These should fix most of the reported Coverity issues. The remaining issues
should be the back_b etc assignments, which look like a Coverity bug, and
passing a pointer to a byte to a function that expects a pointer to one or more
bytes, which should (I believe) be fixed in one case and not the other
(next_filter) case; the latter case will probably go away as I am going to
rewrite that piece of code to avoid a spurious buffer allocation.
Signed-off-by: John Bowler <jbowler@acm.org>
This implements a new chunk parse implementation that can be shared, it
is currently shared by the progressive reader and the sequential one
(not, yet, the writer).
The patch also implements shared transform handling that is used
throughout.
Signed-off-by: John Bowler <jbowler@acm.org>
added RELEASE/!RELEASE convenience macros. png_muldiv_warn was used in
only one place, and the overflow condition is a genuine warning not
an internal error. Four macros allow code or function parameters to be
condition on RELEASE (or not) builds and tidy up the #ifdef handling of
functions.
where the code depended on the build base type and can be defined on
the command line, allowing testing in beta builds. Overflows previously
handled by png_warning in png.c have been changed to use new
macros/affirm functions so that beta builds will abort on overflow and
release builds will quietly ignore it. This avoids release builds
producing warnings that are of no use to end users.
Added 'assert' based overflow checking for debug builds for char
and short assignments. Simply ignore the error in release builds
(a truncated value will be used without warning). Controlled by
PNG_RANGE_CHECK_SUPPORTED.
Silence 'unused parameter' build warnings (Cosmin).
$(CP) is now used alongside $(RM_F). Also, use 'copy' instead
of 'cp' where applicable, and applied other minor makefile changes.
Don't warn about invalid dimensions exceeding user limits.
Fixed 'minimal' builds. Various obviously useful minimal configurations
don't build because of missing contrib/libtests test programs and overly
complex dependencies in scripts/pnglibconf.dfa. This change adds
contrib/conftest/*.dfa files that can be used in automatic build
scripts to ensure that these configurations continue to build.
Enabled WRITE_INVERT and WRITE_PACK in contrib/pngminim/encoder.
sCAL APIs; some of these use floating point arithmetic so they need to be
disabled if floating point arithmetic is switched off. This is a quiet API
change - previously it appeared that the APIs were supported if fixed point
arithmetic was used internally, however they required certain APIs (floor,
modf, frexp, atof) that are part of C floating point support. Changed
png_fixed and the gamma code specific version of the same to avoid floor(),
which may be a library function (not an intrinsic). Removed unused #if 0
code.
links and tests against zlib with a prefix; tests have been clarified; and
irrelevant or obsolete things (as defined by the autotools man page) have
been removed.
png_malloc_default png_free_default.
Updated some left over "1.6.0beta32" in code sources.
Fixed a "png_structp" prototype (should be png_structrp) in arm_init.c
Updated the version-number hack in pngvalid.c
handling png_struct members rearranged - partly to reorder to avoid packing,
partly to put frequently accessed members at the start and partly to make
the grouping more clear. png_set_filter code has been rewritten and the
code shared with png_write_start_row moved to a common function. Comments
in png.h have been made more clear. Minor fixes to
contrib/libtests/timepng.c and some of the png_*_tRNS logic, including
more error detection in png_set_tRNS.
management system (CMS). In practice it is not possible to obtain cHRM
information reliably using just the end-point tags because they do not exist
in the vast majority of profiles. Instead it is necessary to run the endpoints
through the ICC colorimetric intent transform (as described in the v4
spec). Since this is likely to be too much code inside libpng for too
little gain (it implies a fairly complete CMS implementation) the code
has been changed to allow an external CMS to be used. This code is
temporarily disabled until a suitable set of test cases using one or more
external CMS implementations have been implemented.
contrib/libtests/makepng: corrected 'rgb' and 'gray' cases. profile_error
messages could be truncated; made a correct buffer size calculation and
adjusted pngerror.c appropriately. png_icc_check_* checking improved;
changed the functions to receive the correct color type of the PNG on read
or write and check that it matches the color space of the profile (despite
what the comments said before, there is danger in assuming the app will
cope correctly with an RGB profile on a grayscale image and, since it
violates the PNG spec, allowing it is certain to produce inconsistent
app behavior and might even cause app crashes.) Check that profiles
contain the tags needed to process the PNG (tags all required by the ICC
spec). Removed unused PNG_STATIC from pngpriv.h.
Added new "png_structrp" typedef. Because of the
way libpng works both png_info and png_struct are always accessed via a
single pointer. This means adding C99 'restrict' to the pointer gives
the compiler some opportunity to optimize the code. This change allows that.
changes alter how the tricky allocation of the initial png_struct and png_info
structures are handled. png_info is now handled in pretty much the same
way as everything else, except that the allocations handle NULL return
silently. png_struct is changed in a similar way on allocation and on
deallocation a 'safety' error handler is put in place (which should never
be required). The error handler itself is changed to permit mismatches
in the application and libpng error buffer size; however, this means a
silent change to the API to return the jmp_buf if the size doesn't match
the size from the libpng compilation; libpng now allocates the memory and
this may fail. Overall these changes result in slight code size
reductions; however, this is a reduction in code that is always executed
so is particularly valuable. Overall on a 64-bit system the libpng DLL
decreases in code size by 1733 bytes. pngerror.o increases in size by
about 465 bytes because of the new functionality.
These changes alter how the tricky allocation of the initial png_struct and
png_info structures are handled. png_info is now handled in pretty much the
same way as everything else, except that the allocations handle NULL return
silently. png_struct is changed in a similar way on allocation and on
deallocation a 'safety' error handler is put in place (which should never
be required). The error handler itself is changed to permit mismatches
in the application and libpng error buffer size; however, this means a
silent change to the API to return the jmp_buf if the size doesn't match
the size from the libpng compilation; libpng now allocates the memory and
this may fail. Overall these changes result in slight code size
reductions; however, this is a reduction in code that is always executed
so is particularly valuable. Overall on a 64-bit system the libpng DLL
decreases in code size by 1733 bytes. pngerror.o increases in size by
about 465 bytes because of the new functionality.
using g++. The compiler imposes C++ rules on the C source; thus it
is desireable to make the source work with either C or C++ rules
without throwing away useful error information. This change adds
png_voidcast to allow C semantic (void*) cases or the corresponding
C++ static_cast operation, as appropriate.
