LIBPNG: PNG reference library / Bugs / #263 Allocate too much memory for a bad iCCP chunk

#263 Allocate too much memory for a bad iCCP chunk

Milestone: libpng_code

Status: closed-out-of-date

Owner: Glenn Randers-Pehrson

Labels: None

Priority: 5

Updated: 2017-03-25

Created: 2017-03-23

Creator: Leon Scroggins

Private: No

The attached "image" has an iCCP chunk with length 276. According to the ICC header, it has a profile_length of 1879048662. This should be impossible, since it is much larger than the chunk itself, but png_handle_iCCP attempts to allocate 1879048662 bytes in png_read_buffer to hold the profile.

I suppose it is up to the client to avoid allocating that much memory if it will cause a problem (is that correct?), but should libpng recognize that this must be invalid because it is larger than the chunk itself?

1 Attachments

crbug701957.png

Discussion

Glenn Randers-Pehrson - 2017-03-23

That bug was supposedly fixed in libpng-1.6.25. What version are you testing?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Leon Scroggins - 2017-03-23

1.6.22, so I am out of date. Thanks!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Glenn Randers-Pehrson - 2017-03-25

status: open --> closed-out-of-date

assigned_to: Glenn Randers-Pehrson
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Allocate too much memory for a bad iCCP chunk

Group

Searches

Help

#263 Allocate too much memory for a bad iCCP chunk

Discussion