1 /*
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
3 *
4 * This code is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License version 2 only, as
6 * published by the Free Software Foundation. Oracle designates this
7 * particular file as subject to the "Classpath" exception as provided
8 * by Oracle in the LICENSE file that accompanied this code.
9 *
10 * This code is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21 * or visit www.oracle.com if you need additional information or have any
22 * questions.
23 */
24
25 /* pngpread.c - read a png file in push mode
26 *
27 * This file is available under and governed by the GNU General Public
28 * License version 2 only, as published by the Free Software Foundation.
29 * However, the following notice accompanied the original version of this
30 * file and, per its terms, should not be removed:
31 *
32 * Last changed in libpng 1.6.18 [July 23, 2015]
33 * Copyright (c) 1998-2015 Glenn Randers-Pehrson
34 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
35 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
36 *
37 * This code is released under the libpng license.
38 * For conditions of distribution and use, see the disclaimer
39 * and license in png.h
40 */
41
42 #include "pngpriv.h"
43
44 #ifdef PNG_PROGRESSIVE_READ_SUPPORTED
45
46 /* Push model modes */
47 #define PNG_READ_SIG_MODE 0
48 #define PNG_READ_CHUNK_MODE 1
49 #define PNG_READ_IDAT_MODE 2
50 #define PNG_READ_tEXt_MODE 4
51 #define PNG_READ_zTXt_MODE 5
52 #define PNG_READ_DONE_MODE 6
53 #define PNG_READ_iTXt_MODE 7
54 #define PNG_ERROR_MODE 8
55
56 #define PNG_PUSH_SAVE_BUFFER_IF_FULL \
57 if (png_ptr->push_length + 4 > png_ptr->buffer_size) \
58 { png_push_save_buffer(png_ptr); return; }
59 #define PNG_PUSH_SAVE_BUFFER_IF_LT(N) \
60 if (png_ptr->buffer_size < N) \
61 { png_push_save_buffer(png_ptr); return; }
62
63 void PNGAPI
64 png_process_data(png_structrp png_ptr, png_inforp info_ptr,
65 png_bytep buffer, png_size_t buffer_size)
66 {
67 if (png_ptr == NULL || info_ptr == NULL)
68 return;
69
70 png_push_restore_buffer(png_ptr, buffer, buffer_size);
71
72 while (png_ptr->buffer_size)
73 {
74 png_process_some_data(png_ptr, info_ptr);
75 }
76 }
77
78 png_size_t PNGAPI
79 png_process_data_pause(png_structrp png_ptr, int save)
80 {
81 if (png_ptr != NULL)
82 {
83 /* It's easiest for the caller if we do the save; then the caller doesn't
84 * have to supply the same data again:
85 */
86 if (save != 0)
87 png_push_save_buffer(png_ptr);
88 else
89 {
90 /* This includes any pending saved bytes: */
91 png_size_t remaining = png_ptr->buffer_size;
92 png_ptr->buffer_size = 0;
93
94 /* So subtract the saved buffer size, unless all the data
95 * is actually 'saved', in which case we just return 0
96 */
97 if (png_ptr->save_buffer_size < remaining)
98 return remaining - png_ptr->save_buffer_size;
99 }
100 }
101
102 return 0;
103 }
104
105 png_uint_32 PNGAPI
106 png_process_data_skip(png_structrp png_ptr)
107 {
108 /* TODO: Deprecate and remove this API.
109 * Somewhere the implementation of this seems to have been lost,
110 * or abandoned. It was only to support some internal back-door access
111 * to png_struct) in libpng-1.4.x.
112 */
113 png_app_warning(png_ptr,
114 "png_process_data_skip is not implemented in any current version of libpng");
115 return 0;
116 }
117
118 /* What we do with the incoming data depends on what we were previously
119 * doing before we ran out of data...
120 */
121 void /* PRIVATE */
122 png_process_some_data(png_structrp png_ptr, png_inforp info_ptr)
123 {
124 if (png_ptr == NULL)
125 return;
126
127 switch (png_ptr->process_mode)
128 {
129 case PNG_READ_SIG_MODE:
130 {
131 png_push_read_sig(png_ptr, info_ptr);
132 break;
133 }
134
135 case PNG_READ_CHUNK_MODE:
136 {
137 png_push_read_chunk(png_ptr, info_ptr);
138 break;
139 }
140
141 case PNG_READ_IDAT_MODE:
142 {
143 png_push_read_IDAT(png_ptr);
144 break;
145 }
146
147 default:
148 {
149 png_ptr->buffer_size = 0;
150 break;
151 }
152 }
153 }
154
155 /* Read any remaining signature bytes from the stream and compare them with
156 * the correct PNG signature. It is possible that this routine is called
157 * with bytes already read from the signature, either because they have been
158 * checked by the calling application, or because of multiple calls to this
159 * routine.
160 */
161 void /* PRIVATE */
162 png_push_read_sig(png_structrp png_ptr, png_inforp info_ptr)
163 {
164 png_size_t num_checked = png_ptr->sig_bytes, /* SAFE, does not exceed 8 */
165 num_to_check = 8 - num_checked;
166
167 if (png_ptr->buffer_size < num_to_check)
168 {
169 num_to_check = png_ptr->buffer_size;
170 }
171
172 png_push_fill_buffer(png_ptr, &(info_ptr->signature[num_checked]),
173 num_to_check);
174 png_ptr->sig_bytes = (png_byte)(png_ptr->sig_bytes + num_to_check);
175
176 if (png_sig_cmp(info_ptr->signature, num_checked, num_to_check))
177 {
178 if (num_checked < 4 &&
179 png_sig_cmp(info_ptr->signature, num_checked, num_to_check - 4))
180 png_error(png_ptr, "Not a PNG file");
181
182 else
183 png_error(png_ptr, "PNG file corrupted by ASCII conversion");
184 }
185 else
186 {
187 if (png_ptr->sig_bytes >= 8)
188 {
189 png_ptr->process_mode = PNG_READ_CHUNK_MODE;
190 }
191 }
192 }
193
194 void /* PRIVATE */
195 png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
196 {
197 png_uint_32 chunk_name;
198 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
199 int keep; /* unknown handling method */
200 #endif
201
202 /* First we make sure we have enough data for the 4-byte chunk name
203 * and the 4-byte chunk length before proceeding with decoding the
204 * chunk data. To fully decode each of these chunks, we also make
205 * sure we have enough data in the buffer for the 4-byte CRC at the
206 * end of every chunk (except IDAT, which is handled separately).
207 */
208 if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0)
209 {
210 png_byte chunk_length[4];
211 png_byte chunk_tag[4];
212
213 PNG_PUSH_SAVE_BUFFER_IF_LT(8)
214 png_push_fill_buffer(png_ptr, chunk_length, 4);
215 png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
216 png_reset_crc(png_ptr);
217 png_crc_read(png_ptr, chunk_tag, 4);
218 png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
219 png_check_chunk_name(png_ptr, png_ptr->chunk_name);
220 png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
221 }
222
223 chunk_name = png_ptr->chunk_name;
224
225 if (chunk_name == png_IDAT)
226 {
227 if ((png_ptr->mode & PNG_AFTER_IDAT) != 0)
228 png_ptr->mode |= PNG_HAVE_CHUNK_AFTER_IDAT;
229
230 /* If we reach an IDAT chunk, this means we have read all of the
231 * header chunks, and we can start reading the image (or if this
232 * is called after the image has been read - we have an error).
233 */
234 if ((png_ptr->mode & PNG_HAVE_IHDR) == 0)
235 png_error(png_ptr, "Missing IHDR before IDAT");
236
237 else if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE &&
238 (png_ptr->mode & PNG_HAVE_PLTE) == 0)
239 png_error(png_ptr, "Missing PLTE before IDAT");
240
241 png_ptr->mode |= PNG_HAVE_IDAT;
242 png_ptr->process_mode = PNG_READ_IDAT_MODE;
243
244 if ((png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT) == 0)
245 if (png_ptr->push_length == 0)
246 return;
247
248 if ((png_ptr->mode & PNG_AFTER_IDAT) != 0)
249 png_benign_error(png_ptr, "Too many IDATs found");
250 }
251
252 if (chunk_name == png_IHDR)
253 {
254 if (png_ptr->push_length != 13)
255 png_error(png_ptr, "Invalid IHDR length");
256
257 PNG_PUSH_SAVE_BUFFER_IF_FULL
258 png_handle_IHDR(png_ptr, info_ptr, png_ptr->push_length);
259 }
260
261 else if (chunk_name == png_IEND)
262 {
263 PNG_PUSH_SAVE_BUFFER_IF_FULL
264 png_handle_IEND(png_ptr, info_ptr, png_ptr->push_length);
265
266 png_ptr->process_mode = PNG_READ_DONE_MODE;
267 png_push_have_end(png_ptr, info_ptr);
268 }
269
270 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
271 else if ((keep = png_chunk_unknown_handling(png_ptr, chunk_name)) != 0)
272 {
273 PNG_PUSH_SAVE_BUFFER_IF_FULL
274 png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length, keep);
275
276 if (chunk_name == png_PLTE)
277 png_ptr->mode |= PNG_HAVE_PLTE;
278 }
279 #endif
280
281 else if (chunk_name == png_PLTE)
282 {
283 PNG_PUSH_SAVE_BUFFER_IF_FULL
284 png_handle_PLTE(png_ptr, info_ptr, png_ptr->push_length);
285 }
286
287 else if (chunk_name == png_IDAT)
288 {
289 png_ptr->idat_size = png_ptr->push_length;
290 png_ptr->process_mode = PNG_READ_IDAT_MODE;
291 png_push_have_info(png_ptr, info_ptr);
292 png_ptr->zstream.avail_out =
293 (uInt) PNG_ROWBYTES(png_ptr->pixel_depth,
294 png_ptr->iwidth) + 1;
295 png_ptr->zstream.next_out = png_ptr->row_buf;
296 return;
297 }
298
299 #ifdef PNG_READ_gAMA_SUPPORTED
300 else if (png_ptr->chunk_name == png_gAMA)
301 {
302 PNG_PUSH_SAVE_BUFFER_IF_FULL
303 png_handle_gAMA(png_ptr, info_ptr, png_ptr->push_length);
304 }
305
306 #endif
307 #ifdef PNG_READ_sBIT_SUPPORTED
308 else if (png_ptr->chunk_name == png_sBIT)
309 {
310 PNG_PUSH_SAVE_BUFFER_IF_FULL
311 png_handle_sBIT(png_ptr, info_ptr, png_ptr->push_length);
312 }
313
314 #endif
315 #ifdef PNG_READ_cHRM_SUPPORTED
316 else if (png_ptr->chunk_name == png_cHRM)
317 {
318 PNG_PUSH_SAVE_BUFFER_IF_FULL
319 png_handle_cHRM(png_ptr, info_ptr, png_ptr->push_length);
320 }
321
322 #endif
323 #ifdef PNG_READ_sRGB_SUPPORTED
324 else if (chunk_name == png_sRGB)
325 {
326 PNG_PUSH_SAVE_BUFFER_IF_FULL
327 png_handle_sRGB(png_ptr, info_ptr, png_ptr->push_length);
328 }
329
330 #endif
331 #ifdef PNG_READ_iCCP_SUPPORTED
332 else if (png_ptr->chunk_name == png_iCCP)
333 {
334 PNG_PUSH_SAVE_BUFFER_IF_FULL
335 png_handle_iCCP(png_ptr, info_ptr, png_ptr->push_length);
336 }
337
338 #endif
339 #ifdef PNG_READ_sPLT_SUPPORTED
340 else if (chunk_name == png_sPLT)
341 {
342 PNG_PUSH_SAVE_BUFFER_IF_FULL
343 png_handle_sPLT(png_ptr, info_ptr, png_ptr->push_length);
344 }
345
346 #endif
347 #ifdef PNG_READ_tRNS_SUPPORTED
348 else if (chunk_name == png_tRNS)
349 {
350 PNG_PUSH_SAVE_BUFFER_IF_FULL
351 png_handle_tRNS(png_ptr, info_ptr, png_ptr->push_length);
352 }
353
354 #endif
355 #ifdef PNG_READ_bKGD_SUPPORTED
356 else if (chunk_name == png_bKGD)
357 {
358 PNG_PUSH_SAVE_BUFFER_IF_FULL
359 png_handle_bKGD(png_ptr, info_ptr, png_ptr->push_length);
360 }
361
362 #endif
363 #ifdef PNG_READ_hIST_SUPPORTED
364 else if (chunk_name == png_hIST)
365 {
366 PNG_PUSH_SAVE_BUFFER_IF_FULL
367 png_handle_hIST(png_ptr, info_ptr, png_ptr->push_length);
368 }
369
370 #endif
371 #ifdef PNG_READ_pHYs_SUPPORTED
372 else if (chunk_name == png_pHYs)
373 {
374 PNG_PUSH_SAVE_BUFFER_IF_FULL
375 png_handle_pHYs(png_ptr, info_ptr, png_ptr->push_length);
376 }
377
378 #endif
379 #ifdef PNG_READ_oFFs_SUPPORTED
380 else if (chunk_name == png_oFFs)
381 {
382 PNG_PUSH_SAVE_BUFFER_IF_FULL
383 png_handle_oFFs(png_ptr, info_ptr, png_ptr->push_length);
384 }
385 #endif
386
387 #ifdef PNG_READ_pCAL_SUPPORTED
388 else if (chunk_name == png_pCAL)
389 {
390 PNG_PUSH_SAVE_BUFFER_IF_FULL
391 png_handle_pCAL(png_ptr, info_ptr, png_ptr->push_length);
392 }
393
394 #endif
395 #ifdef PNG_READ_sCAL_SUPPORTED
396 else if (chunk_name == png_sCAL)
397 {
398 PNG_PUSH_SAVE_BUFFER_IF_FULL
399 png_handle_sCAL(png_ptr, info_ptr, png_ptr->push_length);
400 }
401
402 #endif
403 #ifdef PNG_READ_tIME_SUPPORTED
404 else if (chunk_name == png_tIME)
405 {
406 PNG_PUSH_SAVE_BUFFER_IF_FULL
407 png_handle_tIME(png_ptr, info_ptr, png_ptr->push_length);
408 }
409
410 #endif
411 #ifdef PNG_READ_tEXt_SUPPORTED
412 else if (chunk_name == png_tEXt)
413 {
414 PNG_PUSH_SAVE_BUFFER_IF_FULL
415 png_handle_tEXt(png_ptr, info_ptr, png_ptr->push_length);
416 }
417
418 #endif
419 #ifdef PNG_READ_zTXt_SUPPORTED
420 else if (chunk_name == png_zTXt)
421 {
422 PNG_PUSH_SAVE_BUFFER_IF_FULL
423 png_handle_zTXt(png_ptr, info_ptr, png_ptr->push_length);
424 }
425
426 #endif
427 #ifdef PNG_READ_iTXt_SUPPORTED
428 else if (chunk_name == png_iTXt)
429 {
430 PNG_PUSH_SAVE_BUFFER_IF_FULL
431 png_handle_iTXt(png_ptr, info_ptr, png_ptr->push_length);
432 }
433 #endif
434
435 else
436 {
437 PNG_PUSH_SAVE_BUFFER_IF_FULL
438 png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length,
439 PNG_HANDLE_CHUNK_AS_DEFAULT);
440 }
441
442 png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
443 }
444
445 void PNGCBAPI
446 png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, png_size_t length)
447 {
448 png_bytep ptr;
449
450 if (png_ptr == NULL)
451 return;
452
453 ptr = buffer;
454 if (png_ptr->save_buffer_size != 0)
455 {
456 png_size_t save_size;
457
458 if (length < png_ptr->save_buffer_size)
459 save_size = length;
460
461 else
462 save_size = png_ptr->save_buffer_size;
463
464 memcpy(ptr, png_ptr->save_buffer_ptr, save_size);
465 length -= save_size;
466 ptr += save_size;
467 png_ptr->buffer_size -= save_size;
468 png_ptr->save_buffer_size -= save_size;
469 png_ptr->save_buffer_ptr += save_size;
470 }
471 if (length != 0 && png_ptr->current_buffer_size != 0)
472 {
473 png_size_t save_size;
474
475 if (length < png_ptr->current_buffer_size)
476 save_size = length;
477
478 else
479 save_size = png_ptr->current_buffer_size;
480
481 memcpy(ptr, png_ptr->current_buffer_ptr, save_size);
482 png_ptr->buffer_size -= save_size;
483 png_ptr->current_buffer_size -= save_size;
484 png_ptr->current_buffer_ptr += save_size;
485 }
486 }
487
488 void /* PRIVATE */
489 png_push_save_buffer(png_structrp png_ptr)
490 {
491 if (png_ptr->save_buffer_size != 0)
492 {
493 if (png_ptr->save_buffer_ptr != png_ptr->save_buffer)
494 {
495 png_size_t i, istop;
496 png_bytep sp;
497 png_bytep dp;
498
499 istop = png_ptr->save_buffer_size;
500 for (i = 0, sp = png_ptr->save_buffer_ptr, dp = png_ptr->save_buffer;
501 i < istop; i++, sp++, dp++)
502 {
503 *dp = *sp;
504 }
505 }
506 }
507 if (png_ptr->save_buffer_size + png_ptr->current_buffer_size >
508 png_ptr->save_buffer_max)
509 {
510 png_size_t new_max;
511 png_bytep old_buffer;
512
513 if (png_ptr->save_buffer_size > PNG_SIZE_MAX -
514 (png_ptr->current_buffer_size + 256))
515 {
516 png_error(png_ptr, "Potential overflow of save_buffer");
517 }
518
519 new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
520 old_buffer = png_ptr->save_buffer;
521 png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
522 (png_size_t)new_max);
523
524 if (png_ptr->save_buffer == NULL)
525 {
526 png_free(png_ptr, old_buffer);
527 png_error(png_ptr, "Insufficient memory for save_buffer");
528 }
529
530 memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
531 png_free(png_ptr, old_buffer);
532 png_ptr->save_buffer_max = new_max;
533 }
534 if (png_ptr->current_buffer_size)
535 {
536 memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size,
537 png_ptr->current_buffer_ptr, png_ptr->current_buffer_size);
538 png_ptr->save_buffer_size += png_ptr->current_buffer_size;
539 png_ptr->current_buffer_size = 0;
540 }
541 png_ptr->save_buffer_ptr = png_ptr->save_buffer;
542 png_ptr->buffer_size = 0;
543 }
544
545 void /* PRIVATE */
546 png_push_restore_buffer(png_structrp png_ptr, png_bytep buffer,
547 png_size_t buffer_length)
548 {
549 png_ptr->current_buffer = buffer;
550 png_ptr->current_buffer_size = buffer_length;
551 png_ptr->buffer_size = buffer_length + png_ptr->save_buffer_size;
552 png_ptr->current_buffer_ptr = png_ptr->current_buffer;
553 }
554
555 void /* PRIVATE */
556 png_push_read_IDAT(png_structrp png_ptr)
557 {
558 if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0)
559 {
560 png_byte chunk_length[4];
561 png_byte chunk_tag[4];
562
563 /* TODO: this code can be commoned up with the same code in push_read */
564 PNG_PUSH_SAVE_BUFFER_IF_LT(8)
565 png_push_fill_buffer(png_ptr, chunk_length, 4);
566 png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
567 png_reset_crc(png_ptr);
568 png_crc_read(png_ptr, chunk_tag, 4);
569 png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
570 png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
571
572 if (png_ptr->chunk_name != png_IDAT)
573 {
574 png_ptr->process_mode = PNG_READ_CHUNK_MODE;
575
576 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0)
577 png_error(png_ptr, "Not enough compressed data");
578
579 return;
580 }
581
582 png_ptr->idat_size = png_ptr->push_length;
583 }
584
585 if (png_ptr->idat_size != 0 && png_ptr->save_buffer_size != 0)
586 {
587 png_size_t save_size = png_ptr->save_buffer_size;
588 png_uint_32 idat_size = png_ptr->idat_size;
589
590 /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
591 * are of different types and we don't know which variable has the fewest
592 * bits. Carefully select the smaller and cast it to the type of the
593 * larger - this cannot overflow. Do not cast in the following test - it
594 * will break on either 16-bit or 64-bit platforms.
595 */
596 if (idat_size < save_size)
597 save_size = (png_size_t)idat_size;
598
599 else
600 idat_size = (png_uint_32)save_size;
601
602 png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size);
603
604 png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size);
605
606 png_ptr->idat_size -= idat_size;
607 png_ptr->buffer_size -= save_size;
608 png_ptr->save_buffer_size -= save_size;
609 png_ptr->save_buffer_ptr += save_size;
610 }
611
612 if (png_ptr->idat_size != 0 && png_ptr->current_buffer_size != 0)
613 {
614 png_size_t save_size = png_ptr->current_buffer_size;
615 png_uint_32 idat_size = png_ptr->idat_size;
616
617 /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
618 * are of different types and we don't know which variable has the fewest
619 * bits. Carefully select the smaller and cast it to the type of the
620 * larger - this cannot overflow.
621 */
622 if (idat_size < save_size)
623 save_size = (png_size_t)idat_size;
624
625 else
626 idat_size = (png_uint_32)save_size;
627
628 png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size);
629
630 png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size);
631
632 png_ptr->idat_size -= idat_size;
633 png_ptr->buffer_size -= save_size;
634 png_ptr->current_buffer_size -= save_size;
635 png_ptr->current_buffer_ptr += save_size;
636 }
637
638 if (png_ptr->idat_size == 0)
639 {
640 PNG_PUSH_SAVE_BUFFER_IF_LT(4)
641 png_crc_finish(png_ptr, 0);
642 png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
643 png_ptr->mode |= PNG_AFTER_IDAT;
644 png_ptr->zowner = 0;
645 }
646 }
647
648 void /* PRIVATE */
649 png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer,
650 png_size_t buffer_length)
651 {
652 /* The caller checks for a non-zero buffer length. */
653 if (!(buffer_length > 0) || buffer == NULL)
654 png_error(png_ptr, "No IDAT data (internal error)");
655
656 /* This routine must process all the data it has been given
657 * before returning, calling the row callback as required to
658 * handle the uncompressed results.
659 */
660 png_ptr->zstream.next_in = buffer;
661 /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
662 png_ptr->zstream.avail_in = (uInt)buffer_length;
663
664 /* Keep going until the decompressed data is all processed
665 * or the stream marked as finished.
666 */
667 while (png_ptr->zstream.avail_in > 0 &&
668 (png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0)
669 {
670 int ret;
671
672 /* We have data for zlib, but we must check that zlib
673 * has someplace to put the results. It doesn't matter
674 * if we don't expect any results -- it may be the input
675 * data is just the LZ end code.
676 */
677 if (!(png_ptr->zstream.avail_out > 0))
678 {
679 /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
680 png_ptr->zstream.avail_out = (uInt)(PNG_ROWBYTES(png_ptr->pixel_depth,
681 png_ptr->iwidth) + 1);
682
683 png_ptr->zstream.next_out = png_ptr->row_buf;
684 }
685
686 /* Using Z_SYNC_FLUSH here means that an unterminated
687 * LZ stream (a stream with a missing end code) can still
688 * be handled, otherwise (Z_NO_FLUSH) a future zlib
689 * implementation might defer output and therefore
690 * change the current behavior (see comments in inflate.c
691 * for why this doesn't happen at present with zlib 1.2.5).
692 */
693 ret = PNG_INFLATE(png_ptr, Z_SYNC_FLUSH);
694
695 /* Check for any failure before proceeding. */
696 if (ret != Z_OK && ret != Z_STREAM_END)
697 {
698 /* Terminate the decompression. */
699 png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
700 png_ptr->zowner = 0;
701
702 /* This may be a truncated stream (missing or
703 * damaged end code). Treat that as a warning.
704 */
705 if (png_ptr->row_number >= png_ptr->num_rows ||
706 png_ptr->pass > 6)
707 png_warning(png_ptr, "Truncated compressed data in IDAT");
708
709 else
710 png_error(png_ptr, "Decompression error in IDAT");
711
712 /* Skip the check on unprocessed input */
713 return;
714 }
715
716 /* Did inflate output any data? */
717 if (png_ptr->zstream.next_out != png_ptr->row_buf)
718 {
719 /* Is this unexpected data after the last row?
720 * If it is, artificially terminate the LZ output
721 * here.
722 */
723 if (png_ptr->row_number >= png_ptr->num_rows ||
724 png_ptr->pass > 6)
725 {
726 /* Extra data. */
727 png_warning(png_ptr, "Extra compressed data in IDAT");
728 png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
729 png_ptr->zowner = 0;
730
731 /* Do no more processing; skip the unprocessed
732 * input check below.
733 */
734 return;
735 }
736
737 /* Do we have a complete row? */
738 if (png_ptr->zstream.avail_out == 0)
739 png_push_process_row(png_ptr);
740 }
741
742 /* And check for the end of the stream. */
743 if (ret == Z_STREAM_END)
744 png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
745 }
746
747 /* All the data should have been processed, if anything
748 * is left at this point we have bytes of IDAT data
749 * after the zlib end code.
750 */
751 if (png_ptr->zstream.avail_in > 0)
752 png_warning(png_ptr, "Extra compression data in IDAT");
753 }
754
755 void /* PRIVATE */
756 png_push_process_row(png_structrp png_ptr)
757 {
758 /* 1.5.6: row_info moved out of png_struct to a local here. */
759 png_row_info row_info;
760
761 row_info.width = png_ptr->iwidth; /* NOTE: width of current interlaced row */
762 row_info.color_type = png_ptr->color_type;
763 row_info.bit_depth = png_ptr->bit_depth;
764 row_info.channels = png_ptr->channels;
765 row_info.pixel_depth = png_ptr->pixel_depth;
766 row_info.rowbytes = PNG_ROWBYTES(row_info.pixel_depth, row_info.width);
767
768 if (png_ptr->row_buf[0] > PNG_FILTER_VALUE_NONE)
769 {
770 if (png_ptr->row_buf[0] < PNG_FILTER_VALUE_LAST)
771 png_read_filter_row(png_ptr, &row_info, png_ptr->row_buf + 1,
772 png_ptr->prev_row + 1, png_ptr->row_buf[0]);
773 else
774 png_error(png_ptr, "bad adaptive filter value");
775 }
776
777 /* libpng 1.5.6: the following line was copying png_ptr->rowbytes before
778 * 1.5.6, while the buffer really is this big in current versions of libpng
779 * it may not be in the future, so this was changed just to copy the
780 * interlaced row count:
781 */
782 memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1);
783
784 #ifdef PNG_READ_TRANSFORMS_SUPPORTED
785 if (png_ptr->transformations != 0)
786 png_do_read_transformations(png_ptr, &row_info);
787 #endif
788
789 /* The transformed pixel depth should match the depth now in row_info. */
790 if (png_ptr->transformed_pixel_depth == 0)
791 {
792 png_ptr->transformed_pixel_depth = row_info.pixel_depth;
793 if (row_info.pixel_depth > png_ptr->maximum_pixel_depth)
794 png_error(png_ptr, "progressive row overflow");
795 }
796
797 else if (png_ptr->transformed_pixel_depth != row_info.pixel_depth)
798 png_error(png_ptr, "internal progressive row size calculation error");
799
800
801 #ifdef PNG_READ_INTERLACING_SUPPORTED
802 /* Expand interlaced rows to full size */
803 if (png_ptr->interlaced != 0 &&
804 (png_ptr->transformations & PNG_INTERLACE) != 0)
805 {
806 if (png_ptr->pass < 6)
807 png_do_read_interlace(&row_info, png_ptr->row_buf + 1, png_ptr->pass,
808 png_ptr->transformations);
809
810 switch (png_ptr->pass)
811 {
812 case 0:
813 {
814 int i;
815 for (i = 0; i < 8 && png_ptr->pass == 0; i++)
816 {
817 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
818 png_read_push_finish_row(png_ptr); /* Updates png_ptr->pass */
819 }
820
821 if (png_ptr->pass == 2) /* Pass 1 might be empty */
822 {
823 for (i = 0; i < 4 && png_ptr->pass == 2; i++)
824 {
825 png_push_have_row(png_ptr, NULL);
826 png_read_push_finish_row(png_ptr);
827 }
828 }
829
830 if (png_ptr->pass == 4 && png_ptr->height <= 4)
831 {
832 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
833 {
834 png_push_have_row(png_ptr, NULL);
835 png_read_push_finish_row(png_ptr);
836 }
837 }
838
839 if (png_ptr->pass == 6 && png_ptr->height <= 4)
840 {
841 png_push_have_row(png_ptr, NULL);
842 png_read_push_finish_row(png_ptr);
843 }
844
845 break;
846 }
847
848 case 1:
849 {
850 int i;
851 for (i = 0; i < 8 && png_ptr->pass == 1; i++)
852 {
853 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
854 png_read_push_finish_row(png_ptr);
855 }
856
857 if (png_ptr->pass == 2) /* Skip top 4 generated rows */
858 {
859 for (i = 0; i < 4 && png_ptr->pass == 2; i++)
860 {
861 png_push_have_row(png_ptr, NULL);
862 png_read_push_finish_row(png_ptr);
863 }
864 }
865
866 break;
867 }
868
869 case 2:
870 {
871 int i;
872
873 for (i = 0; i < 4 && png_ptr->pass == 2; i++)
874 {
875 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
876 png_read_push_finish_row(png_ptr);
877 }
878
879 for (i = 0; i < 4 && png_ptr->pass == 2; i++)
880 {
881 png_push_have_row(png_ptr, NULL);
882 png_read_push_finish_row(png_ptr);
883 }
884
885 if (png_ptr->pass == 4) /* Pass 3 might be empty */
886 {
887 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
888 {
889 png_push_have_row(png_ptr, NULL);
890 png_read_push_finish_row(png_ptr);
891 }
892 }
893
894 break;
895 }
896
897 case 3:
898 {
899 int i;
900
901 for (i = 0; i < 4 && png_ptr->pass == 3; i++)
902 {
903 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
904 png_read_push_finish_row(png_ptr);
905 }
906
907 if (png_ptr->pass == 4) /* Skip top two generated rows */
908 {
909 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
910 {
911 png_push_have_row(png_ptr, NULL);
912 png_read_push_finish_row(png_ptr);
913 }
914 }
915
916 break;
917 }
918
919 case 4:
920 {
921 int i;
922
923 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
924 {
925 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
926 png_read_push_finish_row(png_ptr);
927 }
928
929 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
930 {
931 png_push_have_row(png_ptr, NULL);
932 png_read_push_finish_row(png_ptr);
933 }
934
935 if (png_ptr->pass == 6) /* Pass 5 might be empty */
936 {
937 png_push_have_row(png_ptr, NULL);
938 png_read_push_finish_row(png_ptr);
939 }
940
941 break;
942 }
943
944 case 5:
945 {
946 int i;
947
948 for (i = 0; i < 2 && png_ptr->pass == 5; i++)
949 {
950 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
951 png_read_push_finish_row(png_ptr);
952 }
953
954 if (png_ptr->pass == 6) /* Skip top generated row */
955 {
956 png_push_have_row(png_ptr, NULL);
957 png_read_push_finish_row(png_ptr);
958 }
959
960 break;
961 }
962
963 default:
964 case 6:
965 {
966 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
967 png_read_push_finish_row(png_ptr);
968
969 if (png_ptr->pass != 6)
970 break;
971
972 png_push_have_row(png_ptr, NULL);
973 png_read_push_finish_row(png_ptr);
974 }
975 }
976 }
977 else
978 #endif
979 {
980 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
981 png_read_push_finish_row(png_ptr);
982 }
983 }
984
985 void /* PRIVATE */
986 png_read_push_finish_row(png_structrp png_ptr)
987 {
988 #ifdef PNG_READ_INTERLACING_SUPPORTED
989 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
990
991 /* Start of interlace block */
992 static PNG_CONST png_byte png_pass_start[] = {0, 4, 0, 2, 0, 1, 0};
993
994 /* Offset to next interlace block */
995 static PNG_CONST png_byte png_pass_inc[] = {8, 8, 4, 4, 2, 2, 1};
996
997 /* Start of interlace block in the y direction */
998 static PNG_CONST png_byte png_pass_ystart[] = {0, 0, 4, 0, 2, 0, 1};
999
1000 /* Offset to next interlace block in the y direction */
1001 static PNG_CONST png_byte png_pass_yinc[] = {8, 8, 8, 4, 4, 2, 2};
1002
1003 /* Height of interlace block. This is not currently used - if you need
1004 * it, uncomment it here and in png.h
1005 static PNG_CONST png_byte png_pass_height[] = {8, 8, 4, 4, 2, 2, 1};
1006 */
1007 #endif
1008
1009 png_ptr->row_number++;
1010 if (png_ptr->row_number < png_ptr->num_rows)
1011 return;
1012
1013 #ifdef PNG_READ_INTERLACING_SUPPORTED
1014 if (png_ptr->interlaced != 0)
1015 {
1016 png_ptr->row_number = 0;
1017 memset(png_ptr->prev_row, 0, png_ptr->rowbytes + 1);
1018
1019 do
1020 {
1021 png_ptr->pass++;
1022 if ((png_ptr->pass == 1 && png_ptr->width < 5) ||
1023 (png_ptr->pass == 3 && png_ptr->width < 3) ||
1024 (png_ptr->pass == 5 && png_ptr->width < 2))
1025 png_ptr->pass++;
1026
1027 if (png_ptr->pass > 7)
1028 png_ptr->pass--;
1029
1030 if (png_ptr->pass >= 7)
1031 break;
1032
1033 png_ptr->iwidth = (png_ptr->width +
1034 png_pass_inc[png_ptr->pass] - 1 -
1035 png_pass_start[png_ptr->pass]) /
1036 png_pass_inc[png_ptr->pass];
1037
1038 if ((png_ptr->transformations & PNG_INTERLACE) != 0)
1039 break;
1040
1041 png_ptr->num_rows = (png_ptr->height +
1042 png_pass_yinc[png_ptr->pass] - 1 -
1043 png_pass_ystart[png_ptr->pass]) /
1044 png_pass_yinc[png_ptr->pass];
1045
1046 } while (png_ptr->iwidth == 0 || png_ptr->num_rows == 0);
1047 }
1048 #endif /* READ_INTERLACING */
1049 }
1050
1051 void /* PRIVATE */
1052 png_push_have_info(png_structrp png_ptr, png_inforp info_ptr)
1053 {
1054 if (png_ptr->info_fn != NULL)
1055 (*(png_ptr->info_fn))(png_ptr, info_ptr);
1056 }
1057
1058 void /* PRIVATE */
1059 png_push_have_end(png_structrp png_ptr, png_inforp info_ptr)
1060 {
1061 if (png_ptr->end_fn != NULL)
1062 (*(png_ptr->end_fn))(png_ptr, info_ptr);
1063 }
1064
1065 void /* PRIVATE */
1066 png_push_have_row(png_structrp png_ptr, png_bytep row)
1067 {
1068 if (png_ptr->row_fn != NULL)
1069 (*(png_ptr->row_fn))(png_ptr, row, png_ptr->row_number,
1070 (int)png_ptr->pass);
1071 }
1072
1073 #ifdef PNG_READ_INTERLACING_SUPPORTED
1074 void PNGAPI
1075 png_progressive_combine_row(png_const_structrp png_ptr, png_bytep old_row,
1076 png_const_bytep new_row)
1077 {
1078 if (png_ptr == NULL)
1079 return;
1080
1081 /* new_row is a flag here - if it is NULL then the app callback was called
1082 * from an empty row (see the calls to png_struct::row_fn below), otherwise
1083 * it must be png_ptr->row_buf+1
1084 */
1085 if (new_row != NULL)
1086 png_combine_row(png_ptr, old_row, 1/*blocky display*/);
1087 }
1088 #endif /* READ_INTERLACING */
1089
1090 void PNGAPI
1091 png_set_progressive_read_fn(png_structrp png_ptr, png_voidp progressive_ptr,
1092 png_progressive_info_ptr info_fn, png_progressive_row_ptr row_fn,
1093 png_progressive_end_ptr end_fn)
1094 {
1095 if (png_ptr == NULL)
1096 return;
1097
1098 png_ptr->info_fn = info_fn;
1099 png_ptr->row_fn = row_fn;
1100 png_ptr->end_fn = end_fn;
1101
1102 png_set_read_fn(png_ptr, progressive_ptr, png_push_fill_buffer);
1103 }
1104
1105 png_voidp PNGAPI
1106 png_get_progressive_ptr(png_const_structrp png_ptr)
1107 {
1108 if (png_ptr == NULL)
1109 return (NULL);
1110
1111 return png_ptr->io_ptr;
1112 }
1113 #endif /* PROGRESSIVE_READ */