The sequential read code failed to read to the end of the IDAT stream in about
1/820 cases, resulting in a spurious warning. The
png_set_compression_buffer_size API also would not work (or do bad things) if
the size of a zlib uInt was less than 32 bits.
This includes a quiet API change to alter png_set_compression_buffer_size to use
a png_alloc_size_t, not png_size_t and implement the correct checks.
Signed-off-by: John Bowler <jbowler@acm.org>
The handling of tIME and text chunks on read now records the location of the
chunks relative to PLTE and IDAT. Behavior on write is unchanged except that if
the position was recorded on read it will be re-used.
This involves an ABI change to the png_text_struct; a one byte location field is
added (with the same meaning as the one used to record unknown chunk location.)
Because this field is only used on read there is no API change unless a png_info
from a libpng read is passed to a subsequent libpng write (this did not work
very well before 1.7; the tIME chunk could get duplicated.)
png_set_text ignores the new field, resetting it to the current position in the
read or write stream. On write the position is set to the next location to be
written unless the write has not started (the position is before the signature)
in which case the location is set to PNG_HAVE_PLTE|PNG_AFTER_IDAT. When the
chunk is written the position is set to the actual write location (effectively
the position is frozen.)
Signed-off-by: John Bowler <jbowler@acm.org>
This removes the side-effect on the png_struct palette of calling png_set_PLTE
or png_set_tRNS. NOTE: this is a quiet API change, it was possible before to
alter the palette on a PNG image by using png_set_PLTE, but this was unintended
and inconsistent with the other png_set APIs.
Fix a bug in palette index checking; png_struct::num_palette could, in
principle, get changed by the transformations (e.g. png_set_quantize) and this
would invalidate the check. The palette checking init function now makes a copy
of png_struct::num_palette.
Fix a bug in pngvalid error handling. A png_error in png_write_info is not
continuable (a valid image cannot necessarily be written afterward) because the
png_error aborts the write of subsequent pre-IDAT chunks. In particular an
abort as a result of a bogus colorspace information (gAMA, cHRM, sBIT etc)
prevents the write of the PLTE chunk.
Signed-off-by: John Bowler <jbowler@acm.org>
Unify the compression code so that inflate calls are localized to a common
routine. Ground work for filter selection support. Minor API changes to use
void* not byte* for data parameters. Unification of some of the compression
code with the decompression code; IDAT_size replaces IDAT_read_size and
zbuffer_size, IDAT reading and writing is no longer controlled by the size of
the compression buffer.
Signed-off-by: John Bowler <jbowler@acm.org>
This implements a new chunk parse implementation that can be shared, it
is currently shared by the progressive reader and the sequential one
(not, yet, the writer).
The patch also implements shared transform handling that is used
throughout.
Signed-off-by: John Bowler <jbowler@acm.org>
added RELEASE/!RELEASE convenience macros. png_muldiv_warn was used in
only one place, and the overflow condition is a genuine warning not
an internal error. Four macros allow code or function parameters to be
condition on RELEASE (or not) builds and tidy up the #ifdef handling of
functions.
Added 'assert' based overflow checking for debug builds for char
and short assignments. Simply ignore the error in release builds
(a truncated value will be used without warning). Controlled by
PNG_RANGE_CHECK_SUPPORTED.
seem to generate warnings when an unsigned value is implicitly
converted to double. This is probably a GCC bug but this change
avoids the issue by explicitly converting to (int) where safe.
Free all allocated memory in pngimage. The file buffer cache was left
allocated at the end of the program, harmless but it causes memory
leak reports from clang.
Fixed array size calculations to avoid warnings. At various points
in the code the number of elements in an array is calculated using
sizeof. This generates a compile time constant of type (size_t) which
is then typically assigned to an (unsigned int) or (int). Some versions
of GCC on 64-bit systems warn about the apparent narrowing, even though
the same compiler does apparently generate the correct, in-range,
numeric constant. This adds appropriate, safe, casts to make the
warnings go away.
Added "option READ_iCCP enables READ_COMPRESSED_TEXT" to pnglibconf.dfa
Removed unused "text_len" parameter from private function png_write_zTXt().
Conditionally compile some code in png_deflate_claim(), when
PNG_WARNINGS_SUPPORTED and PNG_ERROR_TEXT_SUPPORTED are disabled.
Replaced repeated code in pngpread.c with PNG_PUSH_SAVE_BUFFER_IF_FULL.
Added "chunk iTXt enables TEXT" and "chunk zTXt enables TEXT"
to pnglibconf.dfa.
Edit and fix typos in comments.
instead of png_chunk_report(), which by default issues a warning
rather than an error, leading to later reading from a NULL pointer
(png_ptr->palette) in png_do_expand_palette().
by earlier versions of GCC fixed for Cygwin and Min/GW (which both use old GCCs.)
ARM support is enabled by default in zlib.props (unsupported by Microsoft) and
ARM compilation is made possible by deleting the check for x86. The test programs
cannot be run because they are not signed.
sCAL APIs; some of these use floating point arithmetic so they need to be
disabled if floating point arithmetic is switched off. This is a quiet API
change - previously it appeared that the APIs were supported if fixed point
arithmetic was used internally, however they required certain APIs (floor,
modf, frexp, atof) that are part of C floating point support. Changed
png_fixed and the gamma code specific version of the same to avoid floor(),
which may be a library function (not an intrinsic). Removed unused #if 0
code.
png_malloc_default png_free_default.
Updated some left over "1.6.0beta32" in code sources.
Fixed a "png_structp" prototype (should be png_structrp) in arm_init.c
Updated the version-number hack in pngvalid.c
These changes cause 16-bit arithmetic to be used for 8-bit data in the gamma
corrected compose and grayscale operations. The arithmetic errors have
three sources all of which are fixed in this commit:
1) 8-bit linear calculations produce massive errors for lower intensity
values.
2) The old 16-bit "16 to 8" gamma table code erroneously wrote the lowest
output value into a table entry which corresponded to multiple output
values (so where the value written should have been the closest to the
transformed input value.)
3) In a number of cases the code to access the 16-bit table did not round;
it did a simple shift, which was wrong and made the side effects of (2)
even worse.
The new gamma code does not have the 16-to-8 problem at the cost of slighly
more calculations and the algorithm used to minimize the number of
calculations has been extended to all the 16-bit tables; it has advantages
for any significant gamma correction.
