AuroraMiddleware/qt5base-lts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update bundled libpng to version 1.6.20

Browse Source 
Merged in the upstream version. The remaining diff to clean 1.6.20 is
archived in the qtpatches.diff file.

Change-Id: I56f557bfe04ac1aa0e2c090826bbb144ae93cbb7
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@theqtcompany.com>
This commit is contained in:
Eirik Aavitsland 2016-02-10 13:57:10 +01:00 committed by aavit
parent 10a4151e83
commit 714cb4020e
18 changed files with 145 additions and 133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
src/3rdparty/libpng/ANNOUNCE vendored
View File

@ -1,4 +1,4 @@
Libpng 1.6.19 - November 12, 2015
Libpng 1.6.20 - December 3, 2015
This is a public release of libpng, intended for use in production codes.
@ -7,104 +7,41 @@ Files available for download:
Source files with LF line endings (for Unix/Linux) and with a
"configure" script
libpng-1.6.19.tar.xz (LZMA-compressed, recommended)
libpng-1.6.19.tar.gz
libpng-1.6.20.tar.xz (LZMA-compressed, recommended)
libpng-1.6.20.tar.gz
Source files with CRLF line endings (for Windows), without the
"configure" script
lpng1619.7z (LZMA-compressed, recommended)
lpng1619.zip
/scratch/glennrp/Libpng16/lpng1620.7z (LZMA-compressed, recommended)
/scratch/glennrp/Libpng16/lpng1620.zip
Other information:
libpng-1.6.19-README.txt
libpng-1.6.19-LICENSE.txt
libpng-1.6.19-*.asc (armored detached GPG signatures)
libpng-1.6.20-README.txt
libpng-1.6.20-LICENSE.txt
libpng-1.6.20-*.asc (armored detached GPG signatures)
Changes since the last public release (1.6.18):
Updated obsolete information about the simplified API macros in the
manual pages (Bug report by Arc Riley).
Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
Rearranged png.h to put the major sections in the same order as
in libpng17.
Eliminated unused PNG_COST_SHIFT, PNG_WEIGHT_SHIFT, PNG_COST_FACTOR, and
PNG_WEIGHT_FACTOR macros.
Suppressed some warnings from the Borland C++ 5.5.1/5.82 compiler
(Bug report by Viktor Szakats). Several warnings remain and are
unavoidable, where we test for overflow.
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
Fixed uninitialized variable in contrib/gregbook/rpng2-x.c
Moved config.h.in~ from the "libpng_autotools_files" list to the
"libpng_autotools_extra" list in autogen.sh because it was causing a
false positive for missing files (bug report by Robert C. Seacord).
Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c
to suppress clang warnings (Bug report by Viktor Szakats).
Fixed some bad links in the man page.
Changed "n bit" to "n-bit" in comments.
Added signed/unsigned 16-bit safety net. This removes the dubious
0x8000 flag definitions on 16-bit systems. They aren't supported
yet the defs *probably* work, however it seems much safer to do this
and be advised if anyone, contrary to advice, is building libpng 1.6
on a 16-bit system. It also adds back various switch default clauses
for GCC; GCC errors out if they are not present (with an appropriately
high level of warnings).
Safely convert num_bytes to a png_byte in png_set_sig_bytes() (Robert
Seacord).
Fixed the recently reported 1's complement security issue by replacing
the value that is illegal in the PNG spec, in both signed and unsigned
values, with 0. Illegal unsigned values (anything greater than or equal
to 0x80000000) can still pass through, but since these are not illegal
in ANSI-C (unlike 0x80000000 in the signed case) the checking that
occurs later can catch them (John Bowler).
Fixed png_save_int_32 when int is not 2's complement (John Bowler).
Updated libpng16 with all the recent test changes from libpng17,
including changes to pngvalid.c to ensure that the original,
distributed, version of contrib/visupng/cexcept.h can be used
(John Bowler).
pngvalid contains the correction to the use of SAVE/STORE_
UNKNOWN_CHUNKS; a bug revealed by changes in libpng 1.7. More
tests contain the --strict option to detect warnings and the
pngvalid-standard test has been corrected so that it does not
turn on progressive-read. There is a separate test which does
that. (John Bowler)
Also made some signed/unsigned fixes.
Make pngstest error limits version specific. Splitting the machine
generated error structs out to a file allows the values to be updated
without changing pngstest.c itself. Since libpng 1.6 and 1.7 have
slightly different error limits this simplifies maintenance. The
makepngs.sh script has also been updated to more accurately reflect
current problems in libpng 1.7 (John Bowler).
Incorporated new test PNG files into make check. tests/pngstest-*
are changed so that the new test files are divided into 8 groups by
gamma and alpha channel. These tests have considerably better code
and pixel-value coverage than contrib/pngsuite; however,coverage is
still incomplete (John Bowler).
Removed the '--strict' in 1.6 because of the double-gamma-correction
warning, updated pngstest-errors.h for the errors detected with the
new contrib/testspngs PNG test files (John Bowler).
Worked around rgb-to-gray issues in libpng 1.6. The previous
attempts to ignore the errors in the code aren't quite enough to
deal with the 'channel selection' encoding added to libpng 1.7; abort.
Fixed 'pow' macros in pngvalid.c. It is legal for 'pow' to be a
macro, therefore the argument list cannot contain preprocessing
directives. Make sure pow is a function where this happens. This is
a minimal safe fix, the issue only arises in non-performance-critical
code (bug report by Curtis Leach, fix by John Bowler).
Added sPLT support to pngtest.c
Prevent setting or writing over-length PLTE chunk (Cosmin Truta).
Silently truncate over-length PLTE chunk while reading.
Libpng incorrectly calculated the output rowbytes when the application
decreased either the number of channels or the bit depth (or both) in
a user transform. This was safe; libpng overallocated buffer space
(potentially by quite a lot; up to 4 times the amount required) but,
from 1.5.4 on, resulted in a png_error (John Bowler).
Fixed some inconsequential cut-and-paste typos in png_set_cHRM_XYZ_fixed().
Clarified COPYRIGHT information to state explicitly that versions
are derived from previous versions.
Removed much of the long list of previous versions from png.h and
libpng.3.
Changes since the last public release (1.6.19):
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Backported tests from libpng-1.7.0beta69.
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit

34
src/3rdparty/libpng/CHANGES vendored
View File

@ -5409,11 +5409,43 @@ Version 1.6.19rc03 [November 3, 2015]
Version 1.6.19rc04 [November 5, 2015]
Fixed new bug with CRC error after reading an over-length palette
(bug report by Cosmin Truta).
(bug report by Cosmin Truta) (CVE-2015-8126).
Version 1.6.19 [November 12, 2015]
Cleaned up coding style in png_handle_PLTE().
Version 1.6.20beta01 [November 20, 2015]
Avoid potential pointer overflow/underflow in png_handle_sPLT() and
png_handle_pCAL() (Bug report by John Regehr).
Version 1.6.20beta02 [November 23, 2015]
Fixed incorrect implementation of png_set_PLTE() that uses png_ptr
not info_ptr, that left png_set_PLTE() open to the CVE-2015-8126
vulnerability.
Version 1.6.20beta03 [November 24, 2015]
Backported tests from libpng-1.7.0beta69.
Version 1.6.20rc01 [November 26, 2015]
Fixed an error in handling of bad zlib CMINFO field in pngfix, found by
American Fuzzy Lop, reported by Brian Carpenter. inflate() doesn't
immediately fault a bad CMINFO field; instead a 'too far back' error
happens later (at least some times). pngfix failed to limit CMINFO to
the allowed values but then assumed that window_bits was in range,
triggering an assert. The bug is mostly harmless; the PNG file cannot
be fixed.
Version 1.6.20rc02 [November 29, 2015]
In libpng 1.6 zlib initialization was changed to use the window size
in the zlib stream, not a fixed value. This causes some invalid images,
where CINFO is too large, to display 'correctly' if the rest of the
data is valid. This provides a workaround for zlib versions where the
error arises (ones that support the API change to use the window size
in the stream).
Version 1.6.20 [December 3, 2015]
No changes.
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
(subscription required; visit
https://lists.sourceforge.net/lists/listinfo/png-mng-implement

4
src/3rdparty/libpng/LICENSE vendored
View File

@ -10,7 +10,7 @@ this sentence.
This code is released under the libpng license.
libpng versions 1.0.7, July 1, 2000, through 1.6.19, November 12, 2015, are
libpng versions 1.0.7, July 1, 2000, through 1.6.20, December 3, 2015, are
Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are
derived from libpng-1.0.6, and are distributed according to the same
disclaimer and license as libpng-1.0.6 with the following individuals
@ -109,4 +109,4 @@ the additional disclaimers inserted at version 1.0.7.
Glenn Randers-Pehrson
glennrp at users.sourceforge.net
November 12, 2015
December 3, 2015

2
src/3rdparty/libpng/README vendored
View File

@ -1,4 +1,4 @@
README for libpng version 1.6.19 - November 12, 2015 (shared library 16.0)
README for libpng version 1.6.20 - December 3, 2015 (shared library 16.0)
See the note about version numbers near the top of png.h
See INSTALL for instructions on how to install libpng.

9
src/3rdparty/libpng/libpng-manual.txt vendored
View File

@ -1,6 +1,6 @@
libpng-manual.txt - A description on how to use and modify libpng
libpng version 1.6.19 - November 12, 2015
libpng version 1.6.20 - December 3, 2015
Updated and distributed by Glenn Randers-Pehrson
<glennrp at users.sourceforge.net>
Copyright (c) 1998-2015 Glenn Randers-Pehrson
@ -11,7 +11,7 @@ libpng-manual.txt - A description on how to use and modify libpng
Based on:
libpng versions 0.97, January 1998, through 1.6.19 - November 12, 2015
libpng versions 0.97, January 1998, through 1.6.20 - December 3, 2015
Updated and distributed by Glenn Randers-Pehrson
Copyright (c) 1998-2015 Glenn Randers-Pehrson
@ -2960,6 +2960,7 @@ width, height, bit_depth, and color_type must be the same in each call.
(array of png_color)
num_palette - number of entries in the palette
png_set_gAMA(png_ptr, info_ptr, file_gamma);
png_set_gAMA_fixed(png_ptr, info_ptr, int_file_gamma);
@ -4897,7 +4898,7 @@ a set of "safe" limits is applied in pngpriv.h. These can be overridden by
application calls to png_set_user_limits(), png_set_user_chunk_cache_max(),
and/or png_set_user_malloc_max() that increase or decrease the limits. Also,
in libpng-1.5.10 the default width and height limits were increased
from 1,000,000 to 0x7ffffff (i.e., made unlimited). Therefore, the
from 1,000,000 to 0x7fffffff (i.e., made unlimited). Therefore, the
limits are now
default safe
png_user_width_max 0x7fffffff 1,000,000
@ -5323,7 +5324,7 @@ Since the PNG Development group is an ad-hoc body, we can't make
an official declaration.
This is your unofficial assurance that libpng from version 0.71 and
upward through 1.6.19 are Y2K compliant. It is my belief that earlier
upward through 1.6.20 are Y2K compliant. It is my belief that earlier
versions were also Y2K compliant.
Libpng only has two year fields. One is a 2-byte unsigned integer

8
src/3rdparty/libpng/png.c vendored
View File

@ -14,7 +14,7 @@
#include "pngpriv.h"
/* Generate a compiler error if there is an old png.h in the search path. */
typedef png_libpng_version_1_6_19 Your_png_h_is_not_version_1_6_19;
typedef png_libpng_version_1_6_20 Your_png_h_is_not_version_1_6_20;
/* Tells libpng that we have already handled the first "num_bytes" bytes
* of the PNG file signature. If the PNG data is embedded into another
@ -775,13 +775,13 @@ png_get_copyright(png_const_structrp png_ptr)
#else
# ifdef __STDC__
return PNG_STRING_NEWLINE \
"libpng version 1.6.19 - November 12, 2015" PNG_STRING_NEWLINE \
"libpng version 1.6.20 - December 3, 2015" PNG_STRING_NEWLINE \
"Copyright (c) 1998-2015 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
"Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
"Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
PNG_STRING_NEWLINE;
# else
return "libpng version 1.6.19 - November 12, 2015\
return "libpng version 1.6.20 - December 3, 2015\
Copyright (c) 1998-2015 Glenn Randers-Pehrson\
Copyright (c) 1996-1997 Andreas Dilger\
Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
@ -2343,7 +2343,7 @@ png_compare_ICC_profile_with_sRGB(png_const_structrp png_ptr,
* Fall through to "no match".
*/
png_chunk_report(png_ptr,
"Not recognizing known sRGB profile that has been edited",
"Not recognizing known sRGB profile that has been edited",
PNG_CHUNK_WARNING);
break;
# endif

23
src/3rdparty/libpng/png.h vendored
View File

@ -1,7 +1,7 @@
/* png.h - header file for PNG reference library
*
* libpng version 1.6.19, November 12, 2015
* libpng version 1.6.20, December 3, 2015
*
* Copyright (c) 1998-2015 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
@ -12,7 +12,8 @@
* Authors and maintainers:
* libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat
* libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger
* libpng versions 0.97, January 1998, through 1.6.19, November 12, 2015: Glenn
* libpng versions 0.97, January 1998, through 1.6.20, December 3, 2015:
* Glenn Randers-Pehrson.
* See also "Contributing Authors", below.
*/
@ -24,7 +25,7 @@
*
* This code is released under the libpng license.
*
* libpng versions 1.0.7, July 1, 2000, through 1.6.19, November 12, 2015, are
* libpng versions 1.0.7, July 1, 2000, through 1.6.20, December 3, 2015, are
* Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, are
* derived from libpng-1.0.6, and are distributed according to the same
* disclaimer and license as libpng-1.0.6 with the following individuals
@ -185,7 +186,7 @@
* ...
* 1.5.23 15 10523 15.so.15.23[.0]
* ...
* 1.6.19 16 10619 16.so.16.19[.0]
* 1.6.20 16 10620 16.so.16.20[.0]
*
* Henceforth the source version will match the shared-library major
* and minor numbers; the shared-library major version number will be
@ -213,13 +214,13 @@
* Y2K compliance in libpng:
* =========================
*
* November 12, 2015
* December 3, 2015
*
* Since the PNG Development group is an ad-hoc body, we can't make
* an official declaration.
*
* This is your unofficial assurance that libpng from version 0.71 and
* upward through 1.6.19 are Y2K compliant. It is my belief that
* upward through 1.6.20 are Y2K compliant. It is my belief that
* earlier versions were also Y2K compliant.
*
* Libpng only has two year fields. One is a 2-byte unsigned integer
@ -281,9 +282,9 @@
*/
/* Version information for png.h - this should match the version in png.c */
#define PNG_LIBPNG_VER_STRING "1.6.19"
#define PNG_LIBPNG_VER_STRING "1.6.20"
#define PNG_HEADER_VERSION_STRING \
" libpng version 1.6.19 - November 12, 2015\n"
" libpng version 1.6.20 - December 3, 2015\n"
#define PNG_LIBPNG_VER_SONUM 16
#define PNG_LIBPNG_VER_DLLNUM 16
@ -291,7 +292,7 @@
/* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */
#define PNG_LIBPNG_VER_MAJOR 1
#define PNG_LIBPNG_VER_MINOR 6
#define PNG_LIBPNG_VER_RELEASE 19
#define PNG_LIBPNG_VER_RELEASE 20
/* This should match the numeric part of the final component of
* PNG_LIBPNG_VER_STRING, omitting any leading zero:
@ -322,7 +323,7 @@
* version 1.0.0 was mis-numbered 100 instead of 10000). From
* version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release
*/
#define PNG_LIBPNG_VER 10619 /* 1.6.19 */
#define PNG_LIBPNG_VER 10620 /* 1.6.20 */
/* Library configuration: these options cannot be changed after
* the library has been built.
@ -432,7 +433,7 @@ extern "C" {
/* This triggers a compiler error in png.c, if png.c and png.h
* do not agree upon the version number.
*/
typedef char* png_libpng_version_1_6_19;
typedef char* png_libpng_version_1_6_20;
/* Basic control structions. Read libpng-manual.txt or libpng.3 for more info.
*

2
src/3rdparty/libpng/pngconf.h vendored
View File

@ -1,7 +1,7 @@
/* pngconf.h - machine configurable file for libpng
*
* libpng version 1.6.19, July 23, 2015
* libpng version 1.6.20, December 3, 2015
*
* Copyright (c) 1998-2015 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)

2
src/3rdparty/libpng/pngerror.c vendored
View File

@ -768,7 +768,7 @@ png_longjmp,(png_const_structrp png_ptr, int val),PNG_NORETURN)
/* If control reaches this point, png_longjmp() must not return. The only
* choice is to terminate the whole process (or maybe the thread); to do
* this the ANSI-C abort() function is used unless a different method is
* this the ANSI-C abort() function is used unless a different method is
* implemented by overriding the default configuration setting for
* PNG_ABORT().
*/

2
src/3rdparty/libpng/pnginfo.h vendored
View File

@ -223,7 +223,7 @@ defined(PNG_READ_BACKGROUND_SUPPORTED)
/* Storage for unknown chunks that the library doesn't recognize. */
png_unknown_chunkp unknown_chunks;
/* The type of this field is limited by the type of
/* The type of this field is limited by the type of
* png_struct::user_chunk_cache_max, else overflow can occur.
*/
int unknown_chunks_num;

2
src/3rdparty/libpng/pnglibconf.h vendored
View File

@ -1,6 +1,6 @@
/* pnglibconf.h - library build configuration */
/* libpng version 1.6.19, July 23, 2015 */
/* libpng version 1.6.20 - December 3, 2015 */
/* Copyright (c) 1998-2014 Glenn Randers-Pehrson */

4
src/3rdparty/libpng/pngpread.c vendored
View File

@ -133,7 +133,7 @@ png_process_some_data(png_structrp png_ptr, png_inforp info_ptr)
void /* PRIVATE */
png_push_read_sig(png_structrp png_ptr, png_inforp info_ptr)
{
png_size_t num_checked = png_ptr->sig_bytes, /* SAFE, does not exceed 8 */
png_size_t num_checked = png_ptr->sig_bytes, /* SAFE, does not exceed 8 */
num_to_check = 8 - num_checked;
if (png_ptr->buffer_size < num_to_check)
@ -662,7 +662,7 @@ png_process_IDAT_data(png_structrp png_ptr, png_bytep buffer,
* change the current behavior (see comments in inflate.c
* for why this doesn't happen at present with zlib 1.2.5).
*/
ret = inflate(&png_ptr->zstream, Z_SYNC_FLUSH);
ret = PNG_INFLATE(png_ptr, Z_SYNC_FLUSH);
/* Check for any failure before proceeding. */
if (ret != Z_OK && ret != Z_STREAM_END)

8
src/3rdparty/libpng/pngpriv.h vendored
View File

@ -1229,6 +1229,14 @@ PNG_INTERNAL_FUNCTION(void,png_read_finish_row,(png_structrp png_ptr),
/* Initialize the row buffers, etc. */
PNG_INTERNAL_FUNCTION(void,png_read_start_row,(png_structrp png_ptr),PNG_EMPTY);
#if PNG_ZLIB_VERNUM >= 0x1240
PNG_INTERNAL_FUNCTION(int,png_zlib_inflate,(png_structrp png_ptr, int flush),
PNG_EMPTY);
# define PNG_INFLATE(pp, flush) png_zlib_inflate(pp, flush)
#else /* Zlib < 1.2.4 */
# define PNG_INFLATE(pp, flush) inflate(&(pp)->zstream, flush)
#endif /* Zlib < 1.2.4 */
#ifdef PNG_READ_TRANSFORMS_SUPPORTED
/* Optional call to update the users info structure */
PNG_INTERNAL_FUNCTION(void,png_read_transform_info,(png_structrp png_ptr,

1
src/3rdparty/libpng/pngread.c vendored
View File

@ -2838,7 +2838,6 @@ png_image_read_colormap(png_voidp argument)
default:
png_error(png_ptr, "invalid PNG color type");
/*NOT REACHED*/
break;
}
/* Now deal with the output processing */

43
src/3rdparty/libpng/pngrutil.c vendored
View File

@ -1,7 +1,7 @@
/* pngrutil.c - utilities to read a PNG file
*
* Last changed in libpng 1.6.19 [November 12, 2015]
* Last changed in libpng 1.6.20 [December 3, 2015]
* Copyright (c) 1998-2015 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@ -377,10 +377,16 @@ png_inflate_claim(png_structrp png_ptr, png_uint_32 owner)
if (((png_ptr->options >> PNG_MAXIMUM_INFLATE_WINDOW) & 3) ==
PNG_OPTION_ON)
{
window_bits = 15;
png_ptr->zstream_start = 0; /* fixed window size */
}
else
{
window_bits = 0;
png_ptr->zstream_start = 1;
}
# else
# define window_bits 0
# endif
@ -429,6 +435,31 @@ png_inflate_claim(png_structrp png_ptr, png_uint_32 owner)
#endif
}
#if PNG_ZLIB_VERNUM >= 0x1240
/* Handle the start of the inflate stream if we called inflateInit2(strm,0);
* in this case some zlib versions skip validation of the CINFO field and, in
* certain circumstances, libpng may end up displaying an invalid image, in
* contrast to implementations that call zlib in the normal way (e.g. libpng
* 1.5).
*/
int /* PRIVATE */
png_zlib_inflate(png_structrp png_ptr, int flush)
{
if (png_ptr->zstream_start && png_ptr->zstream.avail_in > 0)
{
if ((*png_ptr->zstream.next_in >> 4) > 7)
{
png_ptr->zstream.msg = "invalid window size (libpng)";
return Z_DATA_ERROR;
}
png_ptr->zstream_start = 0;
}
return inflate(&png_ptr->zstream, flush);
}
#endif /* Zlib >= 1.2.4 */
#ifdef PNG_READ_COMPRESSED_TEXT_SUPPORTED
/* png_inflate now returns zlib error codes including Z_OK and Z_STREAM_END to
* allow the caller to do multiple calls if required. If the 'finish' flag is
@ -522,7 +553,7 @@ png_inflate(png_structrp png_ptr, png_uint_32 owner, int finish,
* the previous chunk of input data. Tell zlib if we have reached the
* end of the output buffer.
*/
ret = inflate(&png_ptr->zstream, avail_out > 0 ? Z_NO_FLUSH :
ret = PNG_INFLATE(png_ptr, avail_out > 0 ? Z_NO_FLUSH :
(finish ? Z_FINISH : Z_SYNC_FLUSH));
} while (ret == Z_OK);
@ -771,7 +802,7 @@ png_inflate_read(png_structrp png_ptr, png_bytep read_buffer, uInt read_size,
* the available output is produced; this allows reading of truncated
* streams.
*/
ret = inflate(&png_ptr->zstream,
ret = PNG_INFLATE(png_ptr,
*chunk_bytes > 0 ? Z_NO_FLUSH : (finish ? Z_FINISH : Z_SYNC_FLUSH));
}
while (ret == Z_OK && (*out_size > 0 || png_ptr->zstream.avail_out > 0));
@ -1670,7 +1701,7 @@ png_handle_sPLT(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
++entry_start;
/* A sample depth should follow the separator, and we should be on it */
if (entry_start > buffer + length - 2)
if (length < 2U || entry_start > buffer + (length - 2U))
{
png_warning(png_ptr, "malformed sPLT chunk");
return;
@ -2174,7 +2205,7 @@ png_handle_pCAL(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length)
/* We need to have at least 12 bytes after the purpose string
* in order to get the parameter information.
*/
if (endptr <= buf + 12)
if (endptr - buf <= 12)
{
png_chunk_benign_error(png_ptr, "invalid");
return;
@ -4039,7 +4070,7 @@ png_read_IDAT_data(png_structrp png_ptr, png_bytep output,
*
* TODO: deal more elegantly with truncated IDAT lists.
*/
ret = inflate(&png_ptr->zstream, Z_NO_FLUSH);
ret = PNG_INFLATE(png_ptr, Z_NO_FLUSH);
/* Take the unconsumed output back. */
if (output != NULL)

6
src/3rdparty/libpng/pngset.c vendored
View File

@ -520,8 +520,8 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr,
if (png_ptr == NULL || info_ptr == NULL)
return;
max_palette_length = (png_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
(1 << png_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
max_palette_length = (info_ptr->color_type == PNG_COLOR_TYPE_PALETTE) ?
(1 << info_ptr->bit_depth) : PNG_MAX_PALETTE_LENGTH;
if (num_palette < 0 || num_palette > (int) max_palette_length)
{
@ -1573,7 +1573,7 @@ png_set_user_limits (png_structrp png_ptr, png_uint_32 user_width_max,
{
/* Images with dimensions larger than these limits will be
* rejected by png_set_IHDR(). To accept any PNG datastream
* regardless of dimensions, set both limits to 0x7ffffff.
* regardless of dimensions, set both limits to 0x7fffffff.
*/
if (png_ptr == NULL)
return;

3
src/3rdparty/libpng/pngstruct.h vendored
View File

@ -263,6 +263,9 @@ struct png_struct_def
/* pixel depth used for the row buffers */
png_byte transformed_pixel_depth;
/* pixel depth after read/write transforms */
#if PNG_ZLIB_VERNUM >= 0x1240
png_byte zstream_start; /* at start of an input zlib stream */
#endif /* Zlib >= 1.2.4 */
#if defined(PNG_READ_FILLER_SUPPORTED) || defined(PNG_WRITE_FILLER_SUPPORTED)
png_uint_16 filler; /* filler bytes for pixel expansion */
#endif

6
src/3rdparty/libpng/pngwutil.c vendored
View File

@ -2563,7 +2563,7 @@ png_write_find_filter(png_structrp png_ptr, png_row_infop row_info)
if (filter_to_do == PNG_FILTER_SUB)
/* It's the only filter so no testing is needed */
{
(void) png_setup_sub_row(png_ptr, bpp, row_bytes, mins);
(void) png_setup_sub_row(png_ptr, bpp, row_bytes, mins);
best_row = png_ptr->try_row;
}
@ -2572,7 +2572,7 @@ png_write_find_filter(png_structrp png_ptr, png_row_infop row_info)
png_size_t sum;
png_size_t lmins = mins;
sum = png_setup_sub_row(png_ptr, bpp, row_bytes, lmins);
sum = png_setup_sub_row(png_ptr, bpp, row_bytes, lmins);
if (sum < mins)
{
@ -2598,7 +2598,7 @@ png_write_find_filter(png_structrp png_ptr, png_row_infop row_info)
png_size_t sum;
png_size_t lmins = mins;
sum = png_setup_up_row(png_ptr, row_bytes, lmins);
sum = png_setup_up_row(png_ptr, row_bytes, lmins);
if (sum < mins)
{