A funny thing happened while refactoring the function argument parsing
in the `PNGGenConfig` module: the processing of dependencies inside
the CMake function `generate_copy` got fixed, thanks to an inadvertent
typo correction!
Going down the rabbit hole, we uncovered two issues:
1. A typo in `scripts/cmake/PNGGenConfig.cmake` caused a dependency
declaration to disappear, disrupting the graph. Fortunately, this
disruption was being mitigated by an additional set of (redundant)
symbolic target declarations that kept the CMake build going.
2. The exact string matching inside `scripts/cmake/gensrc.cmake.in`
imposed an artificial limitation, disallowing the use of absolute
file paths.
The typo correction in (1), and the use of regex matching instead of
exact string matching in (2), allowed us to use absolute file paths
in the main CMake file, consistently, thus allowing CMake to recognize
them as uniquely-identifiable nodes in the dependency graph. There
should be no further need to have extra symbolic targets for proper
node identification.
In the end, we shaved off the redundant symbolic target declarations,
retaining only `png_genfiles` and `png_genprebuilt`.
Counter-intuitively, defining the PNG_DEBUG macro as 1 (i.e. setting
the debug verbosity level to 1) does *not* cause any of the existing
debug traces to show up. This setting would have worked if we had trace
statements like `png_debug(0, message)`, but we don't have any.
Debug traces do show up for verbosity levels from 2 to 5. The libpng
manual describes in detail how they are meant to be used.
According to the history of the CMake file, as well as the history of
other project files, PNG_DEBUG was never set to a numeric value larger
than 1. In other words, these debug settings inside these build files
never produced any output in any (unmodified) libpng version.
(As for the configure build, PNG_DEBUG has no special treatment there.)
Considering the plethora of alternative methods to pass C preprocessor
options through our build files, scripts and projects onto libpng, we'd
rather discontinue PNG_DEBUG as a dedicated build option.
Allow the CMake build to work properly, even if file paths (in the
source directory, in the build directory, or in the install directory)
might contain whitespace characters.
Improve the check for compilers that might use MSVC Runtime library
headers on Windows. We use POSIX-ish ("deprecated") functions, even
on Windows, and we want no spurious warnings.
Tidy up the CMake file: rearrange declarations, rewrite comments, etc.
When cross compiling for an apple platform on a non-apple platform
(or the reverse), `if(APPLE)` in line 32 should refer to the target
platform. Without importing the `APPLE` variable, it refers to the
host platform.
Reviewed-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
The editorconfig-checker program is not installed by default in the OS
used by GitHub Actions. Fortunately, the editorconfig-checker authors
have kindly provided the action-editorconfig-checker repository, which
we are now using.
Also tidy up the new RISC-V code to comply with our coding style,
and rearrange comments inside png.h to improve readability within
the configured editing limits.
Running the pnglibconf scripts (script/*.awk) is not always possible.
An AWK interpreter is not always guaranteed to be available; and even
if it is, there are limitations when making cross-platform libpng
builds, especially when the differences between the host platform and
the target platform are significant. For example:
* Building for the Windows (MinGW) target on a Unix development host;
* Building for the iOS target on a macOS development host;
* Building for the Android target on any development host.
In such scenarios, a preconfigured (i.e. prebuilt) pnglibconf.h file,
either taken from the libpng source tree or provided by the user who
wants to make a custom libpng build, becomes a necessity.
In this commit we introduce the build option `PNG_LIBCONF_HEADER` in
order to address this specific use case.
We also specify a version range (3.14...4.0) for the minimum required
CMake program, to future-proof the CMake build for just a little bit
longer.
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
Make the error directives uniformly consistent with one another.
Remove surrounding quotes and trailing punctuation, and rephrase
some of the error messages and some of their associated comments
for either brevity or clarity.
Add checks inside the private png*.h header files, in order to reduce
unintentional occurences of application backdoors.
Such backdoors might occur, for example, when we make changes to the
internal data structures that might somehow "leak" from the libpng
code into the user code. The applications that use the libpng API must
pretend not to know that these headers exist at all.
Co-authored-by: John Bowler <jbowler@acm.org>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
`png_icc_profile_error` is no longer used when writing iCCP chunks,
therefore it can be compiled out when the reading is disabled.
This change includes two `minconfig` files to test read-only and
write-only "full" configurations, to supplement the existing tests
for "minimal" configurations.
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
In the floating-point API function `png_set_mDCv` we incorrectly
divided by two the chromaticity values before passing them on to
`png_set_mDCv_fixed`.
Reported-by: Mohit Bakshi <mohitbakshi2205@gmail.com>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
This reverts commit 34005e3d3d373c0c36898cc55eae48a79c8238a1.
Although I agreed with Lucas Chollet initially, I finally understood
the objection brought forth by John Bowler: "[...] it's not an
ancillary chunk type if it's not a chunk type in the first place."
I feel that more deliberation is needed on what a robust PNG decoder
should do when it stumbles upon a chunk type that fails to meet its
basic requirements. A clarifying recommendation for decoders may or
may not need to be stipulated in the PNG specification as well.
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
We should use `FILE *` instead of `FILE*` or `(FILE*)`, consistently,
as we should for all other pointer types. Moreover, when we refer to
standard stdio file objects in comments and in documentation, we should
use the term "FILE objects" consistently.
Lastly, we clarify in a comment in example.c that `PNG_STDIO_SUPPORTED`
is true only when the stdio support is both available in the system and
accessible in the user's libpng build.
This is a cherry-pick of commit c63c5463903014c904b540216c2784023fb8c1c8
from branch 'libpng18'.
Reviewed-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
Remove #ifdef sections and other workarounds for old Windows compilers
that lacked proper support for Win32, including, especially, support
for the Win32 stdio API.
This is a cherry-pick of commit e936211760ddf0ed4a4711ea897b59395dfd206e
from branch 'libpng18'.
Reviewed-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
In addition to png.h, configure.ac and CMakeLists.txt, the script
ci_verify_version.sh is now able to verify libpng-config-head.in also.
For the benefit of readability, the old script ci_shellify.sh has been
split into smaller, independent scriptlets: libexec/ci_shellify_*.sh.
The linting script ci_lint.sh has been updated as needed.
For testing purposes (e.g. wanting to see if "make distclean" works
correctly with and without building), as well as development purposes
(e.g. wanting to inspect the artifacts produced in the configuration
stage), add `CI_NO_BUILD` to the family of contrarians.
pngimage: The code simply exited with a return code of 99 in the event
of a user error including giving pngimage invalid PNG files and an
internal error. It now attempts to clean up the state before doing so,
matching the normal behaviour.
pngimage: Non-ISO use of setjmp(3) corrected.
pngerror.c: Failure to call png_image_free on a false result from a
png_safe_execute function call fixed. This was a regression caused by
the 'volatile' clean-up. Not normally detectable because png_image_free
will often be called by the application.
Reviewed-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
nocompile-limits.dfa: turns off all limits including run-time limits
nolimits.dfa: makes the compile time limits unlimited while leaving on
the run-time limits.
Fixes compiler warnings exposed by these tests. These are just warnings,
there were no bugs other than a failure to handle systems with a 16-bit
at the appropriate time which would result in a later failure on malloc.
png.c: png_icc_check_length: in-line code was still used in place of
png_chunk_max when checking the current chunk allocation limit. The
in-line code did not handle PNG_MAXSEG_64K and, anyway, issued
compiler warnings in the 'nocompile-limits' case. Changed to use
png_malloc_max.
pngrutil.c: eliminated an erroneous 'truncation' warning with GCC-14 by
using a safe cast.
pngtest.c: failed to check for PNG_USER_LIMITS_SUPPORTED around API
calls which don't exist without PNG_USER_LIMITS.
Signed-off-by: John Bowler <jbowler@acm.org>
This is a regression of commit a8242dd9473a8da4d851623cf0b514a8ee4bee34
"PNGv3 colourspace precedence rules conformance".
Previously, `png_write_iCCP` used the length from the first four bytes
of the profile set by `png_set_iCCP`, rather than the actual data length
recorded by `png_set_iCCP`.
If the profile data were less than 4 bytes long, it would have caused
a read-beyond-end-of-malloc error. This bug was in the libpng code even
before the changes introduced in the above-mentioned commit, but it was
inaccessible. It became accessible when we removed the pre-PNGv3 colour
space checks in `png_set_iCCP`.
Reported-by: Bob Friesenhahn <bobjfriesenhahn@gmail.com>
Reviewed-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
This is a regression of commit 2519a03418af2108d3bd8c269ba01ab72ae240ef
"refactor: Clean up the checking of chunk lengths and allocation limits"
Compilation would break under the "right" non-default configuration.
(Oopsie!)
Also clean up comments in the surrounding code.
Reported-by: chris0e3 <chris0e3@gmail.com>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
Internal changes only.
Move chunk length checks to fewer places:
Change `png_struct::user_chunk_malloc_max` to always have a non-zero
value, in order to avoid the need to check for zero in multiple places.
Add `png_chunk_max(png_ptr)`, a function-like macro defined in pngpriv.h
which expresses all the previous checks on the various USER_LIMITS and
system limitations. Replace the code which implemented such checks with
`png_chunk_max`.
Move the malloc limit length check in `png_read_chunk_header` to
`png_handle_chunk` and make it conditional on the chunk type.
Progressive reader: call `png_read_chunk_header`.
Correct the handling of pHYs.
Reviewed-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
The two new configuation tests, fixed.dfa and float-fixed.dfa verify
that the 'standard' configuration of libpng works without floating point
arithmetic.
Signed-off-by: John Bowler <jbowler@acm.org>
This is a major change required by the new PNGv3 colour chunk precedence
rules. It **does not** change the libpng API (png.h) however it changes
the following handling of PNG files:
IFF the PNG file contains colour space information it changes from the
libpng v3 behaviour to the now compulsory PNG v3 behaviour:
1) libpng no longer invalidates colour space chunks because they are
inconsistent.
2) libpng no longer responds to the "png_get_" APIs positively if they
are not present in the PNG but can be deduced from the colour space
chunks that are present.
Add various missing pieces to their right places:
* Update .editorconfig in order to let editorconfig-checker know that
aclocal.m4 (which is auto-generated) may contain trailing whitespace.
* Add ci/README.md.
* Update scripts/README.txt.
TODO:
Integrate editorconfig-checker into the linting workflow on GitHub.
(See .github/workflows/lint.yml)
Apply the following updates:
* Tidy up the compiler flag definitions.
* Update the Darwin, Linux and MSYS makefiles to match the compiler
flags used in scripts/makefile.clang and scripts/makefile.gcc.
* Add the `pngtest-static` target in the Darwin makefile, following
on the Linux makefile.
* Rewrite some of the implicit make rules to match one another more
consistently.
* Make corrections in the copyright years to match git log.
Add scripts/makefile.c89 and refactor scripts/makefile.emcc,
scripts/makefile.clang and scripts/makefile.gcc
Refactor variable definitions inside scripts/makefile.clang,
scripts/makefile.gcc and scripts/makefile.emcc, and start using
the option `-pedantic-errors` unconditionally. This option was
first implemented in GCC version 3.1, and it was available in
Clang and in other Clang-based compilers (e.g. Emscripten) from
the beginning.
Add scripts/makefile.c89, derived from the above makefiles, but
with `-pedantic-errors -std=c89`. We aren't enabling the C89 level
by default, to avoid any incompatibility, whether intentional or
accidental, with the compiler's default language level. However,
we are still continuing to support C89 in the 'libpng16' branch,
and this special makefile can be used for testing purposes.
In libpng version 1.6.45 we inadvertently used a declaration after
a statement, which works for compilers supporting C99 and newer,
but fails with C89 compilers, which we are still supporting in the
branch 'libpng16'.
Moreover, in commit 92e8581f12d4570b777eaabfbe1f4243b7b80c04, we used
the macro `PNG_FIXED_EXPORT` in a manner that introduced a spurious ';'
character, which broke the build for all standard-conforming compilers.
Reviewed-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
A downgrade from 16-bit samples to 8-bit samples, or an expansion from
1- or 2-channel grayscale (or grayscale+alpha) to 3- or 4-channel
RGB (or RGB+alpha), etc., may be deemed generally useful. Such image
transforms could be made available to the user via command-line options.
On the other hand, keeping the decision to disable or enable these
transforms unconditionally at compile time (e.g. because they're needed
to work around a specific printer's limitations) is less than ideal.
