png_read_info() prevents image loading if a iTXt or tEXt chunk is larger than PNG_USER_CHUNK_MALLOC_MAX

[langlor-autodesk]

By looking at the code it seems there is no way to prevent png_read_info() from calling longjmp if a png file contains a chunk larger than the maximum defined alloc size (with the exception of png_IDAT chunks). There was a reason for 347538e to introduce that limit and we do not think that increasing the user malloc max is a solution given that the png standard does not seem to impose a fixed limit on the maximum chunk size.

The issue prevents our application from loading some png files and we found no way to avoid the longjmp call even if we are not interested in reading the content of the affected chunks. We noticed the issue also affects other projects, this recent bug report (Open CV issue 22551) describes the problem very well

Maybe a solution like what was proposed in request 217 could be a possible solution to the current issue?

[jbowler]

Implement your own chunk handler and skip chunks which exceed the limit or, for that matter, which you don't need to process.

Anyway, I just checked the code and it is a "png_chunk_benign_error" preceeded by a png_chunk_warning so all you have to do is turn on PNG_FLAG_BENIGN_ERRORS_WARN and, if you need, do some highly dubious strcmp in your warning callback to see if you need to turn it into an error. It's only a hard error on a critical chunk, but those have to be read; you need to use a chunk handler to skip those.

[jbowler]

@ctruta I suggest you close this as not-a-bug since the support is already there in multiple different places (e.g. it is also possible to mark text chunks for unconditional disposal or, indeed, to set the size of the user_chunk_cache_max to 1 which seems to have the curious effect of junking sPLT, tEXt, zTXt, iTXt and really unknown chunks. There seem to be a vast number of ways of handling this and so far as I know they all work.