destroying the * coefficients again in the event that it follows the sRGB chunk. @@ -1279,7 +1277,7 @@ png_handle_iCCP(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) png_free(png_ptr, png_ptr->chunkdata); png_ptr->chunkdata = (png_charp)png_malloc(png_ptr, length + 1); - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) @@ -1429,7 +1427,7 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) * that the PNG_MAX_MALLOC_64K test is enabled in this case, but this is a * potential breakage point if the types in pngconf.h aren't exactly right. */ - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) @@ -1956,7 +1954,7 @@ png_handle_pCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, 0)) @@ -2105,7 +2103,7 @@ png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); png_ptr->chunkdata[slength] = 0x00; /* Null terminate the last string */ @@ -2265,7 +2263,7 @@ png_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, skip)) @@ -2373,7 +2371,7 @@ png_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, 0)) @@ -2504,7 +2502,7 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length) return; } - slength = (png_size_t)length; + slength = length; png_crc_read(png_ptr, (png_bytep)png_ptr->chunkdata, slength); if (png_crc_finish(png_ptr, 0)) @@ -3707,7 +3705,7 @@ png_init_filter_functions_neon(png_structp pp, unsigned int bpp) { pp->read_filter[PNG_FILTER_VALUE_SUB-1] = png_read_filter_row_sub3_neon; pp->read_filter[PNG_FILTER_VALUE_AVG-1] = png_read_filter_row_avg3_neon; - pp->read_filter[PNG_FILTER_VALUE_PAETH-1] = + pp->read_filter[PNG_FILTER_VALUE_PAETH-1] = png_read_filter_row_paeth3_neon; } diff --git a/third_party/libpng/pngstruct.h b/third_party/libpng/pngstruct.h index 07f3a0425..860b8bff8 100644 --- a/third_party/libpng/pngstruct.h +++ b/third_party/libpng/pngstruct.h @@ -5,7 +5,7 @@ * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * - * Last changed in libpng 1.5.5 [September 22, 2011] + * Last changed in libpng 1.5.9 [February 18, 2012] * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer @@ -283,9 +283,7 @@ struct png_struct_def #endif /* New member added in libpng-1.0.4 (renamed in 1.0.9) */ -#if defined(PNG_MNG_FEATURES_SUPPORTED) || \ - defined(PNG_READ_EMPTY_PLTE_SUPPORTED) || \ - defined(PNG_WRITE_EMPTY_PLTE_SUPPORTED) +#if defined(PNG_MNG_FEATURES_SUPPORTED) /* Changed from png_byte to png_uint_32 at version 1.2.0 */ png_uint_32 mng_features_permitted; #endif diff --git a/third_party/libpng/pngtest.c b/third_party/libpng/pngtest.c index c52aef3e6..8d10af4ac 100644 --- a/third_party/libpng/pngtest.c +++ b/third_party/libpng/pngtest.c @@ -1165,7 +1165,7 @@ test_one_file(PNG_CONST char *inname, PNG_CONST char *outname) pngtest_debug1("Handling %d iTXt/tEXt/zTXt chunks", num_text); if (verbose) - printf("\nText compression=%d\n", text_ptr->compression); + printf("\n Text compression=%d\n", text_ptr->compression); png_set_text(write_ptr, write_info_ptr, text_ptr, num_text); } @@ -1817,4 +1817,4 @@ main(int argc, char *argv[]) } /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_5_7 Your_png_h_is_not_version_1_5_7; +typedef png_libpng_version_1_5_9 Your_png_h_is_not_version_1_5_9;