From 7ee802a5a2a52687b87abbf1e578c08b3affc08f Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Sun, 29 Oct 2017 17:49:38 -0500 Subject: [libpng16] Initialize trans_color.red, green, and blue == trans_color.gray in attempt to stop an oss-fuzz "use of ininitialized value" issue --- ANNOUNCE | 1 + CHANGES | 1 + pngrutil.c | 3 +++ 3 files changed, 5 insertions(+) diff --git a/ANNOUNCE b/ANNOUNCE index ca529ad90..7ff9c6ac2 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -29,6 +29,7 @@ Version 1.6.35beta01 [October 29, 2017] failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png. Added calls to png_set_*() transforms commonly used by browsers to the fuzzer. + Initialize trans_color.red, green, and blue == trans_color.gray Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index e34f2d91b..274e41a47 100644 --- a/CHANGES +++ b/CHANGES @@ -6045,6 +6045,7 @@ Version 1.6.35beta01 [October 29, 2017] failures. Placed the remainder in contrib/pngsuite/interlaced/i*.png. Added calls to png_set_*() transforms commonly used by browsers to the fuzzer. + Initialize trans_color.red, green, and blue == trans_color.gray Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngrutil.c b/pngrutil.c index 8692933bd..8081febc0 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -1852,6 +1852,9 @@ png_handle_tRNS(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) png_crc_read(png_ptr, buf, 2); png_ptr->num_trans = 1; png_ptr->trans_color.gray = png_get_uint_16(buf); + png_ptr->trans_color.red = png_ptr->trans_color.gray; + png_ptr->trans_color.green = png_ptr->trans_color.gray; + png_ptr->trans_color.blue = png_ptr->trans_color.gray; } else if (png_ptr->color_type == PNG_COLOR_TYPE_RGB) -- cgit v1.2.1