diff options
author | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2016-12-29 07:43:43 -0600 |
---|---|---|
committer | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2016-12-29 07:43:43 -0600 |
commit | d0afab5ce38774ffb0b44fde718f254dafffd021 (patch) | |
tree | 7a1c41e0fecbf00e97b53c5285943072bc9da17a | |
parent | ff37256e4d116ba92466e37513b18fcfd30162cd (diff) | |
download | libpng-d0afab5ce38774ffb0b44fde718f254dafffd021.tar.gz |
[libpng14] Fixed a potential null pointer dereference in png_set_text_2()
(bug report and patch by Patrick Keshishian)
-rw-r--r-- | ANNOUNCE | 2 | ||||
-rw-r--r-- | CHANGES | 2 | ||||
-rw-r--r-- | png.c | 1 |
3 files changed, 5 insertions, 0 deletions
@@ -28,6 +28,8 @@ Changes since the last public release (1.4.19): Fix typos in libpng.3 synopses (Eric S. Raymond). Fixed undefined behavior in png_push_save_buffer(). Do not call memcpy() with a null source, even if count is zero (Leon Scroggins III). + Fixed a potential null pointer dereference in png_set_text_2() (bug report + and patch by Patrick Keshishian) Send comments/corrections/commendations to glennrp at users.sourceforge.net or to png-mng-implement at lists.sf.net (subscription required; visit @@ -3040,6 +3040,8 @@ version 1.4.20rc01 [December 27, 2016] memcpy() with a null source, even if count is zero (Leon Scroggins III). version 1.4.20 [December 29, 2016] + Fixed a potential null pointer dereference in png_set_text_2() (bug report + and patch by Patrick Keshishian). Send comments/corrections/commendations to glennrp at users.sourceforge.net or to png-mng-implement at lists.sf.net (subscription required; visit @@ -279,6 +279,7 @@ png_free_data(png_structp png_ptr, png_infop info_ptr, png_uint_32 mask, png_free(png_ptr, info_ptr->text); info_ptr->text = NULL; info_ptr->num_text=0; + info_ptr->max_text=0; } } #endif |