/src/libpng/pngmem.c

Source (jump to first uncovered line)

/* pngmem.c - stub functions for memory allocation
 *
 * Copyright (c) 2018 Cosmin Truta
 * Copyright (c) 1998-2002,2004,2006-2014,2016 Glenn Randers-Pehrson
 * Copyright (c) 1996-1997 Andreas Dilger
 * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
 *
 * This code is released under the libpng license.
 * For conditions of distribution and use, see the disclaimer
 * and license in png.h
 *
 * This file provides a location for all memory allocation.  Users who
 * need special memory handling are expected to supply replacement
 * functions for png_malloc() and png_free(), and to use
 * png_create_read_struct_2() and png_create_write_struct_2() to
 * identify the replacement functions.
 */

#include "pngpriv.h"

#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
/* Free a png_struct */
void /* PRIVATE */
png_destroy_png_struct(png_structrp png_ptr)
{
   if (png_ptr != NULL)
   {
      /* png_free might call png_error and may certainly call
       * png_get_mem_ptr, so fake a temporary png_struct to support this.
       */
      png_struct dummy_struct = *png_ptr;
      memset(png_ptr, 0, (sizeof *png_ptr));
      png_free(&dummy_struct, png_ptr);

#     ifdef PNG_SETJMP_SUPPORTED
         /* We may have a jmp_buf left to deallocate. */
         png_free_jmpbuf(&dummy_struct);
#     endif
   }
}

/* Allocate memory.  For reasonable files, size should never exceed
 * 64K.  However, zlib may allocate more than 64K if you don't tell
 * it not to.  See zconf.h and png.h for more information.  zlib does
 * need to allocate exactly 64K, so whatever you call here must
 * have the ability to do that.
 */
PNG_FUNCTION(png_voidp,PNGAPI
png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
{
   png_voidp ret;

   ret = png_malloc(png_ptr, size);

   if (ret != NULL)
      memset(ret, 0, size);

   return ret;
}

/* png_malloc_base, an internal function added at libpng 1.6.0, does the work of
 * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED.
 * Checking and error handling must happen outside this routine; it returns NULL
 * if the allocation cannot be done (for any reason.)
 */
PNG_FUNCTION(png_voidp /* PRIVATE */,
png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size),
    PNG_ALLOCATED)
{
   /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS
    * allocators have also been removed in 1.6.0, so any 16-bit system now has
    * to implement a user memory handler.  This checks to be sure it isn't
    * called with big numbers.
    */
#ifndef PNG_USER_MEM_SUPPORTED
   PNG_UNUSED(png_ptr)
#endif

   /* Some compilers complain that this is always true.  However, it
    * can be false when integer overflow happens.
    */
   if (size > 0 && size <= PNG_SIZE_MAX
#     ifdef PNG_MAX_MALLOC_64K
         && size <= 65536U
#     endif
      )
   {
#ifdef PNG_USER_MEM_SUPPORTED
      if (png_ptr != NULL && png_ptr->malloc_fn != NULL)
         return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size);

      else
#endif
         return malloc((size_t)size); /* checked for truncation above */
   }

   else
      return NULL;
}

#if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\
   defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED)
/* This is really here only to work round a spurious warning in GCC 4.6 and 4.7
 * that arises because of the checks in png_realloc_array that are repeated in
 * png_malloc_array.
 */
static png_voidp
png_malloc_array_checked(png_const_structrp png_ptr, int nelements,
    size_t element_size)
{
   png_alloc_size_t req = (png_alloc_size_t)nelements; /* known to be > 0 */

   if (req <= PNG_SIZE_MAX/element_size)
      return png_malloc_base(png_ptr, req * element_size);

   /* The failure case when the request is too large */
   return NULL;
}

PNG_FUNCTION(png_voidp /* PRIVATE */,
png_malloc_array,(png_const_structrp png_ptr, int nelements,
    size_t element_size),PNG_ALLOCATED)
{
   if (nelements <= 0 || element_size == 0)
      png_error(png_ptr, "internal error: array alloc");

   return png_malloc_array_checked(png_ptr, nelements, element_size);
}

PNG_FUNCTION(png_voidp /* PRIVATE */,
png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array,
    int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED)
{
   /* These are internal errors: */
   if (add_elements <= 0 || element_size == 0 || old_elements < 0 ||
      (old_array == NULL && old_elements > 0))
      png_error(png_ptr, "internal error: array realloc");

   /* Check for overflow on the elements count (so the caller does not have to
    * check.)
    */
   if (add_elements <= INT_MAX - old_elements)
   {
      png_voidp new_array = png_malloc_array_checked(png_ptr,
          old_elements+add_elements, element_size);

      if (new_array != NULL)
      {
         /* Because png_malloc_array worked the size calculations below cannot
          * overflow.
          */
         if (old_elements > 0)
            memcpy(new_array, old_array, element_size*(unsigned)old_elements);

         memset((char*)new_array + element_size*(unsigned)old_elements, 0,
             element_size*(unsigned)add_elements);

         return new_array;
      }
   }

   return NULL; /* error */
}
#endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */

/* Various functions that have different error handling are derived from this.
 * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate
 * function png_malloc_default is also provided.
 */
PNG_FUNCTION(png_voidp,PNGAPI
png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
{
   png_voidp ret;

   if (png_ptr == NULL)
      return NULL;

   ret = png_malloc_base(png_ptr, size);

   if (ret == NULL)
       png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */

   return ret;
}

#ifdef PNG_USER_MEM_SUPPORTED
PNG_FUNCTION(png_voidp,PNGAPI
png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size),
    PNG_ALLOCATED PNG_DEPRECATED)
{
   png_voidp ret;

   if (png_ptr == NULL)
      return NULL;

   /* Passing 'NULL' here bypasses the application provided memory handler. */
   ret = png_malloc_base(NULL/*use malloc*/, size);

   if (ret == NULL)
      png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */

   return ret;
}
#endif /* USER_MEM */

/* This function was added at libpng version 1.2.3.  The png_malloc_warn()
 * function will issue a png_warning and return NULL instead of issuing a
 * png_error, if it fails to allocate the requested memory.
 */
PNG_FUNCTION(png_voidp,PNGAPI
png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size),
    PNG_ALLOCATED)
{
   if (png_ptr != NULL)
   {
      png_voidp ret = png_malloc_base(png_ptr, size);

      if (ret != NULL)
         return ret;

      png_warning(png_ptr, "Out of memory");
   }

   return NULL;
}

/* Free a pointer allocated by png_malloc().  If ptr is NULL, return
 * without taking any action.
 */
void PNGAPI
png_free(png_const_structrp png_ptr, png_voidp ptr)
{
   if (png_ptr == NULL || ptr == NULL)
      return;

#ifdef PNG_USER_MEM_SUPPORTED
   if (png_ptr->free_fn != NULL)
      png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr);

   else
      png_free_default(png_ptr, ptr);
}

PNG_FUNCTION(void,PNGAPI
png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED)
{
   if (png_ptr == NULL || ptr == NULL)
      return;
#endif /* USER_MEM */

   free(ptr);
}

#ifdef PNG_USER_MEM_SUPPORTED
/* This function is called when the application wants to use another method
 * of allocating and freeing memory.
 */
void PNGAPI
png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr
  malloc_fn, png_free_ptr free_fn)
{
   if (png_ptr != NULL)
   {
      png_ptr->mem_ptr = mem_ptr;
      png_ptr->malloc_fn = malloc_fn;
      png_ptr->free_fn = free_fn;
   }
}

/* This function returns a pointer to the mem_ptr associated with the user
 * functions.  The application should free any memory associated with this
 * pointer before png_write_destroy and png_read_destroy are called.
 */
png_voidp PNGAPI
png_get_mem_ptr(png_const_structrp png_ptr)
{
   if (png_ptr == NULL)
      return NULL;

   return png_ptr->mem_ptr;
}
#endif /* USER_MEM */
#endif /* READ || WRITE */

Coverage Report

Created: 2024-01-20 12:29

Line	Count	Source (jump to first uncovered line)
1
2		/* pngmem.c - stub functions for memory allocation
3		*
4		* Copyright (c) 2018 Cosmin Truta
5		* Copyright (c) 1998-2002,2004,2006-2014,2016 Glenn Randers-Pehrson
6		* Copyright (c) 1996-1997 Andreas Dilger
7		* Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
8		*
9		* This code is released under the libpng license.
10		* For conditions of distribution and use, see the disclaimer
11		* and license in png.h
12		*
13		* This file provides a location for all memory allocation. Users who
14		* need special memory handling are expected to supply replacement
15		* functions for png_malloc() and png_free(), and to use
16		* png_create_read_struct_2() and png_create_write_struct_2() to
17		* identify the replacement functions.
18		*/
19
20		#include "pngpriv.h"
21
22		#if defined(PNG_READ_SUPPORTED) \|\| defined(PNG_WRITE_SUPPORTED)
23		/* Free a png_struct */
24		void /* PRIVATE */
25		png_destroy_png_struct(png_structrp png_ptr)
26	21.1k	{
27	21.1k	if (png_ptr != NULL)
28	21.1k	{
29		/* png_free might call png_error and may certainly call
30		* png_get_mem_ptr, so fake a temporary png_struct to support this.
31		*/
32	21.1k	png_struct dummy_struct = *png_ptr;
33	21.1k	memset(png_ptr, 0, (sizeof *png_ptr));
34	21.1k	png_free(&dummy_struct, png_ptr);
35
36	21.1k	# ifdef PNG_SETJMP_SUPPORTED
37		/* We may have a jmp_buf left to deallocate. */
38	21.1k	png_free_jmpbuf(&dummy_struct);
39	21.1k	# endif
40	21.1k	}
41	21.1k	}
42
43		/* Allocate memory. For reasonable files, size should never exceed
44		* 64K. However, zlib may allocate more than 64K if you don't tell
45		* it not to. See zconf.h and png.h for more information. zlib does
46		* need to allocate exactly 64K, so whatever you call here must
47		* have the ability to do that.
48		*/
49		PNG_FUNCTION(png_voidp,PNGAPI
50		png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
51	8.34k	{
52	8.34k	png_voidp ret;
53
54	8.34k	ret = png_malloc(png_ptr, size);
55
56	8.34k	if (ret != NULL)
57	8.34k	memset(ret, 0, size);
58
59	8.34k	return ret;
60	8.34k	}
61
62		/* png_malloc_base, an internal function added at libpng 1.6.0, does the work of
63		* allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED.
64		* Checking and error handling must happen outside this routine; it returns NULL
65		* if the allocation cannot be done (for any reason.)
66		*/
67		PNG_FUNCTION(png_voidp /* PRIVATE */,
68		png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size),
69		PNG_ALLOCATED)
70	267k	{
71		/* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS
72		* allocators have also been removed in 1.6.0, so any 16-bit system now has
73		* to implement a user memory handler. This checks to be sure it isn't
74		* called with big numbers.
75		*/
76		#ifndef PNG_USER_MEM_SUPPORTED
77		PNG_UNUSED(png_ptr)
78		#endif
79
80		/* Some compilers complain that this is always true. However, it
81		* can be false when integer overflow happens.
82		*/
83	267k	if (size > 0 && size <= PNG_SIZE_MAX
84		# ifdef PNG_MAX_MALLOC_64K
85		&& size <= 65536U
86		# endif
87	267k	)
88	264k	{
89	264k	#ifdef PNG_USER_MEM_SUPPORTED
90	264k	if (png_ptr != NULL && png_ptr->malloc_fn != NULL)
91	200k	return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size);
92
93	63.5k	else
94	63.5k	#endif
95	63.5k	return malloc((size_t)size); /* checked for truncation above */
96	264k	}
97
98	3.14k	else
99	3.14k	return NULL;
100	267k	}
101
102		#if defined(PNG_TEXT_SUPPORTED) \|\| defined(PNG_sPLT_SUPPORTED) \|\|\
103		defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED)
104		/* This is really here only to work round a spurious warning in GCC 4.6 and 4.7
105		* that arises because of the checks in png_realloc_array that are repeated in
106		* png_malloc_array.
107		*/
108		static png_voidp
109		png_malloc_array_checked(png_const_structrp png_ptr, int nelements,
110		size_t element_size)
111	22.0k	{
112	22.0k	png_alloc_size_t req = (png_alloc_size_t)nelements; /* known to be > 0 */
113
114	22.0k	if (req <= PNG_SIZE_MAX/element_size)
115	22.0k	return png_malloc_base(png_ptr, req * element_size);
116
117		/* The failure case when the request is too large */
118	0	return NULL;
119	22.0k	}
120
121		PNG_FUNCTION(png_voidp /* PRIVATE */,
122		png_malloc_array,(png_const_structrp png_ptr, int nelements,
123		size_t element_size),PNG_ALLOCATED)
124	6.18k	{
125	6.18k	if (nelements <= 0 \|\| element_size == 0)
126	0	png_error(png_ptr, "internal error: array alloc");
127
128	6.18k	return png_malloc_array_checked(png_ptr, nelements, element_size);
129	6.18k	}
130
131		PNG_FUNCTION(png_voidp /* PRIVATE */,
132		png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array,
133		int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED)
134	15.9k	{
135		/* These are internal errors: */
136	15.9k	if (add_elements <= 0 \|\| element_size == 0 \|\| old_elements < 0 \|\|
137	15.9k	(old_array == NULL && old_elements > 0))
138	0	png_error(png_ptr, "internal error: array realloc");
139
140		/* Check for overflow on the elements count (so the caller does not have to
141		* check.)
142		*/
143	15.9k	if (add_elements <= INT_MAX - old_elements)
144	15.9k	{
145	15.9k	png_voidp new_array = png_malloc_array_checked(png_ptr,
146	15.9k	old_elements+add_elements, element_size);
147
148	15.9k	if (new_array != NULL)
149	15.9k	{
150		/* Because png_malloc_array worked the size calculations below cannot
151		* overflow.
152		*/
153	15.9k	if (old_elements > 0)
154	7.55k	memcpy(new_array, old_array, element_size*(unsigned)old_elements);
155
156	15.9k	memset((char)new_array + element_size(unsigned)old_elements, 0,
157	15.9k	element_size*(unsigned)add_elements);
158
159	15.9k	return new_array;
160	15.9k	}
161	15.9k	}
162
163	0	return NULL; /* error */
164	15.9k	}
165		#endif /* TEXT \|\| sPLT \|\| STORE_UNKNOWN_CHUNKS */
166
167		/* Various functions that have different error handling are derived from this.
168		* png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate
169		* function png_malloc_default is also provided.
170		*/
171		PNG_FUNCTION(png_voidp,PNGAPI
172		png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
173	42.4k	{
174	42.4k	png_voidp ret;
175
176	42.4k	if (png_ptr == NULL)
177	0	return NULL;
178
179	42.4k	ret = png_malloc_base(png_ptr, size);
180
181	42.4k	if (ret == NULL)
182	0	png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */
183
184	42.4k	return ret;
185	42.4k	}
186
187		#ifdef PNG_USER_MEM_SUPPORTED
188		PNG_FUNCTION(png_voidp,PNGAPI
189		png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size),
190		PNG_ALLOCATED PNG_DEPRECATED)
191	0	{
192	0	png_voidp ret;
193
194	0	if (png_ptr == NULL)
195	0	return NULL;
196
197		/* Passing 'NULL' here bypasses the application provided memory handler. */
198	0	ret = png_malloc_base(NULL/use malloc/, size);
199
200	0	if (ret == NULL)
201	0	png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */
202
203	0	return ret;
204	0	}
205		#endif /* USER_MEM */
206
207		/* This function was added at libpng version 1.2.3. The png_malloc_warn()
208		* function will issue a png_warning and return NULL instead of issuing a
209		* png_error, if it fails to allocate the requested memory.
210		*/
211		PNG_FUNCTION(png_voidp,PNGAPI
212		png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size),
213		PNG_ALLOCATED)
214	87.1k	{
215	87.1k	if (png_ptr != NULL)
216	87.1k	{
217	87.1k	png_voidp ret = png_malloc_base(png_ptr, size);
218
219	87.1k	if (ret != NULL)
220	84.1k	return ret;
221
222	3.05k	png_warning(png_ptr, "Out of memory");
223	3.05k	}
224
225	3.05k	return NULL;
226	87.1k	}
227
228		/* Free a pointer allocated by png_malloc(). If ptr is NULL, return
229		* without taking any action.
230		*/
231		void PNGAPI
232		png_free(png_const_structrp png_ptr, png_voidp ptr)
233	507k	{
234	507k	if (png_ptr == NULL \|\| ptr == NULL)
235	244k	return;
236
237	263k	#ifdef PNG_USER_MEM_SUPPORTED
238	263k	if (png_ptr->free_fn != NULL)
239	263k	png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr);
240
241	0	else
242	0	png_free_default(png_ptr, ptr);
243	263k	}
244
245		PNG_FUNCTION(void,PNGAPI
246		png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED)
247	0	{
248	0	if (png_ptr == NULL \|\| ptr == NULL)
249	0	return;
250	0	#endif /* USER_MEM */
251
252	0	free(ptr);
253	0	}
254
255		#ifdef PNG_USER_MEM_SUPPORTED
256		/* This function is called when the application wants to use another method
257		* of allocating and freeing memory.
258		*/
259		void PNGAPI
260		png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr
261		malloc_fn, png_free_ptr free_fn)
262	42.3k	{
263	42.3k	if (png_ptr != NULL)
264	42.3k	{
265	42.3k	png_ptr->mem_ptr = mem_ptr;
266	42.3k	png_ptr->malloc_fn = malloc_fn;
267	42.3k	png_ptr->free_fn = free_fn;
268	42.3k	}
269	42.3k	}
270
271		/* This function returns a pointer to the mem_ptr associated with the user
272		* functions. The application should free any memory associated with this
273		* pointer before png_write_destroy and png_read_destroy are called.
274		*/
275		png_voidp PNGAPI
276		png_get_mem_ptr(png_const_structrp png_ptr)
277	0	{
278	0	if (png_ptr == NULL)
279	0	return NULL;
280
281	0	return png_ptr->mem_ptr;
282	0	}
283		#endif /* USER_MEM */
284		#endif /* READ \|\| WRITE */