Merge "Revise png_set_text_2() to avoid potential memory corruption (fixes CVE-2011-3048)"

commit: 4c5554b04e73f89d4a9bab8cbcec1943d8c274be [log] [tgz]
author: Geremy Condra <gcondra@google.com> Mon Apr 23 10:31:12 2012 -0700
committer: Android (Google) Code Review <android-gerrit@google.com> Mon Apr 23 10:31:12 2012 -0700
tree: e3cbe97a1d980dc43437d23bfc8e6b68f0a98e33
parent: 9dddf651ebc622db16467626ae0f5995d11e246f [diff]
parent: 5e12401790abb7416c1a27ff077e0a823e8cefd8 [diff]
diff --git a/pngrutil.c b/pngrutil.c
index d67af58..31c9b01 100644
--- a/pngrutil.c
+++ b/pngrutil.c

@@ -264,8 +264,8 @@
       {
          if (output != 0 && output_size > count)
          {
-            int copy = output_size - count;
-            if (avail < copy) copy = avail;
+            png_size_t copy = output_size - count;
+            if ((png_size_t) avail < copy) copy = (png_size_t) avail;
             png_memcpy(output + count, png_ptr->zbuf, copy);
          }
          count += avail;
commit	4c5554b04e73f89d4a9bab8cbcec1943d8c274be	[log] [tgz]
author	Geremy Condra <gcondra@google.com>	Mon Apr 23 10:31:12 2012 -0700
committer	Android (Google) Code Review <android-gerrit@google.com>	Mon Apr 23 10:31:12 2012 -0700
tree	e3cbe97a1d980dc43437d23bfc8e6b68f0a98e33
parent	9dddf651ebc622db16467626ae0f5995d11e246f [diff]
parent	5e12401790abb7416c1a27ff077e0a823e8cefd8 [diff]