Reland "Make SkPngCodec only read as much of the stream as necessary"

(Originally uploaded as 13900.)

Previously, SkPngCodec assumed that the stream only contained one
image, which ended at the end of the stream. It read the stream in
arbitrarily-sized chunks, and then passed that data to libpng for

If a stream contains more than one image, this may result in reading
beyond the end of the image, making future reads read the wrong data.

Now, SkPngCodec starts by reading 8 bytes at a time. After the
signature, 8 bytes is enough to know which chunk is next and how many
bytes are in the chunk.

When decoding the size, we stop when we reach IDAT, and when decoding
the image, we stop when we reach IEND.

This manual parsing is necessary to support APNG, which is planned in
the future. It also allows us to remove the SK_GOOGLE3_PNG_HACK, which
was a workaround for reading more than necessary at the beginning of
the image.

Add a test that simulates the issue, by decoding a special stream that
reports an error if the codec attempts to read beyond the end.

Temporarily disable the partial decoding tests for png. A larger change
will be necessary to get those working again, and no clients are
currently relying on incrementally decoding PNGs (i.e. decode part of
an image, then decode further with more data).

Include a workaround for older versions of libpng (e.g. 1.2 in
Google3). In older versions, if the row callback is null when the
IDAT header is processed, reading the image will fail. When we see the
IDAT, we save the length and process a recreated IDAT header later,
after the row callback has been set.

Bug: skia:5368
Bug: b/34073812
Test: Existing tests, plus a new test in dm.

Change-Id: I293a4ddc013b82669a8b735062228b26d0bce933
Reviewed-by: Leon Scroggins <>
5 files changed