pngpread.c 31 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096
  1. /* pngpread.c - read a png file in push mode
  2. *
  3. * Copyright (c) 2018 Cosmin Truta
  4. * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
  5. * Copyright (c) 1996-1997 Andreas Dilger
  6. * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
  7. *
  8. * This code is released under the libpng license.
  9. * For conditions of distribution and use, see the disclaimer
  10. * and license in png.h
  11. */
  12. #include "pngpriv.h"
  13. #ifdef PNG_PROGRESSIVE_READ_SUPPORTED
  14. /* Push model modes */
  15. #define PNG_READ_SIG_MODE 0
  16. #define PNG_READ_CHUNK_MODE 1
  17. #define PNG_READ_IDAT_MODE 2
  18. #define PNG_READ_tEXt_MODE 4
  19. #define PNG_READ_zTXt_MODE 5
  20. #define PNG_READ_DONE_MODE 6
  21. #define PNG_READ_iTXt_MODE 7
  22. #define PNG_ERROR_MODE 8
  23. #define PNG_PUSH_SAVE_BUFFER_IF_FULL \
  24. if (png_ptr->push_length + 4 > png_ptr->buffer_size) \
  25. { png_push_save_buffer(png_ptr); return; }
  26. #define PNG_PUSH_SAVE_BUFFER_IF_LT(N) \
  27. if (png_ptr->buffer_size < N) \
  28. { png_push_save_buffer(png_ptr); return; }
  29. void PNGAPI
  30. png_process_data(png_structrp png_ptr, png_inforp info_ptr,
  31. png_bytep buffer, size_t buffer_size)
  32. {
  33. if (png_ptr == NULL || info_ptr == NULL)
  34. return;
  35. png_push_restore_buffer(png_ptr, buffer, buffer_size);
  36. while (png_ptr->buffer_size)
  37. {
  38. png_process_some_data(png_ptr, info_ptr);
  39. }
  40. }
  41. size_t PNGAPI
  42. png_process_data_pause(png_structrp png_ptr, int save)
  43. {
  44. if (png_ptr != NULL)
  45. {
  46. /* It's easiest for the caller if we do the save; then the caller doesn't
  47. * have to supply the same data again:
  48. */
  49. if (save != 0)
  50. png_push_save_buffer(png_ptr);
  51. else
  52. {
  53. /* This includes any pending saved bytes: */
  54. size_t remaining = png_ptr->buffer_size;
  55. png_ptr->buffer_size = 0;
  56. /* So subtract the saved buffer size, unless all the data
  57. * is actually 'saved', in which case we just return 0
  58. */
  59. if (png_ptr->save_buffer_size < remaining)
  60. return remaining - png_ptr->save_buffer_size;
  61. }
  62. }
  63. return 0;
  64. }
  65. png_uint_32 PNGAPI
  66. png_process_data_skip(png_structrp png_ptr)
  67. {
  68. /* TODO: Deprecate and remove this API.
  69. * Somewhere the implementation of this seems to have been lost,
  70. * or abandoned. It was only to support some internal back-door access
  71. * to png_struct) in libpng-1.4.x.
  72. */
  73. png_app_warning(png_ptr,
  74. "png_process_data_skip is not implemented in any current version of libpng");
  75. return 0;
  76. }
  77. /* What we do with the incoming data depends on what we were previously
  78. * doing before we ran out of data...
  79. */
  80. void /* PRIVATE */
  81. png_process_some_data(png_structrp png_ptr, png_inforp info_ptr)
  82. {
  83. if (png_ptr == NULL)
  84. return;
  85. switch (png_ptr->process_mode)
  86. {
  87. case PNG_READ_SIG_MODE:
  88. {
  89. png_push_read_sig(png_ptr, info_ptr);
  90. break;
  91. }
  92. case PNG_READ_CHUNK_MODE:
  93. {
  94. png_push_read_chunk(png_ptr, info_ptr);
  95. break;
  96. }
  97. case PNG_READ_IDAT_MODE:
  98. {
  99. png_push_read_IDAT(png_ptr);
  100. break;
  101. }
  102. default:
  103. {
  104. png_ptr->buffer_size = 0;
  105. break;
  106. }
  107. }
  108. }
  109. /* Read any remaining signature bytes from the stream and compare them with
  110. * the correct PNG signature. It is possible that this routine is called
  111. * with bytes already read from the signature, either because they have been
  112. * checked by the calling application, or because of multiple calls to this
  113. * routine.
  114. */
  115. void /* PRIVATE */
  116. png_push_read_sig(png_structrp png_ptr, png_inforp info_ptr)
  117. {
  118. size_t num_checked = png_ptr->sig_bytes; /* SAFE, does not exceed 8 */
  119. size_t num_to_check = 8 - num_checked;
  120. if (png_ptr->buffer_size < num_to_check)
  121. {
  122. num_to_check = png_ptr->buffer_size;
  123. }
  124. png_push_fill_buffer(png_ptr, &(info_ptr->signature[num_checked]),
  125. num_to_check);
  126. png_ptr->sig_bytes = (png_byte)(png_ptr->sig_bytes + num_to_check);
  127. if (png_sig_cmp(info_ptr->signature, num_checked, num_to_check))
  128. {
  129. if (num_checked < 4 &&
  130. png_sig_cmp(info_ptr->signature, num_checked, num_to_check - 4))
  131. png_error(png_ptr, "Not a PNG file");
  132. else
  133. png_error(png_ptr, "PNG file corrupted by ASCII conversion");
  134. }
  135. else
  136. {
  137. if (png_ptr->sig_bytes >= 8)
  138. {
  139. png_ptr->process_mode = PNG_READ_CHUNK_MODE;
  140. }
  141. }
  142. }
  143. void /* PRIVATE */
  144. png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
  145. {
  146. png_uint_32 chunk_name;
  147. #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
  148. int keep; /* unknown handling method */
  149. #endif
  150. /* First we make sure we have enough data for the 4-byte chunk name
  151. * and the 4-byte chunk length before proceeding with decoding the
  152. * chunk data. To fully decode each of these chunks, we also make
  153. * sure we have enough data in the buffer for the 4-byte CRC at the
  154. * end of every chunk (except IDAT, which is handled separately).
  155. */
  156. if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0)
  157. {
  158. png_byte chunk_length[4];
  159. png_byte chunk_tag[4];
  160. PNG_PUSH_SAVE_BUFFER_IF_LT(8)
  161. png_push_fill_buffer(png_ptr, chunk_length, 4);
  162. png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
  163. png_reset_crc(png_ptr);
  164. png_crc_read(png_ptr, chunk_tag, 4);
  165. png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
  166. png_check_chunk_name(png_ptr, png_ptr->chunk_name);
  167. png_check_chunk_length(png_ptr, png_ptr->push_length);
  168. png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
  169. }
  170. chunk_name = png_ptr->chunk_name;
  171. if (chunk_name == png_IDAT)
  172. {
  173. if ((png_ptr->mode & PNG_AFTER_IDAT) != 0)
  174. png_ptr->mode |= PNG_HAVE_CHUNK_AFTER_IDAT;
  175. /* If we reach an IDAT chunk, this means we have read all of the
  176. * header chunks, and we can start reading the image (or if this
  177. * is called after the image has been read - we have an error).
  178. */
  179. if ((png_ptr->mode & PNG_HAVE_IHDR) == 0)
  180. png_error(png_ptr, "Missing IHDR before IDAT");
  181. else if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE &&
  182. (png_ptr->mode & PNG_HAVE_PLTE) == 0)
  183. png_error(png_ptr, "Missing PLTE before IDAT");
  184. png_ptr->process_mode = PNG_READ_IDAT_MODE;
  185. if ((png_ptr->mode & PNG_HAVE_IDAT) != 0)
  186. if ((png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT) == 0)
  187. if (png_ptr->push_length == 0)
  188. return;
  189. png_ptr->mode |= PNG_HAVE_IDAT;
  190. if ((png_ptr->mode & PNG_AFTER_IDAT) != 0)
  191. png_benign_error(png_ptr, "Too many IDATs found");
  192. }
  193. if (chunk_name == png_IHDR)
  194. {
  195. if (png_ptr->push_length != 13)
  196. png_error(png_ptr, "Invalid IHDR length");
  197. PNG_PUSH_SAVE_BUFFER_IF_FULL
  198. png_handle_IHDR(png_ptr, info_ptr, png_ptr->push_length);
  199. }
  200. else if (chunk_name == png_IEND)
  201. {
  202. PNG_PUSH_SAVE_BUFFER_IF_FULL
  203. png_handle_IEND(png_ptr, info_ptr, png_ptr->push_length);
  204. png_ptr->process_mode = PNG_READ_DONE_MODE;
  205. png_push_have_end(png_ptr, info_ptr);
  206. }
  207. #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
  208. else if ((keep = png_chunk_unknown_handling(png_ptr, chunk_name)) != 0)
  209. {
  210. PNG_PUSH_SAVE_BUFFER_IF_FULL
  211. png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length, keep);
  212. if (chunk_name == png_PLTE)
  213. png_ptr->mode |= PNG_HAVE_PLTE;
  214. }
  215. #endif
  216. else if (chunk_name == png_PLTE)
  217. {
  218. PNG_PUSH_SAVE_BUFFER_IF_FULL
  219. png_handle_PLTE(png_ptr, info_ptr, png_ptr->push_length);
  220. }
  221. else if (chunk_name == png_IDAT)
  222. {
  223. png_ptr->idat_size = png_ptr->push_length;
  224. png_ptr->process_mode = PNG_READ_IDAT_MODE;
  225. png_push_have_info(png_ptr, info_ptr);
  226. png_ptr->zstream.avail_out =
  227. (uInt) PNG_ROWBYTES(png_ptr->pixel_depth,
  228. png_ptr->iwidth) + 1;
  229. png_ptr->zstream.next_out = png_ptr->row_buf;
  230. return;
  231. }
  232. #ifdef PNG_READ_gAMA_SUPPORTED
  233. else if (png_ptr->chunk_name == png_gAMA)
  234. {
  235. PNG_PUSH_SAVE_BUFFER_IF_FULL
  236. png_handle_gAMA(png_ptr, info_ptr, png_ptr->push_length);
  237. }
  238. #endif
  239. #ifdef PNG_READ_sBIT_SUPPORTED
  240. else if (png_ptr->chunk_name == png_sBIT)
  241. {
  242. PNG_PUSH_SAVE_BUFFER_IF_FULL
  243. png_handle_sBIT(png_ptr, info_ptr, png_ptr->push_length);
  244. }
  245. #endif
  246. #ifdef PNG_READ_cHRM_SUPPORTED
  247. else if (png_ptr->chunk_name == png_cHRM)
  248. {
  249. PNG_PUSH_SAVE_BUFFER_IF_FULL
  250. png_handle_cHRM(png_ptr, info_ptr, png_ptr->push_length);
  251. }
  252. #endif
  253. #ifdef PNG_READ_sRGB_SUPPORTED
  254. else if (chunk_name == png_sRGB)
  255. {
  256. PNG_PUSH_SAVE_BUFFER_IF_FULL
  257. png_handle_sRGB(png_ptr, info_ptr, png_ptr->push_length);
  258. }
  259. #endif
  260. #ifdef PNG_READ_iCCP_SUPPORTED
  261. else if (png_ptr->chunk_name == png_iCCP)
  262. {
  263. PNG_PUSH_SAVE_BUFFER_IF_FULL
  264. png_handle_iCCP(png_ptr, info_ptr, png_ptr->push_length);
  265. }
  266. #endif
  267. #ifdef PNG_READ_sPLT_SUPPORTED
  268. else if (chunk_name == png_sPLT)
  269. {
  270. PNG_PUSH_SAVE_BUFFER_IF_FULL
  271. png_handle_sPLT(png_ptr, info_ptr, png_ptr->push_length);
  272. }
  273. #endif
  274. #ifdef PNG_READ_tRNS_SUPPORTED
  275. else if (chunk_name == png_tRNS)
  276. {
  277. PNG_PUSH_SAVE_BUFFER_IF_FULL
  278. png_handle_tRNS(png_ptr, info_ptr, png_ptr->push_length);
  279. }
  280. #endif
  281. #ifdef PNG_READ_bKGD_SUPPORTED
  282. else if (chunk_name == png_bKGD)
  283. {
  284. PNG_PUSH_SAVE_BUFFER_IF_FULL
  285. png_handle_bKGD(png_ptr, info_ptr, png_ptr->push_length);
  286. }
  287. #endif
  288. #ifdef PNG_READ_hIST_SUPPORTED
  289. else if (chunk_name == png_hIST)
  290. {
  291. PNG_PUSH_SAVE_BUFFER_IF_FULL
  292. png_handle_hIST(png_ptr, info_ptr, png_ptr->push_length);
  293. }
  294. #endif
  295. #ifdef PNG_READ_pHYs_SUPPORTED
  296. else if (chunk_name == png_pHYs)
  297. {
  298. PNG_PUSH_SAVE_BUFFER_IF_FULL
  299. png_handle_pHYs(png_ptr, info_ptr, png_ptr->push_length);
  300. }
  301. #endif
  302. #ifdef PNG_READ_oFFs_SUPPORTED
  303. else if (chunk_name == png_oFFs)
  304. {
  305. PNG_PUSH_SAVE_BUFFER_IF_FULL
  306. png_handle_oFFs(png_ptr, info_ptr, png_ptr->push_length);
  307. }
  308. #endif
  309. #ifdef PNG_READ_pCAL_SUPPORTED
  310. else if (chunk_name == png_pCAL)
  311. {
  312. PNG_PUSH_SAVE_BUFFER_IF_FULL
  313. png_handle_pCAL(png_ptr, info_ptr, png_ptr->push_length);
  314. }
  315. #endif
  316. #ifdef PNG_READ_sCAL_SUPPORTED
  317. else if (chunk_name == png_sCAL)
  318. {
  319. PNG_PUSH_SAVE_BUFFER_IF_FULL
  320. png_handle_sCAL(png_ptr, info_ptr, png_ptr->push_length);
  321. }
  322. #endif
  323. #ifdef PNG_READ_tIME_SUPPORTED
  324. else if (chunk_name == png_tIME)
  325. {
  326. PNG_PUSH_SAVE_BUFFER_IF_FULL
  327. png_handle_tIME(png_ptr, info_ptr, png_ptr->push_length);
  328. }
  329. #endif
  330. #ifdef PNG_READ_tEXt_SUPPORTED
  331. else if (chunk_name == png_tEXt)
  332. {
  333. PNG_PUSH_SAVE_BUFFER_IF_FULL
  334. png_handle_tEXt(png_ptr, info_ptr, png_ptr->push_length);
  335. }
  336. #endif
  337. #ifdef PNG_READ_zTXt_SUPPORTED
  338. else if (chunk_name == png_zTXt)
  339. {
  340. PNG_PUSH_SAVE_BUFFER_IF_FULL
  341. png_handle_zTXt(png_ptr, info_ptr, png_ptr->push_length);
  342. }
  343. #endif
  344. #ifdef PNG_READ_iTXt_SUPPORTED
  345. else if (chunk_name == png_iTXt)
  346. {
  347. PNG_PUSH_SAVE_BUFFER_IF_FULL
  348. png_handle_iTXt(png_ptr, info_ptr, png_ptr->push_length);
  349. }
  350. #endif
  351. else
  352. {
  353. PNG_PUSH_SAVE_BUFFER_IF_FULL
  354. png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length,
  355. PNG_HANDLE_CHUNK_AS_DEFAULT);
  356. }
  357. png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
  358. }
  359. void PNGCBAPI
  360. png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, size_t length)
  361. {
  362. png_bytep ptr;
  363. if (png_ptr == NULL)
  364. return;
  365. ptr = buffer;
  366. if (png_ptr->save_buffer_size != 0)
  367. {
  368. size_t save_size;
  369. if (length < png_ptr->save_buffer_size)
  370. save_size = length;
  371. else
  372. save_size = png_ptr->save_buffer_size;
  373. memcpy(ptr, png_ptr->save_buffer_ptr, save_size);
  374. length -= save_size;
  375. ptr += save_size;
  376. png_ptr->buffer_size -= save_size;
  377. png_ptr->save_buffer_size -= save_size;
  378. png_ptr->save_buffer_ptr += save_size;
  379. }
  380. if (length != 0 && png_ptr->current_buffer_size != 0)
  381. {
  382. size_t save_size;
  383. if (length < png_ptr->current_buffer_size)
  384. save_size = length;
  385. else
  386. save_size = png_ptr->current_buffer_size;
  387. memcpy(ptr, png_ptr->current_buffer_ptr, save_size);
  388. png_ptr->buffer_size -= save_size;
  389. png_ptr->current_buffer_size -= save_size;
  390. png_ptr->current_buffer_ptr += save_size;
  391. }
  392. }
  393. void /* PRIVATE */
  394. png_push_save_buffer(png_structrp png_ptr)
  395. {
  396. if (png_ptr->save_buffer_size != 0)
  397. {
  398. if (png_ptr->save_buffer_ptr != png_ptr->save_buffer)
  399. {
  400. size_t i, istop;
  401. png_bytep sp;
  402. png_bytep dp;
  403. istop = png_ptr->save_buffer_size;
  404. for (i = 0, sp = png_ptr->save_buffer_ptr, dp = png_ptr->save_buffer;
  405. i < istop; i++, sp++, dp++)
  406. {
  407. *dp = *sp;
  408. }
  409. }
  410. }
  411. if (png_ptr->save_buffer_size + png_ptr->current_buffer_size >
  412. png_ptr->save_buffer_max)
  413. {
  414. size_t new_max;
  415. png_bytep old_buffer;
  416. if (png_ptr->save_buffer_size > PNG_SIZE_MAX -
  417. (png_ptr->current_buffer_size + 256))
  418. {
  419. png_error(png_ptr, "Potential overflow of save_buffer");
  420. }
  421. new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
  422. old_buffer = png_ptr->save_buffer;
  423. png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
  424. (size_t)new_max);
  425. if (png_ptr->save_buffer == NULL)
  426. {
  427. png_free(png_ptr, old_buffer);
  428. png_error(png_ptr, "Insufficient memory for save_buffer");
  429. }
  430. if (old_buffer)
  431. memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
  432. else if (png_ptr->save_buffer_size)
  433. png_error(png_ptr, "save_buffer error");
  434. png_free(png_ptr, old_buffer);
  435. png_ptr->save_buffer_max = new_max;
  436. }
  437. if (png_ptr->current_buffer_size)
  438. {
  439. memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size,
  440. png_ptr->current_buffer_ptr, png_ptr->current_buffer_size);
  441. png_ptr->save_buffer_size += png_ptr->current_buffer_size;
  442. png_ptr->current_buffer_size = 0;
  443. }
  444. png_ptr->save_buffer_ptr = png_ptr->save_buffer;
  445. png_ptr->buffer_size = 0;
  446. }
  447. void /* PRIVATE */
  448. png_push_restore_buffer(png_structrp png_ptr, png_bytep buffer,
  449. size_t buffer_length)
  450. {
  451. png_ptr->current_buffer = buffer;
  452. png_ptr->current_buffer_size = buffer_length;
  453. png_ptr->buffer_size = buffer_length + png_ptr->save_buffer_size;
  454. png_ptr->current_buffer_ptr = png_ptr->current_buffer;
  455. }
  456. void /* PRIVATE */
  457. png_push_read_IDAT(png_structrp png_ptr)
  458. {
  459. if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0)
  460. {
  461. png_byte chunk_length[4];
  462. png_byte chunk_tag[4];
  463. /* TODO: this code can be commoned up with the same code in push_read */
  464. PNG_PUSH_SAVE_BUFFER_IF_LT(8)
  465. png_push_fill_buffer(png_ptr, chunk_length, 4);
  466. png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
  467. png_reset_crc(png_ptr);
  468. png_crc_read(png_ptr, chunk_tag, 4);
  469. png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
  470. png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
  471. if (png_ptr->chunk_name != png_IDAT)
  472. {
  473. png_ptr->process_mode = PNG_READ_CHUNK_MODE;
  474. if ((png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0)
  475. png_error(png_ptr, "Not enough compressed data");
  476. return;
  477. }
  478. png_ptr->idat_size = png_ptr->push_length;
  479. }
  480. if (png_ptr->idat_size != 0 && png_ptr->save_buffer_size != 0)
  481. {
  482. size_t save_size = png_ptr->save_buffer_size;
  483. png_uint_32 idat_size = png_ptr->idat_size;
  484. /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
  485. * are of different types and we don't know which variable has the fewest
  486. * bits. Carefully select the smaller and cast it to the type of the
  487. * larger - this cannot overflow. Do not cast in the following test - it
  488. * will break on either 16-bit or 64-bit platforms.
  489. */
  490. if (idat_size < save_size)
  491. save_size = (size_t)idat_size;
  492. else
  493. idat_size = (png_uint_32)save_size;
  494. png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size);
  495. png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size);
  496. png_ptr->idat_size -= idat_size;
  497. png_ptr->buffer_size -= save_size;
  498. png_ptr->save_buffer_size -= save_size;
  499. png_ptr->save_buffer_ptr += save_size;
  500. }
  501. if (png_ptr->idat_size != 0 && png_ptr->current_buffer_size != 0)
  502. {
  503. size_t save_size = png_ptr->current_buffer_size;
  504. png_uint_32 idat_size = png_ptr->idat_size;
  505. /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
  506. * are of different types and we don't know which variable has the fewest
  507. * bits. Carefully select the smaller and cast it to the type of the
  508. * larger - this cannot overflow.
  509. */
  510. if (idat_size < save_size)
  511. save_size = (size_t)idat_size;
  512. else
  513. idat_size = (png_uint_32)save_size;
  514. png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size);
  515. png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size);
  516. png_ptr->idat_size -= idat_size;
  517. png_ptr->buffer_size -= save_size;
  518. png_ptr->current_buffer_size -= save_size;
  519. png_ptr->current_buffer_ptr += save_size;
  520. }
  521. if (png_ptr->idat_size == 0)
  522. {
  523. PNG_PUSH_SAVE_BUFFER_IF_LT(4)
  524. png_crc_finish(png_ptr, 0);
  525. png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
  526. png_ptr->mode |= PNG_AFTER_IDAT;
  527. png_ptr->zowner = 0;
  528. }
  529. }
  530. void /* PRIVATE */
  531. png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer,
  532. size_t buffer_length)
  533. {
  534. /* The caller checks for a non-zero buffer length. */
  535. if (!(buffer_length > 0) || buffer == NULL)
  536. png_error(png_ptr, "No IDAT data (internal error)");
  537. /* This routine must process all the data it has been given
  538. * before returning, calling the row callback as required to
  539. * handle the uncompressed results.
  540. */
  541. png_ptr->zstream.next_in = buffer;
  542. /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
  543. png_ptr->zstream.avail_in = (uInt)buffer_length;
  544. /* Keep going until the decompressed data is all processed
  545. * or the stream marked as finished.
  546. */
  547. while (png_ptr->zstream.avail_in > 0 &&
  548. (png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0)
  549. {
  550. int ret;
  551. /* We have data for zlib, but we must check that zlib
  552. * has someplace to put the results. It doesn't matter
  553. * if we don't expect any results -- it may be the input
  554. * data is just the LZ end code.
  555. */
  556. if (!(png_ptr->zstream.avail_out > 0))
  557. {
  558. /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
  559. png_ptr->zstream.avail_out = (uInt)(PNG_ROWBYTES(png_ptr->pixel_depth,
  560. png_ptr->iwidth) + 1);
  561. png_ptr->zstream.next_out = png_ptr->row_buf;
  562. }
  563. /* Using Z_SYNC_FLUSH here means that an unterminated
  564. * LZ stream (a stream with a missing end code) can still
  565. * be handled, otherwise (Z_NO_FLUSH) a future zlib
  566. * implementation might defer output and therefore
  567. * change the current behavior (see comments in inflate.c
  568. * for why this doesn't happen at present with zlib 1.2.5).
  569. */
  570. ret = PNG_INFLATE(png_ptr, Z_SYNC_FLUSH);
  571. /* Check for any failure before proceeding. */
  572. if (ret != Z_OK && ret != Z_STREAM_END)
  573. {
  574. /* Terminate the decompression. */
  575. png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
  576. png_ptr->zowner = 0;
  577. /* This may be a truncated stream (missing or
  578. * damaged end code). Treat that as a warning.
  579. */
  580. if (png_ptr->row_number >= png_ptr->num_rows ||
  581. png_ptr->pass > 6)
  582. png_warning(png_ptr, "Truncated compressed data in IDAT");
  583. else
  584. {
  585. if (ret == Z_DATA_ERROR)
  586. png_benign_error(png_ptr, "IDAT: ADLER32 checksum mismatch");
  587. else
  588. png_error(png_ptr, "Decompression error in IDAT");
  589. }
  590. /* Skip the check on unprocessed input */
  591. return;
  592. }
  593. /* Did inflate output any data? */
  594. if (png_ptr->zstream.next_out != png_ptr->row_buf)
  595. {
  596. /* Is this unexpected data after the last row?
  597. * If it is, artificially terminate the LZ output
  598. * here.
  599. */
  600. if (png_ptr->row_number >= png_ptr->num_rows ||
  601. png_ptr->pass > 6)
  602. {
  603. /* Extra data. */
  604. png_warning(png_ptr, "Extra compressed data in IDAT");
  605. png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
  606. png_ptr->zowner = 0;
  607. /* Do no more processing; skip the unprocessed
  608. * input check below.
  609. */
  610. return;
  611. }
  612. /* Do we have a complete row? */
  613. if (png_ptr->zstream.avail_out == 0)
  614. png_push_process_row(png_ptr);
  615. }
  616. /* And check for the end of the stream. */
  617. if (ret == Z_STREAM_END)
  618. png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
  619. }
  620. /* All the data should have been processed, if anything
  621. * is left at this point we have bytes of IDAT data
  622. * after the zlib end code.
  623. */
  624. if (png_ptr->zstream.avail_in > 0)
  625. png_warning(png_ptr, "Extra compression data in IDAT");
  626. }
  627. void /* PRIVATE */
  628. png_push_process_row(png_structrp png_ptr)
  629. {
  630. /* 1.5.6: row_info moved out of png_struct to a local here. */
  631. png_row_info row_info;
  632. row_info.width = png_ptr->iwidth; /* NOTE: width of current interlaced row */
  633. row_info.color_type = png_ptr->color_type;
  634. row_info.bit_depth = png_ptr->bit_depth;
  635. row_info.channels = png_ptr->channels;
  636. row_info.pixel_depth = png_ptr->pixel_depth;
  637. row_info.rowbytes = PNG_ROWBYTES(row_info.pixel_depth, row_info.width);
  638. if (png_ptr->row_buf[0] > PNG_FILTER_VALUE_NONE)
  639. {
  640. if (png_ptr->row_buf[0] < PNG_FILTER_VALUE_LAST)
  641. png_read_filter_row(png_ptr, &row_info, png_ptr->row_buf + 1,
  642. png_ptr->prev_row + 1, png_ptr->row_buf[0]);
  643. else
  644. png_error(png_ptr, "bad adaptive filter value");
  645. }
  646. /* libpng 1.5.6: the following line was copying png_ptr->rowbytes before
  647. * 1.5.6, while the buffer really is this big in current versions of libpng
  648. * it may not be in the future, so this was changed just to copy the
  649. * interlaced row count:
  650. */
  651. memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1);
  652. #ifdef PNG_READ_TRANSFORMS_SUPPORTED
  653. if (png_ptr->transformations != 0)
  654. png_do_read_transformations(png_ptr, &row_info);
  655. #endif
  656. /* The transformed pixel depth should match the depth now in row_info. */
  657. if (png_ptr->transformed_pixel_depth == 0)
  658. {
  659. png_ptr->transformed_pixel_depth = row_info.pixel_depth;
  660. if (row_info.pixel_depth > png_ptr->maximum_pixel_depth)
  661. png_error(png_ptr, "progressive row overflow");
  662. }
  663. else if (png_ptr->transformed_pixel_depth != row_info.pixel_depth)
  664. png_error(png_ptr, "internal progressive row size calculation error");
  665. #ifdef PNG_READ_INTERLACING_SUPPORTED
  666. /* Expand interlaced rows to full size */
  667. if (png_ptr->interlaced != 0 &&
  668. (png_ptr->transformations & PNG_INTERLACE) != 0)
  669. {
  670. if (png_ptr->pass < 6)
  671. png_do_read_interlace(&row_info, png_ptr->row_buf + 1, png_ptr->pass,
  672. png_ptr->transformations);
  673. switch (png_ptr->pass)
  674. {
  675. case 0:
  676. {
  677. int i;
  678. for (i = 0; i < 8 && png_ptr->pass == 0; i++)
  679. {
  680. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  681. png_read_push_finish_row(png_ptr); /* Updates png_ptr->pass */
  682. }
  683. if (png_ptr->pass == 2) /* Pass 1 might be empty */
  684. {
  685. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  686. {
  687. png_push_have_row(png_ptr, NULL);
  688. png_read_push_finish_row(png_ptr);
  689. }
  690. }
  691. if (png_ptr->pass == 4 && png_ptr->height <= 4)
  692. {
  693. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  694. {
  695. png_push_have_row(png_ptr, NULL);
  696. png_read_push_finish_row(png_ptr);
  697. }
  698. }
  699. if (png_ptr->pass == 6 && png_ptr->height <= 4)
  700. {
  701. png_push_have_row(png_ptr, NULL);
  702. png_read_push_finish_row(png_ptr);
  703. }
  704. break;
  705. }
  706. case 1:
  707. {
  708. int i;
  709. for (i = 0; i < 8 && png_ptr->pass == 1; i++)
  710. {
  711. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  712. png_read_push_finish_row(png_ptr);
  713. }
  714. if (png_ptr->pass == 2) /* Skip top 4 generated rows */
  715. {
  716. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  717. {
  718. png_push_have_row(png_ptr, NULL);
  719. png_read_push_finish_row(png_ptr);
  720. }
  721. }
  722. break;
  723. }
  724. case 2:
  725. {
  726. int i;
  727. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  728. {
  729. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  730. png_read_push_finish_row(png_ptr);
  731. }
  732. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  733. {
  734. png_push_have_row(png_ptr, NULL);
  735. png_read_push_finish_row(png_ptr);
  736. }
  737. if (png_ptr->pass == 4) /* Pass 3 might be empty */
  738. {
  739. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  740. {
  741. png_push_have_row(png_ptr, NULL);
  742. png_read_push_finish_row(png_ptr);
  743. }
  744. }
  745. break;
  746. }
  747. case 3:
  748. {
  749. int i;
  750. for (i = 0; i < 4 && png_ptr->pass == 3; i++)
  751. {
  752. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  753. png_read_push_finish_row(png_ptr);
  754. }
  755. if (png_ptr->pass == 4) /* Skip top two generated rows */
  756. {
  757. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  758. {
  759. png_push_have_row(png_ptr, NULL);
  760. png_read_push_finish_row(png_ptr);
  761. }
  762. }
  763. break;
  764. }
  765. case 4:
  766. {
  767. int i;
  768. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  769. {
  770. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  771. png_read_push_finish_row(png_ptr);
  772. }
  773. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  774. {
  775. png_push_have_row(png_ptr, NULL);
  776. png_read_push_finish_row(png_ptr);
  777. }
  778. if (png_ptr->pass == 6) /* Pass 5 might be empty */
  779. {
  780. png_push_have_row(png_ptr, NULL);
  781. png_read_push_finish_row(png_ptr);
  782. }
  783. break;
  784. }
  785. case 5:
  786. {
  787. int i;
  788. for (i = 0; i < 2 && png_ptr->pass == 5; i++)
  789. {
  790. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  791. png_read_push_finish_row(png_ptr);
  792. }
  793. if (png_ptr->pass == 6) /* Skip top generated row */
  794. {
  795. png_push_have_row(png_ptr, NULL);
  796. png_read_push_finish_row(png_ptr);
  797. }
  798. break;
  799. }
  800. default:
  801. case 6:
  802. {
  803. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  804. png_read_push_finish_row(png_ptr);
  805. if (png_ptr->pass != 6)
  806. break;
  807. png_push_have_row(png_ptr, NULL);
  808. png_read_push_finish_row(png_ptr);
  809. }
  810. }
  811. }
  812. else
  813. #endif
  814. {
  815. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  816. png_read_push_finish_row(png_ptr);
  817. }
  818. }
  819. void /* PRIVATE */
  820. png_read_push_finish_row(png_structrp png_ptr)
  821. {
  822. #ifdef PNG_READ_INTERLACING_SUPPORTED
  823. /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
  824. /* Start of interlace block */
  825. static const png_byte png_pass_start[] = {0, 4, 0, 2, 0, 1, 0};
  826. /* Offset to next interlace block */
  827. static const png_byte png_pass_inc[] = {8, 8, 4, 4, 2, 2, 1};
  828. /* Start of interlace block in the y direction */
  829. static const png_byte png_pass_ystart[] = {0, 0, 4, 0, 2, 0, 1};
  830. /* Offset to next interlace block in the y direction */
  831. static const png_byte png_pass_yinc[] = {8, 8, 8, 4, 4, 2, 2};
  832. /* Height of interlace block. This is not currently used - if you need
  833. * it, uncomment it here and in png.h
  834. static const png_byte png_pass_height[] = {8, 8, 4, 4, 2, 2, 1};
  835. */
  836. #endif
  837. png_ptr->row_number++;
  838. if (png_ptr->row_number < png_ptr->num_rows)
  839. return;
  840. #ifdef PNG_READ_INTERLACING_SUPPORTED
  841. if (png_ptr->interlaced != 0)
  842. {
  843. png_ptr->row_number = 0;
  844. memset(png_ptr->prev_row, 0, png_ptr->rowbytes + 1);
  845. do
  846. {
  847. png_ptr->pass++;
  848. if ((png_ptr->pass == 1 && png_ptr->width < 5) ||
  849. (png_ptr->pass == 3 && png_ptr->width < 3) ||
  850. (png_ptr->pass == 5 && png_ptr->width < 2))
  851. png_ptr->pass++;
  852. if (png_ptr->pass > 7)
  853. png_ptr->pass--;
  854. if (png_ptr->pass >= 7)
  855. break;
  856. png_ptr->iwidth = (png_ptr->width +
  857. png_pass_inc[png_ptr->pass] - 1 -
  858. png_pass_start[png_ptr->pass]) /
  859. png_pass_inc[png_ptr->pass];
  860. if ((png_ptr->transformations & PNG_INTERLACE) != 0)
  861. break;
  862. png_ptr->num_rows = (png_ptr->height +
  863. png_pass_yinc[png_ptr->pass] - 1 -
  864. png_pass_ystart[png_ptr->pass]) /
  865. png_pass_yinc[png_ptr->pass];
  866. } while (png_ptr->iwidth == 0 || png_ptr->num_rows == 0);
  867. }
  868. #endif /* READ_INTERLACING */
  869. }
  870. void /* PRIVATE */
  871. png_push_have_info(png_structrp png_ptr, png_inforp info_ptr)
  872. {
  873. if (png_ptr->info_fn != NULL)
  874. (*(png_ptr->info_fn))(png_ptr, info_ptr);
  875. }
  876. void /* PRIVATE */
  877. png_push_have_end(png_structrp png_ptr, png_inforp info_ptr)
  878. {
  879. if (png_ptr->end_fn != NULL)
  880. (*(png_ptr->end_fn))(png_ptr, info_ptr);
  881. }
  882. void /* PRIVATE */
  883. png_push_have_row(png_structrp png_ptr, png_bytep row)
  884. {
  885. if (png_ptr->row_fn != NULL)
  886. (*(png_ptr->row_fn))(png_ptr, row, png_ptr->row_number,
  887. (int)png_ptr->pass);
  888. }
  889. #ifdef PNG_READ_INTERLACING_SUPPORTED
  890. void PNGAPI
  891. png_progressive_combine_row(png_const_structrp png_ptr, png_bytep old_row,
  892. png_const_bytep new_row)
  893. {
  894. if (png_ptr == NULL)
  895. return;
  896. /* new_row is a flag here - if it is NULL then the app callback was called
  897. * from an empty row (see the calls to png_struct::row_fn below), otherwise
  898. * it must be png_ptr->row_buf+1
  899. */
  900. if (new_row != NULL)
  901. png_combine_row(png_ptr, old_row, 1/*blocky display*/);
  902. }
  903. #endif /* READ_INTERLACING */
  904. void PNGAPI
  905. png_set_progressive_read_fn(png_structrp png_ptr, png_voidp progressive_ptr,
  906. png_progressive_info_ptr info_fn, png_progressive_row_ptr row_fn,
  907. png_progressive_end_ptr end_fn)
  908. {
  909. if (png_ptr == NULL)
  910. return;
  911. png_ptr->info_fn = info_fn;
  912. png_ptr->row_fn = row_fn;
  913. png_ptr->end_fn = end_fn;
  914. png_set_read_fn(png_ptr, progressive_ptr, png_push_fill_buffer);
  915. }
  916. png_voidp PNGAPI
  917. png_get_progressive_ptr(png_const_structrp png_ptr)
  918. {
  919. if (png_ptr == NULL)
  920. return (NULL);
  921. return png_ptr->io_ptr;
  922. }
  923. #endif /* PROGRESSIVE_READ */