2742
2742
version 1.0.57rc01 and 1.2.47rc01 [February 17, 2012]
2743
2743
Fixed CVE-2011-3026 buffer overrun bug.
2744
Fixed CVE-2011-3026 buffer overrun bug. This bug was introduced when
2745
iCCP chunk support was added at libpng-1.0.6.
2745
2747
version 1.0.57 and 1.2.47 [February 18, 2012]
2750
version 1.2.48beta01 [February 27, 2012]
2751
Removed two useless #ifdef directives from pngread.c and one from pngrutil.c
2752
Eliminated redundant png_push_read_tEXt|zTXt|iTXt|unknown code from
2753
pngpread.c and use the sequential png_handle_tEXt, etc., in pngrutil.c;
2754
now that png_ptr->buffer is inaccessible to applications, the special
2755
handling is no longer useful.
2756
Fixed bug with png_handle_hIST with odd chunk length (Frank Busse).
2757
Fixed incorrect type (int copy should be png_size_t copy) in png_inflate().
2758
Fixed off-by-one bug in png_handle_sCAL() when using fixed point arithmetic,
2759
causing out-of-bounds read in png_set_sCAL() because of failure to copy
2760
the string terminators. This bug was introduced in libpng-1.0.6 (Frank
2763
version 1.2.48rc01 [March 2, 2012]
2764
Removed the png_free() of unused png_ptr->current_text from pngread.c.
2765
Added libpng license text to pnggccrd.c and pngvcrd.c (requested by Chrome).
2767
version 1.2.48rc02 [March 2, 2012]
2768
Removed all of the assembler code from pnggccrd.c and just "return 2;".
2770
version 1.0.58 and 1.2.48 [March 8, 2012]
2773
version 1.2.49rc01 [March 29, 2012]
2774
Revised png_set_text_2() to avoid potential memory corruption (fixes
2776
Prevent PNG_EXPAND+PNG_SHIFT doing the shift twice.
2748
2778
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
2749
2779
(subscription required; visit
2750
2780
https://lists.sourceforge.net/lists/listinfo/png-mng-implement