Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(453)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/lpng_v163/png.c

Issue 1591483003: XFA: Upgrade libpng to 1.6.20. (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@xfa
Patch Set: rebase Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/lpng_v163/png.h ('k') | third_party/lpng_v163/pngconf.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* png.c - location for general purpose libpng functions
2 *
3 * Last changed in libpng 1.6.2 [April 25, 2013]
4 * Copyright (c) 1998-2013 Glenn Randers-Pehrson
5 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
6 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
7 *
8 * This code is released under the libpng license.
9 * For conditions of distribution and use, see the disclaimer
10 * and license in png.h
11 */
12
13 #include "pngpriv.h"
14
15 /* Generate a compiler error if there is an old png.h in the search path. */
16 typedef png_libpng_version_1_6_3 Your_png_h_is_not_version_1_6_3;
17
18 /* Tells libpng that we have already handled the first "num_bytes" bytes
19 * of the PNG file signature. If the PNG data is embedded into another
20 * stream we can set num_bytes = 8 so that libpng will not attempt to read
21 * or write any of the magic bytes before it starts on the IHDR.
22 */
23
24 #ifdef PNG_READ_SUPPORTED
25 void PNGAPI
26 png_set_sig_bytes(png_structrp png_ptr, int num_bytes)
27 {
28 png_debug(1, "in png_set_sig_bytes");
29
30 if (png_ptr == NULL)
31 return;
32
33 if (num_bytes > 8)
34 png_error(png_ptr, "Too many bytes for PNG signature");
35
36 png_ptr->sig_bytes = (png_byte)(num_bytes < 0 ? 0 : num_bytes);
37 }
38
39 /* Checks whether the supplied bytes match the PNG signature. We allow
40 * checking less than the full 8-byte signature so that those apps that
41 * already read the first few bytes of a file to determine the file type
42 * can simply check the remaining bytes for extra assurance. Returns
43 * an integer less than, equal to, or greater than zero if sig is found,
44 * respectively, to be less than, to match, or be greater than the correct
45 * PNG signature (this is the same behavior as strcmp, memcmp, etc).
46 */
47 int PNGAPI
48 png_sig_cmp(png_const_bytep sig, png_size_t start, png_size_t num_to_check)
49 {
50 png_byte png_signature[8] = {137, 80, 78, 71, 13, 10, 26, 10};
51
52 if (num_to_check > 8)
53 num_to_check = 8;
54
55 else if (num_to_check < 1)
56 return (-1);
57
58 if (start > 7)
59 return (-1);
60
61 if (start + num_to_check > 8)
62 num_to_check = 8 - start;
63
64 return ((int)(memcmp(&sig[start], &png_signature[start], num_to_check)));
65 }
66
67 #endif /* PNG_READ_SUPPORTED */
68
69 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
70 /* Function to allocate memory for zlib */
71 PNG_FUNCTION(voidpf /* PRIVATE */,
72 png_zalloc,(voidpf png_ptr, uInt items, uInt size),PNG_ALLOCATED)
73 {
74 png_alloc_size_t num_bytes = size;
75
76 if (png_ptr == NULL)
77 return NULL;
78
79 if (items >= (~(png_alloc_size_t)0)/size)
80 {
81 png_warning (png_voidcast(png_structrp, png_ptr),
82 "Potential overflow in png_zalloc()");
83 return NULL;
84 }
85
86 num_bytes *= items;
87 return png_malloc_warn(png_voidcast(png_structrp, png_ptr), num_bytes);
88 }
89
90 /* Function to free memory for zlib */
91 void /* PRIVATE */
92 png_zfree(voidpf png_ptr, voidpf ptr)
93 {
94 png_free(png_voidcast(png_const_structrp,png_ptr), ptr);
95 }
96
97 /* Reset the CRC variable to 32 bits of 1's. Care must be taken
98 * in case CRC is > 32 bits to leave the top bits 0.
99 */
100 void /* PRIVATE */
101 png_reset_crc(png_structrp png_ptr)
102 {
103 /* The cast is safe because the crc is a 32 bit value. */
104 png_ptr->crc = (png_uint_32)crc32(0, Z_NULL, 0);
105 }
106
107 /* Calculate the CRC over a section of data. We can only pass as
108 * much data to this routine as the largest single buffer size. We
109 * also check that this data will actually be used before going to the
110 * trouble of calculating it.
111 */
112 void /* PRIVATE */
113 png_calculate_crc(png_structrp png_ptr, png_const_bytep ptr, png_size_t length)
114 {
115 int need_crc = 1;
116
117 if (PNG_CHUNK_ANCILLARY(png_ptr->chunk_name))
118 {
119 if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_MASK) ==
120 (PNG_FLAG_CRC_ANCILLARY_USE | PNG_FLAG_CRC_ANCILLARY_NOWARN))
121 need_crc = 0;
122 }
123
124 else /* critical */
125 {
126 if (png_ptr->flags & PNG_FLAG_CRC_CRITICAL_IGNORE)
127 need_crc = 0;
128 }
129
130 /* 'uLong' is defined in zlib.h as unsigned long; this means that on some
131 * systems it is a 64 bit value. crc32, however, returns 32 bits so the
132 * following cast is safe. 'uInt' may be no more than 16 bits, so it is
133 * necessary to perform a loop here.
134 */
135 if (need_crc && length > 0)
136 {
137 uLong crc = png_ptr->crc; /* Should never issue a warning */
138
139 do
140 {
141 uInt safe_length = (uInt)length;
142 if (safe_length == 0)
143 safe_length = (uInt)-1; /* evil, but safe */
144
145 crc = crc32(crc, ptr, safe_length);
146
147 /* The following should never issue compiler warnings; if they do the
148 * target system has characteristics that will probably violate other
149 * assumptions within the libpng code.
150 */
151 ptr += safe_length;
152 length -= safe_length;
153 }
154 while (length > 0);
155
156 /* And the following is always safe because the crc is only 32 bits. */
157 png_ptr->crc = (png_uint_32)crc;
158 }
159 }
160
161 /* Check a user supplied version number, called from both read and write
162 * functions that create a png_struct.
163 */
164 int
165 png_user_version_check(png_structrp png_ptr, png_const_charp user_png_ver)
166 {
167 if (user_png_ver)
168 {
169 int i = 0;
170
171 do
172 {
173 if (user_png_ver[i] != png_libpng_ver[i])
174 png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
175 } while (png_libpng_ver[i++]);
176 }
177
178 else
179 png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
180
181 if (png_ptr->flags & PNG_FLAG_LIBRARY_MISMATCH)
182 {
183 /* Libpng 0.90 and later are binary incompatible with libpng 0.89, so
184 * we must recompile any applications that use any older library version.
185 * For versions after libpng 1.0, we will be compatible, so we need
186 * only check the first and third digits (note that when we reach version
187 * 1.10 we will need to check the fourth symbol, namely user_png_ver[3]).
188 */
189 if (user_png_ver == NULL || user_png_ver[0] != png_libpng_ver[0] ||
190 (user_png_ver[0] == '1' && (user_png_ver[2] != png_libpng_ver[2] ||
191 user_png_ver[3] != png_libpng_ver[3])) ||
192 (user_png_ver[0] == '0' && user_png_ver[2] < '9'))
193 {
194 #ifdef PNG_WARNINGS_SUPPORTED
195 size_t pos = 0;
196 char m[128];
197
198 pos = png_safecat(m, (sizeof m), pos,
199 "Application built with libpng-");
200 pos = png_safecat(m, (sizeof m), pos, user_png_ver);
201 pos = png_safecat(m, (sizeof m), pos, " but running with ");
202 pos = png_safecat(m, (sizeof m), pos, png_libpng_ver);
203
204 png_warning(png_ptr, m);
205 #endif
206
207 #ifdef PNG_ERROR_NUMBERS_SUPPORTED
208 png_ptr->flags = 0;
209 #endif
210
211 return 0;
212 }
213 }
214
215 /* Success return. */
216 return 1;
217 }
218
219 /* Generic function to create a png_struct for either read or write - this
220 * contains the common initialization.
221 */
222 PNG_FUNCTION(png_structp /* PRIVATE */,
223 png_create_png_struct,(png_const_charp user_png_ver, png_voidp error_ptr,
224 png_error_ptr error_fn, png_error_ptr warn_fn, png_voidp mem_ptr,
225 png_malloc_ptr malloc_fn, png_free_ptr free_fn),PNG_ALLOCATED)
226 {
227 png_struct create_struct;
228 # ifdef PNG_SETJMP_SUPPORTED
229 jmp_buf create_jmp_buf;
230 # endif
231
232 /* This temporary stack-allocated structure is used to provide a place to
233 * build enough context to allow the user provided memory allocator (if any)
234 * to be called.
235 */
236 memset(&create_struct, 0, (sizeof create_struct));
237
238 /* Added at libpng-1.2.6 */
239 # ifdef PNG_USER_LIMITS_SUPPORTED
240 create_struct.user_width_max = PNG_USER_WIDTH_MAX;
241 create_struct.user_height_max = PNG_USER_HEIGHT_MAX;
242
243 # ifdef PNG_USER_CHUNK_CACHE_MAX
244 /* Added at libpng-1.2.43 and 1.4.0 */
245 create_struct.user_chunk_cache_max = PNG_USER_CHUNK_CACHE_MAX;
246 # endif
247
248 # ifdef PNG_USER_CHUNK_MALLOC_MAX
249 /* Added at libpng-1.2.43 and 1.4.1, required only for read but exists
250 * in png_struct regardless.
251 */
252 create_struct.user_chunk_malloc_max = PNG_USER_CHUNK_MALLOC_MAX;
253 # endif
254 # endif
255
256 /* The following two API calls simply set fields in png_struct, so it is safe
257 * to do them now even though error handling is not yet set up.
258 */
259 # ifdef PNG_USER_MEM_SUPPORTED
260 png_set_mem_fn(&create_struct, mem_ptr, malloc_fn, free_fn);
261 # endif
262
263 /* (*error_fn) can return control to the caller after the error_ptr is set,
264 * this will result in a memory leak unless the error_fn does something
265 * extremely sophisticated. The design lacks merit but is implicit in the
266 * API.
267 */
268 png_set_error_fn(&create_struct, error_ptr, error_fn, warn_fn);
269
270 # ifdef PNG_SETJMP_SUPPORTED
271 if (!setjmp(create_jmp_buf))
272 {
273 /* Temporarily fake out the longjmp information until we have
274 * successfully completed this function. This only works if we have
275 * setjmp() support compiled in, but it is safe - this stuff should
276 * never happen.
277 */
278 create_struct.jmp_buf_ptr = &create_jmp_buf;
279 create_struct.jmp_buf_size = 0; /*stack allocation*/
280 create_struct.longjmp_fn = longjmp;
281 # else
282 {
283 # endif
284 /* Call the general version checker (shared with read and write code):
285 */
286 if (png_user_version_check(&create_struct, user_png_ver))
287 {
288 png_structrp png_ptr = png_voidcast(png_structrp,
289 png_malloc_warn(&create_struct, (sizeof *png_ptr)));
290
291 if (png_ptr != NULL)
292 {
293 /* png_ptr->zstream holds a back-pointer to the png_struct, so
294 * this can only be done now:
295 */
296 create_struct.zstream.zalloc = png_zalloc;
297 create_struct.zstream.zfree = png_zfree;
298 create_struct.zstream.opaque = png_ptr;
299
300 # ifdef PNG_SETJMP_SUPPORTED
301 /* Eliminate the local error handling: */
302 create_struct.jmp_buf_ptr = NULL;
303 create_struct.jmp_buf_size = 0;
304 create_struct.longjmp_fn = 0;
305 # endif
306
307 *png_ptr = create_struct;
308
309 /* This is the successful return point */
310 return png_ptr;
311 }
312 }
313 }
314
315 /* A longjmp because of a bug in the application storage allocator or a
316 * simple failure to allocate the png_struct.
317 */
318 return NULL;
319 }
320
321 /* Allocate the memory for an info_struct for the application. */
322 PNG_FUNCTION(png_infop,PNGAPI
323 png_create_info_struct,(png_const_structrp png_ptr),PNG_ALLOCATED)
324 {
325 png_inforp info_ptr;
326
327 png_debug(1, "in png_create_info_struct");
328
329 if (png_ptr == NULL)
330 return NULL;
331
332 /* Use the internal API that does not (or at least should not) error out, so
333 * that this call always returns ok. The application typically sets up the
334 * error handling *after* creating the info_struct because this is the way it
335 * has always been done in 'example.c'.
336 */
337 info_ptr = png_voidcast(png_inforp, png_malloc_base(png_ptr,
338 (sizeof *info_ptr)));
339
340 if (info_ptr != NULL)
341 memset(info_ptr, 0, (sizeof *info_ptr));
342
343 return info_ptr;
344 }
345
346 /* This function frees the memory associated with a single info struct.
347 * Normally, one would use either png_destroy_read_struct() or
348 * png_destroy_write_struct() to free an info struct, but this may be
349 * useful for some applications. From libpng 1.6.0 this function is also used
350 * internally to implement the png_info release part of the 'struct' destroy
351 * APIs. This ensures that all possible approaches free the same data (all of
352 * it).
353 */
354 void PNGAPI
355 png_destroy_info_struct(png_const_structrp png_ptr, png_infopp info_ptr_ptr)
356 {
357 png_inforp info_ptr = NULL;
358
359 png_debug(1, "in png_destroy_info_struct");
360
361 if (png_ptr == NULL)
362 return;
363
364 if (info_ptr_ptr != NULL)
365 info_ptr = *info_ptr_ptr;
366
367 if (info_ptr != NULL)
368 {
369 /* Do this first in case of an error below; if the app implements its own
370 * memory management this can lead to png_free calling png_error, which
371 * will abort this routine and return control to the app error handler.
372 * An infinite loop may result if it then tries to free the same info
373 * ptr.
374 */
375 *info_ptr_ptr = NULL;
376
377 png_free_data(png_ptr, info_ptr, PNG_FREE_ALL, -1);
378 memset(info_ptr, 0, (sizeof *info_ptr));
379 png_free(png_ptr, info_ptr);
380 }
381 }
382
383 /* Initialize the info structure. This is now an internal function (0.89)
384 * and applications using it are urged to use png_create_info_struct()
385 * instead. Use deprecated in 1.6.0, internal use removed (used internally it
386 * is just a memset).
387 *
388 * NOTE: it is almost inconceivable that this API is used because it bypasses
389 * the user-memory mechanism and the user error handling/warning mechanisms in
390 * those cases where it does anything other than a memset.
391 */
392 PNG_FUNCTION(void,PNGAPI
393 png_info_init_3,(png_infopp ptr_ptr, png_size_t png_info_struct_size),
394 PNG_DEPRECATED)
395 {
396 png_inforp info_ptr = *ptr_ptr;
397
398 png_debug(1, "in png_info_init_3");
399
400 if (info_ptr == NULL)
401 return;
402
403 if ((sizeof (png_info)) > png_info_struct_size)
404 {
405 *ptr_ptr = NULL;
406 /* The following line is why this API should not be used: */
407 free(info_ptr);
408 info_ptr = png_voidcast(png_inforp, png_malloc_base(NULL,
409 (sizeof *info_ptr)));
410 *ptr_ptr = info_ptr;
411 }
412
413 /* Set everything to 0 */
414 memset(info_ptr, 0, (sizeof *info_ptr));
415 }
416
417 /* The following API is not called internally */
418 void PNGAPI
419 png_data_freer(png_const_structrp png_ptr, png_inforp info_ptr,
420 int freer, png_uint_32 mask)
421 {
422 png_debug(1, "in png_data_freer");
423
424 if (png_ptr == NULL || info_ptr == NULL)
425 return;
426
427 if (freer == PNG_DESTROY_WILL_FREE_DATA)
428 info_ptr->free_me |= mask;
429
430 else if (freer == PNG_USER_WILL_FREE_DATA)
431 info_ptr->free_me &= ~mask;
432
433 else
434 png_error(png_ptr, "Unknown freer parameter in png_data_freer");
435 }
436
437 void PNGAPI
438 png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
439 int num)
440 {
441 png_debug(1, "in png_free_data");
442
443 if (png_ptr == NULL || info_ptr == NULL)
444 return;
445
446 #ifdef PNG_TEXT_SUPPORTED
447 /* Free text item num or (if num == -1) all text items */
448 if ((mask & PNG_FREE_TEXT) & info_ptr->free_me)
449 {
450 if (num != -1)
451 {
452 if (info_ptr->text && info_ptr->text[num].key)
453 {
454 png_free(png_ptr, info_ptr->text[num].key);
455 info_ptr->text[num].key = NULL;
456 }
457 }
458
459 else
460 {
461 int i;
462 for (i = 0; i < info_ptr->num_text; i++)
463 png_free_data(png_ptr, info_ptr, PNG_FREE_TEXT, i);
464 png_free(png_ptr, info_ptr->text);
465 info_ptr->text = NULL;
466 info_ptr->num_text=0;
467 }
468 }
469 #endif
470
471 #ifdef PNG_tRNS_SUPPORTED
472 /* Free any tRNS entry */
473 if ((mask & PNG_FREE_TRNS) & info_ptr->free_me)
474 {
475 png_free(png_ptr, info_ptr->trans_alpha);
476 info_ptr->trans_alpha = NULL;
477 info_ptr->valid &= ~PNG_INFO_tRNS;
478 }
479 #endif
480
481 #ifdef PNG_sCAL_SUPPORTED
482 /* Free any sCAL entry */
483 if ((mask & PNG_FREE_SCAL) & info_ptr->free_me)
484 {
485 png_free(png_ptr, info_ptr->scal_s_width);
486 png_free(png_ptr, info_ptr->scal_s_height);
487 info_ptr->scal_s_width = NULL;
488 info_ptr->scal_s_height = NULL;
489 info_ptr->valid &= ~PNG_INFO_sCAL;
490 }
491 #endif
492
493 #ifdef PNG_pCAL_SUPPORTED
494 /* Free any pCAL entry */
495 if ((mask & PNG_FREE_PCAL) & info_ptr->free_me)
496 {
497 png_free(png_ptr, info_ptr->pcal_purpose);
498 png_free(png_ptr, info_ptr->pcal_units);
499 info_ptr->pcal_purpose = NULL;
500 info_ptr->pcal_units = NULL;
501 if (info_ptr->pcal_params != NULL)
502 {
503 unsigned int i;
504 for (i = 0; i < info_ptr->pcal_nparams; i++)
505 {
506 png_free(png_ptr, info_ptr->pcal_params[i]);
507 info_ptr->pcal_params[i] = NULL;
508 }
509 png_free(png_ptr, info_ptr->pcal_params);
510 info_ptr->pcal_params = NULL;
511 }
512 info_ptr->valid &= ~PNG_INFO_pCAL;
513 }
514 #endif
515
516 #ifdef PNG_iCCP_SUPPORTED
517 /* Free any profile entry */
518 if ((mask & PNG_FREE_ICCP) & info_ptr->free_me)
519 {
520 png_free(png_ptr, info_ptr->iccp_name);
521 png_free(png_ptr, info_ptr->iccp_profile);
522 info_ptr->iccp_name = NULL;
523 info_ptr->iccp_profile = NULL;
524 info_ptr->valid &= ~PNG_INFO_iCCP;
525 }
526 #endif
527
528 #ifdef PNG_sPLT_SUPPORTED
529 /* Free a given sPLT entry, or (if num == -1) all sPLT entries */
530 if ((mask & PNG_FREE_SPLT) & info_ptr->free_me)
531 {
532 if (num != -1)
533 {
534 if (info_ptr->splt_palettes)
535 {
536 png_free(png_ptr, info_ptr->splt_palettes[num].name);
537 png_free(png_ptr, info_ptr->splt_palettes[num].entries);
538 info_ptr->splt_palettes[num].name = NULL;
539 info_ptr->splt_palettes[num].entries = NULL;
540 }
541 }
542
543 else
544 {
545 if (info_ptr->splt_palettes_num)
546 {
547 int i;
548 for (i = 0; i < info_ptr->splt_palettes_num; i++)
549 png_free_data(png_ptr, info_ptr, PNG_FREE_SPLT, (int)i);
550
551 png_free(png_ptr, info_ptr->splt_palettes);
552 info_ptr->splt_palettes = NULL;
553 info_ptr->splt_palettes_num = 0;
554 }
555 info_ptr->valid &= ~PNG_INFO_sPLT;
556 }
557 }
558 #endif
559
560 #ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED
561 if ((mask & PNG_FREE_UNKN) & info_ptr->free_me)
562 {
563 if (num != -1)
564 {
565 if (info_ptr->unknown_chunks)
566 {
567 png_free(png_ptr, info_ptr->unknown_chunks[num].data);
568 info_ptr->unknown_chunks[num].data = NULL;
569 }
570 }
571
572 else
573 {
574 int i;
575
576 if (info_ptr->unknown_chunks_num)
577 {
578 for (i = 0; i < info_ptr->unknown_chunks_num; i++)
579 png_free_data(png_ptr, info_ptr, PNG_FREE_UNKN, (int)i);
580
581 png_free(png_ptr, info_ptr->unknown_chunks);
582 info_ptr->unknown_chunks = NULL;
583 info_ptr->unknown_chunks_num = 0;
584 }
585 }
586 }
587 #endif
588
589 #ifdef PNG_hIST_SUPPORTED
590 /* Free any hIST entry */
591 if ((mask & PNG_FREE_HIST) & info_ptr->free_me)
592 {
593 png_free(png_ptr, info_ptr->hist);
594 info_ptr->hist = NULL;
595 info_ptr->valid &= ~PNG_INFO_hIST;
596 }
597 #endif
598
599 /* Free any PLTE entry that was internally allocated */
600 if ((mask & PNG_FREE_PLTE) & info_ptr->free_me)
601 {
602 png_free(png_ptr, info_ptr->palette);
603 info_ptr->palette = NULL;
604 info_ptr->valid &= ~PNG_INFO_PLTE;
605 info_ptr->num_palette = 0;
606 }
607
608 #ifdef PNG_INFO_IMAGE_SUPPORTED
609 /* Free any image bits attached to the info structure */
610 if ((mask & PNG_FREE_ROWS) & info_ptr->free_me)
611 {
612 if (info_ptr->row_pointers)
613 {
614 png_uint_32 row;
615 for (row = 0; row < info_ptr->height; row++)
616 {
617 png_free(png_ptr, info_ptr->row_pointers[row]);
618 info_ptr->row_pointers[row] = NULL;
619 }
620 png_free(png_ptr, info_ptr->row_pointers);
621 info_ptr->row_pointers = NULL;
622 }
623 info_ptr->valid &= ~PNG_INFO_IDAT;
624 }
625 #endif
626
627 if (num != -1)
628 mask &= ~PNG_FREE_MUL;
629
630 info_ptr->free_me &= ~mask;
631 }
632 #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
633
634 /* This function returns a pointer to the io_ptr associated with the user
635 * functions. The application should free any memory associated with this
636 * pointer before png_write_destroy() or png_read_destroy() are called.
637 */
638 png_voidp PNGAPI
639 png_get_io_ptr(png_const_structrp png_ptr)
640 {
641 if (png_ptr == NULL)
642 return (NULL);
643
644 return (png_ptr->io_ptr);
645 }
646
647 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
648 # ifdef PNG_STDIO_SUPPORTED
649 /* Initialize the default input/output functions for the PNG file. If you
650 * use your own read or write routines, you can call either png_set_read_fn()
651 * or png_set_write_fn() instead of png_init_io(). If you have defined
652 * PNG_NO_STDIO or otherwise disabled PNG_STDIO_SUPPORTED, you must use a
653 * function of your own because "FILE *" isn't necessarily available.
654 */
655 void PNGAPI
656 png_init_io(png_structrp png_ptr, png_FILE_p fp)
657 {
658 png_debug(1, "in png_init_io");
659
660 if (png_ptr == NULL)
661 return;
662
663 png_ptr->io_ptr = (png_voidp)fp;
664 }
665 # endif
666
667 #ifdef PNG_SAVE_INT_32_SUPPORTED
668 /* The png_save_int_32 function assumes integers are stored in two's
669 * complement format. If this isn't the case, then this routine needs to
670 * be modified to write data in two's complement format. Note that,
671 * the following works correctly even if png_int_32 has more than 32 bits
672 * (compare the more complex code required on read for sign extension.)
673 */
674 void PNGAPI
675 png_save_int_32(png_bytep buf, png_int_32 i)
676 {
677 buf[0] = (png_byte)((i >> 24) & 0xff);
678 buf[1] = (png_byte)((i >> 16) & 0xff);
679 buf[2] = (png_byte)((i >> 8) & 0xff);
680 buf[3] = (png_byte)(i & 0xff);
681 }
682 #endif
683
684 # ifdef PNG_TIME_RFC1123_SUPPORTED
685 /* Convert the supplied time into an RFC 1123 string suitable for use in
686 * a "Creation Time" or other text-based time string.
687 */
688 int PNGAPI
689 png_convert_to_rfc1123_buffer(char out[29], png_const_timep ptime)
690 {
691 static PNG_CONST char short_months[12][4] =
692 {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
693 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
694
695 if (out == NULL)
696 return 0;
697
698 if (ptime->year > 9999 /* RFC1123 limitation */ ||
699 ptime->month == 0 || ptime->month > 12 ||
700 ptime->day == 0 || ptime->day > 31 ||
701 ptime->hour > 23 || ptime->minute > 59 ||
702 ptime->second > 60)
703 return 0;
704
705 {
706 size_t pos = 0;
707 char number_buf[5]; /* enough for a four-digit year */
708
709 # define APPEND_STRING(string) pos = png_safecat(out, 29, pos, (string))
710 # define APPEND_NUMBER(format, value)\
711 APPEND_STRING(PNG_FORMAT_NUMBER(number_buf, format, (value)))
712 # define APPEND(ch) if (pos < 28) out[pos++] = (ch)
713
714 APPEND_NUMBER(PNG_NUMBER_FORMAT_u, (unsigned)ptime->day);
715 APPEND(' ');
716 APPEND_STRING(short_months[(ptime->month - 1)]);
717 APPEND(' ');
718 APPEND_NUMBER(PNG_NUMBER_FORMAT_u, ptime->year);
719 APPEND(' ');
720 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->hour);
721 APPEND(':');
722 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->minute);
723 APPEND(':');
724 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->second);
725 APPEND_STRING(" +0000"); /* This reliably terminates the buffer */
726
727 # undef APPEND
728 # undef APPEND_NUMBER
729 # undef APPEND_STRING
730 }
731
732 return 1;
733 }
734
735 # if PNG_LIBPNG_VER < 10700
736 /* To do: remove the following from libpng-1.7 */
737 /* Original API that uses a private buffer in png_struct.
738 * Deprecated because it causes png_struct to carry a spurious temporary
739 * buffer (png_struct::time_buffer), better to have the caller pass this in.
740 */
741 png_const_charp PNGAPI
742 png_convert_to_rfc1123(png_structrp png_ptr, png_const_timep ptime)
743 {
744 if (png_ptr != NULL)
745 {
746 /* The only failure above if png_ptr != NULL is from an invalid ptime */
747 if (!png_convert_to_rfc1123_buffer(png_ptr->time_buffer, ptime))
748 png_warning(png_ptr, "Ignoring invalid time value");
749
750 else
751 return png_ptr->time_buffer;
752 }
753
754 return NULL;
755 }
756 # endif
757 # endif /* PNG_TIME_RFC1123_SUPPORTED */
758
759 #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
760
761 png_const_charp PNGAPI
762 png_get_copyright(png_const_structrp png_ptr)
763 {
764 PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */
765 #ifdef PNG_STRING_COPYRIGHT
766 return PNG_STRING_COPYRIGHT
767 #else
768 # ifdef __STDC__
769 return PNG_STRING_NEWLINE \
770 "libpng version 1.6.3 - July 18, 2013" PNG_STRING_NEWLINE \
771 "Copyright (c) 1998-2013 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
772 "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
773 "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
774 PNG_STRING_NEWLINE;
775 # else
776 return "libpng version 1.6.3 - July 18, 2013\
777 Copyright (c) 1998-2013 Glenn Randers-Pehrson\
778 Copyright (c) 1996-1997 Andreas Dilger\
779 Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
780 # endif
781 #endif
782 }
783
784 /* The following return the library version as a short string in the
785 * format 1.0.0 through 99.99.99zz. To get the version of *.h files
786 * used with your application, print out PNG_LIBPNG_VER_STRING, which
787 * is defined in png.h.
788 * Note: now there is no difference between png_get_libpng_ver() and
789 * png_get_header_ver(). Due to the version_nn_nn_nn typedef guard,
790 * it is guaranteed that png.c uses the correct version of png.h.
791 */
792 png_const_charp PNGAPI
793 png_get_libpng_ver(png_const_structrp png_ptr)
794 {
795 /* Version of *.c files used when building libpng */
796 return png_get_header_ver(png_ptr);
797 }
798
799 png_const_charp PNGAPI
800 png_get_header_ver(png_const_structrp png_ptr)
801 {
802 /* Version of *.h files used when building libpng */
803 PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */
804 return PNG_LIBPNG_VER_STRING;
805 }
806
807 png_const_charp PNGAPI
808 png_get_header_version(png_const_structrp png_ptr)
809 {
810 /* Returns longer string containing both version and date */
811 PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */
812 #ifdef __STDC__
813 return PNG_HEADER_VERSION_STRING
814 # ifndef PNG_READ_SUPPORTED
815 " (NO READ SUPPORT)"
816 # endif
817 PNG_STRING_NEWLINE;
818 #else
819 return PNG_HEADER_VERSION_STRING;
820 #endif
821 }
822
823 #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED
824 int PNGAPI
825 png_handle_as_unknown(png_const_structrp png_ptr, png_const_bytep chunk_name)
826 {
827 /* Check chunk_name and return "keep" value if it's on the list, else 0 */
828 png_const_bytep p, p_end;
829
830 if (png_ptr == NULL || chunk_name == NULL || png_ptr->num_chunk_list == 0)
831 return PNG_HANDLE_CHUNK_AS_DEFAULT;
832
833 p_end = png_ptr->chunk_list;
834 p = p_end + png_ptr->num_chunk_list*5; /* beyond end */
835
836 /* The code is the fifth byte after each four byte string. Historically this
837 * code was always searched from the end of the list, this is no longer
838 * necessary because the 'set' routine handles duplicate entries correcty.
839 */
840 do /* num_chunk_list > 0, so at least one */
841 {
842 p -= 5;
843
844 if (!memcmp(chunk_name, p, 4))
845 return p[4];
846 }
847 while (p > p_end);
848
849 /* This means that known chunks should be processed and unknown chunks should
850 * be handled according to the value of png_ptr->unknown_default; this can be
851 * confusing because, as a result, there are two levels of defaulting for
852 * unknown chunks.
853 */
854 return PNG_HANDLE_CHUNK_AS_DEFAULT;
855 }
856
857 #ifdef PNG_READ_UNKNOWN_CHUNKS_SUPPORTED
858 int /* PRIVATE */
859 png_chunk_unknown_handling(png_const_structrp png_ptr, png_uint_32 chunk_name)
860 {
861 png_byte chunk_string[5];
862
863 PNG_CSTRING_FROM_CHUNK(chunk_string, chunk_name);
864 return png_handle_as_unknown(png_ptr, chunk_string);
865 }
866 #endif /* READ_UNKNOWN_CHUNKS */
867 #endif /* SET_UNKNOWN_CHUNKS */
868
869 #ifdef PNG_READ_SUPPORTED
870 /* This function, added to libpng-1.0.6g, is untested. */
871 int PNGAPI
872 png_reset_zstream(png_structrp png_ptr)
873 {
874 if (png_ptr == NULL)
875 return Z_STREAM_ERROR;
876
877 /* WARNING: this resets the window bits to the maximum! */
878 return (inflateReset(&png_ptr->zstream));
879 }
880 #endif /* PNG_READ_SUPPORTED */
881
882 /* This function was added to libpng-1.0.7 */
883 png_uint_32 PNGAPI
884 png_access_version_number(void)
885 {
886 /* Version of *.c files used when building libpng */
887 return((png_uint_32)PNG_LIBPNG_VER);
888 }
889
890
891
892 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
893 /* Ensure that png_ptr->zstream.msg holds some appropriate error message string.
894 * If it doesn't 'ret' is used to set it to something appropriate, even in cases
895 * like Z_OK or Z_STREAM_END where the error code is apparently a success code.
896 */
897 void /* PRIVATE */
898 png_zstream_error(png_structrp png_ptr, int ret)
899 {
900 /* Translate 'ret' into an appropriate error string, priority is given to the
901 * one in zstream if set. This always returns a string, even in cases like
902 * Z_OK or Z_STREAM_END where the error code is a success code.
903 */
904 if (png_ptr->zstream.msg == NULL) switch (ret)
905 {
906 default:
907 case Z_OK:
908 png_ptr->zstream.msg = PNGZ_MSG_CAST("unexpected zlib return code");
909 break;
910
911 case Z_STREAM_END:
912 /* Normal exit */
913 png_ptr->zstream.msg = PNGZ_MSG_CAST("unexpected end of LZ stream");
914 break;
915
916 case Z_NEED_DICT:
917 /* This means the deflate stream did not have a dictionary; this
918 * indicates a bogus PNG.
919 */
920 png_ptr->zstream.msg = PNGZ_MSG_CAST("missing LZ dictionary");
921 break;
922
923 case Z_ERRNO:
924 /* gz APIs only: should not happen */
925 png_ptr->zstream.msg = PNGZ_MSG_CAST("zlib IO error");
926 break;
927
928 case Z_STREAM_ERROR:
929 /* internal libpng error */
930 png_ptr->zstream.msg = PNGZ_MSG_CAST("bad parameters to zlib");
931 break;
932
933 case Z_DATA_ERROR:
934 png_ptr->zstream.msg = PNGZ_MSG_CAST("damaged LZ stream");
935 break;
936
937 case Z_MEM_ERROR:
938 png_ptr->zstream.msg = PNGZ_MSG_CAST("insufficient memory");
939 break;
940
941 case Z_BUF_ERROR:
942 /* End of input or output; not a problem if the caller is doing
943 * incremental read or write.
944 */
945 png_ptr->zstream.msg = PNGZ_MSG_CAST("truncated");
946 break;
947
948 case Z_VERSION_ERROR:
949 png_ptr->zstream.msg = PNGZ_MSG_CAST("unsupported zlib version");
950 break;
951
952 case PNG_UNEXPECTED_ZLIB_RETURN:
953 /* Compile errors here mean that zlib now uses the value co-opted in
954 * pngpriv.h for PNG_UNEXPECTED_ZLIB_RETURN; update the switch above
955 * and change pngpriv.h. Note that this message is "... return",
956 * whereas the default/Z_OK one is "... return code".
957 */
958 png_ptr->zstream.msg = PNGZ_MSG_CAST("unexpected zlib return");
959 break;
960 }
961 }
962
963 /* png_convert_size: a PNGAPI but no longer in png.h, so deleted
964 * at libpng 1.5.5!
965 */
966
967 /* Added at libpng version 1.2.34 and 1.4.0 (moved from pngset.c) */
968 #ifdef PNG_GAMMA_SUPPORTED /* always set if COLORSPACE */
969 static int
970 png_colorspace_check_gamma(png_const_structrp png_ptr,
971 png_colorspacerp colorspace, png_fixed_point gAMA, int from)
972 /* This is called to check a new gamma value against an existing one. The
973 * routine returns false if the new gamma value should not be written.
974 *
975 * 'from' says where the new gamma value comes from:
976 *
977 * 0: the new gamma value is the libpng estimate for an ICC profile
978 * 1: the new gamma value comes from a gAMA chunk
979 * 2: the new gamma value comes from an sRGB chunk
980 */
981 {
982 png_fixed_point gtest;
983
984 if ((colorspace->flags & PNG_COLORSPACE_HAVE_GAMMA) != 0 &&
985 (!png_muldiv(&gtest, colorspace->gamma, PNG_FP_1, gAMA) ||
986 png_gamma_significant(gtest)))
987 {
988 /* Either this is an sRGB image, in which case the calculated gamma
989 * approximation should match, or this is an image with a profile and the
990 * value libpng calculates for the gamma of the profile does not match the
991 * value recorded in the file. The former, sRGB, case is an error, the
992 * latter is just a warning.
993 */
994 if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != 0 || from == 2)
995 {
996 png_chunk_report(png_ptr, "gamma value does not match sRGB",
997 PNG_CHUNK_ERROR);
998 /* Do not overwrite an sRGB value */
999 return from == 2;
1000 }
1001
1002 else /* sRGB tag not involved */
1003 {
1004 png_chunk_report(png_ptr, "gamma value does not match libpng estimate",
1005 PNG_CHUNK_WARNING);
1006 return from == 1;
1007 }
1008 }
1009
1010 return 1;
1011 }
1012
1013 void /* PRIVATE */
1014 png_colorspace_set_gamma(png_const_structrp png_ptr,
1015 png_colorspacerp colorspace, png_fixed_point gAMA)
1016 {
1017 /* Changed in libpng-1.5.4 to limit the values to ensure overflow can't
1018 * occur. Since the fixed point representation is assymetrical it is
1019 * possible for 1/gamma to overflow the limit of 21474 and this means the
1020 * gamma value must be at least 5/100000 and hence at most 20000.0. For
1021 * safety the limits here are a little narrower. The values are 0.00016 to
1022 * 6250.0, which are truly ridiculous gamma values (and will produce
1023 * displays that are all black or all white.)
1024 *
1025 * In 1.6.0 this test replaces the ones in pngrutil.c, in the gAMA chunk
1026 * handling code, which only required the value to be >0.
1027 */
1028 png_const_charp errmsg;
1029
1030 if (gAMA < 16 || gAMA > 625000000)
1031 errmsg = "gamma value out of range";
1032
1033 # ifdef PNG_READ_gAMA_SUPPORTED
1034 /* Allow the application to set the gamma value more than once */
1035 else if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0 &&
1036 (colorspace->flags & PNG_COLORSPACE_FROM_gAMA) != 0)
1037 errmsg = "duplicate";
1038 # endif
1039
1040 /* Do nothing if the colorspace is already invalid */
1041 else if (colorspace->flags & PNG_COLORSPACE_INVALID)
1042 return;
1043
1044 else
1045 {
1046 if (png_colorspace_check_gamma(png_ptr, colorspace, gAMA, 1/*from gAMA*/))
1047 {
1048 /* Store this gamma value. */
1049 colorspace->gamma = gAMA;
1050 colorspace->flags |=
1051 (PNG_COLORSPACE_HAVE_GAMMA | PNG_COLORSPACE_FROM_gAMA);
1052 }
1053
1054 /* At present if the check_gamma test fails the gamma of the colorspace is
1055 * not updated however the colorspace is not invalidated. This
1056 * corresponds to the case where the existing gamma comes from an sRGB
1057 * chunk or profile. An error message has already been output.
1058 */
1059 return;
1060 }
1061
1062 /* Error exit - errmsg has been set. */
1063 colorspace->flags |= PNG_COLORSPACE_INVALID;
1064 png_chunk_report(png_ptr, errmsg, PNG_CHUNK_WRITE_ERROR);
1065 }
1066
1067 void /* PRIVATE */
1068 png_colorspace_sync_info(png_const_structrp png_ptr, png_inforp info_ptr)
1069 {
1070 if (info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID)
1071 {
1072 /* Everything is invalid */
1073 info_ptr->valid &= ~(PNG_INFO_gAMA|PNG_INFO_cHRM|PNG_INFO_sRGB|
1074 PNG_INFO_iCCP);
1075
1076 # ifdef PNG_COLORSPACE_SUPPORTED
1077 /* Clean up the iCCP profile now if it won't be used. */
1078 png_free_data(png_ptr, info_ptr, PNG_FREE_ICCP, -1/*not used*/);
1079 # else
1080 PNG_UNUSED(png_ptr)
1081 # endif
1082 }
1083
1084 else
1085 {
1086 # ifdef PNG_COLORSPACE_SUPPORTED
1087 /* Leave the INFO_iCCP flag set if the pngset.c code has already set
1088 * it; this allows a PNG to contain a profile which matches sRGB and
1089 * yet still have that profile retrievable by the application.
1090 */
1091 if (info_ptr->colorspace.flags & PNG_COLORSPACE_MATCHES_sRGB)
1092 info_ptr->valid |= PNG_INFO_sRGB;
1093
1094 else
1095 info_ptr->valid &= ~PNG_INFO_sRGB;
1096
1097 if (info_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_ENDPOINTS)
1098 info_ptr->valid |= PNG_INFO_cHRM;
1099
1100 else
1101 info_ptr->valid &= ~PNG_INFO_cHRM;
1102 # endif
1103
1104 if (info_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_GAMMA)
1105 info_ptr->valid |= PNG_INFO_gAMA;
1106
1107 else
1108 info_ptr->valid &= ~PNG_INFO_gAMA;
1109 }
1110 }
1111
1112 #ifdef PNG_READ_SUPPORTED
1113 void /* PRIVATE */
1114 png_colorspace_sync(png_const_structrp png_ptr, png_inforp info_ptr)
1115 {
1116 if (info_ptr == NULL) /* reduce code size; check here not in the caller */
1117 return;
1118
1119 info_ptr->colorspace = png_ptr->colorspace;
1120 png_colorspace_sync_info(png_ptr, info_ptr);
1121 }
1122 #endif
1123 #endif
1124
1125 #ifdef PNG_COLORSPACE_SUPPORTED
1126 /* Added at libpng-1.5.5 to support read and write of true CIEXYZ values for
1127 * cHRM, as opposed to using chromaticities. These internal APIs return
1128 * non-zero on a parameter error. The X, Y and Z values are required to be
1129 * positive and less than 1.0.
1130 */
1131 static int
1132 png_xy_from_XYZ(png_xy *xy, const png_XYZ *XYZ)
1133 {
1134 png_int_32 d, dwhite, whiteX, whiteY;
1135
1136 d = XYZ->red_X + XYZ->red_Y + XYZ->red_Z;
1137 if (!png_muldiv(&xy->redx, XYZ->red_X, PNG_FP_1, d)) return 1;
1138 if (!png_muldiv(&xy->redy, XYZ->red_Y, PNG_FP_1, d)) return 1;
1139 dwhite = d;
1140 whiteX = XYZ->red_X;
1141 whiteY = XYZ->red_Y;
1142
1143 d = XYZ->green_X + XYZ->green_Y + XYZ->green_Z;
1144 if (!png_muldiv(&xy->greenx, XYZ->green_X, PNG_FP_1, d)) return 1;
1145 if (!png_muldiv(&xy->greeny, XYZ->green_Y, PNG_FP_1, d)) return 1;
1146 dwhite += d;
1147 whiteX += XYZ->green_X;
1148 whiteY += XYZ->green_Y;
1149
1150 d = XYZ->blue_X + XYZ->blue_Y + XYZ->blue_Z;
1151 if (!png_muldiv(&xy->bluex, XYZ->blue_X, PNG_FP_1, d)) return 1;
1152 if (!png_muldiv(&xy->bluey, XYZ->blue_Y, PNG_FP_1, d)) return 1;
1153 dwhite += d;
1154 whiteX += XYZ->blue_X;
1155 whiteY += XYZ->blue_Y;
1156
1157 /* The reference white is simply the sum of the end-point (X,Y,Z) vectors,
1158 * thus:
1159 */
1160 if (!png_muldiv(&xy->whitex, whiteX, PNG_FP_1, dwhite)) return 1;
1161 if (!png_muldiv(&xy->whitey, whiteY, PNG_FP_1, dwhite)) return 1;
1162
1163 return 0;
1164 }
1165
1166 static int
1167 png_XYZ_from_xy(png_XYZ *XYZ, const png_xy *xy)
1168 {
1169 png_fixed_point red_inverse, green_inverse, blue_scale;
1170 png_fixed_point left, right, denominator;
1171
1172 /* Check xy and, implicitly, z. Note that wide gamut color spaces typically
1173 * have end points with 0 tristimulus values (these are impossible end
1174 * points, but they are used to cover the possible colors.)
1175 */
1176 if (xy->redx < 0 || xy->redx > PNG_FP_1) return 1;
1177 if (xy->redy < 0 || xy->redy > PNG_FP_1-xy->redx) return 1;
1178 if (xy->greenx < 0 || xy->greenx > PNG_FP_1) return 1;
1179 if (xy->greeny < 0 || xy->greeny > PNG_FP_1-xy->greenx) return 1;
1180 if (xy->bluex < 0 || xy->bluex > PNG_FP_1) return 1;
1181 if (xy->bluey < 0 || xy->bluey > PNG_FP_1-xy->bluex) return 1;
1182 if (xy->whitex < 0 || xy->whitex > PNG_FP_1) return 1;
1183 if (xy->whitey < 0 || xy->whitey > PNG_FP_1-xy->whitex) return 1;
1184
1185 /* The reverse calculation is more difficult because the original tristimulus
1186 * value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8
1187 * derived values were recorded in the cHRM chunk;
1188 * (red,green,blue,white)x(x,y). This loses one degree of freedom and
1189 * therefore an arbitrary ninth value has to be introduced to undo the
1190 * original transformations.
1191 *
1192 * Think of the original end-points as points in (X,Y,Z) space. The
1193 * chromaticity values (c) have the property:
1194 *
1195 * C
1196 * c = ---------
1197 * X + Y + Z
1198 *
1199 * For each c (x,y,z) from the corresponding original C (X,Y,Z). Thus the
1200 * three chromaticity values (x,y,z) for each end-point obey the
1201 * relationship:
1202 *
1203 * x + y + z = 1
1204 *
1205 * This describes the plane in (X,Y,Z) space that intersects each axis at the
1206 * value 1.0; call this the chromaticity plane. Thus the chromaticity
1207 * calculation has scaled each end-point so that it is on the x+y+z=1 plane
1208 * and chromaticity is the intersection of the vector from the origin to the
1209 * (X,Y,Z) value with the chromaticity plane.
1210 *
1211 * To fully invert the chromaticity calculation we would need the three
1212 * end-point scale factors, (red-scale, green-scale, blue-scale), but these
1213 * were not recorded. Instead we calculated the reference white (X,Y,Z) and
1214 * recorded the chromaticity of this. The reference white (X,Y,Z) would have
1215 * given all three of the scale factors since:
1216 *
1217 * color-C = color-c * color-scale
1218 * white-C = red-C + green-C + blue-C
1219 * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
1220 *
1221 * But cHRM records only white-x and white-y, so we have lost the white scale
1222 * factor:
1223 *
1224 * white-C = white-c*white-scale
1225 *
1226 * To handle this the inverse transformation makes an arbitrary assumption
1227 * about white-scale:
1228 *
1229 * Assume: white-Y = 1.0
1230 * Hence: white-scale = 1/white-y
1231 * Or: red-Y + green-Y + blue-Y = 1.0
1232 *
1233 * Notice the last statement of the assumption gives an equation in three of
1234 * the nine values we want to calculate. 8 more equations come from the
1235 * above routine as summarised at the top above (the chromaticity
1236 * calculation):
1237 *
1238 * Given: color-x = color-X / (color-X + color-Y + color-Z)
1239 * Hence: (color-x - 1)*color-X + color.x*color-Y + color.x*color-Z = 0
1240 *
1241 * This is 9 simultaneous equations in the 9 variables "color-C" and can be
1242 * solved by Cramer's rule. Cramer's rule requires calculating 10 9x9 matrix
1243 * determinants, however this is not as bad as it seems because only 28 of
1244 * the total of 90 terms in the various matrices are non-zero. Nevertheless
1245 * Cramer's rule is notoriously numerically unstable because the determinant
1246 * calculation involves the difference of large, but similar, numbers. It is
1247 * difficult to be sure that the calculation is stable for real world values
1248 * and it is certain that it becomes unstable where the end points are close
1249 * together.
1250 *
1251 * So this code uses the perhaps slightly less optimal but more
1252 * understandable and totally obvious approach of calculating color-scale.
1253 *
1254 * This algorithm depends on the precision in white-scale and that is
1255 * (1/white-y), so we can immediately see that as white-y approaches 0 the
1256 * accuracy inherent in the cHRM chunk drops off substantially.
1257 *
1258 * libpng arithmetic: a simple invertion of the above equations
1259 * ------------------------------------------------------------
1260 *
1261 * white_scale = 1/white-y
1262 * white-X = white-x * white-scale
1263 * white-Y = 1.0
1264 * white-Z = (1 - white-x - white-y) * white_scale
1265 *
1266 * white-C = red-C + green-C + blue-C
1267 * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
1268 *
1269 * This gives us three equations in (red-scale,green-scale,blue-scale) where
1270 * all the coefficients are now known:
1271 *
1272 * red-x*red-scale + green-x*green-scale + blue-x*blue-scale
1273 * = white-x/white-y
1274 * red-y*red-scale + green-y*green-scale + blue-y*blue-scale = 1
1275 * red-z*red-scale + green-z*green-scale + blue-z*blue-scale
1276 * = (1 - white-x - white-y)/white-y
1277 *
1278 * In the last equation color-z is (1 - color-x - color-y) so we can add all
1279 * three equations together to get an alternative third:
1280 *
1281 * red-scale + green-scale + blue-scale = 1/white-y = white-scale
1282 *
1283 * So now we have a Cramer's rule solution where the determinants are just
1284 * 3x3 - far more tractible. Unfortunately 3x3 determinants still involve
1285 * multiplication of three coefficients so we can't guarantee to avoid
1286 * overflow in the libpng fixed point representation. Using Cramer's rule in
1287 * floating point is probably a good choice here, but it's not an option for
1288 * fixed point. Instead proceed to simplify the first two equations by
1289 * eliminating what is likely to be the largest value, blue-scale:
1290 *
1291 * blue-scale = white-scale - red-scale - green-scale
1292 *
1293 * Hence:
1294 *
1295 * (red-x - blue-x)*red-scale + (green-x - blue-x)*green-scale =
1296 * (white-x - blue-x)*white-scale
1297 *
1298 * (red-y - blue-y)*red-scale + (green-y - blue-y)*green-scale =
1299 * 1 - blue-y*white-scale
1300 *
1301 * And now we can trivially solve for (red-scale,green-scale):
1302 *
1303 * green-scale =
1304 * (white-x - blue-x)*white-scale - (red-x - blue-x)*red-scale
1305 * -----------------------------------------------------------
1306 * green-x - blue-x
1307 *
1308 * red-scale =
1309 * 1 - blue-y*white-scale - (green-y - blue-y) * green-scale
1310 * ---------------------------------------------------------
1311 * red-y - blue-y
1312 *
1313 * Hence:
1314 *
1315 * red-scale =
1316 * ( (green-x - blue-x) * (white-y - blue-y) -
1317 * (green-y - blue-y) * (white-x - blue-x) ) / white-y
1318 * -------------------------------------------------------------------------
1319 * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
1320 *
1321 * green-scale =
1322 * ( (red-y - blue-y) * (white-x - blue-x) -
1323 * (red-x - blue-x) * (white-y - blue-y) ) / white-y
1324 * -------------------------------------------------------------------------
1325 * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
1326 *
1327 * Accuracy:
1328 * The input values have 5 decimal digits of accuracy. The values are all in
1329 * the range 0 < value < 1, so simple products are in the same range but may
1330 * need up to 10 decimal digits to preserve the original precision and avoid
1331 * underflow. Because we are using a 32-bit signed representation we cannot
1332 * match this; the best is a little over 9 decimal digits, less than 10.
1333 *
1334 * The approach used here is to preserve the maximum precision within the
1335 * signed representation. Because the red-scale calculation above uses the
1336 * difference between two products of values that must be in the range -1..+1
1337 * it is sufficient to divide the product by 7; ceil(100,000/32767*2). The
1338 * factor is irrelevant in the calculation because it is applied to both
1339 * numerator and denominator.
1340 *
1341 * Note that the values of the differences of the products of the
1342 * chromaticities in the above equations tend to be small, for example for
1343 * the sRGB chromaticities they are:
1344 *
1345 * red numerator: -0.04751
1346 * green numerator: -0.08788
1347 * denominator: -0.2241 (without white-y multiplication)
1348 *
1349 * The resultant Y coefficients from the chromaticities of some widely used
1350 * color space definitions are (to 15 decimal places):
1351 *
1352 * sRGB
1353 * 0.212639005871510 0.715168678767756 0.072192315360734
1354 * Kodak ProPhoto
1355 * 0.288071128229293 0.711843217810102 0.000085653960605
1356 * Adobe RGB
1357 * 0.297344975250536 0.627363566255466 0.075291458493998
1358 * Adobe Wide Gamut RGB
1359 * 0.258728243040113 0.724682314948566 0.016589442011321
1360 */
1361 /* By the argument, above overflow should be impossible here. The return
1362 * value of 2 indicates an internal error to the caller.
1363 */
1364 if (!png_muldiv(&left, xy->greenx-xy->bluex, xy->redy - xy->bluey, 7))
1365 return 2;
1366 if (!png_muldiv(&right, xy->greeny-xy->bluey, xy->redx - xy->bluex, 7))
1367 return 2;
1368 denominator = left - right;
1369
1370 /* Now find the red numerator. */
1371 if (!png_muldiv(&left, xy->greenx-xy->bluex, xy->whitey-xy->bluey, 7))
1372 return 2;
1373 if (!png_muldiv(&right, xy->greeny-xy->bluey, xy->whitex-xy->bluex, 7))
1374 return 2;
1375
1376 /* Overflow is possible here and it indicates an extreme set of PNG cHRM
1377 * chunk values. This calculation actually returns the reciprocal of the
1378 * scale value because this allows us to delay the multiplication of white-y
1379 * into the denominator, which tends to produce a small number.
1380 */
1381 if (!png_muldiv(&red_inverse, xy->whitey, denominator, left-right) ||
1382 red_inverse <= xy->whitey /* r+g+b scales = white scale */)
1383 return 1;
1384
1385 /* Similarly for green_inverse: */
1386 if (!png_muldiv(&left, xy->redy-xy->bluey, xy->whitex-xy->bluex, 7))
1387 return 2;
1388 if (!png_muldiv(&right, xy->redx-xy->bluex, xy->whitey-xy->bluey, 7))
1389 return 2;
1390 if (!png_muldiv(&green_inverse, xy->whitey, denominator, left-right) ||
1391 green_inverse <= xy->whitey)
1392 return 1;
1393
1394 /* And the blue scale, the checks above guarantee this can't overflow but it
1395 * can still produce 0 for extreme cHRM values.
1396 */
1397 blue_scale = png_reciprocal(xy->whitey) - png_reciprocal(red_inverse) -
1398 png_reciprocal(green_inverse);
1399 if (blue_scale <= 0) return 1;
1400
1401
1402 /* And fill in the png_XYZ: */
1403 if (!png_muldiv(&XYZ->red_X, xy->redx, PNG_FP_1, red_inverse)) return 1;
1404 if (!png_muldiv(&XYZ->red_Y, xy->redy, PNG_FP_1, red_inverse)) return 1;
1405 if (!png_muldiv(&XYZ->red_Z, PNG_FP_1 - xy->redx - xy->redy, PNG_FP_1,
1406 red_inverse))
1407 return 1;
1408
1409 if (!png_muldiv(&XYZ->green_X, xy->greenx, PNG_FP_1, green_inverse))
1410 return 1;
1411 if (!png_muldiv(&XYZ->green_Y, xy->greeny, PNG_FP_1, green_inverse))
1412 return 1;
1413 if (!png_muldiv(&XYZ->green_Z, PNG_FP_1 - xy->greenx - xy->greeny, PNG_FP_1,
1414 green_inverse))
1415 return 1;
1416
1417 if (!png_muldiv(&XYZ->blue_X, xy->bluex, blue_scale, PNG_FP_1)) return 1;
1418 if (!png_muldiv(&XYZ->blue_Y, xy->bluey, blue_scale, PNG_FP_1)) return 1;
1419 if (!png_muldiv(&XYZ->blue_Z, PNG_FP_1 - xy->bluex - xy->bluey, blue_scale,
1420 PNG_FP_1))
1421 return 1;
1422
1423 return 0; /*success*/
1424 }
1425
1426 static int
1427 png_XYZ_normalize(png_XYZ *XYZ)
1428 {
1429 png_int_32 Y;
1430
1431 if (XYZ->red_Y < 0 || XYZ->green_Y < 0 || XYZ->blue_Y < 0 ||
1432 XYZ->red_X < 0 || XYZ->green_X < 0 || XYZ->blue_X < 0 ||
1433 XYZ->red_Z < 0 || XYZ->green_Z < 0 || XYZ->blue_Z < 0)
1434 return 1;
1435
1436 /* Normalize by scaling so the sum of the end-point Y values is PNG_FP_1.
1437 * IMPLEMENTATION NOTE: ANSI requires signed overflow not to occur, therefore
1438 * relying on addition of two positive values producing a negative one is not
1439 * safe.
1440 */
1441 Y = XYZ->red_Y;
1442 if (0x7fffffff - Y < XYZ->green_X) return 1;
1443 Y += XYZ->green_Y;
1444 if (0x7fffffff - Y < XYZ->blue_X) return 1;
1445 Y += XYZ->blue_Y;
1446
1447 if (Y != PNG_FP_1)
1448 {
1449 if (!png_muldiv(&XYZ->red_X, XYZ->red_X, PNG_FP_1, Y)) return 1;
1450 if (!png_muldiv(&XYZ->red_Y, XYZ->red_Y, PNG_FP_1, Y)) return 1;
1451 if (!png_muldiv(&XYZ->red_Z, XYZ->red_Z, PNG_FP_1, Y)) return 1;
1452
1453 if (!png_muldiv(&XYZ->green_X, XYZ->green_X, PNG_FP_1, Y)) return 1;
1454 if (!png_muldiv(&XYZ->green_Y, XYZ->green_Y, PNG_FP_1, Y)) return 1;
1455 if (!png_muldiv(&XYZ->green_Z, XYZ->green_Z, PNG_FP_1, Y)) return 1;
1456
1457 if (!png_muldiv(&XYZ->blue_X, XYZ->blue_X, PNG_FP_1, Y)) return 1;
1458 if (!png_muldiv(&XYZ->blue_Y, XYZ->blue_Y, PNG_FP_1, Y)) return 1;
1459 if (!png_muldiv(&XYZ->blue_Z, XYZ->blue_Z, PNG_FP_1, Y)) return 1;
1460 }
1461
1462 return 0;
1463 }
1464
1465 static int
1466 png_colorspace_endpoints_match(const png_xy *xy1, const png_xy *xy2, int delta)
1467 {
1468 /* Allow an error of +/-0.01 (absolute value) on each chromaticity */
1469 return !(PNG_OUT_OF_RANGE(xy1->whitex, xy2->whitex,delta) ||
1470 PNG_OUT_OF_RANGE(xy1->whitey, xy2->whitey,delta) ||
1471 PNG_OUT_OF_RANGE(xy1->redx, xy2->redx, delta) ||
1472 PNG_OUT_OF_RANGE(xy1->redy, xy2->redy, delta) ||
1473 PNG_OUT_OF_RANGE(xy1->greenx, xy2->greenx,delta) ||
1474 PNG_OUT_OF_RANGE(xy1->greeny, xy2->greeny,delta) ||
1475 PNG_OUT_OF_RANGE(xy1->bluex, xy2->bluex, delta) ||
1476 PNG_OUT_OF_RANGE(xy1->bluey, xy2->bluey, delta));
1477 }
1478
1479 /* Added in libpng-1.6.0, a different check for the validity of a set of cHRM
1480 * chunk chromaticities. Earlier checks used to simply look for the overflow
1481 * condition (where the determinant of the matrix to solve for XYZ ends up zero
1482 * because the chromaticity values are not all distinct.) Despite this it is
1483 * theoretically possible to produce chromaticities that are apparently valid
1484 * but that rapidly degrade to invalid, potentially crashing, sets because of
1485 * arithmetic inaccuracies when calculations are performed on them. The new
1486 * check is to round-trip xy -> XYZ -> xy and then check that the result is
1487 * within a small percentage of the original.
1488 */
1489 static int
1490 png_colorspace_check_xy(png_XYZ *XYZ, const png_xy *xy)
1491 {
1492 int result;
1493 png_xy xy_test;
1494
1495 /* As a side-effect this routine also returns the XYZ endpoints. */
1496 result = png_XYZ_from_xy(XYZ, xy);
1497 if (result) return result;
1498
1499 result = png_xy_from_XYZ(&xy_test, XYZ);
1500 if (result) return result;
1501
1502 if (png_colorspace_endpoints_match(xy, &xy_test,
1503 5/*actually, the math is pretty accurate*/))
1504 return 0;
1505
1506 /* Too much slip */
1507 return 1;
1508 }
1509
1510 /* This is the check going the other way. The XYZ is modified to normalize it
1511 * (another side-effect) and the xy chromaticities are returned.
1512 */
1513 static int
1514 png_colorspace_check_XYZ(png_xy *xy, png_XYZ *XYZ)
1515 {
1516 int result;
1517 png_XYZ XYZtemp;
1518
1519 result = png_XYZ_normalize(XYZ);
1520 if (result) return result;
1521
1522 result = png_xy_from_XYZ(xy, XYZ);
1523 if (result) return result;
1524
1525 XYZtemp = *XYZ;
1526 return png_colorspace_check_xy(&XYZtemp, xy);
1527 }
1528
1529 /* Used to check for an endpoint match against sRGB */
1530 static const png_xy sRGB_xy = /* From ITU-R BT.709-3 */
1531 {
1532 /* color x y */
1533 /* red */ 64000, 33000,
1534 /* green */ 30000, 60000,
1535 /* blue */ 15000, 6000,
1536 /* white */ 31270, 32900
1537 };
1538
1539 static int
1540 png_colorspace_set_xy_and_XYZ(png_const_structrp png_ptr,
1541 png_colorspacerp colorspace, const png_xy *xy, const png_XYZ *XYZ,
1542 int preferred)
1543 {
1544 if (colorspace->flags & PNG_COLORSPACE_INVALID)
1545 return 0;
1546
1547 /* The consistency check is performed on the chromaticities; this factors out
1548 * variations because of the normalization (or not) of the end point Y
1549 * values.
1550 */
1551 if (preferred < 2 && (colorspace->flags & PNG_COLORSPACE_HAVE_ENDPOINTS))
1552 {
1553 /* The end points must be reasonably close to any we already have. The
1554 * following allows an error of up to +/-.001
1555 */
1556 if (!png_colorspace_endpoints_match(xy, &colorspace->end_points_xy, 100))
1557 {
1558 colorspace->flags |= PNG_COLORSPACE_INVALID;
1559 png_benign_error(png_ptr, "inconsistent chromaticities");
1560 return 0; /* failed */
1561 }
1562
1563 /* Only overwrite with preferred values */
1564 if (!preferred)
1565 return 1; /* ok, but no change */
1566 }
1567
1568 colorspace->end_points_xy = *xy;
1569 colorspace->end_points_XYZ = *XYZ;
1570 colorspace->flags |= PNG_COLORSPACE_HAVE_ENDPOINTS;
1571
1572 /* The end points are normally quoted to two decimal digits, so allow +/-0.01
1573 * on this test.
1574 */
1575 if (png_colorspace_endpoints_match(xy, &sRGB_xy, 1000))
1576 colorspace->flags |= PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB;
1577
1578 else
1579 colorspace->flags &= PNG_COLORSPACE_CANCEL(
1580 PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB);
1581
1582 return 2; /* ok and changed */
1583 }
1584
1585 int /* PRIVATE */
1586 png_colorspace_set_chromaticities(png_const_structrp png_ptr,
1587 png_colorspacerp colorspace, const png_xy *xy, int preferred)
1588 {
1589 /* We must check the end points to ensure they are reasonable - in the past
1590 * color management systems have crashed as a result of getting bogus
1591 * colorant values, while this isn't the fault of libpng it is the
1592 * responsibility of libpng because PNG carries the bomb and libpng is in a
1593 * position to protect against it.
1594 */
1595 png_XYZ XYZ;
1596
1597 switch (png_colorspace_check_xy(&XYZ, xy))
1598 {
1599 case 0: /* success */
1600 return png_colorspace_set_xy_and_XYZ(png_ptr, colorspace, xy, &XYZ,
1601 preferred);
1602
1603 case 1:
1604 /* We can't invert the chromaticities so we can't produce value XYZ
1605 * values. Likely as not a color management system will fail too.
1606 */
1607 colorspace->flags |= PNG_COLORSPACE_INVALID;
1608 png_benign_error(png_ptr, "invalid chromaticities");
1609 break;
1610
1611 default:
1612 /* libpng is broken; this should be a warning but if it happens we
1613 * want error reports so for the moment it is an error.
1614 */
1615 colorspace->flags |= PNG_COLORSPACE_INVALID;
1616 png_error(png_ptr, "internal error checking chromaticities");
1617 break;
1618 }
1619
1620 return 0; /* failed */
1621 }
1622
1623 int /* PRIVATE */
1624 png_colorspace_set_endpoints(png_const_structrp png_ptr,
1625 png_colorspacerp colorspace, const png_XYZ *XYZ_in, int preferred)
1626 {
1627 png_XYZ XYZ = *XYZ_in;
1628 png_xy xy;
1629
1630 switch (png_colorspace_check_XYZ(&xy, &XYZ))
1631 {
1632 case 0:
1633 return png_colorspace_set_xy_and_XYZ(png_ptr, colorspace, &xy, &XYZ,
1634 preferred);
1635
1636 case 1:
1637 /* End points are invalid. */
1638 colorspace->flags |= PNG_COLORSPACE_INVALID;
1639 png_benign_error(png_ptr, "invalid end points");
1640 break;
1641
1642 default:
1643 colorspace->flags |= PNG_COLORSPACE_INVALID;
1644 png_error(png_ptr, "internal error checking chromaticities");
1645 break;
1646 }
1647
1648 return 0; /* failed */
1649 }
1650
1651 #if defined(PNG_sRGB_SUPPORTED) || defined(PNG_iCCP_SUPPORTED)
1652 /* Error message generation */
1653 static char
1654 png_icc_tag_char(png_uint_32 byte)
1655 {
1656 byte &= 0xff;
1657 if (byte >= 32 && byte <= 126)
1658 return (char)byte;
1659 else
1660 return '?';
1661 }
1662
1663 static void
1664 png_icc_tag_name(char *name, png_uint_32 tag)
1665 {
1666 name[0] = '\'';
1667 name[1] = png_icc_tag_char(tag >> 24);
1668 name[2] = png_icc_tag_char(tag >> 16);
1669 name[3] = png_icc_tag_char(tag >> 8);
1670 name[4] = png_icc_tag_char(tag );
1671 name[5] = '\'';
1672 }
1673
1674 static int
1675 is_ICC_signature_char(png_alloc_size_t it)
1676 {
1677 return it == 32 || (it >= 48 && it <= 57) || (it >= 65 && it <= 90) ||
1678 (it >= 97 && it <= 122);
1679 }
1680
1681 static int is_ICC_signature(png_alloc_size_t it)
1682 {
1683 return is_ICC_signature_char(it >> 24) /* checks all the top bits */ &&
1684 is_ICC_signature_char((it >> 16) & 0xff) &&
1685 is_ICC_signature_char((it >> 8) & 0xff) &&
1686 is_ICC_signature_char(it & 0xff);
1687 }
1688
1689 static int
1690 png_icc_profile_error(png_const_structrp png_ptr, png_colorspacerp colorspace,
1691 png_const_charp name, png_alloc_size_t value, png_const_charp reason)
1692 {
1693 size_t pos;
1694 char message[196]; /* see below for calculation */
1695
1696 if (colorspace != NULL)
1697 colorspace->flags |= PNG_COLORSPACE_INVALID;
1698
1699 pos = png_safecat(message, (sizeof message), 0, "profile '"); /* 9 chars */
1700 pos = png_safecat(message, pos+79, pos, name); /* Truncate to 79 chars */
1701 pos = png_safecat(message, (sizeof message), pos, "': "); /* +2 = 90 */
1702 if (is_ICC_signature(value))
1703 {
1704 /* So 'value' is at most 4 bytes and the following cast is safe */
1705 png_icc_tag_name(message+pos, (png_uint_32)value);
1706 pos += 6; /* total +8; less than the else clause */
1707 message[pos++] = ':';
1708 message[pos++] = ' ';
1709 }
1710 # ifdef PNG_WARNINGS_SUPPORTED
1711 else
1712 {
1713 char number[PNG_NUMBER_BUFFER_SIZE]; /* +24 = 114*/
1714
1715 pos = png_safecat(message, (sizeof message), pos,
1716 png_format_number(number, number+(sizeof number),
1717 PNG_NUMBER_FORMAT_x, value));
1718 pos = png_safecat(message, (sizeof message), pos, "h: "); /*+2 = 116*/
1719 }
1720 # endif
1721 /* The 'reason' is an arbitrary message, allow +79 maximum 195 */
1722 pos = png_safecat(message, (sizeof message), pos, reason);
1723
1724 /* This is recoverable, but make it unconditionally an app_error on write to
1725 * avoid writing invalid ICC profiles into PNG files. (I.e. we handle them
1726 * on read, with a warning, but on write unless the app turns off
1727 * application errors the PNG won't be written.)
1728 */
1729 png_chunk_report(png_ptr, message,
1730 (colorspace != NULL) ? PNG_CHUNK_ERROR : PNG_CHUNK_WRITE_ERROR);
1731
1732 return 0;
1733 }
1734 #endif /* sRGB || iCCP */
1735
1736 #ifdef PNG_sRGB_SUPPORTED
1737 int /* PRIVATE */
1738 png_colorspace_set_sRGB(png_const_structrp png_ptr, png_colorspacerp colorspace,
1739 int intent)
1740 {
1741 /* sRGB sets known gamma, end points and (from the chunk) intent. */
1742 /* IMPORTANT: these are not necessarily the values found in an ICC profile
1743 * because ICC profiles store values adapted to a D50 environment; it is
1744 * expected that the ICC profile mediaWhitePointTag will be D50, see the
1745 * checks and code elsewhere to understand this better.
1746 *
1747 * These XYZ values, which are accurate to 5dp, produce rgb to gray
1748 * coefficients of (6968,23435,2366), which are reduced (because they add up
1749 * to 32769 not 32768) to (6968,23434,2366). These are the values that
1750 * libpng has traditionally used (and are the best values given the 15bit
1751 * algorithm used by the rgb to gray code.)
1752 */
1753 static const png_XYZ sRGB_XYZ = /* D65 XYZ (*not* the D50 adapted values!) */
1754 {
1755 /* color X Y Z */
1756 /* red */ 41239, 21264, 1933,
1757 /* green */ 35758, 71517, 11919,
1758 /* blue */ 18048, 7219, 95053
1759 };
1760
1761 /* Do nothing if the colorspace is already invalidated. */
1762 if (colorspace->flags & PNG_COLORSPACE_INVALID)
1763 return 0;
1764
1765 /* Check the intent, then check for existing settings. It is valid for the
1766 * PNG file to have cHRM or gAMA chunks along with sRGB, but the values must
1767 * be consistent with the correct values. If, however, this function is
1768 * called below because an iCCP chunk matches sRGB then it is quite
1769 * conceivable that an older app recorded incorrect gAMA and cHRM because of
1770 * an incorrect calculation based on the values in the profile - this does
1771 * *not* invalidate the profile (though it still produces an error, which can
1772 * be ignored.)
1773 */
1774 if (intent < 0 || intent >= PNG_sRGB_INTENT_LAST)
1775 return png_icc_profile_error(png_ptr, colorspace, "sRGB",
1776 (unsigned)intent, "invalid sRGB rendering intent");
1777
1778 if ((colorspace->flags & PNG_COLORSPACE_HAVE_INTENT) != 0 &&
1779 colorspace->rendering_intent != intent)
1780 return png_icc_profile_error(png_ptr, colorspace, "sRGB",
1781 (unsigned)intent, "inconsistent rendering intents");
1782
1783 if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != 0)
1784 {
1785 png_benign_error(png_ptr, "duplicate sRGB information ignored");
1786 return 0;
1787 }
1788
1789 /* If the standard sRGB cHRM chunk does not match the one from the PNG file
1790 * warn but overwrite the value with the correct one.
1791 */
1792 if ((colorspace->flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != 0 &&
1793 !png_colorspace_endpoints_match(&sRGB_xy, &colorspace->end_points_xy,
1794 100))
1795 png_chunk_report(png_ptr, "cHRM chunk does not match sRGB",
1796 PNG_CHUNK_ERROR);
1797
1798 /* This check is just done for the error reporting - the routine always
1799 * returns true when the 'from' argument corresponds to sRGB (2).
1800 */
1801 (void)png_colorspace_check_gamma(png_ptr, colorspace, PNG_GAMMA_sRGB_INVERSE,
1802 2/*from sRGB*/);
1803
1804 /* intent: bugs in GCC force 'int' to be used as the parameter type. */
1805 colorspace->rendering_intent = (png_uint_16)intent;
1806 colorspace->flags |= PNG_COLORSPACE_HAVE_INTENT;
1807
1808 /* endpoints */
1809 colorspace->end_points_xy = sRGB_xy;
1810 colorspace->end_points_XYZ = sRGB_XYZ;
1811 colorspace->flags |=
1812 (PNG_COLORSPACE_HAVE_ENDPOINTS|PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB);
1813
1814 /* gamma */
1815 colorspace->gamma = PNG_GAMMA_sRGB_INVERSE;
1816 colorspace->flags |= PNG_COLORSPACE_HAVE_GAMMA;
1817
1818 /* Finally record that we have an sRGB profile */
1819 colorspace->flags |=
1820 (PNG_COLORSPACE_MATCHES_sRGB|PNG_COLORSPACE_FROM_sRGB);
1821
1822 return 1; /* set */
1823 }
1824 #endif /* sRGB */
1825
1826 #ifdef PNG_iCCP_SUPPORTED
1827 /* Encoded value of D50 as an ICC XYZNumber. From the ICC 2010 spec the value
1828 * is XYZ(0.9642,1.0,0.8249), which scales to:
1829 *
1830 * (63189.8112, 65536, 54060.6464)
1831 */
1832 static const png_byte D50_nCIEXYZ[12] =
1833 { 0x00, 0x00, 0xf6, 0xd6, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0xd3, 0x2d };
1834
1835 int /* PRIVATE */
1836 png_icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace,
1837 png_const_charp name, png_uint_32 profile_length)
1838 {
1839 if (profile_length < 132)
1840 return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
1841 "too short");
1842
1843 if (profile_length & 3)
1844 return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
1845 "invalid length");
1846
1847 return 1;
1848 }
1849
1850 int /* PRIVATE */
1851 png_icc_check_header(png_const_structrp png_ptr, png_colorspacerp colorspace,
1852 png_const_charp name, png_uint_32 profile_length,
1853 png_const_bytep profile/* first 132 bytes only */, int color_type)
1854 {
1855 png_uint_32 temp;
1856
1857 /* Length check; this cannot be ignored in this code because profile_length
1858 * is used later to check the tag table, so even if the profile seems over
1859 * long profile_length from the caller must be correct. The caller can fix
1860 * this up on read or write by just passing in the profile header length.
1861 */
1862 temp = png_get_uint_32(profile);
1863 if (temp != profile_length)
1864 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1865 "length does not match profile");
1866
1867 temp = png_get_uint_32(profile+128); /* tag count: 12 bytes/tag */
1868 if (temp > 357913930 || /* (2^32-4-132)/12: maximum possible tag count */
1869 profile_length < 132+12*temp) /* truncated tag table */
1870 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1871 "tag count too large");
1872
1873 /* The 'intent' must be valid or we can't store it, ICC limits the intent to
1874 * 16 bits.
1875 */
1876 temp = png_get_uint_32(profile+64);
1877 if (temp >= 0xffff) /* The ICC limit */
1878 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1879 "invalid rendering intent");
1880
1881 /* This is just a warning because the profile may be valid in future
1882 * versions.
1883 */
1884 if (temp >= PNG_sRGB_INTENT_LAST)
1885 (void)png_icc_profile_error(png_ptr, NULL, name, temp,
1886 "intent outside defined range");
1887
1888 /* At this point the tag table can't be checked because it hasn't necessarily
1889 * been loaded; however, various header fields can be checked. These checks
1890 * are for values permitted by the PNG spec in an ICC profile; the PNG spec
1891 * restricts the profiles that can be passed in an iCCP chunk (they must be
1892 * appropriate to processing PNG data!)
1893 */
1894
1895 /* Data checks (could be skipped). These checks must be independent of the
1896 * version number; however, the version number doesn't accomodate changes in
1897 * the header fields (just the known tags and the interpretation of the
1898 * data.)
1899 */
1900 temp = png_get_uint_32(profile+36); /* signature 'ascp' */
1901 if (temp != 0x61637370)
1902 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1903 "invalid signature");
1904
1905 /* Currently the PCS illuminant/adopted white point (the computational
1906 * white point) are required to be D50,
1907 * however the profile contains a record of the illuminant so perhaps ICC
1908 * expects to be able to change this in the future (despite the rationale in
1909 * the introduction for using a fixed PCS adopted white.) Consequently the
1910 * following is just a warning.
1911 */
1912 if (memcmp(profile+68, D50_nCIEXYZ, 12) != 0)
1913 (void)png_icc_profile_error(png_ptr, NULL, name, 0/*no tag value*/,
1914 "PCS illuminant is not D50");
1915
1916 /* The PNG spec requires this:
1917 * "If the iCCP chunk is present, the image samples conform to the colour
1918 * space represented by the embedded ICC profile as defined by the
1919 * International Color Consortium [ICC]. The colour space of the ICC profile
1920 * shall be an RGB colour space for colour images (PNG colour types 2, 3, and
1921 * 6), or a greyscale colour space for greyscale images (PNG colour types 0
1922 * and 4)."
1923 *
1924 * This checking code ensures the embedded profile (on either read or write)
1925 * conforms to the specification requirements. Notice that an ICC 'gray'
1926 * color-space profile contains the information to transform the monochrome
1927 * data to XYZ or L*a*b (according to which PCS the profile uses) and this
1928 * should be used in preference to the standard libpng K channel replication
1929 * into R, G and B channels.
1930 *
1931 * Previously it was suggested that an RGB profile on grayscale data could be
1932 * handled. However it it is clear that using an RGB profile in this context
1933 * must be an error - there is no specification of what it means. Thus it is
1934 * almost certainly more correct to ignore the profile.
1935 */
1936 temp = png_get_uint_32(profile+16); /* data colour space field */
1937 switch (temp)
1938 {
1939 case 0x52474220: /* 'RGB ' */
1940 if (!(color_type & PNG_COLOR_MASK_COLOR))
1941 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1942 "RGB color space not permitted on grayscale PNG");
1943 break;
1944
1945 case 0x47524159: /* 'GRAY' */
1946 if (color_type & PNG_COLOR_MASK_COLOR)
1947 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1948 "Gray color space not permitted on RGB PNG");
1949 break;
1950
1951 default:
1952 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1953 "invalid ICC profile color space");
1954 }
1955
1956 /* It is up to the application to check that the profile class matches the
1957 * application requirements; the spec provides no guidance, but it's pretty
1958 * weird if the profile is not scanner ('scnr'), monitor ('mntr'), printer
1959 * ('prtr') or 'spac' (for generic color spaces). Issue a warning in these
1960 * cases. Issue an error for device link or abstract profiles - these don't
1961 * contain the records necessary to transform the color-space to anything
1962 * other than the target device (and not even that for an abstract profile).
1963 * Profiles of these classes may not be embedded in images.
1964 */
1965 temp = png_get_uint_32(profile+12); /* profile/device class */
1966 switch (temp)
1967 {
1968 case 0x73636E72: /* 'scnr' */
1969 case 0x6D6E7472: /* 'mntr' */
1970 case 0x70727472: /* 'prtr' */
1971 case 0x73706163: /* 'spac' */
1972 /* All supported */
1973 break;
1974
1975 case 0x61627374: /* 'abst' */
1976 /* May not be embedded in an image */
1977 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1978 "invalid embedded Abstract ICC profile");
1979
1980 case 0x6C696E6B: /* 'link' */
1981 /* DeviceLink profiles cannnot be interpreted in a non-device specific
1982 * fashion, if an app uses the AToB0Tag in the profile the results are
1983 * undefined unless the result is sent to the intended device,
1984 * therefore a DeviceLink profile should not be found embedded in a
1985 * PNG.
1986 */
1987 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1988 "unexpected DeviceLink ICC profile class");
1989
1990 case 0x6E6D636C: /* 'nmcl' */
1991 /* A NamedColor profile is also device specific, however it doesn't
1992 * contain an AToB0 tag that is open to misintrepretation. Almost
1993 * certainly it will fail the tests below.
1994 */
1995 (void)png_icc_profile_error(png_ptr, NULL, name, temp,
1996 "unexpected NamedColor ICC profile class");
1997 break;
1998
1999 default:
2000 /* To allow for future enhancements to the profile accept unrecognized
2001 * profile classes with a warning, these then hit the test below on the
2002 * tag content to ensure they are backward compatible with one of the
2003 * understood profiles.
2004 */
2005 (void)png_icc_profile_error(png_ptr, NULL, name, temp,
2006 "unrecognized ICC profile class");
2007 break;
2008 }
2009
2010 /* For any profile other than a device link one the PCS must be encoded
2011 * either in XYZ or Lab.
2012 */
2013 temp = png_get_uint_32(profile+20);
2014 switch (temp)
2015 {
2016 case 0x58595A20: /* 'XYZ ' */
2017 case 0x4C616220: /* 'Lab ' */
2018 break;
2019
2020 default:
2021 return png_icc_profile_error(png_ptr, colorspace, name, temp,
2022 "unexpected ICC PCS encoding");
2023 }
2024
2025 return 1;
2026 }
2027
2028 int /* PRIVATE */
2029 png_icc_check_tag_table(png_const_structrp png_ptr, png_colorspacerp colorspace,
2030 png_const_charp name, png_uint_32 profile_length,
2031 png_const_bytep profile /* header plus whole tag table */)
2032 {
2033 png_uint_32 tag_count = png_get_uint_32(profile+128);
2034 png_uint_32 itag;
2035 png_const_bytep tag = profile+132; /* The first tag */
2036
2037 /* First scan all the tags in the table and add bits to the icc_info value
2038 * (temporarily in 'tags').
2039 */
2040 for (itag=0; itag < tag_count; ++itag, tag += 12)
2041 {
2042 png_uint_32 tag_id = png_get_uint_32(tag+0);
2043 png_uint_32 tag_start = png_get_uint_32(tag+4); /* must be aligned */
2044 png_uint_32 tag_length = png_get_uint_32(tag+8);/* not padded */
2045
2046 /* The ICC specification does not exclude zero length tags, therefore the
2047 * start might actually be anywhere if there is no data, but this would be
2048 * a clear abuse of the intent of the standard so the start is checked for
2049 * being in range. All defined tag types have an 8 byte header - a 4 byte
2050 * type signature then 0.
2051 */
2052 if ((tag_start & 3) != 0)
2053 {
2054 /* CNHP730S.icc shipped with Microsoft Windows 64 violates this, it is
2055 * only a warning here because libpng does not care about the
2056 * alignment.
2057 */
2058 (void)png_icc_profile_error(png_ptr, NULL, name, tag_id,
2059 "ICC profile tag start not a multiple of 4");
2060 }
2061
2062 /* This is a hard error; potentially it can cause read outside the
2063 * profile.
2064 */
2065 if (tag_start > profile_length || tag_length > profile_length - tag_start)
2066 return png_icc_profile_error(png_ptr, colorspace, name, tag_id,
2067 "ICC profile tag outside profile");
2068 }
2069
2070 return 1; /* success, maybe with warnings */
2071 }
2072
2073 #ifdef PNG_sRGB_SUPPORTED
2074 /* Information about the known ICC sRGB profiles */
2075 static const struct
2076 {
2077 png_uint_32 adler, crc, length;
2078 png_uint_32 md5[4];
2079 png_byte have_md5;
2080 png_byte is_broken;
2081 png_uint_16 intent;
2082
2083 # define PNG_MD5(a,b,c,d) { a, b, c, d }, (a!=0)||(b!=0)||(c!=0)||(d!=0)
2084 # define PNG_ICC_CHECKSUM(adler, crc, md5, intent, broke, date, length, fname)\
2085 { adler, crc, length, md5, broke, intent },
2086
2087 } png_sRGB_checks[] =
2088 {
2089 /* This data comes from contrib/tools/checksum-icc run on downloads of
2090 * all four ICC sRGB profiles from www.color.org.
2091 */
2092 /* adler32, crc32, MD5[4], intent, date, length, file-name */
2093 PNG_ICC_CHECKSUM(0x0a3fd9f6, 0x3b8772b9,
2094 PNG_MD5(0x29f83dde, 0xaff255ae, 0x7842fae4, 0xca83390d), 0, 0,
2095 "2009/03/27 21:36:31", 3048, "sRGB_IEC61966-2-1_black_scaled.icc")
2096
2097 /* ICC sRGB v2 perceptual no black-compensation: */
2098 PNG_ICC_CHECKSUM(0x4909e5e1, 0x427ebb21,
2099 PNG_MD5(0xc95bd637, 0xe95d8a3b, 0x0df38f99, 0xc1320389), 1, 0,
2100 "2009/03/27 21:37:45", 3052, "sRGB_IEC61966-2-1_no_black_scaling.icc")
2101
2102 PNG_ICC_CHECKSUM(0xfd2144a1, 0x306fd8ae,
2103 PNG_MD5(0xfc663378, 0x37e2886b, 0xfd72e983, 0x8228f1b8), 0, 0,
2104 "2009/08/10 17:28:01", 60988, "sRGB_v4_ICC_preference_displayclass.icc")
2105
2106 /* ICC sRGB v4 perceptual */
2107 PNG_ICC_CHECKSUM(0x209c35d2, 0xbbef7812,
2108 PNG_MD5(0x34562abf, 0x994ccd06, 0x6d2c5721, 0xd0d68c5d), 0, 0,
2109 "2007/07/25 00:05:37", 60960, "sRGB_v4_ICC_preference.icc")
2110
2111 /* The following profiles have no known MD5 checksum. If there is a match
2112 * on the (empty) MD5 the other fields are used to attempt a match and
2113 * a warning is produced. The first two of these profiles have a 'cprt' tag
2114 * which suggests that they were also made by Hewlett Packard.
2115 */
2116 PNG_ICC_CHECKSUM(0xa054d762, 0x5d5129ce,
2117 PNG_MD5(0x00000000, 0x00000000, 0x00000000, 0x00000000), 1, 0,
2118 "2004/07/21 18:57:42", 3024, "sRGB_IEC61966-2-1_noBPC.icc")
2119
2120 /* This is a 'mntr' (display) profile with a mediaWhitePointTag that does not
2121 * match the D50 PCS illuminant in the header (it is in fact the D65 values,
2122 * so the white point is recorded as the un-adapted value.) The profiles
2123 * below only differ in one byte - the intent - and are basically the same as
2124 * the previous profile except for the mediaWhitePointTag error and a missing
2125 * chromaticAdaptationTag.
2126 */
2127 PNG_ICC_CHECKSUM(0xf784f3fb, 0x182ea552,
2128 PNG_MD5(0x00000000, 0x00000000, 0x00000000, 0x00000000), 0, 1/*broken*/,
2129 "1998/02/09 06:49:00", 3144, "HP-Microsoft sRGB v2 perceptual")
2130
2131 PNG_ICC_CHECKSUM(0x0398f3fc, 0xf29e526d,
2132 PNG_MD5(0x00000000, 0x00000000, 0x00000000, 0x00000000), 1, 1/*broken*/,
2133 "1998/02/09 06:49:00", 3144, "HP-Microsoft sRGB v2 media-relative")
2134 };
2135
2136 static int
2137 png_compare_ICC_profile_with_sRGB(png_const_structrp png_ptr,
2138 png_const_bytep profile, uLong adler)
2139 {
2140 /* The quick check is to verify just the MD5 signature and trust the
2141 * rest of the data. Because the profile has already been verified for
2142 * correctness this is safe. png_colorspace_set_sRGB will check the 'intent'
2143 * field too, so if the profile has been edited with an intent not defined
2144 * by sRGB (but maybe defined by a later ICC specification) the read of
2145 * the profile will fail at that point.
2146 */
2147 png_uint_32 length = 0;
2148 png_uint_32 intent = 0x10000; /* invalid */
2149 #if PNG_sRGB_PROFILE_CHECKS > 1
2150 uLong crc = 0; /* the value for 0 length data */
2151 #endif
2152 unsigned int i;
2153
2154 for (i=0; i < (sizeof png_sRGB_checks) / (sizeof png_sRGB_checks[0]); ++i)
2155 {
2156 if (png_get_uint_32(profile+84) == png_sRGB_checks[i].md5[0] &&
2157 png_get_uint_32(profile+88) == png_sRGB_checks[i].md5[1] &&
2158 png_get_uint_32(profile+92) == png_sRGB_checks[i].md5[2] &&
2159 png_get_uint_32(profile+96) == png_sRGB_checks[i].md5[3])
2160 {
2161 /* This may be one of the old HP profiles without an MD5, in that
2162 * case we can only use the length and Adler32 (note that these
2163 * are not used by default if there is an MD5!)
2164 */
2165 # if PNG_sRGB_PROFILE_CHECKS == 0
2166 if (png_sRGB_checks[i].have_md5)
2167 return 1+png_sRGB_checks[i].is_broken;
2168 # endif
2169
2170 /* Profile is unsigned or more checks have been configured in. */
2171 if (length == 0)
2172 {
2173 length = png_get_uint_32(profile);
2174 intent = png_get_uint_32(profile+64);
2175 }
2176
2177 /* Length *and* intent must match */
2178 if (length == png_sRGB_checks[i].length &&
2179 intent == png_sRGB_checks[i].intent)
2180 {
2181 /* Now calculate the adler32 if not done already. */
2182 if (adler == 0)
2183 {
2184 adler = adler32(0, NULL, 0);
2185 adler = adler32(adler, profile, length);
2186 }
2187
2188 if (adler == png_sRGB_checks[i].adler)
2189 {
2190 /* These basic checks suggest that the data has not been
2191 * modified, but if the check level is more than 1 perform
2192 * our own crc32 checksum on the data.
2193 */
2194 # if PNG_sRGB_PROFILE_CHECKS > 1
2195 if (crc == 0)
2196 {
2197 crc = crc32(0, NULL, 0);
2198 crc = crc32(crc, profile, length);
2199 }
2200
2201 /* So this check must pass for the 'return' below to happen.
2202 */
2203 if (crc == png_sRGB_checks[i].crc)
2204 # endif
2205 {
2206 if (png_sRGB_checks[i].is_broken)
2207 {
2208 /* These profiles are known to have bad data that may cause
2209 * problems if they are used, therefore attempt to
2210 * discourage their use, skip the 'have_md5' warning below,
2211 * which is made irrelevant by this error.
2212 */
2213 png_chunk_report(png_ptr, "known incorrect sRGB profile",
2214 PNG_CHUNK_ERROR);
2215 }
2216
2217 /* Warn that this being done; this isn't even an error since
2218 * the profile is perfectly valid, but it would be nice if
2219 * people used the up-to-date ones.
2220 */
2221 else if (!png_sRGB_checks[i].have_md5)
2222 {
2223 png_chunk_report(png_ptr,
2224 "out-of-date sRGB profile with no signature",
2225 PNG_CHUNK_WARNING);
2226 }
2227
2228 return 1+png_sRGB_checks[i].is_broken;
2229 }
2230 }
2231 }
2232
2233 # if PNG_sRGB_PROFILE_CHECKS > 0
2234 /* The signature matched, but the profile had been changed in some
2235 * way. This is an apparent violation of the ICC terms of use and,
2236 * anyway, probably indicates a data error or uninformed hacking.
2237 */
2238 if (png_sRGB_checks[i].have_md5)
2239 png_benign_error(png_ptr,
2240 "copyright violation: edited ICC profile ignored");
2241 # endif
2242 }
2243 }
2244
2245 return 0; /* no match */
2246 }
2247 #endif
2248
2249 #ifdef PNG_sRGB_SUPPORTED
2250 void /* PRIVATE */
2251 png_icc_set_sRGB(png_const_structrp png_ptr,
2252 png_colorspacerp colorspace, png_const_bytep profile, uLong adler)
2253 {
2254 /* Is this profile one of the known ICC sRGB profiles? If it is, just set
2255 * the sRGB information.
2256 */
2257 if (png_compare_ICC_profile_with_sRGB(png_ptr, profile, adler))
2258 (void)png_colorspace_set_sRGB(png_ptr, colorspace,
2259 (int)/*already checked*/png_get_uint_32(profile+64));
2260 }
2261 #endif /* PNG_READ_sRGB_SUPPORTED */
2262
2263 int /* PRIVATE */
2264 png_colorspace_set_ICC(png_const_structrp png_ptr, png_colorspacerp colorspace,
2265 png_const_charp name, png_uint_32 profile_length, png_const_bytep profile,
2266 int color_type)
2267 {
2268 if (colorspace->flags & PNG_COLORSPACE_INVALID)
2269 return 0;
2270
2271 if (png_icc_check_length(png_ptr, colorspace, name, profile_length) &&
2272 png_icc_check_header(png_ptr, colorspace, name, profile_length, profile,
2273 color_type) &&
2274 png_icc_check_tag_table(png_ptr, colorspace, name, profile_length,
2275 profile))
2276 {
2277 # ifdef PNG_sRGB_SUPPORTED
2278 /* If no sRGB support, don't try storing sRGB information */
2279 png_icc_set_sRGB(png_ptr, colorspace, profile, 0);
2280 # endif
2281 return 1;
2282 }
2283
2284 /* Failure case */
2285 return 0;
2286 }
2287 #endif /* iCCP */
2288
2289 #ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED
2290 void /* PRIVATE */
2291 png_colorspace_set_rgb_coefficients(png_structrp png_ptr)
2292 {
2293 /* Set the rgb_to_gray coefficients from the colorspace. */
2294 if (!png_ptr->rgb_to_gray_coefficients_set &&
2295 (png_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != 0)
2296 {
2297 /* png_set_background has not been called, get the coefficients from the Y
2298 * values of the colorspace colorants.
2299 */
2300 png_fixed_point r = png_ptr->colorspace.end_points_XYZ.red_Y;
2301 png_fixed_point g = png_ptr->colorspace.end_points_XYZ.green_Y;
2302 png_fixed_point b = png_ptr->colorspace.end_points_XYZ.blue_Y;
2303 png_fixed_point total = r+g+b;
2304
2305 if (total > 0 &&
2306 r >= 0 && png_muldiv(&r, r, 32768, total) && r >= 0 && r <= 32768 &&
2307 g >= 0 && png_muldiv(&g, g, 32768, total) && g >= 0 && g <= 32768 &&
2308 b >= 0 && png_muldiv(&b, b, 32768, total) && b >= 0 && b <= 32768 &&
2309 r+g+b <= 32769)
2310 {
2311 /* We allow 0 coefficients here. r+g+b may be 32769 if two or
2312 * all of the coefficients were rounded up. Handle this by
2313 * reducing the *largest* coefficient by 1; this matches the
2314 * approach used for the default coefficients in pngrtran.c
2315 */
2316 int add = 0;
2317
2318 if (r+g+b > 32768)
2319 add = -1;
2320 else if (r+g+b < 32768)
2321 add = 1;
2322
2323 if (add != 0)
2324 {
2325 if (g >= r && g >= b)
2326 g += add;
2327 else if (r >= g && r >= b)
2328 r += add;
2329 else
2330 b += add;
2331 }
2332
2333 /* Check for an internal error. */
2334 if (r+g+b != 32768)
2335 png_error(png_ptr,
2336 "internal error handling cHRM coefficients");
2337
2338 else
2339 {
2340 png_ptr->rgb_to_gray_red_coeff = (png_uint_16)r;
2341 png_ptr->rgb_to_gray_green_coeff = (png_uint_16)g;
2342 }
2343 }
2344
2345 /* This is a png_error at present even though it could be ignored -
2346 * it should never happen, but it is important that if it does, the
2347 * bug is fixed.
2348 */
2349 else
2350 png_error(png_ptr, "internal error handling cHRM->XYZ");
2351 }
2352 }
2353 #endif
2354
2355 #endif /* COLORSPACE */
2356
2357 void /* PRIVATE */
2358 png_check_IHDR(png_const_structrp png_ptr,
2359 png_uint_32 width, png_uint_32 height, int bit_depth,
2360 int color_type, int interlace_type, int compression_type,
2361 int filter_type)
2362 {
2363 int error = 0;
2364
2365 /* Check for width and height valid values */
2366 if (width == 0)
2367 {
2368 png_warning(png_ptr, "Image width is zero in IHDR");
2369 error = 1;
2370 }
2371
2372 if (height == 0)
2373 {
2374 png_warning(png_ptr, "Image height is zero in IHDR");
2375 error = 1;
2376 }
2377
2378 # ifdef PNG_SET_USER_LIMITS_SUPPORTED
2379 if (width > png_ptr->user_width_max)
2380
2381 # else
2382 if (width > PNG_USER_WIDTH_MAX)
2383 # endif
2384 {
2385 png_warning(png_ptr, "Image width exceeds user limit in IHDR");
2386 error = 1;
2387 }
2388
2389 # ifdef PNG_SET_USER_LIMITS_SUPPORTED
2390 if (height > png_ptr->user_height_max)
2391 # else
2392 if (height > PNG_USER_HEIGHT_MAX)
2393 # endif
2394 {
2395 png_warning(png_ptr, "Image height exceeds user limit in IHDR");
2396 error = 1;
2397 }
2398
2399 if (width > PNG_UINT_31_MAX)
2400 {
2401 png_warning(png_ptr, "Invalid image width in IHDR");
2402 error = 1;
2403 }
2404
2405 if (height > PNG_UINT_31_MAX)
2406 {
2407 png_warning(png_ptr, "Invalid image height in IHDR");
2408 error = 1;
2409 }
2410
2411 if (width > (PNG_UINT_32_MAX
2412 >> 3) /* 8-byte RGBA pixels */
2413 - 48 /* bigrowbuf hack */
2414 - 1 /* filter byte */
2415 - 7*8 /* rounding of width to multiple of 8 pixels */
2416 - 8) /* extra max_pixel_depth pad */
2417 png_warning(png_ptr, "Width is too large for libpng to process pixels");
2418
2419 /* Check other values */
2420 if (bit_depth != 1 && bit_depth != 2 && bit_depth != 4 &&
2421 bit_depth != 8 && bit_depth != 16)
2422 {
2423 png_warning(png_ptr, "Invalid bit depth in IHDR");
2424 error = 1;
2425 }
2426
2427 if (color_type < 0 || color_type == 1 ||
2428 color_type == 5 || color_type > 6)
2429 {
2430 png_warning(png_ptr, "Invalid color type in IHDR");
2431 error = 1;
2432 }
2433
2434 if (((color_type == PNG_COLOR_TYPE_PALETTE) && bit_depth > 8) ||
2435 ((color_type == PNG_COLOR_TYPE_RGB ||
2436 color_type == PNG_COLOR_TYPE_GRAY_ALPHA ||
2437 color_type == PNG_COLOR_TYPE_RGB_ALPHA) && bit_depth < 8))
2438 {
2439 png_warning(png_ptr, "Invalid color type/bit depth combination in IHDR");
2440 error = 1;
2441 }
2442
2443 if (interlace_type >= PNG_INTERLACE_LAST)
2444 {
2445 png_warning(png_ptr, "Unknown interlace method in IHDR");
2446 error = 1;
2447 }
2448
2449 if (compression_type != PNG_COMPRESSION_TYPE_BASE)
2450 {
2451 png_warning(png_ptr, "Unknown compression method in IHDR");
2452 error = 1;
2453 }
2454
2455 # ifdef PNG_MNG_FEATURES_SUPPORTED
2456 /* Accept filter_method 64 (intrapixel differencing) only if
2457 * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and
2458 * 2. Libpng did not read a PNG signature (this filter_method is only
2459 * used in PNG datastreams that are embedded in MNG datastreams) and
2460 * 3. The application called png_permit_mng_features with a mask that
2461 * included PNG_FLAG_MNG_FILTER_64 and
2462 * 4. The filter_method is 64 and
2463 * 5. The color_type is RGB or RGBA
2464 */
2465 if ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) &&
2466 png_ptr->mng_features_permitted)
2467 png_warning(png_ptr, "MNG features are not allowed in a PNG datastream");
2468
2469 if (filter_type != PNG_FILTER_TYPE_BASE)
2470 {
2471 if (!((png_ptr->mng_features_permitted & PNG_FLAG_MNG_FILTER_64) &&
2472 (filter_type == PNG_INTRAPIXEL_DIFFERENCING) &&
2473 ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) == 0) &&
2474 (color_type == PNG_COLOR_TYPE_RGB ||
2475 color_type == PNG_COLOR_TYPE_RGB_ALPHA)))
2476 {
2477 png_warning(png_ptr, "Unknown filter method in IHDR");
2478 error = 1;
2479 }
2480
2481 if (png_ptr->mode & PNG_HAVE_PNG_SIGNATURE)
2482 {
2483 png_warning(png_ptr, "Invalid filter method in IHDR");
2484 error = 1;
2485 }
2486 }
2487
2488 # else
2489 if (filter_type != PNG_FILTER_TYPE_BASE)
2490 {
2491 png_warning(png_ptr, "Unknown filter method in IHDR");
2492 error = 1;
2493 }
2494 # endif
2495
2496 if (error == 1)
2497 png_error(png_ptr, "Invalid IHDR data");
2498 }
2499
2500 #if defined(PNG_sCAL_SUPPORTED) || defined(PNG_pCAL_SUPPORTED)
2501 /* ASCII to fp functions */
2502 /* Check an ASCII formated floating point value, see the more detailed
2503 * comments in pngpriv.h
2504 */
2505 /* The following is used internally to preserve the sticky flags */
2506 #define png_fp_add(state, flags) ((state) |= (flags))
2507 #define png_fp_set(state, value) ((state) = (value) | ((state) & PNG_FP_STICKY))
2508
2509 int /* PRIVATE */
2510 png_check_fp_number(png_const_charp string, png_size_t size, int *statep,
2511 png_size_tp whereami)
2512 {
2513 int state = *statep;
2514 png_size_t i = *whereami;
2515
2516 while (i < size)
2517 {
2518 int type;
2519 /* First find the type of the next character */
2520 switch (string[i])
2521 {
2522 case 43: type = PNG_FP_SAW_SIGN; break;
2523 case 45: type = PNG_FP_SAW_SIGN + PNG_FP_NEGATIVE; break;
2524 case 46: type = PNG_FP_SAW_DOT; break;
2525 case 48: type = PNG_FP_SAW_DIGIT; break;
2526 case 49: case 50: case 51: case 52:
2527 case 53: case 54: case 55: case 56:
2528 case 57: type = PNG_FP_SAW_DIGIT + PNG_FP_NONZERO; break;
2529 case 69:
2530 case 101: type = PNG_FP_SAW_E; break;
2531 default: goto PNG_FP_End;
2532 }
2533
2534 /* Now deal with this type according to the current
2535 * state, the type is arranged to not overlap the
2536 * bits of the PNG_FP_STATE.
2537 */
2538 switch ((state & PNG_FP_STATE) + (type & PNG_FP_SAW_ANY))
2539 {
2540 case PNG_FP_INTEGER + PNG_FP_SAW_SIGN:
2541 if (state & PNG_FP_SAW_ANY)
2542 goto PNG_FP_End; /* not a part of the number */
2543
2544 png_fp_add(state, type);
2545 break;
2546
2547 case PNG_FP_INTEGER + PNG_FP_SAW_DOT:
2548 /* Ok as trailer, ok as lead of fraction. */
2549 if (state & PNG_FP_SAW_DOT) /* two dots */
2550 goto PNG_FP_End;
2551
2552 else if (state & PNG_FP_SAW_DIGIT) /* trailing dot? */
2553 png_fp_add(state, type);
2554
2555 else
2556 png_fp_set(state, PNG_FP_FRACTION | type);
2557
2558 break;
2559
2560 case PNG_FP_INTEGER + PNG_FP_SAW_DIGIT:
2561 if (state & PNG_FP_SAW_DOT) /* delayed fraction */
2562 png_fp_set(state, PNG_FP_FRACTION | PNG_FP_SAW_DOT);
2563
2564 png_fp_add(state, type | PNG_FP_WAS_VALID);
2565
2566 break;
2567
2568 case PNG_FP_INTEGER + PNG_FP_SAW_E:
2569 if ((state & PNG_FP_SAW_DIGIT) == 0)
2570 goto PNG_FP_End;
2571
2572 png_fp_set(state, PNG_FP_EXPONENT);
2573
2574 break;
2575
2576 /* case PNG_FP_FRACTION + PNG_FP_SAW_SIGN:
2577 goto PNG_FP_End; ** no sign in fraction */
2578
2579 /* case PNG_FP_FRACTION + PNG_FP_SAW_DOT:
2580 goto PNG_FP_End; ** Because SAW_DOT is always set */
2581
2582 case PNG_FP_FRACTION + PNG_FP_SAW_DIGIT:
2583 png_fp_add(state, type | PNG_FP_WAS_VALID);
2584 break;
2585
2586 case PNG_FP_FRACTION + PNG_FP_SAW_E:
2587 /* This is correct because the trailing '.' on an
2588 * integer is handled above - so we can only get here
2589 * with the sequence ".E" (with no preceding digits).
2590 */
2591 if ((state & PNG_FP_SAW_DIGIT) == 0)
2592 goto PNG_FP_End;
2593
2594 png_fp_set(state, PNG_FP_EXPONENT);
2595
2596 break;
2597
2598 case PNG_FP_EXPONENT + PNG_FP_SAW_SIGN:
2599 if (state & PNG_FP_SAW_ANY)
2600 goto PNG_FP_End; /* not a part of the number */
2601
2602 png_fp_add(state, PNG_FP_SAW_SIGN);
2603
2604 break;
2605
2606 /* case PNG_FP_EXPONENT + PNG_FP_SAW_DOT:
2607 goto PNG_FP_End; */
2608
2609 case PNG_FP_EXPONENT + PNG_FP_SAW_DIGIT:
2610 png_fp_add(state, PNG_FP_SAW_DIGIT | PNG_FP_WAS_VALID);
2611
2612 break;
2613
2614 /* case PNG_FP_EXPONEXT + PNG_FP_SAW_E:
2615 goto PNG_FP_End; */
2616
2617 default: goto PNG_FP_End; /* I.e. break 2 */
2618 }
2619
2620 /* The character seems ok, continue. */
2621 ++i;
2622 }
2623
2624 PNG_FP_End:
2625 /* Here at the end, update the state and return the correct
2626 * return code.
2627 */
2628 *statep = state;
2629 *whereami = i;
2630
2631 return (state & PNG_FP_SAW_DIGIT) != 0;
2632 }
2633
2634
2635 /* The same but for a complete string. */
2636 int
2637 png_check_fp_string(png_const_charp string, png_size_t size)
2638 {
2639 int state=0;
2640 png_size_t char_index=0;
2641
2642 if (png_check_fp_number(string, size, &state, &char_index) &&
2643 (char_index == size || string[char_index] == 0))
2644 return state /* must be non-zero - see above */;
2645
2646 return 0; /* i.e. fail */
2647 }
2648 #endif /* pCAL or sCAL */
2649
2650 #ifdef PNG_sCAL_SUPPORTED
2651 # ifdef PNG_FLOATING_POINT_SUPPORTED
2652 /* Utility used below - a simple accurate power of ten from an integral
2653 * exponent.
2654 */
2655 static double
2656 png_pow10(int power)
2657 {
2658 int recip = 0;
2659 double d = 1;
2660
2661 /* Handle negative exponent with a reciprocal at the end because
2662 * 10 is exact whereas .1 is inexact in base 2
2663 */
2664 if (power < 0)
2665 {
2666 if (power < DBL_MIN_10_EXP) return 0;
2667 recip = 1, power = -power;
2668 }
2669
2670 if (power > 0)
2671 {
2672 /* Decompose power bitwise. */
2673 double mult = 10;
2674 do
2675 {
2676 if (power & 1) d *= mult;
2677 mult *= mult;
2678 power >>= 1;
2679 }
2680 while (power > 0);
2681
2682 if (recip) d = 1/d;
2683 }
2684 /* else power is 0 and d is 1 */
2685
2686 return d;
2687 }
2688
2689 /* Function to format a floating point value in ASCII with a given
2690 * precision.
2691 */
2692 void /* PRIVATE */
2693 png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, png_size_t size,
2694 double fp, unsigned int precision)
2695 {
2696 /* We use standard functions from math.h, but not printf because
2697 * that would require stdio. The caller must supply a buffer of
2698 * sufficient size or we will png_error. The tests on size and
2699 * the space in ascii[] consumed are indicated below.
2700 */
2701 if (precision < 1)
2702 precision = DBL_DIG;
2703
2704 /* Enforce the limit of the implementation precision too. */
2705 if (precision > DBL_DIG+1)
2706 precision = DBL_DIG+1;
2707
2708 /* Basic sanity checks */
2709 if (size >= precision+5) /* See the requirements below. */
2710 {
2711 if (fp < 0)
2712 {
2713 fp = -fp;
2714 *ascii++ = 45; /* '-' PLUS 1 TOTAL 1 */
2715 --size;
2716 }
2717
2718 if (fp >= DBL_MIN && fp <= DBL_MAX)
2719 {
2720 int exp_b10; /* A base 10 exponent */
2721 double base; /* 10^exp_b10 */
2722
2723 /* First extract a base 10 exponent of the number,
2724 * the calculation below rounds down when converting
2725 * from base 2 to base 10 (multiply by log10(2) -
2726 * 0.3010, but 77/256 is 0.3008, so exp_b10 needs to
2727 * be increased. Note that the arithmetic shift
2728 * performs a floor() unlike C arithmetic - using a
2729 * C multiply would break the following for negative
2730 * exponents.
2731 */
2732 (void)frexp(fp, &exp_b10); /* exponent to base 2 */
2733
2734 exp_b10 = (exp_b10 * 77) >> 8; /* <= exponent to base 10 */
2735
2736 /* Avoid underflow here. */
2737 base = png_pow10(exp_b10); /* May underflow */
2738
2739 while (base < DBL_MIN || base < fp)
2740 {
2741 /* And this may overflow. */
2742 double test = png_pow10(exp_b10+1);
2743
2744 if (test <= DBL_MAX)
2745 ++exp_b10, base = test;
2746
2747 else
2748 break;
2749 }
2750
2751 /* Normalize fp and correct exp_b10, after this fp is in the
2752 * range [.1,1) and exp_b10 is both the exponent and the digit
2753 * *before* which the decimal point should be inserted
2754 * (starting with 0 for the first digit). Note that this
2755 * works even if 10^exp_b10 is out of range because of the
2756 * test on DBL_MAX above.
2757 */
2758 fp /= base;
2759 while (fp >= 1) fp /= 10, ++exp_b10;
2760
2761 /* Because of the code above fp may, at this point, be
2762 * less than .1, this is ok because the code below can
2763 * handle the leading zeros this generates, so no attempt
2764 * is made to correct that here.
2765 */
2766
2767 {
2768 int czero, clead, cdigits;
2769 char exponent[10];
2770
2771 /* Allow up to two leading zeros - this will not lengthen
2772 * the number compared to using E-n.
2773 */
2774 if (exp_b10 < 0 && exp_b10 > -3) /* PLUS 3 TOTAL 4 */
2775 {
2776 czero = -exp_b10; /* PLUS 2 digits: TOTAL 3 */
2777 exp_b10 = 0; /* Dot added below before first output. */
2778 }
2779 else
2780 czero = 0; /* No zeros to add */
2781
2782 /* Generate the digit list, stripping trailing zeros and
2783 * inserting a '.' before a digit if the exponent is 0.
2784 */
2785 clead = czero; /* Count of leading zeros */
2786 cdigits = 0; /* Count of digits in list. */
2787
2788 do
2789 {
2790 double d;
2791
2792 fp *= 10;
2793 /* Use modf here, not floor and subtract, so that
2794 * the separation is done in one step. At the end
2795 * of the loop don't break the number into parts so
2796 * that the final digit is rounded.
2797 */
2798 if (cdigits+czero-clead+1 < (int)precision)
2799 fp = modf(fp, &d);
2800
2801 else
2802 {
2803 d = floor(fp + .5);
2804
2805 if (d > 9)
2806 {
2807 /* Rounding up to 10, handle that here. */
2808 if (czero > 0)
2809 {
2810 --czero, d = 1;
2811 if (cdigits == 0) --clead;
2812 }
2813 else
2814 {
2815 while (cdigits > 0 && d > 9)
2816 {
2817 int ch = *--ascii;
2818
2819 if (exp_b10 != (-1))
2820 ++exp_b10;
2821
2822 else if (ch == 46)
2823 {
2824 ch = *--ascii, ++size;
2825 /* Advance exp_b10 to '1', so that the
2826 * decimal point happens after the
2827 * previous digit.
2828 */
2829 exp_b10 = 1;
2830 }
2831
2832 --cdigits;
2833 d = ch - 47; /* I.e. 1+(ch-48) */
2834 }
2835
2836 /* Did we reach the beginning? If so adjust the
2837 * exponent but take into account the leading
2838 * decimal point.
2839 */
2840 if (d > 9) /* cdigits == 0 */
2841 {
2842 if (exp_b10 == (-1))
2843 {
2844 /* Leading decimal point (plus zeros?), if
2845 * we lose the decimal point here it must
2846 * be reentered below.
2847 */
2848 int ch = *--ascii;
2849
2850 if (ch == 46)
2851 ++size, exp_b10 = 1;
2852
2853 /* Else lost a leading zero, so 'exp_b10' is
2854 * still ok at (-1)
2855 */
2856 }
2857 else
2858 ++exp_b10;
2859
2860 /* In all cases we output a '1' */
2861 d = 1;
2862 }
2863 }
2864 }
2865 fp = 0; /* Guarantees termination below. */
2866 }
2867
2868 if (d == 0)
2869 {
2870 ++czero;
2871 if (cdigits == 0) ++clead;
2872 }
2873 else
2874 {
2875 /* Included embedded zeros in the digit count. */
2876 cdigits += czero - clead;
2877 clead = 0;
2878
2879 while (czero > 0)
2880 {
2881 /* exp_b10 == (-1) means we just output the decimal
2882 * place - after the DP don't adjust 'exp_b10' any
2883 * more!
2884 */
2885 if (exp_b10 != (-1))
2886 {
2887 if (exp_b10 == 0) *ascii++ = 46, --size;
2888 /* PLUS 1: TOTAL 4 */
2889 --exp_b10;
2890 }
2891 *ascii++ = 48, --czero;
2892 }
2893
2894 if (exp_b10 != (-1))
2895 {
2896 if (exp_b10 == 0) *ascii++ = 46, --size; /* counted
2897 above */
2898 --exp_b10;
2899 }
2900 *ascii++ = (char)(48 + (int)d), ++cdigits;
2901 }
2902 }
2903 while (cdigits+czero-clead < (int)precision && fp > DBL_MIN);
2904
2905 /* The total output count (max) is now 4+precision */
2906
2907 /* Check for an exponent, if we don't need one we are
2908 * done and just need to terminate the string. At
2909 * this point exp_b10==(-1) is effectively if flag - it got
2910 * to '-1' because of the decrement after outputing
2911 * the decimal point above (the exponent required is
2912 * *not* -1!)
2913 */
2914 if (exp_b10 >= (-1) && exp_b10 <= 2)
2915 {
2916 /* The following only happens if we didn't output the
2917 * leading zeros above for negative exponent, so this
2918 * doest add to the digit requirement. Note that the
2919 * two zeros here can only be output if the two leading
2920 * zeros were *not* output, so this doesn't increase
2921 * the output count.
2922 */
2923 while (--exp_b10 >= 0) *ascii++ = 48;
2924
2925 *ascii = 0;
2926
2927 /* Total buffer requirement (including the '\0') is
2928 * 5+precision - see check at the start.
2929 */
2930 return;
2931 }
2932
2933 /* Here if an exponent is required, adjust size for
2934 * the digits we output but did not count. The total
2935 * digit output here so far is at most 1+precision - no
2936 * decimal point and no leading or trailing zeros have
2937 * been output.
2938 */
2939 size -= cdigits;
2940
2941 *ascii++ = 69, --size; /* 'E': PLUS 1 TOTAL 2+precision */
2942
2943 /* The following use of an unsigned temporary avoids ambiguities in
2944 * the signed arithmetic on exp_b10 and permits GCC at least to do
2945 * better optimization.
2946 */
2947 {
2948 unsigned int uexp_b10;
2949
2950 if (exp_b10 < 0)
2951 {
2952 *ascii++ = 45, --size; /* '-': PLUS 1 TOTAL 3+precision */
2953 uexp_b10 = -exp_b10;
2954 }
2955
2956 else
2957 uexp_b10 = exp_b10;
2958
2959 cdigits = 0;
2960
2961 while (uexp_b10 > 0)
2962 {
2963 exponent[cdigits++] = (char)(48 + uexp_b10 % 10);
2964 uexp_b10 /= 10;
2965 }
2966 }
2967
2968 /* Need another size check here for the exponent digits, so
2969 * this need not be considered above.
2970 */
2971 if ((int)size > cdigits)
2972 {
2973 while (cdigits > 0) *ascii++ = exponent[--cdigits];
2974
2975 *ascii = 0;
2976
2977 return;
2978 }
2979 }
2980 }
2981 else if (!(fp >= DBL_MIN))
2982 {
2983 *ascii++ = 48; /* '0' */
2984 *ascii = 0;
2985 return;
2986 }
2987 else
2988 {
2989 *ascii++ = 105; /* 'i' */
2990 *ascii++ = 110; /* 'n' */
2991 *ascii++ = 102; /* 'f' */
2992 *ascii = 0;
2993 return;
2994 }
2995 }
2996
2997 /* Here on buffer too small. */
2998 png_error(png_ptr, "ASCII conversion buffer too small");
2999 }
3000
3001 # endif /* FLOATING_POINT */
3002
3003 # ifdef PNG_FIXED_POINT_SUPPORTED
3004 /* Function to format a fixed point value in ASCII.
3005 */
3006 void /* PRIVATE */
3007 png_ascii_from_fixed(png_const_structrp png_ptr, png_charp ascii,
3008 png_size_t size, png_fixed_point fp)
3009 {
3010 /* Require space for 10 decimal digits, a decimal point, a minus sign and a
3011 * trailing \0, 13 characters:
3012 */
3013 if (size > 12)
3014 {
3015 png_uint_32 num;
3016
3017 /* Avoid overflow here on the minimum integer. */
3018 if (fp < 0)
3019 *ascii++ = 45, --size, num = -fp;
3020 else
3021 num = fp;
3022
3023 if (num <= 0x80000000) /* else overflowed */
3024 {
3025 unsigned int ndigits = 0, first = 16 /* flag value */;
3026 char digits[10];
3027
3028 while (num)
3029 {
3030 /* Split the low digit off num: */
3031 unsigned int tmp = num/10;
3032 num -= tmp*10;
3033 digits[ndigits++] = (char)(48 + num);
3034 /* Record the first non-zero digit, note that this is a number
3035 * starting at 1, it's not actually the array index.
3036 */
3037 if (first == 16 && num > 0)
3038 first = ndigits;
3039 num = tmp;
3040 }
3041
3042 if (ndigits > 0)
3043 {
3044 while (ndigits > 5) *ascii++ = digits[--ndigits];
3045 /* The remaining digits are fractional digits, ndigits is '5' or
3046 * smaller at this point. It is certainly not zero. Check for a
3047 * non-zero fractional digit:
3048 */
3049 if (first <= 5)
3050 {
3051 unsigned int i;
3052 *ascii++ = 46; /* decimal point */
3053 /* ndigits may be <5 for small numbers, output leading zeros
3054 * then ndigits digits to first:
3055 */
3056 i = 5;
3057 while (ndigits < i) *ascii++ = 48, --i;
3058 while (ndigits >= first) *ascii++ = digits[--ndigits];
3059 /* Don't output the trailing zeros! */
3060 }
3061 }
3062 else
3063 *ascii++ = 48;
3064
3065 /* And null terminate the string: */
3066 *ascii = 0;
3067 return;
3068 }
3069 }
3070
3071 /* Here on buffer too small. */
3072 png_error(png_ptr, "ASCII conversion buffer too small");
3073 }
3074 # endif /* FIXED_POINT */
3075 #endif /* READ_SCAL */
3076
3077 #if defined(PNG_FLOATING_POINT_SUPPORTED) && \
3078 !defined(PNG_FIXED_POINT_MACRO_SUPPORTED) && \
3079 (defined(PNG_gAMA_SUPPORTED) || defined(PNG_cHRM_SUPPORTED) || \
3080 defined(PNG_sCAL_SUPPORTED) || defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3081 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)) || \
3082 (defined(PNG_sCAL_SUPPORTED) && \
3083 defined(PNG_FLOATING_ARITHMETIC_SUPPORTED))
3084 png_fixed_point
3085 png_fixed(png_const_structrp png_ptr, double fp, png_const_charp text)
3086 {
3087 double r = floor(100000 * fp + .5);
3088
3089 if (r > 2147483647. || r < -2147483648.)
3090 png_fixed_error(png_ptr, text);
3091
3092 return (png_fixed_point)r;
3093 }
3094 #endif
3095
3096 #if defined(PNG_READ_GAMMA_SUPPORTED) || \
3097 defined(PNG_INCH_CONVERSIONS_SUPPORTED) || defined(PNG_READ_pHYs_SUPPORTED)
3098 /* muldiv functions */
3099 /* This API takes signed arguments and rounds the result to the nearest
3100 * integer (or, for a fixed point number - the standard argument - to
3101 * the nearest .00001). Overflow and divide by zero are signalled in
3102 * the result, a boolean - true on success, false on overflow.
3103 */
3104 int
3105 png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times,
3106 png_int_32 divisor)
3107 {
3108 /* Return a * times / divisor, rounded. */
3109 if (divisor != 0)
3110 {
3111 if (a == 0 || times == 0)
3112 {
3113 *res = 0;
3114 return 1;
3115 }
3116 else
3117 {
3118 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3119 double r = a;
3120 r *= times;
3121 r /= divisor;
3122 r = floor(r+.5);
3123
3124 /* A png_fixed_point is a 32-bit integer. */
3125 if (r <= 2147483647. && r >= -2147483648.)
3126 {
3127 *res = (png_fixed_point)r;
3128 return 1;
3129 }
3130 #else
3131 int negative = 0;
3132 png_uint_32 A, T, D;
3133 png_uint_32 s16, s32, s00;
3134
3135 if (a < 0)
3136 negative = 1, A = -a;
3137 else
3138 A = a;
3139
3140 if (times < 0)
3141 negative = !negative, T = -times;
3142 else
3143 T = times;
3144
3145 if (divisor < 0)
3146 negative = !negative, D = -divisor;
3147 else
3148 D = divisor;
3149
3150 /* Following can't overflow because the arguments only
3151 * have 31 bits each, however the result may be 32 bits.
3152 */
3153 s16 = (A >> 16) * (T & 0xffff) +
3154 (A & 0xffff) * (T >> 16);
3155 /* Can't overflow because the a*times bit is only 30
3156 * bits at most.
3157 */
3158 s32 = (A >> 16) * (T >> 16) + (s16 >> 16);
3159 s00 = (A & 0xffff) * (T & 0xffff);
3160
3161 s16 = (s16 & 0xffff) << 16;
3162 s00 += s16;
3163
3164 if (s00 < s16)
3165 ++s32; /* carry */
3166
3167 if (s32 < D) /* else overflow */
3168 {
3169 /* s32.s00 is now the 64-bit product, do a standard
3170 * division, we know that s32 < D, so the maximum
3171 * required shift is 31.
3172 */
3173 int bitshift = 32;
3174 png_fixed_point result = 0; /* NOTE: signed */
3175
3176 while (--bitshift >= 0)
3177 {
3178 png_uint_32 d32, d00;
3179
3180 if (bitshift > 0)
3181 d32 = D >> (32-bitshift), d00 = D << bitshift;
3182
3183 else
3184 d32 = 0, d00 = D;
3185
3186 if (s32 > d32)
3187 {
3188 if (s00 < d00) --s32; /* carry */
3189 s32 -= d32, s00 -= d00, result += 1<<bitshift;
3190 }
3191
3192 else
3193 if (s32 == d32 && s00 >= d00)
3194 s32 = 0, s00 -= d00, result += 1<<bitshift;
3195 }
3196
3197 /* Handle the rounding. */
3198 if (s00 >= (D >> 1))
3199 ++result;
3200
3201 if (negative)
3202 result = -result;
3203
3204 /* Check for overflow. */
3205 if ((negative && result <= 0) || (!negative && result >= 0))
3206 {
3207 *res = result;
3208 return 1;
3209 }
3210 }
3211 #endif
3212 }
3213 }
3214
3215 return 0;
3216 }
3217 #endif /* READ_GAMMA || INCH_CONVERSIONS */
3218
3219 #if defined(PNG_READ_GAMMA_SUPPORTED) || defined(PNG_INCH_CONVERSIONS_SUPPORTED)
3220 /* The following is for when the caller doesn't much care about the
3221 * result.
3222 */
3223 png_fixed_point
3224 png_muldiv_warn(png_const_structrp png_ptr, png_fixed_point a, png_int_32 times,
3225 png_int_32 divisor)
3226 {
3227 png_fixed_point result;
3228
3229 if (png_muldiv(&result, a, times, divisor))
3230 return result;
3231
3232 png_warning(png_ptr, "fixed point overflow ignored");
3233 return 0;
3234 }
3235 #endif
3236
3237 #ifdef PNG_GAMMA_SUPPORTED /* more fixed point functions for gamma */
3238 /* Calculate a reciprocal, return 0 on div-by-zero or overflow. */
3239 png_fixed_point
3240 png_reciprocal(png_fixed_point a)
3241 {
3242 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3243 double r = floor(1E10/a+.5);
3244
3245 if (r <= 2147483647. && r >= -2147483648.)
3246 return (png_fixed_point)r;
3247 #else
3248 png_fixed_point res;
3249
3250 if (png_muldiv(&res, 100000, 100000, a))
3251 return res;
3252 #endif
3253
3254 return 0; /* error/overflow */
3255 }
3256
3257 /* This is the shared test on whether a gamma value is 'significant' - whether
3258 * it is worth doing gamma correction.
3259 */
3260 int /* PRIVATE */
3261 png_gamma_significant(png_fixed_point gamma_val)
3262 {
3263 return gamma_val < PNG_FP_1 - PNG_GAMMA_THRESHOLD_FIXED ||
3264 gamma_val > PNG_FP_1 + PNG_GAMMA_THRESHOLD_FIXED;
3265 }
3266 #endif
3267
3268 #ifdef PNG_READ_GAMMA_SUPPORTED
3269 /* A local convenience routine. */
3270 static png_fixed_point
3271 png_product2(png_fixed_point a, png_fixed_point b)
3272 {
3273 /* The required result is 1/a * 1/b; the following preserves accuracy. */
3274 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3275 double r = a * 1E-5;
3276 r *= b;
3277 r = floor(r+.5);
3278
3279 if (r <= 2147483647. && r >= -2147483648.)
3280 return (png_fixed_point)r;
3281 #else
3282 png_fixed_point res;
3283
3284 if (png_muldiv(&res, a, b, 100000))
3285 return res;
3286 #endif
3287
3288 return 0; /* overflow */
3289 }
3290
3291 /* The inverse of the above. */
3292 png_fixed_point
3293 png_reciprocal2(png_fixed_point a, png_fixed_point b)
3294 {
3295 /* The required result is 1/a * 1/b; the following preserves accuracy. */
3296 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3297 double r = 1E15/a;
3298 r /= b;
3299 r = floor(r+.5);
3300
3301 if (r <= 2147483647. && r >= -2147483648.)
3302 return (png_fixed_point)r;
3303 #else
3304 /* This may overflow because the range of png_fixed_point isn't symmetric,
3305 * but this API is only used for the product of file and screen gamma so it
3306 * doesn't matter that the smallest number it can produce is 1/21474, not
3307 * 1/100000
3308 */
3309 png_fixed_point res = png_product2(a, b);
3310
3311 if (res != 0)
3312 return png_reciprocal(res);
3313 #endif
3314
3315 return 0; /* overflow */
3316 }
3317 #endif /* READ_GAMMA */
3318
3319 #ifdef PNG_READ_GAMMA_SUPPORTED /* gamma table code */
3320 #ifndef PNG_FLOATING_ARITHMETIC_SUPPORTED
3321 /* Fixed point gamma.
3322 *
3323 * The code to calculate the tables used below can be found in the shell script
3324 * contrib/tools/intgamma.sh
3325 *
3326 * To calculate gamma this code implements fast log() and exp() calls using only
3327 * fixed point arithmetic. This code has sufficient precision for either 8-bit
3328 * or 16-bit sample values.
3329 *
3330 * The tables used here were calculated using simple 'bc' programs, but C double
3331 * precision floating point arithmetic would work fine.
3332 *
3333 * 8-bit log table
3334 * This is a table of -log(value/255)/log(2) for 'value' in the range 128 to
3335 * 255, so it's the base 2 logarithm of a normalized 8-bit floating point
3336 * mantissa. The numbers are 32-bit fractions.
3337 */
3338 static const png_uint_32
3339 png_8bit_l2[128] =
3340 {
3341 4270715492U, 4222494797U, 4174646467U, 4127164793U, 4080044201U, 4033279239U,
3342 3986864580U, 3940795015U, 3895065449U, 3849670902U, 3804606499U, 3759867474U,
3343 3715449162U, 3671346997U, 3627556511U, 3584073329U, 3540893168U, 3498011834U,
3344 3455425220U, 3413129301U, 3371120137U, 3329393864U, 3287946700U, 3246774933U,
3345 3205874930U, 3165243125U, 3124876025U, 3084770202U, 3044922296U, 3005329011U,
3346 2965987113U, 2926893432U, 2888044853U, 2849438323U, 2811070844U, 2772939474U,
3347 2735041326U, 2697373562U, 2659933400U, 2622718104U, 2585724991U, 2548951424U,
3348 2512394810U, 2476052606U, 2439922311U, 2404001468U, 2368287663U, 2332778523U,
3349 2297471715U, 2262364947U, 2227455964U, 2192742551U, 2158222529U, 2123893754U,
3350 2089754119U, 2055801552U, 2022034013U, 1988449497U, 1955046031U, 1921821672U,
3351 1888774511U, 1855902668U, 1823204291U, 1790677560U, 1758320682U, 1726131893U,
3352 1694109454U, 1662251657U, 1630556815U, 1599023271U, 1567649391U, 1536433567U,
3353 1505374214U, 1474469770U, 1443718700U, 1413119487U, 1382670639U, 1352370686U,
3354 1322218179U, 1292211689U, 1262349810U, 1232631153U, 1203054352U, 1173618059U,
3355 1144320946U, 1115161701U, 1086139034U, 1057251672U, 1028498358U, 999877854U,
3356 971388940U, 943030410U, 914801076U, 886699767U, 858725327U, 830876614U,
3357 803152505U, 775551890U, 748073672U, 720716771U, 693480120U, 666362667U,
3358 639363374U, 612481215U, 585715177U, 559064263U, 532527486U, 506103872U,
3359 479792461U, 453592303U, 427502463U, 401522014U, 375650043U, 349885648U,
3360 324227938U, 298676034U, 273229066U, 247886176U, 222646516U, 197509248U,
3361 172473545U, 147538590U, 122703574U, 97967701U, 73330182U, 48790236U,
3362 24347096U, 0U
3363
3364 #if 0
3365 /* The following are the values for 16-bit tables - these work fine for the
3366 * 8-bit conversions but produce very slightly larger errors in the 16-bit
3367 * log (about 1.2 as opposed to 0.7 absolute error in the final value). To
3368 * use these all the shifts below must be adjusted appropriately.
3369 */
3370 65166, 64430, 63700, 62976, 62257, 61543, 60835, 60132, 59434, 58741, 58054,
3371 57371, 56693, 56020, 55352, 54689, 54030, 53375, 52726, 52080, 51439, 50803,
3372 50170, 49542, 48918, 48298, 47682, 47070, 46462, 45858, 45257, 44661, 44068,
3373 43479, 42894, 42312, 41733, 41159, 40587, 40020, 39455, 38894, 38336, 37782,
3374 37230, 36682, 36137, 35595, 35057, 34521, 33988, 33459, 32932, 32408, 31887,
3375 31369, 30854, 30341, 29832, 29325, 28820, 28319, 27820, 27324, 26830, 26339,
3376 25850, 25364, 24880, 24399, 23920, 23444, 22970, 22499, 22029, 21562, 21098,
3377 20636, 20175, 19718, 19262, 18808, 18357, 17908, 17461, 17016, 16573, 16132,
3378 15694, 15257, 14822, 14390, 13959, 13530, 13103, 12678, 12255, 11834, 11415,
3379 10997, 10582, 10168, 9756, 9346, 8937, 8531, 8126, 7723, 7321, 6921, 6523,
3380 6127, 5732, 5339, 4947, 4557, 4169, 3782, 3397, 3014, 2632, 2251, 1872, 1495,
3381 1119, 744, 372
3382 #endif
3383 };
3384
3385 static png_int_32
3386 png_log8bit(unsigned int x)
3387 {
3388 unsigned int lg2 = 0;
3389 /* Each time 'x' is multiplied by 2, 1 must be subtracted off the final log,
3390 * because the log is actually negate that means adding 1. The final
3391 * returned value thus has the range 0 (for 255 input) to 7.994 (for 1
3392 * input), return -1 for the overflow (log 0) case, - so the result is
3393 * always at most 19 bits.
3394 */
3395 if ((x &= 0xff) == 0)
3396 return -1;
3397
3398 if ((x & 0xf0) == 0)
3399 lg2 = 4, x <<= 4;
3400
3401 if ((x & 0xc0) == 0)
3402 lg2 += 2, x <<= 2;
3403
3404 if ((x & 0x80) == 0)
3405 lg2 += 1, x <<= 1;
3406
3407 /* result is at most 19 bits, so this cast is safe: */
3408 return (png_int_32)((lg2 << 16) + ((png_8bit_l2[x-128]+32768)>>16));
3409 }
3410
3411 /* The above gives exact (to 16 binary places) log2 values for 8-bit images,
3412 * for 16-bit images we use the most significant 8 bits of the 16-bit value to
3413 * get an approximation then multiply the approximation by a correction factor
3414 * determined by the remaining up to 8 bits. This requires an additional step
3415 * in the 16-bit case.
3416 *
3417 * We want log2(value/65535), we have log2(v'/255), where:
3418 *
3419 * value = v' * 256 + v''
3420 * = v' * f
3421 *
3422 * So f is value/v', which is equal to (256+v''/v') since v' is in the range 128
3423 * to 255 and v'' is in the range 0 to 255 f will be in the range 256 to less
3424 * than 258. The final factor also needs to correct for the fact that our 8-bit
3425 * value is scaled by 255, whereas the 16-bit values must be scaled by 65535.
3426 *
3427 * This gives a final formula using a calculated value 'x' which is value/v' and
3428 * scaling by 65536 to match the above table:
3429 *
3430 * log2(x/257) * 65536
3431 *
3432 * Since these numbers are so close to '1' we can use simple linear
3433 * interpolation between the two end values 256/257 (result -368.61) and 258/257
3434 * (result 367.179). The values used below are scaled by a further 64 to give
3435 * 16-bit precision in the interpolation:
3436 *
3437 * Start (256): -23591
3438 * Zero (257): 0
3439 * End (258): 23499
3440 */
3441 static png_int_32
3442 png_log16bit(png_uint_32 x)
3443 {
3444 unsigned int lg2 = 0;
3445
3446 /* As above, but now the input has 16 bits. */
3447 if ((x &= 0xffff) == 0)
3448 return -1;
3449
3450 if ((x & 0xff00) == 0)
3451 lg2 = 8, x <<= 8;
3452
3453 if ((x & 0xf000) == 0)
3454 lg2 += 4, x <<= 4;
3455
3456 if ((x & 0xc000) == 0)
3457 lg2 += 2, x <<= 2;
3458
3459 if ((x & 0x8000) == 0)
3460 lg2 += 1, x <<= 1;
3461
3462 /* Calculate the base logarithm from the top 8 bits as a 28-bit fractional
3463 * value.
3464 */
3465 lg2 <<= 28;
3466 lg2 += (png_8bit_l2[(x>>8)-128]+8) >> 4;
3467
3468 /* Now we need to interpolate the factor, this requires a division by the top
3469 * 8 bits. Do this with maximum precision.
3470 */
3471 x = ((x << 16) + (x >> 9)) / (x >> 8);
3472
3473 /* Since we divided by the top 8 bits of 'x' there will be a '1' at 1<<24,
3474 * the value at 1<<16 (ignoring this) will be 0 or 1; this gives us exactly
3475 * 16 bits to interpolate to get the low bits of the result. Round the
3476 * answer. Note that the end point values are scaled by 64 to retain overall
3477 * precision and that 'lg2' is current scaled by an extra 12 bits, so adjust
3478 * the overall scaling by 6-12. Round at every step.
3479 */
3480 x -= 1U << 24;
3481
3482 if (x <= 65536U) /* <= '257' */
3483 lg2 += ((23591U * (65536U-x)) + (1U << (16+6-12-1))) >> (16+6-12);
3484
3485 else
3486 lg2 -= ((23499U * (x-65536U)) + (1U << (16+6-12-1))) >> (16+6-12);
3487
3488 /* Safe, because the result can't have more than 20 bits: */
3489 return (png_int_32)((lg2 + 2048) >> 12);
3490 }
3491
3492 /* The 'exp()' case must invert the above, taking a 20-bit fixed point
3493 * logarithmic value and returning a 16 or 8-bit number as appropriate. In
3494 * each case only the low 16 bits are relevant - the fraction - since the
3495 * integer bits (the top 4) simply determine a shift.
3496 *
3497 * The worst case is the 16-bit distinction between 65535 and 65534, this
3498 * requires perhaps spurious accuracty in the decoding of the logarithm to
3499 * distinguish log2(65535/65534.5) - 10^-5 or 17 bits. There is little chance
3500 * of getting this accuracy in practice.
3501 *
3502 * To deal with this the following exp() function works out the exponent of the
3503 * frational part of the logarithm by using an accurate 32-bit value from the
3504 * top four fractional bits then multiplying in the remaining bits.
3505 */
3506 static const png_uint_32
3507 png_32bit_exp[16] =
3508 {
3509 /* NOTE: the first entry is deliberately set to the maximum 32-bit value. */
3510 4294967295U, 4112874773U, 3938502376U, 3771522796U, 3611622603U, 3458501653U,
3511 3311872529U, 3171459999U, 3037000500U, 2908241642U, 2784941738U, 2666869345U,
3512 2553802834U, 2445529972U, 2341847524U, 2242560872U
3513 };
3514
3515 /* Adjustment table; provided to explain the numbers in the code below. */
3516 #if 0
3517 for (i=11;i>=0;--i){ print i, " ", (1 - e(-(2^i)/65536*l(2))) * 2^(32-i), "\n"}
3518 11 44937.64284865548751208448
3519 10 45180.98734845585101160448
3520 9 45303.31936980687359311872
3521 8 45364.65110595323018870784
3522 7 45395.35850361789624614912
3523 6 45410.72259715102037508096
3524 5 45418.40724413220722311168
3525 4 45422.25021786898173001728
3526 3 45424.17186732298419044352
3527 2 45425.13273269940811464704
3528 1 45425.61317555035558641664
3529 0 45425.85339951654943850496
3530 #endif
3531
3532 static png_uint_32
3533 png_exp(png_fixed_point x)
3534 {
3535 if (x > 0 && x <= 0xfffff) /* Else overflow or zero (underflow) */
3536 {
3537 /* Obtain a 4-bit approximation */
3538 png_uint_32 e = png_32bit_exp[(x >> 12) & 0xf];
3539
3540 /* Incorporate the low 12 bits - these decrease the returned value by
3541 * multiplying by a number less than 1 if the bit is set. The multiplier
3542 * is determined by the above table and the shift. Notice that the values
3543 * converge on 45426 and this is used to allow linear interpolation of the
3544 * low bits.
3545 */
3546 if (x & 0x800)
3547 e -= (((e >> 16) * 44938U) + 16U) >> 5;
3548
3549 if (x & 0x400)
3550 e -= (((e >> 16) * 45181U) + 32U) >> 6;
3551
3552 if (x & 0x200)
3553 e -= (((e >> 16) * 45303U) + 64U) >> 7;
3554
3555 if (x & 0x100)
3556 e -= (((e >> 16) * 45365U) + 128U) >> 8;
3557
3558 if (x & 0x080)
3559 e -= (((e >> 16) * 45395U) + 256U) >> 9;
3560
3561 if (x & 0x040)
3562 e -= (((e >> 16) * 45410U) + 512U) >> 10;
3563
3564 /* And handle the low 6 bits in a single block. */
3565 e -= (((e >> 16) * 355U * (x & 0x3fU)) + 256U) >> 9;
3566
3567 /* Handle the upper bits of x. */
3568 e >>= x >> 16;
3569 return e;
3570 }
3571
3572 /* Check for overflow */
3573 if (x <= 0)
3574 return png_32bit_exp[0];
3575
3576 /* Else underflow */
3577 return 0;
3578 }
3579
3580 static png_byte
3581 png_exp8bit(png_fixed_point lg2)
3582 {
3583 /* Get a 32-bit value: */
3584 png_uint_32 x = png_exp(lg2);
3585
3586 /* Convert the 32-bit value to 0..255 by multiplying by 256-1, note that the
3587 * second, rounding, step can't overflow because of the first, subtraction,
3588 * step.
3589 */
3590 x -= x >> 8;
3591 return (png_byte)((x + 0x7fffffU) >> 24);
3592 }
3593
3594 static png_uint_16
3595 png_exp16bit(png_fixed_point lg2)
3596 {
3597 /* Get a 32-bit value: */
3598 png_uint_32 x = png_exp(lg2);
3599
3600 /* Convert the 32-bit value to 0..65535 by multiplying by 65536-1: */
3601 x -= x >> 16;
3602 return (png_uint_16)((x + 32767U) >> 16);
3603 }
3604 #endif /* FLOATING_ARITHMETIC */
3605
3606 png_byte
3607 png_gamma_8bit_correct(unsigned int value, png_fixed_point gamma_val)
3608 {
3609 if (value > 0 && value < 255)
3610 {
3611 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3612 double r = floor(255*pow(value/255.,gamma_val*.00001)+.5);
3613 return (png_byte)r;
3614 # else
3615 png_int_32 lg2 = png_log8bit(value);
3616 png_fixed_point res;
3617
3618 if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1))
3619 return png_exp8bit(res);
3620
3621 /* Overflow. */
3622 value = 0;
3623 # endif
3624 }
3625
3626 return (png_byte)value;
3627 }
3628
3629 png_uint_16
3630 png_gamma_16bit_correct(unsigned int value, png_fixed_point gamma_val)
3631 {
3632 if (value > 0 && value < 65535)
3633 {
3634 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3635 double r = floor(65535*pow(value/65535.,gamma_val*.00001)+.5);
3636 return (png_uint_16)r;
3637 # else
3638 png_int_32 lg2 = png_log16bit(value);
3639 png_fixed_point res;
3640
3641 if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1))
3642 return png_exp16bit(res);
3643
3644 /* Overflow. */
3645 value = 0;
3646 # endif
3647 }
3648
3649 return (png_uint_16)value;
3650 }
3651
3652 /* This does the right thing based on the bit_depth field of the
3653 * png_struct, interpreting values as 8-bit or 16-bit. While the result
3654 * is nominally a 16-bit value if bit depth is 8 then the result is
3655 * 8-bit (as are the arguments.)
3656 */
3657 png_uint_16 /* PRIVATE */
3658 png_gamma_correct(png_structrp png_ptr, unsigned int value,
3659 png_fixed_point gamma_val)
3660 {
3661 if (png_ptr->bit_depth == 8)
3662 return png_gamma_8bit_correct(value, gamma_val);
3663
3664 else
3665 return png_gamma_16bit_correct(value, gamma_val);
3666 }
3667
3668 /* Internal function to build a single 16-bit table - the table consists of
3669 * 'num' 256 entry subtables, where 'num' is determined by 'shift' - the amount
3670 * to shift the input values right (or 16-number_of_signifiant_bits).
3671 *
3672 * The caller is responsible for ensuring that the table gets cleaned up on
3673 * png_error (i.e. if one of the mallocs below fails) - i.e. the *table argument
3674 * should be somewhere that will be cleaned.
3675 */
3676 static void
3677 png_build_16bit_table(png_structrp png_ptr, png_uint_16pp *ptable,
3678 PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
3679 {
3680 /* Various values derived from 'shift': */
3681 PNG_CONST unsigned int num = 1U << (8U - shift);
3682 PNG_CONST unsigned int max = (1U << (16U - shift))-1U;
3683 PNG_CONST unsigned int max_by_2 = 1U << (15U-shift);
3684 unsigned int i;
3685
3686 png_uint_16pp table = *ptable =
3687 (png_uint_16pp)png_calloc(png_ptr, num * (sizeof (png_uint_16p)));
3688
3689 for (i = 0; i < num; i++)
3690 {
3691 png_uint_16p sub_table = table[i] =
3692 (png_uint_16p)png_malloc(png_ptr, 256 * (sizeof (png_uint_16)));
3693
3694 /* The 'threshold' test is repeated here because it can arise for one of
3695 * the 16-bit tables even if the others don't hit it.
3696 */
3697 if (png_gamma_significant(gamma_val))
3698 {
3699 /* The old code would overflow at the end and this would cause the
3700 * 'pow' function to return a result >1, resulting in an
3701 * arithmetic error. This code follows the spec exactly; ig is
3702 * the recovered input sample, it always has 8-16 bits.
3703 *
3704 * We want input * 65535/max, rounded, the arithmetic fits in 32
3705 * bits (unsigned) so long as max <= 32767.
3706 */
3707 unsigned int j;
3708 for (j = 0; j < 256; j++)
3709 {
3710 png_uint_32 ig = (j << (8-shift)) + i;
3711 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3712 /* Inline the 'max' scaling operation: */
3713 double d = floor(65535*pow(ig/(double)max, gamma_val*.00001)+.5);
3714 sub_table[j] = (png_uint_16)d;
3715 # else
3716 if (shift)
3717 ig = (ig * 65535U + max_by_2)/max;
3718
3719 sub_table[j] = png_gamma_16bit_correct(ig, gamma_val);
3720 # endif
3721 }
3722 }
3723 else
3724 {
3725 /* We must still build a table, but do it the fast way. */
3726 unsigned int j;
3727
3728 for (j = 0; j < 256; j++)
3729 {
3730 png_uint_32 ig = (j << (8-shift)) + i;
3731
3732 if (shift)
3733 ig = (ig * 65535U + max_by_2)/max;
3734
3735 sub_table[j] = (png_uint_16)ig;
3736 }
3737 }
3738 }
3739 }
3740
3741 /* NOTE: this function expects the *inverse* of the overall gamma transformation
3742 * required.
3743 */
3744 static void
3745 png_build_16to8_table(png_structrp png_ptr, png_uint_16pp *ptable,
3746 PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
3747 {
3748 PNG_CONST unsigned int num = 1U << (8U - shift);
3749 PNG_CONST unsigned int max = (1U << (16U - shift))-1U;
3750 unsigned int i;
3751 png_uint_32 last;
3752
3753 png_uint_16pp table = *ptable =
3754 (png_uint_16pp)png_calloc(png_ptr, num * (sizeof (png_uint_16p)));
3755
3756 /* 'num' is the number of tables and also the number of low bits of low
3757 * bits of the input 16-bit value used to select a table. Each table is
3758 * itself index by the high 8 bits of the value.
3759 */
3760 for (i = 0; i < num; i++)
3761 table[i] = (png_uint_16p)png_malloc(png_ptr,
3762 256 * (sizeof (png_uint_16)));
3763
3764 /* 'gamma_val' is set to the reciprocal of the value calculated above, so
3765 * pow(out,g) is an *input* value. 'last' is the last input value set.
3766 *
3767 * In the loop 'i' is used to find output values. Since the output is
3768 * 8-bit there are only 256 possible values. The tables are set up to
3769 * select the closest possible output value for each input by finding
3770 * the input value at the boundary between each pair of output values
3771 * and filling the table up to that boundary with the lower output
3772 * value.
3773 *
3774 * The boundary values are 0.5,1.5..253.5,254.5. Since these are 9-bit
3775 * values the code below uses a 16-bit value in i; the values start at
3776 * 128.5 (for 0.5) and step by 257, for a total of 254 values (the last
3777 * entries are filled with 255). Start i at 128 and fill all 'last'
3778 * table entries <= 'max'
3779 */
3780 last = 0;
3781 for (i = 0; i < 255; ++i) /* 8-bit output value */
3782 {
3783 /* Find the corresponding maximum input value */
3784 png_uint_16 out = (png_uint_16)(i * 257U); /* 16-bit output value */
3785
3786 /* Find the boundary value in 16 bits: */
3787 png_uint_32 bound = png_gamma_16bit_correct(out+128U, gamma_val);
3788
3789 /* Adjust (round) to (16-shift) bits: */
3790 bound = (bound * max + 32768U)/65535U + 1U;
3791
3792 while (last < bound)
3793 {
3794 table[last & (0xffU >> shift)][last >> (8U - shift)] = out;
3795 last++;
3796 }
3797 }
3798
3799 /* And fill in the final entries. */
3800 while (last < (num << 8))
3801 {
3802 table[last & (0xff >> shift)][last >> (8U - shift)] = 65535U;
3803 last++;
3804 }
3805 }
3806
3807 /* Build a single 8-bit table: same as the 16-bit case but much simpler (and
3808 * typically much faster). Note that libpng currently does no sBIT processing
3809 * (apparently contrary to the spec) so a 256 entry table is always generated.
3810 */
3811 static void
3812 png_build_8bit_table(png_structrp png_ptr, png_bytepp ptable,
3813 PNG_CONST png_fixed_point gamma_val)
3814 {
3815 unsigned int i;
3816 png_bytep table = *ptable = (png_bytep)png_malloc(png_ptr, 256);
3817
3818 if (png_gamma_significant(gamma_val)) for (i=0; i<256; i++)
3819 table[i] = png_gamma_8bit_correct(i, gamma_val);
3820
3821 else for (i=0; i<256; ++i)
3822 table[i] = (png_byte)i;
3823 }
3824
3825 /* Used from png_read_destroy and below to release the memory used by the gamma
3826 * tables.
3827 */
3828 void /* PRIVATE */
3829 png_destroy_gamma_table(png_structrp png_ptr)
3830 {
3831 png_free(png_ptr, png_ptr->gamma_table);
3832 png_ptr->gamma_table = NULL;
3833
3834 if (png_ptr->gamma_16_table != NULL)
3835 {
3836 int i;
3837 int istop = (1 << (8 - png_ptr->gamma_shift));
3838 for (i = 0; i < istop; i++)
3839 {
3840 png_free(png_ptr, png_ptr->gamma_16_table[i]);
3841 }
3842 png_free(png_ptr, png_ptr->gamma_16_table);
3843 png_ptr->gamma_16_table = NULL;
3844 }
3845
3846 #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3847 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
3848 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
3849 png_free(png_ptr, png_ptr->gamma_from_1);
3850 png_ptr->gamma_from_1 = NULL;
3851 png_free(png_ptr, png_ptr->gamma_to_1);
3852 png_ptr->gamma_to_1 = NULL;
3853
3854 if (png_ptr->gamma_16_from_1 != NULL)
3855 {
3856 int i;
3857 int istop = (1 << (8 - png_ptr->gamma_shift));
3858 for (i = 0; i < istop; i++)
3859 {
3860 png_free(png_ptr, png_ptr->gamma_16_from_1[i]);
3861 }
3862 png_free(png_ptr, png_ptr->gamma_16_from_1);
3863 png_ptr->gamma_16_from_1 = NULL;
3864 }
3865 if (png_ptr->gamma_16_to_1 != NULL)
3866 {
3867 int i;
3868 int istop = (1 << (8 - png_ptr->gamma_shift));
3869 for (i = 0; i < istop; i++)
3870 {
3871 png_free(png_ptr, png_ptr->gamma_16_to_1[i]);
3872 }
3873 png_free(png_ptr, png_ptr->gamma_16_to_1);
3874 png_ptr->gamma_16_to_1 = NULL;
3875 }
3876 #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
3877 }
3878
3879 /* We build the 8- or 16-bit gamma tables here. Note that for 16-bit
3880 * tables, we don't make a full table if we are reducing to 8-bit in
3881 * the future. Note also how the gamma_16 tables are segmented so that
3882 * we don't need to allocate > 64K chunks for a full 16-bit table.
3883 */
3884 void /* PRIVATE */
3885 png_build_gamma_table(png_structrp png_ptr, int bit_depth)
3886 {
3887 png_debug(1, "in png_build_gamma_table");
3888
3889 /* Remove any existing table; this copes with multiple calls to
3890 * png_read_update_info. The warning is because building the gamma tables
3891 * multiple times is a performance hit - it's harmless but the ability to call
3892 * png_read_update_info() multiple times is new in 1.5.6 so it seems sensible
3893 * to warn if the app introduces such a hit.
3894 */
3895 if (png_ptr->gamma_table != NULL || png_ptr->gamma_16_table != NULL)
3896 {
3897 png_warning(png_ptr, "gamma table being rebuilt");
3898 png_destroy_gamma_table(png_ptr);
3899 }
3900
3901 if (bit_depth <= 8)
3902 {
3903 png_build_8bit_table(png_ptr, &png_ptr->gamma_table,
3904 png_ptr->screen_gamma > 0 ? png_reciprocal2(png_ptr->colorspace.gamma,
3905 png_ptr->screen_gamma) : PNG_FP_1);
3906
3907 #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3908 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
3909 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
3910 if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY))
3911 {
3912 png_build_8bit_table(png_ptr, &png_ptr->gamma_to_1,
3913 png_reciprocal(png_ptr->colorspace.gamma));
3914
3915 png_build_8bit_table(png_ptr, &png_ptr->gamma_from_1,
3916 png_ptr->screen_gamma > 0 ? png_reciprocal(png_ptr->screen_gamma) :
3917 png_ptr->colorspace.gamma/* Probably doing rgb_to_gray */);
3918 }
3919 #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
3920 }
3921 else
3922 {
3923 png_byte shift, sig_bit;
3924
3925 if (png_ptr->color_type & PNG_COLOR_MASK_COLOR)
3926 {
3927 sig_bit = png_ptr->sig_bit.red;
3928
3929 if (png_ptr->sig_bit.green > sig_bit)
3930 sig_bit = png_ptr->sig_bit.green;
3931
3932 if (png_ptr->sig_bit.blue > sig_bit)
3933 sig_bit = png_ptr->sig_bit.blue;
3934 }
3935 else
3936 sig_bit = png_ptr->sig_bit.gray;
3937
3938 /* 16-bit gamma code uses this equation:
3939 *
3940 * ov = table[(iv & 0xff) >> gamma_shift][iv >> 8]
3941 *
3942 * Where 'iv' is the input color value and 'ov' is the output value -
3943 * pow(iv, gamma).
3944 *
3945 * Thus the gamma table consists of up to 256 256 entry tables. The table
3946 * is selected by the (8-gamma_shift) most significant of the low 8 bits of
3947 * the color value then indexed by the upper 8 bits:
3948 *
3949 * table[low bits][high 8 bits]
3950 *
3951 * So the table 'n' corresponds to all those 'iv' of:
3952 *
3953 * <all high 8-bit values><n << gamma_shift>..<(n+1 << gamma_shift)-1>
3954 *
3955 */
3956 if (sig_bit > 0 && sig_bit < 16U)
3957 shift = (png_byte)(16U - sig_bit); /* shift == insignificant bits */
3958
3959 else
3960 shift = 0; /* keep all 16 bits */
3961
3962 if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8))
3963 {
3964 /* PNG_MAX_GAMMA_8 is the number of bits to keep - effectively
3965 * the significant bits in the *input* when the output will
3966 * eventually be 8 bits. By default it is 11.
3967 */
3968 if (shift < (16U - PNG_MAX_GAMMA_8))
3969 shift = (16U - PNG_MAX_GAMMA_8);
3970 }
3971
3972 if (shift > 8U)
3973 shift = 8U; /* Guarantees at least one table! */
3974
3975 png_ptr->gamma_shift = shift;
3976
3977 #ifdef PNG_16BIT_SUPPORTED
3978 /* NOTE: prior to 1.5.4 this test used to include PNG_BACKGROUND (now
3979 * PNG_COMPOSE). This effectively smashed the background calculation for
3980 * 16-bit output because the 8-bit table assumes the result will be reduced
3981 * to 8 bits.
3982 */
3983 if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8))
3984 #endif
3985 png_build_16to8_table(png_ptr, &png_ptr->gamma_16_table, shift,
3986 png_ptr->screen_gamma > 0 ? png_product2(png_ptr->colorspace.gamma,
3987 png_ptr->screen_gamma) : PNG_FP_1);
3988
3989 #ifdef PNG_16BIT_SUPPORTED
3990 else
3991 png_build_16bit_table(png_ptr, &png_ptr->gamma_16_table, shift,
3992 png_ptr->screen_gamma > 0 ? png_reciprocal2(png_ptr->colorspace.gamma,
3993 png_ptr->screen_gamma) : PNG_FP_1);
3994 #endif
3995
3996 #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3997 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
3998 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
3999 if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY))
4000 {
4001 png_build_16bit_table(png_ptr, &png_ptr->gamma_16_to_1, shift,
4002 png_reciprocal(png_ptr->colorspace.gamma));
4003
4004 /* Notice that the '16 from 1' table should be full precision, however
4005 * the lookup on this table still uses gamma_shift, so it can't be.
4006 * TODO: fix this.
4007 */
4008 png_build_16bit_table(png_ptr, &png_ptr->gamma_16_from_1, shift,
4009 png_ptr->screen_gamma > 0 ? png_reciprocal(png_ptr->screen_gamma) :
4010 png_ptr->colorspace.gamma/* Probably doing rgb_to_gray */);
4011 }
4012 #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
4013 }
4014 }
4015 #endif /* READ_GAMMA */
4016
4017 /* HARDWARE OPTION SUPPORT */
4018 #ifdef PNG_SET_OPTION_SUPPORTED
4019 int PNGAPI
4020 png_set_option(png_structrp png_ptr, int option, int onoff)
4021 {
4022 if (png_ptr != NULL && option >= 0 && option < PNG_OPTION_NEXT &&
4023 (option & 1) == 0)
4024 {
4025 int mask = 3 << option;
4026 int setting = (2 + (onoff != 0)) << option;
4027 int current = png_ptr->options;
4028
4029 png_ptr->options = (png_byte)((current & ~mask) | setting);
4030
4031 return (current & mask) >> option;
4032 }
4033
4034 return PNG_OPTION_INVALID;
4035 }
4036 #endif
4037
4038 /* sRGB support */
4039 #if defined(PNG_SIMPLIFIED_READ_SUPPORTED) ||\
4040 defined(PNG_SIMPLIFIED_WRITE_SUPPORTED)
4041 /* sRGB conversion tables; these are machine generated with the code in
4042 * contrib/tools/makesRGB.c. The actual sRGB transfer curve defined in the
4043 * specification (see the article at http://en.wikipedia.org/wiki/SRGB)
4044 * is used, not the gamma=1/2.2 approximation use elsewhere in libpng.
4045 * The sRGB to linear table is exact (to the nearest 16 bit linear fraction).
4046 * The inverse (linear to sRGB) table has accuracies as follows:
4047 *
4048 * For all possible (255*65535+1) input values:
4049 *
4050 * error: -0.515566 - 0.625971, 79441 (0.475369%) of readings inexact
4051 *
4052 * For the input values corresponding to the 65536 16-bit values:
4053 *
4054 * error: -0.513727 - 0.607759, 308 (0.469978%) of readings inexact
4055 *
4056 * In all cases the inexact readings are off by one.
4057 */
4058
4059 #ifdef PNG_SIMPLIFIED_READ_SUPPORTED
4060 /* The convert-to-sRGB table is only currently required for read. */
4061 const png_uint_16 png_sRGB_table[256] =
4062 {
4063 0,20,40,60,80,99,119,139,
4064 159,179,199,219,241,264,288,313,
4065 340,367,396,427,458,491,526,562,
4066 599,637,677,718,761,805,851,898,
4067 947,997,1048,1101,1156,1212,1270,1330,
4068 1391,1453,1517,1583,1651,1720,1790,1863,
4069 1937,2013,2090,2170,2250,2333,2418,2504,
4070 2592,2681,2773,2866,2961,3058,3157,3258,
4071 3360,3464,3570,3678,3788,3900,4014,4129,
4072 4247,4366,4488,4611,4736,4864,4993,5124,
4073 5257,5392,5530,5669,5810,5953,6099,6246,
4074 6395,6547,6700,6856,7014,7174,7335,7500,
4075 7666,7834,8004,8177,8352,8528,8708,8889,
4076 9072,9258,9445,9635,9828,10022,10219,10417,
4077 10619,10822,11028,11235,11446,11658,11873,12090,
4078 12309,12530,12754,12980,13209,13440,13673,13909,
4079 14146,14387,14629,14874,15122,15371,15623,15878,
4080 16135,16394,16656,16920,17187,17456,17727,18001,
4081 18277,18556,18837,19121,19407,19696,19987,20281,
4082 20577,20876,21177,21481,21787,22096,22407,22721,
4083 23038,23357,23678,24002,24329,24658,24990,25325,
4084 25662,26001,26344,26688,27036,27386,27739,28094,
4085 28452,28813,29176,29542,29911,30282,30656,31033,
4086 31412,31794,32179,32567,32957,33350,33745,34143,
4087 34544,34948,35355,35764,36176,36591,37008,37429,
4088 37852,38278,38706,39138,39572,40009,40449,40891,
4089 41337,41785,42236,42690,43147,43606,44069,44534,
4090 45002,45473,45947,46423,46903,47385,47871,48359,
4091 48850,49344,49841,50341,50844,51349,51858,52369,
4092 52884,53401,53921,54445,54971,55500,56032,56567,
4093 57105,57646,58190,58737,59287,59840,60396,60955,
4094 61517,62082,62650,63221,63795,64372,64952,65535
4095 };
4096
4097 #endif /* simplified read only */
4098
4099 /* The base/delta tables are required for both read and write (but currently
4100 * only the simplified versions.)
4101 */
4102 const png_uint_16 png_sRGB_base[512] =
4103 {
4104 128,1782,3383,4644,5675,6564,7357,8074,
4105 8732,9346,9921,10463,10977,11466,11935,12384,
4106 12816,13233,13634,14024,14402,14769,15125,15473,
4107 15812,16142,16466,16781,17090,17393,17690,17981,
4108 18266,18546,18822,19093,19359,19621,19879,20133,
4109 20383,20630,20873,21113,21349,21583,21813,22041,
4110 22265,22487,22707,22923,23138,23350,23559,23767,
4111 23972,24175,24376,24575,24772,24967,25160,25352,
4112 25542,25730,25916,26101,26284,26465,26645,26823,
4113 27000,27176,27350,27523,27695,27865,28034,28201,
4114 28368,28533,28697,28860,29021,29182,29341,29500,
4115 29657,29813,29969,30123,30276,30429,30580,30730,
4116 30880,31028,31176,31323,31469,31614,31758,31902,
4117 32045,32186,32327,32468,32607,32746,32884,33021,
4118 33158,33294,33429,33564,33697,33831,33963,34095,
4119 34226,34357,34486,34616,34744,34873,35000,35127,
4120 35253,35379,35504,35629,35753,35876,35999,36122,
4121 36244,36365,36486,36606,36726,36845,36964,37083,
4122 37201,37318,37435,37551,37668,37783,37898,38013,
4123 38127,38241,38354,38467,38580,38692,38803,38915,
4124 39026,39136,39246,39356,39465,39574,39682,39790,
4125 39898,40005,40112,40219,40325,40431,40537,40642,
4126 40747,40851,40955,41059,41163,41266,41369,41471,
4127 41573,41675,41777,41878,41979,42079,42179,42279,
4128 42379,42478,42577,42676,42775,42873,42971,43068,
4129 43165,43262,43359,43456,43552,43648,43743,43839,
4130 43934,44028,44123,44217,44311,44405,44499,44592,
4131 44685,44778,44870,44962,45054,45146,45238,45329,
4132 45420,45511,45601,45692,45782,45872,45961,46051,
4133 46140,46229,46318,46406,46494,46583,46670,46758,
4134 46846,46933,47020,47107,47193,47280,47366,47452,
4135 47538,47623,47709,47794,47879,47964,48048,48133,
4136 48217,48301,48385,48468,48552,48635,48718,48801,
4137 48884,48966,49048,49131,49213,49294,49376,49458,
4138 49539,49620,49701,49782,49862,49943,50023,50103,
4139 50183,50263,50342,50422,50501,50580,50659,50738,
4140 50816,50895,50973,51051,51129,51207,51285,51362,
4141 51439,51517,51594,51671,51747,51824,51900,51977,
4142 52053,52129,52205,52280,52356,52432,52507,52582,
4143 52657,52732,52807,52881,52956,53030,53104,53178,
4144 53252,53326,53400,53473,53546,53620,53693,53766,
4145 53839,53911,53984,54056,54129,54201,54273,54345,
4146 54417,54489,54560,54632,54703,54774,54845,54916,
4147 54987,55058,55129,55199,55269,55340,55410,55480,
4148 55550,55620,55689,55759,55828,55898,55967,56036,
4149 56105,56174,56243,56311,56380,56448,56517,56585,
4150 56653,56721,56789,56857,56924,56992,57059,57127,
4151 57194,57261,57328,57395,57462,57529,57595,57662,
4152 57728,57795,57861,57927,57993,58059,58125,58191,
4153 58256,58322,58387,58453,58518,58583,58648,58713,
4154 58778,58843,58908,58972,59037,59101,59165,59230,
4155 59294,59358,59422,59486,59549,59613,59677,59740,
4156 59804,59867,59930,59993,60056,60119,60182,60245,
4157 60308,60370,60433,60495,60558,60620,60682,60744,
4158 60806,60868,60930,60992,61054,61115,61177,61238,
4159 61300,61361,61422,61483,61544,61605,61666,61727,
4160 61788,61848,61909,61969,62030,62090,62150,62211,
4161 62271,62331,62391,62450,62510,62570,62630,62689,
4162 62749,62808,62867,62927,62986,63045,63104,63163,
4163 63222,63281,63340,63398,63457,63515,63574,63632,
4164 63691,63749,63807,63865,63923,63981,64039,64097,
4165 64155,64212,64270,64328,64385,64443,64500,64557,
4166 64614,64672,64729,64786,64843,64900,64956,65013,
4167 65070,65126,65183,65239,65296,65352,65409,65465
4168 };
4169
4170 const png_byte png_sRGB_delta[512] =
4171 {
4172 207,201,158,129,113,100,90,82,77,72,68,64,61,59,56,54,
4173 52,50,49,47,46,45,43,42,41,40,39,39,38,37,36,36,
4174 35,34,34,33,33,32,32,31,31,30,30,30,29,29,28,28,
4175 28,27,27,27,27,26,26,26,25,25,25,25,24,24,24,24,
4176 23,23,23,23,23,22,22,22,22,22,22,21,21,21,21,21,
4177 21,20,20,20,20,20,20,20,20,19,19,19,19,19,19,19,
4178 19,18,18,18,18,18,18,18,18,18,18,17,17,17,17,17,
4179 17,17,17,17,17,17,16,16,16,16,16,16,16,16,16,16,
4180 16,16,16,16,15,15,15,15,15,15,15,15,15,15,15,15,
4181 15,15,15,15,14,14,14,14,14,14,14,14,14,14,14,14,
4182 14,14,14,14,14,14,14,13,13,13,13,13,13,13,13,13,
4183 13,13,13,13,13,13,13,13,13,13,13,13,13,13,12,12,
4184 12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,
4185 12,12,12,12,12,12,12,12,12,12,12,12,11,11,11,11,
4186 11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,
4187 11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,
4188 11,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,
4189 10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,
4190 10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,
4191 10,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4192 9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4193 9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4194 9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4195 9,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4196 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4197 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4198 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4199 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4200 8,8,8,8,8,8,8,8,8,7,7,7,7,7,7,7,
4201 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
4202 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
4203 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7
4204 };
4205 #endif /* SIMPLIFIED READ/WRITE sRGB support */
4206
4207 /* SIMPLIFIED READ/WRITE SUPPORT */
4208 #if defined(PNG_SIMPLIFIED_READ_SUPPORTED) ||\
4209 defined(PNG_SIMPLIFIED_WRITE_SUPPORTED)
4210 static int
4211 png_image_free_function(png_voidp argument)
4212 {
4213 png_imagep image = png_voidcast(png_imagep, argument);
4214 png_controlp cp = image->opaque;
4215 png_control c;
4216
4217 /* Double check that we have a png_ptr - it should be impossible to get here
4218 * without one.
4219 */
4220 if (cp->png_ptr == NULL)
4221 return 0;
4222
4223 /* First free any data held in the control structure. */
4224 # ifdef PNG_STDIO_SUPPORTED
4225 if (cp->owned_file)
4226 {
4227 FILE *fp = png_voidcast(FILE*, cp->png_ptr->io_ptr);
4228 cp->owned_file = 0;
4229
4230 /* Ignore errors here. */
4231 if (fp != NULL)
4232 {
4233 cp->png_ptr->io_ptr = NULL;
4234 (void)fclose(fp);
4235 }
4236 }
4237 # endif
4238
4239 /* Copy the control structure so that the original, allocated, version can be
4240 * safely freed. Notice that a png_error here stops the remainder of the
4241 * cleanup, but this is probably fine because that would indicate bad memory
4242 * problems anyway.
4243 */
4244 c = *cp;
4245 image->opaque = &c;
4246 png_free(c.png_ptr, cp);
4247
4248 /* Then the structures, calling the correct API. */
4249 if (c.for_write)
4250 {
4251 # ifdef PNG_SIMPLIFIED_WRITE_SUPPORTED
4252 png_destroy_write_struct(&c.png_ptr, &c.info_ptr);
4253 # else
4254 png_error(c.png_ptr, "simplified write not supported");
4255 # endif
4256 }
4257 else
4258 {
4259 # ifdef PNG_SIMPLIFIED_READ_SUPPORTED
4260 png_destroy_read_struct(&c.png_ptr, &c.info_ptr, NULL);
4261 # else
4262 png_error(c.png_ptr, "simplified read not supported");
4263 # endif
4264 }
4265
4266 /* Success. */
4267 return 1;
4268 }
4269
4270 void PNGAPI
4271 png_image_free(png_imagep image)
4272 {
4273 /* Safely call the real function, but only if doing so is safe at this point
4274 * (if not inside an error handling context). Otherwise assume
4275 * png_safe_execute will call this API after the return.
4276 */
4277 if (image != NULL && image->opaque != NULL &&
4278 image->opaque->error_buf == NULL)
4279 {
4280 /* Ignore errors here: */
4281 (void)png_safe_execute(image, png_image_free_function, image);
4282 image->opaque = NULL;
4283 }
4284 }
4285
4286 int /* PRIVATE */
4287 png_image_error(png_imagep image, png_const_charp error_message)
4288 {
4289 /* Utility to log an error. */
4290 png_safecat(image->message, (sizeof image->message), 0, error_message);
4291 image->warning_or_error |= PNG_IMAGE_ERROR;
4292 png_image_free(image);
4293 return 0;
4294 }
4295
4296 #endif /* SIMPLIFIED READ/WRITE */
4297 #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
OLDNEW
« no previous file with comments | « third_party/lpng_v163/png.h ('k') | third_party/lpng_v163/pngconf.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698