From 0c11b5f8e72ca99cf0ab62483b8959c56a5c54bc Mon Sep 17 00:00:00 2001 From: John Bowler Date: Sun, 18 Mar 2012 14:39:41 -0500 Subject: [PATCH] [libpng16] Work around for duplicate row start calls; added warning messages. This turns on PNG_FLAG_DETECT_UNINITIALIZED to detect app code that fails to call one of the 'start' routines (not enabled in libpng-1.5 because it is technically an API change, since it did normally work before.) It also makes duplicate calls to png_read_start_row (an internal function called at the start of the image read) benign, as they were before changes to use png_inflate_claim. Somehow webkit is causing this to happen; this is probably a mis-feature in the zlib changes so this commit is only a work-round. --- ANNOUNCE | 13 +++++++++++-- CHANGES | 11 ++++++++++- pngread.c | 5 +++++ pngrtran.c | 47 +++++++++++++++++++++++++++++++++++++++++------ pngrutil.c | 11 +++++++++++ 5 files changed, 78 insertions(+), 9 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index 40d92e3b8..b678012f5 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,5 +1,5 @@ -Libpng 1.6.0beta19 - March 17, 2012 +Libpng 1.6.0beta19 - March 18, 2012 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -318,7 +318,16 @@ Version 1.6.0beta18 [March 16, 2012] read benign errors to warnings (regardless of the system default, unless this is disabled in which case the simplified API can't be built.) -Version 1.6.0beta19 [March 17, 2012] +Version 1.6.0beta19 [March 18, 2012] + Work around for duplicate row start calls; added warning messages. + This turns on PNG_FLAG_DETECT_UNINITIALIZED to detect app code that + fails to call one of the 'start' routines (not enabled in libpng-1.5 + because it is technically an API change, since it did normally work + before.) It also makes duplicate calls to png_read_start_row (an + internal function called at the start of the image read) benign, as + they were before changes to use png_inflate_claim. Somehow webkit is + causing this to happen; this is probably a mis-feature in the zlib + changes so this commit is only a work-round. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index cf990b8e8..9d498798d 100644 --- a/CHANGES +++ b/CHANGES @@ -4069,7 +4069,16 @@ Version 1.6.0beta18 [March 16, 2012] read benign errors to warnings (regardless of the system default, unless this is disabled in which case the simplified API can't be built.) -Version 1.6.0beta19 [March 17, 2012] +Version 1.6.0beta19 [March 18, 2012] + Work around for duplicate row start calls; added warning messages. + This turns on PNG_FLAG_DETECT_UNINITIALIZED to detect app code that + fails to call one of the 'start' routines (not enabled in libpng-1.5 + because it is technically an API change, since it did normally work + before.) It also makes duplicate calls to png_read_start_row (an + internal function called at the start of the image read) benign, as + they were before changes to use png_inflate_claim. Somehow webkit is + causing this to happen; this is probably a mis-feature in the zlib + changes so this commit is only a work-round. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/pngread.c b/pngread.c index 4601f8e83..56281a273 100644 --- a/pngread.c +++ b/pngread.c @@ -50,6 +50,11 @@ png_create_read_struct_2,(png_const_charp user_png_ver, png_voidp error_ptr, { png_ptr->mode = PNG_IS_READ_STRUCT; + /* Turn this on for all transforms in an attempt to detect failure to call + * the image reading start stuff. + */ + png_ptr->flags |= PNG_FLAG_DETECT_UNINITIALIZED; + /* Added in libpng-1.6.0; this can be used to detect a read structure if * required (it will be zero in a write structure.) */ diff --git a/pngrtran.c b/pngrtran.c index 1cc61c618..b9a744314 100644 --- a/pngrtran.c +++ b/pngrtran.c @@ -826,7 +826,12 @@ png_set_expand(png_structrp png_ptr) return; png_ptr->transformations |= (PNG_EXPAND | PNG_EXPAND_tRNS); - png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + if (png_ptr->flags & PNG_FLAG_ROW_INIT) + { + /* TODO: should probably be an error */ + png_warning(png_ptr, "png_set_expand called after row initialization"); + png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + } } /* GRR 19990627: the following three functions currently are identical @@ -857,7 +862,13 @@ png_set_palette_to_rgb(png_structrp png_ptr) return; png_ptr->transformations |= (PNG_EXPAND | PNG_EXPAND_tRNS); - png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + if (png_ptr->flags & PNG_FLAG_ROW_INIT) + { + /* TODO: should probably be an error */ + png_warning(png_ptr, + "png_set_palette_to_rgb called after row initialization"); + png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + } } /* Expand grayscale images of less than 8-bit depth to 8 bits. */ @@ -870,7 +881,13 @@ png_set_expand_gray_1_2_4_to_8(png_structrp png_ptr) return; png_ptr->transformations |= PNG_EXPAND; - png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + if (png_ptr->flags & PNG_FLAG_ROW_INIT) + { + /* TODO: should probably be an error */ + png_warning(png_ptr, + "png_set_expand_gray_1_2_4_to_8 called after row initialization"); + png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + } } @@ -882,7 +899,13 @@ png_set_tRNS_to_alpha(png_structrp png_ptr) png_debug(1, "in png_set_tRNS_to_alpha"); png_ptr->transformations |= (PNG_EXPAND | PNG_EXPAND_tRNS); - png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + if (png_ptr->flags & PNG_FLAG_ROW_INIT) + { + /* TODO: should probably be an error */ + png_warning(png_ptr, + "png_set_tRNS_to_alpha called after row initialization"); + png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + } } #endif /* defined(PNG_READ_EXPAND_SUPPORTED) */ @@ -899,7 +922,13 @@ png_set_expand_16(png_structrp png_ptr) return; png_ptr->transformations |= (PNG_EXPAND_16 | PNG_EXPAND | PNG_EXPAND_tRNS); - png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + if (png_ptr->flags & PNG_FLAG_ROW_INIT) + { + /* TODO: should probably be an error */ + png_warning(png_ptr, + "png_set_expand_16 called after row initialization"); + png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + } /* New API, make sure apps call the correct initializers: */ png_ptr->flags |= PNG_FLAG_DETECT_UNINITIALIZED; @@ -917,7 +946,13 @@ png_set_gray_to_rgb(png_structrp png_ptr) /* Because rgb must be 8 bits or more: */ png_set_expand_gray_1_2_4_to_8(png_ptr); png_ptr->transformations |= PNG_GRAY_TO_RGB; - png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + if (png_ptr->flags & PNG_FLAG_ROW_INIT) + { + /* TODO: should probably be an error */ + png_warning(png_ptr, + "png_set_gray_to_rgb called after row initialization"); + png_ptr->flags &= ~PNG_FLAG_ROW_INIT; + } } } #endif diff --git a/pngrutil.c b/pngrutil.c index 6d7eec45d..3a8924795 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -4105,6 +4105,17 @@ png_read_start_row(png_structrp png_ptr) png_debug(1, "in png_read_start_row"); + /* Because init_read_transformations, below, modifies values in png_struct + * it will not always work correctly if called twice. This error detects + * that condition but just warns, because it does tend to work most of the + * time. + */ + if (png_ptr->flags & PNG_FLAG_ROW_INIT) + { + png_warning(png_ptr, "unexpected duplicate call to png_read_start_row"); + png_ptr->zowner = 0; /* release previous claim */ + } + #ifdef PNG_READ_TRANSFORMS_SUPPORTED png_init_read_transformations(png_ptr); #endif