[libpng16] Work around for duplicate row start calls; added warning messages.

This turns on PNG_FLAG_DETECT_UNINITIALIZED to detect app code that fails to call one of the 'start' routines (not enabled in libpng-1.5 because it is technically an API change, since it did normally work before.) It also makes duplicate calls to png_read_start_row (an internal function called at the start of the image read) benign, as they were before changes to use png_inflate_claim. Somehow webkit is causing this to happen; this is probably a mis-feature in the zlib changes so this commit is only a work-round.
2012-03-18 14:39:41 -05:00 · 2012-03-18 14:39:41 -05:00 · 0c11b5f8e7
commit 0c11b5f8e7
parent f5dcba6b9b
5 changed files with 78 additions and 9 deletions
--- a/13
+++ b/13
@ -1,5 +1,5 @@

-Libpng 1.6.0beta19 - March 17, 2012
+Libpng 1.6.0beta19 - March 18, 2012

 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@ -318,7 +318,16 @@ Version 1.6.0beta18 [March 16, 2012]
    read benign errors to warnings (regardless of the system default, unless
    this is disabled in which case the simplified API can't be built.)

-Version 1.6.0beta19 [March 17, 2012]
+Version 1.6.0beta19 [March 18, 2012]
+  Work around for duplicate row start calls; added warning messages.
+    This turns on PNG_FLAG_DETECT_UNINITIALIZED to detect app code that
+    fails to call one of the 'start' routines (not enabled in libpng-1.5
+    because it is technically an API change, since it did normally work
+    before.)  It also makes duplicate calls to png_read_start_row (an
+    internal function called at the start of the image read) benign, as
+    they were before changes to use png_inflate_claim. Somehow webkit is
+    causing this to happen; this is probably a mis-feature in the zlib
+    changes so this commit is only a work-round.

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/11
+++ b/11
@ -4069,7 +4069,16 @@ Version 1.6.0beta18 [March 16, 2012]
    read benign errors to warnings (regardless of the system default, unless
    this is disabled in which case the simplified API can't be built.)

-Version 1.6.0beta19 [March 17, 2012]
+Version 1.6.0beta19 [March 18, 2012]
+  Work around for duplicate row start calls; added warning messages.
+    This turns on PNG_FLAG_DETECT_UNINITIALIZED to detect app code that
+    fails to call one of the 'start' routines (not enabled in libpng-1.5
+    because it is technically an API change, since it did normally work
+    before.)  It also makes duplicate calls to png_read_start_row (an
+    internal function called at the start of the image read) benign, as
+    they were before changes to use png_inflate_claim. Somehow webkit is
+    causing this to happen; this is probably a mis-feature in the zlib
+    changes so this commit is only a work-round.

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/pngread.c
+++ b/pngread.c
@ -50,6 +50,11 @@ png_create_read_struct_2,(png_const_charp user_png_ver, png_voidp error_ptr,
   {
      png_ptr->mode = PNG_IS_READ_STRUCT;

+      /* Turn this on for all transforms in an attempt to detect failure to call
+       * the image reading start stuff.
+       */
+      png_ptr->flags |= PNG_FLAG_DETECT_UNINITIALIZED;
+
      /* Added in libpng-1.6.0; this can be used to detect a read structure if
       * required (it will be zero in a write structure.)
       */
--- a/pngrtran.c
+++ b/pngrtran.c
@ -826,7 +826,12 @@ png_set_expand(png_structrp png_ptr)
      return;

   png_ptr->transformations |= (PNG_EXPAND | PNG_EXPAND_tRNS);
-   png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   if (png_ptr->flags & PNG_FLAG_ROW_INIT)
+   {
+      /* TODO: should probably be an error */
+      png_warning(png_ptr, "png_set_expand called after row initialization");
+      png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   }
 }

 /* GRR 19990627:  the following three functions currently are identical
@ -857,7 +862,13 @@ png_set_palette_to_rgb(png_structrp png_ptr)
      return;

   png_ptr->transformations |= (PNG_EXPAND | PNG_EXPAND_tRNS);
-   png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   if (png_ptr->flags & PNG_FLAG_ROW_INIT)
+   {
+      /* TODO: should probably be an error */
+      png_warning(png_ptr,
+         "png_set_palette_to_rgb called after row initialization");
+      png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   }
 }

 /* Expand grayscale images of less than 8-bit depth to 8 bits. */
@ -870,7 +881,13 @@ png_set_expand_gray_1_2_4_to_8(png_structrp png_ptr)
      return;

   png_ptr->transformations |= PNG_EXPAND;
-   png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   if (png_ptr->flags & PNG_FLAG_ROW_INIT)
+   {
+      /* TODO: should probably be an error */
+      png_warning(png_ptr,
+         "png_set_expand_gray_1_2_4_to_8 called after row initialization");
+      png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   }
 }


@ -882,7 +899,13 @@ png_set_tRNS_to_alpha(png_structrp png_ptr)
   png_debug(1, "in png_set_tRNS_to_alpha");

   png_ptr->transformations |= (PNG_EXPAND | PNG_EXPAND_tRNS);
-   png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   if (png_ptr->flags & PNG_FLAG_ROW_INIT)
+   {
+      /* TODO: should probably be an error */
+      png_warning(png_ptr,
+         "png_set_tRNS_to_alpha called after row initialization");
+      png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   }
 }
 #endif /* defined(PNG_READ_EXPAND_SUPPORTED) */

@ -899,7 +922,13 @@ png_set_expand_16(png_structrp png_ptr)
      return;

   png_ptr->transformations |= (PNG_EXPAND_16 | PNG_EXPAND | PNG_EXPAND_tRNS);
-   png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   if (png_ptr->flags & PNG_FLAG_ROW_INIT)
+   {
+      /* TODO: should probably be an error */
+      png_warning(png_ptr,
+         "png_set_expand_16 called after row initialization");
+      png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+   }

   /* New API, make sure apps call the correct initializers: */
   png_ptr->flags |= PNG_FLAG_DETECT_UNINITIALIZED;
@ -917,7 +946,13 @@ png_set_gray_to_rgb(png_structrp png_ptr)
      /* Because rgb must be 8 bits or more: */
      png_set_expand_gray_1_2_4_to_8(png_ptr);
      png_ptr->transformations |= PNG_GRAY_TO_RGB;
-      png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+      if (png_ptr->flags & PNG_FLAG_ROW_INIT)
+      {
+         /* TODO: should probably be an error */
+         png_warning(png_ptr,
+            "png_set_gray_to_rgb called after row initialization");
+         png_ptr->flags &= ~PNG_FLAG_ROW_INIT;
+      }
   }
 }
 #endif
--- a/pngrutil.c
+++ b/pngrutil.c
@ -4105,6 +4105,17 @@ png_read_start_row(png_structrp png_ptr)

   png_debug(1, "in png_read_start_row");

+   /* Because init_read_transformations, below, modifies values in png_struct
+    * it will not always work correctly if called twice.  This error detects
+    * that condition but just warns, because it does tend to work most of the
+    * time.
+    */
+   if (png_ptr->flags & PNG_FLAG_ROW_INIT)
+   {
+      png_warning(png_ptr, "unexpected duplicate call to png_read_start_row");
+      png_ptr->zowner = 0; /* release previous claim */
+   }
+
 #ifdef PNG_READ_TRANSFORMS_SUPPORTED
   png_init_read_transformations(png_ptr);
 #endif