1
2 /* pngset.c - storage of image information into info struct
3 *
4 * Last changed in libpng 1.6.18 [July 23, 2015]
5 * Copyright (c) 1998-2015 Glenn Randers-Pehrson
6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
8 *
9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer
11 * and license in png.h
12 *
13 * The functions here are used during reads to store data from the file
14 * into the info struct, and during writes to store application data
15 * into the info struct for writing into the file. This abstracts the
16 * info struct and allows us to change the structure in the future.
17 */
18
19 #include "pngpriv.h"
20
21 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
22
23 #ifdef PNG_bKGD_SUPPORTED
24 void PNGAPI
png_set_bKGD(png_const_structrp png_ptr,png_inforp info_ptr,png_const_color_16p background)25 png_set_bKGD(png_const_structrp png_ptr, png_inforp info_ptr,
26 png_const_color_16p background)
27 {
28 png_debug1(1, "in %s storage function", "bKGD");
29
30 if (png_ptr == NULL || info_ptr == NULL || background == NULL)
31 return;
32
33 info_ptr->background = *background;
34 info_ptr->valid |= PNG_INFO_bKGD;
35 }
36 #endif
37
38 #ifdef PNG_cHRM_SUPPORTED
39 void PNGFAPI
png_set_cHRM_fixed(png_const_structrp png_ptr,png_inforp info_ptr,png_fixed_point white_x,png_fixed_point white_y,png_fixed_point red_x,png_fixed_point red_y,png_fixed_point green_x,png_fixed_point green_y,png_fixed_point blue_x,png_fixed_point blue_y)40 png_set_cHRM_fixed(png_const_structrp png_ptr, png_inforp info_ptr,
41 png_fixed_point white_x, png_fixed_point white_y, png_fixed_point red_x,
42 png_fixed_point red_y, png_fixed_point green_x, png_fixed_point green_y,
43 png_fixed_point blue_x, png_fixed_point blue_y)
44 {
45 png_xy xy;
46
47 png_debug1(1, "in %s storage function", "cHRM fixed");
48
49 if (png_ptr == NULL || info_ptr == NULL)
50 return;
51
52 xy.redx = red_x;
53 xy.redy = red_y;
54 xy.greenx = green_x;
55 xy.greeny = green_y;
56 xy.bluex = blue_x;
57 xy.bluey = blue_y;
58 xy.whitex = white_x;
59 xy.whitey = white_y;
60
61 if (png_colorspace_set_chromaticities(png_ptr, &info_ptr->colorspace, &xy,
62 2/* override with app values*/) != 0)
63 info_ptr->colorspace.flags |= PNG_COLORSPACE_FROM_cHRM;
64
65 png_colorspace_sync_info(png_ptr, info_ptr);
66 }
67
68 void PNGFAPI
png_set_cHRM_XYZ_fixed(png_const_structrp png_ptr,png_inforp info_ptr,png_fixed_point int_red_X,png_fixed_point int_red_Y,png_fixed_point int_red_Z,png_fixed_point int_green_X,png_fixed_point int_green_Y,png_fixed_point int_green_Z,png_fixed_point int_blue_X,png_fixed_point int_blue_Y,png_fixed_point int_blue_Z)69 png_set_cHRM_XYZ_fixed(png_const_structrp png_ptr, png_inforp info_ptr,
70 png_fixed_point int_red_X, png_fixed_point int_red_Y,
71 png_fixed_point int_red_Z, png_fixed_point int_green_X,
72 png_fixed_point int_green_Y, png_fixed_point int_green_Z,
73 png_fixed_point int_blue_X, png_fixed_point int_blue_Y,
74 png_fixed_point int_blue_Z)
75 {
76 png_XYZ XYZ;
77
78 png_debug1(1, "in %s storage function", "cHRM XYZ fixed");
79
80 if (png_ptr == NULL || info_ptr == NULL)
81 return;
82
83 XYZ.red_X = int_red_X;
84 XYZ.red_Y = int_red_Y;
85 XYZ.red_Z = int_red_Z;
86 XYZ.green_X = int_green_X;
87 XYZ.green_Y = int_green_Y;
88 XYZ.green_Z = int_green_Z;
89 XYZ.blue_X = int_blue_X;
90 XYZ.blue_Y = int_blue_Y;
91 XYZ.blue_Z = int_blue_Z;
92
93 if (png_colorspace_set_endpoints(png_ptr, &info_ptr->colorspace,
94 &XYZ, 2) != 0)
95 info_ptr->colorspace.flags |= PNG_COLORSPACE_FROM_cHRM;
96
97 png_colorspace_sync_info(png_ptr, info_ptr);
98 }
99
100 # ifdef PNG_FLOATING_POINT_SUPPORTED
101 void PNGAPI
png_set_cHRM(png_const_structrp png_ptr,png_inforp info_ptr,double white_x,double white_y,double red_x,double red_y,double green_x,double green_y,double blue_x,double blue_y)102 png_set_cHRM(png_const_structrp png_ptr, png_inforp info_ptr,
103 double white_x, double white_y, double red_x, double red_y,
104 double green_x, double green_y, double blue_x, double blue_y)
105 {
106 png_set_cHRM_fixed(png_ptr, info_ptr,
107 png_fixed(png_ptr, white_x, "cHRM White X"),
108 png_fixed(png_ptr, white_y, "cHRM White Y"),
109 png_fixed(png_ptr, red_x, "cHRM Red X"),
110 png_fixed(png_ptr, red_y, "cHRM Red Y"),
111 png_fixed(png_ptr, green_x, "cHRM Green X"),
112 png_fixed(png_ptr, green_y, "cHRM Green Y"),
113 png_fixed(png_ptr, blue_x, "cHRM Blue X"),
114 png_fixed(png_ptr, blue_y, "cHRM Blue Y"));
115 }
116
117 void PNGAPI
png_set_cHRM_XYZ(png_const_structrp png_ptr,png_inforp info_ptr,double red_X,double red_Y,double red_Z,double green_X,double green_Y,double green_Z,double blue_X,double blue_Y,double blue_Z)118 png_set_cHRM_XYZ(png_const_structrp png_ptr, png_inforp info_ptr, double red_X,
119 double red_Y, double red_Z, double green_X, double green_Y, double green_Z,
120 double blue_X, double blue_Y, double blue_Z)
121 {
122 png_set_cHRM_XYZ_fixed(png_ptr, info_ptr,
123 png_fixed(png_ptr, red_X, "cHRM Red X"),
124 png_fixed(png_ptr, red_Y, "cHRM Red Y"),
125 png_fixed(png_ptr, red_Z, "cHRM Red Z"),
126 png_fixed(png_ptr, green_X, "cHRM Red X"),
127 png_fixed(png_ptr, green_Y, "cHRM Red Y"),
128 png_fixed(png_ptr, green_Z, "cHRM Red Z"),
129 png_fixed(png_ptr, blue_X, "cHRM Red X"),
130 png_fixed(png_ptr, blue_Y, "cHRM Red Y"),
131 png_fixed(png_ptr, blue_Z, "cHRM Red Z"));
132 }
133 # endif /* FLOATING_POINT */
134
135 #endif /* cHRM */
136
137 #ifdef PNG_gAMA_SUPPORTED
138 void PNGFAPI
png_set_gAMA_fixed(png_const_structrp png_ptr,png_inforp info_ptr,png_fixed_point file_gamma)139 png_set_gAMA_fixed(png_const_structrp png_ptr, png_inforp info_ptr,
140 png_fixed_point file_gamma)
141 {
142 png_debug1(1, "in %s storage function", "gAMA");
143
144 if (png_ptr == NULL || info_ptr == NULL)
145 return;
146
147 png_colorspace_set_gamma(png_ptr, &info_ptr->colorspace, file_gamma);
148 png_colorspace_sync_info(png_ptr, info_ptr);
149 }
150
151 # ifdef PNG_FLOATING_POINT_SUPPORTED
152 void PNGAPI
png_set_gAMA(png_const_structrp png_ptr,png_inforp info_ptr,double file_gamma)153 png_set_gAMA(png_const_structrp png_ptr, png_inforp info_ptr, double file_gamma)
154 {
155 png_set_gAMA_fixed(png_ptr, info_ptr, png_fixed(png_ptr, file_gamma,
156 "png_set_gAMA"));
157 }
158 # endif
159 #endif
160
161 #ifdef PNG_hIST_SUPPORTED
162 void PNGAPI
png_set_hIST(png_const_structrp png_ptr,png_inforp info_ptr,png_const_uint_16p hist)163 png_set_hIST(png_const_structrp png_ptr, png_inforp info_ptr,
164 png_const_uint_16p hist)
165 {
166 int i;
167
168 png_debug1(1, "in %s storage function", "hIST");
169
170 if (png_ptr == NULL || info_ptr == NULL)
171 return;
172
173 if (info_ptr->num_palette == 0 || info_ptr->num_palette
174 > PNG_MAX_PALETTE_LENGTH)
175 {
176 png_warning(png_ptr,
177 "Invalid palette size, hIST allocation skipped");
178
179 return;
180 }
181
182 png_free_data(png_ptr, info_ptr, PNG_FREE_HIST, 0);
183
184 /* Changed from info->num_palette to PNG_MAX_PALETTE_LENGTH in
185 * version 1.2.1
186 */
187 info_ptr->hist = png_voidcast(png_uint_16p, png_malloc_warn(png_ptr,
188 PNG_MAX_PALETTE_LENGTH * (sizeof (png_uint_16))));
189
190 if (info_ptr->hist == NULL)
191 {
192 png_warning(png_ptr, "Insufficient memory for hIST chunk data");
193
194 return;
195 }
196
197 info_ptr->free_me |= PNG_FREE_HIST;
198
199 for (i = 0; i < info_ptr->num_palette; i++)
200 info_ptr->hist[i] = hist[i];
201
202 info_ptr->valid |= PNG_INFO_hIST;
203 }
204 #endif
205
206 void PNGAPI
png_set_IHDR(png_const_structrp png_ptr,png_inforp info_ptr,png_uint_32 width,png_uint_32 height,int bit_depth,int color_type,int interlace_type,int compression_type,int filter_type)207 png_set_IHDR(png_const_structrp png_ptr, png_inforp info_ptr,
208 png_uint_32 width, png_uint_32 height, int bit_depth,
209 int color_type, int interlace_type, int compression_type,
210 int filter_type)
211 {
212 png_debug1(1, "in %s storage function", "IHDR");
213
214 if (png_ptr == NULL || info_ptr == NULL)
215 return;
216
217 info_ptr->width = width;
218 info_ptr->height = height;
219 info_ptr->bit_depth = (png_byte)bit_depth;
220 info_ptr->color_type = (png_byte)color_type;
221 info_ptr->compression_type = (png_byte)compression_type;
222 info_ptr->filter_type = (png_byte)filter_type;
223 info_ptr->interlace_type = (png_byte)interlace_type;
224
225 png_check_IHDR (png_ptr, info_ptr->width, info_ptr->height,
226 info_ptr->bit_depth, info_ptr->color_type, info_ptr->interlace_type,
227 info_ptr->compression_type, info_ptr->filter_type);
228
229 if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
230 info_ptr->channels = 1;
231
232 else if ((info_ptr->color_type & PNG_COLOR_MASK_COLOR) != 0)
233 info_ptr->channels = 3;
234
235 else
236 info_ptr->channels = 1;
237
238 if ((info_ptr->color_type & PNG_COLOR_MASK_ALPHA) != 0)
239 info_ptr->channels++;
240
241 info_ptr->pixel_depth = (png_byte)(info_ptr->channels * info_ptr->bit_depth);
242
243 info_ptr->rowbytes = PNG_ROWBYTES(info_ptr->pixel_depth, width);
244 }
245
246 #ifdef PNG_oFFs_SUPPORTED
247 void PNGAPI
png_set_oFFs(png_const_structrp png_ptr,png_inforp info_ptr,png_int_32 offset_x,png_int_32 offset_y,int unit_type)248 png_set_oFFs(png_const_structrp png_ptr, png_inforp info_ptr,
249 png_int_32 offset_x, png_int_32 offset_y, int unit_type)
250 {
251 png_debug1(1, "in %s storage function", "oFFs");
252
253 if (png_ptr == NULL || info_ptr == NULL)
254 return;
255
256 info_ptr->x_offset = offset_x;
257 info_ptr->y_offset = offset_y;
258 info_ptr->offset_unit_type = (png_byte)unit_type;
259 info_ptr->valid |= PNG_INFO_oFFs;
260 }
261 #endif
262
263 #ifdef PNG_pCAL_SUPPORTED
264 void PNGAPI
png_set_pCAL(png_const_structrp png_ptr,png_inforp info_ptr,png_const_charp purpose,png_int_32 X0,png_int_32 X1,int type,int nparams,png_const_charp units,png_charpp params)265 png_set_pCAL(png_const_structrp png_ptr, png_inforp info_ptr,
266 png_const_charp purpose, png_int_32 X0, png_int_32 X1, int type,
267 int nparams, png_const_charp units, png_charpp params)
268 {
269 png_size_t length;
270 int i;
271
272 png_debug1(1, "in %s storage function", "pCAL");
273
274 if (png_ptr == NULL || info_ptr == NULL || purpose == NULL || units == NULL
275 || (nparams > 0 && params == NULL))
276 return;
277
278 length = strlen(purpose) + 1;
279 png_debug1(3, "allocating purpose for info (%lu bytes)",
280 (unsigned long)length);
281
282 /* TODO: validate format of calibration name and unit name */
283
284 /* Check that the type matches the specification. */
285 if (type < 0 || type > 3)
286 png_error(png_ptr, "Invalid pCAL equation type");
287
288 if (nparams < 0 || nparams > 255)
289 png_error(png_ptr, "Invalid pCAL parameter count");
290
291 /* Validate params[nparams] */
292 for (i=0; i<nparams; ++i)
293 {
294 if (params[i] == NULL ||
295 !png_check_fp_string(params[i], strlen(params[i])))
296 png_error(png_ptr, "Invalid format for pCAL parameter");
297 }
298
299 info_ptr->pcal_purpose = png_voidcast(png_charp,
300 png_malloc_warn(png_ptr, length));
301
302 if (info_ptr->pcal_purpose == NULL)
303 {
304 png_warning(png_ptr, "Insufficient memory for pCAL purpose");
305
306 return;
307 }
308
309 memcpy(info_ptr->pcal_purpose, purpose, length);
310
311 png_debug(3, "storing X0, X1, type, and nparams in info");
312 info_ptr->pcal_X0 = X0;
313 info_ptr->pcal_X1 = X1;
314 info_ptr->pcal_type = (png_byte)type;
315 info_ptr->pcal_nparams = (png_byte)nparams;
316
317 length = strlen(units) + 1;
318 png_debug1(3, "allocating units for info (%lu bytes)",
319 (unsigned long)length);
320
321 info_ptr->pcal_units = png_voidcast(png_charp,
322 png_malloc_warn(png_ptr, length));
323
324 if (info_ptr->pcal_units == NULL)
325 {
326 png_warning(png_ptr, "Insufficient memory for pCAL units");
327
328 return;
329 }
330
331 memcpy(info_ptr->pcal_units, units, length);
332
333 info_ptr->pcal_params = png_voidcast(png_charpp, png_malloc_warn(png_ptr,
334 (png_size_t)((nparams + 1) * (sizeof (png_charp)))));
335
336 if (info_ptr->pcal_params == NULL)
337 {
338 png_warning(png_ptr, "Insufficient memory for pCAL params");
339
340 return;
341 }
342
343 memset(info_ptr->pcal_params, 0, (nparams + 1) * (sizeof (png_charp)));
344
345 for (i = 0; i < nparams; i++)
346 {
347 length = strlen(params[i]) + 1;
348 png_debug2(3, "allocating parameter %d for info (%lu bytes)", i,
349 (unsigned long)length);
350
351 info_ptr->pcal_params[i] = (png_charp)png_malloc_warn(png_ptr, length);
352
353 if (info_ptr->pcal_params[i] == NULL)
354 {
355 png_warning(png_ptr, "Insufficient memory for pCAL parameter");
356
357 return;
358 }
359
360 memcpy(info_ptr->pcal_params[i], params[i], length);
361 }
362
363 info_ptr->valid |= PNG_INFO_pCAL;
364 info_ptr->free_me |= PNG_FREE_PCAL;
365 }
366 #endif
367
368 #ifdef PNG_sCAL_SUPPORTED
369 void PNGAPI
png_set_sCAL_s(png_const_structrp png_ptr,png_inforp info_ptr,int unit,png_const_charp swidth,png_const_charp sheight)370 png_set_sCAL_s(png_const_structrp png_ptr, png_inforp info_ptr,
371 int unit, png_const_charp swidth, png_const_charp sheight)
372 {
373 png_size_t lengthw = 0, lengthh = 0;
374
375 png_debug1(1, "in %s storage function", "sCAL");
376
377 if (png_ptr == NULL || info_ptr == NULL)
378 return;
379
380 /* Double check the unit (should never get here with an invalid
381 * unit unless this is an API call.)
382 */
383 if (unit != 1 && unit != 2)
384 png_error(png_ptr, "Invalid sCAL unit");
385
386 if (swidth == NULL || (lengthw = strlen(swidth)) == 0 ||
387 swidth[0] == 45 /* '-' */ || !png_check_fp_string(swidth, lengthw))
388 png_error(png_ptr, "Invalid sCAL width");
389
390 if (sheight == NULL || (lengthh = strlen(sheight)) == 0 ||
391 sheight[0] == 45 /* '-' */ || !png_check_fp_string(sheight, lengthh))
392 png_error(png_ptr, "Invalid sCAL height");
393
394 info_ptr->scal_unit = (png_byte)unit;
395
396 ++lengthw;
397
398 png_debug1(3, "allocating unit for info (%u bytes)", (unsigned int)lengthw);
399
400 info_ptr->scal_s_width = png_voidcast(png_charp,
401 png_malloc_warn(png_ptr, lengthw));
402
403 if (info_ptr->scal_s_width == NULL)
404 {
405 png_warning(png_ptr, "Memory allocation failed while processing sCAL");
406
407 return;
408 }
409
410 memcpy(info_ptr->scal_s_width, swidth, lengthw);
411
412 ++lengthh;
413
414 png_debug1(3, "allocating unit for info (%u bytes)", (unsigned int)lengthh);
415
416 info_ptr->scal_s_height = png_voidcast(png_charp,
417 png_malloc_warn(png_ptr, lengthh));
418
419 if (info_ptr->scal_s_height == NULL)
420 {
421 png_free (png_ptr, info_ptr->scal_s_width);
422 info_ptr->scal_s_width = NULL;
423
424 png_warning(png_ptr, "Memory allocation failed while processing sCAL");
425
426 return;
427 }
428
429 memcpy(info_ptr->scal_s_height, sheight, lengthh);
430
431 info_ptr->valid |= PNG_INFO_sCAL;
432 info_ptr->free_me |= PNG_FREE_SCAL;
433 }
434
435 # ifdef PNG_FLOATING_POINT_SUPPORTED
436 void PNGAPI
png_set_sCAL(png_const_structrp png_ptr,png_inforp info_ptr,int unit,double width,double height)437 png_set_sCAL(png_const_structrp png_ptr, png_inforp info_ptr, int unit,
438 double width, double height)
439 {
440 png_debug1(1, "in %s storage function", "sCAL");
441
442 /* Check the arguments. */
443 if (width <= 0)
444 png_warning(png_ptr, "Invalid sCAL width ignored");
445
446 else if (height <= 0)
447 png_warning(png_ptr, "Invalid sCAL height ignored");
448
449 else
450 {
451 /* Convert 'width' and 'height' to ASCII. */
452 char swidth[PNG_sCAL_MAX_DIGITS+1];
453 char sheight[PNG_sCAL_MAX_DIGITS+1];
454
455 png_ascii_from_fp(png_ptr, swidth, (sizeof swidth), width,
456 PNG_sCAL_PRECISION);
457 png_ascii_from_fp(png_ptr, sheight, (sizeof sheight), height,
458 PNG_sCAL_PRECISION);
459
460 png_set_sCAL_s(png_ptr, info_ptr, unit, swidth, sheight);
461 }
462 }
463 # endif
464
465 # ifdef PNG_FIXED_POINT_SUPPORTED
466 void PNGAPI
png_set_sCAL_fixed(png_const_structrp png_ptr,png_inforp info_ptr,int unit,png_fixed_point width,png_fixed_point height)467 png_set_sCAL_fixed(png_const_structrp png_ptr, png_inforp info_ptr, int unit,
468 png_fixed_point width, png_fixed_point height)
469 {
470 png_debug1(1, "in %s storage function", "sCAL");
471
472 /* Check the arguments. */
473 if (width <= 0)
474 png_warning(png_ptr, "Invalid sCAL width ignored");
475
476 else if (height <= 0)
477 png_warning(png_ptr, "Invalid sCAL height ignored");
478
479 else
480 {
481 /* Convert 'width' and 'height' to ASCII. */
482 char swidth[PNG_sCAL_MAX_DIGITS+1];
483 char sheight[PNG_sCAL_MAX_DIGITS+1];
484
485 png_ascii_from_fixed(png_ptr, swidth, (sizeof swidth), width);
486 png_ascii_from_fixed(png_ptr, sheight, (sizeof sheight), height);
487
488 png_set_sCAL_s(png_ptr, info_ptr, unit, swidth, sheight);
489 }
490 }
491 # endif
492 #endif
493
494 #ifdef PNG_pHYs_SUPPORTED
495 void PNGAPI
png_set_pHYs(png_const_structrp png_ptr,png_inforp info_ptr,png_uint_32 res_x,png_uint_32 res_y,int unit_type)496 png_set_pHYs(png_const_structrp png_ptr, png_inforp info_ptr,
497 png_uint_32 res_x, png_uint_32 res_y, int unit_type)
498 {
499 png_debug1(1, "in %s storage function", "pHYs");
500
501 if (png_ptr == NULL || info_ptr == NULL)
502 return;
503
504 info_ptr->x_pixels_per_unit = res_x;
505 info_ptr->y_pixels_per_unit = res_y;
506 info_ptr->phys_unit_type = (png_byte)unit_type;
507 info_ptr->valid |= PNG_INFO_pHYs;
508 }
509 #endif
510
511 void PNGAPI
png_set_PLTE(png_structrp png_ptr,png_inforp info_ptr,png_const_colorp palette,int num_palette)512 png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
513 png_const_colorp palette, int num_palette)
514 {
515
516 png_debug1(1, "in %s storage function", "PLTE");
517
518 if (png_ptr == NULL || info_ptr == NULL)
519 return;
520
521 if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH)
522 {
523 if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
524 png_error(png_ptr, "Invalid palette length");
525
526 else
527 {
528 png_warning(png_ptr, "Invalid palette length");
529
530 return;
531 }
532 }
533
534 if ((num_palette > 0 && palette == NULL) ||
535 (num_palette == 0
536 # ifdef PNG_MNG_FEATURES_SUPPORTED
537 && (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0
538 # endif
539 ))
540 {
541 png_error(png_ptr, "Invalid palette");
542 }
543
544 /* It may not actually be necessary to set png_ptr->palette here;
545 * we do it for backward compatibility with the way the png_handle_tRNS
546 * function used to do the allocation.
547 *
548 * 1.6.0: the above statement appears to be incorrect; something has to set
549 * the palette inside png_struct on read.
550 */
551 png_free_data(png_ptr, info_ptr, PNG_FREE_PLTE, 0);
552
553 /* Changed in libpng-1.2.1 to allocate PNG_MAX_PALETTE_LENGTH instead
554 * of num_palette entries, in case of an invalid PNG file that has
555 * too-large sample values.
556 */
557 png_ptr->palette = png_voidcast(png_colorp, png_calloc(png_ptr,
558 PNG_MAX_PALETTE_LENGTH * (sizeof (png_color))));
559
560 if (num_palette > 0)
561 memcpy(png_ptr->palette, palette, num_palette * (sizeof (png_color)));
562 info_ptr->palette = png_ptr->palette;
563 info_ptr->num_palette = png_ptr->num_palette = (png_uint_16)num_palette;
564
565 info_ptr->free_me |= PNG_FREE_PLTE;
566
567 info_ptr->valid |= PNG_INFO_PLTE;
568 }
569
570 #ifdef PNG_sBIT_SUPPORTED
571 void PNGAPI
png_set_sBIT(png_const_structrp png_ptr,png_inforp info_ptr,png_const_color_8p sig_bit)572 png_set_sBIT(png_const_structrp png_ptr, png_inforp info_ptr,
573 png_const_color_8p sig_bit)
574 {
575 png_debug1(1, "in %s storage function", "sBIT");
576
577 if (png_ptr == NULL || info_ptr == NULL || sig_bit == NULL)
578 return;
579
580 info_ptr->sig_bit = *sig_bit;
581 info_ptr->valid |= PNG_INFO_sBIT;
582 }
583 #endif
584
585 #ifdef PNG_sRGB_SUPPORTED
586 void PNGAPI
png_set_sRGB(png_const_structrp png_ptr,png_inforp info_ptr,int srgb_intent)587 png_set_sRGB(png_const_structrp png_ptr, png_inforp info_ptr, int srgb_intent)
588 {
589 png_debug1(1, "in %s storage function", "sRGB");
590
591 if (png_ptr == NULL || info_ptr == NULL)
592 return;
593
594 (void)png_colorspace_set_sRGB(png_ptr, &info_ptr->colorspace, srgb_intent);
595 png_colorspace_sync_info(png_ptr, info_ptr);
596 }
597
598 void PNGAPI
png_set_sRGB_gAMA_and_cHRM(png_const_structrp png_ptr,png_inforp info_ptr,int srgb_intent)599 png_set_sRGB_gAMA_and_cHRM(png_const_structrp png_ptr, png_inforp info_ptr,
600 int srgb_intent)
601 {
602 png_debug1(1, "in %s storage function", "sRGB_gAMA_and_cHRM");
603
604 if (png_ptr == NULL || info_ptr == NULL)
605 return;
606
607 if (png_colorspace_set_sRGB(png_ptr, &info_ptr->colorspace,
608 srgb_intent) != 0)
609 {
610 /* This causes the gAMA and cHRM to be written too */
611 info_ptr->colorspace.flags |=
612 PNG_COLORSPACE_FROM_gAMA|PNG_COLORSPACE_FROM_cHRM;
613 }
614
615 png_colorspace_sync_info(png_ptr, info_ptr);
616 }
617 #endif /* sRGB */
618
619
620 #ifdef PNG_iCCP_SUPPORTED
621 void PNGAPI
png_set_iCCP(png_const_structrp png_ptr,png_inforp info_ptr,png_const_charp name,int compression_type,png_const_bytep profile,png_uint_32 proflen)622 png_set_iCCP(png_const_structrp png_ptr, png_inforp info_ptr,
623 png_const_charp name, int compression_type,
624 png_const_bytep profile, png_uint_32 proflen)
625 {
626 png_charp new_iccp_name;
627 png_bytep new_iccp_profile;
628 png_size_t length;
629
630 png_debug1(1, "in %s storage function", "iCCP");
631
632 if (png_ptr == NULL || info_ptr == NULL || name == NULL || profile == NULL)
633 return;
634
635 if (compression_type != PNG_COMPRESSION_TYPE_BASE)
636 png_app_error(png_ptr, "Invalid iCCP compression method");
637
638 /* Set the colorspace first because this validates the profile; do not
639 * override previously set app cHRM or gAMA here (because likely as not the
640 * application knows better than libpng what the correct values are.) Pass
641 * the info_ptr color_type field to png_colorspace_set_ICC because in the
642 * write case it has not yet been stored in png_ptr.
643 */
644 {
645 int result = png_colorspace_set_ICC(png_ptr, &info_ptr->colorspace, name,
646 proflen, profile, info_ptr->color_type);
647
648 png_colorspace_sync_info(png_ptr, info_ptr);
649
650 /* Don't do any of the copying if the profile was bad, or inconsistent. */
651 if (result == 0)
652 return;
653
654 /* But do write the gAMA and cHRM chunks from the profile. */
655 info_ptr->colorspace.flags |=
656 PNG_COLORSPACE_FROM_gAMA|PNG_COLORSPACE_FROM_cHRM;
657 }
658
659 length = strlen(name)+1;
660 new_iccp_name = png_voidcast(png_charp, png_malloc_warn(png_ptr, length));
661
662 if (new_iccp_name == NULL)
663 {
664 png_benign_error(png_ptr, "Insufficient memory to process iCCP chunk");
665
666 return;
667 }
668
669 memcpy(new_iccp_name, name, length);
670 new_iccp_profile = png_voidcast(png_bytep,
671 png_malloc_warn(png_ptr, proflen));
672
673 if (new_iccp_profile == NULL)
674 {
675 png_free(png_ptr, new_iccp_name);
676 png_benign_error(png_ptr,
677 "Insufficient memory to process iCCP profile");
678
679 return;
680 }
681
682 memcpy(new_iccp_profile, profile, proflen);
683
684 png_free_data(png_ptr, info_ptr, PNG_FREE_ICCP, 0);
685
686 info_ptr->iccp_proflen = proflen;
687 info_ptr->iccp_name = new_iccp_name;
688 info_ptr->iccp_profile = new_iccp_profile;
689 info_ptr->free_me |= PNG_FREE_ICCP;
690 info_ptr->valid |= PNG_INFO_iCCP;
691 }
692 #endif
693
694 #ifdef PNG_TEXT_SUPPORTED
695 void PNGAPI
png_set_text(png_const_structrp png_ptr,png_inforp info_ptr,png_const_textp text_ptr,int num_text)696 png_set_text(png_const_structrp png_ptr, png_inforp info_ptr,
697 png_const_textp text_ptr, int num_text)
698 {
699 int ret;
700 ret = png_set_text_2(png_ptr, info_ptr, text_ptr, num_text);
701
702 if (ret != 0)
703 png_error(png_ptr, "Insufficient memory to store text");
704 }
705
706 int /* PRIVATE */
png_set_text_2(png_const_structrp png_ptr,png_inforp info_ptr,png_const_textp text_ptr,int num_text)707 png_set_text_2(png_const_structrp png_ptr, png_inforp info_ptr,
708 png_const_textp text_ptr, int num_text)
709 {
710 int i;
711
712 png_debug1(1, "in %lx storage function", png_ptr == NULL ? 0xabadca11 :
713 (unsigned long)png_ptr->chunk_name);
714
715 if (png_ptr == NULL || info_ptr == NULL || num_text <= 0 || text_ptr == NULL)
716 return(0);
717
718 /* Make sure we have enough space in the "text" array in info_struct
719 * to hold all of the incoming text_ptr objects. This compare can't overflow
720 * because max_text >= num_text (anyway, subtract of two positive integers
721 * can't overflow in any case.)
722 */
723 if (num_text > info_ptr->max_text - info_ptr->num_text)
724 {
725 int old_num_text = info_ptr->num_text;
726 int max_text;
727 png_textp new_text = NULL;
728
729 /* Calculate an appropriate max_text, checking for overflow. */
730 max_text = old_num_text;
731 if (num_text <= INT_MAX - max_text)
732 {
733 max_text += num_text;
734
735 /* Round up to a multiple of 8 */
736 if (max_text < INT_MAX-8)
737 max_text = (max_text + 8) & ~0x7;
738
739 else
740 max_text = INT_MAX;
741
742 /* Now allocate a new array and copy the old members in; this does all
743 * the overflow checks.
744 */
745 new_text = png_voidcast(png_textp,png_realloc_array(png_ptr,
746 info_ptr->text, old_num_text, max_text-old_num_text,
747 sizeof *new_text));
748 }
749
750 if (new_text == NULL)
751 {
752 png_chunk_report(png_ptr, "too many text chunks",
753 PNG_CHUNK_WRITE_ERROR);
754
755 return 1;
756 }
757
758 png_free(png_ptr, info_ptr->text);
759
760 info_ptr->text = new_text;
761 info_ptr->free_me |= PNG_FREE_TEXT;
762 info_ptr->max_text = max_text;
763 /* num_text is adjusted below as the entries are copied in */
764
765 png_debug1(3, "allocated %d entries for info_ptr->text", max_text);
766 }
767
768 for (i = 0; i < num_text; i++)
769 {
770 size_t text_length, key_len;
771 size_t lang_len, lang_key_len;
772 png_textp textp = &(info_ptr->text[info_ptr->num_text]);
773
774 if (text_ptr[i].key == NULL)
775 continue;
776
777 if (text_ptr[i].compression < PNG_TEXT_COMPRESSION_NONE ||
778 text_ptr[i].compression >= PNG_TEXT_COMPRESSION_LAST)
779 {
780 png_chunk_report(png_ptr, "text compression mode is out of range",
781 PNG_CHUNK_WRITE_ERROR);
782 continue;
783 }
784
785 key_len = strlen(text_ptr[i].key);
786
787 if (text_ptr[i].compression <= 0)
788 {
789 lang_len = 0;
790 lang_key_len = 0;
791 }
792
793 else
794 # ifdef PNG_iTXt_SUPPORTED
795 {
796 /* Set iTXt data */
797
798 if (text_ptr[i].lang != NULL)
799 lang_len = strlen(text_ptr[i].lang);
800
801 else
802 lang_len = 0;
803
804 if (text_ptr[i].lang_key != NULL)
805 lang_key_len = strlen(text_ptr[i].lang_key);
806
807 else
808 lang_key_len = 0;
809 }
810 # else /* iTXt */
811 {
812 png_chunk_report(png_ptr, "iTXt chunk not supported",
813 PNG_CHUNK_WRITE_ERROR);
814 continue;
815 }
816 # endif
817
818 if (text_ptr[i].text == NULL || text_ptr[i].text[0] == '\0')
819 {
820 text_length = 0;
821 # ifdef PNG_iTXt_SUPPORTED
822 if (text_ptr[i].compression > 0)
823 textp->compression = PNG_ITXT_COMPRESSION_NONE;
824
825 else
826 # endif
827 textp->compression = PNG_TEXT_COMPRESSION_NONE;
828 }
829
830 else
831 {
832 text_length = strlen(text_ptr[i].text);
833 textp->compression = text_ptr[i].compression;
834 }
835
836 textp->key = png_voidcast(png_charp,png_malloc_base(png_ptr,
837 key_len + text_length + lang_len + lang_key_len + 4));
838
839 if (textp->key == NULL)
840 {
841 png_chunk_report(png_ptr, "text chunk: out of memory",
842 PNG_CHUNK_WRITE_ERROR);
843
844 return 1;
845 }
846
847 png_debug2(2, "Allocated %lu bytes at %p in png_set_text",
848 (unsigned long)(png_uint_32)
849 (key_len + lang_len + lang_key_len + text_length + 4),
850 textp->key);
851
852 memcpy(textp->key, text_ptr[i].key, key_len);
853 *(textp->key + key_len) = '\0';
854
855 if (text_ptr[i].compression > 0)
856 {
857 textp->lang = textp->key + key_len + 1;
858 memcpy(textp->lang, text_ptr[i].lang, lang_len);
859 *(textp->lang + lang_len) = '\0';
860 textp->lang_key = textp->lang + lang_len + 1;
861 memcpy(textp->lang_key, text_ptr[i].lang_key, lang_key_len);
862 *(textp->lang_key + lang_key_len) = '\0';
863 textp->text = textp->lang_key + lang_key_len + 1;
864 }
865
866 else
867 {
868 textp->lang=NULL;
869 textp->lang_key=NULL;
870 textp->text = textp->key + key_len + 1;
871 }
872
873 if (text_length != 0)
874 memcpy(textp->text, text_ptr[i].text, text_length);
875
876 *(textp->text + text_length) = '\0';
877
878 # ifdef PNG_iTXt_SUPPORTED
879 if (textp->compression > 0)
880 {
881 textp->text_length = 0;
882 textp->itxt_length = text_length;
883 }
884
885 else
886 # endif
887 {
888 textp->text_length = text_length;
889 textp->itxt_length = 0;
890 }
891
892 info_ptr->num_text++;
893 png_debug1(3, "transferred text chunk %d", info_ptr->num_text);
894 }
895
896 return(0);
897 }
898 #endif
899
900 #ifdef PNG_tIME_SUPPORTED
901 void PNGAPI
png_set_tIME(png_const_structrp png_ptr,png_inforp info_ptr,png_const_timep mod_time)902 png_set_tIME(png_const_structrp png_ptr, png_inforp info_ptr,
903 png_const_timep mod_time)
904 {
905 png_debug1(1, "in %s storage function", "tIME");
906
907 if (png_ptr == NULL || info_ptr == NULL || mod_time == NULL ||
908 (png_ptr->mode & PNG_WROTE_tIME) != 0)
909 return;
910
911 if (mod_time->month == 0 || mod_time->month > 12 ||
912 mod_time->day == 0 || mod_time->day > 31 ||
913 mod_time->hour > 23 || mod_time->minute > 59 ||
914 mod_time->second > 60)
915 {
916 png_warning(png_ptr, "Ignoring invalid time value");
917
918 return;
919 }
920
921 info_ptr->mod_time = *mod_time;
922 info_ptr->valid |= PNG_INFO_tIME;
923 }
924 #endif
925
926 #ifdef PNG_tRNS_SUPPORTED
927 void PNGAPI
png_set_tRNS(png_structrp png_ptr,png_inforp info_ptr,png_const_bytep trans_alpha,int num_trans,png_const_color_16p trans_color)928 png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr,
929 png_const_bytep trans_alpha, int num_trans, png_const_color_16p trans_color)
930 {
931 png_debug1(1, "in %s storage function", "tRNS");
932
933 if (png_ptr == NULL || info_ptr == NULL)
934
935 return;
936
937 if (trans_alpha != NULL)
938 {
939 /* It may not actually be necessary to set png_ptr->trans_alpha here;
940 * we do it for backward compatibility with the way the png_handle_tRNS
941 * function used to do the allocation.
942 *
943 * 1.6.0: The above statement is incorrect; png_handle_tRNS effectively
944 * relies on png_set_tRNS storing the information in png_struct
945 * (otherwise it won't be there for the code in pngrtran.c).
946 */
947
948 png_free_data(png_ptr, info_ptr, PNG_FREE_TRNS, 0);
949
950 /* Changed from num_trans to PNG_MAX_PALETTE_LENGTH in version 1.2.1 */
951 png_ptr->trans_alpha = info_ptr->trans_alpha = png_voidcast(png_bytep,
952 png_malloc(png_ptr, PNG_MAX_PALETTE_LENGTH));
953
954 if (num_trans > 0 && num_trans <= PNG_MAX_PALETTE_LENGTH)
955 memcpy(info_ptr->trans_alpha, trans_alpha, (png_size_t)num_trans);
956 }
957
958 if (trans_color != NULL)
959 {
960 #ifdef PNG_WARNINGS_SUPPORTED
961 if (info_ptr->bit_depth < 16)
962 {
963 int sample_max = (1 << info_ptr->bit_depth) - 1;
964
965 if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY &&
966 trans_color->gray > sample_max) ||
967 (info_ptr->color_type == PNG_COLOR_TYPE_RGB &&
968 (trans_color->red > sample_max ||
969 trans_color->green > sample_max ||
970 trans_color->blue > sample_max)))
971 png_warning(png_ptr,
972 "tRNS chunk has out-of-range samples for bit_depth");
973 }
974 #endif
975
976 info_ptr->trans_color = *trans_color;
977
978 if (num_trans == 0)
979 num_trans = 1;
980 }
981
982 info_ptr->num_trans = (png_uint_16)num_trans;
983
984 if (num_trans != 0)
985 {
986 info_ptr->valid |= PNG_INFO_tRNS;
987 info_ptr->free_me |= PNG_FREE_TRNS;
988 }
989 }
990 #endif
991
992 #ifdef PNG_sPLT_SUPPORTED
993 void PNGAPI
png_set_sPLT(png_const_structrp png_ptr,png_inforp info_ptr,png_const_sPLT_tp entries,int nentries)994 png_set_sPLT(png_const_structrp png_ptr,
995 png_inforp info_ptr, png_const_sPLT_tp entries, int nentries)
996 /*
997 * entries - array of png_sPLT_t structures
998 * to be added to the list of palettes
999 * in the info structure.
1000 *
1001 * nentries - number of palette structures to be
1002 * added.
1003 */
1004 {
1005 png_sPLT_tp np;
1006
1007 if (png_ptr == NULL || info_ptr == NULL || nentries <= 0 || entries == NULL)
1008 return;
1009
1010 /* Use the internal realloc function, which checks for all the possible
1011 * overflows. Notice that the parameters are (int) and (size_t)
1012 */
1013 np = png_voidcast(png_sPLT_tp,png_realloc_array(png_ptr,
1014 info_ptr->splt_palettes, info_ptr->splt_palettes_num, nentries,
1015 sizeof *np));
1016
1017 if (np == NULL)
1018 {
1019 /* Out of memory or too many chunks */
1020 png_chunk_report(png_ptr, "too many sPLT chunks", PNG_CHUNK_WRITE_ERROR);
1021
1022 return;
1023 }
1024
1025 png_free(png_ptr, info_ptr->splt_palettes);
1026 info_ptr->splt_palettes = np;
1027 info_ptr->free_me |= PNG_FREE_SPLT;
1028
1029 np += info_ptr->splt_palettes_num;
1030
1031 do
1032 {
1033 png_size_t length;
1034
1035 /* Skip invalid input entries */
1036 if (entries->name == NULL || entries->entries == NULL)
1037 {
1038 /* png_handle_sPLT doesn't do this, so this is an app error */
1039 png_app_error(png_ptr, "png_set_sPLT: invalid sPLT");
1040 /* Just skip the invalid entry */
1041 continue;
1042 }
1043
1044 np->depth = entries->depth;
1045
1046 /* In the event of out-of-memory just return - there's no point keeping
1047 * on trying to add sPLT chunks.
1048 */
1049 length = strlen(entries->name) + 1;
1050 np->name = png_voidcast(png_charp, png_malloc_base(png_ptr, length));
1051
1052 if (np->name == NULL)
1053 break;
1054
1055 memcpy(np->name, entries->name, length);
1056
1057 /* IMPORTANT: we have memory now that won't get freed if something else
1058 * goes wrong; this code must free it. png_malloc_array produces no
1059 * warnings; use a png_chunk_report (below) if there is an error.
1060 */
1061 np->entries = png_voidcast(png_sPLT_entryp, png_malloc_array(png_ptr,
1062 entries->nentries, sizeof (png_sPLT_entry)));
1063
1064 if (np->entries == NULL)
1065 {
1066 png_free(png_ptr, np->name);
1067 np->name = NULL;
1068 break;
1069 }
1070
1071 np->nentries = entries->nentries;
1072 /* This multiply can't overflow because png_malloc_array has already
1073 * checked it when doing the allocation.
1074 */
1075 memcpy(np->entries, entries->entries,
1076 entries->nentries * sizeof (png_sPLT_entry));
1077
1078 /* Note that 'continue' skips the advance of the out pointer and out
1079 * count, so an invalid entry is not added.
1080 */
1081 info_ptr->valid |= PNG_INFO_sPLT;
1082 ++(info_ptr->splt_palettes_num);
1083 ++np;
1084 }
1085 while (++entries, --nentries);
1086
1087 if (nentries > 0)
1088 png_chunk_report(png_ptr, "sPLT out of memory", PNG_CHUNK_WRITE_ERROR);
1089 }
1090 #endif /* sPLT */
1091
1092 #ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED
1093 static png_byte
check_location(png_const_structrp png_ptr,int location)1094 check_location(png_const_structrp png_ptr, int location)
1095 {
1096 location &= (PNG_HAVE_IHDR|PNG_HAVE_PLTE|PNG_AFTER_IDAT);
1097
1098 /* New in 1.6.0; copy the location and check it. This is an API
1099 * change; previously the app had to use the
1100 * png_set_unknown_chunk_location API below for each chunk.
1101 */
1102 if (location == 0 && (png_ptr->mode & PNG_IS_READ_STRUCT) == 0)
1103 {
1104 /* Write struct, so unknown chunks come from the app */
1105 png_app_warning(png_ptr,
1106 "png_set_unknown_chunks now expects a valid location");
1107 /* Use the old behavior */
1108 location = (png_byte)(png_ptr->mode &
1109 (PNG_HAVE_IHDR|PNG_HAVE_PLTE|PNG_AFTER_IDAT));
1110 }
1111
1112 /* This need not be an internal error - if the app calls
1113 * png_set_unknown_chunks on a read pointer it must get the location right.
1114 */
1115 if (location == 0)
1116 png_error(png_ptr, "invalid location in png_set_unknown_chunks");
1117
1118 /* Now reduce the location to the top-most set bit by removing each least
1119 * significant bit in turn.
1120 */
1121 while (location != (location & -location))
1122 location &= ~(location & -location);
1123
1124 /* The cast is safe because 'location' is a bit mask and only the low four
1125 * bits are significant.
1126 */
1127 return (png_byte)location;
1128 }
1129
1130 void PNGAPI
png_set_unknown_chunks(png_const_structrp png_ptr,png_inforp info_ptr,png_const_unknown_chunkp unknowns,int num_unknowns)1131 png_set_unknown_chunks(png_const_structrp png_ptr,
1132 png_inforp info_ptr, png_const_unknown_chunkp unknowns, int num_unknowns)
1133 {
1134 png_unknown_chunkp np;
1135
1136 if (png_ptr == NULL || info_ptr == NULL || num_unknowns <= 0 ||
1137 unknowns == NULL)
1138 return;
1139
1140 /* Check for the failure cases where support has been disabled at compile
1141 * time. This code is hardly ever compiled - it's here because
1142 * STORE_UNKNOWN_CHUNKS is set by both read and write code (compiling in this
1143 * code) but may be meaningless if the read or write handling of unknown
1144 * chunks is not compiled in.
1145 */
1146 # if !defined(PNG_READ_UNKNOWN_CHUNKS_SUPPORTED) && \
1147 defined(PNG_READ_SUPPORTED)
1148 if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0)
1149 {
1150 png_app_error(png_ptr, "no unknown chunk support on read");
1151
1152 return;
1153 }
1154 # endif
1155 # if !defined(PNG_WRITE_UNKNOWN_CHUNKS_SUPPORTED) && \
1156 defined(PNG_WRITE_SUPPORTED)
1157 if ((png_ptr->mode & PNG_IS_READ_STRUCT) == 0)
1158 {
1159 png_app_error(png_ptr, "no unknown chunk support on write");
1160
1161 return;
1162 }
1163 # endif
1164
1165 /* Prior to 1.6.0 this code used png_malloc_warn; however, this meant that
1166 * unknown critical chunks could be lost with just a warning resulting in
1167 * undefined behavior. Now png_chunk_report is used to provide behavior
1168 * appropriate to read or write.
1169 */
1170 np = png_voidcast(png_unknown_chunkp, png_realloc_array(png_ptr,
1171 info_ptr->unknown_chunks, info_ptr->unknown_chunks_num, num_unknowns,
1172 sizeof *np));
1173
1174 if (np == NULL)
1175 {
1176 png_chunk_report(png_ptr, "too many unknown chunks",
1177 PNG_CHUNK_WRITE_ERROR);
1178
1179 return;
1180 }
1181
1182 png_free(png_ptr, info_ptr->unknown_chunks);
1183 info_ptr->unknown_chunks = np; /* safe because it is initialized */
1184 info_ptr->free_me |= PNG_FREE_UNKN;
1185
1186 np += info_ptr->unknown_chunks_num;
1187
1188 /* Increment unknown_chunks_num each time round the loop to protect the
1189 * just-allocated chunk data.
1190 */
1191 for (; num_unknowns > 0; --num_unknowns, ++unknowns)
1192 {
1193 memcpy(np->name, unknowns->name, (sizeof np->name));
1194 np->name[(sizeof np->name)-1] = '\0';
1195 np->location = check_location(png_ptr, unknowns->location);
1196
1197 if (unknowns->size == 0)
1198 {
1199 np->data = NULL;
1200 np->size = 0;
1201 }
1202
1203 else
1204 {
1205 np->data = png_voidcast(png_bytep,
1206 png_malloc_base(png_ptr, unknowns->size));
1207
1208 if (np->data == NULL)
1209 {
1210 png_chunk_report(png_ptr, "unknown chunk: out of memory",
1211 PNG_CHUNK_WRITE_ERROR);
1212 /* But just skip storing the unknown chunk */
1213 continue;
1214 }
1215
1216 memcpy(np->data, unknowns->data, unknowns->size);
1217 np->size = unknowns->size;
1218 }
1219
1220 /* These increments are skipped on out-of-memory for the data - the
1221 * unknown chunk entry gets overwritten if the png_chunk_report returns.
1222 * This is correct in the read case (the chunk is just dropped.)
1223 */
1224 ++np;
1225 ++(info_ptr->unknown_chunks_num);
1226 }
1227 }
1228
1229 void PNGAPI
png_set_unknown_chunk_location(png_const_structrp png_ptr,png_inforp info_ptr,int chunk,int location)1230 png_set_unknown_chunk_location(png_const_structrp png_ptr, png_inforp info_ptr,
1231 int chunk, int location)
1232 {
1233 /* This API is pretty pointless in 1.6.0 because the location can be set
1234 * before the call to png_set_unknown_chunks.
1235 *
1236 * TODO: add a png_app_warning in 1.7
1237 */
1238 if (png_ptr != NULL && info_ptr != NULL && chunk >= 0 &&
1239 chunk < info_ptr->unknown_chunks_num)
1240 {
1241 if ((location & (PNG_HAVE_IHDR|PNG_HAVE_PLTE|PNG_AFTER_IDAT)) == 0)
1242 {
1243 png_app_error(png_ptr, "invalid unknown chunk location");
1244 /* Fake out the pre 1.6.0 behavior: */
1245 if ((location & PNG_HAVE_IDAT) != 0) /* undocumented! */
1246 location = PNG_AFTER_IDAT;
1247
1248 else
1249 location = PNG_HAVE_IHDR; /* also undocumented */
1250 }
1251
1252 info_ptr->unknown_chunks[chunk].location =
1253 check_location(png_ptr, location);
1254 }
1255 }
1256 #endif /* STORE_UNKNOWN_CHUNKS */
1257
1258 #ifdef PNG_MNG_FEATURES_SUPPORTED
1259 png_uint_32 PNGAPI
png_permit_mng_features(png_structrp png_ptr,png_uint_32 mng_features)1260 png_permit_mng_features (png_structrp png_ptr, png_uint_32 mng_features)
1261 {
1262 png_debug(1, "in png_permit_mng_features");
1263
1264 if (png_ptr == NULL)
1265 return 0;
1266
1267 png_ptr->mng_features_permitted = mng_features & PNG_ALL_MNG_FEATURES;
1268
1269 return png_ptr->mng_features_permitted;
1270 }
1271 #endif
1272
1273 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
1274 static unsigned int
add_one_chunk(png_bytep list,unsigned int count,png_const_bytep add,int keep)1275 add_one_chunk(png_bytep list, unsigned int count, png_const_bytep add, int keep)
1276 {
1277 unsigned int i;
1278
1279 /* Utility function: update the 'keep' state of a chunk if it is already in
1280 * the list, otherwise add it to the list.
1281 */
1282 for (i=0; i<count; ++i, list += 5)
1283 {
1284 if (memcmp(list, add, 4) == 0)
1285 {
1286 list[4] = (png_byte)keep;
1287
1288 return count;
1289 }
1290 }
1291
1292 if (keep != PNG_HANDLE_CHUNK_AS_DEFAULT)
1293 {
1294 ++count;
1295 memcpy(list, add, 4);
1296 list[4] = (png_byte)keep;
1297 }
1298
1299 return count;
1300 }
1301
1302 void PNGAPI
png_set_keep_unknown_chunks(png_structrp png_ptr,int keep,png_const_bytep chunk_list,int num_chunks_in)1303 png_set_keep_unknown_chunks(png_structrp png_ptr, int keep,
1304 png_const_bytep chunk_list, int num_chunks_in)
1305 {
1306 png_bytep new_list;
1307 unsigned int num_chunks, old_num_chunks;
1308
1309 if (png_ptr == NULL)
1310 return;
1311
1312 if (keep < 0 || keep >= PNG_HANDLE_CHUNK_LAST)
1313 {
1314 png_app_error(png_ptr, "png_set_keep_unknown_chunks: invalid keep");
1315
1316 return;
1317 }
1318
1319 if (num_chunks_in <= 0)
1320 {
1321 png_ptr->unknown_default = keep;
1322
1323 /* '0' means just set the flags, so stop here */
1324 if (num_chunks_in == 0)
1325 return;
1326 }
1327
1328 if (num_chunks_in < 0)
1329 {
1330 /* Ignore all unknown chunks and all chunks recognized by
1331 * libpng except for IHDR, PLTE, tRNS, IDAT, and IEND
1332 */
1333 static PNG_CONST png_byte chunks_to_ignore[] = {
1334 98, 75, 71, 68, '\0', /* bKGD */
1335 99, 72, 82, 77, '\0', /* cHRM */
1336 103, 65, 77, 65, '\0', /* gAMA */
1337 104, 73, 83, 84, '\0', /* hIST */
1338 105, 67, 67, 80, '\0', /* iCCP */
1339 105, 84, 88, 116, '\0', /* iTXt */
1340 111, 70, 70, 115, '\0', /* oFFs */
1341 112, 67, 65, 76, '\0', /* pCAL */
1342 112, 72, 89, 115, '\0', /* pHYs */
1343 115, 66, 73, 84, '\0', /* sBIT */
1344 115, 67, 65, 76, '\0', /* sCAL */
1345 115, 80, 76, 84, '\0', /* sPLT */
1346 115, 84, 69, 82, '\0', /* sTER */
1347 115, 82, 71, 66, '\0', /* sRGB */
1348 116, 69, 88, 116, '\0', /* tEXt */
1349 116, 73, 77, 69, '\0', /* tIME */
1350 122, 84, 88, 116, '\0' /* zTXt */
1351 };
1352
1353 chunk_list = chunks_to_ignore;
1354 num_chunks = (unsigned int)/*SAFE*/(sizeof chunks_to_ignore)/5U;
1355 }
1356
1357 else /* num_chunks_in > 0 */
1358 {
1359 if (chunk_list == NULL)
1360 {
1361 /* Prior to 1.6.0 this was silently ignored, now it is an app_error
1362 * which can be switched off.
1363 */
1364 png_app_error(png_ptr, "png_set_keep_unknown_chunks: no chunk list");
1365
1366 return;
1367 }
1368
1369 num_chunks = num_chunks_in;
1370 }
1371
1372 old_num_chunks = png_ptr->num_chunk_list;
1373 if (png_ptr->chunk_list == NULL)
1374 old_num_chunks = 0;
1375
1376 /* Since num_chunks is always restricted to UINT_MAX/5 this can't overflow.
1377 */
1378 if (num_chunks + old_num_chunks > UINT_MAX/5)
1379 {
1380 png_app_error(png_ptr, "png_set_keep_unknown_chunks: too many chunks");
1381
1382 return;
1383 }
1384
1385 /* If these chunks are being reset to the default then no more memory is
1386 * required because add_one_chunk above doesn't extend the list if the 'keep'
1387 * parameter is the default.
1388 */
1389 if (keep != 0)
1390 {
1391 new_list = png_voidcast(png_bytep, png_malloc(png_ptr,
1392 5 * (num_chunks + old_num_chunks)));
1393
1394 if (old_num_chunks > 0)
1395 memcpy(new_list, png_ptr->chunk_list, 5*old_num_chunks);
1396 }
1397
1398 else if (old_num_chunks > 0)
1399 new_list = png_ptr->chunk_list;
1400
1401 else
1402 new_list = NULL;
1403
1404 /* Add the new chunks together with each one's handling code. If the chunk
1405 * already exists the code is updated, otherwise the chunk is added to the
1406 * end. (In libpng 1.6.0 order no longer matters because this code enforces
1407 * the earlier convention that the last setting is the one that is used.)
1408 */
1409 if (new_list != NULL)
1410 {
1411 png_const_bytep inlist;
1412 png_bytep outlist;
1413 unsigned int i;
1414
1415 for (i=0; i<num_chunks; ++i)
1416 {
1417 old_num_chunks = add_one_chunk(new_list, old_num_chunks,
1418 chunk_list+5*i, keep);
1419 }
1420
1421 /* Now remove any spurious 'default' entries. */
1422 num_chunks = 0;
1423 for (i=0, inlist=outlist=new_list; i<old_num_chunks; ++i, inlist += 5)
1424 {
1425 if (inlist[4])
1426 {
1427 if (outlist != inlist)
1428 memcpy(outlist, inlist, 5);
1429 outlist += 5;
1430 ++num_chunks;
1431 }
1432 }
1433
1434 /* This means the application has removed all the specialized handling. */
1435 if (num_chunks == 0)
1436 {
1437 if (png_ptr->chunk_list != new_list)
1438 png_free(png_ptr, new_list);
1439
1440 new_list = NULL;
1441 }
1442 }
1443
1444 else
1445 num_chunks = 0;
1446
1447 png_ptr->num_chunk_list = num_chunks;
1448
1449 if (png_ptr->chunk_list != new_list)
1450 {
1451 if (png_ptr->chunk_list != NULL)
1452 png_free(png_ptr, png_ptr->chunk_list);
1453
1454 png_ptr->chunk_list = new_list;
1455 }
1456 }
1457 #endif
1458
1459 #ifdef PNG_READ_USER_CHUNKS_SUPPORTED
1460 void PNGAPI
png_set_read_user_chunk_fn(png_structrp png_ptr,png_voidp user_chunk_ptr,png_user_chunk_ptr read_user_chunk_fn)1461 png_set_read_user_chunk_fn(png_structrp png_ptr, png_voidp user_chunk_ptr,
1462 png_user_chunk_ptr read_user_chunk_fn)
1463 {
1464 png_debug(1, "in png_set_read_user_chunk_fn");
1465
1466 if (png_ptr == NULL)
1467 return;
1468
1469 png_ptr->read_user_chunk_fn = read_user_chunk_fn;
1470 png_ptr->user_chunk_ptr = user_chunk_ptr;
1471 }
1472 #endif
1473
1474 #ifdef PNG_INFO_IMAGE_SUPPORTED
1475 void PNGAPI
png_set_rows(png_const_structrp png_ptr,png_inforp info_ptr,png_bytepp row_pointers)1476 png_set_rows(png_const_structrp png_ptr, png_inforp info_ptr,
1477 png_bytepp row_pointers)
1478 {
1479 png_debug1(1, "in %s storage function", "rows");
1480
1481 if (png_ptr == NULL || info_ptr == NULL)
1482 return;
1483
1484 if (info_ptr->row_pointers != NULL &&
1485 (info_ptr->row_pointers != row_pointers))
1486 png_free_data(png_ptr, info_ptr, PNG_FREE_ROWS, 0);
1487
1488 info_ptr->row_pointers = row_pointers;
1489
1490 if (row_pointers != NULL)
1491 info_ptr->valid |= PNG_INFO_IDAT;
1492 }
1493 #endif
1494
1495 void PNGAPI
png_set_compression_buffer_size(png_structrp png_ptr,png_size_t size)1496 png_set_compression_buffer_size(png_structrp png_ptr, png_size_t size)
1497 {
1498 if (png_ptr == NULL)
1499 return;
1500
1501 if (size == 0 || size > PNG_UINT_31_MAX)
1502 png_error(png_ptr, "invalid compression buffer size");
1503
1504 # ifdef PNG_SEQUENTIAL_READ_SUPPORTED
1505 if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0)
1506 {
1507 png_ptr->IDAT_read_size = (png_uint_32)size; /* checked above */
1508 return;
1509 }
1510 # endif
1511
1512 # ifdef PNG_WRITE_SUPPORTED
1513 if ((png_ptr->mode & PNG_IS_READ_STRUCT) == 0)
1514 {
1515 if (png_ptr->zowner != 0)
1516 {
1517 png_warning(png_ptr,
1518 "Compression buffer size cannot be changed because it is in use");
1519
1520 return;
1521 }
1522
1523 #ifndef __COVERITY__
1524 /* Some compilers complain that this is always false. However, it
1525 * can be true when integer overflow happens.
1526 */
1527 if (size > ZLIB_IO_MAX)
1528 {
1529 png_warning(png_ptr,
1530 "Compression buffer size limited to system maximum");
1531 size = ZLIB_IO_MAX; /* must fit */
1532 }
1533 #endif
1534
1535 if (size < 6)
1536 {
1537 /* Deflate will potentially go into an infinite loop on a SYNC_FLUSH
1538 * if this is permitted.
1539 */
1540 png_warning(png_ptr,
1541 "Compression buffer size cannot be reduced below 6");
1542
1543 return;
1544 }
1545
1546 if (png_ptr->zbuffer_size != size)
1547 {
1548 png_free_buffer_list(png_ptr, &png_ptr->zbuffer_list);
1549 png_ptr->zbuffer_size = (uInt)size;
1550 }
1551 }
1552 # endif
1553 }
1554
1555 void PNGAPI
png_set_invalid(png_const_structrp png_ptr,png_inforp info_ptr,int mask)1556 png_set_invalid(png_const_structrp png_ptr, png_inforp info_ptr, int mask)
1557 {
1558 if (png_ptr != NULL && info_ptr != NULL)
1559 info_ptr->valid &= ~mask;
1560 }
1561
1562
1563 #ifdef PNG_SET_USER_LIMITS_SUPPORTED
1564 /* This function was added to libpng 1.2.6 */
1565 void PNGAPI
png_set_user_limits(png_structrp png_ptr,png_uint_32 user_width_max,png_uint_32 user_height_max)1566 png_set_user_limits (png_structrp png_ptr, png_uint_32 user_width_max,
1567 png_uint_32 user_height_max)
1568 {
1569 /* Images with dimensions larger than these limits will be
1570 * rejected by png_set_IHDR(). To accept any PNG datastream
1571 * regardless of dimensions, set both limits to 0x7ffffffL.
1572 */
1573 if (png_ptr == NULL)
1574 return;
1575
1576 png_ptr->user_width_max = user_width_max;
1577 png_ptr->user_height_max = user_height_max;
1578 }
1579
1580 /* This function was added to libpng 1.4.0 */
1581 void PNGAPI
png_set_chunk_cache_max(png_structrp png_ptr,png_uint_32 user_chunk_cache_max)1582 png_set_chunk_cache_max (png_structrp png_ptr, png_uint_32 user_chunk_cache_max)
1583 {
1584 if (png_ptr != NULL)
1585 png_ptr->user_chunk_cache_max = user_chunk_cache_max;
1586 }
1587
1588 /* This function was added to libpng 1.4.1 */
1589 void PNGAPI
png_set_chunk_malloc_max(png_structrp png_ptr,png_alloc_size_t user_chunk_malloc_max)1590 png_set_chunk_malloc_max (png_structrp png_ptr,
1591 png_alloc_size_t user_chunk_malloc_max)
1592 {
1593 if (png_ptr != NULL)
1594 png_ptr->user_chunk_malloc_max = user_chunk_malloc_max;
1595 }
1596 #endif /* ?SET_USER_LIMITS */
1597
1598
1599 #ifdef PNG_BENIGN_ERRORS_SUPPORTED
1600 void PNGAPI
png_set_benign_errors(png_structrp png_ptr,int allowed)1601 png_set_benign_errors(png_structrp png_ptr, int allowed)
1602 {
1603 png_debug(1, "in png_set_benign_errors");
1604
1605 /* If allowed is 1, png_benign_error() is treated as a warning.
1606 *
1607 * If allowed is 0, png_benign_error() is treated as an error (which
1608 * is the default behavior if png_set_benign_errors() is not called).
1609 */
1610
1611 if (allowed != 0)
1612 png_ptr->flags |= PNG_FLAG_BENIGN_ERRORS_WARN |
1613 PNG_FLAG_APP_WARNINGS_WARN | PNG_FLAG_APP_ERRORS_WARN;
1614
1615 else
1616 png_ptr->flags &= ~(PNG_FLAG_BENIGN_ERRORS_WARN |
1617 PNG_FLAG_APP_WARNINGS_WARN | PNG_FLAG_APP_ERRORS_WARN);
1618 }
1619 #endif /* BENIGN_ERRORS */
1620
1621 #ifdef PNG_CHECK_FOR_INVALID_INDEX_SUPPORTED
1622 /* Whether to report invalid palette index; added at libng-1.5.10.
1623 * It is possible for an indexed (color-type==3) PNG file to contain
1624 * pixels with invalid (out-of-range) indexes if the PLTE chunk has
1625 * fewer entries than the image's bit-depth would allow. We recover
1626 * from this gracefully by filling any incomplete palette with zeros
1627 * (opaque black). By default, when this occurs libpng will issue
1628 * a benign error. This API can be used to override that behavior.
1629 */
1630 void PNGAPI
png_set_check_for_invalid_index(png_structrp png_ptr,int allowed)1631 png_set_check_for_invalid_index(png_structrp png_ptr, int allowed)
1632 {
1633 png_debug(1, "in png_set_check_for_invalid_index");
1634
1635 if (allowed > 0)
1636 png_ptr->num_palette_max = 0;
1637
1638 else
1639 png_ptr->num_palette_max = -1;
1640 }
1641 #endif
1642 #endif /* READ || WRITE */
1643