#
-# Copyright (C) 2006-2011 OpenWrt.org
+# Copyright (C) 2006-2012 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
PKG_NAME:=libpng
PKG_VERSION:=1.2.46
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/libpng
--- /dev/null
+--- a/pngrutil.c
++++ b/pngrutil.c
+@@ -339,15 +339,18 @@ png_decompress_chunk(png_structp png_ptr
+ /* Now check the limits on this chunk - if the limit fails the
+ * compressed data will be removed, the prefix will remain.
+ */
++ if (prefix_size >= (~(png_size_t)0) - 1 ||
++ expanded_size >= (~(png_size_t)0) - 1 - prefix_size
+ #ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
+- if (png_ptr->user_chunk_malloc_max &&
++ || (png_ptr->user_chunk_malloc_max &&
+ (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1))
+ #else
+ # ifdef PNG_USER_CHUNK_MALLOC_MAX
+- if ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
++ || ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
+ prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1)
+ # endif
+ #endif
++ )
+ png_warning(png_ptr, "Exceeded size limit while expanding chunk");
+
+ /* If the size is zero either there was an error and a message
+@@ -355,14 +358,11 @@ png_decompress_chunk(png_structp png_ptr
+ * and we have nothing to do - the code will exit through the
+ * error case below.
+ */
+-#if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \
+- defined(PNG_USER_CHUNK_MALLOC_MAX)
+- else
+-#endif
+- if (expanded_size > 0)
++ else if (expanded_size > 0)
+ {
+ /* Success (maybe) - really uncompress the chunk. */
+ png_size_t new_size = 0;
++
+ png_charp text = png_malloc_warn(png_ptr,
+ prefix_size + expanded_size + 1);
+
projects / openwrt / svn-archive / archive.git / commitdiff