12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21 * or visit www.oracle.com if you need additional information or have any
22 * questions.
23 */
24
25 /* pngrutil.c - utilities to read a PNG file
26 *
27 * This file is available under and governed by the GNU General Public
28 * License version 2 only, as published by the Free Software Foundation.
29 * However, the following notice accompanied the original version of this
30 * file and, per its terms, should not be removed:
31 *
32 * Last changed in libpng 1.6.20 [December 3, 2014]
33 * Copyright (c) 1998-2002,2004,2006-2015 Glenn Randers-Pehrson
34 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
35 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
36 *
37 * This code is released under the libpng license.
38 * For conditions of distribution and use, see the disclaimer
39 * and license in png.h
40 *
41 * This file contains routines that are only called from within
42 * libpng itself during the course of reading an image.
43 */
44
45 #include "pngpriv.h"
46
47 #ifdef PNG_READ_SUPPORTED
48
49 png_uint_32 PNGAPI
50 png_get_uint_31(png_const_structrp png_ptr, png_const_bytep buf)
51 {
52 png_uint_32 uval = png_get_uint_32(buf);
53
97 {
98 png_uint_32 uval =
99 ((png_uint_32)(*(buf )) << 24) +
100 ((png_uint_32)(*(buf + 1)) << 16) +
101 ((png_uint_32)(*(buf + 2)) << 8) +
102 ((png_uint_32)(*(buf + 3)) ) ;
103
104 return uval;
105 }
106
107 /* Grab a signed 32-bit integer from a buffer in big-endian format. The
108 * data is stored in the PNG file in two's complement format and there
109 * is no guarantee that a 'png_int_32' is exactly 32 bits, therefore
110 * the following code does a two's complement to native conversion.
111 */
112 png_int_32 (PNGAPI
113 png_get_int_32)(png_const_bytep buf)
114 {
115 png_uint_32 uval = png_get_uint_32(buf);
116 if ((uval & 0x80000000) == 0) /* non-negative */
117 return uval;
118
119 uval = (uval ^ 0xffffffff) + 1; /* 2's complement: -x = ~x+1 */
120 if ((uval & 0x80000000) == 0) /* no overflow */
121 return -(png_int_32)uval;
122 /* The following has to be safe; this function only gets called on PNG data
123 * and if we get here that data is invalid. 0 is the most safe value and
124 * if not then an attacker would surely just generate a PNG with 0 instead.
125 */
126 return 0;
127 }
128
129 /* Grab an unsigned 16-bit integer from a buffer in big-endian format. */
130 png_uint_16 (PNGAPI
131 png_get_uint_16)(png_const_bytep buf)
132 {
133 /* ANSI-C requires an int value to accomodate at least 16 bits so this
134 * works and allows the compiler not to worry about possible narrowing
135 * on 32-bit systems. (Pre-ANSI systems did not make integers smaller
136 * than 16 bits either.)
137 */
381 #else
382 png_chunk_error(png_ptr, msg);
383 #endif
384 }
385
386 /* Implementation note: unlike 'png_deflate_claim' this internal function
387 * does not take the size of the data as an argument. Some efficiency could
388 * be gained by using this when it is known *if* the zlib stream itself does
389 * not record the number; however, this is an illusion: the original writer
390 * of the PNG may have selected a lower window size, and we really must
391 * follow that because, for systems with with limited capabilities, we
392 * would otherwise reject the application's attempts to use a smaller window
393 * size (zlib doesn't have an interface to say "this or lower"!).
394 *
395 * inflateReset2 was added to zlib 1.2.4; before this the window could not be
396 * reset, therefore it is necessary to always allocate the maximum window
397 * size with earlier zlibs just in case later compressed chunks need it.
398 */
399 {
400 int ret; /* zlib return code */
401 #if PNG_ZLIB_VERNUM >= 0x1240
402
403 # if defined(PNG_SET_OPTION_SUPPORTED) && defined(PNG_MAXIMUM_INFLATE_WINDOW)
404 int window_bits;
405
406 if (((png_ptr->options >> PNG_MAXIMUM_INFLATE_WINDOW) & 3) ==
407 PNG_OPTION_ON)
408 {
409 window_bits = 15;
410 png_ptr->zstream_start = 0; /* fixed window size */
411 }
412
413 else
414 {
415 window_bits = 0;
416 png_ptr->zstream_start = 1;
417 }
418 # else
419 # define window_bits 0
420 # endif
421 #endif
422
423 /* Set this for safety, just in case the previous owner left pointers to
424 * memory allocations.
425 */
426 png_ptr->zstream.next_in = NULL;
427 png_ptr->zstream.avail_in = 0;
428 png_ptr->zstream.next_out = NULL;
429 png_ptr->zstream.avail_out = 0;
430
431 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_INITIALIZED) != 0)
432 {
433 #if PNG_ZLIB_VERNUM < 0x1240
434 ret = inflateReset(&png_ptr->zstream);
435 #else
436 ret = inflateReset2(&png_ptr->zstream, window_bits);
437 #endif
438 }
439
440 else
441 {
442 #if PNG_ZLIB_VERNUM < 0x1240
443 ret = inflateInit(&png_ptr->zstream);
444 #else
445 ret = inflateInit2(&png_ptr->zstream, window_bits);
446 #endif
447
448 if (ret == Z_OK)
449 png_ptr->flags |= PNG_FLAG_ZSTREAM_INITIALIZED;
450 }
451
452 if (ret == Z_OK)
453 png_ptr->zowner = owner;
454
455 else
456 png_zstream_error(png_ptr, ret);
457
458 return ret;
459 }
460
461 #ifdef window_bits
462 # undef window_bits
463 #endif
464 }
465
466 #if PNG_ZLIB_VERNUM >= 0x1240
467 /* Handle the start of the inflate stream if we called inflateInit2(strm,0);
468 * in this case some zlib versions skip validation of the CINFO field and, in
469 * certain circumstances, libpng may end up displaying an invalid image, in
470 * contrast to implementations that call zlib in the normal way (e.g. libpng
471 * 1.5).
472 */
473 int /* PRIVATE */
474 png_zlib_inflate(png_structrp png_ptr, int flush)
475 {
476 if (png_ptr->zstream_start && png_ptr->zstream.avail_in > 0)
477 {
478 if ((*png_ptr->zstream.next_in >> 4) > 7)
479 {
480 png_ptr->zstream.msg = "invalid window size (libpng)";
481 return Z_DATA_ERROR;
482 }
483
484 png_ptr->zstream_start = 0;
485 }
486
487 return inflate(&png_ptr->zstream, flush);
488 }
489 #endif /* Zlib >= 1.2.4 */
490
491 #ifdef PNG_READ_COMPRESSED_TEXT_SUPPORTED
492 /* png_inflate now returns zlib error codes including Z_OK and Z_STREAM_END to
493 * allow the caller to do multiple calls if required. If the 'finish' flag is
494 * set Z_FINISH will be passed to the final inflate() call and Z_STREAM_END must
495 * be returned or there has been a problem, otherwise Z_SYNC_FLUSH is used and
496 * Z_OK or Z_STREAM_END will be returned on success.
497 *
498 * The input and output sizes are updated to the actual amounts of data consumed
499 * or written, not the amount available (as in a z_stream). The data pointers
500 * are not changed, so the next input is (data+input_size) and the next
501 * available output is (output+output_size).
502 */
503 static int
504 png_inflate(png_structrp png_ptr, png_uint_32 owner, int finish,
505 /* INPUT: */ png_const_bytep input, png_uint_32p input_size_ptr,
506 /* OUTPUT: */ png_bytep output, png_alloc_size_t *output_size_ptr)
507 {
508 if (png_ptr->zowner == owner) /* Else not claimed */
509 {
510 int ret;
511 png_alloc_size_t avail_out = *output_size_ptr;
765 else if (ret == Z_OK)
766 ret = PNG_UNEXPECTED_ZLIB_RETURN;
767
768 /* Release the claimed stream */
769 png_ptr->zowner = 0;
770 }
771
772 else /* the claim failed */ if (ret == Z_STREAM_END) /* impossible! */
773 ret = PNG_UNEXPECTED_ZLIB_RETURN;
774
775 return ret;
776 }
777
778 else
779 {
780 /* Application/configuration limits exceeded */
781 png_zstream_error(png_ptr, Z_MEM_ERROR);
782 return Z_MEM_ERROR;
783 }
784 }
785 #endif /* READ_COMPRESSED_TEXT */
786
787 #ifdef PNG_READ_iCCP_SUPPORTED
788 /* Perform a partial read and decompress, producing 'avail_out' bytes and
789 * reading from the current chunk as required.
790 */
791 static int
792 png_inflate_read(png_structrp png_ptr, png_bytep read_buffer, uInt read_size,
793 png_uint_32p chunk_bytes, png_bytep next_out, png_alloc_size_t *out_size,
794 int finish)
795 {
796 if (png_ptr->zowner == png_ptr->chunk_name)
797 {
798 int ret;
799
800 /* next_in and avail_in must have been initialized by the caller. */
801 png_ptr->zstream.next_out = next_out;
802 png_ptr->zstream.avail_out = 0; /* set in the loop */
803
804 do
813 png_crc_read(png_ptr, read_buffer, read_size);
814
815 png_ptr->zstream.next_in = read_buffer;
816 png_ptr->zstream.avail_in = read_size;
817 }
818
819 if (png_ptr->zstream.avail_out == 0)
820 {
821 uInt avail = ZLIB_IO_MAX;
822 if (avail > *out_size)
823 avail = (uInt)*out_size;
824 *out_size -= avail;
825
826 png_ptr->zstream.avail_out = avail;
827 }
828
829 /* Use Z_SYNC_FLUSH when there is no more chunk data to ensure that all
830 * the available output is produced; this allows reading of truncated
831 * streams.
832 */
833 ret = PNG_INFLATE(png_ptr,
834 *chunk_bytes > 0 ? Z_NO_FLUSH : (finish ? Z_FINISH : Z_SYNC_FLUSH));
835 }
836 while (ret == Z_OK && (*out_size > 0 || png_ptr->zstream.avail_out > 0));
837
838 *out_size += png_ptr->zstream.avail_out;
839 png_ptr->zstream.avail_out = 0; /* Should not be required, but is safe */
840
841 /* Ensure the error message pointer is always set: */
842 png_zstream_error(png_ptr, ret);
843 return ret;
844 }
845
846 else
847 {
848 png_ptr->zstream.msg = PNGZ_MSG_CAST("zstream unclaimed");
849 return Z_STREAM_ERROR;
850 }
851 }
852 #endif
853
854 /* Read and check the IDHR chunk */
855
856 void /* PRIVATE */
857 png_handle_IHDR(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
858 {
859 png_byte buf[13];
860 png_uint_32 width, height;
861 int bit_depth, color_type, compression_type, filter_type;
862 int interlace_type;
863
864 png_debug(1, "in png_handle_IHDR");
865
866 if ((png_ptr->mode & PNG_HAVE_IHDR) != 0)
867 png_chunk_error(png_ptr, "out of place");
868
869 /* Check the length */
870 if (length != 13)
871 png_chunk_error(png_ptr, "invalid");
872
1020 {
1021 png_byte buf[3];
1022
1023 png_crc_read(png_ptr, buf, 3);
1024 /* Don't depend upon png_color being any order */
1025 palette[i].red = buf[0];
1026 palette[i].green = buf[1];
1027 palette[i].blue = buf[2];
1028 }
1029 #endif
1030
1031 /* If we actually need the PLTE chunk (ie for a paletted image), we do
1032 * whatever the normal CRC configuration tells us. However, if we
1033 * have an RGB image, the PLTE can be considered ancillary, so
1034 * we will act as though it is.
1035 */
1036 #ifndef PNG_READ_OPT_PLTE_SUPPORTED
1037 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
1038 #endif
1039 {
1040 png_crc_finish(png_ptr, (int) length - num * 3);
1041 }
1042
1043 #ifndef PNG_READ_OPT_PLTE_SUPPORTED
1044 else if (png_crc_error(png_ptr) != 0) /* Only if we have a CRC error */
1045 {
1046 /* If we don't want to use the data from an ancillary chunk,
1047 * we have two options: an error abort, or a warning and we
1048 * ignore the data in this chunk (which should be OK, since
1049 * it's considered ancillary for a RGB or RGBA image).
1050 *
1051 * IMPLEMENTATION NOTE: this is only here because png_crc_finish uses the
1052 * chunk type to determine whether to check the ancillary or the critical
1053 * flags.
1054 */
1055 if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_USE) == 0)
1056 {
1057 if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_NOWARN) != 0)
1058 return;
1059
1060 else
1523
1524 if (length > 0 && !(png_ptr->flags &
1525 PNG_FLAG_BENIGN_ERRORS_WARN))
1526 errmsg = "extra compressed data";
1527
1528 /* But otherwise allow extra data: */
1529 else if (size == 0)
1530 {
1531 if (length > 0)
1532 {
1533 /* This can be handled completely, so
1534 * keep going.
1535 */
1536 png_chunk_warning(png_ptr,
1537 "extra compressed data");
1538 }
1539
1540 png_crc_finish(png_ptr, length);
1541 finished = 1;
1542
1543 # ifdef PNG_sRGB_SUPPORTED
1544 /* Check for a match against sRGB */
1545 png_icc_set_sRGB(png_ptr,
1546 &png_ptr->colorspace, profile,
1547 png_ptr->zstream.adler);
1548 # endif
1549
1550 /* Steal the profile for info_ptr. */
1551 if (info_ptr != NULL)
1552 {
1553 png_free_data(png_ptr, info_ptr,
1554 PNG_FREE_ICCP, 0);
1555
1556 info_ptr->iccp_name = png_voidcast(char*,
1557 png_malloc_base(png_ptr,
1558 keyword_length+1));
1559 if (info_ptr->iccp_name != NULL)
1560 {
1561 memcpy(info_ptr->iccp_name, keyword,
1562 keyword_length+1);
1563 info_ptr->iccp_proflen =
1726 for (entry_start = buffer; *entry_start; entry_start++)
1727 /* Empty loop to find end of name */ ;
1728
1729 ++entry_start;
1730
1731 /* A sample depth should follow the separator, and we should be on it */
1732 if (length < 2U || entry_start > buffer + (length - 2U))
1733 {
1734 png_warning(png_ptr, "malformed sPLT chunk");
1735 return;
1736 }
1737
1738 new_palette.depth = *entry_start++;
1739 entry_size = (new_palette.depth == 8 ? 6 : 10);
1740 /* This must fit in a png_uint_32 because it is derived from the original
1741 * chunk data length.
1742 */
1743 data_length = length - (png_uint_32)(entry_start - buffer);
1744
1745 /* Integrity-check the data length */
1746 if ((data_length % entry_size) != 0)
1747 {
1748 png_warning(png_ptr, "sPLT chunk has bad length");
1749 return;
1750 }
1751
1752 dl = (png_int_32)(data_length / entry_size);
1753 max_dl = PNG_SIZE_MAX / (sizeof (png_sPLT_entry));
1754
1755 if (dl > max_dl)
1756 {
1757 png_warning(png_ptr, "sPLT chunk too long");
1758 return;
1759 }
1760
1761 new_palette.nentries = (png_int_32)(data_length / entry_size);
1762
1763 new_palette.entries = (png_sPLT_entryp)png_malloc_warn(
1764 png_ptr, new_palette.nentries * (sizeof (png_sPLT_entry)));
1765
1766 if (new_palette.entries == NULL)
1767 {
1768 png_warning(png_ptr, "sPLT chunk requires too much memory");
1769 return;
1770 }
1771
1772 #ifdef PNG_POINTER_INDEXING_SUPPORTED
1773 for (i = 0; i < new_palette.nentries; i++)
1774 {
1775 pp = new_palette.entries + i;
1776
1777 if (new_palette.depth == 8)
1778 {
1779 pp->red = *entry_start++;
1780 pp->green = *entry_start++;
1781 pp->blue = *entry_start++;
1782 pp->alpha = *entry_start++;
1783 }
1784
3108 PNG_ROWBYTES(pixel_depth, row_width))
3109 png_error(png_ptr, "internal row size calculation error");
3110
3111 /* Don't expect this to ever happen: */
3112 if (row_width == 0)
3113 png_error(png_ptr, "internal row width error");
3114
3115 /* Preserve the last byte in cases where only part of it will be overwritten,
3116 * the multiply below may overflow, we don't care because ANSI-C guarantees
3117 * we get the low bits.
3118 */
3119 end_mask = (pixel_depth * row_width) & 7;
3120 if (end_mask != 0)
3121 {
3122 /* end_ptr == NULL is a flag to say do nothing */
3123 end_ptr = dp + PNG_ROWBYTES(pixel_depth, row_width) - 1;
3124 end_byte = *end_ptr;
3125 # ifdef PNG_READ_PACKSWAP_SUPPORTED
3126 if ((png_ptr->transformations & PNG_PACKSWAP) != 0)
3127 /* little-endian byte */
3128 end_mask = 0xff << end_mask;
3129
3130 else /* big-endian byte */
3131 # endif
3132 end_mask = 0xff >> end_mask;
3133 /* end_mask is now the bits to *keep* from the destination row */
3134 }
3135
3136 /* For non-interlaced images this reduces to a memcpy(). A memcpy()
3137 * will also happen if interlacing isn't supported or if the application
3138 * does not call png_set_interlace_handling(). In the latter cases the
3139 * caller just gets a sequence of the unexpanded rows from each interlace
3140 * pass.
3141 */
3142 #ifdef PNG_READ_INTERLACING_SUPPORTED
3143 if (png_ptr->interlaced != 0 &&
3144 (png_ptr->transformations & PNG_INTERLACE) != 0 &&
3145 pass < 6 && (display == 0 ||
3146 /* The following copies everything for 'display' on passes 0, 2 and 4. */
3147 (display == 1 && (pass & 1) != 0)))
3148 {
3429 dp += bytes_to_jump;
3430 row_width -= bytes_to_jump;
3431 }
3432
3433 default:
3434 #if PNG_ALIGN_TYPE != PNG_ALIGN_NONE
3435 /* Check for double byte alignment and, if possible, use a
3436 * 16-bit copy. Don't attempt this for narrow images - ones that
3437 * are less than an interlace panel wide. Don't attempt it for
3438 * wide bytes_to_copy either - use the memcpy there.
3439 */
3440 if (bytes_to_copy < 16 /*else use memcpy*/ &&
3441 png_isaligned(dp, png_uint_16) &&
3442 png_isaligned(sp, png_uint_16) &&
3443 bytes_to_copy % (sizeof (png_uint_16)) == 0 &&
3444 bytes_to_jump % (sizeof (png_uint_16)) == 0)
3445 {
3446 /* Everything is aligned for png_uint_16 copies, but try for
3447 * png_uint_32 first.
3448 */
3449 if (png_isaligned(dp, png_uint_32) != 0 &&
3450 png_isaligned(sp, png_uint_32) != 0 &&
3451 bytes_to_copy % (sizeof (png_uint_32)) == 0 &&
3452 bytes_to_jump % (sizeof (png_uint_32)) == 0)
3453 {
3454 png_uint_32p dp32 = png_aligncast(png_uint_32p,dp);
3455 png_const_uint_32p sp32 = png_aligncastconst(
3456 png_const_uint_32p, sp);
3457 size_t skip = (bytes_to_jump-bytes_to_copy) /
3458 (sizeof (png_uint_32));
3459
3460 do
3461 {
3462 size_t c = bytes_to_copy;
3463 do
3464 {
3465 *dp32++ = *sp32++;
3466 c -= (sizeof (png_uint_32));
3467 }
3468 while (c > 0);
3469
3470 if (row_width <= bytes_to_jump)
3554 #endif /* READ_INTERLACING */
3555
3556 /* If here then the switch above wasn't used so just memcpy the whole row
3557 * from the temporary row buffer (notice that this overwrites the end of the
3558 * destination row if it is a partial byte.)
3559 */
3560 memcpy(dp, sp, PNG_ROWBYTES(pixel_depth, row_width));
3561
3562 /* Restore the overwritten bits from the last byte if necessary. */
3563 if (end_ptr != NULL)
3564 *end_ptr = (png_byte)((end_byte & end_mask) | (*end_ptr & ~end_mask));
3565 }
3566
3567 #ifdef PNG_READ_INTERLACING_SUPPORTED
3568 void /* PRIVATE */
3569 png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
3570 png_uint_32 transformations /* Because these may affect the byte layout */)
3571 {
3572 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
3573 /* Offset to next interlace block */
3574 static PNG_CONST int png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
3575
3576 png_debug(1, "in png_do_read_interlace");
3577 if (row != NULL && row_info != NULL)
3578 {
3579 png_uint_32 final_width;
3580
3581 final_width = row_info->width * png_pass_inc[pass];
3582
3583 switch (row_info->pixel_depth)
3584 {
3585 case 1:
3586 {
3587 png_bytep sp = row + (png_size_t)((row_info->width - 1) >> 3);
3588 png_bytep dp = row + (png_size_t)((final_width - 1) >> 3);
3589 int sshift, dshift;
3590 int s_start, s_end, s_inc;
3591 int jstop = png_pass_inc[pass];
3592 png_byte v;
3593 png_uint_32 i;
3594 int j;
3595
3596 #ifdef PNG_READ_PACKSWAP_SUPPORTED
3597 if ((transformations & PNG_PACKSWAP) != 0)
3598 {
3599 sshift = (int)((row_info->width + 7) & 0x07);
3600 dshift = (int)((final_width + 7) & 0x07);
3601 s_start = 7;
3602 s_end = 0;
3603 s_inc = -1;
3604 }
3605
3606 else
3607 #endif
3608 {
3609 sshift = 7 - (int)((row_info->width + 7) & 0x07);
3610 dshift = 7 - (int)((final_width + 7) & 0x07);
3611 s_start = 0;
3612 s_end = 7;
3613 s_inc = 1;
3614 }
3615
3616 for (i = 0; i < row_info->width; i++)
3617 {
3618 v = (png_byte)((*sp >> sshift) & 0x01);
3619 for (j = 0; j < jstop; j++)
3620 {
3621 unsigned int tmp = *dp & (0x7f7f >> (7 - dshift));
3622 tmp |= v << dshift;
3623 *dp = (png_byte)(tmp & 0xff);
3624
3625 if (dshift == s_end)
3626 {
3627 dshift = s_start;
3628 dp--;
3629 }
3630
3631 else
3632 dshift += s_inc;
3633 }
3634
3635 if (sshift == s_end)
3636 {
3637 sshift = s_start;
3638 sp--;
3639 }
3640
3641 else
3642 sshift += s_inc;
3643 }
3644 break;
3645 }
3646
3647 case 2:
3648 {
3649 png_bytep sp = row + (png_uint_32)((row_info->width - 1) >> 2);
3650 png_bytep dp = row + (png_uint_32)((final_width - 1) >> 2);
3651 int sshift, dshift;
3652 int s_start, s_end, s_inc;
3653 int jstop = png_pass_inc[pass];
3654 png_uint_32 i;
3655
3656 #ifdef PNG_READ_PACKSWAP_SUPPORTED
3657 if ((transformations & PNG_PACKSWAP) != 0)
3658 {
3659 sshift = (int)(((row_info->width + 3) & 0x03) << 1);
3660 dshift = (int)(((final_width + 3) & 0x03) << 1);
3661 s_start = 6;
3662 s_end = 0;
3663 s_inc = -2;
3664 }
3665
3666 else
3667 #endif
3668 {
3669 sshift = (int)((3 - ((row_info->width + 3) & 0x03)) << 1);
3670 dshift = (int)((3 - ((final_width + 3) & 0x03)) << 1);
3671 s_start = 0;
3672 s_end = 6;
3673 s_inc = 2;
3674 }
3675
3676 for (i = 0; i < row_info->width; i++)
3677 {
3678 png_byte v;
3679 int j;
3680
3681 v = (png_byte)((*sp >> sshift) & 0x03);
3682 for (j = 0; j < jstop; j++)
3683 {
3684 unsigned int tmp = *dp & (0x3f3f >> (6 - dshift));
3685 tmp |= v << dshift;
3686 *dp = (png_byte)(tmp & 0xff);
3687
3688 if (dshift == s_end)
3689 {
3690 dshift = s_start;
3691 dp--;
3692 }
3693
3694 else
3695 dshift += s_inc;
3696 }
3697
3698 if (sshift == s_end)
3699 {
3700 sshift = s_start;
3701 sp--;
3702 }
3703
3704 else
3705 sshift += s_inc;
3706 }
3707 break;
3708 }
3709
3710 case 4:
3711 {
3712 png_bytep sp = row + (png_size_t)((row_info->width - 1) >> 1);
3713 png_bytep dp = row + (png_size_t)((final_width - 1) >> 1);
3714 int sshift, dshift;
3715 int s_start, s_end, s_inc;
3716 png_uint_32 i;
3717 int jstop = png_pass_inc[pass];
3718
3719 #ifdef PNG_READ_PACKSWAP_SUPPORTED
3720 if ((transformations & PNG_PACKSWAP) != 0)
3721 {
3722 sshift = (int)(((row_info->width + 1) & 0x01) << 2);
3723 dshift = (int)(((final_width + 1) & 0x01) << 2);
3724 s_start = 4;
3725 s_end = 0;
3726 s_inc = -4;
3727 }
3728
3729 else
3730 #endif
3731 {
3732 sshift = (int)((1 - ((row_info->width + 1) & 0x01)) << 2);
3733 dshift = (int)((1 - ((final_width + 1) & 0x01)) << 2);
3734 s_start = 0;
3735 s_end = 4;
3736 s_inc = 4;
3737 }
3738
3739 for (i = 0; i < row_info->width; i++)
3740 {
3741 png_byte v = (png_byte)((*sp >> sshift) & 0x0f);
3742 int j;
3743
3744 for (j = 0; j < jstop; j++)
3745 {
3746 unsigned int tmp = *dp & (0xf0f >> (4 - dshift));
3747 tmp |= v << dshift;
3748 *dp = (png_byte)(tmp & 0xff);
3749
3750 if (dshift == s_end)
3751 {
3752 dshift = s_start;
3753 dp--;
3754 }
3755
3756 else
3757 dshift += s_inc;
3758 }
3759
3760 if (sshift == s_end)
3761 {
3762 sshift = s_start;
3763 sp--;
3764 }
3765
3766 else
3767 sshift += s_inc;
3768 }
3769 break;
3770 }
3771
3772 default:
3773 {
3774 png_size_t pixel_bytes = (row_info->pixel_depth >> 3);
3775
3776 png_bytep sp = row + (png_size_t)(row_info->width - 1)
3777 * pixel_bytes;
3778
3779 png_bytep dp = row + (png_size_t)(final_width - 1) * pixel_bytes;
3780
3781 int jstop = png_pass_inc[pass];
3782 png_uint_32 i;
3783
3784 for (i = 0; i < row_info->width; i++)
3785 {
3786 png_byte v[8]; /* SAFE; pixel_depth does not exceed 64 */
3787 int j;
3788
3789 memcpy(v, sp, pixel_bytes);
3790
3791 for (j = 0; j < jstop; j++)
3792 {
3793 memcpy(dp, v, pixel_bytes);
3794 dp -= pixel_bytes;
3795 }
3796
3797 sp -= pixel_bytes;
3798 }
3799 break;
3800 }
3801 }
3905
3906 /* Find the best predictor, the least of pa, pb, pc favoring the earlier
3907 * ones in the case of a tie.
3908 */
3909 if (pb < pa) pa = pb, a = b;
3910 if (pc < pa) a = c;
3911
3912 /* Calculate the current pixel in a, and move the previous row pixel to c
3913 * for the next time round the loop
3914 */
3915 c = b;
3916 a += *row;
3917 *row++ = (png_byte)a;
3918 }
3919 }
3920
3921 static void
3922 png_read_filter_row_paeth_multibyte_pixel(png_row_infop row_info, png_bytep row,
3923 png_const_bytep prev_row)
3924 {
3925 int bpp = (row_info->pixel_depth + 7) >> 3;
3926 png_bytep rp_end = row + bpp;
3927
3928 /* Process the first pixel in the row completely (this is the same as 'up'
3929 * because there is only one candidate predictor for the first row).
3930 */
3931 while (row < rp_end)
3932 {
3933 int a = *row + *prev_row++;
3934 *row++ = (png_byte)a;
3935 }
3936
3937 /* Remainder */
3938 rp_end += row_info->rowbytes - bpp;
3939
3940 while (row < rp_end)
3941 {
3942 int a, b, c, pa, pb, pc, p;
3943
3944 c = *(prev_row - bpp);
3945 a = *(row - bpp);
3946 b = *prev_row++;
3947
3948 p = b - c;
3949 pc = a - c;
3950
3951 #ifdef PNG_USE_ABS
3952 pa = abs(p);
3953 pb = abs(pc);
3954 pc = abs(p + pc);
3955 #else
3956 pa = p < 0 ? -p : p;
3957 pb = pc < 0 ? -pc : pc;
3958 pc = (p + pc) < 0 ? -(p + pc) : p + pc;
4263 }
4264 #endif /* SEQUENTIAL_READ */
4265
4266 void /* PRIVATE */
4267 png_read_start_row(png_structrp png_ptr)
4268 {
4269 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
4270
4271 /* Start of interlace block */
4272 static PNG_CONST png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
4273
4274 /* Offset to next interlace block */
4275 static PNG_CONST png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
4276
4277 /* Start of interlace block in the y direction */
4278 static PNG_CONST png_byte png_pass_ystart[7] = {0, 0, 4, 0, 2, 0, 1};
4279
4280 /* Offset to next interlace block in the y direction */
4281 static PNG_CONST png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
4282
4283 int max_pixel_depth;
4284 png_size_t row_bytes;
4285
4286 png_debug(1, "in png_read_start_row");
4287
4288 #ifdef PNG_READ_TRANSFORMS_SUPPORTED
4289 png_init_read_transformations(png_ptr);
4290 #endif
4291 if (png_ptr->interlaced != 0)
4292 {
4293 if ((png_ptr->transformations & PNG_INTERLACE) == 0)
4294 png_ptr->num_rows = (png_ptr->height + png_pass_yinc[0] - 1 -
4295 png_pass_ystart[0]) / png_pass_yinc[0];
4296
4297 else
4298 png_ptr->num_rows = png_ptr->height;
4299
4300 png_ptr->iwidth = (png_ptr->width +
4301 png_pass_inc[png_ptr->pass] - 1 -
4302 png_pass_start[png_ptr->pass]) /
4303 png_pass_inc[png_ptr->pass];
4304 }
4305
4306 else
4307 {
4308 png_ptr->num_rows = png_ptr->height;
4309 png_ptr->iwidth = png_ptr->width;
4310 }
4311
4312 max_pixel_depth = png_ptr->pixel_depth;
4313
4314 /* WARNING: * png_read_transform_info (pngrtran.c) performs a simpler set of
4315 * calculations to calculate the final pixel depth, then
4316 * png_do_read_transforms actually does the transforms. This means that the
4317 * code which effectively calculates this value is actually repeated in three
4318 * separate places. They must all match. Innocent changes to the order of
4319 * transformations can and will break libpng in a way that causes memory
4320 * overwrites.
4321 *
4322 * TODO: fix this.
4323 */
4324 #ifdef PNG_READ_PACK_SUPPORTED
4325 if ((png_ptr->transformations & PNG_PACK) != 0 && png_ptr->bit_depth < 8)
4326 max_pixel_depth = 8;
4327 #endif
4328
4329 #ifdef PNG_READ_EXPAND_SUPPORTED
4330 if ((png_ptr->transformations & PNG_EXPAND) != 0)
4331 {
4332 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
4427 if (png_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
4428 max_pixel_depth = 32;
4429
4430 else
4431 max_pixel_depth = 24;
4432 }
4433
4434 else if (png_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
4435 max_pixel_depth = 64;
4436
4437 else
4438 max_pixel_depth = 48;
4439 }
4440 }
4441 #endif
4442
4443 #if defined(PNG_READ_USER_TRANSFORM_SUPPORTED) && \
4444 defined(PNG_USER_TRANSFORM_PTR_SUPPORTED)
4445 if ((png_ptr->transformations & PNG_USER_TRANSFORM) != 0)
4446 {
4447 int user_pixel_depth = png_ptr->user_transform_depth *
4448 png_ptr->user_transform_channels;
4449
4450 if (user_pixel_depth > max_pixel_depth)
4451 max_pixel_depth = user_pixel_depth;
4452 }
4453 #endif
4454
4455 /* This value is stored in png_struct and double checked in the row read
4456 * code.
4457 */
4458 png_ptr->maximum_pixel_depth = (png_byte)max_pixel_depth;
4459 png_ptr->transformed_pixel_depth = 0; /* calculated on demand */
4460
4461 /* Align the width on the next larger 8 pixels. Mainly used
4462 * for interlacing
4463 */
4464 row_bytes = ((png_ptr->width + 7) & ~((png_uint_32)7));
4465 /* Calculate the maximum bytes needed, adding a byte and a pixel
4466 * for safety's sake
4467 */
4468 row_bytes = PNG_ROWBYTES(max_pixel_depth, row_bytes) +
4469 1 + ((max_pixel_depth + 7) >> 3);
4470
4471 #ifdef PNG_MAX_MALLOC_64K
4472 if (row_bytes > (png_uint_32)65536L)
4473 png_error(png_ptr, "This image requires a row greater than 64KB");
4474 #endif
4475
4476 if (row_bytes + 48 > png_ptr->old_big_row_buf_size)
4477 {
4478 png_free(png_ptr, png_ptr->big_row_buf);
4479 png_free(png_ptr, png_ptr->big_prev_row);
4480
4481 if (png_ptr->interlaced != 0)
4482 png_ptr->big_row_buf = (png_bytep)png_calloc(png_ptr,
4483 row_bytes + 48);
4484
4485 else
4486 png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes + 48);
4487
4488 png_ptr->big_prev_row = (png_bytep)png_malloc(png_ptr, row_bytes + 48);
4489
4518 png_error(png_ptr, "This image requires a row greater than 64KB");
4519
4520 #endif
4521 if (png_ptr->rowbytes > (PNG_SIZE_MAX - 1))
4522 png_error(png_ptr, "Row has too many bytes to allocate in memory");
4523
4524 memset(png_ptr->prev_row, 0, png_ptr->rowbytes + 1);
4525
4526 png_debug1(3, "width = %u,", png_ptr->width);
4527 png_debug1(3, "height = %u,", png_ptr->height);
4528 png_debug1(3, "iwidth = %u,", png_ptr->iwidth);
4529 png_debug1(3, "num_rows = %u,", png_ptr->num_rows);
4530 png_debug1(3, "rowbytes = %lu,", (unsigned long)png_ptr->rowbytes);
4531 png_debug1(3, "irowbytes = %lu",
4532 (unsigned long)PNG_ROWBYTES(png_ptr->pixel_depth, png_ptr->iwidth) + 1);
4533
4534 /* The sequential reader needs a buffer for IDAT, but the progressive reader
4535 * does not, so free the read buffer now regardless; the sequential reader
4536 * reallocates it on demand.
4537 */
4538 if (png_ptr->read_buffer != 0)
4539 {
4540 png_bytep buffer = png_ptr->read_buffer;
4541
4542 png_ptr->read_buffer_size = 0;
4543 png_ptr->read_buffer = NULL;
4544 png_free(png_ptr, buffer);
4545 }
4546
4547 /* Finally claim the zstream for the inflate of the IDAT data, use the bits
4548 * value from the stream (note that this will result in a fatal error if the
4549 * IDAT stream has a bogus deflate header window_bits value, but this should
4550 * not be happening any longer!)
4551 */
4552 if (png_inflate_claim(png_ptr, png_IDAT) != Z_OK)
4553 png_error(png_ptr, png_ptr->zstream.msg);
4554
4555 png_ptr->flags |= PNG_FLAG_ROW_INIT;
4556 }
4557 #endif /* READ */
|
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21 * or visit www.oracle.com if you need additional information or have any
22 * questions.
23 */
24
25 /* pngrutil.c - utilities to read a PNG file
26 *
27 * This file is available under and governed by the GNU General Public
28 * License version 2 only, as published by the Free Software Foundation.
29 * However, the following notice accompanied the original version of this
30 * file and, per its terms, should not be removed:
31 *
32 * Last changed in libpng 1.6.27 [January 5, 2017]
33 * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson
34 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
35 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
36 *
37 * This code is released under the libpng license.
38 * For conditions of distribution and use, see the disclaimer
39 * and license in png.h
40 *
41 * This file contains routines that are only called from within
42 * libpng itself during the course of reading an image.
43 */
44
45 #include "pngpriv.h"
46
47 #ifdef PNG_READ_SUPPORTED
48
49 png_uint_32 PNGAPI
50 png_get_uint_31(png_const_structrp png_ptr, png_const_bytep buf)
51 {
52 png_uint_32 uval = png_get_uint_32(buf);
53
97 {
98 png_uint_32 uval =
99 ((png_uint_32)(*(buf )) << 24) +
100 ((png_uint_32)(*(buf + 1)) << 16) +
101 ((png_uint_32)(*(buf + 2)) << 8) +
102 ((png_uint_32)(*(buf + 3)) ) ;
103
104 return uval;
105 }
106
107 /* Grab a signed 32-bit integer from a buffer in big-endian format. The
108 * data is stored in the PNG file in two's complement format and there
109 * is no guarantee that a 'png_int_32' is exactly 32 bits, therefore
110 * the following code does a two's complement to native conversion.
111 */
112 png_int_32 (PNGAPI
113 png_get_int_32)(png_const_bytep buf)
114 {
115 png_uint_32 uval = png_get_uint_32(buf);
116 if ((uval & 0x80000000) == 0) /* non-negative */
117 return (png_int_32)uval;
118
119 uval = (uval ^ 0xffffffff) + 1; /* 2's complement: -x = ~x+1 */
120 if ((uval & 0x80000000) == 0) /* no overflow */
121 return -(png_int_32)uval;
122 /* The following has to be safe; this function only gets called on PNG data
123 * and if we get here that data is invalid. 0 is the most safe value and
124 * if not then an attacker would surely just generate a PNG with 0 instead.
125 */
126 return 0;
127 }
128
129 /* Grab an unsigned 16-bit integer from a buffer in big-endian format. */
130 png_uint_16 (PNGAPI
131 png_get_uint_16)(png_const_bytep buf)
132 {
133 /* ANSI-C requires an int value to accomodate at least 16 bits so this
134 * works and allows the compiler not to worry about possible narrowing
135 * on 32-bit systems. (Pre-ANSI systems did not make integers smaller
136 * than 16 bits either.)
137 */
381 #else
382 png_chunk_error(png_ptr, msg);
383 #endif
384 }
385
386 /* Implementation note: unlike 'png_deflate_claim' this internal function
387 * does not take the size of the data as an argument. Some efficiency could
388 * be gained by using this when it is known *if* the zlib stream itself does
389 * not record the number; however, this is an illusion: the original writer
390 * of the PNG may have selected a lower window size, and we really must
391 * follow that because, for systems with with limited capabilities, we
392 * would otherwise reject the application's attempts to use a smaller window
393 * size (zlib doesn't have an interface to say "this or lower"!).
394 *
395 * inflateReset2 was added to zlib 1.2.4; before this the window could not be
396 * reset, therefore it is necessary to always allocate the maximum window
397 * size with earlier zlibs just in case later compressed chunks need it.
398 */
399 {
400 int ret; /* zlib return code */
401 #if ZLIB_VERNUM >= 0x1240
402 int window_bits = 0;
403
404 # if defined(PNG_SET_OPTION_SUPPORTED) && defined(PNG_MAXIMUM_INFLATE_WINDOW)
405 if (((png_ptr->options >> PNG_MAXIMUM_INFLATE_WINDOW) & 3) ==
406 PNG_OPTION_ON)
407 {
408 window_bits = 15;
409 png_ptr->zstream_start = 0; /* fixed window size */
410 }
411
412 else
413 {
414 png_ptr->zstream_start = 1;
415 }
416 # endif
417
418 #endif /* ZLIB_VERNUM >= 0x1240 */
419
420 /* Set this for safety, just in case the previous owner left pointers to
421 * memory allocations.
422 */
423 png_ptr->zstream.next_in = NULL;
424 png_ptr->zstream.avail_in = 0;
425 png_ptr->zstream.next_out = NULL;
426 png_ptr->zstream.avail_out = 0;
427
428 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_INITIALIZED) != 0)
429 {
430 #if ZLIB_VERNUM >= 0x1240
431 ret = inflateReset2(&png_ptr->zstream, window_bits);
432 #else
433 ret = inflateReset(&png_ptr->zstream);
434 #endif
435 }
436
437 else
438 {
439 #if ZLIB_VERNUM >= 0x1240
440 ret = inflateInit2(&png_ptr->zstream, window_bits);
441 #else
442 ret = inflateInit(&png_ptr->zstream);
443 #endif
444
445 if (ret == Z_OK)
446 png_ptr->flags |= PNG_FLAG_ZSTREAM_INITIALIZED;
447 }
448
449 #if ZLIB_VERNUM >= 0x1281 && \
450 defined(PNG_SET_OPTION_SUPPORTED) && defined(PNG_IGNORE_ADLER32)
451 if (((png_ptr->options >> PNG_IGNORE_ADLER32) & 3) == PNG_OPTION_ON)
452 /* Turn off validation of the ADLER32 checksum in IDAT chunks */
453 ret = inflateValidate(&png_ptr->zstream, 0);
454 #endif
455
456 if (ret == Z_OK)
457 png_ptr->zowner = owner;
458
459 else
460 png_zstream_error(png_ptr, ret);
461
462 return ret;
463 }
464
465 #ifdef window_bits
466 # undef window_bits
467 #endif
468 }
469
470 #if ZLIB_VERNUM >= 0x1240
471 /* Handle the start of the inflate stream if we called inflateInit2(strm,0);
472 * in this case some zlib versions skip validation of the CINFO field and, in
473 * certain circumstances, libpng may end up displaying an invalid image, in
474 * contrast to implementations that call zlib in the normal way (e.g. libpng
475 * 1.5).
476 */
477 int /* PRIVATE */
478 png_zlib_inflate(png_structrp png_ptr, int flush)
479 {
480 if (png_ptr->zstream_start && png_ptr->zstream.avail_in > 0)
481 {
482 if ((*png_ptr->zstream.next_in >> 4) > 7)
483 {
484 png_ptr->zstream.msg = "invalid window size (libpng)";
485 return Z_DATA_ERROR;
486 }
487
488 png_ptr->zstream_start = 0;
489 }
490
491 return inflate(&png_ptr->zstream, flush);
492 }
493 #endif /* Zlib >= 1.2.4 */
494
495 #ifdef PNG_READ_COMPRESSED_TEXT_SUPPORTED
496 #if defined(PNG_READ_zTXt_SUPPORTED) || defined (PNG_READ_iTXt_SUPPORTED)
497 /* png_inflate now returns zlib error codes including Z_OK and Z_STREAM_END to
498 * allow the caller to do multiple calls if required. If the 'finish' flag is
499 * set Z_FINISH will be passed to the final inflate() call and Z_STREAM_END must
500 * be returned or there has been a problem, otherwise Z_SYNC_FLUSH is used and
501 * Z_OK or Z_STREAM_END will be returned on success.
502 *
503 * The input and output sizes are updated to the actual amounts of data consumed
504 * or written, not the amount available (as in a z_stream). The data pointers
505 * are not changed, so the next input is (data+input_size) and the next
506 * available output is (output+output_size).
507 */
508 static int
509 png_inflate(png_structrp png_ptr, png_uint_32 owner, int finish,
510 /* INPUT: */ png_const_bytep input, png_uint_32p input_size_ptr,
511 /* OUTPUT: */ png_bytep output, png_alloc_size_t *output_size_ptr)
512 {
513 if (png_ptr->zowner == owner) /* Else not claimed */
514 {
515 int ret;
516 png_alloc_size_t avail_out = *output_size_ptr;
770 else if (ret == Z_OK)
771 ret = PNG_UNEXPECTED_ZLIB_RETURN;
772
773 /* Release the claimed stream */
774 png_ptr->zowner = 0;
775 }
776
777 else /* the claim failed */ if (ret == Z_STREAM_END) /* impossible! */
778 ret = PNG_UNEXPECTED_ZLIB_RETURN;
779
780 return ret;
781 }
782
783 else
784 {
785 /* Application/configuration limits exceeded */
786 png_zstream_error(png_ptr, Z_MEM_ERROR);
787 return Z_MEM_ERROR;
788 }
789 }
790 #endif /* READ_zTXt || READ_iTXt */
791 #endif /* READ_COMPRESSED_TEXT */
792
793 #ifdef PNG_READ_iCCP_SUPPORTED
794 /* Perform a partial read and decompress, producing 'avail_out' bytes and
795 * reading from the current chunk as required.
796 */
797 static int
798 png_inflate_read(png_structrp png_ptr, png_bytep read_buffer, uInt read_size,
799 png_uint_32p chunk_bytes, png_bytep next_out, png_alloc_size_t *out_size,
800 int finish)
801 {
802 if (png_ptr->zowner == png_ptr->chunk_name)
803 {
804 int ret;
805
806 /* next_in and avail_in must have been initialized by the caller. */
807 png_ptr->zstream.next_out = next_out;
808 png_ptr->zstream.avail_out = 0; /* set in the loop */
809
810 do
819 png_crc_read(png_ptr, read_buffer, read_size);
820
821 png_ptr->zstream.next_in = read_buffer;
822 png_ptr->zstream.avail_in = read_size;
823 }
824
825 if (png_ptr->zstream.avail_out == 0)
826 {
827 uInt avail = ZLIB_IO_MAX;
828 if (avail > *out_size)
829 avail = (uInt)*out_size;
830 *out_size -= avail;
831
832 png_ptr->zstream.avail_out = avail;
833 }
834
835 /* Use Z_SYNC_FLUSH when there is no more chunk data to ensure that all
836 * the available output is produced; this allows reading of truncated
837 * streams.
838 */
839 ret = PNG_INFLATE(png_ptr, *chunk_bytes > 0 ?
840 Z_NO_FLUSH : (finish ? Z_FINISH : Z_SYNC_FLUSH));
841 }
842 while (ret == Z_OK && (*out_size > 0 || png_ptr->zstream.avail_out > 0));
843
844 *out_size += png_ptr->zstream.avail_out;
845 png_ptr->zstream.avail_out = 0; /* Should not be required, but is safe */
846
847 /* Ensure the error message pointer is always set: */
848 png_zstream_error(png_ptr, ret);
849 return ret;
850 }
851
852 else
853 {
854 png_ptr->zstream.msg = PNGZ_MSG_CAST("zstream unclaimed");
855 return Z_STREAM_ERROR;
856 }
857 }
858 #endif /* READ_iCCP */
859
860 /* Read and check the IDHR chunk */
861
862 void /* PRIVATE */
863 png_handle_IHDR(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
864 {
865 png_byte buf[13];
866 png_uint_32 width, height;
867 int bit_depth, color_type, compression_type, filter_type;
868 int interlace_type;
869
870 png_debug(1, "in png_handle_IHDR");
871
872 if ((png_ptr->mode & PNG_HAVE_IHDR) != 0)
873 png_chunk_error(png_ptr, "out of place");
874
875 /* Check the length */
876 if (length != 13)
877 png_chunk_error(png_ptr, "invalid");
878
1026 {
1027 png_byte buf[3];
1028
1029 png_crc_read(png_ptr, buf, 3);
1030 /* Don't depend upon png_color being any order */
1031 palette[i].red = buf[0];
1032 palette[i].green = buf[1];
1033 palette[i].blue = buf[2];
1034 }
1035 #endif
1036
1037 /* If we actually need the PLTE chunk (ie for a paletted image), we do
1038 * whatever the normal CRC configuration tells us. However, if we
1039 * have an RGB image, the PLTE can be considered ancillary, so
1040 * we will act as though it is.
1041 */
1042 #ifndef PNG_READ_OPT_PLTE_SUPPORTED
1043 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
1044 #endif
1045 {
1046 png_crc_finish(png_ptr, (png_uint_32) (length - (unsigned int)num * 3));
1047 }
1048
1049 #ifndef PNG_READ_OPT_PLTE_SUPPORTED
1050 else if (png_crc_error(png_ptr) != 0) /* Only if we have a CRC error */
1051 {
1052 /* If we don't want to use the data from an ancillary chunk,
1053 * we have two options: an error abort, or a warning and we
1054 * ignore the data in this chunk (which should be OK, since
1055 * it's considered ancillary for a RGB or RGBA image).
1056 *
1057 * IMPLEMENTATION NOTE: this is only here because png_crc_finish uses the
1058 * chunk type to determine whether to check the ancillary or the critical
1059 * flags.
1060 */
1061 if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_USE) == 0)
1062 {
1063 if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_NOWARN) != 0)
1064 return;
1065
1066 else
1529
1530 if (length > 0 && !(png_ptr->flags &
1531 PNG_FLAG_BENIGN_ERRORS_WARN))
1532 errmsg = "extra compressed data";
1533
1534 /* But otherwise allow extra data: */
1535 else if (size == 0)
1536 {
1537 if (length > 0)
1538 {
1539 /* This can be handled completely, so
1540 * keep going.
1541 */
1542 png_chunk_warning(png_ptr,
1543 "extra compressed data");
1544 }
1545
1546 png_crc_finish(png_ptr, length);
1547 finished = 1;
1548
1549 # if defined(PNG_sRGB_SUPPORTED) && PNG_sRGB_PROFILE_CHECKS >= 0
1550 /* Check for a match against sRGB */
1551 png_icc_set_sRGB(png_ptr,
1552 &png_ptr->colorspace, profile,
1553 png_ptr->zstream.adler);
1554 # endif
1555
1556 /* Steal the profile for info_ptr. */
1557 if (info_ptr != NULL)
1558 {
1559 png_free_data(png_ptr, info_ptr,
1560 PNG_FREE_ICCP, 0);
1561
1562 info_ptr->iccp_name = png_voidcast(char*,
1563 png_malloc_base(png_ptr,
1564 keyword_length+1));
1565 if (info_ptr->iccp_name != NULL)
1566 {
1567 memcpy(info_ptr->iccp_name, keyword,
1568 keyword_length+1);
1569 info_ptr->iccp_proflen =
1732 for (entry_start = buffer; *entry_start; entry_start++)
1733 /* Empty loop to find end of name */ ;
1734
1735 ++entry_start;
1736
1737 /* A sample depth should follow the separator, and we should be on it */
1738 if (length < 2U || entry_start > buffer + (length - 2U))
1739 {
1740 png_warning(png_ptr, "malformed sPLT chunk");
1741 return;
1742 }
1743
1744 new_palette.depth = *entry_start++;
1745 entry_size = (new_palette.depth == 8 ? 6 : 10);
1746 /* This must fit in a png_uint_32 because it is derived from the original
1747 * chunk data length.
1748 */
1749 data_length = length - (png_uint_32)(entry_start - buffer);
1750
1751 /* Integrity-check the data length */
1752 if ((data_length % (unsigned int)entry_size) != 0)
1753 {
1754 png_warning(png_ptr, "sPLT chunk has bad length");
1755 return;
1756 }
1757
1758 dl = (png_uint_32)(data_length / (unsigned int)entry_size);
1759 max_dl = PNG_SIZE_MAX / (sizeof (png_sPLT_entry));
1760
1761 if (dl > max_dl)
1762 {
1763 png_warning(png_ptr, "sPLT chunk too long");
1764 return;
1765 }
1766
1767 new_palette.nentries = (png_int_32)(data_length / (unsigned int)entry_size);
1768
1769 new_palette.entries = (png_sPLT_entryp)png_malloc_warn(png_ptr,
1770 (png_alloc_size_t) new_palette.nentries * (sizeof (png_sPLT_entry)));
1771
1772 if (new_palette.entries == NULL)
1773 {
1774 png_warning(png_ptr, "sPLT chunk requires too much memory");
1775 return;
1776 }
1777
1778 #ifdef PNG_POINTER_INDEXING_SUPPORTED
1779 for (i = 0; i < new_palette.nentries; i++)
1780 {
1781 pp = new_palette.entries + i;
1782
1783 if (new_palette.depth == 8)
1784 {
1785 pp->red = *entry_start++;
1786 pp->green = *entry_start++;
1787 pp->blue = *entry_start++;
1788 pp->alpha = *entry_start++;
1789 }
1790
3114 PNG_ROWBYTES(pixel_depth, row_width))
3115 png_error(png_ptr, "internal row size calculation error");
3116
3117 /* Don't expect this to ever happen: */
3118 if (row_width == 0)
3119 png_error(png_ptr, "internal row width error");
3120
3121 /* Preserve the last byte in cases where only part of it will be overwritten,
3122 * the multiply below may overflow, we don't care because ANSI-C guarantees
3123 * we get the low bits.
3124 */
3125 end_mask = (pixel_depth * row_width) & 7;
3126 if (end_mask != 0)
3127 {
3128 /* end_ptr == NULL is a flag to say do nothing */
3129 end_ptr = dp + PNG_ROWBYTES(pixel_depth, row_width) - 1;
3130 end_byte = *end_ptr;
3131 # ifdef PNG_READ_PACKSWAP_SUPPORTED
3132 if ((png_ptr->transformations & PNG_PACKSWAP) != 0)
3133 /* little-endian byte */
3134 end_mask = (unsigned int)(0xff << end_mask);
3135
3136 else /* big-endian byte */
3137 # endif
3138 end_mask = 0xff >> end_mask;
3139 /* end_mask is now the bits to *keep* from the destination row */
3140 }
3141
3142 /* For non-interlaced images this reduces to a memcpy(). A memcpy()
3143 * will also happen if interlacing isn't supported or if the application
3144 * does not call png_set_interlace_handling(). In the latter cases the
3145 * caller just gets a sequence of the unexpanded rows from each interlace
3146 * pass.
3147 */
3148 #ifdef PNG_READ_INTERLACING_SUPPORTED
3149 if (png_ptr->interlaced != 0 &&
3150 (png_ptr->transformations & PNG_INTERLACE) != 0 &&
3151 pass < 6 && (display == 0 ||
3152 /* The following copies everything for 'display' on passes 0, 2 and 4. */
3153 (display == 1 && (pass & 1) != 0)))
3154 {
3435 dp += bytes_to_jump;
3436 row_width -= bytes_to_jump;
3437 }
3438
3439 default:
3440 #if PNG_ALIGN_TYPE != PNG_ALIGN_NONE
3441 /* Check for double byte alignment and, if possible, use a
3442 * 16-bit copy. Don't attempt this for narrow images - ones that
3443 * are less than an interlace panel wide. Don't attempt it for
3444 * wide bytes_to_copy either - use the memcpy there.
3445 */
3446 if (bytes_to_copy < 16 /*else use memcpy*/ &&
3447 png_isaligned(dp, png_uint_16) &&
3448 png_isaligned(sp, png_uint_16) &&
3449 bytes_to_copy % (sizeof (png_uint_16)) == 0 &&
3450 bytes_to_jump % (sizeof (png_uint_16)) == 0)
3451 {
3452 /* Everything is aligned for png_uint_16 copies, but try for
3453 * png_uint_32 first.
3454 */
3455 if (png_isaligned(dp, png_uint_32) &&
3456 png_isaligned(sp, png_uint_32) &&
3457 bytes_to_copy % (sizeof (png_uint_32)) == 0 &&
3458 bytes_to_jump % (sizeof (png_uint_32)) == 0)
3459 {
3460 png_uint_32p dp32 = png_aligncast(png_uint_32p,dp);
3461 png_const_uint_32p sp32 = png_aligncastconst(
3462 png_const_uint_32p, sp);
3463 size_t skip = (bytes_to_jump-bytes_to_copy) /
3464 (sizeof (png_uint_32));
3465
3466 do
3467 {
3468 size_t c = bytes_to_copy;
3469 do
3470 {
3471 *dp32++ = *sp32++;
3472 c -= (sizeof (png_uint_32));
3473 }
3474 while (c > 0);
3475
3476 if (row_width <= bytes_to_jump)
3560 #endif /* READ_INTERLACING */
3561
3562 /* If here then the switch above wasn't used so just memcpy the whole row
3563 * from the temporary row buffer (notice that this overwrites the end of the
3564 * destination row if it is a partial byte.)
3565 */
3566 memcpy(dp, sp, PNG_ROWBYTES(pixel_depth, row_width));
3567
3568 /* Restore the overwritten bits from the last byte if necessary. */
3569 if (end_ptr != NULL)
3570 *end_ptr = (png_byte)((end_byte & end_mask) | (*end_ptr & ~end_mask));
3571 }
3572
3573 #ifdef PNG_READ_INTERLACING_SUPPORTED
3574 void /* PRIVATE */
3575 png_do_read_interlace(png_row_infop row_info, png_bytep row, int pass,
3576 png_uint_32 transformations /* Because these may affect the byte layout */)
3577 {
3578 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
3579 /* Offset to next interlace block */
3580 static PNG_CONST unsigned int png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
3581
3582 png_debug(1, "in png_do_read_interlace");
3583 if (row != NULL && row_info != NULL)
3584 {
3585 png_uint_32 final_width;
3586
3587 final_width = row_info->width * png_pass_inc[pass];
3588
3589 switch (row_info->pixel_depth)
3590 {
3591 case 1:
3592 {
3593 png_bytep sp = row + (png_size_t)((row_info->width - 1) >> 3);
3594 png_bytep dp = row + (png_size_t)((final_width - 1) >> 3);
3595 unsigned int sshift, dshift;
3596 unsigned int s_start, s_end;
3597 int s_inc;
3598 int jstop = (int)png_pass_inc[pass];
3599 png_byte v;
3600 png_uint_32 i;
3601 int j;
3602
3603 #ifdef PNG_READ_PACKSWAP_SUPPORTED
3604 if ((transformations & PNG_PACKSWAP) != 0)
3605 {
3606 sshift = ((row_info->width + 7) & 0x07);
3607 dshift = ((final_width + 7) & 0x07);
3608 s_start = 7;
3609 s_end = 0;
3610 s_inc = -1;
3611 }
3612
3613 else
3614 #endif
3615 {
3616 sshift = 7 - ((row_info->width + 7) & 0x07);
3617 dshift = 7 - ((final_width + 7) & 0x07);
3618 s_start = 0;
3619 s_end = 7;
3620 s_inc = 1;
3621 }
3622
3623 for (i = 0; i < row_info->width; i++)
3624 {
3625 v = (png_byte)((*sp >> sshift) & 0x01);
3626 for (j = 0; j < jstop; j++)
3627 {
3628 unsigned int tmp = *dp & (0x7f7f >> (7 - dshift));
3629 tmp |= (unsigned int)(v << dshift);
3630 *dp = (png_byte)(tmp & 0xff);
3631
3632 if (dshift == s_end)
3633 {
3634 dshift = s_start;
3635 dp--;
3636 }
3637
3638 else
3639 dshift = (unsigned int)((int)dshift + s_inc);
3640 }
3641
3642 if (sshift == s_end)
3643 {
3644 sshift = s_start;
3645 sp--;
3646 }
3647
3648 else
3649 sshift = (unsigned int)((int)sshift + s_inc);
3650 }
3651 break;
3652 }
3653
3654 case 2:
3655 {
3656 png_bytep sp = row + (png_uint_32)((row_info->width - 1) >> 2);
3657 png_bytep dp = row + (png_uint_32)((final_width - 1) >> 2);
3658 unsigned int sshift, dshift;
3659 unsigned int s_start, s_end;
3660 int s_inc;
3661 int jstop = (int)png_pass_inc[pass];
3662 png_uint_32 i;
3663
3664 #ifdef PNG_READ_PACKSWAP_SUPPORTED
3665 if ((transformations & PNG_PACKSWAP) != 0)
3666 {
3667 sshift = (((row_info->width + 3) & 0x03) << 1);
3668 dshift = (((final_width + 3) & 0x03) << 1);
3669 s_start = 6;
3670 s_end = 0;
3671 s_inc = -2;
3672 }
3673
3674 else
3675 #endif
3676 {
3677 sshift = ((3 - ((row_info->width + 3) & 0x03)) << 1);
3678 dshift = ((3 - ((final_width + 3) & 0x03)) << 1);
3679 s_start = 0;
3680 s_end = 6;
3681 s_inc = 2;
3682 }
3683
3684 for (i = 0; i < row_info->width; i++)
3685 {
3686 png_byte v;
3687 int j;
3688
3689 v = (png_byte)((*sp >> sshift) & 0x03);
3690 for (j = 0; j < jstop; j++)
3691 {
3692 unsigned int tmp = *dp & (0x3f3f >> (6 - dshift));
3693 tmp |= (unsigned int)(v << dshift);
3694 *dp = (png_byte)(tmp & 0xff);
3695
3696 if (dshift == s_end)
3697 {
3698 dshift = s_start;
3699 dp--;
3700 }
3701
3702 else
3703 dshift = (unsigned int)((int)dshift + s_inc);
3704 }
3705
3706 if (sshift == s_end)
3707 {
3708 sshift = s_start;
3709 sp--;
3710 }
3711
3712 else
3713 sshift = (unsigned int)((int)sshift + s_inc);
3714 }
3715 break;
3716 }
3717
3718 case 4:
3719 {
3720 png_bytep sp = row + (png_size_t)((row_info->width - 1) >> 1);
3721 png_bytep dp = row + (png_size_t)((final_width - 1) >> 1);
3722 unsigned int sshift, dshift;
3723 unsigned int s_start, s_end;
3724 int s_inc;
3725 png_uint_32 i;
3726 int jstop = (int)png_pass_inc[pass];
3727
3728 #ifdef PNG_READ_PACKSWAP_SUPPORTED
3729 if ((transformations & PNG_PACKSWAP) != 0)
3730 {
3731 sshift = (((row_info->width + 1) & 0x01) << 2);
3732 dshift = (((final_width + 1) & 0x01) << 2);
3733 s_start = 4;
3734 s_end = 0;
3735 s_inc = -4;
3736 }
3737
3738 else
3739 #endif
3740 {
3741 sshift = ((1 - ((row_info->width + 1) & 0x01)) << 2);
3742 dshift = ((1 - ((final_width + 1) & 0x01)) << 2);
3743 s_start = 0;
3744 s_end = 4;
3745 s_inc = 4;
3746 }
3747
3748 for (i = 0; i < row_info->width; i++)
3749 {
3750 png_byte v = (png_byte)((*sp >> sshift) & 0x0f);
3751 int j;
3752
3753 for (j = 0; j < jstop; j++)
3754 {
3755 unsigned int tmp = *dp & (0xf0f >> (4 - dshift));
3756 tmp |= (unsigned int)(v << dshift);
3757 *dp = (png_byte)(tmp & 0xff);
3758
3759 if (dshift == s_end)
3760 {
3761 dshift = s_start;
3762 dp--;
3763 }
3764
3765 else
3766 dshift = (unsigned int)((int)dshift + s_inc);
3767 }
3768
3769 if (sshift == s_end)
3770 {
3771 sshift = s_start;
3772 sp--;
3773 }
3774
3775 else
3776 sshift = (unsigned int)((int)sshift + s_inc);
3777 }
3778 break;
3779 }
3780
3781 default:
3782 {
3783 png_size_t pixel_bytes = (row_info->pixel_depth >> 3);
3784
3785 png_bytep sp = row + (png_size_t)(row_info->width - 1)
3786 * pixel_bytes;
3787
3788 png_bytep dp = row + (png_size_t)(final_width - 1) * pixel_bytes;
3789
3790 int jstop = (int)png_pass_inc[pass];
3791 png_uint_32 i;
3792
3793 for (i = 0; i < row_info->width; i++)
3794 {
3795 png_byte v[8]; /* SAFE; pixel_depth does not exceed 64 */
3796 int j;
3797
3798 memcpy(v, sp, pixel_bytes);
3799
3800 for (j = 0; j < jstop; j++)
3801 {
3802 memcpy(dp, v, pixel_bytes);
3803 dp -= pixel_bytes;
3804 }
3805
3806 sp -= pixel_bytes;
3807 }
3808 break;
3809 }
3810 }
3914
3915 /* Find the best predictor, the least of pa, pb, pc favoring the earlier
3916 * ones in the case of a tie.
3917 */
3918 if (pb < pa) pa = pb, a = b;
3919 if (pc < pa) a = c;
3920
3921 /* Calculate the current pixel in a, and move the previous row pixel to c
3922 * for the next time round the loop
3923 */
3924 c = b;
3925 a += *row;
3926 *row++ = (png_byte)a;
3927 }
3928 }
3929
3930 static void
3931 png_read_filter_row_paeth_multibyte_pixel(png_row_infop row_info, png_bytep row,
3932 png_const_bytep prev_row)
3933 {
3934 unsigned int bpp = (row_info->pixel_depth + 7) >> 3;
3935 png_bytep rp_end = row + bpp;
3936
3937 /* Process the first pixel in the row completely (this is the same as 'up'
3938 * because there is only one candidate predictor for the first row).
3939 */
3940 while (row < rp_end)
3941 {
3942 int a = *row + *prev_row++;
3943 *row++ = (png_byte)a;
3944 }
3945
3946 /* Remainder */
3947 rp_end = rp_end + (row_info->rowbytes - bpp);
3948
3949 while (row < rp_end)
3950 {
3951 int a, b, c, pa, pb, pc, p;
3952
3953 c = *(prev_row - bpp);
3954 a = *(row - bpp);
3955 b = *prev_row++;
3956
3957 p = b - c;
3958 pc = a - c;
3959
3960 #ifdef PNG_USE_ABS
3961 pa = abs(p);
3962 pb = abs(pc);
3963 pc = abs(p + pc);
3964 #else
3965 pa = p < 0 ? -p : p;
3966 pb = pc < 0 ? -pc : pc;
3967 pc = (p + pc) < 0 ? -(p + pc) : p + pc;
4272 }
4273 #endif /* SEQUENTIAL_READ */
4274
4275 void /* PRIVATE */
4276 png_read_start_row(png_structrp png_ptr)
4277 {
4278 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
4279
4280 /* Start of interlace block */
4281 static PNG_CONST png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
4282
4283 /* Offset to next interlace block */
4284 static PNG_CONST png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
4285
4286 /* Start of interlace block in the y direction */
4287 static PNG_CONST png_byte png_pass_ystart[7] = {0, 0, 4, 0, 2, 0, 1};
4288
4289 /* Offset to next interlace block in the y direction */
4290 static PNG_CONST png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
4291
4292 unsigned int max_pixel_depth;
4293 png_size_t row_bytes;
4294
4295 png_debug(1, "in png_read_start_row");
4296
4297 #ifdef PNG_READ_TRANSFORMS_SUPPORTED
4298 png_init_read_transformations(png_ptr);
4299 #endif
4300 if (png_ptr->interlaced != 0)
4301 {
4302 if ((png_ptr->transformations & PNG_INTERLACE) == 0)
4303 png_ptr->num_rows = (png_ptr->height + png_pass_yinc[0] - 1 -
4304 png_pass_ystart[0]) / png_pass_yinc[0];
4305
4306 else
4307 png_ptr->num_rows = png_ptr->height;
4308
4309 png_ptr->iwidth = (png_ptr->width +
4310 png_pass_inc[png_ptr->pass] - 1 -
4311 png_pass_start[png_ptr->pass]) /
4312 png_pass_inc[png_ptr->pass];
4313 }
4314
4315 else
4316 {
4317 png_ptr->num_rows = png_ptr->height;
4318 png_ptr->iwidth = png_ptr->width;
4319 }
4320
4321 max_pixel_depth = (unsigned int)png_ptr->pixel_depth;
4322
4323 /* WARNING: * png_read_transform_info (pngrtran.c) performs a simpler set of
4324 * calculations to calculate the final pixel depth, then
4325 * png_do_read_transforms actually does the transforms. This means that the
4326 * code which effectively calculates this value is actually repeated in three
4327 * separate places. They must all match. Innocent changes to the order of
4328 * transformations can and will break libpng in a way that causes memory
4329 * overwrites.
4330 *
4331 * TODO: fix this.
4332 */
4333 #ifdef PNG_READ_PACK_SUPPORTED
4334 if ((png_ptr->transformations & PNG_PACK) != 0 && png_ptr->bit_depth < 8)
4335 max_pixel_depth = 8;
4336 #endif
4337
4338 #ifdef PNG_READ_EXPAND_SUPPORTED
4339 if ((png_ptr->transformations & PNG_EXPAND) != 0)
4340 {
4341 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
4436 if (png_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
4437 max_pixel_depth = 32;
4438
4439 else
4440 max_pixel_depth = 24;
4441 }
4442
4443 else if (png_ptr->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
4444 max_pixel_depth = 64;
4445
4446 else
4447 max_pixel_depth = 48;
4448 }
4449 }
4450 #endif
4451
4452 #if defined(PNG_READ_USER_TRANSFORM_SUPPORTED) && \
4453 defined(PNG_USER_TRANSFORM_PTR_SUPPORTED)
4454 if ((png_ptr->transformations & PNG_USER_TRANSFORM) != 0)
4455 {
4456 unsigned int user_pixel_depth = png_ptr->user_transform_depth *
4457 png_ptr->user_transform_channels;
4458
4459 if (user_pixel_depth > max_pixel_depth)
4460 max_pixel_depth = user_pixel_depth;
4461 }
4462 #endif
4463
4464 /* This value is stored in png_struct and double checked in the row read
4465 * code.
4466 */
4467 png_ptr->maximum_pixel_depth = (png_byte)max_pixel_depth;
4468 png_ptr->transformed_pixel_depth = 0; /* calculated on demand */
4469
4470 /* Align the width on the next larger 8 pixels. Mainly used
4471 * for interlacing
4472 */
4473 row_bytes = ((png_ptr->width + 7) & ~((png_uint_32)7));
4474 /* Calculate the maximum bytes needed, adding a byte and a pixel
4475 * for safety's sake
4476 */
4477 row_bytes = PNG_ROWBYTES(max_pixel_depth, row_bytes) +
4478 1 + ((max_pixel_depth + 7) >> 3U);
4479
4480 #ifdef PNG_MAX_MALLOC_64K
4481 if (row_bytes > (png_uint_32)65536L)
4482 png_error(png_ptr, "This image requires a row greater than 64KB");
4483 #endif
4484
4485 if (row_bytes + 48 > png_ptr->old_big_row_buf_size)
4486 {
4487 png_free(png_ptr, png_ptr->big_row_buf);
4488 png_free(png_ptr, png_ptr->big_prev_row);
4489
4490 if (png_ptr->interlaced != 0)
4491 png_ptr->big_row_buf = (png_bytep)png_calloc(png_ptr,
4492 row_bytes + 48);
4493
4494 else
4495 png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes + 48);
4496
4497 png_ptr->big_prev_row = (png_bytep)png_malloc(png_ptr, row_bytes + 48);
4498
4527 png_error(png_ptr, "This image requires a row greater than 64KB");
4528
4529 #endif
4530 if (png_ptr->rowbytes > (PNG_SIZE_MAX - 1))
4531 png_error(png_ptr, "Row has too many bytes to allocate in memory");
4532
4533 memset(png_ptr->prev_row, 0, png_ptr->rowbytes + 1);
4534
4535 png_debug1(3, "width = %u,", png_ptr->width);
4536 png_debug1(3, "height = %u,", png_ptr->height);
4537 png_debug1(3, "iwidth = %u,", png_ptr->iwidth);
4538 png_debug1(3, "num_rows = %u,", png_ptr->num_rows);
4539 png_debug1(3, "rowbytes = %lu,", (unsigned long)png_ptr->rowbytes);
4540 png_debug1(3, "irowbytes = %lu",
4541 (unsigned long)PNG_ROWBYTES(png_ptr->pixel_depth, png_ptr->iwidth) + 1);
4542
4543 /* The sequential reader needs a buffer for IDAT, but the progressive reader
4544 * does not, so free the read buffer now regardless; the sequential reader
4545 * reallocates it on demand.
4546 */
4547 if (png_ptr->read_buffer != NULL)
4548 {
4549 png_bytep buffer = png_ptr->read_buffer;
4550
4551 png_ptr->read_buffer_size = 0;
4552 png_ptr->read_buffer = NULL;
4553 png_free(png_ptr, buffer);
4554 }
4555
4556 /* Finally claim the zstream for the inflate of the IDAT data, use the bits
4557 * value from the stream (note that this will result in a fatal error if the
4558 * IDAT stream has a bogus deflate header window_bits value, but this should
4559 * not be happening any longer!)
4560 */
4561 if (png_inflate_claim(png_ptr, png_IDAT) != Z_OK)
4562 png_error(png_ptr, png_ptr->zstream.msg);
4563
4564 png_ptr->flags |= PNG_FLAG_ROW_INIT;
4565 }
4566 #endif /* READ */
|