1
2 /* pngwutil.c - utilities to write a PNG file
3 *
4 * Last changed in libpng 1.6.22 [May 26, 2016]
5 * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson
6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
8 *
9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer
11 * and license in png.h
12 */
13
14 #include "pngpriv.h"
15
16 #ifdef PNG_WRITE_SUPPORTED
17
18 #ifdef PNG_WRITE_INT_FUNCTIONS_SUPPORTED
19 /* Place a 32-bit number into a buffer in PNG byte order. We work
20 * with unsigned numbers for convenience, although one supported
21 * ancillary chunk uses signed (two's complement) numbers.
22 */
23 void PNGAPI
png_save_uint_32(png_bytep buf,png_uint_32 i)24 png_save_uint_32(png_bytep buf, png_uint_32 i)
25 {
26 buf[0] = (png_byte)((i >> 24) & 0xffU);
27 buf[1] = (png_byte)((i >> 16) & 0xffU);
28 buf[2] = (png_byte)((i >> 8) & 0xffU);
29 buf[3] = (png_byte)( i & 0xffU);
30 }
31
32 /* Place a 16-bit number into a buffer in PNG byte order.
33 * The parameter is declared unsigned int, not png_uint_16,
34 * just to avoid potential problems on pre-ANSI C compilers.
35 */
36 void PNGAPI
png_save_uint_16(png_bytep buf,unsigned int i)37 png_save_uint_16(png_bytep buf, unsigned int i)
38 {
39 buf[0] = (png_byte)((i >> 8) & 0xffU);
40 buf[1] = (png_byte)( i & 0xffU);
41 }
42 #endif
43
44 /* Simple function to write the signature. If we have already written
45 * the magic bytes of the signature, or more likely, the PNG stream is
46 * being embedded into another stream and doesn't need its own signature,
47 * we should call png_set_sig_bytes() to tell libpng how many of the
48 * bytes have already been written.
49 */
50 void PNGAPI
png_write_sig(png_structrp png_ptr)51 png_write_sig(png_structrp png_ptr)
52 {
53 png_byte png_signature[8] = {137, 80, 78, 71, 13, 10, 26, 10};
54
55 #ifdef PNG_IO_STATE_SUPPORTED
56 /* Inform the I/O callback that the signature is being written */
57 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_SIGNATURE;
58 #endif
59
60 /* Write the rest of the 8 byte signature */
61 png_write_data(png_ptr, &png_signature[png_ptr->sig_bytes],
62 (png_size_t)(8 - png_ptr->sig_bytes));
63
64 if (png_ptr->sig_bytes < 3)
65 png_ptr->mode |= PNG_HAVE_PNG_SIGNATURE;
66 }
67
68 /* Write the start of a PNG chunk. The type is the chunk type.
69 * The total_length is the sum of the lengths of all the data you will be
70 * passing in png_write_chunk_data().
71 */
72 static void
png_write_chunk_header(png_structrp png_ptr,png_uint_32 chunk_name,png_uint_32 length)73 png_write_chunk_header(png_structrp png_ptr, png_uint_32 chunk_name,
74 png_uint_32 length)
75 {
76 png_byte buf[8];
77
78 #if defined(PNG_DEBUG) && (PNG_DEBUG > 0)
79 PNG_CSTRING_FROM_CHUNK(buf, chunk_name);
80 png_debug2(0, "Writing %s chunk, length = %lu", buf, (unsigned long)length);
81 #endif
82
83 if (png_ptr == NULL)
84 return;
85
86 #ifdef PNG_IO_STATE_SUPPORTED
87 /* Inform the I/O callback that the chunk header is being written.
88 * PNG_IO_CHUNK_HDR requires a single I/O call.
89 */
90 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_CHUNK_HDR;
91 #endif
92
93 /* Write the length and the chunk name */
94 png_save_uint_32(buf, length);
95 png_save_uint_32(buf + 4, chunk_name);
96 png_write_data(png_ptr, buf, 8);
97
98 /* Put the chunk name into png_ptr->chunk_name */
99 png_ptr->chunk_name = chunk_name;
100
101 /* Reset the crc and run it over the chunk name */
102 png_reset_crc(png_ptr);
103
104 png_calculate_crc(png_ptr, buf + 4, 4);
105
106 #ifdef PNG_IO_STATE_SUPPORTED
107 /* Inform the I/O callback that chunk data will (possibly) be written.
108 * PNG_IO_CHUNK_DATA does NOT require a specific number of I/O calls.
109 */
110 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_CHUNK_DATA;
111 #endif
112 }
113
114 void PNGAPI
png_write_chunk_start(png_structrp png_ptr,png_const_bytep chunk_string,png_uint_32 length)115 png_write_chunk_start(png_structrp png_ptr, png_const_bytep chunk_string,
116 png_uint_32 length)
117 {
118 png_write_chunk_header(png_ptr, PNG_CHUNK_FROM_STRING(chunk_string), length);
119 }
120
121 /* Write the data of a PNG chunk started with png_write_chunk_header().
122 * Note that multiple calls to this function are allowed, and that the
123 * sum of the lengths from these calls *must* add up to the total_length
124 * given to png_write_chunk_header().
125 */
126 void PNGAPI
png_write_chunk_data(png_structrp png_ptr,png_const_bytep data,png_size_t length)127 png_write_chunk_data(png_structrp png_ptr, png_const_bytep data,
128 png_size_t length)
129 {
130 /* Write the data, and run the CRC over it */
131 if (png_ptr == NULL)
132 return;
133
134 if (data != NULL && length > 0)
135 {
136 png_write_data(png_ptr, data, length);
137
138 /* Update the CRC after writing the data,
139 * in case the user I/O routine alters it.
140 */
141 png_calculate_crc(png_ptr, data, length);
142 }
143 }
144
145 /* Finish a chunk started with png_write_chunk_header(). */
146 void PNGAPI
png_write_chunk_end(png_structrp png_ptr)147 png_write_chunk_end(png_structrp png_ptr)
148 {
149 png_byte buf[4];
150
151 if (png_ptr == NULL) return;
152
153 #ifdef PNG_IO_STATE_SUPPORTED
154 /* Inform the I/O callback that the chunk CRC is being written.
155 * PNG_IO_CHUNK_CRC requires a single I/O function call.
156 */
157 png_ptr->io_state = PNG_IO_WRITING | PNG_IO_CHUNK_CRC;
158 #endif
159
160 /* Write the crc in a single operation */
161 png_save_uint_32(buf, png_ptr->crc);
162
163 png_write_data(png_ptr, buf, (png_size_t)4);
164 }
165
166 /* Write a PNG chunk all at once. The type is an array of ASCII characters
167 * representing the chunk name. The array must be at least 4 bytes in
168 * length, and does not need to be null terminated. To be safe, pass the
169 * pre-defined chunk names here, and if you need a new one, define it
170 * where the others are defined. The length is the length of the data.
171 * All the data must be present. If that is not possible, use the
172 * png_write_chunk_start(), png_write_chunk_data(), and png_write_chunk_end()
173 * functions instead.
174 */
175 static void
png_write_complete_chunk(png_structrp png_ptr,png_uint_32 chunk_name,png_const_bytep data,png_size_t length)176 png_write_complete_chunk(png_structrp png_ptr, png_uint_32 chunk_name,
177 png_const_bytep data, png_size_t length)
178 {
179 if (png_ptr == NULL)
180 return;
181
182 /* On 64-bit architectures 'length' may not fit in a png_uint_32. */
183 if (length > PNG_UINT_31_MAX)
184 png_error(png_ptr, "length exceeds PNG maximum");
185
186 png_write_chunk_header(png_ptr, chunk_name, (png_uint_32)length);
187 png_write_chunk_data(png_ptr, data, length);
188 png_write_chunk_end(png_ptr);
189 }
190
191 /* This is the API that calls the internal function above. */
192 void PNGAPI
png_write_chunk(png_structrp png_ptr,png_const_bytep chunk_string,png_const_bytep data,png_size_t length)193 png_write_chunk(png_structrp png_ptr, png_const_bytep chunk_string,
194 png_const_bytep data, png_size_t length)
195 {
196 png_write_complete_chunk(png_ptr, PNG_CHUNK_FROM_STRING(chunk_string), data,
197 length);
198 }
199
200 /* This is used below to find the size of an image to pass to png_deflate_claim,
201 * so it only needs to be accurate if the size is less than 16384 bytes (the
202 * point at which a lower LZ window size can be used.)
203 */
204 static png_alloc_size_t
png_image_size(png_structrp png_ptr)205 png_image_size(png_structrp png_ptr)
206 {
207 /* Only return sizes up to the maximum of a png_uint_32; do this by limiting
208 * the width and height used to 15 bits.
209 */
210 png_uint_32 h = png_ptr->height;
211
212 if (png_ptr->rowbytes < 32768 && h < 32768)
213 {
214 if (png_ptr->interlaced != 0)
215 {
216 /* Interlacing makes the image larger because of the replication of
217 * both the filter byte and the padding to a byte boundary.
218 */
219 png_uint_32 w = png_ptr->width;
220 unsigned int pd = png_ptr->pixel_depth;
221 png_alloc_size_t cb_base;
222 int pass;
223
224 for (cb_base=0, pass=0; pass<=6; ++pass)
225 {
226 png_uint_32 pw = PNG_PASS_COLS(w, pass);
227
228 if (pw > 0)
229 cb_base += (PNG_ROWBYTES(pd, pw)+1) * PNG_PASS_ROWS(h, pass);
230 }
231
232 return cb_base;
233 }
234
235 else
236 return (png_ptr->rowbytes+1) * h;
237 }
238
239 else
240 return 0xffffffffU;
241 }
242
243 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
244 /* This is the code to hack the first two bytes of the deflate stream (the
245 * deflate header) to correct the windowBits value to match the actual data
246 * size. Note that the second argument is the *uncompressed* size but the
247 * first argument is the *compressed* data (and it must be deflate
248 * compressed.)
249 */
250 static void
optimize_cmf(png_bytep data,png_alloc_size_t data_size)251 optimize_cmf(png_bytep data, png_alloc_size_t data_size)
252 {
253 /* Optimize the CMF field in the zlib stream. The resultant zlib stream is
254 * still compliant to the stream specification.
255 */
256 if (data_size <= 16384) /* else windowBits must be 15 */
257 {
258 unsigned int z_cmf = data[0]; /* zlib compression method and flags */
259
260 if ((z_cmf & 0x0f) == 8 && (z_cmf & 0xf0) <= 0x70)
261 {
262 unsigned int z_cinfo;
263 unsigned int half_z_window_size;
264
265 z_cinfo = z_cmf >> 4;
266 half_z_window_size = 1U << (z_cinfo + 7);
267
268 if (data_size <= half_z_window_size) /* else no change */
269 {
270 unsigned int tmp;
271
272 do
273 {
274 half_z_window_size >>= 1;
275 --z_cinfo;
276 }
277 while (z_cinfo > 0 && data_size <= half_z_window_size);
278
279 z_cmf = (z_cmf & 0x0f) | (z_cinfo << 4);
280
281 data[0] = (png_byte)z_cmf;
282 tmp = data[1] & 0xe0;
283 tmp += 0x1f - ((z_cmf << 8) + tmp) % 0x1f;
284 data[1] = (png_byte)tmp;
285 }
286 }
287 }
288 }
289 #endif /* WRITE_OPTIMIZE_CMF */
290
291 /* Initialize the compressor for the appropriate type of compression. */
292 static int
png_deflate_claim(png_structrp png_ptr,png_uint_32 owner,png_alloc_size_t data_size)293 png_deflate_claim(png_structrp png_ptr, png_uint_32 owner,
294 png_alloc_size_t data_size)
295 {
296 if (png_ptr->zowner != 0)
297 {
298 #if defined(PNG_WARNINGS_SUPPORTED) || defined(PNG_ERROR_TEXT_SUPPORTED)
299 char msg[64];
300
301 PNG_STRING_FROM_CHUNK(msg, owner);
302 msg[4] = ':';
303 msg[5] = ' ';
304 PNG_STRING_FROM_CHUNK(msg+6, png_ptr->zowner);
305 /* So the message that results is "<chunk> using zstream"; this is an
306 * internal error, but is very useful for debugging. i18n requirements
307 * are minimal.
308 */
309 (void)png_safecat(msg, (sizeof msg), 10, " using zstream");
310 #endif
311 #if PNG_RELEASE_BUILD
312 png_warning(png_ptr, msg);
313
314 /* Attempt sane error recovery */
315 if (png_ptr->zowner == png_IDAT) /* don't steal from IDAT */
316 {
317 png_ptr->zstream.msg = PNGZ_MSG_CAST("in use by IDAT");
318 return Z_STREAM_ERROR;
319 }
320
321 png_ptr->zowner = 0;
322 #else
323 png_error(png_ptr, msg);
324 #endif
325 }
326
327 {
328 int level = png_ptr->zlib_level;
329 int method = png_ptr->zlib_method;
330 int windowBits = png_ptr->zlib_window_bits;
331 int memLevel = png_ptr->zlib_mem_level;
332 int strategy; /* set below */
333 int ret; /* zlib return code */
334
335 if (owner == png_IDAT)
336 {
337 if ((png_ptr->flags & PNG_FLAG_ZLIB_CUSTOM_STRATEGY) != 0)
338 strategy = png_ptr->zlib_strategy;
339
340 else if (png_ptr->do_filter != PNG_FILTER_NONE)
341 strategy = PNG_Z_DEFAULT_STRATEGY;
342
343 else
344 strategy = PNG_Z_DEFAULT_NOFILTER_STRATEGY;
345 }
346
347 else
348 {
349 #ifdef PNG_WRITE_CUSTOMIZE_ZTXT_COMPRESSION_SUPPORTED
350 level = png_ptr->zlib_text_level;
351 method = png_ptr->zlib_text_method;
352 windowBits = png_ptr->zlib_text_window_bits;
353 memLevel = png_ptr->zlib_text_mem_level;
354 strategy = png_ptr->zlib_text_strategy;
355 #else
356 /* If customization is not supported the values all come from the
357 * IDAT values except for the strategy, which is fixed to the
358 * default. (This is the pre-1.6.0 behavior too, although it was
359 * implemented in a very different way.)
360 */
361 strategy = Z_DEFAULT_STRATEGY;
362 #endif
363 }
364
365 /* Adjust 'windowBits' down if larger than 'data_size'; to stop this
366 * happening just pass 32768 as the data_size parameter. Notice that zlib
367 * requires an extra 262 bytes in the window in addition to the data to be
368 * able to see the whole of the data, so if data_size+262 takes us to the
369 * next windowBits size we need to fix up the value later. (Because even
370 * though deflate needs the extra window, inflate does not!)
371 */
372 if (data_size <= 16384)
373 {
374 /* IMPLEMENTATION NOTE: this 'half_window_size' stuff is only here to
375 * work round a Microsoft Visual C misbehavior which, contrary to C-90,
376 * widens the result of the following shift to 64-bits if (and,
377 * apparently, only if) it is used in a test.
378 */
379 unsigned int half_window_size = 1U << (windowBits-1);
380
381 while (data_size + 262 <= half_window_size)
382 {
383 half_window_size >>= 1;
384 --windowBits;
385 }
386 }
387
388 /* Check against the previous initialized values, if any. */
389 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_INITIALIZED) != 0 &&
390 (png_ptr->zlib_set_level != level ||
391 png_ptr->zlib_set_method != method ||
392 png_ptr->zlib_set_window_bits != windowBits ||
393 png_ptr->zlib_set_mem_level != memLevel ||
394 png_ptr->zlib_set_strategy != strategy))
395 {
396 if (deflateEnd(&png_ptr->zstream) != Z_OK)
397 png_warning(png_ptr, "deflateEnd failed (ignored)");
398
399 png_ptr->flags &= ~PNG_FLAG_ZSTREAM_INITIALIZED;
400 }
401
402 /* For safety clear out the input and output pointers (currently zlib
403 * doesn't use them on Init, but it might in the future).
404 */
405 png_ptr->zstream.next_in = NULL;
406 png_ptr->zstream.avail_in = 0;
407 png_ptr->zstream.next_out = NULL;
408 png_ptr->zstream.avail_out = 0;
409
410 /* Now initialize if required, setting the new parameters, otherwise just
411 * to a simple reset to the previous parameters.
412 */
413 if ((png_ptr->flags & PNG_FLAG_ZSTREAM_INITIALIZED) != 0)
414 ret = deflateReset(&png_ptr->zstream);
415
416 else
417 {
418 ret = deflateInit2(&png_ptr->zstream, level, method, windowBits,
419 memLevel, strategy);
420
421 if (ret == Z_OK)
422 png_ptr->flags |= PNG_FLAG_ZSTREAM_INITIALIZED;
423 }
424
425 /* The return code is from either deflateReset or deflateInit2; they have
426 * pretty much the same set of error codes.
427 */
428 if (ret == Z_OK)
429 png_ptr->zowner = owner;
430
431 else
432 png_zstream_error(png_ptr, ret);
433
434 return ret;
435 }
436 }
437
438 /* Clean up (or trim) a linked list of compression buffers. */
439 void /* PRIVATE */
png_free_buffer_list(png_structrp png_ptr,png_compression_bufferp * listp)440 png_free_buffer_list(png_structrp png_ptr, png_compression_bufferp *listp)
441 {
442 png_compression_bufferp list = *listp;
443
444 if (list != NULL)
445 {
446 *listp = NULL;
447
448 do
449 {
450 png_compression_bufferp next = list->next;
451
452 png_free(png_ptr, list);
453 list = next;
454 }
455 while (list != NULL);
456 }
457 }
458
459 #ifdef PNG_WRITE_COMPRESSED_TEXT_SUPPORTED
460 /* This pair of functions encapsulates the operation of (a) compressing a
461 * text string, and (b) issuing it later as a series of chunk data writes.
462 * The compression_state structure is shared context for these functions
463 * set up by the caller to allow access to the relevant local variables.
464 *
465 * compression_buffer (new in 1.6.0) is just a linked list of zbuffer_size
466 * temporary buffers. From 1.6.0 it is retained in png_struct so that it will
467 * be correctly freed in the event of a write error (previous implementations
468 * just leaked memory.)
469 */
470 typedef struct
471 {
472 png_const_bytep input; /* The uncompressed input data */
473 png_alloc_size_t input_len; /* Its length */
474 png_uint_32 output_len; /* Final compressed length */
475 png_byte output[1024]; /* First block of output */
476 } compression_state;
477
478 static void
png_text_compress_init(compression_state * comp,png_const_bytep input,png_alloc_size_t input_len)479 png_text_compress_init(compression_state *comp, png_const_bytep input,
480 png_alloc_size_t input_len)
481 {
482 comp->input = input;
483 comp->input_len = input_len;
484 comp->output_len = 0;
485 }
486
487 /* Compress the data in the compression state input */
488 static int
png_text_compress(png_structrp png_ptr,png_uint_32 chunk_name,compression_state * comp,png_uint_32 prefix_len)489 png_text_compress(png_structrp png_ptr, png_uint_32 chunk_name,
490 compression_state *comp, png_uint_32 prefix_len)
491 {
492 int ret;
493
494 /* To find the length of the output it is necessary to first compress the
495 * input. The result is buffered rather than using the two-pass algorithm
496 * that is used on the inflate side; deflate is assumed to be slower and a
497 * PNG writer is assumed to have more memory available than a PNG reader.
498 *
499 * IMPLEMENTATION NOTE: the zlib API deflateBound() can be used to find an
500 * upper limit on the output size, but it is always bigger than the input
501 * size so it is likely to be more efficient to use this linked-list
502 * approach.
503 */
504 ret = png_deflate_claim(png_ptr, chunk_name, comp->input_len);
505
506 if (ret != Z_OK)
507 return ret;
508
509 /* Set up the compression buffers, we need a loop here to avoid overflowing a
510 * uInt. Use ZLIB_IO_MAX to limit the input. The output is always limited
511 * by the output buffer size, so there is no need to check that. Since this
512 * is ANSI-C we know that an 'int', hence a uInt, is always at least 16 bits
513 * in size.
514 */
515 {
516 png_compression_bufferp *end = &png_ptr->zbuffer_list;
517 png_alloc_size_t input_len = comp->input_len; /* may be zero! */
518 png_uint_32 output_len;
519
520 /* zlib updates these for us: */
521 png_ptr->zstream.next_in = PNGZ_INPUT_CAST(comp->input);
522 png_ptr->zstream.avail_in = 0; /* Set below */
523 png_ptr->zstream.next_out = comp->output;
524 png_ptr->zstream.avail_out = (sizeof comp->output);
525
526 output_len = png_ptr->zstream.avail_out;
527
528 do
529 {
530 uInt avail_in = ZLIB_IO_MAX;
531
532 if (avail_in > input_len)
533 avail_in = (uInt)input_len;
534
535 input_len -= avail_in;
536
537 png_ptr->zstream.avail_in = avail_in;
538
539 if (png_ptr->zstream.avail_out == 0)
540 {
541 png_compression_buffer *next;
542
543 /* Chunk data is limited to 2^31 bytes in length, so the prefix
544 * length must be counted here.
545 */
546 if (output_len + prefix_len > PNG_UINT_31_MAX)
547 {
548 ret = Z_MEM_ERROR;
549 break;
550 }
551
552 /* Need a new (malloc'ed) buffer, but there may be one present
553 * already.
554 */
555 next = *end;
556 if (next == NULL)
557 {
558 next = png_voidcast(png_compression_bufferp, png_malloc_base
559 (png_ptr, PNG_COMPRESSION_BUFFER_SIZE(png_ptr)));
560
561 if (next == NULL)
562 {
563 ret = Z_MEM_ERROR;
564 break;
565 }
566
567 /* Link in this buffer (so that it will be freed later) */
568 next->next = NULL;
569 *end = next;
570 }
571
572 png_ptr->zstream.next_out = next->output;
573 png_ptr->zstream.avail_out = png_ptr->zbuffer_size;
574 output_len += png_ptr->zstream.avail_out;
575
576 /* Move 'end' to the next buffer pointer. */
577 end = &next->next;
578 }
579
580 /* Compress the data */
581 ret = deflate(&png_ptr->zstream,
582 input_len > 0 ? Z_NO_FLUSH : Z_FINISH);
583
584 /* Claw back input data that was not consumed (because avail_in is
585 * reset above every time round the loop).
586 */
587 input_len += png_ptr->zstream.avail_in;
588 png_ptr->zstream.avail_in = 0; /* safety */
589 }
590 while (ret == Z_OK);
591
592 /* There may be some space left in the last output buffer. This needs to
593 * be subtracted from output_len.
594 */
595 output_len -= png_ptr->zstream.avail_out;
596 png_ptr->zstream.avail_out = 0; /* safety */
597 comp->output_len = output_len;
598
599 /* Now double check the output length, put in a custom message if it is
600 * too long. Otherwise ensure the z_stream::msg pointer is set to
601 * something.
602 */
603 if (output_len + prefix_len >= PNG_UINT_31_MAX)
604 {
605 png_ptr->zstream.msg = PNGZ_MSG_CAST("compressed data too long");
606 ret = Z_MEM_ERROR;
607 }
608
609 else
610 png_zstream_error(png_ptr, ret);
611
612 /* Reset zlib for another zTXt/iTXt or image data */
613 png_ptr->zowner = 0;
614
615 /* The only success case is Z_STREAM_END, input_len must be 0; if not this
616 * is an internal error.
617 */
618 if (ret == Z_STREAM_END && input_len == 0)
619 {
620 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
621 /* Fix up the deflate header, if required */
622 optimize_cmf(comp->output, comp->input_len);
623 #endif
624 /* But Z_OK is returned, not Z_STREAM_END; this allows the claim
625 * function above to return Z_STREAM_END on an error (though it never
626 * does in the current versions of zlib.)
627 */
628 return Z_OK;
629 }
630
631 else
632 return ret;
633 }
634 }
635
636 /* Ship the compressed text out via chunk writes */
637 static void
png_write_compressed_data_out(png_structrp png_ptr,compression_state * comp)638 png_write_compressed_data_out(png_structrp png_ptr, compression_state *comp)
639 {
640 png_uint_32 output_len = comp->output_len;
641 png_const_bytep output = comp->output;
642 png_uint_32 avail = (sizeof comp->output);
643 png_compression_buffer *next = png_ptr->zbuffer_list;
644
645 for (;;)
646 {
647 if (avail > output_len)
648 avail = output_len;
649
650 png_write_chunk_data(png_ptr, output, avail);
651
652 output_len -= avail;
653
654 if (output_len == 0 || next == NULL)
655 break;
656
657 avail = png_ptr->zbuffer_size;
658 output = next->output;
659 next = next->next;
660 }
661
662 /* This is an internal error; 'next' must have been NULL! */
663 if (output_len > 0)
664 png_error(png_ptr, "error writing ancillary chunked compressed data");
665 }
666 #endif /* WRITE_COMPRESSED_TEXT */
667
668 /* Write the IHDR chunk, and update the png_struct with the necessary
669 * information. Note that the rest of this code depends upon this
670 * information being correct.
671 */
672 void /* PRIVATE */
png_write_IHDR(png_structrp png_ptr,png_uint_32 width,png_uint_32 height,int bit_depth,int color_type,int compression_type,int filter_type,int interlace_type)673 png_write_IHDR(png_structrp png_ptr, png_uint_32 width, png_uint_32 height,
674 int bit_depth, int color_type, int compression_type, int filter_type,
675 int interlace_type)
676 {
677 png_byte buf[13]; /* Buffer to store the IHDR info */
678
679 png_debug(1, "in png_write_IHDR");
680
681 /* Check that we have valid input data from the application info */
682 switch (color_type)
683 {
684 case PNG_COLOR_TYPE_GRAY:
685 switch (bit_depth)
686 {
687 case 1:
688 case 2:
689 case 4:
690 case 8:
691 #ifdef PNG_WRITE_16BIT_SUPPORTED
692 case 16:
693 #endif
694 png_ptr->channels = 1; break;
695
696 default:
697 png_error(png_ptr,
698 "Invalid bit depth for grayscale image");
699 }
700 break;
701
702 case PNG_COLOR_TYPE_RGB:
703 #ifdef PNG_WRITE_16BIT_SUPPORTED
704 if (bit_depth != 8 && bit_depth != 16)
705 #else
706 if (bit_depth != 8)
707 #endif
708 png_error(png_ptr, "Invalid bit depth for RGB image");
709
710 png_ptr->channels = 3;
711 break;
712
713 case PNG_COLOR_TYPE_PALETTE:
714 switch (bit_depth)
715 {
716 case 1:
717 case 2:
718 case 4:
719 case 8:
720 png_ptr->channels = 1;
721 break;
722
723 default:
724 png_error(png_ptr, "Invalid bit depth for paletted image");
725 }
726 break;
727
728 case PNG_COLOR_TYPE_GRAY_ALPHA:
729 if (bit_depth != 8 && bit_depth != 16)
730 png_error(png_ptr, "Invalid bit depth for grayscale+alpha image");
731
732 png_ptr->channels = 2;
733 break;
734
735 case PNG_COLOR_TYPE_RGB_ALPHA:
736 #ifdef PNG_WRITE_16BIT_SUPPORTED
737 if (bit_depth != 8 && bit_depth != 16)
738 #else
739 if (bit_depth != 8)
740 #endif
741 png_error(png_ptr, "Invalid bit depth for RGBA image");
742
743 png_ptr->channels = 4;
744 break;
745
746 default:
747 png_error(png_ptr, "Invalid image color type specified");
748 }
749
750 if (compression_type != PNG_COMPRESSION_TYPE_BASE)
751 {
752 png_warning(png_ptr, "Invalid compression type specified");
753 compression_type = PNG_COMPRESSION_TYPE_BASE;
754 }
755
756 /* Write filter_method 64 (intrapixel differencing) only if
757 * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and
758 * 2. Libpng did not write a PNG signature (this filter_method is only
759 * used in PNG datastreams that are embedded in MNG datastreams) and
760 * 3. The application called png_permit_mng_features with a mask that
761 * included PNG_FLAG_MNG_FILTER_64 and
762 * 4. The filter_method is 64 and
763 * 5. The color_type is RGB or RGBA
764 */
765 if (
766 #ifdef PNG_MNG_FEATURES_SUPPORTED
767 !((png_ptr->mng_features_permitted & PNG_FLAG_MNG_FILTER_64) != 0 &&
768 ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) == 0) &&
769 (color_type == PNG_COLOR_TYPE_RGB ||
770 color_type == PNG_COLOR_TYPE_RGB_ALPHA) &&
771 (filter_type == PNG_INTRAPIXEL_DIFFERENCING)) &&
772 #endif
773 filter_type != PNG_FILTER_TYPE_BASE)
774 {
775 png_warning(png_ptr, "Invalid filter type specified");
776 filter_type = PNG_FILTER_TYPE_BASE;
777 }
778
779 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
780 if (interlace_type != PNG_INTERLACE_NONE &&
781 interlace_type != PNG_INTERLACE_ADAM7)
782 {
783 png_warning(png_ptr, "Invalid interlace type specified");
784 interlace_type = PNG_INTERLACE_ADAM7;
785 }
786 #else
787 interlace_type=PNG_INTERLACE_NONE;
788 #endif
789
790 /* Save the relevant information */
791 png_ptr->bit_depth = (png_byte)bit_depth;
792 png_ptr->color_type = (png_byte)color_type;
793 png_ptr->interlaced = (png_byte)interlace_type;
794 #ifdef PNG_MNG_FEATURES_SUPPORTED
795 png_ptr->filter_type = (png_byte)filter_type;
796 #endif
797 png_ptr->compression_type = (png_byte)compression_type;
798 png_ptr->width = width;
799 png_ptr->height = height;
800
801 png_ptr->pixel_depth = (png_byte)(bit_depth * png_ptr->channels);
802 png_ptr->rowbytes = PNG_ROWBYTES(png_ptr->pixel_depth, width);
803 /* Set the usr info, so any transformations can modify it */
804 png_ptr->usr_width = png_ptr->width;
805 png_ptr->usr_bit_depth = png_ptr->bit_depth;
806 png_ptr->usr_channels = png_ptr->channels;
807
808 /* Pack the header information into the buffer */
809 png_save_uint_32(buf, width);
810 png_save_uint_32(buf + 4, height);
811 buf[8] = (png_byte)bit_depth;
812 buf[9] = (png_byte)color_type;
813 buf[10] = (png_byte)compression_type;
814 buf[11] = (png_byte)filter_type;
815 buf[12] = (png_byte)interlace_type;
816
817 /* Write the chunk */
818 png_write_complete_chunk(png_ptr, png_IHDR, buf, (png_size_t)13);
819
820 if ((png_ptr->do_filter) == PNG_NO_FILTERS)
821 {
822 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE ||
823 png_ptr->bit_depth < 8)
824 png_ptr->do_filter = PNG_FILTER_NONE;
825
826 else
827 png_ptr->do_filter = PNG_ALL_FILTERS;
828 }
829
830 png_ptr->mode = PNG_HAVE_IHDR; /* not READY_FOR_ZTXT */
831 }
832
833 /* Write the palette. We are careful not to trust png_color to be in the
834 * correct order for PNG, so people can redefine it to any convenient
835 * structure.
836 */
837 void /* PRIVATE */
png_write_PLTE(png_structrp png_ptr,png_const_colorp palette,png_uint_32 num_pal)838 png_write_PLTE(png_structrp png_ptr, png_const_colorp palette,
839 png_uint_32 num_pal)
840 {
841 png_uint_32 max_palette_length, i;
842 png_const_colorp pal_ptr;
843 png_byte buf[3];
844
845 png_debug(1, "in png_write_PLTE");
846
847 max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
848 (1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
849
850 if ((
851 #ifdef PNG_MNG_FEATURES_SUPPORTED
852 (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0 &&
853 #endif
854 num_pal == 0) || num_pal > max_palette_length)
855 {
856 if (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE)
857 {
858 png_error(png_ptr, "Invalid number of colors in palette");
859 }
860
861 else
862 {
863 png_warning(png_ptr, "Invalid number of colors in palette");
864 return;
865 }
866 }
867
868 if ((png_ptr->color_type & PNG_COLOR_MASK_COLOR) == 0)
869 {
870 png_warning(png_ptr,
871 "Ignoring request to write a PLTE chunk in grayscale PNG");
872
873 return;
874 }
875
876 png_ptr->num_palette = (png_uint_16)num_pal;
877 png_debug1(3, "num_palette = %d", png_ptr->num_palette);
878
879 png_write_chunk_header(png_ptr, png_PLTE, (png_uint_32)(num_pal * 3));
880 #ifdef PNG_POINTER_INDEXING_SUPPORTED
881
882 for (i = 0, pal_ptr = palette; i < num_pal; i++, pal_ptr++)
883 {
884 buf[0] = pal_ptr->red;
885 buf[1] = pal_ptr->green;
886 buf[2] = pal_ptr->blue;
887 png_write_chunk_data(png_ptr, buf, (png_size_t)3);
888 }
889
890 #else
891 /* This is a little slower but some buggy compilers need to do this
892 * instead
893 */
894 pal_ptr=palette;
895
896 for (i = 0; i < num_pal; i++)
897 {
898 buf[0] = pal_ptr[i].red;
899 buf[1] = pal_ptr[i].green;
900 buf[2] = pal_ptr[i].blue;
901 png_write_chunk_data(png_ptr, buf, (png_size_t)3);
902 }
903
904 #endif
905 png_write_chunk_end(png_ptr);
906 png_ptr->mode |= PNG_HAVE_PLTE;
907 }
908
909 /* This is similar to png_text_compress, above, except that it does not require
910 * all of the data at once and, instead of buffering the compressed result,
911 * writes it as IDAT chunks. Unlike png_text_compress it *can* png_error out
912 * because it calls the write interface. As a result it does its own error
913 * reporting and does not return an error code. In the event of error it will
914 * just call png_error. The input data length may exceed 32-bits. The 'flush'
915 * parameter is exactly the same as that to deflate, with the following
916 * meanings:
917 *
918 * Z_NO_FLUSH: normal incremental output of compressed data
919 * Z_SYNC_FLUSH: do a SYNC_FLUSH, used by png_write_flush
920 * Z_FINISH: this is the end of the input, do a Z_FINISH and clean up
921 *
922 * The routine manages the acquire and release of the png_ptr->zstream by
923 * checking and (at the end) clearing png_ptr->zowner; it does some sanity
924 * checks on the 'mode' flags while doing this.
925 */
926 void /* PRIVATE */
png_compress_IDAT(png_structrp png_ptr,png_const_bytep input,png_alloc_size_t input_len,int flush)927 png_compress_IDAT(png_structrp png_ptr, png_const_bytep input,
928 png_alloc_size_t input_len, int flush)
929 {
930 if (png_ptr->zowner != png_IDAT)
931 {
932 /* First time. Ensure we have a temporary buffer for compression and
933 * trim the buffer list if it has more than one entry to free memory.
934 * If 'WRITE_COMPRESSED_TEXT' is not set the list will never have been
935 * created at this point, but the check here is quick and safe.
936 */
937 if (png_ptr->zbuffer_list == NULL)
938 {
939 png_ptr->zbuffer_list = png_voidcast(png_compression_bufferp,
940 png_malloc(png_ptr, PNG_COMPRESSION_BUFFER_SIZE(png_ptr)));
941 png_ptr->zbuffer_list->next = NULL;
942 }
943
944 else
945 png_free_buffer_list(png_ptr, &png_ptr->zbuffer_list->next);
946
947 /* It is a terminal error if we can't claim the zstream. */
948 if (png_deflate_claim(png_ptr, png_IDAT, png_image_size(png_ptr)) != Z_OK)
949 png_error(png_ptr, png_ptr->zstream.msg);
950
951 /* The output state is maintained in png_ptr->zstream, so it must be
952 * initialized here after the claim.
953 */
954 png_ptr->zstream.next_out = png_ptr->zbuffer_list->output;
955 png_ptr->zstream.avail_out = png_ptr->zbuffer_size;
956 }
957
958 /* Now loop reading and writing until all the input is consumed or an error
959 * terminates the operation. The _out values are maintained across calls to
960 * this function, but the input must be reset each time.
961 */
962 png_ptr->zstream.next_in = PNGZ_INPUT_CAST(input);
963 png_ptr->zstream.avail_in = 0; /* set below */
964 for (;;)
965 {
966 int ret;
967
968 /* INPUT: from the row data */
969 uInt avail = ZLIB_IO_MAX;
970
971 if (avail > input_len)
972 avail = (uInt)input_len; /* safe because of the check */
973
974 png_ptr->zstream.avail_in = avail;
975 input_len -= avail;
976
977 ret = deflate(&png_ptr->zstream, input_len > 0 ? Z_NO_FLUSH : flush);
978
979 /* Include as-yet unconsumed input */
980 input_len += png_ptr->zstream.avail_in;
981 png_ptr->zstream.avail_in = 0;
982
983 /* OUTPUT: write complete IDAT chunks when avail_out drops to zero. Note
984 * that these two zstream fields are preserved across the calls, therefore
985 * there is no need to set these up on entry to the loop.
986 */
987 if (png_ptr->zstream.avail_out == 0)
988 {
989 png_bytep data = png_ptr->zbuffer_list->output;
990 uInt size = png_ptr->zbuffer_size;
991
992 /* Write an IDAT containing the data then reset the buffer. The
993 * first IDAT may need deflate header optimization.
994 */
995 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
996 if ((png_ptr->mode & PNG_HAVE_IDAT) == 0 &&
997 png_ptr->compression_type == PNG_COMPRESSION_TYPE_BASE)
998 optimize_cmf(data, png_image_size(png_ptr));
999 #endif
1000
1001 png_write_complete_chunk(png_ptr, png_IDAT, data, size);
1002 png_ptr->mode |= PNG_HAVE_IDAT;
1003
1004 png_ptr->zstream.next_out = data;
1005 png_ptr->zstream.avail_out = size;
1006
1007 /* For SYNC_FLUSH or FINISH it is essential to keep calling zlib with
1008 * the same flush parameter until it has finished output, for NO_FLUSH
1009 * it doesn't matter.
1010 */
1011 if (ret == Z_OK && flush != Z_NO_FLUSH)
1012 continue;
1013 }
1014
1015 /* The order of these checks doesn't matter much; it just affects which
1016 * possible error might be detected if multiple things go wrong at once.
1017 */
1018 if (ret == Z_OK) /* most likely return code! */
1019 {
1020 /* If all the input has been consumed then just return. If Z_FINISH
1021 * was used as the flush parameter something has gone wrong if we get
1022 * here.
1023 */
1024 if (input_len == 0)
1025 {
1026 if (flush == Z_FINISH)
1027 png_error(png_ptr, "Z_OK on Z_FINISH with output space");
1028
1029 return;
1030 }
1031 }
1032
1033 else if (ret == Z_STREAM_END && flush == Z_FINISH)
1034 {
1035 /* This is the end of the IDAT data; any pending output must be
1036 * flushed. For small PNG files we may still be at the beginning.
1037 */
1038 png_bytep data = png_ptr->zbuffer_list->output;
1039 uInt size = png_ptr->zbuffer_size - png_ptr->zstream.avail_out;
1040
1041 #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED
1042 if ((png_ptr->mode & PNG_HAVE_IDAT) == 0 &&
1043 png_ptr->compression_type == PNG_COMPRESSION_TYPE_BASE)
1044 optimize_cmf(data, png_image_size(png_ptr));
1045 #endif
1046
1047 png_write_complete_chunk(png_ptr, png_IDAT, data, size);
1048 png_ptr->zstream.avail_out = 0;
1049 png_ptr->zstream.next_out = NULL;
1050 png_ptr->mode |= PNG_HAVE_IDAT | PNG_AFTER_IDAT;
1051
1052 png_ptr->zowner = 0; /* Release the stream */
1053 return;
1054 }
1055
1056 else
1057 {
1058 /* This is an error condition. */
1059 png_zstream_error(png_ptr, ret);
1060 png_error(png_ptr, png_ptr->zstream.msg);
1061 }
1062 }
1063 }
1064
1065 /* Write an IEND chunk */
1066 void /* PRIVATE */
png_write_IEND(png_structrp png_ptr)1067 png_write_IEND(png_structrp png_ptr)
1068 {
1069 png_debug(1, "in png_write_IEND");
1070
1071 png_write_complete_chunk(png_ptr, png_IEND, NULL, (png_size_t)0);
1072 png_ptr->mode |= PNG_HAVE_IEND;
1073 }
1074
1075 #ifdef PNG_WRITE_gAMA_SUPPORTED
1076 /* Write a gAMA chunk */
1077 void /* PRIVATE */
png_write_gAMA_fixed(png_structrp png_ptr,png_fixed_point file_gamma)1078 png_write_gAMA_fixed(png_structrp png_ptr, png_fixed_point file_gamma)
1079 {
1080 png_byte buf[4];
1081
1082 png_debug(1, "in png_write_gAMA");
1083
1084 /* file_gamma is saved in 1/100,000ths */
1085 png_save_uint_32(buf, (png_uint_32)file_gamma);
1086 png_write_complete_chunk(png_ptr, png_gAMA, buf, (png_size_t)4);
1087 }
1088 #endif
1089
1090 #ifdef PNG_WRITE_sRGB_SUPPORTED
1091 /* Write a sRGB chunk */
1092 void /* PRIVATE */
png_write_sRGB(png_structrp png_ptr,int srgb_intent)1093 png_write_sRGB(png_structrp png_ptr, int srgb_intent)
1094 {
1095 png_byte buf[1];
1096
1097 png_debug(1, "in png_write_sRGB");
1098
1099 if (srgb_intent >= PNG_sRGB_INTENT_LAST)
1100 png_warning(png_ptr,
1101 "Invalid sRGB rendering intent specified");
1102
1103 buf[0]=(png_byte)srgb_intent;
1104 png_write_complete_chunk(png_ptr, png_sRGB, buf, (png_size_t)1);
1105 }
1106 #endif
1107
1108 #ifdef PNG_WRITE_iCCP_SUPPORTED
1109 /* Write an iCCP chunk */
1110 void /* PRIVATE */
png_write_iCCP(png_structrp png_ptr,png_const_charp name,png_const_bytep profile)1111 png_write_iCCP(png_structrp png_ptr, png_const_charp name,
1112 png_const_bytep profile)
1113 {
1114 png_uint_32 name_len;
1115 png_uint_32 profile_len;
1116 png_byte new_name[81]; /* 1 byte for the compression byte */
1117 compression_state comp;
1118 png_uint_32 temp;
1119
1120 png_debug(1, "in png_write_iCCP");
1121
1122 /* These are all internal problems: the profile should have been checked
1123 * before when it was stored.
1124 */
1125 if (profile == NULL)
1126 png_error(png_ptr, "No profile for iCCP chunk"); /* internal error */
1127
1128 profile_len = png_get_uint_32(profile);
1129
1130 if (profile_len < 132)
1131 png_error(png_ptr, "ICC profile too short");
1132
1133 temp = (png_uint_32) (*(profile+8));
1134 if (temp > 3 && (profile_len & 0x03))
1135 png_error(png_ptr, "ICC profile length invalid (not a multiple of 4)");
1136
1137 {
1138 png_uint_32 embedded_profile_len = png_get_uint_32(profile);
1139
1140 if (profile_len != embedded_profile_len)
1141 png_error(png_ptr, "Profile length does not match profile");
1142 }
1143
1144 name_len = png_check_keyword(png_ptr, name, new_name);
1145
1146 if (name_len == 0)
1147 png_error(png_ptr, "iCCP: invalid keyword");
1148
1149 new_name[++name_len] = PNG_COMPRESSION_TYPE_BASE;
1150
1151 /* Make sure we include the NULL after the name and the compression type */
1152 ++name_len;
1153
1154 png_text_compress_init(&comp, profile, profile_len);
1155
1156 /* Allow for keyword terminator and compression byte */
1157 if (png_text_compress(png_ptr, png_iCCP, &comp, name_len) != Z_OK)
1158 png_error(png_ptr, png_ptr->zstream.msg);
1159
1160 png_write_chunk_header(png_ptr, png_iCCP, name_len + comp.output_len);
1161
1162 png_write_chunk_data(png_ptr, new_name, name_len);
1163
1164 png_write_compressed_data_out(png_ptr, &comp);
1165
1166 png_write_chunk_end(png_ptr);
1167 }
1168 #endif
1169
1170 #ifdef PNG_WRITE_sPLT_SUPPORTED
1171 /* Write a sPLT chunk */
1172 void /* PRIVATE */
png_write_sPLT(png_structrp png_ptr,png_const_sPLT_tp spalette)1173 png_write_sPLT(png_structrp png_ptr, png_const_sPLT_tp spalette)
1174 {
1175 png_uint_32 name_len;
1176 png_byte new_name[80];
1177 png_byte entrybuf[10];
1178 png_size_t entry_size = (spalette->depth == 8 ? 6 : 10);
1179 png_size_t palette_size = entry_size * spalette->nentries;
1180 png_sPLT_entryp ep;
1181 #ifndef PNG_POINTER_INDEXING_SUPPORTED
1182 int i;
1183 #endif
1184
1185 png_debug(1, "in png_write_sPLT");
1186
1187 name_len = png_check_keyword(png_ptr, spalette->name, new_name);
1188
1189 if (name_len == 0)
1190 png_error(png_ptr, "sPLT: invalid keyword");
1191
1192 /* Make sure we include the NULL after the name */
1193 png_write_chunk_header(png_ptr, png_sPLT,
1194 (png_uint_32)(name_len + 2 + palette_size));
1195
1196 png_write_chunk_data(png_ptr, (png_bytep)new_name,
1197 (png_size_t)(name_len + 1));
1198
1199 png_write_chunk_data(png_ptr, &spalette->depth, (png_size_t)1);
1200
1201 /* Loop through each palette entry, writing appropriately */
1202 #ifdef PNG_POINTER_INDEXING_SUPPORTED
1203 for (ep = spalette->entries; ep<spalette->entries + spalette->nentries; ep++)
1204 {
1205 if (spalette->depth == 8)
1206 {
1207 entrybuf[0] = (png_byte)ep->red;
1208 entrybuf[1] = (png_byte)ep->green;
1209 entrybuf[2] = (png_byte)ep->blue;
1210 entrybuf[3] = (png_byte)ep->alpha;
1211 png_save_uint_16(entrybuf + 4, ep->frequency);
1212 }
1213
1214 else
1215 {
1216 png_save_uint_16(entrybuf + 0, ep->red);
1217 png_save_uint_16(entrybuf + 2, ep->green);
1218 png_save_uint_16(entrybuf + 4, ep->blue);
1219 png_save_uint_16(entrybuf + 6, ep->alpha);
1220 png_save_uint_16(entrybuf + 8, ep->frequency);
1221 }
1222
1223 png_write_chunk_data(png_ptr, entrybuf, entry_size);
1224 }
1225 #else
1226 ep=spalette->entries;
1227 for (i = 0; i>spalette->nentries; i++)
1228 {
1229 if (spalette->depth == 8)
1230 {
1231 entrybuf[0] = (png_byte)ep[i].red;
1232 entrybuf[1] = (png_byte)ep[i].green;
1233 entrybuf[2] = (png_byte)ep[i].blue;
1234 entrybuf[3] = (png_byte)ep[i].alpha;
1235 png_save_uint_16(entrybuf + 4, ep[i].frequency);
1236 }
1237
1238 else
1239 {
1240 png_save_uint_16(entrybuf + 0, ep[i].red);
1241 png_save_uint_16(entrybuf + 2, ep[i].green);
1242 png_save_uint_16(entrybuf + 4, ep[i].blue);
1243 png_save_uint_16(entrybuf + 6, ep[i].alpha);
1244 png_save_uint_16(entrybuf + 8, ep[i].frequency);
1245 }
1246
1247 png_write_chunk_data(png_ptr, entrybuf, entry_size);
1248 }
1249 #endif
1250
1251 png_write_chunk_end(png_ptr);
1252 }
1253 #endif
1254
1255 #ifdef PNG_WRITE_sBIT_SUPPORTED
1256 /* Write the sBIT chunk */
1257 void /* PRIVATE */
png_write_sBIT(png_structrp png_ptr,png_const_color_8p sbit,int color_type)1258 png_write_sBIT(png_structrp png_ptr, png_const_color_8p sbit, int color_type)
1259 {
1260 png_byte buf[4];
1261 png_size_t size;
1262
1263 png_debug(1, "in png_write_sBIT");
1264
1265 /* Make sure we don't depend upon the order of PNG_COLOR_8 */
1266 if ((color_type & PNG_COLOR_MASK_COLOR) != 0)
1267 {
1268 png_byte maxbits;
1269
1270 maxbits = (png_byte)(color_type==PNG_COLOR_TYPE_PALETTE ? 8 :
1271 png_ptr->usr_bit_depth);
1272
1273 if (sbit->red == 0 || sbit->red > maxbits ||
1274 sbit->green == 0 || sbit->green > maxbits ||
1275 sbit->blue == 0 || sbit->blue > maxbits)
1276 {
1277 png_warning(png_ptr, "Invalid sBIT depth specified");
1278 return;
1279 }
1280
1281 buf[0] = sbit->red;
1282 buf[1] = sbit->green;
1283 buf[2] = sbit->blue;
1284 size = 3;
1285 }
1286
1287 else
1288 {
1289 if (sbit->gray == 0 || sbit->gray > png_ptr->usr_bit_depth)
1290 {
1291 png_warning(png_ptr, "Invalid sBIT depth specified");
1292 return;
1293 }
1294
1295 buf[0] = sbit->gray;
1296 size = 1;
1297 }
1298
1299 if ((color_type & PNG_COLOR_MASK_ALPHA) != 0)
1300 {
1301 if (sbit->alpha == 0 || sbit->alpha > png_ptr->usr_bit_depth)
1302 {
1303 png_warning(png_ptr, "Invalid sBIT depth specified");
1304 return;
1305 }
1306
1307 buf[size++] = sbit->alpha;
1308 }
1309
1310 png_write_complete_chunk(png_ptr, png_sBIT, buf, size);
1311 }
1312 #endif
1313
1314 #ifdef PNG_WRITE_cHRM_SUPPORTED
1315 /* Write the cHRM chunk */
1316 void /* PRIVATE */
png_write_cHRM_fixed(png_structrp png_ptr,const png_xy * xy)1317 png_write_cHRM_fixed(png_structrp png_ptr, const png_xy *xy)
1318 {
1319 png_byte buf[32];
1320
1321 png_debug(1, "in png_write_cHRM");
1322
1323 /* Each value is saved in 1/100,000ths */
1324 png_save_int_32(buf, xy->whitex);
1325 png_save_int_32(buf + 4, xy->whitey);
1326
1327 png_save_int_32(buf + 8, xy->redx);
1328 png_save_int_32(buf + 12, xy->redy);
1329
1330 png_save_int_32(buf + 16, xy->greenx);
1331 png_save_int_32(buf + 20, xy->greeny);
1332
1333 png_save_int_32(buf + 24, xy->bluex);
1334 png_save_int_32(buf + 28, xy->bluey);
1335
1336 png_write_complete_chunk(png_ptr, png_cHRM, buf, 32);
1337 }
1338 #endif
1339
1340 #ifdef PNG_WRITE_tRNS_SUPPORTED
1341 /* Write the tRNS chunk */
1342 void /* PRIVATE */
png_write_tRNS(png_structrp png_ptr,png_const_bytep trans_alpha,png_const_color_16p tran,int num_trans,int color_type)1343 png_write_tRNS(png_structrp png_ptr, png_const_bytep trans_alpha,
1344 png_const_color_16p tran, int num_trans, int color_type)
1345 {
1346 png_byte buf[6];
1347
1348 png_debug(1, "in png_write_tRNS");
1349
1350 if (color_type == PNG_COLOR_TYPE_PALETTE)
1351 {
1352 if (num_trans <= 0 || num_trans > (int)png_ptr->num_palette)
1353 {
1354 png_app_warning(png_ptr,
1355 "Invalid number of transparent colors specified");
1356 return;
1357 }
1358
1359 /* Write the chunk out as it is */
1360 png_write_complete_chunk(png_ptr, png_tRNS, trans_alpha,
1361 (png_size_t)num_trans);
1362 }
1363
1364 else if (color_type == PNG_COLOR_TYPE_GRAY)
1365 {
1366 /* One 16-bit value */
1367 if (tran->gray >= (1 << png_ptr->bit_depth))
1368 {
1369 png_app_warning(png_ptr,
1370 "Ignoring attempt to write tRNS chunk out-of-range for bit_depth");
1371
1372 return;
1373 }
1374
1375 png_save_uint_16(buf, tran->gray);
1376 png_write_complete_chunk(png_ptr, png_tRNS, buf, (png_size_t)2);
1377 }
1378
1379 else if (color_type == PNG_COLOR_TYPE_RGB)
1380 {
1381 /* Three 16-bit values */
1382 png_save_uint_16(buf, tran->red);
1383 png_save_uint_16(buf + 2, tran->green);
1384 png_save_uint_16(buf + 4, tran->blue);
1385 #ifdef PNG_WRITE_16BIT_SUPPORTED
1386 if (png_ptr->bit_depth == 8 && (buf[0] | buf[2] | buf[4]) != 0)
1387 #else
1388 if ((buf[0] | buf[2] | buf[4]) != 0)
1389 #endif
1390 {
1391 png_app_warning(png_ptr,
1392 "Ignoring attempt to write 16-bit tRNS chunk when bit_depth is 8");
1393 return;
1394 }
1395
1396 png_write_complete_chunk(png_ptr, png_tRNS, buf, (png_size_t)6);
1397 }
1398
1399 else
1400 {
1401 png_app_warning(png_ptr, "Can't write tRNS with an alpha channel");
1402 }
1403 }
1404 #endif
1405
1406 #ifdef PNG_WRITE_bKGD_SUPPORTED
1407 /* Write the background chunk */
1408 void /* PRIVATE */
png_write_bKGD(png_structrp png_ptr,png_const_color_16p back,int color_type)1409 png_write_bKGD(png_structrp png_ptr, png_const_color_16p back, int color_type)
1410 {
1411 png_byte buf[6];
1412
1413 png_debug(1, "in png_write_bKGD");
1414
1415 if (color_type == PNG_COLOR_TYPE_PALETTE)
1416 {
1417 if (
1418 #ifdef PNG_MNG_FEATURES_SUPPORTED
1419 (png_ptr->num_palette != 0 ||
1420 (png_ptr->mng_features_permitted & PNG_FLAG_MNG_EMPTY_PLTE) == 0) &&
1421 #endif
1422 back->index >= png_ptr->num_palette)
1423 {
1424 png_warning(png_ptr, "Invalid background palette index");
1425 return;
1426 }
1427
1428 buf[0] = back->index;
1429 png_write_complete_chunk(png_ptr, png_bKGD, buf, (png_size_t)1);
1430 }
1431
1432 else if ((color_type & PNG_COLOR_MASK_COLOR) != 0)
1433 {
1434 png_save_uint_16(buf, back->red);
1435 png_save_uint_16(buf + 2, back->green);
1436 png_save_uint_16(buf + 4, back->blue);
1437 #ifdef PNG_WRITE_16BIT_SUPPORTED
1438 if (png_ptr->bit_depth == 8 && (buf[0] | buf[2] | buf[4]) != 0)
1439 #else
1440 if ((buf[0] | buf[2] | buf[4]) != 0)
1441 #endif
1442 {
1443 png_warning(png_ptr,
1444 "Ignoring attempt to write 16-bit bKGD chunk when bit_depth is 8");
1445
1446 return;
1447 }
1448
1449 png_write_complete_chunk(png_ptr, png_bKGD, buf, (png_size_t)6);
1450 }
1451
1452 else
1453 {
1454 if (back->gray >= (1 << png_ptr->bit_depth))
1455 {
1456 png_warning(png_ptr,
1457 "Ignoring attempt to write bKGD chunk out-of-range for bit_depth");
1458
1459 return;
1460 }
1461
1462 png_save_uint_16(buf, back->gray);
1463 png_write_complete_chunk(png_ptr, png_bKGD, buf, (png_size_t)2);
1464 }
1465 }
1466 #endif
1467
1468 #ifdef PNG_WRITE_hIST_SUPPORTED
1469 /* Write the histogram */
1470 void /* PRIVATE */
png_write_hIST(png_structrp png_ptr,png_const_uint_16p hist,int num_hist)1471 png_write_hIST(png_structrp png_ptr, png_const_uint_16p hist, int num_hist)
1472 {
1473 int i;
1474 png_byte buf[3];
1475
1476 png_debug(1, "in png_write_hIST");
1477
1478 if (num_hist > (int)png_ptr->num_palette)
1479 {
1480 png_debug2(3, "num_hist = %d, num_palette = %d", num_hist,
1481 png_ptr->num_palette);
1482
1483 png_warning(png_ptr, "Invalid number of histogram entries specified");
1484 return;
1485 }
1486
1487 png_write_chunk_header(png_ptr, png_hIST, (png_uint_32)(num_hist * 2));
1488
1489 for (i = 0; i < num_hist; i++)
1490 {
1491 png_save_uint_16(buf, hist[i]);
1492 png_write_chunk_data(png_ptr, buf, (png_size_t)2);
1493 }
1494
1495 png_write_chunk_end(png_ptr);
1496 }
1497 #endif
1498
1499 #ifdef PNG_WRITE_tEXt_SUPPORTED
1500 /* Write a tEXt chunk */
1501 void /* PRIVATE */
png_write_tEXt(png_structrp png_ptr,png_const_charp key,png_const_charp text,png_size_t text_len)1502 png_write_tEXt(png_structrp png_ptr, png_const_charp key, png_const_charp text,
1503 png_size_t text_len)
1504 {
1505 png_uint_32 key_len;
1506 png_byte new_key[80];
1507
1508 png_debug(1, "in png_write_tEXt");
1509
1510 key_len = png_check_keyword(png_ptr, key, new_key);
1511
1512 if (key_len == 0)
1513 png_error(png_ptr, "tEXt: invalid keyword");
1514
1515 if (text == NULL || *text == '\0')
1516 text_len = 0;
1517
1518 else
1519 text_len = strlen(text);
1520
1521 if (text_len > PNG_UINT_31_MAX - (key_len+1))
1522 png_error(png_ptr, "tEXt: text too long");
1523
1524 /* Make sure we include the 0 after the key */
1525 png_write_chunk_header(png_ptr, png_tEXt,
1526 (png_uint_32)/*checked above*/(key_len + text_len + 1));
1527 /*
1528 * We leave it to the application to meet PNG-1.0 requirements on the
1529 * contents of the text. PNG-1.0 through PNG-1.2 discourage the use of
1530 * any non-Latin-1 characters except for NEWLINE. ISO PNG will forbid them.
1531 * The NUL character is forbidden by PNG-1.0 through PNG-1.2 and ISO PNG.
1532 */
1533 png_write_chunk_data(png_ptr, new_key, key_len + 1);
1534
1535 if (text_len != 0)
1536 png_write_chunk_data(png_ptr, (png_const_bytep)text, text_len);
1537
1538 png_write_chunk_end(png_ptr);
1539 }
1540 #endif
1541
1542 #ifdef PNG_WRITE_zTXt_SUPPORTED
1543 /* Write a compressed text chunk */
1544 void /* PRIVATE */
png_write_zTXt(png_structrp png_ptr,png_const_charp key,png_const_charp text,int compression)1545 png_write_zTXt(png_structrp png_ptr, png_const_charp key, png_const_charp text,
1546 int compression)
1547 {
1548 png_uint_32 key_len;
1549 png_byte new_key[81];
1550 compression_state comp;
1551
1552 png_debug(1, "in png_write_zTXt");
1553
1554 if (compression == PNG_TEXT_COMPRESSION_NONE)
1555 {
1556 png_write_tEXt(png_ptr, key, text, 0);
1557 return;
1558 }
1559
1560 if (compression != PNG_TEXT_COMPRESSION_zTXt)
1561 png_error(png_ptr, "zTXt: invalid compression type");
1562
1563 key_len = png_check_keyword(png_ptr, key, new_key);
1564
1565 if (key_len == 0)
1566 png_error(png_ptr, "zTXt: invalid keyword");
1567
1568 /* Add the compression method and 1 for the keyword separator. */
1569 new_key[++key_len] = PNG_COMPRESSION_TYPE_BASE;
1570 ++key_len;
1571
1572 /* Compute the compressed data; do it now for the length */
1573 png_text_compress_init(&comp, (png_const_bytep)text,
1574 text == NULL ? 0 : strlen(text));
1575
1576 if (png_text_compress(png_ptr, png_zTXt, &comp, key_len) != Z_OK)
1577 png_error(png_ptr, png_ptr->zstream.msg);
1578
1579 /* Write start of chunk */
1580 png_write_chunk_header(png_ptr, png_zTXt, key_len + comp.output_len);
1581
1582 /* Write key */
1583 png_write_chunk_data(png_ptr, new_key, key_len);
1584
1585 /* Write the compressed data */
1586 png_write_compressed_data_out(png_ptr, &comp);
1587
1588 /* Close the chunk */
1589 png_write_chunk_end(png_ptr);
1590 }
1591 #endif
1592
1593 #ifdef PNG_WRITE_iTXt_SUPPORTED
1594 /* Write an iTXt chunk */
1595 void /* PRIVATE */
png_write_iTXt(png_structrp png_ptr,int compression,png_const_charp key,png_const_charp lang,png_const_charp lang_key,png_const_charp text)1596 png_write_iTXt(png_structrp png_ptr, int compression, png_const_charp key,
1597 png_const_charp lang, png_const_charp lang_key, png_const_charp text)
1598 {
1599 png_uint_32 key_len, prefix_len;
1600 png_size_t lang_len, lang_key_len;
1601 png_byte new_key[82];
1602 compression_state comp;
1603
1604 png_debug(1, "in png_write_iTXt");
1605
1606 key_len = png_check_keyword(png_ptr, key, new_key);
1607
1608 if (key_len == 0)
1609 png_error(png_ptr, "iTXt: invalid keyword");
1610
1611 /* Set the compression flag */
1612 switch (compression)
1613 {
1614 case PNG_ITXT_COMPRESSION_NONE:
1615 case PNG_TEXT_COMPRESSION_NONE:
1616 compression = new_key[++key_len] = 0; /* no compression */
1617 break;
1618
1619 case PNG_TEXT_COMPRESSION_zTXt:
1620 case PNG_ITXT_COMPRESSION_zTXt:
1621 compression = new_key[++key_len] = 1; /* compressed */
1622 break;
1623
1624 default:
1625 png_error(png_ptr, "iTXt: invalid compression");
1626 }
1627
1628 new_key[++key_len] = PNG_COMPRESSION_TYPE_BASE;
1629 ++key_len; /* for the keywod separator */
1630
1631 /* We leave it to the application to meet PNG-1.0 requirements on the
1632 * contents of the text. PNG-1.0 through PNG-1.2 discourage the use of
1633 * any non-Latin-1 characters except for NEWLINE. ISO PNG, however,
1634 * specifies that the text is UTF-8 and this really doesn't require any
1635 * checking.
1636 *
1637 * The NUL character is forbidden by PNG-1.0 through PNG-1.2 and ISO PNG.
1638 *
1639 * TODO: validate the language tag correctly (see the spec.)
1640 */
1641 if (lang == NULL) lang = ""; /* empty language is valid */
1642 lang_len = strlen(lang)+1;
1643 if (lang_key == NULL) lang_key = ""; /* may be empty */
1644 lang_key_len = strlen(lang_key)+1;
1645 if (text == NULL) text = ""; /* may be empty */
1646
1647 prefix_len = key_len;
1648 if (lang_len > PNG_UINT_31_MAX-prefix_len)
1649 prefix_len = PNG_UINT_31_MAX;
1650 else
1651 prefix_len = (png_uint_32)(prefix_len + lang_len);
1652
1653 if (lang_key_len > PNG_UINT_31_MAX-prefix_len)
1654 prefix_len = PNG_UINT_31_MAX;
1655 else
1656 prefix_len = (png_uint_32)(prefix_len + lang_key_len);
1657
1658 png_text_compress_init(&comp, (png_const_bytep)text, strlen(text));
1659
1660 if (compression != 0)
1661 {
1662 if (png_text_compress(png_ptr, png_iTXt, &comp, prefix_len) != Z_OK)
1663 png_error(png_ptr, png_ptr->zstream.msg);
1664 }
1665
1666 else
1667 {
1668 if (comp.input_len > PNG_UINT_31_MAX-prefix_len)
1669 png_error(png_ptr, "iTXt: uncompressed text too long");
1670
1671 /* So the string will fit in a chunk: */
1672 comp.output_len = (png_uint_32)/*SAFE*/comp.input_len;
1673 }
1674
1675 png_write_chunk_header(png_ptr, png_iTXt, comp.output_len + prefix_len);
1676
1677 png_write_chunk_data(png_ptr, new_key, key_len);
1678
1679 png_write_chunk_data(png_ptr, (png_const_bytep)lang, lang_len);
1680
1681 png_write_chunk_data(png_ptr, (png_const_bytep)lang_key, lang_key_len);
1682
1683 if (compression != 0)
1684 png_write_compressed_data_out(png_ptr, &comp);
1685
1686 else
1687 png_write_chunk_data(png_ptr, (png_const_bytep)text, comp.output_len);
1688
1689 png_write_chunk_end(png_ptr);
1690 }
1691 #endif
1692
1693 #ifdef PNG_WRITE_oFFs_SUPPORTED
1694 /* Write the oFFs chunk */
1695 void /* PRIVATE */
png_write_oFFs(png_structrp png_ptr,png_int_32 x_offset,png_int_32 y_offset,int unit_type)1696 png_write_oFFs(png_structrp png_ptr, png_int_32 x_offset, png_int_32 y_offset,
1697 int unit_type)
1698 {
1699 png_byte buf[9];
1700
1701 png_debug(1, "in png_write_oFFs");
1702
1703 if (unit_type >= PNG_OFFSET_LAST)
1704 png_warning(png_ptr, "Unrecognized unit type for oFFs chunk");
1705
1706 png_save_int_32(buf, x_offset);
1707 png_save_int_32(buf + 4, y_offset);
1708 buf[8] = (png_byte)unit_type;
1709
1710 png_write_complete_chunk(png_ptr, png_oFFs, buf, (png_size_t)9);
1711 }
1712 #endif
1713 #ifdef PNG_WRITE_pCAL_SUPPORTED
1714 /* Write the pCAL chunk (described in the PNG extensions document) */
1715 void /* PRIVATE */
png_write_pCAL(png_structrp png_ptr,png_charp purpose,png_int_32 X0,png_int_32 X1,int type,int nparams,png_const_charp units,png_charpp params)1716 png_write_pCAL(png_structrp png_ptr, png_charp purpose, png_int_32 X0,
1717 png_int_32 X1, int type, int nparams, png_const_charp units,
1718 png_charpp params)
1719 {
1720 png_uint_32 purpose_len;
1721 png_size_t units_len, total_len;
1722 png_size_tp params_len;
1723 png_byte buf[10];
1724 png_byte new_purpose[80];
1725 int i;
1726
1727 png_debug1(1, "in png_write_pCAL (%d parameters)", nparams);
1728
1729 if (type >= PNG_EQUATION_LAST)
1730 png_error(png_ptr, "Unrecognized equation type for pCAL chunk");
1731
1732 purpose_len = png_check_keyword(png_ptr, purpose, new_purpose);
1733
1734 if (purpose_len == 0)
1735 png_error(png_ptr, "pCAL: invalid keyword");
1736
1737 ++purpose_len; /* terminator */
1738
1739 png_debug1(3, "pCAL purpose length = %d", (int)purpose_len);
1740 units_len = strlen(units) + (nparams == 0 ? 0 : 1);
1741 png_debug1(3, "pCAL units length = %d", (int)units_len);
1742 total_len = purpose_len + units_len + 10;
1743
1744 params_len = (png_size_tp)png_malloc(png_ptr,
1745 (png_alloc_size_t)(nparams * (sizeof (png_size_t))));
1746
1747 /* Find the length of each parameter, making sure we don't count the
1748 * null terminator for the last parameter.
1749 */
1750 for (i = 0; i < nparams; i++)
1751 {
1752 params_len[i] = strlen(params[i]) + (i == nparams - 1 ? 0 : 1);
1753 png_debug2(3, "pCAL parameter %d length = %lu", i,
1754 (unsigned long)params_len[i]);
1755 total_len += params_len[i];
1756 }
1757
1758 png_debug1(3, "pCAL total length = %d", (int)total_len);
1759 png_write_chunk_header(png_ptr, png_pCAL, (png_uint_32)total_len);
1760 png_write_chunk_data(png_ptr, new_purpose, purpose_len);
1761 png_save_int_32(buf, X0);
1762 png_save_int_32(buf + 4, X1);
1763 buf[8] = (png_byte)type;
1764 buf[9] = (png_byte)nparams;
1765 png_write_chunk_data(png_ptr, buf, (png_size_t)10);
1766 png_write_chunk_data(png_ptr, (png_const_bytep)units, (png_size_t)units_len);
1767
1768 for (i = 0; i < nparams; i++)
1769 {
1770 png_write_chunk_data(png_ptr, (png_const_bytep)params[i], params_len[i]);
1771 }
1772
1773 png_free(png_ptr, params_len);
1774 png_write_chunk_end(png_ptr);
1775 }
1776 #endif
1777
1778 #ifdef PNG_WRITE_sCAL_SUPPORTED
1779 /* Write the sCAL chunk */
1780 void /* PRIVATE */
png_write_sCAL_s(png_structrp png_ptr,int unit,png_const_charp width,png_const_charp height)1781 png_write_sCAL_s(png_structrp png_ptr, int unit, png_const_charp width,
1782 png_const_charp height)
1783 {
1784 png_byte buf[64];
1785 png_size_t wlen, hlen, total_len;
1786
1787 png_debug(1, "in png_write_sCAL_s");
1788
1789 wlen = strlen(width);
1790 hlen = strlen(height);
1791 total_len = wlen + hlen + 2;
1792
1793 if (total_len > 64)
1794 {
1795 png_warning(png_ptr, "Can't write sCAL (buffer too small)");
1796 return;
1797 }
1798
1799 buf[0] = (png_byte)unit;
1800 memcpy(buf + 1, width, wlen + 1); /* Append the '\0' here */
1801 memcpy(buf + wlen + 2, height, hlen); /* Do NOT append the '\0' here */
1802
1803 png_debug1(3, "sCAL total length = %u", (unsigned int)total_len);
1804 png_write_complete_chunk(png_ptr, png_sCAL, buf, total_len);
1805 }
1806 #endif
1807
1808 #ifdef PNG_WRITE_pHYs_SUPPORTED
1809 /* Write the pHYs chunk */
1810 void /* PRIVATE */
png_write_pHYs(png_structrp png_ptr,png_uint_32 x_pixels_per_unit,png_uint_32 y_pixels_per_unit,int unit_type)1811 png_write_pHYs(png_structrp png_ptr, png_uint_32 x_pixels_per_unit,
1812 png_uint_32 y_pixels_per_unit,
1813 int unit_type)
1814 {
1815 png_byte buf[9];
1816
1817 png_debug(1, "in png_write_pHYs");
1818
1819 if (unit_type >= PNG_RESOLUTION_LAST)
1820 png_warning(png_ptr, "Unrecognized unit type for pHYs chunk");
1821
1822 png_save_uint_32(buf, x_pixels_per_unit);
1823 png_save_uint_32(buf + 4, y_pixels_per_unit);
1824 buf[8] = (png_byte)unit_type;
1825
1826 png_write_complete_chunk(png_ptr, png_pHYs, buf, (png_size_t)9);
1827 }
1828 #endif
1829
1830 #ifdef PNG_WRITE_tIME_SUPPORTED
1831 /* Write the tIME chunk. Use either png_convert_from_struct_tm()
1832 * or png_convert_from_time_t(), or fill in the structure yourself.
1833 */
1834 void /* PRIVATE */
png_write_tIME(png_structrp png_ptr,png_const_timep mod_time)1835 png_write_tIME(png_structrp png_ptr, png_const_timep mod_time)
1836 {
1837 png_byte buf[7];
1838
1839 png_debug(1, "in png_write_tIME");
1840
1841 if (mod_time->month > 12 || mod_time->month < 1 ||
1842 mod_time->day > 31 || mod_time->day < 1 ||
1843 mod_time->hour > 23 || mod_time->second > 60)
1844 {
1845 png_warning(png_ptr, "Invalid time specified for tIME chunk");
1846 return;
1847 }
1848
1849 png_save_uint_16(buf, mod_time->year);
1850 buf[2] = mod_time->month;
1851 buf[3] = mod_time->day;
1852 buf[4] = mod_time->hour;
1853 buf[5] = mod_time->minute;
1854 buf[6] = mod_time->second;
1855
1856 png_write_complete_chunk(png_ptr, png_tIME, buf, (png_size_t)7);
1857 }
1858 #endif
1859
1860 /* Initializes the row writing capability of libpng */
1861 void /* PRIVATE */
png_write_start_row(png_structrp png_ptr)1862 png_write_start_row(png_structrp png_ptr)
1863 {
1864 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
1865 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
1866
1867 /* Start of interlace block */
1868 static PNG_CONST png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
1869
1870 /* Offset to next interlace block */
1871 static PNG_CONST png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
1872
1873 /* Start of interlace block in the y direction */
1874 static PNG_CONST png_byte png_pass_ystart[7] = {0, 0, 4, 0, 2, 0, 1};
1875
1876 /* Offset to next interlace block in the y direction */
1877 static PNG_CONST png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
1878 #endif
1879
1880 png_alloc_size_t buf_size;
1881 int usr_pixel_depth;
1882
1883 #ifdef PNG_WRITE_FILTER_SUPPORTED
1884 png_byte filters;
1885 #endif
1886
1887 png_debug(1, "in png_write_start_row");
1888
1889 usr_pixel_depth = png_ptr->usr_channels * png_ptr->usr_bit_depth;
1890 buf_size = PNG_ROWBYTES(usr_pixel_depth, png_ptr->width) + 1;
1891
1892 /* 1.5.6: added to allow checking in the row write code. */
1893 png_ptr->transformed_pixel_depth = png_ptr->pixel_depth;
1894 png_ptr->maximum_pixel_depth = (png_byte)usr_pixel_depth;
1895
1896 /* Set up row buffer */
1897 png_ptr->row_buf = png_voidcast(png_bytep, png_malloc(png_ptr, buf_size));
1898
1899 png_ptr->row_buf[0] = PNG_FILTER_VALUE_NONE;
1900
1901 #ifdef PNG_WRITE_FILTER_SUPPORTED
1902 filters = png_ptr->do_filter;
1903
1904 if (png_ptr->height == 1)
1905 filters &= 0xff & ~(PNG_FILTER_UP|PNG_FILTER_AVG|PNG_FILTER_PAETH);
1906
1907 if (png_ptr->width == 1)
1908 filters &= 0xff & ~(PNG_FILTER_SUB|PNG_FILTER_AVG|PNG_FILTER_PAETH);
1909
1910 if (filters == 0)
1911 filters = PNG_FILTER_NONE;
1912
1913 png_ptr->do_filter = filters;
1914
1915 if (((filters & (PNG_FILTER_SUB | PNG_FILTER_UP | PNG_FILTER_AVG |
1916 PNG_FILTER_PAETH)) != 0) && png_ptr->try_row == NULL)
1917 {
1918 int num_filters = 0;
1919
1920 png_ptr->try_row = png_voidcast(png_bytep, png_malloc(png_ptr, buf_size));
1921
1922 if (filters & PNG_FILTER_SUB)
1923 num_filters++;
1924
1925 if (filters & PNG_FILTER_UP)
1926 num_filters++;
1927
1928 if (filters & PNG_FILTER_AVG)
1929 num_filters++;
1930
1931 if (filters & PNG_FILTER_PAETH)
1932 num_filters++;
1933
1934 if (num_filters > 1)
1935 png_ptr->tst_row = png_voidcast(png_bytep, png_malloc(png_ptr,
1936 buf_size));
1937 }
1938
1939 /* We only need to keep the previous row if we are using one of the following
1940 * filters.
1941 */
1942 if ((filters & (PNG_FILTER_AVG | PNG_FILTER_UP | PNG_FILTER_PAETH)) != 0)
1943 png_ptr->prev_row = png_voidcast(png_bytep,
1944 png_calloc(png_ptr, buf_size));
1945 #endif /* WRITE_FILTER */
1946
1947 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
1948 /* If interlaced, we need to set up width and height of pass */
1949 if (png_ptr->interlaced != 0)
1950 {
1951 if ((png_ptr->transformations & PNG_INTERLACE) == 0)
1952 {
1953 png_ptr->num_rows = (png_ptr->height + png_pass_yinc[0] - 1 -
1954 png_pass_ystart[0]) / png_pass_yinc[0];
1955
1956 png_ptr->usr_width = (png_ptr->width + png_pass_inc[0] - 1 -
1957 png_pass_start[0]) / png_pass_inc[0];
1958 }
1959
1960 else
1961 {
1962 png_ptr->num_rows = png_ptr->height;
1963 png_ptr->usr_width = png_ptr->width;
1964 }
1965 }
1966
1967 else
1968 #endif
1969 {
1970 png_ptr->num_rows = png_ptr->height;
1971 png_ptr->usr_width = png_ptr->width;
1972 }
1973 }
1974
1975 /* Internal use only. Called when finished processing a row of data. */
1976 void /* PRIVATE */
png_write_finish_row(png_structrp png_ptr)1977 png_write_finish_row(png_structrp png_ptr)
1978 {
1979 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
1980 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
1981
1982 /* Start of interlace block */
1983 static PNG_CONST png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
1984
1985 /* Offset to next interlace block */
1986 static PNG_CONST png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
1987
1988 /* Start of interlace block in the y direction */
1989 static PNG_CONST png_byte png_pass_ystart[7] = {0, 0, 4, 0, 2, 0, 1};
1990
1991 /* Offset to next interlace block in the y direction */
1992 static PNG_CONST png_byte png_pass_yinc[7] = {8, 8, 8, 4, 4, 2, 2};
1993 #endif
1994
1995 png_debug(1, "in png_write_finish_row");
1996
1997 /* Next row */
1998 png_ptr->row_number++;
1999
2000 /* See if we are done */
2001 if (png_ptr->row_number < png_ptr->num_rows)
2002 return;
2003
2004 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
2005 /* If interlaced, go to next pass */
2006 if (png_ptr->interlaced != 0)
2007 {
2008 png_ptr->row_number = 0;
2009 if ((png_ptr->transformations & PNG_INTERLACE) != 0)
2010 {
2011 png_ptr->pass++;
2012 }
2013
2014 else
2015 {
2016 /* Loop until we find a non-zero width or height pass */
2017 do
2018 {
2019 png_ptr->pass++;
2020
2021 if (png_ptr->pass >= 7)
2022 break;
2023
2024 png_ptr->usr_width = (png_ptr->width +
2025 png_pass_inc[png_ptr->pass] - 1 -
2026 png_pass_start[png_ptr->pass]) /
2027 png_pass_inc[png_ptr->pass];
2028
2029 png_ptr->num_rows = (png_ptr->height +
2030 png_pass_yinc[png_ptr->pass] - 1 -
2031 png_pass_ystart[png_ptr->pass]) /
2032 png_pass_yinc[png_ptr->pass];
2033
2034 if ((png_ptr->transformations & PNG_INTERLACE) != 0)
2035 break;
2036
2037 } while (png_ptr->usr_width == 0 || png_ptr->num_rows == 0);
2038
2039 }
2040
2041 /* Reset the row above the image for the next pass */
2042 if (png_ptr->pass < 7)
2043 {
2044 if (png_ptr->prev_row != NULL)
2045 memset(png_ptr->prev_row, 0,
2046 (png_size_t)(PNG_ROWBYTES(png_ptr->usr_channels*
2047 png_ptr->usr_bit_depth, png_ptr->width)) + 1);
2048
2049 return;
2050 }
2051 }
2052 #endif
2053
2054 /* If we get here, we've just written the last row, so we need
2055 to flush the compressor */
2056 png_compress_IDAT(png_ptr, NULL, 0, Z_FINISH);
2057 }
2058
2059 #ifdef PNG_WRITE_INTERLACING_SUPPORTED
2060 /* Pick out the correct pixels for the interlace pass.
2061 * The basic idea here is to go through the row with a source
2062 * pointer and a destination pointer (sp and dp), and copy the
2063 * correct pixels for the pass. As the row gets compacted,
2064 * sp will always be >= dp, so we should never overwrite anything.
2065 * See the default: case for the easiest code to understand.
2066 */
2067 void /* PRIVATE */
png_do_write_interlace(png_row_infop row_info,png_bytep row,int pass)2068 png_do_write_interlace(png_row_infop row_info, png_bytep row, int pass)
2069 {
2070 /* Arrays to facilitate easy interlacing - use pass (0 - 6) as index */
2071
2072 /* Start of interlace block */
2073 static PNG_CONST png_byte png_pass_start[7] = {0, 4, 0, 2, 0, 1, 0};
2074
2075 /* Offset to next interlace block */
2076 static PNG_CONST png_byte png_pass_inc[7] = {8, 8, 4, 4, 2, 2, 1};
2077
2078 png_debug(1, "in png_do_write_interlace");
2079
2080 /* We don't have to do anything on the last pass (6) */
2081 if (pass < 6)
2082 {
2083 /* Each pixel depth is handled separately */
2084 switch (row_info->pixel_depth)
2085 {
2086 case 1:
2087 {
2088 png_bytep sp;
2089 png_bytep dp;
2090 unsigned int shift;
2091 int d;
2092 int value;
2093 png_uint_32 i;
2094 png_uint_32 row_width = row_info->width;
2095
2096 dp = row;
2097 d = 0;
2098 shift = 7;
2099
2100 for (i = png_pass_start[pass]; i < row_width;
2101 i += png_pass_inc[pass])
2102 {
2103 sp = row + (png_size_t)(i >> 3);
2104 value = (int)(*sp >> (7 - (int)(i & 0x07))) & 0x01;
2105 d |= (value << shift);
2106
2107 if (shift == 0)
2108 {
2109 shift = 7;
2110 *dp++ = (png_byte)d;
2111 d = 0;
2112 }
2113
2114 else
2115 shift--;
2116
2117 }
2118 if (shift != 7)
2119 *dp = (png_byte)d;
2120
2121 break;
2122 }
2123
2124 case 2:
2125 {
2126 png_bytep sp;
2127 png_bytep dp;
2128 unsigned int shift;
2129 int d;
2130 int value;
2131 png_uint_32 i;
2132 png_uint_32 row_width = row_info->width;
2133
2134 dp = row;
2135 shift = 6;
2136 d = 0;
2137
2138 for (i = png_pass_start[pass]; i < row_width;
2139 i += png_pass_inc[pass])
2140 {
2141 sp = row + (png_size_t)(i >> 2);
2142 value = (*sp >> ((3 - (int)(i & 0x03)) << 1)) & 0x03;
2143 d |= (value << shift);
2144
2145 if (shift == 0)
2146 {
2147 shift = 6;
2148 *dp++ = (png_byte)d;
2149 d = 0;
2150 }
2151
2152 else
2153 shift -= 2;
2154 }
2155 if (shift != 6)
2156 *dp = (png_byte)d;
2157
2158 break;
2159 }
2160
2161 case 4:
2162 {
2163 png_bytep sp;
2164 png_bytep dp;
2165 unsigned int shift;
2166 int d;
2167 int value;
2168 png_uint_32 i;
2169 png_uint_32 row_width = row_info->width;
2170
2171 dp = row;
2172 shift = 4;
2173 d = 0;
2174 for (i = png_pass_start[pass]; i < row_width;
2175 i += png_pass_inc[pass])
2176 {
2177 sp = row + (png_size_t)(i >> 1);
2178 value = (*sp >> ((1 - (int)(i & 0x01)) << 2)) & 0x0f;
2179 d |= (value << shift);
2180
2181 if (shift == 0)
2182 {
2183 shift = 4;
2184 *dp++ = (png_byte)d;
2185 d = 0;
2186 }
2187
2188 else
2189 shift -= 4;
2190 }
2191 if (shift != 4)
2192 *dp = (png_byte)d;
2193
2194 break;
2195 }
2196
2197 default:
2198 {
2199 png_bytep sp;
2200 png_bytep dp;
2201 png_uint_32 i;
2202 png_uint_32 row_width = row_info->width;
2203 png_size_t pixel_bytes;
2204
2205 /* Start at the beginning */
2206 dp = row;
2207
2208 /* Find out how many bytes each pixel takes up */
2209 pixel_bytes = (row_info->pixel_depth >> 3);
2210
2211 /* Loop through the row, only looking at the pixels that matter */
2212 for (i = png_pass_start[pass]; i < row_width;
2213 i += png_pass_inc[pass])
2214 {
2215 /* Find out where the original pixel is */
2216 sp = row + (png_size_t)i * pixel_bytes;
2217
2218 /* Move the pixel */
2219 if (dp != sp)
2220 memcpy(dp, sp, pixel_bytes);
2221
2222 /* Next pixel */
2223 dp += pixel_bytes;
2224 }
2225 break;
2226 }
2227 }
2228 /* Set new row width */
2229 row_info->width = (row_info->width +
2230 png_pass_inc[pass] - 1 -
2231 png_pass_start[pass]) /
2232 png_pass_inc[pass];
2233
2234 row_info->rowbytes = PNG_ROWBYTES(row_info->pixel_depth,
2235 row_info->width);
2236 }
2237 }
2238 #endif
2239
2240
2241 /* This filters the row, chooses which filter to use, if it has not already
2242 * been specified by the application, and then writes the row out with the
2243 * chosen filter.
2244 */
2245 static void /* PRIVATE */
2246 png_write_filtered_row(png_structrp png_ptr, png_bytep filtered_row,
2247 png_size_t row_bytes);
2248
2249 #ifdef PNG_WRITE_FILTER_SUPPORTED
2250 static png_size_t /* PRIVATE */
png_setup_sub_row(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes,const png_size_t lmins)2251 png_setup_sub_row(png_structrp png_ptr, const png_uint_32 bpp,
2252 const png_size_t row_bytes, const png_size_t lmins)
2253 {
2254 png_bytep rp, dp, lp;
2255 png_size_t i;
2256 png_size_t sum = 0;
2257 int v;
2258
2259 png_ptr->try_row[0] = PNG_FILTER_VALUE_SUB;
2260
2261 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1; i < bpp;
2262 i++, rp++, dp++)
2263 {
2264 v = *dp = *rp;
2265 sum += (v < 128) ? v : 256 - v;
2266 }
2267
2268 for (lp = png_ptr->row_buf + 1; i < row_bytes;
2269 i++, rp++, lp++, dp++)
2270 {
2271 v = *dp = (png_byte)(((int)*rp - (int)*lp) & 0xff);
2272 sum += (v < 128) ? v : 256 - v;
2273
2274 if (sum > lmins) /* We are already worse, don't continue. */
2275 break;
2276 }
2277
2278 return (sum);
2279 }
2280
2281 static void /* PRIVATE */
png_setup_sub_row_only(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes)2282 png_setup_sub_row_only(png_structrp png_ptr, const png_uint_32 bpp,
2283 const png_size_t row_bytes)
2284 {
2285 png_bytep rp, dp, lp;
2286 png_size_t i;
2287
2288 png_ptr->try_row[0] = PNG_FILTER_VALUE_SUB;
2289
2290 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1; i < bpp;
2291 i++, rp++, dp++)
2292 {
2293 *dp = *rp;
2294 }
2295
2296 for (lp = png_ptr->row_buf + 1; i < row_bytes;
2297 i++, rp++, lp++, dp++)
2298 {
2299 *dp = (png_byte)(((int)*rp - (int)*lp) & 0xff);
2300 }
2301 }
2302
2303 static png_size_t /* PRIVATE */
png_setup_up_row(png_structrp png_ptr,const png_size_t row_bytes,const png_size_t lmins)2304 png_setup_up_row(png_structrp png_ptr, const png_size_t row_bytes,
2305 const png_size_t lmins)
2306 {
2307 png_bytep rp, dp, pp;
2308 png_size_t i;
2309 png_size_t sum = 0;
2310 int v;
2311
2312 png_ptr->try_row[0] = PNG_FILTER_VALUE_UP;
2313
2314 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2315 pp = png_ptr->prev_row + 1; i < row_bytes;
2316 i++, rp++, pp++, dp++)
2317 {
2318 v = *dp = (png_byte)(((int)*rp - (int)*pp) & 0xff);
2319 sum += (v < 128) ? v : 256 - v;
2320
2321 if (sum > lmins) /* We are already worse, don't continue. */
2322 break;
2323 }
2324
2325 return (sum);
2326 }
2327 static void /* PRIVATE */
png_setup_up_row_only(png_structrp png_ptr,const png_size_t row_bytes)2328 png_setup_up_row_only(png_structrp png_ptr, const png_size_t row_bytes)
2329 {
2330 png_bytep rp, dp, pp;
2331 png_size_t i;
2332
2333 png_ptr->try_row[0] = PNG_FILTER_VALUE_UP;
2334
2335 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2336 pp = png_ptr->prev_row + 1; i < row_bytes;
2337 i++, rp++, pp++, dp++)
2338 {
2339 *dp = (png_byte)(((int)*rp - (int)*pp) & 0xff);
2340 }
2341 }
2342
2343 static png_size_t /* PRIVATE */
png_setup_avg_row(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes,const png_size_t lmins)2344 png_setup_avg_row(png_structrp png_ptr, const png_uint_32 bpp,
2345 const png_size_t row_bytes, const png_size_t lmins)
2346 {
2347 png_bytep rp, dp, pp, lp;
2348 png_uint_32 i;
2349 png_size_t sum = 0;
2350 int v;
2351
2352 png_ptr->try_row[0] = PNG_FILTER_VALUE_AVG;
2353
2354 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2355 pp = png_ptr->prev_row + 1; i < bpp; i++)
2356 {
2357 v = *dp++ = (png_byte)(((int)*rp++ - ((int)*pp++ / 2)) & 0xff);
2358
2359 sum += (v < 128) ? v : 256 - v;
2360 }
2361
2362 for (lp = png_ptr->row_buf + 1; i < row_bytes; i++)
2363 {
2364 v = *dp++ = (png_byte)(((int)*rp++ - (((int)*pp++ + (int)*lp++) / 2))
2365 & 0xff);
2366
2367 sum += (v < 128) ? v : 256 - v;
2368
2369 if (sum > lmins) /* We are already worse, don't continue. */
2370 break;
2371 }
2372
2373 return (sum);
2374 }
2375 static void /* PRIVATE */
png_setup_avg_row_only(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes)2376 png_setup_avg_row_only(png_structrp png_ptr, const png_uint_32 bpp,
2377 const png_size_t row_bytes)
2378 {
2379 png_bytep rp, dp, pp, lp;
2380 png_uint_32 i;
2381
2382 png_ptr->try_row[0] = PNG_FILTER_VALUE_AVG;
2383
2384 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2385 pp = png_ptr->prev_row + 1; i < bpp; i++)
2386 {
2387 *dp++ = (png_byte)(((int)*rp++ - ((int)*pp++ / 2)) & 0xff);
2388 }
2389
2390 for (lp = png_ptr->row_buf + 1; i < row_bytes; i++)
2391 {
2392 *dp++ = (png_byte)(((int)*rp++ - (((int)*pp++ + (int)*lp++) / 2))
2393 & 0xff);
2394 }
2395 }
2396
2397 static png_size_t /* PRIVATE */
png_setup_paeth_row(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes,const png_size_t lmins)2398 png_setup_paeth_row(png_structrp png_ptr, const png_uint_32 bpp,
2399 const png_size_t row_bytes, const png_size_t lmins)
2400 {
2401 png_bytep rp, dp, pp, cp, lp;
2402 png_size_t i;
2403 png_size_t sum = 0;
2404 int v;
2405
2406 png_ptr->try_row[0] = PNG_FILTER_VALUE_PAETH;
2407
2408 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2409 pp = png_ptr->prev_row + 1; i < bpp; i++)
2410 {
2411 v = *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff);
2412
2413 sum += (v < 128) ? v : 256 - v;
2414 }
2415
2416 for (lp = png_ptr->row_buf + 1, cp = png_ptr->prev_row + 1; i < row_bytes;
2417 i++)
2418 {
2419 int a, b, c, pa, pb, pc, p;
2420
2421 b = *pp++;
2422 c = *cp++;
2423 a = *lp++;
2424
2425 p = b - c;
2426 pc = a - c;
2427
2428 #ifdef PNG_USE_ABS
2429 pa = abs(p);
2430 pb = abs(pc);
2431 pc = abs(p + pc);
2432 #else
2433 pa = p < 0 ? -p : p;
2434 pb = pc < 0 ? -pc : pc;
2435 pc = (p + pc) < 0 ? -(p + pc) : p + pc;
2436 #endif
2437
2438 p = (pa <= pb && pa <=pc) ? a : (pb <= pc) ? b : c;
2439
2440 v = *dp++ = (png_byte)(((int)*rp++ - p) & 0xff);
2441
2442 sum += (v < 128) ? v : 256 - v;
2443
2444 if (sum > lmins) /* We are already worse, don't continue. */
2445 break;
2446 }
2447
2448 return (sum);
2449 }
2450 static void /* PRIVATE */
png_setup_paeth_row_only(png_structrp png_ptr,const png_uint_32 bpp,const png_size_t row_bytes)2451 png_setup_paeth_row_only(png_structrp png_ptr, const png_uint_32 bpp,
2452 const png_size_t row_bytes)
2453 {
2454 png_bytep rp, dp, pp, cp, lp;
2455 png_size_t i;
2456
2457 png_ptr->try_row[0] = PNG_FILTER_VALUE_PAETH;
2458
2459 for (i = 0, rp = png_ptr->row_buf + 1, dp = png_ptr->try_row + 1,
2460 pp = png_ptr->prev_row + 1; i < bpp; i++)
2461 {
2462 *dp++ = (png_byte)(((int)*rp++ - (int)*pp++) & 0xff);
2463 }
2464
2465 for (lp = png_ptr->row_buf + 1, cp = png_ptr->prev_row + 1; i < row_bytes;
2466 i++)
2467 {
2468 int a, b, c, pa, pb, pc, p;
2469
2470 b = *pp++;
2471 c = *cp++;
2472 a = *lp++;
2473
2474 p = b - c;
2475 pc = a - c;
2476
2477 #ifdef PNG_USE_ABS
2478 pa = abs(p);
2479 pb = abs(pc);
2480 pc = abs(p + pc);
2481 #else
2482 pa = p < 0 ? -p : p;
2483 pb = pc < 0 ? -pc : pc;
2484 pc = (p + pc) < 0 ? -(p + pc) : p + pc;
2485 #endif
2486
2487 p = (pa <= pb && pa <=pc) ? a : (pb <= pc) ? b : c;
2488
2489 *dp++ = (png_byte)(((int)*rp++ - p) & 0xff);
2490 }
2491 }
2492 #endif /* WRITE_FILTER */
2493
2494 void /* PRIVATE */
png_write_find_filter(png_structrp png_ptr,png_row_infop row_info)2495 png_write_find_filter(png_structrp png_ptr, png_row_infop row_info)
2496 {
2497 #ifndef PNG_WRITE_FILTER_SUPPORTED
2498 png_write_filtered_row(png_ptr, png_ptr->row_buf, row_info->rowbytes+1);
2499 #else
2500 unsigned int filter_to_do = png_ptr->do_filter;
2501 png_bytep row_buf;
2502 png_bytep best_row;
2503 png_uint_32 bpp;
2504 png_size_t mins;
2505 png_size_t row_bytes = row_info->rowbytes;
2506
2507 png_debug(1, "in png_write_find_filter");
2508
2509 /* Find out how many bytes offset each pixel is */
2510 bpp = (row_info->pixel_depth + 7) >> 3;
2511
2512 row_buf = png_ptr->row_buf;
2513 mins = PNG_SIZE_MAX - 256/* so we can detect potential overflow of the
2514 running sum */;
2515
2516 /* The prediction method we use is to find which method provides the
2517 * smallest value when summing the absolute values of the distances
2518 * from zero, using anything >= 128 as negative numbers. This is known
2519 * as the "minimum sum of absolute differences" heuristic. Other
2520 * heuristics are the "weighted minimum sum of absolute differences"
2521 * (experimental and can in theory improve compression), and the "zlib
2522 * predictive" method (not implemented yet), which does test compressions
2523 * of lines using different filter methods, and then chooses the
2524 * (series of) filter(s) that give minimum compressed data size (VERY
2525 * computationally expensive).
2526 *
2527 * GRR 980525: consider also
2528 *
2529 * (1) minimum sum of absolute differences from running average (i.e.,
2530 * keep running sum of non-absolute differences & count of bytes)
2531 * [track dispersion, too? restart average if dispersion too large?]
2532 *
2533 * (1b) minimum sum of absolute differences from sliding average, probably
2534 * with window size <= deflate window (usually 32K)
2535 *
2536 * (2) minimum sum of squared differences from zero or running average
2537 * (i.e., ~ root-mean-square approach)
2538 */
2539
2540
2541 /* We don't need to test the 'no filter' case if this is the only filter
2542 * that has been chosen, as it doesn't actually do anything to the data.
2543 */
2544 best_row = png_ptr->row_buf;
2545
2546 if (PNG_SIZE_MAX/128 <= row_bytes)
2547 {
2548 /* Overflow can occur in the calculation, just select the lowest set
2549 * filter.
2550 */
2551 filter_to_do &= -filter_to_do;
2552 }
2553 else if ((filter_to_do & PNG_FILTER_NONE) != 0 &&
2554 filter_to_do != PNG_FILTER_NONE)
2555 {
2556 /* Overflow not possible and multiple filters in the list, including the
2557 * 'none' filter.
2558 */
2559 png_bytep rp;
2560 png_size_t sum = 0;
2561 png_size_t i;
2562 int v;
2563
2564 {
2565 for (i = 0, rp = row_buf + 1; i < row_bytes; i++, rp++)
2566 {
2567 v = *rp;
2568 sum += (v < 128) ? v : 256 - v;
2569 }
2570 }
2571
2572 mins = sum;
2573 }
2574
2575 /* Sub filter */
2576 if (filter_to_do == PNG_FILTER_SUB)
2577 /* It's the only filter so no testing is needed */
2578 {
2579 png_setup_sub_row_only(png_ptr, bpp, row_bytes);
2580 best_row = png_ptr->try_row;
2581 }
2582
2583 else if ((filter_to_do & PNG_FILTER_SUB) != 0)
2584 {
2585 png_size_t sum;
2586 png_size_t lmins = mins;
2587
2588 sum = png_setup_sub_row(png_ptr, bpp, row_bytes, lmins);
2589
2590 if (sum < mins)
2591 {
2592 mins = sum;
2593 best_row = png_ptr->try_row;
2594 if (png_ptr->tst_row != NULL)
2595 {
2596 png_ptr->try_row = png_ptr->tst_row;
2597 png_ptr->tst_row = best_row;
2598 }
2599 }
2600 }
2601
2602 /* Up filter */
2603 if (filter_to_do == PNG_FILTER_UP)
2604 {
2605 png_setup_up_row_only(png_ptr, row_bytes);
2606 best_row = png_ptr->try_row;
2607 }
2608
2609 else if ((filter_to_do & PNG_FILTER_UP) != 0)
2610 {
2611 png_size_t sum;
2612 png_size_t lmins = mins;
2613
2614 sum = png_setup_up_row(png_ptr, row_bytes, lmins);
2615
2616 if (sum < mins)
2617 {
2618 mins = sum;
2619 best_row = png_ptr->try_row;
2620 if (png_ptr->tst_row != NULL)
2621 {
2622 png_ptr->try_row = png_ptr->tst_row;
2623 png_ptr->tst_row = best_row;
2624 }
2625 }
2626 }
2627
2628 /* Avg filter */
2629 if (filter_to_do == PNG_FILTER_AVG)
2630 {
2631 png_setup_avg_row_only(png_ptr, bpp, row_bytes);
2632 best_row = png_ptr->try_row;
2633 }
2634
2635 else if ((filter_to_do & PNG_FILTER_AVG) != 0)
2636 {
2637 png_size_t sum;
2638 png_size_t lmins = mins;
2639
2640 sum= png_setup_avg_row(png_ptr, bpp, row_bytes, lmins);
2641
2642 if (sum < mins)
2643 {
2644 mins = sum;
2645 best_row = png_ptr->try_row;
2646 if (png_ptr->tst_row != NULL)
2647 {
2648 png_ptr->try_row = png_ptr->tst_row;
2649 png_ptr->tst_row = best_row;
2650 }
2651 }
2652 }
2653
2654 /* Paeth filter */
2655 if ((filter_to_do == PNG_FILTER_PAETH) != 0)
2656 {
2657 png_setup_paeth_row_only(png_ptr, bpp, row_bytes);
2658 best_row = png_ptr->try_row;
2659 }
2660
2661 else if ((filter_to_do & PNG_FILTER_PAETH) != 0)
2662 {
2663 png_size_t sum;
2664 png_size_t lmins = mins;
2665
2666 sum = png_setup_paeth_row(png_ptr, bpp, row_bytes, lmins);
2667
2668 if (sum < mins)
2669 {
2670 best_row = png_ptr->try_row;
2671 if (png_ptr->tst_row != NULL)
2672 {
2673 png_ptr->try_row = png_ptr->tst_row;
2674 png_ptr->tst_row = best_row;
2675 }
2676 }
2677 }
2678
2679 /* Do the actual writing of the filtered row data from the chosen filter. */
2680 png_write_filtered_row(png_ptr, best_row, row_info->rowbytes+1);
2681
2682 #endif /* WRITE_FILTER */
2683 }
2684
2685
2686 /* Do the actual writing of a previously filtered row. */
2687 static void
png_write_filtered_row(png_structrp png_ptr,png_bytep filtered_row,png_size_t full_row_length)2688 png_write_filtered_row(png_structrp png_ptr, png_bytep filtered_row,
2689 png_size_t full_row_length/*includes filter byte*/)
2690 {
2691 png_debug(1, "in png_write_filtered_row");
2692
2693 png_debug1(2, "filter = %d", filtered_row[0]);
2694
2695 png_compress_IDAT(png_ptr, filtered_row, full_row_length, Z_NO_FLUSH);
2696
2697 #ifdef PNG_WRITE_FILTER_SUPPORTED
2698 /* Swap the current and previous rows */
2699 if (png_ptr->prev_row != NULL)
2700 {
2701 png_bytep tptr;
2702
2703 tptr = png_ptr->prev_row;
2704 png_ptr->prev_row = png_ptr->row_buf;
2705 png_ptr->row_buf = tptr;
2706 }
2707 #endif /* WRITE_FILTER */
2708
2709 /* Finish row - updates counters and flushes zlib if last row */
2710 png_write_finish_row(png_ptr);
2711
2712 #ifdef PNG_WRITE_FLUSH_SUPPORTED
2713 png_ptr->flush_rows++;
2714
2715 if (png_ptr->flush_dist > 0 &&
2716 png_ptr->flush_rows >= png_ptr->flush_dist)
2717 {
2718 png_write_flush(png_ptr);
2719 }
2720 #endif /* WRITE_FLUSH */
2721 }
2722 #endif /* WRITE */
2723