|
|
|
@ -4341,8 +4341,10 @@ static int stbi__create_png_image_raw(stbi__png *a, stbi_uc *raw, stbi__uint32 r |
|
|
|
a->out = (stbi_uc *) stbi__malloc_mad3(x, y, output_bytes, 0); // extra bytes to write off the end into
|
|
|
|
a->out = (stbi_uc *) stbi__malloc_mad3(x, y, output_bytes, 0); // extra bytes to write off the end into
|
|
|
|
if (!a->out) return stbi__err("outofmem", "Out of memory"); |
|
|
|
if (!a->out) return stbi__err("outofmem", "Out of memory"); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (!stbi__mad3sizes_valid(img_n, x, depth, 7)) return stbi__err("too large", "Corrupt PNG"); |
|
|
|
img_width_bytes = (((img_n * x * depth) + 7) >> 3); |
|
|
|
img_width_bytes = (((img_n * x * depth) + 7) >> 3); |
|
|
|
img_len = (img_width_bytes + 1) * y; |
|
|
|
img_len = (img_width_bytes + 1) * y; |
|
|
|
|
|
|
|
|
|
|
|
// we used to check for exact match between raw_len and img_len on non-interlaced PNGs,
|
|
|
|
// we used to check for exact match between raw_len and img_len on non-interlaced PNGs,
|
|
|
|
// but issue #276 reported a PNG in the wild that had extra data at the end (all zeros),
|
|
|
|
// but issue #276 reported a PNG in the wild that had extra data at the end (all zeros),
|
|
|
|
// so just check for raw_len < img_len always.
|
|
|
|
// so just check for raw_len < img_len always.
|
|
|
|
|
Sean Barrett
ago%!(EXTRA string=7 years)