EXIF data can be stored in an eXIf chunk before IDAT, or after IDAT,
but the entire PNG datastream may contain one eXIf chunk at most.
Introduce the private mode flag PNG_WROTE_eXIf, which is meant to be
used like the PNG_WROTE_tIME flag. The eXIf chunk and the tIME chunk
have the same ordering rules (i.e. no constraints are imposed), and
the same multiplicity rules (i.e. no multiples are allowed), and they
should be initialized and checked using the same algorithm.
This fixes commit cd03aaf7bf0e0c748b8c6cb34a56b402b40d61d0,
previously reverted in 3d57708c9166419b7f5e0bbda2f7a2149112c844.
Reported-by: Ben Bullock <benkasminbullock@gmail.com>
Set the PNG_FREE_PCAL flag immediately after the allocation of the
first pCAL buffer, so that, if any one of the subsequent allocations
fail, all pCAL buffers still get deallocated by png_free_data.
Also reorder the initialization of other PNG_FREE_ flags (without
altering the semantics) to improve the overall consistency inside
the pngset.c module.
Co-authored-by: Philippe Antoine <contact@catenacyber.fr>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
This leak was discovered by OSS-Fuzz.
The old structure of the code was along the lines of:
allocate trans_alpha;
if (problem) {
// Jumps away from this function
png_warning("tRNS chunk has out-of-range samples for bit_depth");
}
mark trans_alpha as to-free;
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
As per the const correctness rules, top-level const-ness of data
in automatic scopes does not propagate outside of these scopes
(unlike const-ness at lower levels, such as pointers to const data).
Previously, const was used liberally, but inconsistently across the
libpng codebase. Using const wherever applicable is not incorrect.
However, _consistent_ use of const is difficult to maintain in such
conditions.
In conclusion, we shall continue to use const only where doing so is
strictly necessary:
1. If a function guarantees that it will not modify an argument
passed by pointer, the corresponding function parameter should be
a pointer-to-const (const T *).
2. Static data should not be modified, therefore it should be const.
Reference:
Google C++ Style Guide
https://google.github.io/styleguide/cppguide.html#Use_of_const
In v1.6.0, compiler support for const became a requirement.
It should be used consistently. To maintain backwards compatibility,
PNG_CONST is still maintained in deprecated form.
In v1.6.0, size_t became a required type. It should be used
consistently. To maintain backwards compatibility, png_size_t
is still maintained in deprecated form.
in pngwrite.c, and made various other fixes to png_write_eXIf().
Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif
to arguments for png_get_eXIf() and png_set_eXIf().
