Oh no! Some styles failed to load. 😵
Please try reloading this page
Menu
â–¾
â–´
#151 Segfault with 1/2/4-bit transparent indexed PNGs
The code in pngimage.c, create_soft_mask(...) assumes the data stream containing the palette index bytes is 8 bits-per-color (-index).
for (i = 0; i < width*height; i++) {
png_byte idx = image_data_ptr[i];
smask_data_ptr[i] = (idx < num_trans) ? trans[idx] : 0xff;
}
This accesses the wrong data, the block should read
png_byte mask = 0xff >> (8 - bpc);
for (i = 0; i < width*height; i++) {
/* data is packed for 1/2/4 bpc formats, msb first */
png_byte idx = (image_data_ptr[bpc * i / 8] >> (3 - bpc * i % 8)) & mask;
smask_data_ptr[i] = (idx < num_trans) ? trans[idx] : 0xff;
}
Related
Discussion
Anonymous
Affected PNG, SMask is wrong, xetex occasionaly crashes (OOB access of image_data_ptr)
I've received the attached patch from a bug report of Stefan Brüns stefan.bruens@rwth-aachen.de for TeXLive which may solve the bug
Last edit: Dr. Werner Fink 2018-04-27
The "shift" above was still wrong, in the attached patch it is correct (i.e. shift = 8 - bpc).
Applied the patch by Stefan for dvipdfm-x in TeX Live SVN: r47469.
This one seems to be missed in texlive-20180414-source.tar.xz
On Mon, Apr 30, 2018 at 03:36:14AM +0000, Akira Kakuto wrote:
--
"Having a smoking section in a restaurant is like having
a peeing section in a swimming pool." -- Edward Burr
Related
Bugs: #151
Yes, because the sources are what made it into the released TL.
I am collecting patches (cherry-picking) in the tl2018-fixes branch at
https://github.com/TeX-Live/texlive-source/tree/tl2018-fixes
Norbert
--
PREINING Norbert http://www.preining.info
Accelia Inc. + JAIST + TeX Live + Debian Developer
GPG: 0x860CDC13 fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
Please note the date:
r47469 was done on 2018/04/28 after the release of TL2018.
Best,
Akira