From 067466045187a40f16534b7a1f35cf4fba82a76e Mon Sep 17 00:00:00 2001 From: Fabian Giesen Date: Fri, 21 Jul 2017 21:55:37 -0700 Subject: [PATCH] stb_image: Relax raw_len validation for non-interlaced PNGs. We used to require exact match between img_len and raw_len for non-interlaced PNGs, but the PNG in issue #276 has extra bytes (all zeros) at the end of the compressed DEFLATE stream. The PNG spec doesn't have anything to say about it (that I can tell), and if libpng accepts this, who are we to judge. Fixes issue #276. --- stb_image.h | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/stb_image.h b/stb_image.h index ae2ada6..c9a5d59 100644 --- a/stb_image.h +++ b/stb_image.h @@ -4297,11 +4297,10 @@ static int stbi__create_png_image_raw(stbi__png *a, stbi_uc *raw, stbi__uint32 r img_width_bytes = (((img_n * x * depth) + 7) >> 3); img_len = (img_width_bytes + 1) * y; - if (s->img_x == x && s->img_y == y) { - if (raw_len != img_len) return stbi__err("not enough pixels","Corrupt PNG"); - } else { // interlaced: - if (raw_len < img_len) return stbi__err("not enough pixels","Corrupt PNG"); - } + // we used to check for exact match between raw_len and img_len on non-interlaced PNGs, + // but issue #276 reported a PNG in the wild that had extra data at the end (all zeros), + // so just check for raw_len < img_len always. + if (raw_len < img_len) return stbi__err("not enough pixels","Corrupt PNG"); for (j=0; j < y; ++j) { stbi_uc *cur = a->out + stride*j;