Embarcadero's compilers, old (Borland-based) and new (Clang-based),
do have full support for Standard C. The Clang-based compiler is
claiming, through the macro __STDC_VERSION__, to support C99 and C11,
whereas the Borland-based compiler supports ANSI C, as it has for
decades.
However, their run-time library is exposing global functions beyond
the scope of Standard C, for backwards compatibility with the older
Borland products. One of these functions is `randomize`, which clashes
with a function inside pngvalid.c that incidentally has the same name.
Building libpng in "Strict ANSI C" mode, in which all Borland-specific
globals are hidden (e.g. via `bcc32 -A`), would have been a workable
solution for the Borland-based ANSI C compiler, but no such solution
appears to exist for the Clang-based C90/C99/C11 compiler.
Fortunately, renaming a private function inside a test program is a
cost-free alternative fix.
This is a cherry-pick of commit 6184164aa73ee764b1822f44d3db7619cf84f3fa
from branch 'libpng18'.
Disable the check on `interlace_method` inside function `compare_read`
in pngimage.c, if WRITE_INTERLACING is not supported.
If interlaced encoding is disabled inside libpng, the encoded images
are non-interlaced silently and unconditionally. This commit updates
the image comparison to skip the interlace check in the resultant
image; other behavior is still checked.
This is a cherry-pick of commit d9f13d8d846e08b00f6530b7a5fe07039d48c78d
from branch 'libpng18'.
Reviewed-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
The leading blank lines are apparently an artefact of an older source
control system. They are not required and they look like accidents,
because starting a source file with a blank line is not a regular habit
of software developers nowadays.
This is a cherry-pick of commit 37cc20add8fb5b83bb5299a26cd3b41e0f776017
from branch 'libpng18'.
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
This corrects the checks to that libpng 10800 does not turn on the
enhanced transform checks in either pngvalid or pngstest. The correct
fix is to change the 10700 code for comments which explain what aspect
or aspects of the transforms are broken (ideally) or at least state that
the transforms are broken.
This is a cherry-pick of commit aec888ab80f5d2241b3515b60f0f9337108fb624
from branch 'libpng18'.
Reviewed-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
This reverts commit b7276eca0182bb6ad174ef044bb5f6f0504451af.
Although the brand new pngfuzz repo is coming up next, it turned out
that the deletion of contrib/oss-fuzz/ from the 'libpng16' branch was
premature. (Oopsie!)
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
Also add an .editorconfig-checker.json file. We need to instruct the
editorconfig-checker program to skip the checks for the indent size.
(As of this commit time, editorconfig-checker is too rigid to recognize
"smart indentations".)
This is a cherry-pick of commit 67c99f75cf05b354f89c01c8fc15948300e84143
from branch 'libpng18'.
Co-authored-by: John Bowler <jbowler@acm.org>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
A new repository named "pngfuzz", dedicated to fuzz testing PNG
processing software in general and libpng in particular, has been
created:
https://github.com/pnggroup/pngfuzz
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
We used this experimental project in the development of the PNG-EXIF
("eXIf") specification, back in 2017. The project evolved together
with the draft specification, which was finalized on 2017-Jun-15 and
approved by the PNG Group on 2017-Jul-13.
The EXIF specification, outside of the scope of PNG and libpng, is
quite complex. The libpng implementation cannot grow too much beyond
performing basic integrity checks on top of serialization. In order
to create and manipulate PNG-EXIF image files, the use of external
libraries and tools such as ExifTool is necessary.
Now, with the addition of contrib/pngexif to the libpng repository,
offline tasks like metadata inspection and linting can be performed
without importing external dependencies.
This adds a new configuration file, 'contrib/conftest/basic.dfa' which
disables unused APIs on a test Linux-based system. So support the
configuration several fixes were necessary in the test programs so that
the tests are skipped correctly when APIs are not available.
The configuration has been tested on a range of common Linux apps
including web browser code (qtwebengine), image processing code (e.g.
ImageMagick) and general display code (X11, Qt5 and Qt6, KDE). Overall
this first step reduces libpng linked code and data size to about 2/3 of
the full configuration.
To use the new test simply copy basic.dfa to 'pngusr.dfa' in the root of
the source directory and build.
Signed-off-by: John Bowler <jbowler@acm.org>
This corrects contrib/testpngs/badpal/regression-palette-8.png. Despite
the comment in commit da109d3e the file checked in had 255 PLTE entries
so failed to perform the regression test. This version of the PNG has
254 entries.
Signed-off-by: John Bowler <jbowler@acm.org>
This adds a file to regression-test the previously introduced off-by-one
error in the check on read for a colormapped PNG with an out-of-range
index (equal or greater than the length of the PLTE).
Previous tests covered all cases except the 8-bit palette case; the
"small" test file contains the "bad" entry at index 254, not 255 so it
passes even if the final byte is not checked. The new file has the
erroneous entry in the last byte.
Signed-off-by: John Bowler <jbowler@acm.org>
The PNG IDAT did not include a '255' entry, the highest entry is '254',
this corrects the test PNG to have a palette with only 254 entries so
that it triggers the palette index checks.
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
The palette index checking function is called by default but only if
some *other* transformation is happening. This makes the 'get palette
max' public API disfunctional (sometimes it works, sometimes it returns
0) and causes the supposed default behaviour of checking the palette
index only to work sometimes. It works in pngtest, it doesn't work in
pngcp.
The check in pngread also has an off-by-one error; the number recorded
is the highest index found so it should be checked to ensure that it is
less than the palette length but it was checked for being greater.
The pull request includes a set of 8 files which all have the full range
of possible indices including one (the highest) which is invalid because
the PLTE chunk is one short of the maximum for each bit depth.
Signed-off-by: John Bowler <jbowler@acm.org>
Previously pngfix had been made warning-free in GCC7.1 by marking auto
variables (volatile). This prevented the arithmetic optimizations which
caused warnings from GCC7.1 with higher values -Wstrict-overflow=<n>
GCC has moved on a lot since 7.1 and pngfix.c now compiles with just one
warning using -Wstrict-overflow=5. The change includes a change to make
this go away by performing the rearrangement GCC was using in the code:
i == ndigits-1
becomes:
i+1 == ndigits
i is initialized to ndigits and has been decremented at least once so
this is fine.
Test, configure:
CFLAGS="-Wall -Wextra -Wno-maybe-uninitialized -Wstrict-overflow=5" \
../configure --enable-werror
make
make cehck
Test, cmake:
cmake ..
make
make test
Signed-off-by: John Bowler <jbowler@acm.org>
Prior versons of the GCC warned about the 'dest' parameter of
contrib/tools/pngcp.c not being volatile, which isn't necessary because
it isn't modified. This removes the GCC specific fixup.
The function which calls setjmp, cppng() also relied on undefined
behavior because it assigned the result of setjmp() to a variable; this
is not one of the four uses of setjmp permitted by ANSI-C. This passes
the result previously returned by longjmp via (struct display). It's
very very unlikely that any compiler could have got the code wrong but
it is technically undefined.
Defer the program termination on error until all files are closed and
(if applicable) all incompletely-written output files are deleted.
In addition, perform the following maintenance tasks:
* Rename and document the internal helpers used by the functions
`png2pnm` and `pnm2png`.
* Unset the executable permission bits for the *.bat test programs.
The pngminus programs use several PNG image transformations:
`png_set_expand`, `png_set_expand_1_2_4_to_8`, etc. (in png2pnm.c);
`png_set_packing`, `png_set_invert_mono`, etc. (in pnm2png.c).
The availability of all of these transformations in libpng is now
required at compile time.
On the topic of transformations, apply an unrelated fix to the use
of `png_set_gamma`.
Improve and modernize png2pnm.c:
* Remove the explicit reading of the input PNG file signature.
Libpng is now able to read it, check it, and issue an appropriate
error message in case of magic number mismatch or file corruption.
(See the function `png_read_sig`.)
* Remove the explicit allocation and dealocation of the image data.
Libpng is now able to manage all the image data automatically.
(See the function `png_read_png`.)
* Specify the needed image transformations without a-priori checking
the image type for applicability.
* Use the `png_set_expand_gray_1_2_4_to_8` transformation.
Since libpng version 1.2.9, this transformation (if needed) must
be enabled separately from `png_set_expand`.
Improve and modernize pnm2png.c:
* Modify the allocation of image data, in order to match libpng's
internal allocation model.
* Transfer the ownership of the image data from the `pnm2png` function
to libpng, which will manage and dealocate it at the right time.
(See the functions `png_set_image_rows` and `png_data_freer`.)
Refactor, clean up, etc.
Improve png2pnm.c:
* Add support for writing 16-bit raw PNM image files.
Fix and improve pnm2png.c:
* Add support for reading 16-bit raw PNM image files.
* Fix the parsing of arbitrarily long numeric strings.
In the parsing of PNM tokens, we can and we should avoid storing
more than one leading '0' in the token buffer. All valid (in-range)
numeric strings must fit in this limited-size buffer, regardless of
their actual length in the input file.
* Refactor the PNM parsing in order to make it more capable to handle
various kinds of input file errors.
* Remove the volatile qualifiers from all variable declarations.
Their original purpose was to appease old (and incorrect) warnings
issued by ancient optimizing compilers.
* Print a note about the program's lack of support for the PAM ("P7")
file format when the input is in this format.
* Add FIXME notes about the need to signal incorrect or incomplete
input files. (For png2pnm, this is done inside libpng.)
Raise the minimum required CMake version to 3.5.
Add the configuration option `PNGMINUS_USE_SYSTEM_PNG` for compiling
and linking with the system libpng library instead of the internal one.
Remove the old configuration option `PNGMINUS_USE_STATIC_LIBRARIES`.
When using the internal libpng (via `PNGMINUS_USE_SYSTEM_PNG=OFF`),
simply enforce static linking and produce single-file executables.
Rename the scripts "png2pnm.sh" (etc.) to "test_png2pnm.sh" (etc.),
to make it obvious that they are test drivers, not program launchers.
Add a .gitignore file for project-specific build and test artifacts.
This reverts the code to a variant of my old style of doing an 'fclose'
correctly and adds comments explaining why it is so difficult. Thanks
to @ihsinme for pointing out the error on github.com
Signed-off-by: John Bowler <jbowler@acm.org>
makepngs.sh relies on a Bash feature in one of its case statements,
";;&"; this should be made explicit in the shebang.
intgamma.sh declares a function in a manner which may fail in non-Bash
sh implementations, this patch uses the correct syntax.
Based on a patch by Roflcopter4:
https://github.com/joncampbell123/dosbox-x/pull/3850
Signed-off-by: Stephen Kitt <steve@sk2.org>
The old implementation of png_have_msa() caused a bus error,
if a word in /proc/cpuinfo was longer than 10 characters.
In the original implementation, `word[10]` was too short, and
`word[i++] = ch` caused a stack smash if the characters between
spaces were more than 10.
And also, fclose(f) should be called before leaving.
For example on loongson ls3a4000 cpu platform:
$ cat /proc/cpuinfo
system type : Generic Loongson64 System
machine : loongson,loongson64g-4core-ls7a
processor : 0
cpu model : ICT Loongson-3 V0.1 FPU V0.1
BogoMIPS : 3594.02
wait instruction : yes
microsecond timers : yes
tlb_entries : 2112
extra interrupt vector : no
hardware watchpoint : no
isa : mips1 mips2 mips3 mips4 mips5 mips32r1 mips32r2 mips64r1 mips64r2
ASEs implemented : vz msa loongson-mmi loongson-cam loongson-ext loongson-ext2
shadow register sets : 1
kscratch registers : 6
package : 0
core : 0
VCED exceptions : not available
VCEI exceptions : not available
processor : 1
cpu model : ICT Loongson-3 V0.1 FPU V0.1
BogoMIPS : 3611.26
wait instruction : yes
microsecond timers : yes
tlb_entries : 2112
extra interrupt vector : no
hardware watchpoint : no
isa : mips1 mips2 mips3 mips4 mips5 mips32r1 mips32r2 mips64r1 mips64r2
ASEs implemented : vz msa loongson-mmi loongson-cam loongson-ext loongson-ext2
shadow register sets : 1
kscratch registers : 6
package : 0
core : 1
VCED exceptions : not available
VCEI exceptions : not available
Co-authored-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: Sui Jingfeng <15330273260@189.cn>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
Remove all remaining "last changed" version info from source comments.
(The version control system maintains this information automatically.)
Delete the trailing whitespace characters.
With the caveat that oss-fuzz needs a full sync with upstream, here
are the changes applied to our old copy:
* Add a missing #include directive.
* Remove the "last changed" version info.
* Clean up the trailing whitespace.
Co-authored-by: Ilya Yegorov <hkctkuy@gmail.com>
Co-authored-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
Rename contrib/tools/chkfmt to contrib/tools/chkfmt.sh; refactor:
* Increase the max line length for contrib/**/*.[ch] from 96 to 100.
* Set the max line length for ci_*.sh to 100.
* Use `basename $0` instead of the hard-coded script name.
* Update comments.
Remove contrib/tools/reindent. For automated code formatting, including
indentation, we need a robust solution.
Add an empty line after the hashbang line in all scripts.
Remove the "last changed" version info from comment headers.
(The version control system maintains this information automatically.)
pngimage.c:
Initialize sig_bits on a NOTREACHED path to avoid warnings about using
uninitialized variables.
pngstest.c:
Enlarge buffers and fix signedness to avoid legitimate warnings about
potential buffer overflows.
pngunknown.c:
pngvalid.c:
Use NULL instead of 0 for pointers and apply other style fixes.
makepng.c:
tarith.c:
Apply various style fixes.
Also remove the "last changed" version info from source comments.
The version control system maintains this information automatically.
I got a warning while compiling under Ubuntu 18.04 and gcc 7.4:
"__BSD_SOURCE and _SVID_SOURCE are deprecated, use _DEFAULT_SOURCE"
Quote from the Linux Programmer's Manual:
"To allow code that requires _BSD_SOURCE in glibc 2.19 and earlier and
_DEFAULT_SOURCE in glibc 2.20 and later to compile without warnings,
define both _BSD_SOURCE and _DEFAULT_SOURCE."
This adds the custom malloc/free functions from the old
libpng_read_fuzzer to the upstream fuzzer to prevent clusterfuzz
running into OOM.
Bug: https://bugs.chromium.org/p/chromium/issues/detail?id=904054
Contributed-by: Christopher Thompson <cthomp@chromium.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
If a zlib source tree exists besides the libpng source tree in the
same parent directory, the pngminus build may fail, unless the zlib
tree is built fully. In order to avoid this failing scenario, do not
use the custom-built zlib by default.
(The custom-built zlib is still necessary on platforms that lack a
system-built zlib.)
Change the license to MIT.
Move the license text from the source files to a LICENSE file.
Move the change log from the source files to a CHANGES file.
Delete the Turbo C makefile and simplify the Linux makefile heavily.
Create explicitly named static and shared executables in the makefile.
Refresh the README file a bit from the twenty year old one.
Signed-off-by: Willem van Schaik <willem@schaik.com>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
