| blob | 63d70116944f7938e6f6b02dbcd17b0b1f57805e |
1 /* pngfix.c
2 *
3 * Copyright (c) 2013 John Cunningham Bowler
4 *
5 * Last changed in libpng 1.6.3 [July 18, 2013]
6 *
7 * This code is released under the libpng license.
8 * For conditions of distribution and use, see the disclaimer
9 * and license in png.h
10 *
11 * Tool to check and fix the zlib inflate 'too far back' problem, see the usage
12 * message for more information.
13 */
14 #include <stdlib.h>
15 #include <stdio.h>
16 #include <string.h>
17 #include <ctype.h>
18 #include <errno.h>
19 #include <assert.h>
21 #define implies(x,y) assert(!(x) || (y))
23 #ifdef __GNUC__
24 /* This is used to fix the error:
25 *
26 * pngfix.c:
27 * In function 'zlib_advance':
28 * pngfix.c:181:13: error: assuming signed overflow does not
29 * occur when simplifying conditional to constant [-Werror=strict-overflow]
30 */
31 # define FIX_GCC volatile
32 #else
33 # define FIX_GCC
34 # error not tested
35 #endif
39 /* Define the following to use this program against your installed libpng,
40 * rather than the one being built here:
41 */
42 #ifdef PNG_FREESTANDING_TESTS
43 # include <png.h>
44 #else
46 #endif
50 #endif
52 #ifdef PNG_READ_SUPPORTED
53 #include <zlib.h>
55 #ifndef PNG_MAXIMUM_INFLATE_WINDOW
57 #endif
59 #if PNG_ZLIB_VERNUM >= 0x1240
61 /* Copied from pngpriv.h */
62 #ifdef __cplusplus
63 # define png_voidcast(type, value) static_cast<type>(value)
64 # define png_constcast(type, value) const_cast<type>(value)
65 # define png_aligncast(type, value) \
66 static_cast<type>(static_cast<void*>(value))
67 # define png_aligncastconst(type, value) \
68 static_cast<type>(static_cast<const void*>(value))
69 #else
70 # define png_voidcast(type, value) (value)
71 # define png_constcast(type, value) ((type)(value))
72 # define png_aligncast(type, value) ((void*)(value))
73 # define png_aligncastconst(type, value) ((const void*)(value))
76 #if PNG_LIBPNG_VER < 10700
77 /* Chunk tags (copied from pngpriv.h) */
78 #define PNG_32b(b,s) ((png_uint_32)(b) << (s))
79 #define PNG_U32(b1,b2,b3,b4) \
80 (PNG_32b(b1,24) | PNG_32b(b2,16) | PNG_32b(b3,8) | PNG_32b(b4,0))
82 /* Constants for known chunk types. */
83 #define png_IDAT PNG_U32( 73, 68, 65, 84)
84 #define png_IEND PNG_U32( 73, 69, 78, 68)
85 #define png_IHDR PNG_U32( 73, 72, 68, 82)
86 #define png_PLTE PNG_U32( 80, 76, 84, 69)
87 #define png_bKGD PNG_U32( 98, 75, 71, 68)
88 #define png_cHRM PNG_U32( 99, 72, 82, 77)
90 #define png_gAMA PNG_U32(103, 65, 77, 65)
91 #define png_gIFg PNG_U32(103, 73, 70, 103)
93 #define png_gIFx PNG_U32(103, 73, 70, 120)
94 #define png_hIST PNG_U32(104, 73, 83, 84)
95 #define png_iCCP PNG_U32(105, 67, 67, 80)
96 #define png_iTXt PNG_U32(105, 84, 88, 116)
97 #define png_oFFs PNG_U32(111, 70, 70, 115)
98 #define png_pCAL PNG_U32(112, 67, 65, 76)
99 #define png_pHYs PNG_U32(112, 72, 89, 115)
100 #define png_sBIT PNG_U32(115, 66, 73, 84)
101 #define png_sCAL PNG_U32(115, 67, 65, 76)
102 #define png_sPLT PNG_U32(115, 80, 76, 84)
103 #define png_sRGB PNG_U32(115, 82, 71, 66)
104 #define png_sTER PNG_U32(115, 84, 69, 82)
105 #define png_tEXt PNG_U32(116, 69, 88, 116)
106 #define png_tIME PNG_U32(116, 73, 77, 69)
107 #define png_tRNS PNG_U32(116, 82, 78, 83)
108 #define png_zTXt PNG_U32(122, 84, 88, 116)
109 #endif
111 /* The 8 byte signature as a pair of 32 bit quantities */
112 #define sig1 PNG_U32(137, 80, 78, 71)
113 #define sig2 PNG_U32( 13, 10, 26, 10)
115 /* Is the chunk critical? */
116 #define CRITICAL(chunk) (((chunk) & PNG_U32(32,0,0,0)) == 0)
118 /* Is it safe to copy? */
119 #define SAFE_TO_COPY(chunk) (((chunk) & PNG_U32(0,0,0,32)) != 0)
121 /********************************* UTILITIES **********************************/
122 /* UNREACHED is a value to cause an assert to fail. Because of the way the
123 * assert macro is written the string "UNREACHED" is produced in the error
124 * message.
125 */
126 #define UNREACHED 0
128 /* 80-bit number handling - a PNG image can be up to (2^31-1)x(2^31-1) 8 byte
129 * (16-bit RGBA) pixels in size; that's less than 2^65 bytes or 2^68 bits, so
130 * arithmetic of 80-bit numbers is sufficient. This representation uses an
131 * arbitrary length array of png_uint_16 digits (0..65535). The representation
132 * is little endian.
133 *
134 * The arithmetic functions take zero to two uarb values together with the
135 * number of digits in those values and write the result to the given uarb
136 * (always the first argument) returning the number of digits in the result.
137 * If the result is negative the return value is also negative (this would
138 * normally be an error).
139 */
144 #define UDIGITS(unum) ((sizeof unum)/(sizeof (udigit))
145 /* IMPORTANT: only apply this to an array, applied to a pointer the result
146 * will typically be '2', which is not useful.
147 */
149 static int
151 /* Set (initialize) 'result' to 'val'. The size required for 'result' must
152 * be determined by the caller from a knowledge of the maximum for 'val'.
153 */
154 {
158 {
161 }
164 }
166 static int
168 /* Copy a uarb, may reduce the digit count */
169 {
177 }
179 static int
181 /* This is a signed 32-bit add, except that to avoid overflow the value added
182 * or subtracted must be no more than 2^31-65536. A negative result
183 * indicates a negative number (which is an error below). The size of
184 * 'num' should be max(in_digits+1,2) for arbitrary 'add' but can be just
185 * in_digits+1 if add is known to be in the range -65535..65535.
186 */
187 {
191 {
195 }
198 {
201 }
204 {
208 }
211 {
216 }
217 }
219 static int
221 /* As above but this works with any 32-bit value and only does 'add' */
222 {
224 {
227 }
230 }
232 static int
234 png_uint_16 val)
235 /* Primitive one-digit multiply - 'val' must be 0..65535. Note that this
236 * primitive is a multiply and accumulate - the result of *num * val is added
237 * to *acc.
238 *
239 * This is a one-digit multiply, so the product may be up to one digit longer
240 * than 'num', however the add to 'acc' means that the caller must ensure
241 * that 'acc' is at least one digit longer than this *and* at least one digit
242 * longer than the current length of 'acc'. (Or the caller must otherwise
243 * ensure 'adigits' is adequate from knowledge of the values.)
244 */
245 {
246 /* The digits in *acc, *num and val are in the range 0..65535, so the
247 * result below is at most (65535*65535)+2*65635 = 65535*(65535+2), which is
248 * exactly 0xffffffff.
249 */
251 {
256 {
265 }
267 /* So carry is 0 and all the input digits have been consumed. This means
268 * that it is possible to skip any remaining digits in acc.
269 */
272 }
275 }
277 static int
279 /* calculate acc += num * val, 'val' may be any 32-bit value, 'acc' and 'num'
280 * may be any value, returns the number of digits in 'acc'.
281 */
282 {
284 {
288 /* Because n_digits and val are >0 the following must be true: */
295 }
298 }
300 static int
302 /* Shift inout right by right_shift bits, right_shift must be in the range
303 * 1..15
304 */
305 {
312 {
315 /* Bottom bits to top bits of carry */
320 /* The shift may reduce ndigits */
323 }
326 }
328 static int
330 /* Return -1/0/+1 according as a<b/a==b/a>b */
331 {
346 }
349 static int
351 /* Return true if the uarb is equal to 'val' */
352 {
354 {
359 }
360 }
361 #endif
363 static void
365 /* Print 'num' as a hexadecimal number (easier than decimal!) */
366 {
369 {
374 }
378 }
380 static void
382 /* Prints 'num' as a decimal if it will fit in an unsigned long, else as a
383 * hexadecimal number. Notice that the results vary for images over 4GByte
384 * in a system dependent way, and the hexadecimal form doesn't work very well
385 * in awk script input.
386 *
387 *
388 * TODO: write uarb_div10
389 */
390 {
394 else
395 {
402 }
403 }
405 /* Generate random bytes. This uses a boring repeatable algorithm and it
406 * is implemented here so that it gives the same set of numbers on every
407 * architecture. It's a linear congruential generator (Knuth or Sedgewick
408 * "Algorithms") but it comes from the 'feedback taps' table in Horowitz and
409 * Hill, "The Art of Electronics" (Pseudo-Random Bit Sequences and Noise
410 * Generation.)
411 *
412 * (Copied from contrib/libtests/pngvalid.c)
413 */
414 static void
416 {
420 /* There are thirty-three bits; the next bit in the sequence is bit-33 XOR
421 * bit-20. The top 1 bit is in u1, the bottom 32 are in u0.
422 */
425 {
426 /* First generate 8 new bits then shift them in at the end. */
433 }
437 }
439 /* Clear an object to a random value. */
440 static void
442 {
445 }
447 #define CLEAR(object) clear(&(object), sizeof (object))
449 /* Copied from unreleased 1.7 code.
450 *
451 * CRC checking uses a local pre-built implementation of the Ethernet CRC32.
452 * This is to avoid a function call to the zlib DLL and to optimize the
453 * byte-by-byte case.
454 */
456 {
508 0x2d02ef8d
509 };
511 /* The CRC calculated here *IS* conditioned, the corresponding value used by
512 * zlib and the result value is obtained by XORing with CRC_INIT, which is also
513 * the first value that must be passed in (for the first byte) to crc_one_byte.
514 */
515 #define CRC_INIT 0xffffffff
517 static png_uint_32
519 {
521 }
523 static png_uint_32
525 {
526 /* This is an alternative to the algorithm used in zlib, which requires four
527 * separate tables to parallelize the four byte operations, it only works for
528 * a CRC of the first four bytes of the stream, but this is what happens in
529 * the parser below where length+chunk-name is read and chunk-name used to
530 * initialize the CRC. Notice that the calculation here avoids repeated
531 * conditioning (xor with 0xffffffff) by storing the conditioned value.
532 */
538 }
540 static int
542 /* Bit whacking approach to chunk name validation that is intended to avoid
543 * branches. The cost is that it uses a lot of 32-bit constants, which might
544 * be bad on some architectures.
545 */
546 {
547 png_uint_32 t;
549 /* Remove bit 5 from all but the reserved byte; this means every
550 * 8-bit unit must be in the range 65-90 to be valid. So bit 5
551 * must be zero, bit 6 must be set and bit 7 zero.
552 */
556 /* Subtract 65 for each 8 bit quantity, this must not overflow
557 * and each byte must then be in the range 0-25.
558 */
562 /* Subtract 26, handling the overflow which should set the top
563 * three bits of each byte.
564 */
569 }
571 /**************************** CONTROL INFORMATION *****************************/
573 /* Information about a sequence of IDAT chunks, the chunks have been re-synced
574 * using sync_stream below and the new lengths are recorded here. Because the
575 * number of chunks is unlimited this is handled using a linked list of these
576 * structures.
577 */
578 struct IDAT_list
579 {
583 # define IDAT_INIT_LENGTH 16
585 };
587 static void
589 {
594 }
596 static size_t
598 /* Return the size in bytes of an IDAT_list of the given length. */
599 {
605 }
607 static void
609 {
615 {
621 }
622 }
626 {
627 /* Use the previous cached value if available. */
631 {
632 /* Insert a new, malloc'ed, block of IDAT information buffers, this
633 * one twice as large as the previous one:
634 */
643 /* The caller must handle this: */
650 }
653 }
655 /* GLOBAL CONTROL STRUCTURE */
656 struct global
657 {
658 /* PUBLIC GLOBAL VARIABLES: OWNER INITIALIZE */
665 # define SKIP_NONE 0
684 /* PUBLIC GLOBAL VARIABLES: USED INTERNALLY BY IDAT READ CODE */
686 /* The structure is shared across all uses of this global control
687 * structure to avoid reallocation between IDAT streams.
688 */
689 };
691 static int
693 {
701 }
703 static void
705 /* Call this once (and only once) to initialize the control */
706 {
709 /* Globals */
720 }
722 static int
724 /* Return true if this chunk is to be skipped according to the --strip
725 * option. This code needs to recognize all known ancillary chunks in order
726 * to handle the --strip=unsafe option.
727 */
728 {
729 /* Never strip critical chunks: */
734 {
735 /* Chunks that are treated as, effectively, critical because they affect
736 * correct interpretation of the pixel values:
737 */
741 /* Chunks that specify gamma encoding which should therefore only be
742 * removed the the user insists:
743 */
749 /* Chunks that affect color interpretation - not used by libpng and rarely
750 * used by applications, but technically still required for correct
751 * interpretation of the image data:
752 */
758 /* Other chunks that are used by libpng in image transformations (as
759 * opposed to known chunks that have get/set APIs but are not otherwise
760 * used.)
761 */
767 /* All other chunks that libpng knows about and affect neither image
768 * interpretation nor libpng transforms - chunks that are effectively
769 * unused by libpng even though libpng might recognize and store them.
770 */
778 /* Chunks that libpng does not know about (notice that this depends on the
779 * list above including all known chunks!) The decision here depends on
780 * whether the safe-to-copy bit is set in the chunk type.
781 */
784 {
787 }
793 }
794 }
796 /* PER-FILE CONTROL STRUCTURE */
799 struct file
800 {
801 /* ANCESTORS */
804 /* PUBLIC PER-FILE VARIABLES: CALLER INITIALIZE */
808 /* PUBLIC PER-FILE VARIABLES: SET BY PNG READ CODE */
809 /* File specific result codes */
814 /* IHDR information */
815 png_uint_32 width;
816 png_uint_32 height;
817 png_byte bit_depth;
818 png_byte color_type;
819 png_byte compression_method;
820 png_byte filter_method;
821 png_byte interlace_method;
826 /* PROTECTED PER-FILE VARIABLES: USED BY THE READ CODE */
831 /* PROTECTED CHUNK SPECIFIC VARIABLES: USED BY CHUNK CODE */
832 /* The following variables are used during reading to record the length, type
833 * and data position of the *next* chunk or, right at the start, the
834 * signature (in length,type).
835 *
836 * When a chunk control structure is instantiated these values are copied
837 * into the structure and can then be overritten with the data for the next
838 * chunk.
839 */
845 /* These counts are maintained by the read and write routines below and are
846 * reset by the chunk handling code. They record the total number of bytes
847 * read or written for the chunk, including the header (length,type) bytes.
848 */
856 /* Two pointers used to enable clean-up in the event of fatal errors and to
857 * hold state about the parser process (only one of each at present.)
858 */
862 /* Interface to allocate a new chunk or IDAT control structure. The result
863 * is returned by setting one or other of the above variables. Note that the
864 * relevant initializer is called by the allocator function. The alloc_ptr
865 * is used only by the implementation of the allocate function.
866 */
869 /* idat: allocate IDAT not chunk */
870 };
872 /* Valid longjmp (stop) codes are: */
881 static void
883 /* Print a string with spaces replaced by '_' and non-printing characters by
884 * an octal escape.
885 */
886 {
894 else
896 }
900 {
902 {
911 }
912 }
914 static void
916 /* Generic error message routine, takes a 'stop' code but can be used
917 * elsewhere. Always outputs a message.
918 */
919 {
924 {
941 }
947 else
949 }
954 static int
956 {
959 /* If either of the chunk pointers are set end them here, the IDAT structure
960 * must be deallocated first as it may deallocate the chunk structure.
961 */
974 {
975 /* NOTE: this is bitwise |, all the following functions must execute and
976 * must succeed.
977 */
979 {
983 }
984 }
986 /* Accumulate the result codes */
992 }
994 static int
997 /* Initialize a file control structure. This will open the given files as
998 * well. The status code returned is 0 on success, non zero (using the flags
999 * above) on a file open error.
1000 */
1001 {
1013 /* jmpbuf is garbage: must be set by read_png */
1024 /* Open the files: */
1029 {
1032 /* Always output: please give a readable file! */
1035 }
1038 {
1042 {
1047 }
1048 }
1051 }
1053 static void
1055 /* Like emit_error but checks the global 'errors' flag */
1056 {
1059 }
1061 static char
1063 {
1064 /* In fact because chunk::chunk_type is validated prior to any call to this
1065 * function it will always return a-zA-Z, but the extra codes are just there
1066 * to help in finding internal (programming) errors. Note that the code only
1067 * ever considers the low 7 bits of the value (so it is not necessary for the
1068 * type_name function to mask of the byte.)
1069 */
1073 else
1075 }
1077 static void
1079 {
1084 }
1086 static void
1088 {
1091 }
1095 PNG_NORETURN static void
1097 /* Return control when a PNG file cannot be read. This outputs an 'ERR'
1098 * summary line too.
1099 */
1100 {
1103 /* The chunk being read is typically identified by file->chunk or, if this is
1104 * NULL, by file->type. This may be wrong if libpng reads ahead, but this
1105 * only happens with IDAT where libpng reads the header then jumps around
1106 * finding errors in the previous chunks. We know that is happening because
1107 * we are at the start of the IDAT (i.e. no IDAT data has yet been written.)
1108 *
1109 * SUMMARY FORMAT (stop):
1110 *
1111 * IDAT ERR status code read-errno write-errno message file
1112 *
1113 * 'uncompressed' will be 0 if there was a problem in the IHDR. The errno
1114 * values are emit_string(strerror(errno)).
1115 */
1117 {
1118 png_uint_32 type;
1123 else
1133 /* This only works one strerror at a time, because of the way strerror is
1134 * implemented.
1135 */
1144 }
1148 }
1150 PNG_NORETURN static void
1152 {
1154 }
1156 static void
1158 /* Error message for a chunk; the chunk name comes from 'type' */
1159 {
1161 {
1168 }
1169 }
1171 /* Input file positioning - we jump around in the input file while reading
1172 * stuff, these wrappers deal with the error handling.
1173 */
1174 static void
1176 {
1178 {
1179 /* This is unexpected, so perror it */
1182 }
1183 }
1185 static void
1187 {
1189 {
1192 }
1193 }
1195 static void
1197 /* Get the current position and store it in 'data_pos'. The corresponding
1198 * setpos() function is chunk specific because it uses the copy of the
1199 * position for the specific chunk.
1200 */
1201 {
1203 }
1206 /* Read utility - read a single byte, returns a value in the range 0..255 or EOF
1207 * on a read error. In the latter case status_code and read_errno are updated
1208 * appropriately.
1209 */
1210 static int
1212 {
1216 {
1219 }
1222 {
1226 /* This is very unexpected; an error message is always output: */
1228 }
1230 # ifdef EINTR
1232 {
1235 }
1236 # endif
1238 else
1239 {
1240 /* An error, it doesn't really matter what the error is but it gets
1241 * recorded anyway.
1242 */
1251 }
1253 /* 'TRUNCATED' is used for all cases of failure to read a byte, because of
1254 * the way libpng works a byte read is never attempted unless the byte is
1255 * expected to be there, so EOF should not occur.
1256 */
1259 }
1261 static png_byte
1263 /* Read a byte when an error is not expected to happen because the byte has
1264 * been read before without error.
1265 */
1266 {
1276 }
1278 static png_uint_32
1280 /* The same but for a four byte quantity */
1281 {
1289 }
1291 static void
1293 /* Skip exactly 12 bytes in the input stream - used to skip a CRC and chunk
1294 * header that has been read before.
1295 */
1296 {
1297 /* Since the chunks were read before this shouldn't fail: */
1299 {
1304 }
1305 }
1307 static void
1309 /* Write one byte to the output - this causes a fatal error if the write
1310 * fails and the read of this PNG file immediately terminates. Just
1311 * increments the write count if there is no output file.
1312 */
1313 {
1315 {
1317 {
1321 }
1322 }
1325 }
1327 /* Derivatives of the read/write functions. */
1328 static unsigned int
1330 /* Read four bytes, returns the number of bytes read successfully and, if all
1331 * four bytes are read, assigns the result to *pu.
1332 */
1333 {
1337 do
1338 {
1349 }
1351 /* CRC handling - read but calculate the CRC while doing so. */
1352 static int
1354 /* Reads 'length' bytes and updates the CRC, returns true on success, false
1355 * if the input is truncated.
1356 */
1357 {
1359 {
1362 do
1363 {
1370 }
1374 }
1377 }
1379 static int
1381 /* Fill in the image_bytes field given the IHDR information, calls stop on
1382 * error.
1383 */
1384 {
1388 {
1392 invalid_bit_depth:
1425 }
1440 {
1442 /* Interlacing makes the image larger because of the replication of
1443 * both the filter byte and the padding to a byte boundary.
1444 */
1445 {
1451 {
1455 {
1458 /* calculate 1+((pw*pd+7)>>3) in row_bytes */
1464 /* Add row_bytes * pass-height to the file image_bytes field
1465 */
1469 }
1470 }
1473 }
1477 {
1481 /* As above, but use image_width in place of the pass width: */
1487 /* Set row_bytes * image-height to the file image_bytes field */
1490 }
1495 }
1499 }
1501 /* PER-CHUNK CONTROL STRUCTURE
1502 * This structure is instantiated for each chunk, except for the IDAT chunks
1503 * where one chunk control structure is used for the whole of a single stream of
1504 * IDAT chunks (see the IDAT control structure below).
1505 */
1506 struct chunk
1507 {
1508 /* ANCESTORS */
1512 /* PUBLIC IDAT INFORMATION: SET BY THE ZLIB CODE */
1518 /* PUBLIC PER-CHUNK INFORMATION: USED BY CHUNK READ CODE */
1519 /* This information is filled in by chunk_init from the data in the file
1520 * control structure, but chunk_length may be changed later.
1521 */
1526 /* PUBLIC PER-CHUNK INFORMATION: FOR THE CHUNK WRITE CODE */
1531 };
1533 static void
1535 {
1537 }
1539 static void
1541 {
1546 }
1548 static void
1550 /* When a chunk is initialized the file length/type/pos are copied into the
1551 * corresponding chunk fields and the new chunk is registered in the file
1552 * structure. There can only be one chunk at a time.
1553 *
1554 * NOTE: this routine must onely be called from the file alloc routine!
1555 */
1556 {
1568 /* Compresssed/uncompressed size information (from the zlib control structure
1569 * that is used to check the compressed data in a chunk.)
1570 */
1575 }
1577 static png_uint_32
1579 /* Guess the actual chunk type that causes a stop() */
1580 {
1581 /* This may return png_IDAT for errors detected (late) in the header; that
1582 * includes any inter-chunk consistency check that libpng performs. Assume
1583 * that if the chunk_type is png_IDAT and the file write count is 8 this is
1584 * what is happening.
1585 */
1587 {
1590 /* This is probably wrong for the excess IDATs case, because then libpng
1591 * whines about too many of them (apparently in some cases erroneously)
1592 * when the header is read.
1593 */
1599 }
1601 else
1603 }
1605 static void
1607 /* Reset the position to 'chunk_data_pos' - the start of the data for this
1608 * chunk. As a side effect the read_count in the file is reset to 8, just
1609 * after the length/type header.
1610 */
1611 {
1614 }
1616 /* Specific chunk handling - called for each chunk header, all special chunk
1617 * processing is initiated in these functions.
1618 */
1619 /* The next functions handle special processing for those chunks with LZ data,
1620 * the data is identified and checked for validity. If there are problems which
1621 * cannot be corrected the routines return false, otherwise true (although
1622 * modification to the zlib header may be required.)
1623 *
1624 * The compressed data is in zlib format (RFC1950) and consequently has a
1625 * minimum length of 7 bytes.
1626 */
1629 static int
1631 /* zTXt and iCCP have exactly the same form - keyword, null, compression
1632 * method then compressed data.
1633 */
1634 {
1636 png_uint_32 length;
1644 {
1648 {
1653 }
1654 }
1658 }
1660 static int
1662 {
1663 /* Like zTXt but more fields. */
1665 png_uint_32 length;
1673 {
1677 {
1687 /* Skip the language tag (null terminated). */
1689 {
1693 {
1694 /* Skip the translated keyword */
1696 {
1701 }
1702 }
1703 }
1705 /* Ran out of bytes in the compressed case. */
1707 }
1708 }
1713 }
1715 /* IDAT READ/WRITE CONTROL STRUCTURE */
1716 struct IDAT
1717 {
1718 /* ANCESTORS */
1722 /* PROTECTED IDAT INFORMATION: SET BY THE IDAT READ CODE */
1726 /* PROTECTED IDAT INFORMATION: USED BY THE IDAT WRITE CODE */
1731 };
1733 /* NOTE: there is currently no IDAT_reset, so a stream cannot contain more than
1734 * one IDAT sequence (i.e. MNG is not supported).
1735 */
1737 static void
1739 {
1750 /* Regardless of why the IDAT was killed set the state back to CHUNKS (it may
1751 * already be CHUNKS because the state isn't changed until process_IDAT
1752 * returns; a stop will cause IDAT_end to be entered in state CHUNKS!)
1753 */
1755 }
1757 static void
1759 /* When the chunk is png_IDAT instantiate an IDAT control structure in place
1760 * of a chunk control structure. The IDAT will instantiate a chunk control
1761 * structure using the file alloc routine.
1762 *
1763 * NOTE: this routine must only be called from the file alloc routine!
1764 */
1765 {
1774 /* Initialize the tail to the pre-allocated buffer and set the count to 0
1775 * (empty.)
1776 */
1780 /* Now the chunk. The allocator calls the initializer of the new chunk and
1781 * stores the result in file->chunk:
1782 */
1786 /* And store this for cleanup (and to check for double alloc or failure to
1787 * free.)
1788 */
1790 }
1792 static png_uint_32
1794 /* Return the length for the next IDAT chunk, taking into account
1795 * rechunking.
1796 */
1797 {
1801 {
1808 /* Otherwise rechunk_length is called at the end of a chunk for the length
1809 * of the next one.
1810 */
1817 /* Return length of the *next* chunk */
1821 /* End of this list */
1826 }
1829 {
1830 /* The chunk size is the lesser of file->idat_max and the number
1831 * of remaining bytes.
1832 */
1836 {
1840 do
1841 {
1842 /* Add up the remaining bytes. This can't overflow because the
1843 * individual lengths are always <= 0x7fffffff, so when we add two
1844 * of them overflow is not possible.
1845 */
1849 {
1850 /* NOTE: IDAT_list::count here, not IDAT_list::length */
1852 {
1856 }
1858 /* If this was the end return the count of the available bytes */
1864 }
1865 }
1867 }
1870 }
1871 }
1873 static int
1875 /* Process the IDAT stream, this is the more complex than the preceding
1876 * cases because the compressed data is spread across multiple IDAT chunks
1877 * (typically). Rechunking of the data is not handled here; all this
1878 * function does is establish whether the zlib header needs to be modified.
1879 *
1880 * Initially the function returns false, indicating that the chunk should not
1881 * be written. It does this until the last IDAT chunk is passed in, then it
1882 * checks the zlib data and returns true.
1883 *
1884 * It does not return false on a fatal error; it calls stop instead.
1885 *
1886 * The caller must have an instantiated (IDAT) control structure and it must
1887 * have extent over the whole read of the IDAT stream. For a PNG this means
1888 * the whole PNG read, for MNG it could have lesser extent.
1889 */
1890 {
1895 /* We need to first check the entire sequence of IDAT chunks to ensure the
1896 * stream is in sync. Do this by building a list of all the chunks and
1897 * recording the length of each because the length may have been fixed up by
1898 * sync_stream below.
1899 *
1900 * At the end of the list of chunks, where the type of the next chunk is not
1901 * png_IDAT, process the whole stream using the list data to check validity
1902 * then return control to the start and rewrite everything.
1903 */
1907 {
1913 /* Move to the next block */
1916 }
1918 /* And fill in the next IDAT information buffer. */
1921 /* The type of the next chunk was recorded in the file control structure by
1922 * the caller, if this is png_IDAT return 'skip' to the caller.
1923 */
1927 /* This is the final IDAT chunk, so run the tests to check for the too far
1928 * back error and possibly optimize the window bits. This means going back
1929 * to the start of the first chunk data, which is stored in the original
1930 * chunk allocation.
1931 */
1935 {
1939 /* The IDAT stream was successfully uncompressed; see whether it
1940 * contained the correct number of bytes of image data.
1941 */
1951 /* Return the stream to the start of the first IDAT chunk; the length
1952 * is set in the write case below but the input chunk variables must be
1953 * set (once) here:
1954 */
1963 /* Update the chunk length to the correct value for the IDAT chunk: */
1966 /* Change the state to writing IDAT chunks */
1970 }
1974 }
1976 /* ZLIB CONTROL STRUCTURE */
1977 struct zlib
1978 {
1979 /* ANCESTORS */
1985 /* GLOBAL ZLIB INFORMATION: SET BY THE CALLER */
1986 png_uint_32 rewrite_offset;
1988 /* GLOBAL ZLIB INFORMATION: SET BY THE ZLIB READ CODE */
1997 /* PROTECTED ZLIB INFORMATION: USED BY THE ZLIB ROUTINES */
1998 z_stream z;
2004 };
2008 {
2010 {
2016 }
2019 }
2023 /* Return a string for the zlib return code */
2024 {
2026 {
2037 }
2038 }
2040 static void
2042 /* Output a message given a zlib rc */
2043 {
2045 {
2056 }
2057 }
2059 static void
2061 {
2062 /* Output the summary line now; this ensures a summary line always gets
2063 * output regardless of the manner of exit.
2064 */
2066 {
2068 {
2080 else
2083 /* SUMMARY FORMAT (for a successful zlib inflate):
2084 *
2085 * IDAT reason flevel file-bits ok-bits compressed uncompressed file
2086 */
2093 stdout);
2097 }
2099 else
2100 {
2101 /* This is a zlib read error; the chunk will be skipped. For an IDAT
2102 * stream this will also cause a fatal read error (via stop()).
2103 *
2104 * SUMMARY FORMAT:
2105 *
2106 * IDAT SKP flevel file-bits z-rc compressed message file
2107 *
2108 * z-rc is the zlib failure code; message is the error message with
2109 * spaces replaced by '-'. The compressed byte count indicates where
2110 * in the zlib stream the error occured.
2111 */
2121 }
2122 }
2125 {
2130 }
2133 }
2135 static int
2137 /* Reinitializes a zlib with a different window_bits */
2138 {
2153 {
2156 }
2159 }
2161 static int
2164 /* Initialize a zlib_control; the result is true/false */
2165 {
2174 /* *_out does not need to be set: */
2187 /* These values are sticky across reset (in addition to the stuff in the
2188 * first block, which is actually constant.)
2189 */
2194 /* '0' means use the header; inflateInit2 should always succeed because it
2195 * does nothing apart from allocating the internal zstate.
2196 */
2199 {
2202 }
2204 else
2205 {
2208 }
2209 }
2211 static int
2213 /* Return the zlib stream window bits required for data of the given size. */
2214 {
2215 png_uint_16 cb;
2230 }
2232 static int
2234 /* Read nbytes compressed bytes; the stream will be initialized if required.
2235 * Bytes are always being reread and errors are fatal. The return code is as
2236 * follows:
2237 *
2238 * -1: saw the "too far back" error
2239 * 0: ok, keep going
2240 * 1: saw Z_STREAM_END (zlib->extra_bytes indicates too much data)
2241 * 2: a zlib error that cannot be corrected (error message already
2242 * output if required.)
2243 */
2244 # define ZLIB_TOO_FAR_BACK (-1)
2245 # define ZLIB_OK 0
2246 # define ZLIB_STREAM_END 1
2247 # define ZLIB_FATAL 2
2248 {
2257 {
2258 png_uint_32 out_bytes;
2261 png_byte bOut;
2264 {
2266 {
2272 /* Check against the existing value - it may not need to be
2273 * changed.
2274 */
2280 }
2287 {
2290 /* The checksum calculation, on the first 11 bits: */
2293 /* Update the checksum byte if required: */
2295 {
2296 /* If the first byte wasn't changed this indicates an error in
2297 * the checksum calculation; signal this by setting file_bits
2298 * (not window_bits) to 0.
2299 */
2304 }
2305 }
2313 }
2315 /* For some streams, perhaps only those compressed with 'superfast
2316 * compression' (which results in a lot of copying) Z_BUF_ERROR can happen
2317 * immediately after all output has been flushed on the next input byte.
2318 * This is handled below when Z_BUF_ERROR is detected by adding an output
2319 * byte.
2320 */
2326 /* Initially use Z_NO_FLUSH in an attempt to persuade zlib to look at this
2327 * byte without confusing what is going on with output.
2328 */
2332 /* NOTE: expression 3 is only evaluted on 'continue', because of the
2333 * 'break' at the end of this loop below.
2334 */
2340 {
2345 {
2353 /* Both avail_out and avail_in are 1 yet zlib returned a code
2354 * indicating no progress was possible. This is unexpected.
2355 */
2361 /* Zlib is supposed to have made progress: */
2366 /* This is the successful end. */
2377 /* The too far back error can be corrected, others cannot: */
2380 {
2383 }
2384 /* FALL THROUGH */
2392 /* Control gets here when further output is not possible; endrc may
2393 * still be ZLIB_OK if more input is required.
2394 */
2398 /* Keep a running count of output byte produced: */
2402 /* Keep going, the loop will terminate when endrc is no longer set to
2403 * ZLIB_OK or all the input bytes have been consumed; meanwhile keep
2404 * adding input bytes.
2405 */
2413 /* Update the running total of input bytes consumed */
2417 /* At the end of the stream update the chunk with the accumulated
2418 * information if it is an improvement:
2419 */
2421 {
2432 {
2433 /* A rewrite is required */
2436 }
2438 else
2439 {
2442 }
2449 }
2452 }
2454 static int
2456 /* Like zlib_advance but also handles a stream of IDAT chunks. */
2457 {
2458 /* The 'extra_bytes' field is set by zlib_advance if there is extra
2459 * compressed data in the chunk it handles (if it sees Z_STREAM_END before
2460 * all the input data has been used.) This function uses the value to update
2461 * the correct chunk length, so the problem should only ever be detected once
2462 * for each chunk. zlib_advance outputs the error message, though see the
2463 * IDAT specific check below.
2464 */
2468 {
2473 /* 'rewrite_offset' is the offset of the LZ data within the chunk, for
2474 * IDAT it should be 0:
2475 */
2478 /* Process each IDAT_list in turn; the caller has left the stream
2479 * positioned at the start of the first IDAT chunk data.
2480 */
2482 {
2487 {
2498 {
2503 /* There may be extra chunks; if there are and one of them is
2504 * not zero length output the 'extra data' message. Only do
2505 * this check if errors are being output.
2506 */
2508 {
2513 {
2516 {
2520 }
2528 }
2529 }
2531 end_check:
2532 /* Terminate the list at the current position, reducing the
2533 * length of the last IDAT too if required.
2534 */
2538 /* FALL THROUGH */
2542 }
2543 }
2545 /* At the end of the compressed data and Z_STREAM_END was not seen. */
2550 }
2551 }
2553 else
2554 {
2562 /* The extra bytes in the chunk are handled now by adjusting the chunk
2563 * length to exclude them; the zlib data is always stored at the end of
2564 * the PNG chunk (although clearly this is not necessary.) zlib_advance
2565 * has already output a warning message.
2566 */
2569 }
2570 }
2574 /* Check the stream of zlib compressed data in either idat (if given) or (if
2575 * not) chunk. In fact it is zlib_run that handles the difference in reading
2576 * a single chunk and a list of IDAT chunks.
2577 *
2578 * In either case the input file must be positioned at the first byte of zlib
2579 * compressed data (the first header byte).
2580 *
2581 * The return value is true on success, including the case where the zlib
2582 * header may need to be rewritten, and false on an unrecoverable error.
2583 *
2584 * In the case of IDAT chunks 'offset' should be 0.
2585 */
2586 {
2590 /* Record the start of the LZ data to allow a re-read. */
2593 /* First test the existing (file) window bits: */
2595 {
2598 /* The first run using the existing window bits. */
2602 {
2604 /* too far back error */
2613 {
2614 /* The trivial case where the stream is ok and optimization was
2615 * not requested.
2616 */
2619 }
2627 /* cksum is set if there is an error in the zlib header checksum
2628 * calculation in the original file (and this may be the only reason
2629 * a rewrite is required). We can't rely on the file window bits in
2630 * this case, so do the optimization anyway.
2631 */
2638 /* Truncated stream; unrecoverable, gets converted to ZLIB_FATAL */
2641 /* FALL THROUGH */
2644 /* Unrecoverable error; skip the chunk; a zlib_message has already
2645 * been output.
2646 */
2649 }
2651 /* Optimize window bits or fix a too-far-back error. min_bits and
2652 * max_bits have been set appropriately, ok_bits records the bit value
2653 * known to work.
2654 */
2656 {
2660 {
2665 {
2669 {
2670 /* This happens when the stream really is damaged and it
2671 * contains a distance code that addresses bytes before
2672 * the start of the uncompressed data.
2673 */
2676 /* Output the error that wasn't output before: */
2683 }
2691 /* A fatal error; this happens if a too-far-back error was
2692 * hiding a more serious error, zlib_advance has already
2693 * output a zlib_message.
2694 */
2697 }
2698 }
2701 {
2704 }
2705 }
2707 /* The loop guarantees this */
2711 }
2714 {
2717 }
2718 }
2720 /***************************** LIBPNG CALLBACKS *******************************/
2721 /* The strategy here is to run a regular libpng PNG file read but examine the
2722 * input data (from the file) before passing it to libpng so as to be aware of
2723 * the state we expect libpng to be in. Warning and error callbacks are also
2724 * intercepted so that they can be quieted and interpreted. Interpretation
2725 * depends on a somewhat risky string match for known error messages; let us
2726 * hope that this can be fixed in the next version of libpng.
2727 *
2728 * The control structure is pointed to by the libpng error pointer. It contains
2729 * that set of structures which must persist across multiple read callbacks,
2730 * which is pretty much everything except the 'zlib' control structure.
2731 *
2732 * The file structure is instantiated in the caller of the per-file routine, but
2733 * the per-file routine contains the chunk and IDAT control structures.
2734 */
2735 /* The three routines read_chunk, process_chunk and sync_stream can only be
2736 * called via a call to read_chunk and only exit at a return from process_chunk.
2737 * These routines could have been written as one confusing large routine,
2738 * instead this code relies on the compiler to do tail call elimination. The
2739 * possible calls are as follows:
2740 *
2741 * read_chunk
2742 * -> sync_stream
2743 * -> process_chunk
2744 * -> process_chunk
2745 * -> read_chunk
2746 * returns
2747 */
2749 static void
2751 png_uint_32 next_type)
2752 /* Called when the chunk data has been read, next_length and next_type
2753 * will be set for the next chunk (or 0 if this is IEND).
2754 *
2755 * When this routine returns, chunk_length and chunk_type will be set for the
2756 * next chunk to write because if a chunk is skipped this return calls back
2757 * to read_chunk.
2758 */
2759 {
2763 {
2768 }
2770 /* The basic structure seems correct but the CRC may not match, in this
2771 * case assume that it is simply a bad CRC, either wrongly calculated or
2772 * because of damaged stream data.
2773 */
2775 {
2776 /* The behavior is set by the 'skip' setting; if it is anything other
2777 * than SKIP_BAD_CRC ignore the bad CRC and return the chunk, with a
2778 * corrected CRC and possibly processed, to libpng. Otherwise skip the
2779 * chunk, which will result in a fatal error if the chunk is critical.
2780 */
2783 /* Ignore the bad CRC */
2787 /* This will cause an IEND with a bad CRC to stop */
2791 else
2792 {
2795 /* NOTE: this cannot be reached for IEND because it is critical. */
2797 }
2798 }
2800 /* Check for other 'skip' cases and handle these; these only apply to
2801 * ancillary chunks (and not tRNS, which should probably have been a critical
2802 * chunk.)
2803 */
2807 /* The chunk may still be skipped if problems are detected in the LZ data,
2808 * however the LZ data check requires a chunk. Handle this by instantiating
2809 * a chunk unless an IDAT is already instantiated (IDAT control structures
2810 * instantiate their own chunk.)
2811 */
2818 else
2819 {
2820 /* The chunk length must be updated for process_IDAT */
2824 }
2826 /* Record the 'next' information too, now that the original values for
2827 * this chunk have been copied. Notice that the IDAT chunks only make a
2828 * copy of the position of the first chunk, this is fine - process_IDAT does
2829 * not need the position of this chunk.
2830 */
2835 /* Do per-type processing, note that if this code does not return from the
2836 * function the chunk will be skipped. The rewrite is cancelled here so that
2837 * it can be set in the per-chunk processing.
2838 */
2842 {
2847 /* Read this now and update the control structure with the information
2848 * it contains. The header is validated completely to ensure this is a
2849 * PNG.
2850 */
2851 {
2857 /* Read all the IHDR information and validate it. */
2867 /* This validates all the fields, and calls stop_invalid if
2868 * there is a problem.
2869 */
2871 }
2874 /* Ancillary chunks that require further processing: */
2892 /* First pass: */
2895 }
2897 /* Control reaches this point if the chunk must be skipped. For chunks other
2898 * than IDAT this means that the zlib compressed data is fatally damanged and
2899 * the chunk will not be passed to libpng. For IDAT it means that the end of
2900 * the IDAT stream has not yet been reached and we must handle the next
2901 * (IDAT) chunk. If the LZ data in an IDAT stream cannot be read 'stop' must
2902 * be used to halt parsing of the PNG.
2903 */
2907 /* This is the generic code to skip the current chunk; simply jump to the
2908 * next one.
2909 */
2910 skip_chunk:
2915 }
2917 static png_uint_32
2919 /* Read a 32-bit value from an 8-byte circular buffer (used only below).
2920 */
2921 {
2922 return
2927 }
2929 static void
2931 /* The stream seems to be messed up, attempt to resync from the current chunk
2932 * header. Executes stop on a fatal error, otherwise calls process_chunk.
2933 */
2934 {
2935 png_uint_32 file_crc;
2940 {
2944 }
2946 /* Return to the start of the chunk data */
2951 {
2952 /* Ignore the recorded chunk length, proceed through the data looking for
2953 * a leading sequence of bytes that match the CRC in the following four
2954 * bytes. Each time a match is found check the next 8 bytes for a valid
2955 * length, chunk-type pair.
2956 */
2957 png_uint_32 length;
2964 {
2968 {
2969 /* A match on the CRC; for IEND this is sufficient, but for anything
2970 * else expect a following chunk header.
2971 */
2973 {
2977 }
2979 else
2980 {
2981 /* Need 8 bytes */
2983 {
2988 }
2990 /* Prevent overflow */
2994 /* Examine the 8 bytes for a valid chunk header. */
2995 {
2999 {
3003 {
3007 }
3008 }
3010 /* Not valid, keep going. */
3011 }
3012 }
3013 }
3015 /* This catches up with the circular buffer which gets filled above
3016 * while checking a chunk header. This code is slightly tricky - if
3017 * the chunk_type is IEND the buffer will never be used, if it is not
3018 * the code will always read ahead exactly 8 bytes and pass this on to
3019 * process_chunk. So the invariant that IEND leaves the file position
3020 * after the IEND CRC and other chunk leave it after the *next* chunk
3021 * header is not broken.
3022 */
3024 {
3029 }
3031 else
3036 }
3038 /* Control gets to here if when 0x7fffffff bytes (plus 8) have been read,
3039 * ok, treat this as a damaged stream too:
3040 */
3041 }
3043 truncated:
3045 }
3047 static void
3049 /* On entry file::data_pos must be set to the position of the first byte
3050 * of the chunk data *and* the input file must be at this position. This
3051 * routine (via process_chunk) instantiates a chunk or IDAT control structure
3052 * based on file::length and file::type and also resets these fields and
3053 * file::data_pos for the chunk after this one. For an IDAT chunk the whole
3054 * stream of IDATs will be read, until something other than an IDAT is
3055 * encountered, and the file fields will be set for the chunk after the end
3056 * of the stream of IDATs.
3057 *
3058 * For IEND the file::type field will be set to 0, and nothing beyond the end
3059 * of the IEND chunk will have been read.
3060 */
3061 {
3065 /* After IEND file::type is set to 0, if libpng attempts to read
3066 * more data at this point this is a bug in libpng.
3067 */
3072 {
3076 }
3078 /* Start the read_crc calculation with the chunk type, then read to the end
3079 * of the chunk data (without processing it in any way) to check that it is
3080 * all there and calculate the CRC.
3081 */
3084 {
3089 {
3091 {
3092 png_uint_32 next_length;
3096 {
3097 png_uint_32 next_type;
3102 {
3103 /* Adjust the read count back to the correct value for this
3104 * chunk.
3105 */
3109 }
3110 }
3111 }
3114 {
3117 }
3118 }
3119 }
3121 /* Control gets to here if the the stream seems invalid or damaged in some
3122 * way. Either there was a problem reading all the expected data (this
3123 * chunk's data, its CRC and the length and type of the next chunk) or the
3124 * next chunk length/type are invalid. Notice that the cases that end up
3125 * here all correspond to cases that would otherwise terminate the read of
3126 * the PNG file.
3127 */
3129 }
3131 /* This returns a file* from a png_struct in an implementation specific way. */
3134 static void
3136 {
3138 }
3140 static void
3142 {
3147 }
3149 /* Read callback - this is where the work gets done to check the stream before
3150 * passing it to libpng
3151 */
3152 static void
3154 /* Return 'count' bytes to libpng in 'buffer' */
3155 {
3160 /* libpng should always ask for at least one byte */
3164 /* The callback always reads ahead by 8 bytes - the signature or chunk header
3165 * - these bytes are stored in chunk_length and chunk_type. This block is
3166 * executed once for the signature and once for the first chunk right at the
3167 * start.
3168 */
3170 {
3180 {
3183 }
3186 {
3190 /* Else write it (this is the initialization of write_count, prior to
3191 * this it contains CLEAR garbage.)
3192 */
3194 }
3196 else
3197 {
3200 /* The first chunk must be a well formed IHDR (this could be relaxed to
3201 * use the checks in process_chunk, but that seems unnecessary.)
3202 */
3206 /* The position of the data must be stored too */
3208 }
3209 }
3211 /* Retrieve previous state (because the read callbacks are made pretty much
3212 * byte-by-byte in the sequential reader prior to 1.7).
3213 */
3217 {
3220 }
3222 else
3223 {
3224 /* This is the signature case; for IDAT and other chunks these values will
3225 * be overwritten when read_chunk is called below.
3226 */
3229 }
3231 do
3232 {
3233 png_uint_32 b;
3235 /* Complete the read of a chunk; as a side effect this also instantiates
3236 * a chunk control structure and sets the file length/type/data_pos fields
3237 * for the *NEXT* chunk header.
3238 *
3239 * NOTE: at an IDAT any following IDAT chunks will also be read and the
3240 * next_ fields will refer to the chunk after the last IDAT.
3241 *
3242 * NOTE: read_chunk only returns when it has read a chunk that must now be
3243 * written.
3244 */
3246 {
3253 /* Do the initialization that was not done before. */
3257 /* And start writing the new chunk. */
3259 }
3261 /* The chunk_ fields describe a chunk that must be written, or hold the
3262 * signature. Write the header first. In the signature case this
3263 * rewrites the signature.
3264 */
3266 {
3278 /* The header has been written. If this is really the signature
3279 * that's all that is required and we can go to normal chunk
3280 * processing.
3281 */
3283 {
3284 /* The signature has been written, the tail call to read_callback
3285 * below (it's just a goto to the start with a decent compiler)
3286 * will read the IHDR header ahead and validate it.
3287 */
3293 }
3295 else
3296 {
3297 /* Set up for write, notice that repositioning the input stream
3298 * is only necessary if something is to be read from it. Also
3299 * notice that for the IDAT stream this must only happen once -
3300 * on the first IDAT - to get back to the start of the list and
3301 * this is done inside process_IDAT:
3302 */
3306 }
3307 /* FALL THROUGH */
3310 /* NOTE: the arithmetic below overflows and gives a large positive
3311 * png_uint_32 value until the whole chunk data has been written.
3312 */
3314 {
3315 /* Write the chunk data, normally this just comes from
3316 * the file. The only exception is for that part of a
3317 * chunk which is zlib data and which must be rewritten,
3318 * and IDAT chunks which can be completely
3319 * reconstructed.
3320 */
3323 {
3328 /* Read an IDAT byte from the input stream of IDAT chunks.
3329 * Because the IDAT stream can be re-chunked this stream is
3330 * held in the struct IDAT members. The chunk members, in
3331 * particular chunk_length (and therefore the length local)
3332 * refer to the output chunk.
3333 */
3335 {
3336 /* Advance one chunk */
3342 /* NOTE: IDAT_list::count here, not IDAT_list::length */
3344 {
3347 /* Move on to the next IDAT_list: */
3350 /* This is an internal error - read beyond the end of
3351 * the pre-calculated stream.
3352 */
3359 }
3362 /* Zero length IDAT chunks are permitted, so the length
3363 * here may be 0.
3364 */
3367 /* And skip 12 bytes to the next chunk data */
3369 }
3371 /* The index is always that of the next byte, the rest of
3372 * the information is always the current IDAT chunk and the
3373 * current list.
3374 */
3376 }
3378 /* Read the byte from the stream. */
3381 /* If the byte must be rewritten handle that here */
3383 {
3387 else
3388 {
3395 }
3396 }
3401 /* The CRC is written at:
3402 *
3403 * chunk_write == chunk_length+8..chunk_length+11
3404 *
3405 * so 8 to 11. The CRC is not (yet) conditioned.
3406 */
3411 /* This must happen before the chunk_end below: */
3415 {
3420 }
3422 /* The IDAT stream is written without a call to read_chunk
3423 * until the end is reached. rechunk_length() calculates the
3424 * length of the output chunks. Control gets to this point at
3425 * the end of an *output* chunk - the length calculated by
3426 * rechunk_length. If this corresponds to the end of the
3427 * input stream stop writing IDAT chunks, otherwise continue.
3428 */
3433 {
3434 /* Write another IDAT chunk. Call rechunk_length to
3435 * calculate the length required.
3436 */
3441 }
3443 else
3444 {
3445 /* Entered at the end of a non-IDAT chunk and at the end of
3446 * the IDAT stream. The rewrite should have been cleared.
3447 */
3451 /* This is the last byte so reset chunk_read for the next
3452 * chunk and move the input file to the position after the
3453 * *next* chunk header if required.
3454 */
3461 else
3463 }
3465 write_crc:
3468 }
3470 }
3472 /* Write one byte */
3477 }
3479 }
3481 /* Bundle the file and an uninitialized chunk and IDAT control structure
3482 * together to allow implementation of the chunk/IDAT allocate routine.
3483 */
3484 struct control
3485 {
3489 };
3491 static int
3493 {
3495 }
3499 {
3500 /* This just returns the (file*). The chunk and idat control structures
3501 * don't always exist.
3502 */
3506 }
3508 static void
3510 {
3514 {
3521 }
3524 {
3531 }
3532 }
3534 static int
3537 /* This wraps file_init(&control::file) and simply returns the result from
3538 * file_init.
3539 */
3540 {
3542 allocate);
3543 }
3545 static int
3547 /* Read a PNG, return 0 on success else an error (status) code; a bit mask as
3548 * defined for file::status_code as above.
3549 */
3550 {
3551 png_structp png_ptr;
3560 {
3561 /* This is not really expected. */
3565 }
3569 {
3581 {
3590 {
3598 {
3601 /* NOTE: this trashes the row each time; interlace handling won't
3602 * work, but this avoids memory thrashing for speed testing.
3603 */
3606 }
3607 }
3608 }
3613 /* Make sure to read to the end of the file: */
3615 }
3621 }
3623 static void
3625 {
3633 /* Although control_init can return a failure code the structure is always
3634 * initialized, so control_end can be used to accumulate any status codes.
3635 */
3642 }
3644 static void
3646 {
3647 /* ANSI C-90 limits strings to 509 characters, so use a string array: */
3681 " bKGD [transform]: This is used by libpng transforms."
3713 #ifdef PNG_MAXIMUM_INFLATE_WINDOW
3717 #endif
3718 #endif
3812 };
3817 {
3822 }
3825 }
3827 int
3829 {
3840 {
3844 {
3845 /* To help debugging problems: */
3849 }
3852 {
3857 }
3860 {
3865 }
3907 {
3911 else
3913 }
3918 #if 0
3919 /* NYI */
3920 # ifdef PNG_MAXIMUM_INFLATE_WINDOW
3923 # endif
3924 #endif
3929 else
3930 {
3935 {
3936 /* Consider the prefix/suffix options */
3938 {
3942 {
3947 }
3953 }
3961 {
3965 {
3970 }
3976 }
3977 }
3982 }
3983 }
3989 }
3992 int
3994 {
3997 PNG_ZLIB_VERNUM);
3999 }
4004 int
4006 {
4009 }