pngpread.c 50 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844
  1. /* pngpread.c - read a png file in push mode
  2. *
  3. * Last changed in libpng 1.5.9 [February 18, 2012]
  4. * Copyright (c) 1998-2011 Glenn Randers-Pehrson
  5. * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
  6. * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
  7. *
  8. * This code is released under the libpng license.
  9. * For conditions of distribution and use, see the disclaimer
  10. * and license in png.h
  11. */
  12. #include "pngpriv.h"
  13. #ifdef PNG_PROGRESSIVE_READ_SUPPORTED
  14. /* Push model modes */
  15. #define PNG_READ_SIG_MODE 0
  16. #define PNG_READ_CHUNK_MODE 1
  17. #define PNG_READ_IDAT_MODE 2
  18. #define PNG_SKIP_MODE 3
  19. #define PNG_READ_tEXt_MODE 4
  20. #define PNG_READ_zTXt_MODE 5
  21. #define PNG_READ_DONE_MODE 6
  22. #define PNG_READ_iTXt_MODE 7
  23. #define PNG_ERROR_MODE 8
  24. void PNGAPI
  25. png_process_data(png_structp png_ptr, png_infop info_ptr,
  26. png_bytep buffer, png_size_t buffer_size)
  27. {
  28. if (png_ptr == NULL || info_ptr == NULL)
  29. return;
  30. png_push_restore_buffer(png_ptr, buffer, buffer_size);
  31. while (png_ptr->buffer_size)
  32. {
  33. png_process_some_data(png_ptr, info_ptr);
  34. }
  35. }
  36. png_size_t PNGAPI
  37. png_process_data_pause(png_structp png_ptr, int save)
  38. {
  39. if (png_ptr != NULL)
  40. {
  41. /* It's easiest for the caller if we do the save, then the caller doesn't
  42. * have to supply the same data again:
  43. */
  44. if (save)
  45. png_push_save_buffer(png_ptr);
  46. else
  47. {
  48. /* This includes any pending saved bytes: */
  49. png_size_t remaining = png_ptr->buffer_size;
  50. png_ptr->buffer_size = 0;
  51. /* So subtract the saved buffer size, unless all the data
  52. * is actually 'saved', in which case we just return 0
  53. */
  54. if (png_ptr->save_buffer_size < remaining)
  55. return remaining - png_ptr->save_buffer_size;
  56. }
  57. }
  58. return 0;
  59. }
  60. png_uint_32 PNGAPI
  61. png_process_data_skip(png_structp png_ptr)
  62. {
  63. png_uint_32 remaining = 0;
  64. if (png_ptr != NULL && png_ptr->process_mode == PNG_SKIP_MODE &&
  65. png_ptr->skip_length > 0)
  66. {
  67. /* At the end of png_process_data the buffer size must be 0 (see the loop
  68. * above) so we can detect a broken call here:
  69. */
  70. if (png_ptr->buffer_size != 0)
  71. png_error(png_ptr,
  72. "png_process_data_skip called inside png_process_data");
  73. /* If is impossible for there to be a saved buffer at this point -
  74. * otherwise we could not be in SKIP mode. This will also happen if
  75. * png_process_skip is called inside png_process_data (but only very
  76. * rarely.)
  77. */
  78. if (png_ptr->save_buffer_size != 0)
  79. png_error(png_ptr, "png_process_data_skip called with saved data");
  80. remaining = png_ptr->skip_length;
  81. png_ptr->skip_length = 0;
  82. png_ptr->process_mode = PNG_READ_CHUNK_MODE;
  83. }
  84. return remaining;
  85. }
  86. /* What we do with the incoming data depends on what we were previously
  87. * doing before we ran out of data...
  88. */
  89. void /* PRIVATE */
  90. png_process_some_data(png_structp png_ptr, png_infop info_ptr)
  91. {
  92. if (png_ptr == NULL)
  93. return;
  94. switch (png_ptr->process_mode)
  95. {
  96. case PNG_READ_SIG_MODE:
  97. {
  98. png_push_read_sig(png_ptr, info_ptr);
  99. break;
  100. }
  101. case PNG_READ_CHUNK_MODE:
  102. {
  103. png_push_read_chunk(png_ptr, info_ptr);
  104. break;
  105. }
  106. case PNG_READ_IDAT_MODE:
  107. {
  108. png_push_read_IDAT(png_ptr);
  109. break;
  110. }
  111. #ifdef PNG_READ_tEXt_SUPPORTED
  112. case PNG_READ_tEXt_MODE:
  113. {
  114. png_push_read_tEXt(png_ptr, info_ptr);
  115. break;
  116. }
  117. #endif
  118. #ifdef PNG_READ_zTXt_SUPPORTED
  119. case PNG_READ_zTXt_MODE:
  120. {
  121. png_push_read_zTXt(png_ptr, info_ptr);
  122. break;
  123. }
  124. #endif
  125. #ifdef PNG_READ_iTXt_SUPPORTED
  126. case PNG_READ_iTXt_MODE:
  127. {
  128. png_push_read_iTXt(png_ptr, info_ptr);
  129. break;
  130. }
  131. #endif
  132. case PNG_SKIP_MODE:
  133. {
  134. png_push_crc_finish(png_ptr);
  135. break;
  136. }
  137. default:
  138. {
  139. png_ptr->buffer_size = 0;
  140. break;
  141. }
  142. }
  143. }
  144. /* Read any remaining signature bytes from the stream and compare them with
  145. * the correct PNG signature. It is possible that this routine is called
  146. * with bytes already read from the signature, either because they have been
  147. * checked by the calling application, or because of multiple calls to this
  148. * routine.
  149. */
  150. void /* PRIVATE */
  151. png_push_read_sig(png_structp png_ptr, png_infop info_ptr)
  152. {
  153. png_size_t num_checked = png_ptr->sig_bytes,
  154. num_to_check = 8 - num_checked;
  155. if (png_ptr->buffer_size < num_to_check)
  156. {
  157. num_to_check = png_ptr->buffer_size;
  158. }
  159. png_push_fill_buffer(png_ptr, &(info_ptr->signature[num_checked]),
  160. num_to_check);
  161. png_ptr->sig_bytes = (png_byte)(png_ptr->sig_bytes + num_to_check);
  162. if (png_sig_cmp(info_ptr->signature, num_checked, num_to_check))
  163. {
  164. if (num_checked < 4 &&
  165. png_sig_cmp(info_ptr->signature, num_checked, num_to_check - 4))
  166. png_error(png_ptr, "Not a PNG file");
  167. else
  168. png_error(png_ptr, "PNG file corrupted by ASCII conversion");
  169. }
  170. else
  171. {
  172. if (png_ptr->sig_bytes >= 8)
  173. {
  174. png_ptr->process_mode = PNG_READ_CHUNK_MODE;
  175. }
  176. }
  177. }
  178. void /* PRIVATE */
  179. png_push_read_chunk(png_structp png_ptr, png_infop info_ptr)
  180. {
  181. png_uint_32 chunk_name;
  182. /* First we make sure we have enough data for the 4 byte chunk name
  183. * and the 4 byte chunk length before proceeding with decoding the
  184. * chunk data. To fully decode each of these chunks, we also make
  185. * sure we have enough data in the buffer for the 4 byte CRC at the
  186. * end of every chunk (except IDAT, which is handled separately).
  187. */
  188. if (!(png_ptr->mode & PNG_HAVE_CHUNK_HEADER))
  189. {
  190. png_byte chunk_length[4];
  191. png_byte chunk_tag[4];
  192. if (png_ptr->buffer_size < 8)
  193. {
  194. png_push_save_buffer(png_ptr);
  195. return;
  196. }
  197. png_push_fill_buffer(png_ptr, chunk_length, 4);
  198. png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
  199. png_reset_crc(png_ptr);
  200. png_crc_read(png_ptr, chunk_tag, 4);
  201. png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
  202. png_check_chunk_name(png_ptr, png_ptr->chunk_name);
  203. png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
  204. }
  205. chunk_name = png_ptr->chunk_name;
  206. if (chunk_name == png_IDAT)
  207. {
  208. /* This is here above the if/else case statement below because if the
  209. * unknown handling marks 'IDAT' as unknown then the IDAT handling case is
  210. * completely skipped.
  211. *
  212. * TODO: there must be a better way of doing this.
  213. */
  214. if (png_ptr->mode & PNG_AFTER_IDAT)
  215. png_ptr->mode |= PNG_HAVE_CHUNK_AFTER_IDAT;
  216. }
  217. if (chunk_name == png_IHDR)
  218. {
  219. if (png_ptr->push_length != 13)
  220. png_error(png_ptr, "Invalid IHDR length");
  221. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  222. {
  223. png_push_save_buffer(png_ptr);
  224. return;
  225. }
  226. png_handle_IHDR(png_ptr, info_ptr, png_ptr->push_length);
  227. }
  228. else if (chunk_name == png_IEND)
  229. {
  230. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  231. {
  232. png_push_save_buffer(png_ptr);
  233. return;
  234. }
  235. png_handle_IEND(png_ptr, info_ptr, png_ptr->push_length);
  236. png_ptr->process_mode = PNG_READ_DONE_MODE;
  237. png_push_have_end(png_ptr, info_ptr);
  238. }
  239. #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
  240. else if (png_chunk_unknown_handling(png_ptr, chunk_name))
  241. {
  242. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  243. {
  244. png_push_save_buffer(png_ptr);
  245. return;
  246. }
  247. if (chunk_name == png_IDAT)
  248. png_ptr->mode |= PNG_HAVE_IDAT;
  249. png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length);
  250. if (chunk_name == png_PLTE)
  251. png_ptr->mode |= PNG_HAVE_PLTE;
  252. else if (chunk_name == png_IDAT)
  253. {
  254. if (!(png_ptr->mode & PNG_HAVE_IHDR))
  255. png_error(png_ptr, "Missing IHDR before IDAT");
  256. else if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE &&
  257. !(png_ptr->mode & PNG_HAVE_PLTE))
  258. png_error(png_ptr, "Missing PLTE before IDAT");
  259. }
  260. }
  261. #endif
  262. else if (chunk_name == png_PLTE)
  263. {
  264. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  265. {
  266. png_push_save_buffer(png_ptr);
  267. return;
  268. }
  269. png_handle_PLTE(png_ptr, info_ptr, png_ptr->push_length);
  270. }
  271. else if (chunk_name == png_IDAT)
  272. {
  273. /* If we reach an IDAT chunk, this means we have read all of the
  274. * header chunks, and we can start reading the image (or if this
  275. * is called after the image has been read - we have an error).
  276. */
  277. if (!(png_ptr->mode & PNG_HAVE_IHDR))
  278. png_error(png_ptr, "Missing IHDR before IDAT");
  279. else if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE &&
  280. !(png_ptr->mode & PNG_HAVE_PLTE))
  281. png_error(png_ptr, "Missing PLTE before IDAT");
  282. if (png_ptr->mode & PNG_HAVE_IDAT)
  283. {
  284. if (!(png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT))
  285. if (png_ptr->push_length == 0)
  286. return;
  287. if (png_ptr->mode & PNG_AFTER_IDAT)
  288. png_benign_error(png_ptr, "Too many IDATs found");
  289. }
  290. png_ptr->idat_size = png_ptr->push_length;
  291. png_ptr->mode |= PNG_HAVE_IDAT;
  292. png_ptr->process_mode = PNG_READ_IDAT_MODE;
  293. png_push_have_info(png_ptr, info_ptr);
  294. png_ptr->zstream.avail_out =
  295. (uInt) PNG_ROWBYTES(png_ptr->pixel_depth,
  296. png_ptr->iwidth) + 1;
  297. png_ptr->zstream.next_out = png_ptr->row_buf;
  298. return;
  299. }
  300. #ifdef PNG_READ_gAMA_SUPPORTED
  301. else if (png_ptr->chunk_name == png_gAMA)
  302. {
  303. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  304. {
  305. png_push_save_buffer(png_ptr);
  306. return;
  307. }
  308. png_handle_gAMA(png_ptr, info_ptr, png_ptr->push_length);
  309. }
  310. #endif
  311. #ifdef PNG_READ_sBIT_SUPPORTED
  312. else if (png_ptr->chunk_name == png_sBIT)
  313. {
  314. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  315. {
  316. png_push_save_buffer(png_ptr);
  317. return;
  318. }
  319. png_handle_sBIT(png_ptr, info_ptr, png_ptr->push_length);
  320. }
  321. #endif
  322. #ifdef PNG_READ_cHRM_SUPPORTED
  323. else if (png_ptr->chunk_name == png_cHRM)
  324. {
  325. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  326. {
  327. png_push_save_buffer(png_ptr);
  328. return;
  329. }
  330. png_handle_cHRM(png_ptr, info_ptr, png_ptr->push_length);
  331. }
  332. #endif
  333. #ifdef PNG_READ_sRGB_SUPPORTED
  334. else if (chunk_name == png_sRGB)
  335. {
  336. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  337. {
  338. png_push_save_buffer(png_ptr);
  339. return;
  340. }
  341. png_handle_sRGB(png_ptr, info_ptr, png_ptr->push_length);
  342. }
  343. #endif
  344. #ifdef PNG_READ_iCCP_SUPPORTED
  345. else if (png_ptr->chunk_name == png_iCCP)
  346. {
  347. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  348. {
  349. png_push_save_buffer(png_ptr);
  350. return;
  351. }
  352. png_handle_iCCP(png_ptr, info_ptr, png_ptr->push_length);
  353. }
  354. #endif
  355. #ifdef PNG_READ_sPLT_SUPPORTED
  356. else if (chunk_name == png_sPLT)
  357. {
  358. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  359. {
  360. png_push_save_buffer(png_ptr);
  361. return;
  362. }
  363. png_handle_sPLT(png_ptr, info_ptr, png_ptr->push_length);
  364. }
  365. #endif
  366. #ifdef PNG_READ_tRNS_SUPPORTED
  367. else if (chunk_name == png_tRNS)
  368. {
  369. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  370. {
  371. png_push_save_buffer(png_ptr);
  372. return;
  373. }
  374. png_handle_tRNS(png_ptr, info_ptr, png_ptr->push_length);
  375. }
  376. #endif
  377. #ifdef PNG_READ_bKGD_SUPPORTED
  378. else if (chunk_name == png_bKGD)
  379. {
  380. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  381. {
  382. png_push_save_buffer(png_ptr);
  383. return;
  384. }
  385. png_handle_bKGD(png_ptr, info_ptr, png_ptr->push_length);
  386. }
  387. #endif
  388. #ifdef PNG_READ_hIST_SUPPORTED
  389. else if (chunk_name == png_hIST)
  390. {
  391. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  392. {
  393. png_push_save_buffer(png_ptr);
  394. return;
  395. }
  396. png_handle_hIST(png_ptr, info_ptr, png_ptr->push_length);
  397. }
  398. #endif
  399. #ifdef PNG_READ_pHYs_SUPPORTED
  400. else if (chunk_name == png_pHYs)
  401. {
  402. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  403. {
  404. png_push_save_buffer(png_ptr);
  405. return;
  406. }
  407. png_handle_pHYs(png_ptr, info_ptr, png_ptr->push_length);
  408. }
  409. #endif
  410. #ifdef PNG_READ_oFFs_SUPPORTED
  411. else if (chunk_name == png_oFFs)
  412. {
  413. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  414. {
  415. png_push_save_buffer(png_ptr);
  416. return;
  417. }
  418. png_handle_oFFs(png_ptr, info_ptr, png_ptr->push_length);
  419. }
  420. #endif
  421. #ifdef PNG_READ_pCAL_SUPPORTED
  422. else if (chunk_name == png_pCAL)
  423. {
  424. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  425. {
  426. png_push_save_buffer(png_ptr);
  427. return;
  428. }
  429. png_handle_pCAL(png_ptr, info_ptr, png_ptr->push_length);
  430. }
  431. #endif
  432. #ifdef PNG_READ_sCAL_SUPPORTED
  433. else if (chunk_name == png_sCAL)
  434. {
  435. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  436. {
  437. png_push_save_buffer(png_ptr);
  438. return;
  439. }
  440. png_handle_sCAL(png_ptr, info_ptr, png_ptr->push_length);
  441. }
  442. #endif
  443. #ifdef PNG_READ_tIME_SUPPORTED
  444. else if (chunk_name == png_tIME)
  445. {
  446. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  447. {
  448. png_push_save_buffer(png_ptr);
  449. return;
  450. }
  451. png_handle_tIME(png_ptr, info_ptr, png_ptr->push_length);
  452. }
  453. #endif
  454. #ifdef PNG_READ_tEXt_SUPPORTED
  455. else if (chunk_name == png_tEXt)
  456. {
  457. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  458. {
  459. png_push_save_buffer(png_ptr);
  460. return;
  461. }
  462. png_push_handle_tEXt(png_ptr, info_ptr, png_ptr->push_length);
  463. }
  464. #endif
  465. #ifdef PNG_READ_zTXt_SUPPORTED
  466. else if (chunk_name == png_zTXt)
  467. {
  468. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  469. {
  470. png_push_save_buffer(png_ptr);
  471. return;
  472. }
  473. png_push_handle_zTXt(png_ptr, info_ptr, png_ptr->push_length);
  474. }
  475. #endif
  476. #ifdef PNG_READ_iTXt_SUPPORTED
  477. else if (chunk_name == png_iTXt)
  478. {
  479. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  480. {
  481. png_push_save_buffer(png_ptr);
  482. return;
  483. }
  484. png_push_handle_iTXt(png_ptr, info_ptr, png_ptr->push_length);
  485. }
  486. #endif
  487. else
  488. {
  489. if (png_ptr->push_length + 4 > png_ptr->buffer_size)
  490. {
  491. png_push_save_buffer(png_ptr);
  492. return;
  493. }
  494. png_push_handle_unknown(png_ptr, info_ptr, png_ptr->push_length);
  495. }
  496. png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
  497. }
  498. void /* PRIVATE */
  499. png_push_crc_skip(png_structp png_ptr, png_uint_32 skip)
  500. {
  501. png_ptr->process_mode = PNG_SKIP_MODE;
  502. png_ptr->skip_length = skip;
  503. }
  504. void /* PRIVATE */
  505. png_push_crc_finish(png_structp png_ptr)
  506. {
  507. if (png_ptr->skip_length && png_ptr->save_buffer_size)
  508. {
  509. png_size_t save_size = png_ptr->save_buffer_size;
  510. png_uint_32 skip_length = png_ptr->skip_length;
  511. /* We want the smaller of 'skip_length' and 'save_buffer_size', but
  512. * they are of different types and we don't know which variable has the
  513. * fewest bits. Carefully select the smaller and cast it to the type of
  514. * the larger - this cannot overflow. Do not cast in the following test
  515. * - it will break on either 16 or 64 bit platforms.
  516. */
  517. if (skip_length < save_size)
  518. save_size = (png_size_t)skip_length;
  519. else
  520. skip_length = (png_uint_32)save_size;
  521. png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size);
  522. png_ptr->skip_length -= skip_length;
  523. png_ptr->buffer_size -= save_size;
  524. png_ptr->save_buffer_size -= save_size;
  525. png_ptr->save_buffer_ptr += save_size;
  526. }
  527. if (png_ptr->skip_length && png_ptr->current_buffer_size)
  528. {
  529. png_size_t save_size = png_ptr->current_buffer_size;
  530. png_uint_32 skip_length = png_ptr->skip_length;
  531. /* We want the smaller of 'skip_length' and 'current_buffer_size', here,
  532. * the same problem exists as above and the same solution.
  533. */
  534. if (skip_length < save_size)
  535. save_size = (png_size_t)skip_length;
  536. else
  537. skip_length = (png_uint_32)save_size;
  538. png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size);
  539. png_ptr->skip_length -= skip_length;
  540. png_ptr->buffer_size -= save_size;
  541. png_ptr->current_buffer_size -= save_size;
  542. png_ptr->current_buffer_ptr += save_size;
  543. }
  544. if (!png_ptr->skip_length)
  545. {
  546. if (png_ptr->buffer_size < 4)
  547. {
  548. png_push_save_buffer(png_ptr);
  549. return;
  550. }
  551. png_crc_finish(png_ptr, 0);
  552. png_ptr->process_mode = PNG_READ_CHUNK_MODE;
  553. }
  554. }
  555. void PNGCBAPI
  556. png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, png_size_t length)
  557. {
  558. png_bytep ptr;
  559. if (png_ptr == NULL)
  560. return;
  561. ptr = buffer;
  562. if (png_ptr->save_buffer_size)
  563. {
  564. png_size_t save_size;
  565. if (length < png_ptr->save_buffer_size)
  566. save_size = length;
  567. else
  568. save_size = png_ptr->save_buffer_size;
  569. png_memcpy(ptr, png_ptr->save_buffer_ptr, save_size);
  570. length -= save_size;
  571. ptr += save_size;
  572. png_ptr->buffer_size -= save_size;
  573. png_ptr->save_buffer_size -= save_size;
  574. png_ptr->save_buffer_ptr += save_size;
  575. }
  576. if (length && png_ptr->current_buffer_size)
  577. {
  578. png_size_t save_size;
  579. if (length < png_ptr->current_buffer_size)
  580. save_size = length;
  581. else
  582. save_size = png_ptr->current_buffer_size;
  583. png_memcpy(ptr, png_ptr->current_buffer_ptr, save_size);
  584. png_ptr->buffer_size -= save_size;
  585. png_ptr->current_buffer_size -= save_size;
  586. png_ptr->current_buffer_ptr += save_size;
  587. }
  588. }
  589. void /* PRIVATE */
  590. png_push_save_buffer(png_structp png_ptr)
  591. {
  592. if (png_ptr->save_buffer_size)
  593. {
  594. if (png_ptr->save_buffer_ptr != png_ptr->save_buffer)
  595. {
  596. png_size_t i, istop;
  597. png_bytep sp;
  598. png_bytep dp;
  599. istop = png_ptr->save_buffer_size;
  600. for (i = 0, sp = png_ptr->save_buffer_ptr, dp = png_ptr->save_buffer;
  601. i < istop; i++, sp++, dp++)
  602. {
  603. *dp = *sp;
  604. }
  605. }
  606. }
  607. if (png_ptr->save_buffer_size + png_ptr->current_buffer_size >
  608. png_ptr->save_buffer_max)
  609. {
  610. png_size_t new_max;
  611. png_bytep old_buffer;
  612. if (png_ptr->save_buffer_size > PNG_SIZE_MAX -
  613. (png_ptr->current_buffer_size + 256))
  614. {
  615. png_error(png_ptr, "Potential overflow of save_buffer");
  616. }
  617. new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
  618. old_buffer = png_ptr->save_buffer;
  619. png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr, new_max);
  620. if (png_ptr->save_buffer == NULL)
  621. {
  622. png_free(png_ptr, old_buffer);
  623. png_error(png_ptr, "Insufficient memory for save_buffer");
  624. }
  625. png_memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
  626. png_free(png_ptr, old_buffer);
  627. png_ptr->save_buffer_max = new_max;
  628. }
  629. if (png_ptr->current_buffer_size)
  630. {
  631. png_memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size,
  632. png_ptr->current_buffer_ptr, png_ptr->current_buffer_size);
  633. png_ptr->save_buffer_size += png_ptr->current_buffer_size;
  634. png_ptr->current_buffer_size = 0;
  635. }
  636. png_ptr->save_buffer_ptr = png_ptr->save_buffer;
  637. png_ptr->buffer_size = 0;
  638. }
  639. void /* PRIVATE */
  640. png_push_restore_buffer(png_structp png_ptr, png_bytep buffer,
  641. png_size_t buffer_length)
  642. {
  643. png_ptr->current_buffer = buffer;
  644. png_ptr->current_buffer_size = buffer_length;
  645. png_ptr->buffer_size = buffer_length + png_ptr->save_buffer_size;
  646. png_ptr->current_buffer_ptr = png_ptr->current_buffer;
  647. }
  648. void /* PRIVATE */
  649. png_push_read_IDAT(png_structp png_ptr)
  650. {
  651. if (!(png_ptr->mode & PNG_HAVE_CHUNK_HEADER))
  652. {
  653. png_byte chunk_length[4];
  654. png_byte chunk_tag[4];
  655. /* TODO: this code can be commoned up with the same code in push_read */
  656. if (png_ptr->buffer_size < 8)
  657. {
  658. png_push_save_buffer(png_ptr);
  659. return;
  660. }
  661. png_push_fill_buffer(png_ptr, chunk_length, 4);
  662. png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
  663. png_reset_crc(png_ptr);
  664. png_crc_read(png_ptr, chunk_tag, 4);
  665. png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
  666. png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
  667. if (png_ptr->chunk_name != png_IDAT)
  668. {
  669. png_ptr->process_mode = PNG_READ_CHUNK_MODE;
  670. if (!(png_ptr->flags & PNG_FLAG_ZLIB_FINISHED))
  671. png_error(png_ptr, "Not enough compressed data");
  672. return;
  673. }
  674. png_ptr->idat_size = png_ptr->push_length;
  675. }
  676. if (png_ptr->idat_size && png_ptr->save_buffer_size)
  677. {
  678. png_size_t save_size = png_ptr->save_buffer_size;
  679. png_uint_32 idat_size = png_ptr->idat_size;
  680. /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
  681. * are of different types and we don't know which variable has the fewest
  682. * bits. Carefully select the smaller and cast it to the type of the
  683. * larger - this cannot overflow. Do not cast in the following test - it
  684. * will break on either 16 or 64 bit platforms.
  685. */
  686. if (idat_size < save_size)
  687. save_size = (png_size_t)idat_size;
  688. else
  689. idat_size = (png_uint_32)save_size;
  690. png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size);
  691. png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size);
  692. png_ptr->idat_size -= idat_size;
  693. png_ptr->buffer_size -= save_size;
  694. png_ptr->save_buffer_size -= save_size;
  695. png_ptr->save_buffer_ptr += save_size;
  696. }
  697. if (png_ptr->idat_size && png_ptr->current_buffer_size)
  698. {
  699. png_size_t save_size = png_ptr->current_buffer_size;
  700. png_uint_32 idat_size = png_ptr->idat_size;
  701. /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
  702. * are of different types and we don't know which variable has the fewest
  703. * bits. Carefully select the smaller and cast it to the type of the
  704. * larger - this cannot overflow.
  705. */
  706. if (idat_size < save_size)
  707. save_size = (png_size_t)idat_size;
  708. else
  709. idat_size = (png_uint_32)save_size;
  710. png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size);
  711. png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size);
  712. png_ptr->idat_size -= idat_size;
  713. png_ptr->buffer_size -= save_size;
  714. png_ptr->current_buffer_size -= save_size;
  715. png_ptr->current_buffer_ptr += save_size;
  716. }
  717. if (!png_ptr->idat_size)
  718. {
  719. if (png_ptr->buffer_size < 4)
  720. {
  721. png_push_save_buffer(png_ptr);
  722. return;
  723. }
  724. png_crc_finish(png_ptr, 0);
  725. png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
  726. png_ptr->mode |= PNG_AFTER_IDAT;
  727. }
  728. }
  729. void /* PRIVATE */
  730. png_process_IDAT_data(png_structp png_ptr, png_bytep buffer,
  731. png_size_t buffer_length)
  732. {
  733. /* The caller checks for a non-zero buffer length. */
  734. if (!(buffer_length > 0) || buffer == NULL)
  735. png_error(png_ptr, "No IDAT data (internal error)");
  736. /* This routine must process all the data it has been given
  737. * before returning, calling the row callback as required to
  738. * handle the uncompressed results.
  739. */
  740. png_ptr->zstream.next_in = buffer;
  741. png_ptr->zstream.avail_in = (uInt)buffer_length;
  742. /* Keep going until the decompressed data is all processed
  743. * or the stream marked as finished.
  744. */
  745. while (png_ptr->zstream.avail_in > 0 &&
  746. !(png_ptr->flags & PNG_FLAG_ZLIB_FINISHED))
  747. {
  748. int ret;
  749. /* We have data for zlib, but we must check that zlib
  750. * has someplace to put the results. It doesn't matter
  751. * if we don't expect any results -- it may be the input
  752. * data is just the LZ end code.
  753. */
  754. if (!(png_ptr->zstream.avail_out > 0))
  755. {
  756. png_ptr->zstream.avail_out =
  757. (uInt) PNG_ROWBYTES(png_ptr->pixel_depth,
  758. png_ptr->iwidth) + 1;
  759. png_ptr->zstream.next_out = png_ptr->row_buf;
  760. }
  761. /* Using Z_SYNC_FLUSH here means that an unterminated
  762. * LZ stream (a stream with a missing end code) can still
  763. * be handled, otherwise (Z_NO_FLUSH) a future zlib
  764. * implementation might defer output and therefore
  765. * change the current behavior (see comments in inflate.c
  766. * for why this doesn't happen at present with zlib 1.2.5).
  767. */
  768. ret = inflate(&png_ptr->zstream, Z_SYNC_FLUSH);
  769. /* Check for any failure before proceeding. */
  770. if (ret != Z_OK && ret != Z_STREAM_END)
  771. {
  772. /* Terminate the decompression. */
  773. png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED;
  774. /* This may be a truncated stream (missing or
  775. * damaged end code). Treat that as a warning.
  776. */
  777. if (png_ptr->row_number >= png_ptr->num_rows ||
  778. png_ptr->pass > 6)
  779. png_warning(png_ptr, "Truncated compressed data in IDAT");
  780. else
  781. png_error(png_ptr, "Decompression error in IDAT");
  782. /* Skip the check on unprocessed input */
  783. return;
  784. }
  785. /* Did inflate output any data? */
  786. if (png_ptr->zstream.next_out != png_ptr->row_buf)
  787. {
  788. /* Is this unexpected data after the last row?
  789. * If it is, artificially terminate the LZ output
  790. * here.
  791. */
  792. if (png_ptr->row_number >= png_ptr->num_rows ||
  793. png_ptr->pass > 6)
  794. {
  795. /* Extra data. */
  796. png_warning(png_ptr, "Extra compressed data in IDAT");
  797. png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED;
  798. /* Do no more processing; skip the unprocessed
  799. * input check below.
  800. */
  801. return;
  802. }
  803. /* Do we have a complete row? */
  804. if (png_ptr->zstream.avail_out == 0)
  805. png_push_process_row(png_ptr);
  806. }
  807. /* And check for the end of the stream. */
  808. if (ret == Z_STREAM_END)
  809. png_ptr->flags |= PNG_FLAG_ZLIB_FINISHED;
  810. }
  811. /* All the data should have been processed, if anything
  812. * is left at this point we have bytes of IDAT data
  813. * after the zlib end code.
  814. */
  815. if (png_ptr->zstream.avail_in > 0)
  816. png_warning(png_ptr, "Extra compression data in IDAT");
  817. }
  818. void /* PRIVATE */
  819. png_push_process_row(png_structp png_ptr)
  820. {
  821. /* 1.5.6: row_info moved out of png_struct to a local here. */
  822. png_row_info row_info;
  823. row_info.width = png_ptr->iwidth; /* NOTE: width of current interlaced row */
  824. row_info.color_type = png_ptr->color_type;
  825. row_info.bit_depth = png_ptr->bit_depth;
  826. row_info.channels = png_ptr->channels;
  827. row_info.pixel_depth = png_ptr->pixel_depth;
  828. row_info.rowbytes = PNG_ROWBYTES(row_info.pixel_depth, row_info.width);
  829. if (png_ptr->row_buf[0] > PNG_FILTER_VALUE_NONE)
  830. {
  831. if (png_ptr->row_buf[0] < PNG_FILTER_VALUE_LAST)
  832. png_read_filter_row(png_ptr, &row_info, png_ptr->row_buf + 1,
  833. png_ptr->prev_row + 1, png_ptr->row_buf[0]);
  834. else
  835. png_error(png_ptr, "bad adaptive filter value");
  836. }
  837. /* libpng 1.5.6: the following line was copying png_ptr->rowbytes before
  838. * 1.5.6, while the buffer really is this big in current versions of libpng
  839. * it may not be in the future, so this was changed just to copy the
  840. * interlaced row count:
  841. */
  842. png_memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1);
  843. #ifdef PNG_READ_TRANSFORMS_SUPPORTED
  844. if (png_ptr->transformations)
  845. png_do_read_transformations(png_ptr, &row_info);
  846. #endif
  847. /* The transformed pixel depth should match the depth now in row_info. */
  848. if (png_ptr->transformed_pixel_depth == 0)
  849. {
  850. png_ptr->transformed_pixel_depth = row_info.pixel_depth;
  851. if (row_info.pixel_depth > png_ptr->maximum_pixel_depth)
  852. png_error(png_ptr, "progressive row overflow");
  853. }
  854. else if (png_ptr->transformed_pixel_depth != row_info.pixel_depth)
  855. png_error(png_ptr, "internal progressive row size calculation error");
  856. #ifdef PNG_READ_INTERLACING_SUPPORTED
  857. /* Blow up interlaced rows to full size */
  858. if (png_ptr->interlaced && (png_ptr->transformations & PNG_INTERLACE))
  859. {
  860. if (png_ptr->pass < 6)
  861. png_do_read_interlace(&row_info, png_ptr->row_buf + 1, png_ptr->pass,
  862. png_ptr->transformations);
  863. switch (png_ptr->pass)
  864. {
  865. case 0:
  866. {
  867. int i;
  868. for (i = 0; i < 8 && png_ptr->pass == 0; i++)
  869. {
  870. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  871. png_read_push_finish_row(png_ptr); /* Updates png_ptr->pass */
  872. }
  873. if (png_ptr->pass == 2) /* Pass 1 might be empty */
  874. {
  875. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  876. {
  877. png_push_have_row(png_ptr, NULL);
  878. png_read_push_finish_row(png_ptr);
  879. }
  880. }
  881. if (png_ptr->pass == 4 && png_ptr->height <= 4)
  882. {
  883. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  884. {
  885. png_push_have_row(png_ptr, NULL);
  886. png_read_push_finish_row(png_ptr);
  887. }
  888. }
  889. if (png_ptr->pass == 6 && png_ptr->height <= 4)
  890. {
  891. png_push_have_row(png_ptr, NULL);
  892. png_read_push_finish_row(png_ptr);
  893. }
  894. break;
  895. }
  896. case 1:
  897. {
  898. int i;
  899. for (i = 0; i < 8 && png_ptr->pass == 1; i++)
  900. {
  901. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  902. png_read_push_finish_row(png_ptr);
  903. }
  904. if (png_ptr->pass == 2) /* Skip top 4 generated rows */
  905. {
  906. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  907. {
  908. png_push_have_row(png_ptr, NULL);
  909. png_read_push_finish_row(png_ptr);
  910. }
  911. }
  912. break;
  913. }
  914. case 2:
  915. {
  916. int i;
  917. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  918. {
  919. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  920. png_read_push_finish_row(png_ptr);
  921. }
  922. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  923. {
  924. png_push_have_row(png_ptr, NULL);
  925. png_read_push_finish_row(png_ptr);
  926. }
  927. if (png_ptr->pass == 4) /* Pass 3 might be empty */
  928. {
  929. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  930. {
  931. png_push_have_row(png_ptr, NULL);
  932. png_read_push_finish_row(png_ptr);
  933. }
  934. }
  935. break;
  936. }
  937. case 3:
  938. {
  939. int i;
  940. for (i = 0; i < 4 && png_ptr->pass == 3; i++)
  941. {
  942. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  943. png_read_push_finish_row(png_ptr);
  944. }
  945. if (png_ptr->pass == 4) /* Skip top two generated rows */
  946. {
  947. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  948. {
  949. png_push_have_row(png_ptr, NULL);
  950. png_read_push_finish_row(png_ptr);
  951. }
  952. }
  953. break;
  954. }
  955. case 4:
  956. {
  957. int i;
  958. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  959. {
  960. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  961. png_read_push_finish_row(png_ptr);
  962. }
  963. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  964. {
  965. png_push_have_row(png_ptr, NULL);
  966. png_read_push_finish_row(png_ptr);
  967. }
  968. if (png_ptr->pass == 6) /* Pass 5 might be empty */
  969. {
  970. png_push_have_row(png_ptr, NULL);
  971. png_read_push_finish_row(png_ptr);
  972. }
  973. break;
  974. }
  975. case 5:
  976. {
  977. int i;
  978. for (i = 0; i < 2 && png_ptr->pass == 5; i++)
  979. {
  980. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  981. png_read_push_finish_row(png_ptr);
  982. }
  983. if (png_ptr->pass == 6) /* Skip top generated row */
  984. {
  985. png_push_have_row(png_ptr, NULL);
  986. png_read_push_finish_row(png_ptr);
  987. }
  988. break;
  989. }
  990. default:
  991. case 6:
  992. {
  993. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  994. png_read_push_finish_row(png_ptr);
  995. if (png_ptr->pass != 6)
  996. break;
  997. png_push_have_row(png_ptr, NULL);
  998. png_read_push_finish_row(png_ptr);
  999. }
  1000. }
  1001. }
  1002. else
  1003. #endif
  1004. {
  1005. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  1006. png_read_push_finish_row(png_ptr);
  1007. }
  1008. }
  1009. void /* PRIVATE */
  1010. png_read_push_finish_row(png_structp png_ptr)
  1011. {
  1012. #ifdef PNG_READ_INTERLACING_SUPPORTED
  1013. /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
  1014. /* Start of interlace block */
  1015. static PNG_CONST png_byte FARDATA png_pass_start[] = {0, 4, 0, 2, 0, 1, 0};
  1016. /* Offset to next interlace block */
  1017. static PNG_CONST png_byte FARDATA png_pass_inc[] = {8, 8, 4, 4, 2, 2, 1};
  1018. /* Start of interlace block in the y direction */
  1019. static PNG_CONST png_byte FARDATA png_pass_ystart[] = {0, 0, 4, 0, 2, 0, 1};
  1020. /* Offset to next interlace block in the y direction */
  1021. static PNG_CONST png_byte FARDATA png_pass_yinc[] = {8, 8, 8, 4, 4, 2, 2};
  1022. /* Height of interlace block. This is not currently used - if you need
  1023. * it, uncomment it here and in png.h
  1024. static PNG_CONST png_byte FARDATA png_pass_height[] = {8, 8, 4, 4, 2, 2, 1};
  1025. */
  1026. #endif
  1027. png_ptr->row_number++;
  1028. if (png_ptr->row_number < png_ptr->num_rows)
  1029. return;
  1030. #ifdef PNG_READ_INTERLACING_SUPPORTED
  1031. if (png_ptr->interlaced)
  1032. {
  1033. png_ptr->row_number = 0;
  1034. png_memset(png_ptr->prev_row, 0, png_ptr->rowbytes + 1);
  1035. do
  1036. {
  1037. png_ptr->pass++;
  1038. if ((png_ptr->pass == 1 && png_ptr->width < 5) ||
  1039. (png_ptr->pass == 3 && png_ptr->width < 3) ||
  1040. (png_ptr->pass == 5 && png_ptr->width < 2))
  1041. png_ptr->pass++;
  1042. if (png_ptr->pass > 7)
  1043. png_ptr->pass--;
  1044. if (png_ptr->pass >= 7)
  1045. break;
  1046. png_ptr->iwidth = (png_ptr->width +
  1047. png_pass_inc[png_ptr->pass] - 1 -
  1048. png_pass_start[png_ptr->pass]) /
  1049. png_pass_inc[png_ptr->pass];
  1050. if (png_ptr->transformations & PNG_INTERLACE)
  1051. break;
  1052. png_ptr->num_rows = (png_ptr->height +
  1053. png_pass_yinc[png_ptr->pass] - 1 -
  1054. png_pass_ystart[png_ptr->pass]) /
  1055. png_pass_yinc[png_ptr->pass];
  1056. } while (png_ptr->iwidth == 0 || png_ptr->num_rows == 0);
  1057. }
  1058. #endif /* PNG_READ_INTERLACING_SUPPORTED */
  1059. }
  1060. #ifdef PNG_READ_tEXt_SUPPORTED
  1061. void /* PRIVATE */
  1062. png_push_handle_tEXt(png_structp png_ptr, png_infop info_ptr, png_uint_32
  1063. length)
  1064. {
  1065. if (!(png_ptr->mode & PNG_HAVE_IHDR) || (png_ptr->mode & PNG_HAVE_IEND))
  1066. {
  1067. PNG_UNUSED(info_ptr) /* To quiet some compiler warnings */
  1068. png_error(png_ptr, "Out of place tEXt");
  1069. /* NOT REACHED */
  1070. }
  1071. #ifdef PNG_MAX_MALLOC_64K
  1072. png_ptr->skip_length = 0; /* This may not be necessary */
  1073. if (length > (png_uint_32)65535L) /* Can't hold entire string in memory */
  1074. {
  1075. png_warning(png_ptr, "tEXt chunk too large to fit in memory");
  1076. png_ptr->skip_length = length - (png_uint_32)65535L;
  1077. length = (png_uint_32)65535L;
  1078. }
  1079. #endif
  1080. png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1);
  1081. png_ptr->current_text[length] = '\0';
  1082. png_ptr->current_text_ptr = png_ptr->current_text;
  1083. png_ptr->current_text_size = (png_size_t)length;
  1084. png_ptr->current_text_left = (png_size_t)length;
  1085. png_ptr->process_mode = PNG_READ_tEXt_MODE;
  1086. }
  1087. void /* PRIVATE */
  1088. png_push_read_tEXt(png_structp png_ptr, png_infop info_ptr)
  1089. {
  1090. if (png_ptr->buffer_size && png_ptr->current_text_left)
  1091. {
  1092. png_size_t text_size;
  1093. if (png_ptr->buffer_size < png_ptr->current_text_left)
  1094. text_size = png_ptr->buffer_size;
  1095. else
  1096. text_size = png_ptr->current_text_left;
  1097. png_crc_read(png_ptr, (png_bytep)png_ptr->current_text_ptr, text_size);
  1098. png_ptr->current_text_left -= text_size;
  1099. png_ptr->current_text_ptr += text_size;
  1100. }
  1101. if (!(png_ptr->current_text_left))
  1102. {
  1103. png_textp text_ptr;
  1104. png_charp text;
  1105. png_charp key;
  1106. int ret;
  1107. if (png_ptr->buffer_size < 4)
  1108. {
  1109. png_push_save_buffer(png_ptr);
  1110. return;
  1111. }
  1112. png_push_crc_finish(png_ptr);
  1113. #ifdef PNG_MAX_MALLOC_64K
  1114. if (png_ptr->skip_length)
  1115. return;
  1116. #endif
  1117. key = png_ptr->current_text;
  1118. for (text = key; *text; text++)
  1119. /* Empty loop */ ;
  1120. if (text < key + png_ptr->current_text_size)
  1121. text++;
  1122. text_ptr = (png_textp)png_malloc(png_ptr, png_sizeof(png_text));
  1123. text_ptr->compression = PNG_TEXT_COMPRESSION_NONE;
  1124. text_ptr->key = key;
  1125. text_ptr->itxt_length = 0;
  1126. text_ptr->lang = NULL;
  1127. text_ptr->lang_key = NULL;
  1128. text_ptr->text = text;
  1129. ret = png_set_text_2(png_ptr, info_ptr, text_ptr, 1);
  1130. png_free(png_ptr, key);
  1131. png_free(png_ptr, text_ptr);
  1132. png_ptr->current_text = NULL;
  1133. if (ret)
  1134. png_warning(png_ptr, "Insufficient memory to store text chunk");
  1135. }
  1136. }
  1137. #endif
  1138. #ifdef PNG_READ_zTXt_SUPPORTED
  1139. void /* PRIVATE */
  1140. png_push_handle_zTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32
  1141. length)
  1142. {
  1143. if (!(png_ptr->mode & PNG_HAVE_IHDR) || (png_ptr->mode & PNG_HAVE_IEND))
  1144. {
  1145. PNG_UNUSED(info_ptr) /* To quiet some compiler warnings */
  1146. png_error(png_ptr, "Out of place zTXt");
  1147. /* NOT REACHED */
  1148. }
  1149. #ifdef PNG_MAX_MALLOC_64K
  1150. /* We can't handle zTXt chunks > 64K, since we don't have enough space
  1151. * to be able to store the uncompressed data. Actually, the threshold
  1152. * is probably around 32K, but it isn't as definite as 64K is.
  1153. */
  1154. if (length > (png_uint_32)65535L)
  1155. {
  1156. png_warning(png_ptr, "zTXt chunk too large to fit in memory");
  1157. png_push_crc_skip(png_ptr, length);
  1158. return;
  1159. }
  1160. #endif
  1161. png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1);
  1162. png_ptr->current_text[length] = '\0';
  1163. png_ptr->current_text_ptr = png_ptr->current_text;
  1164. png_ptr->current_text_size = (png_size_t)length;
  1165. png_ptr->current_text_left = (png_size_t)length;
  1166. png_ptr->process_mode = PNG_READ_zTXt_MODE;
  1167. }
  1168. void /* PRIVATE */
  1169. png_push_read_zTXt(png_structp png_ptr, png_infop info_ptr)
  1170. {
  1171. if (png_ptr->buffer_size && png_ptr->current_text_left)
  1172. {
  1173. png_size_t text_size;
  1174. if (png_ptr->buffer_size < (png_uint_32)png_ptr->current_text_left)
  1175. text_size = png_ptr->buffer_size;
  1176. else
  1177. text_size = png_ptr->current_text_left;
  1178. png_crc_read(png_ptr, (png_bytep)png_ptr->current_text_ptr, text_size);
  1179. png_ptr->current_text_left -= text_size;
  1180. png_ptr->current_text_ptr += text_size;
  1181. }
  1182. if (!(png_ptr->current_text_left))
  1183. {
  1184. png_textp text_ptr;
  1185. png_charp text;
  1186. png_charp key;
  1187. int ret;
  1188. png_size_t text_size, key_size;
  1189. if (png_ptr->buffer_size < 4)
  1190. {
  1191. png_push_save_buffer(png_ptr);
  1192. return;
  1193. }
  1194. png_push_crc_finish(png_ptr);
  1195. key = png_ptr->current_text;
  1196. for (text = key; *text; text++)
  1197. /* Empty loop */ ;
  1198. /* zTXt can't have zero text */
  1199. if (text >= key + png_ptr->current_text_size)
  1200. {
  1201. png_ptr->current_text = NULL;
  1202. png_free(png_ptr, key);
  1203. return;
  1204. }
  1205. text++;
  1206. if (*text != PNG_TEXT_COMPRESSION_zTXt) /* Check compression byte */
  1207. {
  1208. png_ptr->current_text = NULL;
  1209. png_free(png_ptr, key);
  1210. return;
  1211. }
  1212. text++;
  1213. png_ptr->zstream.next_in = (png_bytep)text;
  1214. png_ptr->zstream.avail_in = (uInt)(png_ptr->current_text_size -
  1215. (text - key));
  1216. png_ptr->zstream.next_out = png_ptr->zbuf;
  1217. png_ptr->zstream.avail_out = (uInt)png_ptr->zbuf_size;
  1218. key_size = text - key;
  1219. text_size = 0;
  1220. text = NULL;
  1221. ret = Z_STREAM_END;
  1222. while (png_ptr->zstream.avail_in)
  1223. {
  1224. ret = inflate(&png_ptr->zstream, Z_PARTIAL_FLUSH);
  1225. if (ret != Z_OK && ret != Z_STREAM_END)
  1226. {
  1227. inflateReset(&png_ptr->zstream);
  1228. png_ptr->zstream.avail_in = 0;
  1229. png_ptr->current_text = NULL;
  1230. png_free(png_ptr, key);
  1231. png_free(png_ptr, text);
  1232. return;
  1233. }
  1234. if (!(png_ptr->zstream.avail_out) || ret == Z_STREAM_END)
  1235. {
  1236. if (text == NULL)
  1237. {
  1238. text = (png_charp)png_malloc(png_ptr,
  1239. (png_ptr->zbuf_size
  1240. - png_ptr->zstream.avail_out + key_size + 1));
  1241. png_memcpy(text + key_size, png_ptr->zbuf,
  1242. png_ptr->zbuf_size - png_ptr->zstream.avail_out);
  1243. png_memcpy(text, key, key_size);
  1244. text_size = key_size + png_ptr->zbuf_size -
  1245. png_ptr->zstream.avail_out;
  1246. *(text + text_size) = '\0';
  1247. }
  1248. else
  1249. {
  1250. png_charp tmp;
  1251. tmp = text;
  1252. text = (png_charp)png_malloc(png_ptr, text_size +
  1253. (png_ptr->zbuf_size
  1254. - png_ptr->zstream.avail_out + 1));
  1255. png_memcpy(text, tmp, text_size);
  1256. png_free(png_ptr, tmp);
  1257. png_memcpy(text + text_size, png_ptr->zbuf,
  1258. png_ptr->zbuf_size - png_ptr->zstream.avail_out);
  1259. text_size += png_ptr->zbuf_size - png_ptr->zstream.avail_out;
  1260. *(text + text_size) = '\0';
  1261. }
  1262. if (ret != Z_STREAM_END)
  1263. {
  1264. png_ptr->zstream.next_out = png_ptr->zbuf;
  1265. png_ptr->zstream.avail_out = (uInt)png_ptr->zbuf_size;
  1266. }
  1267. }
  1268. else
  1269. {
  1270. break;
  1271. }
  1272. if (ret == Z_STREAM_END)
  1273. break;
  1274. }
  1275. inflateReset(&png_ptr->zstream);
  1276. png_ptr->zstream.avail_in = 0;
  1277. if (ret != Z_STREAM_END)
  1278. {
  1279. png_ptr->current_text = NULL;
  1280. png_free(png_ptr, key);
  1281. png_free(png_ptr, text);
  1282. return;
  1283. }
  1284. png_ptr->current_text = NULL;
  1285. png_free(png_ptr, key);
  1286. key = text;
  1287. text += key_size;
  1288. text_ptr = (png_textp)png_malloc(png_ptr,
  1289. png_sizeof(png_text));
  1290. text_ptr->compression = PNG_TEXT_COMPRESSION_zTXt;
  1291. text_ptr->key = key;
  1292. text_ptr->itxt_length = 0;
  1293. text_ptr->lang = NULL;
  1294. text_ptr->lang_key = NULL;
  1295. text_ptr->text = text;
  1296. ret = png_set_text_2(png_ptr, info_ptr, text_ptr, 1);
  1297. png_free(png_ptr, key);
  1298. png_free(png_ptr, text_ptr);
  1299. if (ret)
  1300. png_warning(png_ptr, "Insufficient memory to store text chunk");
  1301. }
  1302. }
  1303. #endif
  1304. #ifdef PNG_READ_iTXt_SUPPORTED
  1305. void /* PRIVATE */
  1306. png_push_handle_iTXt(png_structp png_ptr, png_infop info_ptr, png_uint_32
  1307. length)
  1308. {
  1309. if (!(png_ptr->mode & PNG_HAVE_IHDR) || (png_ptr->mode & PNG_HAVE_IEND))
  1310. {
  1311. PNG_UNUSED(info_ptr) /* To quiet some compiler warnings */
  1312. png_error(png_ptr, "Out of place iTXt");
  1313. /* NOT REACHED */
  1314. }
  1315. #ifdef PNG_MAX_MALLOC_64K
  1316. png_ptr->skip_length = 0; /* This may not be necessary */
  1317. if (length > (png_uint_32)65535L) /* Can't hold entire string in memory */
  1318. {
  1319. png_warning(png_ptr, "iTXt chunk too large to fit in memory");
  1320. png_ptr->skip_length = length - (png_uint_32)65535L;
  1321. length = (png_uint_32)65535L;
  1322. }
  1323. #endif
  1324. png_ptr->current_text = (png_charp)png_malloc(png_ptr, length + 1);
  1325. png_ptr->current_text[length] = '\0';
  1326. png_ptr->current_text_ptr = png_ptr->current_text;
  1327. png_ptr->current_text_size = (png_size_t)length;
  1328. png_ptr->current_text_left = (png_size_t)length;
  1329. png_ptr->process_mode = PNG_READ_iTXt_MODE;
  1330. }
  1331. void /* PRIVATE */
  1332. png_push_read_iTXt(png_structp png_ptr, png_infop info_ptr)
  1333. {
  1334. if (png_ptr->buffer_size && png_ptr->current_text_left)
  1335. {
  1336. png_size_t text_size;
  1337. if (png_ptr->buffer_size < png_ptr->current_text_left)
  1338. text_size = png_ptr->buffer_size;
  1339. else
  1340. text_size = png_ptr->current_text_left;
  1341. png_crc_read(png_ptr, (png_bytep)png_ptr->current_text_ptr, text_size);
  1342. png_ptr->current_text_left -= text_size;
  1343. png_ptr->current_text_ptr += text_size;
  1344. }
  1345. if (!(png_ptr->current_text_left))
  1346. {
  1347. png_textp text_ptr;
  1348. png_charp key;
  1349. int comp_flag;
  1350. png_charp lang;
  1351. png_charp lang_key;
  1352. png_charp text;
  1353. int ret;
  1354. if (png_ptr->buffer_size < 4)
  1355. {
  1356. png_push_save_buffer(png_ptr);
  1357. return;
  1358. }
  1359. png_push_crc_finish(png_ptr);
  1360. #ifdef PNG_MAX_MALLOC_64K
  1361. if (png_ptr->skip_length)
  1362. return;
  1363. #endif
  1364. key = png_ptr->current_text;
  1365. for (lang = key; *lang; lang++)
  1366. /* Empty loop */ ;
  1367. if (lang < key + png_ptr->current_text_size - 3)
  1368. lang++;
  1369. comp_flag = *lang++;
  1370. lang++; /* Skip comp_type, always zero */
  1371. for (lang_key = lang; *lang_key; lang_key++)
  1372. /* Empty loop */ ;
  1373. lang_key++; /* Skip NUL separator */
  1374. text=lang_key;
  1375. if (lang_key < key + png_ptr->current_text_size - 1)
  1376. {
  1377. for (; *text; text++)
  1378. /* Empty loop */ ;
  1379. }
  1380. if (text < key + png_ptr->current_text_size)
  1381. text++;
  1382. text_ptr = (png_textp)png_malloc(png_ptr,
  1383. png_sizeof(png_text));
  1384. text_ptr->compression = comp_flag + 2;
  1385. text_ptr->key = key;
  1386. text_ptr->lang = lang;
  1387. text_ptr->lang_key = lang_key;
  1388. text_ptr->text = text;
  1389. text_ptr->text_length = 0;
  1390. text_ptr->itxt_length = png_strlen(text);
  1391. ret = png_set_text_2(png_ptr, info_ptr, text_ptr, 1);
  1392. png_ptr->current_text = NULL;
  1393. png_free(png_ptr, text_ptr);
  1394. if (ret)
  1395. png_warning(png_ptr, "Insufficient memory to store iTXt chunk");
  1396. }
  1397. }
  1398. #endif
  1399. /* This function is called when we haven't found a handler for this
  1400. * chunk. If there isn't a problem with the chunk itself (ie a bad chunk
  1401. * name or a critical chunk), the chunk is (currently) silently ignored.
  1402. */
  1403. void /* PRIVATE */
  1404. png_push_handle_unknown(png_structp png_ptr, png_infop info_ptr, png_uint_32
  1405. length)
  1406. {
  1407. png_uint_32 skip = 0;
  1408. png_uint_32 chunk_name = png_ptr->chunk_name;
  1409. if (PNG_CHUNK_CRITICAL(chunk_name))
  1410. {
  1411. #ifdef PNG_READ_UNKNOWN_CHUNKS_SUPPORTED
  1412. if (png_chunk_unknown_handling(png_ptr, chunk_name) !=
  1413. PNG_HANDLE_CHUNK_ALWAYS
  1414. #ifdef PNG_READ_USER_CHUNKS_SUPPORTED
  1415. && png_ptr->read_user_chunk_fn == NULL
  1416. #endif
  1417. )
  1418. #endif
  1419. png_chunk_error(png_ptr, "unknown critical chunk");
  1420. PNG_UNUSED(info_ptr) /* To quiet some compiler warnings */
  1421. }
  1422. #ifdef PNG_READ_UNKNOWN_CHUNKS_SUPPORTED
  1423. /* TODO: the code below is apparently just using the
  1424. * png_struct::unknown_chunk member as a temporarily variable, it should be
  1425. * possible to eliminate both it and the temporary buffer.
  1426. */
  1427. if (png_ptr->flags & PNG_FLAG_KEEP_UNKNOWN_CHUNKS)
  1428. {
  1429. #ifdef PNG_MAX_MALLOC_64K
  1430. if (length > 65535)
  1431. {
  1432. png_warning(png_ptr, "unknown chunk too large to fit in memory");
  1433. skip = length - 65535;
  1434. length = 65535;
  1435. }
  1436. #endif
  1437. /* This is just a record for the user; libpng doesn't use the character
  1438. * form of the name.
  1439. */
  1440. PNG_CSTRING_FROM_CHUNK(png_ptr->unknown_chunk.name, png_ptr->chunk_name);
  1441. png_ptr->unknown_chunk.size = length;
  1442. if (length == 0)
  1443. png_ptr->unknown_chunk.data = NULL;
  1444. else
  1445. {
  1446. png_ptr->unknown_chunk.data = (png_bytep)png_malloc(png_ptr,
  1447. png_ptr->unknown_chunk.size);
  1448. png_crc_read(png_ptr, (png_bytep)png_ptr->unknown_chunk.data,
  1449. png_ptr->unknown_chunk.size);
  1450. }
  1451. #ifdef PNG_READ_USER_CHUNKS_SUPPORTED
  1452. if (png_ptr->read_user_chunk_fn != NULL)
  1453. {
  1454. /* Callback to user unknown chunk handler */
  1455. int ret;
  1456. ret = (*(png_ptr->read_user_chunk_fn))
  1457. (png_ptr, &png_ptr->unknown_chunk);
  1458. if (ret < 0)
  1459. png_chunk_error(png_ptr, "error in user chunk");
  1460. if (ret == 0)
  1461. {
  1462. if (PNG_CHUNK_CRITICAL(png_ptr->chunk_name))
  1463. if (png_chunk_unknown_handling(png_ptr, chunk_name) !=
  1464. PNG_HANDLE_CHUNK_ALWAYS)
  1465. png_chunk_error(png_ptr, "unknown critical chunk");
  1466. png_set_unknown_chunks(png_ptr, info_ptr,
  1467. &png_ptr->unknown_chunk, 1);
  1468. }
  1469. }
  1470. else
  1471. #endif
  1472. png_set_unknown_chunks(png_ptr, info_ptr, &png_ptr->unknown_chunk, 1);
  1473. png_free(png_ptr, png_ptr->unknown_chunk.data);
  1474. png_ptr->unknown_chunk.data = NULL;
  1475. }
  1476. else
  1477. #endif
  1478. skip=length;
  1479. png_push_crc_skip(png_ptr, skip);
  1480. }
  1481. void /* PRIVATE */
  1482. png_push_have_info(png_structp png_ptr, png_infop info_ptr)
  1483. {
  1484. if (png_ptr->info_fn != NULL)
  1485. (*(png_ptr->info_fn))(png_ptr, info_ptr);
  1486. }
  1487. void /* PRIVATE */
  1488. png_push_have_end(png_structp png_ptr, png_infop info_ptr)
  1489. {
  1490. if (png_ptr->end_fn != NULL)
  1491. (*(png_ptr->end_fn))(png_ptr, info_ptr);
  1492. }
  1493. void /* PRIVATE */
  1494. png_push_have_row(png_structp png_ptr, png_bytep row)
  1495. {
  1496. if (png_ptr->row_fn != NULL)
  1497. (*(png_ptr->row_fn))(png_ptr, row, png_ptr->row_number,
  1498. (int)png_ptr->pass);
  1499. }
  1500. #ifdef PNG_READ_INTERLACING_SUPPORTED
  1501. void PNGAPI
  1502. png_progressive_combine_row (png_structp png_ptr, png_bytep old_row,
  1503. png_const_bytep new_row)
  1504. {
  1505. if (png_ptr == NULL)
  1506. return;
  1507. /* new_row is a flag here - if it is NULL then the app callback was called
  1508. * from an empty row (see the calls to png_struct::row_fn below), otherwise
  1509. * it must be png_ptr->row_buf+1
  1510. */
  1511. if (new_row != NULL)
  1512. png_combine_row(png_ptr, old_row, 1/*display*/);
  1513. }
  1514. #endif /* PNG_READ_INTERLACING_SUPPORTED */
  1515. void PNGAPI
  1516. png_set_progressive_read_fn(png_structp png_ptr, png_voidp progressive_ptr,
  1517. png_progressive_info_ptr info_fn, png_progressive_row_ptr row_fn,
  1518. png_progressive_end_ptr end_fn)
  1519. {
  1520. if (png_ptr == NULL)
  1521. return;
  1522. png_ptr->info_fn = info_fn;
  1523. png_ptr->row_fn = row_fn;
  1524. png_ptr->end_fn = end_fn;
  1525. png_set_read_fn(png_ptr, progressive_ptr, png_push_fill_buffer);
  1526. }
  1527. png_voidp PNGAPI
  1528. png_get_progressive_ptr(png_const_structp png_ptr)
  1529. {
  1530. if (png_ptr == NULL)
  1531. return (NULL);
  1532. return png_ptr->io_ptr;
  1533. }
  1534. #endif /* PNG_PROGRESSIVE_READ_SUPPORTED */