[libpng16] Fixed conceivable but difficult to repro overflow. Also added

two test programs to generate and test a PNG which should have the problem.
author: John Bowler <jbowler@acm.org> 2013-01-10 10:55:34 -0600
committer: Glenn Randers-Pehrson <glennrp at users.sourceforge.net> 2013-01-10 10:55:34 -0600
commit: 1c6e22a360afc5362d8ac1480ef50afca9fc552a (patch)
tree: 0f0720cd4b6d60b2957378764aea67a5811850fd /pnginfo.h
parent: 37109a9f5b4c3d5725e7cc245f6c4ddd8d399e69 (diff)
download: libpng-1c6e22a360afc5362d8ac1480ef50afca9fc552a.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/pnginfo.h b/pnginfo.h
index ee79beb8b..56cc6b394 100644
--- a/pnginfo.h
+++ b/pnginfo.h
@@ -223,7 +223,10 @@ defined(PNG_READ_BACKGROUND_SUPPORTED)
 #ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED
    /* Storage for unknown chunks that the library doesn't recognize. */
    png_unknown_chunkp unknown_chunks;
-   unsigned int unknown_chunks_num;
+   /* The type of this field must match png_struct::user_chunk_cache_max,
+    * else overflow can occur.
+    */
+   png_uint_32 unknown_chunks_num;
 #endif
 
 #ifdef PNG_sPLT_SUPPORTED
author	John Bowler <jbowler@acm.org>	2013-01-10 10:55:34 -0600
committer	Glenn Randers-Pehrson <glennrp at users.sourceforge.net>	2013-01-10 10:55:34 -0600
commit	1c6e22a360afc5362d8ac1480ef50afca9fc552a (patch)
tree	0f0720cd4b6d60b2957378764aea67a5811850fd /pnginfo.h
parent	37109a9f5b4c3d5725e7cc245f6c4ddd8d399e69 (diff)
download	libpng-1c6e22a360afc5362d8ac1480ef50afca9fc552a.tar.gz