diff --git a/ANNOUNCE b/ANNOUNCE index cf2a0ff50..83650d5b2 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.19beta02 - August 14, 2015 +Libpng 1.6.19beta02 - August 17, 2015 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -40,14 +40,15 @@ Version 1.6.19beta01 [July 30, 2015] Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c Fixed uninitialized variable in contrib/gregbook/rpng2-x.c -Version 1.6.19beta02 [August 14, 2015] +Version 1.6.19beta02 [August 17, 2015] Moved config.h.in~ from the "libpng_autotools_files" list to the "libpng_autotools_extra" list in autogen.sh because it was causing a false positive for missing files (bug report by Robert C. Seacord). Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c to suppress clang warnings (Bug report by Viktor Szakats). Fixed some bad links in the man page. - Change "n bit" to "n-bit" in comments. + Changed "n bit" to "n-bit" in comments. + Changed 0xnnnn constants to 0xnnnnUL. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index a0895b158..ca44ba264 100644 --- a/CHANGES +++ b/CHANGES @@ -5319,14 +5319,15 @@ Version 1.6.19beta01 [July 30, 2015] Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c Fixed uninitialized variable in contrib/gregbook/rpng2-x.c -Version 1.6.19beta02 [August 14, 2015] +Version 1.6.19beta02 [August 17, 2015] Moved config.h.in~ from the "libpng_autotools_files" list to the "libpng_autotools_extra" list in autogen.sh because it was causing a false positive for missing files (bug report by Robert C. Seacord). Removed unreachable "break" statements in png.c, pngread.c, and pngrtran.c to suppress clang warnings (Bug report by Viktor Szakats). Fixed some bad links in the man page. - Change "n bit" to "n-bit" in comments. + Changed "n bit" to "n-bit" in comments. + Changed 0xnnnn constants to 0xnnnnUL. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/libpng-manual.txt b/libpng-manual.txt index a5c814b14..b06a77bcb 100644 --- a/libpng-manual.txt +++ b/libpng-manual.txt @@ -1,6 +1,6 @@ libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.6.19beta02 - August 11, 2015 + libpng version 1.6.19beta02 - August 17, 2015 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2015 Glenn Randers-Pehrson @@ -11,7 +11,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.6.19beta02 - August 11, 2015 + libpng versions 0.97, January 1998, through 1.6.19beta02 - August 17, 2015 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2015 Glenn Randers-Pehrson @@ -650,6 +650,7 @@ User limits The PNG specification allows the width and height of an image to be as large as 2^31-1 (0x7fffffff), or about 2.147 billion rows and columns. +For safety, libpng imposes a default limit of 1 million rows and columns. Larger images will be rejected immediately with a png_error() call. If you wish to change these limits, you can use @@ -670,8 +671,11 @@ If you need to retrieve the limits that are being applied, use height_max = png_get_user_height_max(png_ptr); The PNG specification sets no limit on the number of ancillary chunks -allowed in a PNG datastream. You can impose a limit on the total number -of sPLT, tEXt, iTXt, zTXt, and unknown chunks that will be stored, with +allowed in a PNG datastream. By default, libpng imposes a limit of +a total of 1000 sPLT, tEXt, iTXt, zTXt, and unknown chunks to be stored. +If you have set up both info_ptr and end_info_ptr, the limit applies +separately to each. You can change the limit on the total number of such +chunks that will be stored, with png_set_chunk_cache_max(png_ptr, user_chunk_cache_max); @@ -679,8 +683,9 @@ where 0x7fffffffL means unlimited. You can retrieve this limit with chunk_cache_max = png_get_chunk_cache_max(png_ptr); -You can also set a limit on the amount of memory that a compressed chunk -other than IDAT can occupy, with +Libpng imposes a limit of 8 Megabytes (8,000,000 bytes) on the amount of +memory that a compressed chunk other than IDAT can occupy, when decompressed. +You can change this limit with png_set_chunk_malloc_max(png_ptr, user_chunk_malloc_max); @@ -5288,10 +5293,12 @@ We prefer #ifdef and #ifndef to #if defined() and #if !defined() when there is only one macro being tested. We always use parentheses with "defined". -We prefer to express integers that are used as bit masks in hex format, -with an even number of lower-case hex digits (e.g., 0x00, 0xff, 0x0100). +We express integer constants that are used as bit masks in hex format, +with an even number of lower-case hex digits, and to make them unsigned +(e.g., 0x00U, 0xffU, 0x0100U) and long if they are greater than 0x7fff +(e.g., 0xffffUL). -We prefer to use underscores in variable names rather than camelCase, except +We prefer to use underscores rather than camelCase in names, except for a few type names that we inherit from zlib.h. We prefer "if (something != 0)" and "if (something == 0)" @@ -5305,7 +5312,7 @@ Other rules can be inferred by inspecting the libpng source. XVI. Y2K Compliance in libpng -August 11, 2015 +August 17, 2015 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. diff --git a/libpng.3 b/libpng.3 index 1c3f42628..14b1ac828 100644 --- a/libpng.3 +++ b/libpng.3 @@ -1,4 +1,4 @@ -.TH LIBPNG 3 "August 11, 2015" +.TH LIBPNG 3 "August 17, 2015" .SH NAME libpng \- Portable Network Graphics (PNG) Reference Library 1.6.19beta02 .SH SYNOPSIS @@ -508,7 +508,7 @@ Following is a copy of the libpng-manual.txt file that accompanies libpng. .SH LIBPNG.TXT libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.6.19beta02 - August 11, 2015 + libpng version 1.6.19beta02 - August 17, 2015 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2015 Glenn Randers-Pehrson @@ -519,7 +519,7 @@ libpng-manual.txt - A description on how to use and modify libpng Based on: - libpng versions 0.97, January 1998, through 1.6.19beta02 - August 11, 2015 + libpng versions 0.97, January 1998, through 1.6.19beta02 - August 17, 2015 Updated and distributed by Glenn Randers-Pehrson Copyright (c) 1998-2015 Glenn Randers-Pehrson @@ -1158,6 +1158,7 @@ callback function: The PNG specification allows the width and height of an image to be as large as 2^(31\-1 (0x7fffffff), or about 2.147 billion rows and columns. +For safety, libpng imposes a default limit of 1 million rows and columns. Larger images will be rejected immediately with a png_error() call. If you wish to change these limits, you can use @@ -1178,8 +1179,11 @@ If you need to retrieve the limits that are being applied, use height_max = png_get_user_height_max(png_ptr); The PNG specification sets no limit on the number of ancillary chunks -allowed in a PNG datastream. You can impose a limit on the total number -of sPLT, tEXt, iTXt, zTXt, and unknown chunks that will be stored, with +allowed in a PNG datastream. By default, libpng imposes a limit of +a total of 1000 sPLT, tEXt, iTXt, zTXt, and unknown chunks to be stored. +If you have set up both info_ptr and end_info_ptr, the limit applies +separately to each. You can change the limit on the total number of such +chunks that will be stored, with png_set_chunk_cache_max(png_ptr, user_chunk_cache_max); @@ -1187,8 +1191,9 @@ where 0x7fffffffL means unlimited. You can retrieve this limit with chunk_cache_max = png_get_chunk_cache_max(png_ptr); -You can also set a limit on the amount of memory that a compressed chunk -other than IDAT can occupy, with +Libpng imposes a limit of 8 Megabytes (8,000,000 bytes) on the amount of +memory that a compressed chunk other than IDAT can occupy, when decompressed. +You can change this limit with png_set_chunk_malloc_max(png_ptr, user_chunk_malloc_max); @@ -5796,10 +5801,12 @@ We prefer #ifdef and #ifndef to #if defined() and #if !defined() when there is only one macro being tested. We always use parentheses with "defined". -We prefer to express integers that are used as bit masks in hex format, -with an even number of lower-case hex digits (e.g., 0x00, 0xff, 0x0100). +We express integer constants that are used as bit masks in hex format, +with an even number of lower-case hex digits, and to make them unsigned +(e.g., 0x00U, 0xffU, 0x0100U) and long if they are greater than 0x7fff +(e.g., 0xffffUL). -We prefer to use underscores in variable names rather than camelCase, except +We prefer to use underscores rather than camelCase in names, except for a few type names that we inherit from zlib.h. We prefer "if (something != 0)" and "if (something == 0)" @@ -5813,7 +5820,7 @@ Other rules can be inferred by inspecting the libpng source. .SH XVI. Y2K Compliance in libpng -August 11, 2015 +August 17, 2015 Since the PNG Development group is an ad-hoc body, we can't make an official declaration. @@ -6134,7 +6141,7 @@ possible without all of you. Thanks to Frank J. T. Wojcik for helping with the documentation. -Libpng version 1.6.19beta02 - August 11, 2015: +Libpng version 1.6.19beta02 - August 17, 2015: Initially created in 1995 by Guy Eric Schalnat, then of Group 42, Inc. Currently maintained by Glenn Randers-Pehrson (glennrp at users.sourceforge.net). @@ -6157,7 +6164,7 @@ this sentence. This code is released under the libpng license. -libpng versions 1.0.7, July 1, 2000, through 1.6.19beta02, August 11, 2015, are +libpng versions 1.0.7, July 1, 2000, through 1.6.19beta02, August 17, 2015, are Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, and are distributed according to the same disclaimer and license as libpng-1.0.6 with the following individuals added to the list of Contributing Authors: @@ -6251,7 +6258,7 @@ the additional disclaimers inserted at version 1.0.7. Glenn Randers-Pehrson glennrp at users.sourceforge.net -August 11, 2015 +August 17, 2015 .\" end of man page diff --git a/png.c b/png.c index d28ba4bd2..8af9dc0ec 100644 --- a/png.c +++ b/png.c @@ -769,13 +769,13 @@ png_get_copyright(png_const_structrp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.19beta02 - August 14, 2015" PNG_STRING_NEWLINE \ + "libpng version 1.6.19beta02 - August 17, 2015" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2015 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.6.19beta02 - August 14, 2015\ + return "libpng version 1.6.19beta02 - August 17, 2015\ Copyright (c) 1998-2015 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; @@ -1967,7 +1967,7 @@ png_icc_check_header(png_const_structrp png_ptr, png_colorspacerp colorspace, * 16 bits. */ temp = png_get_uint_32(profile+64); - if (temp >= 0xffff) /* The ICC limit */ + if (temp >= 0xffffUL) /* The ICC limit */ return png_icc_profile_error(png_ptr, colorspace, name, temp, "invalid rendering intent"); @@ -3283,15 +3283,15 @@ png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times, /* Following can't overflow because the arguments only * have 31 bits each, however the result may be 32 bits. */ - s16 = (A >> 16) * (T & 0xffff) + - (A & 0xffff) * (T >> 16); + s16 = (A >> 16) * (T & 0xffffUL) + + (A & 0xffffUL) * (T >> 16); /* Can't overflow because the a*times bit is only 30 * bits at most. */ s32 = (A >> 16) * (T >> 16) + (s16 >> 16); - s00 = (A & 0xffff) * (T & 0xffff); + s00 = (A & 0xffffUL) * (T & 0xffffUL); - s16 = (s16 & 0xffff) << 16; + s16 = (s16 & 0xffffUL) << 16; s00 += s16; if (s00 < s16) @@ -3584,19 +3584,19 @@ png_log16bit(png_uint_32 x) unsigned int lg2 = 0; /* As above, but now the input has 16 bits. */ - if ((x &= 0xffff) == 0) + if ((x &= 0xffffUL) == 0) return -1; - if ((x & 0xff00) == 0) + if ((x & 0xff00UL) == 0) lg2 = 8, x <<= 8; - if ((x & 0xf000) == 0) + if ((x & 0xf000UL) == 0) lg2 += 4, x <<= 4; - if ((x & 0xc000) == 0) + if ((x & 0xc000UL) == 0) lg2 += 2, x <<= 2; - if ((x & 0x8000) == 0) + if ((x & 0x8000UL) == 0) lg2 += 1, x <<= 1; /* Calculate the base logarithm from the top 8 bits as a 28-bit fractional @@ -3729,7 +3729,7 @@ png_exp8bit(png_fixed_point lg2) * step. */ x -= x >> 8; - return (png_byte)(((x + 0x7fffffU) >> 24) & 0xff); + return (png_byte)(((x + 0x7fffff) >> 24) & 0xff); } #ifdef PNG_16BIT_SUPPORTED @@ -3989,7 +3989,7 @@ png_build_16to8_table(png_structrp png_ptr, png_uint_16pp *ptable, /* And fill in the final entries. */ while (last < (num << 8)) { - table[last & (0xff >> shift)][last >> (8U - shift)] = 65535U; + table[last & (0xffU >> shift)][last >> (8U - shift)] = 65535U; last++; } } diff --git a/png.h b/png.h index 84f22df90..8c2004e1e 100644 --- a/png.h +++ b/png.h @@ -1,7 +1,7 @@ /* png.h - header file for PNG reference library * - * libpng version 1.6.19beta02, August 14, 2015 + * libpng version 1.6.19beta02, August 17, 2015 * * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) @@ -12,7 +12,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.6.19beta02, August 14, 2015: Glenn + * libpng versions 0.97, January 1998, through 1.6.19beta02, August 17, 2015: Glenn * See also "Contributing Authors", below. * * Note about libpng version numbers: @@ -251,7 +251,7 @@ * * This code is released under the libpng license. * - * libpng versions 1.0.7, July 1, 2000, through 1.6.19beta02, August 14, 2015, are + * libpng versions 1.0.7, July 1, 2000, through 1.6.19beta02, August 17, 2015, are * Copyright (c) 2000-2002, 2004, 2006-2015 Glenn Randers-Pehrson, and are * distributed according to the same disclaimer and license as libpng-1.0.6 * with the following individuals added to the list of Contributing Authors: @@ -360,7 +360,7 @@ * Y2K compliance in libpng: * ========================= * - * August 14, 2015 + * August 17, 2015 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. @@ -430,7 +430,7 @@ /* Version information for png.h - this should match the version in png.c */ #define PNG_LIBPNG_VER_STRING "1.6.19beta02" #define PNG_HEADER_VERSION_STRING \ - " libpng version 1.6.19beta02 - August 14, 2015\n" + " libpng version 1.6.19beta02 - August 17, 2015\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 diff --git a/pngread.c b/pngread.c index 29cbc00f4..22054e1c9 100644 --- a/pngread.c +++ b/pngread.c @@ -359,8 +359,8 @@ png_do_read_intrapixel(png_row_infop row_info, png_bytep row) png_uint_32 s0 = (*(rp ) << 8) | *(rp + 1); png_uint_32 s1 = (*(rp + 2) << 8) | *(rp + 3); png_uint_32 s2 = (*(rp + 4) << 8) | *(rp + 5); - png_uint_32 red = (s0 + s1 + 65536) & 0xffff; - png_uint_32 blue = (s2 + s1 + 65536) & 0xffff; + png_uint_32 red = (s0 + s1 + 65536) & 0xffffUL; + png_uint_32 blue = (s2 + s1 + 65536) & 0xffffUL; *(rp ) = (png_byte)((red >> 8) & 0xff); *(rp + 1) = (png_byte)(red & 0xff); *(rp + 4) = (png_byte)((blue >> 8) & 0xff); diff --git a/pngrtran.c b/pngrtran.c index 6406c04f2..ad25dc86f 100644 --- a/pngrtran.c +++ b/pngrtran.c @@ -3642,7 +3642,7 @@ png_do_compose(png_row_infop row_info, png_bytep row, png_structrp png_ptr) png_uint_16 a = (png_uint_16)(((*(sp + 2)) << 8) + *(sp + 3)); - if (a == (png_uint_16)0xffff) + if (a == (png_uint_16)0xffffL) { png_uint_16 v; @@ -3691,7 +3691,7 @@ png_do_compose(png_row_infop row_info, png_bytep row, png_structrp png_ptr) *(sp + 1) = (png_byte)(png_ptr->background.gray & 0xff); } - else if (a < 0xffff) + else if (a < 0xffffL) { png_uint_16 g, v; @@ -3795,7 +3795,7 @@ png_do_compose(png_row_infop row_info, png_bytep row, png_structrp png_ptr) png_uint_16 a = (png_uint_16)(((png_uint_16)(*(sp + 6)) << 8) + (png_uint_16)(*(sp + 7))); - if (a == (png_uint_16)0xffff) + if (a == (png_uint_16)0xffffL) { png_uint_16 v; @@ -3881,7 +3881,7 @@ png_do_compose(png_row_infop row_info, png_bytep row, png_structrp png_ptr) *(sp + 5) = (png_byte)(png_ptr->background.blue & 0xff); } - else if (a < 0xffff) + else if (a < 0xffffL) { png_uint_16 v; diff --git a/pngwrite.c b/pngwrite.c index 2da3f01f3..c3374b189 100644 --- a/pngwrite.c +++ b/pngwrite.c @@ -669,8 +669,8 @@ png_do_write_intrapixel(png_row_infop row_info, png_bytep row) png_uint_32 s0 = (*(rp ) << 8) | *(rp + 1); png_uint_32 s1 = (*(rp + 2) << 8) | *(rp + 3); png_uint_32 s2 = (*(rp + 4) << 8) | *(rp + 5); - png_uint_32 red = (png_uint_32)((s0 - s1) & 0xffffL); - png_uint_32 blue = (png_uint_32)((s2 - s1) & 0xffffL); + png_uint_32 red = (png_uint_32)((s0 - s1) & 0xffffUL); + png_uint_32 blue = (png_uint_32)((s2 - s1) & 0xffffUL); *(rp ) = (png_byte)(red >> 8); *(rp + 1) = (png_byte)red; *(rp + 4) = (png_byte)(blue >> 8); @@ -1570,7 +1570,7 @@ png_write_image_16bit(png_voidp argument) * is only initialized when required. */ if (alpha > 0 && alpha < 65535) - reciprocal = ((0xffff<<15)+(alpha>>1))/alpha; + reciprocal = ((0xffffUL<<15)+(alpha>>1))/alpha; c = channels; do /* always at least one channel */ @@ -1621,7 +1621,7 @@ png_write_image_16bit(png_voidp argument) * calculation can be done to 15 bits of accuracy; however, the output needs to * be scaled in the range 0..255*65535, so include that scaling here. */ -# define UNP_RECIPROCAL(alpha) ((((0xffff*0xff)<<7)+(alpha>>1))/alpha) +# define UNP_RECIPROCAL(alpha) ((((0xffffUL*0xffU)<<7)+(alpha>>1))/alpha) static png_byte png_unpremultiply(png_uint_32 component, png_uint_32 alpha, @@ -1836,7 +1836,7 @@ png_image_set_PLTE(png_image_write_control *display) * divided by 128 (i.e. asr 7). */ if (alphabyte > 0 && alphabyte < 255) - reciprocal = (((0xffff*0xff)<<7)+(alpha>>1))/alpha; + reciprocal = (((0xffffUL*0xffU)<<7)+(alpha>>1))/alpha; tRNS[i] = alphabyte; if (alphabyte < 255) diff --git a/pngwutil.c b/pngwutil.c index 957527584..80307aec7 100644 --- a/pngwutil.c +++ b/pngwutil.c @@ -237,7 +237,7 @@ png_image_size(png_structrp png_ptr) } else - return 0xffffffffU; + return 0xffffffff; } #ifdef PNG_WRITE_OPTIMIZE_CMF_SUPPORTED