+#ifdef PNG_READ_COMPRESSED_TEXT_SUPPORTED
+static png_size_t
+png_inflate(png_structp png_ptr, png_bytep data, png_size_t size,
+ png_bytep output, png_size_t output_size)
+{
+ png_size_t count = 0;
+
+ /* zlib can't necessarily handle more than 65535 bytes at once (i.e. it can't
+ * even necessarily handle 65536 bytes) because the type uInt is "16 bits or
+ * more". Consequently it is necessary to chunk the input to zlib. This
+ * code uses ZLIB_IO_MAX, from pngpriv.h, as the maximum (the maximum value
+ * that can be stored in a uInt.) It is possible to set ZLIB_IO_MAX to a
+ * lower value in pngpriv.h and this may sometimes have a performance
+ * advantage, because it forces access of the input data to be separated from
+ * at least some of the use by some period of time.
+ */
+ png_ptr->zstream.next_in = data;
+ /* avail_in is set below from 'size' */
+ png_ptr->zstream.avail_in = 0;
+
+ while (1)
+ {
+ int ret, avail;
+
+ /* The setting of 'avail_in' used to be outside the loop; by setting it
+ * inside it is possible to chunk the input to zlib and simply rely on
+ * zlib to advance the 'next_in' pointer. This allows arbitrary amounts o
+ * data to be passed through zlib at the unavoidable cost of requiring a
+ * window save (memcpy of up to 32768 output bytes) every ZLIB_IO_MAX
+ * input bytes.
+ */
+ if (png_ptr->zstream.avail_in == 0 && size > 0)
+ {
+ if (size <= ZLIB_IO_MAX)
+ {
+ /* The value is less than ZLIB_IO_MAX so the cast is safe: */
+ png_ptr->zstream.avail_in = (uInt)size;
+ size = 0;
+ }
+
+ else
+ {
+ png_ptr->zstream.avail_in = ZLIB_IO_MAX;
+ size -= ZLIB_IO_MAX;
+ }
+ }
+
+ /* Reset the output buffer each time round - we empty it
+ * after every inflate call.
+ */
+ png_ptr->zstream.next_out = png_ptr->zbuf;
+ png_ptr->zstream.avail_out = png_ptr->zbuf_size;
+
+ ret = inflate(&png_ptr->zstream, Z_NO_FLUSH);
+ avail = png_ptr->zbuf_size - png_ptr->zstream.avail_out;
+
+ /* First copy/count any new output - but only if we didn't
+ * get an error code.
+ */
+ if ((ret == Z_OK || ret == Z_STREAM_END) && avail > 0)
+ {
+ png_size_t space = avail; /* > 0, see above */
+
+ if (output != 0 && output_size > count)
+ {
+ png_size_t copy = output_size - count;
+
+ if (space < copy)
+ copy = space;
+
+ png_memcpy(output + count, png_ptr->zbuf, copy);
+ }
+ count += space;
+ }
+
+ if (ret == Z_OK)
+ continue;
+
+ /* Termination conditions - always reset the zstream, it
+ * must be left in inflateInit state.
+ */
+ png_ptr->zstream.avail_in = 0;
+ inflateReset(&png_ptr->zstream);
+
+ if (ret == Z_STREAM_END)
+ return count; /* NOTE: may be zero. */
+
+ /* Now handle the error codes - the API always returns 0
+ * and the error message is dumped into the uncompressed
+ * buffer if available.
+ */
+# ifdef PNG_WARNINGS_SUPPORTED
+ {
+ png_const_charp msg;
+
+ if (png_ptr->zstream.msg != 0)
+ msg = png_ptr->zstream.msg;
+
+ else switch (ret)
+ {
+ case Z_BUF_ERROR:
+ msg = "Buffer error in compressed datastream";
+ break;
+
+ case Z_DATA_ERROR:
+ msg = "Data error in compressed datastream";
+ break;
+
+ default:
+ msg = "Incomplete compressed datastream";
+ break;
+ }
+
+ png_chunk_warning(png_ptr, msg);
+ }
+# endif
+
+ /* 0 means an error - notice that this code simply ignores
+ * zero length compressed chunks as a result.
+ */
+ return 0;
+ }
+}
+
+/*
+ * Decompress trailing data in a chunk. The assumption is that chunkdata
+ * points at an allocated area holding the contents of a chunk with a
+ * trailing compressed part. What we get back is an allocated area
+ * holding the original prefix part and an uncompressed version of the
+ * trailing part (the malloc area passed in is freed).
+ */
+void /* PRIVATE */
+png_decompress_chunk(png_structp png_ptr, int comp_type,
+ png_size_t chunklength,
+ png_size_t prefix_size, png_size_t *newlength)
+{
+ /* The caller should guarantee this */
+ if (prefix_size > chunklength)
+ {
+ /* The recovery is to delete the chunk. */
+ png_warning(png_ptr, "invalid chunklength");
+ prefix_size = 0; /* To delete everything */
+ }
+
+ else if (comp_type == PNG_COMPRESSION_TYPE_BASE)
+ {
+ png_size_t expanded_size = png_inflate(png_ptr,
+ (png_bytep)(png_ptr->chunkdata + prefix_size),
+ chunklength - prefix_size,
+ 0, /* output */
+ 0); /* output size */
+
+ /* Now check the limits on this chunk - if the limit fails the
+ * compressed data will be removed, the prefix will remain.
+ */
+#ifdef PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED
+ if (png_ptr->user_chunk_malloc_max &&
+ (prefix_size + expanded_size >= png_ptr->user_chunk_malloc_max - 1))
+#else
+# ifdef PNG_USER_CHUNK_MALLOC_MAX
+ if ((PNG_USER_CHUNK_MALLOC_MAX > 0) &&
+ prefix_size + expanded_size >= PNG_USER_CHUNK_MALLOC_MAX - 1)
+# endif
+#endif
+ png_warning(png_ptr, "Exceeded size limit while expanding chunk");
+
+ /* If the size is zero either there was an error and a message
+ * has already been output (warning) or the size really is zero
+ * and we have nothing to do - the code will exit through the
+ * error case below.
+ */
+#if defined(PNG_SET_CHUNK_MALLOC_LIMIT_SUPPORTED) || \
+ defined(PNG_USER_CHUNK_MALLOC_MAX)
+ else if (expanded_size > 0)
+#else
+ if (expanded_size > 0)
+#endif
+ {
+ /* Success (maybe) - really uncompress the chunk. */
+ png_size_t new_size = 0;
+ png_charp text = (png_charp)png_malloc_warn(png_ptr,
+ prefix_size + expanded_size + 1);
+
+ if (text != NULL)
+ {
+ png_memcpy(text, png_ptr->chunkdata, prefix_size);
+ new_size = png_inflate(png_ptr,
+ (png_bytep)(png_ptr->chunkdata + prefix_size),
+ chunklength - prefix_size,
+ (png_bytep)(text + prefix_size), expanded_size);
+ text[prefix_size + expanded_size] = 0; /* just in case */
+
+ if (new_size == expanded_size)
+ {
+ png_free(png_ptr, png_ptr->chunkdata);
+ png_ptr->chunkdata = text;
+ *newlength = prefix_size + expanded_size;
+ return; /* The success return! */
+ }
+
+ png_warning(png_ptr, "png_inflate logic error");
+ png_free(png_ptr, text);
+ }
+
+ else
+ png_warning(png_ptr, "Not enough memory to decompress chunk");
+ }
+ }
+
+ else /* if (comp_type != PNG_COMPRESSION_TYPE_BASE) */
+ {
+ PNG_WARNING_PARAMETERS(p)
+ png_warning_parameter_signed(p, 1, PNG_NUMBER_FORMAT_d, comp_type);
+ png_formatted_warning(png_ptr, p, "Unknown compression type @1");
+
+ /* The recovery is to simply drop the data. */
+ }
+
+ /* Generic error return - leave the prefix, delete the compressed
+ * data, reallocate the chunkdata to remove the potentially large
+ * amount of compressed data.
+ */
+ {
+ png_charp text = (png_charp)png_malloc_warn(png_ptr, prefix_size + 1);
+
+ if (text != NULL)
+ {
+ if (prefix_size > 0)
+ png_memcpy(text, png_ptr->chunkdata, prefix_size);
+
+ png_free(png_ptr, png_ptr->chunkdata);
+ png_ptr->chunkdata = text;
+
+ /* This is an extra zero in the 'uncompressed' part. */
+ *(png_ptr->chunkdata + prefix_size) = 0x00;
+ }
+ /* Ignore a malloc error here - it is safe. */
+ }
+
+ *newlength = prefix_size;
+}
+#endif /* PNG_READ_COMPRESSED_TEXT_SUPPORTED */
projects / wxWidgets.git / blobdiff