Remove all currently detected cases of unsigned overflow. Detection is
runtime, so test case dependent. The changes to pngvalid.c eliminate
spurious and probably invalid tests with one while loop exception.
Apart from that and the change to the dependence on the intended
unsigned overflow in pngtrans.c the changes are limited to altering the
meme for an unsigned 'x' from:
while (x-- > 0)
to
for (; x > 0; --x)
This works because, in all cases, the control variable is not used in
the loop. The 'while' meme was, at one time, warn'ed by GCC so it is
probably a good change, for some weird religious value of good.
Signed-off-by: John Bowler <jbowler@acm.org>
input that was made in version 1.6.17beta01, to preserve legacy
behavior even though it was incorrect. Instead, added new API
png_set_filter_16() and png_set_add_alpha_16() that set a flag to
make png_do_read_filter() interpret the filler bytes properly.
png_set of the transform function, but that doesn't matter unless the
transform function changes the rowbuf size, and that is only valid if
transform_info is called.
on read and write. In libpng 1.6 the two cases can be distinguished and
considerable code cleanup, and extra error checking, is possible. This
makes calls on the write side that have no effect be ignored with a
png_app_error(), which can be disabled in the app using
png_set_benign_errors(), and removes the spurious use of usr_channels
on the read side.
options declares 'index' as a global, causing a warning if it is used as a
local variable. GCC 64-bit warns about assigning a (size_t) (unsigned 64-bit)
to an (int) (signed 32-bit). MSVC, however, warns about using the
unary '-' operator on an unsigned value (even though it is well defined
by ANSI-C to be ~x+1). The padding calculation was changed to use a
different method. Removed the tests on png_ptr->pass.
compiler issues slightly different warnings from those issued by the
current vesions of GCC. This eliminates those warnings by
adding/removing casts and small code rewrites.
Added new "png_structrp" typedef. Because of the
way libpng works both png_info and png_struct are always accessed via a
single pointer. This means adding C99 'restrict' to the pointer gives
the compiler some opportunity to optimize the code. This change allows that.
