Bug 492200 - Upgrade libpng to 1.2.37; r=joe sr=vlad a1.9.2.6=dveditz
authorGlenn Randers-Pehrson <glennrp+bmo@gmail.com>
Fri, 25 Jun 2010 17:07:48 -0400
changeset 34387 a478fe5144d54f6d1c5392c51c0da57b0d62b085
parent 34386 e4bf0cdd829ef577472bb7be1c340eef31ff7775
child 34388 a34de5780b91a941a6e41b163e070e17e0249bc9
push id1431
push usereakhgari@mozilla.com
push dateFri, 25 Jun 2010 21:10:38 +0000
reviewersjoe, vlad
bugs492200
milestone1.9.2.6pre
Bug 492200 - Upgrade libpng to 1.2.37; r=joe sr=vlad a1.9.2.6=dveditz
modules/libimg/png/MOZCHANGES
modules/libimg/png/pngrutil.c
--- a/modules/libimg/png/MOZCHANGES
+++ b/modules/libimg/png/MOZCHANGES
@@ -2,16 +2,19 @@
 Changes made to pristine png source by mozilla.org developers.
 
 2010/02/28  -- Ported performance improvements to pngrutil.c and pngpread.c
                from libpng-1.4.1 (bug #497056).
 
 2009/06/01  -- Eliminated incorrect test and rejection of APNG
                blend_op in opaque images (bug #441971 and #455140).
 
+2009/06/10  -- Ported memset that prevents an uninitialized memory
+               reference in pngrutil.c from libpng-1.2.37 (bug #492200).
+
 2009/02/19  -- Synced with libpng-1.2.35 (bug #478901).
 
 2008/08/21  -- Synced with libpng-1.2.31 (bug #418900).
 
 2008/03/29  -- Initialize prev_row for each APNG frame, only when
                the frame size increases (bug #420416)
 
 2008/01/18  -- Synced with libpng-1.2.24 (bug #408429).
--- a/modules/libimg/png/pngrutil.c
+++ b/modules/libimg/png/pngrutil.c
@@ -3372,16 +3372,18 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED
    if (row_bytes > (png_uint_32)65536L)
       png_error(png_ptr, "This image requires a row greater than 64KB");
 #endif
 
    if (row_bytes + 64 > png_ptr->old_big_row_buf_size)
    {
      png_free(png_ptr, png_ptr->big_row_buf);
      png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes+64);
+     if (png_ptr->interlaced)
+       png_memset(png_ptr->big_row_buf, 0, row_bytes + 64);
      png_ptr->row_buf = png_ptr->big_row_buf+32;
      png_ptr->old_big_row_buf_size = row_bytes+64;
    }
 
 #ifdef PNG_MAX_MALLOC_64K
    if ((png_uint_32)png_ptr->rowbytes + 1 > (png_uint_32)65536L)
       png_error(png_ptr, "This image requires a row greater than 64KB");
 #endif