1 /*---------------------------------------------------------------------------
2 
3    rpng2 - progressive-model PNG display program                 readpng2.c
4 
5   ---------------------------------------------------------------------------
6 
7       Copyright (c) 1998-2015 Greg Roelofs.  All rights reserved.
8 
9       This software is provided "as is," without warranty of any kind,
10       express or implied.  In no event shall the author or contributors
11       be held liable for any damages arising in any way from the use of
12       this software.
13 
14       The contents of this file are DUAL-LICENSED.  You may modify and/or
15       redistribute this software according to the terms of one of the
16       following two licenses (at your option):
17 
18 
19       LICENSE 1 ("BSD-like with advertising clause"):
20 
21       Permission is granted to anyone to use this software for any purpose,
22       including commercial applications, and to alter it and redistribute
23       it freely, subject to the following restrictions:
24 
25       1. Redistributions of source code must retain the above copyright
26          notice, disclaimer, and this list of conditions.
27       2. Redistributions in binary form must reproduce the above copyright
28          notice, disclaimer, and this list of conditions in the documenta-
29          tion and/or other materials provided with the distribution.
30       3. All advertising materials mentioning features or use of this
31          software must display the following acknowledgment:
32 
33             This product includes software developed by Greg Roelofs
34             and contributors for the book, "PNG: The Definitive Guide,"
35             published by O'Reilly and Associates.
36 
37 
38       LICENSE 2 (GNU GPL v2 or later):
39 
40       This program is free software; you can redistribute it and/or modify
41       it under the terms of the GNU General Public License as published by
42       the Free Software Foundation; either version 2 of the License, or
43       (at your option) any later version.
44 
45       This program is distributed in the hope that it will be useful,
46       but WITHOUT ANY WARRANTY; without even the implied warranty of
47       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
48       GNU General Public License for more details.
49 
50       You should have received a copy of the GNU General Public License
51       along with this program; if not, write to the Free Software Foundation,
52       Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
53 
54   ---------------------------------------------------------------------------
55 
56    Changelog:
57      2015-11-12 - Check return value of png_get_bKGD() (Glenn R-P)
58      2017-04-22 - Guard against integer overflow (Glenn R-P)
59 
60   ---------------------------------------------------------------------------*/
61 
62 
63 #include <stdlib.h>     /* for exit() prototype */
64 #include <setjmp.h>
65 
66 #include <zlib.h>
67 #include "png.h"        /* libpng header from the local directory */
68 #include "readpng2.h"   /* typedefs, common macros, public prototypes */
69 
70 
71 /* local prototypes */
72 
73 static void readpng2_info_callback(png_structp png_ptr, png_infop info_ptr);
74 static void readpng2_row_callback(png_structp png_ptr, png_bytep new_row,
75                                  png_uint_32 row_num, int pass);
76 static void readpng2_end_callback(png_structp png_ptr, png_infop info_ptr);
77 static void readpng2_error_handler(png_structp png_ptr, png_const_charp msg);
78 static void readpng2_warning_handler(png_structp png_ptr, png_const_charp msg);
79 
80 
81 
82 
readpng2_version_info(void)83 void readpng2_version_info(void)
84 {
85     fprintf(stderr, "   Compiled with libpng %s; using libpng %s\n",
86       PNG_LIBPNG_VER_STRING, png_libpng_ver);
87 
88     fprintf(stderr, "   and with zlib %s; using zlib %s.\n",
89       ZLIB_VERSION, zlib_version);
90 }
91 
92 
93 
94 
readpng2_check_sig(uch * sig,int num)95 int readpng2_check_sig(uch *sig, int num)
96 {
97     return !png_sig_cmp(sig, 0, num);
98 }
99 
100 
101 
102 
103 /* returns 0 for success, 2 for libpng problem, 4 for out of memory */
104 
readpng2_init(mainprog_info * mainprog_ptr)105 int readpng2_init(mainprog_info *mainprog_ptr)
106 {
107     png_structp  png_ptr;       /* note:  temporary variables! */
108     png_infop  info_ptr;
109 
110 
111     /* could also replace libpng warning-handler (final NULL), but no need: */
112 
113     png_ptr = png_create_read_struct(png_get_libpng_ver(NULL), mainprog_ptr,
114       readpng2_error_handler, readpng2_warning_handler);
115     if (!png_ptr)
116         return 4;   /* out of memory */
117 
118     info_ptr = png_create_info_struct(png_ptr);
119     if (!info_ptr) {
120         png_destroy_read_struct(&png_ptr, NULL, NULL);
121         return 4;   /* out of memory */
122     }
123 
124 
125     /* we could create a second info struct here (end_info), but it's only
126      * useful if we want to keep pre- and post-IDAT chunk info separated
127      * (mainly for PNG-aware image editors and converters) */
128 
129 
130     /* setjmp() must be called in every function that calls a PNG-reading
131      * libpng function, unless an alternate error handler was installed--
132      * but compatible error handlers must either use longjmp() themselves
133      * (as in this program) or exit immediately, so here we are: */
134 
135     if (setjmp(mainprog_ptr->jmpbuf)) {
136         png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
137         return 2;
138     }
139 
140 
141 #ifdef PNG_HANDLE_AS_UNKNOWN_SUPPORTED
142     /* prepare the reader to ignore all recognized chunks whose data won't be
143      * used, i.e., all chunks recognized by libpng except for IHDR, PLTE, IDAT,
144      * IEND, tRNS, bKGD, gAMA, and sRGB (small performance improvement) */
145     {
146         /* These byte strings were copied from png.h.  If a future version
147          * of readpng2.c recognizes more chunks, add them to this list.
148          */
149         static PNG_CONST png_byte chunks_to_process[] = {
150             98,  75,  71,  68, '\0',  /* bKGD */
151            103,  65,  77,  65, '\0',  /* gAMA */
152            115,  82,  71,  66, '\0',  /* sRGB */
153            };
154 
155        /* Ignore all chunks except for IHDR, PLTE, tRNS, IDAT, and IEND */
156        png_set_keep_unknown_chunks(png_ptr, -1 /* PNG_HANDLE_CHUNK_NEVER */,
157           NULL, -1);
158 
159        /* But do not ignore chunks in the "chunks_to_process" list */
160        png_set_keep_unknown_chunks(png_ptr,
161           0 /* PNG_HANDLE_CHUNK_AS_DEFAULT */, chunks_to_process,
162           sizeof(chunks_to_process)/5);
163     }
164 #endif /* PNG_HANDLE_AS_UNKNOWN_SUPPORTED */
165 
166 
167     /* instead of doing png_init_io() here, now we set up our callback
168      * functions for progressive decoding */
169 
170     png_set_progressive_read_fn(png_ptr, mainprog_ptr,
171       readpng2_info_callback, readpng2_row_callback, readpng2_end_callback);
172 
173 
174     /* make sure we save our pointers for use in readpng2_decode_data() */
175 
176     mainprog_ptr->png_ptr = png_ptr;
177     mainprog_ptr->info_ptr = info_ptr;
178 
179 
180     /* and that's all there is to initialization */
181 
182     return 0;
183 }
184 
185 
186 
187 
188 /* returns 0 for success, 2 for libpng (longjmp) problem */
189 
readpng2_decode_data(mainprog_info * mainprog_ptr,uch * rawbuf,ulg length)190 int readpng2_decode_data(mainprog_info *mainprog_ptr, uch *rawbuf, ulg length)
191 {
192     png_structp png_ptr = (png_structp)mainprog_ptr->png_ptr;
193     png_infop info_ptr = (png_infop)mainprog_ptr->info_ptr;
194 
195 
196     /* setjmp() must be called in every function that calls a PNG-reading
197      * libpng function */
198 
199     if (setjmp(mainprog_ptr->jmpbuf)) {
200         png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
201         mainprog_ptr->png_ptr = NULL;
202         mainprog_ptr->info_ptr = NULL;
203         return 2;
204     }
205 
206 
207     /* hand off the next chunk of input data to libpng for decoding */
208 
209     png_process_data(png_ptr, info_ptr, rawbuf, length);
210 
211     return 0;
212 }
213 
214 
215 
216 
readpng2_info_callback(png_structp png_ptr,png_infop info_ptr)217 static void readpng2_info_callback(png_structp png_ptr, png_infop info_ptr)
218 {
219     mainprog_info  *mainprog_ptr;
220     int  color_type, bit_depth;
221     png_uint_32 width, height;
222 #ifdef PNG_FLOATING_POINT_SUPPORTED
223     double  gamma;
224 #else
225     png_fixed_point gamma;
226 #endif
227 
228 
229     /* setjmp() doesn't make sense here, because we'd either have to exit(),
230      * longjmp() ourselves, or return control to libpng, which doesn't want
231      * to see us again.  By not doing anything here, libpng will instead jump
232      * to readpng2_decode_data(), which can return an error value to the main
233      * program. */
234 
235 
236     /* retrieve the pointer to our special-purpose struct, using the png_ptr
237      * that libpng passed back to us (i.e., not a global this time--there's
238      * no real difference for a single image, but for a multithreaded browser
239      * decoding several PNG images at the same time, one needs to avoid mixing
240      * up different images' structs) */
241 
242     mainprog_ptr = png_get_progressive_ptr(png_ptr);
243 
244     if (mainprog_ptr == NULL) {         /* we be hosed */
245         fprintf(stderr,
246           "readpng2 error:  main struct not recoverable in info_callback.\n");
247         fflush(stderr);
248         return;
249         /*
250          * Alternatively, we could call our error-handler just like libpng
251          * does, which would effectively terminate the program.  Since this
252          * can only happen if png_ptr gets redirected somewhere odd or the
253          * main PNG struct gets wiped, we're probably toast anyway.  (If
254          * png_ptr itself is NULL, we would not have been called.)
255          */
256     }
257 
258 
259     /* this is just like in the non-progressive case */
260 
261     png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type,
262        NULL, NULL, NULL);
263     mainprog_ptr->width = (ulg)width;
264     mainprog_ptr->height = (ulg)height;
265 
266 
267     /* since we know we've read all of the PNG file's "header" (i.e., up
268      * to IDAT), we can check for a background color here */
269 
270     if (mainprog_ptr->need_bgcolor)
271     {
272         png_color_16p pBackground;
273 
274         /* it is not obvious from the libpng documentation, but this function
275          * takes a pointer to a pointer, and it always returns valid red,
276          * green and blue values, regardless of color_type: */
277         if (png_get_bKGD(png_ptr, info_ptr, &pBackground))
278         {
279 
280            /* however, it always returns the raw bKGD data, regardless of any
281             * bit-depth transformations, so check depth and adjust if necessary
282             */
283            if (bit_depth == 16) {
284                mainprog_ptr->bg_red   = pBackground->red   >> 8;
285                mainprog_ptr->bg_green = pBackground->green >> 8;
286                mainprog_ptr->bg_blue  = pBackground->blue  >> 8;
287            } else if (color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8) {
288                if (bit_depth == 1)
289                    mainprog_ptr->bg_red = mainprog_ptr->bg_green =
290                      mainprog_ptr->bg_blue = pBackground->gray? 255 : 0;
291                else if (bit_depth == 2)
292                    mainprog_ptr->bg_red = mainprog_ptr->bg_green =
293                      mainprog_ptr->bg_blue = (255/3) * pBackground->gray;
294                else /* bit_depth == 4 */
295                    mainprog_ptr->bg_red = mainprog_ptr->bg_green =
296                      mainprog_ptr->bg_blue = (255/15) * pBackground->gray;
297            } else {
298                mainprog_ptr->bg_red   = (uch)pBackground->red;
299                mainprog_ptr->bg_green = (uch)pBackground->green;
300                mainprog_ptr->bg_blue  = (uch)pBackground->blue;
301            }
302         }
303     }
304 
305 
306     /* as before, let libpng expand palette images to RGB, low-bit-depth
307      * grayscale images to 8 bits, transparency chunks to full alpha channel;
308      * strip 16-bit-per-sample images to 8 bits per sample; and convert
309      * grayscale to RGB[A] */
310 
311     if (color_type == PNG_COLOR_TYPE_PALETTE)
312         png_set_expand(png_ptr);
313     if (color_type == PNG_COLOR_TYPE_GRAY && bit_depth < 8)
314         png_set_expand(png_ptr);
315     if (png_get_valid(png_ptr, info_ptr, PNG_INFO_tRNS))
316         png_set_expand(png_ptr);
317 #ifdef PNG_READ_16_TO_8_SUPPORTED
318     if (bit_depth == 16)
319 #  ifdef PNG_READ_SCALE_16_TO_8_SUPPORTED
320         png_set_scale_16(png_ptr);
321 #  else
322         png_set_strip_16(png_ptr);
323 #  endif
324 #endif
325     if (color_type == PNG_COLOR_TYPE_GRAY ||
326         color_type == PNG_COLOR_TYPE_GRAY_ALPHA)
327         png_set_gray_to_rgb(png_ptr);
328 
329 
330     /* Unlike the basic viewer, which was designed to operate on local files,
331      * this program is intended to simulate a web browser--even though we
332      * actually read from a local file, too.  But because we are pretending
333      * that most of the images originate on the Internet, we follow the recom-
334      * mendation of the sRGB proposal and treat unlabelled images (no gAMA
335      * chunk) as existing in the sRGB color space.  That is, we assume that
336      * such images have a file gamma of 0.45455, which corresponds to a PC-like
337      * display system.  This change in assumptions will have no effect on a
338      * PC-like system, but on a Mac, SGI, NeXT or other system with a non-
339      * identity lookup table, it will darken unlabelled images, which effec-
340      * tively favors images from PC-like systems over those originating on
341      * the local platform.  Note that mainprog_ptr->display_exponent is the
342      * "gamma" value for the entire display system, i.e., the product of
343      * LUT_exponent and CRT_exponent. */
344 
345 #ifdef PNG_FLOATING_POINT_SUPPORTED
346     if (png_get_gAMA(png_ptr, info_ptr, &gamma))
347         png_set_gamma(png_ptr, mainprog_ptr->display_exponent, gamma);
348     else
349         png_set_gamma(png_ptr, mainprog_ptr->display_exponent, 0.45455);
350 #else
351     if (png_get_gAMA_fixed(png_ptr, info_ptr, &gamma))
352         png_set_gamma_fixed(png_ptr,
353             (png_fixed_point)(100000*mainprog_ptr->display_exponent+.5), gamma);
354     else
355         png_set_gamma_fixed(png_ptr,
356             (png_fixed_point)(100000*mainprog_ptr->display_exponent+.5), 45455);
357 #endif
358 
359     /* we'll let libpng expand interlaced images, too */
360 
361     mainprog_ptr->passes = png_set_interlace_handling(png_ptr);
362 
363 
364     /* all transformations have been registered; now update info_ptr data and
365      * then get rowbytes and channels */
366 
367     png_read_update_info(png_ptr, info_ptr);
368 
369     mainprog_ptr->rowbytes = (int)png_get_rowbytes(png_ptr, info_ptr);
370     mainprog_ptr->channels = png_get_channels(png_ptr, info_ptr);
371 
372 
373     /* Call the main program to allocate memory for the image buffer and
374      * initialize windows and whatnot.  (The old-style function-pointer
375      * invocation is used for compatibility with a few supposedly ANSI
376      * compilers that nevertheless barf on "fn_ptr()"-style syntax.) */
377 
378     (*mainprog_ptr->mainprog_init)();
379 
380 
381     /* and that takes care of initialization */
382 
383     return;
384 }
385 
386 
387 
388 
389 
readpng2_row_callback(png_structp png_ptr,png_bytep new_row,png_uint_32 row_num,int pass)390 static void readpng2_row_callback(png_structp png_ptr, png_bytep new_row,
391                                   png_uint_32 row_num, int pass)
392 {
393     mainprog_info  *mainprog_ptr;
394 
395 
396     /* first check whether the row differs from the previous pass; if not,
397      * nothing to combine or display */
398 
399     if (!new_row)
400         return;
401 
402 
403     /* retrieve the pointer to our special-purpose struct so we can access
404      * the old rows and image-display callback function */
405 
406     mainprog_ptr = png_get_progressive_ptr(png_ptr);
407 
408 
409     /* save the pass number for optional use by the front end */
410 
411     mainprog_ptr->pass = pass;
412 
413 
414     /* have libpng either combine the new row data with the existing row data
415      * from previous passes (if interlaced) or else just copy the new row
416      * into the main program's image buffer */
417 
418     png_progressive_combine_row(png_ptr, mainprog_ptr->row_pointers[row_num],
419       new_row);
420 
421 
422     /* finally, call the display routine in the main program with the number
423      * of the row we just updated */
424 
425     (*mainprog_ptr->mainprog_display_row)(row_num);
426 
427 
428     /* and we're ready for more */
429 
430     return;
431 }
432 
433 
434 
435 
436 
readpng2_end_callback(png_structp png_ptr,png_infop info_ptr)437 static void readpng2_end_callback(png_structp png_ptr, png_infop info_ptr)
438 {
439     mainprog_info  *mainprog_ptr;
440 
441 
442     /* retrieve the pointer to our special-purpose struct */
443 
444     mainprog_ptr = png_get_progressive_ptr(png_ptr);
445 
446 
447     /* let the main program know that it should flush any buffered image
448      * data to the display now and set a "done" flag or whatever, but note
449      * that it SHOULD NOT DESTROY THE PNG STRUCTS YET--in other words, do
450      * NOT call readpng2_cleanup() either here or in the finish_display()
451      * routine; wait until control returns to the main program via
452      * readpng2_decode_data() */
453 
454     (*mainprog_ptr->mainprog_finish_display)();
455 
456 
457     /* all done */
458 
459     (void)info_ptr; /* Unused */
460 
461     return;
462 }
463 
464 
465 
466 
467 
readpng2_cleanup(mainprog_info * mainprog_ptr)468 void readpng2_cleanup(mainprog_info *mainprog_ptr)
469 {
470     png_structp png_ptr = (png_structp)mainprog_ptr->png_ptr;
471     png_infop info_ptr = (png_infop)mainprog_ptr->info_ptr;
472 
473     if (png_ptr && info_ptr)
474         png_destroy_read_struct(&png_ptr, &info_ptr, NULL);
475 
476     mainprog_ptr->png_ptr = NULL;
477     mainprog_ptr->info_ptr = NULL;
478 }
479 
480 
readpng2_warning_handler(png_structp png_ptr,png_const_charp msg)481 static void readpng2_warning_handler(png_structp png_ptr, png_const_charp msg)
482 {
483     fprintf(stderr, "readpng2 libpng warning: %s\n", msg);
484     fflush(stderr);
485     (void)png_ptr; /* Unused */
486 }
487 
488 
readpng2_error_handler(png_structp png_ptr,png_const_charp msg)489 static void readpng2_error_handler(png_structp png_ptr, png_const_charp msg)
490 {
491     mainprog_info  *mainprog_ptr;
492 
493     /* This function, aside from the extra step of retrieving the "error
494      * pointer" (below) and the fact that it exists within the application
495      * rather than within libpng, is essentially identical to libpng's
496      * default error handler.  The second point is critical:  since both
497      * setjmp() and longjmp() are called from the same code, they are
498      * guaranteed to have compatible notions of how big a jmp_buf is,
499      * regardless of whether _BSD_SOURCE or anything else has (or has not)
500      * been defined. */
501 
502     fprintf(stderr, "readpng2 libpng error: %s\n", msg);
503     fflush(stderr);
504 
505     mainprog_ptr = png_get_error_ptr(png_ptr);
506     if (mainprog_ptr == NULL) {         /* we are completely hosed now */
507         fprintf(stderr,
508           "readpng2 severe error:  jmpbuf not recoverable; terminating.\n");
509         fflush(stderr);
510         exit(99);
511     }
512 
513     /* Now we have our data structure we can use the information in it
514      * to return control to our own higher level code (all the points
515      * where 'setjmp' is called in this file.)  This will work with other
516      * error handling mechanisms as well - libpng always calls png_error
517      * when it can proceed no further, thus, so long as the error handler
518      * is intercepted, application code can do its own error recovery.
519      */
520     longjmp(mainprog_ptr->jmpbuf, 1);
521 }
522