tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pngmem.c (8547B)

      1 /* pngmem.c - stub functions for memory allocation
      2 *
      3 * Copyright (c) 2018-2025 Cosmin Truta
      4 * Copyright (c) 1998-2002,2004,2006-2014,2016 Glenn Randers-Pehrson
      5 * Copyright (c) 1996-1997 Andreas Dilger
      6 * Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
      7 *
      8 * This code is released under the libpng license.
      9 * For conditions of distribution and use, see the disclaimer
     10 * and license in png.h
     11 *
     12 * This file provides a location for all memory allocation.  Users who
     13 * need special memory handling are expected to supply replacement
     14 * functions for png_malloc() and png_free(), and to use
     15 * png_create_read_struct_2() and png_create_write_struct_2() to
     16 * identify the replacement functions.
     17 */
     18 
     19 #include "pngpriv.h"
     20 
     21 #if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
     22 /* Free a png_struct */
     23 void /* PRIVATE */
     24 png_destroy_png_struct(png_structrp png_ptr)
     25 {
     26   if (png_ptr != NULL)
     27   {
     28      /* png_free might call png_error and may certainly call
     29       * png_get_mem_ptr, so fake a temporary png_struct to support this.
     30       */
     31      png_struct dummy_struct = *png_ptr;
     32      memset(png_ptr, 0, (sizeof *png_ptr));
     33      png_free(&dummy_struct, png_ptr);
     34 
     35 #     ifdef PNG_SETJMP_SUPPORTED
     36         /* We may have a jmp_buf left to deallocate. */
     37         png_free_jmpbuf(&dummy_struct);
     38 #     endif
     39   }
     40 }
     41 
     42 /* Allocate memory.  For reasonable files, size should never exceed
     43 * 64K.  However, zlib may allocate more than 64K if you don't tell
     44 * it not to.  See zconf.h and png.h for more information.  zlib does
     45 * need to allocate exactly 64K, so whatever you call here must
     46 * have the ability to do that.
     47 */
     48 PNG_FUNCTION(png_voidp,PNGAPI
     49 png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
     50 {
     51   png_voidp ret;
     52 
     53   ret = png_malloc(png_ptr, size);
     54 
     55   if (ret != NULL)
     56      memset(ret, 0, size);
     57 
     58   return ret;
     59 }
     60 
     61 /* png_malloc_base, an internal function added at libpng 1.6.0, does the work of
     62 * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED.
     63 * Checking and error handling must happen outside this routine; it returns NULL
     64 * if the allocation cannot be done (for any reason.)
     65 */
     66 PNG_FUNCTION(png_voidp /* PRIVATE */,
     67 png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size),
     68    PNG_ALLOCATED)
     69 {
     70   /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS
     71    * allocators have also been removed in 1.6.0, so any 16-bit system now has
     72    * to implement a user memory handler.  This checks to be sure it isn't
     73    * called with big numbers.
     74    */
     75 #  ifdef PNG_MAX_MALLOC_64K
     76      /* This is support for legacy systems which had segmented addressing
     77       * limiting the maximum allocation size to 65536.  It takes precedence
     78       * over PNG_SIZE_MAX which is set to 65535 on true 16-bit systems.
     79       *
     80       * TODO: libpng-1.8: finally remove both cases.
     81       */
     82      if (size > 65536U) return NULL;
     83 #  endif
     84 
     85   /* This is checked too because the system malloc call below takes a (size_t).
     86    */
     87   if (size > PNG_SIZE_MAX) return NULL;
     88 
     89 #  ifdef PNG_USER_MEM_SUPPORTED
     90      if (png_ptr != NULL && png_ptr->malloc_fn != NULL)
     91         return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size);
     92 #  else
     93      PNG_UNUSED(png_ptr)
     94 #  endif
     95 
     96   /* Use the system malloc */
     97   return malloc((size_t)/*SAFE*/size); /* checked for truncation above */
     98 }
     99 
    100 #if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\
    101   defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED)
    102 /* This is really here only to work round a spurious warning in GCC 4.6 and 4.7
    103 * that arises because of the checks in png_realloc_array that are repeated in
    104 * png_malloc_array.
    105 */
    106 static png_voidp
    107 png_malloc_array_checked(png_const_structrp png_ptr, int nelements,
    108    size_t element_size)
    109 {
    110   png_alloc_size_t req = (png_alloc_size_t)nelements; /* known to be > 0 */
    111 
    112   if (req <= PNG_SIZE_MAX/element_size)
    113      return png_malloc_base(png_ptr, req * element_size);
    114 
    115   /* The failure case when the request is too large */
    116   return NULL;
    117 }
    118 
    119 PNG_FUNCTION(png_voidp /* PRIVATE */,
    120 png_malloc_array,(png_const_structrp png_ptr, int nelements,
    121    size_t element_size),PNG_ALLOCATED)
    122 {
    123   if (nelements <= 0 || element_size == 0)
    124      png_error(png_ptr, "internal error: array alloc");
    125 
    126   return png_malloc_array_checked(png_ptr, nelements, element_size);
    127 }
    128 
    129 PNG_FUNCTION(png_voidp /* PRIVATE */,
    130 png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array,
    131    int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED)
    132 {
    133   /* These are internal errors: */
    134   if (add_elements <= 0 || element_size == 0 || old_elements < 0 ||
    135      (old_array == NULL && old_elements > 0))
    136      png_error(png_ptr, "internal error: array realloc");
    137 
    138   /* Check for overflow on the elements count (so the caller does not have to
    139    * check.)
    140    */
    141   if (add_elements <= INT_MAX - old_elements)
    142   {
    143      png_voidp new_array = png_malloc_array_checked(png_ptr,
    144          old_elements+add_elements, element_size);
    145 
    146      if (new_array != NULL)
    147      {
    148         /* Because png_malloc_array worked the size calculations below cannot
    149          * overflow.
    150          */
    151         if (old_elements > 0)
    152            memcpy(new_array, old_array, element_size*(unsigned)old_elements);
    153 
    154         memset((char*)new_array + element_size*(unsigned)old_elements, 0,
    155             element_size*(unsigned)add_elements);
    156 
    157         return new_array;
    158      }
    159   }
    160 
    161   return NULL; /* error */
    162 }
    163 #endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */
    164 
    165 /* Various functions that have different error handling are derived from this.
    166 * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate
    167 * function png_malloc_default is also provided.
    168 */
    169 PNG_FUNCTION(png_voidp,PNGAPI
    170 png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
    171 {
    172   png_voidp ret;
    173 
    174   if (png_ptr == NULL)
    175      return NULL;
    176 
    177   ret = png_malloc_base(png_ptr, size);
    178 
    179   if (ret == NULL)
    180       png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */
    181 
    182   return ret;
    183 }
    184 
    185 #ifdef PNG_USER_MEM_SUPPORTED
    186 PNG_FUNCTION(png_voidp,PNGAPI
    187 png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size),
    188    PNG_ALLOCATED PNG_DEPRECATED)
    189 {
    190   png_voidp ret;
    191 
    192   if (png_ptr == NULL)
    193      return NULL;
    194 
    195   /* Passing 'NULL' here bypasses the application provided memory handler. */
    196   ret = png_malloc_base(NULL/*use malloc*/, size);
    197 
    198   if (ret == NULL)
    199      png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */
    200 
    201   return ret;
    202 }
    203 #endif /* USER_MEM */
    204 
    205 /* This function was added at libpng version 1.2.3.  The png_malloc_warn()
    206 * function will issue a png_warning and return NULL instead of issuing a
    207 * png_error, if it fails to allocate the requested memory.
    208 */
    209 PNG_FUNCTION(png_voidp,PNGAPI
    210 png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size),
    211    PNG_ALLOCATED)
    212 {
    213   if (png_ptr != NULL)
    214   {
    215      png_voidp ret = png_malloc_base(png_ptr, size);
    216 
    217      if (ret != NULL)
    218         return ret;
    219 
    220      png_warning(png_ptr, "Out of memory");
    221   }
    222 
    223   return NULL;
    224 }
    225 
    226 /* Free a pointer allocated by png_malloc().  If ptr is NULL, return
    227 * without taking any action.
    228 */
    229 void PNGAPI
    230 png_free(png_const_structrp png_ptr, png_voidp ptr)
    231 {
    232   if (png_ptr == NULL || ptr == NULL)
    233      return;
    234 
    235 #ifdef PNG_USER_MEM_SUPPORTED
    236   if (png_ptr->free_fn != NULL)
    237      png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr);
    238 
    239   else
    240      png_free_default(png_ptr, ptr);
    241 }
    242 
    243 PNG_FUNCTION(void,PNGAPI
    244 png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED)
    245 {
    246   if (png_ptr == NULL || ptr == NULL)
    247      return;
    248 #endif /* USER_MEM */
    249 
    250   free(ptr);
    251 }
    252 
    253 #ifdef PNG_USER_MEM_SUPPORTED
    254 /* This function is called when the application wants to use another method
    255 * of allocating and freeing memory.
    256 */
    257 void PNGAPI
    258 png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr
    259  malloc_fn, png_free_ptr free_fn)
    260 {
    261   if (png_ptr != NULL)
    262   {
    263      png_ptr->mem_ptr = mem_ptr;
    264      png_ptr->malloc_fn = malloc_fn;
    265      png_ptr->free_fn = free_fn;
    266   }
    267 }
    268 
    269 /* This function returns a pointer to the mem_ptr associated with the user
    270 * functions.  The application should free any memory associated with this
    271 * pointer before png_write_destroy and png_read_destroy are called.
    272 */
    273 png_voidp PNGAPI
    274 png_get_mem_ptr(png_const_structrp png_ptr)
    275 {
    276   if (png_ptr == NULL)
    277      return NULL;
    278 
    279   return png_ptr->mem_ptr;
    280 }
    281 #endif /* USER_MEM */
    282 #endif /* READ || WRITE */