Upgrading libpng to 1.2.46 to fix a few vulnerabilities.
Bug: 5057432
Bug: 5055636
Change-Id: I9e1b51881386aa9f574a38abc844e036baef9091
diff --git a/pngrutil.c b/pngrutil.c
index 7796887..dfa2c03 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -1,8 +1,8 @@
/* pngrutil.c - utilities to read a PNG file
*
- * Last changed in libpng 1.2.44 [June 26, 2010]
- * Copyright (c) 1998-2010 Glenn Randers-Pehrson
+ * Last changed in libpng 1.2.45 [July 7, 2011]
+ * Copyright (c) 1998-2011 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
*
@@ -1829,6 +1829,14 @@
return;
}
+ /* Need unit type, width, \0, height: minimum 4 bytes */
+ else if (length < 4)
+ {
+ png_warning(png_ptr, "sCAL chunk too short");
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+
png_debug1(2, "Allocating and reading sCAL chunk data (%lu bytes)",
length + 1);
png_ptr->chunkdata = (png_charp)png_malloc_warn(png_ptr, length + 1);