/src/gdk-pixbuf/subprojects/libpng-1.6.55/pngpread.c
Line | Count | Source |
1 | | /* pngpread.c - read a png file in push mode |
2 | | * |
3 | | * Copyright (c) 2018-2025 Cosmin Truta |
4 | | * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson |
5 | | * Copyright (c) 1996-1997 Andreas Dilger |
6 | | * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. |
7 | | * |
8 | | * This code is released under the libpng license. |
9 | | * For conditions of distribution and use, see the disclaimer |
10 | | * and license in png.h |
11 | | */ |
12 | | |
13 | | #include "pngpriv.h" |
14 | | |
15 | | #ifdef PNG_PROGRESSIVE_READ_SUPPORTED |
16 | | |
17 | | /* Push model modes */ |
18 | 820 | #define PNG_READ_SIG_MODE 0 |
19 | 147k | #define PNG_READ_CHUNK_MODE 1 |
20 | 16.8k | #define PNG_READ_IDAT_MODE 2 |
21 | | #define PNG_READ_tEXt_MODE 4 |
22 | | #define PNG_READ_zTXt_MODE 5 |
23 | 87 | #define PNG_READ_DONE_MODE 6 |
24 | | #define PNG_READ_iTXt_MODE 7 |
25 | | #define PNG_ERROR_MODE 8 |
26 | | |
27 | 145k | #define PNG_PUSH_SAVE_BUFFER_IF_FULL \ |
28 | 145k | if (png_ptr->push_length + 4 > png_ptr->buffer_size) \ |
29 | 145k | { png_push_save_buffer(png_ptr); return; } |
30 | 121k | #define PNG_PUSH_SAVE_BUFFER_IF_LT(N) \ |
31 | 121k | if (png_ptr->buffer_size < N) \ |
32 | 121k | { png_push_save_buffer(png_ptr); return; } |
33 | | |
34 | | #ifdef PNG_READ_INTERLACING_SUPPORTED |
35 | | /* Arrays to facilitate interlacing - use pass (0 - 6) as index. */ |
36 | | |
37 | | /* Start of interlace block */ |
38 | | static const png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0}; |
39 | | /* Offset to next interlace block */ |
40 | | static const png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1}; |
41 | | /* Start of interlace block in the y direction */ |
42 | | static const png_byte png_pass_ystart[7] = {0, 0, 4, 0, 2, 0, 1}; |
43 | | /* Offset to next interlace block in the y direction */ |
44 | | static const png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2}; |
45 | | |
46 | | /* TODO: Move these arrays to a common utility module to avoid duplication. */ |
47 | | #endif |
48 | | |
49 | | void PNGAPI |
50 | | png_process_data(png_structrp png_ptr, png_inforp info_ptr, |
51 | | png_bytep buffer, size_t buffer_size) |
52 | 46.8k | { |
53 | 46.8k | if (png_ptr == NULL || info_ptr == NULL) |
54 | 0 | return; |
55 | | |
56 | 46.8k | png_push_restore_buffer(png_ptr, buffer, buffer_size); |
57 | | |
58 | 210k | while (png_ptr->buffer_size) |
59 | 163k | { |
60 | 163k | png_process_some_data(png_ptr, info_ptr); |
61 | 163k | } |
62 | 46.8k | } |
63 | | |
64 | | size_t PNGAPI |
65 | | png_process_data_pause(png_structrp png_ptr, int save) |
66 | 0 | { |
67 | 0 | if (png_ptr != NULL) |
68 | 0 | { |
69 | | /* It's easiest for the caller if we do the save; then the caller doesn't |
70 | | * have to supply the same data again: |
71 | | */ |
72 | 0 | if (save != 0) |
73 | 0 | png_push_save_buffer(png_ptr); |
74 | 0 | else |
75 | 0 | { |
76 | | /* This includes any pending saved bytes: */ |
77 | 0 | size_t remaining = png_ptr->buffer_size; |
78 | 0 | png_ptr->buffer_size = 0; |
79 | | |
80 | | /* So subtract the saved buffer size, unless all the data |
81 | | * is actually 'saved', in which case we just return 0 |
82 | | */ |
83 | 0 | if (png_ptr->save_buffer_size < remaining) |
84 | 0 | return remaining - png_ptr->save_buffer_size; |
85 | 0 | } |
86 | 0 | } |
87 | | |
88 | 0 | return 0; |
89 | 0 | } |
90 | | |
91 | | png_uint_32 PNGAPI |
92 | | png_process_data_skip(png_structrp png_ptr) |
93 | 0 | { |
94 | | /* TODO: Deprecate and remove this API. |
95 | | * Somewhere the implementation of this seems to have been lost, |
96 | | * or abandoned. It was only to support some internal back-door access |
97 | | * to png_struct) in libpng-1.4.x. |
98 | | */ |
99 | 0 | png_app_warning(png_ptr, |
100 | 0 | "png_process_data_skip is not implemented in any current version of libpng"); |
101 | 0 | return 0; |
102 | 0 | } |
103 | | |
104 | | /* What we do with the incoming data depends on what we were previously |
105 | | * doing before we ran out of data... |
106 | | */ |
107 | | void /* PRIVATE */ |
108 | | png_process_some_data(png_structrp png_ptr, png_inforp info_ptr) |
109 | 163k | { |
110 | 163k | if (png_ptr == NULL) |
111 | 0 | return; |
112 | | |
113 | 163k | switch (png_ptr->process_mode) |
114 | 163k | { |
115 | 820 | case PNG_READ_SIG_MODE: |
116 | 820 | { |
117 | 820 | png_push_read_sig(png_ptr, info_ptr); |
118 | 820 | break; |
119 | 0 | } |
120 | | |
121 | 146k | case PNG_READ_CHUNK_MODE: |
122 | 146k | { |
123 | 146k | png_push_read_chunk(png_ptr, info_ptr); |
124 | 146k | break; |
125 | 0 | } |
126 | | |
127 | 16.3k | case PNG_READ_IDAT_MODE: |
128 | 16.3k | { |
129 | 16.3k | png_push_read_IDAT(png_ptr); |
130 | 16.3k | break; |
131 | 0 | } |
132 | | |
133 | 293 | default: |
134 | 293 | { |
135 | 293 | png_ptr->buffer_size = 0; |
136 | 293 | break; |
137 | 0 | } |
138 | 163k | } |
139 | 163k | } |
140 | | |
141 | | /* Read any remaining signature bytes from the stream and compare them with |
142 | | * the correct PNG signature. It is possible that this routine is called |
143 | | * with bytes already read from the signature, either because they have been |
144 | | * checked by the calling application, or because of multiple calls to this |
145 | | * routine. |
146 | | */ |
147 | | void /* PRIVATE */ |
148 | | png_push_read_sig(png_structrp png_ptr, png_inforp info_ptr) |
149 | 820 | { |
150 | 820 | size_t num_checked = png_ptr->sig_bytes; /* SAFE, does not exceed 8 */ |
151 | 820 | size_t num_to_check = 8 - num_checked; |
152 | | |
153 | 820 | if (png_ptr->buffer_size < num_to_check) |
154 | 0 | { |
155 | 0 | num_to_check = png_ptr->buffer_size; |
156 | 0 | } |
157 | | |
158 | 820 | png_push_fill_buffer(png_ptr, &(info_ptr->signature[num_checked]), |
159 | 820 | num_to_check); |
160 | 820 | png_ptr->sig_bytes = (png_byte)(png_ptr->sig_bytes + num_to_check); |
161 | | |
162 | 820 | if (png_sig_cmp(info_ptr->signature, num_checked, num_to_check) != 0) |
163 | 0 | { |
164 | 0 | if (num_checked < 4 && |
165 | 0 | png_sig_cmp(info_ptr->signature, num_checked, num_to_check - 4) != 0) |
166 | 0 | png_error(png_ptr, "Not a PNG file"); |
167 | | |
168 | 0 | else |
169 | 0 | png_error(png_ptr, "PNG file corrupted by ASCII conversion"); |
170 | 0 | } |
171 | 820 | else |
172 | 820 | { |
173 | 820 | if (png_ptr->sig_bytes >= 8) |
174 | 820 | { |
175 | 820 | png_ptr->process_mode = PNG_READ_CHUNK_MODE; |
176 | 820 | } |
177 | 820 | } |
178 | 820 | } |
179 | | |
180 | | void /* PRIVATE */ |
181 | | png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr) |
182 | 146k | { |
183 | 146k | png_uint_32 chunk_name; |
184 | 146k | #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED |
185 | 146k | int keep; /* unknown handling method */ |
186 | 146k | #endif |
187 | | |
188 | | /* First we make sure we have enough data for the 4-byte chunk name |
189 | | * and the 4-byte chunk length before proceeding with decoding the |
190 | | * chunk data. To fully decode each of these chunks, we also make |
191 | | * sure we have enough data in the buffer for the 4-byte CRC at the |
192 | | * end of every chunk (except IDAT, which is handled separately). |
193 | | */ |
194 | 146k | if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0) |
195 | 112k | { |
196 | 112k | PNG_PUSH_SAVE_BUFFER_IF_LT(8) |
197 | 112k | png_ptr->push_length = png_read_chunk_header(png_ptr); |
198 | 112k | png_ptr->mode |= PNG_HAVE_CHUNK_HEADER; |
199 | 112k | } |
200 | | |
201 | 146k | chunk_name = png_ptr->chunk_name; |
202 | | |
203 | 146k | if (chunk_name == png_IDAT) |
204 | 280 | { |
205 | 280 | if ((png_ptr->mode & PNG_AFTER_IDAT) != 0) |
206 | 2 | png_ptr->mode |= PNG_HAVE_CHUNK_AFTER_IDAT; |
207 | | |
208 | | /* If we reach an IDAT chunk, this means we have read all of the |
209 | | * header chunks, and we can start reading the image (or if this |
210 | | * is called after the image has been read - we have an error). |
211 | | */ |
212 | 280 | if ((png_ptr->mode & PNG_HAVE_IHDR) == 0) |
213 | 0 | png_error(png_ptr, "Missing IHDR before IDAT"); |
214 | | |
215 | 280 | else if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE && |
216 | 43 | (png_ptr->mode & PNG_HAVE_PLTE) == 0) |
217 | 0 | png_error(png_ptr, "Missing PLTE before IDAT"); |
218 | | |
219 | 280 | png_ptr->process_mode = PNG_READ_IDAT_MODE; |
220 | | |
221 | 280 | if ((png_ptr->mode & PNG_HAVE_IDAT) != 0) |
222 | 2 | if ((png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT) == 0) |
223 | 0 | if (png_ptr->push_length == 0) |
224 | 0 | return; |
225 | | |
226 | 280 | png_ptr->mode |= PNG_HAVE_IDAT; |
227 | | |
228 | 280 | if ((png_ptr->mode & PNG_AFTER_IDAT) != 0) |
229 | 2 | png_benign_error(png_ptr, "Too many IDATs found"); |
230 | 280 | } |
231 | | |
232 | 145k | else if ((png_ptr->mode & PNG_HAVE_IDAT) != 0) |
233 | 11.1k | { |
234 | | /* These flags must be set consistently for all non-IDAT chunks, |
235 | | * including the unknown chunks. |
236 | | */ |
237 | 11.1k | png_ptr->mode |= PNG_HAVE_CHUNK_AFTER_IDAT | PNG_AFTER_IDAT; |
238 | 11.1k | } |
239 | | |
240 | 146k | if (chunk_name == png_IHDR) |
241 | 791 | { |
242 | 791 | if (png_ptr->push_length != 13) |
243 | 0 | png_error(png_ptr, "Invalid IHDR length"); |
244 | | |
245 | 791 | PNG_PUSH_SAVE_BUFFER_IF_FULL |
246 | 786 | png_handle_chunk(png_ptr, info_ptr, png_ptr->push_length); |
247 | 786 | } |
248 | | |
249 | 145k | else if (chunk_name == png_IEND) |
250 | 3.97k | { |
251 | 3.97k | PNG_PUSH_SAVE_BUFFER_IF_FULL |
252 | 87 | png_handle_chunk(png_ptr, info_ptr, png_ptr->push_length); |
253 | | |
254 | 87 | png_ptr->process_mode = PNG_READ_DONE_MODE; |
255 | 87 | png_push_have_end(png_ptr, info_ptr); |
256 | 87 | } |
257 | | |
258 | 141k | #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED |
259 | 141k | else if ((keep = png_chunk_unknown_handling(png_ptr, chunk_name)) != 0) |
260 | 0 | { |
261 | 0 | PNG_PUSH_SAVE_BUFFER_IF_FULL |
262 | 0 | png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length, keep); |
263 | |
|
264 | 0 | if (chunk_name == png_PLTE) |
265 | 0 | png_ptr->mode |= PNG_HAVE_PLTE; |
266 | 0 | } |
267 | 141k | #endif |
268 | | |
269 | 141k | else if (chunk_name == png_IDAT) |
270 | 280 | { |
271 | 280 | png_ptr->idat_size = png_ptr->push_length; |
272 | 280 | png_ptr->process_mode = PNG_READ_IDAT_MODE; |
273 | 280 | png_push_have_info(png_ptr, info_ptr); |
274 | 280 | png_ptr->zstream.avail_out = |
275 | 280 | (uInt) PNG_ROWBYTES(png_ptr->pixel_depth, |
276 | 280 | png_ptr->iwidth) + 1; |
277 | 280 | png_ptr->zstream.next_out = png_ptr->row_buf; |
278 | 280 | return; |
279 | 280 | } |
280 | | |
281 | 141k | else |
282 | 141k | { |
283 | 141k | PNG_PUSH_SAVE_BUFFER_IF_FULL |
284 | 110k | png_handle_chunk(png_ptr, info_ptr, png_ptr->push_length); |
285 | 110k | } |
286 | | |
287 | 111k | png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER; |
288 | 111k | } |
289 | | |
290 | | void PNGCBAPI |
291 | | png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, size_t length) |
292 | 290k | { |
293 | 290k | png_bytep ptr; |
294 | | |
295 | 290k | if (png_ptr == NULL) |
296 | 0 | return; |
297 | | |
298 | 290k | ptr = buffer; |
299 | 290k | if (png_ptr->save_buffer_size != 0) |
300 | 2.61k | { |
301 | 2.61k | size_t save_size; |
302 | | |
303 | 2.61k | if (length < png_ptr->save_buffer_size) |
304 | 1.76k | save_size = length; |
305 | | |
306 | 850 | else |
307 | 850 | save_size = png_ptr->save_buffer_size; |
308 | | |
309 | 2.61k | memcpy(ptr, png_ptr->save_buffer_ptr, save_size); |
310 | 2.61k | length -= save_size; |
311 | 2.61k | ptr += save_size; |
312 | 2.61k | png_ptr->buffer_size -= save_size; |
313 | 2.61k | png_ptr->save_buffer_size -= save_size; |
314 | 2.61k | png_ptr->save_buffer_ptr += save_size; |
315 | 2.61k | } |
316 | 290k | if (length != 0 && png_ptr->current_buffer_size != 0) |
317 | 288k | { |
318 | 288k | size_t save_size; |
319 | | |
320 | 288k | if (length < png_ptr->current_buffer_size) |
321 | 288k | save_size = length; |
322 | | |
323 | 144 | else |
324 | 144 | save_size = png_ptr->current_buffer_size; |
325 | | |
326 | 288k | memcpy(ptr, png_ptr->current_buffer_ptr, save_size); |
327 | 288k | png_ptr->buffer_size -= save_size; |
328 | 288k | png_ptr->current_buffer_size -= save_size; |
329 | 288k | png_ptr->current_buffer_ptr += save_size; |
330 | 288k | } |
331 | 290k | } |
332 | | |
333 | | void /* PRIVATE */ |
334 | | png_push_save_buffer(png_structrp png_ptr) |
335 | 34.9k | { |
336 | 34.9k | if (png_ptr->save_buffer_size != 0) |
337 | 33.7k | { |
338 | 33.7k | if (png_ptr->save_buffer_ptr != png_ptr->save_buffer) |
339 | 0 | { |
340 | 0 | size_t i, istop; |
341 | 0 | png_bytep sp; |
342 | 0 | png_bytep dp; |
343 | |
|
344 | 0 | istop = png_ptr->save_buffer_size; |
345 | 0 | for (i = 0, sp = png_ptr->save_buffer_ptr, dp = png_ptr->save_buffer; |
346 | 0 | i < istop; i++, sp++, dp++) |
347 | 0 | { |
348 | 0 | *dp = *sp; |
349 | 0 | } |
350 | 0 | } |
351 | 33.7k | } |
352 | 34.9k | if (png_ptr->save_buffer_size + png_ptr->current_buffer_size > |
353 | 34.9k | png_ptr->save_buffer_max) |
354 | 3.51k | { |
355 | 3.51k | size_t new_max; |
356 | 3.51k | png_bytep old_buffer; |
357 | | |
358 | 3.51k | if (png_ptr->save_buffer_size > PNG_SIZE_MAX - |
359 | 3.51k | (png_ptr->current_buffer_size + 256)) |
360 | 0 | { |
361 | 0 | png_error(png_ptr, "Potential overflow of save_buffer"); |
362 | 0 | } |
363 | | |
364 | 3.51k | new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256; |
365 | 3.51k | old_buffer = png_ptr->save_buffer; |
366 | 3.51k | png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, |
367 | 3.51k | (size_t)new_max); |
368 | | |
369 | 3.51k | if (png_ptr->save_buffer == NULL) |
370 | 0 | { |
371 | 0 | png_free(png_ptr, old_buffer); |
372 | 0 | png_error(png_ptr, "Insufficient memory for save_buffer"); |
373 | 0 | } |
374 | | |
375 | 3.51k | if (old_buffer) |
376 | 3.03k | memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size); |
377 | 484 | else if (png_ptr->save_buffer_size) |
378 | 0 | png_error(png_ptr, "save_buffer error"); |
379 | 3.51k | png_free(png_ptr, old_buffer); |
380 | 3.51k | png_ptr->save_buffer_max = new_max; |
381 | 3.51k | } |
382 | 34.9k | if (png_ptr->current_buffer_size) |
383 | 34.8k | { |
384 | 34.8k | memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size, |
385 | 34.8k | png_ptr->current_buffer_ptr, png_ptr->current_buffer_size); |
386 | 34.8k | png_ptr->save_buffer_size += png_ptr->current_buffer_size; |
387 | 34.8k | png_ptr->current_buffer_size = 0; |
388 | 34.8k | } |
389 | 34.9k | png_ptr->save_buffer_ptr = png_ptr->save_buffer; |
390 | 34.9k | png_ptr->buffer_size = 0; |
391 | 34.9k | } |
392 | | |
393 | | void /* PRIVATE */ |
394 | | png_push_restore_buffer(png_structrp png_ptr, png_bytep buffer, |
395 | | size_t buffer_length) |
396 | 46.8k | { |
397 | 46.8k | png_ptr->current_buffer = buffer; |
398 | 46.8k | png_ptr->current_buffer_size = buffer_length; |
399 | 46.8k | png_ptr->buffer_size = buffer_length + png_ptr->save_buffer_size; |
400 | 46.8k | png_ptr->current_buffer_ptr = png_ptr->current_buffer; |
401 | 46.8k | } |
402 | | |
403 | | void /* PRIVATE */ |
404 | | png_push_read_IDAT(png_structrp png_ptr) |
405 | 16.3k | { |
406 | 16.3k | if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0) |
407 | 4.78k | { |
408 | 4.78k | png_byte chunk_length[4]; |
409 | 4.78k | png_byte chunk_tag[4]; |
410 | | |
411 | | /* TODO: this code can be commoned up with the same code in push_read */ |
412 | 4.78k | PNG_PUSH_SAVE_BUFFER_IF_LT(8) |
413 | 4.51k | png_push_fill_buffer(png_ptr, chunk_length, 4); |
414 | 4.51k | png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length); |
415 | 4.51k | png_reset_crc(png_ptr); |
416 | 4.51k | png_crc_read(png_ptr, chunk_tag, 4); |
417 | 4.51k | png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag); |
418 | 4.51k | png_ptr->mode |= PNG_HAVE_CHUNK_HEADER; |
419 | | |
420 | 4.51k | if (png_ptr->chunk_name != png_IDAT) |
421 | 127 | { |
422 | 127 | png_ptr->process_mode = PNG_READ_CHUNK_MODE; |
423 | | |
424 | 127 | if ((png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0) |
425 | 5 | png_error(png_ptr, "Not enough compressed data"); |
426 | | |
427 | 122 | return; |
428 | 127 | } |
429 | | |
430 | 4.39k | png_ptr->idat_size = png_ptr->push_length; |
431 | 4.39k | } |
432 | | |
433 | 15.9k | if (png_ptr->idat_size != 0 && png_ptr->save_buffer_size != 0) |
434 | 0 | { |
435 | 0 | size_t save_size = png_ptr->save_buffer_size; |
436 | 0 | png_uint_32 idat_size = png_ptr->idat_size; |
437 | | |
438 | | /* We want the smaller of 'idat_size' and 'current_buffer_size', but they |
439 | | * are of different types and we don't know which variable has the fewest |
440 | | * bits. Carefully select the smaller and cast it to the type of the |
441 | | * larger - this cannot overflow. Do not cast in the following test - it |
442 | | * will break on either 16-bit or 64-bit platforms. |
443 | | */ |
444 | 0 | if (idat_size < save_size) |
445 | 0 | save_size = (size_t)idat_size; |
446 | | |
447 | 0 | else |
448 | 0 | idat_size = (png_uint_32)save_size; |
449 | |
|
450 | 0 | png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size); |
451 | |
|
452 | 0 | png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size); |
453 | |
|
454 | 0 | png_ptr->idat_size -= idat_size; |
455 | 0 | png_ptr->buffer_size -= save_size; |
456 | 0 | png_ptr->save_buffer_size -= save_size; |
457 | 0 | png_ptr->save_buffer_ptr += save_size; |
458 | 0 | } |
459 | | |
460 | 15.9k | if (png_ptr->idat_size != 0 && png_ptr->current_buffer_size != 0) |
461 | 15.0k | { |
462 | 15.0k | size_t save_size = png_ptr->current_buffer_size; |
463 | 15.0k | png_uint_32 idat_size = png_ptr->idat_size; |
464 | | |
465 | | /* We want the smaller of 'idat_size' and 'current_buffer_size', but they |
466 | | * are of different types and we don't know which variable has the fewest |
467 | | * bits. Carefully select the smaller and cast it to the type of the |
468 | | * larger - this cannot overflow. |
469 | | */ |
470 | 15.0k | if (idat_size < save_size) |
471 | 3.79k | save_size = (size_t)idat_size; |
472 | | |
473 | 11.2k | else |
474 | 11.2k | idat_size = (png_uint_32)save_size; |
475 | | |
476 | 15.0k | png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size); |
477 | | |
478 | 15.0k | png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size); |
479 | | |
480 | 15.0k | png_ptr->idat_size -= idat_size; |
481 | 15.0k | png_ptr->buffer_size -= save_size; |
482 | 15.0k | png_ptr->current_buffer_size -= save_size; |
483 | 15.0k | png_ptr->current_buffer_ptr += save_size; |
484 | 15.0k | } |
485 | | |
486 | 15.9k | if (png_ptr->idat_size == 0) |
487 | 4.69k | { |
488 | 4.69k | PNG_PUSH_SAVE_BUFFER_IF_LT(4) |
489 | 4.55k | png_crc_finish(png_ptr, 0); |
490 | 4.55k | png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER; |
491 | 4.55k | png_ptr->mode |= PNG_AFTER_IDAT; |
492 | 4.55k | png_ptr->zowner = 0; |
493 | 4.55k | } |
494 | 15.9k | } |
495 | | |
496 | | void /* PRIVATE */ |
497 | | png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer, |
498 | | size_t buffer_length) |
499 | 15.0k | { |
500 | | /* The caller checks for a non-zero buffer length. */ |
501 | 15.0k | if (!(buffer_length > 0) || buffer == NULL) |
502 | 0 | png_error(png_ptr, "No IDAT data (internal error)"); |
503 | | |
504 | | /* This routine must process all the data it has been given |
505 | | * before returning, calling the row callback as required to |
506 | | * handle the uncompressed results. |
507 | | */ |
508 | 15.0k | png_ptr->zstream.next_in = buffer; |
509 | | /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */ |
510 | 15.0k | png_ptr->zstream.avail_in = (uInt)buffer_length; |
511 | | |
512 | | /* Keep going until the decompressed data is all processed |
513 | | * or the stream marked as finished. |
514 | | */ |
515 | 625k | while (png_ptr->zstream.avail_in > 0 && |
516 | 612k | (png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0) |
517 | 610k | { |
518 | 610k | int ret; |
519 | | |
520 | | /* We have data for zlib, but we must check that zlib |
521 | | * has someplace to put the results. It doesn't matter |
522 | | * if we don't expect any results -- it may be the input |
523 | | * data is just the LZ end code. |
524 | | */ |
525 | 610k | if (!(png_ptr->zstream.avail_out > 0)) |
526 | 597k | { |
527 | | /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */ |
528 | 597k | png_ptr->zstream.avail_out = (uInt)(PNG_ROWBYTES(png_ptr->pixel_depth, |
529 | 597k | png_ptr->iwidth) + 1); |
530 | | |
531 | 597k | png_ptr->zstream.next_out = png_ptr->row_buf; |
532 | 597k | } |
533 | | |
534 | | /* Using Z_SYNC_FLUSH here means that an unterminated |
535 | | * LZ stream (a stream with a missing end code) can still |
536 | | * be handled, otherwise (Z_NO_FLUSH) a future zlib |
537 | | * implementation might defer output and therefore |
538 | | * change the current behavior (see comments in inflate.c |
539 | | * for why this doesn't happen at present with zlib 1.2.5). |
540 | | */ |
541 | 610k | ret = PNG_INFLATE(png_ptr, Z_SYNC_FLUSH); |
542 | | |
543 | | /* Check for any failure before proceeding. */ |
544 | 610k | if (ret != Z_OK && ret != Z_STREAM_END) |
545 | 44 | { |
546 | | /* Terminate the decompression. */ |
547 | 44 | png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED; |
548 | 44 | png_ptr->zowner = 0; |
549 | | |
550 | | /* This may be a truncated stream (missing or |
551 | | * damaged end code). Treat that as a warning. |
552 | | */ |
553 | 44 | if (png_ptr->row_number >= png_ptr->num_rows || |
554 | 44 | png_ptr->pass > 6) |
555 | 2 | png_warning(png_ptr, "Truncated compressed data in IDAT"); |
556 | | |
557 | 42 | else |
558 | 42 | { |
559 | 42 | if (ret == Z_DATA_ERROR) |
560 | 42 | png_benign_error(png_ptr, "IDAT: ADLER32 checksum mismatch"); |
561 | 0 | else |
562 | 0 | png_error(png_ptr, "Decompression error in IDAT"); |
563 | 42 | } |
564 | | |
565 | | /* Skip the check on unprocessed input */ |
566 | 44 | return; |
567 | 44 | } |
568 | | |
569 | | /* Did inflate output any data? */ |
570 | 610k | if (png_ptr->zstream.next_out != png_ptr->row_buf) |
571 | 610k | { |
572 | | /* Is this unexpected data after the last row? |
573 | | * If it is, artificially terminate the LZ output |
574 | | * here. |
575 | | */ |
576 | 610k | if (png_ptr->row_number >= png_ptr->num_rows || |
577 | 610k | png_ptr->pass > 6) |
578 | 21 | { |
579 | | /* Extra data. */ |
580 | 21 | png_warning(png_ptr, "Extra compressed data in IDAT"); |
581 | 21 | png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED; |
582 | 21 | png_ptr->zowner = 0; |
583 | | |
584 | | /* Do no more processing; skip the unprocessed |
585 | | * input check below. |
586 | | */ |
587 | 21 | return; |
588 | 21 | } |
589 | | |
590 | | /* Do we have a complete row? */ |
591 | 610k | if (png_ptr->zstream.avail_out == 0) |
592 | 598k | png_push_process_row(png_ptr); |
593 | 610k | } |
594 | | |
595 | | /* And check for the end of the stream. */ |
596 | 610k | if (ret == Z_STREAM_END) |
597 | 114 | png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED; |
598 | 610k | } |
599 | | |
600 | | /* All the data should have been processed, if anything |
601 | | * is left at this point we have bytes of IDAT data |
602 | | * after the zlib end code. |
603 | | */ |
604 | 14.9k | if (png_ptr->zstream.avail_in > 0) |
605 | 1.82k | png_warning(png_ptr, "Extra compression data in IDAT"); |
606 | 14.9k | } |
607 | | |
608 | | void /* PRIVATE */ |
609 | | png_push_process_row(png_structrp png_ptr) |
610 | 598k | { |
611 | | /* 1.5.6: row_info moved out of png_struct to a local here. */ |
612 | 598k | png_row_info row_info; |
613 | | |
614 | 598k | row_info.width = png_ptr->iwidth; /* NOTE: width of current interlaced row */ |
615 | 598k | row_info.color_type = png_ptr->color_type; |
616 | 598k | row_info.bit_depth = png_ptr->bit_depth; |
617 | 598k | row_info.channels = png_ptr->channels; |
618 | 598k | row_info.pixel_depth = png_ptr->pixel_depth; |
619 | 598k | row_info.rowbytes = PNG_ROWBYTES(row_info.pixel_depth, row_info.width); |
620 | | |
621 | 598k | if (png_ptr->row_buf[0] > PNG_FILTER_VALUE_NONE) |
622 | 334k | { |
623 | 334k | if (png_ptr->row_buf[0] < PNG_FILTER_VALUE_LAST) |
624 | 334k | png_read_filter_row(png_ptr, &row_info, png_ptr->row_buf + 1, |
625 | 334k | png_ptr->prev_row + 1, png_ptr->row_buf[0]); |
626 | 18 | else |
627 | 18 | png_error(png_ptr, "bad adaptive filter value"); |
628 | 334k | } |
629 | | |
630 | | /* libpng 1.5.6: the following line was copying png_ptr->rowbytes before |
631 | | * 1.5.6, while the buffer really is this big in current versions of libpng |
632 | | * it may not be in the future, so this was changed just to copy the |
633 | | * interlaced row count: |
634 | | */ |
635 | 598k | memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1); |
636 | | |
637 | 598k | #ifdef PNG_READ_TRANSFORMS_SUPPORTED |
638 | 598k | if (png_ptr->transformations != 0) |
639 | 576k | png_do_read_transformations(png_ptr, &row_info); |
640 | 598k | #endif |
641 | | |
642 | | /* The transformed pixel depth should match the depth now in row_info. */ |
643 | 598k | if (png_ptr->transformed_pixel_depth == 0) |
644 | 243 | { |
645 | 243 | png_ptr->transformed_pixel_depth = row_info.pixel_depth; |
646 | 243 | if (row_info.pixel_depth > png_ptr->maximum_pixel_depth) |
647 | 0 | png_error(png_ptr, "progressive row overflow"); |
648 | 243 | } |
649 | | |
650 | 597k | else if (png_ptr->transformed_pixel_depth != row_info.pixel_depth) |
651 | 0 | png_error(png_ptr, "internal progressive row size calculation error"); |
652 | | |
653 | | |
654 | 598k | #ifdef PNG_READ_INTERLACING_SUPPORTED |
655 | | /* Expand interlaced rows to full size */ |
656 | 598k | if (png_ptr->interlaced != 0 && |
657 | 575k | (png_ptr->transformations & PNG_INTERLACE) != 0) |
658 | 575k | { |
659 | 575k | if (png_ptr->pass < 6) |
660 | 575k | png_do_read_interlace(&row_info, png_ptr->row_buf + 1, png_ptr->pass, |
661 | 575k | png_ptr->transformations); |
662 | | |
663 | 575k | switch (png_ptr->pass) |
664 | 575k | { |
665 | 199k | case 0: |
666 | 199k | { |
667 | 199k | int i; |
668 | 1.79M | for (i = 0; i < 8 && png_ptr->pass == 0; i++) |
669 | 1.59M | { |
670 | 1.59M | png_push_have_row(png_ptr, png_ptr->row_buf + 1); |
671 | 1.59M | png_read_push_finish_row(png_ptr); /* Updates png_ptr->pass */ |
672 | 1.59M | } |
673 | | |
674 | 199k | if (png_ptr->pass == 2) /* Pass 1 might be empty */ |
675 | 16 | { |
676 | 48 | for (i = 0; i < 4 && png_ptr->pass == 2; i++) |
677 | 32 | { |
678 | 32 | png_push_have_row(png_ptr, NULL); |
679 | 32 | png_read_push_finish_row(png_ptr); |
680 | 32 | } |
681 | 16 | } |
682 | | |
683 | 199k | if (png_ptr->pass == 4 && png_ptr->height <= 4) |
684 | 10 | { |
685 | 23 | for (i = 0; i < 2 && png_ptr->pass == 4; i++) |
686 | 13 | { |
687 | 13 | png_push_have_row(png_ptr, NULL); |
688 | 13 | png_read_push_finish_row(png_ptr); |
689 | 13 | } |
690 | 10 | } |
691 | | |
692 | 199k | if (png_ptr->pass == 6 && png_ptr->height <= 4) |
693 | 7 | { |
694 | 7 | png_push_have_row(png_ptr, NULL); |
695 | 7 | png_read_push_finish_row(png_ptr); |
696 | 7 | } |
697 | | |
698 | 199k | break; |
699 | 0 | } |
700 | | |
701 | 154k | case 1: |
702 | 154k | { |
703 | 154k | int i; |
704 | 1.38M | for (i = 0; i < 8 && png_ptr->pass == 1; i++) |
705 | 1.23M | { |
706 | 1.23M | png_push_have_row(png_ptr, png_ptr->row_buf + 1); |
707 | 1.23M | png_read_push_finish_row(png_ptr); |
708 | 1.23M | } |
709 | | |
710 | 154k | if (png_ptr->pass == 2) /* Skip top 4 generated rows */ |
711 | 39 | { |
712 | 189 | for (i = 0; i < 4 && png_ptr->pass == 2; i++) |
713 | 150 | { |
714 | 150 | png_push_have_row(png_ptr, NULL); |
715 | 150 | png_read_push_finish_row(png_ptr); |
716 | 150 | } |
717 | 39 | } |
718 | | |
719 | 154k | break; |
720 | 0 | } |
721 | | |
722 | 122k | case 2: |
723 | 122k | { |
724 | 122k | int i; |
725 | | |
726 | 614k | for (i = 0; i < 4 && png_ptr->pass == 2; i++) |
727 | 491k | { |
728 | 491k | png_push_have_row(png_ptr, png_ptr->row_buf + 1); |
729 | 491k | png_read_push_finish_row(png_ptr); |
730 | 491k | } |
731 | | |
732 | 614k | for (i = 0; i < 4 && png_ptr->pass == 2; i++) |
733 | 491k | { |
734 | 491k | png_push_have_row(png_ptr, NULL); |
735 | 491k | png_read_push_finish_row(png_ptr); |
736 | 491k | } |
737 | | |
738 | 122k | if (png_ptr->pass == 4) /* Pass 3 might be empty */ |
739 | 1 | { |
740 | 3 | for (i = 0; i < 2 && png_ptr->pass == 4; i++) |
741 | 2 | { |
742 | 2 | png_push_have_row(png_ptr, NULL); |
743 | 2 | png_read_push_finish_row(png_ptr); |
744 | 2 | } |
745 | 1 | } |
746 | | |
747 | 122k | break; |
748 | 0 | } |
749 | | |
750 | 77.6k | case 3: |
751 | 77.6k | { |
752 | 77.6k | int i; |
753 | | |
754 | 388k | for (i = 0; i < 4 && png_ptr->pass == 3; i++) |
755 | 310k | { |
756 | 310k | png_push_have_row(png_ptr, png_ptr->row_buf + 1); |
757 | 310k | png_read_push_finish_row(png_ptr); |
758 | 310k | } |
759 | | |
760 | 77.6k | if (png_ptr->pass == 4) /* Skip top two generated rows */ |
761 | 31 | { |
762 | 90 | for (i = 0; i < 2 && png_ptr->pass == 4; i++) |
763 | 59 | { |
764 | 59 | png_push_have_row(png_ptr, NULL); |
765 | 59 | png_read_push_finish_row(png_ptr); |
766 | 59 | } |
767 | 31 | } |
768 | | |
769 | 77.6k | break; |
770 | 0 | } |
771 | | |
772 | 17.3k | case 4: |
773 | 17.3k | { |
774 | 17.3k | int i; |
775 | | |
776 | 52.0k | for (i = 0; i < 2 && png_ptr->pass == 4; i++) |
777 | 34.7k | { |
778 | 34.7k | png_push_have_row(png_ptr, png_ptr->row_buf + 1); |
779 | 34.7k | png_read_push_finish_row(png_ptr); |
780 | 34.7k | } |
781 | | |
782 | 52.0k | for (i = 0; i < 2 && png_ptr->pass == 4; i++) |
783 | 34.6k | { |
784 | 34.6k | png_push_have_row(png_ptr, NULL); |
785 | 34.6k | png_read_push_finish_row(png_ptr); |
786 | 34.6k | } |
787 | | |
788 | 17.3k | if (png_ptr->pass == 6) /* Pass 5 might be empty */ |
789 | 1 | { |
790 | 1 | png_push_have_row(png_ptr, NULL); |
791 | 1 | png_read_push_finish_row(png_ptr); |
792 | 1 | } |
793 | | |
794 | 17.3k | break; |
795 | 0 | } |
796 | | |
797 | 3.85k | case 5: |
798 | 3.85k | { |
799 | 3.85k | int i; |
800 | | |
801 | 11.5k | for (i = 0; i < 2 && png_ptr->pass == 5; i++) |
802 | 7.70k | { |
803 | 7.70k | png_push_have_row(png_ptr, png_ptr->row_buf + 1); |
804 | 7.70k | png_read_push_finish_row(png_ptr); |
805 | 7.70k | } |
806 | | |
807 | 3.85k | if (png_ptr->pass == 6) /* Skip top generated row */ |
808 | 24 | { |
809 | 24 | png_push_have_row(png_ptr, NULL); |
810 | 24 | png_read_push_finish_row(png_ptr); |
811 | 24 | } |
812 | | |
813 | 3.85k | break; |
814 | 0 | } |
815 | | |
816 | 0 | default: |
817 | 410 | case 6: |
818 | 410 | { |
819 | 410 | png_push_have_row(png_ptr, png_ptr->row_buf + 1); |
820 | 410 | png_read_push_finish_row(png_ptr); |
821 | | |
822 | 410 | if (png_ptr->pass != 6) |
823 | 11 | break; |
824 | | |
825 | 399 | png_push_have_row(png_ptr, NULL); |
826 | 399 | png_read_push_finish_row(png_ptr); |
827 | 399 | } |
828 | 575k | } |
829 | 575k | } |
830 | 22.4k | else |
831 | 22.4k | #endif |
832 | 22.4k | { |
833 | 22.4k | png_push_have_row(png_ptr, png_ptr->row_buf + 1); |
834 | 22.4k | png_read_push_finish_row(png_ptr); |
835 | 22.4k | } |
836 | 598k | } |
837 | | |
838 | | void /* PRIVATE */ |
839 | | png_read_push_finish_row(png_structrp png_ptr) |
840 | 4.22M | { |
841 | 4.22M | png_ptr->row_number++; |
842 | 4.22M | if (png_ptr->row_number < png_ptr->num_rows) |
843 | 4.22M | return; |
844 | | |
845 | 382 | #ifdef PNG_READ_INTERLACING_SUPPORTED |
846 | 382 | if (png_ptr->interlaced != 0) |
847 | 272 | { |
848 | 272 | png_ptr->row_number = 0; |
849 | 272 | memset(png_ptr->prev_row, 0, png_ptr->rowbytes + 1); |
850 | | |
851 | 272 | do |
852 | 272 | { |
853 | 272 | png_ptr->pass++; |
854 | 272 | if ((png_ptr->pass == 1 && png_ptr->width < 5) || |
855 | 256 | (png_ptr->pass == 3 && png_ptr->width < 3) || |
856 | 245 | (png_ptr->pass == 5 && png_ptr->width < 2)) |
857 | 35 | png_ptr->pass++; |
858 | | |
859 | 272 | if (png_ptr->pass > 7) |
860 | 0 | png_ptr->pass--; |
861 | | |
862 | 272 | if (png_ptr->pass >= 7) |
863 | 26 | break; |
864 | | |
865 | 246 | png_ptr->iwidth = (png_ptr->width + |
866 | 246 | png_pass_inc[png_ptr->pass] - 1 - |
867 | 246 | png_pass_start[png_ptr->pass]) / |
868 | 246 | png_pass_inc[png_ptr->pass]; |
869 | | |
870 | 246 | if ((png_ptr->transformations & PNG_INTERLACE) != 0) |
871 | 246 | break; |
872 | | |
873 | 0 | png_ptr->num_rows = (png_ptr->height + |
874 | 0 | png_pass_yinc[png_ptr->pass] - 1 - |
875 | 0 | png_pass_ystart[png_ptr->pass]) / |
876 | 0 | png_pass_yinc[png_ptr->pass]; |
877 | |
|
878 | 0 | } while (png_ptr->iwidth == 0 || png_ptr->num_rows == 0); |
879 | 272 | } |
880 | 382 | #endif /* READ_INTERLACING */ |
881 | 382 | } |
882 | | |
883 | | void /* PRIVATE */ |
884 | | png_push_have_info(png_structrp png_ptr, png_inforp info_ptr) |
885 | 280 | { |
886 | 280 | if (png_ptr->info_fn != NULL) |
887 | 280 | (*(png_ptr->info_fn))(png_ptr, info_ptr); |
888 | 280 | } |
889 | | |
890 | | void /* PRIVATE */ |
891 | | png_push_have_end(png_structrp png_ptr, png_inforp info_ptr) |
892 | 60 | { |
893 | 60 | if (png_ptr->end_fn != NULL) |
894 | 60 | (*(png_ptr->end_fn))(png_ptr, info_ptr); |
895 | 60 | } |
896 | | |
897 | | void /* PRIVATE */ |
898 | | png_push_have_row(png_structrp png_ptr, png_bytep row) |
899 | 4.22M | { |
900 | 4.22M | if (png_ptr->row_fn != NULL) |
901 | 4.22M | (*(png_ptr->row_fn))(png_ptr, row, png_ptr->row_number, |
902 | 4.22M | (int)png_ptr->pass); |
903 | 4.22M | } |
904 | | |
905 | | #ifdef PNG_READ_INTERLACING_SUPPORTED |
906 | | void PNGAPI |
907 | | png_progressive_combine_row(png_const_structrp png_ptr, png_bytep old_row, |
908 | | png_const_bytep new_row) |
909 | 4.22M | { |
910 | 4.22M | if (png_ptr == NULL) |
911 | 0 | return; |
912 | | |
913 | | /* new_row is a flag here - if it is NULL then the app callback was called |
914 | | * from an empty row (see the calls to png_struct::row_fn below), otherwise |
915 | | * it must be png_ptr->row_buf+1 |
916 | | */ |
917 | 4.22M | if (new_row != NULL) |
918 | 3.69M | png_combine_row(png_ptr, old_row, 1/*blocky display*/); |
919 | 4.22M | } |
920 | | #endif /* READ_INTERLACING */ |
921 | | |
922 | | void PNGAPI |
923 | | png_set_progressive_read_fn(png_structrp png_ptr, png_voidp progressive_ptr, |
924 | | png_progressive_info_ptr info_fn, png_progressive_row_ptr row_fn, |
925 | | png_progressive_end_ptr end_fn) |
926 | 820 | { |
927 | 820 | if (png_ptr == NULL) |
928 | 0 | return; |
929 | | |
930 | 820 | png_ptr->info_fn = info_fn; |
931 | 820 | png_ptr->row_fn = row_fn; |
932 | 820 | png_ptr->end_fn = end_fn; |
933 | | |
934 | 820 | png_set_read_fn(png_ptr, progressive_ptr, png_push_fill_buffer); |
935 | 820 | } |
936 | | |
937 | | png_voidp PNGAPI |
938 | | png_get_progressive_ptr(png_const_structrp png_ptr) |
939 | 4.22M | { |
940 | 4.22M | if (png_ptr == NULL) |
941 | 0 | return NULL; |
942 | | |
943 | 4.22M | return png_ptr->io_ptr; |
944 | 4.22M | } |
945 | | #endif /* PROGRESSIVE_READ */ |