1 /* 2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3 * 4 * This code is free software; you can redistribute it and/or modify it 5 * under the terms of the GNU General Public License version 2 only, as 6 * published by the Free Software Foundation. Oracle designates this 7 * particular file as subject to the "Classpath" exception as provided 8 * by Oracle in the LICENSE file that accompanied this code. 9 * 10 * This code is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13 * version 2 for more details (a copy is included in the LICENSE file that 14 * accompanied this code). 15 * 16 * You should have received a copy of the GNU General Public License version 17 * 2 along with this work; if not, write to the Free Software Foundation, 18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 * 20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 21 * or visit www.oracle.com if you need additional information or have any 22 * questions. 23 */ 24 25 /* pngmem.c - stub functions for memory allocation 26 * 27 * Copyright (c) 2018 Cosmin Truta 28 * Copyright (c) 1998-2002,2004,2006-2014,2016 Glenn Randers-Pehrson 29 * Copyright (c) 1996-1997 Andreas Dilger 30 * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. 31 * 32 * This code is released under the libpng license. 33 * For conditions of distribution and use, see the disclaimer 34 * and license in png.h 35 * 36 * This file provides a location for all memory allocation. Users who 37 * need special memory handling are expected to supply replacement 38 * functions for png_malloc() and png_free(), and to use 39 * png_create_read_struct_2() and png_create_write_struct_2() to 40 * identify the replacement functions. 41 */ 42 43 #include "pngpriv.h" 44 45 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) 46 /* Free a png_struct */ 47 void /* PRIVATE */ 48 png_destroy_png_struct(png_structrp png_ptr) 49 { 50 if (png_ptr != NULL) 51 { 52 /* png_free might call png_error and may certainly call 53 * png_get_mem_ptr, so fake a temporary png_struct to support this. 54 */ 55 png_struct dummy_struct = *png_ptr; 56 memset(png_ptr, 0, (sizeof *png_ptr)); 57 png_free(&dummy_struct, png_ptr); 58 59 # ifdef PNG_SETJMP_SUPPORTED 60 /* We may have a jmp_buf left to deallocate. */ 61 png_free_jmpbuf(&dummy_struct); 62 # endif 63 } 64 } 65 66 /* Allocate memory. For reasonable files, size should never exceed 67 * 64K. However, zlib may allocate more than 64K if you don't tell 68 * it not to. See zconf.h and png.h for more information. zlib does 69 * need to allocate exactly 64K, so whatever you call here must 70 * have the ability to do that. 71 */ 72 PNG_FUNCTION(png_voidp,PNGAPI 73 png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) 74 { 75 png_voidp ret; 76 77 ret = png_malloc(png_ptr, size); 78 79 if (ret != NULL) 80 memset(ret, 0, size); 81 82 return ret; 83 } 84 85 /* png_malloc_base, an internal function added at libpng 1.6.0, does the work of 86 * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED. 87 * Checking and error handling must happen outside this routine; it returns NULL 88 * if the allocation cannot be done (for any reason.) 89 */ 90 PNG_FUNCTION(png_voidp /* PRIVATE */, 91 png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size), 92 PNG_ALLOCATED) 93 { 94 /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS 95 * allocators have also been removed in 1.6.0, so any 16-bit system now has 96 * to implement a user memory handler. This checks to be sure it isn't 97 * called with big numbers. 98 */ 99 #ifndef PNG_USER_MEM_SUPPORTED 100 PNG_UNUSED(png_ptr) 101 #endif 102 103 /* Some compilers complain that this is always true. However, it 104 * can be false when integer overflow happens. 105 */ 106 if (size > 0 && size <= PNG_SIZE_MAX 107 # ifdef PNG_MAX_MALLOC_64K 108 && size <= 65536U 109 # endif 110 ) 111 { 112 #ifdef PNG_USER_MEM_SUPPORTED 113 if (png_ptr != NULL && png_ptr->malloc_fn != NULL) 114 return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size); 115 116 else 117 #endif 118 return malloc((size_t)size); /* checked for truncation above */ 119 } 120 121 else 122 return NULL; 123 } 124 125 #if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\ 126 defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED) 127 /* This is really here only to work round a spurious warning in GCC 4.6 and 4.7 128 * that arises because of the checks in png_realloc_array that are repeated in 129 * png_malloc_array. 130 */ 131 static png_voidp 132 png_malloc_array_checked(png_const_structrp png_ptr, int nelements, 133 size_t element_size) 134 { 135 png_alloc_size_t req = (png_alloc_size_t)nelements; /* known to be > 0 */ 136 137 if (req <= PNG_SIZE_MAX/element_size) 138 return png_malloc_base(png_ptr, req * element_size); 139 140 /* The failure case when the request is too large */ 141 return NULL; 142 } 143 144 PNG_FUNCTION(png_voidp /* PRIVATE */, 145 png_malloc_array,(png_const_structrp png_ptr, int nelements, 146 size_t element_size),PNG_ALLOCATED) 147 { 148 if (nelements <= 0 || element_size == 0) 149 png_error(png_ptr, "internal error: array alloc"); 150 151 return png_malloc_array_checked(png_ptr, nelements, element_size); 152 } 153 154 PNG_FUNCTION(png_voidp /* PRIVATE */, 155 png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array, 156 int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED) 157 { 158 /* These are internal errors: */ 159 if (add_elements <= 0 || element_size == 0 || old_elements < 0 || 160 (old_array == NULL && old_elements > 0)) 161 png_error(png_ptr, "internal error: array realloc"); 162 163 /* Check for overflow on the elements count (so the caller does not have to 164 * check.) 165 */ 166 if (add_elements <= INT_MAX - old_elements) 167 { 168 png_voidp new_array = png_malloc_array_checked(png_ptr, 169 old_elements+add_elements, element_size); 170 171 if (new_array != NULL) 172 { 173 /* Because png_malloc_array worked the size calculations below cannot 174 * overflow. 175 */ 176 if (old_elements > 0) 177 memcpy(new_array, old_array, element_size*(unsigned)old_elements); 178 179 memset((char*)new_array + element_size*(unsigned)old_elements, 0, 180 element_size*(unsigned)add_elements); 181 182 return new_array; 183 } 184 } 185 186 return NULL; /* error */ 187 } 188 #endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */ 189 190 /* Various functions that have different error handling are derived from this. 191 * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate 192 * function png_malloc_default is also provided. 193 */ 194 PNG_FUNCTION(png_voidp,PNGAPI 195 png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) 196 { 197 png_voidp ret; 198 199 if (png_ptr == NULL) 200 return NULL; 201 202 ret = png_malloc_base(png_ptr, size); 203 204 if (ret == NULL) 205 png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */ 206 207 return ret; 208 } 209 210 #ifdef PNG_USER_MEM_SUPPORTED 211 PNG_FUNCTION(png_voidp,PNGAPI 212 png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size), 213 PNG_ALLOCATED PNG_DEPRECATED) 214 { 215 png_voidp ret; 216 217 if (png_ptr == NULL) 218 return NULL; 219 220 /* Passing 'NULL' here bypasses the application provided memory handler. */ 221 ret = png_malloc_base(NULL/*use malloc*/, size); 222 223 if (ret == NULL) 224 png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */ 225 226 return ret; 227 } 228 #endif /* USER_MEM */ 229 230 /* This function was added at libpng version 1.2.3. The png_malloc_warn() 231 * function will issue a png_warning and return NULL instead of issuing a 232 * png_error, if it fails to allocate the requested memory. 233 */ 234 PNG_FUNCTION(png_voidp,PNGAPI 235 png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size), 236 PNG_ALLOCATED) 237 { 238 if (png_ptr != NULL) 239 { 240 png_voidp ret = png_malloc_base(png_ptr, size); 241 242 if (ret != NULL) 243 return ret; 244 245 png_warning(png_ptr, "Out of memory"); 246 } 247 248 return NULL; 249 } 250 251 /* Free a pointer allocated by png_malloc(). If ptr is NULL, return 252 * without taking any action. 253 */ 254 void PNGAPI 255 png_free(png_const_structrp png_ptr, png_voidp ptr) 256 { 257 if (png_ptr == NULL || ptr == NULL) 258 return; 259 260 #ifdef PNG_USER_MEM_SUPPORTED 261 if (png_ptr->free_fn != NULL) 262 png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr); 263 264 else 265 png_free_default(png_ptr, ptr); 266 } 267 268 PNG_FUNCTION(void,PNGAPI 269 png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED) 270 { 271 if (png_ptr == NULL || ptr == NULL) 272 return; 273 #endif /* USER_MEM */ 274 275 free(ptr); 276 } 277 278 #ifdef PNG_USER_MEM_SUPPORTED 279 /* This function is called when the application wants to use another method 280 * of allocating and freeing memory. 281 */ 282 void PNGAPI 283 png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr 284 malloc_fn, png_free_ptr free_fn) 285 { 286 if (png_ptr != NULL) 287 { 288 png_ptr->mem_ptr = mem_ptr; 289 png_ptr->malloc_fn = malloc_fn; 290 png_ptr->free_fn = free_fn; 291 } 292 } 293 294 /* This function returns a pointer to the mem_ptr associated with the user 295 * functions. The application should free any memory associated with this 296 * pointer before png_write_destroy and png_read_destroy are called. 297 */ 298 png_voidp PNGAPI 299 png_get_mem_ptr(png_const_structrp png_ptr) 300 { 301 if (png_ptr == NULL) 302 return NULL; 303 304 return png_ptr->mem_ptr; 305 } 306 #endif /* USER_MEM */ 307 #endif /* READ || WRITE */