Am 18.05.2026 um 09:43 schrieb Norbert Preining: Hello Norbert,
again me ...
Glad to see your are still engaged.
I am not able to reproduce it with pdflatex. When I set SOURCE_DATE_EPOCH and FORCE_SOURCE_DATE I always get bit-perfect PDFs, even when valuators.png is included.I can now reproduce it. You need to the glibc to write random into the allocated buffers:
[ Much stuff regarding Memory allocation deleted ]
The actual diff might be different, due to the random noise generated.
Many thanks for engagement and more insight into the story. Great idea to use that MALLOC_PERTURB_ to generate random heap content to trigger the issue. I'm now really able to reproduce the issue and can confirm that your proposed patch at least solves this specific issue.
I have now posed this question on the pnggroup github discussion page: https://github.com/pnggroup/libpng/discussions/864
Many thanks for that! I've subscribed to that discussion and will follow it. Hilmar
OpenPGP_signature.asc
Description: OpenPGP digital signature
