)]}'
{
  "commit": "16b5e3823918840aae65c0a6da57c78a5a496a4d",
  "tree": "f7f83399de6dee8edbe2da22a12df42e2cd04f6f",
  "parents": [
    "08da33b4c88cfcd36e5a706558a8d7e0e4773643"
  ],
  "author": {
    "name": "Cosmin Truta",
    "email": "ctruta@gmail.com",
    "time": "Mon Nov 17 20:38:47 2025 +0200"
  },
  "committer": {
    "name": "Cosmin Truta",
    "email": "ctruta@gmail.com",
    "time": "Mon Nov 17 20:38:47 2025 +0200"
  },
  "message": "Fix a buffer overflow in `png_image_finish_read`\n\nReject bit-depth mismatches between IHDR and the requested output\nformat. When a 16-bit PNG is processed with an 8-bit output format\nrequest, `png_combine_row` writes using the IHDR depth before\ntransformation, causing writes beyond the buffer allocated via\n`PNG_IMAGE_SIZE(image)`.\n\nThe validation establishes a safe API contract where\n`PNG_IMAGE_SIZE(image)` is guaranteed to be sufficient across the\ntransformation pipeline.\n\nExample overflow (32×32 pixels, 16-bit RGB to 8-bit RGBA):\n- Input format: 16 bits/channel × 3 channels \u003d 6144 bytes\n- Output buffer: 8 bits/channel × 4 channels \u003d 4096 bytes\n- Overflow: 6144 bytes - 4096 bytes \u003d 2048 bytes\n\nLarger images produce proportionally larger overflows. For example,\nfor 256×256 pixels, the overflow is 131072 bytes.\n\nReported-by: yosiimich \u003cyosiimich@users.noreply.github.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "212afb7d215ae0916848aada091b20cebdd82131",
      "old_mode": 33188,
      "old_path": "pngread.c",
      "new_id": "92571ec33516bf2a29addc0d8d8463b2c98f5a07",
      "new_mode": 33188,
      "new_path": "pngread.c"
    }
  ]
}
