The PNG IDAT did not include a '255' entry, the highest entry is '254',
this corrects the test PNG to have a palette with only 254 entries so
that it triggers the palette index checks.
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
The palette index checking function is called by default but only if
some *other* transformation is happening. This makes the 'get palette
max' public API disfunctional (sometimes it works, sometimes it returns
0) and causes the supposed default behaviour of checking the palette
index only to work sometimes. It works in pngtest, it doesn't work in
pngcp.
The check in pngread also has an off-by-one error; the number recorded
is the highest index found so it should be checked to ensure that it is
less than the palette length but it was checked for being greater.
The pull request includes a set of 8 files which all have the full range
of possible indices including one (the highest) which is invalid because
the PLTE chunk is one short of the maximum for each bit depth.
Signed-off-by: John Bowler <jbowler@acm.org>
Previously pngfix had been made warning-free in GCC7.1 by marking auto
variables (volatile). This prevented the arithmetic optimizations which
caused warnings from GCC7.1 with higher values -Wstrict-overflow=<n>
GCC has moved on a lot since 7.1 and pngfix.c now compiles with just one
warning using -Wstrict-overflow=5. The change includes a change to make
this go away by performing the rearrangement GCC was using in the code:
i == ndigits-1
becomes:
i+1 == ndigits
i is initialized to ndigits and has been decremented at least once so
this is fine.
Test, configure:
CFLAGS="-Wall -Wextra -Wno-maybe-uninitialized -Wstrict-overflow=5" \
../configure --enable-werror
make
make cehck
Test, cmake:
cmake ..
make
make test
Signed-off-by: John Bowler <jbowler@acm.org>
Prior versons of the GCC warned about the 'dest' parameter of
contrib/tools/pngcp.c not being volatile, which isn't necessary because
it isn't modified. This removes the GCC specific fixup.
The function which calls setjmp, cppng() also relied on undefined
behavior because it assigned the result of setjmp() to a variable; this
is not one of the four uses of setjmp permitted by ANSI-C. This passes
the result previously returned by longjmp via (struct display). It's
very very unlikely that any compiler could have got the code wrong but
it is technically undefined.
Defer the program termination on error until all files are closed and
(if applicable) all incompletely-written output files are deleted.
In addition, perform the following maintenance tasks:
* Rename and document the internal helpers used by the functions
`png2pnm` and `pnm2png`.
* Unset the executable permission bits for the *.bat test programs.
The pngminus programs use several PNG image transformations:
`png_set_expand`, `png_set_expand_1_2_4_to_8`, etc. (in png2pnm.c);
`png_set_packing`, `png_set_invert_mono`, etc. (in pnm2png.c).
The availability of all of these transformations in libpng is now
required at compile time.
On the topic of transformations, apply an unrelated fix to the use
of `png_set_gamma`.
Improve and modernize png2pnm.c:
* Remove the explicit reading of the input PNG file signature.
Libpng is now able to read it, check it, and issue an appropriate
error message in case of magic number mismatch or file corruption.
(See the function `png_read_sig`.)
* Remove the explicit allocation and dealocation of the image data.
Libpng is now able to manage all the image data automatically.
(See the function `png_read_png`.)
* Specify the needed image transformations without a-priori checking
the image type for applicability.
* Use the `png_set_expand_gray_1_2_4_to_8` transformation.
Since libpng version 1.2.9, this transformation (if needed) must
be enabled separately from `png_set_expand`.
Improve and modernize pnm2png.c:
* Modify the allocation of image data, in order to match libpng's
internal allocation model.
* Transfer the ownership of the image data from the `pnm2png` function
to libpng, which will manage and dealocate it at the right time.
(See the functions `png_set_image_rows` and `png_data_freer`.)
Refactor, clean up, etc.
Improve png2pnm.c:
* Add support for writing 16-bit raw PNM image files.
Fix and improve pnm2png.c:
* Add support for reading 16-bit raw PNM image files.
* Fix the parsing of arbitrarily long numeric strings.
In the parsing of PNM tokens, we can and we should avoid storing
more than one leading '0' in the token buffer. All valid (in-range)
numeric strings must fit in this limited-size buffer, regardless of
their actual length in the input file.
* Refactor the PNM parsing in order to make it more capable to handle
various kinds of input file errors.
* Remove the volatile qualifiers from all variable declarations.
Their original purpose was to appease old (and incorrect) warnings
issued by ancient optimizing compilers.
* Print a note about the program's lack of support for the PAM ("P7")
file format when the input is in this format.
* Add FIXME notes about the need to signal incorrect or incomplete
input files. (For png2pnm, this is done inside libpng.)
Raise the minimum required CMake version to 3.5.
Add the configuration option `PNGMINUS_USE_SYSTEM_PNG` for compiling
and linking with the system libpng library instead of the internal one.
Remove the old configuration option `PNGMINUS_USE_STATIC_LIBRARIES`.
When using the internal libpng (via `PNGMINUS_USE_SYSTEM_PNG=OFF`),
simply enforce static linking and produce single-file executables.
Rename the scripts "png2pnm.sh" (etc.) to "test_png2pnm.sh" (etc.),
to make it obvious that they are test drivers, not program launchers.
Add a .gitignore file for project-specific build and test artifacts.
This reverts the code to a variant of my old style of doing an 'fclose'
correctly and adds comments explaining why it is so difficult. Thanks
to @ihsinme for pointing out the error on github.com
Signed-off-by: John Bowler <jbowler@acm.org>
makepngs.sh relies on a Bash feature in one of its case statements,
";;&"; this should be made explicit in the shebang.
intgamma.sh declares a function in a manner which may fail in non-Bash
sh implementations, this patch uses the correct syntax.
Based on a patch by Roflcopter4:
https://github.com/joncampbell123/dosbox-x/pull/3850
Signed-off-by: Stephen Kitt <steve@sk2.org>
The old implementation of png_have_msa() caused a bus error,
if a word in /proc/cpuinfo was longer than 10 characters.
In the original implementation, `word[10]` was too short, and
`word[i++] = ch` caused a stack smash if the characters between
spaces were more than 10.
And also, fclose(f) should be called before leaving.
For example on loongson ls3a4000 cpu platform:
$ cat /proc/cpuinfo
system type : Generic Loongson64 System
machine : loongson,loongson64g-4core-ls7a
processor : 0
cpu model : ICT Loongson-3 V0.1 FPU V0.1
BogoMIPS : 3594.02
wait instruction : yes
microsecond timers : yes
tlb_entries : 2112
extra interrupt vector : no
hardware watchpoint : no
isa : mips1 mips2 mips3 mips4 mips5 mips32r1 mips32r2 mips64r1 mips64r2
ASEs implemented : vz msa loongson-mmi loongson-cam loongson-ext loongson-ext2
shadow register sets : 1
kscratch registers : 6
package : 0
core : 0
VCED exceptions : not available
VCEI exceptions : not available
processor : 1
cpu model : ICT Loongson-3 V0.1 FPU V0.1
BogoMIPS : 3611.26
wait instruction : yes
microsecond timers : yes
tlb_entries : 2112
extra interrupt vector : no
hardware watchpoint : no
isa : mips1 mips2 mips3 mips4 mips5 mips32r1 mips32r2 mips64r1 mips64r2
ASEs implemented : vz msa loongson-mmi loongson-cam loongson-ext loongson-ext2
shadow register sets : 1
kscratch registers : 6
package : 0
core : 1
VCED exceptions : not available
VCEI exceptions : not available
Co-authored-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: Sui Jingfeng <15330273260@189.cn>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
Remove all remaining "last changed" version info from source comments.
(The version control system maintains this information automatically.)
Delete the trailing whitespace characters.
With the caveat that oss-fuzz needs a full sync with upstream, here
are the changes applied to our old copy:
* Add a missing #include directive.
* Remove the "last changed" version info.
* Clean up the trailing whitespace.
Co-authored-by: Ilya Yegorov <hkctkuy@gmail.com>
Co-authored-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
Rename contrib/tools/chkfmt to contrib/tools/chkfmt.sh; refactor:
* Increase the max line length for contrib/**/*.[ch] from 96 to 100.
* Set the max line length for ci_*.sh to 100.
* Use `basename $0` instead of the hard-coded script name.
* Update comments.
Remove contrib/tools/reindent. For automated code formatting, including
indentation, we need a robust solution.
Add an empty line after the hashbang line in all scripts.
Remove the "last changed" version info from comment headers.
(The version control system maintains this information automatically.)
pngimage.c:
Initialize sig_bits on a NOTREACHED path to avoid warnings about using
uninitialized variables.
pngstest.c:
Enlarge buffers and fix signedness to avoid legitimate warnings about
potential buffer overflows.
pngunknown.c:
pngvalid.c:
Use NULL instead of 0 for pointers and apply other style fixes.
makepng.c:
tarith.c:
Apply various style fixes.
Also remove the "last changed" version info from source comments.
The version control system maintains this information automatically.
I got a warning while compiling under Ubuntu 18.04 and gcc 7.4:
"__BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
Quote from the Linux Programmer's Manual:
"To allow code that requires _BSD_SOURCE in glibc 2.19 and earlier and
_DEFAULT_SOURCE in glibc 2.20 and later to compile without warnings,
define both _BSD_SOURCE and _DEFAULT_SOURCE."
This adds the custom malloc/free functions from the old
libpng_read_fuzzer to the upstream fuzzer to prevent clusterfuzz
running into OOM.
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=904054
Contributed-by: Christopher Thompson <cthomp@chromium.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
If a zlib source tree exists besides the libpng source tree in the
same parent directory, the pngminus build may fail, unless the zlib
tree is built fully. In order to avoid this failing scenario, do not
use the custom-built zlib by default.
(The custom-built zlib is still necessary on platforms that lack a
system-built zlib.)
Change the license to MIT.
Move the license text from the source files to a LICENSE file.
Move the change log from the source files to a CHANGES file.
Delete the Turbo C makefile and simplify the Linux makefile heavily.
Create explicitly named static and shared executables in the makefile.
Refresh the README file a bit from the twenty year old one.
Signed-off-by: Willem van Schaik <willem@schaik.com>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
As per the const correctness rules, top-level const-ness of data
in automatic scopes does not propagate outside of these scopes
(unlike const-ness at lower levels, such as pointers to const data).
Previously, const was used liberally, but inconsistently across the
libpng codebase. Using const wherever applicable is not incorrect.
However, _consistent_ use of const is difficult to maintain in such
conditions.
In conclusion, we shall continue to use const only where doing so is
strictly necessary:
1. If a function guarantees that it will not modify an argument
passed by pointer, the corresponding function parameter should be
a pointer-to-const (const T *).
2. Static data should not be modified, therefore it should be const.
Reference:
Google C++ Style Guide
https://google.github.io/styleguide/cppguide.html#Use_of_const
In v1.6.0, compiler support for const became a requirement.
It should be used consistently. To maintain backwards compatibility,
PNG_CONST is still maintained in deprecated form.
In v1.6.0, size_t became a required type. It should be used
consistently. To maintain backwards compatibility, png_size_t
is still maintained in deprecated form.
