memory leak in png_create_info_struct #269
Comments
|
CVE-2019-6129 was assigned for this issue. |
Yes, pngcp does not call png_destroy_info_struct() in error case. I think this is not a security issue at all. |
|
There are various issues with pngcp. Just FYI, in libpng-1.6.37 I will still focus on fixing core libpng issues. I plan to address the issues with 3rd-party contributed code (like pngcp) after 1.6.37. |
|
right, there is a memory leak but the security impact is extremely low if not absent:
|
|
@carnil, I know this has been closed but is there an update for CVE-2019-6129? It doesn't seem to reflect this discussion. |
|
@ware, I do not know. I was basically only the messenger of the CVE while reviewing the CVE feed from MITRE and posting the reference here. If an update to the description or entry in general is needed then this could be submitted by requesting it via https://cveform.mitre.org/ . |
|
Thnks @carnil. I submitted a request to MITRE. |
6 tasks
|
Hi, is this issue solved? |
tangyaofang
added a commit
to tangyaofang/libpng
that referenced
this issue
May 31, 2019
This was referenced Jun 10, 2019
|
Hello, is this issue solved? |
|
Hi,has the vulnerability CVE-2019-6129 been fixed? |
|
#293 is a duplicate of this. It contains this proposed fix: openembedded/openembedded-core@38c6b26 However there is no bug to fix here; the memory is freed immediately because the program exits immediately. The fix certainly looks completely wrong; the relevant structure is destroyed in display_clean_write and that is called from display_clean. Destroying it in display_clean_read will cause read_png to destroy it on exit which will mean it doesn't exist in cp_one_file at the point where write_png is called. On testing the fix it simply doesn't work; pngcp stops copying anything; look at the first line in the implementation of png_write_png... Anyway, a somewhat better test: ./pngcp libpng_poc ../code/pngbar.png dir/ shows that while the png_info is not destroyed with a single bad argument (which does not matter because the program exits immediately) with a second good argument the png_info is passed to write_png and used there but a png_info is dropped (i.e. not deleted) on the bogus PNG. The real fix is trivial but the bug doesn't exactly strike me as worrying; pngcp is an undocumented internal test program. It drops one struct per broken file, so an exploit would have to find a way of running pngcp with a humongous number of command line arguments and it would eventually OOM, maybe. It's ridiculous for this to be in a CVE; it's just a way of getting a program to run out of memory with arbitrary input, for example: ./pngcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . etc (try it; I really do mean "."). It might just OOM on an IoT device with very limited memory, but then consider this: awk 'BEGIN{i=0; while(1) {; a[i]=++i; }; }' It gets Killed after about 1 minute on my Linux machine sometime after growing to 64GByte, on my Windows machine it takes a longer; it looks like it is getting paged out. So the conclusion is that the proposed fix basically destroys the functionality of pngcp and, anyway, it's not worth worrying about. |
|
EDIT: revised patch. There is a much more pervasive version of the same behavior: pngcp --nowrite --search *.png or to make it really bad: find / -name '*.png' -print0 | xargs -0 pngcp --nowrite --search This is because the search code sets dp->tsp to non-zero and it doesn't get reset, so the png_info_struct does not get freed. This happens with well formed PNG files. It's still not a CVE but it is certainly a leak. My previous patch (removed) did not handle this and was somewhat messy. This new version moves the free out of write_png into cppng and removes the check on dp->tsp The patch retains the behaviour whereby an error before dp->write_pp is successfully created results in a "hanging" png_info which is then cleaned inside the next read_png. I don't want to change this because it would remove some of the value of pngcp.c as an example and require a more complex fix. |
|
I forgot to close this issue. (Closing now.) The fix is in libpng-1.6.39. |
ctruta
pushed a commit
to ctruta/libpng
that referenced
this issue
Jan 19, 2024
The last byte of each row was ignored in a function that was executed under the build flags `PNG_READ_CHECK_FOR_INVALID_INDEX_SUPPORTED` and `PNG_WRITE_CHECK_FOR_INVALID_INDEX_SUPPORTED`. This is a revert of a change previously applied in libpng-1.6.33beta01. See SourceForge bug pnggroup#269 at https://sourceforge.net/p/libpng/bugs/269/ Reviewed-by: John Bowler <[email protected]> Signed-off-by: Cosmin Truta <[email protected]>
rkausch-fender
pushed a commit
to cclsoftware/libpng
that referenced
this issue
Oct 18, 2024
Add .yamllint.yml, a configuration file for yamllint ci: Relicense the CI scripts to the Boost Software License version 1.0 Fetch LICENSE_BSL_1_0.txt from http://www.boost.org/LICENSE_1_0.txt and update the copyright notice in all ci_* scripts. Append "SPDX-License-Identifier" tags after each copyright notice; see https://github.com/david-a-wheeler/spdx-tutorial/#spdx-tutorial ci: Add ci.lib.ch; update ci_verify_*.sh accordingly Move the common declarations and initializations from ci_verify_*.sh to ci.lib.sh, and update them as follows: * Simplify the ci_ function names. * Refactor the CI_ variable names: - Add the new variable CI_TOPLEVEL_DIR. - Rename the variables CI_SCRIPTNAME, CI_SCRIPTDIR, etc., to CI_SCRIPT_NAME, CI_SCRIPT_DIR, etc. - Rename the variables CI_SRCDIR_FROM_BUILDDIR, etc., to CI_BUILD_TO_SRC_RELDIR, etc. * Add new functions inside ci.lib.sh: - Replace ci_err with ci_err_usage, ci_err_fatal, ci_err_internal. - Add the new functions ci_warn and ci_assert. * Simplify the ci_ function names inside ci_verify_*.sh. ci: Add ci_lint_ci.sh and .shellcheckrc Add ci_lint_ci.sh for linting the CI config files and scripts. The linting is based on yamllint and shellcheck. ci: Introduce CI_HOST_* and CI_TARGET_* Replace CI_SYSTEM_NAME and CI_MACHINE_NAME with CI_HOST_SYSTEM and CI_HOST_MACHINE, respectively. Introduce CI_TARGET_SYSTEM and CI_TARGET_MACHINE, defaulting to CI_HOST_SYSTEM and CI_HOST_MACHINE, respectively. Use CI_TARGET_SYSTEM and CI_TARGET_MACHINE in the naming scheme of target build and install directories, in order to allow concurrent verification builds for multiple cross-platform targets. ci: Fix bad copy pasta in ci_verify_configure.sh ci: Fix ci_verify_cmake.sh; improve ci.lib.sh Fix ci_verify_cmake.sh: sync up CI_BUILD_TO_INSTALL_RELDIR with CI_INSTALL_DIR. (Oopsie!) Replace slashes, backslashes and dots with underlines in system names and machine hardware names. These names are now included in the output directory naming scheme. ci: Improve the support for cross-build verifications Introduce CI_TARGET_TRIPLET and CI_TARGET_ABI. Rename CI_HOST_MACHINE and CI_TARGET_MACHINE, respectively, to CI_HOST_ARCH and CI_TARGET_ARCH, following on the conventional target triplet nomenclature. Introduce CI_BUILD_SYSTEM and CI_BUILD_ARCH, following on the GNU Autotools (host/build/target) practice and nomenclature. Ensure that CI_TARGET_SYSTEM, CI_TARGET_ARCH and CI_TARGET_ABI are all initialized when verifying a cross-platform build. Work around an obscure CMake error by ensuring that CMake variables (CMAKE_AR and CMAKE_RANLIB) are initialized to the full executable paths of their CI_* equivalents (CI_AR and CI_RANLIB). Implement other general-purpose improvements: * Check all CI_NO_* variables in an arithmetic context, to allow setting them explicitly to zero in external configurations. * Label the assertions with descriptions of what's being asserted. * Add more comments and tracing printouts. configure: allow to disable building of tools and test This PR adds two set of options to the configure script: --enable-png-tests/--disable-png-tests and --enable-png-tools/--disable-png-tools By using this feature, a user will be allowed to build only library if needed, which will be useful on platforms not able to build the tools and/or the tests. This PR leaves the existing behaviour as default setting, by building both the tools and the tests if the options are not used. CMakeLists.txt already supports this feature with the options PNG_TESTS and PNG_EXECUTABLES. After this commit, Autotools will provide the same feature. Signed-off-by: Cosmin Truta <[email protected]> configure: Rename the recently-added options Rename --enable-png-tests/--disable-png-tests --enable-png-tools/--disable-png-tools to --enable-tests/--disable-tests --enable-tools/--disable-tools respectively. While the `PNG_` prefix is necessary in CMakeLists.txt, a corresponding `--...-png-` option qualifier would be redundant in a configure script. configure: Rerun "./autogen.sh --maintainer" cmake: Rename PNG_EXECUTABLES to PNG_TOOLS For the sake of consistency with a recent addition to the configure script, the option name PNG_EXECUTABLES (introduced in libpng-1.6.38) shall become PNG_TOOLS. PNG_EXECUTABLES is still maintained as a deprecated option, allowing the applications that use it to be built without modification, but a deprecation warning will be issued. cmake: Fix copying targets on Windows in multi-config build systems Signed-off-by: Cosmin Truta <[email protected]> Use CMake 3.5 features 1. Set `cmake_minimum_required` to 3.5 (see https://cmake.org/cmake/help/latest/release/3.27.html) 2. Specify the version of CMake project 3. Remove the redundant call to `cmake_policy` 4. Use `CMAKE_INSTALL_BINDIR` and `CMAKE_INSTALL_INCLUDEDIR` 5. Use private library linking for tools and test programs 6. Don't activate testing if it was not enabled Signed-off-by: Cosmin Truta <[email protected]> ci: Update the support for cross-build verifications; refactor Rename `CI_HOST_ARCH` and `CI_HOST_SYSTEM`, to `CI_BUILD_ARCH` and `CI_BUILD_SYSTEM`, following the nomenclature used by GNU Autotools. Unfortunately, the word "host" has confusingly opposite meanings in CMake (and Bazel, etc.) vs. Autotools (and Meson, etc.) Remove `CI_TARGET_TRIPLET` and `CI_TARGET_ABI` (for now). Introduce the function `ci_expr` as a fast and easy equivalent of `expr >/dev/null`. Rephrase the assertions using an implementation pattern that is more expressive, yet (arguably) just as readable. Remove `ci_assert`. Modify the main functions to display more useful information in case of usage error. Update the configuration for Travis CI and AppVeyor CI Update the Travis CI matrix: * Run ASan and UBSan unconditionally on FreeBSD and Linux, and not at all on Mac. * Remove the `CI_NO_TEST=1` runs from the environment column. Update the AppVeyor CI matrix: * Replace `CI_NO_TEST=1` with `CI_CMAKE_VARS=-DPNG_TESTS=0` when testing Visual Studio on ARM64. Also apply minor stylistic changes. ci: Quick-fix ci_verify_cmake.sh Avoid using `cmake --option=value` and `ctest --option=value`, to stay compatible with older versions of CMake. cmake: Fix CPU architecture regexes Co-authored-by: Clinton Ingram <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> cmake: Don't add Unix ASM file to the ARM-specific source list for MSVC Signed-off-by: Cosmin Truta <[email protected]> Revert "cmake: Fix CPU architecture regexes" This reverts commit 9c1dc4d. The new regex for Intel can match "x86_64", but it fails with "x86". Moreover, the new regex for MIPS needs more testing on all MIPS ISAs. Reported-by: Clinton Ingram <[email protected]> Redo "cmake: Fix CPU architecture regexes" Co-authored-by: Clinton Ingram <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> cmake: Use Zlib as a package 1. automatic linking of the library and add include directory 2. properly specify include directories Signed-off-by: Cosmin Truta <[email protected]> cmake: Enable the libpng framework build by default on Apple systems The PNG_FRAMEWORK option used to be off by default. It was possible to turn it on, regardless of the underlying operating system, but doing so outside of an Apple OS broke the libpng build. PNG_FRAMEWORK is now on by default, conditionally defined on Apple systems only, and it is ignored (without breaking the build) elsewhere. Other minor changes have also been applied. cmake: Clean up functions, string operations, regular expressions, etc. Remove the inclusion of the external module `CMakeParseArguments`. Function argument parsing became a first-class feature in CMake 3.5. Delete the function `find_symbol_prefix`. It is no longer used. Use variables instead of strings in string operations where possible. Prevent CMake from getting confused by string values that might be accidentally identical to unrelated keywords. Clean up spurious `.*` sequences in regex matching operations. Rephrase a comment. cmake: Raise the minimum required version to 3.6 and use its features Use the `CMAKE_HOST_SOLARIS` variable, introduced in CMake 3.6, and raise `cmake_minimum_required` accordingly. cmake: Enable policy CMP0074 for ZLIB_ROOT; deprecate PNG_BUILD_ZLIB Although the minimum required CMake version is 3.6, this policy will only have effect under CMake 3.12 or newer. Reported-by: Jacob Harding <[email protected]> mips: Implement the run-time MIPS MSA discovery function correctly The old implementation of png_have_msa() caused a bus error, if a word in /proc/cpuinfo was longer than 10 characters. In the original implementation, `word[10]` was too short, and `word[i++] = ch` caused a stack smash if the characters between spaces were more than 10. And also, fclose(f) should be called before leaving. For example on loongson ls3a4000 cpu platform: $ cat /proc/cpuinfo system type : Generic Loongson64 System machine : loongson,loongson64g-4core-ls7a processor : 0 cpu model : ICT Loongson-3 V0.1 FPU V0.1 BogoMIPS : 3594.02 wait instruction : yes microsecond timers : yes tlb_entries : 2112 extra interrupt vector : no hardware watchpoint : no isa : mips1 mips2 mips3 mips4 mips5 mips32r1 mips32r2 mips64r1 mips64r2 ASEs implemented : vz msa loongson-mmi loongson-cam loongson-ext loongson-ext2 shadow register sets : 1 kscratch registers : 6 package : 0 core : 0 VCED exceptions : not available VCEI exceptions : not available processor : 1 cpu model : ICT Loongson-3 V0.1 FPU V0.1 BogoMIPS : 3611.26 wait instruction : yes microsecond timers : yes tlb_entries : 2112 extra interrupt vector : no hardware watchpoint : no isa : mips1 mips2 mips3 mips4 mips5 mips32r1 mips32r2 mips64r1 mips64r2 ASEs implemented : vz msa loongson-mmi loongson-cam loongson-ext loongson-ext2 shadow register sets : 1 kscratch registers : 6 package : 0 core : 1 VCED exceptions : not available VCEI exceptions : not available Co-authored-by: Cosmin Truta <[email protected]> Signed-off-by: Sui Jingfeng <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> mips: Fix the build for generic ANSI C89 compilers The <stdint.h> header is a standard C99 header, and a MIPS-specific header, but it is not a standard C89 header. It should not be included until ensuring that the code being compiled is MIPS-specific. Fix bashisms makepngs.sh relies on a Bash feature in one of its case statements, ";;&"; this should be made explicit in the shebang. intgamma.sh declares a function in a manner which may fail in non-Bash sh implementations, this patch uses the correct syntax. Based on a patch by Roflcopter4: joncampbell123/dosbox-x#3850 Signed-off-by: Stephen Kitt <[email protected]> pngfix: ensure fclose happens last on file close This reverts the code to a variant of my old style of doing an 'fclose' correctly and adds comments explaining why it is so difficult. Thanks to @ihsinme for pointing out the error on github.com Signed-off-by: John Bowler <[email protected]> Update the copyright year Fix the API comment about `png_data_freer` The old note about this function being unlikely to work correctly was likely incorrect. pngminus: Update CMake file; rename test scripts; add .gitignore Raise the minimum required CMake version to 3.5. Add the configuration option `PNGMINUS_USE_SYSTEM_PNG` for compiling and linking with the system libpng library instead of the internal one. Remove the old configuration option `PNGMINUS_USE_STATIC_LIBRARIES`. When using the internal libpng (via `PNGMINUS_USE_SYSTEM_PNG=OFF`), simply enforce static linking and produce single-file executables. Rename the scripts "png2pnm.sh" (etc.) to "test_png2pnm.sh" (etc.), to make it obvious that they are test drivers, not program launchers. Add a .gitignore file for project-specific build and test artifacts. pngminus: Fix and improve the PNM processing Improve png2pnm.c: * Add support for writing 16-bit raw PNM image files. Fix and improve pnm2png.c: * Add support for reading 16-bit raw PNM image files. * Fix the parsing of arbitrarily long numeric strings. In the parsing of PNM tokens, we can and we should avoid storing more than one leading '0' in the token buffer. All valid (in-range) numeric strings must fit in this limited-size buffer, regardless of their actual length in the input file. * Refactor the PNM parsing in order to make it more capable to handle various kinds of input file errors. * Remove the volatile qualifiers from all variable declarations. Their original purpose was to appease old (and incorrect) warnings issued by ancient optimizing compilers. * Print a note about the program's lack of support for the PAM ("P7") file format when the input is in this format. * Add FIXME notes about the need to signal incorrect or incomplete input files. (For png2pnm, this is done inside libpng.) pngminus: Improve and modernize the PNG processing Improve and modernize png2pnm.c: * Remove the explicit reading of the input PNG file signature. Libpng is now able to read it, check it, and issue an appropriate error message in case of magic number mismatch or file corruption. (See the function `png_read_sig`.) * Remove the explicit allocation and dealocation of the image data. Libpng is now able to manage all the image data automatically. (See the function `png_read_png`.) * Specify the needed image transformations without a-priori checking the image type for applicability. * Use the `png_set_expand_gray_1_2_4_to_8` transformation. Since libpng version 1.2.9, this transformation (if needed) must be enabled separately from `png_set_expand`. Improve and modernize pnm2png.c: * Modify the allocation of image data, in order to match libpng's internal allocation model. * Transfer the ownership of the image data from the `pnm2png` function to libpng, which will manage and dealocate it at the right time. (See the functions `png_set_image_rows` and `png_data_freer`.) Refactor, clean up, etc. pngminus: Expect all image transformations to be available in libpng The pngminus programs use several PNG image transformations: `png_set_expand`, `png_set_expand_1_2_4_to_8`, etc. (in png2pnm.c); `png_set_packing`, `png_set_invert_mono`, etc. (in pnm2png.c). The availability of all of these transformations in libpng is now required at compile time. On the topic of transformations, apply an unrelated fix to the use of `png_set_gamma`. pngminus: Delete the incomplete output files upon premature termination Defer the program termination on error until all files are closed and (if applicable) all incompletely-written output files are deleted. In addition, perform the following maintenance tasks: * Rename and document the internal helpers used by the functions `png2pnm` and `pnm2png`. * Unset the executable permission bits for the *.bat test programs. Do not rely on `INT_MAX` in png.h At a certain step in the configuration process, `gcc -Wundef` complained about using `INT_MAX` without a definition in png.h, which is easily fixable with an include. We would rather not add any extra dependencies to png.h, however, so we use some unsigned int arithmetic magic instead. pngcp: remove GNU setjmp warning workround Prior versons of the GCC warned about the 'dest' parameter of contrib/tools/pngcp.c not being volatile, which isn't necessary because it isn't modified. This removes the GCC specific fixup. The function which calls setjmp, cppng() also relied on undefined behavior because it assigned the result of setjmp() to a variable; this is not one of the four uses of setjmp permitted by ANSI-C. This passes the result previously returned by longjmp via (struct display). It's very very unlikely that any compiler could have got the code wrong but it is technically undefined. pngfix: del workround for GCC7.1 -Wstrict-overflow Previously pngfix had been made warning-free in GCC7.1 by marking auto variables (volatile). This prevented the arithmetic optimizations which caused warnings from GCC7.1 with higher values -Wstrict-overflow=<n> GCC has moved on a lot since 7.1 and pngfix.c now compiles with just one warning using -Wstrict-overflow=5. The change includes a change to make this go away by performing the rearrangement GCC was using in the code: i == ndigits-1 becomes: i+1 == ndigits i is initialized to ndigits and has been decremented at least once so this is fine. Test, configure: CFLAGS="-Wall -Wextra -Wno-maybe-uninitialized -Wstrict-overflow=5" \ ../configure --enable-werror make make cehck Test, cmake: cmake .. make make test Signed-off-by: John Bowler <[email protected]> Remove GCC7.1 arithmetic overflow fixup This removes pragmas and the controlling code that quelled warnings generated by GCC7.1 (only) with -Wstrict-overflow=3 and possibly other levels. Tested with GCC13.2, GCC7.1 is no longer the current version of GCC7 (GCC7.5) and GCC7.1 was replaced by GCC7.2 on August 14, 2017. Signed-off-by: John Bowler <[email protected]> Palette index checking fixes The palette index checking function is called by default but only if some *other* transformation is happening. This makes the 'get palette max' public API disfunctional (sometimes it works, sometimes it returns 0) and causes the supposed default behaviour of checking the palette index only to work sometimes. It works in pngtest, it doesn't work in pngcp. The check in pngread also has an off-by-one error; the number recorded is the highest index found so it should be checked to ensure that it is less than the palette length but it was checked for being greater. The pull request includes a set of 8 files which all have the full range of possible indices including one (the highest) which is invalid because the PLTE chunk is one short of the maximum for each bit depth. Signed-off-by: John Bowler <[email protected]> write palette check corrections The write palette check is off-by-one when checking the maximum palette index against the number of entries however, because of the implementation, the simple correction would fail if no palette check had been performed (for example for a non-palette image). This corrects both errors so that the code outputs a warning (but not an error) if a user of libpng writes an image with a PLTE which is one entry short. The write palette check can be turned off on colour type 3 images (colour mapping images) but this is done by setting the 'maximum' palette index in the image to (-1). The ammended code works because it only executes for paletted images, it is dependent on palette checks being compiled in and they will always be checked unless the stored 'max' value is less than 0. Signed-off-by: John Bowler <[email protected]> Improve test coverage with a "correctly" damaged palette index test The PNG IDAT did not include a '255' entry, the highest entry is '254', this corrects the test PNG to have a palette with only 254 entries so that it triggers the palette index checks. Signed-off-by: John Bowler <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> Rewrite various initializations for the benefit of various compilers Mark the initialization of `png_signature[]` as static const inside the function `png_sig_cmp`. This might be helpful to optimizing compilers. Initialize the arrays `number_buf[]`, `digits[]` and `buffer[]` inside the functions `png_convert_to_rfc1123_buffer`, `png_ascii_from_fixed`, `png_warning_parameter_unsigned` and `png_warning_parameter_signed`. Although these initializations are redundant, compilers such as gcc-13 fail to see the redundancy. De-volatilize the internal implementation of `png_safe_execute` `png_safe_execute` called `setjmp` in a context where the result was undefined (an assignment statement). This corrects the code and removes volatile statements that were introduced previously to quell warnings from earlier versions of GCC. Co-authored-by: John Bowler <[email protected]> Add loongarch support and LSX SIMD optimizations Enable LSX by default: ./configure && make Disable LSX: ./configure --enable-loongarch-lsx=no && make Signed-off-by: Cosmin Truta <[email protected]> Optimize png16 with loongson mmi for 64-bit os mips: Wrap up the MIPS/Loongson port and acknowledge the contributors Completion of this port required a rerun of `./autogen.sh --maintainer` followed by a rebuild of scripts/pnglibconf.h.prebuilt. Loongson-mips: Fixed typo Loongson: Fixed compilation warnings for undefined macros. MIPS: Fixed undefined MSA interfaces When compiling on the MIPS platform using the following command: ./configure --enable-hardware-optimizations && make The options '-mmsa -mfp64' are not being passed. PNG_MIPS_MSA_IMPLEMENTATION is defined as 2, leading to the initialization of unimplemented MSA interfaces. Update the main Authors file Fix unused platform check and configuration for macOS In a similar manner as zlib (madler/zlib#895), libpng contains a header configuration that's no longer valid and hasn't been exercised for the macOS target. - The target OS conditional macros are misused. Specifically `TARGET_OS_MAC` covers all Apple targets, including iOS, and it should not be checked with `#if defined` as they would always be defined (to either 1 or 0) on Apple platforms. - `#include <fp.h>` no longer works for the macOS target and results in a compilation failure. macOS ships all required functions in `math.h`, and clients should use `math.h` instead. This problem has not been noticed until a recent extension in clang (llvm/llvm-project#74676) exposed the issue and broke libpng builds on Apple platforms. The failure can be reproduced now by adding `#include <TargetConditionals.h>` before the block. Signed-off-by: Cosmin Truta <[email protected]> Regression test for off-by-one palette check error This adds a file to regression-test the previously introduced off-by-one error in the check on read for a colormapped PNG with an out-of-range index (equal or greater than the length of the PLTE). Previous tests covered all cases except the 8-bit palette case; the "small" test file contains the "bad" entry at index 254, not 255 so it passes even if the final byte is not checked. The new file has the erroneous entry in the last byte. Signed-off-by: John Bowler <[email protected]> Do not build unused Adler32 code This removes the default build of an undocumented feature to disable Adler32 checksums on those systems where it was the default. The PR is motived by github pnggroup#187 however it fixes a much more general problem (pnggroup#187 is limited to an issue where libpng "crashes" on some manufacturer systems). The fix is based on a suggestion by @sgowdev who is the originator of the issue. When libpng disables the checking of Adler32 checksums it does so by an undocumented and therefore possibly unsupported call to a zlib function which does not exist in some versions of zlib. Fortunately libpng only does this if the caller of libpng explicitly asks for it to happen. Unfortunately the call to the undocumented function is still in the compiled and built libpng and this means that on some systems (as identified in pnggroup#187) libpng can fail to load or maybe even crash. The libpng authors are currently unaware of any program or system that uses this feature and none has been identified by the contributors to In this fix an option is added to *enable* the code so that by default the code is *disabled* - this is a simple generalization of the suggestion by @sgowdev. BENEFITS: the problem is eliminated, users of the functionality, if any, are idenfified, the functionality can be implemented correctly in the future or it can be removed. Hardly anyone complains. COSTS: someone will complain that they have to enable an option in a libpng build to use a feature that never worked consistently in the first place. This patch has been tested both with the option enabled and with it disabled via pngusr.dfa. Tests, checks pass with cmake and configure, make distcheck passes on configure. Reported-by: Stephen Gowen <[email protected]> Signed-off-by: John Bowler <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> tests/pngtest-all: detect failures add tests This change is only verifiable in configure builds; cmake only executes the basic test. The previous version of tests/pngtest-all only returned the status code of the final test. Apparently it could never fail. This adds checking of all return status codes. The change also adds a basic approach for regression testing with PNGs that should fail a test; --strict ensures that PNGs which are valid do not start to be reported as erroneous, this is the inverse. At present the code (minimal traditional Bourne shell) only tests the palette index checking code, a potentially important check if apps rely on it. The changes have been tested using the configure build both with a regression which causes the libpng checking to cease to work and with a corrected (reverted regression). The regression test verifies that the intended check works as expected. Signed-off-by: John Bowler <[email protected]> Fix an off-by-one error in `png_do_check_palette_indexes` The last byte of each row was ignored in a function that was executed under the build flags `PNG_READ_CHECK_FOR_INVALID_INDEX_SUPPORTED` and `PNG_WRITE_CHECK_FOR_INVALID_INDEX_SUPPORTED`. This is a revert of a change previously applied in libpng-1.6.33beta01. See SourceForge bug pnggroup#269 at https://sourceforge.net/p/libpng/bugs/269/ Reviewed-by: John Bowler <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> Correct regression-palette-8.png This corrects contrib/testpngs/badpal/regression-palette-8.png. Despite the comment in commit da109d3 the file checked in had 255 PLTE entries so failed to perform the regression test. This version of the PNG has 254 entries. Signed-off-by: John Bowler <[email protected]> Use --xfail for Adler32 check in pngtest-all The test always failed on systems with no support for zlib inflateValidate and on systems where the png_set_option setting was disabled, however pngtest-all succeeded because the failure was ignored. The latter is now fixed so the badadler.png check needs to use --xfail, not --relaxed. Signed-off-by: John Bowler <[email protected]> Relax pngtest-all message testing Previously the 'make check' test pngtest-all looked for given messages at EOL. The match failed with Windows/MSYS2 because of the Windows <cr><lf> line endings output by pngtest. This changes the test to look for the message anywhere in a line; this might give false matches but the specific messages being searched for are not likely to cause this problem. Signed-off-by: John Bowler <[email protected]> Update the main AUTHORS file build: Move scripts/*.m4 to scripts/autoconf/ Move all Autoconf macro files (except for those that need to be in the top-level directory) to their own subdirectory scripts/autoconf/ In this commit, we introduce a better way to organize the scripts dir, and we make a better separation between the build scripts under the libpng license vs. the build scripts that fall under other licenses. Please see scripts/autoconf/README.md for more information. chore: Rerun `./autogen.sh --maintainer` and update .gitignore Bring the auto-generated scripts up to date with the autoconf upgrade from version 2.71 to version 2.72. Make the .gitignore exclusions better tailored to the autoconf- and configure-generated artifacts. build: Move scripts/*.cmake.in to scripts/cmake/; add cmake/AUTHORS.md From the libpng licensing point of view, the build projects, the build scripts, the test scripts, the CI verification scripts, et cetera, have not traditionally been part of libpng proper, although some of these, including the CMake-based build, have been released under the libpng license. Considering how the CMake build grew as a result of many contributions from many contributing authors over a long time, one may argue that it almost became an individual piece of software in its own right. Moving on, everything CMake-related shall be placed in the subdirectory scripts/cmake/ (except, of course, the main CMakeLists.txt). Moreover, contributing authors shall be acknowledged in scripts/cmake/AUTHORS.md. Please see scripts/cmake/README.md for more information. ci: Add help options; add checks for the boolean environment options ci: Relicense again the CI scripts, from Boost License to MIT License Many build scripts, ports and other third-party add-ons that are circulating around appear to be distributed under the MIT License. Examples include the Vcpkg build system (including the libpng port) and the Meson build definitions (including the libpng definition). I am, therefore, relicensing our CI scripts once more, as the sole author (so far), just in case that any of the CI code might travel from/to such projects. Hopefully, this one last license will stick. Signed-off-by: Cosmin Truta <[email protected]> chore: Add, relocate or rephrase debug statements, for better clarity chore: Clean up the return statements and update example.c accordingly Release libpng version 1.6.41 Fix a regression introduced in "chore: Clean up the return statements" This fixes commit 27e548a. The macro `png_check_sig` has been deprecated and remained untested for decades. And yet, somehow it escaped from all past API cleanups. Also update the libpng manual. Reported-by: Matthieu Darbois chore: Fix and update the libpng manual Fix various typos and whitespace errors, and clean up obsolete formulations such as `(png_infopp)NULL`. Bring all URLs up to date. chore: Fix whitespace in pngpriv.h Release libpng version 1.6.42 Bump version to 1.6.43.git chore: Add .editorconfig files chore: Fix a comment in pngrtran.c chore: Split lines in scripts/*.awk to pacify the editorconfig checker Fix contrib/conftest/pngcp.dfa This was broken by the corrections to the 'palette max' handling; if that is disabled the test of num_palette_max must be removed in pnread.c Signed-off-by: John Bowler <[email protected]> Add eXIf support to push mode libpng already supports eXIf as of v1.6.31. However, it seems like support was added for normal mode and not added to push mode. Notice PNG_READ_eXIfJSUPPORTED is in pngread.c: https://github.com/pnggroup/libpng/blob/libpng16/pngread.c#L178 but is missing from pngpread.c: https://github.com/pnggroup/libpng/blob/libpng16/pngpread.c#L274 This commit adds eXIf support to push mode. Signed-off-by: Cosmin Truta <[email protected]> loongarch: Add cmake support Correct row width check in png_check_IHDR This changes the mask used in the IHDR width check from ~7U to ~(png_alloc_size_t)7 which is a quantity at least as big as both png_uint_32 and size_t whereas "7U" will be 16 bits on a 16 bit system. The change both corrects a bug in the code (on 16 bit systems) and removes compiler warnings about the test always being false on 64-bit architectures. Signed-off-by: John Bowler <[email protected]> API usage: add 'basic' configuration This adds a new configuration file, 'contrib/conftest/basic.dfa' which disables unused APIs on a test Linux-based system. So support the configuration several fixes were necessary in the test programs so that the tests are skipped correctly when APIs are not available. The configuration has been tested on a range of common Linux apps including web browser code (qtwebengine), image processing code (e.g. ImageMagick) and general display code (X11, Qt5 and Qt6, KDE). Overall this first step reduces libpng linked code and data size to about 2/3 of the full configuration. To use the new test simply copy basic.dfa to 'pngusr.dfa' in the root of the source directory and build. Signed-off-by: John Bowler <[email protected]> Improve, refactor and clean up pngtest.c Improve: The pngtest program used to be rather relaxed upon seeing invalid parameters in callbacks: it either ignored them, or it bailed out of the callbacks, essentially sweeping the bug under the rug. But no more. Now it terminates with a severe `png_error`, in which it says what's broken and where. Improve: `PNG_DEBUG`, defined externally at build time, and defaulting to zero, was assumed to be non-negative. Now it's checked. Clean up: In a very distant past, the pngtest program used to "travel" across libpng versions, on its own, not necessarily accompanied by the actual library version that it was meant to test. However, this stopped being the case, and now is as good a time as any to remove the compatibility workarounds that had made the aforementioned "travel" possible. Other chores include: * The refactoring of the user-defined chunk handling routines; * The cleanup of an unnecessary use of volatile; * The various cosmetic improvements of code and comments. build: Update and rename makefile.acorn to makefile.riscos Co-authored-by: Cosmin Truta <[email protected]> Reviewed-by: John Bowler <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> ci: Add a pre-build checkup stage to ci_verify_configure.sh Also update comments and tracing printouts in ci/ci_*.sh test: Remove compile-time option `SINGLE_ROWBUF_ALLOC` from pngtest.c We have been running address-sanitized CI verifications for a while. We can finally afford to simplify pngtest.c by removing a compile-time option and the associated code branches that used to serve (only to a limited extent) the purpose of bounds checking. Also change the brief description of pngtest.c at the top of the file. This is no longer just a simple test program. test: Add consistency checks for the `PNG_LIBPNG_VER*` numbers Trigger a compile-time error in pngtest.c if there is any disagreement among `PNG_LIBPNG_VER`, `PNG_LIBPNG_VER_MAJOR`, `PNG_LIBPNG_VER_MINOR`, etc. api: Introduce the `PNG_LIBPNG_VER_SHAREDLIB` macro; update pngwin.rc The version macros `PNG_LIBPNG_VER_SONUM` and `PNG_LIBPNG_VER_DLLNUM` weren't always in sync, but they should be, going forward. Or, better yet, we should keep them in, deprecated, and introduce `PNG_LIBPNG_VER_SHAREDLIB` for all shared library builds of all kinds on all platforms. It is unknown how many user applications have been using these macros. We have been using `PNG_LIBPNG_VER_DLLNUM` for pngwin.rc, for example. Which, by the way, was last updated in 2009. ci: Reformat all scripts using 1TBS One may truly embrace the stylishness of the One True Brace Style. ci: Add ci_shellify.sh This program can shellify png.h, configure.ac and CMakeLists.txt. ci: Update and rename ci_lint_ci.sh to ci_lint.sh; update .shellcheckrc The ci_lint.sh program can now lint the entire libpng source tree. ci: Add ci_verify_version.sh This program verifies the libpng source tree, expecting consistent definitions of version numbers in the C source code, in the Autoconf scripts, and in the CMake scripts. The version verification is performed as follows. (Please note that the version definitions in png.h are checked twice.) * The files png.h, configure.ac and CMakeLists.txt are checked by the ci_verify_version.sh program. * The files png.h, png.c and pngtest.c are checked by the pngtest program. ci: Update the ci_verify_*.sh scripts. Bring the coding patterns in line with the newest scripts. ci: Update (again) the ci_verify_*.sh scripts; update .shellcheckrc Apply stylistic improvements and remove a shellcheck exclusion. build: Update the makefiles for the benefit of cross-compilation Split AR_RC into AR and ARFLAGS. The variables AR and ARFLAGS are de-facto standards (like CC and CFLAGS, LD and LDFLAGS, etc.) that may be overridden when running make. Moreover, configuring CC, LD, AR, etc., to point to a cross-platform compiler, linker, librarian, etc., is a de-facto standard practice as well. Also remove the MKDIR_P variable definitions from all makefiles. They've been leftovers from the removal of the "install*" targets. ci: Remove the workaround for CI_AR from ci_verify_makefiles.sh ci: Fix the check of `PNG_LIBPNG_VER_BUILD` in ci_verify_version.sh `PNG_LIBPNG_VER_BUILD` should be zero for public releases and non-zero for development versions. The ci_verify_version.sh script should check this requirement as such. ci: Pacify shellcheck version 0.8 and apply other linting improvements Work around a limitation in the `shellcheck source` directive, which does not recognize quotes in shellcheck versions older than 0.9. Also extend the checks for YAML files over the entire source tree, in preparation for the introduction of the GitHub Actions config file. Add a GitHub Action for linting chore: Update the .editorconfig files and pacify editorconfig-checker chore: Clean up the spurious uses of `sizeof(png_byte)`; fix the manual By definition, `sizeof(png_byte)` is 1. Remove all the occurences of `sizeof(png_byte)` from the code, and fix a related typo in the libpng manual. Also update the main .editorconfig file to reflect the fixing expected by a FIXME note. ci: Allow the user to force an in-tree cleanup before verification Introduce the environment option CI_FORCE: * ci_verify_configure.sh is known to fail if an existing build configuration is found in the top-level directory. Setting CI_FORCE=1 will run `make distclean` before verification. * ci_verify_makefiles.sh cannot be reliably executed if random object files are found in the top-level directory. Setting CI_FORCE=1 will run `rm *.o *.obj` before verification. * ci_verify_cmake.sh is not known at this time to fail for similar reasons; but if it does, we will use CI_FORCE to trigger any necessary pre-build cleanup. ci: Fix the reporting in ci_lint.sh The variable `CI_LINT_COUNTER` was incremented inside subshells, but remained unchanged in the main shell process. The errors detected by the internal linters remained unreported by the main script. (Oopsie!) Besides fixing this defect, considering that only a pass/fail status is needed, we are replacing `CI_LINT_COUNTER` with `CI_LINT_STATUS`. Fix "ci: Fix the reporting in ci_lint.sh" This fixes commit dddaf0c. The way to reliably `find` executable files is different on BSD, Mac and Linux, unfortunately. build: Fix a CMake build regression introduced in version 1.6.41 This fixes commit 4edbb4d. During the move of CMake scripts to the scripts/cmake/ subdirectory, some of the workflows have been broken. Signed-off-by: Cosmin Truta <[email protected]> build: Update the CMake build options PNG_TOOLS and PNG_FRAMEWORK Update the PNG_TOOLS option: set it to OFF by default when the target is an embedded system, yet still allow it to be overridden. Update the PNG_FRAMEWORK option: force it back to OFF and print a warning if the option was ON but the target is not an Apple system. build: Improve the search for an AWK processor in the CMake build Add nawk to the list of AWK-processing programs that are known to work, and show the search result in the CMake log. build: Add an explicit declaration of the AWK variable to configure.ac Declare AWK explicitly via the AC_ARG_VAR directive, in order to make it "precious", and to include it in the list of influential variables at the end of the configure help text. Rephrase a few comments and config traces. Finally, regenerate the configure script. build: Checking for compiler support of LoongArch LSX should be guarded In the configure script, checking whether the LoongArch LSX intrinsics are supported by the compiler was done unconditionally, regardless of the targetted host platform. Compared to how we support the other SIMD platforms and compilers, this is rather unconventional. We are placing this check under the guard of its own platform, for the time being. A full solution, in line with the rest of the configure.ac patterns concering SIMD optimizations, is TODO. We also do an overall cleanup in the SIMD section of configure.ac, and, finally, we regenerate the configure script. build: Mark the installed libpng headers as system headers in CMake Modern compilers can disable the warnings that originate from system headers. This change allows them to do so with the libpng headers. Signed-off-by: Cosmin Truta <[email protected]> pngexif: Import pngexifinfo as an externally-contributed project We used this experimental project in the development of the PNG-EXIF ("eXIf") specification, back in 2017. The project evolved together with the draft specification, which was finalized on 2017-Jun-15 and approved by the PNG Group on 2017-Jul-13. The EXIF specification, outside of the scope of PNG and libpng, is quite complex. The libpng implementation cannot grow too much beyond performing basic integrity checks on top of serialization. In order to create and manipulate PNG-EXIF image files, the use of external libraries and tools such as ExifTool is necessary. Now, with the addition of contrib/pngexif to the libpng repository, offline tasks like metadata inspection and linting can be performed without importing external dependencies. doc: Update the README file doc: Review the libpng history and update scripts/cmake/AUTHORS.md chore: Delete comments and config settings and stuff from here and there test: Fix a compiler warning in pngtest.c ci: Add the libpng release tags to the list of exclusions The release tags are redundant in the CI process. It is the main branch that is always verified. Release libpng version 1.6.43 Bump version to 1.6.44.git SECURITY: disable build of filter_neon.S on arm This fixes the bug pnggroup#505 "libpng does not support PAC/BTI on aarch64 targets" which arises because the build mechanisms (both cmake and configure) assemble arm/filter_neon.S even though it ends up completely empty. The empty file effectively poisons the so that the PAC/BTI support gets disabled. The fix is minimal; it simply removes arm/filter_neon.S from the list of sources included in the 64-bit ARM builds build. Note that this was already done in cmake for MSVC - it's not clear whether this change was a partial fix for the same issue. This version of the fix ONLY affects aarch64 (arm64) builds; 32-bit ARM systems can still invoke the assembler if required and, indeed, there should be no change whatsover to those builds. The assembler code could not be used on 64-bit systems in any case so in practice there is no material change to 64-bit builds either. TESTING: pull the changes then type "autoreconf" if using configure (not required for cmake). TESTS: cmake has not been tested because cross-builds with cmake currently fail to find the zlib installation from the cmake system root path. The following has been tested with configure cross builds: armv7-linux-gnueabi [no neon support] armv7a-linux-gnueabi [no neon support] armv7a-hardfloat-linux-gnueabi [neon support not enabled] armv7a-hardfloat-linux-gnueabi -mfpu=neon [uses intrinics] armv7a-hardfloat-linux-gnueabi -mfpu=neon -DPNG_ARM_NEON_IMPLEMENTATION=2 [uses assembler] aarch64-linux-gnu [uses intrinsics] aarch64-linux-gnu -DPNG_ARM_NEON_OPT=0 [neon support disabled] Signed-off-by: John Bowler <[email protected]> arm: Remove obsolete assembler implementation filter_neon.S This file contains hand-coded assembler implementations of the filter functions for 32-bit Arm platforms. These are only used when the compiler doesn't support neon intrinsics (added to GCC 4.3 in 2008) or is exactly GCC 4.5.4 (released 2012), both of which are sufficiently unlikely to be true that it's fair to say the assembler is no longer used. This commit deletes filter_neon.S and removes the now obsolete preprocessor logic in pngpriv.h. Signed-off-by: Bill Roberts <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> arm: Add a placeholder file in lieu of the former `filter_neon.S` In the previous commit 9e53875 we removed the obsolete assembler implementation `filter_neon.S`. In this commit we add a stand-in for the original file, restoring the original source tree structure, for the benefit of continuing hassle-free libpng source upgrades in the 1.6.x line. ci: Fix the verification of the msys2 toolchain on AppVeyor CI Initialize the arch-specific MSYSTEM environment variable, to ensure that msys2 bash picks up and executes /etc/profile correctly. Install and use the host-specific cmake and ninja, to ensure that msys2 cmake picks up the host-specific zlib build correctly. cmake: Fix the handling of PNG_HARDWARE_OPTIMIZATIONS on FreeBSD/amd64 Because of a missing "amd64" string (in lowercase) in a regex match, the CMake build was unable to pick up the PNG_HARDWARE_OPTIMIZATIONS flag on FreeBSD/amd64 (and possibly other amd64 systems as well). Rename the target arch variable from TARGET_ARCH to a more idiomatic PNG_TARGET_ARCHITECTURE, and set it to an always-lowercase string. The follow-on checks are now simpler and easier to get right. cmake: Honor CMAKE_SYSROOT if set Signed-off-by: Cosmin Truta <[email protected]> ci: Add the targets/ subdirectory to facilitate cross-platform testing Considering that a non-trivial amount of libpng code is arch-specific, we should perform cross-platform builds (with cross-platform toolchains) and test runs (on emulated architectures) in our routine verification. The content of ci/targets/ shall consist of target description files, written in the standard shell language. These files may be source'd as needed, before running the verification scripts ci/ci_verify_*.sh. Here is the initial list of target systems: Android, Cygwin, FreeBSD, Linux, MSDOS, Windows. And here is the initial list of target architectures: ARM, MIPS, PowerPC, RISC-V, x86. fix: Remove cHRM check to accomodate ACES AP1 ACES AP1 has a red endpoint with a negative Z, this triggers the checks in libpng that ensure that x, y and z (chromaticities) are all >=0. This removes the checks on the sign of the chromaticities since it is valid to use negative values for any of them and converts the "internal" error code return to external (because the internal cases correspond to negative x, y or z.) Reviewed-by: Cosmin Truta <[email protected]> Signed-off-by: John Bowler <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> fix: Restore STDERR in pngtest.c In "test: Add consistency checks for the PNG_LIBPNG_VER* number" [0] the `STDERR` macro was moved from outside an `ifdef` to inside an `ifdef`. This broke the code in the `else` of this `ifdef` which also uses the `STDERR` macro. Move `STDERR` back to where it was to avoid compile errors in the `else` case. [0] pnggroup@cc8006c Fixes: pnggroup#560 Reviewed-by: Cosmin Truta <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> chore: Pacify editorconfig-checker version 3.0 chore: Delete contrib/tools/chkfmt.sh Going forward, we will continue developing and using ci/ci_lint.sh ci: Simplify the Travis CI configuration matrix Going forward, we will continue to verify the cmake build and the configure build with the hardware optimizations enabled by default, and the makefile build with the hardware optimizations disabled by default. The Travis CI configuration file is simpler, and, more importantly, the Travis CI verification process will be shorter and cheaper. build: Add a CMake config file compatible with the FindPNG module Co-authored-by: Cosmin Truta <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> oss-fuzz: Add fuzzing targets for simplified READ API New target added to libpng_read_fuzzer.cc for simplified READ API. Deprecate PNGARG and remove all of its remaining uses cmake: Fix an error in the declaration of target include directories Properly declare target include directories for generated includes. Previously the non targeted `include_directories()` was used, which had issue when using the `png_static` target in a submodule. Signed-off-by: Cosmin Truta <[email protected]> Revert "cmake: Fix an error in the declaration of target include directories" This reverts commit 1d1cc9a. The verification has failed. (Oopsie!) cmake: Fix an error in the declaration of target include directories Properly declare target include directories for generated includes. Previously the non targeted `include_directories()` was used, which had issue when using the `png_static` target in a submodule. Signed-off-by: Cosmin Truta <[email protected]> fix: Prevent overflow in chromaticity calculations In `png_xy_from_XYZ` X+Y+Z was calculated without checking for overflow. This fixes that by moving the correct code from `png_XYZ_normalize` into a static function which is now used from `png_xy_from_XYZ`. Reviewed-by: Cosmin Truta <[email protected]> Signed-off-by: John Bowler <[email protected]> Signed-off-by: Cosmin Truta <[email protected]> oss-fuzz: Update the README file, the Docker file and the build script chore: Rerun `./autogen.sh --maintainer` Release libpng version 1.6.44
This was referenced Jan 16, 2025
This was referenced Jan 23, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,libpng team. there is a memory leak in the file png.c:368 of function png_create_info_struct.
the bug is trigered by
./pngcp poc /dev/nulllibpng_poc.zip
the asan debug info is as follows:
=================================================================
==10300==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 360 byte(s) in 1 object(s) allocated from:
#0 0x7fe088bf9602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x422f95 in png_create_info_struct /root/fuzz/libpng-1.6.36/png.c:368
SUMMARY: AddressSanitizer: 360 byte(s) leaked in 1 allocation(s).
https://github.com/glennrp/libpng/blob/eddf9023206dc40974c26f589ee2ad63a4227a1e/png.c#L352-L376
The text was updated successfully, but these errors were encountered: