[libpng17] Quieted Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,

pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
would only work with iTXt chunks with length 255 or less.

ANNOUNCE

@@ -1,5 +1,5 @@
 
-Libpng 1.7.0beta63 - June 1, 2015
+Libpng 1.7.0beta63 - June 3, 2015
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -809,12 +809,15 @@ Version 1.7.0beta61 [May 31, 2015]
     pngwutil.c, introduced in libpng-0.95, March 1997.
 
 Version 1.7.0beta62 [June 1, 2015]
-  Removed WRITE_WEIGHTED_FILTERED code, to save a few kbytes of the
+  Removed the experimental WRITE_WEIGHTED_FILTERED code, to save a few
-    compiled library size. It never worked properly and as far as we can
+    kbytes of the compiled library size. It never worked properly and as
-    tell, no one uses it. The png_set_filter_heuristics() and
+    far as we can tell, no one uses it. The png_set_filter_heuristics() and
-    png_set_filter_heuristics_fixed(). APIs are retained but deprecated.
+    png_set_filter_heuristics_fixed() APIs are retained but deprecated.
 
-Version 1.7.0beta63 [June 1, 2015]
+Version 1.7.0beta63 [June 3, 2015]
+  Quieted Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
+    pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
+    would only work with iTXt chunks with length 255 or less.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

CHANGES

@@ -5104,12 +5104,15 @@ Version 1.7.0beta61 [May 31, 2015]
     pngwutil.c, introduced in libpng-0.95, March 1997.
 
 Version 1.7.0beta62 [June 1, 2015]
-  Removed WRITE_WEIGHTED_FILTERED code, to save a few kbytes of the
+  Removed the experimental WRITE_WEIGHTED_FILTERED code, to save a few
-    compiled library size. It never worked properly and as far as we can
+    kbytes of the compiled library size. It never worked properly and as
-    tell, no one uses it. The png_set_filter_heuristics() and
+    far as we can tell, no one uses it. The png_set_filter_heuristics() and
-    png_set_filter_heuristics_fixed(). APIs are retained but deprecated.
+    png_set_filter_heuristics_fixed() APIs are retained but deprecated.
 
-Version 1.7.0beta63 [June 1, 2015]
+Version 1.7.0beta63 [June 3, 2015]
+  Quieted Coverity issues in pngfix.c, png-fix-itxt.c, pngvalid.c,
+    pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
+    would only work with iTXt chunks with length 255 or less.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit

contrib/libtests/pngimage.c

@@ -1,8 +1,8 @@
 /* pngimage.c
  *
- * Copyright (c) 2014 John Cunningham Bowler
+ * Copyright (c) 2015 John Cunningham Bowler
  *
- * Last changed in libpng 1.6.10 [March 6, 2014]
+ * Last changed in libpng 1.6.18 [(PENDING RELEASE)]
  *
  * This code is released under the libpng license.
  * For conditions of distribution and use, see the disclaimer
@@ -1120,8 +1120,8 @@ compare_read(struct display *dp, int applied_transforms)
          {
             int b;
 
-            case 16: /* Two bytes per component, bit-endian */
+            case 16: /* Two bytes per component, big-endian */
-               for (b = (bpp >> 4); b > 0; )
+               for (b = (bpp >> 4); b > 0; --b)
                {
                   unsigned int sig = (unsigned int)(0xffff0000 >> sig_bits[b]);
 

contrib/libtests/pngstest.c

@@ -1,9 +1,9 @@
 /*-
  * pngstest.c
  *
- * Copyright (c) 2013-2014 John Cunningham Bowler
+ * Copyright (c) 2013-2015 John Cunningham Bowler
  *
- * Last changed in libpng 1.6.16 [December 22, 2014]
+ * Last changed in libpng 1.6.18 [(PENDING RELEASE)]
  *
  * This code is released under the libpng license.
  * For conditions of distribution and use, see the disclaimer
@@ -615,7 +615,7 @@ freeimage(Image *image)
 
    if (image->tmpfile_name[0] != 0 && (image->opts & KEEP_TMPFILES) == 0)
    {
-      remove(image->tmpfile_name);
+      (void)remove(image->tmpfile_name);
       image->tmpfile_name[0] = 0;
    }
 }
@@ -2828,7 +2828,7 @@ compare_two_images(Image *a, Image *b, int via_linear,
 
             else if (y >= b->image.colormap_entries)
             {
-               if ((a->opts & ACCUMULATE) == 0)
+               if ((b->opts & ACCUMULATE) == 0)
                   {
                   char pindex[9];
                   sprintf(pindex, "%lu[%lu]", (unsigned long)y,
@@ -3175,7 +3175,9 @@ read_one_file(Image *image)
 
                if (cb > 0)
                {
+#ifndef __COVERITY__
                   if ((unsigned long int)cb <= (size_t)~(size_t)0)
+#endif
                   {
                      png_bytep b = voidcast(png_bytep, malloc((size_t)cb));
 
@@ -3588,7 +3590,7 @@ main(int argc, char **argv)
             }
 
             /* Safe: checked above */
-            strcpy(tmpf, argv[c]);
+            strncpy(tmpf, argv[c], sizeof (tmpf)-1);
          }
 
          else

contrib/libtests/pngvalid.c

@@ -1,7 +1,7 @@
 
 /* pngvalid.c - validate libpng by constructing then reading png files.
  *
- * Last changed in libpng 1.6.17 [(PENDING RELEASE)]
+ * Last changed in libpng 1.6.18 [(PENDING RELEASE)]
  * Copyright (c) 2014-2015 Glenn Randers-Pehrson
  * Written by John Cunningham Bowler
  *
@@ -1319,7 +1319,10 @@ store_current_palette(png_store *ps, int *npalette)
     * operation.)
     */
    if (ps->current == NULL)
+   {
       store_log(ps, ps->pread, "no current stream for palette", 1);
+      return NULL;
+   }
 
    /* The result may be null if there is no palette. */
    *npalette = ps->current->npalette;

contrib/tools/png-fix-itxt.c

@@ -1,8 +1,8 @@
 
 /* png-fix-itxt version 1.0.0
  *
- * Copyright 2013 Glenn Randers-Pehrson
+ * Copyright 2015 Glenn Randers-Pehrson
- * Last changed in libpng 1.6.3 [July 18, 2013]
+ * Last changed in libpng 1.6.18 [(PENDING RELEASE)]
  *
  * This code is released under the libpng license.
  * For conditions of distribution and use, see the disclaimer
@@ -57,10 +57,10 @@ for (;;)
  {
    /* Read the length */
    unsigned long length; /* must be 32 bits! */
-   c=GETBREAK; buf[0] = c; length  = c; length <<= 8;
+   c=GETBREAK; buf[0] = c; length  = (c % 0xff); length <<= 8;
-   c=GETBREAK; buf[1] = c; length += c; length <<= 8;
+   c=GETBREAK; buf[1] = c; length += (c % 0xff); length <<= 8;
-   c=GETBREAK; buf[2] = c; length += c; length <<= 8;
+   c=GETBREAK; buf[2] = c; length += (c % 0xff); length <<= 8;
-   c=GETBREAK; buf[3] = c; length += c;
+   c=GETBREAK; buf[3] = c; length += (c % 0xff);
 
    /* Read the chunkname */
    c=GETBREAK; buf[4] = c;
@@ -109,9 +109,9 @@ for (;;)
       }
 
       /* Update length bytes */
-      buf[0] = (unsigned char)((length << 24) & 0xff);
+      buf[0] = (unsigned char)((length >> 24) & 0xff);
-      buf[1] = (unsigned char)((length << 16) & 0xff);
+      buf[1] = (unsigned char)((length >> 16) & 0xff);
-      buf[2] = (unsigned char)((length <<  8) & 0xff);
+      buf[2] = (unsigned char)((length >>  8) & 0xff);
       buf[3] = (unsigned char)((length      ) & 0xff);
 
       /* Write the fixed iTXt chunk (length, name, data, crc) */

contrib/tools/pngfix.c

@@ -2,7 +2,7 @@
  *
  * Copyright (c) 2014-2015 John Cunningham Bowler
  *
- * Last changed in libpng 1.6.17 [(PENDING RELEASE)]
+ * Last changed in libpng 1.6.18 [(PENDING RELEASE)]
  *
  * This code is released under the libpng license.
  * For conditions of distribution and use, see the disclaimer
@@ -3853,6 +3853,7 @@ usage(const char *prog)
 int
 main(int argc, const char **argv)
 {
+   char temp_name[FILENAME_MAX+1];
    const char *  prog = *argv;
    const char *  outfile = NULL;
    const char *  suffix = NULL;
@@ -3955,7 +3956,6 @@ main(int argc, const char **argv)
       else
       {
          size_t outlen = strlen(*argv);
-         char temp_name[FILENAME_MAX+1];
 
          if (outfile == NULL) /* else this takes precedence */
          {