1 /* 2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3 * 4 * This code is free software; you can redistribute it and/or modify it 5 * under the terms of the GNU General Public License version 2 only, as 6 * published by the Free Software Foundation. Oracle designates this 7 * particular file as subject to the "Classpath" exception as provided 8 * by Oracle in the LICENSE file that accompanied this code. 9 * 10 * This code is distributed in the hope that it will be useful, but WITHOUT 11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13 * version 2 for more details (a copy is included in the LICENSE file that 14 * accompanied this code). 15 * 16 * You should have received a copy of the GNU General Public License version 17 * 2 along with this work; if not, write to the Free Software Foundation, 18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 19 * 20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 21 * or visit www.oracle.com if you need additional information or have any 22 * questions. 23 */ 24 25 /* pngmem.c - stub functions for memory allocation 26 * 27 * This file is available under and governed by the GNU General Public 28 * License version 2 only, as published by the Free Software Foundation. 29 * However, the following notice accompanied the original version of this 30 * file and, per its terms, should not be removed: 31 * 32 * Last changed in libpng 1.6.15 [November 20, 2014] 33 * Copyright (c) 1998-2014 Glenn Randers-Pehrson 34 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) 35 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) 36 * 37 * This code is released under the libpng license. 38 * For conditions of distribution and use, see the disclaimer 39 * and license in png.h 40 * 41 * This file provides a location for all memory allocation. Users who 42 * need special memory handling are expected to supply replacement 43 * functions for png_malloc() and png_free(), and to use 44 * png_create_read_struct_2() and png_create_write_struct_2() to 45 * identify the replacement functions. 46 */ 47 48 #include "pngpriv.h" 49 50 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) 51 /* Free a png_struct */ 52 void /* PRIVATE */ 53 png_destroy_png_struct(png_structrp png_ptr) 54 { 55 if (png_ptr != NULL) 56 { 57 /* png_free might call png_error and may certainly call 58 * png_get_mem_ptr, so fake a temporary png_struct to support this. 59 */ 60 png_struct dummy_struct = *png_ptr; 61 memset(png_ptr, 0, (sizeof *png_ptr)); 62 png_free(&dummy_struct, png_ptr); 63 64 # ifdef PNG_SETJMP_SUPPORTED 65 /* We may have a jmp_buf left to deallocate. */ 66 png_free_jmpbuf(&dummy_struct); 67 # endif 68 } 69 } 70 71 /* Allocate memory. For reasonable files, size should never exceed 72 * 64K. However, zlib may allocate more than 64K if you don't tell 73 * it not to. See zconf.h and png.h for more information. zlib does 74 * need to allocate exactly 64K, so whatever you call here must 75 * have the ability to do that. 76 */ 77 PNG_FUNCTION(png_voidp,PNGAPI 78 png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) 79 { 80 png_voidp ret; 81 82 ret = png_malloc(png_ptr, size); 83 84 if (ret != NULL) 85 memset(ret, 0, size); 86 87 return ret; 88 } 89 90 /* png_malloc_base, an internal function added at libpng 1.6.0, does the work of 91 * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED. 92 * Checking and error handling must happen outside this routine; it returns NULL 93 * if the allocation cannot be done (for any reason.) 94 */ 95 PNG_FUNCTION(png_voidp /* PRIVATE */, 96 png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size), 97 PNG_ALLOCATED) 98 { 99 /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS 100 * allocators have also been removed in 1.6.0, so any 16-bit system now has 101 * to implement a user memory handler. This checks to be sure it isn't 102 * called with big numbers. 103 */ 104 #ifndef PNG_USER_MEM_SUPPORTED 105 PNG_UNUSED(png_ptr) 106 #endif 107 108 /* Some compilers complain that this is always true. However, it 109 * can be false when integer overflow happens. 110 */ 111 if (size > 0 && size <= PNG_SIZE_MAX 112 # ifdef PNG_MAX_MALLOC_64K 113 && size <= 65536U 114 # endif 115 ) 116 { 117 #ifdef PNG_USER_MEM_SUPPORTED 118 if (png_ptr != NULL && png_ptr->malloc_fn != NULL) 119 return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size); 120 121 else 122 #endif 123 return malloc((size_t)size); /* checked for truncation above */ 124 } 125 126 else 127 return NULL; 128 } 129 130 #if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\ 131 defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED) 132 /* This is really here only to work round a spurious warning in GCC 4.6 and 4.7 133 * that arises because of the checks in png_realloc_array that are repeated in 134 * png_malloc_array. 135 */ 136 static png_voidp 137 png_malloc_array_checked(png_const_structrp png_ptr, int nelements, 138 size_t element_size) 139 { 140 png_alloc_size_t req = nelements; /* known to be > 0 */ 141 142 if (req <= PNG_SIZE_MAX/element_size) 143 return png_malloc_base(png_ptr, req * element_size); 144 145 /* The failure case when the request is too large */ 146 return NULL; 147 } 148 149 PNG_FUNCTION(png_voidp /* PRIVATE */, 150 png_malloc_array,(png_const_structrp png_ptr, int nelements, 151 size_t element_size),PNG_ALLOCATED) 152 { 153 if (nelements <= 0 || element_size == 0) 154 png_error(png_ptr, "internal error: array alloc"); 155 156 return png_malloc_array_checked(png_ptr, nelements, element_size); 157 } 158 159 PNG_FUNCTION(png_voidp /* PRIVATE */, 160 png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array, 161 int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED) 162 { 163 /* These are internal errors: */ 164 if (add_elements <= 0 || element_size == 0 || old_elements < 0 || 165 (old_array == NULL && old_elements > 0)) 166 png_error(png_ptr, "internal error: array realloc"); 167 168 /* Check for overflow on the elements count (so the caller does not have to 169 * check.) 170 */ 171 if (add_elements <= INT_MAX - old_elements) 172 { 173 png_voidp new_array = png_malloc_array_checked(png_ptr, 174 old_elements+add_elements, element_size); 175 176 if (new_array != NULL) 177 { 178 /* Because png_malloc_array worked the size calculations below cannot 179 * overflow. 180 */ 181 if (old_elements > 0) 182 memcpy(new_array, old_array, element_size*(unsigned)old_elements); 183 184 memset((char*)new_array + element_size*(unsigned)old_elements, 0, 185 element_size*(unsigned)add_elements); 186 187 return new_array; 188 } 189 } 190 191 return NULL; /* error */ 192 } 193 #endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */ 194 195 /* Various functions that have different error handling are derived from this. 196 * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate 197 * function png_malloc_default is also provided. 198 */ 199 PNG_FUNCTION(png_voidp,PNGAPI 200 png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) 201 { 202 png_voidp ret; 203 204 if (png_ptr == NULL) 205 return NULL; 206 207 ret = png_malloc_base(png_ptr, size); 208 209 if (ret == NULL) 210 png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */ 211 212 return ret; 213 } 214 215 #ifdef PNG_USER_MEM_SUPPORTED 216 PNG_FUNCTION(png_voidp,PNGAPI 217 png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size), 218 PNG_ALLOCATED PNG_DEPRECATED) 219 { 220 png_voidp ret; 221 222 if (png_ptr == NULL) 223 return NULL; 224 225 /* Passing 'NULL' here bypasses the application provided memory handler. */ 226 ret = png_malloc_base(NULL/*use malloc*/, size); 227 228 if (ret == NULL) 229 png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */ 230 231 return ret; 232 } 233 #endif /* USER_MEM */ 234 235 /* This function was added at libpng version 1.2.3. The png_malloc_warn() 236 * function will issue a png_warning and return NULL instead of issuing a 237 * png_error, if it fails to allocate the requested memory. 238 */ 239 PNG_FUNCTION(png_voidp,PNGAPI 240 png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size), 241 PNG_ALLOCATED) 242 { 243 if (png_ptr != NULL) 244 { 245 png_voidp ret = png_malloc_base(png_ptr, size); 246 247 if (ret != NULL) 248 return ret; 249 250 png_warning(png_ptr, "Out of memory"); 251 } 252 253 return NULL; 254 } 255 256 /* Free a pointer allocated by png_malloc(). If ptr is NULL, return 257 * without taking any action. 258 */ 259 void PNGAPI 260 png_free(png_const_structrp png_ptr, png_voidp ptr) 261 { 262 if (png_ptr == NULL || ptr == NULL) 263 return; 264 265 #ifdef PNG_USER_MEM_SUPPORTED 266 if (png_ptr->free_fn != NULL) 267 png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr); 268 269 else 270 png_free_default(png_ptr, ptr); 271 } 272 273 PNG_FUNCTION(void,PNGAPI 274 png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED) 275 { 276 if (png_ptr == NULL || ptr == NULL) 277 return; 278 #endif /* USER_MEM */ 279 280 free(ptr); 281 } 282 283 #ifdef PNG_USER_MEM_SUPPORTED 284 /* This function is called when the application wants to use another method 285 * of allocating and freeing memory. 286 */ 287 void PNGAPI 288 png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr 289 malloc_fn, png_free_ptr free_fn) 290 { 291 if (png_ptr != NULL) 292 { 293 png_ptr->mem_ptr = mem_ptr; 294 png_ptr->malloc_fn = malloc_fn; 295 png_ptr->free_fn = free_fn; 296 } 297 } 298 299 /* This function returns a pointer to the mem_ptr associated with the user 300 * functions. The application should free any memory associated with this 301 * pointer before png_write_destroy and png_read_destroy are called. 302 */ 303 png_voidp PNGAPI 304 png_get_mem_ptr(png_const_structrp png_ptr) 305 { 306 if (png_ptr == NULL) 307 return NULL; 308 309 return png_ptr->mem_ptr; 310 } 311 #endif /* USER_MEM */ 312 #endif /* READ || WRITE */