yocto-poky/meta/recipes-multimedia/libpng/libpng-1.6.17/CVE-2015-8126_4.patch

From 83f4c735c88e7f451541c1528d8043c31ba3b466 Mon Sep 17 00:00:00 2001
From: Glenn Randers-Pehrson <glennrp at users.sourceforge.net>
Date: Thu, 5 Nov 2015 11:18:44 -0600
Subject: [PATCH] [libpng16] Clean up coding style in png_handle_PLTE()

Upstream-Status: Backport
https://github.com/glennrp/libpng/commit/83f4c735c88e7f451541c1528d8043c31ba3b466

CVE:  CVE-2015-8126 patch #4
Signed-off-by: Armin Kuster <akuster@mvista.com>

---
 pngrutil.c | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

Index: libpng-1.6.17/pngrutil.c
===================================================================
--- libpng-1.6.17.orig/pngrutil.c
+++ libpng-1.6.17/pngrutil.c
@@ -925,18 +925,21 @@ png_handle_PLTE(png_structrp png_ptr, pn
       return;
    }
 
-   max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
-      (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
-
    /* The cast is safe because 'length' is less than 3*PNG_MAX_PALETTE_LENGTH */
    num = (int)length / 3;
 
-   /* If the palette has 256 or fewer entries but is too large for the bit depth,
-    * we don't issue an error, to preserve the behavior of previous libpng versions.
-    * We silently truncate the unused extra palette entries here.
+   /* If the palette has 256 or fewer entries but is too large for the bit
+    * depth, we don't issue an error, to preserve the behavior of previous
+    * libpng versions. We silently truncate the unused extra palette entries
+    * here.
     */
+   if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
+      max_palette_length = (1 << png_ptr->bit_depth);
+   else
+      max_palette_length = PNG_MAX_PALETTE_LENGTH;
+
    if (num > max_palette_length)
-     num = max_palette_length;
+      num = max_palette_length;
 
 #ifdef PNG_POINTER_INDEXING_SUPPORTED
    for (i = 0, pal_ptr = palette; i < num; i++, pal_ptr++)