Bug 492200 - Upgrade libpng to 1.2.37; r=joe sr=vlad a1.9.2.6=dveditz
--- a/modules/libimg/png/MOZCHANGES
+++ b/modules/libimg/png/MOZCHANGES
@@ -2,16 +2,19 @@
Changes made to pristine png source by mozilla.org developers.
2010/02/28 -- Ported performance improvements to pngrutil.c and pngpread.c
from libpng-1.4.1 (bug #497056).
2009/06/01 -- Eliminated incorrect test and rejection of APNG
blend_op in opaque images (bug #441971 and #455140).
+2009/06/10 -- Ported memset that prevents an uninitialized memory
+ reference in pngrutil.c from libpng-1.2.37 (bug #492200).
+
2009/02/19 -- Synced with libpng-1.2.35 (bug #478901).
2008/08/21 -- Synced with libpng-1.2.31 (bug #418900).
2008/03/29 -- Initialize prev_row for each APNG frame, only when
the frame size increases (bug #420416)
2008/01/18 -- Synced with libpng-1.2.24 (bug #408429).
--- a/modules/libimg/png/pngrutil.c
+++ b/modules/libimg/png/pngrutil.c
@@ -3372,16 +3372,18 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED
if (row_bytes > (png_uint_32)65536L)
png_error(png_ptr, "This image requires a row greater than 64KB");
#endif
if (row_bytes + 64 > png_ptr->old_big_row_buf_size)
{
png_free(png_ptr, png_ptr->big_row_buf);
png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes+64);
+ if (png_ptr->interlaced)
+ png_memset(png_ptr->big_row_buf, 0, row_bytes + 64);
png_ptr->row_buf = png_ptr->big_row_buf+32;
png_ptr->old_big_row_buf_size = row_bytes+64;
}
#ifdef PNG_MAX_MALLOC_64K
if ((png_uint_32)png_ptr->rowbytes + 1 > (png_uint_32)65536L)
png_error(png_ptr, "This image requires a row greater than 64KB");
#endif