mirror of
https://github.com/openharmony/third_party_libpng.git
synced 2026-07-01 09:25:04 -04:00
new: 新建文件 CVE-2025-28164.patch
Signed-off-by: gcw_5Q40SBlf <guokuan1@h-partners.com>
This commit is contained in:
@@ -0,0 +1,50 @@
|
||||
diff --git a/pngerror.c b/pngerror.c
|
||||
index 1babf9f..829611b 100644
|
||||
--- a/pngerror.c
|
||||
+++ b/pngerror.c
|
||||
@@ -936,23 +936,36 @@ png_safe_warning(png_structp png_nonconst_ptr, png_const_charp warning_message)
|
||||
int /* PRIVATE */
|
||||
png_safe_execute(png_imagep image, int (*function)(png_voidp), png_voidp arg)
|
||||
{
|
||||
- png_voidp saved_error_buf = image->opaque->error_buf;
|
||||
+ const png_voidp saved_error_buf = image->opaque->error_buf;
|
||||
jmp_buf safe_jmpbuf;
|
||||
- int result;
|
||||
|
||||
/* Safely execute function(arg), with png_error returning back here. */
|
||||
if (setjmp(safe_jmpbuf) == 0)
|
||||
{
|
||||
+ int result; /*bool*/
|
||||
image->opaque->error_buf = safe_jmpbuf;
|
||||
result = function(arg);
|
||||
image->opaque->error_buf = saved_error_buf;
|
||||
- return result;
|
||||
+
|
||||
+ if (result)
|
||||
+ return 1; /*true*/
|
||||
}
|
||||
|
||||
- /* On png_error, return via longjmp, pop the jmpbuf, and free the image. */
|
||||
+ /* The function failed either because of a caught png_error and a regular
|
||||
+ * return of false above or because of an uncaught png_error from the
|
||||
+ * function itself. Ensure that the error_buf is always set back to the
|
||||
+ * value saved above:
|
||||
+ */
|
||||
image->opaque->error_buf = saved_error_buf;
|
||||
- png_image_free(image);
|
||||
- return 0;
|
||||
+
|
||||
+ /* On the final false return, when about to return control to the caller, the
|
||||
+ * image is freed (png_image_free does this check but it is duplicated here
|
||||
+ * for clarity:
|
||||
+ */
|
||||
+ if (saved_error_buf == NULL)
|
||||
+ png_image_free(image);
|
||||
+
|
||||
+ return 0; /*false*/
|
||||
}
|
||||
#endif /* SIMPLIFIED READ || SIMPLIFIED_WRITE */
|
||||
#endif /* READ || WRITE */
|
||||
--
|
||||
2.1.4
|
||||
|
||||
Reference in New Issue
Block a user