because usleep() is deprecated (port from libpng16).
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
handling in contrib/libtests/pngstest.c; possible overflow of
unsigned char in contrib/tools/png-fix-itxt.c). To use the "secure"
file handling, define PNG_USE_MKSTEMP, otherwise "tmpfile()" will
be used.
function has apparently never been used. It was implemented
to support back-door modification of png_struct in libpng-1.4.x
but (because it does nothing and cannot do anything) was apparently
never tested (John Bowler).
depend on READ_TRANSFORMS and moves all the transform gamma (READ_GAMMA)
code from elsewhere to png_tran.c. There are no code changes.
There is one remaining use of the gamma (16-bit) code in the simplified
API in pngread.c but that is because of a long-standing libpng bug,
namely that the gamma corrected palette is no produced by
png_read_update_info (John Bowler).
pngstest.c, and pngimage.c. Most seem harmless, but png-fix-itxt
would only work with iTXt chunks with length 255 or less.
Fixed cexcept.h in which GCC 5 reported that one of the auto
variables in the Try macro needs to be volatile to prevent value
being lost over the setjmp, and fixed g++ build breaks (John Bowler).
compiled library size. It never worked properly and as far as we can
tell, no one uses it. The png_set_filter_heuristics() and
png_set_filter_heuristics_fixed() APIs are retained but deprecated.
internal struct (png_transform_control) to replace row_info and uses
that to implement affirms correctly. The change also adds checks on
the rowbytes calculation and additional checks on most transform
implementations.
Added png_uint_16 range checking, pngvalid tRNS, fixed png_uint_16:
review of previous checks, removal of some where SAFE. pngvalid: add
testing of tRNS for better code coverage pngvalid: correct rgb-to-gray
error calculations. Code coverage is still incomplete: see /*UNTESTED*/
in pngrtran.c
added RELEASE/!RELEASE convenience macros. png_muldiv_warn was used in
only one place, and the overflow condition is a genuine warning not
an internal error. Four macros allow code or function parameters to be
condition on RELEASE (or not) builds and tidy up the #ifdef handling of
functions.
where the code depended on the build base type and can be defined on
the command line, allowing testing in beta builds. Overflows previously
handled by png_warning in png.c have been changed to use new
macros/affirm functions so that beta builds will abort on overflow and
release builds will quietly ignore it. This avoids release builds
producing warnings that are of no use to end users.
Added 'assert' based overflow checking for debug builds for char
and short assignments. Simply ignore the error in release builds
(a truncated value will be used without warning). Controlled by
PNG_RANGE_CHECK_SUPPORTED.
