Commits

Anonymous committed 9b9ada0

Fixed bug where wrong pixel format is chosen for some paletted images, leading to an insufficient amount of memory allocated for each row and hence buffer overuns.

  • Participants
  • Parent commits 114df90

Comments (0)

Files changed (1)

 
 #define TRY(expr) \
     do { \
-    if (setjmp(pimpl_->jmpbuf_) == 0) expr; \
+    if (setjmp(pimpl_->jmpbuf_) == 0) { expr; } \
     pimpl_->ex_store_.rethrow_stored_exception(); \
     } while (false)
 
         int colour_type = 0;
         int bit_depth = 0;
         int interlace_type = 0;
+        bool alpha_in_tRNS = false;
 
         TRY(png_get_IHDR(rsp, pimpl_->info_, &width, &height, &bit_depth, &colour_type, &interlace_type, 0, 0));
+        TRY(alpha_in_tRNS = png_get_valid(rsp, pimpl_->info_, PNG_INFO_tRNS));
 
         imagexx::pixel_format format = imagexx::rgb;
 
         if (colour_type & (PNG_COLOR_MASK_COLOR | PNG_COLOR_MASK_PALETTE))
         {
             // Currently, paletted images come out the other side as colour images (rgb or rgba)
-            if (colour_type & PNG_COLOR_MASK_ALPHA) format = imagexx::rgba;
+            if ((colour_type & PNG_COLOR_MASK_ALPHA) || alpha_in_tRNS) format = imagexx::rgba;
         }
         else
         {
         if (colour_type & PNG_COLOR_TYPE_PALETTE)
             TRY(png_set_palette_to_rgb(rsp)); // a paletted image should come through as an RGB raster
 
-        if (colour_type & PNG_COLOR_TYPE_GRAY && bit_depth < 8)
+        if ((colour_type & PNG_COLOR_TYPE_GRAY) && bit_depth < 8)
             TRY(png_set_gray_1_2_4_to_8(rsp)); // expand 1, 2, 4 bpp greyscale images to 8 bpp
 
         if (format == imagexx::rgba || format == imagexx::grey_alpha)