Chromium Code Reviews Chromium Code Reviews
Issue 1467263003:
third_party/libpng: update to 1.2.54 (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 | 1 |
| 2 /* pngset.c - storage of image information into info struct | 2 /* pngset.c - storage of image information into info struct |
| 3 * | 3 * |
| 4 * Last changed in libpng 1.2.51 [February 6, 2014] | 4 * Last changed in libpng 1.2.54 [November 12, 2015] |
| 5 * Copyright (c) 1998-2014 Glenn Randers-Pehrson | 5 * Copyright (c) 1998-2015 Glenn Randers-Pehrson |
| 6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) | 6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) |
| 7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) | 7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) |
| 8 * | 8 * |
| 9 * This code is released under the libpng license. | 9 * This code is released under the libpng license. |
| 10 * For conditions of distribution and use, see the disclaimer | 10 * For conditions of distribution and use, see the disclaimer |
| 11 * and license in png.h | 11 * and license in png.h |
| 12 * | 12 * |
| 13 * The functions here are used during reads to store data from the file | 13 * The functions here are used during reads to store data from the file |
| 14 * into the info struct, and during writes to store application data | 14 * into the info struct, and during writes to store application data |
| 15 * into the info struct for writing into the file. This abstracts the | 15 * into the info struct for writing into the file. This abstracts the |
| (...skipping 240 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 256 info_ptr->channels++; | 256 info_ptr->channels++; |
| 257 info_ptr->pixel_depth = (png_byte)(info_ptr->channels * info_ptr->bit_depth); | 257 info_ptr->pixel_depth = (png_byte)(info_ptr->channels * info_ptr->bit_depth); |
| 258 | 258 |
| 259 /* Check for potential overflow */ | 259 /* Check for potential overflow */ |
| 260 if (width > (PNG_UINT_32_MAX | 260 if (width > (PNG_UINT_32_MAX |
| 261 >> 3) /* 8-byte RGBA pixels */ | 261 >> 3) /* 8-byte RGBA pixels */ |
| 262 - 64 /* bigrowbuf hack */ | 262 - 64 /* bigrowbuf hack */ |
| 263 - 1 /* filter byte */ | 263 - 1 /* filter byte */ |
| 264 - 7*8 /* rounding of width to multiple of 8 pixels */ | 264 - 7*8 /* rounding of width to multiple of 8 pixels */ |
| 265 - 8) /* extra max_pixel_depth pad */ | 265 - 8) /* extra max_pixel_depth pad */ |
| 266 { | |
| 266 info_ptr->rowbytes = (png_size_t)0; | 267 info_ptr->rowbytes = (png_size_t)0; |
| 268 png_error(png_ptr, "Image width is too large for this architecture"); | |
| 269 } | |
| 267 else | 270 else |
| 268 info_ptr->rowbytes = PNG_ROWBYTES(info_ptr->pixel_depth, width); | 271 info_ptr->rowbytes = PNG_ROWBYTES(info_ptr->pixel_depth, width); |
| 269 } | 272 } |
| 270 | 273 |
| 271 #ifdef PNG_oFFs_SUPPORTED | 274 #ifdef PNG_oFFs_SUPPORTED |
| 272 void PNGAPI | 275 void PNGAPI |
| 273 png_set_oFFs(png_structp png_ptr, png_infop info_ptr, | 276 png_set_oFFs(png_structp png_ptr, png_infop info_ptr, |
| 274 png_int_32 offset_x, png_int_32 offset_y, int unit_type) | 277 png_int_32 offset_x, png_int_32 offset_y, int unit_type) |
| 275 { | 278 { |
| 276 png_debug1(1, "in %s storage function", "oFFs"); | 279 png_debug1(1, "in %s storage function", "oFFs"); |
| (...skipping 162 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 439 info_ptr->phys_unit_type = (png_byte)unit_type; | 442 info_ptr->phys_unit_type = (png_byte)unit_type; |
| 440 info_ptr->valid |= PNG_INFO_pHYs; | 443 info_ptr->valid |= PNG_INFO_pHYs; |
| 441 } | 444 } |
| 442 #endif | 445 #endif |
| 443 | 446 |
| 444 void PNGAPI | 447 void PNGAPI |
| 445 png_set_PLTE(png_structp png_ptr, png_infop info_ptr, | 448 png_set_PLTE(png_structp png_ptr, png_infop info_ptr, |
| 446 png_colorp palette, int num_palette) | 449 png_colorp palette, int num_palette) |
| 447 { | 450 { |
| 448 | 451 |
| 452 png_uint_32 max_palette_length; | |
| 453 | |
| 449 png_debug1(1, "in %s storage function", "PLTE"); | 454 png_debug1(1, "in %s storage function", "PLTE"); |
| 450 | 455 |
| 451 if (png_ptr == NULL || info_ptr == NULL) | 456 if (png_ptr == NULL || info_ptr == NULL) |
| 452 return; | 457 return; |
| 453 | 458 |
| 454 if (num_palette < 0 || num_palette > PNG_MAX_PALETTE_LENGTH) | 459 max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ? |
| 460 (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH; | |
| 461 | |
|
Noel Gordon
2015/11/24 20:00:10
This code differs from current pngset.c per the li
| |
| 462 if (num_palette < 0 || num_palette > (int) max_palette_length) | |
| 455 { | 463 { |
| 456 if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) | 464 if (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) |
| 457 png_error(png_ptr, "Invalid palette length"); | 465 png_error(png_ptr, "Invalid palette length"); |
| 458 else | 466 else |
| 459 { | 467 { |
| 460 png_warning(png_ptr, "Invalid palette length"); | 468 png_warning(png_ptr, "Invalid palette length"); |
| 461 return; | 469 return; |
| 462 } | 470 } |
| 463 } | 471 } |
| 464 | 472 |
| 465 /* It may not actually be necessary to set png_ptr->palette here; | 473 /* It may not actually be necessary to set png_ptr->palette here; |
| 466 * we do it for backward compatibility with the way the png_handle_tRNS | 474 * we do it for backward compatibility with the way the png_handle_tRNS |
| 467 * function used to do the allocation. | 475 * function used to do the allocation. |
| 468 */ | 476 */ |
| 469 #ifdef PNG_FREE_ME_SUPPORTED | 477 #ifdef PNG_FREE_ME_SUPPORTED |
| 470 png_free_data(png_ptr, info_ptr, PNG_FREE_PLTE, 0); | 478 png_free_data(png_ptr, info_ptr, PNG_FREE_PLTE, 0); |
| 471 #endif | 479 #endif |
| 472 | 480 |
| 473 /* Changed in libpng-1.2.1 to allocate PNG_MAX_PALETTE_LENGTH instead | 481 /* Changed in libpng-1.2.1 to allocate PNG_MAX_PALETTE_LENGTH instead |
| 474 * of num_palette entries, in case of an invalid PNG file that has | 482 * of num_palette entries, in case of an invalid PNG file or incorrect |
| 475 * too-large sample values. | 483 * call to png_set_PLTE() with too-large sample values. |
| 476 */ | 484 */ |
| 477 png_ptr->palette = (png_colorp)png_calloc(png_ptr, | 485 png_ptr->palette = (png_colorp)png_calloc(png_ptr, |
| 478 PNG_MAX_PALETTE_LENGTH * png_sizeof(png_color)); | 486 PNG_MAX_PALETTE_LENGTH * png_sizeof(png_color)); |
| 479 png_memcpy(png_ptr->palette, palette, num_palette * png_sizeof(png_color)); | 487 png_memcpy(png_ptr->palette, palette, num_palette * png_sizeof(png_color)); |
| 480 info_ptr->palette = png_ptr->palette; | 488 info_ptr->palette = png_ptr->palette; |
| 481 info_ptr->num_palette = png_ptr->num_palette = (png_uint_16)num_palette; | 489 info_ptr->num_palette = png_ptr->num_palette = (png_uint_16)num_palette; |
| 482 | 490 |
| 483 #ifdef PNG_FREE_ME_SUPPORTED | 491 #ifdef PNG_FREE_ME_SUPPORTED |
| 484 info_ptr->free_me |= PNG_FREE_PLTE; | 492 info_ptr->free_me |= PNG_FREE_PLTE; |
| 485 #else | 493 #else |
| (...skipping 277 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 763 { | 771 { |
| 764 text_length = png_strlen(text_ptr[i].text); | 772 text_length = png_strlen(text_ptr[i].text); |
| 765 textp->compression = text_ptr[i].compression; | 773 textp->compression = text_ptr[i].compression; |
| 766 } | 774 } |
| 767 | 775 |
| 768 textp->key = (png_charp)png_malloc_warn(png_ptr, | 776 textp->key = (png_charp)png_malloc_warn(png_ptr, |
| 769 (png_uint_32) | 777 (png_uint_32) |
| 770 (key_len + text_length + lang_len + lang_key_len + 4)); | 778 (key_len + text_length + lang_len + lang_key_len + 4)); |
| 771 if (textp->key == NULL) | 779 if (textp->key == NULL) |
| 772 return(1); | 780 return(1); |
| 773 png_debug2(2, "Allocated %lu bytes at %x in png_set_text", | 781 png_debug2(2, "Allocated %lu bytes at %p in png_set_text", |
| 774 (png_uint_32) | 782 (png_uint_32) |
| 775 (key_len + lang_len + lang_key_len + text_length + 4), | 783 (key_len + lang_len + lang_key_len + text_length + 4), |
| 776 (int)textp->key); | 784 textp->key); |
| 777 | 785 |
| 778 png_memcpy(textp->key, text_ptr[i].key,(png_size_t)(key_len)); | 786 png_memcpy(textp->key, text_ptr[i].key,(png_size_t)(key_len)); |
| 779 *(textp->key + key_len) = '\0'; | 787 *(textp->key + key_len) = '\0'; |
| 780 #ifdef PNG_iTXt_SUPPORTED | 788 #ifdef PNG_iTXt_SUPPORTED |
| 781 if (text_ptr[i].compression > 0) | 789 if (text_ptr[i].compression > 0) |
| 782 { | 790 { |
| 783 textp->lang = textp->key + key_len + 1; | 791 textp->lang = textp->key + key_len + 1; |
| 784 png_memcpy(textp->lang, text_ptr[i].lang, lang_len); | 792 png_memcpy(textp->lang, text_ptr[i].lang, lang_len); |
| 785 *(textp->lang + lang_len) = '\0'; | 793 *(textp->lang + lang_len) = '\0'; |
| 786 textp->lang_key = textp->lang + lang_len + 1; | 794 textp->lang_key = textp->lang + lang_len + 1; |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 827 #ifdef PNG_tIME_SUPPORTED | 835 #ifdef PNG_tIME_SUPPORTED |
| 828 void PNGAPI | 836 void PNGAPI |
| 829 png_set_tIME(png_structp png_ptr, png_infop info_ptr, png_timep mod_time) | 837 png_set_tIME(png_structp png_ptr, png_infop info_ptr, png_timep mod_time) |
| 830 { | 838 { |
| 831 png_debug1(1, "in %s storage function", "tIME"); | 839 png_debug1(1, "in %s storage function", "tIME"); |
| 832 | 840 |
| 833 if (png_ptr == NULL || info_ptr == NULL || | 841 if (png_ptr == NULL || info_ptr == NULL || |
| 834 (png_ptr->mode & PNG_WROTE_tIME)) | 842 (png_ptr->mode & PNG_WROTE_tIME)) |
| 835 return; | 843 return; |
| 836 | 844 |
| 845 if (mod_time->month == 0 || mod_time->month > 12 || | |
| 846 mod_time->day == 0 || mod_time->day > 31 || | |
| 847 mod_time->hour > 23 || mod_time->minute > 59 || | |
| 848 mod_time->second > 60) | |
| 849 { | |
| 850 png_warning(png_ptr, "Ignoring invalid time value"); | |
| 851 return; | |
| 852 } | |
| 853 | |
| 837 png_memcpy(&(info_ptr->mod_time), mod_time, png_sizeof(png_time)); | 854 png_memcpy(&(info_ptr->mod_time), mod_time, png_sizeof(png_time)); |
| 838 info_ptr->valid |= PNG_INFO_tIME; | 855 info_ptr->valid |= PNG_INFO_tIME; |
| 839 } | 856 } |
| 840 #endif | 857 #endif |
| 841 | 858 |
| 842 #ifdef PNG_tRNS_SUPPORTED | 859 #ifdef PNG_tRNS_SUPPORTED |
| 843 void PNGAPI | 860 void PNGAPI |
| 844 png_set_tRNS(png_structp png_ptr, png_infop info_ptr, | 861 png_set_tRNS(png_structp png_ptr, png_infop info_ptr, |
| 845 png_bytep trans, int num_trans, png_color_16p trans_values) | 862 png_bytep trans, int num_trans, png_color_16p trans_values) |
| 846 { | 863 { |
| (...skipping 385 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1232 png_debug(1, "in png_set_benign_errors"); | 1249 png_debug(1, "in png_set_benign_errors"); |
| 1233 | 1250 |
| 1234 if (allowed) | 1251 if (allowed) |
| 1235 png_ptr->flags |= PNG_FLAG_BENIGN_ERRORS_WARN; | 1252 png_ptr->flags |= PNG_FLAG_BENIGN_ERRORS_WARN; |
| 1236 else | 1253 else |
| 1237 png_ptr->flags &= ~PNG_FLAG_BENIGN_ERRORS_WARN; | 1254 png_ptr->flags &= ~PNG_FLAG_BENIGN_ERRORS_WARN; |
| 1238 } | 1255 } |
| 1239 #endif /* PNG_BENIGN_ERRORS_SUPPORTED */ | 1256 #endif /* PNG_BENIGN_ERRORS_SUPPORTED */ |
| 1240 #endif /* ?PNG_1_0_X */ | 1257 #endif /* ?PNG_1_0_X */ |
| 1241 #endif /* PNG_READ_SUPPORTED || PNG_WRITE_SUPPORTED */ | 1258 #endif /* PNG_READ_SUPPORTED || PNG_WRITE_SUPPORTED */ |
| OLD | NEW |
