1 2/* pngmem.c - stub functions for memory allocation 3 * 4 * Last changed in libpng 1.6.15 [November 20, 2014] 5 * Copyright (c) 1998-2002,2004,2006-2014 Glenn Randers-Pehrson 6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) 7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) 8 * 9 * This code is released under the libpng license. 10 * For conditions of distribution and use, see the disclaimer 11 * and license in png.h 12 * 13 * This file provides a location for all memory allocation. Users who 14 * need special memory handling are expected to supply replacement 15 * functions for png_malloc() and png_free(), and to use 16 * png_create_read_struct_2() and png_create_write_struct_2() to 17 * identify the replacement functions. 18 */ 19 20#include "pngpriv.h" 21 22void* FXMEM_DefaultAlloc(int byte_size, int); 23void FXMEM_DefaultFree(void* pointer, int); 24 25#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) 26/* Free a png_struct */ 27void /* PRIVATE */ 28png_destroy_png_struct(png_structrp png_ptr) 29{ 30 if (png_ptr != NULL) 31 { 32 /* png_free might call png_error and may certainly call 33 * png_get_mem_ptr, so fake a temporary png_struct to support this. 34 */ 35 png_struct dummy_struct = *png_ptr; 36 memset(png_ptr, 0, (sizeof *png_ptr)); 37 png_free(&dummy_struct, png_ptr); 38 39# ifdef PNG_SETJMP_SUPPORTED 40 /* We may have a jmp_buf left to deallocate. */ 41 png_free_jmpbuf(&dummy_struct); 42# endif 43 } 44} 45 46/* Allocate memory. For reasonable files, size should never exceed 47 * 64K. However, zlib may allocate more than 64K if you don't tell 48 * it not to. See zconf.h and png.h for more information. zlib does 49 * need to allocate exactly 64K, so whatever you call here must 50 * have the ability to do that. 51 */ 52PNG_FUNCTION(png_voidp,PNGAPI 53png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) 54{ 55 png_voidp ret; 56 57 ret = png_malloc(png_ptr, size); 58 59 if (ret != NULL) 60 memset(ret, 0, size); 61 62 return ret; 63} 64 65/* png_malloc_base, an internal function added at libpng 1.6.0, does the work of 66 * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED. 67 * Checking and error handling must happen outside this routine; it returns NULL 68 * if the allocation cannot be done (for any reason.) 69 */ 70PNG_FUNCTION(png_voidp /* PRIVATE */, 71png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size), 72 PNG_ALLOCATED) 73{ 74 /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS 75 * allocators have also been removed in 1.6.0, so any 16-bit system now has 76 * to implement a user memory handler. This checks to be sure it isn't 77 * called with big numbers. 78 */ 79#ifndef PNG_USER_MEM_SUPPORTED 80 PNG_UNUSED(png_ptr) 81#endif 82 83 /* Some compilers complain that this is always true. However, it 84 * can be false when integer overflow happens. 85 */ 86 if (size > 0 && size <= PNG_SIZE_MAX 87# ifdef PNG_MAX_MALLOC_64K 88 && size <= 65536U 89# endif 90 ) 91 { 92#ifdef PNG_USER_MEM_SUPPORTED 93 if (png_ptr != NULL && png_ptr->malloc_fn != NULL) 94 return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size); 95 96 else 97#endif 98 return FXMEM_DefaultAlloc((int)size, 0); 99 } 100 101 else 102 return NULL; 103} 104 105#if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\ 106 defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED) 107/* This is really here only to work round a spurious warning in GCC 4.6 and 4.7 108 * that arises because of the checks in png_realloc_array that are repeated in 109 * png_malloc_array. 110 */ 111static png_voidp 112png_malloc_array_checked(png_const_structrp png_ptr, int nelements, 113 size_t element_size) 114{ 115 png_alloc_size_t req = nelements; /* known to be > 0 */ 116 117 if (req <= PNG_SIZE_MAX/element_size) 118 return png_malloc_base(png_ptr, req * element_size); 119 120 /* The failure case when the request is too large */ 121 return NULL; 122} 123 124PNG_FUNCTION(png_voidp /* PRIVATE */, 125png_malloc_array,(png_const_structrp png_ptr, int nelements, 126 size_t element_size),PNG_ALLOCATED) 127{ 128 if (nelements <= 0 || element_size == 0) 129 png_error(png_ptr, "internal error: array alloc"); 130 131 return png_malloc_array_checked(png_ptr, nelements, element_size); 132} 133 134PNG_FUNCTION(png_voidp /* PRIVATE */, 135png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array, 136 int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED) 137{ 138 /* These are internal errors: */ 139 if (add_elements <= 0 || element_size == 0 || old_elements < 0 || 140 (old_array == NULL && old_elements > 0)) 141 png_error(png_ptr, "internal error: array realloc"); 142 143 /* Check for overflow on the elements count (so the caller does not have to 144 * check.) 145 */ 146 if (add_elements <= INT_MAX - old_elements) 147 { 148 png_voidp new_array = png_malloc_array_checked(png_ptr, 149 old_elements+add_elements, element_size); 150 151 if (new_array != NULL) 152 { 153 /* Because png_malloc_array worked the size calculations below cannot 154 * overflow. 155 */ 156 if (old_elements > 0) 157 memcpy(new_array, old_array, element_size*(unsigned)old_elements); 158 159 memset((char*)new_array + element_size*(unsigned)old_elements, 0, 160 element_size*(unsigned)add_elements); 161 162 return new_array; 163 } 164 } 165 166 return NULL; /* error */ 167} 168#endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */ 169 170/* Various functions that have different error handling are derived from this. 171 * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate 172 * function png_malloc_default is also provided. 173 */ 174PNG_FUNCTION(png_voidp,PNGAPI 175png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) 176{ 177 png_voidp ret; 178 179 if (png_ptr == NULL) 180 return NULL; 181 182 ret = png_malloc_base(png_ptr, size); 183 184 if (ret == NULL) 185 png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */ 186 187 return ret; 188} 189 190#ifdef PNG_USER_MEM_SUPPORTED 191PNG_FUNCTION(png_voidp,PNGAPI 192png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size), 193 PNG_ALLOCATED PNG_DEPRECATED) 194{ 195 png_voidp ret; 196 197 if (png_ptr == NULL) 198 return NULL; 199 200 /* Passing 'NULL' here bypasses the application provided memory handler. */ 201 ret = png_malloc_base(NULL/*use malloc*/, size); 202 203 if (ret == NULL) 204 png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */ 205 206 return ret; 207} 208#endif /* USER_MEM */ 209 210/* This function was added at libpng version 1.2.3. The png_malloc_warn() 211 * function will issue a png_warning and return NULL instead of issuing a 212 * png_error, if it fails to allocate the requested memory. 213 */ 214PNG_FUNCTION(png_voidp,PNGAPI 215png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size), 216 PNG_ALLOCATED) 217{ 218 if (png_ptr != NULL) 219 { 220 png_voidp ret = png_malloc_base(png_ptr, size); 221 222 if (ret != NULL) 223 return ret; 224 225 png_warning(png_ptr, "Out of memory"); 226 } 227 228 return NULL; 229} 230 231/* Free a pointer allocated by png_malloc(). If ptr is NULL, return 232 * without taking any action. 233 */ 234void PNGAPI 235png_free(png_const_structrp png_ptr, png_voidp ptr) 236{ 237 if (png_ptr == NULL || ptr == NULL) 238 return; 239 240#ifdef PNG_USER_MEM_SUPPORTED 241 if (png_ptr->free_fn != NULL) 242 png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr); 243 244 else 245 png_free_default(png_ptr, ptr); 246} 247 248PNG_FUNCTION(void,PNGAPI 249png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED) 250{ 251 if (png_ptr == NULL || ptr == NULL) 252 return; 253#endif /* USER_MEM */ 254 255 FXMEM_DefaultFree(ptr, 0); 256} 257 258#ifdef PNG_USER_MEM_SUPPORTED 259/* This function is called when the application wants to use another method 260 * of allocating and freeing memory. 261 */ 262void PNGAPI 263png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr 264 malloc_fn, png_free_ptr free_fn) 265{ 266 if (png_ptr != NULL) 267 { 268 png_ptr->mem_ptr = mem_ptr; 269 png_ptr->malloc_fn = malloc_fn; 270 png_ptr->free_fn = free_fn; 271 } 272} 273 274/* This function returns a pointer to the mem_ptr associated with the user 275 * functions. The application should free any memory associated with this 276 * pointer before png_write_destroy and png_read_destroy are called. 277 */ 278png_voidp PNGAPI 279png_get_mem_ptr(png_const_structrp png_ptr) 280{ 281 if (png_ptr == NULL) 282 return NULL; 283 284 return png_ptr->mem_ptr; 285} 286#endif /* USER_MEM */ 287#endif /* READ || WRITE */ 288