mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng17] Transformed rewrite: changed row_info, added checks. This introduces an

Browse Source 
internal struct (png_transform_control) to replace row_info and uses
    that to implement affirms correctly.  The change also adds checks on
    the rowbytes calculation and additional checks on most transform
    implementations.
Added png_uint_16 range checking, pngvalid tRNS, fixed png_uint_16:
    review of previous checks, removal of some where SAFE. pngvalid: add
    testing of tRNS for better code coverage pngvalid: correct rgb-to-gray
    error calculations. Code coverage is still incomplete: see /*UNTESTED*/
    in pngrtran.c
This commit is contained in:
John Bowler
2015-03-30 21:32:41 -05:00
committed by Glenn Randers-Pehrson
parent 73ea393ab2
commit 673ae608ab
14 changed files with 1812 additions and 1451 deletions
Download Patch File Download Diff File Expand all files Collapse all files

382
pngwtran.c
View File

@@ -17,160 +17,111 @@
#ifdef PNG_WRITE_SUPPORTED
#ifdef PNG_WRITE_TRANSFORMS_SUPPORTED
/* This is here because png_row_info doesn't contain a png_ptr, so at present
* the transform routines can't signal an error. Instead we pass '0' as
* as png_ptr to png_check_byte in the non-release cases and do a hard cast
* in release.
*
* TODO: fix this.
*/
#ifdef PNG_RANGE_CHECK_SUPPORTED
# define CB(b) png_check_byte(0, b)
# define CU(u) png_check_u16(0, u)
#else
# define CB(b) ((png_byte)(b))
# define CU(u) ((png_uint_16)(u))
#endif
#ifdef PNG_WRITE_PACK_SUPPORTED
/* Pack pixels into bytes. Pass the true bit depth in bit_depth. The
/* Pack pixels into bytes. Get the true bit depth from png_ptr. The
* row_info bit depth should be 8 (one pixel per byte). The channels
* should be 1 (this only happens on grayscale and paletted images).
*/
static void
png_do_pack(png_row_infop row_info, png_bytep row, png_uint_32 bit_depth)
png_do_pack(png_transform_controlp row_info, png_bytep row)
{
png_debug(1, "in png_do_pack");
if (row_info->bit_depth == 8 &&
row_info->channels == 1)
# define png_ptr row_info->png_ptr
/* The comment suggests the following must be true.
* TODO: test this.
*/
affirm(row_info->bit_depth == 8 && row_info->channels == 1);
{
switch ((int)bit_depth)
switch (png_ptr->bit_depth)
{
case 1:
{
png_bytep sp, dp;
int mask, v;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info);
png_bytep dp = row;
unsigned int mask = 0x80, v = 0;
sp = row;
dp = row;
mask = 0x80;
v = 0;
for (i = 0; i < row_width; i++)
while (row < ep)
{
if (*sp != 0)
if (*row++ != 0)
v |= mask;
sp++;
mask >>= 1;
if (mask > 1)
mask >>= 1;
else
if (mask == 0)
{
mask = 0x80;
*dp = CB(v);
dp++;
*dp++ = (png_byte)/*SAFE*/v;
v = 0;
}
}
if (mask != 0x80)
*dp = CB(v);
*dp++ = (png_byte)/*SAFE*/v;
row_info->bit_depth = 1;
break;
}
case 2:
{
png_bytep sp, dp;
int shift, v;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info);
png_bytep dp = row;
unsigned int shift = 8, v = 0;
sp = row;
dp = row;
shift = 6;
v = 0;
for (i = 0; i < row_width; i++)
while (row < ep)
{
png_byte value;
value = PNG_BYTE(*sp & 0x03);
v |= (value << shift);
shift -= 2;
v |= (*row++ & 0x3) << shift;
if (shift == 0)
{
shift = 6;
*dp = CB(v);
dp++;
shift = 8;
*dp++ = png_check_byte(png_ptr, v);
v = 0;
}
else
shift -= 2;
sp++;
}
if (shift != 6)
*dp = CB(v);
if (shift != 8)
*dp++ = png_check_byte(png_ptr, v);
row_info->bit_depth = 2;
break;
}
case 4:
{
png_bytep sp, dp;
int shift, v;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info);
png_bytep dp = row;
unsigned int shift = 8, v = 0;
sp = row;
dp = row;
shift = 4;
v = 0;
for (i = 0; i < row_width; i++)
while (row < ep)
{
png_byte value;
value = PNG_BYTE(*sp & 0x0f);
v |= (value << shift);
shift -= 4;
v |= ((*row++ & 0xf) << shift);
if (shift == 0)
{
shift = 4;
*dp = CB(v);
dp++;
shift = 8;
*dp++ = png_check_byte(png_ptr, v);
v = 0;
}
else
shift -= 4;
sp++;
}
if (shift != 4)
*dp = CB(v);
if (shift != 8)
*dp++ = png_check_byte(png_ptr, v);
row_info->bit_depth = 4;
break;
}
default:
break;
}
row_info->bit_depth = CB(bit_depth);
row_info->pixel_depth = CB(bit_depth * row_info->channels);
row_info->rowbytes = PNG_ROWBYTES(row_info->pixel_depth,
row_info->width);
}
# undef png_ptr
}
#endif
@@ -181,19 +132,26 @@ png_do_pack(png_row_infop row_info, png_bytep row, png_uint_32 bit_depth)
* bit depth 4, but the pixels only had values from 0 to 7, you
* would pass 3 as bit_depth, and this routine would translate the
* data to 0 to 15.
*
* NOTE: this is horrible complexity for no value. Once people suggested they
* were selling 16-bit displays with 5:6:5 bits spread R:G:B but so far as I
* could determine these displays produced intermediate grey (uncolored) colors,
* which is impossible with a true 5:6:5, so most likely 5:6:5 was marketing.
*/
static void
png_do_shift(png_row_infop row_info, png_bytep row,
png_const_color_8p bit_depth)
png_do_shift(png_transform_controlp row_info, png_bytep row)
{
png_debug(1, "in png_do_shift");
if (row_info->color_type != PNG_COLOR_TYPE_PALETTE)
# define png_ptr row_info->png_ptr
if (!(row_info->flags & PNG_INDEXED) && (row_info->channels-1) <= 3)
{
png_const_color_8p bit_depth = &png_ptr->shift;
int shift_start[4], shift_dec[4];
int channels = 0;
if ((row_info->color_type & PNG_COLOR_MASK_COLOR) != 0)
if (row_info->channels == 3 || row_info->channels == 4)
{
shift_start[channels] = row_info->bit_depth - bit_depth->red;
shift_dec[channels] = bit_depth->red;
@@ -208,27 +166,29 @@ png_do_shift(png_row_infop row_info, png_bytep row,
channels++;
}
else
else /* 1 or 2 channels */
{
shift_start[channels] = row_info->bit_depth - bit_depth->gray;
shift_dec[channels] = bit_depth->gray;
channels++;
}
if ((row_info->color_type & PNG_COLOR_MASK_ALPHA) != 0)
if (row_info->channels == 2 || row_info->channels == 4)
{
shift_start[channels] = row_info->bit_depth - bit_depth->alpha;
shift_dec[channels] = bit_depth->alpha;
channels++;
}
/* With low row depths, could only be grayscale, so one channel */
/* With low res depths, could only be grayscale, so one channel */
if (row_info->bit_depth < 8)
{
png_bytep bp = row;
png_size_t i;
unsigned int mask;
png_size_t row_bytes = row_info->rowbytes;
size_t row_bytes = png_transform_rowbytes(row_info);
affirm(row_info->channels == 1);
if (bit_depth->gray == 1 && row_info->bit_depth == 2)
mask = 0x55;
@@ -256,7 +216,7 @@ png_do_shift(png_row_infop row_info, png_bytep row,
out |= (v >> (-j)) & mask;
}
*bp = CB(out);
*bp = png_check_byte(png_ptr, out);
}
}
@@ -285,7 +245,7 @@ png_do_shift(png_row_infop row_info, png_bytep row,
out |= v >> (-j);
}
*bp = CB(out);
*bp = png_check_byte(png_ptr, out);
}
}
@@ -312,200 +272,174 @@ png_do_shift(png_row_infop row_info, png_bytep row,
else
value |= v >> (-j);
}
*bp++ = CB(value >> 8);
*bp++ = png_check_byte(png_ptr, value >> 8);
*bp++ = PNG_BYTE(value);
}
}
}
# undef png_ptr
}
#endif
#ifdef PNG_WRITE_SWAP_ALPHA_SUPPORTED
static void
png_do_write_swap_alpha(png_row_infop row_info, png_bytep row)
png_do_write_swap_alpha(png_transform_controlp row_info, png_bytep row)
{
png_debug(1, "in png_do_write_swap_alpha");
# define png_ptr row_info->png_ptr
{
if (row_info->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
if (row_info->channels == 4)
{
if (row_info->bit_depth == 8)
{
/* This converts from ARGB to RGBA */
png_bytep sp, dp;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info) - 4;
for (i = 0, sp = dp = row; i < row_width; i++)
/* This converts from ARGB to RGBA */
while (row <= ep)
{
png_byte save = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = save;
png_byte save = row[0];
row[0] = row[1];
row[1] = row[2];
row[2] = row[3];
row[3] = save;
row += 4;
}
debug(row == ep+4);
}
#ifdef PNG_WRITE_16BIT_SUPPORTED
else
else if (row_info->bit_depth == 16)
{
/* This converts from AARRGGBB to RRGGBBAA */
png_bytep sp, dp;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info) - 8;
for (i = 0, sp = dp = row; i < row_width; i++)
while (row <= ep)
{
png_byte save[2];
save[0] = *(sp++);
save[1] = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = save[0];
*(dp++) = save[1];
png_byte s0 = row[0];
png_byte s1 = row[1];
memmove(row, row+2, 6);
row[6] = s0;
row[7] = s1;
row += 8;
}
debug(row == ep+8);
}
#endif /* WRITE_16BIT */
}
else if (row_info->color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
else if (row_info->channels == 2)
{
if (row_info->bit_depth == 8)
{
/* This converts from AG to GA */
png_bytep sp, dp;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info) - 2;
for (i = 0, sp = dp = row; i < row_width; i++)
/* This converts from ARGB to RGBA */
while (row <= ep)
{
png_byte save = *(sp++);
*(dp++) = *(sp++);
*(dp++) = save;
png_byte save = *row;
*row = row[1], ++row;
*row++ = save;
}
debug(row == ep+2);
}
#ifdef PNG_WRITE_16BIT_SUPPORTED
else
{
/* This converts from AAGG to GGAA */
png_bytep sp, dp;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info) - 4;
for (i = 0, sp = dp = row; i < row_width; i++)
while (row <= ep)
{
png_byte save[2];
save[0] = *(sp++);
save[1] = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = save[0];
*(dp++) = save[1];
png_byte save = row[0];
row[0] = row[2];
row[2] = save;
save = row[1];
row[1] = row[3];
row[3] = save;
row += 4;
}
debug(row == ep+4);
}
#endif /* WRITE_16BIT */
}
}
# undef png_ptr
}
#endif
#ifdef PNG_WRITE_INVERT_ALPHA_SUPPORTED
static void
png_do_write_invert_alpha(png_row_infop row_info, png_bytep row)
png_do_write_invert_alpha(png_transform_controlp row_info, png_bytep row)
{
png_debug(1, "in png_do_write_invert_alpha");
# define png_ptr row_info->png_ptr
{
if (row_info->color_type == PNG_COLOR_TYPE_RGB_ALPHA)
if (row_info->channels == 4)
{
if (row_info->bit_depth == 8)
{
/* This inverts the alpha channel in RGBA */
png_bytep sp, dp;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info) - 1;
for (i = 0, sp = dp = row; i < row_width; i++)
{
/* Does nothing
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*/
sp+=3; dp = sp;
*(dp++) = CB(255 - *(sp++));
}
row += 3; /* alpha channel */
while (row <= ep)
*row ^= 0xff, row += 4;
}
#ifdef PNG_WRITE_16BIT_SUPPORTED
else
else if (row_info->bit_depth == 16)
{
/* This inverts the alpha channel in RRGGBBAA */
png_bytep sp, dp;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info) - 2;
for (i = 0, sp = dp = row; i < row_width; i++)
{
/* Does nothing
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*/
sp+=6; dp = sp;
*(dp++) = CB(255 - *(sp++));
*(dp++) = CB(255 - *(sp++));
}
row += 6;
while (row <= ep)
row[0] ^= 0xff, row[1] ^= 0xff, row += 8;
}
#endif /* WRITE_16BIT */
}
else if (row_info->color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
else if (row_info->channels == 2)
{
if (row_info->bit_depth == 8)
{
/* This inverts the alpha channel in GA */
png_bytep sp, dp;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info) - 1;
for (i = 0, sp = dp = row; i < row_width; i++)
{
*(dp++) = *(sp++);
*(dp++) = CB(255 - *(sp++));
}
++row;
while (row <= ep)
*row ^= 0xff, row += 2;
}
#ifdef PNG_WRITE_16BIT_SUPPORTED
else
{
/* This inverts the alpha channel in GGAA */
png_bytep sp, dp;
png_uint_32 i;
png_uint_32 row_width = row_info->width;
png_const_bytep ep = row + png_transform_rowbytes(row_info) - 2;
for (i = 0, sp = dp = row; i < row_width; i++)
{
/* Does nothing
*(dp++) = *(sp++);
*(dp++) = *(sp++);
*/
sp+=2; dp = sp;
*(dp++) = CB(255 - *(sp++));
*(dp++) = CB(255 - *(sp++));
}
row += 2;
while (row <= ep)
row[0] ^= 0xff, row[1] ^= 0xff, row += 4;
}
#endif /* WRITE_16BIT */
}
}
# undef png_ptr
}
#endif
@@ -513,8 +447,10 @@ png_do_write_invert_alpha(png_row_infop row_info, png_bytep row)
* transformations is significant.
*/
void /* PRIVATE */
png_do_write_transformations(png_structrp png_ptr, png_row_infop row_info)
png_do_write_transformations(png_structrp png_ptr, png_row_infop row_info_in)
{
png_transform_control display;
png_debug(1, "in png_do_write_transformations");
if (png_ptr == NULL)
@@ -526,7 +462,7 @@ png_do_write_transformations(png_structrp png_ptr, png_row_infop row_info)
(*(png_ptr->write_user_transform_fn)) /* User write transform
function */
(png_ptr, /* png_ptr */
row_info, /* row_info: */
row_info_in, /* row_info: */
/* png_uint_32 width; width of row */
/* png_size_t rowbytes; number of bytes in row */
/* png_byte color_type; color type of pixels */
@@ -536,55 +472,65 @@ png_do_write_transformations(png_structrp png_ptr, png_row_infop row_info)
png_ptr->row_buf + 1); /* start of pixel data for row */
#endif
png_init_transform_control(png_ptr, &display, row_info_in);
#ifdef PNG_WRITE_FILLER_SUPPORTED
if ((png_ptr->transformations & PNG_FILLER) != 0)
png_do_strip_channel(row_info, png_ptr->row_buf + 1,
png_do_strip_channel(&display, png_ptr->row_buf + 1,
!(png_ptr->flags & PNG_FLAG_FILLER_AFTER));
#endif
#ifdef PNG_WRITE_PACKSWAP_SUPPORTED
if ((png_ptr->transformations & PNG_PACKSWAP) != 0)
png_do_packswap(row_info, png_ptr->row_buf + 1);
png_do_packswap(&display, png_ptr->row_buf + 1);
#endif
#ifdef PNG_WRITE_PACK_SUPPORTED
if ((png_ptr->transformations & PNG_PACK) != 0)
png_do_pack(row_info, png_ptr->row_buf + 1,
(png_uint_32)png_ptr->bit_depth);
png_do_pack(&display, png_ptr->row_buf + 1);
#endif
#ifdef PNG_WRITE_SWAP_SUPPORTED
# ifdef PNG_16BIT_SUPPORTED
if ((png_ptr->transformations & PNG_SWAP_BYTES) != 0)
png_do_swap(row_info, png_ptr->row_buf + 1);
png_do_swap(&display, png_ptr->row_buf + 1);
# endif
#endif
#ifdef PNG_WRITE_SHIFT_SUPPORTED
if ((png_ptr->transformations & PNG_SHIFT) != 0)
png_do_shift(row_info, png_ptr->row_buf + 1,
&(png_ptr->shift));
png_do_shift(&display, png_ptr->row_buf + 1);
#endif
#ifdef PNG_WRITE_SWAP_ALPHA_SUPPORTED
if ((png_ptr->transformations & PNG_SWAP_ALPHA) != 0)
png_do_write_swap_alpha(row_info, png_ptr->row_buf + 1);
png_do_write_swap_alpha(&display, png_ptr->row_buf + 1);
#endif
#ifdef PNG_WRITE_INVERT_ALPHA_SUPPORTED
if ((png_ptr->transformations & PNG_INVERT_ALPHA) != 0)
png_do_write_invert_alpha(row_info, png_ptr->row_buf + 1);
png_do_write_invert_alpha(&display, png_ptr->row_buf + 1);
#endif
#ifdef PNG_WRITE_BGR_SUPPORTED
if ((png_ptr->transformations & PNG_BGR) != 0)
png_do_bgr(row_info, png_ptr->row_buf + 1);
png_do_bgr(&display, png_ptr->row_buf + 1);
#endif
#ifdef PNG_WRITE_INVERT_SUPPORTED
if ((png_ptr->transformations & PNG_INVERT_MONO) != 0)
png_do_invert(row_info, png_ptr->row_buf + 1);
png_do_invert(&display, png_ptr->row_buf + 1);
#endif
/* Clear the flags; they are irrelevant because the write code is
* reversing transformations to get PNG data but the shared transformation
* code assumes input PNG data. Only PNG_INDEXED is required.
*/
if ((display.flags & PNG_BAD_INDEX) != 0)
png_error(png_ptr, "palette data has out of range index");
display.flags &= PNG_INDEXED;
png_end_transform_control(row_info_in, &display);
}
#endif /* WRITE_TRANSFORMS */
#endif /* WRITE */