2 /* png.c - location for general purpose libpng functions
4 * Last changed in libpng 1.6.9 [February 6, 2014]
5 * Copyright (c) 1998-2014 Glenn Randers-Pehrson
6 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
7 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
9 * This code is released under the libpng license.
10 * For conditions of distribution and use, see the disclaimer
11 * and license in png.h
16 /* Generate a compiler error if there is an old png.h in the search path. */
17 typedef png_libpng_version_1_6_9 Your_png_h_is_not_version_1_6_9
;
19 /* Tells libpng that we have already handled the first "num_bytes" bytes
20 * of the PNG file signature. If the PNG data is embedded into another
21 * stream we can set num_bytes = 8 so that libpng will not attempt to read
22 * or write any of the magic bytes before it starts on the IHDR.
25 #ifdef PNG_READ_SUPPORTED
27 png_set_sig_bytes(png_structrp png_ptr
, int num_bytes
)
29 png_debug(1, "in png_set_sig_bytes");
35 png_error(png_ptr
, "Too many bytes for PNG signature");
37 png_ptr
->sig_bytes
= (png_byte
)(num_bytes
< 0 ?
0 : num_bytes
);
40 /* Checks whether the supplied bytes match the PNG signature. We allow
41 * checking less than the full 8-byte signature so that those apps that
42 * already read the first few bytes of a file to determine the file type
43 * can simply check the remaining bytes for extra assurance. Returns
44 * an integer less than, equal to, or greater than zero if sig is found,
45 * respectively, to be less than, to match, or be greater than the correct
46 * PNG signature (this is the same behavior as strcmp, memcmp, etc).
49 png_sig_cmp(png_const_bytep sig
, png_size_t start
, png_size_t num_to_check
)
51 png_byte png_signature
[8] = {137, 80, 78, 71, 13, 10, 26, 10};
56 else if (num_to_check
< 1)
62 if (start
+ num_to_check
> 8)
63 num_to_check
= 8 - start
;
65 return ((int)(memcmp(&sig
[start
], &png_signature
[start
], num_to_check
)));
68 #endif /* PNG_READ_SUPPORTED */
70 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
71 /* Function to allocate memory for zlib */
72 PNG_FUNCTION(voidpf
/* PRIVATE */,
73 png_zalloc
,(voidpf png_ptr
, uInt items
, uInt size
),PNG_ALLOCATED
)
75 png_alloc_size_t num_bytes
= size
;
80 if (items
>= (~(png_alloc_size_t
)0)/size
)
82 png_warning (png_voidcast(png_structrp
, png_ptr
),
83 "Potential overflow in png_zalloc()");
88 return png_malloc_warn(png_voidcast(png_structrp
, png_ptr
), num_bytes
);
91 /* Function to free memory for zlib */
93 png_zfree(voidpf png_ptr
, voidpf ptr
)
95 png_free(png_voidcast(png_const_structrp
,png_ptr
), ptr
);
98 /* Reset the CRC variable to 32 bits of 1's. Care must be taken
99 * in case CRC is > 32 bits to leave the top bits 0.
102 png_reset_crc(png_structrp png_ptr
)
104 /* The cast is safe because the crc is a 32 bit value. */
105 png_ptr
->crc
= (png_uint_32
)crc32(0, Z_NULL
, 0);
108 /* Calculate the CRC over a section of data. We can only pass as
109 * much data to this routine as the largest single buffer size. We
110 * also check that this data will actually be used before going to the
111 * trouble of calculating it.
114 png_calculate_crc(png_structrp png_ptr
, png_const_bytep ptr
, png_size_t length
)
118 if (PNG_CHUNK_ANCILLARY(png_ptr
->chunk_name
))
120 if ((png_ptr
->flags
& PNG_FLAG_CRC_ANCILLARY_MASK
) ==
121 (PNG_FLAG_CRC_ANCILLARY_USE
| PNG_FLAG_CRC_ANCILLARY_NOWARN
))
127 if (png_ptr
->flags
& PNG_FLAG_CRC_CRITICAL_IGNORE
)
131 /* 'uLong' is defined in zlib.h as unsigned long; this means that on some
132 * systems it is a 64 bit value. crc32, however, returns 32 bits so the
133 * following cast is safe. 'uInt' may be no more than 16 bits, so it is
134 * necessary to perform a loop here.
136 if (need_crc
&& length
> 0)
138 uLong crc
= png_ptr
->crc
; /* Should never issue a warning */
142 uInt safe_length
= (uInt
)length
;
143 if (safe_length
== 0)
144 safe_length
= (uInt
)-1; /* evil, but safe */
146 crc
= crc32(crc
, ptr
, safe_length
);
148 /* The following should never issue compiler warnings; if they do the
149 * target system has characteristics that will probably violate other
150 * assumptions within the libpng code.
153 length
-= safe_length
;
157 /* And the following is always safe because the crc is only 32 bits. */
158 png_ptr
->crc
= (png_uint_32
)crc
;
162 /* Check a user supplied version number, called from both read and write
163 * functions that create a png_struct.
166 png_user_version_check(png_structrp png_ptr
, png_const_charp user_png_ver
)
174 if (user_png_ver
[i
] != png_libpng_ver
[i
])
175 png_ptr
->flags
|= PNG_FLAG_LIBRARY_MISMATCH
;
176 } while (png_libpng_ver
[i
++]);
180 png_ptr
->flags
|= PNG_FLAG_LIBRARY_MISMATCH
;
182 if (png_ptr
->flags
& PNG_FLAG_LIBRARY_MISMATCH
)
184 /* Libpng 0.90 and later are binary incompatible with libpng 0.89, so
185 * we must recompile any applications that use any older library version.
186 * For versions after libpng 1.0, we will be compatible, so we need
187 * only check the first and third digits (note that when we reach version
188 * 1.10 we will need to check the fourth symbol, namely user_png_ver[3]).
190 if (user_png_ver
== NULL
|| user_png_ver
[0] != png_libpng_ver
[0] ||
191 (user_png_ver
[0] == '1' && (user_png_ver
[2] != png_libpng_ver
[2] ||
192 user_png_ver
[3] != png_libpng_ver
[3])) ||
193 (user_png_ver
[0] == '0' && user_png_ver
[2] < '9'))
195 #ifdef PNG_WARNINGS_SUPPORTED
199 pos
= png_safecat(m
, (sizeof m
), pos
,
200 "Application built with libpng-");
201 pos
= png_safecat(m
, (sizeof m
), pos
, user_png_ver
);
202 pos
= png_safecat(m
, (sizeof m
), pos
, " but running with ");
203 pos
= png_safecat(m
, (sizeof m
), pos
, png_libpng_ver
);
206 png_warning(png_ptr
, m
);
209 #ifdef PNG_ERROR_NUMBERS_SUPPORTED
217 /* Success return. */
221 /* Generic function to create a png_struct for either read or write - this
222 * contains the common initialization.
224 PNG_FUNCTION(png_structp
/* PRIVATE */,
225 png_create_png_struct
,(png_const_charp user_png_ver
, png_voidp error_ptr
,
226 png_error_ptr error_fn
, png_error_ptr warn_fn
, png_voidp mem_ptr
,
227 png_malloc_ptr malloc_fn
, png_free_ptr free_fn
),PNG_ALLOCATED
)
229 png_struct create_struct
;
230 # ifdef PNG_SETJMP_SUPPORTED
231 jmp_buf create_jmp_buf
;
234 /* This temporary stack-allocated structure is used to provide a place to
235 * build enough context to allow the user provided memory allocator (if any)
238 memset(&create_struct
, 0, (sizeof create_struct
));
240 /* Added at libpng-1.2.6 */
241 # ifdef PNG_USER_LIMITS_SUPPORTED
242 create_struct
.user_width_max
= PNG_USER_WIDTH_MAX
;
243 create_struct
.user_height_max
= PNG_USER_HEIGHT_MAX
;
245 # ifdef PNG_USER_CHUNK_CACHE_MAX
246 /* Added at libpng-1.2.43 and 1.4.0 */
247 create_struct
.user_chunk_cache_max
= PNG_USER_CHUNK_CACHE_MAX
;
250 # ifdef PNG_USER_CHUNK_MALLOC_MAX
251 /* Added at libpng-1.2.43 and 1.4.1, required only for read but exists
252 * in png_struct regardless.
254 create_struct
.user_chunk_malloc_max
= PNG_USER_CHUNK_MALLOC_MAX
;
258 /* The following two API calls simply set fields in png_struct, so it is safe
259 * to do them now even though error handling is not yet set up.
261 # ifdef PNG_USER_MEM_SUPPORTED
262 png_set_mem_fn(&create_struct
, mem_ptr
, malloc_fn
, free_fn
);
265 PNG_UNUSED(malloc_fn
)
269 /* (*error_fn) can return control to the caller after the error_ptr is set,
270 * this will result in a memory leak unless the error_fn does something
271 * extremely sophisticated. The design lacks merit but is implicit in the
274 png_set_error_fn(&create_struct
, error_ptr
, error_fn
, warn_fn
);
276 # ifdef PNG_SETJMP_SUPPORTED
277 if (!setjmp(create_jmp_buf
))
279 /* Temporarily fake out the longjmp information until we have
280 * successfully completed this function. This only works if we have
281 * setjmp() support compiled in, but it is safe - this stuff should
284 create_struct
.jmp_buf_ptr
= &create_jmp_buf
;
285 create_struct
.jmp_buf_size
= 0; /*stack allocation*/
286 create_struct
.longjmp_fn
= longjmp
;
290 /* Call the general version checker (shared with read and write code):
292 if (png_user_version_check(&create_struct
, user_png_ver
))
294 png_structrp png_ptr
= png_voidcast(png_structrp
,
295 png_malloc_warn(&create_struct
, (sizeof *png_ptr
)));
299 /* png_ptr->zstream holds a back-pointer to the png_struct, so
300 * this can only be done now:
302 create_struct
.zstream
.zalloc
= png_zalloc
;
303 create_struct
.zstream
.zfree
= png_zfree
;
304 create_struct
.zstream
.opaque
= png_ptr
;
306 # ifdef PNG_SETJMP_SUPPORTED
307 /* Eliminate the local error handling: */
308 create_struct
.jmp_buf_ptr
= NULL
;
309 create_struct
.jmp_buf_size
= 0;
310 create_struct
.longjmp_fn
= 0;
313 *png_ptr
= create_struct
;
315 /* This is the successful return point */
321 /* A longjmp because of a bug in the application storage allocator or a
322 * simple failure to allocate the png_struct.
327 /* Allocate the memory for an info_struct for the application. */
328 PNG_FUNCTION(png_infop
,PNGAPI
329 png_create_info_struct
,(png_const_structrp png_ptr
),PNG_ALLOCATED
)
333 png_debug(1, "in png_create_info_struct");
338 /* Use the internal API that does not (or at least should not) error out, so
339 * that this call always returns ok. The application typically sets up the
340 * error handling *after* creating the info_struct because this is the way it
341 * has always been done in 'example.c'.
343 info_ptr
= png_voidcast(png_inforp
, png_malloc_base(png_ptr
,
344 (sizeof *info_ptr
)));
346 if (info_ptr
!= NULL
)
347 memset(info_ptr
, 0, (sizeof *info_ptr
));
352 /* This function frees the memory associated with a single info struct.
353 * Normally, one would use either png_destroy_read_struct() or
354 * png_destroy_write_struct() to free an info struct, but this may be
355 * useful for some applications. From libpng 1.6.0 this function is also used
356 * internally to implement the png_info release part of the 'struct' destroy
357 * APIs. This ensures that all possible approaches free the same data (all of
361 png_destroy_info_struct(png_const_structrp png_ptr
, png_infopp info_ptr_ptr
)
363 png_inforp info_ptr
= NULL
;
365 png_debug(1, "in png_destroy_info_struct");
370 if (info_ptr_ptr
!= NULL
)
371 info_ptr
= *info_ptr_ptr
;
373 if (info_ptr
!= NULL
)
375 /* Do this first in case of an error below; if the app implements its own
376 * memory management this can lead to png_free calling png_error, which
377 * will abort this routine and return control to the app error handler.
378 * An infinite loop may result if it then tries to free the same info
381 *info_ptr_ptr
= NULL
;
383 png_free_data(png_ptr
, info_ptr
, PNG_FREE_ALL
, -1);
384 memset(info_ptr
, 0, (sizeof *info_ptr
));
385 png_free(png_ptr
, info_ptr
);
389 /* Initialize the info structure. This is now an internal function (0.89)
390 * and applications using it are urged to use png_create_info_struct()
391 * instead. Use deprecated in 1.6.0, internal use removed (used internally it
394 * NOTE: it is almost inconceivable that this API is used because it bypasses
395 * the user-memory mechanism and the user error handling/warning mechanisms in
396 * those cases where it does anything other than a memset.
398 PNG_FUNCTION(void,PNGAPI
399 png_info_init_3
,(png_infopp ptr_ptr
, png_size_t png_info_struct_size
),
402 png_inforp info_ptr
= *ptr_ptr
;
404 png_debug(1, "in png_info_init_3");
406 if (info_ptr
== NULL
)
409 if ((sizeof (png_info
)) > png_info_struct_size
)
412 /* The following line is why this API should not be used: */
414 info_ptr
= png_voidcast(png_inforp
, png_malloc_base(NULL
,
415 (sizeof *info_ptr
)));
419 /* Set everything to 0 */
420 memset(info_ptr
, 0, (sizeof *info_ptr
));
423 /* The following API is not called internally */
425 png_data_freer(png_const_structrp png_ptr
, png_inforp info_ptr
,
426 int freer
, png_uint_32 mask
)
428 png_debug(1, "in png_data_freer");
430 if (png_ptr
== NULL
|| info_ptr
== NULL
)
433 if (freer
== PNG_DESTROY_WILL_FREE_DATA
)
434 info_ptr
->free_me
|= mask
;
436 else if (freer
== PNG_USER_WILL_FREE_DATA
)
437 info_ptr
->free_me
&= ~mask
;
440 png_error(png_ptr
, "Unknown freer parameter in png_data_freer");
444 png_free_data(png_const_structrp png_ptr
, png_inforp info_ptr
, png_uint_32 mask
,
447 png_debug(1, "in png_free_data");
449 if (png_ptr
== NULL
|| info_ptr
== NULL
)
452 #ifdef PNG_TEXT_SUPPORTED
453 /* Free text item num or (if num == -1) all text items */
454 if ((mask
& PNG_FREE_TEXT
) & info_ptr
->free_me
)
458 if (info_ptr
->text
&& info_ptr
->text
[num
].key
)
460 png_free(png_ptr
, info_ptr
->text
[num
].key
);
461 info_ptr
->text
[num
].key
= NULL
;
468 for (i
= 0; i
< info_ptr
->num_text
; i
++)
469 png_free_data(png_ptr
, info_ptr
, PNG_FREE_TEXT
, i
);
470 png_free(png_ptr
, info_ptr
->text
);
471 info_ptr
->text
= NULL
;
472 info_ptr
->num_text
=0;
477 #ifdef PNG_tRNS_SUPPORTED
478 /* Free any tRNS entry */
479 if ((mask
& PNG_FREE_TRNS
) & info_ptr
->free_me
)
481 png_free(png_ptr
, info_ptr
->trans_alpha
);
482 info_ptr
->trans_alpha
= NULL
;
483 info_ptr
->valid
&= ~PNG_INFO_tRNS
;
487 #ifdef PNG_sCAL_SUPPORTED
488 /* Free any sCAL entry */
489 if ((mask
& PNG_FREE_SCAL
) & info_ptr
->free_me
)
491 png_free(png_ptr
, info_ptr
->scal_s_width
);
492 png_free(png_ptr
, info_ptr
->scal_s_height
);
493 info_ptr
->scal_s_width
= NULL
;
494 info_ptr
->scal_s_height
= NULL
;
495 info_ptr
->valid
&= ~PNG_INFO_sCAL
;
499 #ifdef PNG_pCAL_SUPPORTED
500 /* Free any pCAL entry */
501 if ((mask
& PNG_FREE_PCAL
) & info_ptr
->free_me
)
503 png_free(png_ptr
, info_ptr
->pcal_purpose
);
504 png_free(png_ptr
, info_ptr
->pcal_units
);
505 info_ptr
->pcal_purpose
= NULL
;
506 info_ptr
->pcal_units
= NULL
;
507 if (info_ptr
->pcal_params
!= NULL
)
510 for (i
= 0; i
< info_ptr
->pcal_nparams
; i
++)
512 png_free(png_ptr
, info_ptr
->pcal_params
[i
]);
513 info_ptr
->pcal_params
[i
] = NULL
;
515 png_free(png_ptr
, info_ptr
->pcal_params
);
516 info_ptr
->pcal_params
= NULL
;
518 info_ptr
->valid
&= ~PNG_INFO_pCAL
;
522 #ifdef PNG_iCCP_SUPPORTED
523 /* Free any profile entry */
524 if ((mask
& PNG_FREE_ICCP
) & info_ptr
->free_me
)
526 png_free(png_ptr
, info_ptr
->iccp_name
);
527 png_free(png_ptr
, info_ptr
->iccp_profile
);
528 info_ptr
->iccp_name
= NULL
;
529 info_ptr
->iccp_profile
= NULL
;
530 info_ptr
->valid
&= ~PNG_INFO_iCCP
;
534 #ifdef PNG_sPLT_SUPPORTED
535 /* Free a given sPLT entry, or (if num == -1) all sPLT entries */
536 if ((mask
& PNG_FREE_SPLT
) & info_ptr
->free_me
)
540 if (info_ptr
->splt_palettes
)
542 png_free(png_ptr
, info_ptr
->splt_palettes
[num
].name
);
543 png_free(png_ptr
, info_ptr
->splt_palettes
[num
].entries
);
544 info_ptr
->splt_palettes
[num
].name
= NULL
;
545 info_ptr
->splt_palettes
[num
].entries
= NULL
;
551 if (info_ptr
->splt_palettes_num
)
554 for (i
= 0; i
< info_ptr
->splt_palettes_num
; i
++)
555 png_free_data(png_ptr
, info_ptr
, PNG_FREE_SPLT
, (int)i
);
557 png_free(png_ptr
, info_ptr
->splt_palettes
);
558 info_ptr
->splt_palettes
= NULL
;
559 info_ptr
->splt_palettes_num
= 0;
561 info_ptr
->valid
&= ~PNG_INFO_sPLT
;
566 #ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED
567 if ((mask
& PNG_FREE_UNKN
) & info_ptr
->free_me
)
571 if (info_ptr
->unknown_chunks
)
573 png_free(png_ptr
, info_ptr
->unknown_chunks
[num
].data
);
574 info_ptr
->unknown_chunks
[num
].data
= NULL
;
582 if (info_ptr
->unknown_chunks_num
)
584 for (i
= 0; i
< info_ptr
->unknown_chunks_num
; i
++)
585 png_free_data(png_ptr
, info_ptr
, PNG_FREE_UNKN
, (int)i
);
587 png_free(png_ptr
, info_ptr
->unknown_chunks
);
588 info_ptr
->unknown_chunks
= NULL
;
589 info_ptr
->unknown_chunks_num
= 0;
595 #ifdef PNG_hIST_SUPPORTED
596 /* Free any hIST entry */
597 if ((mask
& PNG_FREE_HIST
) & info_ptr
->free_me
)
599 png_free(png_ptr
, info_ptr
->hist
);
600 info_ptr
->hist
= NULL
;
601 info_ptr
->valid
&= ~PNG_INFO_hIST
;
605 /* Free any PLTE entry that was internally allocated */
606 if ((mask
& PNG_FREE_PLTE
) & info_ptr
->free_me
)
608 png_free(png_ptr
, info_ptr
->palette
);
609 info_ptr
->palette
= NULL
;
610 info_ptr
->valid
&= ~PNG_INFO_PLTE
;
611 info_ptr
->num_palette
= 0;
614 #ifdef PNG_INFO_IMAGE_SUPPORTED
615 /* Free any image bits attached to the info structure */
616 if ((mask
& PNG_FREE_ROWS
) & info_ptr
->free_me
)
618 if (info_ptr
->row_pointers
)
621 for (row
= 0; row
< info_ptr
->height
; row
++)
623 png_free(png_ptr
, info_ptr
->row_pointers
[row
]);
624 info_ptr
->row_pointers
[row
] = NULL
;
626 png_free(png_ptr
, info_ptr
->row_pointers
);
627 info_ptr
->row_pointers
= NULL
;
629 info_ptr
->valid
&= ~PNG_INFO_IDAT
;
634 mask
&= ~PNG_FREE_MUL
;
636 info_ptr
->free_me
&= ~mask
;
638 #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
640 /* This function returns a pointer to the io_ptr associated with the user
641 * functions. The application should free any memory associated with this
642 * pointer before png_write_destroy() or png_read_destroy() are called.
645 png_get_io_ptr(png_const_structrp png_ptr
)
650 return (png_ptr
->io_ptr
);
653 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
654 # ifdef PNG_STDIO_SUPPORTED
655 /* Initialize the default input/output functions for the PNG file. If you
656 * use your own read or write routines, you can call either png_set_read_fn()
657 * or png_set_write_fn() instead of png_init_io(). If you have defined
658 * PNG_NO_STDIO or otherwise disabled PNG_STDIO_SUPPORTED, you must use a
659 * function of your own because "FILE *" isn't necessarily available.
662 png_init_io(png_structrp png_ptr
, png_FILE_p fp
)
664 png_debug(1, "in png_init_io");
669 png_ptr
->io_ptr
= (png_voidp
)fp
;
673 #ifdef PNG_SAVE_INT_32_SUPPORTED
674 /* The png_save_int_32 function assumes integers are stored in two's
675 * complement format. If this isn't the case, then this routine needs to
676 * be modified to write data in two's complement format. Note that,
677 * the following works correctly even if png_int_32 has more than 32 bits
678 * (compare the more complex code required on read for sign extension.)
681 png_save_int_32(png_bytep buf
, png_int_32 i
)
683 buf
[0] = (png_byte
)((i
>> 24) & 0xff);
684 buf
[1] = (png_byte
)((i
>> 16) & 0xff);
685 buf
[2] = (png_byte
)((i
>> 8) & 0xff);
686 buf
[3] = (png_byte
)(i
& 0xff);
690 # ifdef PNG_TIME_RFC1123_SUPPORTED
691 /* Convert the supplied time into an RFC 1123 string suitable for use in
692 * a "Creation Time" or other text-based time string.
695 png_convert_to_rfc1123_buffer(char out
[29], png_const_timep ptime
)
697 static PNG_CONST
char short_months
[12][4] =
698 {"Jan", "Feb", "Mar", "Apr", "May", "Jun",
699 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
704 if (ptime
->year
> 9999 /* RFC1123 limitation */ ||
705 ptime
->month
== 0 || ptime
->month
> 12 ||
706 ptime
->day
== 0 || ptime
->day
> 31 ||
707 ptime
->hour
> 23 || ptime
->minute
> 59 ||
713 char number_buf
[5]; /* enough for a four-digit year */
715 # define APPEND_STRING(string) pos = png_safecat(out, 29, pos, (string))
716 # define APPEND_NUMBER(format, value)\
717 APPEND_STRING(PNG_FORMAT_NUMBER(number_buf, format, (value)))
718 # define APPEND(ch) if (pos < 28) out[pos++] = (ch)
720 APPEND_NUMBER(PNG_NUMBER_FORMAT_u
, (unsigned)ptime
->day
);
722 APPEND_STRING(short_months
[(ptime
->month
- 1)]);
724 APPEND_NUMBER(PNG_NUMBER_FORMAT_u
, ptime
->year
);
726 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u
, (unsigned)ptime
->hour
);
728 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u
, (unsigned)ptime
->minute
);
730 APPEND_NUMBER(PNG_NUMBER_FORMAT_02u
, (unsigned)ptime
->second
);
731 APPEND_STRING(" +0000"); /* This reliably terminates the buffer */
734 # undef APPEND_NUMBER
735 # undef APPEND_STRING
741 # if PNG_LIBPNG_VER < 10700
742 /* To do: remove the following from libpng-1.7 */
743 /* Original API that uses a private buffer in png_struct.
744 * Deprecated because it causes png_struct to carry a spurious temporary
745 * buffer (png_struct::time_buffer), better to have the caller pass this in.
747 png_const_charp PNGAPI
748 png_convert_to_rfc1123(png_structrp png_ptr
, png_const_timep ptime
)
752 /* The only failure above if png_ptr != NULL is from an invalid ptime */
753 if (!png_convert_to_rfc1123_buffer(png_ptr
->time_buffer
, ptime
))
754 png_warning(png_ptr
, "Ignoring invalid time value");
757 return png_ptr
->time_buffer
;
763 # endif /* PNG_TIME_RFC1123_SUPPORTED */
765 #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */
767 png_const_charp PNGAPI
768 png_get_copyright(png_const_structrp png_ptr
)
770 PNG_UNUSED(png_ptr
) /* Silence compiler warning about unused png_ptr */
771 #ifdef PNG_STRING_COPYRIGHT
772 return PNG_STRING_COPYRIGHT
775 return PNG_STRING_NEWLINE \
776 "libpng version 1.6.9 - February 6, 2014" PNG_STRING_NEWLINE \
777 "Copyright (c) 1998-2014 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \
778 "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
779 "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
782 return "libpng version 1.6.9 - February 6, 2014\
783 Copyright (c) 1998-2014 Glenn Randers-Pehrson\
784 Copyright (c) 1996-1997 Andreas Dilger\
785 Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
790 /* The following return the library version as a short string in the
791 * format 1.0.0 through 99.99.99zz. To get the version of *.h files
792 * used with your application, print out PNG_LIBPNG_VER_STRING, which
793 * is defined in png.h.
794 * Note: now there is no difference between png_get_libpng_ver() and
795 * png_get_header_ver(). Due to the version_nn_nn_nn typedef guard,
796 * it is guaranteed that png.c uses the correct version of png.h.
798 png_const_charp PNGAPI
799 png_get_libpng_ver(png_const_structrp png_ptr
)
801 /* Version of *.c files used when building libpng */
802 return png_get_header_ver(png_ptr
);
805 png_const_charp PNGAPI
806 png_get_header_ver(png_const_structrp png_ptr
)
808 /* Version of *.h files used when building libpng */
809 PNG_UNUSED(png_ptr
) /* Silence compiler warning about unused png_ptr */
810 return PNG_LIBPNG_VER_STRING
;
813 png_const_charp PNGAPI
814 png_get_header_version(png_const_structrp png_ptr
)
816 /* Returns longer string containing both version and date */
817 PNG_UNUSED(png_ptr
) /* Silence compiler warning about unused png_ptr */
819 return PNG_HEADER_VERSION_STRING
820 # ifndef PNG_READ_SUPPORTED
825 return PNG_HEADER_VERSION_STRING
;
829 #ifdef PNG_BUILD_GRAYSCALE_PALETTE_SUPPORTED
830 /* NOTE: this routine is not used internally! */
831 /* Build a grayscale palette. Palette is assumed to be 1 << bit_depth
832 * large of png_color. This lets grayscale images be treated as
833 * paletted. Most useful for gamma correction and simplification
834 * of code. This API is not used internally.
837 png_build_grayscale_palette(int bit_depth
, png_colorp palette
)
844 png_debug(1, "in png_do_build_grayscale_palette");
877 for (i
= 0, v
= 0; i
< num_palette
; i
++, v
+= color_inc
)
879 palette
[i
].red
= (png_byte
)v
;
880 palette
[i
].green
= (png_byte
)v
;
881 palette
[i
].blue
= (png_byte
)v
;
886 #ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED
888 png_handle_as_unknown(png_const_structrp png_ptr
, png_const_bytep chunk_name
)
890 /* Check chunk_name and return "keep" value if it's on the list, else 0 */
891 png_const_bytep p
, p_end
;
893 if (png_ptr
== NULL
|| chunk_name
== NULL
|| png_ptr
->num_chunk_list
== 0)
894 return PNG_HANDLE_CHUNK_AS_DEFAULT
;
896 p_end
= png_ptr
->chunk_list
;
897 p
= p_end
+ png_ptr
->num_chunk_list
*5; /* beyond end */
899 /* The code is the fifth byte after each four byte string. Historically this
900 * code was always searched from the end of the list, this is no longer
901 * necessary because the 'set' routine handles duplicate entries correcty.
903 do /* num_chunk_list > 0, so at least one */
907 if (!memcmp(chunk_name
, p
, 4))
912 /* This means that known chunks should be processed and unknown chunks should
913 * be handled according to the value of png_ptr->unknown_default; this can be
914 * confusing because, as a result, there are two levels of defaulting for
917 return PNG_HANDLE_CHUNK_AS_DEFAULT
;
920 #if defined(PNG_READ_UNKNOWN_CHUNKS_SUPPORTED) ||\
921 defined(PNG_HANDLE_AS_UNKNOWN_SUPPORTED)
923 png_chunk_unknown_handling(png_const_structrp png_ptr
, png_uint_32 chunk_name
)
925 png_byte chunk_string
[5];
927 PNG_CSTRING_FROM_CHUNK(chunk_string
, chunk_name
);
928 return png_handle_as_unknown(png_ptr
, chunk_string
);
930 #endif /* READ_UNKNOWN_CHUNKS || HANDLE_AS_UNKNOWN */
931 #endif /* SET_UNKNOWN_CHUNKS */
933 #ifdef PNG_READ_SUPPORTED
934 /* This function, added to libpng-1.0.6g, is untested. */
936 png_reset_zstream(png_structrp png_ptr
)
939 return Z_STREAM_ERROR
;
941 /* WARNING: this resets the window bits to the maximum! */
942 return (inflateReset(&png_ptr
->zstream
));
944 #endif /* PNG_READ_SUPPORTED */
946 /* This function was added to libpng-1.0.7 */
948 png_access_version_number(void)
950 /* Version of *.c files used when building libpng */
951 return((png_uint_32
)PNG_LIBPNG_VER
);
956 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
957 /* Ensure that png_ptr->zstream.msg holds some appropriate error message string.
958 * If it doesn't 'ret' is used to set it to something appropriate, even in cases
959 * like Z_OK or Z_STREAM_END where the error code is apparently a success code.
962 png_zstream_error(png_structrp png_ptr
, int ret
)
964 /* Translate 'ret' into an appropriate error string, priority is given to the
965 * one in zstream if set. This always returns a string, even in cases like
966 * Z_OK or Z_STREAM_END where the error code is a success code.
968 if (png_ptr
->zstream
.msg
== NULL
) switch (ret
)
972 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("unexpected zlib return code");
977 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("unexpected end of LZ stream");
981 /* This means the deflate stream did not have a dictionary; this
982 * indicates a bogus PNG.
984 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("missing LZ dictionary");
988 /* gz APIs only: should not happen */
989 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("zlib IO error");
993 /* internal libpng error */
994 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("bad parameters to zlib");
998 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("damaged LZ stream");
1002 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("insufficient memory");
1006 /* End of input or output; not a problem if the caller is doing
1007 * incremental read or write.
1009 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("truncated");
1012 case Z_VERSION_ERROR
:
1013 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("unsupported zlib version");
1016 case PNG_UNEXPECTED_ZLIB_RETURN
:
1017 /* Compile errors here mean that zlib now uses the value co-opted in
1018 * pngpriv.h for PNG_UNEXPECTED_ZLIB_RETURN; update the switch above
1019 * and change pngpriv.h. Note that this message is "... return",
1020 * whereas the default/Z_OK one is "... return code".
1022 png_ptr
->zstream
.msg
= PNGZ_MSG_CAST("unexpected zlib return");
1027 /* png_convert_size: a PNGAPI but no longer in png.h, so deleted
1031 /* Added at libpng version 1.2.34 and 1.4.0 (moved from pngset.c) */
1032 #ifdef PNG_GAMMA_SUPPORTED /* always set if COLORSPACE */
1034 png_colorspace_check_gamma(png_const_structrp png_ptr
,
1035 png_colorspacerp colorspace
, png_fixed_point gAMA
, int from
)
1036 /* This is called to check a new gamma value against an existing one. The
1037 * routine returns false if the new gamma value should not be written.
1039 * 'from' says where the new gamma value comes from:
1041 * 0: the new gamma value is the libpng estimate for an ICC profile
1042 * 1: the new gamma value comes from a gAMA chunk
1043 * 2: the new gamma value comes from an sRGB chunk
1046 png_fixed_point gtest
;
1048 if ((colorspace
->flags
& PNG_COLORSPACE_HAVE_GAMMA
) != 0 &&
1049 (!png_muldiv(>est
, colorspace
->gamma
, PNG_FP_1
, gAMA
) ||
1050 png_gamma_significant(gtest
)))
1052 /* Either this is an sRGB image, in which case the calculated gamma
1053 * approximation should match, or this is an image with a profile and the
1054 * value libpng calculates for the gamma of the profile does not match the
1055 * value recorded in the file. The former, sRGB, case is an error, the
1056 * latter is just a warning.
1058 if ((colorspace
->flags
& PNG_COLORSPACE_FROM_sRGB
) != 0 || from
== 2)
1060 png_chunk_report(png_ptr
, "gamma value does not match sRGB",
1062 /* Do not overwrite an sRGB value */
1066 else /* sRGB tag not involved */
1068 png_chunk_report(png_ptr
, "gamma value does not match libpng estimate",
1078 png_colorspace_set_gamma(png_const_structrp png_ptr
,
1079 png_colorspacerp colorspace
, png_fixed_point gAMA
)
1081 /* Changed in libpng-1.5.4 to limit the values to ensure overflow can't
1082 * occur. Since the fixed point representation is assymetrical it is
1083 * possible for 1/gamma to overflow the limit of 21474 and this means the
1084 * gamma value must be at least 5/100000 and hence at most 20000.0. For
1085 * safety the limits here are a little narrower. The values are 0.00016 to
1086 * 6250.0, which are truly ridiculous gamma values (and will produce
1087 * displays that are all black or all white.)
1089 * In 1.6.0 this test replaces the ones in pngrutil.c, in the gAMA chunk
1090 * handling code, which only required the value to be >0.
1092 png_const_charp errmsg
;
1094 if (gAMA
< 16 || gAMA
> 625000000)
1095 errmsg
= "gamma value out of range";
1097 # ifdef PNG_READ_gAMA_SUPPORTED
1098 /* Allow the application to set the gamma value more than once */
1099 else if ((png_ptr
->mode
& PNG_IS_READ_STRUCT
) != 0 &&
1100 (colorspace
->flags
& PNG_COLORSPACE_FROM_gAMA
) != 0)
1101 errmsg
= "duplicate";
1104 /* Do nothing if the colorspace is already invalid */
1105 else if (colorspace
->flags
& PNG_COLORSPACE_INVALID
)
1110 if (png_colorspace_check_gamma(png_ptr
, colorspace
, gAMA
, 1/*from gAMA*/))
1112 /* Store this gamma value. */
1113 colorspace
->gamma
= gAMA
;
1114 colorspace
->flags
|=
1115 (PNG_COLORSPACE_HAVE_GAMMA
| PNG_COLORSPACE_FROM_gAMA
);
1118 /* At present if the check_gamma test fails the gamma of the colorspace is
1119 * not updated however the colorspace is not invalidated. This
1120 * corresponds to the case where the existing gamma comes from an sRGB
1121 * chunk or profile. An error message has already been output.
1126 /* Error exit - errmsg has been set. */
1127 colorspace
->flags
|= PNG_COLORSPACE_INVALID
;
1128 png_chunk_report(png_ptr
, errmsg
, PNG_CHUNK_WRITE_ERROR
);
1132 png_colorspace_sync_info(png_const_structrp png_ptr
, png_inforp info_ptr
)
1134 if (info_ptr
->colorspace
.flags
& PNG_COLORSPACE_INVALID
)
1136 /* Everything is invalid */
1137 info_ptr
->valid
&= ~(PNG_INFO_gAMA
|PNG_INFO_cHRM
|PNG_INFO_sRGB
|
1140 # ifdef PNG_COLORSPACE_SUPPORTED
1141 /* Clean up the iCCP profile now if it won't be used. */
1142 png_free_data(png_ptr
, info_ptr
, PNG_FREE_ICCP
, -1/*not used*/);
1150 # ifdef PNG_COLORSPACE_SUPPORTED
1151 /* Leave the INFO_iCCP flag set if the pngset.c code has already set
1152 * it; this allows a PNG to contain a profile which matches sRGB and
1153 * yet still have that profile retrievable by the application.
1155 if (info_ptr
->colorspace
.flags
& PNG_COLORSPACE_MATCHES_sRGB
)
1156 info_ptr
->valid
|= PNG_INFO_sRGB
;
1159 info_ptr
->valid
&= ~PNG_INFO_sRGB
;
1161 if (info_ptr
->colorspace
.flags
& PNG_COLORSPACE_HAVE_ENDPOINTS
)
1162 info_ptr
->valid
|= PNG_INFO_cHRM
;
1165 info_ptr
->valid
&= ~PNG_INFO_cHRM
;
1168 if (info_ptr
->colorspace
.flags
& PNG_COLORSPACE_HAVE_GAMMA
)
1169 info_ptr
->valid
|= PNG_INFO_gAMA
;
1172 info_ptr
->valid
&= ~PNG_INFO_gAMA
;
1176 #ifdef PNG_READ_SUPPORTED
1178 png_colorspace_sync(png_const_structrp png_ptr
, png_inforp info_ptr
)
1180 if (info_ptr
== NULL
) /* reduce code size; check here not in the caller */
1183 info_ptr
->colorspace
= png_ptr
->colorspace
;
1184 png_colorspace_sync_info(png_ptr
, info_ptr
);
1189 #ifdef PNG_COLORSPACE_SUPPORTED
1190 /* Added at libpng-1.5.5 to support read and write of true CIEXYZ values for
1191 * cHRM, as opposed to using chromaticities. These internal APIs return
1192 * non-zero on a parameter error. The X, Y and Z values are required to be
1193 * positive and less than 1.0.
1196 png_xy_from_XYZ(png_xy
*xy
, const png_XYZ
*XYZ
)
1198 png_int_32 d
, dwhite
, whiteX
, whiteY
;
1200 d
= XYZ
->red_X
+ XYZ
->red_Y
+ XYZ
->red_Z
;
1201 if (!png_muldiv(&xy
->redx
, XYZ
->red_X
, PNG_FP_1
, d
)) return 1;
1202 if (!png_muldiv(&xy
->redy
, XYZ
->red_Y
, PNG_FP_1
, d
)) return 1;
1204 whiteX
= XYZ
->red_X
;
1205 whiteY
= XYZ
->red_Y
;
1207 d
= XYZ
->green_X
+ XYZ
->green_Y
+ XYZ
->green_Z
;
1208 if (!png_muldiv(&xy
->greenx
, XYZ
->green_X
, PNG_FP_1
, d
)) return 1;
1209 if (!png_muldiv(&xy
->greeny
, XYZ
->green_Y
, PNG_FP_1
, d
)) return 1;
1211 whiteX
+= XYZ
->green_X
;
1212 whiteY
+= XYZ
->green_Y
;
1214 d
= XYZ
->blue_X
+ XYZ
->blue_Y
+ XYZ
->blue_Z
;
1215 if (!png_muldiv(&xy
->bluex
, XYZ
->blue_X
, PNG_FP_1
, d
)) return 1;
1216 if (!png_muldiv(&xy
->bluey
, XYZ
->blue_Y
, PNG_FP_1
, d
)) return 1;
1218 whiteX
+= XYZ
->blue_X
;
1219 whiteY
+= XYZ
->blue_Y
;
1221 /* The reference white is simply the sum of the end-point (X,Y,Z) vectors,
1224 if (!png_muldiv(&xy
->whitex
, whiteX
, PNG_FP_1
, dwhite
)) return 1;
1225 if (!png_muldiv(&xy
->whitey
, whiteY
, PNG_FP_1
, dwhite
)) return 1;
1231 png_XYZ_from_xy(png_XYZ
*XYZ
, const png_xy
*xy
)
1233 png_fixed_point red_inverse
, green_inverse
, blue_scale
;
1234 png_fixed_point left
, right
, denominator
;
1236 /* Check xy and, implicitly, z. Note that wide gamut color spaces typically
1237 * have end points with 0 tristimulus values (these are impossible end
1238 * points, but they are used to cover the possible colors.)
1240 if (xy
->redx
< 0 || xy
->redx
> PNG_FP_1
) return 1;
1241 if (xy
->redy
< 0 || xy
->redy
> PNG_FP_1
-xy
->redx
) return 1;
1242 if (xy
->greenx
< 0 || xy
->greenx
> PNG_FP_1
) return 1;
1243 if (xy
->greeny
< 0 || xy
->greeny
> PNG_FP_1
-xy
->greenx
) return 1;
1244 if (xy
->bluex
< 0 || xy
->bluex
> PNG_FP_1
) return 1;
1245 if (xy
->bluey
< 0 || xy
->bluey
> PNG_FP_1
-xy
->bluex
) return 1;
1246 if (xy
->whitex
< 0 || xy
->whitex
> PNG_FP_1
) return 1;
1247 if (xy
->whitey
< 0 || xy
->whitey
> PNG_FP_1
-xy
->whitex
) return 1;
1249 /* The reverse calculation is more difficult because the original tristimulus
1250 * value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8
1251 * derived values were recorded in the cHRM chunk;
1252 * (red,green,blue,white)x(x,y). This loses one degree of freedom and
1253 * therefore an arbitrary ninth value has to be introduced to undo the
1254 * original transformations.
1256 * Think of the original end-points as points in (X,Y,Z) space. The
1257 * chromaticity values (c) have the property:
1263 * For each c (x,y,z) from the corresponding original C (X,Y,Z). Thus the
1264 * three chromaticity values (x,y,z) for each end-point obey the
1269 * This describes the plane in (X,Y,Z) space that intersects each axis at the
1270 * value 1.0; call this the chromaticity plane. Thus the chromaticity
1271 * calculation has scaled each end-point so that it is on the x+y+z=1 plane
1272 * and chromaticity is the intersection of the vector from the origin to the
1273 * (X,Y,Z) value with the chromaticity plane.
1275 * To fully invert the chromaticity calculation we would need the three
1276 * end-point scale factors, (red-scale, green-scale, blue-scale), but these
1277 * were not recorded. Instead we calculated the reference white (X,Y,Z) and
1278 * recorded the chromaticity of this. The reference white (X,Y,Z) would have
1279 * given all three of the scale factors since:
1281 * color-C = color-c * color-scale
1282 * white-C = red-C + green-C + blue-C
1283 * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
1285 * But cHRM records only white-x and white-y, so we have lost the white scale
1288 * white-C = white-c*white-scale
1290 * To handle this the inverse transformation makes an arbitrary assumption
1291 * about white-scale:
1293 * Assume: white-Y = 1.0
1294 * Hence: white-scale = 1/white-y
1295 * Or: red-Y + green-Y + blue-Y = 1.0
1297 * Notice the last statement of the assumption gives an equation in three of
1298 * the nine values we want to calculate. 8 more equations come from the
1299 * above routine as summarised at the top above (the chromaticity
1302 * Given: color-x = color-X / (color-X + color-Y + color-Z)
1303 * Hence: (color-x - 1)*color-X + color.x*color-Y + color.x*color-Z = 0
1305 * This is 9 simultaneous equations in the 9 variables "color-C" and can be
1306 * solved by Cramer's rule. Cramer's rule requires calculating 10 9x9 matrix
1307 * determinants, however this is not as bad as it seems because only 28 of
1308 * the total of 90 terms in the various matrices are non-zero. Nevertheless
1309 * Cramer's rule is notoriously numerically unstable because the determinant
1310 * calculation involves the difference of large, but similar, numbers. It is
1311 * difficult to be sure that the calculation is stable for real world values
1312 * and it is certain that it becomes unstable where the end points are close
1315 * So this code uses the perhaps slightly less optimal but more
1316 * understandable and totally obvious approach of calculating color-scale.
1318 * This algorithm depends on the precision in white-scale and that is
1319 * (1/white-y), so we can immediately see that as white-y approaches 0 the
1320 * accuracy inherent in the cHRM chunk drops off substantially.
1322 * libpng arithmetic: a simple invertion of the above equations
1323 * ------------------------------------------------------------
1325 * white_scale = 1/white-y
1326 * white-X = white-x * white-scale
1328 * white-Z = (1 - white-x - white-y) * white_scale
1330 * white-C = red-C + green-C + blue-C
1331 * = red-c*red-scale + green-c*green-scale + blue-c*blue-scale
1333 * This gives us three equations in (red-scale,green-scale,blue-scale) where
1334 * all the coefficients are now known:
1336 * red-x*red-scale + green-x*green-scale + blue-x*blue-scale
1338 * red-y*red-scale + green-y*green-scale + blue-y*blue-scale = 1
1339 * red-z*red-scale + green-z*green-scale + blue-z*blue-scale
1340 * = (1 - white-x - white-y)/white-y
1342 * In the last equation color-z is (1 - color-x - color-y) so we can add all
1343 * three equations together to get an alternative third:
1345 * red-scale + green-scale + blue-scale = 1/white-y = white-scale
1347 * So now we have a Cramer's rule solution where the determinants are just
1348 * 3x3 - far more tractible. Unfortunately 3x3 determinants still involve
1349 * multiplication of three coefficients so we can't guarantee to avoid
1350 * overflow in the libpng fixed point representation. Using Cramer's rule in
1351 * floating point is probably a good choice here, but it's not an option for
1352 * fixed point. Instead proceed to simplify the first two equations by
1353 * eliminating what is likely to be the largest value, blue-scale:
1355 * blue-scale = white-scale - red-scale - green-scale
1359 * (red-x - blue-x)*red-scale + (green-x - blue-x)*green-scale =
1360 * (white-x - blue-x)*white-scale
1362 * (red-y - blue-y)*red-scale + (green-y - blue-y)*green-scale =
1363 * 1 - blue-y*white-scale
1365 * And now we can trivially solve for (red-scale,green-scale):
1368 * (white-x - blue-x)*white-scale - (red-x - blue-x)*red-scale
1369 * -----------------------------------------------------------
1373 * 1 - blue-y*white-scale - (green-y - blue-y) * green-scale
1374 * ---------------------------------------------------------
1380 * ( (green-x - blue-x) * (white-y - blue-y) -
1381 * (green-y - blue-y) * (white-x - blue-x) ) / white-y
1382 * -------------------------------------------------------------------------
1383 * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
1386 * ( (red-y - blue-y) * (white-x - blue-x) -
1387 * (red-x - blue-x) * (white-y - blue-y) ) / white-y
1388 * -------------------------------------------------------------------------
1389 * (green-x - blue-x)*(red-y - blue-y)-(green-y - blue-y)*(red-x - blue-x)
1392 * The input values have 5 decimal digits of accuracy. The values are all in
1393 * the range 0 < value < 1, so simple products are in the same range but may
1394 * need up to 10 decimal digits to preserve the original precision and avoid
1395 * underflow. Because we are using a 32-bit signed representation we cannot
1396 * match this; the best is a little over 9 decimal digits, less than 10.
1398 * The approach used here is to preserve the maximum precision within the
1399 * signed representation. Because the red-scale calculation above uses the
1400 * difference between two products of values that must be in the range -1..+1
1401 * it is sufficient to divide the product by 7; ceil(100,000/32767*2). The
1402 * factor is irrelevant in the calculation because it is applied to both
1403 * numerator and denominator.
1405 * Note that the values of the differences of the products of the
1406 * chromaticities in the above equations tend to be small, for example for
1407 * the sRGB chromaticities they are:
1409 * red numerator: -0.04751
1410 * green numerator: -0.08788
1411 * denominator: -0.2241 (without white-y multiplication)
1413 * The resultant Y coefficients from the chromaticities of some widely used
1414 * color space definitions are (to 15 decimal places):
1417 * 0.212639005871510 0.715168678767756 0.072192315360734
1419 * 0.288071128229293 0.711843217810102 0.000085653960605
1421 * 0.297344975250536 0.627363566255466 0.075291458493998
1422 * Adobe Wide Gamut RGB
1423 * 0.258728243040113 0.724682314948566 0.016589442011321
1425 /* By the argument, above overflow should be impossible here. The return
1426 * value of 2 indicates an internal error to the caller.
1428 if (!png_muldiv(&left
, xy
->greenx
-xy
->bluex
, xy
->redy
- xy
->bluey
, 7))
1430 if (!png_muldiv(&right
, xy
->greeny
-xy
->bluey
, xy
->redx
- xy
->bluex
, 7))
1432 denominator
= left
- right
;
1434 /* Now find the red numerator. */
1435 if (!png_muldiv(&left
, xy
->greenx
-xy
->bluex
, xy
->whitey
-xy
->bluey
, 7))
1437 if (!png_muldiv(&right
, xy
->greeny
-xy
->bluey
, xy
->whitex
-xy
->bluex
, 7))
1440 /* Overflow is possible here and it indicates an extreme set of PNG cHRM
1441 * chunk values. This calculation actually returns the reciprocal of the
1442 * scale value because this allows us to delay the multiplication of white-y
1443 * into the denominator, which tends to produce a small number.
1445 if (!png_muldiv(&red_inverse
, xy
->whitey
, denominator
, left
-right
) ||
1446 red_inverse
<= xy
->whitey
/* r+g+b scales = white scale */)
1449 /* Similarly for green_inverse: */
1450 if (!png_muldiv(&left
, xy
->redy
-xy
->bluey
, xy
->whitex
-xy
->bluex
, 7))
1452 if (!png_muldiv(&right
, xy
->redx
-xy
->bluex
, xy
->whitey
-xy
->bluey
, 7))
1454 if (!png_muldiv(&green_inverse
, xy
->whitey
, denominator
, left
-right
) ||
1455 green_inverse
<= xy
->whitey
)
1458 /* And the blue scale, the checks above guarantee this can't overflow but it
1459 * can still produce 0 for extreme cHRM values.
1461 blue_scale
= png_reciprocal(xy
->whitey
) - png_reciprocal(red_inverse
) -
1462 png_reciprocal(green_inverse
);
1463 if (blue_scale
<= 0) return 1;
1466 /* And fill in the png_XYZ: */
1467 if (!png_muldiv(&XYZ
->red_X
, xy
->redx
, PNG_FP_1
, red_inverse
)) return 1;
1468 if (!png_muldiv(&XYZ
->red_Y
, xy
->redy
, PNG_FP_1
, red_inverse
)) return 1;
1469 if (!png_muldiv(&XYZ
->red_Z
, PNG_FP_1
- xy
->redx
- xy
->redy
, PNG_FP_1
,
1473 if (!png_muldiv(&XYZ
->green_X
, xy
->greenx
, PNG_FP_1
, green_inverse
))
1475 if (!png_muldiv(&XYZ
->green_Y
, xy
->greeny
, PNG_FP_1
, green_inverse
))
1477 if (!png_muldiv(&XYZ
->green_Z
, PNG_FP_1
- xy
->greenx
- xy
->greeny
, PNG_FP_1
,
1481 if (!png_muldiv(&XYZ
->blue_X
, xy
->bluex
, blue_scale
, PNG_FP_1
)) return 1;
1482 if (!png_muldiv(&XYZ
->blue_Y
, xy
->bluey
, blue_scale
, PNG_FP_1
)) return 1;
1483 if (!png_muldiv(&XYZ
->blue_Z
, PNG_FP_1
- xy
->bluex
- xy
->bluey
, blue_scale
,
1487 return 0; /*success*/
1491 png_XYZ_normalize(png_XYZ
*XYZ
)
1495 if (XYZ
->red_Y
< 0 || XYZ
->green_Y
< 0 || XYZ
->blue_Y
< 0 ||
1496 XYZ
->red_X
< 0 || XYZ
->green_X
< 0 || XYZ
->blue_X
< 0 ||
1497 XYZ
->red_Z
< 0 || XYZ
->green_Z
< 0 || XYZ
->blue_Z
< 0)
1500 /* Normalize by scaling so the sum of the end-point Y values is PNG_FP_1.
1501 * IMPLEMENTATION NOTE: ANSI requires signed overflow not to occur, therefore
1502 * relying on addition of two positive values producing a negative one is not
1506 if (0x7fffffff - Y
< XYZ
->green_X
) return 1;
1508 if (0x7fffffff - Y
< XYZ
->blue_X
) return 1;
1513 if (!png_muldiv(&XYZ
->red_X
, XYZ
->red_X
, PNG_FP_1
, Y
)) return 1;
1514 if (!png_muldiv(&XYZ
->red_Y
, XYZ
->red_Y
, PNG_FP_1
, Y
)) return 1;
1515 if (!png_muldiv(&XYZ
->red_Z
, XYZ
->red_Z
, PNG_FP_1
, Y
)) return 1;
1517 if (!png_muldiv(&XYZ
->green_X
, XYZ
->green_X
, PNG_FP_1
, Y
)) return 1;
1518 if (!png_muldiv(&XYZ
->green_Y
, XYZ
->green_Y
, PNG_FP_1
, Y
)) return 1;
1519 if (!png_muldiv(&XYZ
->green_Z
, XYZ
->green_Z
, PNG_FP_1
, Y
)) return 1;
1521 if (!png_muldiv(&XYZ
->blue_X
, XYZ
->blue_X
, PNG_FP_1
, Y
)) return 1;
1522 if (!png_muldiv(&XYZ
->blue_Y
, XYZ
->blue_Y
, PNG_FP_1
, Y
)) return 1;
1523 if (!png_muldiv(&XYZ
->blue_Z
, XYZ
->blue_Z
, PNG_FP_1
, Y
)) return 1;
1530 png_colorspace_endpoints_match(const png_xy
*xy1
, const png_xy
*xy2
, int delta
)
1532 /* Allow an error of +/-0.01 (absolute value) on each chromaticity */
1533 return !(PNG_OUT_OF_RANGE(xy1
->whitex
, xy2
->whitex
,delta
) ||
1534 PNG_OUT_OF_RANGE(xy1
->whitey
, xy2
->whitey
,delta
) ||
1535 PNG_OUT_OF_RANGE(xy1
->redx
, xy2
->redx
, delta
) ||
1536 PNG_OUT_OF_RANGE(xy1
->redy
, xy2
->redy
, delta
) ||
1537 PNG_OUT_OF_RANGE(xy1
->greenx
, xy2
->greenx
,delta
) ||
1538 PNG_OUT_OF_RANGE(xy1
->greeny
, xy2
->greeny
,delta
) ||
1539 PNG_OUT_OF_RANGE(xy1
->bluex
, xy2
->bluex
, delta
) ||
1540 PNG_OUT_OF_RANGE(xy1
->bluey
, xy2
->bluey
, delta
));
1543 /* Added in libpng-1.6.0, a different check for the validity of a set of cHRM
1544 * chunk chromaticities. Earlier checks used to simply look for the overflow
1545 * condition (where the determinant of the matrix to solve for XYZ ends up zero
1546 * because the chromaticity values are not all distinct.) Despite this it is
1547 * theoretically possible to produce chromaticities that are apparently valid
1548 * but that rapidly degrade to invalid, potentially crashing, sets because of
1549 * arithmetic inaccuracies when calculations are performed on them. The new
1550 * check is to round-trip xy -> XYZ -> xy and then check that the result is
1551 * within a small percentage of the original.
1554 png_colorspace_check_xy(png_XYZ
*XYZ
, const png_xy
*xy
)
1559 /* As a side-effect this routine also returns the XYZ endpoints. */
1560 result
= png_XYZ_from_xy(XYZ
, xy
);
1561 if (result
) return result
;
1563 result
= png_xy_from_XYZ(&xy_test
, XYZ
);
1564 if (result
) return result
;
1566 if (png_colorspace_endpoints_match(xy
, &xy_test
,
1567 5/*actually, the math is pretty accurate*/))
1574 /* This is the check going the other way. The XYZ is modified to normalize it
1575 * (another side-effect) and the xy chromaticities are returned.
1578 png_colorspace_check_XYZ(png_xy
*xy
, png_XYZ
*XYZ
)
1583 result
= png_XYZ_normalize(XYZ
);
1584 if (result
) return result
;
1586 result
= png_xy_from_XYZ(xy
, XYZ
);
1587 if (result
) return result
;
1590 return png_colorspace_check_xy(&XYZtemp
, xy
);
1593 /* Used to check for an endpoint match against sRGB */
1594 static const png_xy sRGB_xy
= /* From ITU-R BT.709-3 */
1597 /* red */ 64000, 33000,
1598 /* green */ 30000, 60000,
1599 /* blue */ 15000, 6000,
1600 /* white */ 31270, 32900
1604 png_colorspace_set_xy_and_XYZ(png_const_structrp png_ptr
,
1605 png_colorspacerp colorspace
, const png_xy
*xy
, const png_XYZ
*XYZ
,
1608 if (colorspace
->flags
& PNG_COLORSPACE_INVALID
)
1611 /* The consistency check is performed on the chromaticities; this factors out
1612 * variations because of the normalization (or not) of the end point Y
1615 if (preferred
< 2 && (colorspace
->flags
& PNG_COLORSPACE_HAVE_ENDPOINTS
))
1617 /* The end points must be reasonably close to any we already have. The
1618 * following allows an error of up to +/-.001
1620 if (!png_colorspace_endpoints_match(xy
, &colorspace
->end_points_xy
, 100))
1622 colorspace
->flags
|= PNG_COLORSPACE_INVALID
;
1623 png_benign_error(png_ptr
, "inconsistent chromaticities");
1624 return 0; /* failed */
1627 /* Only overwrite with preferred values */
1629 return 1; /* ok, but no change */
1632 colorspace
->end_points_xy
= *xy
;
1633 colorspace
->end_points_XYZ
= *XYZ
;
1634 colorspace
->flags
|= PNG_COLORSPACE_HAVE_ENDPOINTS
;
1636 /* The end points are normally quoted to two decimal digits, so allow +/-0.01
1639 if (png_colorspace_endpoints_match(xy
, &sRGB_xy
, 1000))
1640 colorspace
->flags
|= PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB
;
1643 colorspace
->flags
&= PNG_COLORSPACE_CANCEL(
1644 PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB
);
1646 return 2; /* ok and changed */
1650 png_colorspace_set_chromaticities(png_const_structrp png_ptr
,
1651 png_colorspacerp colorspace
, const png_xy
*xy
, int preferred
)
1653 /* We must check the end points to ensure they are reasonable - in the past
1654 * color management systems have crashed as a result of getting bogus
1655 * colorant values, while this isn't the fault of libpng it is the
1656 * responsibility of libpng because PNG carries the bomb and libpng is in a
1657 * position to protect against it.
1661 switch (png_colorspace_check_xy(&XYZ
, xy
))
1663 case 0: /* success */
1664 return png_colorspace_set_xy_and_XYZ(png_ptr
, colorspace
, xy
, &XYZ
,
1668 /* We can't invert the chromaticities so we can't produce value XYZ
1669 * values. Likely as not a color management system will fail too.
1671 colorspace
->flags
|= PNG_COLORSPACE_INVALID
;
1672 png_benign_error(png_ptr
, "invalid chromaticities");
1676 /* libpng is broken; this should be a warning but if it happens we
1677 * want error reports so for the moment it is an error.
1679 colorspace
->flags
|= PNG_COLORSPACE_INVALID
;
1680 png_error(png_ptr
, "internal error checking chromaticities");
1684 return 0; /* failed */
1688 png_colorspace_set_endpoints(png_const_structrp png_ptr
,
1689 png_colorspacerp colorspace
, const png_XYZ
*XYZ_in
, int preferred
)
1691 png_XYZ XYZ
= *XYZ_in
;
1694 switch (png_colorspace_check_XYZ(&xy
, &XYZ
))
1697 return png_colorspace_set_xy_and_XYZ(png_ptr
, colorspace
, &xy
, &XYZ
,
1701 /* End points are invalid. */
1702 colorspace
->flags
|= PNG_COLORSPACE_INVALID
;
1703 png_benign_error(png_ptr
, "invalid end points");
1707 colorspace
->flags
|= PNG_COLORSPACE_INVALID
;
1708 png_error(png_ptr
, "internal error checking chromaticities");
1712 return 0; /* failed */
1715 #if defined(PNG_sRGB_SUPPORTED) || defined(PNG_iCCP_SUPPORTED)
1716 /* Error message generation */
1718 png_icc_tag_char(png_uint_32 byte
)
1721 if (byte
>= 32 && byte
<= 126)
1728 png_icc_tag_name(char *name
, png_uint_32 tag
)
1731 name
[1] = png_icc_tag_char(tag
>> 24);
1732 name
[2] = png_icc_tag_char(tag
>> 16);
1733 name
[3] = png_icc_tag_char(tag
>> 8);
1734 name
[4] = png_icc_tag_char(tag
);
1739 is_ICC_signature_char(png_alloc_size_t it
)
1741 return it
== 32 || (it
>= 48 && it
<= 57) || (it
>= 65 && it
<= 90) ||
1742 (it
>= 97 && it
<= 122);
1745 static int is_ICC_signature(png_alloc_size_t it
)
1747 return is_ICC_signature_char(it
>> 24) /* checks all the top bits */ &&
1748 is_ICC_signature_char((it
>> 16) & 0xff) &&
1749 is_ICC_signature_char((it
>> 8) & 0xff) &&
1750 is_ICC_signature_char(it
& 0xff);
1754 png_icc_profile_error(png_const_structrp png_ptr
, png_colorspacerp colorspace
,
1755 png_const_charp name
, png_alloc_size_t value
, png_const_charp reason
)
1758 char message
[196]; /* see below for calculation */
1760 if (colorspace
!= NULL
)
1761 colorspace
->flags
|= PNG_COLORSPACE_INVALID
;
1763 pos
= png_safecat(message
, (sizeof message
), 0, "profile '"); /* 9 chars */
1764 pos
= png_safecat(message
, pos
+79, pos
, name
); /* Truncate to 79 chars */
1765 pos
= png_safecat(message
, (sizeof message
), pos
, "': "); /* +2 = 90 */
1766 if (is_ICC_signature(value
))
1768 /* So 'value' is at most 4 bytes and the following cast is safe */
1769 png_icc_tag_name(message
+pos
, (png_uint_32
)value
);
1770 pos
+= 6; /* total +8; less than the else clause */
1771 message
[pos
++] = ':';
1772 message
[pos
++] = ' ';
1774 # ifdef PNG_WARNINGS_SUPPORTED
1777 char number
[PNG_NUMBER_BUFFER_SIZE
]; /* +24 = 114*/
1779 pos
= png_safecat(message
, (sizeof message
), pos
,
1780 png_format_number(number
, number
+(sizeof number
),
1781 PNG_NUMBER_FORMAT_x
, value
));
1782 pos
= png_safecat(message
, (sizeof message
), pos
, "h: "); /*+2 = 116*/
1785 /* The 'reason' is an arbitrary message, allow +79 maximum 195 */
1786 pos
= png_safecat(message
, (sizeof message
), pos
, reason
);
1789 /* This is recoverable, but make it unconditionally an app_error on write to
1790 * avoid writing invalid ICC profiles into PNG files. (I.e. we handle them
1791 * on read, with a warning, but on write unless the app turns off
1792 * application errors the PNG won't be written.)
1794 png_chunk_report(png_ptr
, message
,
1795 (colorspace
!= NULL
) ? PNG_CHUNK_ERROR
: PNG_CHUNK_WRITE_ERROR
);
1799 #endif /* sRGB || iCCP */
1801 #ifdef PNG_sRGB_SUPPORTED
1803 png_colorspace_set_sRGB(png_const_structrp png_ptr
, png_colorspacerp colorspace
,
1806 /* sRGB sets known gamma, end points and (from the chunk) intent. */
1807 /* IMPORTANT: these are not necessarily the values found in an ICC profile
1808 * because ICC profiles store values adapted to a D50 environment; it is
1809 * expected that the ICC profile mediaWhitePointTag will be D50, see the
1810 * checks and code elsewhere to understand this better.
1812 * These XYZ values, which are accurate to 5dp, produce rgb to gray
1813 * coefficients of (6968,23435,2366), which are reduced (because they add up
1814 * to 32769 not 32768) to (6968,23434,2366). These are the values that
1815 * libpng has traditionally used (and are the best values given the 15bit
1816 * algorithm used by the rgb to gray code.)
1818 static const png_XYZ sRGB_XYZ
= /* D65 XYZ (*not* the D50 adapted values!) */
1821 /* red */ 41239, 21264, 1933,
1822 /* green */ 35758, 71517, 11919,
1823 /* blue */ 18048, 7219, 95053
1826 /* Do nothing if the colorspace is already invalidated. */
1827 if (colorspace
->flags
& PNG_COLORSPACE_INVALID
)
1830 /* Check the intent, then check for existing settings. It is valid for the
1831 * PNG file to have cHRM or gAMA chunks along with sRGB, but the values must
1832 * be consistent with the correct values. If, however, this function is
1833 * called below because an iCCP chunk matches sRGB then it is quite
1834 * conceivable that an older app recorded incorrect gAMA and cHRM because of
1835 * an incorrect calculation based on the values in the profile - this does
1836 * *not* invalidate the profile (though it still produces an error, which can
1839 if (intent
< 0 || intent
>= PNG_sRGB_INTENT_LAST
)
1840 return png_icc_profile_error(png_ptr
, colorspace
, "sRGB",
1841 (unsigned)intent
, "invalid sRGB rendering intent");
1843 if ((colorspace
->flags
& PNG_COLORSPACE_HAVE_INTENT
) != 0 &&
1844 colorspace
->rendering_intent
!= intent
)
1845 return png_icc_profile_error(png_ptr
, colorspace
, "sRGB",
1846 (unsigned)intent
, "inconsistent rendering intents");
1848 if ((colorspace
->flags
& PNG_COLORSPACE_FROM_sRGB
) != 0)
1850 png_benign_error(png_ptr
, "duplicate sRGB information ignored");
1854 /* If the standard sRGB cHRM chunk does not match the one from the PNG file
1855 * warn but overwrite the value with the correct one.
1857 if ((colorspace
->flags
& PNG_COLORSPACE_HAVE_ENDPOINTS
) != 0 &&
1858 !png_colorspace_endpoints_match(&sRGB_xy
, &colorspace
->end_points_xy
,
1860 png_chunk_report(png_ptr
, "cHRM chunk does not match sRGB",
1863 /* This check is just done for the error reporting - the routine always
1864 * returns true when the 'from' argument corresponds to sRGB (2).
1866 (void)png_colorspace_check_gamma(png_ptr
, colorspace
, PNG_GAMMA_sRGB_INVERSE
,
1869 /* intent: bugs in GCC force 'int' to be used as the parameter type. */
1870 colorspace
->rendering_intent
= (png_uint_16
)intent
;
1871 colorspace
->flags
|= PNG_COLORSPACE_HAVE_INTENT
;
1874 colorspace
->end_points_xy
= sRGB_xy
;
1875 colorspace
->end_points_XYZ
= sRGB_XYZ
;
1876 colorspace
->flags
|=
1877 (PNG_COLORSPACE_HAVE_ENDPOINTS
|PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB
);
1880 colorspace
->gamma
= PNG_GAMMA_sRGB_INVERSE
;
1881 colorspace
->flags
|= PNG_COLORSPACE_HAVE_GAMMA
;
1883 /* Finally record that we have an sRGB profile */
1884 colorspace
->flags
|=
1885 (PNG_COLORSPACE_MATCHES_sRGB
|PNG_COLORSPACE_FROM_sRGB
);
1891 #ifdef PNG_iCCP_SUPPORTED
1892 /* Encoded value of D50 as an ICC XYZNumber. From the ICC 2010 spec the value
1893 * is XYZ(0.9642,1.0,0.8249), which scales to:
1895 * (63189.8112, 65536, 54060.6464)
1897 static const png_byte D50_nCIEXYZ
[12] =
1898 { 0x00, 0x00, 0xf6, 0xd6, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0xd3, 0x2d };
1901 png_icc_check_length(png_const_structrp png_ptr
, png_colorspacerp colorspace
,
1902 png_const_charp name
, png_uint_32 profile_length
)
1904 if (profile_length
< 132)
1905 return png_icc_profile_error(png_ptr
, colorspace
, name
, profile_length
,
1908 if (profile_length
& 3)
1909 return png_icc_profile_error(png_ptr
, colorspace
, name
, profile_length
,
1916 png_icc_check_header(png_const_structrp png_ptr
, png_colorspacerp colorspace
,
1917 png_const_charp name
, png_uint_32 profile_length
,
1918 png_const_bytep profile
/* first 132 bytes only */, int color_type
)
1922 /* Length check; this cannot be ignored in this code because profile_length
1923 * is used later to check the tag table, so even if the profile seems over
1924 * long profile_length from the caller must be correct. The caller can fix
1925 * this up on read or write by just passing in the profile header length.
1927 temp
= png_get_uint_32(profile
);
1928 if (temp
!= profile_length
)
1929 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
1930 "length does not match profile");
1932 temp
= png_get_uint_32(profile
+128); /* tag count: 12 bytes/tag */
1933 if (temp
> 357913930 || /* (2^32-4-132)/12: maximum possible tag count */
1934 profile_length
< 132+12*temp
) /* truncated tag table */
1935 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
1936 "tag count too large");
1938 /* The 'intent' must be valid or we can't store it, ICC limits the intent to
1941 temp
= png_get_uint_32(profile
+64);
1942 if (temp
>= 0xffff) /* The ICC limit */
1943 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
1944 "invalid rendering intent");
1946 /* This is just a warning because the profile may be valid in future
1949 if (temp
>= PNG_sRGB_INTENT_LAST
)
1950 (void)png_icc_profile_error(png_ptr
, NULL
, name
, temp
,
1951 "intent outside defined range");
1953 /* At this point the tag table can't be checked because it hasn't necessarily
1954 * been loaded; however, various header fields can be checked. These checks
1955 * are for values permitted by the PNG spec in an ICC profile; the PNG spec
1956 * restricts the profiles that can be passed in an iCCP chunk (they must be
1957 * appropriate to processing PNG data!)
1960 /* Data checks (could be skipped). These checks must be independent of the
1961 * version number; however, the version number doesn't accomodate changes in
1962 * the header fields (just the known tags and the interpretation of the
1965 temp
= png_get_uint_32(profile
+36); /* signature 'ascp' */
1966 if (temp
!= 0x61637370)
1967 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
1968 "invalid signature");
1970 /* Currently the PCS illuminant/adopted white point (the computational
1971 * white point) are required to be D50,
1972 * however the profile contains a record of the illuminant so perhaps ICC
1973 * expects to be able to change this in the future (despite the rationale in
1974 * the introduction for using a fixed PCS adopted white.) Consequently the
1975 * following is just a warning.
1977 if (memcmp(profile
+68, D50_nCIEXYZ
, 12) != 0)
1978 (void)png_icc_profile_error(png_ptr
, NULL
, name
, 0/*no tag value*/,
1979 "PCS illuminant is not D50");
1981 /* The PNG spec requires this:
1982 * "If the iCCP chunk is present, the image samples conform to the colour
1983 * space represented by the embedded ICC profile as defined by the
1984 * International Color Consortium [ICC]. The colour space of the ICC profile
1985 * shall be an RGB colour space for colour images (PNG colour types 2, 3, and
1986 * 6), or a greyscale colour space for greyscale images (PNG colour types 0
1989 * This checking code ensures the embedded profile (on either read or write)
1990 * conforms to the specification requirements. Notice that an ICC 'gray'
1991 * color-space profile contains the information to transform the monochrome
1992 * data to XYZ or L*a*b (according to which PCS the profile uses) and this
1993 * should be used in preference to the standard libpng K channel replication
1994 * into R, G and B channels.
1996 * Previously it was suggested that an RGB profile on grayscale data could be
1997 * handled. However it it is clear that using an RGB profile in this context
1998 * must be an error - there is no specification of what it means. Thus it is
1999 * almost certainly more correct to ignore the profile.
2001 temp
= png_get_uint_32(profile
+16); /* data colour space field */
2004 case 0x52474220: /* 'RGB ' */
2005 if (!(color_type
& PNG_COLOR_MASK_COLOR
))
2006 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
2007 "RGB color space not permitted on grayscale PNG");
2010 case 0x47524159: /* 'GRAY' */
2011 if (color_type
& PNG_COLOR_MASK_COLOR
)
2012 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
2013 "Gray color space not permitted on RGB PNG");
2017 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
2018 "invalid ICC profile color space");
2021 /* It is up to the application to check that the profile class matches the
2022 * application requirements; the spec provides no guidance, but it's pretty
2023 * weird if the profile is not scanner ('scnr'), monitor ('mntr'), printer
2024 * ('prtr') or 'spac' (for generic color spaces). Issue a warning in these
2025 * cases. Issue an error for device link or abstract profiles - these don't
2026 * contain the records necessary to transform the color-space to anything
2027 * other than the target device (and not even that for an abstract profile).
2028 * Profiles of these classes may not be embedded in images.
2030 temp
= png_get_uint_32(profile
+12); /* profile/device class */
2033 case 0x73636E72: /* 'scnr' */
2034 case 0x6D6E7472: /* 'mntr' */
2035 case 0x70727472: /* 'prtr' */
2036 case 0x73706163: /* 'spac' */
2040 case 0x61627374: /* 'abst' */
2041 /* May not be embedded in an image */
2042 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
2043 "invalid embedded Abstract ICC profile");
2045 case 0x6C696E6B: /* 'link' */
2046 /* DeviceLink profiles cannnot be interpreted in a non-device specific
2047 * fashion, if an app uses the AToB0Tag in the profile the results are
2048 * undefined unless the result is sent to the intended device,
2049 * therefore a DeviceLink profile should not be found embedded in a
2052 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
2053 "unexpected DeviceLink ICC profile class");
2055 case 0x6E6D636C: /* 'nmcl' */
2056 /* A NamedColor profile is also device specific, however it doesn't
2057 * contain an AToB0 tag that is open to misintrepretation. Almost
2058 * certainly it will fail the tests below.
2060 (void)png_icc_profile_error(png_ptr
, NULL
, name
, temp
,
2061 "unexpected NamedColor ICC profile class");
2065 /* To allow for future enhancements to the profile accept unrecognized
2066 * profile classes with a warning, these then hit the test below on the
2067 * tag content to ensure they are backward compatible with one of the
2068 * understood profiles.
2070 (void)png_icc_profile_error(png_ptr
, NULL
, name
, temp
,
2071 "unrecognized ICC profile class");
2075 /* For any profile other than a device link one the PCS must be encoded
2076 * either in XYZ or Lab.
2078 temp
= png_get_uint_32(profile
+20);
2081 case 0x58595A20: /* 'XYZ ' */
2082 case 0x4C616220: /* 'Lab ' */
2086 return png_icc_profile_error(png_ptr
, colorspace
, name
, temp
,
2087 "unexpected ICC PCS encoding");
2094 png_icc_check_tag_table(png_const_structrp png_ptr
, png_colorspacerp colorspace
,
2095 png_const_charp name
, png_uint_32 profile_length
,
2096 png_const_bytep profile
/* header plus whole tag table */)
2098 png_uint_32 tag_count
= png_get_uint_32(profile
+128);
2100 png_const_bytep tag
= profile
+132; /* The first tag */
2102 /* First scan all the tags in the table and add bits to the icc_info value
2103 * (temporarily in 'tags').
2105 for (itag
=0; itag
< tag_count
; ++itag
, tag
+= 12)
2107 png_uint_32 tag_id
= png_get_uint_32(tag
+0);
2108 png_uint_32 tag_start
= png_get_uint_32(tag
+4); /* must be aligned */
2109 png_uint_32 tag_length
= png_get_uint_32(tag
+8);/* not padded */
2111 /* The ICC specification does not exclude zero length tags, therefore the
2112 * start might actually be anywhere if there is no data, but this would be
2113 * a clear abuse of the intent of the standard so the start is checked for
2114 * being in range. All defined tag types have an 8 byte header - a 4 byte
2115 * type signature then 0.
2117 if ((tag_start
& 3) != 0)
2119 /* CNHP730S.icc shipped with Microsoft Windows 64 violates this, it is
2120 * only a warning here because libpng does not care about the
2123 (void)png_icc_profile_error(png_ptr
, NULL
, name
, tag_id
,
2124 "ICC profile tag start not a multiple of 4");
2127 /* This is a hard error; potentially it can cause read outside the
2130 if (tag_start
> profile_length
|| tag_length
> profile_length
- tag_start
)
2131 return png_icc_profile_error(png_ptr
, colorspace
, name
, tag_id
,
2132 "ICC profile tag outside profile");
2135 return 1; /* success, maybe with warnings */
2138 #ifdef PNG_sRGB_SUPPORTED
2139 /* Information about the known ICC sRGB profiles */
2142 png_uint_32 adler
, crc
, length
;
2148 # define PNG_MD5(a,b,c,d) { a, b, c, d }, (a!=0)||(b!=0)||(c!=0)||(d!=0)
2149 # define PNG_ICC_CHECKSUM(adler, crc, md5, intent, broke, date, length, fname)\
2150 { adler, crc, length, md5, broke, intent },
2152 } png_sRGB_checks
[] =
2154 /* This data comes from contrib/tools/checksum-icc run on downloads of
2155 * all four ICC sRGB profiles from www.color.org.
2157 /* adler32, crc32, MD5[4], intent, date, length, file-name */
2158 PNG_ICC_CHECKSUM(0x0a3fd9f6, 0x3b8772b9,
2159 PNG_MD5(0x29f83dde, 0xaff255ae, 0x7842fae4, 0xca83390d), 0, 0,
2160 "2009/03/27 21:36:31", 3048, "sRGB_IEC61966-2-1_black_scaled.icc")
2162 /* ICC sRGB v2 perceptual no black-compensation: */
2163 PNG_ICC_CHECKSUM(0x4909e5e1, 0x427ebb21,
2164 PNG_MD5(0xc95bd637, 0xe95d8a3b, 0x0df38f99, 0xc1320389), 1, 0,
2165 "2009/03/27 21:37:45", 3052, "sRGB_IEC61966-2-1_no_black_scaling.icc")
2167 PNG_ICC_CHECKSUM(0xfd2144a1, 0x306fd8ae,
2168 PNG_MD5(0xfc663378, 0x37e2886b, 0xfd72e983, 0x8228f1b8), 0, 0,
2169 "2009/08/10 17:28:01", 60988, "sRGB_v4_ICC_preference_displayclass.icc")
2171 /* ICC sRGB v4 perceptual */
2172 PNG_ICC_CHECKSUM(0x209c35d2, 0xbbef7812,
2173 PNG_MD5(0x34562abf, 0x994ccd06, 0x6d2c5721, 0xd0d68c5d), 0, 0,
2174 "2007/07/25 00:05:37", 60960, "sRGB_v4_ICC_preference.icc")
2176 /* The following profiles have no known MD5 checksum. If there is a match
2177 * on the (empty) MD5 the other fields are used to attempt a match and
2178 * a warning is produced. The first two of these profiles have a 'cprt' tag
2179 * which suggests that they were also made by Hewlett Packard.
2181 PNG_ICC_CHECKSUM(0xa054d762, 0x5d5129ce,
2182 PNG_MD5(0x00000000, 0x00000000, 0x00000000, 0x00000000), 1, 0,
2183 "2004/07/21 18:57:42", 3024, "sRGB_IEC61966-2-1_noBPC.icc")
2185 /* This is a 'mntr' (display) profile with a mediaWhitePointTag that does not
2186 * match the D50 PCS illuminant in the header (it is in fact the D65 values,
2187 * so the white point is recorded as the un-adapted value.) The profiles
2188 * below only differ in one byte - the intent - and are basically the same as
2189 * the previous profile except for the mediaWhitePointTag error and a missing
2190 * chromaticAdaptationTag.
2192 PNG_ICC_CHECKSUM(0xf784f3fb, 0x182ea552,
2193 PNG_MD5(0x00000000, 0x00000000, 0x00000000, 0x00000000), 0, 1/*broken*/,
2194 "1998/02/09 06:49:00", 3144, "HP-Microsoft sRGB v2 perceptual")
2196 PNG_ICC_CHECKSUM(0x0398f3fc, 0xf29e526d,
2197 PNG_MD5(0x00000000, 0x00000000, 0x00000000, 0x00000000), 1, 1/*broken*/,
2198 "1998/02/09 06:49:00", 3144, "HP-Microsoft sRGB v2 media-relative")
2202 png_compare_ICC_profile_with_sRGB(png_const_structrp png_ptr
,
2203 png_const_bytep profile
, uLong adler
)
2205 /* The quick check is to verify just the MD5 signature and trust the
2206 * rest of the data. Because the profile has already been verified for
2207 * correctness this is safe. png_colorspace_set_sRGB will check the 'intent'
2208 * field too, so if the profile has been edited with an intent not defined
2209 * by sRGB (but maybe defined by a later ICC specification) the read of
2210 * the profile will fail at that point.
2212 png_uint_32 length
= 0;
2213 png_uint_32 intent
= 0x10000; /* invalid */
2214 #if PNG_sRGB_PROFILE_CHECKS > 1
2215 uLong crc
= 0; /* the value for 0 length data */
2219 for (i
=0; i
< (sizeof png_sRGB_checks
) / (sizeof png_sRGB_checks
[0]); ++i
)
2221 if (png_get_uint_32(profile
+84) == png_sRGB_checks
[i
].md5
[0] &&
2222 png_get_uint_32(profile
+88) == png_sRGB_checks
[i
].md5
[1] &&
2223 png_get_uint_32(profile
+92) == png_sRGB_checks
[i
].md5
[2] &&
2224 png_get_uint_32(profile
+96) == png_sRGB_checks
[i
].md5
[3])
2226 /* This may be one of the old HP profiles without an MD5, in that
2227 * case we can only use the length and Adler32 (note that these
2228 * are not used by default if there is an MD5!)
2230 # if PNG_sRGB_PROFILE_CHECKS == 0
2231 if (png_sRGB_checks
[i
].have_md5
)
2232 return 1+png_sRGB_checks
[i
].is_broken
;
2235 /* Profile is unsigned or more checks have been configured in. */
2238 length
= png_get_uint_32(profile
);
2239 intent
= png_get_uint_32(profile
+64);
2242 /* Length *and* intent must match */
2243 if (length
== png_sRGB_checks
[i
].length
&&
2244 intent
== png_sRGB_checks
[i
].intent
)
2246 /* Now calculate the adler32 if not done already. */
2249 adler
= adler32(0, NULL
, 0);
2250 adler
= adler32(adler
, profile
, length
);
2253 if (adler
== png_sRGB_checks
[i
].adler
)
2255 /* These basic checks suggest that the data has not been
2256 * modified, but if the check level is more than 1 perform
2257 * our own crc32 checksum on the data.
2259 # if PNG_sRGB_PROFILE_CHECKS > 1
2262 crc
= crc32(0, NULL
, 0);
2263 crc
= crc32(crc
, profile
, length
);
2266 /* So this check must pass for the 'return' below to happen.
2268 if (crc
== png_sRGB_checks
[i
].crc
)
2271 if (png_sRGB_checks
[i
].is_broken
)
2273 /* These profiles are known to have bad data that may cause
2274 * problems if they are used, therefore attempt to
2275 * discourage their use, skip the 'have_md5' warning below,
2276 * which is made irrelevant by this error.
2278 png_chunk_report(png_ptr
, "known incorrect sRGB profile",
2282 /* Warn that this being done; this isn't even an error since
2283 * the profile is perfectly valid, but it would be nice if
2284 * people used the up-to-date ones.
2286 else if (!png_sRGB_checks
[i
].have_md5
)
2288 png_chunk_report(png_ptr
,
2289 "out-of-date sRGB profile with no signature",
2293 return 1+png_sRGB_checks
[i
].is_broken
;
2298 # if PNG_sRGB_PROFILE_CHECKS > 0
2299 /* The signature matched, but the profile had been changed in some
2300 * way. This is an apparent violation of the ICC terms of use and,
2301 * anyway, probably indicates a data error or uninformed hacking.
2303 if (png_sRGB_checks
[i
].have_md5
)
2304 png_benign_error(png_ptr
,
2305 "copyright violation: edited ICC profile ignored");
2310 return 0; /* no match */
2314 #ifdef PNG_sRGB_SUPPORTED
2316 png_icc_set_sRGB(png_const_structrp png_ptr
,
2317 png_colorspacerp colorspace
, png_const_bytep profile
, uLong adler
)
2319 /* Is this profile one of the known ICC sRGB profiles? If it is, just set
2320 * the sRGB information.
2322 if (png_compare_ICC_profile_with_sRGB(png_ptr
, profile
, adler
))
2323 (void)png_colorspace_set_sRGB(png_ptr
, colorspace
,
2324 (int)/*already checked*/png_get_uint_32(profile
+64));
2326 #endif /* PNG_READ_sRGB_SUPPORTED */
2329 png_colorspace_set_ICC(png_const_structrp png_ptr
, png_colorspacerp colorspace
,
2330 png_const_charp name
, png_uint_32 profile_length
, png_const_bytep profile
,
2333 if (colorspace
->flags
& PNG_COLORSPACE_INVALID
)
2336 if (png_icc_check_length(png_ptr
, colorspace
, name
, profile_length
) &&
2337 png_icc_check_header(png_ptr
, colorspace
, name
, profile_length
, profile
,
2339 png_icc_check_tag_table(png_ptr
, colorspace
, name
, profile_length
,
2342 # ifdef PNG_sRGB_SUPPORTED
2343 /* If no sRGB support, don't try storing sRGB information */
2344 png_icc_set_sRGB(png_ptr
, colorspace
, profile
, 0);
2354 #ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED
2356 png_colorspace_set_rgb_coefficients(png_structrp png_ptr
)
2358 /* Set the rgb_to_gray coefficients from the colorspace. */
2359 if (!png_ptr
->rgb_to_gray_coefficients_set
&&
2360 (png_ptr
->colorspace
.flags
& PNG_COLORSPACE_HAVE_ENDPOINTS
) != 0)
2362 /* png_set_background has not been called, get the coefficients from the Y
2363 * values of the colorspace colorants.
2365 png_fixed_point r
= png_ptr
->colorspace
.end_points_XYZ
.red_Y
;
2366 png_fixed_point g
= png_ptr
->colorspace
.end_points_XYZ
.green_Y
;
2367 png_fixed_point b
= png_ptr
->colorspace
.end_points_XYZ
.blue_Y
;
2368 png_fixed_point total
= r
+g
+b
;
2371 r
>= 0 && png_muldiv(&r
, r
, 32768, total
) && r
>= 0 && r
<= 32768 &&
2372 g
>= 0 && png_muldiv(&g
, g
, 32768, total
) && g
>= 0 && g
<= 32768 &&
2373 b
>= 0 && png_muldiv(&b
, b
, 32768, total
) && b
>= 0 && b
<= 32768 &&
2376 /* We allow 0 coefficients here. r+g+b may be 32769 if two or
2377 * all of the coefficients were rounded up. Handle this by
2378 * reducing the *largest* coefficient by 1; this matches the
2379 * approach used for the default coefficients in pngrtran.c
2385 else if (r
+g
+b
< 32768)
2390 if (g
>= r
&& g
>= b
)
2392 else if (r
>= g
&& r
>= b
)
2398 /* Check for an internal error. */
2401 "internal error handling cHRM coefficients");
2405 png_ptr
->rgb_to_gray_red_coeff
= (png_uint_16
)r
;
2406 png_ptr
->rgb_to_gray_green_coeff
= (png_uint_16
)g
;
2410 /* This is a png_error at present even though it could be ignored -
2411 * it should never happen, but it is important that if it does, the
2415 png_error(png_ptr
, "internal error handling cHRM->XYZ");
2420 #endif /* COLORSPACE */
2423 png_check_IHDR(png_const_structrp png_ptr
,
2424 png_uint_32 width
, png_uint_32 height
, int bit_depth
,
2425 int color_type
, int interlace_type
, int compression_type
,
2430 /* Check for width and height valid values */
2433 png_warning(png_ptr
, "Image width is zero in IHDR");
2439 png_warning(png_ptr
, "Image height is zero in IHDR");
2443 # ifdef PNG_SET_USER_LIMITS_SUPPORTED
2444 if (width
> png_ptr
->user_width_max
)
2447 if (width
> PNG_USER_WIDTH_MAX
)
2450 png_warning(png_ptr
, "Image width exceeds user limit in IHDR");
2454 # ifdef PNG_SET_USER_LIMITS_SUPPORTED
2455 if (height
> png_ptr
->user_height_max
)
2457 if (height
> PNG_USER_HEIGHT_MAX
)
2460 png_warning(png_ptr
, "Image height exceeds user limit in IHDR");
2464 if (width
> PNG_UINT_31_MAX
)
2466 png_warning(png_ptr
, "Invalid image width in IHDR");
2470 if (height
> PNG_UINT_31_MAX
)
2472 png_warning(png_ptr
, "Invalid image height in IHDR");
2476 /* Check other values */
2477 if (bit_depth
!= 1 && bit_depth
!= 2 && bit_depth
!= 4 &&
2478 bit_depth
!= 8 && bit_depth
!= 16)
2480 png_warning(png_ptr
, "Invalid bit depth in IHDR");
2484 if (color_type
< 0 || color_type
== 1 ||
2485 color_type
== 5 || color_type
> 6)
2487 png_warning(png_ptr
, "Invalid color type in IHDR");
2491 if (((color_type
== PNG_COLOR_TYPE_PALETTE
) && bit_depth
> 8) ||
2492 ((color_type
== PNG_COLOR_TYPE_RGB
||
2493 color_type
== PNG_COLOR_TYPE_GRAY_ALPHA
||
2494 color_type
== PNG_COLOR_TYPE_RGB_ALPHA
) && bit_depth
< 8))
2496 png_warning(png_ptr
, "Invalid color type/bit depth combination in IHDR");
2500 if (interlace_type
>= PNG_INTERLACE_LAST
)
2502 png_warning(png_ptr
, "Unknown interlace method in IHDR");
2506 if (compression_type
!= PNG_COMPRESSION_TYPE_BASE
)
2508 png_warning(png_ptr
, "Unknown compression method in IHDR");
2512 # ifdef PNG_MNG_FEATURES_SUPPORTED
2513 /* Accept filter_method 64 (intrapixel differencing) only if
2514 * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and
2515 * 2. Libpng did not read a PNG signature (this filter_method is only
2516 * used in PNG datastreams that are embedded in MNG datastreams) and
2517 * 3. The application called png_permit_mng_features with a mask that
2518 * included PNG_FLAG_MNG_FILTER_64 and
2519 * 4. The filter_method is 64 and
2520 * 5. The color_type is RGB or RGBA
2522 if ((png_ptr
->mode
& PNG_HAVE_PNG_SIGNATURE
) &&
2523 png_ptr
->mng_features_permitted
)
2524 png_warning(png_ptr
, "MNG features are not allowed in a PNG datastream");
2526 if (filter_type
!= PNG_FILTER_TYPE_BASE
)
2528 if (!((png_ptr
->mng_features_permitted
& PNG_FLAG_MNG_FILTER_64
) &&
2529 (filter_type
== PNG_INTRAPIXEL_DIFFERENCING
) &&
2530 ((png_ptr
->mode
& PNG_HAVE_PNG_SIGNATURE
) == 0) &&
2531 (color_type
== PNG_COLOR_TYPE_RGB
||
2532 color_type
== PNG_COLOR_TYPE_RGB_ALPHA
)))
2534 png_warning(png_ptr
, "Unknown filter method in IHDR");
2538 if (png_ptr
->mode
& PNG_HAVE_PNG_SIGNATURE
)
2540 png_warning(png_ptr
, "Invalid filter method in IHDR");
2546 if (filter_type
!= PNG_FILTER_TYPE_BASE
)
2548 png_warning(png_ptr
, "Unknown filter method in IHDR");
2554 png_error(png_ptr
, "Invalid IHDR data");
2557 #if defined(PNG_sCAL_SUPPORTED) || defined(PNG_pCAL_SUPPORTED)
2558 /* ASCII to fp functions */
2559 /* Check an ASCII formated floating point value, see the more detailed
2560 * comments in pngpriv.h
2562 /* The following is used internally to preserve the sticky flags */
2563 #define png_fp_add(state, flags) ((state) |= (flags))
2564 #define png_fp_set(state, value) ((state) = (value) | ((state) & PNG_FP_STICKY))
2567 png_check_fp_number(png_const_charp string
, png_size_t size
, int *statep
,
2568 png_size_tp whereami
)
2570 int state
= *statep
;
2571 png_size_t i
= *whereami
;
2576 /* First find the type of the next character */
2579 case 43: type
= PNG_FP_SAW_SIGN
; break;
2580 case 45: type
= PNG_FP_SAW_SIGN
+ PNG_FP_NEGATIVE
; break;
2581 case 46: type
= PNG_FP_SAW_DOT
; break;
2582 case 48: type
= PNG_FP_SAW_DIGIT
; break;
2583 case 49: case 50: case 51: case 52:
2584 case 53: case 54: case 55: case 56:
2585 case 57: type
= PNG_FP_SAW_DIGIT
+ PNG_FP_NONZERO
; break;
2587 case 101: type
= PNG_FP_SAW_E
; break;
2588 default: goto PNG_FP_End
;
2591 /* Now deal with this type according to the current
2592 * state, the type is arranged to not overlap the
2593 * bits of the PNG_FP_STATE.
2595 switch ((state
& PNG_FP_STATE
) + (type
& PNG_FP_SAW_ANY
))
2597 case PNG_FP_INTEGER
+ PNG_FP_SAW_SIGN
:
2598 if (state
& PNG_FP_SAW_ANY
)
2599 goto PNG_FP_End
; /* not a part of the number */
2601 png_fp_add(state
, type
);
2604 case PNG_FP_INTEGER
+ PNG_FP_SAW_DOT
:
2605 /* Ok as trailer, ok as lead of fraction. */
2606 if (state
& PNG_FP_SAW_DOT
) /* two dots */
2609 else if (state
& PNG_FP_SAW_DIGIT
) /* trailing dot? */
2610 png_fp_add(state
, type
);
2613 png_fp_set(state
, PNG_FP_FRACTION
| type
);
2617 case PNG_FP_INTEGER
+ PNG_FP_SAW_DIGIT
:
2618 if (state
& PNG_FP_SAW_DOT
) /* delayed fraction */
2619 png_fp_set(state
, PNG_FP_FRACTION
| PNG_FP_SAW_DOT
);
2621 png_fp_add(state
, type
| PNG_FP_WAS_VALID
);
2625 case PNG_FP_INTEGER
+ PNG_FP_SAW_E
:
2626 if ((state
& PNG_FP_SAW_DIGIT
) == 0)
2629 png_fp_set(state
, PNG_FP_EXPONENT
);
2633 /* case PNG_FP_FRACTION + PNG_FP_SAW_SIGN:
2634 goto PNG_FP_End; ** no sign in fraction */
2636 /* case PNG_FP_FRACTION + PNG_FP_SAW_DOT:
2637 goto PNG_FP_End; ** Because SAW_DOT is always set */
2639 case PNG_FP_FRACTION
+ PNG_FP_SAW_DIGIT
:
2640 png_fp_add(state
, type
| PNG_FP_WAS_VALID
);
2643 case PNG_FP_FRACTION
+ PNG_FP_SAW_E
:
2644 /* This is correct because the trailing '.' on an
2645 * integer is handled above - so we can only get here
2646 * with the sequence ".E" (with no preceding digits).
2648 if ((state
& PNG_FP_SAW_DIGIT
) == 0)
2651 png_fp_set(state
, PNG_FP_EXPONENT
);
2655 case PNG_FP_EXPONENT
+ PNG_FP_SAW_SIGN
:
2656 if (state
& PNG_FP_SAW_ANY
)
2657 goto PNG_FP_End
; /* not a part of the number */
2659 png_fp_add(state
, PNG_FP_SAW_SIGN
);
2663 /* case PNG_FP_EXPONENT + PNG_FP_SAW_DOT:
2666 case PNG_FP_EXPONENT
+ PNG_FP_SAW_DIGIT
:
2667 png_fp_add(state
, PNG_FP_SAW_DIGIT
| PNG_FP_WAS_VALID
);
2671 /* case PNG_FP_EXPONEXT + PNG_FP_SAW_E:
2674 default: goto PNG_FP_End
; /* I.e. break 2 */
2677 /* The character seems ok, continue. */
2682 /* Here at the end, update the state and return the correct
2688 return (state
& PNG_FP_SAW_DIGIT
) != 0;
2692 /* The same but for a complete string. */
2694 png_check_fp_string(png_const_charp string
, png_size_t size
)
2697 png_size_t char_index
=0;
2699 if (png_check_fp_number(string
, size
, &state
, &char_index
) &&
2700 (char_index
== size
|| string
[char_index
] == 0))
2701 return state
/* must be non-zero - see above */;
2703 return 0; /* i.e. fail */
2705 #endif /* pCAL or sCAL */
2707 #ifdef PNG_sCAL_SUPPORTED
2708 # ifdef PNG_FLOATING_POINT_SUPPORTED
2709 /* Utility used below - a simple accurate power of ten from an integral
2713 png_pow10(int power
)
2718 /* Handle negative exponent with a reciprocal at the end because
2719 * 10 is exact whereas .1 is inexact in base 2
2723 if (power
< DBL_MIN_10_EXP
) return 0;
2724 recip
= 1, power
= -power
;
2729 /* Decompose power bitwise. */
2733 if (power
& 1) d
*= mult
;
2741 /* else power is 0 and d is 1 */
2746 /* Function to format a floating point value in ASCII with a given
2750 png_ascii_from_fp(png_const_structrp png_ptr
, png_charp ascii
, png_size_t size
,
2751 double fp
, unsigned int precision
)
2753 /* We use standard functions from math.h, but not printf because
2754 * that would require stdio. The caller must supply a buffer of
2755 * sufficient size or we will png_error. The tests on size and
2756 * the space in ascii[] consumed are indicated below.
2759 precision
= DBL_DIG
;
2761 /* Enforce the limit of the implementation precision too. */
2762 if (precision
> DBL_DIG
+1)
2763 precision
= DBL_DIG
+1;
2765 /* Basic sanity checks */
2766 if (size
>= precision
+5) /* See the requirements below. */
2771 *ascii
++ = 45; /* '-' PLUS 1 TOTAL 1 */
2775 if (fp
>= DBL_MIN
&& fp
<= DBL_MAX
)
2777 int exp_b10
; /* A base 10 exponent */
2778 double base
; /* 10^exp_b10 */
2780 /* First extract a base 10 exponent of the number,
2781 * the calculation below rounds down when converting
2782 * from base 2 to base 10 (multiply by log10(2) -
2783 * 0.3010, but 77/256 is 0.3008, so exp_b10 needs to
2784 * be increased. Note that the arithmetic shift
2785 * performs a floor() unlike C arithmetic - using a
2786 * C multiply would break the following for negative
2789 (void)frexp(fp
, &exp_b10
); /* exponent to base 2 */
2791 exp_b10
= (exp_b10
* 77) >> 8; /* <= exponent to base 10 */
2793 /* Avoid underflow here. */
2794 base
= png_pow10(exp_b10
); /* May underflow */
2796 while (base
< DBL_MIN
|| base
< fp
)
2798 /* And this may overflow. */
2799 double test
= png_pow10(exp_b10
+1);
2801 if (test
<= DBL_MAX
)
2802 ++exp_b10
, base
= test
;
2808 /* Normalize fp and correct exp_b10, after this fp is in the
2809 * range [.1,1) and exp_b10 is both the exponent and the digit
2810 * *before* which the decimal point should be inserted
2811 * (starting with 0 for the first digit). Note that this
2812 * works even if 10^exp_b10 is out of range because of the
2813 * test on DBL_MAX above.
2816 while (fp
>= 1) fp
/= 10, ++exp_b10
;
2818 /* Because of the code above fp may, at this point, be
2819 * less than .1, this is ok because the code below can
2820 * handle the leading zeros this generates, so no attempt
2821 * is made to correct that here.
2825 int czero
, clead
, cdigits
;
2828 /* Allow up to two leading zeros - this will not lengthen
2829 * the number compared to using E-n.
2831 if (exp_b10
< 0 && exp_b10
> -3) /* PLUS 3 TOTAL 4 */
2833 czero
= -exp_b10
; /* PLUS 2 digits: TOTAL 3 */
2834 exp_b10
= 0; /* Dot added below before first output. */
2837 czero
= 0; /* No zeros to add */
2839 /* Generate the digit list, stripping trailing zeros and
2840 * inserting a '.' before a digit if the exponent is 0.
2842 clead
= czero
; /* Count of leading zeros */
2843 cdigits
= 0; /* Count of digits in list. */
2850 /* Use modf here, not floor and subtract, so that
2851 * the separation is done in one step. At the end
2852 * of the loop don't break the number into parts so
2853 * that the final digit is rounded.
2855 if (cdigits
+czero
-clead
+1 < (int)precision
)
2864 /* Rounding up to 10, handle that here. */
2868 if (cdigits
== 0) --clead
;
2872 while (cdigits
> 0 && d
> 9)
2876 if (exp_b10
!= (-1))
2881 ch
= *--ascii
, ++size
;
2882 /* Advance exp_b10 to '1', so that the
2883 * decimal point happens after the
2890 d
= ch
- 47; /* I.e. 1+(ch-48) */
2893 /* Did we reach the beginning? If so adjust the
2894 * exponent but take into account the leading
2897 if (d
> 9) /* cdigits == 0 */
2899 if (exp_b10
== (-1))
2901 /* Leading decimal point (plus zeros?), if
2902 * we lose the decimal point here it must
2903 * be reentered below.
2908 ++size
, exp_b10
= 1;
2910 /* Else lost a leading zero, so 'exp_b10' is
2917 /* In all cases we output a '1' */
2922 fp
= 0; /* Guarantees termination below. */
2928 if (cdigits
== 0) ++clead
;
2932 /* Included embedded zeros in the digit count. */
2933 cdigits
+= czero
- clead
;
2938 /* exp_b10 == (-1) means we just output the decimal
2939 * place - after the DP don't adjust 'exp_b10' any
2942 if (exp_b10
!= (-1))
2944 if (exp_b10
== 0) *ascii
++ = 46, --size
;
2945 /* PLUS 1: TOTAL 4 */
2948 *ascii
++ = 48, --czero
;
2951 if (exp_b10
!= (-1))
2953 if (exp_b10
== 0) *ascii
++ = 46, --size
; /* counted
2957 *ascii
++ = (char)(48 + (int)d
), ++cdigits
;
2960 while (cdigits
+czero
-clead
< (int)precision
&& fp
> DBL_MIN
);
2962 /* The total output count (max) is now 4+precision */
2964 /* Check for an exponent, if we don't need one we are
2965 * done and just need to terminate the string. At
2966 * this point exp_b10==(-1) is effectively if flag - it got
2967 * to '-1' because of the decrement after outputing
2968 * the decimal point above (the exponent required is
2971 if (exp_b10
>= (-1) && exp_b10
<= 2)
2973 /* The following only happens if we didn't output the
2974 * leading zeros above for negative exponent, so this
2975 * doest add to the digit requirement. Note that the
2976 * two zeros here can only be output if the two leading
2977 * zeros were *not* output, so this doesn't increase
2980 while (--exp_b10
>= 0) *ascii
++ = 48;
2984 /* Total buffer requirement (including the '\0') is
2985 * 5+precision - see check at the start.
2990 /* Here if an exponent is required, adjust size for
2991 * the digits we output but did not count. The total
2992 * digit output here so far is at most 1+precision - no
2993 * decimal point and no leading or trailing zeros have
2998 *ascii
++ = 69, --size
; /* 'E': PLUS 1 TOTAL 2+precision */
3000 /* The following use of an unsigned temporary avoids ambiguities in
3001 * the signed arithmetic on exp_b10 and permits GCC at least to do
3002 * better optimization.
3005 unsigned int uexp_b10
;
3009 *ascii
++ = 45, --size
; /* '-': PLUS 1 TOTAL 3+precision */
3010 uexp_b10
= -exp_b10
;
3018 while (uexp_b10
> 0)
3020 exponent
[cdigits
++] = (char)(48 + uexp_b10
% 10);
3025 /* Need another size check here for the exponent digits, so
3026 * this need not be considered above.
3028 if ((int)size
> cdigits
)
3030 while (cdigits
> 0) *ascii
++ = exponent
[--cdigits
];
3038 else if (!(fp
>= DBL_MIN
))
3040 *ascii
++ = 48; /* '0' */
3046 *ascii
++ = 105; /* 'i' */
3047 *ascii
++ = 110; /* 'n' */
3048 *ascii
++ = 102; /* 'f' */
3054 /* Here on buffer too small. */
3055 png_error(png_ptr
, "ASCII conversion buffer too small");
3058 # endif /* FLOATING_POINT */
3060 # ifdef PNG_FIXED_POINT_SUPPORTED
3061 /* Function to format a fixed point value in ASCII.
3064 png_ascii_from_fixed(png_const_structrp png_ptr
, png_charp ascii
,
3065 png_size_t size
, png_fixed_point fp
)
3067 /* Require space for 10 decimal digits, a decimal point, a minus sign and a
3068 * trailing \0, 13 characters:
3074 /* Avoid overflow here on the minimum integer. */
3076 *ascii
++ = 45, --size
, num
= -fp
;
3080 if (num
<= 0x80000000) /* else overflowed */
3082 unsigned int ndigits
= 0, first
= 16 /* flag value */;
3087 /* Split the low digit off num: */
3088 unsigned int tmp
= num
/10;
3090 digits
[ndigits
++] = (char)(48 + num
);
3091 /* Record the first non-zero digit, note that this is a number
3092 * starting at 1, it's not actually the array index.
3094 if (first
== 16 && num
> 0)
3101 while (ndigits
> 5) *ascii
++ = digits
[--ndigits
];
3102 /* The remaining digits are fractional digits, ndigits is '5' or
3103 * smaller at this point. It is certainly not zero. Check for a
3104 * non-zero fractional digit:
3109 *ascii
++ = 46; /* decimal point */
3110 /* ndigits may be <5 for small numbers, output leading zeros
3111 * then ndigits digits to first:
3114 while (ndigits
< i
) *ascii
++ = 48, --i
;
3115 while (ndigits
>= first
) *ascii
++ = digits
[--ndigits
];
3116 /* Don't output the trailing zeros! */
3122 /* And null terminate the string: */
3128 /* Here on buffer too small. */
3129 png_error(png_ptr
, "ASCII conversion buffer too small");
3131 # endif /* FIXED_POINT */
3132 #endif /* READ_SCAL */
3134 #if defined(PNG_FLOATING_POINT_SUPPORTED) && \
3135 !defined(PNG_FIXED_POINT_MACRO_SUPPORTED) && \
3136 (defined(PNG_gAMA_SUPPORTED) || defined(PNG_cHRM_SUPPORTED) || \
3137 defined(PNG_sCAL_SUPPORTED) || defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3138 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)) || \
3139 (defined(PNG_sCAL_SUPPORTED) && \
3140 defined(PNG_FLOATING_ARITHMETIC_SUPPORTED))
3142 png_fixed(png_const_structrp png_ptr
, double fp
, png_const_charp text
)
3144 double r
= floor(100000 * fp
+ .5);
3146 if (r
> 2147483647. || r
< -2147483648.)
3147 png_fixed_error(png_ptr
, text
);
3149 # ifndef PNG_ERROR_TEXT_SUPPORTED
3153 return (png_fixed_point
)r
;
3157 #if defined(PNG_GAMMA_SUPPORTED) || defined(PNG_COLORSPACE_SUPPORTED) ||\
3158 defined(PNG_INCH_CONVERSIONS_SUPPORTED) || defined(PNG_READ_pHYs_SUPPORTED)
3159 /* muldiv functions */
3160 /* This API takes signed arguments and rounds the result to the nearest
3161 * integer (or, for a fixed point number - the standard argument - to
3162 * the nearest .00001). Overflow and divide by zero are signalled in
3163 * the result, a boolean - true on success, false on overflow.
3166 png_muldiv(png_fixed_point_p res
, png_fixed_point a
, png_int_32 times
,
3169 /* Return a * times / divisor, rounded. */
3172 if (a
== 0 || times
== 0)
3179 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3185 /* A png_fixed_point is a 32-bit integer. */
3186 if (r
<= 2147483647. && r
>= -2147483648.)
3188 *res
= (png_fixed_point
)r
;
3193 png_uint_32 A
, T
, D
;
3194 png_uint_32 s16
, s32
, s00
;
3197 negative
= 1, A
= -a
;
3202 negative
= !negative
, T
= -times
;
3207 negative
= !negative
, D
= -divisor
;
3211 /* Following can't overflow because the arguments only
3212 * have 31 bits each, however the result may be 32 bits.
3214 s16
= (A
>> 16) * (T
& 0xffff) +
3215 (A
& 0xffff) * (T
>> 16);
3216 /* Can't overflow because the a*times bit is only 30
3219 s32
= (A
>> 16) * (T
>> 16) + (s16
>> 16);
3220 s00
= (A
& 0xffff) * (T
& 0xffff);
3222 s16
= (s16
& 0xffff) << 16;
3228 if (s32
< D
) /* else overflow */
3230 /* s32.s00 is now the 64-bit product, do a standard
3231 * division, we know that s32 < D, so the maximum
3232 * required shift is 31.
3235 png_fixed_point result
= 0; /* NOTE: signed */
3237 while (--bitshift
>= 0)
3239 png_uint_32 d32
, d00
;
3242 d32
= D
>> (32-bitshift
), d00
= D
<< bitshift
;
3249 if (s00
< d00
) --s32
; /* carry */
3250 s32
-= d32
, s00
-= d00
, result
+= 1<<bitshift
;
3254 if (s32
== d32
&& s00
>= d00
)
3255 s32
= 0, s00
-= d00
, result
+= 1<<bitshift
;
3258 /* Handle the rounding. */
3259 if (s00
>= (D
>> 1))
3265 /* Check for overflow. */
3266 if ((negative
&& result
<= 0) || (!negative
&& result
>= 0))
3278 #endif /* READ_GAMMA || INCH_CONVERSIONS */
3280 #if defined(PNG_READ_GAMMA_SUPPORTED) || defined(PNG_INCH_CONVERSIONS_SUPPORTED)
3281 /* The following is for when the caller doesn't much care about the
3285 png_muldiv_warn(png_const_structrp png_ptr
, png_fixed_point a
, png_int_32 times
,
3288 png_fixed_point result
;
3290 if (png_muldiv(&result
, a
, times
, divisor
))
3293 png_warning(png_ptr
, "fixed point overflow ignored");
3298 #ifdef PNG_GAMMA_SUPPORTED /* more fixed point functions for gamma */
3299 /* Calculate a reciprocal, return 0 on div-by-zero or overflow. */
3301 png_reciprocal(png_fixed_point a
)
3303 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3304 double r
= floor(1E10
/a
+.5);
3306 if (r
<= 2147483647. && r
>= -2147483648.)
3307 return (png_fixed_point
)r
;
3309 png_fixed_point res
;
3311 if (png_muldiv(&res
, 100000, 100000, a
))
3315 return 0; /* error/overflow */
3318 /* This is the shared test on whether a gamma value is 'significant' - whether
3319 * it is worth doing gamma correction.
3322 png_gamma_significant(png_fixed_point gamma_val
)
3324 return gamma_val
< PNG_FP_1
- PNG_GAMMA_THRESHOLD_FIXED
||
3325 gamma_val
> PNG_FP_1
+ PNG_GAMMA_THRESHOLD_FIXED
;
3329 #ifdef PNG_READ_GAMMA_SUPPORTED
3330 # ifdef PNG_16BIT_SUPPORTED
3331 /* A local convenience routine. */
3332 static png_fixed_point
3333 png_product2(png_fixed_point a
, png_fixed_point b
)
3335 /* The required result is 1/a * 1/b; the following preserves accuracy. */
3336 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3337 double r
= a
* 1E-5;
3341 if (r
<= 2147483647. && r
>= -2147483648.)
3342 return (png_fixed_point
)r
;
3344 png_fixed_point res
;
3346 if (png_muldiv(&res
, a
, b
, 100000))
3350 return 0; /* overflow */
3354 /* The inverse of the above. */
3356 png_reciprocal2(png_fixed_point a
, png_fixed_point b
)
3358 /* The required result is 1/a * 1/b; the following preserves accuracy. */
3359 #ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3364 if (r
<= 2147483647. && r
>= -2147483648.)
3365 return (png_fixed_point
)r
;
3367 /* This may overflow because the range of png_fixed_point isn't symmetric,
3368 * but this API is only used for the product of file and screen gamma so it
3369 * doesn't matter that the smallest number it can produce is 1/21474, not
3372 png_fixed_point res
= png_product2(a
, b
);
3375 return png_reciprocal(res
);
3378 return 0; /* overflow */
3380 #endif /* READ_GAMMA */
3382 #ifdef PNG_READ_GAMMA_SUPPORTED /* gamma table code */
3383 #ifndef PNG_FLOATING_ARITHMETIC_SUPPORTED
3384 /* Fixed point gamma.
3386 * The code to calculate the tables used below can be found in the shell script
3387 * contrib/tools/intgamma.sh
3389 * To calculate gamma this code implements fast log() and exp() calls using only
3390 * fixed point arithmetic. This code has sufficient precision for either 8-bit
3391 * or 16-bit sample values.
3393 * The tables used here were calculated using simple 'bc' programs, but C double
3394 * precision floating point arithmetic would work fine.
3397 * This is a table of -log(value/255)/log(2) for 'value' in the range 128 to
3398 * 255, so it's the base 2 logarithm of a normalized 8-bit floating point
3399 * mantissa. The numbers are 32-bit fractions.
3401 static const png_uint_32
3404 4270715492U, 4222494797U, 4174646467U, 4127164793U, 4080044201U, 4033279239U,
3405 3986864580U, 3940795015U, 3895065449U, 3849670902U, 3804606499U, 3759867474U,
3406 3715449162U, 3671346997U, 3627556511U, 3584073329U, 3540893168U, 3498011834U,
3407 3455425220U, 3413129301U, 3371120137U, 3329393864U, 3287946700U, 3246774933U,
3408 3205874930U, 3165243125U, 3124876025U, 3084770202U, 3044922296U, 3005329011U,
3409 2965987113U, 2926893432U, 2888044853U, 2849438323U, 2811070844U, 2772939474U,
3410 2735041326U, 2697373562U, 2659933400U, 2622718104U, 2585724991U, 2548951424U,
3411 2512394810U, 2476052606U, 2439922311U, 2404001468U, 2368287663U, 2332778523U,
3412 2297471715U, 2262364947U, 2227455964U, 2192742551U, 2158222529U, 2123893754U,
3413 2089754119U, 2055801552U, 2022034013U, 1988449497U, 1955046031U, 1921821672U,
3414 1888774511U, 1855902668U, 1823204291U, 1790677560U, 1758320682U, 1726131893U,
3415 1694109454U, 1662251657U, 1630556815U, 1599023271U, 1567649391U, 1536433567U,
3416 1505374214U, 1474469770U, 1443718700U, 1413119487U, 1382670639U, 1352370686U,
3417 1322218179U, 1292211689U, 1262349810U, 1232631153U, 1203054352U, 1173618059U,
3418 1144320946U, 1115161701U, 1086139034U, 1057251672U, 1028498358U, 999877854U,
3419 971388940U, 943030410U, 914801076U, 886699767U, 858725327U, 830876614U,
3420 803152505U, 775551890U, 748073672U, 720716771U, 693480120U, 666362667U,
3421 639363374U, 612481215U, 585715177U, 559064263U, 532527486U, 506103872U,
3422 479792461U, 453592303U, 427502463U, 401522014U, 375650043U, 349885648U,
3423 324227938U, 298676034U, 273229066U, 247886176U, 222646516U, 197509248U,
3424 172473545U, 147538590U, 122703574U, 97967701U, 73330182U, 48790236U,
3428 /* The following are the values for 16-bit tables - these work fine for the
3429 * 8-bit conversions but produce very slightly larger errors in the 16-bit
3430 * log (about 1.2 as opposed to 0.7 absolute error in the final value). To
3431 * use these all the shifts below must be adjusted appropriately.
3433 65166, 64430, 63700, 62976, 62257, 61543, 60835, 60132, 59434, 58741, 58054,
3434 57371, 56693, 56020, 55352, 54689, 54030, 53375, 52726, 52080, 51439, 50803,
3435 50170, 49542, 48918, 48298, 47682, 47070, 46462, 45858, 45257, 44661, 44068,
3436 43479, 42894, 42312, 41733, 41159, 40587, 40020, 39455, 38894, 38336, 37782,
3437 37230, 36682, 36137, 35595, 35057, 34521, 33988, 33459, 32932, 32408, 31887,
3438 31369, 30854, 30341, 29832, 29325, 28820, 28319, 27820, 27324, 26830, 26339,
3439 25850, 25364, 24880, 24399, 23920, 23444, 22970, 22499, 22029, 21562, 21098,
3440 20636, 20175, 19718, 19262, 18808, 18357, 17908, 17461, 17016, 16573, 16132,
3441 15694, 15257, 14822, 14390, 13959, 13530, 13103, 12678, 12255, 11834, 11415,
3442 10997, 10582, 10168, 9756, 9346, 8937, 8531, 8126, 7723, 7321, 6921, 6523,
3443 6127, 5732, 5339, 4947, 4557, 4169, 3782, 3397, 3014, 2632, 2251, 1872, 1495,
3449 png_log8bit(unsigned int x
)
3451 unsigned int lg2
= 0;
3452 /* Each time 'x' is multiplied by 2, 1 must be subtracted off the final log,
3453 * because the log is actually negate that means adding 1. The final
3454 * returned value thus has the range 0 (for 255 input) to 7.994 (for 1
3455 * input), return -1 for the overflow (log 0) case, - so the result is
3456 * always at most 19 bits.
3458 if ((x
&= 0xff) == 0)
3461 if ((x
& 0xf0) == 0)
3464 if ((x
& 0xc0) == 0)
3467 if ((x
& 0x80) == 0)
3470 /* result is at most 19 bits, so this cast is safe: */
3471 return (png_int_32
)((lg2
<< 16) + ((png_8bit_l2
[x
-128]+32768)>>16));
3474 /* The above gives exact (to 16 binary places) log2 values for 8-bit images,
3475 * for 16-bit images we use the most significant 8 bits of the 16-bit value to
3476 * get an approximation then multiply the approximation by a correction factor
3477 * determined by the remaining up to 8 bits. This requires an additional step
3478 * in the 16-bit case.
3480 * We want log2(value/65535), we have log2(v'/255), where:
3482 * value = v' * 256 + v''
3485 * So f is value/v', which is equal to (256+v''/v') since v' is in the range 128
3486 * to 255 and v'' is in the range 0 to 255 f will be in the range 256 to less
3487 * than 258. The final factor also needs to correct for the fact that our 8-bit
3488 * value is scaled by 255, whereas the 16-bit values must be scaled by 65535.
3490 * This gives a final formula using a calculated value 'x' which is value/v' and
3491 * scaling by 65536 to match the above table:
3493 * log2(x/257) * 65536
3495 * Since these numbers are so close to '1' we can use simple linear
3496 * interpolation between the two end values 256/257 (result -368.61) and 258/257
3497 * (result 367.179). The values used below are scaled by a further 64 to give
3498 * 16-bit precision in the interpolation:
3500 * Start (256): -23591
3505 png_log16bit(png_uint_32 x
)
3507 unsigned int lg2
= 0;
3509 /* As above, but now the input has 16 bits. */
3510 if ((x
&= 0xffff) == 0)
3513 if ((x
& 0xff00) == 0)
3516 if ((x
& 0xf000) == 0)
3519 if ((x
& 0xc000) == 0)
3522 if ((x
& 0x8000) == 0)
3525 /* Calculate the base logarithm from the top 8 bits as a 28-bit fractional
3529 lg2
+= (png_8bit_l2
[(x
>>8)-128]+8) >> 4;
3531 /* Now we need to interpolate the factor, this requires a division by the top
3532 * 8 bits. Do this with maximum precision.
3534 x
= ((x
<< 16) + (x
>> 9)) / (x
>> 8);
3536 /* Since we divided by the top 8 bits of 'x' there will be a '1' at 1<<24,
3537 * the value at 1<<16 (ignoring this) will be 0 or 1; this gives us exactly
3538 * 16 bits to interpolate to get the low bits of the result. Round the
3539 * answer. Note that the end point values are scaled by 64 to retain overall
3540 * precision and that 'lg2' is current scaled by an extra 12 bits, so adjust
3541 * the overall scaling by 6-12. Round at every step.
3545 if (x
<= 65536U) /* <= '257' */
3546 lg2
+= ((23591U * (65536U-x
)) + (1U << (16+6-12-1))) >> (16+6-12);
3549 lg2
-= ((23499U * (x
-65536U)) + (1U << (16+6-12-1))) >> (16+6-12);
3551 /* Safe, because the result can't have more than 20 bits: */
3552 return (png_int_32
)((lg2
+ 2048) >> 12);
3555 /* The 'exp()' case must invert the above, taking a 20-bit fixed point
3556 * logarithmic value and returning a 16 or 8-bit number as appropriate. In
3557 * each case only the low 16 bits are relevant - the fraction - since the
3558 * integer bits (the top 4) simply determine a shift.
3560 * The worst case is the 16-bit distinction between 65535 and 65534, this
3561 * requires perhaps spurious accuracty in the decoding of the logarithm to
3562 * distinguish log2(65535/65534.5) - 10^-5 or 17 bits. There is little chance
3563 * of getting this accuracy in practice.
3565 * To deal with this the following exp() function works out the exponent of the
3566 * frational part of the logarithm by using an accurate 32-bit value from the
3567 * top four fractional bits then multiplying in the remaining bits.
3569 static const png_uint_32
3572 /* NOTE: the first entry is deliberately set to the maximum 32-bit value. */
3573 4294967295U, 4112874773U, 3938502376U, 3771522796U, 3611622603U, 3458501653U,
3574 3311872529U, 3171459999U, 3037000500U, 2908241642U, 2784941738U, 2666869345U,
3575 2553802834U, 2445529972U, 2341847524U, 2242560872U
3578 /* Adjustment table; provided to explain the numbers in the code below. */
3580 for (i
=11;i
>=0;--i
){ print i
, " ", (1 - e(-(2^i
)/65536*l(2))) * 2^(32-i
), "\n"}
3581 11 44937.64284865548751208448
3582 10 45180.98734845585101160448
3583 9 45303.31936980687359311872
3584 8 45364.65110595323018870784
3585 7 45395.35850361789624614912
3586 6 45410.72259715102037508096
3587 5 45418.40724413220722311168
3588 4 45422.25021786898173001728
3589 3 45424.17186732298419044352
3590 2 45425.13273269940811464704
3591 1 45425.61317555035558641664
3592 0 45425.85339951654943850496
3596 png_exp(png_fixed_point x
)
3598 if (x
> 0 && x
<= 0xfffff) /* Else overflow or zero (underflow) */
3600 /* Obtain a 4-bit approximation */
3601 png_uint_32 e
= png_32bit_exp
[(x
>> 12) & 0xf];
3603 /* Incorporate the low 12 bits - these decrease the returned value by
3604 * multiplying by a number less than 1 if the bit is set. The multiplier
3605 * is determined by the above table and the shift. Notice that the values
3606 * converge on 45426 and this is used to allow linear interpolation of the
3610 e
-= (((e
>> 16) * 44938U) + 16U) >> 5;
3613 e
-= (((e
>> 16) * 45181U) + 32U) >> 6;
3616 e
-= (((e
>> 16) * 45303U) + 64U) >> 7;
3619 e
-= (((e
>> 16) * 45365U) + 128U) >> 8;
3622 e
-= (((e
>> 16) * 45395U) + 256U) >> 9;
3625 e
-= (((e
>> 16) * 45410U) + 512U) >> 10;
3627 /* And handle the low 6 bits in a single block. */
3628 e
-= (((e
>> 16) * 355U * (x
& 0x3fU
)) + 256U) >> 9;
3630 /* Handle the upper bits of x. */
3635 /* Check for overflow */
3637 return png_32bit_exp
[0];
3639 /* Else underflow */
3644 png_exp8bit(png_fixed_point lg2
)
3646 /* Get a 32-bit value: */
3647 png_uint_32 x
= png_exp(lg2
);
3649 /* Convert the 32-bit value to 0..255 by multiplying by 256-1, note that the
3650 * second, rounding, step can't overflow because of the first, subtraction,
3654 return (png_byte
)((x
+ 0x7fffffU
) >> 24);
3657 #ifdef PNG_16BIT_SUPPORTED
3659 png_exp16bit(png_fixed_point lg2
)
3661 /* Get a 32-bit value: */
3662 png_uint_32 x
= png_exp(lg2
);
3664 /* Convert the 32-bit value to 0..65535 by multiplying by 65536-1: */
3666 return (png_uint_16
)((x
+ 32767U) >> 16);
3669 #endif /* FLOATING_ARITHMETIC */
3672 png_gamma_8bit_correct(unsigned int value
, png_fixed_point gamma_val
)
3674 if (value
> 0 && value
< 255)
3676 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3677 double r
= floor(255*pow(value
/255.,gamma_val
*.00001)+.5);
3680 png_int_32 lg2
= png_log8bit(value
);
3681 png_fixed_point res
;
3683 if (png_muldiv(&res
, gamma_val
, lg2
, PNG_FP_1
))
3684 return png_exp8bit(res
);
3691 return (png_byte
)value
;
3694 #ifdef PNG_16BIT_SUPPORTED
3696 png_gamma_16bit_correct(unsigned int value
, png_fixed_point gamma_val
)
3698 if (value
> 0 && value
< 65535)
3700 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3701 double r
= floor(65535*pow(value
/65535.,gamma_val
*.00001)+.5);
3702 return (png_uint_16
)r
;
3704 png_int_32 lg2
= png_log16bit(value
);
3705 png_fixed_point res
;
3707 if (png_muldiv(&res
, gamma_val
, lg2
, PNG_FP_1
))
3708 return png_exp16bit(res
);
3715 return (png_uint_16
)value
;
3719 /* This does the right thing based on the bit_depth field of the
3720 * png_struct, interpreting values as 8-bit or 16-bit. While the result
3721 * is nominally a 16-bit value if bit depth is 8 then the result is
3722 * 8-bit (as are the arguments.)
3724 png_uint_16
/* PRIVATE */
3725 png_gamma_correct(png_structrp png_ptr
, unsigned int value
,
3726 png_fixed_point gamma_val
)
3728 if (png_ptr
->bit_depth
== 8)
3729 return png_gamma_8bit_correct(value
, gamma_val
);
3731 #ifdef PNG_16BIT_SUPPORTED
3733 return png_gamma_16bit_correct(value
, gamma_val
);
3735 /* should not reach this */
3740 #ifdef PNG_16BIT_SUPPORTED
3741 /* Internal function to build a single 16-bit table - the table consists of
3742 * 'num' 256 entry subtables, where 'num' is determined by 'shift' - the amount
3743 * to shift the input values right (or 16-number_of_signifiant_bits).
3745 * The caller is responsible for ensuring that the table gets cleaned up on
3746 * png_error (i.e. if one of the mallocs below fails) - i.e. the *table argument
3747 * should be somewhere that will be cleaned.
3750 png_build_16bit_table(png_structrp png_ptr
, png_uint_16pp
*ptable
,
3751 PNG_CONST
unsigned int shift
, PNG_CONST png_fixed_point gamma_val
)
3753 /* Various values derived from 'shift': */
3754 PNG_CONST
unsigned int num
= 1U << (8U - shift
);
3755 PNG_CONST
unsigned int max
= (1U << (16U - shift
))-1U;
3756 PNG_CONST
unsigned int max_by_2
= 1U << (15U-shift
);
3759 png_uint_16pp table
= *ptable
=
3760 (png_uint_16pp
)png_calloc(png_ptr
, num
* (sizeof (png_uint_16p
)));
3762 for (i
= 0; i
< num
; i
++)
3764 png_uint_16p sub_table
= table
[i
] =
3765 (png_uint_16p
)png_malloc(png_ptr
, 256 * (sizeof (png_uint_16
)));
3767 /* The 'threshold' test is repeated here because it can arise for one of
3768 * the 16-bit tables even if the others don't hit it.
3770 if (png_gamma_significant(gamma_val
))
3772 /* The old code would overflow at the end and this would cause the
3773 * 'pow' function to return a result >1, resulting in an
3774 * arithmetic error. This code follows the spec exactly; ig is
3775 * the recovered input sample, it always has 8-16 bits.
3777 * We want input * 65535/max, rounded, the arithmetic fits in 32
3778 * bits (unsigned) so long as max <= 32767.
3781 for (j
= 0; j
< 256; j
++)
3783 png_uint_32 ig
= (j
<< (8-shift
)) + i
;
3784 # ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3785 /* Inline the 'max' scaling operation: */
3786 double d
= floor(65535*pow(ig
/(double)max
, gamma_val
*.00001)+.5);
3787 sub_table
[j
] = (png_uint_16
)d
;
3790 ig
= (ig
* 65535U + max_by_2
)/max
;
3792 sub_table
[j
] = png_gamma_16bit_correct(ig
, gamma_val
);
3798 /* We must still build a table, but do it the fast way. */
3801 for (j
= 0; j
< 256; j
++)
3803 png_uint_32 ig
= (j
<< (8-shift
)) + i
;
3806 ig
= (ig
* 65535U + max_by_2
)/max
;
3808 sub_table
[j
] = (png_uint_16
)ig
;
3814 /* NOTE: this function expects the *inverse* of the overall gamma transformation
3818 png_build_16to8_table(png_structrp png_ptr
, png_uint_16pp
*ptable
,
3819 PNG_CONST
unsigned int shift
, PNG_CONST png_fixed_point gamma_val
)
3821 PNG_CONST
unsigned int num
= 1U << (8U - shift
);
3822 PNG_CONST
unsigned int max
= (1U << (16U - shift
))-1U;
3826 png_uint_16pp table
= *ptable
=
3827 (png_uint_16pp
)png_calloc(png_ptr
, num
* (sizeof (png_uint_16p
)));
3829 /* 'num' is the number of tables and also the number of low bits of low
3830 * bits of the input 16-bit value used to select a table. Each table is
3831 * itself index by the high 8 bits of the value.
3833 for (i
= 0; i
< num
; i
++)
3834 table
[i
] = (png_uint_16p
)png_malloc(png_ptr
,
3835 256 * (sizeof (png_uint_16
)));
3837 /* 'gamma_val' is set to the reciprocal of the value calculated above, so
3838 * pow(out,g) is an *input* value. 'last' is the last input value set.
3840 * In the loop 'i' is used to find output values. Since the output is
3841 * 8-bit there are only 256 possible values. The tables are set up to
3842 * select the closest possible output value for each input by finding
3843 * the input value at the boundary between each pair of output values
3844 * and filling the table up to that boundary with the lower output
3847 * The boundary values are 0.5,1.5..253.5,254.5. Since these are 9-bit
3848 * values the code below uses a 16-bit value in i; the values start at
3849 * 128.5 (for 0.5) and step by 257, for a total of 254 values (the last
3850 * entries are filled with 255). Start i at 128 and fill all 'last'
3851 * table entries <= 'max'
3854 for (i
= 0; i
< 255; ++i
) /* 8-bit output value */
3856 /* Find the corresponding maximum input value */
3857 png_uint_16 out
= (png_uint_16
)(i
* 257U); /* 16-bit output value */
3859 /* Find the boundary value in 16 bits: */
3860 png_uint_32 bound
= png_gamma_16bit_correct(out
+128U, gamma_val
);
3862 /* Adjust (round) to (16-shift) bits: */
3863 bound
= (bound
* max
+ 32768U)/65535U + 1U;
3865 while (last
< bound
)
3867 table
[last
& (0xffU
>> shift
)][last
>> (8U - shift
)] = out
;
3872 /* And fill in the final entries. */
3873 while (last
< (num
<< 8))
3875 table
[last
& (0xff >> shift
)][last
>> (8U - shift
)] = 65535U;
3881 /* Build a single 8-bit table: same as the 16-bit case but much simpler (and
3882 * typically much faster). Note that libpng currently does no sBIT processing
3883 * (apparently contrary to the spec) so a 256 entry table is always generated.
3886 png_build_8bit_table(png_structrp png_ptr
, png_bytepp ptable
,
3887 PNG_CONST png_fixed_point gamma_val
)
3890 png_bytep table
= *ptable
= (png_bytep
)png_malloc(png_ptr
, 256);
3892 if (png_gamma_significant(gamma_val
)) for (i
=0; i
<256; i
++)
3893 table
[i
] = png_gamma_8bit_correct(i
, gamma_val
);
3895 else for (i
=0; i
<256; ++i
)
3896 table
[i
] = (png_byte
)i
;
3899 /* Used from png_read_destroy and below to release the memory used by the gamma
3903 png_destroy_gamma_table(png_structrp png_ptr
)
3905 png_free(png_ptr
, png_ptr
->gamma_table
);
3906 png_ptr
->gamma_table
= NULL
;
3908 #ifdef PNG_16BIT_SUPPORTED
3909 if (png_ptr
->gamma_16_table
!= NULL
)
3912 int istop
= (1 << (8 - png_ptr
->gamma_shift
));
3913 for (i
= 0; i
< istop
; i
++)
3915 png_free(png_ptr
, png_ptr
->gamma_16_table
[i
]);
3917 png_free(png_ptr
, png_ptr
->gamma_16_table
);
3918 png_ptr
->gamma_16_table
= NULL
;
3922 #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3923 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
3924 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
3925 png_free(png_ptr
, png_ptr
->gamma_from_1
);
3926 png_ptr
->gamma_from_1
= NULL
;
3927 png_free(png_ptr
, png_ptr
->gamma_to_1
);
3928 png_ptr
->gamma_to_1
= NULL
;
3930 #ifdef PNG_16BIT_SUPPORTED
3931 if (png_ptr
->gamma_16_from_1
!= NULL
)
3934 int istop
= (1 << (8 - png_ptr
->gamma_shift
));
3935 for (i
= 0; i
< istop
; i
++)
3937 png_free(png_ptr
, png_ptr
->gamma_16_from_1
[i
]);
3939 png_free(png_ptr
, png_ptr
->gamma_16_from_1
);
3940 png_ptr
->gamma_16_from_1
= NULL
;
3942 if (png_ptr
->gamma_16_to_1
!= NULL
)
3945 int istop
= (1 << (8 - png_ptr
->gamma_shift
));
3946 for (i
= 0; i
< istop
; i
++)
3948 png_free(png_ptr
, png_ptr
->gamma_16_to_1
[i
]);
3950 png_free(png_ptr
, png_ptr
->gamma_16_to_1
);
3951 png_ptr
->gamma_16_to_1
= NULL
;
3954 #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
3957 /* We build the 8- or 16-bit gamma tables here. Note that for 16-bit
3958 * tables, we don't make a full table if we are reducing to 8-bit in
3959 * the future. Note also how the gamma_16 tables are segmented so that
3960 * we don't need to allocate > 64K chunks for a full 16-bit table.
3963 png_build_gamma_table(png_structrp png_ptr
, int bit_depth
)
3965 png_debug(1, "in png_build_gamma_table");
3967 /* Remove any existing table; this copes with multiple calls to
3968 * png_read_update_info. The warning is because building the gamma tables
3969 * multiple times is a performance hit - it's harmless but the ability to call
3970 * png_read_update_info() multiple times is new in 1.5.6 so it seems sensible
3971 * to warn if the app introduces such a hit.
3973 if (png_ptr
->gamma_table
!= NULL
|| png_ptr
->gamma_16_table
!= NULL
)
3975 png_warning(png_ptr
, "gamma table being rebuilt");
3976 png_destroy_gamma_table(png_ptr
);
3981 png_build_8bit_table(png_ptr
, &png_ptr
->gamma_table
,
3982 png_ptr
->screen_gamma
> 0 ?
png_reciprocal2(png_ptr
->colorspace
.gamma
,
3983 png_ptr
->screen_gamma
) : PNG_FP_1
);
3985 #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
3986 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
3987 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
3988 if (png_ptr
->transformations
& (PNG_COMPOSE
| PNG_RGB_TO_GRAY
))
3990 png_build_8bit_table(png_ptr
, &png_ptr
->gamma_to_1
,
3991 png_reciprocal(png_ptr
->colorspace
.gamma
));
3993 png_build_8bit_table(png_ptr
, &png_ptr
->gamma_from_1
,
3994 png_ptr
->screen_gamma
> 0 ?
png_reciprocal(png_ptr
->screen_gamma
) :
3995 png_ptr
->colorspace
.gamma
/* Probably doing rgb_to_gray */);
3997 #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
3999 #ifdef PNG_16BIT_SUPPORTED
4002 png_byte shift
, sig_bit
;
4004 if (png_ptr
->color_type
& PNG_COLOR_MASK_COLOR
)
4006 sig_bit
= png_ptr
->sig_bit
.red
;
4008 if (png_ptr
->sig_bit
.green
> sig_bit
)
4009 sig_bit
= png_ptr
->sig_bit
.green
;
4011 if (png_ptr
->sig_bit
.blue
> sig_bit
)
4012 sig_bit
= png_ptr
->sig_bit
.blue
;
4015 sig_bit
= png_ptr
->sig_bit
.gray
;
4017 /* 16-bit gamma code uses this equation:
4019 * ov = table[(iv & 0xff) >> gamma_shift][iv >> 8]
4021 * Where 'iv' is the input color value and 'ov' is the output value -
4024 * Thus the gamma table consists of up to 256 256 entry tables. The table
4025 * is selected by the (8-gamma_shift) most significant of the low 8 bits of
4026 * the color value then indexed by the upper 8 bits:
4028 * table[low bits][high 8 bits]
4030 * So the table 'n' corresponds to all those 'iv' of:
4032 * <all high 8-bit values><n << gamma_shift>..<(n+1 << gamma_shift)-1>
4035 if (sig_bit
> 0 && sig_bit
< 16U)
4036 shift
= (png_byte
)(16U - sig_bit
); /* shift == insignificant bits */
4039 shift
= 0; /* keep all 16 bits */
4041 if (png_ptr
->transformations
& (PNG_16_TO_8
| PNG_SCALE_16_TO_8
))
4043 /* PNG_MAX_GAMMA_8 is the number of bits to keep - effectively
4044 * the significant bits in the *input* when the output will
4045 * eventually be 8 bits. By default it is 11.
4047 if (shift
< (16U - PNG_MAX_GAMMA_8
))
4048 shift
= (16U - PNG_MAX_GAMMA_8
);
4052 shift
= 8U; /* Guarantees at least one table! */
4054 png_ptr
->gamma_shift
= shift
;
4056 /* NOTE: prior to 1.5.4 this test used to include PNG_BACKGROUND (now
4057 * PNG_COMPOSE). This effectively smashed the background calculation for
4058 * 16-bit output because the 8-bit table assumes the result will be reduced
4061 if (png_ptr
->transformations
& (PNG_16_TO_8
| PNG_SCALE_16_TO_8
))
4062 png_build_16to8_table(png_ptr
, &png_ptr
->gamma_16_table
, shift
,
4063 png_ptr
->screen_gamma
> 0 ?
png_product2(png_ptr
->colorspace
.gamma
,
4064 png_ptr
->screen_gamma
) : PNG_FP_1
);
4067 png_build_16bit_table(png_ptr
, &png_ptr
->gamma_16_table
, shift
,
4068 png_ptr
->screen_gamma
> 0 ?
png_reciprocal2(png_ptr
->colorspace
.gamma
,
4069 png_ptr
->screen_gamma
) : PNG_FP_1
);
4071 #if defined(PNG_READ_BACKGROUND_SUPPORTED) || \
4072 defined(PNG_READ_ALPHA_MODE_SUPPORTED) || \
4073 defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
4074 if (png_ptr
->transformations
& (PNG_COMPOSE
| PNG_RGB_TO_GRAY
))
4076 png_build_16bit_table(png_ptr
, &png_ptr
->gamma_16_to_1
, shift
,
4077 png_reciprocal(png_ptr
->colorspace
.gamma
));
4079 /* Notice that the '16 from 1' table should be full precision, however
4080 * the lookup on this table still uses gamma_shift, so it can't be.
4083 png_build_16bit_table(png_ptr
, &png_ptr
->gamma_16_from_1
, shift
,
4084 png_ptr
->screen_gamma
> 0 ?
png_reciprocal(png_ptr
->screen_gamma
) :
4085 png_ptr
->colorspace
.gamma
/* Probably doing rgb_to_gray */);
4087 #endif /* READ_BACKGROUND || READ_ALPHA_MODE || RGB_TO_GRAY */
4091 #endif /* READ_GAMMA */
4093 /* HARDWARE OPTION SUPPORT */
4094 #ifdef PNG_SET_OPTION_SUPPORTED
4096 png_set_option(png_structrp png_ptr
, int option
, int onoff
)
4098 if (png_ptr
!= NULL
&& option
>= 0 && option
< PNG_OPTION_NEXT
&&
4101 int mask
= 3 << option
;
4102 int setting
= (2 + (onoff
!= 0)) << option
;
4103 int current
= png_ptr
->options
;
4105 png_ptr
->options
= (png_byte
)((current
& ~mask
) | setting
);
4107 return (current
& mask
) >> option
;
4110 return PNG_OPTION_INVALID
;
4115 #if defined(PNG_SIMPLIFIED_READ_SUPPORTED) ||\
4116 defined(PNG_SIMPLIFIED_WRITE_SUPPORTED)
4117 /* sRGB conversion tables; these are machine generated with the code in
4118 * contrib/tools/makesRGB.c. The actual sRGB transfer curve defined in the
4119 * specification (see the article at http://en.wikipedia.org/wiki/SRGB)
4120 * is used, not the gamma=1/2.2 approximation use elsewhere in libpng.
4121 * The sRGB to linear table is exact (to the nearest 16 bit linear fraction).
4122 * The inverse (linear to sRGB) table has accuracies as follows:
4124 * For all possible (255*65535+1) input values:
4126 * error: -0.515566 - 0.625971, 79441 (0.475369%) of readings inexact
4128 * For the input values corresponding to the 65536 16-bit values:
4130 * error: -0.513727 - 0.607759, 308 (0.469978%) of readings inexact
4132 * In all cases the inexact readings are off by one.
4135 #ifdef PNG_SIMPLIFIED_READ_SUPPORTED
4136 /* The convert-to-sRGB table is only currently required for read. */
4137 const png_uint_16 png_sRGB_table
[256] =
4139 0,20,40,60,80,99,119,139,
4140 159,179,199,219,241,264,288,313,
4141 340,367,396,427,458,491,526,562,
4142 599,637,677,718,761,805,851,898,
4143 947,997,1048,1101,1156,1212,1270,1330,
4144 1391,1453,1517,1583,1651,1720,1790,1863,
4145 1937,2013,2090,2170,2250,2333,2418,2504,
4146 2592,2681,2773,2866,2961,3058,3157,3258,
4147 3360,3464,3570,3678,3788,3900,4014,4129,
4148 4247,4366,4488,4611,4736,4864,4993,5124,
4149 5257,5392,5530,5669,5810,5953,6099,6246,
4150 6395,6547,6700,6856,7014,7174,7335,7500,
4151 7666,7834,8004,8177,8352,8528,8708,8889,
4152 9072,9258,9445,9635,9828,10022,10219,10417,
4153 10619,10822,11028,11235,11446,11658,11873,12090,
4154 12309,12530,12754,12980,13209,13440,13673,13909,
4155 14146,14387,14629,14874,15122,15371,15623,15878,
4156 16135,16394,16656,16920,17187,17456,17727,18001,
4157 18277,18556,18837,19121,19407,19696,19987,20281,
4158 20577,20876,21177,21481,21787,22096,22407,22721,
4159 23038,23357,23678,24002,24329,24658,24990,25325,
4160 25662,26001,26344,26688,27036,27386,27739,28094,
4161 28452,28813,29176,29542,29911,30282,30656,31033,
4162 31412,31794,32179,32567,32957,33350,33745,34143,
4163 34544,34948,35355,35764,36176,36591,37008,37429,
4164 37852,38278,38706,39138,39572,40009,40449,40891,
4165 41337,41785,42236,42690,43147,43606,44069,44534,
4166 45002,45473,45947,46423,46903,47385,47871,48359,
4167 48850,49344,49841,50341,50844,51349,51858,52369,
4168 52884,53401,53921,54445,54971,55500,56032,56567,
4169 57105,57646,58190,58737,59287,59840,60396,60955,
4170 61517,62082,62650,63221,63795,64372,64952,65535
4173 #endif /* simplified read only */
4175 /* The base/delta tables are required for both read and write (but currently
4176 * only the simplified versions.)
4178 const png_uint_16 png_sRGB_base
[512] =
4180 128,1782,3383,4644,5675,6564,7357,8074,
4181 8732,9346,9921,10463,10977,11466,11935,12384,
4182 12816,13233,13634,14024,14402,14769,15125,15473,
4183 15812,16142,16466,16781,17090,17393,17690,17981,
4184 18266,18546,18822,19093,19359,19621,19879,20133,
4185 20383,20630,20873,21113,21349,21583,21813,22041,
4186 22265,22487,22707,22923,23138,23350,23559,23767,
4187 23972,24175,24376,24575,24772,24967,25160,25352,
4188 25542,25730,25916,26101,26284,26465,26645,26823,
4189 27000,27176,27350,27523,27695,27865,28034,28201,
4190 28368,28533,28697,28860,29021,29182,29341,29500,
4191 29657,29813,29969,30123,30276,30429,30580,30730,
4192 30880,31028,31176,31323,31469,31614,31758,31902,
4193 32045,32186,32327,32468,32607,32746,32884,33021,
4194 33158,33294,33429,33564,33697,33831,33963,34095,
4195 34226,34357,34486,34616,34744,34873,35000,35127,
4196 35253,35379,35504,35629,35753,35876,35999,36122,
4197 36244,36365,36486,36606,36726,36845,36964,37083,
4198 37201,37318,37435,37551,37668,37783,37898,38013,
4199 38127,38241,38354,38467,38580,38692,38803,38915,
4200 39026,39136,39246,39356,39465,39574,39682,39790,
4201 39898,40005,40112,40219,40325,40431,40537,40642,
4202 40747,40851,40955,41059,41163,41266,41369,41471,
4203 41573,41675,41777,41878,41979,42079,42179,42279,
4204 42379,42478,42577,42676,42775,42873,42971,43068,
4205 43165,43262,43359,43456,43552,43648,43743,43839,
4206 43934,44028,44123,44217,44311,44405,44499,44592,
4207 44685,44778,44870,44962,45054,45146,45238,45329,
4208 45420,45511,45601,45692,45782,45872,45961,46051,
4209 46140,46229,46318,46406,46494,46583,46670,46758,
4210 46846,46933,47020,47107,47193,47280,47366,47452,
4211 47538,47623,47709,47794,47879,47964,48048,48133,
4212 48217,48301,48385,48468,48552,48635,48718,48801,
4213 48884,48966,49048,49131,49213,49294,49376,49458,
4214 49539,49620,49701,49782,49862,49943,50023,50103,
4215 50183,50263,50342,50422,50501,50580,50659,50738,
4216 50816,50895,50973,51051,51129,51207,51285,51362,
4217 51439,51517,51594,51671,51747,51824,51900,51977,
4218 52053,52129,52205,52280,52356,52432,52507,52582,
4219 52657,52732,52807,52881,52956,53030,53104,53178,
4220 53252,53326,53400,53473,53546,53620,53693,53766,
4221 53839,53911,53984,54056,54129,54201,54273,54345,
4222 54417,54489,54560,54632,54703,54774,54845,54916,
4223 54987,55058,55129,55199,55269,55340,55410,55480,
4224 55550,55620,55689,55759,55828,55898,55967,56036,
4225 56105,56174,56243,56311,56380,56448,56517,56585,
4226 56653,56721,56789,56857,56924,56992,57059,57127,
4227 57194,57261,57328,57395,57462,57529,57595,57662,
4228 57728,57795,57861,57927,57993,58059,58125,58191,
4229 58256,58322,58387,58453,58518,58583,58648,58713,
4230 58778,58843,58908,58972,59037,59101,59165,59230,
4231 59294,59358,59422,59486,59549,59613,59677,59740,
4232 59804,59867,59930,59993,60056,60119,60182,60245,
4233 60308,60370,60433,60495,60558,60620,60682,60744,
4234 60806,60868,60930,60992,61054,61115,61177,61238,
4235 61300,61361,61422,61483,61544,61605,61666,61727,
4236 61788,61848,61909,61969,62030,62090,62150,62211,
4237 62271,62331,62391,62450,62510,62570,62630,62689,
4238 62749,62808,62867,62927,62986,63045,63104,63163,
4239 63222,63281,63340,63398,63457,63515,63574,63632,
4240 63691,63749,63807,63865,63923,63981,64039,64097,
4241 64155,64212,64270,64328,64385,64443,64500,64557,
4242 64614,64672,64729,64786,64843,64900,64956,65013,
4243 65070,65126,65183,65239,65296,65352,65409,65465
4246 const png_byte png_sRGB_delta
[512] =
4248 207,201,158,129,113,100,90,82,77,72,68,64,61,59,56,54,
4249 52,50,49,47,46,45,43,42,41,40,39,39,38,37,36,36,
4250 35,34,34,33,33,32,32,31,31,30,30,30,29,29,28,28,
4251 28,27,27,27,27,26,26,26,25,25,25,25,24,24,24,24,
4252 23,23,23,23,23,22,22,22,22,22,22,21,21,21,21,21,
4253 21,20,20,20,20,20,20,20,20,19,19,19,19,19,19,19,
4254 19,18,18,18,18,18,18,18,18,18,18,17,17,17,17,17,
4255 17,17,17,17,17,17,16,16,16,16,16,16,16,16,16,16,
4256 16,16,16,16,15,15,15,15,15,15,15,15,15,15,15,15,
4257 15,15,15,15,14,14,14,14,14,14,14,14,14,14,14,14,
4258 14,14,14,14,14,14,14,13,13,13,13,13,13,13,13,13,
4259 13,13,13,13,13,13,13,13,13,13,13,13,13,13,12,12,
4260 12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,12,
4261 12,12,12,12,12,12,12,12,12,12,12,12,11,11,11,11,
4262 11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,
4263 11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,11,
4264 11,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,
4265 10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,
4266 10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,10,
4267 10,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4268 9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4269 9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4270 9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,9,
4271 9,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4272 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4273 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4274 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4275 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
4276 8,8,8,8,8,8,8,8,8,7,7,7,7,7,7,7,
4277 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
4278 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
4279 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7
4281 #endif /* SIMPLIFIED READ/WRITE sRGB support */
4283 /* SIMPLIFIED READ/WRITE SUPPORT */
4284 #if defined(PNG_SIMPLIFIED_READ_SUPPORTED) ||\
4285 defined(PNG_SIMPLIFIED_WRITE_SUPPORTED)
4287 png_image_free_function(png_voidp argument
)
4289 png_imagep image
= png_voidcast(png_imagep
, argument
);
4290 png_controlp cp
= image
->opaque
;
4293 /* Double check that we have a png_ptr - it should be impossible to get here
4296 if (cp
->png_ptr
== NULL
)
4299 /* First free any data held in the control structure. */
4300 # ifdef PNG_STDIO_SUPPORTED
4303 FILE *fp
= png_voidcast(FILE*, cp
->png_ptr
->io_ptr
);
4306 /* Ignore errors here. */
4309 cp
->png_ptr
->io_ptr
= NULL
;
4315 /* Copy the control structure so that the original, allocated, version can be
4316 * safely freed. Notice that a png_error here stops the remainder of the
4317 * cleanup, but this is probably fine because that would indicate bad memory
4322 png_free(c
.png_ptr
, cp
);
4324 /* Then the structures, calling the correct API. */
4327 # ifdef PNG_SIMPLIFIED_WRITE_SUPPORTED
4328 png_destroy_write_struct(&c
.png_ptr
, &c
.info_ptr
);
4330 png_error(c
.png_ptr
, "simplified write not supported");
4335 # ifdef PNG_SIMPLIFIED_READ_SUPPORTED
4336 png_destroy_read_struct(&c
.png_ptr
, &c
.info_ptr
, NULL
);
4338 png_error(c
.png_ptr
, "simplified read not supported");
4347 png_image_free(png_imagep image
)
4349 /* Safely call the real function, but only if doing so is safe at this point
4350 * (if not inside an error handling context). Otherwise assume
4351 * png_safe_execute will call this API after the return.
4353 if (image
!= NULL
&& image
->opaque
!= NULL
&&
4354 image
->opaque
->error_buf
== NULL
)
4356 /* Ignore errors here: */
4357 (void)png_safe_execute(image
, png_image_free_function
, image
);
4358 image
->opaque
= NULL
;
4363 png_image_error(png_imagep image
, png_const_charp error_message
)
4365 /* Utility to log an error. */
4366 png_safecat(image
->message
, (sizeof image
->message
), 0, error_message
);
4367 image
->warning_or_error
|= PNG_IMAGE_ERROR
;
4368 png_image_free(image
);
4372 #endif /* SIMPLIFIED READ/WRITE */
4373 #endif /* defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) */