mirror/opencv
1
0
Fork 0
mirror of https://github.com/opencv/opencv.git synced 2025-08-05 22:19:14 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix remaining bugs in PNG reader

Browse Source 
- free chunk before a potential longjmp
- do not try to allocate when the chunk is > PNG_USER_CHUNK_MALLOC_MAX
This commit is contained in:
Vincent Rabaud 2025-01-10 14:57:39 +01:00
parent f00814e38d
commit ee86f1c969
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/imgcodecs/src/grfmt_png.cpp
View File

@ -339,6 +339,10 @@ bool PngDecoder::readHeader()
png_bytep trans;
png_color_16p trans_values;
// Free chunk in case png_read_info uses longjmp.
chunk.p.clear();
chunk.p.shrink_to_fit();
png_read_info( png_ptr, info_ptr );
png_get_IHDR(png_ptr, info_ptr, &wdth, &hght,
&bit_depth, &color_type, 0, 0, 0);
@ -703,6 +707,7 @@ uint32_t PngDecoder::read_chunk(Chunk& chunk)
if (size > PNG_USER_CHUNK_MALLOC_MAX)
{
CV_LOG_WARNING(NULL, "chunk data is too large");
return 0;
}
chunk.p.resize(size);
memcpy(chunk.p.data(), len, 4);