blob: d800110c7a410c2a132170ab28946ad4d8ec44e2 [file] [log] [blame]
/* pngvalid.c - validate libpng by constructing then reading png files.
*
* Last changed in libpng 1.6.31 [July 27, 2017]
* Copyright (c) 2014-2017 John Cunningham Bowler
*
* This code is released under the libpng license.
* For conditions of distribution and use, see the disclaimer
* and license in png.h
*
* NOTES:
* This is a C program that is intended to be linked against libpng. It
* generates bitmaps internally, stores them as PNG files (using the
* sequential write code) then reads them back (using the sequential
* read code) and validates that the result has the correct data.
*
* The program can be modified and extended to test the correctness of
* transformations performed by libpng.
*/
#define _POSIX_SOURCE 1
#define _ISOC99_SOURCE 1 /* For floating point */
#define _GNU_SOURCE 1 /* For the floating point exception extension */
#define _BSD_SOURCE 1 /* For the floating point exception extension */
#include <signal.h>
#include <stdio.h>
#if defined(HAVE_CONFIG_H) && !defined(PNG_NO_CONFIG_H)
# include <config.h>
#endif
#ifdef HAVE_FEENABLEEXCEPT /* from config.h, if included */
# include <fenv.h>
#endif
#ifndef FE_DIVBYZERO
# define FE_DIVBYZERO 0
#endif
#ifndef FE_INVALID
# define FE_INVALID 0
#endif
#ifndef FE_OVERFLOW
# define FE_OVERFLOW 0
#endif
/* Define the following to use this test against your installed libpng, rather
* than the one being built here:
*/
#ifdef PNG_FREESTANDING_TESTS
# include <png.h>
#else
# include "../../png.h"
#endif
#ifdef PNG_ZLIB_HEADER
# include PNG_ZLIB_HEADER
#else
# include <zlib.h> /* For crc32 */
#endif
/* 1.6.1 added support for the configure test harness, which uses 77 to indicate
* a skipped test, in earlier versions we need to succeed on a skipped test, so:
*/
#if PNG_LIBPNG_VER >= 10601 && defined(HAVE_CONFIG_H)
# define SKIP 77
#else
# define SKIP 0
#endif
/* pngvalid requires write support and one of the fixed or floating point APIs.
*/
#if defined(PNG_WRITE_SUPPORTED) &&\
(defined(PNG_FIXED_POINT_SUPPORTED) || defined(PNG_FLOATING_POINT_SUPPORTED))
#if PNG_LIBPNG_VER < 10500
/* This deliberately lacks the const. */
typedef png_byte *png_const_bytep;
/* This is copied from 1.5.1 png.h: */
#define PNG_INTERLACE_ADAM7_PASSES 7
#define PNG_PASS_START_ROW(pass) (((1U&~(pass))<<(3-((pass)>>1)))&7)
#define PNG_PASS_START_COL(pass) (((1U& (pass))<<(3-(((pass)+1)>>1)))&7)
#define PNG_PASS_ROW_SHIFT(pass) ((pass)>2?(8-(pass))>>1:3)
#define PNG_PASS_COL_SHIFT(pass) ((pass)>1?(7-(pass))>>1:3)
#define PNG_PASS_ROWS(height, pass) (((height)+(((1<<PNG_PASS_ROW_SHIFT(pass))\
-1)-PNG_PASS_START_ROW(pass)))>>PNG_PASS_ROW_SHIFT(pass))
#define PNG_PASS_COLS(width, pass) (((width)+(((1<<PNG_PASS_COL_SHIFT(pass))\
-1)-PNG_PASS_START_COL(pass)))>>PNG_PASS_COL_SHIFT(pass))
#define PNG_ROW_FROM_PASS_ROW(yIn, pass) \
(((yIn)<<PNG_PASS_ROW_SHIFT(pass))+PNG_PASS_START_ROW(pass))
#define PNG_COL_FROM_PASS_COL(xIn, pass) \
(((xIn)<<PNG_PASS_COL_SHIFT(pass))+PNG_PASS_START_COL(pass))
#define PNG_PASS_MASK(pass,off) ( \
((0x110145AFU>>(((7-(off))-(pass))<<2)) & 0xFU) | \
((0x01145AF0U>>(((7-(off))-(pass))<<2)) & 0xF0U))
#define PNG_ROW_IN_INTERLACE_PASS(y, pass) \
((PNG_PASS_MASK(pass,0) >> ((y)&7)) & 1)
#define PNG_COL_IN_INTERLACE_PASS(x, pass) \
((PNG_PASS_MASK(pass,1) >> ((x)&7)) & 1)
/* These are needed too for the default build: */
#define PNG_WRITE_16BIT_SUPPORTED
#define PNG_READ_16BIT_SUPPORTED
/* This comes from pnglibconf.h after 1.5: */
#define PNG_FP_1 100000
#define PNG_GAMMA_THRESHOLD_FIXED\
((png_fixed_point)(PNG_GAMMA_THRESHOLD * PNG_FP_1))
#endif
#if PNG_LIBPNG_VER < 10600
/* 1.6.0 constifies many APIs, the following exists to allow pngvalid to be
* compiled against earlier versions.
*/
# define png_const_structp png_structp
#endif
#ifndef RELEASE_BUILD
/* RELEASE_BUILD is true for releases and release candidates: */
# define RELEASE_BUILD (PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC)
#endif
#if RELEASE_BUILD
# define debugonly(something)
#else /* !RELEASE_BUILD */
# define debugonly(something) something
#endif /* !RELEASE_BUILD */
#include <float.h> /* For floating point constants */
#include <stdlib.h> /* For malloc */
#include <string.h> /* For memcpy, memset */
#include <math.h> /* For floor */
/* Convenience macros. */
#define CHUNK(a,b,c,d) (((a)<<24)+((b)<<16)+((c)<<8)+(d))
#define CHUNK_IHDR CHUNK(73,72,68,82)
#define CHUNK_PLTE CHUNK(80,76,84,69)
#define CHUNK_IDAT CHUNK(73,68,65,84)
#define CHUNK_IEND CHUNK(73,69,78,68)
#define CHUNK_cHRM CHUNK(99,72,82,77)
#define CHUNK_gAMA CHUNK(103,65,77,65)
#define CHUNK_sBIT CHUNK(115,66,73,84)
#define CHUNK_sRGB CHUNK(115,82,71,66)
/* Unused formal parameter errors are removed using the following macro which is
* expected to have no bad effects on performance.
*/
#ifndef UNUSED
# if defined(__GNUC__) || defined(_MSC_VER)
# define UNUSED(param) (void)param;
# else
# define UNUSED(param)
# endif
#endif
/***************************** EXCEPTION HANDLING *****************************/
#ifdef PNG_FREESTANDING_TESTS
# include <cexcept.h>
#else
# include "../visupng/cexcept.h"
#endif
#ifdef __cplusplus
# define this not_the_cpp_this
# define new not_the_cpp_new
# define voidcast(type, value) static_cast<type>(value)
#else
# define voidcast(type, value) (value)
#endif /* __cplusplus */
struct png_store;
define_exception_type(struct png_store*);
/* The following are macros to reduce typing everywhere where the well known
* name 'the_exception_context' must be defined.
*/
#define anon_context(ps) struct exception_context *the_exception_context = \
&(ps)->exception_context
#define context(ps,fault) anon_context(ps); png_store *fault
/* This macro returns the number of elements in an array as an (unsigned int),
* it is necessary to avoid the inability of certain versions of GCC to use
* the value of a compile-time constant when performing range checks. It must
* be passed an array name.
*/
#define ARRAY_SIZE(a) ((unsigned int)((sizeof (a))/(sizeof (a)[0])))
/* GCC BUG 66447 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66447) requires
* some broken GCC versions to be fixed up to avoid invalid whining about auto
* variables that are *not* changed within the scope of a setjmp being changed.
*
* Feel free to extend the list of broken versions.
*/
#define is_gnu(major,minor)\
(defined __GNUC__) && __GNUC__ == (major) && __GNUC_MINOR__ == (minor)
#define is_gnu_patch(major,minor,patch)\
is_gnu(major,minor) && __GNUC_PATCHLEVEL__ == 0
/* For the moment just do it always; all versions of GCC seem to be broken: */
#ifdef __GNUC__
const void * volatile make_volatile_for_gnu;
# define gnu_volatile(x) make_volatile_for_gnu = &x;
#else /* !GNUC broken versions */
# define gnu_volatile(x)
#endif /* !GNUC broken versions */
/******************************* UTILITIES ************************************/
/* Error handling is particularly problematic in production code - error
* handlers often themselves have bugs which lead to programs that detect
* minor errors crashing. The following functions deal with one very
* common class of errors in error handlers - attempting to format error or
* warning messages into buffers that are too small.
*/
static size_t safecat(char *buffer, size_t bufsize, size_t pos,
const char *cat)
{
while (pos < bufsize && cat != NULL && *cat != 0)
buffer[pos++] = *cat++;
if (pos >= bufsize)
pos = bufsize-1;
buffer[pos] = 0;
return pos;
}
static size_t safecatn(char *buffer, size_t bufsize, size_t pos, int n)
{
char number[64];
sprintf(number, "%d", n);
return safecat(buffer, bufsize, pos, number);
}
#ifdef PNG_READ_TRANSFORMS_SUPPORTED
static size_t safecatd(char *buffer, size_t bufsize, size_t pos, double d,
int precision)
{
char number[64];
sprintf(number, "%.*f", precision, d);
return safecat(buffer, bufsize, pos, number);
}
#endif
static const char invalid[] = "invalid";
static const char sep[] = ": ";
static const char *colour_types[8] =
{
"grayscale", invalid, "truecolour", "indexed-colour",
"grayscale with alpha", invalid, "truecolour with alpha", invalid
};
#ifdef PNG_READ_TRANSFORMS_SUPPORTED
/* Convert a double precision value to fixed point. */
static png_fixed_point
fix(double d)
{
d = floor(d * PNG_FP_1 + .5);
return (png_fixed_point)d;
}
#endif /* PNG_READ_SUPPORTED */
/* Generate random bytes. This uses a boring repeatable algorithm and it
* is implemented here so that it gives the same set of numbers on every
* architecture. It's a linear congruential generator (Knuth or Sedgewick
* "Algorithms") but it comes from the 'feedback taps' table in Horowitz and
* Hill, "The Art of Electronics" (Pseudo-Random Bit Sequences and Noise
* Generation.)
*/
static void
make_random_bytes(png_uint_32* seed, void* pv, size_t size)
{
png_uint_32 u0 = seed[0], u1 = seed[1];
png_bytep bytes = voidcast(png_bytep, pv);
/* There are thirty three bits, the next bit in the sequence is bit-33 XOR
* bit-20. The top 1 bit is in u1, the bottom 32 are in u0.
*/
size_t i;
for (i=0; i<size; ++i)
{
/* First generate 8 new bits then shift them in at the end. */
png_uint_32 u = ((u0 >> (20-8)) ^ ((u1 << 7) | (u0 >> (32-7)))) & 0xff;
u1 <<= 8;
u1 |= u0 >> 24;
u0 <<= 8;
u0 |= u;
*bytes++ = (png_byte)u;
}
seed[0] = u0;
seed[1] = u1;
}
static void
make_four_random_bytes(png_uint_32* seed, png_bytep bytes)
{
make_random_bytes(seed, bytes, 4);
}
#if defined PNG_READ_SUPPORTED || defined PNG_WRITE_tRNS_SUPPORTED ||\
defined PNG_WRITE_FILTER_SUPPORTED
static void
randomize(void *pv, size_t size)
{
static png_uint_32 random_seed[2] = {0x56789abc, 0xd};
make_random_bytes(random_seed, pv, size);
}
#define R8(this) randomize(&(this), sizeof (this))
#ifdef PNG_READ_SUPPORTED
static png_byte
random_byte(void)
{
unsigned char b1[1];
randomize(b1, sizeof b1);
return b1[0];
}
#endif /* READ */
static png_uint_16
random_u16(void)
{
unsigned char b2[2];
randomize(b2, sizeof b2);
return png_get_uint_16(b2);
}
#if defined PNG_READ_RGB_TO_GRAY_SUPPORTED ||\
defined PNG_READ_FILLER_SUPPORTED
static png_uint_32
random_u32(void)
{
unsigned char b4[4];
randomize(b4, sizeof b4);
return png_get_uint_32(b4);
}
#endif /* READ_FILLER || READ_RGB_TO_GRAY */
#endif /* READ || WRITE_tRNS || WRITE_FILTER */
#if defined PNG_READ_TRANSFORMS_SUPPORTED ||\
defined PNG_WRITE_FILTER_SUPPORTED
static unsigned int
random_mod(unsigned int max)
{
return random_u16() % max; /* 0 .. max-1 */
}
#endif /* READ_TRANSFORMS || WRITE_FILTER */
#if (defined PNG_READ_RGB_TO_GRAY_SUPPORTED) ||\
(defined PNG_READ_FILLER_SUPPORTED)
static int
random_choice(void)
{
return random_byte() & 1;
}
#endif /* READ_RGB_TO_GRAY || READ_FILLER */
/* A numeric ID based on PNG file characteristics. The 'do_interlace' field
* simply records whether pngvalid did the interlace itself or whether it
* was done by libpng. Width and height must be less than 256. 'palette' is an
* index of the palette to use for formats with a palette otherwise a boolean
* indicating if a tRNS chunk was generated.
*/
#define FILEID(col, depth, palette, interlace, width, height, do_interlace) \
((png_uint_32)((col) + ((depth)<<3) + ((palette)<<8) + ((interlace)<<13) + \
(((do_interlace)!=0)<<15) + ((width)<<16) + ((height)<<24)))
#define COL_FROM_ID(id) ((png_byte)((id)& 0x7U))
#define DEPTH_FROM_ID(id) ((png_byte)(((id) >> 3) & 0x1fU))
#define PALETTE_FROM_ID(id) (((id) >> 8) & 0x1f)
#define INTERLACE_FROM_ID(id) ((png_byte)(((id) >> 13) & 0x3))
#define DO_INTERLACE_FROM_ID(id) ((int)(((id)>>15) & 1))
#define WIDTH_FROM_ID(id) (((id)>>16) & 0xff)
#define HEIGHT_FROM_ID(id) (((id)>>24) & 0xff)
/* Utility to construct a standard name for a standard image. */
static size_t
standard_name(char *buffer, size_t bufsize, size_t pos, png_byte colour_type,
int bit_depth, unsigned int npalette, int interlace_type,
png_uint_32 w, png_uint_32 h, int do_interlace)
{
pos = safecat(buffer, bufsize, pos, colour_types[colour_type]);
if (colour_type == 3) /* must have a palette */
{
pos = safecat(buffer, bufsize, pos, "[");
pos = safecatn(buffer, bufsize, pos, npalette);
pos = safecat(buffer, bufsize, pos, "]");
}
else if (npalette != 0)
pos = safecat(buffer, bufsize, pos, "+tRNS");
pos = safecat(buffer, bufsize, pos, " ");
pos = safecatn(buffer, bufsize, pos, bit_depth);
pos = safecat(buffer, bufsize, pos, " bit");
if (interlace_type != PNG_INTERLACE_NONE)
{
pos = safecat(buffer, bufsize, pos, " interlaced");
if (do_interlace)
pos = safecat(buffer, bufsize, pos, "(pngvalid)");
else
pos = safecat(buffer, bufsize, pos, "(libpng)");
}
if (w > 0 || h > 0)
{
pos = safecat(buffer, bufsize, pos, " ");
pos = safecatn(buffer, bufsize, pos, w);
pos = safecat(buffer, bufsize, pos, "x");
pos = safecatn(buffer, bufsize, pos, h);
}
return pos;
}
static size_t
standard_name_from_id(char *buffer, size_t bufsize, size_t pos, png_uint_32 id)
{
return standard_name(buffer, bufsize, pos, COL_FROM_ID(id),
DEPTH_FROM_ID(id), PALETTE_FROM_ID(id), INTERLACE_FROM_ID(id),
WIDTH_FROM_ID(id), HEIGHT_FROM_ID(id), DO_INTERLACE_FROM_ID(id));
}
/* Convenience API and defines to list valid formats. Note that 16 bit read and
* write support is required to do 16 bit read tests (we must be able to make a
* 16 bit image to test!)
*/
#ifdef PNG_WRITE_16BIT_SUPPORTED
# define WRITE_BDHI 4
# ifdef PNG_READ_16BIT_SUPPORTED
# define READ_BDHI 4
# define DO_16BIT
# endif
#else
# define WRITE_BDHI 3
#endif
#ifndef DO_16BIT
# define READ_BDHI 3
#endif
/* The following defines the number of different palettes to generate for
* each log bit depth of a colour type 3 standard image.
*/
#define PALETTE_COUNT(bit_depth) ((bit_depth) > 4 ? 1U : 16U)
static int
next_format(png_bytep colour_type, png_bytep bit_depth,
unsigned int* palette_number, int low_depth_gray, int tRNS)
{
if (*bit_depth == 0)
{
*colour_type = 0;
if (low_depth_gray)
*bit_depth = 1;
else
*bit_depth = 8;
*palette_number = 0;
return 1;
}
if (*colour_type < 4/*no alpha channel*/)
{
/* Add multiple palettes for colour type 3, one image with tRNS
* and one without for other non-alpha formats:
*/
unsigned int pn = ++*palette_number;
png_byte ct = *colour_type;
if (((ct == 0/*GRAY*/ || ct/*RGB*/ == 2) && tRNS && pn < 2) ||
(ct == 3/*PALETTE*/ && pn < PALETTE_COUNT(*bit_depth)))
return 1;
/* No: next bit depth */
*palette_number = 0;
}
*bit_depth = (png_byte)(*bit_depth << 1);
/* Palette images are restricted to 8 bit depth */
if (*bit_depth <= 8
#ifdef DO_16BIT
|| (*colour_type != 3 && *bit_depth <= 16)
#endif
)
return 1;
/* Move to the next color type, or return 0 at the end. */
switch (*colour_type)
{
case 0:
*colour_type = 2;
*bit_depth = 8;
return 1;
case 2:
*colour_type = 3;
*bit_depth = 1;
return 1;
case 3:
*colour_type = 4;
*bit_depth = 8;
return 1;
case 4:
*colour_type = 6;
*bit_depth = 8;
return 1;
default:
return 0;
}
}
#ifdef PNG_READ_TRANSFORMS_SUPPORTED
static unsigned int
sample(png_const_bytep row, png_byte colour_type, png_byte bit_depth,
png_uint_32 x, unsigned int sample_index, int swap16, int littleendian)
{
png_uint_32 bit_index, result;
/* Find a sample index for the desired sample: */
x *= bit_depth;
bit_index = x;
if ((colour_type & 1) == 0) /* !palette */
{
if (colour_type & 2)
bit_index *= 3;
if (colour_type & 4)
bit_index += x; /* Alpha channel */
/* Multiple channels; select one: */
if (colour_type & (2+4))
bit_index += sample_index * bit_depth;
}
/* Return the sample from the row as an integer. */
row += bit_index >> 3;
result = *row;
if (bit_depth == 8)
return result;
else if (bit_depth > 8)
{
if (swap16)
return (*++row << 8) + result;
else
return (result << 8) + *++row;
}
/* Less than 8 bits per sample. By default PNG has the big end of
* the egg on the left of the screen, but if littleendian is set
* then the big end is on the right.
*/
bit_index &= 7;
if (!littleendian)
bit_index = 8-bit_index-bit_depth;
return (result >> bit_index) & ((1U<<bit_depth)-1);
}
#endif /* PNG_READ_TRANSFORMS_SUPPORTED */
/* Copy a single pixel, of a given size, from one buffer to another -
* while this is basically bit addressed there is an implicit assumption
* that pixels 8 or more bits in size are byte aligned and that pixels
* do not otherwise cross byte boundaries. (This is, so far as I know,
* universally true in bitmap computer graphics. [JCB 20101212])
*
* NOTE: The to and from buffers may be the same.
*/
static void
pixel_copy(png_bytep toBuffer, png_uint_32 toIndex,
png_const_bytep fromBuffer, png_uint_32 fromIndex, unsigned int pixelSize,
int littleendian)
{
/* Assume we can multiply by 'size' without overflow because we are
* just working in a single buffer.
*/
toIndex *= pixelSize;
fromIndex *= pixelSize;
if (pixelSize < 8) /* Sub-byte */
{
/* Mask to select the location of the copied pixel: */
unsigned int destMask = ((1U<<pixelSize)-1) <<
(littleendian ? toIndex&7 : 8-pixelSize-(toIndex&7));
/* The following read the entire pixels and clears the extra: */
unsigned int destByte = toBuffer[toIndex >> 3] & ~destMask;
unsigned int sourceByte = fromBuffer[fromIndex >> 3];
/* Don't rely on << or >> supporting '0' here, just in case: */
fromIndex &= 7;
if (littleendian)
{
if (fromIndex > 0) sourceByte >>= fromIndex;
if ((toIndex & 7) > 0) sourceByte <<= toIndex & 7;
}
else
{
if (fromIndex > 0) sourceByte <<= fromIndex;
if ((toIndex & 7) > 0) sourceByte >>= toIndex & 7;
}
toBuffer[toIndex >> 3] = (png_byte)(destByte | (sourceByte & destMask));
}
else /* One or more bytes */
memmove(toBuffer+(toIndex>>3), fromBuffer+(fromIndex>>3), pixelSize>>3);
}
#ifdef PNG_READ_SUPPORTED
/* Copy a complete row of pixels, taking into account potential partial
* bytes at the end.
*/
static void
row_copy(png_bytep toBuffer, png_const_bytep fromBuffer, unsigned int bitWidth,
int littleendian)
{
memcpy(toBuffer, fromBuffer, bitWidth >> 3);
if ((bitWidth & 7) != 0)
{
unsigned int mask;
toBuffer += bitWidth >> 3;
fromBuffer += bitWidth >> 3;
if (littleendian)
mask = 0xff << (bitWidth & 7);
else
mask = 0xff >> (bitWidth & 7);
*toBuffer = (png_byte)((*toBuffer & mask) | (*fromBuffer & ~mask));
}
}
/* Compare pixels - they are assumed to start at the first byte in the
* given buffers.
*/
static int
pixel_cmp(png_const_bytep pa, png_const_bytep pb, png_uint_32 bit_width)
{
#if PNG_LIBPNG_VER < 10506
if (memcmp(pa, pb, bit_width>>3) == 0)
{
png_uint_32 p;
if ((bit_width & 7) == 0) return 0;
/* Ok, any differences? */
p = pa[bit_width >> 3];
p ^= pb[bit_width >> 3];
if (p == 0) return 0;
/* There are, but they may not be significant, remove the bits
* after the end (the low order bits in PNG.)
*/
bit_width &= 7;
p >>= 8-bit_width;
if (p == 0) return 0;
}
#else
/* From libpng-1.5.6 the overwrite should be fixed, so compare the trailing
* bits too:
*/
if (memcmp(pa, pb, (bit_width+7)>>3) == 0)
return 0;
#endif
/* Return the index of the changed byte. */
{
png_uint_32 where = 0;
while (pa[where] == pb[where]) ++where;
return 1+where;
}
}
#endif /* PNG_READ_SUPPORTED */
/*************************** BASIC PNG FILE WRITING ***************************/
/* A png_store takes data from the sequential writer or provides data
* to the sequential reader. It can also store the result of a PNG
* write for later retrieval.
*/
#define STORE_BUFFER_SIZE 500 /* arbitrary */
typedef struct png_store_buffer
{
struct png_store_buffer* prev; /* NOTE: stored in reverse order */
png_byte buffer[STORE_BUFFER_SIZE];
} png_store_buffer;
#define FILE_NAME_SIZE 64
typedef struct store_palette_entry /* record of a single palette entry */
{
png_byte red;
png_byte green;
png_byte blue;
png_byte alpha;
} store_palette_entry, store_palette[256];
typedef struct png_store_file
{
struct png_store_file* next; /* as many as you like... */
char name[FILE_NAME_SIZE];
unsigned int IDAT_bits; /* Number of bits in IDAT size */
png_uint_32 IDAT_size; /* Total size of IDAT data */
png_uint_32 id; /* must be correct (see FILEID) */
size_t datacount; /* In this (the last) buffer */
png_store_buffer data; /* Last buffer in file */
int npalette; /* Number of entries in palette */
store_palette_entry* palette; /* May be NULL */
} png_store_file;
/* The following is a pool of memory allocated by a single libpng read or write
* operation.
*/
typedef struct store_pool
{
struct png_store *store; /* Back pointer */
struct store_memory *list; /* List of allocated memory */
png_byte mark[4]; /* Before and after data */
/* Statistics for this run. */
png_alloc_size_t max; /* Maximum single allocation */
png_alloc_size_t current; /* Current allocation */
png_alloc_size_t limit; /* Highest current allocation */
png_alloc_size_t total; /* Total allocation */
/* Overall statistics (retained across successive runs). */
png_alloc_size_t max_max;
png_alloc_size_t max_limit;
png_alloc_size_t max_total;
} store_pool;
typedef struct png_store
{
/* For cexcept.h exception handling - simply store one of these;
* the context is a self pointer but it may point to a different
* png_store (in fact it never does in this program.)
*/
struct exception_context
exception_context;
unsigned int verbose :1;
unsigned int treat_warnings_as_errors :1;
unsigned int expect_error :1;
unsigned int expect_warning :1;
unsigned int saw_warning :1;
unsigned int speed :1;
unsigned int progressive :1; /* use progressive read */
unsigned int validated :1; /* used as a temporary flag */
int nerrors;
int nwarnings;
int noptions; /* number of options below: */
struct {
unsigned char option; /* option number, 0..30 */
unsigned char setting; /* setting (unset,invalid,on,off) */
} options[16];
char test[128]; /* Name of test */
char error[256];
/* Share fields */
png_uint_32 chunklen; /* Length of chunk+overhead (chunkpos >= 8) */
png_uint_32 chunktype;/* Type of chunk (valid if chunkpos >= 4) */
png_uint_32 chunkpos; /* Position in chunk */
png_uint_32 IDAT_size;/* Accumulated IDAT size in .new */
unsigned int IDAT_bits;/* Cache of the file store value */
/* Read fields */
png_structp pread; /* Used to read a saved file */
png_infop piread;
png_store_file* current; /* Set when reading */
png_store_buffer* next; /* Set when reading */
size_t readpos; /* Position in *next */
png_byte* image; /* Buffer for reading interlaced images */
size_t cb_image; /* Size of this buffer */
size_t cb_row; /* Row size of the image(s) */
uLong IDAT_crc;
png_uint_32 IDAT_len; /* Used when re-chunking IDAT chunks */
png_uint_32 IDAT_pos; /* Used when re-chunking IDAT chunks */
png_uint_32 image_h; /* Number of rows in a single image */
store_pool read_memory_pool;
/* Write fields */
png_store_file* saved;
png_structp pwrite; /* Used when writing a new file */
png_infop piwrite;
size_t writepos; /* Position in .new */
char wname[FILE_NAME_SIZE];
png_store_buffer new; /* The end of the new PNG file being written. */
store_pool write_memory_pool;
store_palette_entry* palette;
int npalette;
} png_store;
/* Initialization and cleanup */
static void
store_pool_mark(png_bytep mark)
{
static png_uint_32 store_seed[2] = { 0x12345678, 1};
make_four_random_bytes(store_seed, mark);
}
#ifdef PNG_READ_TRANSFORMS_SUPPORTED
/* Use this for random 32 bit values; this function makes sure the result is
* non-zero.
*/
static png_uint_32
random_32(void)
{
for (;;)
{
png_byte mark[4];
png_uint_32 result;
store_pool_mark(mark);
result = png_get_uint_32(mark);
if (result != 0)
return result;
}
}
#endif /* PNG_READ_SUPPORTED */
static void
store_pool_init(png_store *ps, store_pool *pool)
{
memset(pool, 0, sizeof *pool);
pool->store = ps;
pool->list = NULL;
pool->max = pool->current = pool->limit = pool->total = 0;
pool->max_max = pool->max_limit = pool->max_total = 0;
store_pool_mark(pool->mark);
}
static void
store_init(png_store* ps)
{
memset(ps, 0, sizeof *ps);
init_exception_context(&ps->exception_context);
store_pool_init(ps, &ps->read_memory_pool);
store_pool_init(ps, &ps->write_memory_pool);
ps->verbose = 0;
ps->treat_warnings_as_errors = 0;
ps->expect_error = 0;
ps->expect_warning = 0;
ps->saw_warning = 0;
ps->speed = 0;
ps->progressive = 0;
ps->validated = 0;
ps->nerrors = ps->nwarnings = 0;
ps->pread = NULL;
ps->piread = NULL;
ps->saved = ps->current = NULL;
ps->next = NULL;
ps->readpos = 0;
ps->image = NULL;
ps->cb_image = 0;
ps->cb_row = 0;
ps->image_h = 0;
ps->pwrite = NULL;
ps->piwrite = NULL;
ps->writepos = 0;
ps->chunkpos = 8;
ps->chunktype = 0;
ps->chunklen = 16;
ps->IDAT_size = 0;
ps->IDAT_bits = 0;
ps->new.prev = NULL;
ps->palette = NULL;
ps->npalette = 0;
ps->noptions = 0;
}
static void
store_freebuffer(png_store_buffer* psb)
{
if (psb->prev)
{
store_freebuffer(psb->prev);
free(psb->prev);
psb->prev = NULL;
}
}
static void
store_freenew(png_store *ps)
{
store_freebuffer(&ps->new);
ps->writepos = 0;
ps->chunkpos = 8;
ps->chunktype = 0;
ps->chunklen = 16;
ps->IDAT_size = 0;
ps->IDAT_bits = 0;
if (ps->palette != NULL)
{
free(ps->palette);
ps->palette = NULL;
ps->npalette = 0;
}
}
static void
store_storenew(png_store *ps)
{
png_store_buffer *pb;
pb = voidcast(png_store_buffer*, malloc(sizeof *pb));
if (pb == NULL)
png_error(ps->pwrite, "store new: OOM");
*pb = ps->new;
ps->new.prev = pb;
ps->writepos = 0;
}
static void
store_freefile(png_store_file **ppf)
{
if (*ppf != NULL)
{
store_freefile(&(*ppf)->next);
store_freebuffer(&(*ppf)->data);
(*ppf)->datacount = 0;
if ((*ppf)->palette != NULL)
{
free((*ppf)->palette);
(*ppf)->palette = NULL;
(*ppf)->npalette = 0;
}
free(*ppf);
*ppf = NULL;
}
}
static unsigned int
bits_of(png_uint_32 num)
{
/* Return the number of bits in 'num' */
unsigned int b = 0;
if (num & 0xffff0000U) b += 16U, num >>= 16;
if (num & 0xff00U) b += 8U, num >>= 8;
if (num & 0xf0U) b += 4U, num >>= 4;
if (num & 0xcU) b += 2U, num >>= 2;
if (num & 0x2U) ++b, num >>= 1;
if (num) ++b;
return b; /* 0..32 */
}
/* Main interface to file storage, after writing a new PNG file (see the API
* below) call store_storefile to store the result with the given name and id.
*/
static void
store_storefile(png_store *ps, png_uint_32 id)
{
png_store_file *pf;
if (ps->chunkpos != 0U || ps->chunktype != 0U || ps->chunklen != 0U ||
ps->IDAT_size == 0)
png_error(ps->pwrite, "storefile: incomplete write");
pf = voidcast(png_store_file*, malloc(sizeof *pf));
if (pf == NULL)
png_error(ps->pwrite, "storefile: OOM");
safecat(pf->name, sizeof pf->name, 0, ps->wname);
pf->id = id;
pf->data = ps->new;
pf->datacount = ps->writepos;
pf->IDAT_size = ps->IDAT_size;
pf->IDAT_bits = bits_of(ps->IDAT_size);
/* Because the IDAT always has zlib header stuff this must be true: */
if (pf->IDAT_bits == 0U)
png_error(ps->pwrite, "storefile: 0 sized IDAT");
ps->new.prev = NULL;
ps->writepos = 0;
ps->chunkpos = 8;
ps->chunktype = 0;
ps->chunklen = 16;
ps->IDAT_size = 0;
pf->palette = ps->palette;
pf->npalette = ps->npalette;
ps->palette = 0;
ps->npalette = 0;
/* And save it. */
pf->next = ps->saved;
ps->saved = pf;
}
/* Generate an error message (in the given buffer) */
static size_t
store_message(png_store *ps, png_const_structp pp, char *buffer, size_t bufsize,
size_t pos, const char *msg)
{
if (pp != NULL && pp == ps->pread)
{
/* Reading a file */
pos = safecat(buffer, bufsize, pos, "read: ");
if (ps->current != NULL)
{
pos = safecat(buffer, bufsize, pos, ps->current->name);
pos = safecat(buffer, bufsize, pos, sep);
}
}
else if (pp != NULL && pp == ps->pwrite)
{
/* Writing a file */
pos = safecat(buffer, bufsize, pos, "write: ");
pos = safecat(buffer, bufsize, pos, ps->wname);
pos = safecat(buffer, bufsize, pos, sep);
}
else
{
/* Neither reading nor writing (or a memory error in struct delete) */
pos = safecat(buffer, bufsize, pos, "pngvalid: ");
}
if (ps->test[0] != 0)
{
pos = safecat(buffer, bufsize, pos, ps->test);
pos = safecat(buffer, bufsize, pos, sep);
}
pos = safecat(buffer, bufsize, pos, msg);
return pos;
}
/* Verbose output to the error stream: */
static void
store_verbose(png_store *ps, png_const_structp pp, png_const_charp prefix,
png_const_charp message)
{
char buffer[512];
if (prefix)
fputs(prefix, stderr);
(void)store_message(ps, pp, buffer, sizeof buffer, 0, message);
fputs(buffer, stderr);
fputc('\n', stderr);
}
/* Log an error or warning - the relevant count is always incremented. */
static void
store_log(png_store* ps, png_const_structp pp, png_const_charp message,
int is_error)
{
/* The warning is copied to the error buffer if there are no errors and it is
* the first warning. The error is copied to the error buffer if it is the
* first error (overwriting any prior warnings).
*/
if (is_error ? (ps->nerrors)++ == 0 :
(ps->nwarnings)++ == 0 && ps->nerrors == 0)
store_message(ps, pp, ps->error, sizeof ps->error, 0, message);
if (ps->verbose)
store_verbose(ps, pp, is_error ? "error: " : "warning: ", message);
}
#ifdef PNG_READ_SUPPORTED
/* Internal error function, called with a png_store but no libpng stuff. */
static void
internal_error(png_store *ps, png_const_charp message)
{
store_log(ps, NULL, message, 1 /* error */);
/* And finally throw an exception. */
{
struct exception_context *the_exception_context = &ps->exception_context;
Throw ps;
}
}
#endif /* PNG_READ_SUPPORTED */
/* Functions to use as PNG callbacks. */
static void PNGCBAPI
store_error(png_structp ppIn, png_const_charp message) /* PNG_NORETURN */
{
png_const_structp pp = ppIn;
png_store *ps = voidcast(png_store*, png_get_error_ptr(pp));
if (!ps->expect_error)
store_log(ps, pp, message, 1 /* error */);
/* And finally throw an exception. */
{
struct exception_context *the_exception_context = &ps->exception_context;
Throw ps;
}
}
static void PNGCBAPI
store_warning(png_structp ppIn, png_const_charp message)
{
png_const_structp pp = ppIn;
png_store *ps = voidcast(png_store*, png_get_error_ptr(pp));
if (!ps->expect_warning)
store_log(ps, pp, message, 0 /* warning */);
else
ps->saw_warning = 1;
}
/* These somewhat odd functions are used when reading an image to ensure that
* the buffer is big enough, the png_structp is for errors.
*/
/* Return a single row from the correct image. */
static png_bytep
store_image_row(const png_store* ps, png_const_structp pp, int nImage,
png_uint_32 y)
{
size_t coffset = (nImage * ps->image_h + y) * (ps->cb_row + 5) + 2;
if (ps->image == NULL)
png_error(pp, "no allocated image");
if (coffset + ps->cb_row + 3 > ps->cb_image)
png_error(pp, "image too small");
return ps->image + coffset;
}
static void
store_image_free(png_store *ps, png_const_structp pp)
{
if (ps->image != NULL)
{
png_bytep image = ps->image;
if (image[-1] != 0xed || image[ps->cb_image] != 0xfe)
{
if (pp != NULL)
png_error(pp, "png_store image overwrite (1)");
else
store_log(ps, NULL, "png_store image overwrite (2)", 1);
}
ps->image = NULL;
ps->cb_image = 0;
--image;
free(image);
}
}
static void
store_ensure_image(png_store *ps, png_const_structp pp, int nImages,
size_t cbRow, png_uint_32 cRows)
{
size_t cb = nImages * cRows * (cbRow + 5);
if (ps->cb_image < cb)
{
png_bytep image;
store_image_free(ps, pp);
/* The buffer is deliberately mis-aligned. */
image = voidcast(png_bytep, malloc(cb+2));
if (image == NULL)
{
/* Called from the startup - ignore the error for the moment. */
if (pp == NULL)
return;
png_error(pp, "OOM allocating image buffer");
}
/* These magic tags are used to detect overwrites above. */
++image;
image[-1] = 0xed;
image[cb] = 0xfe;
ps->image = image;
ps->cb_image = cb;
}
/* We have an adequate sized image; lay out the rows. There are 2 bytes at
* the start and three at the end of each (this ensures that the row
* alignment starts out odd - 2+1 and changes for larger images on each row.)
*/
ps->cb_row = cbRow;
ps->image_h = cRows;
/* For error checking, the whole buffer is set to 10110010 (0xb2 - 178).
* This deliberately doesn't match the bits in the size test image which are
* outside the image; these are set to 0xff (all 1). To make the row
* comparison work in the 'size' test case the size rows are pre-initialized
* to the same value prior to calling 'standard_row'.
*/
memset(ps->image, 178, cb);
/* Then put in the marks. */
while (--nImages >= 0)
{
png_uint_32 y;
for (y=0; y<cRows; ++y)
{
png_bytep row = store_image_row(ps, pp, nImages, y);
/* The markers: */
row[-2] = 190;
row[-1] = 239;
row[cbRow] = 222;
row[cbRow+1] = 173;
row[cbRow+2] = 17;
}
}
}
#ifdef PNG_READ_SUPPORTED
static void
store_image_check(const png_store* ps, png_const_structp pp, int iImage)
{
png_const_bytep image = ps->image;
if (image[-1] != 0xed || image[ps->cb_image] != 0xfe)
png_error(pp, "image overwrite");
else
{
size_t cbRow = ps->cb_row;
png_uint_32 rows = ps->image_h;
image += iImage * (cbRow+5) * ps->image_h;
image += 2; /* skip image first row markers */
for (; rows > 0; --rows)
{
if (image[-2] != 190 || image[-1] != 239)
png_error(pp, "row start overwritten");
if (image[cbRow] != 222 || image[cbRow+1] != 173 ||
image[cbRow+2] != 17)
png_error(pp, "row end overwritten");
image += cbRow+5;
}
}
}
#endif /* PNG_READ_SUPPORTED */
static int
valid_chunktype(png_uint_32 chunktype)
{
/* Each byte in the chunk type must be in one of the ranges 65..90, 97..122
* (both inclusive), so:
*/
unsigned int i;
for (i=0; i<4; ++i)
{
unsigned int c = chunktype & 0xffU;
if (!((c >= 65U && c <= 90U) || (c >= 97U && c <= 122U)))
return 0;
chunktype >>= 8;
}
return 1; /* It's valid */
}
static void PNGCBAPI
store_write(png_structp ppIn, png_bytep pb, size_t st)
{
png_const_structp pp = ppIn;
png_store *ps = voidcast(png_store*, png_get_io_ptr(pp));
size_t writepos = ps->writepos;
png_uint_32 chunkpos = ps->chunkpos;
png_uint_32 chunktype = ps->chunktype;
png_uint_32 chunklen = ps->chunklen;
if (ps->pwrite != pp)
png_error(pp, "store state damaged");
/* Technically this is legal, but in practice libpng never writes more than
* the maximum chunk size at once so if it happens something weird has
* changed inside libpng (probably).
*/
if (st > 0x7fffffffU)
png_error(pp, "unexpected write size");
/* Now process the bytes to be written. Do this in units of the space in the
* output (write) buffer or, at the start 4 bytes for the chunk type and
* length limited in any case by the amount of data.
*/
while (st > 0)
{
if (writepos >= STORE_BUFFER_SIZE)
store_storenew(ps), writepos = 0;
if (chunkpos < 4)
{
png_byte b = *pb++;
--st;
chunklen = (chunklen << 8) + b;
ps->new.buffer[writepos++] = b;
++chunkpos;
}
else if (chunkpos < 8)
{
png_byte b = *pb++;
--st;
chunktype = (chunktype << 8) + b;
ps->new.buffer[writepos++] = b;
if (++chunkpos == 8)
{
chunklen &= 0xffffffffU;
if (chunklen > 0x7fffffffU)
png_error(pp, "chunk length too great");
chunktype &= 0xffffffffU;
if (chunktype == CHUNK_IDAT)
{
if (chunklen > ~ps->IDAT_size)
png_error(pp, "pngvalid internal image too large");
ps->IDAT_size += chunklen;
}
else if (!valid_chunktype(chunktype))
png_error(pp, "invalid chunk type");
chunklen += 12; /* for header and CRC */
}
}
else /* chunkpos >= 8 */
{
size_t cb = st;
if (cb > STORE_BUFFER_SIZE - writepos)
cb = STORE_BUFFER_SIZE - writepos;
if (cb > chunklen - chunkpos/* bytes left in chunk*/)
cb = (size_t)/*SAFE*/(chunklen - chunkpos);
memcpy(ps->new.buffer + writepos, pb, cb);
chunkpos += (png_uint_32)/*SAFE*/cb;
pb += cb;
writepos += cb;
st -= cb;
if (chunkpos >= chunklen) /* must be equal */
chunkpos = chunktype = chunklen = 0;
}
} /* while (st > 0) */
ps->writepos = writepos;
ps->chunkpos = chunkpos;
ps->chunktype = chunktype;
ps->chunklen = chunklen;
}
static void PNGCBAPI
store_flush(png_structp ppIn)
{
UNUSED(ppIn) /*DOES NOTHING*/
}
#ifdef PNG_READ_SUPPORTED
static size_t
store_read_buffer_size(png_store *ps)
{
/* Return the bytes available for read in the current buffer. */
if (ps->next != &ps->current->data)
return STORE_BUFFER_SIZE;
return ps->current->datacount;
}
/* Return total bytes available for read. */
static size_t
store_read_buffer_avail(png_store *ps)
{
if (ps->current != NULL && ps->next != NULL)
{
png_store_buffer *next = &ps->current->data;
size_t cbAvail = ps->current->datacount;
while (next != ps->next && next != NULL)
{
next = next->prev;
cbAvail += STORE_BUFFER_SIZE;
}
if (next != ps->next)
png_error(ps->pread, "buffer read error");
if (cbAvail > ps->readpos)
return cbAvail - ps->readpos;
}
return 0;
}
static int
store_read_buffer_next(png_store *ps)
{
png_store_buffer *pbOld = ps->next;
png_store_buffer *pbNew = &ps->current->data;
if (pbOld != pbNew)
{
while (pbNew != NULL && pbNew->prev != pbOld)
pbNew = pbNew->prev;
if (pbNew != NULL)
{
ps->next = pbNew;
ps->readpos = 0;
return 1;
}
png_error(ps->pread, "buffer lost");
}
return 0; /* EOF or error */
}
/* Need separate implementation and callback to allow use of the same code
* during progressive read, where the io_ptr is set internally by libpng.
*/
static void
store_read_imp(png_store *ps, png_bytep pb, size_t st)
{
if (ps->current == NULL || ps->next == NULL)
png_error(ps->pread, "store state damaged");
while (st > 0)
{
size_t cbAvail = store_read_buffer_size(ps) - ps->readpos;
if (cbAvail > 0)
{
if (cbAvail > st) cbAvail = st;
memcpy(pb, ps->next->buffer + ps->readpos, cbAvail);
st -= cbAvail;
pb += cbAvail;
ps->readpos += cbAvail;
}
else if (!store_read_buffer_next(ps))
png_error(ps->pread, "read beyond end of file");
}
}
static size_t
store_read_chunk(png_store *ps, png_bytep pb, size_t max, size_t min)
{
png_uint_32 chunklen = ps->chunklen;
png_uint_32 chunktype = ps->chunktype;
png_uint_32 chunkpos = ps->chunkpos;
size_t st = max;
if (st > 0) do
{
if (chunkpos >= chunklen) /* end of last chunk */
{
png_byte buffer[8];
/* Read the header of the next chunk: */
store_read_imp(ps, buffer, 8U);
chunklen = png_get_uint_32(buffer) + 12U;
chunktype = png_get_uint_32(buffer+4U);
chunkpos = 0U; /* Position read so far */
}
if (chunktype == CHUNK_IDAT)
{
png_uint_32 IDAT_pos = ps->IDAT_pos;
png_uint_32 IDAT_len = ps->IDAT_len;
png_uint_32 IDAT_size = ps->IDAT_size;
/* The IDAT headers are constructed here; skip the input header. */
if (chunkpos < 8U)
chunkpos = 8U;
if (IDAT_pos == IDAT_len)
{
png_byte random = random_byte();
/* Make a new IDAT chunk, if IDAT_len is 0 this is the first IDAT,
* if IDAT_size is 0 this is the end. At present this is set up
* using a random number so that there is a 25% chance before
* the start of the first IDAT chunk being 0 length.
*/
if (IDAT_len == 0U) /* First IDAT */
{
switch (random & 3U)
{
case 0U: IDAT_len = 12U; break; /* 0 bytes */
case 1U: IDAT_len = 13U; break; /* 1 byte */
default: IDAT_len = random_u32();
IDAT_len %= IDAT_size;
IDAT_len += 13U; /* 1..IDAT_size bytes */
break;
}
}
else if (IDAT_size == 0U) /* all IDAT data read */
{
/* The last (IDAT) chunk should be positioned at the CRC now: */
if (chunkpos != chunklen-4U)
png_error(ps->pread, "internal: IDAT size mismatch");
/* The only option here is to add a zero length IDAT, this
* happens 25% of the time. Because of the check above
* chunklen-4U-chunkpos must be zero, we just need to skip the
* CRC now.
*/
if ((random & 3U) == 0U)
IDAT_len = 12U; /* Output another 0 length IDAT */
else
{
/* End of IDATs, skip the CRC to make the code above load the
* next chunk header next time round.
*/
png_byte buffer[4];
store_read_imp(ps, buffer, 4U);
chunkpos += 4U;
ps->IDAT_pos = IDAT_pos;
ps->IDAT_len = IDAT_len;
ps->IDAT_size = 0U;
continue; /* Read the next chunk */
}
}
else
{
/* Middle of IDATs, use 'random' to determine the number of bits
* to use in the IDAT length.
*/
IDAT_len = random_u32();
IDAT_len &= (1U << (1U + random % ps->IDAT_bits)) - 1U;
if (IDAT_len > IDAT_size)
IDAT_len = IDAT_size;
IDAT_len += 12U; /* zero bytes may occur */
}
IDAT_pos = 0U;
ps->IDAT_crc = 0x35af061e; /* Ie: crc32(0UL, "IDAT", 4) */
} /* IDAT_pos == IDAT_len */
if (IDAT_pos < 8U) /* Return the header */ do
{
png_uint_32 b;
unsigned int shift;
if (IDAT_pos < 4U)
b = IDAT_len - 12U;
else
b = CHUNK_IDAT;
shift = 3U & IDAT_pos;
++IDAT_pos;
if (shift < 3U)
b >>= 8U*(3U-shift);
*pb++ = 0xffU & b;
}
while (--st > 0 && IDAT_pos < 8);
else if (IDAT_pos < IDAT_len - 4U) /* I.e not the CRC */
{
if (chunkpos < chunklen-4U)
{
uInt avail = (uInt)-1;
if (avail > (IDAT_len-4U) - IDAT_pos)
avail = (uInt)/*SAFE*/((IDAT_len-4U) - IDAT_pos);
if (avail > st)
avail = (uInt)/*SAFE*/st;
if (avail > (chunklen-4U) - chunkpos)
avail = (uInt)/*SAFE*/((chunklen-4U) - chunkpos);
store_read_imp(ps, pb, avail);
ps->IDAT_crc = crc32(ps->IDAT_crc, pb, avail);
pb += (size_t)/*SAFE*/avail;
st -= (size_t)/*SAFE*/avail;
chunkpos += (png_uint_32)/*SAFE*/avail;
IDAT_size -= (png_uint_32)/*SAFE*/avail;
IDAT_pos += (png_uint_32)/*SAFE*/avail;
}
else /* skip the input CRC */
{
png_byte buffer[4];
store_read_imp(ps, buffer, 4U);
chunkpos += 4U;
}
}
else /* IDAT crc */ do
{
uLong b = ps->IDAT_crc;
unsigned int shift = (IDAT_len - IDAT_pos); /* 4..1 */
++IDAT_pos;
if (shift > 1U)
b >>= 8U*(shift-1U);
*pb++ = 0xffU & b;
}
while (--st > 0 && IDAT_pos < IDAT_len);
ps->IDAT_pos = IDAT_pos;
ps->IDAT_len = IDAT_len;
ps->IDAT_size = IDAT_size;
}
else /* !IDAT */
{
/* If there is still some pending IDAT data after the IDAT chunks have
* been processed there is a problem:
*/
if (ps->IDAT_len > 0 && ps->IDAT_size > 0)
png_error(ps->pread, "internal: missing IDAT data");
if (chunktype == CHUNK_IEND && ps->IDAT_len == 0U)
png_error(ps->pread, "internal: missing IDAT");
if (chunkpos < 8U) /* Return the header */ do
{
png_uint_32 b;
unsigned int shift;
if (chunkpos < 4U)
b = chunklen - 12U;
else
b = chunktype;
shift = 3U & chunkpos;
++chunkpos;
if (shift < 3U)
b >>= 8U*(3U-shift);
*pb++ = 0xffU & b;
}
while (--st > 0 && chunkpos < 8);
else /* Return chunk bytes, including the CRC */
{
size_t avail = st;
if (avail > chunklen - chunkpos)
avail = (size_t)/*SAFE*/(chunklen - chunkpos);
store_read_imp(ps, pb, avail);
pb += avail;
st -= avail;
chunkpos += (png_uint_32)/*SAFE*/avail;
/* Check for end of chunk and end-of-file; don't try to read a new
* chunk header at this point unless instructed to do so by 'min'.
*/
if (chunkpos >= chunklen && max-st >= min &&
store_read_buffer_avail(ps) == 0)
break;
}
} /* !IDAT */
}
while (st > 0);
ps->chunklen = chunklen;
ps->chunktype = chunktype;
ps->chunkpos = chunkpos;
return st; /* space left */
}
static void PNGCBAPI
store_read(png_structp ppIn, png_bytep pb, size_t st)
{
png_const_structp pp = ppIn;
png_store *ps = voidcast(png_store*, png_get_io_ptr(pp));
if (ps == NULL || ps->pread != pp)
png_error(pp, "bad store read call");
store_read_chunk(ps, pb, st, st);
}
static void
store_progressive_read(png_store *ps, png_structp pp, png_infop pi)
{
if (ps->pread != pp || ps->current == NULL || ps->next == NULL)
png_error(pp, "store state damaged (progressive)");
/* This is another Horowitz and Hill random noise generator. In this case
* the aim is to stress the progressive reader with truly horrible variable
* buffer sizes in the range 1..500, so a sequence of 9 bit random numbers
* is generated. We could probably just count from 1 to 32767 and get as
* good a result.
*/
while (store_read_buffer_avail(ps) > 0)
{
static png_uint_32 noise = 2;
size_t cb;
png_byte buffer[512];
/* Generate 15 more bits of stuff: */
noise = (noise << 9) | ((noise ^ (noise >> (9-5))) & 0x1ff);
cb = noise & 0x1ff;
cb -= store_read_chunk(ps, buffer, cb, 1);
png_process_data(pp, pi, buffer, cb);
}
}
#endif /* PNG_READ_SUPPORTED */
/* The caller must fill this in: */
static store_palette_entry *
store_write_palette(png_store *ps, int npalette)
{
if (ps->pwrite == NULL)
store_log(ps, NULL, "attempt to write palette without write stream", 1);
if (ps->palette != NULL)
png_error(ps->pwrite, "multiple store_write_palette calls");
/* This function can only return NULL if called with '0'! */
if (npalette > 0)
{
ps->palette = voidcast(store_palette_entry*, malloc(npalette *
sizeof *ps->palette));
if (ps->palette == NULL)
png_error(ps->pwrite, "store new palette: OOM");
ps->npalette = npalette;
}
return ps->palette;
}
#ifdef PNG_READ_SUPPORTED
static store_palette_entry *
store_current_palette(png_store *ps, int *npalette)
{
/* This is an internal error (the call has been made outside a read
* operation.)
*/
if (ps->current == NULL)
{
store_log(ps, ps->pread, "no current stream for palette", 1);
return NULL;
}
/* The result may be null if there is no palette. */
*npalette = ps->current->npalette;
return ps->current->palette;
}
#endif /* PNG_READ_SUPPORTED */
/***************************** MEMORY MANAGEMENT*** ***************************/
#ifdef PNG_USER_MEM_SUPPORTED
/* A store_memory is simply the header for an allocated block of memory. The
* pointer returned to libpng is just after the end of the header block, the
* allocated memory is followed by a second copy of the 'mark'.
*/
typedef struct store_memory
{
store_pool *pool; /* Originating pool */
struct store_memory *next; /* Singly linked list */
png_alloc_size_t size; /* Size of memory allocated */
png_byte mark[4]; /* ID marker */
} store_memory;
/* Handle a fatal error in memory allocation. This calls png_error if the
* libpng struct is non-NULL, else it outputs a message and returns. This means
* that a memory problem while libpng is running will abort (png_error) the
* handling of particular file while one in cleanup (after the destroy of the
* struct has returned) will simply keep going and free (or attempt to free)
* all the memory.
*/
static void
store_pool_error(png_store *ps, png_const_structp pp, const char *msg)
{
if (pp != NULL)
png_error(pp, msg);
/* Else we have to do it ourselves. png_error eventually calls store_log,
* above. store_log accepts a NULL png_structp - it just changes what gets
* output by store_message.
*/
store_log(ps, pp, msg, 1 /* error */);
}
static void
store_memory_free(png_const_structp pp, store_pool *pool, store_memory *memory)
{
/* Note that pp may be NULL (see store_pool_delete below), the caller has
* found 'memory' in pool->list *and* unlinked this entry, so this is a valid
* pointer (for sure), but the contents may have been trashed.
*/
if (memory->pool != pool)
store_pool_error(pool->store, pp, "memory corrupted (pool)");
else if (memcmp(memory->mark, pool->mark, sizeof memory->mark) != 0)
store_pool_error(pool->store, pp, "memory corrupted (start)");
/* It should be safe to read the size field now. */
else
{
png_alloc_size_t cb = memory->size;
if (cb > pool->max)
store_pool_error(pool->store, pp, "memory corrupted (size)");
else if (memcmp((png_bytep)(memory+1)+cb, pool->mark, sizeof pool->mark)
!= 0)
store_pool_error(pool->store, pp, "memory corrupted (end)");
/* Finally give the library a chance to find problems too: */
else
{
pool->current -= cb;
free(memory);
}
}
}
static void
store_pool_delete(png_store *ps, store_pool *pool)
{
if (pool->list != NULL)
{
fprintf(stderr, "%s: %s %s: memory lost (list follows):\n", ps->test,
pool == &ps->read_memory_pool ? "read" : "write",
pool == &ps->read_memory_pool ? (ps->current != NULL ?
ps->current->name : "unknown file") : ps->wname);
++ps->nerrors;
do
{
store_memory *next = pool->list;
pool->list = next->next;
next->next = NULL;
fprintf(stderr, "\t%lu bytes @ %p\n",
(unsigned long)next->size, (const void*)(next+1));
/* The NULL means this will always return, even if the memory is
* corrupted.
*/
store_memory_free(NULL, pool, next);
}
while (pool->list != NULL);
}
/* And reset the other fields too for the next time. */
if (pool->max > pool->max_max) pool->max_max = pool->max;
pool->max = 0;
if (pool->current != 0) /* unexpected internal error */
fprintf(stderr, "%s: %s %s: memory counter mismatch (internal error)\n",
ps->test, pool == &ps->read_memory_pool ? "read" : "write",
pool == &ps->read_memory_pool ? (ps->current != NULL ?
ps->current->name : "unknown file") : ps->wname);
pool->current = 0;
if (pool->limit > pool->max_limit)
pool->max_limit = pool->limit;
pool->limit = 0;
if (pool->total > pool->max_total)
pool->max_total = pool->total;
pool->total = 0;
/* Get a new mark too. */
store_pool_mark(pool->mark);
}
/* The memory callbacks: */
static png_voidp PNGCBAPI
store_malloc(png_structp ppIn, png_alloc_size_t cb)
{
png_const_structp pp = ppIn;
store_pool *pool = voidcast(store_pool*, png_get_mem_ptr(pp));
store_memory *new = voidcast(store_memory*, malloc(cb + (sizeof *new) +
(sizeof pool->mark)));
if (new != NULL)
{
if (cb > pool->max)
pool->max = cb;
pool->current += cb;
if (pool->current > pool->limit)
pool->limit = pool->current;
pool->total += cb;
new->size = cb;
memcpy(new->mark, pool->mark, sizeof new->mark);
memcpy((png_byte*)(new+1) + cb, pool->mark, sizeof pool->mark);
new->pool = pool;
new->next = pool->list;
pool->list = new;
++new;
}
else
{
/* NOTE: the PNG user malloc function cannot use the png_ptr it is passed
* other than to retrieve the allocation pointer! libpng calls the
* store_malloc callback in two basic cases:
*
* 1) From png_malloc; png_malloc will do a png_error itself if NULL is
* returned.
* 2) From png_struct or png_info structure creation; png_malloc is
* to return so cleanup can be performed.
*
* To handle this store_malloc can log a message, but can't do anything
* else.
*/
store_log(pool->store, pp, "out of memory", 1 /* is_error */);
}
return new;
}
static void PNGCBAPI
store_free(png_structp ppIn, png_voidp memory)
{
png_const_structp pp = ppIn;
store_pool *pool = voidcast(store_pool*, png_get_mem_ptr(pp));
store_memory *this = voidcast(store_memory*, memory), **test;
/* Because libpng calls store_free with a dummy png_struct when deleting
* png_struct or png_info via png_destroy_struct_2 it is necessary to check
* the passed in png_structp to ensure it is valid, and not pass it to
* png_error if it is not.
*/
if (pp != pool->store->pread && pp != pool->store->pwrite)
pp = NULL;
/* First check that this 'memory' really is valid memory - it must be in the
* pool list. If it is, use the shared memory_free function to free it.
*/
--this;
for (test = &pool->list; *test != this; test = &(*test)->next)
{
if (*test == NULL)
{
store_pool_error(pool->store, pp, "bad pointer to free");
return;
}
}
/* Unlink this entry, *test == this. */
*test = this->next;
this->next = NULL;
store_memory_free(pp, pool, this);
}
#endif /* PNG_USER_MEM_SUPPORTED */
/* Setup functions. */
/* Cleanup when aborting a write or after storing the new file. */
static void
store_write_reset(png_store *ps)
{
if (ps->pwrite != NULL)
{
anon_context(ps);
Try
png_destroy_write_struct(&ps->pwrite, &ps->piwrite);
Catch_anonymous
{
/* memory corruption: continue. */
}
ps->pwrite = NULL;
ps->piwrite = NULL;
}
/* And make sure that all the memory has been freed - this will output
* spurious errors in the case of memory corruption above, but this is safe.
*/
# ifdef PNG_USER_MEM_SUPPORTED
store_pool_delete(ps, &ps->write_memory_pool);
# endif
store_freenew(ps);
}
/* The following is the main write function, it returns a png_struct and,
* optionally, a png_info suitable for writiing a new PNG file. Use
* store_storefile above to record this file after it has been written. The
* returned libpng structures as destroyed by store_write_reset above.
*/
static png_structp
set_store_for_write(png_store *ps, png_infopp ppi, const char *name)
{
anon_context(ps);
Try
{
if (ps->pwrite != NULL)
png_error(ps->pwrite, "write store already in use");
store_write_reset(ps);
safecat(ps->wname, sizeof ps->wname, 0, name);
/* Don't do the slow memory checks if doing a speed test, also if user
* memory is not supported we can't do it anyway.
*/
# ifdef PNG_USER_MEM_SUPPORTED
if (!ps->speed)
ps->pwrite = png_create_write_struct_2(PNG_LIBPNG_VER_STRING,
ps, store_error, store_warning, &ps->write_memory_pool,
store_malloc, store_free);
else
# endif
ps->pwrite = png_create_write_struct(PNG_LIBPNG_VER_STRING,
ps, store_error, store_warning);
png_set_write_fn(ps->pwrite, ps, store_write, store_flush);
# ifdef PNG_SET_OPTION_SUPPORTED
{
int opt;
for (opt=0; opt<ps->noptions; ++opt)
if (png_set_option(ps->pwrite, ps->options[opt].option,
ps->options[opt].setting) == PNG_OPTION_INVALID)
png_error(ps->pwrite, "png option invalid");
}
# endif
if (ppi != NULL)
*ppi = ps->piwrite = png_create_info_struct(ps->pwrite);
}
Catch_anonymous
return NULL;
return ps->pwrite;
}
/* Cleanup when finished reading (either due to error or in the success case).
* This routine exists even when there is no read support to make the code
* tidier (avoid a mass of ifdefs) and so easier to maintain.
*/
static void
store_read_reset(png_store *ps)
{
# ifdef PNG_READ_SUPPORTED
if (ps->pread != NULL)
{
anon_context(ps);
Try
png_destroy_read_struct(&ps->pread, &ps->piread, NULL);
Catch_anonymous
{
/* error already output: continue */
}
ps->pread = NULL;
ps->piread = NULL;
}
# endif
# ifdef PNG_USER_MEM_SUPPORTED
/* Always do this to be safe. */
store_pool_delete(ps, &ps->read_memory_pool);
# endif
ps->current = NULL;
ps->next = NULL;
ps->readpos = 0;
ps->validated = 0;
ps->chunkpos = 8;
ps->chunktype = 0;
ps->chunklen = 16;
ps->IDAT_size = 0;
}
#ifdef PNG_READ_SUPPORTED
static void
store_read_set(png_store *ps, png_uint_32 id)
{
png_store_file *pf = ps->saved;
while (pf != NULL)
{
if (pf->id == id)
{
ps->current = pf;
ps->next = NULL;
ps->IDAT_size = pf->IDAT_size;
ps->IDAT_bits = pf->IDAT_bits; /* just a cache */
ps->IDAT_len = 0;
ps->IDAT_pos = 0;
ps->IDAT_crc = 0UL;
store_read_buffer_next(ps);
return;
}
pf = pf->next;
}
{
size_t pos;
char msg[FILE_NAME_SIZE+64];
pos = standard_name_from_id(msg, sizeof msg, 0, id);
pos = safecat(msg, sizeof msg, pos, ": file not found");
png_error(ps->pread, msg);
}
}
/* The main interface for reading a saved file - pass the id number of the file
* to retrieve. Ids must be unique or the earlier file will be hidden. The API
* returns a png_struct and, optionally, a png_info. Both of these will be
* destroyed by store_read_reset above.
*/
static png_structp
set_store_for_read(png_store *ps, png_infopp ppi, png_uint_32 id,
const char *name)
{
/* Set the name for png_error */
safecat(ps->test, sizeof ps->test, 0, name);
if (ps->pread != NULL)
png_error(ps->pread, "read store already in use");
store_read_reset(ps);
/* Both the create APIs can return NULL if used in their default mode
* (because there is no other way of handling an error because the jmp_buf
* by default is stored in png_struct and that has not been allocated!)
* However, given that store_error works correctly in these circumstances
* we don't ever expect NULL in this program.
*/
# ifdef PNG_USER_MEM_SUPPORTED
if (!ps->speed)
ps->pread = png_create_read_struct_2(PNG_LIBPNG_VER_STRING, ps,
store_error, store_warning, &ps->read_memory_pool, store_malloc,
store_free);
else
# endif
ps->pread = png_create_read_struct(PNG_LIBPNG_VER_STRING, ps, store_error,
store_warning);
if (ps->pread == NULL)
{
struct exception_context *the_exception_context = &ps->exception_context;
store_log(ps, NULL, "png_create_read_struct returned NULL (unexpected)",
1 /*error*/);
Throw ps;
}
# ifdef PNG_SET_OPTION_SUPPORTED
{
int opt;
for (opt=0; opt<ps->noptions; ++opt)
if (png_set_option(ps->pread, ps->options[opt].option,
ps->options[opt].setting) == PNG_OPTION_INVALID)
png_error(ps->pread, "png option invalid");
}
# endif
store_read_set(ps, id);
if (ppi != NULL)
*ppi = ps->piread = png_create_info_struct(ps->pread);
return ps->pread;
}
#endif /* PNG_READ_SUPPORTED */
/* The overall cleanup of a store simply calls the above then removes all the
* saved files. This does not delete the store itself.
*/
static void
store_delete(png_store *ps)
{
store_write_reset(ps);
store_read_reset(ps);
store_freefile(&ps->saved);
store_image_free(ps, NULL);
}
/*********************** PNG FILE MODIFICATION ON READ ************************/
/* Files may be modified on read. The following structure contains a complete
* png_store together with extra members to handle modification and a special
* read callback for libpng. To use this the 'modifications' field must be set
* to a list of png_modification structures that actually perform the
* modification, otherwise a png_modifier is functionally equivalent to a
* png_store. There is a special read function, set_modifier_for_read, which
* replaces set_store_for_read.
*/
typedef enum modifier_state
{
modifier_start, /* Initial value */
modifier_signature, /* Have a signature */
modifier_IHDR /* Have an IHDR */
} modifier_state;
typedef struct CIE_color
{
/* A single CIE tristimulus value, representing the unique response of a
* standard observer to a variety of light spectra. The observer recognizes
* all spectra that produce this response as the same color, therefore this
* is effectively a description of a color.
*/
double X, Y, Z;
} CIE_color;
typedef struct color_encoding
{
/* A description of an (R,G,B) encoding of color (as defined above); this
* includes the actual colors of the (R,G,B) triples (1,0,0), (0,1,0) and
* (0,0,1) plus an encoding value that is used to encode the linear
* components R, G and B to give the actual values R^gamma, G^gamma and
* B^gamma that are stored.
*/
double gamma; /* Encoding (file) gamma of space */
CIE_color red, green, blue; /* End points */
} color_encoding;
#ifdef PNG_READ_SUPPORTED
#if defined PNG_READ_TRANSFORMS_SUPPORTED && defined PNG_READ_cHRM_SUPPORTED
static double
chromaticity_x(CIE_color c)
{
return c.X / (c.X + c.Y + c.Z);
}
static double
chromaticity_y(CIE_color c)
{
return c.Y / (c.X + c.Y + c.Z);
}
static CIE_color
white_point(const color_encoding *encoding)
{
CIE_color white;
white.X = encoding->red.X + encoding->green.X + encoding->blue.X;
white.Y = encoding->red.Y + encoding->green.Y + encoding->blue.Y;
white.Z = encoding->red.Z + encoding->green.Z + encoding->blue.Z;
return white;
}
#endif /* READ_TRANSFORMS && READ_cHRM */
#ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED
static void
normalize_color_encoding(color_encoding *encoding)
{
const double whiteY = encoding->red.Y + encoding->green.Y +
encoding->blue.Y;
if (whiteY != 1)
{
encoding->red.X /= whiteY;
encoding->red.Y /= whiteY;
encoding->red.Z /= whiteY;
encoding->green.X /= whiteY;
encoding->green.Y /= whiteY;
encoding->green.Z /= whiteY;
encoding->blue.X /= whiteY;
encoding->blue.Y /= whiteY;
encoding->blue.Z /= whiteY;
}
}
#endif
#ifdef PNG_READ_TRANSFORMS_SUPPORTED
static size_t
safecat_color_encoding(char *buffer, size_t bufsize, size_t pos,
const color_encoding *e, double encoding_gamma)
{
if (e != 0)
{
if (encoding_gamma != 0)
pos = safecat(buffer, bufsize, pos, "(");
pos = safecat(buffer, bufsize, pos, "R(");
pos = safecatd(buffer, bufsize, pos, e->red.X, 4);
pos = safecat(buffer, bufsize, pos, ",");
pos = safecatd(buffer, bufsize, pos, e->red.Y, 4);
pos = safecat(buffer, bufsize, pos, ",");
pos = safecatd(buffer, bufsize, pos, e->red.Z, 4);
pos = safecat(buffer, bufsize, pos, "),G(");
pos = safecatd(buffer, bufsize, pos, e->green.X, 4);
pos = safecat(buffer, bufsize, pos, ",");
pos = safecatd(buffer, bufsize, pos, e->green.Y, 4);
pos = safecat(buffer, bufsize, pos, ",");
pos = safecatd(buffer, bufsize, pos, e->green.Z, 4);
pos = safecat(buffer, bufsize, pos, "),B(");
pos = safecatd(buffer, bufsize, pos, e->blue.X, 4);
pos = safecat(buffer, bufsize, pos, ",");
pos = safecatd(buffer, bufsize, pos, e->blue.Y, 4);
pos = safecat(buffer, bufsize, pos, ",");
pos = safecatd(buffer, bufsize, pos, e->blue.Z, 4);
pos = safecat(buffer, bufsize, pos, ")");
if (encoding_gamma != 0)
pos = safecat(buffer, bufsize, pos, ")");
}
if (encoding_gamma != 0)
{
pos = safecat(buffer, bufsize, pos, "^");
pos = safecatd(buffer, bufsize, pos, encoding_gamma, 5);
}
return pos;
}
#endif /* READ_TRANSFORMS */
#endif /* PNG_READ_SUPPORTED */
typedef struct png_modifier
{
png_store this; /* I am a png_store */
struct png_modification *modifications; /* Changes to make */
modifier_state state; /* My state */
/* Information from IHDR: */
png_byte bit_depth; /* From IHDR */
png_byte colour_type; /* From IHDR */
/* While handling PLTE, IDAT and IEND these chunks may be pended to allow
* other chunks to be inserted.
*/
png_uint_32 pending_len;
png_uint_32 pending_chunk;
/* Test values */
double *gammas;
unsigned int ngammas;
unsigned int ngamma_tests; /* Number of gamma tests to run*/
double current_gamma; /* 0 if not set */
const color_encoding *encodings;
unsigned int nencodings;
const color_encoding *current_encoding; /* If an encoding has been set */
unsigned int encoding_counter; /* For iteration */
int encoding_ignored; /* Something overwrote it */
/* Control variables used to iterate through possible encodings, the
* following must be set to 0 and tested by the function that uses the
* png_modifier because the modifier only sets it to 1 (true.)
*/
unsigned int repeat :1; /* Repeat this transform test. */
unsigned int test_uses_encoding :1;
/* Lowest sbit to test (pre-1.7 libpng fails for sbit < 8) */
png_byte sbitlow;
/* Error control - these are the limits on errors accepted by the gamma tests
* below.
*/
double maxout8; /* Maximum output value error */
double maxabs8; /* Absolute sample error 0..1 */
double maxcalc8; /* Absolute sample error 0..1 */
double maxpc8; /* Percentage sample error 0..100% */
double maxout16; /* Maximum output value error */
double maxabs16; /* Absolute sample error 0..1 */
double maxcalc16;/* Absolute sample error 0..1 */
double maxcalcG; /* Absolute sample error 0..1 */
double maxpc16; /* Percentage sample error 0..100% */
/* This is set by transforms that need to allow a higher limit, it is an
* internal check on pngvalid to ensure that the calculated error limits are
* not ridiculous; without this it is too easy to make a mistake in pngvalid
* that allows any value through.
*
* NOTE: this is not checked in release builds.
*/
double limit; /* limit on error values, normally 4E-3 */
/* Log limits - values above this are logged, but not necessarily
* warned.
*/
double log8; /* Absolute error in 8 bits to log */
double log16; /* Absolute error in 16 bits to log */
/* Logged 8 and 16 bit errors ('output' values): */
double error_gray_2;
double error_gray_4;
double error_gray_8;
double error_gray_16;
double error_color_8;
double error_color_16;
double error_indexed;
/* Flags: */
/* Whether to call png_read_update_info, not png_read_start_image, and how
* many times to call it.
*/
int use_update_info;
/* Whether or not to interlace. */
int interlace_type :9; /* int, but must store '1' */
/* Run the standard tests? */
unsigned int test_standard :1;
/* Run the odd-sized image and interlace read/write tests? */
unsigned int test_size :1;
/* Run tests on reading with a combination of transforms, */
unsigned int test_transform :1;
unsigned int test_tRNS :1; /* Includes tRNS images */
/* When to use the use_input_precision option, this controls the gamma
* validation code checks. If set any value that is within the transformed
* range input-.5 to input+.5 will be accepted, otherwise the value must be
* within the normal limits. It should not be necessary to set this; the
* result should always be exact within the permitted error limits.
*/
unsigned int use_input_precision :1;
unsigned int use_input_precision_sbit :1;
unsigned int use_input_precision_16to8 :1;
/* If set assume that the calculation bit depth is set by the input
* precision, not the output precision.
*/
unsigned int calculations_use_input_precision :1;
/* If set assume that the calculations are done in 16 bits even if the sample
* depth is 8 bits.
*/
unsigned int assume_16_bit_calculations :1;
/* Which gamma tests to run: */
unsigned int test_gamma_threshold :1;
unsigned int test_gamma_transform :1; /* main tests */
unsigned int test_gamma_sbit :1;
unsigned int test_gamma_scale16 :1;
unsigned int test_gamma_background :1;
unsigned int test_gamma_alpha_mode :1;
unsigned int test_gamma_expand16 :1;
unsigned int test_exhaustive :1;
/* Whether or not to run the low-bit-depth grayscale tests. This fails on
* gamma images in some cases because of gross inaccuracies in the grayscale
* gamma handling for low bit depth.
*/
unsigned int test_lbg :1;
unsigned int test_lbg_gamma_threshold :1;
unsigned int test_lbg_gamma_transform :1;
unsigned int test_lbg_gamma_sbit :1;
unsigned int test_lbg_gamma_composition :1;
unsigned int log :1; /* Log max error */
/* Buffer information, the buffer size limits the size of the chunks that can
* be modified - they must fit (including header and CRC) into the buffer!
*/
size_t flush; /* Count of bytes to flush */
size_t buffer_count; /* Bytes in buffer */
size_t buffer_position; /* Position in buffer */
png_byte buffer[1024];
} png_modifier;
/* This returns true if the test should be stopped now because it has already
* failed and it is running silently.
*/
static int fail(png_modifier *pm)
{
return !pm->log && !pm->this.verbose && (pm->this.nerrors > 0 ||
(pm->this.treat_warnings_as_errors && pm->this.nwarnings > 0));
}
static void
modifier_init(png_modifier *pm)
{
memset(pm, 0, sizeof *pm);
store_init(&pm->this);
pm->modifications = NULL;
pm->state = modifier_start;
pm->sbitlow = 1U;
pm->ngammas = 0;
pm->ngamma_tests = 0;
pm->gammas = 0;
pm->current_gamma = 0;
pm->encodings = 0;
pm->nencodings = 0;
pm->current_encoding = 0;
pm->encoding_counter = 0;
pm->encoding_ignored = 0;
pm->repeat = 0;
pm->test_uses_encoding = 0;
pm->maxout8 = pm->maxpc8 = pm->maxabs8 = pm->maxcalc8 = 0;
pm->maxout16 = pm->maxpc16 = pm->maxabs16 = pm->maxcalc16 = 0;
pm->maxcalcG = 0;
pm->limit = 4E-3;
pm->log8 = pm->log16 = 0; /* Means 'off' */
pm->error_gray_2 = pm->error_gray_4 = pm->error_gray_8 = 0;
pm->error_gray_16 = pm->error_color_8 = pm->error_color_16 = 0;
pm->error_indexed = 0;
pm->use_update_info = 0;
pm->interlace_type = PNG_INTERLACE_NONE;
pm->test_standard = 0;
pm->test_size = 0;
pm->test_transform = 0;
# ifdef PNG_WRITE_tRNS_SUPPORTED
pm->test_tRNS = 1;
# else
pm->test_tRNS = 0;
# endif
pm->use_input_precision = 0;
pm->use_input_precision_sbit = 0;
pm->use_input_precision_16to8 = 0;
pm->calculations_use_input_precision = 0;
pm->assume_16_bit_calculations = 0;
pm->test_gamma_threshold = 0;
pm->test_gamma_transform = 0;
pm->test_gamma_sbit = 0;
pm->test_gamma_scale16 = 0;
pm->test_gamma_background = 0;
pm->test_gamma_alpha_mode = 0;
pm->test_gamma_expand16 = 0;
pm->test_lbg = 1;
pm->test_lbg_gamma_threshold = 1;
pm->test_lbg_gamma_transform = 1;
pm->test_lbg_gamma_sbit = 1;
pm->test_lbg_gamma_composition = 1;
pm->test_exhaustive = 0;
pm->log = 0;
/* Rely on the memset for all the other fields - there are no pointers */
}
#ifdef PNG_READ_TRANSFORMS_SUPPORTED
/* This controls use of checks that explicitly know how libpng digitizes the
* samples in calculations; setting this circumvents simple error limit checking
* in the rgb_to_gray check, replacing it with an exact copy of the libpng 1.5
* algorithm.
*/
#define DIGITIZE PNG_LIBPNG_VER < 10700
/* If pm->calculations_use_input_precision is set then operations will happen
* with the precision of the input, not the precision of the output depth.
*
* If pm->assume_16_bit_calculations is set then even 8 bit calculations use 16
* bit precision. This only affects those of the following limits that pertain
* to a calculation - not a digitization operation - unless the following API is
* called directly.
*/
#ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED
#if DIGITIZE
static double digitize(double value, int depth, int do_round)
{
/* 'value' is in the range 0 to 1, the result is the same value rounded to a
* multiple of the digitization factor - 8 or 16 bits depending on both the
* sample depth and the 'assume' setting. Digitization is normally by
* rounding and 'do_round' should be 1, if it is 0 the digitized value will
* be truncated.
*/
unsigned int digitization_factor = (1U << depth) - 1;
/* Limiting the range is done as a convenience to the caller - it's easier to
* do it once here than every time at the call site.
*/
if (value <= 0)
value = 0;
else if (value >= 1)
value = 1;
value *= digitization_factor;
if (do_round) value += .5;
return floor(value)/digitization_factor;
}
#endif
#endif /* RGB_TO_GRAY */
#ifdef PNG_READ_GAMMA_SUPPORTED
static double abserr(const png_modifier *pm, int in_depth, int out_depth)
{
/* Absolute error permitted in linear values - affected by the bit depth of
* the calculations.
*/
if (pm->assume_16_bit_calculations ||
(pm->calculations_use_input_precision ? in_depth : out_depth) == 16)
return pm->maxabs16;
else
return pm->maxabs8;
}
static double calcerr(const png_modifier *pm, int in_depth, int out_depth)
{
/* Error in the linear composition arithmetic - only relevant when
* composition actually happens (0 < alpha < 1).
*/
if ((pm->calculations_use_input_precision ? in_depth : out_depth) == 16)
return pm->maxcalc16;
else if (pm->assume_16_bit_calculations)
return pm->maxcalcG;
else
return pm->maxcalc8;
}
static double pcerr(const png_modifier *pm, int in_depth, int out_depth)
{
/* Percentage error permitted in the linear values. Note that the specified
* value is a percentage but this routine returns a simple number.
*/
if (pm->assume_16_bit_calculations ||
(pm->calculations_use_input_precision ? in_depth : out_depth) == 16)
return pm->maxpc16 * .01;
else
return pm->maxpc8 * .01;
}
/* Output error - the error in the encoded value. This is determined by the
* digitization of the output so can be +/-0.5 in the actual output value. In
* the expand_16 case with the current code in libpng the expand happens after
* all the calculations are done in 8 bit arithmetic, so even though the output
* depth is 16 the output error is determined by the 8 bit calculation.
*
* This limit is not determined by the bit depth of internal calculations.
*
* The specified parameter does *not* include the base .5 digitization error but
* it is added here.
*/
static double outerr(const png_modifier *pm, int in_depth, int out_depth)
{
/* There is a serious error in the 2 and 4 bit grayscale transform because
* the gamma table value (8 bits) is simply shifted, not rounded, so the
* error in 4 bit grayscale gamma is up to the value below. This is a hack
* to allow pngvalid to succeed:
*
* TODO: fix this in libpng
*/
if (out_depth == 2)
return .73182-.5;
if (out_depth == 4)
return .90644-.5;
if ((pm->calculations_use_input_precision ? in_depth : out_depth) == 16)
return pm->maxout16;
/* This is the case where the value was calculated at 8-bit precision then
* scaled to 16 bits.
*/
else if (out_depth == 16)
return pm->maxout8 * 257;
else
return pm->maxout8;
}
/* This does the same thing as the above however it returns the value to log,
* rather than raising a warning. This is useful for debugging to track down
* exactly what set of parameters cause high error values.
*/
static double outlog(const png_modifier *pm, int in_depth, int out_depth)
{
/* The command line parameters are either 8 bit (0..255) or 16 bit (0..65535)
* and so must be adjusted for low bit depth grayscale:
*/
if (out_depth <= 8)
{
if (pm->log8 == 0) /* switched off */
return 256;
if (out_depth < 8)
return pm->log8 / 255 * ((1<<out_depth)-1);
return pm->log8;
}
if ((pm->calculations_use_input_precision ? in_depth : out_depth) == 16)
{
if (pm->log16 == 0)
return 65536;
return pm->log16;
}
/* This is the case where the value was calculated at 8-bit precision then
* scaled to 16 bits.
*/
if (pm->log8 == 0)
return 65536;
return pm->log8 * 257;
}
/* This complements the above by providing the appropriate quantization for the
* final value. Normally this would just be quantization to an integral value,
* but in the 8 bit calculation case it's actually quantization to a multiple of
* 257!
*/
static int output_quantization_factor(const png_modifier *pm, int in_depth,
int out_depth)
{
if (out_depth == 16 && in_depth != 16 &&
pm->calculations_use_input_precision)
return 257;
else
return 1;
}
#endif /* PNG_READ_GAMMA_SUPPORTED */
/* One modification structure must be provided for each chunk to be modified (in
* fact more than one can be provided if multiple separate changes are desired
* for a single chunk.) Modifications include adding a new chunk when a
* suitable chunk does not exist.
*
* The caller of modify_fn will reset the CRC of the chunk and record 'modified'
* or 'added' as appropriate if the modify_fn returns 1 (true). If the
* modify_fn is NULL the chunk is simply removed.
*/
typedef struct png_modification
{
struct png_modification *next;
png_uint_32 chunk;
/* If the following is NULL all matching chunks will be removed: */
int (*modify_fn)(struct png_modifier *pm,
struct png_modification *me, int add);
/* If the following is set to PLTE, IDAT or IEND and the chunk has not been
* found and modified (and there is a modify_fn) the modify_fn will be called
* to add the chunk before the relevant chunk.
*/
png_uint_32 add;
unsigned int modified :1; /* Chunk was modified */
unsigned int added :1; /* Chunk was added */
unsigned int removed :1; /* Chunk was removed */
} png_modification;
static void
modification_reset(png_modification *pmm)
{
if (pmm != NULL)
{
pmm->modified = 0;
pmm->added = 0;
pmm->removed = 0;
modification_reset(pmm->next);
}
}
static void
modification_init(png_modification *pmm)
{
memset(pmm, 0, sizeof *pmm);
pmm->next = NULL;
pmm->chunk = 0;
pmm->modify_fn = NULL;
pmm->add = 0;
modification_reset(pmm);
}
#ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED
static void
modifier_current_encoding(const png_modifier *pm, color_encoding *ce)
{
if (pm->current_encoding != 0)
*ce = *pm->current_encoding;
else
memset(ce, 0, sizeof *ce);
ce->gamma = pm->current_gamma;
}
#endif
#ifdef PNG_READ_TRANSFORMS_SUPPORTED
static size_t
safecat_current_encoding(char *buffer, size_t bufsize, size_t pos,
const png_modifier *pm)
{
pos = safecat_color_encoding(buffer, bufsize, pos, pm->current_encoding,
pm->current_gamma);
if (pm->encoding_ignored)
pos = safecat(buffer, bufsize, pos, "[overridden]");
return pos;
}
#endif
/* Iterate through the usefully testable color encodings. An encoding is one
* of:
*
* 1) Nothing (no color space, no gamma).
* 2) Just a gamma value from the gamma array (including 1.0)
* 3) A color space from the encodings array with the corresponding gamma.
* 4) The same, but with gamma 1.0 (only really useful with 16 bit calculations)
*
* The iterator selects these in turn, the randomizer selects one at random,
* which is used depends on the setting of the 'test_exhaustive' flag. Notice
* that this function changes the colour space encoding so it must only be
* called on completion of the previous test. This is what 'modifier_reset'
* does, below.
*
* After the function has been called the 'repeat' flag will still be set; the
* caller of modifier_reset must reset it at the start of each run of the test!
*/
static unsigned int
modifier_total_encodings(const png_modifier *pm)
{
return 1 + /* (1) nothing */
pm->ngammas + /* (2) gamma values to test */
pm->nencodings + /* (3) total number of encodings */
/* The following test only works after the first time through the
* png_modifier code because 'bit_depth' is set when the IHDR is read.
* modifier_reset, below, preserves the setting until after it has called
* the iterate function (also below.)
*
* For this reason do not rely on this function outside a call to
* modifier_reset.
*/
((pm->bit_depth == 16 || pm->assume_16_bit_calculations) ?
pm->nencodings : 0); /* (4) encodings with gamma == 1.0 */
}
static void
modifier_encoding_iterate(png_modifier *pm)
{
if (!pm->repeat && /* Else something needs the current encoding again. */
pm->test_uses_encoding) /* Some transform is encoding dependent */
{
if (pm->test_exhaustive)
{
if (++pm->encoding_counter >= modifier_total_encodings(pm))
pm->encoding_counter = 0; /* This will stop the repeat */
}
else
{
/* Not exhaustive - choose an encoding at random; generate a number in
* the range 1..(max-1), so the result is always non-zero:
*/
if (pm->encoding_counter == 0)
pm->encoding_counter = random_mod(modifier_total_encodings(pm)-1)+1;
else
pm->encoding_counter = 0;
}
if (pm->encoding_counter > 0)
pm->repeat = 1;
}
else if (!pm->repeat)
pm->encoding_counter = 0;
}
static void
modifier_reset(png_modifier *pm)
{
store_read_reset(&pm->this);
pm->limit = 4E-3;
pm->pending_len = pm->pending_chunk = 0;
pm->flush = pm->buffer_count = pm->buffer_position = 0;
pm->modifications = NULL;
pm->state = modifier_start;
modifier_encoding_iterate(pm);
/* The following must be set in the next run. In particular
* test_uses_encodings must be set in the _ini function of each transform
* that looks at the encodings. (Not the 'add' function!)
*/
pm->test_uses_encoding = 0;
pm->current_gamma = 0;
pm->current_encoding = 0;
pm->encoding_ignored = 0;
/* These only become value after IHDR is read: */
pm->bit_depth = pm->colour_type = 0;
}
/* The following must be called before anything else to get the encoding set up
* on the modifier. In particular it must be called before the transform init
* functions are called.
*/
static void
modifier_set_encoding(png_modifier *pm)
{
/* Set the encoding to the one specified by the current encoding counter,
* first clear out all the settings - this corresponds to an encoding_counter
* of 0.
*/
pm->current_gamma = 0;
pm->current_encoding = 0;
pm->encoding_ignored = 0; /* not ignored yet - happens in _ini functions. */
/* Now, if required, set the gamma and encoding fields. */
if (pm->encoding_counter > 0)
{
/* The gammas[] array is an array of screen gammas, not encoding gammas,
* so we need the inverse:
*/
if (pm->encoding_counter <= pm->ngammas)
pm->current_gamma = 1/pm->gammas[pm->encoding_counter-1];
else
{
unsigned int i = pm->encoding_counter - pm->ngammas;
if (i >= pm->nencodings)
{
i %= pm->nencodings;
pm->current_gamma = 1; /* Linear, only in the 16 bit case */
}
else
pm->current_gamma = pm->encodings[i].gamma;
pm->current_encoding = pm->encodings + i;
}
}
}
/* Enquiry functions to find out what is set. Notice that there is an implicit
* assumption below that the first encoding in the list is the one for sRGB.
*/
static int
modifier_color_encoding_is_sRGB(const png_modifier *pm)
{
return pm->current_encoding != 0 && pm->current_encoding == pm->encodings &&
pm->current_encoding->gamma == pm->current_gamma;
}
static int
modifier_color_encoding_is_set(const png_modifier *pm)
{
return pm->current_gamma != 0;
}
/* The guts of modification are performed during a read. */
static void
modifier_crc(png_bytep buffer)
{
/* Recalculate the chunk CRC - a complete chunk must be in
* the buffer, at the start.
*/
uInt datalen = png_get_uint_32(buffer);
uLong crc = crc32(0, buffer+4, datalen+4);
/* The cast to png_uint_32 is safe because a crc32 is always a 32 bit value.
*/
png_save_uint_32(buffer+datalen+8, (png_uint_32)crc);
}
static void
modifier_setbuffer(png_modifier *pm)
{
modifier_crc(pm->buffer);
pm->buffer_count = png_get_uint_32(pm->buffer)+12;
pm->buffer_position = 0;
}
/* Separate the callback into the actual implementation (which is passed the
* png_modifier explicitly) and the callback, which gets the modifier from the
* png_struct.
*/
static void
modifier_read_imp(png_modifier *pm, png_bytep pb, size_t st)
{
while (st > 0)
{
size_t cb;
png_uint_32 len, chunk;
png_modification *mod;
if (pm->buffer_position >= pm->buffer_count) switch (pm->state)
{
static png_byte sign[8] = { 137, 80, 78, 71, 13, 10, 26, 10 };
case modifier_start:
store_read_chunk(&pm->this, pm->buffer, 8, 8); /* signature. */
pm->buffer_count = 8;
pm->buffer_position = 0;
if (memcmp(pm->buffer, sign, 8) != 0)
png_error(pm->this.pread, "invalid PNG file signature");
pm->state = modifier_signature;
break;
case modifier_signature:
store_read_chunk(&pm->this, pm->buffer, 13+12, 13+12); /* IHDR */
pm->buffer_count = 13+12;
pm->buffer_position = 0;
if (png_get_uint_32(pm->buffer) != 13 ||
png_get_uint_32(pm->buffer+4) != CHUNK_IHDR)
png_error(pm->this.pread, "invalid IHDR");
/* Check the list of modifiers for modifications to the IHDR. */
mod = pm->modifications;
while (mod != NULL)
{
if (mod->chunk == CHUNK_IHDR && mod->modify_fn &&
(*mod->modify_fn)(pm, mod, 0))
{
mod->modified = 1;
modifier_setbuffer(pm);
}
/* Ignore removal or add if IHDR! */
mod = mod->next;
}
/* Cache information from the IHDR (the modified one.) */
pm->bit_depth = pm->buffer[8+8];
pm->colour_type = pm->buffer[8+8+1];
pm->state = modifier_IHDR;
pm->flush = 0;
break;
case modifier_IHDR:
default:
/* Read a new chunk and process it until we see PLTE, IDAT or
* IEND. 'flush' indicates that there is still some data to
* output from the preceding chunk.
*/
if ((cb = pm->flush) > 0)
{
if (cb > st) cb = st;
pm->flush -= cb;
store_read_chunk(&pm->this, pb, cb, cb);
pb += cb;
st -= cb;
if (st == 0) return;
}
/* No more bytes to flush, read a header, or handle a pending
* chunk.
*/
if (pm->pending_chunk != 0)
{
png_save_uint_32(pm->buffer, pm->pending_len);
png_save_uint_32(pm->buffer+4, pm->pending_chunk);
pm->pending_len = 0;
pm->pending_chunk = 0;
}
else
store_read_chunk(&pm->this, pm->buffer, 8, 8);
pm->buffer_count = 8;
pm->buffer_position = 0;
/* Check for something to modify or a terminator chunk. */
len = png_get_uint_32(pm->buffer);
chunk = png_get_uint_32(pm->buffer+4);
/* Terminators first, they may have to be delayed for added
* chunks
*/
if (chunk == CHUNK_PLTE || chunk == CHUNK_IDAT ||
chunk == CHUNK_IEND)
{
mod = pm->modifications;
while (mod != NULL)
{
if ((mod->add == chunk ||
(mod->add == CHUNK_PLTE && chunk == CHUNK_IDAT)) &&