2 /* pngpread.c - read a png file in push mode
4 * Last changed in libpng 1.6.11 [June 5, 2014]
5 * Copyright (c) 1998-2014 Glenn Randers-Pehrson
6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer
11 * and license in png.h
16 #ifdef PNG_PROGRESSIVE_READ_SUPPORTED
18 /* Push model modes */
19 #define PNG_READ_SIG_MODE 0
20 #define PNG_READ_CHUNK_MODE 1
21 #define PNG_READ_IDAT_MODE 2
22 #define PNG_SKIP_MODE 3
23 #define PNG_READ_tEXt_MODE 4
24 #define PNG_READ_zTXt_MODE 5
25 #define PNG_READ_DONE_MODE 6
26 #define PNG_READ_iTXt_MODE 7
27 #define PNG_ERROR_MODE 8
30 png_process_data(png_structrp png_ptr
, png_inforp info_ptr
,
31 png_bytep buffer
, png_size_t buffer_size
)
33 if (png_ptr
== NULL
|| info_ptr
== NULL
)
36 png_push_restore_buffer(png_ptr
, buffer
, buffer_size
);
38 while (png_ptr
->buffer_size
)
40 png_process_some_data(png_ptr
, info_ptr
);
45 png_process_data_pause(png_structrp png_ptr
, int save
)
49 /* It's easiest for the caller if we do the save, then the caller doesn't
50 * have to supply the same data again:
53 png_push_save_buffer(png_ptr
);
56 /* This includes any pending saved bytes: */
57 png_size_t remaining
= png_ptr
->buffer_size
;
58 png_ptr
->buffer_size
= 0;
60 /* So subtract the saved buffer size, unless all the data
61 * is actually 'saved', in which case we just return 0
63 if (png_ptr
->save_buffer_size
< remaining
)
64 return remaining
- png_ptr
->save_buffer_size
;
72 png_process_data_skip(png_structrp png_ptr
)
74 png_uint_32 remaining
= 0;
76 if (png_ptr
!= NULL
&& png_ptr
->process_mode
== PNG_SKIP_MODE
&&
77 png_ptr
->skip_length
> 0)
79 /* At the end of png_process_data the buffer size must be 0 (see the loop
80 * above) so we can detect a broken call here:
82 if (png_ptr
->buffer_size
!= 0)
84 "png_process_data_skip called inside png_process_data");
86 /* If is impossible for there to be a saved buffer at this point -
87 * otherwise we could not be in SKIP mode. This will also happen if
88 * png_process_skip is called inside png_process_data (but only very
91 if (png_ptr
->save_buffer_size
!= 0)
92 png_error(png_ptr
, "png_process_data_skip called with saved data");
94 remaining
= png_ptr
->skip_length
;
95 png_ptr
->skip_length
= 0;
96 png_ptr
->process_mode
= PNG_READ_CHUNK_MODE
;
102 /* What we do with the incoming data depends on what we were previously
103 * doing before we ran out of data...
106 png_process_some_data(png_structrp png_ptr
, png_inforp info_ptr
)
111 switch (png_ptr
->process_mode
)
113 case PNG_READ_SIG_MODE
:
115 png_push_read_sig(png_ptr
, info_ptr
);
119 case PNG_READ_CHUNK_MODE
:
121 png_push_read_chunk(png_ptr
, info_ptr
);
125 case PNG_READ_IDAT_MODE
:
127 png_push_read_IDAT(png_ptr
);
133 png_push_crc_finish(png_ptr
);
139 png_ptr
->buffer_size
= 0;
145 /* Read any remaining signature bytes from the stream and compare them with
146 * the correct PNG signature. It is possible that this routine is called
147 * with bytes already read from the signature, either because they have been
148 * checked by the calling application, or because of multiple calls to this
152 png_push_read_sig(png_structrp png_ptr
, png_inforp info_ptr
)
154 png_size_t num_checked
= png_ptr
->sig_bytes
, /* SAFE, does not exceed 8 */
155 num_to_check
= 8 - num_checked
;
157 if (png_ptr
->buffer_size
< num_to_check
)
159 num_to_check
= png_ptr
->buffer_size
;
162 png_push_fill_buffer(png_ptr
, &(info_ptr
->signature
[num_checked
]),
164 png_ptr
->sig_bytes
= (png_byte
)(png_ptr
->sig_bytes
+ num_to_check
);
166 if (png_sig_cmp(info_ptr
->signature
, num_checked
, num_to_check
))
168 if (num_checked
< 4 &&
169 png_sig_cmp(info_ptr
->signature
, num_checked
, num_to_check
- 4))
170 png_error(png_ptr
, "Not a PNG file");
173 png_error(png_ptr
, "PNG file corrupted by ASCII conversion");
177 if (png_ptr
->sig_bytes
>= 8)
179 png_ptr
->process_mode
= PNG_READ_CHUNK_MODE
;
185 png_push_read_chunk(png_structrp png_ptr
, png_inforp info_ptr
)
187 png_uint_32 chunk_name
;
188 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
189 int keep
; /* unknown handling method */
192 /* First we make sure we have enough data for the 4 byte chunk name
193 * and the 4 byte chunk length before proceeding with decoding the
194 * chunk data. To fully decode each of these chunks, we also make
195 * sure we have enough data in the buffer for the 4 byte CRC at the
196 * end of every chunk (except IDAT, which is handled separately).
198 if (!(png_ptr
->mode
& PNG_HAVE_CHUNK_HEADER
))
200 png_byte chunk_length
[4];
201 png_byte chunk_tag
[4];
203 if (png_ptr
->buffer_size
< 8)
205 png_push_save_buffer(png_ptr
);
209 png_push_fill_buffer(png_ptr
, chunk_length
, 4);
210 png_ptr
->push_length
= png_get_uint_31(png_ptr
, chunk_length
);
211 png_reset_crc(png_ptr
);
212 png_crc_read(png_ptr
, chunk_tag
, 4);
213 png_ptr
->chunk_name
= PNG_CHUNK_FROM_STRING(chunk_tag
);
214 png_check_chunk_name(png_ptr
, png_ptr
->chunk_name
);
215 png_ptr
->mode
|= PNG_HAVE_CHUNK_HEADER
;
218 chunk_name
= png_ptr
->chunk_name
;
220 #ifdef PNG_READ_APNG_SUPPORTED
221 if (png_ptr
->num_frames_read
> 0 &&
222 png_ptr
->num_frames_read
< info_ptr
->num_frames
)
224 if (chunk_name
== png_IDAT
)
226 /* Discard trailing IDATs for the first frame */
227 if (png_ptr
->mode
& PNG_HAVE_fcTL
|| png_ptr
->num_frames_read
> 1)
228 png_error(png_ptr
, "out of place IDAT");
230 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
232 png_push_save_buffer(png_ptr
);
236 png_push_crc_skip(png_ptr
, png_ptr
->push_length
);
237 png_ptr
->mode
&= ~PNG_HAVE_CHUNK_HEADER
;
240 else if (chunk_name
== png_fdAT
)
242 if (png_ptr
->buffer_size
< 4)
244 png_push_save_buffer(png_ptr
);
248 png_ensure_sequence_number(png_ptr
, 4);
250 if (!(png_ptr
->mode
& PNG_HAVE_fcTL
))
252 /* Discard trailing fdATs for frames other than the first */
253 if (png_ptr
->num_frames_read
< 2)
254 png_error(png_ptr
, "out of place fdAT");
256 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
258 png_push_save_buffer(png_ptr
);
262 png_push_crc_skip(png_ptr
, png_ptr
->push_length
);
263 png_ptr
->mode
&= ~PNG_HAVE_CHUNK_HEADER
;
269 /* frame data follows */
270 png_ptr
->idat_size
= png_ptr
->push_length
- 4;
271 png_ptr
->mode
|= PNG_HAVE_IDAT
;
272 png_ptr
->process_mode
= PNG_READ_IDAT_MODE
;
278 else if (chunk_name
== png_fcTL
)
280 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
282 png_push_save_buffer(png_ptr
);
286 png_read_reset(png_ptr
);
287 png_ptr
->mode
&= ~PNG_HAVE_fcTL
;
289 png_handle_fcTL(png_ptr
, info_ptr
, png_ptr
->push_length
);
291 if (!(png_ptr
->mode
& PNG_HAVE_fcTL
))
292 png_error(png_ptr
, "missing required fcTL chunk");
294 png_read_reinit(png_ptr
, info_ptr
);
295 png_progressive_read_reset(png_ptr
);
297 if (png_ptr
->frame_info_fn
!= NULL
)
298 (*(png_ptr
->frame_info_fn
))(png_ptr
, png_ptr
->num_frames_read
);
300 png_ptr
->mode
&= ~PNG_HAVE_CHUNK_HEADER
;
307 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
309 png_push_save_buffer(png_ptr
);
312 png_warning(png_ptr
, "Skipped (ignored) a chunk "
313 "between APNG chunks");
314 png_push_crc_skip(png_ptr
, png_ptr
->push_length
);
315 png_ptr
->mode
&= ~PNG_HAVE_CHUNK_HEADER
;
321 #endif /* PNG_READ_APNG_SUPPORTED */
323 if (chunk_name
== png_IDAT
)
325 if (png_ptr
->mode
& PNG_AFTER_IDAT
)
326 png_ptr
->mode
|= PNG_HAVE_CHUNK_AFTER_IDAT
;
328 /* If we reach an IDAT chunk, this means we have read all of the
329 * header chunks, and we can start reading the image (or if this
330 * is called after the image has been read - we have an error).
332 if (!(png_ptr
->mode
& PNG_HAVE_IHDR
))
333 png_error(png_ptr
, "Missing IHDR before IDAT");
335 else if (png_ptr
->color_type
== PNG_COLOR_TYPE_PALETTE
&&
336 !(png_ptr
->mode
& PNG_HAVE_PLTE
))
337 png_error(png_ptr
, "Missing PLTE before IDAT");
339 png_ptr
->mode
|= PNG_HAVE_IDAT
;
340 png_ptr
->process_mode
= PNG_READ_IDAT_MODE
;
342 if (!(png_ptr
->mode
& PNG_HAVE_CHUNK_AFTER_IDAT
))
343 if (png_ptr
->push_length
== 0)
346 if (png_ptr
->mode
& PNG_AFTER_IDAT
)
347 png_benign_error(png_ptr
, "Too many IDATs found");
350 if (chunk_name
== png_IHDR
)
352 if (png_ptr
->push_length
!= 13)
353 png_error(png_ptr
, "Invalid IHDR length");
355 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
357 png_push_save_buffer(png_ptr
);
361 png_handle_IHDR(png_ptr
, info_ptr
, png_ptr
->push_length
);
364 else if (chunk_name
== png_IEND
)
366 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
368 png_push_save_buffer(png_ptr
);
372 png_handle_IEND(png_ptr
, info_ptr
, png_ptr
->push_length
);
374 png_ptr
->process_mode
= PNG_READ_DONE_MODE
;
375 png_push_have_end(png_ptr
, info_ptr
);
378 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
379 else if ((keep
= png_chunk_unknown_handling(png_ptr
, chunk_name
)) != 0)
381 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
383 png_push_save_buffer(png_ptr
);
387 png_handle_unknown(png_ptr
, info_ptr
, png_ptr
->push_length
, keep
);
389 if (chunk_name
== png_PLTE
)
390 png_ptr
->mode
|= PNG_HAVE_PLTE
;
394 else if (chunk_name
== png_PLTE
)
396 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
398 png_push_save_buffer(png_ptr
);
401 png_handle_PLTE(png_ptr
, info_ptr
, png_ptr
->push_length
);
404 else if (chunk_name
== png_IDAT
)
406 #ifdef PNG_READ_APNG_SUPPORTED
407 png_have_info(png_ptr
, info_ptr
);
409 png_ptr
->idat_size
= png_ptr
->push_length
;
410 png_ptr
->process_mode
= PNG_READ_IDAT_MODE
;
411 png_push_have_info(png_ptr
, info_ptr
);
412 png_ptr
->zstream
.avail_out
=
413 (uInt
) PNG_ROWBYTES(png_ptr
->pixel_depth
,
414 png_ptr
->iwidth
) + 1;
415 png_ptr
->zstream
.next_out
= png_ptr
->row_buf
;
419 #ifdef PNG_READ_gAMA_SUPPORTED
420 else if (png_ptr
->chunk_name
== png_gAMA
)
422 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
424 png_push_save_buffer(png_ptr
);
428 png_handle_gAMA(png_ptr
, info_ptr
, png_ptr
->push_length
);
432 #ifdef PNG_READ_sBIT_SUPPORTED
433 else if (png_ptr
->chunk_name
== png_sBIT
)
435 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
437 png_push_save_buffer(png_ptr
);
441 png_handle_sBIT(png_ptr
, info_ptr
, png_ptr
->push_length
);
445 #ifdef PNG_READ_cHRM_SUPPORTED
446 else if (png_ptr
->chunk_name
== png_cHRM
)
448 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
450 png_push_save_buffer(png_ptr
);
454 png_handle_cHRM(png_ptr
, info_ptr
, png_ptr
->push_length
);
458 #ifdef PNG_READ_sRGB_SUPPORTED
459 else if (chunk_name
== png_sRGB
)
461 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
463 png_push_save_buffer(png_ptr
);
467 png_handle_sRGB(png_ptr
, info_ptr
, png_ptr
->push_length
);
471 #ifdef PNG_READ_iCCP_SUPPORTED
472 else if (png_ptr
->chunk_name
== png_iCCP
)
474 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
476 png_push_save_buffer(png_ptr
);
480 png_handle_iCCP(png_ptr
, info_ptr
, png_ptr
->push_length
);
484 #ifdef PNG_READ_sPLT_SUPPORTED
485 else if (chunk_name
== png_sPLT
)
487 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
489 png_push_save_buffer(png_ptr
);
493 png_handle_sPLT(png_ptr
, info_ptr
, png_ptr
->push_length
);
497 #ifdef PNG_READ_tRNS_SUPPORTED
498 else if (chunk_name
== png_tRNS
)
500 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
502 png_push_save_buffer(png_ptr
);
506 png_handle_tRNS(png_ptr
, info_ptr
, png_ptr
->push_length
);
510 #ifdef PNG_READ_bKGD_SUPPORTED
511 else if (chunk_name
== png_bKGD
)
513 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
515 png_push_save_buffer(png_ptr
);
519 png_handle_bKGD(png_ptr
, info_ptr
, png_ptr
->push_length
);
523 #ifdef PNG_READ_hIST_SUPPORTED
524 else if (chunk_name
== png_hIST
)
526 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
528 png_push_save_buffer(png_ptr
);
532 png_handle_hIST(png_ptr
, info_ptr
, png_ptr
->push_length
);
536 #ifdef PNG_READ_pHYs_SUPPORTED
537 else if (chunk_name
== png_pHYs
)
539 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
541 png_push_save_buffer(png_ptr
);
545 png_handle_pHYs(png_ptr
, info_ptr
, png_ptr
->push_length
);
549 #ifdef PNG_READ_oFFs_SUPPORTED
550 else if (chunk_name
== png_oFFs
)
552 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
554 png_push_save_buffer(png_ptr
);
558 png_handle_oFFs(png_ptr
, info_ptr
, png_ptr
->push_length
);
562 #ifdef PNG_READ_pCAL_SUPPORTED
563 else if (chunk_name
== png_pCAL
)
565 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
567 png_push_save_buffer(png_ptr
);
571 png_handle_pCAL(png_ptr
, info_ptr
, png_ptr
->push_length
);
575 #ifdef PNG_READ_sCAL_SUPPORTED
576 else if (chunk_name
== png_sCAL
)
578 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
580 png_push_save_buffer(png_ptr
);
584 png_handle_sCAL(png_ptr
, info_ptr
, png_ptr
->push_length
);
588 #ifdef PNG_READ_tIME_SUPPORTED
589 else if (chunk_name
== png_tIME
)
591 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
593 png_push_save_buffer(png_ptr
);
597 png_handle_tIME(png_ptr
, info_ptr
, png_ptr
->push_length
);
601 #ifdef PNG_READ_tEXt_SUPPORTED
602 else if (chunk_name
== png_tEXt
)
604 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
606 png_push_save_buffer(png_ptr
);
610 png_handle_tEXt(png_ptr
, info_ptr
, png_ptr
->push_length
);
614 #ifdef PNG_READ_zTXt_SUPPORTED
615 else if (chunk_name
== png_zTXt
)
617 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
619 png_push_save_buffer(png_ptr
);
623 png_handle_zTXt(png_ptr
, info_ptr
, png_ptr
->push_length
);
627 #ifdef PNG_READ_iTXt_SUPPORTED
628 else if (chunk_name
== png_iTXt
)
630 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
632 png_push_save_buffer(png_ptr
);
636 png_handle_iTXt(png_ptr
, info_ptr
, png_ptr
->push_length
);
640 #ifdef PNG_READ_APNG_SUPPORTED
641 else if (chunk_name
== png_acTL
)
643 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
645 png_push_save_buffer(png_ptr
);
649 png_handle_acTL(png_ptr
, info_ptr
, png_ptr
->push_length
);
652 else if (chunk_name
== png_fcTL
)
654 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
656 png_push_save_buffer(png_ptr
);
660 png_handle_fcTL(png_ptr
, info_ptr
, png_ptr
->push_length
);
663 #endif /* PNG_READ_APNG_SUPPORTED */
666 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
668 png_push_save_buffer(png_ptr
);
671 png_handle_unknown(png_ptr
, info_ptr
, png_ptr
->push_length
,
672 PNG_HANDLE_CHUNK_AS_DEFAULT
);
675 png_ptr
->mode
&= ~PNG_HAVE_CHUNK_HEADER
;
679 png_push_crc_skip(png_structrp png_ptr
, png_uint_32 skip
)
681 png_ptr
->process_mode
= PNG_SKIP_MODE
;
682 png_ptr
->skip_length
= skip
;
686 png_push_crc_finish(png_structrp png_ptr
)
688 if (png_ptr
->skip_length
&& png_ptr
->save_buffer_size
)
690 png_size_t save_size
= png_ptr
->save_buffer_size
;
691 png_uint_32 skip_length
= png_ptr
->skip_length
;
693 /* We want the smaller of 'skip_length' and 'save_buffer_size', but
694 * they are of different types and we don't know which variable has the
695 * fewest bits. Carefully select the smaller and cast it to the type of
696 * the larger - this cannot overflow. Do not cast in the following test
697 * - it will break on either 16 or 64 bit platforms.
699 if (skip_length
< save_size
)
700 save_size
= (png_size_t
)skip_length
;
703 skip_length
= (png_uint_32
)save_size
;
705 png_calculate_crc(png_ptr
, png_ptr
->save_buffer_ptr
, save_size
);
707 png_ptr
->skip_length
-= skip_length
;
708 png_ptr
->buffer_size
-= save_size
;
709 png_ptr
->save_buffer_size
-= save_size
;
710 png_ptr
->save_buffer_ptr
+= save_size
;
712 if (png_ptr
->skip_length
&& png_ptr
->current_buffer_size
)
714 png_size_t save_size
= png_ptr
->current_buffer_size
;
715 png_uint_32 skip_length
= png_ptr
->skip_length
;
717 /* We want the smaller of 'skip_length' and 'current_buffer_size', here,
718 * the same problem exists as above and the same solution.
720 if (skip_length
< save_size
)
721 save_size
= (png_size_t
)skip_length
;
724 skip_length
= (png_uint_32
)save_size
;
726 png_calculate_crc(png_ptr
, png_ptr
->current_buffer_ptr
, save_size
);
728 png_ptr
->skip_length
-= skip_length
;
729 png_ptr
->buffer_size
-= save_size
;
730 png_ptr
->current_buffer_size
-= save_size
;
731 png_ptr
->current_buffer_ptr
+= save_size
;
733 if (!png_ptr
->skip_length
)
735 if (png_ptr
->buffer_size
< 4)
737 png_push_save_buffer(png_ptr
);
741 png_crc_finish(png_ptr
, 0);
742 png_ptr
->process_mode
= PNG_READ_CHUNK_MODE
;
747 png_push_fill_buffer(png_structp png_ptr
, png_bytep buffer
, png_size_t length
)
755 if (png_ptr
->save_buffer_size
)
757 png_size_t save_size
;
759 if (length
< png_ptr
->save_buffer_size
)
763 save_size
= png_ptr
->save_buffer_size
;
765 memcpy(ptr
, png_ptr
->save_buffer_ptr
, save_size
);
768 png_ptr
->buffer_size
-= save_size
;
769 png_ptr
->save_buffer_size
-= save_size
;
770 png_ptr
->save_buffer_ptr
+= save_size
;
772 if (length
&& png_ptr
->current_buffer_size
)
774 png_size_t save_size
;
776 if (length
< png_ptr
->current_buffer_size
)
780 save_size
= png_ptr
->current_buffer_size
;
782 memcpy(ptr
, png_ptr
->current_buffer_ptr
, save_size
);
783 png_ptr
->buffer_size
-= save_size
;
784 png_ptr
->current_buffer_size
-= save_size
;
785 png_ptr
->current_buffer_ptr
+= save_size
;
790 png_push_save_buffer(png_structrp png_ptr
)
792 if (png_ptr
->save_buffer_size
)
794 if (png_ptr
->save_buffer_ptr
!= png_ptr
->save_buffer
)
800 istop
= png_ptr
->save_buffer_size
;
801 for (i
= 0, sp
= png_ptr
->save_buffer_ptr
, dp
= png_ptr
->save_buffer
;
802 i
< istop
; i
++, sp
++, dp
++)
808 if (png_ptr
->save_buffer_size
+ png_ptr
->current_buffer_size
>
809 png_ptr
->save_buffer_max
)
812 png_bytep old_buffer
;
814 if (png_ptr
->save_buffer_size
> PNG_SIZE_MAX
-
815 (png_ptr
->current_buffer_size
+ 256))
817 png_error(png_ptr
, "Potential overflow of save_buffer");
820 new_max
= png_ptr
->save_buffer_size
+ png_ptr
->current_buffer_size
+ 256;
821 old_buffer
= png_ptr
->save_buffer
;
822 png_ptr
->save_buffer
= (png_bytep
)png_malloc_warn(png_ptr
,
823 (png_size_t
)new_max
);
825 if (png_ptr
->save_buffer
== NULL
)
827 png_free(png_ptr
, old_buffer
);
828 png_error(png_ptr
, "Insufficient memory for save_buffer");
831 memcpy(png_ptr
->save_buffer
, old_buffer
, png_ptr
->save_buffer_size
);
832 png_free(png_ptr
, old_buffer
);
833 png_ptr
->save_buffer_max
= new_max
;
835 if (png_ptr
->current_buffer_size
)
837 memcpy(png_ptr
->save_buffer
+ png_ptr
->save_buffer_size
,
838 png_ptr
->current_buffer_ptr
, png_ptr
->current_buffer_size
);
839 png_ptr
->save_buffer_size
+= png_ptr
->current_buffer_size
;
840 png_ptr
->current_buffer_size
= 0;
842 png_ptr
->save_buffer_ptr
= png_ptr
->save_buffer
;
843 png_ptr
->buffer_size
= 0;
847 png_push_restore_buffer(png_structrp png_ptr
, png_bytep buffer
,
848 png_size_t buffer_length
)
850 png_ptr
->current_buffer
= buffer
;
851 png_ptr
->current_buffer_size
= buffer_length
;
852 png_ptr
->buffer_size
= buffer_length
+ png_ptr
->save_buffer_size
;
853 png_ptr
->current_buffer_ptr
= png_ptr
->current_buffer
;
857 png_push_read_IDAT(png_structrp png_ptr
)
859 if (!(png_ptr
->mode
& PNG_HAVE_CHUNK_HEADER
))
861 png_byte chunk_length
[4];
862 png_byte chunk_tag
[4];
864 /* TODO: this code can be commoned up with the same code in push_read */
865 #ifdef PNG_READ_APNG_SUPPORTED
866 if (png_ptr
->buffer_size
< 12)
868 if (png_ptr
->buffer_size
< 8)
871 png_push_save_buffer(png_ptr
);
875 png_push_fill_buffer(png_ptr
, chunk_length
, 4);
876 png_ptr
->push_length
= png_get_uint_31(png_ptr
, chunk_length
);
877 png_reset_crc(png_ptr
);
878 png_crc_read(png_ptr
, chunk_tag
, 4);
879 png_ptr
->chunk_name
= PNG_CHUNK_FROM_STRING(chunk_tag
);
880 png_ptr
->mode
|= PNG_HAVE_CHUNK_HEADER
;
882 #ifdef PNG_READ_APNG_SUPPORTED
883 if (png_ptr
->chunk_name
!= png_fdAT
&& png_ptr
->num_frames_read
> 0)
885 if (png_ptr
->flags
& PNG_FLAG_ZSTREAM_ENDED
)
887 png_ptr
->process_mode
= PNG_READ_CHUNK_MODE
;
888 if (png_ptr
->frame_end_fn
!= NULL
)
889 (*(png_ptr
->frame_end_fn
))(png_ptr
, png_ptr
->num_frames_read
);
890 png_ptr
->num_frames_read
++;
895 if (png_ptr
->chunk_name
== png_IEND
)
896 png_error(png_ptr
, "Not enough image data");
897 if (png_ptr
->push_length
+ 4 > png_ptr
->buffer_size
)
899 png_push_save_buffer(png_ptr
);
902 png_warning(png_ptr
, "Skipping (ignoring) a chunk between "
904 png_crc_finish(png_ptr
, png_ptr
->push_length
);
905 png_ptr
->mode
&= ~PNG_HAVE_CHUNK_HEADER
;
911 #ifdef PNG_READ_APNG_SUPPORTED
912 if (png_ptr
->chunk_name
!= png_IDAT
&& png_ptr
->num_frames_read
== 0)
914 if (png_ptr
->chunk_name
!= png_IDAT
)
917 png_ptr
->process_mode
= PNG_READ_CHUNK_MODE
;
919 if (!(png_ptr
->flags
& PNG_FLAG_ZSTREAM_ENDED
))
920 png_error(png_ptr
, "Not enough compressed data");
922 #ifdef PNG_READ_APNG_SUPPORTED
923 if (png_ptr
->frame_end_fn
!= NULL
)
924 (*(png_ptr
->frame_end_fn
))(png_ptr
, png_ptr
->num_frames_read
);
925 png_ptr
->num_frames_read
++;
931 png_ptr
->idat_size
= png_ptr
->push_length
;
933 #ifdef PNG_READ_APNG_SUPPORTED
934 if (png_ptr
->num_frames_read
> 0)
936 png_ensure_sequence_number(png_ptr
, 4);
937 png_ptr
->idat_size
-= 4;
942 if (png_ptr
->idat_size
&& png_ptr
->save_buffer_size
)
944 png_size_t save_size
= png_ptr
->save_buffer_size
;
945 png_uint_32 idat_size
= png_ptr
->idat_size
;
947 /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
948 * are of different types and we don't know which variable has the fewest
949 * bits. Carefully select the smaller and cast it to the type of the
950 * larger - this cannot overflow. Do not cast in the following test - it
951 * will break on either 16 or 64 bit platforms.
953 if (idat_size
< save_size
)
954 save_size
= (png_size_t
)idat_size
;
957 idat_size
= (png_uint_32
)save_size
;
959 png_calculate_crc(png_ptr
, png_ptr
->save_buffer_ptr
, save_size
);
961 png_process_IDAT_data(png_ptr
, png_ptr
->save_buffer_ptr
, save_size
);
963 png_ptr
->idat_size
-= idat_size
;
964 png_ptr
->buffer_size
-= save_size
;
965 png_ptr
->save_buffer_size
-= save_size
;
966 png_ptr
->save_buffer_ptr
+= save_size
;
969 if (png_ptr
->idat_size
&& png_ptr
->current_buffer_size
)
971 png_size_t save_size
= png_ptr
->current_buffer_size
;
972 png_uint_32 idat_size
= png_ptr
->idat_size
;
974 /* We want the smaller of 'idat_size' and 'current_buffer_size', but they
975 * are of different types and we don't know which variable has the fewest
976 * bits. Carefully select the smaller and cast it to the type of the
977 * larger - this cannot overflow.
979 if (idat_size
< save_size
)
980 save_size
= (png_size_t
)idat_size
;
983 idat_size
= (png_uint_32
)save_size
;
985 png_calculate_crc(png_ptr
, png_ptr
->current_buffer_ptr
, save_size
);
987 png_process_IDAT_data(png_ptr
, png_ptr
->current_buffer_ptr
, save_size
);
989 png_ptr
->idat_size
-= idat_size
;
990 png_ptr
->buffer_size
-= save_size
;
991 png_ptr
->current_buffer_size
-= save_size
;
992 png_ptr
->current_buffer_ptr
+= save_size
;
994 if (!png_ptr
->idat_size
)
996 if (png_ptr
->buffer_size
< 4)
998 png_push_save_buffer(png_ptr
);
1002 png_crc_finish(png_ptr
, 0);
1003 png_ptr
->mode
&= ~PNG_HAVE_CHUNK_HEADER
;
1004 png_ptr
->mode
|= PNG_AFTER_IDAT
;
1005 png_ptr
->zowner
= 0;
1010 png_process_IDAT_data(png_structrp png_ptr
, png_bytep buffer
,
1011 png_size_t buffer_length
)
1013 /* The caller checks for a non-zero buffer length. */
1014 if (!(buffer_length
> 0) || buffer
== NULL
)
1015 png_error(png_ptr
, "No IDAT data (internal error)");
1017 #ifdef PNG_READ_APNG_SUPPORTED
1018 /* If the app is not APNG-aware, decode only the first frame */
1019 if (!(png_ptr
->apng_flags
& PNG_APNG_APP
) && png_ptr
->num_frames_read
> 0)
1021 png_ptr
->flags
|= PNG_FLAG_ZSTREAM_ENDED
;
1026 /* This routine must process all the data it has been given
1027 * before returning, calling the row callback as required to
1028 * handle the uncompressed results.
1030 png_ptr
->zstream
.next_in
= buffer
;
1031 /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
1032 png_ptr
->zstream
.avail_in
= (uInt
)buffer_length
;
1034 /* Keep going until the decompressed data is all processed
1035 * or the stream marked as finished.
1037 while (png_ptr
->zstream
.avail_in
> 0 &&
1038 !(png_ptr
->flags
& PNG_FLAG_ZSTREAM_ENDED
))
1042 /* We have data for zlib, but we must check that zlib
1043 * has someplace to put the results. It doesn't matter
1044 * if we don't expect any results -- it may be the input
1045 * data is just the LZ end code.
1047 if (!(png_ptr
->zstream
.avail_out
> 0))
1049 /* TODO: WARNING: TRUNCATION ERROR: DANGER WILL ROBINSON: */
1050 png_ptr
->zstream
.avail_out
= (uInt
)(PNG_ROWBYTES(png_ptr
->pixel_depth
,
1051 png_ptr
->iwidth
) + 1);
1053 png_ptr
->zstream
.next_out
= png_ptr
->row_buf
;
1056 /* Using Z_SYNC_FLUSH here means that an unterminated
1057 * LZ stream (a stream with a missing end code) can still
1058 * be handled, otherwise (Z_NO_FLUSH) a future zlib
1059 * implementation might defer output and therefore
1060 * change the current behavior (see comments in inflate.c
1061 * for why this doesn't happen at present with zlib 1.2.5).
1063 ret
= inflate(&png_ptr
->zstream
, Z_SYNC_FLUSH
);
1065 /* Check for any failure before proceeding. */
1066 if (ret
!= Z_OK
&& ret
!= Z_STREAM_END
)
1068 /* Terminate the decompression. */
1069 png_ptr
->flags
|= PNG_FLAG_ZSTREAM_ENDED
;
1070 png_ptr
->zowner
= 0;
1072 /* This may be a truncated stream (missing or
1073 * damaged end code). Treat that as a warning.
1075 if (png_ptr
->row_number
>= png_ptr
->num_rows
||
1077 png_warning(png_ptr
, "Truncated compressed data in IDAT");
1080 png_error(png_ptr
, "Decompression error in IDAT");
1082 /* Skip the check on unprocessed input */
1086 /* Did inflate output any data? */
1087 if (png_ptr
->zstream
.next_out
!= png_ptr
->row_buf
)
1089 /* Is this unexpected data after the last row?
1090 * If it is, artificially terminate the LZ output
1093 if (png_ptr
->row_number
>= png_ptr
->num_rows
||
1097 png_warning(png_ptr
, "Extra compressed data in IDAT");
1098 png_ptr
->flags
|= PNG_FLAG_ZSTREAM_ENDED
;
1099 png_ptr
->zowner
= 0;
1101 /* Do no more processing; skip the unprocessed
1102 * input check below.
1107 /* Do we have a complete row? */
1108 if (png_ptr
->zstream
.avail_out
== 0)
1109 png_push_process_row(png_ptr
);
1112 /* And check for the end of the stream. */
1113 if (ret
== Z_STREAM_END
)
1114 png_ptr
->flags
|= PNG_FLAG_ZSTREAM_ENDED
;
1117 /* All the data should have been processed, if anything
1118 * is left at this point we have bytes of IDAT data
1119 * after the zlib end code.
1121 if (png_ptr
->zstream
.avail_in
> 0)
1122 png_warning(png_ptr
, "Extra compression data in IDAT");
1126 png_push_process_row(png_structrp png_ptr
)
1128 /* 1.5.6: row_info moved out of png_struct to a local here. */
1129 png_row_info row_info
;
1131 row_info
.width
= png_ptr
->iwidth
; /* NOTE: width of current interlaced row */
1132 row_info
.color_type
= png_ptr
->color_type
;
1133 row_info
.bit_depth
= png_ptr
->bit_depth
;
1134 row_info
.channels
= png_ptr
->channels
;
1135 row_info
.pixel_depth
= png_ptr
->pixel_depth
;
1136 row_info
.rowbytes
= PNG_ROWBYTES(row_info
.pixel_depth
, row_info
.width
);
1138 if (png_ptr
->row_buf
[0] > PNG_FILTER_VALUE_NONE
)
1140 if (png_ptr
->row_buf
[0] < PNG_FILTER_VALUE_LAST
)
1141 png_read_filter_row(png_ptr
, &row_info
, png_ptr
->row_buf
+ 1,
1142 png_ptr
->prev_row
+ 1, png_ptr
->row_buf
[0]);
1144 png_error(png_ptr
, "bad adaptive filter value");
1147 /* libpng 1.5.6: the following line was copying png_ptr->rowbytes before
1148 * 1.5.6, while the buffer really is this big in current versions of libpng
1149 * it may not be in the future, so this was changed just to copy the
1150 * interlaced row count:
1152 memcpy(png_ptr
->prev_row
, png_ptr
->row_buf
, row_info
.rowbytes
+ 1);
1154 #ifdef PNG_READ_TRANSFORMS_SUPPORTED
1155 if (png_ptr
->transformations
)
1156 png_do_read_transformations(png_ptr
, &row_info
);
1159 /* The transformed pixel depth should match the depth now in row_info. */
1160 if (png_ptr
->transformed_pixel_depth
== 0)
1162 png_ptr
->transformed_pixel_depth
= row_info
.pixel_depth
;
1163 if (row_info
.pixel_depth
> png_ptr
->maximum_pixel_depth
)
1164 png_error(png_ptr
, "progressive row overflow");
1167 else if (png_ptr
->transformed_pixel_depth
!= row_info
.pixel_depth
)
1168 png_error(png_ptr
, "internal progressive row size calculation error");
1171 #ifdef PNG_READ_INTERLACING_SUPPORTED
1172 /* Expand interlaced rows to full size */
1173 if (png_ptr
->interlaced
&& (png_ptr
->transformations
& PNG_INTERLACE
))
1175 if (png_ptr
->pass
< 6)
1176 png_do_read_interlace(&row_info
, png_ptr
->row_buf
+ 1, png_ptr
->pass
,
1177 png_ptr
->transformations
);
1179 switch (png_ptr
->pass
)
1184 for (i
= 0; i
< 8 && png_ptr
->pass
== 0; i
++)
1186 png_push_have_row(png_ptr
, png_ptr
->row_buf
+ 1);
1187 png_read_push_finish_row(png_ptr
); /* Updates png_ptr->pass */
1190 if (png_ptr
->pass
== 2) /* Pass 1 might be empty */
1192 for (i
= 0; i
< 4 && png_ptr
->pass
== 2; i
++)
1194 png_push_have_row(png_ptr
, NULL
);
1195 png_read_push_finish_row(png_ptr
);
1199 if (png_ptr
->pass
== 4 && png_ptr
->height
<= 4)
1201 for (i
= 0; i
< 2 && png_ptr
->pass
== 4; i
++)
1203 png_push_have_row(png_ptr
, NULL
);
1204 png_read_push_finish_row(png_ptr
);
1208 if (png_ptr
->pass
== 6 && png_ptr
->height
<= 4)
1210 png_push_have_row(png_ptr
, NULL
);
1211 png_read_push_finish_row(png_ptr
);
1220 for (i
= 0; i
< 8 && png_ptr
->pass
== 1; i
++)
1222 png_push_have_row(png_ptr
, png_ptr
->row_buf
+ 1);
1223 png_read_push_finish_row(png_ptr
);
1226 if (png_ptr
->pass
== 2) /* Skip top 4 generated rows */
1228 for (i
= 0; i
< 4 && png_ptr
->pass
== 2; i
++)
1230 png_push_have_row(png_ptr
, NULL
);
1231 png_read_push_finish_row(png_ptr
);
1242 for (i
= 0; i
< 4 && png_ptr
->pass
== 2; i
++)
1244 png_push_have_row(png_ptr
, png_ptr
->row_buf
+ 1);
1245 png_read_push_finish_row(png_ptr
);
1248 for (i
= 0; i
< 4 && png_ptr
->pass
== 2; i
++)
1250 png_push_have_row(png_ptr
, NULL
);
1251 png_read_push_finish_row(png_ptr
);
1254 if (png_ptr
->pass
== 4) /* Pass 3 might be empty */
1256 for (i
= 0; i
< 2 && png_ptr
->pass
== 4; i
++)
1258 png_push_have_row(png_ptr
, NULL
);
1259 png_read_push_finish_row(png_ptr
);
1270 for (i
= 0; i
< 4 && png_ptr
->pass
== 3; i
++)
1272 png_push_have_row(png_ptr
, png_ptr
->row_buf
+ 1);
1273 png_read_push_finish_row(png_ptr
);
1276 if (png_ptr
->pass
== 4) /* Skip top two generated rows */
1278 for (i
= 0; i
< 2 && png_ptr
->pass
== 4; i
++)
1280 png_push_have_row(png_ptr
, NULL
);
1281 png_read_push_finish_row(png_ptr
);
1292 for (i
= 0; i
< 2 && png_ptr
->pass
== 4; i
++)
1294 png_push_have_row(png_ptr
, png_ptr
->row_buf
+ 1);
1295 png_read_push_finish_row(png_ptr
);
1298 for (i
= 0; i
< 2 && png_ptr
->pass
== 4; i
++)
1300 png_push_have_row(png_ptr
, NULL
);
1301 png_read_push_finish_row(png_ptr
);
1304 if (png_ptr
->pass
== 6) /* Pass 5 might be empty */
1306 png_push_have_row(png_ptr
, NULL
);
1307 png_read_push_finish_row(png_ptr
);
1317 for (i
= 0; i
< 2 && png_ptr
->pass
== 5; i
++)
1319 png_push_have_row(png_ptr
, png_ptr
->row_buf
+ 1);
1320 png_read_push_finish_row(png_ptr
);
1323 if (png_ptr
->pass
== 6) /* Skip top generated row */
1325 png_push_have_row(png_ptr
, NULL
);
1326 png_read_push_finish_row(png_ptr
);
1335 png_push_have_row(png_ptr
, png_ptr
->row_buf
+ 1);
1336 png_read_push_finish_row(png_ptr
);
1338 if (png_ptr
->pass
!= 6)
1341 png_push_have_row(png_ptr
, NULL
);
1342 png_read_push_finish_row(png_ptr
);
1348 png_push_have_row(png_ptr
, png_ptr
->row_buf
+ 1);
1349 png_read_push_finish_row(png_ptr
);
1354 png_read_push_finish_row(png_structrp png_ptr
)
1356 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
1358 /* Start of interlace block */
1359 static PNG_CONST png_byte png_pass_start
[] = {0, 4, 0, 2, 0, 1, 0};
1361 /* Offset to next interlace block */
1362 static PNG_CONST png_byte png_pass_inc
[] = {8, 8, 4, 4, 2, 2, 1};
1364 /* Start of interlace block in the y direction */
1365 static PNG_CONST png_byte png_pass_ystart
[] = {0, 0, 4, 0, 2, 0, 1};
1367 /* Offset to next interlace block in the y direction */
1368 static PNG_CONST png_byte png_pass_yinc
[] = {8, 8, 8, 4, 4, 2, 2};
1370 /* Height of interlace block. This is not currently used - if you need
1371 * it, uncomment it here and in png.h
1372 static PNG_CONST png_byte png_pass_height[] = {8, 8, 4, 4, 2, 2, 1};
1376 png_ptr
->row_number
++;
1377 if (png_ptr
->row_number
< png_ptr
->num_rows
)
1380 if (png_ptr
->interlaced
)
1382 png_ptr
->row_number
= 0;
1383 memset(png_ptr
->prev_row
, 0, png_ptr
->rowbytes
+ 1);
1388 if ((png_ptr
->pass
== 1 && png_ptr
->width
< 5) ||
1389 (png_ptr
->pass
== 3 && png_ptr
->width
< 3) ||
1390 (png_ptr
->pass
== 5 && png_ptr
->width
< 2))
1393 if (png_ptr
->pass
> 7)
1396 if (png_ptr
->pass
>= 7)
1399 png_ptr
->iwidth
= (png_ptr
->width
+
1400 png_pass_inc
[png_ptr
->pass
] - 1 -
1401 png_pass_start
[png_ptr
->pass
]) /
1402 png_pass_inc
[png_ptr
->pass
];
1404 if (png_ptr
->transformations
& PNG_INTERLACE
)
1407 png_ptr
->num_rows
= (png_ptr
->height
+
1408 png_pass_yinc
[png_ptr
->pass
] - 1 -
1409 png_pass_ystart
[png_ptr
->pass
]) /
1410 png_pass_yinc
[png_ptr
->pass
];
1412 } while (png_ptr
->iwidth
== 0 || png_ptr
->num_rows
== 0);
1417 png_push_have_info(png_structrp png_ptr
, png_inforp info_ptr
)
1419 if (png_ptr
->info_fn
!= NULL
)
1420 (*(png_ptr
->info_fn
))(png_ptr
, info_ptr
);
1424 png_push_have_end(png_structrp png_ptr
, png_inforp info_ptr
)
1426 if (png_ptr
->end_fn
!= NULL
)
1427 (*(png_ptr
->end_fn
))(png_ptr
, info_ptr
);
1431 png_push_have_row(png_structrp png_ptr
, png_bytep row
)
1433 if (png_ptr
->row_fn
!= NULL
)
1434 (*(png_ptr
->row_fn
))(png_ptr
, row
, png_ptr
->row_number
,
1435 (int)png_ptr
->pass
);
1439 png_progressive_combine_row(png_const_structrp png_ptr
, png_bytep old_row
,
1440 png_const_bytep new_row
)
1442 if (png_ptr
== NULL
)
1445 /* new_row is a flag here - if it is NULL then the app callback was called
1446 * from an empty row (see the calls to png_struct::row_fn below), otherwise
1447 * it must be png_ptr->row_buf+1
1449 if (new_row
!= NULL
)
1450 png_combine_row(png_ptr
, old_row
, 1/*blocky display*/);
1454 png_set_progressive_read_fn(png_structrp png_ptr
, png_voidp progressive_ptr
,
1455 png_progressive_info_ptr info_fn
, png_progressive_row_ptr row_fn
,
1456 png_progressive_end_ptr end_fn
)
1458 if (png_ptr
== NULL
)
1461 png_ptr
->info_fn
= info_fn
;
1462 png_ptr
->row_fn
= row_fn
;
1463 png_ptr
->end_fn
= end_fn
;
1465 png_set_read_fn(png_ptr
, progressive_ptr
, png_push_fill_buffer
);
1468 #ifdef PNG_READ_APNG_SUPPORTED
1470 png_set_progressive_frame_fn(png_structp png_ptr
,
1471 png_progressive_frame_ptr frame_info_fn
,
1472 png_progressive_frame_ptr frame_end_fn
)
1474 png_ptr
->frame_info_fn
= frame_info_fn
;
1475 png_ptr
->frame_end_fn
= frame_end_fn
;
1476 png_ptr
->apng_flags
|= PNG_APNG_APP
;
1481 png_get_progressive_ptr(png_const_structrp png_ptr
)
1483 if (png_ptr
== NULL
)
1486 return png_ptr
->io_ptr
;
1488 #endif /* PNG_PROGRESSIVE_READ_SUPPORTED */