/* pngset.c - storage of image information into info struct
*
- * Last changed in libpng 1.6.11 [June 5, 2014]
- * Copyright (c) 1998-2014 Glenn Randers-Pehrson
+ * Last changed in libpng 1.6.21 [January 15, 2016]
+ * Copyright (c) 1998-2015 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
*
xy.whitey = white_y;
if (png_colorspace_set_chromaticities(png_ptr, &info_ptr->colorspace, &xy,
- 2/* override with app values*/))
+ 2/* override with app values*/) != 0)
info_ptr->colorspace.flags |= PNG_COLORSPACE_FROM_cHRM;
png_colorspace_sync_info(png_ptr, info_ptr);
XYZ.blue_Y = int_blue_Y;
XYZ.blue_Z = int_blue_Z;
- if (png_colorspace_set_endpoints(png_ptr, &info_ptr->colorspace, &XYZ, 2))
+ if (png_colorspace_set_endpoints(png_ptr, &info_ptr->colorspace,
+ &XYZ, 2) != 0)
info_ptr->colorspace.flags |= PNG_COLORSPACE_FROM_cHRM;
png_colorspace_sync_info(png_ptr, info_ptr);
png_fixed(png_ptr, red_X, "cHRM Red X"),
png_fixed(png_ptr, red_Y, "cHRM Red Y"),
png_fixed(png_ptr, red_Z, "cHRM Red Z"),
- png_fixed(png_ptr, green_X, "cHRM Red X"),
- png_fixed(png_ptr, green_Y, "cHRM Red Y"),
- png_fixed(png_ptr, green_Z, "cHRM Red Z"),
- png_fixed(png_ptr, blue_X, "cHRM Red X"),
- png_fixed(png_ptr, blue_Y, "cHRM Red Y"),
- png_fixed(png_ptr, blue_Z, "cHRM Red Z"));
+ png_fixed(png_ptr, green_X, "cHRM Green X"),
+ png_fixed(png_ptr, green_Y, "cHRM Green Y"),
+ png_fixed(png_ptr, green_Z, "cHRM Green Z"),
+ png_fixed(png_ptr, blue_X, "cHRM Blue X"),
+ png_fixed(png_ptr, blue_Y, "cHRM Blue Y"),
+ png_fixed(png_ptr, blue_Z, "cHRM Blue Z"));
}
-# endif /* PNG_FLOATING_POINT_SUPPORTED */
+# endif /* FLOATING_POINT */
-#endif /* PNG_cHRM_SUPPORTED */
+#endif /* cHRM */
#ifdef PNG_gAMA_SUPPORTED
void PNGFAPI
if (info_ptr->hist == NULL)
{
png_warning(png_ptr, "Insufficient memory for hIST chunk data");
+
return;
}
if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
info_ptr->channels = 1;
- else if (info_ptr->color_type & PNG_COLOR_MASK_COLOR)
+ else if ((info_ptr->color_type & PNG_COLOR_MASK_COLOR) != 0)
info_ptr->channels = 3;
else
info_ptr->channels = 1;
- if (info_ptr->color_type & PNG_COLOR_MASK_ALPHA)
+ if ((info_ptr->color_type & PNG_COLOR_MASK_ALPHA) != 0)
info_ptr->channels++;
info_ptr->pixel_depth = (png_byte)(info_ptr->channels * info_ptr->bit_depth);
png_debug1(1, "in %s storage function", "pCAL");
if (png_ptr == NULL || info_ptr == NULL || purpose == NULL || units == NULL
- || (nparams > 0 && params == NULL))
+ || (nparams > 0 && params == NULL))
return;
length = strlen(purpose) + 1;
/* Validate params[nparams] */
for (i=0; i<nparams; ++i)
+ {
if (params[i] == NULL ||
- !png_check_fp_string(params[i], strlen(params[i])))
+ !png_check_fp_string(params[i], strlen(params[i])))
png_error(png_ptr, "Invalid format for pCAL parameter");
+ }
info_ptr->pcal_purpose = png_voidcast(png_charp,
- png_malloc_warn(png_ptr, length));
+ png_malloc_warn(png_ptr, length));
if (info_ptr->pcal_purpose == NULL)
{
png_warning(png_ptr, "Insufficient memory for pCAL purpose");
+
return;
}
if (info_ptr->pcal_units == NULL)
{
png_warning(png_ptr, "Insufficient memory for pCAL units");
+
return;
}
if (info_ptr->pcal_params == NULL)
{
png_warning(png_ptr, "Insufficient memory for pCAL params");
+
return;
}
if (info_ptr->pcal_params[i] == NULL)
{
png_warning(png_ptr, "Insufficient memory for pCAL parameter");
+
return;
}
if (info_ptr->scal_s_width == NULL)
{
png_warning(png_ptr, "Memory allocation failed while processing sCAL");
+
return;
}
info_ptr->scal_s_width = NULL;
png_warning(png_ptr, "Memory allocation failed while processing sCAL");
+
return;
}
png_const_colorp palette, int num_palette)
{
+ png_uint_32 max_palette_length;
+
png_debug1(1, "in %s storage function", "PLTE");
if (png_ptr == NULL || info_ptr == NULL)
return;
- if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH)
+ max_palette_length = (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
+ (1 << info_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
+
+ if (num_palette < 0 || num_palette > (int) max_palette_length)
{
if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
png_error(png_ptr, "Invalid palette length");
else
{
png_warning(png_ptr, "Invalid palette length");
+
return;
}
}
))
{
png_error(png_ptr, "Invalid palette");
- return;
}
/* It may not actually be necessary to set png_ptr->palette here;
png_free_data(png_ptr, info_ptr, PNG_FREE_PLTE, 0);
/* Changed in libpng-1.2.1 to allocate PNG_MAX_PALETTE_LENGTH instead
- * of num_palette entries, in case of an invalid PNG file that has
- * too-large sample values.
+ * of num_palette entries, in case of an invalid PNG file or incorrect
+ * call to png_set_PLTE() with too-large sample values.
*/
png_ptr->palette = png_voidcast(png_colorp, png_calloc(png_ptr,
PNG_MAX_PALETTE_LENGTH * (sizeof (png_color))));
if (png_ptr == NULL || info_ptr == NULL)
return;
- if (png_colorspace_set_sRGB(png_ptr, &info_ptr->colorspace, srgb_intent))
+ if (png_colorspace_set_sRGB(png_ptr, &info_ptr->colorspace,
+ srgb_intent) != 0)
{
/* This causes the gAMA and cHRM to be written too */
info_ptr->colorspace.flags |=
if (new_iccp_name == NULL)
{
png_benign_error(png_ptr, "Insufficient memory to process iCCP chunk");
+
return;
}
png_free(png_ptr, new_iccp_name);
png_benign_error(png_ptr,
"Insufficient memory to process iCCP profile");
+
return;
}
{
int i;
- png_debug1(1, "in %lx storage function", png_ptr == NULL ? "unexpected" :
+ png_debug1(1, "in %lx storage function", png_ptr == NULL ? 0xabadca11U :
(unsigned long)png_ptr->chunk_name);
if (png_ptr == NULL || info_ptr == NULL || num_text <= 0 || text_ptr == NULL)
else
max_text = INT_MAX;
- /* Now allocate a new array and copy the old members in, this does all
+ /* Now allocate a new array and copy the old members in; this does all
* the overflow checks.
*/
new_text = png_voidcast(png_textp,png_realloc_array(png_ptr,
{
png_chunk_report(png_ptr, "too many text chunks",
PNG_CHUNK_WRITE_ERROR);
+
return 1;
}
else
lang_key_len = 0;
}
-# else /* PNG_iTXt_SUPPORTED */
+# else /* iTXt */
{
png_chunk_report(png_ptr, "iTXt chunk not supported",
PNG_CHUNK_WRITE_ERROR);
{
png_chunk_report(png_ptr, "text chunk: out of memory",
PNG_CHUNK_WRITE_ERROR);
+
return 1;
}
png_debug1(1, "in %s storage function", "tIME");
if (png_ptr == NULL || info_ptr == NULL || mod_time == NULL ||
- (png_ptr->mode & PNG_WROTE_tIME))
+ (png_ptr->mode & PNG_WROTE_tIME) != 0)
return;
if (mod_time->month == 0 || mod_time->month > 12 ||
mod_time->second > 60)
{
png_warning(png_ptr, "Ignoring invalid time value");
+
return;
}
png_debug1(1, "in %s storage function", "tRNS");
if (png_ptr == NULL || info_ptr == NULL)
+
return;
if (trans_alpha != NULL)
if (trans_color != NULL)
{
- int sample_max = (1 << info_ptr->bit_depth);
-
- if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY &&
- trans_color->gray > sample_max) ||
- (info_ptr->color_type == PNG_COLOR_TYPE_RGB &&
- (trans_color->red > sample_max ||
- trans_color->green > sample_max ||
- trans_color->blue > sample_max)))
- png_warning(png_ptr,
- "tRNS chunk has out-of-range samples for bit_depth");
+#ifdef PNG_WARNINGS_SUPPORTED
+ if (info_ptr->bit_depth < 16)
+ {
+ int sample_max = (1 << info_ptr->bit_depth) - 1;
+
+ if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY &&
+ trans_color->gray > sample_max) ||
+ (info_ptr->color_type == PNG_COLOR_TYPE_RGB &&
+ (trans_color->red > sample_max ||
+ trans_color->green > sample_max ||
+ trans_color->blue > sample_max)))
+ png_warning(png_ptr,
+ "tRNS chunk has out-of-range samples for bit_depth");
+ }
+#endif
info_ptr->trans_color = *trans_color;
{
/* Out of memory or too many chunks */
png_chunk_report(png_ptr, "too many sPLT chunks", PNG_CHUNK_WRITE_ERROR);
+
return;
}
np->depth = entries->depth;
- /* In the even of out-of-memory just return - there's no point keeping on
- * trying to add sPLT chunks.
+ /* In the event of out-of-memory just return - there's no point keeping
+ * on trying to add sPLT chunks.
*/
length = strlen(entries->name) + 1;
np->name = png_voidcast(png_charp, png_malloc_base(png_ptr, length));
memcpy(np->name, entries->name, length);
/* IMPORTANT: we have memory now that won't get freed if something else
- * goes wrong, this code must free it. png_malloc_array produces no
- * warnings, use a png_chunk_report (below) if there is an error.
+ * goes wrong; this code must free it. png_malloc_array produces no
+ * warnings; use a png_chunk_report (below) if there is an error.
*/
np->entries = png_voidcast(png_sPLT_entryp, png_malloc_array(png_ptr,
entries->nentries, sizeof (png_sPLT_entry)));
if (np->entries == NULL)
{
png_free(png_ptr, np->name);
+ np->name = NULL;
break;
}
if (nentries > 0)
png_chunk_report(png_ptr, "sPLT out of memory", PNG_CHUNK_WRITE_ERROR);
}
-#endif /* PNG_sPLT_SUPPORTED */
+#endif /* sPLT */
#ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED
static png_byte
location &= (PNG_HAVE_IHDR|PNG_HAVE_PLTE|PNG_AFTER_IDAT);
/* New in 1.6.0; copy the location and check it. This is an API
- * change, previously the app had to use the
+ * change; previously the app had to use the
* png_set_unknown_chunk_location API below for each chunk.
*/
- if (location == 0 && !(png_ptr->mode & PNG_IS_READ_STRUCT))
+ if (location == 0 && (png_ptr->mode & PNG_IS_READ_STRUCT) == 0)
{
/* Write struct, so unknown chunks come from the app */
png_app_warning(png_ptr,
png_unknown_chunkp np;
if (png_ptr == NULL || info_ptr == NULL || num_unknowns <= 0 ||
- unknowns == NULL)
+ unknowns == NULL)
return;
/* Check for the failure cases where support has been disabled at compile
*/
# if !defined(PNG_READ_UNKNOWN_CHUNKS_SUPPORTED) && \
defined(PNG_READ_SUPPORTED)
- if (png_ptr->mode & PNG_IS_READ_STRUCT)
+ if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0)
{
png_app_error(png_ptr, "no unknown chunk support on read");
+
return;
}
# endif
# if !defined(PNG_WRITE_UNKNOWN_CHUNKS_SUPPORTED) && \
defined(PNG_WRITE_SUPPORTED)
- if (!(png_ptr->mode & PNG_IS_READ_STRUCT))
+ if ((png_ptr->mode & PNG_IS_READ_STRUCT) == 0)
{
png_app_error(png_ptr, "no unknown chunk support on write");
+
return;
}
# endif
{
png_chunk_report(png_ptr, "too many unknown chunks",
PNG_CHUNK_WRITE_ERROR);
+
return;
}
{
png_app_error(png_ptr, "invalid unknown chunk location");
/* Fake out the pre 1.6.0 behavior: */
- if ((location & PNG_HAVE_IDAT)) /* undocumented! */
+ if ((location & PNG_HAVE_IDAT) != 0) /* undocumented! */
location = PNG_AFTER_IDAT;
else
check_location(png_ptr, location);
}
}
-#endif
-
+#endif /* STORE_UNKNOWN_CHUNKS */
#ifdef PNG_MNG_FEATURES_SUPPORTED
png_uint_32 PNGAPI
/* Utility function: update the 'keep' state of a chunk if it is already in
* the list, otherwise add it to the list.
*/
- for (i=0; i<count; ++i, list += 5) if (memcmp(list, add, 4) == 0)
+ for (i=0; i<count; ++i, list += 5)
{
- list[4] = (png_byte)keep;
- return count;
+ if (memcmp(list, add, 4) == 0)
+ {
+ list[4] = (png_byte)keep;
+
+ return count;
+ }
}
if (keep != PNG_HANDLE_CHUNK_AS_DEFAULT)
if (keep < 0 || keep >= PNG_HANDLE_CHUNK_LAST)
{
png_app_error(png_ptr, "png_set_keep_unknown_chunks: invalid keep");
+
return;
}
};
chunk_list = chunks_to_ignore;
- num_chunks = (sizeof chunks_to_ignore)/5;
+ num_chunks = (unsigned int)/*SAFE*/(sizeof chunks_to_ignore)/5U;
}
else /* num_chunks_in > 0 */
* which can be switched off.
*/
png_app_error(png_ptr, "png_set_keep_unknown_chunks: no chunk list");
+
return;
}
if (num_chunks + old_num_chunks > UINT_MAX/5)
{
png_app_error(png_ptr, "png_set_keep_unknown_chunks: too many chunks");
+
return;
}
unsigned int i;
for (i=0; i<num_chunks; ++i)
+ {
old_num_chunks = add_one_chunk(new_list, old_num_chunks,
chunk_list+5*i, keep);
+ }
/* Now remove any spurious 'default' entries. */
num_chunks = 0;
for (i=0, inlist=outlist=new_list; i<old_num_chunks; ++i, inlist += 5)
+ {
if (inlist[4])
{
if (outlist != inlist)
outlist += 5;
++num_chunks;
}
+ }
/* This means the application has removed all the specialized handling. */
if (num_chunks == 0)
if (png_ptr == NULL || info_ptr == NULL)
return;
- if (info_ptr->row_pointers && (info_ptr->row_pointers != row_pointers))
+ if (info_ptr->row_pointers != NULL &&
+ (info_ptr->row_pointers != row_pointers))
png_free_data(png_ptr, info_ptr, PNG_FREE_ROWS, 0);
info_ptr->row_pointers = row_pointers;
png_error(png_ptr, "invalid compression buffer size");
# ifdef PNG_SEQUENTIAL_READ_SUPPORTED
- if (png_ptr->mode & PNG_IS_READ_STRUCT)
+ if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0)
{
png_ptr->IDAT_read_size = (png_uint_32)size; /* checked above */
return;
# endif
# ifdef PNG_WRITE_SUPPORTED
- if (!(png_ptr->mode & PNG_IS_READ_STRUCT))
+ if ((png_ptr->mode & PNG_IS_READ_STRUCT) == 0)
{
if (png_ptr->zowner != 0)
{
png_warning(png_ptr,
"Compression buffer size cannot be changed because it is in use");
+
return;
}
+#ifndef __COVERITY__
+ /* Some compilers complain that this is always false. However, it
+ * can be true when integer overflow happens.
+ */
if (size > ZLIB_IO_MAX)
{
png_warning(png_ptr,
"Compression buffer size limited to system maximum");
size = ZLIB_IO_MAX; /* must fit */
}
+#endif
- else if (size < 6)
+ if (size < 6)
{
/* Deflate will potentially go into an infinite loop on a SYNC_FLUSH
* if this is permitted.
*/
png_warning(png_ptr,
"Compression buffer size cannot be reduced below 6");
+
return;
}
void PNGAPI
png_set_invalid(png_const_structrp png_ptr, png_inforp info_ptr, int mask)
{
- if (png_ptr && info_ptr)
+ if (png_ptr != NULL && info_ptr != NULL)
info_ptr->valid &= ~mask;
}
{
/* Images with dimensions larger than these limits will be
* rejected by png_set_IHDR(). To accept any PNG datastream
- * regardless of dimensions, set both limits to 0x7ffffffL.
+ * regardless of dimensions, set both limits to 0x7fffffff.
*/
if (png_ptr == NULL)
return;
void PNGAPI
png_set_chunk_cache_max (png_structrp png_ptr, png_uint_32 user_chunk_cache_max)
{
- if (png_ptr != NULL)
- png_ptr->user_chunk_cache_max = user_chunk_cache_max;
+ if (png_ptr != NULL)
+ png_ptr->user_chunk_cache_max = user_chunk_cache_max;
}
/* This function was added to libpng 1.4.1 */
if (png_ptr != NULL)
png_ptr->user_chunk_malloc_max = user_chunk_malloc_max;
}
-#endif /* ?PNG_SET_USER_LIMITS_SUPPORTED */
+#endif /* ?SET_USER_LIMITS */
#ifdef PNG_BENIGN_ERRORS_SUPPORTED
png_ptr->flags &= ~(PNG_FLAG_BENIGN_ERRORS_WARN |
PNG_FLAG_APP_WARNINGS_WARN | PNG_FLAG_APP_ERRORS_WARN);
}
-#endif /* PNG_BENIGN_ERRORS_SUPPORTED */
+#endif /* BENIGN_ERRORS */
#ifdef PNG_CHECK_FOR_INVALID_INDEX_SUPPORTED
/* Whether to report invalid palette index; added at libng-1.5.10.
* It is possible for an indexed (color-type==3) PNG file to contain
* pixels with invalid (out-of-range) indexes if the PLTE chunk has
* fewer entries than the image's bit-depth would allow. We recover
- * from this gracefully by filling any incomplete palette with zeroes
+ * from this gracefully by filling any incomplete palette with zeros
* (opaque black). By default, when this occurs libpng will issue
* a benign error. This API can be used to override that behavior.
*/
png_ptr->num_palette_max = -1;
}
#endif
-#endif /* PNG_READ_SUPPORTED || PNG_WRITE_SUPPORTED */
+
+#if defined(PNG_TEXT_SUPPORTED) || defined(PNG_pCAL_SUPPORTED) || \
+ defined(PNG_iCCP_SUPPORTED) || defined(PNG_sPLT_SUPPORTED)
+/* Check that the tEXt or zTXt keyword is valid per PNG 1.0 specification,
+ * and if invalid, correct the keyword rather than discarding the entire
+ * chunk. The PNG 1.0 specification requires keywords 1-79 characters in
+ * length, forbids leading or trailing whitespace, multiple internal spaces,
+ * and the non-break space (0x80) from ISO 8859-1. Returns keyword length.
+ *
+ * The 'new_key' buffer must be 80 characters in size (for the keyword plus a
+ * trailing '\0'). If this routine returns 0 then there was no keyword, or a
+ * valid one could not be generated, and the caller must png_error.
+ */
+png_uint_32 /* PRIVATE */
+png_check_keyword(png_structrp png_ptr, png_const_charp key, png_bytep new_key)
+{
+ png_const_charp orig_key = key;
+ png_uint_32 key_len = 0;
+ int bad_character = 0;
+ int space = 1;
+
+ png_debug(1, "in png_check_keyword");
+
+ if (key == NULL)
+ {
+ *new_key = 0;
+ return 0;
+ }
+
+ while (*key && key_len < 79)
+ {
+ png_byte ch = (png_byte)*key++;
+
+ if ((ch > 32 && ch <= 126) || (ch >= 161 /*&& ch <= 255*/))
+ *new_key++ = ch, ++key_len, space = 0;
+
+ else if (space == 0)
+ {
+ /* A space or an invalid character when one wasn't seen immediately
+ * before; output just a space.
+ */
+ *new_key++ = 32, ++key_len, space = 1;
+
+ /* If the character was not a space then it is invalid. */
+ if (ch != 32)
+ bad_character = ch;
+ }
+
+ else if (bad_character == 0)
+ bad_character = ch; /* just skip it, record the first error */
+ }
+
+ if (key_len > 0 && space != 0) /* trailing space */
+ {
+ --key_len, --new_key;
+ if (bad_character == 0)
+ bad_character = 32;
+ }
+
+ /* Terminate the keyword */
+ *new_key = 0;
+
+ if (key_len == 0)
+ return 0;
+
+#ifdef PNG_WARNINGS_SUPPORTED
+ /* Try to only output one warning per keyword: */
+ if (*key != 0) /* keyword too long */
+ png_warning(png_ptr, "keyword truncated");
+
+ else if (bad_character != 0)
+ {
+ PNG_WARNING_PARAMETERS(p)
+
+ png_warning_parameter(p, 1, orig_key);
+ png_warning_parameter_signed(p, 2, PNG_NUMBER_FORMAT_02x, bad_character);
+
+ png_formatted_warning(png_ptr, p, "keyword \"@1\": bad character '0x@2'");
+ }
+#endif /* WARNINGS */
+
+ return key_len;
+}
+#endif /* TEXT || pCAL || iCCP || sPLT */
+#endif /* READ || WRITE */