summaryrefslogtreecommitdiff
path: root/libpng/pngrutil.c
diff options
context:
space:
mode:
Diffstat (limited to 'libpng/pngrutil.c')
-rw-r--r--libpng/pngrutil.c733
1 files changed, 401 insertions, 332 deletions
diff --git a/libpng/pngrutil.c b/libpng/pngrutil.c
index 6c5c37526..fb5f5f083 100644
--- a/libpng/pngrutil.c
+++ b/libpng/pngrutil.c
@@ -1,8 +1,8 @@
/* pngrutil.c - utilities to read a PNG file
*
- * Last changed in libpng 1.6.17 [March 26, 2015]
- * Copyright (c) 1998-2015 Glenn Randers-Pehrson
+ * Last changed in libpng 1.6.26 [October 20, 2016]
+ * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
*
@@ -86,10 +86,16 @@ png_get_int_32)(png_const_bytep buf)
{
png_uint_32 uval = png_get_uint_32(buf);
if ((uval & 0x80000000) == 0) /* non-negative */
- return uval;
+ return (png_int_32)uval;
uval = (uval ^ 0xffffffff) + 1; /* 2's complement: -x = ~x+1 */
- return -(png_int_32)uval;
+ if ((uval & 0x80000000) == 0) /* no overflow */
+ return -(png_int_32)uval;
+ /* The following has to be safe; this function only gets called on PNG data
+ * and if we get here that data is invalid. 0 is the most safe value and
+ * if not then an attacker would surely just generate a PNG with 0 instead.
+ */
+ return 0;
}
/* Grab an unsigned 16-bit integer from a buffer in big-endian format. */
@@ -98,7 +104,7 @@ png_get_uint_16)(png_const_bytep buf)
{
/* ANSI-C requires an int value to accomodate at least 16 bits so this
* works and allows the compiler not to worry about possible narrowing
- * on 32 bit systems. (Pre-ANSI systems did not make integers smaller
+ * on 32-bit systems. (Pre-ANSI systems did not make integers smaller
* than 16 bits either.)
*/
unsigned int val =
@@ -341,7 +347,7 @@ png_inflate_claim(png_structrp png_ptr, png_uint_32 owner)
* are minimal.
*/
(void)png_safecat(msg, (sizeof msg), 4, " using zstream");
-#if PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC
+#if PNG_RELEASE_BUILD
png_chunk_warning(png_ptr, msg);
png_ptr->zowner = 0;
#else
@@ -364,21 +370,24 @@ png_inflate_claim(png_structrp png_ptr, png_uint_32 owner)
*/
{
int ret; /* zlib return code */
-#if PNG_ZLIB_VERNUM >= 0x1240
+#if ZLIB_VERNUM >= 0x1240
+ int window_bits = 0;
# if defined(PNG_SET_OPTION_SUPPORTED) && defined(PNG_MAXIMUM_INFLATE_WINDOW)
- int window_bits;
-
if (((png_ptr->options >> PNG_MAXIMUM_INFLATE_WINDOW) & 3) ==
PNG_OPTION_ON)
+ {
window_bits = 15;
+ png_ptr->zstream_start = 0; /* fixed window size */
+ }
else
- window_bits = 0;
-# else
-# define window_bits 0
+ {
+ png_ptr->zstream_start = 1;
+ }
# endif
-#endif
+
+#endif /* ZLIB_VERNUM >= 0x1240 */
/* Set this for safety, just in case the previous owner left pointers to
* memory allocations.
@@ -390,25 +399,31 @@ png_inflate_claim(png_structrp png_ptr, png_uint_32 owner)
if ((png_ptr->flags & PNG_FLAG_ZSTREAM_INITIALIZED) != 0)
{
-#if PNG_ZLIB_VERNUM < 0x1240
- ret = inflateReset(&png_ptr->zstream);
-#else
+#if ZLIB_VERNUM >= 0x1240
ret = inflateReset2(&png_ptr->zstream, window_bits);
+#else
+ ret = inflateReset(&png_ptr->zstream);
#endif
}
else
{
-#if PNG_ZLIB_VERNUM < 0x1240
- ret = inflateInit(&png_ptr->zstream);
-#else
+#if ZLIB_VERNUM >= 0x1240
ret = inflateInit2(&png_ptr->zstream, window_bits);
+#else
+ ret = inflateInit(&png_ptr->zstream);
#endif
if (ret == Z_OK)
png_ptr->flags |= PNG_FLAG_ZSTREAM_INITIALIZED;
}
+#if ZLIB_VERNUM >= 0x1281
+ /* Turn off validation of the ADLER32 checksum */
+ if ((png_ptr->flags & PNG_FLAG_CRC_CRITICAL_IGNORE) != 0)
+ ret = inflateValidate(&png_ptr->zstream, 0);
+#endif
+
if (ret == Z_OK)
png_ptr->zowner = owner;
@@ -423,7 +438,33 @@ png_inflate_claim(png_structrp png_ptr, png_uint_32 owner)
#endif
}
+#if ZLIB_VERNUM >= 0x1240
+/* Handle the start of the inflate stream if we called inflateInit2(strm,0);
+ * in this case some zlib versions skip validation of the CINFO field and, in
+ * certain circumstances, libpng may end up displaying an invalid image, in
+ * contrast to implementations that call zlib in the normal way (e.g. libpng
+ * 1.5).
+ */
+int /* PRIVATE */
+png_zlib_inflate(png_structrp png_ptr, int flush)
+{
+ if (png_ptr->zstream_start && png_ptr->zstream.avail_in > 0)
+ {
+ if ((*png_ptr->zstream.next_in >> 4) > 7)
+ {
+ png_ptr->zstream.msg = "invalid window size (libpng)";
+ return Z_DATA_ERROR;
+ }
+
+ png_ptr->zstream_start = 0;
+ }
+
+ return inflate(&png_ptr->zstream, flush);
+}
+#endif /* Zlib >= 1.2.4 */
+
#ifdef PNG_READ_COMPRESSED_TEXT_SUPPORTED
+#if defined(PNG_READ_zTXt_SUPPORTED) || defined (PNG_READ_iTXt_SUPPORTED)
/* png_inflate now returns zlib error codes including Z_OK and Z_STREAM_END to
* allow the caller to do multiple calls if required. If the 'finish' flag is
* set Z_FINISH will be passed to the final inflate() call and Z_STREAM_END must
@@ -516,7 +557,7 @@ png_inflate(png_structrp png_ptr, png_uint_32 owner, int finish,
* the previous chunk of input data. Tell zlib if we have reached the
* end of the output buffer.
*/
- ret = inflate(&png_ptr->zstream, avail_out > 0 ? Z_NO_FLUSH :
+ ret = PNG_INFLATE(png_ptr, avail_out > 0 ? Z_NO_FLUSH :
(finish ? Z_FINISH : Z_SYNC_FLUSH));
} while (ret == Z_OK);
@@ -562,9 +603,9 @@ png_inflate(png_structrp png_ptr, png_uint_32 owner, int finish,
*/
static int
png_decompress_chunk(png_structrp png_ptr,
- png_uint_32 chunklength, png_uint_32 prefix_size,
- png_alloc_size_t *newlength /* must be initialized to the maximum! */,
- int terminate /*add a '\0' to the end of the uncompressed data*/)
+ png_uint_32 chunklength, png_uint_32 prefix_size,
+ png_alloc_size_t *newlength /* must be initialized to the maximum! */,
+ int terminate /*add a '\0' to the end of the uncompressed data*/)
{
/* TODO: implement different limits for different types of chunk.
*
@@ -575,7 +616,7 @@ png_decompress_chunk(png_structrp png_ptr,
*/
png_alloc_size_t limit = PNG_SIZE_MAX;
-# ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
+# ifdef PNG_SET_USER_LIMITS_SUPPORTED
if (png_ptr->user_chunk_malloc_max > 0 &&
png_ptr->user_chunk_malloc_max < limit)
limit = png_ptr->user_chunk_malloc_max;
@@ -601,8 +642,8 @@ png_decompress_chunk(png_structrp png_ptr,
png_uint_32 lzsize = chunklength - prefix_size;
ret = png_inflate(png_ptr, png_ptr->chunk_name, 1/*finish*/,
- /* input: */ png_ptr->read_buffer + prefix_size, &lzsize,
- /* output: */ NULL, newlength);
+ /* input: */ png_ptr->read_buffer + prefix_size, &lzsize,
+ /* output: */ NULL, newlength);
if (ret == Z_STREAM_END)
{
@@ -622,15 +663,15 @@ png_decompress_chunk(png_structrp png_ptr,
*/
png_alloc_size_t new_size = *newlength;
png_alloc_size_t buffer_size = prefix_size + new_size +
- (terminate != 0);
+ (terminate != 0);
png_bytep text = png_voidcast(png_bytep, png_malloc_base(png_ptr,
- buffer_size));
+ buffer_size));
if (text != NULL)
{
ret = png_inflate(png_ptr, png_ptr->chunk_name, 1/*finish*/,
- png_ptr->read_buffer + prefix_size, &lzsize,
- text + prefix_size, newlength);
+ png_ptr->read_buffer + prefix_size, &lzsize,
+ text + prefix_size, newlength);
if (ret == Z_STREAM_END)
{
@@ -670,7 +711,6 @@ png_decompress_chunk(png_structrp png_ptr,
* success)
*/
png_free(png_ptr, text);
- text = NULL;
/* This really is very benign, but it's still an error because
* the extra space may otherwise be used as a Trojan Horse.
@@ -718,6 +758,7 @@ png_decompress_chunk(png_structrp png_ptr,
return Z_MEM_ERROR;
}
}
+#endif /* READ_zTXt || READ_iTXt */
#endif /* READ_COMPRESSED_TEXT */
#ifdef PNG_READ_iCCP_SUPPORTED
@@ -726,8 +767,8 @@ png_decompress_chunk(png_structrp png_ptr,
*/
static int
png_inflate_read(png_structrp png_ptr, png_bytep read_buffer, uInt read_size,
- png_uint_32p chunk_bytes, png_bytep next_out, png_alloc_size_t *out_size,
- int finish)
+ png_uint_32p chunk_bytes, png_bytep next_out, png_alloc_size_t *out_size,
+ int finish)
{
if (png_ptr->zowner == png_ptr->chunk_name)
{
@@ -766,8 +807,8 @@ png_inflate_read(png_structrp png_ptr, png_bytep read_buffer, uInt read_size,
* the available output is produced; this allows reading of truncated
* streams.
*/
- ret = inflate(&png_ptr->zstream,
- *chunk_bytes > 0 ? Z_NO_FLUSH : (finish ? Z_FINISH : Z_SYNC_FLUSH));
+ ret = PNG_INFLATE(png_ptr, *chunk_bytes > 0 ?
+ Z_NO_FLUSH : (finish ? Z_FINISH : Z_SYNC_FLUSH));
}
while (ret == Z_OK && (*out_size > 0 || png_ptr->zstream.avail_out > 0));
@@ -867,7 +908,7 @@ void /* PRIVATE */
png_handle_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
{
png_color palette[PNG_MAX_PALETTE_LENGTH];
- int num, i;
+ int max_palette_length, num, i;
#ifdef PNG_POINTER_INDEXING_SUPPORTED
png_colorp pal_ptr;
#endif
@@ -928,6 +969,19 @@ png_handle_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
/* The cast is safe because 'length' is less than 3*PNG_MAX_PALETTE_LENGTH */
num = (int)length / 3;
+ /* If the palette has 256 or fewer entries but is too large for the bit
+ * depth, we don't issue an error, to preserve the behavior of previous
+ * libpng versions. We silently truncate the unused extra palette entries
+ * here.
+ */
+ if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
+ max_palette_length = (1 << png_ptr->bit_depth);
+ else
+ max_palette_length = PNG_MAX_PALETTE_LENGTH;
+
+ if (num > max_palette_length)
+ num = max_palette_length;
+
#ifdef PNG_POINTER_INDEXING_SUPPORTED
for (i = 0, pal_ptr = palette; i < num; i++, pal_ptr++)
{
@@ -960,7 +1014,7 @@ png_handle_PLTE(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
#endif
{
- png_crc_finish(png_ptr, 0);
+ png_crc_finish(png_ptr, (png_uint_32) (length - (unsigned int)num * 3));
}
#ifndef PNG_READ_OPT_PLTE_SUPPORTED
@@ -1147,11 +1201,13 @@ png_handle_sBIT(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
return;
for (i=0; i<truelen; ++i)
+ {
if (buf[i] == 0 || buf[i] > sample_depth)
{
png_chunk_benign_error(png_ptr, "invalid");
return;
}
+ }
if ((png_ptr->color_type & PNG_COLOR_MASK_COLOR) != 0)
{
@@ -1241,7 +1297,7 @@ png_handle_cHRM(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
png_ptr->colorspace.flags |= PNG_COLORSPACE_FROM_cHRM;
(void)png_colorspace_set_chromaticities(png_ptr, &png_ptr->colorspace, &xy,
- 1/*prefer cHRM values*/);
+ 1/*prefer cHRM values*/);
png_colorspace_sync(png_ptr, info_ptr);
}
#endif
@@ -1381,8 +1437,8 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
png_ptr->zstream.next_in = (Bytef*)keyword + (keyword_length+2);
png_ptr->zstream.avail_in = read_length;
(void)png_inflate_read(png_ptr, local_buffer,
- (sizeof local_buffer), &length, profile_header, &size,
- 0/*finish: don't, because the output is too small*/);
+ (sizeof local_buffer), &length, profile_header, &size,
+ 0/*finish: don't, because the output is too small*/);
if (size == 0)
{
@@ -1392,14 +1448,14 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
png_get_uint_32(profile_header);
if (png_icc_check_length(png_ptr, &png_ptr->colorspace,
- keyword, profile_length) != 0)
+ keyword, profile_length) != 0)
{
/* The length is apparently ok, so we can check the 132
* byte header.
*/
if (png_icc_check_header(png_ptr, &png_ptr->colorspace,
- keyword, profile_length, profile_header,
- png_ptr->color_type) != 0)
+ keyword, profile_length, profile_header,
+ png_ptr->color_type) != 0)
{
/* Now read the tag table; a variable size buffer is
* needed at this point, allocate one for the whole
@@ -1407,20 +1463,20 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
* that none of these stuff will overflow.
*/
const png_uint_32 tag_count = png_get_uint_32(
- profile_header+128);
+ profile_header+128);
png_bytep profile = png_read_buffer(png_ptr,
- profile_length, 2/*silent*/);
+ profile_length, 2/*silent*/);
if (profile != NULL)
{
memcpy(profile, profile_header,
- (sizeof profile_header));
+ (sizeof profile_header));
size = 12 * tag_count;
(void)png_inflate_read(png_ptr, local_buffer,
- (sizeof local_buffer), &length,
- profile + (sizeof profile_header), &size, 0);
+ (sizeof local_buffer), &length,
+ profile + (sizeof profile_header), &size, 0);
/* Still expect a buffer error because we expect
* there to be some tag data!
@@ -1428,22 +1484,22 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
if (size == 0)
{
if (png_icc_check_tag_table(png_ptr,
- &png_ptr->colorspace, keyword, profile_length,
- profile) != 0)
+ &png_ptr->colorspace, keyword, profile_length,
+ profile) != 0)
{
/* The profile has been validated for basic
* security issues, so read the whole thing in.
*/
size = profile_length - (sizeof profile_header)
- - 12 * tag_count;
+ - 12 * tag_count;
(void)png_inflate_read(png_ptr, local_buffer,
- (sizeof local_buffer), &length,
- profile + (sizeof profile_header) +
- 12 * tag_count, &size, 1/*finish*/);
+ (sizeof local_buffer), &length,
+ profile + (sizeof profile_header) +
+ 12 * tag_count, &size, 1/*finish*/);
if (length > 0 && !(png_ptr->flags &
- PNG_FLAG_BENIGN_ERRORS_WARN))
+ PNG_FLAG_BENIGN_ERRORS_WARN))
errmsg = "extra compressed data";
/* But otherwise allow extra data: */
@@ -1455,34 +1511,34 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
* keep going.
*/
png_chunk_warning(png_ptr,
- "extra compressed data");
+ "extra compressed data");
}
png_crc_finish(png_ptr, length);
finished = 1;
-# ifdef PNG_sRGB_SUPPORTED
- /* Check for a match against sRGB */
- png_icc_set_sRGB(png_ptr,
- &png_ptr->colorspace, profile,
- png_ptr->zstream.adler);
-# endif
+# if defined(PNG_sRGB_SUPPORTED) && PNG_sRGB_PROFILE_CHECKS >= 0
+ /* Check for a match against sRGB */
+ png_icc_set_sRGB(png_ptr,
+ &png_ptr->colorspace, profile,
+ png_ptr->zstream.adler);
+# endif
/* Steal the profile for info_ptr. */
if (info_ptr != NULL)
{
png_free_data(png_ptr, info_ptr,
- PNG_FREE_ICCP, 0);
+ PNG_FREE_ICCP, 0);
info_ptr->iccp_name = png_voidcast(char*,
- png_malloc_base(png_ptr,
- keyword_length+1));
+ png_malloc_base(png_ptr,
+ keyword_length+1));
if (info_ptr->iccp_name != NULL)
{
memcpy(info_ptr->iccp_name, keyword,
- keyword_length+1);
+ keyword_length+1);
info_ptr->iccp_proflen =
- profile_length;
+ profile_length;
info_ptr->iccp_profile = profile;
png_ptr->read_buffer = NULL; /*steal*/
info_ptr->free_me |= PNG_FREE_ICCP;
@@ -1650,7 +1706,7 @@ png_handle_sPLT(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
++entry_start;
/* A sample depth should follow the separator, and we should be on it */
- if (entry_start > buffer + length - 2)
+ if (length < 2U || entry_start > buffer + (length - 2U))
{
png_warning(png_ptr, "malformed sPLT chunk");
return;
@@ -1664,30 +1720,30 @@ png_handle_sPLT(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
data_length = length - (png_uint_32)(entry_start - buffer);
/* Integrity-check the data length */
- if ((data_length % entry_size) != 0)
+ if ((data_length % (unsigned int)entry_size) != 0)
{
png_warning(png_ptr, "sPLT chunk has bad length");
return;
}
- dl = (png_int_32)(data_length / entry_size);
+ dl = (png_uint_32)(data_length / (unsigned int)entry_size);
max_dl = PNG_SIZE_MAX / (sizeof (png_sPLT_entry));
if (dl > max_dl)
{
- png_warning(png_ptr, "sPLT chunk too long");
- return;
+ png_warning(png_ptr, "sPLT chunk too long");
+ return;
}
- new_palette.nentries = (png_int_32)(data_length / entry_size);
+ new_palette.nentries = (png_int_32)(data_length / (unsigned int)entry_size);
- new_palette.entries = (png_sPLT_entryp)png_malloc_warn(
- png_ptr, new_palette.nentries * (sizeof (png_sPLT_entry)));
+ new_palette.entries = (png_sPLT_entryp)png_malloc_warn(png_ptr,
+ (png_alloc_size_t) new_palette.nentries * (sizeof (png_sPLT_entry)));
if (new_palette.entries == NULL)
{
- png_warning(png_ptr, "sPLT chunk requires too much memory");
- return;
+ png_warning(png_ptr, "sPLT chunk requires too much memory");
+ return;
}
#ifdef PNG_POINTER_INDEXING_SUPPORTED
@@ -1817,7 +1873,8 @@ png_handle_tRNS(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
return;
}
- if (length > png_ptr->num_palette || length > PNG_MAX_PALETTE_LENGTH ||
+ if (length > (unsigned int) png_ptr->num_palette ||
+ length > (unsigned int) PNG_MAX_PALETTE_LENGTH ||
length == 0)
{
png_crc_finish(png_ptr, length);
@@ -1980,7 +2037,8 @@ png_handle_hIST(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
num = length / 2 ;
- if (num != png_ptr->num_palette || num > PNG_MAX_PALETTE_LENGTH)
+ if (num != (unsigned int) png_ptr->num_palette ||
+ num > (unsigned int) PNG_MAX_PALETTE_LENGTH)
{
png_crc_finish(png_ptr, length);
png_chunk_benign_error(png_ptr, "invalid");
@@ -2152,7 +2210,7 @@ png_handle_pCAL(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
/* We need to have at least 12 bytes after the purpose string
* in order to get the parameter information.
*/
- if (endptr <= buf + 12)
+ if (endptr - buf <= 12)
{
png_chunk_benign_error(png_ptr, "invalid");
return;
@@ -2217,7 +2275,7 @@ png_handle_pCAL(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
}
png_set_pCAL(png_ptr, info_ptr, (png_charp)buffer, X0, X1, type, nparams,
- (png_charp)units, params);
+ (png_charp)units, params);
png_free(png_ptr, params);
}
@@ -2260,7 +2318,7 @@ png_handle_sCAL(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
}
png_debug1(2, "Allocating and reading sCAL chunk data (%u bytes)",
- length + 1);
+ length + 1);
buffer = png_read_buffer(png_ptr, length+1, 2/*silent*/);
@@ -2312,7 +2370,7 @@ png_handle_sCAL(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
else
/* This is the (only) success case. */
png_set_sCAL_s(png_ptr, info_ptr, buffer[0],
- (png_charp)buffer+1, (png_charp)buffer+heighti);
+ (png_charp)buffer+1, (png_charp)buffer+heighti);
}
}
#endif
@@ -2412,8 +2470,8 @@ png_handle_tEXt(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
if (buffer == NULL)
{
- png_chunk_benign_error(png_ptr, "out of memory");
- return;
+ png_chunk_benign_error(png_ptr, "out of memory");
+ return;
}
png_crc_read(png_ptr, buffer, length);
@@ -2520,7 +2578,7 @@ png_handle_zTXt(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
* and text chunks.
*/
if (png_decompress_chunk(png_ptr, length, keyword_length+2,
- &uncompressed_length, 1/*terminate*/) == Z_STREAM_END)
+ &uncompressed_length, 1/*terminate*/) == Z_STREAM_END)
{
png_text text;
@@ -2660,7 +2718,7 @@ png_handle_iTXt(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
* iCCP and text chunks.
*/
if (png_decompress_chunk(png_ptr, length, prefix_length,
- &uncompressed_length, 1/*terminate*/) == Z_STREAM_END)
+ &uncompressed_length, 1/*terminate*/) == Z_STREAM_END)
buffer = png_ptr->read_buffer;
else
@@ -2715,14 +2773,14 @@ png_cache_unknown_chunk(png_structrp png_ptr, png_uint_32 length)
png_ptr->unknown_chunk.data = NULL;
}
-# ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
- if (png_ptr->user_chunk_malloc_max > 0 &&
- png_ptr->user_chunk_malloc_max < limit)
- limit = png_ptr->user_chunk_malloc_max;
+# ifdef PNG_SET_USER_LIMITS_SUPPORTED
+ if (png_ptr->user_chunk_malloc_max > 0 &&
+ png_ptr->user_chunk_malloc_max < limit)
+ limit = png_ptr->user_chunk_malloc_max;
# elif PNG_USER_CHUNK_MALLOC_MAX > 0
- if (PNG_USER_CHUNK_MALLOC_MAX < limit)
- limit = PNG_USER_CHUNK_MALLOC_MAX;
+ if (PNG_USER_CHUNK_MALLOC_MAX < limit)
+ limit = PNG_USER_CHUNK_MALLOC_MAX;
# endif
if (length <= limit)
@@ -2740,7 +2798,7 @@ png_cache_unknown_chunk(png_structrp png_ptr, png_uint_32 length)
{
/* Do a 'warn' here - it is handled below. */
png_ptr->unknown_chunk.data = png_voidcast(png_bytep,
- png_malloc_warn(png_ptr, length));
+ png_malloc_warn(png_ptr, length));
}
}
@@ -2765,7 +2823,7 @@ png_cache_unknown_chunk(png_structrp png_ptr, png_uint_32 length)
/* Handle an unknown, or known but disabled, chunk */
void /* PRIVATE */
png_handle_unknown(png_structrp png_ptr, png_inforp info_ptr,
- png_uint_32 length, int keep)
+ png_uint_32 length, int keep)
{
int handled = 0; /* the chunk was handled */
@@ -2785,7 +2843,7 @@ png_handle_unknown(png_structrp png_ptr, png_inforp info_ptr,
*/
# ifndef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
# ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED
- keep = png_chunk_unknown_handling(png_ptr, png_ptr->chunk_name);
+ keep = png_chunk_unknown_handling(png_ptr, png_ptr->chunk_name);
# endif
# endif
@@ -2794,153 +2852,153 @@ png_handle_unknown(png_structrp png_ptr, png_inforp info_ptr,
* PNG_READ_UNKNOWN_CHUNKS_SUPPORTED)
*/
# ifdef PNG_READ_USER_CHUNKS_SUPPORTED
- /* The user callback takes precedence over the chunk keep value, but the
- * keep value is still required to validate a save of a critical chunk.
- */
- if (png_ptr->read_user_chunk_fn != NULL)
+ /* The user callback takes precedence over the chunk keep value, but the
+ * keep value is still required to validate a save of a critical chunk.
+ */
+ if (png_ptr->read_user_chunk_fn != NULL)
+ {
+ if (png_cache_unknown_chunk(png_ptr, length) != 0)
{
- if (png_cache_unknown_chunk(png_ptr, length) != 0)
+ /* Callback to user unknown chunk handler */
+ int ret = (*(png_ptr->read_user_chunk_fn))(png_ptr,
+ &png_ptr->unknown_chunk);
+
+ /* ret is:
+ * negative: An error occurred; png_chunk_error will be called.
+ * zero: The chunk was not handled, the chunk will be discarded
+ * unless png_set_keep_unknown_chunks has been used to set
+ * a 'keep' behavior for this particular chunk, in which
+ * case that will be used. A critical chunk will cause an
+ * error at this point unless it is to be saved.
+ * positive: The chunk was handled, libpng will ignore/discard it.
+ */
+ if (ret < 0)
+ png_chunk_error(png_ptr, "error in user chunk");
+
+ else if (ret == 0)
{
- /* Callback to user unknown chunk handler */
- int ret = (*(png_ptr->read_user_chunk_fn))(png_ptr,
- &png_ptr->unknown_chunk);
-
- /* ret is:
- * negative: An error occurred; png_chunk_error will be called.
- * zero: The chunk was not handled, the chunk will be discarded
- * unless png_set_keep_unknown_chunks has been used to set
- * a 'keep' behavior for this particular chunk, in which
- * case that will be used. A critical chunk will cause an
- * error at this point unless it is to be saved.
- * positive: The chunk was handled, libpng will ignore/discard it.
+ /* If the keep value is 'default' or 'never' override it, but
+ * still error out on critical chunks unless the keep value is
+ * 'always' While this is weird it is the behavior in 1.4.12.
+ * A possible improvement would be to obey the value set for the
+ * chunk, but this would be an API change that would probably
+ * damage some applications.
+ *
+ * The png_app_warning below catches the case that matters, where
+ * the application has not set specific save or ignore for this
+ * chunk or global save or ignore.
*/
- if (ret < 0)
- png_chunk_error(png_ptr, "error in user chunk");
-
- else if (ret == 0)
+ if (keep < PNG_HANDLE_CHUNK_IF_SAFE)
{
- /* If the keep value is 'default' or 'never' override it, but
- * still error out on critical chunks unless the keep value is
- * 'always' While this is weird it is the behavior in 1.4.12.
- * A possible improvement would be to obey the value set for the
- * chunk, but this would be an API change that would probably
- * damage some applications.
- *
- * The png_app_warning below catches the case that matters, where
- * the application has not set specific save or ignore for this
- * chunk or global save or ignore.
- */
- if (keep < PNG_HANDLE_CHUNK_IF_SAFE)
+# ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED
+ if (png_ptr->unknown_default < PNG_HANDLE_CHUNK_IF_SAFE)
{
-# ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED
- if (png_ptr->unknown_default < PNG_HANDLE_CHUNK_IF_SAFE)
- {
- png_chunk_warning(png_ptr, "Saving unknown chunk:");
- png_app_warning(png_ptr,
- "forcing save of an unhandled chunk;"
- " please call png_set_keep_unknown_chunks");
- /* with keep = PNG_HANDLE_CHUNK_IF_SAFE */
- }
-# endif
- keep = PNG_HANDLE_CHUNK_IF_SAFE;
+ png_chunk_warning(png_ptr, "Saving unknown chunk:");
+ png_app_warning(png_ptr,
+ "forcing save of an unhandled chunk;"
+ " please call png_set_keep_unknown_chunks");
+ /* with keep = PNG_HANDLE_CHUNK_IF_SAFE */
}
- }
-
- else /* chunk was handled */
- {
- handled = 1;
- /* Critical chunks can be safely discarded at this point. */
- keep = PNG_HANDLE_CHUNK_NEVER;
+# endif
+ keep = PNG_HANDLE_CHUNK_IF_SAFE;
}
}
- else
- keep = PNG_HANDLE_CHUNK_NEVER; /* insufficient memory */
+ else /* chunk was handled */
+ {
+ handled = 1;
+ /* Critical chunks can be safely discarded at this point. */
+ keep = PNG_HANDLE_CHUNK_NEVER;
+ }
}
else
- /* Use the SAVE_UNKNOWN_CHUNKS code or skip the chunk */
+ keep = PNG_HANDLE_CHUNK_NEVER; /* insufficient memory */
+ }
+
+ else
+ /* Use the SAVE_UNKNOWN_CHUNKS code or skip the chunk */
# endif /* READ_USER_CHUNKS */
# ifdef PNG_SAVE_UNKNOWN_CHUNKS_SUPPORTED
- {
- /* keep is currently just the per-chunk setting, if there was no
- * setting change it to the global default now (not that this may
- * still be AS_DEFAULT) then obtain the cache of the chunk if required,
- * if not simply skip the chunk.
- */
- if (keep == PNG_HANDLE_CHUNK_AS_DEFAULT)
- keep = png_ptr->unknown_default;
-
- if (keep == PNG_HANDLE_CHUNK_ALWAYS ||
- (keep == PNG_HANDLE_CHUNK_IF_SAFE &&
- PNG_CHUNK_ANCILLARY(png_ptr->chunk_name)))
- {
- if (png_cache_unknown_chunk(png_ptr, length) == 0)
- keep = PNG_HANDLE_CHUNK_NEVER;
- }
+ {
+ /* keep is currently just the per-chunk setting, if there was no
+ * setting change it to the global default now (not that this may
+ * still be AS_DEFAULT) then obtain the cache of the chunk if required,
+ * if not simply skip the chunk.
+ */
+ if (keep == PNG_HANDLE_CHUNK_AS_DEFAULT)
+ keep = png_ptr->unknown_default;
- else
- png_crc_finish(png_ptr, length);
+ if (keep == PNG_HANDLE_CHUNK_ALWAYS ||
+ (keep == PNG_HANDLE_CHUNK_IF_SAFE &&
+ PNG_CHUNK_ANCILLARY(png_ptr->chunk_name)))
+ {
+ if (png_cache_unknown_chunk(png_ptr, length) == 0)
+ keep = PNG_HANDLE_CHUNK_NEVER;
}
+
+ else
+ png_crc_finish(png_ptr, length);
+ }
# else
# ifndef PNG_READ_USER_CHUNKS_SUPPORTED
# error no method to support READ_UNKNOWN_CHUNKS
# endif
- {
- /* If here there is no read callback pointer set and no support is
- * compiled in to just save the unknown chunks, so simply skip this
- * chunk. If 'keep' is something other than AS_DEFAULT or NEVER then
- * the app has erroneously asked for unknown chunk saving when there
- * is no support.
- */
- if (keep > PNG_HANDLE_CHUNK_NEVER)
- png_app_error(png_ptr, "no unknown chunk support available");
+ {
+ /* If here there is no read callback pointer set and no support is
+ * compiled in to just save the unknown chunks, so simply skip this
+ * chunk. If 'keep' is something other than AS_DEFAULT or NEVER then
+ * the app has erroneously asked for unknown chunk saving when there
+ * is no support.
+ */
+ if (keep > PNG_HANDLE_CHUNK_NEVER)
+ png_app_error(png_ptr, "no unknown chunk support available");
- png_crc_finish(png_ptr, length);
- }
+ png_crc_finish(png_ptr, length);
+ }
# endif
# ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED
- /* Now store the chunk in the chunk list if appropriate, and if the limits
- * permit it.
- */
- if (keep == PNG_HANDLE_CHUNK_ALWAYS ||
- (keep == PNG_HANDLE_CHUNK_IF_SAFE &&
- PNG_CHUNK_ANCILLARY(png_ptr->chunk_name)))
- {
-# ifdef PNG_USER_LIMITS_SUPPORTED
- switch (png_ptr->user_chunk_cache_max)
- {
- case 2:
- png_ptr->user_chunk_cache_max = 1;
- png_chunk_benign_error(png_ptr, "no space in chunk cache");
- /* FALL THROUGH */
- case 1:
- /* NOTE: prior to 1.6.0 this case resulted in an unknown critical
- * chunk being skipped, now there will be a hard error below.
- */
- break;
-
- default: /* not at limit */
- --(png_ptr->user_chunk_cache_max);
- /* FALL THROUGH */
- case 0: /* no limit */
-# endif /* USER_LIMITS */
- /* Here when the limit isn't reached or when limits are compiled
- * out; store the chunk.
- */
- png_set_unknown_chunks(png_ptr, info_ptr,
- &png_ptr->unknown_chunk, 1);
- handled = 1;
+ /* Now store the chunk in the chunk list if appropriate, and if the limits
+ * permit it.
+ */
+ if (keep == PNG_HANDLE_CHUNK_ALWAYS ||
+ (keep == PNG_HANDLE_CHUNK_IF_SAFE &&
+ PNG_CHUNK_ANCILLARY(png_ptr->chunk_name)))
+ {
# ifdef PNG_USER_LIMITS_SUPPORTED
- break;
- }
-# endif
+ switch (png_ptr->user_chunk_cache_max)
+ {
+ case 2:
+ png_ptr->user_chunk_cache_max = 1;
+ png_chunk_benign_error(png_ptr, "no space in chunk cache");
+ /* FALL THROUGH */
+ case 1:
+ /* NOTE: prior to 1.6.0 this case resulted in an unknown critical
+ * chunk being skipped, now there will be a hard error below.
+ */
+ break;
+
+ default: /* not at limit */
+ --(png_ptr->user_chunk_cache_max);
+ /* FALL THROUGH */
+ case 0: /* no limit */
+# endif /* USER_LIMITS */
+ /* Here when the limit isn't reached or when limits are compiled
+ * out; store the chunk.
+ */
+ png_set_unknown_chunks(png_ptr, info_ptr,
+ &png_ptr->unknown_chunk, 1);
+ handled = 1;
+# ifdef PNG_USER_LIMITS_SUPPORTED
+ break;
}
+# endif
+ }
# else /* no store support: the chunk must be handled by the user callback */
- PNG_UNUSED(info_ptr)
+ PNG_UNUSED(info_ptr)
# endif
/* Regardless of the error handling below the cached data (if any) can be
@@ -3042,13 +3100,13 @@ png_combine_row(png_const_structrp png_ptr, png_bytep dp, int display)
end_ptr = dp + PNG_ROWBYTES(pixel_depth, row_width) - 1;
end_byte = *end_ptr;
# ifdef PNG_READ_PACKSWAP_SUPPORTED
- if ((png_ptr->transformations & PNG_PACKSWAP) != 0)
- /* little-endian byte */
- end_mask = 0xff << end_mask;
+ if ((png_ptr->transformations & PNG_PACKSWAP) != 0)
+ /* little-endian byte */
+ end_mask = (unsigned int)(0xff << end_mask);
- else /* big-endian byte */
+ else /* big-endian byte */
# endif
- end_mask = 0xff >> end_mask;
+ end_mask = 0xff >> end_mask;
/* end_mask is now the bits to *keep* from the destination row */
}
@@ -3206,12 +3264,12 @@ png_combine_row(png_const_structrp png_ptr, png_bytep dp, int display)
png_uint_32 mask;
# ifdef PNG_READ_PACKSWAP_SUPPORTED
- if ((png_ptr->transformations & PNG_PACKSWAP) != 0)
- mask = MASK(pass, pixel_depth, display, 0);
+ if ((png_ptr->transformations & PNG_PACKSWAP) != 0)
+ mask = MASK(pass, pixel_depth, display, 0);
- else
+ else
# endif
- mask = MASK(pass, pixel_depth, display, 1);
+ mask = MASK(pass, pixel_depth, display, 1);
for (;;)
{
@@ -3365,8 +3423,8 @@ png_combine_row(png_const_structrp png_ptr, png_bytep dp, int display)
/* Everything is aligned for png_uint_16 copies, but try for
* png_uint_32 first.
*/
- if (png_isaligned(dp, png_uint_32) != 0 &&
- png_isaligned(sp, png_uint_32) != 0 &&
+ if (png_isaligned(dp, png_uint_32) &&
+ png_isaligned(sp, png_uint_32) &&
bytes_to_copy % (sizeof (png_uint_32)) == 0 &&
bytes_to_jump % (sizeof (png_uint_32)) == 0)
{
@@ -3486,11 +3544,11 @@ png_combine_row(png_const_structrp png_ptr, png_bytep dp, int display)
#ifdef PNG_READ_INTERLACING_SUPPORTED
void /* PRIVATE */
png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
- png_uint_32 transformations /* Because these may affect the byte layout */)
+ png_uint_32 transformations /* Because these may affect the byte layout */)
{
/* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
/* Offset to next interlace block */
- static PNG_CONST int png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
+ static PNG_CONST unsigned int png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
png_debug(1, "in png_do_read_interlace");
if (row != NULL && row_info != NULL)
@@ -3505,9 +3563,10 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
{
png_bytep sp = row + (png_size_t)((row_info->width - 1) >> 3);
png_bytep dp = row + (png_size_t)((final_width - 1) >> 3);
- int sshift, dshift;
- int s_start, s_end, s_inc;
- int jstop = png_pass_inc[pass];
+ unsigned int sshift, dshift;
+ unsigned int s_start, s_end;
+ int s_inc;
+ int jstop = (int)png_pass_inc[pass];
png_byte v;
png_uint_32 i;
int j;
@@ -3515,8 +3574,8 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
#ifdef PNG_READ_PACKSWAP_SUPPORTED
if ((transformations & PNG_PACKSWAP) != 0)
{
- sshift = (int)((row_info->width + 7) & 0x07);
- dshift = (int)((final_width + 7) & 0x07);
+ sshift = ((row_info->width + 7) & 0x07);
+ dshift = ((final_width + 7) & 0x07);
s_start = 7;
s_end = 0;
s_inc = -1;
@@ -3525,8 +3584,8 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
else
#endif
{
- sshift = 7 - (int)((row_info->width + 7) & 0x07);
- dshift = 7 - (int)((final_width + 7) & 0x07);
+ sshift = 7 - ((row_info->width + 7) & 0x07);
+ dshift = 7 - ((final_width + 7) & 0x07);
s_start = 0;
s_end = 7;
s_inc = 1;
@@ -3538,7 +3597,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
for (j = 0; j < jstop; j++)
{
unsigned int tmp = *dp & (0x7f7f >> (7 - dshift));
- tmp |= v << dshift;
+ tmp |= (unsigned int)(v << dshift);
*dp = (png_byte)(tmp & 0xff);
if (dshift == s_end)
@@ -3548,7 +3607,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
}
else
- dshift += s_inc;
+ dshift = (unsigned int)((int)dshift + s_inc);
}
if (sshift == s_end)
@@ -3558,7 +3617,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
}
else
- sshift += s_inc;
+ sshift = (unsigned int)((int)sshift + s_inc);
}
break;
}
@@ -3567,16 +3626,17 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
{
png_bytep sp = row + (png_uint_32)((row_info->width - 1) >> 2);
png_bytep dp = row + (png_uint_32)((final_width - 1) >> 2);
- int sshift, dshift;
- int s_start, s_end, s_inc;
- int jstop = png_pass_inc[pass];
+ unsigned int sshift, dshift;
+ unsigned int s_start, s_end;
+ int s_inc;
+ int jstop = (int)png_pass_inc[pass];
png_uint_32 i;
#ifdef PNG_READ_PACKSWAP_SUPPORTED
if ((transformations & PNG_PACKSWAP) != 0)
{
- sshift = (int)(((row_info->width + 3) & 0x03) << 1);
- dshift = (int)(((final_width + 3) & 0x03) << 1);
+ sshift = (((row_info->width + 3) & 0x03) << 1);
+ dshift = (((final_width + 3) & 0x03) << 1);
s_start = 6;
s_end = 0;
s_inc = -2;
@@ -3585,8 +3645,8 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
else
#endif
{
- sshift = (int)((3 - ((row_info->width + 3) & 0x03)) << 1);
- dshift = (int)((3 - ((final_width + 3) & 0x03)) << 1);
+ sshift = ((3 - ((row_info->width + 3) & 0x03)) << 1);
+ dshift = ((3 - ((final_width + 3) & 0x03)) << 1);
s_start = 0;
s_end = 6;
s_inc = 2;
@@ -3601,7 +3661,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
for (j = 0; j < jstop; j++)
{
unsigned int tmp = *dp & (0x3f3f >> (6 - dshift));
- tmp |= v << dshift;
+ tmp |= (unsigned int)(v << dshift);
*dp = (png_byte)(tmp & 0xff);
if (dshift == s_end)
@@ -3611,7 +3671,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
}
else
- dshift += s_inc;
+ dshift = (unsigned int)((int)dshift + s_inc);
}
if (sshift == s_end)
@@ -3621,7 +3681,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
}
else
- sshift += s_inc;
+ sshift = (unsigned int)((int)sshift + s_inc);
}
break;
}
@@ -3630,16 +3690,17 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
{
png_bytep sp = row + (png_size_t)((row_info->width - 1) >> 1);
png_bytep dp = row + (png_size_t)((final_width - 1) >> 1);
- int sshift, dshift;
- int s_start, s_end, s_inc;
+ unsigned int sshift, dshift;
+ unsigned int s_start, s_end;
+ int s_inc;
png_uint_32 i;
- int jstop = png_pass_inc[pass];
+ int jstop = (int)png_pass_inc[pass];
#ifdef PNG_READ_PACKSWAP_SUPPORTED
if ((transformations & PNG_PACKSWAP) != 0)
{
- sshift = (int)(((row_info->width + 1) & 0x01) << 2);
- dshift = (int)(((final_width + 1) & 0x01) << 2);
+ sshift = (((row_info->width + 1) & 0x01) << 2);
+ dshift = (((final_width + 1) & 0x01) << 2);
s_start = 4;
s_end = 0;
s_inc = -4;
@@ -3648,8 +3709,8 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
else
#endif
{
- sshift = (int)((1 - ((row_info->width + 1) & 0x01)) << 2);
- dshift = (int)((1 - ((final_width + 1) & 0x01)) << 2);
+ sshift = ((1 - ((row_info->width + 1) & 0x01)) << 2);
+ dshift = ((1 - ((final_width + 1) & 0x01)) << 2);
s_start = 0;
s_end = 4;
s_inc = 4;
@@ -3663,7 +3724,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
for (j = 0; j < jstop; j++)
{
unsigned int tmp = *dp & (0xf0f >> (4 - dshift));
- tmp |= v << dshift;
+ tmp |= (unsigned int)(v << dshift);
*dp = (png_byte)(tmp & 0xff);
if (dshift == s_end)
@@ -3673,7 +3734,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
}
else
- dshift += s_inc;
+ dshift = (unsigned int)((int)dshift + s_inc);
}
if (sshift == s_end)
@@ -3683,7 +3744,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
}
else
- sshift += s_inc;
+ sshift = (unsigned int)((int)sshift + s_inc);
}
break;
}
@@ -3697,7 +3758,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
png_bytep dp = row + (png_size_t)(final_width - 1) * pixel_bytes;
- int jstop = png_pass_inc[pass];
+ int jstop = (int)png_pass_inc[pass];
png_uint_32 i;
for (i = 0; i < row_info->width; i++)
@@ -3730,7 +3791,7 @@ png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
static void
png_read_filter_row_sub(png_row_infop row_info, png_bytep row,
- png_const_bytep prev_row)
+ png_const_bytep prev_row)
{
png_size_t i;
png_size_t istop = row_info->rowbytes;
@@ -3748,7 +3809,7 @@ png_read_filter_row_sub(png_row_infop row_info, png_bytep row,
static void
png_read_filter_row_up(png_row_infop row_info, png_bytep row,
- png_const_bytep prev_row)
+ png_const_bytep prev_row)
{
png_size_t i;
png_size_t istop = row_info->rowbytes;
@@ -3764,7 +3825,7 @@ png_read_filter_row_up(png_row_infop row_info, png_bytep row,
static void
png_read_filter_row_avg(png_row_infop row_info, png_bytep row,
- png_const_bytep prev_row)
+ png_const_bytep prev_row)
{
png_size_t i;
png_bytep rp = row;
@@ -3791,7 +3852,7 @@ png_read_filter_row_avg(png_row_infop row_info, png_bytep row,
static void
png_read_filter_row_paeth_1byte_pixel(png_row_infop row_info, png_bytep row,
- png_const_bytep prev_row)
+ png_const_bytep prev_row)
{
png_bytep rp_end = row + row_info->rowbytes;
int a, c;
@@ -3812,15 +3873,15 @@ png_read_filter_row_paeth_1byte_pixel(png_row_infop row_info, png_bytep row,
p = b - c;
pc = a - c;
-# ifdef PNG_USE_ABS
- pa = abs(p);
- pb = abs(pc);
- pc = abs(p + pc);
-# else
- pa = p < 0 ? -p : p;
- pb = pc < 0 ? -pc : pc;
- pc = (p + pc) < 0 ? -(p + pc) : p + pc;
-# endif
+#ifdef PNG_USE_ABS
+ pa = abs(p);
+ pb = abs(pc);
+ pc = abs(p + pc);
+#else
+ pa = p < 0 ? -p : p;
+ pb = pc < 0 ? -pc : pc;
+ pc = (p + pc) < 0 ? -(p + pc) : p + pc;
+#endif
/* Find the best predictor, the least of pa, pb, pc favoring the earlier
* ones in the case of a tie.
@@ -3839,9 +3900,9 @@ png_read_filter_row_paeth_1byte_pixel(png_row_infop row_info, png_bytep row,
static void
png_read_filter_row_paeth_multibyte_pixel(png_row_infop row_info, png_bytep row,
- png_const_bytep prev_row)
+ png_const_bytep prev_row)
{
- int bpp = (row_info->pixel_depth + 7) >> 3;
+ unsigned int bpp = (row_info->pixel_depth + 7) >> 3;
png_bytep rp_end = row + bpp;
/* Process the first pixel in the row completely (this is the same as 'up'
@@ -3854,7 +3915,7 @@ png_read_filter_row_paeth_multibyte_pixel(png_row_infop row_info, png_bytep row,
}
/* Remainder */
- rp_end += row_info->rowbytes - bpp;
+ rp_end = rp_end + (row_info->rowbytes - bpp);
while (row < rp_end)
{
@@ -3867,15 +3928,15 @@ png_read_filter_row_paeth_multibyte_pixel(png_row_infop row_info, png_bytep row,
p = b - c;
pc = a - c;
-# ifdef PNG_USE_ABS
- pa = abs(p);
- pb = abs(pc);
- pc = abs(p + pc);
-# else
- pa = p < 0 ? -p : p;
- pb = pc < 0 ? -pc : pc;
- pc = (p + pc) < 0 ? -(p + pc) : p + pc;
-# endif
+#ifdef PNG_USE_ABS
+ pa = abs(p);
+ pb = abs(pc);
+ pc = abs(p + pc);
+#else
+ pa = p < 0 ? -p : p;
+ pb = pc < 0 ? -pc : pc;
+ pc = (p + pc) < 0 ? -(p + pc) : p + pc;
+#endif
if (pb < pa) pa = pb, a = b;
if (pc < pa) a = c;
@@ -3924,7 +3985,7 @@ png_init_filter_functions(png_structrp pp)
void /* PRIVATE */
png_read_filter_row(png_structrp pp, png_row_infop row_info, png_bytep row,
- png_const_bytep prev_row, int filter)
+ png_const_bytep prev_row, int filter)
{
/* OPTIMIZATION: DO NOT MODIFY THIS FUNCTION, instead #define
* PNG_FILTER_OPTIMIZATIONS to a function that overrides the generic
@@ -3942,7 +4003,7 @@ png_read_filter_row(png_structrp pp, png_row_infop row_info, png_bytep row,
#ifdef PNG_SEQUENTIAL_READ_SUPPORTED
void /* PRIVATE */
png_read_IDAT_data(png_structrp png_ptr, png_bytep output,
- png_alloc_size_t avail_out)
+ png_alloc_size_t avail_out)
{
/* Loop reading IDATs and decompressing the result into output[avail_out] */
png_ptr->zstream.next_out = output;
@@ -4017,7 +4078,7 @@ png_read_IDAT_data(png_structrp png_ptr, png_bytep output,
*
* TODO: deal more elegantly with truncated IDAT lists.
*/
- ret = inflate(&png_ptr->zstream, Z_NO_FLUSH);
+ ret = PNG_INFLATE(png_ptr, Z_NO_FLUSH);
/* Take the unconsumed output back. */
if (output != NULL)
@@ -4046,7 +4107,15 @@ png_read_IDAT_data(png_structrp png_ptr, png_bytep output,
png_zstream_error(png_ptr, ret);
if (output != NULL)
- png_chunk_error(png_ptr, png_ptr->zstream.msg);
+ {
+ if(!strncmp(png_ptr->zstream.msg,"incorrect data check",20))
+ {
+ png_chunk_benign_error(png_ptr, "ADLER32 checksum mismatch");
+ continue;
+ }
+ else
+ png_chunk_error(png_ptr, png_ptr->zstream.msg);
+ }
else /* checking */
{
@@ -4199,7 +4268,7 @@ png_read_start_row(png_structrp png_ptr)
/* Offset to next interlace block in the y direction */
static PNG_CONST png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
- int max_pixel_depth;
+ unsigned int max_pixel_depth;
png_size_t row_bytes;
png_debug(1, "in png_read_start_row");
@@ -4228,7 +4297,7 @@ png_read_start_row(png_structrp png_ptr)
png_ptr->iwidth = png_ptr->width;
}
- max_pixel_depth = png_ptr->pixel_depth;
+ max_pixel_depth = (unsigned int)png_ptr->pixel_depth;
/* WARNING: * png_read_transform_info (pngrtran.c) performs a simpler set of
* calculations to calculate the final pixel depth, then
@@ -4280,18 +4349,18 @@ png_read_start_row(png_structrp png_ptr)
#ifdef PNG_READ_EXPAND_16_SUPPORTED
if ((png_ptr->transformations & PNG_EXPAND_16) != 0)
{
-# ifdef PNG_READ_EXPAND_SUPPORTED
- /* In fact it is an error if it isn't supported, but checking is
- * the safe way.
- */
- if ((png_ptr->transformations & PNG_EXPAND) != 0)
- {
- if (png_ptr->bit_depth < 16)
- max_pixel_depth *= 2;
- }
- else
-# endif
- png_ptr->transformations &= ~PNG_EXPAND_16;
+# ifdef PNG_READ_EXPAND_SUPPORTED
+ /* In fact it is an error if it isn't supported, but checking is
+ * the safe way.
+ */
+ if ((png_ptr->transformations & PNG_EXPAND) != 0)
+ {
+ if (png_ptr->bit_depth < 16)
+ max_pixel_depth *= 2;
+ }
+ else
+# endif
+ png_ptr->transformations &= ~PNG_EXPAND_16;
}
#endif
@@ -4363,7 +4432,7 @@ png_read_start_row(png_structrp png_ptr)
defined(PNG_USER_TRANSFORM_PTR_SUPPORTED)
if ((png_ptr->transformations & PNG_USER_TRANSFORM) != 0)
{
- int user_pixel_depth = png_ptr->user_transform_depth *
+ unsigned int user_pixel_depth = png_ptr->user_transform_depth *
png_ptr->user_transform_channels;
if (user_pixel_depth > max_pixel_depth)
@@ -4385,7 +4454,7 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED)
* for safety's sake
*/
row_bytes = PNG_ROWBYTES(max_pixel_depth, row_bytes) +
- 1 + ((max_pixel_depth + 7) >> 3);
+ 1 + ((max_pixel_depth + 7) >> 3U);
#ifdef PNG_MAX_MALLOC_64K
if (row_bytes > (png_uint_32)65536L)
@@ -4394,42 +4463,42 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED)
if (row_bytes + 48 > png_ptr->old_big_row_buf_size)
{
- png_free(png_ptr, png_ptr->big_row_buf);
- png_free(png_ptr, png_ptr->big_prev_row);
+ png_free(png_ptr, png_ptr->big_row_buf);
+ png_free(png_ptr, png_ptr->big_prev_row);
- if (png_ptr->interlaced != 0)
- png_ptr->big_row_buf = (png_bytep)png_calloc(png_ptr,
- row_bytes + 48);
+ if (png_ptr->interlaced != 0)
+ png_ptr->big_row_buf = (png_bytep)png_calloc(png_ptr,
+ row_bytes + 48);
- else
- png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes + 48);
+ else
+ png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes + 48);
- png_ptr->big_prev_row = (png_bytep)png_malloc(png_ptr, row_bytes + 48);
+ png_ptr->big_prev_row = (png_bytep)png_malloc(png_ptr, row_bytes + 48);
#ifdef PNG_ALIGNED_MEMORY_SUPPORTED
- /* Use 16-byte aligned memory for row_buf with at least 16 bytes
- * of padding before and after row_buf; treat prev_row similarly.
- * NOTE: the alignment is to the start of the pixels, one beyond the start
- * of the buffer, because of the filter byte. Prior to libpng 1.5.6 this
- * was incorrect; the filter byte was aligned, which had the exact
- * opposite effect of that intended.
- */
- {
- png_bytep temp = png_ptr->big_row_buf + 32;
- int extra = (int)((temp - (png_bytep)0) & 0x0f);
- png_ptr->row_buf = temp - extra - 1/*filter byte*/;
-
- temp = png_ptr->big_prev_row + 32;
- extra = (int)((temp - (png_bytep)0) & 0x0f);
- png_ptr->prev_row = temp - extra - 1/*filter byte*/;
- }
+ /* Use 16-byte aligned memory for row_buf with at least 16 bytes
+ * of padding before and after row_buf; treat prev_row similarly.
+ * NOTE: the alignment is to the start of the pixels, one beyond the start
+ * of the buffer, because of the filter byte. Prior to libpng 1.5.6 this
+ * was incorrect; the filter byte was aligned, which had the exact
+ * opposite effect of that intended.
+ */
+ {
+ png_bytep temp = png_ptr->big_row_buf + 32;
+ int extra = (int)((temp - (png_bytep)0) & 0x0f);
+ png_ptr->row_buf = temp - extra - 1/*filter byte*/;
+
+ temp = png_ptr->big_prev_row + 32;
+ extra = (int)((temp - (png_bytep)0) & 0x0f);
+ png_ptr->prev_row = temp - extra - 1/*filter byte*/;
+ }
#else
- /* Use 31 bytes of padding before and 17 bytes after row_buf. */
- png_ptr->row_buf = png_ptr->big_row_buf + 31;
- png_ptr->prev_row = png_ptr->big_prev_row + 31;
+ /* Use 31 bytes of padding before and 17 bytes after row_buf. */
+ png_ptr->row_buf = png_ptr->big_row_buf + 31;
+ png_ptr->prev_row = png_ptr->big_prev_row + 31;
#endif
- png_ptr->old_big_row_buf_size = row_bytes + 48;
+ png_ptr->old_big_row_buf_size = row_bytes + 48;
}
#ifdef PNG_MAX_MALLOC_64K
@@ -4454,7 +4523,7 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED)
* does not, so free the read buffer now regardless; the sequential reader
* reallocates it on demand.
*/
- if (png_ptr->read_buffer != 0)
+ if (png_ptr->read_buffer != NULL)
{
png_bytep buffer = png_ptr->read_buffer;
View Lorry Controller Status