Bug#969502: libpng16-16: fails decoding PNGs with invalid eXIf chunk

Thu, 03 Sep 2020 12:54:16 -0700 

Package: libpng16-16
Version: 1.6.36-6
Severity: normal

Dear Maintainer,

Please note that while report is generated from Debian Stretch host, it's for 
the Debian Buster package.

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

When trying to decode the image with an invalid eXIf chunk, i.e. the one 
lacking byte order marker ("II", or "MM") in the first 2 bytes[1], it fails by 
misreading the rest of the chunk.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

Tried to decode malformed image[2] using one of the libpng consumer, e.g. 
gmagick display image.png

   * What was the outcome of this action?

It failed to decode the image complaining 

   * What outcome did you expect instead?

I was hoping for image to be successfully decoded

To resolve this on our side, we are using following diff, which fixes the 
misreading of header by correcting the length of the rest of the chunk:

--------------------------------------------------------------------------------------

--- pngrutil.c.orig
+++ pngrutil.c
@@ -2079,7 +2079,7 @@
       if (i == 1 && buf[0] != 'M' && buf[0] != 'I'
                  && info_ptr->eXIf_buf[0] != buf[0])
       {
-         png_crc_finish(png_ptr, length);
+         png_crc_finish(png_ptr, length - 2);
          png_chunk_benign_error(png_ptr, "incorrect byte-order specifier");
          png_free(png_ptr, info_ptr->eXIf_buf);
          info_ptr->eXIf_buf = NULL;

--------------------------------------------------------------------------------------

A similar diff is also present in this pull request[3].

Thanks in advance

References:
[1] http://ftp-osl.osuosl.org/pub/libpng/documents/pngext-1.5.0.html#C.eXIf
[2] http://www.lostca.se/~abbe/test1.png
[3] 
https://github.com/glennrp/libpng/pull/326/commits/f8c13f61fb4a302a046c2dff46bccd64838a53b3

*** End of the template - remove these template lines ***


-- System Information:
Debian Release: 9.4
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968), LANGUAGE=C 
(charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libpng16-16 depends on:
ii  libc6   2.24-11+deb9u3
ii  zlib1g  1:1.2.8.dfsg-5

libpng16-16 recommends no packages.

libpng16-16 suggests no packages.

-- no debconf information

Reply via email to