summaryrefslogtreecommitdiffstats
path: root/third_party/libpng/pngrutil.c
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-18 18:22:04 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-18 18:22:04 +0000
commit71b9d6403ceaaef6b2b258fbb32f1a77b7c875e6 (patch)
tree30c9d23615c9d559a845b282a18b994d417e8f40 /third_party/libpng/pngrutil.c
parentfe5aac24dff85b8a035dbda9660d7b470fb08df0 (diff)
downloadchromium_src-71b9d6403ceaaef6b2b258fbb32f1a77b7c875e6.zip
chromium_src-71b9d6403ceaaef6b2b258fbb32f1a77b7c875e6.tar.gz
chromium_src-71b9d6403ceaaef6b2b258fbb32f1a77b7c875e6.tar.bz2
libpng: update to 1.2.43
I unpacked libpng 1.2.43 and did: cd third_party/libpng for x in $(ls -1) ; do cp /tmp/libpng-1.2.43/$x .; done The diffs appear to all be safe. The Chromium specific config is in pngusr.h and isn't touched by this change. 1.2.43 fixes http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205 c7013d773eb45b8ed6a864e419e544106a0dd95d /tmp/libpng-1.2.43.tar.xz BUG=38512 TEST=none http://codereview.chromium.org/1118002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41972 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'third_party/libpng/pngrutil.c')
-rw-r--r--third_party/libpng/pngrutil.c567
1 files changed, 340 insertions, 227 deletions
diff --git a/third_party/libpng/pngrutil.c b/third_party/libpng/pngrutil.c
index ae1e3f7..9fd48be 100644
--- a/third_party/libpng/pngrutil.c
+++ b/third_party/libpng/pngrutil.c
@@ -1,28 +1,33 @@
/* pngrutil.c - utilities to read a PNG file
*
- * Last changed in libpng 1.2.37 [June 4, 2009]
- * For conditions of distribution and use, see copyright notice in png.h
+ * Last changed in libpng 1.2.43 [February 25, 2010]
* Copyright (c) 1998-2009 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
*
+ * This code is released under the libpng license.
+ * For conditions of distribution and use, see the disclaimer
+ * and license in png.h
+ *
* This file contains routines that are only called from within
* libpng itself during the course of reading an image.
*/
#define PNG_INTERNAL
+#define PNG_NO_PEDANTIC_WARNINGS
#include "png.h"
-#if defined(PNG_READ_SUPPORTED)
+#ifdef PNG_READ_SUPPORTED
#if defined(_WIN32_WCE) && (_WIN32_WCE<0x500)
# define WIN32_WCE_OLD
#endif
#ifdef PNG_FLOATING_POINT_SUPPORTED
-# if defined(WIN32_WCE_OLD)
+# ifdef WIN32_WCE_OLD
/* The strtod() function is not supported on WindowsCE */
-__inline double png_strtod(png_structp png_ptr, PNG_CONST char *nptr, char **endptr)
+__inline double png_strtod(png_structp png_ptr, PNG_CONST char *nptr,
+ char **endptr)
{
double result = 0;
int len;
@@ -213,180 +218,205 @@ png_crc_error(png_structp png_ptr)
#if defined(PNG_READ_zTXt_SUPPORTED) || defined(PNG_READ_iTXt_SUPPORTED) || \
defined(PNG_READ_iCCP_SUPPORTED)
-/*
- * Decompress trailing data in a chunk. The assumption is that chunkdata
- * points at an allocated area holding the contents of a chunk with a
- * trailing compressed part. What we get back is an allocated area
- * holding the original prefix part and an uncompressed version of the
- * trailing part (the malloc area passed in is freed).
- */
-void /* PRIVATE */
-png_decompress_chunk(png_structp png_ptr, int comp_type,
- png_size_t chunklength,
- png_size_t prefix_size, png_size_t *newlength)
+static png_size_t
+png_inflate(png_structp png_ptr, const png_byte *data, png_size_t size,
+ png_bytep output, png_size_t output_size)
{
- static PNG_CONST char msg[] = "Error decoding compressed text";
- png_charp text;
- png_size_t text_size;
+ png_size_t count = 0;
+
+ png_ptr->zstream.next_in = (png_bytep)data; /* const_cast: VALID */
+ png_ptr->zstream.avail_in = size;
- if (comp_type == PNG_COMPRESSION_TYPE_BASE)
+ while (1)
{
- int ret = Z_OK;
- png_ptr->zstream.next_in = (png_bytep)(png_ptr->chunkdata + prefix_size);
- png_ptr->zstream.avail_in = (uInt)(chunklength - prefix_size);
+ int ret, avail;
+
+ /* Reset the output buffer each time round - we empty it
+ * after every inflate call.
+ */
png_ptr->zstream.next_out = png_ptr->zbuf;
- png_ptr->zstream.avail_out = (uInt)png_ptr->zbuf_size;
+ png_ptr->zstream.avail_out = png_ptr->zbuf_size;
- text_size = 0;
- text = NULL;
+ ret = inflate(&png_ptr->zstream, Z_NO_FLUSH);
+ avail = png_ptr->zbuf_size - png_ptr->zstream.avail_out;
- while (png_ptr->zstream.avail_in)
+ /* First copy/count any new output - but only if we didn't
+ * get an error code.
+ */
+ if ((ret == Z_OK || ret == Z_STREAM_END) && avail > 0)
{
- ret = inflate(&png_ptr->zstream, Z_PARTIAL_FLUSH);
- if (ret != Z_OK && ret != Z_STREAM_END)
- {
- if (png_ptr->zstream.msg != NULL)
- png_warning(png_ptr, png_ptr->zstream.msg);
- else
- png_warning(png_ptr, msg);
- inflateReset(&png_ptr->zstream);
- png_ptr->zstream.avail_in = 0;
+ if (output != 0 && output_size > count)
+ {
+ int copy = output_size - count;
+ if (avail < copy) copy = avail;
+ png_memcpy(output + count, png_ptr->zbuf, copy);
+ }
+ count += avail;
+ }
- if (text == NULL)
- {
- text_size = prefix_size + png_sizeof(msg) + 1;
- text = (png_charp)png_malloc_warn(png_ptr, text_size);
- if (text == NULL)
- {
- png_free(png_ptr, png_ptr->chunkdata);
- png_ptr->chunkdata = NULL;
- png_error(png_ptr, "Not enough memory to decompress chunk");
- }
- png_memcpy(text, png_ptr->chunkdata, prefix_size);
- }
+ if (ret == Z_OK)
+ continue;
- text[text_size - 1] = 0x00;
+ /* Termination conditions - always reset the zstream, it
+ * must be left in inflateInit state.
+ */
+ png_ptr->zstream.avail_in = 0;
+ inflateReset(&png_ptr->zstream);
- /* Copy what we can of the error message into the text chunk */
- text_size = (png_size_t)(chunklength -
- (text - png_ptr->chunkdata) - 1);
- if (text_size > png_sizeof(msg))
- text_size = png_sizeof(msg);
- png_memcpy(text + prefix_size, msg, text_size);
- break;
- }
- if (!png_ptr->zstream.avail_out || ret == Z_STREAM_END)
- {
- if (text == NULL)
- {
- text_size = prefix_size +
- png_ptr->zbuf_size - png_ptr->zstream.avail_out;
- text = (png_charp)png_malloc_warn(png_ptr, text_size + 1);
- if (text == NULL)
- {
- png_free(png_ptr, png_ptr->chunkdata);
- png_ptr->chunkdata = NULL;
- png_error(png_ptr,
- "Not enough memory to decompress chunk.");
- }
- png_memcpy(text + prefix_size, png_ptr->zbuf,
- text_size - prefix_size);
- png_memcpy(text, png_ptr->chunkdata, prefix_size);
- *(text + text_size) = 0x00;
- }
- else
- {
- png_charp tmp;
+ if (ret == Z_STREAM_END)
+ return count; /* NOTE: may be zero. */
- tmp = text;
- text = (png_charp)png_malloc_warn(png_ptr,
- (png_uint_32)(text_size +
- png_ptr->zbuf_size - png_ptr->zstream.avail_out + 1));
- if (text == NULL)
- {
- png_free(png_ptr, tmp);
- png_free(png_ptr, png_ptr->chunkdata);
- png_ptr->chunkdata = NULL;
- png_error(png_ptr,
- "Not enough memory to decompress chunk..");
- }
- png_memcpy(text, tmp, text_size);
- png_free(png_ptr, tmp);
- png_memcpy(text + text_size, png_ptr->zbuf,
- (png_ptr->zbuf_size - png_ptr->zstream.avail_out));
- text_size += png_ptr->zbuf_size - png_ptr->zstream.avail_out;
- *(text + text_size) = 0x00;
- }
- if (ret == Z_STREAM_END)
- break;
- else
- {
- png_ptr->zstream.next_out = png_ptr->zbuf;
- png_ptr->zstream.avail_out = (uInt)png_ptr->zbuf_size;
- }
- }
- }
- if (ret != Z_STREAM_END)
+ /* Now handle the error codes - the API always returns 0
+ * and the error message is dumped into the uncompressed
+ * buffer if available.
+ */
{
-#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE)
- char umsg[52];
+ char *msg, umsg[52];
+ if (png_ptr->zstream.msg != 0)
+ msg = png_ptr->zstream.msg;
+ else
+ {
+#if defined(PNG_STDIO_SUPPORTED) && !defined(_WIN32_WCE)
+ switch (ret)
+ {
+ case Z_BUF_ERROR:
+ msg = "Buffer error in compressed datastream in %s chunk";
+ break;
+ case Z_DATA_ERROR:
+ msg = "Data error in compressed datastream in %s chunk";
+ break;
+ default:
+ msg = "Incomplete compressed datastream in %s chunk";
+ break;
+ }
+
+ png_snprintf(umsg, sizeof umsg, msg, png_ptr->chunk_name);
+ msg = umsg;
+#else
+ msg = "Damaged compressed datastream in chunk other than IDAT";
+#endif
+ }
- if (ret == Z_BUF_ERROR)
- png_snprintf(umsg, 52,
- "Buffer error in compressed datastream in %s chunk",
- png_ptr->chunk_name);
+ png_warning(png_ptr, msg);
+ }
- else if (ret == Z_DATA_ERROR)
- png_snprintf(umsg, 52,
- "Data error in compressed datastream in %s chunk",
- png_ptr->chunk_name);
+ /* 0 means an error - notice that this code simple ignores
+ * zero length compressed chunks as a result.
+ */
+ return 0;
+ }
+}
- else
- png_snprintf(umsg, 52,
- "Incomplete compressed datastream in %s chunk",
- png_ptr->chunk_name);
+/*
+ * Decompress trailing data in a chunk. The assumption is that chunkdata
+ * points at an allocated area holding the contents of a chunk with a
+ * trailing compressed part. What we get back is an allocated area
+ * holding the original prefix part and an uncompressed version of the
+ * trailing part (the malloc area passed in is freed).
+ */
+void /* PRIVATE */
+png_decompress_chunk(png_structp png_ptr, int comp_type,
+ png_size_t chunklength,
+ png_size_t prefix_size, png_size_t *newlength)
+{
+ /* The caller should guarantee this */
+ if (prefix_size > chunklength)
+ {
+ /* The recovery is to delete the chunk. */
+ png_warning(png_ptr, "invalid chunklength");
+ prefix_size = 0; /* To delete everything */
+ }
- png_warning(png_ptr, umsg);
+ else if (comp_type == PNG_COMPRESSION_TYPE_BASE)
+ {
+ png_size_t expanded_size = png_inflate(png_ptr,
+ (png_bytep)(png_ptr->chunkdata + prefix_size),
+ chunklength - prefix_size,
+ 0/*output*/, 0/*output size*/);
+
+ /* Now check the limits on this chunk - if the limit fails the
+ * compressed data will be removed, the prefix will remain.
+ */
+#ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
+ if (png_ptr->user_chunk_malloc_max &&
+ (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1))
#else
- png_warning(png_ptr,
- "Incomplete compressed datastream in chunk other than IDAT");
+ if ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
+ prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1)
#endif
- text_size = prefix_size;
- if (text == NULL)
- {
- text = (png_charp)png_malloc_warn(png_ptr, text_size+1);
- if (text == NULL)
- {
- png_free(png_ptr, png_ptr->chunkdata);
- png_ptr->chunkdata = NULL;
- png_error(png_ptr, "Not enough memory for text.");
- }
- png_memcpy(text, png_ptr->chunkdata, prefix_size);
- }
- *(text + text_size) = 0x00;
- }
+ png_warning(png_ptr, "Exceeded size limit while expanding chunk");
- inflateReset(&png_ptr->zstream);
- png_ptr->zstream.avail_in = 0;
+ /* If the size is zero either there was an error and a message
+ * has already been output (warning) or the size really is zero
+ * and we have nothing to do - the code will exit through the
+ * error case below.
+ */
+ else if (expanded_size > 0)
+ {
+ /* Success (maybe) - really uncompress the chunk. */
+ png_size_t new_size = 0;
+ png_charp text = png_malloc_warn(png_ptr,
+ prefix_size + expanded_size + 1);
- png_free(png_ptr, png_ptr->chunkdata);
- png_ptr->chunkdata = text;
- *newlength=text_size;
+ if (text != NULL)
+ {
+ png_memcpy(text, png_ptr->chunkdata, prefix_size);
+ new_size = png_inflate(png_ptr,
+ (png_bytep)(png_ptr->chunkdata + prefix_size),
+ chunklength - prefix_size,
+ (png_bytep)(text + prefix_size), expanded_size);
+ text[prefix_size + expanded_size] = 0; /* just in case */
+
+ if (new_size == expanded_size)
+ {
+ png_free(png_ptr, png_ptr->chunkdata);
+ png_ptr->chunkdata = text;
+ *newlength = prefix_size + expanded_size;
+ return; /* The success return! */
+ }
+
+ png_warning(png_ptr, "png_inflate logic error");
+ png_free(png_ptr, text);
+ }
+ else
+ png_warning(png_ptr, "Not enough memory to decompress chunk.");
+ }
}
+
else /* if (comp_type != PNG_COMPRESSION_TYPE_BASE) */
{
-#if !defined(PNG_NO_STDIO) && !defined(_WIN32_WCE)
char umsg[50];
- png_snprintf(umsg, 50, "Unknown zTXt compression type %d", comp_type);
+#if defined(PNG_STDIO_SUPPORTED) && !defined(_WIN32_WCE)
+ png_snprintf(umsg, sizeof umsg, "Unknown zTXt compression type %d", comp_type);
png_warning(png_ptr, umsg);
#else
png_warning(png_ptr, "Unknown zTXt compression type");
#endif
- *(png_ptr->chunkdata + prefix_size) = 0x00;
- *newlength = prefix_size;
+ /* The recovery is to simply drop the data. */
}
+
+ /* Generic error return - leave the prefix, delete the compressed
+ * data, reallocate the chunkdata to remove the potentially large
+ * amount of compressed data.
+ */
+ {
+ png_charp text = png_malloc_warn(png_ptr, prefix_size + 1);
+ if (text != NULL)
+ {
+ if (prefix_size > 0)
+ png_memcpy(text, png_ptr->chunkdata, prefix_size);
+ png_free(png_ptr, png_ptr->chunkdata);
+ png_ptr->chunkdata = text;
+
+ /* This is an extra zero in the 'uncompressed' part. */
+ *(png_ptr->chunkdata + prefix_size) = 0x00;
+ }
+ /* Ignore a malloc error here - it is safe. */
+ }
+
+ *newlength = prefix_size;
}
#endif
@@ -427,7 +457,7 @@ png_handle_IHDR(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_ptr->bit_depth = (png_byte)bit_depth;
png_ptr->interlaced = (png_byte)interlace_type;
png_ptr->color_type = (png_byte)color_type;
-#if defined(PNG_MNG_FEATURES_SUPPORTED)
+#ifdef PNG_MNG_FEATURES_SUPPORTED
png_ptr->filter_type = (png_byte)filter_type;
#endif
png_ptr->compression_type = (png_byte)compression_type;
@@ -470,7 +500,7 @@ png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
png_color palette[PNG_MAX_PALETTE_LENGTH];
int num, i;
-#ifndef PNG_NO_POINTER_INDEXING
+#ifdef PNG_POINTER_INDEXING_SUPPORTED
png_colorp pal_ptr;
#endif
@@ -498,7 +528,7 @@ png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_crc_finish(png_ptr, length);
return;
}
-#if !defined(PNG_READ_OPT_PLTE_SUPPORTED)
+#ifndef PNG_READ_OPT_PLTE_SUPPORTED
if (png_ptr->color_type != PNG_COLOR_TYPE_PALETTE)
{
png_crc_finish(png_ptr, length);
@@ -523,7 +553,7 @@ png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
num = (int)length / 3;
-#ifndef PNG_NO_POINTER_INDEXING
+#ifdef PNG_POINTER_INDEXING_SUPPORTED
for (i = 0, pal_ptr = palette; i < num; i++, pal_ptr++)
{
png_byte buf[3];
@@ -551,13 +581,13 @@ png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
* have an RGB image, the PLTE can be considered ancillary, so
* we will act as though it is.
*/
-#if !defined(PNG_READ_OPT_PLTE_SUPPORTED)
+#ifndef PNG_READ_OPT_PLTE_SUPPORTED
if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
#endif
{
png_crc_finish(png_ptr, 0);
}
-#if !defined(PNG_READ_OPT_PLTE_SUPPORTED)
+#ifndef PNG_READ_OPT_PLTE_SUPPORTED
else if (png_crc_error(png_ptr)) /* Only if we have a CRC error */
{
/* If we don't want to use the data from an ancillary chunk,
@@ -586,7 +616,7 @@ png_handle_PLTE(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_set_PLTE(png_ptr, info_ptr, palette, num);
-#if defined(PNG_READ_tRNS_SUPPORTED)
+#ifdef PNG_READ_tRNS_SUPPORTED
if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
{
if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_tRNS))
@@ -628,7 +658,7 @@ png_handle_IEND(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
info_ptr = info_ptr; /* Quiet compiler warnings about unused info_ptr */
}
-#if defined(PNG_READ_gAMA_SUPPORTED)
+#ifdef PNG_READ_gAMA_SUPPORTED
void /* PRIVATE */
png_handle_gAMA(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -653,7 +683,7 @@ png_handle_gAMA(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_warning(png_ptr, "Out of place gAMA chunk");
if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_gAMA)
-#if defined(PNG_READ_sRGB_SUPPORTED)
+#ifdef PNG_READ_sRGB_SUPPORTED
&& !(info_ptr->valid & PNG_INFO_sRGB)
#endif
)
@@ -683,13 +713,13 @@ png_handle_gAMA(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
-#if defined(PNG_READ_sRGB_SUPPORTED)
+#ifdef PNG_READ_sRGB_SUPPORTED
if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_sRGB))
if (PNG_OUT_OF_RANGE(igamma, 45500L, 500))
{
png_warning(png_ptr,
"Ignoring incorrect gAMA value when sRGB is also present");
-#ifndef PNG_NO_CONSOLE_IO
+#ifdef PNG_CONSOLE_IO_SUPPORTED
fprintf(stderr, "gamma = (%d/100000)", (int)igamma);
#endif
return;
@@ -709,7 +739,7 @@ png_handle_gAMA(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_sBIT_SUPPORTED)
+#ifdef PNG_READ_sBIT_SUPPORTED
void /* PRIVATE */
png_handle_sBIT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -775,7 +805,7 @@ png_handle_sBIT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_cHRM_SUPPORTED)
+#ifdef PNG_READ_cHRM_SUPPORTED
void /* PRIVATE */
png_handle_cHRM(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -803,7 +833,7 @@ png_handle_cHRM(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_warning(png_ptr, "Missing PLTE before cHRM");
if (info_ptr != NULL && (info_ptr->valid & PNG_INFO_cHRM)
-#if defined(PNG_READ_sRGB_SUPPORTED)
+#ifdef PNG_READ_sRGB_SUPPORTED
&& !(info_ptr->valid & PNG_INFO_sRGB)
#endif
)
@@ -855,7 +885,7 @@ png_handle_cHRM(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
blue_y = (float)int_y_blue / (float)100000.0;
#endif
-#if defined(PNG_READ_sRGB_SUPPORTED)
+#ifdef PNG_READ_sRGB_SUPPORTED
if ((info_ptr != NULL) && (info_ptr->valid & PNG_INFO_sRGB))
{
if (PNG_OUT_OF_RANGE(int_x_white, 31270, 1000) ||
@@ -869,7 +899,7 @@ png_handle_cHRM(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
png_warning(png_ptr,
"Ignoring incorrect cHRM value when sRGB is also present");
-#ifndef PNG_NO_CONSOLE_IO
+#ifdef PNG_CONSOLE_IO_SUPPORTED
#ifdef PNG_FLOATING_POINT_SUPPORTED
fprintf(stderr, "wx=%f, wy=%f, rx=%f, ry=%f\n",
white_x, white_y, red_x, red_y);
@@ -881,7 +911,7 @@ png_handle_cHRM(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
fprintf(stderr, "gx=%ld, gy=%ld, bx=%ld, by=%ld\n",
int_x_green, int_y_green, int_x_blue, int_y_blue);
#endif
-#endif /* PNG_NO_CONSOLE_IO */
+#endif /* PNG_CONSOLE_IO_SUPPORTED */
}
return;
}
@@ -899,7 +929,7 @@ png_handle_cHRM(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_sRGB_SUPPORTED)
+#ifdef PNG_READ_sRGB_SUPPORTED
void /* PRIVATE */
png_handle_sRGB(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -961,7 +991,7 @@ png_handle_sRGB(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
png_warning(png_ptr,
"Ignoring incorrect gAMA value when sRGB is also present");
-#ifndef PNG_NO_CONSOLE_IO
+#ifdef PNG_CONSOLE_IO_SUPPORTED
# ifdef PNG_FIXED_POINT_SUPPORTED
fprintf(stderr, "incorrect gamma=(%d/100000)\n",
(int)png_ptr->int_gamma);
@@ -997,7 +1027,7 @@ png_handle_sRGB(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif /* PNG_READ_sRGB_SUPPORTED */
-#if defined(PNG_READ_iCCP_SUPPORTED)
+#ifdef PNG_READ_iCCP_SUPPORTED
void /* PRIVATE */
png_handle_iCCP(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
/* Note: this does not properly handle chunks that are > 64K under DOS */
@@ -1117,14 +1147,14 @@ png_handle_iCCP(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif /* PNG_READ_iCCP_SUPPORTED */
-#if defined(PNG_READ_sPLT_SUPPORTED)
+#ifdef PNG_READ_sPLT_SUPPORTED
void /* PRIVATE */
png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
/* Note: this does not properly handle chunks that are > 64K under DOS */
{
png_bytep entry_start;
png_sPLT_t new_palette;
-#ifdef PNG_NO_POINTER_INDEXING
+#ifdef PNG_POINTER_INDEXING_SUPPORTED
png_sPLT_entryp pp;
#endif
int data_length, entry_size, i;
@@ -1133,6 +1163,23 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_debug(1, "in png_handle_sPLT");
+#ifdef PNG_USER_LIMITS_SUPPORTED
+
+ if (png_ptr->user_chunk_cache_max != 0)
+ {
+ if (png_ptr->user_chunk_cache_max == 1)
+ {
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ if (--png_ptr->user_chunk_cache_max == 1)
+ {
+ png_warning(png_ptr, "No space in chunk cache for sPLT");
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ }
+#endif
if (!(png_ptr->mode & PNG_HAVE_IHDR))
png_error(png_ptr, "Missing IHDR before sPLT");
@@ -1166,7 +1213,8 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_ptr->chunkdata[slength] = 0x00;
- for (entry_start = (png_bytep)png_ptr->chunkdata; *entry_start; entry_start++)
+ for (entry_start = (png_bytep)png_ptr->chunkdata; *entry_start;
+ entry_start++)
/* Empty loop to find end of name */ ;
++entry_start;
@@ -1207,10 +1255,10 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
return;
}
-#ifndef PNG_NO_POINTER_INDEXING
+#ifdef PNG_POINTER_INDEXING_SUPPORTED
for (i = 0; i < new_palette.nentries; i++)
{
- png_sPLT_entryp pp = new_palette.entries + i;
+ pp = new_palette.entries + i;
if (new_palette.depth == 8)
{
@@ -1262,7 +1310,7 @@ png_handle_sPLT(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif /* PNG_READ_sPLT_SUPPORTED */
-#if defined(PNG_READ_tRNS_SUPPORTED)
+#ifdef PNG_READ_tRNS_SUPPORTED
void /* PRIVATE */
png_handle_tRNS(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -1357,7 +1405,7 @@ png_handle_tRNS(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_bKGD_SUPPORTED)
+#ifdef PNG_READ_bKGD_SUPPORTED
void /* PRIVATE */
png_handle_bKGD(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -1446,7 +1494,7 @@ png_handle_bKGD(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_hIST_SUPPORTED)
+#ifdef PNG_READ_hIST_SUPPORTED
void /* PRIVATE */
png_handle_hIST(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -1500,7 +1548,7 @@ png_handle_hIST(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_pHYs_SUPPORTED)
+#ifdef PNG_READ_pHYs_SUPPORTED
void /* PRIVATE */
png_handle_pHYs(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -1543,7 +1591,7 @@ png_handle_pHYs(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_oFFs_SUPPORTED)
+#ifdef PNG_READ_oFFs_SUPPORTED
void /* PRIVATE */
png_handle_oFFs(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -1586,7 +1634,7 @@ png_handle_oFFs(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_pCAL_SUPPORTED)
+#ifdef PNG_READ_pCAL_SUPPORTED
/* Read the pCAL chunk (described in the PNG Extensions document) */
void /* PRIVATE */
png_handle_pCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
@@ -1720,7 +1768,7 @@ png_handle_pCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_sCAL_SUPPORTED)
+#ifdef PNG_READ_sCAL_SUPPORTED
/* Read the sCAL chunk */
void /* PRIVATE */
png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
@@ -1863,7 +1911,7 @@ png_handle_sCAL(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_tIME_SUPPORTED)
+#ifdef PNG_READ_tIME_SUPPORTED
void /* PRIVATE */
png_handle_tIME(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
{
@@ -1906,7 +1954,7 @@ png_handle_tIME(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_tEXt_SUPPORTED)
+#ifdef PNG_READ_tEXt_SUPPORTED
/* Note: this does not properly handle chunks that are > 64K under DOS */
void /* PRIVATE */
png_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
@@ -1920,6 +1968,22 @@ png_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_debug(1, "in png_handle_tEXt");
+#ifdef PNG_USER_LIMITS_SUPPORTED
+ if (png_ptr->user_chunk_cache_max != 0)
+ {
+ if (png_ptr->user_chunk_cache_max == 1)
+ {
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ if (--png_ptr->user_chunk_cache_max == 1)
+ {
+ png_warning(png_ptr, "No space in chunk cache for tEXt");
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ }
+#endif
if (!(png_ptr->mode & PNG_HAVE_IHDR))
png_error(png_ptr, "Missing IHDR before tEXt");
@@ -1993,7 +2057,7 @@ png_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_zTXt_SUPPORTED)
+#ifdef PNG_READ_zTXt_SUPPORTED
/* Note: this does not correctly handle chunks that are > 64K under DOS */
void /* PRIVATE */
png_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
@@ -2006,6 +2070,22 @@ png_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_debug(1, "in png_handle_zTXt");
+#ifdef PNG_USER_LIMITS_SUPPORTED
+ if (png_ptr->user_chunk_cache_max != 0)
+ {
+ if (png_ptr->user_chunk_cache_max == 1)
+ {
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ if (--png_ptr->user_chunk_cache_max == 1)
+ {
+ png_warning(png_ptr, "No space in chunk cache for zTXt");
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ }
+#endif
if (!(png_ptr->mode & PNG_HAVE_IHDR))
png_error(png_ptr, "Missing IHDR before zTXt");
@@ -2097,7 +2177,7 @@ png_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
-#if defined(PNG_READ_iTXt_SUPPORTED)
+#ifdef PNG_READ_iTXt_SUPPORTED
/* Note: this does not correctly handle chunks that are > 64K under DOS */
void /* PRIVATE */
png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
@@ -2111,6 +2191,22 @@ png_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_debug(1, "in png_handle_iTXt");
+#ifdef PNG_USER_LIMITS_SUPPORTED
+ if (png_ptr->user_chunk_cache_max != 0)
+ {
+ if (png_ptr->user_chunk_cache_max == 1)
+ {
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ if (--png_ptr->user_chunk_cache_max == 1)
+ {
+ png_warning(png_ptr, "No space in chunk cache for iTXt");
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ }
+#endif
if (!(png_ptr->mode & PNG_HAVE_IHDR))
png_error(png_ptr, "Missing IHDR before iTXt");
@@ -2239,6 +2335,22 @@ png_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_debug(1, "in png_handle_unknown");
+#ifdef PNG_USER_LIMITS_SUPPORTED
+ if (png_ptr->user_chunk_cache_max != 0)
+ {
+ if (png_ptr->user_chunk_cache_max == 1)
+ {
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ if (--png_ptr->user_chunk_cache_max == 1)
+ {
+ png_warning(png_ptr, "No space in chunk cache for unknown chunk");
+ png_crc_finish(png_ptr, length);
+ return;
+ }
+ }
+#endif
if (png_ptr->mode & PNG_HAVE_IDAT)
{
@@ -2251,10 +2363,10 @@ png_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
if (!(png_ptr->chunk_name[0] & 0x20))
{
-#if defined(PNG_READ_UNKNOWN_CHUNKS_SUPPORTED)
+#ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
if (png_handle_as_unknown(png_ptr, png_ptr->chunk_name) !=
PNG_HANDLE_CHUNK_ALWAYS
-#if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
+#ifdef PNG_READ_USER_CHUNKS_SUPPORTED
&& png_ptr->read_user_chunk_fn == NULL
#endif
)
@@ -2262,9 +2374,12 @@ png_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_chunk_error(png_ptr, "unknown critical chunk");
}
-#if defined(PNG_READ_UNKNOWN_CHUNKS_SUPPORTED)
- if ((png_ptr->flags & PNG_FLAG_KEEP_UNKNOWN_CHUNKS) ||
- (png_ptr->read_user_chunk_fn != NULL))
+#ifdef PNG_READ_UNKNOWN_CHUNKS_SUPPORTED
+ if ((png_ptr->flags & PNG_FLAG_KEEP_UNKNOWN_CHUNKS)
+#ifdef PNG_READ_USER_CHUNKS_SUPPORTED
+ || (png_ptr->read_user_chunk_fn != NULL)
+#endif
+ )
{
#ifdef PNG_MAX_MALLOC_64K
if (length > (png_uint_32)65535L)
@@ -2275,9 +2390,10 @@ png_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
}
#endif
png_memcpy((png_charp)png_ptr->unknown_chunk.name,
- (png_charp)png_ptr->chunk_name,
+ (png_charp)png_ptr->chunk_name,
png_sizeof(png_ptr->unknown_chunk.name));
- png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name)-1] = '\0';
+ png_ptr->unknown_chunk.name[png_sizeof(png_ptr->unknown_chunk.name)-1]
+ = '\0';
png_ptr->unknown_chunk.size = (png_size_t)length;
if (length == 0)
png_ptr->unknown_chunk.data = NULL;
@@ -2286,7 +2402,7 @@ png_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr, length);
png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data, length);
}
-#if defined(PNG_READ_USER_CHUNKS_SUPPORTED)
+#ifdef PNG_READ_USER_CHUNKS_SUPPORTED
if (png_ptr->read_user_chunk_fn != NULL)
{
/* Callback to user unknown chunk handler */
@@ -2298,8 +2414,10 @@ png_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
if (ret == 0)
{
if (!(png_ptr->chunk_name[0] & 0x20))
+#ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
if (png_handle_as_unknown(png_ptr, png_ptr->chunk_name) !=
PNG_HANDLE_CHUNK_ALWAYS)
+#endif
png_chunk_error(png_ptr, "unknown critical chunk");
png_set_unknown_chunks(png_ptr, info_ptr,
&png_ptr->unknown_chunk, 1);
@@ -2317,7 +2435,7 @@ png_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32 length)
png_crc_finish(png_ptr, skip);
-#if !defined(PNG_READ_USER_CHUNKS_SUPPORTED)
+#ifndef PNG_READ_USER_CHUNKS_SUPPORTED
info_ptr = info_ptr; /* Quiet compiler warnings about unused info_ptr */
#endif
}
@@ -2375,7 +2493,7 @@ png_combine_row(png_structp png_ptr, png_bytep row, int mask)
png_uint_32 i;
png_uint_32 row_width = png_ptr->width;
-#if defined(PNG_READ_PACKSWAP_SUPPORTED)
+#ifdef PNG_READ_PACKSWAP_SUPPORTED
if (png_ptr->transformations & PNG_PACKSWAP)
{
s_start = 0;
@@ -2430,7 +2548,7 @@ png_combine_row(png_structp png_ptr, png_bytep row, int mask)
png_uint_32 row_width = png_ptr->width;
int value;
-#if defined(PNG_READ_PACKSWAP_SUPPORTED)
+#ifdef PNG_READ_PACKSWAP_SUPPORTED
if (png_ptr->transformations & PNG_PACKSWAP)
{
s_start = 0;
@@ -2482,7 +2600,7 @@ png_combine_row(png_structp png_ptr, png_bytep row, int mask)
png_uint_32 row_width = png_ptr->width;
int value;
-#if defined(PNG_READ_PACKSWAP_SUPPORTED)
+#ifdef PNG_READ_PACKSWAP_SUPPORTED
if (png_ptr->transformations & PNG_PACKSWAP)
{
s_start = 0;
@@ -2565,11 +2683,9 @@ png_do_read_interlace(png_structp png_ptr)
png_bytep row = png_ptr->row_buf + 1;
int pass = png_ptr->pass;
png_uint_32 transformations = png_ptr->transformations;
-#ifdef PNG_USE_LOCAL_ARRAYS
/* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
/* Offset to next interlace block */
PNG_CONST int png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
-#endif
png_debug(1, "in png_do_read_interlace");
if (row != NULL && row_info != NULL)
@@ -2591,7 +2707,7 @@ png_do_read_interlace(png_structp png_ptr)
png_uint_32 i;
int j;
-#if defined(PNG_READ_PACKSWAP_SUPPORTED)
+#ifdef PNG_READ_PACKSWAP_SUPPORTED
if (transformations & PNG_PACKSWAP)
{
sshift = (int)((row_info->width + 7) & 0x07);
@@ -2644,7 +2760,7 @@ png_do_read_interlace(png_structp png_ptr)
int jstop = png_pass_inc[pass];
png_uint_32 i;
-#if defined(PNG_READ_PACKSWAP_SUPPORTED)
+#ifdef PNG_READ_PACKSWAP_SUPPORTED
if (transformations & PNG_PACKSWAP)
{
sshift = (int)(((row_info->width + 3) & 0x03) << 1);
@@ -2700,7 +2816,7 @@ png_do_read_interlace(png_structp png_ptr)
png_uint_32 i;
int jstop = png_pass_inc[pass];
-#if defined(PNG_READ_PACKSWAP_SUPPORTED)
+#ifdef PNG_READ_PACKSWAP_SUPPORTED
if (transformations & PNG_PACKSWAP)
{
sshift = (int)(((row_info->width + 1) & 0x01) << 2);
@@ -2749,7 +2865,8 @@ png_do_read_interlace(png_structp png_ptr)
default:
{
png_size_t pixel_bytes = (row_info->pixel_depth >> 3);
- png_bytep sp = row + (png_size_t)(row_info->width - 1) * pixel_bytes;
+ png_bytep sp = row + (png_size_t)(row_info->width - 1)
+ * pixel_bytes;
png_bytep dp = row + (png_size_t)(final_width - 1) * pixel_bytes;
int jstop = png_pass_inc[pass];
@@ -2774,7 +2891,7 @@ png_do_read_interlace(png_structp png_ptr)
row_info->width = final_width;
row_info->rowbytes = PNG_ROWBYTES(row_info->pixel_depth, final_width);
}
-#if !defined(PNG_READ_PACKSWAP_SUPPORTED)
+#ifndef PNG_READ_PACKSWAP_SUPPORTED
transformations = transformations; /* Silence compiler warning */
#endif
}
@@ -2903,11 +3020,10 @@ png_read_filter_row(png_structp png_ptr, png_row_infop row_info, png_bytep row,
}
}
-#ifndef PNG_NO_SEQUENTIAL_READ_SUPPORTED
+#ifdef PNG_SEQUENTIAL_READ_SUPPORTED
void /* PRIVATE */
png_read_finish_row(png_structp png_ptr)
{
-#ifdef PNG_USE_LOCAL_ARRAYS
#ifdef PNG_READ_INTERLACING_SUPPORTED
/* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
@@ -2923,7 +3039,6 @@ png_read_finish_row(png_structp png_ptr)
/* Offset to next interlace block in the y direction */
PNG_CONST int png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
#endif /* PNG_READ_INTERLACING_SUPPORTED */
-#endif
png_debug(1, "in png_read_finish_row");
png_ptr->row_number++;
@@ -2946,9 +3061,6 @@ png_read_finish_row(png_structp png_ptr)
png_pass_start[png_ptr->pass]) /
png_pass_inc[png_ptr->pass];
- png_ptr->irowbytes = PNG_ROWBYTES(png_ptr->pixel_depth,
- png_ptr->iwidth) + 1;
-
if (!(png_ptr->transformations & PNG_INTERLACE))
{
png_ptr->num_rows = (png_ptr->height +
@@ -3007,7 +3119,7 @@ png_read_finish_row(png_structp png_ptr)
{
if (!(png_ptr->zstream.avail_out) || png_ptr->zstream.avail_in ||
png_ptr->idat_size)
- png_warning(png_ptr, "Extra compressed data");
+ png_warning(png_ptr, "Extra compressed data.");
png_ptr->mode |= PNG_AFTER_IDAT;
png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED;
break;
@@ -3029,18 +3141,17 @@ png_read_finish_row(png_structp png_ptr)
}
if (png_ptr->idat_size || png_ptr->zstream.avail_in)
- png_warning(png_ptr, "Extra compression data");
+ png_warning(png_ptr, "Extra compression data.");
inflateReset(&png_ptr->zstream);
png_ptr->mode |= PNG_AFTER_IDAT;
}
-#endif /* PNG_NO_SEQUENTIAL_READ_SUPPORTED */
+#endif /* PNG_SEQUENTIAL_READ_SUPPORTED */
void /* PRIVATE */
png_read_start_row(png_structp png_ptr)
{
-#ifdef PNG_USE_LOCAL_ARRAYS
#ifdef PNG_READ_INTERLACING_SUPPORTED
/* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
@@ -3056,7 +3167,6 @@ png_read_start_row(png_structp png_ptr)
/* Offset to next interlace block in the y direction */
PNG_CONST int png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
#endif
-#endif
int max_pixel_depth;
png_size_t row_bytes;
@@ -3077,25 +3187,21 @@ png_read_start_row(png_structp png_ptr)
png_pass_inc[png_ptr->pass] - 1 -
png_pass_start[png_ptr->pass]) /
png_pass_inc[png_ptr->pass];
-
- png_ptr->irowbytes =
- PNG_ROWBYTES(png_ptr->pixel_depth, png_ptr->iwidth) + 1;
}
else
#endif /* PNG_READ_INTERLACING_SUPPORTED */
{
png_ptr->num_rows = png_ptr->height;
png_ptr->iwidth = png_ptr->width;
- png_ptr->irowbytes = png_ptr->rowbytes + 1;
}
max_pixel_depth = png_ptr->pixel_depth;
-#if defined(PNG_READ_PACK_SUPPORTED)
+#ifdef PNG_READ_PACK_SUPPORTED
if ((png_ptr->transformations & PNG_PACK) && png_ptr->bit_depth < 8)
max_pixel_depth = 8;
#endif
-#if defined(PNG_READ_EXPAND_SUPPORTED)
+#ifdef PNG_READ_EXPAND_SUPPORTED
if (png_ptr->transformations & PNG_EXPAND)
{
if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
@@ -3123,7 +3229,7 @@ png_read_start_row(png_structp png_ptr)
}
#endif
-#if defined(PNG_READ_FILLER_SUPPORTED)
+#ifdef PNG_READ_FILLER_SUPPORTED
if (png_ptr->transformations & (PNG_FILLER))
{
if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
@@ -3145,14 +3251,14 @@ png_read_start_row(png_structp png_ptr)
}
#endif
-#if defined(PNG_READ_GRAY_TO_RGB_SUPPORTED)
+#ifdef PNG_READ_GRAY_TO_RGB_SUPPORTED
if (png_ptr->transformations & PNG_GRAY_TO_RGB)
{
if (
-#if defined(PNG_READ_EXPAND_SUPPORTED)
+#ifdef PNG_READ_EXPAND_SUPPORTED
(png_ptr->num_trans && (png_ptr->transformations & PNG_EXPAND)) ||
#endif
-#if defined(PNG_READ_FILLER_SUPPORTED)
+#ifdef PNG_READ_FILLER_SUPPORTED
(png_ptr->transformations & (PNG_FILLER)) ||
#endif
png_ptr->color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
@@ -3207,9 +3313,15 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED)
if (row_bytes + 64 > png_ptr->old_big_row_buf_size)
{
png_free(png_ptr, png_ptr->big_row_buf);
- png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes + 64);
if (png_ptr->interlaced)
- png_memset(png_ptr->big_row_buf, 0, row_bytes + 64);
+ png_ptr->big_row_buf = (png_bytep)png_calloc(png_ptr,
+ row_bytes + 64);
+ else
+ png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr,
+ row_bytes + 64);
+ png_ptr->old_big_row_buf_size = row_bytes + 64;
+
+ /* Use 32 bytes of padding before and after row_buf. */
png_ptr->row_buf = png_ptr->big_row_buf + 32;
png_ptr->old_big_row_buf_size = row_bytes + 64;
}
@@ -3237,7 +3349,8 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED)
png_debug1(3, "iwidth = %lu,", png_ptr->iwidth);
png_debug1(3, "num_rows = %lu,", png_ptr->num_rows);
png_debug1(3, "rowbytes = %lu,", png_ptr->rowbytes);
- png_debug1(3, "irowbytes = %lu", png_ptr->irowbytes);
+ png_debug1(3, "irowbytes = %lu",
+ PNG_ROWBYTES(png_ptr->pixel_depth, png_ptr->iwidth) + 1);
png_ptr->flags |= PNG_FLAG_ROW_INIT;
}