michael@0: michael@0: /* pngmem.c - stub functions for memory allocation michael@0: * michael@0: * Last changed in libpng 1.6.8 [December 19, 2013] michael@0: * Copyright (c) 1998-2013 Glenn Randers-Pehrson michael@0: * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) michael@0: * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) michael@0: * michael@0: * This code is released under the libpng license. michael@0: * For conditions of distribution and use, see the disclaimer michael@0: * and license in png.h michael@0: * michael@0: * This file provides a location for all memory allocation. Users who michael@0: * need special memory handling are expected to supply replacement michael@0: * functions for png_malloc() and png_free(), and to use michael@0: * png_create_read_struct_2() and png_create_write_struct_2() to michael@0: * identify the replacement functions. michael@0: */ michael@0: michael@0: #include "pngpriv.h" michael@0: michael@0: #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) michael@0: /* Free a png_struct */ michael@0: void /* PRIVATE */ michael@0: png_destroy_png_struct(png_structrp png_ptr) michael@0: { michael@0: if (png_ptr != NULL) michael@0: { michael@0: /* png_free might call png_error and may certainly call michael@0: * png_get_mem_ptr, so fake a temporary png_struct to support this. michael@0: */ michael@0: png_struct dummy_struct = *png_ptr; michael@0: memset(png_ptr, 0, (sizeof *png_ptr)); michael@0: png_free(&dummy_struct, png_ptr); michael@0: michael@0: # ifdef PNG_SETJMP_SUPPORTED michael@0: /* We may have a jmp_buf left to deallocate. */ michael@0: png_free_jmpbuf(&dummy_struct); michael@0: # endif michael@0: } michael@0: } michael@0: michael@0: /* Allocate memory. For reasonable files, size should never exceed michael@0: * 64K. However, zlib may allocate more then 64K if you don't tell michael@0: * it not to. See zconf.h and png.h for more information. zlib does michael@0: * need to allocate exactly 64K, so whatever you call here must michael@0: * have the ability to do that. michael@0: */ michael@0: PNG_FUNCTION(png_voidp,PNGAPI michael@0: png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) michael@0: { michael@0: png_voidp ret; michael@0: michael@0: ret = png_malloc(png_ptr, size); michael@0: michael@0: if (ret != NULL) michael@0: memset(ret, 0, size); michael@0: michael@0: return ret; michael@0: } michael@0: michael@0: /* png_malloc_base, an internal function added at libpng 1.6.0, does the work of michael@0: * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED. michael@0: * Checking and error handling must happen outside this routine; it returns NULL michael@0: * if the allocation cannot be done (for any reason.) michael@0: */ michael@0: PNG_FUNCTION(png_voidp /* PRIVATE */, michael@0: png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size), michael@0: PNG_ALLOCATED) michael@0: { michael@0: /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS michael@0: * allocators have also been removed in 1.6.0, so any 16-bit system now has michael@0: * to implement a user memory handler. This checks to be sure it isn't michael@0: * called with big numbers. michael@0: */ michael@0: #ifndef PNG_USER_MEM_SUPPORTED michael@0: PNG_UNUSED(png_ptr) michael@0: #endif michael@0: michael@0: if (size > 0 && size <= PNG_SIZE_MAX michael@0: # ifdef PNG_MAX_MALLOC_64K michael@0: && size <= 65536U michael@0: # endif michael@0: ) michael@0: { michael@0: #ifdef PNG_USER_MEM_SUPPORTED michael@0: if (png_ptr != NULL && png_ptr->malloc_fn != NULL) michael@0: return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size); michael@0: michael@0: else michael@0: #endif michael@0: return malloc((size_t)size); /* checked for truncation above */ michael@0: } michael@0: michael@0: else michael@0: return NULL; michael@0: } michael@0: michael@0: #if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\ michael@0: defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED) michael@0: /* This is really here only to work round a spurious warning in GCC 4.6 and 4.7 michael@0: * that arises because of the checks in png_realloc_array that are repeated in michael@0: * png_malloc_array. michael@0: */ michael@0: static png_voidp michael@0: png_malloc_array_checked(png_const_structrp png_ptr, int nelements, michael@0: size_t element_size) michael@0: { michael@0: png_alloc_size_t req = nelements; /* known to be > 0 */ michael@0: michael@0: if (req <= PNG_SIZE_MAX/element_size) michael@0: return png_malloc_base(png_ptr, req * element_size); michael@0: michael@0: /* The failure case when the request is too large */ michael@0: return NULL; michael@0: } michael@0: michael@0: PNG_FUNCTION(png_voidp /* PRIVATE */, michael@0: png_malloc_array,(png_const_structrp png_ptr, int nelements, michael@0: size_t element_size),PNG_ALLOCATED) michael@0: { michael@0: if (nelements <= 0 || element_size == 0) michael@0: png_error(png_ptr, "internal error: array alloc"); michael@0: michael@0: return png_malloc_array_checked(png_ptr, nelements, element_size); michael@0: } michael@0: michael@0: PNG_FUNCTION(png_voidp /* PRIVATE */, michael@0: png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array, michael@0: int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED) michael@0: { michael@0: /* These are internal errors: */ michael@0: if (add_elements <= 0 || element_size == 0 || old_elements < 0 || michael@0: (old_array == NULL && old_elements > 0)) michael@0: png_error(png_ptr, "internal error: array realloc"); michael@0: michael@0: /* Check for overflow on the elements count (so the caller does not have to michael@0: * check.) michael@0: */ michael@0: if (add_elements <= INT_MAX - old_elements) michael@0: { michael@0: png_voidp new_array = png_malloc_array_checked(png_ptr, michael@0: old_elements+add_elements, element_size); michael@0: michael@0: if (new_array != NULL) michael@0: { michael@0: /* Because png_malloc_array worked the size calculations below cannot michael@0: * overflow. michael@0: */ michael@0: if (old_elements > 0) michael@0: memcpy(new_array, old_array, element_size*(unsigned)old_elements); michael@0: michael@0: memset((char*)new_array + element_size*(unsigned)old_elements, 0, michael@0: element_size*(unsigned)add_elements); michael@0: michael@0: return new_array; michael@0: } michael@0: } michael@0: michael@0: return NULL; /* error */ michael@0: } michael@0: #endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */ michael@0: michael@0: /* Various functions that have different error handling are derived from this. michael@0: * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate michael@0: * function png_malloc_default is also provided. michael@0: */ michael@0: PNG_FUNCTION(png_voidp,PNGAPI michael@0: png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) michael@0: { michael@0: png_voidp ret; michael@0: michael@0: if (png_ptr == NULL) michael@0: return NULL; michael@0: michael@0: ret = png_malloc_base(png_ptr, size); michael@0: michael@0: if (ret == NULL) michael@0: png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */ michael@0: michael@0: return ret; michael@0: } michael@0: michael@0: #ifdef PNG_USER_MEM_SUPPORTED michael@0: PNG_FUNCTION(png_voidp,PNGAPI michael@0: png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size), michael@0: PNG_ALLOCATED PNG_DEPRECATED) michael@0: { michael@0: png_voidp ret; michael@0: michael@0: if (png_ptr == NULL) michael@0: return NULL; michael@0: michael@0: /* Passing 'NULL' here bypasses the application provided memory handler. */ michael@0: ret = png_malloc_base(NULL/*use malloc*/, size); michael@0: michael@0: if (ret == NULL) michael@0: png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */ michael@0: michael@0: return ret; michael@0: } michael@0: #endif /* PNG_USER_MEM_SUPPORTED */ michael@0: michael@0: /* This function was added at libpng version 1.2.3. The png_malloc_warn() michael@0: * function will issue a png_warning and return NULL instead of issuing a michael@0: * png_error, if it fails to allocate the requested memory. michael@0: */ michael@0: PNG_FUNCTION(png_voidp,PNGAPI michael@0: png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size), michael@0: PNG_ALLOCATED) michael@0: { michael@0: if (png_ptr != NULL) michael@0: { michael@0: png_voidp ret = png_malloc_base(png_ptr, size); michael@0: michael@0: if (ret != NULL) michael@0: return ret; michael@0: michael@0: png_warning(png_ptr, "Out of memory"); michael@0: } michael@0: michael@0: return NULL; michael@0: } michael@0: michael@0: /* Free a pointer allocated by png_malloc(). If ptr is NULL, return michael@0: * without taking any action. michael@0: */ michael@0: void PNGAPI michael@0: png_free(png_const_structrp png_ptr, png_voidp ptr) michael@0: { michael@0: if (png_ptr == NULL || ptr == NULL) michael@0: return; michael@0: michael@0: #ifdef PNG_USER_MEM_SUPPORTED michael@0: if (png_ptr->free_fn != NULL) michael@0: png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr); michael@0: michael@0: else michael@0: png_free_default(png_ptr, ptr); michael@0: } michael@0: michael@0: PNG_FUNCTION(void,PNGAPI michael@0: png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED) michael@0: { michael@0: if (png_ptr == NULL || ptr == NULL) michael@0: return; michael@0: #endif /* PNG_USER_MEM_SUPPORTED */ michael@0: michael@0: free(ptr); michael@0: } michael@0: michael@0: #ifdef PNG_USER_MEM_SUPPORTED michael@0: /* This function is called when the application wants to use another method michael@0: * of allocating and freeing memory. michael@0: */ michael@0: void PNGAPI michael@0: png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr michael@0: malloc_fn, png_free_ptr free_fn) michael@0: { michael@0: if (png_ptr != NULL) michael@0: { michael@0: png_ptr->mem_ptr = mem_ptr; michael@0: png_ptr->malloc_fn = malloc_fn; michael@0: png_ptr->free_fn = free_fn; michael@0: } michael@0: } michael@0: michael@0: /* This function returns a pointer to the mem_ptr associated with the user michael@0: * functions. The application should free any memory associated with this michael@0: * pointer before png_write_destroy and png_read_destroy are called. michael@0: */ michael@0: png_voidp PNGAPI michael@0: png_get_mem_ptr(png_const_structrp png_ptr) michael@0: { michael@0: if (png_ptr == NULL) michael@0: return NULL; michael@0: michael@0: return png_ptr->mem_ptr; michael@0: } michael@0: #endif /* PNG_USER_MEM_SUPPORTED */ michael@0: #endif /* PNG_READ_SUPPORTED || PNG_WRITE_SUPPORTED */