51 lines
1.5 KiB
Diff
51 lines
1.5 KiB
Diff
diff --git a/pngset.c b/pngset.c
|
|
index 5f62af1..772df71 100644
|
|
--- a/pngset.c
|
|
+++ b/pngset.c
|
|
@@ -513,12 +513,17 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
|
|
png_const_colorp palette, int num_palette)
|
|
{
|
|
|
|
+ png_uint_32 max_palette_length;
|
|
+
|
|
png_debug1(1, "in %s storage function", "PLTE");
|
|
|
|
if (png_ptr == NULL || info_ptr == NULL)
|
|
return;
|
|
|
|
- if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH)
|
|
+ max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
|
|
+ (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
|
|
+
|
|
+ if (num_palette < 0 || num_palette > max_palette_length)
|
|
{
|
|
if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
|
|
png_error(png_ptr, "Invalid palette length");
|
|
diff --git a/pngwutil.c b/pngwutil.c
|
|
index 9e6019e..01be584 100644
|
|
--- a/pngwutil.c
|
|
+++ b/pngwutil.c
|
|
@@ -922,17 +922,20 @@ void /* PRIVATE */
|
|
png_write_PLTE(png_structrp png_ptr, png_const_colorp palette,
|
|
png_uint_32 num_pal)
|
|
{
|
|
- png_uint_32 i;
|
|
+ png_uint_32 max_palette_length, i;
|
|
png_const_colorp pal_ptr;
|
|
png_byte buf[3];
|
|
|
|
png_debug(1, "in png_write_PLTE");
|
|
|
|
+ max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
|
|
+ (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
|
|
+
|
|
if ((
|
|
#ifdef PNG_MNG_FEATURES_SUPPORTED
|
|
(png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0 &&
|
|
#endif
|
|
- num_pal == 0) || num_pal > 256)
|
|
+ num_pal == 0) || num_pal > max_palette_length)
|
|
{
|
|
if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
|
|
{
|