1 2/* png.c - location for general purpose libpng functions 3 * 4 * Last changed in libpng 1.5.11 [June 14, 2012] 5 * Copyright (c) 1998-2012 Glenn Randers-Pehrson 6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) 7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) 8 * 9 * This code is released under the libpng license. 10 * For conditions of distribution and use, see the disclaimer 11 * and license in png.h 12 */ 13 14#include "pngpriv.h" 15 16/* Generate a compiler error if there is an old png.h in the search path. */ 17typedef png_libpng_version_1_5_12 Your_png_h_is_not_version_1_5_12; 18 19/* Tells libpng that we have already handled the first "num_bytes" bytes 20 * of the PNG file signature. If the PNG data is embedded into another 21 * stream we can set num_bytes = 8 so that libpng will not attempt to read 22 * or write any of the magic bytes before it starts on the IHDR. 23 */ 24 25#ifdef PNG_READ_SUPPORTED 26void PNGAPI 27png_set_sig_bytes(png_structp png_ptr, int num_bytes) 28{ 29 png_debug(1, "in png_set_sig_bytes"); 30 31 if (png_ptr == NULL) 32 return; 33 34 if (num_bytes > 8) 35 png_error(png_ptr, "Too many bytes for PNG signature"); 36 37 png_ptr->sig_bytes = (png_byte)(num_bytes < 0 ? 0 : num_bytes); 38} 39 40/* Checks whether the supplied bytes match the PNG signature. We allow 41 * checking less than the full 8-byte signature so that those apps that 42 * already read the first few bytes of a file to determine the file type 43 * can simply check the remaining bytes for extra assurance. Returns 44 * an integer less than, equal to, or greater than zero if sig is found, 45 * respectively, to be less than, to match, or be greater than the correct 46 * PNG signature (this is the same behavior as strcmp, memcmp, etc). 47 */ 48int PNGAPI 49png_sig_cmp(png_const_bytep sig, png_size_t start, png_size_t num_to_check) 50{ 51 png_byte png_signature[8] = {137, 80, 78, 71, 13, 10, 26, 10}; 52 53 if (num_to_check > 8) 54 num_to_check = 8; 55 56 else if (num_to_check < 1) 57 return (-1); 58 59 if (start > 7) 60 return (-1); 61 62 if (start + num_to_check > 8) 63 num_to_check = 8 - start; 64 65 return ((int)(png_memcmp(&sig[start], &png_signature[start], num_to_check))); 66} 67 68#endif /* PNG_READ_SUPPORTED */ 69 70#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) 71/* Function to allocate memory for zlib */ 72PNG_FUNCTION(voidpf /* PRIVATE */, 73png_zalloc,(voidpf png_ptr, uInt items, uInt size),PNG_ALLOCATED) 74{ 75 png_voidp ptr; 76 png_structp p=(png_structp)png_ptr; 77 png_uint_32 save_flags=p->flags; 78 png_alloc_size_t num_bytes; 79 80 if (png_ptr == NULL) 81 return (NULL); 82 83 if (items > PNG_UINT_32_MAX/size) 84 { 85 png_warning (p, "Potential overflow in png_zalloc()"); 86 return (NULL); 87 } 88 num_bytes = (png_alloc_size_t)items * size; 89 90 p->flags|=PNG_FLAG_MALLOC_NULL_MEM_OK; 91 ptr = (png_voidp)png_malloc((png_structp)png_ptr, num_bytes); 92 p->flags=save_flags; 93 94 return ((voidpf)ptr); 95} 96 97/* Function to free memory for zlib */ 98void /* PRIVATE */ 99png_zfree(voidpf png_ptr, voidpf ptr) 100{ 101 png_free((png_structp)png_ptr, (png_voidp)ptr); 102} 103 104/* Reset the CRC variable to 32 bits of 1's. Care must be taken 105 * in case CRC is > 32 bits to leave the top bits 0. 106 */ 107void /* PRIVATE */ 108png_reset_crc(png_structp png_ptr) 109{ 110 /* The cast is safe because the crc is a 32 bit value. */ 111 png_ptr->crc = (png_uint_32)crc32(0, Z_NULL, 0); 112} 113 114/* Calculate the CRC over a section of data. We can only pass as 115 * much data to this routine as the largest single buffer size. We 116 * also check that this data will actually be used before going to the 117 * trouble of calculating it. 118 */ 119void /* PRIVATE */ 120png_calculate_crc(png_structp png_ptr, png_const_bytep ptr, png_size_t length) 121{ 122 int need_crc = 1; 123 124 if (PNG_CHUNK_ANCILLIARY(png_ptr->chunk_name)) 125 { 126 if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_MASK) == 127 (PNG_FLAG_CRC_ANCILLARY_USE | PNG_FLAG_CRC_ANCILLARY_NOWARN)) 128 need_crc = 0; 129 } 130 131 else /* critical */ 132 { 133 if (png_ptr->flags & PNG_FLAG_CRC_CRITICAL_IGNORE) 134 need_crc = 0; 135 } 136 137 /* 'uLong' is defined as unsigned long, this means that on some systems it is 138 * a 64 bit value. crc32, however, returns 32 bits so the following cast is 139 * safe. 'uInt' may be no more than 16 bits, so it is necessary to perform a 140 * loop here. 141 */ 142 if (need_crc && length > 0) 143 { 144 uLong crc = png_ptr->crc; /* Should never issue a warning */ 145 146 do 147 { 148 uInt safeLength = (uInt)length; 149 if (safeLength == 0) 150 safeLength = (uInt)-1; /* evil, but safe */ 151 152 crc = crc32(crc, ptr, safeLength); 153 154 /* The following should never issue compiler warnings, if they do the 155 * target system has characteristics that will probably violate other 156 * assumptions within the libpng code. 157 */ 158 ptr += safeLength; 159 length -= safeLength; 160 } 161 while (length > 0); 162 163 /* And the following is always safe because the crc is only 32 bits. */ 164 png_ptr->crc = (png_uint_32)crc; 165 } 166} 167 168/* Check a user supplied version number, called from both read and write 169 * functions that create a png_struct 170 */ 171int 172png_user_version_check(png_structp png_ptr, png_const_charp user_png_ver) 173{ 174 if (user_png_ver) 175 { 176 int i = 0; 177 178 do 179 { 180 if (user_png_ver[i] != png_libpng_ver[i]) 181 png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH; 182 } while (png_libpng_ver[i++]); 183 } 184 185 else 186 png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH; 187 188 if (png_ptr->flags & PNG_FLAG_LIBRARY_MISMATCH) 189 { 190 /* Libpng 0.90 and later are binary incompatible with libpng 0.89, so 191 * we must recompile any applications that use any older library version. 192 * For versions after libpng 1.0, we will be compatible, so we need 193 * only check the first digit. 194 */ 195 if (user_png_ver == NULL || user_png_ver[0] != png_libpng_ver[0] || 196 (user_png_ver[0] == '1' && user_png_ver[2] != png_libpng_ver[2]) || 197 (user_png_ver[0] == '0' && user_png_ver[2] < '9')) 198 { 199#ifdef PNG_WARNINGS_SUPPORTED 200 size_t pos = 0; 201 char m[128]; 202 203 pos = png_safecat(m, sizeof m, pos, "Application built with libpng-"); 204 pos = png_safecat(m, sizeof m, pos, user_png_ver); 205 pos = png_safecat(m, sizeof m, pos, " but running with "); 206 pos = png_safecat(m, sizeof m, pos, png_libpng_ver); 207 208 png_warning(png_ptr, m); 209#endif 210 211#ifdef PNG_ERROR_NUMBERS_SUPPORTED 212 png_ptr->flags = 0; 213#endif 214 215 return 0; 216 } 217 } 218 219 /* Success return. */ 220 return 1; 221} 222 223/* Allocate the memory for an info_struct for the application. We don't 224 * really need the png_ptr, but it could potentially be useful in the 225 * future. This should be used in favour of malloc(png_sizeof(png_info)) 226 * and png_info_init() so that applications that want to use a shared 227 * libpng don't have to be recompiled if png_info changes size. 228 */ 229PNG_FUNCTION(png_infop,PNGAPI 230png_create_info_struct,(png_structp png_ptr),PNG_ALLOCATED) 231{ 232 png_infop info_ptr; 233 234 png_debug(1, "in png_create_info_struct"); 235 236 if (png_ptr == NULL) 237 return (NULL); 238 239#ifdef PNG_USER_MEM_SUPPORTED 240 info_ptr = (png_infop)png_create_struct_2(PNG_STRUCT_INFO, 241 png_ptr->malloc_fn, png_ptr->mem_ptr); 242#else 243 info_ptr = (png_infop)png_create_struct(PNG_STRUCT_INFO); 244#endif 245 if (info_ptr != NULL) 246 png_info_init_3(&info_ptr, png_sizeof(png_info)); 247 248 return (info_ptr); 249} 250 251/* This function frees the memory associated with a single info struct. 252 * Normally, one would use either png_destroy_read_struct() or 253 * png_destroy_write_struct() to free an info struct, but this may be 254 * useful for some applications. 255 */ 256void PNGAPI 257png_destroy_info_struct(png_structp png_ptr, png_infopp info_ptr_ptr) 258{ 259 png_infop info_ptr = NULL; 260 261 png_debug(1, "in png_destroy_info_struct"); 262 263 if (png_ptr == NULL) 264 return; 265 266 if (info_ptr_ptr != NULL) 267 info_ptr = *info_ptr_ptr; 268 269 if (info_ptr != NULL) 270 { 271 png_info_destroy(png_ptr, info_ptr); 272 273#ifdef PNG_USER_MEM_SUPPORTED 274 png_destroy_struct_2((png_voidp)info_ptr, png_ptr->free_fn, 275 png_ptr->mem_ptr); 276#else 277 png_destroy_struct((png_voidp)info_ptr); 278#endif 279 *info_ptr_ptr = NULL; 280 } 281} 282 283/* Initialize the info structure. This is now an internal function (0.89) 284 * and applications using it are urged to use png_create_info_struct() 285 * instead. 286 */ 287 288void PNGAPI 289png_info_init_3(png_infopp ptr_ptr, png_size_t png_info_struct_size) 290{ 291 png_infop info_ptr = *ptr_ptr; 292 293 png_debug(1, "in png_info_init_3"); 294 295 if (info_ptr == NULL) 296 return; 297 298 if (png_sizeof(png_info) > png_info_struct_size) 299 { 300 png_destroy_struct(info_ptr); 301 info_ptr = (png_infop)png_create_struct(PNG_STRUCT_INFO); 302 *ptr_ptr = info_ptr; 303 } 304 305 /* Set everything to 0 */ 306 png_memset(info_ptr, 0, png_sizeof(png_info)); 307} 308 309void PNGAPI 310png_data_freer(png_structp png_ptr, png_infop info_ptr, 311 int freer, png_uint_32 mask) 312{ 313 png_debug(1, "in png_data_freer"); 314 315 if (png_ptr == NULL || info_ptr == NULL) 316 return; 317 318 if (freer == PNG_DESTROY_WILL_FREE_DATA) 319 info_ptr->free_me |= mask; 320 321 else if (freer == PNG_USER_WILL_FREE_DATA) 322 info_ptr->free_me &= ~mask; 323 324 else 325 png_warning(png_ptr, 326 "Unknown freer parameter in png_data_freer"); 327} 328 329void PNGAPI 330png_free_data(png_structp png_ptr, png_infop info_ptr, png_uint_32 mask, 331 int num) 332{ 333 png_debug(1, "in png_free_data"); 334 335 if (png_ptr == NULL || info_ptr == NULL) 336 return; 337 338#ifdef PNG_TEXT_SUPPORTED 339 /* Free text item num or (if num == -1) all text items */ 340 if ((mask & PNG_FREE_TEXT) & info_ptr->free_me) 341 { 342 if (num != -1) 343 { 344 if (info_ptr->text && info_ptr->text[num].key) 345 { 346 png_free(png_ptr, info_ptr->text[num].key); 347 info_ptr->text[num].key = NULL; 348 } 349 } 350 351 else 352 { 353 int i; 354 for (i = 0; i < info_ptr->num_text; i++) 355 png_free_data(png_ptr, info_ptr, PNG_FREE_TEXT, i); 356 png_free(png_ptr, info_ptr->text); 357 info_ptr->text = NULL; 358 info_ptr->num_text=0; 359 } 360 } 361#endif 362 363#ifdef PNG_tRNS_SUPPORTED 364 /* Free any tRNS entry */ 365 if ((mask & PNG_FREE_TRNS) & info_ptr->free_me) 366 { 367 png_free(png_ptr, info_ptr->trans_alpha); 368 info_ptr->trans_alpha = NULL; 369 info_ptr->valid &= ~PNG_INFO_tRNS; 370 } 371#endif 372 373#ifdef PNG_sCAL_SUPPORTED 374 /* Free any sCAL entry */ 375 if ((mask & PNG_FREE_SCAL) & info_ptr->free_me) 376 { 377 png_free(png_ptr, info_ptr->scal_s_width); 378 png_free(png_ptr, info_ptr->scal_s_height); 379 info_ptr->scal_s_width = NULL; 380 info_ptr->scal_s_height = NULL; 381 info_ptr->valid &= ~PNG_INFO_sCAL; 382 } 383#endif 384 385#ifdef PNG_pCAL_SUPPORTED 386 /* Free any pCAL entry */ 387 if ((mask & PNG_FREE_PCAL) & info_ptr->free_me) 388 { 389 png_free(png_ptr, info_ptr->pcal_purpose); 390 png_free(png_ptr, info_ptr->pcal_units); 391 info_ptr->pcal_purpose = NULL; 392 info_ptr->pcal_units = NULL; 393 if (info_ptr->pcal_params != NULL) 394 { 395 int i; 396 for (i = 0; i < (int)info_ptr->pcal_nparams; i++) 397 { 398 png_free(png_ptr, info_ptr->pcal_params[i]); 399 info_ptr->pcal_params[i] = NULL; 400 } 401 png_free(png_ptr, info_ptr->pcal_params); 402 info_ptr->pcal_params = NULL; 403 } 404 info_ptr->valid &= ~PNG_INFO_pCAL; 405 } 406#endif 407 408#ifdef PNG_iCCP_SUPPORTED 409 /* Free any iCCP entry */ 410 if ((mask & PNG_FREE_ICCP) & info_ptr->free_me) 411 { 412 png_free(png_ptr, info_ptr->iccp_name); 413 png_free(png_ptr, info_ptr->iccp_profile); 414 info_ptr->iccp_name = NULL; 415 info_ptr->iccp_profile = NULL; 416 info_ptr->valid &= ~PNG_INFO_iCCP; 417 } 418#endif 419 420#ifdef PNG_sPLT_SUPPORTED 421 /* Free a given sPLT entry, or (if num == -1) all sPLT entries */ 422 if ((mask & PNG_FREE_SPLT) & info_ptr->free_me) 423 { 424 if (num != -1) 425 { 426 if (info_ptr->splt_palettes) 427 { 428 png_free(png_ptr, info_ptr->splt_palettes[num].name); 429 png_free(png_ptr, info_ptr->splt_palettes[num].entries); 430 info_ptr->splt_palettes[num].name = NULL; 431 info_ptr->splt_palettes[num].entries = NULL; 432 } 433 } 434 435 else 436 { 437 if (info_ptr->splt_palettes_num) 438 { 439 int i; 440 for (i = 0; i < (int)info_ptr->splt_palettes_num; i++) 441 png_free_data(png_ptr, info_ptr, PNG_FREE_SPLT, i); 442 443 png_free(png_ptr, info_ptr->splt_palettes); 444 info_ptr->splt_palettes = NULL; 445 info_ptr->splt_palettes_num = 0; 446 } 447 info_ptr->valid &= ~PNG_INFO_sPLT; 448 } 449 } 450#endif 451 452#ifdef PNG_UNKNOWN_CHUNKS_SUPPORTED 453 if (png_ptr->unknown_chunk.data) 454 { 455 png_free(png_ptr, png_ptr->unknown_chunk.data); 456 png_ptr->unknown_chunk.data = NULL; 457 } 458 459 if ((mask & PNG_FREE_UNKN) & info_ptr->free_me) 460 { 461 if (num != -1) 462 { 463 if (info_ptr->unknown_chunks) 464 { 465 png_free(png_ptr, info_ptr->unknown_chunks[num].data); 466 info_ptr->unknown_chunks[num].data = NULL; 467 } 468 } 469 470 else 471 { 472 int i; 473 474 if (info_ptr->unknown_chunks_num) 475 { 476 for (i = 0; i < info_ptr->unknown_chunks_num; i++) 477 png_free_data(png_ptr, info_ptr, PNG_FREE_UNKN, i); 478 479 png_free(png_ptr, info_ptr->unknown_chunks); 480 info_ptr->unknown_chunks = NULL; 481 info_ptr->unknown_chunks_num = 0; 482 } 483 } 484 } 485#endif 486 487#ifdef PNG_hIST_SUPPORTED 488 /* Free any hIST entry */ 489 if ((mask & PNG_FREE_HIST) & info_ptr->free_me) 490 { 491 png_free(png_ptr, info_ptr->hist); 492 info_ptr->hist = NULL; 493 info_ptr->valid &= ~PNG_INFO_hIST; 494 } 495#endif 496 497 /* Free any PLTE entry that was internally allocated */ 498 if ((mask & PNG_FREE_PLTE) & info_ptr->free_me) 499 { 500 png_zfree(png_ptr, info_ptr->palette); 501 info_ptr->palette = NULL; 502 info_ptr->valid &= ~PNG_INFO_PLTE; 503 info_ptr->num_palette = 0; 504 } 505 506#ifdef PNG_INFO_IMAGE_SUPPORTED 507 /* Free any image bits attached to the info structure */ 508 if ((mask & PNG_FREE_ROWS) & info_ptr->free_me) 509 { 510 if (info_ptr->row_pointers) 511 { 512 int row; 513 for (row = 0; row < (int)info_ptr->height; row++) 514 { 515 png_free(png_ptr, info_ptr->row_pointers[row]); 516 info_ptr->row_pointers[row] = NULL; 517 } 518 png_free(png_ptr, info_ptr->row_pointers); 519 info_ptr->row_pointers = NULL; 520 } 521 info_ptr->valid &= ~PNG_INFO_IDAT; 522 } 523#endif 524 525 if (num != -1) 526 mask &= ~PNG_FREE_MUL; 527 528 info_ptr->free_me &= ~mask; 529} 530 531/* This is an internal routine to free any memory that the info struct is 532 * pointing to before re-using it or freeing the struct itself. Recall 533 * that png_free() checks for NULL pointers for us. 534 */ 535void /* PRIVATE */ 536png_info_destroy(png_structp png_ptr, png_infop info_ptr) 537{ 538 png_debug(1, "in png_info_destroy"); 539 540 png_free_data(png_ptr, info_ptr, PNG_FREE_ALL, -1); 541 542#ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED 543 if (png_ptr->num_chunk_list) 544 { 545 png_free(png_ptr, png_ptr->chunk_list); 546 png_ptr->chunk_list = NULL; 547 png_ptr->num_chunk_list = 0; 548 } 549#endif 550 551 png_info_init_3(&info_ptr, png_sizeof(png_info)); 552} 553#endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */ 554 555/* This function returns a pointer to the io_ptr associated with the user 556 * functions. The application should free any memory associated with this 557 * pointer before png_write_destroy() or png_read_destroy() are called. 558 */ 559png_voidp PNGAPI 560png_get_io_ptr(png_structp png_ptr) 561{ 562 if (png_ptr == NULL) 563 return (NULL); 564 565 return (png_ptr->io_ptr); 566} 567 568#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) 569# ifdef PNG_STDIO_SUPPORTED 570/* Initialize the default input/output functions for the PNG file. If you 571 * use your own read or write routines, you can call either png_set_read_fn() 572 * or png_set_write_fn() instead of png_init_io(). If you have defined 573 * PNG_NO_STDIO or otherwise disabled PNG_STDIO_SUPPORTED, you must use a 574 * function of your own because "FILE *" isn't necessarily available. 575 */ 576void PNGAPI 577png_init_io(png_structp png_ptr, png_FILE_p fp) 578{ 579 png_debug(1, "in png_init_io"); 580 581 if (png_ptr == NULL) 582 return; 583 584 png_ptr->io_ptr = (png_voidp)fp; 585} 586# endif 587 588# ifdef PNG_TIME_RFC1123_SUPPORTED 589/* Convert the supplied time into an RFC 1123 string suitable for use in 590 * a "Creation Time" or other text-based time string. 591 */ 592png_const_charp PNGAPI 593png_convert_to_rfc1123(png_structp png_ptr, png_const_timep ptime) 594{ 595 static PNG_CONST char short_months[12][4] = 596 {"Jan", "Feb", "Mar", "Apr", "May", "Jun", 597 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"}; 598 599 if (png_ptr == NULL) 600 return (NULL); 601 602 if (ptime->year > 9999 /* RFC1123 limitation */ || 603 ptime->month == 0 || ptime->month > 12 || 604 ptime->day == 0 || ptime->day > 31 || 605 ptime->hour > 23 || ptime->minute > 59 || 606 ptime->second > 60) 607 { 608 png_warning(png_ptr, "Ignoring invalid time value"); 609 return (NULL); 610 } 611 612 { 613 size_t pos = 0; 614 char number_buf[5]; /* enough for a four-digit year */ 615 616# define APPEND_STRING(string)\ 617 pos = png_safecat(png_ptr->time_buffer, sizeof png_ptr->time_buffer,\ 618 pos, (string)) 619# define APPEND_NUMBER(format, value)\ 620 APPEND_STRING(PNG_FORMAT_NUMBER(number_buf, format, (value))) 621# define APPEND(ch)\ 622 if (pos < (sizeof png_ptr->time_buffer)-1)\ 623 png_ptr->time_buffer[pos++] = (ch) 624 625 APPEND_NUMBER(PNG_NUMBER_FORMAT_u, (unsigned)ptime->day); 626 APPEND(' '); 627 APPEND_STRING(short_months[(ptime->month - 1)]); 628 APPEND(' '); 629 APPEND_NUMBER(PNG_NUMBER_FORMAT_u, ptime->year); 630 APPEND(' '); 631 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->hour); 632 APPEND(':'); 633 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->minute); 634 APPEND(':'); 635 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->second); 636 APPEND_STRING(" +0000"); /* This reliably terminates the buffer */ 637 638# undef APPEND 639# undef APPEND_NUMBER 640# undef APPEND_STRING 641 } 642 643 return png_ptr->time_buffer; 644} 645# endif /* PNG_TIME_RFC1123_SUPPORTED */ 646 647#endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */ 648 649png_const_charp PNGAPI 650png_get_copyright(png_const_structp png_ptr) 651{ 652 PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */ 653#ifdef PNG_STRING_COPYRIGHT 654 return PNG_STRING_COPYRIGHT 655#else 656# ifdef __STDC__ 657 return PNG_STRING_NEWLINE \ 658 "libpng version 1.5.12 - July 11, 2012" PNG_STRING_NEWLINE \ 659 "Copyright (c) 1998-2012 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ 660 "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ 661 "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ 662 PNG_STRING_NEWLINE; 663# else 664 return "libpng version 1.5.12 - July 11, 2012\ 665 Copyright (c) 1998-2012 Glenn Randers-Pehrson\ 666 Copyright (c) 1996-1997 Andreas Dilger\ 667 Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; 668# endif 669#endif 670} 671 672/* The following return the library version as a short string in the 673 * format 1.0.0 through 99.99.99zz. To get the version of *.h files 674 * used with your application, print out PNG_LIBPNG_VER_STRING, which 675 * is defined in png.h. 676 * Note: now there is no difference between png_get_libpng_ver() and 677 * png_get_header_ver(). Due to the version_nn_nn_nn typedef guard, 678 * it is guaranteed that png.c uses the correct version of png.h. 679 */ 680png_const_charp PNGAPI 681png_get_libpng_ver(png_const_structp png_ptr) 682{ 683 /* Version of *.c files used when building libpng */ 684 return png_get_header_ver(png_ptr); 685} 686 687png_const_charp PNGAPI 688png_get_header_ver(png_const_structp png_ptr) 689{ 690 /* Version of *.h files used when building libpng */ 691 PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */ 692 return PNG_LIBPNG_VER_STRING; 693} 694 695png_const_charp PNGAPI 696png_get_header_version(png_const_structp png_ptr) 697{ 698 /* Returns longer string containing both version and date */ 699 PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */ 700#ifdef __STDC__ 701 return PNG_HEADER_VERSION_STRING 702# ifndef PNG_READ_SUPPORTED 703 " (NO READ SUPPORT)" 704# endif 705 PNG_STRING_NEWLINE; 706#else 707 return PNG_HEADER_VERSION_STRING; 708#endif 709} 710 711#ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED 712int PNGAPI 713png_handle_as_unknown(png_structp png_ptr, png_const_bytep chunk_name) 714{ 715 /* Check chunk_name and return "keep" value if it's on the list, else 0 */ 716 png_const_bytep p, p_end; 717 718 if (png_ptr == NULL || chunk_name == NULL || png_ptr->num_chunk_list <= 0) 719 return PNG_HANDLE_CHUNK_AS_DEFAULT; 720 721 p_end = png_ptr->chunk_list; 722 p = p_end + png_ptr->num_chunk_list*5; /* beyond end */ 723 724 /* The code is the fifth byte after each four byte string. Historically this 725 * code was always searched from the end of the list, so it should continue 726 * to do so in case there are duplicated entries. 727 */ 728 do /* num_chunk_list > 0, so at least one */ 729 { 730 p -= 5; 731 if (!png_memcmp(chunk_name, p, 4)) 732 return p[4]; 733 } 734 while (p > p_end); 735 736 return PNG_HANDLE_CHUNK_AS_DEFAULT; 737} 738 739int /* PRIVATE */ 740png_chunk_unknown_handling(png_structp png_ptr, png_uint_32 chunk_name) 741{ 742 png_byte chunk_string[5]; 743 744 PNG_CSTRING_FROM_CHUNK(chunk_string, chunk_name); 745 return png_handle_as_unknown(png_ptr, chunk_string); 746} 747#endif 748 749#ifdef PNG_READ_SUPPORTED 750/* This function, added to libpng-1.0.6g, is untested. */ 751int PNGAPI 752png_reset_zstream(png_structp png_ptr) 753{ 754 if (png_ptr == NULL) 755 return Z_STREAM_ERROR; 756 757 return (inflateReset(&png_ptr->zstream)); 758} 759#endif /* PNG_READ_SUPPORTED */ 760 761/* This function was added to libpng-1.0.7 */ 762png_uint_32 PNGAPI 763png_access_version_number(void) 764{ 765 /* Version of *.c files used when building libpng */ 766 return((png_uint_32)PNG_LIBPNG_VER); 767} 768 769 770 771#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) 772/* png_convert_size: a PNGAPI but no longer in png.h, so deleted 773 * at libpng 1.5.5! 774 */ 775 776/* Added at libpng version 1.2.34 and 1.4.0 (moved from pngset.c) */ 777# ifdef PNG_CHECK_cHRM_SUPPORTED 778 779int /* PRIVATE */ 780png_check_cHRM_fixed(png_structp png_ptr, 781 png_fixed_point white_x, png_fixed_point white_y, png_fixed_point red_x, 782 png_fixed_point red_y, png_fixed_point green_x, png_fixed_point green_y, 783 png_fixed_point blue_x, png_fixed_point blue_y) 784{ 785 int ret = 1; 786 unsigned long xy_hi,xy_lo,yx_hi,yx_lo; 787 788 png_debug(1, "in function png_check_cHRM_fixed"); 789 790 if (png_ptr == NULL) 791 return 0; 792 793 /* (x,y,z) values are first limited to 0..100000 (PNG_FP_1), the white 794 * y must also be greater than 0. To test for the upper limit calculate 795 * (PNG_FP_1-y) - x must be <= to this for z to be >= 0 (and the expression 796 * cannot overflow.) At this point we know x and y are >= 0 and (x+y) is 797 * <= PNG_FP_1. The previous test on PNG_MAX_UINT_31 is removed because it 798 * pointless (and it produces compiler warnings!) 799 */ 800 if (white_x < 0 || white_y <= 0 || 801 red_x < 0 || red_y < 0 || 802 green_x < 0 || green_y < 0 || 803 blue_x < 0 || blue_y < 0) 804 { 805 png_warning(png_ptr, 806 "Ignoring attempt to set negative chromaticity value"); 807 ret = 0; 808 } 809 /* And (x+y) must be <= PNG_FP_1 (so z is >= 0) */ 810 if (white_x > PNG_FP_1 - white_y) 811 { 812 png_warning(png_ptr, "Invalid cHRM white point"); 813 ret = 0; 814 } 815 816 if (red_x > PNG_FP_1 - red_y) 817 { 818 png_warning(png_ptr, "Invalid cHRM red point"); 819 ret = 0; 820 } 821 822 if (green_x > PNG_FP_1 - green_y) 823 { 824 png_warning(png_ptr, "Invalid cHRM green point"); 825 ret = 0; 826 } 827 828 if (blue_x > PNG_FP_1 - blue_y) 829 { 830 png_warning(png_ptr, "Invalid cHRM blue point"); 831 ret = 0; 832 } 833 834 png_64bit_product(green_x - red_x, blue_y - red_y, &xy_hi, &xy_lo); 835 png_64bit_product(green_y - red_y, blue_x - red_x, &yx_hi, &yx_lo); 836 837 if (xy_hi == yx_hi && xy_lo == yx_lo) 838 { 839 png_warning(png_ptr, 840 "Ignoring attempt to set cHRM RGB triangle with zero area"); 841 ret = 0; 842 } 843 844 return ret; 845} 846# endif /* PNG_CHECK_cHRM_SUPPORTED */ 847 848#ifdef PNG_cHRM_SUPPORTED 849/* Added at libpng-1.5.5 to support read and write of true CIEXYZ values for 850 * cHRM, as opposed to using chromaticities. These internal APIs return 851 * non-zero on a parameter error. The X, Y and Z values are required to be 852 * positive and less than 1.0. 853 */ 854int png_xy_from_XYZ(png_xy *xy, png_XYZ XYZ) 855{ 856 png_int_32 d, dwhite, whiteX, whiteY; 857 858 d = XYZ.redX + XYZ.redY + XYZ.redZ; 859 if (!png_muldiv(&xy->redx, XYZ.redX, PNG_FP_1, d)) return 1; 860 if (!png_muldiv(&xy->redy, XYZ.redY, PNG_FP_1, d)) return 1; 861 dwhite = d; 862 whiteX = XYZ.redX; 863 whiteY = XYZ.redY; 864 865 d = XYZ.greenX + XYZ.greenY + XYZ.greenZ; 866 if (!png_muldiv(&xy->greenx, XYZ.greenX, PNG_FP_1, d)) return 1; 867 if (!png_muldiv(&xy->greeny, XYZ.greenY, PNG_FP_1, d)) return 1; 868 dwhite += d; 869 whiteX += XYZ.greenX; 870 whiteY += XYZ.greenY; 871 872 d = XYZ.blueX + XYZ.blueY + XYZ.blueZ; 873 if (!png_muldiv(&xy->bluex, XYZ.blueX, PNG_FP_1, d)) return 1; 874 if (!png_muldiv(&xy->bluey, XYZ.blueY, PNG_FP_1, d)) return 1; 875 dwhite += d; 876 whiteX += XYZ.blueX; 877 whiteY += XYZ.blueY; 878 879 /* The reference white is simply the same of the end-point (X,Y,Z) vectors, 880 * thus: 881 */ 882 if (!png_muldiv(&xy->whitex, whiteX, PNG_FP_1, dwhite)) return 1; 883 if (!png_muldiv(&xy->whitey, whiteY, PNG_FP_1, dwhite)) return 1; 884 885 return 0; 886} 887 888int png_XYZ_from_xy(png_XYZ *XYZ, png_xy xy) 889{ 890 png_fixed_point red_inverse, green_inverse, blue_scale; 891 png_fixed_point left, right, denominator; 892 893 /* Check xy and, implicitly, z. Note that wide gamut color spaces typically 894 * have end points with 0 tristimulus values (these are impossible end 895 * points, but they are used to cover the possible colors.) 896 */ 897 if (xy.redx < 0 || xy.redx > PNG_FP_1) return 1; 898 if (xy.redy < 0 || xy.redy > PNG_FP_1-xy.redx) return 1; 899 if (xy.greenx < 0 || xy.greenx > PNG_FP_1) return 1; 900 if (xy.greeny < 0 || xy.greeny > PNG_FP_1-xy.greenx) return 1; 901 if (xy.bluex < 0 || xy.bluex > PNG_FP_1) return 1; 902 if (xy.bluey < 0 || xy.bluey > PNG_FP_1-xy.bluex) return 1; 903 if (xy.whitex < 0 || xy.whitex > PNG_FP_1) return 1; 904 if (xy.whitey < 0 || xy.whitey > PNG_FP_1-xy.whitex) return 1; 905 906 /* The reverse calculation is more difficult because the original tristimulus 907 * value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8 908 * derived values were recorded in the cHRM chunk; 909 * (red,green,blue,white)x(x,y). This loses one degree of freedom and 910 * therefore an arbitrary ninth value has to be introduced to undo the 911 * original transformations. 912 * 913 * Think of the original end-points as points in (X,Y,Z) space. The 914 * chromaticity values (c) have the property: 915 * 916 * C 917 * c = --------- 918 * X + Y + Z 919 * 920 * For each c (x,y,z) from the corresponding original C (X,Y,Z). Thus the 921 * three chromaticity values (x,y,z) for each end-point obey the 922 * relationship: 923 * 924 * x + y + z = 1 925 * 926 * This describes the plane in (X,Y,Z) space that intersects each axis at the 927 * value 1.0; call this the chromaticity plane. Thus the chromaticity 928 * calculation has scaled each end-point so that it is on the x+y+z=1 plane 929 * and chromaticity is the intersection of the vector from the origin to the 930 * (X,Y,Z) value with the chromaticity plane. 931 * 932 * To fully invert the chromaticity calculation we would need the three 933 * end-point scale factors, (red-scale, green-scale, blue-scale), but these 934 * were not recorded. Instead we calculated the reference white (X,Y,Z) and 935 * recorded the chromaticity of this. The reference white (X,Y,Z) would have 936 * given all three of the scale factors since: 937 * 938 * color-C = color-c * color-scale 939 * white-C = red-C + green-C + blue-C 940 * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale 941 * 942 * But cHRM records only white-x and white-y, so we have lost the white scale 943 * factor: 944 * 945 * white-C = white-c*white-scale 946 * 947 * To handle this the inverse transformation makes an arbitrary assumption 948 * about white-scale: 949 * 950 * Assume: white-Y = 1.0 951 * Hence: white-scale = 1/white-y 952 * Or: red-Y + green-Y + blue-Y = 1.0 953 * 954 * Notice the last statement of the assumption gives an equation in three of 955 * the nine values we want to calculate. 8 more equations come from the 956 * above routine as summarised at the top above (the chromaticity 957 * calculation): 958 * 959 * Given: color-x = color-X / (color-X + color-Y + color-Z) 960 * Hence: (color-x - 1)*color-X + color.x*color-Y + color.x*color-Z = 0 961 * 962 * This is 9 simultaneous equations in the 9 variables "color-C" and can be 963 * solved by Cramer's rule. Cramer's rule requires calculating 10 9x9 matrix 964 * determinants, however this is not as bad as it seems because only 28 of 965 * the total of 90 terms in the various matrices are non-zero. Nevertheless 966 * Cramer's rule is notoriously numerically unstable because the determinant 967 * calculation involves the difference of large, but similar, numbers. It is 968 * difficult to be sure that the calculation is stable for real world values 969 * and it is certain that it becomes unstable where the end points are close 970 * together. 971 * 972 * So this code uses the perhaps slightly less optimal but more 973 * understandable and totally obvious approach of calculating color-scale. 974 * 975 * This algorithm depends on the precision in white-scale and that is 976 * (1/white-y), so we can immediately see that as white-y approaches 0 the 977 * accuracy inherent in the cHRM chunk drops off substantially. 978 * 979 * libpng arithmetic: a simple invertion of the above equations 980 * ------------------------------------------------------------ 981 * 982 * white_scale = 1/white-y 983 * white-X = white-x * white-scale 984 * white-Y = 1.0 985 * white-Z = (1 - white-x - white-y) * white_scale 986 * 987 * white-C = red-C + green-C + blue-C 988 * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale 989 * 990 * This gives us three equations in (red-scale,green-scale,blue-scale) where 991 * all the coefficients are now known: 992 * 993 * red-x*red-scale + green-x*green-scale + blue-x*blue-scale 994 * = white-x/white-y 995 * red-y*red-scale + green-y*green-scale + blue-y*blue-scale = 1 996 * red-z*red-scale + green-z*green-scale + blue-z*blue-scale 997 * = (1 - white-x - white-y)/white-y 998 * 999 * In the last equation color-z is (1 - color-x - color-y) so we can add all 1000 * three equations together to get an alternative third: 1001 * 1002 * red-scale + green-scale + blue-scale = 1/white-y = white-scale 1003 * 1004 * So now we have a Cramer's rule solution where the determinants are just 1005 * 3x3 - far more tractible. Unfortunately 3x3 determinants still involve 1006 * multiplication of three coefficients so we can't guarantee to avoid 1007 * overflow in the libpng fixed point representation. Using Cramer's rule in 1008 * floating point is probably a good choice here, but it's not an option for 1009 * fixed point. Instead proceed to simplify the first two equations by 1010 * eliminating what is likely to be the largest value, blue-scale: 1011 * 1012 * blue-scale = white-scale - red-scale - green-scale 1013 * 1014 * Hence: 1015 * 1016 * (red-x - blue-x)*red-scale + (green-x - blue-x)*green-scale = 1017 * (white-x - blue-x)*white-scale 1018 * 1019 * (red-y - blue-y)*red-scale + (green-y - blue-y)*green-scale = 1020 * 1 - blue-y*white-scale 1021 * 1022 * And now we can trivially solve for (red-scale,green-scale): 1023 * 1024 * green-scale = 1025 * (white-x - blue-x)*white-scale - (red-x - blue-x)*red-scale 1026 * ----------------------------------------------------------- 1027 * green-x - blue-x 1028 * 1029 * red-scale = 1030 * 1 - blue-y*white-scale - (green-y - blue-y) * green-scale 1031 * --------------------------------------------------------- 1032 * red-y - blue-y 1033 * 1034 * Hence: 1035 * 1036 * red-scale = 1037 * ( (green-x - blue-x) * (white-y - blue-y) - 1038 * (green-y - blue-y) * (white-x - blue-x) ) / white-y 1039 * ------------------------------------------------------------------------- 1040 * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x) 1041 * 1042 * green-scale = 1043 * ( (red-y - blue-y) * (white-x - blue-x) - 1044 * (red-x - blue-x) * (white-y - blue-y) ) / white-y 1045 * ------------------------------------------------------------------------- 1046 * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x) 1047 * 1048 * Accuracy: 1049 * The input values have 5 decimal digits of accuracy. The values are all in 1050 * the range 0 < value < 1, so simple products are in the same range but may 1051 * need up to 10 decimal digits to preserve the original precision and avoid 1052 * underflow. Because we are using a 32-bit signed representation we cannot 1053 * match this; the best is a little over 9 decimal digits, less than 10. 1054 * 1055 * The approach used here is to preserve the maximum precision within the 1056 * signed representation. Because the red-scale calculation above uses the 1057 * difference between two products of values that must be in the range -1..+1 1058 * it is sufficient to divide the product by 7; ceil(100,000/32767*2). The 1059 * factor is irrelevant in the calculation because it is applied to both 1060 * numerator and denominator. 1061 * 1062 * Note that the values of the differences of the products of the 1063 * chromaticities in the above equations tend to be small, for example for 1064 * the sRGB chromaticities they are: 1065 * 1066 * red numerator: -0.04751 1067 * green numerator: -0.08788 1068 * denominator: -0.2241 (without white-y multiplication) 1069 * 1070 * The resultant Y coefficients from the chromaticities of some widely used 1071 * color space definitions are (to 15 decimal places): 1072 * 1073 * sRGB 1074 * 0.212639005871510 0.715168678767756 0.072192315360734 1075 * Kodak ProPhoto 1076 * 0.288071128229293 0.711843217810102 0.000085653960605 1077 * Adobe RGB 1078 * 0.297344975250536 0.627363566255466 0.075291458493998 1079 * Adobe Wide Gamut RGB 1080 * 0.258728243040113 0.724682314948566 0.016589442011321 1081 */ 1082 /* By the argument, above overflow should be impossible here. The return 1083 * value of 2 indicates an internal error to the caller. 1084 */ 1085 if (!png_muldiv(&left, xy.greenx-xy.bluex, xy.redy - xy.bluey, 7)) return 2; 1086 if (!png_muldiv(&right, xy.greeny-xy.bluey, xy.redx - xy.bluex, 7)) return 2; 1087 denominator = left - right; 1088 1089 /* Now find the red numerator. */ 1090 if (!png_muldiv(&left, xy.greenx-xy.bluex, xy.whitey-xy.bluey, 7)) return 2; 1091 if (!png_muldiv(&right, xy.greeny-xy.bluey, xy.whitex-xy.bluex, 7)) return 2; 1092 1093 /* Overflow is possible here and it indicates an extreme set of PNG cHRM 1094 * chunk values. This calculation actually returns the reciprocal of the 1095 * scale value because this allows us to delay the multiplication of white-y 1096 * into the denominator, which tends to produce a small number. 1097 */ 1098 if (!png_muldiv(&red_inverse, xy.whitey, denominator, left-right) || 1099 red_inverse <= xy.whitey /* r+g+b scales = white scale */) 1100 return 1; 1101 1102 /* Similarly for green_inverse: */ 1103 if (!png_muldiv(&left, xy.redy-xy.bluey, xy.whitex-xy.bluex, 7)) return 2; 1104 if (!png_muldiv(&right, xy.redx-xy.bluex, xy.whitey-xy.bluey, 7)) return 2; 1105 if (!png_muldiv(&green_inverse, xy.whitey, denominator, left-right) || 1106 green_inverse <= xy.whitey) 1107 return 1; 1108 1109 /* And the blue scale, the checks above guarantee this can't overflow but it 1110 * can still produce 0 for extreme cHRM values. 1111 */ 1112 blue_scale = png_reciprocal(xy.whitey) - png_reciprocal(red_inverse) - 1113 png_reciprocal(green_inverse); 1114 if (blue_scale <= 0) return 1; 1115 1116 1117 /* And fill in the png_XYZ: */ 1118 if (!png_muldiv(&XYZ->redX, xy.redx, PNG_FP_1, red_inverse)) return 1; 1119 if (!png_muldiv(&XYZ->redY, xy.redy, PNG_FP_1, red_inverse)) return 1; 1120 if (!png_muldiv(&XYZ->redZ, PNG_FP_1 - xy.redx - xy.redy, PNG_FP_1, 1121 red_inverse)) 1122 return 1; 1123 1124 if (!png_muldiv(&XYZ->greenX, xy.greenx, PNG_FP_1, green_inverse)) return 1; 1125 if (!png_muldiv(&XYZ->greenY, xy.greeny, PNG_FP_1, green_inverse)) return 1; 1126 if (!png_muldiv(&XYZ->greenZ, PNG_FP_1 - xy.greenx - xy.greeny, PNG_FP_1, 1127 green_inverse)) 1128 return 1; 1129 1130 if (!png_muldiv(&XYZ->blueX, xy.bluex, blue_scale, PNG_FP_1)) return 1; 1131 if (!png_muldiv(&XYZ->blueY, xy.bluey, blue_scale, PNG_FP_1)) return 1; 1132 if (!png_muldiv(&XYZ->blueZ, PNG_FP_1 - xy.bluex - xy.bluey, blue_scale, 1133 PNG_FP_1)) 1134 return 1; 1135 1136 return 0; /*success*/ 1137} 1138 1139int png_XYZ_from_xy_checked(png_structp png_ptr, png_XYZ *XYZ, png_xy xy) 1140{ 1141 switch (png_XYZ_from_xy(XYZ, xy)) 1142 { 1143 case 0: /* success */ 1144 return 1; 1145 1146 case 1: 1147 /* The chunk may be technically valid, but we got png_fixed_point 1148 * overflow while trying to get XYZ values out of it. This is 1149 * entirely benign - the cHRM chunk is pretty extreme. 1150 */ 1151 png_warning(png_ptr, 1152 "extreme cHRM chunk cannot be converted to tristimulus values"); 1153 break; 1154 1155 default: 1156 /* libpng is broken; this should be a warning but if it happens we 1157 * want error reports so for the moment it is an error. 1158 */ 1159 png_error(png_ptr, "internal error in png_XYZ_from_xy"); 1160 break; 1161 } 1162 1163 /* ERROR RETURN */ 1164 return 0; 1165} 1166#endif 1167 1168void /* PRIVATE */ 1169png_check_IHDR(png_structp png_ptr, 1170 png_uint_32 width, png_uint_32 height, int bit_depth, 1171 int color_type, int interlace_type, int compression_type, 1172 int filter_type) 1173{ 1174 int error = 0; 1175 1176 /* Check for width and height valid values */ 1177 if (width == 0) 1178 { 1179 png_warning(png_ptr, "Image width is zero in IHDR"); 1180 error = 1; 1181 } 1182 1183 if (height == 0) 1184 { 1185 png_warning(png_ptr, "Image height is zero in IHDR"); 1186 error = 1; 1187 } 1188 1189# ifdef PNG_SET_USER_LIMITS_SUPPORTED 1190 if (width > png_ptr->user_width_max) 1191 1192# else 1193 if (width > PNG_USER_WIDTH_MAX) 1194# endif 1195 { 1196 png_warning(png_ptr, "Image width exceeds user limit in IHDR"); 1197 error = 1; 1198 } 1199 1200# ifdef PNG_SET_USER_LIMITS_SUPPORTED 1201 if (height > png_ptr->user_height_max) 1202# else 1203 if (height > PNG_USER_HEIGHT_MAX) 1204# endif 1205 { 1206 png_warning(png_ptr, "Image height exceeds user limit in IHDR"); 1207 error = 1; 1208 } 1209 1210 if (width > PNG_UINT_31_MAX) 1211 { 1212 png_warning(png_ptr, "Invalid image width in IHDR"); 1213 error = 1; 1214 } 1215 1216 if (height > PNG_UINT_31_MAX) 1217 { 1218 png_warning(png_ptr, "Invalid image height in IHDR"); 1219 error = 1; 1220 } 1221 1222 if (width > (PNG_UINT_32_MAX 1223 >> 3) /* 8-byte RGBA pixels */ 1224 - 48 /* bigrowbuf hack */ 1225 - 1 /* filter byte */ 1226 - 7*8 /* rounding of width to multiple of 8 pixels */ 1227 - 8) /* extra max_pixel_depth pad */ 1228 png_warning(png_ptr, "Width is too large for libpng to process pixels"); 1229 1230 /* Check other values */ 1231 if (bit_depth != 1 && bit_depth != 2 && bit_depth != 4 && 1232 bit_depth != 8 && bit_depth != 16) 1233 { 1234 png_warning(png_ptr, "Invalid bit depth in IHDR"); 1235 error = 1; 1236 } 1237 1238 if (color_type < 0 || color_type == 1 || 1239 color_type == 5 || color_type > 6) 1240 { 1241 png_warning(png_ptr, "Invalid color type in IHDR"); 1242 error = 1; 1243 } 1244 1245 if (((color_type == PNG_COLOR_TYPE_PALETTE) && bit_depth > 8) || 1246 ((color_type == PNG_COLOR_TYPE_RGB || 1247 color_type == PNG_COLOR_TYPE_GRAY_ALPHA || 1248 color_type == PNG_COLOR_TYPE_RGB_ALPHA) && bit_depth < 8)) 1249 { 1250 png_warning(png_ptr, "Invalid color type/bit depth combination in IHDR"); 1251 error = 1; 1252 } 1253 1254 if (interlace_type >= PNG_INTERLACE_LAST) 1255 { 1256 png_warning(png_ptr, "Unknown interlace method in IHDR"); 1257 error = 1; 1258 } 1259 1260 if (compression_type != PNG_COMPRESSION_TYPE_BASE) 1261 { 1262 png_warning(png_ptr, "Unknown compression method in IHDR"); 1263 error = 1; 1264 } 1265 1266# ifdef PNG_MNG_FEATURES_SUPPORTED 1267 /* Accept filter_method 64 (intrapixel differencing) only if 1268 * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and 1269 * 2. Libpng did not read a PNG signature (this filter_method is only 1270 * used in PNG datastreams that are embedded in MNG datastreams) and 1271 * 3. The application called png_permit_mng_features with a mask that 1272 * included PNG_FLAG_MNG_FILTER_64 and 1273 * 4. The filter_method is 64 and 1274 * 5. The color_type is RGB or RGBA 1275 */ 1276 if ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) && 1277 png_ptr->mng_features_permitted) 1278 png_warning(png_ptr, "MNG features are not allowed in a PNG datastream"); 1279 1280 if (filter_type != PNG_FILTER_TYPE_BASE) 1281 { 1282 if (!((png_ptr->mng_features_permitted & PNG_FLAG_MNG_FILTER_64) && 1283 (filter_type == PNG_INTRAPIXEL_DIFFERENCING) && 1284 ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) == 0) && 1285 (color_type == PNG_COLOR_TYPE_RGB || 1286 color_type == PNG_COLOR_TYPE_RGB_ALPHA))) 1287 { 1288 png_warning(png_ptr, "Unknown filter method in IHDR"); 1289 error = 1; 1290 } 1291 1292 if (png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) 1293 { 1294 png_warning(png_ptr, "Invalid filter method in IHDR"); 1295 error = 1; 1296 } 1297 } 1298 1299# else 1300 if (filter_type != PNG_FILTER_TYPE_BASE) 1301 { 1302 png_warning(png_ptr, "Unknown filter method in IHDR"); 1303 error = 1; 1304 } 1305# endif 1306 1307 if (error == 1) 1308 png_error(png_ptr, "Invalid IHDR data"); 1309} 1310 1311#if defined(PNG_sCAL_SUPPORTED) || defined(PNG_pCAL_SUPPORTED) 1312/* ASCII to fp functions */ 1313/* Check an ASCII formated floating point value, see the more detailed 1314 * comments in pngpriv.h 1315 */ 1316/* The following is used internally to preserve the sticky flags */ 1317#define png_fp_add(state, flags) ((state) |= (flags)) 1318#define png_fp_set(state, value) ((state) = (value) | ((state) & PNG_FP_STICKY)) 1319 1320int /* PRIVATE */ 1321png_check_fp_number(png_const_charp string, png_size_t size, int *statep, 1322 png_size_tp whereami) 1323{ 1324 int state = *statep; 1325 png_size_t i = *whereami; 1326 1327 while (i < size) 1328 { 1329 int type; 1330 /* First find the type of the next character */ 1331 switch (string[i]) 1332 { 1333 case 43: type = PNG_FP_SAW_SIGN; break; 1334 case 45: type = PNG_FP_SAW_SIGN + PNG_FP_NEGATIVE; break; 1335 case 46: type = PNG_FP_SAW_DOT; break; 1336 case 48: type = PNG_FP_SAW_DIGIT; break; 1337 case 49: case 50: case 51: case 52: 1338 case 53: case 54: case 55: case 56: 1339 case 57: type = PNG_FP_SAW_DIGIT + PNG_FP_NONZERO; break; 1340 case 69: 1341 case 101: type = PNG_FP_SAW_E; break; 1342 default: goto PNG_FP_End; 1343 } 1344 1345 /* Now deal with this type according to the current 1346 * state, the type is arranged to not overlap the 1347 * bits of the PNG_FP_STATE. 1348 */ 1349 switch ((state & PNG_FP_STATE) + (type & PNG_FP_SAW_ANY)) 1350 { 1351 case PNG_FP_INTEGER + PNG_FP_SAW_SIGN: 1352 if (state & PNG_FP_SAW_ANY) 1353 goto PNG_FP_End; /* not a part of the number */ 1354 1355 png_fp_add(state, type); 1356 break; 1357 1358 case PNG_FP_INTEGER + PNG_FP_SAW_DOT: 1359 /* Ok as trailer, ok as lead of fraction. */ 1360 if (state & PNG_FP_SAW_DOT) /* two dots */ 1361 goto PNG_FP_End; 1362 1363 else if (state & PNG_FP_SAW_DIGIT) /* trailing dot? */ 1364 png_fp_add(state, type); 1365 1366 else 1367 png_fp_set(state, PNG_FP_FRACTION | type); 1368 1369 break; 1370 1371 case PNG_FP_INTEGER + PNG_FP_SAW_DIGIT: 1372 if (state & PNG_FP_SAW_DOT) /* delayed fraction */ 1373 png_fp_set(state, PNG_FP_FRACTION | PNG_FP_SAW_DOT); 1374 1375 png_fp_add(state, type | PNG_FP_WAS_VALID); 1376 1377 break; 1378 1379 case PNG_FP_INTEGER + PNG_FP_SAW_E: 1380 if ((state & PNG_FP_SAW_DIGIT) == 0) 1381 goto PNG_FP_End; 1382 1383 png_fp_set(state, PNG_FP_EXPONENT); 1384 1385 break; 1386 1387 /* case PNG_FP_FRACTION + PNG_FP_SAW_SIGN: 1388 goto PNG_FP_End; ** no sign in fraction */ 1389 1390 /* case PNG_FP_FRACTION + PNG_FP_SAW_DOT: 1391 goto PNG_FP_End; ** Because SAW_DOT is always set */ 1392 1393 case PNG_FP_FRACTION + PNG_FP_SAW_DIGIT: 1394 png_fp_add(state, type | PNG_FP_WAS_VALID); 1395 break; 1396 1397 case PNG_FP_FRACTION + PNG_FP_SAW_E: 1398 /* This is correct because the trailing '.' on an 1399 * integer is handled above - so we can only get here 1400 * with the sequence ".E" (with no preceding digits). 1401 */ 1402 if ((state & PNG_FP_SAW_DIGIT) == 0) 1403 goto PNG_FP_End; 1404 1405 png_fp_set(state, PNG_FP_EXPONENT); 1406 1407 break; 1408 1409 case PNG_FP_EXPONENT + PNG_FP_SAW_SIGN: 1410 if (state & PNG_FP_SAW_ANY) 1411 goto PNG_FP_End; /* not a part of the number */ 1412 1413 png_fp_add(state, PNG_FP_SAW_SIGN); 1414 1415 break; 1416 1417 /* case PNG_FP_EXPONENT + PNG_FP_SAW_DOT: 1418 goto PNG_FP_End; */ 1419 1420 case PNG_FP_EXPONENT + PNG_FP_SAW_DIGIT: 1421 png_fp_add(state, PNG_FP_SAW_DIGIT | PNG_FP_WAS_VALID); 1422 1423 break; 1424 1425 /* case PNG_FP_EXPONEXT + PNG_FP_SAW_E: 1426 goto PNG_FP_End; */ 1427 1428 default: goto PNG_FP_End; /* I.e. break 2 */ 1429 } 1430 1431 /* The character seems ok, continue. */ 1432 ++i; 1433 } 1434 1435PNG_FP_End: 1436 /* Here at the end, update the state and return the correct 1437 * return code. 1438 */ 1439 *statep = state; 1440 *whereami = i; 1441 1442 return (state & PNG_FP_SAW_DIGIT) != 0; 1443} 1444 1445 1446/* The same but for a complete string. */ 1447int 1448png_check_fp_string(png_const_charp string, png_size_t size) 1449{ 1450 int state=0; 1451 png_size_t char_index=0; 1452 1453 if (png_check_fp_number(string, size, &state, &char_index) && 1454 (char_index == size || string[char_index] == 0)) 1455 return state /* must be non-zero - see above */; 1456 1457 return 0; /* i.e. fail */ 1458} 1459#endif /* pCAL or sCAL */ 1460 1461#ifdef PNG_READ_sCAL_SUPPORTED 1462# ifdef PNG_FLOATING_POINT_SUPPORTED 1463/* Utility used below - a simple accurate power of ten from an integral 1464 * exponent. 1465 */ 1466static double 1467png_pow10(int power) 1468{ 1469 int recip = 0; 1470 double d = 1.0; 1471 1472 /* Handle negative exponent with a reciprocal at the end because 1473 * 10 is exact whereas .1 is inexact in base 2 1474 */ 1475 if (power < 0) 1476 { 1477 if (power < DBL_MIN_10_EXP) return 0; 1478 recip = 1, power = -power; 1479 } 1480 1481 if (power > 0) 1482 { 1483 /* Decompose power bitwise. */ 1484 double mult = 10.0; 1485 do 1486 { 1487 if (power & 1) d *= mult; 1488 mult *= mult; 1489 power >>= 1; 1490 } 1491 while (power > 0); 1492 1493 if (recip) d = 1/d; 1494 } 1495 /* else power is 0 and d is 1 */ 1496 1497 return d; 1498} 1499 1500/* Function to format a floating point value in ASCII with a given 1501 * precision. 1502 */ 1503void /* PRIVATE */ 1504png_ascii_from_fp(png_structp png_ptr, png_charp ascii, png_size_t size, 1505 double fp, unsigned int precision) 1506{ 1507 /* We use standard functions from math.h, but not printf because 1508 * that would require stdio. The caller must supply a buffer of 1509 * sufficient size or we will png_error. The tests on size and 1510 * the space in ascii[] consumed are indicated below. 1511 */ 1512 if (precision < 1) 1513 precision = DBL_DIG; 1514 1515 /* Enforce the limit of the implementation precision too. */ 1516 if (precision > DBL_DIG+1) 1517 precision = DBL_DIG+1; 1518 1519 /* Basic sanity checks */ 1520 if (size >= precision+5) /* See the requirements below. */ 1521 { 1522 if (fp < 0) 1523 { 1524 fp = -fp; 1525 *ascii++ = 45; /* '-' PLUS 1 TOTAL 1 */ 1526 --size; 1527 } 1528 1529 if (fp >= DBL_MIN && fp <= DBL_MAX) 1530 { 1531 int exp_b10; /* A base 10 exponent */ 1532 double base; /* 10^exp_b10 */ 1533 1534 /* First extract a base 10 exponent of the number, 1535 * the calculation below rounds down when converting 1536 * from base 2 to base 10 (multiply by log10(2) - 1537 * 0.3010, but 77/256 is 0.3008, so exp_b10 needs to 1538 * be increased. Note that the arithmetic shift 1539 * performs a floor() unlike C arithmetic - using a 1540 * C multiply would break the following for negative 1541 * exponents. 1542 */ 1543 (void)frexp(fp, &exp_b10); /* exponent to base 2 */ 1544 1545 exp_b10 = (exp_b10 * 77) >> 8; /* <= exponent to base 10 */ 1546 1547 /* Avoid underflow here. */ 1548 base = png_pow10(exp_b10); /* May underflow */ 1549 1550 while (base < DBL_MIN || base < fp) 1551 { 1552 /* And this may overflow. */ 1553 double test = png_pow10(exp_b10+1); 1554 1555 if (test <= DBL_MAX) 1556 ++exp_b10, base = test; 1557 1558 else 1559 break; 1560 } 1561 1562 /* Normalize fp and correct exp_b10, after this fp is in the 1563 * range [.1,1) and exp_b10 is both the exponent and the digit 1564 * *before* which the decimal point should be inserted 1565 * (starting with 0 for the first digit). Note that this 1566 * works even if 10^exp_b10 is out of range because of the 1567 * test on DBL_MAX above. 1568 */ 1569 fp /= base; 1570 while (fp >= 1) fp /= 10, ++exp_b10; 1571 1572 /* Because of the code above fp may, at this point, be 1573 * less than .1, this is ok because the code below can 1574 * handle the leading zeros this generates, so no attempt 1575 * is made to correct that here. 1576 */ 1577 1578 { 1579 int czero, clead, cdigits; 1580 char exponent[10]; 1581 1582 /* Allow up to two leading zeros - this will not lengthen 1583 * the number compared to using E-n. 1584 */ 1585 if (exp_b10 < 0 && exp_b10 > -3) /* PLUS 3 TOTAL 4 */ 1586 { 1587 czero = -exp_b10; /* PLUS 2 digits: TOTAL 3 */ 1588 exp_b10 = 0; /* Dot added below before first output. */ 1589 } 1590 else 1591 czero = 0; /* No zeros to add */ 1592 1593 /* Generate the digit list, stripping trailing zeros and 1594 * inserting a '.' before a digit if the exponent is 0. 1595 */ 1596 clead = czero; /* Count of leading zeros */ 1597 cdigits = 0; /* Count of digits in list. */ 1598 1599 do 1600 { 1601 double d; 1602 1603 fp *= 10.0; 1604 1605 /* Use modf here, not floor and subtract, so that 1606 * the separation is done in one step. At the end 1607 * of the loop don't break the number into parts so 1608 * that the final digit is rounded. 1609 */ 1610 if (cdigits+czero-clead+1 < (int)precision) 1611 fp = modf(fp, &d); 1612 1613 else 1614 { 1615 d = floor(fp + .5); 1616 1617 if (d > 9.0) 1618 { 1619 /* Rounding up to 10, handle that here. */ 1620 if (czero > 0) 1621 { 1622 --czero, d = 1; 1623 if (cdigits == 0) --clead; 1624 } 1625 1626 else 1627 { 1628 while (cdigits > 0 && d > 9.0) 1629 { 1630 int ch = *--ascii; 1631 1632 if (exp_b10 != (-1)) 1633 ++exp_b10; 1634 1635 else if (ch == 46) 1636 { 1637 ch = *--ascii, ++size; 1638 /* Advance exp_b10 to '1', so that the 1639 * decimal point happens after the 1640 * previous digit. 1641 */ 1642 exp_b10 = 1; 1643 } 1644 1645 --cdigits; 1646 d = ch - 47; /* I.e. 1+(ch-48) */ 1647 } 1648 1649 /* Did we reach the beginning? If so adjust the 1650 * exponent but take into account the leading 1651 * decimal point. 1652 */ 1653 if (d > 9.0) /* cdigits == 0 */ 1654 { 1655 if (exp_b10 == (-1)) 1656 { 1657 /* Leading decimal point (plus zeros?), if 1658 * we lose the decimal point here it must 1659 * be reentered below. 1660 */ 1661 int ch = *--ascii; 1662 1663 if (ch == 46) 1664 ++size, exp_b10 = 1; 1665 1666 /* Else lost a leading zero, so 'exp_b10' is 1667 * still ok at (-1) 1668 */ 1669 } 1670 else 1671 ++exp_b10; 1672 1673 /* In all cases we output a '1' */ 1674 d = 1.0; 1675 } 1676 } 1677 } 1678 fp = 0; /* Guarantees termination below. */ 1679 } 1680 1681 if (d == 0.0) 1682 { 1683 ++czero; 1684 if (cdigits == 0) ++clead; 1685 } 1686 1687 else 1688 { 1689 /* Included embedded zeros in the digit count. */ 1690 cdigits += czero - clead; 1691 clead = 0; 1692 1693 while (czero > 0) 1694 { 1695 /* exp_b10 == (-1) means we just output the decimal 1696 * place - after the DP don't adjust 'exp_b10' any 1697 * more! 1698 */ 1699 if (exp_b10 != (-1)) 1700 { 1701 if (exp_b10 == 0) *ascii++ = 46, --size; 1702 /* PLUS 1: TOTAL 4 */ 1703 --exp_b10; 1704 } 1705 *ascii++ = 48, --czero; 1706 } 1707 1708 if (exp_b10 != (-1)) 1709 { 1710 if (exp_b10 == 0) *ascii++ = 46, --size; /* counted 1711 above */ 1712 --exp_b10; 1713 } 1714 1715 *ascii++ = (char)(48 + (int)d), ++cdigits; 1716 } 1717 } 1718 while (cdigits+czero-clead < (int)precision && fp > DBL_MIN); 1719 1720 /* The total output count (max) is now 4+precision */ 1721 1722 /* Check for an exponent, if we don't need one we are 1723 * done and just need to terminate the string. At 1724 * this point exp_b10==(-1) is effectively if flag - it got 1725 * to '-1' because of the decrement after outputing 1726 * the decimal point above (the exponent required is 1727 * *not* -1!) 1728 */ 1729 if (exp_b10 >= (-1) && exp_b10 <= 2) 1730 { 1731 /* The following only happens if we didn't output the 1732 * leading zeros above for negative exponent, so this 1733 * doest add to the digit requirement. Note that the 1734 * two zeros here can only be output if the two leading 1735 * zeros were *not* output, so this doesn't increase 1736 * the output count. 1737 */ 1738 while (--exp_b10 >= 0) *ascii++ = 48; 1739 1740 *ascii = 0; 1741 1742 /* Total buffer requirement (including the '\0') is 1743 * 5+precision - see check at the start. 1744 */ 1745 return; 1746 } 1747 1748 /* Here if an exponent is required, adjust size for 1749 * the digits we output but did not count. The total 1750 * digit output here so far is at most 1+precision - no 1751 * decimal point and no leading or trailing zeros have 1752 * been output. 1753 */ 1754 size -= cdigits; 1755 1756 *ascii++ = 69, --size; /* 'E': PLUS 1 TOTAL 2+precision */ 1757 1758 /* The following use of an unsigned temporary avoids ambiguities in 1759 * the signed arithmetic on exp_b10 and permits GCC at least to do 1760 * better optimization. 1761 */ 1762 { 1763 unsigned int uexp_b10; 1764 1765 if (exp_b10 < 0) 1766 { 1767 *ascii++ = 45, --size; /* '-': PLUS 1 TOTAL 3+precision */ 1768 uexp_b10 = -exp_b10; 1769 } 1770 1771 else 1772 uexp_b10 = exp_b10; 1773 1774 cdigits = 0; 1775 1776 while (uexp_b10 > 0) 1777 { 1778 exponent[cdigits++] = (char)(48 + uexp_b10 % 10); 1779 uexp_b10 /= 10; 1780 } 1781 } 1782 1783 /* Need another size check here for the exponent digits, so 1784 * this need not be considered above. 1785 */ 1786 if ((int)size > cdigits) 1787 { 1788 while (cdigits > 0) *ascii++ = exponent[--cdigits]; 1789 1790 *ascii = 0; 1791 1792 return; 1793 } 1794 } 1795 } 1796 else if (!(fp >= DBL_MIN)) 1797 { 1798 *ascii++ = 48; /* '0' */ 1799 *ascii = 0; 1800 return; 1801 } 1802 else 1803 { 1804 *ascii++ = 105; /* 'i' */ 1805 *ascii++ = 110; /* 'n' */ 1806 *ascii++ = 102; /* 'f' */ 1807 *ascii = 0; 1808 return; 1809 } 1810 } 1811 1812 /* Here on buffer too small. */ 1813 png_error(png_ptr, "ASCII conversion buffer too small"); 1814} 1815 1816# endif /* FLOATING_POINT */ 1817 1818# ifdef PNG_FIXED_POINT_SUPPORTED 1819/* Function to format a fixed point value in ASCII. 1820 */ 1821void /* PRIVATE */ 1822png_ascii_from_fixed(png_structp png_ptr, png_charp ascii, png_size_t size, 1823 png_fixed_point fp) 1824{ 1825 /* Require space for 10 decimal digits, a decimal point, a minus sign and a 1826 * trailing \0, 13 characters: 1827 */ 1828 if (size > 12) 1829 { 1830 png_uint_32 num; 1831 1832 /* Avoid overflow here on the minimum integer. */ 1833 if (fp < 0) 1834 *ascii++ = 45, --size, num = -fp; 1835 else 1836 num = fp; 1837 1838 if (num <= 0x80000000) /* else overflowed */ 1839 { 1840 unsigned int ndigits = 0, first = 16 /* flag value */; 1841 char digits[10]; 1842 1843 while (num) 1844 { 1845 /* Split the low digit off num: */ 1846 unsigned int tmp = num/10; 1847 num -= tmp*10; 1848 digits[ndigits++] = (char)(48 + num); 1849 /* Record the first non-zero digit, note that this is a number 1850 * starting at 1, it's not actually the array index. 1851 */ 1852 if (first == 16 && num > 0) 1853 first = ndigits; 1854 num = tmp; 1855 } 1856 1857 if (ndigits > 0) 1858 { 1859 while (ndigits > 5) *ascii++ = digits[--ndigits]; 1860 /* The remaining digits are fractional digits, ndigits is '5' or 1861 * smaller at this point. It is certainly not zero. Check for a 1862 * non-zero fractional digit: 1863 */ 1864 if (first <= 5) 1865 { 1866 unsigned int i; 1867 *ascii++ = 46; /* decimal point */ 1868 /* ndigits may be <5 for small numbers, output leading zeros 1869 * then ndigits digits to first: 1870 */ 1871 i = 5; 1872 while (ndigits < i) *ascii++ = 48, --i; 1873 while (ndigits >= first) *ascii++ = digits[--ndigits]; 1874 /* Don't output the trailing zeros! */ 1875 } 1876 } 1877 else 1878 *ascii++ = 48; 1879 1880 /* And null terminate the string: */ 1881 *ascii = 0; 1882 return; 1883 } 1884 } 1885 1886 /* Here on buffer too small. */ 1887 png_error(png_ptr, "ASCII conversion buffer too small"); 1888} 1889# endif /* FIXED_POINT */ 1890#endif /* READ_SCAL */ 1891 1892#if defined(PNG_FLOATING_POINT_SUPPORTED) && \ 1893 !defined(PNG_FIXED_POINT_MACRO_SUPPORTED) 1894png_fixed_point 1895png_fixed(png_structp png_ptr, double fp, png_const_charp text) 1896{ 1897 double r = floor(100000 * fp + .5); 1898 1899 if (r > 2147483647. || r < -2147483648.) 1900 png_fixed_error(png_ptr, text); 1901 1902 return (png_fixed_point)r; 1903} 1904#endif 1905 1906#if defined(PNG_READ_GAMMA_SUPPORTED) || \ 1907 defined(PNG_INCH_CONVERSIONS_SUPPORTED) || defined(PNG__READ_pHYs_SUPPORTED) 1908/* muldiv functions */ 1909/* This API takes signed arguments and rounds the result to the nearest 1910 * integer (or, for a fixed point number - the standard argument - to 1911 * the nearest .00001). Overflow and divide by zero are signalled in 1912 * the result, a boolean - true on success, false on overflow. 1913 */ 1914int 1915png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times, 1916 png_int_32 divisor) 1917{ 1918 /* Return a * times / divisor, rounded. */ 1919 if (divisor != 0) 1920 { 1921 if (a == 0 || times == 0) 1922 { 1923 *res = 0; 1924 return 1; 1925 } 1926 else 1927 { 1928#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED 1929 double r = a; 1930 r *= times; 1931 r /= divisor; 1932 r = floor(r+.5); 1933 1934 /* A png_fixed_point is a 32-bit integer. */ 1935 if (r <= 2147483647. && r >= -2147483648.) 1936 { 1937 *res = (png_fixed_point)r; 1938 return 1; 1939 } 1940#else 1941 int negative = 0; 1942 png_uint_32 A, T, D; 1943 png_uint_32 s16, s32, s00; 1944 1945 if (a < 0) 1946 negative = 1, A = -a; 1947 else 1948 A = a; 1949 1950 if (times < 0) 1951 negative = !negative, T = -times; 1952 else 1953 T = times; 1954 1955 if (divisor < 0) 1956 negative = !negative, D = -divisor; 1957 else 1958 D = divisor; 1959 1960 /* Following can't overflow because the arguments only 1961 * have 31 bits each, however the result may be 32 bits. 1962 */ 1963 s16 = (A >> 16) * (T & 0xffff) + 1964 (A & 0xffff) * (T >> 16); 1965 /* Can't overflow because the a*times bit is only 30 1966 * bits at most. 1967 */ 1968 s32 = (A >> 16) * (T >> 16) + (s16 >> 16); 1969 s00 = (A & 0xffff) * (T & 0xffff); 1970 1971 s16 = (s16 & 0xffff) << 16; 1972 s00 += s16; 1973 1974 if (s00 < s16) 1975 ++s32; /* carry */ 1976 1977 if (s32 < D) /* else overflow */ 1978 { 1979 /* s32.s00 is now the 64-bit product, do a standard 1980 * division, we know that s32 < D, so the maximum 1981 * required shift is 31. 1982 */ 1983 int bitshift = 32; 1984 png_fixed_point result = 0; /* NOTE: signed */ 1985 1986 while (--bitshift >= 0) 1987 { 1988 png_uint_32 d32, d00; 1989 1990 if (bitshift > 0) 1991 d32 = D >> (32-bitshift), d00 = D << bitshift; 1992 1993 else 1994 d32 = 0, d00 = D; 1995 1996 if (s32 > d32) 1997 { 1998 if (s00 < d00) --s32; /* carry */ 1999 s32 -= d32, s00 -= d00, result += 1<<bitshift; 2000 } 2001 2002 else 2003 if (s32 == d32 && s00 >= d00) 2004 s32 = 0, s00 -= d00, result += 1<<bitshift; 2005 } 2006 2007 /* Handle the rounding. */ 2008 if (s00 >= (D >> 1)) 2009 ++result; 2010 2011 if (negative) 2012 result = -result; 2013 2014 /* Check for overflow. */ 2015 if ((negative && result <= 0) || (!negative && result >= 0)) 2016 { 2017 *res = result; 2018 return 1; 2019 } 2020 } 2021#endif 2022 } 2023 } 2024 2025 return 0; 2026} 2027#endif /* READ_GAMMA || INCH_CONVERSIONS */ 2028 2029#if defined(PNG_READ_GAMMA_SUPPORTED) || defined(PNG_INCH_CONVERSIONS_SUPPORTED) 2030/* The following is for when the caller doesn't much care about the 2031 * result. 2032 */ 2033png_fixed_point 2034png_muldiv_warn(png_structp png_ptr, png_fixed_point a, png_int_32 times, 2035 png_int_32 divisor) 2036{ 2037 png_fixed_point result; 2038 2039 if (png_muldiv(&result, a, times, divisor)) 2040 return result; 2041 2042 png_warning(png_ptr, "fixed point overflow ignored"); 2043 return 0; 2044} 2045#endif 2046 2047#ifdef PNG_READ_GAMMA_SUPPORTED /* more fixed point functions for gamma */ 2048/* Calculate a reciprocal, return 0 on div-by-zero or overflow. */ 2049png_fixed_point 2050png_reciprocal(png_fixed_point a) 2051{ 2052#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED 2053 double r = floor(1E10/a+.5); 2054 2055 if (r <= 2147483647. && r >= -2147483648.) 2056 return (png_fixed_point)r; 2057#else 2058 png_fixed_point res; 2059 2060 if (png_muldiv(&res, 100000, 100000, a)) 2061 return res; 2062#endif 2063 2064 return 0; /* error/overflow */ 2065} 2066 2067/* A local convenience routine. */ 2068static png_fixed_point 2069png_product2(png_fixed_point a, png_fixed_point b) 2070{ 2071 /* The required result is 1/a * 1/b; the following preserves accuracy. */ 2072#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED 2073 double r = a * 1E-5; 2074 r *= b; 2075 r = floor(r+.5); 2076 2077 if (r <= 2147483647. && r >= -2147483648.) 2078 return (png_fixed_point)r; 2079#else 2080 png_fixed_point res; 2081 2082 if (png_muldiv(&res, a, b, 100000)) 2083 return res; 2084#endif 2085 2086 return 0; /* overflow */ 2087} 2088 2089/* The inverse of the above. */ 2090png_fixed_point 2091png_reciprocal2(png_fixed_point a, png_fixed_point b) 2092{ 2093 /* The required result is 1/a * 1/b; the following preserves accuracy. */ 2094#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED 2095 double r = 1E15/a; 2096 r /= b; 2097 r = floor(r+.5); 2098 2099 if (r <= 2147483647. && r >= -2147483648.) 2100 return (png_fixed_point)r; 2101#else 2102 /* This may overflow because the range of png_fixed_point isn't symmetric, 2103 * but this API is only used for the product of file and screen gamma so it 2104 * doesn't matter that the smallest number it can produce is 1/21474, not 2105 * 1/100000 2106 */ 2107 png_fixed_point res = png_product2(a, b); 2108 2109 if (res != 0) 2110 return png_reciprocal(res); 2111#endif 2112 2113 return 0; /* overflow */ 2114} 2115#endif /* READ_GAMMA */ 2116 2117#ifdef PNG_CHECK_cHRM_SUPPORTED 2118/* Added at libpng version 1.2.34 (Dec 8, 2008) and 1.4.0 (Jan 2, 2119 * 2010: moved from pngset.c) */ 2120/* 2121 * Multiply two 32-bit numbers, V1 and V2, using 32-bit 2122 * arithmetic, to produce a 64-bit result in the HI/LO words. 2123 * 2124 * A B 2125 * x C D 2126 * ------ 2127 * AD || BD 2128 * AC || CB || 0 2129 * 2130 * where A and B are the high and low 16-bit words of V1, 2131 * C and D are the 16-bit words of V2, AD is the product of 2132 * A and D, and X || Y is (X << 16) + Y. 2133*/ 2134 2135void /* PRIVATE */ 2136png_64bit_product (long v1, long v2, unsigned long *hi_product, 2137 unsigned long *lo_product) 2138{ 2139 int a, b, c, d; 2140 long lo, hi, x, y; 2141 2142 a = (v1 >> 16) & 0xffff; 2143 b = v1 & 0xffff; 2144 c = (v2 >> 16) & 0xffff; 2145 d = v2 & 0xffff; 2146 2147 lo = b * d; /* BD */ 2148 x = a * d + c * b; /* AD + CB */ 2149 y = ((lo >> 16) & 0xffff) + x; 2150 2151 lo = (lo & 0xffff) | ((y & 0xffff) << 16); 2152 hi = (y >> 16) & 0xffff; 2153 2154 hi += a * c; /* AC */ 2155 2156 *hi_product = (unsigned long)hi; 2157 *lo_product = (unsigned long)lo; 2158} 2159#endif /* CHECK_cHRM */ 2160 2161#ifdef PNG_READ_GAMMA_SUPPORTED /* gamma table code */ 2162#ifndef PNG_FLOATING_ARITHMETIC_SUPPORTED 2163/* Fixed point gamma. 2164 * 2165 * To calculate gamma this code implements fast log() and exp() calls using only 2166 * fixed point arithmetic. This code has sufficient precision for either 8-bit 2167 * or 16-bit sample values. 2168 * 2169 * The tables used here were calculated using simple 'bc' programs, but C double 2170 * precision floating point arithmetic would work fine. The programs are given 2171 * at the head of each table. 2172 * 2173 * 8-bit log table 2174 * This is a table of -log(value/255)/log(2) for 'value' in the range 128 to 2175 * 255, so it's the base 2 logarithm of a normalized 8-bit floating point 2176 * mantissa. The numbers are 32-bit fractions. 2177 */ 2178static png_uint_32 2179png_8bit_l2[128] = 2180{ 2181# ifdef PNG_DO_BC 2182 for (i=128;i<256;++i) { .5 - l(i/255)/l(2)*65536*65536; } 2183# else 2184 4270715492U, 4222494797U, 4174646467U, 4127164793U, 4080044201U, 4033279239U, 2185 3986864580U, 3940795015U, 3895065449U, 3849670902U, 3804606499U, 3759867474U, 2186 3715449162U, 3671346997U, 3627556511U, 3584073329U, 3540893168U, 3498011834U, 2187 3455425220U, 3413129301U, 3371120137U, 3329393864U, 3287946700U, 3246774933U, 2188 3205874930U, 3165243125U, 3124876025U, 3084770202U, 3044922296U, 3005329011U, 2189 2965987113U, 2926893432U, 2888044853U, 2849438323U, 2811070844U, 2772939474U, 2190 2735041326U, 2697373562U, 2659933400U, 2622718104U, 2585724991U, 2548951424U, 2191 2512394810U, 2476052606U, 2439922311U, 2404001468U, 2368287663U, 2332778523U, 2192 2297471715U, 2262364947U, 2227455964U, 2192742551U, 2158222529U, 2123893754U, 2193 2089754119U, 2055801552U, 2022034013U, 1988449497U, 1955046031U, 1921821672U, 2194 1888774511U, 1855902668U, 1823204291U, 1790677560U, 1758320682U, 1726131893U, 2195 1694109454U, 1662251657U, 1630556815U, 1599023271U, 1567649391U, 1536433567U, 2196 1505374214U, 1474469770U, 1443718700U, 1413119487U, 1382670639U, 1352370686U, 2197 1322218179U, 1292211689U, 1262349810U, 1232631153U, 1203054352U, 1173618059U, 2198 1144320946U, 1115161701U, 1086139034U, 1057251672U, 1028498358U, 999877854U, 2199 971388940U, 943030410U, 914801076U, 886699767U, 858725327U, 830876614U, 2200 803152505U, 775551890U, 748073672U, 720716771U, 693480120U, 666362667U, 2201 639363374U, 612481215U, 585715177U, 559064263U, 532527486U, 506103872U, 2202 479792461U, 453592303U, 427502463U, 401522014U, 375650043U, 349885648U, 2203 324227938U, 298676034U, 273229066U, 247886176U, 222646516U, 197509248U, 2204 172473545U, 147538590U, 122703574U, 97967701U, 73330182U, 48790236U, 2205 24347096U, 0U 2206# endif 2207 2208#if 0 2209 /* The following are the values for 16-bit tables - these work fine for the 2210 * 8-bit conversions but produce very slightly larger errors in the 16-bit 2211 * log (about 1.2 as opposed to 0.7 absolute error in the final value). To 2212 * use these all the shifts below must be adjusted appropriately. 2213 */ 2214 65166, 64430, 63700, 62976, 62257, 61543, 60835, 60132, 59434, 58741, 58054, 2215 57371, 56693, 56020, 55352, 54689, 54030, 53375, 52726, 52080, 51439, 50803, 2216 50170, 49542, 48918, 48298, 47682, 47070, 46462, 45858, 45257, 44661, 44068, 2217 43479, 42894, 42312, 41733, 41159, 40587, 40020, 39455, 38894, 38336, 37782, 2218 37230, 36682, 36137, 35595, 35057, 34521, 33988, 33459, 32932, 32408, 31887, 2219 31369, 30854, 30341, 29832, 29325, 28820, 28319, 27820, 27324, 26830, 26339, 2220 25850, 25364, 24880, 24399, 23920, 23444, 22970, 22499, 22029, 21562, 21098, 2221 20636, 20175, 19718, 19262, 18808, 18357, 17908, 17461, 17016, 16573, 16132, 2222 15694, 15257, 14822, 14390, 13959, 13530, 13103, 12678, 12255, 11834, 11415, 2223 10997, 10582, 10168, 9756, 9346, 8937, 8531, 8126, 7723, 7321, 6921, 6523, 2224 6127, 5732, 5339, 4947, 4557, 4169, 3782, 3397, 3014, 2632, 2251, 1872, 1495, 2225 1119, 744, 372 2226#endif 2227}; 2228 2229PNG_STATIC png_int_32 2230png_log8bit(unsigned int x) 2231{ 2232 unsigned int lg2 = 0; 2233 /* Each time 'x' is multiplied by 2, 1 must be subtracted off the final log, 2234 * because the log is actually negate that means adding 1. The final 2235 * returned value thus has the range 0 (for 255 input) to 7.994 (for 1 2236 * input), return 7.99998 for the overflow (log 0) case - so the result is 2237 * always at most 19 bits. 2238 */ 2239 if ((x &= 0xff) == 0) 2240 return 0xffffffff; 2241 2242 if ((x & 0xf0) == 0) 2243 lg2 = 4, x <<= 4; 2244 2245 if ((x & 0xc0) == 0) 2246 lg2 += 2, x <<= 2; 2247 2248 if ((x & 0x80) == 0) 2249 lg2 += 1, x <<= 1; 2250 2251 /* result is at most 19 bits, so this cast is safe: */ 2252 return (png_int_32)((lg2 << 16) + ((png_8bit_l2[x-128]+32768)>>16)); 2253} 2254 2255/* The above gives exact (to 16 binary places) log2 values for 8-bit images, 2256 * for 16-bit images we use the most significant 8 bits of the 16-bit value to 2257 * get an approximation then multiply the approximation by a correction factor 2258 * determined by the remaining up to 8 bits. This requires an additional step 2259 * in the 16-bit case. 2260 * 2261 * We want log2(value/65535), we have log2(v'/255), where: 2262 * 2263 * value = v' * 256 + v'' 2264 * = v' * f 2265 * 2266 * So f is value/v', which is equal to (256+v''/v') since v' is in the range 128 2267 * to 255 and v'' is in the range 0 to 255 f will be in the range 256 to less 2268 * than 258. The final factor also needs to correct for the fact that our 8-bit 2269 * value is scaled by 255, whereas the 16-bit values must be scaled by 65535. 2270 * 2271 * This gives a final formula using a calculated value 'x' which is value/v' and 2272 * scaling by 65536 to match the above table: 2273 * 2274 * log2(x/257) * 65536 2275 * 2276 * Since these numbers are so close to '1' we can use simple linear 2277 * interpolation between the two end values 256/257 (result -368.61) and 258/257 2278 * (result 367.179). The values used below are scaled by a further 64 to give 2279 * 16-bit precision in the interpolation: 2280 * 2281 * Start (256): -23591 2282 * Zero (257): 0 2283 * End (258): 23499 2284 */ 2285PNG_STATIC png_int_32 2286png_log16bit(png_uint_32 x) 2287{ 2288 unsigned int lg2 = 0; 2289 2290 /* As above, but now the input has 16 bits. */ 2291 if ((x &= 0xffff) == 0) 2292 return 0xffffffff; 2293 2294 if ((x & 0xff00) == 0) 2295 lg2 = 8, x <<= 8; 2296 2297 if ((x & 0xf000) == 0) 2298 lg2 += 4, x <<= 4; 2299 2300 if ((x & 0xc000) == 0) 2301 lg2 += 2, x <<= 2; 2302 2303 if ((x & 0x8000) == 0) 2304 lg2 += 1, x <<= 1; 2305 2306 /* Calculate the base logarithm from the top 8 bits as a 28-bit fractional 2307 * value. 2308 */ 2309 lg2 <<= 28; 2310 lg2 += (png_8bit_l2[(x>>8)-128]+8) >> 4; 2311 2312 /* Now we need to interpolate the factor, this requires a division by the top 2313 * 8 bits. Do this with maximum precision. 2314 */ 2315 x = ((x << 16) + (x >> 9)) / (x >> 8); 2316 2317 /* Since we divided by the top 8 bits of 'x' there will be a '1' at 1<<24, 2318 * the value at 1<<16 (ignoring this) will be 0 or 1; this gives us exactly 2319 * 16 bits to interpolate to get the low bits of the result. Round the 2320 * answer. Note that the end point values are scaled by 64 to retain overall 2321 * precision and that 'lg2' is current scaled by an extra 12 bits, so adjust 2322 * the overall scaling by 6-12. Round at every step. 2323 */ 2324 x -= 1U << 24; 2325 2326 if (x <= 65536U) /* <= '257' */ 2327 lg2 += ((23591U * (65536U-x)) + (1U << (16+6-12-1))) >> (16+6-12); 2328 2329 else 2330 lg2 -= ((23499U * (x-65536U)) + (1U << (16+6-12-1))) >> (16+6-12); 2331 2332 /* Safe, because the result can't have more than 20 bits: */ 2333 return (png_int_32)((lg2 + 2048) >> 12); 2334} 2335 2336/* The 'exp()' case must invert the above, taking a 20-bit fixed point 2337 * logarithmic value and returning a 16 or 8-bit number as appropriate. In 2338 * each case only the low 16 bits are relevant - the fraction - since the 2339 * integer bits (the top 4) simply determine a shift. 2340 * 2341 * The worst case is the 16-bit distinction between 65535 and 65534, this 2342 * requires perhaps spurious accuracy in the decoding of the logarithm to 2343 * distinguish log2(65535/65534.5) - 10^-5 or 17 bits. There is little chance 2344 * of getting this accuracy in practice. 2345 * 2346 * To deal with this the following exp() function works out the exponent of the 2347 * frational part of the logarithm by using an accurate 32-bit value from the 2348 * top four fractional bits then multiplying in the remaining bits. 2349 */ 2350static png_uint_32 2351png_32bit_exp[16] = 2352{ 2353# ifdef PNG_DO_BC 2354 for (i=0;i<16;++i) { .5 + e(-i/16*l(2))*2^32; } 2355# else 2356 /* NOTE: the first entry is deliberately set to the maximum 32-bit value. */ 2357 4294967295U, 4112874773U, 3938502376U, 3771522796U, 3611622603U, 3458501653U, 2358 3311872529U, 3171459999U, 3037000500U, 2908241642U, 2784941738U, 2666869345U, 2359 2553802834U, 2445529972U, 2341847524U, 2242560872U 2360# endif 2361}; 2362 2363/* Adjustment table; provided to explain the numbers in the code below. */ 2364#ifdef PNG_DO_BC 2365for (i=11;i>=0;--i){ print i, " ", (1 - e(-(2^i)/65536*l(2))) * 2^(32-i), "\n"} 2366 11 44937.64284865548751208448 2367 10 45180.98734845585101160448 2368 9 45303.31936980687359311872 2369 8 45364.65110595323018870784 2370 7 45395.35850361789624614912 2371 6 45410.72259715102037508096 2372 5 45418.40724413220722311168 2373 4 45422.25021786898173001728 2374 3 45424.17186732298419044352 2375 2 45425.13273269940811464704 2376 1 45425.61317555035558641664 2377 0 45425.85339951654943850496 2378#endif 2379 2380PNG_STATIC png_uint_32 2381png_exp(png_fixed_point x) 2382{ 2383 if (x > 0 && x <= 0xfffff) /* Else overflow or zero (underflow) */ 2384 { 2385 /* Obtain a 4-bit approximation */ 2386 png_uint_32 e = png_32bit_exp[(x >> 12) & 0xf]; 2387 2388 /* Incorporate the low 12 bits - these decrease the returned value by 2389 * multiplying by a number less than 1 if the bit is set. The multiplier 2390 * is determined by the above table and the shift. Notice that the values 2391 * converge on 45426 and this is used to allow linear interpolation of the 2392 * low bits. 2393 */ 2394 if (x & 0x800) 2395 e -= (((e >> 16) * 44938U) + 16U) >> 5; 2396 2397 if (x & 0x400) 2398 e -= (((e >> 16) * 45181U) + 32U) >> 6; 2399 2400 if (x & 0x200) 2401 e -= (((e >> 16) * 45303U) + 64U) >> 7; 2402 2403 if (x & 0x100) 2404 e -= (((e >> 16) * 45365U) + 128U) >> 8; 2405 2406 if (x & 0x080) 2407 e -= (((e >> 16) * 45395U) + 256U) >> 9; 2408 2409 if (x & 0x040) 2410 e -= (((e >> 16) * 45410U) + 512U) >> 10; 2411 2412 /* And handle the low 6 bits in a single block. */ 2413 e -= (((e >> 16) * 355U * (x & 0x3fU)) + 256U) >> 9; 2414 2415 /* Handle the upper bits of x. */ 2416 e >>= x >> 16; 2417 return e; 2418 } 2419 2420 /* Check for overflow */ 2421 if (x <= 0) 2422 return png_32bit_exp[0]; 2423 2424 /* Else underflow */ 2425 return 0; 2426} 2427 2428PNG_STATIC png_byte 2429png_exp8bit(png_fixed_point lg2) 2430{ 2431 /* Get a 32-bit value: */ 2432 png_uint_32 x = png_exp(lg2); 2433 2434 /* Convert the 32-bit value to 0..255 by multiplying by 256-1, note that the 2435 * second, rounding, step can't overflow because of the first, subtraction, 2436 * step. 2437 */ 2438 x -= x >> 8; 2439 return (png_byte)((x + 0x7fffffU) >> 24); 2440} 2441 2442PNG_STATIC png_uint_16 2443png_exp16bit(png_fixed_point lg2) 2444{ 2445 /* Get a 32-bit value: */ 2446 png_uint_32 x = png_exp(lg2); 2447 2448 /* Convert the 32-bit value to 0..65535 by multiplying by 65536-1: */ 2449 x -= x >> 16; 2450 return (png_uint_16)((x + 32767U) >> 16); 2451} 2452#endif /* FLOATING_ARITHMETIC */ 2453 2454png_byte 2455png_gamma_8bit_correct(unsigned int value, png_fixed_point gamma_val) 2456{ 2457 if (value > 0 && value < 255) 2458 { 2459# ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED 2460 double r = floor(255*pow(value/255.,gamma_val*.00001)+.5); 2461 return (png_byte)r; 2462# else 2463 png_int_32 lg2 = png_log8bit(value); 2464 png_fixed_point res; 2465 2466 if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1)) 2467 return png_exp8bit(res); 2468 2469 /* Overflow. */ 2470 value = 0; 2471# endif 2472 } 2473 2474 return (png_byte)value; 2475} 2476 2477png_uint_16 2478png_gamma_16bit_correct(unsigned int value, png_fixed_point gamma_val) 2479{ 2480 if (value > 0 && value < 65535) 2481 { 2482# ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED 2483 double r = floor(65535*pow(value/65535.,gamma_val*.00001)+.5); 2484 return (png_uint_16)r; 2485# else 2486 png_int_32 lg2 = png_log16bit(value); 2487 png_fixed_point res; 2488 2489 if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1)) 2490 return png_exp16bit(res); 2491 2492 /* Overflow. */ 2493 value = 0; 2494# endif 2495 } 2496 2497 return (png_uint_16)value; 2498} 2499 2500/* This does the right thing based on the bit_depth field of the 2501 * png_struct, interpreting values as 8-bit or 16-bit. While the result 2502 * is nominally a 16-bit value if bit depth is 8 then the result is 2503 * 8-bit (as are the arguments.) 2504 */ 2505png_uint_16 /* PRIVATE */ 2506png_gamma_correct(png_structp png_ptr, unsigned int value, 2507 png_fixed_point gamma_val) 2508{ 2509 if (png_ptr->bit_depth == 8) 2510 return png_gamma_8bit_correct(value, gamma_val); 2511 2512 else 2513 return png_gamma_16bit_correct(value, gamma_val); 2514} 2515 2516/* This is the shared test on whether a gamma value is 'significant' - whether 2517 * it is worth doing gamma correction. 2518 */ 2519int /* PRIVATE */ 2520png_gamma_significant(png_fixed_point gamma_val) 2521{ 2522 return gamma_val < PNG_FP_1 - PNG_GAMMA_THRESHOLD_FIXED || 2523 gamma_val > PNG_FP_1 + PNG_GAMMA_THRESHOLD_FIXED; 2524} 2525 2526/* Internal function to build a single 16-bit table - the table consists of 2527 * 'num' 256-entry subtables, where 'num' is determined by 'shift' - the amount 2528 * to shift the input values right (or 16-number_of_signifiant_bits). 2529 * 2530 * The caller is responsible for ensuring that the table gets cleaned up on 2531 * png_error (i.e. if one of the mallocs below fails) - i.e. the *table argument 2532 * should be somewhere that will be cleaned. 2533 */ 2534static void 2535png_build_16bit_table(png_structp png_ptr, png_uint_16pp *ptable, 2536 PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val) 2537{ 2538 /* Various values derived from 'shift': */ 2539 PNG_CONST unsigned int num = 1U << (8U - shift); 2540 PNG_CONST unsigned int max = (1U << (16U - shift))-1U; 2541 PNG_CONST unsigned int max_by_2 = 1U << (15U-shift); 2542 unsigned int i; 2543 2544 png_uint_16pp table = *ptable = 2545 (png_uint_16pp)png_calloc(png_ptr, num * png_sizeof(png_uint_16p)); 2546 2547 for (i = 0; i < num; i++) 2548 { 2549 png_uint_16p sub_table = table[i] = 2550 (png_uint_16p)png_malloc(png_ptr, 256 * png_sizeof(png_uint_16)); 2551 2552 /* The 'threshold' test is repeated here because it can arise for one of 2553 * the 16-bit tables even if the others don't hit it. 2554 */ 2555 if (png_gamma_significant(gamma_val)) 2556 { 2557 /* The old code would overflow at the end and this would cause the 2558 * 'pow' function to return a result >1, resulting in an 2559 * arithmetic error. This code follows the spec exactly; ig is 2560 * the recovered input sample, it always has 8-16 bits. 2561 * 2562 * We want input * 65535/max, rounded, the arithmetic fits in 32 2563 * bits (unsigned) so long as max <= 32767. 2564 */ 2565 unsigned int j; 2566 for (j = 0; j < 256; j++) 2567 { 2568 png_uint_32 ig = (j << (8-shift)) + i; 2569# ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED 2570 /* Inline the 'max' scaling operation: */ 2571 double d = floor(65535*pow(ig/(double)max, gamma_val*.00001)+.5); 2572 sub_table[j] = (png_uint_16)d; 2573# else 2574 if (shift) 2575 ig = (ig * 65535U + max_by_2)/max; 2576 2577 sub_table[j] = png_gamma_16bit_correct(ig, gamma_val); 2578# endif 2579 } 2580 } 2581 else 2582 { 2583 /* We must still build a table, but do it the fast way. */ 2584 unsigned int j; 2585 2586 for (j = 0; j < 256; j++) 2587 { 2588 png_uint_32 ig = (j << (8-shift)) + i; 2589 2590 if (shift) 2591 ig = (ig * 65535U + max_by_2)/max; 2592 2593 sub_table[j] = (png_uint_16)ig; 2594 } 2595 } 2596 } 2597} 2598 2599/* NOTE: this function expects the *inverse* of the overall gamma transformation 2600 * required. 2601 */ 2602static void 2603png_build_16to8_table(png_structp png_ptr, png_uint_16pp *ptable, 2604 PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val) 2605{ 2606 PNG_CONST unsigned int num = 1U << (8U - shift); 2607 PNG_CONST unsigned int max = (1U << (16U - shift))-1U; 2608 unsigned int i; 2609 png_uint_32 last; 2610 2611 png_uint_16pp table = *ptable = 2612 (png_uint_16pp)png_calloc(png_ptr, num * png_sizeof(png_uint_16p)); 2613 2614 /* 'num' is the number of tables and also the number of low bits of the 2615 * input 16-bit value used to select a table. Each table is itself indexed 2616 * by the high 8 bits of the value. 2617 */ 2618 for (i = 0; i < num; i++) 2619 table[i] = (png_uint_16p)png_malloc(png_ptr, 2620 256 * png_sizeof(png_uint_16)); 2621 2622 /* 'gamma_val' is set to the reciprocal of the value calculated above, so 2623 * pow(out,g) is an *input* value. 'last' is the last input value set. 2624 * 2625 * In the loop 'i' is used to find output values. Since the output is 2626 * 8-bit there are only 256 possible values. The tables are set up to 2627 * select the closest possible output value for each input by finding 2628 * the input value at the boundary between each pair of output values 2629 * and filling the table up to that boundary with the lower output 2630 * value. 2631 * 2632 * The boundary values are 0.5,1.5..253.5,254.5. Since these are 9-bit 2633 * values the code below uses a 16-bit value in i; the values start at 2634 * 128.5 (for 0.5) and step by 257, for a total of 254 values (the last 2635 * entries are filled with 255). Start i at 128 and fill all 'last' 2636 * table entries <= 'max' 2637 */ 2638 last = 0; 2639 for (i = 0; i < 255; ++i) /* 8-bit output value */ 2640 { 2641 /* Find the corresponding maximum input value */ 2642 png_uint_16 out = (png_uint_16)(i * 257U); /* 16-bit output value */ 2643 2644 /* Find the boundary value in 16 bits: */ 2645 png_uint_32 bound = png_gamma_16bit_correct(out+128U, gamma_val); 2646 2647 /* Adjust (round) to (16-shift) bits: */ 2648 bound = (bound * max + 32768U)/65535U + 1U; 2649 2650 while (last < bound) 2651 { 2652 table[last & (0xffU >> shift)][last >> (8U - shift)] = out; 2653 last++; 2654 } 2655 } 2656 2657 /* And fill in the final entries. */ 2658 while (last < (num << 8)) 2659 { 2660 table[last & (0xff >> shift)][last >> (8U - shift)] = 65535U; 2661 last++; 2662 } 2663} 2664 2665/* Build a single 8-bit table: same as the 16-bit case but much simpler (and 2666 * typically much faster). Note that libpng currently does no sBIT processing 2667 * (apparently contrary to the spec) so a 256-entry table is always generated. 2668 */ 2669static void 2670png_build_8bit_table(png_structp png_ptr, png_bytepp ptable, 2671 PNG_CONST png_fixed_point gamma_val) 2672{ 2673 unsigned int i; 2674 png_bytep table = *ptable = (png_bytep)png_malloc(png_ptr, 256); 2675 2676 if (png_gamma_significant(gamma_val)) for (i=0; i<256; i++) 2677 table[i] = png_gamma_8bit_correct(i, gamma_val); 2678 2679 else for (i=0; i<256; ++i) 2680 table[i] = (png_byte)i; 2681} 2682 2683/* Used from png_read_destroy and below to release the memory used by the gamma 2684 * tables. 2685 */ 2686void /* PRIVATE */ 2687png_destroy_gamma_table(png_structp png_ptr) 2688{ 2689 png_free(png_ptr, png_ptr->gamma_table); 2690 png_ptr->gamma_table = NULL; 2691 2692 if (png_ptr->gamma_16_table != NULL) 2693 { 2694 int i; 2695 int istop = (1 << (8 - png_ptr->gamma_shift)); 2696 for (i = 0; i < istop; i++) 2697 { 2698 png_free(png_ptr, png_ptr->gamma_16_table[i]); 2699 } 2700 png_free(png_ptr, png_ptr->gamma_16_table); 2701 png_ptr->gamma_16_table = NULL; 2702 } 2703 2704#if defined(PNG_READ_BACKGROUND_SUPPORTED) || \ 2705 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \ 2706 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED) 2707 png_free(png_ptr, png_ptr->gamma_from_1); 2708 png_ptr->gamma_from_1 = NULL; 2709 png_free(png_ptr, png_ptr->gamma_to_1); 2710 png_ptr->gamma_to_1 = NULL; 2711 2712 if (png_ptr->gamma_16_from_1 != NULL) 2713 { 2714 int i; 2715 int istop = (1 << (8 - png_ptr->gamma_shift)); 2716 for (i = 0; i < istop; i++) 2717 { 2718 png_free(png_ptr, png_ptr->gamma_16_from_1[i]); 2719 } 2720 png_free(png_ptr, png_ptr->gamma_16_from_1); 2721 png_ptr->gamma_16_from_1 = NULL; 2722 } 2723 if (png_ptr->gamma_16_to_1 != NULL) 2724 { 2725 int i; 2726 int istop = (1 << (8 - png_ptr->gamma_shift)); 2727 for (i = 0; i < istop; i++) 2728 { 2729 png_free(png_ptr, png_ptr->gamma_16_to_1[i]); 2730 } 2731 png_free(png_ptr, png_ptr->gamma_16_to_1); 2732 png_ptr->gamma_16_to_1 = NULL; 2733 } 2734#endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */ 2735} 2736 2737/* We build the 8- or 16-bit gamma tables here. Note that for 16-bit 2738 * tables, we don't make a full table if we are reducing to 8-bit in 2739 * the future. Note also how the gamma_16 tables are segmented so that 2740 * we don't need to allocate > 64K chunks for a full 16-bit table. 2741 */ 2742void /* PRIVATE */ 2743png_build_gamma_table(png_structp png_ptr, int bit_depth) 2744{ 2745 png_debug(1, "in png_build_gamma_table"); 2746 2747 /* Remove any existing table; this copes with multiple calls to 2748 * png_read_update_info. The warning is because building the gamma tables 2749 * multiple times is a performance hit - it's harmless but the ability to call 2750 * png_read_update_info() multiple times is new in 1.5.6 so it seems sensible 2751 * to warn if the app introduces such a hit. 2752 */ 2753 if (png_ptr->gamma_table != NULL || png_ptr->gamma_16_table != NULL) 2754 { 2755 png_warning(png_ptr, "gamma table being rebuilt"); 2756 png_destroy_gamma_table(png_ptr); 2757 } 2758 2759 if (bit_depth <= 8) 2760 { 2761 png_build_8bit_table(png_ptr, &png_ptr->gamma_table, 2762 png_ptr->screen_gamma > 0 ? png_reciprocal2(png_ptr->gamma, 2763 png_ptr->screen_gamma) : PNG_FP_1); 2764 2765#if defined(PNG_READ_BACKGROUND_SUPPORTED) || \ 2766 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \ 2767 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED) 2768 if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY)) 2769 { 2770 png_build_8bit_table(png_ptr, &png_ptr->gamma_to_1, 2771 png_reciprocal(png_ptr->gamma)); 2772 2773 png_build_8bit_table(png_ptr, &png_ptr->gamma_from_1, 2774 png_ptr->screen_gamma > 0 ? png_reciprocal(png_ptr->screen_gamma) : 2775 png_ptr->gamma/* Probably doing rgb_to_gray */); 2776 } 2777#endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */ 2778 } 2779 else 2780 { 2781 png_byte shift, sig_bit; 2782 2783 if (png_ptr->color_type & PNG_COLOR_MASK_COLOR) 2784 { 2785 sig_bit = png_ptr->sig_bit.red; 2786 2787 if (png_ptr->sig_bit.green > sig_bit) 2788 sig_bit = png_ptr->sig_bit.green; 2789 2790 if (png_ptr->sig_bit.blue > sig_bit) 2791 sig_bit = png_ptr->sig_bit.blue; 2792 } 2793 else 2794 sig_bit = png_ptr->sig_bit.gray; 2795 2796 /* 16-bit gamma code uses this equation: 2797 * 2798 * ov = table[(iv & 0xff) >> gamma_shift][iv >> 8] 2799 * 2800 * Where 'iv' is the input color value and 'ov' is the output value - 2801 * pow(iv, gamma). 2802 * 2803 * Thus the gamma table consists of up to 256 256-entry tables. The table 2804 * is selected by the (8-gamma_shift) most significant of the low 8 bits of 2805 * the color value then indexed by the upper 8 bits: 2806 * 2807 * table[low bits][high 8 bits] 2808 * 2809 * So the table 'n' corresponds to all those 'iv' of: 2810 * 2811 * <all high 8-bit values><n << gamma_shift>..<(n+1 << gamma_shift)-1> 2812 * 2813 */ 2814 if (sig_bit > 0 && sig_bit < 16U) 2815 shift = (png_byte)(16U - sig_bit); /* shift == insignificant bits */ 2816 2817 else 2818 shift = 0; /* keep all 16 bits */ 2819 2820 if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8)) 2821 { 2822 /* PNG_MAX_GAMMA_8 is the number of bits to keep - effectively 2823 * the significant bits in the *input* when the output will 2824 * eventually be 8 bits. By default it is 11. 2825 */ 2826 if (shift < (16U - PNG_MAX_GAMMA_8)) 2827 shift = (16U - PNG_MAX_GAMMA_8); 2828 } 2829 2830 if (shift > 8U) 2831 shift = 8U; /* Guarantees at least one table! */ 2832 2833 png_ptr->gamma_shift = shift; 2834 2835#ifdef PNG_16BIT_SUPPORTED 2836 /* NOTE: prior to 1.5.4 this test used to include PNG_BACKGROUND (now 2837 * PNG_COMPOSE). This effectively smashed the background calculation for 2838 * 16-bit output because the 8-bit table assumes the result will be reduced 2839 * to 8 bits. 2840 */ 2841 if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8)) 2842#endif 2843 png_build_16to8_table(png_ptr, &png_ptr->gamma_16_table, shift, 2844 png_ptr->screen_gamma > 0 ? png_product2(png_ptr->gamma, 2845 png_ptr->screen_gamma) : PNG_FP_1); 2846 2847#ifdef PNG_16BIT_SUPPORTED 2848 else 2849 png_build_16bit_table(png_ptr, &png_ptr->gamma_16_table, shift, 2850 png_ptr->screen_gamma > 0 ? png_reciprocal2(png_ptr->gamma, 2851 png_ptr->screen_gamma) : PNG_FP_1); 2852#endif 2853 2854#if defined(PNG_READ_BACKGROUND_SUPPORTED) || \ 2855 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \ 2856 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED) 2857 if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY)) 2858 { 2859 png_build_16bit_table(png_ptr, &png_ptr->gamma_16_to_1, shift, 2860 png_reciprocal(png_ptr->gamma)); 2861 2862 /* Notice that the '16 from 1' table should be full precision, however 2863 * the lookup on this table still uses gamma_shift, so it can't be. 2864 * TODO: fix this. 2865 */ 2866 png_build_16bit_table(png_ptr, &png_ptr->gamma_16_from_1, shift, 2867 png_ptr->screen_gamma > 0 ? png_reciprocal(png_ptr->screen_gamma) : 2868 png_ptr->gamma/* Probably doing rgb_to_gray */); 2869 } 2870#endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */ 2871 } 2872} 2873#endif /* READ_GAMMA */ 2874#endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */ 2875