1
2 /* pngwutil.c - utilities to write a PNG file
3 *
4 * Last changed in libpng 1.6.32 [August 24, 2017]
5 * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
8 *
9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer
11 * and license in png.h
12 */
13
14 #include "pngpriv.h"
15
16 #ifdef PNG_WRITE_SUPPORTED
17
18 #ifdef PNG_WRITE_INT_FUNCTIONS_SUPPORTED
19 /* Place a 32-bit number into a buffer in PNG byte order. We work
20 * with unsigned numbers for convenience, although one supported
21 * ancillary chunk uses signed (two's complement) numbers.
22 */
23 void PNGAPI
png_save_uint_32(png_bytep buf,png_uint_32 i)24 png_save_uint_32(png_bytep buf, png_uint_32 i)
25 {
26 buf[0] = (png_byte)((i >> 24) & 0xffU);
27 buf[1] = (png_byte)((i >> 16) & 0xffU);
28 buf[2] = (png_byte)((i >> 8) & 0xffU);
29 buf[3] = (png_byte)( i & 0xffU);
30 }
31
32 /* Place a 16-bit number into a buffer in PNG byte order.
33 * The parameter is declared unsigned int, not png_uint_16,
34 * just to avoid potential problems on pre-ANSI C compilers.
35 */
36 void PNGAPI
png_save_uint_16(png_bytep buf,unsigned int i)37 png_save_uint_16(png_bytep buf, unsigned int i)
38 {
39 buf[0] = (png_byte)((i >> 8) & 0xffU);
40 buf[1] = (png_byte)( i & 0xffU);
41 }
42 #endif
43
44 /* Simple function to write the signature. If we have already written
45 * the magic bytes of the signature, or more likely, the PNG stream is
46 * being embedded into another stream and doesn't need its own signature,
47 * we should call png_set_sig_bytes() to tell libpng how many of the
48 * bytes have already been written.
49 */
50 void PNGAPI
png_write_sig(png_structrp png_ptr)51 png_write_sig(png_structrp png_ptr)
52 {
53 png_byte png_signature[8] = {137, 80, 78, 71, 13, 10, 26, 10};
54
55 #ifdef PNG_IO_STATE_SUPPORTED
56 /* Inform the I/O callback that the signature is being written */
57 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_SIGNATURE;
58 #endif
59
60 /* Write the rest of the 8 byte signature */
61 png_write_data(png_ptr, &png_signature[png_ptr->sig_bytes],
62 (png_size_t)(8 - png_ptr->sig_bytes));
63
64 if (png_ptr->sig_bytes < 3)
65 png_ptr->mode |= PNG_HAVE_PNG_SIGNATURE;
66 }
67
68 /* Write the start of a PNG chunk. The type is the chunk type.
69 * The total_length is the sum of the lengths of all the data you will be
70 * passing in png_write_chunk_data().
71 */
72 static void
png_write_chunk_header(png_structrp png_ptr,png_uint_32 chunk_name,png_uint_32 length)73 png_write_chunk_header(png_structrp png_ptr, png_uint_32 chunk_name,
74 png_uint_32 length)
75 {
76 png_byte buf[8];
77
78 #if defined(PNG_DEBUG) && (PNG_DEBUG > 0)
79 PNG_CSTRING_FROM_CHUNK(buf, chunk_name);
80 png_debug2(0, "Writing %s chunk, length = %lu", buf, (unsigned long)length);
81 #endif
82
83 if (png_ptr == NULL)
84 return;
85
86 #ifdef PNG_IO_STATE_SUPPORTED
87 /* Inform the I/O callback that the chunk header is being written.
88 * PNG_IO_CHUNK_HDR requires a single I/O call.
89 */
90 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_CHUNK_HDR;
91 #endif
92
93 /* Write the length and the chunk name */
94 png_save_uint_32(buf, length);
95 png_save_uint_32(buf + 4, chunk_name);
96 png_write_data(png_ptr, buf, 8);
97
98 /* Put the chunk name into png_ptr->chunk_name */
99 png_ptr->chunk_name = chunk_name;
100
101 /* Reset the crc and run it over the chunk name */
102 png_reset_crc(png_ptr);
103
104 png_calculate_crc(png_ptr, buf + 4, 4);
105
106 #ifdef PNG_IO_STATE_SUPPORTED
107 /* Inform the I/O callback that chunk data will (possibly) be written.
108 * PNG_IO_CHUNK_DATA does NOT require a specific number of I/O calls.
109 */
110 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_CHUNK_DATA;
111 #endif
112 }
113
114 void PNGAPI
png_write_chunk_start(png_structrp png_ptr,png_const_bytep chunk_string,png_uint_32 length)115 png_write_chunk_start(png_structrp png_ptr, png_const_bytep chunk_string,
116 png_uint_32 length)
117 {
118 png_write_chunk_header(png_ptr, PNG_CHUNK_FROM_STRING(chunk_string), length);
119 }
120
121 /* Write the data of a PNG chunk started with png_write_chunk_header().
122 * Note that multiple calls to this function are allowed, and that the
123 * sum of the lengths from these calls *must* add up to the total_length
124 * given to png_write_chunk_header().
125 */
126 void PNGAPI
png_write_chunk_data(png_structrp png_ptr,png_const_bytep data,png_size_t length)127 png_write_chunk_data(png_structrp png_ptr, png_const_bytep data,
128 png_size_t length)
129 {
130 /* Write the data, and run the CRC over it */
131 if (png_ptr == NULL)
132 return;
133
134 if (data != NULL && length > 0)
135 {
136 png_write_data(png_ptr, data, length);
137
138 /* Update the CRC after writing the data,
139 * in case the user I/O routine alters it.
140 */
141 png_calculate_crc(png_ptr, data, length);
142 }
143 }
144
145 /* Finish a chunk started with png_write_chunk_header(). */
146 void PNGAPI
png_write_chunk_end(png_structrp png_ptr)147 png_write_chunk_end(png_structrp png_ptr)
148 {
149 png_byte buf[4];
150
151 if (png_ptr == NULL) return;
152
153 #ifdef PNG_IO_STATE_SUPPORTED
154 /* Inform the I/O callback that the chunk CRC is being written.
155 * PNG_IO_CHUNK_CRC requires a single I/O function call.
156 */
157 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_CHUNK_CRC;
158 #endif
159
160 /* Write the crc in a single operation */
161 png_save_uint_32(buf, png_ptr->crc);
162
163 png_write_data(png_ptr, buf, (png_size_t)4);
164 }
165
166 /* Write a PNG chunk all at once. The type is an array of ASCII characters
167 * representing the chunk name. The array must be at least 4 bytes in
168 * length, and does not need to be null terminated. To be safe, pass the
169 * pre-defined chunk names here, and if you need a new one, define it
170 * where the others are defined. The length is the length of the data.
171 * All the data must be present. If that is not possible, use the
172 * png_write_chunk_start(), png_write_chunk_data(), and png_write_chunk_end()
173 * functions instead.
174 */
175 static void
png_write_complete_chunk(png_structrp png_ptr,png_uint_32 chunk_name,png_const_bytep data,png_size_t length)176 png_write_complete_chunk(png_structrp png_ptr, png_uint_32 chunk_name,
177 png_const_bytep data, png_size_t length)
178 {
179 if (png_ptr == NULL)
180 return;
181
182 /* On 64-bit architectures 'length' may not fit in a png_uint_32. */
183 if (length > PNG_UINT_31_MAX)
184 png_error(png_ptr, "length exceeds PNG maximum");
185
186 png_write_chunk_header(png_ptr, chunk_name, (png_uint_32)length);
187 png_write_chunk_data(png_ptr, data, length);
188 png_write_chunk_end(png_ptr);
189 }
190
191 /* This is the API that calls the internal function above. */
192 void PNGAPI
png_write_chunk(png_structrp png_ptr,png_const_bytep chunk_string,png_const_bytep data,png_size_t length)193 png_write_chunk(png_structrp png_ptr, png_const_bytep chunk_string,
194 png_const_bytep data, png_size_t length)
195 {
196 png_write_complete_chunk(png_ptr, PNG_CHUNK_FROM_STRING(chunk_string), data,
197 length);
198 }
199
200 /* This is used below to find the size of an image to pass to png_deflate_claim,
201 * so it only needs to be accurate if the size is less than 16384 bytes (the
202 * point at which a lower LZ window size can be used.)
203 */
204 static png_alloc_size_t
png_image_size(png_structrp png_ptr)205 png_image_size(png_structrp png_ptr)
206 {
207 /* Only return sizes up to the maximum of a png_uint_32; do this by limiting
208 * the width and height used to 15 bits.
209 */
210 png_uint_32 h = png_ptr->height;
211
212 if (png_ptr->rowbytes < 32768 && h < 32768)
213 {
214 if (png_ptr->interlaced != 0)
215 {
216 /* Interlacing makes the image larger because of the replication of
217 * both the filter byte and the padding to a byte boundary.
218 */
219 png_uint_32 w = png_ptr->width;
220 unsigned int pd = png_ptr->pixel_depth;
221 png_alloc_size_t cb_base;
222 int pass;
223
224 for (cb_base=0, pass=0; pass<=6; ++pass)
225 {
226 png_uint_32 pw = PNG_PASS_COLS(w, pass);
227
228 if (pw > 0)
229 cb_base += (PNG_ROWBYTES(pd, pw)+1) * PNG_PASS_ROWS(h, pass);
230 }
231
232 return cb_base;
233 }
234
235 else
236 return (png_ptr->rowbytes+1) * h;
237 }
238
239 else
240 return 0xffffffffU;
241 }
242
243 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
244 /* This is the code to hack the first two bytes of the deflate stream (the
245 * deflate header) to correct the windowBits value to match the actual data
246 * size. Note that the second argument is the *uncompressed* size but the
247 * first argument is the *compressed* data (and it must be deflate
248 * compressed.)
249 */
250 static void
optimize_cmf(png_bytep data,png_alloc_size_t data_size)251 optimize_cmf(png_bytep data, png_alloc_size_t data_size)
252 {
253 /* Optimize the CMF field in the zlib stream. The resultant zlib stream is
254 * still compliant to the stream specification.
255 */
256 if (data_size <= 16384) /* else windowBits must be 15 */
257 {
258 unsigned int z_cmf = data[0]; /* zlib compression method and flags */
259
260 if ((z_cmf & 0x0f) == 8 && (z_cmf & 0xf0) <= 0x70)
261 {
262 unsigned int z_cinfo;
263 unsigned int half_z_window_size;
264
265 z_cinfo = z_cmf >> 4;
266 half_z_window_size = 1U << (z_cinfo + 7);
267
268 if (data_size <= half_z_window_size) /* else no change */
269 {
270 unsigned int tmp;
271
272 do
273 {
274 half_z_window_size >>= 1;
275 --z_cinfo;
276 }
277 while (z_cinfo > 0 && data_size <= half_z_window_size);
278
279 z_cmf = (z_cmf & 0x0f) | (z_cinfo << 4);
280
281 data[0] = (png_byte)z_cmf;
282 tmp = data[1] & 0xe0;
283 tmp += 0x1f - ((z_cmf << 8) + tmp) % 0x1f;
284 data[1] = (png_byte)tmp;
285 }
286 }
287 }
288 }
289 #endif /* WRITE_OPTIMIZE_CMF */
290
291 /* Initialize the compressor for the appropriate type of compression. */
292 static int
png_deflate_claim(png_structrp png_ptr,png_uint_32 owner,png_alloc_size_t data_size)293 png_deflate_claim(png_structrp png_ptr, png_uint_32 owner,
294 png_alloc_size_t data_size)
295 {
296 if (png_ptr->zowner != 0)
297 {
298 #if defined(PNG_WARNINGS_SUPPORTED) || defined(PNG_ERROR_TEXT_SUPPORTED)
299 char msg[64];
300
301 PNG_STRING_FROM_CHUNK(msg, owner);
302 msg[4] = ':';
303 msg[5] = ' ';
304 PNG_STRING_FROM_CHUNK(msg+6, png_ptr->zowner);
305 /* So the message that results is "<chunk> using zstream"; this is an
306 * internal error, but is very useful for debugging. i18n requirements
307 * are minimal.
308 */
309 (void)png_safecat(msg, (sizeof msg), 10, " using zstream");
310 #endif
311 #if PNG_RELEASE_BUILD
312 png_warning(png_ptr, msg);
313
314 /* Attempt sane error recovery */
315 if (png_ptr->zowner == png_IDAT) /* don't steal from IDAT */
316 {
317 png_ptr->zstream.msg = PNGZ_MSG_CAST("in use by IDAT");
318 return Z_STREAM_ERROR;
319 }
320
321 png_ptr->zowner = 0;
322 #else
323 png_error(png_ptr, msg);
324 #endif
325 }
326
327 {
328 int level = png_ptr->zlib_level;
329 int method = png_ptr->zlib_method;
330 int windowBits = png_ptr->zlib_window_bits;
331 int memLevel = png_ptr->zlib_mem_level;
332 int strategy; /* set below */
333 int ret; /* zlib return code */
334
335 if (owner == png_IDAT)
336 {
337 if ((png_ptr->flags & PNG_FLAG_ZLIB_CUSTOM_STRATEGY) != 0)
338 strategy = png_ptr->zlib_strategy;
339
340 else if (png_ptr->do_filter != PNG_FILTER_NONE)
341 strategy = PNG_Z_DEFAULT_STRATEGY;
342
343 else
344 strategy = PNG_Z_DEFAULT_NOFILTER_STRATEGY;
345 }
346
347 else
348 {
349 #ifdef PNG_WRITE_CUSTOMIZE_ZTXT_COMPRESSION_SUPPORTED
350 level = png_ptr->zlib_text_level;
351 method = png_ptr->zlib_text_method;
352 windowBits = png_ptr->zlib_text_window_bits;
353 memLevel = png_ptr->zlib_text_mem_level;
354 strategy = png_ptr->zlib_text_strategy;
355 #else
356 /* If customization is not supported the values all come from the
357 * IDAT values except for the strategy, which is fixed to the
358 * default. (This is the pre-1.6.0 behavior too, although it was
359 * implemented in a very different way.)
360 */
361 strategy = Z_DEFAULT_STRATEGY;
362 #endif
363 }
364
365 /* Adjust 'windowBits' down if larger than 'data_size'; to stop this
366 * happening just pass 32768 as the data_size parameter. Notice that zlib
367 * requires an extra 262 bytes in the window in addition to the data to be
368 * able to see the whole of the data, so if data_size+262 takes us to the
369 * next windowBits size we need to fix up the value later. (Because even
370 * though deflate needs the extra window, inflate does not!)
371 */
372 if (data_size <= 16384)
373 {
374 /* IMPLEMENTATION NOTE: this 'half_window_size' stuff is only here to
375 * work round a Microsoft Visual C misbehavior which, contrary to C-90,
376 * widens the result of the following shift to 64-bits if (and,
377 * apparently, only if) it is used in a test.
378 */
379 unsigned int half_window_size = 1U << (windowBits-1);
380
381 while (data_size + 262 <= half_window_size)
382 {
383 half_window_size >>= 1;
384 --windowBits;
385 }
386 }
387
388 /* Check against the previous initialized values, if any. */
389 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_INITIALIZED) != 0 &&
390 (png_ptr->zlib_set_level != level ||
391 png_ptr->zlib_set_method != method ||
392 png_ptr->zlib_set_window_bits != windowBits ||
393 png_ptr->zlib_set_mem_level != memLevel ||
394 png_ptr->zlib_set_strategy != strategy))
395 {
396 if (deflateEnd(&png_ptr->zstream) != Z_OK)
397 png_warning(png_ptr, "deflateEnd failed (ignored)");
398
399 png_ptr->flags &= ~PNG_FLAG_ZSTREAM_INITIALIZED;
400 }
401
402 /* For safety clear out the input and output pointers (currently zlib
403 * doesn't use them on Init, but it might in the future).
404 */
405 png_ptr->zstream.next_in = NULL;
406 png_ptr->zstream.avail_in = 0;
407 png_ptr->zstream.next_out = NULL;
408 png_ptr->zstream.avail_out = 0;
409
410 /* Now initialize if required, setting the new parameters, otherwise just
411 * do a simple reset to the previous parameters.
412 */
413 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_INITIALIZED) != 0)
414 ret = deflateReset(&png_ptr->zstream);
415
416 else
417 {
418 ret = deflateInit2(&png_ptr->zstream, level, method, windowBits,
419 memLevel, strategy);
420
421 if (ret == Z_OK)
422 png_ptr->flags |= PNG_FLAG_ZSTREAM_INITIALIZED;
423 }
424
425 /* The return code is from either deflateReset or deflateInit2; they have
426 * pretty much the same set of error codes.
427 */
428 if (ret == Z_OK)
429 png_ptr->zowner = owner;
430
431 else
432 png_zstream_error(png_ptr, ret);
433
434 return ret;
435 }
436 }
437
438 /* Clean up (or trim) a linked list of compression buffers. */
439 void /* PRIVATE */
png_free_buffer_list(png_structrp png_ptr,png_compression_bufferp * listp)440 png_free_buffer_list(png_structrp png_ptr, png_compression_bufferp *listp)
441 {
442 png_compression_bufferp list = *listp;
443
444 if (list != NULL)
445 {
446 *listp = NULL;
447
448 do
449 {
450 png_compression_bufferp next = list->next;
451
452 png_free(png_ptr, list);
453 list = next;
454 }
455 while (list != NULL);
456 }
457 }
458
459 #ifdef PNG_WRITE_COMPRESSED_TEXT_SUPPORTED
460 /* This pair of functions encapsulates the operation of (a) compressing a
461 * text string, and (b) issuing it later as a series of chunk data writes.
462 * The compression_state structure is shared context for these functions
463 * set up by the caller to allow access to the relevant local variables.
464 *
465 * compression_buffer (new in 1.6.0) is just a linked list of zbuffer_size
466 * temporary buffers. From 1.6.0 it is retained in png_struct so that it will
467 * be correctly freed in the event of a write error (previous implementations
468 * just leaked memory.)
469 */
470 typedef struct
471 {
472 png_const_bytep input; /* The uncompressed input data */
473 png_alloc_size_t input_len; /* Its length */
474 png_uint_32 output_len; /* Final compressed length */
475 png_byte output[1024]; /* First block of output */
476 } compression_state;
477
478 static void
png_text_compress_init(compression_state * comp,png_const_bytep input,png_alloc_size_t input_len)479 png_text_compress_init(compression_state *comp, png_const_bytep input,
480 png_alloc_size_t input_len)
481 {
482 comp->input = input;
483 comp->input_len = input_len;
484 comp->output_len = 0;
485 }
486
487 /* Compress the data in the compression state input */
488 static int
png_text_compress(png_structrp png_ptr,png_uint_32 chunk_name,compression_state * comp,png_uint_32 prefix_len)489 png_text_compress(png_structrp png_ptr, png_uint_32 chunk_name,
490 compression_state *comp, png_uint_32 prefix_len)
491 {
492 int ret;
493
494 /* To find the length of the output it is necessary to first compress the
495 * input. The result is buffered rather than using the two-pass algorithm
496 * that is used on the inflate side; deflate is assumed to be slower and a
497 * PNG writer is assumed to have more memory available than a PNG reader.
498 *
499 * IMPLEMENTATION NOTE: the zlib API deflateBound() can be used to find an
500 * upper limit on the output size, but it is always bigger than the input
501 * size so it is likely to be more efficient to use this linked-list
502 * approach.
503 */
504 ret = png_deflate_claim(png_ptr, chunk_name, comp->input_len);
505
506 if (ret != Z_OK)
507 return ret;
508
509 /* Set up the compression buffers, we need a loop here to avoid overflowing a
510 * uInt. Use ZLIB_IO_MAX to limit the input. The output is always limited
511 * by the output buffer size, so there is no need to check that. Since this
512 * is ANSI-C we know that an 'int', hence a uInt, is always at least 16 bits
513 * in size.
514 */
515 {
516 png_compression_bufferp *end = &png_ptr->zbuffer_list;
517 png_alloc_size_t input_len = comp->input_len; /* may be zero! */
518 png_uint_32 output_len;
519
520 /* zlib updates these for us: */
521 png_ptr->zstream.next_in = PNGZ_INPUT_CAST(comp->input);
522 png_ptr->zstream.avail_in = 0; /* Set below */
523 png_ptr->zstream.next_out = comp->output;
524 png_ptr->zstream.avail_out = (sizeof comp->output);
525
526 output_len = png_ptr->zstream.avail_out;
527
528 do
529 {
530 uInt avail_in = ZLIB_IO_MAX;
531
532 if (avail_in > input_len)
533 avail_in = (uInt)input_len;
534
535 input_len -= avail_in;
536
537 png_ptr->zstream.avail_in = avail_in;
538
539 if (png_ptr->zstream.avail_out == 0)
540 {
541 png_compression_buffer *next;
542
543 /* Chunk data is limited to 2^31 bytes in length, so the prefix
544 * length must be counted here.
545 */
546 if (output_len + prefix_len > PNG_UINT_31_MAX)
547 {
548 ret = Z_MEM_ERROR;
549 break;
550 }
551
552 /* Need a new (malloc'ed) buffer, but there may be one present
553 * already.
554 */
555 next = *end;
556 if (next == NULL)
557 {
558 next = png_voidcast(png_compression_bufferp, png_malloc_base
559 (png_ptr, PNG_COMPRESSION_BUFFER_SIZE(png_ptr)));
560
561 if (next == NULL)
562 {
563 ret = Z_MEM_ERROR;
564 break;
565 }
566
567 /* Link in this buffer (so that it will be freed later) */
568 next->next = NULL;
569 *end = next;
570 }
571
572 png_ptr->zstream.next_out = next->output;
573 png_ptr->zstream.avail_out = png_ptr->zbuffer_size;
574 output_len += png_ptr->zstream.avail_out;
575
576 /* Move 'end' to the next buffer pointer. */
577 end = &next->next;
578 }
579
580 /* Compress the data */
581 ret = deflate(&png_ptr->zstream,
582 input_len > 0 ? Z_NO_FLUSH : Z_FINISH);
583
584 /* Claw back input data that was not consumed (because avail_in is
585 * reset above every time round the loop).
586 */
587 input_len += png_ptr->zstream.avail_in;
588 png_ptr->zstream.avail_in = 0; /* safety */
589 }
590 while (ret == Z_OK);
591
592 /* There may be some space left in the last output buffer. This needs to
593 * be subtracted from output_len.
594 */
595 output_len -= png_ptr->zstream.avail_out;
596 png_ptr->zstream.avail_out = 0; /* safety */
597 comp->output_len = output_len;
598
599 /* Now double check the output length, put in a custom message if it is
600 * too long. Otherwise ensure the z_stream::msg pointer is set to
601 * something.
602 */
603 if (output_len + prefix_len >= PNG_UINT_31_MAX)
604 {
605 png_ptr->zstream.msg = PNGZ_MSG_CAST("compressed data too long");
606 ret = Z_MEM_ERROR;
607 }
608
609 else
610 png_zstream_error(png_ptr, ret);
611
612 /* Reset zlib for another zTXt/iTXt or image data */
613 png_ptr->zowner = 0;
614
615 /* The only success case is Z_STREAM_END, input_len must be 0; if not this
616 * is an internal error.
617 */
618 if (ret == Z_STREAM_END && input_len == 0)
619 {
620 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
621 /* Fix up the deflate header, if required */
622 optimize_cmf(comp->output, comp->input_len);
623 #endif
624 /* But Z_OK is returned, not Z_STREAM_END; this allows the claim
625 * function above to return Z_STREAM_END on an error (though it never
626 * does in the current versions of zlib.)
627 */
628 return Z_OK;
629 }
630
631 else
632 return ret;
633 }
634 }
635
636 /* Ship the compressed text out via chunk writes */
637 static void
png_write_compressed_data_out(png_structrp png_ptr,compression_state * comp)638 png_write_compressed_data_out(png_structrp png_ptr, compression_state *comp)
639 {
640 png_uint_32 output_len = comp->output_len;
641 png_const_bytep output = comp->output;
642 png_uint_32 avail = (sizeof comp->output);
643 png_compression_buffer *next = png_ptr->zbuffer_list;
644
645 for (;;)
646 {
647 if (avail > output_len)
648 avail = output_len;
649
650 png_write_chunk_data(png_ptr, output, avail);
651
652 output_len -= avail;
653
654 if (output_len == 0 || next == NULL)
655 break;
656
657 avail = png_ptr->zbuffer_size;
658 output = next->output;
659 next = next->next;
660 }
661
662 /* This is an internal error; 'next' must have been NULL! */
663 if (output_len > 0)
664 png_error(png_ptr, "error writing ancillary chunked compressed data");
665 }
666 #endif /* WRITE_COMPRESSED_TEXT */
667
668 /* Write the IHDR chunk, and update the png_struct with the necessary
669 * information. Note that the rest of this code depends upon this
670 * information being correct.
671 */
672 void /* PRIVATE */
png_write_IHDR(png_structrp png_ptr,png_uint_32 width,png_uint_32 height,int bit_depth,int color_type,int compression_type,int filter_type,int interlace_type)673 png_write_IHDR(png_structrp png_ptr, png_uint_32 width, png_uint_32 height,
674 int bit_depth, int color_type, int compression_type, int filter_type,
675 int interlace_type)
676 {
677 png_byte buf[13]; /* Buffer to store the IHDR info */
678 int is_invalid_depth;
679
680 png_debug(1, "in png_write_IHDR");
681
682 /* Check that we have valid input data from the application info */
683 switch (color_type)
684 {
685 case PNG_COLOR_TYPE_GRAY:
686 switch (bit_depth)
687 {
688 case 1:
689 case 2:
690 case 4:
691 case 8:
692 #ifdef PNG_WRITE_16BIT_SUPPORTED
693 case 16:
694 #endif
695 png_ptr->channels = 1; break;
696
697 default:
698 png_error(png_ptr,
699 "Invalid bit depth for grayscale image");
700 }
701 break;
702
703 case PNG_COLOR_TYPE_RGB:
704 is_invalid_depth = (bit_depth != 8);
705 #ifdef PNG_WRITE_16BIT_SUPPORTED
706 is_invalid_depth = (is_invalid_depth && bit_depth != 16);
707 #endif
708 if (is_invalid_depth)
709 png_error(png_ptr, "Invalid bit depth for RGB image");
710
711 png_ptr->channels = 3;
712 break;
713
714 case PNG_COLOR_TYPE_PALETTE:
715 switch (bit_depth)
716 {
717 case 1:
718 case 2:
719 case 4:
720 case 8:
721 png_ptr->channels = 1;
722 break;
723
724 default:
725 png_error(png_ptr, "Invalid bit depth for paletted image");
726 }
727 break;
728
729 case PNG_COLOR_TYPE_GRAY_ALPHA:
730 is_invalid_depth = (bit_depth != 8);
731 #ifdef PNG_WRITE_16BIT_SUPPORTED
732 is_invalid_depth = (is_invalid_depth && bit_depth != 16);
733 #endif
734 if (is_invalid_depth)
735 png_error(png_ptr, "Invalid bit depth for grayscale+alpha image");
736
737 png_ptr->channels = 2;
738 break;
739
740 case PNG_COLOR_TYPE_RGB_ALPHA:
741 is_invalid_depth = (bit_depth != 8);
742 #ifdef PNG_WRITE_16BIT_SUPPORTED
743 is_invalid_depth = (is_invalid_depth && bit_depth != 16);
744 #endif
745 if (is_invalid_depth)
746 png_error(png_ptr, "Invalid bit depth for RGBA image");
747
748 png_ptr->channels = 4;
749 break;
750
751 default:
752 png_error(png_ptr, "Invalid image color type specified");
753 }
754
755 if (compression_type != PNG_COMPRESSION_TYPE_BASE)
756 {
757 png_warning(png_ptr, "Invalid compression type specified");
758 compression_type = PNG_COMPRESSION_TYPE_BASE;
759 }
760
761 /* Write filter_method 64 (intrapixel differencing) only if
762 * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and
763 * 2. Libpng did not write a PNG signature (this filter_method is only
764 * used in PNG datastreams that are embedded in MNG datastreams) and
765 * 3. The application called png_permit_mng_features with a mask that
766 * included PNG_FLAG_MNG_FILTER_64 and
767 * 4. The filter_method is 64 and
768 * 5. The color_type is RGB or RGBA
769 */
770 if (
771 #ifdef PNG_MNG_FEATURES_SUPPORTED
772 !((png_ptr->mng_features_permitted & PNG_FLAG_MNG_FILTER_64) != 0 &&
773 ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) == 0) &&
774 (color_type == PNG_COLOR_TYPE_RGB ||
775 color_type == PNG_COLOR_TYPE_RGB_ALPHA) &&
776 (filter_type == PNG_INTRAPIXEL_DIFFERENCING)) &&
777 #endif
778 filter_type != PNG_FILTER_TYPE_BASE)
779 {
780 png_warning(png_ptr, "Invalid filter type specified");
781 filter_type = PNG_FILTER_TYPE_BASE;
782 }
783
784 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
785 if (interlace_type != PNG_INTERLACE_NONE &&
786 interlace_type != PNG_INTERLACE_ADAM7)
787 {
788 png_warning(png_ptr, "Invalid interlace type specified");
789 interlace_type = PNG_INTERLACE_ADAM7;
790 }
791 #else
792 interlace_type=PNG_INTERLACE_NONE;
793 #endif
794
795 /* Save the relevant information */
796 png_ptr->bit_depth = (png_byte)bit_depth;
797 png_ptr->color_type = (png_byte)color_type;
798 png_ptr->interlaced = (png_byte)interlace_type;
799 #ifdef PNG_MNG_FEATURES_SUPPORTED
800 png_ptr->filter_type = (png_byte)filter_type;
801 #endif
802 png_ptr->compression_type = (png_byte)compression_type;
803 png_ptr->width = width;
804 png_ptr->height = height;
805
806 png_ptr->pixel_depth = (png_byte)(bit_depth * png_ptr->channels);
807 png_ptr->rowbytes = PNG_ROWBYTES(png_ptr->pixel_depth, width);
808 /* Set the usr info, so any transformations can modify it */
809 png_ptr->usr_width = png_ptr->width;
810 png_ptr->usr_bit_depth = png_ptr->bit_depth;
811 png_ptr->usr_channels = png_ptr->channels;
812
813 /* Pack the header information into the buffer */
814 png_save_uint_32(buf, width);
815 png_save_uint_32(buf + 4, height);
816 buf[8] = (png_byte)bit_depth;
817 buf[9] = (png_byte)color_type;
818 buf[10] = (png_byte)compression_type;
819 buf[11] = (png_byte)filter_type;
820 buf[12] = (png_byte)interlace_type;
821
822 /* Write the chunk */
823 png_write_complete_chunk(png_ptr, png_IHDR, buf, (png_size_t)13);
824
825 if ((png_ptr->do_filter) == PNG_NO_FILTERS)
826 {
827 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE ||
828 png_ptr->bit_depth < 8)
829 png_ptr->do_filter = PNG_FILTER_NONE;
830
831 else
832 png_ptr->do_filter = PNG_ALL_FILTERS;
833 }
834
835 png_ptr->mode = PNG_HAVE_IHDR; /* not READY_FOR_ZTXT */
836 }
837
838 /* Write the palette. We are careful not to trust png_color to be in the
839 * correct order for PNG, so people can redefine it to any convenient
840 * structure.
841 */
842 void /* PRIVATE */
png_write_PLTE(png_structrp png_ptr,png_const_colorp palette,png_uint_32 num_pal)843 png_write_PLTE(png_structrp png_ptr, png_const_colorp palette,
844 png_uint_32 num_pal)
845 {
846 png_uint_32 max_palette_length, i;
847 png_const_colorp pal_ptr;
848 png_byte buf[3];
849
850 png_debug(1, "in png_write_PLTE");
851
852 max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
853 (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
854
855 if ((
856 #ifdef PNG_MNG_FEATURES_SUPPORTED
857 (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0 &&
858 #endif
859 num_pal == 0) || num_pal > max_palette_length)
860 {
861 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
862 {
863 png_error(png_ptr, "Invalid number of colors in palette");
864 }
865
866 else
867 {
868 png_warning(png_ptr, "Invalid number of colors in palette");
869 return;
870 }
871 }
872
873 if ((png_ptr->color_type & PNG_COLOR_MASK_COLOR) == 0)
874 {
875 png_warning(png_ptr,
876 "Ignoring request to write a PLTE chunk in grayscale PNG");
877
878 return;
879 }
880
881 png_ptr->num_palette = (png_uint_16)num_pal;
882 png_debug1(3, "num_palette = %d", png_ptr->num_palette);
883
884 png_write_chunk_header(png_ptr, png_PLTE, (png_uint_32)(num_pal * 3));
885 #ifdef PNG_POINTER_INDEXING_SUPPORTED
886
887 for (i = 0, pal_ptr = palette; i < num_pal; i++, pal_ptr++)
888 {
889 buf[0] = pal_ptr->red;
890 buf[1] = pal_ptr->green;
891 buf[2] = pal_ptr->blue;
892 png_write_chunk_data(png_ptr, buf, (png_size_t)3);
893 }
894
895 #else
896 /* This is a little slower but some buggy compilers need to do this
897 * instead
898 */
899 pal_ptr=palette;
900
901 for (i = 0; i < num_pal; i++)
902 {
903 buf[0] = pal_ptr[i].red;
904 buf[1] = pal_ptr[i].green;
905 buf[2] = pal_ptr[i].blue;
906 png_write_chunk_data(png_ptr, buf, (png_size_t)3);
907 }
908
909 #endif
910 png_write_chunk_end(png_ptr);
911 png_ptr->mode |= PNG_HAVE_PLTE;
912 }
913
914 /* This is similar to png_text_compress, above, except that it does not require
915 * all of the data at once and, instead of buffering the compressed result,
916 * writes it as IDAT chunks. Unlike png_text_compress it *can* png_error out
917 * because it calls the write interface. As a result it does its own error
918 * reporting and does not return an error code. In the event of error it will
919 * just call png_error. The input data length may exceed 32-bits. The 'flush'
920 * parameter is exactly the same as that to deflate, with the following
921 * meanings:
922 *
923 * Z_NO_FLUSH: normal incremental output of compressed data
924 * Z_SYNC_FLUSH: do a SYNC_FLUSH, used by png_write_flush
925 * Z_FINISH: this is the end of the input, do a Z_FINISH and clean up
926 *
927 * The routine manages the acquire and release of the png_ptr->zstream by
928 * checking and (at the end) clearing png_ptr->zowner; it does some sanity
929 * checks on the 'mode' flags while doing this.
930 */
931 void /* PRIVATE */
png_compress_IDAT(png_structrp png_ptr,png_const_bytep input,png_alloc_size_t input_len,int flush)932 png_compress_IDAT(png_structrp png_ptr, png_const_bytep input,
933 png_alloc_size_t input_len, int flush)
934 {
935 if (png_ptr->zowner != png_IDAT)
936 {
937 /* First time. Ensure we have a temporary buffer for compression and
938 * trim the buffer list if it has more than one entry to free memory.
939 * If 'WRITE_COMPRESSED_TEXT' is not set the list will never have been
940 * created at this point, but the check here is quick and safe.
941 */
942 if (png_ptr->zbuffer_list == NULL)
943 {
944 png_ptr->zbuffer_list = png_voidcast(png_compression_bufferp,
945 png_malloc(png_ptr, PNG_COMPRESSION_BUFFER_SIZE(png_ptr)));
946 png_ptr->zbuffer_list->next = NULL;
947 }
948
949 else
950 png_free_buffer_list(png_ptr, &png_ptr->zbuffer_list->next);
951
952 /* It is a terminal error if we can't claim the zstream. */
953 if (png_deflate_claim(png_ptr, png_IDAT, png_image_size(png_ptr)) != Z_OK)
954 png_error(png_ptr, png_ptr->zstream.msg);
955
956 /* The output state is maintained in png_ptr->zstream, so it must be
957 * initialized here after the claim.
958 */
959 png_ptr->zstream.next_out = png_ptr->zbuffer_list->output;
960 png_ptr->zstream.avail_out = png_ptr->zbuffer_size;
961 }
962
963 /* Now loop reading and writing until all the input is consumed or an error
964 * terminates the operation. The _out values are maintained across calls to
965 * this function, but the input must be reset each time.
966 */
967 png_ptr->zstream.next_in = PNGZ_INPUT_CAST(input);
968 png_ptr->zstream.avail_in = 0; /* set below */
969 for (;;)
970 {
971 int ret;
972
973 /* INPUT: from the row data */
974 uInt avail = ZLIB_IO_MAX;
975
976 if (avail > input_len)
977 avail = (uInt)input_len; /* safe because of the check */
978
979 png_ptr->zstream.avail_in = avail;
980 input_len -= avail;
981
982 ret = deflate(&png_ptr->zstream, input_len > 0 ? Z_NO_FLUSH : flush);
983
984 /* Include as-yet unconsumed input */
985 input_len += png_ptr->zstream.avail_in;
986 png_ptr->zstream.avail_in = 0;
987
988 /* OUTPUT: write complete IDAT chunks when avail_out drops to zero. Note
989 * that these two zstream fields are preserved across the calls, therefore
990 * there is no need to set these up on entry to the loop.
991 */
992 if (png_ptr->zstream.avail_out == 0)
993 {
994 png_bytep data = png_ptr->zbuffer_list->output;
995 uInt size = png_ptr->zbuffer_size;
996
997 /* Write an IDAT containing the data then reset the buffer. The
998 * first IDAT may need deflate header optimization.
999 */
1000 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
1001 if ((png_ptr->mode & PNG_HAVE_IDAT) == 0 &&
1002 png_ptr->compression_type == PNG_COMPRESSION_TYPE_BASE)
1003 optimize_cmf(data, png_image_size(png_ptr));
1004 #endif
1005
1006 if (size > 0)
1007 png_write_complete_chunk(png_ptr, png_IDAT, data, size);
1008 png_ptr->mode |= PNG_HAVE_IDAT;
1009
1010 png_ptr->zstream.next_out = data;
1011 png_ptr->zstream.avail_out = size;
1012
1013 /* For SYNC_FLUSH or FINISH it is essential to keep calling zlib with
1014 * the same flush parameter until it has finished output, for NO_FLUSH
1015 * it doesn't matter.
1016 */
1017 if (ret == Z_OK && flush != Z_NO_FLUSH)
1018 continue;
1019 }
1020
1021 /* The order of these checks doesn't matter much; it just affects which
1022 * possible error might be detected if multiple things go wrong at once.
1023 */
1024 if (ret == Z_OK) /* most likely return code! */
1025 {
1026 /* If all the input has been consumed then just return. If Z_FINISH
1027 * was used as the flush parameter something has gone wrong if we get
1028 * here.
1029 */
1030 if (input_len == 0)
1031 {
1032 if (flush == Z_FINISH)
1033 png_error(png_ptr, "Z_OK on Z_FINISH with output space");
1034
1035 return;
1036 }
1037 }
1038
1039 else if (ret == Z_STREAM_END && flush == Z_FINISH)
1040 {
1041 /* This is the end of the IDAT data; any pending output must be
1042 * flushed. For small PNG files we may still be at the beginning.
1043 */
1044 png_bytep data = png_ptr->zbuffer_list->output;
1045 uInt size = png_ptr->zbuffer_size - png_ptr->zstream.avail_out;
1046
1047 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
1048 if ((png_ptr->mode & PNG_HAVE_IDAT) == 0 &&
1049 png_ptr->compression_type == PNG_COMPRESSION_TYPE_BASE)
1050 optimize_cmf(data, png_image_size(png_ptr));
1051 #endif
1052
1053 if (size > 0)
1054 png_write_complete_chunk(png_ptr, png_IDAT, data, size);
1055 png_ptr->zstream.avail_out = 0;
1056 png_ptr->zstream.next_out = NULL;
1057 png_ptr->mode |= PNG_HAVE_IDAT | PNG_AFTER_IDAT;
1058
1059 png_ptr->zowner = 0; /* Release the stream */
1060 return;
1061 }
1062
1063 else
1064 {
1065 /* This is an error condition. */
1066 png_zstream_error(png_ptr, ret);
1067 png_error(png_ptr, png_ptr->zstream.msg);
1068 }
1069 }
1070 }
1071
1072 /* Write an IEND chunk */
1073 void /* PRIVATE */
png_write_IEND(png_structrp png_ptr)1074 png_write_IEND(png_structrp png_ptr)
1075 {
1076 png_debug(1, "in png_write_IEND");
1077
1078 png_write_complete_chunk(png_ptr, png_IEND, NULL, (png_size_t)0);
1079 png_ptr->mode |= PNG_HAVE_IEND;
1080 }
1081
1082 #ifdef PNG_WRITE_gAMA_SUPPORTED
1083 /* Write a gAMA chunk */
1084 void /* PRIVATE */
png_write_gAMA_fixed(png_structrp png_ptr,png_fixed_point file_gamma)1085 png_write_gAMA_fixed(png_structrp png_ptr, png_fixed_point file_gamma)
1086 {
1087 png_byte buf[4];
1088
1089 png_debug(1, "in png_write_gAMA");
1090
1091 /* file_gamma is saved in 1/100,000ths */
1092 png_save_uint_32(buf, (png_uint_32)file_gamma);
1093 png_write_complete_chunk(png_ptr, png_gAMA, buf, (png_size_t)4);
1094 }
1095 #endif
1096
1097 #ifdef PNG_WRITE_sRGB_SUPPORTED
1098 /* Write a sRGB chunk */
1099 void /* PRIVATE */
png_write_sRGB(png_structrp png_ptr,int srgb_intent)1100 png_write_sRGB(png_structrp png_ptr, int srgb_intent)
1101 {
1102 png_byte buf[1];
1103
1104 png_debug(1, "in png_write_sRGB");
1105
1106 if (srgb_intent >= PNG_sRGB_INTENT_LAST)
1107 png_warning(png_ptr,
1108 "Invalid sRGB rendering intent specified");
1109
1110 buf[0]=(png_byte)srgb_intent;
1111 png_write_complete_chunk(png_ptr, png_sRGB, buf, (png_size_t)1);
1112 }
1113 #endif
1114
1115 #ifdef PNG_WRITE_iCCP_SUPPORTED
1116 /* Write an iCCP chunk */
1117 void /* PRIVATE */
png_write_iCCP(png_structrp png_ptr,png_const_charp name,png_const_bytep profile)1118 png_write_iCCP(png_structrp png_ptr, png_const_charp name,
1119 png_const_bytep profile)
1120 {
1121 png_uint_32 name_len;
1122 png_uint_32 profile_len;
1123 png_byte new_name[81]; /* 1 byte for the compression byte */
1124 compression_state comp;
1125 png_uint_32 temp;
1126
1127 png_debug(1, "in png_write_iCCP");
1128
1129 /* These are all internal problems: the profile should have been checked
1130 * before when it was stored.
1131 */
1132 if (profile == NULL)
1133 png_error(png_ptr, "No profile for iCCP chunk"); /* internal error */
1134
1135 profile_len = png_get_uint_32(profile);
1136
1137 if (profile_len < 132)
1138 png_error(png_ptr, "ICC profile too short");
1139
1140 temp = (png_uint_32) (*(profile+8));
1141 if (temp > 3 && (profile_len & 0x03))
1142 png_error(png_ptr, "ICC profile length invalid (not a multiple of 4)");
1143
1144 {
1145 png_uint_32 embedded_profile_len = png_get_uint_32(profile);
1146
1147 if (profile_len != embedded_profile_len)
1148 png_error(png_ptr, "Profile length does not match profile");
1149 }
1150
1151 name_len = png_check_keyword(png_ptr, name, new_name);
1152
1153 if (name_len == 0)
1154 png_error(png_ptr, "iCCP: invalid keyword");
1155
1156 new_name[++name_len] = PNG_COMPRESSION_TYPE_BASE;
1157
1158 /* Make sure we include the NULL after the name and the compression type */
1159 ++name_len;
1160
1161 png_text_compress_init(&comp, profile, profile_len);
1162
1163 /* Allow for keyword terminator and compression byte */
1164 if (png_text_compress(png_ptr, png_iCCP, &comp, name_len) != Z_OK)
1165 png_error(png_ptr, png_ptr->zstream.msg);
1166
1167 png_write_chunk_header(png_ptr, png_iCCP, name_len + comp.output_len);
1168
1169 png_write_chunk_data(png_ptr, new_name, name_len);
1170
1171 png_write_compressed_data_out(png_ptr, &comp);
1172
1173 png_write_chunk_end(png_ptr);
1174 }
1175 #endif
1176
1177 #ifdef PNG_WRITE_sPLT_SUPPORTED
1178 /* Write a sPLT chunk */
1179 void /* PRIVATE */
png_write_sPLT(png_structrp png_ptr,png_const_sPLT_tp spalette)1180 png_write_sPLT(png_structrp png_ptr, png_const_sPLT_tp spalette)
1181 {
1182 png_uint_32 name_len;
1183 png_byte new_name[80];
1184 png_byte entrybuf[10];
1185 png_size_t entry_size = (spalette->depth == 8 ? 6 : 10);
1186 png_size_t palette_size = entry_size * (png_size_t)spalette->nentries;
1187 png_sPLT_entryp ep;
1188 #ifndef PNG_POINTER_INDEXING_SUPPORTED
1189 int i;
1190 #endif
1191
1192 png_debug(1, "in png_write_sPLT");
1193
1194 name_len = png_check_keyword(png_ptr, spalette->name, new_name);
1195
1196 if (name_len == 0)
1197 png_error(png_ptr, "sPLT: invalid keyword");
1198
1199 /* Make sure we include the NULL after the name */
1200 png_write_chunk_header(png_ptr, png_sPLT,
1201 (png_uint_32)(name_len + 2 + palette_size));
1202
1203 png_write_chunk_data(png_ptr, (png_bytep)new_name,
1204 (png_size_t)(name_len + 1));
1205
1206 png_write_chunk_data(png_ptr, &spalette->depth, (png_size_t)1);
1207
1208 /* Loop through each palette entry, writing appropriately */
1209 #ifdef PNG_POINTER_INDEXING_SUPPORTED
1210 for (ep = spalette->entries; ep<spalette->entries + spalette->nentries; ep++)
1211 {
1212 if (spalette->depth == 8)
1213 {
1214 entrybuf[0] = (png_byte)ep->red;
1215 entrybuf[1] = (png_byte)ep->green;
1216 entrybuf[2] = (png_byte)ep->blue;
1217 entrybuf[3] = (png_byte)ep->alpha;
1218 png_save_uint_16(entrybuf + 4, ep->frequency);
1219 }
1220
1221 else
1222 {
1223 png_save_uint_16(entrybuf + 0, ep->red);
1224 png_save_uint_16(entrybuf + 2, ep->green);
1225 png_save_uint_16(entrybuf + 4, ep->blue);
1226 png_save_uint_16(entrybuf + 6, ep->alpha);
1227 png_save_uint_16(entrybuf + 8, ep->frequency);
1228 }
1229
1230 png_write_chunk_data(png_ptr, entrybuf, entry_size);
1231 }
1232 #else
1233 ep=spalette->entries;
1234 for (i = 0; i>spalette->nentries; i++)
1235 {
1236 if (spalette->depth == 8)
1237 {
1238 entrybuf[0] = (png_byte)ep[i].red;
1239 entrybuf[1] = (png_byte)ep[i].green;
1240 entrybuf[2] = (png_byte)ep[i].blue;
1241 entrybuf[3] = (png_byte)ep[i].alpha;
1242 png_save_uint_16(entrybuf + 4, ep[i].frequency);
1243 }
1244
1245 else
1246 {
1247 png_save_uint_16(entrybuf + 0, ep[i].red);
1248 png_save_uint_16(entrybuf + 2, ep[i].green);
1249 png_save_uint_16(entrybuf + 4, ep[i].blue);
1250 png_save_uint_16(entrybuf + 6, ep[i].alpha);
1251 png_save_uint_16(entrybuf + 8, ep[i].frequency);
1252 }
1253
1254 png_write_chunk_data(png_ptr, entrybuf, entry_size);
1255 }
1256 #endif
1257
1258 png_write_chunk_end(png_ptr);
1259 }
1260 #endif
1261
1262 #ifdef PNG_WRITE_sBIT_SUPPORTED
1263 /* Write the sBIT chunk */
1264 void /* PRIVATE */
png_write_sBIT(png_structrp png_ptr,png_const_color_8p sbit,int color_type)1265 png_write_sBIT(png_structrp png_ptr, png_const_color_8p sbit, int color_type)
1266 {
1267 png_byte buf[4];
1268 png_size_t size;
1269
1270 png_debug(1, "in png_write_sBIT");
1271
1272 /* Make sure we don't depend upon the order of PNG_COLOR_8 */
1273 if ((color_type & PNG_COLOR_MASK_COLOR) != 0)
1274 {
1275 png_byte maxbits;
1276
1277 maxbits = (png_byte)(color_type==PNG_COLOR_TYPE_PALETTE ? 8 :
1278 png_ptr->usr_bit_depth);
1279
1280 if (sbit->red == 0 || sbit->red > maxbits ||
1281 sbit->green == 0 || sbit->green > maxbits ||
1282 sbit->blue == 0 || sbit->blue > maxbits)
1283 {
1284 png_warning(png_ptr, "Invalid sBIT depth specified");
1285 return;
1286 }
1287
1288 buf[0] = sbit->red;
1289 buf[1] = sbit->green;
1290 buf[2] = sbit->blue;
1291 size = 3;
1292 }
1293
1294 else
1295 {
1296 if (sbit->gray == 0 || sbit->gray > png_ptr->usr_bit_depth)
1297 {
1298 png_warning(png_ptr, "Invalid sBIT depth specified");
1299 return;
1300 }
1301
1302 buf[0] = sbit->gray;
1303 size = 1;
1304 }
1305
1306 if ((color_type & PNG_COLOR_MASK_ALPHA) != 0)
1307 {
1308 if (sbit->alpha == 0 || sbit->alpha > png_ptr->usr_bit_depth)
1309 {
1310 png_warning(png_ptr, "Invalid sBIT depth specified");
1311 return;
1312 }
1313
1314 buf[size++] = sbit->alpha;
1315 }
1316
1317 png_write_complete_chunk(png_ptr, png_sBIT, buf, size);
1318 }
1319 #endif
1320
1321 #ifdef PNG_WRITE_cHRM_SUPPORTED
1322 /* Write the cHRM chunk */
1323 void /* PRIVATE */
png_write_cHRM_fixed(png_structrp png_ptr,const png_xy * xy)1324 png_write_cHRM_fixed(png_structrp png_ptr, const png_xy *xy)
1325 {
1326 png_byte buf[32];
1327
1328 png_debug(1, "in png_write_cHRM");
1329
1330 /* Each value is saved in 1/100,000ths */
1331 png_save_int_32(buf, xy->whitex);
1332 png_save_int_32(buf + 4, xy->whitey);
1333
1334 png_save_int_32(buf + 8, xy->redx);
1335 png_save_int_32(buf + 12, xy->redy);
1336
1337 png_save_int_32(buf + 16, xy->greenx);
1338 png_save_int_32(buf + 20, xy->greeny);
1339
1340 png_save_int_32(buf + 24, xy->bluex);
1341 png_save_int_32(buf + 28, xy->bluey);
1342
1343 png_write_complete_chunk(png_ptr, png_cHRM, buf, 32);
1344 }
1345 #endif
1346
1347 #ifdef PNG_WRITE_tRNS_SUPPORTED
1348 /* Write the tRNS chunk */
1349 void /* PRIVATE */
png_write_tRNS(png_structrp png_ptr,png_const_bytep trans_alpha,png_const_color_16p tran,int num_trans,int color_type)1350 png_write_tRNS(png_structrp png_ptr, png_const_bytep trans_alpha,
1351 png_const_color_16p tran, int num_trans, int color_type)
1352 {
1353 png_byte buf[6];
1354
1355 png_debug(1, "in png_write_tRNS");
1356
1357 if (color_type == PNG_COLOR_TYPE_PALETTE)
1358 {
1359 if (num_trans <= 0 || num_trans > (int)png_ptr->num_palette)
1360 {
1361 png_app_warning(png_ptr,
1362 "Invalid number of transparent colors specified");
1363 return;
1364 }
1365
1366 /* Write the chunk out as it is */
1367 png_write_complete_chunk(png_ptr, png_tRNS, trans_alpha,
1368 (png_size_t)num_trans);
1369 }
1370
1371 else if (color_type == PNG_COLOR_TYPE_GRAY)
1372 {
1373 /* One 16-bit value */
1374 if (tran->gray >= (1 << png_ptr->bit_depth))
1375 {
1376 png_app_warning(png_ptr,
1377 "Ignoring attempt to write tRNS chunk out-of-range for bit_depth");
1378
1379 return;
1380 }
1381
1382 png_save_uint_16(buf, tran->gray);
1383 png_write_complete_chunk(png_ptr, png_tRNS, buf, (png_size_t)2);
1384 }
1385
1386 else if (color_type == PNG_COLOR_TYPE_RGB)
1387 {
1388 /* Three 16-bit values */
1389 png_save_uint_16(buf, tran->red);
1390 png_save_uint_16(buf + 2, tran->green);
1391 png_save_uint_16(buf + 4, tran->blue);
1392 #ifdef PNG_WRITE_16BIT_SUPPORTED
1393 if (png_ptr->bit_depth == 8 && (buf[0] | buf[2] | buf[4]) != 0)
1394 #else
1395 if ((buf[0] | buf[2] | buf[4]) != 0)
1396 #endif
1397 {
1398 png_app_warning(png_ptr,
1399 "Ignoring attempt to write 16-bit tRNS chunk when bit_depth is 8");
1400 return;
1401 }
1402
1403 png_write_complete_chunk(png_ptr, png_tRNS, buf, (png_size_t)6);
1404 }
1405
1406 else
1407 {
1408 png_app_warning(png_ptr, "Can't write tRNS with an alpha channel");
1409 }
1410 }
1411 #endif
1412
1413 #ifdef PNG_WRITE_bKGD_SUPPORTED
1414 /* Write the background chunk */
1415 void /* PRIVATE */
png_write_bKGD(png_structrp png_ptr,png_const_color_16p back,int color_type)1416 png_write_bKGD(png_structrp png_ptr, png_const_color_16p back, int color_type)
1417 {
1418 png_byte buf[6];
1419
1420 png_debug(1, "in png_write_bKGD");
1421
1422 if (color_type == PNG_COLOR_TYPE_PALETTE)
1423 {
1424 if (
1425 #ifdef PNG_MNG_FEATURES_SUPPORTED
1426 (png_ptr->num_palette != 0 ||
1427 (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0) &&
1428 #endif
1429 back->index >= png_ptr->num_palette)
1430 {
1431 png_warning(png_ptr, "Invalid background palette index");
1432 return;
1433 }
1434
1435 buf[0] = back->index;
1436 png_write_complete_chunk(png_ptr, png_bKGD, buf, (png_size_t)1);
1437 }
1438
1439 else if ((color_type & PNG_COLOR_MASK_COLOR) != 0)
1440 {
1441 png_save_uint_16(buf, back->red);
1442 png_save_uint_16(buf + 2, back->green);
1443 png_save_uint_16(buf + 4, back->blue);
1444 #ifdef PNG_WRITE_16BIT_SUPPORTED
1445 if (png_ptr->bit_depth == 8 && (buf[0] | buf[2] | buf[4]) != 0)
1446 #else
1447 if ((buf[0] | buf[2] | buf[4]) != 0)
1448 #endif
1449 {
1450 png_warning(png_ptr,
1451 "Ignoring attempt to write 16-bit bKGD chunk "
1452 "when bit_depth is 8");
1453
1454 return;
1455 }
1456
1457 png_write_complete_chunk(png_ptr, png_bKGD, buf, (png_size_t)6);
1458 }
1459
1460 else
1461 {
1462 if (back->gray >= (1 << png_ptr->bit_depth))
1463 {
1464 png_warning(png_ptr,
1465 "Ignoring attempt to write bKGD chunk out-of-range for bit_depth");
1466
1467 return;
1468 }
1469
1470 png_save_uint_16(buf, back->gray);
1471 png_write_complete_chunk(png_ptr, png_bKGD, buf, (png_size_t)2);
1472 }
1473 }
1474 #endif
1475
1476 #ifdef PNG_WRITE_eXIf_SUPPORTED
1477 /* Write the Exif data */
1478 void /* PRIVATE */
png_write_eXIf(png_structrp png_ptr,png_bytep exif,int num_exif)1479 png_write_eXIf(png_structrp png_ptr, png_bytep exif, int num_exif)
1480 {
1481 int i;
1482 png_byte buf[1];
1483
1484 png_debug(1, "in png_write_eXIf");
1485
1486 png_write_chunk_header(png_ptr, png_eXIf, (png_uint_32)(num_exif));
1487
1488 for (i = 0; i < num_exif; i++)
1489 {
1490 buf[0] = exif[i];
1491 png_write_chunk_data(png_ptr, buf, (png_size_t)1);
1492 }
1493
1494 png_write_chunk_end(png_ptr);
1495 }
1496 #endif
1497
1498 #ifdef PNG_WRITE_hIST_SUPPORTED
1499 /* Write the histogram */
1500 void /* PRIVATE */
png_write_hIST(png_structrp png_ptr,png_const_uint_16p hist,int num_hist)1501 png_write_hIST(png_structrp png_ptr, png_const_uint_16p hist, int num_hist)
1502 {
1503 int i;
1504 png_byte buf[3];
1505
1506 png_debug(1, "in png_write_hIST");
1507
1508 if (num_hist > (int)png_ptr->num_palette)
1509 {
1510 png_debug2(3, "num_hist = %d, num_palette = %d", num_hist,
1511 png_ptr->num_palette);
1512
1513 png_warning(png_ptr, "Invalid number of histogram entries specified");
1514 return;
1515 }
1516
1517 png_write_chunk_header(png_ptr, png_hIST, (png_uint_32)(num_hist * 2));
1518
1519 for (i = 0; i < num_hist; i++)
1520 {
1521 png_save_uint_16(buf, hist[i]);
1522 png_write_chunk_data(png_ptr, buf, (png_size_t)2);
1523 }
1524
1525 png_write_chunk_end(png_ptr);
1526 }
1527 #endif
1528
1529 #ifdef PNG_WRITE_tEXt_SUPPORTED
1530 /* Write a tEXt chunk */
1531 void /* PRIVATE */
png_write_tEXt(png_structrp png_ptr,png_const_charp key,png_const_charp text,png_size_t text_len)1532 png_write_tEXt(png_structrp png_ptr, png_const_charp key, png_const_charp text,
1533 png_size_t text_len)
1534 {
1535 png_uint_32 key_len;
1536 png_byte new_key[80];
1537
1538 png_debug(1, "in png_write_tEXt");
1539
1540 key_len = png_check_keyword(png_ptr, key, new_key);
1541
1542 if (key_len == 0)
1543 png_error(png_ptr, "tEXt: invalid keyword");
1544
1545 if (text == NULL || *text == '\0')
1546 text_len = 0;
1547
1548 else
1549 text_len = strlen(text);
1550
1551 if (text_len > PNG_UINT_31_MAX - (key_len+1))
1552 png_error(png_ptr, "tEXt: text too long");
1553
1554 /* Make sure we include the 0 after the key */
1555 png_write_chunk_header(png_ptr, png_tEXt,
1556 (png_uint_32)/*checked above*/(key_len + text_len + 1));
1557 /*
1558 * We leave it to the application to meet PNG-1.0 requirements on the
1559 * contents of the text. PNG-1.0 through PNG-1.2 discourage the use of
1560 * any non-Latin-1 characters except for NEWLINE. ISO PNG will forbid them.
1561 * The NUL character is forbidden by PNG-1.0 through PNG-1.2 and ISO PNG.
1562 */
1563 png_write_chunk_data(png_ptr, new_key, key_len + 1);
1564
1565 if (text_len != 0)
1566 png_write_chunk_data(png_ptr, (png_const_bytep)text, text_len);
1567
1568 png_write_chunk_end(png_ptr);
1569 }
1570 #endif
1571
1572 #ifdef PNG_WRITE_zTXt_SUPPORTED
1573 /* Write a compressed text chunk */
1574 void /* PRIVATE */
png_write_zTXt(png_structrp png_ptr,png_const_charp key,png_const_charp text,int compression)1575 png_write_zTXt(png_structrp png_ptr, png_const_charp key, png_const_charp text,
1576 int compression)
1577 {
1578 png_uint_32 key_len;
1579 png_byte new_key[81];
1580 compression_state comp;
1581
1582 png_debug(1, "in png_write_zTXt");
1583
1584 if (compression == PNG_TEXT_COMPRESSION_NONE)
1585 {
1586 png_write_tEXt(png_ptr, key, text, 0);
1587 return;
1588 }
1589
1590 if (compression != PNG_TEXT_COMPRESSION_zTXt)
1591 png_error(png_ptr, "zTXt: invalid compression type");
1592
1593 key_len = png_check_keyword(png_ptr, key, new_key);
1594
1595 if (key_len == 0)
1596 png_error(png_ptr, "zTXt: invalid keyword");
1597
1598 /* Add the compression method and 1 for the keyword separator. */
1599 new_key[++key_len] = PNG_COMPRESSION_TYPE_BASE;
1600 ++key_len;
1601
1602 /* Compute the compressed data; do it now for the length */
1603 png_text_compress_init(&comp, (png_const_bytep)text,
1604 text == NULL ? 0 : strlen(text));
1605
1606 if (png_text_compress(png_ptr, png_zTXt, &comp, key_len) != Z_OK)
1607 png_error(png_ptr, png_ptr->zstream.msg);
1608
1609 /* Write start of chunk */
1610 png_write_chunk_header(png_ptr, png_zTXt, key_len + comp.output_len);
1611
1612 /* Write key */
1613 png_write_chunk_data(png_ptr, new_key, key_len);
1614
1615 /* Write the compressed data */
1616 png_write_compressed_data_out(png_ptr, &comp);
1617
1618 /* Close the chunk */
1619 png_write_chunk_end(png_ptr);
1620 }
1621 #endif
1622
1623 #ifdef PNG_WRITE_iTXt_SUPPORTED
1624 /* Write an iTXt chunk */
1625 void /* PRIVATE */
png_write_iTXt(png_structrp png_ptr,int compression,png_const_charp key,png_const_charp lang,png_const_charp lang_key,png_const_charp text)1626 png_write_iTXt(png_structrp png_ptr, int compression, png_const_charp key,
1627 png_const_charp lang, png_const_charp lang_key, png_const_charp text)
1628 {
1629 png_uint_32 key_len, prefix_len;
1630 png_size_t lang_len, lang_key_len;
1631 png_byte new_key[82];
1632 compression_state comp;
1633
1634 png_debug(1, "in png_write_iTXt");
1635
1636 key_len = png_check_keyword(png_ptr, key, new_key);
1637
1638 if (key_len == 0)
1639 png_error(png_ptr, "iTXt: invalid keyword");
1640
1641 /* Set the compression flag */
1642 switch (compression)
1643 {
1644 case PNG_ITXT_COMPRESSION_NONE:
1645 case PNG_TEXT_COMPRESSION_NONE:
1646 compression = new_key[++key_len] = 0; /* no compression */
1647 break;
1648
1649 case PNG_TEXT_COMPRESSION_zTXt:
1650 case PNG_ITXT_COMPRESSION_zTXt:
1651 compression = new_key[++key_len] = 1; /* compressed */
1652 break;
1653
1654 default:
1655 png_error(png_ptr, "iTXt: invalid compression");
1656 }
1657
1658 new_key[++key_len] = PNG_COMPRESSION_TYPE_BASE;
1659 ++key_len; /* for the keywod separator */
1660
1661 /* We leave it to the application to meet PNG-1.0 requirements on the
1662 * contents of the text. PNG-1.0 through PNG-1.2 discourage the use of
1663 * any non-Latin-1 characters except for NEWLINE. ISO PNG, however,
1664 * specifies that the text is UTF-8 and this really doesn't require any
1665 * checking.
1666 *
1667 * The NUL character is forbidden by PNG-1.0 through PNG-1.2 and ISO PNG.
1668 *
1669 * TODO: validate the language tag correctly (see the spec.)
1670 */
1671 if (lang == NULL) lang = ""; /* empty language is valid */
1672 lang_len = strlen(lang)+1;
1673 if (lang_key == NULL) lang_key = ""; /* may be empty */
1674 lang_key_len = strlen(lang_key)+1;
1675 if (text == NULL) text = ""; /* may be empty */
1676
1677 prefix_len = key_len;
1678 if (lang_len > PNG_UINT_31_MAX-prefix_len)
1679 prefix_len = PNG_UINT_31_MAX;
1680 else
1681 prefix_len = (png_uint_32)(prefix_len + lang_len);
1682
1683 if (lang_key_len > PNG_UINT_31_MAX-prefix_len)
1684 prefix_len = PNG_UINT_31_MAX;
1685 else
1686 prefix_len = (png_uint_32)(prefix_len + lang_key_len);
1687
1688 png_text_compress_init(&comp, (png_const_bytep)text, strlen(text));
1689
1690 if (compression != 0)
1691 {
1692 if (png_text_compress(png_ptr, png_iTXt, &comp, prefix_len) != Z_OK)
1693 png_error(png_ptr, png_ptr->zstream.msg);
1694 }
1695
1696 else
1697 {
1698 if (comp.input_len > PNG_UINT_31_MAX-prefix_len)
1699 png_error(png_ptr, "iTXt: uncompressed text too long");
1700
1701 /* So the string will fit in a chunk: */
1702 comp.output_len = (png_uint_32)/*SAFE*/comp.input_len;
1703 }
1704
1705 png_write_chunk_header(png_ptr, png_iTXt, comp.output_len + prefix_len);
1706
1707 png_write_chunk_data(png_ptr, new_key, key_len);
1708
1709 png_write_chunk_data(png_ptr, (png_const_bytep)lang, lang_len);
1710
1711 png_write_chunk_data(png_ptr, (png_const_bytep)lang_key, lang_key_len);
1712
1713 if (compression != 0)
1714 png_write_compressed_data_out(png_ptr, &comp);
1715
1716 else
1717 png_write_chunk_data(png_ptr, (png_const_bytep)text, comp.output_len);
1718
1719 png_write_chunk_end(png_ptr);
1720 }
1721 #endif
1722
1723 #ifdef PNG_WRITE_oFFs_SUPPORTED
1724 /* Write the oFFs chunk */
1725 void /* PRIVATE */
png_write_oFFs(png_structrp png_ptr,png_int_32 x_offset,png_int_32 y_offset,int unit_type)1726 png_write_oFFs(png_structrp png_ptr, png_int_32 x_offset, png_int_32 y_offset,
1727 int unit_type)
1728 {
1729 png_byte buf[9];
1730
1731 png_debug(1, "in png_write_oFFs");
1732
1733 if (unit_type >= PNG_OFFSET_LAST)
1734 png_warning(png_ptr, "Unrecognized unit type for oFFs chunk");
1735
1736 png_save_int_32(buf, x_offset);
1737 png_save_int_32(buf + 4, y_offset);
1738 buf[8] = (png_byte)unit_type;
1739
1740 png_write_complete_chunk(png_ptr, png_oFFs, buf, (png_size_t)9);
1741 }
1742 #endif
1743 #ifdef PNG_WRITE_pCAL_SUPPORTED
1744 /* Write the pCAL chunk (described in the PNG extensions document) */
1745 void /* PRIVATE */
png_write_pCAL(png_structrp png_ptr,png_charp purpose,png_int_32 X0,png_int_32 X1,int type,int nparams,png_const_charp units,png_charpp params)1746 png_write_pCAL(png_structrp png_ptr, png_charp purpose, png_int_32 X0,
1747 png_int_32 X1, int type, int nparams, png_const_charp units,
1748 png_charpp params)
1749 {
1750 png_uint_32 purpose_len;
1751 png_size_t units_len, total_len;
1752 png_size_tp params_len;
1753 png_byte buf[10];
1754 png_byte new_purpose[80];
1755 int i;
1756
1757 png_debug1(1, "in png_write_pCAL (%d parameters)", nparams);
1758
1759 if (type >= PNG_EQUATION_LAST)
1760 png_error(png_ptr, "Unrecognized equation type for pCAL chunk");
1761
1762 purpose_len = png_check_keyword(png_ptr, purpose, new_purpose);
1763
1764 if (purpose_len == 0)
1765 png_error(png_ptr, "pCAL: invalid keyword");
1766
1767 ++purpose_len; /* terminator */
1768
1769 png_debug1(3, "pCAL purpose length = %d", (int)purpose_len);
1770 units_len = strlen(units) + (nparams == 0 ? 0 : 1);
1771 png_debug1(3, "pCAL units length = %d", (int)units_len);
1772 total_len = purpose_len + units_len + 10;
1773
1774 params_len = (png_size_tp)png_malloc(png_ptr,
1775 (png_alloc_size_t)((png_alloc_size_t)nparams * (sizeof (png_size_t))));
1776
1777 /* Find the length of each parameter, making sure we don't count the
1778 * null terminator for the last parameter.
1779 */
1780 for (i = 0; i < nparams; i++)
1781 {
1782 params_len[i] = strlen(params[i]) + (i == nparams - 1 ? 0 : 1);
1783 png_debug2(3, "pCAL parameter %d length = %lu", i,
1784 (unsigned long)params_len[i]);
1785 total_len += params_len[i];
1786 }
1787
1788 png_debug1(3, "pCAL total length = %d", (int)total_len);
1789 png_write_chunk_header(png_ptr, png_pCAL, (png_uint_32)total_len);
1790 png_write_chunk_data(png_ptr, new_purpose, purpose_len);
1791 png_save_int_32(buf, X0);
1792 png_save_int_32(buf + 4, X1);
1793 buf[8] = (png_byte)type;
1794 buf[9] = (png_byte)nparams;
1795 png_write_chunk_data(png_ptr, buf, (png_size_t)10);
1796 png_write_chunk_data(png_ptr, (png_const_bytep)units, (png_size_t)units_len);
1797
1798 for (i = 0; i < nparams; i++)
1799 {
1800 png_write_chunk_data(png_ptr, (png_const_bytep)params[i], params_len[i]);
1801 }
1802
1803 png_free(png_ptr, params_len);
1804 png_write_chunk_end(png_ptr);
1805 }
1806 #endif
1807
1808 #ifdef PNG_WRITE_sCAL_SUPPORTED
1809 /* Write the sCAL chunk */
1810 void /* PRIVATE */
png_write_sCAL_s(png_structrp png_ptr,int unit,png_const_charp width,png_const_charp height)1811 png_write_sCAL_s(png_structrp png_ptr, int unit, png_const_charp width,
1812 png_const_charp height)
1813 {
1814 png_byte buf[64];
1815 png_size_t wlen, hlen, total_len;
1816
1817 png_debug(1, "in png_write_sCAL_s");
1818
1819 wlen = strlen(width);
1820 hlen = strlen(height);
1821 total_len = wlen + hlen + 2;
1822
1823 if (total_len > 64)
1824 {
1825 png_warning(png_ptr, "Can't write sCAL (buffer too small)");
1826 return;
1827 }
1828
1829 buf[0] = (png_byte)unit;
1830 memcpy(buf + 1, width, wlen + 1); /* Append the '\0' here */
1831 memcpy(buf + wlen + 2, height, hlen); /* Do NOT append the '\0' here */
1832
1833 png_debug1(3, "sCAL total length = %u", (unsigned int)total_len);
1834 png_write_complete_chunk(png_ptr, png_sCAL, buf, total_len);
1835 }
1836 #endif
1837
1838 #ifdef PNG_WRITE_pHYs_SUPPORTED
1839 /* Write the pHYs chunk */
1840 void /* PRIVATE */
png_write_pHYs(png_structrp png_ptr,png_uint_32 x_pixels_per_unit,png_uint_32 y_pixels_per_unit,int unit_type)1841 png_write_pHYs(png_structrp png_ptr, png_uint_32 x_pixels_per_unit,
1842 png_uint_32 y_pixels_per_unit,
1843 int unit_type)
1844 {
1845 png_byte buf[9];
1846
1847 png_debug(1, "in png_write_pHYs");
1848
1849 if (unit_type >= PNG_RESOLUTION_LAST)
1850 png_warning(png_ptr, "Unrecognized unit type for pHYs chunk");
1851
1852 png_save_uint_32(buf, x_pixels_per_unit);
1853 png_save_uint_32(buf + 4, y_pixels_per_unit);
1854 buf[8] = (png_byte)unit_type;
1855
1856 png_write_complete_chunk(png_ptr, png_pHYs, buf, (png_size_t)9);
1857 }
1858 #endif
1859
1860 #ifdef PNG_WRITE_tIME_SUPPORTED
1861 /* Write the tIME chunk. Use either png_convert_from_struct_tm()
1862 * or png_convert_from_time_t(), or fill in the structure yourself.
1863 */
1864 void /* PRIVATE */
png_write_tIME(png_structrp png_ptr,png_const_timep mod_time)1865 png_write_tIME(png_structrp png_ptr, png_const_timep mod_time)
1866 {
1867 png_byte buf[7];
1868
1869 png_debug(1, "in png_write_tIME");
1870
1871 if (mod_time->month > 12 || mod_time->month < 1 ||
1872 mod_time->day > 31 || mod_time->day < 1 ||
1873 mod_time->hour > 23 || mod_time->second > 60)
1874 {
1875 png_warning(png_ptr, "Invalid time specified for tIME chunk");
1876 return;
1877 }
1878
1879 png_save_uint_16(buf, mod_time->year);
1880 buf[2] = mod_time->month;
1881 buf[3] = mod_time->day;
1882 buf[4] = mod_time->hour;
1883 buf[5] = mod_time->minute;
1884 buf[6] = mod_time->second;
1885
1886 png_write_complete_chunk(png_ptr, png_tIME, buf, (png_size_t)7);
1887 }
1888 #endif
1889
1890 /* Initializes the row writing capability of libpng */
1891 void /* PRIVATE */
png_write_start_row(png_structrp png_ptr)1892 png_write_start_row(png_structrp png_ptr)
1893 {
1894 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
1895 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
1896
1897 /* Start of interlace block */
1898 static PNG_CONST png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
1899
1900 /* Offset to next interlace block */
1901 static PNG_CONST png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
1902
1903 /* Start of interlace block in the y direction */
1904 static PNG_CONST png_byte png_pass_ystart[7] = {0, 0, 4, 0, 2, 0, 1};
1905
1906 /* Offset to next interlace block in the y direction */
1907 static PNG_CONST png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
1908 #endif
1909
1910 png_alloc_size_t buf_size;
1911 int usr_pixel_depth;
1912
1913 #ifdef PNG_WRITE_FILTER_SUPPORTED
1914 png_byte filters;
1915 #endif
1916
1917 png_debug(1, "in png_write_start_row");
1918
1919 usr_pixel_depth = png_ptr->usr_channels * png_ptr->usr_bit_depth;
1920 buf_size = PNG_ROWBYTES(usr_pixel_depth, png_ptr->width) + 1;
1921
1922 /* 1.5.6: added to allow checking in the row write code. */
1923 png_ptr->transformed_pixel_depth = png_ptr->pixel_depth;
1924 png_ptr->maximum_pixel_depth = (png_byte)usr_pixel_depth;
1925
1926 /* Set up row buffer */
1927 png_ptr->row_buf = png_voidcast(png_bytep, png_malloc(png_ptr, buf_size));
1928
1929 png_ptr->row_buf[0] = PNG_FILTER_VALUE_NONE;
1930
1931 #ifdef PNG_WRITE_FILTER_SUPPORTED
1932 filters = png_ptr->do_filter;
1933
1934 if (png_ptr->height == 1)
1935 filters &= 0xff & ~(PNG_FILTER_UP|PNG_FILTER_AVG|PNG_FILTER_PAETH);
1936
1937 if (png_ptr->width == 1)
1938 filters &= 0xff & ~(PNG_FILTER_SUB|PNG_FILTER_AVG|PNG_FILTER_PAETH);
1939
1940 if (filters == 0)
1941 filters = PNG_FILTER_NONE;
1942
1943 png_ptr->do_filter = filters;
1944
1945 if (((filters & (PNG_FILTER_SUB | PNG_FILTER_UP | PNG_FILTER_AVG |
1946 PNG_FILTER_PAETH)) != 0) && png_ptr->try_row == NULL)
1947 {
1948 int num_filters = 0;
1949
1950 png_ptr->try_row = png_voidcast(png_bytep, png_malloc(png_ptr, buf_size));
1951
1952 if (filters & PNG_FILTER_SUB)
1953 num_filters++;
1954
1955 if (filters & PNG_FILTER_UP)
1956 num_filters++;
1957
1958 if (filters & PNG_FILTER_AVG)
1959 num_filters++;
1960
1961 if (filters & PNG_FILTER_PAETH)
1962 num_filters++;
1963
1964 if (num_filters > 1)
1965 png_ptr->tst_row = png_voidcast(png_bytep, png_malloc(png_ptr,
1966 buf_size));
1967 }
1968
1969 /* We only need to keep the previous row if we are using one of the following
1970 * filters.
1971 */
1972 if ((filters & (PNG_FILTER_AVG | PNG_FILTER_UP | PNG_FILTER_PAETH)) != 0)
1973 png_ptr->prev_row = png_voidcast(png_bytep,
1974 png_calloc(png_ptr, buf_size));
1975 #endif /* WRITE_FILTER */
1976
1977 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
1978 /* If interlaced, we need to set up width and height of pass */
1979 if (png_ptr->interlaced != 0)
1980 {
1981 if ((png_ptr->transformations & PNG_INTERLACE) == 0)
1982 {
1983 png_ptr->num_rows = (png_ptr->height + png_pass_yinc[0] - 1 -
1984 png_pass_ystart[0]) / png_pass_yinc[0];
1985
1986 png_ptr->usr_width = (png_ptr->width + png_pass_inc[0] - 1 -
1987 png_pass_start[0]) / png_pass_inc[0];
1988 }
1989
1990 else
1991 {
1992 png_ptr->num_rows = png_ptr->height;
1993 png_ptr->usr_width = png_ptr->width;
1994 }
1995 }
1996
1997 else
1998 #endif
1999 {
2000 png_ptr->num_rows = png_ptr->height;
2001 png_ptr->usr_width = png_ptr->width;
2002 }
2003 }
2004
2005 /* Internal use only. Called when finished processing a row of data. */
2006 void /* PRIVATE */
png_write_finish_row(png_structrp png_ptr)2007 png_write_finish_row(png_structrp png_ptr)
2008 {
2009 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
2010 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
2011
2012 /* Start of interlace block */
2013 static PNG_CONST png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
2014
2015 /* Offset to next interlace block */
2016 static PNG_CONST png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
2017
2018 /* Start of interlace block in the y direction */
2019 static PNG_CONST png_byte png_pass_ystart[7] = {0, 0, 4, 0, 2, 0, 1};
2020
2021 /* Offset to next interlace block in the y direction */
2022 static PNG_CONST png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
2023 #endif
2024
2025 png_debug(1, "in png_write_finish_row");
2026
2027 /* Next row */
2028 png_ptr->row_number++;
2029
2030 /* See if we are done */
2031 if (png_ptr->row_number < png_ptr->num_rows)
2032 return;
2033
2034 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
2035 /* If interlaced, go to next pass */
2036 if (png_ptr->interlaced != 0)
2037 {
2038 png_ptr->row_number = 0;
2039 if ((png_ptr->transformations & PNG_INTERLACE) != 0)
2040 {
2041 png_ptr->pass++;
2042 }
2043
2044 else
2045 {
2046 /* Loop until we find a non-zero width or height pass */
2047 do
2048 {
2049 png_ptr->pass++;
2050
2051 if (png_ptr->pass >= 7)
2052 break;
2053
2054 png_ptr->usr_width = (png_ptr->width +
2055 png_pass_inc[png_ptr->pass] - 1 -
2056 png_pass_start[png_ptr->pass]) /
2057 png_pass_inc[png_ptr->pass];
2058
2059 png_ptr->num_rows = (png_ptr->height +
2060 png_pass_yinc[png_ptr->pass] - 1 -
2061 png_pass_ystart[png_ptr->pass]) /
2062 png_pass_yinc[png_ptr->pass];
2063
2064 if ((png_ptr->transformations & PNG_INTERLACE) != 0)
2065 break;
2066
2067 } while (png_ptr->usr_width == 0 || png_ptr->num_rows == 0);
2068
2069 }
2070
2071 /* Reset the row above the image for the next pass */
2072 if (png_ptr->pass < 7)
2073 {
2074 if (png_ptr->prev_row != NULL)
2075 memset(png_ptr->prev_row, 0,
2076 (png_size_t)(PNG_ROWBYTES(png_ptr->usr_channels*
2077 png_ptr->usr_bit_depth, png_ptr->width)) + 1);
2078
2079 return;
2080 }
2081 }
2082 #endif
2083
2084 /* If we get here, we've just written the last row, so we need
2085 to flush the compressor */
2086 png_compress_IDAT(png_ptr, NULL, 0, Z_FINISH);
2087 }
2088
2089 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
2090 /* Pick out the correct pixels for the interlace pass.
2091 * The basic idea here is to go through the row with a source
2092 * pointer and a destination pointer (sp and dp), and copy the
2093 * correct pixels for the pass. As the row gets compacted,
2094 * sp will always be >= dp, so we should never overwrite anything.
2095 * See the default: case for the easiest code to understand.
2096 */
2097 void /* PRIVATE */
png_do_write_interlace(png_row_infop row_info,png_bytep row,int pass)2098 png_do_write_interlace(png_row_infop row_info, png_bytep row, int pass)
2099 {
2100 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
2101
2102 /* Start of interlace block */
2103 static PNG_CONST png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
2104
2105 /* Offset to next interlace block */
2106 static PNG_CONST png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
2107
2108 png_debug(1, "in png_do_write_interlace");
2109
2110 /* We don't have to do anything on the last pass (6) */
2111 if (pass < 6)
2112 {
2113 /* Each pixel depth is handled separately */
2114 switch (row_info->pixel_depth)
2115 {
2116 case 1:
2117 {
2118 png_bytep sp;
2119 png_bytep dp;
2120 unsigned int shift;
2121 int d;
2122 int value;
2123 png_uint_32 i;
2124 png_uint_32 row_width = row_info->width;
2125
2126 dp = row;
2127 d = 0;
2128 shift = 7;
2129
2130 for (i = png_pass_start[pass]; i < row_width;
2131 i += png_pass_inc[pass])
2132 {
2133 sp = row + (png_size_t)(i >> 3);
2134 value = (int)(*sp >> (7 - (int)(i & 0x07))) & 0x01;
2135 d |= (value << shift);
2136
2137 if (shift == 0)
2138 {
2139 shift = 7;
2140 *dp++ = (png_byte)d;
2141 d = 0;
2142 }
2143
2144 else
2145 shift--;
2146
2147 }
2148 if (shift != 7)
2149 *dp = (png_byte)d;
2150
2151 break;
2152 }
2153
2154 case 2:
2155 {
2156 png_bytep sp;
2157 png_bytep dp;
2158 unsigned int shift;
2159 int d;
2160 int value;
2161 png_uint_32 i;
2162 png_uint_32 row_width = row_info->width;
2163
2164 dp = row;
2165 shift = 6;
2166 d = 0;
2167
2168 for (i = png_pass_start[pass]; i < row_width;
2169 i += png_pass_inc[pass])
2170 {
2171 sp = row + (png_size_t)(i >> 2);
2172 value = (*sp >> ((3 - (int)(i & 0x03)) << 1)) & 0x03;
2173 d |= (value << shift);
2174
2175 if (shift == 0)
2176 {
2177 shift = 6;
2178 *dp++ = (png_byte)d;
2179 d = 0;
2180 }
2181
2182 else
2183 shift -= 2;
2184 }
2185 if (shift != 6)
2186 *dp = (png_byte)d;
2187
2188 break;
2189 }
2190
2191 case 4:
2192 {
2193 png_bytep sp;
2194 png_bytep dp;
2195 unsigned int shift;
2196 int d;
2197 int value;
2198 png_uint_32 i;
2199 png_uint_32 row_width = row_info->width;
2200
2201 dp = row;
2202 shift = 4;
2203 d = 0;
2204 for (i = png_pass_start[pass]; i < row_width;
2205 i += png_pass_inc[pass])
2206 {
2207 sp = row + (png_size_t)(i >> 1);
2208 value = (*sp >> ((1 - (int)(i & 0x01)) << 2)) & 0x0f;
2209 d |= (value << shift);
2210
2211 if (shift == 0)
2212 {
2213 shift = 4;
2214 *dp++ = (png_byte)d;
2215 d = 0;
2216 }
2217
2218 else
2219 shift -= 4;
2220 }
2221 if (shift != 4)
2222 *dp = (png_byte)d;
2223
2224 break;
2225 }
2226
2227 default:
2228 {
2229 png_bytep sp;
2230 png_bytep dp;
2231 png_uint_32 i;
2232 png_uint_32 row_width = row_info->width;
2233 png_size_t pixel_bytes;
2234
2235 /* Start at the beginning */
2236 dp = row;
2237
2238 /* Find out how many bytes each pixel takes up */
2239 pixel_bytes = (row_info->pixel_depth >> 3);
2240
2241 /* Loop through the row, only looking at the pixels that matter */
2242 for (i = png_pass_start[pass]; i < row_width;
2243 i += png_pass_inc[pass])
2244 {
2245 /* Find out where the original pixel is */
2246 sp = row + (png_size_t)i * pixel_bytes;
2247
2248 /* Move the pixel */
2249 if (dp != sp)
2250 memcpy(dp, sp, pixel_bytes);
2251
2252 /* Next pixel */
2253 dp += pixel_bytes;
2254 }
2255 break;
2256 }
2257 }
2258 /* Set new row width */
2259 row_info->width = (row_info->width +
2260 png_pass_inc[pass] - 1 -
2261 png_pass_start[pass]) /
2262 png_pass_inc[pass];
2263
2264 row_info->rowbytes = PNG_ROWBYTES(row_info->pixel_depth,
2265 row_info->width);
2266 }
2267 }
2268 #endif
2269
2270
2271 /* This filters the row, chooses which filter to use, if it has not already
2272 * been specified by the application, and then writes the row out with the
2273 * chosen filter.
2274 */
2275 static void /* PRIVATE */
2276 png_write_filtered_row(png_structrp png_ptr, png_bytep filtered_row,
2277 png_size_t row_bytes);
2278
2279 #ifdef PNG_WRITE_FILTER_SUPPORTED
2280 static png_size_t /* PRIVATE */
png_setup_sub_row(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes,const png_size_t lmins)2281 png_setup_sub_row(png_structrp png_ptr, const png_uint_32 bpp,
2282 const png_size_t row_bytes, const png_size_t lmins)
2283 {
2284 png_bytep rp, dp, lp;
2285 png_size_t i;
2286 png_size_t sum = 0;
2287 unsigned int v;
2288
2289 png_ptr->try_row[0] = PNG_FILTER_VALUE_SUB;
2290
2291 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1; i < bpp;
2292 i++, rp++, dp++)
2293 {
2294 v = *dp = *rp;
2295 #ifdef PNG_USE_ABS
2296 sum += 128 - abs((int)v - 128);
2297 #else
2298 sum += (v < 128) ? v : 256 - v;
2299 #endif
2300 }
2301
2302 for (lp = png_ptr->row_buf + 1; i < row_bytes;
2303 i++, rp++, lp++, dp++)
2304 {
2305 v = *dp = (png_byte)(((int)*rp - (int)*lp) & 0xff);
2306 #ifdef PNG_USE_ABS
2307 sum += 128 - abs((int)v - 128);
2308 #else
2309 sum += (v < 128) ? v : 256 - v;
2310 #endif
2311
2312 if (sum > lmins) /* We are already worse, don't continue. */
2313 break;
2314 }
2315
2316 return (sum);
2317 }
2318
2319 static void /* PRIVATE */
png_setup_sub_row_only(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes)2320 png_setup_sub_row_only(png_structrp png_ptr, const png_uint_32 bpp,
2321 const png_size_t row_bytes)
2322 {
2323 png_bytep rp, dp, lp;
2324 png_size_t i;
2325
2326 png_ptr->try_row[0] = PNG_FILTER_VALUE_SUB;
2327
2328 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1; i < bpp;
2329 i++, rp++, dp++)
2330 {
2331 *dp = *rp;
2332 }
2333
2334 for (lp = png_ptr->row_buf + 1; i < row_bytes;
2335 i++, rp++, lp++, dp++)
2336 {
2337 *dp = (png_byte)(((int)*rp - (int)*lp) & 0xff);
2338 }
2339 }
2340
2341 static png_size_t /* PRIVATE */
png_setup_up_row(png_structrp png_ptr,const png_size_t row_bytes,const png_size_t lmins)2342 png_setup_up_row(png_structrp png_ptr, const png_size_t row_bytes,
2343 const png_size_t lmins)
2344 {
2345 png_bytep rp, dp, pp;
2346 png_size_t i;
2347 png_size_t sum = 0;
2348 unsigned int v;
2349
2350 png_ptr->try_row[0] = PNG_FILTER_VALUE_UP;
2351
2352 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2353 pp = png_ptr->prev_row + 1; i < row_bytes;
2354 i++, rp++, pp++, dp++)
2355 {
2356 v = *dp = (png_byte)(((int)*rp - (int)*pp) & 0xff);
2357 #ifdef PNG_USE_ABS
2358 sum += 128 - abs((int)v - 128);
2359 #else
2360 sum += (v < 128) ? v : 256 - v;
2361 #endif
2362
2363 if (sum > lmins) /* We are already worse, don't continue. */
2364 break;
2365 }
2366
2367 return (sum);
2368 }
2369 static void /* PRIVATE */
png_setup_up_row_only(png_structrp png_ptr,const png_size_t row_bytes)2370 png_setup_up_row_only(png_structrp png_ptr, const png_size_t row_bytes)
2371 {
2372 png_bytep rp, dp, pp;
2373 png_size_t i;
2374
2375 png_ptr->try_row[0] = PNG_FILTER_VALUE_UP;
2376
2377 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2378 pp = png_ptr->prev_row + 1; i < row_bytes;
2379 i++, rp++, pp++, dp++)
2380 {
2381 *dp = (png_byte)(((int)*rp - (int)*pp) & 0xff);
2382 }
2383 }
2384
2385 static png_size_t /* PRIVATE */
png_setup_avg_row(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes,const png_size_t lmins)2386 png_setup_avg_row(png_structrp png_ptr, const png_uint_32 bpp,
2387 const png_size_t row_bytes, const png_size_t lmins)
2388 {
2389 png_bytep rp, dp, pp, lp;
2390 png_uint_32 i;
2391 png_size_t sum = 0;
2392 unsigned int v;
2393
2394 png_ptr->try_row[0] = PNG_FILTER_VALUE_AVG;
2395
2396 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2397 pp = png_ptr->prev_row + 1; i < bpp; i++)
2398 {
2399 v = *dp++ = (png_byte)(((int)*rp++ - ((int)*pp++ / 2)) & 0xff);
2400
2401 #ifdef PNG_USE_ABS
2402 sum += 128 - abs((int)v - 128);
2403 #else
2404 sum += (v < 128) ? v : 256 - v;
2405 #endif
2406 }
2407
2408 for (lp = png_ptr->row_buf + 1; i < row_bytes; i++)
2409 {
2410 v = *dp++ = (png_byte)(((int)*rp++ - (((int)*pp++ + (int)*lp++) / 2))
2411 & 0xff);
2412
2413 #ifdef PNG_USE_ABS
2414 sum += 128 - abs((int)v - 128);
2415 #else
2416 sum += (v < 128) ? v : 256 - v;
2417 #endif
2418
2419 if (sum > lmins) /* We are already worse, don't continue. */
2420 break;
2421 }
2422
2423 return (sum);
2424 }
2425 static void /* PRIVATE */
png_setup_avg_row_only(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes)2426 png_setup_avg_row_only(png_structrp png_ptr, const png_uint_32 bpp,
2427 const png_size_t row_bytes)
2428 {
2429 png_bytep rp, dp, pp, lp;
2430 png_uint_32 i;
2431
2432 png_ptr->try_row[0] = PNG_FILTER_VALUE_AVG;
2433
2434 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2435 pp = png_ptr->prev_row + 1; i < bpp; i++)
2436 {
2437 *dp++ = (png_byte)(((int)*rp++ - ((int)*pp++ / 2)) & 0xff);
2438 }
2439
2440 for (lp = png_ptr->row_buf + 1; i < row_bytes; i++)
2441 {
2442 *dp++ = (png_byte)(((int)*rp++ - (((int)*pp++ + (int)*lp++) / 2))
2443 & 0xff);
2444 }
2445 }
2446
2447 static png_size_t /* PRIVATE */
png_setup_paeth_row(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes,const png_size_t lmins)2448 png_setup_paeth_row(png_structrp png_ptr, const png_uint_32 bpp,
2449 const png_size_t row_bytes, const png_size_t lmins)
2450 {
2451 png_bytep rp, dp, pp, cp, lp;
2452 png_size_t i;
2453 png_size_t sum = 0;
2454 unsigned int v;
2455
2456 png_ptr->try_row[0] = PNG_FILTER_VALUE_PAETH;
2457
2458 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2459 pp = png_ptr->prev_row + 1; i < bpp; i++)
2460 {
2461 v = *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff);
2462
2463 #ifdef PNG_USE_ABS
2464 sum += 128 - abs((int)v - 128);
2465 #else
2466 sum += (v < 128) ? v : 256 - v;
2467 #endif
2468 }
2469
2470 for (lp = png_ptr->row_buf + 1, cp = png_ptr->prev_row + 1; i < row_bytes;
2471 i++)
2472 {
2473 int a, b, c, pa, pb, pc, p;
2474
2475 b = *pp++;
2476 c = *cp++;
2477 a = *lp++;
2478
2479 p = b - c;
2480 pc = a - c;
2481
2482 #ifdef PNG_USE_ABS
2483 pa = abs(p);
2484 pb = abs(pc);
2485 pc = abs(p + pc);
2486 #else
2487 pa = p < 0 ? -p : p;
2488 pb = pc < 0 ? -pc : pc;
2489 pc = (p + pc) < 0 ? -(p + pc) : p + pc;
2490 #endif
2491
2492 p = (pa <= pb && pa <=pc) ? a : (pb <= pc) ? b : c;
2493
2494 v = *dp++ = (png_byte)(((int)*rp++ - p) & 0xff);
2495
2496 #ifdef PNG_USE_ABS
2497 sum += 128 - abs((int)v - 128);
2498 #else
2499 sum += (v < 128) ? v : 256 - v;
2500 #endif
2501
2502 if (sum > lmins) /* We are already worse, don't continue. */
2503 break;
2504 }
2505
2506 return (sum);
2507 }
2508 static void /* PRIVATE */
png_setup_paeth_row_only(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes)2509 png_setup_paeth_row_only(png_structrp png_ptr, const png_uint_32 bpp,
2510 const png_size_t row_bytes)
2511 {
2512 png_bytep rp, dp, pp, cp, lp;
2513 png_size_t i;
2514
2515 png_ptr->try_row[0] = PNG_FILTER_VALUE_PAETH;
2516
2517 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2518 pp = png_ptr->prev_row + 1; i < bpp; i++)
2519 {
2520 *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff);
2521 }
2522
2523 for (lp = png_ptr->row_buf + 1, cp = png_ptr->prev_row + 1; i < row_bytes;
2524 i++)
2525 {
2526 int a, b, c, pa, pb, pc, p;
2527
2528 b = *pp++;
2529 c = *cp++;
2530 a = *lp++;
2531
2532 p = b - c;
2533 pc = a - c;
2534
2535 #ifdef PNG_USE_ABS
2536 pa = abs(p);
2537 pb = abs(pc);
2538 pc = abs(p + pc);
2539 #else
2540 pa = p < 0 ? -p : p;
2541 pb = pc < 0 ? -pc : pc;
2542 pc = (p + pc) < 0 ? -(p + pc) : p + pc;
2543 #endif
2544
2545 p = (pa <= pb && pa <=pc) ? a : (pb <= pc) ? b : c;
2546
2547 *dp++ = (png_byte)(((int)*rp++ - p) & 0xff);
2548 }
2549 }
2550 #endif /* WRITE_FILTER */
2551
2552 void /* PRIVATE */
png_write_find_filter(png_structrp png_ptr,png_row_infop row_info)2553 png_write_find_filter(png_structrp png_ptr, png_row_infop row_info)
2554 {
2555 #ifndef PNG_WRITE_FILTER_SUPPORTED
2556 png_write_filtered_row(png_ptr, png_ptr->row_buf, row_info->rowbytes+1);
2557 #else
2558 unsigned int filter_to_do = png_ptr->do_filter;
2559 png_bytep row_buf;
2560 png_bytep best_row;
2561 png_uint_32 bpp;
2562 png_size_t mins;
2563 png_size_t row_bytes = row_info->rowbytes;
2564
2565 png_debug(1, "in png_write_find_filter");
2566
2567 /* Find out how many bytes offset each pixel is */
2568 bpp = (row_info->pixel_depth + 7) >> 3;
2569
2570 row_buf = png_ptr->row_buf;
2571 mins = PNG_SIZE_MAX - 256/* so we can detect potential overflow of the
2572 running sum */;
2573
2574 /* The prediction method we use is to find which method provides the
2575 * smallest value when summing the absolute values of the distances
2576 * from zero, using anything >= 128 as negative numbers. This is known
2577 * as the "minimum sum of absolute differences" heuristic. Other
2578 * heuristics are the "weighted minimum sum of absolute differences"
2579 * (experimental and can in theory improve compression), and the "zlib
2580 * predictive" method (not implemented yet), which does test compressions
2581 * of lines using different filter methods, and then chooses the
2582 * (series of) filter(s) that give minimum compressed data size (VERY
2583 * computationally expensive).
2584 *
2585 * GRR 980525: consider also
2586 *
2587 * (1) minimum sum of absolute differences from running average (i.e.,
2588 * keep running sum of non-absolute differences & count of bytes)
2589 * [track dispersion, too? restart average if dispersion too large?]
2590 *
2591 * (1b) minimum sum of absolute differences from sliding average, probably
2592 * with window size <= deflate window (usually 32K)
2593 *
2594 * (2) minimum sum of squared differences from zero or running average
2595 * (i.e., ~ root-mean-square approach)
2596 */
2597
2598
2599 /* We don't need to test the 'no filter' case if this is the only filter
2600 * that has been chosen, as it doesn't actually do anything to the data.
2601 */
2602 best_row = png_ptr->row_buf;
2603
2604 if (PNG_SIZE_MAX/128 <= row_bytes)
2605 {
2606 /* Overflow can occur in the calculation, just select the lowest set
2607 * filter.
2608 */
2609 filter_to_do &= 0U-filter_to_do;
2610 }
2611 else if ((filter_to_do & PNG_FILTER_NONE) != 0 &&
2612 filter_to_do != PNG_FILTER_NONE)
2613 {
2614 /* Overflow not possible and multiple filters in the list, including the
2615 * 'none' filter.
2616 */
2617 png_bytep rp;
2618 png_size_t sum = 0;
2619 png_size_t i;
2620 unsigned int v;
2621
2622 {
2623 for (i = 0, rp = row_buf + 1; i < row_bytes; i++, rp++)
2624 {
2625 v = *rp;
2626 #ifdef PNG_USE_ABS
2627 sum += 128 - abs((int)v - 128);
2628 #else
2629 sum += (v < 128) ? v : 256 - v;
2630 #endif
2631 }
2632 }
2633
2634 mins = sum;
2635 }
2636
2637 /* Sub filter */
2638 if (filter_to_do == PNG_FILTER_SUB)
2639 /* It's the only filter so no testing is needed */
2640 {
2641 png_setup_sub_row_only(png_ptr, bpp, row_bytes);
2642 best_row = png_ptr->try_row;
2643 }
2644
2645 else if ((filter_to_do & PNG_FILTER_SUB) != 0)
2646 {
2647 png_size_t sum;
2648 png_size_t lmins = mins;
2649
2650 sum = png_setup_sub_row(png_ptr, bpp, row_bytes, lmins);
2651
2652 if (sum < mins)
2653 {
2654 mins = sum;
2655 best_row = png_ptr->try_row;
2656 if (png_ptr->tst_row != NULL)
2657 {
2658 png_ptr->try_row = png_ptr->tst_row;
2659 png_ptr->tst_row = best_row;
2660 }
2661 }
2662 }
2663
2664 /* Up filter */
2665 if (filter_to_do == PNG_FILTER_UP)
2666 {
2667 png_setup_up_row_only(png_ptr, row_bytes);
2668 best_row = png_ptr->try_row;
2669 }
2670
2671 else if ((filter_to_do & PNG_FILTER_UP) != 0)
2672 {
2673 png_size_t sum;
2674 png_size_t lmins = mins;
2675
2676 sum = png_setup_up_row(png_ptr, row_bytes, lmins);
2677
2678 if (sum < mins)
2679 {
2680 mins = sum;
2681 best_row = png_ptr->try_row;
2682 if (png_ptr->tst_row != NULL)
2683 {
2684 png_ptr->try_row = png_ptr->tst_row;
2685 png_ptr->tst_row = best_row;
2686 }
2687 }
2688 }
2689
2690 /* Avg filter */
2691 if (filter_to_do == PNG_FILTER_AVG)
2692 {
2693 png_setup_avg_row_only(png_ptr, bpp, row_bytes);
2694 best_row = png_ptr->try_row;
2695 }
2696
2697 else if ((filter_to_do & PNG_FILTER_AVG) != 0)
2698 {
2699 png_size_t sum;
2700 png_size_t lmins = mins;
2701
2702 sum= png_setup_avg_row(png_ptr, bpp, row_bytes, lmins);
2703
2704 if (sum < mins)
2705 {
2706 mins = sum;
2707 best_row = png_ptr->try_row;
2708 if (png_ptr->tst_row != NULL)
2709 {
2710 png_ptr->try_row = png_ptr->tst_row;
2711 png_ptr->tst_row = best_row;
2712 }
2713 }
2714 }
2715
2716 /* Paeth filter */
2717 if (filter_to_do == PNG_FILTER_PAETH)
2718 {
2719 png_setup_paeth_row_only(png_ptr, bpp, row_bytes);
2720 best_row = png_ptr->try_row;
2721 }
2722
2723 else if ((filter_to_do & PNG_FILTER_PAETH) != 0)
2724 {
2725 png_size_t sum;
2726 png_size_t lmins = mins;
2727
2728 sum = png_setup_paeth_row(png_ptr, bpp, row_bytes, lmins);
2729
2730 if (sum < mins)
2731 {
2732 best_row = png_ptr->try_row;
2733 if (png_ptr->tst_row != NULL)
2734 {
2735 png_ptr->try_row = png_ptr->tst_row;
2736 png_ptr->tst_row = best_row;
2737 }
2738 }
2739 }
2740
2741 /* Do the actual writing of the filtered row data from the chosen filter. */
2742 png_write_filtered_row(png_ptr, best_row, row_info->rowbytes+1);
2743
2744 #endif /* WRITE_FILTER */
2745 }
2746
2747
2748 /* Do the actual writing of a previously filtered row. */
2749 static void
png_write_filtered_row(png_structrp png_ptr,png_bytep filtered_row,png_size_t full_row_length)2750 png_write_filtered_row(png_structrp png_ptr, png_bytep filtered_row,
2751 png_size_t full_row_length/*includes filter byte*/)
2752 {
2753 png_debug(1, "in png_write_filtered_row");
2754
2755 png_debug1(2, "filter = %d", filtered_row[0]);
2756
2757 png_compress_IDAT(png_ptr, filtered_row, full_row_length, Z_NO_FLUSH);
2758
2759 #ifdef PNG_WRITE_FILTER_SUPPORTED
2760 /* Swap the current and previous rows */
2761 if (png_ptr->prev_row != NULL)
2762 {
2763 png_bytep tptr;
2764
2765 tptr = png_ptr->prev_row;
2766 png_ptr->prev_row = png_ptr->row_buf;
2767 png_ptr->row_buf = tptr;
2768 }
2769 #endif /* WRITE_FILTER */
2770
2771 /* Finish row - updates counters and flushes zlib if last row */
2772 png_write_finish_row(png_ptr);
2773
2774 #ifdef PNG_WRITE_FLUSH_SUPPORTED
2775 png_ptr->flush_rows++;
2776
2777 if (png_ptr->flush_dist > 0 &&
2778 png_ptr->flush_rows >= png_ptr->flush_dist)
2779 {
2780 png_write_flush(png_ptr);
2781 }
2782 #endif /* WRITE_FLUSH */
2783 }
2784 #endif /* WRITE */
2785