/src/ghostpdl/libpng/pngerror.c
Line | Count | Source (jump to first uncovered line) |
1 | | |
2 | | /* pngerror.c - stub functions for i/o and memory allocation |
3 | | * |
4 | | * Copyright (c) 2018-2024 Cosmin Truta |
5 | | * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson |
6 | | * Copyright (c) 1996-1997 Andreas Dilger |
7 | | * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc. |
8 | | * |
9 | | * This code is released under the libpng license. |
10 | | * For conditions of distribution and use, see the disclaimer |
11 | | * and license in png.h |
12 | | * |
13 | | * This file provides a location for all error handling. Users who |
14 | | * need special error handling are expected to write replacement functions |
15 | | * and use png_set_error_fn() to use those functions. See the instructions |
16 | | * at each function. |
17 | | */ |
18 | | |
19 | | #include "pngpriv.h" |
20 | | |
21 | | #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) |
22 | | |
23 | | static PNG_FUNCTION(void /* PRIVATE */, |
24 | | png_default_error,(png_const_structrp png_ptr, png_const_charp error_message), |
25 | | PNG_NORETURN); |
26 | | |
27 | | #ifdef PNG_WARNINGS_SUPPORTED |
28 | | static void /* PRIVATE */ |
29 | | png_default_warning(png_const_structrp png_ptr, |
30 | | png_const_charp warning_message); |
31 | | #endif /* WARNINGS */ |
32 | | |
33 | | /* This function is called whenever there is a fatal error. This function |
34 | | * should not be changed. If there is a need to handle errors differently, |
35 | | * you should supply a replacement error function and use png_set_error_fn() |
36 | | * to replace the error function at run-time. |
37 | | */ |
38 | | #ifdef PNG_ERROR_TEXT_SUPPORTED |
39 | | PNG_FUNCTION(void,PNGAPI |
40 | | png_error,(png_const_structrp png_ptr, png_const_charp error_message), |
41 | | PNG_NORETURN) |
42 | 0 | { |
43 | | #ifdef PNG_ERROR_NUMBERS_SUPPORTED |
44 | | char msg[16]; |
45 | | if (png_ptr != NULL) |
46 | | { |
47 | | if ((png_ptr->flags & |
48 | | (PNG_FLAG_STRIP_ERROR_NUMBERS|PNG_FLAG_STRIP_ERROR_TEXT)) != 0) |
49 | | { |
50 | | if (*error_message == PNG_LITERAL_SHARP) |
51 | | { |
52 | | /* Strip "#nnnn " from beginning of error message. */ |
53 | | int offset; |
54 | | for (offset = 1; offset<15; offset++) |
55 | | if (error_message[offset] == ' ') |
56 | | break; |
57 | | |
58 | | if ((png_ptr->flags & PNG_FLAG_STRIP_ERROR_TEXT) != 0) |
59 | | { |
60 | | int i; |
61 | | for (i = 0; i < offset - 1; i++) |
62 | | msg[i] = error_message[i + 1]; |
63 | | msg[i - 1] = '\0'; |
64 | | error_message = msg; |
65 | | } |
66 | | |
67 | | else |
68 | | error_message += offset; |
69 | | } |
70 | | |
71 | | else |
72 | | { |
73 | | if ((png_ptr->flags & PNG_FLAG_STRIP_ERROR_TEXT) != 0) |
74 | | { |
75 | | msg[0] = '0'; |
76 | | msg[1] = '\0'; |
77 | | error_message = msg; |
78 | | } |
79 | | } |
80 | | } |
81 | | } |
82 | | #endif |
83 | 0 | if (png_ptr != NULL && png_ptr->error_fn != NULL) |
84 | 0 | (*(png_ptr->error_fn))(png_constcast(png_structrp,png_ptr), |
85 | 0 | error_message); |
86 | | |
87 | | /* If the custom handler doesn't exist, or if it returns, |
88 | | use the default handler, which will not return. */ |
89 | 0 | png_default_error(png_ptr, error_message); |
90 | 0 | } |
91 | | #else |
92 | | PNG_FUNCTION(void,PNGAPI |
93 | | png_err,(png_const_structrp png_ptr),PNG_NORETURN) |
94 | | { |
95 | | /* Prior to 1.5.2 the error_fn received a NULL pointer, expressed |
96 | | * erroneously as '\0', instead of the empty string "". This was |
97 | | * apparently an error, introduced in libpng-1.2.20, and png_default_error |
98 | | * will crash in this case. |
99 | | */ |
100 | | if (png_ptr != NULL && png_ptr->error_fn != NULL) |
101 | | (*(png_ptr->error_fn))(png_constcast(png_structrp,png_ptr), ""); |
102 | | |
103 | | /* If the custom handler doesn't exist, or if it returns, |
104 | | use the default handler, which will not return. */ |
105 | | png_default_error(png_ptr, ""); |
106 | | } |
107 | | #endif /* ERROR_TEXT */ |
108 | | |
109 | | /* Utility to safely appends strings to a buffer. This never errors out so |
110 | | * error checking is not required in the caller. |
111 | | */ |
112 | | size_t |
113 | | png_safecat(png_charp buffer, size_t bufsize, size_t pos, |
114 | | png_const_charp string) |
115 | 0 | { |
116 | 0 | if (buffer != NULL && pos < bufsize) |
117 | 0 | { |
118 | 0 | if (string != NULL) |
119 | 0 | while (*string != '\0' && pos < bufsize-1) |
120 | 0 | buffer[pos++] = *string++; |
121 | |
|
122 | 0 | buffer[pos] = '\0'; |
123 | 0 | } |
124 | |
|
125 | 0 | return pos; |
126 | 0 | } |
127 | | |
128 | | #if defined(PNG_WARNINGS_SUPPORTED) || defined(PNG_TIME_RFC1123_SUPPORTED) |
129 | | /* Utility to dump an unsigned value into a buffer, given a start pointer and |
130 | | * and end pointer (which should point just *beyond* the end of the buffer!) |
131 | | * Returns the pointer to the start of the formatted string. |
132 | | */ |
133 | | png_charp |
134 | | png_format_number(png_const_charp start, png_charp end, int format, |
135 | | png_alloc_size_t number) |
136 | 0 | { |
137 | 0 | int count = 0; /* number of digits output */ |
138 | 0 | int mincount = 1; /* minimum number required */ |
139 | 0 | int output = 0; /* digit output (for the fixed point format) */ |
140 | |
|
141 | 0 | *--end = '\0'; |
142 | | |
143 | | /* This is written so that the loop always runs at least once, even with |
144 | | * number zero. |
145 | | */ |
146 | 0 | while (end > start && (number != 0 || count < mincount)) |
147 | 0 | { |
148 | |
|
149 | 0 | static const char digits[] = "0123456789ABCDEF"; |
150 | |
|
151 | 0 | switch (format) |
152 | 0 | { |
153 | 0 | case PNG_NUMBER_FORMAT_fixed: |
154 | | /* Needs five digits (the fraction) */ |
155 | 0 | mincount = 5; |
156 | 0 | if (output != 0 || number % 10 != 0) |
157 | 0 | { |
158 | 0 | *--end = digits[number % 10]; |
159 | 0 | output = 1; |
160 | 0 | } |
161 | 0 | number /= 10; |
162 | 0 | break; |
163 | | |
164 | 0 | case PNG_NUMBER_FORMAT_02u: |
165 | | /* Expects at least 2 digits. */ |
166 | 0 | mincount = 2; |
167 | | /* FALLTHROUGH */ |
168 | |
|
169 | 0 | case PNG_NUMBER_FORMAT_u: |
170 | 0 | *--end = digits[number % 10]; |
171 | 0 | number /= 10; |
172 | 0 | break; |
173 | | |
174 | 0 | case PNG_NUMBER_FORMAT_02x: |
175 | | /* This format expects at least two digits */ |
176 | 0 | mincount = 2; |
177 | | /* FALLTHROUGH */ |
178 | |
|
179 | 0 | case PNG_NUMBER_FORMAT_x: |
180 | 0 | *--end = digits[number & 0xf]; |
181 | 0 | number >>= 4; |
182 | 0 | break; |
183 | | |
184 | 0 | default: /* an error */ |
185 | 0 | number = 0; |
186 | 0 | break; |
187 | 0 | } |
188 | | |
189 | | /* Keep track of the number of digits added */ |
190 | 0 | ++count; |
191 | | |
192 | | /* Float a fixed number here: */ |
193 | 0 | if ((format == PNG_NUMBER_FORMAT_fixed) && (count == 5) && (end > start)) |
194 | 0 | { |
195 | | /* End of the fraction, but maybe nothing was output? In that case |
196 | | * drop the decimal point. If the number is a true zero handle that |
197 | | * here. |
198 | | */ |
199 | 0 | if (output != 0) |
200 | 0 | *--end = '.'; |
201 | 0 | else if (number == 0) /* and !output */ |
202 | 0 | *--end = '0'; |
203 | 0 | } |
204 | 0 | } |
205 | | |
206 | 0 | return end; |
207 | 0 | } |
208 | | #endif |
209 | | |
210 | | #ifdef PNG_WARNINGS_SUPPORTED |
211 | | /* This function is called whenever there is a non-fatal error. This function |
212 | | * should not be changed. If there is a need to handle warnings differently, |
213 | | * you should supply a replacement warning function and use |
214 | | * png_set_error_fn() to replace the warning function at run-time. |
215 | | */ |
216 | | void PNGAPI |
217 | | png_warning(png_const_structrp png_ptr, png_const_charp warning_message) |
218 | 0 | { |
219 | 0 | int offset = 0; |
220 | 0 | if (png_ptr != NULL) |
221 | 0 | { |
222 | | #ifdef PNG_ERROR_NUMBERS_SUPPORTED |
223 | | if ((png_ptr->flags & |
224 | | (PNG_FLAG_STRIP_ERROR_NUMBERS|PNG_FLAG_STRIP_ERROR_TEXT)) != 0) |
225 | | #endif |
226 | 0 | { |
227 | 0 | if (*warning_message == PNG_LITERAL_SHARP) |
228 | 0 | { |
229 | 0 | for (offset = 1; offset < 15; offset++) |
230 | 0 | if (warning_message[offset] == ' ') |
231 | 0 | break; |
232 | 0 | } |
233 | 0 | } |
234 | 0 | } |
235 | 0 | if (png_ptr != NULL && png_ptr->warning_fn != NULL) |
236 | 0 | (*(png_ptr->warning_fn))(png_constcast(png_structrp,png_ptr), |
237 | 0 | warning_message + offset); |
238 | 0 | else |
239 | 0 | png_default_warning(png_ptr, warning_message + offset); |
240 | 0 | } |
241 | | |
242 | | /* These functions support 'formatted' warning messages with up to |
243 | | * PNG_WARNING_PARAMETER_COUNT parameters. In the format string the parameter |
244 | | * is introduced by @<number>, where 'number' starts at 1. This follows the |
245 | | * standard established by X/Open for internationalizable error messages. |
246 | | */ |
247 | | void |
248 | | png_warning_parameter(png_warning_parameters p, int number, |
249 | | png_const_charp string) |
250 | 0 | { |
251 | 0 | if (number > 0 && number <= PNG_WARNING_PARAMETER_COUNT) |
252 | 0 | (void)png_safecat(p[number-1], (sizeof p[number-1]), 0, string); |
253 | 0 | } |
254 | | |
255 | | void |
256 | | png_warning_parameter_unsigned(png_warning_parameters p, int number, int format, |
257 | | png_alloc_size_t value) |
258 | 0 | { |
259 | 0 | char buffer[PNG_NUMBER_BUFFER_SIZE] = {0}; |
260 | 0 | png_warning_parameter(p, number, PNG_FORMAT_NUMBER(buffer, format, value)); |
261 | 0 | } |
262 | | |
263 | | void |
264 | | png_warning_parameter_signed(png_warning_parameters p, int number, int format, |
265 | | png_int_32 value) |
266 | 0 | { |
267 | 0 | png_alloc_size_t u; |
268 | 0 | png_charp str; |
269 | 0 | char buffer[PNG_NUMBER_BUFFER_SIZE] = {0}; |
270 | | |
271 | | /* Avoid overflow by doing the negate in a png_alloc_size_t: */ |
272 | 0 | u = (png_alloc_size_t)value; |
273 | 0 | if (value < 0) |
274 | 0 | u = ~u + 1; |
275 | |
|
276 | 0 | str = PNG_FORMAT_NUMBER(buffer, format, u); |
277 | |
|
278 | 0 | if (value < 0 && str > buffer) |
279 | 0 | *--str = '-'; |
280 | |
|
281 | 0 | png_warning_parameter(p, number, str); |
282 | 0 | } |
283 | | |
284 | | void |
285 | | png_formatted_warning(png_const_structrp png_ptr, png_warning_parameters p, |
286 | | png_const_charp message) |
287 | 0 | { |
288 | | /* The internal buffer is just 192 bytes - enough for all our messages, |
289 | | * overflow doesn't happen because this code checks! If someone figures |
290 | | * out how to send us a message longer than 192 bytes, all that will |
291 | | * happen is that the message will be truncated appropriately. |
292 | | */ |
293 | 0 | size_t i = 0; /* Index in the msg[] buffer: */ |
294 | 0 | char msg[192]; |
295 | | |
296 | | /* Each iteration through the following loop writes at most one character |
297 | | * to msg[i++] then returns here to validate that there is still space for |
298 | | * the trailing '\0'. It may (in the case of a parameter) read more than |
299 | | * one character from message[]; it must check for '\0' and continue to the |
300 | | * test if it finds the end of string. |
301 | | */ |
302 | 0 | while (i<(sizeof msg)-1 && *message != '\0') |
303 | 0 | { |
304 | | /* '@' at end of string is now just printed (previously it was skipped); |
305 | | * it is an error in the calling code to terminate the string with @. |
306 | | */ |
307 | 0 | if (p != NULL && *message == '@' && message[1] != '\0') |
308 | 0 | { |
309 | 0 | int parameter_char = *++message; /* Consume the '@' */ |
310 | 0 | static const char valid_parameters[] = "123456789"; |
311 | 0 | int parameter = 0; |
312 | | |
313 | | /* Search for the parameter digit, the index in the string is the |
314 | | * parameter to use. |
315 | | */ |
316 | 0 | while (valid_parameters[parameter] != parameter_char && |
317 | 0 | valid_parameters[parameter] != '\0') |
318 | 0 | ++parameter; |
319 | | |
320 | | /* If the parameter digit is out of range it will just get printed. */ |
321 | 0 | if (parameter < PNG_WARNING_PARAMETER_COUNT) |
322 | 0 | { |
323 | | /* Append this parameter */ |
324 | 0 | png_const_charp parm = p[parameter]; |
325 | 0 | png_const_charp pend = p[parameter] + (sizeof p[parameter]); |
326 | | |
327 | | /* No need to copy the trailing '\0' here, but there is no guarantee |
328 | | * that parm[] has been initialized, so there is no guarantee of a |
329 | | * trailing '\0': |
330 | | */ |
331 | 0 | while (i<(sizeof msg)-1 && *parm != '\0' && parm < pend) |
332 | 0 | msg[i++] = *parm++; |
333 | | |
334 | | /* Consume the parameter digit too: */ |
335 | 0 | ++message; |
336 | 0 | continue; |
337 | 0 | } |
338 | | |
339 | | /* else not a parameter and there is a character after the @ sign; just |
340 | | * copy that. This is known not to be '\0' because of the test above. |
341 | | */ |
342 | 0 | } |
343 | | |
344 | | /* At this point *message can't be '\0', even in the bad parameter case |
345 | | * above where there is a lone '@' at the end of the message string. |
346 | | */ |
347 | 0 | msg[i++] = *message++; |
348 | 0 | } |
349 | | |
350 | | /* i is always less than (sizeof msg), so: */ |
351 | 0 | msg[i] = '\0'; |
352 | | |
353 | | /* And this is the formatted message. It may be larger than |
354 | | * PNG_MAX_ERROR_TEXT, but that is only used for 'chunk' errors and these |
355 | | * are not (currently) formatted. |
356 | | */ |
357 | 0 | png_warning(png_ptr, msg); |
358 | 0 | } |
359 | | #endif /* WARNINGS */ |
360 | | |
361 | | #ifdef PNG_BENIGN_ERRORS_SUPPORTED |
362 | | void PNGAPI |
363 | | png_benign_error(png_const_structrp png_ptr, png_const_charp error_message) |
364 | 0 | { |
365 | 0 | if ((png_ptr->flags & PNG_FLAG_BENIGN_ERRORS_WARN) != 0) |
366 | 0 | { |
367 | 0 | # ifdef PNG_READ_SUPPORTED |
368 | 0 | if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0 && |
369 | 0 | png_ptr->chunk_name != 0) |
370 | 0 | png_chunk_warning(png_ptr, error_message); |
371 | 0 | else |
372 | 0 | # endif |
373 | 0 | png_warning(png_ptr, error_message); |
374 | 0 | } |
375 | | |
376 | 0 | else |
377 | 0 | { |
378 | 0 | # ifdef PNG_READ_SUPPORTED |
379 | 0 | if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0 && |
380 | 0 | png_ptr->chunk_name != 0) |
381 | 0 | png_chunk_error(png_ptr, error_message); |
382 | 0 | else |
383 | 0 | # endif |
384 | 0 | png_error(png_ptr, error_message); |
385 | 0 | } |
386 | |
|
387 | | # ifndef PNG_ERROR_TEXT_SUPPORTED |
388 | | PNG_UNUSED(error_message) |
389 | | # endif |
390 | 0 | } |
391 | | |
392 | | void /* PRIVATE */ |
393 | | png_app_warning(png_const_structrp png_ptr, png_const_charp error_message) |
394 | 0 | { |
395 | 0 | if ((png_ptr->flags & PNG_FLAG_APP_WARNINGS_WARN) != 0) |
396 | 0 | png_warning(png_ptr, error_message); |
397 | 0 | else |
398 | 0 | png_error(png_ptr, error_message); |
399 | |
|
400 | | # ifndef PNG_ERROR_TEXT_SUPPORTED |
401 | | PNG_UNUSED(error_message) |
402 | | # endif |
403 | 0 | } |
404 | | |
405 | | void /* PRIVATE */ |
406 | | png_app_error(png_const_structrp png_ptr, png_const_charp error_message) |
407 | 0 | { |
408 | 0 | if ((png_ptr->flags & PNG_FLAG_APP_ERRORS_WARN) != 0) |
409 | 0 | png_warning(png_ptr, error_message); |
410 | 0 | else |
411 | 0 | png_error(png_ptr, error_message); |
412 | |
|
413 | | # ifndef PNG_ERROR_TEXT_SUPPORTED |
414 | | PNG_UNUSED(error_message) |
415 | | # endif |
416 | 0 | } |
417 | | #endif /* BENIGN_ERRORS */ |
418 | | |
419 | 0 | #define PNG_MAX_ERROR_TEXT 196 /* Currently limited by profile_error in png.c */ |
420 | | #if defined(PNG_WARNINGS_SUPPORTED) || \ |
421 | | (defined(PNG_READ_SUPPORTED) && defined(PNG_ERROR_TEXT_SUPPORTED)) |
422 | | /* These utilities are used internally to build an error message that relates |
423 | | * to the current chunk. The chunk name comes from png_ptr->chunk_name, |
424 | | * which is used to prefix the message. The message is limited in length |
425 | | * to 63 bytes. The name characters are output as hex digits wrapped in [] |
426 | | * if the character is invalid. |
427 | | */ |
428 | 0 | #define isnonalpha(c) ((c) < 65 || (c) > 122 || ((c) > 90 && (c) < 97)) |
429 | | static const char png_digit[16] = { |
430 | | '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', |
431 | | 'A', 'B', 'C', 'D', 'E', 'F' |
432 | | }; |
433 | | |
434 | | static void /* PRIVATE */ |
435 | | png_format_buffer(png_const_structrp png_ptr, png_charp buffer, png_const_charp |
436 | | error_message) |
437 | 0 | { |
438 | 0 | png_uint_32 chunk_name = png_ptr->chunk_name; |
439 | 0 | int iout = 0, ishift = 24; |
440 | |
|
441 | 0 | while (ishift >= 0) |
442 | 0 | { |
443 | 0 | int c = (int)(chunk_name >> ishift) & 0xff; |
444 | |
|
445 | 0 | ishift -= 8; |
446 | 0 | if (isnonalpha(c) != 0) |
447 | 0 | { |
448 | 0 | buffer[iout++] = PNG_LITERAL_LEFT_SQUARE_BRACKET; |
449 | 0 | buffer[iout++] = png_digit[(c & 0xf0) >> 4]; |
450 | 0 | buffer[iout++] = png_digit[c & 0x0f]; |
451 | 0 | buffer[iout++] = PNG_LITERAL_RIGHT_SQUARE_BRACKET; |
452 | 0 | } |
453 | | |
454 | 0 | else |
455 | 0 | { |
456 | 0 | buffer[iout++] = (char)c; |
457 | 0 | } |
458 | 0 | } |
459 | |
|
460 | 0 | if (error_message == NULL) |
461 | 0 | buffer[iout] = '\0'; |
462 | | |
463 | 0 | else |
464 | 0 | { |
465 | 0 | int iin = 0; |
466 | |
|
467 | 0 | buffer[iout++] = ':'; |
468 | 0 | buffer[iout++] = ' '; |
469 | |
|
470 | 0 | while (iin < PNG_MAX_ERROR_TEXT-1 && error_message[iin] != '\0') |
471 | 0 | buffer[iout++] = error_message[iin++]; |
472 | | |
473 | | /* iin < PNG_MAX_ERROR_TEXT, so the following is safe: */ |
474 | 0 | buffer[iout] = '\0'; |
475 | 0 | } |
476 | 0 | } |
477 | | #endif /* WARNINGS || ERROR_TEXT */ |
478 | | |
479 | | #if defined(PNG_READ_SUPPORTED) && defined(PNG_ERROR_TEXT_SUPPORTED) |
480 | | PNG_FUNCTION(void,PNGAPI |
481 | | png_chunk_error,(png_const_structrp png_ptr, png_const_charp error_message), |
482 | | PNG_NORETURN) |
483 | 0 | { |
484 | 0 | char msg[18+PNG_MAX_ERROR_TEXT]; |
485 | 0 | if (png_ptr == NULL) |
486 | 0 | png_error(png_ptr, error_message); |
487 | | |
488 | 0 | else |
489 | 0 | { |
490 | 0 | png_format_buffer(png_ptr, msg, error_message); |
491 | 0 | png_error(png_ptr, msg); |
492 | 0 | } |
493 | 0 | } |
494 | | #endif /* READ && ERROR_TEXT */ |
495 | | |
496 | | #ifdef PNG_WARNINGS_SUPPORTED |
497 | | void PNGAPI |
498 | | png_chunk_warning(png_const_structrp png_ptr, png_const_charp warning_message) |
499 | 0 | { |
500 | 0 | char msg[18+PNG_MAX_ERROR_TEXT]; |
501 | 0 | if (png_ptr == NULL) |
502 | 0 | png_warning(png_ptr, warning_message); |
503 | | |
504 | 0 | else |
505 | 0 | { |
506 | 0 | png_format_buffer(png_ptr, msg, warning_message); |
507 | 0 | png_warning(png_ptr, msg); |
508 | 0 | } |
509 | 0 | } |
510 | | #endif /* WARNINGS */ |
511 | | |
512 | | #ifdef PNG_READ_SUPPORTED |
513 | | #ifdef PNG_BENIGN_ERRORS_SUPPORTED |
514 | | void PNGAPI |
515 | | png_chunk_benign_error(png_const_structrp png_ptr, png_const_charp |
516 | | error_message) |
517 | 0 | { |
518 | 0 | if ((png_ptr->flags & PNG_FLAG_BENIGN_ERRORS_WARN) != 0) |
519 | 0 | png_chunk_warning(png_ptr, error_message); |
520 | | |
521 | 0 | else |
522 | 0 | png_chunk_error(png_ptr, error_message); |
523 | |
|
524 | | # ifndef PNG_ERROR_TEXT_SUPPORTED |
525 | | PNG_UNUSED(error_message) |
526 | | # endif |
527 | 0 | } |
528 | | #endif |
529 | | #endif /* READ */ |
530 | | |
531 | | void /* PRIVATE */ |
532 | | png_chunk_report(png_const_structrp png_ptr, png_const_charp message, int error) |
533 | 0 | { |
534 | | # ifndef PNG_WARNINGS_SUPPORTED |
535 | | PNG_UNUSED(message) |
536 | | # endif |
537 | | |
538 | | /* This is always supported, but for just read or just write it |
539 | | * unconditionally does the right thing. |
540 | | */ |
541 | 0 | # if defined(PNG_READ_SUPPORTED) && defined(PNG_WRITE_SUPPORTED) |
542 | 0 | if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0) |
543 | 0 | # endif |
544 | | |
545 | 0 | # ifdef PNG_READ_SUPPORTED |
546 | 0 | { |
547 | 0 | if (error < PNG_CHUNK_ERROR) |
548 | 0 | png_chunk_warning(png_ptr, message); |
549 | | |
550 | 0 | else |
551 | 0 | png_chunk_benign_error(png_ptr, message); |
552 | 0 | } |
553 | 0 | # endif |
554 | | |
555 | 0 | # if defined(PNG_READ_SUPPORTED) && defined(PNG_WRITE_SUPPORTED) |
556 | 0 | else if ((png_ptr->mode & PNG_IS_READ_STRUCT) == 0) |
557 | 0 | # endif |
558 | | |
559 | 0 | # ifdef PNG_WRITE_SUPPORTED |
560 | 0 | { |
561 | 0 | if (error < PNG_CHUNK_WRITE_ERROR) |
562 | 0 | png_app_warning(png_ptr, message); |
563 | | |
564 | 0 | else |
565 | 0 | png_app_error(png_ptr, message); |
566 | 0 | } |
567 | 0 | # endif |
568 | 0 | } |
569 | | |
570 | | #ifdef PNG_ERROR_TEXT_SUPPORTED |
571 | | #ifdef PNG_FLOATING_POINT_SUPPORTED |
572 | | PNG_FUNCTION(void, |
573 | | png_fixed_error,(png_const_structrp png_ptr, png_const_charp name),PNG_NORETURN) |
574 | 0 | { |
575 | 0 | # define fixed_message "fixed point overflow in " |
576 | 0 | # define fixed_message_ln ((sizeof fixed_message)-1) |
577 | 0 | unsigned int iin; |
578 | 0 | char msg[fixed_message_ln+PNG_MAX_ERROR_TEXT]; |
579 | 0 | memcpy(msg, fixed_message, fixed_message_ln); |
580 | 0 | iin = 0; |
581 | 0 | if (name != NULL) |
582 | 0 | while (iin < (PNG_MAX_ERROR_TEXT-1) && name[iin] != 0) |
583 | 0 | { |
584 | 0 | msg[fixed_message_ln + iin] = name[iin]; |
585 | 0 | ++iin; |
586 | 0 | } |
587 | 0 | msg[fixed_message_ln + iin] = 0; |
588 | 0 | png_error(png_ptr, msg); |
589 | 0 | } |
590 | | #endif |
591 | | #endif |
592 | | |
593 | | #ifdef PNG_SETJMP_SUPPORTED |
594 | | /* This API only exists if ANSI-C style error handling is used, |
595 | | * otherwise it is necessary for png_default_error to be overridden. |
596 | | */ |
597 | | jmp_buf* PNGAPI |
598 | | png_set_longjmp_fn(png_structrp png_ptr, png_longjmp_ptr longjmp_fn, |
599 | | size_t jmp_buf_size) |
600 | 4.34k | { |
601 | | /* From libpng 1.6.0 the app gets one chance to set a 'jmpbuf_size' value |
602 | | * and it must not change after that. Libpng doesn't care how big the |
603 | | * buffer is, just that it doesn't change. |
604 | | * |
605 | | * If the buffer size is no *larger* than the size of jmp_buf when libpng is |
606 | | * compiled a built in jmp_buf is returned; this preserves the pre-1.6.0 |
607 | | * semantics that this call will not fail. If the size is larger, however, |
608 | | * the buffer is allocated and this may fail, causing the function to return |
609 | | * NULL. |
610 | | */ |
611 | 4.34k | if (png_ptr == NULL) |
612 | 0 | return NULL; |
613 | | |
614 | 4.34k | if (png_ptr->jmp_buf_ptr == NULL) |
615 | 4.34k | { |
616 | 4.34k | png_ptr->jmp_buf_size = 0; /* not allocated */ |
617 | | |
618 | 4.34k | if (jmp_buf_size <= (sizeof png_ptr->jmp_buf_local)) |
619 | 4.34k | png_ptr->jmp_buf_ptr = &png_ptr->jmp_buf_local; |
620 | | |
621 | 0 | else |
622 | 0 | { |
623 | 0 | png_ptr->jmp_buf_ptr = png_voidcast(jmp_buf *, |
624 | 0 | png_malloc_warn(png_ptr, jmp_buf_size)); |
625 | |
|
626 | 0 | if (png_ptr->jmp_buf_ptr == NULL) |
627 | 0 | return NULL; /* new NULL return on OOM */ |
628 | | |
629 | 0 | png_ptr->jmp_buf_size = jmp_buf_size; |
630 | 0 | } |
631 | 4.34k | } |
632 | | |
633 | 0 | else /* Already allocated: check the size */ |
634 | 0 | { |
635 | 0 | size_t size = png_ptr->jmp_buf_size; |
636 | |
|
637 | 0 | if (size == 0) |
638 | 0 | { |
639 | 0 | size = (sizeof png_ptr->jmp_buf_local); |
640 | 0 | if (png_ptr->jmp_buf_ptr != &png_ptr->jmp_buf_local) |
641 | 0 | { |
642 | | /* This is an internal error in libpng: somehow we have been left |
643 | | * with a stack allocated jmp_buf when the application regained |
644 | | * control. It's always possible to fix this up, but for the moment |
645 | | * this is a png_error because that makes it easy to detect. |
646 | | */ |
647 | 0 | png_error(png_ptr, "Libpng jmp_buf still allocated"); |
648 | | /* png_ptr->jmp_buf_ptr = &png_ptr->jmp_buf_local; */ |
649 | 0 | } |
650 | 0 | } |
651 | | |
652 | 0 | if (size != jmp_buf_size) |
653 | 0 | { |
654 | 0 | png_warning(png_ptr, "Application jmp_buf size changed"); |
655 | 0 | return NULL; /* caller will probably crash: no choice here */ |
656 | 0 | } |
657 | 0 | } |
658 | | |
659 | | /* Finally fill in the function, now we have a satisfactory buffer. It is |
660 | | * valid to change the function on every call. |
661 | | */ |
662 | 4.34k | png_ptr->longjmp_fn = longjmp_fn; |
663 | 4.34k | return png_ptr->jmp_buf_ptr; |
664 | 4.34k | } |
665 | | |
666 | | void /* PRIVATE */ |
667 | | png_free_jmpbuf(png_structrp png_ptr) |
668 | 4.34k | { |
669 | 4.34k | if (png_ptr != NULL) |
670 | 4.34k | { |
671 | 4.34k | jmp_buf *jb = png_ptr->jmp_buf_ptr; |
672 | | |
673 | | /* A size of 0 is used to indicate a local, stack, allocation of the |
674 | | * pointer; used here and in png.c |
675 | | */ |
676 | 4.34k | if (jb != NULL && png_ptr->jmp_buf_size > 0) |
677 | 0 | { |
678 | | |
679 | | /* This stuff is so that a failure to free the error control structure |
680 | | * does not leave libpng in a state with no valid error handling: the |
681 | | * free always succeeds, if there is an error it gets ignored. |
682 | | */ |
683 | 0 | if (jb != &png_ptr->jmp_buf_local) |
684 | 0 | { |
685 | | /* Make an internal, libpng, jmp_buf to return here */ |
686 | 0 | jmp_buf free_jmp_buf; |
687 | |
|
688 | 0 | if (!setjmp(free_jmp_buf)) |
689 | 0 | { |
690 | 0 | png_ptr->jmp_buf_ptr = &free_jmp_buf; /* come back here */ |
691 | 0 | png_ptr->jmp_buf_size = 0; /* stack allocation */ |
692 | 0 | png_ptr->longjmp_fn = longjmp; |
693 | 0 | png_free(png_ptr, jb); /* Return to setjmp on error */ |
694 | 0 | } |
695 | 0 | } |
696 | 0 | } |
697 | | |
698 | | /* *Always* cancel everything out: */ |
699 | 4.34k | png_ptr->jmp_buf_size = 0; |
700 | 4.34k | png_ptr->jmp_buf_ptr = NULL; |
701 | 4.34k | png_ptr->longjmp_fn = 0; |
702 | 4.34k | } |
703 | 4.34k | } |
704 | | #endif |
705 | | |
706 | | /* This is the default error handling function. Note that replacements for |
707 | | * this function MUST NOT RETURN, or the program will likely crash. This |
708 | | * function is used by default, or if the program supplies NULL for the |
709 | | * error function pointer in png_set_error_fn(). |
710 | | */ |
711 | | static PNG_FUNCTION(void /* PRIVATE */, |
712 | | png_default_error,(png_const_structrp png_ptr, png_const_charp error_message), |
713 | | PNG_NORETURN) |
714 | 0 | { |
715 | 0 | #ifdef PNG_CONSOLE_IO_SUPPORTED |
716 | | #ifdef PNG_ERROR_NUMBERS_SUPPORTED |
717 | | /* Check on NULL only added in 1.5.4 */ |
718 | | if (error_message != NULL && *error_message == PNG_LITERAL_SHARP) |
719 | | { |
720 | | /* Strip "#nnnn " from beginning of error message. */ |
721 | | int offset; |
722 | | char error_number[16]; |
723 | | for (offset = 0; offset<15; offset++) |
724 | | { |
725 | | error_number[offset] = error_message[offset + 1]; |
726 | | if (error_message[offset] == ' ') |
727 | | break; |
728 | | } |
729 | | |
730 | | if ((offset > 1) && (offset < 15)) |
731 | | { |
732 | | error_number[offset - 1] = '\0'; |
733 | | fprintf(stderr, "libpng error no. %s: %s", |
734 | | error_number, error_message + offset + 1); |
735 | | fprintf(stderr, PNG_STRING_NEWLINE); |
736 | | } |
737 | | |
738 | | else |
739 | | { |
740 | | fprintf(stderr, "libpng error: %s, offset=%d", |
741 | | error_message, offset); |
742 | | fprintf(stderr, PNG_STRING_NEWLINE); |
743 | | } |
744 | | } |
745 | | else |
746 | | #endif |
747 | 0 | { |
748 | 0 | fprintf(stderr, "libpng error: %s", error_message ? error_message : |
749 | 0 | "undefined"); |
750 | 0 | fprintf(stderr, PNG_STRING_NEWLINE); |
751 | 0 | } |
752 | | #else |
753 | | PNG_UNUSED(error_message) /* Make compiler happy */ |
754 | | #endif |
755 | 0 | png_longjmp(png_ptr, 1); |
756 | 0 | } |
757 | | |
758 | | PNG_FUNCTION(void,PNGAPI |
759 | | png_longjmp,(png_const_structrp png_ptr, int val),PNG_NORETURN) |
760 | 0 | { |
761 | 0 | #ifdef PNG_SETJMP_SUPPORTED |
762 | 0 | if (png_ptr != NULL && png_ptr->longjmp_fn != NULL && |
763 | 0 | png_ptr->jmp_buf_ptr != NULL) |
764 | 0 | png_ptr->longjmp_fn(*png_ptr->jmp_buf_ptr, val); |
765 | | #else |
766 | | PNG_UNUSED(png_ptr) |
767 | | PNG_UNUSED(val) |
768 | | #endif |
769 | | |
770 | | /* If control reaches this point, png_longjmp() must not return. The only |
771 | | * choice is to terminate the whole process (or maybe the thread); to do |
772 | | * this the ANSI-C abort() function is used unless a different method is |
773 | | * implemented by overriding the default configuration setting for |
774 | | * PNG_ABORT(). |
775 | | */ |
776 | 0 | PNG_ABORT(); |
777 | 0 | } |
778 | | |
779 | | #ifdef PNG_WARNINGS_SUPPORTED |
780 | | /* This function is called when there is a warning, but the library thinks |
781 | | * it can continue anyway. Replacement functions don't have to do anything |
782 | | * here if you don't want them to. In the default configuration, png_ptr is |
783 | | * not used, but it is passed in case it may be useful. |
784 | | */ |
785 | | static void /* PRIVATE */ |
786 | | png_default_warning(png_const_structrp png_ptr, png_const_charp warning_message) |
787 | 0 | { |
788 | 0 | #ifdef PNG_CONSOLE_IO_SUPPORTED |
789 | | # ifdef PNG_ERROR_NUMBERS_SUPPORTED |
790 | | if (*warning_message == PNG_LITERAL_SHARP) |
791 | | { |
792 | | int offset; |
793 | | char warning_number[16]; |
794 | | for (offset = 0; offset < 15; offset++) |
795 | | { |
796 | | warning_number[offset] = warning_message[offset + 1]; |
797 | | if (warning_message[offset] == ' ') |
798 | | break; |
799 | | } |
800 | | |
801 | | if ((offset > 1) && (offset < 15)) |
802 | | { |
803 | | warning_number[offset + 1] = '\0'; |
804 | | fprintf(stderr, "libpng warning no. %s: %s", |
805 | | warning_number, warning_message + offset); |
806 | | fprintf(stderr, PNG_STRING_NEWLINE); |
807 | | } |
808 | | |
809 | | else |
810 | | { |
811 | | fprintf(stderr, "libpng warning: %s", |
812 | | warning_message); |
813 | | fprintf(stderr, PNG_STRING_NEWLINE); |
814 | | } |
815 | | } |
816 | | else |
817 | | # endif |
818 | |
|
819 | 0 | { |
820 | 0 | fprintf(stderr, "libpng warning: %s", warning_message); |
821 | 0 | fprintf(stderr, PNG_STRING_NEWLINE); |
822 | 0 | } |
823 | | #else |
824 | | PNG_UNUSED(warning_message) /* Make compiler happy */ |
825 | | #endif |
826 | 0 | PNG_UNUSED(png_ptr) /* Make compiler happy */ |
827 | 0 | } |
828 | | #endif /* WARNINGS */ |
829 | | |
830 | | /* This function is called when the application wants to use another method |
831 | | * of handling errors and warnings. Note that the error function MUST NOT |
832 | | * return to the calling routine or serious problems will occur. The return |
833 | | * method used in the default routine calls longjmp(png_ptr->jmp_buf_ptr, 1) |
834 | | */ |
835 | | void PNGAPI |
836 | | png_set_error_fn(png_structrp png_ptr, png_voidp error_ptr, |
837 | | png_error_ptr error_fn, png_error_ptr warning_fn) |
838 | 4.34k | { |
839 | 4.34k | if (png_ptr == NULL) |
840 | 0 | return; |
841 | | |
842 | 4.34k | png_ptr->error_ptr = error_ptr; |
843 | 4.34k | png_ptr->error_fn = error_fn; |
844 | 4.34k | #ifdef PNG_WARNINGS_SUPPORTED |
845 | 4.34k | png_ptr->warning_fn = warning_fn; |
846 | | #else |
847 | | PNG_UNUSED(warning_fn) |
848 | | #endif |
849 | 4.34k | } |
850 | | |
851 | | |
852 | | /* This function returns a pointer to the error_ptr associated with the user |
853 | | * functions. The application should free any memory associated with this |
854 | | * pointer before png_write_destroy and png_read_destroy are called. |
855 | | */ |
856 | | png_voidp PNGAPI |
857 | | png_get_error_ptr(png_const_structrp png_ptr) |
858 | 0 | { |
859 | 0 | if (png_ptr == NULL) |
860 | 0 | return NULL; |
861 | | |
862 | 0 | return (png_voidp)png_ptr->error_ptr; |
863 | 0 | } |
864 | | |
865 | | |
866 | | #ifdef PNG_ERROR_NUMBERS_SUPPORTED |
867 | | void PNGAPI |
868 | | png_set_strip_error_numbers(png_structrp png_ptr, png_uint_32 strip_mode) |
869 | | { |
870 | | if (png_ptr != NULL) |
871 | | { |
872 | | png_ptr->flags &= |
873 | | ((~(PNG_FLAG_STRIP_ERROR_NUMBERS | |
874 | | PNG_FLAG_STRIP_ERROR_TEXT))&strip_mode); |
875 | | } |
876 | | } |
877 | | #endif |
878 | | |
879 | | #if defined(PNG_SIMPLIFIED_READ_SUPPORTED) ||\ |
880 | | defined(PNG_SIMPLIFIED_WRITE_SUPPORTED) |
881 | | /* Currently the above both depend on SETJMP_SUPPORTED, however it would be |
882 | | * possible to implement without setjmp support just so long as there is some |
883 | | * way to handle the error return here: |
884 | | */ |
885 | | PNG_FUNCTION(void /* PRIVATE */, (PNGCBAPI |
886 | | png_safe_error),(png_structp png_nonconst_ptr, png_const_charp error_message), |
887 | | PNG_NORETURN) |
888 | 0 | { |
889 | 0 | png_const_structrp png_ptr = png_nonconst_ptr; |
890 | 0 | png_imagep image = png_voidcast(png_imagep, png_ptr->error_ptr); |
891 | | |
892 | | /* An error is always logged here, overwriting anything (typically a warning) |
893 | | * that is already there: |
894 | | */ |
895 | 0 | if (image != NULL) |
896 | 0 | { |
897 | 0 | png_safecat(image->message, (sizeof image->message), 0, error_message); |
898 | 0 | image->warning_or_error |= PNG_IMAGE_ERROR; |
899 | | |
900 | | /* Retrieve the jmp_buf from within the png_control, making this work for |
901 | | * C++ compilation too is pretty tricky: C++ wants a pointer to the first |
902 | | * element of a jmp_buf, but C doesn't tell us the type of that. |
903 | | */ |
904 | 0 | if (image->opaque != NULL && image->opaque->error_buf != NULL) |
905 | 0 | longjmp(png_control_jmp_buf(image->opaque), 1); |
906 | | |
907 | | /* Missing longjmp buffer, the following is to help debugging: */ |
908 | 0 | { |
909 | 0 | size_t pos = png_safecat(image->message, (sizeof image->message), 0, |
910 | 0 | "bad longjmp: "); |
911 | 0 | png_safecat(image->message, (sizeof image->message), pos, |
912 | 0 | error_message); |
913 | 0 | } |
914 | 0 | } |
915 | | |
916 | | /* Here on an internal programming error. */ |
917 | 0 | abort(); |
918 | 0 | } |
919 | | |
920 | | #ifdef PNG_WARNINGS_SUPPORTED |
921 | | void /* PRIVATE */ PNGCBAPI |
922 | | png_safe_warning(png_structp png_nonconst_ptr, png_const_charp warning_message) |
923 | 0 | { |
924 | 0 | png_const_structrp png_ptr = png_nonconst_ptr; |
925 | 0 | png_imagep image = png_voidcast(png_imagep, png_ptr->error_ptr); |
926 | | |
927 | | /* A warning is only logged if there is no prior warning or error. */ |
928 | 0 | if (image->warning_or_error == 0) |
929 | 0 | { |
930 | 0 | png_safecat(image->message, (sizeof image->message), 0, warning_message); |
931 | 0 | image->warning_or_error |= PNG_IMAGE_WARNING; |
932 | 0 | } |
933 | 0 | } |
934 | | #endif |
935 | | |
936 | | int /* PRIVATE */ |
937 | | png_safe_execute(png_imagep image, int (*function)(png_voidp), png_voidp arg) |
938 | 0 | { |
939 | 0 | png_voidp saved_error_buf = image->opaque->error_buf; |
940 | 0 | jmp_buf safe_jmpbuf; |
941 | 0 | int result; |
942 | | |
943 | | /* Safely execute function(arg), with png_error returning back here. */ |
944 | 0 | if (setjmp(safe_jmpbuf) == 0) |
945 | 0 | { |
946 | 0 | image->opaque->error_buf = safe_jmpbuf; |
947 | 0 | result = function(arg); |
948 | 0 | image->opaque->error_buf = saved_error_buf; |
949 | 0 | return result; |
950 | 0 | } |
951 | | |
952 | | /* On png_error, return via longjmp, pop the jmpbuf, and free the image. */ |
953 | 0 | image->opaque->error_buf = saved_error_buf; |
954 | 0 | png_image_free(image); |
955 | 0 | return 0; |
956 | 0 | } |
957 | | #endif /* SIMPLIFIED READ || SIMPLIFIED_WRITE */ |
958 | | #endif /* READ || WRITE */ |