The previous version produced a signed overflow as a result of both the
& 0xffff on the most significant bits of a negative argument; this
converted (-1) into 65535 which resulted in a subsequent overflow.
Since signed overflow is undefined in C90 the code has been modified to
correctly calculate a signed result. This requires changing the 'hi'
result parametr to a signed value.
This has been code reviewed solely by the author. A further code review
is highly desireable. Nevertheless the code compiles without warnings
from clang and without the prior detection of an overflow. Since it no
longer truncates any of the intermediate values this should be enough to
ensure that it is correct.
Signed-off-by: John Bowler <jbowler@acm.org>
Display user limits in the output from pngtest.
Eliminated the PNG_SAFE_LIMITS macro and restored the 1-million-column
and 1-million-row default limits in pnglibconf.dfa, that can be reset
by the user at build time or run time. This provides a more robust
defense against DOS and as-yet undiscovered overflows.
Various warnings revealed by configurations added to the tested
configurations in libpng 1.6 need corresponding fixes in libpng 1.5.
This takes the libpng 1.6 pngvalid.c and adds it back to libpng 1.5,
however one write-only test is currently disabled because it does not
work; possibly because of failures to reset or initialize the deflate
stream correctly in write-only cases.
(such as switching off read or write support) work in more cases. Also
upgraded pngtest and pngvalid to the libpng 1.6 versions (with some
modifications) which provide more extensive testing. Replaced pngtest.png
because pngtest writes the ancillary chunks in a different order.
is split out entirely to the arm subdirectory and changes to configure.ac and
Makefile.am to add new stuff are reduced. Now material code changes,
although for build test purposes, --enable-arm-neon now builds on non-ARM
systems.
Rebuilt Makefile.in, configure, etc., with autoconf-2.69 and automake-1.2.5.
Some compilers fault 'extern const' data declarations (because the data is
not initialized); this turns on const-ness only for compilers where
this is known to work.
using g++. The compiler imposes C++ rules on the C source; thus it
is desireable to make the source work with either C or C++ rules
without throwing away useful error information. This change adds
png_voidcast to allow C semantic (void*) cases or the corresponding
C++ static_cast operation, as appropriate.
