Coverage Report

Created: 2025-11-14 07:32

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/libpng/pngmem.c
Line
Count
Source
1
/* pngmem.c - stub functions for memory allocation
2
 *
3
 * Copyright (c) 2018-2025 Cosmin Truta
4
 * Copyright (c) 1998-2002,2004,2006-2014,2016 Glenn Randers-Pehrson
5
 * Copyright (c) 1996-1997 Andreas Dilger
6
 * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
7
 *
8
 * This code is released under the libpng license.
9
 * For conditions of distribution and use, see the disclaimer
10
 * and license in png.h
11
 *
12
 * This file provides a location for all memory allocation.  Users who
13
 * need special memory handling are expected to supply replacement
14
 * functions for png_malloc() and png_free(), and to use
15
 * png_create_read_struct_2() and png_create_write_struct_2() to
16
 * identify the replacement functions.
17
 */
18
19
#include "pngpriv.h"
20
21
#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
22
/* Free a png_struct */
23
void /* PRIVATE */
24
png_destroy_png_struct(png_struct *png_ptr)
25
96.0k
{
26
96.0k
   if (png_ptr != NULL)
27
96.0k
   {
28
      /* png_free might call png_error and may certainly call
29
       * png_get_mem_ptr, so fake a temporary png_struct to support this.
30
       */
31
96.0k
      png_struct dummy_struct = *png_ptr;
32
96.0k
      memset(png_ptr, 0, (sizeof *png_ptr));
33
96.0k
      png_free(&dummy_struct, png_ptr);
34
35
96.0k
#     ifdef PNG_SETJMP_SUPPORTED
36
         /* We may have a jmp_buf left to deallocate. */
37
96.0k
         png_free_jmpbuf(&dummy_struct);
38
96.0k
#     endif
39
96.0k
   }
40
96.0k
}
41
42
/* Allocate memory.  For reasonable files, size should never exceed
43
 * 64K.  However, zlib may allocate more than 64K if you don't tell
44
 * it not to.  See zconf.h and png.h for more information.  zlib does
45
 * need to allocate exactly 64K, so whatever you call here must
46
 * have the ability to do that.
47
 */
48
PNG_FUNCTION(void *,
49
png_calloc,(const png_struct *png_ptr, png_alloc_size_t size),
50
    PNG_ALLOCATED)
51
31.5k
{
52
31.5k
   void *ret;
53
54
31.5k
   ret = png_malloc(png_ptr, size);
55
56
31.5k
   if (ret != NULL)
57
31.5k
      memset(ret, 0, size);
58
59
31.5k
   return ret;
60
31.5k
}
61
62
/* png_malloc_base, an internal function added at libpng 1.6.0, does the work of
63
 * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED.
64
 * Checking and error handling must happen outside this routine; it returns NULL
65
 * if the allocation cannot be done (for any reason.)
66
 */
67
PNG_FUNCTION(void * /* PRIVATE */,
68
png_malloc_base,(const png_struct *png_ptr, png_alloc_size_t size),
69
    PNG_ALLOCATED)
70
1.35M
{
71
   /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS
72
    * allocators have also been removed in 1.6.0, so any 16-bit system now has
73
    * to implement a user memory handler.  This checks to be sure it isn't
74
    * called with big numbers.
75
    */
76
#  ifdef PNG_MAX_MALLOC_64K
77
      /* This is support for legacy systems which had segmented addressing
78
       * limiting the maximum allocation size to 65536.  It takes precedence
79
       * over PNG_SIZE_MAX which is set to 65535 on true 16-bit systems.
80
       *
81
       * TODO: libpng-1.8: finally remove both cases.
82
       */
83
      if (size > 65536U) return NULL;
84
#  endif
85
86
   /* This is checked too because the system malloc call below takes a (size_t).
87
    */
88
1.35M
   if (size > PNG_SIZE_MAX) return NULL;
89
90
1.35M
#  ifdef PNG_USER_MEM_SUPPORTED
91
1.35M
      if (png_ptr != NULL && png_ptr->malloc_fn != NULL)
92
1.35M
         return png_ptr->malloc_fn(png_constcast(png_struct *,png_ptr), size);
93
#  else
94
      PNG_UNUSED(png_ptr)
95
#  endif
96
97
   /* Use the system malloc */
98
0
   return malloc((size_t)/*SAFE*/size); /* checked for truncation above */
99
1.35M
}
100
101
#if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\
102
   defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED)
103
/* This is really here only to work round a spurious warning in GCC 4.6 and 4.7
104
 * that arises because of the checks in png_realloc_array that are repeated in
105
 * png_malloc_array.
106
 */
107
static void *
108
png_malloc_array_checked(const png_struct *png_ptr, int nelements,
109
    size_t element_size)
110
93.4k
{
111
93.4k
   png_alloc_size_t req = (png_alloc_size_t)nelements; /* known to be > 0 */
112
113
93.4k
   if (req <= PNG_SIZE_MAX/element_size)
114
93.4k
      return png_malloc_base(png_ptr, req * element_size);
115
116
   /* The failure case when the request is too large */
117
0
   return NULL;
118
93.4k
}
119
120
PNG_FUNCTION(void * /* PRIVATE */,
121
png_malloc_array,(const png_struct *png_ptr, int nelements,
122
    size_t element_size),
123
    PNG_ALLOCATED)
124
0
{
125
0
   if (nelements <= 0 || element_size == 0)
126
0
      png_error(png_ptr, "internal error: array alloc");
127
128
0
   return png_malloc_array_checked(png_ptr, nelements, element_size);
129
0
}
130
131
PNG_FUNCTION(void * /* PRIVATE */,
132
png_realloc_array,(const png_struct *png_ptr, const void *old_array,
133
    int old_elements, int add_elements, size_t element_size),
134
    PNG_ALLOCATED)
135
93.4k
{
136
   /* These are internal errors: */
137
93.4k
   if (add_elements <= 0 || element_size == 0 || old_elements < 0 ||
138
93.4k
      (old_array == NULL && old_elements > 0))
139
0
      png_error(png_ptr, "internal error: array realloc");
140
141
   /* Check for overflow on the elements count (so the caller does not have to
142
    * check.)
143
    */
144
93.4k
   if (add_elements <= INT_MAX - old_elements)
145
93.4k
   {
146
93.4k
      void *new_array = png_malloc_array_checked(png_ptr,
147
93.4k
          old_elements+add_elements, element_size);
148
149
93.4k
      if (new_array != NULL)
150
93.4k
      {
151
         /* Because png_malloc_array worked the size calculations below cannot
152
          * overflow.
153
          */
154
93.4k
         if (old_elements > 0)
155
76.4k
            memcpy(new_array, old_array, element_size*(unsigned)old_elements);
156
157
93.4k
         memset((char*)new_array + element_size*(unsigned)old_elements, 0,
158
93.4k
             element_size*(unsigned)add_elements);
159
160
93.4k
         return new_array;
161
93.4k
      }
162
93.4k
   }
163
164
0
   return NULL; /* error */
165
93.4k
}
166
#endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */
167
168
/* Various functions that have different error handling are derived from this.
169
 * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate
170
 * function png_malloc_default is also provided.
171
 */
172
PNG_FUNCTION(void *,
173
png_malloc,(const png_struct *png_ptr, png_alloc_size_t size),
174
    PNG_ALLOCATED)
175
400k
{
176
400k
   void *ret;
177
178
400k
   if (png_ptr == NULL)
179
0
      return NULL;
180
181
400k
   ret = png_malloc_base(png_ptr, size);
182
183
400k
   if (ret == NULL)
184
0
       png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */
185
186
400k
   return ret;
187
400k
}
188
189
#ifdef PNG_USER_MEM_SUPPORTED
190
PNG_FUNCTION(void *,
191
png_malloc_default,(const png_struct *png_ptr, png_alloc_size_t size),
192
    PNG_ALLOCATED PNG_DEPRECATED)
193
0
{
194
0
   void *ret;
195
196
0
   if (png_ptr == NULL)
197
0
      return NULL;
198
199
   /* Passing 'NULL' here bypasses the application provided memory handler. */
200
0
   ret = png_malloc_base(NULL/*use malloc*/, size);
201
202
0
   if (ret == NULL)
203
0
      png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */
204
205
0
   return ret;
206
0
}
207
#endif /* USER_MEM */
208
209
/* This function was added at libpng version 1.2.3.  The png_malloc_warn()
210
 * function will issue a png_warning and return NULL instead of issuing a
211
 * png_error, if it fails to allocate the requested memory.
212
 */
213
PNG_FUNCTION(void *,
214
png_malloc_warn,(const png_struct *png_ptr, png_alloc_size_t size),
215
    PNG_ALLOCATED)
216
502k
{
217
502k
   if (png_ptr != NULL)
218
502k
   {
219
502k
      void *ret = png_malloc_base(png_ptr, size);
220
221
502k
      if (ret != NULL)
222
502k
         return ret;
223
224
0
      png_warning(png_ptr, "Out of memory");
225
0
   }
226
227
0
   return NULL;
228
502k
}
229
230
/* Free a pointer allocated by png_malloc().  If ptr is NULL, return
231
 * without taking any action.
232
 */
233
void
234
png_free(const png_struct *png_ptr, void *ptr)
235
2.29M
{
236
2.29M
   if (png_ptr == NULL || ptr == NULL)
237
944k
      return;
238
239
1.35M
#ifdef PNG_USER_MEM_SUPPORTED
240
1.35M
   if (png_ptr->free_fn != NULL)
241
1.35M
      png_ptr->free_fn(png_constcast(png_struct *,png_ptr), ptr);
242
243
0
   else
244
0
      png_free_default(png_ptr, ptr);
245
1.35M
}
246
247
PNG_FUNCTION(void,
248
png_free_default,(const png_struct *png_ptr, void *ptr),
249
    PNG_DEPRECATED)
250
0
{
251
0
   if (png_ptr == NULL || ptr == NULL)
252
0
      return;
253
0
#endif /* USER_MEM */
254
255
0
   free(ptr);
256
0
}
257
258
#ifdef PNG_USER_MEM_SUPPORTED
259
/* This function is called when the application wants to use another method
260
 * of allocating and freeing memory.
261
 */
262
void
263
png_set_mem_fn(png_struct *png_ptr, void *mem_ptr,
264
    png_malloc_ptr malloc_fn, png_free_ptr free_fn)
265
96.0k
{
266
96.0k
   if (png_ptr != NULL)
267
96.0k
   {
268
96.0k
      png_ptr->mem_ptr = mem_ptr;
269
96.0k
      png_ptr->malloc_fn = malloc_fn;
270
96.0k
      png_ptr->free_fn = free_fn;
271
96.0k
   }
272
96.0k
}
273
274
/* This function returns a pointer to the mem_ptr associated with the user
275
 * functions.  The application should free any memory associated with this
276
 * pointer before png_write_destroy and png_read_destroy are called.
277
 */
278
void *
279
png_get_mem_ptr(const png_struct *png_ptr)
280
0
{
281
0
   if (png_ptr == NULL)
282
0
      return NULL;
283
284
0
   return png_ptr->mem_ptr;
285
0
}
286
#endif /* USER_MEM */
287
#endif /* READ || WRITE */