John Bowler
John Bowler
> Not explicitly. But I do use `png_init_io(pPngStruct, a_pFile);` > So, it's using FILE * across runtimes that's causing the problem? IRC that's a crasher; msvcrt.dll and msvcrtd.dll (or whatever...
It's a bug; zero length IDATs are valid and actually have a certain use in real PNG files to arrange for the IDAT chunks to be on a mmap'ed page...
See my comment here: https://github.com/glennrp/libpng/pull/446#issuecomment-1315663412
Information required: 1) Analysis; all the local variables have been initialized, but what is the fuzzer complaining about because the variables have four separate memory locations in them. 2) Test...
> Thank you @thealberto, I just wrote my code review. Your fix is nice and elegant, but, unfortunately, it flatly downgrades the performance everywhere and we cannot afford it for...
Ok, so try this patch (which I will also attach): ``` diff --git a/pngrutil.c b/pngrutil.c index ca060dd15..988d832ae 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -4044,6 +4044,9 @@ static void png_read_filter_row_paeth_multibyte_pixel(png_row_infop row_info,...
Ok; please attach that file to the bug report and please also attach the git commit you used and the changes you actually made; this wasn't in the patch I...
Yes, your change will always fail; you're just doing this test: `if (pointer - 2 < pointer)` Surely it is obvious that this test is always true? So I don't...
Oh. That's completely different. **Please attach the actual failing data stream (i.e. input file, or whatever it is) to this bug report.** BTW: unless you have used the z_stream API...
> [reproducer.zip](https://github.com/glennrp/libpng/files/10099194/reproducer.zip) Oh; I hadn't realized that those are PNG files. I will have a look at them.