diff options
| author | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2010-01-22 19:28:06 -0600 |
|---|---|---|
| committer | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2010-01-22 19:29:47 -0600 |
| commit | fb3a1da4bbb475ec2d2bdfe478e45204fce77adf (patch) | |
| tree | 4ec3cc3d779c570f6a1461a0260206af674d985f /pngrutil.c | |
| parent | 525efcbb7b9124b4e3b0cbf33e20b79859fbbdb4 (diff) | |
| download | libpng-fb3a1da4bbb475ec2d2bdfe478e45204fce77adf.tar.gz | |
[master] Bump to version 1.4.1beta04
Diffstat (limited to 'pngrutil.c')
| -rw-r--r-- | pngrutil.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/pngrutil.c b/pngrutil.c index d971e8f18..0bee16e31 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -220,6 +220,8 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, if (comp_type == PNG_COMPRESSION_TYPE_BASE) { int ret = Z_OK; + png_size_t buffer_size; + png_ptr->zstream.next_in = (png_bytep)(png_ptr->chunkdata + prefix_size); png_ptr->zstream.avail_in = (uInt)(chunklength - prefix_size); png_ptr->zstream.next_out = png_ptr->zbuf; @@ -227,6 +229,7 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, text_size = 0; text = NULL; + buffer_size = 0; while (png_ptr->zstream.avail_in) { @@ -246,9 +249,10 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, text = (png_charp)png_malloc_warn(png_ptr, text_size); if (text == NULL) { - png_free(png_ptr, png_ptr->chunkdata); - png_ptr->chunkdata = NULL; - png_error(png_ptr, "Not enough memory to decompress chunk"); + png_error(png_ptr, + "Not enough memory to decompress chunk"); + text_size = 0; + break; } png_memcpy(text, png_ptr->chunkdata, prefix_size); } @@ -261,14 +265,16 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, if (text_size > png_sizeof(msg)) text_size = png_sizeof(msg); png_memcpy(text + prefix_size, msg, text_size); + buffer_size = text_size; break; } if (!png_ptr->zstream.avail_out || ret == Z_STREAM_END) { - if (text == NULL) + if (text == NULL) /* Initialize the decompression buffer */ { text_size = prefix_size + png_ptr->zbuf_size - png_ptr->zstream.avail_out; + text = (png_charp)png_malloc_warn(png_ptr, text_size + 1); if (text == NULL) { @@ -281,13 +287,14 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, text_size - prefix_size); png_memcpy(text, png_ptr->chunkdata, prefix_size); *(text + text_size) = 0x00; + buffer_size = text_size; } - else + else /* Enlarge the decompression buffer */ { png_charp tmp; tmp = text; -#ifdef PNG_SET_USER_LIMITS_SUPPORTED +#ifdef PNG_CHUNK_MALLOC_LIMIT_SUPPORTED if ((png_ptr->user_chunk_cache_max != 0) && (--png_ptr->user_chunk_cache_max == 0)) { @@ -301,7 +308,7 @@ png_decompress_chunk(png_structp png_ptr, int comp_type, text = (png_charp)png_malloc_warn(png_ptr, (png_size_t)(text_size + png_ptr->zbuf_size - png_ptr->zstream.avail_out + 1)); -#ifdef PNG_SET_USER_LIMITS_SUPPORTED +#ifdef PNG_CHUNK_MALLOC_LIMIT_SUPPORTED } #endif if (text == NULL) |