1 2 /* pngvalid.c - validate libpng by constructing then reading png files. 3 * 4 * Last changed in libpng 1.6.24 [August 4, 2016] 5 * Copyright (c) 2014-2016 Glenn Randers-Pehrson 6 * Written by John Cunningham Bowler 7 * 8 * This code is released under the libpng license. 9 * For conditions of distribution and use, see the disclaimer 10 * and license in png.h 11 * 12 * NOTES: 13 * This is a C program that is intended to be linked against libpng. It 14 * generates bitmaps internally, stores them as PNG files (using the 15 * sequential write code) then reads them back (using the sequential 16 * read code) and validates that the result has the correct data. 17 * 18 * The program can be modified and extended to test the correctness of 19 * transformations performed by libpng. 20 */ 21 22 #define _POSIX_SOURCE 1 23 #define _ISOC99_SOURCE 1 /* For floating point */ 24 #define _GNU_SOURCE 1 /* For the floating point exception extension */ 25 26 #include <signal.h> 27 #include <stdio.h> 28 29 #if defined(HAVE_CONFIG_H) && !defined(PNG_NO_CONFIG_H) 30 # include <config.h> 31 #endif 32 33 #ifdef HAVE_FEENABLEEXCEPT /* from config.h, if included */ 34 # include <fenv.h> 35 #endif 36 37 #ifndef FE_DIVBYZERO 38 # define FE_DIVBYZERO 0 39 #endif 40 #ifndef FE_INVALID 41 # define FE_INVALID 0 42 #endif 43 #ifndef FE_OVERFLOW 44 # define FE_OVERFLOW 0 45 #endif 46 47 /* Define the following to use this test against your installed libpng, rather 48 * than the one being built here: 49 */ 50 #ifdef PNG_FREESTANDING_TESTS 51 # include <png.h> 52 #else 53 # include "../../png.h" 54 #endif 55 56 #ifdef PNG_ZLIB_HEADER 57 # include PNG_ZLIB_HEADER 58 #else 59 # include <zlib.h> /* For crc32 */ 60 #endif 61 62 /* 1.6.1 added support for the configure test harness, which uses 77 to indicate 63 * a skipped test, in earlier versions we need to succeed on a skipped test, so: 64 */ 65 #if PNG_LIBPNG_VER >= 10601 && defined(HAVE_CONFIG_H) 66 # define SKIP 77 67 #else 68 # define SKIP 0 69 #endif 70 71 /* pngvalid requires write support and one of the fixed or floating point APIs. 72 */ 73 #if defined(PNG_WRITE_SUPPORTED) &&\ 74 (defined(PNG_FIXED_POINT_SUPPORTED) || defined(PNG_FLOATING_POINT_SUPPORTED)) 75 76 #if PNG_LIBPNG_VER < 10500 77 /* This deliberately lacks the const. */ 78 typedef png_byte *png_const_bytep; 79 80 /* This is copied from 1.5.1 png.h: */ 81 #define PNG_INTERLACE_ADAM7_PASSES 7 82 #define PNG_PASS_START_ROW(pass) (((1U&~(pass))<<(3-((pass)>>1)))&7) 83 #define PNG_PASS_START_COL(pass) (((1U& (pass))<<(3-(((pass)+1)>>1)))&7) 84 #define PNG_PASS_ROW_SHIFT(pass) ((pass)>2?(8-(pass))>>1:3) 85 #define PNG_PASS_COL_SHIFT(pass) ((pass)>1?(7-(pass))>>1:3) 86 #define PNG_PASS_ROWS(height, pass) (((height)+(((1<<PNG_PASS_ROW_SHIFT(pass))\ 87 -1)-PNG_PASS_START_ROW(pass)))>>PNG_PASS_ROW_SHIFT(pass)) 88 #define PNG_PASS_COLS(width, pass) (((width)+(((1<<PNG_PASS_COL_SHIFT(pass))\ 89 -1)-PNG_PASS_START_COL(pass)))>>PNG_PASS_COL_SHIFT(pass)) 90 #define PNG_ROW_FROM_PASS_ROW(yIn, pass) \ 91 (((yIn)<<PNG_PASS_ROW_SHIFT(pass))+PNG_PASS_START_ROW(pass)) 92 #define PNG_COL_FROM_PASS_COL(xIn, pass) \ 93 (((xIn)<<PNG_PASS_COL_SHIFT(pass))+PNG_PASS_START_COL(pass)) 94 #define PNG_PASS_MASK(pass,off) ( \ 95 ((0x110145AFU>>(((7-(off))-(pass))<<2)) & 0xFU) | \ 96 ((0x01145AF0U>>(((7-(off))-(pass))<<2)) & 0xF0U)) 97 #define PNG_ROW_IN_INTERLACE_PASS(y, pass) \ 98 ((PNG_PASS_MASK(pass,0) >> ((y)&7)) & 1) 99 #define PNG_COL_IN_INTERLACE_PASS(x, pass) \ 100 ((PNG_PASS_MASK(pass,1) >> ((x)&7)) & 1) 101 102 /* These are needed too for the default build: */ 103 #define PNG_WRITE_16BIT_SUPPORTED 104 #define PNG_READ_16BIT_SUPPORTED 105 106 /* This comes from pnglibconf.h afer 1.5: */ 107 #define PNG_FP_1 100000 108 #define PNG_GAMMA_THRESHOLD_FIXED\ 109 ((png_fixed_point)(PNG_GAMMA_THRESHOLD * PNG_FP_1)) 110 #endif 111 112 #if PNG_LIBPNG_VER < 10600 113 /* 1.6.0 constifies many APIs, the following exists to allow pngvalid to be 114 * compiled against earlier versions. 115 */ 116 # define png_const_structp png_structp 117 #endif 118 119 #ifndef RELEASE_BUILD 120 /* RELEASE_BUILD is true for releases and release candidates: */ 121 # define RELEASE_BUILD (PNG_LIBPNG_BUILD_BASE_TYPE >= PNG_LIBPNG_BUILD_RC) 122 #endif 123 #if RELEASE_BUILD 124 # define debugonly(something) 125 #else /* !RELEASE_BUILD */ 126 # define debugonly(something) something 127 #endif /* !RELEASE_BUILD */ 128 129 #include <float.h> /* For floating point constants */ 130 #include <stdlib.h> /* For malloc */ 131 #include <string.h> /* For memcpy, memset */ 132 #include <math.h> /* For floor */ 133 134 /* Convenience macros. */ 135 #define CHUNK(a,b,c,d) (((a)<<24)+((b)<<16)+((c)<<8)+(d)) 136 #define CHUNK_IHDR CHUNK(73,72,68,82) 137 #define CHUNK_PLTE CHUNK(80,76,84,69) 138 #define CHUNK_IDAT CHUNK(73,68,65,84) 139 #define CHUNK_IEND CHUNK(73,69,78,68) 140 #define CHUNK_cHRM CHUNK(99,72,82,77) 141 #define CHUNK_gAMA CHUNK(103,65,77,65) 142 #define CHUNK_sBIT CHUNK(115,66,73,84) 143 #define CHUNK_sRGB CHUNK(115,82,71,66) 144 145 /* Unused formal parameter errors are removed using the following macro which is 146 * expected to have no bad effects on performance. 147 */ 148 #ifndef UNUSED 149 # if defined(__GNUC__) || defined(_MSC_VER) 150 # define UNUSED(param) (void)param; 151 # else 152 # define UNUSED(param) 153 # endif 154 #endif 155 156 /***************************** EXCEPTION HANDLING *****************************/ 157 #ifdef PNG_FREESTANDING_TESTS 158 # include <cexcept.h> 159 #else 160 # include "../visupng/cexcept.h" 161 #endif 162 163 #ifdef __cplusplus 164 # define this not_the_cpp_this 165 # define new not_the_cpp_new 166 # define voidcast(type, value) static_cast<type>(value) 167 #else 168 # define voidcast(type, value) (value) 169 #endif /* __cplusplus */ 170 171 struct png_store; 172 define_exception_type(struct png_store*); 173 174 /* The following are macros to reduce typing everywhere where the well known 175 * name 'the_exception_context' must be defined. 176 */ 177 #define anon_context(ps) struct exception_context *the_exception_context = \ 178 &(ps)->exception_context 179 #define context(ps,fault) anon_context(ps); png_store *fault 180 181 /* This macro returns the number of elements in an array as an (unsigned int), 182 * it is necessary to avoid the inability of certain versions of GCC to use 183 * the value of a compile-time constant when performing range checks. It must 184 * be passed an array name. 185 */ 186 #define ARRAY_SIZE(a) ((unsigned int)((sizeof (a))/(sizeof (a)[0]))) 187 188 /* GCC BUG 66447 (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66447) requires 189 * some broken GCC versions to be fixed up to avoid invalid whining about auto 190 * variables that are *not* changed within the scope of a setjmp being changed. 191 * 192 * Feel free to extend the list of broken versions. 193 */ 194 #define is_gnu(major,minor)\ 195 (defined __GNUC__) && __GNUC__ == (major) && __GNUC_MINOR__ == (minor) 196 #define is_gnu_patch(major,minor,patch)\ 197 is_gnu(major,minor) && __GNUC_PATCHLEVEL__ == 0 198 /* For the moment just do it always; all versions of GCC seem to be broken: */ 199 #ifdef __GNUC__ 200 const void * volatile make_volatile_for_gnu; 201 # define gnu_volatile(x) make_volatile_for_gnu = &x; 202 #else /* !GNUC broken versions */ 203 # define gnu_volatile(x) 204 #endif /* !GNUC broken versions */ 205 206 /******************************* UTILITIES ************************************/ 207 /* Error handling is particularly problematic in production code - error 208 * handlers often themselves have bugs which lead to programs that detect 209 * minor errors crashing. The following functions deal with one very 210 * common class of errors in error handlers - attempting to format error or 211 * warning messages into buffers that are too small. 212 */ 213 static size_t safecat(char *buffer, size_t bufsize, size_t pos, 214 const char *cat) 215 { 216 while (pos < bufsize && cat != NULL && *cat != 0) 217 buffer[pos++] = *cat++; 218 219 if (pos >= bufsize) 220 pos = bufsize-1; 221 222 buffer[pos] = 0; 223 return pos; 224 } 225 226 static size_t safecatn(char *buffer, size_t bufsize, size_t pos, int n) 227 { 228 char number[64]; 229 sprintf(number, "%d", n); 230 return safecat(buffer, bufsize, pos, number); 231 } 232 233 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 234 static size_t safecatd(char *buffer, size_t bufsize, size_t pos, double d, 235 int precision) 236 { 237 char number[64]; 238 sprintf(number, "%.*f", precision, d); 239 return safecat(buffer, bufsize, pos, number); 240 } 241 #endif 242 243 static const char invalid[] = "invalid"; 244 static const char sep[] = ": "; 245 246 static const char *colour_types[8] = 247 { 248 "grayscale", invalid, "truecolour", "indexed-colour", 249 "grayscale with alpha", invalid, "truecolour with alpha", invalid 250 }; 251 252 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 253 /* Convert a double precision value to fixed point. */ 254 static png_fixed_point 255 fix(double d) 256 { 257 d = floor(d * PNG_FP_1 + .5); 258 return (png_fixed_point)d; 259 } 260 #endif /* PNG_READ_SUPPORTED */ 261 262 /* Generate random bytes. This uses a boring repeatable algorithm and it 263 * is implemented here so that it gives the same set of numbers on every 264 * architecture. It's a linear congruential generator (Knuth or Sedgewick 265 * "Algorithms") but it comes from the 'feedback taps' table in Horowitz and 266 * Hill, "The Art of Electronics" (Pseudo-Random Bit Sequences and Noise 267 * Generation.) 268 */ 269 static void 270 make_random_bytes(png_uint_32* seed, void* pv, size_t size) 271 { 272 png_uint_32 u0 = seed[0], u1 = seed[1]; 273 png_bytep bytes = voidcast(png_bytep, pv); 274 275 /* There are thirty three bits, the next bit in the sequence is bit-33 XOR 276 * bit-20. The top 1 bit is in u1, the bottom 32 are in u0. 277 */ 278 size_t i; 279 for (i=0; i<size; ++i) 280 { 281 /* First generate 8 new bits then shift them in at the end. */ 282 png_uint_32 u = ((u0 >> (20-8)) ^ ((u1 << 7) | (u0 >> (32-7)))) & 0xff; 283 u1 <<= 8; 284 u1 |= u0 >> 24; 285 u0 <<= 8; 286 u0 |= u; 287 *bytes++ = (png_byte)u; 288 } 289 290 seed[0] = u0; 291 seed[1] = u1; 292 } 293 294 static void 295 make_four_random_bytes(png_uint_32* seed, png_bytep bytes) 296 { 297 make_random_bytes(seed, bytes, 4); 298 } 299 300 #if defined PNG_READ_SUPPORTED || defined PNG_WRITE_tRNS_SUPPORTED ||\ 301 defined PNG_WRITE_FILTER_SUPPORTED 302 static void 303 randomize(void *pv, size_t size) 304 { 305 static png_uint_32 random_seed[2] = {0x56789abc, 0xd}; 306 make_random_bytes(random_seed, pv, size); 307 } 308 309 #define R8(this) randomize(&(this), sizeof (this)) 310 311 #ifdef PNG_READ_SUPPORTED 312 static png_byte 313 random_byte(void) 314 { 315 unsigned char b1[1]; 316 randomize(b1, sizeof b1); 317 return b1[0]; 318 } 319 #endif /* READ */ 320 321 static png_uint_16 322 random_u16(void) 323 { 324 unsigned char b2[2]; 325 randomize(b2, sizeof b2); 326 return png_get_uint_16(b2); 327 } 328 329 #if defined PNG_READ_RGB_TO_GRAY_SUPPORTED ||\ 330 defined PNG_READ_FILLER_SUPPORTED 331 static png_uint_32 332 random_u32(void) 333 { 334 unsigned char b4[4]; 335 randomize(b4, sizeof b4); 336 return png_get_uint_32(b4); 337 } 338 #endif /* READ_FILLER || READ_RGB_TO_GRAY */ 339 340 #endif /* READ || WRITE_tRNS || WRITE_FILTER */ 341 342 #if defined PNG_READ_TRANSFORMS_SUPPORTED ||\ 343 defined PNG_WRITE_FILTER_SUPPORTED 344 static unsigned int 345 random_mod(unsigned int max) 346 { 347 return random_u16() % max; /* 0 .. max-1 */ 348 } 349 #endif /* READ_TRANSFORMS || WRITE_FILTER */ 350 351 #if (defined PNG_READ_RGB_TO_GRAY_SUPPORTED) ||\ 352 (defined PNG_READ_FILLER_SUPPORTED) 353 static int 354 random_choice(void) 355 { 356 return random_byte() & 1; 357 } 358 #endif /* READ_RGB_TO_GRAY || READ_FILLER */ 359 360 /* A numeric ID based on PNG file characteristics. The 'do_interlace' field 361 * simply records whether pngvalid did the interlace itself or whether it 362 * was done by libpng. Width and height must be less than 256. 'palette' is an 363 * index of the palette to use for formats with a palette otherwise a boolean 364 * indicating if a tRNS chunk was generated. 365 */ 366 #define FILEID(col, depth, palette, interlace, width, height, do_interlace) \ 367 ((png_uint_32)((col) + ((depth)<<3) + ((palette)<<8) + ((interlace)<<13) + \ 368 (((do_interlace)!=0)<<15) + ((width)<<16) + ((height)<<24))) 369 370 #define COL_FROM_ID(id) ((png_byte)((id)& 0x7U)) 371 #define DEPTH_FROM_ID(id) ((png_byte)(((id) >> 3) & 0x1fU)) 372 #define PALETTE_FROM_ID(id) (((id) >> 8) & 0x1f) 373 #define INTERLACE_FROM_ID(id) ((png_byte)(((id) >> 13) & 0x3)) 374 #define DO_INTERLACE_FROM_ID(id) ((int)(((id)>>15) & 1)) 375 #define WIDTH_FROM_ID(id) (((id)>>16) & 0xff) 376 #define HEIGHT_FROM_ID(id) (((id)>>24) & 0xff) 377 378 /* Utility to construct a standard name for a standard image. */ 379 static size_t 380 standard_name(char *buffer, size_t bufsize, size_t pos, png_byte colour_type, 381 int bit_depth, unsigned int npalette, int interlace_type, 382 png_uint_32 w, png_uint_32 h, int do_interlace) 383 { 384 pos = safecat(buffer, bufsize, pos, colour_types[colour_type]); 385 if (colour_type == 3) /* must have a palette */ 386 { 387 pos = safecat(buffer, bufsize, pos, "["); 388 pos = safecatn(buffer, bufsize, pos, npalette); 389 pos = safecat(buffer, bufsize, pos, "]"); 390 } 391 392 else if (npalette != 0) 393 pos = safecat(buffer, bufsize, pos, "+tRNS"); 394 395 pos = safecat(buffer, bufsize, pos, " "); 396 pos = safecatn(buffer, bufsize, pos, bit_depth); 397 pos = safecat(buffer, bufsize, pos, " bit"); 398 399 if (interlace_type != PNG_INTERLACE_NONE) 400 { 401 pos = safecat(buffer, bufsize, pos, " interlaced"); 402 if (do_interlace) 403 pos = safecat(buffer, bufsize, pos, "(pngvalid)"); 404 else 405 pos = safecat(buffer, bufsize, pos, "(libpng)"); 406 } 407 408 if (w > 0 || h > 0) 409 { 410 pos = safecat(buffer, bufsize, pos, " "); 411 pos = safecatn(buffer, bufsize, pos, w); 412 pos = safecat(buffer, bufsize, pos, "x"); 413 pos = safecatn(buffer, bufsize, pos, h); 414 } 415 416 return pos; 417 } 418 419 static size_t 420 standard_name_from_id(char *buffer, size_t bufsize, size_t pos, png_uint_32 id) 421 { 422 return standard_name(buffer, bufsize, pos, COL_FROM_ID(id), 423 DEPTH_FROM_ID(id), PALETTE_FROM_ID(id), INTERLACE_FROM_ID(id), 424 WIDTH_FROM_ID(id), HEIGHT_FROM_ID(id), DO_INTERLACE_FROM_ID(id)); 425 } 426 427 /* Convenience API and defines to list valid formats. Note that 16 bit read and 428 * write support is required to do 16 bit read tests (we must be able to make a 429 * 16 bit image to test!) 430 */ 431 #ifdef PNG_WRITE_16BIT_SUPPORTED 432 # define WRITE_BDHI 4 433 # ifdef PNG_READ_16BIT_SUPPORTED 434 # define READ_BDHI 4 435 # define DO_16BIT 436 # endif 437 #else 438 # define WRITE_BDHI 3 439 #endif 440 #ifndef DO_16BIT 441 # define READ_BDHI 3 442 #endif 443 444 /* The following defines the number of different palettes to generate for 445 * each log bit depth of a colour type 3 standard image. 446 */ 447 #define PALETTE_COUNT(bit_depth) ((bit_depth) > 4 ? 1U : 16U) 448 449 static int 450 next_format(png_bytep colour_type, png_bytep bit_depth, 451 unsigned int* palette_number, int low_depth_gray, int tRNS) 452 { 453 if (*bit_depth == 0) 454 { 455 *colour_type = 0; 456 if (low_depth_gray) 457 *bit_depth = 1; 458 else 459 *bit_depth = 8; 460 *palette_number = 0; 461 return 1; 462 } 463 464 if (*colour_type < 4/*no alpha channel*/) 465 { 466 /* Add multiple palettes for colour type 3, one image with tRNS 467 * and one without for other non-alpha formats: 468 */ 469 unsigned int pn = ++*palette_number; 470 png_byte ct = *colour_type; 471 472 if (((ct == 0/*GRAY*/ || ct/*RGB*/ == 2) && tRNS && pn < 2) || 473 (ct == 3/*PALETTE*/ && pn < PALETTE_COUNT(*bit_depth))) 474 return 1; 475 476 /* No: next bit depth */ 477 *palette_number = 0; 478 } 479 480 *bit_depth = (png_byte)(*bit_depth << 1); 481 482 /* Palette images are restricted to 8 bit depth */ 483 if (*bit_depth <= 8 484 #ifdef DO_16BIT 485 || (*colour_type != 3 && *bit_depth <= 16) 486 #endif 487 ) 488 return 1; 489 490 /* Move to the next color type, or return 0 at the end. */ 491 switch (*colour_type) 492 { 493 case 0: 494 *colour_type = 2; 495 *bit_depth = 8; 496 return 1; 497 498 case 2: 499 *colour_type = 3; 500 *bit_depth = 1; 501 return 1; 502 503 case 3: 504 *colour_type = 4; 505 *bit_depth = 8; 506 return 1; 507 508 case 4: 509 *colour_type = 6; 510 *bit_depth = 8; 511 return 1; 512 513 default: 514 return 0; 515 } 516 } 517 518 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 519 static unsigned int 520 sample(png_const_bytep row, png_byte colour_type, png_byte bit_depth, 521 png_uint_32 x, unsigned int sample_index, int swap16, int littleendian) 522 { 523 png_uint_32 bit_index, result; 524 525 /* Find a sample index for the desired sample: */ 526 x *= bit_depth; 527 bit_index = x; 528 529 if ((colour_type & 1) == 0) /* !palette */ 530 { 531 if (colour_type & 2) 532 bit_index *= 3; 533 534 if (colour_type & 4) 535 bit_index += x; /* Alpha channel */ 536 537 /* Multiple channels; select one: */ 538 if (colour_type & (2+4)) 539 bit_index += sample_index * bit_depth; 540 } 541 542 /* Return the sample from the row as an integer. */ 543 row += bit_index >> 3; 544 result = *row; 545 546 if (bit_depth == 8) 547 return result; 548 549 else if (bit_depth > 8) 550 { 551 if (swap16) 552 return (*++row << 8) + result; 553 else 554 return (result << 8) + *++row; 555 } 556 557 /* Less than 8 bits per sample. By default PNG has the big end of 558 * the egg on the left of the screen, but if littleendian is set 559 * then the big end is on the right. 560 */ 561 bit_index &= 7; 562 563 if (!littleendian) 564 bit_index = 8-bit_index-bit_depth; 565 566 return (result >> bit_index) & ((1U<<bit_depth)-1); 567 } 568 #endif /* PNG_READ_TRANSFORMS_SUPPORTED */ 569 570 /* Copy a single pixel, of a given size, from one buffer to another - 571 * while this is basically bit addressed there is an implicit assumption 572 * that pixels 8 or more bits in size are byte aligned and that pixels 573 * do not otherwise cross byte boundaries. (This is, so far as I know, 574 * universally true in bitmap computer graphics. [JCB 20101212]) 575 * 576 * NOTE: The to and from buffers may be the same. 577 */ 578 static void 579 pixel_copy(png_bytep toBuffer, png_uint_32 toIndex, 580 png_const_bytep fromBuffer, png_uint_32 fromIndex, unsigned int pixelSize, 581 int littleendian) 582 { 583 /* Assume we can multiply by 'size' without overflow because we are 584 * just working in a single buffer. 585 */ 586 toIndex *= pixelSize; 587 fromIndex *= pixelSize; 588 if (pixelSize < 8) /* Sub-byte */ 589 { 590 /* Mask to select the location of the copied pixel: */ 591 unsigned int destMask = ((1U<<pixelSize)-1) << 592 (littleendian ? toIndex&7 : 8-pixelSize-(toIndex&7)); 593 /* The following read the entire pixels and clears the extra: */ 594 unsigned int destByte = toBuffer[toIndex >> 3] & ~destMask; 595 unsigned int sourceByte = fromBuffer[fromIndex >> 3]; 596 597 /* Don't rely on << or >> supporting '0' here, just in case: */ 598 fromIndex &= 7; 599 if (littleendian) 600 { 601 if (fromIndex > 0) sourceByte >>= fromIndex; 602 if ((toIndex & 7) > 0) sourceByte <<= toIndex & 7; 603 } 604 605 else 606 { 607 if (fromIndex > 0) sourceByte <<= fromIndex; 608 if ((toIndex & 7) > 0) sourceByte >>= toIndex & 7; 609 } 610 611 toBuffer[toIndex >> 3] = (png_byte)(destByte | (sourceByte & destMask)); 612 } 613 else /* One or more bytes */ 614 memmove(toBuffer+(toIndex>>3), fromBuffer+(fromIndex>>3), pixelSize>>3); 615 } 616 617 #ifdef PNG_READ_SUPPORTED 618 /* Copy a complete row of pixels, taking into account potential partial 619 * bytes at the end. 620 */ 621 static void 622 row_copy(png_bytep toBuffer, png_const_bytep fromBuffer, unsigned int bitWidth, 623 int littleendian) 624 { 625 memcpy(toBuffer, fromBuffer, bitWidth >> 3); 626 627 if ((bitWidth & 7) != 0) 628 { 629 unsigned int mask; 630 631 toBuffer += bitWidth >> 3; 632 fromBuffer += bitWidth >> 3; 633 if (littleendian) 634 mask = 0xff << (bitWidth & 7); 635 else 636 mask = 0xff >> (bitWidth & 7); 637 *toBuffer = (png_byte)((*toBuffer & mask) | (*fromBuffer & ~mask)); 638 } 639 } 640 641 /* Compare pixels - they are assumed to start at the first byte in the 642 * given buffers. 643 */ 644 static int 645 pixel_cmp(png_const_bytep pa, png_const_bytep pb, png_uint_32 bit_width) 646 { 647 #if PNG_LIBPNG_VER < 10506 648 if (memcmp(pa, pb, bit_width>>3) == 0) 649 { 650 png_uint_32 p; 651 652 if ((bit_width & 7) == 0) return 0; 653 654 /* Ok, any differences? */ 655 p = pa[bit_width >> 3]; 656 p ^= pb[bit_width >> 3]; 657 658 if (p == 0) return 0; 659 660 /* There are, but they may not be significant, remove the bits 661 * after the end (the low order bits in PNG.) 662 */ 663 bit_width &= 7; 664 p >>= 8-bit_width; 665 666 if (p == 0) return 0; 667 } 668 #else 669 /* From libpng-1.5.6 the overwrite should be fixed, so compare the trailing 670 * bits too: 671 */ 672 if (memcmp(pa, pb, (bit_width+7)>>3) == 0) 673 return 0; 674 #endif 675 676 /* Return the index of the changed byte. */ 677 { 678 png_uint_32 where = 0; 679 680 while (pa[where] == pb[where]) ++where; 681 return 1+where; 682 } 683 } 684 #endif /* PNG_READ_SUPPORTED */ 685 686 /*************************** BASIC PNG FILE WRITING ***************************/ 687 /* A png_store takes data from the sequential writer or provides data 688 * to the sequential reader. It can also store the result of a PNG 689 * write for later retrieval. 690 */ 691 #define STORE_BUFFER_SIZE 500 /* arbitrary */ 692 typedef struct png_store_buffer 693 { 694 struct png_store_buffer* prev; /* NOTE: stored in reverse order */ 695 png_byte buffer[STORE_BUFFER_SIZE]; 696 } png_store_buffer; 697 698 #define FILE_NAME_SIZE 64 699 700 typedef struct store_palette_entry /* record of a single palette entry */ 701 { 702 png_byte red; 703 png_byte green; 704 png_byte blue; 705 png_byte alpha; 706 } store_palette_entry, store_palette[256]; 707 708 typedef struct png_store_file 709 { 710 struct png_store_file* next; /* as many as you like... */ 711 char name[FILE_NAME_SIZE]; 712 unsigned int IDAT_bits; /* Number of bits in IDAT size */ 713 png_uint_32 IDAT_size; /* Total size of IDAT data */ 714 png_uint_32 id; /* must be correct (see FILEID) */ 715 png_size_t datacount; /* In this (the last) buffer */ 716 png_store_buffer data; /* Last buffer in file */ 717 int npalette; /* Number of entries in palette */ 718 store_palette_entry* palette; /* May be NULL */ 719 } png_store_file; 720 721 /* The following is a pool of memory allocated by a single libpng read or write 722 * operation. 723 */ 724 typedef struct store_pool 725 { 726 struct png_store *store; /* Back pointer */ 727 struct store_memory *list; /* List of allocated memory */ 728 png_byte mark[4]; /* Before and after data */ 729 730 /* Statistics for this run. */ 731 png_alloc_size_t max; /* Maximum single allocation */ 732 png_alloc_size_t current; /* Current allocation */ 733 png_alloc_size_t limit; /* Highest current allocation */ 734 png_alloc_size_t total; /* Total allocation */ 735 736 /* Overall statistics (retained across successive runs). */ 737 png_alloc_size_t max_max; 738 png_alloc_size_t max_limit; 739 png_alloc_size_t max_total; 740 } store_pool; 741 742 typedef struct png_store 743 { 744 /* For cexcept.h exception handling - simply store one of these; 745 * the context is a self pointer but it may point to a different 746 * png_store (in fact it never does in this program.) 747 */ 748 struct exception_context 749 exception_context; 750 751 unsigned int verbose :1; 752 unsigned int treat_warnings_as_errors :1; 753 unsigned int expect_error :1; 754 unsigned int expect_warning :1; 755 unsigned int saw_warning :1; 756 unsigned int speed :1; 757 unsigned int progressive :1; /* use progressive read */ 758 unsigned int validated :1; /* used as a temporary flag */ 759 int nerrors; 760 int nwarnings; 761 int noptions; /* number of options below: */ 762 struct { 763 unsigned char option; /* option number, 0..30 */ 764 unsigned char setting; /* setting (unset,invalid,on,off) */ 765 } options[16]; 766 char test[128]; /* Name of test */ 767 char error[256]; 768 769 /* Share fields */ 770 png_uint_32 chunklen; /* Length of chunk+overhead (chunkpos >= 8) */ 771 png_uint_32 chunktype;/* Type of chunk (valid if chunkpos >= 4) */ 772 png_uint_32 chunkpos; /* Position in chunk */ 773 png_uint_32 IDAT_size;/* Accumulated IDAT size in .new */ 774 unsigned int IDAT_bits;/* Cache of the file store value */ 775 776 /* Read fields */ 777 png_structp pread; /* Used to read a saved file */ 778 png_infop piread; 779 png_store_file* current; /* Set when reading */ 780 png_store_buffer* next; /* Set when reading */ 781 png_size_t readpos; /* Position in *next */ 782 png_byte* image; /* Buffer for reading interlaced images */ 783 png_size_t cb_image; /* Size of this buffer */ 784 png_size_t cb_row; /* Row size of the image(s) */ 785 uLong IDAT_crc; 786 png_uint_32 IDAT_len; /* Used when re-chunking IDAT chunks */ 787 png_uint_32 IDAT_pos; /* Used when re-chunking IDAT chunks */ 788 png_uint_32 image_h; /* Number of rows in a single image */ 789 store_pool read_memory_pool; 790 791 /* Write fields */ 792 png_store_file* saved; 793 png_structp pwrite; /* Used when writing a new file */ 794 png_infop piwrite; 795 png_size_t writepos; /* Position in .new */ 796 char wname[FILE_NAME_SIZE]; 797 png_store_buffer new; /* The end of the new PNG file being written. */ 798 store_pool write_memory_pool; 799 store_palette_entry* palette; 800 int npalette; 801 } png_store; 802 803 /* Initialization and cleanup */ 804 static void 805 store_pool_mark(png_bytep mark) 806 { 807 static png_uint_32 store_seed[2] = { 0x12345678, 1}; 808 809 make_four_random_bytes(store_seed, mark); 810 } 811 812 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 813 /* Use this for random 32 bit values; this function makes sure the result is 814 * non-zero. 815 */ 816 static png_uint_32 817 random_32(void) 818 { 819 820 for (;;) 821 { 822 png_byte mark[4]; 823 png_uint_32 result; 824 825 store_pool_mark(mark); 826 result = png_get_uint_32(mark); 827 828 if (result != 0) 829 return result; 830 } 831 } 832 #endif /* PNG_READ_SUPPORTED */ 833 834 static void 835 store_pool_init(png_store *ps, store_pool *pool) 836 { 837 memset(pool, 0, sizeof *pool); 838 839 pool->store = ps; 840 pool->list = NULL; 841 pool->max = pool->current = pool->limit = pool->total = 0; 842 pool->max_max = pool->max_limit = pool->max_total = 0; 843 store_pool_mark(pool->mark); 844 } 845 846 static void 847 store_init(png_store* ps) 848 { 849 memset(ps, 0, sizeof *ps); 850 init_exception_context(&ps->exception_context); 851 store_pool_init(ps, &ps->read_memory_pool); 852 store_pool_init(ps, &ps->write_memory_pool); 853 ps->verbose = 0; 854 ps->treat_warnings_as_errors = 0; 855 ps->expect_error = 0; 856 ps->expect_warning = 0; 857 ps->saw_warning = 0; 858 ps->speed = 0; 859 ps->progressive = 0; 860 ps->validated = 0; 861 ps->nerrors = ps->nwarnings = 0; 862 ps->pread = NULL; 863 ps->piread = NULL; 864 ps->saved = ps->current = NULL; 865 ps->next = NULL; 866 ps->readpos = 0; 867 ps->image = NULL; 868 ps->cb_image = 0; 869 ps->cb_row = 0; 870 ps->image_h = 0; 871 ps->pwrite = NULL; 872 ps->piwrite = NULL; 873 ps->writepos = 0; 874 ps->chunkpos = 8; 875 ps->chunktype = 0; 876 ps->chunklen = 16; 877 ps->IDAT_size = 0; 878 ps->IDAT_bits = 0; 879 ps->new.prev = NULL; 880 ps->palette = NULL; 881 ps->npalette = 0; 882 ps->noptions = 0; 883 } 884 885 static void 886 store_freebuffer(png_store_buffer* psb) 887 { 888 if (psb->prev) 889 { 890 store_freebuffer(psb->prev); 891 free(psb->prev); 892 psb->prev = NULL; 893 } 894 } 895 896 static void 897 store_freenew(png_store *ps) 898 { 899 store_freebuffer(&ps->new); 900 ps->writepos = 0; 901 ps->chunkpos = 8; 902 ps->chunktype = 0; 903 ps->chunklen = 16; 904 ps->IDAT_size = 0; 905 ps->IDAT_bits = 0; 906 if (ps->palette != NULL) 907 { 908 free(ps->palette); 909 ps->palette = NULL; 910 ps->npalette = 0; 911 } 912 } 913 914 static void 915 store_storenew(png_store *ps) 916 { 917 png_store_buffer *pb; 918 919 pb = voidcast(png_store_buffer*, malloc(sizeof *pb)); 920 921 if (pb == NULL) 922 png_error(ps->pwrite, "store new: OOM"); 923 924 *pb = ps->new; 925 ps->new.prev = pb; 926 ps->writepos = 0; 927 } 928 929 static void 930 store_freefile(png_store_file **ppf) 931 { 932 if (*ppf != NULL) 933 { 934 store_freefile(&(*ppf)->next); 935 936 store_freebuffer(&(*ppf)->data); 937 (*ppf)->datacount = 0; 938 if ((*ppf)->palette != NULL) 939 { 940 free((*ppf)->palette); 941 (*ppf)->palette = NULL; 942 (*ppf)->npalette = 0; 943 } 944 free(*ppf); 945 *ppf = NULL; 946 } 947 } 948 949 static unsigned int 950 bits_of(png_uint_32 num) 951 { 952 /* Return the number of bits in 'num' */ 953 unsigned int b = 0; 954 955 if (num & 0xffff0000U) b += 16U, num >>= 16; 956 if (num & 0xff00U) b += 8U, num >>= 8; 957 if (num & 0xf0U) b += 4U, num >>= 4; 958 if (num & 0xcU) b += 2U, num >>= 2; 959 if (num & 0x2U) ++b, num >>= 1; 960 if (num) ++b; 961 962 return b; /* 0..32 */ 963 } 964 965 /* Main interface to file storeage, after writing a new PNG file (see the API 966 * below) call store_storefile to store the result with the given name and id. 967 */ 968 static void 969 store_storefile(png_store *ps, png_uint_32 id) 970 { 971 png_store_file *pf; 972 973 if (ps->chunkpos != 0U || ps->chunktype != 0U || ps->chunklen != 0U || 974 ps->IDAT_size == 0) 975 png_error(ps->pwrite, "storefile: incomplete write"); 976 977 pf = voidcast(png_store_file*, malloc(sizeof *pf)); 978 if (pf == NULL) 979 png_error(ps->pwrite, "storefile: OOM"); 980 safecat(pf->name, sizeof pf->name, 0, ps->wname); 981 pf->id = id; 982 pf->data = ps->new; 983 pf->datacount = ps->writepos; 984 pf->IDAT_size = ps->IDAT_size; 985 pf->IDAT_bits = bits_of(ps->IDAT_size); 986 /* Because the IDAT always has zlib header stuff this must be true: */ 987 if (pf->IDAT_bits == 0U) 988 png_error(ps->pwrite, "storefile: 0 sized IDAT"); 989 ps->new.prev = NULL; 990 ps->writepos = 0; 991 ps->chunkpos = 8; 992 ps->chunktype = 0; 993 ps->chunklen = 16; 994 ps->IDAT_size = 0; 995 pf->palette = ps->palette; 996 pf->npalette = ps->npalette; 997 ps->palette = 0; 998 ps->npalette = 0; 999 1000 /* And save it. */ 1001 pf->next = ps->saved; 1002 ps->saved = pf; 1003 } 1004 1005 /* Generate an error message (in the given buffer) */ 1006 static size_t 1007 store_message(png_store *ps, png_const_structp pp, char *buffer, size_t bufsize, 1008 size_t pos, const char *msg) 1009 { 1010 if (pp != NULL && pp == ps->pread) 1011 { 1012 /* Reading a file */ 1013 pos = safecat(buffer, bufsize, pos, "read: "); 1014 1015 if (ps->current != NULL) 1016 { 1017 pos = safecat(buffer, bufsize, pos, ps->current->name); 1018 pos = safecat(buffer, bufsize, pos, sep); 1019 } 1020 } 1021 1022 else if (pp != NULL && pp == ps->pwrite) 1023 { 1024 /* Writing a file */ 1025 pos = safecat(buffer, bufsize, pos, "write: "); 1026 pos = safecat(buffer, bufsize, pos, ps->wname); 1027 pos = safecat(buffer, bufsize, pos, sep); 1028 } 1029 1030 else 1031 { 1032 /* Neither reading nor writing (or a memory error in struct delete) */ 1033 pos = safecat(buffer, bufsize, pos, "pngvalid: "); 1034 } 1035 1036 if (ps->test[0] != 0) 1037 { 1038 pos = safecat(buffer, bufsize, pos, ps->test); 1039 pos = safecat(buffer, bufsize, pos, sep); 1040 } 1041 pos = safecat(buffer, bufsize, pos, msg); 1042 return pos; 1043 } 1044 1045 /* Verbose output to the error stream: */ 1046 static void 1047 store_verbose(png_store *ps, png_const_structp pp, png_const_charp prefix, 1048 png_const_charp message) 1049 { 1050 char buffer[512]; 1051 1052 if (prefix) 1053 fputs(prefix, stderr); 1054 1055 (void)store_message(ps, pp, buffer, sizeof buffer, 0, message); 1056 fputs(buffer, stderr); 1057 fputc('\n', stderr); 1058 } 1059 1060 /* Log an error or warning - the relevant count is always incremented. */ 1061 static void 1062 store_log(png_store* ps, png_const_structp pp, png_const_charp message, 1063 int is_error) 1064 { 1065 /* The warning is copied to the error buffer if there are no errors and it is 1066 * the first warning. The error is copied to the error buffer if it is the 1067 * first error (overwriting any prior warnings). 1068 */ 1069 if (is_error ? (ps->nerrors)++ == 0 : 1070 (ps->nwarnings)++ == 0 && ps->nerrors == 0) 1071 store_message(ps, pp, ps->error, sizeof ps->error, 0, message); 1072 1073 if (ps->verbose) 1074 store_verbose(ps, pp, is_error ? "error: " : "warning: ", message); 1075 } 1076 1077 #ifdef PNG_READ_SUPPORTED 1078 /* Internal error function, called with a png_store but no libpng stuff. */ 1079 static void 1080 internal_error(png_store *ps, png_const_charp message) 1081 { 1082 store_log(ps, NULL, message, 1 /* error */); 1083 1084 /* And finally throw an exception. */ 1085 { 1086 struct exception_context *the_exception_context = &ps->exception_context; 1087 Throw ps; 1088 } 1089 } 1090 #endif /* PNG_READ_SUPPORTED */ 1091 1092 /* Functions to use as PNG callbacks. */ 1093 static void PNGCBAPI 1094 store_error(png_structp ppIn, png_const_charp message) /* PNG_NORETURN */ 1095 { 1096 png_const_structp pp = ppIn; 1097 png_store *ps = voidcast(png_store*, png_get_error_ptr(pp)); 1098 1099 if (!ps->expect_error) 1100 store_log(ps, pp, message, 1 /* error */); 1101 1102 /* And finally throw an exception. */ 1103 { 1104 struct exception_context *the_exception_context = &ps->exception_context; 1105 Throw ps; 1106 } 1107 } 1108 1109 static void PNGCBAPI 1110 store_warning(png_structp ppIn, png_const_charp message) 1111 { 1112 png_const_structp pp = ppIn; 1113 png_store *ps = voidcast(png_store*, png_get_error_ptr(pp)); 1114 1115 if (!ps->expect_warning) 1116 store_log(ps, pp, message, 0 /* warning */); 1117 else 1118 ps->saw_warning = 1; 1119 } 1120 1121 /* These somewhat odd functions are used when reading an image to ensure that 1122 * the buffer is big enough, the png_structp is for errors. 1123 */ 1124 /* Return a single row from the correct image. */ 1125 static png_bytep 1126 store_image_row(const png_store* ps, png_const_structp pp, int nImage, 1127 png_uint_32 y) 1128 { 1129 png_size_t coffset = (nImage * ps->image_h + y) * (ps->cb_row + 5) + 2; 1130 1131 if (ps->image == NULL) 1132 png_error(pp, "no allocated image"); 1133 1134 if (coffset + ps->cb_row + 3 > ps->cb_image) 1135 png_error(pp, "image too small"); 1136 1137 return ps->image + coffset; 1138 } 1139 1140 static void 1141 store_image_free(png_store *ps, png_const_structp pp) 1142 { 1143 if (ps->image != NULL) 1144 { 1145 png_bytep image = ps->image; 1146 1147 if (image[-1] != 0xed || image[ps->cb_image] != 0xfe) 1148 { 1149 if (pp != NULL) 1150 png_error(pp, "png_store image overwrite (1)"); 1151 else 1152 store_log(ps, NULL, "png_store image overwrite (2)", 1); 1153 } 1154 1155 ps->image = NULL; 1156 ps->cb_image = 0; 1157 --image; 1158 free(image); 1159 } 1160 } 1161 1162 static void 1163 store_ensure_image(png_store *ps, png_const_structp pp, int nImages, 1164 png_size_t cbRow, png_uint_32 cRows) 1165 { 1166 png_size_t cb = nImages * cRows * (cbRow + 5); 1167 1168 if (ps->cb_image < cb) 1169 { 1170 png_bytep image; 1171 1172 store_image_free(ps, pp); 1173 1174 /* The buffer is deliberately mis-aligned. */ 1175 image = voidcast(png_bytep, malloc(cb+2)); 1176 if (image == NULL) 1177 { 1178 /* Called from the startup - ignore the error for the moment. */ 1179 if (pp == NULL) 1180 return; 1181 1182 png_error(pp, "OOM allocating image buffer"); 1183 } 1184 1185 /* These magic tags are used to detect overwrites above. */ 1186 ++image; 1187 image[-1] = 0xed; 1188 image[cb] = 0xfe; 1189 1190 ps->image = image; 1191 ps->cb_image = cb; 1192 } 1193 1194 /* We have an adequate sized image; lay out the rows. There are 2 bytes at 1195 * the start and three at the end of each (this ensures that the row 1196 * alignment starts out odd - 2+1 and changes for larger images on each row.) 1197 */ 1198 ps->cb_row = cbRow; 1199 ps->image_h = cRows; 1200 1201 /* For error checking, the whole buffer is set to 10110010 (0xb2 - 178). 1202 * This deliberately doesn't match the bits in the size test image which are 1203 * outside the image; these are set to 0xff (all 1). To make the row 1204 * comparison work in the 'size' test case the size rows are pre-initialized 1205 * to the same value prior to calling 'standard_row'. 1206 */ 1207 memset(ps->image, 178, cb); 1208 1209 /* Then put in the marks. */ 1210 while (--nImages >= 0) 1211 { 1212 png_uint_32 y; 1213 1214 for (y=0; y<cRows; ++y) 1215 { 1216 png_bytep row = store_image_row(ps, pp, nImages, y); 1217 1218 /* The markers: */ 1219 row[-2] = 190; 1220 row[-1] = 239; 1221 row[cbRow] = 222; 1222 row[cbRow+1] = 173; 1223 row[cbRow+2] = 17; 1224 } 1225 } 1226 } 1227 1228 #ifdef PNG_READ_SUPPORTED 1229 static void 1230 store_image_check(const png_store* ps, png_const_structp pp, int iImage) 1231 { 1232 png_const_bytep image = ps->image; 1233 1234 if (image[-1] != 0xed || image[ps->cb_image] != 0xfe) 1235 png_error(pp, "image overwrite"); 1236 else 1237 { 1238 png_size_t cbRow = ps->cb_row; 1239 png_uint_32 rows = ps->image_h; 1240 1241 image += iImage * (cbRow+5) * ps->image_h; 1242 1243 image += 2; /* skip image first row markers */ 1244 1245 while (rows-- > 0) 1246 { 1247 if (image[-2] != 190 || image[-1] != 239) 1248 png_error(pp, "row start overwritten"); 1249 1250 if (image[cbRow] != 222 || image[cbRow+1] != 173 || 1251 image[cbRow+2] != 17) 1252 png_error(pp, "row end overwritten"); 1253 1254 image += cbRow+5; 1255 } 1256 } 1257 } 1258 #endif /* PNG_READ_SUPPORTED */ 1259 1260 static int 1261 valid_chunktype(png_uint_32 chunktype) 1262 { 1263 /* Each byte in the chunk type must be in one of the ranges 65..90, 97..122 1264 * (both inclusive), so: 1265 */ 1266 unsigned int i; 1267 1268 for (i=0; i<4; ++i) 1269 { 1270 unsigned int c = chunktype & 0xffU; 1271 1272 if (!((c >= 65U && c <= 90U) || (c >= 97U && c <= 122U))) 1273 return 0; 1274 1275 chunktype >>= 8; 1276 } 1277 1278 return 1; /* It's valid */ 1279 } 1280 1281 static void PNGCBAPI 1282 store_write(png_structp ppIn, png_bytep pb, png_size_t st) 1283 { 1284 png_const_structp pp = ppIn; 1285 png_store *ps = voidcast(png_store*, png_get_io_ptr(pp)); 1286 size_t writepos = ps->writepos; 1287 png_uint_32 chunkpos = ps->chunkpos; 1288 png_uint_32 chunktype = ps->chunktype; 1289 png_uint_32 chunklen = ps->chunklen; 1290 1291 if (ps->pwrite != pp) 1292 png_error(pp, "store state damaged"); 1293 1294 /* Technically this is legal, but in practice libpng never writes more than 1295 * the maximum chunk size at once so if it happens something weird has 1296 * changed inside libpng (probably). 1297 */ 1298 if (st > 0x7fffffffU) 1299 png_error(pp, "unexpected write size"); 1300 1301 /* Now process the bytes to be written. Do this in units of the space in the 1302 * output (write) buffer or, at the start 4 bytes for the chunk type and 1303 * length limited in any case by the amount of data. 1304 */ 1305 while (st > 0) 1306 { 1307 if (writepos >= STORE_BUFFER_SIZE) 1308 store_storenew(ps), writepos = 0; 1309 1310 if (chunkpos < 4) 1311 { 1312 png_byte b = *pb++; 1313 --st; 1314 chunklen = (chunklen << 8) + b; 1315 ps->new.buffer[writepos++] = b; 1316 ++chunkpos; 1317 } 1318 1319 else if (chunkpos < 8) 1320 { 1321 png_byte b = *pb++; 1322 --st; 1323 chunktype = (chunktype << 8) + b; 1324 ps->new.buffer[writepos++] = b; 1325 1326 if (++chunkpos == 8) 1327 { 1328 chunklen &= 0xffffffffU; 1329 if (chunklen > 0x7fffffffU) 1330 png_error(pp, "chunk length too great"); 1331 1332 chunktype &= 0xffffffffU; 1333 if (chunktype == CHUNK_IDAT) 1334 { 1335 if (chunklen > ~ps->IDAT_size) 1336 png_error(pp, "pngvalid internal image too large"); 1337 1338 ps->IDAT_size += chunklen; 1339 } 1340 1341 else if (!valid_chunktype(chunktype)) 1342 png_error(pp, "invalid chunk type"); 1343 1344 chunklen += 12; /* for header and CRC */ 1345 } 1346 } 1347 1348 else /* chunkpos >= 8 */ 1349 { 1350 png_size_t cb = st; 1351 1352 if (cb > STORE_BUFFER_SIZE - writepos) 1353 cb = STORE_BUFFER_SIZE - writepos; 1354 1355 if (cb > chunklen - chunkpos/* bytes left in chunk*/) 1356 cb = (png_size_t)/*SAFE*/(chunklen - chunkpos); 1357 1358 memcpy(ps->new.buffer + writepos, pb, cb); 1359 chunkpos += (png_uint_32)/*SAFE*/cb; 1360 pb += cb; 1361 writepos += cb; 1362 st -= cb; 1363 1364 if (chunkpos >= chunklen) /* must be equal */ 1365 chunkpos = chunktype = chunklen = 0; 1366 } 1367 } /* while (st > 0) */ 1368 1369 ps->writepos = writepos; 1370 ps->chunkpos = chunkpos; 1371 ps->chunktype = chunktype; 1372 ps->chunklen = chunklen; 1373 } 1374 1375 static void PNGCBAPI 1376 store_flush(png_structp ppIn) 1377 { 1378 UNUSED(ppIn) /*DOES NOTHING*/ 1379 } 1380 1381 #ifdef PNG_READ_SUPPORTED 1382 static size_t 1383 store_read_buffer_size(png_store *ps) 1384 { 1385 /* Return the bytes available for read in the current buffer. */ 1386 if (ps->next != &ps->current->data) 1387 return STORE_BUFFER_SIZE; 1388 1389 return ps->current->datacount; 1390 } 1391 1392 /* Return total bytes available for read. */ 1393 static size_t 1394 store_read_buffer_avail(png_store *ps) 1395 { 1396 if (ps->current != NULL && ps->next != NULL) 1397 { 1398 png_store_buffer *next = &ps->current->data; 1399 size_t cbAvail = ps->current->datacount; 1400 1401 while (next != ps->next && next != NULL) 1402 { 1403 next = next->prev; 1404 cbAvail += STORE_BUFFER_SIZE; 1405 } 1406 1407 if (next != ps->next) 1408 png_error(ps->pread, "buffer read error"); 1409 1410 if (cbAvail > ps->readpos) 1411 return cbAvail - ps->readpos; 1412 } 1413 1414 return 0; 1415 } 1416 1417 static int 1418 store_read_buffer_next(png_store *ps) 1419 { 1420 png_store_buffer *pbOld = ps->next; 1421 png_store_buffer *pbNew = &ps->current->data; 1422 if (pbOld != pbNew) 1423 { 1424 while (pbNew != NULL && pbNew->prev != pbOld) 1425 pbNew = pbNew->prev; 1426 1427 if (pbNew != NULL) 1428 { 1429 ps->next = pbNew; 1430 ps->readpos = 0; 1431 return 1; 1432 } 1433 1434 png_error(ps->pread, "buffer lost"); 1435 } 1436 1437 return 0; /* EOF or error */ 1438 } 1439 1440 /* Need separate implementation and callback to allow use of the same code 1441 * during progressive read, where the io_ptr is set internally by libpng. 1442 */ 1443 static void 1444 store_read_imp(png_store *ps, png_bytep pb, png_size_t st) 1445 { 1446 if (ps->current == NULL || ps->next == NULL) 1447 png_error(ps->pread, "store state damaged"); 1448 1449 while (st > 0) 1450 { 1451 size_t cbAvail = store_read_buffer_size(ps) - ps->readpos; 1452 1453 if (cbAvail > 0) 1454 { 1455 if (cbAvail > st) cbAvail = st; 1456 memcpy(pb, ps->next->buffer + ps->readpos, cbAvail); 1457 st -= cbAvail; 1458 pb += cbAvail; 1459 ps->readpos += cbAvail; 1460 } 1461 1462 else if (!store_read_buffer_next(ps)) 1463 png_error(ps->pread, "read beyond end of file"); 1464 } 1465 } 1466 1467 static png_size_t 1468 store_read_chunk(png_store *ps, png_bytep pb, const png_size_t max, 1469 const png_size_t min) 1470 { 1471 png_uint_32 chunklen = ps->chunklen; 1472 png_uint_32 chunktype = ps->chunktype; 1473 png_uint_32 chunkpos = ps->chunkpos; 1474 png_size_t st = max; 1475 1476 if (st > 0) do 1477 { 1478 if (chunkpos >= chunklen) /* end of last chunk */ 1479 { 1480 png_byte buffer[8]; 1481 1482 /* Read the header of the next chunk: */ 1483 store_read_imp(ps, buffer, 8U); 1484 chunklen = png_get_uint_32(buffer) + 12U; 1485 chunktype = png_get_uint_32(buffer+4U); 1486 chunkpos = 0U; /* Position read so far */ 1487 } 1488 1489 if (chunktype == CHUNK_IDAT) 1490 { 1491 png_uint_32 IDAT_pos = ps->IDAT_pos; 1492 png_uint_32 IDAT_len = ps->IDAT_len; 1493 png_uint_32 IDAT_size = ps->IDAT_size; 1494 1495 /* The IDAT headers are constructed here; skip the input header. */ 1496 if (chunkpos < 8U) 1497 chunkpos = 8U; 1498 1499 if (IDAT_pos == IDAT_len) 1500 { 1501 png_byte random = random_byte(); 1502 1503 /* Make a new IDAT chunk, if IDAT_len is 0 this is the first IDAT, 1504 * if IDAT_size is 0 this is the end. At present this is set up 1505 * using a random number so that there is a 25% chance before 1506 * the start of the first IDAT chunk being 0 length. 1507 */ 1508 if (IDAT_len == 0U) /* First IDAT */ 1509 { 1510 switch (random & 3U) 1511 { 1512 case 0U: IDAT_len = 12U; break; /* 0 bytes */ 1513 case 1U: IDAT_len = 13U; break; /* 1 byte */ 1514 default: IDAT_len = random_u32(); 1515 IDAT_len %= IDAT_size; 1516 IDAT_len += 13U; /* 1..IDAT_size bytes */ 1517 break; 1518 } 1519 } 1520 1521 else if (IDAT_size == 0U) /* all IDAT data read */ 1522 { 1523 /* The last (IDAT) chunk should be positioned at the CRC now: */ 1524 if (chunkpos != chunklen-4U) 1525 png_error(ps->pread, "internal: IDAT size mismatch"); 1526 1527 /* The only option here is to add a zero length IDAT, this 1528 * happens 25% of the time. Because of the check above 1529 * chunklen-4U-chunkpos must be zero, we just need to skip the 1530 * CRC now. 1531 */ 1532 if ((random & 3U) == 0U) 1533 IDAT_len = 12U; /* Output another 0 length IDAT */ 1534 1535 else 1536 { 1537 /* End of IDATs, skip the CRC to make the code above load the 1538 * next chunk header next time round. 1539 */ 1540 png_byte buffer[4]; 1541 1542 store_read_imp(ps, buffer, 4U); 1543 chunkpos += 4U; 1544 ps->IDAT_pos = IDAT_pos; 1545 ps->IDAT_len = IDAT_len; 1546 ps->IDAT_size = 0U; 1547 continue; /* Read the next chunk */ 1548 } 1549 } 1550 1551 else 1552 { 1553 /* Middle of IDATs, use 'random' to determine the number of bits 1554 * to use in the IDAT length. 1555 */ 1556 IDAT_len = random_u32(); 1557 IDAT_len &= (1U << (1U + random % ps->IDAT_bits)) - 1U; 1558 if (IDAT_len > IDAT_size) 1559 IDAT_len = IDAT_size; 1560 IDAT_len += 12U; /* zero bytes may occur */ 1561 } 1562 1563 IDAT_pos = 0U; 1564 ps->IDAT_crc = 0x35af061e; /* Ie: crc32(0UL, "IDAT", 4) */ 1565 } /* IDAT_pos == IDAT_len */ 1566 1567 if (IDAT_pos < 8U) /* Return the header */ do 1568 { 1569 png_uint_32 b; 1570 unsigned int shift; 1571 1572 if (IDAT_pos < 4U) 1573 b = IDAT_len - 12U; 1574 1575 else 1576 b = CHUNK_IDAT; 1577 1578 shift = 3U & IDAT_pos; 1579 ++IDAT_pos; 1580 1581 if (shift < 3U) 1582 b >>= 8U*(3U-shift); 1583 1584 *pb++ = 0xffU & b; 1585 } 1586 while (--st > 0 && IDAT_pos < 8); 1587 1588 else if (IDAT_pos < IDAT_len - 4U) /* I.e not the CRC */ 1589 { 1590 if (chunkpos < chunklen-4U) 1591 { 1592 uInt avail = (uInt)-1; 1593 1594 if (avail > (IDAT_len-4U) - IDAT_pos) 1595 avail = (uInt)/*SAFE*/((IDAT_len-4U) - IDAT_pos); 1596 1597 if (avail > st) 1598 avail = (uInt)/*SAFE*/st; 1599 1600 if (avail > (chunklen-4U) - chunkpos) 1601 avail = (uInt)/*SAFE*/((chunklen-4U) - chunkpos); 1602 1603 store_read_imp(ps, pb, avail); 1604 ps->IDAT_crc = crc32(ps->IDAT_crc, pb, avail); 1605 pb += (png_size_t)/*SAFE*/avail; 1606 st -= (png_size_t)/*SAFE*/avail; 1607 chunkpos += (png_uint_32)/*SAFE*/avail; 1608 IDAT_size -= (png_uint_32)/*SAFE*/avail; 1609 IDAT_pos += (png_uint_32)/*SAFE*/avail; 1610 } 1611 1612 else /* skip the input CRC */ 1613 { 1614 png_byte buffer[4]; 1615 1616 store_read_imp(ps, buffer, 4U); 1617 chunkpos += 4U; 1618 } 1619 } 1620 1621 else /* IDAT crc */ do 1622 { 1623 uLong b = ps->IDAT_crc; 1624 unsigned int shift = (IDAT_len - IDAT_pos); /* 4..1 */ 1625 ++IDAT_pos; 1626 1627 if (shift > 1U) 1628 b >>= 8U*(shift-1U); 1629 1630 *pb++ = 0xffU & b; 1631 } 1632 while (--st > 0 && IDAT_pos < IDAT_len); 1633 1634 ps->IDAT_pos = IDAT_pos; 1635 ps->IDAT_len = IDAT_len; 1636 ps->IDAT_size = IDAT_size; 1637 } 1638 1639 else /* !IDAT */ 1640 { 1641 /* If there is still some pending IDAT data after the IDAT chunks have 1642 * been processed there is a problem: 1643 */ 1644 if (ps->IDAT_len > 0 && ps->IDAT_size > 0) 1645 png_error(ps->pread, "internal: missing IDAT data"); 1646 1647 if (chunktype == CHUNK_IEND && ps->IDAT_len == 0U) 1648 png_error(ps->pread, "internal: missing IDAT"); 1649 1650 if (chunkpos < 8U) /* Return the header */ do 1651 { 1652 png_uint_32 b; 1653 unsigned int shift; 1654 1655 if (chunkpos < 4U) 1656 b = chunklen - 12U; 1657 1658 else 1659 b = chunktype; 1660 1661 shift = 3U & chunkpos; 1662 ++chunkpos; 1663 1664 if (shift < 3U) 1665 b >>= 8U*(3U-shift); 1666 1667 *pb++ = 0xffU & b; 1668 } 1669 while (--st > 0 && chunkpos < 8); 1670 1671 else /* Return chunk bytes, including the CRC */ 1672 { 1673 png_size_t avail = st; 1674 1675 if (avail > chunklen - chunkpos) 1676 avail = (png_size_t)/*SAFE*/(chunklen - chunkpos); 1677 1678 store_read_imp(ps, pb, avail); 1679 pb += avail; 1680 st -= avail; 1681 chunkpos += (png_uint_32)/*SAFE*/avail; 1682 1683 /* Check for end of chunk and end-of-file; don't try to read a new 1684 * chunk header at this point unless instructed to do so by 'min'. 1685 */ 1686 if (chunkpos >= chunklen && max-st >= min && 1687 store_read_buffer_avail(ps) == 0) 1688 break; 1689 } 1690 } /* !IDAT */ 1691 } 1692 while (st > 0); 1693 1694 ps->chunklen = chunklen; 1695 ps->chunktype = chunktype; 1696 ps->chunkpos = chunkpos; 1697 1698 return st; /* space left */ 1699 } 1700 1701 static void PNGCBAPI 1702 store_read(png_structp ppIn, png_bytep pb, png_size_t st) 1703 { 1704 png_const_structp pp = ppIn; 1705 png_store *ps = voidcast(png_store*, png_get_io_ptr(pp)); 1706 1707 if (ps == NULL || ps->pread != pp) 1708 png_error(pp, "bad store read call"); 1709 1710 store_read_chunk(ps, pb, st, st); 1711 } 1712 1713 static void 1714 store_progressive_read(png_store *ps, png_structp pp, png_infop pi) 1715 { 1716 if (ps->pread != pp || ps->current == NULL || ps->next == NULL) 1717 png_error(pp, "store state damaged (progressive)"); 1718 1719 /* This is another Horowitz and Hill random noise generator. In this case 1720 * the aim is to stress the progressive reader with truly horrible variable 1721 * buffer sizes in the range 1..500, so a sequence of 9 bit random numbers 1722 * is generated. We could probably just count from 1 to 32767 and get as 1723 * good a result. 1724 */ 1725 while (store_read_buffer_avail(ps) > 0) 1726 { 1727 static png_uint_32 noise = 2; 1728 png_size_t cb; 1729 png_byte buffer[512]; 1730 1731 /* Generate 15 more bits of stuff: */ 1732 noise = (noise << 9) | ((noise ^ (noise >> (9-5))) & 0x1ff); 1733 cb = noise & 0x1ff; 1734 cb -= store_read_chunk(ps, buffer, cb, 1); 1735 png_process_data(pp, pi, buffer, cb); 1736 } 1737 } 1738 #endif /* PNG_READ_SUPPORTED */ 1739 1740 /* The caller must fill this in: */ 1741 static store_palette_entry * 1742 store_write_palette(png_store *ps, int npalette) 1743 { 1744 if (ps->pwrite == NULL) 1745 store_log(ps, NULL, "attempt to write palette without write stream", 1); 1746 1747 if (ps->palette != NULL) 1748 png_error(ps->pwrite, "multiple store_write_palette calls"); 1749 1750 /* This function can only return NULL if called with '0'! */ 1751 if (npalette > 0) 1752 { 1753 ps->palette = voidcast(store_palette_entry*, malloc(npalette * 1754 sizeof *ps->palette)); 1755 1756 if (ps->palette == NULL) 1757 png_error(ps->pwrite, "store new palette: OOM"); 1758 1759 ps->npalette = npalette; 1760 } 1761 1762 return ps->palette; 1763 } 1764 1765 #ifdef PNG_READ_SUPPORTED 1766 static store_palette_entry * 1767 store_current_palette(png_store *ps, int *npalette) 1768 { 1769 /* This is an internal error (the call has been made outside a read 1770 * operation.) 1771 */ 1772 if (ps->current == NULL) 1773 { 1774 store_log(ps, ps->pread, "no current stream for palette", 1); 1775 return NULL; 1776 } 1777 1778 /* The result may be null if there is no palette. */ 1779 *npalette = ps->current->npalette; 1780 return ps->current->palette; 1781 } 1782 #endif /* PNG_READ_SUPPORTED */ 1783 1784 /***************************** MEMORY MANAGEMENT*** ***************************/ 1785 #ifdef PNG_USER_MEM_SUPPORTED 1786 /* A store_memory is simply the header for an allocated block of memory. The 1787 * pointer returned to libpng is just after the end of the header block, the 1788 * allocated memory is followed by a second copy of the 'mark'. 1789 */ 1790 typedef struct store_memory 1791 { 1792 store_pool *pool; /* Originating pool */ 1793 struct store_memory *next; /* Singly linked list */ 1794 png_alloc_size_t size; /* Size of memory allocated */ 1795 png_byte mark[4]; /* ID marker */ 1796 } store_memory; 1797 1798 /* Handle a fatal error in memory allocation. This calls png_error if the 1799 * libpng struct is non-NULL, else it outputs a message and returns. This means 1800 * that a memory problem while libpng is running will abort (png_error) the 1801 * handling of particular file while one in cleanup (after the destroy of the 1802 * struct has returned) will simply keep going and free (or attempt to free) 1803 * all the memory. 1804 */ 1805 static void 1806 store_pool_error(png_store *ps, png_const_structp pp, const char *msg) 1807 { 1808 if (pp != NULL) 1809 png_error(pp, msg); 1810 1811 /* Else we have to do it ourselves. png_error eventually calls store_log, 1812 * above. store_log accepts a NULL png_structp - it just changes what gets 1813 * output by store_message. 1814 */ 1815 store_log(ps, pp, msg, 1 /* error */); 1816 } 1817 1818 static void 1819 store_memory_free(png_const_structp pp, store_pool *pool, store_memory *memory) 1820 { 1821 /* Note that pp may be NULL (see store_pool_delete below), the caller has 1822 * found 'memory' in pool->list *and* unlinked this entry, so this is a valid 1823 * pointer (for sure), but the contents may have been trashed. 1824 */ 1825 if (memory->pool != pool) 1826 store_pool_error(pool->store, pp, "memory corrupted (pool)"); 1827 1828 else if (memcmp(memory->mark, pool->mark, sizeof memory->mark) != 0) 1829 store_pool_error(pool->store, pp, "memory corrupted (start)"); 1830 1831 /* It should be safe to read the size field now. */ 1832 else 1833 { 1834 png_alloc_size_t cb = memory->size; 1835 1836 if (cb > pool->max) 1837 store_pool_error(pool->store, pp, "memory corrupted (size)"); 1838 1839 else if (memcmp((png_bytep)(memory+1)+cb, pool->mark, sizeof pool->mark) 1840 != 0) 1841 store_pool_error(pool->store, pp, "memory corrupted (end)"); 1842 1843 /* Finally give the library a chance to find problems too: */ 1844 else 1845 { 1846 pool->current -= cb; 1847 free(memory); 1848 } 1849 } 1850 } 1851 1852 static void 1853 store_pool_delete(png_store *ps, store_pool *pool) 1854 { 1855 if (pool->list != NULL) 1856 { 1857 fprintf(stderr, "%s: %s %s: memory lost (list follows):\n", ps->test, 1858 pool == &ps->read_memory_pool ? "read" : "write", 1859 pool == &ps->read_memory_pool ? (ps->current != NULL ? 1860 ps->current->name : "unknown file") : ps->wname); 1861 ++ps->nerrors; 1862 1863 do 1864 { 1865 store_memory *next = pool->list; 1866 pool->list = next->next; 1867 next->next = NULL; 1868 1869 fprintf(stderr, "\t%lu bytes @ %p\n", 1870 (unsigned long)next->size, (const void*)(next+1)); 1871 /* The NULL means this will always return, even if the memory is 1872 * corrupted. 1873 */ 1874 store_memory_free(NULL, pool, next); 1875 } 1876 while (pool->list != NULL); 1877 } 1878 1879 /* And reset the other fields too for the next time. */ 1880 if (pool->max > pool->max_max) pool->max_max = pool->max; 1881 pool->max = 0; 1882 if (pool->current != 0) /* unexpected internal error */ 1883 fprintf(stderr, "%s: %s %s: memory counter mismatch (internal error)\n", 1884 ps->test, pool == &ps->read_memory_pool ? "read" : "write", 1885 pool == &ps->read_memory_pool ? (ps->current != NULL ? 1886 ps->current->name : "unknown file") : ps->wname); 1887 pool->current = 0; 1888 1889 if (pool->limit > pool->max_limit) 1890 pool->max_limit = pool->limit; 1891 1892 pool->limit = 0; 1893 1894 if (pool->total > pool->max_total) 1895 pool->max_total = pool->total; 1896 1897 pool->total = 0; 1898 1899 /* Get a new mark too. */ 1900 store_pool_mark(pool->mark); 1901 } 1902 1903 /* The memory callbacks: */ 1904 static png_voidp PNGCBAPI 1905 store_malloc(png_structp ppIn, png_alloc_size_t cb) 1906 { 1907 png_const_structp pp = ppIn; 1908 store_pool *pool = voidcast(store_pool*, png_get_mem_ptr(pp)); 1909 store_memory *new = voidcast(store_memory*, malloc(cb + (sizeof *new) + 1910 (sizeof pool->mark))); 1911 1912 if (new != NULL) 1913 { 1914 if (cb > pool->max) 1915 pool->max = cb; 1916 1917 pool->current += cb; 1918 1919 if (pool->current > pool->limit) 1920 pool->limit = pool->current; 1921 1922 pool->total += cb; 1923 1924 new->size = cb; 1925 memcpy(new->mark, pool->mark, sizeof new->mark); 1926 memcpy((png_byte*)(new+1) + cb, pool->mark, sizeof pool->mark); 1927 new->pool = pool; 1928 new->next = pool->list; 1929 pool->list = new; 1930 ++new; 1931 } 1932 1933 else 1934 { 1935 /* NOTE: the PNG user malloc function cannot use the png_ptr it is passed 1936 * other than to retrieve the allocation pointer! libpng calls the 1937 * store_malloc callback in two basic cases: 1938 * 1939 * 1) From png_malloc; png_malloc will do a png_error itself if NULL is 1940 * returned. 1941 * 2) From png_struct or png_info structure creation; png_malloc is 1942 * to return so cleanup can be performed. 1943 * 1944 * To handle this store_malloc can log a message, but can't do anything 1945 * else. 1946 */ 1947 store_log(pool->store, pp, "out of memory", 1 /* is_error */); 1948 } 1949 1950 return new; 1951 } 1952 1953 static void PNGCBAPI 1954 store_free(png_structp ppIn, png_voidp memory) 1955 { 1956 png_const_structp pp = ppIn; 1957 store_pool *pool = voidcast(store_pool*, png_get_mem_ptr(pp)); 1958 store_memory *this = voidcast(store_memory*, memory), **test; 1959 1960 /* Because libpng calls store_free with a dummy png_struct when deleting 1961 * png_struct or png_info via png_destroy_struct_2 it is necessary to check 1962 * the passed in png_structp to ensure it is valid, and not pass it to 1963 * png_error if it is not. 1964 */ 1965 if (pp != pool->store->pread && pp != pool->store->pwrite) 1966 pp = NULL; 1967 1968 /* First check that this 'memory' really is valid memory - it must be in the 1969 * pool list. If it is, use the shared memory_free function to free it. 1970 */ 1971 --this; 1972 for (test = &pool->list; *test != this; test = &(*test)->next) 1973 { 1974 if (*test == NULL) 1975 { 1976 store_pool_error(pool->store, pp, "bad pointer to free"); 1977 return; 1978 } 1979 } 1980 1981 /* Unlink this entry, *test == this. */ 1982 *test = this->next; 1983 this->next = NULL; 1984 store_memory_free(pp, pool, this); 1985 } 1986 #endif /* PNG_USER_MEM_SUPPORTED */ 1987 1988 /* Setup functions. */ 1989 /* Cleanup when aborting a write or after storing the new file. */ 1990 static void 1991 store_write_reset(png_store *ps) 1992 { 1993 if (ps->pwrite != NULL) 1994 { 1995 anon_context(ps); 1996 1997 Try 1998 png_destroy_write_struct(&ps->pwrite, &ps->piwrite); 1999 2000 Catch_anonymous 2001 { 2002 /* memory corruption: continue. */ 2003 } 2004 2005 ps->pwrite = NULL; 2006 ps->piwrite = NULL; 2007 } 2008 2009 /* And make sure that all the memory has been freed - this will output 2010 * spurious errors in the case of memory corruption above, but this is safe. 2011 */ 2012 # ifdef PNG_USER_MEM_SUPPORTED 2013 store_pool_delete(ps, &ps->write_memory_pool); 2014 # endif 2015 2016 store_freenew(ps); 2017 } 2018 2019 /* The following is the main write function, it returns a png_struct and, 2020 * optionally, a png_info suitable for writiing a new PNG file. Use 2021 * store_storefile above to record this file after it has been written. The 2022 * returned libpng structures as destroyed by store_write_reset above. 2023 */ 2024 static png_structp 2025 set_store_for_write(png_store *ps, png_infopp ppi, const char *name) 2026 { 2027 anon_context(ps); 2028 2029 Try 2030 { 2031 if (ps->pwrite != NULL) 2032 png_error(ps->pwrite, "write store already in use"); 2033 2034 store_write_reset(ps); 2035 safecat(ps->wname, sizeof ps->wname, 0, name); 2036 2037 /* Don't do the slow memory checks if doing a speed test, also if user 2038 * memory is not supported we can't do it anyway. 2039 */ 2040 # ifdef PNG_USER_MEM_SUPPORTED 2041 if (!ps->speed) 2042 ps->pwrite = png_create_write_struct_2(PNG_LIBPNG_VER_STRING, 2043 ps, store_error, store_warning, &ps->write_memory_pool, 2044 store_malloc, store_free); 2045 2046 else 2047 # endif 2048 ps->pwrite = png_create_write_struct(PNG_LIBPNG_VER_STRING, 2049 ps, store_error, store_warning); 2050 2051 png_set_write_fn(ps->pwrite, ps, store_write, store_flush); 2052 2053 # ifdef PNG_SET_OPTION_SUPPORTED 2054 { 2055 int opt; 2056 for (opt=0; opt<ps->noptions; ++opt) 2057 if (png_set_option(ps->pwrite, ps->options[opt].option, 2058 ps->options[opt].setting) == PNG_OPTION_INVALID) 2059 png_error(ps->pwrite, "png option invalid"); 2060 } 2061 # endif 2062 2063 if (ppi != NULL) 2064 *ppi = ps->piwrite = png_create_info_struct(ps->pwrite); 2065 } 2066 2067 Catch_anonymous 2068 return NULL; 2069 2070 return ps->pwrite; 2071 } 2072 2073 /* Cleanup when finished reading (either due to error or in the success case). 2074 * This routine exists even when there is no read support to make the code 2075 * tidier (avoid a mass of ifdefs) and so easier to maintain. 2076 */ 2077 static void 2078 store_read_reset(png_store *ps) 2079 { 2080 # ifdef PNG_READ_SUPPORTED 2081 if (ps->pread != NULL) 2082 { 2083 anon_context(ps); 2084 2085 Try 2086 png_destroy_read_struct(&ps->pread, &ps->piread, NULL); 2087 2088 Catch_anonymous 2089 { 2090 /* error already output: continue */ 2091 } 2092 2093 ps->pread = NULL; 2094 ps->piread = NULL; 2095 } 2096 # endif 2097 2098 # ifdef PNG_USER_MEM_SUPPORTED 2099 /* Always do this to be safe. */ 2100 store_pool_delete(ps, &ps->read_memory_pool); 2101 # endif 2102 2103 ps->current = NULL; 2104 ps->next = NULL; 2105 ps->readpos = 0; 2106 ps->validated = 0; 2107 2108 ps->chunkpos = 8; 2109 ps->chunktype = 0; 2110 ps->chunklen = 16; 2111 ps->IDAT_size = 0; 2112 } 2113 2114 #ifdef PNG_READ_SUPPORTED 2115 static void 2116 store_read_set(png_store *ps, png_uint_32 id) 2117 { 2118 png_store_file *pf = ps->saved; 2119 2120 while (pf != NULL) 2121 { 2122 if (pf->id == id) 2123 { 2124 ps->current = pf; 2125 ps->next = NULL; 2126 ps->IDAT_size = pf->IDAT_size; 2127 ps->IDAT_bits = pf->IDAT_bits; /* just a cache */ 2128 ps->IDAT_len = 0; 2129 ps->IDAT_pos = 0; 2130 ps->IDAT_crc = 0UL; 2131 store_read_buffer_next(ps); 2132 return; 2133 } 2134 2135 pf = pf->next; 2136 } 2137 2138 { 2139 size_t pos; 2140 char msg[FILE_NAME_SIZE+64]; 2141 2142 pos = standard_name_from_id(msg, sizeof msg, 0, id); 2143 pos = safecat(msg, sizeof msg, pos, ": file not found"); 2144 png_error(ps->pread, msg); 2145 } 2146 } 2147 2148 /* The main interface for reading a saved file - pass the id number of the file 2149 * to retrieve. Ids must be unique or the earlier file will be hidden. The API 2150 * returns a png_struct and, optionally, a png_info. Both of these will be 2151 * destroyed by store_read_reset above. 2152 */ 2153 static png_structp 2154 set_store_for_read(png_store *ps, png_infopp ppi, png_uint_32 id, 2155 const char *name) 2156 { 2157 /* Set the name for png_error */ 2158 safecat(ps->test, sizeof ps->test, 0, name); 2159 2160 if (ps->pread != NULL) 2161 png_error(ps->pread, "read store already in use"); 2162 2163 store_read_reset(ps); 2164 2165 /* Both the create APIs can return NULL if used in their default mode 2166 * (because there is no other way of handling an error because the jmp_buf 2167 * by default is stored in png_struct and that has not been allocated!) 2168 * However, given that store_error works correctly in these circumstances 2169 * we don't ever expect NULL in this program. 2170 */ 2171 # ifdef PNG_USER_MEM_SUPPORTED 2172 if (!ps->speed) 2173 ps->pread = png_create_read_struct_2(PNG_LIBPNG_VER_STRING, ps, 2174 store_error, store_warning, &ps->read_memory_pool, store_malloc, 2175 store_free); 2176 2177 else 2178 # endif 2179 ps->pread = png_create_read_struct(PNG_LIBPNG_VER_STRING, ps, store_error, 2180 store_warning); 2181 2182 if (ps->pread == NULL) 2183 { 2184 struct exception_context *the_exception_context = &ps->exception_context; 2185 2186 store_log(ps, NULL, "png_create_read_struct returned NULL (unexpected)", 2187 1 /*error*/); 2188 2189 Throw ps; 2190 } 2191 2192 # ifdef PNG_SET_OPTION_SUPPORTED 2193 { 2194 int opt; 2195 for (opt=0; opt<ps->noptions; ++opt) 2196 if (png_set_option(ps->pread, ps->options[opt].option, 2197 ps->options[opt].setting) == PNG_OPTION_INVALID) 2198 png_error(ps->pread, "png option invalid"); 2199 } 2200 # endif 2201 2202 store_read_set(ps, id); 2203 2204 if (ppi != NULL) 2205 *ppi = ps->piread = png_create_info_struct(ps->pread); 2206 2207 return ps->pread; 2208 } 2209 #endif /* PNG_READ_SUPPORTED */ 2210 2211 /* The overall cleanup of a store simply calls the above then removes all the 2212 * saved files. This does not delete the store itself. 2213 */ 2214 static void 2215 store_delete(png_store *ps) 2216 { 2217 store_write_reset(ps); 2218 store_read_reset(ps); 2219 store_freefile(&ps->saved); 2220 store_image_free(ps, NULL); 2221 } 2222 2223 /*********************** PNG FILE MODIFICATION ON READ ************************/ 2224 /* Files may be modified on read. The following structure contains a complete 2225 * png_store together with extra members to handle modification and a special 2226 * read callback for libpng. To use this the 'modifications' field must be set 2227 * to a list of png_modification structures that actually perform the 2228 * modification, otherwise a png_modifier is functionally equivalent to a 2229 * png_store. There is a special read function, set_modifier_for_read, which 2230 * replaces set_store_for_read. 2231 */ 2232 typedef enum modifier_state 2233 { 2234 modifier_start, /* Initial value */ 2235 modifier_signature, /* Have a signature */ 2236 modifier_IHDR /* Have an IHDR */ 2237 } modifier_state; 2238 2239 typedef struct CIE_color 2240 { 2241 /* A single CIE tristimulus value, representing the unique response of a 2242 * standard observer to a variety of light spectra. The observer recognizes 2243 * all spectra that produce this response as the same color, therefore this 2244 * is effectively a description of a color. 2245 */ 2246 double X, Y, Z; 2247 } CIE_color; 2248 2249 typedef struct color_encoding 2250 { 2251 /* A description of an (R,G,B) encoding of color (as defined above); this 2252 * includes the actual colors of the (R,G,B) triples (1,0,0), (0,1,0) and 2253 * (0,0,1) plus an encoding value that is used to encode the linear 2254 * components R, G and B to give the actual values R^gamma, G^gamma and 2255 * B^gamma that are stored. 2256 */ 2257 double gamma; /* Encoding (file) gamma of space */ 2258 CIE_color red, green, blue; /* End points */ 2259 } color_encoding; 2260 2261 #ifdef PNG_READ_SUPPORTED 2262 #if defined PNG_READ_TRANSFORMS_SUPPORTED && defined PNG_READ_cHRM_SUPPORTED 2263 static double 2264 chromaticity_x(CIE_color c) 2265 { 2266 return c.X / (c.X + c.Y + c.Z); 2267 } 2268 2269 static double 2270 chromaticity_y(CIE_color c) 2271 { 2272 return c.Y / (c.X + c.Y + c.Z); 2273 } 2274 2275 static CIE_color 2276 white_point(const color_encoding *encoding) 2277 { 2278 CIE_color white; 2279 2280 white.X = encoding->red.X + encoding->green.X + encoding->blue.X; 2281 white.Y = encoding->red.Y + encoding->green.Y + encoding->blue.Y; 2282 white.Z = encoding->red.Z + encoding->green.Z + encoding->blue.Z; 2283 2284 return white; 2285 } 2286 #endif /* READ_TRANSFORMS && READ_cHRM */ 2287 2288 #ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED 2289 static void 2290 normalize_color_encoding(color_encoding *encoding) 2291 { 2292 const double whiteY = encoding->red.Y + encoding->green.Y + 2293 encoding->blue.Y; 2294 2295 if (whiteY != 1) 2296 { 2297 encoding->red.X /= whiteY; 2298 encoding->red.Y /= whiteY; 2299 encoding->red.Z /= whiteY; 2300 encoding->green.X /= whiteY; 2301 encoding->green.Y /= whiteY; 2302 encoding->green.Z /= whiteY; 2303 encoding->blue.X /= whiteY; 2304 encoding->blue.Y /= whiteY; 2305 encoding->blue.Z /= whiteY; 2306 } 2307 } 2308 #endif 2309 2310 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 2311 static size_t 2312 safecat_color_encoding(char *buffer, size_t bufsize, size_t pos, 2313 const color_encoding *e, double encoding_gamma) 2314 { 2315 if (e != 0) 2316 { 2317 if (encoding_gamma != 0) 2318 pos = safecat(buffer, bufsize, pos, "("); 2319 pos = safecat(buffer, bufsize, pos, "R("); 2320 pos = safecatd(buffer, bufsize, pos, e->red.X, 4); 2321 pos = safecat(buffer, bufsize, pos, ","); 2322 pos = safecatd(buffer, bufsize, pos, e->red.Y, 4); 2323 pos = safecat(buffer, bufsize, pos, ","); 2324 pos = safecatd(buffer, bufsize, pos, e->red.Z, 4); 2325 pos = safecat(buffer, bufsize, pos, "),G("); 2326 pos = safecatd(buffer, bufsize, pos, e->green.X, 4); 2327 pos = safecat(buffer, bufsize, pos, ","); 2328 pos = safecatd(buffer, bufsize, pos, e->green.Y, 4); 2329 pos = safecat(buffer, bufsize, pos, ","); 2330 pos = safecatd(buffer, bufsize, pos, e->green.Z, 4); 2331 pos = safecat(buffer, bufsize, pos, "),B("); 2332 pos = safecatd(buffer, bufsize, pos, e->blue.X, 4); 2333 pos = safecat(buffer, bufsize, pos, ","); 2334 pos = safecatd(buffer, bufsize, pos, e->blue.Y, 4); 2335 pos = safecat(buffer, bufsize, pos, ","); 2336 pos = safecatd(buffer, bufsize, pos, e->blue.Z, 4); 2337 pos = safecat(buffer, bufsize, pos, ")"); 2338 if (encoding_gamma != 0) 2339 pos = safecat(buffer, bufsize, pos, ")"); 2340 } 2341 2342 if (encoding_gamma != 0) 2343 { 2344 pos = safecat(buffer, bufsize, pos, "^"); 2345 pos = safecatd(buffer, bufsize, pos, encoding_gamma, 5); 2346 } 2347 2348 return pos; 2349 } 2350 #endif /* READ_TRANSFORMS */ 2351 #endif /* PNG_READ_SUPPORTED */ 2352 2353 typedef struct png_modifier 2354 { 2355 png_store this; /* I am a png_store */ 2356 struct png_modification *modifications; /* Changes to make */ 2357 2358 modifier_state state; /* My state */ 2359 2360 /* Information from IHDR: */ 2361 png_byte bit_depth; /* From IHDR */ 2362 png_byte colour_type; /* From IHDR */ 2363 2364 /* While handling PLTE, IDAT and IEND these chunks may be pended to allow 2365 * other chunks to be inserted. 2366 */ 2367 png_uint_32 pending_len; 2368 png_uint_32 pending_chunk; 2369 2370 /* Test values */ 2371 double *gammas; 2372 unsigned int ngammas; 2373 unsigned int ngamma_tests; /* Number of gamma tests to run*/ 2374 double current_gamma; /* 0 if not set */ 2375 const color_encoding *encodings; 2376 unsigned int nencodings; 2377 const color_encoding *current_encoding; /* If an encoding has been set */ 2378 unsigned int encoding_counter; /* For iteration */ 2379 int encoding_ignored; /* Something overwrote it */ 2380 2381 /* Control variables used to iterate through possible encodings, the 2382 * following must be set to 0 and tested by the function that uses the 2383 * png_modifier because the modifier only sets it to 1 (true.) 2384 */ 2385 unsigned int repeat :1; /* Repeat this transform test. */ 2386 unsigned int test_uses_encoding :1; 2387 2388 /* Lowest sbit to test (pre-1.7 libpng fails for sbit < 8) */ 2389 png_byte sbitlow; 2390 2391 /* Error control - these are the limits on errors accepted by the gamma tests 2392 * below. 2393 */ 2394 double maxout8; /* Maximum output value error */ 2395 double maxabs8; /* Absolute sample error 0..1 */ 2396 double maxcalc8; /* Absolute sample error 0..1 */ 2397 double maxpc8; /* Percentage sample error 0..100% */ 2398 double maxout16; /* Maximum output value error */ 2399 double maxabs16; /* Absolute sample error 0..1 */ 2400 double maxcalc16;/* Absolute sample error 0..1 */ 2401 double maxcalcG; /* Absolute sample error 0..1 */ 2402 double maxpc16; /* Percentage sample error 0..100% */ 2403 2404 /* This is set by transforms that need to allow a higher limit, it is an 2405 * internal check on pngvalid to ensure that the calculated error limits are 2406 * not ridiculous; without this it is too easy to make a mistake in pngvalid 2407 * that allows any value through. 2408 * 2409 * NOTE: this is not checked in release builds. 2410 */ 2411 double limit; /* limit on error values, normally 4E-3 */ 2412 2413 /* Log limits - values above this are logged, but not necessarily 2414 * warned. 2415 */ 2416 double log8; /* Absolute error in 8 bits to log */ 2417 double log16; /* Absolute error in 16 bits to log */ 2418 2419 /* Logged 8 and 16 bit errors ('output' values): */ 2420 double error_gray_2; 2421 double error_gray_4; 2422 double error_gray_8; 2423 double error_gray_16; 2424 double error_color_8; 2425 double error_color_16; 2426 double error_indexed; 2427 2428 /* Flags: */ 2429 /* Whether to call png_read_update_info, not png_read_start_image, and how 2430 * many times to call it. 2431 */ 2432 int use_update_info; 2433 2434 /* Whether or not to interlace. */ 2435 int interlace_type :9; /* int, but must store '1' */ 2436 2437 /* Run the standard tests? */ 2438 unsigned int test_standard :1; 2439 2440 /* Run the odd-sized image and interlace read/write tests? */ 2441 unsigned int test_size :1; 2442 2443 /* Run tests on reading with a combination of transforms, */ 2444 unsigned int test_transform :1; 2445 unsigned int test_tRNS :1; /* Includes tRNS images */ 2446 2447 /* When to use the use_input_precision option, this controls the gamma 2448 * validation code checks. If set any value that is within the transformed 2449 * range input-.5 to input+.5 will be accepted, otherwise the value must be 2450 * within the normal limits. It should not be necessary to set this; the 2451 * result should always be exact within the permitted error limits. 2452 */ 2453 unsigned int use_input_precision :1; 2454 unsigned int use_input_precision_sbit :1; 2455 unsigned int use_input_precision_16to8 :1; 2456 2457 /* If set assume that the calculation bit depth is set by the input 2458 * precision, not the output precision. 2459 */ 2460 unsigned int calculations_use_input_precision :1; 2461 2462 /* If set assume that the calculations are done in 16 bits even if the sample 2463 * depth is 8 bits. 2464 */ 2465 unsigned int assume_16_bit_calculations :1; 2466 2467 /* Which gamma tests to run: */ 2468 unsigned int test_gamma_threshold :1; 2469 unsigned int test_gamma_transform :1; /* main tests */ 2470 unsigned int test_gamma_sbit :1; 2471 unsigned int test_gamma_scale16 :1; 2472 unsigned int test_gamma_background :1; 2473 unsigned int test_gamma_alpha_mode :1; 2474 unsigned int test_gamma_expand16 :1; 2475 unsigned int test_exhaustive :1; 2476 2477 /* Whether or not to run the low-bit-depth grayscale tests. This fails on 2478 * gamma images in some cases because of gross inaccuracies in the grayscale 2479 * gamma handling for low bit depth. 2480 */ 2481 unsigned int test_lbg :1; 2482 unsigned int test_lbg_gamma_threshold :1; 2483 unsigned int test_lbg_gamma_transform :1; 2484 unsigned int test_lbg_gamma_sbit :1; 2485 unsigned int test_lbg_gamma_composition :1; 2486 2487 unsigned int log :1; /* Log max error */ 2488 2489 /* Buffer information, the buffer size limits the size of the chunks that can 2490 * be modified - they must fit (including header and CRC) into the buffer! 2491 */ 2492 size_t flush; /* Count of bytes to flush */ 2493 size_t buffer_count; /* Bytes in buffer */ 2494 size_t buffer_position; /* Position in buffer */ 2495 png_byte buffer[1024]; 2496 } png_modifier; 2497 2498 /* This returns true if the test should be stopped now because it has already 2499 * failed and it is running silently. 2500 */ 2501 static int fail(png_modifier *pm) 2502 { 2503 return !pm->log && !pm->this.verbose && (pm->this.nerrors > 0 || 2504 (pm->this.treat_warnings_as_errors && pm->this.nwarnings > 0)); 2505 } 2506 2507 static void 2508 modifier_init(png_modifier *pm) 2509 { 2510 memset(pm, 0, sizeof *pm); 2511 store_init(&pm->this); 2512 pm->modifications = NULL; 2513 pm->state = modifier_start; 2514 pm->sbitlow = 1U; 2515 pm->ngammas = 0; 2516 pm->ngamma_tests = 0; 2517 pm->gammas = 0; 2518 pm->current_gamma = 0; 2519 pm->encodings = 0; 2520 pm->nencodings = 0; 2521 pm->current_encoding = 0; 2522 pm->encoding_counter = 0; 2523 pm->encoding_ignored = 0; 2524 pm->repeat = 0; 2525 pm->test_uses_encoding = 0; 2526 pm->maxout8 = pm->maxpc8 = pm->maxabs8 = pm->maxcalc8 = 0; 2527 pm->maxout16 = pm->maxpc16 = pm->maxabs16 = pm->maxcalc16 = 0; 2528 pm->maxcalcG = 0; 2529 pm->limit = 4E-3; 2530 pm->log8 = pm->log16 = 0; /* Means 'off' */ 2531 pm->error_gray_2 = pm->error_gray_4 = pm->error_gray_8 = 0; 2532 pm->error_gray_16 = pm->error_color_8 = pm->error_color_16 = 0; 2533 pm->error_indexed = 0; 2534 pm->use_update_info = 0; 2535 pm->interlace_type = PNG_INTERLACE_NONE; 2536 pm->test_standard = 0; 2537 pm->test_size = 0; 2538 pm->test_transform = 0; 2539 # ifdef PNG_WRITE_tRNS_SUPPORTED 2540 pm->test_tRNS = 1; 2541 # else 2542 pm->test_tRNS = 0; 2543 # endif 2544 pm->use_input_precision = 0; 2545 pm->use_input_precision_sbit = 0; 2546 pm->use_input_precision_16to8 = 0; 2547 pm->calculations_use_input_precision = 0; 2548 pm->assume_16_bit_calculations = 0; 2549 pm->test_gamma_threshold = 0; 2550 pm->test_gamma_transform = 0; 2551 pm->test_gamma_sbit = 0; 2552 pm->test_gamma_scale16 = 0; 2553 pm->test_gamma_background = 0; 2554 pm->test_gamma_alpha_mode = 0; 2555 pm->test_gamma_expand16 = 0; 2556 pm->test_lbg = 1; 2557 pm->test_lbg_gamma_threshold = 1; 2558 pm->test_lbg_gamma_transform = 1; 2559 pm->test_lbg_gamma_sbit = 1; 2560 pm->test_lbg_gamma_composition = 1; 2561 pm->test_exhaustive = 0; 2562 pm->log = 0; 2563 2564 /* Rely on the memset for all the other fields - there are no pointers */ 2565 } 2566 2567 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 2568 2569 /* This controls use of checks that explicitly know how libpng digitizes the 2570 * samples in calculations; setting this circumvents simple error limit checking 2571 * in the rgb_to_gray check, replacing it with an exact copy of the libpng 1.5 2572 * algorithm. 2573 */ 2574 #define DIGITIZE PNG_LIBPNG_VER < 10700 2575 2576 /* If pm->calculations_use_input_precision is set then operations will happen 2577 * with the precision of the input, not the precision of the output depth. 2578 * 2579 * If pm->assume_16_bit_calculations is set then even 8 bit calculations use 16 2580 * bit precision. This only affects those of the following limits that pertain 2581 * to a calculation - not a digitization operation - unless the following API is 2582 * called directly. 2583 */ 2584 #ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED 2585 #if DIGITIZE 2586 static double digitize(double value, int depth, int do_round) 2587 { 2588 /* 'value' is in the range 0 to 1, the result is the same value rounded to a 2589 * multiple of the digitization factor - 8 or 16 bits depending on both the 2590 * sample depth and the 'assume' setting. Digitization is normally by 2591 * rounding and 'do_round' should be 1, if it is 0 the digitized value will 2592 * be truncated. 2593 */ 2594 const unsigned int digitization_factor = (1U << depth) -1; 2595 2596 /* Limiting the range is done as a convenience to the caller - it's easier to 2597 * do it once here than every time at the call site. 2598 */ 2599 if (value <= 0) 2600 value = 0; 2601 2602 else if (value >= 1) 2603 value = 1; 2604 2605 value *= digitization_factor; 2606 if (do_round) value += .5; 2607 return floor(value)/digitization_factor; 2608 } 2609 #endif 2610 #endif /* RGB_TO_GRAY */ 2611 2612 #ifdef PNG_READ_GAMMA_SUPPORTED 2613 static double abserr(const png_modifier *pm, int in_depth, int out_depth) 2614 { 2615 /* Absolute error permitted in linear values - affected by the bit depth of 2616 * the calculations. 2617 */ 2618 if (pm->assume_16_bit_calculations || 2619 (pm->calculations_use_input_precision ? in_depth : out_depth) == 16) 2620 return pm->maxabs16; 2621 else 2622 return pm->maxabs8; 2623 } 2624 2625 static double calcerr(const png_modifier *pm, int in_depth, int out_depth) 2626 { 2627 /* Error in the linear composition arithmetic - only relevant when 2628 * composition actually happens (0 < alpha < 1). 2629 */ 2630 if ((pm->calculations_use_input_precision ? in_depth : out_depth) == 16) 2631 return pm->maxcalc16; 2632 else if (pm->assume_16_bit_calculations) 2633 return pm->maxcalcG; 2634 else 2635 return pm->maxcalc8; 2636 } 2637 2638 static double pcerr(const png_modifier *pm, int in_depth, int out_depth) 2639 { 2640 /* Percentage error permitted in the linear values. Note that the specified 2641 * value is a percentage but this routine returns a simple number. 2642 */ 2643 if (pm->assume_16_bit_calculations || 2644 (pm->calculations_use_input_precision ? in_depth : out_depth) == 16) 2645 return pm->maxpc16 * .01; 2646 else 2647 return pm->maxpc8 * .01; 2648 } 2649 2650 /* Output error - the error in the encoded value. This is determined by the 2651 * digitization of the output so can be +/-0.5 in the actual output value. In 2652 * the expand_16 case with the current code in libpng the expand happens after 2653 * all the calculations are done in 8 bit arithmetic, so even though the output 2654 * depth is 16 the output error is determined by the 8 bit calculation. 2655 * 2656 * This limit is not determined by the bit depth of internal calculations. 2657 * 2658 * The specified parameter does *not* include the base .5 digitization error but 2659 * it is added here. 2660 */ 2661 static double outerr(const png_modifier *pm, int in_depth, int out_depth) 2662 { 2663 /* There is a serious error in the 2 and 4 bit grayscale transform because 2664 * the gamma table value (8 bits) is simply shifted, not rounded, so the 2665 * error in 4 bit grayscale gamma is up to the value below. This is a hack 2666 * to allow pngvalid to succeed: 2667 * 2668 * TODO: fix this in libpng 2669 */ 2670 if (out_depth == 2) 2671 return .73182-.5; 2672 2673 if (out_depth == 4) 2674 return .90644-.5; 2675 2676 if ((pm->calculations_use_input_precision ? in_depth : out_depth) == 16) 2677 return pm->maxout16; 2678 2679 /* This is the case where the value was calculated at 8-bit precision then 2680 * scaled to 16 bits. 2681 */ 2682 else if (out_depth == 16) 2683 return pm->maxout8 * 257; 2684 2685 else 2686 return pm->maxout8; 2687 } 2688 2689 /* This does the same thing as the above however it returns the value to log, 2690 * rather than raising a warning. This is useful for debugging to track down 2691 * exactly what set of parameters cause high error values. 2692 */ 2693 static double outlog(const png_modifier *pm, int in_depth, int out_depth) 2694 { 2695 /* The command line parameters are either 8 bit (0..255) or 16 bit (0..65535) 2696 * and so must be adjusted for low bit depth grayscale: 2697 */ 2698 if (out_depth <= 8) 2699 { 2700 if (pm->log8 == 0) /* switched off */ 2701 return 256; 2702 2703 if (out_depth < 8) 2704 return pm->log8 / 255 * ((1<<out_depth)-1); 2705 2706 return pm->log8; 2707 } 2708 2709 if ((pm->calculations_use_input_precision ? in_depth : out_depth) == 16) 2710 { 2711 if (pm->log16 == 0) 2712 return 65536; 2713 2714 return pm->log16; 2715 } 2716 2717 /* This is the case where the value was calculated at 8-bit precision then 2718 * scaled to 16 bits. 2719 */ 2720 if (pm->log8 == 0) 2721 return 65536; 2722 2723 return pm->log8 * 257; 2724 } 2725 2726 /* This complements the above by providing the appropriate quantization for the 2727 * final value. Normally this would just be quantization to an integral value, 2728 * but in the 8 bit calculation case it's actually quantization to a multiple of 2729 * 257! 2730 */ 2731 static int output_quantization_factor(const png_modifier *pm, int in_depth, 2732 int out_depth) 2733 { 2734 if (out_depth == 16 && in_depth != 16 && 2735 pm->calculations_use_input_precision) 2736 return 257; 2737 else 2738 return 1; 2739 } 2740 #endif /* PNG_READ_GAMMA_SUPPORTED */ 2741 2742 /* One modification structure must be provided for each chunk to be modified (in 2743 * fact more than one can be provided if multiple separate changes are desired 2744 * for a single chunk.) Modifications include adding a new chunk when a 2745 * suitable chunk does not exist. 2746 * 2747 * The caller of modify_fn will reset the CRC of the chunk and record 'modified' 2748 * or 'added' as appropriate if the modify_fn returns 1 (true). If the 2749 * modify_fn is NULL the chunk is simply removed. 2750 */ 2751 typedef struct png_modification 2752 { 2753 struct png_modification *next; 2754 png_uint_32 chunk; 2755 2756 /* If the following is NULL all matching chunks will be removed: */ 2757 int (*modify_fn)(struct png_modifier *pm, 2758 struct png_modification *me, int add); 2759 2760 /* If the following is set to PLTE, IDAT or IEND and the chunk has not been 2761 * found and modified (and there is a modify_fn) the modify_fn will be called 2762 * to add the chunk before the relevant chunk. 2763 */ 2764 png_uint_32 add; 2765 unsigned int modified :1; /* Chunk was modified */ 2766 unsigned int added :1; /* Chunk was added */ 2767 unsigned int removed :1; /* Chunk was removed */ 2768 } png_modification; 2769 2770 static void 2771 modification_reset(png_modification *pmm) 2772 { 2773 if (pmm != NULL) 2774 { 2775 pmm->modified = 0; 2776 pmm->added = 0; 2777 pmm->removed = 0; 2778 modification_reset(pmm->next); 2779 } 2780 } 2781 2782 static void 2783 modification_init(png_modification *pmm) 2784 { 2785 memset(pmm, 0, sizeof *pmm); 2786 pmm->next = NULL; 2787 pmm->chunk = 0; 2788 pmm->modify_fn = NULL; 2789 pmm->add = 0; 2790 modification_reset(pmm); 2791 } 2792 2793 #ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED 2794 static void 2795 modifier_current_encoding(const png_modifier *pm, color_encoding *ce) 2796 { 2797 if (pm->current_encoding != 0) 2798 *ce = *pm->current_encoding; 2799 2800 else 2801 memset(ce, 0, sizeof *ce); 2802 2803 ce->gamma = pm->current_gamma; 2804 } 2805 #endif 2806 2807 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 2808 static size_t 2809 safecat_current_encoding(char *buffer, size_t bufsize, size_t pos, 2810 const png_modifier *pm) 2811 { 2812 pos = safecat_color_encoding(buffer, bufsize, pos, pm->current_encoding, 2813 pm->current_gamma); 2814 2815 if (pm->encoding_ignored) 2816 pos = safecat(buffer, bufsize, pos, "[overridden]"); 2817 2818 return pos; 2819 } 2820 #endif 2821 2822 /* Iterate through the usefully testable color encodings. An encoding is one 2823 * of: 2824 * 2825 * 1) Nothing (no color space, no gamma). 2826 * 2) Just a gamma value from the gamma array (including 1.0) 2827 * 3) A color space from the encodings array with the corresponding gamma. 2828 * 4) The same, but with gamma 1.0 (only really useful with 16 bit calculations) 2829 * 2830 * The iterator selects these in turn, the randomizer selects one at random, 2831 * which is used depends on the setting of the 'test_exhaustive' flag. Notice 2832 * that this function changes the colour space encoding so it must only be 2833 * called on completion of the previous test. This is what 'modifier_reset' 2834 * does, below. 2835 * 2836 * After the function has been called the 'repeat' flag will still be set; the 2837 * caller of modifier_reset must reset it at the start of each run of the test! 2838 */ 2839 static unsigned int 2840 modifier_total_encodings(const png_modifier *pm) 2841 { 2842 return 1 + /* (1) nothing */ 2843 pm->ngammas + /* (2) gamma values to test */ 2844 pm->nencodings + /* (3) total number of encodings */ 2845 /* The following test only works after the first time through the 2846 * png_modifier code because 'bit_depth' is set when the IHDR is read. 2847 * modifier_reset, below, preserves the setting until after it has called 2848 * the iterate function (also below.) 2849 * 2850 * For this reason do not rely on this function outside a call to 2851 * modifier_reset. 2852 */ 2853 ((pm->bit_depth == 16 || pm->assume_16_bit_calculations) ? 2854 pm->nencodings : 0); /* (4) encodings with gamma == 1.0 */ 2855 } 2856 2857 static void 2858 modifier_encoding_iterate(png_modifier *pm) 2859 { 2860 if (!pm->repeat && /* Else something needs the current encoding again. */ 2861 pm->test_uses_encoding) /* Some transform is encoding dependent */ 2862 { 2863 if (pm->test_exhaustive) 2864 { 2865 if (++pm->encoding_counter >= modifier_total_encodings(pm)) 2866 pm->encoding_counter = 0; /* This will stop the repeat */ 2867 } 2868 2869 else 2870 { 2871 /* Not exhaustive - choose an encoding at random; generate a number in 2872 * the range 1..(max-1), so the result is always non-zero: 2873 */ 2874 if (pm->encoding_counter == 0) 2875 pm->encoding_counter = random_mod(modifier_total_encodings(pm)-1)+1; 2876 else 2877 pm->encoding_counter = 0; 2878 } 2879 2880 if (pm->encoding_counter > 0) 2881 pm->repeat = 1; 2882 } 2883 2884 else if (!pm->repeat) 2885 pm->encoding_counter = 0; 2886 } 2887 2888 static void 2889 modifier_reset(png_modifier *pm) 2890 { 2891 store_read_reset(&pm->this); 2892 pm->limit = 4E-3; 2893 pm->pending_len = pm->pending_chunk = 0; 2894 pm->flush = pm->buffer_count = pm->buffer_position = 0; 2895 pm->modifications = NULL; 2896 pm->state = modifier_start; 2897 modifier_encoding_iterate(pm); 2898 /* The following must be set in the next run. In particular 2899 * test_uses_encodings must be set in the _ini function of each transform 2900 * that looks at the encodings. (Not the 'add' function!) 2901 */ 2902 pm->test_uses_encoding = 0; 2903 pm->current_gamma = 0; 2904 pm->current_encoding = 0; 2905 pm->encoding_ignored = 0; 2906 /* These only become value after IHDR is read: */ 2907 pm->bit_depth = pm->colour_type = 0; 2908 } 2909 2910 /* The following must be called before anything else to get the encoding set up 2911 * on the modifier. In particular it must be called before the transform init 2912 * functions are called. 2913 */ 2914 static void 2915 modifier_set_encoding(png_modifier *pm) 2916 { 2917 /* Set the encoding to the one specified by the current encoding counter, 2918 * first clear out all the settings - this corresponds to an encoding_counter 2919 * of 0. 2920 */ 2921 pm->current_gamma = 0; 2922 pm->current_encoding = 0; 2923 pm->encoding_ignored = 0; /* not ignored yet - happens in _ini functions. */ 2924 2925 /* Now, if required, set the gamma and encoding fields. */ 2926 if (pm->encoding_counter > 0) 2927 { 2928 /* The gammas[] array is an array of screen gammas, not encoding gammas, 2929 * so we need the inverse: 2930 */ 2931 if (pm->encoding_counter <= pm->ngammas) 2932 pm->current_gamma = 1/pm->gammas[pm->encoding_counter-1]; 2933 2934 else 2935 { 2936 unsigned int i = pm->encoding_counter - pm->ngammas; 2937 2938 if (i >= pm->nencodings) 2939 { 2940 i %= pm->nencodings; 2941 pm->current_gamma = 1; /* Linear, only in the 16 bit case */ 2942 } 2943 2944 else 2945 pm->current_gamma = pm->encodings[i].gamma; 2946 2947 pm->current_encoding = pm->encodings + i; 2948 } 2949 } 2950 } 2951 2952 /* Enquiry functions to find out what is set. Notice that there is an implicit 2953 * assumption below that the first encoding in the list is the one for sRGB. 2954 */ 2955 static int 2956 modifier_color_encoding_is_sRGB(const png_modifier *pm) 2957 { 2958 return pm->current_encoding != 0 && pm->current_encoding == pm->encodings && 2959 pm->current_encoding->gamma == pm->current_gamma; 2960 } 2961 2962 static int 2963 modifier_color_encoding_is_set(const png_modifier *pm) 2964 { 2965 return pm->current_gamma != 0; 2966 } 2967 2968 /* The guts of modification are performed during a read. */ 2969 static void 2970 modifier_crc(png_bytep buffer) 2971 { 2972 /* Recalculate the chunk CRC - a complete chunk must be in 2973 * the buffer, at the start. 2974 */ 2975 uInt datalen = png_get_uint_32(buffer); 2976 uLong crc = crc32(0, buffer+4, datalen+4); 2977 /* The cast to png_uint_32 is safe because a crc32 is always a 32 bit value. 2978 */ 2979 png_save_uint_32(buffer+datalen+8, (png_uint_32)crc); 2980 } 2981 2982 static void 2983 modifier_setbuffer(png_modifier *pm) 2984 { 2985 modifier_crc(pm->buffer); 2986 pm->buffer_count = png_get_uint_32(pm->buffer)+12; 2987 pm->buffer_position = 0; 2988 } 2989 2990 /* Separate the callback into the actual implementation (which is passed the 2991 * png_modifier explicitly) and the callback, which gets the modifier from the 2992 * png_struct. 2993 */ 2994 static void 2995 modifier_read_imp(png_modifier *pm, png_bytep pb, png_size_t st) 2996 { 2997 while (st > 0) 2998 { 2999 size_t cb; 3000 png_uint_32 len, chunk; 3001 png_modification *mod; 3002 3003 if (pm->buffer_position >= pm->buffer_count) switch (pm->state) 3004 { 3005 static png_byte sign[8] = { 137, 80, 78, 71, 13, 10, 26, 10 }; 3006 case modifier_start: 3007 store_read_chunk(&pm->this, pm->buffer, 8, 8); /* signature. */ 3008 pm->buffer_count = 8; 3009 pm->buffer_position = 0; 3010 3011 if (memcmp(pm->buffer, sign, 8) != 0) 3012 png_error(pm->this.pread, "invalid PNG file signature"); 3013 pm->state = modifier_signature; 3014 break; 3015 3016 case modifier_signature: 3017 store_read_chunk(&pm->this, pm->buffer, 13+12, 13+12); /* IHDR */ 3018 pm->buffer_count = 13+12; 3019 pm->buffer_position = 0; 3020 3021 if (png_get_uint_32(pm->buffer) != 13 || 3022 png_get_uint_32(pm->buffer+4) != CHUNK_IHDR) 3023 png_error(pm->this.pread, "invalid IHDR"); 3024 3025 /* Check the list of modifiers for modifications to the IHDR. */ 3026 mod = pm->modifications; 3027 while (mod != NULL) 3028 { 3029 if (mod->chunk == CHUNK_IHDR && mod->modify_fn && 3030 (*mod->modify_fn)(pm, mod, 0)) 3031 { 3032 mod->modified = 1; 3033 modifier_setbuffer(pm); 3034 } 3035 3036 /* Ignore removal or add if IHDR! */ 3037 mod = mod->next; 3038 } 3039 3040 /* Cache information from the IHDR (the modified one.) */ 3041 pm->bit_depth = pm->buffer[8+8]; 3042 pm->colour_type = pm->buffer[8+8+1]; 3043 3044 pm->state = modifier_IHDR; 3045 pm->flush = 0; 3046 break; 3047 3048 case modifier_IHDR: 3049 default: 3050 /* Read a new chunk and process it until we see PLTE, IDAT or 3051 * IEND. 'flush' indicates that there is still some data to 3052 * output from the preceding chunk. 3053 */ 3054 if ((cb = pm->flush) > 0) 3055 { 3056 if (cb > st) cb = st; 3057 pm->flush -= cb; 3058 store_read_chunk(&pm->this, pb, cb, cb); 3059 pb += cb; 3060 st -= cb; 3061 if (st == 0) return; 3062 } 3063 3064 /* No more bytes to flush, read a header, or handle a pending 3065 * chunk. 3066 */ 3067 if (pm->pending_chunk != 0) 3068 { 3069 png_save_uint_32(pm->buffer, pm->pending_len); 3070 png_save_uint_32(pm->buffer+4, pm->pending_chunk); 3071 pm->pending_len = 0; 3072 pm->pending_chunk = 0; 3073 } 3074 else 3075 store_read_chunk(&pm->this, pm->buffer, 8, 8); 3076 3077 pm->buffer_count = 8; 3078 pm->buffer_position = 0; 3079 3080 /* Check for something to modify or a terminator chunk. */ 3081 len = png_get_uint_32(pm->buffer); 3082 chunk = png_get_uint_32(pm->buffer+4); 3083 3084 /* Terminators first, they may have to be delayed for added 3085 * chunks 3086 */ 3087 if (chunk == CHUNK_PLTE || chunk == CHUNK_IDAT || 3088 chunk == CHUNK_IEND) 3089 { 3090 mod = pm->modifications; 3091 3092 while (mod != NULL) 3093 { 3094 if ((mod->add == chunk || 3095 (mod->add == CHUNK_PLTE && chunk == CHUNK_IDAT)) && 3096 mod->modify_fn != NULL && !mod->modified && !mod->added) 3097 { 3098 /* Regardless of what the modify function does do not run 3099 * this again. 3100 */ 3101 mod->added = 1; 3102 3103 if ((*mod->modify_fn)(pm, mod, 1 /*add*/)) 3104 { 3105 /* Reset the CRC on a new chunk */ 3106 if (pm->buffer_count > 0) 3107 modifier_setbuffer(pm); 3108 3109 else 3110 { 3111 pm->buffer_position = 0; 3112 mod->removed = 1; 3113 } 3114 3115 /* The buffer has been filled with something (we assume) 3116 * so output this. Pend the current chunk. 3117 */ 3118 pm->pending_len = len; 3119 pm->pending_chunk = chunk; 3120 break; /* out of while */ 3121 } 3122 } 3123 3124 mod = mod->next; 3125 } 3126 3127 /* Don't do any further processing if the buffer was modified - 3128 * otherwise the code will end up modifying a chunk that was 3129 * just added. 3130 */ 3131 if (mod != NULL) 3132 break; /* out of switch */ 3133 } 3134 3135 /* If we get to here then this chunk may need to be modified. To 3136 * do this it must be less than 1024 bytes in total size, otherwise 3137 * it just gets flushed. 3138 */ 3139 if (len+12 <= sizeof pm->buffer) 3140 { 3141 png_size_t s = len+12-pm->buffer_count; 3142 store_read_chunk(&pm->this, pm->buffer+pm->buffer_count, s, s); 3143 pm->buffer_count = len+12; 3144 3145 /* Check for a modification, else leave it be. */ 3146 mod = pm->modifications; 3147 while (mod != NULL) 3148 { 3149 if (mod->chunk == chunk) 3150 { 3151 if (mod->modify_fn == NULL) 3152 { 3153 /* Remove this chunk */ 3154 pm->buffer_count = pm->buffer_position = 0; 3155 mod->removed = 1; 3156 break; /* Terminate the while loop */ 3157 } 3158 3159 else if ((*mod->modify_fn)(pm, mod, 0)) 3160 { 3161 mod->modified = 1; 3162 /* The chunk may have been removed: */ 3163 if (pm->buffer_count == 0) 3164 { 3165 pm->buffer_position = 0; 3166 break; 3167 } 3168 modifier_setbuffer(pm); 3169 } 3170 } 3171 3172 mod = mod->next; 3173 } 3174 } 3175 3176 else 3177 pm->flush = len+12 - pm->buffer_count; /* data + crc */ 3178 3179 /* Take the data from the buffer (if there is any). */ 3180 break; 3181 } 3182 3183 /* Here to read from the modifier buffer (not directly from 3184 * the store, as in the flush case above.) 3185 */ 3186 cb = pm->buffer_count - pm->buffer_position; 3187 3188 if (cb > st) 3189 cb = st; 3190 3191 memcpy(pb, pm->buffer + pm->buffer_position, cb); 3192 st -= cb; 3193 pb += cb; 3194 pm->buffer_position += cb; 3195 } 3196 } 3197 3198 /* The callback: */ 3199 static void PNGCBAPI 3200 modifier_read(png_structp ppIn, png_bytep pb, png_size_t st) 3201 { 3202 png_const_structp pp = ppIn; 3203 png_modifier *pm = voidcast(png_modifier*, png_get_io_ptr(pp)); 3204 3205 if (pm == NULL || pm->this.pread != pp) 3206 png_error(pp, "bad modifier_read call"); 3207 3208 modifier_read_imp(pm, pb, st); 3209 } 3210 3211 /* Like store_progressive_read but the data is getting changed as we go so we 3212 * need a local buffer. 3213 */ 3214 static void 3215 modifier_progressive_read(png_modifier *pm, png_structp pp, png_infop pi) 3216 { 3217 if (pm->this.pread != pp || pm->this.current == NULL || 3218 pm->this.next == NULL) 3219 png_error(pp, "store state damaged (progressive)"); 3220 3221 /* This is another Horowitz and Hill random noise generator. In this case 3222 * the aim is to stress the progressive reader with truly horrible variable 3223 * buffer sizes in the range 1..500, so a sequence of 9 bit random numbers 3224 * is generated. We could probably just count from 1 to 32767 and get as 3225 * good a result. 3226 */ 3227 for (;;) 3228 { 3229 static png_uint_32 noise = 1; 3230 png_size_t cb, cbAvail; 3231 png_byte buffer[512]; 3232 3233 /* Generate 15 more bits of stuff: */ 3234 noise = (noise << 9) | ((noise ^ (noise >> (9-5))) & 0x1ff); 3235 cb = noise & 0x1ff; 3236 3237 /* Check that this number of bytes are available (in the current buffer.) 3238 * (This doesn't quite work - the modifier might delete a chunk; unlikely 3239 * but possible, it doesn't happen at present because the modifier only 3240 * adds chunks to standard images.) 3241 */ 3242 cbAvail = store_read_buffer_avail(&pm->this); 3243 if (pm->buffer_count > pm->buffer_position) 3244 cbAvail += pm->buffer_count - pm->buffer_position; 3245 3246 if (cb > cbAvail) 3247 { 3248 /* Check for EOF: */ 3249 if (cbAvail == 0) 3250 break; 3251 3252 cb = cbAvail; 3253 } 3254 3255 modifier_read_imp(pm, buffer, cb); 3256 png_process_data(pp, pi, buffer, cb); 3257 } 3258 3259 /* Check the invariants at the end (if this fails it's a problem in this 3260 * file!) 3261 */ 3262 if (pm->buffer_count > pm->buffer_position || 3263 pm->this.next != &pm->this.current->data || 3264 pm->this.readpos < pm->this.current->datacount) 3265 png_error(pp, "progressive read implementation error"); 3266 } 3267 3268 /* Set up a modifier. */ 3269 static png_structp 3270 set_modifier_for_read(png_modifier *pm, png_infopp ppi, png_uint_32 id, 3271 const char *name) 3272 { 3273 /* Do this first so that the modifier fields are cleared even if an error 3274 * happens allocating the png_struct. No allocation is done here so no 3275 * cleanup is required. 3276 */ 3277 pm->state = modifier_start; 3278 pm->bit_depth = 0; 3279 pm->colour_type = 255; 3280 3281 pm->pending_len = 0; 3282 pm->pending_chunk = 0; 3283 pm->flush = 0; 3284 pm->buffer_count = 0; 3285 pm->buffer_position = 0; 3286 3287 return set_store_for_read(&pm->this, ppi, id, name); 3288 } 3289 3290 3291 /******************************** MODIFICATIONS *******************************/ 3292 /* Standard modifications to add chunks. These do not require the _SUPPORTED 3293 * macros because the chunks can be there regardless of whether this specific 3294 * libpng supports them. 3295 */ 3296 typedef struct gama_modification 3297 { 3298 png_modification this; 3299 png_fixed_point gamma; 3300 } gama_modification; 3301 3302 static int 3303 gama_modify(png_modifier *pm, png_modification *me, int add) 3304 { 3305 UNUSED(add) 3306 /* This simply dumps the given gamma value into the buffer. */ 3307 png_save_uint_32(pm->buffer, 4); 3308 png_save_uint_32(pm->buffer+4, CHUNK_gAMA); 3309 png_save_uint_32(pm->buffer+8, ((gama_modification*)me)->gamma); 3310 return 1; 3311 } 3312 3313 static void 3314 gama_modification_init(gama_modification *me, png_modifier *pm, double gammad) 3315 { 3316 double g; 3317 3318 modification_init(&me->this); 3319 me->this.chunk = CHUNK_gAMA; 3320 me->this.modify_fn = gama_modify; 3321 me->this.add = CHUNK_PLTE; 3322 g = fix(gammad); 3323 me->gamma = (png_fixed_point)g; 3324 me->this.next = pm->modifications; 3325 pm->modifications = &me->this; 3326 } 3327 3328 typedef struct chrm_modification 3329 { 3330 png_modification this; 3331 const color_encoding *encoding; 3332 png_fixed_point wx, wy, rx, ry, gx, gy, bx, by; 3333 } chrm_modification; 3334 3335 static int 3336 chrm_modify(png_modifier *pm, png_modification *me, int add) 3337 { 3338 UNUSED(add) 3339 /* As with gAMA this just adds the required cHRM chunk to the buffer. */ 3340 png_save_uint_32(pm->buffer , 32); 3341 png_save_uint_32(pm->buffer+ 4, CHUNK_cHRM); 3342 png_save_uint_32(pm->buffer+ 8, ((chrm_modification*)me)->wx); 3343 png_save_uint_32(pm->buffer+12, ((chrm_modification*)me)->wy); 3344 png_save_uint_32(pm->buffer+16, ((chrm_modification*)me)->rx); 3345 png_save_uint_32(pm->buffer+20, ((chrm_modification*)me)->ry); 3346 png_save_uint_32(pm->buffer+24, ((chrm_modification*)me)->gx); 3347 png_save_uint_32(pm->buffer+28, ((chrm_modification*)me)->gy); 3348 png_save_uint_32(pm->buffer+32, ((chrm_modification*)me)->bx); 3349 png_save_uint_32(pm->buffer+36, ((chrm_modification*)me)->by); 3350 return 1; 3351 } 3352 3353 static void 3354 chrm_modification_init(chrm_modification *me, png_modifier *pm, 3355 const color_encoding *encoding) 3356 { 3357 CIE_color white = white_point(encoding); 3358 3359 /* Original end points: */ 3360 me->encoding = encoding; 3361 3362 /* Chromaticities (in fixed point): */ 3363 me->wx = fix(chromaticity_x(white)); 3364 me->wy = fix(chromaticity_y(white)); 3365 3366 me->rx = fix(chromaticity_x(encoding->red)); 3367 me->ry = fix(chromaticity_y(encoding->red)); 3368 me->gx = fix(chromaticity_x(encoding->green)); 3369 me->gy = fix(chromaticity_y(encoding->green)); 3370 me->bx = fix(chromaticity_x(encoding->blue)); 3371 me->by = fix(chromaticity_y(encoding->blue)); 3372 3373 modification_init(&me->this); 3374 me->this.chunk = CHUNK_cHRM; 3375 me->this.modify_fn = chrm_modify; 3376 me->this.add = CHUNK_PLTE; 3377 me->this.next = pm->modifications; 3378 pm->modifications = &me->this; 3379 } 3380 3381 typedef struct srgb_modification 3382 { 3383 png_modification this; 3384 png_byte intent; 3385 } srgb_modification; 3386 3387 static int 3388 srgb_modify(png_modifier *pm, png_modification *me, int add) 3389 { 3390 UNUSED(add) 3391 /* As above, ignore add and just make a new chunk */ 3392 png_save_uint_32(pm->buffer, 1); 3393 png_save_uint_32(pm->buffer+4, CHUNK_sRGB); 3394 pm->buffer[8] = ((srgb_modification*)me)->intent; 3395 return 1; 3396 } 3397 3398 static void 3399 srgb_modification_init(srgb_modification *me, png_modifier *pm, png_byte intent) 3400 { 3401 modification_init(&me->this); 3402 me->this.chunk = CHUNK_sBIT; 3403 3404 if (intent <= 3) /* if valid, else *delete* sRGB chunks */ 3405 { 3406 me->this.modify_fn = srgb_modify; 3407 me->this.add = CHUNK_PLTE; 3408 me->intent = intent; 3409 } 3410 3411 else 3412 { 3413 me->this.modify_fn = 0; 3414 me->this.add = 0; 3415 me->intent = 0; 3416 } 3417 3418 me->this.next = pm->modifications; 3419 pm->modifications = &me->this; 3420 } 3421 3422 #ifdef PNG_READ_GAMMA_SUPPORTED 3423 typedef struct sbit_modification 3424 { 3425 png_modification this; 3426 png_byte sbit; 3427 } sbit_modification; 3428 3429 static int 3430 sbit_modify(png_modifier *pm, png_modification *me, int add) 3431 { 3432 png_byte sbit = ((sbit_modification*)me)->sbit; 3433 if (pm->bit_depth > sbit) 3434 { 3435 int cb = 0; 3436 switch (pm->colour_type) 3437 { 3438 case 0: 3439 cb = 1; 3440 break; 3441 3442 case 2: 3443 case 3: 3444 cb = 3; 3445 break; 3446 3447 case 4: 3448 cb = 2; 3449 break; 3450 3451 case 6: 3452 cb = 4; 3453 break; 3454 3455 default: 3456 png_error(pm->this.pread, 3457 "unexpected colour type in sBIT modification"); 3458 } 3459 3460 png_save_uint_32(pm->buffer, cb); 3461 png_save_uint_32(pm->buffer+4, CHUNK_sBIT); 3462 3463 while (cb > 0) 3464 (pm->buffer+8)[--cb] = sbit; 3465 3466 return 1; 3467 } 3468 else if (!add) 3469 { 3470 /* Remove the sBIT chunk */ 3471 pm->buffer_count = pm->buffer_position = 0; 3472 return 1; 3473 } 3474 else 3475 return 0; /* do nothing */ 3476 } 3477 3478 static void 3479 sbit_modification_init(sbit_modification *me, png_modifier *pm, png_byte sbit) 3480 { 3481 modification_init(&me->this); 3482 me->this.chunk = CHUNK_sBIT; 3483 me->this.modify_fn = sbit_modify; 3484 me->this.add = CHUNK_PLTE; 3485 me->sbit = sbit; 3486 me->this.next = pm->modifications; 3487 pm->modifications = &me->this; 3488 } 3489 #endif /* PNG_READ_GAMMA_SUPPORTED */ 3490 #endif /* PNG_READ_TRANSFORMS_SUPPORTED */ 3491 3492 /***************************** STANDARD PNG FILES *****************************/ 3493 /* Standard files - write and save standard files. */ 3494 /* There are two basic forms of standard images. Those which attempt to have 3495 * all the possible pixel values (not possible for 16bpp images, but a range of 3496 * values are produced) and those which have a range of image sizes. The former 3497 * are used for testing transforms, in particular gamma correction and bit 3498 * reduction and increase. The latter are reserved for testing the behavior of 3499 * libpng with respect to 'odd' image sizes - particularly small images where 3500 * rows become 1 byte and interlace passes disappear. 3501 * 3502 * The first, most useful, set are the 'transform' images, the second set of 3503 * small images are the 'size' images. 3504 * 3505 * The transform files are constructed with rows which fit into a 1024 byte row 3506 * buffer. This makes allocation easier below. Further regardless of the file 3507 * format every row has 128 pixels (giving 1024 bytes for 64bpp formats). 3508 * 3509 * Files are stored with no gAMA or sBIT chunks, with a PLTE only when needed 3510 * and with an ID derived from the colour type, bit depth and interlace type 3511 * as above (FILEID). The width (128) and height (variable) are not stored in 3512 * the FILEID - instead the fields are set to 0, indicating a transform file. 3513 * 3514 * The size files ar constructed with rows a maximum of 128 bytes wide, allowing 3515 * a maximum width of 16 pixels (for the 64bpp case.) They also have a maximum 3516 * height of 16 rows. The width and height are stored in the FILEID and, being 3517 * non-zero, indicate a size file. 3518 * 3519 * Because the PNG filter code is typically the largest CPU consumer within 3520 * libpng itself there is a tendency to attempt to optimize it. This results in 3521 * special case code which needs to be validated. To cause this to happen the 3522 * 'size' images are made to use each possible filter, in so far as this is 3523 * possible for smaller images. 3524 * 3525 * For palette image (colour type 3) multiple transform images are stored with 3526 * the same bit depth to allow testing of more colour combinations - 3527 * particularly important for testing the gamma code because libpng uses a 3528 * different code path for palette images. For size images a single palette is 3529 * used. 3530 */ 3531 3532 /* Make a 'standard' palette. Because there are only 256 entries in a palette 3533 * (maximum) this actually makes a random palette in the hope that enough tests 3534 * will catch enough errors. (Note that the same palette isn't produced every 3535 * time for the same test - it depends on what previous tests have been run - 3536 * but a given set of arguments to pngvalid will always produce the same palette 3537 * at the same test! This is why pseudo-random number generators are useful for 3538 * testing.) 3539 * 3540 * The store must be open for write when this is called, otherwise an internal 3541 * error will occur. This routine contains its own magic number seed, so the 3542 * palettes generated don't change if there are intervening errors (changing the 3543 * calls to the store_mark seed.) 3544 */ 3545 static store_palette_entry * 3546 make_standard_palette(png_store* ps, int npalette, int do_tRNS) 3547 { 3548 static png_uint_32 palette_seed[2] = { 0x87654321, 9 }; 3549 3550 int i = 0; 3551 png_byte values[256][4]; 3552 3553 /* Always put in black and white plus the six primary and secondary colors. 3554 */ 3555 for (; i<8; ++i) 3556 { 3557 values[i][1] = (png_byte)((i&1) ? 255U : 0U); 3558 values[i][2] = (png_byte)((i&2) ? 255U : 0U); 3559 values[i][3] = (png_byte)((i&4) ? 255U : 0U); 3560 } 3561 3562 /* Then add 62 grays (one quarter of the remaining 256 slots). */ 3563 { 3564 int j = 0; 3565 png_byte random_bytes[4]; 3566 png_byte need[256]; 3567 3568 need[0] = 0; /*got black*/ 3569 memset(need+1, 1, (sizeof need)-2); /*need these*/ 3570 need[255] = 0; /*but not white*/ 3571 3572 while (i<70) 3573 { 3574 png_byte b; 3575 3576 if (j==0) 3577 { 3578 make_four_random_bytes(palette_seed, random_bytes); 3579 j = 4; 3580 } 3581 3582 b = random_bytes[--j]; 3583 if (need[b]) 3584 { 3585 values[i][1] = b; 3586 values[i][2] = b; 3587 values[i++][3] = b; 3588 } 3589 } 3590 } 3591 3592 /* Finally add 192 colors at random - don't worry about matches to things we 3593 * already have, chance is less than 1/65536. Don't worry about grays, 3594 * chance is the same, so we get a duplicate or extra gray less than 1 time 3595 * in 170. 3596 */ 3597 for (; i<256; ++i) 3598 make_four_random_bytes(palette_seed, values[i]); 3599 3600 /* Fill in the alpha values in the first byte. Just use all possible values 3601 * (0..255) in an apparently random order: 3602 */ 3603 { 3604 store_palette_entry *palette; 3605 png_byte selector[4]; 3606 3607 make_four_random_bytes(palette_seed, selector); 3608 3609 if (do_tRNS) 3610 for (i=0; i<256; ++i) 3611 values[i][0] = (png_byte)(i ^ selector[0]); 3612 3613 else 3614 for (i=0; i<256; ++i) 3615 values[i][0] = 255; /* no transparency/tRNS chunk */ 3616 3617 /* 'values' contains 256 ARGB values, but we only need 'npalette'. 3618 * 'npalette' will always be a power of 2: 2, 4, 16 or 256. In the low 3619 * bit depth cases select colors at random, else it is difficult to have 3620 * a set of low bit depth palette test with any chance of a reasonable 3621 * range of colors. Do this by randomly permuting values into the low 3622 * 'npalette' entries using an XOR mask generated here. This also 3623 * permutes the npalette == 256 case in a potentially useful way (there is 3624 * no relationship between palette index and the color value therein!) 3625 */ 3626 palette = store_write_palette(ps, npalette); 3627 3628 for (i=0; i<npalette; ++i) 3629 { 3630 palette[i].alpha = values[i ^ selector[1]][0]; 3631 palette[i].red = values[i ^ selector[1]][1]; 3632 palette[i].green = values[i ^ selector[1]][2]; 3633 palette[i].blue = values[i ^ selector[1]][3]; 3634 } 3635 3636 return palette; 3637 } 3638 } 3639 3640 /* Initialize a standard palette on a write stream. The 'do_tRNS' argument 3641 * indicates whether or not to also set the tRNS chunk. 3642 */ 3643 /* TODO: the png_structp here can probably be 'const' in the future */ 3644 static void 3645 init_standard_palette(png_store *ps, png_structp pp, png_infop pi, int npalette, 3646 int do_tRNS) 3647 { 3648 store_palette_entry *ppal = make_standard_palette(ps, npalette, do_tRNS); 3649 3650 { 3651 int i; 3652 png_color palette[256]; 3653 3654 /* Set all entries to detect overread errors. */ 3655 for (i=0; i<npalette; ++i) 3656 { 3657 palette[i].red = ppal[i].red; 3658 palette[i].green = ppal[i].green; 3659 palette[i].blue = ppal[i].blue; 3660 } 3661 3662 /* Just in case fill in the rest with detectable values: */ 3663 for (; i<256; ++i) 3664 palette[i].red = palette[i].green = palette[i].blue = 42; 3665 3666 png_set_PLTE(pp, pi, palette, npalette); 3667 } 3668 3669 if (do_tRNS) 3670 { 3671 int i, j; 3672 png_byte tRNS[256]; 3673 3674 /* Set all the entries, but skip trailing opaque entries */ 3675 for (i=j=0; i<npalette; ++i) 3676 if ((tRNS[i] = ppal[i].alpha) < 255) 3677 j = i+1; 3678 3679 /* Fill in the remainder with a detectable value: */ 3680 for (; i<256; ++i) 3681 tRNS[i] = 24; 3682 3683 #ifdef PNG_WRITE_tRNS_SUPPORTED 3684 if (j > 0) 3685 png_set_tRNS(pp, pi, tRNS, j, 0/*color*/); 3686 #endif 3687 } 3688 } 3689 3690 #ifdef PNG_WRITE_tRNS_SUPPORTED 3691 static void 3692 set_random_tRNS(png_structp pp, png_infop pi, const png_byte colour_type, 3693 const int bit_depth) 3694 { 3695 /* To make this useful the tRNS color needs to match at least one pixel. 3696 * Random values are fine for gray, including the 16-bit case where we know 3697 * that the test image contains all the gray values. For RGB we need more 3698 * method as only 65536 different RGB values are generated. 3699 */ 3700 png_color_16 tRNS; 3701 const png_uint_16 mask = (png_uint_16)((1U << bit_depth)-1); 3702 3703 R8(tRNS); /* makes unset fields random */ 3704 3705 if (colour_type & 2/*RGB*/) 3706 { 3707 if (bit_depth == 8) 3708 { 3709 tRNS.red = random_u16(); 3710 tRNS.green = random_u16(); 3711 tRNS.blue = tRNS.red ^ tRNS.green; 3712 tRNS.red &= mask; 3713 tRNS.green &= mask; 3714 tRNS.blue &= mask; 3715 } 3716 3717 else /* bit_depth == 16 */ 3718 { 3719 tRNS.red = random_u16(); 3720 tRNS.green = (png_uint_16)(tRNS.red * 257); 3721 tRNS.blue = (png_uint_16)(tRNS.green * 17); 3722 } 3723 } 3724 3725 else 3726 { 3727 tRNS.gray = random_u16(); 3728 tRNS.gray &= mask; 3729 } 3730 3731 png_set_tRNS(pp, pi, NULL, 0, &tRNS); 3732 } 3733 #endif 3734 3735 /* The number of passes is related to the interlace type. There was no libpng 3736 * API to determine this prior to 1.5, so we need an inquiry function: 3737 */ 3738 static int 3739 npasses_from_interlace_type(png_const_structp pp, int interlace_type) 3740 { 3741 switch (interlace_type) 3742 { 3743 default: 3744 png_error(pp, "invalid interlace type"); 3745 3746 case PNG_INTERLACE_NONE: 3747 return 1; 3748 3749 case PNG_INTERLACE_ADAM7: 3750 return PNG_INTERLACE_ADAM7_PASSES; 3751 } 3752 } 3753 3754 static unsigned int 3755 bit_size(png_const_structp pp, png_byte colour_type, png_byte bit_depth) 3756 { 3757 switch (colour_type) 3758 { 3759 default: png_error(pp, "invalid color type"); 3760 3761 case 0: return bit_depth; 3762 3763 case 2: return 3*bit_depth; 3764 3765 case 3: return bit_depth; 3766 3767 case 4: return 2*bit_depth; 3768 3769 case 6: return 4*bit_depth; 3770 } 3771 } 3772 3773 #define TRANSFORM_WIDTH 128U 3774 #define TRANSFORM_ROWMAX (TRANSFORM_WIDTH*8U) 3775 #define SIZE_ROWMAX (16*8U) /* 16 pixels, max 8 bytes each - 128 bytes */ 3776 #define STANDARD_ROWMAX TRANSFORM_ROWMAX /* The larger of the two */ 3777 #define SIZE_HEIGHTMAX 16 /* Maximum range of size images */ 3778 3779 static size_t 3780 transform_rowsize(png_const_structp pp, png_byte colour_type, 3781 png_byte bit_depth) 3782 { 3783 return (TRANSFORM_WIDTH * bit_size(pp, colour_type, bit_depth)) / 8; 3784 } 3785 3786 /* transform_width(pp, colour_type, bit_depth) current returns the same number 3787 * every time, so just use a macro: 3788 */ 3789 #define transform_width(pp, colour_type, bit_depth) TRANSFORM_WIDTH 3790 3791 static png_uint_32 3792 transform_height(png_const_structp pp, png_byte colour_type, png_byte bit_depth) 3793 { 3794 switch (bit_size(pp, colour_type, bit_depth)) 3795 { 3796 case 1: 3797 case 2: 3798 case 4: 3799 return 1; /* Total of 128 pixels */ 3800 3801 case 8: 3802 return 2; /* Total of 256 pixels/bytes */ 3803 3804 case 16: 3805 return 512; /* Total of 65536 pixels */ 3806 3807 case 24: 3808 case 32: 3809 return 512; /* 65536 pixels */ 3810 3811 case 48: 3812 case 64: 3813 return 2048;/* 4 x 65536 pixels. */ 3814 # define TRANSFORM_HEIGHTMAX 2048 3815 3816 default: 3817 return 0; /* Error, will be caught later */ 3818 } 3819 } 3820 3821 #ifdef PNG_READ_SUPPORTED 3822 /* The following can only be defined here, now we have the definitions 3823 * of the transform image sizes. 3824 */ 3825 static png_uint_32 3826 standard_width(png_const_structp pp, png_uint_32 id) 3827 { 3828 png_uint_32 width = WIDTH_FROM_ID(id); 3829 UNUSED(pp) 3830 3831 if (width == 0) 3832 width = transform_width(pp, COL_FROM_ID(id), DEPTH_FROM_ID(id)); 3833 3834 return width; 3835 } 3836 3837 static png_uint_32 3838 standard_height(png_const_structp pp, png_uint_32 id) 3839 { 3840 png_uint_32 height = HEIGHT_FROM_ID(id); 3841 3842 if (height == 0) 3843 height = transform_height(pp, COL_FROM_ID(id), DEPTH_FROM_ID(id)); 3844 3845 return height; 3846 } 3847 3848 static png_uint_32 3849 standard_rowsize(png_const_structp pp, png_uint_32 id) 3850 { 3851 png_uint_32 width = standard_width(pp, id); 3852 3853 /* This won't overflow: */ 3854 width *= bit_size(pp, COL_FROM_ID(id), DEPTH_FROM_ID(id)); 3855 return (width + 7) / 8; 3856 } 3857 #endif /* PNG_READ_SUPPORTED */ 3858 3859 static void 3860 transform_row(png_const_structp pp, png_byte buffer[TRANSFORM_ROWMAX], 3861 png_byte colour_type, png_byte bit_depth, png_uint_32 y) 3862 { 3863 png_uint_32 v = y << 7; 3864 png_uint_32 i = 0; 3865 3866 switch (bit_size(pp, colour_type, bit_depth)) 3867 { 3868 case 1: 3869 while (i<128/8) buffer[i] = (png_byte)(v & 0xff), v += 17, ++i; 3870 return; 3871 3872 case 2: 3873 while (i<128/4) buffer[i] = (png_byte)(v & 0xff), v += 33, ++i; 3874 return; 3875 3876 case 4: 3877 while (i<128/2) buffer[i] = (png_byte)(v & 0xff), v += 65, ++i; 3878 return; 3879 3880 case 8: 3881 /* 256 bytes total, 128 bytes in each row set as follows: */ 3882 while (i<128) buffer[i] = (png_byte)(v & 0xff), ++v, ++i; 3883 return; 3884 3885 case 16: 3886 /* Generate all 65536 pixel values in order, which includes the 8 bit 3887 * GA case as well as the 16 bit G case. 3888 */ 3889 while (i<128) 3890 { 3891 buffer[2*i] = (png_byte)((v>>8) & 0xff); 3892 buffer[2*i+1] = (png_byte)(v & 0xff); 3893 ++v; 3894 ++i; 3895 } 3896 3897 return; 3898 3899 case 24: 3900 /* 65535 pixels, but rotate the values. */ 3901 while (i<128) 3902 { 3903 /* Three bytes per pixel, r, g, b, make b by r^g */ 3904 buffer[3*i+0] = (png_byte)((v >> 8) & 0xff); 3905 buffer[3*i+1] = (png_byte)(v & 0xff); 3906 buffer[3*i+2] = (png_byte)(((v >> 8) ^ v) & 0xff); 3907 ++v; 3908 ++i; 3909 } 3910 3911 return; 3912 3913 case 32: 3914 /* 65535 pixels, r, g, b, a; just replicate */ 3915 while (i<128) 3916 { 3917 buffer[4*i+0] = (png_byte)((v >> 8) & 0xff); 3918 buffer[4*i+1] = (png_byte)(v & 0xff); 3919 buffer[4*i+2] = (png_byte)((v >> 8) & 0xff); 3920 buffer[4*i+3] = (png_byte)(v & 0xff); 3921 ++v; 3922 ++i; 3923 } 3924 3925 return; 3926 3927 case 48: 3928 /* y is maximum 2047, giving 4x65536 pixels, make 'r' increase by 1 at 3929 * each pixel, g increase by 257 (0x101) and 'b' by 0x1111: 3930 */ 3931 while (i<128) 3932 { 3933 png_uint_32 t = v++; 3934 buffer[6*i+0] = (png_byte)((t >> 8) & 0xff); 3935 buffer[6*i+1] = (png_byte)(t & 0xff); 3936 t *= 257; 3937 buffer[6*i+2] = (png_byte)((t >> 8) & 0xff); 3938 buffer[6*i+3] = (png_byte)(t & 0xff); 3939 t *= 17; 3940 buffer[6*i+4] = (png_byte)((t >> 8) & 0xff); 3941 buffer[6*i+5] = (png_byte)(t & 0xff); 3942 ++i; 3943 } 3944 3945 return; 3946 3947 case 64: 3948 /* As above in the 32 bit case. */ 3949 while (i<128) 3950 { 3951 png_uint_32 t = v++; 3952 buffer[8*i+0] = (png_byte)((t >> 8) & 0xff); 3953 buffer[8*i+1] = (png_byte)(t & 0xff); 3954 buffer[8*i+4] = (png_byte)((t >> 8) & 0xff); 3955 buffer[8*i+5] = (png_byte)(t & 0xff); 3956 t *= 257; 3957 buffer[8*i+2] = (png_byte)((t >> 8) & 0xff); 3958 buffer[8*i+3] = (png_byte)(t & 0xff); 3959 buffer[8*i+6] = (png_byte)((t >> 8) & 0xff); 3960 buffer[8*i+7] = (png_byte)(t & 0xff); 3961 ++i; 3962 } 3963 return; 3964 3965 default: 3966 break; 3967 } 3968 3969 png_error(pp, "internal error"); 3970 } 3971 3972 /* This is just to do the right cast - could be changed to a function to check 3973 * 'bd' but there isn't much point. 3974 */ 3975 #define DEPTH(bd) ((png_byte)(1U << (bd))) 3976 3977 /* This is just a helper for compiling on minimal systems with no write 3978 * interlacing support. If there is no write interlacing we can't generate test 3979 * cases with interlace: 3980 */ 3981 #ifdef PNG_WRITE_INTERLACING_SUPPORTED 3982 # define INTERLACE_LAST PNG_INTERLACE_LAST 3983 # define check_interlace_type(type) ((void)(type)) 3984 # define set_write_interlace_handling(pp,type) png_set_interlace_handling(pp) 3985 # define do_own_interlace 0 3986 #elif PNG_LIBPNG_VER < 10700 3987 # define set_write_interlace_handling(pp,type) (1) 3988 static void 3989 check_interlace_type(int const interlace_type) 3990 { 3991 /* Prior to 1.7.0 libpng does not support the write of an interlaced image 3992 * unless PNG_WRITE_INTERLACING_SUPPORTED, even with do_interlace so the 3993 * code here does the pixel interlace itself, so: 3994 */ 3995 if (interlace_type != PNG_INTERLACE_NONE) 3996 { 3997 /* This is an internal error - --interlace tests should be skipped, not 3998 * attempted. 3999 */ 4000 fprintf(stderr, "pngvalid: no interlace support\n"); 4001 exit(99); 4002 } 4003 } 4004 # define INTERLACE_LAST (PNG_INTERLACE_NONE+1) 4005 # define do_own_interlace 0 4006 #else /* libpng 1.7+ */ 4007 # define set_write_interlace_handling(pp,type)\ 4008 npasses_from_interlace_type(pp,type) 4009 # define check_interlace_type(type) ((void)(type)) 4010 # define INTERLACE_LAST PNG_INTERLACE_LAST 4011 # define do_own_interlace 1 4012 #endif /* WRITE_INTERLACING tests */ 4013 4014 #define CAN_WRITE_INTERLACE\ 4015 PNG_LIBPNG_VER >= 10700 || defined PNG_WRITE_INTERLACING_SUPPORTED 4016 4017 /* Do the same thing for read interlacing; this controls whether read tests do 4018 * their own de-interlace or use libpng. 4019 */ 4020 #ifdef PNG_READ_INTERLACING_SUPPORTED 4021 # define do_read_interlace 0 4022 #else /* no libpng read interlace support */ 4023 # define do_read_interlace 1 4024 #endif 4025 /* The following two routines use the PNG interlace support macros from 4026 * png.h to interlace or deinterlace rows. 4027 */ 4028 static void 4029 interlace_row(png_bytep buffer, png_const_bytep imageRow, 4030 unsigned int pixel_size, png_uint_32 w, int pass, int littleendian) 4031 { 4032 png_uint_32 xin, xout, xstep; 4033 4034 /* Note that this can, trivially, be optimized to a memcpy on pass 7, the 4035 * code is presented this way to make it easier to understand. In practice 4036 * consult the code in the libpng source to see other ways of doing this. 4037 * 4038 * It is OK for buffer and imageRow to be identical, because 'xin' moves 4039 * faster than 'xout' and we copy up. 4040 */ 4041 xin = PNG_PASS_START_COL(pass); 4042 xstep = 1U<<PNG_PASS_COL_SHIFT(pass); 4043 4044 for (xout=0; xin<w; xin+=xstep) 4045 { 4046 pixel_copy(buffer, xout, imageRow, xin, pixel_size, littleendian); 4047 ++xout; 4048 } 4049 } 4050 4051 #ifdef PNG_READ_SUPPORTED 4052 static void 4053 deinterlace_row(png_bytep buffer, png_const_bytep row, 4054 unsigned int pixel_size, png_uint_32 w, int pass, int littleendian) 4055 { 4056 /* The inverse of the above, 'row' is part of row 'y' of the output image, 4057 * in 'buffer'. The image is 'w' wide and this is pass 'pass', distribute 4058 * the pixels of row into buffer and return the number written (to allow 4059 * this to be checked). 4060 */ 4061 png_uint_32 xin, xout, xstep; 4062 4063 xout = PNG_PASS_START_COL(pass); 4064 xstep = 1U<<PNG_PASS_COL_SHIFT(pass); 4065 4066 for (xin=0; xout<w; xout+=xstep) 4067 { 4068 pixel_copy(buffer, xout, row, xin, pixel_size, littleendian); 4069 ++xin; 4070 } 4071 } 4072 #endif /* PNG_READ_SUPPORTED */ 4073 4074 /* Make a standardized image given an image colour type, bit depth and 4075 * interlace type. The standard images have a very restricted range of 4076 * rows and heights and are used for testing transforms rather than image 4077 * layout details. See make_size_images below for a way to make images 4078 * that test odd sizes along with the libpng interlace handling. 4079 */ 4080 #ifdef PNG_WRITE_FILTER_SUPPORTED 4081 static void 4082 choose_random_filter(png_structp pp, int start) 4083 { 4084 /* Choose filters randomly except that on the very first row ensure that 4085 * there is at least one previous row filter. 4086 */ 4087 int filters = PNG_ALL_FILTERS & random_mod(256U); 4088 4089 /* There may be no filters; skip the setting. */ 4090 if (filters != 0) 4091 { 4092 if (start && filters < PNG_FILTER_UP) 4093 filters |= PNG_FILTER_UP; 4094 4095 png_set_filter(pp, 0/*method*/, filters); 4096 } 4097 } 4098 #else /* !WRITE_FILTER */ 4099 # define choose_random_filter(pp, start) ((void)0) 4100 #endif /* !WRITE_FILTER */ 4101 4102 static void 4103 make_transform_image(png_store* const ps, png_byte const colour_type, 4104 png_byte const bit_depth, unsigned int palette_number, 4105 int interlace_type, png_const_charp name) 4106 { 4107 context(ps, fault); 4108 4109 check_interlace_type(interlace_type); 4110 4111 Try 4112 { 4113 png_infop pi; 4114 png_structp pp = set_store_for_write(ps, &pi, name); 4115 png_uint_32 h, w; 4116 4117 /* In the event of a problem return control to the Catch statement below 4118 * to do the clean up - it is not possible to 'return' directly from a Try 4119 * block. 4120 */ 4121 if (pp == NULL) 4122 Throw ps; 4123 4124 w = transform_width(pp, colour_type, bit_depth); 4125 h = transform_height(pp, colour_type, bit_depth); 4126 4127 png_set_IHDR(pp, pi, w, h, bit_depth, colour_type, interlace_type, 4128 PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE); 4129 4130 #ifdef PNG_TEXT_SUPPORTED 4131 # if defined(PNG_READ_zTXt_SUPPORTED) && defined(PNG_WRITE_zTXt_SUPPORTED) 4132 # define TEXT_COMPRESSION PNG_TEXT_COMPRESSION_zTXt 4133 # else 4134 # define TEXT_COMPRESSION PNG_TEXT_COMPRESSION_NONE 4135 # endif 4136 { 4137 static char key[] = "image name"; /* must be writeable */ 4138 size_t pos; 4139 png_text text; 4140 char copy[FILE_NAME_SIZE]; 4141 4142 /* Use a compressed text string to test the correct interaction of text 4143 * compression and IDAT compression. 4144 */ 4145 text.compression = TEXT_COMPRESSION; 4146 text.key = key; 4147 /* Yuck: the text must be writable! */ 4148 pos = safecat(copy, sizeof copy, 0, ps->wname); 4149 text.text = copy; 4150 text.text_length = pos; 4151 text.itxt_length = 0; 4152 text.lang = 0; 4153 text.lang_key = 0; 4154 4155 png_set_text(pp, pi, &text, 1); 4156 } 4157 #endif 4158 4159 if (colour_type == 3) /* palette */ 4160 init_standard_palette(ps, pp, pi, 1U << bit_depth, 1/*do tRNS*/); 4161 4162 # ifdef PNG_WRITE_tRNS_SUPPORTED 4163 else if (palette_number) 4164 set_random_tRNS(pp, pi, colour_type, bit_depth); 4165 # endif 4166 4167 png_write_info(pp, pi); 4168 4169 if (png_get_rowbytes(pp, pi) != 4170 transform_rowsize(pp, colour_type, bit_depth)) 4171 png_error(pp, "transform row size incorrect"); 4172 4173 else 4174 { 4175 /* Somewhat confusingly this must be called *after* png_write_info 4176 * because if it is called before, the information in *pp has not been 4177 * updated to reflect the interlaced image. 4178 */ 4179 int npasses = set_write_interlace_handling(pp, interlace_type); 4180 int pass; 4181 4182 if (npasses != npasses_from_interlace_type(pp, interlace_type)) 4183 png_error(pp, "write: png_set_interlace_handling failed"); 4184 4185 for (pass=0; pass<npasses; ++pass) 4186 { 4187 png_uint_32 y; 4188 4189 /* do_own_interlace is a pre-defined boolean (a #define) which is 4190 * set if we have to work out the interlaced rows here. 4191 */ 4192 for (y=0; y<h; ++y) 4193 { 4194 png_byte buffer[TRANSFORM_ROWMAX]; 4195 4196 transform_row(pp, buffer, colour_type, bit_depth, y); 4197 4198 # if do_own_interlace 4199 /* If do_own_interlace *and* the image is interlaced we need a 4200 * reduced interlace row; this may be reduced to empty. 4201 */ 4202 if (interlace_type == PNG_INTERLACE_ADAM7) 4203 { 4204 /* The row must not be written if it doesn't exist, notice 4205 * that there are two conditions here, either the row isn't 4206 * ever in the pass or the row would be but isn't wide 4207 * enough to contribute any pixels. In fact the wPass test 4208 * can be used to skip the whole y loop in this case. 4209 */ 4210 if (PNG_ROW_IN_INTERLACE_PASS(y, pass) && 4211 PNG_PASS_COLS(w, pass) > 0) 4212 interlace_row(buffer, buffer, 4213 bit_size(pp, colour_type, bit_depth), w, pass, 4214 0/*data always bigendian*/); 4215 else 4216 continue; 4217 } 4218 # endif /* do_own_interlace */ 4219 4220 choose_random_filter(pp, pass == 0 && y == 0); 4221 png_write_row(pp, buffer); 4222 } 4223 } 4224 } 4225 4226 #ifdef PNG_TEXT_SUPPORTED 4227 { 4228 static char key[] = "end marker"; 4229 static char comment[] = "end"; 4230 png_text text; 4231 4232 /* Use a compressed text string to test the correct interaction of text 4233 * compression and IDAT compression. 4234 */ 4235 text.compression = TEXT_COMPRESSION; 4236 text.key = key; 4237 text.text = comment; 4238 text.text_length = (sizeof comment)-1; 4239 text.itxt_length = 0; 4240 text.lang = 0; 4241 text.lang_key = 0; 4242 4243 png_set_text(pp, pi, &text, 1); 4244 } 4245 #endif 4246 4247 png_write_end(pp, pi); 4248 4249 /* And store this under the appropriate id, then clean up. */ 4250 store_storefile(ps, FILEID(colour_type, bit_depth, palette_number, 4251 interlace_type, 0, 0, 0)); 4252 4253 store_write_reset(ps); 4254 } 4255 4256 Catch(fault) 4257 { 4258 /* Use the png_store returned by the exception. This may help the compiler 4259 * because 'ps' is not used in this branch of the setjmp. Note that fault 4260 * and ps will always be the same value. 4261 */ 4262 store_write_reset(fault); 4263 } 4264 } 4265 4266 static void 4267 make_transform_images(png_modifier *pm) 4268 { 4269 png_byte colour_type = 0; 4270 png_byte bit_depth = 0; 4271 unsigned int palette_number = 0; 4272 4273 /* This is in case of errors. */ 4274 safecat(pm->this.test, sizeof pm->this.test, 0, "make standard images"); 4275 4276 /* Use next_format to enumerate all the combinations we test, including 4277 * generating multiple low bit depth palette images. Non-A images (palette 4278 * and direct) are created with and without tRNS chunks. 4279 */ 4280 while (next_format(&colour_type, &bit_depth, &palette_number, 1, 1)) 4281 { 4282 int interlace_type; 4283 4284 for (interlace_type = PNG_INTERLACE_NONE; 4285 interlace_type < INTERLACE_LAST; ++interlace_type) 4286 { 4287 char name[FILE_NAME_SIZE]; 4288 4289 standard_name(name, sizeof name, 0, colour_type, bit_depth, 4290 palette_number, interlace_type, 0, 0, do_own_interlace); 4291 make_transform_image(&pm->this, colour_type, bit_depth, palette_number, 4292 interlace_type, name); 4293 } 4294 } 4295 } 4296 4297 /* Build a single row for the 'size' test images; this fills in only the 4298 * first bit_width bits of the sample row. 4299 */ 4300 static void 4301 size_row(png_byte buffer[SIZE_ROWMAX], png_uint_32 bit_width, png_uint_32 y) 4302 { 4303 /* height is in the range 1 to 16, so: */ 4304 y = ((y & 1) << 7) + ((y & 2) << 6) + ((y & 4) << 5) + ((y & 8) << 4); 4305 /* the following ensures bits are set in small images: */ 4306 y ^= 0xA5; 4307 4308 while (bit_width >= 8) 4309 *buffer++ = (png_byte)y++, bit_width -= 8; 4310 4311 /* There may be up to 7 remaining bits, these go in the most significant 4312 * bits of the byte. 4313 */ 4314 if (bit_width > 0) 4315 { 4316 png_uint_32 mask = (1U<<(8-bit_width))-1; 4317 *buffer = (png_byte)((*buffer & mask) | (y & ~mask)); 4318 } 4319 } 4320 4321 static void 4322 make_size_image(png_store* const ps, png_byte const colour_type, 4323 png_byte const bit_depth, int const interlace_type, 4324 png_uint_32 const w, png_uint_32 const h, 4325 int const do_interlace) 4326 { 4327 context(ps, fault); 4328 4329 check_interlace_type(interlace_type); 4330 4331 Try 4332 { 4333 png_infop pi; 4334 png_structp pp; 4335 unsigned int pixel_size; 4336 4337 /* Make a name and get an appropriate id for the store: */ 4338 char name[FILE_NAME_SIZE]; 4339 const png_uint_32 id = FILEID(colour_type, bit_depth, 0/*palette*/, 4340 interlace_type, w, h, do_interlace); 4341 4342 standard_name_from_id(name, sizeof name, 0, id); 4343 pp = set_store_for_write(ps, &pi, name); 4344 4345 /* In the event of a problem return control to the Catch statement below 4346 * to do the clean up - it is not possible to 'return' directly from a Try 4347 * block. 4348 */ 4349 if (pp == NULL) 4350 Throw ps; 4351 4352 png_set_IHDR(pp, pi, w, h, bit_depth, colour_type, interlace_type, 4353 PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE); 4354 4355 #ifdef PNG_TEXT_SUPPORTED 4356 { 4357 static char key[] = "image name"; /* must be writeable */ 4358 size_t pos; 4359 png_text text; 4360 char copy[FILE_NAME_SIZE]; 4361 4362 /* Use a compressed text string to test the correct interaction of text 4363 * compression and IDAT compression. 4364 */ 4365 text.compression = TEXT_COMPRESSION; 4366 text.key = key; 4367 /* Yuck: the text must be writable! */ 4368 pos = safecat(copy, sizeof copy, 0, ps->wname); 4369 text.text = copy; 4370 text.text_length = pos; 4371 text.itxt_length = 0; 4372 text.lang = 0; 4373 text.lang_key = 0; 4374 4375 png_set_text(pp, pi, &text, 1); 4376 } 4377 #endif 4378 4379 if (colour_type == 3) /* palette */ 4380 init_standard_palette(ps, pp, pi, 1U << bit_depth, 0/*do tRNS*/); 4381 4382 png_write_info(pp, pi); 4383 4384 /* Calculate the bit size, divide by 8 to get the byte size - this won't 4385 * overflow because we know the w values are all small enough even for 4386 * a system where 'unsigned int' is only 16 bits. 4387 */ 4388 pixel_size = bit_size(pp, colour_type, bit_depth); 4389 if (png_get_rowbytes(pp, pi) != ((w * pixel_size) + 7) / 8) 4390 png_error(pp, "size row size incorrect"); 4391 4392 else 4393 { 4394 int npasses = npasses_from_interlace_type(pp, interlace_type); 4395 png_uint_32 y; 4396 int pass; 4397 png_byte image[16][SIZE_ROWMAX]; 4398 4399 /* To help consistent error detection make the parts of this buffer 4400 * that aren't set below all '1': 4401 */ 4402 memset(image, 0xff, sizeof image); 4403 4404 if (!do_interlace && 4405 npasses != set_write_interlace_handling(pp, interlace_type)) 4406 png_error(pp, "write: png_set_interlace_handling failed"); 4407 4408 /* Prepare the whole image first to avoid making it 7 times: */ 4409 for (y=0; y<h; ++y) 4410 size_row(image[y], w * pixel_size, y); 4411 4412 for (pass=0; pass<npasses; ++pass) 4413 { 4414 /* The following two are for checking the macros: */ 4415 const png_uint_32 wPass = PNG_PASS_COLS(w, pass); 4416 4417 /* If do_interlace is set we don't call png_write_row for every 4418 * row because some of them are empty. In fact, for a 1x1 image, 4419 * most of them are empty! 4420 */ 4421 for (y=0; y<h; ++y) 4422 { 4423 png_const_bytep row = image[y]; 4424 png_byte tempRow[SIZE_ROWMAX]; 4425 4426 /* If do_interlace *and* the image is interlaced we 4427 * need a reduced interlace row; this may be reduced 4428 * to empty. 4429 */ 4430 if (do_interlace && interlace_type == PNG_INTERLACE_ADAM7) 4431 { 4432 /* The row must not be written if it doesn't exist, notice 4433 * that there are two conditions here, either the row isn't 4434 * ever in the pass or the row would be but isn't wide 4435 * enough to contribute any pixels. In fact the wPass test 4436 * can be used to skip the whole y loop in this case. 4437 */ 4438 if (PNG_ROW_IN_INTERLACE_PASS(y, pass) && wPass > 0) 4439 { 4440 /* Set to all 1's for error detection (libpng tends to 4441 * set unset things to 0). 4442 */ 4443 memset(tempRow, 0xff, sizeof tempRow); 4444 interlace_row(tempRow, row, pixel_size, w, pass, 4445 0/*data always bigendian*/); 4446 row = tempRow; 4447 } 4448 else 4449 continue; 4450 } 4451 4452 # ifdef PNG_WRITE_FILTER_SUPPORTED 4453 /* Only get to here if the row has some pixels in it, set the 4454 * filters to 'all' for the very first row and thereafter to a 4455 * single filter. It isn't well documented, but png_set_filter 4456 * does accept a filter number (per the spec) as well as a bit 4457 * mask. 4458 * 4459 * The code now uses filters at random, except that on the first 4460 * row of an image it ensures that a previous row filter is in 4461 * the set so that libpng allocates the row buffer. 4462 */ 4463 { 4464 int filters = 8 << random_mod(PNG_FILTER_VALUE_LAST); 4465 4466 if (pass == 0 && y == 0 && 4467 (filters < PNG_FILTER_UP || w == 1U)) 4468 filters |= PNG_FILTER_UP; 4469 4470 png_set_filter(pp, 0/*method*/, filters); 4471 } 4472 # endif 4473 4474 png_write_row(pp, row); 4475 } 4476 } 4477 } 4478 4479 #ifdef PNG_TEXT_SUPPORTED 4480 { 4481 static char key[] = "end marker"; 4482 static char comment[] = "end"; 4483 png_text text; 4484 4485 /* Use a compressed text string to test the correct interaction of text 4486 * compression and IDAT compression. 4487 */ 4488 text.compression = TEXT_COMPRESSION; 4489 text.key = key; 4490 text.text = comment; 4491 text.text_length = (sizeof comment)-1; 4492 text.itxt_length = 0; 4493 text.lang = 0; 4494 text.lang_key = 0; 4495 4496 png_set_text(pp, pi, &text, 1); 4497 } 4498 #endif 4499 4500 png_write_end(pp, pi); 4501 4502 /* And store this under the appropriate id, then clean up. */ 4503 store_storefile(ps, id); 4504 4505 store_write_reset(ps); 4506 } 4507 4508 Catch(fault) 4509 { 4510 /* Use the png_store returned by the exception. This may help the compiler 4511 * because 'ps' is not used in this branch of the setjmp. Note that fault 4512 * and ps will always be the same value. 4513 */ 4514 store_write_reset(fault); 4515 } 4516 } 4517 4518 static void 4519 make_size(png_store* const ps, png_byte const colour_type, int bdlo, 4520 int const bdhi) 4521 { 4522 for (; bdlo <= bdhi; ++bdlo) 4523 { 4524 png_uint_32 width; 4525 4526 for (width = 1; width <= 16; ++width) 4527 { 4528 png_uint_32 height; 4529 4530 for (height = 1; height <= 16; ++height) 4531 { 4532 /* The four combinations of DIY interlace and interlace or not - 4533 * no interlace + DIY should be identical to no interlace with 4534 * libpng doing it. 4535 */ 4536 make_size_image(ps, colour_type, DEPTH(bdlo), PNG_INTERLACE_NONE, 4537 width, height, 0); 4538 make_size_image(ps, colour_type, DEPTH(bdlo), PNG_INTERLACE_NONE, 4539 width, height, 1); 4540 # ifdef PNG_WRITE_INTERLACING_SUPPORTED 4541 make_size_image(ps, colour_type, DEPTH(bdlo), PNG_INTERLACE_ADAM7, 4542 width, height, 0); 4543 # endif 4544 # if CAN_WRITE_INTERLACE 4545 /* 1.7.0 removes the hack that prevented app write of an interlaced 4546 * image if WRITE_INTERLACE was not supported 4547 */ 4548 make_size_image(ps, colour_type, DEPTH(bdlo), PNG_INTERLACE_ADAM7, 4549 width, height, 1); 4550 # endif 4551 } 4552 } 4553 } 4554 } 4555 4556 static void 4557 make_size_images(png_store *ps) 4558 { 4559 /* This is in case of errors. */ 4560 safecat(ps->test, sizeof ps->test, 0, "make size images"); 4561 4562 /* Arguments are colour_type, low bit depth, high bit depth 4563 */ 4564 make_size(ps, 0, 0, WRITE_BDHI); 4565 make_size(ps, 2, 3, WRITE_BDHI); 4566 make_size(ps, 3, 0, 3 /*palette: max 8 bits*/); 4567 make_size(ps, 4, 3, WRITE_BDHI); 4568 make_size(ps, 6, 3, WRITE_BDHI); 4569 } 4570 4571 #ifdef PNG_READ_SUPPORTED 4572 /* Return a row based on image id and 'y' for checking: */ 4573 static void 4574 standard_row(png_const_structp pp, png_byte std[STANDARD_ROWMAX], 4575 png_uint_32 id, png_uint_32 y) 4576 { 4577 if (WIDTH_FROM_ID(id) == 0) 4578 transform_row(pp, std, COL_FROM_ID(id), DEPTH_FROM_ID(id), y); 4579 else 4580 size_row(std, WIDTH_FROM_ID(id) * bit_size(pp, COL_FROM_ID(id), 4581 DEPTH_FROM_ID(id)), y); 4582 } 4583 #endif /* PNG_READ_SUPPORTED */ 4584 4585 /* Tests - individual test cases */ 4586 /* Like 'make_standard' but errors are deliberately introduced into the calls 4587 * to ensure that they get detected - it should not be possible to write an 4588 * invalid image with libpng! 4589 */ 4590 /* TODO: the 'set' functions can probably all be made to take a 4591 * png_const_structp rather than a modifiable one. 4592 */ 4593 #ifdef PNG_WARNINGS_SUPPORTED 4594 static void 4595 sBIT0_error_fn(png_structp pp, png_infop pi) 4596 { 4597 /* 0 is invalid... */ 4598 png_color_8 bad; 4599 bad.red = bad.green = bad.blue = bad.gray = bad.alpha = 0; 4600 png_set_sBIT(pp, pi, &bad); 4601 } 4602 4603 static void 4604 sBIT_error_fn(png_structp pp, png_infop pi) 4605 { 4606 png_byte bit_depth; 4607 png_color_8 bad; 4608 4609 if (png_get_color_type(pp, pi) == PNG_COLOR_TYPE_PALETTE) 4610 bit_depth = 8; 4611 4612 else 4613 bit_depth = png_get_bit_depth(pp, pi); 4614 4615 /* Now we know the bit depth we can easily generate an invalid sBIT entry */ 4616 bad.red = bad.green = bad.blue = bad.gray = bad.alpha = 4617 (png_byte)(bit_depth+1); 4618 png_set_sBIT(pp, pi, &bad); 4619 } 4620 4621 static const struct 4622 { 4623 void (*fn)(png_structp, png_infop); 4624 const char *msg; 4625 unsigned int warning :1; /* the error is a warning... */ 4626 } error_test[] = 4627 { 4628 /* no warnings makes these errors undetectable prior to 1.7.0 */ 4629 { sBIT0_error_fn, "sBIT(0): failed to detect error", 4630 PNG_LIBPNG_VER < 10700 }, 4631 4632 { sBIT_error_fn, "sBIT(too big): failed to detect error", 4633 PNG_LIBPNG_VER < 10700 }, 4634 }; 4635 4636 static void 4637 make_error(png_store* const ps, png_byte const colour_type, 4638 png_byte bit_depth, int interlace_type, int test, png_const_charp name) 4639 { 4640 context(ps, fault); 4641 4642 check_interlace_type(interlace_type); 4643 4644 Try 4645 { 4646 png_infop pi; 4647 const png_structp pp = set_store_for_write(ps, &pi, name); 4648 png_uint_32 w, h; 4649 gnu_volatile(pp) 4650 4651 if (pp == NULL) 4652 Throw ps; 4653 4654 w = transform_width(pp, colour_type, bit_depth); 4655 gnu_volatile(w) 4656 h = transform_height(pp, colour_type, bit_depth); 4657 gnu_volatile(h) 4658 png_set_IHDR(pp, pi, w, h, bit_depth, colour_type, interlace_type, 4659 PNG_COMPRESSION_TYPE_BASE, PNG_FILTER_TYPE_BASE); 4660 4661 if (colour_type == 3) /* palette */ 4662 init_standard_palette(ps, pp, pi, 1U << bit_depth, 0/*do tRNS*/); 4663 4664 /* Time for a few errors; these are in various optional chunks, the 4665 * standard tests test the standard chunks pretty well. 4666 */ 4667 # define exception__prev exception_prev_1 4668 # define exception__env exception_env_1 4669 Try 4670 { 4671 gnu_volatile(exception__prev) 4672 4673 /* Expect this to throw: */ 4674 ps->expect_error = !error_test[test].warning; 4675 ps->expect_warning = error_test[test].warning; 4676 ps->saw_warning = 0; 4677 error_test[test].fn(pp, pi); 4678 4679 /* Normally the error is only detected here: */ 4680 png_write_info(pp, pi); 4681 4682 /* And handle the case where it was only a warning: */ 4683 if (ps->expect_warning && ps->saw_warning) 4684 Throw ps; 4685 4686 /* If we get here there is a problem, we have success - no error or 4687 * no warning - when we shouldn't have success. Log an error. 4688 */ 4689 store_log(ps, pp, error_test[test].msg, 1 /*error*/); 4690 } 4691 4692 Catch (fault) 4693 { /* expected exit */ 4694 } 4695 #undef exception__prev 4696 #undef exception__env 4697 4698 /* And clear these flags */ 4699 ps->expect_warning = 0; 4700 4701 if (ps->expect_error) 4702 ps->expect_error = 0; 4703 4704 else 4705 { 4706 /* Now write the whole image, just to make sure that the detected, or 4707 * undetected, errro has not created problems inside libpng. This 4708 * doesn't work if there was a png_error in png_write_info because that 4709 * can abort before PLTE was written. 4710 */ 4711 if (png_get_rowbytes(pp, pi) != 4712 transform_rowsize(pp, colour_type, bit_depth)) 4713 png_error(pp, "row size incorrect"); 4714 4715 else 4716 { 4717 int npasses = set_write_interlace_handling(pp, interlace_type); 4718 int pass; 4719 4720 if (npasses != npasses_from_interlace_type(pp, interlace_type)) 4721 png_error(pp, "write: png_set_interlace_handling failed"); 4722 4723 for (pass=0; pass<npasses; ++pass) 4724 { 4725 png_uint_32 y; 4726 4727 for (y=0; y<h; ++y) 4728 { 4729 png_byte buffer[TRANSFORM_ROWMAX]; 4730 4731 transform_row(pp, buffer, colour_type, bit_depth, y); 4732 4733 # if do_own_interlace 4734 /* If do_own_interlace *and* the image is interlaced we 4735 * need a reduced interlace row; this may be reduced to 4736 * empty. 4737 */ 4738 if (interlace_type == PNG_INTERLACE_ADAM7) 4739 { 4740 /* The row must not be written if it doesn't exist, 4741 * notice that there are two conditions here, either the 4742 * row isn't ever in the pass or the row would be but 4743 * isn't wide enough to contribute any pixels. In fact 4744 * the wPass test can be used to skip the whole y loop 4745 * in this case. 4746 */ 4747 if (PNG_ROW_IN_INTERLACE_PASS(y, pass) && 4748 PNG_PASS_COLS(w, pass) > 0) 4749 interlace_row(buffer, buffer, 4750 bit_size(pp, colour_type, bit_depth), w, pass, 4751 0/*data always bigendian*/); 4752 else 4753 continue; 4754 } 4755 # endif /* do_own_interlace */ 4756 4757 png_write_row(pp, buffer); 4758 } 4759 } 4760 } /* image writing */ 4761 4762 png_write_end(pp, pi); 4763 } 4764 4765 /* The following deletes the file that was just written. */ 4766 store_write_reset(ps); 4767 } 4768 4769 Catch(fault) 4770 { 4771 store_write_reset(fault); 4772 } 4773 } 4774 4775 static int 4776 make_errors(png_modifier* const pm, png_byte const colour_type, 4777 int bdlo, int const bdhi) 4778 { 4779 for (; bdlo <= bdhi; ++bdlo) 4780 { 4781 int interlace_type; 4782 4783 for (interlace_type = PNG_INTERLACE_NONE; 4784 interlace_type < INTERLACE_LAST; ++interlace_type) 4785 { 4786 unsigned int test; 4787 char name[FILE_NAME_SIZE]; 4788 4789 standard_name(name, sizeof name, 0, colour_type, 1<<bdlo, 0, 4790 interlace_type, 0, 0, do_own_interlace); 4791 4792 for (test=0; test<ARRAY_SIZE(error_test); ++test) 4793 { 4794 make_error(&pm->this, colour_type, DEPTH(bdlo), interlace_type, 4795 test, name); 4796 4797 if (fail(pm)) 4798 return 0; 4799 } 4800 } 4801 } 4802 4803 return 1; /* keep going */ 4804 } 4805 #endif /* PNG_WARNINGS_SUPPORTED */ 4806 4807 static void 4808 perform_error_test(png_modifier *pm) 4809 { 4810 #ifdef PNG_WARNINGS_SUPPORTED /* else there are no cases that work! */ 4811 /* Need to do this here because we just write in this test. */ 4812 safecat(pm->this.test, sizeof pm->this.test, 0, "error test"); 4813 4814 if (!make_errors(pm, 0, 0, WRITE_BDHI)) 4815 return; 4816 4817 if (!make_errors(pm, 2, 3, WRITE_BDHI)) 4818 return; 4819 4820 if (!make_errors(pm, 3, 0, 3)) 4821 return; 4822 4823 if (!make_errors(pm, 4, 3, WRITE_BDHI)) 4824 return; 4825 4826 if (!make_errors(pm, 6, 3, WRITE_BDHI)) 4827 return; 4828 #else 4829 UNUSED(pm) 4830 #endif 4831 } 4832 4833 /* This is just to validate the internal PNG formatting code - if this fails 4834 * then the warning messages the library outputs will probably be garbage. 4835 */ 4836 static void 4837 perform_formatting_test(png_store *ps) 4838 { 4839 #ifdef PNG_TIME_RFC1123_SUPPORTED 4840 /* The handle into the formatting code is the RFC1123 support; this test does 4841 * nothing if that is compiled out. 4842 */ 4843 context(ps, fault); 4844 4845 Try 4846 { 4847 png_const_charp correct = "29 Aug 2079 13:53:60 +0000"; 4848 png_const_charp result; 4849 # if PNG_LIBPNG_VER >= 10600 4850 char timestring[29]; 4851 # endif 4852 png_structp pp; 4853 png_time pt; 4854 4855 pp = set_store_for_write(ps, NULL, "libpng formatting test"); 4856 4857 if (pp == NULL) 4858 Throw ps; 4859 4860 4861 /* Arbitrary settings: */ 4862 pt.year = 2079; 4863 pt.month = 8; 4864 pt.day = 29; 4865 pt.hour = 13; 4866 pt.minute = 53; 4867 pt.second = 60; /* a leap second */ 4868 4869 # if PNG_LIBPNG_VER < 10600 4870 result = png_convert_to_rfc1123(pp, &pt); 4871 # else 4872 if (png_convert_to_rfc1123_buffer(timestring, &pt)) 4873 result = timestring; 4874 4875 else 4876 result = NULL; 4877 # endif 4878 4879 if (result == NULL) 4880 png_error(pp, "png_convert_to_rfc1123 failed"); 4881 4882 if (strcmp(result, correct) != 0) 4883 { 4884 size_t pos = 0; 4885 char msg[128]; 4886 4887 pos = safecat(msg, sizeof msg, pos, "png_convert_to_rfc1123("); 4888 pos = safecat(msg, sizeof msg, pos, correct); 4889 pos = safecat(msg, sizeof msg, pos, ") returned: '"); 4890 pos = safecat(msg, sizeof msg, pos, result); 4891 pos = safecat(msg, sizeof msg, pos, "'"); 4892 4893 png_error(pp, msg); 4894 } 4895 4896 store_write_reset(ps); 4897 } 4898 4899 Catch(fault) 4900 { 4901 store_write_reset(fault); 4902 } 4903 #else 4904 UNUSED(ps) 4905 #endif 4906 } 4907 4908 #ifdef PNG_READ_SUPPORTED 4909 /* Because we want to use the same code in both the progressive reader and the 4910 * sequential reader it is necessary to deal with the fact that the progressive 4911 * reader callbacks only have one parameter (png_get_progressive_ptr()), so this 4912 * must contain all the test parameters and all the local variables directly 4913 * accessible to the sequential reader implementation. 4914 * 4915 * The technique adopted is to reinvent part of what Dijkstra termed a 4916 * 'display'; an array of pointers to the stack frames of enclosing functions so 4917 * that a nested function definition can access the local (C auto) variables of 4918 * the functions that contain its definition. In fact C provides the first 4919 * pointer (the local variables - the stack frame pointer) and the last (the 4920 * global variables - the BCPL global vector typically implemented as global 4921 * addresses), this code requires one more pointer to make the display - the 4922 * local variables (and function call parameters) of the function that actually 4923 * invokes either the progressive or sequential reader. 4924 * 4925 * Perhaps confusingly this technique is confounded with classes - the 4926 * 'standard_display' defined here is sub-classed as the 'gamma_display' below. 4927 * A gamma_display is a standard_display, taking advantage of the ANSI-C 4928 * requirement that the pointer to the first member of a structure must be the 4929 * same as the pointer to the structure. This allows us to reuse standard_ 4930 * functions in the gamma test code; something that could not be done with 4931 * nested functions! 4932 */ 4933 typedef struct standard_display 4934 { 4935 png_store* ps; /* Test parameters (passed to the function) */ 4936 png_byte colour_type; 4937 png_byte bit_depth; 4938 png_byte red_sBIT; /* Input data sBIT values. */ 4939 png_byte green_sBIT; 4940 png_byte blue_sBIT; 4941 png_byte alpha_sBIT; 4942 png_byte interlace_type; 4943 png_byte filler; /* Output has a filler */ 4944 png_uint_32 id; /* Calculated file ID */ 4945 png_uint_32 w; /* Width of image */ 4946 png_uint_32 h; /* Height of image */ 4947 int npasses; /* Number of interlaced passes */ 4948 png_uint_32 pixel_size; /* Width of one pixel in bits */ 4949 png_uint_32 bit_width; /* Width of output row in bits */ 4950 size_t cbRow; /* Bytes in a row of the output image */ 4951 int do_interlace; /* Do interlacing internally */ 4952 int littleendian; /* App (row) data is little endian */ 4953 int is_transparent; /* Transparency information was present. */ 4954 int has_tRNS; /* color type GRAY or RGB with a tRNS chunk. */ 4955 int speed; /* Doing a speed test */ 4956 int use_update_info;/* Call update_info, not start_image */ 4957 struct 4958 { 4959 png_uint_16 red; 4960 png_uint_16 green; 4961 png_uint_16 blue; 4962 } transparent; /* The transparent color, if set. */ 4963 int npalette; /* Number of entries in the palette. */ 4964 store_palette 4965 palette; 4966 } standard_display; 4967 4968 static void 4969 standard_display_init(standard_display *dp, png_store* ps, png_uint_32 id, 4970 int do_interlace, int use_update_info) 4971 { 4972 memset(dp, 0, sizeof *dp); 4973 4974 dp->ps = ps; 4975 dp->colour_type = COL_FROM_ID(id); 4976 dp->bit_depth = DEPTH_FROM_ID(id); 4977 if (dp->bit_depth < 1 || dp->bit_depth > 16) 4978 internal_error(ps, "internal: bad bit depth"); 4979 if (dp->colour_type == 3) 4980 dp->red_sBIT = dp->blue_sBIT = dp->green_sBIT = dp->alpha_sBIT = 8; 4981 else 4982 dp->red_sBIT = dp->blue_sBIT = dp->green_sBIT = dp->alpha_sBIT = 4983 dp->bit_depth; 4984 dp->interlace_type = INTERLACE_FROM_ID(id); 4985 check_interlace_type(dp->interlace_type); 4986 dp->id = id; 4987 /* All the rest are filled in after the read_info: */ 4988 dp->w = 0; 4989 dp->h = 0; 4990 dp->npasses = 0; 4991 dp->pixel_size = 0; 4992 dp->bit_width = 0; 4993 dp->cbRow = 0; 4994 dp->do_interlace = do_interlace; 4995 dp->littleendian = 0; 4996 dp->is_transparent = 0; 4997 dp->speed = ps->speed; 4998 dp->use_update_info = use_update_info; 4999 dp->npalette = 0; 5000 /* Preset the transparent color to black: */ 5001 memset(&dp->transparent, 0, sizeof dp->transparent); 5002 /* Preset the palette to full intensity/opaque througout: */ 5003 memset(dp->palette, 0xff, sizeof dp->palette); 5004 } 5005 5006 /* Initialize the palette fields - this must be done later because the palette 5007 * comes from the particular png_store_file that is selected. 5008 */ 5009 static void 5010 standard_palette_init(standard_display *dp) 5011 { 5012 store_palette_entry *palette = store_current_palette(dp->ps, &dp->npalette); 5013 5014 /* The remaining entries remain white/opaque. */ 5015 if (dp->npalette > 0) 5016 { 5017 int i = dp->npalette; 5018 memcpy(dp->palette, palette, i * sizeof *palette); 5019 5020 /* Check for a non-opaque palette entry: */ 5021 while (--i >= 0) 5022 if (palette[i].alpha < 255) 5023 break; 5024 5025 # ifdef __GNUC__ 5026 /* GCC can't handle the more obviously optimizable version. */ 5027 if (i >= 0) 5028 dp->is_transparent = 1; 5029 else 5030 dp->is_transparent = 0; 5031 # else 5032 dp->is_transparent = (i >= 0); 5033 # endif 5034 } 5035 } 5036 5037 /* Utility to read the palette from the PNG file and convert it into 5038 * store_palette format. This returns 1 if there is any transparency in the 5039 * palette (it does not check for a transparent colour in the non-palette case.) 5040 */ 5041 static int 5042 read_palette(store_palette palette, int *npalette, png_const_structp pp, 5043 png_infop pi) 5044 { 5045 png_colorp pal; 5046 png_bytep trans_alpha; 5047 int num; 5048 5049 pal = 0; 5050 *npalette = -1; 5051 5052 if (png_get_PLTE(pp, pi, &pal, npalette) & PNG_INFO_PLTE) 5053 { 5054 int i = *npalette; 5055 5056 if (i <= 0 || i > 256) 5057 png_error(pp, "validate: invalid PLTE count"); 5058 5059 while (--i >= 0) 5060 { 5061 palette[i].red = pal[i].red; 5062 palette[i].green = pal[i].green; 5063 palette[i].blue = pal[i].blue; 5064 } 5065 5066 /* Mark the remainder of the entries with a flag value (other than 5067 * white/opaque which is the flag value stored above.) 5068 */ 5069 memset(palette + *npalette, 126, (256-*npalette) * sizeof *palette); 5070 } 5071 5072 else /* !png_get_PLTE */ 5073 { 5074 if (*npalette != (-1)) 5075 png_error(pp, "validate: invalid PLTE result"); 5076 /* But there is no palette, so record this: */ 5077 *npalette = 0; 5078 memset(palette, 113, sizeof (store_palette)); 5079 } 5080 5081 trans_alpha = 0; 5082 num = 2; /* force error below */ 5083 if ((png_get_tRNS(pp, pi, &trans_alpha, &num, 0) & PNG_INFO_tRNS) != 0 && 5084 (trans_alpha != NULL || num != 1/*returns 1 for a transparent color*/) && 5085 /* Oops, if a palette tRNS gets expanded png_read_update_info (at least so 5086 * far as 1.5.4) does not remove the trans_alpha pointer, only num_trans, 5087 * so in the above call we get a success, we get a pointer (who knows what 5088 * to) and we get num_trans == 0: 5089 */ 5090 !(trans_alpha != NULL && num == 0)) /* TODO: fix this in libpng. */ 5091 { 5092 int i; 5093 5094 /* Any of these are crash-worthy - given the implementation of 5095 * png_get_tRNS up to 1.5 an app won't crash if it just checks the 5096 * result above and fails to check that the variables it passed have 5097 * actually been filled in! Note that if the app were to pass the 5098 * last, png_color_16p, variable too it couldn't rely on this. 5099 */ 5100 if (trans_alpha == NULL || num <= 0 || num > 256 || num > *npalette) 5101 png_error(pp, "validate: unexpected png_get_tRNS (palette) result"); 5102 5103 for (i=0; i<num; ++i) 5104 palette[i].alpha = trans_alpha[i]; 5105 5106 for (num=*npalette; i<num; ++i) 5107 palette[i].alpha = 255; 5108 5109 for (; i<256; ++i) 5110 palette[i].alpha = 33; /* flag value */ 5111 5112 return 1; /* transparency */ 5113 } 5114 5115 else 5116 { 5117 /* No palette transparency - just set the alpha channel to opaque. */ 5118 int i; 5119 5120 for (i=0, num=*npalette; i<num; ++i) 5121 palette[i].alpha = 255; 5122 5123 for (; i<256; ++i) 5124 palette[i].alpha = 55; /* flag value */ 5125 5126 return 0; /* no transparency */ 5127 } 5128 } 5129 5130 /* Utility to validate the palette if it should not have changed (the 5131 * non-transform case). 5132 */ 5133 static void 5134 standard_palette_validate(standard_display *dp, png_const_structp pp, 5135 png_infop pi) 5136 { 5137 int npalette; 5138 store_palette palette; 5139 5140 if (read_palette(palette, &npalette, pp, pi) != dp->is_transparent) 5141 png_error(pp, "validate: palette transparency changed"); 5142 5143 if (npalette != dp->npalette) 5144 { 5145 size_t pos = 0; 5146 char msg[64]; 5147 5148 pos = safecat(msg, sizeof msg, pos, "validate: palette size changed: "); 5149 pos = safecatn(msg, sizeof msg, pos, dp->npalette); 5150 pos = safecat(msg, sizeof msg, pos, " -> "); 5151 pos = safecatn(msg, sizeof msg, pos, npalette); 5152 png_error(pp, msg); 5153 } 5154 5155 { 5156 int i = npalette; /* npalette is aliased */ 5157 5158 while (--i >= 0) 5159 if (palette[i].red != dp->palette[i].red || 5160 palette[i].green != dp->palette[i].green || 5161 palette[i].blue != dp->palette[i].blue || 5162 palette[i].alpha != dp->palette[i].alpha) 5163 png_error(pp, "validate: PLTE or tRNS chunk changed"); 5164 } 5165 } 5166 5167 /* By passing a 'standard_display' the progressive callbacks can be used 5168 * directly by the sequential code, the functions suffixed "_imp" are the 5169 * implementations, the functions without the suffix are the callbacks. 5170 * 5171 * The code for the info callback is split into two because this callback calls 5172 * png_read_update_info or png_start_read_image and what gets called depends on 5173 * whether the info needs updating (we want to test both calls in pngvalid.) 5174 */ 5175 static void 5176 standard_info_part1(standard_display *dp, png_structp pp, png_infop pi) 5177 { 5178 if (png_get_bit_depth(pp, pi) != dp->bit_depth) 5179 png_error(pp, "validate: bit depth changed"); 5180 5181 if (png_get_color_type(pp, pi) != dp->colour_type) 5182 png_error(pp, "validate: color type changed"); 5183 5184 if (png_get_filter_type(pp, pi) != PNG_FILTER_TYPE_BASE) 5185 png_error(pp, "validate: filter type changed"); 5186 5187 if (png_get_interlace_type(pp, pi) != dp->interlace_type) 5188 png_error(pp, "validate: interlacing changed"); 5189 5190 if (png_get_compression_type(pp, pi) != PNG_COMPRESSION_TYPE_BASE) 5191 png_error(pp, "validate: compression type changed"); 5192 5193 dp->w = png_get_image_width(pp, pi); 5194 5195 if (dp->w != standard_width(pp, dp->id)) 5196 png_error(pp, "validate: image width changed"); 5197 5198 dp->h = png_get_image_height(pp, pi); 5199 5200 if (dp->h != standard_height(pp, dp->id)) 5201 png_error(pp, "validate: image height changed"); 5202 5203 /* Record (but don't check at present) the input sBIT according to the colour 5204 * type information. 5205 */ 5206 { 5207 png_color_8p sBIT = 0; 5208 5209 if (png_get_sBIT(pp, pi, &sBIT) & PNG_INFO_sBIT) 5210 { 5211 int sBIT_invalid = 0; 5212 5213 if (sBIT == 0) 5214 png_error(pp, "validate: unexpected png_get_sBIT result"); 5215 5216 if (dp->colour_type & PNG_COLOR_MASK_COLOR) 5217 { 5218 if (sBIT->red == 0 || sBIT->red > dp->bit_depth) 5219 sBIT_invalid = 1; 5220 else 5221 dp->red_sBIT = sBIT->red; 5222 5223 if (sBIT->green == 0 || sBIT->green > dp->bit_depth) 5224 sBIT_invalid = 1; 5225 else 5226 dp->green_sBIT = sBIT->green; 5227 5228 if (sBIT->blue == 0 || sBIT->blue > dp->bit_depth) 5229 sBIT_invalid = 1; 5230 else 5231 dp->blue_sBIT = sBIT->blue; 5232 } 5233 5234 else /* !COLOR */ 5235 { 5236 if (sBIT->gray == 0 || sBIT->gray > dp->bit_depth) 5237 sBIT_invalid = 1; 5238 else 5239 dp->blue_sBIT = dp->green_sBIT = dp->red_sBIT = sBIT->gray; 5240 } 5241 5242 /* All 8 bits in tRNS for a palette image are significant - see the 5243 * spec. 5244 */ 5245 if (dp->colour_type & PNG_COLOR_MASK_ALPHA) 5246 { 5247 if (sBIT->alpha == 0 || sBIT->alpha > dp->bit_depth) 5248 sBIT_invalid = 1; 5249 else 5250 dp->alpha_sBIT = sBIT->alpha; 5251 } 5252 5253 if (sBIT_invalid) 5254 png_error(pp, "validate: sBIT value out of range"); 5255 } 5256 } 5257 5258 /* Important: this is validating the value *before* any transforms have been 5259 * put in place. It doesn't matter for the standard tests, where there are 5260 * no transforms, but it does for other tests where rowbytes may change after 5261 * png_read_update_info. 5262 */ 5263 if (png_get_rowbytes(pp, pi) != standard_rowsize(pp, dp->id)) 5264 png_error(pp, "validate: row size changed"); 5265 5266 /* Validate the colour type 3 palette (this can be present on other color 5267 * types.) 5268 */ 5269 standard_palette_validate(dp, pp, pi); 5270 5271 /* In any case always check for a tranparent color (notice that the 5272 * colour type 3 case must not give a successful return on the get_tRNS call 5273 * with these arguments!) 5274 */ 5275 { 5276 png_color_16p trans_color = 0; 5277 5278 if (png_get_tRNS(pp, pi, 0, 0, &trans_color) & PNG_INFO_tRNS) 5279 { 5280 if (trans_color == 0) 5281 png_error(pp, "validate: unexpected png_get_tRNS (color) result"); 5282 5283 switch (dp->colour_type) 5284 { 5285 case 0: 5286 dp->transparent.red = dp->transparent.green = dp->transparent.blue = 5287 trans_color->gray; 5288 dp->has_tRNS = 1; 5289 break; 5290 5291 case 2: 5292 dp->transparent.red = trans_color->red; 5293 dp->transparent.green = trans_color->green; 5294 dp->transparent.blue = trans_color->blue; 5295 dp->has_tRNS = 1; 5296 break; 5297 5298 case 3: 5299 /* Not expected because it should result in the array case 5300 * above. 5301 */ 5302 png_error(pp, "validate: unexpected png_get_tRNS result"); 5303 break; 5304 5305 default: 5306 png_error(pp, "validate: invalid tRNS chunk with alpha image"); 5307 } 5308 } 5309 } 5310 5311 /* Read the number of passes - expected to match the value used when 5312 * creating the image (interlaced or not). This has the side effect of 5313 * turning on interlace handling (if do_interlace is not set.) 5314 */ 5315 dp->npasses = npasses_from_interlace_type(pp, dp->interlace_type); 5316 if (!dp->do_interlace) 5317 { 5318 # ifdef PNG_READ_INTERLACING_SUPPORTED 5319 if (dp->npasses != png_set_interlace_handling(pp)) 5320 png_error(pp, "validate: file changed interlace type"); 5321 # else /* !READ_INTERLACING */ 5322 /* This should never happen: the relevant tests (!do_interlace) should 5323 * not be run. 5324 */ 5325 if (dp->npasses > 1) 5326 png_error(pp, "validate: no libpng interlace support"); 5327 # endif /* !READ_INTERLACING */ 5328 } 5329 5330 /* Caller calls png_read_update_info or png_start_read_image now, then calls 5331 * part2. 5332 */ 5333 } 5334 5335 /* This must be called *after* the png_read_update_info call to get the correct 5336 * 'rowbytes' value, otherwise png_get_rowbytes will refer to the untransformed 5337 * image. 5338 */ 5339 static void 5340 standard_info_part2(standard_display *dp, png_const_structp pp, 5341 png_const_infop pi, int nImages) 5342 { 5343 /* Record cbRow now that it can be found. */ 5344 { 5345 png_byte ct = png_get_color_type(pp, pi); 5346 png_byte bd = png_get_bit_depth(pp, pi); 5347 5348 if (bd >= 8 && (ct == PNG_COLOR_TYPE_RGB || ct == PNG_COLOR_TYPE_GRAY) && 5349 dp->filler) 5350 ct |= 4; /* handle filler as faked alpha channel */ 5351 5352 dp->pixel_size = bit_size(pp, ct, bd); 5353 } 5354 dp->bit_width = png_get_image_width(pp, pi) * dp->pixel_size; 5355 dp->cbRow = png_get_rowbytes(pp, pi); 5356 5357 /* Validate the rowbytes here again. */ 5358 if (dp->cbRow != (dp->bit_width+7)/8) 5359 png_error(pp, "bad png_get_rowbytes calculation"); 5360 5361 /* Then ensure there is enough space for the output image(s). */ 5362 store_ensure_image(dp->ps, pp, nImages, dp->cbRow, dp->h); 5363 } 5364 5365 static void 5366 standard_info_imp(standard_display *dp, png_structp pp, png_infop pi, 5367 int nImages) 5368 { 5369 /* Note that the validation routine has the side effect of turning on 5370 * interlace handling in the subsequent code. 5371 */ 5372 standard_info_part1(dp, pp, pi); 5373 5374 /* And the info callback has to call this (or png_read_update_info - see 5375 * below in the png_modifier code for that variant. 5376 */ 5377 if (dp->use_update_info) 5378 { 5379 /* For debugging the effect of multiple calls: */ 5380 int i = dp->use_update_info; 5381 while (i-- > 0) 5382 png_read_update_info(pp, pi); 5383 } 5384 5385 else 5386 png_start_read_image(pp); 5387 5388 /* Validate the height, width and rowbytes plus ensure that sufficient buffer 5389 * exists for decoding the image. 5390 */ 5391 standard_info_part2(dp, pp, pi, nImages); 5392 } 5393 5394 static void PNGCBAPI 5395 standard_info(png_structp pp, png_infop pi) 5396 { 5397 standard_display *dp = voidcast(standard_display*, 5398 png_get_progressive_ptr(pp)); 5399 5400 /* Call with nImages==1 because the progressive reader can only produce one 5401 * image. 5402 */ 5403 standard_info_imp(dp, pp, pi, 1 /*only one image*/); 5404 } 5405 5406 static void PNGCBAPI 5407 progressive_row(png_structp ppIn, png_bytep new_row, png_uint_32 y, int pass) 5408 { 5409 png_const_structp pp = ppIn; 5410 const standard_display *dp = voidcast(standard_display*, 5411 png_get_progressive_ptr(pp)); 5412 5413 /* When handling interlacing some rows will be absent in each pass, the 5414 * callback still gets called, but with a NULL pointer. This is checked 5415 * in the 'else' clause below. We need our own 'cbRow', but we can't call 5416 * png_get_rowbytes because we got no info structure. 5417 */ 5418 if (new_row != NULL) 5419 { 5420 png_bytep row; 5421 5422 /* In the case where the reader doesn't do the interlace it gives 5423 * us the y in the sub-image: 5424 */ 5425 if (dp->do_interlace && dp->interlace_type == PNG_INTERLACE_ADAM7) 5426 { 5427 #ifdef PNG_USER_TRANSFORM_INFO_SUPPORTED 5428 /* Use this opportunity to validate the png 'current' APIs: */ 5429 if (y != png_get_current_row_number(pp)) 5430 png_error(pp, "png_get_current_row_number is broken"); 5431 5432 if (pass != png_get_current_pass_number(pp)) 5433 png_error(pp, "png_get_current_pass_number is broken"); 5434 #endif /* USER_TRANSFORM_INFO */ 5435 5436 y = PNG_ROW_FROM_PASS_ROW(y, pass); 5437 } 5438 5439 /* Validate this just in case. */ 5440 if (y >= dp->h) 5441 png_error(pp, "invalid y to progressive row callback"); 5442 5443 row = store_image_row(dp->ps, pp, 0, y); 5444 5445 /* Combine the new row into the old: */ 5446 #ifdef PNG_READ_INTERLACING_SUPPORTED 5447 if (dp->do_interlace) 5448 #endif /* READ_INTERLACING */ 5449 { 5450 if (dp->interlace_type == PNG_INTERLACE_ADAM7) 5451 deinterlace_row(row, new_row, dp->pixel_size, dp->w, pass, 5452 dp->littleendian); 5453 else 5454 row_copy(row, new_row, dp->pixel_size * dp->w, dp->littleendian); 5455 } 5456 #ifdef PNG_READ_INTERLACING_SUPPORTED 5457 else 5458 png_progressive_combine_row(pp, row, new_row); 5459 #endif /* PNG_READ_INTERLACING_SUPPORTED */ 5460 } 5461 5462 else if (dp->interlace_type == PNG_INTERLACE_ADAM7 && 5463 PNG_ROW_IN_INTERLACE_PASS(y, pass) && 5464 PNG_PASS_COLS(dp->w, pass) > 0) 5465 png_error(pp, "missing row in progressive de-interlacing"); 5466 } 5467 5468 static void 5469 sequential_row(standard_display *dp, png_structp pp, png_infop pi, 5470 const int iImage, const int iDisplay) 5471 { 5472 const int npasses = dp->npasses; 5473 const int do_interlace = dp->do_interlace && 5474 dp->interlace_type == PNG_INTERLACE_ADAM7; 5475 const png_uint_32 height = standard_height(pp, dp->id); 5476 const png_uint_32 width = standard_width(pp, dp->id); 5477 const png_store* ps = dp->ps; 5478 int pass; 5479 5480 for (pass=0; pass<npasses; ++pass) 5481 { 5482 png_uint_32 y; 5483 png_uint_32 wPass = PNG_PASS_COLS(width, pass); 5484 5485 for (y=0; y<height; ++y) 5486 { 5487 if (do_interlace) 5488 { 5489 /* wPass may be zero or this row may not be in this pass. 5490 * png_read_row must not be called in either case. 5491 */ 5492 if (wPass > 0 && PNG_ROW_IN_INTERLACE_PASS(y, pass)) 5493 { 5494 /* Read the row into a pair of temporary buffers, then do the 5495 * merge here into the output rows. 5496 */ 5497 png_byte row[STANDARD_ROWMAX], display[STANDARD_ROWMAX]; 5498 5499 /* The following aids (to some extent) error detection - we can 5500 * see where png_read_row wrote. Use opposite values in row and 5501 * display to make this easier. Don't use 0xff (which is used in 5502 * the image write code to fill unused bits) or 0 (which is a 5503 * likely value to overwrite unused bits with). 5504 */ 5505 memset(row, 0xc5, sizeof row); 5506 memset(display, 0x5c, sizeof display); 5507 5508 png_read_row(pp, row, display); 5509 5510 if (iImage >= 0) 5511 deinterlace_row(store_image_row(ps, pp, iImage, y), row, 5512 dp->pixel_size, dp->w, pass, dp->littleendian); 5513 5514 if (iDisplay >= 0) 5515 deinterlace_row(store_image_row(ps, pp, iDisplay, y), display, 5516 dp->pixel_size, dp->w, pass, dp->littleendian); 5517 } 5518 } 5519 else 5520 png_read_row(pp, 5521 iImage >= 0 ? store_image_row(ps, pp, iImage, y) : NULL, 5522 iDisplay >= 0 ? store_image_row(ps, pp, iDisplay, y) : NULL); 5523 } 5524 } 5525 5526 /* And finish the read operation (only really necessary if the caller wants 5527 * to find additional data in png_info from chunks after the last IDAT.) 5528 */ 5529 png_read_end(pp, pi); 5530 } 5531 5532 #ifdef PNG_TEXT_SUPPORTED 5533 static void 5534 standard_check_text(png_const_structp pp, png_const_textp tp, 5535 png_const_charp keyword, png_const_charp text) 5536 { 5537 char msg[1024]; 5538 size_t pos = safecat(msg, sizeof msg, 0, "text: "); 5539 size_t ok; 5540 5541 pos = safecat(msg, sizeof msg, pos, keyword); 5542 pos = safecat(msg, sizeof msg, pos, ": "); 5543 ok = pos; 5544 5545 if (tp->compression != TEXT_COMPRESSION) 5546 { 5547 char buf[64]; 5548 5549 sprintf(buf, "compression [%d->%d], ", TEXT_COMPRESSION, 5550 tp->compression); 5551 pos = safecat(msg, sizeof msg, pos, buf); 5552 } 5553 5554 if (tp->key == NULL || strcmp(tp->key, keyword) != 0) 5555 { 5556 pos = safecat(msg, sizeof msg, pos, "keyword \""); 5557 if (tp->key != NULL) 5558 { 5559 pos = safecat(msg, sizeof msg, pos, tp->key); 5560 pos = safecat(msg, sizeof msg, pos, "\", "); 5561 } 5562 5563 else 5564 pos = safecat(msg, sizeof msg, pos, "null, "); 5565 } 5566 5567 if (tp->text == NULL) 5568 pos = safecat(msg, sizeof msg, pos, "text lost, "); 5569 5570 else 5571 { 5572 if (tp->text_length != strlen(text)) 5573 { 5574 char buf[64]; 5575 sprintf(buf, "text length changed[%lu->%lu], ", 5576 (unsigned long)strlen(text), (unsigned long)tp->text_length); 5577 pos = safecat(msg, sizeof msg, pos, buf); 5578 } 5579 5580 if (strcmp(tp->text, text) != 0) 5581 { 5582 pos = safecat(msg, sizeof msg, pos, "text becomes \""); 5583 pos = safecat(msg, sizeof msg, pos, tp->text); 5584 pos = safecat(msg, sizeof msg, pos, "\" (was \""); 5585 pos = safecat(msg, sizeof msg, pos, text); 5586 pos = safecat(msg, sizeof msg, pos, "\"), "); 5587 } 5588 } 5589 5590 if (tp->itxt_length != 0) 5591 pos = safecat(msg, sizeof msg, pos, "iTXt length set, "); 5592 5593 if (tp->lang != NULL) 5594 { 5595 pos = safecat(msg, sizeof msg, pos, "iTXt language \""); 5596 pos = safecat(msg, sizeof msg, pos, tp->lang); 5597 pos = safecat(msg, sizeof msg, pos, "\", "); 5598 } 5599 5600 if (tp->lang_key != NULL) 5601 { 5602 pos = safecat(msg, sizeof msg, pos, "iTXt keyword \""); 5603 pos = safecat(msg, sizeof msg, pos, tp->lang_key); 5604 pos = safecat(msg, sizeof msg, pos, "\", "); 5605 } 5606 5607 if (pos > ok) 5608 { 5609 msg[pos-2] = '\0'; /* Remove the ", " at the end */ 5610 png_error(pp, msg); 5611 } 5612 } 5613 5614 static void 5615 standard_text_validate(standard_display *dp, png_const_structp pp, 5616 png_infop pi, int check_end) 5617 { 5618 png_textp tp = NULL; 5619 png_uint_32 num_text = png_get_text(pp, pi, &tp, NULL); 5620 5621 if (num_text == 2 && tp != NULL) 5622 { 5623 standard_check_text(pp, tp, "image name", dp->ps->current->name); 5624 5625 /* This exists because prior to 1.5.18 the progressive reader left the 5626 * png_struct z_stream unreset at the end of the image, so subsequent 5627 * attempts to use it simply returns Z_STREAM_END. 5628 */ 5629 if (check_end) 5630 standard_check_text(pp, tp+1, "end marker", "end"); 5631 } 5632 5633 else 5634 { 5635 char msg[64]; 5636 5637 sprintf(msg, "expected two text items, got %lu", 5638 (unsigned long)num_text); 5639 png_error(pp, msg); 5640 } 5641 } 5642 #else 5643 # define standard_text_validate(dp,pp,pi,check_end) ((void)0) 5644 #endif 5645 5646 static void 5647 standard_row_validate(standard_display *dp, png_const_structp pp, 5648 int iImage, int iDisplay, png_uint_32 y) 5649 { 5650 int where; 5651 png_byte std[STANDARD_ROWMAX]; 5652 5653 /* The row must be pre-initialized to the magic number here for the size 5654 * tests to pass: 5655 */ 5656 memset(std, 178, sizeof std); 5657 standard_row(pp, std, dp->id, y); 5658 5659 /* At the end both the 'row' and 'display' arrays should end up identical. 5660 * In earlier passes 'row' will be partially filled in, with only the pixels 5661 * that have been read so far, but 'display' will have those pixels 5662 * replicated to fill the unread pixels while reading an interlaced image. 5663 */ 5664 if (iImage >= 0 && 5665 (where = pixel_cmp(std, store_image_row(dp->ps, pp, iImage, y), 5666 dp->bit_width)) != 0) 5667 { 5668 char msg[64]; 5669 sprintf(msg, "PNG image row[%lu][%d] changed from %.2x to %.2x", 5670 (unsigned long)y, where-1, std[where-1], 5671 store_image_row(dp->ps, pp, iImage, y)[where-1]); 5672 png_error(pp, msg); 5673 } 5674 5675 if (iDisplay >= 0 && 5676 (where = pixel_cmp(std, store_image_row(dp->ps, pp, iDisplay, y), 5677 dp->bit_width)) != 0) 5678 { 5679 char msg[64]; 5680 sprintf(msg, "display row[%lu][%d] changed from %.2x to %.2x", 5681 (unsigned long)y, where-1, std[where-1], 5682 store_image_row(dp->ps, pp, iDisplay, y)[where-1]); 5683 png_error(pp, msg); 5684 } 5685 } 5686 5687 static void 5688 standard_image_validate(standard_display *dp, png_const_structp pp, int iImage, 5689 int iDisplay) 5690 { 5691 png_uint_32 y; 5692 5693 if (iImage >= 0) 5694 store_image_check(dp->ps, pp, iImage); 5695 5696 if (iDisplay >= 0) 5697 store_image_check(dp->ps, pp, iDisplay); 5698 5699 for (y=0; y<dp->h; ++y) 5700 standard_row_validate(dp, pp, iImage, iDisplay, y); 5701 5702 /* This avoids false positives if the validation code is never called! */ 5703 dp->ps->validated = 1; 5704 } 5705 5706 static void PNGCBAPI 5707 standard_end(png_structp ppIn, png_infop pi) 5708 { 5709 png_const_structp pp = ppIn; 5710 standard_display *dp = voidcast(standard_display*, 5711 png_get_progressive_ptr(pp)); 5712 5713 UNUSED(pi) 5714 5715 /* Validate the image - progressive reading only produces one variant for 5716 * interlaced images. 5717 */ 5718 standard_text_validate(dp, pp, pi, 5719 PNG_LIBPNG_VER >= 10518/*check_end: see comments above*/); 5720 standard_image_validate(dp, pp, 0, -1); 5721 } 5722 5723 /* A single test run checking the standard image to ensure it is not damaged. */ 5724 static void 5725 standard_test(png_store* const psIn, png_uint_32 const id, 5726 int do_interlace, int use_update_info) 5727 { 5728 standard_display d; 5729 context(psIn, fault); 5730 5731 /* Set up the display (stack frame) variables from the arguments to the 5732 * function and initialize the locals that are filled in later. 5733 */ 5734 standard_display_init(&d, psIn, id, do_interlace, use_update_info); 5735 5736 /* Everything is protected by a Try/Catch. The functions called also 5737 * typically have local Try/Catch blocks. 5738 */ 5739 Try 5740 { 5741 png_structp pp; 5742 png_infop pi; 5743 5744 /* Get a png_struct for reading the image. This will throw an error if it 5745 * fails, so we don't need to check the result. 5746 */ 5747 pp = set_store_for_read(d.ps, &pi, d.id, 5748 d.do_interlace ? (d.ps->progressive ? 5749 "pngvalid progressive deinterlacer" : 5750 "pngvalid sequential deinterlacer") : (d.ps->progressive ? 5751 "progressive reader" : "sequential reader")); 5752 5753 /* Initialize the palette correctly from the png_store_file. */ 5754 standard_palette_init(&d); 5755 5756 /* Introduce the correct read function. */ 5757 if (d.ps->progressive) 5758 { 5759 png_set_progressive_read_fn(pp, &d, standard_info, progressive_row, 5760 standard_end); 5761 5762 /* Now feed data into the reader until we reach the end: */ 5763 store_progressive_read(d.ps, pp, pi); 5764 } 5765 else 5766 { 5767 /* Note that this takes the store, not the display. */ 5768 png_set_read_fn(pp, d.ps, store_read); 5769 5770 /* Check the header values: */ 5771 png_read_info(pp, pi); 5772 5773 /* The code tests both versions of the images that the sequential 5774 * reader can produce. 5775 */ 5776 standard_info_imp(&d, pp, pi, 2 /*images*/); 5777 5778 /* Need the total bytes in the image below; we can't get to this point 5779 * unless the PNG file values have been checked against the expected 5780 * values. 5781 */ 5782 { 5783 sequential_row(&d, pp, pi, 0, 1); 5784 5785 /* After the last pass loop over the rows again to check that the 5786 * image is correct. 5787 */ 5788 if (!d.speed) 5789 { 5790 standard_text_validate(&d, pp, pi, 1/*check_end*/); 5791 standard_image_validate(&d, pp, 0, 1); 5792 } 5793 else 5794 d.ps->validated = 1; 5795 } 5796 } 5797 5798 /* Check for validation. */ 5799 if (!d.ps->validated) 5800 png_error(pp, "image read failed silently"); 5801 5802 /* Successful completion. */ 5803 } 5804 5805 Catch(fault) 5806 d.ps = fault; /* make sure this hasn't been clobbered. */ 5807 5808 /* In either case clean up the store. */ 5809 store_read_reset(d.ps); 5810 } 5811 5812 static int 5813 test_standard(png_modifier* const pm, png_byte const colour_type, 5814 int bdlo, int const bdhi) 5815 { 5816 for (; bdlo <= bdhi; ++bdlo) 5817 { 5818 int interlace_type; 5819 5820 for (interlace_type = PNG_INTERLACE_NONE; 5821 interlace_type < INTERLACE_LAST; ++interlace_type) 5822 { 5823 standard_test(&pm->this, FILEID(colour_type, DEPTH(bdlo), 0/*palette*/, 5824 interlace_type, 0, 0, 0), do_read_interlace, pm->use_update_info); 5825 5826 if (fail(pm)) 5827 return 0; 5828 } 5829 } 5830 5831 return 1; /* keep going */ 5832 } 5833 5834 static void 5835 perform_standard_test(png_modifier *pm) 5836 { 5837 /* Test each colour type over the valid range of bit depths (expressed as 5838 * log2(bit_depth) in turn, stop as soon as any error is detected. 5839 */ 5840 if (!test_standard(pm, 0, 0, READ_BDHI)) 5841 return; 5842 5843 if (!test_standard(pm, 2, 3, READ_BDHI)) 5844 return; 5845 5846 if (!test_standard(pm, 3, 0, 3)) 5847 return; 5848 5849 if (!test_standard(pm, 4, 3, READ_BDHI)) 5850 return; 5851 5852 if (!test_standard(pm, 6, 3, READ_BDHI)) 5853 return; 5854 } 5855 5856 5857 /********************************** SIZE TESTS ********************************/ 5858 static int 5859 test_size(png_modifier* const pm, png_byte const colour_type, 5860 int bdlo, int const bdhi) 5861 { 5862 /* Run the tests on each combination. 5863 * 5864 * NOTE: on my 32 bit x86 each of the following blocks takes 5865 * a total of 3.5 seconds if done across every combo of bit depth 5866 * width and height. This is a waste of time in practice, hence the 5867 * hinc and winc stuff: 5868 */ 5869 static const png_byte hinc[] = {1, 3, 11, 1, 5}; 5870 static const png_byte winc[] = {1, 9, 5, 7, 1}; 5871 const int save_bdlo = bdlo; 5872 5873 for (; bdlo <= bdhi; ++bdlo) 5874 { 5875 png_uint_32 h, w; 5876 5877 for (h=1; h<=16; h+=hinc[bdlo]) for (w=1; w<=16; w+=winc[bdlo]) 5878 { 5879 /* First test all the 'size' images against the sequential 5880 * reader using libpng to deinterlace (where required.) This 5881 * validates the write side of libpng. There are four possibilities 5882 * to validate. 5883 */ 5884 standard_test(&pm->this, FILEID(colour_type, DEPTH(bdlo), 0/*palette*/, 5885 PNG_INTERLACE_NONE, w, h, 0), 0/*do_interlace*/, 5886 pm->use_update_info); 5887 5888 if (fail(pm)) 5889 return 0; 5890 5891 standard_test(&pm->this, FILEID(colour_type, DEPTH(bdlo), 0/*palette*/, 5892 PNG_INTERLACE_NONE, w, h, 1), 0/*do_interlace*/, 5893 pm->use_update_info); 5894 5895 if (fail(pm)) 5896 return 0; 5897 5898 /* Now validate the interlaced read side - do_interlace true, 5899 * in the progressive case this does actually make a difference 5900 * to the code used in the non-interlaced case too. 5901 */ 5902 standard_test(&pm->this, FILEID(colour_type, DEPTH(bdlo), 0/*palette*/, 5903 PNG_INTERLACE_NONE, w, h, 0), 1/*do_interlace*/, 5904 pm->use_update_info); 5905 5906 if (fail(pm)) 5907 return 0; 5908 5909 # if CAN_WRITE_INTERLACE 5910 /* Validate the pngvalid code itself: */ 5911 standard_test(&pm->this, FILEID(colour_type, DEPTH(bdlo), 0/*palette*/, 5912 PNG_INTERLACE_ADAM7, w, h, 1), 1/*do_interlace*/, 5913 pm->use_update_info); 5914 5915 if (fail(pm)) 5916 return 0; 5917 # endif 5918 } 5919 } 5920 5921 /* Now do the tests of libpng interlace handling, after we have made sure 5922 * that the pngvalid version works: 5923 */ 5924 for (bdlo = save_bdlo; bdlo <= bdhi; ++bdlo) 5925 { 5926 png_uint_32 h, w; 5927 5928 for (h=1; h<=16; h+=hinc[bdlo]) for (w=1; w<=16; w+=winc[bdlo]) 5929 { 5930 # ifdef PNG_READ_INTERLACING_SUPPORTED 5931 /* Test with pngvalid generated interlaced images first; we have 5932 * already verify these are ok (unless pngvalid has self-consistent 5933 * read/write errors, which is unlikely), so this detects errors in the 5934 * read side first: 5935 */ 5936 # if CAN_WRITE_INTERLACE 5937 standard_test(&pm->this, FILEID(colour_type, DEPTH(bdlo), 0/*palette*/, 5938 PNG_INTERLACE_ADAM7, w, h, 1), 0/*do_interlace*/, 5939 pm->use_update_info); 5940 5941 if (fail(pm)) 5942 return 0; 5943 # endif 5944 # endif /* READ_INTERLACING */ 5945 5946 # ifdef PNG_WRITE_INTERLACING_SUPPORTED 5947 /* Test the libpng write side against the pngvalid read side: */ 5948 standard_test(&pm->this, FILEID(colour_type, DEPTH(bdlo), 0/*palette*/, 5949 PNG_INTERLACE_ADAM7, w, h, 0), 1/*do_interlace*/, 5950 pm->use_update_info); 5951 5952 if (fail(pm)) 5953 return 0; 5954 # endif 5955 5956 # ifdef PNG_READ_INTERLACING_SUPPORTED 5957 # ifdef PNG_WRITE_INTERLACING_SUPPORTED 5958 /* Test both together: */ 5959 standard_test(&pm->this, FILEID(colour_type, DEPTH(bdlo), 0/*palette*/, 5960 PNG_INTERLACE_ADAM7, w, h, 0), 0/*do_interlace*/, 5961 pm->use_update_info); 5962 5963 if (fail(pm)) 5964 return 0; 5965 # endif 5966 # endif /* READ_INTERLACING */ 5967 } 5968 } 5969 5970 return 1; /* keep going */ 5971 } 5972 5973 static void 5974 perform_size_test(png_modifier *pm) 5975 { 5976 /* Test each colour type over the valid range of bit depths (expressed as 5977 * log2(bit_depth) in turn, stop as soon as any error is detected. 5978 */ 5979 if (!test_size(pm, 0, 0, READ_BDHI)) 5980 return; 5981 5982 if (!test_size(pm, 2, 3, READ_BDHI)) 5983 return; 5984 5985 /* For the moment don't do the palette test - it's a waste of time when 5986 * compared to the grayscale test. 5987 */ 5988 #if 0 5989 if (!test_size(pm, 3, 0, 3)) 5990 return; 5991 #endif 5992 5993 if (!test_size(pm, 4, 3, READ_BDHI)) 5994 return; 5995 5996 if (!test_size(pm, 6, 3, READ_BDHI)) 5997 return; 5998 } 5999 6000 6001 /******************************* TRANSFORM TESTS ******************************/ 6002 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 6003 /* A set of tests to validate libpng image transforms. The possibilities here 6004 * are legion because the transforms can be combined in a combinatorial 6005 * fashion. To deal with this some measure of restraint is required, otherwise 6006 * the tests would take forever. 6007 */ 6008 typedef struct image_pixel 6009 { 6010 /* A local (pngvalid) representation of a PNG pixel, in all its 6011 * various forms. 6012 */ 6013 unsigned int red, green, blue, alpha; /* For non-palette images. */ 6014 unsigned int palette_index; /* For a palette image. */ 6015 png_byte colour_type; /* As in the spec. */ 6016 png_byte bit_depth; /* Defines bit size in row */ 6017 png_byte sample_depth; /* Scale of samples */ 6018 unsigned int have_tRNS :1; /* tRNS chunk may need processing */ 6019 unsigned int swap_rgb :1; /* RGB swapped to BGR */ 6020 unsigned int alpha_first :1; /* Alpha at start, not end */ 6021 unsigned int alpha_inverted :1; /* Alpha channel inverted */ 6022 unsigned int mono_inverted :1; /* Gray channel inverted */ 6023 unsigned int swap16 :1; /* Byte swap 16-bit components */ 6024 unsigned int littleendian :1; /* High bits on right */ 6025 unsigned int sig_bits :1; /* Pixel shifted (sig bits only) */ 6026 6027 /* For checking the code calculates double precision floating point values 6028 * along with an error value, accumulated from the transforms. Because an 6029 * sBIT setting allows larger error bounds (indeed, by the spec, apparently 6030 * up to just less than +/-1 in the scaled value) the *lowest* sBIT for each 6031 * channel is stored. This sBIT value is folded in to the stored error value 6032 * at the end of the application of the transforms to the pixel. 6033 * 6034 * If sig_bits is set above the red, green, blue and alpha values have been 6035 * scaled so they only contain the significant bits of the component values. 6036 */ 6037 double redf, greenf, bluef, alphaf; 6038 double rede, greene, bluee, alphae; 6039 png_byte red_sBIT, green_sBIT, blue_sBIT, alpha_sBIT; 6040 } image_pixel; 6041 6042 /* Shared utility function, see below. */ 6043 static void 6044 image_pixel_setf(image_pixel *this, unsigned int rMax, unsigned int gMax, 6045 unsigned int bMax, unsigned int aMax) 6046 { 6047 this->redf = this->red / (double)rMax; 6048 this->greenf = this->green / (double)gMax; 6049 this->bluef = this->blue / (double)bMax; 6050 this->alphaf = this->alpha / (double)aMax; 6051 6052 if (this->red < rMax) 6053 this->rede = this->redf * DBL_EPSILON; 6054 else 6055 this->rede = 0; 6056 if (this->green < gMax) 6057 this->greene = this->greenf * DBL_EPSILON; 6058 else 6059 this->greene = 0; 6060 if (this->blue < bMax) 6061 this->bluee = this->bluef * DBL_EPSILON; 6062 else 6063 this->bluee = 0; 6064 if (this->alpha < aMax) 6065 this->alphae = this->alphaf * DBL_EPSILON; 6066 else 6067 this->alphae = 0; 6068 } 6069 6070 /* Initialize the structure for the next pixel - call this before doing any 6071 * transforms and call it for each pixel since all the fields may need to be 6072 * reset. 6073 */ 6074 static void 6075 image_pixel_init(image_pixel *this, png_const_bytep row, png_byte colour_type, 6076 png_byte bit_depth, png_uint_32 x, store_palette palette, 6077 const image_pixel *format /*from pngvalid transform of input*/) 6078 { 6079 const png_byte sample_depth = (png_byte)(colour_type == 6080 PNG_COLOR_TYPE_PALETTE ? 8 : bit_depth); 6081 const unsigned int max = (1U<<sample_depth)-1; 6082 const int swap16 = (format != 0 && format->swap16); 6083 const int littleendian = (format != 0 && format->littleendian); 6084 const int sig_bits = (format != 0 && format->sig_bits); 6085 6086 /* Initially just set everything to the same number and the alpha to opaque. 6087 * Note that this currently assumes a simple palette where entry x has colour 6088 * rgb(x,x,x)! 6089 */ 6090 this->palette_index = this->red = this->green = this->blue = 6091 sample(row, colour_type, bit_depth, x, 0, swap16, littleendian); 6092 this->alpha = max; 6093 this->red_sBIT = this->green_sBIT = this->blue_sBIT = this->alpha_sBIT = 6094 sample_depth; 6095 6096 /* Then override as appropriate: */ 6097 if (colour_type == 3) /* palette */ 6098 { 6099 /* This permits the caller to default to the sample value. */ 6100 if (palette != 0) 6101 { 6102 const unsigned int i = this->palette_index; 6103 6104 this->red = palette[i].red; 6105 this->green = palette[i].green; 6106 this->blue = palette[i].blue; 6107 this->alpha = palette[i].alpha; 6108 } 6109 } 6110 6111 else /* not palette */ 6112 { 6113 unsigned int i = 0; 6114 6115 if ((colour_type & 4) != 0 && format != 0 && format->alpha_first) 6116 { 6117 this->alpha = this->red; 6118 /* This handles the gray case for 'AG' pixels */ 6119 this->palette_index = this->red = this->green = this->blue = 6120 sample(row, colour_type, bit_depth, x, 1, swap16, littleendian); 6121 i = 1; 6122 } 6123 6124 if (colour_type & 2) 6125 { 6126 /* Green is second for both BGR and RGB: */ 6127 this->green = sample(row, colour_type, bit_depth, x, ++i, swap16, 6128 littleendian); 6129 6130 if (format != 0 && format->swap_rgb) /* BGR */ 6131 this->red = sample(row, colour_type, bit_depth, x, ++i, swap16, 6132 littleendian); 6133 else 6134 this->blue = sample(row, colour_type, bit_depth, x, ++i, swap16, 6135 littleendian); 6136 } 6137 6138 else /* grayscale */ if (format != 0 && format->mono_inverted) 6139 this->red = this->green = this->blue = this->red ^ max; 6140 6141 if ((colour_type & 4) != 0) /* alpha */ 6142 { 6143 if (format == 0 || !format->alpha_first) 6144 this->alpha = sample(row, colour_type, bit_depth, x, ++i, swap16, 6145 littleendian); 6146 6147 if (format != 0 && format->alpha_inverted) 6148 this->alpha ^= max; 6149 } 6150 } 6151 6152 /* Calculate the scaled values, these are simply the values divided by 6153 * 'max' and the error is initialized to the double precision epsilon value 6154 * from the header file. 6155 */ 6156 image_pixel_setf(this, 6157 sig_bits ? (1U << format->red_sBIT)-1 : max, 6158 sig_bits ? (1U << format->green_sBIT)-1 : max, 6159 sig_bits ? (1U << format->blue_sBIT)-1 : max, 6160 sig_bits ? (1U << format->alpha_sBIT)-1 : max); 6161 6162 /* Store the input information for use in the transforms - these will 6163 * modify the information. 6164 */ 6165 this->colour_type = colour_type; 6166 this->bit_depth = bit_depth; 6167 this->sample_depth = sample_depth; 6168 this->have_tRNS = 0; 6169 this->swap_rgb = 0; 6170 this->alpha_first = 0; 6171 this->alpha_inverted = 0; 6172 this->mono_inverted = 0; 6173 this->swap16 = 0; 6174 this->littleendian = 0; 6175 this->sig_bits = 0; 6176 } 6177 6178 #if defined PNG_READ_EXPAND_SUPPORTED || defined PNG_READ_GRAY_TO_RGB_SUPPORTED\ 6179 || defined PNG_READ_EXPAND_SUPPORTED || defined PNG_READ_EXPAND_16_SUPPORTED\ 6180 || defined PNG_READ_BACKGROUND_SUPPORTED 6181 /* Convert a palette image to an rgb image. This necessarily converts the tRNS 6182 * chunk at the same time, because the tRNS will be in palette form. The way 6183 * palette validation works means that the original palette is never updated, 6184 * instead the image_pixel value from the row contains the RGB of the 6185 * corresponding palette entry and *this* is updated. Consequently this routine 6186 * only needs to change the colour type information. 6187 */ 6188 static void 6189 image_pixel_convert_PLTE(image_pixel *this) 6190 { 6191 if (this->colour_type == PNG_COLOR_TYPE_PALETTE) 6192 { 6193 if (this->have_tRNS) 6194 { 6195 this->colour_type = PNG_COLOR_TYPE_RGB_ALPHA; 6196 this->have_tRNS = 0; 6197 } 6198 else 6199 this->colour_type = PNG_COLOR_TYPE_RGB; 6200 6201 /* The bit depth of the row changes at this point too (notice that this is 6202 * the row format, not the sample depth, which is separate.) 6203 */ 6204 this->bit_depth = 8; 6205 } 6206 } 6207 6208 /* Add an alpha channel; this will import the tRNS information because tRNS is 6209 * not valid in an alpha image. The bit depth will invariably be set to at 6210 * least 8 prior to 1.7.0. Palette images will be converted to alpha (using 6211 * the above API). With png_set_background the alpha channel is never expanded 6212 * but this routine is used by pngvalid to simplify code; 'for_background' 6213 * records this. 6214 */ 6215 static void 6216 image_pixel_add_alpha(image_pixel *this, const standard_display *display, 6217 int for_background) 6218 { 6219 if (this->colour_type == PNG_COLOR_TYPE_PALETTE) 6220 image_pixel_convert_PLTE(this); 6221 6222 if ((this->colour_type & PNG_COLOR_MASK_ALPHA) == 0) 6223 { 6224 if (this->colour_type == PNG_COLOR_TYPE_GRAY) 6225 { 6226 # if PNG_LIBPNG_VER < 10700 6227 if (!for_background && this->bit_depth < 8) 6228 this->bit_depth = this->sample_depth = 8; 6229 # endif 6230 6231 if (this->have_tRNS) 6232 { 6233 /* After 1.7 the expansion of bit depth only happens if there is a 6234 * tRNS chunk to expand at this point. 6235 */ 6236 # if PNG_LIBPNG_VER >= 10700 6237 if (!for_background && this->bit_depth < 8) 6238 this->bit_depth = this->sample_depth = 8; 6239 # endif 6240 6241 this->have_tRNS = 0; 6242 6243 /* Check the input, original, channel value here against the 6244 * original tRNS gray chunk valie. 6245 */ 6246 if (this->red == display->transparent.red) 6247 this->alphaf = 0; 6248 else 6249 this->alphaf = 1; 6250 } 6251 else 6252 this->alphaf = 1; 6253 6254 this->colour_type = PNG_COLOR_TYPE_GRAY_ALPHA; 6255 } 6256 6257 else if (this->colour_type == PNG_COLOR_TYPE_RGB) 6258 { 6259 if (this->have_tRNS) 6260 { 6261 this->have_tRNS = 0; 6262 6263 /* Again, check the exact input values, not the current transformed 6264 * value! 6265 */ 6266 if (this->red == display->transparent.red && 6267 this->green == display->transparent.green && 6268 this->blue == display->transparent.blue) 6269 this->alphaf = 0; 6270 else 6271 this->alphaf = 1; 6272 } 6273 else 6274 this->alphaf = 1; 6275 6276 this->colour_type = PNG_COLOR_TYPE_RGB_ALPHA; 6277 } 6278 6279 /* The error in the alpha is zero and the sBIT value comes from the 6280 * original sBIT data (actually it will always be the original bit depth). 6281 */ 6282 this->alphae = 0; 6283 this->alpha_sBIT = display->alpha_sBIT; 6284 } 6285 } 6286 #endif /* transforms that need image_pixel_add_alpha */ 6287 6288 struct transform_display; 6289 typedef struct image_transform 6290 { 6291 /* The name of this transform: a string. */ 6292 const char *name; 6293 6294 /* Each transform can be disabled from the command line: */ 6295 int enable; 6296 6297 /* The global list of transforms; read only. */ 6298 struct image_transform *const list; 6299 6300 /* The global count of the number of times this transform has been set on an 6301 * image. 6302 */ 6303 unsigned int global_use; 6304 6305 /* The local count of the number of times this transform has been set. */ 6306 unsigned int local_use; 6307 6308 /* The next transform in the list, each transform must call its own next 6309 * transform after it has processed the pixel successfully. 6310 */ 6311 const struct image_transform *next; 6312 6313 /* A single transform for the image, expressed as a series of function 6314 * callbacks and some space for values. 6315 * 6316 * First a callback to add any required modifications to the png_modifier; 6317 * this gets called just before the modifier is set up for read. 6318 */ 6319 void (*ini)(const struct image_transform *this, 6320 struct transform_display *that); 6321 6322 /* And a callback to set the transform on the current png_read_struct: 6323 */ 6324 void (*set)(const struct image_transform *this, 6325 struct transform_display *that, png_structp pp, png_infop pi); 6326 6327 /* Then a transform that takes an input pixel in one PNG format or another 6328 * and modifies it by a pngvalid implementation of the transform (thus 6329 * duplicating the libpng intent without, we hope, duplicating the bugs 6330 * in the libpng implementation!) The png_structp is solely to allow error 6331 * reporting via png_error and png_warning. 6332 */ 6333 void (*mod)(const struct image_transform *this, image_pixel *that, 6334 png_const_structp pp, const struct transform_display *display); 6335 6336 /* Add this transform to the list and return true if the transform is 6337 * meaningful for this colour type and bit depth - if false then the 6338 * transform should have no effect on the image so there's not a lot of 6339 * point running it. 6340 */ 6341 int (*add)(struct image_transform *this, 6342 const struct image_transform **that, png_byte colour_type, 6343 png_byte bit_depth); 6344 } image_transform; 6345 6346 typedef struct transform_display 6347 { 6348 standard_display this; 6349 6350 /* Parameters */ 6351 png_modifier* pm; 6352 const image_transform* transform_list; 6353 unsigned int max_gamma_8; 6354 6355 /* Local variables */ 6356 png_byte output_colour_type; 6357 png_byte output_bit_depth; 6358 png_byte unpacked; 6359 6360 /* Modifications (not necessarily used.) */ 6361 gama_modification gama_mod; 6362 chrm_modification chrm_mod; 6363 srgb_modification srgb_mod; 6364 } transform_display; 6365 6366 /* Set sRGB, cHRM and gAMA transforms as required by the current encoding. */ 6367 static void 6368 transform_set_encoding(transform_display *this) 6369 { 6370 /* Set up the png_modifier '_current' fields then use these to determine how 6371 * to add appropriate chunks. 6372 */ 6373 png_modifier *pm = this->pm; 6374 6375 modifier_set_encoding(pm); 6376 6377 if (modifier_color_encoding_is_set(pm)) 6378 { 6379 if (modifier_color_encoding_is_sRGB(pm)) 6380 srgb_modification_init(&this->srgb_mod, pm, PNG_sRGB_INTENT_ABSOLUTE); 6381 6382 else 6383 { 6384 /* Set gAMA and cHRM separately. */ 6385 gama_modification_init(&this->gama_mod, pm, pm->current_gamma); 6386 6387 if (pm->current_encoding != 0) 6388 chrm_modification_init(&this->chrm_mod, pm, pm->current_encoding); 6389 } 6390 } 6391 } 6392 6393 /* Three functions to end the list: */ 6394 static void 6395 image_transform_ini_end(const image_transform *this, 6396 transform_display *that) 6397 { 6398 UNUSED(this) 6399 UNUSED(that) 6400 } 6401 6402 static void 6403 image_transform_set_end(const image_transform *this, 6404 transform_display *that, png_structp pp, png_infop pi) 6405 { 6406 UNUSED(this) 6407 UNUSED(that) 6408 UNUSED(pp) 6409 UNUSED(pi) 6410 } 6411 6412 /* At the end of the list recalculate the output image pixel value from the 6413 * double precision values set up by the preceding 'mod' calls: 6414 */ 6415 static unsigned int 6416 sample_scale(double sample_value, unsigned int scale) 6417 { 6418 sample_value = floor(sample_value * scale + .5); 6419 6420 /* Return NaN as 0: */ 6421 if (!(sample_value > 0)) 6422 sample_value = 0; 6423 else if (sample_value > scale) 6424 sample_value = scale; 6425 6426 return (unsigned int)sample_value; 6427 } 6428 6429 static void 6430 image_transform_mod_end(const image_transform *this, image_pixel *that, 6431 png_const_structp pp, const transform_display *display) 6432 { 6433 const unsigned int scale = (1U<<that->sample_depth)-1; 6434 const int sig_bits = that->sig_bits; 6435 6436 UNUSED(this) 6437 UNUSED(pp) 6438 UNUSED(display) 6439 6440 /* At the end recalculate the digitized red green and blue values according 6441 * to the current sample_depth of the pixel. 6442 * 6443 * The sample value is simply scaled to the maximum, checking for over 6444 * and underflow (which can both happen for some image transforms, 6445 * including simple size scaling, though libpng doesn't do that at present. 6446 */ 6447 that->red = sample_scale(that->redf, scale); 6448 6449 /* This is a bit bogus; really the above calculation should use the red_sBIT 6450 * value, not sample_depth, but because libpng does png_set_shift by just 6451 * shifting the bits we get errors if we don't do it the same way. 6452 */ 6453 if (sig_bits && that->red_sBIT < that->sample_depth) 6454 that->red >>= that->sample_depth - that->red_sBIT; 6455 6456 /* The error value is increased, at the end, according to the lowest sBIT 6457 * value seen. Common sense tells us that the intermediate integer 6458 * representations are no more accurate than +/- 0.5 in the integral values, 6459 * the sBIT allows the implementation to be worse than this. In addition the 6460 * PNG specification actually permits any error within the range (-1..+1), 6461 * but that is ignored here. Instead the final digitized value is compared, 6462 * below to the digitized value of the error limits - this has the net effect 6463 * of allowing (almost) +/-1 in the output value. It's difficult to see how 6464 * any algorithm that digitizes intermediate results can be more accurate. 6465 */ 6466 that->rede += 1./(2*((1U<<that->red_sBIT)-1)); 6467 6468 if (that->colour_type & PNG_COLOR_MASK_COLOR) 6469 { 6470 that->green = sample_scale(that->greenf, scale); 6471 if (sig_bits && that->green_sBIT < that->sample_depth) 6472 that->green >>= that->sample_depth - that->green_sBIT; 6473 6474 that->blue = sample_scale(that->bluef, scale); 6475 if (sig_bits && that->blue_sBIT < that->sample_depth) 6476 that->blue >>= that->sample_depth - that->blue_sBIT; 6477 6478 that->greene += 1./(2*((1U<<that->green_sBIT)-1)); 6479 that->bluee += 1./(2*((1U<<that->blue_sBIT)-1)); 6480 } 6481 else 6482 { 6483 that->blue = that->green = that->red; 6484 that->bluef = that->greenf = that->redf; 6485 that->bluee = that->greene = that->rede; 6486 } 6487 6488 if ((that->colour_type & PNG_COLOR_MASK_ALPHA) || 6489 that->colour_type == PNG_COLOR_TYPE_PALETTE) 6490 { 6491 that->alpha = sample_scale(that->alphaf, scale); 6492 that->alphae += 1./(2*((1U<<that->alpha_sBIT)-1)); 6493 } 6494 else 6495 { 6496 that->alpha = scale; /* opaque */ 6497 that->alphaf = 1; /* Override this. */ 6498 that->alphae = 0; /* It's exact ;-) */ 6499 } 6500 6501 if (sig_bits && that->alpha_sBIT < that->sample_depth) 6502 that->alpha >>= that->sample_depth - that->alpha_sBIT; 6503 } 6504 6505 /* Static 'end' structure: */ 6506 static image_transform image_transform_end = 6507 { 6508 "(end)", /* name */ 6509 1, /* enable */ 6510 0, /* list */ 6511 0, /* global_use */ 6512 0, /* local_use */ 6513 0, /* next */ 6514 image_transform_ini_end, 6515 image_transform_set_end, 6516 image_transform_mod_end, 6517 0 /* never called, I want it to crash if it is! */ 6518 }; 6519 6520 /* Reader callbacks and implementations, where they differ from the standard 6521 * ones. 6522 */ 6523 static void 6524 transform_display_init(transform_display *dp, png_modifier *pm, png_uint_32 id, 6525 const image_transform *transform_list) 6526 { 6527 memset(dp, 0, sizeof *dp); 6528 6529 /* Standard fields */ 6530 standard_display_init(&dp->this, &pm->this, id, do_read_interlace, 6531 pm->use_update_info); 6532 6533 /* Parameter fields */ 6534 dp->pm = pm; 6535 dp->transform_list = transform_list; 6536 dp->max_gamma_8 = 16; 6537 6538 /* Local variable fields */ 6539 dp->output_colour_type = 255; /* invalid */ 6540 dp->output_bit_depth = 255; /* invalid */ 6541 dp->unpacked = 0; /* not unpacked */ 6542 } 6543 6544 static void 6545 transform_info_imp(transform_display *dp, png_structp pp, png_infop pi) 6546 { 6547 /* Reuse the standard stuff as appropriate. */ 6548 standard_info_part1(&dp->this, pp, pi); 6549 6550 /* Now set the list of transforms. */ 6551 dp->transform_list->set(dp->transform_list, dp, pp, pi); 6552 6553 /* Update the info structure for these transforms: */ 6554 { 6555 int i = dp->this.use_update_info; 6556 /* Always do one call, even if use_update_info is 0. */ 6557 do 6558 png_read_update_info(pp, pi); 6559 while (--i > 0); 6560 } 6561 6562 /* And get the output information into the standard_display */ 6563 standard_info_part2(&dp->this, pp, pi, 1/*images*/); 6564 6565 /* Plus the extra stuff we need for the transform tests: */ 6566 dp->output_colour_type = png_get_color_type(pp, pi); 6567 dp->output_bit_depth = png_get_bit_depth(pp, pi); 6568 6569 /* If png_set_filler is in action then fake the output color type to include 6570 * an alpha channel where appropriate. 6571 */ 6572 if (dp->output_bit_depth >= 8 && 6573 (dp->output_colour_type == PNG_COLOR_TYPE_RGB || 6574 dp->output_colour_type == PNG_COLOR_TYPE_GRAY) && dp->this.filler) 6575 dp->output_colour_type |= 4; 6576 6577 /* Validate the combination of colour type and bit depth that we are getting 6578 * out of libpng; the semantics of something not in the PNG spec are, at 6579 * best, unclear. 6580 */ 6581 switch (dp->output_colour_type) 6582 { 6583 case PNG_COLOR_TYPE_PALETTE: 6584 if (dp->output_bit_depth > 8) goto error; 6585 /*FALL THROUGH*/ 6586 case PNG_COLOR_TYPE_GRAY: 6587 if (dp->output_bit_depth == 1 || dp->output_bit_depth == 2 || 6588 dp->output_bit_depth == 4) 6589 break; 6590 /*FALL THROUGH*/ 6591 default: 6592 if (dp->output_bit_depth == 8 || dp->output_bit_depth == 16) 6593 break; 6594 /*FALL THROUGH*/ 6595 error: 6596 { 6597 char message[128]; 6598 size_t pos; 6599 6600 pos = safecat(message, sizeof message, 0, 6601 "invalid final bit depth: colour type("); 6602 pos = safecatn(message, sizeof message, pos, dp->output_colour_type); 6603 pos = safecat(message, sizeof message, pos, ") with bit depth: "); 6604 pos = safecatn(message, sizeof message, pos, dp->output_bit_depth); 6605 6606 png_error(pp, message); 6607 } 6608 } 6609 6610 /* Use a test pixel to check that the output agrees with what we expect - 6611 * this avoids running the whole test if the output is unexpected. This also 6612 * checks for internal errors. 6613 */ 6614 { 6615 image_pixel test_pixel; 6616 6617 memset(&test_pixel, 0, sizeof test_pixel); 6618 test_pixel.colour_type = dp->this.colour_type; /* input */ 6619 test_pixel.bit_depth = dp->this.bit_depth; 6620 if (test_pixel.colour_type == PNG_COLOR_TYPE_PALETTE) 6621 test_pixel.sample_depth = 8; 6622 else 6623 test_pixel.sample_depth = test_pixel.bit_depth; 6624 /* Don't need sBIT here, but it must be set to non-zero to avoid 6625 * arithmetic overflows. 6626 */ 6627 test_pixel.have_tRNS = dp->this.is_transparent != 0; 6628 test_pixel.red_sBIT = test_pixel.green_sBIT = test_pixel.blue_sBIT = 6629 test_pixel.alpha_sBIT = test_pixel.sample_depth; 6630 6631 dp->transform_list->mod(dp->transform_list, &test_pixel, pp, dp); 6632 6633 if (test_pixel.colour_type != dp->output_colour_type) 6634 { 6635 char message[128]; 6636 size_t pos = safecat(message, sizeof message, 0, "colour type "); 6637 6638 pos = safecatn(message, sizeof message, pos, dp->output_colour_type); 6639 pos = safecat(message, sizeof message, pos, " expected "); 6640 pos = safecatn(message, sizeof message, pos, test_pixel.colour_type); 6641 6642 png_error(pp, message); 6643 } 6644 6645 if (test_pixel.bit_depth != dp->output_bit_depth) 6646 { 6647 char message[128]; 6648 size_t pos = safecat(message, sizeof message, 0, "bit depth "); 6649 6650 pos = safecatn(message, sizeof message, pos, dp->output_bit_depth); 6651 pos = safecat(message, sizeof message, pos, " expected "); 6652 pos = safecatn(message, sizeof message, pos, test_pixel.bit_depth); 6653 6654 png_error(pp, message); 6655 } 6656 6657 /* If both bit depth and colour type are correct check the sample depth. 6658 */ 6659 if (test_pixel.colour_type == PNG_COLOR_TYPE_PALETTE && 6660 test_pixel.sample_depth != 8) /* oops - internal error! */ 6661 png_error(pp, "pngvalid: internal: palette sample depth not 8"); 6662 else if (dp->unpacked && test_pixel.bit_depth != 8) 6663 png_error(pp, "pngvalid: internal: bad unpacked pixel depth"); 6664 else if (!dp->unpacked && test_pixel.colour_type != PNG_COLOR_TYPE_PALETTE 6665 && test_pixel.bit_depth != test_pixel.sample_depth) 6666 { 6667 char message[128]; 6668 size_t pos = safecat(message, sizeof message, 0, 6669 "internal: sample depth "); 6670 6671 /* Because unless something has set 'unpacked' or the image is palette 6672 * mapped we expect the transform to keep sample depth and bit depth 6673 * the same. 6674 */ 6675 pos = safecatn(message, sizeof message, pos, test_pixel.sample_depth); 6676 pos = safecat(message, sizeof message, pos, " expected "); 6677 pos = safecatn(message, sizeof message, pos, test_pixel.bit_depth); 6678 6679 png_error(pp, message); 6680 } 6681 else if (test_pixel.bit_depth != dp->output_bit_depth) 6682 { 6683 /* This could be a libpng error too; libpng has not produced what we 6684 * expect for the output bit depth. 6685 */ 6686 char message[128]; 6687 size_t pos = safecat(message, sizeof message, 0, 6688 "internal: bit depth "); 6689 6690 pos = safecatn(message, sizeof message, pos, dp->output_bit_depth); 6691 pos = safecat(message, sizeof message, pos, " expected "); 6692 pos = safecatn(message, sizeof message, pos, test_pixel.bit_depth); 6693 6694 png_error(pp, message); 6695 } 6696 } 6697 } 6698 6699 static void PNGCBAPI 6700 transform_info(png_structp pp, png_infop pi) 6701 { 6702 transform_info_imp(voidcast(transform_display*, png_get_progressive_ptr(pp)), 6703 pp, pi); 6704 } 6705 6706 static void 6707 transform_range_check(png_const_structp pp, unsigned int r, unsigned int g, 6708 unsigned int b, unsigned int a, unsigned int in_digitized, double in, 6709 unsigned int out, png_byte sample_depth, double err, double limit, 6710 const char *name, double digitization_error) 6711 { 6712 /* Compare the scaled, digitzed, values of our local calculation (in+-err) 6713 * with the digitized values libpng produced; 'sample_depth' is the actual 6714 * digitization depth of the libpng output colors (the bit depth except for 6715 * palette images where it is always 8.) The check on 'err' is to detect 6716 * internal errors in pngvalid itself. 6717 */ 6718 unsigned int max = (1U<<sample_depth)-1; 6719 double in_min = ceil((in-err)*max - digitization_error); 6720 double in_max = floor((in+err)*max + digitization_error); 6721 if (debugonly(err > limit ||) !(out >= in_min && out <= in_max)) 6722 { 6723 char message[256]; 6724 size_t pos; 6725 6726 pos = safecat(message, sizeof message, 0, name); 6727 pos = safecat(message, sizeof message, pos, " output value error: rgba("); 6728 pos = safecatn(message, sizeof message, pos, r); 6729 pos = safecat(message, sizeof message, pos, ","); 6730 pos = safecatn(message, sizeof message, pos, g); 6731 pos = safecat(message, sizeof message, pos, ","); 6732 pos = safecatn(message, sizeof message, pos, b); 6733 pos = safecat(message, sizeof message, pos, ","); 6734 pos = safecatn(message, sizeof message, pos, a); 6735 pos = safecat(message, sizeof message, pos, "): "); 6736 pos = safecatn(message, sizeof message, pos, out); 6737 pos = safecat(message, sizeof message, pos, " expected: "); 6738 pos = safecatn(message, sizeof message, pos, in_digitized); 6739 pos = safecat(message, sizeof message, pos, " ("); 6740 pos = safecatd(message, sizeof message, pos, (in-err)*max, 3); 6741 pos = safecat(message, sizeof message, pos, ".."); 6742 pos = safecatd(message, sizeof message, pos, (in+err)*max, 3); 6743 pos = safecat(message, sizeof message, pos, ")"); 6744 6745 png_error(pp, message); 6746 } 6747 6748 UNUSED(limit) 6749 } 6750 6751 static void 6752 transform_image_validate(transform_display *dp, png_const_structp pp, 6753 png_infop pi) 6754 { 6755 /* Constants for the loop below: */ 6756 const png_store* const ps = dp->this.ps; 6757 const png_byte in_ct = dp->this.colour_type; 6758 const png_byte in_bd = dp->this.bit_depth; 6759 const png_uint_32 w = dp->this.w; 6760 const png_uint_32 h = dp->this.h; 6761 const png_byte out_ct = dp->output_colour_type; 6762 const png_byte out_bd = dp->output_bit_depth; 6763 const png_byte sample_depth = (png_byte)(out_ct == 6764 PNG_COLOR_TYPE_PALETTE ? 8 : out_bd); 6765 const png_byte red_sBIT = dp->this.red_sBIT; 6766 const png_byte green_sBIT = dp->this.green_sBIT; 6767 const png_byte blue_sBIT = dp->this.blue_sBIT; 6768 const png_byte alpha_sBIT = dp->this.alpha_sBIT; 6769 const int have_tRNS = dp->this.is_transparent; 6770 double digitization_error; 6771 6772 store_palette out_palette; 6773 png_uint_32 y; 6774 6775 UNUSED(pi) 6776 6777 /* Check for row overwrite errors */ 6778 store_image_check(dp->this.ps, pp, 0); 6779 6780 /* Read the palette corresponding to the output if the output colour type 6781 * indicates a palette, othewise set out_palette to garbage. 6782 */ 6783 if (out_ct == PNG_COLOR_TYPE_PALETTE) 6784 { 6785 /* Validate that the palette count itself has not changed - this is not 6786 * expected. 6787 */ 6788 int npalette = (-1); 6789 6790 (void)read_palette(out_palette, &npalette, pp, pi); 6791 if (npalette != dp->this.npalette) 6792 png_error(pp, "unexpected change in palette size"); 6793 6794 digitization_error = .5; 6795 } 6796 else 6797 { 6798 png_byte in_sample_depth; 6799 6800 memset(out_palette, 0x5e, sizeof out_palette); 6801 6802 /* use-input-precision means assume that if the input has 8 bit (or less) 6803 * samples and the output has 16 bit samples the calculations will be done 6804 * with 8 bit precision, not 16. 6805 */ 6806 if (in_ct == PNG_COLOR_TYPE_PALETTE || in_bd < 16) 6807 in_sample_depth = 8; 6808 else 6809 in_sample_depth = in_bd; 6810 6811 if (sample_depth != 16 || in_sample_depth > 8 || 6812 !dp->pm->calculations_use_input_precision) 6813 digitization_error = .5; 6814 6815 /* Else calculations are at 8 bit precision, and the output actually 6816 * consists of scaled 8-bit values, so scale .5 in 8 bits to the 16 bits: 6817 */ 6818 else 6819 digitization_error = .5 * 257; 6820 } 6821 6822 for (y=0; y<h; ++y) 6823 { 6824 png_const_bytep const pRow = store_image_row(ps, pp, 0, y); 6825 png_uint_32 x; 6826 6827 /* The original, standard, row pre-transforms. */ 6828 png_byte std[STANDARD_ROWMAX]; 6829 6830 transform_row(pp, std, in_ct, in_bd, y); 6831 6832 /* Go through each original pixel transforming it and comparing with what 6833 * libpng did to the same pixel. 6834 */ 6835 for (x=0; x<w; ++x) 6836 { 6837 image_pixel in_pixel, out_pixel; 6838 unsigned int r, g, b, a; 6839 6840 /* Find out what we think the pixel should be: */ 6841 image_pixel_init(&in_pixel, std, in_ct, in_bd, x, dp->this.palette, 6842 NULL); 6843 6844 in_pixel.red_sBIT = red_sBIT; 6845 in_pixel.green_sBIT = green_sBIT; 6846 in_pixel.blue_sBIT = blue_sBIT; 6847 in_pixel.alpha_sBIT = alpha_sBIT; 6848 in_pixel.have_tRNS = have_tRNS != 0; 6849 6850 /* For error detection, below. */ 6851 r = in_pixel.red; 6852 g = in_pixel.green; 6853 b = in_pixel.blue; 6854 a = in_pixel.alpha; 6855 6856 /* This applies the transforms to the input data, including output 6857 * format operations which must be used when reading the output 6858 * pixel that libpng produces. 6859 */ 6860 dp->transform_list->mod(dp->transform_list, &in_pixel, pp, dp); 6861 6862 /* Read the output pixel and compare it to what we got, we don't 6863 * use the error field here, so no need to update sBIT. in_pixel 6864 * says whether we expect libpng to change the output format. 6865 */ 6866 image_pixel_init(&out_pixel, pRow, out_ct, out_bd, x, out_palette, 6867 &in_pixel); 6868 6869 /* We don't expect changes to the index here even if the bit depth is 6870 * changed. 6871 */ 6872 if (in_ct == PNG_COLOR_TYPE_PALETTE && 6873 out_ct == PNG_COLOR_TYPE_PALETTE) 6874 { 6875 if (in_pixel.palette_index != out_pixel.palette_index) 6876 png_error(pp, "unexpected transformed palette index"); 6877 } 6878 6879 /* Check the colours for palette images too - in fact the palette could 6880 * be separately verified itself in most cases. 6881 */ 6882 if (in_pixel.red != out_pixel.red) 6883 transform_range_check(pp, r, g, b, a, in_pixel.red, in_pixel.redf, 6884 out_pixel.red, sample_depth, in_pixel.rede, 6885 dp->pm->limit + 1./(2*((1U<<in_pixel.red_sBIT)-1)), "red/gray", 6886 digitization_error); 6887 6888 if ((out_ct & PNG_COLOR_MASK_COLOR) != 0 && 6889 in_pixel.green != out_pixel.green) 6890 transform_range_check(pp, r, g, b, a, in_pixel.green, 6891 in_pixel.greenf, out_pixel.green, sample_depth, in_pixel.greene, 6892 dp->pm->limit + 1./(2*((1U<<in_pixel.green_sBIT)-1)), "green", 6893 digitization_error); 6894 6895 if ((out_ct & PNG_COLOR_MASK_COLOR) != 0 && 6896 in_pixel.blue != out_pixel.blue) 6897 transform_range_check(pp, r, g, b, a, in_pixel.blue, in_pixel.bluef, 6898 out_pixel.blue, sample_depth, in_pixel.bluee, 6899 dp->pm->limit + 1./(2*((1U<<in_pixel.blue_sBIT)-1)), "blue", 6900 digitization_error); 6901 6902 if ((out_ct & PNG_COLOR_MASK_ALPHA) != 0 && 6903 in_pixel.alpha != out_pixel.alpha) 6904 transform_range_check(pp, r, g, b, a, in_pixel.alpha, 6905 in_pixel.alphaf, out_pixel.alpha, sample_depth, in_pixel.alphae, 6906 dp->pm->limit + 1./(2*((1U<<in_pixel.alpha_sBIT)-1)), "alpha", 6907 digitization_error); 6908 } /* pixel (x) loop */ 6909 } /* row (y) loop */ 6910 6911 /* Record that something was actually checked to avoid a false positive. */ 6912 dp->this.ps->validated = 1; 6913 } 6914 6915 static void PNGCBAPI 6916 transform_end(png_structp ppIn, png_infop pi) 6917 { 6918 png_const_structp pp = ppIn; 6919 transform_display *dp = voidcast(transform_display*, 6920 png_get_progressive_ptr(pp)); 6921 6922 if (!dp->this.speed) 6923 transform_image_validate(dp, pp, pi); 6924 else 6925 dp->this.ps->validated = 1; 6926 } 6927 6928 /* A single test run. */ 6929 static void 6930 transform_test(png_modifier *pmIn, const png_uint_32 idIn, 6931 const image_transform* transform_listIn, const char * const name) 6932 { 6933 transform_display d; 6934 context(&pmIn->this, fault); 6935 6936 transform_display_init(&d, pmIn, idIn, transform_listIn); 6937 6938 Try 6939 { 6940 size_t pos = 0; 6941 png_structp pp; 6942 png_infop pi; 6943 char full_name[256]; 6944 6945 /* Make sure the encoding fields are correct and enter the required 6946 * modifications. 6947 */ 6948 transform_set_encoding(&d); 6949 6950 /* Add any modifications required by the transform list. */ 6951 d.transform_list->ini(d.transform_list, &d); 6952 6953 /* Add the color space information, if any, to the name. */ 6954 pos = safecat(full_name, sizeof full_name, pos, name); 6955 pos = safecat_current_encoding(full_name, sizeof full_name, pos, d.pm); 6956 6957 /* Get a png_struct for reading the image. */ 6958 pp = set_modifier_for_read(d.pm, &pi, d.this.id, full_name); 6959 standard_palette_init(&d.this); 6960 6961 # if 0 6962 /* Logging (debugging only) */ 6963 { 6964 char buffer[256]; 6965 6966 (void)store_message(&d.pm->this, pp, buffer, sizeof buffer, 0, 6967 "running test"); 6968 6969 fprintf(stderr, "%s\n", buffer); 6970 } 6971 # endif 6972 6973 /* Introduce the correct read function. */ 6974 if (d.pm->this.progressive) 6975 { 6976 /* Share the row function with the standard implementation. */ 6977 png_set_progressive_read_fn(pp, &d, transform_info, progressive_row, 6978 transform_end); 6979 6980 /* Now feed data into the reader until we reach the end: */ 6981 modifier_progressive_read(d.pm, pp, pi); 6982 } 6983 else 6984 { 6985 /* modifier_read expects a png_modifier* */ 6986 png_set_read_fn(pp, d.pm, modifier_read); 6987 6988 /* Check the header values: */ 6989 png_read_info(pp, pi); 6990 6991 /* Process the 'info' requirements. Only one image is generated */ 6992 transform_info_imp(&d, pp, pi); 6993 6994 sequential_row(&d.this, pp, pi, -1, 0); 6995 6996 if (!d.this.speed) 6997 transform_image_validate(&d, pp, pi); 6998 else 6999 d.this.ps->validated = 1; 7000 } 7001 7002 modifier_reset(d.pm); 7003 } 7004 7005 Catch(fault) 7006 { 7007 modifier_reset(voidcast(png_modifier*,(void*)fault)); 7008 } 7009 } 7010 7011 /* The transforms: */ 7012 #define ITSTRUCT(name) image_transform_##name 7013 #define ITDATA(name) image_transform_data_##name 7014 #define image_transform_ini image_transform_default_ini 7015 #define IT(name)\ 7016 static image_transform ITSTRUCT(name) =\ 7017 {\ 7018 #name,\ 7019 1, /*enable*/\ 7020 &PT, /*list*/\ 7021 0, /*global_use*/\ 7022 0, /*local_use*/\ 7023 0, /*next*/\ 7024 image_transform_ini,\ 7025 image_transform_png_set_##name##_set,\ 7026 image_transform_png_set_##name##_mod,\ 7027 image_transform_png_set_##name##_add\ 7028 } 7029 #define PT ITSTRUCT(end) /* stores the previous transform */ 7030 7031 /* To save code: */ 7032 extern void image_transform_default_ini(const image_transform *this, 7033 transform_display *that); /* silence GCC warnings */ 7034 7035 void /* private, but almost always needed */ 7036 image_transform_default_ini(const image_transform *this, 7037 transform_display *that) 7038 { 7039 this->next->ini(this->next, that); 7040 } 7041 7042 #ifdef PNG_READ_BACKGROUND_SUPPORTED 7043 static int 7044 image_transform_default_add(image_transform *this, 7045 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7046 { 7047 UNUSED(colour_type) 7048 UNUSED(bit_depth) 7049 7050 this->next = *that; 7051 *that = this; 7052 7053 return 1; 7054 } 7055 #endif 7056 7057 #ifdef PNG_READ_EXPAND_SUPPORTED 7058 /* png_set_palette_to_rgb */ 7059 static void 7060 image_transform_png_set_palette_to_rgb_set(const image_transform *this, 7061 transform_display *that, png_structp pp, png_infop pi) 7062 { 7063 png_set_palette_to_rgb(pp); 7064 this->next->set(this->next, that, pp, pi); 7065 } 7066 7067 static void 7068 image_transform_png_set_palette_to_rgb_mod(const image_transform *this, 7069 image_pixel *that, png_const_structp pp, 7070 const transform_display *display) 7071 { 7072 if (that->colour_type == PNG_COLOR_TYPE_PALETTE) 7073 image_pixel_convert_PLTE(that); 7074 7075 this->next->mod(this->next, that, pp, display); 7076 } 7077 7078 static int 7079 image_transform_png_set_palette_to_rgb_add(image_transform *this, 7080 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7081 { 7082 UNUSED(bit_depth) 7083 7084 this->next = *that; 7085 *that = this; 7086 7087 return colour_type == PNG_COLOR_TYPE_PALETTE; 7088 } 7089 7090 IT(palette_to_rgb); 7091 #undef PT 7092 #define PT ITSTRUCT(palette_to_rgb) 7093 #endif /* PNG_READ_EXPAND_SUPPORTED */ 7094 7095 #ifdef PNG_READ_EXPAND_SUPPORTED 7096 /* png_set_tRNS_to_alpha */ 7097 static void 7098 image_transform_png_set_tRNS_to_alpha_set(const image_transform *this, 7099 transform_display *that, png_structp pp, png_infop pi) 7100 { 7101 png_set_tRNS_to_alpha(pp); 7102 7103 /* If there was a tRNS chunk that would get expanded and add an alpha 7104 * channel is_transparent must be updated: 7105 */ 7106 if (that->this.has_tRNS) 7107 that->this.is_transparent = 1; 7108 7109 this->next->set(this->next, that, pp, pi); 7110 } 7111 7112 static void 7113 image_transform_png_set_tRNS_to_alpha_mod(const image_transform *this, 7114 image_pixel *that, png_const_structp pp, 7115 const transform_display *display) 7116 { 7117 #if PNG_LIBPNG_VER < 10700 7118 /* LIBPNG BUG: this always forces palette images to RGB. */ 7119 if (that->colour_type == PNG_COLOR_TYPE_PALETTE) 7120 image_pixel_convert_PLTE(that); 7121 #endif 7122 7123 /* This effectively does an 'expand' only if there is some transparency to 7124 * convert to an alpha channel. 7125 */ 7126 if (that->have_tRNS) 7127 # if PNG_LIBPNG_VER >= 10700 7128 if (that->colour_type != PNG_COLOR_TYPE_PALETTE && 7129 (that->colour_type & PNG_COLOR_MASK_ALPHA) == 0) 7130 # endif 7131 image_pixel_add_alpha(that, &display->this, 0/*!for background*/); 7132 7133 #if PNG_LIBPNG_VER < 10700 7134 /* LIBPNG BUG: otherwise libpng still expands to 8 bits! */ 7135 else 7136 { 7137 if (that->bit_depth < 8) 7138 that->bit_depth =8; 7139 if (that->sample_depth < 8) 7140 that->sample_depth = 8; 7141 } 7142 #endif 7143 7144 this->next->mod(this->next, that, pp, display); 7145 } 7146 7147 static int 7148 image_transform_png_set_tRNS_to_alpha_add(image_transform *this, 7149 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7150 { 7151 UNUSED(bit_depth) 7152 7153 this->next = *that; 7154 *that = this; 7155 7156 /* We don't know yet whether there will be a tRNS chunk, but we know that 7157 * this transformation should do nothing if there already is an alpha 7158 * channel. In addition, after the bug fix in 1.7.0, there is no longer 7159 * any action on a palette image. 7160 */ 7161 return 7162 # if PNG_LIBPNG_VER >= 10700 7163 colour_type != PNG_COLOR_TYPE_PALETTE && 7164 # endif 7165 (colour_type & PNG_COLOR_MASK_ALPHA) == 0; 7166 } 7167 7168 IT(tRNS_to_alpha); 7169 #undef PT 7170 #define PT ITSTRUCT(tRNS_to_alpha) 7171 #endif /* PNG_READ_EXPAND_SUPPORTED */ 7172 7173 #ifdef PNG_READ_GRAY_TO_RGB_SUPPORTED 7174 /* png_set_gray_to_rgb */ 7175 static void 7176 image_transform_png_set_gray_to_rgb_set(const image_transform *this, 7177 transform_display *that, png_structp pp, png_infop pi) 7178 { 7179 png_set_gray_to_rgb(pp); 7180 /* NOTE: this doesn't result in tRNS expansion. */ 7181 this->next->set(this->next, that, pp, pi); 7182 } 7183 7184 static void 7185 image_transform_png_set_gray_to_rgb_mod(const image_transform *this, 7186 image_pixel *that, png_const_structp pp, 7187 const transform_display *display) 7188 { 7189 /* NOTE: we can actually pend the tRNS processing at this point because we 7190 * can correctly recognize the original pixel value even though we have 7191 * mapped the one gray channel to the three RGB ones, but in fact libpng 7192 * doesn't do this, so we don't either. 7193 */ 7194 if ((that->colour_type & PNG_COLOR_MASK_COLOR) == 0 && that->have_tRNS) 7195 image_pixel_add_alpha(that, &display->this, 0/*!for background*/); 7196 7197 /* Simply expand the bit depth and alter the colour type as required. */ 7198 if (that->colour_type == PNG_COLOR_TYPE_GRAY) 7199 { 7200 /* RGB images have a bit depth at least equal to '8' */ 7201 if (that->bit_depth < 8) 7202 that->sample_depth = that->bit_depth = 8; 7203 7204 /* And just changing the colour type works here because the green and blue 7205 * channels are being maintained in lock-step with the red/gray: 7206 */ 7207 that->colour_type = PNG_COLOR_TYPE_RGB; 7208 } 7209 7210 else if (that->colour_type == PNG_COLOR_TYPE_GRAY_ALPHA) 7211 that->colour_type = PNG_COLOR_TYPE_RGB_ALPHA; 7212 7213 this->next->mod(this->next, that, pp, display); 7214 } 7215 7216 static int 7217 image_transform_png_set_gray_to_rgb_add(image_transform *this, 7218 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7219 { 7220 UNUSED(bit_depth) 7221 7222 this->next = *that; 7223 *that = this; 7224 7225 return (colour_type & PNG_COLOR_MASK_COLOR) == 0; 7226 } 7227 7228 IT(gray_to_rgb); 7229 #undef PT 7230 #define PT ITSTRUCT(gray_to_rgb) 7231 #endif /* PNG_READ_GRAY_TO_RGB_SUPPORTED */ 7232 7233 #ifdef PNG_READ_EXPAND_SUPPORTED 7234 /* png_set_expand */ 7235 static void 7236 image_transform_png_set_expand_set(const image_transform *this, 7237 transform_display *that, png_structp pp, png_infop pi) 7238 { 7239 png_set_expand(pp); 7240 7241 if (that->this.has_tRNS) 7242 that->this.is_transparent = 1; 7243 7244 this->next->set(this->next, that, pp, pi); 7245 } 7246 7247 static void 7248 image_transform_png_set_expand_mod(const image_transform *this, 7249 image_pixel *that, png_const_structp pp, 7250 const transform_display *display) 7251 { 7252 /* The general expand case depends on what the colour type is: */ 7253 if (that->colour_type == PNG_COLOR_TYPE_PALETTE) 7254 image_pixel_convert_PLTE(that); 7255 else if (that->bit_depth < 8) /* grayscale */ 7256 that->sample_depth = that->bit_depth = 8; 7257 7258 if (that->have_tRNS) 7259 image_pixel_add_alpha(that, &display->this, 0/*!for background*/); 7260 7261 this->next->mod(this->next, that, pp, display); 7262 } 7263 7264 static int 7265 image_transform_png_set_expand_add(image_transform *this, 7266 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7267 { 7268 UNUSED(bit_depth) 7269 7270 this->next = *that; 7271 *that = this; 7272 7273 /* 'expand' should do nothing for RGBA or GA input - no tRNS and the bit 7274 * depth is at least 8 already. 7275 */ 7276 return (colour_type & PNG_COLOR_MASK_ALPHA) == 0; 7277 } 7278 7279 IT(expand); 7280 #undef PT 7281 #define PT ITSTRUCT(expand) 7282 #endif /* PNG_READ_EXPAND_SUPPORTED */ 7283 7284 #ifdef PNG_READ_EXPAND_SUPPORTED 7285 /* png_set_expand_gray_1_2_4_to_8 7286 * Pre 1.7.0 LIBPNG BUG: this just does an 'expand' 7287 */ 7288 static void 7289 image_transform_png_set_expand_gray_1_2_4_to_8_set( 7290 const image_transform *this, transform_display *that, png_structp pp, 7291 png_infop pi) 7292 { 7293 png_set_expand_gray_1_2_4_to_8(pp); 7294 /* NOTE: don't expect this to expand tRNS */ 7295 this->next->set(this->next, that, pp, pi); 7296 } 7297 7298 static void 7299 image_transform_png_set_expand_gray_1_2_4_to_8_mod( 7300 const image_transform *this, image_pixel *that, png_const_structp pp, 7301 const transform_display *display) 7302 { 7303 #if PNG_LIBPNG_VER < 10700 7304 image_transform_png_set_expand_mod(this, that, pp, display); 7305 #else 7306 /* Only expand grayscale of bit depth less than 8: */ 7307 if (that->colour_type == PNG_COLOR_TYPE_GRAY && 7308 that->bit_depth < 8) 7309 that->sample_depth = that->bit_depth = 8; 7310 7311 this->next->mod(this->next, that, pp, display); 7312 #endif /* 1.7 or later */ 7313 } 7314 7315 static int 7316 image_transform_png_set_expand_gray_1_2_4_to_8_add(image_transform *this, 7317 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7318 { 7319 #if PNG_LIBPNG_VER < 10700 7320 return image_transform_png_set_expand_add(this, that, colour_type, 7321 bit_depth); 7322 #else 7323 UNUSED(bit_depth) 7324 7325 this->next = *that; 7326 *that = this; 7327 7328 /* This should do nothing unless the color type is gray and the bit depth is 7329 * less than 8: 7330 */ 7331 return colour_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8; 7332 #endif /* 1.7 or later */ 7333 } 7334 7335 IT(expand_gray_1_2_4_to_8); 7336 #undef PT 7337 #define PT ITSTRUCT(expand_gray_1_2_4_to_8) 7338 #endif /* PNG_READ_EXPAND_SUPPORTED */ 7339 7340 #ifdef PNG_READ_EXPAND_16_SUPPORTED 7341 /* png_set_expand_16 */ 7342 static void 7343 image_transform_png_set_expand_16_set(const image_transform *this, 7344 transform_display *that, png_structp pp, png_infop pi) 7345 { 7346 png_set_expand_16(pp); 7347 7348 /* NOTE: prior to 1.7 libpng does SET_EXPAND as well, so tRNS is expanded. */ 7349 # if PNG_LIBPNG_VER < 10700 7350 if (that->this.has_tRNS) 7351 that->this.is_transparent = 1; 7352 # endif 7353 7354 this->next->set(this->next, that, pp, pi); 7355 } 7356 7357 static void 7358 image_transform_png_set_expand_16_mod(const image_transform *this, 7359 image_pixel *that, png_const_structp pp, 7360 const transform_display *display) 7361 { 7362 /* Expect expand_16 to expand everything to 16 bits as a result of also 7363 * causing 'expand' to happen. 7364 */ 7365 if (that->colour_type == PNG_COLOR_TYPE_PALETTE) 7366 image_pixel_convert_PLTE(that); 7367 7368 if (that->have_tRNS) 7369 image_pixel_add_alpha(that, &display->this, 0/*!for background*/); 7370 7371 if (that->bit_depth < 16) 7372 that->sample_depth = that->bit_depth = 16; 7373 7374 this->next->mod(this->next, that, pp, display); 7375 } 7376 7377 static int 7378 image_transform_png_set_expand_16_add(image_transform *this, 7379 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7380 { 7381 UNUSED(colour_type) 7382 7383 this->next = *that; 7384 *that = this; 7385 7386 /* expand_16 does something unless the bit depth is already 16. */ 7387 return bit_depth < 16; 7388 } 7389 7390 IT(expand_16); 7391 #undef PT 7392 #define PT ITSTRUCT(expand_16) 7393 #endif /* PNG_READ_EXPAND_16_SUPPORTED */ 7394 7395 #ifdef PNG_READ_SCALE_16_TO_8_SUPPORTED /* API added in 1.5.4 */ 7396 /* png_set_scale_16 */ 7397 static void 7398 image_transform_png_set_scale_16_set(const image_transform *this, 7399 transform_display *that, png_structp pp, png_infop pi) 7400 { 7401 png_set_scale_16(pp); 7402 # if PNG_LIBPNG_VER < 10700 7403 /* libpng will limit the gamma table size: */ 7404 that->max_gamma_8 = PNG_MAX_GAMMA_8; 7405 # endif 7406 this->next->set(this->next, that, pp, pi); 7407 } 7408 7409 static void 7410 image_transform_png_set_scale_16_mod(const image_transform *this, 7411 image_pixel *that, png_const_structp pp, 7412 const transform_display *display) 7413 { 7414 if (that->bit_depth == 16) 7415 { 7416 that->sample_depth = that->bit_depth = 8; 7417 if (that->red_sBIT > 8) that->red_sBIT = 8; 7418 if (that->green_sBIT > 8) that->green_sBIT = 8; 7419 if (that->blue_sBIT > 8) that->blue_sBIT = 8; 7420 if (that->alpha_sBIT > 8) that->alpha_sBIT = 8; 7421 } 7422 7423 this->next->mod(this->next, that, pp, display); 7424 } 7425 7426 static int 7427 image_transform_png_set_scale_16_add(image_transform *this, 7428 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7429 { 7430 UNUSED(colour_type) 7431 7432 this->next = *that; 7433 *that = this; 7434 7435 return bit_depth > 8; 7436 } 7437 7438 IT(scale_16); 7439 #undef PT 7440 #define PT ITSTRUCT(scale_16) 7441 #endif /* PNG_READ_SCALE_16_TO_8_SUPPORTED (1.5.4 on) */ 7442 7443 #ifdef PNG_READ_16_TO_8_SUPPORTED /* the default before 1.5.4 */ 7444 /* png_set_strip_16 */ 7445 static void 7446 image_transform_png_set_strip_16_set(const image_transform *this, 7447 transform_display *that, png_structp pp, png_infop pi) 7448 { 7449 png_set_strip_16(pp); 7450 # if PNG_LIBPNG_VER < 10700 7451 /* libpng will limit the gamma table size: */ 7452 that->max_gamma_8 = PNG_MAX_GAMMA_8; 7453 # endif 7454 this->next->set(this->next, that, pp, pi); 7455 } 7456 7457 static void 7458 image_transform_png_set_strip_16_mod(const image_transform *this, 7459 image_pixel *that, png_const_structp pp, 7460 const transform_display *display) 7461 { 7462 if (that->bit_depth == 16) 7463 { 7464 that->sample_depth = that->bit_depth = 8; 7465 if (that->red_sBIT > 8) that->red_sBIT = 8; 7466 if (that->green_sBIT > 8) that->green_sBIT = 8; 7467 if (that->blue_sBIT > 8) that->blue_sBIT = 8; 7468 if (that->alpha_sBIT > 8) that->alpha_sBIT = 8; 7469 7470 /* Prior to 1.5.4 png_set_strip_16 would use an 'accurate' method if this 7471 * configuration option is set. From 1.5.4 the flag is never set and the 7472 * 'scale' API (above) must be used. 7473 */ 7474 # ifdef PNG_READ_ACCURATE_SCALE_SUPPORTED 7475 # if PNG_LIBPNG_VER >= 10504 7476 # error PNG_READ_ACCURATE_SCALE should not be set 7477 # endif 7478 7479 /* The strip 16 algorithm drops the low 8 bits rather than calculating 7480 * 1/257, so we need to adjust the permitted errors appropriately: 7481 * Notice that this is only relevant prior to the addition of the 7482 * png_set_scale_16 API in 1.5.4 (but 1.5.4+ always defines the above!) 7483 */ 7484 { 7485 const double d = (255-128.5)/65535; 7486 that->rede += d; 7487 that->greene += d; 7488 that->bluee += d; 7489 that->alphae += d; 7490 } 7491 # endif 7492 } 7493 7494 this->next->mod(this->next, that, pp, display); 7495 } 7496 7497 static int 7498 image_transform_png_set_strip_16_add(image_transform *this, 7499 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7500 { 7501 UNUSED(colour_type) 7502 7503 this->next = *that; 7504 *that = this; 7505 7506 return bit_depth > 8; 7507 } 7508 7509 IT(strip_16); 7510 #undef PT 7511 #define PT ITSTRUCT(strip_16) 7512 #endif /* PNG_READ_16_TO_8_SUPPORTED */ 7513 7514 #ifdef PNG_READ_STRIP_ALPHA_SUPPORTED 7515 /* png_set_strip_alpha */ 7516 static void 7517 image_transform_png_set_strip_alpha_set(const image_transform *this, 7518 transform_display *that, png_structp pp, png_infop pi) 7519 { 7520 png_set_strip_alpha(pp); 7521 this->next->set(this->next, that, pp, pi); 7522 } 7523 7524 static void 7525 image_transform_png_set_strip_alpha_mod(const image_transform *this, 7526 image_pixel *that, png_const_structp pp, 7527 const transform_display *display) 7528 { 7529 if (that->colour_type == PNG_COLOR_TYPE_GRAY_ALPHA) 7530 that->colour_type = PNG_COLOR_TYPE_GRAY; 7531 else if (that->colour_type == PNG_COLOR_TYPE_RGB_ALPHA) 7532 that->colour_type = PNG_COLOR_TYPE_RGB; 7533 7534 that->have_tRNS = 0; 7535 that->alphaf = 1; 7536 7537 this->next->mod(this->next, that, pp, display); 7538 } 7539 7540 static int 7541 image_transform_png_set_strip_alpha_add(image_transform *this, 7542 const image_transform **that, png_byte colour_type, png_byte bit_depth) 7543 { 7544 UNUSED(bit_depth) 7545 7546 this->next = *that; 7547 *that = this; 7548 7549 return (colour_type & PNG_COLOR_MASK_ALPHA) != 0; 7550 } 7551 7552 IT(strip_alpha); 7553 #undef PT 7554 #define PT ITSTRUCT(strip_alpha) 7555 #endif /* PNG_READ_STRIP_ALPHA_SUPPORTED */ 7556 7557 #ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED 7558 /* png_set_rgb_to_gray(png_structp, int err_action, double red, double green) 7559 * png_set_rgb_to_gray_fixed(png_structp, int err_action, png_fixed_point red, 7560 * png_fixed_point green) 7561 * png_get_rgb_to_gray_status 7562 * 7563 * The 'default' test here uses values known to be used inside libpng prior to 7564 * 1.7.0: 7565 * 7566 * red: 6968 7567 * green: 23434 7568 * blue: 2366 7569 * 7570 * These values are being retained for compatibility, along with the somewhat 7571 * broken truncation calculation in the fast-and-inaccurate code path. Older 7572 * versions of libpng will fail the accuracy tests below because they use the 7573 * truncation algorithm everywhere. 7574 */ 7575 #define data ITDATA(rgb_to_gray) 7576 static struct 7577 { 7578 double gamma; /* File gamma to use in processing */ 7579 7580 /* The following are the parameters for png_set_rgb_to_gray: */ 7581 # ifdef PNG_FLOATING_POINT_SUPPORTED 7582 double red_to_set; 7583 double green_to_set; 7584 # else 7585 png_fixed_point red_to_set; 7586 png_fixed_point green_to_set; 7587 # endif 7588 7589 /* The actual coefficients: */ 7590 double red_coefficient; 7591 double green_coefficient; 7592 double blue_coefficient; 7593 7594 /* Set if the coeefficients have been overridden. */ 7595 int coefficients_overridden; 7596 } data; 7597 7598 #undef image_transform_ini 7599 #define image_transform_ini image_transform_png_set_rgb_to_gray_ini 7600 static void 7601 image_transform_png_set_rgb_to_gray_ini(const image_transform *this, 7602 transform_display *that) 7603 { 7604 png_modifier *pm = that->pm; 7605 const color_encoding *e = pm->current_encoding; 7606 7607 UNUSED(this) 7608 7609 /* Since we check the encoding this flag must be set: */ 7610 pm->test_uses_encoding = 1; 7611 7612 /* If 'e' is not NULL chromaticity information is present and either a cHRM 7613 * or an sRGB chunk will be inserted. 7614 */ 7615 if (e != 0) 7616 { 7617 /* Coefficients come from the encoding, but may need to be normalized to a 7618 * white point Y of 1.0 7619 */ 7620 const double whiteY = e->red.Y + e->green.Y + e->blue.Y; 7621 7622 data.red_coefficient = e->red.Y; 7623 data.green_coefficient = e->green.Y; 7624 data.blue_coefficient = e->blue.Y; 7625 7626 if (whiteY != 1) 7627 { 7628 data.red_coefficient /= whiteY; 7629 data.green_coefficient /= whiteY; 7630 data.blue_coefficient /= whiteY; 7631 } 7632 } 7633 7634 else 7635 { 7636 /* The default (built in) coeffcients, as above: */ 7637 # if PNG_LIBPNG_VER < 10700 7638 data.red_coefficient = 6968 / 32768.; 7639 data.green_coefficient = 23434 / 32768.; 7640 data.blue_coefficient = 2366 / 32768.; 7641 # else 7642 data.red_coefficient = .2126; 7643 data.green_coefficient = .7152; 7644 data.blue_coefficient = .0722; 7645 # endif 7646 } 7647 7648 data.gamma = pm->current_gamma; 7649 7650 /* If not set then the calculations assume linear encoding (implicitly): */ 7651 if (data.gamma == 0) 7652 data.gamma = 1; 7653 7654 /* The arguments to png_set_rgb_to_gray can override the coefficients implied 7655 * by the color space encoding. If doing exhaustive checks do the override 7656 * in each case, otherwise do it randomly. 7657 */ 7658 if (pm->test_exhaustive) 7659 { 7660 /* First time in coefficients_overridden is 0, the following sets it to 1, 7661 * so repeat if it is set. If a test fails this may mean we subsequently 7662 * skip a non-override test, ignore that. 7663 */ 7664 data.coefficients_overridden = !data.coefficients_overridden; 7665 pm->repeat = data.coefficients_overridden != 0; 7666 } 7667 7668 else 7669 data.coefficients_overridden = random_choice(); 7670 7671 if (data.coefficients_overridden) 7672 { 7673 /* These values override the color encoding defaults, simply use random 7674 * numbers. 7675 */ 7676 png_uint_32 ru; 7677 double total; 7678 7679 ru = random_u32(); 7680 data.green_coefficient = total = (ru & 0xffff) / 65535.; 7681 ru >>= 16; 7682 data.red_coefficient = (1 - total) * (ru & 0xffff) / 65535.; 7683 total += data.red_coefficient; 7684 data.blue_coefficient = 1 - total; 7685 7686 # ifdef PNG_FLOATING_POINT_SUPPORTED 7687 data.red_to_set = data.red_coefficient; 7688 data.green_to_set = data.green_coefficient; 7689 # else 7690 data.red_to_set = fix(data.red_coefficient); 7691 data.green_to_set = fix(data.green_coefficient); 7692 # endif 7693 7694 /* The following just changes the error messages: */ 7695 pm->encoding_ignored = 1; 7696 } 7697 7698 else 7699 { 7700 data.red_to_set = -1; 7701 data.green_to_set = -1; 7702 } 7703 7704 /* Adjust the error limit in the png_modifier because of the larger errors 7705 * produced in the digitization during the gamma handling. 7706 */ 7707 if (data.gamma != 1) /* Use gamma tables */ 7708 { 7709 if (that->this.bit_depth == 16 || pm->assume_16_bit_calculations) 7710 { 7711 /* The computations have the form: 7712 * 7713 * r * rc + g * gc + b * bc 7714 * 7715 * Each component of which is +/-1/65535 from the gamma_to_1 table 7716 * lookup, resulting in a base error of +/-6. The gamma_from_1 7717 * conversion adds another +/-2 in the 16-bit case and 7718 * +/-(1<<(15-PNG_MAX_GAMMA_8)) in the 8-bit case. 7719 */ 7720 # if PNG_LIBPNG_VER < 10700 7721 if (that->this.bit_depth < 16) 7722 that->max_gamma_8 = PNG_MAX_GAMMA_8; 7723 # endif 7724 that->pm->limit += pow( 7725 (that->this.bit_depth == 16 || that->max_gamma_8 > 14 ? 7726 8. : 7727 6. + (1<<(15-that->max_gamma_8)) 7728 )/65535, data.gamma); 7729 } 7730 7731 else 7732 { 7733 /* Rounding to 8 bits in the linear space causes massive errors which 7734 * will trigger the error check in transform_range_check. Fix that 7735 * here by taking the gamma encoding into account. 7736 * 7737 * When DIGITIZE is set because a pre-1.7 version of libpng is being 7738 * tested allow a bigger slack. 7739 * 7740 * NOTE: this number only affects the internal limit check in pngvalid, 7741 * it has no effect on the limits applied to the libpng values. 7742 */ 7743 that->pm->limit += pow( 7744 # if DIGITIZE 7745 2.0 7746 # else 7747 1.0 7748 # endif 7749 /255, data.gamma); 7750 } 7751 } 7752 7753 else 7754 { 7755 /* With no gamma correction a large error comes from the truncation of the 7756 * calculation in the 8 bit case, allow for that here. 7757 */ 7758 if (that->this.bit_depth != 16 && !pm->assume_16_bit_calculations) 7759 that->pm->limit += 4E-3; 7760 } 7761 } 7762 7763 static void 7764 image_transform_png_set_rgb_to_gray_set(const image_transform *this, 7765 transform_display *that, png_structp pp, png_infop pi) 7766 { 7767 const int error_action = 1; /* no error, no defines in png.h */ 7768 7769 # ifdef PNG_FLOATING_POINT_SUPPORTED 7770 png_set_rgb_to_gray(pp, error_action, data.red_to_set, data.green_to_set); 7771 # else 7772 png_set_rgb_to_gray_fixed(pp, error_action, data.red_to_set, 7773 data.green_to_set); 7774 # endif 7775 7776 # ifdef PNG_READ_cHRM_SUPPORTED 7777 if (that->pm->current_encoding != 0) 7778 { 7779 /* We have an encoding so a cHRM chunk may have been set; if so then 7780 * check that the libpng APIs give the correct (X,Y,Z) values within 7781 * some margin of error for the round trip through the chromaticity 7782 * form. 7783 */ 7784 # ifdef PNG_FLOATING_POINT_SUPPORTED 7785 # define API_function png_get_cHRM_XYZ 7786 # define API_form "FP" 7787 # define API_type double 7788 # define API_cvt(x) (x) 7789 # else 7790 # define API_function png_get_cHRM_XYZ_fixed 7791 # define API_form "fixed" 7792 # define API_type png_fixed_point 7793 # define API_cvt(x) ((double)(x)/PNG_FP_1) 7794 # endif 7795 7796 API_type rX, gX, bX; 7797 API_type rY, gY, bY; 7798 API_type rZ, gZ, bZ; 7799 7800 if ((API_function(pp, pi, &rX, &rY, &rZ, &gX, &gY, &gZ, &bX, &bY, &bZ) 7801 & PNG_INFO_cHRM) != 0) 7802 { 7803 double maxe; 7804 const char *el; 7805 color_encoding e, o; 7806 7807 /* Expect libpng to return a normalized result, but the original 7808 * color space encoding may not be normalized. 7809 */ 7810 modifier_current_encoding(that->pm, &o); 7811 normalize_color_encoding(&o); 7812 7813 /* Sanity check the pngvalid code - the coefficients should match 7814 * the normalized Y values of the encoding unless they were 7815 * overridden. 7816 */ 7817 if (data.red_to_set == -1 && data.green_to_set == -1 && 7818 (fabs(o.red.Y - data.red_coefficient) > DBL_EPSILON || 7819 fabs(o.green.Y - data.green_coefficient) > DBL_EPSILON || 7820 fabs(o.blue.Y - data.blue_coefficient) > DBL_EPSILON)) 7821 png_error(pp, "internal pngvalid cHRM coefficient error"); 7822 7823 /* Generate a colour space encoding. */ 7824 e.gamma = o.gamma; /* not used */ 7825 e.red.X = API_cvt(rX); 7826 e.red.Y = API_cvt(rY); 7827 e.red.Z = API_cvt(rZ); 7828 e.green.X = API_cvt(gX); 7829 e.green.Y = API_cvt(gY); 7830 e.green.Z = API_cvt(gZ); 7831 e.blue.X = API_cvt(bX); 7832 e.blue.Y = API_cvt(bY); 7833 e.blue.Z = API_cvt(bZ); 7834 7835 /* This should match the original one from the png_modifier, within 7836 * the range permitted by the libpng fixed point representation. 7837 */ 7838 maxe = 0; 7839 el = "-"; /* Set to element name with error */ 7840 7841 # define CHECK(col,x)\ 7842 {\ 7843 double err = fabs(o.col.x - e.col.x);\ 7844 if (err > maxe)\ 7845 {\ 7846 maxe = err;\ 7847 el = #col "(" #x ")";\ 7848 }\ 7849 } 7850 7851 CHECK(red,X) 7852 CHECK(red,Y) 7853 CHECK(red,Z) 7854 CHECK(green,X) 7855 CHECK(green,Y) 7856 CHECK(green,Z) 7857 CHECK(blue,X) 7858 CHECK(blue,Y) 7859 CHECK(blue,Z) 7860 7861 /* Here in both fixed and floating cases to check the values read 7862 * from the cHRm chunk. PNG uses fixed point in the cHRM chunk, so 7863 * we can't expect better than +/-.5E-5 on the result, allow 1E-5. 7864 */ 7865 if (maxe >= 1E-5) 7866 { 7867 size_t pos = 0; 7868 char buffer[256]; 7869 7870 pos = safecat(buffer, sizeof buffer, pos, API_form); 7871 pos = safecat(buffer, sizeof buffer, pos, " cHRM "); 7872 pos = safecat(buffer, sizeof buffer, pos, el); 7873 pos = safecat(buffer, sizeof buffer, pos, " error: "); 7874 pos = safecatd(buffer, sizeof buffer, pos, maxe, 7); 7875 pos = safecat(buffer, sizeof buffer, pos, " "); 7876 /* Print the color space without the gamma value: */ 7877 pos = safecat_color_encoding(buffer, sizeof buffer, pos, &o, 0); 7878 pos = safecat(buffer, sizeof buffer, pos, " -> "); 7879 pos = safecat_color_encoding(buffer, sizeof buffer, pos, &e, 0); 7880 7881 png_error(pp, buffer); 7882 } 7883 } 7884 } 7885 # endif /* READ_cHRM */ 7886 7887 this->next->set(this->next, that, pp, pi); 7888 } 7889 7890 static void 7891 image_transform_png_set_rgb_to_gray_mod(const image_transform *this, 7892 image_pixel *that, png_const_structp pp, 7893 const transform_display *display) 7894 { 7895 if ((that->colour_type & PNG_COLOR_MASK_COLOR) != 0) 7896 { 7897 double gray, err; 7898 7899 # if PNG_LIBPNG_VER < 10700 7900 if (that->colour_type == PNG_COLOR_TYPE_PALETTE) 7901 image_pixel_convert_PLTE(that); 7902 # endif 7903 7904 /* Image now has RGB channels... */ 7905 # if DIGITIZE 7906 { 7907 png_modifier *pm = display->pm; 7908 const unsigned int sample_depth = that->sample_depth; 7909 const unsigned int calc_depth = (pm->assume_16_bit_calculations ? 16 : 7910 sample_depth); 7911 const unsigned int gamma_depth = 7912 (sample_depth == 16 ? 7913 display->max_gamma_8 : 7914 (pm->assume_16_bit_calculations ? 7915 display->max_gamma_8 : 7916 sample_depth)); 7917 int isgray; 7918 double r, g, b; 7919 double rlo, rhi, glo, ghi, blo, bhi, graylo, grayhi; 7920 7921 /* Do this using interval arithmetic, otherwise it is too difficult to 7922 * handle the errors correctly. 7923 * 7924 * To handle the gamma correction work out the upper and lower bounds 7925 * of the digitized value. Assume rounding here - normally the values 7926 * will be identical after this operation if there is only one 7927 * transform, feel free to delete the png_error checks on this below in 7928 * the future (this is just me trying to ensure it works!) 7929 * 7930 * Interval arithmetic is exact, but to implement it it must be 7931 * possible to control the floating point implementation rounding mode. 7932 * This cannot be done in ANSI-C, so instead I reduce the 'lo' values 7933 * by DBL_EPSILON and increase the 'hi' values by the same. 7934 */ 7935 # define DD(v,d,r) (digitize(v*(1-DBL_EPSILON), d, r) * (1-DBL_EPSILON)) 7936 # define DU(v,d,r) (digitize(v*(1+DBL_EPSILON), d, r) * (1+DBL_EPSILON)) 7937 7938 r = rlo = rhi = that->redf; 7939 rlo -= that->rede; 7940 rlo = DD(rlo, calc_depth, 1/*round*/); 7941 rhi += that->rede; 7942 rhi = DU(rhi, calc_depth, 1/*round*/); 7943 7944 g = glo = ghi = that->greenf; 7945 glo -= that->greene; 7946 glo = DD(glo, calc_depth, 1/*round*/); 7947 ghi += that->greene; 7948 ghi = DU(ghi, calc_depth, 1/*round*/); 7949 7950 b = blo = bhi = that->bluef; 7951 blo -= that->bluee; 7952 blo = DD(blo, calc_depth, 1/*round*/); 7953 bhi += that->bluee; 7954 bhi = DU(bhi, calc_depth, 1/*round*/); 7955 7956 isgray = r==g && g==b; 7957 7958 if (data.gamma != 1) 7959 { 7960 const double power = 1/data.gamma; 7961 const double abse = .5/(sample_depth == 16 ? 65535 : 255); 7962 7963 /* If a gamma calculation is done it is done using lookup tables of 7964 * precision gamma_depth, so the already digitized value above may 7965 * need to be further digitized here. 7966 */ 7967 if (gamma_depth != calc_depth) 7968 { 7969 rlo = DD(rlo, gamma_depth, 0/*truncate*/); 7970 rhi = DU(rhi, gamma_depth, 0/*truncate*/); 7971 glo = DD(glo, gamma_depth, 0/*truncate*/); 7972 ghi = DU(ghi, gamma_depth, 0/*truncate*/); 7973 blo = DD(blo, gamma_depth, 0/*truncate*/); 7974 bhi = DU(bhi, gamma_depth, 0/*truncate*/); 7975 } 7976 7977 /* 'abse' is the error in the gamma table calculation itself. */ 7978 r = pow(r, power); 7979 rlo = DD(pow(rlo, power)-abse, calc_depth, 1); 7980 rhi = DU(pow(rhi, power)+abse, calc_depth, 1); 7981 7982 g = pow(g, power); 7983 glo = DD(pow(glo, power)-abse, calc_depth, 1); 7984 ghi = DU(pow(ghi, power)+abse, calc_depth, 1); 7985 7986 b = pow(b, power); 7987 blo = DD(pow(blo, power)-abse, calc_depth, 1); 7988 bhi = DU(pow(bhi, power)+abse, calc_depth, 1); 7989 } 7990 7991 /* Now calculate the actual gray values. Although the error in the 7992 * coefficients depends on whether they were specified on the command 7993 * line (in which case truncation to 15 bits happened) or not (rounding 7994 * was used) the maxium error in an individual coefficient is always 7995 * 2/32768, because even in the rounding case the requirement that 7996 * coefficients add up to 32768 can cause a larger rounding error. 7997 * 7998 * The only time when rounding doesn't occur in 1.5.5 and later is when 7999 * the non-gamma code path is used for less than 16 bit data. 8000 */ 8001 gray = r * data.red_coefficient + g * data.green_coefficient + 8002 b * data.blue_coefficient; 8003 8004 { 8005 const int do_round = data.gamma != 1 || calc_depth == 16; 8006 const double ce = 2. / 32768; 8007 8008 graylo = DD(rlo * (data.red_coefficient-ce) + 8009 glo * (data.green_coefficient-ce) + 8010 blo * (data.blue_coefficient-ce), calc_depth, do_round); 8011 if (graylo > gray) /* always accept the right answer */ 8012 graylo = gray; 8013 8014 grayhi = DU(rhi * (data.red_coefficient+ce) + 8015 ghi * (data.green_coefficient+ce) + 8016 bhi * (data.blue_coefficient+ce), calc_depth, do_round); 8017 if (grayhi < gray) 8018 grayhi = gray; 8019 } 8020 8021 /* And invert the gamma. */ 8022 if (data.gamma != 1) 8023 { 8024 const double power = data.gamma; 8025 8026 /* And this happens yet again, shifting the values once more. */ 8027 if (gamma_depth != sample_depth) 8028 { 8029 rlo = DD(rlo, gamma_depth, 0/*truncate*/); 8030 rhi = DU(rhi, gamma_depth, 0/*truncate*/); 8031 glo = DD(glo, gamma_depth, 0/*truncate*/); 8032 ghi = DU(ghi, gamma_depth, 0/*truncate*/); 8033 blo = DD(blo, gamma_depth, 0/*truncate*/); 8034 bhi = DU(bhi, gamma_depth, 0/*truncate*/); 8035 } 8036 8037 gray = pow(gray, power); 8038 graylo = DD(pow(graylo, power), sample_depth, 1); 8039 grayhi = DU(pow(grayhi, power), sample_depth, 1); 8040 } 8041 8042 # undef DD 8043 # undef DU 8044 8045 /* Now the error can be calculated. 8046 * 8047 * If r==g==b because there is no overall gamma correction libpng 8048 * currently preserves the original value. 8049 */ 8050 if (isgray) 8051 err = (that->rede + that->greene + that->bluee)/3; 8052 8053 else 8054 { 8055 err = fabs(grayhi-gray); 8056 8057 if (fabs(gray - graylo) > err) 8058 err = fabs(graylo-gray); 8059 8060 #if !RELEASE_BUILD 8061 /* Check that this worked: */ 8062 if (err > pm->limit) 8063 { 8064 size_t pos = 0; 8065 char buffer[128]; 8066 8067 pos = safecat(buffer, sizeof buffer, pos, "rgb_to_gray error "); 8068 pos = safecatd(buffer, sizeof buffer, pos, err, 6); 8069 pos = safecat(buffer, sizeof buffer, pos, " exceeds limit "); 8070 pos = safecatd(buffer, sizeof buffer, pos, pm->limit, 6); 8071 png_warning(pp, buffer); 8072 pm->limit = err; 8073 } 8074 #endif /* !RELEASE_BUILD */ 8075 } 8076 } 8077 # else /* !DIGITIZE */ 8078 { 8079 double r = that->redf; 8080 double re = that->rede; 8081 double g = that->greenf; 8082 double ge = that->greene; 8083 double b = that->bluef; 8084 double be = that->bluee; 8085 8086 # if PNG_LIBPNG_VER < 10700 8087 /* The true gray case involves no math in earlier versions (not 8088 * true, there was some if gamma correction was happening too.) 8089 */ 8090 if (r == g && r == b) 8091 { 8092 gray = r; 8093 err = re; 8094 if (err < ge) err = ge; 8095 if (err < be) err = be; 8096 } 8097 8098 else 8099 # endif /* before 1.7 */ 8100 if (data.gamma == 1) 8101 { 8102 /* There is no need to do the conversions to and from linear space, 8103 * so the calculation should be a lot more accurate. There is a 8104 * built in error in the coefficients because they only have 15 bits 8105 * and are adjusted to make sure they add up to 32768. This 8106 * involves a integer calculation with truncation of the form: 8107 * 8108 * ((int)(coefficient * 100000) * 32768)/100000 8109 * 8110 * This is done to the red and green coefficients (the ones 8111 * provided to the API) then blue is calculated from them so the 8112 * result adds up to 32768. In the worst case this can result in 8113 * a -1 error in red and green and a +2 error in blue. Consequently 8114 * the worst case in the calculation below is 2/32768 error. 8115 * 8116 * TODO: consider fixing this in libpng by rounding the calculation 8117 * limiting the error to 1/32768. 8118 * 8119 * Handling this by adding 2/32768 here avoids needing to increase 8120 * the global error limits to take this into account.) 8121 */ 8122 gray = r * data.red_coefficient + g * data.green_coefficient + 8123 b * data.blue_coefficient; 8124 err = re * data.red_coefficient + ge * data.green_coefficient + 8125 be * data.blue_coefficient + 2./32768 + gray * 5 * DBL_EPSILON; 8126 } 8127 8128 else 8129 { 8130 /* The calculation happens in linear space, and this produces much 8131 * wider errors in the encoded space. These are handled here by 8132 * factoring the errors in to the calculation. There are two table 8133 * lookups in the calculation and each introduces a quantization 8134 * error defined by the table size. 8135 */ 8136 png_modifier *pm = display->pm; 8137 double in_qe = (that->sample_depth > 8 ? .5/65535 : .5/255); 8138 double out_qe = (that->sample_depth > 8 ? .5/65535 : 8139 (pm->assume_16_bit_calculations ? .5/(1<<display->max_gamma_8) : 8140 .5/255)); 8141 double rhi, ghi, bhi, grayhi; 8142 double g1 = 1/data.gamma; 8143 8144 rhi = r + re + in_qe; if (rhi > 1) rhi = 1; 8145 r -= re + in_qe; if (r < 0) r = 0; 8146 ghi = g + ge + in_qe; if (ghi > 1) ghi = 1; 8147 g -= ge + in_qe; if (g < 0) g = 0; 8148 bhi = b + be + in_qe; if (bhi > 1) bhi = 1; 8149 b -= be + in_qe; if (b < 0) b = 0; 8150 8151 r = pow(r, g1)*(1-DBL_EPSILON); rhi = pow(rhi, g1)*(1+DBL_EPSILON); 8152 g = pow(g, g1)*(1-DBL_EPSILON); ghi = pow(ghi, g1)*(1+DBL_EPSILON); 8153 b = pow(b, g1)*(1-DBL_EPSILON); bhi = pow(bhi, g1)*(1+DBL_EPSILON); 8154 8155 /* Work out the lower and upper bounds for the gray value in the 8156 * encoded space, then work out an average and error. Remove the 8157 * previously added input quantization error at this point. 8158 */ 8159 gray = r * data.red_coefficient + g * data.green_coefficient + 8160 b * data.blue_coefficient - 2./32768 - out_qe; 8161 if (gray <= 0) 8162 gray = 0; 8163 else 8164 { 8165 gray *= (1 - 6 * DBL_EPSILON); 8166 gray = pow(gray, data.gamma) * (1-DBL_EPSILON); 8167 } 8168 8169 grayhi = rhi * data.red_coefficient + ghi * data.green_coefficient + 8170 bhi * data.blue_coefficient + 2./32768 + out_qe; 8171 grayhi *= (1 + 6 * DBL_EPSILON); 8172 if (grayhi >= 1) 8173 grayhi = 1; 8174 else 8175 grayhi = pow(grayhi, data.gamma) * (1+DBL_EPSILON); 8176 8177 err = (grayhi - gray) / 2; 8178 gray = (grayhi + gray) / 2; 8179 8180 if (err <= in_qe) 8181 err = gray * DBL_EPSILON; 8182 8183 else 8184 err -= in_qe; 8185 8186 #if !RELEASE_BUILD 8187 /* Validate that the error is within limits (this has caused 8188 * problems before, it's much easier to detect them here.) 8189 */ 8190 if (err > pm->limit) 8191 { 8192 size_t pos = 0; 8193 char buffer[128]; 8194 8195 pos = safecat(buffer, sizeof buffer, pos, "rgb_to_gray error "); 8196 pos = safecatd(buffer, sizeof buffer, pos, err, 6); 8197 pos = safecat(buffer, sizeof buffer, pos, " exceeds limit "); 8198 pos = safecatd(buffer, sizeof buffer, pos, pm->limit, 6); 8199 png_warning(pp, buffer); 8200 pm->limit = err; 8201 } 8202 #endif /* !RELEASE_BUILD */ 8203 } 8204 } 8205 # endif /* !DIGITIZE */ 8206 8207 that->bluef = that->greenf = that->redf = gray; 8208 that->bluee = that->greene = that->rede = err; 8209 8210 /* The sBIT is the minium of the three colour channel sBITs. */ 8211 if (that->red_sBIT > that->green_sBIT) 8212 that->red_sBIT = that->green_sBIT; 8213 if (that->red_sBIT > that->blue_sBIT) 8214 that->red_sBIT = that->blue_sBIT; 8215 that->blue_sBIT = that->green_sBIT = that->red_sBIT; 8216 8217 /* And remove the colour bit in the type: */ 8218 if (that->colour_type == PNG_COLOR_TYPE_RGB) 8219 that->colour_type = PNG_COLOR_TYPE_GRAY; 8220 else if (that->colour_type == PNG_COLOR_TYPE_RGB_ALPHA) 8221 that->colour_type = PNG_COLOR_TYPE_GRAY_ALPHA; 8222 } 8223 8224 this->next->mod(this->next, that, pp, display); 8225 } 8226 8227 static int 8228 image_transform_png_set_rgb_to_gray_add(image_transform *this, 8229 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8230 { 8231 UNUSED(bit_depth) 8232 8233 this->next = *that; 8234 *that = this; 8235 8236 return (colour_type & PNG_COLOR_MASK_COLOR) != 0; 8237 } 8238 8239 #undef data 8240 IT(rgb_to_gray); 8241 #undef PT 8242 #define PT ITSTRUCT(rgb_to_gray) 8243 #undef image_transform_ini 8244 #define image_transform_ini image_transform_default_ini 8245 #endif /* PNG_READ_RGB_TO_GRAY_SUPPORTED */ 8246 8247 #ifdef PNG_READ_BACKGROUND_SUPPORTED 8248 /* png_set_background(png_structp, png_const_color_16p background_color, 8249 * int background_gamma_code, int need_expand, double background_gamma) 8250 * png_set_background_fixed(png_structp, png_const_color_16p background_color, 8251 * int background_gamma_code, int need_expand, 8252 * png_fixed_point background_gamma) 8253 * 8254 * This ignores the gamma (at present.) 8255 */ 8256 #define data ITDATA(background) 8257 static image_pixel data; 8258 8259 static void 8260 image_transform_png_set_background_set(const image_transform *this, 8261 transform_display *that, png_structp pp, png_infop pi) 8262 { 8263 png_byte colour_type, bit_depth; 8264 png_byte random_bytes[8]; /* 8 bytes - 64 bits - the biggest pixel */ 8265 int expand; 8266 png_color_16 back; 8267 8268 /* We need a background colour, because we don't know exactly what transforms 8269 * have been set we have to supply the colour in the original file format and 8270 * so we need to know what that is! The background colour is stored in the 8271 * transform_display. 8272 */ 8273 R8(random_bytes); 8274 8275 /* Read the random value, for colour type 3 the background colour is actually 8276 * expressed as a 24bit rgb, not an index. 8277 */ 8278 colour_type = that->this.colour_type; 8279 if (colour_type == 3) 8280 { 8281 colour_type = PNG_COLOR_TYPE_RGB; 8282 bit_depth = 8; 8283 expand = 0; /* passing in an RGB not a pixel index */ 8284 } 8285 8286 else 8287 { 8288 if (that->this.has_tRNS) 8289 that->this.is_transparent = 1; 8290 8291 bit_depth = that->this.bit_depth; 8292 expand = 1; 8293 } 8294 8295 image_pixel_init(&data, random_bytes, colour_type, 8296 bit_depth, 0/*x*/, 0/*unused: palette*/, NULL/*format*/); 8297 8298 /* Extract the background colour from this image_pixel, but make sure the 8299 * unused fields of 'back' are garbage. 8300 */ 8301 R8(back); 8302 8303 if (colour_type & PNG_COLOR_MASK_COLOR) 8304 { 8305 back.red = (png_uint_16)data.red; 8306 back.green = (png_uint_16)data.green; 8307 back.blue = (png_uint_16)data.blue; 8308 } 8309 8310 else 8311 back.gray = (png_uint_16)data.red; 8312 8313 #ifdef PNG_FLOATING_POINT_SUPPORTED 8314 png_set_background(pp, &back, PNG_BACKGROUND_GAMMA_FILE, expand, 0); 8315 #else 8316 png_set_background_fixed(pp, &back, PNG_BACKGROUND_GAMMA_FILE, expand, 0); 8317 #endif 8318 8319 this->next->set(this->next, that, pp, pi); 8320 } 8321 8322 static void 8323 image_transform_png_set_background_mod(const image_transform *this, 8324 image_pixel *that, png_const_structp pp, 8325 const transform_display *display) 8326 { 8327 /* Check for tRNS first: */ 8328 if (that->have_tRNS && that->colour_type != PNG_COLOR_TYPE_PALETTE) 8329 image_pixel_add_alpha(that, &display->this, 1/*for background*/); 8330 8331 /* This is only necessary if the alpha value is less than 1. */ 8332 if (that->alphaf < 1) 8333 { 8334 /* Now we do the background calculation without any gamma correction. */ 8335 if (that->alphaf <= 0) 8336 { 8337 that->redf = data.redf; 8338 that->greenf = data.greenf; 8339 that->bluef = data.bluef; 8340 8341 that->rede = data.rede; 8342 that->greene = data.greene; 8343 that->bluee = data.bluee; 8344 8345 that->red_sBIT= data.red_sBIT; 8346 that->green_sBIT= data.green_sBIT; 8347 that->blue_sBIT= data.blue_sBIT; 8348 } 8349 8350 else /* 0 < alpha < 1 */ 8351 { 8352 double alf = 1 - that->alphaf; 8353 8354 that->redf = that->redf * that->alphaf + data.redf * alf; 8355 that->rede = that->rede * that->alphaf + data.rede * alf + 8356 DBL_EPSILON; 8357 that->greenf = that->greenf * that->alphaf + data.greenf * alf; 8358 that->greene = that->greene * that->alphaf + data.greene * alf + 8359 DBL_EPSILON; 8360 that->bluef = that->bluef * that->alphaf + data.bluef * alf; 8361 that->bluee = that->bluee * that->alphaf + data.bluee * alf + 8362 DBL_EPSILON; 8363 } 8364 8365 /* Remove the alpha type and set the alpha (not in that order.) */ 8366 that->alphaf = 1; 8367 that->alphae = 0; 8368 } 8369 8370 if (that->colour_type == PNG_COLOR_TYPE_RGB_ALPHA) 8371 that->colour_type = PNG_COLOR_TYPE_RGB; 8372 else if (that->colour_type == PNG_COLOR_TYPE_GRAY_ALPHA) 8373 that->colour_type = PNG_COLOR_TYPE_GRAY; 8374 /* PNG_COLOR_TYPE_PALETTE is not changed */ 8375 8376 this->next->mod(this->next, that, pp, display); 8377 } 8378 8379 #define image_transform_png_set_background_add image_transform_default_add 8380 8381 #undef data 8382 IT(background); 8383 #undef PT 8384 #define PT ITSTRUCT(background) 8385 #endif /* PNG_READ_BACKGROUND_SUPPORTED */ 8386 8387 /* png_set_quantize(png_structp, png_colorp palette, int num_palette, 8388 * int maximum_colors, png_const_uint_16p histogram, int full_quantize) 8389 * 8390 * Very difficult to validate this! 8391 */ 8392 /*NOTE: TBD NYI */ 8393 8394 /* The data layout transforms are handled by swapping our own channel data, 8395 * necessarily these need to happen at the end of the transform list because the 8396 * semantic of the channels changes after these are executed. Some of these, 8397 * like set_shift and set_packing, can't be done at present because they change 8398 * the layout of the data at the sub-sample level so sample() won't get the 8399 * right answer. 8400 */ 8401 /* png_set_invert_alpha */ 8402 #ifdef PNG_READ_INVERT_ALPHA_SUPPORTED 8403 /* Invert the alpha channel 8404 * 8405 * png_set_invert_alpha(png_structrp png_ptr) 8406 */ 8407 static void 8408 image_transform_png_set_invert_alpha_set(const image_transform *this, 8409 transform_display *that, png_structp pp, png_infop pi) 8410 { 8411 png_set_invert_alpha(pp); 8412 this->next->set(this->next, that, pp, pi); 8413 } 8414 8415 static void 8416 image_transform_png_set_invert_alpha_mod(const image_transform *this, 8417 image_pixel *that, png_const_structp pp, 8418 const transform_display *display) 8419 { 8420 if (that->colour_type & 4) 8421 that->alpha_inverted = 1; 8422 8423 this->next->mod(this->next, that, pp, display); 8424 } 8425 8426 static int 8427 image_transform_png_set_invert_alpha_add(image_transform *this, 8428 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8429 { 8430 UNUSED(bit_depth) 8431 8432 this->next = *that; 8433 *that = this; 8434 8435 /* Only has an effect on pixels with alpha: */ 8436 return (colour_type & 4) != 0; 8437 } 8438 8439 IT(invert_alpha); 8440 #undef PT 8441 #define PT ITSTRUCT(invert_alpha) 8442 8443 #endif /* PNG_READ_INVERT_ALPHA_SUPPORTED */ 8444 8445 /* png_set_bgr */ 8446 #ifdef PNG_READ_BGR_SUPPORTED 8447 /* Swap R,G,B channels to order B,G,R. 8448 * 8449 * png_set_bgr(png_structrp png_ptr) 8450 * 8451 * This only has an effect on RGB and RGBA pixels. 8452 */ 8453 static void 8454 image_transform_png_set_bgr_set(const image_transform *this, 8455 transform_display *that, png_structp pp, png_infop pi) 8456 { 8457 png_set_bgr(pp); 8458 this->next->set(this->next, that, pp, pi); 8459 } 8460 8461 static void 8462 image_transform_png_set_bgr_mod(const image_transform *this, 8463 image_pixel *that, png_const_structp pp, 8464 const transform_display *display) 8465 { 8466 if (that->colour_type == PNG_COLOR_TYPE_RGB || 8467 that->colour_type == PNG_COLOR_TYPE_RGBA) 8468 that->swap_rgb = 1; 8469 8470 this->next->mod(this->next, that, pp, display); 8471 } 8472 8473 static int 8474 image_transform_png_set_bgr_add(image_transform *this, 8475 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8476 { 8477 UNUSED(bit_depth) 8478 8479 this->next = *that; 8480 *that = this; 8481 8482 return colour_type == PNG_COLOR_TYPE_RGB || 8483 colour_type == PNG_COLOR_TYPE_RGBA; 8484 } 8485 8486 IT(bgr); 8487 #undef PT 8488 #define PT ITSTRUCT(bgr) 8489 8490 #endif /* PNG_READ_BGR_SUPPORTED */ 8491 8492 /* png_set_swap_alpha */ 8493 #ifdef PNG_READ_SWAP_ALPHA_SUPPORTED 8494 /* Put the alpha channel first. 8495 * 8496 * png_set_swap_alpha(png_structrp png_ptr) 8497 * 8498 * This only has an effect on GA and RGBA pixels. 8499 */ 8500 static void 8501 image_transform_png_set_swap_alpha_set(const image_transform *this, 8502 transform_display *that, png_structp pp, png_infop pi) 8503 { 8504 png_set_swap_alpha(pp); 8505 this->next->set(this->next, that, pp, pi); 8506 } 8507 8508 static void 8509 image_transform_png_set_swap_alpha_mod(const image_transform *this, 8510 image_pixel *that, png_const_structp pp, 8511 const transform_display *display) 8512 { 8513 if (that->colour_type == PNG_COLOR_TYPE_GA || 8514 that->colour_type == PNG_COLOR_TYPE_RGBA) 8515 that->alpha_first = 1; 8516 8517 this->next->mod(this->next, that, pp, display); 8518 } 8519 8520 static int 8521 image_transform_png_set_swap_alpha_add(image_transform *this, 8522 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8523 { 8524 UNUSED(bit_depth) 8525 8526 this->next = *that; 8527 *that = this; 8528 8529 return colour_type == PNG_COLOR_TYPE_GA || 8530 colour_type == PNG_COLOR_TYPE_RGBA; 8531 } 8532 8533 IT(swap_alpha); 8534 #undef PT 8535 #define PT ITSTRUCT(swap_alpha) 8536 8537 #endif /* PNG_READ_SWAP_ALPHA_SUPPORTED */ 8538 8539 /* png_set_swap */ 8540 #ifdef PNG_READ_SWAP_SUPPORTED 8541 /* Byte swap 16-bit components. 8542 * 8543 * png_set_swap(png_structrp png_ptr) 8544 */ 8545 static void 8546 image_transform_png_set_swap_set(const image_transform *this, 8547 transform_display *that, png_structp pp, png_infop pi) 8548 { 8549 png_set_swap(pp); 8550 this->next->set(this->next, that, pp, pi); 8551 } 8552 8553 static void 8554 image_transform_png_set_swap_mod(const image_transform *this, 8555 image_pixel *that, png_const_structp pp, 8556 const transform_display *display) 8557 { 8558 if (that->bit_depth == 16) 8559 that->swap16 = 1; 8560 8561 this->next->mod(this->next, that, pp, display); 8562 } 8563 8564 static int 8565 image_transform_png_set_swap_add(image_transform *this, 8566 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8567 { 8568 UNUSED(colour_type) 8569 8570 this->next = *that; 8571 *that = this; 8572 8573 return bit_depth == 16; 8574 } 8575 8576 IT(swap); 8577 #undef PT 8578 #define PT ITSTRUCT(swap) 8579 8580 #endif /* PNG_READ_SWAP_SUPPORTED */ 8581 8582 #ifdef PNG_READ_FILLER_SUPPORTED 8583 /* Add a filler byte to 8-bit Gray or 24-bit RGB images. 8584 * 8585 * png_set_filler, (png_structp png_ptr, png_uint_32 filler, int flags)); 8586 * 8587 * Flags: 8588 * 8589 * PNG_FILLER_BEFORE 8590 * PNG_FILLER_AFTER 8591 */ 8592 #define data ITDATA(filler) 8593 static struct 8594 { 8595 png_uint_32 filler; 8596 int flags; 8597 } data; 8598 8599 static void 8600 image_transform_png_set_filler_set(const image_transform *this, 8601 transform_display *that, png_structp pp, png_infop pi) 8602 { 8603 /* Need a random choice for 'before' and 'after' as well as for the 8604 * filler. The 'filler' value has all 32 bits set, but only bit_depth 8605 * will be used. At this point we don't know bit_depth. 8606 */ 8607 data.filler = random_u32(); 8608 data.flags = random_choice(); 8609 8610 png_set_filler(pp, data.filler, data.flags); 8611 8612 /* The standard display handling stuff also needs to know that 8613 * there is a filler, so set that here. 8614 */ 8615 that->this.filler = 1; 8616 8617 this->next->set(this->next, that, pp, pi); 8618 } 8619 8620 static void 8621 image_transform_png_set_filler_mod(const image_transform *this, 8622 image_pixel *that, png_const_structp pp, 8623 const transform_display *display) 8624 { 8625 if (that->bit_depth >= 8 && 8626 (that->colour_type == PNG_COLOR_TYPE_RGB || 8627 that->colour_type == PNG_COLOR_TYPE_GRAY)) 8628 { 8629 const unsigned int max = (1U << that->bit_depth)-1; 8630 that->alpha = data.filler & max; 8631 that->alphaf = ((double)that->alpha) / max; 8632 that->alphae = 0; 8633 8634 /* The filler has been stored in the alpha channel, we must record 8635 * that this has been done for the checking later on, the color 8636 * type is faked to have an alpha channel, but libpng won't report 8637 * this; the app has to know the extra channel is there and this 8638 * was recording in standard_display::filler above. 8639 */ 8640 that->colour_type |= 4; /* alpha added */ 8641 that->alpha_first = data.flags == PNG_FILLER_BEFORE; 8642 } 8643 8644 this->next->mod(this->next, that, pp, display); 8645 } 8646 8647 static int 8648 image_transform_png_set_filler_add(image_transform *this, 8649 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8650 { 8651 this->next = *that; 8652 *that = this; 8653 8654 return bit_depth >= 8 && (colour_type == PNG_COLOR_TYPE_RGB || 8655 colour_type == PNG_COLOR_TYPE_GRAY); 8656 } 8657 8658 #undef data 8659 IT(filler); 8660 #undef PT 8661 #define PT ITSTRUCT(filler) 8662 8663 /* png_set_add_alpha, (png_structp png_ptr, png_uint_32 filler, int flags)); */ 8664 /* Add an alpha byte to 8-bit Gray or 24-bit RGB images. */ 8665 #define data ITDATA(add_alpha) 8666 static struct 8667 { 8668 png_uint_32 filler; 8669 int flags; 8670 } data; 8671 8672 static void 8673 image_transform_png_set_add_alpha_set(const image_transform *this, 8674 transform_display *that, png_structp pp, png_infop pi) 8675 { 8676 /* Need a random choice for 'before' and 'after' as well as for the 8677 * filler. The 'filler' value has all 32 bits set, but only bit_depth 8678 * will be used. At this point we don't know bit_depth. 8679 */ 8680 data.filler = random_u32(); 8681 data.flags = random_choice(); 8682 8683 png_set_add_alpha(pp, data.filler, data.flags); 8684 this->next->set(this->next, that, pp, pi); 8685 } 8686 8687 static void 8688 image_transform_png_set_add_alpha_mod(const image_transform *this, 8689 image_pixel *that, png_const_structp pp, 8690 const transform_display *display) 8691 { 8692 if (that->bit_depth >= 8 && 8693 (that->colour_type == PNG_COLOR_TYPE_RGB || 8694 that->colour_type == PNG_COLOR_TYPE_GRAY)) 8695 { 8696 const unsigned int max = (1U << that->bit_depth)-1; 8697 that->alpha = data.filler & max; 8698 that->alphaf = ((double)that->alpha) / max; 8699 that->alphae = 0; 8700 8701 that->colour_type |= 4; /* alpha added */ 8702 that->alpha_first = data.flags == PNG_FILLER_BEFORE; 8703 } 8704 8705 this->next->mod(this->next, that, pp, display); 8706 } 8707 8708 static int 8709 image_transform_png_set_add_alpha_add(image_transform *this, 8710 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8711 { 8712 this->next = *that; 8713 *that = this; 8714 8715 return bit_depth >= 8 && (colour_type == PNG_COLOR_TYPE_RGB || 8716 colour_type == PNG_COLOR_TYPE_GRAY); 8717 } 8718 8719 #undef data 8720 IT(add_alpha); 8721 #undef PT 8722 #define PT ITSTRUCT(add_alpha) 8723 8724 #endif /* PNG_READ_FILLER_SUPPORTED */ 8725 8726 /* png_set_packing */ 8727 #ifdef PNG_READ_PACK_SUPPORTED 8728 /* Use 1 byte per pixel in 1, 2, or 4-bit depth files. 8729 * 8730 * png_set_packing(png_structrp png_ptr) 8731 * 8732 * This should only affect grayscale and palette images with less than 8 bits 8733 * per pixel. 8734 */ 8735 static void 8736 image_transform_png_set_packing_set(const image_transform *this, 8737 transform_display *that, png_structp pp, png_infop pi) 8738 { 8739 png_set_packing(pp); 8740 that->unpacked = 1; 8741 this->next->set(this->next, that, pp, pi); 8742 } 8743 8744 static void 8745 image_transform_png_set_packing_mod(const image_transform *this, 8746 image_pixel *that, png_const_structp pp, 8747 const transform_display *display) 8748 { 8749 /* The general expand case depends on what the colour type is, 8750 * low bit-depth pixel values are unpacked into bytes without 8751 * scaling, so sample_depth is not changed. 8752 */ 8753 if (that->bit_depth < 8) /* grayscale or palette */ 8754 that->bit_depth = 8; 8755 8756 this->next->mod(this->next, that, pp, display); 8757 } 8758 8759 static int 8760 image_transform_png_set_packing_add(image_transform *this, 8761 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8762 { 8763 UNUSED(colour_type) 8764 8765 this->next = *that; 8766 *that = this; 8767 8768 /* Nothing should happen unless the bit depth is less than 8: */ 8769 return bit_depth < 8; 8770 } 8771 8772 IT(packing); 8773 #undef PT 8774 #define PT ITSTRUCT(packing) 8775 8776 #endif /* PNG_READ_PACK_SUPPORTED */ 8777 8778 /* png_set_packswap */ 8779 #ifdef PNG_READ_PACKSWAP_SUPPORTED 8780 /* Swap pixels packed into bytes; reverses the order on screen so that 8781 * the high order bits correspond to the rightmost pixels. 8782 * 8783 * png_set_packswap(png_structrp png_ptr) 8784 */ 8785 static void 8786 image_transform_png_set_packswap_set(const image_transform *this, 8787 transform_display *that, png_structp pp, png_infop pi) 8788 { 8789 png_set_packswap(pp); 8790 that->this.littleendian = 1; 8791 this->next->set(this->next, that, pp, pi); 8792 } 8793 8794 static void 8795 image_transform_png_set_packswap_mod(const image_transform *this, 8796 image_pixel *that, png_const_structp pp, 8797 const transform_display *display) 8798 { 8799 if (that->bit_depth < 8) 8800 that->littleendian = 1; 8801 8802 this->next->mod(this->next, that, pp, display); 8803 } 8804 8805 static int 8806 image_transform_png_set_packswap_add(image_transform *this, 8807 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8808 { 8809 UNUSED(colour_type) 8810 8811 this->next = *that; 8812 *that = this; 8813 8814 return bit_depth < 8; 8815 } 8816 8817 IT(packswap); 8818 #undef PT 8819 #define PT ITSTRUCT(packswap) 8820 8821 #endif /* PNG_READ_PACKSWAP_SUPPORTED */ 8822 8823 8824 /* png_set_invert_mono */ 8825 #ifdef PNG_READ_INVERT_MONO_SUPPORTED 8826 /* Invert the gray channel 8827 * 8828 * png_set_invert_mono(png_structrp png_ptr) 8829 */ 8830 static void 8831 image_transform_png_set_invert_mono_set(const image_transform *this, 8832 transform_display *that, png_structp pp, png_infop pi) 8833 { 8834 png_set_invert_mono(pp); 8835 this->next->set(this->next, that, pp, pi); 8836 } 8837 8838 static void 8839 image_transform_png_set_invert_mono_mod(const image_transform *this, 8840 image_pixel *that, png_const_structp pp, 8841 const transform_display *display) 8842 { 8843 if (that->colour_type & 4) 8844 that->mono_inverted = 1; 8845 8846 this->next->mod(this->next, that, pp, display); 8847 } 8848 8849 static int 8850 image_transform_png_set_invert_mono_add(image_transform *this, 8851 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8852 { 8853 UNUSED(bit_depth) 8854 8855 this->next = *that; 8856 *that = this; 8857 8858 /* Only has an effect on pixels with no colour: */ 8859 return (colour_type & 2) == 0; 8860 } 8861 8862 IT(invert_mono); 8863 #undef PT 8864 #define PT ITSTRUCT(invert_mono) 8865 8866 #endif /* PNG_READ_INVERT_MONO_SUPPORTED */ 8867 8868 #ifdef PNG_READ_SHIFT_SUPPORTED 8869 /* png_set_shift(png_structp, png_const_color_8p true_bits) 8870 * 8871 * The output pixels will be shifted by the given true_bits 8872 * values. 8873 */ 8874 #define data ITDATA(shift) 8875 static png_color_8 data; 8876 8877 static void 8878 image_transform_png_set_shift_set(const image_transform *this, 8879 transform_display *that, png_structp pp, png_infop pi) 8880 { 8881 /* Get a random set of shifts. The shifts need to do something 8882 * to test the transform, so they are limited to the bit depth 8883 * of the input image. Notice that in the following the 'gray' 8884 * field is randomized independently. This acts as a check that 8885 * libpng does use the correct field. 8886 */ 8887 const unsigned int depth = that->this.bit_depth; 8888 8889 data.red = (png_byte)/*SAFE*/(random_mod(depth)+1); 8890 data.green = (png_byte)/*SAFE*/(random_mod(depth)+1); 8891 data.blue = (png_byte)/*SAFE*/(random_mod(depth)+1); 8892 data.gray = (png_byte)/*SAFE*/(random_mod(depth)+1); 8893 data.alpha = (png_byte)/*SAFE*/(random_mod(depth)+1); 8894 8895 png_set_shift(pp, &data); 8896 this->next->set(this->next, that, pp, pi); 8897 } 8898 8899 static void 8900 image_transform_png_set_shift_mod(const image_transform *this, 8901 image_pixel *that, png_const_structp pp, 8902 const transform_display *display) 8903 { 8904 /* Copy the correct values into the sBIT fields, libpng does not do 8905 * anything to palette data: 8906 */ 8907 if (that->colour_type != PNG_COLOR_TYPE_PALETTE) 8908 { 8909 that->sig_bits = 1; 8910 8911 /* The sBIT fields are reset to the values previously sent to 8912 * png_set_shift according to the colour type. 8913 * does. 8914 */ 8915 if (that->colour_type & 2) /* RGB channels */ 8916 { 8917 that->red_sBIT = data.red; 8918 that->green_sBIT = data.green; 8919 that->blue_sBIT = data.blue; 8920 } 8921 8922 else /* One grey channel */ 8923 that->red_sBIT = that->green_sBIT = that->blue_sBIT = data.gray; 8924 8925 that->alpha_sBIT = data.alpha; 8926 } 8927 8928 this->next->mod(this->next, that, pp, display); 8929 } 8930 8931 static int 8932 image_transform_png_set_shift_add(image_transform *this, 8933 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8934 { 8935 UNUSED(bit_depth) 8936 8937 this->next = *that; 8938 *that = this; 8939 8940 return colour_type != PNG_COLOR_TYPE_PALETTE; 8941 } 8942 8943 IT(shift); 8944 #undef PT 8945 #define PT ITSTRUCT(shift) 8946 8947 #endif /* PNG_READ_SHIFT_SUPPORTED */ 8948 8949 #ifdef THIS_IS_THE_PROFORMA 8950 static void 8951 image_transform_png_set_@_set(const image_transform *this, 8952 transform_display *that, png_structp pp, png_infop pi) 8953 { 8954 png_set_@(pp); 8955 this->next->set(this->next, that, pp, pi); 8956 } 8957 8958 static void 8959 image_transform_png_set_@_mod(const image_transform *this, 8960 image_pixel *that, png_const_structp pp, 8961 const transform_display *display) 8962 { 8963 this->next->mod(this->next, that, pp, display); 8964 } 8965 8966 static int 8967 image_transform_png_set_@_add(image_transform *this, 8968 const image_transform **that, png_byte colour_type, png_byte bit_depth) 8969 { 8970 this->next = *that; 8971 *that = this; 8972 8973 return 1; 8974 } 8975 8976 IT(@); 8977 #endif 8978 8979 8980 /* This may just be 'end' if all the transforms are disabled! */ 8981 static image_transform *const image_transform_first = &PT; 8982 8983 static void 8984 transform_enable(const char *name) 8985 { 8986 /* Everything starts out enabled, so if we see an 'enable' disabled 8987 * everything else the first time round. 8988 */ 8989 static int all_disabled = 0; 8990 int found_it = 0; 8991 image_transform *list = image_transform_first; 8992 8993 while (list != &image_transform_end) 8994 { 8995 if (strcmp(list->name, name) == 0) 8996 { 8997 list->enable = 1; 8998 found_it = 1; 8999 } 9000 else if (!all_disabled) 9001 list->enable = 0; 9002 9003 list = list->list; 9004 } 9005 9006 all_disabled = 1; 9007 9008 if (!found_it) 9009 { 9010 fprintf(stderr, "pngvalid: --transform-enable=%s: unknown transform\n", 9011 name); 9012 exit(99); 9013 } 9014 } 9015 9016 static void 9017 transform_disable(const char *name) 9018 { 9019 image_transform *list = image_transform_first; 9020 9021 while (list != &image_transform_end) 9022 { 9023 if (strcmp(list->name, name) == 0) 9024 { 9025 list->enable = 0; 9026 return; 9027 } 9028 9029 list = list->list; 9030 } 9031 9032 fprintf(stderr, "pngvalid: --transform-disable=%s: unknown transform\n", 9033 name); 9034 exit(99); 9035 } 9036 9037 static void 9038 image_transform_reset_count(void) 9039 { 9040 image_transform *next = image_transform_first; 9041 int count = 0; 9042 9043 while (next != &image_transform_end) 9044 { 9045 next->local_use = 0; 9046 next->next = 0; 9047 next = next->list; 9048 ++count; 9049 } 9050 9051 /* This can only happen if we every have more than 32 transforms (excluding 9052 * the end) in the list. 9053 */ 9054 if (count > 32) abort(); 9055 } 9056 9057 static int 9058 image_transform_test_counter(png_uint_32 counter, unsigned int max) 9059 { 9060 /* Test the list to see if there is any point contining, given a current 9061 * counter and a 'max' value. 9062 */ 9063 image_transform *next = image_transform_first; 9064 9065 while (next != &image_transform_end) 9066 { 9067 /* For max 0 or 1 continue until the counter overflows: */ 9068 counter >>= 1; 9069 9070 /* Continue if any entry hasn't reacked the max. */ 9071 if (max > 1 && next->local_use < max) 9072 return 1; 9073 next = next->list; 9074 } 9075 9076 return max <= 1 && counter == 0; 9077 } 9078 9079 static png_uint_32 9080 image_transform_add(const image_transform **this, unsigned int max, 9081 png_uint_32 counter, char *name, size_t sizeof_name, size_t *pos, 9082 png_byte colour_type, png_byte bit_depth) 9083 { 9084 for (;;) /* until we manage to add something */ 9085 { 9086 png_uint_32 mask; 9087 image_transform *list; 9088 9089 /* Find the next counter value, if the counter is zero this is the start 9090 * of the list. This routine always returns the current counter (not the 9091 * next) so it returns 0 at the end and expects 0 at the beginning. 9092 */ 9093 if (counter == 0) /* first time */ 9094 { 9095 image_transform_reset_count(); 9096 if (max <= 1) 9097 counter = 1; 9098 else 9099 counter = random_32(); 9100 } 9101 else /* advance the counter */ 9102 { 9103 switch (max) 9104 { 9105 case 0: ++counter; break; 9106 case 1: counter <<= 1; break; 9107 default: counter = random_32(); break; 9108 } 9109 } 9110 9111 /* Now add all these items, if possible */ 9112 *this = &image_transform_end; 9113 list = image_transform_first; 9114 mask = 1; 9115 9116 /* Go through the whole list adding anything that the counter selects: */ 9117 while (list != &image_transform_end) 9118 { 9119 if ((counter & mask) != 0 && list->enable && 9120 (max == 0 || list->local_use < max)) 9121 { 9122 /* Candidate to add: */ 9123 if (list->add(list, this, colour_type, bit_depth) || max == 0) 9124 { 9125 /* Added, so add to the name too. */ 9126 *pos = safecat(name, sizeof_name, *pos, " +"); 9127 *pos = safecat(name, sizeof_name, *pos, list->name); 9128 } 9129 9130 else 9131 { 9132 /* Not useful and max>0, so remove it from *this: */ 9133 *this = list->next; 9134 list->next = 0; 9135 9136 /* And, since we know it isn't useful, stop it being added again 9137 * in this run: 9138 */ 9139 list->local_use = max; 9140 } 9141 } 9142 9143 mask <<= 1; 9144 list = list->list; 9145 } 9146 9147 /* Now if anything was added we have something to do. */ 9148 if (*this != &image_transform_end) 9149 return counter; 9150 9151 /* Nothing added, but was there anything in there to add? */ 9152 if (!image_transform_test_counter(counter, max)) 9153 return 0; 9154 } 9155 } 9156 9157 static void 9158 perform_transform_test(png_modifier *pm) 9159 { 9160 png_byte colour_type = 0; 9161 png_byte bit_depth = 0; 9162 unsigned int palette_number = 0; 9163 9164 while (next_format(&colour_type, &bit_depth, &palette_number, pm->test_lbg, 9165 pm->test_tRNS)) 9166 { 9167 png_uint_32 counter = 0; 9168 size_t base_pos; 9169 char name[64]; 9170 9171 base_pos = safecat(name, sizeof name, 0, "transform:"); 9172 9173 for (;;) 9174 { 9175 size_t pos = base_pos; 9176 const image_transform *list = 0; 9177 9178 /* 'max' is currently hardwired to '1'; this should be settable on the 9179 * command line. 9180 */ 9181 counter = image_transform_add(&list, 1/*max*/, counter, 9182 name, sizeof name, &pos, colour_type, bit_depth); 9183 9184 if (counter == 0) 9185 break; 9186 9187 /* The command line can change this to checking interlaced images. */ 9188 do 9189 { 9190 pm->repeat = 0; 9191 transform_test(pm, FILEID(colour_type, bit_depth, palette_number, 9192 pm->interlace_type, 0, 0, 0), list, name); 9193 9194 if (fail(pm)) 9195 return; 9196 } 9197 while (pm->repeat); 9198 } 9199 } 9200 } 9201 #endif /* PNG_READ_TRANSFORMS_SUPPORTED */ 9202 9203 /********************************* GAMMA TESTS ********************************/ 9204 #ifdef PNG_READ_GAMMA_SUPPORTED 9205 /* Reader callbacks and implementations, where they differ from the standard 9206 * ones. 9207 */ 9208 typedef struct gamma_display 9209 { 9210 standard_display this; 9211 9212 /* Parameters */ 9213 png_modifier* pm; 9214 double file_gamma; 9215 double screen_gamma; 9216 double background_gamma; 9217 png_byte sbit; 9218 int threshold_test; 9219 int use_input_precision; 9220 int scale16; 9221 int expand16; 9222 int do_background; 9223 png_color_16 background_color; 9224 9225 /* Local variables */ 9226 double maxerrout; 9227 double maxerrpc; 9228 double maxerrabs; 9229 } gamma_display; 9230 9231 #define ALPHA_MODE_OFFSET 4 9232 9233 static void 9234 gamma_display_init(gamma_display *dp, png_modifier *pm, png_uint_32 id, 9235 double file_gamma, double screen_gamma, png_byte sbit, int threshold_test, 9236 int use_input_precision, int scale16, int expand16, 9237 int do_background, const png_color_16 *pointer_to_the_background_color, 9238 double background_gamma) 9239 { 9240 /* Standard fields */ 9241 standard_display_init(&dp->this, &pm->this, id, do_read_interlace, 9242 pm->use_update_info); 9243 9244 /* Parameter fields */ 9245 dp->pm = pm; 9246 dp->file_gamma = file_gamma; 9247 dp->screen_gamma = screen_gamma; 9248 dp->background_gamma = background_gamma; 9249 dp->sbit = sbit; 9250 dp->threshold_test = threshold_test; 9251 dp->use_input_precision = use_input_precision; 9252 dp->scale16 = scale16; 9253 dp->expand16 = expand16; 9254 dp->do_background = do_background; 9255 if (do_background && pointer_to_the_background_color != 0) 9256 dp->background_color = *pointer_to_the_background_color; 9257 else 9258 memset(&dp->background_color, 0, sizeof dp->background_color); 9259 9260 /* Local variable fields */ 9261 dp->maxerrout = dp->maxerrpc = dp->maxerrabs = 0; 9262 } 9263 9264 static void 9265 gamma_info_imp(gamma_display *dp, png_structp pp, png_infop pi) 9266 { 9267 /* Reuse the standard stuff as appropriate. */ 9268 standard_info_part1(&dp->this, pp, pi); 9269 9270 /* If requested strip 16 to 8 bits - this is handled automagically below 9271 * because the output bit depth is read from the library. Note that there 9272 * are interactions with sBIT but, internally, libpng makes sbit at most 9273 * PNG_MAX_GAMMA_8 prior to 1.7 when doing the following. 9274 */ 9275 if (dp->scale16) 9276 # ifdef PNG_READ_SCALE_16_TO_8_SUPPORTED 9277 png_set_scale_16(pp); 9278 # else 9279 /* The following works both in 1.5.4 and earlier versions: */ 9280 # ifdef PNG_READ_16_TO_8_SUPPORTED 9281 png_set_strip_16(pp); 9282 # else 9283 png_error(pp, "scale16 (16 to 8 bit conversion) not supported"); 9284 # endif 9285 # endif 9286 9287 if (dp->expand16) 9288 # ifdef PNG_READ_EXPAND_16_SUPPORTED 9289 png_set_expand_16(pp); 9290 # else 9291 png_error(pp, "expand16 (8 to 16 bit conversion) not supported"); 9292 # endif 9293 9294 if (dp->do_background >= ALPHA_MODE_OFFSET) 9295 { 9296 # ifdef PNG_READ_ALPHA_MODE_SUPPORTED 9297 { 9298 /* This tests the alpha mode handling, if supported. */ 9299 int mode = dp->do_background - ALPHA_MODE_OFFSET; 9300 9301 /* The gamma value is the output gamma, and is in the standard, 9302 * non-inverted, represenation. It provides a default for the PNG file 9303 * gamma, but since the file has a gAMA chunk this does not matter. 9304 */ 9305 const double sg = dp->screen_gamma; 9306 # ifndef PNG_FLOATING_POINT_SUPPORTED 9307 const png_fixed_point g = fix(sg); 9308 # endif 9309 9310 # ifdef PNG_FLOATING_POINT_SUPPORTED 9311 png_set_alpha_mode(pp, mode, sg); 9312 # else 9313 png_set_alpha_mode_fixed(pp, mode, g); 9314 # endif 9315 9316 /* However, for the standard Porter-Duff algorithm the output defaults 9317 * to be linear, so if the test requires non-linear output it must be 9318 * corrected here. 9319 */ 9320 if (mode == PNG_ALPHA_STANDARD && sg != 1) 9321 { 9322 # ifdef PNG_FLOATING_POINT_SUPPORTED 9323 png_set_gamma(pp, sg, dp->file_gamma); 9324 # else 9325 png_fixed_point f = fix(dp->file_gamma); 9326 png_set_gamma_fixed(pp, g, f); 9327 # endif 9328 } 9329 } 9330 # else 9331 png_error(pp, "alpha mode handling not supported"); 9332 # endif 9333 } 9334 9335 else 9336 { 9337 /* Set up gamma processing. */ 9338 # ifdef PNG_FLOATING_POINT_SUPPORTED 9339 png_set_gamma(pp, dp->screen_gamma, dp->file_gamma); 9340 # else 9341 { 9342 png_fixed_point s = fix(dp->screen_gamma); 9343 png_fixed_point f = fix(dp->file_gamma); 9344 png_set_gamma_fixed(pp, s, f); 9345 } 9346 # endif 9347 9348 if (dp->do_background) 9349 { 9350 # ifdef PNG_READ_BACKGROUND_SUPPORTED 9351 /* NOTE: this assumes the caller provided the correct background gamma! 9352 */ 9353 const double bg = dp->background_gamma; 9354 # ifndef PNG_FLOATING_POINT_SUPPORTED 9355 const png_fixed_point g = fix(bg); 9356 # endif 9357 9358 # ifdef PNG_FLOATING_POINT_SUPPORTED 9359 png_set_background(pp, &dp->background_color, dp->do_background, 9360 0/*need_expand*/, bg); 9361 # else 9362 png_set_background_fixed(pp, &dp->background_color, 9363 dp->do_background, 0/*need_expand*/, g); 9364 # endif 9365 # else 9366 png_error(pp, "png_set_background not supported"); 9367 # endif 9368 } 9369 } 9370 9371 { 9372 int i = dp->this.use_update_info; 9373 /* Always do one call, even if use_update_info is 0. */ 9374 do 9375 png_read_update_info(pp, pi); 9376 while (--i > 0); 9377 } 9378 9379 /* Now we may get a different cbRow: */ 9380 standard_info_part2(&dp->this, pp, pi, 1 /*images*/); 9381 } 9382 9383 static void PNGCBAPI 9384 gamma_info(png_structp pp, png_infop pi) 9385 { 9386 gamma_info_imp(voidcast(gamma_display*, png_get_progressive_ptr(pp)), pp, 9387 pi); 9388 } 9389 9390 /* Validate a single component value - the routine gets the input and output 9391 * sample values as unscaled PNG component values along with a cache of all the 9392 * information required to validate the values. 9393 */ 9394 typedef struct validate_info 9395 { 9396 png_const_structp pp; 9397 gamma_display *dp; 9398 png_byte sbit; 9399 int use_input_precision; 9400 int do_background; 9401 int scale16; 9402 unsigned int sbit_max; 9403 unsigned int isbit_shift; 9404 unsigned int outmax; 9405 9406 double gamma_correction; /* Overall correction required. */ 9407 double file_inverse; /* Inverse of file gamma. */ 9408 double screen_gamma; 9409 double screen_inverse; /* Inverse of screen gamma. */ 9410 9411 double background_red; /* Linear background value, red or gray. */ 9412 double background_green; 9413 double background_blue; 9414 9415 double maxabs; 9416 double maxpc; 9417 double maxcalc; 9418 double maxout; 9419 double maxout_total; /* Total including quantization error */ 9420 double outlog; 9421 int outquant; 9422 } 9423 validate_info; 9424 9425 static void 9426 init_validate_info(validate_info *vi, gamma_display *dp, png_const_structp pp, 9427 int in_depth, int out_depth) 9428 { 9429 const unsigned int outmax = (1U<<out_depth)-1; 9430 9431 vi->pp = pp; 9432 vi->dp = dp; 9433 9434 if (dp->sbit > 0 && dp->sbit < in_depth) 9435 { 9436 vi->sbit = dp->sbit; 9437 vi->isbit_shift = in_depth - dp->sbit; 9438 } 9439 9440 else 9441 { 9442 vi->sbit = (png_byte)in_depth; 9443 vi->isbit_shift = 0; 9444 } 9445 9446 vi->sbit_max = (1U << vi->sbit)-1; 9447 9448 /* This mimics the libpng threshold test, '0' is used to prevent gamma 9449 * correction in the validation test. 9450 */ 9451 vi->screen_gamma = dp->screen_gamma; 9452 if (fabs(vi->screen_gamma-1) < PNG_GAMMA_THRESHOLD) 9453 vi->screen_gamma = vi->screen_inverse = 0; 9454 else 9455 vi->screen_inverse = 1/vi->screen_gamma; 9456 9457 vi->use_input_precision = dp->use_input_precision; 9458 vi->outmax = outmax; 9459 vi->maxabs = abserr(dp->pm, in_depth, out_depth); 9460 vi->maxpc = pcerr(dp->pm, in_depth, out_depth); 9461 vi->maxcalc = calcerr(dp->pm, in_depth, out_depth); 9462 vi->maxout = outerr(dp->pm, in_depth, out_depth); 9463 vi->outquant = output_quantization_factor(dp->pm, in_depth, out_depth); 9464 vi->maxout_total = vi->maxout + vi->outquant * .5; 9465 vi->outlog = outlog(dp->pm, in_depth, out_depth); 9466 9467 if ((dp->this.colour_type & PNG_COLOR_MASK_ALPHA) != 0 || 9468 (dp->this.colour_type == 3 && dp->this.is_transparent) || 9469 ((dp->this.colour_type == 0 || dp->this.colour_type == 2) && 9470 dp->this.has_tRNS)) 9471 { 9472 vi->do_background = dp->do_background; 9473 9474 if (vi->do_background != 0) 9475 { 9476 const double bg_inverse = 1/dp->background_gamma; 9477 double r, g, b; 9478 9479 /* Caller must at least put the gray value into the red channel */ 9480 r = dp->background_color.red; r /= outmax; 9481 g = dp->background_color.green; g /= outmax; 9482 b = dp->background_color.blue; b /= outmax; 9483 9484 # if 0 9485 /* libpng doesn't do this optimization, if we do pngvalid will fail. 9486 */ 9487 if (fabs(bg_inverse-1) >= PNG_GAMMA_THRESHOLD) 9488 # endif 9489 { 9490 r = pow(r, bg_inverse); 9491 g = pow(g, bg_inverse); 9492 b = pow(b, bg_inverse); 9493 } 9494 9495 vi->background_red = r; 9496 vi->background_green = g; 9497 vi->background_blue = b; 9498 } 9499 } 9500 else /* Do not expect any background processing */ 9501 vi->do_background = 0; 9502 9503 if (vi->do_background == 0) 9504 vi->background_red = vi->background_green = vi->background_blue = 0; 9505 9506 vi->gamma_correction = 1/(dp->file_gamma*dp->screen_gamma); 9507 if (fabs(vi->gamma_correction-1) < PNG_GAMMA_THRESHOLD) 9508 vi->gamma_correction = 0; 9509 9510 vi->file_inverse = 1/dp->file_gamma; 9511 if (fabs(vi->file_inverse-1) < PNG_GAMMA_THRESHOLD) 9512 vi->file_inverse = 0; 9513 9514 vi->scale16 = dp->scale16; 9515 } 9516 9517 /* This function handles composition of a single non-alpha component. The 9518 * argument is the input sample value, in the range 0..1, and the alpha value. 9519 * The result is the composed, linear, input sample. If alpha is less than zero 9520 * this is the alpha component and the function should not be called! 9521 */ 9522 static double 9523 gamma_component_compose(int do_background, double input_sample, double alpha, 9524 double background, int *compose) 9525 { 9526 switch (do_background) 9527 { 9528 #ifdef PNG_READ_BACKGROUND_SUPPORTED 9529 case PNG_BACKGROUND_GAMMA_SCREEN: 9530 case PNG_BACKGROUND_GAMMA_FILE: 9531 case PNG_BACKGROUND_GAMMA_UNIQUE: 9532 /* Standard PNG background processing. */ 9533 if (alpha < 1) 9534 { 9535 if (alpha > 0) 9536 { 9537 input_sample = input_sample * alpha + background * (1-alpha); 9538 if (compose != NULL) 9539 *compose = 1; 9540 } 9541 9542 else 9543 input_sample = background; 9544 } 9545 break; 9546 #endif 9547 9548 #ifdef PNG_READ_ALPHA_MODE_SUPPORTED 9549 case ALPHA_MODE_OFFSET + PNG_ALPHA_STANDARD: 9550 case ALPHA_MODE_OFFSET + PNG_ALPHA_BROKEN: 9551 /* The components are premultiplied in either case and the output is 9552 * gamma encoded (to get standard Porter-Duff we expect the output 9553 * gamma to be set to 1.0!) 9554 */ 9555 case ALPHA_MODE_OFFSET + PNG_ALPHA_OPTIMIZED: 9556 /* The optimization is that the partial-alpha entries are linear 9557 * while the opaque pixels are gamma encoded, but this only affects the 9558 * output encoding. 9559 */ 9560 if (alpha < 1) 9561 { 9562 if (alpha > 0) 9563 { 9564 input_sample *= alpha; 9565 if (compose != NULL) 9566 *compose = 1; 9567 } 9568 9569 else 9570 input_sample = 0; 9571 } 9572 break; 9573 #endif 9574 9575 default: 9576 /* Standard cases where no compositing is done (so the component 9577 * value is already correct.) 9578 */ 9579 UNUSED(alpha) 9580 UNUSED(background) 9581 UNUSED(compose) 9582 break; 9583 } 9584 9585 return input_sample; 9586 } 9587 9588 /* This API returns the encoded *input* component, in the range 0..1 */ 9589 static double 9590 gamma_component_validate(const char *name, const validate_info *vi, 9591 const unsigned int id, const unsigned int od, 9592 const double alpha /* <0 for the alpha channel itself */, 9593 const double background /* component background value */) 9594 { 9595 const unsigned int isbit = id >> vi->isbit_shift; 9596 const unsigned int sbit_max = vi->sbit_max; 9597 const unsigned int outmax = vi->outmax; 9598 const int do_background = vi->do_background; 9599 9600 double i; 9601 9602 /* First check on the 'perfect' result obtained from the digitized input 9603 * value, id, and compare this against the actual digitized result, 'od'. 9604 * 'i' is the input result in the range 0..1: 9605 */ 9606 i = isbit; i /= sbit_max; 9607 9608 /* Check for the fast route: if we don't do any background composition or if 9609 * this is the alpha channel ('alpha' < 0) or if the pixel is opaque then 9610 * just use the gamma_correction field to correct to the final output gamma. 9611 */ 9612 if (alpha == 1 /* opaque pixel component */ || !do_background 9613 #ifdef PNG_READ_ALPHA_MODE_SUPPORTED 9614 || do_background == ALPHA_MODE_OFFSET + PNG_ALPHA_PNG 9615 #endif 9616 || (alpha < 0 /* alpha channel */ 9617 #ifdef PNG_READ_ALPHA_MODE_SUPPORTED 9618 && do_background != ALPHA_MODE_OFFSET + PNG_ALPHA_BROKEN 9619 #endif 9620 )) 9621 { 9622 /* Then get the gamma corrected version of 'i' and compare to 'od', any 9623 * error less than .5 is insignificant - just quantization of the output 9624 * value to the nearest digital value (nevertheless the error is still 9625 * recorded - it's interesting ;-) 9626 */ 9627 double encoded_sample = i; 9628 double encoded_error; 9629 9630 /* alpha less than 0 indicates the alpha channel, which is always linear 9631 */ 9632 if (alpha >= 0 && vi->gamma_correction > 0) 9633 encoded_sample = pow(encoded_sample, vi->gamma_correction); 9634 encoded_sample *= outmax; 9635 9636 encoded_error = fabs(od-encoded_sample); 9637 9638 if (encoded_error > vi->dp->maxerrout) 9639 vi->dp->maxerrout = encoded_error; 9640 9641 if (encoded_error < vi->maxout_total && encoded_error < vi->outlog) 9642 return i; 9643 } 9644 9645 /* The slow route - attempt to do linear calculations. */ 9646 /* There may be an error, or background processing is required, so calculate 9647 * the actual sample values - unencoded light intensity values. Note that in 9648 * practice these are not completely unencoded because they include a 9649 * 'viewing correction' to decrease or (normally) increase the perceptual 9650 * contrast of the image. There's nothing we can do about this - we don't 9651 * know what it is - so assume the unencoded value is perceptually linear. 9652 */ 9653 { 9654 double input_sample = i; /* In range 0..1 */ 9655 double output, error, encoded_sample, encoded_error; 9656 double es_lo, es_hi; 9657 int compose = 0; /* Set to one if composition done */ 9658 int output_is_encoded; /* Set if encoded to screen gamma */ 9659 int log_max_error = 1; /* Check maximum error values */ 9660 png_const_charp pass = 0; /* Reason test passes (or 0 for fail) */ 9661 9662 /* Convert to linear light (with the above caveat.) The alpha channel is 9663 * already linear. 9664 */ 9665 if (alpha >= 0) 9666 { 9667 int tcompose; 9668 9669 if (vi->file_inverse > 0) 9670 input_sample = pow(input_sample, vi->file_inverse); 9671 9672 /* Handle the compose processing: */ 9673 tcompose = 0; 9674 input_sample = gamma_component_compose(do_background, input_sample, 9675 alpha, background, &tcompose); 9676 9677 if (tcompose) 9678 compose = 1; 9679 } 9680 9681 /* And similarly for the output value, but we need to check the background 9682 * handling to linearize it correctly. 9683 */ 9684 output = od; 9685 output /= outmax; 9686 9687 output_is_encoded = vi->screen_gamma > 0; 9688 9689 if (alpha < 0) /* The alpha channel */ 9690 { 9691 #ifdef PNG_READ_ALPHA_MODE_SUPPORTED 9692 if (do_background != ALPHA_MODE_OFFSET + PNG_ALPHA_BROKEN) 9693 #endif 9694 { 9695 /* In all other cases the output alpha channel is linear already, 9696 * don't log errors here, they are much larger in linear data. 9697 */ 9698 output_is_encoded = 0; 9699 log_max_error = 0; 9700 } 9701 } 9702 9703 #ifdef PNG_READ_ALPHA_MODE_SUPPORTED 9704 else /* A component */ 9705 { 9706 if (do_background == ALPHA_MODE_OFFSET + PNG_ALPHA_OPTIMIZED && 9707 alpha < 1) /* the optimized case - linear output */ 9708 { 9709 if (alpha > 0) log_max_error = 0; 9710 output_is_encoded = 0; 9711 } 9712 } 9713 #endif 9714 9715 if (output_is_encoded) 9716 output = pow(output, vi->screen_gamma); 9717 9718 /* Calculate (or recalculate) the encoded_sample value and repeat the 9719 * check above (unnecessary if we took the fast route, but harmless.) 9720 */ 9721 encoded_sample = input_sample; 9722 if (output_is_encoded) 9723 encoded_sample = pow(encoded_sample, vi->screen_inverse); 9724 encoded_sample *= outmax; 9725 9726 encoded_error = fabs(od-encoded_sample); 9727 9728 /* Don't log errors in the alpha channel, or the 'optimized' case, 9729 * neither are significant to the overall perception. 9730 */ 9731 if (log_max_error && encoded_error > vi->dp->maxerrout) 9732 vi->dp->maxerrout = encoded_error; 9733 9734 if (encoded_error < vi->maxout_total) 9735 { 9736 if (encoded_error < vi->outlog) 9737 return i; 9738 9739 /* Test passed but error is bigger than the log limit, record why the 9740 * test passed: 9741 */ 9742 pass = "less than maxout:\n"; 9743 } 9744 9745 /* i: the original input value in the range 0..1 9746 * 9747 * pngvalid calculations: 9748 * input_sample: linear result; i linearized and composed, range 0..1 9749 * encoded_sample: encoded result; input_sample scaled to ouput bit depth 9750 * 9751 * libpng calculations: 9752 * output: linear result; od scaled to 0..1 and linearized 9753 * od: encoded result from libpng 9754 */ 9755 9756 /* Now we have the numbers for real errors, both absolute values as as a 9757 * percentage of the correct value (output): 9758 */ 9759 error = fabs(input_sample-output); 9760 9761 if (log_max_error && error > vi->dp->maxerrabs) 9762 vi->dp->maxerrabs = error; 9763 9764 /* The following is an attempt to ignore the tendency of quantization to 9765 * dominate the percentage errors for lower result values: 9766 */ 9767 if (log_max_error && input_sample > .5) 9768 { 9769 double percentage_error = error/input_sample; 9770 if (percentage_error > vi->dp->maxerrpc) 9771 vi->dp->maxerrpc = percentage_error; 9772 } 9773 9774 /* Now calculate the digitization limits for 'encoded_sample' using the 9775 * 'max' values. Note that maxout is in the encoded space but maxpc and 9776 * maxabs are in linear light space. 9777 * 9778 * First find the maximum error in linear light space, range 0..1: 9779 */ 9780 { 9781 double tmp = input_sample * vi->maxpc; 9782 if (tmp < vi->maxabs) tmp = vi->maxabs; 9783 /* If 'compose' is true the composition was done in linear space using 9784 * integer arithmetic. This introduces an extra error of +/- 0.5 (at 9785 * least) in the integer space used. 'maxcalc' records this, taking 9786 * into account the possibility that even for 16 bit output 8 bit space 9787 * may have been used. 9788 */ 9789 if (compose && tmp < vi->maxcalc) tmp = vi->maxcalc; 9790 9791 /* The 'maxout' value refers to the encoded result, to compare with 9792 * this encode input_sample adjusted by the maximum error (tmp) above. 9793 */ 9794 es_lo = encoded_sample - vi->maxout; 9795 9796 if (es_lo > 0 && input_sample-tmp > 0) 9797 { 9798 double low_value = input_sample-tmp; 9799 if (output_is_encoded) 9800 low_value = pow(low_value, vi->screen_inverse); 9801 low_value *= outmax; 9802 if (low_value < es_lo) es_lo = low_value; 9803 9804 /* Quantize this appropriately: */ 9805 es_lo = ceil(es_lo / vi->outquant - .5) * vi->outquant; 9806 } 9807 9808 else 9809 es_lo = 0; 9810 9811 es_hi = encoded_sample + vi->maxout; 9812 9813 if (es_hi < outmax && input_sample+tmp < 1) 9814 { 9815 double high_value = input_sample+tmp; 9816 if (output_is_encoded) 9817 high_value = pow(high_value, vi->screen_inverse); 9818 high_value *= outmax; 9819 if (high_value > es_hi) es_hi = high_value; 9820 9821 es_hi = floor(es_hi / vi->outquant + .5) * vi->outquant; 9822 } 9823 9824 else 9825 es_hi = outmax; 9826 } 9827 9828 /* The primary test is that the final encoded value returned by the 9829 * library should be between the two limits (inclusive) that were 9830 * calculated above. 9831 */ 9832 if (od >= es_lo && od <= es_hi) 9833 { 9834 /* The value passes, but we may need to log the information anyway. */ 9835 if (encoded_error < vi->outlog) 9836 return i; 9837 9838 if (pass == 0) 9839 pass = "within digitization limits:\n"; 9840 } 9841 9842 { 9843 /* There has been an error in processing, or we need to log this 9844 * value. 9845 */ 9846 double is_lo, is_hi; 9847 9848 /* pass is set at this point if either of the tests above would have 9849 * passed. Don't do these additional tests here - just log the 9850 * original [es_lo..es_hi] values. 9851 */ 9852 if (pass == 0 && vi->use_input_precision && vi->dp->sbit) 9853 { 9854 /* Ok, something is wrong - this actually happens in current libpng 9855 * 16-to-8 processing. Assume that the input value (id, adjusted 9856 * for sbit) can be anywhere between value-.5 and value+.5 - quite a 9857 * large range if sbit is low. 9858 * 9859 * NOTE: at present because the libpng gamma table stuff has been 9860 * changed to use a rounding algorithm to correct errors in 8-bit 9861 * calculations the precise sbit calculation (a shift) has been 9862 * lost. This can result in up to a +/-1 error in the presence of 9863 * an sbit less than the bit depth. 9864 */ 9865 # if PNG_LIBPNG_VER < 10700 9866 # define SBIT_ERROR .5 9867 # else 9868 # define SBIT_ERROR 1. 9869 # endif 9870 double tmp = (isbit - SBIT_ERROR)/sbit_max; 9871 9872 if (tmp <= 0) 9873 tmp = 0; 9874 9875 else if (alpha >= 0 && vi->file_inverse > 0 && tmp < 1) 9876 tmp = pow(tmp, vi->file_inverse); 9877 9878 tmp = gamma_component_compose(do_background, tmp, alpha, background, 9879 NULL); 9880 9881 if (output_is_encoded && tmp > 0 && tmp < 1) 9882 tmp = pow(tmp, vi->screen_inverse); 9883 9884 is_lo = ceil(outmax * tmp - vi->maxout_total); 9885 9886 if (is_lo < 0) 9887 is_lo = 0; 9888 9889 tmp = (isbit + SBIT_ERROR)/sbit_max; 9890 9891 if (tmp >= 1) 9892 tmp = 1; 9893 9894 else if (alpha >= 0 && vi->file_inverse > 0 && tmp < 1) 9895 tmp = pow(tmp, vi->file_inverse); 9896 9897 tmp = gamma_component_compose(do_background, tmp, alpha, background, 9898 NULL); 9899 9900 if (output_is_encoded && tmp > 0 && tmp < 1) 9901 tmp = pow(tmp, vi->screen_inverse); 9902 9903 is_hi = floor(outmax * tmp + vi->maxout_total); 9904 9905 if (is_hi > outmax) 9906 is_hi = outmax; 9907 9908 if (!(od < is_lo || od > is_hi)) 9909 { 9910 if (encoded_error < vi->outlog) 9911 return i; 9912 9913 pass = "within input precision limits:\n"; 9914 } 9915 9916 /* One last chance. If this is an alpha channel and the 16to8 9917 * option has been used and 'inaccurate' scaling is used then the 9918 * bit reduction is obtained by simply using the top 8 bits of the 9919 * value. 9920 * 9921 * This is only done for older libpng versions when the 'inaccurate' 9922 * (chop) method of scaling was used. 9923 */ 9924 # ifndef PNG_READ_16_TO_8_ACCURATE_SCALE_SUPPORTED 9925 # if PNG_LIBPNG_VER < 10504 9926 /* This may be required for other components in the future, 9927 * but at present the presence of gamma correction effectively 9928 * prevents the errors in the component scaling (I don't quite 9929 * understand why, but since it's better this way I care not 9930 * to ask, JB 20110419.) 9931 */ 9932 if (pass == 0 && alpha < 0 && vi->scale16 && vi->sbit > 8 && 9933 vi->sbit + vi->isbit_shift == 16) 9934 { 9935 tmp = ((id >> 8) - .5)/255; 9936 9937 if (tmp > 0) 9938 { 9939 is_lo = ceil(outmax * tmp - vi->maxout_total); 9940 if (is_lo < 0) is_lo = 0; 9941 } 9942 9943 else 9944 is_lo = 0; 9945 9946 tmp = ((id >> 8) + .5)/255; 9947 9948 if (tmp < 1) 9949 { 9950 is_hi = floor(outmax * tmp + vi->maxout_total); 9951 if (is_hi > outmax) is_hi = outmax; 9952 } 9953 9954 else 9955 is_hi = outmax; 9956 9957 if (!(od < is_lo || od > is_hi)) 9958 { 9959 if (encoded_error < vi->outlog) 9960 return i; 9961 9962 pass = "within 8 bit limits:\n"; 9963 } 9964 } 9965 # endif 9966 # endif 9967 } 9968 else /* !use_input_precision */ 9969 is_lo = es_lo, is_hi = es_hi; 9970 9971 /* Attempt to output a meaningful error/warning message: the message 9972 * output depends on the background/composite operation being performed 9973 * because this changes what parameters were actually used above. 9974 */ 9975 { 9976 size_t pos = 0; 9977 /* Need either 1/255 or 1/65535 precision here; 3 or 6 decimal 9978 * places. Just use outmax to work out which. 9979 */ 9980 int precision = (outmax >= 1000 ? 6 : 3); 9981 int use_input=1, use_background=0, do_compose=0; 9982 char msg[256]; 9983 9984 if (pass != 0) 9985 pos = safecat(msg, sizeof msg, pos, "\n\t"); 9986 9987 /* Set up the various flags, the output_is_encoded flag above 9988 * is also used below. do_compose is just a double check. 9989 */ 9990 switch (do_background) 9991 { 9992 # ifdef PNG_READ_BACKGROUND_SUPPORTED 9993 case PNG_BACKGROUND_GAMMA_SCREEN: 9994 case PNG_BACKGROUND_GAMMA_FILE: 9995 case PNG_BACKGROUND_GAMMA_UNIQUE: 9996 use_background = (alpha >= 0 && alpha < 1); 9997 /*FALL THROUGH*/ 9998 # endif 9999 # ifdef PNG_READ_ALPHA_MODE_SUPPORTED 10000 case ALPHA_MODE_OFFSET + PNG_ALPHA_STANDARD: 10001 case ALPHA_MODE_OFFSET + PNG_ALPHA_BROKEN: 10002 case ALPHA_MODE_OFFSET + PNG_ALPHA_OPTIMIZED: 10003 # endif /* ALPHA_MODE_SUPPORTED */ 10004 do_compose = (alpha > 0 && alpha < 1); 10005 use_input = (alpha != 0); 10006 break; 10007 10008 default: 10009 break; 10010 } 10011 10012 /* Check the 'compose' flag */ 10013 if (compose != do_compose) 10014 png_error(vi->pp, "internal error (compose)"); 10015 10016 /* 'name' is the component name */ 10017 pos = safecat(msg, sizeof msg, pos, name); 10018 pos = safecat(msg, sizeof msg, pos, "("); 10019 pos = safecatn(msg, sizeof msg, pos, id); 10020 if (use_input || pass != 0/*logging*/) 10021 { 10022 if (isbit != id) 10023 { 10024 /* sBIT has reduced the precision of the input: */ 10025 pos = safecat(msg, sizeof msg, pos, ", sbit("); 10026 pos = safecatn(msg, sizeof msg, pos, vi->sbit); 10027 pos = safecat(msg, sizeof msg, pos, "): "); 10028 pos = safecatn(msg, sizeof msg, pos, isbit); 10029 } 10030 pos = safecat(msg, sizeof msg, pos, "/"); 10031 /* The output is either "id/max" or "id sbit(sbit): isbit/max" */ 10032 pos = safecatn(msg, sizeof msg, pos, vi->sbit_max); 10033 } 10034 pos = safecat(msg, sizeof msg, pos, ")"); 10035 10036 /* A component may have been multiplied (in linear space) by the 10037 * alpha value, 'compose' says whether this is relevant. 10038 */ 10039 if (compose || pass != 0) 10040 { 10041 /* If any form of composition is being done report our 10042 * calculated linear value here (the code above doesn't record 10043 * the input value before composition is performed, so what 10044 * gets reported is the value after composition.) 10045 */ 10046 if (use_input || pass != 0) 10047 { 10048 if (vi->file_inverse > 0) 10049 { 10050 pos = safecat(msg, sizeof msg, pos, "^"); 10051 pos = safecatd(msg, sizeof msg, pos, vi->file_inverse, 2); 10052 } 10053 10054 else 10055 pos = safecat(msg, sizeof msg, pos, "[linear]"); 10056 10057 pos = safecat(msg, sizeof msg, pos, "*(alpha)"); 10058 pos = safecatd(msg, sizeof msg, pos, alpha, precision); 10059 } 10060 10061 /* Now record the *linear* background value if it was used 10062 * (this function is not passed the original, non-linear, 10063 * value but it is contained in the test name.) 10064 */ 10065 if (use_background) 10066 { 10067 pos = safecat(msg, sizeof msg, pos, use_input ? "+" : " "); 10068 pos = safecat(msg, sizeof msg, pos, "(background)"); 10069 pos = safecatd(msg, sizeof msg, pos, background, precision); 10070 pos = safecat(msg, sizeof msg, pos, "*"); 10071 pos = safecatd(msg, sizeof msg, pos, 1-alpha, precision); 10072 } 10073 } 10074 10075 /* Report the calculated value (input_sample) and the linearized 10076 * libpng value (output) unless this is just a component gamma 10077 * correction. 10078 */ 10079 if (compose || alpha < 0 || pass != 0) 10080 { 10081 pos = safecat(msg, sizeof msg, pos, 10082 pass != 0 ? " =\n\t" : " = "); 10083 pos = safecatd(msg, sizeof msg, pos, input_sample, precision); 10084 pos = safecat(msg, sizeof msg, pos, " (libpng: "); 10085 pos = safecatd(msg, sizeof msg, pos, output, precision); 10086 pos = safecat(msg, sizeof msg, pos, ")"); 10087 10088 /* Finally report the output gamma encoding, if any. */ 10089 if (output_is_encoded) 10090 { 10091 pos = safecat(msg, sizeof msg, pos, " ^"); 10092 pos = safecatd(msg, sizeof msg, pos, vi->screen_inverse, 2); 10093 pos = safecat(msg, sizeof msg, pos, "(to screen) ="); 10094 } 10095 10096 else 10097 pos = safecat(msg, sizeof msg, pos, " [screen is linear] ="); 10098 } 10099 10100 if ((!compose && alpha >= 0) || pass != 0) 10101 { 10102 if (pass != 0) /* logging */ 10103 pos = safecat(msg, sizeof msg, pos, "\n\t[overall:"); 10104 10105 /* This is the non-composition case, the internal linear 10106 * values are irrelevant (though the log below will reveal 10107 * them.) Output a much shorter warning/error message and report 10108 * the overall gamma correction. 10109 */ 10110 if (vi->gamma_correction > 0) 10111 { 10112 pos = safecat(msg, sizeof msg, pos, " ^"); 10113 pos = safecatd(msg, sizeof msg, pos, vi->gamma_correction, 2); 10114 pos = safecat(msg, sizeof msg, pos, "(gamma correction) ="); 10115 } 10116 10117 else 10118 pos = safecat(msg, sizeof msg, pos, 10119 " [no gamma correction] ="); 10120 10121 if (pass != 0) 10122 pos = safecat(msg, sizeof msg, pos, "]"); 10123 } 10124 10125 /* This is our calculated encoded_sample which should (but does 10126 * not) match od: 10127 */ 10128 pos = safecat(msg, sizeof msg, pos, pass != 0 ? "\n\t" : " "); 10129 pos = safecatd(msg, sizeof msg, pos, is_lo, 1); 10130 pos = safecat(msg, sizeof msg, pos, " < "); 10131 pos = safecatd(msg, sizeof msg, pos, encoded_sample, 1); 10132 pos = safecat(msg, sizeof msg, pos, " (libpng: "); 10133 pos = safecatn(msg, sizeof msg, pos, od); 10134 pos = safecat(msg, sizeof msg, pos, ")"); 10135 pos = safecat(msg, sizeof msg, pos, "/"); 10136 pos = safecatn(msg, sizeof msg, pos, outmax); 10137 pos = safecat(msg, sizeof msg, pos, " < "); 10138 pos = safecatd(msg, sizeof msg, pos, is_hi, 1); 10139 10140 if (pass == 0) /* The error condition */ 10141 { 10142 # ifdef PNG_WARNINGS_SUPPORTED 10143 png_warning(vi->pp, msg); 10144 # else 10145 store_warning(vi->pp, msg); 10146 # endif 10147 } 10148 10149 else /* logging this value */ 10150 store_verbose(&vi->dp->pm->this, vi->pp, pass, msg); 10151 } 10152 } 10153 } 10154 10155 return i; 10156 } 10157 10158 static void 10159 gamma_image_validate(gamma_display *dp, png_const_structp pp, 10160 png_infop pi) 10161 { 10162 /* Get some constants derived from the input and output file formats: */ 10163 const png_store* const ps = dp->this.ps; 10164 const png_byte in_ct = dp->this.colour_type; 10165 const png_byte in_bd = dp->this.bit_depth; 10166 const png_uint_32 w = dp->this.w; 10167 const png_uint_32 h = dp->this.h; 10168 const size_t cbRow = dp->this.cbRow; 10169 const png_byte out_ct = png_get_color_type(pp, pi); 10170 const png_byte out_bd = png_get_bit_depth(pp, pi); 10171 10172 /* There are three sources of error, firstly the quantization in the 10173 * file encoding, determined by sbit and/or the file depth, secondly 10174 * the output (screen) gamma and thirdly the output file encoding. 10175 * 10176 * Since this API receives the screen and file gamma in double 10177 * precision it is possible to calculate an exact answer given an input 10178 * pixel value. Therefore we assume that the *input* value is exact - 10179 * sample/maxsample - calculate the corresponding gamma corrected 10180 * output to the limits of double precision arithmetic and compare with 10181 * what libpng returns. 10182 * 10183 * Since the library must quantize the output to 8 or 16 bits there is 10184 * a fundamental limit on the accuracy of the output of +/-.5 - this 10185 * quantization limit is included in addition to the other limits 10186 * specified by the paramaters to the API. (Effectively, add .5 10187 * everywhere.) 10188 * 10189 * The behavior of the 'sbit' paramter is defined by section 12.5 10190 * (sample depth scaling) of the PNG spec. That section forces the 10191 * decoder to assume that the PNG values have been scaled if sBIT is 10192 * present: 10193 * 10194 * png-sample = floor( input-sample * (max-out/max-in) + .5); 10195 * 10196 * This means that only a subset of the possible PNG values should 10197 * appear in the input. However, the spec allows the encoder to use a 10198 * variety of approximations to the above and doesn't require any 10199 * restriction of the values produced. 10200 * 10201 * Nevertheless the spec requires that the upper 'sBIT' bits of the 10202 * value stored in a PNG file be the original sample bits. 10203 * Consequently the code below simply scales the top sbit bits by 10204 * (1<<sbit)-1 to obtain an original sample value. 10205 * 10206 * Because there is limited precision in the input it is arguable that 10207 * an acceptable result is any valid result from input-.5 to input+.5. 10208 * The basic tests below do not do this, however if 'use_input_precision' 10209 * is set a subsequent test is performed above. 10210 */ 10211 const unsigned int samples_per_pixel = (out_ct & 2U) ? 3U : 1U; 10212 int processing; 10213 png_uint_32 y; 10214 const store_palette_entry *in_palette = dp->this.palette; 10215 const int in_is_transparent = dp->this.is_transparent; 10216 int process_tRNS; 10217 int out_npalette = -1; 10218 int out_is_transparent = 0; /* Just refers to the palette case */ 10219 store_palette out_palette; 10220 validate_info vi; 10221 10222 /* Check for row overwrite errors */ 10223 store_image_check(dp->this.ps, pp, 0); 10224 10225 /* Supply the input and output sample depths here - 8 for an indexed image, 10226 * otherwise the bit depth. 10227 */ 10228 init_validate_info(&vi, dp, pp, in_ct==3?8:in_bd, out_ct==3?8:out_bd); 10229 10230 processing = (vi.gamma_correction > 0 && !dp->threshold_test) 10231 || in_bd != out_bd || in_ct != out_ct || vi.do_background; 10232 process_tRNS = dp->this.has_tRNS && vi.do_background; 10233 10234 /* TODO: FIX THIS: MAJOR BUG! If the transformations all happen inside 10235 * the palette there is no way of finding out, because libpng fails to 10236 * update the palette on png_read_update_info. Indeed, libpng doesn't 10237 * even do the required work until much later, when it doesn't have any 10238 * info pointer. Oops. For the moment 'processing' is turned off if 10239 * out_ct is palette. 10240 */ 10241 if (in_ct == 3 && out_ct == 3) 10242 processing = 0; 10243 10244 if (processing && out_ct == 3) 10245 out_is_transparent = read_palette(out_palette, &out_npalette, pp, pi); 10246 10247 for (y=0; y<h; ++y) 10248 { 10249 png_const_bytep pRow = store_image_row(ps, pp, 0, y); 10250 png_byte std[STANDARD_ROWMAX]; 10251 10252 transform_row(pp, std, in_ct, in_bd, y); 10253 10254 if (processing) 10255 { 10256 unsigned int x; 10257 10258 for (x=0; x<w; ++x) 10259 { 10260 double alpha = 1; /* serves as a flag value */ 10261 10262 /* Record the palette index for index images. */ 10263 const unsigned int in_index = 10264 in_ct == 3 ? sample(std, 3, in_bd, x, 0, 0, 0) : 256; 10265 const unsigned int out_index = 10266 out_ct == 3 ? sample(std, 3, out_bd, x, 0, 0, 0) : 256; 10267 10268 /* Handle input alpha - png_set_background will cause the output 10269 * alpha to disappear so there is nothing to check. 10270 */ 10271 if ((in_ct & PNG_COLOR_MASK_ALPHA) != 0 || 10272 (in_ct == 3 && in_is_transparent)) 10273 { 10274 const unsigned int input_alpha = in_ct == 3 ? 10275 dp->this.palette[in_index].alpha : 10276 sample(std, in_ct, in_bd, x, samples_per_pixel, 0, 0); 10277 10278 unsigned int output_alpha = 65536 /* as a flag value */; 10279 10280 if (out_ct == 3) 10281 { 10282 if (out_is_transparent) 10283 output_alpha = out_palette[out_index].alpha; 10284 } 10285 10286 else if ((out_ct & PNG_COLOR_MASK_ALPHA) != 0) 10287 output_alpha = sample(pRow, out_ct, out_bd, x, 10288 samples_per_pixel, 0, 0); 10289 10290 if (output_alpha != 65536) 10291 alpha = gamma_component_validate("alpha", &vi, input_alpha, 10292 output_alpha, -1/*alpha*/, 0/*background*/); 10293 10294 else /* no alpha in output */ 10295 { 10296 /* This is a copy of the calculation of 'i' above in order to 10297 * have the alpha value to use in the background calculation. 10298 */ 10299 alpha = input_alpha >> vi.isbit_shift; 10300 alpha /= vi.sbit_max; 10301 } 10302 } 10303 10304 else if (process_tRNS) 10305 { 10306 /* alpha needs to be set appropriately for this pixel, it is 10307 * currently 1 and needs to be 0 for an input pixel which matches 10308 * the values in tRNS. 10309 */ 10310 switch (in_ct) 10311 { 10312 case 0: /* gray */ 10313 if (sample(std, in_ct, in_bd, x, 0, 0, 0) == 10314 dp->this.transparent.red) 10315 alpha = 0; 10316 break; 10317 10318 case 2: /* RGB */ 10319 if (sample(std, in_ct, in_bd, x, 0, 0, 0) == 10320 dp->this.transparent.red && 10321 sample(std, in_ct, in_bd, x, 1, 0, 0) == 10322 dp->this.transparent.green && 10323 sample(std, in_ct, in_bd, x, 2, 0, 0) == 10324 dp->this.transparent.blue) 10325 alpha = 0; 10326 break; 10327 10328 default: 10329 break; 10330 } 10331 } 10332 10333 /* Handle grayscale or RGB components. */ 10334 if ((in_ct & PNG_COLOR_MASK_COLOR) == 0) /* grayscale */ 10335 (void)gamma_component_validate("gray", &vi, 10336 sample(std, in_ct, in_bd, x, 0, 0, 0), 10337 sample(pRow, out_ct, out_bd, x, 0, 0, 0), 10338 alpha/*component*/, vi.background_red); 10339 else /* RGB or palette */ 10340 { 10341 (void)gamma_component_validate("red", &vi, 10342 in_ct == 3 ? in_palette[in_index].red : 10343 sample(std, in_ct, in_bd, x, 0, 0, 0), 10344 out_ct == 3 ? out_palette[out_index].red : 10345 sample(pRow, out_ct, out_bd, x, 0, 0, 0), 10346 alpha/*component*/, vi.background_red); 10347 10348 (void)gamma_component_validate("green", &vi, 10349 in_ct == 3 ? in_palette[in_index].green : 10350 sample(std, in_ct, in_bd, x, 1, 0, 0), 10351 out_ct == 3 ? out_palette[out_index].green : 10352 sample(pRow, out_ct, out_bd, x, 1, 0, 0), 10353 alpha/*component*/, vi.background_green); 10354 10355 (void)gamma_component_validate("blue", &vi, 10356 in_ct == 3 ? in_palette[in_index].blue : 10357 sample(std, in_ct, in_bd, x, 2, 0, 0), 10358 out_ct == 3 ? out_palette[out_index].blue : 10359 sample(pRow, out_ct, out_bd, x, 2, 0, 0), 10360 alpha/*component*/, vi.background_blue); 10361 } 10362 } 10363 } 10364 10365 else if (memcmp(std, pRow, cbRow) != 0) 10366 { 10367 char msg[64]; 10368 10369 /* No transform is expected on the threshold tests. */ 10370 sprintf(msg, "gamma: below threshold row %lu changed", 10371 (unsigned long)y); 10372 10373 png_error(pp, msg); 10374 } 10375 } /* row (y) loop */ 10376 10377 dp->this.ps->validated = 1; 10378 } 10379 10380 static void PNGCBAPI 10381 gamma_end(png_structp ppIn, png_infop pi) 10382 { 10383 png_const_structp pp = ppIn; 10384 gamma_display *dp = voidcast(gamma_display*, png_get_progressive_ptr(pp)); 10385 10386 if (!dp->this.speed) 10387 gamma_image_validate(dp, pp, pi); 10388 else 10389 dp->this.ps->validated = 1; 10390 } 10391 10392 /* A single test run checking a gamma transformation. 10393 * 10394 * maxabs: maximum absolute error as a fraction 10395 * maxout: maximum output error in the output units 10396 * maxpc: maximum percentage error (as a percentage) 10397 */ 10398 static void 10399 gamma_test(png_modifier *pmIn, const png_byte colour_typeIn, 10400 const png_byte bit_depthIn, const int palette_numberIn, 10401 const int interlace_typeIn, 10402 const double file_gammaIn, const double screen_gammaIn, 10403 const png_byte sbitIn, const int threshold_testIn, 10404 const char *name, 10405 const int use_input_precisionIn, const int scale16In, 10406 const int expand16In, const int do_backgroundIn, 10407 const png_color_16 *bkgd_colorIn, double bkgd_gammaIn) 10408 { 10409 gamma_display d; 10410 context(&pmIn->this, fault); 10411 10412 gamma_display_init(&d, pmIn, FILEID(colour_typeIn, bit_depthIn, 10413 palette_numberIn, interlace_typeIn, 0, 0, 0), 10414 file_gammaIn, screen_gammaIn, sbitIn, 10415 threshold_testIn, use_input_precisionIn, scale16In, 10416 expand16In, do_backgroundIn, bkgd_colorIn, bkgd_gammaIn); 10417 10418 Try 10419 { 10420 png_structp pp; 10421 png_infop pi; 10422 gama_modification gama_mod; 10423 srgb_modification srgb_mod; 10424 sbit_modification sbit_mod; 10425 10426 /* For the moment don't use the png_modifier support here. */ 10427 d.pm->encoding_counter = 0; 10428 modifier_set_encoding(d.pm); /* Just resets everything */ 10429 d.pm->current_gamma = d.file_gamma; 10430 10431 /* Make an appropriate modifier to set the PNG file gamma to the 10432 * given gamma value and the sBIT chunk to the given precision. 10433 */ 10434 d.pm->modifications = NULL; 10435 gama_modification_init(&gama_mod, d.pm, d.file_gamma); 10436 srgb_modification_init(&srgb_mod, d.pm, 127 /*delete*/); 10437 if (d.sbit > 0) 10438 sbit_modification_init(&sbit_mod, d.pm, d.sbit); 10439 10440 modification_reset(d.pm->modifications); 10441 10442 /* Get a png_struct for reading the image. */ 10443 pp = set_modifier_for_read(d.pm, &pi, d.this.id, name); 10444 standard_palette_init(&d.this); 10445 10446 /* Introduce the correct read function. */ 10447 if (d.pm->this.progressive) 10448 { 10449 /* Share the row function with the standard implementation. */ 10450 png_set_progressive_read_fn(pp, &d, gamma_info, progressive_row, 10451 gamma_end); 10452 10453 /* Now feed data into the reader until we reach the end: */ 10454 modifier_progressive_read(d.pm, pp, pi); 10455 } 10456 else 10457 { 10458 /* modifier_read expects a png_modifier* */ 10459 png_set_read_fn(pp, d.pm, modifier_read); 10460 10461 /* Check the header values: */ 10462 png_read_info(pp, pi); 10463 10464 /* Process the 'info' requirements. Only one image is generated */ 10465 gamma_info_imp(&d, pp, pi); 10466 10467 sequential_row(&d.this, pp, pi, -1, 0); 10468 10469 if (!d.this.speed) 10470 gamma_image_validate(&d, pp, pi); 10471 else 10472 d.this.ps->validated = 1; 10473 } 10474 10475 modifier_reset(d.pm); 10476 10477 if (d.pm->log && !d.threshold_test && !d.this.speed) 10478 fprintf(stderr, "%d bit %s %s: max error %f (%.2g, %2g%%)\n", 10479 d.this.bit_depth, colour_types[d.this.colour_type], name, 10480 d.maxerrout, d.maxerrabs, 100*d.maxerrpc); 10481 10482 /* Log the summary values too. */ 10483 if (d.this.colour_type == 0 || d.this.colour_type == 4) 10484 { 10485 switch (d.this.bit_depth) 10486 { 10487 case 1: 10488 break; 10489 10490 case 2: 10491 if (d.maxerrout > d.pm->error_gray_2) 10492 d.pm->error_gray_2 = d.maxerrout; 10493 10494 break; 10495 10496 case 4: 10497 if (d.maxerrout > d.pm->error_gray_4) 10498 d.pm->error_gray_4 = d.maxerrout; 10499 10500 break; 10501 10502 case 8: 10503 if (d.maxerrout > d.pm->error_gray_8) 10504 d.pm->error_gray_8 = d.maxerrout; 10505 10506 break; 10507 10508 case 16: 10509 if (d.maxerrout > d.pm->error_gray_16) 10510 d.pm->error_gray_16 = d.maxerrout; 10511 10512 break; 10513 10514 default: 10515 png_error(pp, "bad bit depth (internal: 1)"); 10516 } 10517 } 10518 10519 else if (d.this.colour_type == 2 || d.this.colour_type == 6) 10520 { 10521 switch (d.this.bit_depth) 10522 { 10523 case 8: 10524 10525 if (d.maxerrout > d.pm->error_color_8) 10526 d.pm->error_color_8 = d.maxerrout; 10527 10528 break; 10529 10530 case 16: 10531 10532 if (d.maxerrout > d.pm->error_color_16) 10533 d.pm->error_color_16 = d.maxerrout; 10534 10535 break; 10536 10537 default: 10538 png_error(pp, "bad bit depth (internal: 2)"); 10539 } 10540 } 10541 10542 else if (d.this.colour_type == 3) 10543 { 10544 if (d.maxerrout > d.pm->error_indexed) 10545 d.pm->error_indexed = d.maxerrout; 10546 } 10547 } 10548 10549 Catch(fault) 10550 modifier_reset(voidcast(png_modifier*,(void*)fault)); 10551 } 10552 10553 static void gamma_threshold_test(png_modifier *pm, png_byte colour_type, 10554 png_byte bit_depth, int interlace_type, double file_gamma, 10555 double screen_gamma) 10556 { 10557 size_t pos = 0; 10558 char name[64]; 10559 pos = safecat(name, sizeof name, pos, "threshold "); 10560 pos = safecatd(name, sizeof name, pos, file_gamma, 3); 10561 pos = safecat(name, sizeof name, pos, "/"); 10562 pos = safecatd(name, sizeof name, pos, screen_gamma, 3); 10563 10564 (void)gamma_test(pm, colour_type, bit_depth, 0/*palette*/, interlace_type, 10565 file_gamma, screen_gamma, 0/*sBIT*/, 1/*threshold test*/, name, 10566 0 /*no input precision*/, 10567 0 /*no scale16*/, 0 /*no expand16*/, 0 /*no background*/, 0 /*hence*/, 10568 0 /*no background gamma*/); 10569 } 10570 10571 static void 10572 perform_gamma_threshold_tests(png_modifier *pm) 10573 { 10574 png_byte colour_type = 0; 10575 png_byte bit_depth = 0; 10576 unsigned int palette_number = 0; 10577 10578 /* Don't test more than one instance of each palette - it's pointless, in 10579 * fact this test is somewhat excessive since libpng doesn't make this 10580 * decision based on colour type or bit depth! 10581 * 10582 * CHANGED: now test two palettes and, as a side effect, images with and 10583 * without tRNS. 10584 */ 10585 while (next_format(&colour_type, &bit_depth, &palette_number, 10586 pm->test_lbg_gamma_threshold, pm->test_tRNS)) 10587 if (palette_number < 2) 10588 { 10589 double test_gamma = 1.0; 10590 while (test_gamma >= .4) 10591 { 10592 /* There's little point testing the interlacing vs non-interlacing, 10593 * but this can be set from the command line. 10594 */ 10595 gamma_threshold_test(pm, colour_type, bit_depth, pm->interlace_type, 10596 test_gamma, 1/test_gamma); 10597 test_gamma *= .95; 10598 } 10599 10600 /* And a special test for sRGB */ 10601 gamma_threshold_test(pm, colour_type, bit_depth, pm->interlace_type, 10602 .45455, 2.2); 10603 10604 if (fail(pm)) 10605 return; 10606 } 10607 } 10608 10609 static void gamma_transform_test(png_modifier *pm, 10610 const png_byte colour_type, const png_byte bit_depth, 10611 const int palette_number, 10612 const int interlace_type, const double file_gamma, 10613 const double screen_gamma, const png_byte sbit, 10614 const int use_input_precision, const int scale16) 10615 { 10616 size_t pos = 0; 10617 char name[64]; 10618 10619 if (sbit != bit_depth && sbit != 0) 10620 { 10621 pos = safecat(name, sizeof name, pos, "sbit("); 10622 pos = safecatn(name, sizeof name, pos, sbit); 10623 pos = safecat(name, sizeof name, pos, ") "); 10624 } 10625 10626 else 10627 pos = safecat(name, sizeof name, pos, "gamma "); 10628 10629 if (scale16) 10630 pos = safecat(name, sizeof name, pos, "16to8 "); 10631 10632 pos = safecatd(name, sizeof name, pos, file_gamma, 3); 10633 pos = safecat(name, sizeof name, pos, "->"); 10634 pos = safecatd(name, sizeof name, pos, screen_gamma, 3); 10635 10636 gamma_test(pm, colour_type, bit_depth, palette_number, interlace_type, 10637 file_gamma, screen_gamma, sbit, 0, name, use_input_precision, 10638 scale16, pm->test_gamma_expand16, 0 , 0, 0); 10639 } 10640 10641 static void perform_gamma_transform_tests(png_modifier *pm) 10642 { 10643 png_byte colour_type = 0; 10644 png_byte bit_depth = 0; 10645 unsigned int palette_number = 0; 10646 10647 while (next_format(&colour_type, &bit_depth, &palette_number, 10648 pm->test_lbg_gamma_transform, pm->test_tRNS)) 10649 { 10650 unsigned int i, j; 10651 10652 for (i=0; i<pm->ngamma_tests; ++i) for (j=0; j<pm->ngamma_tests; ++j) 10653 if (i != j) 10654 { 10655 gamma_transform_test(pm, colour_type, bit_depth, palette_number, 10656 pm->interlace_type, 1/pm->gammas[i], pm->gammas[j], 0/*sBIT*/, 10657 pm->use_input_precision, 0 /*do not scale16*/); 10658 10659 if (fail(pm)) 10660 return; 10661 } 10662 } 10663 } 10664 10665 static void perform_gamma_sbit_tests(png_modifier *pm) 10666 { 10667 png_byte sbit; 10668 10669 /* The only interesting cases are colour and grayscale, alpha is ignored here 10670 * for overall speed. Only bit depths where sbit is less than the bit depth 10671 * are tested. 10672 */ 10673 for (sbit=pm->sbitlow; sbit<(1<<READ_BDHI); ++sbit) 10674 { 10675 png_byte colour_type = 0, bit_depth = 0; 10676 unsigned int npalette = 0; 10677 10678 while (next_format(&colour_type, &bit_depth, &npalette, 10679 pm->test_lbg_gamma_sbit, pm->test_tRNS)) 10680 if ((colour_type & PNG_COLOR_MASK_ALPHA) == 0 && 10681 ((colour_type == 3 && sbit < 8) || 10682 (colour_type != 3 && sbit < bit_depth))) 10683 { 10684 unsigned int i; 10685 10686 for (i=0; i<pm->ngamma_tests; ++i) 10687 { 10688 unsigned int j; 10689 10690 for (j=0; j<pm->ngamma_tests; ++j) if (i != j) 10691 { 10692 gamma_transform_test(pm, colour_type, bit_depth, npalette, 10693 pm->interlace_type, 1/pm->gammas[i], pm->gammas[j], 10694 sbit, pm->use_input_precision_sbit, 0 /*scale16*/); 10695 10696 if (fail(pm)) 10697 return; 10698 } 10699 } 10700 } 10701 } 10702 } 10703 10704 /* Note that this requires a 16 bit source image but produces 8 bit output, so 10705 * we only need the 16bit write support, but the 16 bit images are only 10706 * generated if DO_16BIT is defined. 10707 */ 10708 #ifdef DO_16BIT 10709 static void perform_gamma_scale16_tests(png_modifier *pm) 10710 { 10711 # ifndef PNG_MAX_GAMMA_8 10712 # define PNG_MAX_GAMMA_8 11 10713 # endif 10714 # if defined PNG_MAX_GAMMA_8 || PNG_LIBPNG_VER < 10700 10715 # define SBIT_16_TO_8 PNG_MAX_GAMMA_8 10716 # else 10717 # define SBIT_16_TO_8 16 10718 # endif 10719 /* Include the alpha cases here. Note that sbit matches the internal value 10720 * used by the library - otherwise we will get spurious errors from the 10721 * internal sbit style approximation. 10722 * 10723 * The threshold test is here because otherwise the 16 to 8 conversion will 10724 * proceed *without* gamma correction, and the tests above will fail (but not 10725 * by much) - this could be fixed, it only appears with the -g option. 10726 */ 10727 unsigned int i, j; 10728 for (i=0; i<pm->ngamma_tests; ++i) 10729 { 10730 for (j=0; j<pm->ngamma_tests; ++j) 10731 { 10732 if (i != j && 10733 fabs(pm->gammas[j]/pm->gammas[i]-1) >= PNG_GAMMA_THRESHOLD) 10734 { 10735 gamma_transform_test(pm, 0, 16, 0, pm->interlace_type, 10736 1/pm->gammas[i], pm->gammas[j], SBIT_16_TO_8, 10737 pm->use_input_precision_16to8, 1 /*scale16*/); 10738 10739 if (fail(pm)) 10740 return; 10741 10742 gamma_transform_test(pm, 2, 16, 0, pm->interlace_type, 10743 1/pm->gammas[i], pm->gammas[j], SBIT_16_TO_8, 10744 pm->use_input_precision_16to8, 1 /*scale16*/); 10745 10746 if (fail(pm)) 10747 return; 10748 10749 gamma_transform_test(pm, 4, 16, 0, pm->interlace_type, 10750 1/pm->gammas[i], pm->gammas[j], SBIT_16_TO_8, 10751 pm->use_input_precision_16to8, 1 /*scale16*/); 10752 10753 if (fail(pm)) 10754 return; 10755 10756 gamma_transform_test(pm, 6, 16, 0, pm->interlace_type, 10757 1/pm->gammas[i], pm->gammas[j], SBIT_16_TO_8, 10758 pm->use_input_precision_16to8, 1 /*scale16*/); 10759 10760 if (fail(pm)) 10761 return; 10762 } 10763 } 10764 } 10765 } 10766 #endif /* 16 to 8 bit conversion */ 10767 10768 #if defined(PNG_READ_BACKGROUND_SUPPORTED) ||\ 10769 defined(PNG_READ_ALPHA_MODE_SUPPORTED) 10770 static void gamma_composition_test(png_modifier *pm, 10771 const png_byte colour_type, const png_byte bit_depth, 10772 const int palette_number, 10773 const int interlace_type, const double file_gamma, 10774 const double screen_gamma, 10775 const int use_input_precision, const int do_background, 10776 const int expand_16) 10777 { 10778 size_t pos = 0; 10779 png_const_charp base; 10780 double bg; 10781 char name[128]; 10782 png_color_16 background; 10783 10784 /* Make up a name and get an appropriate background gamma value. */ 10785 switch (do_background) 10786 { 10787 default: 10788 base = ""; 10789 bg = 4; /* should not be used */ 10790 break; 10791 case PNG_BACKGROUND_GAMMA_SCREEN: 10792 base = " bckg(Screen):"; 10793 bg = 1/screen_gamma; 10794 break; 10795 case PNG_BACKGROUND_GAMMA_FILE: 10796 base = " bckg(File):"; 10797 bg = file_gamma; 10798 break; 10799 case PNG_BACKGROUND_GAMMA_UNIQUE: 10800 base = " bckg(Unique):"; 10801 /* This tests the handling of a unique value, the math is such that the 10802 * value tends to be <1, but is neither screen nor file (even if they 10803 * match!) 10804 */ 10805 bg = (file_gamma + screen_gamma) / 3; 10806 break; 10807 #ifdef PNG_READ_ALPHA_MODE_SUPPORTED 10808 case ALPHA_MODE_OFFSET + PNG_ALPHA_PNG: 10809 base = " alpha(PNG)"; 10810 bg = 4; /* should not be used */ 10811 break; 10812 case ALPHA_MODE_OFFSET + PNG_ALPHA_STANDARD: 10813 base = " alpha(Porter-Duff)"; 10814 bg = 4; /* should not be used */ 10815 break; 10816 case ALPHA_MODE_OFFSET + PNG_ALPHA_OPTIMIZED: 10817 base = " alpha(Optimized)"; 10818 bg = 4; /* should not be used */ 10819 break; 10820 case ALPHA_MODE_OFFSET + PNG_ALPHA_BROKEN: 10821 base = " alpha(Broken)"; 10822 bg = 4; /* should not be used */ 10823 break; 10824 #endif 10825 } 10826 10827 /* Use random background values - the background is always presented in the 10828 * output space (8 or 16 bit components). 10829 */ 10830 if (expand_16 || bit_depth == 16) 10831 { 10832 png_uint_32 r = random_32(); 10833 10834 background.red = (png_uint_16)r; 10835 background.green = (png_uint_16)(r >> 16); 10836 r = random_32(); 10837 background.blue = (png_uint_16)r; 10838 background.gray = (png_uint_16)(r >> 16); 10839 10840 /* In earlier libpng versions, those where DIGITIZE is set, any background 10841 * gamma correction in the expand16 case was done using 8-bit gamma 10842 * correction tables, resulting in larger errors. To cope with those 10843 * cases use a 16-bit background value which will handle this gamma 10844 * correction. 10845 */ 10846 # if DIGITIZE 10847 if (expand_16 && (do_background == PNG_BACKGROUND_GAMMA_UNIQUE || 10848 do_background == PNG_BACKGROUND_GAMMA_FILE) && 10849 fabs(bg*screen_gamma-1) > PNG_GAMMA_THRESHOLD) 10850 { 10851 /* The background values will be looked up in an 8-bit table to do 10852 * the gamma correction, so only select values which are an exact 10853 * match for the 8-bit table entries: 10854 */ 10855 background.red = (png_uint_16)((background.red >> 8) * 257); 10856 background.green = (png_uint_16)((background.green >> 8) * 257); 10857 background.blue = (png_uint_16)((background.blue >> 8) * 257); 10858 background.gray = (png_uint_16)((background.gray >> 8) * 257); 10859 } 10860 # endif 10861 } 10862 10863 else /* 8 bit colors */ 10864 { 10865 png_uint_32 r = random_32(); 10866 10867 background.red = (png_byte)r; 10868 background.green = (png_byte)(r >> 8); 10869 background.blue = (png_byte)(r >> 16); 10870 background.gray = (png_byte)(r >> 24); 10871 } 10872 10873 background.index = 193; /* rgb(193,193,193) to detect errors */ 10874 10875 if (!(colour_type & PNG_COLOR_MASK_COLOR)) 10876 { 10877 /* Because, currently, png_set_background is always called with 10878 * 'need_expand' false in this case and because the gamma test itself 10879 * doesn't cause an expand to 8-bit for lower bit depths the colour must 10880 * be reduced to the correct range. 10881 */ 10882 if (bit_depth < 8) 10883 background.gray &= (png_uint_16)((1U << bit_depth)-1); 10884 10885 /* Grayscale input, we do not convert to RGB (TBD), so we must set the 10886 * background to gray - else libpng seems to fail. 10887 */ 10888 background.red = background.green = background.blue = background.gray; 10889 } 10890 10891 pos = safecat(name, sizeof name, pos, "gamma "); 10892 pos = safecatd(name, sizeof name, pos, file_gamma, 3); 10893 pos = safecat(name, sizeof name, pos, "->"); 10894 pos = safecatd(name, sizeof name, pos, screen_gamma, 3); 10895 10896 pos = safecat(name, sizeof name, pos, base); 10897 if (do_background < ALPHA_MODE_OFFSET) 10898 { 10899 /* Include the background color and gamma in the name: */ 10900 pos = safecat(name, sizeof name, pos, "("); 10901 /* This assumes no expand gray->rgb - the current code won't handle that! 10902 */ 10903 if (colour_type & PNG_COLOR_MASK_COLOR) 10904 { 10905 pos = safecatn(name, sizeof name, pos, background.red); 10906 pos = safecat(name, sizeof name, pos, ","); 10907 pos = safecatn(name, sizeof name, pos, background.green); 10908 pos = safecat(name, sizeof name, pos, ","); 10909 pos = safecatn(name, sizeof name, pos, background.blue); 10910 } 10911 else 10912 pos = safecatn(name, sizeof name, pos, background.gray); 10913 pos = safecat(name, sizeof name, pos, ")^"); 10914 pos = safecatd(name, sizeof name, pos, bg, 3); 10915 } 10916 10917 gamma_test(pm, colour_type, bit_depth, palette_number, interlace_type, 10918 file_gamma, screen_gamma, 0/*sBIT*/, 0, name, use_input_precision, 10919 0/*strip 16*/, expand_16, do_background, &background, bg); 10920 } 10921 10922 10923 static void 10924 perform_gamma_composition_tests(png_modifier *pm, int do_background, 10925 int expand_16) 10926 { 10927 png_byte colour_type = 0; 10928 png_byte bit_depth = 0; 10929 unsigned int palette_number = 0; 10930 10931 /* Skip the non-alpha cases - there is no setting of a transparency colour at 10932 * present. 10933 * 10934 * TODO: incorrect; the palette case sets tRNS and, now RGB and gray do, 10935 * however the palette case fails miserably so is commented out below. 10936 */ 10937 while (next_format(&colour_type, &bit_depth, &palette_number, 10938 pm->test_lbg_gamma_composition, pm->test_tRNS)) 10939 if ((colour_type & PNG_COLOR_MASK_ALPHA) != 0 10940 #if 0 /* TODO: FIXME */ 10941 /*TODO: FIXME: this should work */ 10942 || colour_type == 3 10943 #endif 10944 || (colour_type != 3 && palette_number != 0)) 10945 { 10946 unsigned int i, j; 10947 10948 /* Don't skip the i==j case here - it's relevant. */ 10949 for (i=0; i<pm->ngamma_tests; ++i) for (j=0; j<pm->ngamma_tests; ++j) 10950 { 10951 gamma_composition_test(pm, colour_type, bit_depth, palette_number, 10952 pm->interlace_type, 1/pm->gammas[i], pm->gammas[j], 10953 pm->use_input_precision, do_background, expand_16); 10954 10955 if (fail(pm)) 10956 return; 10957 } 10958 } 10959 } 10960 #endif /* READ_BACKGROUND || READ_ALPHA_MODE */ 10961 10962 static void 10963 init_gamma_errors(png_modifier *pm) 10964 { 10965 /* Use -1 to catch tests that were not actually run */ 10966 pm->error_gray_2 = pm->error_gray_4 = pm->error_gray_8 = -1.; 10967 pm->error_color_8 = -1.; 10968 pm->error_indexed = -1.; 10969 pm->error_gray_16 = pm->error_color_16 = -1.; 10970 } 10971 10972 static void 10973 print_one(const char *leader, double err) 10974 { 10975 if (err != -1.) 10976 printf(" %s %.5f\n", leader, err); 10977 } 10978 10979 static void 10980 summarize_gamma_errors(png_modifier *pm, png_const_charp who, int low_bit_depth, 10981 int indexed) 10982 { 10983 fflush(stderr); 10984 10985 if (who) 10986 printf("\nGamma correction with %s:\n", who); 10987 10988 else 10989 printf("\nBasic gamma correction:\n"); 10990 10991 if (low_bit_depth) 10992 { 10993 print_one(" 2 bit gray: ", pm->error_gray_2); 10994 print_one(" 4 bit gray: ", pm->error_gray_4); 10995 print_one(" 8 bit gray: ", pm->error_gray_8); 10996 print_one(" 8 bit color:", pm->error_color_8); 10997 if (indexed) 10998 print_one(" indexed: ", pm->error_indexed); 10999 } 11000 11001 print_one("16 bit gray: ", pm->error_gray_16); 11002 print_one("16 bit color:", pm->error_color_16); 11003 11004 fflush(stdout); 11005 } 11006 11007 static void 11008 perform_gamma_test(png_modifier *pm, int summary) 11009 { 11010 /*TODO: remove this*/ 11011 /* Save certain values for the temporary overrides below. */ 11012 unsigned int calculations_use_input_precision = 11013 pm->calculations_use_input_precision; 11014 # ifdef PNG_READ_BACKGROUND_SUPPORTED 11015 double maxout8 = pm->maxout8; 11016 # endif 11017 11018 /* First some arbitrary no-transform tests: */ 11019 if (!pm->this.speed && pm->test_gamma_threshold) 11020 { 11021 perform_gamma_threshold_tests(pm); 11022 11023 if (fail(pm)) 11024 return; 11025 } 11026 11027 /* Now some real transforms. */ 11028 if (pm->test_gamma_transform) 11029 { 11030 if (summary) 11031 { 11032 fflush(stderr); 11033 printf("Gamma correction error summary\n\n"); 11034 printf("The printed value is the maximum error in the pixel values\n"); 11035 printf("calculated by the libpng gamma correction code. The error\n"); 11036 printf("is calculated as the difference between the output pixel\n"); 11037 printf("value (always an integer) and the ideal value from the\n"); 11038 printf("libpng specification (typically not an integer).\n\n"); 11039 11040 printf("Expect this value to be less than .5 for 8 bit formats,\n"); 11041 printf("less than 1 for formats with fewer than 8 bits and a small\n"); 11042 printf("number (typically less than 5) for the 16 bit formats.\n"); 11043 printf("For performance reasons the value for 16 bit formats\n"); 11044 printf("increases when the image file includes an sBIT chunk.\n"); 11045 fflush(stdout); 11046 } 11047 11048 init_gamma_errors(pm); 11049 /*TODO: remove this. Necessary because the current libpng 11050 * implementation works in 8 bits: 11051 */ 11052 if (pm->test_gamma_expand16) 11053 pm->calculations_use_input_precision = 1; 11054 perform_gamma_transform_tests(pm); 11055 if (!calculations_use_input_precision) 11056 pm->calculations_use_input_precision = 0; 11057 11058 if (summary) 11059 summarize_gamma_errors(pm, 0/*who*/, 1/*low bit depth*/, 1/*indexed*/); 11060 11061 if (fail(pm)) 11062 return; 11063 } 11064 11065 /* The sbit tests produce much larger errors: */ 11066 if (pm->test_gamma_sbit) 11067 { 11068 init_gamma_errors(pm); 11069 perform_gamma_sbit_tests(pm); 11070 11071 if (summary) 11072 summarize_gamma_errors(pm, "sBIT", pm->sbitlow < 8U, 1/*indexed*/); 11073 11074 if (fail(pm)) 11075 return; 11076 } 11077 11078 #ifdef DO_16BIT /* Should be READ_16BIT_SUPPORTED */ 11079 if (pm->test_gamma_scale16) 11080 { 11081 /* The 16 to 8 bit strip operations: */ 11082 init_gamma_errors(pm); 11083 perform_gamma_scale16_tests(pm); 11084 11085 if (summary) 11086 { 11087 fflush(stderr); 11088 printf("\nGamma correction with 16 to 8 bit reduction:\n"); 11089 printf(" 16 bit gray: %.5f\n", pm->error_gray_16); 11090 printf(" 16 bit color: %.5f\n", pm->error_color_16); 11091 fflush(stdout); 11092 } 11093 11094 if (fail(pm)) 11095 return; 11096 } 11097 #endif 11098 11099 #ifdef PNG_READ_BACKGROUND_SUPPORTED 11100 if (pm->test_gamma_background) 11101 { 11102 init_gamma_errors(pm); 11103 11104 /*TODO: remove this. Necessary because the current libpng 11105 * implementation works in 8 bits: 11106 */ 11107 if (pm->test_gamma_expand16) 11108 { 11109 pm->calculations_use_input_precision = 1; 11110 pm->maxout8 = .499; /* because the 16 bit background is smashed */ 11111 } 11112 perform_gamma_composition_tests(pm, PNG_BACKGROUND_GAMMA_UNIQUE, 11113 pm->test_gamma_expand16); 11114 if (!calculations_use_input_precision) 11115 pm->calculations_use_input_precision = 0; 11116 pm->maxout8 = maxout8; 11117 11118 if (summary) 11119 summarize_gamma_errors(pm, "background", 1, 0/*indexed*/); 11120 11121 if (fail(pm)) 11122 return; 11123 } 11124 #endif 11125 11126 #ifdef PNG_READ_ALPHA_MODE_SUPPORTED 11127 if (pm->test_gamma_alpha_mode) 11128 { 11129 int do_background; 11130 11131 init_gamma_errors(pm); 11132 11133 /*TODO: remove this. Necessary because the current libpng 11134 * implementation works in 8 bits: 11135 */ 11136 if (pm->test_gamma_expand16) 11137 pm->calculations_use_input_precision = 1; 11138 for (do_background = ALPHA_MODE_OFFSET + PNG_ALPHA_STANDARD; 11139 do_background <= ALPHA_MODE_OFFSET + PNG_ALPHA_BROKEN && !fail(pm); 11140 ++do_background) 11141 perform_gamma_composition_tests(pm, do_background, 11142 pm->test_gamma_expand16); 11143 if (!calculations_use_input_precision) 11144 pm->calculations_use_input_precision = 0; 11145 11146 if (summary) 11147 summarize_gamma_errors(pm, "alpha mode", 1, 0/*indexed*/); 11148 11149 if (fail(pm)) 11150 return; 11151 } 11152 #endif 11153 } 11154 #endif /* PNG_READ_GAMMA_SUPPORTED */ 11155 #endif /* PNG_READ_SUPPORTED */ 11156 11157 /* INTERLACE MACRO VALIDATION */ 11158 /* This is copied verbatim from the specification, it is simply the pass 11159 * number in which each pixel in each 8x8 tile appears. The array must 11160 * be indexed adam7[y][x] and notice that the pass numbers are based at 11161 * 1, not 0 - the base libpng uses. 11162 */ 11163 static const 11164 png_byte adam7[8][8] = 11165 { 11166 { 1,6,4,6,2,6,4,6 }, 11167 { 7,7,7,7,7,7,7,7 }, 11168 { 5,6,5,6,5,6,5,6 }, 11169 { 7,7,7,7,7,7,7,7 }, 11170 { 3,6,4,6,3,6,4,6 }, 11171 { 7,7,7,7,7,7,7,7 }, 11172 { 5,6,5,6,5,6,5,6 }, 11173 { 7,7,7,7,7,7,7,7 } 11174 }; 11175 11176 /* This routine validates all the interlace support macros in png.h for 11177 * a variety of valid PNG widths and heights. It uses a number of similarly 11178 * named internal routines that feed off the above array. 11179 */ 11180 static png_uint_32 11181 png_pass_start_row(int pass) 11182 { 11183 int x, y; 11184 ++pass; 11185 for (y=0; y<8; ++y) for (x=0; x<8; ++x) if (adam7[y][x] == pass) 11186 return y; 11187 return 0xf; 11188 } 11189 11190 static png_uint_32 11191 png_pass_start_col(int pass) 11192 { 11193 int x, y; 11194 ++pass; 11195 for (x=0; x<8; ++x) for (y=0; y<8; ++y) if (adam7[y][x] == pass) 11196 return x; 11197 return 0xf; 11198 } 11199 11200 static int 11201 png_pass_row_shift(int pass) 11202 { 11203 int x, y, base=(-1), inc=8; 11204 ++pass; 11205 for (y=0; y<8; ++y) for (x=0; x<8; ++x) if (adam7[y][x] == pass) 11206 { 11207 if (base == (-1)) 11208 base = y; 11209 else if (base == y) 11210 {} 11211 else if (inc == y-base) 11212 base=y; 11213 else if (inc == 8) 11214 inc = y-base, base=y; 11215 else if (inc != y-base) 11216 return 0xff; /* error - more than one 'inc' value! */ 11217 } 11218 11219 if (base == (-1)) return 0xfe; /* error - no row in pass! */ 11220 11221 /* The shift is always 1, 2 or 3 - no pass has all the rows! */ 11222 switch (inc) 11223 { 11224 case 2: return 1; 11225 case 4: return 2; 11226 case 8: return 3; 11227 default: break; 11228 } 11229 11230 /* error - unrecognized 'inc' */ 11231 return (inc << 8) + 0xfd; 11232 } 11233 11234 static int 11235 png_pass_col_shift(int pass) 11236 { 11237 int x, y, base=(-1), inc=8; 11238 ++pass; 11239 for (x=0; x<8; ++x) for (y=0; y<8; ++y) if (adam7[y][x] == pass) 11240 { 11241 if (base == (-1)) 11242 base = x; 11243 else if (base == x) 11244 {} 11245 else if (inc == x-base) 11246 base=x; 11247 else if (inc == 8) 11248 inc = x-base, base=x; 11249 else if (inc != x-base) 11250 return 0xff; /* error - more than one 'inc' value! */ 11251 } 11252 11253 if (base == (-1)) return 0xfe; /* error - no row in pass! */ 11254 11255 /* The shift is always 1, 2 or 3 - no pass has all the rows! */ 11256 switch (inc) 11257 { 11258 case 1: return 0; /* pass 7 has all the columns */ 11259 case 2: return 1; 11260 case 4: return 2; 11261 case 8: return 3; 11262 default: break; 11263 } 11264 11265 /* error - unrecognized 'inc' */ 11266 return (inc << 8) + 0xfd; 11267 } 11268 11269 static png_uint_32 11270 png_row_from_pass_row(png_uint_32 yIn, int pass) 11271 { 11272 /* By examination of the array: */ 11273 switch (pass) 11274 { 11275 case 0: return yIn * 8; 11276 case 1: return yIn * 8; 11277 case 2: return yIn * 8 + 4; 11278 case 3: return yIn * 4; 11279 case 4: return yIn * 4 + 2; 11280 case 5: return yIn * 2; 11281 case 6: return yIn * 2 + 1; 11282 default: break; 11283 } 11284 11285 return 0xff; /* bad pass number */ 11286 } 11287 11288 static png_uint_32 11289 png_col_from_pass_col(png_uint_32 xIn, int pass) 11290 { 11291 /* By examination of the array: */ 11292 switch (pass) 11293 { 11294 case 0: return xIn * 8; 11295 case 1: return xIn * 8 + 4; 11296 case 2: return xIn * 4; 11297 case 3: return xIn * 4 + 2; 11298 case 4: return xIn * 2; 11299 case 5: return xIn * 2 + 1; 11300 case 6: return xIn; 11301 default: break; 11302 } 11303 11304 return 0xff; /* bad pass number */ 11305 } 11306 11307 static int 11308 png_row_in_interlace_pass(png_uint_32 y, int pass) 11309 { 11310 /* Is row 'y' in pass 'pass'? */ 11311 int x; 11312 y &= 7; 11313 ++pass; 11314 for (x=0; x<8; ++x) if (adam7[y][x] == pass) 11315 return 1; 11316 11317 return 0; 11318 } 11319 11320 static int 11321 png_col_in_interlace_pass(png_uint_32 x, int pass) 11322 { 11323 /* Is column 'x' in pass 'pass'? */ 11324 int y; 11325 x &= 7; 11326 ++pass; 11327 for (y=0; y<8; ++y) if (adam7[y][x] == pass) 11328 return 1; 11329 11330 return 0; 11331 } 11332 11333 static png_uint_32 11334 png_pass_rows(png_uint_32 height, int pass) 11335 { 11336 png_uint_32 tiles = height>>3; 11337 png_uint_32 rows = 0; 11338 unsigned int x, y; 11339 11340 height &= 7; 11341 ++pass; 11342 for (y=0; y<8; ++y) for (x=0; x<8; ++x) if (adam7[y][x] == pass) 11343 { 11344 rows += tiles; 11345 if (y < height) ++rows; 11346 break; /* i.e. break the 'x', column, loop. */ 11347 } 11348 11349 return rows; 11350 } 11351 11352 static png_uint_32 11353 png_pass_cols(png_uint_32 width, int pass) 11354 { 11355 png_uint_32 tiles = width>>3; 11356 png_uint_32 cols = 0; 11357 unsigned int x, y; 11358 11359 width &= 7; 11360 ++pass; 11361 for (x=0; x<8; ++x) for (y=0; y<8; ++y) if (adam7[y][x] == pass) 11362 { 11363 cols += tiles; 11364 if (x < width) ++cols; 11365 break; /* i.e. break the 'y', row, loop. */ 11366 } 11367 11368 return cols; 11369 } 11370 11371 static void 11372 perform_interlace_macro_validation(void) 11373 { 11374 /* The macros to validate, first those that depend only on pass: 11375 * 11376 * PNG_PASS_START_ROW(pass) 11377 * PNG_PASS_START_COL(pass) 11378 * PNG_PASS_ROW_SHIFT(pass) 11379 * PNG_PASS_COL_SHIFT(pass) 11380 */ 11381 int pass; 11382 11383 for (pass=0; pass<7; ++pass) 11384 { 11385 png_uint_32 m, f, v; 11386 11387 m = PNG_PASS_START_ROW(pass); 11388 f = png_pass_start_row(pass); 11389 if (m != f) 11390 { 11391 fprintf(stderr, "PNG_PASS_START_ROW(%d) = %u != %x\n", pass, m, f); 11392 exit(99); 11393 } 11394 11395 m = PNG_PASS_START_COL(pass); 11396 f = png_pass_start_col(pass); 11397 if (m != f) 11398 { 11399 fprintf(stderr, "PNG_PASS_START_COL(%d) = %u != %x\n", pass, m, f); 11400 exit(99); 11401 } 11402 11403 m = PNG_PASS_ROW_SHIFT(pass); 11404 f = png_pass_row_shift(pass); 11405 if (m != f) 11406 { 11407 fprintf(stderr, "PNG_PASS_ROW_SHIFT(%d) = %u != %x\n", pass, m, f); 11408 exit(99); 11409 } 11410 11411 m = PNG_PASS_COL_SHIFT(pass); 11412 f = png_pass_col_shift(pass); 11413 if (m != f) 11414 { 11415 fprintf(stderr, "PNG_PASS_COL_SHIFT(%d) = %u != %x\n", pass, m, f); 11416 exit(99); 11417 } 11418 11419 /* Macros that depend on the image or sub-image height too: 11420 * 11421 * PNG_PASS_ROWS(height, pass) 11422 * PNG_PASS_COLS(width, pass) 11423 * PNG_ROW_FROM_PASS_ROW(yIn, pass) 11424 * PNG_COL_FROM_PASS_COL(xIn, pass) 11425 * PNG_ROW_IN_INTERLACE_PASS(y, pass) 11426 * PNG_COL_IN_INTERLACE_PASS(x, pass) 11427 */ 11428 for (v=0;;) 11429 { 11430 /* First the base 0 stuff: */ 11431 m = PNG_ROW_FROM_PASS_ROW(v, pass); 11432 f = png_row_from_pass_row(v, pass); 11433 if (m != f) 11434 { 11435 fprintf(stderr, "PNG_ROW_FROM_PASS_ROW(%u, %d) = %u != %x\n", 11436 v, pass, m, f); 11437 exit(99); 11438 } 11439 11440 m = PNG_COL_FROM_PASS_COL(v, pass); 11441 f = png_col_from_pass_col(v, pass); 11442 if (m != f) 11443 { 11444 fprintf(stderr, "PNG_COL_FROM_PASS_COL(%u, %d) = %u != %x\n", 11445 v, pass, m, f); 11446 exit(99); 11447 } 11448 11449 m = PNG_ROW_IN_INTERLACE_PASS(v, pass); 11450 f = png_row_in_interlace_pass(v, pass); 11451 if (m != f) 11452 { 11453 fprintf(stderr, "PNG_ROW_IN_INTERLACE_PASS(%u, %d) = %u != %x\n", 11454 v, pass, m, f); 11455 exit(99); 11456 } 11457 11458 m = PNG_COL_IN_INTERLACE_PASS(v, pass); 11459 f = png_col_in_interlace_pass(v, pass); 11460 if (m != f) 11461 { 11462 fprintf(stderr, "PNG_COL_IN_INTERLACE_PASS(%u, %d) = %u != %x\n", 11463 v, pass, m, f); 11464 exit(99); 11465 } 11466 11467 /* Then the base 1 stuff: */ 11468 ++v; 11469 m = PNG_PASS_ROWS(v, pass); 11470 f = png_pass_rows(v, pass); 11471 if (m != f) 11472 { 11473 fprintf(stderr, "PNG_PASS_ROWS(%u, %d) = %u != %x\n", 11474 v, pass, m, f); 11475 exit(99); 11476 } 11477 11478 m = PNG_PASS_COLS(v, pass); 11479 f = png_pass_cols(v, pass); 11480 if (m != f) 11481 { 11482 fprintf(stderr, "PNG_PASS_COLS(%u, %d) = %u != %x\n", 11483 v, pass, m, f); 11484 exit(99); 11485 } 11486 11487 /* Move to the next v - the stepping algorithm starts skipping 11488 * values above 1024. 11489 */ 11490 if (v > 1024) 11491 { 11492 if (v == PNG_UINT_31_MAX) 11493 break; 11494 11495 v = (v << 1) ^ v; 11496 if (v >= PNG_UINT_31_MAX) 11497 v = PNG_UINT_31_MAX-1; 11498 } 11499 } 11500 } 11501 } 11502 11503 /* Test color encodings. These values are back-calculated from the published 11504 * chromaticities. The values are accurate to about 14 decimal places; 15 are 11505 * given. These values are much more accurate than the ones given in the spec, 11506 * which typically don't exceed 4 decimal places. This allows testing of the 11507 * libpng code to its theoretical accuracy of 4 decimal places. (If pngvalid 11508 * used the published errors the 'slack' permitted would have to be +/-.5E-4 or 11509 * more.) 11510 * 11511 * The png_modifier code assumes that encodings[0] is sRGB and treats it 11512 * specially: do not change the first entry in this list! 11513 */ 11514 static const color_encoding test_encodings[] = 11515 { 11516 /* sRGB: must be first in this list! */ 11517 /*gamma:*/ { 1/2.2, 11518 /*red: */ { 0.412390799265959, 0.212639005871510, 0.019330818715592 }, 11519 /*green:*/ { 0.357584339383878, 0.715168678767756, 0.119194779794626 }, 11520 /*blue: */ { 0.180480788401834, 0.072192315360734, 0.950532152249660} }, 11521 /* Kodak ProPhoto (wide gamut) */ 11522 /*gamma:*/ { 1/1.6 /*approximate: uses 1.8 power law compared to sRGB 2.4*/, 11523 /*red: */ { 0.797760489672303, 0.288071128229293, 0.000000000000000 }, 11524 /*green:*/ { 0.135185837175740, 0.711843217810102, 0.000000000000000 }, 11525 /*blue: */ { 0.031349349581525, 0.000085653960605, 0.825104602510460} }, 11526 /* Adobe RGB (1998) */ 11527 /*gamma:*/ { 1/(2+51./256), 11528 /*red: */ { 0.576669042910131, 0.297344975250536, 0.027031361386412 }, 11529 /*green:*/ { 0.185558237906546, 0.627363566255466, 0.070688852535827 }, 11530 /*blue: */ { 0.188228646234995, 0.075291458493998, 0.991337536837639} }, 11531 /* Adobe Wide Gamut RGB */ 11532 /*gamma:*/ { 1/(2+51./256), 11533 /*red: */ { 0.716500716779386, 0.258728243040113, 0.000000000000000 }, 11534 /*green:*/ { 0.101020574397477, 0.724682314948566, 0.051211818965388 }, 11535 /*blue: */ { 0.146774385252705, 0.016589442011321, 0.773892783545073} }, 11536 /* Fake encoding which selects just the green channel */ 11537 /*gamma:*/ { 1.45/2.2, /* the 'Mac' gamma */ 11538 /*red: */ { 0.716500716779386, 0.000000000000000, 0.000000000000000 }, 11539 /*green:*/ { 0.101020574397477, 1.000000000000000, 0.051211818965388 }, 11540 /*blue: */ { 0.146774385252705, 0.000000000000000, 0.773892783545073} }, 11541 }; 11542 11543 /* signal handler 11544 * 11545 * This attempts to trap signals and escape without crashing. It needs a 11546 * context pointer so that it can throw an exception (call longjmp) to recover 11547 * from the condition; this is handled by making the png_modifier used by 'main' 11548 * into a global variable. 11549 */ 11550 static png_modifier pm; 11551 11552 static void signal_handler(int signum) 11553 { 11554 11555 size_t pos = 0; 11556 char msg[64]; 11557 11558 pos = safecat(msg, sizeof msg, pos, "caught signal: "); 11559 11560 switch (signum) 11561 { 11562 case SIGABRT: 11563 pos = safecat(msg, sizeof msg, pos, "abort"); 11564 break; 11565 11566 case SIGFPE: 11567 pos = safecat(msg, sizeof msg, pos, "floating point exception"); 11568 break; 11569 11570 case SIGILL: 11571 pos = safecat(msg, sizeof msg, pos, "illegal instruction"); 11572 break; 11573 11574 case SIGINT: 11575 pos = safecat(msg, sizeof msg, pos, "interrupt"); 11576 break; 11577 11578 case SIGSEGV: 11579 pos = safecat(msg, sizeof msg, pos, "invalid memory access"); 11580 break; 11581 11582 case SIGTERM: 11583 pos = safecat(msg, sizeof msg, pos, "termination request"); 11584 break; 11585 11586 default: 11587 pos = safecat(msg, sizeof msg, pos, "unknown "); 11588 pos = safecatn(msg, sizeof msg, pos, signum); 11589 break; 11590 } 11591 11592 store_log(&pm.this, NULL/*png_structp*/, msg, 1/*error*/); 11593 11594 /* And finally throw an exception so we can keep going, unless this is 11595 * SIGTERM in which case stop now. 11596 */ 11597 if (signum != SIGTERM) 11598 { 11599 struct exception_context *the_exception_context = 11600 &pm.this.exception_context; 11601 11602 Throw &pm.this; 11603 } 11604 11605 else 11606 exit(1); 11607 } 11608 11609 /* main program */ 11610 int main(int argc, char **argv) 11611 { 11612 int summary = 1; /* Print the error summary at the end */ 11613 int memstats = 0; /* Print memory statistics at the end */ 11614 11615 /* Create the given output file on success: */ 11616 const char *touch = NULL; 11617 11618 /* This is an array of standard gamma values (believe it or not I've seen 11619 * every one of these mentioned somewhere.) 11620 * 11621 * In the following list the most useful values are first! 11622 */ 11623 static double 11624 gammas[]={2.2, 1.0, 2.2/1.45, 1.8, 1.5, 2.4, 2.5, 2.62, 2.9}; 11625 11626 /* This records the command and arguments: */ 11627 size_t cp = 0; 11628 char command[1024]; 11629 11630 anon_context(&pm.this); 11631 11632 gnu_volatile(summary) 11633 gnu_volatile(memstats) 11634 gnu_volatile(touch) 11635 11636 /* Add appropriate signal handlers, just the ANSI specified ones: */ 11637 signal(SIGABRT, signal_handler); 11638 signal(SIGFPE, signal_handler); 11639 signal(SIGILL, signal_handler); 11640 signal(SIGINT, signal_handler); 11641 signal(SIGSEGV, signal_handler); 11642 signal(SIGTERM, signal_handler); 11643 11644 #ifdef HAVE_FEENABLEEXCEPT 11645 /* Only required to enable FP exceptions on platforms where they start off 11646 * disabled; this is not necessary but if it is not done pngvalid will likely 11647 * end up ignoring FP conditions that other platforms fault. 11648 */ 11649 feenableexcept(FE_DIVBYZERO | FE_INVALID | FE_OVERFLOW); 11650 #endif 11651 11652 modifier_init(&pm); 11653 11654 /* Preallocate the image buffer, because we know how big it needs to be, 11655 * note that, for testing purposes, it is deliberately mis-aligned by tag 11656 * bytes either side. All rows have an additional five bytes of padding for 11657 * overwrite checking. 11658 */ 11659 store_ensure_image(&pm.this, NULL, 2, TRANSFORM_ROWMAX, TRANSFORM_HEIGHTMAX); 11660 11661 /* Don't give argv[0], it's normally some horrible libtool string: */ 11662 cp = safecat(command, sizeof command, cp, "pngvalid"); 11663 11664 /* Default to error on warning: */ 11665 pm.this.treat_warnings_as_errors = 1; 11666 11667 /* Default assume_16_bit_calculations appropriately; this tells the checking 11668 * code that 16-bit arithmetic is used for 8-bit samples when it would make a 11669 * difference. 11670 */ 11671 pm.assume_16_bit_calculations = PNG_LIBPNG_VER >= 10700; 11672 11673 /* Currently 16 bit expansion happens at the end of the pipeline, so the 11674 * calculations are done in the input bit depth not the output. 11675 * 11676 * TODO: fix this 11677 */ 11678 pm.calculations_use_input_precision = 1U; 11679 11680 /* Store the test gammas */ 11681 pm.gammas = gammas; 11682 pm.ngammas = ARRAY_SIZE(gammas); 11683 pm.ngamma_tests = 0; /* default to off */ 11684 11685 /* Low bit depth gray images don't do well in the gamma tests, until 11686 * this is fixed turn them off for some gamma cases: 11687 */ 11688 # ifdef PNG_WRITE_tRNS_SUPPORTED 11689 pm.test_tRNS = 1; 11690 # endif 11691 pm.test_lbg = PNG_LIBPNG_VER >= 10600; 11692 pm.test_lbg_gamma_threshold = 1; 11693 pm.test_lbg_gamma_transform = PNG_LIBPNG_VER >= 10600; 11694 pm.test_lbg_gamma_sbit = 1; 11695 pm.test_lbg_gamma_composition = PNG_LIBPNG_VER >= 10700; 11696 11697 /* And the test encodings */ 11698 pm.encodings = test_encodings; 11699 pm.nencodings = ARRAY_SIZE(test_encodings); 11700 11701 # if PNG_LIBPNG_VER < 10700 11702 pm.sbitlow = 8U; /* because libpng doesn't do sBIT below 8! */ 11703 # else 11704 pm.sbitlow = 1U; 11705 # endif 11706 11707 /* The following allows results to pass if they correspond to anything in the 11708 * transformed range [input-.5,input+.5]; this is is required because of the 11709 * way libpng treates the 16_TO_8 flag when building the gamma tables in 11710 * releases up to 1.6.0. 11711 * 11712 * TODO: review this 11713 */ 11714 pm.use_input_precision_16to8 = 1U; 11715 pm.use_input_precision_sbit = 1U; /* because libpng now rounds sBIT */ 11716 11717 /* Some default values (set the behavior for 'make check' here). 11718 * These values simply control the maximum error permitted in the gamma 11719 * transformations. The practial limits for human perception are described 11720 * below (the setting for maxpc16), however for 8 bit encodings it isn't 11721 * possible to meet the accepted capabilities of human vision - i.e. 8 bit 11722 * images can never be good enough, regardless of encoding. 11723 */ 11724 pm.maxout8 = .1; /* Arithmetic error in *encoded* value */ 11725 pm.maxabs8 = .00005; /* 1/20000 */ 11726 pm.maxcalc8 = 1./255; /* +/-1 in 8 bits for compose errors */ 11727 pm.maxpc8 = .499; /* I.e., .499% fractional error */ 11728 pm.maxout16 = .499; /* Error in *encoded* value */ 11729 pm.maxabs16 = .00005;/* 1/20000 */ 11730 pm.maxcalc16 =1./65535;/* +/-1 in 16 bits for compose errors */ 11731 # if PNG_LIBPNG_VER < 10700 11732 pm.maxcalcG = 1./((1<<PNG_MAX_GAMMA_8)-1); 11733 # else 11734 pm.maxcalcG = 1./((1<<16)-1); 11735 # endif 11736 11737 /* NOTE: this is a reasonable perceptual limit. We assume that humans can 11738 * perceive light level differences of 1% over a 100:1 range, so we need to 11739 * maintain 1 in 10000 accuracy (in linear light space), which is what the 11740 * following guarantees. It also allows significantly higher errors at 11741 * higher 16 bit values, which is important for performance. The actual 11742 * maximum 16 bit error is about +/-1.9 in the fixed point implementation but 11743 * this is only allowed for values >38149 by the following: 11744 */ 11745 pm.maxpc16 = .005; /* I.e., 1/200% - 1/20000 */ 11746 11747 /* Now parse the command line options. */ 11748 while (--argc >= 1) 11749 { 11750 int catmore = 0; /* Set if the argument has an argument. */ 11751 11752 /* Record each argument for posterity: */ 11753 cp = safecat(command, sizeof command, cp, " "); 11754 cp = safecat(command, sizeof command, cp, *++argv); 11755 11756 if (strcmp(*argv, "-v") == 0) 11757 pm.this.verbose = 1; 11758 11759 else if (strcmp(*argv, "-l") == 0) 11760 pm.log = 1; 11761 11762 else if (strcmp(*argv, "-q") == 0) 11763 summary = pm.this.verbose = pm.log = 0; 11764 11765 else if (strcmp(*argv, "-w") == 0 || 11766 strcmp(*argv, "--strict") == 0) 11767 pm.this.treat_warnings_as_errors = 1; /* NOTE: this is the default! */ 11768 11769 else if (strcmp(*argv, "--nostrict") == 0) 11770 pm.this.treat_warnings_as_errors = 0; 11771 11772 else if (strcmp(*argv, "--speed") == 0) 11773 pm.this.speed = 1, pm.ngamma_tests = pm.ngammas, pm.test_standard = 0, 11774 summary = 0; 11775 11776 else if (strcmp(*argv, "--memory") == 0) 11777 memstats = 1; 11778 11779 else if (strcmp(*argv, "--size") == 0) 11780 pm.test_size = 1; 11781 11782 else if (strcmp(*argv, "--nosize") == 0) 11783 pm.test_size = 0; 11784 11785 else if (strcmp(*argv, "--standard") == 0) 11786 pm.test_standard = 1; 11787 11788 else if (strcmp(*argv, "--nostandard") == 0) 11789 pm.test_standard = 0; 11790 11791 else if (strcmp(*argv, "--transform") == 0) 11792 pm.test_transform = 1; 11793 11794 else if (strcmp(*argv, "--notransform") == 0) 11795 pm.test_transform = 0; 11796 11797 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 11798 else if (strncmp(*argv, "--transform-disable=", 11799 sizeof "--transform-disable") == 0) 11800 { 11801 pm.test_transform = 1; 11802 transform_disable(*argv + sizeof "--transform-disable"); 11803 } 11804 11805 else if (strncmp(*argv, "--transform-enable=", 11806 sizeof "--transform-enable") == 0) 11807 { 11808 pm.test_transform = 1; 11809 transform_enable(*argv + sizeof "--transform-enable"); 11810 } 11811 #endif /* PNG_READ_TRANSFORMS_SUPPORTED */ 11812 11813 else if (strcmp(*argv, "--gamma") == 0) 11814 { 11815 /* Just do two gamma tests here (2.2 and linear) for speed: */ 11816 pm.ngamma_tests = 2U; 11817 pm.test_gamma_threshold = 1; 11818 pm.test_gamma_transform = 1; 11819 pm.test_gamma_sbit = 1; 11820 pm.test_gamma_scale16 = 1; 11821 pm.test_gamma_background = 1; /* composition */ 11822 pm.test_gamma_alpha_mode = 1; 11823 } 11824 11825 else if (strcmp(*argv, "--nogamma") == 0) 11826 pm.ngamma_tests = 0; 11827 11828 else if (strcmp(*argv, "--gamma-threshold") == 0) 11829 pm.ngamma_tests = 2U, pm.test_gamma_threshold = 1; 11830 11831 else if (strcmp(*argv, "--nogamma-threshold") == 0) 11832 pm.test_gamma_threshold = 0; 11833 11834 else if (strcmp(*argv, "--gamma-transform") == 0) 11835 pm.ngamma_tests = 2U, pm.test_gamma_transform = 1; 11836 11837 else if (strcmp(*argv, "--nogamma-transform") == 0) 11838 pm.test_gamma_transform = 0; 11839 11840 else if (strcmp(*argv, "--gamma-sbit") == 0) 11841 pm.ngamma_tests = 2U, pm.test_gamma_sbit = 1; 11842 11843 else if (strcmp(*argv, "--nogamma-sbit") == 0) 11844 pm.test_gamma_sbit = 0; 11845 11846 else if (strcmp(*argv, "--gamma-16-to-8") == 0) 11847 pm.ngamma_tests = 2U, pm.test_gamma_scale16 = 1; 11848 11849 else if (strcmp(*argv, "--nogamma-16-to-8") == 0) 11850 pm.test_gamma_scale16 = 0; 11851 11852 else if (strcmp(*argv, "--gamma-background") == 0) 11853 pm.ngamma_tests = 2U, pm.test_gamma_background = 1; 11854 11855 else if (strcmp(*argv, "--nogamma-background") == 0) 11856 pm.test_gamma_background = 0; 11857 11858 else if (strcmp(*argv, "--gamma-alpha-mode") == 0) 11859 pm.ngamma_tests = 2U, pm.test_gamma_alpha_mode = 1; 11860 11861 else if (strcmp(*argv, "--nogamma-alpha-mode") == 0) 11862 pm.test_gamma_alpha_mode = 0; 11863 11864 else if (strcmp(*argv, "--expand16") == 0) 11865 pm.test_gamma_expand16 = 1; 11866 11867 else if (strcmp(*argv, "--noexpand16") == 0) 11868 pm.test_gamma_expand16 = 0; 11869 11870 else if (strcmp(*argv, "--low-depth-gray") == 0) 11871 pm.test_lbg = pm.test_lbg_gamma_threshold = 11872 pm.test_lbg_gamma_transform = pm.test_lbg_gamma_sbit = 11873 pm.test_lbg_gamma_composition = 1; 11874 11875 else if (strcmp(*argv, "--nolow-depth-gray") == 0) 11876 pm.test_lbg = pm.test_lbg_gamma_threshold = 11877 pm.test_lbg_gamma_transform = pm.test_lbg_gamma_sbit = 11878 pm.test_lbg_gamma_composition = 0; 11879 11880 # ifdef PNG_WRITE_tRNS_SUPPORTED 11881 else if (strcmp(*argv, "--tRNS") == 0) 11882 pm.test_tRNS = 1; 11883 # endif 11884 11885 else if (strcmp(*argv, "--notRNS") == 0) 11886 pm.test_tRNS = 0; 11887 11888 else if (strcmp(*argv, "--more-gammas") == 0) 11889 pm.ngamma_tests = 3U; 11890 11891 else if (strcmp(*argv, "--all-gammas") == 0) 11892 pm.ngamma_tests = pm.ngammas; 11893 11894 else if (strcmp(*argv, "--progressive-read") == 0) 11895 pm.this.progressive = 1; 11896 11897 else if (strcmp(*argv, "--use-update-info") == 0) 11898 ++pm.use_update_info; /* Can call multiple times */ 11899 11900 else if (strcmp(*argv, "--interlace") == 0) 11901 { 11902 # if CAN_WRITE_INTERLACE 11903 pm.interlace_type = PNG_INTERLACE_ADAM7; 11904 # else /* !CAN_WRITE_INTERLACE */ 11905 fprintf(stderr, "pngvalid: no write interlace support\n"); 11906 return SKIP; 11907 # endif /* !CAN_WRITE_INTERLACE */ 11908 } 11909 11910 else if (strcmp(*argv, "--use-input-precision") == 0) 11911 pm.use_input_precision = 1U; 11912 11913 else if (strcmp(*argv, "--use-calculation-precision") == 0) 11914 pm.use_input_precision = 0; 11915 11916 else if (strcmp(*argv, "--calculations-use-input-precision") == 0) 11917 pm.calculations_use_input_precision = 1U; 11918 11919 else if (strcmp(*argv, "--assume-16-bit-calculations") == 0) 11920 pm.assume_16_bit_calculations = 1U; 11921 11922 else if (strcmp(*argv, "--calculations-follow-bit-depth") == 0) 11923 pm.calculations_use_input_precision = 11924 pm.assume_16_bit_calculations = 0; 11925 11926 else if (strcmp(*argv, "--exhaustive") == 0) 11927 pm.test_exhaustive = 1; 11928 11929 else if (argc > 1 && strcmp(*argv, "--sbitlow") == 0) 11930 --argc, pm.sbitlow = (png_byte)atoi(*++argv), catmore = 1; 11931 11932 else if (argc > 1 && strcmp(*argv, "--touch") == 0) 11933 --argc, touch = *++argv, catmore = 1; 11934 11935 else if (argc > 1 && strncmp(*argv, "--max", 5) == 0) 11936 { 11937 --argc; 11938 11939 if (strcmp(5+*argv, "abs8") == 0) 11940 pm.maxabs8 = atof(*++argv); 11941 11942 else if (strcmp(5+*argv, "abs16") == 0) 11943 pm.maxabs16 = atof(*++argv); 11944 11945 else if (strcmp(5+*argv, "calc8") == 0) 11946 pm.maxcalc8 = atof(*++argv); 11947 11948 else if (strcmp(5+*argv, "calc16") == 0) 11949 pm.maxcalc16 = atof(*++argv); 11950 11951 else if (strcmp(5+*argv, "out8") == 0) 11952 pm.maxout8 = atof(*++argv); 11953 11954 else if (strcmp(5+*argv, "out16") == 0) 11955 pm.maxout16 = atof(*++argv); 11956 11957 else if (strcmp(5+*argv, "pc8") == 0) 11958 pm.maxpc8 = atof(*++argv); 11959 11960 else if (strcmp(5+*argv, "pc16") == 0) 11961 pm.maxpc16 = atof(*++argv); 11962 11963 else 11964 { 11965 fprintf(stderr, "pngvalid: %s: unknown 'max' option\n", *argv); 11966 exit(99); 11967 } 11968 11969 catmore = 1; 11970 } 11971 11972 else if (strcmp(*argv, "--log8") == 0) 11973 --argc, pm.log8 = atof(*++argv), catmore = 1; 11974 11975 else if (strcmp(*argv, "--log16") == 0) 11976 --argc, pm.log16 = atof(*++argv), catmore = 1; 11977 11978 #ifdef PNG_SET_OPTION_SUPPORTED 11979 else if (strncmp(*argv, "--option=", 9) == 0) 11980 { 11981 /* Syntax of the argument is <option>:{on|off} */ 11982 const char *arg = 9+*argv; 11983 unsigned char option=0, setting=0; 11984 11985 #ifdef PNG_ARM_NEON 11986 if (strncmp(arg, "arm-neon:", 9) == 0) 11987 option = PNG_ARM_NEON, arg += 9; 11988 11989 else 11990 #endif 11991 #ifdef PNG_EXTENSIONS 11992 if (strncmp(arg, "extensions:", 11) == 0) 11993 option = PNG_EXTENSIONS, arg += 11; 11994 11995 else 11996 #endif 11997 #ifdef PNG_MAXIMUM_INFLATE_WINDOW 11998 if (strncmp(arg, "max-inflate-window:", 19) == 0) 11999 option = PNG_MAXIMUM_INFLATE_WINDOW, arg += 19; 12000 12001 else 12002 #endif 12003 { 12004 fprintf(stderr, "pngvalid: %s: %s: unknown option\n", *argv, arg); 12005 exit(99); 12006 } 12007 12008 if (strcmp(arg, "off") == 0) 12009 setting = PNG_OPTION_OFF; 12010 12011 else if (strcmp(arg, "on") == 0) 12012 setting = PNG_OPTION_ON; 12013 12014 else 12015 { 12016 fprintf(stderr, 12017 "pngvalid: %s: %s: unknown setting (use 'on' or 'off')\n", 12018 *argv, arg); 12019 exit(99); 12020 } 12021 12022 pm.this.options[pm.this.noptions].option = option; 12023 pm.this.options[pm.this.noptions++].setting = setting; 12024 } 12025 #endif /* PNG_SET_OPTION_SUPPORTED */ 12026 12027 else 12028 { 12029 fprintf(stderr, "pngvalid: %s: unknown argument\n", *argv); 12030 exit(99); 12031 } 12032 12033 if (catmore) /* consumed an extra *argv */ 12034 { 12035 cp = safecat(command, sizeof command, cp, " "); 12036 cp = safecat(command, sizeof command, cp, *argv); 12037 } 12038 } 12039 12040 /* If pngvalid is run with no arguments default to a reasonable set of the 12041 * tests. 12042 */ 12043 if (pm.test_standard == 0 && pm.test_size == 0 && pm.test_transform == 0 && 12044 pm.ngamma_tests == 0) 12045 { 12046 /* Make this do all the tests done in the test shell scripts with the same 12047 * parameters, where possible. The limitation is that all the progressive 12048 * read and interlace stuff has to be done in separate runs, so only the 12049 * basic 'standard' and 'size' tests are done. 12050 */ 12051 pm.test_standard = 1; 12052 pm.test_size = 1; 12053 pm.test_transform = 1; 12054 pm.ngamma_tests = 2U; 12055 } 12056 12057 if (pm.ngamma_tests > 0 && 12058 pm.test_gamma_threshold == 0 && pm.test_gamma_transform == 0 && 12059 pm.test_gamma_sbit == 0 && pm.test_gamma_scale16 == 0 && 12060 pm.test_gamma_background == 0 && pm.test_gamma_alpha_mode == 0) 12061 { 12062 pm.test_gamma_threshold = 1; 12063 pm.test_gamma_transform = 1; 12064 pm.test_gamma_sbit = 1; 12065 pm.test_gamma_scale16 = 1; 12066 pm.test_gamma_background = 1; 12067 pm.test_gamma_alpha_mode = 1; 12068 } 12069 12070 else if (pm.ngamma_tests == 0) 12071 { 12072 /* Nothing to test so turn everything off: */ 12073 pm.test_gamma_threshold = 0; 12074 pm.test_gamma_transform = 0; 12075 pm.test_gamma_sbit = 0; 12076 pm.test_gamma_scale16 = 0; 12077 pm.test_gamma_background = 0; 12078 pm.test_gamma_alpha_mode = 0; 12079 } 12080 12081 Try 12082 { 12083 /* Make useful base images */ 12084 make_transform_images(&pm); 12085 12086 /* Perform the standard and gamma tests. */ 12087 if (pm.test_standard) 12088 { 12089 perform_interlace_macro_validation(); 12090 perform_formatting_test(&pm.this); 12091 # ifdef PNG_READ_SUPPORTED 12092 perform_standard_test(&pm); 12093 # endif 12094 perform_error_test(&pm); 12095 } 12096 12097 /* Various oddly sized images: */ 12098 if (pm.test_size) 12099 { 12100 make_size_images(&pm.this); 12101 # ifdef PNG_READ_SUPPORTED 12102 perform_size_test(&pm); 12103 # endif 12104 } 12105 12106 #ifdef PNG_READ_TRANSFORMS_SUPPORTED 12107 /* Combinatorial transforms: */ 12108 if (pm.test_transform) 12109 perform_transform_test(&pm); 12110 #endif /* PNG_READ_TRANSFORMS_SUPPORTED */ 12111 12112 #ifdef PNG_READ_GAMMA_SUPPORTED 12113 if (pm.ngamma_tests > 0) 12114 perform_gamma_test(&pm, summary); 12115 #endif 12116 } 12117 12118 Catch_anonymous 12119 { 12120 fprintf(stderr, "pngvalid: test aborted (probably failed in cleanup)\n"); 12121 if (!pm.this.verbose) 12122 { 12123 if (pm.this.error[0] != 0) 12124 fprintf(stderr, "pngvalid: first error: %s\n", pm.this.error); 12125 12126 fprintf(stderr, "pngvalid: run with -v to see what happened\n"); 12127 } 12128 exit(1); 12129 } 12130 12131 if (summary) 12132 { 12133 printf("%s: %s (%s point arithmetic)\n", 12134 (pm.this.nerrors || (pm.this.treat_warnings_as_errors && 12135 pm.this.nwarnings)) ? "FAIL" : "PASS", 12136 command, 12137 #if defined(PNG_FLOATING_ARITHMETIC_SUPPORTED) || PNG_LIBPNG_VER < 10500 12138 "floating" 12139 #else 12140 "fixed" 12141 #endif 12142 ); 12143 } 12144 12145 if (memstats) 12146 { 12147 printf("Allocated memory statistics (in bytes):\n" 12148 "\tread %lu maximum single, %lu peak, %lu total\n" 12149 "\twrite %lu maximum single, %lu peak, %lu total\n", 12150 (unsigned long)pm.this.read_memory_pool.max_max, 12151 (unsigned long)pm.this.read_memory_pool.max_limit, 12152 (unsigned long)pm.this.read_memory_pool.max_total, 12153 (unsigned long)pm.this.write_memory_pool.max_max, 12154 (unsigned long)pm.this.write_memory_pool.max_limit, 12155 (unsigned long)pm.this.write_memory_pool.max_total); 12156 } 12157 12158 /* Do this here to provoke memory corruption errors in memory not directly 12159 * allocated by libpng - not a complete test, but better than nothing. 12160 */ 12161 store_delete(&pm.this); 12162 12163 /* Error exit if there are any errors, and maybe if there are any 12164 * warnings. 12165 */ 12166 if (pm.this.nerrors || (pm.this.treat_warnings_as_errors && 12167 pm.this.nwarnings)) 12168 { 12169 if (!pm.this.verbose) 12170 fprintf(stderr, "pngvalid: %s\n", pm.this.error); 12171 12172 fprintf(stderr, "pngvalid: %d errors, %d warnings\n", pm.this.nerrors, 12173 pm.this.nwarnings); 12174 12175 exit(1); 12176 } 12177 12178 /* Success case. */ 12179 if (touch != NULL) 12180 { 12181 FILE *fsuccess = fopen(touch, "wt"); 12182 12183 if (fsuccess != NULL) 12184 { 12185 int error = 0; 12186 fprintf(fsuccess, "PNG validation succeeded\n"); 12187 fflush(fsuccess); 12188 error = ferror(fsuccess); 12189 12190 if (fclose(fsuccess) || error) 12191 { 12192 fprintf(stderr, "%s: write failed\n", touch); 12193 exit(1); 12194 } 12195 } 12196 12197 else 12198 { 12199 fprintf(stderr, "%s: open failed\n", touch); 12200 exit(1); 12201 } 12202 } 12203 12204 /* This is required because some very minimal configurations do not use it: 12205 */ 12206 UNUSED(fail) 12207 return 0; 12208 } 12209 #else /* write or low level APIs not supported */ 12210 int main(void) 12211 { 12212 fprintf(stderr, 12213 "pngvalid: no low level write support in libpng, all tests skipped\n"); 12214 /* So the test is skipped: */ 12215 return SKIP; 12216 } 12217 #endif 12218
