1 diff -ru4N libpng-1.2.26/png.h libpng-1.2.27beta01/png.h
2 --- libpng-1.2.26/png.h 2008-04-02 12:27:29.867681595 -0500
3 +++ libpng-1.2.27beta01/png.h 2008-04-05 21:41:14.644268554 -0500
5 * 1.0.31 10 10031 10.so.0.31[.0]
6 * 1.2.25 13 10225 12.so.0.25[.0]
7 * 1.2.26beta01-06 13 10226 12.so.0.26[.0]
8 * 1.2.26rc01 13 10226 12.so.0.26[.0]
9 + * 1.2.26 13 10226 12.so.0.26[.0]
10 + * 1.0.32 10 10032 10.so.0.32[.0]
11 + * 1.2.27beta01 13 10227 12.so.0.27[.0]
13 * Henceforth the source version will match the shared-library major
14 * and minor numbers; the shared-library major version number will be
15 * used for changes in backward compatibility, as it is intended. The
16 diff -ru4N libpng-1.2.26/pngpread.c libpng-1.2.27beta01/pngpread.c
17 --- libpng-1.2.26/pngpread.c 2008-04-05 21:37:29.944173338 -0500
18 +++ libpng-1.2.27beta01/pngpread.c 2008-04-05 21:41:14.898914350 -0500
21 /* pngpread.c - read a png file in push mode
23 - * Last changed in libpng 1.2.26 [April 2, 2008]
24 + * Last changed in libpng 1.2.27 [April 6, 2008]
25 * For conditions of distribution and use, see copyright notice in png.h
26 * Copyright (c) 1998-2008 Glenn Randers-Pehrson
27 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
28 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
29 @@ -1501,11 +1501,16 @@
30 (png_charp)png_ptr->chunk_name,
31 png_sizeof(png_ptr->unknown_chunk.name));
32 png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name)-1]='\0';
34 - png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
35 png_ptr->unknown_chunk.size = (png_size_t)length;
36 - png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
38 + png_ptr->unknown_chunk.data = NULL;
41 + png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
42 + png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
44 #if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
45 if(png_ptr->read_user_chunk_fn != NULL)
47 /* callback to user unknown chunk handler */
48 @@ -1526,10 +1531,13 @@
52 png_set_unknown_chunks(png_ptr, info_ptr, &png_ptr->unknown_chunk, 1);
53 - png_free(png_ptr, png_ptr->unknown_chunk.data);
54 - png_ptr->unknown_chunk.data = NULL;
55 + if (png_ptr->unknown_chunk.data)
57 + png_free(png_ptr, png_ptr->unknown_chunk.data);
58 + png_ptr->unknown_chunk.data = NULL;
64 diff -ru4N libpng-1.2.26/pngrutil.c libpng-1.2.27beta01/pngrutil.c
65 --- libpng-1.2.26/pngrutil.c 2008-04-05 21:37:32.785260077 -0500
66 +++ libpng-1.2.27beta01/pngrutil.c 2008-04-05 21:41:15.202296784 -0500
69 /* pngrutil.c - utilities to read a PNG file
71 - * Last changed in libpng 1.2.26 [April 2, 2008]
72 + * Last changed in libpng 1.2.27 [April 6, 2008]
73 * For conditions of distribution and use, see copyright notice in png.h
74 * Copyright (c) 1998-2008 Glenn Randers-Pehrson
75 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
76 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
77 @@ -2226,11 +2226,16 @@
78 png_memcpy((png_charp)png_ptr->unknown_chunk.name,
79 (png_charp)png_ptr->chunk_name,
80 png_sizeof(png_ptr->unknown_chunk.name));
81 png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name)-1] = '\0';
82 - png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
83 png_ptr->unknown_chunk.size = (png_size_t)length;
84 - png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
86 + png_ptr->unknown_chunk.data = NULL;
89 + png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
90 + png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
92 #if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
93 if(png_ptr->read_user_chunk_fn != NULL)
95 /* callback to user unknown chunk handler */
96 @@ -2251,10 +2256,13 @@
100 png_set_unknown_chunks(png_ptr, info_ptr, &png_ptr->unknown_chunk, 1);
101 - png_free(png_ptr, png_ptr->unknown_chunk.data);
102 - png_ptr->unknown_chunk.data = NULL;
103 + if (png_ptr->unknown_chunk.data)
105 + png_free(png_ptr, png_ptr->unknown_chunk.data);
106 + png_ptr->unknown_chunk.data = NULL;
112 diff -ru4N libpng-1.2.26/pngset.c libpng-1.2.27beta01/pngset.c
113 --- libpng-1.2.26/pngset.c 2008-04-02 12:27:30.621225067 -0500
114 +++ libpng-1.2.27beta01/pngset.c 2008-04-05 21:41:15.248946598 -0500
117 /* pngset.c - storage of image information into info struct
119 - * Last changed in libpng 1.2.25 [February 18, 2008]
120 + * Last changed in libpng 1.2.27 [April 6, 2008]
121 * For conditions of distribution and use, see copyright notice in png.h
122 * Copyright (c) 1998-2008 Glenn Randers-Pehrson
123 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
124 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
125 @@ -1039,30 +1039,33 @@
126 info_ptr->unknown_chunks=NULL;
128 for (i = 0; i < num_unknowns; i++)
130 - png_unknown_chunkp to = np + info_ptr->unknown_chunks_num + i;
131 - png_unknown_chunkp from = unknowns + i;
132 + png_unknown_chunkp to = np + info_ptr->unknown_chunks_num + i;
133 + png_unknown_chunkp from = unknowns + i;
135 - png_memcpy((png_charp)to->name,
136 - (png_charp)from->name,
137 - png_sizeof(from->name));
138 - to->name[png_sizeof(to->name)-1] = '\0';
139 + png_memcpy((png_charp)to->name,
140 + (png_charp)from->name,
141 + png_sizeof(from->name));
142 + to->name[png_sizeof(to->name)-1] = '\0';
143 + to->size = from->size;
144 + /* note our location in the read or write sequence */
145 + to->location = (png_byte)(png_ptr->mode & 0xff);
147 - to->data = (png_bytep)png_malloc_warn(png_ptr, from->size);
148 - if (to->data == NULL)
150 - png_warning(png_ptr,
151 + if (from->size == 0)
155 + to->data = (png_bytep)png_malloc_warn(png_ptr, from->size);
156 + if (to->data == NULL)
158 + png_warning(png_ptr,
159 "Out of memory while processing unknown chunk.");
163 - png_memcpy(to->data, from->data, from->size);
164 - to->size = from->size;
166 - /* note our location in the read or write sequence */
167 - to->location = (png_byte)(png_ptr->mode & 0xff);
172 + png_memcpy(to->data, from->data, from->size);
176 info_ptr->unknown_chunks = np;
177 info_ptr->unknown_chunks_num += num_unknowns;
178 diff -ru4N libpng-1.2.26/pngwrite.c libpng-1.2.27beta01/pngwrite.c
179 --- libpng-1.2.26/pngwrite.c 2008-04-02 12:27:30.775542734 -0500
180 +++ libpng-1.2.27beta01/pngwrite.c 2008-04-05 21:41:15.402698604 -0500
182 !(up->location & PNG_HAVE_IDAT) &&
183 ((up->name[3] & 0x20) || keep == PNG_HANDLE_CHUNK_ALWAYS ||
184 (png_ptr->flags & PNG_FLAG_KEEP_UNSAFE_CHUNKS)))
187 + png_warning(png_ptr, "Writing zero-length unknown chunk");
188 png_write_chunk(png_ptr, up->name, up->data, up->size);