[Png-mng-security] libpng-1.0.21rc1, 1.2.13rc1, and 1.4.0beta13

Glenn Randers-Pehrson glennrp at comcast.net
Sat Nov 11 12:12:56 UTC 2006 

At 12:32 PM 11/11/2006 +0100, Dimitri wrote:
>Hi,
>
>> They contain fixes for the two just-mentioned vulnerabilities.
>> Please review and test, but don't advertize or redistribute them.
>
>About the following change in pngconf.h:
>	#  if defined(XP_MACOSX) && !defined(PNG_NO_MMX_CODE)
>	     /* work around Intel-Mac compiler bug */
>	#    define PNG_NO_MMX_CODE
>	#  endif
>
>I wasn't aware of this issue and the only reference I was able to find 
>using is:
>http://support.realsoftware.com/listarchives/realbasic-plugins/2006-10/msg00037.html
>http://support.realsoftware.com/listarchives/realbasic-plugins/2006-10/msg00044.html
>
>The second message seems to imply that disabling MMX is not a solution:
>	pnggccrd.c despite it's name, does not get along with Apple's
>	GCC4, even when ASM and MMX are disabled (i.e., the "optimized"
>	C path crashes too).
>So does PNG_NO_MMX_CODE fix the problem or not? If not, maybe this 
>change shouldn't go into 1.2.13?

This is the first I've heard that the patch doesn't work.  The
reporters don't say whether they actually tried 1.2.13beta1 or
not.  They might have flubbed on disabling the optimized code.
Somehow they would have to be setting PNG_USE_PNGGCCRD.  Our
pngconf.h doesn't:

/* PNG_ASSEMBLER_CODE was enabled by default in version 1.2.0
   even when PNG_USE_PNGVCRD or PNG_USE_PNGGCCRD is not defined */
#if defined(PNG_READ_SUPPORTED) && !defined(PNG_NO_ASSEMBLER_CODE)
#  ifndef PNG_ASSEMBLER_CODE_SUPPORTED
#    define PNG_ASSEMBLER_CODE_SUPPORTED
#  endif
#  if defined(XP_MACOSX) && !defined(PNG_NO_MMX_CODE)
     /* work around Intel-Mac compiler bug */
#    define PNG_NO_MMX_CODE
#  endif
#  if !defined(PNG_MMX_CODE_SUPPORTED) && !defined(PNG_NO_MMX_CODE) && \
     defined(__MMX__)
#    define PNG_MMX_CODE_SUPPORTED
#  endif
#  if !defined(PNG_USE_PNGGCCRD) && !defined(PNG_NO_MMX_CODE) && \
     !defined(PNG_USE_PNGVCRD) && defined(__MMX__)
#    define PNG_USE_PNGGCCRD
#  endif
#endif

On the Mac, this code results in PNG_ASSEMBLER_CODE_SUPPORTED,
PNG_NO_MMX_CODE, and does not define PNG_USE_PNGGCCRD.

These makefiles in libpng-1.2.12 through libpng-1.2.13beta1
define PNG_USE_PNGGCCRD:

makefile.cygwin
makefile.freebsd
makefile.gcmmx
makefile.mingw
makefile.ne12bsd
makefile.netbsd
makefile.openbsd
makefile.sgi
makefile.solaris

If PNG_USE_PNGGCCRD is not defined, neither the MMX code nor the
optimized C code is compiled.

GLenn

More information about the png-mng-security-archive mailing list