control of the unknown handling, corrects the pre-existing bug where
the per-chunk 'keep' setting is ignored and makes it possible to skip
IDAT chunks in the sequential reader (broken in earlier 1.6 versions).
There is a new test program, test-unknown.c, which is a work in progress
(not currently part of the test suite). Comments in the header files now
explain how the unknown handling works.
on read and write. In libpng 1.6 the two cases can be distinguished and
considerable code cleanup, and extra error checking, is possible. This
makes calls on the write side that have no effect be ignored with a
png_app_error(), which can be disabled in the app using
png_set_benign_errors(), and removes the spurious use of usr_channels
on the read side.
Because of the changes to support symbol prefixing PNG_INTERNAL_FUNCTION
declares floating point APIs during libpng builds even if they are completely
disabled. This requires the png floating point types (png_double*) to be
declared even though the functions are never actually defined. This
change provides a dummy definition so that the declarations work, yet any
implementation will fail to compile because of an incomplete type.
on alignment increasing pointer casts when -Wcast-align is passed. This
fixes the cases clang warns about either (pngread.c) by eliminating the
casts from png_bytep to png_uint_16p or, for pngrutil.c where the cast
is previously verified or pngstest.c where it is OK by introducing new
png_aligncast macros to do the cast in a way that clang accepts.
functions [rw]util.c. A new shared keyword check routine was also added
and the 'zbuf' is no longer allocated on progressive read. It is now
possible to call png_inflate() incrementally.
read code now claims and releases png_ptr->zstream, like the write code.
The bug whereby the progressive reader failed to release the zstream
is now fixed, all initialization is delayed, and the code checks for
changed parameters on deflate rather than always calling
deflatedEnd/deflateInit.
problems. This is an intermediate check-in that solves the immediate problems
and introduces one performance improvement (avoiding a copy via png_ptr->zbuf.)
Further changes will be made to make ICC profile handling more secure.
all potentially valid ICC profiles and reject obviously invalid ones.
It now uses png_error() to do so rather than casually writing a PNG
without the necessary color data.
to reset the user limits to safe ones if PNG_SAFE_LIMITS is defined.
To enable, use CPPFLAGS=-DPNG_SAFE_LIMITS on the configure command
or put #define PNG_SAFE_LIMITS_SUPPORTED in pnglibconf.h.prebuilt.
(Reverted previous implementation of PNG_SECURE.)
FLOATING_POINT options were switched off, png.h ended up with lone ';'
characters. This is not valid ANSI-C outside a function. The ';'
characters have been moved inside the definition of PNG_FP_EXPORT and
PNG_FIXED_EXPORT. 2) If either option was switched off, the declaration
of the corresponding functions were completely omitted, even though some
of them are still used internally. The result is still valid, but
produces warnings from gcc with some warning options (including -Wall). The
fix is to cause png.h to declare the functions with PNG_INTERNAL_FUNCTION
when png.h is included from pngpriv.h.
Added new "png_structrp" typedef. Because of the
way libpng works both png_info and png_struct are always accessed via a
single pointer. This means adding C99 'restrict' to the pointer gives
the compiler some opportunity to optimize the code. This change allows that.
changes alter how the tricky allocation of the initial png_struct and png_info
structures are handled. png_info is now handled in pretty much the same
way as everything else, except that the allocations handle NULL return
silently. png_struct is changed in a similar way on allocation and on
deallocation a 'safety' error handler is put in place (which should never
be required). The error handler itself is changed to permit mismatches
in the application and libpng error buffer size; however, this means a
silent change to the API to return the jmp_buf if the size doesn't match
the size from the libpng compilation; libpng now allocates the memory and
this may fail. Overall these changes result in slight code size
reductions; however, this is a reduction in code that is always executed
so is particularly valuable. Overall on a 64-bit system the libpng DLL
decreases in code size by 1733 bytes. pngerror.o increases in size by
about 465 bytes because of the new functionality.
These changes alter how the tricky allocation of the initial png_struct and
png_info structures are handled. png_info is now handled in pretty much the
same way as everything else, except that the allocations handle NULL return
silently. png_struct is changed in a similar way on allocation and on
deallocation a 'safety' error handler is put in place (which should never
be required). The error handler itself is changed to permit mismatches
in the application and libpng error buffer size; however, this means a
silent change to the API to return the jmp_buf if the size doesn't match
the size from the libpng compilation; libpng now allocates the memory and
this may fail. Overall these changes result in slight code size
reductions; however, this is a reduction in code that is always executed
so is particularly valuable. Overall on a 64-bit system the libpng DLL
decreases in code size by 1733 bytes. pngerror.o increases in size by
about 465 bytes because of the new functionality.
Some compilers fault 'extern const' data declarations (because the data is
not initialized); this turns on const-ness only for compilers where
this is known to work.
using g++. The compiler imposes C++ rules on the C source; thus it
is desireable to make the source work with either C or C++ rules
without throwing away useful error information. This change adds
png_voidcast to allow C semantic (void*) cases or the corresponding
C++ static_cast operation, as appropriate.
in pngmem.c; pngvalid would attempt to call png_error() if the allocation
of a png_struct or png_info failed. This would probably have led to a
crash. The pngmem.c implementation of png_malloc() included a cast
to png_size_t which would fail on large allocations on 16-bit systems.
