limit number of PNG chunks

reduces the threat of PNG decompression bombs
2021-08-06 10:55:08 +01:00 · 2021-08-06 10:55:08 +01:00 · fd1a036cd8
parent 5263686511
commit fd1a036cd8
1 changed files with 11 additions and 1 deletions
--- a/libvips/foreign/vipspng.c
+++ b/libvips/foreign/vipspng.c
@ -310,11 +310,21 @@ read_new( VipsSource *source, VipsImage *out, gboolean fail )
 	if( !(read->pInfo = png_create_info_struct( read->pPng )) ) 
 		return( NULL );

+#ifdef HAVE_PNG_SET_CHUNK_MALLOC_MAX
+
 	/* By default, libpng refuses to open files with a metadata chunk 
 	 * larger than 8mb. We've seen real files with 20mb, so set 50mb.
 	 */
-#ifdef HAVE_PNG_SET_CHUNK_MALLOC_MAX
 	png_set_chunk_malloc_max( read->pPng, 50 * 1024 * 1024 );
+
+	/* This limits the number of chunks. The limit from
+	 * png_set_chunk_malloc_max() times this value is the maximum 
+	 * memory use.
+	 *
+	 * libnpng defaults to 1000, which is rather high.
+	 */
+	png_set_chunk_cache_max( read->pPng, 100 );
+
 #endif /*HAVE_PNG_SET_CHUNK_MALLOC_MAX*/

 	png_read_info( read->pPng, read->pInfo );