X-Git-Url: https://git.saurik.com/wxWidgets.git/blobdiff_plain/a626cc03053700ca5bdbf0243831bec528e6fc4d..cdbd62d6ff290fd58acd1bc5574dfc79db3a6f70:/src/png/pngmem.c?ds=sidebyside diff --git a/src/png/pngmem.c b/src/png/pngmem.c index 06c4c1b7ea..b9b3efb442 100644 --- a/src/png/pngmem.c +++ b/src/png/pngmem.c @@ -1,11 +1,14 @@ /* pngmem.c - stub functions for memory allocation * - * libpng 1.0.3 - January 14, 1999 - * For conditions of distribution and use, see copyright notice in png.h - * Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc. - * Copyright (c) 1996, 1997 Andreas Dilger - * Copyright (c) 1998, 1999 Glenn Randers-Pehrson + * Last changed in libpng 1.6.0 [February 14, 2013] + * Copyright (c) 1998-2013 Glenn Randers-Pehrson + * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) + * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) + * + * This code is released under the libpng license. + * For conditions of distribution and use, see the disclaimer + * and license in png.h * * This file provides a location for all memory allocation. Users who * need special memory handling are expected to supply replacement @@ -14,498 +17,261 @@ * identify the replacement functions. */ -#define PNG_INTERNAL -#include "png.h" - -/* Borland DOS special memory handler */ -#if defined(__TURBOC__) && !defined(_Windows) && !defined(__FLAT__) -/* if you change this, be sure to change the one in png.h also */ - -/* Allocate memory for a png_struct. The malloc and memset can be replaced - by a single call to calloc() if this is thought to improve performance. */ -png_voidp -png_create_struct(int type) -{ -#ifdef PNG_USER_MEM_SUPPORTED - return (png_create_struct_2(type, NULL)); -} - -/* Alternate version of png_create_struct, for use with user-defined malloc. */ -png_voidp -png_create_struct_2(int type, png_malloc_ptr malloc_fn) -{ -#endif /* PNG_USER_MEM_SUPPORTED */ - png_size_t size; - png_voidp struct_ptr; - - if (type == PNG_STRUCT_INFO) - size = sizeof(png_info); - else if (type == PNG_STRUCT_PNG) - size = sizeof(png_struct); - else - return ((png_voidp)NULL); - -#ifdef PNG_USER_MEM_SUPPORTED - if(malloc_fn != NULL) - { - if ((struct_ptr = (*(malloc_fn))(NULL, size)) != NULL) - png_memset(struct_ptr, 0, size); - return (struct_ptr); - } -#endif /* PNG_USER_MEM_SUPPORTED */ - if ((struct_ptr = (png_voidp)farmalloc(size)) != NULL) - { - png_memset(struct_ptr, 0, size); - } - return (struct_ptr); -} - +#include "pngpriv.h" -/* Free memory allocated by a png_create_struct() call */ -void -png_destroy_struct(png_voidp struct_ptr) +#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) +/* Free a png_struct */ +void /* PRIVATE */ +png_destroy_png_struct(png_structrp png_ptr) { -#ifdef PNG_USER_MEM_SUPPORTED - png_destroy_struct_2(struct_ptr, (png_free_ptr)NULL); -} - -/* Free memory allocated by a png_create_struct() call */ -void -png_destroy_struct_2(png_voidp struct_ptr, png_free_ptr free_fn) -{ -#endif - if (struct_ptr != NULL) + if (png_ptr != NULL) { -#ifdef PNG_USER_MEM_SUPPORTED - if(free_fn != NULL) - { - png_struct dummy_struct; - png_structp png_ptr = &dummy_struct; - (*(free_fn))(png_ptr, struct_ptr); - struct_ptr = NULL; - return; - } -#endif /* PNG_USER_MEM_SUPPORTED */ - farfree (struct_ptr); - struct_ptr = NULL; + /* png_free might call png_error and may certainly call + * png_get_mem_ptr, so fake a temporary png_struct to support this. + */ + png_struct dummy_struct = *png_ptr; + memset(png_ptr, 0, (sizeof *png_ptr)); + png_free(&dummy_struct, png_ptr); + +# ifdef PNG_SETJMP_SUPPORTED + /* We may have a jmp_buf left to deallocate. */ + png_free_jmpbuf(&dummy_struct); +# endif } } /* Allocate memory. For reasonable files, size should never exceed * 64K. However, zlib may allocate more then 64K if you don't tell - * it not to. See zconf.h and png.h for more information. zlib does + * it not to. See zconf.h and png.h for more information. zlib does * need to allocate exactly 64K, so whatever you call here must * have the ability to do that. - * - * Borland seems to have a problem in DOS mode for exactly 64K. - * It gives you a segment with an offset of 8 (perhaps to store its - * memory stuff). zlib doesn't like this at all, so we have to - * detect and deal with it. This code should not be needed in - * Windows or OS/2 modes, and only in 16 bit mode. This code has - * been updated by Alexander Lehmann for version 0.89 to waste less - * memory. - * - * Note that we can't use png_size_t for the "size" declaration, - * since on some systems a png_size_t is a 16-bit quantity, and as a - * result, we would be truncating potentially larger memory requests - * (which should cause a fatal error) and introducing major problems. */ -png_voidp -png_malloc(png_structp png_ptr, png_uint_32 size) +PNG_FUNCTION(png_voidp,PNGAPI +png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) { -#ifndef PNG_USER_MEM_SUPPORTED png_voidp ret; -#endif - if (png_ptr == NULL || size == 0) - return ((png_voidp)NULL); -#ifdef PNG_USER_MEM_SUPPORTED - if(png_ptr->malloc_fn != NULL) - return ((png_voidp)(*(png_ptr->malloc_fn))(png_ptr, size)); - else - return png_malloc_default(png_ptr, size); + ret = png_malloc(png_ptr, size); + + if (ret != NULL) + memset(ret, 0, size); + + return ret; } -png_voidp -png_malloc_default(png_structp png_ptr, png_uint_32 size) +/* png_malloc_base, an internal function added at libpng 1.6.0, does the work of + * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED. + * Checking and error handling must happen outside this routine; it returns NULL + * if the allocation cannot be done (for any reason.) + */ +PNG_FUNCTION(png_voidp /* PRIVATE */, +png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size), + PNG_ALLOCATED) { - png_voidp ret; -#endif /* PNG_USER_MEM_SUPPORTED */ - -#ifdef PNG_MAX_MALLOC_64K - if (size > (png_uint_32)65536L) - png_error(png_ptr, "Cannot Allocate > 64K"); + /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS + * allocators have also been removed in 1.6.0, so any 16-bit system now has + * to implement a user memory handler. This checks to be sure it isn't + * called with big numbers. + */ +#ifdef PNG_USER_MEM_SUPPORTED + PNG_UNUSED(png_ptr) #endif - - if (size == (png_uint_32)65536L) + if (size > 0 && size <= PNG_SIZE_MAX +# ifdef PNG_MAX_MALLOC_64K + && size <= 65536U +# endif + ) { - if (png_ptr->offset_table == NULL) - { - /* try to see if we need to do any of this fancy stuff */ - ret = farmalloc(size); - if (ret == NULL || ((png_size_t)ret & 0xffff)) - { - int num_blocks; - png_uint_32 total_size; - png_bytep table; - int i; - png_byte huge * hptr; - - if (ret != NULL) - { - farfree(ret); - ret = NULL; - } - - num_blocks = (int)(1 << (png_ptr->zlib_window_bits - 14)); - if (num_blocks < 1) - num_blocks = 1; - if (png_ptr->zlib_mem_level >= 7) - num_blocks += (int)(1 << (png_ptr->zlib_mem_level - 7)); - else - num_blocks++; - - total_size = ((png_uint_32)65536L) * (png_uint_32)num_blocks+16; - - table = farmalloc(total_size); - - if (table == NULL) - { - png_error(png_ptr, "Out Of Memory."); /* Note "O" and "M" */ - } - - if ((png_size_t)table & 0xfff0) - { - png_error(png_ptr, "Farmalloc didn't return normalized pointer"); - } - - png_ptr->offset_table = table; - png_ptr->offset_table_ptr = farmalloc(num_blocks * - sizeof (png_bytep)); - - if (png_ptr->offset_table_ptr == NULL) - { - png_error(png_ptr, "Out Of memory."); - } - - hptr = (png_byte huge *)table; - if ((png_size_t)hptr & 0xf) - { - hptr = (png_byte huge *)((long)(hptr) & 0xfffffff0L); - hptr += 16L; - } - for (i = 0; i < num_blocks; i++) - { - png_ptr->offset_table_ptr[i] = (png_bytep)hptr; - hptr += (png_uint_32)65536L; - } - - png_ptr->offset_table_number = num_blocks; - png_ptr->offset_table_count = 0; - png_ptr->offset_table_count_free = 0; - } - } - - if (png_ptr->offset_table_count >= png_ptr->offset_table_number) - png_error(png_ptr, "Out of Memory."); +#ifdef PNG_USER_MEM_SUPPORTED + if (png_ptr != NULL && png_ptr->malloc_fn != NULL) + return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size); - ret = png_ptr->offset_table_ptr[png_ptr->offset_table_count++]; + else +#endif + return malloc((size_t)size); /* checked for truncation above */ } + else - ret = farmalloc(size); + return NULL; +} - if (ret == NULL) - { - png_error(png_ptr, "Out of memory."); /* Note "o" and "m" */ - } +/* This is really here only to work round a spurious warning in GCC 4.6 and 4.7 + * that arises because of the checks in png_realloc_array that are repeated in + * png_malloc_array. + */ +static png_voidp +png_malloc_array_checked(png_const_structrp png_ptr, int nelements, + size_t element_size) +{ + png_alloc_size_t req = nelements; /* known to be > 0 */ - return (ret); + if (req <= PNG_SIZE_MAX/element_size) + return png_malloc_base(png_ptr, req * element_size); + + /* The failure case when the request is too large */ + return NULL; } -/* free a pointer allocated by png_malloc(). In the default - configuration, png_ptr is not used, but is passed in case it - is needed. If ptr is NULL, return without taking any action. */ -void -png_free(png_structp png_ptr, png_voidp ptr) +PNG_FUNCTION(png_voidp /* PRIVATE */, +png_malloc_array,(png_const_structrp png_ptr, int nelements, + size_t element_size),PNG_ALLOCATED) { - if (png_ptr == NULL || ptr == NULL) - return; + if (nelements <= 0 || element_size == 0) + png_error(png_ptr, "internal error: array alloc"); -#ifdef PNG_USER_MEM_SUPPORTED - if (png_ptr->free_fn != NULL) - { - (*(png_ptr->free_fn))(png_ptr, ptr); - ptr = NULL; - return; - } - else png_free_default(png_ptr, ptr); + return png_malloc_array_checked(png_ptr, nelements, element_size); } -void -png_free_default(png_structp png_ptr, png_voidp ptr) +PNG_FUNCTION(png_voidp /* PRIVATE */, +png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array, + int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED) { -#endif /* PNG_USER_MEM_SUPPORTED */ - - if (png_ptr->offset_table != NULL) + /* These are internal errors: */ + if (add_elements <= 0 || element_size == 0 || old_elements < 0 || + (old_array == NULL && old_elements > 0)) + png_error(png_ptr, "internal error: array realloc"); + + /* Check for overflow on the elements count (so the caller does not have to + * check.) + */ + if (add_elements <= INT_MAX - old_elements) { - int i; + png_voidp new_array = png_malloc_array_checked(png_ptr, + old_elements+add_elements, element_size); - for (i = 0; i < png_ptr->offset_table_count; i++) - { - if (ptr == png_ptr->offset_table_ptr[i]) - { - ptr = NULL; - png_ptr->offset_table_count_free++; - break; - } - } - if (png_ptr->offset_table_count_free == png_ptr->offset_table_count) + if (new_array != NULL) { - farfree(png_ptr->offset_table); - farfree(png_ptr->offset_table_ptr); - png_ptr->offset_table = NULL; - png_ptr->offset_table_ptr = NULL; - } - } + /* Because png_malloc_array worked the size calculations below cannot + * overflow. + */ + if (old_elements > 0) + memcpy(new_array, old_array, element_size*(unsigned)old_elements); - if (ptr != NULL) - { - farfree(ptr); - ptr = NULL; - } -} + memset((char*)new_array + element_size*(unsigned)old_elements, 0, + element_size*(unsigned)add_elements); -#else /* Not the Borland DOS special memory handler */ + return new_array; + } + } -/* Allocate memory for a png_struct or a png_info. The malloc and - memset can be replaced by a single call to calloc() if this is thought - to improve performance noticably.*/ -png_voidp -png_create_struct(int type) -{ -#ifdef PNG_USER_MEM_SUPPORTED - return (png_create_struct_2(type, NULL)); + return NULL; /* error */ } -/* Allocate memory for a png_struct or a png_info. The malloc and - memset can be replaced by a single call to calloc() if this is thought - to improve performance noticably.*/ -png_voidp -png_create_struct_2(int type, png_malloc_ptr malloc_fn) +/* Various functions that have different error handling are derived from this. + * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate + * function png_malloc_default is also provided. + */ +PNG_FUNCTION(png_voidp,PNGAPI +png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) { -#endif /* PNG_USER_MEM_SUPPORTED */ - png_size_t size; - png_voidp struct_ptr; + png_voidp ret; - if (type == PNG_STRUCT_INFO) - size = sizeof(png_info); - else if (type == PNG_STRUCT_PNG) - size = sizeof(png_struct); - else - return ((png_voidp)NULL); + if (png_ptr == NULL) + return NULL; -#ifdef PNG_USER_MEM_SUPPORTED - if(malloc_fn != NULL) - { - if ((struct_ptr = (*(malloc_fn))(NULL, size)) != NULL) - png_memset(struct_ptr, 0, size); - return (struct_ptr); - } -#endif /* PNG_USER_MEM_SUPPORTED */ + ret = png_malloc_base(png_ptr, size); -#if defined(__TURBOC__) && !defined(__FLAT__) - if ((struct_ptr = (png_voidp)farmalloc(size)) != NULL) -#else -# if defined(_MSC_VER) && defined(MAXSEG_64K) - if ((struct_ptr = (png_voidp)halloc(size,1)) != NULL) -# else - if ((struct_ptr = (png_voidp)malloc(size)) != NULL) -# endif -#endif - { - png_memset(struct_ptr, 0, size); - } + if (ret == NULL) + png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */ - return (struct_ptr); + return ret; } - -/* Free memory allocated by a png_create_struct() call */ -void -png_destroy_struct(png_voidp struct_ptr) -{ #ifdef PNG_USER_MEM_SUPPORTED - png_destroy_struct_2(struct_ptr, (png_free_ptr)NULL); -} - -/* Free memory allocated by a png_create_struct() call */ -void -png_destroy_struct_2(png_voidp struct_ptr, png_free_ptr free_fn) +PNG_FUNCTION(png_voidp,PNGAPI +png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size), + PNG_ALLOCATED PNG_DEPRECATED) { -#endif /* PNG_USER_MEM_SUPPORTED */ - if (struct_ptr != NULL) - { -#ifdef PNG_USER_MEM_SUPPORTED - if(free_fn != NULL) - { - png_struct dummy_struct; - png_structp png_ptr = &dummy_struct; - (*(free_fn))(png_ptr, struct_ptr); - struct_ptr = NULL; - return; - } -#endif /* PNG_USER_MEM_SUPPORTED */ -#if defined(__TURBOC__) && !defined(__FLAT__) - farfree(struct_ptr); - struct_ptr = NULL; -#else -# if defined(_MSC_VER) && defined(MAXSEG_64K) - hfree(struct_ptr); - struct_ptr = NULL; -# else - free(struct_ptr); - struct_ptr = NULL; -# endif -#endif - } -} + png_voidp ret; + if (png_ptr == NULL) + return NULL; -/* Allocate memory. For reasonable files, size should never exceed - 64K. However, zlib may allocate more then 64K if you don't tell - it not to. See zconf.h and png.h for more information. zlib does - need to allocate exactly 64K, so whatever you call here must - have the ability to do that. */ + /* Passing 'NULL' here bypasses the application provided memory handler. */ + ret = png_malloc_base(NULL/*use malloc*/, size); -png_voidp -png_malloc(png_structp png_ptr, png_uint_32 size) -{ -#ifndef PNG_USER_MEM_SUPPORTED - png_voidp ret; -#endif - if (png_ptr == NULL || size == 0) - return ((png_voidp)NULL); + if (ret == NULL) + png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */ -#ifdef PNG_USER_MEM_SUPPORTED - if(png_ptr->malloc_fn != NULL) - return ((png_voidp)(*(png_ptr->malloc_fn))(png_ptr, size)); - else - return (png_malloc_default(png_ptr, size)); + return ret; } -png_voidp -png_malloc_default(png_structp png_ptr, png_uint_32 size) -{ - png_voidp ret; #endif /* PNG_USER_MEM_SUPPORTED */ -#ifdef PNG_MAX_MALLOC_64K - if (size > (png_uint_32)65536L) - png_error(png_ptr, "Cannot Allocate > 64K"); -#endif +/* This function was added at libpng version 1.2.3. The png_malloc_warn() + * function will issue a png_warning and return NULL instead of issuing a + * png_error, if it fails to allocate the requested memory. + */ +PNG_FUNCTION(png_voidp,PNGAPI +png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size), + PNG_ALLOCATED) +{ + if (png_ptr != NULL) + { + png_voidp ret = png_malloc_base(png_ptr, size); -#if defined(__TURBOC__) && !defined(__FLAT__) - ret = farmalloc(size); -#else -# if defined(_MSC_VER) && defined(MAXSEG_64K) - ret = halloc(size, 1); -# else - ret = malloc((size_t)size); -# endif -#endif + if (ret != NULL) + return ret; - if (ret == NULL) - { - png_error(png_ptr, "Out of Memory"); + png_warning(png_ptr, "Out of memory"); } - return (ret); + return NULL; } /* Free a pointer allocated by png_malloc(). If ptr is NULL, return - without taking any action. */ -void -png_free(png_structp png_ptr, png_voidp ptr) + * without taking any action. + */ +void PNGAPI +png_free(png_const_structrp png_ptr, png_voidp ptr) { if (png_ptr == NULL || ptr == NULL) return; #ifdef PNG_USER_MEM_SUPPORTED if (png_ptr->free_fn != NULL) - { - (*(png_ptr->free_fn))(png_ptr, ptr); - ptr = NULL; - return; - } - else png_free_default(png_ptr, ptr); -} -void -png_free_default(png_structp png_ptr, png_voidp ptr) -{ -#endif /* PNG_USER_MEM_SUPPORTED */ + png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr); -#if defined(__TURBOC__) && !defined(__FLAT__) - farfree(ptr); - ptr = NULL; -#else -# if defined(_MSC_VER) && defined(MAXSEG_64K) - hfree(ptr); - ptr = NULL; -# else - free(ptr); - ptr = NULL; -# endif -#endif -} - -#endif /* Not Borland DOS special memory handler */ - -png_voidp -png_memcpy_check (png_structp png_ptr, png_voidp s1, png_voidp s2, - png_uint_32 length) -{ - png_size_t size; - - size = (png_size_t)length; - if ((png_uint_32)size != length) - png_error(png_ptr,"Overflow in png_memcpy_check."); - - return(png_memcpy (s1, s2, size)); + else + png_free_default(png_ptr, ptr); } -png_voidp -png_memset_check (png_structp png_ptr, png_voidp s1, int value, - png_uint_32 length) +PNG_FUNCTION(void,PNGAPI +png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED) { - png_size_t size; - - size = (png_size_t)length; - if ((png_uint_32)size != length) - png_error(png_ptr,"Overflow in png_memset_check."); - - return (png_memset (s1, value, size)); + if (png_ptr == NULL || ptr == NULL) + return; +#endif /* PNG_USER_MEM_SUPPORTED */ + free(ptr); } #ifdef PNG_USER_MEM_SUPPORTED /* This function is called when the application wants to use another method * of allocating and freeing memory. */ -void -png_set_mem_fn(png_structp png_ptr, png_voidp mem_ptr, png_malloc_ptr +void PNGAPI +png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr malloc_fn, png_free_ptr free_fn) { - png_ptr->mem_ptr = mem_ptr; - png_ptr->malloc_fn = malloc_fn; - png_ptr->free_fn = free_fn; + if (png_ptr != NULL) + { + png_ptr->mem_ptr = mem_ptr; + png_ptr->malloc_fn = malloc_fn; + png_ptr->free_fn = free_fn; + } } /* This function returns a pointer to the mem_ptr associated with the user * functions. The application should free any memory associated with this * pointer before png_write_destroy and png_read_destroy are called. */ -png_voidp -png_get_mem_ptr(png_structp png_ptr) +png_voidp PNGAPI +png_get_mem_ptr(png_const_structrp png_ptr) { - return ((png_voidp)png_ptr->mem_ptr); + if (png_ptr == NULL) + return NULL; + + return png_ptr->mem_ptr; } #endif /* PNG_USER_MEM_SUPPORTED */ +#endif /* PNG_READ_SUPPORTED || PNG_WRITE_SUPPORTED */