Re: libpng bug
49 views
Skip to first unread message
Mike Klein
Feb 13, 2015, 10:55:47 AM2/13/15
to Smiding, Henrik, skia-d...@googlegroups.com, Leon Scroggins
No idea about where to route the bug... probably not us, probably libpng, but who knows? I'll add Leon and skia-discuss to loop in the team.
Skia only really pulls libpng for our own testing. When part of Chrome or Android, we use theirs. (And that's only for Android testing. When built on a Mac, we use theirs. When built on Linux, we require it's installed as part of the system. We don't use it on Windows to my knowledge.) That said, I do think we're testing against Android's version for consistency.
Skia only really pulls libpng for our own testing. When part of Chrome or Android, we use theirs. (And that's only for Android testing. When built on a Mac, we use theirs. When built on Linux, we require it's installed as part of the system. We don't use it on Windows to my knowledge.) That said, I do think we're testing against Android's version for consistency.
Mike
On Fri Feb 13 2015 at 10:49:55 AM Smiding, Henrik <henrik....@intel.com> wrote:
Hi
I've found a bug in libPNG in Android 5.0. It doesn't seem to have been fixed in MR1.
Where should something like that be upstreamed? AOSP, Skia, or libpng project?
How often does Skia grab a new version of libpng? Because it seems AOSP doesn't update that often at all.
I'm currently checking libpng 1.6.11-1.6.17 to see if it's been fixed in libpng already, or if they at least know about it.
/Henrik
----------------------------------------------------------------------
Intel Sweden AB
Registered Office: Knarrarnasgatan 15, 164 40 Kista, Stockholm, Sweden
Registration Number: 556189-6027
This e-mail and any attachments may contain confidential material for
the sole use of the intended recipient(s). Any review or distribution
by others is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete all copies.
Leon Scroggins
Feb 13, 2015, 11:16:00 AM2/13/15
to Mike Klein, Smiding, Henrik, skia-d...@googlegroups.com
If the bug is in libpng itself, I would file a bug against libpng.
Regardless, it would be good to file against AOSP. Please cc me (scr...@google.com) on the bug and/or email me the link. For Android, we will need to update libpng or work around the bug.
Regardless, it would be good to file against AOSP. Please cc me (scr...@google.com) on the bug and/or email me the link. For Android, we will need to update libpng or work around the bug.
--
Leon Scroggins III
scr...@google.com
scr...@google.com
Leon Scroggins
Feb 17, 2015, 7:42:46 AM2/17/15
to Smiding, Henrik, Mike Klein, skia-d...@googlegroups.com
Thanks for the heads up, Henrik. We definitely need to update the version of libpng. As I understand it, the code you mentioned (added to AOSP to support indexing and seekable PNGs) makes it more difficult to update, since we are running on a forked version. It is my goal to remove our dependency on the fork.
On Tue, Feb 17, 2015 at 7:32 AM, Smiding, Henrik <henrik....@intel.com> wrote:
Leon, FYI, libpng homepage warns about a vulnerability in versions between 1.6.9 and 1.6.15. Perhaps an update to 1.6.16 is in order nonetheless?
See http://www.libpng.org/pub/png/libpng.html
/Henrik
From: Smiding, Henrik
Sent: Monday, February 16, 2015 5:17 PM
To: 'Leon Scroggins'; Mike Klein
Cc: skia-d...@googlegroups.com
Subject: RE: libpng bug
It seems to be in code added by AOSP, to support indexing and seekable PNGs.
I guess it’s enough to upstream to AOSP, as soon as I have a patch.
/Henrik
Reply all
Reply to author
Forward
0 new messages