diff options
author | John Bowler <jbowler@acm.org> | 2013-01-10 10:55:34 -0600 |
---|---|---|
committer | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2013-01-10 10:55:34 -0600 |
commit | 1c6e22a360afc5362d8ac1480ef50afca9fc552a (patch) | |
tree | 0f0720cd4b6d60b2957378764aea67a5811850fd /pnginfo.h | |
parent | 37109a9f5b4c3d5725e7cc245f6c4ddd8d399e69 (diff) | |
download | libpng-1c6e22a360afc5362d8ac1480ef50afca9fc552a.tar.gz |
[libpng16] Fixed conceivable but difficult to repro overflow. Also added
two test programs to generate and test a PNG which should have the problem.
Diffstat (limited to 'pnginfo.h')
-rw-r--r-- | pnginfo.h | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -223,7 +223,10 @@ defined(PNG_READ_BACKGROUND_SUPPORTED) #ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED /* Storage for unknown chunks that the library doesn't recognize. */ png_unknown_chunkp unknown_chunks; - unsigned int unknown_chunks_num; + /* The type of this field must match png_struct::user_chunk_cache_max, + * else overflow can occur. + */ + png_uint_32 unknown_chunks_num; #endif #ifdef PNG_sPLT_SUPPORTED |