qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-10-04 11:21:21 -06:00
Code Releases Activity
24,896 Commits 58 Branches 402 Tags 522 MiB
735c65fa9c
Commit Graph

6 Commits

Author SHA1 Message Date
Nathan Otterness
66c25fa9be image/png: integer underflow when decoding 
This change addresses an integer underflow appearing only on systems
using a 32-bit int type. The patch addresses the problem by limiting the
length of unknown chunks to 0x7fffffff. This value appears to already be
checked for when parsing other chunk types, so the bug shouldn't appear
elsewhere in the package. The PNG spec recommends the maximum size for
any chunk to remain under 2^31, so this shouldn't cause errors with
valid images.

Fixes #12687

Change-Id: I17f0e1683515532c661cf2b0b2bc65309d1b7bb7
Reviewed-on: https://go-review.googlesource.com/14766
Reviewed-by: Nigel Tao <nigeltao@golang.org>
 2015-09-21 23:09:22 +00:00
Nigel Tao
0cf7331391 image/png: reject zero-width and zero-height images. 
http://www.w3.org/TR/PNG/#11IHDR says that "Zero is an invalid value".

This change only affects the decoder. The encoder already checks
non-positive instead of negative.

Fixes #12545.

Change-Id: Iba40e1a2f4e0eec8b2fbcd3bbdae886311434da7
Reviewed-on: https://go-review.googlesource.com/14411
Reviewed-by: Rob Pike <r@golang.org>
 2015-09-09 02:53:58 +00:00
Nigel Tao
ca6ba49269 image/png: don't read filter bytes for empty interlace passes. 
Fixes #11604

The gray-gradient.png image was created by a Go program:

----
package main

import (
	"image"
	"image/color"
	"image/png"
	"log"
	"os"
)

func main() {
	f, err := os.Create("a.png")
	if err != nil {
		log.Fatal(err)
	}
	defer f.Close()
	m := image.NewGray(image.Rect(0, 0, 1, 16))
	for i := 0; i < 16; i++ {
		m.SetGray(0, i, color.Gray{uint8(i * 0x11)})
	}
	err = png.Encode(f, m)
	if err != nil {
		log.Fatal(err)
	}
}
----

The equivalent gray-gradient.interlaced.png image was created via ImageMagick:
$ convert -interlace PNG gray-gradient.png gray-gradient.interlaced.png

As a sanity check:
$ file gray-gradient.*
gray-gradient.interlaced.png: PNG image data, 1 x 16, 4-bit grayscale, interlaced
gray-gradient.png:            PNG image data, 1 x 16, 8-bit grayscale, non-interlaced

Change-Id: I7700284f74d1ea30073aede3bce4d7651787bdbc
Reviewed-on: https://go-review.googlesource.com/12064
Reviewed-by: Rob Pike <r@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
 2015-07-13 06:40:00 +00:00
Nigel Tao
ba8fa0e1a9 image/png: don't silently swallow io.ReadFull's io.EOF error when it 
lands exactly on an IDAT row boundary.

Fixes #10493

Change-Id: I12be7c5bdcde7032e17ed1d4400db5f17c72bc87
Reviewed-on: https://go-review.googlesource.com/9270
Reviewed-by: Rob Pike <r@golang.org>
 2015-04-23 06:39:56 +00:00
Nigel Tao
7e7d55f888 image/png: reject multiple tRNS chunks. 
http://www.w3.org/TR/PNG/#5ChunkOrdering disallows them.

Fixes #10423

Change-Id: I3399ce53dc8b41b1b5f0b906a5912e6efd80418f
Reviewed-on: https://go-review.googlesource.com/8905
Reviewed-by: Rob Pike <r@golang.org>
 2015-04-15 04:35:27 +00:00
Russ Cox
c007ce824d build: move package sources from src/pkg to src 
Preparation was in CL 134570043.
This CL contains only the effect of 'hg mv src/pkg/* src'.
For more about the move, see golang.org/s/go14nopkg.
 2014-09-08 00:08:51 -04:00