From 6a5b253a72f659f36d6e19bf467672c529d56b86 Mon Sep 17 00:00:00 2001 From: Shinwoo Kim Date: Thu, 7 May 2020 12:15:02 +0900 Subject: [PATCH] evas: fix png regression issue Summary: Accidentally commit "382c580 evas: add support for .9.png file to PNG loader." adding the 9 patch feature with small code refactoring made use of setjmp incorrectly. [Problem] evas_image_load_file_data_png calls _evas_image_load_file_internal_head_png, and _evas_image_load_file_internal_head_png calls setjmp and returns without problem. And png_read_row calls longjmp. This causes jumping into a function which was exited. Problematic png file will be attached. [Solution] Save calling environment i.e. call setjmp, after returning from _evas_image_load_file_internal_head_png. Test Plan: Problematic png file {F3876983} And example code. {F3876986} Reviewers: Hermet, jsuya, herb Reviewed By: Hermet Subscribers: cedric, #reviewers, #committers Tags: #efl Differential Revision: https://phab.enlightenment.org/D11782 --- .../evas/image_loaders/png/evas_image_load_png.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/modules/evas/image_loaders/png/evas_image_load_png.c b/src/modules/evas/image_loaders/png/evas_image_load_png.c index 3af01a1a2d..5b8d33f8d3 100644 --- a/src/modules/evas/image_loaders/png/evas_image_load_png.c +++ b/src/modules/evas/image_loaders/png/evas_image_load_png.c @@ -316,6 +316,12 @@ evas_image_load_file_head_with_data_png(void *loader_data, if (!_evas_image_load_file_internal_head_png(loader, prop, &epi, error, EINA_FALSE)) return EINA_FALSE; + if (setjmp(png_jmpbuf(epi.png_ptr))) + { + *error = EVAS_LOAD_ERROR_CORRUPT_FILE; + goto close_file; + } + image_w = epi.w32; image_h = epi.h32; @@ -613,6 +619,12 @@ evas_image_load_file_data_png(void *loader_data, if (!_evas_image_load_file_internal_head_png(loader, prop, &epi, error, EINA_FALSE)) return EINA_FALSE; + if (setjmp(png_jmpbuf(epi.png_ptr))) + { + *error = EVAS_LOAD_ERROR_CORRUPT_FILE; + goto close_file; + } + image_w = epi.w32; image_h = epi.h32; if (opts->emile.scale_down_by > 1)