diff options
author | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2015-10-23 09:01:31 -0500 |
---|---|---|
committer | Glenn Randers-Pehrson <glennrp at users.sourceforge.net> | 2015-10-23 09:01:31 -0500 |
commit | 52c89ad0531eb97995bc8a2889e730aadb7c6fe9 (patch) | |
tree | ac91c6550aa7c4d771798dada99c91413635d703 /pngset.c | |
parent | 67c4bc9f5ce885e7d3fb71f1f69490a1f5ff14b7 (diff) | |
download | libpng-52c89ad0531eb97995bc8a2889e730aadb7c6fe9.tar.gz |
[libpng14] Added a safety check in png_set_tIME() (Bug report from Qixue Xiao).
Diffstat (limited to 'pngset.c')
-rw-r--r-- | pngset.c | 11 |
1 files changed, 10 insertions, 1 deletions
@@ -1,7 +1,7 @@ /* pngset.c - storage of image information into info struct * - * Last changed in libpng 1.4.17 [October 15, 2015] + * Last changed in libpng 1.4.17 [October 23, 2015] * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -809,6 +809,15 @@ png_set_tIME(png_structp png_ptr, png_infop info_ptr, png_timep mod_time) (png_ptr->mode & PNG_WROTE_tIME)) return; + if (mod_time->month == 0 || mod_time->month > 12 || + mod_time->day == 0 || mod_time->day > 31 || + mod_time->hour > 23 || mod_time->minute > 59 || + mod_time->second > 60) + { + png_warning(png_ptr, "Ignoring invalid time value"); + return; + } + png_memcpy(&(info_ptr->mod_time), mod_time, png_sizeof(png_time)); info_ptr->valid |= PNG_INFO_tIME; } |