mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[master] Imported from libpng-1.6.30.tar

Browse Source
This commit is contained in:
Glenn Randers-Pehrson
2017-06-28 13:46:04 -05:00
parent b363e01e6b
commit 8c552ddf5b
57 changed files with 489 additions and 247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/arm-neon/android-ndk.c
View File

@@ -17,7 +17,7 @@
*
* Documentation:
* http://www.kandroid.org/ndk/docs/CPU-ARM-NEON.html
* http://code.google.com/p/android/issues/detail?id=49065
* https://code.google.com/p/android/issues/detail?id=49065
*
* NOTE: this requires that libpng is built against the Android NDK and linked
* with an implementation of the Android ARM 'cpu-features' library. The code

2
contrib/examples/pngtopng.c
View File

@@ -5,7 +5,7 @@
* related or neighboring rights to this work. This work is published from:
* United States.
*
* Last changed in libpng 1.6.29 [%RDATE%]
* Last changed in libpng 1.6.29 [March 16, 2017]
*
* Read a PNG and write it out in a fixed format, using the 'simplified API'
* that was introduced in libpng-1.6.0.

4
contrib/gregbook/README
View File

@@ -55,7 +55,7 @@ mation and links to the latest version of the source code, and Chapters
13-15 of the book for detailed discussion of the three programs.
Greg Roelofs
http://pobox.com/~newt/greg_contact.html
https://pobox.com/~newt/greg_contact.html
16 March 2008
@@ -63,7 +63,7 @@ BUILD INSTRUCTIONS
- Prerequisites (in order of compilation):
- zlib http://zlib.net/
- zlib https://zlib.net/
- libpng http://www.libpng.org/pub/png/libpng.html
- pngbook http://www.libpng.org/pub/png/book/sources.html

8
contrib/gregbook/readpng.c
View File

@@ -4,7 +4,7 @@
---------------------------------------------------------------------------
Copyright (c) 1998-2007 Greg Roelofs. All rights reserved.
Copyright (c) 1998-2007,2017 Greg Roelofs. All rights reserved.
This software is provided "as is," without warranty of any kind,
express or implied. In no event shall the author or contributors
@@ -264,6 +264,12 @@ uch *readpng_get_image(double display_exponent, int *pChannels, ulg *pRowbytes)
*pRowbytes = rowbytes = png_get_rowbytes(png_ptr, info_ptr);
*pChannels = (int)png_get_channels(png_ptr, info_ptr);
/* Guard against integer overflow */
if (height > ((size_t)(-1))/rowbytes) {
fprintf(stderr, "readpng: image_data buffer would be too large\n",
return NULL;
}
if ((image_data = (uch *)malloc(rowbytes*height)) == NULL) {
png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
return NULL;

1
contrib/gregbook/readpng2.c
View File

@@ -55,6 +55,7 @@
Changelog:
2015-11-12 - Check return value of png_get_bKGD() (Glenn R-P)
2017-04-22 - Guard against integer overflow (Glenn R-P)
---------------------------------------------------------------------------*/

13
contrib/gregbook/readppm.c
View File

@@ -9,7 +9,7 @@
---------------------------------------------------------------------------
Copyright (c) 1998-2007 Greg Roelofs. All rights reserved.
Copyright (c) 1998-2007,2017 Greg Roelofs. All rights reserved.
This software is provided "as is," without warranty of any kind,
express or implied. In no event shall the author or contributors
@@ -154,12 +154,17 @@ uch *readpng_get_image(double display_exponent, int *pChannels, ulg *pRowbytes)
*pRowbytes = rowbytes = channels*width;
*pChannels = channels;
if ((image_data = (uch *)malloc(rowbytes*height)) == NULL) {
Trace((stderr, "readpng_get_image: rowbytes = %ld, height = %ld\n", rowbytes, height));
/* Guard against integer overflow */
if (height > ((size_t)(-1))/rowbytes) {
fprintf(stderr, PROGNAME ": image_data buffer would be too large\n",
return NULL;
}
Trace((stderr, "readpng_get_image: rowbytes = %ld, height = %ld\n", rowbytes, height));
if ((image_data = (uch *)malloc(rowbytes*height)) == NULL) {
return NULL;
}
/* now we can go ahead and just read the whole image */

9
contrib/gregbook/rpng-win.c
View File

@@ -24,10 +24,11 @@
- 1.10: enabled "message window"/console (thanks to David Geldreich)
- 2.00: dual-licensed (added GNU GPL)
- 2.01: fixed improper display of usage screen on PNG error(s)
- 2.02: check for integer overflow (Glenn R-P)
---------------------------------------------------------------------------
Copyright (c) 1998-2008 Greg Roelofs. All rights reserved.
Copyright (c) 1998-2008, 2017 Greg Roelofs. All rights reserved.
This software is provided "as is," without warranty of any kind,
express or implied. In no event shall the author or contributors
@@ -496,6 +497,12 @@ static int rpng_win_create_window(HINSTANCE hInst, int showmode)
wimage_rowbytes = ((3*image_width + 3L) >> 2) << 2;
/* Guard against integer overflow */
if (image_height > ((size_t)(-1))/wimage_rowbytes) {
fprintf(stderr, PROGNAME ": image_data buffer would be too large\n");
return 4; /* fail */
}
if (!(dib = (uch *)malloc(sizeof(BITMAPINFOHEADER) +
wimage_rowbytes*image_height)))
{

3
contrib/gregbook/rpng-x.c
View File

@@ -28,10 +28,11 @@
- 2.01: fixed improper display of usage screen on PNG error(s)
- 2.02: Added "void(argc);" statement to quiet pedantic compiler warnings
about unused variable (GR-P)
- 2.03: check for integer overflow (Glenn R-P)
---------------------------------------------------------------------------
Copyright (c) 1998-2008 Greg Roelofs. All rights reserved.
Copyright (c) 1998-2008, 2017 Greg Roelofs. All rights reserved.
This software is provided "as is," without warranty of any kind,
express or implied. In no event shall the author or contributors

12
contrib/gregbook/rpng2-win.c
View File

@@ -33,12 +33,11 @@
- 2.02: fixed improper display of usage screen on PNG error(s); fixed
unexpected-EOF and file-read-error cases
- 2.03: removed runtime MMX-enabling/disabling and obsolete -mmx* options
- 2.04:
(GR-P)
- 2.04: check for integer overflow (Glenn R-P)
---------------------------------------------------------------------------
Copyright (c) 1998-2008 Greg Roelofs. All rights reserved.
Copyright (c) 1998-2008, 2017 Greg Roelofs. All rights reserved.
This software is provided "as is," without warranty of any kind,
express or implied. In no event shall the author or contributors
@@ -650,6 +649,13 @@ static void rpng2_win_init()
Trace((stderr, " width = %ld\n", rpng2_info.width))
Trace((stderr, " height = %ld\n", rpng2_info.height))
/* Guard against integer overflow */
if (rpng2_info.height > ((size_t)(-1))/rowbytes) {
fprintf(stderr, PROGNAME ": image_data buffer would be too large\n",
readpng2_cleanup(&rpng2_info);
return;
}
rpng2_info.image_data = (uch *)malloc(rowbytes * rpng2_info.height);
if (!rpng2_info.image_data) {
readpng2_cleanup(&rpng2_info);

11
contrib/gregbook/rpng2-x.c
View File

@@ -44,9 +44,11 @@
- 2.04: Added "void(foo);" statements to quiet pedantic compiler warnings
about unused variables (GR-P)
- 2.05: Use nanosleep() instead of usleep(), which is deprecated (GR-P).
- 2.06: check for integer overflow (Glenn R-P)
---------------------------------------------------------------------------
Copyright (c) 1998-2010, 2014-2015 Greg Roelofs. All rights reserved.
Copyright (c) 1998-2010, 2014-2015, 2017 Greg Roelofs. All rights
reserved.
This software is provided "as is," without warranty of any kind,
express or implied. In no event shall the author or contributors
@@ -780,6 +782,13 @@ static void rpng2_x_init(void)
Trace((stderr, " width = %ld\n", rpng2_info.width))
Trace((stderr, " height = %ld\n", rpng2_info.height))
/* Guard against integer overflow */
if (rpng2_info.height > ((size_t)(-1))/rpng2_info.rowbytes) {
fprintf(stderr, PROGNAME ": image_data buffer would be too large\n");
readpng2_cleanup(&rpng2_info);
return;
}
rpng2_info.image_data = (uch *)malloc(rowbytes * rpng2_info.height);
if (!rpng2_info.image_data) {
readpng2_cleanup(&rpng2_info);

16
contrib/gregbook/wpng.c
View File

@@ -29,6 +29,7 @@
- 1.04: fixed DOS/OS2/Win32 detection, including partial Cygwin fix
(see http://home.att.net/~perlspinr/diffs/GregBook_cygwin.diff)
- 2.00: dual-licensed (added GNU GPL)
- 2.01: check for integer overflow (Glenn R-P)
[REPORTED BUG (win32 only): "contrib/gregbook/wpng.c - cmd line
dose not work! In order to do something useful I needed to redirect
@@ -38,7 +39,7 @@
---------------------------------------------------------------------------
Copyright (c) 1998-2007 Greg Roelofs. All rights reserved.
Copyright (c) 1998-2007, 2017 Greg Roelofs. All rights reserved.
This software is provided "as is," without warranty of any kind,
express or implied. In no event shall the author or contributors
@@ -702,7 +703,18 @@ int main(int argc, char **argv)
if (wpng_info.interlaced) {
long i;
ulg bytes;
ulg image_bytes = rowbytes * wpng_info.height; /* overflow? */
ulg image_bytes;
/* Guard against integer overflow */
if (wpng_info_height > ((size_t)(-1)/rowbytes ||
wpng_info_height > ((ulg)(-1)/rowbytes) {
fprintf(stderr, PROGNAME ": image_data buffer too large\n");
writepng_cleanup(&wpng_info);
wpng_cleanup();
exit(5);
}
image_bytes = rowbytes * wpng_info.height;
wpng_info.image_data = (uch *)malloc(image_bytes);
wpng_info.row_pointers = (uch **)malloc(wpng_info.height*sizeof(uch *));

2
contrib/gregbook/writepng.c
View File

@@ -4,7 +4,7 @@
---------------------------------------------------------------------------
Copyright (c) 1998-2007 Greg Roelofs. All rights reserved.
Copyright (c) 1998-2007, 2017 Greg Roelofs. All rights reserved.
This software is provided "as is," without warranty of any kind,
express or implied. In no event shall the author or contributors

5
contrib/pngminus/png2pnm.c
View File

@@ -3,6 +3,7 @@
* copyright (C) 1999 by Willem van Schaik <willem at schaik.com>
*
* version 1.0 - 1999.10.15 - First version.
* 1.1 - 2017.04.22 - Add buffer-size check (Glenn Randers-Pehrson)
*
* Permission to use, copy, modify, and distribute this software and
* its documentation for any purpose and without fee is hereby granted,
@@ -320,6 +321,10 @@ BOOL png2pnm (FILE *png_file, FILE *pnm_file, FILE *alpha_file,
/* row_bytes is the width x number of channels x (bit-depth / 8) */
row_bytes = png_get_rowbytes (png_ptr, info_ptr);
if (height > ((size_t)(-1))/row_bytes) /* too big */ {
png_destroy_read_struct (&png_ptr, &info_ptr, NULL);
return FALSE;
}
if ((png_pixels = (png_byte *)
malloc (row_bytes * height * sizeof (png_byte))) == NULL) {
png_destroy_read_struct (&png_ptr, &info_ptr, NULL);

4
contrib/pngminus/pnm2png.c
View File

@@ -4,6 +4,7 @@
*
* version 1.0 - 1999.10.15 - First version.
* version 1.1 - 2015.07.29 - Fixed leaks (Glenn Randers-Pehrson)
* version 1.2 - 2017.04.22 - Add buffer-size check
*
* Permission to use, copy, modify, and distribute this software and
* its documentation for any purpose and without fee is hereby granted,
@@ -373,6 +374,9 @@ BOOL pnm2png (FILE *pnm_file, FILE *png_file, FILE *alpha_file, BOOL interlace,
/* row_bytes is the width x number of channels x (bit-depth / 8) */
row_bytes = width * channels * ((bit_depth <= 8) ? 1 : 2);
if (height > ((size_t)(-1))/row_bytes) /* too big */ {
return FALSE;
}
if ((png_pixels = (png_byte *)
malloc (row_bytes * height * sizeof (png_byte))) == NULL)
return FALSE;

16
contrib/tools/genpng.c
View File

@@ -1,7 +1,8 @@
/*- genpng
*
* COPYRIGHT: Written by John Cunningham Bowler, 2015.
* To the extent possible under law, the author has waived all copyright and
* Revised by Glenn Randers-Pehrson, 2017, to add buffer-size check.
* To the extent possible under law, the authors have waived all copyright and
* related or neighboring rights to this work. This work is published from:
* United States.
*
@@ -783,6 +784,19 @@ main(int argc, const char **argv)
return 1;
}
#if 1
/* TO do: determine whether this guard against overflow is necessary.
* This comment in png.h indicates that it should be safe: "libpng will
* refuse to process an image where such an overflow would occur", but
* I don't see where the image gets rejected when the buffer is too
* large before the malloc is attempted.
*/
if (image.height > ((size_t)(-1))/(8*image.width)) {
fprintf(stderr, "genpng: image buffer would be too big");
return 1;
}
#endif
/* Create the buffer: */
buffer = malloc(PNG_IMAGE_SIZE(image));

2
contrib/tools/sRGB.h
View File

@@ -14,7 +14,7 @@
* All routines take and return a floating point value in the range
* 0 to 1.0, doing a calculation according to the sRGB specification
* (in fact the source of the numbers is the wikipedia article at
* http://en.wikipedia.org/wiki/SRGB).
* https://en.wikipedia.org/wiki/SRGB).
*/
static double
sRGB_from_linear(double l)

6
contrib/visupng/PngFile.c
View File

@@ -2,7 +2,7 @@
* PNGFILE.C -- Image File Functions
*-------------------------------------
*
* Copyright 2000, Willem van Schaik.
* Copyright 2000,2017 Willem van Schaik.
*
* This code is released under the libpng license.
* For conditions of distribution and use, see the disclaimer
@@ -236,6 +236,10 @@ BOOL PngLoadImage (PTSTR pstrFileName, png_byte **ppbImageData,
free (pbImageData);
pbImageData = NULL;
}
if ((*piHeight) > ((size_t)(-1))/ulRowBytes) {
{
png_error(png_ptr, "Visual PNG: image is too big");
}
if ((pbImageData = (png_byte *) malloc(ulRowBytes * (*piHeight)
* sizeof(png_byte))) == NULL)
{

10
contrib/visupng/VisualPng.c
View File

@@ -2,7 +2,7 @@
* VisualPng.C -- Shows a PNG image
*------------------------------------
*
* Copyright 2000, Willem van Schaik.
* Copyright 2000,2017 Willem van Schaik.
*
* This code is released under the libpng license.
* For conditions of distribution and use, see the disclaimer
@@ -726,6 +726,10 @@ BOOL DisplayImage (HWND hwnd, BYTE **ppDib,
pDib = NULL;
}
if (cyWinSize > ((size_t)(-1))/wDIRowBytes) {
{
MessageBox (hwnd, TEXT ("Visual PNG: image is too big");
}
if (!(pDib = (BYTE *) malloc (sizeof(BITMAPINFOHEADER) +
wDIRowBytes * cyWinSize)))
{
@@ -847,6 +851,10 @@ BOOL FillBitmap (
cxImgPos = (cxWinSize - cxNewSize) / 2;
}
if (cyNewSize > ((size_t)(-1))/(cImgChannels * cxNewSize)) {
{
MessageBox (hwnd, TEXT ("Visual PNG: stretched image is too big");
}
pStretchedImage = malloc (cImgChannels * cxNewSize * cyNewSize);
pImg = pStretchedImage;