changeset 7039:56f59e248fe0

8031352: Enhance PNG handling Reviewed-by: prr, mschoene
author serb
date Tue, 21 Jan 2014 07:56:57 +0400
parents fc7bd55c4e6c
children bf6ddbf51dcd
files src/share/native/sun/awt/libpng/pngrtran.c src/share/native/sun/awt/libpng/pngset.c
diffstat 2 files changed, 14 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/native/sun/awt/libpng/pngrtran.c	Thu Jan 16 18:10:05 2014 -0500
+++ b/src/share/native/sun/awt/libpng/pngrtran.c	Tue Jan 21 07:56:57 2014 +0400
@@ -1862,6 +1862,9 @@
 
          info_ptr->bit_depth = 8;
          info_ptr->num_trans = 0;
+
+         if (png_ptr->palette == NULL)
+            png_error (png_ptr, "Palette is NULL in indexed image");
       }
       else
       {
--- a/src/share/native/sun/awt/libpng/pngset.c	Thu Jan 16 18:10:05 2014 -0500
+++ b/src/share/native/sun/awt/libpng/pngset.c	Tue Jan 21 07:56:57 2014 +0400
@@ -512,6 +512,17 @@
       }
    }
 
+   if ((num_palette > 0 && palette == NULL) ||
+      (num_palette == 0
+#        ifdef PNG_MNG_FEATURES_SUPPORTED
+            && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
+#        endif
+      ))
+   {
+      png_error(png_ptr, "Invalid palette");
+      return;
+   }
+
    /* It may not actually be necessary to set png_ptr->palette here;
     * we do it for backward compatibility with the way the png_handle_tRNS
     * function used to do the allocation.