Make the error directives uniformly consistent with one another.
Remove surrounding quotes and trailing punctuation, and rephrase
some of the error messages and some of their associated comments
for either brevity or clarity.
This adds a new configuration file, 'contrib/conftest/basic.dfa' which
disables unused APIs on a test Linux-based system. So support the
configuration several fixes were necessary in the test programs so that
the tests are skipped correctly when APIs are not available.
The configuration has been tested on a range of common Linux apps
including web browser code (qtwebengine), image processing code (e.g.
ImageMagick) and general display code (X11, Qt5 and Qt6, KDE). Overall
this first step reduces libpng linked code and data size to about 2/3 of
the full configuration.
To use the new test simply copy basic.dfa to 'pngusr.dfa' in the root of
the source directory and build.
Signed-off-by: John Bowler <jbowler@acm.org>
Previously pngfix had been made warning-free in GCC7.1 by marking auto
variables (volatile). This prevented the arithmetic optimizations which
caused warnings from GCC7.1 with higher values -Wstrict-overflow=<n>
GCC has moved on a lot since 7.1 and pngfix.c now compiles with just one
warning using -Wstrict-overflow=5. The change includes a change to make
this go away by performing the rearrangement GCC was using in the code:
i == ndigits-1
becomes:
i+1 == ndigits
i is initialized to ndigits and has been decremented at least once so
this is fine.
Test, configure:
CFLAGS="-Wall -Wextra -Wno-maybe-uninitialized -Wstrict-overflow=5" \
../configure --enable-werror
make
make cehck
Test, cmake:
cmake ..
make
make test
Signed-off-by: John Bowler <jbowler@acm.org>
Prior versons of the GCC warned about the 'dest' parameter of
contrib/tools/pngcp.c not being volatile, which isn't necessary because
it isn't modified. This removes the GCC specific fixup.
The function which calls setjmp, cppng() also relied on undefined
behavior because it assigned the result of setjmp() to a variable; this
is not one of the four uses of setjmp permitted by ANSI-C. This passes
the result previously returned by longjmp via (struct display). It's
very very unlikely that any compiler could have got the code wrong but
it is technically undefined.
This reverts the code to a variant of my old style of doing an 'fclose'
correctly and adds comments explaining why it is so difficult. Thanks
to @ihsinme for pointing out the error on github.com
Signed-off-by: John Bowler <jbowler@acm.org>
makepngs.sh relies on a Bash feature in one of its case statements,
";;&"; this should be made explicit in the shebang.
intgamma.sh declares a function in a manner which may fail in non-Bash
sh implementations, this patch uses the correct syntax.
Based on a patch by Roflcopter4:
https://github.com/joncampbell123/dosbox-x/pull/3850
Signed-off-by: Stephen Kitt <steve@sk2.org>
Remove all remaining "last changed" version info from source comments.
(The version control system maintains this information automatically.)
Delete the trailing whitespace characters.
Rename contrib/tools/chkfmt to contrib/tools/chkfmt.sh; refactor:
* Increase the max line length for contrib/**/*.[ch] from 96 to 100.
* Set the max line length for ci_*.sh to 100.
* Use `basename $0` instead of the hard-coded script name.
* Update comments.
Remove contrib/tools/reindent. For automated code formatting, including
indentation, we need a robust solution.
Add an empty line after the hashbang line in all scripts.
Remove the "last changed" version info from comment headers.
(The version control system maintains this information automatically.)
As per the const correctness rules, top-level const-ness of data
in automatic scopes does not propagate outside of these scopes
(unlike const-ness at lower levels, such as pointers to const data).
Previously, const was used liberally, but inconsistently across the
libpng codebase. Using const wherever applicable is not incorrect.
However, _consistent_ use of const is difficult to maintain in such
conditions.
In conclusion, we shall continue to use const only where doing so is
strictly necessary:
1. If a function guarantees that it will not modify an argument
passed by pointer, the corresponding function parameter should be
a pointer-to-const (const T *).
2. Static data should not be modified, therefore it should be const.
Reference:
Google C++ Style Guide
https://google.github.io/styleguide/cppguide.html#Use_of_const
In v1.6.0, compiler support for const became a requirement.
It should be used consistently. To maintain backwards compatibility,
PNG_CONST is still maintained in deprecated form.
In v1.6.0, size_t became a required type. It should be used
consistently. To maintain backwards compatibility, png_size_t
is still maintained in deprecated form.
result when integers appear on both sides of a compare. Worked around the
others by forcing the strict-overflow setting in the relevant functions to
a level where they are not reported.
Changed "FALL THROUGH" comments to "FALLTHROUGH" because GCC doesn't like
the space.
Worked around some C-style casts from (void*) because g++ 5.4.0 objects
to them.
Increased the buffer size for 'sprint' to pass the gcc 7.1.0 'sprint
overflow' check that is on by default with -Wall -Wextra.
When an input file contains a zero length IDAT and pngfix is not applying the
IDAT rechunking (--max) option pngfix will go into a loop writing the zero
length IDAT for ever.
This is a fairly minor issue for interactive use; zero length IDAT is very rare,
the problem is obvious (pngfix hangs) and the fix (use --max, or --max=4096
etc), while not obvious, is easy.
For non-interactive use, e.g. trying to automatically repair a PNG that cannot
be read by libpng, there are security consequences:
1) pngfix hangs. This may permit a DoS attack.
2) When the --out option is used pngfix will just keep writing. This is a very
likely DoS scenario.
Signed-off-by: John Bowler <jbowler@acm.org>
The fixed size buffer for the file name being processed could have a byte
written beyond the end; a bug where the test was updated without changing the
size of the buffer. This commit reduces the buffer to the system maximum.
png_getrowbytes could, in theory, return 0; probably only if there is a bug in
libpng but the code now checks.
Signed-off-by: John Bowler <jbowler@acm.org>
If PNG_PNGCP_TIMING_SUPPORTED is defined maximal resolution CPU time logging of
png_read_png and png_write_png is enabled via the --time command line option.
This is not on by default but is enabled by contrib/conftests/pngcp.dfa
Signed-off-by: John Bowler <jbowler@acm.org>
This adds pngcp to the build together with a pngcp.dfa configuration test; the
test revealed some configuration bugs which are fixed by corrections to the
_SUPPORTED macros.
pngcp builds on all tested configurations and a number of bugs have been fixed
to make this happen relative to the version in libpng 1.7 contrib/examples.
pngcp.dfa will have to be different for 1.7 but pngcp.c should work fine (not
yet tested). pngcp itself is still missing a usage message; this is a
preliminary version, although since it behaves the same way as 'cp' most unoids
shouldn't have a problem using it correctly.
Signed-off-by: John Bowler <jbowler@acm.org>
This updates libpng16 with all the test changes from libpng17,
including changes to pngvalid.c to ensure that the original,
distributed, version of contrib/visupng/cexcept.h can be used.
pngvalid contains the correction to the use of SAVE/STORE_
UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
tests contain the --strict option to detect warnings and the
pngvalid-standard test has been corrected so that it does not
turn on progresive-read (there is a separate test which does
that.)
Some signed/unsigned fixes have been made.
Signed-off-by: John Bowler <jbowler@acm.org>
