internal struct (png_transform_control) to replace row_info and uses
that to implement affirms correctly. The change also adds checks on
the rowbytes calculation and additional checks on most transform
implementations.
Added png_uint_16 range checking, pngvalid tRNS, fixed png_uint_16:
review of previous checks, removal of some where SAFE. pngvalid: add
testing of tRNS for better code coverage pngvalid: correct rgb-to-gray
error calculations. Code coverage is still incomplete: see /*UNTESTED*/
in pngrtran.c
added RELEASE/!RELEASE convenience macros. png_muldiv_warn was used in
only one place, and the overflow condition is a genuine warning not
an internal error. Four macros allow code or function parameters to be
condition on RELEASE (or not) builds and tidy up the #ifdef handling of
functions.
where the code depended on the build base type and can be defined on
the command line, allowing testing in beta builds. Overflows previously
handled by png_warning in png.c have been changed to use new
macros/affirm functions so that beta builds will abort on overflow and
release builds will quietly ignore it. This avoids release builds
producing warnings that are of no use to end users.
Added 'assert' based overflow checking for debug builds for char
and short assignments. Simply ignore the error in release builds
(a truncated value will be used without warning). Controlled by
PNG_RANGE_CHECK_SUPPORTED.
to run all the png_handle_*() and depend on them to return if info_ptr == NULL.
This improves the performance of png_read_end(png_ptr, NULL) and makes
it more robust against future programming errors.
values on write, so a malicious PNG writer could therefore cause
the read code to return an invalid sBIT chunk, which might lead to
application errors or crashes. Such chunks are now skipped (with
chunk_benign_error).
defaults. Previously a return of 0 from a user chunk callback would result in
the chunk being saved (if this was safe, even if the chunk was unsafe-to-copy);
this change respects the defaults set by the application, so unknown chunks
can be discarded by default and known-safe ones preserved.
links and tests against zlib with a prefix; tests have been clarified; and
irrelevant or obsolete things (as defined by the autotools man page) have
been removed.
png_malloc_default png_free_default.
Updated some left over "1.6.0beta32" in code sources.
Fixed a "png_structp" prototype (should be png_structrp) in arm_init.c
Updated the version-number hack in pngvalid.c
These changes cause 16-bit arithmetic to be used for 8-bit data in the gamma
corrected compose and grayscale operations. The arithmetic errors have
three sources all of which are fixed in this commit:
1) 8-bit linear calculations produce massive errors for lower intensity
values.
2) The old 16-bit "16 to 8" gamma table code erroneously wrote the lowest
output value into a table entry which corresponded to multiple output
values (so where the value written should have been the closest to the
transformed input value.)
3) In a number of cases the code to access the 16-bit table did not round;
it did a simple shift, which was wrong and made the side effects of (2)
even worse.
The new gamma code does not have the 16-to-8 problem at the cost of slighly
more calculations and the algorithm used to minimize the number of
calculations has been extended to all the 16-bit tables; it has advantages
for any significant gamma correction.
