1 /*
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
3 *
4 * This code is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License version 2 only, as
6 * published by the Free Software Foundation. Oracle designates this
7 * particular file as subject to the "Classpath" exception as provided
8 * by Oracle in the LICENSE file that accompanied this code.
9 *
10 * This code is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21 * or visit www.oracle.com if you need additional information or have any
22 * questions.
23 */
24
25 /* pngpread.c - read a png file in push mode
26 *
27 * This file is available under and governed by the GNU General Public
28 * License version 2 only, as published by the Free Software Foundation.
29 * However, the following notice accompanied the original version of this
30 * file and, per its terms, should not be removed:
31 *
32 * Last changed in libpng 1.6.23 [June 9, 2016]
33 * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson
34 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
35 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
36 *
37 * This code is released under the libpng license.
38 * For conditions of distribution and use, see the disclaimer
39 * and license in png.h
40 */
41
42 #include "pngpriv.h"
43
44 #ifdef PNG_PROGRESSIVE_READ_SUPPORTED
45
46 /* Push model modes */
47 #define PNG_READ_SIG_MODE 0
48 #define PNG_READ_CHUNK_MODE 1
49 #define PNG_READ_IDAT_MODE 2
50 #define PNG_READ_tEXt_MODE 4
51 #define PNG_READ_zTXt_MODE 5
52 #define PNG_READ_DONE_MODE 6
53 #define PNG_READ_iTXt_MODE 7
54 #define PNG_ERROR_MODE 8
55
56 #define PNG_PUSH_SAVE_BUFFER_IF_FULL \
57 if (png_ptr->push_length + 4 > png_ptr->buffer_size) \
58 { png_push_save_buffer(png_ptr); return; }
59 #define PNG_PUSH_SAVE_BUFFER_IF_LT(N) \
60 if (png_ptr->buffer_size < N) \
61 { png_push_save_buffer(png_ptr); return; }
62
63 void PNGAPI
64 png_process_data(png_structrp png_ptr, png_inforp info_ptr,
65 png_bytep buffer, png_size_t buffer_size)
66 {
67 if (png_ptr == NULL || info_ptr == NULL)
68 return;
69
70 png_push_restore_buffer(png_ptr, buffer, buffer_size);
71
72 while (png_ptr->buffer_size)
73 {
74 png_process_some_data(png_ptr, info_ptr);
75 }
76 }
77
78 png_size_t PNGAPI
79 png_process_data_pause(png_structrp png_ptr, int save)
80 {
81 if (png_ptr != NULL)
82 {
83 /* It's easiest for the caller if we do the save; then the caller doesn't
84 * have to supply the same data again:
85 */
86 if (save != 0)
87 png_push_save_buffer(png_ptr);
88 else
89 {
90 /* This includes any pending saved bytes: */
91 png_size_t remaining = png_ptr->buffer_size;
92 png_ptr->buffer_size = 0;
93
94 /* So subtract the saved buffer size, unless all the data
95 * is actually 'saved', in which case we just return 0
96 */
97 if (png_ptr->save_buffer_size < remaining)
98 return remaining - png_ptr->save_buffer_size;
99 }
100 }
101
102 return 0;
103 }
104
105 png_uint_32 PNGAPI
106 png_process_data_skip(png_structrp png_ptr)
107 {
108 /* TODO: Deprecate and remove this API.
109 * Somewhere the implementation of this seems to have been lost,
110 * or abandoned. It was only to support some internal back-door access
111 * to png_struct) in libpng-1.4.x.
112 */
113 png_app_warning(png_ptr,
114 "png_process_data_skip is not implemented in any current version of libpng");
115 return 0;
116 }
117
118 /* What we do with the incoming data depends on what we were previously
119 * doing before we ran out of data...
120 */
121 void /* PRIVATE */
122 png_process_some_data(png_structrp png_ptr, png_inforp info_ptr)
123 {
124 if (png_ptr == NULL)
125 return;
126
127 switch (png_ptr->process_mode)
128 {
129 case PNG_READ_SIG_MODE:
130 {
131 png_push_read_sig(png_ptr, info_ptr);
132 break;
133 }
134
135 case PNG_READ_CHUNK_MODE:
136 {
137 png_push_read_chunk(png_ptr, info_ptr);
138 break;
139 }
140
141 case PNG_READ_IDAT_MODE:
142 {
143 png_push_read_IDAT(png_ptr);
144 break;
145 }
146
147 default:
148 {
149 png_ptr->buffer_size = 0;
150 break;
151 }
152 }
153 }
154
155 /* Read any remaining signature bytes from the stream and compare them with
156 * the correct PNG signature. It is possible that this routine is called
157 * with bytes already read from the signature, either because they have been
158 * checked by the calling application, or because of multiple calls to this
159 * routine.
160 */
161 void /* PRIVATE */
162 png_push_read_sig(png_structrp png_ptr, png_inforp info_ptr)
163 {
164 png_size_t num_checked = png_ptr->sig_bytes, /* SAFE, does not exceed 8 */
165 num_to_check = 8 - num_checked;
166
167 if (png_ptr->buffer_size < num_to_check)
168 {
169 num_to_check = png_ptr->buffer_size;
170 }
171
172 png_push_fill_buffer(png_ptr, &(info_ptr->signature[num_checked]),
173 num_to_check);
174 png_ptr->sig_bytes = (png_byte)(png_ptr->sig_bytes + num_to_check);
175
176 if (png_sig_cmp(info_ptr->signature, num_checked, num_to_check))
177 {
178 if (num_checked < 4 &&
179 png_sig_cmp(info_ptr->signature, num_checked, num_to_check - 4))
180 png_error(png_ptr, "Not a PNG file");
181
182 else
183 png_error(png_ptr, "PNG file corrupted by ASCII conversion");
184 }
185 else
186 {
187 if (png_ptr->sig_bytes >= 8)
188 {
189 png_ptr->process_mode = PNG_READ_CHUNK_MODE;
190 }
191 }
192 }
193
194 void /* PRIVATE */
195 png_push_read_chunk(png_structrp png_ptr, png_inforp info_ptr)
196 {
197 png_uint_32 chunk_name;
198 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
199 int keep; /* unknown handling method */
200 #endif
201
202 /* First we make sure we have enough data for the 4-byte chunk name
203 * and the 4-byte chunk length before proceeding with decoding the
204 * chunk data. To fully decode each of these chunks, we also make
205 * sure we have enough data in the buffer for the 4-byte CRC at the
206 * end of every chunk (except IDAT, which is handled separately).
207 */
208 if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0)
209 {
210 png_byte chunk_length[4];
211 png_byte chunk_tag[4];
212
213 PNG_PUSH_SAVE_BUFFER_IF_LT(8)
214 png_push_fill_buffer(png_ptr, chunk_length, 4);
215 png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
216 png_reset_crc(png_ptr);
217 png_crc_read(png_ptr, chunk_tag, 4);
218 png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
219 png_check_chunk_name(png_ptr, png_ptr->chunk_name);
220 png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
221 }
222
223 chunk_name = png_ptr->chunk_name;
224
225 if (chunk_name == png_IDAT)
226 {
227 if ((png_ptr->mode & PNG_AFTER_IDAT) != 0)
228 png_ptr->mode |= PNG_HAVE_CHUNK_AFTER_IDAT;
229
230 /* If we reach an IDAT chunk, this means we have read all of the
231 * header chunks, and we can start reading the image (or if this
232 * is called after the image has been read - we have an error).
233 */
234 if ((png_ptr->mode & PNG_HAVE_IHDR) == 0)
235 png_error(png_ptr, "Missing IHDR before IDAT");
236
237 else if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE &&
238 (png_ptr->mode & PNG_HAVE_PLTE) == 0)
239 png_error(png_ptr, "Missing PLTE before IDAT");
240
241 png_ptr->process_mode = PNG_READ_IDAT_MODE;
242
243 if ((png_ptr->mode & PNG_HAVE_IDAT) != 0)
244 if ((png_ptr->mode & PNG_HAVE_CHUNK_AFTER_IDAT) == 0)
245 if (png_ptr->push_length == 0)
246 return;
247
248 png_ptr->mode |= PNG_HAVE_IDAT;
249
250 if ((png_ptr->mode & PNG_AFTER_IDAT) != 0)
251 png_benign_error(png_ptr, "Too many IDATs found");
252 }
253
254 if (chunk_name == png_IHDR)
255 {
256 if (png_ptr->push_length != 13)
257 png_error(png_ptr, "Invalid IHDR length");
258
259 PNG_PUSH_SAVE_BUFFER_IF_FULL
260 png_handle_IHDR(png_ptr, info_ptr, png_ptr->push_length);
261 }
262
263 else if (chunk_name == png_IEND)
264 {
265 PNG_PUSH_SAVE_BUFFER_IF_FULL
266 png_handle_IEND(png_ptr, info_ptr, png_ptr->push_length);
267
268 png_ptr->process_mode = PNG_READ_DONE_MODE;
269 png_push_have_end(png_ptr, info_ptr);
270 }
271
272 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
273 else if ((keep = png_chunk_unknown_handling(png_ptr, chunk_name)) != 0)
274 {
275 PNG_PUSH_SAVE_BUFFER_IF_FULL
276 png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length, keep);
277
278 if (chunk_name == png_PLTE)
279 png_ptr->mode |= PNG_HAVE_PLTE;
280 }
281 #endif
282
283 else if (chunk_name == png_PLTE)
284 {
285 PNG_PUSH_SAVE_BUFFER_IF_FULL
286 png_handle_PLTE(png_ptr, info_ptr, png_ptr->push_length);
287 }
288
289 else if (chunk_name == png_IDAT)
290 {
291 png_ptr->idat_size = png_ptr->push_length;
292 png_ptr->process_mode = PNG_READ_IDAT_MODE;
293 png_push_have_info(png_ptr, info_ptr);
294 png_ptr->zstream.avail_out =
295 (uInt) PNG_ROWBYTES(png_ptr->pixel_depth,
296 png_ptr->iwidth) + 1;
297 png_ptr->zstream.next_out = png_ptr->row_buf;
298 return;
299 }
300
301 #ifdef PNG_READ_gAMA_SUPPORTED
302 else if (png_ptr->chunk_name == png_gAMA)
303 {
304 PNG_PUSH_SAVE_BUFFER_IF_FULL
305 png_handle_gAMA(png_ptr, info_ptr, png_ptr->push_length);
306 }
307
308 #endif
309 #ifdef PNG_READ_sBIT_SUPPORTED
310 else if (png_ptr->chunk_name == png_sBIT)
311 {
312 PNG_PUSH_SAVE_BUFFER_IF_FULL
313 png_handle_sBIT(png_ptr, info_ptr, png_ptr->push_length);
314 }
315
316 #endif
317 #ifdef PNG_READ_cHRM_SUPPORTED
318 else if (png_ptr->chunk_name == png_cHRM)
319 {
320 PNG_PUSH_SAVE_BUFFER_IF_FULL
321 png_handle_cHRM(png_ptr, info_ptr, png_ptr->push_length);
322 }
323
324 #endif
325 #ifdef PNG_READ_sRGB_SUPPORTED
326 else if (chunk_name == png_sRGB)
327 {
328 PNG_PUSH_SAVE_BUFFER_IF_FULL
329 png_handle_sRGB(png_ptr, info_ptr, png_ptr->push_length);
330 }
331
332 #endif
333 #ifdef PNG_READ_iCCP_SUPPORTED
334 else if (png_ptr->chunk_name == png_iCCP)
335 {
336 PNG_PUSH_SAVE_BUFFER_IF_FULL
337 png_handle_iCCP(png_ptr, info_ptr, png_ptr->push_length);
338 }
339
340 #endif
341 #ifdef PNG_READ_sPLT_SUPPORTED
342 else if (chunk_name == png_sPLT)
343 {
344 PNG_PUSH_SAVE_BUFFER_IF_FULL
345 png_handle_sPLT(png_ptr, info_ptr, png_ptr->push_length);
346 }
347
348 #endif
349 #ifdef PNG_READ_tRNS_SUPPORTED
350 else if (chunk_name == png_tRNS)
351 {
352 PNG_PUSH_SAVE_BUFFER_IF_FULL
353 png_handle_tRNS(png_ptr, info_ptr, png_ptr->push_length);
354 }
355
356 #endif
357 #ifdef PNG_READ_bKGD_SUPPORTED
358 else if (chunk_name == png_bKGD)
359 {
360 PNG_PUSH_SAVE_BUFFER_IF_FULL
361 png_handle_bKGD(png_ptr, info_ptr, png_ptr->push_length);
362 }
363
364 #endif
365 #ifdef PNG_READ_hIST_SUPPORTED
366 else if (chunk_name == png_hIST)
367 {
368 PNG_PUSH_SAVE_BUFFER_IF_FULL
369 png_handle_hIST(png_ptr, info_ptr, png_ptr->push_length);
370 }
371
372 #endif
373 #ifdef PNG_READ_pHYs_SUPPORTED
374 else if (chunk_name == png_pHYs)
375 {
376 PNG_PUSH_SAVE_BUFFER_IF_FULL
377 png_handle_pHYs(png_ptr, info_ptr, png_ptr->push_length);
378 }
379
380 #endif
381 #ifdef PNG_READ_oFFs_SUPPORTED
382 else if (chunk_name == png_oFFs)
383 {
384 PNG_PUSH_SAVE_BUFFER_IF_FULL
385 png_handle_oFFs(png_ptr, info_ptr, png_ptr->push_length);
386 }
387 #endif
388
389 #ifdef PNG_READ_pCAL_SUPPORTED
390 else if (chunk_name == png_pCAL)
391 {
392 PNG_PUSH_SAVE_BUFFER_IF_FULL
393 png_handle_pCAL(png_ptr, info_ptr, png_ptr->push_length);
394 }
395
396 #endif
397 #ifdef PNG_READ_sCAL_SUPPORTED
398 else if (chunk_name == png_sCAL)
399 {
400 PNG_PUSH_SAVE_BUFFER_IF_FULL
401 png_handle_sCAL(png_ptr, info_ptr, png_ptr->push_length);
402 }
403
404 #endif
405 #ifdef PNG_READ_tIME_SUPPORTED
406 else if (chunk_name == png_tIME)
407 {
408 PNG_PUSH_SAVE_BUFFER_IF_FULL
409 png_handle_tIME(png_ptr, info_ptr, png_ptr->push_length);
410 }
411
412 #endif
413 #ifdef PNG_READ_tEXt_SUPPORTED
414 else if (chunk_name == png_tEXt)
415 {
416 PNG_PUSH_SAVE_BUFFER_IF_FULL
417 png_handle_tEXt(png_ptr, info_ptr, png_ptr->push_length);
418 }
419
420 #endif
421 #ifdef PNG_READ_zTXt_SUPPORTED
422 else if (chunk_name == png_zTXt)
423 {
424 PNG_PUSH_SAVE_BUFFER_IF_FULL
425 png_handle_zTXt(png_ptr, info_ptr, png_ptr->push_length);
426 }
427
428 #endif
429 #ifdef PNG_READ_iTXt_SUPPORTED
430 else if (chunk_name == png_iTXt)
431 {
432 PNG_PUSH_SAVE_BUFFER_IF_FULL
433 png_handle_iTXt(png_ptr, info_ptr, png_ptr->push_length);
434 }
435 #endif
436
437 else
438 {
439 PNG_PUSH_SAVE_BUFFER_IF_FULL
440 png_handle_unknown(png_ptr, info_ptr, png_ptr->push_length,
441 PNG_HANDLE_CHUNK_AS_DEFAULT);
442 }
443
444 png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
445 }
446
447 void PNGCBAPI
448 png_push_fill_buffer(png_structp png_ptr, png_bytep buffer, png_size_t length)
449 {
450 png_bytep ptr;
451
452 if (png_ptr == NULL)
453 return;
454
455 ptr = buffer;
456 if (png_ptr->save_buffer_size != 0)
457 {
458 png_size_t save_size;
459
460 if (length < png_ptr->save_buffer_size)
461 save_size = length;
462
463 else
464 save_size = png_ptr->save_buffer_size;
465
466 memcpy(ptr, png_ptr->save_buffer_ptr, save_size);
467 length -= save_size;
468 ptr += save_size;
469 png_ptr->buffer_size -= save_size;
470 png_ptr->save_buffer_size -= save_size;
471 png_ptr->save_buffer_ptr += save_size;
472 }
473 if (length != 0 && png_ptr->current_buffer_size != 0)
474 {
475 png_size_t save_size;
476
477 if (length < png_ptr->current_buffer_size)
478 save_size = length;
479
480 else
481 save_size = png_ptr->current_buffer_size;
482
483 memcpy(ptr, png_ptr->current_buffer_ptr, save_size);
484 png_ptr->buffer_size -= save_size;
485 png_ptr->current_buffer_size -= save_size;
486 png_ptr->current_buffer_ptr += save_size;
487 }
488 }
489
490 void /* PRIVATE */
491 png_push_save_buffer(png_structrp png_ptr)
492 {
493 if (png_ptr->save_buffer_size != 0)
494 {
495 if (png_ptr->save_buffer_ptr != png_ptr->save_buffer)
496 {
497 png_size_t i, istop;
498 png_bytep sp;
499 png_bytep dp;
500
501 istop = png_ptr->save_buffer_size;
502 for (i = 0, sp = png_ptr->save_buffer_ptr, dp = png_ptr->save_buffer;
503 i < istop; i++, sp++, dp++)
504 {
505 *dp = *sp;
506 }
507 }
508 }
509 if (png_ptr->save_buffer_size + png_ptr->current_buffer_size >
510 png_ptr->save_buffer_max)
511 {
512 png_size_t new_max;
513 png_bytep old_buffer;
514
515 if (png_ptr->save_buffer_size > PNG_SIZE_MAX -
516 (png_ptr->current_buffer_size + 256))
517 {
518 png_error(png_ptr, "Potential overflow of save_buffer");
519 }
520
521 new_max = png_ptr->save_buffer_size + png_ptr->current_buffer_size + 256;
522 old_buffer = png_ptr->save_buffer;
523 png_ptr->save_buffer = (png_bytep)png_malloc_warn(png_ptr,
524 (png_size_t)new_max);
525
526 if (png_ptr->save_buffer == NULL)
527 {
528 png_free(png_ptr, old_buffer);
529 png_error(png_ptr, "Insufficient memory for save_buffer");
530 }
531
532 if (old_buffer)
533 memcpy(png_ptr->save_buffer, old_buffer, png_ptr->save_buffer_size);
534 else if (png_ptr->save_buffer_size)
535 png_error(png_ptr, "save_buffer error");
536 png_free(png_ptr, old_buffer);
537 png_ptr->save_buffer_max = new_max;
538 }
539 if (png_ptr->current_buffer_size)
540 {
541 memcpy(png_ptr->save_buffer + png_ptr->save_buffer_size,
542 png_ptr->current_buffer_ptr, png_ptr->current_buffer_size);
543 png_ptr->save_buffer_size += png_ptr->current_buffer_size;
544 png_ptr->current_buffer_size = 0;
545 }
546 png_ptr->save_buffer_ptr = png_ptr->save_buffer;
547 png_ptr->buffer_size = 0;
548 }
549
550 void /* PRIVATE */
551 png_push_restore_buffer(png_structrp png_ptr, png_bytep buffer,
552 png_size_t buffer_length)
553 {
554 png_ptr->current_buffer = buffer;
555 png_ptr->current_buffer_size = buffer_length;
556 png_ptr->buffer_size = buffer_length + png_ptr->save_buffer_size;
557 png_ptr->current_buffer_ptr = png_ptr->current_buffer;
558 }
559
560 void /* PRIVATE */
561 png_push_read_IDAT(png_structrp png_ptr)
562 {
563 if ((png_ptr->mode & PNG_HAVE_CHUNK_HEADER) == 0)
564 {
565 png_byte chunk_length[4];
566 png_byte chunk_tag[4];
567
568 /* TODO: this code can be commoned up with the same code in push_read */
569 PNG_PUSH_SAVE_BUFFER_IF_LT(8)
570 png_push_fill_buffer(png_ptr, chunk_length, 4);
571 png_ptr->push_length = png_get_uint_31(png_ptr, chunk_length);
572 png_reset_crc(png_ptr);
573 png_crc_read(png_ptr, chunk_tag, 4);
574 png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag);
575 png_ptr->mode |= PNG_HAVE_CHUNK_HEADER;
576
577 if (png_ptr->chunk_name != png_IDAT)
578 {
579 png_ptr->process_mode = PNG_READ_CHUNK_MODE;
580
581 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0)
582 png_error(png_ptr, "Not enough compressed data");
583
584 return;
585 }
586
587 png_ptr->idat_size = png_ptr->push_length;
588 }
589
590 if (png_ptr->idat_size != 0 && png_ptr->save_buffer_size != 0)
591 {
592 png_size_t save_size = png_ptr->save_buffer_size;
593 png_uint_32 idat_size = png_ptr->idat_size;
594
595 /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
596 * are of different types and we don't know which variable has the fewest
597 * bits. Carefully select the smaller and cast it to the type of the
598 * larger - this cannot overflow. Do not cast in the following test - it
599 * will break on either 16-bit or 64-bit platforms.
600 */
601 if (idat_size < save_size)
602 save_size = (png_size_t)idat_size;
603
604 else
605 idat_size = (png_uint_32)save_size;
606
607 png_calculate_crc(png_ptr, png_ptr->save_buffer_ptr, save_size);
608
609 png_process_IDAT_data(png_ptr, png_ptr->save_buffer_ptr, save_size);
610
611 png_ptr->idat_size -= idat_size;
612 png_ptr->buffer_size -= save_size;
613 png_ptr->save_buffer_size -= save_size;
614 png_ptr->save_buffer_ptr += save_size;
615 }
616
617 if (png_ptr->idat_size != 0 && png_ptr->current_buffer_size != 0)
618 {
619 png_size_t save_size = png_ptr->current_buffer_size;
620 png_uint_32 idat_size = png_ptr->idat_size;
621
622 /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
623 * are of different types and we don't know which variable has the fewest
624 * bits. Carefully select the smaller and cast it to the type of the
625 * larger - this cannot overflow.
626 */
627 if (idat_size < save_size)
628 save_size = (png_size_t)idat_size;
629
630 else
631 idat_size = (png_uint_32)save_size;
632
633 png_calculate_crc(png_ptr, png_ptr->current_buffer_ptr, save_size);
634
635 png_process_IDAT_data(png_ptr, png_ptr->current_buffer_ptr, save_size);
636
637 png_ptr->idat_size -= idat_size;
638 png_ptr->buffer_size -= save_size;
639 png_ptr->current_buffer_size -= save_size;
640 png_ptr->current_buffer_ptr += save_size;
641 }
642
643 if (png_ptr->idat_size == 0)
644 {
645 PNG_PUSH_SAVE_BUFFER_IF_LT(4)
646 png_crc_finish(png_ptr, 0);
647 png_ptr->mode &= ~PNG_HAVE_CHUNK_HEADER;
648 png_ptr->mode |= PNG_AFTER_IDAT;
649 png_ptr->zowner = 0;
650 }
651 }
652
653 void /* PRIVATE */
654 png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer,
655 png_size_t buffer_length)
656 {
657 /* The caller checks for a non-zero buffer length. */
658 if (!(buffer_length > 0) || buffer == NULL)
659 png_error(png_ptr, "No IDAT data (internal error)");
660
661 /* This routine must process all the data it has been given
662 * before returning, calling the row callback as required to
663 * handle the uncompressed results.
664 */
665 png_ptr->zstream.next_in = buffer;
666 /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
667 png_ptr->zstream.avail_in = (uInt)buffer_length;
668
669 /* Keep going until the decompressed data is all processed
670 * or the stream marked as finished.
671 */
672 while (png_ptr->zstream.avail_in > 0 &&
673 (png_ptr->flags & PNG_FLAG_ZSTREAM_ENDED) == 0)
674 {
675 int ret;
676
677 /* We have data for zlib, but we must check that zlib
678 * has someplace to put the results. It doesn't matter
679 * if we don't expect any results -- it may be the input
680 * data is just the LZ end code.
681 */
682 if (!(png_ptr->zstream.avail_out > 0))
683 {
684 /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
685 png_ptr->zstream.avail_out = (uInt)(PNG_ROWBYTES(png_ptr->pixel_depth,
686 png_ptr->iwidth) + 1);
687
688 png_ptr->zstream.next_out = png_ptr->row_buf;
689 }
690
691 /* Using Z_SYNC_FLUSH here means that an unterminated
692 * LZ stream (a stream with a missing end code) can still
693 * be handled, otherwise (Z_NO_FLUSH) a future zlib
694 * implementation might defer output and therefore
695 * change the current behavior (see comments in inflate.c
696 * for why this doesn't happen at present with zlib 1.2.5).
697 */
698 ret = PNG_INFLATE(png_ptr, Z_SYNC_FLUSH);
699
700 /* Check for any failure before proceeding. */
701 if (ret != Z_OK && ret != Z_STREAM_END)
702 {
703 /* Terminate the decompression. */
704 png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
705 png_ptr->zowner = 0;
706
707 /* This may be a truncated stream (missing or
708 * damaged end code). Treat that as a warning.
709 */
710 if (png_ptr->row_number >= png_ptr->num_rows ||
711 png_ptr->pass > 6)
712 png_warning(png_ptr, "Truncated compressed data in IDAT");
713
714 else
715 png_error(png_ptr, "Decompression error in IDAT");
716
717 /* Skip the check on unprocessed input */
718 return;
719 }
720
721 /* Did inflate output any data? */
722 if (png_ptr->zstream.next_out != png_ptr->row_buf)
723 {
724 /* Is this unexpected data after the last row?
725 * If it is, artificially terminate the LZ output
726 * here.
727 */
728 if (png_ptr->row_number >= png_ptr->num_rows ||
729 png_ptr->pass > 6)
730 {
731 /* Extra data. */
732 png_warning(png_ptr, "Extra compressed data in IDAT");
733 png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
734 png_ptr->zowner = 0;
735
736 /* Do no more processing; skip the unprocessed
737 * input check below.
738 */
739 return;
740 }
741
742 /* Do we have a complete row? */
743 if (png_ptr->zstream.avail_out == 0)
744 png_push_process_row(png_ptr);
745 }
746
747 /* And check for the end of the stream. */
748 if (ret == Z_STREAM_END)
749 png_ptr->flags |= PNG_FLAG_ZSTREAM_ENDED;
750 }
751
752 /* All the data should have been processed, if anything
753 * is left at this point we have bytes of IDAT data
754 * after the zlib end code.
755 */
756 if (png_ptr->zstream.avail_in > 0)
757 png_warning(png_ptr, "Extra compression data in IDAT");
758 }
759
760 void /* PRIVATE */
761 png_push_process_row(png_structrp png_ptr)
762 {
763 /* 1.5.6: row_info moved out of png_struct to a local here. */
764 png_row_info row_info;
765
766 row_info.width = png_ptr->iwidth; /* NOTE: width of current interlaced row */
767 row_info.color_type = png_ptr->color_type;
768 row_info.bit_depth = png_ptr->bit_depth;
769 row_info.channels = png_ptr->channels;
770 row_info.pixel_depth = png_ptr->pixel_depth;
771 row_info.rowbytes = PNG_ROWBYTES(row_info.pixel_depth, row_info.width);
772
773 if (png_ptr->row_buf[0] > PNG_FILTER_VALUE_NONE)
774 {
775 if (png_ptr->row_buf[0] < PNG_FILTER_VALUE_LAST)
776 png_read_filter_row(png_ptr, &row_info, png_ptr->row_buf + 1,
777 png_ptr->prev_row + 1, png_ptr->row_buf[0]);
778 else
779 png_error(png_ptr, "bad adaptive filter value");
780 }
781
782 /* libpng 1.5.6: the following line was copying png_ptr->rowbytes before
783 * 1.5.6, while the buffer really is this big in current versions of libpng
784 * it may not be in the future, so this was changed just to copy the
785 * interlaced row count:
786 */
787 memcpy(png_ptr->prev_row, png_ptr->row_buf, row_info.rowbytes + 1);
788
789 #ifdef PNG_READ_TRANSFORMS_SUPPORTED
790 if (png_ptr->transformations != 0)
791 png_do_read_transformations(png_ptr, &row_info);
792 #endif
793
794 /* The transformed pixel depth should match the depth now in row_info. */
795 if (png_ptr->transformed_pixel_depth == 0)
796 {
797 png_ptr->transformed_pixel_depth = row_info.pixel_depth;
798 if (row_info.pixel_depth > png_ptr->maximum_pixel_depth)
799 png_error(png_ptr, "progressive row overflow");
800 }
801
802 else if (png_ptr->transformed_pixel_depth != row_info.pixel_depth)
803 png_error(png_ptr, "internal progressive row size calculation error");
804
805
806 #ifdef PNG_READ_INTERLACING_SUPPORTED
807 /* Expand interlaced rows to full size */
808 if (png_ptr->interlaced != 0 &&
809 (png_ptr->transformations & PNG_INTERLACE) != 0)
810 {
811 if (png_ptr->pass < 6)
812 png_do_read_interlace(&row_info, png_ptr->row_buf + 1, png_ptr->pass,
813 png_ptr->transformations);
814
815 switch (png_ptr->pass)
816 {
817 case 0:
818 {
819 int i;
820 for (i = 0; i < 8 && png_ptr->pass == 0; i++)
821 {
822 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
823 png_read_push_finish_row(png_ptr); /* Updates png_ptr->pass */
824 }
825
826 if (png_ptr->pass == 2) /* Pass 1 might be empty */
827 {
828 for (i = 0; i < 4 && png_ptr->pass == 2; i++)
829 {
830 png_push_have_row(png_ptr, NULL);
831 png_read_push_finish_row(png_ptr);
832 }
833 }
834
835 if (png_ptr->pass == 4 && png_ptr->height <= 4)
836 {
837 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
838 {
839 png_push_have_row(png_ptr, NULL);
840 png_read_push_finish_row(png_ptr);
841 }
842 }
843
844 if (png_ptr->pass == 6 && png_ptr->height <= 4)
845 {
846 png_push_have_row(png_ptr, NULL);
847 png_read_push_finish_row(png_ptr);
848 }
849
850 break;
851 }
852
853 case 1:
854 {
855 int i;
856 for (i = 0; i < 8 && png_ptr->pass == 1; i++)
857 {
858 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
859 png_read_push_finish_row(png_ptr);
860 }
861
862 if (png_ptr->pass == 2) /* Skip top 4 generated rows */
863 {
864 for (i = 0; i < 4 && png_ptr->pass == 2; i++)
865 {
866 png_push_have_row(png_ptr, NULL);
867 png_read_push_finish_row(png_ptr);
868 }
869 }
870
871 break;
872 }
873
874 case 2:
875 {
876 int i;
877
878 for (i = 0; i < 4 && png_ptr->pass == 2; i++)
879 {
880 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
881 png_read_push_finish_row(png_ptr);
882 }
883
884 for (i = 0; i < 4 && png_ptr->pass == 2; i++)
885 {
886 png_push_have_row(png_ptr, NULL);
887 png_read_push_finish_row(png_ptr);
888 }
889
890 if (png_ptr->pass == 4) /* Pass 3 might be empty */
891 {
892 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
893 {
894 png_push_have_row(png_ptr, NULL);
895 png_read_push_finish_row(png_ptr);
896 }
897 }
898
899 break;
900 }
901
902 case 3:
903 {
904 int i;
905
906 for (i = 0; i < 4 && png_ptr->pass == 3; i++)
907 {
908 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
909 png_read_push_finish_row(png_ptr);
910 }
911
912 if (png_ptr->pass == 4) /* Skip top two generated rows */
913 {
914 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
915 {
916 png_push_have_row(png_ptr, NULL);
917 png_read_push_finish_row(png_ptr);
918 }
919 }
920
921 break;
922 }
923
924 case 4:
925 {
926 int i;
927
928 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
929 {
930 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
931 png_read_push_finish_row(png_ptr);
932 }
933
934 for (i = 0; i < 2 && png_ptr->pass == 4; i++)
935 {
936 png_push_have_row(png_ptr, NULL);
937 png_read_push_finish_row(png_ptr);
938 }
939
940 if (png_ptr->pass == 6) /* Pass 5 might be empty */
941 {
942 png_push_have_row(png_ptr, NULL);
943 png_read_push_finish_row(png_ptr);
944 }
945
946 break;
947 }
948
949 case 5:
950 {
951 int i;
952
953 for (i = 0; i < 2 && png_ptr->pass == 5; i++)
954 {
955 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
956 png_read_push_finish_row(png_ptr);
957 }
958
959 if (png_ptr->pass == 6) /* Skip top generated row */
960 {
961 png_push_have_row(png_ptr, NULL);
962 png_read_push_finish_row(png_ptr);
963 }
964
965 break;
966 }
967
968 default:
969 case 6:
970 {
971 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
972 png_read_push_finish_row(png_ptr);
973
974 if (png_ptr->pass != 6)
975 break;
976
977 png_push_have_row(png_ptr, NULL);
978 png_read_push_finish_row(png_ptr);
979 }
980 }
981 }
982 else
983 #endif
984 {
985 png_push_have_row(png_ptr, png_ptr->row_buf + 1);
986 png_read_push_finish_row(png_ptr);
987 }
988 }
989
990 void /* PRIVATE */
991 png_read_push_finish_row(png_structrp png_ptr)
992 {
993 #ifdef PNG_READ_INTERLACING_SUPPORTED
994 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
995
996 /* Start of interlace block */
997 static PNG_CONST png_byte png_pass_start[] = {0, 4, 0, 2, 0, 1, 0};
998
999 /* Offset to next interlace block */
1000 static PNG_CONST png_byte png_pass_inc[] = {8, 8, 4, 4, 2, 2, 1};
1001
1002 /* Start of interlace block in the y direction */
1003 static PNG_CONST png_byte png_pass_ystart[] = {0, 0, 4, 0, 2, 0, 1};
1004
1005 /* Offset to next interlace block in the y direction */
1006 static PNG_CONST png_byte png_pass_yinc[] = {8, 8, 8, 4, 4, 2, 2};
1007
1008 /* Height of interlace block. This is not currently used - if you need
1009 * it, uncomment it here and in png.h
1010 static PNG_CONST png_byte png_pass_height[] = {8, 8, 4, 4, 2, 2, 1};
1011 */
1012 #endif
1013
1014 png_ptr->row_number++;
1015 if (png_ptr->row_number < png_ptr->num_rows)
1016 return;
1017
1018 #ifdef PNG_READ_INTERLACING_SUPPORTED
1019 if (png_ptr->interlaced != 0)
1020 {
1021 png_ptr->row_number = 0;
1022 memset(png_ptr->prev_row, 0, png_ptr->rowbytes + 1);
1023
1024 do
1025 {
1026 png_ptr->pass++;
1027 if ((png_ptr->pass == 1 && png_ptr->width < 5) ||
1028 (png_ptr->pass == 3 && png_ptr->width < 3) ||
1029 (png_ptr->pass == 5 && png_ptr->width < 2))
1030 png_ptr->pass++;
1031
1032 if (png_ptr->pass > 7)
1033 png_ptr->pass--;
1034
1035 if (png_ptr->pass >= 7)
1036 break;
1037
1038 png_ptr->iwidth = (png_ptr->width +
1039 png_pass_inc[png_ptr->pass] - 1 -
1040 png_pass_start[png_ptr->pass]) /
1041 png_pass_inc[png_ptr->pass];
1042
1043 if ((png_ptr->transformations & PNG_INTERLACE) != 0)
1044 break;
1045
1046 png_ptr->num_rows = (png_ptr->height +
1047 png_pass_yinc[png_ptr->pass] - 1 -
1048 png_pass_ystart[png_ptr->pass]) /
1049 png_pass_yinc[png_ptr->pass];
1050
1051 } while (png_ptr->iwidth == 0 || png_ptr->num_rows == 0);
1052 }
1053 #endif /* READ_INTERLACING */
1054 }
1055
1056 void /* PRIVATE */
1057 png_push_have_info(png_structrp png_ptr, png_inforp info_ptr)
1058 {
1059 if (png_ptr->info_fn != NULL)
1060 (*(png_ptr->info_fn))(png_ptr, info_ptr);
1061 }
1062
1063 void /* PRIVATE */
1064 png_push_have_end(png_structrp png_ptr, png_inforp info_ptr)
1065 {
1066 if (png_ptr->end_fn != NULL)
1067 (*(png_ptr->end_fn))(png_ptr, info_ptr);
1068 }
1069
1070 void /* PRIVATE */
1071 png_push_have_row(png_structrp png_ptr, png_bytep row)
1072 {
1073 if (png_ptr->row_fn != NULL)
1074 (*(png_ptr->row_fn))(png_ptr, row, png_ptr->row_number,
1075 (int)png_ptr->pass);
1076 }
1077
1078 #ifdef PNG_READ_INTERLACING_SUPPORTED
1079 void PNGAPI
1080 png_progressive_combine_row(png_const_structrp png_ptr, png_bytep old_row,
1081 png_const_bytep new_row)
1082 {
1083 if (png_ptr == NULL)
1084 return;
1085
1086 /* new_row is a flag here - if it is NULL then the app callback was called
1087 * from an empty row (see the calls to png_struct::row_fn below), otherwise
1088 * it must be png_ptr->row_buf+1
1089 */
1090 if (new_row != NULL)
1091 png_combine_row(png_ptr, old_row, 1/*blocky display*/);
1092 }
1093 #endif /* READ_INTERLACING */
1094
1095 void PNGAPI
1096 png_set_progressive_read_fn(png_structrp png_ptr, png_voidp progressive_ptr,
1097 png_progressive_info_ptr info_fn, png_progressive_row_ptr row_fn,
1098 png_progressive_end_ptr end_fn)
1099 {
1100 if (png_ptr == NULL)
1101 return;
1102
1103 png_ptr->info_fn = info_fn;
1104 png_ptr->row_fn = row_fn;
1105 png_ptr->end_fn = end_fn;
1106
1107 png_set_read_fn(png_ptr, progressive_ptr, png_push_fill_buffer);
1108 }
1109
1110 png_voidp PNGAPI
1111 png_get_progressive_ptr(png_const_structrp png_ptr)
1112 {
1113 if (png_ptr == NULL)
1114 return (NULL);
1115
1116 return png_ptr->io_ptr;
1117 }
1118 #endif /* PROGRESSIVE_READ */