1/*
2 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
3 *
4 * This code is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License version 2 only, as
6 * published by the Free Software Foundation.  Oracle designates this
7 * particular file as subject to the "Classpath" exception as provided
8 * by Oracle in the LICENSE file that accompanied this code.
9 *
10 * This code is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21 * or visit www.oracle.com if you need additional information or have any
22 * questions.
23 */
24
25/* pngmem.c - stub functions for memory allocation
26 *
27 * This file is available under and governed by the GNU General Public
28 * License version 2 only, as published by the Free Software Foundation.
29 * However, the following notice accompanied the original version of this
30 * file and, per its terms, should not be removed:
31 *
32 * Last changed in libpng 1.6.26 [October 20, 2016]
33 * Copyright (c) 1998-2002,2004,2006-2014,2016 Glenn Randers-Pehrson
34 * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
35 * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
36 *
37 * This code is released under the libpng license.
38 * For conditions of distribution and use, see the disclaimer
39 * and license in png.h
40 *
41 * This file provides a location for all memory allocation.  Users who
42 * need special memory handling are expected to supply replacement
43 * functions for png_malloc() and png_free(), and to use
44 * png_create_read_struct_2() and png_create_write_struct_2() to
45 * identify the replacement functions.
46 */
47
48#include "pngpriv.h"
49
50#if defined(PNG_READ_SUPPORTED) || defined(PNG_WRITE_SUPPORTED)
51/* Free a png_struct */
52void /* PRIVATE */
53png_destroy_png_struct(png_structrp png_ptr)
54{
55   if (png_ptr != NULL)
56   {
57      /* png_free might call png_error and may certainly call
58       * png_get_mem_ptr, so fake a temporary png_struct to support this.
59       */
60      png_struct dummy_struct = *png_ptr;
61      memset(png_ptr, 0, (sizeof *png_ptr));
62      png_free(&dummy_struct, png_ptr);
63
64#     ifdef PNG_SETJMP_SUPPORTED
65         /* We may have a jmp_buf left to deallocate. */
66         png_free_jmpbuf(&dummy_struct);
67#     endif
68   }
69}
70
71/* Allocate memory.  For reasonable files, size should never exceed
72 * 64K.  However, zlib may allocate more than 64K if you don't tell
73 * it not to.  See zconf.h and png.h for more information.  zlib does
74 * need to allocate exactly 64K, so whatever you call here must
75 * have the ability to do that.
76 */
77PNG_FUNCTION(png_voidp,PNGAPI
78png_calloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
79{
80   png_voidp ret;
81
82   ret = png_malloc(png_ptr, size);
83
84   if (ret != NULL)
85      memset(ret, 0, size);
86
87   return ret;
88}
89
90/* png_malloc_base, an internal function added at libpng 1.6.0, does the work of
91 * allocating memory, taking into account limits and PNG_USER_MEM_SUPPORTED.
92 * Checking and error handling must happen outside this routine; it returns NULL
93 * if the allocation cannot be done (for any reason.)
94 */
95PNG_FUNCTION(png_voidp /* PRIVATE */,
96png_malloc_base,(png_const_structrp png_ptr, png_alloc_size_t size),
97    PNG_ALLOCATED)
98{
99   /* Moved to png_malloc_base from png_malloc_default in 1.6.0; the DOS
100    * allocators have also been removed in 1.6.0, so any 16-bit system now has
101    * to implement a user memory handler.  This checks to be sure it isn't
102    * called with big numbers.
103    */
104#ifndef PNG_USER_MEM_SUPPORTED
105   PNG_UNUSED(png_ptr)
106#endif
107
108   /* Some compilers complain that this is always true.  However, it
109    * can be false when integer overflow happens.
110    */
111   if (size > 0 && size <= PNG_SIZE_MAX
112#     ifdef PNG_MAX_MALLOC_64K
113         && size <= 65536U
114#     endif
115      )
116   {
117#ifdef PNG_USER_MEM_SUPPORTED
118      if (png_ptr != NULL && png_ptr->malloc_fn != NULL)
119         return png_ptr->malloc_fn(png_constcast(png_structrp,png_ptr), size);
120
121      else
122#endif
123         return malloc((size_t)size); /* checked for truncation above */
124   }
125
126   else
127      return NULL;
128}
129
130#if defined(PNG_TEXT_SUPPORTED) || defined(PNG_sPLT_SUPPORTED) ||\
131   defined(PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED)
132/* This is really here only to work round a spurious warning in GCC 4.6 and 4.7
133 * that arises because of the checks in png_realloc_array that are repeated in
134 * png_malloc_array.
135 */
136static png_voidp
137png_malloc_array_checked(png_const_structrp png_ptr, int nelements,
138    size_t element_size)
139{
140   png_alloc_size_t req = (png_alloc_size_t)nelements; /* known to be > 0 */
141
142   if (req <= PNG_SIZE_MAX/element_size)
143      return png_malloc_base(png_ptr, req * element_size);
144
145   /* The failure case when the request is too large */
146   return NULL;
147}
148
149PNG_FUNCTION(png_voidp /* PRIVATE */,
150png_malloc_array,(png_const_structrp png_ptr, int nelements,
151    size_t element_size),PNG_ALLOCATED)
152{
153   if (nelements <= 0 || element_size == 0)
154      png_error(png_ptr, "internal error: array alloc");
155
156   return png_malloc_array_checked(png_ptr, nelements, element_size);
157}
158
159PNG_FUNCTION(png_voidp /* PRIVATE */,
160png_realloc_array,(png_const_structrp png_ptr, png_const_voidp old_array,
161    int old_elements, int add_elements, size_t element_size),PNG_ALLOCATED)
162{
163   /* These are internal errors: */
164   if (add_elements <= 0 || element_size == 0 || old_elements < 0 ||
165      (old_array == NULL && old_elements > 0))
166      png_error(png_ptr, "internal error: array realloc");
167
168   /* Check for overflow on the elements count (so the caller does not have to
169    * check.)
170    */
171   if (add_elements <= INT_MAX - old_elements)
172   {
173      png_voidp new_array = png_malloc_array_checked(png_ptr,
174          old_elements+add_elements, element_size);
175
176      if (new_array != NULL)
177      {
178         /* Because png_malloc_array worked the size calculations below cannot
179          * overflow.
180          */
181         if (old_elements > 0)
182            memcpy(new_array, old_array, element_size*(unsigned)old_elements);
183
184         memset((char*)new_array + element_size*(unsigned)old_elements, 0,
185             element_size*(unsigned)add_elements);
186
187         return new_array;
188      }
189   }
190
191   return NULL; /* error */
192}
193#endif /* TEXT || sPLT || STORE_UNKNOWN_CHUNKS */
194
195/* Various functions that have different error handling are derived from this.
196 * png_malloc always exists, but if PNG_USER_MEM_SUPPORTED is defined a separate
197 * function png_malloc_default is also provided.
198 */
199PNG_FUNCTION(png_voidp,PNGAPI
200png_malloc,(png_const_structrp png_ptr, png_alloc_size_t size),PNG_ALLOCATED)
201{
202   png_voidp ret;
203
204   if (png_ptr == NULL)
205      return NULL;
206
207   ret = png_malloc_base(png_ptr, size);
208
209   if (ret == NULL)
210       png_error(png_ptr, "Out of memory"); /* 'm' means png_malloc */
211
212   return ret;
213}
214
215#ifdef PNG_USER_MEM_SUPPORTED
216PNG_FUNCTION(png_voidp,PNGAPI
217png_malloc_default,(png_const_structrp png_ptr, png_alloc_size_t size),
218    PNG_ALLOCATED PNG_DEPRECATED)
219{
220   png_voidp ret;
221
222   if (png_ptr == NULL)
223      return NULL;
224
225   /* Passing 'NULL' here bypasses the application provided memory handler. */
226   ret = png_malloc_base(NULL/*use malloc*/, size);
227
228   if (ret == NULL)
229      png_error(png_ptr, "Out of Memory"); /* 'M' means png_malloc_default */
230
231   return ret;
232}
233#endif /* USER_MEM */
234
235/* This function was added at libpng version 1.2.3.  The png_malloc_warn()
236 * function will issue a png_warning and return NULL instead of issuing a
237 * png_error, if it fails to allocate the requested memory.
238 */
239PNG_FUNCTION(png_voidp,PNGAPI
240png_malloc_warn,(png_const_structrp png_ptr, png_alloc_size_t size),
241    PNG_ALLOCATED)
242{
243   if (png_ptr != NULL)
244   {
245      png_voidp ret = png_malloc_base(png_ptr, size);
246
247      if (ret != NULL)
248         return ret;
249
250      png_warning(png_ptr, "Out of memory");
251   }
252
253   return NULL;
254}
255
256/* Free a pointer allocated by png_malloc().  If ptr is NULL, return
257 * without taking any action.
258 */
259void PNGAPI
260png_free(png_const_structrp png_ptr, png_voidp ptr)
261{
262   if (png_ptr == NULL || ptr == NULL)
263      return;
264
265#ifdef PNG_USER_MEM_SUPPORTED
266   if (png_ptr->free_fn != NULL)
267      png_ptr->free_fn(png_constcast(png_structrp,png_ptr), ptr);
268
269   else
270      png_free_default(png_ptr, ptr);
271}
272
273PNG_FUNCTION(void,PNGAPI
274png_free_default,(png_const_structrp png_ptr, png_voidp ptr),PNG_DEPRECATED)
275{
276   if (png_ptr == NULL || ptr == NULL)
277      return;
278#endif /* USER_MEM */
279
280   free(ptr);
281}
282
283#ifdef PNG_USER_MEM_SUPPORTED
284/* This function is called when the application wants to use another method
285 * of allocating and freeing memory.
286 */
287void PNGAPI
288png_set_mem_fn(png_structrp png_ptr, png_voidp mem_ptr, png_malloc_ptr
289  malloc_fn, png_free_ptr free_fn)
290{
291   if (png_ptr != NULL)
292   {
293      png_ptr->mem_ptr = mem_ptr;
294      png_ptr->malloc_fn = malloc_fn;
295      png_ptr->free_fn = free_fn;
296   }
297}
298
299/* This function returns a pointer to the mem_ptr associated with the user
300 * functions.  The application should free any memory associated with this
301 * pointer before png_write_destroy and png_read_destroy are called.
302 */
303png_voidp PNGAPI
304png_get_mem_ptr(png_const_structrp png_ptr)
305{
306   if (png_ptr == NULL)
307      return NULL;
308
309   return png_ptr->mem_ptr;
310}
311#endif /* USER_MEM */
312#endif /* READ || WRITE */
313