mirror of
				https://git.code.sf.net/p/libpng/code.git
				synced 2025-07-10 18:04:09 +02:00 
			
		
		
		
	 f23b41d7b1
			
		
	
	
		f23b41d7b1
		
	
	
	
	
		
			
			Some are user facing. Some are in actual code. Most are in source comments. Also, please double check the changes in contrib/tools/pngfix.c
		
			
				
	
	
		
			4050 lines
		
	
	
		
			127 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
			
		
		
	
	
			4050 lines
		
	
	
		
			127 KiB
		
	
	
	
		
			C
		
	
	
	
	
	
| /* pngfix.c
 | |
|  *
 | |
|  * Last changed in libpng 1.6.31 [July 27, 2017]
 | |
|  * Copyright (c) 2014-2017 John Cunningham Bowler
 | |
|  *
 | |
|  * This code is released under the libpng license.
 | |
|  * For conditions of distribution and use, see the disclaimer
 | |
|  * and license in png.h
 | |
|  *
 | |
|  * Tool to check and fix the zlib inflate 'too far back' problem.
 | |
|  * See the usage message for more information.
 | |
|  */
 | |
| #include <stdlib.h>
 | |
| #include <stdio.h>
 | |
| #include <string.h>
 | |
| #include <ctype.h>
 | |
| #include <limits.h>
 | |
| #include <errno.h>
 | |
| #include <assert.h>
 | |
| 
 | |
| #define implies(x,y) assert(!(x) || (y))
 | |
| 
 | |
| #ifdef __GNUC__
 | |
|    /* This is used to fix the error:
 | |
|     *
 | |
|     * pngfix.c:
 | |
|     * In function 'zlib_advance':
 | |
|     * pngfix.c:181:13: error: assuming signed overflow does not
 | |
|     *   occur when simplifying conditional to constant [-Werror=strict-overflow]
 | |
|     */
 | |
| #  define FIX_GCC volatile
 | |
| #else
 | |
| #  define FIX_GCC
 | |
| #endif
 | |
| 
 | |
| #define PROGRAM_NAME "pngfix"
 | |
| 
 | |
| /* Define the following to use this program against your installed libpng,
 | |
|  * rather than the one being built here:
 | |
|  */
 | |
| #ifdef PNG_FREESTANDING_TESTS
 | |
| #  include <png.h>
 | |
| #else
 | |
| #  include "../../png.h"
 | |
| #endif
 | |
| 
 | |
| #if PNG_LIBPNG_VER < 10603 /* 1.6.3 */
 | |
| #  error "pngfix will not work with libpng prior to 1.6.3"
 | |
| #endif
 | |
| 
 | |
| #ifdef PNG_SETJMP_SUPPORTED
 | |
| #include <setjmp.h>
 | |
| 
 | |
| #if defined(PNG_READ_SUPPORTED) && defined(PNG_EASY_ACCESS_SUPPORTED) &&\
 | |
|    (defined(PNG_READ_DEINTERLACE_SUPPORTED) ||\
 | |
|     defined(PNG_READ_INTERLACING_SUPPORTED))
 | |
| 
 | |
| /* zlib.h defines the structure z_stream, an instance of which is included
 | |
|  * in this structure and is required for decompressing the LZ compressed
 | |
|  * data in PNG files.
 | |
|  */
 | |
| #ifndef ZLIB_CONST
 | |
|    /* We must ensure that zlib uses 'const' in declarations. */
 | |
| #  define ZLIB_CONST
 | |
| #endif
 | |
| #include <zlib.h>
 | |
| #ifdef const
 | |
|    /* zlib.h sometimes #defines const to nothing, undo this. */
 | |
| #  undef const
 | |
| #endif
 | |
| 
 | |
| /* zlib.h has mediocre z_const use before 1.2.6, this stuff is for compatibility
 | |
|  * with older builds.
 | |
|  */
 | |
| #if ZLIB_VERNUM < 0x1260
 | |
| #  define PNGZ_MSG_CAST(s) constcast(char*,s)
 | |
| #  define PNGZ_INPUT_CAST(b) constcast(png_bytep,b)
 | |
| #else
 | |
| #  define PNGZ_MSG_CAST(s) (s)
 | |
| #  define PNGZ_INPUT_CAST(b) (b)
 | |
| #endif
 | |
| 
 | |
| #ifndef PNG_MAXIMUM_INFLATE_WINDOW
 | |
| #  error "pngfix not supported in this libpng version"
 | |
| #endif
 | |
| 
 | |
| #if ZLIB_VERNUM >= 0x1240
 | |
| 
 | |
| /* Copied from pngpriv.h */
 | |
| #ifdef __cplusplus
 | |
| #  define voidcast(type, value) static_cast<type>(value)
 | |
| #  define constcast(type, value) const_cast<type>(value)
 | |
| #  define aligncast(type, value) \
 | |
|    static_cast<type>(static_cast<void*>(value))
 | |
| #  define aligncastconst(type, value) \
 | |
|    static_cast<type>(static_cast<const void*>(value))
 | |
| #else
 | |
| #  define voidcast(type, value) (value)
 | |
| #  define constcast(type, value) ((type)(value))
 | |
| #  define aligncast(type, value) ((void*)(value))
 | |
| #  define aligncastconst(type, value) ((const void*)(value))
 | |
| #endif /* __cplusplus */
 | |
| 
 | |
| #if PNG_LIBPNG_VER < 10700
 | |
| /* Chunk tags (copied from pngpriv.h) */
 | |
| #define PNG_32b(b,s) ((png_uint_32)(b) << (s))
 | |
| #define PNG_U32(b1,b2,b3,b4) \
 | |
|    (PNG_32b(b1,24) | PNG_32b(b2,16) | PNG_32b(b3,8) | PNG_32b(b4,0))
 | |
| 
 | |
| /* Constants for known chunk types. */
 | |
| #define png_IDAT PNG_U32( 73,  68,  65,  84)
 | |
| #define png_IEND PNG_U32( 73,  69,  78,  68)
 | |
| #define png_IHDR PNG_U32( 73,  72,  68,  82)
 | |
| #define png_PLTE PNG_U32( 80,  76,  84,  69)
 | |
| #define png_bKGD PNG_U32( 98,  75,  71,  68)
 | |
| #define png_cHRM PNG_U32( 99,  72,  82,  77)
 | |
| #define png_fRAc PNG_U32(102,  82,  65,  99) /* registered, not defined */
 | |
| #define png_gAMA PNG_U32(103,  65,  77,  65)
 | |
| #define png_gIFg PNG_U32(103,  73,  70, 103)
 | |
| #define png_gIFt PNG_U32(103,  73,  70, 116) /* deprecated */
 | |
| #define png_gIFx PNG_U32(103,  73,  70, 120)
 | |
| #define png_hIST PNG_U32(104,  73,  83,  84)
 | |
| #define png_iCCP PNG_U32(105,  67,  67,  80)
 | |
| #define png_iTXt PNG_U32(105,  84,  88, 116)
 | |
| #define png_oFFs PNG_U32(111,  70,  70, 115)
 | |
| #define png_pCAL PNG_U32(112,  67,  65,  76)
 | |
| #define png_pHYs PNG_U32(112,  72,  89, 115)
 | |
| #define png_sBIT PNG_U32(115,  66,  73,  84)
 | |
| #define png_sCAL PNG_U32(115,  67,  65,  76)
 | |
| #define png_sPLT PNG_U32(115,  80,  76,  84)
 | |
| #define png_sRGB PNG_U32(115,  82,  71,  66)
 | |
| #define png_sTER PNG_U32(115,  84,  69,  82)
 | |
| #define png_tEXt PNG_U32(116,  69,  88, 116)
 | |
| #define png_tIME PNG_U32(116,  73,  77,  69)
 | |
| #define png_tRNS PNG_U32(116,  82,  78,  83)
 | |
| #define png_zTXt PNG_U32(122,  84,  88, 116)
 | |
| #endif
 | |
| 
 | |
| /* The 8-byte signature as a pair of 32-bit quantities */
 | |
| #define sig1 PNG_U32(137,  80,  78,  71)
 | |
| #define sig2 PNG_U32( 13,  10,  26,  10)
 | |
| 
 | |
| /* Is the chunk critical? */
 | |
| #define CRITICAL(chunk) (((chunk) & PNG_U32(32,0,0,0)) == 0)
 | |
| 
 | |
| /* Is it safe to copy? */
 | |
| #define SAFE_TO_COPY(chunk) (((chunk) & PNG_U32(0,0,0,32)) != 0)
 | |
| 
 | |
| /* Fix ups for builds with limited read support */
 | |
| #ifndef PNG_ERROR_TEXT_SUPPORTED
 | |
| #  define png_error(a,b) png_err(a)
 | |
| #endif
 | |
| 
 | |
| /********************************* UTILITIES **********************************/
 | |
| /* UNREACHED is a value to cause an assert to fail. Because of the way the
 | |
|  * assert macro is written the string "UNREACHED" is produced in the error
 | |
|  * message.
 | |
|  */
 | |
| #define UNREACHED 0
 | |
| 
 | |
| /* 80-bit number handling - a PNG image can be up to (2^31-1)x(2^31-1) 8-byte
 | |
|  * (16-bit RGBA) pixels in size; that's less than 2^65 bytes or 2^68 bits, so
 | |
|  * arithmetic of 80-bit numbers is sufficient.  This representation uses an
 | |
|  * arbitrary length array of png_uint_16 digits (0..65535).  The representation
 | |
|  * is little endian.
 | |
|  *
 | |
|  * The arithmetic functions take zero to two uarb values together with the
 | |
|  * number of digits in those values and write the result to the given uarb
 | |
|  * (always the first argument) returning the number of digits in the result.
 | |
|  * If the result is negative the return value is also negative (this would
 | |
|  * normally be an error).
 | |
|  */
 | |
| typedef png_uint_16  udigit; /* A 'unum' is an array of these */
 | |
| typedef png_uint_16p uarb;
 | |
| typedef png_const_uint_16p uarbc;
 | |
| 
 | |
| #define UDIGITS(unum) ((sizeof unum)/(sizeof (udigit))
 | |
|    /* IMPORTANT: only apply this to an array, applied to a pointer the result
 | |
|     * will typically be '2', which is not useful.
 | |
|     */
 | |
| 
 | |
| static int
 | |
| uarb_set(uarb result, png_alloc_size_t val)
 | |
|    /* Set (initialize) 'result' to 'val'.  The size required for 'result' must
 | |
|     * be determined by the caller from a knowledge of the maximum for 'val'.
 | |
|     */
 | |
| {
 | |
|    int ndigits = 0;
 | |
| 
 | |
|    while (val > 0)
 | |
|    {
 | |
|       result[ndigits++] = (png_uint_16)(val & 0xffff);
 | |
|       val >>= 16;
 | |
|    }
 | |
| 
 | |
|    return ndigits;
 | |
| }
 | |
| 
 | |
| static int
 | |
| uarb_copy(uarb to, uarb from, int idigits)
 | |
|    /* Copy a uarb, may reduce the digit count */
 | |
| {
 | |
|    int d, odigits;
 | |
| 
 | |
|    for (d=odigits=0; d<idigits; ++d)
 | |
|       if ((to[d] = from[d]) != 0)
 | |
|          odigits = d+1;
 | |
| 
 | |
|    return odigits;
 | |
| }
 | |
| 
 | |
| static int
 | |
| uarb_inc(uarb num, int in_digits, png_int_32 add)
 | |
|    /* This is a signed 32-bit add, except that to avoid overflow the value added
 | |
|     * or subtracted must be no more than 2^31-65536.  A negative result
 | |
|     * indicates a negative number (which is an error below).  The size of
 | |
|     * 'num' should be max(in_digits+1,2) for arbitrary 'add' but can be just
 | |
|     * in_digits+1 if add is known to be in the range -65535..65535.
 | |
|     */
 | |
| {
 | |
|    FIX_GCC int out_digits = 0;
 | |
| 
 | |
|    while (out_digits < in_digits)
 | |
|    {
 | |
|       add += num[out_digits];
 | |
|       num[out_digits++] = (png_uint_16)(add & 0xffff);
 | |
|       add >>= 16;
 | |
|    }
 | |
| 
 | |
|    while (add != 0 && add != (-1))
 | |
|    {
 | |
|       num[out_digits++] = (png_uint_16)(add & 0xffff);
 | |
|       add >>= 16;
 | |
|    }
 | |
| 
 | |
|    if (add == 0)
 | |
|    {
 | |
|       while (out_digits > 0 && num[out_digits-1] == 0)
 | |
|          --out_digits;
 | |
|       return out_digits; /* may be 0 */
 | |
|    }
 | |
| 
 | |
|    else /* negative result */
 | |
|    {
 | |
|       while (out_digits > 1 && num[out_digits-1] == 0xffff)
 | |
|          --out_digits;
 | |
| 
 | |
|       return -out_digits;
 | |
|    }
 | |
| }
 | |
| 
 | |
| static int
 | |
| uarb_add32(uarb num, int in_digits, png_uint_32 add)
 | |
|    /* As above but this works with any 32-bit value and only does 'add' */
 | |
| {
 | |
|    if (in_digits > 0)
 | |
|    {
 | |
|       in_digits = uarb_inc(num, in_digits, add & 0xffff);
 | |
|       return uarb_inc(num+1, in_digits-1, add >> 16)+1;
 | |
|    }
 | |
| 
 | |
|    return uarb_set(num, add);
 | |
| }
 | |
| 
 | |
| static int
 | |
| uarb_mult_digit(uarb acc, int a_digits, uarb num, FIX_GCC int n_digits,
 | |
|    png_uint_16 val)
 | |
|    /* Primitive one-digit multiply - 'val' must be 0..65535. Note that this
 | |
|     * primitive is a multiply and accumulate - the result of *num * val is added
 | |
|     * to *acc.
 | |
|     *
 | |
|     * This is a one-digit multiply, so the product may be up to one digit longer
 | |
|     * than 'num', however the add to 'acc' means that the caller must ensure
 | |
|     * that 'acc' is at least one digit longer than this *and* at least one digit
 | |
|     * longer than the current length of 'acc'.  (Or the caller must otherwise
 | |
|     * ensure 'adigits' is adequate from knowledge of the values.)
 | |
|     */
 | |
| {
 | |
|    /* The digits in *acc, *num and val are in the range 0..65535, so the
 | |
|     * result below is at most (65535*65535)+2*65635 = 65535*(65535+2), which is
 | |
|     * exactly 0xffffffff.
 | |
|     */
 | |
|    if (val > 0 && n_digits > 0) /* Else the product is 0 */
 | |
|    {
 | |
|       png_uint_32 carry = 0;
 | |
|       int out_digits = 0;
 | |
| 
 | |
|       while (out_digits < n_digits || carry > 0)
 | |
|       {
 | |
|          if (out_digits < a_digits)
 | |
|             carry += acc[out_digits];
 | |
| 
 | |
|          if (out_digits < n_digits)
 | |
|             carry += (png_uint_32)num[out_digits] * val;
 | |
| 
 | |
|          acc[out_digits++] = (png_uint_16)(carry & 0xffff);
 | |
|          carry >>= 16;
 | |
|       }
 | |
| 
 | |
|       /* So carry is 0 and all the input digits have been consumed. This means
 | |
|        * that it is possible to skip any remaining digits in acc.
 | |
|        */
 | |
|       if (out_digits > a_digits)
 | |
|          return out_digits;
 | |
|    }
 | |
| 
 | |
|    return a_digits;
 | |
| }
 | |
| 
 | |
| static int
 | |
| uarb_mult32(uarb acc, int a_digits, uarb num, int n_digits, png_uint_32 val)
 | |
|    /* calculate acc += num * val, 'val' may be any 32-bit value, 'acc' and 'num'
 | |
|     * may be any value, returns the number of digits in 'acc'.
 | |
|     */
 | |
| {
 | |
|    if (n_digits > 0 && val > 0)
 | |
|    {
 | |
|       a_digits = uarb_mult_digit(acc, a_digits, num, n_digits,
 | |
|          (png_uint_16)(val & 0xffff));
 | |
| 
 | |
|       val >>= 16;
 | |
|       if (val > 0)
 | |
|          a_digits = uarb_mult_digit(acc+1, a_digits-1, num, n_digits,
 | |
|             (png_uint_16)val) + 1;
 | |
| 
 | |
|       /* Because n_digits and val are >0 the following must be true: */
 | |
|       assert(a_digits > 0);
 | |
|    }
 | |
| 
 | |
|    return a_digits;
 | |
| }
 | |
| 
 | |
| static int
 | |
| uarb_shift(uarb inout, int ndigits, unsigned int right_shift)
 | |
|    /* Shift inout right by right_shift bits, right_shift must be in the range
 | |
|     * 1..15
 | |
|     */
 | |
| {
 | |
|    FIX_GCC int i = ndigits;
 | |
|    png_uint_16 carry = 0;
 | |
| 
 | |
|    assert(right_shift >= 1 && right_shift <= 15);
 | |
| 
 | |
|    while (--i >= 0)
 | |
|    {
 | |
|       png_uint_16 temp = (png_uint_16)(carry | (inout[i] >> right_shift));
 | |
| 
 | |
|       /* Bottom bits to top bits of carry */
 | |
|       carry = (png_uint_16)((inout[i] << (16-right_shift)) & 0xffff);
 | |
| 
 | |
|       inout[i] = temp;
 | |
| 
 | |
|       /* The shift may reduce ndigits */
 | |
|       if (i == ndigits-1 && temp == 0)
 | |
|          ndigits = i;
 | |
|    }
 | |
| 
 | |
|    return ndigits;
 | |
| }
 | |
| 
 | |
| static int
 | |
| uarb_cmp(uarb a, int adigits, uarb b, int bdigits)
 | |
|    /* Return -1/0/+1 according as a<b/a==b/a>b */
 | |
| {
 | |
|    if (adigits < bdigits)
 | |
|       return -1;
 | |
| 
 | |
|    if (adigits > bdigits)
 | |
|       return 1;
 | |
| 
 | |
|    while (adigits-- > 0)
 | |
|       if (a[adigits] < b[adigits])
 | |
|          return -1;
 | |
| 
 | |
|       else if (a[adigits] > b[adigits])
 | |
|          return 1;
 | |
| 
 | |
|    return 0;
 | |
| }
 | |
| 
 | |
| #if 0 /*UNUSED*/
 | |
| static int
 | |
| uarb_eq32(uarb num, int digits, png_uint_32 val)
 | |
|    /* Return true if the uarb is equal to 'val' */
 | |
| {
 | |
|    switch (digits)
 | |
|    {
 | |
|       case 0:  return val == 0;
 | |
|       case 1:  return val == num[0];
 | |
|       case 2:  return (val & 0xffff) == num[0] && (val >> 16) == num[1];
 | |
|       default: return 0;
 | |
|    }
 | |
| }
 | |
| #endif
 | |
| 
 | |
| static void
 | |
| uarb_printx(uarb num, int digits, FILE *out)
 | |
|    /* Print 'num' as a hexadecimal number (easier than decimal!) */
 | |
| {
 | |
|    while (digits > 0)
 | |
|       if (num[--digits] > 0)
 | |
|       {
 | |
|          fprintf(out, "0x%x", num[digits]);
 | |
| 
 | |
|          while (digits > 0)
 | |
|             fprintf(out, "%.4x", num[--digits]);
 | |
|       }
 | |
| 
 | |
|       else if (digits == 0) /* the number is 0 */
 | |
|          fputs("0x0", out);
 | |
| }
 | |
| 
 | |
| static void
 | |
| uarb_print(uarb num, int digits, FILE *out)
 | |
|    /* Prints 'num' as a decimal if it will fit in an unsigned long, else as a
 | |
|     * hexadecimal number.  Notice that the results vary for images over 4GByte
 | |
|     * in a system dependent way, and the hexadecimal form doesn't work very well
 | |
|     * in awk script input.
 | |
|     *
 | |
|     *
 | |
|     * TODO: write uarb_div10
 | |
|     */
 | |
| {
 | |
|    if (digits * sizeof (udigit) > sizeof (unsigned long))
 | |
|       uarb_printx(num, digits, out);
 | |
| 
 | |
|    else
 | |
|    {
 | |
|       unsigned long n = 0;
 | |
| 
 | |
|       while (digits > 0)
 | |
|          n = (n << 16) + num[--digits];
 | |
| 
 | |
|       fprintf(out, "%lu", n);
 | |
|    }
 | |
| }
 | |
| 
 | |
| /* Generate random bytes.  This uses a boring repeatable algorithm and it
 | |
|  * is implemented here so that it gives the same set of numbers on every
 | |
|  * architecture.  It's a linear congruential generator (Knuth or Sedgewick
 | |
|  * "Algorithms") but it comes from the 'feedback taps' table in Horowitz and
 | |
|  * Hill, "The Art of Electronics" (Pseudo-Random Bit Sequences and Noise
 | |
|  * Generation.)
 | |
|  *
 | |
|  * (Copied from contrib/libtests/pngvalid.c)
 | |
|  */
 | |
| static void
 | |
| make_random_bytes(png_uint_32* seed, void* pv, size_t size)
 | |
| {
 | |
|    png_uint_32 u0 = seed[0], u1 = seed[1];
 | |
|    png_bytep bytes = voidcast(png_bytep, pv);
 | |
| 
 | |
|    /* There are thirty-three bits; the next bit in the sequence is bit-33 XOR
 | |
|     * bit-20.  The top 1 bit is in u1, the bottom 32 are in u0.
 | |
|     */
 | |
|    size_t i;
 | |
|    for (i=0; i<size; ++i)
 | |
|    {
 | |
|       /* First generate 8 new bits then shift them in at the end. */
 | |
|       png_uint_32 u = ((u0 >> (20-8)) ^ ((u1 << 7) | (u0 >> (32-7)))) & 0xff;
 | |
|       u1 <<= 8;
 | |
|       u1 |= u0 >> 24;
 | |
|       u0 <<= 8;
 | |
|       u0 |= u;
 | |
|       *bytes++ = (png_byte)u;
 | |
|    }
 | |
| 
 | |
|    seed[0] = u0;
 | |
|    seed[1] = u1;
 | |
| }
 | |
| 
 | |
| /* Clear an object to a random value. */
 | |
| static void
 | |
| clear(void *pv, size_t size)
 | |
| {
 | |
|    static png_uint_32 clear_seed[2] = { 0x12345678, 0x9abcdef0 };
 | |
|    make_random_bytes(clear_seed, pv, size);
 | |
| }
 | |
| 
 | |
| #define CLEAR(object) clear(&(object), sizeof (object))
 | |
| 
 | |
| /* Copied from unreleased 1.7 code.
 | |
|  *
 | |
|  * CRC checking uses a local pre-built implementation of the Ethernet CRC32.
 | |
|  * This is to avoid a function call to the zlib DLL and to optimize the
 | |
|  * byte-by-byte case.
 | |
|  */
 | |
| static png_uint_32 crc_table[256] =
 | |
| {
 | |
|    0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
 | |
|    0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
 | |
|    0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
 | |
|    0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
 | |
|    0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
 | |
|    0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
 | |
|    0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
 | |
|    0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
 | |
|    0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
 | |
|    0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
 | |
|    0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
 | |
|    0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
 | |
|    0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
 | |
|    0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
 | |
|    0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
 | |
|    0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
 | |
|    0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
 | |
|    0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
 | |
|    0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
 | |
|    0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
 | |
|    0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
 | |
|    0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
 | |
|    0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
 | |
|    0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
 | |
|    0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
 | |
|    0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
 | |
|    0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
 | |
|    0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
 | |
|    0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
 | |
|    0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
 | |
|    0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
 | |
|    0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
 | |
|    0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
 | |
|    0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
 | |
|    0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
 | |
|    0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
 | |
|    0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
 | |
|    0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
 | |
|    0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
 | |
|    0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
 | |
|    0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
 | |
|    0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
 | |
|    0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
 | |
|    0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
 | |
|    0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
 | |
|    0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
 | |
|    0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
 | |
|    0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
 | |
|    0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
 | |
|    0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
 | |
|    0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
 | |
|    0x2d02ef8d
 | |
| };
 | |
| 
 | |
| /* The CRC calculated here *IS* conditioned, the corresponding value used by
 | |
|  * zlib and the result value is obtained by XORing with CRC_INIT, which is also
 | |
|  * the first value that must be passed in (for the first byte) to crc_one_byte.
 | |
|  */
 | |
| #define CRC_INIT 0xffffffff
 | |
| 
 | |
| static png_uint_32
 | |
| crc_one_byte(png_uint_32 crc, int b)
 | |
| {
 | |
|    return crc_table[(crc ^ b) & 0xff] ^ (crc >> 8);
 | |
| }
 | |
| 
 | |
| static png_uint_32
 | |
| crc_init_4(png_uint_32 value)
 | |
| {
 | |
|    /* This is an alternative to the algorithm used in zlib, which requires four
 | |
|     * separate tables to parallelize the four byte operations, it only works for
 | |
|     * a CRC of the first four bytes of the stream, but this is what happens in
 | |
|     * the parser below where length+chunk-name is read and chunk-name used to
 | |
|     * initialize the CRC.  Notice that the calculation here avoids repeated
 | |
|     * conditioning (xor with 0xffffffff) by storing the conditioned value.
 | |
|     */
 | |
|    png_uint_32 crc = crc_table[(~value >> 24)] ^ 0xffffff;
 | |
| 
 | |
|    crc = crc_table[(crc ^ (value >> 16)) & 0xff] ^ (crc >> 8);
 | |
|    crc = crc_table[(crc ^ (value >> 8)) & 0xff] ^ (crc >> 8);
 | |
|    return crc_table[(crc ^ value) & 0xff] ^ (crc >> 8);
 | |
| }
 | |
| 
 | |
| static int
 | |
| chunk_type_valid(png_uint_32 c)
 | |
|    /* Bit whacking approach to chunk name validation that is intended to avoid
 | |
|     * branches.  The cost is that it uses a lot of 32-bit constants, which might
 | |
|     * be bad on some architectures.
 | |
|     */
 | |
| {
 | |
|    png_uint_32 t;
 | |
| 
 | |
|    /* Remove bit 5 from all but the reserved byte; this means every
 | |
|     * 8-bit unit must be in the range 65-90 to be valid.  So bit 5
 | |
|     * must be zero, bit 6 must be set and bit 7 zero.
 | |
|     */
 | |
|    c &= ~PNG_U32(32,32,0,32);
 | |
|    t = (c & ~0x1f1f1f1f) ^ 0x40404040;
 | |
| 
 | |
|    /* Subtract 65 for each 8-bit quantity, this must not overflow
 | |
|     * and each byte must then be in the range 0-25.
 | |
|     */
 | |
|    c -= PNG_U32(65,65,65,65);
 | |
|    t |=c ;
 | |
| 
 | |
|    /* Subtract 26, handling the overflow which should set the top
 | |
|     * three bits of each byte.
 | |
|     */
 | |
|    c -= PNG_U32(25,25,25,26);
 | |
|    t |= ~c;
 | |
| 
 | |
|    return (t & 0xe0e0e0e0) == 0;
 | |
| }
 | |
| 
 | |
| /**************************** CONTROL INFORMATION *****************************/
 | |
| 
 | |
| /* Information about a sequence of IDAT chunks, the chunks have been re-synced
 | |
|  * using sync_stream below and the new lengths are recorded here.  Because the
 | |
|  * number of chunks is unlimited this is handled using a linked list of these
 | |
|  * structures.
 | |
|  */
 | |
| struct IDAT_list
 | |
| {
 | |
|    struct IDAT_list *next;     /* Linked list */
 | |
|    unsigned int      length;   /* Actual length of the array below */
 | |
|    unsigned int      count;    /* Number of entries that are valid */
 | |
| #     define IDAT_INIT_LENGTH 16
 | |
|    png_uint_32       lengths[IDAT_INIT_LENGTH];
 | |
| };
 | |
| 
 | |
| static void
 | |
| IDAT_list_init(struct IDAT_list *list)
 | |
| {
 | |
|    CLEAR(*list);
 | |
| 
 | |
|    list->next = NULL;
 | |
|    list->length = IDAT_INIT_LENGTH;
 | |
| }
 | |
| 
 | |
| static size_t
 | |
| IDAT_list_size(struct IDAT_list *list, unsigned int length)
 | |
|    /* Return the size in bytes of an IDAT_list of the given length. */
 | |
| {
 | |
|    if (list != NULL)
 | |
|       length = list->length;
 | |
| 
 | |
|    return sizeof *list - sizeof list->lengths +
 | |
|       length * sizeof list->lengths[0];
 | |
| }
 | |
| 
 | |
| static void
 | |
| IDAT_list_end(struct IDAT_list *IDAT_list)
 | |
| {
 | |
|    struct IDAT_list *list = IDAT_list->next;
 | |
| 
 | |
|    CLEAR(*IDAT_list);
 | |
| 
 | |
|    while (list != NULL)
 | |
|    {
 | |
|       struct IDAT_list *next = list->next;
 | |
| 
 | |
|       clear(list, IDAT_list_size(list, 0));
 | |
|       free(list);
 | |
|       list = next;
 | |
|    }
 | |
| }
 | |
| 
 | |
| static struct IDAT_list *
 | |
| IDAT_list_extend(struct IDAT_list *tail)
 | |
| {
 | |
|    /* Use the previous cached value if available. */
 | |
|    struct IDAT_list *next = tail->next;
 | |
| 
 | |
|    if (next == NULL)
 | |
|    {
 | |
|       /* Insert a new, malloc'ed, block of IDAT information buffers, this
 | |
|        * one twice as large as the previous one:
 | |
|        */
 | |
|       unsigned int length = 2 * tail->length;
 | |
| 
 | |
|       if (length < tail->length) /* arithmetic overflow */
 | |
|          length = tail->length;
 | |
| 
 | |
|       next = voidcast(IDAT_list*, malloc(IDAT_list_size(NULL, length)));
 | |
|       CLEAR(*next);
 | |
| 
 | |
|       /* The caller must handle this: */
 | |
|       if (next == NULL)
 | |
|          return NULL;
 | |
| 
 | |
|       next->next = NULL;
 | |
|       next->length = length;
 | |
|       tail->next = next;
 | |
|    }
 | |
| 
 | |
|    return next;
 | |
| }
 | |
| 
 | |
| /* GLOBAL CONTROL STRUCTURE */
 | |
| struct global
 | |
| {
 | |
|    /* PUBLIC GLOBAL VARIABLES: OWNER INITIALIZE */
 | |
|    unsigned int   errors        :1; /* print file errors to stderr */
 | |
|    unsigned int   warnings      :1; /* print libpng warnings to stderr */
 | |
|    unsigned int   optimize_zlib :1; /* Run optimization search */
 | |
|    unsigned int   quiet         :2; /* don't output summaries */
 | |
|    unsigned int   verbose       :3; /* various internal tracking */
 | |
|    unsigned int   skip          :3; /* Non-critical chunks to skip */
 | |
| #     define SKIP_NONE      0
 | |
| #     define SKIP_BAD_CRC   1    /* Chunks with a bad CRC */
 | |
| #     define SKIP_UNSAFE    2    /* Chunks not safe to copy */
 | |
| #     define SKIP_UNUSED    3    /* Chunks not used by libpng */
 | |
| #     define SKIP_TRANSFORM 4    /* Chunks only used in transforms */
 | |
| #     define SKIP_COLOR     5    /* Everything but tRNS, sBIT, gAMA and sRGB */
 | |
| #     define SKIP_ALL       6    /* Everything but tRNS and sBIT */
 | |
| 
 | |
|    png_uint_32    idat_max;         /* 0 to perform no re-chunking */
 | |
| 
 | |
|    int            status_code;      /* Accumulated status code */
 | |
| #     define TOO_FAR_BACK   0x01 /* found a too-far-back error */
 | |
| #     define CRC_ERROR      0x02 /* fixed an invalid CRC */
 | |
| #     define STREAM_ERROR   0x04 /* damaged PNG stream (may be fixable) */
 | |
| #     define TRUNCATED      0x08 /* truncated but still readable */
 | |
| #     define FILE_ERROR     0x10 /* could not read the file */
 | |
| #     define WRITE_ERROR    0x20 /* write error (this terminates the read) */
 | |
| #     define INTERNAL_ERROR 0x40 /* internal limits/errors encountered */
 | |
| 
 | |
|    /* PUBLIC GLOBAL VARIABLES: USED INTERNALLY BY IDAT READ CODE */
 | |
|    struct IDAT_list idat_cache;  /* Cache of file IDAT information buffers */
 | |
|       /* The structure is shared across all uses of this global control
 | |
|        * structure to avoid reallocation between IDAT streams.
 | |
|        */
 | |
| };
 | |
| 
 | |
| static int
 | |
| global_end(struct global *global)
 | |
| {
 | |
| 
 | |
|    int rc;
 | |
| 
 | |
|    IDAT_list_end(&global->idat_cache);
 | |
|    rc = global->status_code;
 | |
|    CLEAR(*global);
 | |
|    return rc;
 | |
| }
 | |
| 
 | |
| static void
 | |
| global_init(struct global *global)
 | |
|    /* Call this once (and only once) to initialize the control */
 | |
| {
 | |
|    CLEAR(*global);
 | |
| 
 | |
|    /* Globals */
 | |
|    global->errors        = 0;
 | |
|    global->warnings      = 0;
 | |
|    global->quiet         = 0;
 | |
|    global->verbose       = 0;
 | |
|    global->idat_max      = 0;         /* no re-chunking of IDAT */
 | |
|    global->optimize_zlib = 0;
 | |
|    global->skip          = SKIP_NONE;
 | |
|    global->status_code   = 0;
 | |
| 
 | |
|    IDAT_list_init(&global->idat_cache);
 | |
| }
 | |
| 
 | |
| static int
 | |
| skip_chunk_type(const struct global *global, png_uint_32 type)
 | |
|    /* Return true if this chunk is to be skipped according to the --strip
 | |
|     * option.  This code needs to recognize all known ancillary chunks in order
 | |
|     * to handle the --strip=unsafe option.
 | |
|     */
 | |
| {
 | |
|    /* Never strip critical chunks: */
 | |
|    if (CRITICAL(type))
 | |
|       return 0;
 | |
| 
 | |
|    switch (type)
 | |
|    {
 | |
|       /* Chunks that are treated as, effectively, critical because they affect
 | |
|        * correct interpretation of the pixel values:
 | |
|        */
 | |
|       case png_tRNS: case png_sBIT:
 | |
|          return 0;
 | |
| 
 | |
|       /* Chunks that specify gamma encoding which should therefore only be
 | |
|        * removed the the user insists:
 | |
|        */
 | |
|       case png_gAMA: case png_sRGB:
 | |
|          if (global->skip >= SKIP_ALL)
 | |
|             return 1;
 | |
|          return 0;
 | |
| 
 | |
|       /* Chunks that affect color interpretation - not used by libpng and rarely
 | |
|        * used by applications, but technically still required for correct
 | |
|        * interpretation of the image data:
 | |
|        */
 | |
|       case png_cHRM: case png_iCCP:
 | |
|          if (global->skip >= SKIP_COLOR)
 | |
|             return 1;
 | |
|          return 0;
 | |
| 
 | |
|       /* Other chunks that are used by libpng in image transformations (as
 | |
|        * opposed to known chunks that have get/set APIs but are not otherwise
 | |
|        * used.)
 | |
|        */
 | |
|       case png_bKGD:
 | |
|          if (global->skip >= SKIP_TRANSFORM)
 | |
|             return 1;
 | |
|          return 0;
 | |
| 
 | |
|       /* All other chunks that libpng knows about and affect neither image
 | |
|        * interpretation nor libpng transforms - chunks that are effectively
 | |
|        * unused by libpng even though libpng might recognize and store them.
 | |
|        */
 | |
|       case png_fRAc: case png_gIFg: case png_gIFt: case png_gIFx: case png_hIST:
 | |
|       case png_iTXt: case png_oFFs: case png_pCAL: case png_pHYs: case png_sCAL:
 | |
|       case png_sPLT: case png_sTER: case png_tEXt: case png_tIME: case png_zTXt:
 | |
|          if (global->skip >= SKIP_UNUSED)
 | |
|             return 1;
 | |
|          return 0;
 | |
| 
 | |
|       /* Chunks that libpng does not know about (notice that this depends on the
 | |
|        * list above including all known chunks!)  The decision here depends on
 | |
|        * whether the safe-to-copy bit is set in the chunk type.
 | |
|        */
 | |
|       default:
 | |
|          if (SAFE_TO_COPY(type))
 | |
|          {
 | |
|             if (global->skip >= SKIP_UNUSED) /* as above */
 | |
|                return 1;
 | |
|          }
 | |
| 
 | |
|          else if (global->skip >= SKIP_UNSAFE)
 | |
|             return 1;
 | |
| 
 | |
|          return 0;
 | |
|    }
 | |
| }
 | |
| 
 | |
| /* PER-FILE CONTROL STRUCTURE */
 | |
| struct chunk;
 | |
| struct IDAT;
 | |
| struct file
 | |
| {
 | |
|    /* ANCESTORS */
 | |
|    struct global *global;
 | |
| 
 | |
|    /* PUBLIC PER-FILE VARIABLES: CALLER INITIALIZE */
 | |
|    const char *   file_name;
 | |
|    const char *   out_name;      /* Name of output file (if required) */
 | |
| 
 | |
|    /* PUBLIC PER-FILE VARIABLES: SET BY PNG READ CODE */
 | |
|    /* File specific result codes */
 | |
|    int            status_code;   /* Set to a bit mask of the following: */
 | |
|    int            read_errno;    /* Records a read error errno */
 | |
|    int            write_errno;   /* Records a write error errno */
 | |
| 
 | |
|    /* IHDR information */
 | |
|    png_uint_32    width;
 | |
|    png_uint_32    height;
 | |
|    png_byte       bit_depth;
 | |
|    png_byte       color_type;
 | |
|    png_byte       compression_method;
 | |
|    png_byte       filter_method;
 | |
|    png_byte       interlace_method;
 | |
| 
 | |
|    udigit         image_bytes[5];
 | |
|    int            image_digits;
 | |
| 
 | |
|    /* PROTECTED PER-FILE VARIABLES: USED BY THE READ CODE */
 | |
|    FILE *         file;          /* Original PNG file */
 | |
|    FILE *         out;           /* If a new one is being written */
 | |
|    jmp_buf        jmpbuf;        /* Set while reading a PNG */
 | |
| 
 | |
|    /* PROTECTED CHUNK SPECIFIC VARIABLES: USED BY CHUNK CODE */
 | |
|    /* The following variables are used during reading to record the length, type
 | |
|     * and data position of the *next* chunk or, right at the start, the
 | |
|     * signature (in length,type).
 | |
|     *
 | |
|     * When a chunk control structure is instantiated these values are copied
 | |
|     * into the structure and can then be overritten with the data for the next
 | |
|     * chunk.
 | |
|     */
 | |
|    fpos_t         data_pos;      /* Position of first byte of chunk data */
 | |
|    png_uint_32    length;        /* First word (length or signature start) */
 | |
|    png_uint_32    type;          /* Second word (type or signature end) */
 | |
|    png_uint_32    crc;           /* Running chunk CRC (used by read_chunk) */
 | |
| 
 | |
|    /* These counts are maintained by the read and write routines below and are
 | |
|     * reset by the chunk handling code.  They record the total number of bytes
 | |
|     * read or written for the chunk, including the header (length,type) bytes.
 | |
|     */
 | |
|    png_uint_32    read_count;    /* Count of bytes read (in the chunk) */
 | |
|    png_uint_32    write_count;   /* Count of bytes written (in the chunk) */
 | |
|    int            state;         /* As defined here: */
 | |
| #     define STATE_SIGNATURE  0  /* The signature is being written */
 | |
| #     define STATE_CHUNKS     1  /* Non-IDAT chunks are being written */
 | |
| #     define STATE_IDAT       2  /* An IDAT stream is being written */
 | |
| 
 | |
|    /* Two pointers used to enable clean-up in the event of fatal errors and to
 | |
|     * hold state about the parser process (only one of each at present.)
 | |
|     */
 | |
|    struct chunk * chunk;
 | |
|    struct IDAT *  idat;
 | |
| 
 | |
|    /* Interface to allocate a new chunk or IDAT control structure.  The result
 | |
|     * is returned by setting one or other of the above variables.  Note that the
 | |
|     * relevant initializer is called by the allocator function.  The alloc_ptr
 | |
|     * is used only by the implementation of the allocate function.
 | |
|     */
 | |
|    void *         alloc_ptr;
 | |
|    void         (*alloc)(struct file*,int idat);
 | |
|                                   /* idat: allocate IDAT not chunk */
 | |
| };
 | |
| 
 | |
| /* Valid longjmp (stop) codes are: */
 | |
| #define LIBPNG_WARNING_CODE   1 /* generic png_error */
 | |
| #define LIBPNG_ERROR_CODE     2 /* generic png_error */
 | |
| #define ZLIB_ERROR_CODE       3 /* generic zlib error */
 | |
| #define INVALID_ERROR_CODE    4 /* detected an invalid PNG */
 | |
| #define READ_ERROR_CODE       5 /* read failed */
 | |
| #define WRITE_ERROR_CODE      6 /* error in write */
 | |
| #define UNEXPECTED_ERROR_CODE 7 /* unexpected (internal?) error */
 | |
| 
 | |
| static void
 | |
| emit_string(const char *str, FILE *out)
 | |
|    /* Print a string with spaces replaced by '_' and non-printing characters by
 | |
|     * an octal escape.
 | |
|     */
 | |
| {
 | |
|    for (; *str; ++str)
 | |
|       if (isgraph(UCHAR_MAX & *str))
 | |
|          putc(*str, out);
 | |
| 
 | |
|       else if (isspace(UCHAR_MAX & *str))
 | |
|          putc('_', out);
 | |
| 
 | |
|       else
 | |
|          fprintf(out, "\\%.3o", *str);
 | |
| }
 | |
| 
 | |
| static const char *
 | |
| strcode(int code)
 | |
| {
 | |
|    switch (code)
 | |
|    {
 | |
|       case LIBPNG_WARNING_CODE:   return "warning";
 | |
|       case LIBPNG_ERROR_CODE:     return "libpng";
 | |
|       case ZLIB_ERROR_CODE:       return "zlib";
 | |
|       case INVALID_ERROR_CODE:    return "invalid";
 | |
|       case READ_ERROR_CODE:       return "read";
 | |
|       case WRITE_ERROR_CODE:      return "write";
 | |
|       case UNEXPECTED_ERROR_CODE: return "unexpected";
 | |
|       default:                    return "INVALID";
 | |
|    }
 | |
| }
 | |
| 
 | |
| static void
 | |
| emit_error(struct file *file, int code, const char *what)
 | |
|    /* Generic error message routine, takes a 'stop' code but can be used
 | |
|     * elsewhere.  Always outputs a message.
 | |
|     */
 | |
| {
 | |
|    const char *reason;
 | |
|    int err = 0;
 | |
| 
 | |
|    switch (code)
 | |
|    {
 | |
|       case LIBPNG_WARNING_CODE:   reason = "libpng warning:"; break;
 | |
|       case LIBPNG_ERROR_CODE:     reason = "libpng error:"; break;
 | |
|       case ZLIB_ERROR_CODE:       reason = "zlib error:"; break;
 | |
|       case INVALID_ERROR_CODE:    reason = "invalid"; break;
 | |
|       case READ_ERROR_CODE:       reason = "read failure:";
 | |
|                                   err = file->read_errno;
 | |
|                                   break;
 | |
|       case WRITE_ERROR_CODE:      reason = "write error";
 | |
|                                   err = file->write_errno;
 | |
|                                   break;
 | |
|       case UNEXPECTED_ERROR_CODE: reason = "unexpected error:";
 | |
|                                   err = file->read_errno;
 | |
|                                   if (err == 0)
 | |
|                                      err = file->write_errno;
 | |
|                                   break;
 | |
|       default:                    reason = "INVALID (internal error):"; break;
 | |
|    }
 | |
| 
 | |
|    if (err != 0)
 | |
|       fprintf(stderr, "%s: %s %s [%s]\n", file->file_name, reason, what,
 | |
|          strerror(err));
 | |
| 
 | |
|    else
 | |
|       fprintf(stderr, "%s: %s %s\n", file->file_name, reason, what);
 | |
| }
 | |
| 
 | |
| static void chunk_end(struct chunk **);
 | |
| static void IDAT_end(struct IDAT **);
 | |
| 
 | |
| static int
 | |
| file_end(struct file *file)
 | |
| {
 | |
|    int rc;
 | |
| 
 | |
|    /* If either of the chunk pointers are set end them here, the IDAT structure
 | |
|     * must be deallocated first as it may deallocate the chunk structure.
 | |
|     */
 | |
|    if (file->idat != NULL)
 | |
|       IDAT_end(&file->idat);
 | |
| 
 | |
|    if (file->chunk != NULL)
 | |
|       chunk_end(&file->chunk);
 | |
| 
 | |
|    rc = file->status_code;
 | |
| 
 | |
|    if (file->file != NULL)
 | |
|       (void)fclose(file->file);
 | |
| 
 | |
|    if (file->out != NULL)
 | |
|    {
 | |
|       /* NOTE: this is bitwise |, all the following functions must execute and
 | |
|        * must succeed.
 | |
|        */
 | |
|       if (ferror(file->out) | fflush(file->out) | fclose(file->out))
 | |
|       {
 | |
|          perror(file->out_name);
 | |
|          emit_error(file, READ_ERROR_CODE, "output write error");
 | |
|          rc |= WRITE_ERROR;
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    /* Accumulate the result codes */
 | |
|    file->global->status_code |= rc;
 | |
| 
 | |
|    CLEAR(*file);
 | |
| 
 | |
|    return rc; /* status code: non-zero on read or write error */
 | |
| }
 | |
| 
 | |
| static int
 | |
| file_init(struct file *file, struct global *global, const char *file_name,
 | |
|    const char *out_name, void *alloc_ptr, void (*alloc)(struct file*,int))
 | |
|    /* Initialize a file control structure.  This will open the given files as
 | |
|     * well.  The status code returned is 0 on success, non zero (using the flags
 | |
|     * above) on a file open error.
 | |
|     */
 | |
| {
 | |
|    CLEAR(*file);
 | |
|    file->global = global;
 | |
| 
 | |
|    file->file_name = file_name;
 | |
|    file->out_name = out_name;
 | |
|    file->status_code = 0;
 | |
|    file->read_errno = 0;
 | |
|    file->write_errno = 0;
 | |
| 
 | |
|    file->file = NULL;
 | |
|    file->out = NULL;
 | |
|    /* jmpbuf is garbage: must be set by read_png */
 | |
| 
 | |
|    file->read_count = 0;
 | |
|    file->state = STATE_SIGNATURE;
 | |
| 
 | |
|    file->chunk = NULL;
 | |
|    file->idat = NULL;
 | |
| 
 | |
|    file->alloc_ptr = alloc_ptr;
 | |
|    file->alloc = alloc;
 | |
| 
 | |
|    /* Open the files: */
 | |
|    assert(file_name != NULL);
 | |
|    file->file = fopen(file_name, "rb");
 | |
| 
 | |
|    if (file->file == NULL)
 | |
|    {
 | |
|       file->read_errno = errno;
 | |
|       file->status_code |= FILE_ERROR;
 | |
|       /* Always output: please give a readable file! */
 | |
|       perror(file_name);
 | |
|       return FILE_ERROR;
 | |
|    }
 | |
| 
 | |
|    if (out_name != NULL)
 | |
|    {
 | |
|       file->out = fopen(out_name, "wb");
 | |
| 
 | |
|       if (file->out == NULL)
 | |
|       {
 | |
|          file->write_errno = errno;
 | |
|          file->status_code |= WRITE_ERROR;
 | |
|          perror(out_name);
 | |
|          return WRITE_ERROR;
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    return 0;
 | |
| }
 | |
| 
 | |
| static void
 | |
| log_error(struct file *file, int code, const char *what)
 | |
|    /* Like emit_error but checks the global 'errors' flag */
 | |
| {
 | |
|    if (file->global->errors)
 | |
|       emit_error(file, code, what);
 | |
| }
 | |
| 
 | |
| static char
 | |
| type_char(png_uint_32 v)
 | |
| {
 | |
|    /* In fact because chunk::chunk_type is validated prior to any call to this
 | |
|     * function it will always return a-zA-Z, but the extra codes are just there
 | |
|     * to help in finding internal (programming) errors.  Note that the code only
 | |
|     * ever considers the low 7 bits of the value (so it is not necessary for the
 | |
|     * type_name function to mask of the byte.)
 | |
|     */
 | |
|    if (v & 32)
 | |
|       return "!abcdefghijklmnopqrstuvwxyz56789"[(v-96)&31];
 | |
| 
 | |
|    else
 | |
|       return "@ABCDEFGHIJKLMNOPQRSTUVWXYZ01234"[(v-64)&31];
 | |
| }
 | |
| 
 | |
| static void
 | |
| type_name(png_uint_32 type, FILE *out)
 | |
| {
 | |
|    putc(type_char(type >> 24), out);
 | |
|    putc(type_char(type >> 16), out);
 | |
|    putc(type_char(type >>  8), out);
 | |
|    putc(type_char(type      ), out);
 | |
| }
 | |
| 
 | |
| static void
 | |
| type_sep(FILE *out)
 | |
| {
 | |
|    putc(':', out);
 | |
|    putc(' ', out);
 | |
| }
 | |
| 
 | |
| static png_uint_32 current_type(struct file *file, int code);
 | |
| 
 | |
| PNG_NORETURN static void
 | |
| stop(struct file *file, int code, const char *what)
 | |
|    /* Return control when a PNG file cannot be read. This outputs an 'ERR'
 | |
|     * summary line too.
 | |
|     */
 | |
| {
 | |
|    log_error(file, code, what);
 | |
| 
 | |
|    /* The chunk being read is typically identified by file->chunk or, if this is
 | |
|     * NULL, by file->type.  This may be wrong if libpng reads ahead, but this
 | |
|     * only happens with IDAT where libpng reads the header then jumps around
 | |
|     * finding errors in the previous chunks.  We know that is happening because
 | |
|     * we are at the start of the IDAT (i.e. no IDAT data has yet been written.)
 | |
|     *
 | |
|     * SUMMARY FORMAT (stop):
 | |
|     *
 | |
|     * IDAT ERR status code read-errno write-errno message file
 | |
|     *
 | |
|     * 'uncompressed' will be 0 if there was a problem in the IHDR.  The errno
 | |
|     * values are emit_string(strerror(errno)).
 | |
|     */
 | |
|    if (file->global->quiet < 2) /* need two quiets to stop this. */
 | |
|    {
 | |
|       png_uint_32 type;
 | |
| 
 | |
|       if (file->chunk != NULL)
 | |
|          type = current_type(file, code); /* Gropes in struct chunk and IDAT */
 | |
| 
 | |
|       else
 | |
|          type = file->type;
 | |
| 
 | |
|       if (type)
 | |
|          type_name(type, stdout);
 | |
| 
 | |
|       else /* magic: an IDAT header, produces bogons for too many IDATs */
 | |
|          fputs("HEAD", stdout); /* not a registered chunk! */
 | |
| 
 | |
|       printf(" ERR %.2x %s ", file->status_code, strcode(code));
 | |
|       /* This only works one strerror at a time, because of the way strerror is
 | |
|        * implemented.
 | |
|        */
 | |
|       emit_string(strerror(file->read_errno), stdout);
 | |
|       putc(' ', stdout);
 | |
|       emit_string(strerror(file->write_errno), stdout);
 | |
|       putc(' ', stdout);
 | |
|       emit_string(what, stdout);
 | |
|       putc(' ', stdout);
 | |
|       fputs(file->file_name, stdout);
 | |
|       putc('\n', stdout);
 | |
|    }
 | |
| 
 | |
|    file->status_code |= FILE_ERROR;
 | |
|    longjmp(file->jmpbuf, code);
 | |
| }
 | |
| 
 | |
| PNG_NORETURN static void
 | |
| stop_invalid(struct file *file, const char *what)
 | |
| {
 | |
|    stop(file, INVALID_ERROR_CODE, what);
 | |
| }
 | |
| 
 | |
| static void
 | |
| type_message(struct file *file, png_uint_32 type, const char *what)
 | |
|    /* Error message for a chunk; the chunk name comes from 'type' */
 | |
| {
 | |
|    if (file->global->errors)
 | |
|    {
 | |
|       fputs(file->file_name, stderr);
 | |
|       type_sep(stderr);
 | |
|       type_name(type, stderr);
 | |
|       type_sep(stderr);
 | |
|       fputs(what, stderr);
 | |
|       putc('\n', stderr);
 | |
|    }
 | |
| }
 | |
| 
 | |
| /* Input file positioning - we jump around in the input file while reading
 | |
|  * stuff, these wrappers deal with the error handling.
 | |
|  */
 | |
| static void
 | |
| file_getpos(struct file *file, fpos_t *pos)
 | |
| {
 | |
|    if (fgetpos(file->file, pos))
 | |
|    {
 | |
|       /* This is unexpected, so perror it */
 | |
|       perror(file->file_name);
 | |
|       stop(file, READ_ERROR_CODE, "fgetpos");
 | |
|    }
 | |
| }
 | |
| 
 | |
| static void
 | |
| file_setpos(struct file *file, const fpos_t *pos)
 | |
| {
 | |
|    if (fsetpos(file->file, pos))
 | |
|    {
 | |
|       perror(file->file_name);
 | |
|       stop(file, READ_ERROR_CODE, "fsetpos");
 | |
|    }
 | |
| }
 | |
| 
 | |
| static void
 | |
| getpos(struct file *file)
 | |
|    /* Get the current position and store it in 'data_pos'.  The corresponding
 | |
|     * setpos() function is chunk specific because it uses the copy of the
 | |
|     * position for the specific chunk.
 | |
|     */
 | |
| {
 | |
|    file_getpos(file, &file->data_pos);
 | |
| }
 | |
| 
 | |
| 
 | |
| /* Read utility - read a single byte, returns a value in the range 0..255 or EOF
 | |
|  * on a read error.  In the latter case status_code and read_errno are updated
 | |
|  * appropriately.
 | |
|  */
 | |
| static int
 | |
| read_byte(struct file *file)
 | |
| {
 | |
|    int ch = getc(file->file);
 | |
| 
 | |
|    if (ch >= 0 && ch <= 255)
 | |
|    {
 | |
|       ++(file->read_count);
 | |
|       return ch;
 | |
|    }
 | |
| 
 | |
|    else if (ch != EOF)
 | |
|    {
 | |
|       file->status_code |= INTERNAL_ERROR;
 | |
|       file->read_errno = ERANGE; /* out of range character */
 | |
| 
 | |
|       /* This is very unexpected; an error message is always output: */
 | |
|       emit_error(file, UNEXPECTED_ERROR_CODE, "file read");
 | |
|    }
 | |
| 
 | |
| #  ifdef EINTR
 | |
|       else if (errno == EINTR) /* Interrupted, try again */
 | |
|       {
 | |
|          errno = 0;
 | |
|          return read_byte(file);
 | |
|       }
 | |
| #  endif
 | |
| 
 | |
|    else
 | |
|    {
 | |
|       /* An error, it doesn't really matter what the error is but it gets
 | |
|        * recorded anyway.
 | |
|        */
 | |
|       if (ferror(file->file))
 | |
|          file->read_errno = errno;
 | |
| 
 | |
|       else if (feof(file->file))
 | |
|          file->read_errno = 0; /* I.e. a regular EOF, no error */
 | |
| 
 | |
|       else /* unexpected */
 | |
|          file->read_errno = EDOM;
 | |
|    }
 | |
| 
 | |
|    /* 'TRUNCATED' is used for all cases of failure to read a byte, because of
 | |
|     * the way libpng works a byte read is never attempted unless the byte is
 | |
|     * expected to be there, so EOF should not occur.
 | |
|     */
 | |
|    file->status_code |= TRUNCATED;
 | |
|    return EOF;
 | |
| }
 | |
| 
 | |
| static png_byte
 | |
| reread_byte(struct file *file)
 | |
|    /* Read a byte when an error is not expected to happen because the byte has
 | |
|     * been read before without error.
 | |
|     */
 | |
| {
 | |
|    int ch = getc(file->file);
 | |
| 
 | |
|    if (errno != 0)
 | |
|       file->read_errno = errno;
 | |
| 
 | |
|    if (ch < 0 || ch > 255)
 | |
|       stop(file, UNEXPECTED_ERROR_CODE, "reread");
 | |
| 
 | |
|    return (png_byte)ch;
 | |
| }
 | |
| 
 | |
| static png_uint_32
 | |
| reread_4(struct file *file)
 | |
|    /* The same but for a four byte quantity */
 | |
| {
 | |
|    png_uint_32 result = 0;
 | |
|    int i = 0;
 | |
| 
 | |
|    while (++i <= 4)
 | |
|       result = (result << 8) + reread_byte(file);
 | |
| 
 | |
|    return result;
 | |
| }
 | |
| 
 | |
| static void
 | |
| skip_12(struct file *file)
 | |
|    /* Skip exactly 12 bytes in the input stream - used to skip a CRC and chunk
 | |
|     * header that has been read before.
 | |
|     */
 | |
| {
 | |
|    /* Since the chunks were read before this shouldn't fail: */
 | |
|    if (fseek(file->file, 12, SEEK_CUR) != 0)
 | |
|    {
 | |
|       if (errno != 0)
 | |
|          file->read_errno = errno;
 | |
| 
 | |
|       stop(file, UNEXPECTED_ERROR_CODE, "reskip");
 | |
|    }
 | |
| }
 | |
| 
 | |
| static void
 | |
| write_byte(struct file *file, int b)
 | |
|    /* Write one byte to the output - this causes a fatal error if the write
 | |
|     * fails and the read of this PNG file immediately terminates.  Just
 | |
|     * increments the write count if there is no output file.
 | |
|     */
 | |
| {
 | |
|    if (file->out != NULL)
 | |
|    {
 | |
|       if (putc(b, file->out) != b)
 | |
|       {
 | |
|          file->write_errno = errno;
 | |
|          file->status_code |= WRITE_ERROR;
 | |
|          stop(file, WRITE_ERROR_CODE, "write byte");
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    ++(file->write_count);
 | |
| }
 | |
| 
 | |
| /* Derivatives of the read/write functions. */
 | |
| static unsigned int
 | |
| read_4(struct file *file, png_uint_32 *pu)
 | |
|    /* Read four bytes, returns the number of bytes read successfully and, if all
 | |
|     * four bytes are read, assigns the result to *pu.
 | |
|     */
 | |
| {
 | |
|    unsigned int i = 0;
 | |
|    png_uint_32 val = 0;
 | |
| 
 | |
|    do
 | |
|    {
 | |
|       int ch = read_byte(file);
 | |
| 
 | |
|       if (ch == EOF)
 | |
|          return i;
 | |
| 
 | |
|       val = (val << 8) + ch;
 | |
|    } while (++i < 4);
 | |
| 
 | |
|    *pu = val;
 | |
|    return i;
 | |
| }
 | |
| 
 | |
| /* CRC handling - read but calculate the CRC while doing so. */
 | |
| static int
 | |
| crc_read_many(struct file *file, png_uint_32 length)
 | |
|    /* Reads 'length' bytes and updates the CRC, returns true on success, false
 | |
|     * if the input is truncated.
 | |
|     */
 | |
| {
 | |
|    if (length > 0)
 | |
|    {
 | |
|       png_uint_32 crc = file->crc;
 | |
| 
 | |
|       do
 | |
|       {
 | |
|          int ch = read_byte(file);
 | |
| 
 | |
|          if (ch == EOF)
 | |
|             return 0; /* Truncated */
 | |
| 
 | |
|          crc = crc_one_byte(crc, ch);
 | |
|       }
 | |
|       while (--length > 0);
 | |
| 
 | |
|       file->crc = crc;
 | |
|    }
 | |
| 
 | |
|    return 1; /* OK */
 | |
| }
 | |
| 
 | |
| static int
 | |
| calc_image_size(struct file *file)
 | |
|    /* Fill in the image_bytes field given the IHDR information, calls stop on
 | |
|     * error.
 | |
|     */
 | |
| {
 | |
|    png_uint_16 pd = file->bit_depth;
 | |
| 
 | |
|    switch (file->color_type)
 | |
|    {
 | |
|       default:
 | |
|          stop_invalid(file, "IHDR: colour type");
 | |
| 
 | |
|       invalid_bit_depth:
 | |
|          stop_invalid(file, "IHDR: bit depth");
 | |
| 
 | |
|       case 0: /* g */
 | |
|          if (pd != 1 && pd != 2 && pd != 4 && pd != 8 && pd != 16)
 | |
|             goto invalid_bit_depth;
 | |
|          break;
 | |
| 
 | |
|       case 3:
 | |
|          if (pd != 1 && pd != 2 && pd != 4 && pd != 8)
 | |
|             goto invalid_bit_depth;
 | |
|          break;
 | |
| 
 | |
|       case 2: /* rgb */
 | |
|          if (pd != 8 && pd != 16)
 | |
|             goto invalid_bit_depth;
 | |
| 
 | |
|          pd = (png_uint_16)(pd * 3);
 | |
|          break;
 | |
| 
 | |
|       case 4: /* ga */
 | |
|          if (pd != 8 && pd != 16)
 | |
|             goto invalid_bit_depth;
 | |
| 
 | |
|          pd = (png_uint_16)(pd * 2);
 | |
|          break;
 | |
| 
 | |
|       case 6: /* rgba */
 | |
|          if (pd != 8 && pd != 16)
 | |
|             goto invalid_bit_depth;
 | |
| 
 | |
|          pd = (png_uint_16)(pd * 4);
 | |
|          break;
 | |
|    }
 | |
| 
 | |
|    if (file->width < 1 || file->width > 0x7fffffff)
 | |
|       stop_invalid(file, "IHDR: width");
 | |
| 
 | |
|    else if (file->height < 1 || file->height > 0x7fffffff)
 | |
|       stop_invalid(file, "IHDR: height");
 | |
| 
 | |
|    else if (file->compression_method != 0)
 | |
|       stop_invalid(file, "IHDR: compression method");
 | |
| 
 | |
|    else if (file->filter_method != 0)
 | |
|       stop_invalid(file, "IHDR: filter method");
 | |
| 
 | |
|    else switch (file->interlace_method)
 | |
|    {
 | |
|       case PNG_INTERLACE_ADAM7:
 | |
|          /* Interlacing makes the image larger because of the replication of
 | |
|           * both the filter byte and the padding to a byte boundary.
 | |
|           */
 | |
|          {
 | |
|             int pass;
 | |
|             int image_digits = 0;
 | |
|             udigit row_width[2], row_bytes[3];
 | |
| 
 | |
|             for (pass=0; pass<=6; ++pass)
 | |
|             {
 | |
|                png_uint_32 pw = PNG_PASS_COLS(file->width, pass);
 | |
| 
 | |
|                if (pw > 0)
 | |
|                {
 | |
|                   int  digits;
 | |
| 
 | |
|                   /* calculate 1+((pw*pd+7)>>3) in row_bytes */
 | |
|                   digits = uarb_mult_digit(row_bytes, uarb_set(row_bytes, 7),
 | |
|                      row_width, uarb_set(row_width, pw), pd);
 | |
|                   digits = uarb_shift(row_bytes, digits, 3);
 | |
|                   digits = uarb_inc(row_bytes, digits, 1);
 | |
| 
 | |
|                   /* Add row_bytes * pass-height to the file image_bytes field
 | |
|                    */
 | |
|                   image_digits = uarb_mult32(file->image_bytes, image_digits,
 | |
|                      row_bytes, digits,
 | |
|                      PNG_PASS_ROWS(file->height, pass));
 | |
|                }
 | |
|             }
 | |
| 
 | |
|             file->image_digits = image_digits;
 | |
|          }
 | |
|          break;
 | |
| 
 | |
|       case PNG_INTERLACE_NONE:
 | |
|          {
 | |
|             int  digits;
 | |
|             udigit row_width[2], row_bytes[3];
 | |
| 
 | |
|             /* As above, but use image_width in place of the pass width: */
 | |
|             digits = uarb_mult_digit(row_bytes, uarb_set(row_bytes, 7),
 | |
|                row_width, uarb_set(row_width, file->width), pd);
 | |
|             digits = uarb_shift(row_bytes, digits, 3);
 | |
|             digits = uarb_inc(row_bytes, digits, 1);
 | |
| 
 | |
|             /* Set row_bytes * image-height to the file image_bytes field */
 | |
|             file->image_digits = uarb_mult32(file->image_bytes, 0,
 | |
|                row_bytes, digits, file->height);
 | |
|          }
 | |
|          break;
 | |
| 
 | |
|       default:
 | |
|          stop_invalid(file, "IHDR: interlace method");
 | |
|    }
 | |
| 
 | |
|    assert(file->image_digits >= 1 && file->image_digits <= 5);
 | |
|    return 1;
 | |
| }
 | |
| 
 | |
| /* PER-CHUNK CONTROL STRUCTURE
 | |
|  * This structure is instantiated for each chunk, except for the IDAT chunks
 | |
|  * where one chunk control structure is used for the whole of a single stream of
 | |
|  * IDAT chunks (see the IDAT control structure below).
 | |
|  */
 | |
| struct chunk
 | |
| {
 | |
|    /* ANCESTORS */
 | |
|    struct file *         file;
 | |
|    struct global *       global;
 | |
| 
 | |
|    /* PUBLIC IDAT INFORMATION: SET BY THE ZLIB CODE */
 | |
|    udigit         uncompressed_bytes[5];
 | |
|    int            uncompressed_digits;
 | |
|    udigit         compressed_bytes[5];
 | |
|    int            compressed_digits;
 | |
| 
 | |
|    /* PUBLIC PER-CHUNK INFORMATION: USED BY CHUNK READ CODE */
 | |
|    /* This information is filled in by chunk_init from the data in the file
 | |
|     * control structure, but chunk_length may be changed later.
 | |
|     */
 | |
|    fpos_t         chunk_data_pos;    /* Position of first byte of chunk data */
 | |
|    png_uint_32    chunk_length;      /* From header (or modified below) */
 | |
|    png_uint_32    chunk_type;        /* From header */
 | |
| 
 | |
|    /* PUBLIC PER-CHUNK INFORMATION: FOR THE CHUNK WRITE CODE */
 | |
|    png_uint_32    write_crc;         /* Output CRC (may differ from read_crc) */
 | |
|    png_uint_32    rewrite_offset;    /* Count of bytes before rewrite. */
 | |
|    int            rewrite_length;    /* Number of bytes left to change */
 | |
|    png_byte       rewrite_buffer[2]; /* Buffer of new byte values */
 | |
| };
 | |
| 
 | |
| static void
 | |
| chunk_message(struct chunk *chunk, const char *message)
 | |
| {
 | |
|    type_message(chunk->file, chunk->chunk_type, message);
 | |
| }
 | |
| 
 | |
| static void
 | |
| chunk_end(struct chunk **chunk_var)
 | |
| {
 | |
|    struct chunk *chunk = *chunk_var;
 | |
| 
 | |
|    *chunk_var = NULL;
 | |
|    CLEAR(*chunk);
 | |
| }
 | |
| 
 | |
| static void
 | |
| chunk_init(struct chunk * const chunk, struct file * const file)
 | |
|    /* When a chunk is initialized the file length/type/pos are copied into the
 | |
|     * corresponding chunk fields and the new chunk is registered in the file
 | |
|     * structure.  There can only be one chunk at a time.
 | |
|     *
 | |
|     * NOTE: this routine must onely be called from the file alloc routine!
 | |
|     */
 | |
| {
 | |
|    assert(file->chunk == NULL);
 | |
| 
 | |
|    CLEAR(*chunk);
 | |
| 
 | |
|    chunk->file = file;
 | |
|    chunk->global = file->global;
 | |
| 
 | |
|    chunk->chunk_data_pos = file->data_pos;
 | |
|    chunk->chunk_length = file->length;
 | |
|    chunk->chunk_type = file->type;
 | |
| 
 | |
|    /* Compresssed/uncompressed size information (from the zlib control structure
 | |
|     * that is used to check the compressed data in a chunk.)
 | |
|     */
 | |
|    chunk->uncompressed_digits = 0;
 | |
|    chunk->compressed_digits = 0;
 | |
| 
 | |
|    file->chunk = chunk;
 | |
| }
 | |
| 
 | |
| static png_uint_32
 | |
| current_type(struct file *file, int code)
 | |
|    /* Guess the actual chunk type that causes a stop() */
 | |
| {
 | |
|    /* This may return png_IDAT for errors detected (late) in the header; that
 | |
|     * includes any inter-chunk consistency check that libpng performs.  Assume
 | |
|     * that if the chunk_type is png_IDAT and the file write count is 8 this is
 | |
|     * what is happening.
 | |
|     */
 | |
|    if (file->chunk != NULL)
 | |
|    {
 | |
|       png_uint_32 type = file->chunk->chunk_type;
 | |
| 
 | |
|       /* This is probably wrong for the excess IDATs case, because then libpng
 | |
|        * whines about too many of them (apparently in some cases erroneously)
 | |
|        * when the header is read.
 | |
|        */
 | |
|       if (code <= LIBPNG_ERROR_CODE && type == png_IDAT &&
 | |
|          file->write_count == 8)
 | |
|          type = 0; /* magic */
 | |
| 
 | |
|       return type;
 | |
|    }
 | |
| 
 | |
|    else
 | |
|       return file->type;
 | |
| }
 | |
| 
 | |
| static void
 | |
| setpos(struct chunk *chunk)
 | |
|    /* Reset the position to 'chunk_data_pos' - the start of the data for this
 | |
|     * chunk.  As a side effect the read_count in the file is reset to 8, just
 | |
|     * after the length/type header.
 | |
|     */
 | |
| {
 | |
|    chunk->file->read_count = 8;
 | |
|    file_setpos(chunk->file, &chunk->chunk_data_pos);
 | |
| }
 | |
| 
 | |
| /* Specific chunk handling - called for each chunk header, all special chunk
 | |
|  * processing is initiated in these functions.
 | |
|  */
 | |
| /* The next functions handle special processing for those chunks with LZ data,
 | |
|  * the data is identified and checked for validity.  If there are problems which
 | |
|  * cannot be corrected the routines return false, otherwise true (although
 | |
|  * modification to the zlib header may be required.)
 | |
|  *
 | |
|  * The compressed data is in zlib format (RFC1950) and consequently has a
 | |
|  * minimum length of 7 bytes.
 | |
|  */
 | |
| static int zlib_check(struct file *file, png_uint_32 offset);
 | |
| 
 | |
| static int
 | |
| process_zTXt_iCCP(struct file *file)
 | |
|    /* zTXt and iCCP have exactly the same form - keyword, null, compression
 | |
|     * method then compressed data.
 | |
|     */
 | |
| {
 | |
|    struct chunk *chunk = file->chunk;
 | |
|    png_uint_32 length;
 | |
|    png_uint_32 index = 0;
 | |
| 
 | |
|    assert(chunk != NULL && file->idat == NULL);
 | |
|    length = chunk->chunk_length;
 | |
|    setpos(chunk);
 | |
| 
 | |
|    while (length >= 9)
 | |
|    {
 | |
|       --length;
 | |
|       ++index;
 | |
|       if (reread_byte(file) == 0) /* keyword null terminator */
 | |
|       {
 | |
|          --length;
 | |
|          ++index;
 | |
|          (void)reread_byte(file); /* compression method */
 | |
|          return zlib_check(file, index);
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    chunk_message(chunk, "too short");
 | |
|    return 0; /* skip */
 | |
| }
 | |
| 
 | |
| static int
 | |
| process_iTXt(struct file *file)
 | |
| {
 | |
|    /* Like zTXt but more fields. */
 | |
|    struct chunk *chunk = file->chunk;
 | |
|    png_uint_32 length;
 | |
|    png_uint_32 index = 0;
 | |
| 
 | |
|    assert(chunk != NULL && file->idat == NULL);
 | |
|    length = chunk->chunk_length;
 | |
|    setpos(chunk);
 | |
| 
 | |
|    while (length >= 5)
 | |
|    {
 | |
|       --length;
 | |
|       ++index;
 | |
|       if (reread_byte(file) == 0) /* keyword null terminator */
 | |
|       {
 | |
|          --length;
 | |
|          ++index;
 | |
|          if (reread_byte(file) == 0) /* uncompressed text */
 | |
|             return 1; /* nothing to check */
 | |
| 
 | |
|          --length;
 | |
|          ++index;
 | |
|          (void)reread_byte(file); /* compression method */
 | |
| 
 | |
|          /* Skip the language tag (null terminated). */
 | |
|          while (length >= 9)
 | |
|          {
 | |
|             --length;
 | |
|             ++index;
 | |
|             if (reread_byte(file) == 0) /* terminator */
 | |
|             {
 | |
|                /* Skip the translated keyword */
 | |
|                while (length >= 8)
 | |
|                {
 | |
|                   --length;
 | |
|                   ++index;
 | |
|                   if (reread_byte(file) == 0) /* terminator */
 | |
|                      return zlib_check(file, index);
 | |
|                }
 | |
|             }
 | |
|          }
 | |
| 
 | |
|          /* Ran out of bytes in the compressed case. */
 | |
|          break;
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    log_error(file, INVALID_ERROR_CODE, "iTXt chunk length");
 | |
| 
 | |
|    return 0; /* skip */
 | |
| }
 | |
| 
 | |
| /* IDAT READ/WRITE CONTROL STRUCTURE */
 | |
| struct IDAT
 | |
| {
 | |
|    /* ANCESTORS */
 | |
|    struct file *         file;
 | |
|    struct global *       global;
 | |
| 
 | |
|    /* PROTECTED IDAT INFORMATION: SET BY THE IDAT READ CODE */
 | |
|    struct IDAT_list *idat_list_head; /* START of the list of IDAT information */
 | |
|    struct IDAT_list *idat_list_tail; /* *END* of the list of IDAT information */
 | |
| 
 | |
|    /* PROTECTED IDAT INFORMATION: USED BY THE IDAT WRITE CODE */
 | |
|    struct IDAT_list *idat_cur;       /* Current list entry */
 | |
|    unsigned int      idat_count;     /* And the *current* index into the list */
 | |
|    png_uint_32       idat_index;     /* Index of *next* input byte to write */
 | |
|    png_uint_32       idat_length;    /* Cache of current chunk length */
 | |
| };
 | |
| 
 | |
| /* NOTE: there is currently no IDAT_reset, so a stream cannot contain more than
 | |
|  * one IDAT sequence (i.e. MNG is not supported).
 | |
|  */
 | |
| 
 | |
| static void
 | |
| IDAT_end(struct IDAT **idat_var)
 | |
| {
 | |
|    struct IDAT *idat = *idat_var;
 | |
|    struct file *file = idat->file;
 | |
| 
 | |
|    *idat_var = NULL;
 | |
| 
 | |
|    CLEAR(*idat);
 | |
| 
 | |
|    assert(file->chunk != NULL);
 | |
|    chunk_end(&file->chunk);
 | |
| 
 | |
|    /* Regardless of why the IDAT was killed set the state back to CHUNKS (it may
 | |
|     * already be CHUNKS because the state isn't changed until process_IDAT
 | |
|     * returns; a stop will cause IDAT_end to be entered in state CHUNKS!)
 | |
|     */
 | |
|    file->state = STATE_CHUNKS;
 | |
| }
 | |
| 
 | |
| static void
 | |
| IDAT_init(struct IDAT * const idat, struct file * const file)
 | |
|    /* When the chunk is png_IDAT instantiate an IDAT control structure in place
 | |
|     * of a chunk control structure.  The IDAT will instantiate a chunk control
 | |
|     * structure using the file alloc routine.
 | |
|     *
 | |
|     * NOTE: this routine must only be called from the file alloc routine!
 | |
|     */
 | |
| {
 | |
|    assert(file->chunk == NULL);
 | |
|    assert(file->idat == NULL);
 | |
| 
 | |
|    CLEAR(*idat);
 | |
| 
 | |
|    idat->file = file;
 | |
|    idat->global = file->global;
 | |
| 
 | |
|    /* Initialize the tail to the pre-allocated buffer and set the count to 0
 | |
|     * (empty.)
 | |
|     */
 | |
|    idat->global->idat_cache.count = 0;
 | |
|    idat->idat_list_head = idat->idat_list_tail = &idat->global->idat_cache;
 | |
| 
 | |
|    /* Now the chunk.  The allocator calls the initializer of the new chunk and
 | |
|     * stores the result in file->chunk:
 | |
|     */
 | |
|    file->alloc(file, 0/*chunk*/);
 | |
|    assert(file->chunk != NULL);
 | |
| 
 | |
|    /* And store this for cleanup (and to check for double alloc or failure to
 | |
|     * free.)
 | |
|     */
 | |
|    file->idat = idat;
 | |
| }
 | |
| 
 | |
| static png_uint_32
 | |
| rechunk_length(struct IDAT *idat, int start)
 | |
|    /* Return the length for the next IDAT chunk, taking into account
 | |
|     * rechunking.
 | |
|     */
 | |
| {
 | |
|    png_uint_32 len = idat->global->idat_max;
 | |
| 
 | |
|    if (len == 0) /* use original chunk lengths */
 | |
|    {
 | |
|       const struct IDAT_list *cur;
 | |
|       unsigned int count;
 | |
| 
 | |
|       if (start)
 | |
|          return idat->idat_length; /* use the cache */
 | |
| 
 | |
|       /* Otherwise rechunk_length is called at the end of a chunk for the length
 | |
|        * of the next one.
 | |
|        */
 | |
|       cur = idat->idat_cur;
 | |
|       count = idat->idat_count;
 | |
| 
 | |
|       assert(idat->idat_index == idat->idat_length &&
 | |
|          idat->idat_length == cur->lengths[count]);
 | |
| 
 | |
|       /* Return length of the *next* chunk */
 | |
|       if (++count < cur->count)
 | |
|          return cur->lengths[count];
 | |
| 
 | |
|       /* End of this list */
 | |
|       assert(cur != idat->idat_list_tail);
 | |
|       cur = cur->next;
 | |
|       assert(cur != NULL && cur->count > 0);
 | |
|       return cur->lengths[0];
 | |
|    }
 | |
| 
 | |
|    else /* rechunking */
 | |
|    {
 | |
|       /* The chunk size is the lesser of file->idat_max and the number
 | |
|        * of remaining bytes.
 | |
|        */
 | |
|       png_uint_32 have = idat->idat_length - idat->idat_index;
 | |
| 
 | |
|       if (len > have)
 | |
|       {
 | |
|          struct IDAT_list *cur = idat->idat_cur;
 | |
|          unsigned int j = idat->idat_count+1; /* the next IDAT in the list */
 | |
| 
 | |
|          do
 | |
|          {
 | |
|             /* Add up the remaining bytes.  This can't overflow because the
 | |
|              * individual lengths are always <= 0x7fffffff, so when we add two
 | |
|              * of them overflow is not possible.
 | |
|              */
 | |
|             assert(cur != NULL);
 | |
| 
 | |
|             for (;;)
 | |
|             {
 | |
|                /* NOTE: IDAT_list::count here, not IDAT_list::length */
 | |
|                for (; j < cur->count; ++j)
 | |
|                {
 | |
|                   have += cur->lengths[j];
 | |
|                   if (len <= have)
 | |
|                      return len;
 | |
|                }
 | |
| 
 | |
|                /* If this was the end return the count of the available bytes */
 | |
|                if (cur == idat->idat_list_tail)
 | |
|                   return have;
 | |
| 
 | |
|                cur = cur->next;
 | |
|                j = 0;
 | |
|             }
 | |
|          }
 | |
|          while (len > have);
 | |
|       }
 | |
| 
 | |
|       return len;
 | |
|    }
 | |
| }
 | |
| 
 | |
| static int
 | |
| process_IDAT(struct file *file)
 | |
|    /* Process the IDAT stream, this is the more complex than the preceding
 | |
|     * cases because the compressed data is spread across multiple IDAT chunks
 | |
|     * (typically).  Rechunking of the data is not handled here; all this
 | |
|     * function does is establish whether the zlib header needs to be modified.
 | |
|     *
 | |
|     * Initially the function returns false, indicating that the chunk should not
 | |
|     * be written.  It does this until the last IDAT chunk is passed in, then it
 | |
|     * checks the zlib data and returns true.
 | |
|     *
 | |
|     * It does not return false on a fatal error; it calls stop instead.
 | |
|     *
 | |
|     * The caller must have an instantiated (IDAT) control structure and it must
 | |
|     * have extent over the whole read of the IDAT stream.  For a PNG this means
 | |
|     * the whole PNG read, for MNG it could have lesser extent.
 | |
|     */
 | |
| {
 | |
|    struct IDAT_list *list;
 | |
| 
 | |
|    assert(file->idat != NULL && file->chunk != NULL);
 | |
| 
 | |
|    /* We need to first check the entire sequence of IDAT chunks to ensure the
 | |
|     * stream is in sync.  Do this by building a list of all the chunks and
 | |
|     * recording the length of each because the length may have been fixed up by
 | |
|     * sync_stream below.
 | |
|     *
 | |
|     * At the end of the list of chunks, where the type of the next chunk is not
 | |
|     * png_IDAT, process the whole stream using the list data to check validity
 | |
|     * then return control to the start and rewrite everything.
 | |
|     */
 | |
|    list = file->idat->idat_list_tail;
 | |
| 
 | |
|    if (list->count == list->length)
 | |
|    {
 | |
|       list = IDAT_list_extend(list);
 | |
| 
 | |
|       if (list == NULL)
 | |
|          stop(file, READ_ERROR_CODE, "out of memory");
 | |
| 
 | |
|       /* Move to the next block */
 | |
|       list->count = 0;
 | |
|       file->idat->idat_list_tail = list;
 | |
|    }
 | |
| 
 | |
|    /* And fill in the next IDAT information buffer. */
 | |
|    list->lengths[(list->count)++] = file->chunk->chunk_length;
 | |
| 
 | |
|    /* The type of the next chunk was recorded in the file control structure by
 | |
|     * the caller, if this is png_IDAT return 'skip' to the caller.
 | |
|     */
 | |
|    if (file->type == png_IDAT)
 | |
|       return 0; /* skip this for the moment */
 | |
| 
 | |
|    /* This is the final IDAT chunk, so run the tests to check for the too far
 | |
|     * back error and possibly optimize the window bits.  This means going back
 | |
|     * to the start of the first chunk data, which is stored in the original
 | |
|     * chunk allocation.
 | |
|     */
 | |
|    setpos(file->chunk);
 | |
| 
 | |
|    if (zlib_check(file, 0))
 | |
|    {
 | |
|       struct IDAT *idat;
 | |
|       int cmp;
 | |
| 
 | |
|       /* The IDAT stream was successfully uncompressed; see whether it
 | |
|        * contained the correct number of bytes of image data.
 | |
|        */
 | |
|       cmp = uarb_cmp(file->image_bytes, file->image_digits,
 | |
|          file->chunk->uncompressed_bytes, file->chunk->uncompressed_digits);
 | |
| 
 | |
|       if (cmp < 0)
 | |
|          type_message(file, png_IDAT, "extra uncompressed data");
 | |
| 
 | |
|       else if (cmp > 0)
 | |
|          stop(file, LIBPNG_ERROR_CODE, "IDAT: uncompressed data too small");
 | |
| 
 | |
|       /* Return the stream to the start of the first IDAT chunk; the length
 | |
|        * is set in the write case below but the input chunk variables must be
 | |
|        * set (once) here:
 | |
|        */
 | |
|       setpos(file->chunk);
 | |
| 
 | |
|       idat = file->idat;
 | |
|       idat->idat_cur = idat->idat_list_head;
 | |
|       idat->idat_length = idat->idat_cur->lengths[0];
 | |
|       idat->idat_count = 0; /* Count of chunks read in current list */
 | |
|       idat->idat_index = 0; /* Index into chunk data */
 | |
| 
 | |
|       /* Update the chunk length to the correct value for the IDAT chunk: */
 | |
|       file->chunk->chunk_length = rechunk_length(idat, 1/*start*/);
 | |
| 
 | |
|       /* Change the state to writing IDAT chunks */
 | |
|       file->state = STATE_IDAT;
 | |
| 
 | |
|       return 1;
 | |
|    }
 | |
| 
 | |
|    else /* Failure to decompress the IDAT stream; give up. */
 | |
|       stop(file, ZLIB_ERROR_CODE, "could not uncompress IDAT");
 | |
| }
 | |
| 
 | |
| /* ZLIB CONTROL STRUCTURE */
 | |
| struct zlib
 | |
| {
 | |
|    /* ANCESTORS */
 | |
|    struct IDAT *  idat;          /* NOTE: May be NULL */
 | |
|    struct chunk * chunk;
 | |
|    struct file *  file;
 | |
|    struct global *global;
 | |
| 
 | |
|    /* GLOBAL ZLIB INFORMATION: SET BY THE CALLER */
 | |
|    png_uint_32    rewrite_offset;
 | |
| 
 | |
|    /* GLOBAL ZLIB INFORMATION: SET BY THE ZLIB READ CODE */
 | |
|    udigit         compressed_bytes[5];
 | |
|    int            compressed_digits;
 | |
|    udigit         uncompressed_bytes[5];
 | |
|    int            uncompressed_digits;
 | |
|    int            file_bits;             /* window bits from the file */
 | |
|    int            ok_bits;               /* Set <16 on a successful read */
 | |
|    int            cksum;                 /* Set on a checksum error */
 | |
| 
 | |
|    /* PROTECTED ZLIB INFORMATION: USED BY THE ZLIB ROUTINES */
 | |
|    z_stream       z;
 | |
|    png_uint_32    extra_bytes;   /* Count of extra compressed bytes */
 | |
|    int            state;
 | |
|    int            rc;            /* Last return code */
 | |
|    int            window_bits;   /* 0 if no change */
 | |
|    png_byte       header[2];
 | |
| };
 | |
| 
 | |
| static const char *
 | |
| zlib_flevel(struct zlib *zlib)
 | |
| {
 | |
|    switch (zlib->header[1] >> 6)
 | |
|    {
 | |
|       case 0:  return "supfast";
 | |
|       case 1:  return "stdfast";
 | |
|       case 2:  return "default";
 | |
|       case 3:  return "maximum";
 | |
|       default: assert(UNREACHED);
 | |
|    }
 | |
| 
 | |
|    return "COMPILER BUG";
 | |
| }
 | |
| 
 | |
| static const char *
 | |
| zlib_rc(struct zlib *zlib)
 | |
|    /* Return a string for the zlib return code */
 | |
| {
 | |
|    switch (zlib->rc)
 | |
|    {
 | |
|       case Z_OK:              return "Z_OK";
 | |
|       case Z_STREAM_END:      return "Z_STREAM_END";
 | |
|       case Z_NEED_DICT:       return "Z_NEED_DICT";
 | |
|       case Z_ERRNO:           return "Z_ERRNO";
 | |
|       case Z_STREAM_ERROR:    return "Z_STREAM_ERROR";
 | |
|       case Z_DATA_ERROR:      return "Z_DATA_ERROR";
 | |
|       case Z_MEM_ERROR:       return "Z_MEM_ERROR";
 | |
|       case Z_BUF_ERROR:       return "Z_BUF_ERROR";
 | |
|       case Z_VERSION_ERROR:   return "Z_VERSION_ERROR";
 | |
|       default:                return "Z_*INVALID_RC*";
 | |
|    }
 | |
| }
 | |
| 
 | |
| static void
 | |
| zlib_message(struct zlib *zlib, int unexpected)
 | |
|    /* Output a message given a zlib rc */
 | |
| {
 | |
|    if (zlib->global->errors)
 | |
|    {
 | |
|       const char *reason = zlib->z.msg;
 | |
| 
 | |
|       if (reason == NULL)
 | |
|          reason = "[no message]";
 | |
| 
 | |
|       fputs(zlib->file->file_name, stderr);
 | |
|       type_sep(stderr);
 | |
|       type_name(zlib->chunk->chunk_type, stderr);
 | |
|       fprintf(stderr, ": %szlib error: %d (%s) (%s)\n",
 | |
|          unexpected ? "unexpected " : "", zlib->rc, zlib_rc(zlib), reason);
 | |
|    }
 | |
| }
 | |
| 
 | |
| static void
 | |
| zlib_end(struct zlib *zlib)
 | |
| {
 | |
|    /* Output the summary line now; this ensures a summary line always gets
 | |
|     * output regardless of the manner of exit.
 | |
|     */
 | |
|    if (!zlib->global->quiet)
 | |
|    {
 | |
|       if (zlib->ok_bits < 16) /* stream was read ok */
 | |
|       {
 | |
|          const char *reason;
 | |
| 
 | |
|          if (zlib->cksum)
 | |
|             reason = "CHK"; /* checksum error */
 | |
| 
 | |
|          else if (zlib->ok_bits > zlib->file_bits)
 | |
|             reason = "TFB"; /* fixing a too-far-back error */
 | |
| 
 | |
|          else if (zlib->ok_bits == zlib->file_bits)
 | |
|             reason = "OK ";
 | |
| 
 | |
|          else
 | |
|             reason = "OPT"; /* optimizing window bits */
 | |
| 
 | |
|          /* SUMMARY FORMAT (for a successful zlib inflate):
 | |
|           *
 | |
|           * IDAT reason flevel file-bits ok-bits compressed uncompressed file
 | |
|           */
 | |
|          type_name(zlib->chunk->chunk_type, stdout);
 | |
|          printf(" %s %s %d %d ", reason, zlib_flevel(zlib), zlib->file_bits,
 | |
|             zlib->ok_bits);
 | |
|          uarb_print(zlib->compressed_bytes, zlib->compressed_digits, stdout);
 | |
|          putc(' ', stdout);
 | |
|          uarb_print(zlib->uncompressed_bytes, zlib->uncompressed_digits,
 | |
|             stdout);
 | |
|          putc(' ', stdout);
 | |
|          fputs(zlib->file->file_name, stdout);
 | |
|          putc('\n', stdout);
 | |
|       }
 | |
| 
 | |
|       else
 | |
|       {
 | |
|          /* This is a zlib read error; the chunk will be skipped.  For an IDAT
 | |
|           * stream this will also cause a fatal read error (via stop()).
 | |
|           *
 | |
|           * SUMMARY FORMAT:
 | |
|           *
 | |
|           * IDAT SKP flevel file-bits z-rc compressed message file
 | |
|           *
 | |
|           * z-rc is the zlib failure code; message is the error message with
 | |
|           * spaces replaced by '-'.  The compressed byte count indicates where
 | |
|           * in the zlib stream the error occurred.
 | |
|           */
 | |
|          type_name(zlib->chunk->chunk_type, stdout);
 | |
|          printf(" SKP %s %d %s ", zlib_flevel(zlib), zlib->file_bits,
 | |
|             zlib_rc(zlib));
 | |
|          uarb_print(zlib->compressed_bytes, zlib->compressed_digits, stdout);
 | |
|          putc(' ', stdout);
 | |
|          emit_string(zlib->z.msg ? zlib->z.msg : "[no_message]", stdout);
 | |
|          putc(' ', stdout);
 | |
|          fputs(zlib->file->file_name, stdout);
 | |
|          putc('\n', stdout);
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    if (zlib->state >= 0)
 | |
|    {
 | |
|       zlib->rc = inflateEnd(&zlib->z);
 | |
| 
 | |
|       if (zlib->rc != Z_OK)
 | |
|          zlib_message(zlib, 1/*unexpected*/);
 | |
|    }
 | |
| 
 | |
|    CLEAR(*zlib);
 | |
| }
 | |
| 
 | |
| static int
 | |
| zlib_reset(struct zlib *zlib, int window_bits)
 | |
|    /* Reinitializes a zlib with a different window_bits */
 | |
| {
 | |
|    assert(zlib->state >= 0); /* initialized by zlib_init */
 | |
| 
 | |
|    zlib->z.next_in = Z_NULL;
 | |
|    zlib->z.avail_in = 0;
 | |
|    zlib->z.next_out = Z_NULL;
 | |
|    zlib->z.avail_out = 0;
 | |
| 
 | |
|    zlib->window_bits = window_bits;
 | |
|    zlib->compressed_digits = 0;
 | |
|    zlib->uncompressed_digits = 0;
 | |
| 
 | |
|    zlib->state = 0; /* initialized, once */
 | |
|    zlib->rc = inflateReset2(&zlib->z, 0);
 | |
|    if (zlib->rc != Z_OK)
 | |
|    {
 | |
|       zlib_message(zlib, 1/*unexpected*/);
 | |
|       return 0;
 | |
|    }
 | |
| 
 | |
|    return 1;
 | |
| }
 | |
| 
 | |
| static int
 | |
| zlib_init(struct zlib *zlib, struct IDAT *idat, struct chunk *chunk,
 | |
|    int window_bits, png_uint_32 offset)
 | |
|    /* Initialize a zlib_control; the result is true/false */
 | |
| {
 | |
|    CLEAR(*zlib);
 | |
| 
 | |
|    zlib->idat = idat;
 | |
|    zlib->chunk = chunk;
 | |
|    zlib->file = chunk->file;
 | |
|    zlib->global = chunk->global;
 | |
|    zlib->rewrite_offset = offset; /* never changed for this zlib */
 | |
| 
 | |
|    /* *_out does not need to be set: */
 | |
|    zlib->z.next_in = Z_NULL;
 | |
|    zlib->z.avail_in = 0;
 | |
|    zlib->z.zalloc = Z_NULL;
 | |
|    zlib->z.zfree = Z_NULL;
 | |
|    zlib->z.opaque = Z_NULL;
 | |
| 
 | |
|    zlib->state = -1;
 | |
|    zlib->window_bits = window_bits;
 | |
| 
 | |
|    zlib->compressed_digits = 0;
 | |
|    zlib->uncompressed_digits = 0;
 | |
| 
 | |
|    /* These values are sticky across reset (in addition to the stuff in the
 | |
|     * first block, which is actually constant.)
 | |
|     */
 | |
|    zlib->file_bits = 24;
 | |
|    zlib->ok_bits = 16; /* unset */
 | |
|    zlib->cksum = 0; /* set when a checksum error is detected */
 | |
| 
 | |
|    /* '0' means use the header; inflateInit2 should always succeed because it
 | |
|     * does nothing apart from allocating the internal zstate.
 | |
|     */
 | |
|    zlib->rc = inflateInit2(&zlib->z, 0);
 | |
|    if (zlib->rc != Z_OK)
 | |
|    {
 | |
|       zlib_message(zlib, 1/*unexpected*/);
 | |
|       return 0;
 | |
|    }
 | |
| 
 | |
|    else
 | |
|    {
 | |
|       zlib->state = 0; /* initialized */
 | |
|       return 1;
 | |
|    }
 | |
| }
 | |
| 
 | |
| static int
 | |
| max_window_bits(uarbc size, int ndigits)
 | |
|    /* Return the zlib stream window bits required for data of the given size. */
 | |
| {
 | |
|    png_uint_16 cb;
 | |
| 
 | |
|    if (ndigits > 1)
 | |
|       return 15;
 | |
| 
 | |
|    cb = size[0];
 | |
| 
 | |
|    if (cb > 16384) return 15;
 | |
|    if (cb >  8192) return 14;
 | |
|    if (cb >  4096) return 13;
 | |
|    if (cb >  2048) return 12;
 | |
|    if (cb >  1024) return 11;
 | |
|    if (cb >   512) return 10;
 | |
|    if (cb >   256) return  9;
 | |
|    return 8;
 | |
| }
 | |
| 
 | |
| static int
 | |
| zlib_advance(struct zlib *zlib, png_uint_32 nbytes)
 | |
|    /* Read nbytes compressed bytes; the stream will be initialized if required.
 | |
|     * Bytes are always being reread and errors are fatal.  The return code is as
 | |
|     * follows:
 | |
|     *
 | |
|     *    -1: saw the "too far back" error
 | |
|     *     0: ok, keep going
 | |
|     *     1: saw Z_STREAM_END (zlib->extra_bytes indicates too much data)
 | |
|     *     2: a zlib error that cannot be corrected (error message already
 | |
|     *        output if required.)
 | |
|     */
 | |
| #  define ZLIB_TOO_FAR_BACK (-1)
 | |
| #  define ZLIB_OK           0
 | |
| #  define ZLIB_STREAM_END   1
 | |
| #  define ZLIB_FATAL        2
 | |
| {
 | |
|    int state = zlib->state;
 | |
|    int endrc = ZLIB_OK;
 | |
|    png_uint_32 in_bytes = 0;
 | |
|    struct file *file = zlib->file;
 | |
| 
 | |
|    assert(state >= 0);
 | |
| 
 | |
|    while (in_bytes < nbytes && endrc == ZLIB_OK)
 | |
|    {
 | |
|       png_uint_32 out_bytes;
 | |
|       int flush;
 | |
|       png_byte bIn = reread_byte(file);
 | |
|       png_byte bOut;
 | |
| 
 | |
|       switch (state)
 | |
|       {
 | |
|          case 0: /* first header byte */
 | |
|             {
 | |
|                int file_bits = 8+(bIn >> 4);
 | |
|                int new_bits = zlib->window_bits;
 | |
| 
 | |
|                zlib->file_bits = file_bits;
 | |
| 
 | |
|                /* Check against the existing value - it may not need to be
 | |
|                 * changed.  Note that a bogus file_bits is allowed through once,
 | |
|                 * to see if it works, but the window_bits value is set to 15,
 | |
|                 * the maximum.
 | |
|                 */
 | |
|                if (new_bits == 0) /* no change */
 | |
|                   zlib->window_bits = ((file_bits > 15) ? 15 : file_bits);
 | |
| 
 | |
|                else if (new_bits != file_bits) /* rewrite required */
 | |
|                   bIn = (png_byte)((bIn & 0xf) + ((new_bits-8) << 4));
 | |
|             }
 | |
| 
 | |
|             zlib->header[0] = bIn;
 | |
|             zlib->state = state = 1;
 | |
|             break;
 | |
| 
 | |
|          case 1: /* second header byte */
 | |
|             {
 | |
|                int b2 = bIn & 0xe0; /* top 3 bits */
 | |
| 
 | |
|                /* The checksum calculation, on the first 11 bits: */
 | |
|                b2 += 0x1f - ((zlib->header[0] << 8) + b2) % 0x1f;
 | |
| 
 | |
|                /* Update the checksum byte if required: */
 | |
|                if (bIn != b2)
 | |
|                {
 | |
|                   /* If the first byte wasn't changed this indicates an error in
 | |
|                    * the checksum calculation; signal this by setting 'cksum'.
 | |
|                    */
 | |
|                   if (zlib->file_bits == zlib->window_bits)
 | |
|                      zlib->cksum = 1;
 | |
| 
 | |
|                   bIn = (png_byte)b2;
 | |
|                }
 | |
|             }
 | |
| 
 | |
|             zlib->header[1] = bIn;
 | |
|             zlib->state = state = 2;
 | |
|             break;
 | |
| 
 | |
|          default: /* After the header bytes */
 | |
|             break;
 | |
|       }
 | |
| 
 | |
|       /* For some streams, perhaps only those compressed with 'superfast
 | |
|        * compression' (which results in a lot of copying) Z_BUF_ERROR can happen
 | |
|        * immediately after all output has been flushed on the next input byte.
 | |
|        * This is handled below when Z_BUF_ERROR is detected by adding an output
 | |
|        * byte.
 | |
|        */
 | |
|       zlib->z.next_in = &bIn;
 | |
|       zlib->z.avail_in = 1;
 | |
|       zlib->z.next_out = &bOut;
 | |
|       zlib->z.avail_out = 0;     /* Initially */
 | |
| 
 | |
|       /* Initially use Z_NO_FLUSH in an attempt to persuade zlib to look at this
 | |
|        * byte without confusing what is going on with output.
 | |
|        */
 | |
|       flush = Z_NO_FLUSH;
 | |
|       out_bytes = 0;
 | |
| 
 | |
|       /* NOTE: expression 3 is only evaluted on 'continue', because of the
 | |
|        * 'break' at the end of this loop below.
 | |
|        */
 | |
|       for (;endrc == ZLIB_OK;
 | |
|          flush = Z_SYNC_FLUSH,
 | |
|          zlib->z.next_out = &bOut,
 | |
|          zlib->z.avail_out = 1,
 | |
|          ++out_bytes)
 | |
|       {
 | |
|          zlib->rc = inflate(&zlib->z, flush);
 | |
|          out_bytes -= zlib->z.avail_out;
 | |
| 
 | |
|          switch (zlib->rc)
 | |
|          {
 | |
|             case Z_BUF_ERROR:
 | |
|                if (zlib->z.avail_out == 0)
 | |
|                   continue; /* Try another output byte. */
 | |
| 
 | |
|                if (zlib->z.avail_in == 0)
 | |
|                   break; /* Try another input byte */
 | |
| 
 | |
|                /* Both avail_out and avail_in are 1 yet zlib returned a code
 | |
|                 * indicating no progress was possible.  This is unexpected.
 | |
|                 */
 | |
|                zlib_message(zlib, 1/*unexpected*/);
 | |
|                endrc = ZLIB_FATAL; /* stop processing */
 | |
|                break;
 | |
| 
 | |
|             case Z_OK:
 | |
|                /* Zlib is supposed to have made progress: */
 | |
|                assert(zlib->z.avail_out == 0 || zlib->z.avail_in == 0);
 | |
|                continue;
 | |
| 
 | |
|             case Z_STREAM_END:
 | |
|                /* This is the successful end. */
 | |
|                zlib->state = 3; /* end of stream */
 | |
|                endrc = ZLIB_STREAM_END;
 | |
|                break;
 | |
| 
 | |
|             case Z_NEED_DICT:
 | |
|                zlib_message(zlib, 0/*stream error*/);
 | |
|                endrc = ZLIB_FATAL;
 | |
|                break;
 | |
| 
 | |
|             case Z_DATA_ERROR:
 | |
|                /* The too far back error can be corrected, others cannot: */
 | |
|                if (zlib->z.msg != NULL &&
 | |
|                   strcmp(zlib->z.msg, "invalid distance too far back") == 0)
 | |
|                {
 | |
|                   endrc = ZLIB_TOO_FAR_BACK;
 | |
|                   break;
 | |
|                }
 | |
|                /* FALLTHROUGH */
 | |
| 
 | |
|             default:
 | |
|                zlib_message(zlib, 0/*stream error*/);
 | |
|                endrc = ZLIB_FATAL;
 | |
|                break;
 | |
|          } /* switch (inflate rc) */
 | |
| 
 | |
|          /* Control gets here when further output is not possible; endrc may
 | |
|           * still be ZLIB_OK if more input is required.
 | |
|           */
 | |
|          break;
 | |
|       } /* for (output bytes) */
 | |
| 
 | |
|       /* Keep a running count of output byte produced: */
 | |
|       zlib->uncompressed_digits = uarb_add32(zlib->uncompressed_bytes,
 | |
|          zlib->uncompressed_digits, out_bytes);
 | |
| 
 | |
|       /* Keep going, the loop will terminate when endrc is no longer set to
 | |
|        * ZLIB_OK or all the input bytes have been consumed; meanwhile keep
 | |
|        * adding input bytes.
 | |
|        */
 | |
|       assert(zlib->z.avail_in == 0 || endrc != ZLIB_OK);
 | |
| 
 | |
|       in_bytes += 1 - zlib->z.avail_in;
 | |
|    } /* while (input bytes) */
 | |
| 
 | |
|    assert(in_bytes == nbytes || endrc != ZLIB_OK);
 | |
| 
 | |
|    /* Update the running total of input bytes consumed */
 | |
|    zlib->compressed_digits = uarb_add32(zlib->compressed_bytes,
 | |
|       zlib->compressed_digits, in_bytes - zlib->z.avail_in);
 | |
| 
 | |
|    /* At the end of the stream update the chunk with the accumulated
 | |
|     * information if it is an improvement:
 | |
|     */
 | |
|    if (endrc == ZLIB_STREAM_END && zlib->window_bits < zlib->ok_bits)
 | |
|    {
 | |
|       struct chunk *chunk = zlib->chunk;
 | |
| 
 | |
|       chunk->uncompressed_digits = uarb_copy(chunk->uncompressed_bytes,
 | |
|          zlib->uncompressed_bytes, zlib->uncompressed_digits);
 | |
|       chunk->compressed_digits = uarb_copy(chunk->compressed_bytes,
 | |
|          zlib->compressed_bytes, zlib->compressed_digits);
 | |
|       chunk->rewrite_buffer[0] = zlib->header[0];
 | |
|       chunk->rewrite_buffer[1] = zlib->header[1];
 | |
| 
 | |
|       if (zlib->window_bits != zlib->file_bits || zlib->cksum)
 | |
|       {
 | |
|          /* A rewrite is required */
 | |
|          chunk->rewrite_offset = zlib->rewrite_offset;
 | |
|          chunk->rewrite_length = 2;
 | |
|       }
 | |
| 
 | |
|       else
 | |
|       {
 | |
|          chunk->rewrite_offset = 0;
 | |
|          chunk->rewrite_length = 0;
 | |
|       }
 | |
| 
 | |
|       if (in_bytes < nbytes)
 | |
|          chunk_message(chunk, "extra compressed data");
 | |
| 
 | |
|       zlib->extra_bytes = nbytes - in_bytes;
 | |
|       zlib->ok_bits = zlib->window_bits;
 | |
|    }
 | |
| 
 | |
|    return endrc;
 | |
| }
 | |
| 
 | |
| static int
 | |
| zlib_run(struct zlib *zlib)
 | |
|    /* Like zlib_advance but also handles a stream of IDAT chunks. */
 | |
| {
 | |
|    /* The 'extra_bytes' field is set by zlib_advance if there is extra
 | |
|     * compressed data in the chunk it handles (if it sees Z_STREAM_END before
 | |
|     * all the input data has been used.)  This function uses the value to update
 | |
|     * the correct chunk length, so the problem should only ever be detected once
 | |
|     * for each chunk.  zlib_advance outputs the error message, though see the
 | |
|     * IDAT specific check below.
 | |
|     */
 | |
|    zlib->extra_bytes = 0;
 | |
| 
 | |
|    if (zlib->idat != NULL)
 | |
|    {
 | |
|       struct IDAT_list *list = zlib->idat->idat_list_head;
 | |
|       struct IDAT_list *last = zlib->idat->idat_list_tail;
 | |
|       int        skip = 0;
 | |
| 
 | |
|       /* 'rewrite_offset' is the offset of the LZ data within the chunk, for
 | |
|        * IDAT it should be 0:
 | |
|        */
 | |
|       assert(zlib->rewrite_offset == 0);
 | |
| 
 | |
|       /* Process each IDAT_list in turn; the caller has left the stream
 | |
|        * positioned at the start of the first IDAT chunk data.
 | |
|        */
 | |
|       for (;;)
 | |
|       {
 | |
|          const unsigned int count = list->count;
 | |
|          unsigned int i;
 | |
| 
 | |
|          for (i = 0; i<count; ++i)
 | |
|          {
 | |
|             int rc;
 | |
| 
 | |
|             if (skip > 0) /* Skip CRC and next IDAT header */
 | |
|                skip_12(zlib->file);
 | |
| 
 | |
|             skip = 12; /* for the next time */
 | |
| 
 | |
|             rc = zlib_advance(zlib, list->lengths[i]);
 | |
| 
 | |
|             switch (rc)
 | |
|             {
 | |
|                case ZLIB_OK: /* keep going */
 | |
|                   break;
 | |
| 
 | |
|                case ZLIB_STREAM_END: /* stop */
 | |
|                   /* There may be extra chunks; if there are and one of them is
 | |
|                    * not zero length output the 'extra data' message.  Only do
 | |
|                    * this check if errors are being output.
 | |
|                    */
 | |
|                   if (zlib->global->errors && zlib->extra_bytes == 0)
 | |
|                   {
 | |
|                      struct IDAT_list *check = list;
 | |
|                      int j = i+1, jcount = count;
 | |
| 
 | |
|                      for (;;)
 | |
|                      {
 | |
|                         for (; j<jcount; ++j)
 | |
|                            if (check->lengths[j] > 0)
 | |
|                            {
 | |
|                               chunk_message(zlib->chunk,
 | |
|                                  "extra compressed data");
 | |
|                               goto end_check;
 | |
|                            }
 | |
| 
 | |
|                         if (check == last)
 | |
|                            break;
 | |
| 
 | |
|                         check = check->next;
 | |
|                         jcount = check->count;
 | |
|                         j = 0;
 | |
|                      }
 | |
|                   }
 | |
| 
 | |
|                end_check:
 | |
|                   /* Terminate the list at the current position, reducing the
 | |
|                    * length of the last IDAT too if required.
 | |
|                    */
 | |
|                   list->lengths[i] -= zlib->extra_bytes;
 | |
|                   list->count = i+1;
 | |
|                   zlib->idat->idat_list_tail = list;
 | |
|                   /* FALLTHROUGH */
 | |
| 
 | |
|                default:
 | |
|                   return rc;
 | |
|             }
 | |
|          }
 | |
| 
 | |
|          /* At the end of the compressed data and Z_STREAM_END was not seen. */
 | |
|          if (list == last)
 | |
|             return ZLIB_OK;
 | |
| 
 | |
|          list = list->next;
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    else
 | |
|    {
 | |
|       struct chunk *chunk = zlib->chunk;
 | |
|       int rc;
 | |
| 
 | |
|       assert(zlib->rewrite_offset < chunk->chunk_length);
 | |
| 
 | |
|       rc = zlib_advance(zlib, chunk->chunk_length - zlib->rewrite_offset);
 | |
| 
 | |
|       /* The extra bytes in the chunk are handled now by adjusting the chunk
 | |
|        * length to exclude them; the zlib data is always stored at the end of
 | |
|        * the PNG chunk (although clearly this is not necessary.)  zlib_advance
 | |
|        * has already output a warning message.
 | |
|        */
 | |
|       chunk->chunk_length -= zlib->extra_bytes;
 | |
|       return rc;
 | |
|    }
 | |
| }
 | |
| 
 | |
| static int /* global function; not a member function */
 | |
| zlib_check(struct file *file, png_uint_32 offset)
 | |
|    /* Check the stream of zlib compressed data in either idat (if given) or (if
 | |
|     * not) chunk.  In fact it is zlib_run that handles the difference in reading
 | |
|     * a single chunk and a list of IDAT chunks.
 | |
|     *
 | |
|     * In either case the input file must be positioned at the first byte of zlib
 | |
|     * compressed data (the first header byte).
 | |
|     *
 | |
|     * The return value is true on success, including the case where the zlib
 | |
|     * header may need to be rewritten, and false on an unrecoverable error.
 | |
|     *
 | |
|     * In the case of IDAT chunks 'offset' should be 0.
 | |
|     */
 | |
| {
 | |
|    fpos_t start_pos;
 | |
|    struct zlib zlib;
 | |
| 
 | |
|    /* Record the start of the LZ data to allow a re-read. */
 | |
|    file_getpos(file, &start_pos);
 | |
| 
 | |
|    /* First test the existing (file) window bits: */
 | |
|    if (zlib_init(&zlib, file->idat, file->chunk, 0/*window bits*/, offset))
 | |
|    {
 | |
|       int min_bits, max_bits, rc;
 | |
| 
 | |
|       /* The first run using the existing window bits. */
 | |
|       rc = zlib_run(&zlib);
 | |
| 
 | |
|       switch (rc)
 | |
|       {
 | |
|          case ZLIB_TOO_FAR_BACK:
 | |
|             /* too far back error */
 | |
|             file->status_code |= TOO_FAR_BACK;
 | |
|             min_bits = zlib.window_bits + 1;
 | |
|             max_bits = 15;
 | |
|             break;
 | |
| 
 | |
|          case ZLIB_STREAM_END:
 | |
|             if (!zlib.global->optimize_zlib &&
 | |
|                zlib.window_bits == zlib.file_bits && !zlib.cksum)
 | |
|             {
 | |
|                /* The trivial case where the stream is ok and optimization was
 | |
|                 * not requested.
 | |
|                 */
 | |
|                zlib_end(&zlib);
 | |
|                return 1;
 | |
|             }
 | |
| 
 | |
|             max_bits = max_window_bits(zlib.uncompressed_bytes,
 | |
|                zlib.uncompressed_digits);
 | |
|             if (zlib.ok_bits < max_bits)
 | |
|                max_bits = zlib.ok_bits;
 | |
|             min_bits = 8;
 | |
| 
 | |
|             /* cksum is set if there is an error in the zlib header checksum
 | |
|              * calculation in the original file (and this may be the only reason
 | |
|              * a rewrite is required).  We can't rely on the file window bits in
 | |
|              * this case, so do the optimization anyway.
 | |
|              */
 | |
|             if (zlib.cksum)
 | |
|                chunk_message(zlib.chunk, "zlib checksum");
 | |
|             break;
 | |
| 
 | |
| 
 | |
|          case ZLIB_OK:
 | |
|             /* Truncated stream; unrecoverable, gets converted to ZLIB_FATAL */
 | |
|             zlib.z.msg = PNGZ_MSG_CAST("[truncated]");
 | |
|             zlib_message(&zlib, 0/*expected*/);
 | |
|             /* FALLTHROUGH */
 | |
| 
 | |
|          default:
 | |
|             /* Unrecoverable error; skip the chunk; a zlib_message has already
 | |
|              * been output.
 | |
|              */
 | |
|             zlib_end(&zlib);
 | |
|             return 0;
 | |
|       }
 | |
| 
 | |
|       /* Optimize window bits or fix a too-far-back error.  min_bits and
 | |
|        * max_bits have been set appropriately, ok_bits records the bit value
 | |
|        * known to work.
 | |
|        */
 | |
|       while (min_bits < max_bits || max_bits < zlib.ok_bits/*if 16*/)
 | |
|       {
 | |
|          int test_bits = (min_bits + max_bits) >> 1;
 | |
| 
 | |
|          if (zlib_reset(&zlib, test_bits))
 | |
|          {
 | |
|             file_setpos(file, &start_pos);
 | |
|             rc = zlib_run(&zlib);
 | |
| 
 | |
|             switch (rc)
 | |
|             {
 | |
|                case ZLIB_TOO_FAR_BACK:
 | |
|                   min_bits = test_bits+1;
 | |
|                   if (min_bits > max_bits)
 | |
|                   {
 | |
|                      /* This happens when the stream really is damaged and it
 | |
|                       * contains a distance code that addresses bytes before
 | |
|                       * the start of the uncompressed data.
 | |
|                       */
 | |
|                      assert(test_bits == 15);
 | |
| 
 | |
|                      /* Output the error that wasn't output before: */
 | |
|                      if (zlib.z.msg == NULL)
 | |
|                         zlib.z.msg = PNGZ_MSG_CAST(
 | |
|                            "invalid distance too far back");
 | |
|                      zlib_message(&zlib, 0/*stream error*/);
 | |
|                      zlib_end(&zlib);
 | |
|                      return 0;
 | |
|                   }
 | |
|                   break;
 | |
| 
 | |
|                case ZLIB_STREAM_END: /* success */
 | |
|                   max_bits = test_bits;
 | |
|                   break;
 | |
| 
 | |
|                default:
 | |
|                   /* A fatal error; this happens if a too-far-back error was
 | |
|                    * hiding a more serious error, zlib_advance has already
 | |
|                    * output a zlib_message.
 | |
|                    */
 | |
|                   zlib_end(&zlib);
 | |
|                   return 0;
 | |
|             }
 | |
|          }
 | |
| 
 | |
|          else /* inflateReset2 failed */
 | |
|          {
 | |
|             zlib_end(&zlib);
 | |
|             return 0;
 | |
|          }
 | |
|       }
 | |
| 
 | |
|       /* The loop guarantees this */
 | |
|       assert(zlib.ok_bits == max_bits);
 | |
|       zlib_end(&zlib);
 | |
|       return 1;
 | |
|    }
 | |
| 
 | |
|    else /* zlib initialization failed - skip the chunk */
 | |
|    {
 | |
|       zlib_end(&zlib);
 | |
|       return 0;
 | |
|    }
 | |
| }
 | |
| 
 | |
| /***************************** LIBPNG CALLBACKS *******************************/
 | |
| /* The strategy here is to run a regular libpng PNG file read but examine the
 | |
|  * input data (from the file) before passing it to libpng so as to be aware of
 | |
|  * the state we expect libpng to be in.  Warning and error callbacks are also
 | |
|  * intercepted so that they can be quieted and interpreted.  Interpretation
 | |
|  * depends on a somewhat risky string match for known error messages; let us
 | |
|  * hope that this can be fixed in the next version of libpng.
 | |
|  *
 | |
|  * The control structure is pointed to by the libpng error pointer.  It contains
 | |
|  * that set of structures which must persist across multiple read callbacks,
 | |
|  * which is pretty much everything except the 'zlib' control structure.
 | |
|  *
 | |
|  * The file structure is instantiated in the caller of the per-file routine, but
 | |
|  * the per-file routine contains the chunk and IDAT control structures.
 | |
|  */
 | |
| /* The three routines read_chunk, process_chunk and sync_stream can only be
 | |
|  * called via a call to read_chunk and only exit at a return from process_chunk.
 | |
|  * These routines could have been written as one confusing large routine,
 | |
|  * instead this code relies on the compiler to do tail call elimination.  The
 | |
|  * possible calls are as follows:
 | |
|  *
 | |
|  * read_chunk
 | |
|  *    -> sync_stream
 | |
|  *       -> process_chunk
 | |
|  *    -> process_chunk
 | |
|  *       -> read_chunk
 | |
|  *       returns
 | |
|  */
 | |
| static void read_chunk(struct file *file);
 | |
| static void
 | |
| process_chunk(struct file *file, png_uint_32 file_crc, png_uint_32 next_length,
 | |
|    png_uint_32 next_type)
 | |
|    /* Called when the chunk data has been read, next_length and next_type
 | |
|     * will be set for the next chunk (or 0 if this is IEND).
 | |
|     *
 | |
|     * When this routine returns, chunk_length and chunk_type will be set for the
 | |
|     * next chunk to write because if a chunk is skipped this return calls back
 | |
|     * to read_chunk.
 | |
|     */
 | |
| {
 | |
|    const png_uint_32 type = file->type;
 | |
| 
 | |
|    if (file->global->verbose > 1)
 | |
|    {
 | |
|       fputs("  ", stderr);
 | |
|       type_name(file->type, stderr);
 | |
|       fprintf(stderr, " %lu 0x%.8x 0x%.8x\n", (unsigned long)file->length,
 | |
|          file->crc ^ 0xffffffff, file_crc);
 | |
|    }
 | |
| 
 | |
|    /* The basic structure seems correct but the CRC may not match, in this
 | |
|     * case assume that it is simply a bad CRC, either wrongly calculated or
 | |
|     * because of damaged stream data.
 | |
|     */
 | |
|    if ((file->crc ^ 0xffffffff) != file_crc)
 | |
|    {
 | |
|       /* The behavior is set by the 'skip' setting; if it is anything other
 | |
|        * than SKIP_BAD_CRC ignore the bad CRC and return the chunk, with a
 | |
|        * corrected CRC and possibly processed, to libpng.  Otherwise skip the
 | |
|        * chunk, which will result in a fatal error if the chunk is critical.
 | |
|        */
 | |
|       file->status_code |= CRC_ERROR;
 | |
| 
 | |
|       /* Ignore the bad CRC  */
 | |
|       if (file->global->skip != SKIP_BAD_CRC)
 | |
|          type_message(file, type, "bad CRC");
 | |
| 
 | |
|       /* This will cause an IEND with a bad CRC to stop */
 | |
|       else if (CRITICAL(type))
 | |
|          stop(file, READ_ERROR_CODE, "bad CRC in critical chunk");
 | |
| 
 | |
|       else
 | |
|       {
 | |
|          type_message(file, type, "skipped: bad CRC");
 | |
| 
 | |
|          /* NOTE: this cannot be reached for IEND because it is critical. */
 | |
|          goto skip_chunk;
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    /* Check for other 'skip' cases and handle these; these only apply to
 | |
|     * ancillary chunks (and not tRNS, which should probably have been a critical
 | |
|     * chunk.)
 | |
|     */
 | |
|    if (skip_chunk_type(file->global, type))
 | |
|       goto skip_chunk;
 | |
| 
 | |
|    /* The chunk may still be skipped if problems are detected in the LZ data,
 | |
|     * however the LZ data check requires a chunk.  Handle this by instantiating
 | |
|     * a chunk unless an IDAT is already instantiated (IDAT control structures
 | |
|     * instantiate their own chunk.)
 | |
|     */
 | |
|    if (type != png_IDAT)
 | |
|       file->alloc(file, 0/*chunk*/);
 | |
| 
 | |
|    else if (file->idat == NULL)
 | |
|       file->alloc(file, 1/*IDAT*/);
 | |
| 
 | |
|    else
 | |
|    {
 | |
|       /* The chunk length must be updated for process_IDAT */
 | |
|       assert(file->chunk != NULL);
 | |
|       assert(file->chunk->chunk_type == png_IDAT);
 | |
|       file->chunk->chunk_length = file->length;
 | |
|    }
 | |
| 
 | |
|    /* Record the 'next' information too, now that the original values for
 | |
|     * this chunk have been copied.  Notice that the IDAT chunks only make a
 | |
|     * copy of the position of the first chunk, this is fine - process_IDAT does
 | |
|     * not need the position of this chunk.
 | |
|     */
 | |
|    file->length = next_length;
 | |
|    file->type = next_type;
 | |
|    getpos(file);
 | |
| 
 | |
|    /* Do per-type processing, note that if this code does not return from the
 | |
|     * function the chunk will be skipped.  The rewrite is cancelled here so that
 | |
|     * it can be set in the per-chunk processing.
 | |
|     */
 | |
|    file->chunk->rewrite_length = 0;
 | |
|    file->chunk->rewrite_offset = 0;
 | |
|    switch (type)
 | |
|    {
 | |
|       default:
 | |
|          return;
 | |
| 
 | |
|       case png_IHDR:
 | |
|          /* Read this now and update the control structure with the information
 | |
|           * it contains.  The header is validated completely to ensure this is a
 | |
|           * PNG.
 | |
|           */
 | |
|          {
 | |
|             struct chunk *chunk = file->chunk;
 | |
| 
 | |
|             if (chunk->chunk_length != 13)
 | |
|                stop_invalid(file, "IHDR length");
 | |
| 
 | |
|             /* Read all the IHDR information and validate it. */
 | |
|             setpos(chunk);
 | |
|             file->width = reread_4(file);
 | |
|             file->height = reread_4(file);
 | |
|             file->bit_depth = reread_byte(file);
 | |
|             file->color_type = reread_byte(file);
 | |
|             file->compression_method = reread_byte(file);
 | |
|             file->filter_method = reread_byte(file);
 | |
|             file->interlace_method = reread_byte(file);
 | |
| 
 | |
|             /* This validates all the fields, and calls stop_invalid if
 | |
|              * there is a problem.
 | |
|              */
 | |
|             calc_image_size(file);
 | |
|          }
 | |
|          return;
 | |
| 
 | |
|          /* Ancillary chunks that require further processing: */
 | |
|       case png_zTXt: case png_iCCP:
 | |
|          if (process_zTXt_iCCP(file))
 | |
|             return;
 | |
|          chunk_end(&file->chunk);
 | |
|          file_setpos(file, &file->data_pos);
 | |
|          break;
 | |
| 
 | |
|       case png_iTXt:
 | |
|          if (process_iTXt(file))
 | |
|             return;
 | |
|          chunk_end(&file->chunk);
 | |
|          file_setpos(file, &file->data_pos);
 | |
|          break;
 | |
| 
 | |
|       case png_IDAT:
 | |
|          if (process_IDAT(file))
 | |
|             return;
 | |
|          /* First pass: */
 | |
|          assert(next_type == png_IDAT);
 | |
|          break;
 | |
|    }
 | |
| 
 | |
|    /* Control reaches this point if the chunk must be skipped.  For chunks other
 | |
|     * than IDAT this means that the zlib compressed data is fatally damanged and
 | |
|     * the chunk will not be passed to libpng.  For IDAT it means that the end of
 | |
|     * the IDAT stream has not yet been reached and we must handle the next
 | |
|     * (IDAT) chunk.  If the LZ data in an IDAT stream cannot be read 'stop' must
 | |
|     * be used to halt parsing of the PNG.
 | |
|     */
 | |
|    read_chunk(file);
 | |
|    return;
 | |
| 
 | |
|    /* This is the generic code to skip the current chunk; simply jump to the
 | |
|     * next one.
 | |
|     */
 | |
| skip_chunk:
 | |
|    file->length = next_length;
 | |
|    file->type = next_type;
 | |
|    getpos(file);
 | |
|    read_chunk(file);
 | |
| }
 | |
| 
 | |
| static png_uint_32
 | |
| get32(png_bytep buffer, int offset)
 | |
|    /* Read a 32-bit value from an 8-byte circular buffer (used only below).
 | |
|     */
 | |
| {
 | |
|    return
 | |
|       (buffer[ offset    & 7] << 24) +
 | |
|       (buffer[(offset+1) & 7] << 16) +
 | |
|       (buffer[(offset+2) & 7] <<  8) +
 | |
|       (buffer[(offset+3) & 7]      );
 | |
| }
 | |
| 
 | |
| static void
 | |
| sync_stream(struct file *file)
 | |
|    /* The stream seems to be messed up, attempt to resync from the current chunk
 | |
|     * header.  Executes stop on a fatal error, otherwise calls process_chunk.
 | |
|     */
 | |
| {
 | |
|    png_uint_32 file_crc;
 | |
| 
 | |
|    file->status_code |= STREAM_ERROR;
 | |
| 
 | |
|    if (file->global->verbose)
 | |
|    {
 | |
|       fputs(" SYNC ", stderr);
 | |
|       type_name(file->type, stderr);
 | |
|       putc('\n', stderr);
 | |
|    }
 | |
| 
 | |
|    /* Return to the start of the chunk data */
 | |
|    file_setpos(file, &file->data_pos);
 | |
|    file->read_count = 8;
 | |
| 
 | |
|    if (read_4(file, &file_crc) == 4) /* else completely truncated */
 | |
|    {
 | |
|       /* Ignore the recorded chunk length, proceed through the data looking for
 | |
|        * a leading sequence of bytes that match the CRC in the following four
 | |
|        * bytes.  Each time a match is found check the next 8 bytes for a valid
 | |
|        * length, chunk-type pair.
 | |
|        */
 | |
|       png_uint_32 length;
 | |
|       png_uint_32 type = file->type;
 | |
|       png_uint_32 crc = crc_init_4(type);
 | |
|       png_byte buffer[8];
 | |
|       unsigned int nread = 0, nused = 0;
 | |
| 
 | |
|       for (length=0; length <= 0x7fffffff; ++length)
 | |
|       {
 | |
|          int ch;
 | |
| 
 | |
|          if ((crc ^ 0xffffffff) == file_crc)
 | |
|          {
 | |
|             /* A match on the CRC; for IEND this is sufficient, but for anything
 | |
|              * else expect a following chunk header.
 | |
|              */
 | |
|             if (type == png_IEND)
 | |
|             {
 | |
|                file->length = length;
 | |
|                process_chunk(file, file_crc, 0, 0);
 | |
|                return;
 | |
|             }
 | |
| 
 | |
|             else
 | |
|             {
 | |
|                /* Need 8 bytes */
 | |
|                while (nread < 8+nused)
 | |
|                {
 | |
|                   ch = read_byte(file);
 | |
|                   if (ch == EOF)
 | |
|                      goto truncated;
 | |
|                   buffer[(nread++) & 7] = (png_byte)ch;
 | |
|                }
 | |
| 
 | |
|                /* Prevent overflow */
 | |
|                nread -= nused & ~7;
 | |
|                nused -= nused & ~7; /* or, nused &= 7 ;-) */
 | |
| 
 | |
|                /* Examine the 8 bytes for a valid chunk header. */
 | |
|                {
 | |
|                   png_uint_32 next_length = get32(buffer, nused);
 | |
| 
 | |
|                   if (next_length < 0x7fffffff)
 | |
|                   {
 | |
|                      png_uint_32 next_type = get32(buffer, nused+4);
 | |
| 
 | |
|                      if (chunk_type_valid(next_type))
 | |
|                      {
 | |
|                         file->read_count -= 8;
 | |
|                         process_chunk(file, file_crc, next_length, next_type);
 | |
|                         return;
 | |
|                      }
 | |
|                   }
 | |
| 
 | |
|                   /* Not valid, keep going. */
 | |
|                }
 | |
|             }
 | |
|          }
 | |
| 
 | |
|          /* This catches up with the circular buffer which gets filled above
 | |
|           * while checking a chunk header.  This code is slightly tricky - if
 | |
|           * the chunk_type is IEND the buffer will never be used, if it is not
 | |
|           * the code will always read ahead exactly 8 bytes and pass this on to
 | |
|           * process_chunk.  So the invariant that IEND leaves the file position
 | |
|           * after the IEND CRC and other chunk leave it after the *next* chunk
 | |
|           * header is not broken.
 | |
|           */
 | |
|          if (nread <= nused)
 | |
|          {
 | |
|             ch = read_byte(file);
 | |
| 
 | |
|             if (ch == EOF)
 | |
|                goto truncated;
 | |
|          }
 | |
| 
 | |
|          else
 | |
|             ch = buffer[(++nused) & 7];
 | |
| 
 | |
|          crc = crc_one_byte(crc, file_crc >> 24);
 | |
|          file_crc = (file_crc << 8) + ch;
 | |
|       }
 | |
| 
 | |
|       /* Control gets to here if when 0x7fffffff bytes (plus 8) have been read,
 | |
|        * ok, treat this as a damaged stream too:
 | |
|        */
 | |
|    }
 | |
| 
 | |
| truncated:
 | |
|    stop(file, READ_ERROR_CODE, "damaged PNG stream");
 | |
| }
 | |
| 
 | |
| static void
 | |
| read_chunk(struct file *file)
 | |
|    /* On entry file::data_pos must be set to the position of the first byte
 | |
|     * of the chunk data *and* the input file must be at this position.  This
 | |
|     * routine (via process_chunk) instantiates a chunk or IDAT control structure
 | |
|     * based on file::length and file::type and also resets these fields and
 | |
|     * file::data_pos for the chunk after this one.  For an IDAT chunk the whole
 | |
|     * stream of IDATs will be read, until something other than an IDAT is
 | |
|     * encountered, and the file fields will be set for the chunk after the end
 | |
|     * of the stream of IDATs.
 | |
|     *
 | |
|     * For IEND the file::type field will be set to 0, and nothing beyond the end
 | |
|     * of the IEND chunk will have been read.
 | |
|     */
 | |
| {
 | |
|    png_uint_32 length = file->length;
 | |
|    png_uint_32 type = file->type;
 | |
| 
 | |
|    /* After IEND file::type is set to 0, if libpng attempts to read
 | |
|     * more data at this point this is a bug in libpng.
 | |
|     */
 | |
|    if (type == 0)
 | |
|       stop(file, UNEXPECTED_ERROR_CODE, "read beyond IEND");
 | |
| 
 | |
|    if (file->global->verbose > 2)
 | |
|    {
 | |
|       fputs("   ", stderr);
 | |
|       type_name(type, stderr);
 | |
|       fprintf(stderr, " %lu\n", (unsigned long)length);
 | |
|    }
 | |
| 
 | |
|    /* Start the read_crc calculation with the chunk type, then read to the end
 | |
|     * of the chunk data (without processing it in any way) to check that it is
 | |
|     * all there and calculate the CRC.
 | |
|     */
 | |
|    file->crc = crc_init_4(type);
 | |
|    if (crc_read_many(file, length)) /* else it was truncated */
 | |
|    {
 | |
|       png_uint_32 file_crc; /* CRC read from file */
 | |
|       unsigned int nread = read_4(file, &file_crc);
 | |
| 
 | |
|       if (nread == 4)
 | |
|       {
 | |
|          if (type != png_IEND) /* do not read beyond IEND */
 | |
|          {
 | |
|             png_uint_32 next_length;
 | |
| 
 | |
|             nread += read_4(file, &next_length);
 | |
|             if (nread == 8 && next_length <= 0x7fffffff)
 | |
|             {
 | |
|                png_uint_32 next_type;
 | |
| 
 | |
|                nread += read_4(file, &next_type);
 | |
| 
 | |
|                if (nread == 12 && chunk_type_valid(next_type))
 | |
|                {
 | |
|                   /* Adjust the read count back to the correct value for this
 | |
|                    * chunk.
 | |
|                    */
 | |
|                   file->read_count -= 8;
 | |
|                   process_chunk(file, file_crc, next_length, next_type);
 | |
|                   return;
 | |
|                }
 | |
|             }
 | |
|          }
 | |
| 
 | |
|          else /* IEND */
 | |
|          {
 | |
|             process_chunk(file, file_crc, 0, 0);
 | |
|             return;
 | |
|          }
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    /* Control gets to here if the the stream seems invalid or damaged in some
 | |
|     * way.  Either there was a problem reading all the expected data (this
 | |
|     * chunk's data, its CRC and the length and type of the next chunk) or the
 | |
|     * next chunk length/type are invalid.  Notice that the cases that end up
 | |
|     * here all correspond to cases that would otherwise terminate the read of
 | |
|     * the PNG file.
 | |
|     */
 | |
|    sync_stream(file);
 | |
| }
 | |
| 
 | |
| /* This returns a file* from a png_struct in an implementation specific way. */
 | |
| static struct file *get_control(png_const_structrp png_ptr);
 | |
| 
 | |
| static void PNGCBAPI
 | |
| error_handler(png_structp png_ptr, png_const_charp message)
 | |
| {
 | |
|    stop(get_control(png_ptr),  LIBPNG_ERROR_CODE, message);
 | |
| }
 | |
| 
 | |
| static void PNGCBAPI
 | |
| warning_handler(png_structp png_ptr, png_const_charp message)
 | |
| {
 | |
|    struct file *file = get_control(png_ptr);
 | |
| 
 | |
|    if (file->global->warnings)
 | |
|       emit_error(file, LIBPNG_WARNING_CODE, message);
 | |
| }
 | |
| 
 | |
| /* Read callback - this is where the work gets done to check the stream before
 | |
|  * passing it to libpng
 | |
|  */
 | |
| static void PNGCBAPI
 | |
| read_callback(png_structp png_ptr, png_bytep buffer, size_t count)
 | |
|    /* Return 'count' bytes to libpng in 'buffer' */
 | |
| {
 | |
|    struct file *file = get_control(png_ptr);
 | |
|    png_uint_32 type, length; /* For the chunk be *WRITTEN* */
 | |
|    struct chunk *chunk;
 | |
| 
 | |
|    /* libpng should always ask for at least one byte */
 | |
|    if (count == 0)
 | |
|       stop(file, UNEXPECTED_ERROR_CODE, "read callback for 0 bytes");
 | |
| 
 | |
|    /* The callback always reads ahead by 8 bytes - the signature or chunk header
 | |
|     * - these bytes are stored in chunk_length and chunk_type.  This block is
 | |
|     * executed once for the signature and once for the first chunk right at the
 | |
|     * start.
 | |
|     */
 | |
|    if (file->read_count < 8)
 | |
|    {
 | |
|       assert(file->read_count == 0);
 | |
|       assert((file->status_code & TRUNCATED) == 0);
 | |
| 
 | |
|       (void)read_4(file, &file->length);
 | |
| 
 | |
|       if (file->read_count == 4)
 | |
|          (void)read_4(file, &file->type);
 | |
| 
 | |
|       if (file->read_count < 8)
 | |
|       {
 | |
|          assert((file->status_code & TRUNCATED) != 0);
 | |
|          stop(file, READ_ERROR_CODE, "not a PNG (too short)");
 | |
|       }
 | |
| 
 | |
|       if (file->state == STATE_SIGNATURE)
 | |
|       {
 | |
|          if (file->length != sig1 || file->type != sig2)
 | |
|             stop(file, LIBPNG_ERROR_CODE, "not a PNG (signature)");
 | |
| 
 | |
|          /* Else write it (this is the initialization of write_count, prior to
 | |
|           * this it contains CLEAR garbage.)
 | |
|           */
 | |
|          file->write_count = 0;
 | |
|       }
 | |
| 
 | |
|       else
 | |
|       {
 | |
|          assert(file->state == STATE_CHUNKS);
 | |
| 
 | |
|          /* The first chunk must be a well formed IHDR (this could be relaxed to
 | |
|           * use the checks in process_chunk, but that seems unnecessary.)
 | |
|           */
 | |
|          if (file->length != 13 || file->type != png_IHDR)
 | |
|             stop(file, LIBPNG_ERROR_CODE, "not a PNG (IHDR)");
 | |
| 
 | |
|          /* The position of the data must be stored too */
 | |
|          getpos(file);
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    /* Retrieve previous state (because the read callbacks are made pretty much
 | |
|     * byte-by-byte in the sequential reader prior to 1.7).
 | |
|     */
 | |
|    chunk = file->chunk;
 | |
| 
 | |
|    if (chunk != NULL)
 | |
|    {
 | |
|       length = chunk->chunk_length;
 | |
|       type = chunk->chunk_type;
 | |
|    }
 | |
| 
 | |
|    else
 | |
|    {
 | |
|       /* This is the signature case; for IDAT and other chunks these values will
 | |
|        * be overwritten when read_chunk is called below.
 | |
|        */
 | |
|       length = file->length;
 | |
|       type = file->type;
 | |
|    }
 | |
| 
 | |
|    do
 | |
|    {
 | |
|       png_uint_32 b;
 | |
| 
 | |
|       /* Complete the read of a chunk; as a side effect this also instantiates
 | |
|        * a chunk control structure and sets the file length/type/data_pos fields
 | |
|        * for the *NEXT* chunk header.
 | |
|        *
 | |
|        * NOTE: at an IDAT any following IDAT chunks will also be read and the
 | |
|        * next_ fields will refer to the chunk after the last IDAT.
 | |
|        *
 | |
|        * NOTE: read_chunk only returns when it has read a chunk that must now be
 | |
|        * written.
 | |
|        */
 | |
|       if (file->state != STATE_SIGNATURE && chunk == NULL)
 | |
|       {
 | |
|          assert(file->read_count == 8);
 | |
|          assert(file->idat == NULL);
 | |
|          read_chunk(file);
 | |
|          chunk = file->chunk;
 | |
|          assert(chunk != NULL);
 | |
| 
 | |
|          /* Do the initialization that was not done before. */
 | |
|          length = chunk->chunk_length;
 | |
|          type = chunk->chunk_type;
 | |
| 
 | |
|          /* And start writing the new chunk. */
 | |
|          file->write_count = 0;
 | |
|       }
 | |
| 
 | |
|       /* The chunk_ fields describe a chunk that must be written, or hold the
 | |
|        * signature.  Write the header first.  In the signature case this
 | |
|        * rewrites the signature.
 | |
|        */
 | |
|       switch (file->write_count)
 | |
|       {
 | |
|          case 0: b = length >> 24; break;
 | |
|          case 1: b = length >> 16; break;
 | |
|          case 2: b = length >>  8; break;
 | |
|          case 3: b = length      ; break;
 | |
| 
 | |
|          case 4: b = type >> 24; break;
 | |
|          case 5: b = type >> 16; break;
 | |
|          case 6: b = type >>  8; break;
 | |
|          case 7: b = type      ; break;
 | |
| 
 | |
|          case 8:
 | |
|             /* The header has been written.  If this is really the signature
 | |
|              * that's all that is required and we can go to normal chunk
 | |
|              * processing.
 | |
|              */
 | |
|             if (file->state == STATE_SIGNATURE)
 | |
|             {
 | |
|                /* The signature has been written, the tail call to read_callback
 | |
|                 * below (it's just a goto to the start with a decent compiler)
 | |
|                 * will read the IHDR header ahead and validate it.
 | |
|                 */
 | |
|                assert(length == sig1 && type == sig2);
 | |
|                file->read_count = 0; /* Forces a header read */
 | |
|                file->state = STATE_CHUNKS; /* IHDR: checked above */
 | |
|                read_callback(png_ptr, buffer, count);
 | |
|                return;
 | |
|             }
 | |
| 
 | |
|             else
 | |
|             {
 | |
|                assert(chunk != NULL);
 | |
| 
 | |
|                /* Set up for write, notice that repositioning the input stream
 | |
|                 * is only necessary if something is to be read from it.  Also
 | |
|                 * notice that for the IDAT stream this must only happen once -
 | |
|                 * on the first IDAT - to get back to the start of the list and
 | |
|                 * this is done inside process_IDAT:
 | |
|                 */
 | |
|                chunk->write_crc = crc_init_4(type);
 | |
|                if (file->state != STATE_IDAT && length > 0)
 | |
|                   setpos(chunk);
 | |
|             }
 | |
|             /* FALLTHROUGH */
 | |
| 
 | |
|          default:
 | |
|             assert(chunk != NULL);
 | |
| 
 | |
|             /* NOTE: the arithmetic below overflows and gives a large positive
 | |
|              * png_uint_32 value until the whole chunk data has been written.
 | |
|              */
 | |
|             switch (file->write_count - length)
 | |
|             {
 | |
|                /* Write the chunk data, normally this just comes from
 | |
|                 * the file.  The only exception is for that part of a
 | |
|                 * chunk which is zlib data and which must be rewritten,
 | |
|                 * and IDAT chunks which can be completely
 | |
|                 * reconstructed.
 | |
|                 */
 | |
|                default:
 | |
|                   if (file->state == STATE_IDAT)
 | |
|                   {
 | |
|                      struct IDAT *idat = file->idat;
 | |
| 
 | |
|                      assert(idat != NULL);
 | |
| 
 | |
|                      /* Read an IDAT byte from the input stream of IDAT chunks.
 | |
|                       * Because the IDAT stream can be re-chunked this stream is
 | |
|                       * held in the struct IDAT members.  The chunk members, in
 | |
|                       * particular chunk_length (and therefore the length local)
 | |
|                       * refer to the output chunk.
 | |
|                       */
 | |
|                      while (idat->idat_index >= idat->idat_length)
 | |
|                      {
 | |
|                         /* Advance one chunk */
 | |
|                         struct IDAT_list *cur = idat->idat_cur;
 | |
| 
 | |
|                         assert(idat->idat_index == idat->idat_length);
 | |
|                         assert(cur != NULL && cur->count > 0);
 | |
| 
 | |
|                         /* NOTE: IDAT_list::count here, not IDAT_list::length */
 | |
|                         if (++(idat->idat_count) >= cur->count)
 | |
|                         {
 | |
|                            assert(idat->idat_count == cur->count);
 | |
| 
 | |
|                            /* Move on to the next IDAT_list: */
 | |
|                            cur = cur->next;
 | |
| 
 | |
|                            /* This is an internal error - read beyond the end of
 | |
|                             * the pre-calculated stream.
 | |
|                             */
 | |
|                            if (cur == NULL || cur->count == 0)
 | |
|                               stop(file, UNEXPECTED_ERROR_CODE,
 | |
|                                  "read beyond end of IDAT");
 | |
| 
 | |
|                            idat->idat_count = 0;
 | |
|                            idat->idat_cur = cur;
 | |
|                         }
 | |
| 
 | |
|                         idat->idat_index = 0;
 | |
|                         /* Zero length IDAT chunks are permitted, so the length
 | |
|                          * here may be 0.
 | |
|                          */
 | |
|                         idat->idat_length = cur->lengths[idat->idat_count];
 | |
| 
 | |
|                         /* And skip 12 bytes to the next chunk data */
 | |
|                         skip_12(file);
 | |
|                      }
 | |
| 
 | |
|                      /* The index is always that of the next byte, the rest of
 | |
|                       * the information is always the current IDAT chunk and the
 | |
|                       * current list.
 | |
|                       */
 | |
|                      ++(idat->idat_index);
 | |
|                   }
 | |
| 
 | |
|                   /* Read the byte from the stream. */
 | |
|                   b = reread_byte(file);
 | |
| 
 | |
|                   /* If the byte must be rewritten handle that here */
 | |
|                   if (chunk->rewrite_length > 0)
 | |
|                   {
 | |
|                      if (chunk->rewrite_offset > 0)
 | |
|                         --(chunk->rewrite_offset);
 | |
| 
 | |
|                      else
 | |
|                      {
 | |
|                         b = chunk->rewrite_buffer[0];
 | |
|                         memmove(chunk->rewrite_buffer, chunk->rewrite_buffer+1,
 | |
|                            (sizeof chunk->rewrite_buffer)-
 | |
|                               (sizeof chunk->rewrite_buffer[0]));
 | |
| 
 | |
|                         --(chunk->rewrite_length);
 | |
|                      }
 | |
|                   }
 | |
| 
 | |
|                   chunk->write_crc = crc_one_byte(chunk->write_crc, b);
 | |
|                   break;
 | |
| 
 | |
|                /* The CRC is written at:
 | |
|                 *
 | |
|                 *    chunk_write == chunk_length+8..chunk_length+11
 | |
|                 *
 | |
|                 * so 8 to 11.  The CRC is not (yet) conditioned.
 | |
|                 */
 | |
|                case  8: b = chunk->write_crc >> 24; goto write_crc;
 | |
|                case  9: b = chunk->write_crc >> 16; goto write_crc;
 | |
|                case 10: b = chunk->write_crc >>  8; goto write_crc;
 | |
|                case 11:
 | |
|                   /* This must happen before the chunk_end below: */
 | |
|                   b = chunk->write_crc;
 | |
| 
 | |
|                   if (file->global->verbose > 2)
 | |
|                   {
 | |
|                      fputs("   ", stderr);
 | |
|                      type_name(type, stderr);
 | |
|                      fprintf(stderr, " %lu 0x%.8x\n", (unsigned long)length,
 | |
|                         chunk->write_crc ^ 0xffffffff);
 | |
|                   }
 | |
| 
 | |
|                   /* The IDAT stream is written without a call to read_chunk
 | |
|                    * until the end is reached.  rechunk_length() calculates the
 | |
|                    * length of the output chunks.  Control gets to this point at
 | |
|                    * the end of an *output* chunk - the length calculated by
 | |
|                    * rechunk_length.  If this corresponds to the end of the
 | |
|                    * input stream stop writing IDAT chunks, otherwise continue.
 | |
|                    */
 | |
|                   if (file->state == STATE_IDAT &&
 | |
|                      (file->idat->idat_index < file->idat->idat_length ||
 | |
|                       1+file->idat->idat_count < file->idat->idat_cur->count ||
 | |
|                       file->idat->idat_cur != file->idat->idat_list_tail))
 | |
|                   {
 | |
|                      /* Write another IDAT chunk.  Call rechunk_length to
 | |
|                       * calculate the length required.
 | |
|                       */
 | |
|                      length = chunk->chunk_length =
 | |
|                          rechunk_length(file->idat, 0/*end*/);
 | |
|                      assert(type == png_IDAT);
 | |
|                      file->write_count = 0; /* for the new chunk */
 | |
|                      --(file->write_count); /* fake out the increment below */
 | |
|                   }
 | |
| 
 | |
|                   else
 | |
|                   {
 | |
|                      /* Entered at the end of a non-IDAT chunk and at the end of
 | |
|                       * the IDAT stream.  The rewrite should have been cleared.
 | |
|                       */
 | |
|                      if (chunk->rewrite_length > 0 || chunk->rewrite_offset > 0)
 | |
|                         stop(file, UNEXPECTED_ERROR_CODE, "pending rewrite");
 | |
| 
 | |
|                      /* This is the last byte so reset chunk_read for the next
 | |
|                       * chunk and move the input file to the position after the
 | |
|                       * *next* chunk header if required.
 | |
|                       */
 | |
|                      file->read_count = 8;
 | |
|                      file_setpos(file, &file->data_pos);
 | |
| 
 | |
|                      if (file->idat == NULL)
 | |
|                         chunk_end(&file->chunk);
 | |
| 
 | |
|                      else
 | |
|                         IDAT_end(&file->idat);
 | |
|                   }
 | |
| 
 | |
|                write_crc:
 | |
|                   b ^= 0xff; /* conditioning */
 | |
|                   break;
 | |
|             }
 | |
|             break;
 | |
|       }
 | |
| 
 | |
|       /* Write one byte */
 | |
|       b &= 0xff;
 | |
|       *buffer++ = (png_byte)b;
 | |
|       --count;
 | |
|       write_byte(file, (png_byte)b); /* increments chunk_write */
 | |
|    }
 | |
|    while (count > 0);
 | |
| }
 | |
| 
 | |
| /* Bundle the file and an uninitialized chunk and IDAT control structure
 | |
|  * together to allow implementation of the chunk/IDAT allocate routine.
 | |
|  */
 | |
| struct control
 | |
| {
 | |
|    struct file  file;
 | |
|    struct chunk chunk;
 | |
|    struct IDAT  idat;
 | |
| };
 | |
| 
 | |
| static int
 | |
| control_end(struct control *control)
 | |
| {
 | |
|    return file_end(&control->file);
 | |
| }
 | |
| 
 | |
| static struct file *
 | |
| get_control(png_const_structrp png_ptr)
 | |
| {
 | |
|    /* This just returns the (file*).  The chunk and idat control structures
 | |
|     * don't always exist.
 | |
|     */
 | |
|    struct control *control = voidcast(struct control*,
 | |
|       png_get_error_ptr(png_ptr));
 | |
|    return &control->file;
 | |
| }
 | |
| 
 | |
| static void
 | |
| allocate(struct file *file, int allocate_idat)
 | |
| {
 | |
|    struct control *control = voidcast(struct control*, file->alloc_ptr);
 | |
| 
 | |
|    if (allocate_idat)
 | |
|    {
 | |
|       assert(file->idat == NULL);
 | |
|       IDAT_init(&control->idat, file);
 | |
|    }
 | |
| 
 | |
|    else /* chunk */
 | |
|    {
 | |
|       assert(file->chunk == NULL);
 | |
|       chunk_init(&control->chunk, file);
 | |
|    }
 | |
| }
 | |
| 
 | |
| static int
 | |
| control_init(struct control *control, struct global *global,
 | |
|    const char *file_name, const char *out_name)
 | |
|    /* This wraps file_init(&control::file) and simply returns the result from
 | |
|     * file_init.
 | |
|     */
 | |
| {
 | |
|    return file_init(&control->file, global, file_name, out_name, control,
 | |
|       allocate);
 | |
| }
 | |
| 
 | |
| static int
 | |
| read_png(struct control *control)
 | |
|    /* Read a PNG, return 0 on success else an error (status) code; a bit mask as
 | |
|     * defined for file::status_code as above.
 | |
|     */
 | |
| {
 | |
|    png_structp png_ptr;
 | |
|    png_infop info_ptr = NULL;
 | |
|    volatile int rc;
 | |
| 
 | |
|    png_ptr = png_create_read_struct(PNG_LIBPNG_VER_STRING, control,
 | |
|       error_handler, warning_handler);
 | |
| 
 | |
|    if (png_ptr == NULL)
 | |
|    {
 | |
|       /* This is not really expected. */
 | |
|       log_error(&control->file, LIBPNG_ERROR_CODE, "OOM allocating png_struct");
 | |
|       control->file.status_code |= INTERNAL_ERROR;
 | |
|       return LIBPNG_ERROR_CODE;
 | |
|    }
 | |
| 
 | |
|    rc = setjmp(control->file.jmpbuf);
 | |
|    if (rc == 0)
 | |
|    {
 | |
| #     ifdef PNG_SET_USER_LIMITS_SUPPORTED
 | |
|          /* Remove any limits on the size of PNG files that can be read,
 | |
|           * without this we may reject files based on built-in safety
 | |
|           * limits.
 | |
|           */
 | |
|          png_set_user_limits(png_ptr, 0x7fffffff, 0x7fffffff);
 | |
|          png_set_chunk_cache_max(png_ptr, 0);
 | |
|          png_set_chunk_malloc_max(png_ptr, 0);
 | |
| #     endif
 | |
| 
 | |
|       png_set_read_fn(png_ptr, control, read_callback);
 | |
| 
 | |
|       info_ptr = png_create_info_struct(png_ptr);
 | |
|       if (info_ptr == NULL)
 | |
|          png_error(png_ptr, "OOM allocating info structure");
 | |
| 
 | |
|       if (control->file.global->verbose)
 | |
|          fprintf(stderr, " INFO\n");
 | |
| 
 | |
|       png_read_info(png_ptr, info_ptr);
 | |
| 
 | |
|       {
 | |
|         png_uint_32 height = png_get_image_height(png_ptr, info_ptr);
 | |
|         int passes = png_set_interlace_handling(png_ptr);
 | |
|         int pass;
 | |
| 
 | |
|         png_start_read_image(png_ptr);
 | |
| 
 | |
|         for (pass = 0; pass < passes; ++pass)
 | |
|         {
 | |
|            png_uint_32 y = height;
 | |
| 
 | |
|            /* NOTE: this skips asking libpng to return either version of
 | |
|             * the image row, but libpng still reads the rows.
 | |
|             */
 | |
|            while (y-- > 0)
 | |
|               png_read_row(png_ptr, NULL, NULL);
 | |
|         }
 | |
|       }
 | |
| 
 | |
|       if (control->file.global->verbose)
 | |
|          fprintf(stderr, " END\n");
 | |
| 
 | |
|       /* Make sure to read to the end of the file: */
 | |
|       png_read_end(png_ptr, info_ptr);
 | |
|    }
 | |
| 
 | |
|    png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
 | |
|    return rc;
 | |
| }
 | |
| 
 | |
| static int
 | |
| one_file(struct global *global, const char *file_name, const char *out_name)
 | |
| {
 | |
|    int rc;
 | |
|    struct control control;
 | |
| 
 | |
|    if (global->verbose)
 | |
|       fprintf(stderr, "FILE %s -> %s\n", file_name,
 | |
|          out_name ? out_name : "<none>");
 | |
| 
 | |
|    /* Although control_init can return a failure code the structure is always
 | |
|     * initialized, so control_end can be used to accumulate any status codes.
 | |
|     */
 | |
|    rc = control_init(&control, global, file_name, out_name);
 | |
| 
 | |
|    if (rc == 0)
 | |
|       rc = read_png(&control);
 | |
| 
 | |
|    rc |= control_end(&control);
 | |
| 
 | |
|    return rc;
 | |
| }
 | |
| 
 | |
| static void
 | |
| usage(const char *prog)
 | |
| {
 | |
|    /* ANSI C-90 limits strings to 509 characters, so use a string array: */
 | |
|    size_t i;
 | |
|    static const char *usage_string[] = {
 | |
| "  Tests, optimizes and optionally fixes the zlib header in PNG files.",
 | |
| "  Optionally, when fixing, strips ancillary chunks from the file.",
 | |
| 0,
 | |
| "OPTIONS",
 | |
| "  OPERATION",
 | |
| "      By default files are just checked for readability with a summary of the",
 | |
| "      of zlib issues founds for each compressed chunk and the IDAT stream in",
 | |
| "      the file.",
 | |
| "    --optimize (-o):",
 | |
| "      Find the smallest deflate window size for the compressed data.",
 | |
| "    --strip=[none|crc|unsafe|unused|transform|color|all]:",
 | |
| "        none (default):   Retain all chunks.",
 | |
| "        crc:    Remove chunks with a bad CRC.",
 | |
| "        unsafe: Remove chunks that may be unsafe to retain if the image data",
 | |
| "                is modified.  This is set automatically if --max is given but",
 | |
| "                may be cancelled by a later --strip=none.",
 | |
| "        unused: Remove chunks not used by libpng when decoding an image.",
 | |
| "                This retains any chunks that might be used by libpng image",
 | |
| "                transformations.",
 | |
| "        transform: unused+bKGD.",
 | |
| "        color:  transform+iCCP and cHRM.",
 | |
| "        all:    color+gAMA and sRGB.",
 | |
| "      Only ancillary chunks are ever removed.  In addition the tRNS and sBIT",
 | |
| "      chunks are never removed as they affect exact interpretation of the",
 | |
| "      image pixel values.  The following known chunks are treated specially",
 | |
| "      by the above options:",
 | |
| "        gAMA, sRGB [all]: These specify the gamma encoding used for the pixel",
 | |
| "            values.",
 | |
| "        cHRM, iCCP [color]: These specify how colors are encoded.  iCCP also",
 | |
| "            specifies the exact encoding of a pixel value; however, in",
 | |
| "            practice most programs will ignore it.",
 | |
| "        bKGD [transform]: This is used by libpng transforms."
 | |
| "    --max=<number>:",
 | |
| "      Use IDAT chunks sized <number>.  If no number is given the the IDAT",
 | |
| "      chunks will be the maximum size permitted; 2^31-1 bytes.  If the option",
 | |
| "      is omitted the original chunk sizes will not be changed.  When the",
 | |
| "      option is given --strip=unsafe is set automatically. This may be",
 | |
| "      cancelled if you know that all unknown unsafe-to-copy chunks really are",
 | |
| "      safe to copy across an IDAT size change.  This is true of all chunks",
 | |
| "      that have ever been formally proposed as PNG extensions.",
 | |
| "  MESSAGES",
 | |
| "      By default the program only outputs summaries for each file.",
 | |
| "    --quiet (-q):",
 | |
| "      Do not output the summaries except for files that cannot be read. With",
 | |
| "      two --quiets these are not output either.",
 | |
| "    --errors (-e):",
 | |
| "      Output errors from libpng and the program (except too-far-back).",
 | |
| "    --warnings (-w):",
 | |
| "      Output warnings from libpng.",
 | |
| "  OUTPUT",
 | |
| "      By default nothing is written.",
 | |
| "    --out=<file>:",
 | |
| "      Write the optimized/corrected version of the next PNG to <file>.  This",
 | |
| "      overrides the following two options",
 | |
| "    --suffix=<suffix>:",
 | |
| "      Set --out=<name><suffix> for all following files unless overridden on",
 | |
| "      a per-file basis by explicit --out.",
 | |
| "    --prefix=<prefix>:",
 | |
| "      Set --out=<prefix><name> for all the following files unless overridden",
 | |
| "      on a per-file basis by explicit --out.",
 | |
| "      These two options can be used together to produce a suffix and prefix.",
 | |
| "  INTERNAL OPTIONS",
 | |
| #if 0 /*NYI*/
 | |
| #ifdef PNG_MAXIMUM_INFLATE_WINDOW
 | |
| "    --test:",
 | |
| "      Test the PNG_MAXIMUM_INFLATE_WINDOW option.  Setting this disables",
 | |
| "      output as this would produce a broken file.",
 | |
| #endif
 | |
| #endif
 | |
| 0,
 | |
| "EXIT CODES",
 | |
| "  *** SUBJECT TO CHANGE ***",
 | |
| "  The program exit code is value in the range 0..127 holding a bit mask of",
 | |
| "  the following codes.  Notice that the results for each file are combined",
 | |
| "  together - check one file at a time to get a meaningful error code!",
 | |
| "    0x01: The zlib too-far-back error existed in at least one chunk.",
 | |
| "    0x02: At least one chunk had a CRC error.",
 | |
| "    0x04: A chunk length was incorrect.",
 | |
| "    0x08: The file was truncated.",
 | |
| "  Errors less than 16 are potentially recoverable, for a single file if the",
 | |
| "  exit code is less than 16 the file could be read (with corrections if a",
 | |
| "  non-zero code is returned).",
 | |
| "    0x10: The file could not be read, even with corrections.",
 | |
| "    0x20: The output file could not be written.",
 | |
| "    0x40: An unexpected, potentially internal, error occurred.",
 | |
| "  If the command line arguments are incorrect the program exits with exit",
 | |
| "  255.  Some older operating systems only support 7-bit exit codes, on those",
 | |
| "  systems it is suggested that this program is first tested by supplying",
 | |
| "  invalid arguments.",
 | |
| 0,
 | |
| "DESCRIPTION",
 | |
| "  " PROGRAM_NAME ":",
 | |
| "  checks each PNG file on the command line for errors.  By default errors are",
 | |
| "  not output and the program just returns an exit code and prints a summary.",
 | |
| "  With the --quiet (-q) option the summaries are suppressed too and the",
 | |
| "  program only outputs unexpected errors (internal errors and file open",
 | |
| "  errors).",
 | |
| "  Various known problems in PNG files are fixed while the file is being read",
 | |
| "  The exit code says what problems were fixed.  In particular the zlib error:",
 | |
| 0,
 | |
| "        \"invalid distance too far back\"",
 | |
| 0,
 | |
| "  caused by an incorrect optimization of a zlib stream is fixed in any",
 | |
| "  compressed chunk in which it is encountered.  An integrity problem of the",
 | |
| "  PNG stream caused by a bug in libpng which wrote an incorrect chunk length",
 | |
| "  is also fixed.  Chunk CRC errors are automatically fixed up.",
 | |
| 0,
 | |
| "  Setting one of the \"OUTPUT\" options causes the possibly modified file to",
 | |
| "  be written to a new file.",
 | |
| 0,
 | |
| "  Notice that some PNG files with the zlib optimization problem can still be",
 | |
| "  read by libpng under some circumstances.  This program will still detect",
 | |
| "  and, if requested, correct the error.",
 | |
| 0,
 | |
| "  The program will reliably process all files on the command line unless",
 | |
| "  either an invalid argument causes the usage message (this message) to be",
 | |
| "  produced or the program crashes.",
 | |
| 0,
 | |
| "  The summary lines describe issues encountered with the zlib compressed",
 | |
| "  stream of a chunk.  They have the following format, which is SUBJECT TO",
 | |
| "  CHANGE in the future:",
 | |
| 0,
 | |
| "     chunk reason comp-level p1 p2 p3 p4 file",
 | |
| 0,
 | |
| "  p1 through p4 vary according to the 'reason'.  There are always 8 space",
 | |
| "  separated fields.  Reasons specific formats are:",
 | |
| 0,
 | |
| "     chunk ERR status code read-errno write-errno message file",
 | |
| "     chunk SKP comp-level file-bits zlib-rc compressed message file",
 | |
| "     chunk ??? comp-level file-bits ok-bits compressed uncompress file",
 | |
| 0,
 | |
| "  The various fields are",
 | |
| 0,
 | |
| "$1 chunk:      The chunk type of a chunk in the file or 'HEAD' if a problem",
 | |
| "               is reported by libpng at the start of the IDAT stream.",
 | |
| "$2 reason:     One of:",
 | |
| "          CHK: A zlib header checksum was detected and fixed.",
 | |
| "          TFB: The zlib too far back error was detected and fixed.",
 | |
| "          OK : No errors were detected in the zlib stream and optimization",
 | |
| "               was not requested, or was not possible.",
 | |
| "          OPT: The zlib stream window bits value could be improved (and was).",
 | |
| "          SKP: The chunk was skipped because of a zlib issue (zlib-rc) with",
 | |
| "               explanation 'message'",
 | |
| "          ERR: The read of the file was aborted.  The parameters explain why.",
 | |
| "$3 status:     For 'ERR' the accumulated status code from 'EXIT CODES' above.",
 | |
| "               This is printed as a 2 digit hexadecimal value",
 | |
| "   comp-level: The recorded compression level (FLEVEL) of a zlib stream",
 | |
| "               expressed as a string {supfast,stdfast,default,maximum}",
 | |
| "$4 code:       The file exit code; where stop was called, as a fairly terse",
 | |
| "               string {warning,libpng,zlib,invalid,read,write,unexpected}.",
 | |
| "   file-bits:  The zlib window bits recorded in the file.",
 | |
| "$5 read-errno: A system errno value from a read translated by strerror(3).",
 | |
| "   zlib-rc:    A zlib return code as a string (see zlib.h).",
 | |
| "   ok-bits:    The smallest zlib window bits value that works.",
 | |
| "$6 write-errno:A system errno value from a write translated by strerror(3).",
 | |
| "   compressed: The count of compressed bytes in the zlib stream, when the",
 | |
| "               reason is 'SKP'; this is a count of the bytes read from the",
 | |
| "               stream when the fatal error was encountered.",
 | |
| "$7 message:    An error message (spaces replaced by _, as in all parameters),",
 | |
| "   uncompress: The count of bytes from uncompressing the zlib stream; this",
 | |
| "               may not be the same as the number of bytes in the image.",
 | |
| "$8 file:       The name of the file (this may contain spaces).",
 | |
| };
 | |
| 
 | |
|    fprintf(stderr, "Usage: %s {[options] png-file}\n", prog);
 | |
| 
 | |
|    for (i=0; i < (sizeof usage_string)/(sizeof usage_string[0]); ++i)
 | |
|    {
 | |
|       if (usage_string[i] != 0)
 | |
|          fputs(usage_string[i], stderr);
 | |
| 
 | |
|       fputc('\n', stderr);
 | |
|    }
 | |
| 
 | |
|    exit(255);
 | |
| }
 | |
| 
 | |
| int
 | |
| main(int argc, const char **argv)
 | |
| {
 | |
|    char temp_name[FILENAME_MAX+1];
 | |
|    const char *  prog = *argv;
 | |
|    const char *  outfile = NULL;
 | |
|    const char *  suffix = NULL;
 | |
|    const char *  prefix = NULL;
 | |
|    int           done = 0; /* if at least one file is processed */
 | |
|    struct global global;
 | |
| 
 | |
|    global_init(&global);
 | |
| 
 | |
|    while (--argc > 0)
 | |
|    {
 | |
|       ++argv;
 | |
| 
 | |
|       if (strcmp(*argv, "--debug") == 0)
 | |
|       {
 | |
|          /* To help debugging problems: */
 | |
|          global.errors = global.warnings = 1;
 | |
|          global.quiet = 0;
 | |
|          global.verbose = 7;
 | |
|       }
 | |
| 
 | |
|       else if (strncmp(*argv, "--max=", 6) == 0)
 | |
|       {
 | |
|          global.idat_max = (png_uint_32)atol(6+*argv);
 | |
| 
 | |
|          if (global.skip < SKIP_UNSAFE)
 | |
|             global.skip = SKIP_UNSAFE;
 | |
|       }
 | |
| 
 | |
|       else if (strcmp(*argv, "--max") == 0)
 | |
|       {
 | |
|          global.idat_max = 0x7fffffff;
 | |
| 
 | |
|          if (global.skip < SKIP_UNSAFE)
 | |
|             global.skip = SKIP_UNSAFE;
 | |
|       }
 | |
| 
 | |
|       else if (strcmp(*argv, "--optimize") == 0 || strcmp(*argv, "-o") == 0)
 | |
|          global.optimize_zlib = 1;
 | |
| 
 | |
|       else if (strncmp(*argv, "--out=", 6) == 0)
 | |
|          outfile = 6+*argv;
 | |
| 
 | |
|       else if (strncmp(*argv, "--suffix=", 9) == 0)
 | |
|          suffix = 9+*argv;
 | |
| 
 | |
|       else if (strncmp(*argv, "--prefix=", 9) == 0)
 | |
|          prefix = 9+*argv;
 | |
| 
 | |
|       else if (strcmp(*argv, "--strip=none") == 0)
 | |
|          global.skip = SKIP_NONE;
 | |
| 
 | |
|       else if (strcmp(*argv, "--strip=crc") == 0)
 | |
|          global.skip = SKIP_BAD_CRC;
 | |
| 
 | |
|       else if (strcmp(*argv, "--strip=unsafe") == 0)
 | |
|          global.skip = SKIP_UNSAFE;
 | |
| 
 | |
|       else if (strcmp(*argv, "--strip=unused") == 0)
 | |
|          global.skip = SKIP_UNUSED;
 | |
| 
 | |
|       else if (strcmp(*argv, "--strip=transform") == 0)
 | |
|          global.skip = SKIP_TRANSFORM;
 | |
| 
 | |
|       else if (strcmp(*argv, "--strip=color") == 0)
 | |
|          global.skip = SKIP_COLOR;
 | |
| 
 | |
|       else if (strcmp(*argv, "--strip=all") == 0)
 | |
|          global.skip = SKIP_ALL;
 | |
| 
 | |
|       else if (strcmp(*argv, "--errors") == 0 || strcmp(*argv, "-e") == 0)
 | |
|          global.errors = 1;
 | |
| 
 | |
|       else if (strcmp(*argv, "--warnings") == 0 || strcmp(*argv, "-w") == 0)
 | |
|          global.warnings = 1;
 | |
| 
 | |
|       else if (strcmp(*argv, "--quiet") == 0 || strcmp(*argv, "-q") == 0)
 | |
|       {
 | |
|          if (global.quiet)
 | |
|             global.quiet = 2;
 | |
| 
 | |
|          else
 | |
|             global.quiet = 1;
 | |
|       }
 | |
| 
 | |
|       else if (strcmp(*argv, "--verbose") == 0 || strcmp(*argv, "-v") == 0)
 | |
|          ++global.verbose;
 | |
| 
 | |
| #if 0
 | |
|       /* NYI */
 | |
| #     ifdef PNG_MAXIMUM_INFLATE_WINDOW
 | |
|          else if (strcmp(*argv, "--test") == 0)
 | |
|             ++set_option;
 | |
| #     endif
 | |
| #endif
 | |
| 
 | |
|       else if ((*argv)[0] == '-')
 | |
|          usage(prog);
 | |
| 
 | |
|       else
 | |
|       {
 | |
|          size_t outlen = strlen(*argv);
 | |
| 
 | |
|          if (outfile == NULL) /* else this takes precedence */
 | |
|          {
 | |
|             /* Consider the prefix/suffix options */
 | |
|             if (prefix != NULL)
 | |
|             {
 | |
|                size_t prefixlen = strlen(prefix);
 | |
| 
 | |
|                if (prefixlen+outlen > FILENAME_MAX)
 | |
|                {
 | |
|                   fprintf(stderr, "%s: output file name too long: %s%s%s\n",
 | |
|                      prog, prefix, *argv, suffix ? suffix : "");
 | |
|                   global.status_code |= WRITE_ERROR;
 | |
|                   continue;
 | |
|                }
 | |
| 
 | |
|                memcpy(temp_name, prefix, prefixlen);
 | |
|                memcpy(temp_name+prefixlen, *argv, outlen);
 | |
|                outlen += prefixlen;
 | |
|                outfile = temp_name;
 | |
|             }
 | |
| 
 | |
|             else if (suffix != NULL)
 | |
|                memcpy(temp_name, *argv, outlen);
 | |
| 
 | |
|             temp_name[outlen] = 0;
 | |
| 
 | |
|             if (suffix != NULL)
 | |
|             {
 | |
|                size_t suffixlen = strlen(suffix);
 | |
| 
 | |
|                if (outlen+suffixlen > FILENAME_MAX)
 | |
|                {
 | |
|                   fprintf(stderr, "%s: output file name too long: %s%s\n",
 | |
|                      prog, *argv, suffix);
 | |
|                   global.status_code |= WRITE_ERROR;
 | |
|                   continue;
 | |
|                }
 | |
| 
 | |
|                memcpy(temp_name+outlen, suffix, suffixlen);
 | |
|                outlen += suffixlen;
 | |
|                temp_name[outlen] = 0;
 | |
|                outfile = temp_name;
 | |
|             }
 | |
|          }
 | |
| 
 | |
|          (void)one_file(&global, *argv, outfile);
 | |
|          ++done;
 | |
|          outfile = NULL;
 | |
|       }
 | |
|    }
 | |
| 
 | |
|    if (!done)
 | |
|       usage(prog);
 | |
| 
 | |
|    return global_end(&global);
 | |
| }
 | |
| 
 | |
| #else /* ZLIB_VERNUM < 0x1240 */
 | |
| int
 | |
| main(void)
 | |
| {
 | |
|    fprintf(stderr,
 | |
|       "pngfix needs libpng with a zlib >=1.2.4 (not 0x%x)\n",
 | |
|       ZLIB_VERNUM);
 | |
|    return 77;
 | |
| }
 | |
| #endif /* ZLIB_VERNUM */
 | |
| 
 | |
| #else /* No read support */
 | |
| 
 | |
| int
 | |
| main(void)
 | |
| {
 | |
|    fprintf(stderr, "pngfix does not work without read deinterlace support\n");
 | |
|    return 77;
 | |
| }
 | |
| #endif /* PNG_READ_SUPPORTED && PNG_EASY_ACCESS_SUPPORTED */
 | |
| #else /* No setjmp support */
 | |
| int
 | |
| main(void)
 | |
| {
 | |
|    fprintf(stderr, "pngfix does not work without setjmp support\n");
 | |
|    return 77;
 | |
| }
 | |
| #endif /* PNG_SETJMP_SUPPORTED */
 | |
| 
 |