changeset 9379:df3f9871ee6f

8031352: Enhance PNG handling Reviewed-by: prr, mschoene
author serb
date Tue, 21 Jan 2014 07:06:04 +0400
parents 48d5490a3067
children 99eea696ba72
files src/share/native/sun/awt/libpng/pngrtran.c src/share/native/sun/awt/libpng/pngset.c
diffstat 2 files changed, 14 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/native/sun/awt/libpng/pngrtran.c	Thu Jan 16 14:56:25 2014 -0800
+++ b/src/share/native/sun/awt/libpng/pngrtran.c	Tue Jan 21 07:06:04 2014 +0400
@@ -1862,6 +1862,9 @@
 
          info_ptr->bit_depth = 8;
          info_ptr->num_trans = 0;
+
+         if (png_ptr->palette == NULL)
+            png_error (png_ptr, "Palette is NULL in indexed image");
       }
       else
       {
--- a/src/share/native/sun/awt/libpng/pngset.c	Thu Jan 16 14:56:25 2014 -0800
+++ b/src/share/native/sun/awt/libpng/pngset.c	Tue Jan 21 07:06:04 2014 +0400
@@ -512,6 +512,17 @@
       }
    }
 
+   if ((num_palette > 0 && palette == NULL) ||
+      (num_palette == 0
+#        ifdef PNG_MNG_FEATURES_SUPPORTED
+            && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
+#        endif
+      ))
+   {
+      png_error(png_ptr, "Invalid palette");
+      return;
+   }
+
    /* It may not actually be necessary to set png_ptr->palette here;
     * we do it for backward compatibility with the way the png_handle_tRNS
     * function used to do the allocation.