The internal read code change to stop sharing the palette was incompletely
implemented. The result is that unless palette index checking is turned off and
there are no read transformations the png_info palette gets deleted when the
png_struct is deleted. This is normally harmless (png_info gets deleted first)
but in the case of pngcp it results in use-after-free of the palette and,
therefore, palette corruption and maybe on some operating systems and access
violation.
This also updated pngcp 'search' mode to check a restricted range of memLevels;
there is an unrelated bug which means that lower zlib memLevels result in memory
corruption under some circumstances, probably less often than 1:1000.
Signed-off-by: John Bowler <jbowler@acm.org>
Also change the order of the 'level' and 'windowBits' searches to seach
windowBits first; this favours windowBits optimizations over compression level
ones on the basis that the latter should only affect the write code.
Signed-off-by: John Bowler <jbowler@acm.org>
This is still a work-in-progress but it seems fairly stable (if not exactly 100%
optimal). pngcp now allows 'all' for some options which iterates through all
possible settings (this reliably produces the smallest IDAT that libpng can
produce with those settings.) It also contains a --search command line option
which attempts to optimize this by skipping pointless tests; it is close, most
of the time, but not perfect.
Signed-off-by: John Bowler <jbowler@acm.org>
This adds code to iterate through the command line options when non-list options
have the 'all' parameter. Used to rapidly test the effect of different zlib
options.
Signed-off-by: John Bowler <jbowler@acm.org>
Also add an example program, pngcp.c, which illustrates the problem when used to
copy pngtest.png (the result is an invalid PNG because the tIME chunk is
duplicated.)
Signed-off-by: John Bowler <jbowler@acm.org>
