1 :
2 : /* png.c - location for general purpose libpng functions
3 : *
4 : * Last changed in libpng 1.5.7 [December 15, 2011]
5 : * Copyright (c) 1998-2011 Glenn Randers-Pehrson
6 : * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 : * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
8 : *
9 : * This code is released under the libpng license.
10 : * For conditions of distribution and use, see the disclaimer
11 : * and license in png.h
12 : */
13 :
14 : #include "pngpriv.h"
15 :
16 : /* Generate a compiler error if there is an old png.h in the search path. */
17 : typedef png_libpng_version_1_5_9 Your_png_h_is_not_version_1_5_9;
18 :
19 : /* Tells libpng that we have already handled the first "num_bytes" bytes
20 : * of the PNG file signature. If the PNG data is embedded into another
21 : * stream we can set num_bytes = 8 so that libpng will not attempt to read
22 : * or write any of the magic bytes before it starts on the IHDR.
23 : */
24 :
25 : #ifdef PNG_READ_SUPPORTED
26 : void PNGAPI
27 0 : png_set_sig_bytes(png_structp png_ptr, int num_bytes)
28 : {
29 : png_debug(1, "in png_set_sig_bytes");
30 :
31 0 : if (png_ptr == NULL)
32 0 : return;
33 :
34 0 : if (num_bytes > 8)
35 0 : png_error(png_ptr, "Too many bytes for PNG signature");
36 :
37 0 : png_ptr->sig_bytes = (png_byte)(num_bytes < 0 ? 0 : num_bytes);
38 : }
39 :
40 : /* Checks whether the supplied bytes match the PNG signature. We allow
41 : * checking less than the full 8-byte signature so that those apps that
42 : * already read the first few bytes of a file to determine the file type
43 : * can simply check the remaining bytes for extra assurance. Returns
44 : * an integer less than, equal to, or greater than zero if sig is found,
45 : * respectively, to be less than, to match, or be greater than the correct
46 : * PNG signature (this is the same behavior as strcmp, memcmp, etc).
47 : */
48 : int PNGAPI
49 4 : png_sig_cmp(png_const_bytep sig, png_size_t start, png_size_t num_to_check)
50 : {
51 4 : png_byte png_signature[8] = {137, 80, 78, 71, 13, 10, 26, 10};
52 :
53 4 : if (num_to_check > 8)
54 0 : num_to_check = 8;
55 :
56 4 : else if (num_to_check < 1)
57 0 : return (-1);
58 :
59 4 : if (start > 7)
60 0 : return (-1);
61 :
62 4 : if (start + num_to_check > 8)
63 0 : num_to_check = 8 - start;
64 :
65 4 : return ((int)(png_memcmp(&sig[start], &png_signature[start], num_to_check)));
66 : }
67 :
68 : #endif /* PNG_READ_SUPPORTED */
69 :
70 : #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
71 : /* Function to allocate memory for zlib */
72 138 : PNG_FUNCTION(voidpf /* PRIVATE */,
73 : png_zalloc,(voidpf png_ptr, uInt items, uInt size),PNG_ALLOCATED)
74 : {
75 : png_voidp ptr;
76 138 : png_structp p=(png_structp)png_ptr;
77 138 : png_uint_32 save_flags=p->flags;
78 : png_alloc_size_t num_bytes;
79 :
80 138 : if (png_ptr == NULL)
81 0 : return (NULL);
82 :
83 138 : if (items > PNG_UINT_32_MAX/size)
84 : {
85 : png_warning (p, "Potential overflow in png_zalloc()");
86 0 : return (NULL);
87 : }
88 138 : num_bytes = (png_alloc_size_t)items * size;
89 :
90 138 : p->flags|=PNG_FLAG_MALLOC_NULL_MEM_OK;
91 138 : ptr = (png_voidp)png_malloc((png_structp)png_ptr, num_bytes);
92 138 : p->flags=save_flags;
93 :
94 138 : return ((voidpf)ptr);
95 : }
96 :
97 : /* Function to free memory for zlib */
98 : void /* PRIVATE */
99 138 : png_zfree(voidpf png_ptr, voidpf ptr)
100 : {
101 138 : png_free((png_structp)png_ptr, (png_voidp)ptr);
102 138 : }
103 :
104 : /* Reset the CRC variable to 32 bits of 1's. Care must be taken
105 : * in case CRC is > 32 bits to leave the top bits 0.
106 : */
107 : void /* PRIVATE */
108 131 : png_reset_crc(png_structp png_ptr)
109 : {
110 : /* The cast is safe because the crc is a 32 bit value. */
111 131 : png_ptr->crc = (png_uint_32)crc32(0, Z_NULL, 0);
112 131 : }
113 :
114 : /* Calculate the CRC over a section of data. We can only pass as
115 : * much data to this routine as the largest single buffer size. We
116 : * also check that this data will actually be used before going to the
117 : * trouble of calculating it.
118 : */
119 : void /* PRIVATE */
120 261 : png_calculate_crc(png_structp png_ptr, png_const_bytep ptr, png_size_t length)
121 : {
122 261 : int need_crc = 1;
123 :
124 261 : if (PNG_CHUNK_ANCILLIARY(png_ptr->chunk_name))
125 : {
126 91 : if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_MASK) ==
127 : (PNG_FLAG_CRC_ANCILLARY_USE | PNG_FLAG_CRC_ANCILLARY_NOWARN))
128 0 : need_crc = 0;
129 : }
130 :
131 : else /* critical */
132 : {
133 170 : if (png_ptr->flags & PNG_FLAG_CRC_CRITICAL_IGNORE)
134 0 : need_crc = 0;
135 : }
136 :
137 : /* 'uLong' is defined as unsigned long, this means that on some systems it is
138 : * a 64 bit value. crc32, however, returns 32 bits so the following cast is
139 : * safe. 'uInt' may be no more than 16 bits, so it is necessary to perform a
140 : * loop here.
141 : */
142 261 : if (need_crc && length > 0)
143 : {
144 261 : uLong crc = png_ptr->crc; /* Should never issue a warning */
145 :
146 : do
147 : {
148 261 : uInt safeLength = (uInt)length;
149 261 : if (safeLength == 0)
150 0 : safeLength = (uInt)-1; /* evil, but safe */
151 :
152 261 : crc = crc32(crc, ptr, safeLength);
153 :
154 : /* The following should never issue compiler warnings, if they do the
155 : * target system has characteristics that will probably violate other
156 : * assumptions within the libpng code.
157 : */
158 261 : ptr += safeLength;
159 261 : length -= safeLength;
160 : }
161 261 : while (length > 0);
162 :
163 : /* And the following is always safe because the crc is only 32 bits. */
164 261 : png_ptr->crc = (png_uint_32)crc;
165 : }
166 261 : }
167 :
168 : /* Check a user supplied version number, called from both read and write
169 : * functions that create a png_struct
170 : */
171 : int
172 30 : png_user_version_check(png_structp png_ptr, png_const_charp user_png_ver)
173 : {
174 30 : if (user_png_ver)
175 : {
176 30 : int i = 0;
177 :
178 : do
179 : {
180 180 : if (user_png_ver[i] != png_libpng_ver[i])
181 0 : png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
182 180 : } while (png_libpng_ver[i++]);
183 : }
184 :
185 : else
186 0 : png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
187 :
188 30 : if (png_ptr->flags & PNG_FLAG_LIBRARY_MISMATCH)
189 : {
190 : /* Libpng 0.90 and later are binary incompatible with libpng 0.89, so
191 : * we must recompile any applications that use any older library version.
192 : * For versions after libpng 1.0, we will be compatible, so we need
193 : * only check the first digit.
194 : */
195 0 : if (user_png_ver == NULL || user_png_ver[0] != png_libpng_ver[0] ||
196 0 : (user_png_ver[0] == '1' && user_png_ver[2] != png_libpng_ver[2]) ||
197 0 : (user_png_ver[0] == '0' && user_png_ver[2] < '9'))
198 : {
199 : #ifdef PNG_WARNINGS_SUPPORTED
200 : size_t pos = 0;
201 : char m[128];
202 :
203 : pos = png_safecat(m, sizeof m, pos, "Application built with libpng-");
204 : pos = png_safecat(m, sizeof m, pos, user_png_ver);
205 : pos = png_safecat(m, sizeof m, pos, " but running with ");
206 : pos = png_safecat(m, sizeof m, pos, png_libpng_ver);
207 :
208 : png_warning(png_ptr, m);
209 : #endif
210 :
211 : #ifdef PNG_ERROR_NUMBERS_SUPPORTED
212 : png_ptr->flags = 0;
213 : #endif
214 :
215 0 : return 0;
216 : }
217 : }
218 :
219 : /* Success return. */
220 30 : return 1;
221 : }
222 :
223 : /* Allocate the memory for an info_struct for the application. We don't
224 : * really need the png_ptr, but it could potentially be useful in the
225 : * future. This should be used in favour of malloc(png_sizeof(png_info))
226 : * and png_info_init() so that applications that want to use a shared
227 : * libpng don't have to be recompiled if png_info changes size.
228 : */
229 30 : PNG_FUNCTION(png_infop,PNGAPI
230 : png_create_info_struct,(png_structp png_ptr),PNG_ALLOCATED)
231 : {
232 : png_infop info_ptr;
233 :
234 : png_debug(1, "in png_create_info_struct");
235 :
236 30 : if (png_ptr == NULL)
237 0 : return (NULL);
238 :
239 : #ifdef PNG_USER_MEM_SUPPORTED
240 : info_ptr = (png_infop)png_create_struct_2(PNG_STRUCT_INFO,
241 : png_ptr->malloc_fn, png_ptr->mem_ptr);
242 : #else
243 30 : info_ptr = (png_infop)png_create_struct(PNG_STRUCT_INFO);
244 : #endif
245 30 : if (info_ptr != NULL)
246 30 : png_info_init_3(&info_ptr, png_sizeof(png_info));
247 :
248 30 : return (info_ptr);
249 : }
250 :
251 : /* This function frees the memory associated with a single info struct.
252 : * Normally, one would use either png_destroy_read_struct() or
253 : * png_destroy_write_struct() to free an info struct, but this may be
254 : * useful for some applications.
255 : */
256 : void PNGAPI
257 0 : png_destroy_info_struct(png_structp png_ptr, png_infopp info_ptr_ptr)
258 : {
259 0 : png_infop info_ptr = NULL;
260 :
261 : png_debug(1, "in png_destroy_info_struct");
262 :
263 0 : if (png_ptr == NULL)
264 0 : return;
265 :
266 0 : if (info_ptr_ptr != NULL)
267 0 : info_ptr = *info_ptr_ptr;
268 :
269 0 : if (info_ptr != NULL)
270 : {
271 0 : png_info_destroy(png_ptr, info_ptr);
272 :
273 : #ifdef PNG_USER_MEM_SUPPORTED
274 : png_destroy_struct_2((png_voidp)info_ptr, png_ptr->free_fn,
275 : png_ptr->mem_ptr);
276 : #else
277 0 : png_destroy_struct((png_voidp)info_ptr);
278 : #endif
279 0 : *info_ptr_ptr = NULL;
280 : }
281 : }
282 :
283 : /* Initialize the info structure. This is now an internal function (0.89)
284 : * and applications using it are urged to use png_create_info_struct()
285 : * instead.
286 : */
287 :
288 : void PNGAPI
289 34 : png_info_init_3(png_infopp ptr_ptr, png_size_t png_info_struct_size)
290 : {
291 34 : png_infop info_ptr = *ptr_ptr;
292 :
293 : png_debug(1, "in png_info_init_3");
294 :
295 34 : if (info_ptr == NULL)
296 0 : return;
297 :
298 34 : if (png_sizeof(png_info) > png_info_struct_size)
299 : {
300 0 : png_destroy_struct(info_ptr);
301 0 : info_ptr = (png_infop)png_create_struct(PNG_STRUCT_INFO);
302 0 : *ptr_ptr = info_ptr;
303 : }
304 :
305 : /* Set everything to 0 */
306 34 : png_memset(info_ptr, 0, png_sizeof(png_info));
307 : }
308 :
309 : void PNGAPI
310 0 : png_data_freer(png_structp png_ptr, png_infop info_ptr,
311 : int freer, png_uint_32 mask)
312 : {
313 : png_debug(1, "in png_data_freer");
314 :
315 0 : if (png_ptr == NULL || info_ptr == NULL)
316 0 : return;
317 :
318 0 : if (freer == PNG_DESTROY_WILL_FREE_DATA)
319 0 : info_ptr->free_me |= mask;
320 :
321 0 : else if (freer == PNG_USER_WILL_FREE_DATA)
322 0 : info_ptr->free_me &= ~mask;
323 :
324 : else
325 : png_warning(png_ptr,
326 : "Unknown freer parameter in png_data_freer");
327 : }
328 :
329 : void PNGAPI
330 34 : png_free_data(png_structp png_ptr, png_infop info_ptr, png_uint_32 mask,
331 : int num)
332 : {
333 : png_debug(1, "in png_free_data");
334 :
335 34 : if (png_ptr == NULL || info_ptr == NULL)
336 0 : return;
337 :
338 : #ifdef PNG_TEXT_SUPPORTED
339 : /* Free text item num or (if num == -1) all text items */
340 34 : if ((mask & PNG_FREE_TEXT) & info_ptr->free_me)
341 : {
342 0 : if (num != -1)
343 : {
344 0 : if (info_ptr->text && info_ptr->text[num].key)
345 : {
346 0 : png_free(png_ptr, info_ptr->text[num].key);
347 0 : info_ptr->text[num].key = NULL;
348 : }
349 : }
350 :
351 : else
352 : {
353 : int i;
354 0 : for (i = 0; i < info_ptr->num_text; i++)
355 0 : png_free_data(png_ptr, info_ptr, PNG_FREE_TEXT, i);
356 0 : png_free(png_ptr, info_ptr->text);
357 0 : info_ptr->text = NULL;
358 0 : info_ptr->num_text=0;
359 : }
360 : }
361 : #endif
362 :
363 : #ifdef PNG_tRNS_SUPPORTED
364 : /* Free any tRNS entry */
365 34 : if ((mask & PNG_FREE_TRNS) & info_ptr->free_me)
366 : {
367 0 : png_free(png_ptr, info_ptr->trans_alpha);
368 0 : info_ptr->trans_alpha = NULL;
369 0 : info_ptr->valid &= ~PNG_INFO_tRNS;
370 : }
371 : #endif
372 :
373 : #ifdef PNG_sCAL_SUPPORTED
374 : /* Free any sCAL entry */
375 : if ((mask & PNG_FREE_SCAL) & info_ptr->free_me)
376 : {
377 : png_free(png_ptr, info_ptr->scal_s_width);
378 : png_free(png_ptr, info_ptr->scal_s_height);
379 : info_ptr->scal_s_width = NULL;
380 : info_ptr->scal_s_height = NULL;
381 : info_ptr->valid &= ~PNG_INFO_sCAL;
382 : }
383 : #endif
384 :
385 : #ifdef PNG_pCAL_SUPPORTED
386 : /* Free any pCAL entry */
387 : if ((mask & PNG_FREE_PCAL) & info_ptr->free_me)
388 : {
389 : png_free(png_ptr, info_ptr->pcal_purpose);
390 : png_free(png_ptr, info_ptr->pcal_units);
391 : info_ptr->pcal_purpose = NULL;
392 : info_ptr->pcal_units = NULL;
393 : if (info_ptr->pcal_params != NULL)
394 : {
395 : int i;
396 : for (i = 0; i < (int)info_ptr->pcal_nparams; i++)
397 : {
398 : png_free(png_ptr, info_ptr->pcal_params[i]);
399 : info_ptr->pcal_params[i] = NULL;
400 : }
401 : png_free(png_ptr, info_ptr->pcal_params);
402 : info_ptr->pcal_params = NULL;
403 : }
404 : info_ptr->valid &= ~PNG_INFO_pCAL;
405 : }
406 : #endif
407 :
408 : #ifdef PNG_iCCP_SUPPORTED
409 : /* Free any iCCP entry */
410 34 : if ((mask & PNG_FREE_ICCP) & info_ptr->free_me)
411 : {
412 0 : png_free(png_ptr, info_ptr->iccp_name);
413 0 : png_free(png_ptr, info_ptr->iccp_profile);
414 0 : info_ptr->iccp_name = NULL;
415 0 : info_ptr->iccp_profile = NULL;
416 0 : info_ptr->valid &= ~PNG_INFO_iCCP;
417 : }
418 : #endif
419 :
420 : #ifdef PNG_sPLT_SUPPORTED
421 : /* Free a given sPLT entry, or (if num == -1) all sPLT entries */
422 : if ((mask & PNG_FREE_SPLT) & info_ptr->free_me)
423 : {
424 : if (num != -1)
425 : {
426 : if (info_ptr->splt_palettes)
427 : {
428 : png_free(png_ptr, info_ptr->splt_palettes[num].name);
429 : png_free(png_ptr, info_ptr->splt_palettes[num].entries);
430 : info_ptr->splt_palettes[num].name = NULL;
431 : info_ptr->splt_palettes[num].entries = NULL;
432 : }
433 : }
434 :
435 : else
436 : {
437 : if (info_ptr->splt_palettes_num)
438 : {
439 : int i;
440 : for (i = 0; i < (int)info_ptr->splt_palettes_num; i++)
441 : png_free_data(png_ptr, info_ptr, PNG_FREE_SPLT, i);
442 :
443 : png_free(png_ptr, info_ptr->splt_palettes);
444 : info_ptr->splt_palettes = NULL;
445 : info_ptr->splt_palettes_num = 0;
446 : }
447 : info_ptr->valid &= ~PNG_INFO_sPLT;
448 : }
449 : }
450 : #endif
451 :
452 : #ifdef PNG_UNKNOWN_CHUNKS_SUPPORTED
453 : if (png_ptr->unknown_chunk.data)
454 : {
455 : png_free(png_ptr, png_ptr->unknown_chunk.data);
456 : png_ptr->unknown_chunk.data = NULL;
457 : }
458 :
459 : if ((mask & PNG_FREE_UNKN) & info_ptr->free_me)
460 : {
461 : if (num != -1)
462 : {
463 : if (info_ptr->unknown_chunks)
464 : {
465 : png_free(png_ptr, info_ptr->unknown_chunks[num].data);
466 : info_ptr->unknown_chunks[num].data = NULL;
467 : }
468 : }
469 :
470 : else
471 : {
472 : int i;
473 :
474 : if (info_ptr->unknown_chunks_num)
475 : {
476 : for (i = 0; i < info_ptr->unknown_chunks_num; i++)
477 : png_free_data(png_ptr, info_ptr, PNG_FREE_UNKN, i);
478 :
479 : png_free(png_ptr, info_ptr->unknown_chunks);
480 : info_ptr->unknown_chunks = NULL;
481 : info_ptr->unknown_chunks_num = 0;
482 : }
483 : }
484 : }
485 : #endif
486 :
487 : #ifdef PNG_hIST_SUPPORTED
488 : /* Free any hIST entry */
489 : if ((mask & PNG_FREE_HIST) & info_ptr->free_me)
490 : {
491 : png_free(png_ptr, info_ptr->hist);
492 : info_ptr->hist = NULL;
493 : info_ptr->valid &= ~PNG_INFO_hIST;
494 : }
495 : #endif
496 :
497 : /* Free any PLTE entry that was internally allocated */
498 34 : if ((mask & PNG_FREE_PLTE) & info_ptr->free_me)
499 : {
500 0 : png_zfree(png_ptr, info_ptr->palette);
501 0 : info_ptr->palette = NULL;
502 0 : info_ptr->valid &= ~PNG_INFO_PLTE;
503 0 : info_ptr->num_palette = 0;
504 : }
505 :
506 : #ifdef PNG_INFO_IMAGE_SUPPORTED
507 : /* Free any image bits attached to the info structure */
508 : if ((mask & PNG_FREE_ROWS) & info_ptr->free_me)
509 : {
510 : if (info_ptr->row_pointers)
511 : {
512 : int row;
513 : for (row = 0; row < (int)info_ptr->height; row++)
514 : {
515 : png_free(png_ptr, info_ptr->row_pointers[row]);
516 : info_ptr->row_pointers[row] = NULL;
517 : }
518 : png_free(png_ptr, info_ptr->row_pointers);
519 : info_ptr->row_pointers = NULL;
520 : }
521 : info_ptr->valid &= ~PNG_INFO_IDAT;
522 : }
523 : #endif
524 :
525 34 : if (num != -1)
526 0 : mask &= ~PNG_FREE_MUL;
527 :
528 34 : info_ptr->free_me &= ~mask;
529 : }
530 :
531 : /* This is an internal routine to free any memory that the info struct is
532 : * pointing to before re-using it or freeing the struct itself. Recall
533 : * that png_free() checks for NULL pointers for us.
534 : */
535 : void /* PRIVATE */
536 4 : png_info_destroy(png_structp png_ptr, png_infop info_ptr)
537 : {
538 : png_debug(1, "in png_info_destroy");
539 :
540 4 : png_free_data(png_ptr, info_ptr, PNG_FREE_ALL, -1);
541 :
542 : #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
543 : if (png_ptr->num_chunk_list)
544 : {
545 : png_free(png_ptr, png_ptr->chunk_list);
546 : png_ptr->chunk_list = NULL;
547 : png_ptr->num_chunk_list = 0;
548 : }
549 : #endif
550 :
551 4 : png_info_init_3(&info_ptr, png_sizeof(png_info));
552 4 : }
553 : #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
554 :
555 : /* This function returns a pointer to the io_ptr associated with the user
556 : * functions. The application should free any memory associated with this
557 : * pointer before png_write_destroy() or png_read_destroy() are called.
558 : */
559 : png_voidp PNGAPI
560 358 : png_get_io_ptr(png_structp png_ptr)
561 : {
562 358 : if (png_ptr == NULL)
563 0 : return (NULL);
564 :
565 358 : return (png_ptr->io_ptr);
566 : }
567 :
568 : #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
569 : # ifdef PNG_STDIO_SUPPORTED
570 : /* Initialize the default input/output functions for the PNG file. If you
571 : * use your own read or write routines, you can call either png_set_read_fn()
572 : * or png_set_write_fn() instead of png_init_io(). If you have defined
573 : * PNG_NO_STDIO or otherwise disabled PNG_STDIO_SUPPORTED, you must use a
574 : * function of your own because "FILE *" isn't necessarily available.
575 : */
576 : void PNGAPI
577 0 : png_init_io(png_structp png_ptr, png_FILE_p fp)
578 : {
579 : png_debug(1, "in png_init_io");
580 :
581 0 : if (png_ptr == NULL)
582 0 : return;
583 :
584 0 : png_ptr->io_ptr = (png_voidp)fp;
585 : }
586 : # endif
587 :
588 : # ifdef PNG_TIME_RFC1123_SUPPORTED
589 : /* Convert the supplied time into an RFC 1123 string suitable for use in
590 : * a "Creation Time" or other text-based time string.
591 : */
592 : png_const_charp PNGAPI
593 : png_convert_to_rfc1123(png_structp png_ptr, png_const_timep ptime)
594 : {
595 : static PNG_CONST char short_months[12][4] =
596 : {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
597 : "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
598 :
599 : if (png_ptr == NULL)
600 : return (NULL);
601 :
602 : if (ptime->year > 9999 /* RFC1123 limitation */ ||
603 : ptime->month == 0 || ptime->month > 12 ||
604 : ptime->day == 0 || ptime->day > 31 ||
605 : ptime->hour > 23 || ptime->minute > 59 ||
606 : ptime->second > 60)
607 : {
608 : png_warning(png_ptr, "Ignoring invalid time value");
609 : return (NULL);
610 : }
611 :
612 : {
613 : size_t pos = 0;
614 : char number_buf[5]; /* enough for a four-digit year */
615 :
616 : # define APPEND_STRING(string)\
617 : pos = png_safecat(png_ptr->time_buffer, sizeof png_ptr->time_buffer,\
618 : pos, (string))
619 : # define APPEND_NUMBER(format, value)\
620 : APPEND_STRING(PNG_FORMAT_NUMBER(number_buf, format, (value)))
621 : # define APPEND(ch)\
622 : if (pos < (sizeof png_ptr->time_buffer)-1)\
623 : png_ptr->time_buffer[pos++] = (ch)
624 :
625 : APPEND_NUMBER(PNG_NUMBER_FORMAT_u, (unsigned)ptime->day);
626 : APPEND(' ');
627 : APPEND_STRING(short_months[(ptime->month - 1)]);
628 : APPEND(' ');
629 : APPEND_NUMBER(PNG_NUMBER_FORMAT_u, ptime->year);
630 : APPEND(' ');
631 : APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->hour);
632 : APPEND(':');
633 : APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->minute);
634 : APPEND(':');
635 : APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->second);
636 : APPEND_STRING(" +0000"); /* This reliably terminates the buffer */
637 :
638 : # undef APPEND
639 : # undef APPEND_NUMBER
640 : # undef APPEND_STRING
641 : }
642 :
643 : return png_ptr->time_buffer;
644 : }
645 : # endif /* PNG_TIME_RFC1123_SUPPORTED */
646 :
647 : #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
648 :
649 : png_const_charp PNGAPI
650 0 : png_get_copyright(png_const_structp png_ptr)
651 : {
652 : PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */
653 : #ifdef PNG_STRING_COPYRIGHT
654 : return PNG_STRING_COPYRIGHT
655 : #else
656 : # ifdef __STDC__
657 0 : return PNG_STRING_NEWLINE \
658 : "libpng version 1.5.9 - February 18, 2012" PNG_STRING_NEWLINE \
659 : "Copyright (c) 1998-2011 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
660 : "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
661 : "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
662 : PNG_STRING_NEWLINE;
663 : # else
664 : return "libpng version 1.5.9 - February 18, 2012\
665 : Copyright (c) 1998-2011 Glenn Randers-Pehrson\
666 : Copyright (c) 1996-1997 Andreas Dilger\
667 : Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
668 : # endif
669 : #endif
670 : }
671 :
672 : /* The following return the library version as a short string in the
673 : * format 1.0.0 through 99.99.99zz. To get the version of *.h files
674 : * used with your application, print out PNG_LIBPNG_VER_STRING, which
675 : * is defined in png.h.
676 : * Note: now there is no difference between png_get_libpng_ver() and
677 : * png_get_header_ver(). Due to the version_nn_nn_nn typedef guard,
678 : * it is guaranteed that png.c uses the correct version of png.h.
679 : */
680 : png_const_charp PNGAPI
681 0 : png_get_libpng_ver(png_const_structp png_ptr)
682 : {
683 : /* Version of *.c files used when building libpng */
684 0 : return png_get_header_ver(png_ptr);
685 : }
686 :
687 : png_const_charp PNGAPI
688 360 : png_get_header_ver(png_const_structp png_ptr)
689 : {
690 : /* Version of *.h files used when building libpng */
691 : PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */
692 360 : return PNG_LIBPNG_VER_STRING;
693 : }
694 :
695 : png_const_charp PNGAPI
696 0 : png_get_header_version(png_const_structp png_ptr)
697 : {
698 : /* Returns longer string containing both version and date */
699 : PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */
700 : #ifdef __STDC__
701 0 : return PNG_HEADER_VERSION_STRING
702 : # ifndef PNG_READ_SUPPORTED
703 : " (NO READ SUPPORT)"
704 : # endif
705 : PNG_STRING_NEWLINE;
706 : #else
707 : return PNG_HEADER_VERSION_STRING;
708 : #endif
709 : }
710 :
711 : #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
712 : int PNGAPI
713 : png_handle_as_unknown(png_structp png_ptr, png_const_bytep chunk_name)
714 : {
715 : /* Check chunk_name and return "keep" value if it's on the list, else 0 */
716 : png_const_bytep p, p_end;
717 :
718 : if (png_ptr == NULL || chunk_name == NULL || png_ptr->num_chunk_list <= 0)
719 : return PNG_HANDLE_CHUNK_AS_DEFAULT;
720 :
721 : p_end = png_ptr->chunk_list;
722 : p = p_end + png_ptr->num_chunk_list*5; /* beyond end */
723 :
724 : /* The code is the fifth byte after each four byte string. Historically this
725 : * code was always searched from the end of the list, so it should continue
726 : * to do so in case there are duplicated entries.
727 : */
728 : do /* num_chunk_list > 0, so at least one */
729 : {
730 : p -= 5;
731 : if (!png_memcmp(chunk_name, p, 4))
732 : return p[4];
733 : }
734 : while (p > p_end);
735 :
736 : return PNG_HANDLE_CHUNK_AS_DEFAULT;
737 : }
738 :
739 : int /* PRIVATE */
740 : png_chunk_unknown_handling(png_structp png_ptr, png_uint_32 chunk_name)
741 : {
742 : png_byte chunk_string[5];
743 :
744 : PNG_CSTRING_FROM_CHUNK(chunk_string, chunk_name);
745 : return png_handle_as_unknown(png_ptr, chunk_string);
746 : }
747 : #endif
748 :
749 : #ifdef PNG_READ_SUPPORTED
750 : /* This function, added to libpng-1.0.6g, is untested. */
751 : int PNGAPI
752 0 : png_reset_zstream(png_structp png_ptr)
753 : {
754 0 : if (png_ptr == NULL)
755 0 : return Z_STREAM_ERROR;
756 :
757 0 : return (inflateReset(&png_ptr->zstream));
758 : }
759 : #endif /* PNG_READ_SUPPORTED */
760 :
761 : /* This function was added to libpng-1.0.7 */
762 : png_uint_32 PNGAPI
763 0 : png_access_version_number(void)
764 : {
765 : /* Version of *.c files used when building libpng */
766 0 : return((png_uint_32)PNG_LIBPNG_VER);
767 : }
768 :
769 :
770 :
771 : #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
772 : /* png_convert_size: a PNGAPI but no longer in png.h, so deleted
773 : * at libpng 1.5.5!
774 : */
775 :
776 : /* Added at libpng version 1.2.34 and 1.4.0 (moved from pngset.c) */
777 : # ifdef PNG_CHECK_cHRM_SUPPORTED
778 :
779 : int /* PRIVATE */
780 0 : png_check_cHRM_fixed(png_structp png_ptr,
781 : png_fixed_point white_x, png_fixed_point white_y, png_fixed_point red_x,
782 : png_fixed_point red_y, png_fixed_point green_x, png_fixed_point green_y,
783 : png_fixed_point blue_x, png_fixed_point blue_y)
784 : {
785 0 : int ret = 1;
786 : unsigned long xy_hi,xy_lo,yx_hi,yx_lo;
787 :
788 : png_debug(1, "in function png_check_cHRM_fixed");
789 :
790 0 : if (png_ptr == NULL)
791 0 : return 0;
792 :
793 : /* (x,y,z) values are first limited to 0..100000 (PNG_FP_1), the white
794 : * y must also be greater than 0. To test for the upper limit calculate
795 : * (PNG_FP_1-y) - x must be <= to this for z to be >= 0 (and the expression
796 : * cannot overflow.) At this point we know x and y are >= 0 and (x+y) is
797 : * <= PNG_FP_1. The previous test on PNG_MAX_UINT_31 is removed because it
798 : * pointless (and it produces compiler warnings!)
799 : */
800 0 : if (white_x < 0 || white_y <= 0 ||
801 0 : red_x < 0 || red_y < 0 ||
802 0 : green_x < 0 || green_y < 0 ||
803 0 : blue_x < 0 || blue_y < 0)
804 : {
805 : png_warning(png_ptr,
806 : "Ignoring attempt to set negative chromaticity value");
807 0 : ret = 0;
808 : }
809 : /* And (x+y) must be <= PNG_FP_1 (so z is >= 0) */
810 0 : if (white_x > PNG_FP_1 - white_y)
811 : {
812 : png_warning(png_ptr, "Invalid cHRM white point");
813 0 : ret = 0;
814 : }
815 :
816 0 : if (red_x > PNG_FP_1 - red_y)
817 : {
818 : png_warning(png_ptr, "Invalid cHRM red point");
819 0 : ret = 0;
820 : }
821 :
822 0 : if (green_x > PNG_FP_1 - green_y)
823 : {
824 : png_warning(png_ptr, "Invalid cHRM green point");
825 0 : ret = 0;
826 : }
827 :
828 0 : if (blue_x > PNG_FP_1 - blue_y)
829 : {
830 : png_warning(png_ptr, "Invalid cHRM blue point");
831 0 : ret = 0;
832 : }
833 :
834 0 : png_64bit_product(green_x - red_x, blue_y - red_y, &xy_hi, &xy_lo);
835 0 : png_64bit_product(green_y - red_y, blue_x - red_x, &yx_hi, &yx_lo);
836 :
837 0 : if (xy_hi == yx_hi && xy_lo == yx_lo)
838 : {
839 : png_warning(png_ptr,
840 : "Ignoring attempt to set cHRM RGB triangle with zero area");
841 0 : ret = 0;
842 : }
843 :
844 0 : return ret;
845 : }
846 : # endif /* PNG_CHECK_cHRM_SUPPORTED */
847 :
848 : #ifdef PNG_cHRM_SUPPORTED
849 : /* Added at libpng-1.5.5 to support read and write of true CIEXYZ values for
850 : * cHRM, as opposed to using chromaticities. These internal APIs return
851 : * non-zero on a parameter error. The X, Y and Z values are required to be
852 : * positive and less than 1.0.
853 : */
854 0 : int png_xy_from_XYZ(png_xy *xy, png_XYZ XYZ)
855 : {
856 : png_int_32 d, dwhite, whiteX, whiteY;
857 :
858 0 : d = XYZ.redX + XYZ.redY + XYZ.redZ;
859 0 : if (!png_muldiv(&xy->redx, XYZ.redX, PNG_FP_1, d)) return 1;
860 0 : if (!png_muldiv(&xy->redy, XYZ.redY, PNG_FP_1, d)) return 1;
861 0 : dwhite = d;
862 0 : whiteX = XYZ.redX;
863 0 : whiteY = XYZ.redY;
864 :
865 0 : d = XYZ.greenX + XYZ.greenY + XYZ.greenZ;
866 0 : if (!png_muldiv(&xy->greenx, XYZ.greenX, PNG_FP_1, d)) return 1;
867 0 : if (!png_muldiv(&xy->greeny, XYZ.greenY, PNG_FP_1, d)) return 1;
868 0 : dwhite += d;
869 0 : whiteX += XYZ.greenX;
870 0 : whiteY += XYZ.greenY;
871 :
872 0 : d = XYZ.blueX + XYZ.blueY + XYZ.blueZ;
873 0 : if (!png_muldiv(&xy->bluex, XYZ.blueX, PNG_FP_1, d)) return 1;
874 0 : if (!png_muldiv(&xy->bluey, XYZ.blueY, PNG_FP_1, d)) return 1;
875 0 : dwhite += d;
876 0 : whiteX += XYZ.blueX;
877 0 : whiteY += XYZ.blueY;
878 :
879 : /* The reference white is simply the same of the end-point (X,Y,Z) vectors,
880 : * thus:
881 : */
882 0 : if (!png_muldiv(&xy->whitex, whiteX, PNG_FP_1, dwhite)) return 1;
883 0 : if (!png_muldiv(&xy->whitey, whiteY, PNG_FP_1, dwhite)) return 1;
884 :
885 0 : return 0;
886 : }
887 :
888 0 : int png_XYZ_from_xy(png_XYZ *XYZ, png_xy xy)
889 : {
890 : png_fixed_point red_inverse, green_inverse, blue_scale;
891 : png_fixed_point left, right, denominator;
892 :
893 : /* Check xy and, implicitly, z. Note that wide gamut color spaces typically
894 : * have end points with 0 tristimulus values (these are impossible end
895 : * points, but they are used to cover the possible colors.)
896 : */
897 0 : if (xy.redx < 0 || xy.redx > PNG_FP_1) return 1;
898 0 : if (xy.redy < 0 || xy.redy > PNG_FP_1-xy.redx) return 1;
899 0 : if (xy.greenx < 0 || xy.greenx > PNG_FP_1) return 1;
900 0 : if (xy.greeny < 0 || xy.greeny > PNG_FP_1-xy.greenx) return 1;
901 0 : if (xy.bluex < 0 || xy.bluex > PNG_FP_1) return 1;
902 0 : if (xy.bluey < 0 || xy.bluey > PNG_FP_1-xy.bluex) return 1;
903 0 : if (xy.whitex < 0 || xy.whitex > PNG_FP_1) return 1;
904 0 : if (xy.whitey < 0 || xy.whitey > PNG_FP_1-xy.whitex) return 1;
905 :
906 : /* The reverse calculation is more difficult because the original tristimulus
907 : * value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8
908 : * derived values were recorded in the cHRM chunk;
909 : * (red,green,blue,white)x(x,y). This loses one degree of freedom and
910 : * therefore an arbitrary ninth value has to be introduced to undo the
911 : * original transformations.
912 : *
913 : * Think of the original end-points as points in (X,Y,Z) space. The
914 : * chromaticity values (c) have the property:
915 : *
916 : * C
917 : * c = ---------
918 : * X + Y + Z
919 : *
920 : * For each c (x,y,z) from the corresponding original C (X,Y,Z). Thus the
921 : * three chromaticity values (x,y,z) for each end-point obey the
922 : * relationship:
923 : *
924 : * x + y + z = 1
925 : *
926 : * This describes the plane in (X,Y,Z) space that intersects each axis at the
927 : * value 1.0; call this the chromaticity plane. Thus the chromaticity
928 : * calculation has scaled each end-point so that it is on the x+y+z=1 plane
929 : * and chromaticity is the intersection of the vector from the origin to the
930 : * (X,Y,Z) value with the chromaticity plane.
931 : *
932 : * To fully invert the chromaticity calculation we would need the three
933 : * end-point scale factors, (red-scale, green-scale, blue-scale), but these
934 : * were not recorded. Instead we calculated the reference white (X,Y,Z) and
935 : * recorded the chromaticity of this. The reference white (X,Y,Z) would have
936 : * given all three of the scale factors since:
937 : *
938 : * color-C = color-c * color-scale
939 : * white-C = red-C + green-C + blue-C
940 : * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
941 : *
942 : * But cHRM records only white-x and white-y, so we have lost the white scale
943 : * factor:
944 : *
945 : * white-C = white-c*white-scale
946 : *
947 : * To handle this the inverse transformation makes an arbitrary assumption
948 : * about white-scale:
949 : *
950 : * Assume: white-Y = 1.0
951 : * Hence: white-scale = 1/white-y
952 : * Or: red-Y + green-Y + blue-Y = 1.0
953 : *
954 : * Notice the last statement of the assumption gives an equation in three of
955 : * the nine values we want to calculate. 8 more equations come from the
956 : * above routine as summarised at the top above (the chromaticity
957 : * calculation):
958 : *
959 : * Given: color-x = color-X / (color-X + color-Y + color-Z)
960 : * Hence: (color-x - 1)*color-X + color.x*color-Y + color.x*color-Z = 0
961 : *
962 : * This is 9 simultaneous equations in the 9 variables "color-C" and can be
963 : * solved by Cramer's rule. Cramer's rule requires calculating 10 9x9 matrix
964 : * determinants, however this is not as bad as it seems because only 28 of
965 : * the total of 90 terms in the various matrices are non-zero. Nevertheless
966 : * Cramer's rule is notoriously numerically unstable because the determinant
967 : * calculation involves the difference of large, but similar, numbers. It is
968 : * difficult to be sure that the calculation is stable for real world values
969 : * and it is certain that it becomes unstable where the end points are close
970 : * together.
971 : *
972 : * So this code uses the perhaps slighly less optimal but more understandable
973 : * and totally obvious approach of calculating color-scale.
974 : *
975 : * This algorithm depends on the precision in white-scale and that is
976 : * (1/white-y), so we can immediately see that as white-y approaches 0 the
977 : * accuracy inherent in the cHRM chunk drops off substantially.
978 : *
979 : * libpng arithmetic: a simple invertion of the above equations
980 : * ------------------------------------------------------------
981 : *
982 : * white_scale = 1/white-y
983 : * white-X = white-x * white-scale
984 : * white-Y = 1.0
985 : * white-Z = (1 - white-x - white-y) * white_scale
986 : *
987 : * white-C = red-C + green-C + blue-C
988 : * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
989 : *
990 : * This gives us three equations in (red-scale,green-scale,blue-scale) where
991 : * all the coefficients are now known:
992 : *
993 : * red-x*red-scale + green-x*green-scale + blue-x*blue-scale
994 : * = white-x/white-y
995 : * red-y*red-scale + green-y*green-scale + blue-y*blue-scale = 1
996 : * red-z*red-scale + green-z*green-scale + blue-z*blue-scale
997 : * = (1 - white-x - white-y)/white-y
998 : *
999 : * In the last equation color-z is (1 - color-x - color-y) so we can add all
1000 : * three equations together to get an alternative third:
1001 : *
1002 : * red-scale + green-scale + blue-scale = 1/white-y = white-scale
1003 : *
1004 : * So now we have a Cramer's rule solution where the determinants are just
1005 : * 3x3 - far more tractible. Unfortunately 3x3 determinants still involve
1006 : * multiplication of three coefficients so we can't guarantee to avoid
1007 : * overflow in the libpng fixed point representation. Using Cramer's rule in
1008 : * floating point is probably a good choice here, but it's not an option for
1009 : * fixed point. Instead proceed to simplify the first two equations by
1010 : * eliminating what is likely to be the largest value, blue-scale:
1011 : *
1012 : * blue-scale = white-scale - red-scale - green-scale
1013 : *
1014 : * Hence:
1015 : *
1016 : * (red-x - blue-x)*red-scale + (green-x - blue-x)*green-scale =
1017 : * (white-x - blue-x)*white-scale
1018 : *
1019 : * (red-y - blue-y)*red-scale + (green-y - blue-y)*green-scale =
1020 : * 1 - blue-y*white-scale
1021 : *
1022 : * And now we can trivially solve for (red-scale,green-scale):
1023 : *
1024 : * green-scale =
1025 : * (white-x - blue-x)*white-scale - (red-x - blue-x)*red-scale
1026 : * -----------------------------------------------------------
1027 : * green-x - blue-x
1028 : *
1029 : * red-scale =
1030 : * 1 - blue-y*white-scale - (green-y - blue-y) * green-scale
1031 : * ---------------------------------------------------------
1032 : * red-y - blue-y
1033 : *
1034 : * Hence:
1035 : *
1036 : * red-scale =
1037 : * ( (green-x - blue-x) * (white-y - blue-y) -
1038 : * (green-y - blue-y) * (white-x - blue-x) ) / white-y
1039 : * -------------------------------------------------------------------------
1040 : * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
1041 : *
1042 : * green-scale =
1043 : * ( (red-y - blue-y) * (white-x - blue-x) -
1044 : * (red-x - blue-x) * (white-y - blue-y) ) / white-y
1045 : * -------------------------------------------------------------------------
1046 : * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
1047 : *
1048 : * Accuracy:
1049 : * The input values have 5 decimal digits of accuracy. The values are all in
1050 : * the range 0 < value < 1, so simple products are in the same range but may
1051 : * need up to 10 decimal digits to preserve the original precision and avoid
1052 : * underflow. Because we are using a 32-bit signed representation we cannot
1053 : * match this; the best is a little over 9 decimal digits, less than 10.
1054 : *
1055 : * The approach used here is to preserve the maximum precision within the
1056 : * signed representation. Because the red-scale calculation above uses the
1057 : * difference between two products of values that must be in the range -1..+1
1058 : * it is sufficient to divide the product by 7; ceil(100,000/32767*2). The
1059 : * factor is irrelevant in the calculation because it is applied to both
1060 : * numerator and denominator.
1061 : *
1062 : * Note that the values of the differences of the products of the
1063 : * chromaticities in the above equations tend to be small, for example for
1064 : * the sRGB chromaticities they are:
1065 : *
1066 : * red numerator: -0.04751
1067 : * green numerator: -0.08788
1068 : * denominator: -0.2241 (without white-y multiplication)
1069 : *
1070 : * The resultant Y coefficients from the chromaticities of some widely used
1071 : * color space definitions are (to 15 decimal places):
1072 : *
1073 : * sRGB
1074 : * 0.212639005871510 0.715168678767756 0.072192315360734
1075 : * Kodak ProPhoto
1076 : * 0.288071128229293 0.711843217810102 0.000085653960605
1077 : * Adobe RGB
1078 : * 0.297344975250536 0.627363566255466 0.075291458493998
1079 : * Adobe Wide Gamut RGB
1080 : * 0.258728243040113 0.724682314948566 0.016589442011321
1081 : */
1082 : /* By the argument, above overflow should be impossible here. The return
1083 : * value of 2 indicates an internal error to the caller.
1084 : */
1085 0 : if (!png_muldiv(&left, xy.greenx-xy.bluex, xy.redy - xy.bluey, 7)) return 2;
1086 0 : if (!png_muldiv(&right, xy.greeny-xy.bluey, xy.redx - xy.bluex, 7)) return 2;
1087 0 : denominator = left - right;
1088 :
1089 : /* Now find the red numerator. */
1090 0 : if (!png_muldiv(&left, xy.greenx-xy.bluex, xy.whitey-xy.bluey, 7)) return 2;
1091 0 : if (!png_muldiv(&right, xy.greeny-xy.bluey, xy.whitex-xy.bluex, 7)) return 2;
1092 :
1093 : /* Overflow is possible here and it indicates an extreme set of PNG cHRM
1094 : * chunk values. This calculation actually returns the reciprocal of the
1095 : * scale value because this allows us to delay the multiplication of white-y
1096 : * into the denominator, which tends to produce a small number.
1097 : */
1098 0 : if (!png_muldiv(&red_inverse, xy.whitey, denominator, left-right) ||
1099 0 : red_inverse <= xy.whitey /* r+g+b scales = white scale */)
1100 0 : return 1;
1101 :
1102 : /* Similarly for green_inverse: */
1103 0 : if (!png_muldiv(&left, xy.redy-xy.bluey, xy.whitex-xy.bluex, 7)) return 2;
1104 0 : if (!png_muldiv(&right, xy.redx-xy.bluex, xy.whitey-xy.bluey, 7)) return 2;
1105 0 : if (!png_muldiv(&green_inverse, xy.whitey, denominator, left-right) ||
1106 0 : green_inverse <= xy.whitey)
1107 0 : return 1;
1108 :
1109 : /* And the blue scale, the checks above guarantee this can't overflow but it
1110 : * can still produce 0 for extreme cHRM values.
1111 : */
1112 0 : blue_scale = png_reciprocal(xy.whitey) - png_reciprocal(red_inverse) -
1113 0 : png_reciprocal(green_inverse);
1114 0 : if (blue_scale <= 0) return 1;
1115 :
1116 :
1117 : /* And fill in the png_XYZ: */
1118 0 : if (!png_muldiv(&XYZ->redX, xy.redx, PNG_FP_1, red_inverse)) return 1;
1119 0 : if (!png_muldiv(&XYZ->redY, xy.redy, PNG_FP_1, red_inverse)) return 1;
1120 0 : if (!png_muldiv(&XYZ->redZ, PNG_FP_1 - xy.redx - xy.redy, PNG_FP_1,
1121 : red_inverse))
1122 0 : return 1;
1123 :
1124 0 : if (!png_muldiv(&XYZ->greenX, xy.greenx, PNG_FP_1, green_inverse)) return 1;
1125 0 : if (!png_muldiv(&XYZ->greenY, xy.greeny, PNG_FP_1, green_inverse)) return 1;
1126 0 : if (!png_muldiv(&XYZ->greenZ, PNG_FP_1 - xy.greenx - xy.greeny, PNG_FP_1,
1127 : green_inverse))
1128 0 : return 1;
1129 :
1130 0 : if (!png_muldiv(&XYZ->blueX, xy.bluex, blue_scale, PNG_FP_1)) return 1;
1131 0 : if (!png_muldiv(&XYZ->blueY, xy.bluey, blue_scale, PNG_FP_1)) return 1;
1132 0 : if (!png_muldiv(&XYZ->blueZ, PNG_FP_1 - xy.bluex - xy.bluey, blue_scale,
1133 : PNG_FP_1))
1134 0 : return 1;
1135 :
1136 0 : return 0; /*success*/
1137 : }
1138 :
1139 0 : int png_XYZ_from_xy_checked(png_structp png_ptr, png_XYZ *XYZ, png_xy xy)
1140 : {
1141 0 : switch (png_XYZ_from_xy(XYZ, xy))
1142 : {
1143 : case 0: /* success */
1144 0 : return 1;
1145 :
1146 : case 1:
1147 : /* The chunk may be technically valid, but we got png_fixed_point
1148 : * overflow while trying to get XYZ values out of it. This is
1149 : * entirely benign - the cHRM chunk is pretty extreme.
1150 : */
1151 : png_warning(png_ptr,
1152 : "extreme cHRM chunk cannot be converted to tristimulus values");
1153 : break;
1154 :
1155 : default:
1156 : /* libpng is broken; this should be a warning but if it happens we
1157 : * want error reports so for the moment it is an error.
1158 : */
1159 0 : png_error(png_ptr, "internal error in png_XYZ_from_xy");
1160 : break;
1161 : }
1162 :
1163 : /* ERROR RETURN */
1164 0 : return 0;
1165 : }
1166 : #endif
1167 :
1168 : void /* PRIVATE */
1169 53 : png_check_IHDR(png_structp png_ptr,
1170 : png_uint_32 width, png_uint_32 height, int bit_depth,
1171 : int color_type, int interlace_type, int compression_type,
1172 : int filter_type)
1173 : {
1174 53 : int error = 0;
1175 :
1176 : /* Check for width and height valid values */
1177 53 : if (width == 0)
1178 : {
1179 : png_warning(png_ptr, "Image width is zero in IHDR");
1180 0 : error = 1;
1181 : }
1182 :
1183 53 : if (height == 0)
1184 : {
1185 : png_warning(png_ptr, "Image height is zero in IHDR");
1186 0 : error = 1;
1187 : }
1188 :
1189 : # ifdef PNG_SET_USER_LIMITS_SUPPORTED
1190 : if (width > png_ptr->user_width_max)
1191 :
1192 : # else
1193 53 : if (width > PNG_USER_WIDTH_MAX)
1194 : # endif
1195 : {
1196 : png_warning(png_ptr, "Image width exceeds user limit in IHDR");
1197 0 : error = 1;
1198 : }
1199 :
1200 : # ifdef PNG_SET_USER_LIMITS_SUPPORTED
1201 : if (height > png_ptr->user_height_max)
1202 : # else
1203 53 : if (height > PNG_USER_HEIGHT_MAX)
1204 : # endif
1205 : {
1206 : png_warning(png_ptr, "Image height exceeds user limit in IHDR");
1207 0 : error = 1;
1208 : }
1209 :
1210 53 : if (width > PNG_UINT_31_MAX)
1211 : {
1212 : png_warning(png_ptr, "Invalid image width in IHDR");
1213 0 : error = 1;
1214 : }
1215 :
1216 53 : if (height > PNG_UINT_31_MAX)
1217 : {
1218 : png_warning(png_ptr, "Invalid image height in IHDR");
1219 0 : error = 1;
1220 : }
1221 :
1222 : if (width > (PNG_UINT_32_MAX
1223 : >> 3) /* 8-byte RGBA pixels */
1224 : - 48 /* bigrowbuf hack */
1225 : - 1 /* filter byte */
1226 : - 7*8 /* rounding of width to multiple of 8 pixels */
1227 : - 8) /* extra max_pixel_depth pad */
1228 : png_warning(png_ptr, "Width is too large for libpng to process pixels");
1229 :
1230 : /* Check other values */
1231 53 : if (bit_depth != 1 && bit_depth != 2 && bit_depth != 4 &&
1232 0 : bit_depth != 8 && bit_depth != 16)
1233 : {
1234 : png_warning(png_ptr, "Invalid bit depth in IHDR");
1235 0 : error = 1;
1236 : }
1237 :
1238 53 : if (color_type < 0 || color_type == 1 ||
1239 53 : color_type == 5 || color_type > 6)
1240 : {
1241 : png_warning(png_ptr, "Invalid color type in IHDR");
1242 0 : error = 1;
1243 : }
1244 :
1245 53 : if (((color_type == PNG_COLOR_TYPE_PALETTE) && bit_depth > 8) ||
1246 41 : ((color_type == PNG_COLOR_TYPE_RGB ||
1247 41 : color_type == PNG_COLOR_TYPE_GRAY_ALPHA ||
1248 53 : color_type == PNG_COLOR_TYPE_RGB_ALPHA) && bit_depth < 8))
1249 : {
1250 : png_warning(png_ptr, "Invalid color type/bit depth combination in IHDR");
1251 0 : error = 1;
1252 : }
1253 :
1254 53 : if (interlace_type >= PNG_INTERLACE_LAST)
1255 : {
1256 : png_warning(png_ptr, "Unknown interlace method in IHDR");
1257 0 : error = 1;
1258 : }
1259 :
1260 53 : if (compression_type != PNG_COMPRESSION_TYPE_BASE)
1261 : {
1262 : png_warning(png_ptr, "Unknown compression method in IHDR");
1263 0 : error = 1;
1264 : }
1265 :
1266 : # ifdef PNG_MNG_FEATURES_SUPPORTED
1267 : /* Accept filter_method 64 (intrapixel differencing) only if
1268 : * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and
1269 : * 2. Libpng did not read a PNG signature (this filter_method is only
1270 : * used in PNG datastreams that are embedded in MNG datastreams) and
1271 : * 3. The application called png_permit_mng_features with a mask that
1272 : * included PNG_FLAG_MNG_FILTER_64 and
1273 : * 4. The filter_method is 64 and
1274 : * 5. The color_type is RGB or RGBA
1275 : */
1276 : if ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) &&
1277 : png_ptr->mng_features_permitted)
1278 : png_warning(png_ptr, "MNG features are not allowed in a PNG datastream");
1279 :
1280 : if (filter_type != PNG_FILTER_TYPE_BASE)
1281 : {
1282 : if (!((png_ptr->mng_features_permitted & PNG_FLAG_MNG_FILTER_64) &&
1283 : (filter_type == PNG_INTRAPIXEL_DIFFERENCING) &&
1284 : ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) == 0) &&
1285 : (color_type == PNG_COLOR_TYPE_RGB ||
1286 : color_type == PNG_COLOR_TYPE_RGB_ALPHA)))
1287 : {
1288 : png_warning(png_ptr, "Unknown filter method in IHDR");
1289 : error = 1;
1290 : }
1291 :
1292 : if (png_ptr->mode & PNG_HAVE_PNG_SIGNATURE)
1293 : {
1294 : png_warning(png_ptr, "Invalid filter method in IHDR");
1295 : error = 1;
1296 : }
1297 : }
1298 :
1299 : # else
1300 53 : if (filter_type != PNG_FILTER_TYPE_BASE)
1301 : {
1302 : png_warning(png_ptr, "Unknown filter method in IHDR");
1303 0 : error = 1;
1304 : }
1305 : # endif
1306 :
1307 53 : if (error == 1)
1308 0 : png_error(png_ptr, "Invalid IHDR data");
1309 53 : }
1310 :
1311 : #if defined(PNG_sCAL_SUPPORTED) || defined(PNG_pCAL_SUPPORTED)
1312 : /* ASCII to fp functions */
1313 : /* Check an ASCII formated floating point value, see the more detailed
1314 : * comments in pngpriv.h
1315 : */
1316 : /* The following is used internally to preserve the sticky flags */
1317 : #define png_fp_add(state, flags) ((state) |= (flags))
1318 : #define png_fp_set(state, value) ((state) = (value) | ((state) & PNG_FP_STICKY))
1319 :
1320 : int /* PRIVATE */
1321 : png_check_fp_number(png_const_charp string, png_size_t size, int *statep,
1322 : png_size_tp whereami)
1323 : {
1324 : int state = *statep;
1325 : png_size_t i = *whereami;
1326 :
1327 : while (i < size)
1328 : {
1329 : int type;
1330 : /* First find the type of the next character */
1331 : switch (string[i])
1332 : {
1333 : case 43: type = PNG_FP_SAW_SIGN; break;
1334 : case 45: type = PNG_FP_SAW_SIGN + PNG_FP_NEGATIVE; break;
1335 : case 46: type = PNG_FP_SAW_DOT; break;
1336 : case 48: type = PNG_FP_SAW_DIGIT; break;
1337 : case 49: case 50: case 51: case 52:
1338 : case 53: case 54: case 55: case 56:
1339 : case 57: type = PNG_FP_SAW_DIGIT + PNG_FP_NONZERO; break;
1340 : case 69:
1341 : case 101: type = PNG_FP_SAW_E; break;
1342 : default: goto PNG_FP_End;
1343 : }
1344 :
1345 : /* Now deal with this type according to the current
1346 : * state, the type is arranged to not overlap the
1347 : * bits of the PNG_FP_STATE.
1348 : */
1349 : switch ((state & PNG_FP_STATE) + (type & PNG_FP_SAW_ANY))
1350 : {
1351 : case PNG_FP_INTEGER + PNG_FP_SAW_SIGN:
1352 : if (state & PNG_FP_SAW_ANY)
1353 : goto PNG_FP_End; /* not a part of the number */
1354 :
1355 : png_fp_add(state, type);
1356 : break;
1357 :
1358 : case PNG_FP_INTEGER + PNG_FP_SAW_DOT:
1359 : /* Ok as trailer, ok as lead of fraction. */
1360 : if (state & PNG_FP_SAW_DOT) /* two dots */
1361 : goto PNG_FP_End;
1362 :
1363 : else if (state & PNG_FP_SAW_DIGIT) /* trailing dot? */
1364 : png_fp_add(state, type);
1365 :
1366 : else
1367 : png_fp_set(state, PNG_FP_FRACTION | type);
1368 :
1369 : break;
1370 :
1371 : case PNG_FP_INTEGER + PNG_FP_SAW_DIGIT:
1372 : if (state & PNG_FP_SAW_DOT) /* delayed fraction */
1373 : png_fp_set(state, PNG_FP_FRACTION | PNG_FP_SAW_DOT);
1374 :
1375 : png_fp_add(state, type | PNG_FP_WAS_VALID);
1376 :
1377 : break;
1378 :
1379 : case PNG_FP_INTEGER + PNG_FP_SAW_E:
1380 : if ((state & PNG_FP_SAW_DIGIT) == 0)
1381 : goto PNG_FP_End;
1382 :
1383 : png_fp_set(state, PNG_FP_EXPONENT);
1384 :
1385 : break;
1386 :
1387 : /* case PNG_FP_FRACTION + PNG_FP_SAW_SIGN:
1388 : goto PNG_FP_End; ** no sign in fraction */
1389 :
1390 : /* case PNG_FP_FRACTION + PNG_FP_SAW_DOT:
1391 : goto PNG_FP_End; ** Because SAW_DOT is always set */
1392 :
1393 : case PNG_FP_FRACTION + PNG_FP_SAW_DIGIT:
1394 : png_fp_add(state, type | PNG_FP_WAS_VALID);
1395 : break;
1396 :
1397 : case PNG_FP_FRACTION + PNG_FP_SAW_E:
1398 : /* This is correct because the trailing '.' on an
1399 : * integer is handled above - so we can only get here
1400 : * with the sequence ".E" (with no preceding digits).
1401 : */
1402 : if ((state & PNG_FP_SAW_DIGIT) == 0)
1403 : goto PNG_FP_End;
1404 :
1405 : png_fp_set(state, PNG_FP_EXPONENT);
1406 :
1407 : break;
1408 :
1409 : case PNG_FP_EXPONENT + PNG_FP_SAW_SIGN:
1410 : if (state & PNG_FP_SAW_ANY)
1411 : goto PNG_FP_End; /* not a part of the number */
1412 :
1413 : png_fp_add(state, PNG_FP_SAW_SIGN);
1414 :
1415 : break;
1416 :
1417 : /* case PNG_FP_EXPONENT + PNG_FP_SAW_DOT:
1418 : goto PNG_FP_End; */
1419 :
1420 : case PNG_FP_EXPONENT + PNG_FP_SAW_DIGIT:
1421 : png_fp_add(state, PNG_FP_SAW_DIGIT | PNG_FP_WAS_VALID);
1422 :
1423 : break;
1424 :
1425 : /* case PNG_FP_EXPONEXT + PNG_FP_SAW_E:
1426 : goto PNG_FP_End; */
1427 :
1428 : default: goto PNG_FP_End; /* I.e. break 2 */
1429 : }
1430 :
1431 : /* The character seems ok, continue. */
1432 : ++i;
1433 : }
1434 :
1435 : PNG_FP_End:
1436 : /* Here at the end, update the state and return the correct
1437 : * return code.
1438 : */
1439 : *statep = state;
1440 : *whereami = i;
1441 :
1442 : return (state & PNG_FP_SAW_DIGIT) != 0;
1443 : }
1444 :
1445 :
1446 : /* The same but for a complete string. */
1447 : int
1448 : png_check_fp_string(png_const_charp string, png_size_t size)
1449 : {
1450 : int state=0;
1451 : png_size_t char_index=0;
1452 :
1453 : if (png_check_fp_number(string, size, &state, &char_index) &&
1454 : (char_index == size || string[char_index] == 0))
1455 : return state /* must be non-zero - see above */;
1456 :
1457 : return 0; /* i.e. fail */
1458 : }
1459 : #endif /* pCAL or sCAL */
1460 :
1461 : #ifdef PNG_READ_sCAL_SUPPORTED
1462 : # ifdef PNG_FLOATING_POINT_SUPPORTED
1463 : /* Utility used below - a simple accurate power of ten from an integral
1464 : * exponent.
1465 : */
1466 : static double
1467 : png_pow10(int power)
1468 : {
1469 : int recip = 0;
1470 : double d = 1;
1471 :
1472 : /* Handle negative exponent with a reciprocal at the end because
1473 : * 10 is exact whereas .1 is inexact in base 2
1474 : */
1475 : if (power < 0)
1476 : {
1477 : if (power < DBL_MIN_10_EXP) return 0;
1478 : recip = 1, power = -power;
1479 : }
1480 :
1481 : if (power > 0)
1482 : {
1483 : /* Decompose power bitwise. */
1484 : double mult = 10;
1485 : do
1486 : {
1487 : if (power & 1) d *= mult;
1488 : mult *= mult;
1489 : power >>= 1;
1490 : }
1491 : while (power > 0);
1492 :
1493 : if (recip) d = 1/d;
1494 : }
1495 : /* else power is 0 and d is 1 */
1496 :
1497 : return d;
1498 : }
1499 :
1500 : /* Function to format a floating point value in ASCII with a given
1501 : * precision.
1502 : */
1503 : void /* PRIVATE */
1504 : png_ascii_from_fp(png_structp png_ptr, png_charp ascii, png_size_t size,
1505 : double fp, unsigned int precision)
1506 : {
1507 : /* We use standard functions from math.h, but not printf because
1508 : * that would require stdio. The caller must supply a buffer of
1509 : * sufficient size or we will png_error. The tests on size and
1510 : * the space in ascii[] consumed are indicated below.
1511 : */
1512 : if (precision < 1)
1513 : precision = DBL_DIG;
1514 :
1515 : /* Enforce the limit of the implementation precision too. */
1516 : if (precision > DBL_DIG+1)
1517 : precision = DBL_DIG+1;
1518 :
1519 : /* Basic sanity checks */
1520 : if (size >= precision+5) /* See the requirements below. */
1521 : {
1522 : if (fp < 0)
1523 : {
1524 : fp = -fp;
1525 : *ascii++ = 45; /* '-' PLUS 1 TOTAL 1 */
1526 : --size;
1527 : }
1528 :
1529 : if (fp >= DBL_MIN && fp <= DBL_MAX)
1530 : {
1531 : int exp_b10; /* A base 10 exponent */
1532 : double base; /* 10^exp_b10 */
1533 :
1534 : /* First extract a base 10 exponent of the number,
1535 : * the calculation below rounds down when converting
1536 : * from base 2 to base 10 (multiply by log10(2) -
1537 : * 0.3010, but 77/256 is 0.3008, so exp_b10 needs to
1538 : * be increased. Note that the arithmetic shift
1539 : * performs a floor() unlike C arithmetic - using a
1540 : * C multiply would break the following for negative
1541 : * exponents.
1542 : */
1543 : (void)frexp(fp, &exp_b10); /* exponent to base 2 */
1544 :
1545 : exp_b10 = (exp_b10 * 77) >> 8; /* <= exponent to base 10 */
1546 :
1547 : /* Avoid underflow here. */
1548 : base = png_pow10(exp_b10); /* May underflow */
1549 :
1550 : while (base < DBL_MIN || base < fp)
1551 : {
1552 : /* And this may overflow. */
1553 : double test = png_pow10(exp_b10+1);
1554 :
1555 : if (test <= DBL_MAX)
1556 : ++exp_b10, base = test;
1557 :
1558 : else
1559 : break;
1560 : }
1561 :
1562 : /* Normalize fp and correct exp_b10, after this fp is in the
1563 : * range [.1,1) and exp_b10 is both the exponent and the digit
1564 : * *before* which the decimal point should be inserted
1565 : * (starting with 0 for the first digit). Note that this
1566 : * works even if 10^exp_b10 is out of range because of the
1567 : * test on DBL_MAX above.
1568 : */
1569 : fp /= base;
1570 : while (fp >= 1) fp /= 10, ++exp_b10;
1571 :
1572 : /* Because of the code above fp may, at this point, be
1573 : * less than .1, this is ok because the code below can
1574 : * handle the leading zeros this generates, so no attempt
1575 : * is made to correct that here.
1576 : */
1577 :
1578 : {
1579 : int czero, clead, cdigits;
1580 : char exponent[10];
1581 :
1582 : /* Allow up to two leading zeros - this will not lengthen
1583 : * the number compared to using E-n.
1584 : */
1585 : if (exp_b10 < 0 && exp_b10 > -3) /* PLUS 3 TOTAL 4 */
1586 : {
1587 : czero = -exp_b10; /* PLUS 2 digits: TOTAL 3 */
1588 : exp_b10 = 0; /* Dot added below before first output. */
1589 : }
1590 : else
1591 : czero = 0; /* No zeros to add */
1592 :
1593 : /* Generate the digit list, stripping trailing zeros and
1594 : * inserting a '.' before a digit if the exponent is 0.
1595 : */
1596 : clead = czero; /* Count of leading zeros */
1597 : cdigits = 0; /* Count of digits in list. */
1598 :
1599 : do
1600 : {
1601 : double d;
1602 :
1603 : fp *= 10;
1604 : /* Use modf here, not floor and subtract, so that
1605 : * the separation is done in one step. At the end
1606 : * of the loop don't break the number into parts so
1607 : * that the final digit is rounded.
1608 : */
1609 : if (cdigits+czero-clead+1 < (int)precision)
1610 : fp = modf(fp, &d);
1611 :
1612 : else
1613 : {
1614 : d = floor(fp + .5);
1615 :
1616 : if (d > 9)
1617 : {
1618 : /* Rounding up to 10, handle that here. */
1619 : if (czero > 0)
1620 : {
1621 : --czero, d = 1;
1622 : if (cdigits == 0) --clead;
1623 : }
1624 : else
1625 : {
1626 : while (cdigits > 0 && d > 9)
1627 : {
1628 : int ch = *--ascii;
1629 :
1630 : if (exp_b10 != (-1))
1631 : ++exp_b10;
1632 :
1633 : else if (ch == 46)
1634 : {
1635 : ch = *--ascii, ++size;
1636 : /* Advance exp_b10 to '1', so that the
1637 : * decimal point happens after the
1638 : * previous digit.
1639 : */
1640 : exp_b10 = 1;
1641 : }
1642 :
1643 : --cdigits;
1644 : d = ch - 47; /* I.e. 1+(ch-48) */
1645 : }
1646 :
1647 : /* Did we reach the beginning? If so adjust the
1648 : * exponent but take into account the leading
1649 : * decimal point.
1650 : */
1651 : if (d > 9) /* cdigits == 0 */
1652 : {
1653 : if (exp_b10 == (-1))
1654 : {
1655 : /* Leading decimal point (plus zeros?), if
1656 : * we lose the decimal point here it must
1657 : * be reentered below.
1658 : */
1659 : int ch = *--ascii;
1660 :
1661 : if (ch == 46)
1662 : ++size, exp_b10 = 1;
1663 :
1664 : /* Else lost a leading zero, so 'exp_b10' is
1665 : * still ok at (-1)
1666 : */
1667 : }
1668 : else
1669 : ++exp_b10;
1670 :
1671 : /* In all cases we output a '1' */
1672 : d = 1;
1673 : }
1674 : }
1675 : }
1676 : fp = 0; /* Guarantees termination below. */
1677 : }
1678 :
1679 : if (d == 0)
1680 : {
1681 : ++czero;
1682 : if (cdigits == 0) ++clead;
1683 : }
1684 : else
1685 : {
1686 : /* Included embedded zeros in the digit count. */
1687 : cdigits += czero - clead;
1688 : clead = 0;
1689 :
1690 : while (czero > 0)
1691 : {
1692 : /* exp_b10 == (-1) means we just output the decimal
1693 : * place - after the DP don't adjust 'exp_b10' any
1694 : * more!
1695 : */
1696 : if (exp_b10 != (-1))
1697 : {
1698 : if (exp_b10 == 0) *ascii++ = 46, --size;
1699 : /* PLUS 1: TOTAL 4 */
1700 : --exp_b10;
1701 : }
1702 : *ascii++ = 48, --czero;
1703 : }
1704 :
1705 : if (exp_b10 != (-1))
1706 : {
1707 : if (exp_b10 == 0) *ascii++ = 46, --size; /* counted
1708 : above */
1709 : --exp_b10;
1710 : }
1711 : *ascii++ = (char)(48 + (int)d), ++cdigits;
1712 : }
1713 : }
1714 : while (cdigits+czero-clead < (int)precision && fp > DBL_MIN);
1715 :
1716 : /* The total output count (max) is now 4+precision */
1717 :
1718 : /* Check for an exponent, if we don't need one we are
1719 : * done and just need to terminate the string. At
1720 : * this point exp_b10==(-1) is effectively if flag - it got
1721 : * to '-1' because of the decrement after outputing
1722 : * the decimal point above (the exponent required is
1723 : * *not* -1!)
1724 : */
1725 : if (exp_b10 >= (-1) && exp_b10 <= 2)
1726 : {
1727 : /* The following only happens if we didn't output the
1728 : * leading zeros above for negative exponent, so this
1729 : * doest add to the digit requirement. Note that the
1730 : * two zeros here can only be output if the two leading
1731 : * zeros were *not* output, so this doesn't increase
1732 : * the output count.
1733 : */
1734 : while (--exp_b10 >= 0) *ascii++ = 48;
1735 :
1736 : *ascii = 0;
1737 :
1738 : /* Total buffer requirement (including the '\0') is
1739 : * 5+precision - see check at the start.
1740 : */
1741 : return;
1742 : }
1743 :
1744 : /* Here if an exponent is required, adjust size for
1745 : * the digits we output but did not count. The total
1746 : * digit output here so far is at most 1+precision - no
1747 : * decimal point and no leading or trailing zeros have
1748 : * been output.
1749 : */
1750 : size -= cdigits;
1751 :
1752 : *ascii++ = 69, --size; /* 'E': PLUS 1 TOTAL 2+precision */
1753 :
1754 : /* The following use of an unsigned temporary avoids ambiguities in
1755 : * the signed arithmetic on exp_b10 and permits GCC at least to do
1756 : * better optimization.
1757 : */
1758 : {
1759 : unsigned int uexp_b10;
1760 :
1761 : if (exp_b10 < 0)
1762 : {
1763 : *ascii++ = 45, --size; /* '-': PLUS 1 TOTAL 3+precision */
1764 : uexp_b10 = -exp_b10;
1765 : }
1766 :
1767 : else
1768 : uexp_b10 = exp_b10;
1769 :
1770 : cdigits = 0;
1771 :
1772 : while (uexp_b10 > 0)
1773 : {
1774 : exponent[cdigits++] = (char)(48 + uexp_b10 % 10);
1775 : uexp_b10 /= 10;
1776 : }
1777 : }
1778 :
1779 : /* Need another size check here for the exponent digits, so
1780 : * this need not be considered above.
1781 : */
1782 : if ((int)size > cdigits)
1783 : {
1784 : while (cdigits > 0) *ascii++ = exponent[--cdigits];
1785 :
1786 : *ascii = 0;
1787 :
1788 : return;
1789 : }
1790 : }
1791 : }
1792 : else if (!(fp >= DBL_MIN))
1793 : {
1794 : *ascii++ = 48; /* '0' */
1795 : *ascii = 0;
1796 : return;
1797 : }
1798 : else
1799 : {
1800 : *ascii++ = 105; /* 'i' */
1801 : *ascii++ = 110; /* 'n' */
1802 : *ascii++ = 102; /* 'f' */
1803 : *ascii = 0;
1804 : return;
1805 : }
1806 : }
1807 :
1808 : /* Here on buffer too small. */
1809 : png_error(png_ptr, "ASCII conversion buffer too small");
1810 : }
1811 :
1812 : # endif /* FLOATING_POINT */
1813 :
1814 : # ifdef PNG_FIXED_POINT_SUPPORTED
1815 : /* Function to format a fixed point value in ASCII.
1816 : */
1817 : void /* PRIVATE */
1818 : png_ascii_from_fixed(png_structp png_ptr, png_charp ascii, png_size_t size,
1819 : png_fixed_point fp)
1820 : {
1821 : /* Require space for 10 decimal digits, a decimal point, a minus sign and a
1822 : * trailing \0, 13 characters:
1823 : */
1824 : if (size > 12)
1825 : {
1826 : png_uint_32 num;
1827 :
1828 : /* Avoid overflow here on the minimum integer. */
1829 : if (fp < 0)
1830 : *ascii++ = 45, --size, num = -fp;
1831 : else
1832 : num = fp;
1833 :
1834 : if (num <= 0x80000000) /* else overflowed */
1835 : {
1836 : unsigned int ndigits = 0, first = 16 /* flag value */;
1837 : char digits[10];
1838 :
1839 : while (num)
1840 : {
1841 : /* Split the low digit off num: */
1842 : unsigned int tmp = num/10;
1843 : num -= tmp*10;
1844 : digits[ndigits++] = (char)(48 + num);
1845 : /* Record the first non-zero digit, note that this is a number
1846 : * starting at 1, it's not actually the array index.
1847 : */
1848 : if (first == 16 && num > 0)
1849 : first = ndigits;
1850 : num = tmp;
1851 : }
1852 :
1853 : if (ndigits > 0)
1854 : {
1855 : while (ndigits > 5) *ascii++ = digits[--ndigits];
1856 : /* The remaining digits are fractional digits, ndigits is '5' or
1857 : * smaller at this point. It is certainly not zero. Check for a
1858 : * non-zero fractional digit:
1859 : */
1860 : if (first <= 5)
1861 : {
1862 : unsigned int i;
1863 : *ascii++ = 46; /* decimal point */
1864 : /* ndigits may be <5 for small numbers, output leading zeros
1865 : * then ndigits digits to first:
1866 : */
1867 : i = 5;
1868 : while (ndigits < i) *ascii++ = 48, --i;
1869 : while (ndigits >= first) *ascii++ = digits[--ndigits];
1870 : /* Don't output the trailing zeros! */
1871 : }
1872 : }
1873 : else
1874 : *ascii++ = 48;
1875 :
1876 : /* And null terminate the string: */
1877 : *ascii = 0;
1878 : return;
1879 : }
1880 : }
1881 :
1882 : /* Here on buffer too small. */
1883 : png_error(png_ptr, "ASCII conversion buffer too small");
1884 : }
1885 : # endif /* FIXED_POINT */
1886 : #endif /* READ_SCAL */
1887 :
1888 : #if defined(PNG_FLOATING_POINT_SUPPORTED) && \
1889 : !defined(PNG_FIXED_POINT_MACRO_SUPPORTED)
1890 : png_fixed_point
1891 0 : png_fixed(png_structp png_ptr, double fp, png_const_charp text)
1892 : {
1893 0 : double r = floor(100000 * fp + .5);
1894 :
1895 0 : if (r > 2147483647. || r < -2147483648.)
1896 0 : png_fixed_error(png_ptr, text);
1897 :
1898 0 : return (png_fixed_point)r;
1899 : }
1900 : #endif
1901 :
1902 : #if defined(PNG_READ_GAMMA_SUPPORTED) || \
1903 : defined(PNG_INCH_CONVERSIONS_SUPPORTED) || defined(PNG__READ_pHYs_SUPPORTED)
1904 : /* muldiv functions */
1905 : /* This API takes signed arguments and rounds the result to the nearest
1906 : * integer (or, for a fixed point number - the standard argument - to
1907 : * the nearest .00001). Overflow and divide by zero are signalled in
1908 : * the result, a boolean - true on success, false on overflow.
1909 : */
1910 : int
1911 4 : png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times,
1912 : png_int_32 divisor)
1913 : {
1914 : /* Return a * times / divisor, rounded. */
1915 4 : if (divisor != 0)
1916 : {
1917 4 : if (a == 0 || times == 0)
1918 : {
1919 0 : *res = 0;
1920 0 : return 1;
1921 : }
1922 : else
1923 : {
1924 : #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
1925 4 : double r = a;
1926 4 : r *= times;
1927 4 : r /= divisor;
1928 4 : r = floor(r+.5);
1929 :
1930 : /* A png_fixed_point is a 32-bit integer. */
1931 4 : if (r <= 2147483647. && r >= -2147483648.)
1932 : {
1933 4 : *res = (png_fixed_point)r;
1934 4 : return 1;
1935 : }
1936 : #else
1937 : int negative = 0;
1938 : png_uint_32 A, T, D;
1939 : png_uint_32 s16, s32, s00;
1940 :
1941 : if (a < 0)
1942 : negative = 1, A = -a;
1943 : else
1944 : A = a;
1945 :
1946 : if (times < 0)
1947 : negative = !negative, T = -times;
1948 : else
1949 : T = times;
1950 :
1951 : if (divisor < 0)
1952 : negative = !negative, D = -divisor;
1953 : else
1954 : D = divisor;
1955 :
1956 : /* Following can't overflow because the arguments only
1957 : * have 31 bits each, however the result may be 32 bits.
1958 : */
1959 : s16 = (A >> 16) * (T & 0xffff) +
1960 : (A & 0xffff) * (T >> 16);
1961 : /* Can't overflow because the a*times bit is only 30
1962 : * bits at most.
1963 : */
1964 : s32 = (A >> 16) * (T >> 16) + (s16 >> 16);
1965 : s00 = (A & 0xffff) * (T & 0xffff);
1966 :
1967 : s16 = (s16 & 0xffff) << 16;
1968 : s00 += s16;
1969 :
1970 : if (s00 < s16)
1971 : ++s32; /* carry */
1972 :
1973 : if (s32 < D) /* else overflow */
1974 : {
1975 : /* s32.s00 is now the 64-bit product, do a standard
1976 : * division, we know that s32 < D, so the maximum
1977 : * required shift is 31.
1978 : */
1979 : int bitshift = 32;
1980 : png_fixed_point result = 0; /* NOTE: signed */
1981 :
1982 : while (--bitshift >= 0)
1983 : {
1984 : png_uint_32 d32, d00;
1985 :
1986 : if (bitshift > 0)
1987 : d32 = D >> (32-bitshift), d00 = D << bitshift;
1988 :
1989 : else
1990 : d32 = 0, d00 = D;
1991 :
1992 : if (s32 > d32)
1993 : {
1994 : if (s00 < d00) --s32; /* carry */
1995 : s32 -= d32, s00 -= d00, result += 1<<bitshift;
1996 : }
1997 :
1998 : else
1999 : if (s32 == d32 && s00 >= d00)
2000 : s32 = 0, s00 -= d00, result += 1<<bitshift;
2001 : }
2002 :
2003 : /* Handle the rounding. */
2004 : if (s00 >= (D >> 1))
2005 : ++result;
2006 :
2007 : if (negative)
2008 : result = -result;
2009 :
2010 : /* Check for overflow. */
2011 : if ((negative && result <= 0) || (!negative && result >= 0))
2012 : {
2013 : *res = result;
2014 : return 1;
2015 : }
2016 : }
2017 : #endif
2018 : }
2019 : }
2020 :
2021 0 : return 0;
2022 : }
2023 : #endif /* READ_GAMMA || INCH_CONVERSIONS */
2024 :
2025 : #if defined(PNG_READ_GAMMA_SUPPORTED) || defined(PNG_INCH_CONVERSIONS_SUPPORTED)
2026 : /* The following is for when the caller doesn't much care about the
2027 : * result.
2028 : */
2029 : png_fixed_point
2030 0 : png_muldiv_warn(png_structp png_ptr, png_fixed_point a, png_int_32 times,
2031 : png_int_32 divisor)
2032 : {
2033 : png_fixed_point result;
2034 :
2035 0 : if (png_muldiv(&result, a, times, divisor))
2036 0 : return result;
2037 :
2038 : png_warning(png_ptr, "fixed point overflow ignored");
2039 0 : return 0;
2040 : }
2041 : #endif
2042 :
2043 : #ifdef PNG_READ_GAMMA_SUPPORTED /* more fixed point functions for gammma */
2044 : /* Calculate a reciprocal, return 0 on div-by-zero or overflow. */
2045 : png_fixed_point
2046 0 : png_reciprocal(png_fixed_point a)
2047 : {
2048 : #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
2049 0 : double r = floor(1E10/a+.5);
2050 :
2051 0 : if (r <= 2147483647. && r >= -2147483648.)
2052 0 : return (png_fixed_point)r;
2053 : #else
2054 : png_fixed_point res;
2055 :
2056 : if (png_muldiv(&res, 100000, 100000, a))
2057 : return res;
2058 : #endif
2059 :
2060 0 : return 0; /* error/overflow */
2061 : }
2062 :
2063 : /* A local convenience routine. */
2064 : static png_fixed_point
2065 0 : png_product2(png_fixed_point a, png_fixed_point b)
2066 : {
2067 : /* The required result is 1/a * 1/b; the following preserves accuracy. */
2068 : #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
2069 0 : double r = a * 1E-5;
2070 0 : r *= b;
2071 0 : r = floor(r+.5);
2072 :
2073 0 : if (r <= 2147483647. && r >= -2147483648.)
2074 0 : return (png_fixed_point)r;
2075 : #else
2076 : png_fixed_point res;
2077 :
2078 : if (png_muldiv(&res, a, b, 100000))
2079 : return res;
2080 : #endif
2081 :
2082 0 : return 0; /* overflow */
2083 : }
2084 :
2085 : /* The inverse of the above. */
2086 : png_fixed_point
2087 0 : png_reciprocal2(png_fixed_point a, png_fixed_point b)
2088 : {
2089 : /* The required result is 1/a * 1/b; the following preserves accuracy. */
2090 : #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
2091 0 : double r = 1E15/a;
2092 0 : r /= b;
2093 0 : r = floor(r+.5);
2094 :
2095 0 : if (r <= 2147483647. && r >= -2147483648.)
2096 0 : return (png_fixed_point)r;
2097 : #else
2098 : /* This may overflow because the range of png_fixed_point isn't symmetric,
2099 : * but this API is only used for the product of file and screen gamma so it
2100 : * doesn't matter that the smallest number it can produce is 1/21474, not
2101 : * 1/100000
2102 : */
2103 : png_fixed_point res = png_product2(a, b);
2104 :
2105 : if (res != 0)
2106 : return png_reciprocal(res);
2107 : #endif
2108 :
2109 0 : return 0; /* overflow */
2110 : }
2111 : #endif /* READ_GAMMA */
2112 :
2113 : #ifdef PNG_CHECK_cHRM_SUPPORTED
2114 : /* Added at libpng version 1.2.34 (Dec 8, 2008) and 1.4.0 (Jan 2,
2115 : * 2010: moved from pngset.c) */
2116 : /*
2117 : * Multiply two 32-bit numbers, V1 and V2, using 32-bit
2118 : * arithmetic, to produce a 64-bit result in the HI/LO words.
2119 : *
2120 : * A B
2121 : * x C D
2122 : * ------
2123 : * AD || BD
2124 : * AC || CB || 0
2125 : *
2126 : * where A and B are the high and low 16-bit words of V1,
2127 : * C and D are the 16-bit words of V2, AD is the product of
2128 : * A and D, and X || Y is (X << 16) + Y.
2129 : */
2130 :
2131 : void /* PRIVATE */
2132 0 : png_64bit_product (long v1, long v2, unsigned long *hi_product,
2133 : unsigned long *lo_product)
2134 : {
2135 : int a, b, c, d;
2136 : long lo, hi, x, y;
2137 :
2138 0 : a = (v1 >> 16) & 0xffff;
2139 0 : b = v1 & 0xffff;
2140 0 : c = (v2 >> 16) & 0xffff;
2141 0 : d = v2 & 0xffff;
2142 :
2143 0 : lo = b * d; /* BD */
2144 0 : x = a * d + c * b; /* AD + CB */
2145 0 : y = ((lo >> 16) & 0xffff) + x;
2146 :
2147 0 : lo = (lo & 0xffff) | ((y & 0xffff) << 16);
2148 0 : hi = (y >> 16) & 0xffff;
2149 :
2150 0 : hi += a * c; /* AC */
2151 :
2152 0 : *hi_product = (unsigned long)hi;
2153 0 : *lo_product = (unsigned long)lo;
2154 0 : }
2155 : #endif /* CHECK_cHRM */
2156 :
2157 : #ifdef PNG_READ_GAMMA_SUPPORTED /* gamma table code */
2158 : #ifndef PNG_FLOATING_ARITHMETIC_SUPPORTED
2159 : /* Fixed point gamma.
2160 : *
2161 : * To calculate gamma this code implements fast log() and exp() calls using only
2162 : * fixed point arithmetic. This code has sufficient precision for either 8-bit
2163 : * or 16-bit sample values.
2164 : *
2165 : * The tables used here were calculated using simple 'bc' programs, but C double
2166 : * precision floating point arithmetic would work fine. The programs are given
2167 : * at the head of each table.
2168 : *
2169 : * 8-bit log table
2170 : * This is a table of -log(value/255)/log(2) for 'value' in the range 128 to
2171 : * 255, so it's the base 2 logarithm of a normalized 8-bit floating point
2172 : * mantissa. The numbers are 32-bit fractions.
2173 : */
2174 : static png_uint_32
2175 : png_8bit_l2[128] =
2176 : {
2177 : # ifdef PNG_DO_BC
2178 : for (i=128;i<256;++i) { .5 - l(i/255)/l(2)*65536*65536; }
2179 : # else
2180 : 4270715492U, 4222494797U, 4174646467U, 4127164793U, 4080044201U, 4033279239U,
2181 : 3986864580U, 3940795015U, 3895065449U, 3849670902U, 3804606499U, 3759867474U,
2182 : 3715449162U, 3671346997U, 3627556511U, 3584073329U, 3540893168U, 3498011834U,
2183 : 3455425220U, 3413129301U, 3371120137U, 3329393864U, 3287946700U, 3246774933U,
2184 : 3205874930U, 3165243125U, 3124876025U, 3084770202U, 3044922296U, 3005329011U,
2185 : 2965987113U, 2926893432U, 2888044853U, 2849438323U, 2811070844U, 2772939474U,
2186 : 2735041326U, 2697373562U, 2659933400U, 2622718104U, 2585724991U, 2548951424U,
2187 : 2512394810U, 2476052606U, 2439922311U, 2404001468U, 2368287663U, 2332778523U,
2188 : 2297471715U, 2262364947U, 2227455964U, 2192742551U, 2158222529U, 2123893754U,
2189 : 2089754119U, 2055801552U, 2022034013U, 1988449497U, 1955046031U, 1921821672U,
2190 : 1888774511U, 1855902668U, 1823204291U, 1790677560U, 1758320682U, 1726131893U,
2191 : 1694109454U, 1662251657U, 1630556815U, 1599023271U, 1567649391U, 1536433567U,
2192 : 1505374214U, 1474469770U, 1443718700U, 1413119487U, 1382670639U, 1352370686U,
2193 : 1322218179U, 1292211689U, 1262349810U, 1232631153U, 1203054352U, 1173618059U,
2194 : 1144320946U, 1115161701U, 1086139034U, 1057251672U, 1028498358U, 999877854U,
2195 : 971388940U, 943030410U, 914801076U, 886699767U, 858725327U, 830876614U,
2196 : 803152505U, 775551890U, 748073672U, 720716771U, 693480120U, 666362667U,
2197 : 639363374U, 612481215U, 585715177U, 559064263U, 532527486U, 506103872U,
2198 : 479792461U, 453592303U, 427502463U, 401522014U, 375650043U, 349885648U,
2199 : 324227938U, 298676034U, 273229066U, 247886176U, 222646516U, 197509248U,
2200 : 172473545U, 147538590U, 122703574U, 97967701U, 73330182U, 48790236U,
2201 : 24347096U, 0U
2202 : # endif
2203 :
2204 : #if 0
2205 : /* The following are the values for 16-bit tables - these work fine for the
2206 : * 8-bit conversions but produce very slightly larger errors in the 16-bit
2207 : * log (about 1.2 as opposed to 0.7 absolute error in the final value). To
2208 : * use these all the shifts below must be adjusted appropriately.
2209 : */
2210 : 65166, 64430, 63700, 62976, 62257, 61543, 60835, 60132, 59434, 58741, 58054,
2211 : 57371, 56693, 56020, 55352, 54689, 54030, 53375, 52726, 52080, 51439, 50803,
2212 : 50170, 49542, 48918, 48298, 47682, 47070, 46462, 45858, 45257, 44661, 44068,
2213 : 43479, 42894, 42312, 41733, 41159, 40587, 40020, 39455, 38894, 38336, 37782,
2214 : 37230, 36682, 36137, 35595, 35057, 34521, 33988, 33459, 32932, 32408, 31887,
2215 : 31369, 30854, 30341, 29832, 29325, 28820, 28319, 27820, 27324, 26830, 26339,
2216 : 25850, 25364, 24880, 24399, 23920, 23444, 22970, 22499, 22029, 21562, 21098,
2217 : 20636, 20175, 19718, 19262, 18808, 18357, 17908, 17461, 17016, 16573, 16132,
2218 : 15694, 15257, 14822, 14390, 13959, 13530, 13103, 12678, 12255, 11834, 11415,
2219 : 10997, 10582, 10168, 9756, 9346, 8937, 8531, 8126, 7723, 7321, 6921, 6523,
2220 : 6127, 5732, 5339, 4947, 4557, 4169, 3782, 3397, 3014, 2632, 2251, 1872, 1495,
2221 : 1119, 744, 372
2222 : #endif
2223 : };
2224 :
2225 : PNG_STATIC png_int_32
2226 : png_log8bit(unsigned int x)
2227 : {
2228 : unsigned int lg2 = 0;
2229 : /* Each time 'x' is multiplied by 2, 1 must be subtracted off the final log,
2230 : * because the log is actually negate that means adding 1. The final
2231 : * returned value thus has the range 0 (for 255 input) to 7.994 (for 1
2232 : * input), return 7.99998 for the overflow (log 0) case - so the result is
2233 : * always at most 19 bits.
2234 : */
2235 : if ((x &= 0xff) == 0)
2236 : return 0xffffffff;
2237 :
2238 : if ((x & 0xf0) == 0)
2239 : lg2 = 4, x <<= 4;
2240 :
2241 : if ((x & 0xc0) == 0)
2242 : lg2 += 2, x <<= 2;
2243 :
2244 : if ((x & 0x80) == 0)
2245 : lg2 += 1, x <<= 1;
2246 :
2247 : /* result is at most 19 bits, so this cast is safe: */
2248 : return (png_int_32)((lg2 << 16) + ((png_8bit_l2[x-128]+32768)>>16));
2249 : }
2250 :
2251 : /* The above gives exact (to 16 binary places) log2 values for 8-bit images,
2252 : * for 16-bit images we use the most significant 8 bits of the 16-bit value to
2253 : * get an approximation then multiply the approximation by a correction factor
2254 : * determined by the remaining up to 8 bits. This requires an additional step
2255 : * in the 16-bit case.
2256 : *
2257 : * We want log2(value/65535), we have log2(v'/255), where:
2258 : *
2259 : * value = v' * 256 + v''
2260 : * = v' * f
2261 : *
2262 : * So f is value/v', which is equal to (256+v''/v') since v' is in the range 128
2263 : * to 255 and v'' is in the range 0 to 255 f will be in the range 256 to less
2264 : * than 258. The final factor also needs to correct for the fact that our 8-bit
2265 : * value is scaled by 255, whereas the 16-bit values must be scaled by 65535.
2266 : *
2267 : * This gives a final formula using a calculated value 'x' which is value/v' and
2268 : * scaling by 65536 to match the above table:
2269 : *
2270 : * log2(x/257) * 65536
2271 : *
2272 : * Since these numbers are so close to '1' we can use simple linear
2273 : * interpolation between the two end values 256/257 (result -368.61) and 258/257
2274 : * (result 367.179). The values used below are scaled by a further 64 to give
2275 : * 16-bit precision in the interpolation:
2276 : *
2277 : * Start (256): -23591
2278 : * Zero (257): 0
2279 : * End (258): 23499
2280 : */
2281 : PNG_STATIC png_int_32
2282 : png_log16bit(png_uint_32 x)
2283 : {
2284 : unsigned int lg2 = 0;
2285 :
2286 : /* As above, but now the input has 16 bits. */
2287 : if ((x &= 0xffff) == 0)
2288 : return 0xffffffff;
2289 :
2290 : if ((x & 0xff00) == 0)
2291 : lg2 = 8, x <<= 8;
2292 :
2293 : if ((x & 0xf000) == 0)
2294 : lg2 += 4, x <<= 4;
2295 :
2296 : if ((x & 0xc000) == 0)
2297 : lg2 += 2, x <<= 2;
2298 :
2299 : if ((x & 0x8000) == 0)
2300 : lg2 += 1, x <<= 1;
2301 :
2302 : /* Calculate the base logarithm from the top 8 bits as a 28-bit fractional
2303 : * value.
2304 : */
2305 : lg2 <<= 28;
2306 : lg2 += (png_8bit_l2[(x>>8)-128]+8) >> 4;
2307 :
2308 : /* Now we need to interpolate the factor, this requires a division by the top
2309 : * 8 bits. Do this with maximum precision.
2310 : */
2311 : x = ((x << 16) + (x >> 9)) / (x >> 8);
2312 :
2313 : /* Since we divided by the top 8 bits of 'x' there will be a '1' at 1<<24,
2314 : * the value at 1<<16 (ignoring this) will be 0 or 1; this gives us exactly
2315 : * 16 bits to interpolate to get the low bits of the result. Round the
2316 : * answer. Note that the end point values are scaled by 64 to retain overall
2317 : * precision and that 'lg2' is current scaled by an extra 12 bits, so adjust
2318 : * the overall scaling by 6-12. Round at every step.
2319 : */
2320 : x -= 1U << 24;
2321 :
2322 : if (x <= 65536U) /* <= '257' */
2323 : lg2 += ((23591U * (65536U-x)) + (1U << (16+6-12-1))) >> (16+6-12);
2324 :
2325 : else
2326 : lg2 -= ((23499U * (x-65536U)) + (1U << (16+6-12-1))) >> (16+6-12);
2327 :
2328 : /* Safe, because the result can't have more than 20 bits: */
2329 : return (png_int_32)((lg2 + 2048) >> 12);
2330 : }
2331 :
2332 : /* The 'exp()' case must invert the above, taking a 20-bit fixed point
2333 : * logarithmic value and returning a 16 or 8-bit number as appropriate. In
2334 : * each case only the low 16 bits are relevant - the fraction - since the
2335 : * integer bits (the top 4) simply determine a shift.
2336 : *
2337 : * The worst case is the 16-bit distinction between 65535 and 65534, this
2338 : * requires perhaps spurious accuracy in the decoding of the logarithm to
2339 : * distinguish log2(65535/65534.5) - 10^-5 or 17 bits. There is little chance
2340 : * of getting this accuracy in practice.
2341 : *
2342 : * To deal with this the following exp() function works out the exponent of the
2343 : * frational part of the logarithm by using an accurate 32-bit value from the
2344 : * top four fractional bits then multiplying in the remaining bits.
2345 : */
2346 : static png_uint_32
2347 : png_32bit_exp[16] =
2348 : {
2349 : # ifdef PNG_DO_BC
2350 : for (i=0;i<16;++i) { .5 + e(-i/16*l(2))*2^32; }
2351 : # else
2352 : /* NOTE: the first entry is deliberately set to the maximum 32-bit value. */
2353 : 4294967295U, 4112874773U, 3938502376U, 3771522796U, 3611622603U, 3458501653U,
2354 : 3311872529U, 3171459999U, 3037000500U, 2908241642U, 2784941738U, 2666869345U,
2355 : 2553802834U, 2445529972U, 2341847524U, 2242560872U
2356 : # endif
2357 : };
2358 :
2359 : /* Adjustment table; provided to explain the numbers in the code below. */
2360 : #ifdef PNG_DO_BC
2361 : for (i=11;i>=0;--i){ print i, " ", (1 - e(-(2^i)/65536*l(2))) * 2^(32-i), "\n"}
2362 : 11 44937.64284865548751208448
2363 : 10 45180.98734845585101160448
2364 : 9 45303.31936980687359311872
2365 : 8 45364.65110595323018870784
2366 : 7 45395.35850361789624614912
2367 : 6 45410.72259715102037508096
2368 : 5 45418.40724413220722311168
2369 : 4 45422.25021786898173001728
2370 : 3 45424.17186732298419044352
2371 : 2 45425.13273269940811464704
2372 : 1 45425.61317555035558641664
2373 : 0 45425.85339951654943850496
2374 : #endif
2375 :
2376 : PNG_STATIC png_uint_32
2377 : png_exp(png_fixed_point x)
2378 : {
2379 : if (x > 0 && x <= 0xfffff) /* Else overflow or zero (underflow) */
2380 : {
2381 : /* Obtain a 4-bit approximation */
2382 : png_uint_32 e = png_32bit_exp[(x >> 12) & 0xf];
2383 :
2384 : /* Incorporate the low 12 bits - these decrease the returned value by
2385 : * multiplying by a number less than 1 if the bit is set. The multiplier
2386 : * is determined by the above table and the shift. Notice that the values
2387 : * converge on 45426 and this is used to allow linear interpolation of the
2388 : * low bits.
2389 : */
2390 : if (x & 0x800)
2391 : e -= (((e >> 16) * 44938U) + 16U) >> 5;
2392 :
2393 : if (x & 0x400)
2394 : e -= (((e >> 16) * 45181U) + 32U) >> 6;
2395 :
2396 : if (x & 0x200)
2397 : e -= (((e >> 16) * 45303U) + 64U) >> 7;
2398 :
2399 : if (x & 0x100)
2400 : e -= (((e >> 16) * 45365U) + 128U) >> 8;
2401 :
2402 : if (x & 0x080)
2403 : e -= (((e >> 16) * 45395U) + 256U) >> 9;
2404 :
2405 : if (x & 0x040)
2406 : e -= (((e >> 16) * 45410U) + 512U) >> 10;
2407 :
2408 : /* And handle the low 6 bits in a single block. */
2409 : e -= (((e >> 16) * 355U * (x & 0x3fU)) + 256U) >> 9;
2410 :
2411 : /* Handle the upper bits of x. */
2412 : e >>= x >> 16;
2413 : return e;
2414 : }
2415 :
2416 : /* Check for overflow */
2417 : if (x <= 0)
2418 : return png_32bit_exp[0];
2419 :
2420 : /* Else underflow */
2421 : return 0;
2422 : }
2423 :
2424 : PNG_STATIC png_byte
2425 : png_exp8bit(png_fixed_point lg2)
2426 : {
2427 : /* Get a 32-bit value: */
2428 : png_uint_32 x = png_exp(lg2);
2429 :
2430 : /* Convert the 32-bit value to 0..255 by multiplying by 256-1, note that the
2431 : * second, rounding, step can't overflow because of the first, subtraction,
2432 : * step.
2433 : */
2434 : x -= x >> 8;
2435 : return (png_byte)((x + 0x7fffffU) >> 24);
2436 : }
2437 :
2438 : PNG_STATIC png_uint_16
2439 : png_exp16bit(png_fixed_point lg2)
2440 : {
2441 : /* Get a 32-bit value: */
2442 : png_uint_32 x = png_exp(lg2);
2443 :
2444 : /* Convert the 32-bit value to 0..65535 by multiplying by 65536-1: */
2445 : x -= x >> 16;
2446 : return (png_uint_16)((x + 32767U) >> 16);
2447 : }
2448 : #endif /* FLOATING_ARITHMETIC */
2449 :
2450 : png_byte
2451 0 : png_gamma_8bit_correct(unsigned int value, png_fixed_point gamma_val)
2452 : {
2453 0 : if (value > 0 && value < 255)
2454 : {
2455 : # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
2456 0 : double r = floor(255*pow(value/255.,gamma_val*.00001)+.5);
2457 0 : return (png_byte)r;
2458 : # else
2459 : png_int_32 lg2 = png_log8bit(value);
2460 : png_fixed_point res;
2461 :
2462 : if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1))
2463 : return png_exp8bit(res);
2464 :
2465 : /* Overflow. */
2466 : value = 0;
2467 : # endif
2468 : }
2469 :
2470 0 : return (png_byte)value;
2471 : }
2472 :
2473 : png_uint_16
2474 0 : png_gamma_16bit_correct(unsigned int value, png_fixed_point gamma_val)
2475 : {
2476 0 : if (value > 0 && value < 65535)
2477 : {
2478 : # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
2479 0 : double r = floor(65535*pow(value/65535.,gamma_val*.00001)+.5);
2480 0 : return (png_uint_16)r;
2481 : # else
2482 : png_int_32 lg2 = png_log16bit(value);
2483 : png_fixed_point res;
2484 :
2485 : if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1))
2486 : return png_exp16bit(res);
2487 :
2488 : /* Overflow. */
2489 : value = 0;
2490 : # endif
2491 : }
2492 :
2493 0 : return (png_uint_16)value;
2494 : }
2495 :
2496 : /* This does the right thing based on the bit_depth field of the
2497 : * png_struct, interpreting values as 8-bit or 16-bit. While the result
2498 : * is nominally a 16-bit value if bit depth is 8 then the result is
2499 : * 8-bit (as are the arguments.)
2500 : */
2501 : png_uint_16 /* PRIVATE */
2502 0 : png_gamma_correct(png_structp png_ptr, unsigned int value,
2503 : png_fixed_point gamma_val)
2504 : {
2505 0 : if (png_ptr->bit_depth == 8)
2506 0 : return png_gamma_8bit_correct(value, gamma_val);
2507 :
2508 : else
2509 0 : return png_gamma_16bit_correct(value, gamma_val);
2510 : }
2511 :
2512 : /* This is the shared test on whether a gamma value is 'significant' - whether
2513 : * it is worth doing gamma correction.
2514 : */
2515 : int /* PRIVATE */
2516 4 : png_gamma_significant(png_fixed_point gamma_val)
2517 : {
2518 4 : return gamma_val < PNG_FP_1 - PNG_GAMMA_THRESHOLD_FIXED ||
2519 : gamma_val > PNG_FP_1 + PNG_GAMMA_THRESHOLD_FIXED;
2520 : }
2521 :
2522 : /* Internal function to build a single 16-bit table - the table consists of
2523 : * 'num' 256-entry subtables, where 'num' is determined by 'shift' - the amount
2524 : * to shift the input values right (or 16-number_of_signifiant_bits).
2525 : *
2526 : * The caller is responsible for ensuring that the table gets cleaned up on
2527 : * png_error (i.e. if one of the mallocs below fails) - i.e. the *table argument
2528 : * should be somewhere that will be cleaned.
2529 : */
2530 : static void
2531 0 : png_build_16bit_table(png_structp png_ptr, png_uint_16pp *ptable,
2532 : PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
2533 : {
2534 : /* Various values derived from 'shift': */
2535 0 : PNG_CONST unsigned int num = 1U << (8U - shift);
2536 0 : PNG_CONST unsigned int max = (1U << (16U - shift))-1U;
2537 0 : PNG_CONST unsigned int max_by_2 = 1U << (15U-shift);
2538 : unsigned int i;
2539 :
2540 0 : png_uint_16pp table = *ptable =
2541 0 : (png_uint_16pp)png_calloc(png_ptr, num * png_sizeof(png_uint_16p));
2542 :
2543 0 : for (i = 0; i < num; i++)
2544 : {
2545 0 : png_uint_16p sub_table = table[i] =
2546 0 : (png_uint_16p)png_malloc(png_ptr, 256 * png_sizeof(png_uint_16));
2547 :
2548 : /* The 'threshold' test is repeated here because it can arise for one of
2549 : * the 16-bit tables even if the others don't hit it.
2550 : */
2551 0 : if (png_gamma_significant(gamma_val))
2552 : {
2553 : /* The old code would overflow at the end and this would cause the
2554 : * 'pow' function to return a result >1, resulting in an
2555 : * arithmetic error. This code follows the spec exactly; ig is
2556 : * the recovered input sample, it always has 8-16 bits.
2557 : *
2558 : * We want input * 65535/max, rounded, the arithmetic fits in 32
2559 : * bits (unsigned) so long as max <= 32767.
2560 : */
2561 : unsigned int j;
2562 0 : for (j = 0; j < 256; j++)
2563 : {
2564 0 : png_uint_32 ig = (j << (8-shift)) + i;
2565 : # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
2566 : /* Inline the 'max' scaling operation: */
2567 0 : double d = floor(65535*pow(ig/(double)max, gamma_val*.00001)+.5);
2568 0 : sub_table[j] = (png_uint_16)d;
2569 : # else
2570 : if (shift)
2571 : ig = (ig * 65535U + max_by_2)/max;
2572 :
2573 : sub_table[j] = png_gamma_16bit_correct(ig, gamma_val);
2574 : # endif
2575 : }
2576 : }
2577 : else
2578 : {
2579 : /* We must still build a table, but do it the fast way. */
2580 : unsigned int j;
2581 :
2582 0 : for (j = 0; j < 256; j++)
2583 : {
2584 0 : png_uint_32 ig = (j << (8-shift)) + i;
2585 :
2586 0 : if (shift)
2587 0 : ig = (ig * 65535U + max_by_2)/max;
2588 :
2589 0 : sub_table[j] = (png_uint_16)ig;
2590 : }
2591 : }
2592 : }
2593 0 : }
2594 :
2595 : /* NOTE: this function expects the *inverse* of the overall gamma transformation
2596 : * required.
2597 : */
2598 : static void
2599 0 : png_build_16to8_table(png_structp png_ptr, png_uint_16pp *ptable,
2600 : PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
2601 : {
2602 0 : PNG_CONST unsigned int num = 1U << (8U - shift);
2603 0 : PNG_CONST unsigned int max = (1U << (16U - shift))-1U;
2604 : unsigned int i;
2605 : png_uint_32 last;
2606 :
2607 0 : png_uint_16pp table = *ptable =
2608 0 : (png_uint_16pp)png_calloc(png_ptr, num * png_sizeof(png_uint_16p));
2609 :
2610 : /* 'num' is the number of tables and also the number of low bits of the
2611 : * input 16-bit value used to select a table. Each table is itself indexed
2612 : * by the high 8 bits of the value.
2613 : */
2614 0 : for (i = 0; i < num; i++)
2615 0 : table[i] = (png_uint_16p)png_malloc(png_ptr,
2616 : 256 * png_sizeof(png_uint_16));
2617 :
2618 : /* 'gamma_val' is set to the reciprocal of the value calculated above, so
2619 : * pow(out,g) is an *input* value. 'last' is the last input value set.
2620 : *
2621 : * In the loop 'i' is used to find output values. Since the output is
2622 : * 8-bit there are only 256 possible values. The tables are set up to
2623 : * select the closest possible output value for each input by finding
2624 : * the input value at the boundary between each pair of output values
2625 : * and filling the table up to that boundary with the lower output
2626 : * value.
2627 : *
2628 : * The boundary values are 0.5,1.5..253.5,254.5. Since these are 9-bit
2629 : * values the code below uses a 16-bit value in i; the values start at
2630 : * 128.5 (for 0.5) and step by 257, for a total of 254 values (the last
2631 : * entries are filled with 255). Start i at 128 and fill all 'last'
2632 : * table entries <= 'max'
2633 : */
2634 0 : last = 0;
2635 0 : for (i = 0; i < 255; ++i) /* 8-bit output value */
2636 : {
2637 : /* Find the corresponding maximum input value */
2638 0 : png_uint_16 out = (png_uint_16)(i * 257U); /* 16-bit output value */
2639 :
2640 : /* Find the boundary value in 16 bits: */
2641 0 : png_uint_32 bound = png_gamma_16bit_correct(out+128U, gamma_val);
2642 :
2643 : /* Adjust (round) to (16-shift) bits: */
2644 0 : bound = (bound * max + 32768U)/65535U + 1U;
2645 :
2646 0 : while (last < bound)
2647 : {
2648 0 : table[last & (0xffU >> shift)][last >> (8U - shift)] = out;
2649 0 : last++;
2650 : }
2651 : }
2652 :
2653 : /* And fill in the final entries. */
2654 0 : while (last < (num << 8))
2655 : {
2656 0 : table[last & (0xff >> shift)][last >> (8U - shift)] = 65535U;
2657 0 : last++;
2658 : }
2659 0 : }
2660 :
2661 : /* Build a single 8-bit table: same as the 16-bit case but much simpler (and
2662 : * typically much faster). Note that libpng currently does no sBIT processing
2663 : * (apparently contrary to the spec) so a 256-entry table is always generated.
2664 : */
2665 : static void
2666 0 : png_build_8bit_table(png_structp png_ptr, png_bytepp ptable,
2667 : PNG_CONST png_fixed_point gamma_val)
2668 : {
2669 : unsigned int i;
2670 0 : png_bytep table = *ptable = (png_bytep)png_malloc(png_ptr, 256);
2671 :
2672 0 : if (png_gamma_significant(gamma_val)) for (i=0; i<256; i++)
2673 0 : table[i] = png_gamma_8bit_correct(i, gamma_val);
2674 :
2675 0 : else for (i=0; i<256; ++i)
2676 0 : table[i] = (png_byte)i;
2677 0 : }
2678 :
2679 : /* Used from png_read_destroy and below to release the memory used by the gamma
2680 : * tables.
2681 : */
2682 : void /* PRIVATE */
2683 4 : png_destroy_gamma_table(png_structp png_ptr)
2684 : {
2685 4 : png_free(png_ptr, png_ptr->gamma_table);
2686 4 : png_ptr->gamma_table = NULL;
2687 :
2688 4 : if (png_ptr->gamma_16_table != NULL)
2689 : {
2690 : int i;
2691 0 : int istop = (1 << (8 - png_ptr->gamma_shift));
2692 0 : for (i = 0; i < istop; i++)
2693 : {
2694 0 : png_free(png_ptr, png_ptr->gamma_16_table[i]);
2695 : }
2696 0 : png_free(png_ptr, png_ptr->gamma_16_table);
2697 0 : png_ptr->gamma_16_table = NULL;
2698 : }
2699 :
2700 : #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
2701 : defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
2702 : defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
2703 : png_free(png_ptr, png_ptr->gamma_from_1);
2704 : png_ptr->gamma_from_1 = NULL;
2705 : png_free(png_ptr, png_ptr->gamma_to_1);
2706 : png_ptr->gamma_to_1 = NULL;
2707 :
2708 : if (png_ptr->gamma_16_from_1 != NULL)
2709 : {
2710 : int i;
2711 : int istop = (1 << (8 - png_ptr->gamma_shift));
2712 : for (i = 0; i < istop; i++)
2713 : {
2714 : png_free(png_ptr, png_ptr->gamma_16_from_1[i]);
2715 : }
2716 : png_free(png_ptr, png_ptr->gamma_16_from_1);
2717 : png_ptr->gamma_16_from_1 = NULL;
2718 : }
2719 : if (png_ptr->gamma_16_to_1 != NULL)
2720 : {
2721 : int i;
2722 : int istop = (1 << (8 - png_ptr->gamma_shift));
2723 : for (i = 0; i < istop; i++)
2724 : {
2725 : png_free(png_ptr, png_ptr->gamma_16_to_1[i]);
2726 : }
2727 : png_free(png_ptr, png_ptr->gamma_16_to_1);
2728 : png_ptr->gamma_16_to_1 = NULL;
2729 : }
2730 : #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
2731 4 : }
2732 :
2733 : /* We build the 8- or 16-bit gamma tables here. Note that for 16-bit
2734 : * tables, we don't make a full table if we are reducing to 8-bit in
2735 : * the future. Note also how the gamma_16 tables are segmented so that
2736 : * we don't need to allocate > 64K chunks for a full 16-bit table.
2737 : */
2738 : void /* PRIVATE */
2739 0 : png_build_gamma_table(png_structp png_ptr, int bit_depth)
2740 : {
2741 : png_debug(1, "in png_build_gamma_table");
2742 :
2743 : /* Remove any existing table; this copes with multiple calls to
2744 : * png_read_update_info. The warning is because building the gamma tables
2745 : * multiple times is a performance hit - it's harmless but the ability to call
2746 : * png_read_update_info() multiple times is new in 1.5.6 so it seems sensible
2747 : * to warn if the app introduces such a hit.
2748 : */
2749 0 : if (png_ptr->gamma_table != NULL || png_ptr->gamma_16_table != NULL)
2750 : {
2751 : png_warning(png_ptr, "gamma table being rebuilt");
2752 0 : png_destroy_gamma_table(png_ptr);
2753 : }
2754 :
2755 0 : if (bit_depth <= 8)
2756 : {
2757 0 : png_build_8bit_table(png_ptr, &png_ptr->gamma_table,
2758 0 : png_ptr->screen_gamma > 0 ? png_reciprocal2(png_ptr->gamma,
2759 : png_ptr->screen_gamma) : PNG_FP_1);
2760 :
2761 : #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
2762 : defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
2763 : defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
2764 : if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY))
2765 : {
2766 : png_build_8bit_table(png_ptr, &png_ptr->gamma_to_1,
2767 : png_reciprocal(png_ptr->gamma));
2768 :
2769 : png_build_8bit_table(png_ptr, &png_ptr->gamma_from_1,
2770 : png_ptr->screen_gamma > 0 ? png_reciprocal(png_ptr->screen_gamma) :
2771 : png_ptr->gamma/* Probably doing rgb_to_gray */);
2772 : }
2773 : #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
2774 : }
2775 : else
2776 : {
2777 : png_byte shift, sig_bit;
2778 :
2779 0 : if (png_ptr->color_type & PNG_COLOR_MASK_COLOR)
2780 : {
2781 0 : sig_bit = png_ptr->sig_bit.red;
2782 :
2783 0 : if (png_ptr->sig_bit.green > sig_bit)
2784 0 : sig_bit = png_ptr->sig_bit.green;
2785 :
2786 0 : if (png_ptr->sig_bit.blue > sig_bit)
2787 0 : sig_bit = png_ptr->sig_bit.blue;
2788 : }
2789 : else
2790 0 : sig_bit = png_ptr->sig_bit.gray;
2791 :
2792 : /* 16-bit gamma code uses this equation:
2793 : *
2794 : * ov = table[(iv & 0xff) >> gamma_shift][iv >> 8]
2795 : *
2796 : * Where 'iv' is the input color value and 'ov' is the output value -
2797 : * pow(iv, gamma).
2798 : *
2799 : * Thus the gamma table consists of up to 256 256-entry tables. The table
2800 : * is selected by the (8-gamma_shift) most significant of the low 8 bits of
2801 : * the color value then indexed by the upper 8 bits:
2802 : *
2803 : * table[low bits][high 8 bits]
2804 : *
2805 : * So the table 'n' corresponds to all those 'iv' of:
2806 : *
2807 : * <all high 8-bit values><n << gamma_shift>..<(n+1 << gamma_shift)-1>
2808 : *
2809 : */
2810 0 : if (sig_bit > 0 && sig_bit < 16U)
2811 0 : shift = (png_byte)(16U - sig_bit); /* shift == insignificant bits */
2812 :
2813 : else
2814 0 : shift = 0; /* keep all 16 bits */
2815 :
2816 0 : if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8))
2817 : {
2818 : /* PNG_MAX_GAMMA_8 is the number of bits to keep - effectively
2819 : * the significant bits in the *input* when the output will
2820 : * eventually be 8 bits. By default it is 11.
2821 : */
2822 0 : if (shift < (16U - PNG_MAX_GAMMA_8))
2823 0 : shift = (16U - PNG_MAX_GAMMA_8);
2824 : }
2825 :
2826 0 : if (shift > 8U)
2827 0 : shift = 8U; /* Guarantees at least one table! */
2828 :
2829 0 : png_ptr->gamma_shift = shift;
2830 :
2831 : #ifdef PNG_16BIT_SUPPORTED
2832 : /* NOTE: prior to 1.5.4 this test used to include PNG_BACKGROUND (now
2833 : * PNG_COMPOSE). This effectively smashed the background calculation for
2834 : * 16-bit output because the 8-bit table assumes the result will be reduced
2835 : * to 8 bits.
2836 : */
2837 0 : if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8))
2838 : #endif
2839 0 : png_build_16to8_table(png_ptr, &png_ptr->gamma_16_table, shift,
2840 0 : png_ptr->screen_gamma > 0 ? png_product2(png_ptr->gamma,
2841 : png_ptr->screen_gamma) : PNG_FP_1);
2842 :
2843 : #ifdef PNG_16BIT_SUPPORTED
2844 : else
2845 0 : png_build_16bit_table(png_ptr, &png_ptr->gamma_16_table, shift,
2846 0 : png_ptr->screen_gamma > 0 ? png_reciprocal2(png_ptr->gamma,
2847 : png_ptr->screen_gamma) : PNG_FP_1);
2848 : #endif
2849 :
2850 : #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
2851 : defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
2852 : defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
2853 : if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY))
2854 : {
2855 : png_build_16bit_table(png_ptr, &png_ptr->gamma_16_to_1, shift,
2856 : png_reciprocal(png_ptr->gamma));
2857 :
2858 : /* Notice that the '16 from 1' table should be full precision, however
2859 : * the lookup on this table still uses gamma_shift, so it can't be.
2860 : * TODO: fix this.
2861 : */
2862 : png_build_16bit_table(png_ptr, &png_ptr->gamma_16_from_1, shift,
2863 : png_ptr->screen_gamma > 0 ? png_reciprocal(png_ptr->screen_gamma) :
2864 : png_ptr->gamma/* Probably doing rgb_to_gray */);
2865 : }
2866 : #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
2867 : }
2868 0 : }
2869 : #endif /* READ_GAMMA */
2870 : #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
|