|  |  | 
|  | /* pngmem.c - stub functions for memory allocation | 
|  | * | 
|  | * Last changed in libpng 1.7.0 [(PENDING RELEASE)] | 
|  | * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson | 
|  | * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) | 
|  | * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) | 
|  | * | 
|  | * This code is released under the libpng license. | 
|  | * For conditions of distribution and use, see the disclaimer | 
|  | * and license in png.h | 
|  | * | 
|  | * This file provides a location for all memory allocation.  Users who | 
|  | * need special memory handling are expected to supply replacement | 
|  | * functions for png_malloc() and png_free(), and to use | 
|  | * png_create_read_struct_2() and png_create_write_struct_2() to | 
|  | * identify the replacement functions. | 
|  | */ | 
|  |  | 
|  | #include "pngpriv.h" | 
|  | #define PNG_SRC_FILE PNG_SRC_FILE_pngmem | 
|  |  | 
|  | #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED) | 
|  | /* Free a png_struct */ | 
|  | void /* PRIVATE */ | 
|  | png_destroy_png_struct(png_structrp png_ptr) | 
|  | { | 
|  | if (png_ptr != NULL) | 
|  | { | 
|  | /* png_free might call png_error and may certainly call | 
|  | * png_get_mem_ptr, so fake a temporary png_struct to support this. | 
|  | */ | 
|  | png_struct dummy_struct = *png_ptr; | 
|  | memset(png_ptr, 0, (sizeof *png_ptr)); | 
|  | png_free(&dummy_struct, png_ptr); | 
|  |  | 
|  | #     ifdef PNG_SETJMP_SUPPORTED | 
|  | /* We may have a jmp_buf left to deallocate. */ | 
|  | png_free_jmpbuf(&dummy_struct); | 
|  | #     endif | 
|  | } | 
|  | } | 
|  |  | 
|  | /* Allocate memory.  For reasonable files, size should never exceed | 
|  | * 64K.  However, zlib may allocate more than 64K if you don't tell | 
|  | * it not to.  See zconf.h and png.h for more information.  zlib does | 
|  | * need to allocate exactly 64K, so whatever you call here must | 
|  | * have the ability to do that. | 
|  | */ | 
|  | PNG_FUNCTION(png_voidp,PNGAPI | 
|  | png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) | 
|  | { | 
|  | png_voidp ret; | 
|  |  | 
|  | ret = png_malloc(png_ptr, size); | 
|  |  | 
|  | if (ret != NULL) | 
|  | memset(ret, 0, size); | 
|  |  | 
|  | return ret; | 
|  | } | 
|  |  | 
|  | /* png_malloc_base, an internal function added at libpng 1.6.0, does the work of | 
|  | * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED. | 
|  | * Checking and error handling must happen outside this routine; it returns NULL | 
|  | * if the allocation cannot be done (for any reason.) | 
|  | */ | 
|  | PNG_FUNCTION(png_voidp /* PRIVATE */, | 
|  | png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size), | 
|  | PNG_ALLOCATED) | 
|  | { | 
|  | /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS | 
|  | * allocators have also been removed in 1.6.0, so any 16-bit system now has | 
|  | * to implement a user memory handler.  This checks to be sure it isn't | 
|  | * called with big numbers. | 
|  | */ | 
|  | #ifndef PNG_USER_MEM_SUPPORTED | 
|  | PNG_UNUSED(png_ptr) | 
|  | #endif | 
|  |  | 
|  | /* Some compilers complain that this is always true.  However, it | 
|  | * can be false when integer overflow happens. | 
|  | */ | 
|  | #ifdef PNG_MAX_MALLOC_64K | 
|  | if (size > 0 && size <= PNG_SIZE_MAX && size <= 65536U) | 
|  | #else | 
|  | if (size > 0 && size <= PNG_SIZE_MAX) | 
|  | #endif | 
|  | { | 
|  | png_voidp result; | 
|  |  | 
|  | #ifdef PNG_USER_MEM_SUPPORTED | 
|  | if (png_ptr != NULL && png_ptr->malloc_fn != NULL) | 
|  | result = png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size); | 
|  |  | 
|  | else | 
|  | #endif | 
|  | result = malloc((size_t)size); /* checked for truncation above */ | 
|  |  | 
|  | return result; | 
|  | } | 
|  |  | 
|  | else | 
|  | return NULL; | 
|  | } | 
|  |  | 
|  | #if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\ | 
|  | defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED) | 
|  | /* This is really here only to work round a spurious warning in GCC 4.6 and 4.7 | 
|  | * that arises because of the checks in png_realloc_array that are repeated in | 
|  | * png_malloc_array. | 
|  | */ | 
|  | static png_voidp | 
|  | png_malloc_array_checked(png_const_structrp png_ptr, int nelements, | 
|  | size_t element_size) | 
|  | { | 
|  | png_alloc_size_t req = nelements; /* known to be > 0 */ | 
|  |  | 
|  | if (req <= PNG_SIZE_MAX/element_size) | 
|  | return png_malloc_base(png_ptr, req * element_size); | 
|  |  | 
|  | /* The failure case when the request is too large */ | 
|  | return NULL; | 
|  | } | 
|  |  | 
|  | PNG_FUNCTION(png_voidp /* PRIVATE */, | 
|  | png_malloc_array,(png_const_structrp png_ptr, int nelements, | 
|  | size_t element_size),PNG_ALLOCATED) | 
|  | { | 
|  | affirm(nelements > 0 && element_size > 0); | 
|  | return png_malloc_array_checked(png_ptr, nelements, element_size); | 
|  | } | 
|  |  | 
|  | PNG_FUNCTION(png_voidp /* PRIVATE */, | 
|  | png_realloc_array,(png_structrp png_ptr, png_const_voidp old_array, | 
|  | int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED) | 
|  | { | 
|  | /* These are internal errors: */ | 
|  | affirm(add_elements > 0 && element_size > 0 && old_elements >= 0 && | 
|  | (old_array != NULL || old_elements == 0)); | 
|  |  | 
|  | /* Check for overflow on the elements count (so the caller does not have to | 
|  | * check.) | 
|  | */ | 
|  | if (add_elements <= INT_MAX - old_elements) | 
|  | { | 
|  | png_voidp new_array = png_malloc_array_checked(png_ptr, | 
|  | old_elements+add_elements, element_size); | 
|  |  | 
|  | if (new_array != NULL) | 
|  | { | 
|  | /* Because png_malloc_array worked the size calculations below cannot | 
|  | * overflow. | 
|  | */ | 
|  | if (old_elements > 0) | 
|  | memcpy(new_array, old_array, element_size*(unsigned)old_elements); | 
|  |  | 
|  | memset((char*)new_array + element_size*(unsigned)old_elements, 0, | 
|  | element_size*(unsigned)add_elements); | 
|  |  | 
|  | return new_array; | 
|  | } | 
|  | } | 
|  |  | 
|  | #ifdef PNG_READ_SUPPORTED | 
|  | # ifdef PNG_USER_LIMITS_SUPPORTED | 
|  | /* The potential overflow case.  Set the cache counter so libpng will | 
|  | * not make any more attempts | 
|  | */ | 
|  | png_ptr->user_chunk_cache_max = 2; | 
|  | # endif | 
|  | #endif | 
|  |  | 
|  | return NULL; /* error */ | 
|  | } | 
|  | #endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */ | 
|  |  | 
|  | /* Various functions that have different error handling are derived from this. | 
|  | * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate | 
|  | * function png_malloc_default is also provided. | 
|  | */ | 
|  | PNG_FUNCTION(png_voidp,PNGAPI | 
|  | png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED) | 
|  | { | 
|  | png_voidp ret; | 
|  |  | 
|  | if (png_ptr == NULL) | 
|  | return NULL; | 
|  |  | 
|  | ret = png_malloc_base(png_ptr, size); | 
|  |  | 
|  | if (ret == NULL) | 
|  | png_error(png_ptr, "Out of memory"); | 
|  |  | 
|  | return ret; | 
|  | } | 
|  |  | 
|  | /* This function was added at libpng version 1.2.3.  The png_malloc_warn() | 
|  | * function will issue a png_warning and return NULL instead of issuing a | 
|  | * png_error, if it fails to allocate the requested memory. | 
|  | */ | 
|  | PNG_FUNCTION(png_voidp,PNGAPI | 
|  | png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size), | 
|  | PNG_ALLOCATED) | 
|  | { | 
|  | if (png_ptr != NULL) | 
|  | { | 
|  | png_voidp ret = png_malloc_base(png_ptr, size); | 
|  |  | 
|  | if (ret != NULL) | 
|  | return ret; | 
|  |  | 
|  | png_warning(png_ptr, "Out of memory"); | 
|  | } | 
|  |  | 
|  | return NULL; | 
|  | } | 
|  |  | 
|  | /* Free a pointer allocated by png_malloc().  If ptr is NULL, return | 
|  | * without taking any action. | 
|  | */ | 
|  | void PNGAPI | 
|  | png_free(png_const_structrp png_ptr, png_voidp ptr) | 
|  | { | 
|  | if (png_ptr == NULL || ptr == NULL) | 
|  | return; | 
|  |  | 
|  | #ifdef PNG_USER_MEM_SUPPORTED | 
|  | if (png_ptr->free_fn != NULL) | 
|  | png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr); | 
|  |  | 
|  | else | 
|  | free(ptr); | 
|  | #else | 
|  | free(ptr); | 
|  | #endif /* USER_MEM */ | 
|  |  | 
|  | } | 
|  |  | 
|  | #ifdef PNG_USER_MEM_SUPPORTED | 
|  | /* This function is called when the application wants to use another method | 
|  | * of allocating and freeing memory. | 
|  | */ | 
|  | void PNGAPI | 
|  | png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr | 
|  | malloc_fn, png_free_ptr free_fn) | 
|  | { | 
|  | if (png_ptr != NULL) | 
|  | { | 
|  | png_ptr->mem_ptr = mem_ptr; | 
|  | png_ptr->malloc_fn = malloc_fn; | 
|  | png_ptr->free_fn = free_fn; | 
|  | } | 
|  | } | 
|  |  | 
|  | /* This function returns a pointer to the mem_ptr associated with the user | 
|  | * functions.  The application should free any memory associated with this | 
|  | * pointer before png_write_destroy and png_read_destroy are called. | 
|  | */ | 
|  | png_voidp PNGAPI | 
|  | png_get_mem_ptr(png_const_structrp png_ptr) | 
|  | { | 
|  | if (png_ptr == NULL) | 
|  | return NULL; | 
|  |  | 
|  | return png_ptr->mem_ptr; | 
|  | } | 
|  | #endif /* USER_MEM */ | 
|  | #endif /* READ || WRITE */ |