1/*
2 * Copyright (C) 2006 Apple Computer, Inc.
3 * Copyright (C) 2007-2009 Torch Mobile, Inc.
4 * Copyright (C) Research In Motion Limited 2009-2010. All rights reserved.
5 *
6 * Portions are Copyright (C) 2001 mozilla.org
7 *
8 * Other contributors:
9 *   Stuart Parmenter <stuart@mozilla.com>
10 *
11 * This library is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU Lesser General Public
13 * License as published by the Free Software Foundation; either
14 * version 2.1 of the License, or (at your option) any later version.
15 *
16 * This library is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
19 * Lesser General Public License for more details.
20 *
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with this library; if not, write to the Free Software
23 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
24 *
25 * Alternatively, the contents of this file may be used under the terms
26 * of either the Mozilla Public License Version 1.1, found at
27 * http://www.mozilla.org/MPL/ (the "MPL") or the GNU General Public
28 * License Version 2.0, found at http://www.fsf.org/copyleft/gpl.html
29 * (the "GPL"), in which case the provisions of the MPL or the GPL are
30 * applicable instead of those above.  If you wish to allow use of your
31 * version of this file only under the terms of one of those two
32 * licenses (the MPL or the GPL) and not to allow others to use your
33 * version of this file under the LGPL, indicate your decision by
34 * deletingthe provisions above and replace them with the notice and
35 * other provisions required by the MPL or the GPL, as the case may be.
36 * If you do not delete the provisions above, a recipient may use your
37 * version of this file under any of the LGPL, the MPL or the GPL.
38 */
39
40#include "config.h"
41#include "PNGImageDecoder.h"
42
43#include "Color.h"
44#include "PlatformInstrumentation.h"
45#include "png.h"
46#include <wtf/OwnArrayPtr.h>
47#include <wtf/PassOwnPtr.h>
48
49#if USE(QCMSLIB)
50#include "qcms.h"
51#endif
52
53#if defined(PNG_LIBPNG_VER_MAJOR) && defined(PNG_LIBPNG_VER_MINOR) && (PNG_LIBPNG_VER_MAJOR > 1 || (PNG_LIBPNG_VER_MAJOR == 1 && PNG_LIBPNG_VER_MINOR >= 4))
54#define JMPBUF(png_ptr) png_jmpbuf(png_ptr)
55#else
56#define JMPBUF(png_ptr) png_ptr->jmpbuf
57#endif
58
59namespace WebCore {
60
61// Gamma constants.
62const double cMaxGamma = 21474.83;
63const double cDefaultGamma = 2.2;
64const double cInverseGamma = 0.45455;
65
66// Protect against large PNGs. See Mozilla's bug #251381 for more info.
67const unsigned long cMaxPNGSize = 1000000UL;
68
69// Called if the decoding of the image fails.
70#if PLATFORM(QT)
71static void PNGAPI decodingFailed(png_structp, png_const_charp) NO_RETURN;
72#endif
73static void PNGAPI decodingFailed(png_structp png, png_const_charp)
74{
75    longjmp(JMPBUF(png), 1);
76}
77
78// Callbacks given to the read struct.  The first is for warnings (we want to
79// treat a particular warning as an error, which is why we have to register this
80// callback).
81static void PNGAPI decodingWarning(png_structp png, png_const_charp warningMsg)
82{
83    // Mozilla did this, so we will too.
84    // Convert a tRNS warning to be an error (see
85    // http://bugzilla.mozilla.org/show_bug.cgi?id=251381 )
86    if (!strncmp(warningMsg, "Missing PLTE before tRNS", 24))
87        png_error(png, warningMsg);
88}
89
90// Called when we have obtained the header information (including the size).
91static void PNGAPI headerAvailable(png_structp png, png_infop)
92{
93    static_cast<PNGImageDecoder*>(png_get_progressive_ptr(png))->headerAvailable();
94}
95
96// Called when a row is ready.
97static void PNGAPI rowAvailable(png_structp png, png_bytep rowBuffer, png_uint_32 rowIndex, int interlacePass)
98{
99    static_cast<PNGImageDecoder*>(png_get_progressive_ptr(png))->rowAvailable(rowBuffer, rowIndex, interlacePass);
100}
101
102// Called when we have completely finished decoding the image.
103static void PNGAPI pngComplete(png_structp png, png_infop)
104{
105    static_cast<PNGImageDecoder*>(png_get_progressive_ptr(png))->pngComplete();
106}
107
108class PNGImageReader {
109    WTF_MAKE_FAST_ALLOCATED;
110public:
111    PNGImageReader(PNGImageDecoder* decoder)
112        : m_readOffset(0)
113        , m_currentBufferSize(0)
114        , m_decodingSizeOnly(false)
115        , m_hasAlpha(false)
116        , m_interlaceBuffer(0)
117#if USE(QCMSLIB)
118        , m_transform(0)
119        , m_rowBuffer()
120#endif
121    {
122        m_png = png_create_read_struct(PNG_LIBPNG_VER_STRING, 0, decodingFailed, decodingWarning);
123        m_info = png_create_info_struct(m_png);
124        png_set_progressive_read_fn(m_png, decoder, headerAvailable, rowAvailable, pngComplete);
125    }
126
127    ~PNGImageReader()
128    {
129        close();
130    }
131
132    void close()
133    {
134        if (m_png && m_info)
135            // This will zero the pointers.
136            png_destroy_read_struct(&m_png, &m_info, 0);
137#if USE(QCMSLIB)
138        if (m_transform)
139            qcms_transform_release(m_transform);
140        m_transform = 0;
141#endif
142        delete[] m_interlaceBuffer;
143        m_interlaceBuffer = 0;
144        m_readOffset = 0;
145    }
146
147    bool decode(const SharedBuffer& data, bool sizeOnly)
148    {
149        m_decodingSizeOnly = sizeOnly;
150        PNGImageDecoder* decoder = static_cast<PNGImageDecoder*>(png_get_progressive_ptr(m_png));
151
152        // We need to do the setjmp here. Otherwise bad things will happen.
153        if (setjmp(JMPBUF(m_png)))
154            return decoder->setFailed();
155
156        const char* segment;
157        while (unsigned segmentLength = data.getSomeData(segment, m_readOffset)) {
158            m_readOffset += segmentLength;
159            m_currentBufferSize = m_readOffset;
160            png_process_data(m_png, m_info, reinterpret_cast<png_bytep>(const_cast<char*>(segment)), segmentLength);
161            // We explicitly specify the superclass isSizeAvailable() because we
162            // merely want to check if we've managed to set the size, not
163            // (recursively) trigger additional decoding if we haven't.
164            if (sizeOnly ? decoder->ImageDecoder::isSizeAvailable() : decoder->isComplete())
165                return true;
166        }
167        return false;
168    }
169
170    png_structp pngPtr() const { return m_png; }
171    png_infop infoPtr() const { return m_info; }
172
173    void setReadOffset(unsigned offset) { m_readOffset = offset; }
174    unsigned currentBufferSize() const { return m_currentBufferSize; }
175    bool decodingSizeOnly() const { return m_decodingSizeOnly; }
176    void setHasAlpha(bool hasAlpha) { m_hasAlpha = hasAlpha; }
177    bool hasAlpha() const { return m_hasAlpha; }
178
179    png_bytep interlaceBuffer() const { return m_interlaceBuffer; }
180    void createInterlaceBuffer(int size) { m_interlaceBuffer = new png_byte[size]; }
181#if USE(QCMSLIB)
182    png_bytep rowBuffer() const { return m_rowBuffer.get(); }
183    void createRowBuffer(int size) { m_rowBuffer = adoptArrayPtr(new png_byte[size]); }
184    qcms_transform* colorTransform() const { return m_transform; }
185
186    void createColorTransform(const ColorProfile& colorProfile, bool hasAlpha)
187    {
188        if (m_transform)
189            qcms_transform_release(m_transform);
190        m_transform = 0;
191
192        if (colorProfile.isEmpty())
193            return;
194        qcms_profile* deviceProfile = ImageDecoder::qcmsOutputDeviceProfile();
195        if (!deviceProfile)
196            return;
197        qcms_profile* inputProfile = qcms_profile_from_memory(colorProfile.data(), colorProfile.size());
198        if (!inputProfile)
199            return;
200        // We currently only support color profiles for RGB and RGBA images.
201        ASSERT(icSigRgbData == qcms_profile_get_color_space(inputProfile));
202        qcms_data_type dataFormat = hasAlpha ? QCMS_DATA_RGBA_8 : QCMS_DATA_RGB_8;
203        // FIXME: Don't force perceptual intent if the image profile contains an intent.
204        m_transform = qcms_transform_create(inputProfile, dataFormat, deviceProfile, dataFormat, QCMS_INTENT_PERCEPTUAL);
205        qcms_profile_release(inputProfile);
206    }
207#endif
208
209private:
210    png_structp m_png;
211    png_infop m_info;
212    unsigned m_readOffset;
213    unsigned m_currentBufferSize;
214    bool m_decodingSizeOnly;
215    bool m_hasAlpha;
216    png_bytep m_interlaceBuffer;
217#if USE(QCMSLIB)
218    qcms_transform* m_transform;
219    OwnArrayPtr<png_byte> m_rowBuffer;
220#endif
221};
222
223PNGImageDecoder::PNGImageDecoder(ImageSource::AlphaOption alphaOption,
224                                 ImageSource::GammaAndColorProfileOption gammaAndColorProfileOption)
225    : ImageDecoder(alphaOption, gammaAndColorProfileOption)
226    , m_doNothingOnFailure(false)
227{
228}
229
230PNGImageDecoder::~PNGImageDecoder()
231{
232}
233
234bool PNGImageDecoder::isSizeAvailable()
235{
236    if (!ImageDecoder::isSizeAvailable())
237         decode(true);
238
239    return ImageDecoder::isSizeAvailable();
240}
241
242bool PNGImageDecoder::setSize(unsigned width, unsigned height)
243{
244    if (!ImageDecoder::setSize(width, height))
245        return false;
246
247    prepareScaleDataIfNecessary();
248    return true;
249}
250
251ImageFrame* PNGImageDecoder::frameBufferAtIndex(size_t index)
252{
253    if (index)
254        return 0;
255
256    if (m_frameBufferCache.isEmpty()) {
257        m_frameBufferCache.resize(1);
258        m_frameBufferCache[0].setPremultiplyAlpha(m_premultiplyAlpha);
259    }
260
261    ImageFrame& frame = m_frameBufferCache[0];
262    if (frame.status() != ImageFrame::FrameComplete) {
263        PlatformInstrumentation::willDecodeImage("PNG");
264        decode(false);
265        PlatformInstrumentation::didDecodeImage();
266    }
267    return &frame;
268}
269
270bool PNGImageDecoder::setFailed()
271{
272    if (m_doNothingOnFailure)
273        return false;
274    m_reader.clear();
275    return ImageDecoder::setFailed();
276}
277
278static void readColorProfile(png_structp png, png_infop info, ColorProfile& colorProfile)
279{
280    ASSERT(colorProfile.isEmpty());
281
282#ifdef PNG_iCCP_SUPPORTED
283    char* profileName;
284    int compressionType;
285#if (PNG_LIBPNG_VER < 10500)
286    png_charp profile;
287#else
288    png_bytep profile;
289#endif
290    png_uint_32 profileLength;
291    if (!png_get_iCCP(png, info, &profileName, &compressionType, &profile, &profileLength))
292        return;
293
294    // Only accept RGB color profiles from input class devices.
295    bool ignoreProfile = false;
296    char* profileData = reinterpret_cast<char*>(profile);
297    if (profileLength < ImageDecoder::iccColorProfileHeaderLength)
298        ignoreProfile = true;
299    else if (!ImageDecoder::rgbColorProfile(profileData, profileLength))
300        ignoreProfile = true;
301    else if (!ImageDecoder::inputDeviceColorProfile(profileData, profileLength))
302        ignoreProfile = true;
303
304    if (!ignoreProfile)
305        colorProfile.append(profileData, profileLength);
306#endif
307}
308
309void PNGImageDecoder::headerAvailable()
310{
311    png_structp png = m_reader->pngPtr();
312    png_infop info = m_reader->infoPtr();
313    png_uint_32 width = png_get_image_width(png, info);
314    png_uint_32 height = png_get_image_height(png, info);
315
316    // Protect against large images.
317    if (width > cMaxPNGSize || height > cMaxPNGSize) {
318        longjmp(JMPBUF(png), 1);
319        return;
320    }
321
322    // We can fill in the size now that the header is available.  Avoid memory
323    // corruption issues by neutering setFailed() during this call; if we don't
324    // do this, failures will cause |m_reader| to be deleted, and our jmpbuf
325    // will cease to exist.  Note that we'll still properly set the failure flag
326    // in this case as soon as we longjmp().
327    m_doNothingOnFailure = true;
328    bool result = setSize(width, height);
329    m_doNothingOnFailure = false;
330    if (!result) {
331        longjmp(JMPBUF(png), 1);
332        return;
333    }
334
335    int bitDepth, colorType, interlaceType, compressionType, filterType, channels;
336    png_get_IHDR(png, info, &width, &height, &bitDepth, &colorType, &interlaceType, &compressionType, &filterType);
337
338    // The options we set here match what Mozilla does.
339
340    // Expand to ensure we use 24-bit for RGB and 32-bit for RGBA.
341    if (colorType == PNG_COLOR_TYPE_PALETTE || (colorType == PNG_COLOR_TYPE_GRAY && bitDepth < 8))
342        png_set_expand(png);
343
344    png_bytep trns = 0;
345    int trnsCount = 0;
346    if (png_get_valid(png, info, PNG_INFO_tRNS)) {
347        png_get_tRNS(png, info, &trns, &trnsCount, 0);
348        png_set_expand(png);
349    }
350
351    if (bitDepth == 16)
352        png_set_strip_16(png);
353
354    if (colorType == PNG_COLOR_TYPE_GRAY || colorType == PNG_COLOR_TYPE_GRAY_ALPHA)
355        png_set_gray_to_rgb(png);
356
357    if ((colorType & PNG_COLOR_MASK_COLOR) && !m_ignoreGammaAndColorProfile) {
358        // We only support color profiles for color PALETTE and RGB[A] PNG. Supporting
359        // color profiles for gray-scale images is slightly tricky, at least using the
360        // CoreGraphics ICC library, because we expand gray-scale images to RGB but we
361        // do not similarly transform the color profile. We'd either need to transform
362        // the color profile or we'd need to decode into a gray-scale image buffer and
363        // hand that to CoreGraphics.
364        readColorProfile(png, info, m_colorProfile);
365#if USE(QCMSLIB)
366        bool decodedImageHasAlpha = (colorType & PNG_COLOR_MASK_ALPHA) || trnsCount;
367        m_reader->createColorTransform(m_colorProfile, decodedImageHasAlpha);
368        m_colorProfile.clear();
369#endif
370    }
371
372    // Deal with gamma and keep it under our control.
373    double gamma;
374    if (!m_ignoreGammaAndColorProfile && png_get_gAMA(png, info, &gamma)) {
375        if ((gamma <= 0.0) || (gamma > cMaxGamma)) {
376            gamma = cInverseGamma;
377            png_set_gAMA(png, info, gamma);
378        }
379        png_set_gamma(png, cDefaultGamma, gamma);
380    } else
381        png_set_gamma(png, cDefaultGamma, cInverseGamma);
382
383    // Tell libpng to send us rows for interlaced pngs.
384    if (interlaceType == PNG_INTERLACE_ADAM7)
385        png_set_interlace_handling(png);
386
387    // Update our info now.
388    png_read_update_info(png, info);
389    channels = png_get_channels(png, info);
390    ASSERT(channels == 3 || channels == 4);
391
392    m_reader->setHasAlpha(channels == 4);
393
394    if (m_reader->decodingSizeOnly()) {
395        // If we only needed the size, halt the reader.
396#if defined(PNG_LIBPNG_VER_MAJOR) && defined(PNG_LIBPNG_VER_MINOR) && (PNG_LIBPNG_VER_MAJOR > 1 || (PNG_LIBPNG_VER_MAJOR == 1 && PNG_LIBPNG_VER_MINOR >= 5))
397        // '0' argument to png_process_data_pause means: Do not cache unprocessed data.
398        m_reader->setReadOffset(m_reader->currentBufferSize() - png_process_data_pause(png, 0));
399#else
400        m_reader->setReadOffset(m_reader->currentBufferSize() - png->buffer_size);
401        png->buffer_size = 0;
402#endif
403    }
404}
405
406static inline void setPixelRGB(ImageFrame::PixelData* dest, png_bytep pixel)
407{
408    *dest = 0xFF000000U | pixel[0] << 16 | pixel[1] << 8 | pixel[2];
409}
410
411static inline void setPixelRGBA(ImageFrame::PixelData* dest, png_bytep pixel, unsigned char& nonTrivialAlphaMask)
412{
413    unsigned char a = pixel[3];
414    *dest = a << 24 | pixel[0] << 16 | pixel[1] << 8 | pixel[2];
415    nonTrivialAlphaMask |= (255 - a);
416}
417
418static inline void setPixelPremultipliedRGBA(ImageFrame::PixelData* dest, png_bytep pixel, unsigned char& nonTrivialAlphaMask)
419{
420    unsigned char a = pixel[3];
421    unsigned char r = fastDivideBy255(pixel[0] * a);
422    unsigned char g = fastDivideBy255(pixel[1] * a);
423    unsigned char b = fastDivideBy255(pixel[2] * a);
424
425    *dest = a << 24 | r << 16 | g << 8 | b;
426    nonTrivialAlphaMask |= (255 - a);
427}
428
429void PNGImageDecoder::rowAvailable(unsigned char* rowBuffer, unsigned rowIndex, int)
430{
431    if (m_frameBufferCache.isEmpty())
432        return;
433
434    // Initialize the framebuffer if needed.
435    ImageFrame& buffer = m_frameBufferCache[0];
436    if (buffer.status() == ImageFrame::FrameEmpty) {
437        png_structp png = m_reader->pngPtr();
438        if (!buffer.setSize(scaledSize().width(), scaledSize().height())) {
439            longjmp(JMPBUF(png), 1);
440            return;
441        }
442
443        unsigned colorChannels = m_reader->hasAlpha() ? 4 : 3;
444        if (PNG_INTERLACE_ADAM7 == png_get_interlace_type(png, m_reader->infoPtr())) {
445            m_reader->createInterlaceBuffer(colorChannels * size().width() * size().height());
446            if (!m_reader->interlaceBuffer()) {
447                longjmp(JMPBUF(png), 1);
448                return;
449            }
450        }
451
452#if USE(QCMSLIB)
453        if (m_reader->colorTransform()) {
454            m_reader->createRowBuffer(colorChannels * size().width());
455            if (!m_reader->rowBuffer()) {
456                longjmp(JMPBUF(png), 1);
457                return;
458            }
459        }
460#endif
461        buffer.setStatus(ImageFrame::FramePartial);
462        buffer.setHasAlpha(false);
463        buffer.setColorProfile(m_colorProfile);
464
465        // For PNGs, the frame always fills the entire image.
466        buffer.setOriginalFrameRect(IntRect(IntPoint(), size()));
467    }
468
469    /* libpng comments (here to explain what follows).
470     *
471     * this function is called for every row in the image.  If the
472     * image is interlacing, and you turned on the interlace handler,
473     * this function will be called for every row in every pass.
474     * Some of these rows will not be changed from the previous pass.
475     * When the row is not changed, the new_row variable will be NULL.
476     * The rows and passes are called in order, so you don't really
477     * need the row_num and pass, but I'm supplying them because it
478     * may make your life easier.
479     */
480
481    // Nothing to do if the row is unchanged, or the row is outside
482    // the image bounds: libpng may send extra rows, ignore them to
483    // make our lives easier.
484    if (!rowBuffer)
485        return;
486    int y = !m_scaled ? rowIndex : scaledY(rowIndex);
487    if (y < 0 || y >= scaledSize().height())
488        return;
489
490    /* libpng comments (continued).
491     *
492     * For the non-NULL rows of interlaced images, you must call
493     * png_progressive_combine_row() passing in the row and the
494     * old row.  You can call this function for NULL rows (it will
495     * just return) and for non-interlaced images (it just does the
496     * memcpy for you) if it will make the code easier.  Thus, you
497     * can just do this for all cases:
498     *
499     *    png_progressive_combine_row(png_ptr, old_row, new_row);
500     *
501     * where old_row is what was displayed for previous rows.  Note
502     * that the first pass (pass == 0 really) will completely cover
503     * the old row, so the rows do not have to be initialized.  After
504     * the first pass (and only for interlaced images), you will have
505     * to pass the current row, and the function will combine the
506     * old row and the new row.
507     */
508
509    bool hasAlpha = m_reader->hasAlpha();
510    unsigned colorChannels = hasAlpha ? 4 : 3;
511    png_bytep row = rowBuffer;
512
513    if (png_bytep interlaceBuffer = m_reader->interlaceBuffer()) {
514        row = interlaceBuffer + (rowIndex * colorChannels * size().width());
515        png_progressive_combine_row(m_reader->pngPtr(), row, rowBuffer);
516    }
517
518#if USE(QCMSLIB)
519    if (qcms_transform* transform = m_reader->colorTransform()) {
520        qcms_transform_data(transform, row, m_reader->rowBuffer(), size().width());
521        row = m_reader->rowBuffer();
522    }
523#endif
524
525    // Write the decoded row pixels to the frame buffer.
526    ImageFrame::PixelData* address = buffer.getAddr(0, y);
527    int width = scaledSize().width();
528    unsigned char nonTrivialAlphaMask = 0;
529
530#if ENABLE(IMAGE_DECODER_DOWN_SAMPLING)
531    if (m_scaled) {
532        for (int x = 0; x < width; ++x) {
533            png_bytep pixel = row + m_scaledColumns[x] * colorChannels;
534            unsigned alpha = hasAlpha ? pixel[3] : 255;
535            buffer.setRGBA(address++, pixel[0], pixel[1], pixel[2], alpha);
536            nonTrivialAlphaMask |= (255 - alpha);
537        }
538    } else
539#endif
540    {
541        png_bytep pixel = row;
542        if (hasAlpha) {
543            if (buffer.premultiplyAlpha()) {
544                for (int x = 0; x < width; ++x, pixel += 4)
545                    setPixelPremultipliedRGBA(address++, pixel, nonTrivialAlphaMask);
546            } else {
547                for (int x = 0; x < width; ++x, pixel += 4)
548                    setPixelRGBA(address++, pixel, nonTrivialAlphaMask);
549            }
550        } else {
551            for (int x = 0; x < width; ++x, pixel += 3)
552                setPixelRGB(address++, pixel);
553        }
554    }
555
556
557    if (nonTrivialAlphaMask && !buffer.hasAlpha())
558        buffer.setHasAlpha(true);
559}
560
561void PNGImageDecoder::pngComplete()
562{
563    if (!m_frameBufferCache.isEmpty())
564        m_frameBufferCache.first().setStatus(ImageFrame::FrameComplete);
565}
566
567void PNGImageDecoder::decode(bool onlySize)
568{
569    if (failed())
570        return;
571
572    if (!m_reader)
573        m_reader = adoptPtr(new PNGImageReader(this));
574
575    // If we couldn't decode the image but we've received all the data, decoding
576    // has failed.
577    if (!m_reader->decode(*m_data, onlySize) && isAllDataReceived())
578        setFailed();
579    // If we're done decoding the image, we don't need the PNGImageReader
580    // anymore.  (If we failed, |m_reader| has already been cleared.)
581    else if (isComplete())
582        m_reader.clear();
583}
584
585} // namespace WebCore
586