From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H4,
	RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 27904 invoked from network); 10 Jul 2021 21:50:13 -0000
Received: from tb-ob20.topicbox.com (173.228.157.66)
  by inbox.vuxu.org with ESMTPUTF8; 10 Jul 2021 21:50:13 -0000
Received: from tb-mx1.topicbox.com (tb-mx1.nyi.icgroup.com [10.90.30.61])
	by tb-ob20.topicbox.com (Postfix) with ESMTP id B87C21DE98
	for <ml@inbox.vuxu.org>; Sat, 10 Jul 2021 17:50:10 -0400 (EDT)
	(envelope-from bounce.mMee347a801f72833f6f766ff2.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com)
Received: by tb-mx1.topicbox.com (Postfix, from userid 1132)
	id 787792C8582D; Sat, 10 Jul 2021 17:50:10 -0400 (EDT)
ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=none (no signatures
 found); dmarc=pass policy.published-domain-policy=quarantine
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none
 (p=quarantine,sp=quarantine,d=none,d.eval=none) policy.policy-from=p
 header.from=sdf.org; spf=pass smtp.mailfrom=adr@sdf.org smtp.helo=mx.sdf.org;
 x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message
 has been altered)) (Message modified while forwarding at Topicbox)
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=
	topicbox.com; h=date:to:subject:message-id:references
	:mime-version:content-type:in-reply-to:from:list-help:list-id
	:list-post:list-subscribe:reply-to:content-transfer-encoding
	:list-unsubscribe; s=sysmsg-1; t=1625953810; bh=XFkGKyy79h+hbEaa
	i68uKXJjwbkPOsDtGAXUSYb6K7c=; b=HrTqefCHRIFsfFjPFipFLKceHf5q0eOE
	K3fmmDS2r4aHhD0g+umge8Srcxq/7K3fSmgserWLAw8PbDbup/FI4EbtGv+wVMqX
	Be2deIO5+g9ROtR3buyUyGdxhAPUJLTw5jZcn/uFxkbfufX8HZJ3WBDUkB9Y8ut5
	wr81M2fopk4=
ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t=
	1625953810; b=h9rVCsN1KZ4fG2/DlvkoAEvqzgNxoqRzVLDJzaNZkr4ADhkr/i
	2XxIZ2Rk8uMGSD+9hSbrcNUc3vHsUhLRhdog6LMjJakzqNQLkd3Q4+Knm0HOt6uI
	N9raQqM7PmT6LVVnu7/GGvlGjcHF+sglRmSUdOItXL1Z7Bs7JWUiXh3eA=
Authentication-Results: topicbox.com; arc=pass; dkim=none (no signatures
 found); dmarc=pass policy.published-domain-policy=quarantine
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none
 (p=quarantine,sp=quarantine,d=none,d.eval=none) policy.policy-from=p
 header.from=sdf.org; spf=pass smtp.mailfrom=adr@sdf.org smtp.helo=mx.sdf.org;
 x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message
 has been altered)) (Message modified while forwarding at Topicbox)
X-Received-Authentication-Results: tb-mx1.topicbox.com; arc=none (no
 signatures found); bimi=none (No BIMI records found); dkim=none (no
 signatures found); dmarc=pass policy.published-domain-policy=quarantine
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none
 (p=quarantine,sp=quarantine,d=none,d.eval=none) policy.policy-from=p
 header.from=sdf.org; iprev=pass smtp.remote-ip=205.166.94.24 (mx.sdf.org);
 spf=pass smtp.mailfrom=adr@sdf.org smtp.helo=mx.sdf.org; x-aligned-from=pass
 (Address match); x-me-sender=none; x-ptr=pass smtp.helo=mx.sdf.org
 policy.ptr=mx.sdf.org; x-return-mx=pass header.domain=sdf.org
 policy.is_org=yes (MX Records found: mx.sdf.org); x-return-mx=pass
 smtp.domain=sdf.org policy.is_org=yes (MX Records found: mx.sdf.org);
 x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384
 smtp.bits=256/256; x-vs=clean score=0 state=0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=date:to
	:subject:message-id:references:mime-version:content-type
	:in-reply-to:from:list-help:list-id:list-post:list-subscribe
	:reply-to:content-transfer-encoding:list-unsubscribe; s=dkim-1;
	 bh=K7Zb+kgOf5hqORdv5bOJDW7Ve2AzZTRRbgRDEY+uFYs=; b=MkLpYow0i1BS
	h7U52WW12gaQN3saKse1+lEHo1QUvycwsMKJWKgbrM47GbIbnbKuwBntVvQpaU6a
	gM6cCdyczS3w2WhaqYCodEN/aTGbNQjAMe7jDZBUXrXAk3kV8m6MX9NLXCOywmIH
	2mAii5EpSABGjnASv7Lb5M6YfeOFXKg=
Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1])
	by tb-mx1.topicbox.com (Postfix) with ESMTP id 4DD3B2C85148
	for <9fans@9fans.net>; Sat, 10 Jul 2021 17:49:56 -0400 (EDT)
	(envelope-from adr@sdf.org)
Received: from tb-mx1.topicbox.com (localhost [127.0.0.1])
    by tb-mx1.topicbox.com (Authentication Milter) with ESMTP
    id 5C7188A265A;
    Sat, 10 Jul 2021 17:49:56 -0400
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t=
    1625953796; b=rBHjO00+cHDjutbYBOmr6YZ0leV5wHWnVoleCMJp2WqK7vIALr
    LTtZRJN6zwowmlJ4AKBum9KTbJL/BKytFpYoJmlOri2sDzuOqmZwoQRXYMpBzpcD
    rLOrX/TjRvMurQFuiTeWRkaUIUGXPVLN6ktUgsEucFn7tonY732624w/EcVMqZGo
    lhR0LGdgo69z4UVRvMQ95fQBIPYudNYFCd8vexlnVHiNX+nLh2gY6A4R+PAgtilp
    DehU3eAUKi9uAbfjXWAVmtYIR4BEPgktJmenaOMzsnH7TepAHfbZ4br0rBAxhrDm
    CVQlRQhlF1l1J7hEUmJEyF/ENr9+S07H3KMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
    topicbox.com; h=date:from:to:subject:message-id:references
    :mime-version:content-type:in-reply-to; s=arcseal; t=1625953796;
    bh=lOq5GBtCoVAXZ6+scQCjkW129UEuDN9cI5y3Ji+Aa0E=; b=FgnKA+nmKTPa
    yOMHCBKaxLVAYn+MwdVG73zYwmnVrkbe8cljS0Gxg/Mv6Swd+yY3LaTlpiryWxb/
    vtHNm1Nd+RDpAGdoJQIDVJXQyhkWZgulX0VAVHXv7s07epVARJfn1oNAk6s9ZewX
    +GpYb55hZWmIEvn8R0MgSkFP6KNAn5ecxrwxE/zagwBWRBbPLHNxqNSdf698Vaaj
    ZZLWCojwObzwSAYBUB101Qd293XVMYAdoCufJcJJa1UhnWSUbEuDqjLCuuo/zWyG
    hHo++3A/Om97DeBu70Q37umwlaFLJOf7rsOForwWA8+0gnEhXvKoaN7wi+nND5qX
    UQs9KYufLA==
ARC-Authentication-Results: i=1; tb-mx1.topicbox.com;
    arc=none (no signatures found);
    bimi=none (No BIMI records found);
    dkim=none (no signatures found);
    dmarc=pass policy.published-domain-policy=quarantine
    policy.published-subdomain-policy=quarantine
    policy.applied-disposition=none policy.evaluated-disposition=none
    (p=quarantine,sp=quarantine,d=none,d.eval=none) policy.policy-from=p
    header.from=sdf.org;
    iprev=pass smtp.remote-ip=205.166.94.24 (mx.sdf.org);
    spf=pass smtp.mailfrom=adr@sdf.org smtp.helo=mx.sdf.org;
    x-aligned-from=pass (Address match);
    x-me-sender=none;
    x-ptr=pass smtp.helo=mx.sdf.org policy.ptr=mx.sdf.org;
    x-return-mx=pass header.domain=sdf.org policy.is_org=yes
    (MX Records found: mx.sdf.org);
    x-return-mx=pass smtp.domain=sdf.org policy.is_org=yes
    (MX Records found: mx.sdf.org);
    x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384
    smtp.bits=256/256;
    x-vs=clean score=0 state=0
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvtddrtdekgdduiedvucdltddurdegudelrddttd
    dmucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgf
    nhhsuhgsshgtrhhisggvpdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttd
    enucenucfjughrpeffhffvuffkfhggtggujgesthdtredttddtvdenucfhrhhomheprggu
    rhesshgufhdrohhrghenucggtffrrghtthgvrhhnpedutdehheehgfevheduiefgheduve
    ethffggeelgfeikeejleeivefhhedvhfdvkeenucfkphepvddthedrudeiiedrleegrddv
    gedpvddthedrudeiiedrleegrdduieenucevlhhushhtvghrufhiiigvpedtnecurfgrrh
    grmhepihhnvghtpedvtdehrdduieeirdelgedrvdegpdhhvghlohepmhigrdhsughfrdho
    rhhgpdhmrghilhhfrhhomhepoegrughrsehsughfrdhorhhgqe
X-ME-VSScore: 0
X-ME-VSCategory: clean
Received-SPF: pass
    (sdf.org: 205.166.94.24 is authorized to use 'adr@sdf.org' in 'mfrom' identity (mechanism 'ip4:205.166.94.0/24' matched))
    receiver=tb-mx1.topicbox.com;
    identity=mailfrom;
    envelope-from="adr@sdf.org";
    helo=mx.sdf.org;
    client-ip=205.166.94.24
Received: from mx.sdf.org (mx.sdf.org [205.166.94.24])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by tb-mx1.topicbox.com (Postfix) with ESMTPS
	for <9fans@9fans.net>; Sat, 10 Jul 2021 17:49:55 -0400 (EDT)
	(envelope-from adr@sdf.org)
Received: from sdf.org (IDENT:adr@sdf.org [205.166.94.16])
	by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 16ALnsfA002779
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO)
	for <9fans@9fans.net>; Sat, 10 Jul 2021 21:49:55 GMT
Received: (from adr@localhost)
	by sdf.org (8.15.2/8.12.8/Submit) id 16ALnsQF024086
	for 9fans@9fans.net; Sat, 10 Jul 2021 21:49:54 GMT
Date: Sat, 10 Jul 2021 21:49:54 +0000
To: 9fans@9fans.net
Subject: Re: [9fans] pngread: alloc chunk's length
Message-ID: <20210710214954.2edyc4spnlfxaq2z@sdf.org>
Mail-Followup-To: 9fans@9fans.net
References: <20210710212801.dg62ekms73ev5ydm@sdf.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Disposition: inline
In-Reply-To: <20210710212801.dg62ekms73ev5ydm@sdf.org>
Topicbox-Policy-Reasoning: allow: sender is a member
Topicbox-Message-UUID: c730f570-e1c8-11eb-a21e-b5623481ad43
Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?=
 =?UTF-8?B?ZmFucy9UNGE3MTRlZDE0YzUwNzY3YS1NZWUzNDdhODAxZjcyODMzZjZmNzY2?=
 =?UTF-8?B?ZmYyPg==?=
From: "adr via 9fans" <9fans@9fans.net>
List-Help: <https://9fans.topicbox.com/groups/9fans>
List-Id: "9fans" <9fans.9fans.net>
List-Post: <mailto:9fans@9fans.net>
List-Software: Topicbox v0
List-Subscribe: <https://9fans.topicbox.com/groups/9fans>
Precedence: list
Reply-To: 9fans <9fans@9fans.net>
Content-Transfer-Encoding: quoted-printable
List-Unsubscribe: <https://9fans.topicbox.com/groups/9fans>,
 <mailto:9fans+unsubscribe@9fans.net?subject=x-tx-unsubscribe:2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Mee347a801f72833f6f766ff2:1:plkhjst3NeEWRzZQb4FVdS6XfeI2E-tFpFf40XGu9zs>
Topicbox-Delivery-ID:
 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Mee347a801f72833f6f766ff2:1:VudcVfFE7-QLaQTneuZmwoTxl3ZqYGPFx3VD8dm00rI

Checking the sent mail I noticed that I forgot to remove mag...

--- sys/src/cmd/jpg/readpng.c   Thu Jan 24 23:39:55 2013
+++ /sys/src/cmd/jpg/readpng.c  Sat Jul 10 13:09:13 2021
@@ -10,8 +10,6 @@
=20
 enum
 {
-       IDATSIZE =3D 1000000,
-
        /* filtering algorithms */
        FilterNone =3D    0,      /* new[x][y] =3D buf[x][y] */
        FilterSub =3D     1,      /* new[x][y] =3D buf[x][y] + new[x-1][y] =
*/=20
@@ -51,7 +49,6 @@
 struct ZlibR
 {
        Biobuf *io;             /* input buffer */
-       uchar *buf;             /* malloc'ed staging buffer */
        uchar *p;                       /* next byte to decompress */
        uchar *e;                       /* end of buffer */
        ZlibW *w;
@@ -94,19 +91,26 @@
 }
=20
 static int
-getchunk(Biobuf *b, char *type, uchar *d, int m)
+chunklen(Biobuf *b)
 {
-       uchar buf[8];
+       uchar buf[4];
+
+       if(Bread(b, buf, 4) !=3D 4)
+               return -1;
+       return get4(buf);
+}
+
+static int
+getchunk(Biobuf *b, char *type, uchar *d, int n)
+{
+       uchar buf[4];
        ulong crc =3D 0, crc2;
-       int n, nr;
+       int nr;
=20
-       if(Bread(b, buf, 8) !=3D 8)
+       if(Bread(b, buf, 4) !=3D 4)
                return -1;
-       n =3D get4(buf);
-       memmove(type, buf+4, 4);
+       memmove(type, buf, 4);
        type[4] =3D 0;
-       if(n > m)
-               sysfatal("getchunk needed %d, had %d", n, m);
        nr =3D Bread(b, d, n);
        if(nr !=3D n)
                sysfatal("getchunk read %d, expected %d", nr, n);
@@ -117,7 +121,7 @@
        crc2 =3D get4(buf);
        if(crc !=3D crc2)
                sysfatal("getchunk crc failed");
-       return n;
+       return 0;
 }
=20
 static int
@@ -129,25 +133,31 @@
=20
        if(z->p >=3D z->e){
        Again:
-               z->p =3D z->buf;
+               n =3D chunklen(z->io);
+               if(n < 0)
+                       return -1;
+               z->p =3D pngmalloc(n, 0);
                z->e =3D z->p;
-               n =3D getchunk(z->io, type, z->p, IDATSIZE);
-               if(n < 0 || strcmp(type, "IEND") =3D=3D 0)
+               getchunk(z->io, type, z->p, n);
+               if(strcmp(type, "IEND") =3D=3D 0){
+                       free(z->p);
                        return -1;
+               }
                z->e =3D z->p + n;
                if(!strcmp(type,"PLTE")){
                        if(n < 3 || n > 3*256 || n%3)
                                sysfatal("invalid PLTE chunk len %d", n);
                        memcpy(z->w->palette, z->p, n);
                        z->w->palsize =3D 256;
+                       free(z->p);
                        goto Again;
                }
-               if(type[0] & PropertyBit)
+               if(type[0] & PropertyBit){
+                       free(z->p);
                        goto Again;  /* skip auxiliary chunks fornow */
-               if(strcmp(type,"IDAT")){
-                       sysfatal("unrecognized mandatory chunk %s", type);
-                       goto Again;
                }
+               if(strcmp(type,"IDAT"))
+                       sysfatal("unrecognized mandatory chunk %s", type);
        }
        return *z->p++;
 }
@@ -388,13 +398,18 @@
        ZlibR zr;
        ZlibW zw;
=20
-       buf =3D pngmalloc(IDATSIZE, 0);
+       buf =3D pngmalloc(sizeof PNGmagic, 0);
        if(Bread(b, buf, sizeof PNGmagic) !=3D sizeof PNGmagic ||
            memcmp(PNGmagic, buf, sizeof PNGmagic) !=3D 0)
                sysfatal("bad PNGmagic");
+       free(buf);
=20
-       n =3D getchunk(b, type, buf, IDATSIZE);
-       if(n < 13 || strcmp(type,"IHDR") !=3D 0)
+       n =3D chunklen(b);
+       if(n < 0)
+               sysfatal("missing IHDR chunk");
+       buf =3D pngmalloc(n, 0);
+       getchunk(b, type, buf, n);
+       if(strcmp(type,"IHDR") !=3D 0)
                sysfatal("missing IHDR chunk");
        h =3D buf;
        dx =3D get4(h);
@@ -460,7 +475,7 @@
        memset(&zr, 0, sizeof zr);
        zr.w =3D &zw;
        zr.io =3D b;
-       zr.buf =3D buf;
+       free(buf);
=20
        memset(&zw, 0, sizeof zw);
        if(useadam7)
@@ -483,7 +498,6 @@
        if(err)
                sysfatal("inflatezlib %s\n", flateerr(err));
=20
-       free(buf);
        free(zw.scan);
        free(zw.lastscan);
        return image;

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T4a714ed14c50767a-Mee347=
a801f72833f6f766ff2
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription