1 /*---------------------------------------------------------------------------
2
3 rpng2 - progressive-model PNG display program readpng2.c
4
5 ---------------------------------------------------------------------------
6
7 Copyright (c) 1998-2015 Greg Roelofs. All rights reserved.
8
9 This software is provided "as is," without warranty of any kind,
10 express or implied. In no event shall the author or contributors
11 be held liable for any damages arising in any way from the use of
12 this software.
13
14 The contents of this file are DUAL-LICENSED. You may modify and/or
15 redistribute this software according to the terms of one of the
16 following two licenses (at your option):
17
18
19 LICENSE 1 ("BSD-like with advertising clause"):
20
21 Permission is granted to anyone to use this software for any purpose,
22 including commercial applications, and to alter it and redistribute
23 it freely, subject to the following restrictions:
24
25 1. Redistributions of source code must retain the above copyright
26 notice, disclaimer, and this list of conditions.
27 2. Redistributions in binary form must reproduce the above copyright
28 notice, disclaimer, and this list of conditions in the documenta-
29 tion and/or other materials provided with the distribution.
30 3. All advertising materials mentioning features or use of this
31 software must display the following acknowledgment:
32
33 This product includes software developed by Greg Roelofs
34 and contributors for the book, "PNG: The Definitive Guide,"
35 published by O'Reilly and Associates.
36
37
38 LICENSE 2 (GNU GPL v2 or later):
39
40 This program is free software; you can redistribute it and/or modify
41 it under the terms of the GNU General Public License as published by
42 the Free Software Foundation; either version 2 of the License, or
43 (at your option) any later version.
44
45 This program is distributed in the hope that it will be useful,
46 but WITHOUT ANY WARRANTY; without even the implied warranty of
47 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
48 GNU General Public License for more details.
49
50 You should have received a copy of the GNU General Public License
51 along with this program; if not, write to the Free Software Foundation,
52 Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
53
54 ---------------------------------------------------------------------------
55
56 Changelog:
57 2015-11-12 - Check return value of png_get_bKGD() (Glenn R-P)
58 2017-04-22 - Guard against integer overflow (Glenn R-P)
59
60 ---------------------------------------------------------------------------*/
61
62
63 #include <stdlib.h> /* for exit() prototype */
64 #include <setjmp.h>
65
66 #include <zlib.h>
67 #include "png.h" /* libpng header from the local directory */
68 #include "readpng2.h" /* typedefs, common macros, public prototypes */
69
70
71 /* local prototypes */
72
73 static void readpng2_info_callback(png_structp png_ptr, png_infop info_ptr);
74 static void readpng2_row_callback(png_structp png_ptr, png_bytep new_row,
75 png_uint_32 row_num, int pass);
76 static void readpng2_end_callback(png_structp png_ptr, png_infop info_ptr);
77 static void readpng2_error_handler(png_structp png_ptr, png_const_charp msg);
78 static void readpng2_warning_handler(png_structp png_ptr, png_const_charp msg);
79
80
81
82
readpng2_version_info(void)83 void readpng2_version_info(void)
84 {
85 fprintf(stderr, " Compiled with libpng %s; using libpng %s\n",
86 PNG_LIBPNG_VER_STRING, png_libpng_ver);
87
88 fprintf(stderr, " and with zlib %s; using zlib %s.\n",
89 ZLIB_VERSION, zlib_version);
90 }
91
92
93
94
readpng2_check_sig(uch * sig,int num)95 int readpng2_check_sig(uch *sig, int num)
96 {
97 return !png_sig_cmp(sig, 0, num);
98 }
99
100
101
102
103 /* returns 0 for success, 2 for libpng problem, 4 for out of memory */
104
readpng2_init(mainprog_info * mainprog_ptr)105 int readpng2_init(mainprog_info *mainprog_ptr)
106 {
107 png_structp png_ptr; /* note: temporary variables! */
108 png_infop info_ptr;
109
110
111 /* could also replace libpng warning-handler (final NULL), but no need: */
112
113 png_ptr = png_create_read_struct(png_get_libpng_ver(NULL), mainprog_ptr,
114 readpng2_error_handler, readpng2_warning_handler);
115 if (!png_ptr)
116 return 4; /* out of memory */
117
118 info_ptr = png_create_info_struct(png_ptr);
119 if (!info_ptr) {
120 png_destroy_read_struct(&png_ptr, NULL, NULL);
121 return 4; /* out of memory */
122 }
123
124
125 /* we could create a second info struct here (end_info), but it's only
126 * useful if we want to keep pre- and post-IDAT chunk info separated
127 * (mainly for PNG-aware image editors and converters) */
128
129
130 /* setjmp() must be called in every function that calls a PNG-reading
131 * libpng function, unless an alternate error handler was installed--
132 * but compatible error handlers must either use longjmp() themselves
133 * (as in this program) or exit immediately, so here we are: */
134
135 if (setjmp(mainprog_ptr->jmpbuf)) {
136 png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
137 return 2;
138 }
139
140
141 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
142 /* prepare the reader to ignore all recognized chunks whose data won't be
143 * used, i.e., all chunks recognized by libpng except for IHDR, PLTE, IDAT,
144 * IEND, tRNS, bKGD, gAMA, and sRGB (small performance improvement) */
145 {
146 /* These byte strings were copied from png.h. If a future version
147 * of readpng2.c recognizes more chunks, add them to this list.
148 */
149 static PNG_CONST png_byte chunks_to_process[] = {
150 98, 75, 71, 68, '\0', /* bKGD */
151 103, 65, 77, 65, '\0', /* gAMA */
152 115, 82, 71, 66, '\0', /* sRGB */
153 };
154
155 /* Ignore all chunks except for IHDR, PLTE, tRNS, IDAT, and IEND */
156 png_set_keep_unknown_chunks(png_ptr, -1 /* PNG_HANDLE_CHUNK_NEVER */,
157 NULL, -1);
158
159 /* But do not ignore chunks in the "chunks_to_process" list */
160 png_set_keep_unknown_chunks(png_ptr,
161 0 /* PNG_HANDLE_CHUNK_AS_DEFAULT */, chunks_to_process,
162 sizeof(chunks_to_process)/5);
163 }
164 #endif /* PNG_HANDLE_AS_UNKNOWN_SUPPORTED */
165
166
167 /* instead of doing png_init_io() here, now we set up our callback
168 * functions for progressive decoding */
169
170 png_set_progressive_read_fn(png_ptr, mainprog_ptr,
171 readpng2_info_callback, readpng2_row_callback, readpng2_end_callback);
172
173
174 /* make sure we save our pointers for use in readpng2_decode_data() */
175
176 mainprog_ptr->png_ptr = png_ptr;
177 mainprog_ptr->info_ptr = info_ptr;
178
179
180 /* and that's all there is to initialization */
181
182 return 0;
183 }
184
185
186
187
188 /* returns 0 for success, 2 for libpng (longjmp) problem */
189
readpng2_decode_data(mainprog_info * mainprog_ptr,uch * rawbuf,ulg length)190 int readpng2_decode_data(mainprog_info *mainprog_ptr, uch *rawbuf, ulg length)
191 {
192 png_structp png_ptr = (png_structp)mainprog_ptr->png_ptr;
193 png_infop info_ptr = (png_infop)mainprog_ptr->info_ptr;
194
195
196 /* setjmp() must be called in every function that calls a PNG-reading
197 * libpng function */
198
199 if (setjmp(mainprog_ptr->jmpbuf)) {
200 png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
201 mainprog_ptr->png_ptr = NULL;
202 mainprog_ptr->info_ptr = NULL;
203 return 2;
204 }
205
206
207 /* hand off the next chunk of input data to libpng for decoding */
208
209 png_process_data(png_ptr, info_ptr, rawbuf, length);
210
211 return 0;
212 }
213
214
215
216
readpng2_info_callback(png_structp png_ptr,png_infop info_ptr)217 static void readpng2_info_callback(png_structp png_ptr, png_infop info_ptr)
218 {
219 mainprog_info *mainprog_ptr;
220 int color_type, bit_depth;
221 png_uint_32 width, height;
222 #ifdef PNG_FLOATING_POINT_SUPPORTED
223 double gamma;
224 #else
225 png_fixed_point gamma;
226 #endif
227
228
229 /* setjmp() doesn't make sense here, because we'd either have to exit(),
230 * longjmp() ourselves, or return control to libpng, which doesn't want
231 * to see us again. By not doing anything here, libpng will instead jump
232 * to readpng2_decode_data(), which can return an error value to the main
233 * program. */
234
235
236 /* retrieve the pointer to our special-purpose struct, using the png_ptr
237 * that libpng passed back to us (i.e., not a global this time--there's
238 * no real difference for a single image, but for a multithreaded browser
239 * decoding several PNG images at the same time, one needs to avoid mixing
240 * up different images' structs) */
241
242 mainprog_ptr = png_get_progressive_ptr(png_ptr);
243
244 if (mainprog_ptr == NULL) { /* we be hosed */
245 fprintf(stderr,
246 "readpng2 error: main struct not recoverable in info_callback.\n");
247 fflush(stderr);
248 return;
249 /*
250 * Alternatively, we could call our error-handler just like libpng
251 * does, which would effectively terminate the program. Since this
252 * can only happen if png_ptr gets redirected somewhere odd or the
253 * main PNG struct gets wiped, we're probably toast anyway. (If
254 * png_ptr itself is NULL, we would not have been called.)
255 */
256 }
257
258
259 /* this is just like in the non-progressive case */
260
261 png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
262 NULL, NULL, NULL);
263 mainprog_ptr->width = (ulg)width;
264 mainprog_ptr->height = (ulg)height;
265
266
267 /* since we know we've read all of the PNG file's "header" (i.e., up
268 * to IDAT), we can check for a background color here */
269
270 if (mainprog_ptr->need_bgcolor)
271 {
272 png_color_16p pBackground;
273
274 /* it is not obvious from the libpng documentation, but this function
275 * takes a pointer to a pointer, and it always returns valid red,
276 * green and blue values, regardless of color_type: */
277 if (png_get_bKGD(png_ptr, info_ptr, &pBackground))
278 {
279
280 /* however, it always returns the raw bKGD data, regardless of any
281 * bit-depth transformations, so check depth and adjust if necessary
282 */
283 if (bit_depth == 16) {
284 mainprog_ptr->bg_red = pBackground->red >> 8;
285 mainprog_ptr->bg_green = pBackground->green >> 8;
286 mainprog_ptr->bg_blue = pBackground->blue >> 8;
287 } else if (color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8) {
288 if (bit_depth == 1)
289 mainprog_ptr->bg_red = mainprog_ptr->bg_green =
290 mainprog_ptr->bg_blue = pBackground->gray? 255 : 0;
291 else if (bit_depth == 2)
292 mainprog_ptr->bg_red = mainprog_ptr->bg_green =
293 mainprog_ptr->bg_blue = (255/3) * pBackground->gray;
294 else /* bit_depth == 4 */
295 mainprog_ptr->bg_red = mainprog_ptr->bg_green =
296 mainprog_ptr->bg_blue = (255/15) * pBackground->gray;
297 } else {
298 mainprog_ptr->bg_red = (uch)pBackground->red;
299 mainprog_ptr->bg_green = (uch)pBackground->green;
300 mainprog_ptr->bg_blue = (uch)pBackground->blue;
301 }
302 }
303 }
304
305
306 /* as before, let libpng expand palette images to RGB, low-bit-depth
307 * grayscale images to 8 bits, transparency chunks to full alpha channel;
308 * strip 16-bit-per-sample images to 8 bits per sample; and convert
309 * grayscale to RGB[A] */
310
311 if (color_type == PNG_COLOR_TYPE_PALETTE)
312 png_set_expand(png_ptr);
313 if (color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8)
314 png_set_expand(png_ptr);
315 if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS))
316 png_set_expand(png_ptr);
317 #ifdef PNG_READ_16_TO_8_SUPPORTED
318 if (bit_depth == 16)
319 # ifdef PNG_READ_SCALE_16_TO_8_SUPPORTED
320 png_set_scale_16(png_ptr);
321 # else
322 png_set_strip_16(png_ptr);
323 # endif
324 #endif
325 if (color_type == PNG_COLOR_TYPE_GRAY ||
326 color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
327 png_set_gray_to_rgb(png_ptr);
328
329
330 /* Unlike the basic viewer, which was designed to operate on local files,
331 * this program is intended to simulate a web browser--even though we
332 * actually read from a local file, too. But because we are pretending
333 * that most of the images originate on the Internet, we follow the recom-
334 * mendation of the sRGB proposal and treat unlabelled images (no gAMA
335 * chunk) as existing in the sRGB color space. That is, we assume that
336 * such images have a file gamma of 0.45455, which corresponds to a PC-like
337 * display system. This change in assumptions will have no effect on a
338 * PC-like system, but on a Mac, SGI, NeXT or other system with a non-
339 * identity lookup table, it will darken unlabelled images, which effec-
340 * tively favors images from PC-like systems over those originating on
341 * the local platform. Note that mainprog_ptr->display_exponent is the
342 * "gamma" value for the entire display system, i.e., the product of
343 * LUT_exponent and CRT_exponent. */
344
345 #ifdef PNG_FLOATING_POINT_SUPPORTED
346 if (png_get_gAMA(png_ptr, info_ptr, &gamma))
347 png_set_gamma(png_ptr, mainprog_ptr->display_exponent, gamma);
348 else
349 png_set_gamma(png_ptr, mainprog_ptr->display_exponent, 0.45455);
350 #else
351 if (png_get_gAMA_fixed(png_ptr, info_ptr, &gamma))
352 png_set_gamma_fixed(png_ptr,
353 (png_fixed_point)(100000*mainprog_ptr->display_exponent+.5), gamma);
354 else
355 png_set_gamma_fixed(png_ptr,
356 (png_fixed_point)(100000*mainprog_ptr->display_exponent+.5), 45455);
357 #endif
358
359 /* we'll let libpng expand interlaced images, too */
360
361 mainprog_ptr->passes = png_set_interlace_handling(png_ptr);
362
363
364 /* all transformations have been registered; now update info_ptr data and
365 * then get rowbytes and channels */
366
367 png_read_update_info(png_ptr, info_ptr);
368
369 mainprog_ptr->rowbytes = (int)png_get_rowbytes(png_ptr, info_ptr);
370 mainprog_ptr->channels = png_get_channels(png_ptr, info_ptr);
371
372
373 /* Call the main program to allocate memory for the image buffer and
374 * initialize windows and whatnot. (The old-style function-pointer
375 * invocation is used for compatibility with a few supposedly ANSI
376 * compilers that nevertheless barf on "fn_ptr()"-style syntax.) */
377
378 (*mainprog_ptr->mainprog_init)();
379
380
381 /* and that takes care of initialization */
382
383 return;
384 }
385
386
387
388
389
readpng2_row_callback(png_structp png_ptr,png_bytep new_row,png_uint_32 row_num,int pass)390 static void readpng2_row_callback(png_structp png_ptr, png_bytep new_row,
391 png_uint_32 row_num, int pass)
392 {
393 mainprog_info *mainprog_ptr;
394
395
396 /* first check whether the row differs from the previous pass; if not,
397 * nothing to combine or display */
398
399 if (!new_row)
400 return;
401
402
403 /* retrieve the pointer to our special-purpose struct so we can access
404 * the old rows and image-display callback function */
405
406 mainprog_ptr = png_get_progressive_ptr(png_ptr);
407
408
409 /* save the pass number for optional use by the front end */
410
411 mainprog_ptr->pass = pass;
412
413
414 /* have libpng either combine the new row data with the existing row data
415 * from previous passes (if interlaced) or else just copy the new row
416 * into the main program's image buffer */
417
418 png_progressive_combine_row(png_ptr, mainprog_ptr->row_pointers[row_num],
419 new_row);
420
421
422 /* finally, call the display routine in the main program with the number
423 * of the row we just updated */
424
425 (*mainprog_ptr->mainprog_display_row)(row_num);
426
427
428 /* and we're ready for more */
429
430 return;
431 }
432
433
434
435
436
readpng2_end_callback(png_structp png_ptr,png_infop info_ptr)437 static void readpng2_end_callback(png_structp png_ptr, png_infop info_ptr)
438 {
439 mainprog_info *mainprog_ptr;
440
441
442 /* retrieve the pointer to our special-purpose struct */
443
444 mainprog_ptr = png_get_progressive_ptr(png_ptr);
445
446
447 /* let the main program know that it should flush any buffered image
448 * data to the display now and set a "done" flag or whatever, but note
449 * that it SHOULD NOT DESTROY THE PNG STRUCTS YET--in other words, do
450 * NOT call readpng2_cleanup() either here or in the finish_display()
451 * routine; wait until control returns to the main program via
452 * readpng2_decode_data() */
453
454 (*mainprog_ptr->mainprog_finish_display)();
455
456
457 /* all done */
458
459 (void)info_ptr; /* Unused */
460
461 return;
462 }
463
464
465
466
467
readpng2_cleanup(mainprog_info * mainprog_ptr)468 void readpng2_cleanup(mainprog_info *mainprog_ptr)
469 {
470 png_structp png_ptr = (png_structp)mainprog_ptr->png_ptr;
471 png_infop info_ptr = (png_infop)mainprog_ptr->info_ptr;
472
473 if (png_ptr && info_ptr)
474 png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
475
476 mainprog_ptr->png_ptr = NULL;
477 mainprog_ptr->info_ptr = NULL;
478 }
479
480
readpng2_warning_handler(png_structp png_ptr,png_const_charp msg)481 static void readpng2_warning_handler(png_structp png_ptr, png_const_charp msg)
482 {
483 fprintf(stderr, "readpng2 libpng warning: %s\n", msg);
484 fflush(stderr);
485 (void)png_ptr; /* Unused */
486 }
487
488
readpng2_error_handler(png_structp png_ptr,png_const_charp msg)489 static void readpng2_error_handler(png_structp png_ptr, png_const_charp msg)
490 {
491 mainprog_info *mainprog_ptr;
492
493 /* This function, aside from the extra step of retrieving the "error
494 * pointer" (below) and the fact that it exists within the application
495 * rather than within libpng, is essentially identical to libpng's
496 * default error handler. The second point is critical: since both
497 * setjmp() and longjmp() are called from the same code, they are
498 * guaranteed to have compatible notions of how big a jmp_buf is,
499 * regardless of whether _BSD_SOURCE or anything else has (or has not)
500 * been defined. */
501
502 fprintf(stderr, "readpng2 libpng error: %s\n", msg);
503 fflush(stderr);
504
505 mainprog_ptr = png_get_error_ptr(png_ptr);
506 if (mainprog_ptr == NULL) { /* we are completely hosed now */
507 fprintf(stderr,
508 "readpng2 severe error: jmpbuf not recoverable; terminating.\n");
509 fflush(stderr);
510 exit(99);
511 }
512
513 /* Now we have our data structure we can use the information in it
514 * to return control to our own higher level code (all the points
515 * where 'setjmp' is called in this file.) This will work with other
516 * error handling mechanisms as well - libpng always calls png_error
517 * when it can proceed no further, thus, so long as the error handler
518 * is intercepted, application code can do its own error recovery.
519 */
520 longjmp(mainprog_ptr->jmpbuf, 1);
521 }
522