The handling of tIME and text chunks on read now records the location of the
chunks relative to PLTE and IDAT. Behavior on write is unchanged except that if
the position was recorded on read it will be re-used.
This involves an ABI change to the png_text_struct; a one byte location field is
added (with the same meaning as the one used to record unknown chunk location.)
Because this field is only used on read there is no API change unless a png_info
from a libpng read is passed to a subsequent libpng write (this did not work
very well before 1.7; the tIME chunk could get duplicated.)
png_set_text ignores the new field, resetting it to the current position in the
read or write stream. On write the position is set to the next location to be
written unless the write has not started (the position is before the signature)
in which case the location is set to PNG_HAVE_PLTE|PNG_AFTER_IDAT. When the
chunk is written the position is set to the actual write location (effectively
the position is frozen.)
Signed-off-by: John Bowler <jbowler@acm.org>
This adds code to iterate through the command line options when non-list options
have the 'all' parameter. Used to rapidly test the effect of different zlib
options.
Signed-off-by: John Bowler <jbowler@acm.org>
This seems safer; in fact a NULL dereference never happens because the test ends
up just doing arithmetic on NULL but it seems possible that the undefined
arithmetic can still happen if there is a bug elsewhere.
Signed-off-by: John Bowler <jbowler@acm.org>
Undefined behaviour sanitizer currently fires for this test
with an error about member access within null pointer to
struct; put the check that relies on pz->list being non-NULL
second.
Also add an example program, pngcp.c, which illustrates the problem when used to
copy pngtest.png (the result is an invalid PNG because the tIME chunk is
duplicated.)
Signed-off-by: John Bowler <jbowler@acm.org>
This rewrites the code used previously in the heuristics to make it easier to
debug and introduces the 'methodical' method, which is intended to be an
expensive but reliable way of reducing image size.
The code in this commit does not work; the 'methodical' test for success does
not take account of data buffered inside zlib and, anyway, it changes the
results of pngtest so that the test fails. This commit is just a checkpoint of
the current state; another commit will temporarily disable the 'methodical'
code.
Signed-off-by: John Bowler <jbowler@acm.org>
Undefined because (png_byte) << shift is undefined if it changes the signed bit
(because png_byte is promoted to int). The libpng exported functions
png_get_uint_32 and png_get_uint_16 handle this.
Bug reported by David Drysdale as a result of reports from UBSAN in clang 3.8.
This changes pngvalid to use BE random numbers; this used to produce errors but
these should not be fixed as a result of the previous changes.
Signed-off-by: John Bowler <jbowler@acm.org>
This widens the 'limit' check on the internally calculated error limits in the
'DIGITIZE' case (the code used prior to 1.7 for rgb_to_gray error checks) and it
changes the check to only operate in non-release builds (base build type not RC
or RELEASE.)
Signed-off-by: John Bowler <jbowler@acm.org>
Fixes to pngvalid for various reduced build configurations (eliminate unused
statics) and a fix for the case in rgb_to_gray when the digitize option reduces
graylo to 0, producing a large error.
Signed-off-by: John Bowler <jbowler@acm.org>
This 'fixes' the current problem in the BE tests by not testing it, making the
BE code the same as the LE version.
Signed-off-by: John Bowler <jbowler@acm.org>
