From bd76965879ff5af537faf19f41db57034e12721b Mon Sep 17 00:00:00 2001 From: Glenn Randers-Pehrson Date: Tue, 27 Jan 2015 06:53:56 -0600 Subject: [PATCH] [libpng16] Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and pngset.c to avoid warnings about dead code. --- ANNOUNCE | 7 +++-- CHANGES | 5 +++- png.c | 83 +++++++++++++++++++++++++++--------------------------- pngrutil.c | 2 ++ pngset.c | 53 +++++++++++++++++++++++++--------- 5 files changed, 93 insertions(+), 57 deletions(-) diff --git a/ANNOUNCE b/ANNOUNCE index a83abf351..7cf3124bb 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -1,4 +1,4 @@ -Libpng 1.6.17beta01 - January 13, 2015 +Libpng 1.6.17beta01 - January 27, 2015 This is not intended to be a public release. It will be replaced within a few weeks by a public version or by another test version. @@ -25,7 +25,7 @@ Other information: Changes since the last public release (1.6.16): -Version 1.6.17beta01 [January 13, 2015] +Version 1.6.17beta01 [January 27, 2015] Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h Corrected the width limit calculation in png_check_IHDR(). Removed user limits from pngfix. Also pass NULL pointers to @@ -36,6 +36,9 @@ Version 1.6.17beta01 [January 13, 2015] Fixed byte order in 2-byte filler, in png_do_read_filler(). Made the check for out-of-range values in png_set_tRNS() detect values that are exactly 2^bit_depth, and work on 16-bit platforms. + Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. + Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and + pngset.c to avoid warnings about dead code. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/CHANGES b/CHANGES index 1925dcd8b..e0a9bd7bc 100644 --- a/CHANGES +++ b/CHANGES @@ -5126,7 +5126,7 @@ Version 1.6.16rc03 [December 21, 2014] Version 1.6.16 [December 22, 2014] No changes. -Version 1.6.17beta01 [January 13, 2015] +Version 1.6.17beta01 [January 27, 2015] Removed duplicate PNG_SAFE_LIMITS_SUPPORTED handling from pngconf.h Corrected the width limit calculation in png_check_IHDR(). Removed user limits from pngfix. Also pass NULL pointers to @@ -5137,6 +5137,9 @@ Version 1.6.17beta01 [January 13, 2015] Fixed byte order in 2-byte filler, in png_do_read_filler(). Made the check for out-of-range values in png_set_tRNS() detect values that are exactly 2^bit_depth, and work on 16-bit platforms. + Merged some parts of libpng-1.6.17beta01 and libpng-1.7.0beta47. + Added #ifndef __COVERITY__ where needed in png.c, pngrutil.c and + pngset.c to avoid warnings about dead code. Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit diff --git a/png.c b/png.c index 272f5c7d1..d7de44e65 100644 --- a/png.c +++ b/png.c @@ -1,8 +1,8 @@ /* png.c - location for general purpose libpng functions * - * Last changed in libpng 1.6.16 [December 22, 2014] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Last changed in libpng 1.6.17 [(PENDING RELEASE)] + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -140,8 +140,10 @@ png_calculate_crc(png_structrp png_ptr, png_const_bytep ptr, png_size_t length) do { uInt safe_length = (uInt)length; +#ifndef __COVERITY__ if (safe_length == 0) safe_length = (uInt)-1; /* evil, but safe */ +#endif crc = crc32(crc, ptr, safe_length); @@ -476,9 +478,10 @@ png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask, /* Free any tRNS entry */ if (((mask & PNG_FREE_TRNS) & info_ptr->free_me) != 0) { + info_ptr->valid &= ~PNG_INFO_tRNS; png_free(png_ptr, info_ptr->trans_alpha); info_ptr->trans_alpha = NULL; - info_ptr->valid &= ~PNG_INFO_tRNS; + info_ptr->num_trans = 0; } #endif @@ -666,7 +669,7 @@ png_init_io(png_structrp png_ptr, png_FILE_p fp) } # endif -#ifdef PNG_SAVE_INT_32_SUPPORTED +# ifdef PNG_SAVE_INT_32_SUPPORTED /* The png_save_int_32 function assumes integers are stored in two's * complement format. If this isn't the case, then this routine needs to * be modified to write data in two's complement format. Note that, @@ -681,7 +684,7 @@ png_save_int_32(png_bytep buf, png_int_32 i) buf[2] = (png_byte)((i >> 8) & 0xff); buf[3] = (png_byte)(i & 0xff); } -#endif +# endif # ifdef PNG_TIME_RFC1123_SUPPORTED /* Convert the supplied time into an RFC 1123 string suitable for use in @@ -734,7 +737,7 @@ png_convert_to_rfc1123_buffer(char out[29], png_const_timep ptime) return 1; } -# if PNG_LIBPNG_VER < 10700 +# if PNG_LIBPNG_VER < 10700 /* To do: remove the following from libpng-1.7 */ /* Original API that uses a private buffer in png_struct. * Deprecated because it causes png_struct to carry a spurious temporary @@ -755,7 +758,7 @@ png_convert_to_rfc1123(png_structrp png_ptr, png_const_timep ptime) return NULL; } -# endif +# endif /* LIBPNG_VER < 10700 */ # endif /* TIME_RFC1123 */ #endif /* READ || WRITE */ @@ -769,13 +772,13 @@ png_get_copyright(png_const_structrp png_ptr) #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.17beta01 - January 1, 2015" PNG_STRING_NEWLINE \ + "libpng version 1.6.17beta01 - January 27, 2015" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2015 Glenn Randers-Pehrson" PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.6.17beta01 - January 1, 2015\ + return "libpng version 1.6.17beta01 - January 27, 2015\ Copyright (c) 1998-2015 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; @@ -2324,8 +2327,8 @@ png_compare_ICC_profile_with_sRGB(png_const_structrp png_ptr, */ else if (png_sRGB_checks[i].have_md5 == 0) { - png_chunk_report(png_ptr, "out-of-date sRGB profile with" - " no signature", + png_chunk_report(png_ptr, + "out-of-date sRGB profile with no signature", PNG_CHUNK_WARNING); } @@ -2338,8 +2341,8 @@ png_compare_ICC_profile_with_sRGB(png_const_structrp png_ptr, * way. This probably indicates a data error or uninformed hacking. * Fall through to "no match". */ - png_chunk_report(png_ptr, "Not recognizing known sRGB profile that" - " has been edited", + png_chunk_report(png_ptr, + "Not recognizing known sRGB profile that has been edited", PNG_CHUNK_WARNING); break; # endif @@ -2486,13 +2489,14 @@ png_check_IHDR(png_const_structrp png_ptr, png_warning(png_ptr, "Image width is zero in IHDR"); error = 1; } - else if (width > PNG_UINT_31_MAX) + + if (width > PNG_UINT_31_MAX) { png_warning(png_ptr, "Invalid image width in IHDR"); error = 1; } - else if (png_gt(((width + 7) & (~7)), + if (png_gt(((width + 7) & (~7)), ((PNG_SIZE_MAX - 48 /* big_row_buf hack */ - 1) /* filter byte */ @@ -2513,17 +2517,15 @@ png_check_IHDR(png_const_structrp png_ptr, png_warning(png_ptr, "Image width is too large for this architecture"); error = 1; } - else + +#ifdef PNG_SET_USER_LIMITS_SUPPORTED + if (width > png_ptr->user_width_max) +#else + if (width > PNG_USER_WIDTH_MAX) +#endif { -# ifdef PNG_SET_USER_LIMITS_SUPPORTED - if (width > png_ptr->user_width_max) -# else - if (width > PNG_USER_WIDTH_MAX) -# endif - { - png_warning(png_ptr, "Image width exceeds user limit in IHDR"); - error = 1; - } + png_warning(png_ptr, "Image width exceeds user limit in IHDR"); + error = 1; } if (height == 0) @@ -2531,22 +2533,21 @@ png_check_IHDR(png_const_structrp png_ptr, png_warning(png_ptr, "Image height is zero in IHDR"); error = 1; } - else if (height > PNG_UINT_31_MAX) + + if (height > PNG_UINT_31_MAX) { png_warning(png_ptr, "Invalid image height in IHDR"); error = 1; } - else + +#ifdef PNG_SET_USER_LIMITS_SUPPORTED + if (height > png_ptr->user_height_max) +#else + if (height > PNG_USER_HEIGHT_MAX) +#endif { -# ifdef PNG_SET_USER_LIMITS_SUPPORTED - if (height > png_ptr->user_height_max) -# else - if (height > PNG_USER_HEIGHT_MAX) -# endif - { - png_warning(png_ptr, "Image height exceeds user limit in IHDR"); - error = 1; - } + png_warning(png_ptr, "Image height exceeds user limit in IHDR"); + error = 1; } /* Check other values */ @@ -2585,7 +2586,7 @@ png_check_IHDR(png_const_structrp png_ptr, error = 1; } -# ifdef PNG_MNG_FEATURES_SUPPORTED +#ifdef PNG_MNG_FEATURES_SUPPORTED /* Accept filter_method 64 (intrapixel differencing) only if * 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and * 2. Libpng did not read a PNG signature (this filter_method is only @@ -2618,13 +2619,13 @@ png_check_IHDR(png_const_structrp png_ptr, } } -# else +#else if (filter_type != PNG_FILTER_TYPE_BASE) { png_warning(png_ptr, "Unknown filter method in IHDR"); error = 1; } -# endif +#endif if (error == 1) png_error(png_ptr, "Invalid IHDR data"); @@ -3206,7 +3207,7 @@ png_ascii_from_fixed(png_const_structrp png_ptr, png_charp ascii, png_error(png_ptr, "ASCII conversion buffer too small"); } # endif /* FIXED_POINT */ -#endif /* READ_SCAL */ +#endif /* SCAL */ #if defined(PNG_FLOATING_POINT_SUPPORTED) && \ !defined(PNG_FIXED_POINT_MACRO_SUPPORTED) && \ @@ -3224,7 +3225,7 @@ png_fixed(png_const_structrp png_ptr, double fp, png_const_charp text) png_fixed_error(png_ptr, text); # ifndef PNG_ERROR_TEXT_SUPPORTED - PNG_UNUSED(text) + PNG_UNUSED(text) # endif return (png_fixed_point)r; diff --git a/pngrutil.c b/pngrutil.c index 645bbf241..bee19a652 100644 --- a/pngrutil.c +++ b/pngrutil.c @@ -1515,8 +1515,10 @@ png_handle_iCCP(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) else if (size > 0) errmsg = "truncated"; +#ifndef __COVERITY__ else errmsg = png_ptr->zstream.msg; +#endif } /* else png_icc_check_tag_table output an error */ diff --git a/pngset.c b/pngset.c index 5aaed946e..57407301c 100644 --- a/pngset.c +++ b/pngset.c @@ -2,7 +2,7 @@ /* pngset.c - storage of image information into info struct * * Last changed in libpng 1.6.17 [(PENDING RELEASE)] - * Copyright (c) 1998-2014 Glenn Randers-Pehrson + * Copyright (c) 1998-2015 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -190,6 +190,7 @@ png_set_hIST(png_const_structrp png_ptr, png_inforp info_ptr, if (info_ptr->hist == NULL) { png_warning(png_ptr, "Insufficient memory for hIST chunk data"); + return; } @@ -271,7 +272,7 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforp info_ptr, png_debug1(1, "in %s storage function", "pCAL"); if (png_ptr == NULL || info_ptr == NULL || purpose == NULL || units == NULL - || (nparams > 0 && params == NULL)) + || (nparams > 0 && params == NULL)) return; length = strlen(purpose) + 1; @@ -301,6 +302,7 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforp info_ptr, if (info_ptr->pcal_purpose == NULL) { png_warning(png_ptr, "Insufficient memory for pCAL purpose"); + return; } @@ -322,6 +324,7 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforp info_ptr, if (info_ptr->pcal_units == NULL) { png_warning(png_ptr, "Insufficient memory for pCAL units"); + return; } @@ -333,6 +336,7 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforp info_ptr, if (info_ptr->pcal_params == NULL) { png_warning(png_ptr, "Insufficient memory for pCAL params"); + return; } @@ -349,6 +353,7 @@ png_set_pCAL(png_const_structrp png_ptr, png_inforp info_ptr, if (info_ptr->pcal_params[i] == NULL) { png_warning(png_ptr, "Insufficient memory for pCAL parameter"); + return; } @@ -398,6 +403,7 @@ png_set_sCAL_s(png_const_structrp png_ptr, png_inforp info_ptr, if (info_ptr->scal_s_width == NULL) { png_warning(png_ptr, "Memory allocation failed while processing sCAL"); + return; } @@ -416,6 +422,7 @@ png_set_sCAL_s(png_const_structrp png_ptr, png_inforp info_ptr, info_ptr->scal_s_width = NULL; png_warning(png_ptr, "Memory allocation failed while processing sCAL"); + return; } @@ -519,6 +526,7 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr, else { png_warning(png_ptr, "Invalid palette length"); + return; } } @@ -531,7 +539,6 @@ png_set_PLTE(png_structrp png_ptr, png_inforp info_ptr, )) { png_error(png_ptr, "Invalid palette"); - return; } /* It may not actually be necessary to set png_ptr->palette here; @@ -655,6 +662,7 @@ png_set_iCCP(png_const_structrp png_ptr, png_inforp info_ptr, if (new_iccp_name == NULL) { png_benign_error(png_ptr, "Insufficient memory to process iCCP chunk"); + return; } @@ -668,6 +676,7 @@ png_set_iCCP(png_const_structrp png_ptr, png_inforp info_ptr, new_iccp_name = NULL; png_benign_error(png_ptr, "Insufficient memory to process iCCP profile"); + return; } @@ -743,6 +752,7 @@ png_set_text_2(png_const_structrp png_ptr, png_inforp info_ptr, { png_chunk_report(png_ptr, "too many text chunks", PNG_CHUNK_WRITE_ERROR); + return 1; } @@ -798,7 +808,7 @@ png_set_text_2(png_const_structrp png_ptr, png_inforp info_ptr, else lang_key_len = 0; } -# else /* PNG_iTXt_SUPPORTED */ +# else /* iTXt */ { png_chunk_report(png_ptr, "iTXt chunk not supported", PNG_CHUNK_WRITE_ERROR); @@ -831,6 +841,7 @@ png_set_text_2(png_const_structrp png_ptr, png_inforp info_ptr, { png_chunk_report(png_ptr, "text chunk: out of memory", PNG_CHUNK_WRITE_ERROR); + return 1; } @@ -904,6 +915,7 @@ png_set_tIME(png_const_structrp png_ptr, png_inforp info_ptr, mod_time->second > 60) { png_warning(png_ptr, "Ignoring invalid time value"); + return; } @@ -920,6 +932,7 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr, png_debug1(1, "in %s storage function", "tRNS"); if (png_ptr == NULL || info_ptr == NULL) + return; if (trans_alpha != NULL) @@ -945,9 +958,10 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr, if (trans_color != NULL) { +#ifdef PNG_WARNINGS_SUPPORTED if (info_ptr->bit_depth < 16) { - unsigned int sample_max = (1U << info_ptr->bit_depth) - 1U; + int sample_max = (1 << info_ptr->bit_depth) - 1; if ((info_ptr->color_type == PNG_COLOR_TYPE_GRAY && trans_color->gray > sample_max) || @@ -955,14 +969,15 @@ png_set_tRNS(png_structrp png_ptr, png_inforp info_ptr, (trans_color->red > sample_max || trans_color->green > sample_max || trans_color->blue > sample_max))) - png_warning(png_ptr, - "tRNS chunk has out-of-range samples for bit_depth"); + png_warning(png_ptr, + "tRNS chunk has out-of-range samples for bit_depth"); } +#endif + + info_ptr->trans_color = *trans_color; if (num_trans == 0) num_trans = 1; - - info_ptr->trans_color = *trans_color; } info_ptr->num_trans = (png_uint_16)num_trans; @@ -1004,6 +1019,7 @@ png_set_sPLT(png_const_structrp png_ptr, { /* Out of memory or too many chunks */ png_chunk_report(png_ptr, "too many sPLT chunks", PNG_CHUNK_WRITE_ERROR); + return; } @@ -1119,7 +1135,7 @@ png_set_unknown_chunks(png_const_structrp png_ptr, png_unknown_chunkp np; if (png_ptr == NULL || info_ptr == NULL || num_unknowns <= 0 || - unknowns == NULL) + unknowns == NULL) return; /* Check for the failure cases where support has been disabled at compile @@ -1133,6 +1149,7 @@ png_set_unknown_chunks(png_const_structrp png_ptr, if ((png_ptr->mode & PNG_IS_READ_STRUCT) != 0) { png_app_error(png_ptr, "no unknown chunk support on read"); + return; } # endif @@ -1141,6 +1158,7 @@ png_set_unknown_chunks(png_const_structrp png_ptr, if ((png_ptr->mode & PNG_IS_READ_STRUCT) == 0) { png_app_error(png_ptr, "no unknown chunk support on write"); + return; } # endif @@ -1158,6 +1176,7 @@ png_set_unknown_chunks(png_const_structrp png_ptr, { png_chunk_report(png_ptr, "too many unknown chunks", PNG_CHUNK_WRITE_ERROR); + return; } @@ -1267,6 +1286,7 @@ add_one_chunk(png_bytep list, unsigned int count, png_const_bytep add, int keep) if (memcmp(list, add, 4) == 0) { list[4] = (png_byte)keep; + return count; } } @@ -1294,6 +1314,7 @@ png_set_keep_unknown_chunks(png_structrp png_ptr, int keep, if (keep < 0 || keep >= PNG_HANDLE_CHUNK_LAST) { png_app_error(png_ptr, "png_set_keep_unknown_chunks: invalid keep"); + return; } @@ -1343,6 +1364,7 @@ png_set_keep_unknown_chunks(png_structrp png_ptr, int keep, * which can be switched off. */ png_app_error(png_ptr, "png_set_keep_unknown_chunks: no chunk list"); + return; } @@ -1358,6 +1380,7 @@ png_set_keep_unknown_chunks(png_structrp png_ptr, int keep, if (num_chunks + old_num_chunks > UINT_MAX/5) { png_app_error(png_ptr, "png_set_keep_unknown_chunks: too many chunks"); + return; } @@ -1495,23 +1518,27 @@ png_set_compression_buffer_size(png_structrp png_ptr, png_size_t size) { png_warning(png_ptr, "Compression buffer size cannot be changed because it is in use"); + return; } +#ifndef __COVERITY__ if (size > ZLIB_IO_MAX) { png_warning(png_ptr, "Compression buffer size limited to system maximum"); size = ZLIB_IO_MAX; /* must fit */ } +#endif - else if (size < 6) + if (size < 6) { /* Deflate will potentially go into an infinite loop on a SYNC_FLUSH * if this is permitted. */ png_warning(png_ptr, "Compression buffer size cannot be reduced below 6"); + return; } @@ -1553,8 +1580,8 @@ png_set_user_limits (png_structrp png_ptr, png_uint_32 user_width_max, void PNGAPI png_set_chunk_cache_max (png_structrp png_ptr, png_uint_32 user_chunk_cache_max) { - if (png_ptr != NULL) - png_ptr->user_chunk_cache_max = user_chunk_cache_max; + if (png_ptr != NULL) + png_ptr->user_chunk_cache_max = user_chunk_cache_max; } /* This function was added to libpng 1.4.1 */