png.c source code [OpenJDK/src/java.desktop/share/native/libsplashscreen/libpng/png.c]

1	/*
2	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
3	*
4	* This code is free software; you can redistribute it and/or modify it
5	* under the terms of the GNU General Public License version 2 only, as
6	* published by the Free Software Foundation. Oracle designates this
7	* particular file as subject to the "Classpath" exception as provided
8	* by Oracle in the LICENSE file that accompanied this code.
9	*
10	* This code is distributed in the hope that it will be useful, but WITHOUT
11	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13	* version 2 for more details (a copy is included in the LICENSE file that
14	* accompanied this code).
15	*
16	* You should have received a copy of the GNU General Public License version
17	* 2 along with this work; if not, write to the Free Software Foundation,
18	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19	*
20	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21	* or visit www.oracle.com if you need additional information or have any
22	* questions.
23	*/
24
25	/ png.c - location for general purpose libpng functions*
26	*
27	* This file is available under and governed by the GNU General Public
28	* License version 2 only, as published by the Free Software Foundation.
29	* However, the following notice accompanied the original version of this
30	* file and, per its terms, should not be removed:
31	*
32	* Last changed in libpng 1.6.35 [July 15, 2018]
33	* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
34	* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
35	* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
36	*
37	* This code is released under the libpng license.
38	* For conditions of distribution and use, see the disclaimer
39	* and license in png.h
40	*/
41
42	#include "pngpriv.h"
43
44	/ Generate a compiler error if there is an old png.h in the search path. /
45	typedef png_libpng_version_1_6_35 Your_png_h_is_not_version_1_6_35;
46
47	#ifdef __GNUC__
48	/ The version tests may need to be added to, but the problem warning has*
49	* consistently been fixed in GCC versions which obtain wide-spread release.
50	* The problem is that many versions of GCC rearrange comparison expressions in
51	* the optimizer in such a way that the results of the comparison will change
52	* if signed integer overflow occurs. Such comparisons are not permitted in
53	* ANSI C90, however GCC isn't clever enough to work out that that do not occur
54	* below in png_ascii_from_fp and png_muldiv, so it produces a warning with
55	* -Wextra. Unfortunately this is highly dependent on the optimizer and the
56	* machine architecture so the warning comes and goes unpredictably and is
57	* impossible to "fix", even were that a good idea.
58	*/
59	#if __GNUC__ == 7 && __GNUC_MINOR__ == 1
60	#define GCC_STRICT_OVERFLOW 1
61	#endif /* GNU 7.1.x */
62	#endif /* GNU */
63	#ifndef GCC_STRICT_OVERFLOW
64	#define GCC_STRICT_OVERFLOW 0
65	#endif
66
67	/ Tells libpng that we have already handled the first "num_bytes" bytes*
68	* of the PNG file signature. If the PNG data is embedded into another
69	* stream we can set num_bytes = 8 so that libpng will not attempt to read
70	* or write any of the magic bytes before it starts on the IHDR.
71	*/
72
73	#ifdef PNG_READ_SUPPORTED
74	void PNGAPI
75	png_set_sig_bytes(png_structrp png_ptr, int num_bytes)
76	{
77	unsigned int nb = (unsigned int)num_bytes;
78
79	png_debug(`1`, "in png_set_sig_bytes");
80
81	if (png_ptr == NULL)
82	return;
83
84	if (num_bytes < `0`)
85	nb = `0`;
86
87	if (nb > `8`)
88	png_error(png_ptr, "Too many bytes for PNG signature");
89
90	png_ptr->sig_bytes = (png_byte)nb;
91	}
92
93	/ Checks whether the supplied bytes match the PNG signature. We allow*
94	* checking less than the full 8-byte signature so that those apps that
95	* already read the first few bytes of a file to determine the file type
96	* can simply check the remaining bytes for extra assurance. Returns
97	* an integer less than, equal to, or greater than zero if sig is found,
98	* respectively, to be less than, to match, or be greater than the correct
99	* PNG signature (this is the same behavior as strcmp, memcmp, etc).
100	*/
101	int PNGAPI
102	png_sig_cmp(png_const_bytep sig, size_t start, size_t num_to_check)
103	{
104	png_byte png_signature[`8`] = {`137`, `80`, `78`, `71`, `13`, `10`, `26`, `10`};
105
106	if (num_to_check > `8`)
107	num_to_check = `8`;
108
109	else if (num_to_check < `1`)
110	return (-`1`);
111
112	if (start > `7`)
113	return (-`1`);
114
115	if (start + num_to_check > `8`)
116	num_to_check = `8` - start;
117
118	return ((int)(memcmp(&sig[start], &png_signature[start], num_to_check)));
119	}
120
121	#endif /* READ */
122
123	#if defined(PNG_READ_SUPPORTED) \|\| defined(PNG_WRITE_SUPPORTED)
124	/ Function to allocate memory for zlib /
125	PNG_FUNCTION(voidpf / PRIVATE /,
126	png_zalloc,(voidpf png_ptr, uInt items, uInt size),PNG_ALLOCATED)
127	{
128	png_alloc_size_t num_bytes = size;
129
130	if (png_ptr == NULL)
131	return NULL;
132
133	if (items >= (~(png_alloc_size_t)`0`)/size)
134	{
135	png_warning (png_voidcast(png_structrp, png_ptr),
136	"Potential overflow in png_zalloc()");
137	return NULL;
138	}
139
140	num_bytes *= items;
141	return png_malloc_warn(png_voidcast(png_structrp, png_ptr), num_bytes);
142	}
143
144	/ Function to free memory for zlib /
145	void / PRIVATE /
146	png_zfree(voidpf png_ptr, voidpf ptr)
147	{
148	png_free(png_voidcast(png_const_structrp,png_ptr), ptr);
149	}
150
151	/ Reset the CRC variable to 32 bits of 1's. Care must be taken*
152	* in case CRC is > 32 bits to leave the top bits 0.
153	*/
154	void / PRIVATE /
155	png_reset_crc(png_structrp png_ptr)
156	{
157	/ The cast is safe because the crc is a 32-bit value. /
158	png_ptr->crc = (png_uint_32)crc32(`0`, Z_NULL, `0`);
159	}
160
161	/ Calculate the CRC over a section of data. We can only pass as*
162	* much data to this routine as the largest single buffer size. We
163	* also check that this data will actually be used before going to the
164	* trouble of calculating it.
165	*/
166	void / PRIVATE /
167	png_calculate_crc(png_structrp png_ptr, png_const_bytep ptr, size_t length)
168	{
169	int need_crc = `1`;
170
171	if (PNG_CHUNK_ANCILLARY(png_ptr->chunk_name) != `0`)
172	{
173	if ((png_ptr->flags & PNG_FLAG_CRC_ANCILLARY_MASK) ==
174	(PNG_FLAG_CRC_ANCILLARY_USE \| PNG_FLAG_CRC_ANCILLARY_NOWARN))
175	need_crc = `0`;
176	}
177
178	else / critical /
179	{
180	if ((png_ptr->flags & PNG_FLAG_CRC_CRITICAL_IGNORE) != `0`)
181	need_crc = `0`;
182	}
183
184	/ 'uLong' is defined in zlib.h as unsigned long; this means that on some*
185	* systems it is a 64-bit value. crc32, however, returns 32 bits so the
186	* following cast is safe. 'uInt' may be no more than 16 bits, so it is
187	* necessary to perform a loop here.
188	*/
189	if (need_crc != `0` && length > `0`)
190	{
191	uLong crc = png_ptr->crc; / Should never issue a warning /
192
193	do
194	{
195	uInt safe_length = (uInt)length;
196	#ifndef __COVERITY__
197	if (safe_length == `0`)
198	safe_length = (uInt)-`1`; / evil, but safe /
199	#endif
200
201	crc = crc32(crc, ptr, safe_length);
202
203	/ The following should never issue compiler warnings; if they do the*
204	* target system has characteristics that will probably violate other
205	* assumptions within the libpng code.
206	*/
207	ptr += safe_length;
208	length -= safe_length;
209	}
210	while (length > `0`);
211
212	/ And the following is always safe because the crc is only 32 bits. /
213	png_ptr->crc = (png_uint_32)crc;
214	}
215	}
216
217	/ Check a user supplied version number, called from both read and write*
218	* functions that create a png_struct.
219	*/
220	int
221	png_user_version_check(png_structrp png_ptr, png_const_charp user_png_ver)
222	{
223	/ Libpng versions 1.0.0 and later are binary compatible if the version*
224	* string matches through the second '.'; we must recompile any
225	* applications that use any older library version.
226	*/
227
228	if (user_png_ver != NULL)
229	{
230	int i = -`1`;
231	int found_dots = `0`;
232
233	do
234	{
235	i++;
236	if (user_png_ver[i] != PNG_LIBPNG_VER_STRING[i])
237	png_ptr->flags \|= PNG_FLAG_LIBRARY_MISMATCH;
238	if (user_png_ver[i] == `'.'`)
239	found_dots++;
240	} while (found_dots < `2` && user_png_ver[i] != `0` &&
241	PNG_LIBPNG_VER_STRING[i] != `0`);
242	}
243
244	else
245	png_ptr->flags \|= PNG_FLAG_LIBRARY_MISMATCH;
246
247	if ((png_ptr->flags & PNG_FLAG_LIBRARY_MISMATCH) != `0`)
248	{
249	#ifdef PNG_WARNINGS_SUPPORTED
250	size_t pos = `0`;
251	char m[`128`];
252
253	pos = png_safecat(m, (sizeof m), pos,
254	"Application built with libpng-");
255	pos = png_safecat(m, (sizeof m), pos, user_png_ver);
256	pos = png_safecat(m, (sizeof m), pos, " but running with ");
257	pos = png_safecat(m, (sizeof m), pos, PNG_LIBPNG_VER_STRING);
258	PNG_UNUSED(pos)
259
260	png_warning(png_ptr, m);
261	#endif
262
263	#ifdef PNG_ERROR_NUMBERS_SUPPORTED
264	png_ptr->flags = `0`;
265	#endif
266
267	return `0`;
268	}
269
270	/ Success return. /
271	return `1`;
272	}
273
274	/ Generic function to create a png_struct for either read or write - this*
275	* contains the common initialization.
276	*/
277	PNG_FUNCTION(png_structp / PRIVATE /,
278	png_create_png_struct,(png_const_charp user_png_ver, png_voidp error_ptr,
279	png_error_ptr error_fn, png_error_ptr warn_fn, png_voidp mem_ptr,
280	png_malloc_ptr malloc_fn, png_free_ptr free_fn),PNG_ALLOCATED)
281	{
282	png_struct create_struct;
283	# ifdef PNG_SETJMP_SUPPORTED
284	jmp_buf create_jmp_buf;
285	# endif
286
287	/ This temporary stack-allocated structure is used to provide a place to*
288	* build enough context to allow the user provided memory allocator (if any)
289	* to be called.
290	*/
291	memset(&create_struct, `0`, (sizeof create_struct));
292
293	/ Added at libpng-1.2.6 /
294	# ifdef PNG_USER_LIMITS_SUPPORTED
295	create_struct.user_width_max = PNG_USER_WIDTH_MAX;
296	create_struct.user_height_max = PNG_USER_HEIGHT_MAX;
297
298	# ifdef PNG_USER_CHUNK_CACHE_MAX
299	/ Added at libpng-1.2.43 and 1.4.0 /
300	create_struct.user_chunk_cache_max = PNG_USER_CHUNK_CACHE_MAX;
301	# endif
302
303	# ifdef PNG_USER_CHUNK_MALLOC_MAX
304	/ Added at libpng-1.2.43 and 1.4.1, required only for read but exists*
305	* in png_struct regardless.
306	*/
307	create_struct.user_chunk_malloc_max = PNG_USER_CHUNK_MALLOC_MAX;
308	# endif
309	# endif
310
311	/ The following two API calls simply set fields in png_struct, so it is safe*
312	* to do them now even though error handling is not yet set up.
313	*/
314	# ifdef PNG_USER_MEM_SUPPORTED
315	png_set_mem_fn(&create_struct, mem_ptr, malloc_fn, free_fn);
316	# else
317	PNG_UNUSED(mem_ptr)
318	PNG_UNUSED(malloc_fn)
319	PNG_UNUSED(free_fn)
320	# endif
321
322	/ (error_fn) can return control to the caller after the error_ptr is set,
323	* this will result in a memory leak unless the error_fn does something
324	* extremely sophisticated. The design lacks merit but is implicit in the
325	* API.
326	*/
327	png_set_error_fn(&create_struct, error_ptr, error_fn, warn_fn);
328
329	# ifdef PNG_SETJMP_SUPPORTED
330	if (!setjmp(create_jmp_buf))
331	# endif
332	{
333	# ifdef PNG_SETJMP_SUPPORTED
334	/ Temporarily fake out the longjmp information until we have*
335	* successfully completed this function. This only works if we have
336	* setjmp() support compiled in, but it is safe - this stuff should
337	* never happen.
338	*/
339	create_struct.jmp_buf_ptr = &create_jmp_buf;
340	create_struct.jmp_buf_size = `0`; /stack allocation/
341	create_struct.longjmp_fn = longjmp;
342	# endif
343	/ Call the general version checker (shared with read and write code):*
344	*/
345	if (png_user_version_check(&create_struct, user_png_ver) != `0`)
346	{
347	png_structrp png_ptr = png_voidcast(png_structrp,
348	png_malloc_warn(&create_struct, (sizeof *png_ptr)));
349
350	if (png_ptr != NULL)
351	{
352	/ png_ptr->zstream holds a back-pointer to the png_struct, so*
353	* this can only be done now:
354	*/
355	create_struct.zstream.zalloc = png_zalloc;
356	create_struct.zstream.zfree = png_zfree;
357	create_struct.zstream.opaque = png_ptr;
358
359	# ifdef PNG_SETJMP_SUPPORTED
360	/ Eliminate the local error handling: /
361	create_struct.jmp_buf_ptr = NULL;
362	create_struct.jmp_buf_size = `0`;
363	create_struct.longjmp_fn = `0`;
364	# endif
365
366	*png_ptr = create_struct;
367
368	/ This is the successful return point /
369	return png_ptr;
370	}
371	}
372	}
373
374	/ A longjmp because of a bug in the application storage allocator or a*
375	* simple failure to allocate the png_struct.
376	*/
377	return NULL;
378	}
379
380	/ Allocate the memory for an info_struct for the application. /
381	PNG_FUNCTION(png_infop,PNGAPI
382	png_create_info_struct,(png_const_structrp png_ptr),PNG_ALLOCATED)
383	{
384	png_inforp info_ptr;
385
386	png_debug(`1`, "in png_create_info_struct");
387
388	if (png_ptr == NULL)
389	return NULL;
390
391	/ Use the internal API that does not (or at least should not) error out, so*
392	* that this call always returns ok. The application typically sets up the
393	* error handling after creating the info_struct because this is the way it
394	* has always been done in 'example.c'.
395	*/
396	info_ptr = png_voidcast(png_inforp, png_malloc_base(png_ptr,
397	(sizeof *info_ptr)));
398
399	if (info_ptr != NULL)
400	memset(info_ptr, `0`, (sizeof *info_ptr));
401
402	return info_ptr;
403	}
404
405	/ This function frees the memory associated with a single info struct.*
406	* Normally, one would use either png_destroy_read_struct() or
407	* png_destroy_write_struct() to free an info struct, but this may be
408	* useful for some applications. From libpng 1.6.0 this function is also used
409	* internally to implement the png_info release part of the 'struct' destroy
410	* APIs. This ensures that all possible approaches free the same data (all of
411	* it).
412	*/
413	void PNGAPI
414	png_destroy_info_struct(png_const_structrp png_ptr, png_infopp info_ptr_ptr)
415	{
416	png_inforp info_ptr = NULL;
417
418	png_debug(`1`, "in png_destroy_info_struct");
419
420	if (png_ptr == NULL)
421	return;
422
423	if (info_ptr_ptr != NULL)
424	info_ptr = *info_ptr_ptr;
425
426	if (info_ptr != NULL)
427	{
428	/ Do this first in case of an error below; if the app implements its own*
429	* memory management this can lead to png_free calling png_error, which
430	* will abort this routine and return control to the app error handler.
431	* An infinite loop may result if it then tries to free the same info
432	* ptr.
433	*/
434	*info_ptr_ptr = NULL;
435
436	png_free_data(png_ptr, info_ptr, PNG_FREE_ALL, -`1`);
437	memset(info_ptr, `0`, (sizeof *info_ptr));
438	png_free(png_ptr, info_ptr);
439	}
440	}
441
442	/ Initialize the info structure. This is now an internal function (0.89)*
443	* and applications using it are urged to use png_create_info_struct()
444	* instead. Use deprecated in 1.6.0, internal use removed (used internally it
445	* is just a memset).
446	*
447	* NOTE: it is almost inconceivable that this API is used because it bypasses
448	* the user-memory mechanism and the user error handling/warning mechanisms in
449	* those cases where it does anything other than a memset.
450	*/
451	PNG_FUNCTION(void,PNGAPI
452	png_info_init_3,(png_infopp ptr_ptr, size_t png_info_struct_size),
453	PNG_DEPRECATED)
454	{
455	png_inforp info_ptr = *ptr_ptr;
456
457	png_debug(`1`, "in png_info_init_3");
458
459	if (info_ptr == NULL)
460	return;
461
462	if ((sizeof (png_info)) > png_info_struct_size)
463	{
464	*ptr_ptr = NULL;
465	/ The following line is why this API should not be used: /
466	free(info_ptr);
467	info_ptr = png_voidcast(png_inforp, png_malloc_base(NULL,
468	(sizeof *info_ptr)));
469	if (info_ptr == NULL)
470	return;
471	*ptr_ptr = info_ptr;
472	}
473
474	/ Set everything to 0 /
475	memset(info_ptr, `0`, (sizeof *info_ptr));
476	}
477
478	/ The following API is not called internally /
479	void PNGAPI
480	png_data_freer(png_const_structrp png_ptr, png_inforp info_ptr,
481	int freer, png_uint_32 mask)
482	{
483	png_debug(`1`, "in png_data_freer");
484
485	if (png_ptr == NULL \|\| info_ptr == NULL)
486	return;
487
488	if (freer == PNG_DESTROY_WILL_FREE_DATA)
489	info_ptr->free_me \|= mask;
490
491	else if (freer == PNG_USER_WILL_FREE_DATA)
492	info_ptr->free_me &= ~mask;
493
494	else
495	png_error(png_ptr, "Unknown freer parameter in png_data_freer");
496	}
497
498	void PNGAPI
499	png_free_data(png_const_structrp png_ptr, png_inforp info_ptr, png_uint_32 mask,
500	int num)
501	{
502	png_debug(`1`, "in png_free_data");
503
504	if (png_ptr == NULL \|\| info_ptr == NULL)
505	return;
506
507	#ifdef PNG_TEXT_SUPPORTED
508	/ Free text item num or (if num == -1) all text items /
509	if (info_ptr->text != NULL &&
510	((mask & PNG_FREE_TEXT) & info_ptr->free_me) != `0`)
511	{
512	if (num != -`1`)
513	{
514	png_free(png_ptr, info_ptr->text[num].key);
515	info_ptr->text[num].key = NULL;
516	}
517
518	else
519	{
520	int i;
521
522	for (i = `0`; i < info_ptr->num_text; i++)
523	png_free(png_ptr, info_ptr->text[i].key);
524
525	png_free(png_ptr, info_ptr->text);
526	info_ptr->text = NULL;
527	info_ptr->num_text = `0`;
528	info_ptr->max_text = `0`;
529	}
530	}
531	#endif
532
533	#ifdef PNG_tRNS_SUPPORTED
534	/ Free any tRNS entry /
535	if (((mask & PNG_FREE_TRNS) & info_ptr->free_me) != `0`)
536	{
537	info_ptr->valid &= ~PNG_INFO_tRNS;
538	png_free(png_ptr, info_ptr->trans_alpha);
539	info_ptr->trans_alpha = NULL;
540	info_ptr->num_trans = `0`;
541	}
542	#endif
543
544	#ifdef PNG_sCAL_SUPPORTED
545	/ Free any sCAL entry /
546	if (((mask & PNG_FREE_SCAL) & info_ptr->free_me) != `0`)
547	{
548	png_free(png_ptr, info_ptr->scal_s_width);
549	png_free(png_ptr, info_ptr->scal_s_height);
550	info_ptr->scal_s_width = NULL;
551	info_ptr->scal_s_height = NULL;
552	info_ptr->valid &= ~PNG_INFO_sCAL;
553	}
554	#endif
555
556	#ifdef PNG_pCAL_SUPPORTED
557	/ Free any pCAL entry /
558	if (((mask & PNG_FREE_PCAL) & info_ptr->free_me) != `0`)
559	{
560	png_free(png_ptr, info_ptr->pcal_purpose);
561	png_free(png_ptr, info_ptr->pcal_units);
562	info_ptr->pcal_purpose = NULL;
563	info_ptr->pcal_units = NULL;
564
565	if (info_ptr->pcal_params != NULL)
566	{
567	int i;
568
569	for (i = `0`; i < info_ptr->pcal_nparams; i++)
570	png_free(png_ptr, info_ptr->pcal_params[i]);
571
572	png_free(png_ptr, info_ptr->pcal_params);
573	info_ptr->pcal_params = NULL;
574	}
575	info_ptr->valid &= ~PNG_INFO_pCAL;
576	}
577	#endif
578
579	#ifdef PNG_iCCP_SUPPORTED
580	/ Free any profile entry /
581	if (((mask & PNG_FREE_ICCP) & info_ptr->free_me) != `0`)
582	{
583	png_free(png_ptr, info_ptr->iccp_name);
584	png_free(png_ptr, info_ptr->iccp_profile);
585	info_ptr->iccp_name = NULL;
586	info_ptr->iccp_profile = NULL;
587	info_ptr->valid &= ~PNG_INFO_iCCP;
588	}
589	#endif
590
591	#ifdef PNG_sPLT_SUPPORTED
592	/ Free a given sPLT entry, or (if num == -1) all sPLT entries /
593	if (info_ptr->splt_palettes != NULL &&
594	((mask & PNG_FREE_SPLT) & info_ptr->free_me) != `0`)
595	{
596	if (num != -`1`)
597	{
598	png_free(png_ptr, info_ptr->splt_palettes[num].name);
599	png_free(png_ptr, info_ptr->splt_palettes[num].entries);
600	info_ptr->splt_palettes[num].name = NULL;
601	info_ptr->splt_palettes[num].entries = NULL;
602	}
603
604	else
605	{
606	int i;
607
608	for (i = `0`; i < info_ptr->splt_palettes_num; i++)
609	{
610	png_free(png_ptr, info_ptr->splt_palettes[i].name);
611	png_free(png_ptr, info_ptr->splt_palettes[i].entries);
612	}
613
614	png_free(png_ptr, info_ptr->splt_palettes);
615	info_ptr->splt_palettes = NULL;
616	info_ptr->splt_palettes_num = `0`;
617	info_ptr->valid &= ~PNG_INFO_sPLT;
618	}
619	}
620	#endif
621
622	#ifdef PNG_STORE_UNKNOWN_CHUNKS_SUPPORTED
623	if (info_ptr->unknown_chunks != NULL &&
624	((mask & PNG_FREE_UNKN) & info_ptr->free_me) != `0`)
625	{
626	if (num != -`1`)
627	{
628	png_free(png_ptr, info_ptr->unknown_chunks[num].data);
629	info_ptr->unknown_chunks[num].data = NULL;
630	}
631
632	else
633	{
634	int i;
635
636	for (i = `0`; i < info_ptr->unknown_chunks_num; i++)
637	png_free(png_ptr, info_ptr->unknown_chunks[i].data);
638
639	png_free(png_ptr, info_ptr->unknown_chunks);
640	info_ptr->unknown_chunks = NULL;
641	info_ptr->unknown_chunks_num = `0`;
642	}
643	}
644	#endif
645
646	#ifdef PNG_eXIf_SUPPORTED
647	/ Free any eXIf entry /
648	if (((mask & PNG_FREE_EXIF) & info_ptr->free_me) != `0`)
649	{
650	# ifdef PNG_READ_eXIf_SUPPORTED
651	if (info_ptr->eXIf_buf)
652	{
653	png_free(png_ptr, info_ptr->eXIf_buf);
654	info_ptr->eXIf_buf = NULL;
655	}
656	# endif
657	if (info_ptr->exif)
658	{
659	png_free(png_ptr, info_ptr->exif);
660	info_ptr->exif = NULL;
661	}
662	info_ptr->valid &= ~PNG_INFO_eXIf;
663	}
664	#endif
665
666	#ifdef PNG_hIST_SUPPORTED
667	/ Free any hIST entry /
668	if (((mask & PNG_FREE_HIST) & info_ptr->free_me) != `0`)
669	{
670	png_free(png_ptr, info_ptr->hist);
671	info_ptr->hist = NULL;
672	info_ptr->valid &= ~PNG_INFO_hIST;
673	}
674	#endif
675
676	/ Free any PLTE entry that was internally allocated /
677	if (((mask & PNG_FREE_PLTE) & info_ptr->free_me) != `0`)
678	{
679	png_free(png_ptr, info_ptr->palette);
680	info_ptr->palette = NULL;
681	info_ptr->valid &= ~PNG_INFO_PLTE;
682	info_ptr->num_palette = `0`;
683	}
684
685	#ifdef PNG_INFO_IMAGE_SUPPORTED
686	/ Free any image bits attached to the info structure /
687	if (((mask & PNG_FREE_ROWS) & info_ptr->free_me) != `0`)
688	{
689	if (info_ptr->row_pointers != NULL)
690	{
691	png_uint_32 row;
692	for (row = `0`; row < info_ptr->height; row++)
693	png_free(png_ptr, info_ptr->row_pointers[row]);
694
695	png_free(png_ptr, info_ptr->row_pointers);
696	info_ptr->row_pointers = NULL;
697	}
698	info_ptr->valid &= ~PNG_INFO_IDAT;
699	}
700	#endif
701
702	if (num != -`1`)
703	mask &= ~PNG_FREE_MUL;
704
705	info_ptr->free_me &= ~mask;
706	}
707	#endif /* READ \|\| WRITE */
708
709	/ This function returns a pointer to the io_ptr associated with the user*
710	* functions. The application should free any memory associated with this
711	* pointer before png_write_destroy() or png_read_destroy() are called.
712	*/
713	png_voidp PNGAPI
714	png_get_io_ptr(png_const_structrp png_ptr)
715	{
716	if (png_ptr == NULL)
717	return (NULL);
718
719	return (png_ptr->io_ptr);
720	}
721
722	#if defined(PNG_READ_SUPPORTED) \|\| defined(PNG_WRITE_SUPPORTED)
723	# ifdef PNG_STDIO_SUPPORTED
724	/ Initialize the default input/output functions for the PNG file. If you*
725	* use your own read or write routines, you can call either png_set_read_fn()
726	* or png_set_write_fn() instead of png_init_io(). If you have defined
727	* PNG_NO_STDIO or otherwise disabled PNG_STDIO_SUPPORTED, you must use a
728	* function of your own because "FILE *" isn't necessarily available.
729	*/
730	void PNGAPI
731	png_init_io(png_structrp png_ptr, png_FILE_p fp)
732	{
733	png_debug(`1`, "in png_init_io");
734
735	if (png_ptr == NULL)
736	return;
737
738	png_ptr->io_ptr = (png_voidp)fp;
739	}
740	# endif
741
742	# ifdef PNG_SAVE_INT_32_SUPPORTED
743	/ PNG signed integers are saved in 32-bit 2's complement format. ANSI C-90*
744	* defines a cast of a signed integer to an unsigned integer either to preserve
745	* the value, if it is positive, or to calculate:
746	*
747	* (UNSIGNED_MAX+1) + integer
748	*
749	* Where UNSIGNED_MAX is the appropriate maximum unsigned value, so when the
750	* negative integral value is added the result will be an unsigned value
751	* correspnding to the 2's complement representation.
752	*/
753	void PNGAPI
754	png_save_int_32(png_bytep buf, png_int_32 i)
755	{
756	png_save_uint_32(buf, (png_uint_32)i);
757	}
758	# endif
759
760	# ifdef PNG_TIME_RFC1123_SUPPORTED
761	/ Convert the supplied time into an RFC 1123 string suitable for use in*
762	* a "Creation Time" or other text-based time string.
763	*/
764	int PNGAPI
765	png_convert_to_rfc1123_buffer(char out[`29`], png_const_timep ptime)
766	{
767	static PNG_CONST char short_months[`12`][`4`] =
768	{"Jan", "Feb", "Mar", "Apr", "May", "Jun",
769	"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
770
771	if (out == NULL)
772	return `0`;
773
774	if (ptime->year > `9999` / RFC1123 limitation / \|\|
775	ptime->month == `0` \|\| ptime->month > `12` \|\|
776	ptime->day == `0` \|\| ptime->day > `31` \|\|
777	ptime->hour > `23` \|\| ptime->minute > `59` \|\|
778	ptime->second > `60`)
779	return `0`;
780
781	{
782	size_t pos = `0`;
783	char number_buf[`5`]; / enough for a four-digit year /
784
785	# define APPEND_STRING(string) pos = png_safecat(out, 29, pos, (string))
786	# define APPEND_NUMBER(format, value)\
787	APPEND_STRING(PNG_FORMAT_NUMBER(number_buf, format, (value)))
788	# define APPEND(ch) if (pos < 28) out[pos++] = (ch)
789
790	APPEND_NUMBER(PNG_NUMBER_FORMAT_u, (unsigned)ptime->day);
791	APPEND(`' '`);
792	APPEND_STRING(short_months[(ptime->month - `1`)]);
793	APPEND(`' '`);
794	APPEND_NUMBER(PNG_NUMBER_FORMAT_u, ptime->year);
795	APPEND(`' '`);
796	APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->hour);
797	APPEND(`':'`);
798	APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->minute);
799	APPEND(`':'`);
800	APPEND_NUMBER(PNG_NUMBER_FORMAT_02u, (unsigned)ptime->second);
801	APPEND_STRING(" +0000"); / This reliably terminates the buffer /
802	PNG_UNUSED (pos)
803
804	# undef APPEND
805	# undef APPEND_NUMBER
806	# undef APPEND_STRING
807	}
808
809	return `1`;
810	}
811
812	# if PNG_LIBPNG_VER < 10700
813	/ To do: remove the following from libpng-1.7 /
814	/ Original API that uses a private buffer in png_struct.*
815	* Deprecated because it causes png_struct to carry a spurious temporary
816	* buffer (png_struct::time_buffer), better to have the caller pass this in.
817	*/
818	png_const_charp PNGAPI
819	png_convert_to_rfc1123(png_structrp png_ptr, png_const_timep ptime)
820	{
821	if (png_ptr != NULL)
822	{
823	/ The only failure above if png_ptr != NULL is from an invalid ptime /
824	if (png_convert_to_rfc1123_buffer(png_ptr->time_buffer, ptime) == `0`)
825	png_warning(png_ptr, "Ignoring invalid time value");
826
827	else
828	return png_ptr->time_buffer;
829	}
830
831	return NULL;
832	}
833	# endif /* LIBPNG_VER < 10700 */
834	# endif /* TIME_RFC1123 */
835
836	#endif /* READ \|\| WRITE */
837
838	png_const_charp PNGAPI
839	png_get_copyright(png_const_structrp png_ptr)
840	{
841	PNG_UNUSED(png_ptr) / Silence compiler warning about unused png_ptr /
842	#ifdef PNG_STRING_COPYRIGHT
843	return PNG_STRING_COPYRIGHT
844	#else
845	# ifdef __STDC__
846	return PNG_STRING_NEWLINE \
847	"libpng version 1.6.35 - July 15, 2018" PNG_STRING_NEWLINE \
848	"Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \
849	PNG_STRING_NEWLINE \
850	"Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \
851	"Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \
852	PNG_STRING_NEWLINE;
853	# else
854	return "libpng version 1.6.35 - July 15, 2018\
855	Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson\
856	Copyright (c) 1996-1997 Andreas Dilger\
857	Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.";
858	# endif
859	#endif
860	}
861
862	/ The following return the library version as a short string in the*
863	* format 1.0.0 through 99.99.99zz. To get the version of *.h files
864	* used with your application, print out PNG_LIBPNG_VER_STRING, which
865	* is defined in png.h.
866	* Note: now there is no difference between png_get_libpng_ver() and
867	* png_get_header_ver(). Due to the version_nn_nn_nn typedef guard,
868	* it is guaranteed that png.c uses the correct version of png.h.
869	*/
870	png_const_charp PNGAPI
871	png_get_libpng_ver(png_const_structrp png_ptr)
872	{
873	/ Version of .c files used when building libpng /*
874	return png_get_header_ver(png_ptr);
875	}
876
877	png_const_charp PNGAPI
878	png_get_header_ver(png_const_structrp png_ptr)
879	{
880	/ Version of .h files used when building libpng /*
881	PNG_UNUSED(png_ptr) / Silence compiler warning about unused png_ptr /
882	return PNG_LIBPNG_VER_STRING;
883	}
884
885	png_const_charp PNGAPI
886	png_get_header_version(png_const_structrp png_ptr)
887	{
888	/ Returns longer string containing both version and date /
889	PNG_UNUSED(png_ptr) / Silence compiler warning about unused png_ptr /
890	#ifdef __STDC__
891	return PNG_HEADER_VERSION_STRING
892	# ifndef PNG_READ_SUPPORTED
893	" (NO READ SUPPORT)"
894	# endif
895	PNG_STRING_NEWLINE;
896	#else
897	return PNG_HEADER_VERSION_STRING;
898	#endif
899	}
900
901	#ifdef PNG_BUILD_GRAYSCALE_PALETTE_SUPPORTED
902	/ NOTE: this routine is not used internally! /
903	/ Build a grayscale palette. Palette is assumed to be 1 << bit_depth*
904	* large of png_color. This lets grayscale images be treated as
905	* paletted. Most useful for gamma correction and simplification
906	* of code. This API is not used internally.
907	*/
908	void PNGAPI
909	png_build_grayscale_palette(int bit_depth, png_colorp palette)
910	{
911	int num_palette;
912	int color_inc;
913	int i;
914	int v;
915
916	png_debug(`1`, "in png_do_build_grayscale_palette");
917
918	if (palette == NULL)
919	return;
920
921	switch (bit_depth)
922	{
923	case `1`:
924	num_palette = `2`;
925	color_inc = `0xff`;
926	break;
927
928	case `2`:
929	num_palette = `4`;
930	color_inc = `0x55`;
931	break;
932
933	case `4`:
934	num_palette = `16`;
935	color_inc = `0x11`;
936	break;
937
938	case `8`:
939	num_palette = `256`;
940	color_inc = `1`;
941	break;
942
943	default:
944	num_palette = `0`;
945	color_inc = `0`;
946	break;
947	}
948
949	for (i = `0`, v = `0`; i < num_palette; i++, v += color_inc)
950	{
951	palette[i].red = (png_byte)(v & `0xff`);
952	palette[i].green = (png_byte)(v & `0xff`);
953	palette[i].blue = (png_byte)(v & `0xff`);
954	}
955	}
956	#endif
957
958	#ifdef PNG_SET_UNKNOWN_CHUNKS_SUPPORTED
959	int PNGAPI
960	png_handle_as_unknown(png_const_structrp png_ptr, png_const_bytep chunk_name)
961	{
962	/ Check chunk_name and return "keep" value if it's on the list, else 0 /
963	png_const_bytep p, p_end;
964
965	if (png_ptr == NULL \|\| chunk_name == NULL \|\| png_ptr->num_chunk_list == `0`)
966	return PNG_HANDLE_CHUNK_AS_DEFAULT;
967
968	p_end = png_ptr->chunk_list;
969	p = p_end + png_ptr->num_chunk_list`5`; /* beyond end /
970
971	/ The code is the fifth byte after each four byte string. Historically this*
972	* code was always searched from the end of the list, this is no longer
973	* necessary because the 'set' routine handles duplicate entries correctly.
974	*/
975	do / num_chunk_list > 0, so at least one /
976	{
977	p -= `5`;
978
979	if (memcmp(chunk_name, p, `4`) == `0`)
980	return p[`4`];
981	}
982	while (p > p_end);
983
984	/ This means that known chunks should be processed and unknown chunks should*
985	* be handled according to the value of png_ptr->unknown_default; this can be
986	* confusing because, as a result, there are two levels of defaulting for
987	* unknown chunks.
988	*/
989	return PNG_HANDLE_CHUNK_AS_DEFAULT;
990	}
991
992	#if defined(PNG_READ_UNKNOWN_CHUNKS_SUPPORTED) \|\|\
993	defined(PNG_HANDLE_AS_UNKNOWN_SUPPORTED)
994	int / PRIVATE /
995	png_chunk_unknown_handling(png_const_structrp png_ptr, png_uint_32 chunk_name)
996	{
997	png_byte chunk_string[`5`];
998
999	PNG_CSTRING_FROM_CHUNK(chunk_string, chunk_name);
1000	return png_handle_as_unknown(png_ptr, chunk_string);
1001	}
1002	#endif /* READ_UNKNOWN_CHUNKS \|\| HANDLE_AS_UNKNOWN */
1003	#endif /* SET_UNKNOWN_CHUNKS */
1004
1005	#ifdef PNG_READ_SUPPORTED
1006	/ This function, added to libpng-1.0.6g, is untested. /
1007	int PNGAPI
1008	png_reset_zstream(png_structrp png_ptr)
1009	{
1010	if (png_ptr == NULL)
1011	return Z_STREAM_ERROR;
1012
1013	/ WARNING: this resets the window bits to the maximum! /
1014	return (inflateReset(&png_ptr->zstream));
1015	}
1016	#endif /* READ */
1017
1018	/ This function was added to libpng-1.0.7 /
1019	png_uint_32 PNGAPI
1020	png_access_version_number(void)
1021	{
1022	/ Version of .c files used when building libpng /*
1023	return((png_uint_32)PNG_LIBPNG_VER);
1024	}
1025
1026	#if defined(PNG_READ_SUPPORTED) \|\| defined(PNG_WRITE_SUPPORTED)
1027	/ Ensure that png_ptr->zstream.msg holds some appropriate error message string.*
1028	* If it doesn't 'ret' is used to set it to something appropriate, even in cases
1029	* like Z_OK or Z_STREAM_END where the error code is apparently a success code.
1030	*/
1031	void / PRIVATE /
1032	png_zstream_error(png_structrp png_ptr, int ret)
1033	{
1034	/ Translate 'ret' into an appropriate error string, priority is given to the*
1035	* one in zstream if set. This always returns a string, even in cases like
1036	* Z_OK or Z_STREAM_END where the error code is a success code.
1037	*/
1038	if (png_ptr->zstream.msg == NULL) switch (ret)
1039	{
1040	default:
1041	case Z_OK:
1042	png_ptr->zstream.msg = PNGZ_MSG_CAST("unexpected zlib return code");
1043	break;
1044
1045	case Z_STREAM_END:
1046	/ Normal exit /
1047	png_ptr->zstream.msg = PNGZ_MSG_CAST("unexpected end of LZ stream");
1048	break;
1049
1050	case Z_NEED_DICT:
1051	/ This means the deflate stream did not have a dictionary; this*
1052	* indicates a bogus PNG.
1053	*/
1054	png_ptr->zstream.msg = PNGZ_MSG_CAST("missing LZ dictionary");
1055	break;
1056
1057	case Z_ERRNO:
1058	/ gz APIs only: should not happen /
1059	png_ptr->zstream.msg = PNGZ_MSG_CAST("zlib IO error");
1060	break;
1061
1062	case Z_STREAM_ERROR:
1063	/ internal libpng error /
1064	png_ptr->zstream.msg = PNGZ_MSG_CAST("bad parameters to zlib");
1065	break;
1066
1067	case Z_DATA_ERROR:
1068	png_ptr->zstream.msg = PNGZ_MSG_CAST("damaged LZ stream");
1069	break;
1070
1071	case Z_MEM_ERROR:
1072	png_ptr->zstream.msg = PNGZ_MSG_CAST("insufficient memory");
1073	break;
1074
1075	case Z_BUF_ERROR:
1076	/ End of input or output; not a problem if the caller is doing*
1077	* incremental read or write.
1078	*/
1079	png_ptr->zstream.msg = PNGZ_MSG_CAST("truncated");
1080	break;
1081
1082	case Z_VERSION_ERROR:
1083	png_ptr->zstream.msg = PNGZ_MSG_CAST("unsupported zlib version");
1084	break;
1085
1086	case PNG_UNEXPECTED_ZLIB_RETURN:
1087	/ Compile errors here mean that zlib now uses the value co-opted in*
1088	* pngpriv.h for PNG_UNEXPECTED_ZLIB_RETURN; update the switch above
1089	* and change pngpriv.h. Note that this message is "... return",
1090	* whereas the default/Z_OK one is "... return code".
1091	*/
1092	png_ptr->zstream.msg = PNGZ_MSG_CAST("unexpected zlib return");
1093	break;
1094	}
1095	}
1096
1097	/ png_convert_size: a PNGAPI but no longer in png.h, so deleted*
1098	* at libpng 1.5.5!
1099	*/
1100
1101	/ Added at libpng version 1.2.34 and 1.4.0 (moved from pngset.c) /
1102	#ifdef PNG_GAMMA_SUPPORTED /* always set if COLORSPACE */
1103	static int
1104	png_colorspace_check_gamma(png_const_structrp png_ptr,
1105	png_colorspacerp colorspace, png_fixed_point gAMA, int from)
1106	/ This is called to check a new gamma value against an existing one. The*
1107	* routine returns false if the new gamma value should not be written.
1108	*
1109	* 'from' says where the new gamma value comes from:
1110	*
1111	* 0: the new gamma value is the libpng estimate for an ICC profile
1112	* 1: the new gamma value comes from a gAMA chunk
1113	* 2: the new gamma value comes from an sRGB chunk
1114	*/
1115	{
1116	png_fixed_point gtest;
1117
1118	if ((colorspace->flags & PNG_COLORSPACE_HAVE_GAMMA) != `0` &&
1119	(png_muldiv(&gtest, colorspace->gamma, PNG_FP_1, gAMA) == `0` \|\|
1120	png_gamma_significant(gtest) != `0`))
1121	{
1122	/ Either this is an sRGB image, in which case the calculated gamma*
1123	* approximation should match, or this is an image with a profile and the
1124	* value libpng calculates for the gamma of the profile does not match the
1125	* value recorded in the file. The former, sRGB, case is an error, the
1126	* latter is just a warning.
1127	*/
1128	if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != `0` \|\| from == `2`)
1129	{
1130	png_chunk_report(png_ptr, "gamma value does not match sRGB",
1131	PNG_CHUNK_ERROR);
1132	/ Do not overwrite an sRGB value /
1133	return from == `2`;
1134	}
1135
1136	else / sRGB tag not involved /
1137	{
1138	png_chunk_report(png_ptr, "gamma value does not match libpng estimate",
1139	PNG_CHUNK_WARNING);
1140	return from == `1`;
1141	}
1142	}
1143
1144	return `1`;
1145	}
1146
1147	void / PRIVATE /
1148	png_colorspace_set_gamma(png_const_structrp png_ptr,
1149	png_colorspacerp colorspace, png_fixed_point gAMA)
1150	{
1151	/ Changed in libpng-1.5.4 to limit the values to ensure overflow can't*
1152	* occur. Since the fixed point representation is asymetrical it is
1153	* possible for 1/gamma to overflow the limit of 21474 and this means the
1154	* gamma value must be at least 5/100000 and hence at most 20000.0. For
1155	* safety the limits here are a little narrower. The values are 0.00016 to
1156	* 6250.0, which are truly ridiculous gamma values (and will produce
1157	* displays that are all black or all white.)
1158	*
1159	* In 1.6.0 this test replaces the ones in pngrutil.c, in the gAMA chunk
1160	* handling code, which only required the value to be >0.
1161	*/
1162	png_const_charp errmsg;
1163
1164	if (gAMA < `16` \|\| gAMA > `625000000`)
1165	errmsg = "gamma value out of range";
1166
1167	# ifdef PNG_READ_gAMA_SUPPORTED
1168	/ Allow the application to set the gamma value more than once /
1169	else if ((png_ptr->mode & PNG_IS_READ_STRUCT) != `0` &&
1170	(colorspace->flags & PNG_COLORSPACE_FROM_gAMA) != `0`)
1171	errmsg = "duplicate";
1172	# endif
1173
1174	/ Do nothing if the colorspace is already invalid /
1175	else if ((colorspace->flags & PNG_COLORSPACE_INVALID) != `0`)
1176	return;
1177
1178	else
1179	{
1180	if (png_colorspace_check_gamma(png_ptr, colorspace, gAMA,
1181	`1`/from gAMA/) != `0`)
1182	{
1183	/ Store this gamma value. /
1184	colorspace->gamma = gAMA;
1185	colorspace->flags \|=
1186	(PNG_COLORSPACE_HAVE_GAMMA \| PNG_COLORSPACE_FROM_gAMA);
1187	}
1188
1189	/ At present if the check_gamma test fails the gamma of the colorspace is*
1190	* not updated however the colorspace is not invalidated. This
1191	* corresponds to the case where the existing gamma comes from an sRGB
1192	* chunk or profile. An error message has already been output.
1193	*/
1194	return;
1195	}
1196
1197	/ Error exit - errmsg has been set. /
1198	colorspace->flags \|= PNG_COLORSPACE_INVALID;
1199	png_chunk_report(png_ptr, errmsg, PNG_CHUNK_WRITE_ERROR);
1200	}
1201
1202	void / PRIVATE /
1203	png_colorspace_sync_info(png_const_structrp png_ptr, png_inforp info_ptr)
1204	{
1205	if ((info_ptr->colorspace.flags & PNG_COLORSPACE_INVALID) != `0`)
1206	{
1207	/ Everything is invalid /
1208	info_ptr->valid &= ~(PNG_INFO_gAMA\|PNG_INFO_cHRM\|PNG_INFO_sRGB\|
1209	PNG_INFO_iCCP);
1210
1211	# ifdef PNG_COLORSPACE_SUPPORTED
1212	/ Clean up the iCCP profile now if it won't be used. /
1213	png_free_data(png_ptr, info_ptr, PNG_FREE_ICCP, -`1`/not used/);
1214	# else
1215	PNG_UNUSED(png_ptr)
1216	# endif
1217	}
1218
1219	else
1220	{
1221	# ifdef PNG_COLORSPACE_SUPPORTED
1222	/ Leave the INFO_iCCP flag set if the pngset.c code has already set*
1223	* it; this allows a PNG to contain a profile which matches sRGB and
1224	* yet still have that profile retrievable by the application.
1225	*/
1226	if ((info_ptr->colorspace.flags & PNG_COLORSPACE_MATCHES_sRGB) != `0`)
1227	info_ptr->valid \|= PNG_INFO_sRGB;
1228
1229	else
1230	info_ptr->valid &= ~PNG_INFO_sRGB;
1231
1232	if ((info_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != `0`)
1233	info_ptr->valid \|= PNG_INFO_cHRM;
1234
1235	else
1236	info_ptr->valid &= ~PNG_INFO_cHRM;
1237	# endif
1238
1239	if ((info_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_GAMMA) != `0`)
1240	info_ptr->valid \|= PNG_INFO_gAMA;
1241
1242	else
1243	info_ptr->valid &= ~PNG_INFO_gAMA;
1244	}
1245	}
1246
1247	#ifdef PNG_READ_SUPPORTED
1248	void / PRIVATE /
1249	png_colorspace_sync(png_const_structrp png_ptr, png_inforp info_ptr)
1250	{
1251	if (info_ptr == NULL) / reduce code size; check here not in the caller /
1252	return;
1253
1254	info_ptr->colorspace = png_ptr->colorspace;
1255	png_colorspace_sync_info(png_ptr, info_ptr);
1256	}
1257	#endif
1258	#endif /* GAMMA */
1259
1260	#ifdef PNG_COLORSPACE_SUPPORTED
1261	/ Added at libpng-1.5.5 to support read and write of true CIEXYZ values for*
1262	* cHRM, as opposed to using chromaticities. These internal APIs return
1263	* non-zero on a parameter error. The X, Y and Z values are required to be
1264	* positive and less than 1.0.
1265	*/
1266	static int
1267	png_xy_from_XYZ(png_xy xy, const* png_XYZ *XYZ)
1268	{
1269	png_int_32 d, dwhite, whiteX, whiteY;
1270
1271	d = XYZ->red_X + XYZ->red_Y + XYZ->red_Z;
1272	if (png_muldiv(&xy->redx, XYZ->red_X, PNG_FP_1, d) == `0`)
1273	return `1`;
1274	if (png_muldiv(&xy->redy, XYZ->red_Y, PNG_FP_1, d) == `0`)
1275	return `1`;
1276	dwhite = d;
1277	whiteX = XYZ->red_X;
1278	whiteY = XYZ->red_Y;
1279
1280	d = XYZ->green_X + XYZ->green_Y + XYZ->green_Z;
1281	if (png_muldiv(&xy->greenx, XYZ->green_X, PNG_FP_1, d) == `0`)
1282	return `1`;
1283	if (png_muldiv(&xy->greeny, XYZ->green_Y, PNG_FP_1, d) == `0`)
1284	return `1`;
1285	dwhite += d;
1286	whiteX += XYZ->green_X;
1287	whiteY += XYZ->green_Y;
1288
1289	d = XYZ->blue_X + XYZ->blue_Y + XYZ->blue_Z;
1290	if (png_muldiv(&xy->bluex, XYZ->blue_X, PNG_FP_1, d) == `0`)
1291	return `1`;
1292	if (png_muldiv(&xy->bluey, XYZ->blue_Y, PNG_FP_1, d) == `0`)
1293	return `1`;
1294	dwhite += d;
1295	whiteX += XYZ->blue_X;
1296	whiteY += XYZ->blue_Y;
1297
1298	/ The reference white is simply the sum of the end-point (X,Y,Z) vectors,*
1299	* thus:
1300	*/
1301	if (png_muldiv(&xy->whitex, whiteX, PNG_FP_1, dwhite) == `0`)
1302	return `1`;
1303	if (png_muldiv(&xy->whitey, whiteY, PNG_FP_1, dwhite) == `0`)
1304	return `1`;
1305
1306	return `0`;
1307	}
1308
1309	static int
1310	png_XYZ_from_xy(png_XYZ XYZ, const* png_xy *xy)
1311	{
1312	png_fixed_point red_inverse, green_inverse, blue_scale;
1313	png_fixed_point left, right, denominator;
1314
1315	/ Check xy and, implicitly, z. Note that wide gamut color spaces typically*
1316	* have end points with 0 tristimulus values (these are impossible end
1317	* points, but they are used to cover the possible colors). We check
1318	* xy->whitey against 5, not 0, to avoid a possible integer overflow.
1319	*/
1320	if (xy->redx < `0` \|\| xy->redx > PNG_FP_1) return `1`;
1321	if (xy->redy < `0` \|\| xy->redy > PNG_FP_1-xy->redx) return `1`;
1322	if (xy->greenx < `0` \|\| xy->greenx > PNG_FP_1) return `1`;
1323	if (xy->greeny < `0` \|\| xy->greeny > PNG_FP_1-xy->greenx) return `1`;
1324	if (xy->bluex < `0` \|\| xy->bluex > PNG_FP_1) return `1`;
1325	if (xy->bluey < `0` \|\| xy->bluey > PNG_FP_1-xy->bluex) return `1`;
1326	if (xy->whitex < `0` \|\| xy->whitex > PNG_FP_1) return `1`;
1327	if (xy->whitey < `5` \|\| xy->whitey > PNG_FP_1-xy->whitex) return `1`;
1328
1329	/ The reverse calculation is more difficult because the original tristimulus*
1330	* value had 9 independent values (red,green,blue)x(X,Y,Z) however only 8
1331	* derived values were recorded in the cHRM chunk;
1332	* (red,green,blue,white)x(x,y). This loses one degree of freedom and
1333	* therefore an arbitrary ninth value has to be introduced to undo the
1334	* original transformations.
1335	*
1336	* Think of the original end-points as points in (X,Y,Z) space. The
1337	* chromaticity values (c) have the property:
1338	*
1339	* C
1340	* c = ---------
1341	* X + Y + Z
1342	*
1343	* For each c (x,y,z) from the corresponding original C (X,Y,Z). Thus the
1344	* three chromaticity values (x,y,z) for each end-point obey the
1345	* relationship:
1346	*
1347	* x + y + z = 1
1348	*
1349	* This describes the plane in (X,Y,Z) space that intersects each axis at the
1350	* value 1.0; call this the chromaticity plane. Thus the chromaticity
1351	* calculation has scaled each end-point so that it is on the x+y+z=1 plane
1352	* and chromaticity is the intersection of the vector from the origin to the
1353	* (X,Y,Z) value with the chromaticity plane.
1354	*
1355	* To fully invert the chromaticity calculation we would need the three
1356	* end-point scale factors, (red-scale, green-scale, blue-scale), but these
1357	* were not recorded. Instead we calculated the reference white (X,Y,Z) and
1358	* recorded the chromaticity of this. The reference white (X,Y,Z) would have
1359	* given all three of the scale factors since:
1360	*
1361	* color-C = color-c * color-scale
1362	* white-C = red-C + green-C + blue-C
1363	* = red-cred-scale + green-cgreen-scale + blue-c*blue-scale
1364	*
1365	* But cHRM records only white-x and white-y, so we have lost the white scale
1366	* factor:
1367	*
1368	* white-C = white-c*white-scale
1369	*
1370	* To handle this the inverse transformation makes an arbitrary assumption
1371	* about white-scale:
1372	*
1373	* Assume: white-Y = 1.0
1374	* Hence: white-scale = 1/white-y
1375	* Or: red-Y + green-Y + blue-Y = 1.0
1376	*
1377	* Notice the last statement of the assumption gives an equation in three of
1378	* the nine values we want to calculate. 8 more equations come from the
1379	* above routine as summarised at the top above (the chromaticity
1380	* calculation):
1381	*
1382	* Given: color-x = color-X / (color-X + color-Y + color-Z)
1383	* Hence: (color-x - 1)color-X + color.xcolor-Y + color.x*color-Z = 0
1384	*
1385	* This is 9 simultaneous equations in the 9 variables "color-C" and can be
1386	* solved by Cramer's rule. Cramer's rule requires calculating 10 9x9 matrix
1387	* determinants, however this is not as bad as it seems because only 28 of
1388	* the total of 90 terms in the various matrices are non-zero. Nevertheless
1389	* Cramer's rule is notoriously numerically unstable because the determinant
1390	* calculation involves the difference of large, but similar, numbers. It is
1391	* difficult to be sure that the calculation is stable for real world values
1392	* and it is certain that it becomes unstable where the end points are close
1393	* together.
1394	*
1395	* So this code uses the perhaps slightly less optimal but more
1396	* understandable and totally obvious approach of calculating color-scale.
1397	*
1398	* This algorithm depends on the precision in white-scale and that is
1399	* (1/white-y), so we can immediately see that as white-y approaches 0 the
1400	* accuracy inherent in the cHRM chunk drops off substantially.
1401	*
1402	* libpng arithmetic: a simple inversion of the above equations
1403	* ------------------------------------------------------------
1404	*
1405	* white_scale = 1/white-y
1406	* white-X = white-x * white-scale
1407	* white-Y = 1.0
1408	* white-Z = (1 - white-x - white-y) * white_scale
1409	*
1410	* white-C = red-C + green-C + blue-C
1411	* = red-cred-scale + green-cgreen-scale + blue-c*blue-scale
1412	*
1413	* This gives us three equations in (red-scale,green-scale,blue-scale) where
1414	* all the coefficients are now known:
1415	*
1416	* red-xred-scale + green-xgreen-scale + blue-x*blue-scale
1417	* = white-x/white-y
1418	* red-yred-scale + green-ygreen-scale + blue-y*blue-scale = 1
1419	* red-zred-scale + green-zgreen-scale + blue-z*blue-scale
1420	* = (1 - white-x - white-y)/white-y
1421	*
1422	* In the last equation color-z is (1 - color-x - color-y) so we can add all
1423	* three equations together to get an alternative third:
1424	*
1425	* red-scale + green-scale + blue-scale = 1/white-y = white-scale
1426	*
1427	* So now we have a Cramer's rule solution where the determinants are just
1428	* 3x3 - far more tractible. Unfortunately 3x3 determinants still involve
1429	* multiplication of three coefficients so we can't guarantee to avoid
1430	* overflow in the libpng fixed point representation. Using Cramer's rule in
1431	* floating point is probably a good choice here, but it's not an option for
1432	* fixed point. Instead proceed to simplify the first two equations by
1433	* eliminating what is likely to be the largest value, blue-scale:
1434	*
1435	* blue-scale = white-scale - red-scale - green-scale
1436	*
1437	* Hence:
1438	*
1439	* (red-x - blue-x)red-scale + (green-x - blue-x)green-scale =
1440	* (white-x - blue-x)*white-scale
1441	*
1442	* (red-y - blue-y)red-scale + (green-y - blue-y)green-scale =
1443	* 1 - blue-y*white-scale
1444	*
1445	* And now we can trivially solve for (red-scale,green-scale):
1446	*
1447	* green-scale =
1448	* (white-x - blue-x)white-scale - (red-x - blue-x)red-scale
1449	* -----------------------------------------------------------
1450	* green-x - blue-x
1451	*
1452	* red-scale =
1453	* 1 - blue-ywhite-scale - (green-y - blue-y) green-scale
1454	* ---------------------------------------------------------
1455	* red-y - blue-y
1456	*
1457	* Hence:
1458	*
1459	* red-scale =
1460	* ( (green-x - blue-x) * (white-y - blue-y) -
1461	* (green-y - blue-y) * (white-x - blue-x) ) / white-y
1462	* -------------------------------------------------------------------------
1463	* (green-x - blue-x)(red-y - blue-y)-(green-y - blue-y)(red-x - blue-x)
1464	*
1465	* green-scale =
1466	* ( (red-y - blue-y) * (white-x - blue-x) -
1467	* (red-x - blue-x) * (white-y - blue-y) ) / white-y
1468	* -------------------------------------------------------------------------
1469	* (green-x - blue-x)(red-y - blue-y)-(green-y - blue-y)(red-x - blue-x)
1470	*
1471	* Accuracy:
1472	* The input values have 5 decimal digits of accuracy. The values are all in
1473	* the range 0 < value < 1, so simple products are in the same range but may
1474	* need up to 10 decimal digits to preserve the original precision and avoid
1475	* underflow. Because we are using a 32-bit signed representation we cannot
1476	* match this; the best is a little over 9 decimal digits, less than 10.
1477	*
1478	* The approach used here is to preserve the maximum precision within the
1479	* signed representation. Because the red-scale calculation above uses the
1480	* difference between two products of values that must be in the range -1..+1
1481	* it is sufficient to divide the product by 7; ceil(100,000/32767*2). The
1482	* factor is irrelevant in the calculation because it is applied to both
1483	* numerator and denominator.
1484	*
1485	* Note that the values of the differences of the products of the
1486	* chromaticities in the above equations tend to be small, for example for
1487	* the sRGB chromaticities they are:
1488	*
1489	* red numerator: -0.04751
1490	* green numerator: -0.08788
1491	* denominator: -0.2241 (without white-y multiplication)
1492	*
1493	* The resultant Y coefficients from the chromaticities of some widely used
1494	* color space definitions are (to 15 decimal places):
1495	*
1496	* sRGB
1497	* 0.212639005871510 0.715168678767756 0.072192315360734
1498	* Kodak ProPhoto
1499	* 0.288071128229293 0.711843217810102 0.000085653960605
1500	* Adobe RGB
1501	* 0.297344975250536 0.627363566255466 0.075291458493998
1502	* Adobe Wide Gamut RGB
1503	* 0.258728243040113 0.724682314948566 0.016589442011321
1504	*/
1505	/ By the argument, above overflow should be impossible here. The return*
1506	* value of 2 indicates an internal error to the caller.
1507	*/
1508	if (png_muldiv(&left, xy->greenx-xy->bluex, xy->redy - xy->bluey, `7`) == `0`)
1509	return `2`;
1510	if (png_muldiv(&right, xy->greeny-xy->bluey, xy->redx - xy->bluex, `7`) == `0`)
1511	return `2`;
1512	denominator = left - right;
1513
1514	/ Now find the red numerator. /
1515	if (png_muldiv(&left, xy->greenx-xy->bluex, xy->whitey-xy->bluey, `7`) == `0`)
1516	return `2`;
1517	if (png_muldiv(&right, xy->greeny-xy->bluey, xy->whitex-xy->bluex, `7`) == `0`)
1518	return `2`;
1519
1520	/ Overflow is possible here and it indicates an extreme set of PNG cHRM*
1521	* chunk values. This calculation actually returns the reciprocal of the
1522	* scale value because this allows us to delay the multiplication of white-y
1523	* into the denominator, which tends to produce a small number.
1524	*/
1525	if (png_muldiv(&red_inverse, xy->whitey, denominator, left-right) == `0` \|\|
1526	red_inverse <= xy->whitey / r+g+b scales = white scale /)
1527	return `1`;
1528
1529	/ Similarly for green_inverse: /
1530	if (png_muldiv(&left, xy->redy-xy->bluey, xy->whitex-xy->bluex, `7`) == `0`)
1531	return `2`;
1532	if (png_muldiv(&right, xy->redx-xy->bluex, xy->whitey-xy->bluey, `7`) == `0`)
1533	return `2`;
1534	if (png_muldiv(&green_inverse, xy->whitey, denominator, left-right) == `0` \|\|
1535	green_inverse <= xy->whitey)
1536	return `1`;
1537
1538	/ And the blue scale, the checks above guarantee this can't overflow but it*
1539	* can still produce 0 for extreme cHRM values.
1540	*/
1541	blue_scale = png_reciprocal(xy->whitey) - png_reciprocal(red_inverse) -
1542	png_reciprocal(green_inverse);
1543	if (blue_scale <= `0`)
1544	return `1`;
1545
1546
1547	/ And fill in the png_XYZ: /
1548	if (png_muldiv(&XYZ->red_X, xy->redx, PNG_FP_1, red_inverse) == `0`)
1549	return `1`;
1550	if (png_muldiv(&XYZ->red_Y, xy->redy, PNG_FP_1, red_inverse) == `0`)
1551	return `1`;
1552	if (png_muldiv(&XYZ->red_Z, PNG_FP_1 - xy->redx - xy->redy, PNG_FP_1,
1553	red_inverse) == `0`)
1554	return `1`;
1555
1556	if (png_muldiv(&XYZ->green_X, xy->greenx, PNG_FP_1, green_inverse) == `0`)
1557	return `1`;
1558	if (png_muldiv(&XYZ->green_Y, xy->greeny, PNG_FP_1, green_inverse) == `0`)
1559	return `1`;
1560	if (png_muldiv(&XYZ->green_Z, PNG_FP_1 - xy->greenx - xy->greeny, PNG_FP_1,
1561	green_inverse) == `0`)
1562	return `1`;
1563
1564	if (png_muldiv(&XYZ->blue_X, xy->bluex, blue_scale, PNG_FP_1) == `0`)
1565	return `1`;
1566	if (png_muldiv(&XYZ->blue_Y, xy->bluey, blue_scale, PNG_FP_1) == `0`)
1567	return `1`;
1568	if (png_muldiv(&XYZ->blue_Z, PNG_FP_1 - xy->bluex - xy->bluey, blue_scale,
1569	PNG_FP_1) == `0`)
1570	return `1`;
1571
1572	return `0`; /success/
1573	}
1574
1575	static int
1576	png_XYZ_normalize(png_XYZ *XYZ)
1577	{
1578	png_int_32 Y;
1579
1580	if (XYZ->red_Y < `0` \|\| XYZ->green_Y < `0` \|\| XYZ->blue_Y < `0` \|\|
1581	XYZ->red_X < `0` \|\| XYZ->green_X < `0` \|\| XYZ->blue_X < `0` \|\|
1582	XYZ->red_Z < `0` \|\| XYZ->green_Z < `0` \|\| XYZ->blue_Z < `0`)
1583	return `1`;
1584
1585	/ Normalize by scaling so the sum of the end-point Y values is PNG_FP_1.*
1586	* IMPLEMENTATION NOTE: ANSI requires signed overflow not to occur, therefore
1587	* relying on addition of two positive values producing a negative one is not
1588	* safe.
1589	*/
1590	Y = XYZ->red_Y;
1591	if (`0x7fffffff` - Y < XYZ->green_X)
1592	return `1`;
1593	Y += XYZ->green_Y;
1594	if (`0x7fffffff` - Y < XYZ->blue_X)
1595	return `1`;
1596	Y += XYZ->blue_Y;
1597
1598	if (Y != PNG_FP_1)
1599	{
1600	if (png_muldiv(&XYZ->red_X, XYZ->red_X, PNG_FP_1, Y) == `0`)
1601	return `1`;
1602	if (png_muldiv(&XYZ->red_Y, XYZ->red_Y, PNG_FP_1, Y) == `0`)
1603	return `1`;
1604	if (png_muldiv(&XYZ->red_Z, XYZ->red_Z, PNG_FP_1, Y) == `0`)
1605	return `1`;
1606
1607	if (png_muldiv(&XYZ->green_X, XYZ->green_X, PNG_FP_1, Y) == `0`)
1608	return `1`;
1609	if (png_muldiv(&XYZ->green_Y, XYZ->green_Y, PNG_FP_1, Y) == `0`)
1610	return `1`;
1611	if (png_muldiv(&XYZ->green_Z, XYZ->green_Z, PNG_FP_1, Y) == `0`)
1612	return `1`;
1613
1614	if (png_muldiv(&XYZ->blue_X, XYZ->blue_X, PNG_FP_1, Y) == `0`)
1615	return `1`;
1616	if (png_muldiv(&XYZ->blue_Y, XYZ->blue_Y, PNG_FP_1, Y) == `0`)
1617	return `1`;
1618	if (png_muldiv(&XYZ->blue_Z, XYZ->blue_Z, PNG_FP_1, Y) == `0`)
1619	return `1`;
1620	}
1621
1622	return `0`;
1623	}
1624
1625	static int
1626	png_colorspace_endpoints_match(const png_xy xy1, const* png_xy xy2, int* delta)
1627	{
1628	/ Allow an error of +/-0.01 (absolute value) on each chromaticity /
1629	if (PNG_OUT_OF_RANGE(xy1->whitex, xy2->whitex,delta) \|\|
1630	PNG_OUT_OF_RANGE(xy1->whitey, xy2->whitey,delta) \|\|
1631	PNG_OUT_OF_RANGE(xy1->redx, xy2->redx, delta) \|\|
1632	PNG_OUT_OF_RANGE(xy1->redy, xy2->redy, delta) \|\|
1633	PNG_OUT_OF_RANGE(xy1->greenx, xy2->greenx,delta) \|\|
1634	PNG_OUT_OF_RANGE(xy1->greeny, xy2->greeny,delta) \|\|
1635	PNG_OUT_OF_RANGE(xy1->bluex, xy2->bluex, delta) \|\|
1636	PNG_OUT_OF_RANGE(xy1->bluey, xy2->bluey, delta))
1637	return `0`;
1638	return `1`;
1639	}
1640
1641	/ Added in libpng-1.6.0, a different check for the validity of a set of cHRM*
1642	* chunk chromaticities. Earlier checks used to simply look for the overflow
1643	* condition (where the determinant of the matrix to solve for XYZ ends up zero
1644	* because the chromaticity values are not all distinct.) Despite this it is
1645	* theoretically possible to produce chromaticities that are apparently valid
1646	* but that rapidly degrade to invalid, potentially crashing, sets because of
1647	* arithmetic inaccuracies when calculations are performed on them. The new
1648	* check is to round-trip xy -> XYZ -> xy and then check that the result is
1649	* within a small percentage of the original.
1650	*/
1651	static int
1652	png_colorspace_check_xy(png_XYZ XYZ, const* png_xy *xy)
1653	{
1654	int result;
1655	png_xy xy_test;
1656
1657	/ As a side-effect this routine also returns the XYZ endpoints. /
1658	result = png_XYZ_from_xy(XYZ, xy);
1659	if (result != `0`)
1660	return result;
1661
1662	result = png_xy_from_XYZ(&xy_test, XYZ);
1663	if (result != `0`)
1664	return result;
1665
1666	if (png_colorspace_endpoints_match(xy, &xy_test,
1667	`5`/actually, the math is pretty accurate/) != `0`)
1668	return `0`;
1669
1670	/ Too much slip /
1671	return `1`;
1672	}
1673
1674	/ This is the check going the other way. The XYZ is modified to normalize it*
1675	* (another side-effect) and the xy chromaticities are returned.
1676	*/
1677	static int
1678	png_colorspace_check_XYZ(png_xy xy, png_XYZ XYZ)
1679	{
1680	int result;
1681	png_XYZ XYZtemp;
1682
1683	result = png_XYZ_normalize(XYZ);
1684	if (result != `0`)
1685	return result;
1686
1687	result = png_xy_from_XYZ(xy, XYZ);
1688	if (result != `0`)
1689	return result;
1690
1691	XYZtemp = *XYZ;
1692	return png_colorspace_check_xy(&XYZtemp, xy);
1693	}
1694
1695	/ Used to check for an endpoint match against sRGB /
1696	static const png_xy sRGB_xy = / From ITU-R BT.709-3 /
1697	{
1698	/ color x y /
1699	/ red / `64000`, `33000`,
1700	/ green / `30000`, `60000`,
1701	/ blue / `15000`, `6000`,
1702	/ white / `31270`, `32900`
1703	};
1704
1705	static int
1706	png_colorspace_set_xy_and_XYZ(png_const_structrp png_ptr,
1707	png_colorspacerp colorspace, const png_xy xy, const* png_XYZ *XYZ,
1708	int preferred)
1709	{
1710	if ((colorspace->flags & PNG_COLORSPACE_INVALID) != `0`)
1711	return `0`;
1712
1713	/ The consistency check is performed on the chromaticities; this factors out*
1714	* variations because of the normalization (or not) of the end point Y
1715	* values.
1716	*/
1717	if (preferred < `2` &&
1718	(colorspace->flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != `0`)
1719	{
1720	/ The end points must be reasonably close to any we already have. The*
1721	* following allows an error of up to +/-.001
1722	*/
1723	if (png_colorspace_endpoints_match(xy, &colorspace->end_points_xy,
1724	`100`) == `0`)
1725	{
1726	colorspace->flags \|= PNG_COLORSPACE_INVALID;
1727	png_benign_error(png_ptr, "inconsistent chromaticities");
1728	return `0`; / failed /
1729	}
1730
1731	/ Only overwrite with preferred values /
1732	if (preferred == `0`)
1733	return `1`; / ok, but no change /
1734	}
1735
1736	colorspace->end_points_xy = *xy;
1737	colorspace->end_points_XYZ = *XYZ;
1738	colorspace->flags \|= PNG_COLORSPACE_HAVE_ENDPOINTS;
1739
1740	/ The end points are normally quoted to two decimal digits, so allow +/-0.01*
1741	* on this test.
1742	*/
1743	if (png_colorspace_endpoints_match(xy, &sRGB_xy, `1000`) != `0`)
1744	colorspace->flags \|= PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB;
1745
1746	else
1747	colorspace->flags &= PNG_COLORSPACE_CANCEL(
1748	PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB);
1749
1750	return `2`; / ok and changed /
1751	}
1752
1753	int / PRIVATE /
1754	png_colorspace_set_chromaticities(png_const_structrp png_ptr,
1755	png_colorspacerp colorspace, const png_xy xy, int* preferred)
1756	{
1757	/ We must check the end points to ensure they are reasonable - in the past*
1758	* color management systems have crashed as a result of getting bogus
1759	* colorant values, while this isn't the fault of libpng it is the
1760	* responsibility of libpng because PNG carries the bomb and libpng is in a
1761	* position to protect against it.
1762	*/
1763	png_XYZ XYZ;
1764
1765	switch (png_colorspace_check_xy(&XYZ, xy))
1766	{
1767	case `0`: / success /
1768	return png_colorspace_set_xy_and_XYZ(png_ptr, colorspace, xy, &XYZ,
1769	preferred);
1770
1771	case `1`:
1772	/ We can't invert the chromaticities so we can't produce value XYZ*
1773	* values. Likely as not a color management system will fail too.
1774	*/
1775	colorspace->flags \|= PNG_COLORSPACE_INVALID;
1776	png_benign_error(png_ptr, "invalid chromaticities");
1777	break;
1778
1779	default:
1780	/ libpng is broken; this should be a warning but if it happens we*
1781	* want error reports so for the moment it is an error.
1782	*/
1783	colorspace->flags \|= PNG_COLORSPACE_INVALID;
1784	png_error(png_ptr, "internal error checking chromaticities");
1785	}
1786
1787	return `0`; / failed /
1788	}
1789
1790	int / PRIVATE /
1791	png_colorspace_set_endpoints(png_const_structrp png_ptr,
1792	png_colorspacerp colorspace, const png_XYZ XYZ_in, int* preferred)
1793	{
1794	png_XYZ XYZ = *XYZ_in;
1795	png_xy xy;
1796
1797	switch (png_colorspace_check_XYZ(&xy, &XYZ))
1798	{
1799	case `0`:
1800	return png_colorspace_set_xy_and_XYZ(png_ptr, colorspace, &xy, &XYZ,
1801	preferred);
1802
1803	case `1`:
1804	/ End points are invalid. /
1805	colorspace->flags \|= PNG_COLORSPACE_INVALID;
1806	png_benign_error(png_ptr, "invalid end points");
1807	break;
1808
1809	default:
1810	colorspace->flags \|= PNG_COLORSPACE_INVALID;
1811	png_error(png_ptr, "internal error checking chromaticities");
1812	}
1813
1814	return `0`; / failed /
1815	}
1816
1817	#if defined(PNG_sRGB_SUPPORTED) \|\| defined(PNG_iCCP_SUPPORTED)
1818	/ Error message generation /
1819	static char
1820	png_icc_tag_char(png_uint_32 byte)
1821	{
1822	byte &= `0xff`;
1823	if (byte >= `32` && byte <= `126`)
1824	return (char)byte;
1825	else
1826	return `'?'`;
1827	}
1828
1829	static void
1830	png_icc_tag_name(char *name, png_uint_32 tag)
1831	{
1832	name[`0`] = `'\''`;
1833	name[`1`] = png_icc_tag_char(tag >> `24`);
1834	name[`2`] = png_icc_tag_char(tag >> `16`);
1835	name[`3`] = png_icc_tag_char(tag >> `8`);
1836	name[`4`] = png_icc_tag_char(tag );
1837	name[`5`] = `'\''`;
1838	}
1839
1840	static int
1841	is_ICC_signature_char(png_alloc_size_t it)
1842	{
1843	return it == `32` \|\| (it >= `48` && it <= `57`) \|\| (it >= `65` && it <= `90`) \|\|
1844	(it >= `97` && it <= `122`);
1845	}
1846
1847	static int
1848	is_ICC_signature(png_alloc_size_t it)
1849	{
1850	return is_ICC_signature_char(it >> `24`) / checks all the top bits / &&
1851	is_ICC_signature_char((it >> `16`) & `0xff`) &&
1852	is_ICC_signature_char((it >> `8`) & `0xff`) &&
1853	is_ICC_signature_char(it & `0xff`);
1854	}
1855
1856	static int
1857	png_icc_profile_error(png_const_structrp png_ptr, png_colorspacerp colorspace,
1858	png_const_charp name, png_alloc_size_t value, png_const_charp reason)
1859	{
1860	size_t pos;
1861	char message[`196`]; / see below for calculation /
1862
1863	if (colorspace != NULL)
1864	colorspace->flags \|= PNG_COLORSPACE_INVALID;
1865
1866	pos = png_safecat(message, (sizeof message), `0`, "profile '"); / 9 chars /
1867	pos = png_safecat(message, pos+`79`, pos, name); / Truncate to 79 chars /
1868	pos = png_safecat(message, (sizeof message), pos, "': "); / +2 = 90 /
1869	if (is_ICC_signature(value) != `0`)
1870	{
1871	/ So 'value' is at most 4 bytes and the following cast is safe /
1872	png_icc_tag_name(message+pos, (png_uint_32)value);
1873	pos += `6`; / total +8; less than the else clause /
1874	message[pos++] = `':'`;
1875	message[pos++] = `' '`;
1876	}
1877	# ifdef PNG_WARNINGS_SUPPORTED
1878	else
1879	{
1880	char number[PNG_NUMBER_BUFFER_SIZE]; / +24 = 114/
1881
1882	pos = png_safecat(message, (sizeof message), pos,
1883	png_format_number(number, number+(sizeof number),
1884	PNG_NUMBER_FORMAT_x, value));
1885	pos = png_safecat(message, (sizeof message), pos, "h: "); /+2 = 116/
1886	}
1887	# endif
1888	/ The 'reason' is an arbitrary message, allow +79 maximum 195 /
1889	pos = png_safecat(message, (sizeof message), pos, reason);
1890	PNG_UNUSED(pos)
1891
1892	/ This is recoverable, but make it unconditionally an app_error on write to*
1893	* avoid writing invalid ICC profiles into PNG files (i.e., we handle them
1894	* on read, with a warning, but on write unless the app turns off
1895	* application errors the PNG won't be written.)
1896	*/
1897	png_chunk_report(png_ptr, message,
1898	(colorspace != NULL) ? PNG_CHUNK_ERROR : PNG_CHUNK_WRITE_ERROR);
1899
1900	return `0`;
1901	}
1902	#endif /* sRGB \|\| iCCP */
1903
1904	#ifdef PNG_sRGB_SUPPORTED
1905	int / PRIVATE /
1906	png_colorspace_set_sRGB(png_const_structrp png_ptr, png_colorspacerp colorspace,
1907	int intent)
1908	{
1909	/ sRGB sets known gamma, end points and (from the chunk) intent. /
1910	/ IMPORTANT: these are not necessarily the values found in an ICC profile*
1911	* because ICC profiles store values adapted to a D50 environment; it is
1912	* expected that the ICC profile mediaWhitePointTag will be D50; see the
1913	* checks and code elsewhere to understand this better.
1914	*
1915	* These XYZ values, which are accurate to 5dp, produce rgb to gray
1916	* coefficients of (6968,23435,2366), which are reduced (because they add up
1917	* to 32769 not 32768) to (6968,23434,2366). These are the values that
1918	* libpng has traditionally used (and are the best values given the 15bit
1919	* algorithm used by the rgb to gray code.)
1920	*/
1921	static const png_XYZ sRGB_XYZ = / D65 XYZ (not the D50 adapted values!) /
1922	{
1923	/ color X Y Z /
1924	/ red / `41239`, `21264`, `1933`,
1925	/ green / `35758`, `71517`, `11919`,
1926	/ blue / `18048`, `7219`, `95053`
1927	};
1928
1929	/ Do nothing if the colorspace is already invalidated. /
1930	if ((colorspace->flags & PNG_COLORSPACE_INVALID) != `0`)
1931	return `0`;
1932
1933	/ Check the intent, then check for existing settings. It is valid for the*
1934	* PNG file to have cHRM or gAMA chunks along with sRGB, but the values must
1935	* be consistent with the correct values. If, however, this function is
1936	* called below because an iCCP chunk matches sRGB then it is quite
1937	* conceivable that an older app recorded incorrect gAMA and cHRM because of
1938	* an incorrect calculation based on the values in the profile - this does
1939	* not invalidate the profile (though it still produces an error, which can
1940	* be ignored.)
1941	*/
1942	if (intent < `0` \|\| intent >= PNG_sRGB_INTENT_LAST)
1943	return png_icc_profile_error(png_ptr, colorspace, "sRGB",
1944	(png_alloc_size_t)intent, "invalid sRGB rendering intent");
1945
1946	if ((colorspace->flags & PNG_COLORSPACE_HAVE_INTENT) != `0` &&
1947	colorspace->rendering_intent != intent)
1948	return png_icc_profile_error(png_ptr, colorspace, "sRGB",
1949	(png_alloc_size_t)intent, "inconsistent rendering intents");
1950
1951	if ((colorspace->flags & PNG_COLORSPACE_FROM_sRGB) != `0`)
1952	{
1953	png_benign_error(png_ptr, "duplicate sRGB information ignored");
1954	return `0`;
1955	}
1956
1957	/ If the standard sRGB cHRM chunk does not match the one from the PNG file*
1958	* warn but overwrite the value with the correct one.
1959	*/
1960	if ((colorspace->flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != `0` &&
1961	!png_colorspace_endpoints_match(&sRGB_xy, &colorspace->end_points_xy,
1962	`100`))
1963	png_chunk_report(png_ptr, "cHRM chunk does not match sRGB",
1964	PNG_CHUNK_ERROR);
1965
1966	/ This check is just done for the error reporting - the routine always*
1967	* returns true when the 'from' argument corresponds to sRGB (2).
1968	*/
1969	(void)png_colorspace_check_gamma(png_ptr, colorspace, PNG_GAMMA_sRGB_INVERSE,
1970	`2`/from sRGB/);
1971
1972	/ intent: bugs in GCC force 'int' to be used as the parameter type. /
1973	colorspace->rendering_intent = (png_uint_16)intent;
1974	colorspace->flags \|= PNG_COLORSPACE_HAVE_INTENT;
1975
1976	/ endpoints /
1977	colorspace->end_points_xy = sRGB_xy;
1978	colorspace->end_points_XYZ = sRGB_XYZ;
1979	colorspace->flags \|=
1980	(PNG_COLORSPACE_HAVE_ENDPOINTS\|PNG_COLORSPACE_ENDPOINTS_MATCH_sRGB);
1981
1982	/ gamma /
1983	colorspace->gamma = PNG_GAMMA_sRGB_INVERSE;
1984	colorspace->flags \|= PNG_COLORSPACE_HAVE_GAMMA;
1985
1986	/ Finally record that we have an sRGB profile /
1987	colorspace->flags \|=
1988	(PNG_COLORSPACE_MATCHES_sRGB\|PNG_COLORSPACE_FROM_sRGB);
1989
1990	return `1`; / set /
1991	}
1992	#endif /* sRGB */
1993
1994	#ifdef PNG_iCCP_SUPPORTED
1995	/ Encoded value of D50 as an ICC XYZNumber. From the ICC 2010 spec the value*
1996	* is XYZ(0.9642,1.0,0.8249), which scales to:
1997	*
1998	* (63189.8112, 65536, 54060.6464)
1999	*/
2000	static const png_byte D50_nCIEXYZ[`12`] =
2001	{ `0x00`, `0x00`, `0xf6`, `0xd6`, `0x00`, `0x01`, `0x00`, `0x00`, `0x00`, `0x00`, `0xd3`, `0x2d` };
2002
2003	static int / bool /
2004	icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace,
2005	png_const_charp name, png_uint_32 profile_length)
2006	{
2007	if (profile_length < `132`)
2008	return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
2009	"too short");
2010	return `1`;
2011	}
2012
2013	#ifdef PNG_READ_iCCP_SUPPORTED
2014	int / PRIVATE /
2015	png_icc_check_length(png_const_structrp png_ptr, png_colorspacerp colorspace,
2016	png_const_charp name, png_uint_32 profile_length)
2017	{
2018	if (!icc_check_length(png_ptr, colorspace, name, profile_length))
2019	return `0`;
2020
2021	/ This needs to be here because the 'normal' check is in*
2022	* png_decompress_chunk, yet this happens after the attempt to
2023	* png_malloc_base the required data. We only need this on read; on write
2024	* the caller supplies the profile buffer so libpng doesn't allocate it. See
2025	* the call to icc_check_length below (the write case).
2026	*/
2027	# ifdef PNG_SET_USER_LIMITS_SUPPORTED
2028	else if (png_ptr->user_chunk_malloc_max > `0` &&
2029	png_ptr->user_chunk_malloc_max < profile_length)
2030	return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
2031	"exceeds application limits");
2032	# elif PNG_USER_CHUNK_MALLOC_MAX > 0
2033	else if (PNG_USER_CHUNK_MALLOC_MAX < profile_length)
2034	return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
2035	"exceeds libpng limits");
2036	# else /* !SET_USER_LIMITS */
2037	/ This will get compiled out on all 32-bit and better systems. /
2038	else if (PNG_SIZE_MAX < profile_length)
2039	return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
2040	"exceeds system limits");
2041	# endif /* !SET_USER_LIMITS */
2042
2043	return `1`;
2044	}
2045	#endif /* READ_iCCP */
2046
2047	int / PRIVATE /
2048	png_icc_check_header(png_const_structrp png_ptr, png_colorspacerp colorspace,
2049	png_const_charp name, png_uint_32 profile_length,
2050	png_const_bytep profile/* first 132 bytes only /, int* color_type)
2051	{
2052	png_uint_32 temp;
2053
2054	/ Length check; this cannot be ignored in this code because profile_length*
2055	* is used later to check the tag table, so even if the profile seems over
2056	* long profile_length from the caller must be correct. The caller can fix
2057	* this up on read or write by just passing in the profile header length.
2058	*/
2059	temp = png_get_uint_32(profile);
2060	if (temp != profile_length)
2061	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2062	"length does not match profile");
2063
2064	temp = (png_uint_32) (*(profile+`8`));
2065	if (temp > `3` && (profile_length & `3`))
2066	return png_icc_profile_error(png_ptr, colorspace, name, profile_length,
2067	"invalid length");
2068
2069	temp = png_get_uint_32(profile+`128`); / tag count: 12 bytes/tag /
2070	if (temp > `357913930` \|\| / (2^32-4-132)/12: maximum possible tag count /
2071	profile_length < `132`+`12`temp) /* truncated tag table /
2072	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2073	"tag count too large");
2074
2075	/ The 'intent' must be valid or we can't store it, ICC limits the intent to*
2076	* 16 bits.
2077	*/
2078	temp = png_get_uint_32(profile+`64`);
2079	if (temp >= `0xffff`) / The ICC limit /
2080	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2081	"invalid rendering intent");
2082
2083	/ This is just a warning because the profile may be valid in future*
2084	* versions.
2085	*/
2086	if (temp >= PNG_sRGB_INTENT_LAST)
2087	(void)png_icc_profile_error(png_ptr, NULL, name, temp,
2088	"intent outside defined range");
2089
2090	/ At this point the tag table can't be checked because it hasn't necessarily*
2091	* been loaded; however, various header fields can be checked. These checks
2092	* are for values permitted by the PNG spec in an ICC profile; the PNG spec
2093	* restricts the profiles that can be passed in an iCCP chunk (they must be
2094	* appropriate to processing PNG data!)
2095	*/
2096
2097	/ Data checks (could be skipped). These checks must be independent of the*
2098	* version number; however, the version number doesn't accommodate changes in
2099	* the header fields (just the known tags and the interpretation of the
2100	* data.)
2101	*/
2102	temp = png_get_uint_32(profile+`36`); / signature 'ascp' /
2103	if (temp != `0x61637370`)
2104	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2105	"invalid signature");
2106
2107	/ Currently the PCS illuminant/adopted white point (the computational*
2108	* white point) are required to be D50,
2109	* however the profile contains a record of the illuminant so perhaps ICC
2110	* expects to be able to change this in the future (despite the rationale in
2111	* the introduction for using a fixed PCS adopted white.) Consequently the
2112	* following is just a warning.
2113	*/
2114	if (memcmp(profile+`68`, D50_nCIEXYZ, `12`) != `0`)
2115	(void)png_icc_profile_error(png_ptr, NULL, name, `0`/no tag value/,
2116	"PCS illuminant is not D50");
2117
2118	/ The PNG spec requires this:*
2119	* "If the iCCP chunk is present, the image samples conform to the colour
2120	* space represented by the embedded ICC profile as defined by the
2121	* International Color Consortium [ICC]. The colour space of the ICC profile
2122	* shall be an RGB colour space for colour images (PNG colour types 2, 3, and
2123	* 6), or a greyscale colour space for greyscale images (PNG colour types 0
2124	* and 4)."
2125	*
2126	* This checking code ensures the embedded profile (on either read or write)
2127	* conforms to the specification requirements. Notice that an ICC 'gray'
2128	* color-space profile contains the information to transform the monochrome
2129	* data to XYZ or Lab (according to which PCS the profile uses) and this
2130	* should be used in preference to the standard libpng K channel replication
2131	* into R, G and B channels.
2132	*
2133	* Previously it was suggested that an RGB profile on grayscale data could be
2134	* handled. However it it is clear that using an RGB profile in this context
2135	* must be an error - there is no specification of what it means. Thus it is
2136	* almost certainly more correct to ignore the profile.
2137	*/
2138	temp = png_get_uint_32(profile+`16`); / data colour space field /
2139	switch (temp)
2140	{
2141	case `0x52474220`: / 'RGB ' /
2142	if ((color_type & PNG_COLOR_MASK_COLOR) == `0`)
2143	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2144	"RGB color space not permitted on grayscale PNG");
2145	break;
2146
2147	case `0x47524159`: / 'GRAY' /
2148	if ((color_type & PNG_COLOR_MASK_COLOR) != `0`)
2149	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2150	"Gray color space not permitted on RGB PNG");
2151	break;
2152
2153	default:
2154	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2155	"invalid ICC profile color space");
2156	}
2157
2158	/ It is up to the application to check that the profile class matches the*
2159	* application requirements; the spec provides no guidance, but it's pretty
2160	* weird if the profile is not scanner ('scnr'), monitor ('mntr'), printer
2161	* ('prtr') or 'spac' (for generic color spaces). Issue a warning in these
2162	* cases. Issue an error for device link or abstract profiles - these don't
2163	* contain the records necessary to transform the color-space to anything
2164	* other than the target device (and not even that for an abstract profile).
2165	* Profiles of these classes may not be embedded in images.
2166	*/
2167	temp = png_get_uint_32(profile+`12`); / profile/device class /
2168	switch (temp)
2169	{
2170	case `0x73636e72`: / 'scnr' /
2171	case `0x6d6e7472`: / 'mntr' /
2172	case `0x70727472`: / 'prtr' /
2173	case `0x73706163`: / 'spac' /
2174	/ All supported /
2175	break;
2176
2177	case `0x61627374`: / 'abst' /
2178	/ May not be embedded in an image /
2179	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2180	"invalid embedded Abstract ICC profile");
2181
2182	case `0x6c696e6b`: / 'link' /
2183	/ DeviceLink profiles cannot be interpreted in a non-device specific*
2184	* fashion, if an app uses the AToB0Tag in the profile the results are
2185	* undefined unless the result is sent to the intended device,
2186	* therefore a DeviceLink profile should not be found embedded in a
2187	* PNG.
2188	*/
2189	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2190	"unexpected DeviceLink ICC profile class");
2191
2192	case `0x6e6d636c`: / 'nmcl' /
2193	/ A NamedColor profile is also device specific, however it doesn't*
2194	* contain an AToB0 tag that is open to misinterpretation. Almost
2195	* certainly it will fail the tests below.
2196	*/
2197	(void)png_icc_profile_error(png_ptr, NULL, name, temp,
2198	"unexpected NamedColor ICC profile class");
2199	break;
2200
2201	default:
2202	/ To allow for future enhancements to the profile accept unrecognized*
2203	* profile classes with a warning, these then hit the test below on the
2204	* tag content to ensure they are backward compatible with one of the
2205	* understood profiles.
2206	*/
2207	(void)png_icc_profile_error(png_ptr, NULL, name, temp,
2208	"unrecognized ICC profile class");
2209	break;
2210	}
2211
2212	/ For any profile other than a device link one the PCS must be encoded*
2213	* either in XYZ or Lab.
2214	*/
2215	temp = png_get_uint_32(profile+`20`);
2216	switch (temp)
2217	{
2218	case `0x58595a20`: / 'XYZ ' /
2219	case `0x4c616220`: / 'Lab ' /
2220	break;
2221
2222	default:
2223	return png_icc_profile_error(png_ptr, colorspace, name, temp,
2224	"unexpected ICC PCS encoding");
2225	}
2226
2227	return `1`;
2228	}
2229
2230	int / PRIVATE /
2231	png_icc_check_tag_table(png_const_structrp png_ptr, png_colorspacerp colorspace,
2232	png_const_charp name, png_uint_32 profile_length,
2233	png_const_bytep profile / header plus whole tag table /)
2234	{
2235	png_uint_32 tag_count = png_get_uint_32(profile+`128`);
2236	png_uint_32 itag;
2237	png_const_bytep tag = profile+`132`; / The first tag /
2238
2239	/ First scan all the tags in the table and add bits to the icc_info value*
2240	* (temporarily in 'tags').
2241	*/
2242	for (itag=`0`; itag < tag_count; ++itag, tag += `12`)
2243	{
2244	png_uint_32 tag_id = png_get_uint_32(tag+`0`);
2245	png_uint_32 tag_start = png_get_uint_32(tag+`4`); / must be aligned /
2246	png_uint_32 tag_length = png_get_uint_32(tag+`8`);/ not padded /
2247
2248	/ The ICC specification does not exclude zero length tags, therefore the*
2249	* start might actually be anywhere if there is no data, but this would be
2250	* a clear abuse of the intent of the standard so the start is checked for
2251	* being in range. All defined tag types have an 8 byte header - a 4 byte
2252	* type signature then 0.
2253	*/
2254
2255	/ This is a hard error; potentially it can cause read outside the*
2256	* profile.
2257	*/
2258	if (tag_start > profile_length \|\| tag_length > profile_length - tag_start)
2259	return png_icc_profile_error(png_ptr, colorspace, name, tag_id,
2260	"ICC profile tag outside profile");
2261
2262	if ((tag_start & `3`) != `0`)
2263	{
2264	/ CNHP730S.icc shipped with Microsoft Windows 64 violates this; it is*
2265	* only a warning here because libpng does not care about the
2266	* alignment.
2267	*/
2268	(void)png_icc_profile_error(png_ptr, NULL, name, tag_id,
2269	"ICC profile tag start not a multiple of 4");
2270	}
2271	}
2272
2273	return `1`; / success, maybe with warnings /
2274	}
2275
2276	#ifdef PNG_sRGB_SUPPORTED
2277	#if PNG_sRGB_PROFILE_CHECKS >= 0
2278	/ Information about the known ICC sRGB profiles /
2279	static const struct
2280	{
2281	png_uint_32 adler, crc, length;
2282	png_uint_32 md5[`4`];
2283	png_byte have_md5;
2284	png_byte is_broken;
2285	png_uint_16 intent;
2286
2287	# define PNG_MD5(a,b,c,d) { a, b, c, d }, (a!=0)\|\|(b!=0)\|\|(c!=0)\|\|(d!=0)
2288	# define PNG_ICC_CHECKSUM(adler, crc, md5, intent, broke, date, length, fname)\
2289	{ adler, crc, length, md5, broke, intent },
2290
2291	} png_sRGB_checks[] =
2292	{
2293	/ This data comes from contrib/tools/checksum-icc run on downloads of*
2294	* all four ICC sRGB profiles from www.color.org.
2295	*/
2296	/ adler32, crc32, MD5[4], intent, date, length, file-name /
2297	PNG_ICC_CHECKSUM(`0x0a3fd9f6`, `0x3b8772b9`,
2298	PNG_MD5(`0x29f83dde`, `0xaff255ae`, `0x7842fae4`, `0xca83390d`), `0`, `0`,
2299	"2009/03/27 21:36:31", `3048`, "sRGB_IEC61966-2-1_black_scaled.icc")
2300
2301	/ ICC sRGB v2 perceptual no black-compensation: /
2302	PNG_ICC_CHECKSUM(`0x4909e5e1`, `0x427ebb21`,
2303	PNG_MD5(`0xc95bd637`, `0xe95d8a3b`, `0x0df38f99`, `0xc1320389`), `1`, `0`,
2304	"2009/03/27 21:37:45", `3052`, "sRGB_IEC61966-2-1_no_black_scaling.icc")
2305
2306	PNG_ICC_CHECKSUM(`0xfd2144a1`, `0x306fd8ae`,
2307	PNG_MD5(`0xfc663378`, `0x37e2886b`, `0xfd72e983`, `0x8228f1b8`), `0`, `0`,
2308	"2009/08/10 17:28:01", `60988`, "sRGB_v4_ICC_preference_displayclass.icc")
2309
2310	/ ICC sRGB v4 perceptual /
2311	PNG_ICC_CHECKSUM(`0x209c35d2`, `0xbbef7812`,
2312	PNG_MD5(`0x34562abf`, `0x994ccd06`, `0x6d2c5721`, `0xd0d68c5d`), `0`, `0`,
2313	"2007/07/25 00:05:37", `60960`, "sRGB_v4_ICC_preference.icc")
2314
2315	/ The following profiles have no known MD5 checksum. If there is a match*
2316	* on the (empty) MD5 the other fields are used to attempt a match and
2317	* a warning is produced. The first two of these profiles have a 'cprt' tag
2318	* which suggests that they were also made by Hewlett Packard.
2319	*/
2320	PNG_ICC_CHECKSUM(`0xa054d762`, `0x5d5129ce`,
2321	PNG_MD5(`0x00000000`, `0x00000000`, `0x00000000`, `0x00000000`), `1`, `0`,
2322	"2004/07/21 18:57:42", `3024`, "sRGB_IEC61966-2-1_noBPC.icc")
2323
2324	/ This is a 'mntr' (display) profile with a mediaWhitePointTag that does not*
2325	* match the D50 PCS illuminant in the header (it is in fact the D65 values,
2326	* so the white point is recorded as the un-adapted value.) The profiles
2327	* below only differ in one byte - the intent - and are basically the same as
2328	* the previous profile except for the mediaWhitePointTag error and a missing
2329	* chromaticAdaptationTag.
2330	*/
2331	PNG_ICC_CHECKSUM(`0xf784f3fb`, `0x182ea552`,
2332	PNG_MD5(`0x00000000`, `0x00000000`, `0x00000000`, `0x00000000`), `0`, `1`/broken/,
2333	"1998/02/09 06:49:00", `3144`, "HP-Microsoft sRGB v2 perceptual")
2334
2335	PNG_ICC_CHECKSUM(`0x0398f3fc`, `0xf29e526d`,
2336	PNG_MD5(`0x00000000`, `0x00000000`, `0x00000000`, `0x00000000`), `1`, `1`/broken/,
2337	"1998/02/09 06:49:00", `3144`, "HP-Microsoft sRGB v2 media-relative")
2338	};
2339
2340	static int
2341	png_compare_ICC_profile_with_sRGB(png_const_structrp png_ptr,
2342	png_const_bytep profile, uLong adler)
2343	{
2344	/ The quick check is to verify just the MD5 signature and trust the*
2345	* rest of the data. Because the profile has already been verified for
2346	* correctness this is safe. png_colorspace_set_sRGB will check the 'intent'
2347	* field too, so if the profile has been edited with an intent not defined
2348	* by sRGB (but maybe defined by a later ICC specification) the read of
2349	* the profile will fail at that point.
2350	*/
2351
2352	png_uint_32 length = `0`;
2353	png_uint_32 intent = `0x10000`; / invalid /
2354	#if PNG_sRGB_PROFILE_CHECKS > 1
2355	uLong crc = `0`; / the value for 0 length data /
2356	#endif
2357	unsigned int i;
2358
2359	#ifdef PNG_SET_OPTION_SUPPORTED
2360	/ First see if PNG_SKIP_sRGB_CHECK_PROFILE has been set to "on" /
2361	if (((png_ptr->options >> PNG_SKIP_sRGB_CHECK_PROFILE) & `3`) ==
2362	PNG_OPTION_ON)
2363	return `0`;
2364	#endif
2365
2366	for (i=`0`; i < (sizeof png_sRGB_checks) / (sizeof png_sRGB_checks[`0`]); ++i)
2367	{
2368	if (png_get_uint_32(profile+`84`) == png_sRGB_checks[i].md5[`0`] &&
2369	png_get_uint_32(profile+`88`) == png_sRGB_checks[i].md5[`1`] &&
2370	png_get_uint_32(profile+`92`) == png_sRGB_checks[i].md5[`2`] &&
2371	png_get_uint_32(profile+`96`) == png_sRGB_checks[i].md5[`3`])
2372	{
2373	/ This may be one of the old HP profiles without an MD5, in that*
2374	* case we can only use the length and Adler32 (note that these
2375	* are not used by default if there is an MD5!)
2376	*/
2377	# if PNG_sRGB_PROFILE_CHECKS == 0
2378	if (png_sRGB_checks[i].have_md5 != `0`)
2379	return `1`+png_sRGB_checks[i].is_broken;
2380	# endif
2381
2382	/ Profile is unsigned or more checks have been configured in. /
2383	if (length == `0`)
2384	{
2385	length = png_get_uint_32(profile);
2386	intent = png_get_uint_32(profile+`64`);
2387	}
2388
2389	/ Length and intent must match /
2390	if (length == (png_uint_32) png_sRGB_checks[i].length &&
2391	intent == (png_uint_32) png_sRGB_checks[i].intent)
2392	{
2393	/ Now calculate the adler32 if not done already. /
2394	if (adler == `0`)
2395	{
2396	adler = adler32(`0`, NULL, `0`);
2397	adler = adler32(adler, profile, length);
2398	}
2399
2400	if (adler == png_sRGB_checks[i].adler)
2401	{
2402	/ These basic checks suggest that the data has not been*
2403	* modified, but if the check level is more than 1 perform
2404	* our own crc32 checksum on the data.
2405	*/
2406	# if PNG_sRGB_PROFILE_CHECKS > 1
2407	if (crc == `0`)
2408	{
2409	crc = crc32(`0`, NULL, `0`);
2410	crc = crc32(crc, profile, length);
2411	}
2412
2413	/ So this check must pass for the 'return' below to happen.*
2414	*/
2415	if (crc == png_sRGB_checks[i].crc)
2416	# endif
2417	{
2418	if (png_sRGB_checks[i].is_broken != `0`)
2419	{
2420	/ These profiles are known to have bad data that may cause*
2421	* problems if they are used, therefore attempt to
2422	* discourage their use, skip the 'have_md5' warning below,
2423	* which is made irrelevant by this error.
2424	*/
2425	png_chunk_report(png_ptr, "known incorrect sRGB profile",
2426	PNG_CHUNK_ERROR);
2427	}
2428
2429	/ Warn that this being done; this isn't even an error since*
2430	* the profile is perfectly valid, but it would be nice if
2431	* people used the up-to-date ones.
2432	*/
2433	else if (png_sRGB_checks[i].have_md5 == `0`)
2434	{
2435	png_chunk_report(png_ptr,
2436	"out-of-date sRGB profile with no signature",
2437	PNG_CHUNK_WARNING);
2438	}
2439
2440	return `1`+png_sRGB_checks[i].is_broken;
2441	}
2442	}
2443
2444	# if PNG_sRGB_PROFILE_CHECKS > 0
2445	/ The signature matched, but the profile had been changed in some*
2446	* way. This probably indicates a data error or uninformed hacking.
2447	* Fall through to "no match".
2448	*/
2449	png_chunk_report(png_ptr,
2450	"Not recognizing known sRGB profile that has been edited",
2451	PNG_CHUNK_WARNING);
2452	break;
2453	# endif
2454	}
2455	}
2456	}
2457
2458	return `0`; / no match /
2459	}
2460
2461	void / PRIVATE /
2462	png_icc_set_sRGB(png_const_structrp png_ptr,
2463	png_colorspacerp colorspace, png_const_bytep profile, uLong adler)
2464	{
2465	/ Is this profile one of the known ICC sRGB profiles? If it is, just set*
2466	* the sRGB information.
2467	*/
2468	if (png_compare_ICC_profile_with_sRGB(png_ptr, profile, adler) != `0`)
2469	(void)png_colorspace_set_sRGB(png_ptr, colorspace,
2470	(int)/already checked/png_get_uint_32(profile+`64`));
2471	}
2472	#endif /* PNG_sRGB_PROFILE_CHECKS >= 0 */
2473	#endif /* sRGB */
2474
2475	int / PRIVATE /
2476	png_colorspace_set_ICC(png_const_structrp png_ptr, png_colorspacerp colorspace,
2477	png_const_charp name, png_uint_32 profile_length, png_const_bytep profile,
2478	int color_type)
2479	{
2480	if ((colorspace->flags & PNG_COLORSPACE_INVALID) != `0`)
2481	return `0`;
2482
2483	if (icc_check_length(png_ptr, colorspace, name, profile_length) != `0` &&
2484	png_icc_check_header(png_ptr, colorspace, name, profile_length, profile,
2485	color_type) != `0` &&
2486	png_icc_check_tag_table(png_ptr, colorspace, name, profile_length,
2487	profile) != `0`)
2488	{
2489	# if defined(PNG_sRGB_SUPPORTED) && PNG_sRGB_PROFILE_CHECKS >= 0
2490	/ If no sRGB support, don't try storing sRGB information /
2491	png_icc_set_sRGB(png_ptr, colorspace, profile, `0`);
2492	# endif
2493	return `1`;
2494	}
2495
2496	/ Failure case /
2497	return `0`;
2498	}
2499	#endif /* iCCP */
2500
2501	#ifdef PNG_READ_RGB_TO_GRAY_SUPPORTED
2502	void / PRIVATE /
2503	png_colorspace_set_rgb_coefficients(png_structrp png_ptr)
2504	{
2505	/ Set the rgb_to_gray coefficients from the colorspace. /
2506	if (png_ptr->rgb_to_gray_coefficients_set == `0` &&
2507	(png_ptr->colorspace.flags & PNG_COLORSPACE_HAVE_ENDPOINTS) != `0`)
2508	{
2509	/ png_set_background has not been called, get the coefficients from the Y*
2510	* values of the colorspace colorants.
2511	*/
2512	png_fixed_point r = png_ptr->colorspace.end_points_XYZ.red_Y;
2513	png_fixed_point g = png_ptr->colorspace.end_points_XYZ.green_Y;
2514	png_fixed_point b = png_ptr->colorspace.end_points_XYZ.blue_Y;
2515	png_fixed_point total = r+g+b;
2516
2517	if (total > `0` &&
2518	r >= `0` && png_muldiv(&r, r, `32768`, total) && r >= `0` && r <= `32768` &&
2519	g >= `0` && png_muldiv(&g, g, `32768`, total) && g >= `0` && g <= `32768` &&
2520	b >= `0` && png_muldiv(&b, b, `32768`, total) && b >= `0` && b <= `32768` &&
2521	r+g+b <= `32769`)
2522	{
2523	/ We allow 0 coefficients here. r+g+b may be 32769 if two or*
2524	* all of the coefficients were rounded up. Handle this by
2525	* reducing the largest coefficient by 1; this matches the
2526	* approach used for the default coefficients in pngrtran.c
2527	*/
2528	int add = `0`;
2529
2530	if (r+g+b > `32768`)
2531	add = -`1`;
2532	else if (r+g+b < `32768`)
2533	add = `1`;
2534
2535	if (add != `0`)
2536	{
2537	if (g >= r && g >= b)
2538	g += add;
2539	else if (r >= g && r >= b)
2540	r += add;
2541	else
2542	b += add;
2543	}
2544
2545	/ Check for an internal error. /
2546	if (r+g+b != `32768`)
2547	png_error(png_ptr,
2548	"internal error handling cHRM coefficients");
2549
2550	else
2551	{
2552	png_ptr->rgb_to_gray_red_coeff = (png_uint_16)r;
2553	png_ptr->rgb_to_gray_green_coeff = (png_uint_16)g;
2554	}
2555	}
2556
2557	/ This is a png_error at present even though it could be ignored -*
2558	* it should never happen, but it is important that if it does, the
2559	* bug is fixed.
2560	*/
2561	else
2562	png_error(png_ptr, "internal error handling cHRM->XYZ");
2563	}
2564	}
2565	#endif /* READ_RGB_TO_GRAY */
2566
2567	#endif /* COLORSPACE */
2568
2569	#ifdef __GNUC__
2570	/ This exists solely to work round a warning from GNU C. /
2571	static int / PRIVATE /
2572	png_gt(size_t a, size_t b)
2573	{
2574	return a > b;
2575	}
2576	#else
2577	# define png_gt(a,b) ((a) > (b))
2578	#endif
2579
2580	void / PRIVATE /
2581	png_check_IHDR(png_const_structrp png_ptr,
2582	png_uint_32 width, png_uint_32 height, int bit_depth,
2583	int color_type, int interlace_type, int compression_type,
2584	int filter_type)
2585	{
2586	int error = `0`;
2587
2588	/ Check for width and height valid values /
2589	if (width == `0`)
2590	{
2591	png_warning(png_ptr, "Image width is zero in IHDR");
2592	error = `1`;
2593	}
2594
2595	if (width > PNG_UINT_31_MAX)
2596	{
2597	png_warning(png_ptr, "Invalid image width in IHDR");
2598	error = `1`;
2599	}
2600
2601	if (png_gt(((width + `7`) & (~`7U`)),
2602	((PNG_SIZE_MAX
2603	- `48` / big_row_buf hack /
2604	- `1`) / filter byte /
2605	/ `8`) / 8-byte RGBA pixels /
2606	- `1`)) / extra max_pixel_depth pad /
2607	{
2608	/ The size of the row must be within the limits of this architecture.*
2609	* Because the read code can perform arbitrary transformations the
2610	* maximum size is checked here. Because the code in png_read_start_row
2611	* adds extra space "for safety's sake" in several places a conservative
2612	* limit is used here.
2613	*
2614	* NOTE: it would be far better to check the size that is actually used,
2615	* but the effect in the real world is minor and the changes are more
2616	* extensive, therefore much more dangerous and much more difficult to
2617	* write in a way that avoids compiler warnings.
2618	*/
2619	png_warning(png_ptr, "Image width is too large for this architecture");
2620	error = `1`;
2621	}
2622
2623	#ifdef PNG_SET_USER_LIMITS_SUPPORTED
2624	if (width > png_ptr->user_width_max)
2625	#else
2626	if (width > PNG_USER_WIDTH_MAX)
2627	#endif
2628	{
2629	png_warning(png_ptr, "Image width exceeds user limit in IHDR");
2630	error = `1`;
2631	}
2632
2633	if (height == `0`)
2634	{
2635	png_warning(png_ptr, "Image height is zero in IHDR");
2636	error = `1`;
2637	}
2638
2639	if (height > PNG_UINT_31_MAX)
2640	{
2641	png_warning(png_ptr, "Invalid image height in IHDR");
2642	error = `1`;
2643	}
2644
2645	#ifdef PNG_SET_USER_LIMITS_SUPPORTED
2646	if (height > png_ptr->user_height_max)
2647	#else
2648	if (height > PNG_USER_HEIGHT_MAX)
2649	#endif
2650	{
2651	png_warning(png_ptr, "Image height exceeds user limit in IHDR");
2652	error = `1`;
2653	}
2654
2655	/ Check other values /
2656	if (bit_depth != `1` && bit_depth != `2` && bit_depth != `4` &&
2657	bit_depth != `8` && bit_depth != `16`)
2658	{
2659	png_warning(png_ptr, "Invalid bit depth in IHDR");
2660	error = `1`;
2661	}
2662
2663	if (color_type < `0` \|\| color_type == `1` \|\|
2664	color_type == `5` \|\| color_type > `6`)
2665	{
2666	png_warning(png_ptr, "Invalid color type in IHDR");
2667	error = `1`;
2668	}
2669
2670	if (((color_type == PNG_COLOR_TYPE_PALETTE) && bit_depth > `8`) \|\|
2671	((color_type == PNG_COLOR_TYPE_RGB \|\|
2672	color_type == PNG_COLOR_TYPE_GRAY_ALPHA \|\|
2673	color_type == PNG_COLOR_TYPE_RGB_ALPHA) && bit_depth < `8`))
2674	{
2675	png_warning(png_ptr, "Invalid color type/bit depth combination in IHDR");
2676	error = `1`;
2677	}
2678
2679	if (interlace_type >= PNG_INTERLACE_LAST)
2680	{
2681	png_warning(png_ptr, "Unknown interlace method in IHDR");
2682	error = `1`;
2683	}
2684
2685	if (compression_type != PNG_COMPRESSION_TYPE_BASE)
2686	{
2687	png_warning(png_ptr, "Unknown compression method in IHDR");
2688	error = `1`;
2689	}
2690
2691	#ifdef PNG_MNG_FEATURES_SUPPORTED
2692	/ Accept filter_method 64 (intrapixel differencing) only if*
2693	* 1. Libpng was compiled with PNG_MNG_FEATURES_SUPPORTED and
2694	* 2. Libpng did not read a PNG signature (this filter_method is only
2695	* used in PNG datastreams that are embedded in MNG datastreams) and
2696	* 3. The application called png_permit_mng_features with a mask that
2697	* included PNG_FLAG_MNG_FILTER_64 and
2698	* 4. The filter_method is 64 and
2699	* 5. The color_type is RGB or RGBA
2700	*/
2701	if ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) != `0` &&
2702	png_ptr->mng_features_permitted != `0`)
2703	png_warning(png_ptr, "MNG features are not allowed in a PNG datastream");
2704
2705	if (filter_type != PNG_FILTER_TYPE_BASE)
2706	{
2707	if (!((png_ptr->mng_features_permitted & PNG_FLAG_MNG_FILTER_64) != `0` &&
2708	(filter_type == PNG_INTRAPIXEL_DIFFERENCING) &&
2709	((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) == `0`) &&
2710	(color_type == PNG_COLOR_TYPE_RGB \|\|
2711	color_type == PNG_COLOR_TYPE_RGB_ALPHA)))
2712	{
2713	png_warning(png_ptr, "Unknown filter method in IHDR");
2714	error = `1`;
2715	}
2716
2717	if ((png_ptr->mode & PNG_HAVE_PNG_SIGNATURE) != `0`)
2718	{
2719	png_warning(png_ptr, "Invalid filter method in IHDR");
2720	error = `1`;
2721	}
2722	}
2723
2724	#else
2725	if (filter_type != PNG_FILTER_TYPE_BASE)
2726	{
2727	png_warning(png_ptr, "Unknown filter method in IHDR");
2728	error = `1`;
2729	}
2730	#endif
2731
2732	if (error == `1`)
2733	png_error(png_ptr, "Invalid IHDR data");
2734	}
2735
2736	#if defined(PNG_sCAL_SUPPORTED) \|\| defined(PNG_pCAL_SUPPORTED)
2737	/ ASCII to fp functions /
2738	/ Check an ASCII formatted floating point value, see the more detailed*
2739	* comments in pngpriv.h
2740	*/
2741	/ The following is used internally to preserve the sticky flags /
2742	#define png_fp_add(state, flags) ((state) \|= (flags))
2743	#define png_fp_set(state, value) ((state) = (value) \| ((state) & PNG_FP_STICKY))
2744
2745	int / PRIVATE /
2746	png_check_fp_number(png_const_charp string, size_t size, int *statep,
2747	png_size_tp whereami)
2748	{
2749	int state = *statep;
2750	size_t i = *whereami;
2751
2752	while (i < size)
2753	{
2754	int type;
2755	/ First find the type of the next character /
2756	switch (string[i])
2757	{
2758	case `43`: type = PNG_FP_SAW_SIGN; break;
2759	case `45`: type = PNG_FP_SAW_SIGN + PNG_FP_NEGATIVE; break;
2760	case `46`: type = PNG_FP_SAW_DOT; break;
2761	case `48`: type = PNG_FP_SAW_DIGIT; break;
2762	case `49`: case `50`: case `51`: case `52`:
2763	case `53`: case `54`: case `55`: case `56`:
2764	case `57`: type = PNG_FP_SAW_DIGIT + PNG_FP_NONZERO; break;
2765	case `69`:
2766	case `101`: type = PNG_FP_SAW_E; break;
2767	default: goto PNG_FP_End;
2768	}
2769
2770	/ Now deal with this type according to the current*
2771	* state, the type is arranged to not overlap the
2772	* bits of the PNG_FP_STATE.
2773	*/
2774	switch ((state & PNG_FP_STATE) + (type & PNG_FP_SAW_ANY))
2775	{
2776	case PNG_FP_INTEGER + PNG_FP_SAW_SIGN:
2777	if ((state & PNG_FP_SAW_ANY) != `0`)
2778	goto PNG_FP_End; / not a part of the number /
2779
2780	png_fp_add(state, type);
2781	break;
2782
2783	case PNG_FP_INTEGER + PNG_FP_SAW_DOT:
2784	/ Ok as trailer, ok as lead of fraction. /
2785	if ((state & PNG_FP_SAW_DOT) != `0`) / two dots /
2786	goto PNG_FP_End;
2787
2788	else if ((state & PNG_FP_SAW_DIGIT) != `0`) / trailing dot? /
2789	png_fp_add(state, type);
2790
2791	else
2792	png_fp_set(state, PNG_FP_FRACTION \| type);
2793
2794	break;
2795
2796	case PNG_FP_INTEGER + PNG_FP_SAW_DIGIT:
2797	if ((state & PNG_FP_SAW_DOT) != `0`) / delayed fraction /
2798	png_fp_set(state, PNG_FP_FRACTION \| PNG_FP_SAW_DOT);
2799
2800	png_fp_add(state, type \| PNG_FP_WAS_VALID);
2801
2802	break;
2803
2804	case PNG_FP_INTEGER + PNG_FP_SAW_E:
2805	if ((state & PNG_FP_SAW_DIGIT) == `0`)
2806	goto PNG_FP_End;
2807
2808	png_fp_set(state, PNG_FP_EXPONENT);
2809
2810	break;
2811
2812	/ case PNG_FP_FRACTION + PNG_FP_SAW_SIGN:*
2813	goto PNG_FP_End; * no sign in fraction /
2814
2815	/ case PNG_FP_FRACTION + PNG_FP_SAW_DOT:*
2816	goto PNG_FP_End; * Because SAW_DOT is always set /
2817
2818	case PNG_FP_FRACTION + PNG_FP_SAW_DIGIT:
2819	png_fp_add(state, type \| PNG_FP_WAS_VALID);
2820	break;
2821
2822	case PNG_FP_FRACTION + PNG_FP_SAW_E:
2823	/ This is correct because the trailing '.' on an*
2824	* integer is handled above - so we can only get here
2825	* with the sequence ".E" (with no preceding digits).
2826	*/
2827	if ((state & PNG_FP_SAW_DIGIT) == `0`)
2828	goto PNG_FP_End;
2829
2830	png_fp_set(state, PNG_FP_EXPONENT);
2831
2832	break;
2833
2834	case PNG_FP_EXPONENT + PNG_FP_SAW_SIGN:
2835	if ((state & PNG_FP_SAW_ANY) != `0`)
2836	goto PNG_FP_End; / not a part of the number /
2837
2838	png_fp_add(state, PNG_FP_SAW_SIGN);
2839
2840	break;
2841
2842	/ case PNG_FP_EXPONENT + PNG_FP_SAW_DOT:*
2843	goto PNG_FP_End; /*
2844
2845	case PNG_FP_EXPONENT + PNG_FP_SAW_DIGIT:
2846	png_fp_add(state, PNG_FP_SAW_DIGIT \| PNG_FP_WAS_VALID);
2847
2848	break;
2849
2850	/ case PNG_FP_EXPONEXT + PNG_FP_SAW_E:*
2851	goto PNG_FP_End; /*
2852
2853	default: goto PNG_FP_End; / I.e. break 2 /
2854	}
2855
2856	/ The character seems ok, continue. /
2857	++i;
2858	}
2859
2860	PNG_FP_End:
2861	/ Here at the end, update the state and return the correct*
2862	* return code.
2863	*/
2864	*statep = state;
2865	*whereami = i;
2866
2867	return (state & PNG_FP_SAW_DIGIT) != `0`;
2868	}
2869
2870
2871	/ The same but for a complete string. /
2872	int
2873	png_check_fp_string(png_const_charp string, size_t size)
2874	{
2875	int state=`0`;
2876	size_t char_index=`0`;
2877
2878	if (png_check_fp_number(string, size, &state, &char_index) != `0` &&
2879	(char_index == size \|\| string[char_index] == `0`))
2880	return state / must be non-zero - see above /;
2881
2882	return `0`; / i.e. fail /
2883	}
2884	#endif /* pCAL \|\| sCAL */
2885
2886	#ifdef PNG_sCAL_SUPPORTED
2887	# ifdef PNG_FLOATING_POINT_SUPPORTED
2888	/ Utility used below - a simple accurate power of ten from an integral*
2889	* exponent.
2890	*/
2891	static double
2892	png_pow10(int power)
2893	{
2894	int recip = `0`;
2895	double d = `1`;
2896
2897	/ Handle negative exponent with a reciprocal at the end because*
2898	* 10 is exact whereas .1 is inexact in base 2
2899	*/
2900	if (power < `0`)
2901	{
2902	if (power < DBL_MIN_10_EXP) return `0`;
2903	recip = `1`; power = -power;
2904	}
2905
2906	if (power > `0`)
2907	{
2908	/ Decompose power bitwise. /
2909	double mult = `10`;
2910	do
2911	{
2912	if (power & `1`) d *= mult;
2913	mult *= mult;
2914	power >>= `1`;
2915	}
2916	while (power > `0`);
2917
2918	if (recip != `0`) d = `1`/d;
2919	}
2920	/ else power is 0 and d is 1 /
2921
2922	return d;
2923	}
2924
2925	/ Function to format a floating point value in ASCII with a given*
2926	* precision.
2927	*/
2928	#if GCC_STRICT_OVERFLOW
2929	#pragma GCC diagnostic push
2930	/ The problem arises below with exp_b10, which can never overflow because it*
2931	* comes, originally, from frexp and is therefore limited to a range which is
2932	* typically +/-710 (log2(DBL_MAX)/log2(DBL_MIN)).
2933	*/
2934	#pragma GCC diagnostic warning "-Wstrict-overflow=2"
2935	#endif /* GCC_STRICT_OVERFLOW */
2936	void / PRIVATE /
2937	png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, size_t size,
2938	double fp, unsigned int precision)
2939	{
2940	/ We use standard functions from math.h, but not printf because*
2941	* that would require stdio. The caller must supply a buffer of
2942	* sufficient size or we will png_error. The tests on size and
2943	* the space in ascii[] consumed are indicated below.
2944	*/
2945	if (precision < `1`)
2946	precision = DBL_DIG;
2947
2948	/ Enforce the limit of the implementation precision too. /
2949	if (precision > DBL_DIG+`1`)
2950	precision = DBL_DIG+`1`;
2951
2952	/ Basic sanity checks /
2953	if (size >= precision+`5`) / See the requirements below. /
2954	{
2955	if (fp < `0`)
2956	{
2957	fp = -fp;
2958	ascii++ = `45`; /* '-' PLUS 1 TOTAL 1 /
2959	--size;
2960	}
2961
2962	if (fp >= DBL_MIN && fp <= DBL_MAX)
2963	{
2964	int exp_b10; / A base 10 exponent /
2965	double base; / 10^exp_b10 /
2966
2967	/ First extract a base 10 exponent of the number,*
2968	* the calculation below rounds down when converting
2969	* from base 2 to base 10 (multiply by log10(2) -
2970	* 0.3010, but 77/256 is 0.3008, so exp_b10 needs to
2971	* be increased. Note that the arithmetic shift
2972	* performs a floor() unlike C arithmetic - using a
2973	* C multiply would break the following for negative
2974	* exponents.
2975	*/
2976	(void)frexp(fp, &exp_b10); / exponent to base 2 /
2977
2978	exp_b10 = (exp_b10 * `77`) >> `8`; / <= exponent to base 10 /
2979
2980	/ Avoid underflow here. /
2981	base = png_pow10(exp_b10); / May underflow /
2982
2983	while (base < DBL_MIN \|\| base < fp)
2984	{
2985	/ And this may overflow. /
2986	double test = png_pow10(exp_b10+`1`);
2987
2988	if (test <= DBL_MAX)
2989	{
2990	++exp_b10; base = test;
2991	}
2992
2993	else
2994	break;
2995	}
2996
2997	/ Normalize fp and correct exp_b10, after this fp is in the*
2998	* range [.1,1) and exp_b10 is both the exponent and the digit
2999	* before which the decimal point should be inserted
3000	* (starting with 0 for the first digit). Note that this
3001	* works even if 10^exp_b10 is out of range because of the
3002	* test on DBL_MAX above.
3003	*/
3004	fp /= base;
3005	while (fp >= `1`)
3006	{
3007	fp /= `10`; ++exp_b10;
3008	}
3009
3010	/ Because of the code above fp may, at this point, be*
3011	* less than .1, this is ok because the code below can
3012	* handle the leading zeros this generates, so no attempt
3013	* is made to correct that here.
3014	*/
3015
3016	{
3017	unsigned int czero, clead, cdigits;
3018	char exponent[`10`];
3019
3020	/ Allow up to two leading zeros - this will not lengthen*
3021	* the number compared to using E-n.
3022	*/
3023	if (exp_b10 < `0` && exp_b10 > -`3`) / PLUS 3 TOTAL 4 /
3024	{
3025	czero = `0U`-exp_b10; / PLUS 2 digits: TOTAL 3 /
3026	exp_b10 = `0`; / Dot added below before first output. /
3027	}
3028	else
3029	czero = `0`; / No zeros to add /
3030
3031	/ Generate the digit list, stripping trailing zeros and*
3032	* inserting a '.' before a digit if the exponent is 0.
3033	*/
3034	clead = czero; / Count of leading zeros /
3035	cdigits = `0`; / Count of digits in list. /
3036
3037	do
3038	{
3039	double d;
3040
3041	fp *= `10`;
3042	/ Use modf here, not floor and subtract, so that*
3043	* the separation is done in one step. At the end
3044	* of the loop don't break the number into parts so
3045	* that the final digit is rounded.
3046	*/
3047	if (cdigits+czero+`1` < precision+clead)
3048	fp = modf(fp, &d);
3049
3050	else
3051	{
3052	d = floor(fp + `.5`);
3053
3054	if (d > `9`)
3055	{
3056	/ Rounding up to 10, handle that here. /
3057	if (czero > `0`)
3058	{
3059	--czero; d = `1`;
3060	if (cdigits == `0`) --clead;
3061	}
3062	else
3063	{
3064	while (cdigits > `0` && d > `9`)
3065	{
3066	int ch = *--ascii;
3067
3068	if (exp_b10 != (-`1`))
3069	++exp_b10;
3070
3071	else if (ch == `46`)
3072	{
3073	ch = *--ascii; ++size;
3074	/ Advance exp_b10 to '1', so that the*
3075	* decimal point happens after the
3076	* previous digit.
3077	*/
3078	exp_b10 = `1`;
3079	}
3080
3081	--cdigits;
3082	d = ch - `47`; / I.e. 1+(ch-48) /
3083	}
3084
3085	/ Did we reach the beginning? If so adjust the*
3086	* exponent but take into account the leading
3087	* decimal point.
3088	*/
3089	if (d > `9`) / cdigits == 0 /
3090	{
3091	if (exp_b10 == (-`1`))
3092	{
3093	/ Leading decimal point (plus zeros?), if*
3094	* we lose the decimal point here it must
3095	* be reentered below.
3096	*/
3097	int ch = *--ascii;
3098
3099	if (ch == `46`)
3100	{
3101	++size; exp_b10 = `1`;
3102	}
3103
3104	/ Else lost a leading zero, so 'exp_b10' is*
3105	* still ok at (-1)
3106	*/
3107	}
3108	else
3109	++exp_b10;
3110
3111	/ In all cases we output a '1' /
3112	d = `1`;
3113	}
3114	}
3115	}
3116	fp = `0`; / Guarantees termination below. /
3117	}
3118
3119	if (d == `0`)
3120	{
3121	++czero;
3122	if (cdigits == `0`) ++clead;
3123	}
3124	else
3125	{
3126	/ Included embedded zeros in the digit count. /
3127	cdigits += czero - clead;
3128	clead = `0`;
3129
3130	while (czero > `0`)
3131	{
3132	/ exp_b10 == (-1) means we just output the decimal*
3133	* place - after the DP don't adjust 'exp_b10' any
3134	* more!
3135	*/
3136	if (exp_b10 != (-`1`))
3137	{
3138	if (exp_b10 == `0`)
3139	{
3140	*ascii++ = `46`; --size;
3141	}
3142	/ PLUS 1: TOTAL 4 /
3143	--exp_b10;
3144	}
3145	*ascii++ = `48`; --czero;
3146	}
3147
3148	if (exp_b10 != (-`1`))
3149	{
3150	if (exp_b10 == `0`)
3151	{
3152	ascii++ = `46`; --size; /* counted above /
3153	}
3154
3155	--exp_b10;
3156	}
3157	ascii++ = (char)(`48` + (int*)d); ++cdigits;
3158	}
3159	}
3160	while (cdigits+czero < precision+clead && fp > DBL_MIN);
3161
3162	/ The total output count (max) is now 4+precision /
3163
3164	/ Check for an exponent, if we don't need one we are*
3165	* done and just need to terminate the string. At
3166	* this point exp_b10==(-1) is effectively a flag - it got
3167	* to '-1' because of the decrement after outputting
3168	* the decimal point above (the exponent required is
3169	* not -1!)
3170	*/
3171	if (exp_b10 >= (-`1`) && exp_b10 <= `2`)
3172	{
3173	/ The following only happens if we didn't output the*
3174	* leading zeros above for negative exponent, so this
3175	* doesn't add to the digit requirement. Note that the
3176	* two zeros here can only be output if the two leading
3177	* zeros were not output, so this doesn't increase
3178	* the output count.
3179	*/
3180	while (exp_b10-- > `0`) *ascii++ = `48`;
3181
3182	*ascii = `0`;
3183
3184	/ Total buffer requirement (including the '\0') is*
3185	* 5+precision - see check at the start.
3186	*/
3187	return;
3188	}
3189
3190	/ Here if an exponent is required, adjust size for*
3191	* the digits we output but did not count. The total
3192	* digit output here so far is at most 1+precision - no
3193	* decimal point and no leading or trailing zeros have
3194	* been output.
3195	*/
3196	size -= cdigits;
3197
3198	ascii++ = `69`; --size; /* 'E': PLUS 1 TOTAL 2+precision /
3199
3200	/ The following use of an unsigned temporary avoids ambiguities in*
3201	* the signed arithmetic on exp_b10 and permits GCC at least to do
3202	* better optimization.
3203	*/
3204	{
3205	unsigned int uexp_b10;
3206
3207	if (exp_b10 < `0`)
3208	{
3209	ascii++ = `45`; --size; /* '-': PLUS 1 TOTAL 3+precision /
3210	uexp_b10 = `0U`-exp_b10;
3211	}
3212
3213	else
3214	uexp_b10 = `0U`+exp_b10;
3215
3216	cdigits = `0`;
3217
3218	while (uexp_b10 > `0`)
3219	{
3220	exponent[cdigits++] = (char)(`48` + uexp_b10 % `10`);
3221	uexp_b10 /= `10`;
3222	}
3223	}
3224
3225	/ Need another size check here for the exponent digits, so*
3226	* this need not be considered above.
3227	*/
3228	if (size > cdigits)
3229	{
3230	while (cdigits > `0`) *ascii++ = exponent[--cdigits];
3231
3232	*ascii = `0`;
3233
3234	return;
3235	}
3236	}
3237	}
3238	else if (!(fp >= DBL_MIN))
3239	{
3240	ascii++ = `48`; /* '0' /
3241	*ascii = `0`;
3242	return;
3243	}
3244	else
3245	{
3246	ascii++ = `105`; /* 'i' /
3247	ascii++ = `110`; /* 'n' /
3248	ascii++ = `102`; /* 'f' /
3249	*ascii = `0`;
3250	return;
3251	}
3252	}
3253
3254	/ Here on buffer too small. /
3255	png_error(png_ptr, "ASCII conversion buffer too small");
3256	}
3257	#if GCC_STRICT_OVERFLOW
3258	#pragma GCC diagnostic pop
3259	#endif /* GCC_STRICT_OVERFLOW */
3260
3261	# endif /* FLOATING_POINT */
3262
3263	# ifdef PNG_FIXED_POINT_SUPPORTED
3264	/ Function to format a fixed point value in ASCII.*
3265	*/
3266	void / PRIVATE /
3267	png_ascii_from_fixed(png_const_structrp png_ptr, png_charp ascii,
3268	size_t size, png_fixed_point fp)
3269	{
3270	/ Require space for 10 decimal digits, a decimal point, a minus sign and a*
3271	* trailing \0, 13 characters:
3272	*/
3273	if (size > `12`)
3274	{
3275	png_uint_32 num;
3276
3277	/ Avoid overflow here on the minimum integer. /
3278	if (fp < `0`)
3279	{
3280	*ascii++ = `45`; num = (png_uint_32)(-fp);
3281	}
3282	else
3283	num = (png_uint_32)fp;
3284
3285	if (num <= `0x80000000`) / else overflowed /
3286	{
3287	unsigned int ndigits = `0`, first = `16` / flag value /;
3288	char digits[`10`];
3289
3290	while (num)
3291	{
3292	/ Split the low digit off num: /
3293	unsigned int tmp = num/`10`;
3294	num -= tmp*`10`;
3295	digits[ndigits++] = (char)(`48` + num);
3296	/ Record the first non-zero digit, note that this is a number*
3297	* starting at 1, it's not actually the array index.
3298	*/
3299	if (first == `16` && num > `0`)
3300	first = ndigits;
3301	num = tmp;
3302	}
3303
3304	if (ndigits > `0`)
3305	{
3306	while (ndigits > `5`) *ascii++ = digits[--ndigits];
3307	/ The remaining digits are fractional digits, ndigits is '5' or*
3308	* smaller at this point. It is certainly not zero. Check for a
3309	* non-zero fractional digit:
3310	*/
3311	if (first <= `5`)
3312	{
3313	unsigned int i;
3314	ascii++ = `46`; /* decimal point /
3315	/ ndigits may be <5 for small numbers, output leading zeros*
3316	* then ndigits digits to first:
3317	*/
3318	i = `5`;
3319	while (ndigits < i)
3320	{
3321	*ascii++ = `48`; --i;
3322	}
3323	while (ndigits >= first) *ascii++ = digits[--ndigits];
3324	/ Don't output the trailing zeros! /
3325	}
3326	}
3327	else
3328	*ascii++ = `48`;
3329
3330	/ And null terminate the string: /
3331	*ascii = `0`;
3332	return;
3333	}
3334	}
3335
3336	/ Here on buffer too small. /
3337	png_error(png_ptr, "ASCII conversion buffer too small");
3338	}
3339	# endif /* FIXED_POINT */
3340	#endif /* SCAL */
3341
3342	#if defined(PNG_FLOATING_POINT_SUPPORTED) && \
3343	!defined(PNG_FIXED_POINT_MACRO_SUPPORTED) && \
3344	(defined(PNG_gAMA_SUPPORTED) \|\| defined(PNG_cHRM_SUPPORTED) \|\| \
3345	defined(PNG_sCAL_SUPPORTED) \|\| defined(PNG_READ_BACKGROUND_SUPPORTED) \|\| \
3346	defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)) \|\| \
3347	(defined(PNG_sCAL_SUPPORTED) && \
3348	defined(PNG_FLOATING_ARITHMETIC_SUPPORTED))
3349	png_fixed_point
3350	png_fixed(png_const_structrp png_ptr, double fp, png_const_charp text)
3351	{
3352	double r = floor(`100000` * fp + `.5`);
3353
3354	if (r > `2147483647.` \|\| r < -`2147483648.`)
3355	png_fixed_error(png_ptr, text);
3356
3357	# ifndef PNG_ERROR_TEXT_SUPPORTED
3358	PNG_UNUSED(text)
3359	# endif
3360
3361	return (png_fixed_point)r;
3362	}
3363	#endif
3364
3365	#if defined(PNG_GAMMA_SUPPORTED) \|\| defined(PNG_COLORSPACE_SUPPORTED) \|\|\
3366	defined(PNG_INCH_CONVERSIONS_SUPPORTED) \|\| defined(PNG_READ_pHYs_SUPPORTED)
3367	/ muldiv functions /
3368	/ This API takes signed arguments and rounds the result to the nearest*
3369	* integer (or, for a fixed point number - the standard argument - to
3370	* the nearest .00001). Overflow and divide by zero are signalled in
3371	* the result, a boolean - true on success, false on overflow.
3372	*/
3373	#if GCC_STRICT_OVERFLOW /* from above */
3374	/ It is not obvious which comparison below gets optimized in such a way that*
3375	* signed overflow would change the result; looking through the code does not
3376	* reveal any tests which have the form GCC complains about, so presumably the
3377	* optimizer is moving an add or subtract into the 'if' somewhere.
3378	*/
3379	#pragma GCC diagnostic push
3380	#pragma GCC diagnostic warning "-Wstrict-overflow=2"
3381	#endif /* GCC_STRICT_OVERFLOW */
3382	int
3383	png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times,
3384	png_int_32 divisor)
3385	{
3386	/ Return a * times / divisor, rounded. /
3387	if (divisor != `0`)
3388	{
3389	if (a == `0` \|\| times == `0`)
3390	{
3391	*res = `0`;
3392	return `1`;
3393	}
3394	else
3395	{
3396	#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3397	double r = a;
3398	r *= times;
3399	r /= divisor;
3400	r = floor(r+`.5`);
3401
3402	/ A png_fixed_point is a 32-bit integer. /
3403	if (r <= `2147483647.` && r >= -`2147483648.`)
3404	{
3405	*res = (png_fixed_point)r;
3406	return `1`;
3407	}
3408	#else
3409	int negative = `0`;
3410	png_uint_32 A, T, D;
3411	png_uint_32 s16, s32, s00;
3412
3413	if (a < `0`)
3414	negative = `1`, A = -a;
3415	else
3416	A = a;
3417
3418	if (times < `0`)
3419	negative = !negative, T = -times;
3420	else
3421	T = times;
3422
3423	if (divisor < `0`)
3424	negative = !negative, D = -divisor;
3425	else
3426	D = divisor;
3427
3428	/ Following can't overflow because the arguments only*
3429	* have 31 bits each, however the result may be 32 bits.
3430	*/
3431	s16 = (A >> `16`) * (T & `0xffff`) +
3432	(A & `0xffff`) * (T >> `16`);
3433	/ Can't overflow because the atimes bit is only 30
3434	* bits at most.
3435	*/
3436	s32 = (A >> `16`) * (T >> `16`) + (s16 >> `16`);
3437	s00 = (A & `0xffff`) * (T & `0xffff`);
3438
3439	s16 = (s16 & `0xffff`) << `16`;
3440	s00 += s16;
3441
3442	if (s00 < s16)
3443	++s32; / carry /
3444
3445	if (s32 < D) / else overflow /
3446	{
3447	/ s32.s00 is now the 64-bit product, do a standard*
3448	* division, we know that s32 < D, so the maximum
3449	* required shift is 31.
3450	*/
3451	int bitshift = `32`;
3452	png_fixed_point result = `0`; / NOTE: signed /
3453
3454	while (--bitshift >= `0`)
3455	{
3456	png_uint_32 d32, d00;
3457
3458	if (bitshift > `0`)
3459	d32 = D >> (`32`-bitshift), d00 = D << bitshift;
3460
3461	else
3462	d32 = `0`, d00 = D;
3463
3464	if (s32 > d32)
3465	{
3466	if (s00 < d00) --s32; / carry /
3467	s32 -= d32, s00 -= d00, result += `1`<<bitshift;
3468	}
3469
3470	else
3471	if (s32 == d32 && s00 >= d00)
3472	s32 = `0`, s00 -= d00, result += `1`<<bitshift;
3473	}
3474
3475	/ Handle the rounding. /
3476	if (s00 >= (D >> `1`))
3477	++result;
3478
3479	if (negative != `0`)
3480	result = -result;
3481
3482	/ Check for overflow. /
3483	if ((negative != `0` && result <= `0`) \|\|
3484	(negative == `0` && result >= `0`))
3485	{
3486	*res = result;
3487	return `1`;
3488	}
3489	}
3490	#endif
3491	}
3492	}
3493
3494	return `0`;
3495	}
3496	#if GCC_STRICT_OVERFLOW
3497	#pragma GCC diagnostic pop
3498	#endif /* GCC_STRICT_OVERFLOW */
3499	#endif /* READ_GAMMA \|\| INCH_CONVERSIONS */
3500
3501	#if defined(PNG_READ_GAMMA_SUPPORTED) \|\| defined(PNG_INCH_CONVERSIONS_SUPPORTED)
3502	/ The following is for when the caller doesn't much care about the*
3503	* result.
3504	*/
3505	png_fixed_point
3506	png_muldiv_warn(png_const_structrp png_ptr, png_fixed_point a, png_int_32 times,
3507	png_int_32 divisor)
3508	{
3509	png_fixed_point result;
3510
3511	if (png_muldiv(&result, a, times, divisor) != `0`)
3512	return result;
3513
3514	png_warning(png_ptr, "fixed point overflow ignored");
3515	return `0`;
3516	}
3517	#endif
3518
3519	#ifdef PNG_GAMMA_SUPPORTED /* more fixed point functions for gamma */
3520	/ Calculate a reciprocal, return 0 on div-by-zero or overflow. /
3521	png_fixed_point
3522	png_reciprocal(png_fixed_point a)
3523	{
3524	#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3525	double r = floor(`1E10`/a+`.5`);
3526
3527	if (r <= `2147483647.` && r >= -`2147483648.`)
3528	return (png_fixed_point)r;
3529	#else
3530	png_fixed_point res;
3531
3532	if (png_muldiv(&res, `100000`, `100000`, a) != `0`)
3533	return res;
3534	#endif
3535
3536	return `0`; / error/overflow /
3537	}
3538
3539	/ This is the shared test on whether a gamma value is 'significant' - whether*
3540	* it is worth doing gamma correction.
3541	*/
3542	int / PRIVATE /
3543	png_gamma_significant(png_fixed_point gamma_val)
3544	{
3545	return gamma_val < PNG_FP_1 - PNG_GAMMA_THRESHOLD_FIXED \|\|
3546	gamma_val > PNG_FP_1 + PNG_GAMMA_THRESHOLD_FIXED;
3547	}
3548	#endif
3549
3550	#ifdef PNG_READ_GAMMA_SUPPORTED
3551	#ifdef PNG_16BIT_SUPPORTED
3552	/ A local convenience routine. /
3553	static png_fixed_point
3554	png_product2(png_fixed_point a, png_fixed_point b)
3555	{
3556	/ The required result is 1/a * 1/b; the following preserves accuracy. /
3557	#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3558	double r = a * `1E-5`;
3559	r *= b;
3560	r = floor(r+`.5`);
3561
3562	if (r <= `2147483647.` && r >= -`2147483648.`)
3563	return (png_fixed_point)r;
3564	#else
3565	png_fixed_point res;
3566
3567	if (png_muldiv(&res, a, b, `100000`) != `0`)
3568	return res;
3569	#endif
3570
3571	return `0`; / overflow /
3572	}
3573	#endif /* 16BIT */
3574
3575	/ The inverse of the above. /
3576	png_fixed_point
3577	png_reciprocal2(png_fixed_point a, png_fixed_point b)
3578	{
3579	/ The required result is 1/a * 1/b; the following preserves accuracy. /
3580	#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3581	if (a != `0` && b != `0`)
3582	{
3583	double r = `1E15`/a;
3584	r /= b;
3585	r = floor(r+`.5`);
3586
3587	if (r <= `2147483647.` && r >= -`2147483648.`)
3588	return (png_fixed_point)r;
3589	}
3590	#else
3591	/ This may overflow because the range of png_fixed_point isn't symmetric,*
3592	* but this API is only used for the product of file and screen gamma so it
3593	* doesn't matter that the smallest number it can produce is 1/21474, not
3594	* 1/100000
3595	*/
3596	png_fixed_point res = png_product2(a, b);
3597
3598	if (res != `0`)
3599	return png_reciprocal(res);
3600	#endif
3601
3602	return `0`; / overflow /
3603	}
3604	#endif /* READ_GAMMA */
3605
3606	#ifdef PNG_READ_GAMMA_SUPPORTED /* gamma table code */
3607	#ifndef PNG_FLOATING_ARITHMETIC_SUPPORTED
3608	/ Fixed point gamma.*
3609	*
3610	* The code to calculate the tables used below can be found in the shell script
3611	* contrib/tools/intgamma.sh
3612	*
3613	* To calculate gamma this code implements fast log() and exp() calls using only
3614	* fixed point arithmetic. This code has sufficient precision for either 8-bit
3615	* or 16-bit sample values.
3616	*
3617	* The tables used here were calculated using simple 'bc' programs, but C double
3618	* precision floating point arithmetic would work fine.
3619	*
3620	* 8-bit log table
3621	* This is a table of -log(value/255)/log(2) for 'value' in the range 128 to
3622	* 255, so it's the base 2 logarithm of a normalized 8-bit floating point
3623	* mantissa. The numbers are 32-bit fractions.
3624	*/
3625	static const png_uint_32
3626	png_8bit_l2[`128`] =
3627	{
3628	`4270715492U`, `4222494797U`, `4174646467U`, `4127164793U`, `4080044201U`, `4033279239U`,
3629	`3986864580U`, `3940795015U`, `3895065449U`, `3849670902U`, `3804606499U`, `3759867474U`,
3630	`3715449162U`, `3671346997U`, `3627556511U`, `3584073329U`, `3540893168U`, `3498011834U`,
3631	`3455425220U`, `3413129301U`, `3371120137U`, `3329393864U`, `3287946700U`, `3246774933U`,
3632	`3205874930U`, `3165243125U`, `3124876025U`, `3084770202U`, `3044922296U`, `3005329011U`,
3633	`2965987113U`, `2926893432U`, `2888044853U`, `2849438323U`, `2811070844U`, `2772939474U`,
3634	`2735041326U`, `2697373562U`, `2659933400U`, `2622718104U`, `2585724991U`, `2548951424U`,
3635	`2512394810U`, `2476052606U`, `2439922311U`, `2404001468U`, `2368287663U`, `2332778523U`,
3636	`2297471715U`, `2262364947U`, `2227455964U`, `2192742551U`, `2158222529U`, `2123893754U`,
3637	`2089754119U`, `2055801552U`, `2022034013U`, `1988449497U`, `1955046031U`, `1921821672U`,
3638	`1888774511U`, `1855902668U`, `1823204291U`, `1790677560U`, `1758320682U`, `1726131893U`,
3639	`1694109454U`, `1662251657U`, `1630556815U`, `1599023271U`, `1567649391U`, `1536433567U`,
3640	`1505374214U`, `1474469770U`, `1443718700U`, `1413119487U`, `1382670639U`, `1352370686U`,
3641	`1322218179U`, `1292211689U`, `1262349810U`, `1232631153U`, `1203054352U`, `1173618059U`,
3642	`1144320946U`, `1115161701U`, `1086139034U`, `1057251672U`, `1028498358U`, `999877854U`,
3643	`971388940U`, `943030410U`, `914801076U`, `886699767U`, `858725327U`, `830876614U`,
3644	`803152505U`, `775551890U`, `748073672U`, `720716771U`, `693480120U`, `666362667U`,
3645	`639363374U`, `612481215U`, `585715177U`, `559064263U`, `532527486U`, `506103872U`,
3646	`479792461U`, `453592303U`, `427502463U`, `401522014U`, `375650043U`, `349885648U`,
3647	`324227938U`, `298676034U`, `273229066U`, `247886176U`, `222646516U`, `197509248U`,
3648	`172473545U`, `147538590U`, `122703574U`, `97967701U`, `73330182U`, `48790236U`,
3649	`24347096U`, `0U`
3650
3651	#if 0
3652	/ The following are the values for 16-bit tables - these work fine for the*
3653	* 8-bit conversions but produce very slightly larger errors in the 16-bit
3654	* log (about 1.2 as opposed to 0.7 absolute error in the final value). To
3655	* use these all the shifts below must be adjusted appropriately.
3656	*/
3657	`65166`, `64430`, `63700`, `62976`, `62257`, `61543`, `60835`, `60132`, `59434`, `58741`, `58054`,
3658	`57371`, `56693`, `56020`, `55352`, `54689`, `54030`, `53375`, `52726`, `52080`, `51439`, `50803`,
3659	`50170`, `49542`, `48918`, `48298`, `47682`, `47070`, `46462`, `45858`, `45257`, `44661`, `44068`,
3660	`43479`, `42894`, `42312`, `41733`, `41159`, `40587`, `40020`, `39455`, `38894`, `38336`, `37782`,
3661	`37230`, `36682`, `36137`, `35595`, `35057`, `34521`, `33988`, `33459`, `32932`, `32408`, `31887`,
3662	`31369`, `30854`, `30341`, `29832`, `29325`, `28820`, `28319`, `27820`, `27324`, `26830`, `26339`,
3663	`25850`, `25364`, `24880`, `24399`, `23920`, `23444`, `22970`, `22499`, `22029`, `21562`, `21098`,
3664	`20636`, `20175`, `19718`, `19262`, `18808`, `18357`, `17908`, `17461`, `17016`, `16573`, `16132`,
3665	`15694`, `15257`, `14822`, `14390`, `13959`, `13530`, `13103`, `12678`, `12255`, `11834`, `11415`,
3666	`10997`, `10582`, `10168`, `9756`, `9346`, `8937`, `8531`, `8126`, `7723`, `7321`, `6921`, `6523`,
3667	`6127`, `5732`, `5339`, `4947`, `4557`, `4169`, `3782`, `3397`, `3014`, `2632`, `2251`, `1872`, `1495`,
3668	`1119`, `744`, `372`
3669	#endif
3670	};
3671
3672	static png_int_32
3673	png_log8bit(unsigned int x)
3674	{
3675	unsigned int lg2 = `0`;
3676	/ Each time 'x' is multiplied by 2, 1 must be subtracted off the final log,*
3677	* because the log is actually negate that means adding 1. The final
3678	* returned value thus has the range 0 (for 255 input) to 7.994 (for 1
3679	* input), return -1 for the overflow (log 0) case, - so the result is
3680	* always at most 19 bits.
3681	*/
3682	if ((x &= `0xff`) == `0`)
3683	return -`1`;
3684
3685	if ((x & `0xf0`) == `0`)
3686	lg2 = `4`, x <<= `4`;
3687
3688	if ((x & `0xc0`) == `0`)
3689	lg2 += `2`, x <<= `2`;
3690
3691	if ((x & `0x80`) == `0`)
3692	lg2 += `1`, x <<= `1`;
3693
3694	/ result is at most 19 bits, so this cast is safe: /
3695	return (png_int_32)((lg2 << `16`) + ((png_8bit_l2[x-`128`]+`32768`)>>`16`));
3696	}
3697
3698	/ The above gives exact (to 16 binary places) log2 values for 8-bit images,*
3699	* for 16-bit images we use the most significant 8 bits of the 16-bit value to
3700	* get an approximation then multiply the approximation by a correction factor
3701	* determined by the remaining up to 8 bits. This requires an additional step
3702	* in the 16-bit case.
3703	*
3704	* We want log2(value/65535), we have log2(v'/255), where:
3705	*
3706	* value = v' * 256 + v''
3707	* = v' * f
3708	*
3709	* So f is value/v', which is equal to (256+v''/v') since v' is in the range 128
3710	* to 255 and v'' is in the range 0 to 255 f will be in the range 256 to less
3711	* than 258. The final factor also needs to correct for the fact that our 8-bit
3712	* value is scaled by 255, whereas the 16-bit values must be scaled by 65535.
3713	*
3714	* This gives a final formula using a calculated value 'x' which is value/v' and
3715	* scaling by 65536 to match the above table:
3716	*
3717	* log2(x/257) * 65536
3718	*
3719	* Since these numbers are so close to '1' we can use simple linear
3720	* interpolation between the two end values 256/257 (result -368.61) and 258/257
3721	* (result 367.179). The values used below are scaled by a further 64 to give
3722	* 16-bit precision in the interpolation:
3723	*
3724	* Start (256): -23591
3725	* Zero (257): 0
3726	* End (258): 23499
3727	*/
3728	#ifdef PNG_16BIT_SUPPORTED
3729	static png_int_32
3730	png_log16bit(png_uint_32 x)
3731	{
3732	unsigned int lg2 = `0`;
3733
3734	/ As above, but now the input has 16 bits. /
3735	if ((x &= `0xffff`) == `0`)
3736	return -`1`;
3737
3738	if ((x & `0xff00`) == `0`)
3739	lg2 = `8`, x <<= `8`;
3740
3741	if ((x & `0xf000`) == `0`)
3742	lg2 += `4`, x <<= `4`;
3743
3744	if ((x & `0xc000`) == `0`)
3745	lg2 += `2`, x <<= `2`;
3746
3747	if ((x & `0x8000`) == `0`)
3748	lg2 += `1`, x <<= `1`;
3749
3750	/ Calculate the base logarithm from the top 8 bits as a 28-bit fractional*
3751	* value.
3752	*/
3753	lg2 <<= `28`;
3754	lg2 += (png_8bit_l2[(x>>`8`)-`128`]+`8`) >> `4`;
3755
3756	/ Now we need to interpolate the factor, this requires a division by the top*
3757	* 8 bits. Do this with maximum precision.
3758	*/
3759	x = ((x << `16`) + (x >> `9`)) / (x >> `8`);
3760
3761	/ Since we divided by the top 8 bits of 'x' there will be a '1' at 1<<24,*
3762	* the value at 1<<16 (ignoring this) will be 0 or 1; this gives us exactly
3763	* 16 bits to interpolate to get the low bits of the result. Round the
3764	* answer. Note that the end point values are scaled by 64 to retain overall
3765	* precision and that 'lg2' is current scaled by an extra 12 bits, so adjust
3766	* the overall scaling by 6-12. Round at every step.
3767	*/
3768	x -= `1U` << `24`;
3769
3770	if (x <= `65536U`) / <= '257' /
3771	lg2 += ((`23591U` * (`65536U`-x)) + (`1U` << (`16`+`6`-`12`-`1`))) >> (`16`+`6`-`12`);
3772
3773	else
3774	lg2 -= ((`23499U` * (x-`65536U`)) + (`1U` << (`16`+`6`-`12`-`1`))) >> (`16`+`6`-`12`);
3775
3776	/ Safe, because the result can't have more than 20 bits: /
3777	return (png_int_32)((lg2 + `2048`) >> `12`);
3778	}
3779	#endif /* 16BIT */
3780
3781	/ The 'exp()' case must invert the above, taking a 20-bit fixed point*
3782	* logarithmic value and returning a 16 or 8-bit number as appropriate. In
3783	* each case only the low 16 bits are relevant - the fraction - since the
3784	* integer bits (the top 4) simply determine a shift.
3785	*
3786	* The worst case is the 16-bit distinction between 65535 and 65534. This
3787	* requires perhaps spurious accuracy in the decoding of the logarithm to
3788	* distinguish log2(65535/65534.5) - 10^-5 or 17 bits. There is little chance
3789	* of getting this accuracy in practice.
3790	*
3791	* To deal with this the following exp() function works out the exponent of the
3792	* fractional part of the logarithm by using an accurate 32-bit value from the
3793	* top four fractional bits then multiplying in the remaining bits.
3794	*/
3795	static const png_uint_32
3796	png_32bit_exp[`16`] =
3797	{
3798	/ NOTE: the first entry is deliberately set to the maximum 32-bit value. /
3799	`4294967295U`, `4112874773U`, `3938502376U`, `3771522796U`, `3611622603U`, `3458501653U`,
3800	`3311872529U`, `3171459999U`, `3037000500U`, `2908241642U`, `2784941738U`, `2666869345U`,
3801	`2553802834U`, `2445529972U`, `2341847524U`, `2242560872U`
3802	};
3803
3804	/ Adjustment table; provided to explain the numbers in the code below. /
3805	#if 0
3806	for (i=`11`;i>=`0`;--i){ print i, " ", (`1` - e(-(`2`^i)/`65536`l(`2`))) `2`^(`32`-i), "\n"}
3807	`11` `44937.64284865548751208448`
3808	`10` `45180.98734845585101160448`
3809	`9` `45303.31936980687359311872`
3810	`8` `45364.65110595323018870784`
3811	`7` `45395.35850361789624614912`
3812	`6` `45410.72259715102037508096`
3813	`5` `45418.40724413220722311168`
3814	`4` `45422.25021786898173001728`
3815	`3` `45424.17186732298419044352`
3816	`2` `45425.13273269940811464704`
3817	`1` `45425.61317555035558641664`
3818	`0` `45425.85339951654943850496`
3819	#endif
3820
3821	static png_uint_32
3822	png_exp(png_fixed_point x)
3823	{
3824	if (x > `0` && x <= `0xfffff`) / Else overflow or zero (underflow) /
3825	{
3826	/ Obtain a 4-bit approximation /
3827	png_uint_32 e = png_32bit_exp[(x >> `12`) & `0x0f`];
3828
3829	/ Incorporate the low 12 bits - these decrease the returned value by*
3830	* multiplying by a number less than 1 if the bit is set. The multiplier
3831	* is determined by the above table and the shift. Notice that the values
3832	* converge on 45426 and this is used to allow linear interpolation of the
3833	* low bits.
3834	*/
3835	if (x & `0x800`)
3836	e -= (((e >> `16`) * `44938U`) + `16U`) >> `5`;
3837
3838	if (x & `0x400`)
3839	e -= (((e >> `16`) * `45181U`) + `32U`) >> `6`;
3840
3841	if (x & `0x200`)
3842	e -= (((e >> `16`) * `45303U`) + `64U`) >> `7`;
3843
3844	if (x & `0x100`)
3845	e -= (((e >> `16`) * `45365U`) + `128U`) >> `8`;
3846
3847	if (x & `0x080`)
3848	e -= (((e >> `16`) * `45395U`) + `256U`) >> `9`;
3849
3850	if (x & `0x040`)
3851	e -= (((e >> `16`) * `45410U`) + `512U`) >> `10`;
3852
3853	/ And handle the low 6 bits in a single block. /
3854	e -= (((e >> `16`) * `355U` * (x & `0x3fU`)) + `256U`) >> `9`;
3855
3856	/ Handle the upper bits of x. /
3857	e >>= x >> `16`;
3858	return e;
3859	}
3860
3861	/ Check for overflow /
3862	if (x <= `0`)
3863	return png_32bit_exp[`0`];
3864
3865	/ Else underflow /
3866	return `0`;
3867	}
3868
3869	static png_byte
3870	png_exp8bit(png_fixed_point lg2)
3871	{
3872	/ Get a 32-bit value: /
3873	png_uint_32 x = png_exp(lg2);
3874
3875	/ Convert the 32-bit value to 0..255 by multiplying by 256-1. Note that the*
3876	* second, rounding, step can't overflow because of the first, subtraction,
3877	* step.
3878	*/
3879	x -= x >> `8`;
3880	return (png_byte)(((x + `0x7fffffU`) >> `24`) & `0xff`);
3881	}
3882
3883	#ifdef PNG_16BIT_SUPPORTED
3884	static png_uint_16
3885	png_exp16bit(png_fixed_point lg2)
3886	{
3887	/ Get a 32-bit value: /
3888	png_uint_32 x = png_exp(lg2);
3889
3890	/ Convert the 32-bit value to 0..65535 by multiplying by 65536-1: /
3891	x -= x >> `16`;
3892	return (png_uint_16)((x + `32767U`) >> `16`);
3893	}
3894	#endif /* 16BIT */
3895	#endif /* FLOATING_ARITHMETIC */
3896
3897	png_byte
3898	png_gamma_8bit_correct(unsigned int value, png_fixed_point gamma_val)
3899	{
3900	if (value > `0` && value < `255`)
3901	{
3902	# ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3903	/ 'value' is unsigned, ANSI-C90 requires the compiler to correctly*
3904	* convert this to a floating point value. This includes values that
3905	* would overflow if 'value' were to be converted to 'int'.
3906	*
3907	* Apparently GCC, however, does an intermediate conversion to (int)
3908	* on some (ARM) but not all (x86) platforms, possibly because of
3909	* hardware FP limitations. (E.g. if the hardware conversion always
3910	* assumes the integer register contains a signed value.) This results
3911	* in ANSI-C undefined behavior for large values.
3912	*
3913	* Other implementations on the same machine might actually be ANSI-C90
3914	* conformant and therefore compile spurious extra code for the large
3915	* values.
3916	*
3917	* We can be reasonably sure that an unsigned to float conversion
3918	* won't be faster than an int to float one. Therefore this code
3919	* assumes responsibility for the undefined behavior, which it knows
3920	* can't happen because of the check above.
3921	*
3922	* Note the argument to this routine is an (unsigned int) because, on
3923	* 16-bit platforms, it is assigned a value which might be out of
3924	* range for an (int); that would result in undefined behavior in the
3925	* caller if the argument ('value') were to be declared (int).
3926	*/
3927	double r = floor(`255`pow((int)/SAFE/value/`255.`,gamma_val`.00001`)+`.5`);
3928	return (png_byte)r;
3929	# else
3930	png_int_32 lg2 = png_log8bit(value);
3931	png_fixed_point res;
3932
3933	if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1) != `0`)
3934	return png_exp8bit(res);
3935
3936	/ Overflow. /
3937	value = `0`;
3938	# endif
3939	}
3940
3941	return (png_byte)(value & `0xff`);
3942	}
3943
3944	#ifdef PNG_16BIT_SUPPORTED
3945	png_uint_16
3946	png_gamma_16bit_correct(unsigned int value, png_fixed_point gamma_val)
3947	{
3948	if (value > `0` && value < `65535`)
3949	{
3950	# ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
3951	/ The same (unsigned int)->(double) constraints apply here as above,*
3952	* however in this case the (unsigned int) to (int) conversion can
3953	* overflow on an ANSI-C90 compliant system so the cast needs to ensure
3954	* that this is not possible.
3955	*/
3956	double r = floor(`65535`*pow((png_int_32)value/`65535.`,
3957	gamma_val*`.00001`)+`.5`);
3958	return (png_uint_16)r;
3959	# else
3960	png_int_32 lg2 = png_log16bit(value);
3961	png_fixed_point res;
3962
3963	if (png_muldiv(&res, gamma_val, lg2, PNG_FP_1) != `0`)
3964	return png_exp16bit(res);
3965
3966	/ Overflow. /
3967	value = `0`;
3968	# endif
3969	}
3970
3971	return (png_uint_16)value;
3972	}
3973	#endif /* 16BIT */
3974
3975	/ This does the right thing based on the bit_depth field of the*
3976	* png_struct, interpreting values as 8-bit or 16-bit. While the result
3977	* is nominally a 16-bit value if bit depth is 8 then the result is
3978	* 8-bit (as are the arguments.)
3979	*/
3980	png_uint_16 / PRIVATE /
3981	png_gamma_correct(png_structrp png_ptr, unsigned int value,
3982	png_fixed_point gamma_val)
3983	{
3984	if (png_ptr->bit_depth == `8`)
3985	return png_gamma_8bit_correct(value, gamma_val);
3986
3987	#ifdef PNG_16BIT_SUPPORTED
3988	else
3989	return png_gamma_16bit_correct(value, gamma_val);
3990	#else
3991	/ should not reach this /
3992	return `0`;
3993	#endif /* 16BIT */
3994	}
3995
3996	#ifdef PNG_16BIT_SUPPORTED
3997	/ Internal function to build a single 16-bit table - the table consists of*
3998	* 'num' 256 entry subtables, where 'num' is determined by 'shift' - the amount
3999	* to shift the input values right (or 16-number_of_signifiant_bits).
4000	*
4001	* The caller is responsible for ensuring that the table gets cleaned up on
4002	* png_error (i.e. if one of the mallocs below fails) - i.e. the *table argument
4003	* should be somewhere that will be cleaned.
4004	*/
4005	static void
4006	png_build_16bit_table(png_structrp png_ptr, png_uint_16pp *ptable,
4007	PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
4008	{
4009	/ Various values derived from 'shift': /
4010	PNG_CONST unsigned int num = `1U` << (`8U` - shift);
4011	#ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
4012	/ CSE the division and work round wacky GCC warnings (see the comments*
4013	* in png_gamma_8bit_correct for where these come from.)
4014	*/
4015	PNG_CONST double fmax = `1.`/(((png_int_32)`1` << (`16U` - shift))-`1`);
4016	#endif
4017	PNG_CONST unsigned int max = (`1U` << (`16U` - shift))-`1U`;
4018	PNG_CONST unsigned int max_by_2 = `1U` << (`15U`-shift);
4019	unsigned int i;
4020
4021	png_uint_16pp table = *ptable =
4022	(png_uint_16pp)png_calloc(png_ptr, num * (sizeof (png_uint_16p)));
4023
4024	for (i = `0`; i < num; i++)
4025	{
4026	png_uint_16p sub_table = table[i] =
4027	(png_uint_16p)png_malloc(png_ptr, `256` * (sizeof (png_uint_16)));
4028
4029	/ The 'threshold' test is repeated here because it can arise for one of*
4030	* the 16-bit tables even if the others don't hit it.
4031	*/
4032	if (png_gamma_significant(gamma_val) != `0`)
4033	{
4034	/ The old code would overflow at the end and this would cause the*
4035	* 'pow' function to return a result >1, resulting in an
4036	* arithmetic error. This code follows the spec exactly; ig is
4037	* the recovered input sample, it always has 8-16 bits.
4038	*
4039	* We want input * 65535/max, rounded, the arithmetic fits in 32
4040	* bits (unsigned) so long as max <= 32767.
4041	*/
4042	unsigned int j;
4043	for (j = `0`; j < `256`; j++)
4044	{
4045	png_uint_32 ig = (j << (`8`-shift)) + i;
4046	# ifdef PNG_FLOATING_ARITHMETIC_SUPPORTED
4047	/ Inline the 'max' scaling operation: /
4048	/ See png_gamma_8bit_correct for why the cast to (int) is*
4049	* required here.
4050	*/
4051	double d = floor(`65535.`pow(igfmax, gamma_val*`.00001`)+`.5`);
4052	sub_table[j] = (png_uint_16)d;
4053	# else
4054	if (shift != `0`)
4055	ig = (ig * `65535U` + max_by_2)/max;
4056
4057	sub_table[j] = png_gamma_16bit_correct(ig, gamma_val);
4058	# endif
4059	}
4060	}
4061	else
4062	{
4063	/ We must still build a table, but do it the fast way. /
4064	unsigned int j;
4065
4066	for (j = `0`; j < `256`; j++)
4067	{
4068	png_uint_32 ig = (j << (`8`-shift)) + i;
4069
4070	if (shift != `0`)
4071	ig = (ig * `65535U` + max_by_2)/max;
4072
4073	sub_table[j] = (png_uint_16)ig;
4074	}
4075	}
4076	}
4077	}
4078
4079	/ NOTE: this function expects the inverse of the overall gamma transformation*
4080	* required.
4081	*/
4082	static void
4083	png_build_16to8_table(png_structrp png_ptr, png_uint_16pp *ptable,
4084	PNG_CONST unsigned int shift, PNG_CONST png_fixed_point gamma_val)
4085	{
4086	PNG_CONST unsigned int num = `1U` << (`8U` - shift);
4087	PNG_CONST unsigned int max = (`1U` << (`16U` - shift))-`1U`;
4088	unsigned int i;
4089	png_uint_32 last;
4090
4091	png_uint_16pp table = *ptable =
4092	(png_uint_16pp)png_calloc(png_ptr, num * (sizeof (png_uint_16p)));
4093
4094	/ 'num' is the number of tables and also the number of low bits of low*
4095	* bits of the input 16-bit value used to select a table. Each table is
4096	* itself indexed by the high 8 bits of the value.
4097	*/
4098	for (i = `0`; i < num; i++)
4099	table[i] = (png_uint_16p)png_malloc(png_ptr,
4100	`256` * (sizeof (png_uint_16)));
4101
4102	/ 'gamma_val' is set to the reciprocal of the value calculated above, so*
4103	* pow(out,g) is an input value. 'last' is the last input value set.
4104	*
4105	* In the loop 'i' is used to find output values. Since the output is
4106	* 8-bit there are only 256 possible values. The tables are set up to
4107	* select the closest possible output value for each input by finding
4108	* the input value at the boundary between each pair of output values
4109	* and filling the table up to that boundary with the lower output
4110	* value.
4111	*
4112	* The boundary values are 0.5,1.5..253.5,254.5. Since these are 9-bit
4113	* values the code below uses a 16-bit value in i; the values start at
4114	* 128.5 (for 0.5) and step by 257, for a total of 254 values (the last
4115	* entries are filled with 255). Start i at 128 and fill all 'last'
4116	* table entries <= 'max'
4117	*/
4118	last = `0`;
4119	for (i = `0`; i < `255`; ++i) / 8-bit output value /
4120	{
4121	/ Find the corresponding maximum input value /
4122	png_uint_16 out = (png_uint_16)(i * `257U`); / 16-bit output value /
4123
4124	/ Find the boundary value in 16 bits: /
4125	png_uint_32 bound = png_gamma_16bit_correct(out+`128U`, gamma_val);
4126
4127	/ Adjust (round) to (16-shift) bits: /
4128	bound = (bound * max + `32768U`)/`65535U` + `1U`;
4129
4130	while (last < bound)
4131	{
4132	table[last & (`0xffU` >> shift)][last >> (`8U` - shift)] = out;
4133	last++;
4134	}
4135	}
4136
4137	/ And fill in the final entries. /
4138	while (last < (num << `8`))
4139	{
4140	table[last & (`0xff` >> shift)][last >> (`8U` - shift)] = `65535U`;
4141	last++;
4142	}
4143	}
4144	#endif /* 16BIT */
4145
4146	/ Build a single 8-bit table: same as the 16-bit case but much simpler (and*
4147	* typically much faster). Note that libpng currently does no sBIT processing
4148	* (apparently contrary to the spec) so a 256-entry table is always generated.
4149	*/
4150	static void
4151	png_build_8bit_table(png_structrp png_ptr, png_bytepp ptable,
4152	PNG_CONST png_fixed_point gamma_val)
4153	{
4154	unsigned int i;
4155	png_bytep table = *ptable = (png_bytep)png_malloc(png_ptr, `256`);
4156
4157	if (png_gamma_significant(gamma_val) != `0`)
4158	for (i=`0`; i<`256`; i++)
4159	table[i] = png_gamma_8bit_correct(i, gamma_val);
4160
4161	else
4162	for (i=`0`; i<`256`; ++i)
4163	table[i] = (png_byte)(i & `0xff`);
4164	}
4165
4166	/ Used from png_read_destroy and below to release the memory used by the gamma*
4167	* tables.
4168	*/
4169	void / PRIVATE /
4170	png_destroy_gamma_table(png_structrp png_ptr)
4171	{
4172	png_free(png_ptr, png_ptr->gamma_table);
4173	png_ptr->gamma_table = NULL;
4174
4175	#ifdef PNG_16BIT_SUPPORTED
4176	if (png_ptr->gamma_16_table != NULL)
4177	{
4178	int i;
4179	int istop = (`1` << (`8` - png_ptr->gamma_shift));
4180	for (i = `0`; i < istop; i++)
4181	{
4182	png_free(png_ptr, png_ptr->gamma_16_table[i]);
4183	}
4184	png_free(png_ptr, png_ptr->gamma_16_table);
4185	png_ptr->gamma_16_table = NULL;
4186	}
4187	#endif /* 16BIT */
4188
4189	#if defined(PNG_READ_BACKGROUND_SUPPORTED) \|\| \
4190	defined(PNG_READ_ALPHA_MODE_SUPPORTED) \|\| \
4191	defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
4192	png_free(png_ptr, png_ptr->gamma_from_1);
4193	png_ptr->gamma_from_1 = NULL;
4194	png_free(png_ptr, png_ptr->gamma_to_1);
4195	png_ptr->gamma_to_1 = NULL;
4196
4197	#ifdef PNG_16BIT_SUPPORTED
4198	if (png_ptr->gamma_16_from_1 != NULL)
4199	{
4200	int i;
4201	int istop = (`1` << (`8` - png_ptr->gamma_shift));
4202	for (i = `0`; i < istop; i++)
4203	{
4204	png_free(png_ptr, png_ptr->gamma_16_from_1[i]);
4205	}
4206	png_free(png_ptr, png_ptr->gamma_16_from_1);
4207	png_ptr->gamma_16_from_1 = NULL;
4208	}
4209	if (png_ptr->gamma_16_to_1 != NULL)
4210	{
4211	int i;
4212	int istop = (`1` << (`8` - png_ptr->gamma_shift));
4213	for (i = `0`; i < istop; i++)
4214	{
4215	png_free(png_ptr, png_ptr->gamma_16_to_1[i]);
4216	}
4217	png_free(png_ptr, png_ptr->gamma_16_to_1);
4218	png_ptr->gamma_16_to_1 = NULL;
4219	}
4220	#endif /* 16BIT */
4221	#endif /* READ_BACKGROUND \|\| READ_ALPHA_MODE \|\| RGB_TO_GRAY */
4222	}
4223
4224	/ We build the 8- or 16-bit gamma tables here. Note that for 16-bit*
4225	* tables, we don't make a full table if we are reducing to 8-bit in
4226	* the future. Note also how the gamma_16 tables are segmented so that
4227	* we don't need to allocate > 64K chunks for a full 16-bit table.
4228	*/
4229	void / PRIVATE /
4230	png_build_gamma_table(png_structrp png_ptr, int bit_depth)
4231	{
4232	png_debug(`1`, "in png_build_gamma_table");
4233
4234	/ Remove any existing table; this copes with multiple calls to*
4235	* png_read_update_info. The warning is because building the gamma tables
4236	* multiple times is a performance hit - it's harmless but the ability to
4237	* call png_read_update_info() multiple times is new in 1.5.6 so it seems
4238	* sensible to warn if the app introduces such a hit.
4239	*/
4240	if (png_ptr->gamma_table != NULL \|\| png_ptr->gamma_16_table != NULL)
4241	{
4242	png_warning(png_ptr, "gamma table being rebuilt");
4243	png_destroy_gamma_table(png_ptr);
4244	}
4245
4246	if (bit_depth <= `8`)
4247	{
4248	png_build_8bit_table(png_ptr, &png_ptr->gamma_table,
4249	png_ptr->screen_gamma > `0` ?
4250	png_reciprocal2(png_ptr->colorspace.gamma,
4251	png_ptr->screen_gamma) : PNG_FP_1);
4252
4253	#if defined(PNG_READ_BACKGROUND_SUPPORTED) \|\| \
4254	defined(PNG_READ_ALPHA_MODE_SUPPORTED) \|\| \
4255	defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
4256	if ((png_ptr->transformations & (PNG_COMPOSE \| PNG_RGB_TO_GRAY)) != `0`)
4257	{
4258	png_build_8bit_table(png_ptr, &png_ptr->gamma_to_1,
4259	png_reciprocal(png_ptr->colorspace.gamma));
4260
4261	png_build_8bit_table(png_ptr, &png_ptr->gamma_from_1,
4262	png_ptr->screen_gamma > `0` ?
4263	png_reciprocal(png_ptr->screen_gamma) :
4264	png_ptr->colorspace.gamma/* Probably doing rgb_to_gray */);
4265	}
4266	#endif /* READ_BACKGROUND \|\| READ_ALPHA_MODE \|\| RGB_TO_GRAY */
4267	}
4268	#ifdef PNG_16BIT_SUPPORTED
4269	else
4270	{
4271	png_byte shift, sig_bit;
4272
4273	if ((png_ptr->color_type & PNG_COLOR_MASK_COLOR) != `0`)
4274	{
4275	sig_bit = png_ptr->sig_bit.red;
4276
4277	if (png_ptr->sig_bit.green > sig_bit)
4278	sig_bit = png_ptr->sig_bit.green;
4279
4280	if (png_ptr->sig_bit.blue > sig_bit)
4281	sig_bit = png_ptr->sig_bit.blue;
4282	}
4283	else
4284	sig_bit = png_ptr->sig_bit.gray;
4285
4286	/ 16-bit gamma code uses this equation:*
4287	*
4288	* ov = table[(iv & 0xff) >> gamma_shift][iv >> 8]
4289	*
4290	* Where 'iv' is the input color value and 'ov' is the output value -
4291	* pow(iv, gamma).
4292	*
4293	* Thus the gamma table consists of up to 256 256-entry tables. The table
4294	* is selected by the (8-gamma_shift) most significant of the low 8 bits
4295	* of the color value then indexed by the upper 8 bits:
4296	*
4297	* table[low bits][high 8 bits]
4298	*
4299	* So the table 'n' corresponds to all those 'iv' of:
4300	*
4301	* <all high 8-bit values><n << gamma_shift>..<(n+1 << gamma_shift)-1>
4302	*
4303	*/
4304	if (sig_bit > `0` && sig_bit < `16U`)
4305	/ shift == insignificant bits /
4306	shift = (png_byte)((`16U` - sig_bit) & `0xff`);
4307
4308	else
4309	shift = `0`; / keep all 16 bits /
4310
4311	if ((png_ptr->transformations & (PNG_16_TO_8 \| PNG_SCALE_16_TO_8)) != `0`)
4312	{
4313	/ PNG_MAX_GAMMA_8 is the number of bits to keep - effectively*
4314	* the significant bits in the input when the output will
4315	* eventually be 8 bits. By default it is 11.
4316	*/
4317	if (shift < (`16U` - PNG_MAX_GAMMA_8))
4318	shift = (`16U` - PNG_MAX_GAMMA_8);
4319	}
4320
4321	if (shift > `8U`)
4322	shift = `8U`; / Guarantees at least one table! /
4323
4324	png_ptr->gamma_shift = shift;
4325
4326	/ NOTE: prior to 1.5.4 this test used to include PNG_BACKGROUND (now*
4327	* PNG_COMPOSE). This effectively smashed the background calculation for
4328	* 16-bit output because the 8-bit table assumes the result will be
4329	* reduced to 8 bits.
4330	*/
4331	if ((png_ptr->transformations & (PNG_16_TO_8 \| PNG_SCALE_16_TO_8)) != `0`)
4332	png_build_16to8_table(png_ptr, &png_ptr->gamma_16_table, shift,
4333	png_ptr->screen_gamma > `0` ? png_product2(png_ptr->colorspace.gamma,
4334	png_ptr->screen_gamma) : PNG_FP_1);
4335
4336	else
4337	png_build_16bit_table(png_ptr, &png_ptr->gamma_16_table, shift,
4338	png_ptr->screen_gamma > `0` ? png_reciprocal2(png_ptr->colorspace.gamma,
4339	png_ptr->screen_gamma) : PNG_FP_1);
4340
4341	#if defined(PNG_READ_BACKGROUND_SUPPORTED) \|\| \
4342	defined(PNG_READ_ALPHA_MODE_SUPPORTED) \|\| \
4343	defined(PNG_READ_RGB_TO_GRAY_SUPPORTED)
4344	if ((png_ptr->transformations & (PNG_COMPOSE \| PNG_RGB_TO_GRAY)) != `0`)
4345	{
4346	png_build_16bit_table(png_ptr, &png_ptr->gamma_16_to_1, shift,
4347	png_reciprocal(png_ptr->colorspace.gamma));
4348
4349	/ Notice that the '16 from 1' table should be full precision, however*
4350	* the lookup on this table still uses gamma_shift, so it can't be.
4351	* TODO: fix this.
4352	*/
4353	png_build_16bit_table(png_ptr, &png_ptr->gamma_16_from_1, shift,
4354	png_ptr->screen_gamma > `0` ? png_reciprocal(png_ptr->screen_gamma) :
4355	png_ptr->colorspace.gamma/* Probably doing rgb_to_gray */);
4356	}
4357	#endif /* READ_BACKGROUND \|\| READ_ALPHA_MODE \|\| RGB_TO_GRAY */
4358	}
4359	#endif /* 16BIT */
4360	}
4361	#endif /* READ_GAMMA */
4362
4363	/ HARDWARE OR SOFTWARE OPTION SUPPORT /
4364	#ifdef PNG_SET_OPTION_SUPPORTED
4365	int PNGAPI
4366	png_set_option(png_structrp png_ptr, int option, int onoff)
4367	{
4368	if (png_ptr != NULL && option >= `0` && option < PNG_OPTION_NEXT &&
4369	(option & `1`) == `0`)
4370	{
4371	png_uint_32 mask = `3U` << option;
4372	png_uint_32 setting = (`2U` + (onoff != `0`)) << option;
4373	png_uint_32 current = png_ptr->options;
4374
4375	png_ptr->options = (png_uint_32)((current & ~mask) \| setting);
4376
4377	return (int)(current & mask) >> option;
4378	}
4379
4380	return PNG_OPTION_INVALID;
4381	}
4382	#endif
4383
4384	/ sRGB support /
4385	#if defined(PNG_SIMPLIFIED_READ_SUPPORTED) \|\|\
4386	defined(PNG_SIMPLIFIED_WRITE_SUPPORTED)
4387	/ sRGB conversion tables; these are machine generated with the code in*
4388	* contrib/tools/makesRGB.c. The actual sRGB transfer curve defined in the
4389	* specification (see the article at https://en.wikipedia.org/wiki/SRGB)
4390	* is used, not the gamma=1/2.2 approximation use elsewhere in libpng.
4391	* The sRGB to linear table is exact (to the nearest 16-bit linear fraction).
4392	* The inverse (linear to sRGB) table has accuracies as follows:
4393	*
4394	* For all possible (255*65535+1) input values:
4395	*
4396	* error: -0.515566 - 0.625971, 79441 (0.475369%) of readings inexact
4397	*
4398	* For the input values corresponding to the 65536 16-bit values:
4399	*
4400	* error: -0.513727 - 0.607759, 308 (0.469978%) of readings inexact
4401	*
4402	* In all cases the inexact readings are only off by one.
4403	*/
4404
4405	#ifdef PNG_SIMPLIFIED_READ_SUPPORTED
4406	/ The convert-to-sRGB table is only currently required for read. /
4407	const png_uint_16 png_sRGB_table[`256`] =
4408	{
4409	`0`,`20`,`40`,`60`,`80`,`99`,`119`,`139`,
4410	`159`,`179`,`199`,`219`,`241`,`264`,`288`,`313`,
4411	`340`,`367`,`396`,`427`,`458`,`491`,`526`,`562`,
4412	`599`,`637`,`677`,`718`,`761`,`805`,`851`,`898`,
4413	`947`,`997`,`1048`,`1101`,`1156`,`1212`,`1270`,`1330`,
4414	`1391`,`1453`,`1517`,`1583`,`1651`,`1720`,`1790`,`1863`,
4415	`1937`,`2013`,`2090`,`2170`,`2250`,`2333`,`2418`,`2504`,
4416	`2592`,`2681`,`2773`,`2866`,`2961`,`3058`,`3157`,`3258`,
4417	`3360`,`3464`,`3570`,`3678`,`3788`,`3900`,`4014`,`4129`,
4418	`4247`,`4366`,`4488`,`4611`,`4736`,`4864`,`4993`,`5124`,
4419	`5257`,`5392`,`5530`,`5669`,`5810`,`5953`,`6099`,`6246`,
4420	`6395`,`6547`,`6700`,`6856`,`7014`,`7174`,`7335`,`7500`,
4421	`7666`,`7834`,`8004`,`8177`,`8352`,`8528`,`8708`,`8889`,
4422	`9072`,`9258`,`9445`,`9635`,`9828`,`10022`,`10219`,`10417`,
4423	`10619`,`10822`,`11028`,`11235`,`11446`,`11658`,`11873`,`12090`,
4424	`12309`,`12530`,`12754`,`12980`,`13209`,`13440`,`13673`,`13909`,
4425	`14146`,`14387`,`14629`,`14874`,`15122`,`15371`,`15623`,`15878`,
4426	`16135`,`16394`,`16656`,`16920`,`17187`,`17456`,`17727`,`18001`,
4427	`18277`,`18556`,`18837`,`19121`,`19407`,`19696`,`19987`,`20281`,
4428	`20577`,`20876`,`21177`,`21481`,`21787`,`22096`,`22407`,`22721`,
4429	`23038`,`23357`,`23678`,`24002`,`24329`,`24658`,`24990`,`25325`,
4430	`25662`,`26001`,`26344`,`26688`,`27036`,`27386`,`27739`,`28094`,
4431	`28452`,`28813`,`29176`,`29542`,`29911`,`30282`,`30656`,`31033`,
4432	`31412`,`31794`,`32179`,`32567`,`32957`,`33350`,`33745`,`34143`,
4433	`34544`,`34948`,`35355`,`35764`,`36176`,`36591`,`37008`,`37429`,
4434	`37852`,`38278`,`38706`,`39138`,`39572`,`40009`,`40449`,`40891`,
4435	`41337`,`41785`,`42236`,`42690`,`43147`,`43606`,`44069`,`44534`,
4436	`45002`,`45473`,`45947`,`46423`,`46903`,`47385`,`47871`,`48359`,
4437	`48850`,`49344`,`49841`,`50341`,`50844`,`51349`,`51858`,`52369`,
4438	`52884`,`53401`,`53921`,`54445`,`54971`,`55500`,`56032`,`56567`,
4439	`57105`,`57646`,`58190`,`58737`,`59287`,`59840`,`60396`,`60955`,
4440	`61517`,`62082`,`62650`,`63221`,`63795`,`64372`,`64952`,`65535`
4441	};
4442	#endif /* SIMPLIFIED_READ */
4443
4444	/ The base/delta tables are required for both read and write (but currently*
4445	* only the simplified versions.)
4446	*/
4447	const png_uint_16 png_sRGB_base[`512`] =
4448	{
4449	`128`,`1782`,`3383`,`4644`,`5675`,`6564`,`7357`,`8074`,
4450	`8732`,`9346`,`9921`,`10463`,`10977`,`11466`,`11935`,`12384`,
4451	`12816`,`13233`,`13634`,`14024`,`14402`,`14769`,`15125`,`15473`,
4452	`15812`,`16142`,`16466`,`16781`,`17090`,`17393`,`17690`,`17981`,
4453	`18266`,`18546`,`18822`,`19093`,`19359`,`19621`,`19879`,`20133`,
4454	`20383`,`20630`,`20873`,`21113`,`21349`,`21583`,`21813`,`22041`,
4455	`22265`,`22487`,`22707`,`22923`,`23138`,`23350`,`23559`,`23767`,
4456	`23972`,`24175`,`24376`,`24575`,`24772`,`24967`,`25160`,`25352`,
4457	`25542`,`25730`,`25916`,`26101`,`26284`,`26465`,`26645`,`26823`,
4458	`27000`,`27176`,`27350`,`27523`,`27695`,`27865`,`28034`,`28201`,
4459	`28368`,`28533`,`28697`,`28860`,`29021`,`29182`,`29341`,`29500`,
4460	`29657`,`29813`,`29969`,`30123`,`30276`,`30429`,`30580`,`30730`,
4461	`30880`,`31028`,`31176`,`31323`,`31469`,`31614`,`31758`,`31902`,
4462	`32045`,`32186`,`32327`,`32468`,`32607`,`32746`,`32884`,`33021`,
4463	`33158`,`33294`,`33429`,`33564`,`33697`,`33831`,`33963`,`34095`,
4464	`34226`,`34357`,`34486`,`34616`,`34744`,`34873`,`35000`,`35127`,
4465	`35253`,`35379`,`35504`,`35629`,`35753`,`35876`,`35999`,`36122`,
4466	`36244`,`36365`,`36486`,`36606`,`36726`,`36845`,`36964`,`37083`,
4467	`37201`,`37318`,`37435`,`37551`,`37668`,`37783`,`37898`,`38013`,
4468	`38127`,`38241`,`38354`,`38467`,`38580`,`38692`,`38803`,`38915`,
4469	`39026`,`39136`,`39246`,`39356`,`39465`,`39574`,`39682`,`39790`,
4470	`39898`,`40005`,`40112`,`40219`,`40325`,`40431`,`40537`,`40642`,
4471	`40747`,`40851`,`40955`,`41059`,`41163`,`41266`,`41369`,`41471`,
4472	`41573`,`41675`,`41777`,`41878`,`41979`,`42079`,`42179`,`42279`,
4473	`42379`,`42478`,`42577`,`42676`,`42775`,`42873`,`42971`,`43068`,
4474	`43165`,`43262`,`43359`,`43456`,`43552`,`43648`,`43743`,`43839`,
4475	`43934`,`44028`,`44123`,`44217`,`44311`,`44405`,`44499`,`44592`,
4476	`44685`,`44778`,`44870`,`44962`,`45054`,`45146`,`45238`,`45329`,
4477	`45420`,`45511`,`45601`,`45692`,`45782`,`45872`,`45961`,`46051`,
4478	`46140`,`46229`,`46318`,`46406`,`46494`,`46583`,`46670`,`46758`,
4479	`46846`,`46933`,`47020`,`47107`,`47193`,`47280`,`47366`,`47452`,
4480	`47538`,`47623`,`47709`,`47794`,`47879`,`47964`,`48048`,`48133`,
4481	`48217`,`48301`,`48385`,`48468`,`48552`,`48635`,`48718`,`48801`,
4482	`48884`,`48966`,`49048`,`49131`,`49213`,`49294`,`49376`,`49458`,
4483	`49539`,`49620`,`49701`,`49782`,`49862`,`49943`,`50023`,`50103`,
4484	`50183`,`50263`,`50342`,`50422`,`50501`,`50580`,`50659`,`50738`,
4485	`50816`,`50895`,`50973`,`51051`,`51129`,`51207`,`51285`,`51362`,
4486	`51439`,`51517`,`51594`,`51671`,`51747`,`51824`,`51900`,`51977`,
4487	`52053`,`52129`,`52205`,`52280`,`52356`,`52432`,`52507`,`52582`,
4488	`52657`,`52732`,`52807`,`52881`,`52956`,`53030`,`53104`,`53178`,
4489	`53252`,`53326`,`53400`,`53473`,`53546`,`53620`,`53693`,`53766`,
4490	`53839`,`53911`,`53984`,`54056`,`54129`,`54201`,`54273`,`54345`,
4491	`54417`,`54489`,`54560`,`54632`,`54703`,`54774`,`54845`,`54916`,
4492	`54987`,`55058`,`55129`,`55199`,`55269`,`55340`,`55410`,`55480`,
4493	`55550`,`55620`,`55689`,`55759`,`55828`,`55898`,`55967`,`56036`,
4494	`56105`,`56174`,`56243`,`56311`,`56380`,`56448`,`56517`,`56585`,
4495	`56653`,`56721`,`56789`,`56857`,`56924`,`56992`,`57059`,`57127`,
4496	`57194`,`57261`,`57328`,`57395`,`57462`,`57529`,`57595`,`57662`,
4497	`57728`,`57795`,`57861`,`57927`,`57993`,`58059`,`58125`,`58191`,
4498	`58256`,`58322`,`58387`,`58453`,`58518`,`58583`,`58648`,`58713`,
4499	`58778`,`58843`,`58908`,`58972`,`59037`,`59101`,`59165`,`59230`,
4500	`59294`,`59358`,`59422`,`59486`,`59549`,`59613`,`59677`,`59740`,
4501	`59804`,`59867`,`59930`,`59993`,`60056`,`60119`,`60182`,`60245`,
4502	`60308`,`60370`,`60433`,`60495`,`60558`,`60620`,`60682`,`60744`,
4503	`60806`,`60868`,`60930`,`60992`,`61054`,`61115`,`61177`,`61238`,
4504	`61300`,`61361`,`61422`,`61483`,`61544`,`61605`,`61666`,`61727`,
4505	`61788`,`61848`,`61909`,`61969`,`62030`,`62090`,`62150`,`62211`,
4506	`62271`,`62331`,`62391`,`62450`,`62510`,`62570`,`62630`,`62689`,
4507	`62749`,`62808`,`62867`,`62927`,`62986`,`63045`,`63104`,`63163`,
4508	`63222`,`63281`,`63340`,`63398`,`63457`,`63515`,`63574`,`63632`,
4509	`63691`,`63749`,`63807`,`63865`,`63923`,`63981`,`64039`,`64097`,
4510	`64155`,`64212`,`64270`,`64328`,`64385`,`64443`,`64500`,`64557`,
4511	`64614`,`64672`,`64729`,`64786`,`64843`,`64900`,`64956`,`65013`,
4512	`65070`,`65126`,`65183`,`65239`,`65296`,`65352`,`65409`,`65465`
4513	};
4514
4515	const png_byte png_sRGB_delta[`512`] =
4516	{
4517	`207`,`201`,`158`,`129`,`113`,`100`,`90`,`82`,`77`,`72`,`68`,`64`,`61`,`59`,`56`,`54`,
4518	`52`,`50`,`49`,`47`,`46`,`45`,`43`,`42`,`41`,`40`,`39`,`39`,`38`,`37`,`36`,`36`,
4519	`35`,`34`,`34`,`33`,`33`,`32`,`32`,`31`,`31`,`30`,`30`,`30`,`29`,`29`,`28`,`28`,
4520	`28`,`27`,`27`,`27`,`27`,`26`,`26`,`26`,`25`,`25`,`25`,`25`,`24`,`24`,`24`,`24`,
4521	`23`,`23`,`23`,`23`,`23`,`22`,`22`,`22`,`22`,`22`,`22`,`21`,`21`,`21`,`21`,`21`,
4522	`21`,`20`,`20`,`20`,`20`,`20`,`20`,`20`,`20`,`19`,`19`,`19`,`19`,`19`,`19`,`19`,
4523	`19`,`18`,`18`,`18`,`18`,`18`,`18`,`18`,`18`,`18`,`18`,`17`,`17`,`17`,`17`,`17`,
4524	`17`,`17`,`17`,`17`,`17`,`17`,`16`,`16`,`16`,`16`,`16`,`16`,`16`,`16`,`16`,`16`,
4525	`16`,`16`,`16`,`16`,`15`,`15`,`15`,`15`,`15`,`15`,`15`,`15`,`15`,`15`,`15`,`15`,
4526	`15`,`15`,`15`,`15`,`14`,`14`,`14`,`14`,`14`,`14`,`14`,`14`,`14`,`14`,`14`,`14`,
4527	`14`,`14`,`14`,`14`,`14`,`14`,`14`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,
4528	`13`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,`13`,`12`,`12`,
4529	`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,
4530	`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`12`,`11`,`11`,`11`,`11`,
4531	`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,
4532	`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,`11`,
4533	`11`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,
4534	`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,
4535	`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,`10`,
4536	`10`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,
4537	`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,
4538	`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,
4539	`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,`9`,
4540	`9`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,
4541	`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,
4542	`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,
4543	`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,
4544	`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,
4545	`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`8`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,
4546	`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,
4547	`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,
4548	`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`,`7`
4549	};
4550	#endif /* SIMPLIFIED READ/WRITE sRGB support */
4551
4552	/ SIMPLIFIED READ/WRITE SUPPORT /
4553	#if defined(PNG_SIMPLIFIED_READ_SUPPORTED) \|\|\
4554	defined(PNG_SIMPLIFIED_WRITE_SUPPORTED)
4555	static int
4556	png_image_free_function(png_voidp argument)
4557	{
4558	png_imagep image = png_voidcast(png_imagep, argument);
4559	png_controlp cp = image->opaque;
4560	png_control c;
4561
4562	/ Double check that we have a png_ptr - it should be impossible to get here*
4563	* without one.
4564	*/
4565	if (cp->png_ptr == NULL)
4566	return `0`;
4567
4568	/ First free any data held in the control structure. /
4569	# ifdef PNG_STDIO_SUPPORTED
4570	if (cp->owned_file != `0`)
4571	{
4572	FILE fp = png_voidcast(FILE, cp->png_ptr->io_ptr);
4573	cp->owned_file = `0`;
4574
4575	/ Ignore errors here. /
4576	if (fp != NULL)
4577	{
4578	cp->png_ptr->io_ptr = NULL;
4579	(void)fclose(fp);
4580	}
4581	}
4582	# endif
4583
4584	/ Copy the control structure so that the original, allocated, version can be*
4585	* safely freed. Notice that a png_error here stops the remainder of the
4586	* cleanup, but this is probably fine because that would indicate bad memory
4587	* problems anyway.
4588	*/
4589	c = *cp;
4590	image->opaque = &c;
4591	png_free(c.png_ptr, cp);
4592
4593	/ Then the structures, calling the correct API. /
4594	if (c.for_write != `0`)
4595	{
4596	# ifdef PNG_SIMPLIFIED_WRITE_SUPPORTED
4597	png_destroy_write_struct(&c.png_ptr, &c.info_ptr);
4598	# else
4599	png_error(c.png_ptr, "simplified write not supported");
4600	# endif
4601	}
4602	else
4603	{
4604	# ifdef PNG_SIMPLIFIED_READ_SUPPORTED
4605	png_destroy_read_struct(&c.png_ptr, &c.info_ptr, NULL);
4606	# else
4607	png_error(c.png_ptr, "simplified read not supported");
4608	# endif
4609	}
4610
4611	/ Success. /
4612	return `1`;
4613	}
4614
4615	void PNGAPI
4616	png_image_free(png_imagep image)
4617	{
4618	/ Safely call the real function, but only if doing so is safe at this point*
4619	* (if not inside an error handling context). Otherwise assume
4620	* png_safe_execute will call this API after the return.
4621	*/
4622	if (image != NULL && image->opaque != NULL &&
4623	image->opaque->error_buf == NULL)
4624	{
4625	png_image_free_function(image);
4626	image->opaque = NULL;
4627	}
4628	}
4629
4630	int / PRIVATE /
4631	png_image_error(png_imagep image, png_const_charp error_message)
4632	{
4633	/ Utility to log an error. /
4634	png_safecat(image->message, (sizeof image->message), `0`, error_message);
4635	image->warning_or_error \|= PNG_IMAGE_ERROR;
4636	png_image_free(image);
4637	return `0`;
4638	}
4639
4640	#endif /* SIMPLIFIED READ/WRITE */
4641	#endif /* READ \|\| WRITE */
4642

Browse the source code of OpenJDK/src/java.desktop/share/native/libsplashscreen/libpng/png.c