Closed Bug 392411 Opened 17 years ago Closed 17 years ago

APNG decoder does not detect width+offset too large

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: glennrp+bmo, Assigned: glennrp+bmo)

References

(Blocks 1 open bug,
URL
)

Details

Attachments

(1 file)

Make subimage dimensions test as stringent as the APNG spec (checked in)
1.31 KB, patch
asmith16
: review+
pavlov
: superreview+
pavlov
: approval1.9+
Details | Diff | Splinter Review 
The APNG specification (see URL above) requires

   `x_offset` + `width`  <= `IHDR` width
   `y_offset` + `height` <= `IHDR` height

But the test in png_ensure_fcTL_is_valid() in pngset.c only tests the size of `width` and `height` and not their sums with  the offsets.
Comment on attachment 276891 [details] [diff] [review]
Make subimage dimensions test as stringent as the APNG spec (checked in)

It's a good fix.
Attachment #276891 - Flags: superreview?(pavlov)
Attachment #276891 - Flags: review+
Attachment #276891 - Flags: approval1.9?
Attachment #276891 - Flags: superreview?(pavlov)
Attachment #276891 - Flags: superreview+
Attachment #276891 - Flags: approval1.9?
Attachment #276891 - Flags: approval1.9+
Keywords: checkin-needed
Assignee: nobody → glennrp
Status: NEW → ASSIGNED
modules/libimg/png/pngset.c 3.15
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Attachment #276891 - Attachment description: Make subimage dimensions test as stringent as the APNG spec → Make subimage dimensions test as stringent as the APNG spec (checked in)
Blocks: 495609
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: