1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/media/libpng/pngmem.c Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,281 @@
1.4 +
1.5 +/* pngmem.c - stub functions for memory allocation
1.6 + *
1.7 + * Last changed in libpng 1.6.8 [December 19, 2013]
1.8 + * Copyright (c) 1998-2013 Glenn Randers-Pehrson
1.9 + * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
1.10 + * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
1.11 + *
1.12 + * This code is released under the libpng license.
1.13 + * For conditions of distribution and use, see the disclaimer
1.14 + * and license in png.h
1.15 + *
1.16 + * This file provides a location for all memory allocation. Users who
1.17 + * need special memory handling are expected to supply replacement
1.18 + * functions for png_malloc() and png_free(), and to use
1.19 + * png_create_read_struct_2() and png_create_write_struct_2() to
1.20 + * identify the replacement functions.
1.21 + */
1.22 +
1.23 +#include "pngpriv.h"
1.24 +
1.25 +#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
1.26 +/* Free a png_struct */
1.27 +void /* PRIVATE */
1.28 +png_destroy_png_struct(png_structrp png_ptr)
1.29 +{
1.30 + if (png_ptr != NULL)
1.31 + {
1.32 + /* png_free might call png_error and may certainly call
1.33 + * png_get_mem_ptr, so fake a temporary png_struct to support this.
1.34 + */
1.35 + png_struct dummy_struct = *png_ptr;
1.36 + memset(png_ptr, 0, (sizeof *png_ptr));
1.37 + png_free(&dummy_struct, png_ptr);
1.38 +
1.39 +# ifdef PNG_SETJMP_SUPPORTED
1.40 + /* We may have a jmp_buf left to deallocate. */
1.41 + png_free_jmpbuf(&dummy_struct);
1.42 +# endif
1.43 + }
1.44 +}
1.45 +
1.46 +/* Allocate memory. For reasonable files, size should never exceed
1.47 + * 64K. However, zlib may allocate more then 64K if you don't tell
1.48 + * it not to. See zconf.h and png.h for more information. zlib does
1.49 + * need to allocate exactly 64K, so whatever you call here must
1.50 + * have the ability to do that.
1.51 + */
1.52 +PNG_FUNCTION(png_voidp,PNGAPI
1.53 +png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
1.54 +{
1.55 + png_voidp ret;
1.56 +
1.57 + ret = png_malloc(png_ptr, size);
1.58 +
1.59 + if (ret != NULL)
1.60 + memset(ret, 0, size);
1.61 +
1.62 + return ret;
1.63 +}
1.64 +
1.65 +/* png_malloc_base, an internal function added at libpng 1.6.0, does the work of
1.66 + * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED.
1.67 + * Checking and error handling must happen outside this routine; it returns NULL
1.68 + * if the allocation cannot be done (for any reason.)
1.69 + */
1.70 +PNG_FUNCTION(png_voidp /* PRIVATE */,
1.71 +png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size),
1.72 + PNG_ALLOCATED)
1.73 +{
1.74 + /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS
1.75 + * allocators have also been removed in 1.6.0, so any 16-bit system now has
1.76 + * to implement a user memory handler. This checks to be sure it isn't
1.77 + * called with big numbers.
1.78 + */
1.79 +#ifndef PNG_USER_MEM_SUPPORTED
1.80 + PNG_UNUSED(png_ptr)
1.81 +#endif
1.82 +
1.83 + if (size > 0 && size <= PNG_SIZE_MAX
1.84 +# ifdef PNG_MAX_MALLOC_64K
1.85 + && size <= 65536U
1.86 +# endif
1.87 + )
1.88 + {
1.89 +#ifdef PNG_USER_MEM_SUPPORTED
1.90 + if (png_ptr != NULL && png_ptr->malloc_fn != NULL)
1.91 + return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size);
1.92 +
1.93 + else
1.94 +#endif
1.95 + return malloc((size_t)size); /* checked for truncation above */
1.96 + }
1.97 +
1.98 + else
1.99 + return NULL;
1.100 +}
1.101 +
1.102 +#if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\
1.103 + defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED)
1.104 +/* This is really here only to work round a spurious warning in GCC 4.6 and 4.7
1.105 + * that arises because of the checks in png_realloc_array that are repeated in
1.106 + * png_malloc_array.
1.107 + */
1.108 +static png_voidp
1.109 +png_malloc_array_checked(png_const_structrp png_ptr, int nelements,
1.110 + size_t element_size)
1.111 +{
1.112 + png_alloc_size_t req = nelements; /* known to be > 0 */
1.113 +
1.114 + if (req <= PNG_SIZE_MAX/element_size)
1.115 + return png_malloc_base(png_ptr, req * element_size);
1.116 +
1.117 + /* The failure case when the request is too large */
1.118 + return NULL;
1.119 +}
1.120 +
1.121 +PNG_FUNCTION(png_voidp /* PRIVATE */,
1.122 +png_malloc_array,(png_const_structrp png_ptr, int nelements,
1.123 + size_t element_size),PNG_ALLOCATED)
1.124 +{
1.125 + if (nelements <= 0 || element_size == 0)
1.126 + png_error(png_ptr, "internal error: array alloc");
1.127 +
1.128 + return png_malloc_array_checked(png_ptr, nelements, element_size);
1.129 +}
1.130 +
1.131 +PNG_FUNCTION(png_voidp /* PRIVATE */,
1.132 +png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array,
1.133 + int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED)
1.134 +{
1.135 + /* These are internal errors: */
1.136 + if (add_elements <= 0 || element_size == 0 || old_elements < 0 ||
1.137 + (old_array == NULL && old_elements > 0))
1.138 + png_error(png_ptr, "internal error: array realloc");
1.139 +
1.140 + /* Check for overflow on the elements count (so the caller does not have to
1.141 + * check.)
1.142 + */
1.143 + if (add_elements <= INT_MAX - old_elements)
1.144 + {
1.145 + png_voidp new_array = png_malloc_array_checked(png_ptr,
1.146 + old_elements+add_elements, element_size);
1.147 +
1.148 + if (new_array != NULL)
1.149 + {
1.150 + /* Because png_malloc_array worked the size calculations below cannot
1.151 + * overflow.
1.152 + */
1.153 + if (old_elements > 0)
1.154 + memcpy(new_array, old_array, element_size*(unsigned)old_elements);
1.155 +
1.156 + memset((char*)new_array + element_size*(unsigned)old_elements, 0,
1.157 + element_size*(unsigned)add_elements);
1.158 +
1.159 + return new_array;
1.160 + }
1.161 + }
1.162 +
1.163 + return NULL; /* error */
1.164 +}
1.165 +#endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */
1.166 +
1.167 +/* Various functions that have different error handling are derived from this.
1.168 + * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate
1.169 + * function png_malloc_default is also provided.
1.170 + */
1.171 +PNG_FUNCTION(png_voidp,PNGAPI
1.172 +png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
1.173 +{
1.174 + png_voidp ret;
1.175 +
1.176 + if (png_ptr == NULL)
1.177 + return NULL;
1.178 +
1.179 + ret = png_malloc_base(png_ptr, size);
1.180 +
1.181 + if (ret == NULL)
1.182 + png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */
1.183 +
1.184 + return ret;
1.185 +}
1.186 +
1.187 +#ifdef PNG_USER_MEM_SUPPORTED
1.188 +PNG_FUNCTION(png_voidp,PNGAPI
1.189 +png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size),
1.190 + PNG_ALLOCATED PNG_DEPRECATED)
1.191 +{
1.192 + png_voidp ret;
1.193 +
1.194 + if (png_ptr == NULL)
1.195 + return NULL;
1.196 +
1.197 + /* Passing 'NULL' here bypasses the application provided memory handler. */
1.198 + ret = png_malloc_base(NULL/*use malloc*/, size);
1.199 +
1.200 + if (ret == NULL)
1.201 + png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */
1.202 +
1.203 + return ret;
1.204 +}
1.205 +#endif /* PNG_USER_MEM_SUPPORTED */
1.206 +
1.207 +/* This function was added at libpng version 1.2.3. The png_malloc_warn()
1.208 + * function will issue a png_warning and return NULL instead of issuing a
1.209 + * png_error, if it fails to allocate the requested memory.
1.210 + */
1.211 +PNG_FUNCTION(png_voidp,PNGAPI
1.212 +png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size),
1.213 + PNG_ALLOCATED)
1.214 +{
1.215 + if (png_ptr != NULL)
1.216 + {
1.217 + png_voidp ret = png_malloc_base(png_ptr, size);
1.218 +
1.219 + if (ret != NULL)
1.220 + return ret;
1.221 +
1.222 + png_warning(png_ptr, "Out of memory");
1.223 + }
1.224 +
1.225 + return NULL;
1.226 +}
1.227 +
1.228 +/* Free a pointer allocated by png_malloc(). If ptr is NULL, return
1.229 + * without taking any action.
1.230 + */
1.231 +void PNGAPI
1.232 +png_free(png_const_structrp png_ptr, png_voidp ptr)
1.233 +{
1.234 + if (png_ptr == NULL || ptr == NULL)
1.235 + return;
1.236 +
1.237 +#ifdef PNG_USER_MEM_SUPPORTED
1.238 + if (png_ptr->free_fn != NULL)
1.239 + png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr);
1.240 +
1.241 + else
1.242 + png_free_default(png_ptr, ptr);
1.243 +}
1.244 +
1.245 +PNG_FUNCTION(void,PNGAPI
1.246 +png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED)
1.247 +{
1.248 + if (png_ptr == NULL || ptr == NULL)
1.249 + return;
1.250 +#endif /* PNG_USER_MEM_SUPPORTED */
1.251 +
1.252 + free(ptr);
1.253 +}
1.254 +
1.255 +#ifdef PNG_USER_MEM_SUPPORTED
1.256 +/* This function is called when the application wants to use another method
1.257 + * of allocating and freeing memory.
1.258 + */
1.259 +void PNGAPI
1.260 +png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr
1.261 + malloc_fn, png_free_ptr free_fn)
1.262 +{
1.263 + if (png_ptr != NULL)
1.264 + {
1.265 + png_ptr->mem_ptr = mem_ptr;
1.266 + png_ptr->malloc_fn = malloc_fn;
1.267 + png_ptr->free_fn = free_fn;
1.268 + }
1.269 +}
1.270 +
1.271 +/* This function returns a pointer to the mem_ptr associated with the user
1.272 + * functions. The application should free any memory associated with this
1.273 + * pointer before png_write_destroy and png_read_destroy are called.
1.274 + */
1.275 +png_voidp PNGAPI
1.276 +png_get_mem_ptr(png_const_structrp png_ptr)
1.277 +{
1.278 + if (png_ptr == NULL)
1.279 + return NULL;
1.280 +
1.281 + return png_ptr->mem_ptr;
1.282 +}
1.283 +#endif /* PNG_USER_MEM_SUPPORTED */
1.284 +#endif /* PNG_READ_SUPPORTED || PNG_WRITE_SUPPORTED */
