LCOV - code coverage report
Current view: directory - media/libpng - png.c (source / functions) Found Hit Coverage
Test: app.info Lines: 432 110 25.5 %
Date: 2012-06-02 Functions: 42 16 38.1 %

       1                 : 
       2                 : /* png.c - location for general purpose libpng functions
       3                 :  *
       4                 :  * Last changed in libpng 1.5.7 [December 15, 2011]
       5                 :  * Copyright (c) 1998-2011 Glenn Randers-Pehrson
       6                 :  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
       7                 :  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
       8                 :  *
       9                 :  * This code is released under the libpng license.
      10                 :  * For conditions of distribution and use, see the disclaimer
      11                 :  * and license in png.h
      12                 :  */
      13                 : 
      14                 : #include "pngpriv.h"
      15                 : 
      16                 : /* Generate a compiler error if there is an old png.h in the search path. */
      17                 : typedef png_libpng_version_1_5_9 Your_png_h_is_not_version_1_5_9;
      18                 : 
      19                 : /* Tells libpng that we have already handled the first "num_bytes" bytes
      20                 :  * of the PNG file signature.  If the PNG data is embedded into another
      21                 :  * stream we can set num_bytes = 8 so that libpng will not attempt to read
      22                 :  * or write any of the magic bytes before it starts on the IHDR.
      23                 :  */
      24                 : 
      25                 : #ifdef PNG_READ_SUPPORTED
      26                 : void PNGAPI
      27               0 : png_set_sig_bytes(png_structp png_ptr, int num_bytes)
      28                 : {
      29                 :    png_debug(1, "in png_set_sig_bytes");
      30                 : 
      31               0 :    if (png_ptr == NULL)
      32               0 :       return;
      33                 : 
      34               0 :    if (num_bytes > 8)
      35               0 :       png_error(png_ptr, "Too many bytes for PNG signature");
      36                 : 
      37               0 :    png_ptr->sig_bytes = (png_byte)(num_bytes < 0 ? 0 : num_bytes);
      38                 : }
      39                 : 
      40                 : /* Checks whether the supplied bytes match the PNG signature.  We allow
      41                 :  * checking less than the full 8-byte signature so that those apps that
      42                 :  * already read the first few bytes of a file to determine the file type
      43                 :  * can simply check the remaining bytes for extra assurance.  Returns
      44                 :  * an integer less than, equal to, or greater than zero if sig is found,
      45                 :  * respectively, to be less than, to match, or be greater than the correct
      46                 :  * PNG signature (this is the same behavior as strcmp, memcmp, etc).
      47                 :  */
      48                 : int PNGAPI
      49               4 : png_sig_cmp(png_const_bytep sig, png_size_t start, png_size_t num_to_check)
      50                 : {
      51               4 :    png_byte png_signature[8] = {137, 80, 78, 71, 13, 10, 26, 10};
      52                 : 
      53               4 :    if (num_to_check > 8)
      54               0 :       num_to_check = 8;
      55                 : 
      56               4 :    else if (num_to_check < 1)
      57               0 :       return (-1);
      58                 : 
      59               4 :    if (start > 7)
      60               0 :       return (-1);
      61                 : 
      62               4 :    if (start + num_to_check > 8)
      63               0 :       num_to_check = 8 - start;
      64                 : 
      65               4 :    return ((int)(png_memcmp(&sig[start], &png_signature[start], num_to_check)));
      66                 : }
      67                 : 
      68                 : #endif /* PNG_READ_SUPPORTED */
      69                 : 
      70                 : #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
      71                 : /* Function to allocate memory for zlib */
      72             138 : PNG_FUNCTION(voidpf /* PRIVATE */,
      73                 : png_zalloc,(voidpf png_ptr, uInt items, uInt size),PNG_ALLOCATED)
      74                 : {
      75                 :    png_voidp ptr;
      76             138 :    png_structp p=(png_structp)png_ptr;
      77             138 :    png_uint_32 save_flags=p->flags;
      78                 :    png_alloc_size_t num_bytes;
      79                 : 
      80             138 :    if (png_ptr == NULL)
      81               0 :       return (NULL);
      82                 : 
      83             138 :    if (items > PNG_UINT_32_MAX/size)
      84                 :    {
      85                 :      png_warning (p, "Potential overflow in png_zalloc()");
      86               0 :      return (NULL);
      87                 :    }
      88             138 :    num_bytes = (png_alloc_size_t)items * size;
      89                 : 
      90             138 :    p->flags|=PNG_FLAG_MALLOC_NULL_MEM_OK;
      91             138 :    ptr = (png_voidp)png_malloc((png_structp)png_ptr, num_bytes);
      92             138 :    p->flags=save_flags;
      93                 : 
      94             138 :    return ((voidpf)ptr);
      95                 : }
      96                 : 
      97                 : /* Function to free memory for zlib */
      98                 : void /* PRIVATE */
      99             138 : png_zfree(voidpf png_ptr, voidpf ptr)
     100                 : {
     101             138 :    png_free((png_structp)png_ptr, (png_voidp)ptr);
     102             138 : }
     103                 : 
     104                 : /* Reset the CRC variable to 32 bits of 1's.  Care must be taken
     105                 :  * in case CRC is > 32 bits to leave the top bits 0.
     106                 :  */
     107                 : void /* PRIVATE */
     108             131 : png_reset_crc(png_structp png_ptr)
     109                 : {
     110                 :    /* The cast is safe because the crc is a 32 bit value. */
     111             131 :    png_ptr->crc = (png_uint_32)crc32(0, Z_NULL, 0);
     112             131 : }
     113                 : 
     114                 : /* Calculate the CRC over a section of data.  We can only pass as
     115                 :  * much data to this routine as the largest single buffer size.  We
     116                 :  * also check that this data will actually be used before going to the
     117                 :  * trouble of calculating it.
     118                 :  */
     119                 : void /* PRIVATE */
     120             261 : png_calculate_crc(png_structp png_ptr, png_const_bytep ptr, png_size_t length)
     121                 : {
     122             261 :    int need_crc = 1;
     123                 : 
     124             261 :    if (PNG_CHUNK_ANCILLIARY(png_ptr->chunk_name))
     125                 :    {
     126              91 :       if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_MASK) ==
     127                 :           (PNG_FLAG_CRC_ANCILLARY_USE | PNG_FLAG_CRC_ANCILLARY_NOWARN))
     128               0 :          need_crc = 0;
     129                 :    }
     130                 : 
     131                 :    else /* critical */
     132                 :    {
     133             170 :       if (png_ptr->flags & PNG_FLAG_CRC_CRITICAL_IGNORE)
     134               0 :          need_crc = 0;
     135                 :    }
     136                 : 
     137                 :    /* 'uLong' is defined as unsigned long, this means that on some systems it is
     138                 :     * a 64 bit value.  crc32, however, returns 32 bits so the following cast is
     139                 :     * safe.  'uInt' may be no more than 16 bits, so it is necessary to perform a
     140                 :     * loop here.
     141                 :     */
     142             261 :    if (need_crc && length > 0)
     143                 :    {
     144             261 :       uLong crc = png_ptr->crc; /* Should never issue a warning */
     145                 : 
     146                 :       do
     147                 :       {
     148             261 :          uInt safeLength = (uInt)length;
     149             261 :          if (safeLength == 0)
     150               0 :             safeLength = (uInt)-1; /* evil, but safe */
     151                 : 
     152             261 :          crc = crc32(crc, ptr, safeLength);
     153                 : 
     154                 :          /* The following should never issue compiler warnings, if they do the
     155                 :           * target system has characteristics that will probably violate other
     156                 :           * assumptions within the libpng code.
     157                 :           */
     158             261 :          ptr += safeLength;
     159             261 :          length -= safeLength;
     160                 :       }
     161             261 :       while (length > 0);
     162                 : 
     163                 :       /* And the following is always safe because the crc is only 32 bits. */
     164             261 :       png_ptr->crc = (png_uint_32)crc;
     165                 :    }
     166             261 : }
     167                 : 
     168                 : /* Check a user supplied version number, called from both read and write
     169                 :  * functions that create a png_struct
     170                 :  */
     171                 : int
     172              30 : png_user_version_check(png_structp png_ptr, png_const_charp user_png_ver)
     173                 : {
     174              30 :    if (user_png_ver)
     175                 :    {
     176              30 :       int i = 0;
     177                 : 
     178                 :       do
     179                 :       {
     180             180 :          if (user_png_ver[i] != png_libpng_ver[i])
     181               0 :             png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
     182             180 :       } while (png_libpng_ver[i++]);
     183                 :    }
     184                 : 
     185                 :    else
     186               0 :       png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
     187                 : 
     188              30 :    if (png_ptr->flags & PNG_FLAG_LIBRARY_MISMATCH)
     189                 :    {
     190                 :      /* Libpng 0.90 and later are binary incompatible with libpng 0.89, so
     191                 :       * we must recompile any applications that use any older library version.
     192                 :       * For versions after libpng 1.0, we will be compatible, so we need
     193                 :       * only check the first digit.
     194                 :       */
     195               0 :       if (user_png_ver == NULL || user_png_ver[0] != png_libpng_ver[0] ||
     196               0 :           (user_png_ver[0] == '1' && user_png_ver[2] != png_libpng_ver[2]) ||
     197               0 :           (user_png_ver[0] == '0' && user_png_ver[2] < '9'))
     198                 :       {
     199                 : #ifdef PNG_WARNINGS_SUPPORTED
     200                 :          size_t pos = 0;
     201                 :          char m[128];
     202                 : 
     203                 :          pos = png_safecat(m, sizeof m, pos, "Application built with libpng-");
     204                 :          pos = png_safecat(m, sizeof m, pos, user_png_ver);
     205                 :          pos = png_safecat(m, sizeof m, pos, " but running with ");
     206                 :          pos = png_safecat(m, sizeof m, pos, png_libpng_ver);
     207                 : 
     208                 :          png_warning(png_ptr, m);
     209                 : #endif
     210                 : 
     211                 : #ifdef PNG_ERROR_NUMBERS_SUPPORTED
     212                 :          png_ptr->flags = 0;
     213                 : #endif
     214                 : 
     215               0 :          return 0;
     216                 :       }
     217                 :    }
     218                 : 
     219                 :    /* Success return. */
     220              30 :    return 1;
     221                 : }
     222                 : 
     223                 : /* Allocate the memory for an info_struct for the application.  We don't
     224                 :  * really need the png_ptr, but it could potentially be useful in the
     225                 :  * future.  This should be used in favour of malloc(png_sizeof(png_info))
     226                 :  * and png_info_init() so that applications that want to use a shared
     227                 :  * libpng don't have to be recompiled if png_info changes size.
     228                 :  */
     229              30 : PNG_FUNCTION(png_infop,PNGAPI
     230                 : png_create_info_struct,(png_structp png_ptr),PNG_ALLOCATED)
     231                 : {
     232                 :    png_infop info_ptr;
     233                 : 
     234                 :    png_debug(1, "in png_create_info_struct");
     235                 : 
     236              30 :    if (png_ptr == NULL)
     237               0 :       return (NULL);
     238                 : 
     239                 : #ifdef PNG_USER_MEM_SUPPORTED
     240                 :    info_ptr = (png_infop)png_create_struct_2(PNG_STRUCT_INFO,
     241                 :       png_ptr->malloc_fn, png_ptr->mem_ptr);
     242                 : #else
     243              30 :    info_ptr = (png_infop)png_create_struct(PNG_STRUCT_INFO);
     244                 : #endif
     245              30 :    if (info_ptr != NULL)
     246              30 :       png_info_init_3(&info_ptr, png_sizeof(png_info));
     247                 : 
     248              30 :    return (info_ptr);
     249                 : }
     250                 : 
     251                 : /* This function frees the memory associated with a single info struct.
     252                 :  * Normally, one would use either png_destroy_read_struct() or
     253                 :  * png_destroy_write_struct() to free an info struct, but this may be
     254                 :  * useful for some applications.
     255                 :  */
     256                 : void PNGAPI
     257               0 : png_destroy_info_struct(png_structp png_ptr, png_infopp info_ptr_ptr)
     258                 : {
     259               0 :    png_infop info_ptr = NULL;
     260                 : 
     261                 :    png_debug(1, "in png_destroy_info_struct");
     262                 : 
     263               0 :    if (png_ptr == NULL)
     264               0 :       return;
     265                 : 
     266               0 :    if (info_ptr_ptr != NULL)
     267               0 :       info_ptr = *info_ptr_ptr;
     268                 : 
     269               0 :    if (info_ptr != NULL)
     270                 :    {
     271               0 :       png_info_destroy(png_ptr, info_ptr);
     272                 : 
     273                 : #ifdef PNG_USER_MEM_SUPPORTED
     274                 :       png_destroy_struct_2((png_voidp)info_ptr, png_ptr->free_fn,
     275                 :           png_ptr->mem_ptr);
     276                 : #else
     277               0 :       png_destroy_struct((png_voidp)info_ptr);
     278                 : #endif
     279               0 :       *info_ptr_ptr = NULL;
     280                 :    }
     281                 : }
     282                 : 
     283                 : /* Initialize the info structure.  This is now an internal function (0.89)
     284                 :  * and applications using it are urged to use png_create_info_struct()
     285                 :  * instead.
     286                 :  */
     287                 : 
     288                 : void PNGAPI
     289              34 : png_info_init_3(png_infopp ptr_ptr, png_size_t png_info_struct_size)
     290                 : {
     291              34 :    png_infop info_ptr = *ptr_ptr;
     292                 : 
     293                 :    png_debug(1, "in png_info_init_3");
     294                 : 
     295              34 :    if (info_ptr == NULL)
     296               0 :       return;
     297                 : 
     298              34 :    if (png_sizeof(png_info) > png_info_struct_size)
     299                 :    {
     300               0 :       png_destroy_struct(info_ptr);
     301               0 :       info_ptr = (png_infop)png_create_struct(PNG_STRUCT_INFO);
     302               0 :       *ptr_ptr = info_ptr;
     303                 :    }
     304                 : 
     305                 :    /* Set everything to 0 */
     306              34 :    png_memset(info_ptr, 0, png_sizeof(png_info));
     307                 : }
     308                 : 
     309                 : void PNGAPI
     310               0 : png_data_freer(png_structp png_ptr, png_infop info_ptr,
     311                 :    int freer, png_uint_32 mask)
     312                 : {
     313                 :    png_debug(1, "in png_data_freer");
     314                 : 
     315               0 :    if (png_ptr == NULL || info_ptr == NULL)
     316               0 :       return;
     317                 : 
     318               0 :    if (freer == PNG_DESTROY_WILL_FREE_DATA)
     319               0 :       info_ptr->free_me |= mask;
     320                 : 
     321               0 :    else if (freer == PNG_USER_WILL_FREE_DATA)
     322               0 :       info_ptr->free_me &= ~mask;
     323                 : 
     324                 :    else
     325                 :       png_warning(png_ptr,
     326                 :          "Unknown freer parameter in png_data_freer");
     327                 : }
     328                 : 
     329                 : void PNGAPI
     330              34 : png_free_data(png_structp png_ptr, png_infop info_ptr, png_uint_32 mask,
     331                 :    int num)
     332                 : {
     333                 :    png_debug(1, "in png_free_data");
     334                 : 
     335              34 :    if (png_ptr == NULL || info_ptr == NULL)
     336               0 :       return;
     337                 : 
     338                 : #ifdef PNG_TEXT_SUPPORTED
     339                 :    /* Free text item num or (if num == -1) all text items */
     340              34 :    if ((mask & PNG_FREE_TEXT) & info_ptr->free_me)
     341                 :    {
     342               0 :       if (num != -1)
     343                 :       {
     344               0 :          if (info_ptr->text && info_ptr->text[num].key)
     345                 :          {
     346               0 :             png_free(png_ptr, info_ptr->text[num].key);
     347               0 :             info_ptr->text[num].key = NULL;
     348                 :          }
     349                 :       }
     350                 : 
     351                 :       else
     352                 :       {
     353                 :          int i;
     354               0 :          for (i = 0; i < info_ptr->num_text; i++)
     355               0 :              png_free_data(png_ptr, info_ptr, PNG_FREE_TEXT, i);
     356               0 :          png_free(png_ptr, info_ptr->text);
     357               0 :          info_ptr->text = NULL;
     358               0 :          info_ptr->num_text=0;
     359                 :       }
     360                 :    }
     361                 : #endif
     362                 : 
     363                 : #ifdef PNG_tRNS_SUPPORTED
     364                 :    /* Free any tRNS entry */
     365              34 :    if ((mask & PNG_FREE_TRNS) & info_ptr->free_me)
     366                 :    {
     367               0 :       png_free(png_ptr, info_ptr->trans_alpha);
     368               0 :       info_ptr->trans_alpha = NULL;
     369               0 :       info_ptr->valid &= ~PNG_INFO_tRNS;
     370                 :    }
     371                 : #endif
     372                 : 
     373                 : #ifdef PNG_sCAL_SUPPORTED
     374                 :    /* Free any sCAL entry */
     375                 :    if ((mask & PNG_FREE_SCAL) & info_ptr->free_me)
     376                 :    {
     377                 :       png_free(png_ptr, info_ptr->scal_s_width);
     378                 :       png_free(png_ptr, info_ptr->scal_s_height);
     379                 :       info_ptr->scal_s_width = NULL;
     380                 :       info_ptr->scal_s_height = NULL;
     381                 :       info_ptr->valid &= ~PNG_INFO_sCAL;
     382                 :    }
     383                 : #endif
     384                 : 
     385                 : #ifdef PNG_pCAL_SUPPORTED
     386                 :    /* Free any pCAL entry */
     387                 :    if ((mask & PNG_FREE_PCAL) & info_ptr->free_me)
     388                 :    {
     389                 :       png_free(png_ptr, info_ptr->pcal_purpose);
     390                 :       png_free(png_ptr, info_ptr->pcal_units);
     391                 :       info_ptr->pcal_purpose = NULL;
     392                 :       info_ptr->pcal_units = NULL;
     393                 :       if (info_ptr->pcal_params != NULL)
     394                 :          {
     395                 :             int i;
     396                 :             for (i = 0; i < (int)info_ptr->pcal_nparams; i++)
     397                 :             {
     398                 :                png_free(png_ptr, info_ptr->pcal_params[i]);
     399                 :                info_ptr->pcal_params[i] = NULL;
     400                 :             }
     401                 :             png_free(png_ptr, info_ptr->pcal_params);
     402                 :             info_ptr->pcal_params = NULL;
     403                 :          }
     404                 :       info_ptr->valid &= ~PNG_INFO_pCAL;
     405                 :    }
     406                 : #endif
     407                 : 
     408                 : #ifdef PNG_iCCP_SUPPORTED
     409                 :    /* Free any iCCP entry */
     410              34 :    if ((mask & PNG_FREE_ICCP) & info_ptr->free_me)
     411                 :    {
     412               0 :       png_free(png_ptr, info_ptr->iccp_name);
     413               0 :       png_free(png_ptr, info_ptr->iccp_profile);
     414               0 :       info_ptr->iccp_name = NULL;
     415               0 :       info_ptr->iccp_profile = NULL;
     416               0 :       info_ptr->valid &= ~PNG_INFO_iCCP;
     417                 :    }
     418                 : #endif
     419                 : 
     420                 : #ifdef PNG_sPLT_SUPPORTED
     421                 :    /* Free a given sPLT entry, or (if num == -1) all sPLT entries */
     422                 :    if ((mask & PNG_FREE_SPLT) & info_ptr->free_me)
     423                 :    {
     424                 :       if (num != -1)
     425                 :       {
     426                 :          if (info_ptr->splt_palettes)
     427                 :          {
     428                 :             png_free(png_ptr, info_ptr->splt_palettes[num].name);
     429                 :             png_free(png_ptr, info_ptr->splt_palettes[num].entries);
     430                 :             info_ptr->splt_palettes[num].name = NULL;
     431                 :             info_ptr->splt_palettes[num].entries = NULL;
     432                 :          }
     433                 :       }
     434                 : 
     435                 :       else
     436                 :       {
     437                 :          if (info_ptr->splt_palettes_num)
     438                 :          {
     439                 :             int i;
     440                 :             for (i = 0; i < (int)info_ptr->splt_palettes_num; i++)
     441                 :                png_free_data(png_ptr, info_ptr, PNG_FREE_SPLT, i);
     442                 : 
     443                 :             png_free(png_ptr, info_ptr->splt_palettes);
     444                 :             info_ptr->splt_palettes = NULL;
     445                 :             info_ptr->splt_palettes_num = 0;
     446                 :          }
     447                 :          info_ptr->valid &= ~PNG_INFO_sPLT;
     448                 :       }
     449                 :    }
     450                 : #endif
     451                 : 
     452                 : #ifdef PNG_UNKNOWN_CHUNKS_SUPPORTED
     453                 :    if (png_ptr->unknown_chunk.data)
     454                 :    {
     455                 :       png_free(png_ptr, png_ptr->unknown_chunk.data);
     456                 :       png_ptr->unknown_chunk.data = NULL;
     457                 :    }
     458                 : 
     459                 :    if ((mask & PNG_FREE_UNKN) & info_ptr->free_me)
     460                 :    {
     461                 :       if (num != -1)
     462                 :       {
     463                 :           if (info_ptr->unknown_chunks)
     464                 :           {
     465                 :              png_free(png_ptr, info_ptr->unknown_chunks[num].data);
     466                 :              info_ptr->unknown_chunks[num].data = NULL;
     467                 :           }
     468                 :       }
     469                 : 
     470                 :       else
     471                 :       {
     472                 :          int i;
     473                 : 
     474                 :          if (info_ptr->unknown_chunks_num)
     475                 :          {
     476                 :             for (i = 0; i < info_ptr->unknown_chunks_num; i++)
     477                 :                png_free_data(png_ptr, info_ptr, PNG_FREE_UNKN, i);
     478                 : 
     479                 :             png_free(png_ptr, info_ptr->unknown_chunks);
     480                 :             info_ptr->unknown_chunks = NULL;
     481                 :             info_ptr->unknown_chunks_num = 0;
     482                 :          }
     483                 :       }
     484                 :    }
     485                 : #endif
     486                 : 
     487                 : #ifdef PNG_hIST_SUPPORTED
     488                 :    /* Free any hIST entry */
     489                 :    if ((mask & PNG_FREE_HIST)  & info_ptr->free_me)
     490                 :    {
     491                 :       png_free(png_ptr, info_ptr->hist);
     492                 :       info_ptr->hist = NULL;
     493                 :       info_ptr->valid &= ~PNG_INFO_hIST;
     494                 :    }
     495                 : #endif
     496                 : 
     497                 :    /* Free any PLTE entry that was internally allocated */
     498              34 :    if ((mask & PNG_FREE_PLTE) & info_ptr->free_me)
     499                 :    {
     500               0 :       png_zfree(png_ptr, info_ptr->palette);
     501               0 :       info_ptr->palette = NULL;
     502               0 :       info_ptr->valid &= ~PNG_INFO_PLTE;
     503               0 :       info_ptr->num_palette = 0;
     504                 :    }
     505                 : 
     506                 : #ifdef PNG_INFO_IMAGE_SUPPORTED
     507                 :    /* Free any image bits attached to the info structure */
     508                 :    if ((mask & PNG_FREE_ROWS) & info_ptr->free_me)
     509                 :    {
     510                 :       if (info_ptr->row_pointers)
     511                 :       {
     512                 :          int row;
     513                 :          for (row = 0; row < (int)info_ptr->height; row++)
     514                 :          {
     515                 :             png_free(png_ptr, info_ptr->row_pointers[row]);
     516                 :             info_ptr->row_pointers[row] = NULL;
     517                 :          }
     518                 :          png_free(png_ptr, info_ptr->row_pointers);
     519                 :          info_ptr->row_pointers = NULL;
     520                 :       }
     521                 :       info_ptr->valid &= ~PNG_INFO_IDAT;
     522                 :    }
     523                 : #endif
     524                 : 
     525              34 :    if (num != -1)
     526               0 :       mask &= ~PNG_FREE_MUL;
     527                 : 
     528              34 :    info_ptr->free_me &= ~mask;
     529                 : }
     530                 : 
     531                 : /* This is an internal routine to free any memory that the info struct is
     532                 :  * pointing to before re-using it or freeing the struct itself.  Recall
     533                 :  * that png_free() checks for NULL pointers for us.
     534                 :  */
     535                 : void /* PRIVATE */
     536               4 : png_info_destroy(png_structp png_ptr, png_infop info_ptr)
     537                 : {
     538                 :    png_debug(1, "in png_info_destroy");
     539                 : 
     540               4 :    png_free_data(png_ptr, info_ptr, PNG_FREE_ALL, -1);
     541                 : 
     542                 : #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
     543                 :    if (png_ptr->num_chunk_list)
     544                 :    {
     545                 :       png_free(png_ptr, png_ptr->chunk_list);
     546                 :       png_ptr->chunk_list = NULL;
     547                 :       png_ptr->num_chunk_list = 0;
     548                 :    }
     549                 : #endif
     550                 : 
     551               4 :    png_info_init_3(&info_ptr, png_sizeof(png_info));
     552               4 : }
     553                 : #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
     554                 : 
     555                 : /* This function returns a pointer to the io_ptr associated with the user
     556                 :  * functions.  The application should free any memory associated with this
     557                 :  * pointer before png_write_destroy() or png_read_destroy() are called.
     558                 :  */
     559                 : png_voidp PNGAPI
     560             358 : png_get_io_ptr(png_structp png_ptr)
     561                 : {
     562             358 :    if (png_ptr == NULL)
     563               0 :       return (NULL);
     564                 : 
     565             358 :    return (png_ptr->io_ptr);
     566                 : }
     567                 : 
     568                 : #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
     569                 : #  ifdef PNG_STDIO_SUPPORTED
     570                 : /* Initialize the default input/output functions for the PNG file.  If you
     571                 :  * use your own read or write routines, you can call either png_set_read_fn()
     572                 :  * or png_set_write_fn() instead of png_init_io().  If you have defined
     573                 :  * PNG_NO_STDIO or otherwise disabled PNG_STDIO_SUPPORTED, you must use a
     574                 :  * function of your own because "FILE *" isn't necessarily available.
     575                 :  */
     576                 : void PNGAPI
     577               0 : png_init_io(png_structp png_ptr, png_FILE_p fp)
     578                 : {
     579                 :    png_debug(1, "in png_init_io");
     580                 : 
     581               0 :    if (png_ptr == NULL)
     582               0 :       return;
     583                 : 
     584               0 :    png_ptr->io_ptr = (png_voidp)fp;
     585                 : }
     586                 : #  endif
     587                 : 
     588                 : #  ifdef PNG_TIME_RFC1123_SUPPORTED
     589                 : /* Convert the supplied time into an RFC 1123 string suitable for use in
     590                 :  * a "Creation Time" or other text-based time string.
     591                 :  */
     592                 : png_const_charp PNGAPI
     593                 : png_convert_to_rfc1123(png_structp png_ptr, png_const_timep ptime)
     594                 : {
     595                 :    static PNG_CONST char short_months[12][4] =
     596                 :         {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
     597                 :          "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
     598                 : 
     599                 :    if (png_ptr == NULL)
     600                 :       return (NULL);
     601                 : 
     602                 :    if (ptime->year > 9999 /* RFC1123 limitation */ ||
     603                 :        ptime->month == 0    ||  ptime->month > 12  ||
     604                 :        ptime->day   == 0    ||  ptime->day   > 31  ||
     605                 :        ptime->hour  > 23    ||  ptime->minute > 59 ||
     606                 :        ptime->second > 60)
     607                 :    {
     608                 :       png_warning(png_ptr, "Ignoring invalid time value");
     609                 :       return (NULL);
     610                 :    }
     611                 : 
     612                 :    {
     613                 :       size_t pos = 0;
     614                 :       char number_buf[5]; /* enough for a four-digit year */
     615                 : 
     616                 : #     define APPEND_STRING(string)\
     617                 :          pos = png_safecat(png_ptr->time_buffer, sizeof png_ptr->time_buffer,\
     618                 :             pos, (string))
     619                 : #     define APPEND_NUMBER(format, value)\
     620                 :          APPEND_STRING(PNG_FORMAT_NUMBER(number_buf, format, (value)))
     621                 : #     define APPEND(ch)\
     622                 :          if (pos < (sizeof png_ptr->time_buffer)-1)\
     623                 :             png_ptr->time_buffer[pos++] = (ch)
     624                 : 
     625                 :       APPEND_NUMBER(PNG_NUMBER_FORMAT_u, (unsigned)ptime->day);
     626                 :       APPEND(' ');
     627                 :       APPEND_STRING(short_months[(ptime->month - 1)]);
     628                 :       APPEND(' ');
     629                 :       APPEND_NUMBER(PNG_NUMBER_FORMAT_u, ptime->year);
     630                 :       APPEND(' ');
     631                 :       APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->hour);
     632                 :       APPEND(':');
     633                 :       APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->minute);
     634                 :       APPEND(':');
     635                 :       APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->second);
     636                 :       APPEND_STRING(" +0000"); /* This reliably terminates the buffer */
     637                 : 
     638                 : #     undef APPEND
     639                 : #     undef APPEND_NUMBER
     640                 : #     undef APPEND_STRING
     641                 :    }
     642                 : 
     643                 :    return png_ptr->time_buffer;
     644                 : }
     645                 : #  endif /* PNG_TIME_RFC1123_SUPPORTED */
     646                 : 
     647                 : #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
     648                 : 
     649                 : png_const_charp PNGAPI
     650               0 : png_get_copyright(png_const_structp png_ptr)
     651                 : {
     652                 :    PNG_UNUSED(png_ptr)  /* Silence compiler warning about unused png_ptr */
     653                 : #ifdef PNG_STRING_COPYRIGHT
     654                 :    return PNG_STRING_COPYRIGHT
     655                 : #else
     656                 : #  ifdef __STDC__
     657               0 :    return PNG_STRING_NEWLINE \
     658                 :      "libpng version 1.5.9 - February 18, 2012" PNG_STRING_NEWLINE \
     659                 :      "Copyright (c) 1998-2011 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
     660                 :      "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
     661                 :      "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
     662                 :      PNG_STRING_NEWLINE;
     663                 : #  else
     664                 :       return "libpng version 1.5.9 - February 18, 2012\
     665                 :       Copyright (c) 1998-2011 Glenn Randers-Pehrson\
     666                 :       Copyright (c) 1996-1997 Andreas Dilger\
     667                 :       Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
     668                 : #  endif
     669                 : #endif
     670                 : }
     671                 : 
     672                 : /* The following return the library version as a short string in the
     673                 :  * format 1.0.0 through 99.99.99zz.  To get the version of *.h files
     674                 :  * used with your application, print out PNG_LIBPNG_VER_STRING, which
     675                 :  * is defined in png.h.
     676                 :  * Note: now there is no difference between png_get_libpng_ver() and
     677                 :  * png_get_header_ver().  Due to the version_nn_nn_nn typedef guard,
     678                 :  * it is guaranteed that png.c uses the correct version of png.h.
     679                 :  */
     680                 : png_const_charp PNGAPI
     681               0 : png_get_libpng_ver(png_const_structp png_ptr)
     682                 : {
     683                 :    /* Version of *.c files used when building libpng */
     684               0 :    return png_get_header_ver(png_ptr);
     685                 : }
     686                 : 
     687                 : png_const_charp PNGAPI
     688             360 : png_get_header_ver(png_const_structp png_ptr)
     689                 : {
     690                 :    /* Version of *.h files used when building libpng */
     691                 :    PNG_UNUSED(png_ptr)  /* Silence compiler warning about unused png_ptr */
     692             360 :    return PNG_LIBPNG_VER_STRING;
     693                 : }
     694                 : 
     695                 : png_const_charp PNGAPI
     696               0 : png_get_header_version(png_const_structp png_ptr)
     697                 : {
     698                 :    /* Returns longer string containing both version and date */
     699                 :    PNG_UNUSED(png_ptr)  /* Silence compiler warning about unused png_ptr */
     700                 : #ifdef __STDC__
     701               0 :    return PNG_HEADER_VERSION_STRING
     702                 : #  ifndef PNG_READ_SUPPORTED
     703                 :    "     (NO READ SUPPORT)"
     704                 : #  endif
     705                 :    PNG_STRING_NEWLINE;
     706                 : #else
     707                 :    return PNG_HEADER_VERSION_STRING;
     708                 : #endif
     709                 : }
     710                 : 
     711                 : #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
     712                 : int PNGAPI
     713                 : png_handle_as_unknown(png_structp png_ptr, png_const_bytep chunk_name)
     714                 : {
     715                 :    /* Check chunk_name and return "keep" value if it's on the list, else 0 */
     716                 :    png_const_bytep p, p_end;
     717                 : 
     718                 :    if (png_ptr == NULL || chunk_name == NULL || png_ptr->num_chunk_list <= 0)
     719                 :       return PNG_HANDLE_CHUNK_AS_DEFAULT;
     720                 : 
     721                 :    p_end = png_ptr->chunk_list;
     722                 :    p = p_end + png_ptr->num_chunk_list*5; /* beyond end */
     723                 : 
     724                 :    /* The code is the fifth byte after each four byte string.  Historically this
     725                 :     * code was always searched from the end of the list, so it should continue
     726                 :     * to do so in case there are duplicated entries.
     727                 :     */
     728                 :    do /* num_chunk_list > 0, so at least one */
     729                 :    {
     730                 :       p -= 5;
     731                 :       if (!png_memcmp(chunk_name, p, 4))
     732                 :          return p[4];
     733                 :    }
     734                 :    while (p > p_end);
     735                 : 
     736                 :    return PNG_HANDLE_CHUNK_AS_DEFAULT;
     737                 : }
     738                 : 
     739                 : int /* PRIVATE */
     740                 : png_chunk_unknown_handling(png_structp png_ptr, png_uint_32 chunk_name)
     741                 : {
     742                 :    png_byte chunk_string[5];
     743                 : 
     744                 :    PNG_CSTRING_FROM_CHUNK(chunk_string, chunk_name);
     745                 :    return png_handle_as_unknown(png_ptr, chunk_string);
     746                 : }
     747                 : #endif
     748                 : 
     749                 : #ifdef PNG_READ_SUPPORTED
     750                 : /* This function, added to libpng-1.0.6g, is untested. */
     751                 : int PNGAPI
     752               0 : png_reset_zstream(png_structp png_ptr)
     753                 : {
     754               0 :    if (png_ptr == NULL)
     755               0 :       return Z_STREAM_ERROR;
     756                 : 
     757               0 :    return (inflateReset(&png_ptr->zstream));
     758                 : }
     759                 : #endif /* PNG_READ_SUPPORTED */
     760                 : 
     761                 : /* This function was added to libpng-1.0.7 */
     762                 : png_uint_32 PNGAPI
     763               0 : png_access_version_number(void)
     764                 : {
     765                 :    /* Version of *.c files used when building libpng */
     766               0 :    return((png_uint_32)PNG_LIBPNG_VER);
     767                 : }
     768                 : 
     769                 : 
     770                 : 
     771                 : #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
     772                 : /* png_convert_size: a PNGAPI but no longer in png.h, so deleted
     773                 :  * at libpng 1.5.5!
     774                 :  */
     775                 : 
     776                 : /* Added at libpng version 1.2.34 and 1.4.0 (moved from pngset.c) */
     777                 : #  ifdef PNG_CHECK_cHRM_SUPPORTED
     778                 : 
     779                 : int /* PRIVATE */
     780               0 : png_check_cHRM_fixed(png_structp png_ptr,
     781                 :    png_fixed_point white_x, png_fixed_point white_y, png_fixed_point red_x,
     782                 :    png_fixed_point red_y, png_fixed_point green_x, png_fixed_point green_y,
     783                 :    png_fixed_point blue_x, png_fixed_point blue_y)
     784                 : {
     785               0 :    int ret = 1;
     786                 :    unsigned long xy_hi,xy_lo,yx_hi,yx_lo;
     787                 : 
     788                 :    png_debug(1, "in function png_check_cHRM_fixed");
     789                 : 
     790               0 :    if (png_ptr == NULL)
     791               0 :       return 0;
     792                 : 
     793                 :    /* (x,y,z) values are first limited to 0..100000 (PNG_FP_1), the white
     794                 :     * y must also be greater than 0.  To test for the upper limit calculate
     795                 :     * (PNG_FP_1-y) - x must be <= to this for z to be >= 0 (and the expression
     796                 :     * cannot overflow.)  At this point we know x and y are >= 0 and (x+y) is
     797                 :     * <= PNG_FP_1.  The previous test on PNG_MAX_UINT_31 is removed because it
     798                 :     * pointless (and it produces compiler warnings!)
     799                 :     */
     800               0 :    if (white_x < 0 || white_y <= 0 ||
     801               0 :          red_x < 0 ||   red_y <  0 ||
     802               0 :        green_x < 0 || green_y <  0 ||
     803               0 :         blue_x < 0 ||  blue_y <  0)
     804                 :    {
     805                 :       png_warning(png_ptr,
     806                 :         "Ignoring attempt to set negative chromaticity value");
     807               0 :       ret = 0;
     808                 :    }
     809                 :    /* And (x+y) must be <= PNG_FP_1 (so z is >= 0) */
     810               0 :    if (white_x > PNG_FP_1 - white_y)
     811                 :    {
     812                 :       png_warning(png_ptr, "Invalid cHRM white point");
     813               0 :       ret = 0;
     814                 :    }
     815                 : 
     816               0 :    if (red_x > PNG_FP_1 - red_y)
     817                 :    {
     818                 :       png_warning(png_ptr, "Invalid cHRM red point");
     819               0 :       ret = 0;
     820                 :    }
     821                 : 
     822               0 :    if (green_x > PNG_FP_1 - green_y)
     823                 :    {
     824                 :       png_warning(png_ptr, "Invalid cHRM green point");
     825               0 :       ret = 0;
     826                 :    }
     827                 : 
     828               0 :    if (blue_x > PNG_FP_1 - blue_y)
     829                 :    {
     830                 :       png_warning(png_ptr, "Invalid cHRM blue point");
     831               0 :       ret = 0;
     832                 :    }
     833                 : 
     834               0 :    png_64bit_product(green_x - red_x, blue_y - red_y, &xy_hi, &xy_lo);
     835               0 :    png_64bit_product(green_y - red_y, blue_x - red_x, &yx_hi, &yx_lo);
     836                 : 
     837               0 :    if (xy_hi == yx_hi && xy_lo == yx_lo)
     838                 :    {
     839                 :       png_warning(png_ptr,
     840                 :          "Ignoring attempt to set cHRM RGB triangle with zero area");
     841               0 :       ret = 0;
     842                 :    }
     843                 : 
     844               0 :    return ret;
     845                 : }
     846                 : #  endif /* PNG_CHECK_cHRM_SUPPORTED */
     847                 : 
     848                 : #ifdef PNG_cHRM_SUPPORTED
     849                 : /* Added at libpng-1.5.5 to support read and write of true CIEXYZ values for
     850                 :  * cHRM, as opposed to using chromaticities.  These internal APIs return
     851                 :  * non-zero on a parameter error.  The X, Y and Z values are required to be
     852                 :  * positive and less than 1.0.
     853                 :  */
     854               0 : int png_xy_from_XYZ(png_xy *xy, png_XYZ XYZ)
     855                 : {
     856                 :    png_int_32 d, dwhite, whiteX, whiteY;
     857                 : 
     858               0 :    d = XYZ.redX + XYZ.redY + XYZ.redZ;
     859               0 :    if (!png_muldiv(&xy->redx, XYZ.redX, PNG_FP_1, d)) return 1;
     860               0 :    if (!png_muldiv(&xy->redy, XYZ.redY, PNG_FP_1, d)) return 1;
     861               0 :    dwhite = d;
     862               0 :    whiteX = XYZ.redX;
     863               0 :    whiteY = XYZ.redY;
     864                 : 
     865               0 :    d = XYZ.greenX + XYZ.greenY + XYZ.greenZ;
     866               0 :    if (!png_muldiv(&xy->greenx, XYZ.greenX, PNG_FP_1, d)) return 1;
     867               0 :    if (!png_muldiv(&xy->greeny, XYZ.greenY, PNG_FP_1, d)) return 1;
     868               0 :    dwhite += d;
     869               0 :    whiteX += XYZ.greenX;
     870               0 :    whiteY += XYZ.greenY;
     871                 : 
     872               0 :    d = XYZ.blueX + XYZ.blueY + XYZ.blueZ;
     873               0 :    if (!png_muldiv(&xy->bluex, XYZ.blueX, PNG_FP_1, d)) return 1;
     874               0 :    if (!png_muldiv(&xy->bluey, XYZ.blueY, PNG_FP_1, d)) return 1;
     875               0 :    dwhite += d;
     876               0 :    whiteX += XYZ.blueX;
     877               0 :    whiteY += XYZ.blueY;
     878                 : 
     879                 :    /* The reference white is simply the same of the end-point (X,Y,Z) vectors,
     880                 :     * thus:
     881                 :     */
     882               0 :    if (!png_muldiv(&xy->whitex, whiteX, PNG_FP_1, dwhite)) return 1;
     883               0 :    if (!png_muldiv(&xy->whitey, whiteY, PNG_FP_1, dwhite)) return 1;
     884                 : 
     885               0 :    return 0;
     886                 : }
     887                 : 
     888               0 : int png_XYZ_from_xy(png_XYZ *XYZ, png_xy xy)
     889                 : {
     890                 :    png_fixed_point red_inverse, green_inverse, blue_scale;
     891                 :    png_fixed_point left, right, denominator;
     892                 : 
     893                 :    /* Check xy and, implicitly, z.  Note that wide gamut color spaces typically
     894                 :     * have end points with 0 tristimulus values (these are impossible end
     895                 :     * points, but they are used to cover the possible colors.)
     896                 :     */
     897               0 :    if (xy.redx < 0 || xy.redx > PNG_FP_1) return 1;
     898               0 :    if (xy.redy < 0 || xy.redy > PNG_FP_1-xy.redx) return 1;
     899               0 :    if (xy.greenx < 0 || xy.greenx > PNG_FP_1) return 1;
     900               0 :    if (xy.greeny < 0 || xy.greeny > PNG_FP_1-xy.greenx) return 1;
     901               0 :    if (xy.bluex < 0 || xy.bluex > PNG_FP_1) return 1;
     902               0 :    if (xy.bluey < 0 || xy.bluey > PNG_FP_1-xy.bluex) return 1;
     903               0 :    if (xy.whitex < 0 || xy.whitex > PNG_FP_1) return 1;
     904               0 :    if (xy.whitey < 0 || xy.whitey > PNG_FP_1-xy.whitex) return 1;
     905                 : 
     906                 :    /* The reverse calculation is more difficult because the original tristimulus
     907                 :     * value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8
     908                 :     * derived values were recorded in the cHRM chunk;
     909                 :     * (red,green,blue,white)x(x,y).  This loses one degree of freedom and
     910                 :     * therefore an arbitrary ninth value has to be introduced to undo the
     911                 :     * original transformations.
     912                 :     *
     913                 :     * Think of the original end-points as points in (X,Y,Z) space.  The
     914                 :     * chromaticity values (c) have the property:
     915                 :     *
     916                 :     *           C
     917                 :     *   c = ---------
     918                 :     *       X + Y + Z
     919                 :     *
     920                 :     * For each c (x,y,z) from the corresponding original C (X,Y,Z).  Thus the
     921                 :     * three chromaticity values (x,y,z) for each end-point obey the
     922                 :     * relationship:
     923                 :     *
     924                 :     *   x + y + z = 1
     925                 :     *
     926                 :     * This describes the plane in (X,Y,Z) space that intersects each axis at the
     927                 :     * value 1.0; call this the chromaticity plane.  Thus the chromaticity
     928                 :     * calculation has scaled each end-point so that it is on the x+y+z=1 plane
     929                 :     * and chromaticity is the intersection of the vector from the origin to the
     930                 :     * (X,Y,Z) value with the chromaticity plane.
     931                 :     *
     932                 :     * To fully invert the chromaticity calculation we would need the three
     933                 :     * end-point scale factors, (red-scale, green-scale, blue-scale), but these
     934                 :     * were not recorded.  Instead we calculated the reference white (X,Y,Z) and
     935                 :     * recorded the chromaticity of this.  The reference white (X,Y,Z) would have
     936                 :     * given all three of the scale factors since:
     937                 :     *
     938                 :     *    color-C = color-c * color-scale
     939                 :     *    white-C = red-C + green-C + blue-C
     940                 :     *            = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
     941                 :     *
     942                 :     * But cHRM records only white-x and white-y, so we have lost the white scale
     943                 :     * factor:
     944                 :     *
     945                 :     *    white-C = white-c*white-scale
     946                 :     *
     947                 :     * To handle this the inverse transformation makes an arbitrary assumption
     948                 :     * about white-scale:
     949                 :     *
     950                 :     *    Assume: white-Y = 1.0
     951                 :     *    Hence:  white-scale = 1/white-y
     952                 :     *    Or:     red-Y + green-Y + blue-Y = 1.0
     953                 :     *
     954                 :     * Notice the last statement of the assumption gives an equation in three of
     955                 :     * the nine values we want to calculate.  8 more equations come from the
     956                 :     * above routine as summarised at the top above (the chromaticity
     957                 :     * calculation):
     958                 :     *
     959                 :     *    Given: color-x = color-X / (color-X + color-Y + color-Z)
     960                 :     *    Hence: (color-x - 1)*color-X + color.x*color-Y + color.x*color-Z = 0
     961                 :     *
     962                 :     * This is 9 simultaneous equations in the 9 variables "color-C" and can be
     963                 :     * solved by Cramer's rule.  Cramer's rule requires calculating 10 9x9 matrix
     964                 :     * determinants, however this is not as bad as it seems because only 28 of
     965                 :     * the total of 90 terms in the various matrices are non-zero.  Nevertheless
     966                 :     * Cramer's rule is notoriously numerically unstable because the determinant
     967                 :     * calculation involves the difference of large, but similar, numbers.  It is
     968                 :     * difficult to be sure that the calculation is stable for real world values
     969                 :     * and it is certain that it becomes unstable where the end points are close
     970                 :     * together.
     971                 :     *
     972                 :     * So this code uses the perhaps slighly less optimal but more understandable
     973                 :     * and totally obvious approach of calculating color-scale.
     974                 :     *
     975                 :     * This algorithm depends on the precision in white-scale and that is
     976                 :     * (1/white-y), so we can immediately see that as white-y approaches 0 the
     977                 :     * accuracy inherent in the cHRM chunk drops off substantially.
     978                 :     *
     979                 :     * libpng arithmetic: a simple invertion of the above equations
     980                 :     * ------------------------------------------------------------
     981                 :     *
     982                 :     *    white_scale = 1/white-y
     983                 :     *    white-X = white-x * white-scale
     984                 :     *    white-Y = 1.0
     985                 :     *    white-Z = (1 - white-x - white-y) * white_scale
     986                 :     *
     987                 :     *    white-C = red-C + green-C + blue-C
     988                 :     *            = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
     989                 :     *
     990                 :     * This gives us three equations in (red-scale,green-scale,blue-scale) where
     991                 :     * all the coefficients are now known:
     992                 :     *
     993                 :     *    red-x*red-scale + green-x*green-scale + blue-x*blue-scale
     994                 :     *       = white-x/white-y
     995                 :     *    red-y*red-scale + green-y*green-scale + blue-y*blue-scale = 1
     996                 :     *    red-z*red-scale + green-z*green-scale + blue-z*blue-scale
     997                 :     *       = (1 - white-x - white-y)/white-y
     998                 :     *
     999                 :     * In the last equation color-z is (1 - color-x - color-y) so we can add all
    1000                 :     * three equations together to get an alternative third:
    1001                 :     *
    1002                 :     *    red-scale + green-scale + blue-scale = 1/white-y = white-scale
    1003                 :     *
    1004                 :     * So now we have a Cramer's rule solution where the determinants are just
    1005                 :     * 3x3 - far more tractible.  Unfortunately 3x3 determinants still involve
    1006                 :     * multiplication of three coefficients so we can't guarantee to avoid
    1007                 :     * overflow in the libpng fixed point representation.  Using Cramer's rule in
    1008                 :     * floating point is probably a good choice here, but it's not an option for
    1009                 :     * fixed point.  Instead proceed to simplify the first two equations by
    1010                 :     * eliminating what is likely to be the largest value, blue-scale:
    1011                 :     *
    1012                 :     *    blue-scale = white-scale - red-scale - green-scale
    1013                 :     *
    1014                 :     * Hence:
    1015                 :     *
    1016                 :     *    (red-x - blue-x)*red-scale + (green-x - blue-x)*green-scale =
    1017                 :     *                (white-x - blue-x)*white-scale
    1018                 :     *
    1019                 :     *    (red-y - blue-y)*red-scale + (green-y - blue-y)*green-scale =
    1020                 :     *                1 - blue-y*white-scale
    1021                 :     *
    1022                 :     * And now we can trivially solve for (red-scale,green-scale):
    1023                 :     *
    1024                 :     *    green-scale =
    1025                 :     *                (white-x - blue-x)*white-scale - (red-x - blue-x)*red-scale
    1026                 :     *                -----------------------------------------------------------
    1027                 :     *                                  green-x - blue-x
    1028                 :     *
    1029                 :     *    red-scale =
    1030                 :     *                1 - blue-y*white-scale - (green-y - blue-y) * green-scale
    1031                 :     *                ---------------------------------------------------------
    1032                 :     *                                  red-y - blue-y
    1033                 :     *
    1034                 :     * Hence:
    1035                 :     *
    1036                 :     *    red-scale =
    1037                 :     *          ( (green-x - blue-x) * (white-y - blue-y) -
    1038                 :     *            (green-y - blue-y) * (white-x - blue-x) ) / white-y
    1039                 :     * -------------------------------------------------------------------------
    1040                 :     *  (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
    1041                 :     *
    1042                 :     *    green-scale =
    1043                 :     *          ( (red-y - blue-y) * (white-x - blue-x) -
    1044                 :     *            (red-x - blue-x) * (white-y - blue-y) ) / white-y
    1045                 :     * -------------------------------------------------------------------------
    1046                 :     *  (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
    1047                 :     *
    1048                 :     * Accuracy:
    1049                 :     * The input values have 5 decimal digits of accuracy.  The values are all in
    1050                 :     * the range 0 < value < 1, so simple products are in the same range but may
    1051                 :     * need up to 10 decimal digits to preserve the original precision and avoid
    1052                 :     * underflow.  Because we are using a 32-bit signed representation we cannot
    1053                 :     * match this; the best is a little over 9 decimal digits, less than 10.
    1054                 :     *
    1055                 :     * The approach used here is to preserve the maximum precision within the
    1056                 :     * signed representation.  Because the red-scale calculation above uses the
    1057                 :     * difference between two products of values that must be in the range -1..+1
    1058                 :     * it is sufficient to divide the product by 7; ceil(100,000/32767*2).  The
    1059                 :     * factor is irrelevant in the calculation because it is applied to both
    1060                 :     * numerator and denominator.
    1061                 :     *
    1062                 :     * Note that the values of the differences of the products of the
    1063                 :     * chromaticities in the above equations tend to be small, for example for
    1064                 :     * the sRGB chromaticities they are:
    1065                 :     *
    1066                 :     * red numerator:    -0.04751
    1067                 :     * green numerator:  -0.08788
    1068                 :     * denominator:      -0.2241 (without white-y multiplication)
    1069                 :     *
    1070                 :     *  The resultant Y coefficients from the chromaticities of some widely used
    1071                 :     *  color space definitions are (to 15 decimal places):
    1072                 :     *
    1073                 :     *  sRGB
    1074                 :     *    0.212639005871510 0.715168678767756 0.072192315360734
    1075                 :     *  Kodak ProPhoto
    1076                 :     *    0.288071128229293 0.711843217810102 0.000085653960605
    1077                 :     *  Adobe RGB
    1078                 :     *    0.297344975250536 0.627363566255466 0.075291458493998
    1079                 :     *  Adobe Wide Gamut RGB
    1080                 :     *    0.258728243040113 0.724682314948566 0.016589442011321
    1081                 :     */
    1082                 :    /* By the argument, above overflow should be impossible here. The return
    1083                 :     * value of 2 indicates an internal error to the caller.
    1084                 :     */
    1085               0 :    if (!png_muldiv(&left, xy.greenx-xy.bluex, xy.redy - xy.bluey, 7)) return 2;
    1086               0 :    if (!png_muldiv(&right, xy.greeny-xy.bluey, xy.redx - xy.bluex, 7)) return 2;
    1087               0 :    denominator = left - right;
    1088                 : 
    1089                 :    /* Now find the red numerator. */
    1090               0 :    if (!png_muldiv(&left, xy.greenx-xy.bluex, xy.whitey-xy.bluey, 7)) return 2;
    1091               0 :    if (!png_muldiv(&right, xy.greeny-xy.bluey, xy.whitex-xy.bluex, 7)) return 2;
    1092                 : 
    1093                 :    /* Overflow is possible here and it indicates an extreme set of PNG cHRM
    1094                 :     * chunk values.  This calculation actually returns the reciprocal of the
    1095                 :     * scale value because this allows us to delay the multiplication of white-y
    1096                 :     * into the denominator, which tends to produce a small number.
    1097                 :     */
    1098               0 :    if (!png_muldiv(&red_inverse, xy.whitey, denominator, left-right) ||
    1099               0 :        red_inverse <= xy.whitey /* r+g+b scales = white scale */)
    1100               0 :       return 1;
    1101                 : 
    1102                 :    /* Similarly for green_inverse: */
    1103               0 :    if (!png_muldiv(&left, xy.redy-xy.bluey, xy.whitex-xy.bluex, 7)) return 2;
    1104               0 :    if (!png_muldiv(&right, xy.redx-xy.bluex, xy.whitey-xy.bluey, 7)) return 2;
    1105               0 :    if (!png_muldiv(&green_inverse, xy.whitey, denominator, left-right) ||
    1106               0 :        green_inverse <= xy.whitey)
    1107               0 :       return 1;
    1108                 : 
    1109                 :    /* And the blue scale, the checks above guarantee this can't overflow but it
    1110                 :     * can still produce 0 for extreme cHRM values.
    1111                 :     */
    1112               0 :    blue_scale = png_reciprocal(xy.whitey) - png_reciprocal(red_inverse) -
    1113               0 :       png_reciprocal(green_inverse);
    1114               0 :    if (blue_scale <= 0) return 1;
    1115                 : 
    1116                 : 
    1117                 :    /* And fill in the png_XYZ: */
    1118               0 :    if (!png_muldiv(&XYZ->redX, xy.redx, PNG_FP_1, red_inverse)) return 1;
    1119               0 :    if (!png_muldiv(&XYZ->redY, xy.redy, PNG_FP_1, red_inverse)) return 1;
    1120               0 :    if (!png_muldiv(&XYZ->redZ, PNG_FP_1 - xy.redx - xy.redy, PNG_FP_1,
    1121                 :       red_inverse))
    1122               0 :       return 1;
    1123                 : 
    1124               0 :    if (!png_muldiv(&XYZ->greenX, xy.greenx, PNG_FP_1, green_inverse)) return 1;
    1125               0 :    if (!png_muldiv(&XYZ->greenY, xy.greeny, PNG_FP_1, green_inverse)) return 1;
    1126               0 :    if (!png_muldiv(&XYZ->greenZ, PNG_FP_1 - xy.greenx - xy.greeny, PNG_FP_1,
    1127                 :       green_inverse))
    1128               0 :       return 1;
    1129                 : 
    1130               0 :    if (!png_muldiv(&XYZ->blueX, xy.bluex, blue_scale, PNG_FP_1)) return 1;
    1131               0 :    if (!png_muldiv(&XYZ->blueY, xy.bluey, blue_scale, PNG_FP_1)) return 1;
    1132               0 :    if (!png_muldiv(&XYZ->blueZ, PNG_FP_1 - xy.bluex - xy.bluey, blue_scale,
    1133                 :       PNG_FP_1))
    1134               0 :       return 1;
    1135                 : 
    1136               0 :    return 0; /*success*/
    1137                 : }
    1138                 : 
    1139               0 : int png_XYZ_from_xy_checked(png_structp png_ptr, png_XYZ *XYZ, png_xy xy)
    1140                 : {
    1141               0 :    switch (png_XYZ_from_xy(XYZ, xy))
    1142                 :    {
    1143                 :       case 0: /* success */
    1144               0 :          return 1;
    1145                 : 
    1146                 :       case 1:
    1147                 :          /* The chunk may be technically valid, but we got png_fixed_point
    1148                 :           * overflow while trying to get XYZ values out of it.  This is
    1149                 :           * entirely benign - the cHRM chunk is pretty extreme.
    1150                 :           */
    1151                 :          png_warning(png_ptr,
    1152                 :             "extreme cHRM chunk cannot be converted to tristimulus values");
    1153                 :          break;
    1154                 : 
    1155                 :       default:
    1156                 :          /* libpng is broken; this should be a warning but if it happens we
    1157                 :           * want error reports so for the moment it is an error.
    1158                 :           */
    1159               0 :          png_error(png_ptr, "internal error in png_XYZ_from_xy");
    1160                 :          break;
    1161                 :    }
    1162                 : 
    1163                 :    /* ERROR RETURN */
    1164               0 :    return 0;
    1165                 : }
    1166                 : #endif
    1167                 : 
    1168                 : void /* PRIVATE */
    1169              53 : png_check_IHDR(png_structp png_ptr,
    1170                 :    png_uint_32 width, png_uint_32 height, int bit_depth,
    1171                 :    int color_type, int interlace_type, int compression_type,
    1172                 :    int filter_type)
    1173                 : {
    1174              53 :    int error = 0;
    1175                 : 
    1176                 :    /* Check for width and height valid values */
    1177              53 :    if (width == 0)
    1178                 :    {
    1179                 :       png_warning(png_ptr, "Image width is zero in IHDR");
    1180               0 :       error = 1;
    1181                 :    }
    1182                 : 
    1183              53 :    if (height == 0)
    1184                 :    {
    1185                 :       png_warning(png_ptr, "Image height is zero in IHDR");
    1186               0 :       error = 1;
    1187                 :    }
    1188                 : 
    1189                 : #  ifdef PNG_SET_USER_LIMITS_SUPPORTED
    1190                 :    if (width > png_ptr->user_width_max)
    1191                 : 
    1192                 : #  else
    1193              53 :    if (width > PNG_USER_WIDTH_MAX)
    1194                 : #  endif
    1195                 :    {
    1196                 :       png_warning(png_ptr, "Image width exceeds user limit in IHDR");
    1197               0 :       error = 1;
    1198                 :    }
    1199                 : 
    1200                 : #  ifdef PNG_SET_USER_LIMITS_SUPPORTED
    1201                 :    if (height > png_ptr->user_height_max)
    1202                 : #  else
    1203              53 :    if (height > PNG_USER_HEIGHT_MAX)
    1204                 : #  endif
    1205                 :    {
    1206                 :       png_warning(png_ptr, "Image height exceeds user limit in IHDR");
    1207               0 :       error = 1;
    1208                 :    }
    1209                 : 
    1210              53 :    if (width > PNG_UINT_31_MAX)
    1211                 :    {
    1212                 :       png_warning(png_ptr, "Invalid image width in IHDR");
    1213               0 :       error = 1;
    1214                 :    }
    1215                 : 
    1216              53 :    if (height > PNG_UINT_31_MAX)
    1217                 :    {
    1218                 :       png_warning(png_ptr, "Invalid image height in IHDR");
    1219               0 :       error = 1;
    1220                 :    }
    1221                 : 
    1222                 :    if (width > (PNG_UINT_32_MAX
    1223                 :                  >> 3)      /* 8-byte RGBA pixels */
    1224                 :                  - 48       /* bigrowbuf hack */
    1225                 :                  - 1        /* filter byte */
    1226                 :                  - 7*8      /* rounding of width to multiple of 8 pixels */
    1227                 :                  - 8)       /* extra max_pixel_depth pad */
    1228                 :       png_warning(png_ptr, "Width is too large for libpng to process pixels");
    1229                 : 
    1230                 :    /* Check other values */
    1231              53 :    if (bit_depth != 1 && bit_depth != 2 && bit_depth != 4 &&
    1232               0 :        bit_depth != 8 && bit_depth != 16)
    1233                 :    {
    1234                 :       png_warning(png_ptr, "Invalid bit depth in IHDR");
    1235               0 :       error = 1;
    1236                 :    }
    1237                 : 
    1238              53 :    if (color_type < 0 || color_type == 1 ||
    1239              53 :        color_type == 5 || color_type > 6)
    1240                 :    {
    1241                 :       png_warning(png_ptr, "Invalid color type in IHDR");
    1242               0 :       error = 1;
    1243                 :    }
    1244                 : 
    1245              53 :    if (((color_type == PNG_COLOR_TYPE_PALETTE) && bit_depth > 8) ||
    1246              41 :        ((color_type == PNG_COLOR_TYPE_RGB ||
    1247              41 :          color_type == PNG_COLOR_TYPE_GRAY_ALPHA ||
    1248              53 :          color_type == PNG_COLOR_TYPE_RGB_ALPHA) && bit_depth < 8))
    1249                 :    {
    1250                 :       png_warning(png_ptr, "Invalid color type/bit depth combination in IHDR");
    1251               0 :       error = 1;
    1252                 :    }
    1253                 : 
    1254              53 :    if (interlace_type >= PNG_INTERLACE_LAST)
    1255                 :    {
    1256                 :       png_warning(png_ptr, "Unknown interlace method in IHDR");
    1257               0 :       error = 1;
    1258                 :    }
    1259                 : 
    1260              53 :    if (compression_type != PNG_COMPRESSION_TYPE_BASE)
    1261                 :    {
    1262                 :       png_warning(png_ptr, "Unknown compression method in IHDR");
    1263               0 :       error = 1;
    1264                 :    }
    1265                 : 
    1266                 : #  ifdef PNG_MNG_FEATURES_SUPPORTED
    1267                 :    /* Accept filter_method 64 (intrapixel differencing) only if
    1268                 :     * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and
    1269                 :     * 2. Libpng did not read a PNG signature (this filter_method is only
    1270                 :     *    used in PNG datastreams that are embedded in MNG datastreams) and
    1271                 :     * 3. The application called png_permit_mng_features with a mask that
    1272                 :     *    included PNG_FLAG_MNG_FILTER_64 and
    1273                 :     * 4. The filter_method is 64 and
    1274                 :     * 5. The color_type is RGB or RGBA
    1275                 :     */
    1276                 :    if ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) &&
    1277                 :        png_ptr->mng_features_permitted)
    1278                 :       png_warning(png_ptr, "MNG features are not allowed in a PNG datastream");
    1279                 : 
    1280                 :    if (filter_type != PNG_FILTER_TYPE_BASE)
    1281                 :    {
    1282                 :       if (!((png_ptr->mng_features_permitted & PNG_FLAG_MNG_FILTER_64) &&
    1283                 :           (filter_type == PNG_INTRAPIXEL_DIFFERENCING) &&
    1284                 :           ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) == 0) &&
    1285                 :           (color_type == PNG_COLOR_TYPE_RGB ||
    1286                 :           color_type == PNG_COLOR_TYPE_RGB_ALPHA)))
    1287                 :       {
    1288                 :          png_warning(png_ptr, "Unknown filter method in IHDR");
    1289                 :          error = 1;
    1290                 :       }
    1291                 : 
    1292                 :       if (png_ptr->mode & PNG_HAVE_PNG_SIGNATURE)
    1293                 :       {
    1294                 :          png_warning(png_ptr, "Invalid filter method in IHDR");
    1295                 :          error = 1;
    1296                 :       }
    1297                 :    }
    1298                 : 
    1299                 : #  else
    1300              53 :    if (filter_type != PNG_FILTER_TYPE_BASE)
    1301                 :    {
    1302                 :       png_warning(png_ptr, "Unknown filter method in IHDR");
    1303               0 :       error = 1;
    1304                 :    }
    1305                 : #  endif
    1306                 : 
    1307              53 :    if (error == 1)
    1308               0 :       png_error(png_ptr, "Invalid IHDR data");
    1309              53 : }
    1310                 : 
    1311                 : #if defined(PNG_sCAL_SUPPORTED) || defined(PNG_pCAL_SUPPORTED)
    1312                 : /* ASCII to fp functions */
    1313                 : /* Check an ASCII formated floating point value, see the more detailed
    1314                 :  * comments in pngpriv.h
    1315                 :  */
    1316                 : /* The following is used internally to preserve the sticky flags */
    1317                 : #define png_fp_add(state, flags) ((state) |= (flags))
    1318                 : #define png_fp_set(state, value) ((state) = (value) | ((state) & PNG_FP_STICKY))
    1319                 : 
    1320                 : int /* PRIVATE */
    1321                 : png_check_fp_number(png_const_charp string, png_size_t size, int *statep,
    1322                 :    png_size_tp whereami)
    1323                 : {
    1324                 :    int state = *statep;
    1325                 :    png_size_t i = *whereami;
    1326                 : 
    1327                 :    while (i < size)
    1328                 :    {
    1329                 :       int type;
    1330                 :       /* First find the type of the next character */
    1331                 :       switch (string[i])
    1332                 :       {
    1333                 :       case 43:  type = PNG_FP_SAW_SIGN;                   break;
    1334                 :       case 45:  type = PNG_FP_SAW_SIGN + PNG_FP_NEGATIVE; break;
    1335                 :       case 46:  type = PNG_FP_SAW_DOT;                    break;
    1336                 :       case 48:  type = PNG_FP_SAW_DIGIT;                  break;
    1337                 :       case 49: case 50: case 51: case 52:
    1338                 :       case 53: case 54: case 55: case 56:
    1339                 :       case 57:  type = PNG_FP_SAW_DIGIT + PNG_FP_NONZERO; break;
    1340                 :       case 69:
    1341                 :       case 101: type = PNG_FP_SAW_E;                      break;
    1342                 :       default:  goto PNG_FP_End;
    1343                 :       }
    1344                 : 
    1345                 :       /* Now deal with this type according to the current
    1346                 :        * state, the type is arranged to not overlap the
    1347                 :        * bits of the PNG_FP_STATE.
    1348                 :        */
    1349                 :       switch ((state & PNG_FP_STATE) + (type & PNG_FP_SAW_ANY))
    1350                 :       {
    1351                 :       case PNG_FP_INTEGER + PNG_FP_SAW_SIGN:
    1352                 :          if (state & PNG_FP_SAW_ANY)
    1353                 :             goto PNG_FP_End; /* not a part of the number */
    1354                 : 
    1355                 :          png_fp_add(state, type);
    1356                 :          break;
    1357                 : 
    1358                 :       case PNG_FP_INTEGER + PNG_FP_SAW_DOT:
    1359                 :          /* Ok as trailer, ok as lead of fraction. */
    1360                 :          if (state & PNG_FP_SAW_DOT) /* two dots */
    1361                 :             goto PNG_FP_End;
    1362                 : 
    1363                 :          else if (state & PNG_FP_SAW_DIGIT) /* trailing dot? */
    1364                 :             png_fp_add(state, type);
    1365                 : 
    1366                 :          else
    1367                 :             png_fp_set(state, PNG_FP_FRACTION | type);
    1368                 : 
    1369                 :          break;
    1370                 : 
    1371                 :       case PNG_FP_INTEGER + PNG_FP_SAW_DIGIT:
    1372                 :          if (state & PNG_FP_SAW_DOT) /* delayed fraction */
    1373                 :             png_fp_set(state, PNG_FP_FRACTION | PNG_FP_SAW_DOT);
    1374                 : 
    1375                 :          png_fp_add(state, type | PNG_FP_WAS_VALID);
    1376                 : 
    1377                 :          break;
    1378                 : 
    1379                 :       case PNG_FP_INTEGER + PNG_FP_SAW_E:
    1380                 :          if ((state & PNG_FP_SAW_DIGIT) == 0)
    1381                 :             goto PNG_FP_End;
    1382                 : 
    1383                 :          png_fp_set(state, PNG_FP_EXPONENT);
    1384                 : 
    1385                 :          break;
    1386                 : 
    1387                 :    /* case PNG_FP_FRACTION + PNG_FP_SAW_SIGN:
    1388                 :          goto PNG_FP_End; ** no sign in fraction */
    1389                 : 
    1390                 :    /* case PNG_FP_FRACTION + PNG_FP_SAW_DOT:
    1391                 :          goto PNG_FP_End; ** Because SAW_DOT is always set */
    1392                 : 
    1393                 :       case PNG_FP_FRACTION + PNG_FP_SAW_DIGIT:
    1394                 :          png_fp_add(state, type | PNG_FP_WAS_VALID);
    1395                 :          break;
    1396                 : 
    1397                 :       case PNG_FP_FRACTION + PNG_FP_SAW_E:
    1398                 :          /* This is correct because the trailing '.' on an
    1399                 :           * integer is handled above - so we can only get here
    1400                 :           * with the sequence ".E" (with no preceding digits).
    1401                 :           */
    1402                 :          if ((state & PNG_FP_SAW_DIGIT) == 0)
    1403                 :             goto PNG_FP_End;
    1404                 : 
    1405                 :          png_fp_set(state, PNG_FP_EXPONENT);
    1406                 : 
    1407                 :          break;
    1408                 : 
    1409                 :       case PNG_FP_EXPONENT + PNG_FP_SAW_SIGN:
    1410                 :          if (state & PNG_FP_SAW_ANY)
    1411                 :             goto PNG_FP_End; /* not a part of the number */
    1412                 : 
    1413                 :          png_fp_add(state, PNG_FP_SAW_SIGN);
    1414                 : 
    1415                 :          break;
    1416                 : 
    1417                 :    /* case PNG_FP_EXPONENT + PNG_FP_SAW_DOT:
    1418                 :          goto PNG_FP_End; */
    1419                 : 
    1420                 :       case PNG_FP_EXPONENT + PNG_FP_SAW_DIGIT:
    1421                 :          png_fp_add(state, PNG_FP_SAW_DIGIT | PNG_FP_WAS_VALID);
    1422                 : 
    1423                 :          break;
    1424                 : 
    1425                 :    /* case PNG_FP_EXPONEXT + PNG_FP_SAW_E:
    1426                 :          goto PNG_FP_End; */
    1427                 : 
    1428                 :       default: goto PNG_FP_End; /* I.e. break 2 */
    1429                 :       }
    1430                 : 
    1431                 :       /* The character seems ok, continue. */
    1432                 :       ++i;
    1433                 :    }
    1434                 : 
    1435                 : PNG_FP_End:
    1436                 :    /* Here at the end, update the state and return the correct
    1437                 :     * return code.
    1438                 :     */
    1439                 :    *statep = state;
    1440                 :    *whereami = i;
    1441                 : 
    1442                 :    return (state & PNG_FP_SAW_DIGIT) != 0;
    1443                 : }
    1444                 : 
    1445                 : 
    1446                 : /* The same but for a complete string. */
    1447                 : int
    1448                 : png_check_fp_string(png_const_charp string, png_size_t size)
    1449                 : {
    1450                 :    int        state=0;
    1451                 :    png_size_t char_index=0;
    1452                 : 
    1453                 :    if (png_check_fp_number(string, size, &state, &char_index) &&
    1454                 :       (char_index == size || string[char_index] == 0))
    1455                 :       return state /* must be non-zero - see above */;
    1456                 : 
    1457                 :    return 0; /* i.e. fail */
    1458                 : }
    1459                 : #endif /* pCAL or sCAL */
    1460                 : 
    1461                 : #ifdef PNG_READ_sCAL_SUPPORTED
    1462                 : #  ifdef PNG_FLOATING_POINT_SUPPORTED
    1463                 : /* Utility used below - a simple accurate power of ten from an integral
    1464                 :  * exponent.
    1465                 :  */
    1466                 : static double
    1467                 : png_pow10(int power)
    1468                 : {
    1469                 :    int recip = 0;
    1470                 :    double d = 1;
    1471                 : 
    1472                 :    /* Handle negative exponent with a reciprocal at the end because
    1473                 :     * 10 is exact whereas .1 is inexact in base 2
    1474                 :     */
    1475                 :    if (power < 0)
    1476                 :    {
    1477                 :       if (power < DBL_MIN_10_EXP) return 0;
    1478                 :       recip = 1, power = -power;
    1479                 :    }
    1480                 : 
    1481                 :    if (power > 0)
    1482                 :    {
    1483                 :       /* Decompose power bitwise. */
    1484                 :       double mult = 10;
    1485                 :       do
    1486                 :       {
    1487                 :          if (power & 1) d *= mult;
    1488                 :          mult *= mult;
    1489                 :          power >>= 1;
    1490                 :       }
    1491                 :       while (power > 0);
    1492                 : 
    1493                 :       if (recip) d = 1/d;
    1494                 :    }
    1495                 :    /* else power is 0 and d is 1 */
    1496                 : 
    1497                 :    return d;
    1498                 : }
    1499                 : 
    1500                 : /* Function to format a floating point value in ASCII with a given
    1501                 :  * precision.
    1502                 :  */
    1503                 : void /* PRIVATE */
    1504                 : png_ascii_from_fp(png_structp png_ptr, png_charp ascii, png_size_t size,
    1505                 :     double fp, unsigned int precision)
    1506                 : {
    1507                 :    /* We use standard functions from math.h, but not printf because
    1508                 :     * that would require stdio.  The caller must supply a buffer of
    1509                 :     * sufficient size or we will png_error.  The tests on size and
    1510                 :     * the space in ascii[] consumed are indicated below.
    1511                 :     */
    1512                 :    if (precision < 1)
    1513                 :       precision = DBL_DIG;
    1514                 : 
    1515                 :    /* Enforce the limit of the implementation precision too. */
    1516                 :    if (precision > DBL_DIG+1)
    1517                 :       precision = DBL_DIG+1;
    1518                 : 
    1519                 :    /* Basic sanity checks */
    1520                 :    if (size >= precision+5) /* See the requirements below. */
    1521                 :    {
    1522                 :       if (fp < 0)
    1523                 :       {
    1524                 :          fp = -fp;
    1525                 :          *ascii++ = 45; /* '-'  PLUS 1 TOTAL 1 */
    1526                 :          --size;
    1527                 :       }
    1528                 : 
    1529                 :       if (fp >= DBL_MIN && fp <= DBL_MAX)
    1530                 :       {
    1531                 :          int exp_b10;       /* A base 10 exponent */
    1532                 :          double base;   /* 10^exp_b10 */
    1533                 : 
    1534                 :          /* First extract a base 10 exponent of the number,
    1535                 :           * the calculation below rounds down when converting
    1536                 :           * from base 2 to base 10 (multiply by log10(2) -
    1537                 :           * 0.3010, but 77/256 is 0.3008, so exp_b10 needs to
    1538                 :           * be increased.  Note that the arithmetic shift
    1539                 :           * performs a floor() unlike C arithmetic - using a
    1540                 :           * C multiply would break the following for negative
    1541                 :           * exponents.
    1542                 :           */
    1543                 :          (void)frexp(fp, &exp_b10); /* exponent to base 2 */
    1544                 : 
    1545                 :          exp_b10 = (exp_b10 * 77) >> 8; /* <= exponent to base 10 */
    1546                 : 
    1547                 :          /* Avoid underflow here. */
    1548                 :          base = png_pow10(exp_b10); /* May underflow */
    1549                 : 
    1550                 :          while (base < DBL_MIN || base < fp)
    1551                 :          {
    1552                 :             /* And this may overflow. */
    1553                 :             double test = png_pow10(exp_b10+1);
    1554                 : 
    1555                 :             if (test <= DBL_MAX)
    1556                 :                ++exp_b10, base = test;
    1557                 : 
    1558                 :             else
    1559                 :                break;
    1560                 :          }
    1561                 : 
    1562                 :          /* Normalize fp and correct exp_b10, after this fp is in the
    1563                 :           * range [.1,1) and exp_b10 is both the exponent and the digit
    1564                 :           * *before* which the decimal point should be inserted
    1565                 :           * (starting with 0 for the first digit).  Note that this
    1566                 :           * works even if 10^exp_b10 is out of range because of the
    1567                 :           * test on DBL_MAX above.
    1568                 :           */
    1569                 :          fp /= base;
    1570                 :          while (fp >= 1) fp /= 10, ++exp_b10;
    1571                 : 
    1572                 :          /* Because of the code above fp may, at this point, be
    1573                 :           * less than .1, this is ok because the code below can
    1574                 :           * handle the leading zeros this generates, so no attempt
    1575                 :           * is made to correct that here.
    1576                 :           */
    1577                 : 
    1578                 :          {
    1579                 :             int czero, clead, cdigits;
    1580                 :             char exponent[10];
    1581                 : 
    1582                 :             /* Allow up to two leading zeros - this will not lengthen
    1583                 :              * the number compared to using E-n.
    1584                 :              */
    1585                 :             if (exp_b10 < 0 && exp_b10 > -3) /* PLUS 3 TOTAL 4 */
    1586                 :             {
    1587                 :                czero = -exp_b10; /* PLUS 2 digits: TOTAL 3 */
    1588                 :                exp_b10 = 0;      /* Dot added below before first output. */
    1589                 :             }
    1590                 :             else
    1591                 :                czero = 0;    /* No zeros to add */
    1592                 : 
    1593                 :             /* Generate the digit list, stripping trailing zeros and
    1594                 :              * inserting a '.' before a digit if the exponent is 0.
    1595                 :              */
    1596                 :             clead = czero; /* Count of leading zeros */
    1597                 :             cdigits = 0;   /* Count of digits in list. */
    1598                 : 
    1599                 :             do
    1600                 :             {
    1601                 :                double d;
    1602                 : 
    1603                 :                fp *= 10;
    1604                 :                /* Use modf here, not floor and subtract, so that
    1605                 :                 * the separation is done in one step.  At the end
    1606                 :                 * of the loop don't break the number into parts so
    1607                 :                 * that the final digit is rounded.
    1608                 :                 */
    1609                 :                if (cdigits+czero-clead+1 < (int)precision)
    1610                 :                   fp = modf(fp, &d);
    1611                 : 
    1612                 :                else
    1613                 :                {
    1614                 :                   d = floor(fp + .5);
    1615                 : 
    1616                 :                   if (d > 9)
    1617                 :                   {
    1618                 :                      /* Rounding up to 10, handle that here. */
    1619                 :                      if (czero > 0)
    1620                 :                      {
    1621                 :                         --czero, d = 1;
    1622                 :                         if (cdigits == 0) --clead;
    1623                 :                      }
    1624                 :                      else
    1625                 :                      {
    1626                 :                         while (cdigits > 0 && d > 9)
    1627                 :                         {
    1628                 :                            int ch = *--ascii;
    1629                 : 
    1630                 :                            if (exp_b10 != (-1))
    1631                 :                               ++exp_b10;
    1632                 : 
    1633                 :                            else if (ch == 46)
    1634                 :                            {
    1635                 :                               ch = *--ascii, ++size;
    1636                 :                               /* Advance exp_b10 to '1', so that the
    1637                 :                                * decimal point happens after the
    1638                 :                                * previous digit.
    1639                 :                                */
    1640                 :                               exp_b10 = 1;
    1641                 :                            }
    1642                 : 
    1643                 :                            --cdigits;
    1644                 :                            d = ch - 47;  /* I.e. 1+(ch-48) */
    1645                 :                         }
    1646                 : 
    1647                 :                         /* Did we reach the beginning? If so adjust the
    1648                 :                          * exponent but take into account the leading
    1649                 :                          * decimal point.
    1650                 :                          */
    1651                 :                         if (d > 9)  /* cdigits == 0 */
    1652                 :                         {
    1653                 :                            if (exp_b10 == (-1))
    1654                 :                            {
    1655                 :                               /* Leading decimal point (plus zeros?), if
    1656                 :                                * we lose the decimal point here it must
    1657                 :                                * be reentered below.
    1658                 :                                */
    1659                 :                               int ch = *--ascii;
    1660                 : 
    1661                 :                               if (ch == 46)
    1662                 :                                  ++size, exp_b10 = 1;
    1663                 : 
    1664                 :                               /* Else lost a leading zero, so 'exp_b10' is
    1665                 :                                * still ok at (-1)
    1666                 :                                */
    1667                 :                            }
    1668                 :                            else
    1669                 :                               ++exp_b10;
    1670                 : 
    1671                 :                            /* In all cases we output a '1' */
    1672                 :                            d = 1;
    1673                 :                         }
    1674                 :                      }
    1675                 :                   }
    1676                 :                   fp = 0; /* Guarantees termination below. */
    1677                 :                }
    1678                 : 
    1679                 :                if (d == 0)
    1680                 :                {
    1681                 :                   ++czero;
    1682                 :                   if (cdigits == 0) ++clead;
    1683                 :                }
    1684                 :                else
    1685                 :                {
    1686                 :                   /* Included embedded zeros in the digit count. */
    1687                 :                   cdigits += czero - clead;
    1688                 :                   clead = 0;
    1689                 : 
    1690                 :                   while (czero > 0)
    1691                 :                   {
    1692                 :                      /* exp_b10 == (-1) means we just output the decimal
    1693                 :                       * place - after the DP don't adjust 'exp_b10' any
    1694                 :                       * more!
    1695                 :                       */
    1696                 :                      if (exp_b10 != (-1))
    1697                 :                      {
    1698                 :                         if (exp_b10 == 0) *ascii++ = 46, --size;
    1699                 :                         /* PLUS 1: TOTAL 4 */
    1700                 :                         --exp_b10;
    1701                 :                      }
    1702                 :                      *ascii++ = 48, --czero;
    1703                 :                   }
    1704                 : 
    1705                 :                   if (exp_b10 != (-1))
    1706                 :                   {
    1707                 :                      if (exp_b10 == 0) *ascii++ = 46, --size; /* counted
    1708                 :                                                                  above */
    1709                 :                      --exp_b10;
    1710                 :                   }
    1711                 :                   *ascii++ = (char)(48 + (int)d), ++cdigits;
    1712                 :                }
    1713                 :             }
    1714                 :             while (cdigits+czero-clead < (int)precision && fp > DBL_MIN);
    1715                 : 
    1716                 :             /* The total output count (max) is now 4+precision */
    1717                 : 
    1718                 :             /* Check for an exponent, if we don't need one we are
    1719                 :              * done and just need to terminate the string.  At
    1720                 :              * this point exp_b10==(-1) is effectively if flag - it got
    1721                 :              * to '-1' because of the decrement after outputing
    1722                 :              * the decimal point above (the exponent required is
    1723                 :              * *not* -1!)
    1724                 :              */
    1725                 :             if (exp_b10 >= (-1) && exp_b10 <= 2)
    1726                 :             {
    1727                 :                /* The following only happens if we didn't output the
    1728                 :                 * leading zeros above for negative exponent, so this
    1729                 :                 * doest add to the digit requirement.  Note that the
    1730                 :                 * two zeros here can only be output if the two leading
    1731                 :                 * zeros were *not* output, so this doesn't increase
    1732                 :                 * the output count.
    1733                 :                 */
    1734                 :                while (--exp_b10 >= 0) *ascii++ = 48;
    1735                 : 
    1736                 :                *ascii = 0;
    1737                 : 
    1738                 :                /* Total buffer requirement (including the '\0') is
    1739                 :                 * 5+precision - see check at the start.
    1740                 :                 */
    1741                 :                return;
    1742                 :             }
    1743                 : 
    1744                 :             /* Here if an exponent is required, adjust size for
    1745                 :              * the digits we output but did not count.  The total
    1746                 :              * digit output here so far is at most 1+precision - no
    1747                 :              * decimal point and no leading or trailing zeros have
    1748                 :              * been output.
    1749                 :              */
    1750                 :             size -= cdigits;
    1751                 : 
    1752                 :             *ascii++ = 69, --size;    /* 'E': PLUS 1 TOTAL 2+precision */
    1753                 : 
    1754                 :             /* The following use of an unsigned temporary avoids ambiguities in
    1755                 :              * the signed arithmetic on exp_b10 and permits GCC at least to do
    1756                 :              * better optimization.
    1757                 :              */
    1758                 :             {
    1759                 :                unsigned int uexp_b10;
    1760                 : 
    1761                 :                if (exp_b10 < 0)
    1762                 :                {
    1763                 :                   *ascii++ = 45, --size; /* '-': PLUS 1 TOTAL 3+precision */
    1764                 :                   uexp_b10 = -exp_b10;
    1765                 :                }
    1766                 : 
    1767                 :                else
    1768                 :                   uexp_b10 = exp_b10;
    1769                 : 
    1770                 :                cdigits = 0;
    1771                 : 
    1772                 :                while (uexp_b10 > 0)
    1773                 :                {
    1774                 :                   exponent[cdigits++] = (char)(48 + uexp_b10 % 10);
    1775                 :                   uexp_b10 /= 10;
    1776                 :                }
    1777                 :             }
    1778                 : 
    1779                 :             /* Need another size check here for the exponent digits, so
    1780                 :              * this need not be considered above.
    1781                 :              */
    1782                 :             if ((int)size > cdigits)
    1783                 :             {
    1784                 :                while (cdigits > 0) *ascii++ = exponent[--cdigits];
    1785                 : 
    1786                 :                *ascii = 0;
    1787                 : 
    1788                 :                return;
    1789                 :             }
    1790                 :          }
    1791                 :       }
    1792                 :       else if (!(fp >= DBL_MIN))
    1793                 :       {
    1794                 :          *ascii++ = 48; /* '0' */
    1795                 :          *ascii = 0;
    1796                 :          return;
    1797                 :       }
    1798                 :       else
    1799                 :       {
    1800                 :          *ascii++ = 105; /* 'i' */
    1801                 :          *ascii++ = 110; /* 'n' */
    1802                 :          *ascii++ = 102; /* 'f' */
    1803                 :          *ascii = 0;
    1804                 :          return;
    1805                 :       }
    1806                 :    }
    1807                 : 
    1808                 :    /* Here on buffer too small. */
    1809                 :    png_error(png_ptr, "ASCII conversion buffer too small");
    1810                 : }
    1811                 : 
    1812                 : #  endif /* FLOATING_POINT */
    1813                 : 
    1814                 : #  ifdef PNG_FIXED_POINT_SUPPORTED
    1815                 : /* Function to format a fixed point value in ASCII.
    1816                 :  */
    1817                 : void /* PRIVATE */
    1818                 : png_ascii_from_fixed(png_structp png_ptr, png_charp ascii, png_size_t size,
    1819                 :     png_fixed_point fp)
    1820                 : {
    1821                 :    /* Require space for 10 decimal digits, a decimal point, a minus sign and a
    1822                 :     * trailing \0, 13 characters:
    1823                 :     */
    1824                 :    if (size > 12)
    1825                 :    {
    1826                 :       png_uint_32 num;
    1827                 : 
    1828                 :       /* Avoid overflow here on the minimum integer. */
    1829                 :       if (fp < 0)
    1830                 :          *ascii++ = 45, --size, num = -fp;
    1831                 :       else
    1832                 :          num = fp;
    1833                 : 
    1834                 :       if (num <= 0x80000000) /* else overflowed */
    1835                 :       {
    1836                 :          unsigned int ndigits = 0, first = 16 /* flag value */;
    1837                 :          char digits[10];
    1838                 : 
    1839                 :          while (num)
    1840                 :          {
    1841                 :             /* Split the low digit off num: */
    1842                 :             unsigned int tmp = num/10;
    1843                 :             num -= tmp*10;
    1844                 :             digits[ndigits++] = (char)(48 + num);
    1845                 :             /* Record the first non-zero digit, note that this is a number
    1846                 :              * starting at 1, it's not actually the array index.
    1847                 :              */
    1848                 :             if (first == 16 && num > 0)
    1849                 :                first = ndigits;
    1850                 :             num = tmp;
    1851                 :          }
    1852                 : 
    1853                 :          if (ndigits > 0)
    1854                 :          {
    1855                 :             while (ndigits > 5) *ascii++ = digits[--ndigits];
    1856                 :             /* The remaining digits are fractional digits, ndigits is '5' or
    1857                 :              * smaller at this point.  It is certainly not zero.  Check for a
    1858                 :              * non-zero fractional digit:
    1859                 :              */
    1860                 :             if (first <= 5)
    1861                 :             {
    1862                 :                unsigned int i;
    1863                 :                *ascii++ = 46; /* decimal point */
    1864                 :                /* ndigits may be <5 for small numbers, output leading zeros
    1865                 :                 * then ndigits digits to first:
    1866                 :                 */
    1867                 :                i = 5;
    1868                 :                while (ndigits < i) *ascii++ = 48, --i;
    1869                 :                while (ndigits >= first) *ascii++ = digits[--ndigits];
    1870                 :                /* Don't output the trailing zeros! */
    1871                 :             }
    1872                 :          }
    1873                 :          else
    1874                 :             *ascii++ = 48;
    1875                 : 
    1876                 :          /* And null terminate the string: */
    1877                 :          *ascii = 0;
    1878                 :          return;
    1879                 :       }
    1880                 :    }
    1881                 : 
    1882                 :    /* Here on buffer too small. */
    1883                 :    png_error(png_ptr, "ASCII conversion buffer too small");
    1884                 : }
    1885                 : #   endif /* FIXED_POINT */
    1886                 : #endif /* READ_SCAL */
    1887                 : 
    1888                 : #if defined(PNG_FLOATING_POINT_SUPPORTED) && \
    1889                 :    !defined(PNG_FIXED_POINT_MACRO_SUPPORTED)
    1890                 : png_fixed_point
    1891               0 : png_fixed(png_structp png_ptr, double fp, png_const_charp text)
    1892                 : {
    1893               0 :    double r = floor(100000 * fp + .5);
    1894                 : 
    1895               0 :    if (r > 2147483647. || r < -2147483648.)
    1896               0 :       png_fixed_error(png_ptr, text);
    1897                 : 
    1898               0 :    return (png_fixed_point)r;
    1899                 : }
    1900                 : #endif
    1901                 : 
    1902                 : #if defined(PNG_READ_GAMMA_SUPPORTED) || \
    1903                 :     defined(PNG_INCH_CONVERSIONS_SUPPORTED) || defined(PNG__READ_pHYs_SUPPORTED)
    1904                 : /* muldiv functions */
    1905                 : /* This API takes signed arguments and rounds the result to the nearest
    1906                 :  * integer (or, for a fixed point number - the standard argument - to
    1907                 :  * the nearest .00001).  Overflow and divide by zero are signalled in
    1908                 :  * the result, a boolean - true on success, false on overflow.
    1909                 :  */
    1910                 : int
    1911               4 : png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times,
    1912                 :     png_int_32 divisor)
    1913                 : {
    1914                 :    /* Return a * times / divisor, rounded. */
    1915               4 :    if (divisor != 0)
    1916                 :    {
    1917               4 :       if (a == 0 || times == 0)
    1918                 :       {
    1919               0 :          *res = 0;
    1920               0 :          return 1;
    1921                 :       }
    1922                 :       else
    1923                 :       {
    1924                 : #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
    1925               4 :          double r = a;
    1926               4 :          r *= times;
    1927               4 :          r /= divisor;
    1928               4 :          r = floor(r+.5);
    1929                 : 
    1930                 :          /* A png_fixed_point is a 32-bit integer. */
    1931               4 :          if (r <= 2147483647. && r >= -2147483648.)
    1932                 :          {
    1933               4 :             *res = (png_fixed_point)r;
    1934               4 :             return 1;
    1935                 :          }
    1936                 : #else
    1937                 :          int negative = 0;
    1938                 :          png_uint_32 A, T, D;
    1939                 :          png_uint_32 s16, s32, s00;
    1940                 : 
    1941                 :          if (a < 0)
    1942                 :             negative = 1, A = -a;
    1943                 :          else
    1944                 :             A = a;
    1945                 : 
    1946                 :          if (times < 0)
    1947                 :             negative = !negative, T = -times;
    1948                 :          else
    1949                 :             T = times;
    1950                 : 
    1951                 :          if (divisor < 0)
    1952                 :             negative = !negative, D = -divisor;
    1953                 :          else
    1954                 :             D = divisor;
    1955                 : 
    1956                 :          /* Following can't overflow because the arguments only
    1957                 :           * have 31 bits each, however the result may be 32 bits.
    1958                 :           */
    1959                 :          s16 = (A >> 16) * (T & 0xffff) +
    1960                 :                            (A & 0xffff) * (T >> 16);
    1961                 :          /* Can't overflow because the a*times bit is only 30
    1962                 :           * bits at most.
    1963                 :           */
    1964                 :          s32 = (A >> 16) * (T >> 16) + (s16 >> 16);
    1965                 :          s00 = (A & 0xffff) * (T & 0xffff);
    1966                 : 
    1967                 :          s16 = (s16 & 0xffff) << 16;
    1968                 :          s00 += s16;
    1969                 : 
    1970                 :          if (s00 < s16)
    1971                 :             ++s32; /* carry */
    1972                 : 
    1973                 :          if (s32 < D) /* else overflow */
    1974                 :          {
    1975                 :             /* s32.s00 is now the 64-bit product, do a standard
    1976                 :              * division, we know that s32 < D, so the maximum
    1977                 :              * required shift is 31.
    1978                 :              */
    1979                 :             int bitshift = 32;
    1980                 :             png_fixed_point result = 0; /* NOTE: signed */
    1981                 : 
    1982                 :             while (--bitshift >= 0)
    1983                 :             {
    1984                 :                png_uint_32 d32, d00;
    1985                 : 
    1986                 :                if (bitshift > 0)
    1987                 :                   d32 = D >> (32-bitshift), d00 = D << bitshift;
    1988                 : 
    1989                 :                else
    1990                 :                   d32 = 0, d00 = D;
    1991                 : 
    1992                 :                if (s32 > d32)
    1993                 :                {
    1994                 :                   if (s00 < d00) --s32; /* carry */
    1995                 :                   s32 -= d32, s00 -= d00, result += 1<<bitshift;
    1996                 :                }
    1997                 : 
    1998                 :                else
    1999                 :                   if (s32 == d32 && s00 >= d00)
    2000                 :                      s32 = 0, s00 -= d00, result += 1<<bitshift;
    2001                 :             }
    2002                 : 
    2003                 :             /* Handle the rounding. */
    2004                 :             if (s00 >= (D >> 1))
    2005                 :                ++result;
    2006                 : 
    2007                 :             if (negative)
    2008                 :                result = -result;
    2009                 : 
    2010                 :             /* Check for overflow. */
    2011                 :             if ((negative && result <= 0) || (!negative && result >= 0))
    2012                 :             {
    2013                 :                *res = result;
    2014                 :                return 1;
    2015                 :             }
    2016                 :          }
    2017                 : #endif
    2018                 :       }
    2019                 :    }
    2020                 : 
    2021               0 :    return 0;
    2022                 : }
    2023                 : #endif /* READ_GAMMA || INCH_CONVERSIONS */
    2024                 : 
    2025                 : #if defined(PNG_READ_GAMMA_SUPPORTED) || defined(PNG_INCH_CONVERSIONS_SUPPORTED)
    2026                 : /* The following is for when the caller doesn't much care about the
    2027                 :  * result.
    2028                 :  */
    2029                 : png_fixed_point
    2030               0 : png_muldiv_warn(png_structp png_ptr, png_fixed_point a, png_int_32 times,
    2031                 :     png_int_32 divisor)
    2032                 : {
    2033                 :    png_fixed_point result;
    2034                 : 
    2035               0 :    if (png_muldiv(&result, a, times, divisor))
    2036               0 :       return result;
    2037                 : 
    2038                 :    png_warning(png_ptr, "fixed point overflow ignored");
    2039               0 :    return 0;
    2040                 : }
    2041                 : #endif
    2042                 : 
    2043                 : #ifdef PNG_READ_GAMMA_SUPPORTED /* more fixed point functions for gammma */
    2044                 : /* Calculate a reciprocal, return 0 on div-by-zero or overflow. */
    2045                 : png_fixed_point
    2046               0 : png_reciprocal(png_fixed_point a)
    2047                 : {
    2048                 : #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
    2049               0 :    double r = floor(1E10/a+.5);
    2050                 : 
    2051               0 :    if (r <= 2147483647. && r >= -2147483648.)
    2052               0 :       return (png_fixed_point)r;
    2053                 : #else
    2054                 :    png_fixed_point res;
    2055                 : 
    2056                 :    if (png_muldiv(&res, 100000, 100000, a))
    2057                 :       return res;
    2058                 : #endif
    2059                 : 
    2060               0 :    return 0; /* error/overflow */
    2061                 : }
    2062                 : 
    2063                 : /* A local convenience routine. */
    2064                 : static png_fixed_point
    2065               0 : png_product2(png_fixed_point a, png_fixed_point b)
    2066                 : {
    2067                 :    /* The required result is 1/a * 1/b; the following preserves accuracy. */
    2068                 : #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
    2069               0 :    double r = a * 1E-5;
    2070               0 :    r *= b;
    2071               0 :    r = floor(r+.5);
    2072                 : 
    2073               0 :    if (r <= 2147483647. && r >= -2147483648.)
    2074               0 :       return (png_fixed_point)r;
    2075                 : #else
    2076                 :    png_fixed_point res;
    2077                 : 
    2078                 :    if (png_muldiv(&res, a, b, 100000))
    2079                 :       return res;
    2080                 : #endif
    2081                 : 
    2082               0 :    return 0; /* overflow */
    2083                 : }
    2084                 : 
    2085                 : /* The inverse of the above. */
    2086                 : png_fixed_point
    2087               0 : png_reciprocal2(png_fixed_point a, png_fixed_point b)
    2088                 : {
    2089                 :    /* The required result is 1/a * 1/b; the following preserves accuracy. */
    2090                 : #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
    2091               0 :    double r = 1E15/a;
    2092               0 :    r /= b;
    2093               0 :    r = floor(r+.5);
    2094                 : 
    2095               0 :    if (r <= 2147483647. && r >= -2147483648.)
    2096               0 :       return (png_fixed_point)r;
    2097                 : #else
    2098                 :    /* This may overflow because the range of png_fixed_point isn't symmetric,
    2099                 :     * but this API is only used for the product of file and screen gamma so it
    2100                 :     * doesn't matter that the smallest number it can produce is 1/21474, not
    2101                 :     * 1/100000
    2102                 :     */
    2103                 :    png_fixed_point res = png_product2(a, b);
    2104                 : 
    2105                 :    if (res != 0)
    2106                 :       return png_reciprocal(res);
    2107                 : #endif
    2108                 : 
    2109               0 :    return 0; /* overflow */
    2110                 : }
    2111                 : #endif /* READ_GAMMA */
    2112                 : 
    2113                 : #ifdef PNG_CHECK_cHRM_SUPPORTED
    2114                 : /* Added at libpng version 1.2.34 (Dec 8, 2008) and 1.4.0 (Jan 2,
    2115                 :  * 2010: moved from pngset.c) */
    2116                 : /*
    2117                 :  *    Multiply two 32-bit numbers, V1 and V2, using 32-bit
    2118                 :  *    arithmetic, to produce a 64-bit result in the HI/LO words.
    2119                 :  *
    2120                 :  *                  A B
    2121                 :  *                x C D
    2122                 :  *               ------
    2123                 :  *              AD || BD
    2124                 :  *        AC || CB || 0
    2125                 :  *
    2126                 :  *    where A and B are the high and low 16-bit words of V1,
    2127                 :  *    C and D are the 16-bit words of V2, AD is the product of
    2128                 :  *    A and D, and X || Y is (X << 16) + Y.
    2129                 : */
    2130                 : 
    2131                 : void /* PRIVATE */
    2132               0 : png_64bit_product (long v1, long v2, unsigned long *hi_product,
    2133                 :     unsigned long *lo_product)
    2134                 : {
    2135                 :    int a, b, c, d;
    2136                 :    long lo, hi, x, y;
    2137                 : 
    2138               0 :    a = (v1 >> 16) & 0xffff;
    2139               0 :    b = v1 & 0xffff;
    2140               0 :    c = (v2 >> 16) & 0xffff;
    2141               0 :    d = v2 & 0xffff;
    2142                 : 
    2143               0 :    lo = b * d;                   /* BD */
    2144               0 :    x = a * d + c * b;            /* AD + CB */
    2145               0 :    y = ((lo >> 16) & 0xffff) + x;
    2146                 : 
    2147               0 :    lo = (lo & 0xffff) | ((y & 0xffff) << 16);
    2148               0 :    hi = (y >> 16) & 0xffff;
    2149                 : 
    2150               0 :    hi += a * c;                  /* AC */
    2151                 : 
    2152               0 :    *hi_product = (unsigned long)hi;
    2153               0 :    *lo_product = (unsigned long)lo;
    2154               0 : }
    2155                 : #endif /* CHECK_cHRM */
    2156                 : 
    2157                 : #ifdef PNG_READ_GAMMA_SUPPORTED /* gamma table code */
    2158                 : #ifndef PNG_FLOATING_ARITHMETIC_SUPPORTED
    2159                 : /* Fixed point gamma.
    2160                 :  *
    2161                 :  * To calculate gamma this code implements fast log() and exp() calls using only
    2162                 :  * fixed point arithmetic.  This code has sufficient precision for either 8-bit
    2163                 :  * or 16-bit sample values.
    2164                 :  *
    2165                 :  * The tables used here were calculated using simple 'bc' programs, but C double
    2166                 :  * precision floating point arithmetic would work fine.  The programs are given
    2167                 :  * at the head of each table.
    2168                 :  *
    2169                 :  * 8-bit log table
    2170                 :  *   This is a table of -log(value/255)/log(2) for 'value' in the range 128 to
    2171                 :  *   255, so it's the base 2 logarithm of a normalized 8-bit floating point
    2172                 :  *   mantissa.  The numbers are 32-bit fractions.
    2173                 :  */
    2174                 : static png_uint_32
    2175                 : png_8bit_l2[128] =
    2176                 : {
    2177                 : #  ifdef PNG_DO_BC
    2178                 :       for (i=128;i<256;++i) { .5 - l(i/255)/l(2)*65536*65536; }
    2179                 : #  else
    2180                 :    4270715492U, 4222494797U, 4174646467U, 4127164793U, 4080044201U, 4033279239U,
    2181                 :    3986864580U, 3940795015U, 3895065449U, 3849670902U, 3804606499U, 3759867474U,
    2182                 :    3715449162U, 3671346997U, 3627556511U, 3584073329U, 3540893168U, 3498011834U,
    2183                 :    3455425220U, 3413129301U, 3371120137U, 3329393864U, 3287946700U, 3246774933U,
    2184                 :    3205874930U, 3165243125U, 3124876025U, 3084770202U, 3044922296U, 3005329011U,
    2185                 :    2965987113U, 2926893432U, 2888044853U, 2849438323U, 2811070844U, 2772939474U,
    2186                 :    2735041326U, 2697373562U, 2659933400U, 2622718104U, 2585724991U, 2548951424U,
    2187                 :    2512394810U, 2476052606U, 2439922311U, 2404001468U, 2368287663U, 2332778523U,
    2188                 :    2297471715U, 2262364947U, 2227455964U, 2192742551U, 2158222529U, 2123893754U,
    2189                 :    2089754119U, 2055801552U, 2022034013U, 1988449497U, 1955046031U, 1921821672U,
    2190                 :    1888774511U, 1855902668U, 1823204291U, 1790677560U, 1758320682U, 1726131893U,
    2191                 :    1694109454U, 1662251657U, 1630556815U, 1599023271U, 1567649391U, 1536433567U,
    2192                 :    1505374214U, 1474469770U, 1443718700U, 1413119487U, 1382670639U, 1352370686U,
    2193                 :    1322218179U, 1292211689U, 1262349810U, 1232631153U, 1203054352U, 1173618059U,
    2194                 :    1144320946U, 1115161701U, 1086139034U, 1057251672U, 1028498358U, 999877854U,
    2195                 :    971388940U, 943030410U, 914801076U, 886699767U, 858725327U, 830876614U,
    2196                 :    803152505U, 775551890U, 748073672U, 720716771U, 693480120U, 666362667U,
    2197                 :    639363374U, 612481215U, 585715177U, 559064263U, 532527486U, 506103872U,
    2198                 :    479792461U, 453592303U, 427502463U, 401522014U, 375650043U, 349885648U,
    2199                 :    324227938U, 298676034U, 273229066U, 247886176U, 222646516U, 197509248U,
    2200                 :    172473545U, 147538590U, 122703574U, 97967701U, 73330182U, 48790236U,
    2201                 :    24347096U, 0U
    2202                 : #  endif
    2203                 : 
    2204                 : #if 0
    2205                 :    /* The following are the values for 16-bit tables - these work fine for the
    2206                 :     * 8-bit conversions but produce very slightly larger errors in the 16-bit
    2207                 :     * log (about 1.2 as opposed to 0.7 absolute error in the final value).  To
    2208                 :     * use these all the shifts below must be adjusted appropriately.
    2209                 :     */
    2210                 :    65166, 64430, 63700, 62976, 62257, 61543, 60835, 60132, 59434, 58741, 58054,
    2211                 :    57371, 56693, 56020, 55352, 54689, 54030, 53375, 52726, 52080, 51439, 50803,
    2212                 :    50170, 49542, 48918, 48298, 47682, 47070, 46462, 45858, 45257, 44661, 44068,
    2213                 :    43479, 42894, 42312, 41733, 41159, 40587, 40020, 39455, 38894, 38336, 37782,
    2214                 :    37230, 36682, 36137, 35595, 35057, 34521, 33988, 33459, 32932, 32408, 31887,
    2215                 :    31369, 30854, 30341, 29832, 29325, 28820, 28319, 27820, 27324, 26830, 26339,
    2216                 :    25850, 25364, 24880, 24399, 23920, 23444, 22970, 22499, 22029, 21562, 21098,
    2217                 :    20636, 20175, 19718, 19262, 18808, 18357, 17908, 17461, 17016, 16573, 16132,
    2218                 :    15694, 15257, 14822, 14390, 13959, 13530, 13103, 12678, 12255, 11834, 11415,
    2219                 :    10997, 10582, 10168, 9756, 9346, 8937, 8531, 8126, 7723, 7321, 6921, 6523,
    2220                 :    6127, 5732, 5339, 4947, 4557, 4169, 3782, 3397, 3014, 2632, 2251, 1872, 1495,
    2221                 :    1119, 744, 372
    2222                 : #endif
    2223                 : };
    2224                 : 
    2225                 : PNG_STATIC png_int_32
    2226                 : png_log8bit(unsigned int x)
    2227                 : {
    2228                 :    unsigned int lg2 = 0;
    2229                 :    /* Each time 'x' is multiplied by 2, 1 must be subtracted off the final log,
    2230                 :     * because the log is actually negate that means adding 1.  The final
    2231                 :     * returned value thus has the range 0 (for 255 input) to 7.994 (for 1
    2232                 :     * input), return 7.99998 for the overflow (log 0) case - so the result is
    2233                 :     * always at most 19 bits.
    2234                 :     */
    2235                 :    if ((x &= 0xff) == 0)
    2236                 :       return 0xffffffff;
    2237                 : 
    2238                 :    if ((x & 0xf0) == 0)
    2239                 :       lg2  = 4, x <<= 4;
    2240                 : 
    2241                 :    if ((x & 0xc0) == 0)
    2242                 :       lg2 += 2, x <<= 2;
    2243                 : 
    2244                 :    if ((x & 0x80) == 0)
    2245                 :       lg2 += 1, x <<= 1;
    2246                 : 
    2247                 :    /* result is at most 19 bits, so this cast is safe: */
    2248                 :    return (png_int_32)((lg2 << 16) + ((png_8bit_l2[x-128]+32768)>>16));
    2249                 : }
    2250                 : 
    2251                 : /* The above gives exact (to 16 binary places) log2 values for 8-bit images,
    2252                 :  * for 16-bit images we use the most significant 8 bits of the 16-bit value to
    2253                 :  * get an approximation then multiply the approximation by a correction factor
    2254                 :  * determined by the remaining up to 8 bits.  This requires an additional step
    2255                 :  * in the 16-bit case.
    2256                 :  *
    2257                 :  * We want log2(value/65535), we have log2(v'/255), where:
    2258                 :  *
    2259                 :  *    value = v' * 256 + v''
    2260                 :  *          = v' * f
    2261                 :  *
    2262                 :  * So f is value/v', which is equal to (256+v''/v') since v' is in the range 128
    2263                 :  * to 255 and v'' is in the range 0 to 255 f will be in the range 256 to less
    2264                 :  * than 258.  The final factor also needs to correct for the fact that our 8-bit
    2265                 :  * value is scaled by 255, whereas the 16-bit values must be scaled by 65535.
    2266                 :  *
    2267                 :  * This gives a final formula using a calculated value 'x' which is value/v' and
    2268                 :  * scaling by 65536 to match the above table:
    2269                 :  *
    2270                 :  *   log2(x/257) * 65536
    2271                 :  *
    2272                 :  * Since these numbers are so close to '1' we can use simple linear
    2273                 :  * interpolation between the two end values 256/257 (result -368.61) and 258/257
    2274                 :  * (result 367.179).  The values used below are scaled by a further 64 to give
    2275                 :  * 16-bit precision in the interpolation:
    2276                 :  *
    2277                 :  * Start (256): -23591
    2278                 :  * Zero  (257):      0
    2279                 :  * End   (258):  23499
    2280                 :  */
    2281                 : PNG_STATIC png_int_32
    2282                 : png_log16bit(png_uint_32 x)
    2283                 : {
    2284                 :    unsigned int lg2 = 0;
    2285                 : 
    2286                 :    /* As above, but now the input has 16 bits. */
    2287                 :    if ((x &= 0xffff) == 0)
    2288                 :       return 0xffffffff;
    2289                 : 
    2290                 :    if ((x & 0xff00) == 0)
    2291                 :       lg2  = 8, x <<= 8;
    2292                 : 
    2293                 :    if ((x & 0xf000) == 0)
    2294                 :       lg2 += 4, x <<= 4;
    2295                 : 
    2296                 :    if ((x & 0xc000) == 0)
    2297                 :       lg2 += 2, x <<= 2;
    2298                 : 
    2299                 :    if ((x & 0x8000) == 0)
    2300                 :       lg2 += 1, x <<= 1;
    2301                 : 
    2302                 :    /* Calculate the base logarithm from the top 8 bits as a 28-bit fractional
    2303                 :     * value.
    2304                 :     */
    2305                 :    lg2 <<= 28;
    2306                 :    lg2 += (png_8bit_l2[(x>>8)-128]+8) >> 4;
    2307                 : 
    2308                 :    /* Now we need to interpolate the factor, this requires a division by the top
    2309                 :     * 8 bits.  Do this with maximum precision.
    2310                 :     */
    2311                 :    x = ((x << 16) + (x >> 9)) / (x >> 8);
    2312                 : 
    2313                 :    /* Since we divided by the top 8 bits of 'x' there will be a '1' at 1<<24,
    2314                 :     * the value at 1<<16 (ignoring this) will be 0 or 1; this gives us exactly
    2315                 :     * 16 bits to interpolate to get the low bits of the result.  Round the
    2316                 :     * answer.  Note that the end point values are scaled by 64 to retain overall
    2317                 :     * precision and that 'lg2' is current scaled by an extra 12 bits, so adjust
    2318                 :     * the overall scaling by 6-12.  Round at every step.
    2319                 :     */
    2320                 :    x -= 1U << 24;
    2321                 : 
    2322                 :    if (x <= 65536U) /* <= '257' */
    2323                 :       lg2 += ((23591U * (65536U-x)) + (1U << (16+6-12-1))) >> (16+6-12);
    2324                 : 
    2325                 :    else
    2326                 :       lg2 -= ((23499U * (x-65536U)) + (1U << (16+6-12-1))) >> (16+6-12);
    2327                 : 
    2328                 :    /* Safe, because the result can't have more than 20 bits: */
    2329                 :    return (png_int_32)((lg2 + 2048) >> 12);
    2330                 : }
    2331                 : 
    2332                 : /* The 'exp()' case must invert the above, taking a 20-bit fixed point
    2333                 :  * logarithmic value and returning a 16 or 8-bit number as appropriate.  In
    2334                 :  * each case only the low 16 bits are relevant - the fraction - since the
    2335                 :  * integer bits (the top 4) simply determine a shift.
    2336                 :  *
    2337                 :  * The worst case is the 16-bit distinction between 65535 and 65534, this
    2338                 :  * requires perhaps spurious accuracy in the decoding of the logarithm to
    2339                 :  * distinguish log2(65535/65534.5) - 10^-5 or 17 bits.  There is little chance
    2340                 :  * of getting this accuracy in practice.
    2341                 :  *
    2342                 :  * To deal with this the following exp() function works out the exponent of the
    2343                 :  * frational part of the logarithm by using an accurate 32-bit value from the
    2344                 :  * top four fractional bits then multiplying in the remaining bits.
    2345                 :  */
    2346                 : static png_uint_32
    2347                 : png_32bit_exp[16] =
    2348                 : {
    2349                 : #  ifdef PNG_DO_BC
    2350                 :       for (i=0;i<16;++i) { .5 + e(-i/16*l(2))*2^32; }
    2351                 : #  else
    2352                 :    /* NOTE: the first entry is deliberately set to the maximum 32-bit value. */
    2353                 :    4294967295U, 4112874773U, 3938502376U, 3771522796U, 3611622603U, 3458501653U,
    2354                 :    3311872529U, 3171459999U, 3037000500U, 2908241642U, 2784941738U, 2666869345U,
    2355                 :    2553802834U, 2445529972U, 2341847524U, 2242560872U
    2356                 : #  endif
    2357                 : };
    2358                 : 
    2359                 : /* Adjustment table; provided to explain the numbers in the code below. */
    2360                 : #ifdef PNG_DO_BC
    2361                 : for (i=11;i>=0;--i){ print i, " ", (1 - e(-(2^i)/65536*l(2))) * 2^(32-i), "\n"}
    2362                 :    11 44937.64284865548751208448
    2363                 :    10 45180.98734845585101160448
    2364                 :     9 45303.31936980687359311872
    2365                 :     8 45364.65110595323018870784
    2366                 :     7 45395.35850361789624614912
    2367                 :     6 45410.72259715102037508096
    2368                 :     5 45418.40724413220722311168
    2369                 :     4 45422.25021786898173001728
    2370                 :     3 45424.17186732298419044352
    2371                 :     2 45425.13273269940811464704
    2372                 :     1 45425.61317555035558641664
    2373                 :     0 45425.85339951654943850496
    2374                 : #endif
    2375                 : 
    2376                 : PNG_STATIC png_uint_32
    2377                 : png_exp(png_fixed_point x)
    2378                 : {
    2379                 :    if (x > 0 && x <= 0xfffff) /* Else overflow or zero (underflow) */
    2380                 :    {
    2381                 :       /* Obtain a 4-bit approximation */
    2382                 :       png_uint_32 e = png_32bit_exp[(x >> 12) & 0xf];
    2383                 : 
    2384                 :       /* Incorporate the low 12 bits - these decrease the returned value by
    2385                 :        * multiplying by a number less than 1 if the bit is set.  The multiplier
    2386                 :        * is determined by the above table and the shift. Notice that the values
    2387                 :        * converge on 45426 and this is used to allow linear interpolation of the
    2388                 :        * low bits.
    2389                 :        */
    2390                 :       if (x & 0x800)
    2391                 :          e -= (((e >> 16) * 44938U) +  16U) >> 5;
    2392                 : 
    2393                 :       if (x & 0x400)
    2394                 :          e -= (((e >> 16) * 45181U) +  32U) >> 6;
    2395                 : 
    2396                 :       if (x & 0x200)
    2397                 :          e -= (((e >> 16) * 45303U) +  64U) >> 7;
    2398                 : 
    2399                 :       if (x & 0x100)
    2400                 :          e -= (((e >> 16) * 45365U) + 128U) >> 8;
    2401                 : 
    2402                 :       if (x & 0x080)
    2403                 :          e -= (((e >> 16) * 45395U) + 256U) >> 9;
    2404                 : 
    2405                 :       if (x & 0x040)
    2406                 :          e -= (((e >> 16) * 45410U) + 512U) >> 10;
    2407                 : 
    2408                 :       /* And handle the low 6 bits in a single block. */
    2409                 :       e -= (((e >> 16) * 355U * (x & 0x3fU)) + 256U) >> 9;
    2410                 : 
    2411                 :       /* Handle the upper bits of x. */
    2412                 :       e >>= x >> 16;
    2413                 :       return e;
    2414                 :    }
    2415                 : 
    2416                 :    /* Check for overflow */
    2417                 :    if (x <= 0)
    2418                 :       return png_32bit_exp[0];
    2419                 : 
    2420                 :    /* Else underflow */
    2421                 :    return 0;
    2422                 : }
    2423                 : 
    2424                 : PNG_STATIC png_byte
    2425                 : png_exp8bit(png_fixed_point lg2)
    2426                 : {
    2427                 :    /* Get a 32-bit value: */
    2428                 :    png_uint_32 x = png_exp(lg2);
    2429                 : 
    2430                 :    /* Convert the 32-bit value to 0..255 by multiplying by 256-1, note that the
    2431                 :     * second, rounding, step can't overflow because of the first, subtraction,
    2432                 :     * step.
    2433                 :     */
    2434                 :    x -= x >> 8;
    2435                 :    return (png_byte)((x + 0x7fffffU) >> 24);
    2436                 : }
    2437                 : 
    2438                 : PNG_STATIC png_uint_16
    2439                 : png_exp16bit(png_fixed_point lg2)
    2440                 : {
    2441                 :    /* Get a 32-bit value: */
    2442                 :    png_uint_32 x = png_exp(lg2);
    2443                 : 
    2444                 :    /* Convert the 32-bit value to 0..65535 by multiplying by 65536-1: */
    2445                 :    x -= x >> 16;
    2446                 :    return (png_uint_16)((x + 32767U) >> 16);
    2447                 : }
    2448                 : #endif /* FLOATING_ARITHMETIC */
    2449                 : 
    2450                 : png_byte
    2451               0 : png_gamma_8bit_correct(unsigned int value, png_fixed_point gamma_val)
    2452                 : {
    2453               0 :    if (value > 0 && value < 255)
    2454                 :    {
    2455                 : #     ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
    2456               0 :          double r = floor(255*pow(value/255.,gamma_val*.00001)+.5);
    2457               0 :          return (png_byte)r;
    2458                 : #     else
    2459                 :          png_int_32 lg2 = png_log8bit(value);
    2460                 :          png_fixed_point res;
    2461                 : 
    2462                 :          if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1))
    2463                 :             return png_exp8bit(res);
    2464                 : 
    2465                 :          /* Overflow. */
    2466                 :          value = 0;
    2467                 : #     endif
    2468                 :    }
    2469                 : 
    2470               0 :    return (png_byte)value;
    2471                 : }
    2472                 : 
    2473                 : png_uint_16
    2474               0 : png_gamma_16bit_correct(unsigned int value, png_fixed_point gamma_val)
    2475                 : {
    2476               0 :    if (value > 0 && value < 65535)
    2477                 :    {
    2478                 : #     ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
    2479               0 :          double r = floor(65535*pow(value/65535.,gamma_val*.00001)+.5);
    2480               0 :          return (png_uint_16)r;
    2481                 : #     else
    2482                 :          png_int_32 lg2 = png_log16bit(value);
    2483                 :          png_fixed_point res;
    2484                 : 
    2485                 :          if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1))
    2486                 :             return png_exp16bit(res);
    2487                 : 
    2488                 :          /* Overflow. */
    2489                 :          value = 0;
    2490                 : #     endif
    2491                 :    }
    2492                 : 
    2493               0 :    return (png_uint_16)value;
    2494                 : }
    2495                 : 
    2496                 : /* This does the right thing based on the bit_depth field of the
    2497                 :  * png_struct, interpreting values as 8-bit or 16-bit.  While the result
    2498                 :  * is nominally a 16-bit value if bit depth is 8 then the result is
    2499                 :  * 8-bit (as are the arguments.)
    2500                 :  */
    2501                 : png_uint_16 /* PRIVATE */
    2502               0 : png_gamma_correct(png_structp png_ptr, unsigned int value,
    2503                 :     png_fixed_point gamma_val)
    2504                 : {
    2505               0 :    if (png_ptr->bit_depth == 8)
    2506               0 :       return png_gamma_8bit_correct(value, gamma_val);
    2507                 : 
    2508                 :    else
    2509               0 :       return png_gamma_16bit_correct(value, gamma_val);
    2510                 : }
    2511                 : 
    2512                 : /* This is the shared test on whether a gamma value is 'significant' - whether
    2513                 :  * it is worth doing gamma correction.
    2514                 :  */
    2515                 : int /* PRIVATE */
    2516               4 : png_gamma_significant(png_fixed_point gamma_val)
    2517                 : {
    2518               4 :    return gamma_val < PNG_FP_1 - PNG_GAMMA_THRESHOLD_FIXED ||
    2519                 :        gamma_val > PNG_FP_1 + PNG_GAMMA_THRESHOLD_FIXED;
    2520                 : }
    2521                 : 
    2522                 : /* Internal function to build a single 16-bit table - the table consists of
    2523                 :  * 'num' 256-entry subtables, where 'num' is determined by 'shift' - the amount
    2524                 :  * to shift the input values right (or 16-number_of_signifiant_bits).
    2525                 :  *
    2526                 :  * The caller is responsible for ensuring that the table gets cleaned up on
    2527                 :  * png_error (i.e. if one of the mallocs below fails) - i.e. the *table argument
    2528                 :  * should be somewhere that will be cleaned.
    2529                 :  */
    2530                 : static void
    2531               0 : png_build_16bit_table(png_structp png_ptr, png_uint_16pp *ptable,
    2532                 :    PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
    2533                 : {
    2534                 :    /* Various values derived from 'shift': */
    2535               0 :    PNG_CONST unsigned int num = 1U << (8U - shift);
    2536               0 :    PNG_CONST unsigned int max = (1U << (16U - shift))-1U;
    2537               0 :    PNG_CONST unsigned int max_by_2 = 1U << (15U-shift);
    2538                 :    unsigned int i;
    2539                 : 
    2540               0 :    png_uint_16pp table = *ptable =
    2541               0 :        (png_uint_16pp)png_calloc(png_ptr, num * png_sizeof(png_uint_16p));
    2542                 : 
    2543               0 :    for (i = 0; i < num; i++)
    2544                 :    {
    2545               0 :       png_uint_16p sub_table = table[i] =
    2546               0 :           (png_uint_16p)png_malloc(png_ptr, 256 * png_sizeof(png_uint_16));
    2547                 : 
    2548                 :       /* The 'threshold' test is repeated here because it can arise for one of
    2549                 :        * the 16-bit tables even if the others don't hit it.
    2550                 :        */
    2551               0 :       if (png_gamma_significant(gamma_val))
    2552                 :       {
    2553                 :          /* The old code would overflow at the end and this would cause the
    2554                 :           * 'pow' function to return a result >1, resulting in an
    2555                 :           * arithmetic error.  This code follows the spec exactly; ig is
    2556                 :           * the recovered input sample, it always has 8-16 bits.
    2557                 :           *
    2558                 :           * We want input * 65535/max, rounded, the arithmetic fits in 32
    2559                 :           * bits (unsigned) so long as max <= 32767.
    2560                 :           */
    2561                 :          unsigned int j;
    2562               0 :          for (j = 0; j < 256; j++)
    2563                 :          {
    2564               0 :             png_uint_32 ig = (j << (8-shift)) + i;
    2565                 : #           ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
    2566                 :                /* Inline the 'max' scaling operation: */
    2567               0 :                double d = floor(65535*pow(ig/(double)max, gamma_val*.00001)+.5);
    2568               0 :                sub_table[j] = (png_uint_16)d;
    2569                 : #           else
    2570                 :                if (shift)
    2571                 :                   ig = (ig * 65535U + max_by_2)/max;
    2572                 : 
    2573                 :                sub_table[j] = png_gamma_16bit_correct(ig, gamma_val);
    2574                 : #           endif
    2575                 :          }
    2576                 :       }
    2577                 :       else
    2578                 :       {
    2579                 :          /* We must still build a table, but do it the fast way. */
    2580                 :          unsigned int j;
    2581                 : 
    2582               0 :          for (j = 0; j < 256; j++)
    2583                 :          {
    2584               0 :             png_uint_32 ig = (j << (8-shift)) + i;
    2585                 : 
    2586               0 :             if (shift)
    2587               0 :                ig = (ig * 65535U + max_by_2)/max;
    2588                 : 
    2589               0 :             sub_table[j] = (png_uint_16)ig;
    2590                 :          }
    2591                 :       }
    2592                 :    }
    2593               0 : }
    2594                 : 
    2595                 : /* NOTE: this function expects the *inverse* of the overall gamma transformation
    2596                 :  * required.
    2597                 :  */
    2598                 : static void
    2599               0 : png_build_16to8_table(png_structp png_ptr, png_uint_16pp *ptable,
    2600                 :    PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
    2601                 : {
    2602               0 :    PNG_CONST unsigned int num = 1U << (8U - shift);
    2603               0 :    PNG_CONST unsigned int max = (1U << (16U - shift))-1U;
    2604                 :    unsigned int i;
    2605                 :    png_uint_32 last;
    2606                 : 
    2607               0 :    png_uint_16pp table = *ptable =
    2608               0 :        (png_uint_16pp)png_calloc(png_ptr, num * png_sizeof(png_uint_16p));
    2609                 : 
    2610                 :    /* 'num' is the number of tables and also the number of low bits of the
    2611                 :     * input 16-bit value used to select a table.  Each table is itself indexed
    2612                 :     * by the high 8 bits of the value.
    2613                 :     */
    2614               0 :    for (i = 0; i < num; i++)
    2615               0 :       table[i] = (png_uint_16p)png_malloc(png_ptr,
    2616                 :           256 * png_sizeof(png_uint_16));
    2617                 : 
    2618                 :    /* 'gamma_val' is set to the reciprocal of the value calculated above, so
    2619                 :     * pow(out,g) is an *input* value.  'last' is the last input value set.
    2620                 :     *
    2621                 :     * In the loop 'i' is used to find output values.  Since the output is
    2622                 :     * 8-bit there are only 256 possible values.  The tables are set up to
    2623                 :     * select the closest possible output value for each input by finding
    2624                 :     * the input value at the boundary between each pair of output values
    2625                 :     * and filling the table up to that boundary with the lower output
    2626                 :     * value.
    2627                 :     *
    2628                 :     * The boundary values are 0.5,1.5..253.5,254.5.  Since these are 9-bit
    2629                 :     * values the code below uses a 16-bit value in i; the values start at
    2630                 :     * 128.5 (for 0.5) and step by 257, for a total of 254 values (the last
    2631                 :     * entries are filled with 255).  Start i at 128 and fill all 'last'
    2632                 :     * table entries <= 'max'
    2633                 :     */
    2634               0 :    last = 0;
    2635               0 :    for (i = 0; i < 255; ++i) /* 8-bit output value */
    2636                 :    {
    2637                 :       /* Find the corresponding maximum input value */
    2638               0 :       png_uint_16 out = (png_uint_16)(i * 257U); /* 16-bit output value */
    2639                 : 
    2640                 :       /* Find the boundary value in 16 bits: */
    2641               0 :       png_uint_32 bound = png_gamma_16bit_correct(out+128U, gamma_val);
    2642                 : 
    2643                 :       /* Adjust (round) to (16-shift) bits: */
    2644               0 :       bound = (bound * max + 32768U)/65535U + 1U;
    2645                 : 
    2646               0 :       while (last < bound)
    2647                 :       {
    2648               0 :          table[last & (0xffU >> shift)][last >> (8U - shift)] = out;
    2649               0 :          last++;
    2650                 :       }
    2651                 :    }
    2652                 : 
    2653                 :    /* And fill in the final entries. */
    2654               0 :    while (last < (num << 8))
    2655                 :    {
    2656               0 :       table[last & (0xff >> shift)][last >> (8U - shift)] = 65535U;
    2657               0 :       last++;
    2658                 :    }
    2659               0 : }
    2660                 : 
    2661                 : /* Build a single 8-bit table: same as the 16-bit case but much simpler (and
    2662                 :  * typically much faster).  Note that libpng currently does no sBIT processing
    2663                 :  * (apparently contrary to the spec) so a 256-entry table is always generated.
    2664                 :  */
    2665                 : static void
    2666               0 : png_build_8bit_table(png_structp png_ptr, png_bytepp ptable,
    2667                 :    PNG_CONST png_fixed_point gamma_val)
    2668                 : {
    2669                 :    unsigned int i;
    2670               0 :    png_bytep table = *ptable = (png_bytep)png_malloc(png_ptr, 256);
    2671                 : 
    2672               0 :    if (png_gamma_significant(gamma_val)) for (i=0; i<256; i++)
    2673               0 :       table[i] = png_gamma_8bit_correct(i, gamma_val);
    2674                 : 
    2675               0 :    else for (i=0; i<256; ++i)
    2676               0 :       table[i] = (png_byte)i;
    2677               0 : }
    2678                 : 
    2679                 : /* Used from png_read_destroy and below to release the memory used by the gamma
    2680                 :  * tables.
    2681                 :  */
    2682                 : void /* PRIVATE */
    2683               4 : png_destroy_gamma_table(png_structp png_ptr)
    2684                 : {
    2685               4 :    png_free(png_ptr, png_ptr->gamma_table);
    2686               4 :    png_ptr->gamma_table = NULL;
    2687                 : 
    2688               4 :    if (png_ptr->gamma_16_table != NULL)
    2689                 :    {
    2690                 :       int i;
    2691               0 :       int istop = (1 << (8 - png_ptr->gamma_shift));
    2692               0 :       for (i = 0; i < istop; i++)
    2693                 :       {
    2694               0 :          png_free(png_ptr, png_ptr->gamma_16_table[i]);
    2695                 :       }
    2696               0 :    png_free(png_ptr, png_ptr->gamma_16_table);
    2697               0 :    png_ptr->gamma_16_table = NULL;
    2698                 :    }
    2699                 : 
    2700                 : #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
    2701                 :    defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
    2702                 :    defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
    2703                 :    png_free(png_ptr, png_ptr->gamma_from_1);
    2704                 :    png_ptr->gamma_from_1 = NULL;
    2705                 :    png_free(png_ptr, png_ptr->gamma_to_1);
    2706                 :    png_ptr->gamma_to_1 = NULL;
    2707                 : 
    2708                 :    if (png_ptr->gamma_16_from_1 != NULL)
    2709                 :    {
    2710                 :       int i;
    2711                 :       int istop = (1 << (8 - png_ptr->gamma_shift));
    2712                 :       for (i = 0; i < istop; i++)
    2713                 :       {
    2714                 :          png_free(png_ptr, png_ptr->gamma_16_from_1[i]);
    2715                 :       }
    2716                 :    png_free(png_ptr, png_ptr->gamma_16_from_1);
    2717                 :    png_ptr->gamma_16_from_1 = NULL;
    2718                 :    }
    2719                 :    if (png_ptr->gamma_16_to_1 != NULL)
    2720                 :    {
    2721                 :       int i;
    2722                 :       int istop = (1 << (8 - png_ptr->gamma_shift));
    2723                 :       for (i = 0; i < istop; i++)
    2724                 :       {
    2725                 :          png_free(png_ptr, png_ptr->gamma_16_to_1[i]);
    2726                 :       }
    2727                 :    png_free(png_ptr, png_ptr->gamma_16_to_1);
    2728                 :    png_ptr->gamma_16_to_1 = NULL;
    2729                 :    }
    2730                 : #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
    2731               4 : }
    2732                 : 
    2733                 : /* We build the 8- or 16-bit gamma tables here.  Note that for 16-bit
    2734                 :  * tables, we don't make a full table if we are reducing to 8-bit in
    2735                 :  * the future.  Note also how the gamma_16 tables are segmented so that
    2736                 :  * we don't need to allocate > 64K chunks for a full 16-bit table.
    2737                 :  */
    2738                 : void /* PRIVATE */
    2739               0 : png_build_gamma_table(png_structp png_ptr, int bit_depth)
    2740                 : {
    2741                 :   png_debug(1, "in png_build_gamma_table");
    2742                 : 
    2743                 :   /* Remove any existing table; this copes with multiple calls to
    2744                 :    * png_read_update_info.  The warning is because building the gamma tables
    2745                 :    * multiple times is a performance hit - it's harmless but the ability to call
    2746                 :    * png_read_update_info() multiple times is new in 1.5.6 so it seems sensible
    2747                 :    * to warn if the app introduces such a hit.
    2748                 :    */
    2749               0 :   if (png_ptr->gamma_table != NULL || png_ptr->gamma_16_table != NULL)
    2750                 :   {
    2751                 :     png_warning(png_ptr, "gamma table being rebuilt");
    2752               0 :     png_destroy_gamma_table(png_ptr);
    2753                 :   }
    2754                 : 
    2755               0 :   if (bit_depth <= 8)
    2756                 :   {
    2757               0 :      png_build_8bit_table(png_ptr, &png_ptr->gamma_table,
    2758               0 :          png_ptr->screen_gamma > 0 ?  png_reciprocal2(png_ptr->gamma,
    2759                 :          png_ptr->screen_gamma) : PNG_FP_1);
    2760                 : 
    2761                 : #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
    2762                 :    defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
    2763                 :    defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
    2764                 :      if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY))
    2765                 :      {
    2766                 :         png_build_8bit_table(png_ptr, &png_ptr->gamma_to_1,
    2767                 :             png_reciprocal(png_ptr->gamma));
    2768                 : 
    2769                 :         png_build_8bit_table(png_ptr, &png_ptr->gamma_from_1,
    2770                 :             png_ptr->screen_gamma > 0 ?  png_reciprocal(png_ptr->screen_gamma) :
    2771                 :             png_ptr->gamma/* Probably doing rgb_to_gray */);
    2772                 :      }
    2773                 : #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
    2774                 :   }
    2775                 :   else
    2776                 :   {
    2777                 :      png_byte shift, sig_bit;
    2778                 : 
    2779               0 :      if (png_ptr->color_type & PNG_COLOR_MASK_COLOR)
    2780                 :      {
    2781               0 :         sig_bit = png_ptr->sig_bit.red;
    2782                 : 
    2783               0 :         if (png_ptr->sig_bit.green > sig_bit)
    2784               0 :            sig_bit = png_ptr->sig_bit.green;
    2785                 : 
    2786               0 :         if (png_ptr->sig_bit.blue > sig_bit)
    2787               0 :            sig_bit = png_ptr->sig_bit.blue;
    2788                 :      }
    2789                 :      else
    2790               0 :         sig_bit = png_ptr->sig_bit.gray;
    2791                 : 
    2792                 :      /* 16-bit gamma code uses this equation:
    2793                 :       *
    2794                 :       *   ov = table[(iv & 0xff) >> gamma_shift][iv >> 8]
    2795                 :       *
    2796                 :       * Where 'iv' is the input color value and 'ov' is the output value -
    2797                 :       * pow(iv, gamma).
    2798                 :       *
    2799                 :       * Thus the gamma table consists of up to 256 256-entry tables.  The table
    2800                 :       * is selected by the (8-gamma_shift) most significant of the low 8 bits of
    2801                 :       * the color value then indexed by the upper 8 bits:
    2802                 :       *
    2803                 :       *   table[low bits][high 8 bits]
    2804                 :       *
    2805                 :       * So the table 'n' corresponds to all those 'iv' of:
    2806                 :       *
    2807                 :       *   <all high 8-bit values><n << gamma_shift>..<(n+1 << gamma_shift)-1>
    2808                 :       *
    2809                 :       */
    2810               0 :      if (sig_bit > 0 && sig_bit < 16U)
    2811               0 :         shift = (png_byte)(16U - sig_bit); /* shift == insignificant bits */
    2812                 : 
    2813                 :      else
    2814               0 :         shift = 0; /* keep all 16 bits */
    2815                 : 
    2816               0 :      if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8))
    2817                 :      {
    2818                 :         /* PNG_MAX_GAMMA_8 is the number of bits to keep - effectively
    2819                 :          * the significant bits in the *input* when the output will
    2820                 :          * eventually be 8 bits.  By default it is 11.
    2821                 :          */
    2822               0 :         if (shift < (16U - PNG_MAX_GAMMA_8))
    2823               0 :            shift = (16U - PNG_MAX_GAMMA_8);
    2824                 :      }
    2825                 : 
    2826               0 :      if (shift > 8U)
    2827               0 :         shift = 8U; /* Guarantees at least one table! */
    2828                 : 
    2829               0 :      png_ptr->gamma_shift = shift;
    2830                 : 
    2831                 : #ifdef PNG_16BIT_SUPPORTED
    2832                 :      /* NOTE: prior to 1.5.4 this test used to include PNG_BACKGROUND (now
    2833                 :       * PNG_COMPOSE).  This effectively smashed the background calculation for
    2834                 :       * 16-bit output because the 8-bit table assumes the result will be reduced
    2835                 :       * to 8 bits.
    2836                 :       */
    2837               0 :      if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8))
    2838                 : #endif
    2839               0 :          png_build_16to8_table(png_ptr, &png_ptr->gamma_16_table, shift,
    2840               0 :          png_ptr->screen_gamma > 0 ? png_product2(png_ptr->gamma,
    2841                 :          png_ptr->screen_gamma) : PNG_FP_1);
    2842                 : 
    2843                 : #ifdef PNG_16BIT_SUPPORTED
    2844                 :      else
    2845               0 :          png_build_16bit_table(png_ptr, &png_ptr->gamma_16_table, shift,
    2846               0 :          png_ptr->screen_gamma > 0 ? png_reciprocal2(png_ptr->gamma,
    2847                 :          png_ptr->screen_gamma) : PNG_FP_1);
    2848                 : #endif
    2849                 : 
    2850                 : #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
    2851                 :    defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
    2852                 :    defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
    2853                 :      if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY))
    2854                 :      {
    2855                 :         png_build_16bit_table(png_ptr, &png_ptr->gamma_16_to_1, shift,
    2856                 :             png_reciprocal(png_ptr->gamma));
    2857                 : 
    2858                 :         /* Notice that the '16 from 1' table should be full precision, however
    2859                 :          * the lookup on this table still uses gamma_shift, so it can't be.
    2860                 :          * TODO: fix this.
    2861                 :          */
    2862                 :         png_build_16bit_table(png_ptr, &png_ptr->gamma_16_from_1, shift,
    2863                 :             png_ptr->screen_gamma > 0 ? png_reciprocal(png_ptr->screen_gamma) :
    2864                 :             png_ptr->gamma/* Probably doing rgb_to_gray */);
    2865                 :      }
    2866                 : #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
    2867                 :   }
    2868               0 : }
    2869                 : #endif /* READ_GAMMA */
    2870                 : #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */

Generated by: LCOV version 1.7