2 /* png.c - location for general purpose libpng functions
4 * Last changed in libpng 1.6.0 [February 14, 2013]
5 * Copyright (c) 1998-2013 Glenn Randers-Pehrson
6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer
11 * and license in png.h
16 /* Generate a compiler error if there is an old png.h in the search path. */
17 typedef png_libpng_version_1_6_0 Your_png_h_is_not_version_1_6_0;
19 /* Tells libpng that we have already handled the first "num_bytes" bytes
20 * of the PNG file signature. If the PNG data is embedded into another
21 * stream we can set num_bytes = 8 so that libpng will not attempt to read
22 * or write any of the magic bytes before it starts on the IHDR.
25 #ifdef PNG_READ_SUPPORTED
27 png_set_sig_bytes(png_structrp png_ptr, int num_bytes)
29 png_debug(1, "in png_set_sig_bytes");
35 png_error(png_ptr, "Too many bytes for PNG signature");
37 png_ptr->sig_bytes = (png_byte)(num_bytes < 0 ? 0 : num_bytes);
40 /* Checks whether the supplied bytes match the PNG signature. We allow
41 * checking less than the full 8-byte signature so that those apps that
42 * already read the first few bytes of a file to determine the file type
43 * can simply check the remaining bytes for extra assurance. Returns
44 * an integer less than, equal to, or greater than zero if sig is found,
45 * respectively, to be less than, to match, or be greater than the correct
46 * PNG signature (this is the same behavior as strcmp, memcmp, etc).
49 png_sig_cmp(png_const_bytep sig, png_size_t start, png_size_t num_to_check)
51 png_byte png_signature[8] = {137, 80, 78, 71, 13, 10, 26, 10};
56 else if (num_to_check < 1)
62 if (start + num_to_check > 8)
63 num_to_check = 8 - start;
65 return ((int)(memcmp(&sig[start], &png_signature[start], num_to_check)));
68 #endif /* PNG_READ_SUPPORTED */
70 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
71 /* Function to allocate memory for zlib */
72 PNG_FUNCTION(voidpf /* PRIVATE */,
73 png_zalloc,(voidpf png_ptr, uInt items, uInt size),PNG_ALLOCATED)
75 png_alloc_size_t num_bytes = size;
80 if (items >= (~(png_alloc_size_t)0)/size)
82 png_warning (png_voidcast(png_structrp, png_ptr),
83 "Potential overflow in png_zalloc()");
88 return png_malloc_warn(png_voidcast(png_structrp, png_ptr), num_bytes);
91 /* Function to free memory for zlib */
93 png_zfree(voidpf png_ptr, voidpf ptr)
95 png_free(png_voidcast(png_const_structrp,png_ptr), ptr);
98 /* Reset the CRC variable to 32 bits of 1's. Care must be taken
99 * in case CRC is > 32 bits to leave the top bits 0.
102 png_reset_crc(png_structrp png_ptr)
104 /* The cast is safe because the crc is a 32 bit value. */
105 png_ptr->crc = (png_uint_32)crc32(0, Z_NULL, 0);
108 /* Calculate the CRC over a section of data. We can only pass as
109 * much data to this routine as the largest single buffer size. We
110 * also check that this data will actually be used before going to the
111 * trouble of calculating it.
114 png_calculate_crc(png_structrp png_ptr, png_const_bytep ptr, png_size_t length)
118 if (PNG_CHUNK_ANCILLIARY(png_ptr->chunk_name))
120 if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_MASK) ==
121 (PNG_FLAG_CRC_ANCILLARY_USE | PNG_FLAG_CRC_ANCILLARY_NOWARN))
127 if (png_ptr->flags & PNG_FLAG_CRC_CRITICAL_IGNORE)
131 /* 'uLong' is defined in zlib.h as unsigned long; this means that on some
132 * systems it is a 64 bit value. crc32, however, returns 32 bits so the
133 * following cast is safe. 'uInt' may be no more than 16 bits, so it is
134 * necessary to perform a loop here.
136 if (need_crc && length > 0)
138 uLong crc = png_ptr->crc; /* Should never issue a warning */
142 uInt safe_length = (uInt)length;
143 if (safe_length == 0)
144 safe_length = (uInt)-1; /* evil, but safe */
146 crc = crc32(crc, ptr, safe_length);
148 /* The following should never issue compiler warnings; if they do the
149 * target system has characteristics that will probably violate other
150 * assumptions within the libpng code.
153 length -= safe_length;
157 /* And the following is always safe because the crc is only 32 bits. */
158 png_ptr->crc = (png_uint_32)crc;
162 /* Check a user supplied version number, called from both read and write
163 * functions that create a png_struct.
166 png_user_version_check(png_structrp png_ptr, png_const_charp user_png_ver)
174 if (user_png_ver[i] != png_libpng_ver[i])
175 png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
176 } while (png_libpng_ver[i++]);
180 png_ptr->flags |= PNG_FLAG_LIBRARY_MISMATCH;
182 if (png_ptr->flags & PNG_FLAG_LIBRARY_MISMATCH)
184 /* Libpng 0.90 and later are binary incompatible with libpng 0.89, so
185 * we must recompile any applications that use any older library version.
186 * For versions after libpng 1.0, we will be compatible, so we need
187 * only check the first and third digits (note that when we reach version
188 * 1.10 we will need to check the fourth symbol, namely user_png_ver[3]).
190 if (user_png_ver == NULL || user_png_ver[0] != png_libpng_ver[0] ||
191 (user_png_ver[0] == '1' && (user_png_ver[2] != png_libpng_ver[2] ||
192 user_png_ver[3] != png_libpng_ver[3])) ||
193 (user_png_ver[0] == '0' && user_png_ver[2] < '9'))
195 #ifdef PNG_WARNINGS_SUPPORTED
199 pos = png_safecat(m, (sizeof m), pos,
200 "Application built with libpng-");
201 pos = png_safecat(m, (sizeof m), pos, user_png_ver);
202 pos = png_safecat(m, (sizeof m), pos, " but running with ");
203 pos = png_safecat(m, (sizeof m), pos, png_libpng_ver);
205 png_warning(png_ptr, m);
208 #ifdef PNG_ERROR_NUMBERS_SUPPORTED
216 /* Success return. */
220 /* Generic function to create a png_struct for either read or write - this
221 * contains the common initialization.
223 PNG_FUNCTION(png_structp /* PRIVATE */,
224 png_create_png_struct,(png_const_charp user_png_ver, png_voidp error_ptr,
225 png_error_ptr error_fn, png_error_ptr warn_fn, png_voidp mem_ptr,
226 png_malloc_ptr malloc_fn, png_free_ptr free_fn),PNG_ALLOCATED)
228 png_struct create_struct;
229 # ifdef PNG_SETJMP_SUPPORTED
230 jmp_buf create_jmp_buf;
233 /* This temporary stack-allocated structure is used to provide a place to
234 * build enough context to allow the user provided memory allocator (if any)
237 memset(&create_struct, 0, (sizeof create_struct));
239 /* Added at libpng-1.2.6 */
240 # ifdef PNG_USER_LIMITS_SUPPORTED
241 create_struct.user_width_max = PNG_USER_WIDTH_MAX;
242 create_struct.user_height_max = PNG_USER_HEIGHT_MAX;
244 # ifdef PNG_USER_CHUNK_CACHE_MAX
245 /* Added at libpng-1.2.43 and 1.4.0 */
246 create_struct.user_chunk_cache_max = PNG_USER_CHUNK_CACHE_MAX;
249 # ifdef PNG_USER_CHUNK_MALLOC_MAX
250 /* Added at libpng-1.2.43 and 1.4.1, required only for read but exists
251 * in png_struct regardless.
253 create_struct.user_chunk_malloc_max = PNG_USER_CHUNK_MALLOC_MAX;
257 /* The following two API calls simply set fields in png_struct, so it is safe
258 * to do them now even though error handling is not yet set up.
260 # ifdef PNG_USER_MEM_SUPPORTED
261 png_set_mem_fn(&create_struct, mem_ptr, malloc_fn, free_fn);
264 /* (*error_fn) can return control to the caller after the error_ptr is set,
265 * this will result in a memory leak unless the error_fn does something
266 * extremely sophisticated. The design lacks merit but is implicit in the
269 png_set_error_fn(&create_struct, error_ptr, error_fn, warn_fn);
271 # ifdef PNG_SETJMP_SUPPORTED
272 if (!setjmp(create_jmp_buf))
274 /* Temporarily fake out the longjmp information until we have
275 * successfully completed this function. This only works if we have
276 * setjmp() support compiled in, but it is safe - this stuff should
279 create_struct.jmp_buf_ptr = &create_jmp_buf;
280 create_struct.jmp_buf_size = 0; /*stack allocation*/
281 create_struct.longjmp_fn = longjmp;
285 /* Call the general version checker (shared with read and write code):
287 if (png_user_version_check(&create_struct, user_png_ver))
289 png_structrp png_ptr = png_voidcast(png_structrp,
290 png_malloc_warn(&create_struct, (sizeof *png_ptr)));
294 /* png_ptr->zstream holds a back-pointer to the png_struct, so
295 * this can only be done now:
297 create_struct.zstream.zalloc = png_zalloc;
298 create_struct.zstream.zfree = png_zfree;
299 create_struct.zstream.opaque = png_ptr;
301 # ifdef PNG_SETJMP_SUPPORTED
302 /* Eliminate the local error handling: */
303 create_struct.jmp_buf_ptr = NULL;
304 create_struct.jmp_buf_size = 0;
305 create_struct.longjmp_fn = 0;
308 *png_ptr = create_struct;
310 /* This is the successful return point */
316 /* A longjmp because of a bug in the application storage allocator or a
317 * simple failure to allocate the png_struct.
322 /* Allocate the memory for an info_struct for the application. */
323 PNG_FUNCTION(png_infop,PNGAPI
324 png_create_info_struct,(png_const_structrp png_ptr),PNG_ALLOCATED)
328 png_debug(1, "in png_create_info_struct");
333 /* Use the internal API that does not (or at least should not) error out, so
334 * that this call always returns ok. The application typically sets up the
335 * error handling *after* creating the info_struct because this is the way it
336 * has always been done in 'example.c'.
338 info_ptr = png_voidcast(png_inforp, png_malloc_base(png_ptr,
339 (sizeof *info_ptr)));
341 if (info_ptr != NULL)
342 memset(info_ptr, 0, (sizeof *info_ptr));
347 /* This function frees the memory associated with a single info struct.
348 * Normally, one would use either png_destroy_read_struct() or
349 * png_destroy_write_struct() to free an info struct, but this may be
350 * useful for some applications. From libpng 1.6.0 this function is also used
351 * internally to implement the png_info release part of the 'struct' destroy
352 * APIs. This ensures that all possible approaches free the same data (all of
356 png_destroy_info_struct(png_const_structrp png_ptr, png_infopp info_ptr_ptr)
358 png_inforp info_ptr = NULL;
360 png_debug(1, "in png_destroy_info_struct");
365 if (info_ptr_ptr != NULL)
366 info_ptr = *info_ptr_ptr;
368 if (info_ptr != NULL)
370 /* Do this first in case of an error below; if the app implements its own
371 * memory management this can lead to png_free calling png_error, which
372 * will abort this routine and return control to the app error handler.
373 * An infinite loop may result if it then tries to free the same info
376 *info_ptr_ptr = NULL;
378 png_free_data(png_ptr, info_ptr, PNG_FREE_ALL, -1);
379 memset(info_ptr, 0, (sizeof *info_ptr));
380 png_free(png_ptr, info_ptr);
384 /* Initialize the info structure. This is now an internal function (0.89)
385 * and applications using it are urged to use png_create_info_struct()
386 * instead. Use deprecated in 1.6.0, internal use removed (used internally it
389 * NOTE: it is almost inconceivable that this API is used because it bypasses
390 * the user-memory mechanism and the user error handling/warning mechanisms in
391 * those cases where it does anything other than a memset.
393 PNG_FUNCTION(void,PNGAPI
394 png_info_init_3,(png_infopp ptr_ptr, png_size_t png_info_struct_size),
397 png_inforp info_ptr = *ptr_ptr;
399 png_debug(1, "in png_info_init_3");
401 if (info_ptr == NULL)
404 if ((sizeof (png_info)) > png_info_struct_size)
407 /* The following line is why this API should not be used: */
409 info_ptr = png_voidcast(png_inforp, png_malloc_base(NULL,
410 (sizeof *info_ptr)));
414 /* Set everything to 0 */
415 memset(info_ptr, 0, (sizeof *info_ptr));
418 /* The following API is not called internally */
420 png_data_freer(png_const_structrp png_ptr, png_inforp info_ptr,
421 int freer, png_uint_32 mask)
423 png_debug(1, "in png_data_freer");
425 if (png_ptr == NULL || info_ptr == NULL)
428 if (freer == PNG_DESTROY_WILL_FREE_DATA)
429 info_ptr->free_me |= mask;
431 else if (freer == PNG_USER_WILL_FREE_DATA)
432 info_ptr->free_me &= ~mask;
435 png_error(png_ptr, "Unknown freer parameter in png_data_freer");
439 png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
442 png_debug(1, "in png_free_data");
444 if (png_ptr == NULL || info_ptr == NULL)
447 #ifdef PNG_TEXT_SUPPORTED
448 /* Free text item num or (if num == -1) all text items */
449 if ((mask & PNG_FREE_TEXT) & info_ptr->free_me)
453 if (info_ptr->text && info_ptr->text[num].key)
455 png_free(png_ptr, info_ptr->text[num].key);
456 info_ptr->text[num].key = NULL;
463 for (i = 0; i < info_ptr->num_text; i++)
464 png_free_data(png_ptr, info_ptr, PNG_FREE_TEXT, i);
465 png_free(png_ptr, info_ptr->text);
466 info_ptr->text = NULL;
467 info_ptr->num_text=0;
472 #ifdef PNG_tRNS_SUPPORTED
473 /* Free any tRNS entry */
474 if ((mask & PNG_FREE_TRNS) & info_ptr->free_me)
476 png_free(png_ptr, info_ptr->trans_alpha);
477 info_ptr->trans_alpha = NULL;
478 info_ptr->valid &= ~PNG_INFO_tRNS;
482 #ifdef PNG_sCAL_SUPPORTED
483 /* Free any sCAL entry */
484 if ((mask & PNG_FREE_SCAL) & info_ptr->free_me)
486 png_free(png_ptr, info_ptr->scal_s_width);
487 png_free(png_ptr, info_ptr->scal_s_height);
488 info_ptr->scal_s_width = NULL;
489 info_ptr->scal_s_height = NULL;
490 info_ptr->valid &= ~PNG_INFO_sCAL;
494 #ifdef PNG_pCAL_SUPPORTED
495 /* Free any pCAL entry */
496 if ((mask & PNG_FREE_PCAL) & info_ptr->free_me)
498 png_free(png_ptr, info_ptr->pcal_purpose);
499 png_free(png_ptr, info_ptr->pcal_units);
500 info_ptr->pcal_purpose = NULL;
501 info_ptr->pcal_units = NULL;
502 if (info_ptr->pcal_params != NULL)
505 for (i = 0; i < info_ptr->pcal_nparams; i++)
507 png_free(png_ptr, info_ptr->pcal_params[i]);
508 info_ptr->pcal_params[i] = NULL;
510 png_free(png_ptr, info_ptr->pcal_params);
511 info_ptr->pcal_params = NULL;
513 info_ptr->valid &= ~PNG_INFO_pCAL;
517 #ifdef PNG_iCCP_SUPPORTED
518 /* Free any profile entry */
519 if ((mask & PNG_FREE_ICCP) & info_ptr->free_me)
521 png_free(png_ptr, info_ptr->iccp_name);
522 png_free(png_ptr, info_ptr->iccp_profile);
523 info_ptr->iccp_name = NULL;
524 info_ptr->iccp_profile = NULL;
525 info_ptr->valid &= ~PNG_INFO_iCCP;
529 #ifdef PNG_sPLT_SUPPORTED
530 /* Free a given sPLT entry, or (if num == -1) all sPLT entries */
531 if ((mask & PNG_FREE_SPLT) & info_ptr->free_me)
535 if (info_ptr->splt_palettes)
537 png_free(png_ptr, info_ptr->splt_palettes[num].name);
538 png_free(png_ptr, info_ptr->splt_palettes[num].entries);
539 info_ptr->splt_palettes[num].name = NULL;
540 info_ptr->splt_palettes[num].entries = NULL;
546 if (info_ptr->splt_palettes_num)
549 for (i = 0; i < info_ptr->splt_palettes_num; i++)
550 png_free_data(png_ptr, info_ptr, PNG_FREE_SPLT, (int)i);
552 png_free(png_ptr, info_ptr->splt_palettes);
553 info_ptr->splt_palettes = NULL;
554 info_ptr->splt_palettes_num = 0;
556 info_ptr->valid &= ~PNG_INFO_sPLT;
561 #ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED
562 if ((mask & PNG_FREE_UNKN) & info_ptr->free_me)
566 if (info_ptr->unknown_chunks)
568 png_free(png_ptr, info_ptr->unknown_chunks[num].data);
569 info_ptr->unknown_chunks[num].data = NULL;
577 if (info_ptr->unknown_chunks_num)
579 for (i = 0; i < info_ptr->unknown_chunks_num; i++)
580 png_free_data(png_ptr, info_ptr, PNG_FREE_UNKN, (int)i);
582 png_free(png_ptr, info_ptr->unknown_chunks);
583 info_ptr->unknown_chunks = NULL;
584 info_ptr->unknown_chunks_num = 0;
590 #ifdef PNG_hIST_SUPPORTED
591 /* Free any hIST entry */
592 if ((mask & PNG_FREE_HIST) & info_ptr->free_me)
594 png_free(png_ptr, info_ptr->hist);
595 info_ptr->hist = NULL;
596 info_ptr->valid &= ~PNG_INFO_hIST;
600 /* Free any PLTE entry that was internally allocated */
601 if ((mask & PNG_FREE_PLTE) & info_ptr->free_me)
603 png_free(png_ptr, info_ptr->palette);
604 info_ptr->palette = NULL;
605 info_ptr->valid &= ~PNG_INFO_PLTE;
606 info_ptr->num_palette = 0;
609 #ifdef PNG_INFO_IMAGE_SUPPORTED
610 /* Free any image bits attached to the info structure */
611 if ((mask & PNG_FREE_ROWS) & info_ptr->free_me)
613 if (info_ptr->row_pointers)
616 for (row = 0; row < info_ptr->height; row++)
618 png_free(png_ptr, info_ptr->row_pointers[row]);
619 info_ptr->row_pointers[row] = NULL;
621 png_free(png_ptr, info_ptr->row_pointers);
622 info_ptr->row_pointers = NULL;
624 info_ptr->valid &= ~PNG_INFO_IDAT;
629 mask &= ~PNG_FREE_MUL;
631 info_ptr->free_me &= ~mask;
633 #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
635 /* This function returns a pointer to the io_ptr associated with the user
636 * functions. The application should free any memory associated with this
637 * pointer before png_write_destroy() or png_read_destroy() are called.
640 png_get_io_ptr(png_const_structrp png_ptr)
645 return (png_ptr->io_ptr);
648 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
649 # ifdef PNG_STDIO_SUPPORTED
650 /* Initialize the default input/output functions for the PNG file. If you
651 * use your own read or write routines, you can call either png_set_read_fn()
652 * or png_set_write_fn() instead of png_init_io(). If you have defined
653 * PNG_NO_STDIO or otherwise disabled PNG_STDIO_SUPPORTED, you must use a
654 * function of your own because "FILE *" isn't necessarily available.
657 png_init_io(png_structrp png_ptr, png_FILE_p fp)
659 png_debug(1, "in png_init_io");
664 png_ptr->io_ptr = (png_voidp)fp;
668 #ifdef PNG_SAVE_INT_32_SUPPORTED
669 /* The png_save_int_32 function assumes integers are stored in two's
670 * complement format. If this isn't the case, then this routine needs to
671 * be modified to write data in two's complement format. Note that,
672 * the following works correctly even if png_int_32 has more than 32 bits
673 * (compare the more complex code required on read for sign extension.)
676 png_save_int_32(png_bytep buf, png_int_32 i)
678 buf[0] = (png_byte)((i >> 24) & 0xff);
679 buf[1] = (png_byte)((i >> 16) & 0xff);
680 buf[2] = (png_byte)((i >> 8) & 0xff);
681 buf[3] = (png_byte)(i & 0xff);
685 # ifdef PNG_TIME_RFC1123_SUPPORTED
686 /* Convert the supplied time into an RFC 1123 string suitable for use in
687 * a "Creation Time" or other text-based time string.
690 png_convert_to_rfc1123_buffer(char out[29], png_const_timep ptime)
692 static PNG_CONST char short_months[12][4] =
693 {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
694 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
699 if (ptime->year > 9999 /* RFC1123 limitation */ ||
700 ptime->month == 0 || ptime->month > 12 ||
701 ptime->day == 0 || ptime->day > 31 ||
702 ptime->hour > 23 || ptime->minute > 59 ||
708 char number_buf[5]; /* enough for a four-digit year */
710 # define APPEND_STRING(string) pos = png_safecat(out, 29, pos, (string))
711 # define APPEND_NUMBER(format, value)\
712 APPEND_STRING(PNG_FORMAT_NUMBER(number_buf, format, (value)))
713 # define APPEND(ch) if (pos < 28) out[pos++] = (ch)
715 APPEND_NUMBER(PNG_NUMBER_FORMAT_u, (unsigned)ptime->day);
717 APPEND_STRING(short_months[(ptime->month - 1)]);
719 APPEND_NUMBER(PNG_NUMBER_FORMAT_u, ptime->year);
721 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->hour);
723 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->minute);
725 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->second);
726 APPEND_STRING(" +0000"); /* This reliably terminates the buffer */
729 # undef APPEND_NUMBER
730 # undef APPEND_STRING
736 # if PNG_LIBPNG_VER < 10700
737 /* To do: remove the following from libpng-1.7 */
738 /* Original API that uses a private buffer in png_struct.
739 * Deprecated because it causes png_struct to carry a spurious temporary
740 * buffer (png_struct::time_buffer), better to have the caller pass this in.
742 png_const_charp PNGAPI
743 png_convert_to_rfc1123(png_structrp png_ptr, png_const_timep ptime)
747 /* The only failure above if png_ptr != NULL is from an invalid ptime */
748 if (!png_convert_to_rfc1123_buffer(png_ptr->time_buffer, ptime))
749 png_warning(png_ptr, "Ignoring invalid time value");
752 return png_ptr->time_buffer;
758 # endif /* PNG_TIME_RFC1123_SUPPORTED */
760 #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
762 png_const_charp PNGAPI
763 png_get_copyright(png_const_structrp png_ptr)
765 PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */
766 #ifdef PNG_STRING_COPYRIGHT
767 return PNG_STRING_COPYRIGHT
770 return PNG_STRING_NEWLINE \
771 "libpng version 1.6.0 - February 14, 2013" PNG_STRING_NEWLINE \
772 "Copyright (c) 1998-2013 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
773 "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
774 "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
777 return "libpng version 1.6.0 - February 14, 2013\
778 Copyright (c) 1998-2013 Glenn Randers-Pehrson\
779 Copyright (c) 1996-1997 Andreas Dilger\
780 Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
785 /* The following return the library version as a short string in the
786 * format 1.0.0 through 99.99.99zz. To get the version of *.h files
787 * used with your application, print out PNG_LIBPNG_VER_STRING, which
788 * is defined in png.h.
789 * Note: now there is no difference between png_get_libpng_ver() and
790 * png_get_header_ver(). Due to the version_nn_nn_nn typedef guard,
791 * it is guaranteed that png.c uses the correct version of png.h.
793 png_const_charp PNGAPI
794 png_get_libpng_ver(png_const_structrp png_ptr)
796 /* Version of *.c files used when building libpng */
797 return png_get_header_ver(png_ptr);
800 png_const_charp PNGAPI
801 png_get_header_ver(png_const_structrp png_ptr)
803 /* Version of *.h files used when building libpng */
804 PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */
805 return PNG_LIBPNG_VER_STRING;
808 png_const_charp PNGAPI
809 png_get_header_version(png_const_structrp png_ptr)
811 /* Returns longer string containing both version and date */
812 PNG_UNUSED(png_ptr) /* Silence compiler warning about unused png_ptr */
814 return PNG_HEADER_VERSION_STRING
815 # ifndef PNG_READ_SUPPORTED
820 return PNG_HEADER_VERSION_STRING;
824 #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED
826 png_handle_as_unknown(png_const_structrp png_ptr, png_const_bytep chunk_name)
828 /* Check chunk_name and return "keep" value if it's on the list, else 0 */
829 png_const_bytep p, p_end;
831 if (png_ptr == NULL || chunk_name == NULL || png_ptr->num_chunk_list == 0)
832 return PNG_HANDLE_CHUNK_AS_DEFAULT;
834 p_end = png_ptr->chunk_list;
835 p = p_end + png_ptr->num_chunk_list*5; /* beyond end */
837 /* The code is the fifth byte after each four byte string. Historically this
838 * code was always searched from the end of the list, this is no longer
839 * necessary because the 'set' routine handles duplicate entries correcty.
841 do /* num_chunk_list > 0, so at least one */
845 if (!memcmp(chunk_name, p, 4))
850 /* This means that known chunks should be processed and unknown chunks should
851 * be handled according to the value of png_ptr->unknown_default; this can be
852 * confusing because, as a result, there are two levels of defaulting for
855 return PNG_HANDLE_CHUNK_AS_DEFAULT;
858 #ifdef PNG_READ_UNKNOWN_CHUNKS_SUPPORTED
860 png_chunk_unknown_handling(png_const_structrp png_ptr, png_uint_32 chunk_name)
862 png_byte chunk_string[5];
864 PNG_CSTRING_FROM_CHUNK(chunk_string, chunk_name);
865 return png_handle_as_unknown(png_ptr, chunk_string);
867 #endif /* READ_UNKNOWN_CHUNKS */
868 #endif /* SET_UNKNOWN_CHUNKS */
870 #ifdef PNG_READ_SUPPORTED
871 /* This function, added to libpng-1.0.6g, is untested. */
873 png_reset_zstream(png_structrp png_ptr)
876 return Z_STREAM_ERROR;
878 /* WARNING: this resets the window bits to the maximum! */
879 return (inflateReset(&png_ptr->zstream));
881 #endif /* PNG_READ_SUPPORTED */
883 /* This function was added to libpng-1.0.7 */
885 png_access_version_number(void)
887 /* Version of *.c files used when building libpng */
888 return((png_uint_32)PNG_LIBPNG_VER);
893 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
894 /* Ensure that png_ptr->zstream.msg holds some appropriate error message string.
895 * If it doesn't 'ret' is used to set it to something appropriate, even in cases
896 * like Z_OK or Z_STREAM_END where the error code is apparently a success code.
899 png_zstream_error(png_structrp png_ptr, int ret)
901 /* Translate 'ret' into an appropriate error string, priority is given to the
902 * one in zstream if set. This always returns a string, even in cases like
903 * Z_OK or Z_STREAM_END where the error code is a success code.
905 if (png_ptr->zstream.msg == NULL) switch (ret)
909 png_ptr->zstream.msg = PNGZ_MSG_CAST("unexpected zlib return code");
914 png_ptr->zstream.msg = PNGZ_MSG_CAST("unexpected end of LZ stream");
918 /* This means the deflate stream did not have a dictionary; this
919 * indicates a bogus PNG.
921 png_ptr->zstream.msg = PNGZ_MSG_CAST("missing LZ dictionary");
925 /* gz APIs only: should not happen */
926 png_ptr->zstream.msg = PNGZ_MSG_CAST("zlib IO error");
930 /* internal libpng error */
931 png_ptr->zstream.msg = PNGZ_MSG_CAST("bad parameters to zlib");
935 png_ptr->zstream.msg = PNGZ_MSG_CAST("damaged LZ stream");
939 png_ptr->zstream.msg = PNGZ_MSG_CAST("insufficient memory");
943 /* End of input or output; not a problem if the caller is doing
944 * incremental read or write.
946 png_ptr->zstream.msg = PNGZ_MSG_CAST("truncated");
949 case Z_VERSION_ERROR:
950 png_ptr->zstream.msg = PNGZ_MSG_CAST("unsupported zlib version");
953 case PNG_UNEXPECTED_ZLIB_RETURN:
954 /* Compile errors here mean that zlib now uses the value co-opted in
955 * pngpriv.h for PNG_UNEXPECTED_ZLIB_RETURN; update the switch above
956 * and change pngpriv.h. Note that this message is "... return",
957 * whereas the default/Z_OK one is "... return code".
959 png_ptr->zstream.msg = PNGZ_MSG_CAST("unexpected zlib return");
964 /* png_convert_size: a PNGAPI but no longer in png.h, so deleted
968 /* Added at libpng version 1.2.34 and 1.4.0 (moved from pngset.c) */
969 #ifdef PNG_GAMMA_SUPPORTED /* always set if COLORSPACE */
971 png_colorspace_check_gamma(png_const_structrp png_ptr,
972 png_colorspacerp colorspace, png_fixed_point gAMA, int from)
973 /* This is called to check a new gamma value against an existing one. The
974 * routine returns false if the new gamma value should not be written.
976 * 'from' says where the new gamma value comes from:
978 * 0: the new gamma value is the libpng estimate for an ICC profile
979 * 1: the new gamma value comes from a gAMA chunk
980 * 2: the new gamma value comes from an sRGB chunk
983 png_fixed_point gtest;
985 if ((colorspace->flags & PNG_COLORSPACE_HAVE_GAMMA) != 0 &&
986 (!png_muldiv(>est, colorspace->gamma, PNG_FP_1, gAMA) ||
987 png_gamma_significant(gtest)))
989 /* Either this is an sRGB image, in which case the calculated gamma
990 * approximation should match, or this is an image with a profile and the
991 * value libpng calculates for the gamma of the profile does not match the
992 * value recorded in the file. The former, sRGB, case is an error, the
993 * latter is just a warning.
995 if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != 0 || from == 2)
997 png_chunk_report(png_ptr, "gamma value does not match sRGB",
999 /* Do not overwrite an sRGB value */
1003 else /* sRGB tag not involved */
1005 png_chunk_report(png_ptr, "gamma value does not match libpng estimate",
1015 png_colorspace_set_gamma(png_const_structrp png_ptr,
1016 png_colorspacerp colorspace, png_fixed_point gAMA)
1018 /* Changed in libpng-1.5.4 to limit the values to ensure overflow can't
1019 * occur. Since the fixed point representation is assymetrical it is
1020 * possible for 1/gamma to overflow the limit of 21474 and this means the
1021 * gamma value must be at least 5/100000 and hence at most 20000.0. For
1022 * safety the limits here are a little narrower. The values are 0.00016 to
1023 * 6250.0, which are truly ridiculous gamma values (and will produce
1024 * displays that are all black or all white.)
1026 * In 1.6.0 this test replaces the ones in pngrutil.c, in the gAMA chunk
1027 * handling code, which only required the value to be >0.
1029 png_const_charp errmsg;
1031 if (gAMA < 16 || gAMA > 625000000)
1032 errmsg = "gamma value out of range";
1034 # ifdef PNG_READ_gAMA_SUPPORTED
1035 /* Allow the application to set the gamma value more than once */
1036 else if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0 &&
1037 (colorspace->flags & PNG_COLORSPACE_FROM_gAMA) != 0)
1038 errmsg = "duplicate";
1041 /* Do nothing if the colorspace is already invalid */
1042 else if (colorspace->flags & PNG_COLORSPACE_INVALID)
1047 if (png_colorspace_check_gamma(png_ptr, colorspace, gAMA, 1/*from gAMA*/))
1049 /* Store this gamma value. */
1050 colorspace->gamma = gAMA;
1051 colorspace->flags |=
1052 (PNG_COLORSPACE_HAVE_GAMMA | PNG_COLORSPACE_FROM_gAMA);
1055 /* At present if the check_gamma test fails the gamma of the colorspace is
1056 * not updated however the colorspace is not invalidated. This
1057 * corresponds to the case where the existing gamma comes from an sRGB
1058 * chunk or profile. An error message has already been output.
1063 /* Error exit - errmsg has been set. */
1064 colorspace->flags |= PNG_COLORSPACE_INVALID;
1065 png_chunk_report(png_ptr, errmsg, PNG_CHUNK_WRITE_ERROR);
1069 png_colorspace_sync_info(png_const_structrp png_ptr, png_inforp info_ptr)
1071 if (info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID)
1073 /* Everything is invalid */
1074 info_ptr->valid &= ~(PNG_INFO_gAMA|PNG_INFO_cHRM|PNG_INFO_sRGB|
1077 # ifdef PNG_COLORSPACE_SUPPORTED
1078 /* Clean up the iCCP profile now if it won't be used. */
1079 png_free_data(png_ptr, info_ptr, PNG_FREE_ICCP, -1/*not used*/);
1087 # ifdef PNG_COLORSPACE_SUPPORTED
1088 /* Leave the INFO_iCCP flag set if the pngset.c code has already set
1089 * it; this allows a PNG to contain a profile which matches sRGB and
1090 * yet still have that profile retrievable by the application.
1092 if (info_ptr->colorspace.flags & PNG_COLORSPACE_MATCHES_sRGB)
1093 info_ptr->valid |= PNG_INFO_sRGB;
1096 info_ptr->valid &= ~PNG_INFO_sRGB;
1098 if (info_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_ENDPOINTS)
1099 info_ptr->valid |= PNG_INFO_cHRM;
1102 info_ptr->valid &= ~PNG_INFO_cHRM;
1105 if (info_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_GAMMA)
1106 info_ptr->valid |= PNG_INFO_gAMA;
1109 info_ptr->valid &= ~PNG_INFO_gAMA;
1113 #ifdef PNG_READ_SUPPORTED
1115 png_colorspace_sync(png_const_structrp png_ptr, png_inforp info_ptr)
1117 if (info_ptr == NULL) /* reduce code size; check here not in the caller */
1120 info_ptr->colorspace = png_ptr->colorspace;
1121 png_colorspace_sync_info(png_ptr, info_ptr);
1126 #ifdef PNG_COLORSPACE_SUPPORTED
1127 /* Added at libpng-1.5.5 to support read and write of true CIEXYZ values for
1128 * cHRM, as opposed to using chromaticities. These internal APIs return
1129 * non-zero on a parameter error. The X, Y and Z values are required to be
1130 * positive and less than 1.0.
1133 png_xy_from_XYZ(png_xy *xy, const png_XYZ *XYZ)
1135 png_int_32 d, dwhite, whiteX, whiteY;
1137 d = XYZ->red_X + XYZ->red_Y + XYZ->red_Z;
1138 if (!png_muldiv(&xy->redx, XYZ->red_X, PNG_FP_1, d)) return 1;
1139 if (!png_muldiv(&xy->redy, XYZ->red_Y, PNG_FP_1, d)) return 1;
1141 whiteX = XYZ->red_X;
1142 whiteY = XYZ->red_Y;
1144 d = XYZ->green_X + XYZ->green_Y + XYZ->green_Z;
1145 if (!png_muldiv(&xy->greenx, XYZ->green_X, PNG_FP_1, d)) return 1;
1146 if (!png_muldiv(&xy->greeny, XYZ->green_Y, PNG_FP_1, d)) return 1;
1148 whiteX += XYZ->green_X;
1149 whiteY += XYZ->green_Y;
1151 d = XYZ->blue_X + XYZ->blue_Y + XYZ->blue_Z;
1152 if (!png_muldiv(&xy->bluex, XYZ->blue_X, PNG_FP_1, d)) return 1;
1153 if (!png_muldiv(&xy->bluey, XYZ->blue_Y, PNG_FP_1, d)) return 1;
1155 whiteX += XYZ->blue_X;
1156 whiteY += XYZ->blue_Y;
1158 /* The reference white is simply the sum of the end-point (X,Y,Z) vectors,
1161 if (!png_muldiv(&xy->whitex, whiteX, PNG_FP_1, dwhite)) return 1;
1162 if (!png_muldiv(&xy->whitey, whiteY, PNG_FP_1, dwhite)) return 1;
1168 png_XYZ_from_xy(png_XYZ *XYZ, const png_xy *xy)
1170 png_fixed_point red_inverse, green_inverse, blue_scale;
1171 png_fixed_point left, right, denominator;
1173 /* Check xy and, implicitly, z. Note that wide gamut color spaces typically
1174 * have end points with 0 tristimulus values (these are impossible end
1175 * points, but they are used to cover the possible colors.)
1177 if (xy->redx < 0 || xy->redx > PNG_FP_1) return 1;
1178 if (xy->redy < 0 || xy->redy > PNG_FP_1-xy->redx) return 1;
1179 if (xy->greenx < 0 || xy->greenx > PNG_FP_1) return 1;
1180 if (xy->greeny < 0 || xy->greeny > PNG_FP_1-xy->greenx) return 1;
1181 if (xy->bluex < 0 || xy->bluex > PNG_FP_1) return 1;
1182 if (xy->bluey < 0 || xy->bluey > PNG_FP_1-xy->bluex) return 1;
1183 if (xy->whitex < 0 || xy->whitex > PNG_FP_1) return 1;
1184 if (xy->whitey < 0 || xy->whitey > PNG_FP_1-xy->whitex) return 1;
1186 /* The reverse calculation is more difficult because the original tristimulus
1187 * value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8
1188 * derived values were recorded in the cHRM chunk;
1189 * (red,green,blue,white)x(x,y). This loses one degree of freedom and
1190 * therefore an arbitrary ninth value has to be introduced to undo the
1191 * original transformations.
1193 * Think of the original end-points as points in (X,Y,Z) space. The
1194 * chromaticity values (c) have the property:
1200 * For each c (x,y,z) from the corresponding original C (X,Y,Z). Thus the
1201 * three chromaticity values (x,y,z) for each end-point obey the
1206 * This describes the plane in (X,Y,Z) space that intersects each axis at the
1207 * value 1.0; call this the chromaticity plane. Thus the chromaticity
1208 * calculation has scaled each end-point so that it is on the x+y+z=1 plane
1209 * and chromaticity is the intersection of the vector from the origin to the
1210 * (X,Y,Z) value with the chromaticity plane.
1212 * To fully invert the chromaticity calculation we would need the three
1213 * end-point scale factors, (red-scale, green-scale, blue-scale), but these
1214 * were not recorded. Instead we calculated the reference white (X,Y,Z) and
1215 * recorded the chromaticity of this. The reference white (X,Y,Z) would have
1216 * given all three of the scale factors since:
1218 * color-C = color-c * color-scale
1219 * white-C = red-C + green-C + blue-C
1220 * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
1222 * But cHRM records only white-x and white-y, so we have lost the white scale
1225 * white-C = white-c*white-scale
1227 * To handle this the inverse transformation makes an arbitrary assumption
1228 * about white-scale:
1230 * Assume: white-Y = 1.0
1231 * Hence: white-scale = 1/white-y
1232 * Or: red-Y + green-Y + blue-Y = 1.0
1234 * Notice the last statement of the assumption gives an equation in three of
1235 * the nine values we want to calculate. 8 more equations come from the
1236 * above routine as summarised at the top above (the chromaticity
1239 * Given: color-x = color-X / (color-X + color-Y + color-Z)
1240 * Hence: (color-x - 1)*color-X + color.x*color-Y + color.x*color-Z = 0
1242 * This is 9 simultaneous equations in the 9 variables "color-C" and can be
1243 * solved by Cramer's rule. Cramer's rule requires calculating 10 9x9 matrix
1244 * determinants, however this is not as bad as it seems because only 28 of
1245 * the total of 90 terms in the various matrices are non-zero. Nevertheless
1246 * Cramer's rule is notoriously numerically unstable because the determinant
1247 * calculation involves the difference of large, but similar, numbers. It is
1248 * difficult to be sure that the calculation is stable for real world values
1249 * and it is certain that it becomes unstable where the end points are close
1252 * So this code uses the perhaps slightly less optimal but more
1253 * understandable and totally obvious approach of calculating color-scale.
1255 * This algorithm depends on the precision in white-scale and that is
1256 * (1/white-y), so we can immediately see that as white-y approaches 0 the
1257 * accuracy inherent in the cHRM chunk drops off substantially.
1259 * libpng arithmetic: a simple invertion of the above equations
1260 * ------------------------------------------------------------
1262 * white_scale = 1/white-y
1263 * white-X = white-x * white-scale
1265 * white-Z = (1 - white-x - white-y) * white_scale
1267 * white-C = red-C + green-C + blue-C
1268 * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
1270 * This gives us three equations in (red-scale,green-scale,blue-scale) where
1271 * all the coefficients are now known:
1273 * red-x*red-scale + green-x*green-scale + blue-x*blue-scale
1275 * red-y*red-scale + green-y*green-scale + blue-y*blue-scale = 1
1276 * red-z*red-scale + green-z*green-scale + blue-z*blue-scale
1277 * = (1 - white-x - white-y)/white-y
1279 * In the last equation color-z is (1 - color-x - color-y) so we can add all
1280 * three equations together to get an alternative third:
1282 * red-scale + green-scale + blue-scale = 1/white-y = white-scale
1284 * So now we have a Cramer's rule solution where the determinants are just
1285 * 3x3 - far more tractible. Unfortunately 3x3 determinants still involve
1286 * multiplication of three coefficients so we can't guarantee to avoid
1287 * overflow in the libpng fixed point representation. Using Cramer's rule in
1288 * floating point is probably a good choice here, but it's not an option for
1289 * fixed point. Instead proceed to simplify the first two equations by
1290 * eliminating what is likely to be the largest value, blue-scale:
1292 * blue-scale = white-scale - red-scale - green-scale
1296 * (red-x - blue-x)*red-scale + (green-x - blue-x)*green-scale =
1297 * (white-x - blue-x)*white-scale
1299 * (red-y - blue-y)*red-scale + (green-y - blue-y)*green-scale =
1300 * 1 - blue-y*white-scale
1302 * And now we can trivially solve for (red-scale,green-scale):
1305 * (white-x - blue-x)*white-scale - (red-x - blue-x)*red-scale
1306 * -----------------------------------------------------------
1310 * 1 - blue-y*white-scale - (green-y - blue-y) * green-scale
1311 * ---------------------------------------------------------
1317 * ( (green-x - blue-x) * (white-y - blue-y) -
1318 * (green-y - blue-y) * (white-x - blue-x) ) / white-y
1319 * -------------------------------------------------------------------------
1320 * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
1323 * ( (red-y - blue-y) * (white-x - blue-x) -
1324 * (red-x - blue-x) * (white-y - blue-y) ) / white-y
1325 * -------------------------------------------------------------------------
1326 * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
1329 * The input values have 5 decimal digits of accuracy. The values are all in
1330 * the range 0 < value < 1, so simple products are in the same range but may
1331 * need up to 10 decimal digits to preserve the original precision and avoid
1332 * underflow. Because we are using a 32-bit signed representation we cannot
1333 * match this; the best is a little over 9 decimal digits, less than 10.
1335 * The approach used here is to preserve the maximum precision within the
1336 * signed representation. Because the red-scale calculation above uses the
1337 * difference between two products of values that must be in the range -1..+1
1338 * it is sufficient to divide the product by 7; ceil(100,000/32767*2). The
1339 * factor is irrelevant in the calculation because it is applied to both
1340 * numerator and denominator.
1342 * Note that the values of the differences of the products of the
1343 * chromaticities in the above equations tend to be small, for example for
1344 * the sRGB chromaticities they are:
1346 * red numerator: -0.04751
1347 * green numerator: -0.08788
1348 * denominator: -0.2241 (without white-y multiplication)
1350 * The resultant Y coefficients from the chromaticities of some widely used
1351 * color space definitions are (to 15 decimal places):
1354 * 0.212639005871510 0.715168678767756 0.072192315360734
1356 * 0.288071128229293 0.711843217810102 0.000085653960605
1358 * 0.297344975250536 0.627363566255466 0.075291458493998
1359 * Adobe Wide Gamut RGB
1360 * 0.258728243040113 0.724682314948566 0.016589442011321
1362 /* By the argument, above overflow should be impossible here. The return
1363 * value of 2 indicates an internal error to the caller.
1365 if (!png_muldiv(&left, xy->greenx-xy->bluex, xy->redy - xy->bluey, 7))
1367 if (!png_muldiv(&right, xy->greeny-xy->bluey, xy->redx - xy->bluex, 7))
1369 denominator = left - right;
1371 /* Now find the red numerator. */
1372 if (!png_muldiv(&left, xy->greenx-xy->bluex, xy->whitey-xy->bluey, 7))
1374 if (!png_muldiv(&right, xy->greeny-xy->bluey, xy->whitex-xy->bluex, 7))
1377 /* Overflow is possible here and it indicates an extreme set of PNG cHRM
1378 * chunk values. This calculation actually returns the reciprocal of the
1379 * scale value because this allows us to delay the multiplication of white-y
1380 * into the denominator, which tends to produce a small number.
1382 if (!png_muldiv(&red_inverse, xy->whitey, denominator, left-right) ||
1383 red_inverse <= xy->whitey /* r+g+b scales = white scale */)
1386 /* Similarly for green_inverse: */
1387 if (!png_muldiv(&left, xy->redy-xy->bluey, xy->whitex-xy->bluex, 7))
1389 if (!png_muldiv(&right, xy->redx-xy->bluex, xy->whitey-xy->bluey, 7))
1391 if (!png_muldiv(&green_inverse, xy->whitey, denominator, left-right) ||
1392 green_inverse <= xy->whitey)
1395 /* And the blue scale, the checks above guarantee this can't overflow but it
1396 * can still produce 0 for extreme cHRM values.
1398 blue_scale = png_reciprocal(xy->whitey) - png_reciprocal(red_inverse) -
1399 png_reciprocal(green_inverse);
1400 if (blue_scale <= 0) return 1;
1403 /* And fill in the png_XYZ: */
1404 if (!png_muldiv(&XYZ->red_X, xy->redx, PNG_FP_1, red_inverse)) return 1;
1405 if (!png_muldiv(&XYZ->red_Y, xy->redy, PNG_FP_1, red_inverse)) return 1;
1406 if (!png_muldiv(&XYZ->red_Z, PNG_FP_1 - xy->redx - xy->redy, PNG_FP_1,
1410 if (!png_muldiv(&XYZ->green_X, xy->greenx, PNG_FP_1, green_inverse)) return 1;
1411 if (!png_muldiv(&XYZ->green_Y, xy->greeny, PNG_FP_1, green_inverse)) return 1;
1412 if (!png_muldiv(&XYZ->green_Z, PNG_FP_1 - xy->greenx - xy->greeny, PNG_FP_1,
1416 if (!png_muldiv(&XYZ->blue_X, xy->bluex, blue_scale, PNG_FP_1)) return 1;
1417 if (!png_muldiv(&XYZ->blue_Y, xy->bluey, blue_scale, PNG_FP_1)) return 1;
1418 if (!png_muldiv(&XYZ->blue_Z, PNG_FP_1 - xy->bluex - xy->bluey, blue_scale,
1422 return 0; /*success*/
1426 png_XYZ_normalize(png_XYZ *XYZ)
1430 if (XYZ->red_Y < 0 || XYZ->green_Y < 0 || XYZ->blue_Y < 0 ||
1431 XYZ->red_X < 0 || XYZ->green_X < 0 || XYZ->blue_X < 0 ||
1432 XYZ->red_Z < 0 || XYZ->green_Z < 0 || XYZ->blue_Z < 0)
1435 /* Normalize by scaling so the sum of the end-point Y values is PNG_FP_1.
1436 * IMPLEMENTATION NOTE: ANSI requires signed overflow not to occur, therefore
1437 * relying on addition of two positive values producing a negative one is not
1441 if (0x7fffffff - Y < XYZ->green_X) return 1;
1443 if (0x7fffffff - Y < XYZ->blue_X) return 1;
1448 if (!png_muldiv(&XYZ->red_X, XYZ->red_X, PNG_FP_1, Y)) return 1;
1449 if (!png_muldiv(&XYZ->red_Y, XYZ->red_Y, PNG_FP_1, Y)) return 1;
1450 if (!png_muldiv(&XYZ->red_Z, XYZ->red_Z, PNG_FP_1, Y)) return 1;
1452 if (!png_muldiv(&XYZ->green_X, XYZ->green_X, PNG_FP_1, Y)) return 1;
1453 if (!png_muldiv(&XYZ->green_Y, XYZ->green_Y, PNG_FP_1, Y)) return 1;
1454 if (!png_muldiv(&XYZ->green_Z, XYZ->green_Z, PNG_FP_1, Y)) return 1;
1456 if (!png_muldiv(&XYZ->blue_X, XYZ->blue_X, PNG_FP_1, Y)) return 1;
1457 if (!png_muldiv(&XYZ->blue_Y, XYZ->blue_Y, PNG_FP_1, Y)) return 1;
1458 if (!png_muldiv(&XYZ->blue_Z, XYZ->blue_Z, PNG_FP_1, Y)) return 1;
1465 png_colorspace_endpoints_match(const png_xy *xy1, const png_xy *xy2, int delta)
1467 /* Allow an error of +/-0.01 (absolute value) on each chromaticity */
1468 return !(PNG_OUT_OF_RANGE(xy1->whitex, xy2->whitex,delta) ||
1469 PNG_OUT_OF_RANGE(xy1->whitey, xy2->whitey,delta) ||
1470 PNG_OUT_OF_RANGE(xy1->redx, xy2->redx, delta) ||
1471 PNG_OUT_OF_RANGE(xy1->redy, xy2->redy, delta) ||
1472 PNG_OUT_OF_RANGE(xy1->greenx, xy2->greenx,delta) ||
1473 PNG_OUT_OF_RANGE(xy1->greeny, xy2->greeny,delta) ||
1474 PNG_OUT_OF_RANGE(xy1->bluex, xy2->bluex, delta) ||
1475 PNG_OUT_OF_RANGE(xy1->bluey, xy2->bluey, delta));
1478 /* Added in libpng-1.6.0, a different check for the validity of a set of cHRM
1479 * chunk chromaticities. Earlier checks used to simply look for the overflow
1480 * condition (where the determinant of the matrix to solve for XYZ ends up zero
1481 * because the chromaticity values are not all distinct.) Despite this it is
1482 * theoretically possible to produce chromaticities that are apparently valid
1483 * but that rapidly degrade to invalid, potentially crashing, sets because of
1484 * arithmetic inaccuracies when calculations are performed on them. The new
1485 * check is to round-trip xy -> XYZ -> xy and then check that the result is
1486 * within a small percentage of the original.
1489 png_colorspace_check_xy(png_XYZ *XYZ, const png_xy *xy)
1494 /* As a side-effect this routine also returns the XYZ endpoints. */
1495 result = png_XYZ_from_xy(XYZ, xy);
1496 if (result) return result;
1498 result = png_xy_from_XYZ(&xy_test, XYZ);
1499 if (result) return result;
1501 if (png_colorspace_endpoints_match(xy, &xy_test,
1502 5/*actually, the math is pretty accurate*/))
1509 /* This is the check going the other way. The XYZ is modified to normalize it
1510 * (another side-effect) and the xy chromaticities are returned.
1513 png_colorspace_check_XYZ(png_xy *xy, png_XYZ *XYZ)
1518 result = png_XYZ_normalize(XYZ);
1519 if (result) return result;
1521 result = png_xy_from_XYZ(xy, XYZ);
1522 if (result) return result;
1525 return png_colorspace_check_xy(&XYZtemp, xy);
1528 /* Used to check for an endpoint match against sRGB */
1529 static const png_xy sRGB_xy = /* From ITU-R BT.709-3 */
1532 /* red */ 64000, 33000,
1533 /* green */ 30000, 60000,
1534 /* blue */ 15000, 6000,
1535 /* white */ 31270, 32900
1539 png_colorspace_set_xy_and_XYZ(png_const_structrp png_ptr,
1540 png_colorspacerp colorspace, const png_xy *xy, const png_XYZ *XYZ,
1543 if (colorspace->flags & PNG_COLORSPACE_INVALID)
1546 /* The consistency check is performed on the chromaticities; this factors out
1547 * variations because of the normalization (or not) of the end point Y
1550 if (preferred < 2 && (colorspace->flags & PNG_COLORSPACE_HAVE_ENDPOINTS))
1552 /* The end points must be reasonably close to any we already have. The
1553 * following allows an error of up to +/-.001
1555 if (!png_colorspace_endpoints_match(xy, &colorspace->end_points_xy, 100))
1557 colorspace->flags |= PNG_COLORSPACE_INVALID;
1558 png_benign_error(png_ptr, "inconsistent chromaticities");
1559 return 0; /* failed */
1562 /* Only overwrite with preferred values */
1564 return 1; /* ok, but no change */
1567 colorspace->end_points_xy = *xy;
1568 colorspace->end_points_XYZ = *XYZ;
1569 colorspace->flags |= PNG_COLORSPACE_HAVE_ENDPOINTS;
1571 /* The end points are normally quoted to two decimal digits, so allow +/-0.01
1574 if (png_colorspace_endpoints_match(xy, &sRGB_xy, 1000))
1575 colorspace->flags |= PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB;
1578 colorspace->flags &= PNG_COLORSPACE_CANCEL(
1579 PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB);
1581 return 2; /* ok and changed */
1585 png_colorspace_set_chromaticities(png_const_structrp png_ptr,
1586 png_colorspacerp colorspace, const png_xy *xy, int preferred)
1588 /* We must check the end points to ensure they are reasonable - in the past
1589 * color management systems have crashed as a result of getting bogus
1590 * colorant values, while this isn't the fault of libpng it is the
1591 * responsibility of libpng because PNG carries the bomb and libpng is in a
1592 * position to protect against it.
1596 switch (png_colorspace_check_xy(&XYZ, xy))
1598 case 0: /* success */
1599 return png_colorspace_set_xy_and_XYZ(png_ptr, colorspace, xy, &XYZ,
1603 /* We can't invert the chromaticities so we can't produce value XYZ
1604 * values. Likely as not a color management system will fail too.
1606 colorspace->flags |= PNG_COLORSPACE_INVALID;
1607 png_benign_error(png_ptr, "invalid chromaticities");
1611 /* libpng is broken; this should be a warning but if it happens we
1612 * want error reports so for the moment it is an error.
1614 colorspace->flags |= PNG_COLORSPACE_INVALID;
1615 png_error(png_ptr, "internal error checking chromaticities");
1619 return 0; /* failed */
1623 png_colorspace_set_endpoints(png_const_structrp png_ptr,
1624 png_colorspacerp colorspace, const png_XYZ *XYZ_in, int preferred)
1626 png_XYZ XYZ = *XYZ_in;
1629 switch (png_colorspace_check_XYZ(&xy, &XYZ))
1632 return png_colorspace_set_xy_and_XYZ(png_ptr, colorspace, &xy, &XYZ,
1636 /* End points are invalid. */
1637 colorspace->flags |= PNG_COLORSPACE_INVALID;
1638 png_benign_error(png_ptr, "invalid end points");
1642 colorspace->flags |= PNG_COLORSPACE_INVALID;
1643 png_error(png_ptr, "internal error checking chromaticities");
1647 return 0; /* failed */
1650 #if defined PNG_sRGB_SUPPORTED || defined PNG_iCCP_SUPPORTED
1651 /* Error message generation */
1653 png_icc_tag_char(png_uint_32 byte)
1656 if (byte >= 32 && byte <= 126)
1663 png_icc_tag_name(char *name, png_uint_32 tag)
1666 name[1] = png_icc_tag_char(tag >> 24);
1667 name[2] = png_icc_tag_char(tag >> 16);
1668 name[3] = png_icc_tag_char(tag >> 8);
1669 name[4] = png_icc_tag_char(tag );
1674 is_ICC_signature_char(png_alloc_size_t it)
1676 return it == 32 || (it >= 48 && it <= 57) || (it >= 65 && it <= 90) ||
1677 (it >= 97 && it <= 122);
1680 static int is_ICC_signature(png_alloc_size_t it)
1682 return is_ICC_signature_char(it >> 24) /* checks all the top bits */ &&
1683 is_ICC_signature_char((it >> 16) & 0xff) &&
1684 is_ICC_signature_char((it >> 8) & 0xff) &&
1685 is_ICC_signature_char(it & 0xff);
1689 png_icc_profile_error(png_const_structrp png_ptr, png_colorspacerp colorspace,
1690 png_const_charp name, png_alloc_size_t value, png_const_charp reason)
1693 char message[196]; /* see below for calculation */
1695 if (colorspace != NULL)
1696 colorspace->flags |= PNG_COLORSPACE_INVALID;
1698 pos = png_safecat(message, (sizeof message), 0, "profile '"); /* 9 chars */
1699 pos = png_safecat(message, pos+79, pos, name); /* Truncate to 79 chars */
1700 pos = png_safecat(message, (sizeof message), pos, "': "); /* +2 = 90 */
1701 if (is_ICC_signature(value))
1703 /* So 'value' is at most 4 bytes and the following cast is safe */
1704 png_icc_tag_name(message+pos, (png_uint_32)value);
1705 pos += 6; /* total +8; less than the else clause */
1706 message[pos++] = ':';
1707 message[pos++] = ' ';
1709 # ifdef PNG_WARNINGS_SUPPORTED
1712 char number[PNG_NUMBER_BUFFER_SIZE]; /* +24 = 114*/
1714 pos = png_safecat(message, (sizeof message), pos,
1715 png_format_number(number, number+(sizeof number),
1716 PNG_NUMBER_FORMAT_x, value));
1717 pos = png_safecat(message, (sizeof message), pos, "h: "); /*+2 = 116*/
1720 /* The 'reason' is an arbitrary message, allow +79 maximum 195 */
1721 pos = png_safecat(message, (sizeof message), pos, reason);
1723 /* This is recoverable, but make it unconditionally an app_error on write to
1724 * avoid writing invalid ICC profiles into PNG files. (I.e. we handle them
1725 * on read, with a warning, but on write unless the app turns off
1726 * application errors the PNG won't be written.)
1728 png_chunk_report(png_ptr, message,
1729 (colorspace != NULL) ? PNG_CHUNK_ERROR : PNG_CHUNK_WRITE_ERROR);
1733 #endif /* sRGB || iCCP */
1735 #ifdef PNG_sRGB_SUPPORTED
1737 png_colorspace_set_sRGB(png_const_structrp png_ptr, png_colorspacerp colorspace,
1740 /* sRGB sets known gamma, end points and (from the chunk) intent. */
1741 /* IMPORTANT: these are not necessarily the values found in an ICC profile
1742 * because ICC profiles store values adapted to a D50 environment; it is
1743 * expected that the ICC profile mediaWhitePointTag will be D50, see the
1744 * checks and code elsewhere to understand this better.
1746 * These XYZ values, which are accurate to 5dp, produce rgb to gray
1747 * coefficients of (6968,23435,2366), which are reduced (because they add up
1748 * to 32769 not 32768) to (6968,23434,2366). These are the values that
1749 * libpng has traditionally used (and are the best values given the 15bit
1750 * algorithm used by the rgb to gray code.)
1752 static const png_XYZ sRGB_XYZ = /* D65 XYZ (*not* the D50 adapted values!) */
1755 /* red */ 41239, 21264, 1933,
1756 /* green */ 35758, 71517, 11919,
1757 /* blue */ 18048, 7219, 95053
1760 /* Do nothing if the colorspace is already invalidated. */
1761 if (colorspace->flags & PNG_COLORSPACE_INVALID)
1764 /* Check the intent, then check for existing settings. It is valid for the
1765 * PNG file to have cHRM or gAMA chunks along with sRGB, but the values must
1766 * be consistent with the correct values. If, however, this function is
1767 * called below because an iCCP chunk matches sRGB then it is quite
1768 * conceivable that an older app recorded incorrect gAMA and cHRM because of
1769 * an incorrect calculation based on the values in the profile - this does
1770 * *not* invalidate the profile (though it still produces an error, which can
1773 if (intent < 0 || intent >= PNG_sRGB_INTENT_LAST)
1774 return png_icc_profile_error(png_ptr, colorspace, "sRGB",
1775 (unsigned)intent, "invalid sRGB rendering intent");
1777 if ((colorspace->flags & PNG_COLORSPACE_HAVE_INTENT) != 0 &&
1778 colorspace->rendering_intent != intent)
1779 return png_icc_profile_error(png_ptr, colorspace, "sRGB",
1780 (unsigned)intent, "inconsistent rendering intents");
1782 if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != 0)
1784 png_benign_error(png_ptr, "duplicate sRGB information ignored");
1788 /* If the standard sRGB cHRM chunk does not match the one from the PNG file
1789 * warn but overwrite the value with the correct one.
1791 if ((colorspace->flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != 0 &&
1792 !png_colorspace_endpoints_match(&sRGB_xy, &colorspace->end_points_xy,
1794 png_chunk_report(png_ptr, "cHRM chunk does not match sRGB",
1797 /* This check is just done for the error reporting - the routine always
1798 * returns true when the 'from' argument corresponds to sRGB (2).
1800 (void)png_colorspace_check_gamma(png_ptr, colorspace, PNG_GAMMA_sRGB_INVERSE,
1803 /* intent: bugs in GCC force 'int' to be used as the parameter type. */
1804 colorspace->rendering_intent = (png_uint_16)intent;
1805 colorspace->flags |= PNG_COLORSPACE_HAVE_INTENT;
1808 colorspace->end_points_xy = sRGB_xy;
1809 colorspace->end_points_XYZ = sRGB_XYZ;
1810 colorspace->flags |=
1811 (PNG_COLORSPACE_HAVE_ENDPOINTS|PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB);
1814 colorspace->gamma = PNG_GAMMA_sRGB_INVERSE;
1815 colorspace->flags |= PNG_COLORSPACE_HAVE_GAMMA;
1817 /* Finally record that we have an sRGB profile */
1818 colorspace->flags |=
1819 (PNG_COLORSPACE_MATCHES_sRGB|PNG_COLORSPACE_FROM_sRGB);
1825 #ifdef PNG_iCCP_SUPPORTED
1826 /* Encoded value of D50 as an ICC XYZNumber. From the ICC 2010 spec the value
1827 * is XYZ(0.9642,1.0,0.8249), which scales to:
1829 * (63189.8112, 65536, 54060.6464)
1831 static const png_byte D50_nCIEXYZ[12] =
1832 { 0x00, 0x00, 0xf6, 0xd6, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0xd3, 0x2d };
1835 png_icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace,
1836 png_const_charp name, png_uint_32 profile_length)
1838 if (profile_length < 132)
1839 return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
1842 if (profile_length & 3)
1843 return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
1850 png_icc_check_header(png_const_structrp png_ptr, png_colorspacerp colorspace,
1851 png_const_charp name, png_uint_32 profile_length,
1852 png_const_bytep profile/* first 132 bytes only */, int color_type)
1856 /* Length check; this cannot be ignored in this code because profile_length
1857 * is used later to check the tag table, so even if the profile seems over
1858 * long profile_length from the caller must be correct. The caller can fix
1859 * this up on read or write by just passing in the profile header length.
1861 temp = png_get_uint_32(profile);
1862 if (temp != profile_length)
1863 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1864 "length does not match profile");
1866 temp = png_get_uint_32(profile+128); /* tag count: 12 bytes/tag */
1867 if (temp > 357913930 || /* (2^32-4-132)/12: maxium possible tag count */
1868 profile_length < 132+12*temp) /* truncated tag table */
1869 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1870 "tag count too large");
1872 /* The 'intent' must be valid or we can't store it, ICC limits the intent to
1875 temp = png_get_uint_32(profile+64);
1876 if (temp >= 0xffff) /* The ICC limit */
1877 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1878 "invalid rendering intent");
1880 /* This is just a warning because the profile may be valid in future
1883 if (temp >= PNG_sRGB_INTENT_LAST)
1884 (void)png_icc_profile_error(png_ptr, NULL, name, temp,
1885 "intent outside defined range");
1887 /* At this point the tag table can't be checked because it hasn't necessarily
1888 * been loaded; however, various header fields can be checked. These checks
1889 * are for values permitted by the PNG spec in an ICC profile; the PNG spec
1890 * restricts the profiles that can be passed in an iCCP chunk (they must be
1891 * appropriate to processing PNG data!)
1894 /* Data checks (could be skipped). These checks must be independent of the
1895 * version number; however, the version number doesn't accomodate changes in
1896 * the header fields (just the known tags and the interpretation of the
1899 temp = png_get_uint_32(profile+36); /* signature 'ascp' */
1900 if (temp != 0x61637370)
1901 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1902 "invalid signature");
1904 /* Currently the PCS illuminant/adopted white point (the computational
1905 * white point) are required to be D50,
1906 * however the profile contains a record of the illuminant so perhaps ICC
1907 * expects to be able to change this in the future (despite the rationale in
1908 * the introduction for using a fixed PCS adopted white.) Consequently the
1909 * following is just a warning.
1911 if (memcmp(profile+68, D50_nCIEXYZ, 12) != 0)
1912 (void)png_icc_profile_error(png_ptr, NULL, name, 0/*no tag value*/,
1913 "PCS illuminant is not D50");
1915 /* The PNG spec requires this:
1916 * "If the iCCP chunk is present, the image samples conform to the colour
1917 * space represented by the embedded ICC profile as defined by the
1918 * International Color Consortium [ICC]. The colour space of the ICC profile
1919 * shall be an RGB colour space for colour images (PNG colour types 2, 3, and
1920 * 6), or a greyscale colour space for greyscale images (PNG colour types 0
1923 * This checking code ensures the embedded profile (on either read or write)
1924 * conforms to the specification requirements. Notice that an ICC 'gray'
1925 * color-space profile contains the information to transform the monochrome
1926 * data to XYZ or L*a*b (according to which PCS the profile uses) and this
1927 * should be used in preference to the standard libpng K channel replication
1928 * into R, G and B channels.
1930 * Previously it was suggested that an RGB profile on grayscale data could be
1931 * handled. However it it is clear that using an RGB profile in this context
1932 * must be an error - there is no specification of what it means. Thus it is
1933 * almost certainly more correct to ignore the profile.
1935 temp = png_get_uint_32(profile+16); /* data colour space field */
1938 case 0x52474220: /* 'RGB ' */
1939 if (!(color_type & PNG_COLOR_MASK_COLOR))
1940 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1941 "RGB color space not permitted on grayscale PNG");
1944 case 0x47524159: /* 'GRAY' */
1945 if (color_type & PNG_COLOR_MASK_COLOR)
1946 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1947 "Gray color space not permitted on RGB PNG");
1951 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1952 "invalid ICC profile color space");
1955 /* It is up to the application to check that the profile class matches the
1956 * application requirements; the spec provides no guidance, but it's pretty
1957 * weird if the profile is not scanner ('scnr'), monitor ('mntr'), printer
1958 * ('prtr') or 'spac' (for generic color spaces). Issue a warning in these
1959 * cases. Issue an error for device link or abstract profiles - these don't
1960 * contain the records necessary to transform the color-space to anything
1961 * other than the target device (and not even that for an abstract profile).
1962 * Profiles of these classes may not be embedded in images.
1964 temp = png_get_uint_32(profile+12); /* profile/device class */
1967 case 0x73636E72: /* 'scnr' */
1968 case 0x6D6E7472: /* 'mntr' */
1969 case 0x70727472: /* 'prtr' */
1970 case 0x73706163: /* 'spac' */
1974 case 0x61627374: /* 'abst' */
1975 /* May not be embedded in an image */
1976 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1977 "invalid embedded Abstract ICC profile");
1979 case 0x6C696E6B: /* 'link' */
1980 /* DeviceLink profiles cannnot be interpreted in a non-device specific
1981 * fashion, if an app uses the AToB0Tag in the profile the results are
1982 * undefined unless the result is sent to the intended device,
1983 * therefore a DeviceLink profile should not be found embedded in a
1986 return png_icc_profile_error(png_ptr, colorspace, name, temp,
1987 "unexpected DeviceLink ICC profile class");
1989 case 0x6E6D636C: /* 'nmcl' */
1990 /* A NamedColor profile is also device specific, however it doesn't
1991 * contain an AToB0 tag that is open to misintrepretation. Almost
1992 * certainly it will fail the tests below.
1994 (void)png_icc_profile_error(png_ptr, NULL, name, temp,
1995 "unexpected NamedColor ICC profile class");
1999 /* To allow for future enhancements to the profile accept unrecognized
2000 * profile classes with a warning, these then hit the test below on the
2001 * tag content to ensure they are backward compatible with one of the
2002 * understood profiles.
2004 (void)png_icc_profile_error(png_ptr, NULL, name, temp,
2005 "unrecognized ICC profile class");
2009 /* For any profile other than a device link one the PCS must be encoded
2010 * either in XYZ or Lab.
2012 temp = png_get_uint_32(profile+20);
2015 case 0x58595A20: /* 'XYZ ' */
2016 case 0x4C616220: /* 'Lab ' */
2020 return png_icc_profile_error(png_ptr, colorspace, name, temp,
2021 "unexpected ICC PCS encoding");
2028 png_icc_check_tag_table(png_const_structrp png_ptr, png_colorspacerp colorspace,
2029 png_const_charp name, png_uint_32 profile_length,
2030 png_const_bytep profile /* header plus whole tag table */)
2032 png_uint_32 tag_count = png_get_uint_32(profile+128);
2034 png_const_bytep tag = profile+132; /* The first tag */
2036 /* First scan all the tags in the table and add bits to the icc_info value
2037 * (temporarily in 'tags').
2039 for (itag=0; itag < tag_count; ++itag, tag += 12)
2041 png_uint_32 tag_id = png_get_uint_32(tag+0);
2042 png_uint_32 tag_start = png_get_uint_32(tag+4); /* must be aligned */
2043 png_uint_32 tag_length = png_get_uint_32(tag+8);/* not padded */
2045 /* The ICC specification does not exclude zero length tags, therefore the
2046 * start might actually be anywhere if there is no data, but this would be
2047 * a clear abuse of the intent of the standard so the start is checked for
2048 * being in range. All defined tag types have an 8 byte header - a 4 byte
2049 * type signature then 0.
2051 if ((tag_start & 3) != 0)
2053 /* CNHP730S.icc shipped with Microsoft Windows 64 violates this, it is
2054 * only a warning here because libpng does not care about the
2057 (void)png_icc_profile_error(png_ptr, NULL, name, tag_id,
2058 "ICC profile tag start not a multiple of 4");
2061 /* This is a hard error; potentially it can cause read outside the
2064 if (tag_start > profile_length || tag_length > profile_length - tag_start)
2065 return png_icc_profile_error(png_ptr, colorspace, name, tag_id,
2066 "ICC profile tag outside profile");
2069 return 1; /* success, maybe with warnings */
2072 #ifdef PNG_sRGB_SUPPORTED
2073 /* Information about the known ICC sRGB profiles */
2076 png_uint_32 adler, crc, length;
2082 # define PNG_MD5(a,b,c,d) { a, b, c, d }, (a!=0)||(b!=0)||(c!=0)||(d!=0)
2083 # define PNG_ICC_CHECKSUM(adler, crc, md5, intent, broke, date, length, fname)\
2084 { adler, crc, length, md5, broke, intent },
2086 } png_sRGB_checks[] =
2088 /* This data comes from contrib/tools/checksum-icc run on downloads of
2089 * all four ICC sRGB profiles from www.color.org.
2091 /* adler32, crc32, MD5[4], intent, date, length, file-name */
2092 PNG_ICC_CHECKSUM(0x0a3fd9f6, 0x3b8772b9,
2093 PNG_MD5(0x29f83dde, 0xaff255ae, 0x7842fae4, 0xca83390d), 0, 0,
2094 "2009/03/27 21:36:31", 3048, "sRGB_IEC61966-2-1_black_scaled.icc")
2096 /* ICC sRGB v2 perceptual no black-compensation: */
2097 PNG_ICC_CHECKSUM(0x4909e5e1, 0x427ebb21,
2098 PNG_MD5(0xc95bd637, 0xe95d8a3b, 0x0df38f99, 0xc1320389), 1, 0,
2099 "2009/03/27 21:37:45", 3052, "sRGB_IEC61966-2-1_no_black_scaling.icc")
2101 PNG_ICC_CHECKSUM(0xfd2144a1, 0x306fd8ae,
2102 PNG_MD5(0xfc663378, 0x37e2886b, 0xfd72e983, 0x8228f1b8), 0, 0,
2103 "2009/08/10 17:28:01", 60988, "sRGB_v4_ICC_preference_displayclass.icc")
2105 /* ICC sRGB v4 perceptual */
2106 PNG_ICC_CHECKSUM(0x209c35d2, 0xbbef7812,
2107 PNG_MD5(0x34562abf, 0x994ccd06, 0x6d2c5721, 0xd0d68c5d), 0, 0,
2108 "2007/07/25 00:05:37", 60960, "sRGB_v4_ICC_preference.icc")
2110 /* The following profiles have no known MD5 checksum. If there is a match
2111 * on the (empty) MD5 the other fields are used to attempt a match and
2112 * a warning is produced. The first two of these profiles have a 'cprt' tag
2113 * which suggests that they were also made by Hewlett Packard.
2115 PNG_ICC_CHECKSUM(0xa054d762, 0x5d5129ce,
2116 PNG_MD5(0x00000000, 0x00000000, 0x00000000, 0x00000000), 1, 0,
2117 "2004/07/21 18:57:42", 3024, "sRGB_IEC61966-2-1_noBPC.icc")
2119 /* This is a 'mntr' (display) profile with a mediaWhitePointTag that does not
2120 * match the D50 PCS illuminant in the header (it is in fact the D65 values,
2121 * so the white point is recorded as the un-adapted value.) The profiles
2122 * below only differ in one byte - the intent - and are basically the same as
2123 * the previous profile except for the mediaWhitePointTag error and a missing
2124 * chromaticAdaptationTag.
2126 PNG_ICC_CHECKSUM(0xf784f3fb, 0x182ea552,
2127 PNG_MD5(0x00000000, 0x00000000, 0x00000000, 0x00000000), 0, 1/*broken*/,
2128 "1998/02/09 06:49:00", 3144, "HP-Microsoft sRGB v2 perceptual")
2130 PNG_ICC_CHECKSUM(0x0398f3fcUL, 0xf29e526dUL,
2131 PNG_MD5(0x00000000, 0x00000000, 0x00000000, 0x00000000), 1, 1/*broken*/,
2132 "1998/02/09 06:49:00", 3144, "HP-Microsoft sRGB v2 media-relative")
2136 png_compare_ICC_profile_with_sRGB(png_const_structrp png_ptr,
2137 png_const_bytep profile, uLong adler)
2139 /* The quick check is to verify just the MD5 signature and trust the
2140 * rest of the data. Because the profile has already been verified for
2141 * correctness this is safe. png_colorspace_set_sRGB will check the 'intent'
2142 * field too, so if the profile has been edited with an intent not defined
2143 * by sRGB (but maybe defined by a later ICC specification) the read of
2144 * the profile will fail at that point.
2146 png_uint_32 length = 0;
2147 png_uint_32 intent = 0x10000; /* invalid */
2148 #if PNG_sRGB_PROFILE_CHECKS > 1
2149 uLong crc = 0; /* the value for 0 length data */
2153 for (i=0; i < (sizeof png_sRGB_checks) / (sizeof png_sRGB_checks[0]); ++i)
2155 if (png_get_uint_32(profile+84) == png_sRGB_checks[i].md5[0] &&
2156 png_get_uint_32(profile+88) == png_sRGB_checks[i].md5[1] &&
2157 png_get_uint_32(profile+92) == png_sRGB_checks[i].md5[2] &&
2158 png_get_uint_32(profile+96) == png_sRGB_checks[i].md5[3])
2160 /* This may be one of the old HP profiles without an MD5, in that
2161 * case we can only use the length and Adler32 (note that these
2162 * are not used by default if there is an MD5!)
2164 # if PNG_sRGB_PROFILE_CHECKS == 0
2165 if (png_sRGB_checks[i].have_md5)
2166 return 1+png_sRGB_checks[i].is_broken;
2169 /* Profile is unsigned or more checks have been configured in. */
2172 length = png_get_uint_32(profile);
2173 intent = png_get_uint_32(profile+64);
2176 /* Length *and* intent must match */
2177 if (length == png_sRGB_checks[i].length &&
2178 intent == png_sRGB_checks[i].intent)
2180 /* Now calculate the alder32 if not done already. */
2183 adler = adler32(0, NULL, 0);
2184 adler = adler32(adler, profile, length);
2187 if (adler == png_sRGB_checks[i].adler)
2189 /* These basic checks suggest that the data has not been
2190 * modified, but if the check level is more than 1 perform
2191 * our own crc32 checksum on the data.
2193 # if PNG_sRGB_PROFILE_CHECKS > 1
2196 crc = crc32(0, NULL, 0);
2197 crc = crc32(crc, profile, length);
2200 /* So this check must pass for the 'return' below to happen.
2202 if (crc == png_sRGB_checks[i].crc)
2205 if (png_sRGB_checks[i].is_broken)
2207 /* These profiles are known to have bad data that may cause
2208 * problems if they are used, therefore attempt to
2209 * discourage their use, skip the 'have_md5' warning below,
2210 * which is made irrelevant by this error.
2212 png_chunk_report(png_ptr, "known incorrect sRGB profile",
2216 /* Warn that this being done; this isn't even an error since
2217 * the profile is perfectly valid, but it would be nice if
2218 * people used the up-to-date ones.
2220 else if (!png_sRGB_checks[i].have_md5)
2222 png_chunk_report(png_ptr,
2223 "out-of-date sRGB profile with no signature",
2227 return 1+png_sRGB_checks[i].is_broken;
2232 # if PNG_sRGB_PROFILE_CHECKS > 0
2233 /* The signature matched, but the profile had been changed in some
2234 * way. This is an apparent violation of the ICC terms of use and,
2235 * anyway, probably indicates a data error or uninformed hacking.
2237 if (png_sRGB_checks[i].have_md5)
2238 png_benign_error(png_ptr,
2239 "copyright violation: edited ICC profile ignored");
2244 return 0; /* no match */
2248 #ifdef PNG_sRGB_SUPPORTED
2250 png_icc_set_sRGB(png_const_structrp png_ptr,
2251 png_colorspacerp colorspace, png_const_bytep profile, uLong adler)
2253 /* Is this profile one of the known ICC sRGB profiles? If it is, just set
2254 * the sRGB information.
2256 if (png_compare_ICC_profile_with_sRGB(png_ptr, profile, adler))
2257 (void)png_colorspace_set_sRGB(png_ptr, colorspace,
2258 (int)/*already checked*/png_get_uint_32(profile+64));
2260 #endif /* PNG_READ_sRGB_SUPPORTED */
2263 png_colorspace_set_ICC(png_const_structrp png_ptr, png_colorspacerp colorspace,
2264 png_const_charp name, png_uint_32 profile_length, png_const_bytep profile,
2267 if (colorspace->flags & PNG_COLORSPACE_INVALID)
2270 if (png_icc_check_length(png_ptr, colorspace, name, profile_length) &&
2271 png_icc_check_header(png_ptr, colorspace, name, profile_length, profile,
2273 png_icc_check_tag_table(png_ptr, colorspace, name, profile_length,
2276 png_icc_set_sRGB(png_ptr, colorspace, profile, 0);
2285 #ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED
2287 png_colorspace_set_rgb_coefficients(png_structrp png_ptr)
2289 /* Set the rgb_to_gray coefficients from the colorspace. */
2290 if (!png_ptr->rgb_to_gray_coefficients_set &&
2291 (png_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != 0)
2293 /* png_set_background has not been called, get the coefficients from the Y
2294 * values of the colorspace colorants.
2296 png_fixed_point r = png_ptr->colorspace.end_points_XYZ.red_Y;
2297 png_fixed_point g = png_ptr->colorspace.end_points_XYZ.green_Y;
2298 png_fixed_point b = png_ptr->colorspace.end_points_XYZ.blue_Y;
2299 png_fixed_point total = r+g+b;
2302 r >= 0 && png_muldiv(&r, r, 32768, total) && r >= 0 && r <= 32768 &&
2303 g >= 0 && png_muldiv(&g, g, 32768, total) && g >= 0 && g <= 32768 &&
2304 b >= 0 && png_muldiv(&b, b, 32768, total) && b >= 0 && b <= 32768 &&
2307 /* We allow 0 coefficients here. r+g+b may be 32769 if two or
2308 * all of the coefficients were rounded up. Handle this by
2309 * reducing the *largest* coefficient by 1; this matches the
2310 * approach used for the default coefficients in pngrtran.c
2316 else if (r+g+b < 32768)
2321 if (g >= r && g >= b)
2323 else if (r >= g && r >= b)
2329 /* Check for an internal error. */
2332 "internal error handling cHRM coefficients");
2336 png_ptr->rgb_to_gray_red_coeff = (png_uint_16)r;
2337 png_ptr->rgb_to_gray_green_coeff = (png_uint_16)g;
2341 /* This is a png_error at present even though it could be ignored -
2342 * it should never happen, but it is important that if it does, the
2346 png_error(png_ptr, "internal error handling cHRM->XYZ");
2351 #endif /* COLORSPACE */
2354 png_check_IHDR(png_const_structrp png_ptr,
2355 png_uint_32 width, png_uint_32 height, int bit_depth,
2356 int color_type, int interlace_type, int compression_type,
2361 /* Check for width and height valid values */
2364 png_warning(png_ptr, "Image width is zero in IHDR");
2370 png_warning(png_ptr, "Image height is zero in IHDR");
2374 # ifdef PNG_SET_USER_LIMITS_SUPPORTED
2375 if (width > png_ptr->user_width_max)
2378 if (width > PNG_USER_WIDTH_MAX)
2381 png_warning(png_ptr, "Image width exceeds user limit in IHDR");
2385 # ifdef PNG_SET_USER_LIMITS_SUPPORTED
2386 if (height > png_ptr->user_height_max)
2388 if (height > PNG_USER_HEIGHT_MAX)
2391 png_warning(png_ptr, "Image height exceeds user limit in IHDR");
2395 if (width > PNG_UINT_31_MAX)
2397 png_warning(png_ptr, "Invalid image width in IHDR");
2401 if (height > PNG_UINT_31_MAX)
2403 png_warning(png_ptr, "Invalid image height in IHDR");
2407 if (width > (PNG_UINT_32_MAX
2408 >> 3) /* 8-byte RGBA pixels */
2409 - 48 /* bigrowbuf hack */
2410 - 1 /* filter byte */
2411 - 7*8 /* rounding of width to multiple of 8 pixels */
2412 - 8) /* extra max_pixel_depth pad */
2413 png_warning(png_ptr, "Width is too large for libpng to process pixels");
2415 /* Check other values */
2416 if (bit_depth != 1 && bit_depth != 2 && bit_depth != 4 &&
2417 bit_depth != 8 && bit_depth != 16)
2419 png_warning(png_ptr, "Invalid bit depth in IHDR");
2423 if (color_type < 0 || color_type == 1 ||
2424 color_type == 5 || color_type > 6)
2426 png_warning(png_ptr, "Invalid color type in IHDR");
2430 if (((color_type == PNG_COLOR_TYPE_PALETTE) && bit_depth > 8) ||
2431 ((color_type == PNG_COLOR_TYPE_RGB ||
2432 color_type == PNG_COLOR_TYPE_GRAY_ALPHA ||
2433 color_type == PNG_COLOR_TYPE_RGB_ALPHA) && bit_depth < 8))
2435 png_warning(png_ptr, "Invalid color type/bit depth combination in IHDR");
2439 if (interlace_type >= PNG_INTERLACE_LAST)
2441 png_warning(png_ptr, "Unknown interlace method in IHDR");
2445 if (compression_type != PNG_COMPRESSION_TYPE_BASE)
2447 png_warning(png_ptr, "Unknown compression method in IHDR");
2451 # ifdef PNG_MNG_FEATURES_SUPPORTED
2452 /* Accept filter_method 64 (intrapixel differencing) only if
2453 * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and
2454 * 2. Libpng did not read a PNG signature (this filter_method is only
2455 * used in PNG datastreams that are embedded in MNG datastreams) and
2456 * 3. The application called png_permit_mng_features with a mask that
2457 * included PNG_FLAG_MNG_FILTER_64 and
2458 * 4. The filter_method is 64 and
2459 * 5. The color_type is RGB or RGBA
2461 if ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) &&
2462 png_ptr->mng_features_permitted)
2463 png_warning(png_ptr, "MNG features are not allowed in a PNG datastream");
2465 if (filter_type != PNG_FILTER_TYPE_BASE)
2467 if (!((png_ptr->mng_features_permitted & PNG_FLAG_MNG_FILTER_64) &&
2468 (filter_type == PNG_INTRAPIXEL_DIFFERENCING) &&
2469 ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) == 0) &&
2470 (color_type == PNG_COLOR_TYPE_RGB ||
2471 color_type == PNG_COLOR_TYPE_RGB_ALPHA)))
2473 png_warning(png_ptr, "Unknown filter method in IHDR");
2477 if (png_ptr->mode & PNG_HAVE_PNG_SIGNATURE)
2479 png_warning(png_ptr, "Invalid filter method in IHDR");
2485 if (filter_type != PNG_FILTER_TYPE_BASE)
2487 png_warning(png_ptr, "Unknown filter method in IHDR");
2493 png_error(png_ptr, "Invalid IHDR data");
2496 #if defined(PNG_sCAL_SUPPORTED) || defined(PNG_pCAL_SUPPORTED)
2497 /* ASCII to fp functions */
2498 /* Check an ASCII formated floating point value, see the more detailed
2499 * comments in pngpriv.h
2501 /* The following is used internally to preserve the sticky flags */
2502 #define png_fp_add(state, flags) ((state) |= (flags))
2503 #define png_fp_set(state, value) ((state) = (value) | ((state) & PNG_FP_STICKY))
2506 png_check_fp_number(png_const_charp string, png_size_t size, int *statep,
2507 png_size_tp whereami)
2509 int state = *statep;
2510 png_size_t i = *whereami;
2515 /* First find the type of the next character */
2518 case 43: type = PNG_FP_SAW_SIGN; break;
2519 case 45: type = PNG_FP_SAW_SIGN + PNG_FP_NEGATIVE; break;
2520 case 46: type = PNG_FP_SAW_DOT; break;
2521 case 48: type = PNG_FP_SAW_DIGIT; break;
2522 case 49: case 50: case 51: case 52:
2523 case 53: case 54: case 55: case 56:
2524 case 57: type = PNG_FP_SAW_DIGIT + PNG_FP_NONZERO; break;
2526 case 101: type = PNG_FP_SAW_E; break;
2527 default: goto PNG_FP_End;
2530 /* Now deal with this type according to the current
2531 * state, the type is arranged to not overlap the
2532 * bits of the PNG_FP_STATE.
2534 switch ((state & PNG_FP_STATE) + (type & PNG_FP_SAW_ANY))
2536 case PNG_FP_INTEGER + PNG_FP_SAW_SIGN:
2537 if (state & PNG_FP_SAW_ANY)
2538 goto PNG_FP_End; /* not a part of the number */
2540 png_fp_add(state, type);
2543 case PNG_FP_INTEGER + PNG_FP_SAW_DOT:
2544 /* Ok as trailer, ok as lead of fraction. */
2545 if (state & PNG_FP_SAW_DOT) /* two dots */
2548 else if (state & PNG_FP_SAW_DIGIT) /* trailing dot? */
2549 png_fp_add(state, type);
2552 png_fp_set(state, PNG_FP_FRACTION | type);
2556 case PNG_FP_INTEGER + PNG_FP_SAW_DIGIT:
2557 if (state & PNG_FP_SAW_DOT) /* delayed fraction */
2558 png_fp_set(state, PNG_FP_FRACTION | PNG_FP_SAW_DOT);
2560 png_fp_add(state, type | PNG_FP_WAS_VALID);
2564 case PNG_FP_INTEGER + PNG_FP_SAW_E:
2565 if ((state & PNG_FP_SAW_DIGIT) == 0)
2568 png_fp_set(state, PNG_FP_EXPONENT);
2572 /* case PNG_FP_FRACTION + PNG_FP_SAW_SIGN:
2573 goto PNG_FP_End; ** no sign in fraction */
2575 /* case PNG_FP_FRACTION + PNG_FP_SAW_DOT:
2576 goto PNG_FP_End; ** Because SAW_DOT is always set */
2578 case PNG_FP_FRACTION + PNG_FP_SAW_DIGIT:
2579 png_fp_add(state, type | PNG_FP_WAS_VALID);
2582 case PNG_FP_FRACTION + PNG_FP_SAW_E:
2583 /* This is correct because the trailing '.' on an
2584 * integer is handled above - so we can only get here
2585 * with the sequence ".E" (with no preceding digits).
2587 if ((state & PNG_FP_SAW_DIGIT) == 0)
2590 png_fp_set(state, PNG_FP_EXPONENT);
2594 case PNG_FP_EXPONENT + PNG_FP_SAW_SIGN:
2595 if (state & PNG_FP_SAW_ANY)
2596 goto PNG_FP_End; /* not a part of the number */
2598 png_fp_add(state, PNG_FP_SAW_SIGN);
2602 /* case PNG_FP_EXPONENT + PNG_FP_SAW_DOT:
2605 case PNG_FP_EXPONENT + PNG_FP_SAW_DIGIT:
2606 png_fp_add(state, PNG_FP_SAW_DIGIT | PNG_FP_WAS_VALID);
2610 /* case PNG_FP_EXPONEXT + PNG_FP_SAW_E:
2613 default: goto PNG_FP_End; /* I.e. break 2 */
2616 /* The character seems ok, continue. */
2621 /* Here at the end, update the state and return the correct
2627 return (state & PNG_FP_SAW_DIGIT) != 0;
2631 /* The same but for a complete string. */
2633 png_check_fp_string(png_const_charp string, png_size_t size)
2636 png_size_t char_index=0;
2638 if (png_check_fp_number(string, size, &state, &char_index) &&
2639 (char_index == size || string[char_index] == 0))
2640 return state /* must be non-zero - see above */;
2642 return 0; /* i.e. fail */
2644 #endif /* pCAL or sCAL */
2646 #ifdef PNG_sCAL_SUPPORTED
2647 # ifdef PNG_FLOATING_POINT_SUPPORTED
2648 /* Utility used below - a simple accurate power of ten from an integral
2652 png_pow10(int power)
2657 /* Handle negative exponent with a reciprocal at the end because
2658 * 10 is exact whereas .1 is inexact in base 2
2662 if (power < DBL_MIN_10_EXP) return 0;
2663 recip = 1, power = -power;
2668 /* Decompose power bitwise. */
2672 if (power & 1) d *= mult;
2680 /* else power is 0 and d is 1 */
2685 /* Function to format a floating point value in ASCII with a given
2689 png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, png_size_t size,
2690 double fp, unsigned int precision)
2692 /* We use standard functions from math.h, but not printf because
2693 * that would require stdio. The caller must supply a buffer of
2694 * sufficient size or we will png_error. The tests on size and
2695 * the space in ascii[] consumed are indicated below.
2698 precision = DBL_DIG;
2700 /* Enforce the limit of the implementation precision too. */
2701 if (precision > DBL_DIG+1)
2702 precision = DBL_DIG+1;
2704 /* Basic sanity checks */
2705 if (size >= precision+5) /* See the requirements below. */
2710 *ascii++ = 45; /* '-' PLUS 1 TOTAL 1 */
2714 if (fp >= DBL_MIN && fp <= DBL_MAX)
2716 int exp_b10; /* A base 10 exponent */
2717 double base; /* 10^exp_b10 */
2719 /* First extract a base 10 exponent of the number,
2720 * the calculation below rounds down when converting
2721 * from base 2 to base 10 (multiply by log10(2) -
2722 * 0.3010, but 77/256 is 0.3008, so exp_b10 needs to
2723 * be increased. Note that the arithmetic shift
2724 * performs a floor() unlike C arithmetic - using a
2725 * C multiply would break the following for negative
2728 (void)frexp(fp, &exp_b10); /* exponent to base 2 */
2730 exp_b10 = (exp_b10 * 77) >> 8; /* <= exponent to base 10 */
2732 /* Avoid underflow here. */
2733 base = png_pow10(exp_b10); /* May underflow */
2735 while (base < DBL_MIN || base < fp)
2737 /* And this may overflow. */
2738 double test = png_pow10(exp_b10+1);
2740 if (test <= DBL_MAX)
2741 ++exp_b10, base = test;
2747 /* Normalize fp and correct exp_b10, after this fp is in the
2748 * range [.1,1) and exp_b10 is both the exponent and the digit
2749 * *before* which the decimal point should be inserted
2750 * (starting with 0 for the first digit). Note that this
2751 * works even if 10^exp_b10 is out of range because of the
2752 * test on DBL_MAX above.
2755 while (fp >= 1) fp /= 10, ++exp_b10;
2757 /* Because of the code above fp may, at this point, be
2758 * less than .1, this is ok because the code below can
2759 * handle the leading zeros this generates, so no attempt
2760 * is made to correct that here.
2764 int czero, clead, cdigits;
2767 /* Allow up to two leading zeros - this will not lengthen
2768 * the number compared to using E-n.
2770 if (exp_b10 < 0 && exp_b10 > -3) /* PLUS 3 TOTAL 4 */
2772 czero = -exp_b10; /* PLUS 2 digits: TOTAL 3 */
2773 exp_b10 = 0; /* Dot added below before first output. */
2776 czero = 0; /* No zeros to add */
2778 /* Generate the digit list, stripping trailing zeros and
2779 * inserting a '.' before a digit if the exponent is 0.
2781 clead = czero; /* Count of leading zeros */
2782 cdigits = 0; /* Count of digits in list. */
2789 /* Use modf here, not floor and subtract, so that
2790 * the separation is done in one step. At the end
2791 * of the loop don't break the number into parts so
2792 * that the final digit is rounded.
2794 if (cdigits+czero-clead+1 < (int)precision)
2803 /* Rounding up to 10, handle that here. */
2807 if (cdigits == 0) --clead;
2811 while (cdigits > 0 && d > 9)
2815 if (exp_b10 != (-1))
2820 ch = *--ascii, ++size;
2821 /* Advance exp_b10 to '1', so that the
2822 * decimal point happens after the
2829 d = ch - 47; /* I.e. 1+(ch-48) */
2832 /* Did we reach the beginning? If so adjust the
2833 * exponent but take into account the leading
2836 if (d > 9) /* cdigits == 0 */
2838 if (exp_b10 == (-1))
2840 /* Leading decimal point (plus zeros?), if
2841 * we lose the decimal point here it must
2842 * be reentered below.
2847 ++size, exp_b10 = 1;
2849 /* Else lost a leading zero, so 'exp_b10' is
2856 /* In all cases we output a '1' */
2861 fp = 0; /* Guarantees termination below. */
2867 if (cdigits == 0) ++clead;
2871 /* Included embedded zeros in the digit count. */
2872 cdigits += czero - clead;
2877 /* exp_b10 == (-1) means we just output the decimal
2878 * place - after the DP don't adjust 'exp_b10' any
2881 if (exp_b10 != (-1))
2883 if (exp_b10 == 0) *ascii++ = 46, --size;
2884 /* PLUS 1: TOTAL 4 */
2887 *ascii++ = 48, --czero;
2890 if (exp_b10 != (-1))
2892 if (exp_b10 == 0) *ascii++ = 46, --size; /* counted
2896 *ascii++ = (char)(48 + (int)d), ++cdigits;
2899 while (cdigits+czero-clead < (int)precision && fp > DBL_MIN);
2901 /* The total output count (max) is now 4+precision */
2903 /* Check for an exponent, if we don't need one we are
2904 * done and just need to terminate the string. At
2905 * this point exp_b10==(-1) is effectively if flag - it got
2906 * to '-1' because of the decrement after outputing
2907 * the decimal point above (the exponent required is
2910 if (exp_b10 >= (-1) && exp_b10 <= 2)
2912 /* The following only happens if we didn't output the
2913 * leading zeros above for negative exponent, so this
2914 * doest add to the digit requirement. Note that the
2915 * two zeros here can only be output if the two leading
2916 * zeros were *not* output, so this doesn't increase
2919 while (--exp_b10 >= 0) *ascii++ = 48;
2923 /* Total buffer requirement (including the '\0') is
2924 * 5+precision - see check at the start.
2929 /* Here if an exponent is required, adjust size for
2930 * the digits we output but did not count. The total
2931 * digit output here so far is at most 1+precision - no
2932 * decimal point and no leading or trailing zeros have
2937 *ascii++ = 69, --size; /* 'E': PLUS 1 TOTAL 2+precision */
2939 /* The following use of an unsigned temporary avoids ambiguities in
2940 * the signed arithmetic on exp_b10 and permits GCC at least to do
2941 * better optimization.
2944 unsigned int uexp_b10;
2948 *ascii++ = 45, --size; /* '-': PLUS 1 TOTAL 3+precision */
2949 uexp_b10 = -exp_b10;
2957 while (uexp_b10 > 0)
2959 exponent[cdigits++] = (char)(48 + uexp_b10 % 10);
2964 /* Need another size check here for the exponent digits, so
2965 * this need not be considered above.
2967 if ((int)size > cdigits)
2969 while (cdigits > 0) *ascii++ = exponent[--cdigits];
2977 else if (!(fp >= DBL_MIN))
2979 *ascii++ = 48; /* '0' */
2985 *ascii++ = 105; /* 'i' */
2986 *ascii++ = 110; /* 'n' */
2987 *ascii++ = 102; /* 'f' */
2993 /* Here on buffer too small. */
2994 png_error(png_ptr, "ASCII conversion buffer too small");
2997 # endif /* FLOATING_POINT */
2999 # ifdef PNG_FIXED_POINT_SUPPORTED
3000 /* Function to format a fixed point value in ASCII.
3003 png_ascii_from_fixed(png_const_structrp png_ptr, png_charp ascii,
3004 png_size_t size, png_fixed_point fp)
3006 /* Require space for 10 decimal digits, a decimal point, a minus sign and a
3007 * trailing \0, 13 characters:
3013 /* Avoid overflow here on the minimum integer. */
3015 *ascii++ = 45, --size, num = -fp;
3019 if (num <= 0x80000000) /* else overflowed */
3021 unsigned int ndigits = 0, first = 16 /* flag value */;
3026 /* Split the low digit off num: */
3027 unsigned int tmp = num/10;
3029 digits[ndigits++] = (char)(48 + num);
3030 /* Record the first non-zero digit, note that this is a number
3031 * starting at 1, it's not actually the array index.
3033 if (first == 16 && num > 0)
3040 while (ndigits > 5) *ascii++ = digits[--ndigits];
3041 /* The remaining digits are fractional digits, ndigits is '5' or
3042 * smaller at this point. It is certainly not zero. Check for a
3043 * non-zero fractional digit:
3048 *ascii++ = 46; /* decimal point */
3049 /* ndigits may be <5 for small numbers, output leading zeros
3050 * then ndigits digits to first:
3053 while (ndigits < i) *ascii++ = 48, --i;
3054 while (ndigits >= first) *ascii++ = digits[--ndigits];
3055 /* Don't output the trailing zeros! */
3061 /* And null terminate the string: */
3067 /* Here on buffer too small. */
3068 png_error(png_ptr, "ASCII conversion buffer too small");
3070 # endif /* FIXED_POINT */
3071 #endif /* READ_SCAL */
3073 #if defined(PNG_FLOATING_POINT_SUPPORTED) && \
3074 !defined(PNG_FIXED_POINT_MACRO_SUPPORTED) && \
3075 (defined(PNG_gAMA_SUPPORTED) || defined(PNG_cHRM_SUPPORTED) || \
3076 defined(PNG_sCAL_SUPPORTED) || defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3077 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)) || \
3078 (defined(PNG_sCAL_SUPPORTED) && \
3079 defined(PNG_FLOATING_ARITHMETIC_SUPPORTED))
3081 png_fixed(png_const_structrp png_ptr, double fp, png_const_charp text)
3083 double r = floor(100000 * fp + .5);
3085 if (r > 2147483647. || r < -2147483648.)
3086 png_fixed_error(png_ptr, text);
3088 return (png_fixed_point)r;
3092 #if defined(PNG_READ_GAMMA_SUPPORTED) || \
3093 defined(PNG_INCH_CONVERSIONS_SUPPORTED) || defined(PNG__READ_pHYs_SUPPORTED)
3094 /* muldiv functions */
3095 /* This API takes signed arguments and rounds the result to the nearest
3096 * integer (or, for a fixed point number - the standard argument - to
3097 * the nearest .00001). Overflow and divide by zero are signalled in
3098 * the result, a boolean - true on success, false on overflow.
3101 png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times,
3104 /* Return a * times / divisor, rounded. */
3107 if (a == 0 || times == 0)
3114 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3120 /* A png_fixed_point is a 32-bit integer. */
3121 if (r <= 2147483647. && r >= -2147483648.)
3123 *res = (png_fixed_point)r;
3128 png_uint_32 A, T, D;
3129 png_uint_32 s16, s32, s00;
3132 negative = 1, A = -a;
3137 negative = !negative, T = -times;
3142 negative = !negative, D = -divisor;
3146 /* Following can't overflow because the arguments only
3147 * have 31 bits each, however the result may be 32 bits.
3149 s16 = (A >> 16) * (T & 0xffff) +
3150 (A & 0xffff) * (T >> 16);
3151 /* Can't overflow because the a*times bit is only 30
3154 s32 = (A >> 16) * (T >> 16) + (s16 >> 16);
3155 s00 = (A & 0xffff) * (T & 0xffff);
3157 s16 = (s16 & 0xffff) << 16;
3163 if (s32 < D) /* else overflow */
3165 /* s32.s00 is now the 64-bit product, do a standard
3166 * division, we know that s32 < D, so the maximum
3167 * required shift is 31.
3170 png_fixed_point result = 0; /* NOTE: signed */
3172 while (--bitshift >= 0)
3174 png_uint_32 d32, d00;
3177 d32 = D >> (32-bitshift), d00 = D << bitshift;
3184 if (s00 < d00) --s32; /* carry */
3185 s32 -= d32, s00 -= d00, result += 1<<bitshift;
3189 if (s32 == d32 && s00 >= d00)
3190 s32 = 0, s00 -= d00, result += 1<<bitshift;
3193 /* Handle the rounding. */
3194 if (s00 >= (D >> 1))
3200 /* Check for overflow. */
3201 if ((negative && result <= 0) || (!negative && result >= 0))
3213 #endif /* READ_GAMMA || INCH_CONVERSIONS */
3215 #if defined(PNG_READ_GAMMA_SUPPORTED) || defined(PNG_INCH_CONVERSIONS_SUPPORTED)
3216 /* The following is for when the caller doesn't much care about the
3220 png_muldiv_warn(png_const_structrp png_ptr, png_fixed_point a, png_int_32 times,
3223 png_fixed_point result;
3225 if (png_muldiv(&result, a, times, divisor))
3228 png_warning(png_ptr, "fixed point overflow ignored");
3233 #ifdef PNG_GAMMA_SUPPORTED /* more fixed point functions for gamma */
3234 /* Calculate a reciprocal, return 0 on div-by-zero or overflow. */
3236 png_reciprocal(png_fixed_point a)
3238 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3239 double r = floor(1E10/a+.5);
3241 if (r <= 2147483647. && r >= -2147483648.)
3242 return (png_fixed_point)r;
3244 png_fixed_point res;
3246 if (png_muldiv(&res, 100000, 100000, a))
3250 return 0; /* error/overflow */
3253 /* This is the shared test on whether a gamma value is 'significant' - whether
3254 * it is worth doing gamma correction.
3257 png_gamma_significant(png_fixed_point gamma_val)
3259 return gamma_val < PNG_FP_1 - PNG_GAMMA_THRESHOLD_FIXED ||
3260 gamma_val > PNG_FP_1 + PNG_GAMMA_THRESHOLD_FIXED;
3264 #ifdef PNG_READ_GAMMA_SUPPORTED
3265 /* A local convenience routine. */
3266 static png_fixed_point
3267 png_product2(png_fixed_point a, png_fixed_point b)
3269 /* The required result is 1/a * 1/b; the following preserves accuracy. */
3270 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3271 double r = a * 1E-5;
3275 if (r <= 2147483647. && r >= -2147483648.)
3276 return (png_fixed_point)r;
3278 png_fixed_point res;
3280 if (png_muldiv(&res, a, b, 100000))
3284 return 0; /* overflow */
3287 /* The inverse of the above. */
3289 png_reciprocal2(png_fixed_point a, png_fixed_point b)
3291 /* The required result is 1/a * 1/b; the following preserves accuracy. */
3292 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3297 if (r <= 2147483647. && r >= -2147483648.)
3298 return (png_fixed_point)r;
3300 /* This may overflow because the range of png_fixed_point isn't symmetric,
3301 * but this API is only used for the product of file and screen gamma so it
3302 * doesn't matter that the smallest number it can produce is 1/21474, not
3305 png_fixed_point res = png_product2(a, b);
3308 return png_reciprocal(res);
3311 return 0; /* overflow */
3313 #endif /* READ_GAMMA */
3315 #ifdef PNG_READ_GAMMA_SUPPORTED /* gamma table code */
3316 #ifndef PNG_FLOATING_ARITHMETIC_SUPPORTED
3317 /* Fixed point gamma.
3319 * The code to calculate the tables used below can be found in the shell script
3320 * contrib/tools/intgamma.sh
3322 * To calculate gamma this code implements fast log() and exp() calls using only
3323 * fixed point arithmetic. This code has sufficient precision for either 8-bit
3324 * or 16-bit sample values.
3326 * The tables used here were calculated using simple 'bc' programs, but C double
3327 * precision floating point arithmetic would work fine.
3330 * This is a table of -log(value/255)/log(2) for 'value' in the range 128 to
3331 * 255, so it's the base 2 logarithm of a normalized 8-bit floating point
3332 * mantissa. The numbers are 32-bit fractions.
3334 static const png_uint_32
3337 4270715492U, 4222494797U, 4174646467U, 4127164793U, 4080044201U, 4033279239U,
3338 3986864580U, 3940795015U, 3895065449U, 3849670902U, 3804606499U, 3759867474U,
3339 3715449162U, 3671346997U, 3627556511U, 3584073329U, 3540893168U, 3498011834U,
3340 3455425220U, 3413129301U, 3371120137U, 3329393864U, 3287946700U, 3246774933U,
3341 3205874930U, 3165243125U, 3124876025U, 3084770202U, 3044922296U, 3005329011U,
3342 2965987113U, 2926893432U, 2888044853U, 2849438323U, 2811070844U, 2772939474U,
3343 2735041326U, 2697373562U, 2659933400U, 2622718104U, 2585724991U, 2548951424U,
3344 2512394810U, 2476052606U, 2439922311U, 2404001468U, 2368287663U, 2332778523U,
3345 2297471715U, 2262364947U, 2227455964U, 2192742551U, 2158222529U, 2123893754U,
3346 2089754119U, 2055801552U, 2022034013U, 1988449497U, 1955046031U, 1921821672U,
3347 1888774511U, 1855902668U, 1823204291U, 1790677560U, 1758320682U, 1726131893U,
3348 1694109454U, 1662251657U, 1630556815U, 1599023271U, 1567649391U, 1536433567U,
3349 1505374214U, 1474469770U, 1443718700U, 1413119487U, 1382670639U, 1352370686U,
3350 1322218179U, 1292211689U, 1262349810U, 1232631153U, 1203054352U, 1173618059U,
3351 1144320946U, 1115161701U, 1086139034U, 1057251672U, 1028498358U, 999877854U,
3352 971388940U, 943030410U, 914801076U, 886699767U, 858725327U, 830876614U,
3353 803152505U, 775551890U, 748073672U, 720716771U, 693480120U, 666362667U,
3354 639363374U, 612481215U, 585715177U, 559064263U, 532527486U, 506103872U,
3355 479792461U, 453592303U, 427502463U, 401522014U, 375650043U, 349885648U,
3356 324227938U, 298676034U, 273229066U, 247886176U, 222646516U, 197509248U,
3357 172473545U, 147538590U, 122703574U, 97967701U, 73330182U, 48790236U,
3361 /* The following are the values for 16-bit tables - these work fine for the
3362 * 8-bit conversions but produce very slightly larger errors in the 16-bit
3363 * log (about 1.2 as opposed to 0.7 absolute error in the final value). To
3364 * use these all the shifts below must be adjusted appropriately.
3366 65166, 64430, 63700, 62976, 62257, 61543, 60835, 60132, 59434, 58741, 58054,
3367 57371, 56693, 56020, 55352, 54689, 54030, 53375, 52726, 52080, 51439, 50803,
3368 50170, 49542, 48918, 48298, 47682, 47070, 46462, 45858, 45257, 44661, 44068,
3369 43479, 42894, 42312, 41733, 41159, 40587, 40020, 39455, 38894, 38336, 37782,
3370 37230, 36682, 36137, 35595, 35057, 34521, 33988, 33459, 32932, 32408, 31887,
3371 31369, 30854, 30341, 29832, 29325, 28820, 28319, 27820, 27324, 26830, 26339,
3372 25850, 25364, 24880, 24399, 23920, 23444, 22970, 22499, 22029, 21562, 21098,
3373 20636, 20175, 19718, 19262, 18808, 18357, 17908, 17461, 17016, 16573, 16132,
3374 15694, 15257, 14822, 14390, 13959, 13530, 13103, 12678, 12255, 11834, 11415,
3375 10997, 10582, 10168, 9756, 9346, 8937, 8531, 8126, 7723, 7321, 6921, 6523,
3376 6127, 5732, 5339, 4947, 4557, 4169, 3782, 3397, 3014, 2632, 2251, 1872, 1495,
3382 png_log8bit(unsigned int x)
3384 unsigned int lg2 = 0;
3385 /* Each time 'x' is multiplied by 2, 1 must be subtracted off the final log,
3386 * because the log is actually negate that means adding 1. The final
3387 * returned value thus has the range 0 (for 255 input) to 7.994 (for 1
3388 * input), return -1 for the overflow (log 0) case, - so the result is
3389 * always at most 19 bits.
3391 if ((x &= 0xff) == 0)
3394 if ((x & 0xf0) == 0)
3397 if ((x & 0xc0) == 0)
3400 if ((x & 0x80) == 0)
3403 /* result is at most 19 bits, so this cast is safe: */
3404 return (png_int_32)((lg2 << 16) + ((png_8bit_l2[x-128]+32768)>>16));
3407 /* The above gives exact (to 16 binary places) log2 values for 8-bit images,
3408 * for 16-bit images we use the most significant 8 bits of the 16-bit value to
3409 * get an approximation then multiply the approximation by a correction factor
3410 * determined by the remaining up to 8 bits. This requires an additional step
3411 * in the 16-bit case.
3413 * We want log2(value/65535), we have log2(v'/255), where:
3415 * value = v' * 256 + v''
3418 * So f is value/v', which is equal to (256+v''/v') since v' is in the range 128
3419 * to 255 and v'' is in the range 0 to 255 f will be in the range 256 to less
3420 * than 258. The final factor also needs to correct for the fact that our 8-bit
3421 * value is scaled by 255, whereas the 16-bit values must be scaled by 65535.
3423 * This gives a final formula using a calculated value 'x' which is value/v' and
3424 * scaling by 65536 to match the above table:
3426 * log2(x/257) * 65536
3428 * Since these numbers are so close to '1' we can use simple linear
3429 * interpolation between the two end values 256/257 (result -368.61) and 258/257
3430 * (result 367.179). The values used below are scaled by a further 64 to give
3431 * 16-bit precision in the interpolation:
3433 * Start (256): -23591
3438 png_log16bit(png_uint_32 x)
3440 unsigned int lg2 = 0;
3442 /* As above, but now the input has 16 bits. */
3443 if ((x &= 0xffff) == 0)
3446 if ((x & 0xff00) == 0)
3449 if ((x & 0xf000) == 0)
3452 if ((x & 0xc000) == 0)
3455 if ((x & 0x8000) == 0)
3458 /* Calculate the base logarithm from the top 8 bits as a 28-bit fractional
3462 lg2 += (png_8bit_l2[(x>>8)-128]+8) >> 4;
3464 /* Now we need to interpolate the factor, this requires a division by the top
3465 * 8 bits. Do this with maximum precision.
3467 x = ((x << 16) + (x >> 9)) / (x >> 8);
3469 /* Since we divided by the top 8 bits of 'x' there will be a '1' at 1<<24,
3470 * the value at 1<<16 (ignoring this) will be 0 or 1; this gives us exactly
3471 * 16 bits to interpolate to get the low bits of the result. Round the
3472 * answer. Note that the end point values are scaled by 64 to retain overall
3473 * precision and that 'lg2' is current scaled by an extra 12 bits, so adjust
3474 * the overall scaling by 6-12. Round at every step.
3478 if (x <= 65536U) /* <= '257' */
3479 lg2 += ((23591U * (65536U-x)) + (1U << (16+6-12-1))) >> (16+6-12);
3482 lg2 -= ((23499U * (x-65536U)) + (1U << (16+6-12-1))) >> (16+6-12);
3484 /* Safe, because the result can't have more than 20 bits: */
3485 return (png_int_32)((lg2 + 2048) >> 12);
3488 /* The 'exp()' case must invert the above, taking a 20-bit fixed point
3489 * logarithmic value and returning a 16 or 8-bit number as appropriate. In
3490 * each case only the low 16 bits are relevant - the fraction - since the
3491 * integer bits (the top 4) simply determine a shift.
3493 * The worst case is the 16-bit distinction between 65535 and 65534, this
3494 * requires perhaps spurious accuracty in the decoding of the logarithm to
3495 * distinguish log2(65535/65534.5) - 10^-5 or 17 bits. There is little chance
3496 * of getting this accuracy in practice.
3498 * To deal with this the following exp() function works out the exponent of the
3499 * frational part of the logarithm by using an accurate 32-bit value from the
3500 * top four fractional bits then multiplying in the remaining bits.
3502 static const png_uint_32
3505 /* NOTE: the first entry is deliberately set to the maximum 32-bit value. */
3506 4294967295U, 4112874773U, 3938502376U, 3771522796U, 3611622603U, 3458501653U,
3507 3311872529U, 3171459999U, 3037000500U, 2908241642U, 2784941738U, 2666869345U,
3508 2553802834U, 2445529972U, 2341847524U, 2242560872U
3511 /* Adjustment table; provided to explain the numbers in the code below. */
3513 for (i=11;i>=0;--i){ print i, " ", (1 - e(-(2^i)/65536*l(2))) * 2^(32-i), "\n"}
3514 11 44937.64284865548751208448
3515 10 45180.98734845585101160448
3516 9 45303.31936980687359311872
3517 8 45364.65110595323018870784
3518 7 45395.35850361789624614912
3519 6 45410.72259715102037508096
3520 5 45418.40724413220722311168
3521 4 45422.25021786898173001728
3522 3 45424.17186732298419044352
3523 2 45425.13273269940811464704
3524 1 45425.61317555035558641664
3525 0 45425.85339951654943850496
3529 png_exp(png_fixed_point x)
3531 if (x > 0 && x <= 0xfffff) /* Else overflow or zero (underflow) */
3533 /* Obtain a 4-bit approximation */
3534 png_uint_32 e = png_32bit_exp[(x >> 12) & 0xf];
3536 /* Incorporate the low 12 bits - these decrease the returned value by
3537 * multiplying by a number less than 1 if the bit is set. The multiplier
3538 * is determined by the above table and the shift. Notice that the values
3539 * converge on 45426 and this is used to allow linear interpolation of the
3543 e -= (((e >> 16) * 44938U) + 16U) >> 5;
3546 e -= (((e >> 16) * 45181U) + 32U) >> 6;
3549 e -= (((e >> 16) * 45303U) + 64U) >> 7;
3552 e -= (((e >> 16) * 45365U) + 128U) >> 8;
3555 e -= (((e >> 16) * 45395U) + 256U) >> 9;
3558 e -= (((e >> 16) * 45410U) + 512U) >> 10;
3560 /* And handle the low 6 bits in a single block. */
3561 e -= (((e >> 16) * 355U * (x & 0x3fU)) + 256U) >> 9;
3563 /* Handle the upper bits of x. */
3568 /* Check for overflow */
3570 return png_32bit_exp[0];
3572 /* Else underflow */
3577 png_exp8bit(png_fixed_point lg2)
3579 /* Get a 32-bit value: */
3580 png_uint_32 x = png_exp(lg2);
3582 /* Convert the 32-bit value to 0..255 by multiplying by 256-1, note that the
3583 * second, rounding, step can't overflow because of the first, subtraction,
3587 return (png_byte)((x + 0x7fffffU) >> 24);
3591 png_exp16bit(png_fixed_point lg2)
3593 /* Get a 32-bit value: */
3594 png_uint_32 x = png_exp(lg2);
3596 /* Convert the 32-bit value to 0..65535 by multiplying by 65536-1: */
3598 return (png_uint_16)((x + 32767U) >> 16);
3600 #endif /* FLOATING_ARITHMETIC */
3603 png_gamma_8bit_correct(unsigned int value, png_fixed_point gamma_val)
3605 if (value > 0 && value < 255)
3607 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3608 double r = floor(255*pow(value/255.,gamma_val*.00001)+.5);
3611 png_int_32 lg2 = png_log8bit(value);
3612 png_fixed_point res;
3614 if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1))
3615 return png_exp8bit(res);
3622 return (png_byte)value;
3626 png_gamma_16bit_correct(unsigned int value, png_fixed_point gamma_val)
3628 if (value > 0 && value < 65535)
3630 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3631 double r = floor(65535*pow(value/65535.,gamma_val*.00001)+.5);
3632 return (png_uint_16)r;
3634 png_int_32 lg2 = png_log16bit(value);
3635 png_fixed_point res;
3637 if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1))
3638 return png_exp16bit(res);
3645 return (png_uint_16)value;
3648 /* This does the right thing based on the bit_depth field of the
3649 * png_struct, interpreting values as 8-bit or 16-bit. While the result
3650 * is nominally a 16-bit value if bit depth is 8 then the result is
3651 * 8-bit (as are the arguments.)
3653 png_uint_16 /* PRIVATE */
3654 png_gamma_correct(png_structrp png_ptr, unsigned int value,
3655 png_fixed_point gamma_val)
3657 if (png_ptr->bit_depth == 8)
3658 return png_gamma_8bit_correct(value, gamma_val);
3661 return png_gamma_16bit_correct(value, gamma_val);
3664 /* Internal function to build a single 16-bit table - the table consists of
3665 * 'num' 256 entry subtables, where 'num' is determined by 'shift' - the amount
3666 * to shift the input values right (or 16-number_of_signifiant_bits).
3668 * The caller is responsible for ensuring that the table gets cleaned up on
3669 * png_error (i.e. if one of the mallocs below fails) - i.e. the *table argument
3670 * should be somewhere that will be cleaned.
3673 png_build_16bit_table(png_structrp png_ptr, png_uint_16pp *ptable,
3674 PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
3676 /* Various values derived from 'shift': */
3677 PNG_CONST unsigned int num = 1U << (8U - shift);
3678 PNG_CONST unsigned int max = (1U << (16U - shift))-1U;
3679 PNG_CONST unsigned int max_by_2 = 1U << (15U-shift);
3682 png_uint_16pp table = *ptable =
3683 (png_uint_16pp)png_calloc(png_ptr, num * (sizeof (png_uint_16p)));
3685 for (i = 0; i < num; i++)
3687 png_uint_16p sub_table = table[i] =
3688 (png_uint_16p)png_malloc(png_ptr, 256 * (sizeof (png_uint_16)));
3690 /* The 'threshold' test is repeated here because it can arise for one of
3691 * the 16-bit tables even if the others don't hit it.
3693 if (png_gamma_significant(gamma_val))
3695 /* The old code would overflow at the end and this would cause the
3696 * 'pow' function to return a result >1, resulting in an
3697 * arithmetic error. This code follows the spec exactly; ig is
3698 * the recovered input sample, it always has 8-16 bits.
3700 * We want input * 65535/max, rounded, the arithmetic fits in 32
3701 * bits (unsigned) so long as max <= 32767.
3704 for (j = 0; j < 256; j++)
3706 png_uint_32 ig = (j << (8-shift)) + i;
3707 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3708 /* Inline the 'max' scaling operation: */
3709 double d = floor(65535*pow(ig/(double)max, gamma_val*.00001)+.5);
3710 sub_table[j] = (png_uint_16)d;
3713 ig = (ig * 65535U + max_by_2)/max;
3715 sub_table[j] = png_gamma_16bit_correct(ig, gamma_val);
3721 /* We must still build a table, but do it the fast way. */
3724 for (j = 0; j < 256; j++)
3726 png_uint_32 ig = (j << (8-shift)) + i;
3729 ig = (ig * 65535U + max_by_2)/max;
3731 sub_table[j] = (png_uint_16)ig;
3737 /* NOTE: this function expects the *inverse* of the overall gamma transformation
3741 png_build_16to8_table(png_structrp png_ptr, png_uint_16pp *ptable,
3742 PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
3744 PNG_CONST unsigned int num = 1U << (8U - shift);
3745 PNG_CONST unsigned int max = (1U << (16U - shift))-1U;
3749 png_uint_16pp table = *ptable =
3750 (png_uint_16pp)png_calloc(png_ptr, num * (sizeof (png_uint_16p)));
3752 /* 'num' is the number of tables and also the number of low bits of low
3753 * bits of the input 16-bit value used to select a table. Each table is
3754 * itself index by the high 8 bits of the value.
3756 for (i = 0; i < num; i++)
3757 table[i] = (png_uint_16p)png_malloc(png_ptr,
3758 256 * (sizeof (png_uint_16)));
3760 /* 'gamma_val' is set to the reciprocal of the value calculated above, so
3761 * pow(out,g) is an *input* value. 'last' is the last input value set.
3763 * In the loop 'i' is used to find output values. Since the output is
3764 * 8-bit there are only 256 possible values. The tables are set up to
3765 * select the closest possible output value for each input by finding
3766 * the input value at the boundary between each pair of output values
3767 * and filling the table up to that boundary with the lower output
3770 * The boundary values are 0.5,1.5..253.5,254.5. Since these are 9-bit
3771 * values the code below uses a 16-bit value in i; the values start at
3772 * 128.5 (for 0.5) and step by 257, for a total of 254 values (the last
3773 * entries are filled with 255). Start i at 128 and fill all 'last'
3774 * table entries <= 'max'
3777 for (i = 0; i < 255; ++i) /* 8-bit output value */
3779 /* Find the corresponding maximum input value */
3780 png_uint_16 out = (png_uint_16)(i * 257U); /* 16-bit output value */
3782 /* Find the boundary value in 16 bits: */
3783 png_uint_32 bound = png_gamma_16bit_correct(out+128U, gamma_val);
3785 /* Adjust (round) to (16-shift) bits: */
3786 bound = (bound * max + 32768U)/65535U + 1U;
3788 while (last < bound)
3790 table[last & (0xffU >> shift)][last >> (8U - shift)] = out;
3795 /* And fill in the final entries. */
3796 while (last < (num << 8))
3798 table[last & (0xff >> shift)][last >> (8U - shift)] = 65535U;
3803 /* Build a single 8-bit table: same as the 16-bit case but much simpler (and
3804 * typically much faster). Note that libpng currently does no sBIT processing
3805 * (apparently contrary to the spec) so a 256 entry table is always generated.
3808 png_build_8bit_table(png_structrp png_ptr, png_bytepp ptable,
3809 PNG_CONST png_fixed_point gamma_val)
3812 png_bytep table = *ptable = (png_bytep)png_malloc(png_ptr, 256);
3814 if (png_gamma_significant(gamma_val)) for (i=0; i<256; i++)
3815 table[i] = png_gamma_8bit_correct(i, gamma_val);
3817 else for (i=0; i<256; ++i)
3818 table[i] = (png_byte)i;
3821 /* Used from png_read_destroy and below to release the memory used by the gamma
3825 png_destroy_gamma_table(png_structrp png_ptr)
3827 png_free(png_ptr, png_ptr->gamma_table);
3828 png_ptr->gamma_table = NULL;
3830 if (png_ptr->gamma_16_table != NULL)
3833 int istop = (1 << (8 - png_ptr->gamma_shift));
3834 for (i = 0; i < istop; i++)
3836 png_free(png_ptr, png_ptr->gamma_16_table[i]);
3838 png_free(png_ptr, png_ptr->gamma_16_table);
3839 png_ptr->gamma_16_table = NULL;
3842 #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3843 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
3844 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
3845 png_free(png_ptr, png_ptr->gamma_from_1);
3846 png_ptr->gamma_from_1 = NULL;
3847 png_free(png_ptr, png_ptr->gamma_to_1);
3848 png_ptr->gamma_to_1 = NULL;
3850 if (png_ptr->gamma_16_from_1 != NULL)
3853 int istop = (1 << (8 - png_ptr->gamma_shift));
3854 for (i = 0; i < istop; i++)
3856 png_free(png_ptr, png_ptr->gamma_16_from_1[i]);
3858 png_free(png_ptr, png_ptr->gamma_16_from_1);
3859 png_ptr->gamma_16_from_1 = NULL;
3861 if (png_ptr->gamma_16_to_1 != NULL)
3864 int istop = (1 << (8 - png_ptr->gamma_shift));
3865 for (i = 0; i < istop; i++)
3867 png_free(png_ptr, png_ptr->gamma_16_to_1[i]);
3869 png_free(png_ptr, png_ptr->gamma_16_to_1);
3870 png_ptr->gamma_16_to_1 = NULL;
3872 #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
3875 /* We build the 8- or 16-bit gamma tables here. Note that for 16-bit
3876 * tables, we don't make a full table if we are reducing to 8-bit in
3877 * the future. Note also how the gamma_16 tables are segmented so that
3878 * we don't need to allocate > 64K chunks for a full 16-bit table.
3881 png_build_gamma_table(png_structrp png_ptr, int bit_depth)
3883 png_debug(1, "in png_build_gamma_table");
3885 /* Remove any existing table; this copes with multiple calls to
3886 * png_read_update_info. The warning is because building the gamma tables
3887 * multiple times is a performance hit - it's harmless but the ability to call
3888 * png_read_update_info() multiple times is new in 1.5.6 so it seems sensible
3889 * to warn if the app introduces such a hit.
3891 if (png_ptr->gamma_table != NULL || png_ptr->gamma_16_table != NULL)
3893 png_warning(png_ptr, "gamma table being rebuilt");
3894 png_destroy_gamma_table(png_ptr);
3899 png_build_8bit_table(png_ptr, &png_ptr->gamma_table,
3900 png_ptr->screen_gamma > 0 ? png_reciprocal2(png_ptr->colorspace.gamma,
3901 png_ptr->screen_gamma) : PNG_FP_1);
3903 #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3904 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
3905 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
3906 if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY))
3908 png_build_8bit_table(png_ptr, &png_ptr->gamma_to_1,
3909 png_reciprocal(png_ptr->colorspace.gamma));
3911 png_build_8bit_table(png_ptr, &png_ptr->gamma_from_1,
3912 png_ptr->screen_gamma > 0 ? png_reciprocal(png_ptr->screen_gamma) :
3913 png_ptr->colorspace.gamma/* Probably doing rgb_to_gray */);
3915 #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
3919 png_byte shift, sig_bit;
3921 if (png_ptr->color_type & PNG_COLOR_MASK_COLOR)
3923 sig_bit = png_ptr->sig_bit.red;
3925 if (png_ptr->sig_bit.green > sig_bit)
3926 sig_bit = png_ptr->sig_bit.green;
3928 if (png_ptr->sig_bit.blue > sig_bit)
3929 sig_bit = png_ptr->sig_bit.blue;
3932 sig_bit = png_ptr->sig_bit.gray;
3934 /* 16-bit gamma code uses this equation:
3936 * ov = table[(iv & 0xff) >> gamma_shift][iv >> 8]
3938 * Where 'iv' is the input color value and 'ov' is the output value -
3941 * Thus the gamma table consists of up to 256 256 entry tables. The table
3942 * is selected by the (8-gamma_shift) most significant of the low 8 bits of
3943 * the color value then indexed by the upper 8 bits:
3945 * table[low bits][high 8 bits]
3947 * So the table 'n' corresponds to all those 'iv' of:
3949 * <all high 8-bit values><n << gamma_shift>..<(n+1 << gamma_shift)-1>
3952 if (sig_bit > 0 && sig_bit < 16U)
3953 shift = (png_byte)(16U - sig_bit); /* shift == insignificant bits */
3956 shift = 0; /* keep all 16 bits */
3958 if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8))
3960 /* PNG_MAX_GAMMA_8 is the number of bits to keep - effectively
3961 * the significant bits in the *input* when the output will
3962 * eventually be 8 bits. By default it is 11.
3964 if (shift < (16U - PNG_MAX_GAMMA_8))
3965 shift = (16U - PNG_MAX_GAMMA_8);
3969 shift = 8U; /* Guarantees at least one table! */
3971 png_ptr->gamma_shift = shift;
3973 #ifdef PNG_16BIT_SUPPORTED
3974 /* NOTE: prior to 1.5.4 this test used to include PNG_BACKGROUND (now
3975 * PNG_COMPOSE). This effectively smashed the background calculation for
3976 * 16-bit output because the 8-bit table assumes the result will be reduced
3979 if (png_ptr->transformations & (PNG_16_TO_8 | PNG_SCALE_16_TO_8))
3981 png_build_16to8_table(png_ptr, &png_ptr->gamma_16_table, shift,
3982 png_ptr->screen_gamma > 0 ? png_product2(png_ptr->colorspace.gamma,
3983 png_ptr->screen_gamma) : PNG_FP_1);
3985 #ifdef PNG_16BIT_SUPPORTED
3987 png_build_16bit_table(png_ptr, &png_ptr->gamma_16_table, shift,
3988 png_ptr->screen_gamma > 0 ? png_reciprocal2(png_ptr->colorspace.gamma,
3989 png_ptr->screen_gamma) : PNG_FP_1);
3992 #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3993 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
3994 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
3995 if (png_ptr->transformations & (PNG_COMPOSE | PNG_RGB_TO_GRAY))
3997 png_build_16bit_table(png_ptr, &png_ptr->gamma_16_to_1, shift,
3998 png_reciprocal(png_ptr->colorspace.gamma));
4000 /* Notice that the '16 from 1' table should be full precision, however
4001 * the lookup on this table still uses gamma_shift, so it can't be.
4004 png_build_16bit_table(png_ptr, &png_ptr->gamma_16_from_1, shift,
4005 png_ptr->screen_gamma > 0 ? png_reciprocal(png_ptr->screen_gamma) :
4006 png_ptr->colorspace.gamma/* Probably doing rgb_to_gray */);
4008 #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
4011 #endif /* READ_GAMMA */
4014 #if defined PNG_SIMPLIFIED_READ_SUPPORTED ||\
4015 defined PNG_SIMPLIFIED_WRITE_SUPPORTED
4016 /* sRGB conversion tables; these are machine generated with the code in
4017 * contrib/tools/makesRGB.c. The actual sRGB transfer curve defined in the
4018 * specification (see the article at http://en.wikipedia.org/wiki/SRGB)
4019 * is used, not the gamma=1/2.2 approximation use elsewhere in libpng.
4020 * The sRGB to linear table is exact (to the nearest 16 bit linear fraction).
4021 * The inverse (linear to sRGB) table has accuracies as follows:
4023 * For all possible (255*65535+1) input values:
4025 * error: -0.515566 - 0.625971, 79441 (0.475369%) of readings inexact
4027 * For the input values corresponding to the 65536 16-bit values:
4029 * error: -0.513727 - 0.607759, 308 (0.469978%) of readings inexact
4031 * In all cases the inexact readings are off by one.
4034 #ifdef PNG_SIMPLIFIED_READ_SUPPORTED
4035 /* The convert-to-sRGB table is only currently required for read. */
4036 const png_uint_16 png_sRGB_table[256] =
4038 0,20,40,60,80,99,119,139,
4039 159,179,199,219,241,264,288,313,
4040 340,367,396,427,458,491,526,562,
4041 599,637,677,718,761,805,851,898,
4042 947,997,1048,1101,1156,1212,1270,1330,
4043 1391,1453,1517,1583,1651,1720,1790,1863,
4044 1937,2013,2090,2170,2250,2333,2418,2504,
4045 2592,2681,2773,2866,2961,3058,3157,3258,
4046 3360,3464,3570,3678,3788,3900,4014,4129,
4047 4247,4366,4488,4611,4736,4864,4993,5124,
4048 5257,5392,5530,5669,5810,5953,6099,6246,
4049 6395,6547,6700,6856,7014,7174,7335,7500,
4050 7666,7834,8004,8177,8352,8528,8708,8889,
4051 9072,9258,9445,9635,9828,10022,10219,10417,
4052 10619,10822,11028,11235,11446,11658,11873,12090,
4053 12309,12530,12754,12980,13209,13440,13673,13909,
4054 14146,14387,14629,14874,15122,15371,15623,15878,
4055 16135,16394,16656,16920,17187,17456,17727,18001,
4056 18277,18556,18837,19121,19407,19696,19987,20281,
4057 20577,20876,21177,21481,21787,22096,22407,22721,
4058 23038,23357,23678,24002,24329,24658,24990,25325,
4059 25662,26001,26344,26688,27036,27386,27739,28094,
4060 28452,28813,29176,29542,29911,30282,30656,31033,
4061 31412,31794,32179,32567,32957,33350,33745,34143,
4062 34544,34948,35355,35764,36176,36591,37008,37429,
4063 37852,38278,38706,39138,39572,40009,40449,40891,
4064 41337,41785,42236,42690,43147,43606,44069,44534,
4065 45002,45473,45947,46423,46903,47385,47871,48359,
4066 48850,49344,49841,50341,50844,51349,51858,52369,
4067 52884,53401,53921,54445,54971,55500,56032,56567,
4068 57105,57646,58190,58737,59287,59840,60396,60955,
4069 61517,62082,62650,63221,63795,64372,64952,65535
4072 #endif /* simplified read only */
4074 /* The base/delta tables are required for both read and write (but currently
4075 * only the simplified versions.)
4077 const png_uint_16 png_sRGB_base[512] =
4079 128,1782,3383,4644,5675,6564,7357,8074,
4080 8732,9346,9921,10463,10977,11466,11935,12384,
4081 12816,13233,13634,14024,14402,14769,15125,15473,
4082 15812,16142,16466,16781,17090,17393,17690,17981,
4083 18266,18546,18822,19093,19359,19621,19879,20133,
4084 20383,20630,20873,21113,21349,21583,21813,22041,
4085 22265,22487,22707,22923,23138,23350,23559,23767,
4086 23972,24175,24376,24575,24772,24967,25160,25352,
4087 25542,25730,25916,26101,26284,26465,26645,26823,
4088 27000,27176,27350,27523,27695,27865,28034,28201,
4089 28368,28533,28697,28860,29021,29182,29341,29500,
4090 29657,29813,29969,30123,30276,30429,30580,30730,
4091 30880,31028,31176,31323,31469,31614,31758,31902,
4092 32045,32186,32327,32468,32607,32746,32884,33021,
4093 33158,33294,33429,33564,33697,33831,33963,34095,
4094 34226,34357,34486,34616,34744,34873,35000,35127,
4095 35253,35379,35504,35629,35753,35876,35999,36122,
4096 36244,36365,36486,36606,36726,36845,36964,37083,
4097 37201,37318,37435,37551,37668,37783,37898,38013,
4098 38127,38241,38354,38467,38580,38692,38803,38915,
4099 39026,39136,39246,39356,39465,39574,39682,39790,
4100 39898,40005,40112,40219,40325,40431,40537,40642,
4101 40747,40851,40955,41059,41163,41266,41369,41471,
4102 41573,41675,41777,41878,41979,42079,42179,42279,
4103 42379,42478,42577,42676,42775,42873,42971,43068,
4104 43165,43262,43359,43456,43552,43648,43743,43839,
4105 43934,44028,44123,44217,44311,44405,44499,44592,
4106 44685,44778,44870,44962,45054,45146,45238,45329,
4107 45420,45511,45601,45692,45782,45872,45961,46051,
4108 46140,46229,46318,46406,46494,46583,46670,46758,
4109 46846,46933,47020,47107,47193,47280,47366,47452,
4110 47538,47623,47709,47794,47879,47964,48048,48133,
4111 48217,48301,48385,48468,48552,48635,48718,48801,
4112 48884,48966,49048,49131,49213,49294,49376,49458,
4113 49539,49620,49701,49782,49862,49943,50023,50103,
4114 50183,50263,50342,50422,50501,50580,50659,50738,
4115 50816,50895,50973,51051,51129,51207,51285,51362,
4116 51439,51517,51594,51671,51747,51824,51900,51977,
4117 52053,52129,52205,52280,52356,52432,52507,52582,
4118 52657,52732,52807,52881,52956,53030,53104,53178,
4119 53252,53326,53400,53473,53546,53620,53693,53766,
4120 53839,53911,53984,54056,54129,54201,54273,54345,
4121 54417,54489,54560,54632,54703,54774,54845,54916,
4122 54987,55058,55129,55199,55269,55340,55410,55480,
4123 55550,55620,55689,55759,55828,55898,55967,56036,
4124 56105,56174,56243,56311,56380,56448,56517,56585,
4125 56653,56721,56789,56857,56924,56992,57059,57127,
4126 57194,57261,57328,57395,57462,57529,57595,57662,
4127 57728,57795,57861,57927,57993,58059,58125,58191,
4128 58256,58322,58387,58453,58518,58583,58648,58713,
4129 58778,58843,58908,58972,59037,59101,59165,59230,
4130 59294,59358,59422,59486,59549,59613,59677,59740,
4131 59804,59867,59930,59993,60056,60119,60182,60245,
4132 60308,60370,60433,60495,60558,60620,60682,60744,
4133 60806,60868,60930,60992,61054,61115,61177,61238,
4134 61300,61361,61422,61483,61544,61605,61666,61727,
4135 61788,61848,61909,61969,62030,62090,62150,62211,
4136 62271,62331,62391,62450,62510,62570,62630,62689,
4137 62749,62808,62867,62927,62986,63045,63104,63163,
4138 63222,63281,63340,63398,63457,63515,63574,63632,
4139 63691,63749,63807,63865,63923,63981,64039,64097,
4140 64155,64212,64270,64328,64385,64443,64500,64557,
4141 64614,64672,64729,64786,64843,64900,64956,65013,
4142 65070,65126,65183,65239,65296,65352,65409,65465
4145 const png_byte png_sRGB_delta[512] =
4147 207,201,158,129,113,100,90,82,77,72,68,64,61,59,56,54,
4148 52,50,49,47,46,45,43,42,41,40,39,39,38,37,36,36,
4149 35,34,34,33,33,32,32,31,31,30,30,30,29,29,28,28,
4150 28,27,27,27,27,26,26,26,25,25,25,25,24,24,24,24,
4151 23,23,23,23,23,22,22,22,22,22,22,21,21,21,21,21,
4152 21,20,20,20,20,20,20,20,20,19,19,19,19,19,19,19,
4153 19,18,18,18,18,18,18,18,18,18,18,17,17,17,17,17,
4154 17,17,17,17,17,17,16,16,16,16,16,16,16,16,16,16,
4155 16,16,16,16,15,15,15,15,15,15,15,15,15,15,15,15,
4156 15,15,15,15,14,14,14,14,14,14,14,14,14,14,14,14,
4157 14,14,14,14,14,14,14,13,13,13,13,13,13,13,13,13,
4158 13,13,13,13,13,13,13,13,13,13,13,13,13,13,12,12,
4159 12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,
4160 12,12,12,12,12,12,12,12,12,12,12,12,11,11,11,11,
4161 11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,
4162 11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,
4163 11,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,
4164 10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,
4165 10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,
4166 10,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4167 9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4168 9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4169 9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4170 9,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4171 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4172 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4173 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4174 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4175 8,8,8,8,8,8,8,8,8,7,7,7,7,7,7,7,
4176 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
4177 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
4178 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7
4180 #endif /* SIMPLIFIED READ/WRITE sRGB support */
4182 /* SIMPLIFIED READ/WRITE SUPPORT */
4183 #if defined PNG_SIMPLIFIED_READ_SUPPORTED ||\
4184 defined PNG_SIMPLIFIED_WRITE_SUPPORTED
4186 png_image_free_function(png_voidp argument)
4188 png_imagep image = png_voidcast(png_imagep, argument);
4189 png_controlp cp = image->opaque;
4192 /* Double check that we have a png_ptr - it should be impossible to get here
4195 if (cp->png_ptr == NULL)
4198 /* First free any data held in the control structure. */
4199 # ifdef PNG_STDIO_SUPPORTED
4202 FILE *fp = png_voidcast(FILE*, cp->png_ptr->io_ptr);
4205 /* Ignore errors here. */
4208 cp->png_ptr->io_ptr = NULL;
4214 /* Copy the control structure so that the original, allocated, version can be
4215 * safely freed. Notice that a png_error here stops the remainder of the
4216 * cleanup, but this is probably fine because that would indicate bad memory
4221 png_free(c.png_ptr, cp);
4223 /* Then the structures, calling the correct API. */
4226 # ifdef PNG_SIMPLIFIED_WRITE_SUPPORTED
4227 png_destroy_write_struct(&c.png_ptr, &c.info_ptr);
4229 png_error(c.png_ptr, "simplified write not supported");
4234 # ifdef PNG_SIMPLIFIED_READ_SUPPORTED
4235 png_destroy_read_struct(&c.png_ptr, &c.info_ptr, NULL);
4237 png_error(c.png_ptr, "simplified read not supported");
4246 png_image_free(png_imagep image)
4248 /* Safely call the real function, but only if doing so is safe at this point
4249 * (if not inside an error handling context). Otherwise assume
4250 * png_safe_execute will call this API after the return.
4252 if (image != NULL && image->opaque != NULL &&
4253 image->opaque->error_buf == NULL)
4255 /* Ignore errors here: */
4256 (void)png_safe_execute(image, png_image_free_function, image);
4257 image->opaque = NULL;
4262 png_image_error(png_imagep image, png_const_charp error_message)
4264 /* Utility to log an error. */
4265 png_safecat(image->message, (sizeof image->message), 0, error_message);
4266 image->warning_or_error |= PNG_IMAGE_ERROR;
4267 png_image_free(image);
4271 #endif /* SIMPLIFIED READ/WRITE */
4272 #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
projects / l4.git / blob