[master] Fixed error in "ACCURATE" 16-to-8 scaling.

ANNOUNCE

@@ -1,5 +1,5 @@
 
-Libpng 1.4.8beta05 - June 8, 2011
+Libpng 1.4.8beta05 - June 18, 2011
 
 This is not intended to be a public release.  It will be replaced
 within a few weeks by a public version or by another test version.
@@ -44,10 +44,13 @@ version 1.4.8beta02 [June 5, 2011]
 version 1.4.8beta03 [June 6, 2011]
   Check for integer overflow in png_set_rgb_to_gray().
 
-version 1.4.8beta04 [June 8, 2011]
+version 1.4.8beta04 [June 7, 2011]
   Fixed uninitialized memory read in png_format_buffer() (Bug report by
     Frank Busse, related to CVE-2004-0421).
 
+version 1.4.8beta05 [June 18, 2011]
+  Fixed error in "ACCURATE" 16-to-8 scaling.
+
 Send comments/corrections/commendations to glennrp at users.sourceforge.net
 or to png-mng-implement at lists.sf.net (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement).

CHANGES

@@ -2812,10 +2812,13 @@ version 1.4.8beta02 [June 5, 2011]
 version 1.4.8beta03 [June 6, 2011]
   Check for integer overflow in png_set_rgb_to_gray().
 
-version 1.4.8beta04 [June 8, 2011]
+version 1.4.8beta04 [June 7, 2011]
   Fixed uninitialized memory read in png_format_buffer() (Bug report by
     Frank Busse, related to CVE-2004-0421).
 
+version 1.4.8beta05 [June 18, 2011]
+  Fixed error in "ACCURATE" 16-to-8 scaling.
+
 Send comments/corrections/commendations to glennrp at users.sourceforge.net
 or to png-mng-implement at lists.sf.net (subscription required; visit
 https://lists.sourceforge.net/lists/listinfo/png-mng-implement).

pngrtran.c

@@ -1,7 +1,7 @@
 
 /* pngrtran.c - transforms the data in a row for PNG readers
  *
- * Last changed in libpng 1.4.8 [June 8, 2011]
+ * Last changed in libpng 1.4.8 [June 18, 2011]
  * Copyright (c) 1998-2011 Glenn Randers-Pehrson
  * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
  * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@@ -1799,32 +1799,18 @@ png_do_chop(png_row_infop row_info, png_bytep row)
       for (i = 0; i<istop; i++, sp += 2, dp++)
       {
 #ifdef PNG_READ_16_TO_8_ACCURATE_SCALE_SUPPORTED
-      /* This does a more accurate scaling of the 16-bit color
-       * value, rather than a simple low-byte truncation.
-       *
-       * What the ideal calculation should be:
-       *   *dp = (((((png_uint_32)(*sp) << 8) |
-       *          (png_uint_32)(*(sp + 1))) * 255 + 127)
-       *          / (png_uint_32)65535L;
-       *
-       * GRR: no, I think this is what it really should be:
-       *   *dp = (((((png_uint_32)(*sp) << 8) |
-       *           (png_uint_32)(*(sp + 1))) + 128L)
-       *           / (png_uint_32)257L;
-       *
-       * GRR: here's the exact calculation with shifts:
-       *   temp = (((png_uint_32)(*sp) << 8) |
-       *           (png_uint_32)(*(sp + 1))) + 128L;
-       *   *dp = (temp - (temp >> 8)) >> 8;
-       *
-       * Approximate calculation with shift/add instead of multiply/divide:
-       *   *dp = ((((png_uint_32)(*sp) << 8) |
-       *          (png_uint_32)((int)(*(sp + 1)) - *sp)) + 128) >> 8;
-       *
-       * What we actually do to avoid extra shifting and conversion:
-       */
-
-         *dp = *sp + ((((int)(*(sp + 1)) - *sp) > 128) ? 1 : 0);
+         /* This does a more accurate scaling of the 16-bit color
+          * value, rather than a simple low-byte truncation.
+          *
+          * Prior to libpng-1.4.8 and 1.5.4, the calculation here was
+          * incorrect, so if you used ACCURATE_SCALE you will now see
+          * a slightly different result.  In libpng-1.5.4 and
+          * later you will need to use the new png_set_scale_16_to_8()
+          * API to obtain accurate 16-to-8 scaling.
+          */
+         png_int_32 tmp = *sp++; /* must be signed! */
+         tmp += (((int)*sp++ - tmp + 128) * 65535) >> 24;
+         *dp++ = (png_byte)tmp;
 #else
        /* Simply discard the low order byte */
          *dp = *sp;