1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #include "ImageLogging.h" // Must appear first
8 #include "nsPNGDecoder.h"
14 #include "gfxPlatform.h"
22 #include "RasterImage.h"
23 #include "SurfaceCache.h"
24 #include "SurfacePipeFactory.h"
25 #include "mozilla/DebugOnly.h"
26 #include "mozilla/Telemetry.h"
28 using namespace mozilla::gfx
;
35 static LazyLogModule
sPNGLog("PNGDecoder");
36 static LazyLogModule
sPNGDecoderAccountingLog("PNGDecoderAccounting");
38 // limit image dimensions (bug #251381, #591822, #967656, and #1283961)
39 #ifndef MOZ_PNG_MAX_WIDTH
40 # define MOZ_PNG_MAX_WIDTH 0x7fffffff // Unlimited
42 #ifndef MOZ_PNG_MAX_HEIGHT
43 # define MOZ_PNG_MAX_HEIGHT 0x7fffffff // Unlimited
46 /* Controls the maximum chunk size configuration for libpng. We set this to a
47 * very large number, 256MB specifically. */
48 static constexpr png_alloc_size_t kPngMaxChunkSize
= 0x10000000;
50 nsPNGDecoder::AnimFrameInfo::AnimFrameInfo()
51 : mDispose(DisposalMethod::KEEP
), mBlend(BlendMethod::OVER
), mTimeout(0) {}
53 #ifdef PNG_APNG_SUPPORTED
55 int32_t GetNextFrameDelay(png_structp aPNG
, png_infop aInfo
) {
56 // Delay, in seconds, is delayNum / delayDen.
57 png_uint_16 delayNum
= png_get_next_frame_delay_num(aPNG
, aInfo
);
58 png_uint_16 delayDen
= png_get_next_frame_delay_den(aPNG
, aInfo
);
61 return 0; // SetFrameTimeout() will set to a minimum.
65 delayDen
= 100; // So says the APNG spec.
68 // Need to cast delay_num to float to have a proper division and
69 // the result to int to avoid a compiler warning.
70 return static_cast<int32_t>(static_cast<double>(delayNum
) * 1000 / delayDen
);
73 nsPNGDecoder::AnimFrameInfo::AnimFrameInfo(png_structp aPNG
, png_infop aInfo
)
74 : mDispose(DisposalMethod::KEEP
), mBlend(BlendMethod::OVER
), mTimeout(0) {
75 png_byte dispose_op
= png_get_next_frame_dispose_op(aPNG
, aInfo
);
76 png_byte blend_op
= png_get_next_frame_blend_op(aPNG
, aInfo
);
78 if (dispose_op
== PNG_DISPOSE_OP_PREVIOUS
) {
79 mDispose
= DisposalMethod::RESTORE_PREVIOUS
;
80 } else if (dispose_op
== PNG_DISPOSE_OP_BACKGROUND
) {
81 mDispose
= DisposalMethod::CLEAR
;
83 mDispose
= DisposalMethod::KEEP
;
86 if (blend_op
== PNG_BLEND_OP_SOURCE
) {
87 mBlend
= BlendMethod::SOURCE
;
89 mBlend
= BlendMethod::OVER
;
92 mTimeout
= GetNextFrameDelay(aPNG
, aInfo
);
96 // First 8 bytes of a PNG file
97 const uint8_t nsPNGDecoder::pngSignatureBytes
[] = {137, 80, 78, 71,
100 nsPNGDecoder::nsPNGDecoder(RasterImage
* aImage
)
102 mLexer(Transition::ToUnbuffered(State::FINISHED_PNG_DATA
, State::PNG_DATA
,
104 Transition::TerminateSuccess()),
105 mNextTransition(Transition::ContinueUnbuffered(State::PNG_DATA
)),
110 interlacebuf(nullptr),
111 mFormat(SurfaceFormat::UNKNOWN
),
114 mFrameIsHidden(false),
115 mDisablePremultipliedAlpha(false),
116 mGotInfoCallback(false),
117 mUsePipeTransform(false),
120 nsPNGDecoder::~nsPNGDecoder() {
122 png_destroy_read_struct(&mPNG
, mInfo
? &mInfo
: nullptr, nullptr);
132 nsPNGDecoder::TransparencyType
nsPNGDecoder::GetTransparencyType(
133 const IntRect
& aFrameRect
) {
134 // Check if the image has a transparent color in its palette.
135 if (HasAlphaChannel()) {
136 return TransparencyType::eAlpha
;
138 if (!aFrameRect
.IsEqualEdges(FullFrame())) {
139 MOZ_ASSERT(HasAnimation());
140 return TransparencyType::eFrameRect
;
143 return TransparencyType::eNone
;
146 void nsPNGDecoder::PostHasTransparencyIfNeeded(
147 TransparencyType aTransparencyType
) {
148 switch (aTransparencyType
) {
149 case TransparencyType::eNone
:
152 case TransparencyType::eAlpha
:
153 PostHasTransparency();
156 case TransparencyType::eFrameRect
:
157 // If the first frame of animated image doesn't draw into the whole image,
158 // then record that it is transparent. For subsequent frames, this doesn't
159 // affect transparency, because they're composited on top of all previous
161 if (mNumFrames
== 0) {
162 PostHasTransparency();
168 // CreateFrame() is used for both simple and animated images.
169 nsresult
nsPNGDecoder::CreateFrame(const FrameInfo
& aFrameInfo
) {
170 MOZ_ASSERT(HasSize());
171 MOZ_ASSERT(!IsMetadataDecode());
173 // Check if we have transparency, and send notifications if needed.
174 auto transparency
= GetTransparencyType(aFrameInfo
.mFrameRect
);
175 PostHasTransparencyIfNeeded(transparency
);
176 mFormat
= transparency
== TransparencyType::eNone
? SurfaceFormat::OS_RGBX
177 : SurfaceFormat::OS_RGBA
;
179 // Make sure there's no animation or padding if we're downscaling.
180 MOZ_ASSERT_IF(Size() != OutputSize(), mNumFrames
== 0);
181 MOZ_ASSERT_IF(Size() != OutputSize(), !GetImageMetadata().HasAnimation());
182 MOZ_ASSERT_IF(Size() != OutputSize(),
183 transparency
!= TransparencyType::eFrameRect
);
185 Maybe
<AnimationParams
> animParams
;
186 #ifdef PNG_APNG_SUPPORTED
187 if (!IsFirstFrameDecode() && png_get_valid(mPNG
, mInfo
, PNG_INFO_acTL
)) {
188 mAnimInfo
= AnimFrameInfo(mPNG
, mInfo
);
190 if (mAnimInfo
.mDispose
== DisposalMethod::CLEAR
) {
191 // We may have to display the background under this image during
192 // animation playback, so we regard it as transparent.
193 PostHasTransparency();
197 AnimationParams
{aFrameInfo
.mFrameRect
,
198 FrameTimeout::FromRawMilliseconds(mAnimInfo
.mTimeout
),
199 mNumFrames
, mAnimInfo
.mBlend
, mAnimInfo
.mDispose
});
203 // If this image is interlaced, we can display better quality intermediate
204 // results to the user by post processing them with ADAM7InterpolatingFilter.
205 SurfacePipeFlags pipeFlags
= aFrameInfo
.mIsInterlaced
206 ? SurfacePipeFlags::ADAM7_INTERPOLATE
207 : SurfacePipeFlags();
209 if (mNumFrames
== 0) {
210 // The first frame may be displayed progressively.
211 pipeFlags
|= SurfacePipeFlags::PROGRESSIVE_DISPLAY
;
214 SurfaceFormat inFormat
;
215 if (mTransform
&& !mUsePipeTransform
) {
216 // QCMS will output in the correct format.
218 } else if (transparency
== TransparencyType::eAlpha
) {
219 // We are outputting directly as RGBA, so we need to swap at this step.
220 inFormat
= SurfaceFormat::R8G8B8A8
;
222 // We have no alpha channel, so we need to unpack from RGB to BGRA.
223 inFormat
= SurfaceFormat::R8G8B8
;
226 // Only apply premultiplication if the frame has true alpha. If we ever
227 // support downscaling animated images, we will need to premultiply for frame
228 // rect transparency when downscaling as well.
229 if (transparency
== TransparencyType::eAlpha
&& !mDisablePremultipliedAlpha
) {
230 pipeFlags
|= SurfacePipeFlags::PREMULTIPLY_ALPHA
;
233 qcms_transform
* pipeTransform
= mUsePipeTransform
? mTransform
: nullptr;
234 Maybe
<SurfacePipe
> pipe
= SurfacePipeFactory::CreateSurfacePipe(
235 this, Size(), OutputSize(), aFrameInfo
.mFrameRect
, inFormat
, mFormat
,
236 animParams
, pipeTransform
, pipeFlags
);
239 mPipe
= SurfacePipe();
240 return NS_ERROR_FAILURE
;
243 mPipe
= std::move(*pipe
);
245 mFrameRect
= aFrameInfo
.mFrameRect
;
248 MOZ_LOG(sPNGDecoderAccountingLog
, LogLevel::Debug
,
249 ("PNGDecoderAccounting: nsPNGDecoder::CreateFrame -- created "
250 "image frame with %dx%d pixels for decoder %p",
251 mFrameRect
.Width(), mFrameRect
.Height(), this));
256 // set timeout and frame disposal method for the current frame
257 void nsPNGDecoder::EndImageFrame() {
258 if (mFrameIsHidden
) {
264 Opacity opacity
= mFormat
== SurfaceFormat::OS_RGBX
265 ? Opacity::FULLY_OPAQUE
266 : Opacity::SOME_TRANSPARENCY
;
268 PostFrameStop(opacity
);
271 nsresult
nsPNGDecoder::InitInternal() {
272 mDisablePremultipliedAlpha
=
273 bool(GetSurfaceFlags() & SurfaceFlags::NO_PREMULTIPLY_ALPHA
);
275 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
276 static png_byte color_chunks
[] = {99, 72, 82, 77, '\0', // cHRM
277 105, 67, 67, 80, '\0'}; // iCCP
278 static png_byte unused_chunks
[] = {98, 75, 71, 68, '\0', // bKGD
279 101, 88, 73, 102, '\0', // eXIf
280 104, 73, 83, 84, '\0', // hIST
281 105, 84, 88, 116, '\0', // iTXt
282 111, 70, 70, 115, '\0', // oFFs
283 112, 67, 65, 76, '\0', // pCAL
284 115, 67, 65, 76, '\0', // sCAL
285 112, 72, 89, 115, '\0', // pHYs
286 115, 66, 73, 84, '\0', // sBIT
287 115, 80, 76, 84, '\0', // sPLT
288 116, 69, 88, 116, '\0', // tEXt
289 116, 73, 77, 69, '\0', // tIME
290 122, 84, 88, 116, '\0'}; // zTXt
293 // Initialize the container's source image header
294 // Always decode to 24 bit pixdepth
296 mPNG
= png_create_read_struct(PNG_LIBPNG_VER_STRING
, nullptr,
297 nsPNGDecoder::error_callback
,
298 nsPNGDecoder::warning_callback
);
300 return NS_ERROR_OUT_OF_MEMORY
;
303 mInfo
= png_create_info_struct(mPNG
);
305 png_destroy_read_struct(&mPNG
, nullptr, nullptr);
306 return NS_ERROR_OUT_OF_MEMORY
;
309 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
310 // Ignore unused chunks
311 if (mCMSMode
== eCMSMode_Off
|| IsMetadataDecode()) {
312 png_set_keep_unknown_chunks(mPNG
, 1, color_chunks
, 2);
315 png_set_keep_unknown_chunks(mPNG
, 1, unused_chunks
,
316 (int)sizeof(unused_chunks
) / 5);
319 #ifdef PNG_SET_USER_LIMITS_SUPPORTED
320 png_set_user_limits(mPNG
, MOZ_PNG_MAX_WIDTH
, MOZ_PNG_MAX_HEIGHT
);
321 png_set_chunk_malloc_max(mPNG
, kPngMaxChunkSize
);
324 #ifdef PNG_READ_CHECK_FOR_INVALID_INDEX_SUPPORTED
325 // Disallow palette-index checking, for speed; we would ignore the warning
326 // anyhow. This feature was added at libpng version 1.5.10 and is disabled
327 // in the embedded libpng but enabled by default in the system libpng. This
328 // call also disables it in the system libpng, for decoding speed.
330 png_set_check_for_invalid_index(mPNG
, 0);
333 #ifdef PNG_SET_OPTION_SUPPORTED
334 # if defined(PNG_sRGB_PROFILE_CHECKS) && PNG_sRGB_PROFILE_CHECKS >= 0
335 // Skip checking of sRGB ICC profiles
336 png_set_option(mPNG
, PNG_SKIP_sRGB_CHECK_PROFILE
, PNG_OPTION_ON
);
339 # ifdef PNG_MAXIMUM_INFLATE_WINDOW
340 // Force a larger zlib inflate window as some images in the wild have
341 // incorrectly set metadata (specifically CMF bits) which prevent us from
342 // decoding them otherwise.
343 png_set_option(mPNG
, PNG_MAXIMUM_INFLATE_WINDOW
, PNG_OPTION_ON
);
347 // use this as libpng "progressive pointer" (retrieve in callbacks)
348 png_set_progressive_read_fn(
349 mPNG
, static_cast<png_voidp
>(this), nsPNGDecoder::info_callback
,
350 nsPNGDecoder::row_callback
, nsPNGDecoder::end_callback
);
355 LexerResult
nsPNGDecoder::DoDecode(SourceBufferIterator
& aIterator
,
356 IResumable
* aOnResume
) {
357 MOZ_ASSERT(!HasError(), "Shouldn't call DoDecode after error!");
359 return mLexer
.Lex(aIterator
, aOnResume
,
360 [=](State aState
, const char* aData
, size_t aLength
) {
362 case State::PNG_DATA
:
363 return ReadPNGData(aData
, aLength
);
364 case State::FINISHED_PNG_DATA
:
365 return FinishedPNGData();
367 MOZ_CRASH("Unknown State");
371 LexerTransition
<nsPNGDecoder::State
> nsPNGDecoder::ReadPNGData(
372 const char* aData
, size_t aLength
) {
373 // If we were waiting until after returning from a yield to call
374 // CreateFrame(), call it now.
375 if (mNextFrameInfo
) {
376 if (NS_FAILED(CreateFrame(*mNextFrameInfo
))) {
377 return Transition::TerminateFailure();
380 MOZ_ASSERT(mImageData
, "Should have a buffer now");
381 mNextFrameInfo
= Nothing();
384 // libpng uses setjmp/longjmp for error handling.
385 if (setjmp(png_jmpbuf(mPNG
))) {
386 return Transition::TerminateFailure();
389 // Pass the data off to libpng.
390 mLastChunkLength
= aLength
;
391 mNextTransition
= Transition::ContinueUnbuffered(State::PNG_DATA
);
392 png_process_data(mPNG
, mInfo
,
393 reinterpret_cast<unsigned char*>(const_cast<char*>((aData
))),
396 // Make sure that we've reached a terminal state if decoding is done.
397 MOZ_ASSERT_IF(GetDecodeDone(), mNextTransition
.NextStateIsTerminal());
398 MOZ_ASSERT_IF(HasError(), mNextTransition
.NextStateIsTerminal());
400 // Continue with whatever transition the callback code requested. We
401 // initialized this to Transition::ContinueUnbuffered(State::PNG_DATA) above,
402 // so by default we just continue the unbuffered read.
403 return mNextTransition
;
406 LexerTransition
<nsPNGDecoder::State
> nsPNGDecoder::FinishedPNGData() {
407 // Since we set up an unbuffered read for SIZE_MAX bytes, if we actually read
408 // all that data something is really wrong.
409 MOZ_ASSERT_UNREACHABLE("Read the entire address space?");
410 return Transition::TerminateFailure();
413 // Sets up gamma pre-correction in libpng before our callback gets called.
414 // We need to do this if we don't end up with a CMS profile.
415 static void PNGDoGammaCorrection(png_structp png_ptr
, png_infop info_ptr
) {
418 if (png_get_gAMA(png_ptr
, info_ptr
, &aGamma
)) {
419 if ((aGamma
<= 0.0) || (aGamma
> 21474.83)) {
421 png_set_gAMA(png_ptr
, info_ptr
, aGamma
);
423 png_set_gamma(png_ptr
, 2.2, aGamma
);
425 png_set_gamma(png_ptr
, 2.2, 0.45455);
429 // Adapted from http://www.littlecms.com/pngchrm.c example code
430 uint32_t nsPNGDecoder::ReadColorProfile(png_structp png_ptr
, png_infop info_ptr
,
431 int color_type
, bool* sRGBTag
) {
432 // First try to see if iCCP chunk is present
433 if (png_get_valid(png_ptr
, info_ptr
, PNG_INFO_iCCP
)) {
434 png_uint_32 profileLen
;
435 png_bytep profileData
;
436 png_charp profileName
;
439 png_get_iCCP(png_ptr
, info_ptr
, &profileName
, &compression
, &profileData
,
442 mInProfile
= qcms_profile_from_memory((char*)profileData
, profileLen
);
444 uint32_t profileSpace
= qcms_profile_get_color_space(mInProfile
);
446 bool mismatch
= false;
447 if (color_type
& PNG_COLOR_MASK_COLOR
) {
448 if (profileSpace
!= icSigRgbData
) {
452 if (profileSpace
== icSigRgbData
) {
453 png_set_gray_to_rgb(png_ptr
);
454 } else if (profileSpace
!= icSigGrayData
) {
460 qcms_profile_release(mInProfile
);
461 mInProfile
= nullptr;
463 return qcms_profile_get_rendering_intent(mInProfile
);
469 if (png_get_valid(png_ptr
, info_ptr
, PNG_INFO_sRGB
)) {
473 png_set_gray_to_rgb(png_ptr
);
474 png_get_sRGB(png_ptr
, info_ptr
, &fileIntent
);
475 uint32_t map
[] = {QCMS_INTENT_PERCEPTUAL
, QCMS_INTENT_RELATIVE_COLORIMETRIC
,
476 QCMS_INTENT_SATURATION
,
477 QCMS_INTENT_ABSOLUTE_COLORIMETRIC
};
478 return map
[fileIntent
];
481 // Check gAMA/cHRM chunks
482 if (png_get_valid(png_ptr
, info_ptr
, PNG_INFO_gAMA
) &&
483 png_get_valid(png_ptr
, info_ptr
, PNG_INFO_cHRM
)) {
484 qcms_CIE_xyYTRIPLE primaries
;
485 qcms_CIE_xyY whitePoint
;
487 png_get_cHRM(png_ptr
, info_ptr
, &whitePoint
.x
, &whitePoint
.y
,
488 &primaries
.red
.x
, &primaries
.red
.y
, &primaries
.green
.x
,
489 &primaries
.green
.y
, &primaries
.blue
.x
, &primaries
.blue
.y
);
490 whitePoint
.Y
= primaries
.red
.Y
= primaries
.green
.Y
= primaries
.blue
.Y
= 1.0;
494 png_get_gAMA(png_ptr
, info_ptr
, &gammaOfFile
);
496 mInProfile
= qcms_profile_create_rgb_with_gamma(whitePoint
, primaries
,
500 png_set_gray_to_rgb(png_ptr
);
504 return QCMS_INTENT_PERCEPTUAL
; // Our default
507 void nsPNGDecoder::info_callback(png_structp png_ptr
, png_infop info_ptr
) {
508 png_uint_32 width
, height
;
509 int bit_depth
, color_type
, interlace_type
, compression_type
, filter_type
;
510 unsigned int channels
;
512 png_bytep trans
= nullptr;
515 nsPNGDecoder
* decoder
=
516 static_cast<nsPNGDecoder
*>(png_get_progressive_ptr(png_ptr
));
518 if (decoder
->mGotInfoCallback
) {
519 MOZ_LOG(sPNGLog
, LogLevel::Warning
,
520 ("libpng called info_callback more than once\n"));
524 decoder
->mGotInfoCallback
= true;
526 // Always decode to 24-bit RGB or 32-bit RGBA
527 png_get_IHDR(png_ptr
, info_ptr
, &width
, &height
, &bit_depth
, &color_type
,
528 &interlace_type
, &compression_type
, &filter_type
);
530 const IntRect
frameRect(0, 0, width
, height
);
532 // Post our size to the superclass
533 decoder
->PostSize(frameRect
.Width(), frameRect
.Height());
535 if (width
> SurfaceCache::MaximumCapacity() / (bit_depth
> 8 ? 16 : 8)) {
536 // libpng needs space to allocate two row buffers
537 png_error(decoder
->mPNG
, "Image is too wide");
540 if (decoder
->HasError()) {
541 // Setting the size led to an error.
542 png_error(decoder
->mPNG
, "Sizing error");
545 if (color_type
== PNG_COLOR_TYPE_PALETTE
) {
546 png_set_expand(png_ptr
);
549 if (color_type
== PNG_COLOR_TYPE_GRAY
&& bit_depth
< 8) {
550 png_set_expand(png_ptr
);
553 if (png_get_valid(png_ptr
, info_ptr
, PNG_INFO_tRNS
)) {
554 png_color_16p trans_values
;
555 png_get_tRNS(png_ptr
, info_ptr
, &trans
, &num_trans
, &trans_values
);
556 // libpng doesn't reject a tRNS chunk with out-of-range samples
557 // so we check it here to avoid setting up a useless opacity
558 // channel or producing unexpected transparent pixels (bug #428045)
559 if (bit_depth
< 16) {
560 png_uint_16 sample_max
= (1 << bit_depth
) - 1;
561 if ((color_type
== PNG_COLOR_TYPE_GRAY
&&
562 trans_values
->gray
> sample_max
) ||
563 (color_type
== PNG_COLOR_TYPE_RGB
&&
564 (trans_values
->red
> sample_max
||
565 trans_values
->green
> sample_max
||
566 trans_values
->blue
> sample_max
))) {
567 // clear the tRNS valid flag and release tRNS memory
568 png_free_data(png_ptr
, info_ptr
, PNG_FREE_TRNS
, 0);
572 if (num_trans
!= 0) {
573 png_set_expand(png_ptr
);
577 if (bit_depth
== 16) {
578 png_set_scale_16(png_ptr
);
581 // We only need to extract the color profile for non-metadata decodes. It is
582 // fairly expensive to read the profile and create the transform so we should
583 // avoid it if not necessary.
584 uint32_t intent
= -1;
585 bool sRGBTag
= false;
586 if (!decoder
->IsMetadataDecode()) {
587 if (decoder
->mCMSMode
!= eCMSMode_Off
) {
588 intent
= gfxPlatform::GetRenderingIntent();
590 decoder
->ReadColorProfile(png_ptr
, info_ptr
, color_type
, &sRGBTag
);
591 // If we're not mandating an intent, use the one from the image.
592 if (intent
== uint32_t(-1)) {
596 if (!decoder
->mInProfile
|| !decoder
->GetCMSOutputProfile()) {
597 png_set_gray_to_rgb(png_ptr
);
599 // only do gamma correction if CMS isn't entirely disabled
600 if (decoder
->mCMSMode
!= eCMSMode_Off
) {
601 PNGDoGammaCorrection(png_ptr
, info_ptr
);
606 // Let libpng expand interlaced images.
607 const bool isInterlaced
= interlace_type
== PNG_INTERLACE_ADAM7
;
609 png_set_interlace_handling(png_ptr
);
612 // now all of those things we set above are used to update various struct
613 // members and whatnot, after which we can get channels, rowbytes, etc.
614 png_read_update_info(png_ptr
, info_ptr
);
615 decoder
->mChannels
= channels
= png_get_channels(png_ptr
, info_ptr
);
617 //---------------------------------------------------------------//
618 // copy PNG info into imagelib structs (formerly png_set_dims()) //
619 //---------------------------------------------------------------//
621 if (channels
< 1 || channels
> 4) {
622 png_error(decoder
->mPNG
, "Invalid number of channels");
625 #ifdef PNG_APNG_SUPPORTED
626 bool isAnimated
= png_get_valid(png_ptr
, info_ptr
, PNG_INFO_acTL
);
628 int32_t rawTimeout
= GetNextFrameDelay(png_ptr
, info_ptr
);
629 decoder
->PostIsAnimated(FrameTimeout::FromRawMilliseconds(rawTimeout
));
631 if (decoder
->Size() != decoder
->OutputSize() &&
632 !decoder
->IsFirstFrameDecode()) {
633 MOZ_ASSERT_UNREACHABLE(
634 "Doing downscale-during-decode "
635 "for an animated image?");
636 png_error(decoder
->mPNG
, "Invalid downscale attempt"); // Abort decode.
641 auto transparency
= decoder
->GetTransparencyType(frameRect
);
642 if (decoder
->IsMetadataDecode()) {
643 // If we are animated then the first frame rect is either:
644 // 1) the whole image if the IDAT chunk is part of the animation
645 // 2) the frame rect of the first fDAT chunk otherwise.
646 // If we are not animated then we want to make sure to call
647 // PostHasTransparency in the metadata decode if we need to. So it's
648 // okay to pass IntRect(0, 0, width, height) here for animated images;
649 // they will call with the proper first frame rect in the full decode.
650 decoder
->PostHasTransparencyIfNeeded(transparency
);
652 // We have the metadata we're looking for, so stop here, before we allocate
654 return decoder
->DoTerminate(png_ptr
, TerminalState::SUCCESS
);
657 if (decoder
->mInProfile
&& decoder
->GetCMSOutputProfile()) {
658 qcms_data_type inType
;
659 qcms_data_type outType
;
661 uint32_t profileSpace
= qcms_profile_get_color_space(decoder
->mInProfile
);
662 decoder
->mUsePipeTransform
= profileSpace
!= icSigGrayData
;
663 if (decoder
->mUsePipeTransform
) {
664 // If the transform happens with SurfacePipe, it will be in RGBA if we
665 // have an alpha channel, because the swizzle and premultiplication
666 // happens after color management. Otherwise it will be in BGRA because
667 // the swizzle happens at the start.
668 if (transparency
== TransparencyType::eAlpha
) {
669 inType
= QCMS_DATA_RGBA_8
;
670 outType
= QCMS_DATA_RGBA_8
;
672 inType
= gfxPlatform::GetCMSOSRGBAType();
676 if (color_type
& PNG_COLOR_MASK_ALPHA
) {
677 inType
= QCMS_DATA_GRAYA_8
;
678 outType
= gfxPlatform::GetCMSOSRGBAType();
680 inType
= QCMS_DATA_GRAY_8
;
681 outType
= gfxPlatform::GetCMSOSRGBAType();
685 decoder
->mTransform
= qcms_transform_create(decoder
->mInProfile
, inType
,
686 decoder
->GetCMSOutputProfile(),
687 outType
, (qcms_intent
)intent
);
688 } else if ((sRGBTag
&& decoder
->mCMSMode
== eCMSMode_TaggedOnly
) ||
689 decoder
->mCMSMode
== eCMSMode_All
) {
690 // If the transform happens with SurfacePipe, it will be in RGBA if we
691 // have an alpha channel, because the swizzle and premultiplication
692 // happens after color management. Otherwise it will be in OS_RGBA because
693 // the swizzle happens at the start.
694 if (transparency
== TransparencyType::eAlpha
) {
695 decoder
->mTransform
=
696 decoder
->GetCMSsRGBTransform(SurfaceFormat::R8G8B8A8
);
698 decoder
->mTransform
=
699 decoder
->GetCMSsRGBTransform(SurfaceFormat::OS_RGBA
);
701 decoder
->mUsePipeTransform
= true;
704 #ifdef PNG_APNG_SUPPORTED
706 png_set_progressive_frame_fn(png_ptr
, nsPNGDecoder::frame_info_callback
,
710 if (png_get_first_frame_is_hidden(png_ptr
, info_ptr
)) {
711 decoder
->mFrameIsHidden
= true;
714 nsresult rv
= decoder
->CreateFrame(FrameInfo
{frameRect
, isInterlaced
});
716 png_error(decoder
->mPNG
, "CreateFrame failed");
718 MOZ_ASSERT(decoder
->mImageData
, "Should have a buffer now");
719 #ifdef PNG_APNG_SUPPORTED
723 if (decoder
->mTransform
&& !decoder
->mUsePipeTransform
) {
725 static_cast<uint8_t*>(malloc(sizeof(uint32_t) * frameRect
.Width()));
726 if (!decoder
->mCMSLine
) {
727 png_error(decoder
->mPNG
, "malloc of mCMSLine failed");
731 if (interlace_type
== PNG_INTERLACE_ADAM7
) {
732 if (frameRect
.Height() <
733 INT32_MAX
/ (frameRect
.Width() * int32_t(channels
))) {
734 const size_t bufferSize
=
735 channels
* frameRect
.Width() * frameRect
.Height();
737 if (bufferSize
> SurfaceCache::MaximumCapacity()) {
738 png_error(decoder
->mPNG
, "Insufficient memory to deinterlace image");
741 decoder
->interlacebuf
= static_cast<uint8_t*>(malloc(bufferSize
));
743 if (!decoder
->interlacebuf
) {
744 png_error(decoder
->mPNG
, "malloc of interlacebuf failed");
749 void nsPNGDecoder::PostInvalidationIfNeeded() {
750 Maybe
<SurfaceInvalidRect
> invalidRect
= mPipe
.TakeInvalidRect();
755 PostInvalidation(invalidRect
->mInputSpaceRect
,
756 Some(invalidRect
->mOutputSpaceRect
));
759 void nsPNGDecoder::row_callback(png_structp png_ptr
, png_bytep new_row
,
760 png_uint_32 row_num
, int pass
) {
763 * This function is called for every row in the image. If the
764 * image is interlacing, and you turned on the interlace handler,
765 * this function will be called for every row in every pass.
766 * Some of these rows will not be changed from the previous pass.
767 * When the row is not changed, the new_row variable will be
768 * nullptr. The rows and passes are called in order, so you don't
769 * really need the row_num and pass, but I'm supplying them
770 * because it may make your life easier.
772 * For the non-nullptr rows of interlaced images, you must call
773 * png_progressive_combine_row() passing in the row and the
774 * old row. You can call this function for nullptr rows (it will
775 * just return) and for non-interlaced images (it just does the
776 * memcpy for you) if it will make the code easier. Thus, you
777 * can just do this for all cases:
779 * png_progressive_combine_row(png_ptr, old_row, new_row);
781 * where old_row is what was displayed for previous rows. Note
782 * that the first pass (pass == 0 really) will completely cover
783 * the old row, so the rows do not have to be initialized. After
784 * the first pass (and only for interlaced images), you will have
785 * to pass the current row, and the function will combine the
786 * old row and the new row.
788 nsPNGDecoder
* decoder
=
789 static_cast<nsPNGDecoder
*>(png_get_progressive_ptr(png_ptr
));
791 if (decoder
->mFrameIsHidden
) {
792 return; // Skip this frame.
795 MOZ_ASSERT_IF(decoder
->IsFirstFrameDecode(), decoder
->mNumFrames
== 0);
797 while (pass
> decoder
->mPass
) {
798 // Advance to the next pass. We may have to do this multiple times because
799 // libpng will skip passes if the image is so small that no pixels have
800 // changed on a given pass, but ADAM7InterpolatingFilter needs to be reset
801 // once for every pass to perform interpolation properly.
802 decoder
->mPipe
.ResetToFirstRow();
806 const png_uint_32 height
=
807 static_cast<png_uint_32
>(decoder
->mFrameRect
.Height());
809 if (row_num
>= height
) {
810 // Bail if we receive extra rows. This is especially important because if we
811 // didn't, we might overflow the deinterlacing buffer.
812 MOZ_ASSERT_UNREACHABLE("libpng producing extra rows?");
816 // Note that |new_row| may be null here, indicating that this is an interlaced
817 // image and |row_callback| is being called for a row that hasn't changed.
818 MOZ_ASSERT_IF(!new_row
, decoder
->interlacebuf
);
820 if (decoder
->interlacebuf
) {
821 uint32_t width
= uint32_t(decoder
->mFrameRect
.Width());
823 // We'll output the deinterlaced version of the row.
824 uint8_t* rowToWrite
=
825 decoder
->interlacebuf
+ (row_num
* decoder
->mChannels
* width
);
827 // Update the deinterlaced version of this row with the new data.
828 png_progressive_combine_row(png_ptr
, rowToWrite
, new_row
);
830 decoder
->WriteRow(rowToWrite
);
832 decoder
->WriteRow(new_row
);
836 void nsPNGDecoder::WriteRow(uint8_t* aRow
) {
839 uint8_t* rowToWrite
= aRow
;
840 uint32_t width
= uint32_t(mFrameRect
.Width());
842 // Apply color management to the row, if necessary, before writing it out.
843 // This is only needed for grayscale images.
844 if (mTransform
&& !mUsePipeTransform
) {
845 MOZ_ASSERT(mCMSLine
);
846 qcms_transform_data(mTransform
, rowToWrite
, mCMSLine
, width
);
847 rowToWrite
= mCMSLine
;
850 // Write this row to the SurfacePipe.
851 DebugOnly
<WriteState
> result
=
852 mPipe
.WriteBuffer(reinterpret_cast<uint32_t*>(rowToWrite
));
853 MOZ_ASSERT(WriteState(result
) != WriteState::FAILURE
);
855 PostInvalidationIfNeeded();
858 void nsPNGDecoder::DoTerminate(png_structp aPNGStruct
, TerminalState aState
) {
859 // Stop processing data. Note that we intentionally ignore the return value of
860 // png_process_data_pause(), which tells us how many bytes of the data that
861 // was passed to png_process_data() have not been consumed yet, because now
862 // that we've reached a terminal state, we won't do any more decoding or call
863 // back into libpng anymore.
864 png_process_data_pause(aPNGStruct
, /* save = */ false);
866 mNextTransition
= aState
== TerminalState::SUCCESS
867 ? Transition::TerminateSuccess()
868 : Transition::TerminateFailure();
871 void nsPNGDecoder::DoYield(png_structp aPNGStruct
) {
872 // Pause data processing. png_process_data_pause() returns how many bytes of
873 // the data that was passed to png_process_data() have not been consumed yet.
874 // We use this information to tell StreamingLexer where to place us in the
875 // input stream when we come back from the yield.
876 png_size_t pendingBytes
= png_process_data_pause(aPNGStruct
,
879 MOZ_ASSERT(pendingBytes
< mLastChunkLength
);
880 size_t consumedBytes
= mLastChunkLength
- min(pendingBytes
, mLastChunkLength
);
883 Transition::ContinueUnbufferedAfterYield(State::PNG_DATA
, consumedBytes
);
886 nsresult
nsPNGDecoder::FinishInternal() {
887 // We shouldn't be called in error cases.
888 MOZ_ASSERT(!HasError(), "Can't call FinishInternal on error!");
890 if (IsMetadataDecode()) {
894 int32_t loop_count
= 0;
895 #ifdef PNG_APNG_SUPPORTED
896 if (png_get_valid(mPNG
, mInfo
, PNG_INFO_acTL
)) {
897 int32_t num_plays
= png_get_num_plays(mPNG
, mInfo
);
898 loop_count
= num_plays
- 1;
905 PostDecodeDone(loop_count
);
910 #ifdef PNG_APNG_SUPPORTED
911 // got the header of a new frame that's coming
912 void nsPNGDecoder::frame_info_callback(png_structp png_ptr
,
913 png_uint_32 frame_num
) {
914 nsPNGDecoder
* decoder
=
915 static_cast<nsPNGDecoder
*>(png_get_progressive_ptr(png_ptr
));
918 decoder
->EndImageFrame();
920 const bool previousFrameWasHidden
= decoder
->mFrameIsHidden
;
922 if (!previousFrameWasHidden
&& decoder
->IsFirstFrameDecode()) {
923 // We're about to get a second non-hidden frame, but we only want the first.
924 // Stop decoding now. (And avoid allocating the unnecessary buffers below.)
925 return decoder
->DoTerminate(png_ptr
, TerminalState::SUCCESS
);
928 // Only the first frame can be hidden, so unhide unconditionally here.
929 decoder
->mFrameIsHidden
= false;
931 // Save the information necessary to create the frame; we'll actually create
932 // it when we return from the yield.
933 const IntRect
frameRect(png_get_next_frame_x_offset(png_ptr
, decoder
->mInfo
),
934 png_get_next_frame_y_offset(png_ptr
, decoder
->mInfo
),
935 png_get_next_frame_width(png_ptr
, decoder
->mInfo
),
936 png_get_next_frame_height(png_ptr
, decoder
->mInfo
));
937 const bool isInterlaced
= bool(decoder
->interlacebuf
);
939 # ifndef MOZ_EMBEDDED_LIBPNG
940 // if using system library, check frame_width and height against 0
941 if (frameRect
.width
== 0) {
942 png_error(png_ptr
, "Frame width must not be 0");
944 if (frameRect
.height
== 0) {
945 png_error(png_ptr
, "Frame height must not be 0");
949 const FrameInfo info
{frameRect
, isInterlaced
};
951 // If the previous frame was hidden, skip the yield (which will mislead the
952 // caller, who will think the previous frame was real) and just allocate the
954 if (previousFrameWasHidden
) {
955 if (NS_FAILED(decoder
->CreateFrame(info
))) {
956 return decoder
->DoTerminate(png_ptr
, TerminalState::FAILURE
);
959 MOZ_ASSERT(decoder
->mImageData
, "Should have a buffer now");
960 return; // No yield, so we'll just keep decoding.
963 // Yield to the caller to notify them that the previous frame is now complete.
964 decoder
->mNextFrameInfo
= Some(info
);
965 return decoder
->DoYield(png_ptr
);
969 void nsPNGDecoder::end_callback(png_structp png_ptr
, png_infop info_ptr
) {
972 * this function is called when the whole image has been read,
973 * including any chunks after the image (up to and including
974 * the IEND). You will usually have the same info chunk as you
975 * had in the header, although some data may have been added
976 * to the comments and time fields.
978 * Most people won't do much here, perhaps setting a flag that
979 * marks the image as finished.
982 nsPNGDecoder
* decoder
=
983 static_cast<nsPNGDecoder
*>(png_get_progressive_ptr(png_ptr
));
985 // We shouldn't get here if we've hit an error
986 MOZ_ASSERT(!decoder
->HasError(), "Finishing up PNG but hit error!");
988 return decoder
->DoTerminate(png_ptr
, TerminalState::SUCCESS
);
991 void nsPNGDecoder::error_callback(png_structp png_ptr
,
992 png_const_charp error_msg
) {
993 MOZ_LOG(sPNGLog
, LogLevel::Error
, ("libpng error: %s\n", error_msg
));
994 png_longjmp(png_ptr
, 1);
997 void nsPNGDecoder::warning_callback(png_structp png_ptr
,
998 png_const_charp warning_msg
) {
999 MOZ_LOG(sPNGLog
, LogLevel::Warning
, ("libpng warning: %s\n", warning_msg
));
1002 Maybe
<Telemetry::HistogramID
> nsPNGDecoder::SpeedHistogram() const {
1003 return Some(Telemetry::IMAGE_DECODE_SPEED_PNG
);
1006 bool nsPNGDecoder::IsValidICOResource() const {
1007 // Only 32-bit RGBA PNGs are valid ICO resources; see here:
1008 // http://blogs.msdn.com/b/oldnewthing/archive/2010/10/22/10079192.aspx
1010 // If there are errors in the call to png_get_IHDR, the error_callback in
1011 // nsPNGDecoder.cpp is called. In this error callback we do a longjmp, so
1012 // we need to save the jump buffer here. Otherwise we'll end up without a
1013 // proper callstack.
1014 if (setjmp(png_jmpbuf(mPNG
))) {
1015 // We got here from a longjmp call indirectly from png_get_IHDR
1019 png_uint_32 png_width
, // Unused
1020 png_height
; // Unused
1022 int png_bit_depth
, png_color_type
;
1024 if (png_get_IHDR(mPNG
, mInfo
, &png_width
, &png_height
, &png_bit_depth
,
1025 &png_color_type
, nullptr, nullptr, nullptr)) {
1026 return ((png_color_type
== PNG_COLOR_TYPE_RGB_ALPHA
||
1027 png_color_type
== PNG_COLOR_TYPE_RGB
) &&
1028 png_bit_depth
== 8);
1034 } // namespace image
1035 } // namespace mozilla