Libpng 1.6.32rc01 - August 18, 2017 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. Files available for download: Source files with LF line endings (for Unix/Linux) and with a "configure" script 1.6.32rc01.tar.xz (LZMA-compressed, recommended) 1.6.32rc01.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script lp1632r01.7z (LZMA-compressed, recommended) lp1632r01.zip Other information: 1.6.32rc01-README.txt 1.6.32rc01-LICENSE.txt libpng-1.6.32rc01-*.asc (armored detached GPG signatures) Changes since the last public release (1.6.31): Version 1.6.32beta01 [July 31, 2017] Avoid possible NULL dereference in png_handle_eXIf when benign_errors are allowed. Avoid leaking the input buffer "eXIf_buf". Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif to arguments for png_get_eXIf() and png_set_eXIf(). Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in pngwrite.c, and made various other fixes to png_write_eXIf(). Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and png_set_eXIf_1(), respectively, to avoid breaking API compatibility with libpng-1.6.31. Version 1.6.32beta02 [August 1, 2017] Updated contrib/libtests/pngunknown.c with eXIf chunk. Version 1.6.32beta03 [August 2, 2017] Initialized btoa[] in pngstest.c Stop memory leak when returning from png_handle_eXIf() with an error (Bug report from the OSS-fuzz project). Version 1.6.32beta04 [August 2, 2017] Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). Update libpng.3 and libpng-manual.txt about eXIf functions. Version 1.6.32beta05 [August 2, 2017] Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. Version 1.6.32beta06 [August 2, 2017] Removed png_get_eXIf_1() and png_set_eXIf_1(). Version 1.6.32beta07 [August 3, 2017] Check length of all chunks except IDAT against user limit to fix an OSS-fuzz issue. Version 1.6.32beta08 [August 3, 2017] Check length of IDAT against maximum possible IDAT size, accounting for height, rowbytes, interlacing and zlib/deflate overhead. Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) does not work (the eXIf chunk data can contain zeroes). Version 1.6.32beta09 [August 3, 2017] Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation, no longer using deprecated cmake LOCATION feature (Clifford Yapp). Fixed five-byte error in the calculation of IDAT maximum possible size. Version 1.6.32beta10 [August 5, 2017] Moved chunk-length check into a png_check_chunk_length() private function (Suggested by Max Stepin). Moved bad pngs from tests to contrib/libtests/crashers Moved testing of bad pngs into a separate tests/pngtest-badpngs script Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL in the output but PASS for the libpng test. Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp). Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the num_exif argument to png_get_eXIf_1() (Github Issue 171). Version 1.6.32beta11 [August 7, 2017] Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. Make pngtest --strict, --relax, --xfail options imply -m (multiple). Removed unused chunk_name parameter from png_check_chunk_length(). Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account for the minimum 'deflate' stream, and relocate the test to a point after the keyword has been read. Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". Version 1.6.32rc01 [August 18, 2017] Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, one for each known chunk type, with length = 2GB-1. Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, and 162707). Renamed chunks in contrib/testpngs/crashers to avoid having files whose names differ only in case; this causes problems with some platforms (github issue #172). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit https://lists.sourceforge.net/lists/listinfo/png-mng-implement to subscribe) or to glennrp at users.sourceforge.net Glenn R-P