pngimage: The code simply exited with a return code of 99 in the event
of a user error including giving pngimage invalid PNG files and an
internal error. It now attempts to clean up the state before doing so,
matching the normal behaviour.
pngimage: Non-ISO use of setjmp(3) corrected.
pngerror.c: Failure to call png_image_free on a false result from a
png_safe_execute function call fixed. This was a regression caused by
the 'volatile' clean-up. Not normally detectable because png_image_free
will often be called by the application.
Reviewed-by: Cosmin Truta <ctruta@gmail.com>
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
The leading blank lines are apparently an artefact of an older source
control system. They are not required and they look like accidents,
because starting a source file with a blank line is not a regular habit
of software developers nowadays.
This is a cherry-pick of commit 37cc20add8fb5b83bb5299a26cd3b41e0f776017
from branch 'libpng18'.
Signed-off-by: John Bowler <jbowler@acm.org>
Signed-off-by: Cosmin Truta <ctruta@gmail.com>
`png_safe_execute` called `setjmp` in a context where the result was
undefined (an assignment statement). This corrects the code and removes
volatile statements that were introduced previously to quell warnings
from earlier versions of GCC.
Co-authored-by: John Bowler <jbowler@acm.org>
Mark the initialization of `png_signature[]` as static const inside the
function `png_sig_cmp`. This might be helpful to optimizing compilers.
Initialize the arrays `number_buf[]`, `digits[]` and `buffer[]` inside
the functions `png_convert_to_rfc1123_buffer`, `png_ascii_from_fixed`,
`png_warning_parameter_unsigned` and `png_warning_parameter_signed`.
Although these initializations are redundant, compilers such as gcc-13
fail to see the redundancy.
As per the const correctness rules, top-level const-ness of data
in automatic scopes does not propagate outside of these scopes
(unlike const-ness at lower levels, such as pointers to const data).
Previously, const was used liberally, but inconsistently across the
libpng codebase. Using const wherever applicable is not incorrect.
However, _consistent_ use of const is difficult to maintain in such
conditions.
In conclusion, we shall continue to use const only where doing so is
strictly necessary:
1. If a function guarantees that it will not modify an argument
passed by pointer, the corresponding function parameter should be
a pointer-to-const (const T *).
2. Static data should not be modified, therefore it should be const.
Reference:
Google C++ Style Guide
https://google.github.io/styleguide/cppguide.html#Use_of_const
In v1.6.0, compiler support for const became a requirement.
It should be used consistently. To maintain backwards compatibility,
PNG_CONST is still maintained in deprecated form.
result when integers appear on both sides of a compare. Worked around the
others by forcing the strict-overflow setting in the relevant functions to
a level where they are not reported.
Changed "FALL THROUGH" comments to "FALLTHROUGH" because GCC doesn't like
the space.
Worked around some C-style casts from (void*) because g++ 5.4.0 objects
to them.
Increased the buffer size for 'sprint' to pass the gcc 7.1.0 'sprint
overflow' check that is on by default with -Wall -Wextra.
configurations don't build because of missing contrib/libtests test programs
and overly complex dependencies in scripts/pnglibconf.dfa. This change adds
contrib/conftest/*.dfa files that can be used in automatic build
scripts to ensure that these configurations continue to build.
