)]}'
{
  "commit": "218612ddd6b17944e21eda56caf8b4bf7779d1ea",
  "tree": "098ab373eda98977a50ad02f59d95873e2654bb2",
  "parents": [
    "16b5e3823918840aae65c0a6da57c78a5a496a4d"
  ],
  "author": {
    "name": "Cosmin Truta",
    "email": "ctruta@gmail.com",
    "time": "Wed Nov 19 21:45:13 2025 +0200"
  },
  "committer": {
    "name": "Cosmin Truta",
    "email": "ctruta@gmail.com",
    "time": "Wed Nov 19 21:45:13 2025 +0200"
  },
  "message": "Rearchitect the fix to the buffer overflow in `png_image_finish_read`\n\nUndo the fix from commit 16b5e3823918840aae65c0a6da57c78a5a496a4d.\nThat fix turned out to be unnecessarily limiting. It rejected all\n16-to-8 bit transformations, although the vulnerability only affects\ninterlaced PNGs where `png_combine_row` writes using IHDR bit-depth\nbefore the transformation completes.\n\nThe proper solution is to add an intermediate `local_row` buffer,\nspecifically for the slow but necessary step of 16-to-8 bit conversion\nof interlaced images. (The processing of non-interlaced images remains\nintact, using the fast path.) We added the flag `do_local_scale` and\nthe function `png_image_read_direct_scaled`, following the pattern that\ninvolves `do_local_compose`.\n\nIn conclusion:\n- The 16-to-8 bit transformations of interlaced images are now safe,\n  as they use an intermediate buffer.\n- The 16-to-8 bit transformations of non-interlaced images remain safe,\n  as the fast path remains unchanged.\n- All our regression tests are now passing.\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "92571ec33516bf2a29addc0d8d8463b2c98f5a07",
      "old_mode": 33188,
      "old_path": "pngread.c",
      "new_id": "79917daaaf988f9a9c954f5dc662dabf6da19e90",
      "new_mode": 33188,
      "new_path": "pngread.c"
    }
  ]
}
