Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package pngcheck for openSUSE:Factory checked in at 2021-12-13 20:45:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/pngcheck (Old) and /work/SRC/openSUSE:Factory/.pngcheck.new.2520 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "pngcheck" Mon Dec 13 20:45:04 2021 rev:7 rq:940245 version:3.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/pngcheck/pngcheck.changes 2020-12-29 15:52:29.104305558 +0100 +++ /work/SRC/openSUSE:Factory/.pngcheck.new.2520/pngcheck.changes 2021-12-13 20:51:11.100665191 +0100 @@ -1,0 +2,18 @@ +Mon Dec 13 11:51:03 UTC 2021 - pgaj...@suse.com + +- version update to 3.0.3 + * 20210124 GRR: released version 3.0.1 + * ---------------------- + * 20201217 BB: fixed a crash bug (and probable vulnerability) in large (MNG) + * LOOP chunks + * 20210131 GRR: updated Makefile.mingw32 for modern versions and added + * Makefile.mingw64 (targets Win64); both are essentially + * UNTESTED, however! + * 20210131 GRR: released version 3.0.2 + * ---------------------- + * 20210416 BB: fixed a divide-by-zero crash bug (and probable vulnerability) + * in interlaced images with extra compressed data beyond the + * nominal end of the image data (found by "chiba of topsec alpha + * lab") + +------------------------------------------------------------------- Old: ---- pngcheck-3.0.0.tar.gz pngcheck.1.gz New: ---- pngcheck-3.0.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pngcheck.spec ++++++ --- /var/tmp/diff_new_pack.02Qty0/_old 2021-12-13 20:51:11.496665445 +0100 +++ /var/tmp/diff_new_pack.02Qty0/_new 2021-12-13 20:51:11.500665447 +0100 @@ -1,7 +1,7 @@ # # spec file for package pngcheck # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,14 +17,13 @@ Name: pngcheck -Version: 3.0.0 +Version: 3.0.3 Release: 0 Summary: PNG file format checker -License: HPND AND GPL-2.0-or-later +License: GPL-2.0-or-later AND HPND Group: Productivity/Graphics/Other URL: http://www.libpng.org/pub/png/apps/pngcheck.html Source: http://www.libpng.org/pub/png/src/pngcheck-%{version}.tar.gz -Source2: %{name}.1.gz Patch0: fixbuild.diff BuildRequires: zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -53,7 +52,7 @@ install -m 755 pngsplit %{buildroot}%{_bindir}/ install -m 755 png-fix-IDAT-windowsize %{buildroot}%{_bindir}/ install -m 755 -d %{buildroot}%{_mandir}/man1/ -install -m 0644 %{SOURCE2} %{buildroot}%{_mandir}/man1/ +install -m 0644 pngcheck.1 %{buildroot}%{_mandir}/man1/ %files %defattr(-,root,root) ++++++ pngcheck-3.0.0.tar.gz -> pngcheck-3.0.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pngcheck-3.0.0/CHANGELOG new/pngcheck-3.0.3/CHANGELOG --- old/pngcheck-3.0.0/CHANGELOG 2020-12-13 06:56:13.000000000 +0100 +++ new/pngcheck-3.0.3/CHANGELOG 2021-04-26 06:19:46.000000000 +0200 @@ -5,6 +5,7 @@ * * AL - Alexander Lehmann * AED - Andreas Dilger + * BB - Ben Beasley (Fedora Linux) * GRP - Glenn Randers-Pehrson * GRR - Greg Roelofs * JB - John Bowler @@ -246,3 +247,20 @@ * 20201212 GRR: removed -f ("force") option due to multiple security issues * 20201212 GRR: released version 3.0.0 * ---------------------- + * 20201214 BB: generalized previous sPLT buffer-overrun fix, and found and + * fixed a PPLT vulnerability + * 20210124 GRR: released version 3.0.1 + * ---------------------- + * 20201217 BB: fixed a crash bug (and probable vulnerability) in large (MNG) + * LOOP chunks + * 20210131 GRR: updated Makefile.mingw32 for modern versions and added + * Makefile.mingw64 (targets Win64); both are essentially + * UNTESTED, however! + * 20210131 GRR: released version 3.0.2 + * ---------------------- + * 20210416 BB: fixed a divide-by-zero crash bug (and probable vulnerability) + * in interlaced images with extra compressed data beyond the + * nominal end of the image data (found by "chiba of topsec alpha + * lab") + * 20210425 GRR: released version 3.0.3 + * ---------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pngcheck-3.0.0/Makefile.mingw32 new/pngcheck-3.0.3/Makefile.mingw32 --- old/pngcheck-3.0.0/Makefile.mingw32 2020-10-17 22:41:15.000000000 +0200 +++ new/pngcheck-3.0.3/Makefile.mingw32 2021-01-31 22:51:22.000000000 +0100 @@ -1,8 +1,10 @@ # Sample makefile for pngcheck using mingw32-gcc (native or cross) and make. +# This one is currently set up for Win32 cross-compilation from Linux. +# # Greg Roelofs -# Last modified: 12 July 2007 +# Last modified: 31 January 2021 # -# Invoke this makefile from a DOS-prompt window via: +# Invoke this makefile from a DOS-prompt window or xterm or whatever via: # # make -f Makefile.mingw32 # @@ -19,7 +21,7 @@ # macros -------------------------------------------------------------------- #ZPATH = ../zlib -ZPATH = ../zlib-win32 +ZPATH = ../zlib-1.2.11-win32 ZINC = -I$(ZPATH) #ZLIB = $(ZPATH)/libzdll.a # link dynamically against DLL ZLIB = $(ZPATH)/libz.a # link statically @@ -28,14 +30,14 @@ LIBS = $(ZLIB) #CC = gcc -CC = i386-mingw32msvc-gcc # e.g., Linux -> Win32 cross-compilation +CC = i686-w64-mingw32-gcc # Linux -> Win32 cross-compilation LD = $(CC) RM = rm -f CFLAGS = -O -Wall $(INCS) $(MINGW_CCFLAGS) -DUSE_ZLIB # [note that -Wall is a gcc-specific compilation flag ("most warnings on")] LDFLAGS = $(MINGW_LDFLAGS) O = .o -E = .exe +E = .win32.exe PROG = pngcheck PROG2 = pngsplit diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pngcheck-3.0.0/Makefile.mingw64 new/pngcheck-3.0.3/Makefile.mingw64 --- old/pngcheck-3.0.0/Makefile.mingw64 1970-01-01 01:00:00.000000000 +0100 +++ new/pngcheck-3.0.3/Makefile.mingw64 2021-01-31 22:53:47.000000000 +0100 @@ -0,0 +1,73 @@ +# Sample makefile for pngcheck using mingw32-gcc (native or cross) and make. +# This one is currently set up for Win64 cross-compilation from Linux. +# +# Greg Roelofs +# Last modified: 31 January 2021 +# +# Invoke this makefile from a DOS-prompt window or xterm or whatever via: +# +# make -f Makefile.mingw64 +# +# This makefile assumes zlib has already been built or downloaded and is in +# a subdirectory at the same level as the current subdirectory (as indicated +# by the ZPATH macro below). Edit as appropriate. +# +# Note that the names of the dynamic and static zlib libraries used below may +# change in later releases of the library. This makefile builds statically +# linked executables, but that can be changed by uncommenting the appropriate +# ZLIB line. + + +# macros -------------------------------------------------------------------- + +#ZPATH = ../zlib +ZPATH = ../zlib-1.2.11-win64 +ZINC = -I$(ZPATH) +#ZLIB = $(ZPATH)/libzdll.a # link dynamically against DLL +ZLIB = $(ZPATH)/libz.a # link statically + +INCS = $(ZINC) +LIBS = $(ZLIB) + +#CC = gcc +CC = x86_64-w64-mingw32-gcc # Linux -> Win64 cross-compilation +LD = $(CC) +RM = rm -f +CFLAGS = -O -Wall $(INCS) $(MINGW_CCFLAGS) -DUSE_ZLIB +# [note that -Wall is a gcc-specific compilation flag ("most warnings on")] +LDFLAGS = $(MINGW_LDFLAGS) +O = .o +E = .win64.exe + +PROG = pngcheck +PROG2 = pngsplit +PROG3 = png-fix-IDAT-windowsize + +EXES = $(PROG)$(E) $(PROG2)$(E) $(PROG3)$(E) + + +# implicit make rules ------------------------------------------------------- + +.c$(O): + $(CC) -c $(CFLAGS) $< + + +# dependencies -------------------------------------------------------------- + +all: $(EXES) + +$(PROG)$(E): $(PROG).c + $(CC) $(CFLAGS) -o $@ $(PROG).c $(LIBS) + +# both of these require zlib, too (for crc32() function) +$(PROG2)$(E): gpl/$(PROG2).c + $(CC) $(CFLAGS) -o $@ gpl/$(PROG2).c $(LIBS) + +$(PROG3)$(E): gpl/$(PROG3).c + $(CC) $(CFLAGS) -o $@ gpl/$(PROG3).c $(LIBS) + + +# maintenance --------------------------------------------------------------- + +clean: + $(RM) $(EXES) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pngcheck-3.0.0/README new/pngcheck-3.0.3/README --- old/pngcheck-3.0.0/README 2020-12-13 06:57:13.000000000 +0100 +++ new/pngcheck-3.0.3/README 2021-04-26 06:27:42.000000000 +0200 @@ -1,19 +1,19 @@ -pngcheck version 3.0.0 of 12 December 2020 +pngcheck version 3.0.3 of 25 April 2021 -This version gets a major-version bump not because of a huge new feature but -because an existing feature was removed. Specifically, the implementation of -the -f ("force continuation after major errors") option was lacking--largely -because it's difficult to properly reason about program state after continuing -beyond one or more critical errors--and had resulted in a growing number of -security vulnerabilities being reported. (The combinatorial issues surrounding -the force option, various verbosity levels, multiple chunk-printing and -character-set options, and optional zlib decoding only exacerbate the problem.) - -That said, a number of the recently reported vulnerabilities were fixed by -Ben Beasley of the Fedora Linux project, for which I am most grateful. (He -found a number of them himself, as did "giantbranch of NSFOCUS Security Team.") -Thanks also to Lucy Phipps for tracking down an off-by-one error in PNG/MNG/JNG -signature validation and for forwarding another small patch from github. +This version fixes another (probable) security vulnerability discovered by +"chiba of topsec alpha lab". Ben Beasley of the Fedora Linux project fixed +it, and I generalized it a bit to forestall other attempts by the code to +keep decoding beyond the declared image dimensions. As always, many thanks +to Ben and to the various security researchers who continue to ferret out +problematic code. + +I've also updated the MinGW32 cross-compiler makefile for both Win32 and Win64 +targets (i.e., there are two such makefiles now), but other than verifying +that binaries come out the other end, these are COMPLETELY UNTESTED. In +particular, the printf() format "%td" for ptrdiff_t (pointer differences, i.e., +subtraction) doesn't appear to be supported under Windows, but I don't know +what the appropriate type is. So the five affected print statements presumably +just won't work correctly. Here's a list of the major enhancements since version 1.98, which was the last release before I took over maintenance: @@ -34,12 +34,16 @@ - pngsplit utility - compilation support for Win32 (using MSVC), RISC OS, and Amiga +Also, this "anti-enhancement" occurred in version 3.0.0 for security reasons: + + - -f ("force continuation after major errors") option REMOVED + There are also many fixes, of course, including ones from Tom Lane, Glenn Randers-Pehrson, Tom Zerucha, Paul Matzke, Darren Salt, John Bowler, and others. Thanks also to Chris Nokleberg (brokensuite), Tim Pritlove, Bob -Friesenhahn, the GraalOnline folks, giantbranch, Ben Beasley, and others for -test images. See the included CHANGELOG file for the complete, detailed list -of who did what. +Friesenhahn, the GraalOnline folks, giantbranch, chiba, Ben Beasley, and +others for test images. See the included CHANGELOG file for the complete, +detailed list of who did what. Note that while MNG support is now complete in the sense of covering all registered chunk types, there are still numerous error conditions that @@ -59,12 +63,12 @@ more than 8 bits), but there doesn't seem to be much point in that anymore. I'd still kind of like to extend the zlib support to include zTXt, iTXt, iCCP, etc., but given the pace of recent years ("nonexistent" would be fair), folks -should definitely not hold their breath. Similarly, the code could also do a -better job with chunks whose data exceed the buffer size, and in general, -immense if-else blocks (e.g., > 3000 lines) are extremely nasty and should be -rewritten, but...yeah. The gap between 2.3.0 and 2.4.0 (the two previous -releases) was bigger than that between 2.3.0 and the creation of the PNG format -itself. :-/ (Did we mention that PNG turned 25 this year?) +should definitely not hold their breath waiting for that. Similarly, the code +could do a better job with chunks whose data exceed the buffer size, and in +general, immense if-else blocks (e.g., > 3000 lines) are extremely nasty and +should be rewritten, but...yeah. The gap between 2.3.0 and 2.4.0 (the two +previous releases) was bigger than that between 2.3.0 and the creation of the +PNG format itself. :-/ (Did we mention that PNG turned 25 in 2020?) But if there ever are additional updates, you might find them here: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pngcheck-3.0.0/pngcheck.1 new/pngcheck-3.0.3/pngcheck.1 --- old/pngcheck-3.0.0/pngcheck.1 2020-12-13 07:00:04.000000000 +0100 +++ new/pngcheck-3.0.3/pngcheck.1 2021-04-26 06:11:41.000000000 +0200 @@ -1,19 +1,19 @@ -.TH PNGCHECK "1" "December 2020" "pngcheck 3.0.0" "User Commands" +.TH PNGCHECK "1" "April 2021" "pngcheck 3.0.3" "User Commands" .SH NAME -pngcheck \- manual page for pngcheck 3.0.0 +pngcheck \- manual page for pngcheck 3.0.3 .SH SYNOPSIS .B pngcheck -.RI [ \-7cfpqtv ] +.RI [ \-7cpqtv ] .I file.{png|jng|mng} .RI [ file2.{png|jng|mng} \ [...]] .br .RB ...\ |\ pngcheck -.RI [ \-7cfpqstvx ] +.RI [ \-7cpqstvx ] .br .B pngcheck -.RI [ \-7cfpqstvx ] \ file-containing-PNGs ... +.RI [ \-7cpqstvx ] \ file-containing-PNGs ... .SH DESCRIPTION -PNGcheck, version 3.0.0 of 12 December 2020, +PNGcheck, version 3.0.3 of 25 April 2021, by Alexander Lehmann, Andreas Dilger and Greg Roelofs. .PP Test PNG, JNG or MNG image files for corruption, and print size/type info. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/pngcheck-3.0.0/pngcheck.c new/pngcheck-3.0.3/pngcheck.c --- old/pngcheck-3.0.0/pngcheck.c 2020-12-13 06:19:48.000000000 +0100 +++ new/pngcheck-3.0.3/pngcheck.c 2021-04-26 06:21:03.000000000 +0200 @@ -17,7 +17,7 @@ /*============================================================================ * - * Copyright 1995-2020 by Alexander Lehmann <lehm...@usa.net>, + * Copyright 1995-2021 by Alexander Lehmann <lehm...@usa.net>, * Andreas Dilger <adil...@enel.ucalgary.ca>, * Glenn Randers-Pehrson <ran...@alum.rpi.edu>, * Greg Roelofs <n...@pobox.com>, @@ -33,7 +33,7 @@ * *===========================================================================*/ -#define VERSION "3.0.0 of 12 December 2020" +#define VERSION "3.0.3 of 25 April 2021" /* * NOTE: current MNG support is informational; error-checking is MINIMAL! @@ -320,7 +320,7 @@ #ifdef USE_ZLIB int first_idat = 1; /* flag: is this the first IDAT chunk? */ - int zlib_error = 0; /* reset in IHDR section; used for IDAT */ + int zlib_error = 0; /* gets reset in IHDR section; used for IDAT */ int check_zlib = 1; /* validate zlib stream (just IDATs for now) */ unsigned zlib_windowbits = 15; uch outbuf[BS]; @@ -752,9 +752,9 @@ fprintf(fpMsg, "\n" "Test PNG, JNG or MNG image files for corruption, and print size/type info." "\n\n" - "Usage: pngcheck [-7cfpqtv] file.{png|jng|mng} [file2.{png|jng|mng} [...]]\n" - " or: ... | pngcheck [-7cfpqstvx]\n" - " or: pngcheck [-7cfpqstvx] file-containing-PNGs...\n" + "Usage: pngcheck [-7cpqtv] file.{png|jng|mng} [file2.{png|jng|mng} [...]]\n" + " or: ... | pngcheck [-7cpqstvx]\n" + " or: pngcheck [-7cpqstvx] file-containing-PNGs...\n" "\n" "Options:\n" " -7 print contents of tEXt chunks, escape chars >=128 (for 7-bit terminals)\n" @@ -766,7 +766,7 @@ " -v test verbosely (print most chunk data)\n" #ifdef USE_ZLIB " -vv test very verbosely (decode & print line filters)\n" - " -w suppress windowBits test (more-stringent compression check)\n" + " -w suppress windowBits test (a more-stringent compression check)\n" #endif " -x search for PNGs within another file and extract them when found\n" "\n" @@ -1810,15 +1810,23 @@ err = inflate(&zstrm, Z_SYNC_FLUSH); if (err != Z_OK && err != Z_STREAM_END) { printf("%s zlib: inflate error = %d (%s)\n", - verbose > 1? "\n " : (verbose == 1? " ":fname), err, + verbose > 1? "\n " : (verbose == 1? " " : fname), err, (-err < 1 || -err > 6)? "unknown":zlib_error_type[-err-1]); zlib_error = 1; /* fatal error only for this PNG */ - break; /* kill inner loop */ + break; /* kill zlib loop */ } /* now have uncompressed, filtered image data in outbuf */ eod = outbuf + BS - zstrm.avail_out; while (p < eod) { + /* GRR 20210425: protect against run-on data, intentional or otherwise */ + if ((lace && cur_pass > 7) || (!lace && cur_y > h)) { + printf("%s extra data beyond end of image: possible exploit attempt\n", + verbose > 1? "\n " : (verbose == 1? " " : fname)); + zlib_error = 1; /* fatal error only for this PNG */ + err = Z_STREAM_END; /* kill middle loop */ + break; /* kill "innermost" loop (not counting short-image interlace one) */ + } if (cur_linebytes) { /* GRP 20000727: bugfix */ int filttype = p[0]; @@ -1910,12 +1918,23 @@ cur_yoff = 0; } cur_y = cur_yoff; + /* 20210416: fix by Ben Beasley for bug found by chiba of topsec alpha lab */ + if (cur_xskip == 0) { + printf("%s invalid interlacing state (zero xskip) in image data\n", + verbose > 1? "\n " : (verbose == 1? " " : fname)); + zlib_error = 1; /* fatal error only for this PNG */ + break; + } /* effective width is reduced if even pass: subtract cur_xoff */ cur_width = (w - cur_xoff + cur_xskip - 1) / cur_xskip; cur_linebytes = ((cur_width*bitdepth + 7) >> 3) + 1; if (cur_linebytes == 1) /* just the filter byte? no can do */ cur_linebytes = 0; /* GRP 20000727: added fix */ } + if (zlib_error) { /* GRR 20210425: propagate error out of remaining loops */ + err = Z_STREAM_END; /* kill middle loop */ + break; /* kill "innermost" loop (not counting short-image interlace one) */ + } } else if (cur_y >= h) { if (verbose > 3) { /* GRR 20000304: bad code */ printf(" %td bytes remaining in buffer before inflateEnd()", @@ -1931,32 +1950,36 @@ fflush(stdout); } else inflateEnd(&zstrm); /* we're all done */ - zlib_error = -1; /* kill outermost loop (over chunks) */ + zlib_error = -1; /* kill outermost loop (over consecutive PNG-mode IDAT chunks) */ err = Z_STREAM_END; /* kill middle loop */ - break; /* kill innermost loop */ + break; /* kill "innermost" loop (not counting short-image interlace one) */ } - } - p -= (eod - outbuf); /* wrap p back into outbuf region */ - zstrm.next_out = outbuf; - zstrm.avail_out = BS; + } /* end of byte-loop over uncompressed data */ - /* get more input (waiting until buffer empties is not necessary best - * zlib strategy, but simpler than shifting leftover data around) */ - if (zstrm.avail_in == 0 && sz > toread) { - int data_read; - - sz -= toread; - toread = (sz > BS)? BS:sz; - if ((data_read = fread(buffer, 1, toread, fp)) != toread) { - printf("\nEOF while reading %s data\n", chunkid); - set_err(kCriticalError); - return global_error; + if (!zlib_error && no_err(kMinorError)) { + p -= (eod - outbuf); /* wrap p back into outbuf region */ + zstrm.next_out = outbuf; + zstrm.avail_out = BS; + + /* get more input (waiting until buffer empties is not necessary best + * zlib strategy, but simpler than shifting leftover data around) */ + if (zstrm.avail_in == 0 && sz > toread) { + int data_read; + + sz -= toread; + toread = (sz > BS)? BS:sz; + if ((data_read = fread(buffer, 1, toread, fp)) != toread) { + printf("\nEOF while reading %s data\n", chunkid); + set_err(kCriticalError); + return global_error; + } + crc = update_crc(crc, buffer, toread); + zstrm.next_in = buffer; + zstrm.avail_in = toread; } - crc = update_crc(crc, buffer, toread); - zstrm.next_in = buffer; - zstrm.avail_in = toread; } - } + } /* end of zlib decoding loop */ + if (verbose > 1 && no_err(kMinorError)) printf("%s (%ld out of %ld)\n", color_off, numfilt, numfilt_total); } @@ -2852,10 +2875,10 @@ spc = " "; /* TODO: Support larger sPLT contents with an input-reading loop */ - if (nsplt > BS / jstep) { + if (nsplt > (BS - j) / jstep) { printf("%s printing truncated %scontents\n", verbose? ":":fname, verbose? "":"sPLT "); - nsplt = BS / jstep; + nsplt = (BS - j) / jstep; } /* GRR: could check for (required) non-increasing freq order */ /* GRR: could also check for all zero freqs: undefined hist */ @@ -3815,8 +3838,12 @@ printf("%s invalid %slength\n", verbose? ":":fname, verbose? "":"LOOP "); set_err(kMajorError); - } - if (verbose && no_err(kMinorError)) { + } else if (sz > BS) { + /* FIXME: large LOOP chunks should be supported */ + printf("%s checking large %schunk not currently supported\n", + verbose? ":":fname, verbose? "":"LOOP "); + set_err(kMinorError); + } else if (verbose && no_err(kMinorError)) { printf(": nest level = %u\n count = %lu, termination = %s\n", (unsigned)(buffer[0]), LG(buffer+1), sz == 5? termination_condition[0] : @@ -4068,7 +4095,7 @@ uch dtype = buffer[0]; uch first_idx = buffer[1]; uch last_idx = buffer[2]; - uch *buf = buffer+3; + int base = 3; int bytes_left = sz-3; int samples, npplt = 0, nblks = 0; @@ -4088,27 +4115,37 @@ if (bytes_left < 0) break; ++nblks; - for (i = first_idx; i <= last_idx; ++i, buf += samples) { + for (i = first_idx; i <= last_idx; ++i, base += samples) { + if (sz - samples < base) { + printf("%s implied sample outside %schunk bounds\n", + verbose? ":":fname, verbose? "":"PPLT "); + set_err(kMinorError); + /* break out of outer loop, and suppress additional length error */ + bytes_left = 0; + break; + } ++npplt; if (printpal) { if (samples == 4) printf(" %3d: %s(%3d,%3d,%3d,%3d) = " "%s(0x%02x,0x%02x,0x%02x,0x%02x)\n", i, - plus, buf[0], buf[1], buf[2], buf[3], - plus, buf[0], buf[1], buf[2], buf[3]); + plus, buffer[base + 0], buffer[base + 1], + buffer[base + 2], buffer[base + 3], + plus, buffer[base + 0], buffer[base + 1], + buffer[base + 2], buffer[base + 3]); else if (samples == 3) printf(" %3d: %s(%3d,%3d,%3d) = %s(0x%02x,0x%02x,0x%02x)\n", - i, plus, buf[0], buf[1], buf[2], - plus, buf[0], buf[1], buf[2]); + i, plus, buffer[base + 0], buffer[base + 1], buffer[base + 2], + plus, buffer[base + 0], buffer[base + 1], buffer[base + 2]); else printf(" %3d: %s(%3d) = %s(0x%02x)\n", i, - plus, *buf, plus, *buf); + plus, buffer[base], plus, buffer[base]); } } if (bytes_left > 2) { - first_idx = buf[0]; - last_idx = buf[1]; - buf += 2; + first_idx = buffer[base + 0]; + last_idx = buffer[base + 1]; + base += 2; bytes_left -= 2; } else if (bytes_left) break;
