diff -ru4N libpng-1.2.22/Makefile.am libpng-1.2.23beta01/Makefile.am --- libpng-1.2.22/Makefile.am 2007-10-15 10:31:07.971675000 -0500 +++ libpng-1.2.23beta01/Makefile.am 2007-10-15 13:39:20.958018000 -0500 @@ -57,8 +57,11 @@ libpng12_la_DEPENDENCIES = libpng.sym endif libpng_la_DEPENDENCIES = $(libpng12_la_DEPENDENCIES) +# Avoid depending upon Character Ranges. +AN = '_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' + #distribute headers in /usr/include/libpng/* pkgincludedir= $(includedir)/$(PNGLIB_BASENAME) pkginclude_HEADERS= png.h pngconf.h @@ -96,10 +99,11 @@ libpng.sym: png.h pngconf.h rm -f $@ $@.new $(CPP) @LIBPNG_DEFINES@ $(CPPFLAGS) -DPNG_BUILDSYMS $(srcdir)/png.h | \ - $(SED) -n -e 's|^.*PNG_FUNCTION_EXPORT[ ]*\([a-zA-Z0-9_]*\).*$$|\1|p' \ - -e 's|^.*PNG_DATA_EXPORT[ ]*\([a-zA-Z0-9_]*\).*$$|\1|p' \ + $(SED) -n -e \ + 's|^.*PNG_FUNCTION_EXPORT[ ]*\([$AN]*\).*$$|\1|p' \ + -e 's|^.*PNG_DATA_EXPORT[ ]*\([$AN]*\).*$$|\1|p' \ >$@.new mv $@.new $@ libpng.vers: libpng.sym diff -ru4N libpng-1.2.22/Makefile.in libpng-1.2.23beta01/Makefile.in --- libpng-1.2.22/Makefile.in 2007-10-15 10:31:08.009816000 -0500 +++ libpng-1.2.23beta01/Makefile.in 2007-10-15 13:39:21.012428000 -0500 @@ -141,8 +141,11 @@ GZIP_ENV = --best distuninstallcheck_listfiles = find . -type f -print distcleancheck_listfiles = find . -type f -print +# Avoid depending upon Character Ranges. +AN = '_abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789' + #distribute headers in /usr/include/libpng/* pkgincludedir = $(includedir)/$(PNGLIB_BASENAME) ACLOCAL = @ACLOCAL@ AMDEP_FALSE = @AMDEP_FALSE@ @@ -1229,10 +1232,11 @@ libpng.sym: png.h pngconf.h rm -f $@ $@.new $(CPP) @LIBPNG_DEFINES@ $(CPPFLAGS) -DPNG_BUILDSYMS $(srcdir)/png.h | \ - $(SED) -n -e 's|^.*PNG_FUNCTION_EXPORT[ ]*\([a-zA-Z0-9_]*\).*$$|\1|p' \ - -e 's|^.*PNG_DATA_EXPORT[ ]*\([a-zA-Z0-9_]*\).*$$|\1|p' \ + $(SED) -n -e \ + 's|^.*PNG_FUNCTION_EXPORT[ ]*\([$AN]*\).*$$|\1|p' \ + -e 's|^.*PNG_DATA_EXPORT[ ]*\([$AN]*\).*$$|\1|p' \ >$@.new mv $@.new $@ libpng.vers: libpng.sym diff -ru4N libpng-1.2.22/png.h libpng-1.2.23beta01/png.h --- libpng-1.2.22/png.h 2007-10-13 12:07:26.084752000 -0500 +++ libpng-1.2.23beta01/png.h 2007-10-15 13:39:01.737769000 -0500 @@ -168,8 +168,9 @@ * 1.0.30rc1 10 10030 10.so.0.30[.0] * 1.2.22rc1 13 10222 12.so.0.22[.0] * 1.0.30 10 10030 10.so.0.30[.0] * 1.2.22 13 10222 12.so.0.22[.0] + * 1.2.23beta01 13 10223 12.so.0.23[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be * used for changes in backward compatibility, as it is intended. The @@ -650,11 +651,12 @@ * no specific support. The idea is that we can use this to queue * up private chunks for output even though the library doesn't actually * know about their semantics. */ +#define PNG_CHUNK_NAME_LENGTH 4 typedef struct png_unknown_chunk_t { - png_byte name[5]; + png_byte name[PNG_CHUNK_NAME_LENGTH+1]; png_byte *data; png_size_t size; /* libpng-using applications should NOT directly modify this byte. */ diff -ru4N libpng-1.2.22/pngerror.c libpng-1.2.23beta01/pngerror.c --- libpng-1.2.22/pngerror.c 2007-10-13 12:07:26.270691000 -0500 +++ libpng-1.2.23beta01/pngerror.c 2007-10-15 13:39:01.918052000 -0500 @@ -135,8 +135,10 @@ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' }; +#define PNG_MAX_ERROR_TEXT 63 + #if !defined(PNG_NO_WARNINGS) || !defined(PNG_NO_ERROR_TEXT) static void /* PRIVATE */ png_format_buffer(png_structp png_ptr, png_charp buffer, png_const_charp error_message) @@ -164,10 +166,10 @@ else { buffer[iout++] = ':'; buffer[iout++] = ' '; - png_strncpy(buffer+iout, error_message, 63); - buffer[iout+63] = '\0'; + png_strncpy(buffer+iout, error_message, PNG_MAX_ERROR_TEXT); + buffer[iout+PNG_MAX_ERROR_TEXT] = '\0'; } } #ifdef PNG_READ_SUPPORTED diff -ru4N libpng-1.2.22/pngrutil.c libpng-1.2.23beta01/pngrutil.c --- libpng-1.2.22/pngrutil.c 2007-10-13 12:07:26.804750000 -0500 +++ libpng-1.2.23beta01/pngrutil.c 2007-10-15 13:39:02.425961000 -0500 @@ -2223,10 +2223,10 @@ length = (png_uint_32)65535L; } #endif png_strncpy((png_charp)png_ptr->unknown_chunk.name, - (png_charp)png_ptr->chunk_name, 4); - png_ptr->unknown_chunk.name[4] = '\0'; + (png_charp)png_ptr->chunk_name, PNG_CHUNK_NAME_LENGTH); + png_ptr->unknown_chunk.name[PNG_CHUNK_NAME_LENGTH] = '\0'; png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length); png_ptr->unknown_chunk.size = (png_size_t)length; png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length); #if defined(PNG_READ_USER_CHUNKS_SUPPORTED) diff -ru4N libpng-1.2.22/pngset.c libpng-1.2.23beta01/pngset.c --- libpng-1.2.22/pngset.c 2007-10-13 12:07:26.873243000 -0500 +++ libpng-1.2.23beta01/pngset.c 2007-10-15 13:39:02.476647000 -0500 @@ -678,21 +678,22 @@ png_charp profile, png_uint_32 proflen) { png_charp new_iccp_name; png_charp new_iccp_profile; + png_uint_32 length; png_debug1(1, "in %s storage function\n", "iCCP"); if (png_ptr == NULL || info_ptr == NULL || name == NULL || profile == NULL) return; - new_iccp_name = (png_charp)png_malloc_warn(png_ptr, png_strlen(name)+1); + length = png_strlen(name)+1; + new_iccp_name = (png_charp)png_malloc_warn(png_ptr, length); if (new_iccp_name == NULL) { png_warning(png_ptr, "Insufficient memory to process iCCP chunk."); return; } - png_strncpy(new_iccp_name, name, png_strlen(name)); - new_iccp_name[png_strlen(name)] = '\0'; + png_strncpy(new_iccp_name, name, length); new_iccp_profile = (png_charp)png_malloc_warn(png_ptr, proflen); if (new_iccp_profile == NULL) { png_free (png_ptr, new_iccp_name); @@ -971,19 +972,19 @@ for (i = 0; i < nentries; i++) { png_sPLT_tp to = np + info_ptr->splt_palettes_num + i; png_sPLT_tp from = entries + i; + png_uint_32 length; - to->name = (png_charp)png_malloc_warn(png_ptr, - png_strlen(from->name) + 1); + length = png_strlen(from->name) + 1; + to->name = (png_charp)png_malloc_warn(png_ptr, length); if (to->name == NULL) { png_warning(png_ptr, "Out of memory while processing sPLT chunk"); } /* TODO: use png_malloc_warn */ - png_strncpy(to->name, from->name, png_strlen(from->name)); - to->name[png_strlen(from->name)] = '\0'; + png_strncpy(to->name, from->name, length); to->entries = (png_sPLT_entryp)png_malloc_warn(png_ptr, from->nentries * png_sizeof(png_sPLT_entry)); /* TODO: use png_malloc_warn */ png_memcpy(to->entries, from->entries, @@ -1038,10 +1039,12 @@ { png_unknown_chunkp to = np + info_ptr->unknown_chunks_num + i; png_unknown_chunkp from = unknowns + i; - png_strncpy((png_charp)to->name, (png_charp)from->name, 4); - to->name[4] = '\0'; + png_strncpy((png_charp)to->name, (png_charp)from->name, + PNG_CHUNK_NAME_LENGTH); + to->name[PNG_CHUNK_NAME_LENGTH] = '\0'; + to->data = (png_bytep)png_malloc_warn(png_ptr, from->size); if (to->data == NULL) { png_warning(png_ptr, diff -ru4N libpng-1.2.22/pngtest.c libpng-1.2.23beta01/pngtest.c --- libpng-1.2.22/pngtest.c 2007-10-13 12:07:26.940163000 -0500 +++ libpng-1.2.23beta01/pngtest.c 2007-10-15 13:39:02.531291000 -0500 @@ -81,8 +81,9 @@ #include #endif #if defined(PNG_TIME_RFC1123_SUPPORTED) +#define PNG_tIME_STRING_LENGTH 29 static int tIME_chunk_present=0; static char tIME_string[30] = "no tIME chunk present in file"; #endif @@ -1005,10 +1006,10 @@ /* we have to use png_strncpy instead of "=" because the string pointed to by png_convert_to_rfc1123() gets free'ed before we use it */ png_strncpy(tIME_string,png_convert_to_rfc1123(read_ptr, - mod_time),29); - tIME_string[29] = '\0'; + mod_time), PNG_tIME_STRING_LENGTH); + tIME_string[PNG_tIME_STRING_LENGTH] = '\0'; tIME_chunk_present++; #endif /* PNG_TIME_RFC1123_SUPPORTED */ } } @@ -1147,10 +1148,10 @@ /* we have to use png_strncpy instead of "=" because the string pointed to by png_convert_to_rfc1123() gets free'ed before we use it */ png_strncpy(tIME_string,png_convert_to_rfc1123(read_ptr, - mod_time),29); - tIME_string[29] = '\0'; + mod_time),PNG_tIME_STRING_LENGTH); + tIME_string[PNG_tIME_STRING_LENGTH] = '\0'; tIME_chunk_present++; #endif /* PNG_TIME_RFC1123_SUPPORTED */ } }