1 /*
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
3 *
4 * This code is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License version 2 only, as
6 * published by the Free Software Foundation. Oracle designates this
7 * particular file as subject to the "Classpath" exception as provided
8 * by Oracle in the LICENSE file that accompanied this code.
9 *
10 * This code is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21 * or visit www.oracle.com if you need additional information or have any
22 * questions.
23 */
24
25 /* pngmem.c - stub functions for memory allocation
26 *
27 * Copyright (c) 2018 Cosmin Truta
28 * Copyright (c) 1998-2002,2004,2006-2014,2016 Glenn Randers-Pehrson
29 * Copyright (c) 1996-1997 Andreas Dilger
30 * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
31 *
32 * This code is released under the libpng license.
33 * For conditions of distribution and use, see the disclaimer
34 * and license in png.h
35 *
36 * This file provides a location for all memory allocation. Users who
37 * need special memory handling are expected to supply replacement
38 * functions for png_malloc() and png_free(), and to use
39 * png_create_read_struct_2() and png_create_write_struct_2() to
40 * identify the replacement functions.
41 */
42
43 #include "pngpriv.h"
44
45 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
46 /* Free a png_struct */
47 void /* PRIVATE */
48 png_destroy_png_struct(png_structrp png_ptr)
49 {
50 if (png_ptr != NULL)
51 {
52 /* png_free might call png_error and may certainly call
53 * png_get_mem_ptr, so fake a temporary png_struct to support this.
54 */
55 png_struct dummy_struct = *png_ptr;
56 memset(png_ptr, 0, (sizeof *png_ptr));
57 png_free(&dummy_struct, png_ptr);
58
59 # ifdef PNG_SETJMP_SUPPORTED
60 /* We may have a jmp_buf left to deallocate. */
61 png_free_jmpbuf(&dummy_struct);
62 # endif
63 }
64 }
65
66 /* Allocate memory. For reasonable files, size should never exceed
67 * 64K. However, zlib may allocate more than 64K if you don't tell
68 * it not to. See zconf.h and png.h for more information. zlib does
69 * need to allocate exactly 64K, so whatever you call here must
70 * have the ability to do that.
71 */
72 PNG_FUNCTION(png_voidp,PNGAPI
73 png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
74 {
75 png_voidp ret;
76
77 ret = png_malloc(png_ptr, size);
78
79 if (ret != NULL)
80 memset(ret, 0, size);
81
82 return ret;
83 }
84
85 /* png_malloc_base, an internal function added at libpng 1.6.0, does the work of
86 * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED.
87 * Checking and error handling must happen outside this routine; it returns NULL
88 * if the allocation cannot be done (for any reason.)
89 */
90 PNG_FUNCTION(png_voidp /* PRIVATE */,
91 png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size),
92 PNG_ALLOCATED)
93 {
94 /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS
95 * allocators have also been removed in 1.6.0, so any 16-bit system now has
96 * to implement a user memory handler. This checks to be sure it isn't
97 * called with big numbers.
98 */
99 #ifndef PNG_USER_MEM_SUPPORTED
100 PNG_UNUSED(png_ptr)
101 #endif
102
103 /* Some compilers complain that this is always true. However, it
104 * can be false when integer overflow happens.
105 */
106 if (size > 0 && size <= PNG_SIZE_MAX
107 # ifdef PNG_MAX_MALLOC_64K
108 && size <= 65536U
109 # endif
110 )
111 {
112 #ifdef PNG_USER_MEM_SUPPORTED
113 if (png_ptr != NULL && png_ptr->malloc_fn != NULL)
114 return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size);
115
116 else
117 #endif
118 return malloc((size_t)size); /* checked for truncation above */
119 }
120
121 else
122 return NULL;
123 }
124
125 #if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\
126 defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED)
127 /* This is really here only to work round a spurious warning in GCC 4.6 and 4.7
128 * that arises because of the checks in png_realloc_array that are repeated in
129 * png_malloc_array.
130 */
131 static png_voidp
132 png_malloc_array_checked(png_const_structrp png_ptr, int nelements,
133 size_t element_size)
134 {
135 png_alloc_size_t req = (png_alloc_size_t)nelements; /* known to be > 0 */
136
137 if (req <= PNG_SIZE_MAX/element_size)
138 return png_malloc_base(png_ptr, req * element_size);
139
140 /* The failure case when the request is too large */
141 return NULL;
142 }
143
144 PNG_FUNCTION(png_voidp /* PRIVATE */,
145 png_malloc_array,(png_const_structrp png_ptr, int nelements,
146 size_t element_size),PNG_ALLOCATED)
147 {
148 if (nelements <= 0 || element_size == 0)
149 png_error(png_ptr, "internal error: array alloc");
150
151 return png_malloc_array_checked(png_ptr, nelements, element_size);
152 }
153
154 PNG_FUNCTION(png_voidp /* PRIVATE */,
155 png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array,
156 int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED)
157 {
158 /* These are internal errors: */
159 if (add_elements <= 0 || element_size == 0 || old_elements < 0 ||
160 (old_array == NULL && old_elements > 0))
161 png_error(png_ptr, "internal error: array realloc");
162
163 /* Check for overflow on the elements count (so the caller does not have to
164 * check.)
165 */
166 if (add_elements <= INT_MAX - old_elements)
167 {
168 png_voidp new_array = png_malloc_array_checked(png_ptr,
169 old_elements+add_elements, element_size);
170
171 if (new_array != NULL)
172 {
173 /* Because png_malloc_array worked the size calculations below cannot
174 * overflow.
175 */
176 if (old_elements > 0)
177 memcpy(new_array, old_array, element_size*(unsigned)old_elements);
178
179 memset((char*)new_array + element_size*(unsigned)old_elements, 0,
180 element_size*(unsigned)add_elements);
181
182 return new_array;
183 }
184 }
185
186 return NULL; /* error */
187 }
188 #endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */
189
190 /* Various functions that have different error handling are derived from this.
191 * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate
192 * function png_malloc_default is also provided.
193 */
194 PNG_FUNCTION(png_voidp,PNGAPI
195 png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
196 {
197 png_voidp ret;
198
199 if (png_ptr == NULL)
200 return NULL;
201
202 ret = png_malloc_base(png_ptr, size);
203
204 if (ret == NULL)
205 png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */
206
207 return ret;
208 }
209
210 #ifdef PNG_USER_MEM_SUPPORTED
211 PNG_FUNCTION(png_voidp,PNGAPI
212 png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size),
213 PNG_ALLOCATED PNG_DEPRECATED)
214 {
215 png_voidp ret;
216
217 if (png_ptr == NULL)
218 return NULL;
219
220 /* Passing 'NULL' here bypasses the application provided memory handler. */
221 ret = png_malloc_base(NULL/*use malloc*/, size);
222
223 if (ret == NULL)
224 png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */
225
226 return ret;
227 }
228 #endif /* USER_MEM */
229
230 /* This function was added at libpng version 1.2.3. The png_malloc_warn()
231 * function will issue a png_warning and return NULL instead of issuing a
232 * png_error, if it fails to allocate the requested memory.
233 */
234 PNG_FUNCTION(png_voidp,PNGAPI
235 png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size),
236 PNG_ALLOCATED)
237 {
238 if (png_ptr != NULL)
239 {
240 png_voidp ret = png_malloc_base(png_ptr, size);
241
242 if (ret != NULL)
243 return ret;
244
245 png_warning(png_ptr, "Out of memory");
246 }
247
248 return NULL;
249 }
250
251 /* Free a pointer allocated by png_malloc(). If ptr is NULL, return
252 * without taking any action.
253 */
254 void PNGAPI
255 png_free(png_const_structrp png_ptr, png_voidp ptr)
256 {
257 if (png_ptr == NULL || ptr == NULL)
258 return;
259
260 #ifdef PNG_USER_MEM_SUPPORTED
261 if (png_ptr->free_fn != NULL)
262 png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr);
263
264 else
265 png_free_default(png_ptr, ptr);
266 }
267
268 PNG_FUNCTION(void,PNGAPI
269 png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED)
270 {
271 if (png_ptr == NULL || ptr == NULL)
272 return;
273 #endif /* USER_MEM */
274
275 free(ptr);
276 }
277
278 #ifdef PNG_USER_MEM_SUPPORTED
279 /* This function is called when the application wants to use another method
280 * of allocating and freeing memory.
281 */
282 void PNGAPI
283 png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr
284 malloc_fn, png_free_ptr free_fn)
285 {
286 if (png_ptr != NULL)
287 {
288 png_ptr->mem_ptr = mem_ptr;
289 png_ptr->malloc_fn = malloc_fn;
290 png_ptr->free_fn = free_fn;
291 }
292 }
293
294 /* This function returns a pointer to the mem_ptr associated with the user
295 * functions. The application should free any memory associated with this
296 * pointer before png_write_destroy and png_read_destroy are called.
297 */
298 png_voidp PNGAPI
299 png_get_mem_ptr(png_const_structrp png_ptr)
300 {
301 if (png_ptr == NULL)
302 return NULL;
303
304 return png_ptr->mem_ptr;
305 }
306 #endif /* USER_MEM */
307 #endif /* READ || WRITE */