X-Git-Url: http://review.tizen.org/git/?a=blobdiff_plain;f=pngpread.c;h=d12b6d380986b8eafbf4d37889ab3345e38ef310;hb=73dfbb28b37fd2e2aca674a5f62216eb63948edf;hp=0dc1e53c2247a2b3bf621f818b793a9ed087c321;hpb=1cf3fed6900cf55d491a9fc4f9eae1088183d3fe;p=platform%2Fupstream%2Flibpng.git diff --git a/pngpread.c b/pngpread.c index 0dc1e53..d12b6d3 100644 --- a/pngpread.c +++ b/pngpread.c @@ -1,10 +1,10 @@ /* pngpread.c - read a png file in push mode * - * Last changed in libpng 1.6.18 [July 23, 2015] - * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson - * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) - * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) + * Copyright (c) 2018 Cosmin Truta + * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson + * Copyright (c) 1996-1997 Andreas Dilger + * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer @@ -34,7 +34,7 @@ if (png_ptr->buffer_size < N) \ void PNGAPI png_process_data(png_structrp png_ptr, png_inforp info_ptr, - png_bytep buffer, png_size_t buffer_size) + png_bytep buffer, size_t buffer_size) { if (png_ptr == NULL || info_ptr == NULL) return; @@ -47,7 +47,7 @@ png_process_data(png_structrp png_ptr, png_inforp info_ptr, } } -png_size_t PNGAPI +size_t PNGAPI png_process_data_pause(png_structrp png_ptr, int save) { if (png_ptr != NULL) @@ -60,7 +60,7 @@ png_process_data_pause(png_structrp png_ptr, int save) else { /* This includes any pending saved bytes: */ - png_size_t remaining = png_ptr->buffer_size; + size_t remaining = png_ptr->buffer_size; png_ptr->buffer_size = 0; /* So subtract the saved buffer size, unless all the data @@ -77,11 +77,11 @@ png_process_data_pause(png_structrp png_ptr, int save) png_uint_32 PNGAPI png_process_data_skip(png_structrp png_ptr) { - /* TODO: Deprecate and remove this API. - * Somewhere the implementation of this seems to have been lost, - * or abandoned. It was only to support some internal back-door access - * to png_struct) in libpng-1.4.x. - */ +/* TODO: Deprecate and remove this API. + * Somewhere the implementation of this seems to have been lost, + * or abandoned. It was only to support some internal back-door access + * to png_struct) in libpng-1.4.x. + */ png_app_warning(png_ptr, "png_process_data_skip is not implemented in any current version of libpng"); return 0; @@ -133,8 +133,8 @@ png_process_some_data(png_structrp png_ptr, png_inforp info_ptr) void /* PRIVATE */ png_push_read_sig(png_structrp png_ptr, png_inforp info_ptr) { - png_size_t num_checked = png_ptr->sig_bytes, /* SAFE, does not exceed 8 */ - num_to_check = 8 - num_checked; + size_t num_checked = png_ptr->sig_bytes; /* SAFE, does not exceed 8 */ + size_t num_to_check = 8 - num_checked; if (png_ptr->buffer_size < num_to_check) { @@ -189,11 +189,95 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr) png_crc_read(png_ptr, chunk_tag, 4); png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag); png_check_chunk_name(png_ptr, png_ptr->chunk_name); + png_check_chunk_length(png_ptr, png_ptr->push_length); png_ptr->mode |= PNG_HAVE_CHUNK_HEADER; } chunk_name = png_ptr->chunk_name; +#ifdef PNG_READ_APNG_SUPPORTED + if (png_ptr->num_frames_read > 0 && + png_ptr->num_frames_read < info_ptr->num_frames) + { + if (chunk_name == png_IDAT) + { + /* Discard trailing IDATs for the first frame */ + if ((png_ptr->mode & PNG_HAVE_fcTL) != 0 || + png_ptr->num_frames_read > 1) + png_error(png_ptr, "out of place IDAT"); + + PNG_PUSH_SAVE_BUFFER_IF_FULL + png_crc_finish(png_ptr, png_ptr->push_length); + png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER; + } + + else if (chunk_name == png_fdAT) + { + PNG_PUSH_SAVE_BUFFER_IF_LT(4) + png_ensure_sequence_number(png_ptr, 4); + + if ((png_ptr->mode & PNG_HAVE_fcTL) == 0) + { + /* Discard trailing fdATs for frames other than the first */ + if (png_ptr->num_frames_read < 2) + png_error(png_ptr, "out of place fdAT"); + + PNG_PUSH_SAVE_BUFFER_IF_FULL + png_crc_finish(png_ptr, png_ptr->push_length); + png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER; + } + + else + { + /* frame data follows */ + png_ptr->idat_size = png_ptr->push_length - 4; + png_ptr->mode |= PNG_HAVE_IDAT; + png_ptr->process_mode = PNG_READ_IDAT_MODE; + } + } + + else if (chunk_name == png_fcTL) + { + PNG_PUSH_SAVE_BUFFER_IF_FULL + png_read_reset(png_ptr); + png_ptr->mode &= ~PNG_HAVE_fcTL; + + png_handle_fcTL(png_ptr, info_ptr, png_ptr->push_length); + + if ((png_ptr->mode & PNG_HAVE_fcTL) == 0) + png_error(png_ptr, "missing required fcTL chunk"); + + png_read_reinit(png_ptr, info_ptr); + png_progressive_read_reset(png_ptr); + + if (png_ptr->frame_info_fn != NULL) + (*(png_ptr->frame_info_fn))(png_ptr, png_ptr->num_frames_read); + + png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER; + } + + else if (chunk_name == png_IEND) + { + PNG_PUSH_SAVE_BUFFER_IF_FULL + png_warning(png_ptr, "Number of actual frames fewer than expected"); + png_crc_finish(png_ptr, png_ptr->push_length); + png_ptr->process_mode = PNG_READ_DONE_MODE; + png_push_have_end(png_ptr, info_ptr); + } + + else + { + PNG_PUSH_SAVE_BUFFER_IF_FULL + png_warning(png_ptr, "Skipped (ignored) a chunk " + "between APNG chunks"); + png_crc_finish(png_ptr, png_ptr->push_length); + png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER; + } + + return; + } +#endif /* PNG_READ_APNG_SUPPORTED */ + if (chunk_name == png_IDAT) { if ((png_ptr->mode & PNG_AFTER_IDAT) != 0) @@ -210,12 +294,14 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr) (png_ptr->mode & PNG_HAVE_PLTE) == 0) png_error(png_ptr, "Missing PLTE before IDAT"); - png_ptr->mode |= PNG_HAVE_IDAT; png_ptr->process_mode = PNG_READ_IDAT_MODE; - if ((png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT) == 0) - if (png_ptr->push_length == 0) - return; + if ((png_ptr->mode & PNG_HAVE_IDAT) != 0) + if ((png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT) == 0) + if (png_ptr->push_length == 0) + return; + + png_ptr->mode |= PNG_HAVE_IDAT; if ((png_ptr->mode & PNG_AFTER_IDAT) != 0) png_benign_error(png_ptr, "Too many IDATs found"); @@ -258,6 +344,9 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr) else if (chunk_name == png_IDAT) { +#ifdef PNG_READ_APNG_SUPPORTED + png_have_info(png_ptr, info_ptr); +#endif png_ptr->idat_size = png_ptr->push_length; png_ptr->process_mode = PNG_READ_IDAT_MODE; png_push_have_info(png_ptr, info_ptr); @@ -403,19 +492,33 @@ png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr) png_handle_iTXt(png_ptr, info_ptr, png_ptr->push_length); } #endif +#ifdef PNG_READ_APNG_SUPPORTED + else if (chunk_name == png_acTL) + { + PNG_PUSH_SAVE_BUFFER_IF_FULL + png_handle_acTL(png_ptr, info_ptr, png_ptr->push_length); + } + + else if (chunk_name == png_fcTL) + { + PNG_PUSH_SAVE_BUFFER_IF_FULL + png_handle_fcTL(png_ptr, info_ptr, png_ptr->push_length); + } + +#endif /* PNG_READ_APNG_SUPPORTED */ else { PNG_PUSH_SAVE_BUFFER_IF_FULL png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length, - PNG_HANDLE_CHUNK_AS_DEFAULT); + PNG_HANDLE_CHUNK_AS_DEFAULT); } png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER; } void PNGCBAPI -png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, png_size_t length) +png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, size_t length) { png_bytep ptr; @@ -425,7 +528,7 @@ png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, png_size_t length) ptr = buffer; if (png_ptr->save_buffer_size != 0) { - png_size_t save_size; + size_t save_size; if (length < png_ptr->save_buffer_size) save_size = length; @@ -442,7 +545,7 @@ png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, png_size_t length) } if (length != 0 && png_ptr->current_buffer_size != 0) { - png_size_t save_size; + size_t save_size; if (length < png_ptr->current_buffer_size) save_size = length; @@ -464,7 +567,7 @@ png_push_save_buffer(png_structrp png_ptr) { if (png_ptr->save_buffer_ptr != png_ptr->save_buffer) { - png_size_t i, istop; + size_t i, istop; png_bytep sp; png_bytep dp; @@ -479,7 +582,7 @@ png_push_save_buffer(png_structrp png_ptr) if (png_ptr->save_buffer_size + png_ptr->current_buffer_size > png_ptr->save_buffer_max) { - png_size_t new_max; + size_t new_max; png_bytep old_buffer; if (png_ptr->save_buffer_size > PNG_SIZE_MAX - @@ -491,7 +594,7 @@ png_push_save_buffer(png_structrp png_ptr) new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256; old_buffer = png_ptr->save_buffer; png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, - (png_size_t)new_max); + (size_t)new_max); if (png_ptr->save_buffer == NULL) { @@ -499,7 +602,10 @@ png_push_save_buffer(png_structrp png_ptr) png_error(png_ptr, "Insufficient memory for save_buffer"); } - memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size); + if (old_buffer) + memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size); + else if (png_ptr->save_buffer_size) + png_error(png_ptr, "save_buffer error"); png_free(png_ptr, old_buffer); png_ptr->save_buffer_max = new_max; } @@ -516,7 +622,7 @@ png_push_save_buffer(png_structrp png_ptr) void /* PRIVATE */ png_push_restore_buffer(png_structrp png_ptr, png_bytep buffer, - png_size_t buffer_length) + size_t buffer_length) { png_ptr->current_buffer = buffer; png_ptr->current_buffer_size = buffer_length; @@ -533,7 +639,11 @@ png_push_read_IDAT(png_structrp png_ptr) png_byte chunk_tag[4]; /* TODO: this code can be commoned up with the same code in push_read */ +#ifdef PNG_READ_APNG_SUPPORTED + PNG_PUSH_SAVE_BUFFER_IF_LT(12) +#else PNG_PUSH_SAVE_BUFFER_IF_LT(8) +#endif png_push_fill_buffer(png_ptr, chunk_length, 4); png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length); png_reset_crc(png_ptr); @@ -541,22 +651,65 @@ png_push_read_IDAT(png_structrp png_ptr) png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag); png_ptr->mode |= PNG_HAVE_CHUNK_HEADER; +#ifdef PNG_READ_APNG_SUPPORTED + if (png_ptr->chunk_name != png_fdAT && png_ptr->num_frames_read > 0) + { + if ((png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) != 0) + { + png_ptr->process_mode = PNG_READ_CHUNK_MODE; + if (png_ptr->frame_end_fn != NULL) + (*(png_ptr->frame_end_fn))(png_ptr, png_ptr->num_frames_read); + png_ptr->num_frames_read++; + return; + } + else + { + if (png_ptr->chunk_name == png_IEND) + png_error(png_ptr, "Not enough image data"); + PNG_PUSH_SAVE_BUFFER_IF_FULL + png_warning(png_ptr, "Skipping (ignoring) a chunk between " + "APNG chunks"); + png_crc_finish(png_ptr, png_ptr->push_length); + png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER; + return; + } + } + else +#endif +#ifdef PNG_READ_APNG_SUPPORTED + if (png_ptr->chunk_name != png_IDAT && png_ptr->num_frames_read == 0) +#else if (png_ptr->chunk_name != png_IDAT) +#endif { png_ptr->process_mode = PNG_READ_CHUNK_MODE; if ((png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0) png_error(png_ptr, "Not enough compressed data"); +#ifdef PNG_READ_APNG_SUPPORTED + if (png_ptr->frame_end_fn != NULL) + (*(png_ptr->frame_end_fn))(png_ptr, png_ptr->num_frames_read); + png_ptr->num_frames_read++; +#endif + return; } png_ptr->idat_size = png_ptr->push_length; + +#ifdef PNG_READ_APNG_SUPPORTED + if (png_ptr->num_frames_read > 0) + { + png_ensure_sequence_number(png_ptr, 4); + png_ptr->idat_size -= 4; + } +#endif } if (png_ptr->idat_size != 0 && png_ptr->save_buffer_size != 0) { - png_size_t save_size = png_ptr->save_buffer_size; + size_t save_size = png_ptr->save_buffer_size; png_uint_32 idat_size = png_ptr->idat_size; /* We want the smaller of 'idat_size' and 'current_buffer_size', but they @@ -566,7 +719,7 @@ png_push_read_IDAT(png_structrp png_ptr) * will break on either 16-bit or 64-bit platforms. */ if (idat_size < save_size) - save_size = (png_size_t)idat_size; + save_size = (size_t)idat_size; else idat_size = (png_uint_32)save_size; @@ -583,7 +736,7 @@ png_push_read_IDAT(png_structrp png_ptr) if (png_ptr->idat_size != 0 && png_ptr->current_buffer_size != 0) { - png_size_t save_size = png_ptr->current_buffer_size; + size_t save_size = png_ptr->current_buffer_size; png_uint_32 idat_size = png_ptr->idat_size; /* We want the smaller of 'idat_size' and 'current_buffer_size', but they @@ -592,7 +745,7 @@ png_push_read_IDAT(png_structrp png_ptr) * larger - this cannot overflow. */ if (idat_size < save_size) - save_size = (png_size_t)idat_size; + save_size = (size_t)idat_size; else idat_size = (png_uint_32)save_size; @@ -619,12 +772,22 @@ png_push_read_IDAT(png_structrp png_ptr) void /* PRIVATE */ png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer, - png_size_t buffer_length) + size_t buffer_length) { /* The caller checks for a non-zero buffer length. */ if (!(buffer_length > 0) || buffer == NULL) png_error(png_ptr, "No IDAT data (internal error)"); +#ifdef PNG_READ_APNG_SUPPORTED + /* If the app is not APNG-aware, decode only the first frame */ + if ((png_ptr->apng_flags & PNG_APNG_APP) == 0 && + png_ptr->num_frames_read > 0) + { + png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED; + return; + } +#endif + /* This routine must process all the data it has been given * before returning, calling the row callback as required to * handle the uncompressed results. @@ -679,7 +842,12 @@ png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer, png_warning(png_ptr, "Truncated compressed data in IDAT"); else - png_error(png_ptr, "Decompression error in IDAT"); + { + if (ret == Z_DATA_ERROR) + png_benign_error(png_ptr, "IDAT: ADLER32 checksum mismatch"); + else + png_error(png_ptr, "Decompression error in IDAT"); + } /* Skip the check on unprocessed input */ return; @@ -777,7 +945,7 @@ png_push_process_row(png_structrp png_ptr) { if (png_ptr->pass < 6) png_do_read_interlace(&row_info, png_ptr->row_buf + 1, png_ptr->pass, - png_ptr->transformations); + png_ptr->transformations); switch (png_ptr->pass) { @@ -961,20 +1129,20 @@ png_read_push_finish_row(png_structrp png_ptr) /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */ /* Start of interlace block */ - static PNG_CONST png_byte png_pass_start[] = {0, 4, 0, 2, 0, 1, 0}; + static const png_byte png_pass_start[] = {0, 4, 0, 2, 0, 1, 0}; /* Offset to next interlace block */ - static PNG_CONST png_byte png_pass_inc[] = {8, 8, 4, 4, 2, 2, 1}; + static const png_byte png_pass_inc[] = {8, 8, 4, 4, 2, 2, 1}; /* Start of interlace block in the y direction */ - static PNG_CONST png_byte png_pass_ystart[] = {0, 0, 4, 0, 2, 0, 1}; + static const png_byte png_pass_ystart[] = {0, 0, 4, 0, 2, 0, 1}; /* Offset to next interlace block in the y direction */ - static PNG_CONST png_byte png_pass_yinc[] = {8, 8, 8, 4, 4, 2, 2}; + static const png_byte png_pass_yinc[] = {8, 8, 8, 4, 4, 2, 2}; /* Height of interlace block. This is not currently used - if you need * it, uncomment it here and in png.h - static PNG_CONST png_byte png_pass_height[] = {8, 8, 4, 4, 2, 2, 1}; + static const png_byte png_pass_height[] = {8, 8, 4, 4, 2, 2, 1}; */ #endif @@ -1039,7 +1207,7 @@ png_push_have_row(png_structrp png_ptr, png_bytep row) { if (png_ptr->row_fn != NULL) (*(png_ptr->row_fn))(png_ptr, row, png_ptr->row_number, - (int)png_ptr->pass); + (int)png_ptr->pass); } #ifdef PNG_READ_INTERLACING_SUPPORTED @@ -1074,6 +1242,18 @@ png_set_progressive_read_fn(png_structrp png_ptr, png_voidp progressive_ptr, png_set_read_fn(png_ptr, progressive_ptr, png_push_fill_buffer); } +#ifdef PNG_READ_APNG_SUPPORTED +void PNGAPI +png_set_progressive_frame_fn(png_structp png_ptr, + png_progressive_frame_ptr frame_info_fn, + png_progressive_frame_ptr frame_end_fn) +{ + png_ptr->frame_info_fn = frame_info_fn; + png_ptr->frame_end_fn = frame_end_fn; + png_ptr->apng_flags |= PNG_APNG_APP; +} +#endif + png_voidp PNGAPI png_get_progressive_ptr(png_const_structrp png_ptr) {