pngpread.c 31 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105
  1. /* pngpread.c - read a png file in push mode
  2. *
  3. * Copyright (c) 2018-2024 Cosmin Truta
  4. * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
  5. * Copyright (c) 1996-1997 Andreas Dilger
  6. * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
  7. *
  8. * This code is released under the libpng license.
  9. * For conditions of distribution and use, see the disclaimer
  10. * and license in png.h
  11. */
  12. #include "pngpriv.h"
  13. #ifdef PNG_PROGRESSIVE_READ_SUPPORTED
  14. /* Push model modes */
  15. #define PNG_READ_SIG_MODE 0
  16. #define PNG_READ_CHUNK_MODE 1
  17. #define PNG_READ_IDAT_MODE 2
  18. #define PNG_READ_tEXt_MODE 4
  19. #define PNG_READ_zTXt_MODE 5
  20. #define PNG_READ_DONE_MODE 6
  21. #define PNG_READ_iTXt_MODE 7
  22. #define PNG_ERROR_MODE 8
  23. #define PNG_PUSH_SAVE_BUFFER_IF_FULL \
  24. if (png_ptr->push_length + 4 > png_ptr->buffer_size) \
  25. { png_push_save_buffer(png_ptr); return; }
  26. #define PNG_PUSH_SAVE_BUFFER_IF_LT(N) \
  27. if (png_ptr->buffer_size < N) \
  28. { png_push_save_buffer(png_ptr); return; }
  29. void PNGAPI
  30. png_process_data(png_structrp png_ptr, png_inforp info_ptr,
  31. png_bytep buffer, size_t buffer_size)
  32. {
  33. if (png_ptr == NULL || info_ptr == NULL)
  34. return;
  35. png_push_restore_buffer(png_ptr, buffer, buffer_size);
  36. while (png_ptr->buffer_size)
  37. {
  38. png_process_some_data(png_ptr, info_ptr);
  39. }
  40. }
  41. size_t PNGAPI
  42. png_process_data_pause(png_structrp png_ptr, int save)
  43. {
  44. if (png_ptr != NULL)
  45. {
  46. /* It's easiest for the caller if we do the save; then the caller doesn't
  47. * have to supply the same data again:
  48. */
  49. if (save != 0)
  50. png_push_save_buffer(png_ptr);
  51. else
  52. {
  53. /* This includes any pending saved bytes: */
  54. size_t remaining = png_ptr->buffer_size;
  55. png_ptr->buffer_size = 0;
  56. /* So subtract the saved buffer size, unless all the data
  57. * is actually 'saved', in which case we just return 0
  58. */
  59. if (png_ptr->save_buffer_size < remaining)
  60. return remaining - png_ptr->save_buffer_size;
  61. }
  62. }
  63. return 0;
  64. }
  65. png_uint_32 PNGAPI
  66. png_process_data_skip(png_structrp png_ptr)
  67. {
  68. /* TODO: Deprecate and remove this API.
  69. * Somewhere the implementation of this seems to have been lost,
  70. * or abandoned. It was only to support some internal back-door access
  71. * to png_struct) in libpng-1.4.x.
  72. */
  73. png_app_warning(png_ptr,
  74. "png_process_data_skip is not implemented in any current version of libpng");
  75. return 0;
  76. }
  77. /* What we do with the incoming data depends on what we were previously
  78. * doing before we ran out of data...
  79. */
  80. void /* PRIVATE */
  81. png_process_some_data(png_structrp png_ptr, png_inforp info_ptr)
  82. {
  83. if (png_ptr == NULL)
  84. return;
  85. switch (png_ptr->process_mode)
  86. {
  87. case PNG_READ_SIG_MODE:
  88. {
  89. png_push_read_sig(png_ptr, info_ptr);
  90. break;
  91. }
  92. case PNG_READ_CHUNK_MODE:
  93. {
  94. png_push_read_chunk(png_ptr, info_ptr);
  95. break;
  96. }
  97. case PNG_READ_IDAT_MODE:
  98. {
  99. png_push_read_IDAT(png_ptr);
  100. break;
  101. }
  102. default:
  103. {
  104. png_ptr->buffer_size = 0;
  105. break;
  106. }
  107. }
  108. }
  109. /* Read any remaining signature bytes from the stream and compare them with
  110. * the correct PNG signature. It is possible that this routine is called
  111. * with bytes already read from the signature, either because they have been
  112. * checked by the calling application, or because of multiple calls to this
  113. * routine.
  114. */
  115. void /* PRIVATE */
  116. png_push_read_sig(png_structrp png_ptr, png_inforp info_ptr)
  117. {
  118. size_t num_checked = png_ptr->sig_bytes; /* SAFE, does not exceed 8 */
  119. size_t num_to_check = 8 - num_checked;
  120. if (png_ptr->buffer_size < num_to_check)
  121. {
  122. num_to_check = png_ptr->buffer_size;
  123. }
  124. png_push_fill_buffer(png_ptr, &(info_ptr->signature[num_checked]),
  125. num_to_check);
  126. png_ptr->sig_bytes = (png_byte)(png_ptr->sig_bytes + num_to_check);
  127. if (png_sig_cmp(info_ptr->signature, num_checked, num_to_check) != 0)
  128. {
  129. if (num_checked < 4 &&
  130. png_sig_cmp(info_ptr->signature, num_checked, num_to_check - 4) != 0)
  131. png_error(png_ptr, "Not a PNG file");
  132. else
  133. png_error(png_ptr, "PNG file corrupted by ASCII conversion");
  134. }
  135. else
  136. {
  137. if (png_ptr->sig_bytes >= 8)
  138. {
  139. png_ptr->process_mode = PNG_READ_CHUNK_MODE;
  140. }
  141. }
  142. }
  143. void /* PRIVATE */
  144. png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
  145. {
  146. png_uint_32 chunk_name;
  147. #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
  148. int keep; /* unknown handling method */
  149. #endif
  150. /* First we make sure we have enough data for the 4-byte chunk name
  151. * and the 4-byte chunk length before proceeding with decoding the
  152. * chunk data. To fully decode each of these chunks, we also make
  153. * sure we have enough data in the buffer for the 4-byte CRC at the
  154. * end of every chunk (except IDAT, which is handled separately).
  155. */
  156. if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0)
  157. {
  158. png_byte chunk_length[4];
  159. png_byte chunk_tag[4];
  160. PNG_PUSH_SAVE_BUFFER_IF_LT(8)
  161. png_push_fill_buffer(png_ptr, chunk_length, 4);
  162. png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
  163. png_reset_crc(png_ptr);
  164. png_crc_read(png_ptr, chunk_tag, 4);
  165. png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
  166. png_check_chunk_name(png_ptr, png_ptr->chunk_name);
  167. png_check_chunk_length(png_ptr, png_ptr->push_length);
  168. png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
  169. }
  170. chunk_name = png_ptr->chunk_name;
  171. if (chunk_name == png_IDAT)
  172. {
  173. if ((png_ptr->mode & PNG_AFTER_IDAT) != 0)
  174. png_ptr->mode |= PNG_HAVE_CHUNK_AFTER_IDAT;
  175. /* If we reach an IDAT chunk, this means we have read all of the
  176. * header chunks, and we can start reading the image (or if this
  177. * is called after the image has been read - we have an error).
  178. */
  179. if ((png_ptr->mode & PNG_HAVE_IHDR) == 0)
  180. png_error(png_ptr, "Missing IHDR before IDAT");
  181. else if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE &&
  182. (png_ptr->mode & PNG_HAVE_PLTE) == 0)
  183. png_error(png_ptr, "Missing PLTE before IDAT");
  184. png_ptr->process_mode = PNG_READ_IDAT_MODE;
  185. if ((png_ptr->mode & PNG_HAVE_IDAT) != 0)
  186. if ((png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT) == 0)
  187. if (png_ptr->push_length == 0)
  188. return;
  189. png_ptr->mode |= PNG_HAVE_IDAT;
  190. if ((png_ptr->mode & PNG_AFTER_IDAT) != 0)
  191. png_benign_error(png_ptr, "Too many IDATs found");
  192. }
  193. if (chunk_name == png_IHDR)
  194. {
  195. if (png_ptr->push_length != 13)
  196. png_error(png_ptr, "Invalid IHDR length");
  197. PNG_PUSH_SAVE_BUFFER_IF_FULL
  198. png_handle_IHDR(png_ptr, info_ptr, png_ptr->push_length);
  199. }
  200. else if (chunk_name == png_IEND)
  201. {
  202. PNG_PUSH_SAVE_BUFFER_IF_FULL
  203. png_handle_IEND(png_ptr, info_ptr, png_ptr->push_length);
  204. png_ptr->process_mode = PNG_READ_DONE_MODE;
  205. png_push_have_end(png_ptr, info_ptr);
  206. }
  207. #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
  208. else if ((keep = png_chunk_unknown_handling(png_ptr, chunk_name)) != 0)
  209. {
  210. PNG_PUSH_SAVE_BUFFER_IF_FULL
  211. png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length, keep);
  212. if (chunk_name == png_PLTE)
  213. png_ptr->mode |= PNG_HAVE_PLTE;
  214. }
  215. #endif
  216. else if (chunk_name == png_PLTE)
  217. {
  218. PNG_PUSH_SAVE_BUFFER_IF_FULL
  219. png_handle_PLTE(png_ptr, info_ptr, png_ptr->push_length);
  220. }
  221. else if (chunk_name == png_IDAT)
  222. {
  223. png_ptr->idat_size = png_ptr->push_length;
  224. png_ptr->process_mode = PNG_READ_IDAT_MODE;
  225. png_push_have_info(png_ptr, info_ptr);
  226. png_ptr->zstream.avail_out =
  227. (uInt) PNG_ROWBYTES(png_ptr->pixel_depth,
  228. png_ptr->iwidth) + 1;
  229. png_ptr->zstream.next_out = png_ptr->row_buf;
  230. return;
  231. }
  232. #ifdef PNG_READ_gAMA_SUPPORTED
  233. else if (png_ptr->chunk_name == png_gAMA)
  234. {
  235. PNG_PUSH_SAVE_BUFFER_IF_FULL
  236. png_handle_gAMA(png_ptr, info_ptr, png_ptr->push_length);
  237. }
  238. #endif
  239. #ifdef PNG_READ_sBIT_SUPPORTED
  240. else if (png_ptr->chunk_name == png_sBIT)
  241. {
  242. PNG_PUSH_SAVE_BUFFER_IF_FULL
  243. png_handle_sBIT(png_ptr, info_ptr, png_ptr->push_length);
  244. }
  245. #endif
  246. #ifdef PNG_READ_cHRM_SUPPORTED
  247. else if (png_ptr->chunk_name == png_cHRM)
  248. {
  249. PNG_PUSH_SAVE_BUFFER_IF_FULL
  250. png_handle_cHRM(png_ptr, info_ptr, png_ptr->push_length);
  251. }
  252. #endif
  253. #ifdef PNG_READ_eXIf_SUPPORTED
  254. else if (png_ptr->chunk_name == png_eXIf)
  255. {
  256. PNG_PUSH_SAVE_BUFFER_IF_FULL
  257. png_handle_eXIf(png_ptr, info_ptr, png_ptr->push_length);
  258. }
  259. #endif
  260. #ifdef PNG_READ_sRGB_SUPPORTED
  261. else if (chunk_name == png_sRGB)
  262. {
  263. PNG_PUSH_SAVE_BUFFER_IF_FULL
  264. png_handle_sRGB(png_ptr, info_ptr, png_ptr->push_length);
  265. }
  266. #endif
  267. #ifdef PNG_READ_iCCP_SUPPORTED
  268. else if (png_ptr->chunk_name == png_iCCP)
  269. {
  270. PNG_PUSH_SAVE_BUFFER_IF_FULL
  271. png_handle_iCCP(png_ptr, info_ptr, png_ptr->push_length);
  272. }
  273. #endif
  274. #ifdef PNG_READ_sPLT_SUPPORTED
  275. else if (chunk_name == png_sPLT)
  276. {
  277. PNG_PUSH_SAVE_BUFFER_IF_FULL
  278. png_handle_sPLT(png_ptr, info_ptr, png_ptr->push_length);
  279. }
  280. #endif
  281. #ifdef PNG_READ_tRNS_SUPPORTED
  282. else if (chunk_name == png_tRNS)
  283. {
  284. PNG_PUSH_SAVE_BUFFER_IF_FULL
  285. png_handle_tRNS(png_ptr, info_ptr, png_ptr->push_length);
  286. }
  287. #endif
  288. #ifdef PNG_READ_bKGD_SUPPORTED
  289. else if (chunk_name == png_bKGD)
  290. {
  291. PNG_PUSH_SAVE_BUFFER_IF_FULL
  292. png_handle_bKGD(png_ptr, info_ptr, png_ptr->push_length);
  293. }
  294. #endif
  295. #ifdef PNG_READ_hIST_SUPPORTED
  296. else if (chunk_name == png_hIST)
  297. {
  298. PNG_PUSH_SAVE_BUFFER_IF_FULL
  299. png_handle_hIST(png_ptr, info_ptr, png_ptr->push_length);
  300. }
  301. #endif
  302. #ifdef PNG_READ_pHYs_SUPPORTED
  303. else if (chunk_name == png_pHYs)
  304. {
  305. PNG_PUSH_SAVE_BUFFER_IF_FULL
  306. png_handle_pHYs(png_ptr, info_ptr, png_ptr->push_length);
  307. }
  308. #endif
  309. #ifdef PNG_READ_oFFs_SUPPORTED
  310. else if (chunk_name == png_oFFs)
  311. {
  312. PNG_PUSH_SAVE_BUFFER_IF_FULL
  313. png_handle_oFFs(png_ptr, info_ptr, png_ptr->push_length);
  314. }
  315. #endif
  316. #ifdef PNG_READ_pCAL_SUPPORTED
  317. else if (chunk_name == png_pCAL)
  318. {
  319. PNG_PUSH_SAVE_BUFFER_IF_FULL
  320. png_handle_pCAL(png_ptr, info_ptr, png_ptr->push_length);
  321. }
  322. #endif
  323. #ifdef PNG_READ_sCAL_SUPPORTED
  324. else if (chunk_name == png_sCAL)
  325. {
  326. PNG_PUSH_SAVE_BUFFER_IF_FULL
  327. png_handle_sCAL(png_ptr, info_ptr, png_ptr->push_length);
  328. }
  329. #endif
  330. #ifdef PNG_READ_tIME_SUPPORTED
  331. else if (chunk_name == png_tIME)
  332. {
  333. PNG_PUSH_SAVE_BUFFER_IF_FULL
  334. png_handle_tIME(png_ptr, info_ptr, png_ptr->push_length);
  335. }
  336. #endif
  337. #ifdef PNG_READ_tEXt_SUPPORTED
  338. else if (chunk_name == png_tEXt)
  339. {
  340. PNG_PUSH_SAVE_BUFFER_IF_FULL
  341. png_handle_tEXt(png_ptr, info_ptr, png_ptr->push_length);
  342. }
  343. #endif
  344. #ifdef PNG_READ_zTXt_SUPPORTED
  345. else if (chunk_name == png_zTXt)
  346. {
  347. PNG_PUSH_SAVE_BUFFER_IF_FULL
  348. png_handle_zTXt(png_ptr, info_ptr, png_ptr->push_length);
  349. }
  350. #endif
  351. #ifdef PNG_READ_iTXt_SUPPORTED
  352. else if (chunk_name == png_iTXt)
  353. {
  354. PNG_PUSH_SAVE_BUFFER_IF_FULL
  355. png_handle_iTXt(png_ptr, info_ptr, png_ptr->push_length);
  356. }
  357. #endif
  358. else
  359. {
  360. PNG_PUSH_SAVE_BUFFER_IF_FULL
  361. png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length,
  362. PNG_HANDLE_CHUNK_AS_DEFAULT);
  363. }
  364. png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
  365. }
  366. void PNGCBAPI
  367. png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, size_t length)
  368. {
  369. png_bytep ptr;
  370. if (png_ptr == NULL)
  371. return;
  372. ptr = buffer;
  373. if (png_ptr->save_buffer_size != 0)
  374. {
  375. size_t save_size;
  376. if (length < png_ptr->save_buffer_size)
  377. save_size = length;
  378. else
  379. save_size = png_ptr->save_buffer_size;
  380. memcpy(ptr, png_ptr->save_buffer_ptr, save_size);
  381. length -= save_size;
  382. ptr += save_size;
  383. png_ptr->buffer_size -= save_size;
  384. png_ptr->save_buffer_size -= save_size;
  385. png_ptr->save_buffer_ptr += save_size;
  386. }
  387. if (length != 0 && png_ptr->current_buffer_size != 0)
  388. {
  389. size_t save_size;
  390. if (length < png_ptr->current_buffer_size)
  391. save_size = length;
  392. else
  393. save_size = png_ptr->current_buffer_size;
  394. memcpy(ptr, png_ptr->current_buffer_ptr, save_size);
  395. png_ptr->buffer_size -= save_size;
  396. png_ptr->current_buffer_size -= save_size;
  397. png_ptr->current_buffer_ptr += save_size;
  398. }
  399. }
  400. void /* PRIVATE */
  401. png_push_save_buffer(png_structrp png_ptr)
  402. {
  403. if (png_ptr->save_buffer_size != 0)
  404. {
  405. if (png_ptr->save_buffer_ptr != png_ptr->save_buffer)
  406. {
  407. size_t i, istop;
  408. png_bytep sp;
  409. png_bytep dp;
  410. istop = png_ptr->save_buffer_size;
  411. for (i = 0, sp = png_ptr->save_buffer_ptr, dp = png_ptr->save_buffer;
  412. i < istop; i++, sp++, dp++)
  413. {
  414. *dp = *sp;
  415. }
  416. }
  417. }
  418. if (png_ptr->save_buffer_size + png_ptr->current_buffer_size >
  419. png_ptr->save_buffer_max)
  420. {
  421. size_t new_max;
  422. png_bytep old_buffer;
  423. if (png_ptr->save_buffer_size > PNG_SIZE_MAX -
  424. (png_ptr->current_buffer_size + 256))
  425. {
  426. png_error(png_ptr, "Potential overflow of save_buffer");
  427. }
  428. new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
  429. old_buffer = png_ptr->save_buffer;
  430. png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
  431. (size_t)new_max);
  432. if (png_ptr->save_buffer == NULL)
  433. {
  434. png_free(png_ptr, old_buffer);
  435. png_error(png_ptr, "Insufficient memory for save_buffer");
  436. }
  437. if (old_buffer)
  438. memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
  439. else if (png_ptr->save_buffer_size)
  440. png_error(png_ptr, "save_buffer error");
  441. png_free(png_ptr, old_buffer);
  442. png_ptr->save_buffer_max = new_max;
  443. }
  444. if (png_ptr->current_buffer_size)
  445. {
  446. memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size,
  447. png_ptr->current_buffer_ptr, png_ptr->current_buffer_size);
  448. png_ptr->save_buffer_size += png_ptr->current_buffer_size;
  449. png_ptr->current_buffer_size = 0;
  450. }
  451. png_ptr->save_buffer_ptr = png_ptr->save_buffer;
  452. png_ptr->buffer_size = 0;
  453. }
  454. void /* PRIVATE */
  455. png_push_restore_buffer(png_structrp png_ptr, png_bytep buffer,
  456. size_t buffer_length)
  457. {
  458. png_ptr->current_buffer = buffer;
  459. png_ptr->current_buffer_size = buffer_length;
  460. png_ptr->buffer_size = buffer_length + png_ptr->save_buffer_size;
  461. png_ptr->current_buffer_ptr = png_ptr->current_buffer;
  462. }
  463. void /* PRIVATE */
  464. png_push_read_IDAT(png_structrp png_ptr)
  465. {
  466. if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0)
  467. {
  468. png_byte chunk_length[4];
  469. png_byte chunk_tag[4];
  470. /* TODO: this code can be commoned up with the same code in push_read */
  471. PNG_PUSH_SAVE_BUFFER_IF_LT(8)
  472. png_push_fill_buffer(png_ptr, chunk_length, 4);
  473. png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
  474. png_reset_crc(png_ptr);
  475. png_crc_read(png_ptr, chunk_tag, 4);
  476. png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
  477. png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
  478. if (png_ptr->chunk_name != png_IDAT)
  479. {
  480. png_ptr->process_mode = PNG_READ_CHUNK_MODE;
  481. if ((png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0)
  482. png_error(png_ptr, "Not enough compressed data");
  483. return;
  484. }
  485. png_ptr->idat_size = png_ptr->push_length;
  486. }
  487. if (png_ptr->idat_size != 0 && png_ptr->save_buffer_size != 0)
  488. {
  489. size_t save_size = png_ptr->save_buffer_size;
  490. png_uint_32 idat_size = png_ptr->idat_size;
  491. /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
  492. * are of different types and we don't know which variable has the fewest
  493. * bits. Carefully select the smaller and cast it to the type of the
  494. * larger - this cannot overflow. Do not cast in the following test - it
  495. * will break on either 16-bit or 64-bit platforms.
  496. */
  497. if (idat_size < save_size)
  498. save_size = (size_t)idat_size;
  499. else
  500. idat_size = (png_uint_32)save_size;
  501. png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size);
  502. png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size);
  503. png_ptr->idat_size -= idat_size;
  504. png_ptr->buffer_size -= save_size;
  505. png_ptr->save_buffer_size -= save_size;
  506. png_ptr->save_buffer_ptr += save_size;
  507. }
  508. if (png_ptr->idat_size != 0 && png_ptr->current_buffer_size != 0)
  509. {
  510. size_t save_size = png_ptr->current_buffer_size;
  511. png_uint_32 idat_size = png_ptr->idat_size;
  512. /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
  513. * are of different types and we don't know which variable has the fewest
  514. * bits. Carefully select the smaller and cast it to the type of the
  515. * larger - this cannot overflow.
  516. */
  517. if (idat_size < save_size)
  518. save_size = (size_t)idat_size;
  519. else
  520. idat_size = (png_uint_32)save_size;
  521. png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size);
  522. png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size);
  523. png_ptr->idat_size -= idat_size;
  524. png_ptr->buffer_size -= save_size;
  525. png_ptr->current_buffer_size -= save_size;
  526. png_ptr->current_buffer_ptr += save_size;
  527. }
  528. if (png_ptr->idat_size == 0)
  529. {
  530. PNG_PUSH_SAVE_BUFFER_IF_LT(4)
  531. png_crc_finish(png_ptr, 0);
  532. png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
  533. png_ptr->mode |= PNG_AFTER_IDAT;
  534. png_ptr->zowner = 0;
  535. }
  536. }
  537. void /* PRIVATE */
  538. png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer,
  539. size_t buffer_length)
  540. {
  541. /* The caller checks for a non-zero buffer length. */
  542. if (!(buffer_length > 0) || buffer == NULL)
  543. png_error(png_ptr, "No IDAT data (internal error)");
  544. /* This routine must process all the data it has been given
  545. * before returning, calling the row callback as required to
  546. * handle the uncompressed results.
  547. */
  548. png_ptr->zstream.next_in = buffer;
  549. /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
  550. png_ptr->zstream.avail_in = (uInt)buffer_length;
  551. /* Keep going until the decompressed data is all processed
  552. * or the stream marked as finished.
  553. */
  554. while (png_ptr->zstream.avail_in > 0 &&
  555. (png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0)
  556. {
  557. int ret;
  558. /* We have data for zlib, but we must check that zlib
  559. * has someplace to put the results. It doesn't matter
  560. * if we don't expect any results -- it may be the input
  561. * data is just the LZ end code.
  562. */
  563. if (!(png_ptr->zstream.avail_out > 0))
  564. {
  565. /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
  566. png_ptr->zstream.avail_out = (uInt)(PNG_ROWBYTES(png_ptr->pixel_depth,
  567. png_ptr->iwidth) + 1);
  568. png_ptr->zstream.next_out = png_ptr->row_buf;
  569. }
  570. /* Using Z_SYNC_FLUSH here means that an unterminated
  571. * LZ stream (a stream with a missing end code) can still
  572. * be handled, otherwise (Z_NO_FLUSH) a future zlib
  573. * implementation might defer output and therefore
  574. * change the current behavior (see comments in inflate.c
  575. * for why this doesn't happen at present with zlib 1.2.5).
  576. */
  577. ret = PNG_INFLATE(png_ptr, Z_SYNC_FLUSH);
  578. /* Check for any failure before proceeding. */
  579. if (ret != Z_OK && ret != Z_STREAM_END)
  580. {
  581. /* Terminate the decompression. */
  582. png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
  583. png_ptr->zowner = 0;
  584. /* This may be a truncated stream (missing or
  585. * damaged end code). Treat that as a warning.
  586. */
  587. if (png_ptr->row_number >= png_ptr->num_rows ||
  588. png_ptr->pass > 6)
  589. png_warning(png_ptr, "Truncated compressed data in IDAT");
  590. else
  591. {
  592. if (ret == Z_DATA_ERROR)
  593. png_benign_error(png_ptr, "IDAT: ADLER32 checksum mismatch");
  594. else
  595. png_error(png_ptr, "Decompression error in IDAT");
  596. }
  597. /* Skip the check on unprocessed input */
  598. return;
  599. }
  600. /* Did inflate output any data? */
  601. if (png_ptr->zstream.next_out != png_ptr->row_buf)
  602. {
  603. /* Is this unexpected data after the last row?
  604. * If it is, artificially terminate the LZ output
  605. * here.
  606. */
  607. if (png_ptr->row_number >= png_ptr->num_rows ||
  608. png_ptr->pass > 6)
  609. {
  610. /* Extra data. */
  611. png_warning(png_ptr, "Extra compressed data in IDAT");
  612. png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
  613. png_ptr->zowner = 0;
  614. /* Do no more processing; skip the unprocessed
  615. * input check below.
  616. */
  617. return;
  618. }
  619. /* Do we have a complete row? */
  620. if (png_ptr->zstream.avail_out == 0)
  621. png_push_process_row(png_ptr);
  622. }
  623. /* And check for the end of the stream. */
  624. if (ret == Z_STREAM_END)
  625. png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
  626. }
  627. /* All the data should have been processed, if anything
  628. * is left at this point we have bytes of IDAT data
  629. * after the zlib end code.
  630. */
  631. if (png_ptr->zstream.avail_in > 0)
  632. png_warning(png_ptr, "Extra compression data in IDAT");
  633. }
  634. void /* PRIVATE */
  635. png_push_process_row(png_structrp png_ptr)
  636. {
  637. /* 1.5.6: row_info moved out of png_struct to a local here. */
  638. png_row_info row_info;
  639. row_info.width = png_ptr->iwidth; /* NOTE: width of current interlaced row */
  640. row_info.color_type = png_ptr->color_type;
  641. row_info.bit_depth = png_ptr->bit_depth;
  642. row_info.channels = png_ptr->channels;
  643. row_info.pixel_depth = png_ptr->pixel_depth;
  644. row_info.rowbytes = PNG_ROWBYTES(row_info.pixel_depth, row_info.width);
  645. if (png_ptr->row_buf[0] > PNG_FILTER_VALUE_NONE)
  646. {
  647. if (png_ptr->row_buf[0] < PNG_FILTER_VALUE_LAST)
  648. png_read_filter_row(png_ptr, &row_info, png_ptr->row_buf + 1,
  649. png_ptr->prev_row + 1, png_ptr->row_buf[0]);
  650. else
  651. png_error(png_ptr, "bad adaptive filter value");
  652. }
  653. /* libpng 1.5.6: the following line was copying png_ptr->rowbytes before
  654. * 1.5.6, while the buffer really is this big in current versions of libpng
  655. * it may not be in the future, so this was changed just to copy the
  656. * interlaced row count:
  657. */
  658. memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1);
  659. #ifdef PNG_READ_TRANSFORMS_SUPPORTED
  660. if (png_ptr->transformations != 0)
  661. png_do_read_transformations(png_ptr, &row_info);
  662. #endif
  663. /* The transformed pixel depth should match the depth now in row_info. */
  664. if (png_ptr->transformed_pixel_depth == 0)
  665. {
  666. png_ptr->transformed_pixel_depth = row_info.pixel_depth;
  667. if (row_info.pixel_depth > png_ptr->maximum_pixel_depth)
  668. png_error(png_ptr, "progressive row overflow");
  669. }
  670. else if (png_ptr->transformed_pixel_depth != row_info.pixel_depth)
  671. png_error(png_ptr, "internal progressive row size calculation error");
  672. #ifdef PNG_READ_INTERLACING_SUPPORTED
  673. /* Expand interlaced rows to full size */
  674. if (png_ptr->interlaced != 0 &&
  675. (png_ptr->transformations & PNG_INTERLACE) != 0)
  676. {
  677. if (png_ptr->pass < 6)
  678. png_do_read_interlace(&row_info, png_ptr->row_buf + 1, png_ptr->pass,
  679. png_ptr->transformations);
  680. switch (png_ptr->pass)
  681. {
  682. case 0:
  683. {
  684. int i;
  685. for (i = 0; i < 8 && png_ptr->pass == 0; i++)
  686. {
  687. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  688. png_read_push_finish_row(png_ptr); /* Updates png_ptr->pass */
  689. }
  690. if (png_ptr->pass == 2) /* Pass 1 might be empty */
  691. {
  692. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  693. {
  694. png_push_have_row(png_ptr, NULL);
  695. png_read_push_finish_row(png_ptr);
  696. }
  697. }
  698. if (png_ptr->pass == 4 && png_ptr->height <= 4)
  699. {
  700. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  701. {
  702. png_push_have_row(png_ptr, NULL);
  703. png_read_push_finish_row(png_ptr);
  704. }
  705. }
  706. if (png_ptr->pass == 6 && png_ptr->height <= 4)
  707. {
  708. png_push_have_row(png_ptr, NULL);
  709. png_read_push_finish_row(png_ptr);
  710. }
  711. break;
  712. }
  713. case 1:
  714. {
  715. int i;
  716. for (i = 0; i < 8 && png_ptr->pass == 1; i++)
  717. {
  718. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  719. png_read_push_finish_row(png_ptr);
  720. }
  721. if (png_ptr->pass == 2) /* Skip top 4 generated rows */
  722. {
  723. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  724. {
  725. png_push_have_row(png_ptr, NULL);
  726. png_read_push_finish_row(png_ptr);
  727. }
  728. }
  729. break;
  730. }
  731. case 2:
  732. {
  733. int i;
  734. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  735. {
  736. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  737. png_read_push_finish_row(png_ptr);
  738. }
  739. for (i = 0; i < 4 && png_ptr->pass == 2; i++)
  740. {
  741. png_push_have_row(png_ptr, NULL);
  742. png_read_push_finish_row(png_ptr);
  743. }
  744. if (png_ptr->pass == 4) /* Pass 3 might be empty */
  745. {
  746. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  747. {
  748. png_push_have_row(png_ptr, NULL);
  749. png_read_push_finish_row(png_ptr);
  750. }
  751. }
  752. break;
  753. }
  754. case 3:
  755. {
  756. int i;
  757. for (i = 0; i < 4 && png_ptr->pass == 3; i++)
  758. {
  759. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  760. png_read_push_finish_row(png_ptr);
  761. }
  762. if (png_ptr->pass == 4) /* Skip top two generated rows */
  763. {
  764. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  765. {
  766. png_push_have_row(png_ptr, NULL);
  767. png_read_push_finish_row(png_ptr);
  768. }
  769. }
  770. break;
  771. }
  772. case 4:
  773. {
  774. int i;
  775. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  776. {
  777. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  778. png_read_push_finish_row(png_ptr);
  779. }
  780. for (i = 0; i < 2 && png_ptr->pass == 4; i++)
  781. {
  782. png_push_have_row(png_ptr, NULL);
  783. png_read_push_finish_row(png_ptr);
  784. }
  785. if (png_ptr->pass == 6) /* Pass 5 might be empty */
  786. {
  787. png_push_have_row(png_ptr, NULL);
  788. png_read_push_finish_row(png_ptr);
  789. }
  790. break;
  791. }
  792. case 5:
  793. {
  794. int i;
  795. for (i = 0; i < 2 && png_ptr->pass == 5; i++)
  796. {
  797. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  798. png_read_push_finish_row(png_ptr);
  799. }
  800. if (png_ptr->pass == 6) /* Skip top generated row */
  801. {
  802. png_push_have_row(png_ptr, NULL);
  803. png_read_push_finish_row(png_ptr);
  804. }
  805. break;
  806. }
  807. default:
  808. case 6:
  809. {
  810. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  811. png_read_push_finish_row(png_ptr);
  812. if (png_ptr->pass != 6)
  813. break;
  814. png_push_have_row(png_ptr, NULL);
  815. png_read_push_finish_row(png_ptr);
  816. }
  817. }
  818. }
  819. else
  820. #endif
  821. {
  822. png_push_have_row(png_ptr, png_ptr->row_buf + 1);
  823. png_read_push_finish_row(png_ptr);
  824. }
  825. }
  826. void /* PRIVATE */
  827. png_read_push_finish_row(png_structrp png_ptr)
  828. {
  829. #ifdef PNG_READ_INTERLACING_SUPPORTED
  830. /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
  831. /* Start of interlace block */
  832. static const png_byte png_pass_start[] = {0, 4, 0, 2, 0, 1, 0};
  833. /* Offset to next interlace block */
  834. static const png_byte png_pass_inc[] = {8, 8, 4, 4, 2, 2, 1};
  835. /* Start of interlace block in the y direction */
  836. static const png_byte png_pass_ystart[] = {0, 0, 4, 0, 2, 0, 1};
  837. /* Offset to next interlace block in the y direction */
  838. static const png_byte png_pass_yinc[] = {8, 8, 8, 4, 4, 2, 2};
  839. /* Height of interlace block. This is not currently used - if you need
  840. * it, uncomment it here and in png.h
  841. static const png_byte png_pass_height[] = {8, 8, 4, 4, 2, 2, 1};
  842. */
  843. #endif
  844. png_ptr->row_number++;
  845. if (png_ptr->row_number < png_ptr->num_rows)
  846. return;
  847. #ifdef PNG_READ_INTERLACING_SUPPORTED
  848. if (png_ptr->interlaced != 0)
  849. {
  850. png_ptr->row_number = 0;
  851. memset(png_ptr->prev_row, 0, png_ptr->rowbytes + 1);
  852. do
  853. {
  854. png_ptr->pass++;
  855. if ((png_ptr->pass == 1 && png_ptr->width < 5) ||
  856. (png_ptr->pass == 3 && png_ptr->width < 3) ||
  857. (png_ptr->pass == 5 && png_ptr->width < 2))
  858. png_ptr->pass++;
  859. if (png_ptr->pass > 7)
  860. png_ptr->pass--;
  861. if (png_ptr->pass >= 7)
  862. break;
  863. png_ptr->iwidth = (png_ptr->width +
  864. png_pass_inc[png_ptr->pass] - 1 -
  865. png_pass_start[png_ptr->pass]) /
  866. png_pass_inc[png_ptr->pass];
  867. if ((png_ptr->transformations & PNG_INTERLACE) != 0)
  868. break;
  869. png_ptr->num_rows = (png_ptr->height +
  870. png_pass_yinc[png_ptr->pass] - 1 -
  871. png_pass_ystart[png_ptr->pass]) /
  872. png_pass_yinc[png_ptr->pass];
  873. } while (png_ptr->iwidth == 0 || png_ptr->num_rows == 0);
  874. }
  875. #endif /* READ_INTERLACING */
  876. }
  877. void /* PRIVATE */
  878. png_push_have_info(png_structrp png_ptr, png_inforp info_ptr)
  879. {
  880. if (png_ptr->info_fn != NULL)
  881. (*(png_ptr->info_fn))(png_ptr, info_ptr);
  882. }
  883. void /* PRIVATE */
  884. png_push_have_end(png_structrp png_ptr, png_inforp info_ptr)
  885. {
  886. if (png_ptr->end_fn != NULL)
  887. (*(png_ptr->end_fn))(png_ptr, info_ptr);
  888. }
  889. void /* PRIVATE */
  890. png_push_have_row(png_structrp png_ptr, png_bytep row)
  891. {
  892. if (png_ptr->row_fn != NULL)
  893. (*(png_ptr->row_fn))(png_ptr, row, png_ptr->row_number,
  894. (int)png_ptr->pass);
  895. }
  896. #ifdef PNG_READ_INTERLACING_SUPPORTED
  897. void PNGAPI
  898. png_progressive_combine_row(png_const_structrp png_ptr, png_bytep old_row,
  899. png_const_bytep new_row)
  900. {
  901. if (png_ptr == NULL)
  902. return;
  903. /* new_row is a flag here - if it is NULL then the app callback was called
  904. * from an empty row (see the calls to png_struct::row_fn below), otherwise
  905. * it must be png_ptr->row_buf+1
  906. */
  907. if (new_row != NULL)
  908. png_combine_row(png_ptr, old_row, 1/*blocky display*/);
  909. }
  910. #endif /* READ_INTERLACING */
  911. void PNGAPI
  912. png_set_progressive_read_fn(png_structrp png_ptr, png_voidp progressive_ptr,
  913. png_progressive_info_ptr info_fn, png_progressive_row_ptr row_fn,
  914. png_progressive_end_ptr end_fn)
  915. {
  916. if (png_ptr == NULL)
  917. return;
  918. png_ptr->info_fn = info_fn;
  919. png_ptr->row_fn = row_fn;
  920. png_ptr->end_fn = end_fn;
  921. png_set_read_fn(png_ptr, progressive_ptr, png_push_fill_buffer);
  922. }
  923. png_voidp PNGAPI
  924. png_get_progressive_ptr(png_const_structrp png_ptr)
  925. {
  926. if (png_ptr == NULL)
  927. return NULL;
  928. return png_ptr->io_ptr;
  929. }
  930. #endif /* PROGRESSIVE_READ */