1
2 /* pngwutil.c - utilities to write a PNG file
3 *
4 * Copyright (c) 2018 Cosmin Truta
5 * Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
6 * Copyright (c) 1996-1997 Andreas Dilger
7 * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
8 *
9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer
11 * and license in png.h
12 */
13
14 #include "pngpriv.h"
15
16 #ifdef PNG_WRITE_SUPPORTED
17
18 #ifdef PNG_WRITE_INT_FUNCTIONS_SUPPORTED
19 /* Place a 32-bit number into a buffer in PNG byte order. We work
20 * with unsigned numbers for convenience, although one supported
21 * ancillary chunk uses signed (two's complement) numbers.
22 */
23 void PNGAPI
png_save_uint_32(png_bytep buf,png_uint_32 i)24 png_save_uint_32(png_bytep buf, png_uint_32 i)
25 {
26 buf[0] = (png_byte)((i >> 24) & 0xffU);
27 buf[1] = (png_byte)((i >> 16) & 0xffU);
28 buf[2] = (png_byte)((i >> 8) & 0xffU);
29 buf[3] = (png_byte)( i & 0xffU);
30 }
31
32 /* Place a 16-bit number into a buffer in PNG byte order.
33 * The parameter is declared unsigned int, not png_uint_16,
34 * just to avoid potential problems on pre-ANSI C compilers.
35 */
36 void PNGAPI
png_save_uint_16(png_bytep buf,unsigned int i)37 png_save_uint_16(png_bytep buf, unsigned int i)
38 {
39 buf[0] = (png_byte)((i >> 8) & 0xffU);
40 buf[1] = (png_byte)( i & 0xffU);
41 }
42 #endif
43
44 /* Simple function to write the signature. If we have already written
45 * the magic bytes of the signature, or more likely, the PNG stream is
46 * being embedded into another stream and doesn't need its own signature,
47 * we should call png_set_sig_bytes() to tell libpng how many of the
48 * bytes have already been written.
49 */
50 void PNGAPI
png_write_sig(png_structrp png_ptr)51 png_write_sig(png_structrp png_ptr)
52 {
53 png_byte png_signature[8] = {137, 80, 78, 71, 13, 10, 26, 10};
54
55 #ifdef PNG_IO_STATE_SUPPORTED
56 /* Inform the I/O callback that the signature is being written */
57 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_SIGNATURE;
58 #endif
59
60 /* Write the rest of the 8 byte signature */
61 png_write_data(png_ptr, &png_signature[png_ptr->sig_bytes],
62 (size_t)(8 - png_ptr->sig_bytes));
63
64 if (png_ptr->sig_bytes < 3)
65 png_ptr->mode |= PNG_HAVE_PNG_SIGNATURE;
66 }
67
68 /* Write the start of a PNG chunk. The type is the chunk type.
69 * The total_length is the sum of the lengths of all the data you will be
70 * passing in png_write_chunk_data().
71 */
72 static void
png_write_chunk_header(png_structrp png_ptr,png_uint_32 chunk_name,png_uint_32 length)73 png_write_chunk_header(png_structrp png_ptr, png_uint_32 chunk_name,
74 png_uint_32 length)
75 {
76 png_byte buf[8];
77
78 #if defined(PNG_DEBUG) && (PNG_DEBUG > 0)
79 PNG_CSTRING_FROM_CHUNK(buf, chunk_name);
80 png_debug2(0, "Writing %s chunk, length = %lu", buf, (unsigned long)length);
81 #endif
82
83 if (png_ptr == NULL)
84 return;
85
86 #ifdef PNG_IO_STATE_SUPPORTED
87 /* Inform the I/O callback that the chunk header is being written.
88 * PNG_IO_CHUNK_HDR requires a single I/O call.
89 */
90 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_CHUNK_HDR;
91 #endif
92
93 /* Write the length and the chunk name */
94 png_save_uint_32(buf, length);
95 png_save_uint_32(buf + 4, chunk_name);
96 png_write_data(png_ptr, buf, 8);
97
98 /* Put the chunk name into png_ptr->chunk_name */
99 png_ptr->chunk_name = chunk_name;
100
101 /* Reset the crc and run it over the chunk name */
102 png_reset_crc(png_ptr);
103
104 png_calculate_crc(png_ptr, buf + 4, 4);
105
106 #ifdef PNG_IO_STATE_SUPPORTED
107 /* Inform the I/O callback that chunk data will (possibly) be written.
108 * PNG_IO_CHUNK_DATA does NOT require a specific number of I/O calls.
109 */
110 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_CHUNK_DATA;
111 #endif
112 }
113
114 void PNGAPI
png_write_chunk_start(png_structrp png_ptr,png_const_bytep chunk_string,png_uint_32 length)115 png_write_chunk_start(png_structrp png_ptr, png_const_bytep chunk_string,
116 png_uint_32 length)
117 {
118 png_write_chunk_header(png_ptr, PNG_CHUNK_FROM_STRING(chunk_string), length);
119 }
120
121 /* Write the data of a PNG chunk started with png_write_chunk_header().
122 * Note that multiple calls to this function are allowed, and that the
123 * sum of the lengths from these calls *must* add up to the total_length
124 * given to png_write_chunk_header().
125 */
126 void PNGAPI
png_write_chunk_data(png_structrp png_ptr,png_const_bytep data,size_t length)127 png_write_chunk_data(png_structrp png_ptr, png_const_bytep data, size_t length)
128 {
129 /* Write the data, and run the CRC over it */
130 if (png_ptr == NULL)
131 return;
132
133 if (data != NULL && length > 0)
134 {
135 png_write_data(png_ptr, data, length);
136
137 /* Update the CRC after writing the data,
138 * in case the user I/O routine alters it.
139 */
140 png_calculate_crc(png_ptr, data, length);
141 }
142 }
143
144 /* Finish a chunk started with png_write_chunk_header(). */
145 void PNGAPI
png_write_chunk_end(png_structrp png_ptr)146 png_write_chunk_end(png_structrp png_ptr)
147 {
148 png_byte buf[4];
149
150 if (png_ptr == NULL) return;
151
152 #ifdef PNG_IO_STATE_SUPPORTED
153 /* Inform the I/O callback that the chunk CRC is being written.
154 * PNG_IO_CHUNK_CRC requires a single I/O function call.
155 */
156 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_CHUNK_CRC;
157 #endif
158
159 /* Write the crc in a single operation */
160 png_save_uint_32(buf, png_ptr->crc);
161
162 png_write_data(png_ptr, buf, 4);
163 }
164
165 /* Write a PNG chunk all at once. The type is an array of ASCII characters
166 * representing the chunk name. The array must be at least 4 bytes in
167 * length, and does not need to be null terminated. To be safe, pass the
168 * pre-defined chunk names here, and if you need a new one, define it
169 * where the others are defined. The length is the length of the data.
170 * All the data must be present. If that is not possible, use the
171 * png_write_chunk_start(), png_write_chunk_data(), and png_write_chunk_end()
172 * functions instead.
173 */
174 static void
png_write_complete_chunk(png_structrp png_ptr,png_uint_32 chunk_name,png_const_bytep data,size_t length)175 png_write_complete_chunk(png_structrp png_ptr, png_uint_32 chunk_name,
176 png_const_bytep data, size_t length)
177 {
178 if (png_ptr == NULL)
179 return;
180
181 /* On 64-bit architectures 'length' may not fit in a png_uint_32. */
182 if (length > PNG_UINT_31_MAX)
183 png_error(png_ptr, "length exceeds PNG maximum");
184
185 png_write_chunk_header(png_ptr, chunk_name, (png_uint_32)length);
186 png_write_chunk_data(png_ptr, data, length);
187 png_write_chunk_end(png_ptr);
188 }
189
190 /* This is the API that calls the internal function above. */
191 void PNGAPI
png_write_chunk(png_structrp png_ptr,png_const_bytep chunk_string,png_const_bytep data,size_t length)192 png_write_chunk(png_structrp png_ptr, png_const_bytep chunk_string,
193 png_const_bytep data, size_t length)
194 {
195 png_write_complete_chunk(png_ptr, PNG_CHUNK_FROM_STRING(chunk_string), data,
196 length);
197 }
198
199 /* This is used below to find the size of an image to pass to png_deflate_claim,
200 * so it only needs to be accurate if the size is less than 16384 bytes (the
201 * point at which a lower LZ window size can be used.)
202 */
203 static png_alloc_size_t
png_image_size(png_structrp png_ptr)204 png_image_size(png_structrp png_ptr)
205 {
206 /* Only return sizes up to the maximum of a png_uint_32; do this by limiting
207 * the width and height used to 15 bits.
208 */
209 png_uint_32 h = png_ptr->height;
210
211 if (png_ptr->rowbytes < 32768 && h < 32768)
212 {
213 if (png_ptr->interlaced != 0)
214 {
215 /* Interlacing makes the image larger because of the replication of
216 * both the filter byte and the padding to a byte boundary.
217 */
218 png_uint_32 w = png_ptr->width;
219 unsigned int pd = png_ptr->pixel_depth;
220 png_alloc_size_t cb_base;
221 int pass;
222
223 for (cb_base=0, pass=0; pass<=6; ++pass)
224 {
225 png_uint_32 pw = PNG_PASS_COLS(w, pass);
226
227 if (pw > 0)
228 cb_base += (PNG_ROWBYTES(pd, pw)+1) * PNG_PASS_ROWS(h, pass);
229 }
230
231 return cb_base;
232 }
233
234 else
235 return (png_ptr->rowbytes+1) * h;
236 }
237
238 else
239 return 0xffffffffU;
240 }
241
242 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
243 /* This is the code to hack the first two bytes of the deflate stream (the
244 * deflate header) to correct the windowBits value to match the actual data
245 * size. Note that the second argument is the *uncompressed* size but the
246 * first argument is the *compressed* data (and it must be deflate
247 * compressed.)
248 */
249 static void
optimize_cmf(png_bytep data,png_alloc_size_t data_size)250 optimize_cmf(png_bytep data, png_alloc_size_t data_size)
251 {
252 /* Optimize the CMF field in the zlib stream. The resultant zlib stream is
253 * still compliant to the stream specification.
254 */
255 if (data_size <= 16384) /* else windowBits must be 15 */
256 {
257 unsigned int z_cmf = data[0]; /* zlib compression method and flags */
258
259 if ((z_cmf & 0x0f) == 8 && (z_cmf & 0xf0) <= 0x70)
260 {
261 unsigned int z_cinfo;
262 unsigned int half_z_window_size;
263
264 z_cinfo = z_cmf >> 4;
265 half_z_window_size = 1U << (z_cinfo + 7);
266
267 if (data_size <= half_z_window_size) /* else no change */
268 {
269 unsigned int tmp;
270
271 do
272 {
273 half_z_window_size >>= 1;
274 --z_cinfo;
275 }
276 while (z_cinfo > 0 && data_size <= half_z_window_size);
277
278 z_cmf = (z_cmf & 0x0f) | (z_cinfo << 4);
279
280 data[0] = (png_byte)z_cmf;
281 tmp = data[1] & 0xe0;
282 tmp += 0x1f - ((z_cmf << 8) + tmp) % 0x1f;
283 data[1] = (png_byte)tmp;
284 }
285 }
286 }
287 }
288 #endif /* WRITE_OPTIMIZE_CMF */
289
290 /* Initialize the compressor for the appropriate type of compression. */
291 static int
png_deflate_claim(png_structrp png_ptr,png_uint_32 owner,png_alloc_size_t data_size)292 png_deflate_claim(png_structrp png_ptr, png_uint_32 owner,
293 png_alloc_size_t data_size)
294 {
295 if (png_ptr->zowner != 0)
296 {
297 #if defined(PNG_WARNINGS_SUPPORTED) || defined(PNG_ERROR_TEXT_SUPPORTED)
298 char msg[64];
299
300 PNG_STRING_FROM_CHUNK(msg, owner);
301 msg[4] = ':';
302 msg[5] = ' ';
303 PNG_STRING_FROM_CHUNK(msg+6, png_ptr->zowner);
304 /* So the message that results is "<chunk> using zstream"; this is an
305 * internal error, but is very useful for debugging. i18n requirements
306 * are minimal.
307 */
308 (void)png_safecat(msg, (sizeof msg), 10, " using zstream");
309 #endif
310 #if PNG_RELEASE_BUILD
311 png_warning(png_ptr, msg);
312
313 /* Attempt sane error recovery */
314 if (png_ptr->zowner == png_IDAT) /* don't steal from IDAT */
315 {
316 png_ptr->zstream.msg = PNGZ_MSG_CAST("in use by IDAT");
317 return Z_STREAM_ERROR;
318 }
319
320 png_ptr->zowner = 0;
321 #else
322 png_error(png_ptr, msg);
323 #endif
324 }
325
326 {
327 int level = png_ptr->zlib_level;
328 int method = png_ptr->zlib_method;
329 int windowBits = png_ptr->zlib_window_bits;
330 int memLevel = png_ptr->zlib_mem_level;
331 int strategy; /* set below */
332 int ret; /* zlib return code */
333
334 if (owner == png_IDAT)
335 {
336 if ((png_ptr->flags & PNG_FLAG_ZLIB_CUSTOM_STRATEGY) != 0)
337 strategy = png_ptr->zlib_strategy;
338
339 else if (png_ptr->do_filter != PNG_FILTER_NONE)
340 strategy = PNG_Z_DEFAULT_STRATEGY;
341
342 else
343 strategy = PNG_Z_DEFAULT_NOFILTER_STRATEGY;
344 }
345
346 else
347 {
348 #ifdef PNG_WRITE_CUSTOMIZE_ZTXT_COMPRESSION_SUPPORTED
349 level = png_ptr->zlib_text_level;
350 method = png_ptr->zlib_text_method;
351 windowBits = png_ptr->zlib_text_window_bits;
352 memLevel = png_ptr->zlib_text_mem_level;
353 strategy = png_ptr->zlib_text_strategy;
354 #else
355 /* If customization is not supported the values all come from the
356 * IDAT values except for the strategy, which is fixed to the
357 * default. (This is the pre-1.6.0 behavior too, although it was
358 * implemented in a very different way.)
359 */
360 strategy = Z_DEFAULT_STRATEGY;
361 #endif
362 }
363
364 /* Adjust 'windowBits' down if larger than 'data_size'; to stop this
365 * happening just pass 32768 as the data_size parameter. Notice that zlib
366 * requires an extra 262 bytes in the window in addition to the data to be
367 * able to see the whole of the data, so if data_size+262 takes us to the
368 * next windowBits size we need to fix up the value later. (Because even
369 * though deflate needs the extra window, inflate does not!)
370 */
371 if (data_size <= 16384)
372 {
373 /* IMPLEMENTATION NOTE: this 'half_window_size' stuff is only here to
374 * work round a Microsoft Visual C misbehavior which, contrary to C-90,
375 * widens the result of the following shift to 64-bits if (and,
376 * apparently, only if) it is used in a test.
377 */
378 unsigned int half_window_size = 1U << (windowBits-1);
379
380 while (data_size + 262 <= half_window_size)
381 {
382 half_window_size >>= 1;
383 --windowBits;
384 }
385 }
386
387 /* Check against the previous initialized values, if any. */
388 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_INITIALIZED) != 0 &&
389 (png_ptr->zlib_set_level != level ||
390 png_ptr->zlib_set_method != method ||
391 png_ptr->zlib_set_window_bits != windowBits ||
392 png_ptr->zlib_set_mem_level != memLevel ||
393 png_ptr->zlib_set_strategy != strategy))
394 {
395 if (deflateEnd(&png_ptr->zstream) != Z_OK)
396 png_warning(png_ptr, "deflateEnd failed (ignored)");
397
398 png_ptr->flags &= ~PNG_FLAG_ZSTREAM_INITIALIZED;
399 }
400
401 /* For safety clear out the input and output pointers (currently zlib
402 * doesn't use them on Init, but it might in the future).
403 */
404 png_ptr->zstream.next_in = NULL;
405 png_ptr->zstream.avail_in = 0;
406 png_ptr->zstream.next_out = NULL;
407 png_ptr->zstream.avail_out = 0;
408
409 /* Now initialize if required, setting the new parameters, otherwise just
410 * do a simple reset to the previous parameters.
411 */
412 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_INITIALIZED) != 0)
413 ret = deflateReset(&png_ptr->zstream);
414
415 else
416 {
417 ret = deflateInit2(&png_ptr->zstream, level, method, windowBits,
418 memLevel, strategy);
419
420 if (ret == Z_OK)
421 png_ptr->flags |= PNG_FLAG_ZSTREAM_INITIALIZED;
422 }
423
424 /* The return code is from either deflateReset or deflateInit2; they have
425 * pretty much the same set of error codes.
426 */
427 if (ret == Z_OK)
428 png_ptr->zowner = owner;
429
430 else
431 png_zstream_error(png_ptr, ret);
432
433 return ret;
434 }
435 }
436
437 /* Clean up (or trim) a linked list of compression buffers. */
438 void /* PRIVATE */
png_free_buffer_list(png_structrp png_ptr,png_compression_bufferp * listp)439 png_free_buffer_list(png_structrp png_ptr, png_compression_bufferp *listp)
440 {
441 png_compression_bufferp list = *listp;
442
443 if (list != NULL)
444 {
445 *listp = NULL;
446
447 do
448 {
449 png_compression_bufferp next = list->next;
450
451 png_free(png_ptr, list);
452 list = next;
453 }
454 while (list != NULL);
455 }
456 }
457
458 #ifdef PNG_WRITE_COMPRESSED_TEXT_SUPPORTED
459 /* This pair of functions encapsulates the operation of (a) compressing a
460 * text string, and (b) issuing it later as a series of chunk data writes.
461 * The compression_state structure is shared context for these functions
462 * set up by the caller to allow access to the relevant local variables.
463 *
464 * compression_buffer (new in 1.6.0) is just a linked list of zbuffer_size
465 * temporary buffers. From 1.6.0 it is retained in png_struct so that it will
466 * be correctly freed in the event of a write error (previous implementations
467 * just leaked memory.)
468 */
469 typedef struct
470 {
471 png_const_bytep input; /* The uncompressed input data */
472 png_alloc_size_t input_len; /* Its length */
473 png_uint_32 output_len; /* Final compressed length */
474 png_byte output[1024]; /* First block of output */
475 } compression_state;
476
477 static void
png_text_compress_init(compression_state * comp,png_const_bytep input,png_alloc_size_t input_len)478 png_text_compress_init(compression_state *comp, png_const_bytep input,
479 png_alloc_size_t input_len)
480 {
481 comp->input = input;
482 comp->input_len = input_len;
483 comp->output_len = 0;
484 }
485
486 /* Compress the data in the compression state input */
487 static int
png_text_compress(png_structrp png_ptr,png_uint_32 chunk_name,compression_state * comp,png_uint_32 prefix_len)488 png_text_compress(png_structrp png_ptr, png_uint_32 chunk_name,
489 compression_state *comp, png_uint_32 prefix_len)
490 {
491 int ret;
492
493 /* To find the length of the output it is necessary to first compress the
494 * input. The result is buffered rather than using the two-pass algorithm
495 * that is used on the inflate side; deflate is assumed to be slower and a
496 * PNG writer is assumed to have more memory available than a PNG reader.
497 *
498 * IMPLEMENTATION NOTE: the zlib API deflateBound() can be used to find an
499 * upper limit on the output size, but it is always bigger than the input
500 * size so it is likely to be more efficient to use this linked-list
501 * approach.
502 */
503 ret = png_deflate_claim(png_ptr, chunk_name, comp->input_len);
504
505 if (ret != Z_OK)
506 return ret;
507
508 /* Set up the compression buffers, we need a loop here to avoid overflowing a
509 * uInt. Use ZLIB_IO_MAX to limit the input. The output is always limited
510 * by the output buffer size, so there is no need to check that. Since this
511 * is ANSI-C we know that an 'int', hence a uInt, is always at least 16 bits
512 * in size.
513 */
514 {
515 png_compression_bufferp *end = &png_ptr->zbuffer_list;
516 png_alloc_size_t input_len = comp->input_len; /* may be zero! */
517 png_uint_32 output_len;
518
519 /* zlib updates these for us: */
520 png_ptr->zstream.next_in = PNGZ_INPUT_CAST(comp->input);
521 png_ptr->zstream.avail_in = 0; /* Set below */
522 png_ptr->zstream.next_out = comp->output;
523 png_ptr->zstream.avail_out = (sizeof comp->output);
524
525 output_len = png_ptr->zstream.avail_out;
526
527 do
528 {
529 uInt avail_in = ZLIB_IO_MAX;
530
531 if (avail_in > input_len)
532 avail_in = (uInt)input_len;
533
534 input_len -= avail_in;
535
536 png_ptr->zstream.avail_in = avail_in;
537
538 if (png_ptr->zstream.avail_out == 0)
539 {
540 png_compression_buffer *next;
541
542 /* Chunk data is limited to 2^31 bytes in length, so the prefix
543 * length must be counted here.
544 */
545 if (output_len + prefix_len > PNG_UINT_31_MAX)
546 {
547 ret = Z_MEM_ERROR;
548 break;
549 }
550
551 /* Need a new (malloc'ed) buffer, but there may be one present
552 * already.
553 */
554 next = *end;
555 if (next == NULL)
556 {
557 next = png_voidcast(png_compression_bufferp, png_malloc_base
558 (png_ptr, PNG_COMPRESSION_BUFFER_SIZE(png_ptr)));
559
560 if (next == NULL)
561 {
562 ret = Z_MEM_ERROR;
563 break;
564 }
565
566 /* Link in this buffer (so that it will be freed later) */
567 next->next = NULL;
568 *end = next;
569 }
570
571 png_ptr->zstream.next_out = next->output;
572 png_ptr->zstream.avail_out = png_ptr->zbuffer_size;
573 output_len += png_ptr->zstream.avail_out;
574
575 /* Move 'end' to the next buffer pointer. */
576 end = &next->next;
577 }
578
579 /* Compress the data */
580 ret = deflate(&png_ptr->zstream,
581 input_len > 0 ? Z_NO_FLUSH : Z_FINISH);
582
583 /* Claw back input data that was not consumed (because avail_in is
584 * reset above every time round the loop).
585 */
586 input_len += png_ptr->zstream.avail_in;
587 png_ptr->zstream.avail_in = 0; /* safety */
588 }
589 while (ret == Z_OK);
590
591 /* There may be some space left in the last output buffer. This needs to
592 * be subtracted from output_len.
593 */
594 output_len -= png_ptr->zstream.avail_out;
595 png_ptr->zstream.avail_out = 0; /* safety */
596 comp->output_len = output_len;
597
598 /* Now double check the output length, put in a custom message if it is
599 * too long. Otherwise ensure the z_stream::msg pointer is set to
600 * something.
601 */
602 if (output_len + prefix_len >= PNG_UINT_31_MAX)
603 {
604 png_ptr->zstream.msg = PNGZ_MSG_CAST("compressed data too long");
605 ret = Z_MEM_ERROR;
606 }
607
608 else
609 png_zstream_error(png_ptr, ret);
610
611 /* Reset zlib for another zTXt/iTXt or image data */
612 png_ptr->zowner = 0;
613
614 /* The only success case is Z_STREAM_END, input_len must be 0; if not this
615 * is an internal error.
616 */
617 if (ret == Z_STREAM_END && input_len == 0)
618 {
619 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
620 /* Fix up the deflate header, if required */
621 optimize_cmf(comp->output, comp->input_len);
622 #endif
623 /* But Z_OK is returned, not Z_STREAM_END; this allows the claim
624 * function above to return Z_STREAM_END on an error (though it never
625 * does in the current versions of zlib.)
626 */
627 return Z_OK;
628 }
629
630 else
631 return ret;
632 }
633 }
634
635 /* Ship the compressed text out via chunk writes */
636 static void
png_write_compressed_data_out(png_structrp png_ptr,compression_state * comp)637 png_write_compressed_data_out(png_structrp png_ptr, compression_state *comp)
638 {
639 png_uint_32 output_len = comp->output_len;
640 png_const_bytep output = comp->output;
641 png_uint_32 avail = (sizeof comp->output);
642 png_compression_buffer *next = png_ptr->zbuffer_list;
643
644 for (;;)
645 {
646 if (avail > output_len)
647 avail = output_len;
648
649 png_write_chunk_data(png_ptr, output, avail);
650
651 output_len -= avail;
652
653 if (output_len == 0 || next == NULL)
654 break;
655
656 avail = png_ptr->zbuffer_size;
657 output = next->output;
658 next = next->next;
659 }
660
661 /* This is an internal error; 'next' must have been NULL! */
662 if (output_len > 0)
663 png_error(png_ptr, "error writing ancillary chunked compressed data");
664 }
665 #endif /* WRITE_COMPRESSED_TEXT */
666
667 /* Write the IHDR chunk, and update the png_struct with the necessary
668 * information. Note that the rest of this code depends upon this
669 * information being correct.
670 */
671 void /* PRIVATE */
png_write_IHDR(png_structrp png_ptr,png_uint_32 width,png_uint_32 height,int bit_depth,int color_type,int compression_type,int filter_type,int interlace_type)672 png_write_IHDR(png_structrp png_ptr, png_uint_32 width, png_uint_32 height,
673 int bit_depth, int color_type, int compression_type, int filter_type,
674 int interlace_type)
675 {
676 png_byte buf[13]; /* Buffer to store the IHDR info */
677 int is_invalid_depth;
678
679 png_debug(1, "in png_write_IHDR");
680
681 /* Check that we have valid input data from the application info */
682 switch (color_type)
683 {
684 case PNG_COLOR_TYPE_GRAY:
685 switch (bit_depth)
686 {
687 case 1:
688 case 2:
689 case 4:
690 case 8:
691 #ifdef PNG_WRITE_16BIT_SUPPORTED
692 case 16:
693 #endif
694 png_ptr->channels = 1; break;
695
696 default:
697 png_error(png_ptr,
698 "Invalid bit depth for grayscale image");
699 }
700 break;
701
702 case PNG_COLOR_TYPE_RGB:
703 is_invalid_depth = (bit_depth != 8);
704 #ifdef PNG_WRITE_16BIT_SUPPORTED
705 is_invalid_depth = (is_invalid_depth && bit_depth != 16);
706 #endif
707 if (is_invalid_depth)
708 png_error(png_ptr, "Invalid bit depth for RGB image");
709
710 png_ptr->channels = 3;
711 break;
712
713 case PNG_COLOR_TYPE_PALETTE:
714 switch (bit_depth)
715 {
716 case 1:
717 case 2:
718 case 4:
719 case 8:
720 png_ptr->channels = 1;
721 break;
722
723 default:
724 png_error(png_ptr, "Invalid bit depth for paletted image");
725 }
726 break;
727
728 case PNG_COLOR_TYPE_GRAY_ALPHA:
729 is_invalid_depth = (bit_depth != 8);
730 #ifdef PNG_WRITE_16BIT_SUPPORTED
731 is_invalid_depth = (is_invalid_depth && bit_depth != 16);
732 #endif
733 if (is_invalid_depth)
734 png_error(png_ptr, "Invalid bit depth for grayscale+alpha image");
735
736 png_ptr->channels = 2;
737 break;
738
739 case PNG_COLOR_TYPE_RGB_ALPHA:
740 is_invalid_depth = (bit_depth != 8);
741 #ifdef PNG_WRITE_16BIT_SUPPORTED
742 is_invalid_depth = (is_invalid_depth && bit_depth != 16);
743 #endif
744 if (is_invalid_depth)
745 png_error(png_ptr, "Invalid bit depth for RGBA image");
746
747 png_ptr->channels = 4;
748 break;
749
750 default:
751 png_error(png_ptr, "Invalid image color type specified");
752 }
753
754 if (compression_type != PNG_COMPRESSION_TYPE_BASE)
755 {
756 png_warning(png_ptr, "Invalid compression type specified");
757 compression_type = PNG_COMPRESSION_TYPE_BASE;
758 }
759
760 /* Write filter_method 64 (intrapixel differencing) only if
761 * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and
762 * 2. Libpng did not write a PNG signature (this filter_method is only
763 * used in PNG datastreams that are embedded in MNG datastreams) and
764 * 3. The application called png_permit_mng_features with a mask that
765 * included PNG_FLAG_MNG_FILTER_64 and
766 * 4. The filter_method is 64 and
767 * 5. The color_type is RGB or RGBA
768 */
769 if (
770 #ifdef PNG_MNG_FEATURES_SUPPORTED
771 !((png_ptr->mng_features_permitted & PNG_FLAG_MNG_FILTER_64) != 0 &&
772 ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) == 0) &&
773 (color_type == PNG_COLOR_TYPE_RGB ||
774 color_type == PNG_COLOR_TYPE_RGB_ALPHA) &&
775 (filter_type == PNG_INTRAPIXEL_DIFFERENCING)) &&
776 #endif
777 filter_type != PNG_FILTER_TYPE_BASE)
778 {
779 png_warning(png_ptr, "Invalid filter type specified");
780 filter_type = PNG_FILTER_TYPE_BASE;
781 }
782
783 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
784 if (interlace_type != PNG_INTERLACE_NONE &&
785 interlace_type != PNG_INTERLACE_ADAM7)
786 {
787 png_warning(png_ptr, "Invalid interlace type specified");
788 interlace_type = PNG_INTERLACE_ADAM7;
789 }
790 #else
791 interlace_type=PNG_INTERLACE_NONE;
792 #endif
793
794 /* Save the relevant information */
795 png_ptr->bit_depth = (png_byte)bit_depth;
796 png_ptr->color_type = (png_byte)color_type;
797 png_ptr->interlaced = (png_byte)interlace_type;
798 #ifdef PNG_MNG_FEATURES_SUPPORTED
799 png_ptr->filter_type = (png_byte)filter_type;
800 #endif
801 png_ptr->compression_type = (png_byte)compression_type;
802 png_ptr->width = width;
803 png_ptr->height = height;
804
805 png_ptr->pixel_depth = (png_byte)(bit_depth * png_ptr->channels);
806 png_ptr->rowbytes = PNG_ROWBYTES(png_ptr->pixel_depth, width);
807 /* Set the usr info, so any transformations can modify it */
808 png_ptr->usr_width = png_ptr->width;
809 png_ptr->usr_bit_depth = png_ptr->bit_depth;
810 png_ptr->usr_channels = png_ptr->channels;
811
812 /* Pack the header information into the buffer */
813 png_save_uint_32(buf, width);
814 png_save_uint_32(buf + 4, height);
815 buf[8] = (png_byte)bit_depth;
816 buf[9] = (png_byte)color_type;
817 buf[10] = (png_byte)compression_type;
818 buf[11] = (png_byte)filter_type;
819 buf[12] = (png_byte)interlace_type;
820
821 /* Write the chunk */
822 png_write_complete_chunk(png_ptr, png_IHDR, buf, 13);
823
824 #ifdef PNG_WRITE_APNG_SUPPORTED
825 png_ptr->first_frame_width = width;
826 png_ptr->first_frame_height = height;
827 #endif
828
829 if ((png_ptr->do_filter) == PNG_NO_FILTERS)
830 {
831 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE ||
832 png_ptr->bit_depth < 8)
833 png_ptr->do_filter = PNG_FILTER_NONE;
834
835 else
836 png_ptr->do_filter = PNG_ALL_FILTERS;
837 }
838
839 png_ptr->mode = PNG_HAVE_IHDR; /* not READY_FOR_ZTXT */
840 }
841
842 /* Write the palette. We are careful not to trust png_color to be in the
843 * correct order for PNG, so people can redefine it to any convenient
844 * structure.
845 */
846 void /* PRIVATE */
png_write_PLTE(png_structrp png_ptr,png_const_colorp palette,png_uint_32 num_pal)847 png_write_PLTE(png_structrp png_ptr, png_const_colorp palette,
848 png_uint_32 num_pal)
849 {
850 png_uint_32 max_palette_length, i;
851 png_const_colorp pal_ptr;
852 png_byte buf[3];
853
854 png_debug(1, "in png_write_PLTE");
855
856 max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
857 (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
858
859 if ((
860 #ifdef PNG_MNG_FEATURES_SUPPORTED
861 (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0 &&
862 #endif
863 num_pal == 0) || num_pal > max_palette_length)
864 {
865 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
866 {
867 png_error(png_ptr, "Invalid number of colors in palette");
868 }
869
870 else
871 {
872 png_warning(png_ptr, "Invalid number of colors in palette");
873 return;
874 }
875 }
876
877 if ((png_ptr->color_type & PNG_COLOR_MASK_COLOR) == 0)
878 {
879 png_warning(png_ptr,
880 "Ignoring request to write a PLTE chunk in grayscale PNG");
881
882 return;
883 }
884
885 png_ptr->num_palette = (png_uint_16)num_pal;
886 png_debug1(3, "num_palette = %d", png_ptr->num_palette);
887
888 png_write_chunk_header(png_ptr, png_PLTE, (png_uint_32)(num_pal * 3));
889 #ifdef PNG_POINTER_INDEXING_SUPPORTED
890
891 for (i = 0, pal_ptr = palette; i < num_pal; i++, pal_ptr++)
892 {
893 buf[0] = pal_ptr->red;
894 buf[1] = pal_ptr->green;
895 buf[2] = pal_ptr->blue;
896 png_write_chunk_data(png_ptr, buf, 3);
897 }
898
899 #else
900 /* This is a little slower but some buggy compilers need to do this
901 * instead
902 */
903 pal_ptr=palette;
904
905 for (i = 0; i < num_pal; i++)
906 {
907 buf[0] = pal_ptr[i].red;
908 buf[1] = pal_ptr[i].green;
909 buf[2] = pal_ptr[i].blue;
910 png_write_chunk_data(png_ptr, buf, 3);
911 }
912
913 #endif
914 png_write_chunk_end(png_ptr);
915 png_ptr->mode |= PNG_HAVE_PLTE;
916 }
917
918 /* This is similar to png_text_compress, above, except that it does not require
919 * all of the data at once and, instead of buffering the compressed result,
920 * writes it as IDAT chunks. Unlike png_text_compress it *can* png_error out
921 * because it calls the write interface. As a result it does its own error
922 * reporting and does not return an error code. In the event of error it will
923 * just call png_error. The input data length may exceed 32-bits. The 'flush'
924 * parameter is exactly the same as that to deflate, with the following
925 * meanings:
926 *
927 * Z_NO_FLUSH: normal incremental output of compressed data
928 * Z_SYNC_FLUSH: do a SYNC_FLUSH, used by png_write_flush
929 * Z_FINISH: this is the end of the input, do a Z_FINISH and clean up
930 *
931 * The routine manages the acquire and release of the png_ptr->zstream by
932 * checking and (at the end) clearing png_ptr->zowner; it does some sanity
933 * checks on the 'mode' flags while doing this.
934 */
935 void /* PRIVATE */
png_compress_IDAT(png_structrp png_ptr,png_const_bytep input,png_alloc_size_t input_len,int flush)936 png_compress_IDAT(png_structrp png_ptr, png_const_bytep input,
937 png_alloc_size_t input_len, int flush)
938 {
939 if (png_ptr->zowner != png_IDAT)
940 {
941 /* First time. Ensure we have a temporary buffer for compression and
942 * trim the buffer list if it has more than one entry to free memory.
943 * If 'WRITE_COMPRESSED_TEXT' is not set the list will never have been
944 * created at this point, but the check here is quick and safe.
945 */
946 if (png_ptr->zbuffer_list == NULL)
947 {
948 png_ptr->zbuffer_list = png_voidcast(png_compression_bufferp,
949 png_malloc(png_ptr, PNG_COMPRESSION_BUFFER_SIZE(png_ptr)));
950 png_ptr->zbuffer_list->next = NULL;
951 }
952
953 else
954 png_free_buffer_list(png_ptr, &png_ptr->zbuffer_list->next);
955
956 /* It is a terminal error if we can't claim the zstream. */
957 if (png_deflate_claim(png_ptr, png_IDAT, png_image_size(png_ptr)) != Z_OK)
958 png_error(png_ptr, png_ptr->zstream.msg);
959
960 /* The output state is maintained in png_ptr->zstream, so it must be
961 * initialized here after the claim.
962 */
963 png_ptr->zstream.next_out = png_ptr->zbuffer_list->output;
964 png_ptr->zstream.avail_out = png_ptr->zbuffer_size;
965 }
966
967 /* Now loop reading and writing until all the input is consumed or an error
968 * terminates the operation. The _out values are maintained across calls to
969 * this function, but the input must be reset each time.
970 */
971 png_ptr->zstream.next_in = PNGZ_INPUT_CAST(input);
972 png_ptr->zstream.avail_in = 0; /* set below */
973 for (;;)
974 {
975 int ret;
976
977 /* INPUT: from the row data */
978 uInt avail = ZLIB_IO_MAX;
979
980 if (avail > input_len)
981 avail = (uInt)input_len; /* safe because of the check */
982
983 png_ptr->zstream.avail_in = avail;
984 input_len -= avail;
985
986 ret = deflate(&png_ptr->zstream, input_len > 0 ? Z_NO_FLUSH : flush);
987
988 /* Include as-yet unconsumed input */
989 input_len += png_ptr->zstream.avail_in;
990 png_ptr->zstream.avail_in = 0;
991
992 /* OUTPUT: write complete IDAT chunks when avail_out drops to zero. Note
993 * that these two zstream fields are preserved across the calls, therefore
994 * there is no need to set these up on entry to the loop.
995 */
996 if (png_ptr->zstream.avail_out == 0)
997 {
998 png_bytep data = png_ptr->zbuffer_list->output;
999 uInt size = png_ptr->zbuffer_size;
1000
1001 /* Write an IDAT containing the data then reset the buffer. The
1002 * first IDAT may need deflate header optimization.
1003 */
1004 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
1005 if ((png_ptr->mode & PNG_HAVE_IDAT) == 0 &&
1006 png_ptr->compression_type == PNG_COMPRESSION_TYPE_BASE)
1007 optimize_cmf(data, png_image_size(png_ptr));
1008 #endif
1009
1010 if (size > 0)
1011 #ifdef PNG_WRITE_APNG_SUPPORTED
1012 {
1013 if (png_ptr->num_frames_written == 0)
1014 #endif
1015 png_write_complete_chunk(png_ptr, png_IDAT, data, size);
1016 #ifdef PNG_WRITE_APNG_SUPPORTED
1017 else
1018 png_write_fdAT(png_ptr, data, size);
1019 }
1020 #endif /* WRITE_APNG */
1021
1022 png_ptr->mode |= PNG_HAVE_IDAT;
1023
1024 png_ptr->zstream.next_out = data;
1025 png_ptr->zstream.avail_out = size;
1026
1027 /* For SYNC_FLUSH or FINISH it is essential to keep calling zlib with
1028 * the same flush parameter until it has finished output, for NO_FLUSH
1029 * it doesn't matter.
1030 */
1031 if (ret == Z_OK && flush != Z_NO_FLUSH)
1032 continue;
1033 }
1034
1035 /* The order of these checks doesn't matter much; it just affects which
1036 * possible error might be detected if multiple things go wrong at once.
1037 */
1038 if (ret == Z_OK) /* most likely return code! */
1039 {
1040 /* If all the input has been consumed then just return. If Z_FINISH
1041 * was used as the flush parameter something has gone wrong if we get
1042 * here.
1043 */
1044 if (input_len == 0)
1045 {
1046 if (flush == Z_FINISH)
1047 png_error(png_ptr, "Z_OK on Z_FINISH with output space");
1048
1049 return;
1050 }
1051 }
1052
1053 else if (ret == Z_STREAM_END && flush == Z_FINISH)
1054 {
1055 /* This is the end of the IDAT data; any pending output must be
1056 * flushed. For small PNG files we may still be at the beginning.
1057 */
1058 png_bytep data = png_ptr->zbuffer_list->output;
1059 uInt size = png_ptr->zbuffer_size - png_ptr->zstream.avail_out;
1060
1061 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
1062 if ((png_ptr->mode & PNG_HAVE_IDAT) == 0 &&
1063 png_ptr->compression_type == PNG_COMPRESSION_TYPE_BASE)
1064 optimize_cmf(data, png_image_size(png_ptr));
1065 #endif
1066
1067 if (size > 0)
1068 #ifdef PNG_WRITE_APNG_SUPPORTED
1069 {
1070 if (png_ptr->num_frames_written == 0)
1071 #endif
1072 png_write_complete_chunk(png_ptr, png_IDAT, data, size);
1073 #ifdef PNG_WRITE_APNG_SUPPORTED
1074 else
1075 png_write_fdAT(png_ptr, data, size);
1076 }
1077 #endif /* WRITE_APNG */
1078
1079 png_ptr->zstream.avail_out = 0;
1080 png_ptr->zstream.next_out = NULL;
1081 png_ptr->mode |= PNG_HAVE_IDAT | PNG_AFTER_IDAT;
1082
1083 png_ptr->zowner = 0; /* Release the stream */
1084 return;
1085 }
1086
1087 else
1088 {
1089 /* This is an error condition. */
1090 png_zstream_error(png_ptr, ret);
1091 png_error(png_ptr, png_ptr->zstream.msg);
1092 }
1093 }
1094 }
1095
1096 /* Write an IEND chunk */
1097 void /* PRIVATE */
png_write_IEND(png_structrp png_ptr)1098 png_write_IEND(png_structrp png_ptr)
1099 {
1100 png_debug(1, "in png_write_IEND");
1101
1102 png_write_complete_chunk(png_ptr, png_IEND, NULL, 0);
1103 png_ptr->mode |= PNG_HAVE_IEND;
1104 }
1105
1106 #ifdef PNG_WRITE_gAMA_SUPPORTED
1107 /* Write a gAMA chunk */
1108 void /* PRIVATE */
png_write_gAMA_fixed(png_structrp png_ptr,png_fixed_point file_gamma)1109 png_write_gAMA_fixed(png_structrp png_ptr, png_fixed_point file_gamma)
1110 {
1111 png_byte buf[4];
1112
1113 png_debug(1, "in png_write_gAMA");
1114
1115 /* file_gamma is saved in 1/100,000ths */
1116 png_save_uint_32(buf, (png_uint_32)file_gamma);
1117 png_write_complete_chunk(png_ptr, png_gAMA, buf, 4);
1118 }
1119 #endif
1120
1121 #ifdef PNG_WRITE_sRGB_SUPPORTED
1122 /* Write a sRGB chunk */
1123 void /* PRIVATE */
png_write_sRGB(png_structrp png_ptr,int srgb_intent)1124 png_write_sRGB(png_structrp png_ptr, int srgb_intent)
1125 {
1126 png_byte buf[1];
1127
1128 png_debug(1, "in png_write_sRGB");
1129
1130 if (srgb_intent >= PNG_sRGB_INTENT_LAST)
1131 png_warning(png_ptr,
1132 "Invalid sRGB rendering intent specified");
1133
1134 buf[0]=(png_byte)srgb_intent;
1135 png_write_complete_chunk(png_ptr, png_sRGB, buf, 1);
1136 }
1137 #endif
1138
1139 #ifdef PNG_WRITE_iCCP_SUPPORTED
1140 /* Write an iCCP chunk */
1141 void /* PRIVATE */
png_write_iCCP(png_structrp png_ptr,png_const_charp name,png_const_bytep profile)1142 png_write_iCCP(png_structrp png_ptr, png_const_charp name,
1143 png_const_bytep profile)
1144 {
1145 png_uint_32 name_len;
1146 png_uint_32 profile_len;
1147 png_byte new_name[81]; /* 1 byte for the compression byte */
1148 compression_state comp;
1149 png_uint_32 temp;
1150
1151 png_debug(1, "in png_write_iCCP");
1152
1153 /* These are all internal problems: the profile should have been checked
1154 * before when it was stored.
1155 */
1156 if (profile == NULL)
1157 png_error(png_ptr, "No profile for iCCP chunk"); /* internal error */
1158
1159 profile_len = png_get_uint_32(profile);
1160
1161 if (profile_len < 132)
1162 png_error(png_ptr, "ICC profile too short");
1163
1164 temp = (png_uint_32) (*(profile+8));
1165 if (temp > 3 && (profile_len & 0x03))
1166 png_error(png_ptr, "ICC profile length invalid (not a multiple of 4)");
1167
1168 {
1169 png_uint_32 embedded_profile_len = png_get_uint_32(profile);
1170
1171 if (profile_len != embedded_profile_len)
1172 png_error(png_ptr, "Profile length does not match profile");
1173 }
1174
1175 name_len = png_check_keyword(png_ptr, name, new_name);
1176
1177 if (name_len == 0)
1178 png_error(png_ptr, "iCCP: invalid keyword");
1179
1180 new_name[++name_len] = PNG_COMPRESSION_TYPE_BASE;
1181
1182 /* Make sure we include the NULL after the name and the compression type */
1183 ++name_len;
1184
1185 png_text_compress_init(&comp, profile, profile_len);
1186
1187 /* Allow for keyword terminator and compression byte */
1188 if (png_text_compress(png_ptr, png_iCCP, &comp, name_len) != Z_OK)
1189 png_error(png_ptr, png_ptr->zstream.msg);
1190
1191 png_write_chunk_header(png_ptr, png_iCCP, name_len + comp.output_len);
1192
1193 png_write_chunk_data(png_ptr, new_name, name_len);
1194
1195 png_write_compressed_data_out(png_ptr, &comp);
1196
1197 png_write_chunk_end(png_ptr);
1198 }
1199 #endif
1200
1201 #ifdef PNG_WRITE_sPLT_SUPPORTED
1202 /* Write a sPLT chunk */
1203 void /* PRIVATE */
png_write_sPLT(png_structrp png_ptr,png_const_sPLT_tp spalette)1204 png_write_sPLT(png_structrp png_ptr, png_const_sPLT_tp spalette)
1205 {
1206 png_uint_32 name_len;
1207 png_byte new_name[80];
1208 png_byte entrybuf[10];
1209 size_t entry_size = (spalette->depth == 8 ? 6 : 10);
1210 size_t palette_size = entry_size * (size_t)spalette->nentries;
1211 png_sPLT_entryp ep;
1212 #ifndef PNG_POINTER_INDEXING_SUPPORTED
1213 int i;
1214 #endif
1215
1216 png_debug(1, "in png_write_sPLT");
1217
1218 name_len = png_check_keyword(png_ptr, spalette->name, new_name);
1219
1220 if (name_len == 0)
1221 png_error(png_ptr, "sPLT: invalid keyword");
1222
1223 /* Make sure we include the NULL after the name */
1224 png_write_chunk_header(png_ptr, png_sPLT,
1225 (png_uint_32)(name_len + 2 + palette_size));
1226
1227 png_write_chunk_data(png_ptr, (png_bytep)new_name, (size_t)(name_len + 1));
1228
1229 png_write_chunk_data(png_ptr, &spalette->depth, 1);
1230
1231 /* Loop through each palette entry, writing appropriately */
1232 #ifdef PNG_POINTER_INDEXING_SUPPORTED
1233 for (ep = spalette->entries; ep<spalette->entries + spalette->nentries; ep++)
1234 {
1235 if (spalette->depth == 8)
1236 {
1237 entrybuf[0] = (png_byte)ep->red;
1238 entrybuf[1] = (png_byte)ep->green;
1239 entrybuf[2] = (png_byte)ep->blue;
1240 entrybuf[3] = (png_byte)ep->alpha;
1241 png_save_uint_16(entrybuf + 4, ep->frequency);
1242 }
1243
1244 else
1245 {
1246 png_save_uint_16(entrybuf + 0, ep->red);
1247 png_save_uint_16(entrybuf + 2, ep->green);
1248 png_save_uint_16(entrybuf + 4, ep->blue);
1249 png_save_uint_16(entrybuf + 6, ep->alpha);
1250 png_save_uint_16(entrybuf + 8, ep->frequency);
1251 }
1252
1253 png_write_chunk_data(png_ptr, entrybuf, entry_size);
1254 }
1255 #else
1256 ep=spalette->entries;
1257 for (i = 0; i>spalette->nentries; i++)
1258 {
1259 if (spalette->depth == 8)
1260 {
1261 entrybuf[0] = (png_byte)ep[i].red;
1262 entrybuf[1] = (png_byte)ep[i].green;
1263 entrybuf[2] = (png_byte)ep[i].blue;
1264 entrybuf[3] = (png_byte)ep[i].alpha;
1265 png_save_uint_16(entrybuf + 4, ep[i].frequency);
1266 }
1267
1268 else
1269 {
1270 png_save_uint_16(entrybuf + 0, ep[i].red);
1271 png_save_uint_16(entrybuf + 2, ep[i].green);
1272 png_save_uint_16(entrybuf + 4, ep[i].blue);
1273 png_save_uint_16(entrybuf + 6, ep[i].alpha);
1274 png_save_uint_16(entrybuf + 8, ep[i].frequency);
1275 }
1276
1277 png_write_chunk_data(png_ptr, entrybuf, entry_size);
1278 }
1279 #endif
1280
1281 png_write_chunk_end(png_ptr);
1282 }
1283 #endif
1284
1285 #ifdef PNG_WRITE_sBIT_SUPPORTED
1286 /* Write the sBIT chunk */
1287 void /* PRIVATE */
png_write_sBIT(png_structrp png_ptr,png_const_color_8p sbit,int color_type)1288 png_write_sBIT(png_structrp png_ptr, png_const_color_8p sbit, int color_type)
1289 {
1290 png_byte buf[4];
1291 size_t size;
1292
1293 png_debug(1, "in png_write_sBIT");
1294
1295 /* Make sure we don't depend upon the order of PNG_COLOR_8 */
1296 if ((color_type & PNG_COLOR_MASK_COLOR) != 0)
1297 {
1298 png_byte maxbits;
1299
1300 maxbits = (png_byte)(color_type==PNG_COLOR_TYPE_PALETTE ? 8 :
1301 png_ptr->usr_bit_depth);
1302
1303 if (sbit->red == 0 || sbit->red > maxbits ||
1304 sbit->green == 0 || sbit->green > maxbits ||
1305 sbit->blue == 0 || sbit->blue > maxbits)
1306 {
1307 png_warning(png_ptr, "Invalid sBIT depth specified");
1308 return;
1309 }
1310
1311 buf[0] = sbit->red;
1312 buf[1] = sbit->green;
1313 buf[2] = sbit->blue;
1314 size = 3;
1315 }
1316
1317 else
1318 {
1319 if (sbit->gray == 0 || sbit->gray > png_ptr->usr_bit_depth)
1320 {
1321 png_warning(png_ptr, "Invalid sBIT depth specified");
1322 return;
1323 }
1324
1325 buf[0] = sbit->gray;
1326 size = 1;
1327 }
1328
1329 if ((color_type & PNG_COLOR_MASK_ALPHA) != 0)
1330 {
1331 if (sbit->alpha == 0 || sbit->alpha > png_ptr->usr_bit_depth)
1332 {
1333 png_warning(png_ptr, "Invalid sBIT depth specified");
1334 return;
1335 }
1336
1337 buf[size++] = sbit->alpha;
1338 }
1339
1340 png_write_complete_chunk(png_ptr, png_sBIT, buf, size);
1341 }
1342 #endif
1343
1344 #ifdef PNG_WRITE_cHRM_SUPPORTED
1345 /* Write the cHRM chunk */
1346 void /* PRIVATE */
png_write_cHRM_fixed(png_structrp png_ptr,const png_xy * xy)1347 png_write_cHRM_fixed(png_structrp png_ptr, const png_xy *xy)
1348 {
1349 png_byte buf[32];
1350
1351 png_debug(1, "in png_write_cHRM");
1352
1353 /* Each value is saved in 1/100,000ths */
1354 png_save_int_32(buf, xy->whitex);
1355 png_save_int_32(buf + 4, xy->whitey);
1356
1357 png_save_int_32(buf + 8, xy->redx);
1358 png_save_int_32(buf + 12, xy->redy);
1359
1360 png_save_int_32(buf + 16, xy->greenx);
1361 png_save_int_32(buf + 20, xy->greeny);
1362
1363 png_save_int_32(buf + 24, xy->bluex);
1364 png_save_int_32(buf + 28, xy->bluey);
1365
1366 png_write_complete_chunk(png_ptr, png_cHRM, buf, 32);
1367 }
1368 #endif
1369
1370 #ifdef PNG_WRITE_tRNS_SUPPORTED
1371 /* Write the tRNS chunk */
1372 void /* PRIVATE */
png_write_tRNS(png_structrp png_ptr,png_const_bytep trans_alpha,png_const_color_16p tran,int num_trans,int color_type)1373 png_write_tRNS(png_structrp png_ptr, png_const_bytep trans_alpha,
1374 png_const_color_16p tran, int num_trans, int color_type)
1375 {
1376 png_byte buf[6];
1377
1378 png_debug(1, "in png_write_tRNS");
1379
1380 if (color_type == PNG_COLOR_TYPE_PALETTE)
1381 {
1382 if (num_trans <= 0 || num_trans > (int)png_ptr->num_palette)
1383 {
1384 png_app_warning(png_ptr,
1385 "Invalid number of transparent colors specified");
1386 return;
1387 }
1388
1389 /* Write the chunk out as it is */
1390 png_write_complete_chunk(png_ptr, png_tRNS, trans_alpha,
1391 (size_t)num_trans);
1392 }
1393
1394 else if (color_type == PNG_COLOR_TYPE_GRAY)
1395 {
1396 /* One 16-bit value */
1397 if (tran->gray >= (1 << png_ptr->bit_depth))
1398 {
1399 png_app_warning(png_ptr,
1400 "Ignoring attempt to write tRNS chunk out-of-range for bit_depth");
1401
1402 return;
1403 }
1404
1405 png_save_uint_16(buf, tran->gray);
1406 png_write_complete_chunk(png_ptr, png_tRNS, buf, 2);
1407 }
1408
1409 else if (color_type == PNG_COLOR_TYPE_RGB)
1410 {
1411 /* Three 16-bit values */
1412 png_save_uint_16(buf, tran->red);
1413 png_save_uint_16(buf + 2, tran->green);
1414 png_save_uint_16(buf + 4, tran->blue);
1415 #ifdef PNG_WRITE_16BIT_SUPPORTED
1416 if (png_ptr->bit_depth == 8 && (buf[0] | buf[2] | buf[4]) != 0)
1417 #else
1418 if ((buf[0] | buf[2] | buf[4]) != 0)
1419 #endif
1420 {
1421 png_app_warning(png_ptr,
1422 "Ignoring attempt to write 16-bit tRNS chunk when bit_depth is 8");
1423 return;
1424 }
1425
1426 png_write_complete_chunk(png_ptr, png_tRNS, buf, 6);
1427 }
1428
1429 else
1430 {
1431 png_app_warning(png_ptr, "Can't write tRNS with an alpha channel");
1432 }
1433 }
1434 #endif
1435
1436 #ifdef PNG_WRITE_bKGD_SUPPORTED
1437 /* Write the background chunk */
1438 void /* PRIVATE */
png_write_bKGD(png_structrp png_ptr,png_const_color_16p back,int color_type)1439 png_write_bKGD(png_structrp png_ptr, png_const_color_16p back, int color_type)
1440 {
1441 png_byte buf[6];
1442
1443 png_debug(1, "in png_write_bKGD");
1444
1445 if (color_type == PNG_COLOR_TYPE_PALETTE)
1446 {
1447 if (
1448 #ifdef PNG_MNG_FEATURES_SUPPORTED
1449 (png_ptr->num_palette != 0 ||
1450 (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0) &&
1451 #endif
1452 back->index >= png_ptr->num_palette)
1453 {
1454 png_warning(png_ptr, "Invalid background palette index");
1455 return;
1456 }
1457
1458 buf[0] = back->index;
1459 png_write_complete_chunk(png_ptr, png_bKGD, buf, 1);
1460 }
1461
1462 else if ((color_type & PNG_COLOR_MASK_COLOR) != 0)
1463 {
1464 png_save_uint_16(buf, back->red);
1465 png_save_uint_16(buf + 2, back->green);
1466 png_save_uint_16(buf + 4, back->blue);
1467 #ifdef PNG_WRITE_16BIT_SUPPORTED
1468 if (png_ptr->bit_depth == 8 && (buf[0] | buf[2] | buf[4]) != 0)
1469 #else
1470 if ((buf[0] | buf[2] | buf[4]) != 0)
1471 #endif
1472 {
1473 png_warning(png_ptr,
1474 "Ignoring attempt to write 16-bit bKGD chunk "
1475 "when bit_depth is 8");
1476
1477 return;
1478 }
1479
1480 png_write_complete_chunk(png_ptr, png_bKGD, buf, 6);
1481 }
1482
1483 else
1484 {
1485 if (back->gray >= (1 << png_ptr->bit_depth))
1486 {
1487 png_warning(png_ptr,
1488 "Ignoring attempt to write bKGD chunk out-of-range for bit_depth");
1489
1490 return;
1491 }
1492
1493 png_save_uint_16(buf, back->gray);
1494 png_write_complete_chunk(png_ptr, png_bKGD, buf, 2);
1495 }
1496 }
1497 #endif
1498
1499 #ifdef PNG_WRITE_eXIf_SUPPORTED
1500 /* Write the Exif data */
1501 void /* PRIVATE */
png_write_eXIf(png_structrp png_ptr,png_bytep exif,int num_exif)1502 png_write_eXIf(png_structrp png_ptr, png_bytep exif, int num_exif)
1503 {
1504 int i;
1505 png_byte buf[1];
1506
1507 png_debug(1, "in png_write_eXIf");
1508
1509 png_write_chunk_header(png_ptr, png_eXIf, (png_uint_32)(num_exif));
1510
1511 for (i = 0; i < num_exif; i++)
1512 {
1513 buf[0] = exif[i];
1514 png_write_chunk_data(png_ptr, buf, 1);
1515 }
1516
1517 png_write_chunk_end(png_ptr);
1518 }
1519 #endif
1520
1521 #ifdef PNG_WRITE_hIST_SUPPORTED
1522 /* Write the histogram */
1523 void /* PRIVATE */
png_write_hIST(png_structrp png_ptr,png_const_uint_16p hist,int num_hist)1524 png_write_hIST(png_structrp png_ptr, png_const_uint_16p hist, int num_hist)
1525 {
1526 int i;
1527 png_byte buf[3];
1528
1529 png_debug(1, "in png_write_hIST");
1530
1531 if (num_hist > (int)png_ptr->num_palette)
1532 {
1533 png_debug2(3, "num_hist = %d, num_palette = %d", num_hist,
1534 png_ptr->num_palette);
1535
1536 png_warning(png_ptr, "Invalid number of histogram entries specified");
1537 return;
1538 }
1539
1540 png_write_chunk_header(png_ptr, png_hIST, (png_uint_32)(num_hist * 2));
1541
1542 for (i = 0; i < num_hist; i++)
1543 {
1544 png_save_uint_16(buf, hist[i]);
1545 png_write_chunk_data(png_ptr, buf, 2);
1546 }
1547
1548 png_write_chunk_end(png_ptr);
1549 }
1550 #endif
1551
1552 #ifdef PNG_WRITE_tEXt_SUPPORTED
1553 /* Write a tEXt chunk */
1554 void /* PRIVATE */
png_write_tEXt(png_structrp png_ptr,png_const_charp key,png_const_charp text,size_t text_len)1555 png_write_tEXt(png_structrp png_ptr, png_const_charp key, png_const_charp text,
1556 size_t text_len)
1557 {
1558 png_uint_32 key_len;
1559 png_byte new_key[80];
1560
1561 png_debug(1, "in png_write_tEXt");
1562
1563 key_len = png_check_keyword(png_ptr, key, new_key);
1564
1565 if (key_len == 0)
1566 png_error(png_ptr, "tEXt: invalid keyword");
1567
1568 if (text == NULL || *text == '\0')
1569 text_len = 0;
1570
1571 else
1572 text_len = strlen(text);
1573
1574 if (text_len > PNG_UINT_31_MAX - (key_len+1))
1575 png_error(png_ptr, "tEXt: text too long");
1576
1577 /* Make sure we include the 0 after the key */
1578 png_write_chunk_header(png_ptr, png_tEXt,
1579 (png_uint_32)/*checked above*/(key_len + text_len + 1));
1580 /*
1581 * We leave it to the application to meet PNG-1.0 requirements on the
1582 * contents of the text. PNG-1.0 through PNG-1.2 discourage the use of
1583 * any non-Latin-1 characters except for NEWLINE. ISO PNG will forbid them.
1584 * The NUL character is forbidden by PNG-1.0 through PNG-1.2 and ISO PNG.
1585 */
1586 png_write_chunk_data(png_ptr, new_key, key_len + 1);
1587
1588 if (text_len != 0)
1589 png_write_chunk_data(png_ptr, (png_const_bytep)text, text_len);
1590
1591 png_write_chunk_end(png_ptr);
1592 }
1593 #endif
1594
1595 #ifdef PNG_WRITE_zTXt_SUPPORTED
1596 /* Write a compressed text chunk */
1597 void /* PRIVATE */
png_write_zTXt(png_structrp png_ptr,png_const_charp key,png_const_charp text,int compression)1598 png_write_zTXt(png_structrp png_ptr, png_const_charp key, png_const_charp text,
1599 int compression)
1600 {
1601 png_uint_32 key_len;
1602 png_byte new_key[81];
1603 compression_state comp;
1604
1605 png_debug(1, "in png_write_zTXt");
1606
1607 if (compression == PNG_TEXT_COMPRESSION_NONE)
1608 {
1609 png_write_tEXt(png_ptr, key, text, 0);
1610 return;
1611 }
1612
1613 if (compression != PNG_TEXT_COMPRESSION_zTXt)
1614 png_error(png_ptr, "zTXt: invalid compression type");
1615
1616 key_len = png_check_keyword(png_ptr, key, new_key);
1617
1618 if (key_len == 0)
1619 png_error(png_ptr, "zTXt: invalid keyword");
1620
1621 /* Add the compression method and 1 for the keyword separator. */
1622 new_key[++key_len] = PNG_COMPRESSION_TYPE_BASE;
1623 ++key_len;
1624
1625 /* Compute the compressed data; do it now for the length */
1626 png_text_compress_init(&comp, (png_const_bytep)text,
1627 text == NULL ? 0 : strlen(text));
1628
1629 if (png_text_compress(png_ptr, png_zTXt, &comp, key_len) != Z_OK)
1630 png_error(png_ptr, png_ptr->zstream.msg);
1631
1632 /* Write start of chunk */
1633 png_write_chunk_header(png_ptr, png_zTXt, key_len + comp.output_len);
1634
1635 /* Write key */
1636 png_write_chunk_data(png_ptr, new_key, key_len);
1637
1638 /* Write the compressed data */
1639 png_write_compressed_data_out(png_ptr, &comp);
1640
1641 /* Close the chunk */
1642 png_write_chunk_end(png_ptr);
1643 }
1644 #endif
1645
1646 #ifdef PNG_WRITE_iTXt_SUPPORTED
1647 /* Write an iTXt chunk */
1648 void /* PRIVATE */
png_write_iTXt(png_structrp png_ptr,int compression,png_const_charp key,png_const_charp lang,png_const_charp lang_key,png_const_charp text)1649 png_write_iTXt(png_structrp png_ptr, int compression, png_const_charp key,
1650 png_const_charp lang, png_const_charp lang_key, png_const_charp text)
1651 {
1652 png_uint_32 key_len, prefix_len;
1653 size_t lang_len, lang_key_len;
1654 png_byte new_key[82];
1655 compression_state comp;
1656
1657 png_debug(1, "in png_write_iTXt");
1658
1659 key_len = png_check_keyword(png_ptr, key, new_key);
1660
1661 if (key_len == 0)
1662 png_error(png_ptr, "iTXt: invalid keyword");
1663
1664 /* Set the compression flag */
1665 switch (compression)
1666 {
1667 case PNG_ITXT_COMPRESSION_NONE:
1668 case PNG_TEXT_COMPRESSION_NONE:
1669 compression = new_key[++key_len] = 0; /* no compression */
1670 break;
1671
1672 case PNG_TEXT_COMPRESSION_zTXt:
1673 case PNG_ITXT_COMPRESSION_zTXt:
1674 compression = new_key[++key_len] = 1; /* compressed */
1675 break;
1676
1677 default:
1678 png_error(png_ptr, "iTXt: invalid compression");
1679 }
1680
1681 new_key[++key_len] = PNG_COMPRESSION_TYPE_BASE;
1682 ++key_len; /* for the keywod separator */
1683
1684 /* We leave it to the application to meet PNG-1.0 requirements on the
1685 * contents of the text. PNG-1.0 through PNG-1.2 discourage the use of
1686 * any non-Latin-1 characters except for NEWLINE. ISO PNG, however,
1687 * specifies that the text is UTF-8 and this really doesn't require any
1688 * checking.
1689 *
1690 * The NUL character is forbidden by PNG-1.0 through PNG-1.2 and ISO PNG.
1691 *
1692 * TODO: validate the language tag correctly (see the spec.)
1693 */
1694 if (lang == NULL) lang = ""; /* empty language is valid */
1695 lang_len = strlen(lang)+1;
1696 if (lang_key == NULL) lang_key = ""; /* may be empty */
1697 lang_key_len = strlen(lang_key)+1;
1698 if (text == NULL) text = ""; /* may be empty */
1699
1700 prefix_len = key_len;
1701 if (lang_len > PNG_UINT_31_MAX-prefix_len)
1702 prefix_len = PNG_UINT_31_MAX;
1703 else
1704 prefix_len = (png_uint_32)(prefix_len + lang_len);
1705
1706 if (lang_key_len > PNG_UINT_31_MAX-prefix_len)
1707 prefix_len = PNG_UINT_31_MAX;
1708 else
1709 prefix_len = (png_uint_32)(prefix_len + lang_key_len);
1710
1711 png_text_compress_init(&comp, (png_const_bytep)text, strlen(text));
1712
1713 if (compression != 0)
1714 {
1715 if (png_text_compress(png_ptr, png_iTXt, &comp, prefix_len) != Z_OK)
1716 png_error(png_ptr, png_ptr->zstream.msg);
1717 }
1718
1719 else
1720 {
1721 if (comp.input_len > PNG_UINT_31_MAX-prefix_len)
1722 png_error(png_ptr, "iTXt: uncompressed text too long");
1723
1724 /* So the string will fit in a chunk: */
1725 comp.output_len = (png_uint_32)/*SAFE*/comp.input_len;
1726 }
1727
1728 png_write_chunk_header(png_ptr, png_iTXt, comp.output_len + prefix_len);
1729
1730 png_write_chunk_data(png_ptr, new_key, key_len);
1731
1732 png_write_chunk_data(png_ptr, (png_const_bytep)lang, lang_len);
1733
1734 png_write_chunk_data(png_ptr, (png_const_bytep)lang_key, lang_key_len);
1735
1736 if (compression != 0)
1737 png_write_compressed_data_out(png_ptr, &comp);
1738
1739 else
1740 png_write_chunk_data(png_ptr, (png_const_bytep)text, comp.output_len);
1741
1742 png_write_chunk_end(png_ptr);
1743 }
1744 #endif
1745
1746 #ifdef PNG_WRITE_oFFs_SUPPORTED
1747 /* Write the oFFs chunk */
1748 void /* PRIVATE */
png_write_oFFs(png_structrp png_ptr,png_int_32 x_offset,png_int_32 y_offset,int unit_type)1749 png_write_oFFs(png_structrp png_ptr, png_int_32 x_offset, png_int_32 y_offset,
1750 int unit_type)
1751 {
1752 png_byte buf[9];
1753
1754 png_debug(1, "in png_write_oFFs");
1755
1756 if (unit_type >= PNG_OFFSET_LAST)
1757 png_warning(png_ptr, "Unrecognized unit type for oFFs chunk");
1758
1759 png_save_int_32(buf, x_offset);
1760 png_save_int_32(buf + 4, y_offset);
1761 buf[8] = (png_byte)unit_type;
1762
1763 png_write_complete_chunk(png_ptr, png_oFFs, buf, 9);
1764 }
1765 #endif
1766 #ifdef PNG_WRITE_pCAL_SUPPORTED
1767 /* Write the pCAL chunk (described in the PNG extensions document) */
1768 void /* PRIVATE */
png_write_pCAL(png_structrp png_ptr,png_charp purpose,png_int_32 X0,png_int_32 X1,int type,int nparams,png_const_charp units,png_charpp params)1769 png_write_pCAL(png_structrp png_ptr, png_charp purpose, png_int_32 X0,
1770 png_int_32 X1, int type, int nparams, png_const_charp units,
1771 png_charpp params)
1772 {
1773 png_uint_32 purpose_len;
1774 size_t units_len, total_len;
1775 png_size_tp params_len;
1776 png_byte buf[10];
1777 png_byte new_purpose[80];
1778 int i;
1779
1780 png_debug1(1, "in png_write_pCAL (%d parameters)", nparams);
1781
1782 if (type >= PNG_EQUATION_LAST)
1783 png_error(png_ptr, "Unrecognized equation type for pCAL chunk");
1784
1785 purpose_len = png_check_keyword(png_ptr, purpose, new_purpose);
1786
1787 if (purpose_len == 0)
1788 png_error(png_ptr, "pCAL: invalid keyword");
1789
1790 ++purpose_len; /* terminator */
1791
1792 png_debug1(3, "pCAL purpose length = %d", (int)purpose_len);
1793 units_len = strlen(units) + (nparams == 0 ? 0 : 1);
1794 png_debug1(3, "pCAL units length = %d", (int)units_len);
1795 total_len = purpose_len + units_len + 10;
1796
1797 params_len = (png_size_tp)png_malloc(png_ptr,
1798 (png_alloc_size_t)((png_alloc_size_t)nparams * (sizeof (size_t))));
1799
1800 /* Find the length of each parameter, making sure we don't count the
1801 * null terminator for the last parameter.
1802 */
1803 for (i = 0; i < nparams; i++)
1804 {
1805 params_len[i] = strlen(params[i]) + (i == nparams - 1 ? 0 : 1);
1806 png_debug2(3, "pCAL parameter %d length = %lu", i,
1807 (unsigned long)params_len[i]);
1808 total_len += params_len[i];
1809 }
1810
1811 png_debug1(3, "pCAL total length = %d", (int)total_len);
1812 png_write_chunk_header(png_ptr, png_pCAL, (png_uint_32)total_len);
1813 png_write_chunk_data(png_ptr, new_purpose, purpose_len);
1814 png_save_int_32(buf, X0);
1815 png_save_int_32(buf + 4, X1);
1816 buf[8] = (png_byte)type;
1817 buf[9] = (png_byte)nparams;
1818 png_write_chunk_data(png_ptr, buf, 10);
1819 png_write_chunk_data(png_ptr, (png_const_bytep)units, (size_t)units_len);
1820
1821 for (i = 0; i < nparams; i++)
1822 {
1823 png_write_chunk_data(png_ptr, (png_const_bytep)params[i], params_len[i]);
1824 }
1825
1826 png_free(png_ptr, params_len);
1827 png_write_chunk_end(png_ptr);
1828 }
1829 #endif
1830
1831 #ifdef PNG_WRITE_sCAL_SUPPORTED
1832 /* Write the sCAL chunk */
1833 void /* PRIVATE */
png_write_sCAL_s(png_structrp png_ptr,int unit,png_const_charp width,png_const_charp height)1834 png_write_sCAL_s(png_structrp png_ptr, int unit, png_const_charp width,
1835 png_const_charp height)
1836 {
1837 png_byte buf[64];
1838 size_t wlen, hlen, total_len;
1839
1840 png_debug(1, "in png_write_sCAL_s");
1841
1842 wlen = strlen(width);
1843 hlen = strlen(height);
1844 total_len = wlen + hlen + 2;
1845
1846 if (total_len > 64)
1847 {
1848 png_warning(png_ptr, "Can't write sCAL (buffer too small)");
1849 return;
1850 }
1851
1852 buf[0] = (png_byte)unit;
1853 memcpy(buf + 1, width, wlen + 1); /* Append the '\0' here */
1854 memcpy(buf + wlen + 2, height, hlen); /* Do NOT append the '\0' here */
1855
1856 png_debug1(3, "sCAL total length = %u", (unsigned int)total_len);
1857 png_write_complete_chunk(png_ptr, png_sCAL, buf, total_len);
1858 }
1859 #endif
1860
1861 #ifdef PNG_WRITE_pHYs_SUPPORTED
1862 /* Write the pHYs chunk */
1863 void /* PRIVATE */
png_write_pHYs(png_structrp png_ptr,png_uint_32 x_pixels_per_unit,png_uint_32 y_pixels_per_unit,int unit_type)1864 png_write_pHYs(png_structrp png_ptr, png_uint_32 x_pixels_per_unit,
1865 png_uint_32 y_pixels_per_unit,
1866 int unit_type)
1867 {
1868 png_byte buf[9];
1869
1870 png_debug(1, "in png_write_pHYs");
1871
1872 if (unit_type >= PNG_RESOLUTION_LAST)
1873 png_warning(png_ptr, "Unrecognized unit type for pHYs chunk");
1874
1875 png_save_uint_32(buf, x_pixels_per_unit);
1876 png_save_uint_32(buf + 4, y_pixels_per_unit);
1877 buf[8] = (png_byte)unit_type;
1878
1879 png_write_complete_chunk(png_ptr, png_pHYs, buf, 9);
1880 }
1881 #endif
1882
1883 #ifdef PNG_WRITE_tIME_SUPPORTED
1884 /* Write the tIME chunk. Use either png_convert_from_struct_tm()
1885 * or png_convert_from_time_t(), or fill in the structure yourself.
1886 */
1887 void /* PRIVATE */
png_write_tIME(png_structrp png_ptr,png_const_timep mod_time)1888 png_write_tIME(png_structrp png_ptr, png_const_timep mod_time)
1889 {
1890 png_byte buf[7];
1891
1892 png_debug(1, "in png_write_tIME");
1893
1894 if (mod_time->month > 12 || mod_time->month < 1 ||
1895 mod_time->day > 31 || mod_time->day < 1 ||
1896 mod_time->hour > 23 || mod_time->second > 60)
1897 {
1898 png_warning(png_ptr, "Invalid time specified for tIME chunk");
1899 return;
1900 }
1901
1902 png_save_uint_16(buf, mod_time->year);
1903 buf[2] = mod_time->month;
1904 buf[3] = mod_time->day;
1905 buf[4] = mod_time->hour;
1906 buf[5] = mod_time->minute;
1907 buf[6] = mod_time->second;
1908
1909 png_write_complete_chunk(png_ptr, png_tIME, buf, 7);
1910 }
1911 #endif
1912
1913 #ifdef PNG_WRITE_APNG_SUPPORTED
1914 void /* PRIVATE */
png_write_acTL(png_structp png_ptr,png_uint_32 num_frames,png_uint_32 num_plays)1915 png_write_acTL(png_structp png_ptr,
1916 png_uint_32 num_frames, png_uint_32 num_plays)
1917 {
1918 png_byte buf[8];
1919
1920 png_debug(1, "in png_write_acTL");
1921
1922 png_ptr->num_frames_to_write = num_frames;
1923
1924 if ((png_ptr->apng_flags & PNG_FIRST_FRAME_HIDDEN) != 0)
1925 num_frames--;
1926
1927 png_save_uint_32(buf, num_frames);
1928 png_save_uint_32(buf + 4, num_plays);
1929
1930 png_write_complete_chunk(png_ptr, png_acTL, buf, (png_size_t)8);
1931 }
1932
1933 void /* PRIVATE */
png_write_fcTL(png_structp png_ptr,png_uint_32 width,png_uint_32 height,png_uint_32 x_offset,png_uint_32 y_offset,png_uint_16 delay_num,png_uint_16 delay_den,png_byte dispose_op,png_byte blend_op)1934 png_write_fcTL(png_structp png_ptr, png_uint_32 width, png_uint_32 height,
1935 png_uint_32 x_offset, png_uint_32 y_offset,
1936 png_uint_16 delay_num, png_uint_16 delay_den, png_byte dispose_op,
1937 png_byte blend_op)
1938 {
1939 png_byte buf[26];
1940
1941 png_debug(1, "in png_write_fcTL");
1942
1943 if (png_ptr->num_frames_written == 0 && (x_offset != 0 || y_offset != 0))
1944 png_error(png_ptr, "x and/or y offset for the first frame aren't 0");
1945 if (png_ptr->num_frames_written == 0 &&
1946 (width != png_ptr->first_frame_width ||
1947 height != png_ptr->first_frame_height))
1948 png_error(png_ptr, "width and/or height in the first frame's fcTL "
1949 "don't match the ones in IHDR");
1950
1951 /* more error checking */
1952 png_ensure_fcTL_is_valid(png_ptr, width, height, x_offset, y_offset,
1953 delay_num, delay_den, dispose_op, blend_op);
1954
1955 png_save_uint_32(buf, png_ptr->next_seq_num);
1956 png_save_uint_32(buf + 4, width);
1957 png_save_uint_32(buf + 8, height);
1958 png_save_uint_32(buf + 12, x_offset);
1959 png_save_uint_32(buf + 16, y_offset);
1960 png_save_uint_16(buf + 20, delay_num);
1961 png_save_uint_16(buf + 22, delay_den);
1962 buf[24] = dispose_op;
1963 buf[25] = blend_op;
1964
1965 png_write_complete_chunk(png_ptr, png_fcTL, buf, (png_size_t)26);
1966
1967 png_ptr->next_seq_num++;
1968 }
1969
1970 void /* PRIVATE */
png_write_fdAT(png_structp png_ptr,png_const_bytep data,png_size_t length)1971 png_write_fdAT(png_structp png_ptr,
1972 png_const_bytep data, png_size_t length)
1973 {
1974 png_byte buf[4];
1975
1976 png_write_chunk_header(png_ptr, png_fdAT, (png_uint_32)(4 + length));
1977
1978 png_save_uint_32(buf, png_ptr->next_seq_num);
1979 png_write_chunk_data(png_ptr, buf, 4);
1980
1981 png_write_chunk_data(png_ptr, data, length);
1982
1983 png_write_chunk_end(png_ptr);
1984
1985 png_ptr->next_seq_num++;
1986 }
1987 #endif /* WRITE_APNG */
1988
1989 /* Initializes the row writing capability of libpng */
1990 void /* PRIVATE */
png_write_start_row(png_structrp png_ptr)1991 png_write_start_row(png_structrp png_ptr)
1992 {
1993 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
1994 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
1995
1996 /* Start of interlace block */
1997 static const png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
1998
1999 /* Offset to next interlace block */
2000 static const png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
2001
2002 /* Start of interlace block in the y direction */
2003 static const png_byte png_pass_ystart[7] = {0, 0, 4, 0, 2, 0, 1};
2004
2005 /* Offset to next interlace block in the y direction */
2006 static const png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
2007 #endif
2008
2009 png_alloc_size_t buf_size;
2010 int usr_pixel_depth;
2011
2012 #ifdef PNG_WRITE_FILTER_SUPPORTED
2013 png_byte filters;
2014 #endif
2015
2016 png_debug(1, "in png_write_start_row");
2017
2018 usr_pixel_depth = png_ptr->usr_channels * png_ptr->usr_bit_depth;
2019 buf_size = PNG_ROWBYTES(usr_pixel_depth, png_ptr->width) + 1;
2020
2021 /* 1.5.6: added to allow checking in the row write code. */
2022 png_ptr->transformed_pixel_depth = png_ptr->pixel_depth;
2023 png_ptr->maximum_pixel_depth = (png_byte)usr_pixel_depth;
2024
2025 /* Set up row buffer */
2026 png_ptr->row_buf = png_voidcast(png_bytep, png_malloc(png_ptr, buf_size));
2027
2028 png_ptr->row_buf[0] = PNG_FILTER_VALUE_NONE;
2029
2030 #ifdef PNG_WRITE_FILTER_SUPPORTED
2031 filters = png_ptr->do_filter;
2032
2033 if (png_ptr->height == 1)
2034 filters &= 0xff & ~(PNG_FILTER_UP|PNG_FILTER_AVG|PNG_FILTER_PAETH);
2035
2036 if (png_ptr->width == 1)
2037 filters &= 0xff & ~(PNG_FILTER_SUB|PNG_FILTER_AVG|PNG_FILTER_PAETH);
2038
2039 if (filters == 0)
2040 filters = PNG_FILTER_NONE;
2041
2042 png_ptr->do_filter = filters;
2043
2044 if (((filters & (PNG_FILTER_SUB | PNG_FILTER_UP | PNG_FILTER_AVG |
2045 PNG_FILTER_PAETH)) != 0) && png_ptr->try_row == NULL)
2046 {
2047 int num_filters = 0;
2048
2049 png_ptr->try_row = png_voidcast(png_bytep, png_malloc(png_ptr, buf_size));
2050
2051 if (filters & PNG_FILTER_SUB)
2052 num_filters++;
2053
2054 if (filters & PNG_FILTER_UP)
2055 num_filters++;
2056
2057 if (filters & PNG_FILTER_AVG)
2058 num_filters++;
2059
2060 if (filters & PNG_FILTER_PAETH)
2061 num_filters++;
2062
2063 if (num_filters > 1)
2064 png_ptr->tst_row = png_voidcast(png_bytep, png_malloc(png_ptr,
2065 buf_size));
2066 }
2067
2068 /* We only need to keep the previous row if we are using one of the following
2069 * filters.
2070 */
2071 if ((filters & (PNG_FILTER_AVG | PNG_FILTER_UP | PNG_FILTER_PAETH)) != 0)
2072 png_ptr->prev_row = png_voidcast(png_bytep,
2073 png_calloc(png_ptr, buf_size));
2074 #endif /* WRITE_FILTER */
2075
2076 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
2077 /* If interlaced, we need to set up width and height of pass */
2078 if (png_ptr->interlaced != 0)
2079 {
2080 if ((png_ptr->transformations & PNG_INTERLACE) == 0)
2081 {
2082 png_ptr->num_rows = (png_ptr->height + png_pass_yinc[0] - 1 -
2083 png_pass_ystart[0]) / png_pass_yinc[0];
2084
2085 png_ptr->usr_width = (png_ptr->width + png_pass_inc[0] - 1 -
2086 png_pass_start[0]) / png_pass_inc[0];
2087 }
2088
2089 else
2090 {
2091 png_ptr->num_rows = png_ptr->height;
2092 png_ptr->usr_width = png_ptr->width;
2093 }
2094 }
2095
2096 else
2097 #endif
2098 {
2099 png_ptr->num_rows = png_ptr->height;
2100 png_ptr->usr_width = png_ptr->width;
2101 }
2102 }
2103
2104 /* Internal use only. Called when finished processing a row of data. */
2105 void /* PRIVATE */
png_write_finish_row(png_structrp png_ptr)2106 png_write_finish_row(png_structrp png_ptr)
2107 {
2108 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
2109 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
2110
2111 /* Start of interlace block */
2112 static const png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
2113
2114 /* Offset to next interlace block */
2115 static const png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
2116
2117 /* Start of interlace block in the y direction */
2118 static const png_byte png_pass_ystart[7] = {0, 0, 4, 0, 2, 0, 1};
2119
2120 /* Offset to next interlace block in the y direction */
2121 static const png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
2122 #endif
2123
2124 png_debug(1, "in png_write_finish_row");
2125
2126 /* Next row */
2127 png_ptr->row_number++;
2128
2129 /* See if we are done */
2130 if (png_ptr->row_number < png_ptr->num_rows)
2131 return;
2132
2133 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
2134 /* If interlaced, go to next pass */
2135 if (png_ptr->interlaced != 0)
2136 {
2137 png_ptr->row_number = 0;
2138 if ((png_ptr->transformations & PNG_INTERLACE) != 0)
2139 {
2140 png_ptr->pass++;
2141 }
2142
2143 else
2144 {
2145 /* Loop until we find a non-zero width or height pass */
2146 do
2147 {
2148 png_ptr->pass++;
2149
2150 if (png_ptr->pass >= 7)
2151 break;
2152
2153 png_ptr->usr_width = (png_ptr->width +
2154 png_pass_inc[png_ptr->pass] - 1 -
2155 png_pass_start[png_ptr->pass]) /
2156 png_pass_inc[png_ptr->pass];
2157
2158 png_ptr->num_rows = (png_ptr->height +
2159 png_pass_yinc[png_ptr->pass] - 1 -
2160 png_pass_ystart[png_ptr->pass]) /
2161 png_pass_yinc[png_ptr->pass];
2162
2163 if ((png_ptr->transformations & PNG_INTERLACE) != 0)
2164 break;
2165
2166 } while (png_ptr->usr_width == 0 || png_ptr->num_rows == 0);
2167
2168 }
2169
2170 /* Reset the row above the image for the next pass */
2171 if (png_ptr->pass < 7)
2172 {
2173 if (png_ptr->prev_row != NULL)
2174 memset(png_ptr->prev_row, 0,
2175 PNG_ROWBYTES(png_ptr->usr_channels *
2176 png_ptr->usr_bit_depth, png_ptr->width) + 1);
2177
2178 return;
2179 }
2180 }
2181 #endif
2182
2183 /* If we get here, we've just written the last row, so we need
2184 to flush the compressor */
2185 png_compress_IDAT(png_ptr, NULL, 0, Z_FINISH);
2186 }
2187
2188 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
2189 /* Pick out the correct pixels for the interlace pass.
2190 * The basic idea here is to go through the row with a source
2191 * pointer and a destination pointer (sp and dp), and copy the
2192 * correct pixels for the pass. As the row gets compacted,
2193 * sp will always be >= dp, so we should never overwrite anything.
2194 * See the default: case for the easiest code to understand.
2195 */
2196 void /* PRIVATE */
png_do_write_interlace(png_row_infop row_info,png_bytep row,int pass)2197 png_do_write_interlace(png_row_infop row_info, png_bytep row, int pass)
2198 {
2199 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
2200
2201 /* Start of interlace block */
2202 static const png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
2203
2204 /* Offset to next interlace block */
2205 static const png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
2206
2207 png_debug(1, "in png_do_write_interlace");
2208
2209 /* We don't have to do anything on the last pass (6) */
2210 if (pass < 6)
2211 {
2212 /* Each pixel depth is handled separately */
2213 switch (row_info->pixel_depth)
2214 {
2215 case 1:
2216 {
2217 png_bytep sp;
2218 png_bytep dp;
2219 unsigned int shift;
2220 int d;
2221 int value;
2222 png_uint_32 i;
2223 png_uint_32 row_width = row_info->width;
2224
2225 dp = row;
2226 d = 0;
2227 shift = 7;
2228
2229 for (i = png_pass_start[pass]; i < row_width;
2230 i += png_pass_inc[pass])
2231 {
2232 sp = row + (size_t)(i >> 3);
2233 value = (int)(*sp >> (7 - (int)(i & 0x07))) & 0x01;
2234 d |= (value << shift);
2235
2236 if (shift == 0)
2237 {
2238 shift = 7;
2239 *dp++ = (png_byte)d;
2240 d = 0;
2241 }
2242
2243 else
2244 shift--;
2245
2246 }
2247 if (shift != 7)
2248 *dp = (png_byte)d;
2249
2250 break;
2251 }
2252
2253 case 2:
2254 {
2255 png_bytep sp;
2256 png_bytep dp;
2257 unsigned int shift;
2258 int d;
2259 int value;
2260 png_uint_32 i;
2261 png_uint_32 row_width = row_info->width;
2262
2263 dp = row;
2264 shift = 6;
2265 d = 0;
2266
2267 for (i = png_pass_start[pass]; i < row_width;
2268 i += png_pass_inc[pass])
2269 {
2270 sp = row + (size_t)(i >> 2);
2271 value = (*sp >> ((3 - (int)(i & 0x03)) << 1)) & 0x03;
2272 d |= (value << shift);
2273
2274 if (shift == 0)
2275 {
2276 shift = 6;
2277 *dp++ = (png_byte)d;
2278 d = 0;
2279 }
2280
2281 else
2282 shift -= 2;
2283 }
2284 if (shift != 6)
2285 *dp = (png_byte)d;
2286
2287 break;
2288 }
2289
2290 case 4:
2291 {
2292 png_bytep sp;
2293 png_bytep dp;
2294 unsigned int shift;
2295 int d;
2296 int value;
2297 png_uint_32 i;
2298 png_uint_32 row_width = row_info->width;
2299
2300 dp = row;
2301 shift = 4;
2302 d = 0;
2303 for (i = png_pass_start[pass]; i < row_width;
2304 i += png_pass_inc[pass])
2305 {
2306 sp = row + (size_t)(i >> 1);
2307 value = (*sp >> ((1 - (int)(i & 0x01)) << 2)) & 0x0f;
2308 d |= (value << shift);
2309
2310 if (shift == 0)
2311 {
2312 shift = 4;
2313 *dp++ = (png_byte)d;
2314 d = 0;
2315 }
2316
2317 else
2318 shift -= 4;
2319 }
2320 if (shift != 4)
2321 *dp = (png_byte)d;
2322
2323 break;
2324 }
2325
2326 default:
2327 {
2328 png_bytep sp;
2329 png_bytep dp;
2330 png_uint_32 i;
2331 png_uint_32 row_width = row_info->width;
2332 size_t pixel_bytes;
2333
2334 /* Start at the beginning */
2335 dp = row;
2336
2337 /* Find out how many bytes each pixel takes up */
2338 pixel_bytes = (row_info->pixel_depth >> 3);
2339
2340 /* Loop through the row, only looking at the pixels that matter */
2341 for (i = png_pass_start[pass]; i < row_width;
2342 i += png_pass_inc[pass])
2343 {
2344 /* Find out where the original pixel is */
2345 sp = row + (size_t)i * pixel_bytes;
2346
2347 /* Move the pixel */
2348 if (dp != sp)
2349 memcpy(dp, sp, pixel_bytes);
2350
2351 /* Next pixel */
2352 dp += pixel_bytes;
2353 }
2354 break;
2355 }
2356 }
2357 /* Set new row width */
2358 row_info->width = (row_info->width +
2359 png_pass_inc[pass] - 1 -
2360 png_pass_start[pass]) /
2361 png_pass_inc[pass];
2362
2363 row_info->rowbytes = PNG_ROWBYTES(row_info->pixel_depth,
2364 row_info->width);
2365 }
2366 }
2367 #endif
2368
2369
2370 /* This filters the row, chooses which filter to use, if it has not already
2371 * been specified by the application, and then writes the row out with the
2372 * chosen filter.
2373 */
2374 static void /* PRIVATE */
2375 png_write_filtered_row(png_structrp png_ptr, png_bytep filtered_row,
2376 size_t row_bytes);
2377
2378 #ifdef PNG_WRITE_FILTER_SUPPORTED
2379 static size_t /* PRIVATE */
png_setup_sub_row(png_structrp png_ptr,png_uint_32 bpp,size_t row_bytes,size_t lmins)2380 png_setup_sub_row(png_structrp png_ptr, png_uint_32 bpp,
2381 size_t row_bytes, size_t lmins)
2382 {
2383 png_bytep rp, dp, lp;
2384 size_t i;
2385 size_t sum = 0;
2386 unsigned int v;
2387
2388 png_ptr->try_row[0] = PNG_FILTER_VALUE_SUB;
2389
2390 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1; i < bpp;
2391 i++, rp++, dp++)
2392 {
2393 v = *dp = *rp;
2394 #ifdef PNG_USE_ABS
2395 sum += 128 - abs((int)v - 128);
2396 #else
2397 sum += (v < 128) ? v : 256 - v;
2398 #endif
2399 }
2400
2401 for (lp = png_ptr->row_buf + 1; i < row_bytes;
2402 i++, rp++, lp++, dp++)
2403 {
2404 v = *dp = (png_byte)(((int)*rp - (int)*lp) & 0xff);
2405 #ifdef PNG_USE_ABS
2406 sum += 128 - abs((int)v - 128);
2407 #else
2408 sum += (v < 128) ? v : 256 - v;
2409 #endif
2410
2411 if (sum > lmins) /* We are already worse, don't continue. */
2412 break;
2413 }
2414
2415 return (sum);
2416 }
2417
2418 static void /* PRIVATE */
png_setup_sub_row_only(png_structrp png_ptr,png_uint_32 bpp,size_t row_bytes)2419 png_setup_sub_row_only(png_structrp png_ptr, png_uint_32 bpp,
2420 size_t row_bytes)
2421 {
2422 png_bytep rp, dp, lp;
2423 size_t i;
2424
2425 png_ptr->try_row[0] = PNG_FILTER_VALUE_SUB;
2426
2427 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1; i < bpp;
2428 i++, rp++, dp++)
2429 {
2430 *dp = *rp;
2431 }
2432
2433 for (lp = png_ptr->row_buf + 1; i < row_bytes;
2434 i++, rp++, lp++, dp++)
2435 {
2436 *dp = (png_byte)(((int)*rp - (int)*lp) & 0xff);
2437 }
2438 }
2439
2440 static size_t /* PRIVATE */
png_setup_up_row(png_structrp png_ptr,size_t row_bytes,size_t lmins)2441 png_setup_up_row(png_structrp png_ptr, size_t row_bytes, size_t lmins)
2442 {
2443 png_bytep rp, dp, pp;
2444 size_t i;
2445 size_t sum = 0;
2446 unsigned int v;
2447
2448 png_ptr->try_row[0] = PNG_FILTER_VALUE_UP;
2449
2450 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2451 pp = png_ptr->prev_row + 1; i < row_bytes;
2452 i++, rp++, pp++, dp++)
2453 {
2454 v = *dp = (png_byte)(((int)*rp - (int)*pp) & 0xff);
2455 #ifdef PNG_USE_ABS
2456 sum += 128 - abs((int)v - 128);
2457 #else
2458 sum += (v < 128) ? v : 256 - v;
2459 #endif
2460
2461 if (sum > lmins) /* We are already worse, don't continue. */
2462 break;
2463 }
2464
2465 return (sum);
2466 }
2467 static void /* PRIVATE */
png_setup_up_row_only(png_structrp png_ptr,size_t row_bytes)2468 png_setup_up_row_only(png_structrp png_ptr, size_t row_bytes)
2469 {
2470 png_bytep rp, dp, pp;
2471 size_t i;
2472
2473 png_ptr->try_row[0] = PNG_FILTER_VALUE_UP;
2474
2475 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2476 pp = png_ptr->prev_row + 1; i < row_bytes;
2477 i++, rp++, pp++, dp++)
2478 {
2479 *dp = (png_byte)(((int)*rp - (int)*pp) & 0xff);
2480 }
2481 }
2482
2483 static size_t /* PRIVATE */
png_setup_avg_row(png_structrp png_ptr,png_uint_32 bpp,size_t row_bytes,size_t lmins)2484 png_setup_avg_row(png_structrp png_ptr, png_uint_32 bpp,
2485 size_t row_bytes, size_t lmins)
2486 {
2487 png_bytep rp, dp, pp, lp;
2488 png_uint_32 i;
2489 size_t sum = 0;
2490 unsigned int v;
2491
2492 png_ptr->try_row[0] = PNG_FILTER_VALUE_AVG;
2493
2494 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2495 pp = png_ptr->prev_row + 1; i < bpp; i++)
2496 {
2497 v = *dp++ = (png_byte)(((int)*rp++ - ((int)*pp++ / 2)) & 0xff);
2498
2499 #ifdef PNG_USE_ABS
2500 sum += 128 - abs((int)v - 128);
2501 #else
2502 sum += (v < 128) ? v : 256 - v;
2503 #endif
2504 }
2505
2506 for (lp = png_ptr->row_buf + 1; i < row_bytes; i++)
2507 {
2508 v = *dp++ = (png_byte)(((int)*rp++ - (((int)*pp++ + (int)*lp++) / 2))
2509 & 0xff);
2510
2511 #ifdef PNG_USE_ABS
2512 sum += 128 - abs((int)v - 128);
2513 #else
2514 sum += (v < 128) ? v : 256 - v;
2515 #endif
2516
2517 if (sum > lmins) /* We are already worse, don't continue. */
2518 break;
2519 }
2520
2521 return (sum);
2522 }
2523 static void /* PRIVATE */
png_setup_avg_row_only(png_structrp png_ptr,png_uint_32 bpp,size_t row_bytes)2524 png_setup_avg_row_only(png_structrp png_ptr, png_uint_32 bpp,
2525 size_t row_bytes)
2526 {
2527 png_bytep rp, dp, pp, lp;
2528 png_uint_32 i;
2529
2530 png_ptr->try_row[0] = PNG_FILTER_VALUE_AVG;
2531
2532 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2533 pp = png_ptr->prev_row + 1; i < bpp; i++)
2534 {
2535 *dp++ = (png_byte)(((int)*rp++ - ((int)*pp++ / 2)) & 0xff);
2536 }
2537
2538 for (lp = png_ptr->row_buf + 1; i < row_bytes; i++)
2539 {
2540 *dp++ = (png_byte)(((int)*rp++ - (((int)*pp++ + (int)*lp++) / 2))
2541 & 0xff);
2542 }
2543 }
2544
2545 static size_t /* PRIVATE */
png_setup_paeth_row(png_structrp png_ptr,png_uint_32 bpp,size_t row_bytes,size_t lmins)2546 png_setup_paeth_row(png_structrp png_ptr, png_uint_32 bpp,
2547 size_t row_bytes, size_t lmins)
2548 {
2549 png_bytep rp, dp, pp, cp, lp;
2550 size_t i;
2551 size_t sum = 0;
2552 unsigned int v;
2553
2554 png_ptr->try_row[0] = PNG_FILTER_VALUE_PAETH;
2555
2556 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2557 pp = png_ptr->prev_row + 1; i < bpp; i++)
2558 {
2559 v = *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff);
2560
2561 #ifdef PNG_USE_ABS
2562 sum += 128 - abs((int)v - 128);
2563 #else
2564 sum += (v < 128) ? v : 256 - v;
2565 #endif
2566 }
2567
2568 for (lp = png_ptr->row_buf + 1, cp = png_ptr->prev_row + 1; i < row_bytes;
2569 i++)
2570 {
2571 int a, b, c, pa, pb, pc, p;
2572
2573 b = *pp++;
2574 c = *cp++;
2575 a = *lp++;
2576
2577 p = b - c;
2578 pc = a - c;
2579
2580 #ifdef PNG_USE_ABS
2581 pa = abs(p);
2582 pb = abs(pc);
2583 pc = abs(p + pc);
2584 #else
2585 pa = p < 0 ? -p : p;
2586 pb = pc < 0 ? -pc : pc;
2587 pc = (p + pc) < 0 ? -(p + pc) : p + pc;
2588 #endif
2589
2590 p = (pa <= pb && pa <=pc) ? a : (pb <= pc) ? b : c;
2591
2592 v = *dp++ = (png_byte)(((int)*rp++ - p) & 0xff);
2593
2594 #ifdef PNG_USE_ABS
2595 sum += 128 - abs((int)v - 128);
2596 #else
2597 sum += (v < 128) ? v : 256 - v;
2598 #endif
2599
2600 if (sum > lmins) /* We are already worse, don't continue. */
2601 break;
2602 }
2603
2604 return (sum);
2605 }
2606 static void /* PRIVATE */
png_setup_paeth_row_only(png_structrp png_ptr,png_uint_32 bpp,size_t row_bytes)2607 png_setup_paeth_row_only(png_structrp png_ptr, png_uint_32 bpp,
2608 size_t row_bytes)
2609 {
2610 png_bytep rp, dp, pp, cp, lp;
2611 size_t i;
2612
2613 png_ptr->try_row[0] = PNG_FILTER_VALUE_PAETH;
2614
2615 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2616 pp = png_ptr->prev_row + 1; i < bpp; i++)
2617 {
2618 *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff);
2619 }
2620
2621 for (lp = png_ptr->row_buf + 1, cp = png_ptr->prev_row + 1; i < row_bytes;
2622 i++)
2623 {
2624 int a, b, c, pa, pb, pc, p;
2625
2626 b = *pp++;
2627 c = *cp++;
2628 a = *lp++;
2629
2630 p = b - c;
2631 pc = a - c;
2632
2633 #ifdef PNG_USE_ABS
2634 pa = abs(p);
2635 pb = abs(pc);
2636 pc = abs(p + pc);
2637 #else
2638 pa = p < 0 ? -p : p;
2639 pb = pc < 0 ? -pc : pc;
2640 pc = (p + pc) < 0 ? -(p + pc) : p + pc;
2641 #endif
2642
2643 p = (pa <= pb && pa <=pc) ? a : (pb <= pc) ? b : c;
2644
2645 *dp++ = (png_byte)(((int)*rp++ - p) & 0xff);
2646 }
2647 }
2648 #endif /* WRITE_FILTER */
2649
2650 void /* PRIVATE */
png_write_find_filter(png_structrp png_ptr,png_row_infop row_info)2651 png_write_find_filter(png_structrp png_ptr, png_row_infop row_info)
2652 {
2653 #ifndef PNG_WRITE_FILTER_SUPPORTED
2654 png_write_filtered_row(png_ptr, png_ptr->row_buf, row_info->rowbytes+1);
2655 #else
2656 unsigned int filter_to_do = png_ptr->do_filter;
2657 png_bytep row_buf;
2658 png_bytep best_row;
2659 png_uint_32 bpp;
2660 size_t mins;
2661 size_t row_bytes = row_info->rowbytes;
2662
2663 png_debug(1, "in png_write_find_filter");
2664
2665 /* Find out how many bytes offset each pixel is */
2666 bpp = (row_info->pixel_depth + 7) >> 3;
2667
2668 row_buf = png_ptr->row_buf;
2669 mins = PNG_SIZE_MAX - 256/* so we can detect potential overflow of the
2670 running sum */;
2671
2672 /* The prediction method we use is to find which method provides the
2673 * smallest value when summing the absolute values of the distances
2674 * from zero, using anything >= 128 as negative numbers. This is known
2675 * as the "minimum sum of absolute differences" heuristic. Other
2676 * heuristics are the "weighted minimum sum of absolute differences"
2677 * (experimental and can in theory improve compression), and the "zlib
2678 * predictive" method (not implemented yet), which does test compressions
2679 * of lines using different filter methods, and then chooses the
2680 * (series of) filter(s) that give minimum compressed data size (VERY
2681 * computationally expensive).
2682 *
2683 * GRR 980525: consider also
2684 *
2685 * (1) minimum sum of absolute differences from running average (i.e.,
2686 * keep running sum of non-absolute differences & count of bytes)
2687 * [track dispersion, too? restart average if dispersion too large?]
2688 *
2689 * (1b) minimum sum of absolute differences from sliding average, probably
2690 * with window size <= deflate window (usually 32K)
2691 *
2692 * (2) minimum sum of squared differences from zero or running average
2693 * (i.e., ~ root-mean-square approach)
2694 */
2695
2696
2697 /* We don't need to test the 'no filter' case if this is the only filter
2698 * that has been chosen, as it doesn't actually do anything to the data.
2699 */
2700 best_row = png_ptr->row_buf;
2701
2702 if (PNG_SIZE_MAX/128 <= row_bytes)
2703 {
2704 /* Overflow can occur in the calculation, just select the lowest set
2705 * filter.
2706 */
2707 filter_to_do &= 0U-filter_to_do;
2708 }
2709 else if ((filter_to_do & PNG_FILTER_NONE) != 0 &&
2710 filter_to_do != PNG_FILTER_NONE)
2711 {
2712 /* Overflow not possible and multiple filters in the list, including the
2713 * 'none' filter.
2714 */
2715 png_bytep rp;
2716 size_t sum = 0;
2717 size_t i;
2718 unsigned int v;
2719
2720 {
2721 for (i = 0, rp = row_buf + 1; i < row_bytes; i++, rp++)
2722 {
2723 v = *rp;
2724 #ifdef PNG_USE_ABS
2725 sum += 128 - abs((int)v - 128);
2726 #else
2727 sum += (v < 128) ? v : 256 - v;
2728 #endif
2729 }
2730 }
2731
2732 mins = sum;
2733 }
2734
2735 /* Sub filter */
2736 if (filter_to_do == PNG_FILTER_SUB)
2737 /* It's the only filter so no testing is needed */
2738 {
2739 png_setup_sub_row_only(png_ptr, bpp, row_bytes);
2740 best_row = png_ptr->try_row;
2741 }
2742
2743 else if ((filter_to_do & PNG_FILTER_SUB) != 0)
2744 {
2745 size_t sum;
2746 size_t lmins = mins;
2747
2748 sum = png_setup_sub_row(png_ptr, bpp, row_bytes, lmins);
2749
2750 if (sum < mins)
2751 {
2752 mins = sum;
2753 best_row = png_ptr->try_row;
2754 if (png_ptr->tst_row != NULL)
2755 {
2756 png_ptr->try_row = png_ptr->tst_row;
2757 png_ptr->tst_row = best_row;
2758 }
2759 }
2760 }
2761
2762 /* Up filter */
2763 if (filter_to_do == PNG_FILTER_UP)
2764 {
2765 png_setup_up_row_only(png_ptr, row_bytes);
2766 best_row = png_ptr->try_row;
2767 }
2768
2769 else if ((filter_to_do & PNG_FILTER_UP) != 0)
2770 {
2771 size_t sum;
2772 size_t lmins = mins;
2773
2774 sum = png_setup_up_row(png_ptr, row_bytes, lmins);
2775
2776 if (sum < mins)
2777 {
2778 mins = sum;
2779 best_row = png_ptr->try_row;
2780 if (png_ptr->tst_row != NULL)
2781 {
2782 png_ptr->try_row = png_ptr->tst_row;
2783 png_ptr->tst_row = best_row;
2784 }
2785 }
2786 }
2787
2788 /* Avg filter */
2789 if (filter_to_do == PNG_FILTER_AVG)
2790 {
2791 png_setup_avg_row_only(png_ptr, bpp, row_bytes);
2792 best_row = png_ptr->try_row;
2793 }
2794
2795 else if ((filter_to_do & PNG_FILTER_AVG) != 0)
2796 {
2797 size_t sum;
2798 size_t lmins = mins;
2799
2800 sum= png_setup_avg_row(png_ptr, bpp, row_bytes, lmins);
2801
2802 if (sum < mins)
2803 {
2804 mins = sum;
2805 best_row = png_ptr->try_row;
2806 if (png_ptr->tst_row != NULL)
2807 {
2808 png_ptr->try_row = png_ptr->tst_row;
2809 png_ptr->tst_row = best_row;
2810 }
2811 }
2812 }
2813
2814 /* Paeth filter */
2815 if (filter_to_do == PNG_FILTER_PAETH)
2816 {
2817 png_setup_paeth_row_only(png_ptr, bpp, row_bytes);
2818 best_row = png_ptr->try_row;
2819 }
2820
2821 else if ((filter_to_do & PNG_FILTER_PAETH) != 0)
2822 {
2823 size_t sum;
2824 size_t lmins = mins;
2825
2826 sum = png_setup_paeth_row(png_ptr, bpp, row_bytes, lmins);
2827
2828 if (sum < mins)
2829 {
2830 best_row = png_ptr->try_row;
2831 if (png_ptr->tst_row != NULL)
2832 {
2833 png_ptr->try_row = png_ptr->tst_row;
2834 png_ptr->tst_row = best_row;
2835 }
2836 }
2837 }
2838
2839 /* Do the actual writing of the filtered row data from the chosen filter. */
2840 png_write_filtered_row(png_ptr, best_row, row_info->rowbytes+1);
2841
2842 #endif /* WRITE_FILTER */
2843 }
2844
2845
2846 /* Do the actual writing of a previously filtered row. */
2847 static void
png_write_filtered_row(png_structrp png_ptr,png_bytep filtered_row,size_t full_row_length)2848 png_write_filtered_row(png_structrp png_ptr, png_bytep filtered_row,
2849 size_t full_row_length/*includes filter byte*/)
2850 {
2851 png_debug(1, "in png_write_filtered_row");
2852
2853 png_debug1(2, "filter = %d", filtered_row[0]);
2854
2855 png_compress_IDAT(png_ptr, filtered_row, full_row_length, Z_NO_FLUSH);
2856
2857 #ifdef PNG_WRITE_FILTER_SUPPORTED
2858 /* Swap the current and previous rows */
2859 if (png_ptr->prev_row != NULL)
2860 {
2861 png_bytep tptr;
2862
2863 tptr = png_ptr->prev_row;
2864 png_ptr->prev_row = png_ptr->row_buf;
2865 png_ptr->row_buf = tptr;
2866 }
2867 #endif /* WRITE_FILTER */
2868
2869 /* Finish row - updates counters and flushes zlib if last row */
2870 png_write_finish_row(png_ptr);
2871
2872 #ifdef PNG_WRITE_FLUSH_SUPPORTED
2873 png_ptr->flush_rows++;
2874
2875 if (png_ptr->flush_dist > 0 &&
2876 png_ptr->flush_rows >= png_ptr->flush_dist)
2877 {
2878 png_write_flush(png_ptr);
2879 }
2880 #endif /* WRITE_FLUSH */
2881 }
2882
2883 #ifdef PNG_WRITE_APNG_SUPPORTED
2884 void /* PRIVATE */
png_write_reset(png_structp png_ptr)2885 png_write_reset(png_structp png_ptr)
2886 {
2887 png_ptr->row_number = 0;
2888 png_ptr->pass = 0;
2889 png_ptr->mode &= ~PNG_HAVE_IDAT;
2890 }
2891
2892 void /* PRIVATE */
png_write_reinit(png_structp png_ptr,png_infop info_ptr,png_uint_32 width,png_uint_32 height)2893 png_write_reinit(png_structp png_ptr, png_infop info_ptr,
2894 png_uint_32 width, png_uint_32 height)
2895 {
2896 if (png_ptr->num_frames_written == 0 &&
2897 (width != png_ptr->first_frame_width ||
2898 height != png_ptr->first_frame_height))
2899 png_error(png_ptr, "width and/or height in the first frame's fcTL "
2900 "don't match the ones in IHDR");
2901 if (width > png_ptr->first_frame_width ||
2902 height > png_ptr->first_frame_height)
2903 png_error(png_ptr, "width and/or height for a frame greater than "
2904 "the ones in IHDR");
2905
2906 png_set_IHDR(png_ptr, info_ptr, width, height,
2907 info_ptr->bit_depth, info_ptr->color_type,
2908 info_ptr->interlace_type, info_ptr->compression_type,
2909 info_ptr->filter_type);
2910
2911 png_ptr->width = width;
2912 png_ptr->height = height;
2913 png_ptr->rowbytes = PNG_ROWBYTES(png_ptr->pixel_depth, width);
2914 png_ptr->usr_width = png_ptr->width;
2915 }
2916 #endif /* WRITE_APNG */
2917 #endif /* WRITE */
2918