[OpenJDK 2D-Dev] Use of obsolete png_check_sig function in splashscreen_png.c
Andrew John Hughes
ahughes at redhat.com
Mon Jun 7 18:05:18 UTC 2010
On 24 May 2010 19:07, Andrew John Hughes <ahughes at redhat.com> wrote:
> On 09:42 Thu 20 May , Phil Race wrote:
>> From http://www.libpng.org/pub/png/libpng.html
>> >The current public release, *libpng 1.4.2*, restores the 1.2.x
>> png_check_sig() macro ...
>> I suppose removing it caused too many problems.
> Ah, that explains why I couldn't replicate the failure recently and
> it was still in the local header file I checked.
> It's not exactly prominent on that page and the differences document
> still lists it as obsolete.
> I'd be interested to know why they reverted the decision.
>> So whilst I see nothing wrong with this change, I wonder if its worth
>> the trouble ?
> Well, it's no great trouble for me to push it given I've already made
> the (very minor) change. And if it isn't changed in OpenJDK upstream,
> I imagine the change will still have to stay around for a while in
> IcedTea to cover the 1.4.0 and 1.4.1 releases that do remove the
> macro (given we build against the system library, rather than the
> in-tree one).
>> If you still want to push I'll supply a bug id.
> Thanks, that'd be good.
>> 2 other things
>> 1) Not that it matters (just FYI) but splashscreen is considered to be
>> AWT not 2D,
>> even though libpng itself is 2D. Relevant only because the bug would be
>> not classes_2d.
> I always seem to get this wrong; the last two patches I sent to the
> awt list and was told to send here. Is there a guide to who has
> responsibility for what? It's certainly not clear from the
> openjdk.java.net pages, which indeed still list OpenJDK as having
> encumberances in the area of 2D; that hasn't been the case for a
> couple of years.
>> 2) Maybe we are due to upgrade the libpng in JDK ? We upgraded it
>> last in May 2007 right before launching openjdk, then to 1.2.18
>> Was there ever a 1.3.X ?? Looks like that got skipped for some reason.
>> Doesn't seem urgent but it might be a good thing to add to the to-do list.
> I've never seen a 1.3. Maybe they use the odd numbers as a development branch
> as is the case with Gtk+ and used to be the case with Linux prior to 2.6.
> In 1.4, the main changes are apparently 'support for the iTXt chunk
> and a function for limiting the amount of memory that a possibly
> malicious compressed chunk can consume.' The former is only really
> needed if files with iTXt chunks become prominent in the wild (which
> seems unlikely until 1.4 is widespread). The other change sounds like
> it could be more important.
> >From our side, I think it would be more useful to see in-tree support
> for building against the system libpng as we never use the in-tree
> version anyway. Using the system version means we are better covered
> for security updates and new versions of libpng don't first need to be
> imported into the OpenJDK tree.
>> Andrew John Hughes wrote:
>> > With libpng 1.4, the png_check_sig function has been removed, having
>> > been deprecated in previous releases:
>> > http://www.libpng.org/pub/png/src/libpng-1.2.x-to-1.4.x-summary.txt
>> > This function is used in splashscreen_png.c and can be easily be
>> > replaced with png_sig_cmp, as in this webrev:
>> > http://cr.openjdk.java.net/~andrew/libpng/webrev.01/
>> > This actually makes the line clearer as the not operator is no longer needed.
>> > I know OpenJDK still uses an in-tree libpng 1.2 by default, but this
>> > fix still works with that version and also means that the code will
>> > still build, should the internal libpng be upgraded to 1.4.
>> > Ok to push this? If so, can I have a bug ID for it?
>> > Thanks,
> Andrew :)
> Free Java Software Engineer
> Red Hat, Inc. (http://www.redhat.com)
> Support Free Java!
> Contribute to GNU Classpath and the OpenJDK
> PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
> Fingerprint = F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
So can I have a bug ID for this?
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the 2d-dev