diff -ru4NwbB libpng-1.2.44/Makefile.am libpng-1.2.45/Makefile.am --- libpng-1.2.44/Makefile.am 2010-06-25 19:31:28.410414574 -0500 +++ libpng-1.2.45/Makefile.am 2011-07-07 06:53:51.347766499 -0500 @@ -101,9 +101,10 @@ cp libpng-config $@ libpng.sym: png.h pngconf.h rm -f $@ $@.new - $(CPP) @LIBPNG_DEFINES@ $(CPPFLAGS) -DPNG_BUILDSYMS $(srcdir)/png.h | \ + $(CPP) @LIBPNG_DEFINES@ $(CPPFLAGS) -DPNG_BUILDSYMS $(srcdir)/png.h $(srcdir)/$@ + cat $(srcdir)/$@ | \ $(SED) -n -e \ 's|^.*PNG_FUNCTION_EXPORT[ ]*\([$(AN)]*\).*$$|$(SYMBOL_PREFIX)\1|p' \ -e 's|^.*PNG_DATA_EXPORT[ ]*\([$(AN)]*\).*$$|$(SYMBOL_PREFIX)\1|p' \ >$@.new diff -ru4NwbB libpng-1.2.44/png.h libpng-1.2.45/png.h --- libpng-1.2.44/png.h 2010-06-25 19:31:14.374271550 -0500 +++ libpng-1.2.45/png.h 2011-07-07 06:53:37.095765499 -0500 @@ -1,8 +1,8 @@ /* png.h - header file for PNG reference library * * libpng version 1.2.45 - July 7, 2011 - * Copyright (c) 1998-2010 Glenn Randers-Pehrson + * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * * This code is released under the libpng license (See LICENSE, below) @@ -230,9 +230,9 @@ * 1.2.36 13 10236 12.so.0.36[.0] * 1.2.37beta01-03 13 10237 12.so.0.37[.0] * 1.2.37rc01 13 10237 12.so.0.37[.0] * 1.2.37 13 10237 12.so.0.37[.0] - * 1.2.45 10 10045 12.so.0.45[.0] + * 1.0.45 10 10045 12.so.0.45[.0] * 1.0.46 10 10046 10.so.0.46[.0] * 1.2.38beta01 13 10238 12.so.0.38[.0] * 1.2.38rc01-03 13 10238 12.so.0.38[.0] * 1.0.47 10 10047 10.so.0.47[.0] @@ -261,8 +261,13 @@ * 1.2.43 13 10243 12.so.0.43[.0] * 1.2.44beta01-03 13 10244 12.so.0.44[.0] * 1.2.44rc01-03 13 10244 12.so.0.44[.0] * 1.2.44 13 10244 12.so.0.44[.0] + * 1.2.45beta01-03 13 10245 12.so.0.45[.0] + * 1.0.55rc01 13 10055 10.so.0.55[.0] + * 1.2.45rc01 13 10245 12.so.0.45[.0] + * 1.0.55 13 10055 10.so.0.55[.0] + * 1.2.45 13 10245 12.so.0.45[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be * used for changes in backward compatibility, as it is intended. The diff -ru4NwbB libpng-1.2.44/pngconf.h libpng-1.2.45/pngconf.h --- libpng-1.2.44/pngconf.h 2010-06-25 19:31:14.383889782 -0500 +++ libpng-1.2.45/pngconf.h 2011-07-07 06:53:37.104936852 -0500 @@ -1,9 +1,9 @@ /* pngconf.h - machine configurable file for libpng * * libpng version 1.2.45 - July 7, 2011 - * Copyright (c) 1998-2010 Glenn Randers-Pehrson + * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * * This code is released under the libpng license. diff -ru4NwbB libpng-1.2.44/pngerror.c libpng-1.2.45/pngerror.c --- libpng-1.2.44/pngerror.c 2010-06-25 19:31:14.405023751 -0500 +++ libpng-1.2.45/pngerror.c 2011-07-07 06:53:37.125718940 -0500 @@ -1,9 +1,9 @@ /* pngerror.c - stub functions for i/o and memory allocation * - * Last changed in libpng 1.2.41 [December 3, 2009] - * Copyright (c) 1998-2009 Glenn Randers-Pehrson + * Last changed in libpng 1.2.45 [July 7, 2011] + * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * * This code is released under the libpng license. @@ -86,14 +86,19 @@ #else void PNGAPI png_err(png_structp png_ptr) { + /* Prior to 1.2.45 the error_fn received a NULL pointer, expressed + * erroneously as '\0', instead of the empty string "". This was + * apparently an error, introduced in libpng-1.2.20, and png_default_error + * will crash in this case. + */ if (png_ptr != NULL && png_ptr->error_fn != NULL) - (*(png_ptr->error_fn))(png_ptr, '\0'); + (*(png_ptr->error_fn))(png_ptr, ""); /* If the custom handler doesn't exist, or if it returns, use the default handler, which will not return. */ - png_default_error(png_ptr, '\0'); + png_default_error(png_ptr, ""); } #endif /* PNG_ERROR_TEXT_SUPPORTED */ #ifdef PNG_WARNINGS_SUPPORTED @@ -180,10 +185,15 @@ else { buffer[iout++] = ':'; buffer[iout++] = ' '; - png_memcpy(buffer + iout, error_message, PNG_MAX_ERROR_TEXT); - buffer[iout + PNG_MAX_ERROR_TEXT - 1] = '\0'; + + iin = 0; + while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0') + buffer[iout++] = error_message[iin++]; + + /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */ + buffer[iout] = '\0'; } } #ifdef PNG_READ_SUPPORTED diff -ru4NwbB libpng-1.2.44/pngmem.c libpng-1.2.45/pngmem.c --- libpng-1.2.44/pngmem.c 2010-06-25 19:31:14.423245005 -0500 +++ libpng-1.2.45/pngmem.c 2011-07-07 06:53:37.144208831 -0500 @@ -441,9 +441,9 @@ * need to allocate exactly 64K, so whatever you call here must * have the ability to do that. */ -png_voidp PNGAPI +png_voidp /* PRIVATE */ png_calloc(png_structp png_ptr, png_uint_32 size) { png_voidp ret; diff -ru4NwbB libpng-1.2.44/pngrtran.c libpng-1.2.45/pngrtran.c --- libpng-1.2.44/pngrtran.c 2010-06-25 19:31:14.461091362 -0500 +++ libpng-1.2.45/pngrtran.c 2011-07-07 06:53:37.185364770 -0500 @@ -1,9 +1,9 @@ /* pngrtran.c - transforms the data in a row for PNG readers * - * Last changed in libpng 1.2.43 [February 25, 2010] - * Copyright (c) 1998-2010 Glenn Randers-Pehrson + * Last changed in libpng 1.2.45 [July 7, 2011] + * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * * This code is released under the libpng license. @@ -675,12 +675,23 @@ void PNGAPI png_set_rgb_to_gray(png_structp png_ptr, int error_action, double red, double green) { - int red_fixed = (int)((float)red*100000.0 + 0.5); - int green_fixed = (int)((float)green*100000.0 + 0.5); + int red_fixed, green_fixed; if (png_ptr == NULL) return; + if (red > 21474.83647 || red < -21474.83648 || + green > 21474.83647 || green < -21474.83648) + { + png_warning(png_ptr, "ignoring out of range rgb_to_gray coefficients"); + red_fixed = -1; + green_fixed = -1; + } + else + { + red_fixed = (int)((float)red*100000.0 + 0.5); + green_fixed = (int)((float)green*100000.0 + 0.5); + } png_set_rgb_to_gray_fixed(png_ptr, error_action, red_fixed, green_fixed); } #endif @@ -1195,10 +1206,9 @@ if (png_ptr->transformations & PNG_EXPAND) { if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) { - if (png_ptr->num_trans && - (png_ptr->transformations & PNG_EXPAND_tRNS)) + if (png_ptr->num_trans) info_ptr->color_type = PNG_COLOR_TYPE_RGB_ALPHA; else info_ptr->color_type = PNG_COLOR_TYPE_RGB; info_ptr->bit_depth = 8; diff -ru4NwbB libpng-1.2.44/pngrutil.c libpng-1.2.45/pngrutil.c --- libpng-1.2.44/pngrutil.c 2010-06-25 19:31:14.474581864 -0500 +++ libpng-1.2.45/pngrutil.c 2011-07-07 06:53:37.198863607 -0500 @@ -1,9 +1,9 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.2.44 [June 26, 2010] - * Copyright (c) 1998-2010 Glenn Randers-Pehrson + * Last changed in libpng 1.2.45 [July 7, 2011] + * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * * This code is released under the libpng license. @@ -1811,8 +1811,16 @@ png_crc_finish(png_ptr, length); return; } + /* Need unit type, width, \0, height: minimum 4 bytes */ + else if (length < 4) + { + png_warning(png_ptr, "sCAL chunk too short"); + png_crc_finish(png_ptr, length); + return; + } + png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)", length + 1); png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1); if (png_ptr->chunkdata == NULL) diff -ru4NwbB libpng-1.2.44/pngwrite.c libpng-1.2.45/pngwrite.c --- libpng-1.2.44/pngwrite.c 2010-06-25 19:31:14.515866839 -0500 +++ libpng-1.2.45/pngwrite.c 2011-07-07 06:53:37.240461119 -0500 @@ -1,9 +1,9 @@ /* pngwrite.c - general routines to write a PNG file * - * Last changed in libpng 1.2.42 [January 3, 2010] - * Copyright (c) 1998-2010 Glenn Randers-Pehrson + * Last changed in libpng 1.2.45 [July 7, 2011] + * Copyright (c) 1998-2011 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * * This code is released under the libpng license. @@ -294,8 +294,9 @@ int keep = png_handle_as_unknown(png_ptr, up->name); if (keep != PNG_HANDLE_CHUNK_NEVER && up->location && (up->location & PNG_HAVE_PLTE) && !(up->location & PNG_HAVE_IDAT) && + !(up->location & PNG_AFTER_IDAT) && ((up->name[3] & 0x20) || keep == PNG_HANDLE_CHUNK_ALWAYS || (png_ptr->flags & PNG_FLAG_KEEP_UNSAFE_CHUNKS))) { png_write_chunk(png_ptr, up->name, up->data, up->size); diff -ru4NwbB libpng-1.2.44/projects/xcode/libpng.xcodeproj/project.pbxproj libpng-1.2.45/projects/xcode/libpng.xcodeproj/project.pbxproj --- libpng-1.2.44/projects/xcode/libpng.xcodeproj/project.pbxproj 2010-06-25 19:31:15.672252821 -0500 +++ libpng-1.2.45/projects/xcode/libpng.xcodeproj/project.pbxproj 2011-07-07 06:53:38.613174824 -0500 @@ -221,9 +221,9 @@ buildSettings = { COPY_PHASE_STRIP = NO; DYLIB_COMPATIBILITY_VERSION = 3; DYLIB_CURRENT_VERSION = 3; - FRAMEWORK_VERSION = 1.2.44; + FRAMEWORK_VERSION = 1.2.45; GCC_PRECOMPILE_PREFIX_HEADER = NO; GCC_PREFIX_HEADER = ""; INFOPLIST_FILE = Info.plist; INSTALL_PATH = "@executable_path/../Frameworks"; @@ -239,9 +239,9 @@ isa = XCBuildConfiguration; buildSettings = { DYLIB_COMPATIBILITY_VERSION = 3; DYLIB_CURRENT_VERSION = 3; - FRAMEWORK_VERSION = 1.2.44; + FRAMEWORK_VERSION = 1.2.45; GCC_PRECOMPILE_PREFIX_HEADER = NO; GCC_PREFIX_HEADER = ""; INFOPLIST_FILE = Info.plist; INSTALL_PATH = "@executable_path/../Frameworks";