Ros-diffs September 2017

ros-diffs@reactos.org

17 participants
284 discussions

[tfaber] 75740: [MBEDTLS] - Update to version 2.6.0 CORE-13739

by tfaber＠svn.reactos.org

Author: tfaber Date: Sat Sep 2 13:06:14 2017 New Revision: 75740 URL: http://svn.reactos.org/svn/reactos?rev=75740&view=rev Log: [MBEDTLS] - Update to version 2.6.0 CORE-13739 Added: trunk/reactos/sdk/include/reactos/libs/mbedtls/ecp_internal.h (with props) Modified: trunk/reactos/dll/3rdparty/mbedtls/aes.c trunk/reactos/dll/3rdparty/mbedtls/bignum.c trunk/reactos/dll/3rdparty/mbedtls/certs.c trunk/reactos/dll/3rdparty/mbedtls/cmac.c trunk/reactos/dll/3rdparty/mbedtls/dhm.c trunk/reactos/dll/3rdparty/mbedtls/ecp.c trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c trunk/reactos/dll/3rdparty/mbedtls/entropy.c trunk/reactos/dll/3rdparty/mbedtls/error.c trunk/reactos/dll/3rdparty/mbedtls/gcm.c trunk/reactos/dll/3rdparty/mbedtls/platform.c trunk/reactos/dll/3rdparty/mbedtls/rsa.c trunk/reactos/dll/3rdparty/mbedtls/ssl_cache.c trunk/reactos/dll/3rdparty/mbedtls/ssl_ciphersuites.c trunk/reactos/dll/3rdparty/mbedtls/ssl_cli.c trunk/reactos/dll/3rdparty/mbedtls/ssl_srv.c trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c trunk/reactos/dll/3rdparty/mbedtls/threading.c trunk/reactos/dll/3rdparty/mbedtls/version_features.c trunk/reactos/dll/3rdparty/mbedtls/x509.c trunk/reactos/dll/3rdparty/mbedtls/x509_crl.c trunk/reactos/dll/3rdparty/mbedtls/x509_crt.c trunk/reactos/dll/3rdparty/mbedtls/x509_csr.c trunk/reactos/dll/3rdparty/mbedtls/x509write_crt.c trunk/reactos/sdk/include/reactos/libs/mbedtls/aes.h trunk/reactos/sdk/include/reactos/libs/mbedtls/bignum.h trunk/reactos/sdk/include/reactos/libs/mbedtls/check_config.h trunk/reactos/sdk/include/reactos/libs/mbedtls/compat-1.3.h trunk/reactos/sdk/include/reactos/libs/mbedtls/config.h trunk/reactos/sdk/include/reactos/libs/mbedtls/ecdsa.h trunk/reactos/sdk/include/reactos/libs/mbedtls/ecjpake.h trunk/reactos/sdk/include/reactos/libs/mbedtls/ecp.h trunk/reactos/sdk/include/reactos/libs/mbedtls/error.h trunk/reactos/sdk/include/reactos/libs/mbedtls/platform.h trunk/reactos/sdk/include/reactos/libs/mbedtls/rsa.h trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl.h trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl_internal.h trunk/reactos/sdk/include/reactos/libs/mbedtls/version.h trunk/reactos/sdk/include/reactos/libs/mbedtls/x509.h trunk/reactos/sdk/include/reactos/libs/mbedtls/x509_crt.h [This mail would be too long, it was shortened to contain the URLs only.] Modified: trunk/reactos/dll/3rdparty/mbedtls/aes.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/aes.c… Modified: trunk/reactos/dll/3rdparty/mbedtls/bignum.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/bignu… Modified: trunk/reactos/dll/3rdparty/mbedtls/certs.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/certs… Modified: trunk/reactos/dll/3rdparty/mbedtls/cmac.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/cmac.… Modified: trunk/reactos/dll/3rdparty/mbedtls/dhm.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/dhm.c… Modified: trunk/reactos/dll/3rdparty/mbedtls/ecp.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ecp.c… Modified: trunk/reactos/dll/3rdparty/mbedtls/ecp_curves.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ecp_c… Modified: trunk/reactos/dll/3rdparty/mbedtls/entropy.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/entro… Modified: trunk/reactos/dll/3rdparty/mbedtls/error.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/error… Modified: trunk/reactos/dll/3rdparty/mbedtls/gcm.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/gcm.c… Modified: trunk/reactos/dll/3rdparty/mbedtls/platform.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/platf… Modified: trunk/reactos/dll/3rdparty/mbedtls/rsa.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/rsa.c… Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_cache.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_c… Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_ciphersuites.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_c… Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_cli.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_c… Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_srv.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_s… Modified: trunk/reactos/dll/3rdparty/mbedtls/ssl_tls.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/ssl_t… Modified: trunk/reactos/dll/3rdparty/mbedtls/threading.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/threa… Modified: trunk/reactos/dll/3rdparty/mbedtls/version_features.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/versi… Modified: trunk/reactos/dll/3rdparty/mbedtls/x509.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/x509.… Modified: trunk/reactos/dll/3rdparty/mbedtls/x509_crl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/x509_… Modified: trunk/reactos/dll/3rdparty/mbedtls/x509_crt.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/x509_… Modified: trunk/reactos/dll/3rdparty/mbedtls/x509_csr.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/x509_… Modified: trunk/reactos/dll/3rdparty/mbedtls/x509write_crt.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/mbedtls/x509w… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/aes.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/bignum.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/check_config.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/compat-1.3.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/config.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/ecdsa.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/ecjpake.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/ecp.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Added: trunk/reactos/sdk/include/reactos/libs/mbedtls/ecp_internal.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/error.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/platform.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/rsa.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl_ciphersuites.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/ssl_internal.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/version.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/x509.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m… Modified: trunk/reactos/sdk/include/reactos/libs/mbedtls/x509_crt.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/m…

7 years

[tfaber] 75739: [MPG123] - Update to version 1.25.6 CORE-13739

by tfaber＠svn.reactos.org

Author: tfaber Date: Sat Sep 2 13:03:21 2017 New Revision: 75739 URL: http://svn.reactos.org/svn/reactos?rev=75739&view=rev Log: [MPG123] - Update to version 1.25.6 CORE-13739 Modified: trunk/reactos/sdk/include/reactos/libs/libmpg123/config.h trunk/reactos/sdk/include/reactos/libs/libmpg123/getbits.h trunk/reactos/sdk/include/reactos/libs/libmpg123/mpg123.h trunk/reactos/sdk/lib/3rdparty/libmpg123/frame.c trunk/reactos/sdk/lib/3rdparty/libmpg123/id3.c trunk/reactos/sdk/lib/3rdparty/libmpg123/layer1.c trunk/reactos/sdk/lib/3rdparty/libmpg123/layer3.c trunk/reactos/sdk/lib/3rdparty/libmpg123/stringbuf.c Modified: trunk/reactos/sdk/include/reactos/libs/libmpg123/config.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/l… ============================================================================== --- trunk/reactos/sdk/include/reactos/libs/libmpg123/config.h [iso-8859-1] (original) +++ trunk/reactos/sdk/include/reactos/libs/libmpg123/config.h [iso-8859-1] Sat Sep 2 13:03:21 2017 @@ -356,7 +356,7 @@ #define PACKAGE_NAME "mpg123" /* Define to the full name and version of this package. */ -#define PACKAGE_STRING "mpg123 1.25.0" +#define PACKAGE_STRING "mpg123 1.25.6" /* Define to the one symbol short name of this package. */ #define PACKAGE_TARNAME "mpg123" @@ -365,7 +365,7 @@ #define PACKAGE_URL "" /* Define to the version of this package. */ -#define PACKAGE_VERSION "1.25.0" +#define PACKAGE_VERSION "1.25.6" /* Define if portaudio v18 API is wanted. */ /* #undef PORTAUDIO18 */ @@ -398,7 +398,7 @@ /* #undef USE_YASM_FOR_AVX */ /* Version number of package */ -#define VERSION "1.25.0" +#define VERSION "1.25.6" /* Define to use Win32 named pipes */ #define WANT_WIN32_FIFO 1 Modified: trunk/reactos/sdk/include/reactos/libs/libmpg123/getbits.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/l… ============================================================================== --- trunk/reactos/sdk/include/reactos/libs/libmpg123/getbits.h [iso-8859-1] (original) +++ trunk/reactos/sdk/include/reactos/libs/libmpg123/getbits.h [iso-8859-1] Sat Sep 2 13:03:21 2017 @@ -44,7 +44,10 @@ #ifdef DEBUG_GETBITS fprintf(stderr,"g%d",number_of_bits); #endif - + /* Safety catch until we got the nasty code fully figured out. */ + if( (long)(fr->wordpointer-fr->bsbuf)*8 + + fr->bitindex+number_of_bits > (long)fr->framesize*8 ) + return 0; /* This is actually slow: if(!number_of_bits) return 0; */ Modified: trunk/reactos/sdk/include/reactos/libs/libmpg123/mpg123.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/l… ============================================================================== --- trunk/reactos/sdk/include/reactos/libs/libmpg123/mpg123.h [iso-8859-1] (original) +++ trunk/reactos/sdk/include/reactos/libs/libmpg123/mpg123.h [iso-8859-1] Sat Sep 2 13:03:21 2017 @@ -1,5 +1,5 @@ /* - libmpg123: MPEG Audio Decoder library (version 1.25.0) + libmpg123: MPEG Audio Decoder library (version 1.25.6) copyright 1995-2015 by the mpg123 project free software under the terms of the LGPL 2.1 Modified: trunk/reactos/sdk/lib/3rdparty/libmpg123/frame.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/lib/3rdparty/libmpg123… ============================================================================== --- trunk/reactos/sdk/lib/3rdparty/libmpg123/frame.c [iso-8859-1] (original) +++ trunk/reactos/sdk/lib/3rdparty/libmpg123/frame.c [iso-8859-1] Sat Sep 2 13:03:21 2017 @@ -256,7 +256,8 @@ static void frame_decode_buffers_reset(mpg123_handle *fr) { - memset(fr->rawbuffs, 0, fr->rawbuffss); + if(fr->rawbuffs) /* memset(NULL, 0, 0) not desired */ + memset(fr->rawbuffs, 0, fr->rawbuffss); } int frame_buffers(mpg123_handle *fr) @@ -515,6 +516,7 @@ fr->clip = 0; fr->oldhead = 0; fr->firsthead = 0; + fr->lay = 0; fr->vbr = MPG123_CBR; fr->abr_rate = 0; fr->track_frames = 0; Modified: trunk/reactos/sdk/lib/3rdparty/libmpg123/id3.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/lib/3rdparty/libmpg123… ============================================================================== --- trunk/reactos/sdk/lib/3rdparty/libmpg123/id3.c [iso-8859-1] (original) +++ trunk/reactos/sdk/lib/3rdparty/libmpg123/id3.c [iso-8859-1] Sat Sep 2 13:03:21 2017 @@ -250,6 +250,7 @@ */ static void store_id3_text(mpg123_string *sb, unsigned char *source, size_t source_size, const int noquiet, const int notranslate) { + unsigned char encoding; if(!source_size) { debug("Empty id3 data!"); @@ -271,26 +272,29 @@ return; } - id3_to_utf8(sb, source[0], source+1, source_size-1, noquiet); + encoding = source[0]; + if(encoding > mpg123_id3_enc_max) + { + if(noquiet) + error1("Unknown text encoding %u, I take no chances, sorry!", encoding); + + mpg123_free_string(sb); + return; + } + id3_to_utf8(sb, encoding, source+1, source_size-1, noquiet); if(sb->fill) debug1("UTF-8 string (the first one): %s", sb->p); else if(noquiet) error("unable to convert string to UTF-8 (out of memory, junk input?)!"); } /* On error, sb->size is 0. */ +/* Also, encoding has been checked already! */ void id3_to_utf8(mpg123_string *sb, unsigned char encoding, const unsigned char *source, size_t source_size, int noquiet) { unsigned int bwidth; debug1("encoding: %u", encoding); /* A note: ID3v2.3 uses UCS-2 non-variable 16bit encoding, v2.4 uses UTF16. UTF-16 uses a reserved/private range in UCS-2 to add the magic, so we just always treat it as UTF. */ - if(encoding > mpg123_id3_enc_max) - { - if(noquiet) error1("Unknown text encoding %u, I take no chances, sorry!", encoding); - - mpg123_free_string(sb); - return; - } bwidth = encoding_widths[encoding]; /* Hack! I've seen a stray zero byte before BOM. Is that supposed to happen? */ if(encoding != mpg123_id3_utf16be) /* UTF16be _can_ beging with a null byte! */ @@ -309,6 +313,7 @@ text_converters[encoding](sb, source, source_size, noquiet); } +/* You have checked encoding to be in the range already. */ static unsigned char *next_text(unsigned char* prev, unsigned char encoding, size_t limit) { unsigned char *text = prev; @@ -377,6 +382,12 @@ if(realsize == 0) { debug("Empty id3 data!"); + return; + } + if(encoding > mpg123_id3_enc_max) + { + if(NOQUIET) + error1("Unknown text encoding %u, I take no chances, sorry!", encoding); return; } if(VERBOSE4) fprintf(stderr, "Note: Storing picture from APIC frame.\n"); @@ -447,6 +458,12 @@ if(NOQUIET) error1("Invalid frame size of %"SIZE_P" (too small for anything).", (size_p)realsize); return; } + if(encoding > mpg123_id3_enc_max) + { + if(NOQUIET) + error1("Unknown text encoding %u, I take no chances, sorry!", encoding); + return; + } xcom = (tt == uslt ? add_text(fr) : add_comment(fr)); if(VERBOSE4) fprintf(stderr, "Note: Storing comment from %s encoding\n", enc_name(realdata[0])); if(xcom == NULL) @@ -527,6 +544,12 @@ if((int)realsize < descr-realdata) { if(NOQUIET) error1("Invalid frame size of %lu (too small for anything).", (unsigned long)realsize); + return; + } + if(encoding > mpg123_id3_enc_max) + { + if(NOQUIET) + error1("Unknown text encoding %u, I take no chances, sorry!", encoding); return; } text = next_text(descr, encoding, realsize-(descr-realdata)); @@ -681,6 +704,7 @@ ,1) \ ) /* id3v2.3 does not store synchsafe frame sizes, but synchsafe tag size - doh! */ + /* Remember: bytes_to_long() can yield ULONG_MAX on 32 bit platforms! */ #define bytes_to_long(buf,res) \ ( \ major == 3 ? \ @@ -700,6 +724,8 @@ /* length-10 or length-20 (footer present); 4 synchsafe integers == 28 bit number */ /* we have already read 10 bytes, so left are length or length+10 bytes belonging to tag */ + /* Note: This is an 28 bit value in 32 bit storage, plenty of space for */ + /* length+x for reasonable x. */ if(!synchsafe_to_long(buf+2,length)) { if(NOQUIET) error4("Bad tag length (not synchsafe): 0x%02x%02x%02x%02x; You got a bad ID3 tag here.", buf[2],buf[3],buf[4],buf[5]); @@ -747,16 +773,25 @@ if((ret2 = fr->rd->read_frame_body(fr,tagdata,length)) > 0) { unsigned long tagpos = 0; + /* bytes of frame title and of framesize value */ + unsigned int head_part = fr->id3v2.version > 2 ? 4 : 3; + unsigned int flag_part = fr->id3v2.version > 2 ? 2 : 0; + /* The amount of bytes that are unconditionally read for each frame: */ + /* ID, size, flags. */ + unsigned int framebegin = head_part+head_part+flag_part; debug1("ID3v2: have read at all %lu bytes for the tag now", (unsigned long)length+6); /* going to apply strlen for strings inside frames, make sure that it doesn't overflow! */ tagdata[length] = 0; if(flags & EXTHEAD_FLAG) { debug("ID3v2: skipping extended header"); - if(!bytes_to_long(tagdata, tagpos)) + if(!bytes_to_long(tagdata, tagpos) || tagpos >= length) { ret = 0; - if(NOQUIET) error4("Bad (non-synchsafe) tag offset: 0x%02x%02x%02x%02x", tagdata[0], tagdata[1], tagdata[2], tagdata[3]); + if(NOQUIET) + error4( "Bad (non-synchsafe/too large) tag offset:" + "0x%02x%02x%02x%02x" + , tagdata[0], tagdata[1], tagdata[2], tagdata[3] ); } } if(ret > 0) @@ -765,12 +800,14 @@ unsigned long framesize; unsigned long fflags; /* need 16 bits, actually */ id[4] = 0; - /* pos now advanced after ext head, now a frame has to follow */ - while(tagpos < length-10) /* I want to read at least a full header */ + /* Pos now advanced after ext head, now a frame has to follow. */ + /* Note: tagpos <= length, which is 28 bit integer, so both */ + /* far away from overflow for adding known small values. */ + /* I want to read at least one full header now. */ + while(length >= tagpos+framebegin) { int i = 0; unsigned long pos = tagpos; - int head_part = fr->id3v2.version == 2 ? 3 : 4; /* bytes of frame title and of framesize value */ /* level 1,2,3 - 0 is info from lame/info tag! */ /* rva tags with ascending significance, then general frames */ enum frame_types tt = unknown; @@ -800,12 +837,7 @@ break; } if(VERBOSE3) fprintf(stderr, "Note: ID3v2 %s frame of size %lu\n", id, framesize); - tagpos += head_part + framesize; /* the important advancement in whole tag */ - if(tagpos > length) - { - if(NOQUIET) error("Whoa! ID3v2 frame claims to be larger than the whole rest of the tag."); - break; - } + tagpos += head_part; pos += head_part; if(fr->id3v2.version > 2) { @@ -814,6 +846,13 @@ tagpos += 2; } else fflags = 0; + + if(length - tagpos < framesize) + { + if(NOQUIET) error("Whoa! ID3v2 frame claims to be larger than the whole rest of the tag."); + break; + } + tagpos += framesize; /* the important advancement in whole tag */ /* for sanity, after full parsing tagpos should be == pos */ /* debug4("ID3v2: found %s frame, size %lu (as bytes: 0x%08lx), flags 0x%016lx", id, framesize, framesize, fflags); */ /* %0abc0000 %0h00kmnp */ @@ -873,7 +912,9 @@ debug2("ID3v2: de-unsync made %lu out of %lu bytes", realsize, framesize); } pos = 0; /* now at the beginning again... */ - switch(tt) + /* Avoid reading over boundary, even if there is a */ + /* zero byte of padding for safety. */ + if(realsize) switch(tt) { case comment: case uslt: Modified: trunk/reactos/sdk/lib/3rdparty/libmpg123/layer1.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/lib/3rdparty/libmpg123… ============================================================================== --- trunk/reactos/sdk/lib/3rdparty/libmpg123/layer1.c [iso-8859-1] (original) +++ trunk/reactos/sdk/lib/3rdparty/libmpg123/layer1.c [iso-8859-1] Sat Sep 2 13:03:21 2017 @@ -84,6 +84,9 @@ return 0; } +/* Something sane in place of undefined (-1)<<n. Well, not really. */ +#define MINUS_SHIFT(n) ( (int)(((unsigned int)-1)<<(n)) ) + static void I_step_two(real fraction[2][SBLIMIT],unsigned int balloc[2*SBLIMIT], unsigned int scale_index[2][SBLIMIT],mpg123_handle *fr) { int i,n; @@ -112,18 +115,18 @@ for(sample=smpb,i=0;i<jsbound;i++) { if((n=*ba++)) - *f0++ = REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15( ((-1)<<n) + (*sample++) + 1), fr->muls[n+1][*sca++]); + *f0++ = REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15(MINUS_SHIFT(n) + (*sample++) + 1), fr->muls[n+1][*sca++]); else *f0++ = DOUBLE_TO_REAL(0.0); if((n=*ba++)) - *f1++ = REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15( ((-1)<<n) + (*sample++) + 1), fr->muls[n+1][*sca++]); + *f1++ = REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15(MINUS_SHIFT(n) + (*sample++) + 1), fr->muls[n+1][*sca++]); else *f1++ = DOUBLE_TO_REAL(0.0); } for(i=jsbound;i<SBLIMIT;i++) { if((n=*ba++)) { - real samp = DOUBLE_TO_REAL_15( ((-1)<<n) + (*sample++) + 1); + real samp = DOUBLE_TO_REAL_15(MINUS_SHIFT(n) + (*sample++) + 1); *f0++ = REAL_MUL_SCALE_LAYER12(samp, fr->muls[n+1][*sca++]); *f1++ = REAL_MUL_SCALE_LAYER12(samp, fr->muls[n+1][*sca++]); } @@ -144,7 +147,7 @@ for(sample=smpb,i=0;i<SBLIMIT;i++) { if((n=*ba++)) - *f0++ = REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15( ((-1)<<n) + (*sample++) + 1), fr->muls[n+1][*sca++]); + *f0++ = REAL_MUL_SCALE_LAYER12(DOUBLE_TO_REAL_15(MINUS_SHIFT(n) + (*sample++) + 1), fr->muls[n+1][*sca++]); else *f0++ = DOUBLE_TO_REAL(0.0); } for(i=fr->down_sample_sblimit;i<32;i++) Modified: trunk/reactos/sdk/lib/3rdparty/libmpg123/layer3.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/lib/3rdparty/libmpg123… ============================================================================== --- trunk/reactos/sdk/lib/3rdparty/libmpg123/layer3.c [iso-8859-1] (original) +++ trunk/reactos/sdk/lib/3rdparty/libmpg123/layer3.c [iso-8859-1] Sat Sep 2 13:03:21 2017 @@ -1,7 +1,7 @@ /* layer3.c: the layer 3 decoder - copyright 1995-2009 by the mpg123 project - free software under the terms of the LGPL 2.1 + copyright 1995-2017 by the mpg123 project - free software under the terms of the LGPL 2.1 see COPYING and AUTHORS files in distribution or http://mpg123.org initially written by Michael Hipp @@ -47,7 +47,7 @@ #ifdef NEW_DCT9 static real cos9[3],cos18[3]; static real tan1_1[16],tan2_1[16],tan1_2[16],tan2_2[16]; -static real pow1_1[2][16],pow2_1[2][16],pow1_2[2][16],pow2_2[2][16]; +static real pow1_1[2][32],pow2_1[2][32],pow1_2[2][32],pow2_2[2][32]; #endif #endif @@ -245,7 +245,10 @@ tan2_1[i] = DOUBLE_TO_REAL_15(1.0 / (1.0 + t)); tan1_2[i] = DOUBLE_TO_REAL_15(M_SQRT2 * t / (1.0+t)); tan2_2[i] = DOUBLE_TO_REAL_15(M_SQRT2 / (1.0 + t)); - + } + + for(i=0;i<32;i++) + { for(j=0;j<2;j++) { double base = pow(2.0,-0.25*(j+1.0)); @@ -696,12 +699,30 @@ */ /* 24 is enough because tab13 has max. a 19 bit huffvector */ -#define BITSHIFT ((sizeof(long)-1)*8) +/* The old code played games with shifting signed integers around in not quite */ +/* legal ways. Also, it used long where just 32 bits are required. This could */ +/* be good or bad on 64 bit architectures ... anyway, making clear that */ +/* 32 bits suffice is a benefit. */ +#if 0 +/* To reconstruct old code, use this: */ +#define MASK_STYPE long +#define MASK_UTYPE unsigned long +#define MASK_TYPE MASK_STYPE +#define MSB_MASK (mask < 0) +#else +/* This should be more proper: */ +#define MASK_STYPE int32_t +#define MASK_UTYPE uint32_t +#define MASK_TYPE MASK_UTYPE +#define MSB_MASK ((MASK_UTYPE)mask & (MASK_UTYPE)1<<(sizeof(MASK_TYPE)*8-1)) +#endif +#define BITSHIFT ((sizeof(MASK_TYPE)-1)*8) #define REFRESH_MASK \ while(num < BITSHIFT) { \ - mask |= ((unsigned long)getbyte(fr))<<(BITSHIFT-num); \ + mask |= ((MASK_UTYPE)getbyte(fr))<<(BITSHIFT-num); \ num += 8; \ part2remain -= 8; } +/* Complicated way of checking for msb value. This used to be (mask < 0). */ static int III_dequantize_sample(mpg123_handle *fr, real xr[SBLIMIT][SSLIMIT],int *scf, struct gr_info_s *gr_info,int sfreq,int part2bits) { @@ -716,9 +737,9 @@ /* mhipp tree has this split up a bit... */ int num=getbitoffset(fr); - long mask; + MASK_TYPE mask; /* We must split this, because for num==0 the shift is undefined if you do it in one step. */ - mask = ((unsigned long) getbits(fr, num))<<BITSHIFT; + mask = ((MASK_UTYPE) getbits(fr, num))<<BITSHIFT; mask <<= 8-num; part2remain -= num; @@ -750,7 +771,14 @@ } } } - + +#define CHECK_XRPNT if(xrpnt >= &xr[SBLIMIT][0]) \ +{ \ + if(NOQUIET) \ + error2("attempted xrpnt overflow (%p !< %p)", (void*) xrpnt, (void*) &xr[SBLIMIT][0]); \ + return 1; \ +} + if(gr_info->block_type == 2) { /* decoding with short or mixed mode BandIndex table */ @@ -781,7 +809,7 @@ const struct newhuff *h = ht+gr_info->table_select[i]; for(;lp;lp--,mc--) { - register long x,y; + register MASK_STYPE x,y; if( (!mc) ) { mc = *m++; @@ -809,7 +837,7 @@ const short *val = h->table; REFRESH_MASK; #ifdef USE_NEW_HUFFTABLE - while((y=val[(unsigned long)mask>>(BITSHIFT+4)])<0) + while((y=val[(MASK_UTYPE)mask>>(BITSHIFT+4)])<0) { val -= y; num -= 4; @@ -822,7 +850,7 @@ #else while((y=*val++)<0) { - if (mask < 0) val -= y; + if (MSB_MASK) val -= y; num--; mask <<= 1; @@ -831,14 +859,15 @@ y &= 0xf; #endif } + CHECK_XRPNT; if(x == 15 && h->linbits) { max[lwin] = cb; REFRESH_MASK; - x += ((unsigned long) mask) >> (BITSHIFT+8-h->linbits); + x += ((MASK_UTYPE) mask) >> (BITSHIFT+8-h->linbits); num -= h->linbits+1; mask <<= h->linbits; - if(mask < 0) *xrpnt = REAL_MUL_SCALE_LAYER3(-ispow[x], v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt = REAL_MUL_SCALE_LAYER3(-ispow[x], v, gainpow2_scale_idx); else *xrpnt = REAL_MUL_SCALE_LAYER3( ispow[x], v, gainpow2_scale_idx); mask <<= 1; @@ -846,7 +875,7 @@ else if(x) { max[lwin] = cb; - if(mask < 0) *xrpnt = REAL_MUL_SCALE_LAYER3(-ispow[x], v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt = REAL_MUL_SCALE_LAYER3(-ispow[x], v, gainpow2_scale_idx); else *xrpnt = REAL_MUL_SCALE_LAYER3( ispow[x], v, gainpow2_scale_idx); num--; @@ -855,14 +884,15 @@ else *xrpnt = DOUBLE_TO_REAL(0.0); xrpnt += step; + CHECK_XRPNT; if(y == 15 && h->linbits) { max[lwin] = cb; REFRESH_MASK; - y += ((unsigned long) mask) >> (BITSHIFT+8-h->linbits); + y += ((MASK_UTYPE) mask) >> (BITSHIFT+8-h->linbits); num -= h->linbits+1; mask <<= h->linbits; - if(mask < 0) *xrpnt = REAL_MUL_SCALE_LAYER3(-ispow[y], v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt = REAL_MUL_SCALE_LAYER3(-ispow[y], v, gainpow2_scale_idx); else *xrpnt = REAL_MUL_SCALE_LAYER3( ispow[y], v, gainpow2_scale_idx); mask <<= 1; @@ -870,7 +900,7 @@ else if(y) { max[lwin] = cb; - if(mask < 0) *xrpnt = REAL_MUL_SCALE_LAYER3(-ispow[y], v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt = REAL_MUL_SCALE_LAYER3(-ispow[y], v, gainpow2_scale_idx); else *xrpnt = REAL_MUL_SCALE_LAYER3( ispow[y], v, gainpow2_scale_idx); num--; @@ -887,29 +917,14 @@ const struct newhuff* h; const short* val; register short a; - /* - This is only a humble hack to prevent a special segfault. - More insight into the real workings is still needed. - Especially why there are (valid?) files that make xrpnt exceed the array with 4 bytes without segfaulting, more seems to be really bad, though. - */ - #ifdef DEBUG - if(!(xrpnt < &xr[SBLIMIT][0])) - { - if(VERBOSE) debug2("attempted soft xrpnt overflow (%p !< %p) ?", (void*) xrpnt, (void*) &xr[SBLIMIT][0]); - } - #endif - if(!(xrpnt < &xr[SBLIMIT][0]+5)) - { - if(NOQUIET) error2("attempted xrpnt overflow (%p !< %p)", (void*) xrpnt, (void*) &xr[SBLIMIT][0]); - return 2; - } + h = htc+gr_info->count1table_select; val = h->table; REFRESH_MASK; while((a=*val++)<0) { - if(mask < 0) val -= a; + if(MSB_MASK) val -= a; num--; mask <<= 1; @@ -949,13 +964,14 @@ } mc--; } + CHECK_XRPNT; if( (a & (0x8>>i)) ) { max[lwin] = cb; if(part2remain+num <= 0) break; - if(mask < 0) *xrpnt = -REAL_SCALE_LAYER3(v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt = -REAL_SCALE_LAYER3(v, gainpow2_scale_idx); else *xrpnt = REAL_SCALE_LAYER3(v, gainpow2_scale_idx); num--; @@ -973,6 +989,7 @@ { for(;mc > 0;mc--) { + CHECK_XRPNT; *xrpnt = DOUBLE_TO_REAL(0.0); xrpnt += 3; /* short band -> step=3 */ *xrpnt = DOUBLE_TO_REAL(0.0); xrpnt += 3; } @@ -1018,7 +1035,7 @@ for(;lp;lp--,mc--) { - long x,y; + MASK_STYPE x,y; if(!mc) { mc = *m++; @@ -1039,7 +1056,7 @@ const short *val = h->table; REFRESH_MASK; #ifdef USE_NEW_HUFFTABLE - while((y=val[(unsigned long)mask>>(BITSHIFT+4)])<0) + while((y=val[(MASK_UTYPE)mask>>(BITSHIFT+4)])<0) { val -= y; num -= 4; @@ -1052,7 +1069,7 @@ #else while((y=*val++)<0) { - if (mask < 0) val -= y; + if (MSB_MASK) val -= y; num--; mask <<= 1; @@ -1062,14 +1079,15 @@ #endif } + CHECK_XRPNT; if(x == 15 && h->linbits) { max = cb; REFRESH_MASK; - x += ((unsigned long) mask) >> (BITSHIFT+8-h->linbits); + x += ((MASK_UTYPE) mask) >> (BITSHIFT+8-h->linbits); num -= h->linbits+1; mask <<= h->linbits; - if(mask < 0) *xrpnt++ = REAL_MUL_SCALE_LAYER3(-ispow[x], v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt++ = REAL_MUL_SCALE_LAYER3(-ispow[x], v, gainpow2_scale_idx); else *xrpnt++ = REAL_MUL_SCALE_LAYER3( ispow[x], v, gainpow2_scale_idx); mask <<= 1; @@ -1077,7 +1095,7 @@ else if(x) { max = cb; - if(mask < 0) *xrpnt++ = REAL_MUL_SCALE_LAYER3(-ispow[x], v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt++ = REAL_MUL_SCALE_LAYER3(-ispow[x], v, gainpow2_scale_idx); else *xrpnt++ = REAL_MUL_SCALE_LAYER3( ispow[x], v, gainpow2_scale_idx); num--; @@ -1085,14 +1103,15 @@ } else *xrpnt++ = DOUBLE_TO_REAL(0.0); + CHECK_XRPNT; if(y == 15 && h->linbits) { max = cb; REFRESH_MASK; - y += ((unsigned long) mask) >> (BITSHIFT+8-h->linbits); + y += ((MASK_UTYPE) mask) >> (BITSHIFT+8-h->linbits); num -= h->linbits+1; mask <<= h->linbits; - if(mask < 0) *xrpnt++ = REAL_MUL_SCALE_LAYER3(-ispow[y], v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt++ = REAL_MUL_SCALE_LAYER3(-ispow[y], v, gainpow2_scale_idx); else *xrpnt++ = REAL_MUL_SCALE_LAYER3( ispow[y], v, gainpow2_scale_idx); mask <<= 1; @@ -1100,7 +1119,7 @@ else if(y) { max = cb; - if(mask < 0) *xrpnt++ = REAL_MUL_SCALE_LAYER3(-ispow[y], v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt++ = REAL_MUL_SCALE_LAYER3(-ispow[y], v, gainpow2_scale_idx); else *xrpnt++ = REAL_MUL_SCALE_LAYER3( ispow[y], v, gainpow2_scale_idx); num--; @@ -1120,7 +1139,7 @@ REFRESH_MASK; while((a=*val++)<0) { - if (mask < 0) val -= a; + if (MSB_MASK) val -= a; num--; mask <<= 1; @@ -1153,13 +1172,14 @@ } mc--; } + CHECK_XRPNT; if( (a & (0x8>>i)) ) { max = cb; if(part2remain+num <= 0) break; - if(mask < 0) *xrpnt++ = -REAL_SCALE_LAYER3(v, gainpow2_scale_idx); + if(MSB_MASK) *xrpnt++ = -REAL_SCALE_LAYER3(v, gainpow2_scale_idx); else *xrpnt++ = REAL_SCALE_LAYER3(v, gainpow2_scale_idx); num--; Modified: trunk/reactos/sdk/lib/3rdparty/libmpg123/stringbuf.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/lib/3rdparty/libmpg123… ============================================================================== --- trunk/reactos/sdk/lib/3rdparty/libmpg123/stringbuf.c [iso-8859-1] (original) +++ trunk/reactos/sdk/lib/3rdparty/libmpg123/stringbuf.c [iso-8859-1] Sat Sep 2 13:03:21 2017 @@ -1,7 +1,8 @@ /* stringbuf: mimicking a bit of C++ to more safely handle strings - copyright 2006-10 by the mpg123 project - free software under the terms of the LGPL 2.1 + copyright 2006-17 by the mpg123 project + - free software under the terms of the LGPL 2.1 see COPYING and AUTHORS files in distribution or http://mpg123.org initially written by Thomas Orgis */ @@ -86,7 +87,8 @@ if(mpg123_resize_string(to, fill)) { - memcpy(to->p, text, fill); + if(fill) /* Avoid memcpy(NULL, NULL, 0) */ + memcpy(to->p, text, fill); to->fill = fill; return 1; }

7 years

[tfaber] 75738: [LIBPNG] - Update to version 1.6.32 CORE-13739

by tfaber＠svn.reactos.org

Author: tfaber Date: Sat Sep 2 12:44:21 2017 New Revision: 75738 URL: http://svn.reactos.org/svn/reactos?rev=75738&view=rev Log: [LIBPNG] - Update to version 1.6.32 CORE-13739 Modified: trunk/reactos/dll/3rdparty/libpng/docs/ANNOUNCE trunk/reactos/dll/3rdparty/libpng/docs/CHANGES trunk/reactos/dll/3rdparty/libpng/docs/INSTALL trunk/reactos/dll/3rdparty/libpng/docs/LICENSE trunk/reactos/dll/3rdparty/libpng/docs/README trunk/reactos/dll/3rdparty/libpng/docs/example.c trunk/reactos/dll/3rdparty/libpng/docs/libpng-manual.txt trunk/reactos/dll/3rdparty/libpng/png.c trunk/reactos/dll/3rdparty/libpng/pngerror.c trunk/reactos/dll/3rdparty/libpng/pngget.c trunk/reactos/dll/3rdparty/libpng/pnginfo.h trunk/reactos/dll/3rdparty/libpng/pngpread.c trunk/reactos/dll/3rdparty/libpng/pngpriv.h trunk/reactos/dll/3rdparty/libpng/pngread.c trunk/reactos/dll/3rdparty/libpng/pngrtran.c trunk/reactos/dll/3rdparty/libpng/pngrutil.c trunk/reactos/dll/3rdparty/libpng/pngset.c trunk/reactos/dll/3rdparty/libpng/pngstruct.h trunk/reactos/dll/3rdparty/libpng/pngtrans.c trunk/reactos/dll/3rdparty/libpng/pngwrite.c trunk/reactos/dll/3rdparty/libpng/pngwutil.c trunk/reactos/sdk/include/reactos/libs/libpng/png.h trunk/reactos/sdk/include/reactos/libs/libpng/pngconf.h trunk/reactos/sdk/include/reactos/libs/libpng/pnglibconf.h Modified: trunk/reactos/dll/3rdparty/libpng/docs/ANNOUNCE URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/docs/A… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/docs/ANNOUNCE [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/docs/ANNOUNCE [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,4 +1,4 @@ -Libpng 1.6.29 - March 16, 2017 +Libpng 1.6.32 - August 24, 2017 This is a public release of libpng, intended for use in production codes. @@ -7,37 +7,79 @@ Source files with LF line endings (for Unix/Linux) and with a "configure" script - libpng-1.6.29.tar.xz (LZMA-compressed, recommended) - libpng-1.6.29.tar.gz + libpng-1.6.32.tar.xz (LZMA-compressed, recommended) + libpng-1.6.32.tar.gz Source files with CRLF line endings (for Windows), without the "configure" script - lpng1629.7z (LZMA-compressed, recommended) - lpng1629.zip + lpng1632.7z (LZMA-compressed, recommended) + lpng1632.zip Other information: - libpng-1.6.29-README.txt - libpng-1.6.29-LICENSE.txt - libpng-1.6.29-*.asc (armored detached GPG signatures) + libpng-1.6.32-README.txt + libpng-1.6.32-LICENSE.txt + libpng-1.6.32-*.asc (armored detached GPG signatures) -Changes since the last public release (1.6.28): - - Readded "include(GNUInstallDirs)" to CMakeLists.txt (Gianfranco Costamagna). - Moved SSE2 optimization code into the main libpng source directory. - Configure libpng with "configure --enable-intel-sse" or compile - libpng with "-DPNG_INTEL_SSE" in CPPFLAGS to enable it. - Simplified conditional compilation in pngvalid.c, for AIX (Michael Felt). - Avoid conditional directives that break statements in pngrutil.c (Romero - Malaquias) - The contrib/examples/pngtopng.c recovery code was in the wrong "if" - branches; the comments were correct. - Added code for PowerPC VSX optimisation (Vadim Barkov). - Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer). - Change test ZLIB_VERNUM >= 0x1281 to ZLIB_VERNUM >= 0x1290 in pngrutil.c - because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1. - Suppress clang warnings about implicit sign changes in png.c +Changes since the last public release (1.6.31): + Avoid possible NULL dereference in png_handle_eXIf when benign_errors + are allowed. Avoid leaking the input buffer "eXIf_buf". + Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif + to arguments for png_get_eXIf() and png_set_eXIf(). + Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in + pngwrite.c, and made various other fixes to png_write_eXIf(). + Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and + png_set_eXIf_1(), respectively, to avoid breaking API compatibility + with libpng-1.6.31. + Updated contrib/libtests/pngunknown.c with eXIf chunk. + Initialized btoa[] in pngstest.c + Stop memory leak when returning from png_handle_eXIf() with an error + (Bug report from the OSS-fuzz project). + Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). + Update libpng.3 and libpng-manual.txt about eXIf functions. + Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. + Removed png_get_eXIf_1() and png_set_eXIf_1(). + Check length of all chunks except IDAT against user limit to fix an + OSS-fuzz issue. + Check length of IDAT against maximum possible IDAT size, accounting + for height, rowbytes, interlacing and zlib/deflate overhead. + Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) + does not work (the eXIf chunk data can contain zeroes). + Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation, + no longer using deprecated cmake LOCATION feature (Clifford Yapp). + Fixed five-byte error in the calculation of IDAT maximum possible size. + Moved chunk-length check into a png_check_chunk_length() private + function (Suggested by Max Stepin). + Moved bad pngs from tests to contrib/libtests/crashers + Moved testing of bad pngs into a separate tests/pngtest-badpngs script + Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL + in the output but PASS for the libpng test. + Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp). + Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the + num_exif argument to png_get_eXIf_1() (Github Issue 171). + Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). + Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. + Make pngtest --strict, --relax, --xfail options imply -m (multiple). + Removed unused chunk_name parameter from png_check_chunk_length(). + Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. + Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. + Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. + Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. + Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account + for the minimum 'deflate' stream, and relocate the test to a point + after the keyword has been read. + Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". + Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, + one for each known chunk type, with length = 2GB-1. + Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts + in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, + and 162707). + Renamed chunks in contrib/testpngs/crashers to avoid having files whose + names differ only in case; this causes problems with some platforms + (github issue #172). + Added contrib/oss-fuzz directory which contains files used by the oss-fuzz + project (https://github.com/google/oss-fuzz/tree/master/projects/libpng). Send comments/corrections/commendations to png-mng-implement at lists.sf.net (subscription required; visit Modified: trunk/reactos/dll/3rdparty/libpng/docs/CHANGES URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/docs/C… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/docs/CHANGES [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/docs/CHANGES [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -5761,7 +5761,9 @@ if built with zlib-1.2.8.1. Version 1.6.27rc01 [December 27, 2016] - Control ADLER32 checking with new PNG_IGNORE_ADLER32 option. + Control ADLER32 checking with new PNG_IGNORE_ADLER32 option. Fixes + an endless loop when handling erroneous ADLER32 checksums; bug + introduced in libpng-1.6.26. Removed the use of a macro containing the pre-processor 'defined' operator. It is unclear whether this is valid; a macro that "generates" 'defined' is not permitted, but the use of the word @@ -5811,10 +5813,185 @@ Version 1.6.29beta03 [March 1, 2017] Avoid potential overflow of shift operations in png_do_expand() (Aaron Boxer). Change test ZLIB_VERNUM >= 0x1281 to ZLIB_VERNUM >= 0x1290 in pngrutil.c - because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1. + because Solaris 11 distributes zlib-1.2.8.f that is older than 1.2.8.1, + as suggested in zlib FAQ, item 24. Suppress clang warnings about implicit sign changes in png.c Version 1.6.29 [March 16, 2017] + No changes. + +Version 1.6.30beta01 [April 1, 2017] + Added missing "$(CPPFLAGS)" to the compile line for c.pic.o in + makefile.linux and makefile.solaris-x86 (Cosmin). + Revised documentation of png_get_error_ptr() in the libpng manual. + Silence clang -Wcomma and const drop warnings (Viktor Szakats). + Update Sourceforge URLs in documentation (https instead of http). + +Version 1.6.30beta02 [April 22, 2017] + Document need to check for integer overflow when allocating a pixel + buffer for multiple rows in contrib/gregbook, contrib/pngminus, + example.c, and in the manual (suggested by Jaeseung Choi). This + is similar to the bug reported against pngquant in CVE-2016-5735. + Removed reference to the obsolete PNG_SAFE_LIMITS macro in the documentation. + +Version 1.6.30beta03 [May 22, 2017] + Check for integer overflow in contrib/visupng and contrib/tools/genpng. + Do not double evaluate CMAKE_SYSTEM_PROCESSOR in CMakeLists.txt. + Test CMAKE_HOST_WIN32 instead of WIN32 in CMakeLists.txt. + Fix some URL in documentation. + +Version 1.6.30beta04 [June 7, 2017] + Avoid writing an empty IDAT when the last IDAT exactly fills the + compression buffer (bug report by Brian Baird). This bug was + introduced in libpng-1.6.0. + +Version 1.6.30rc01 [June 14, 2017] + No changes. + +Version 1.6.30rc02 [June 25, 2017] + Update copyright year in pnglibconf.h, make ltmain.sh executable. + Add a reference to the libpng.download site in README. + +Version 1.6.30 [June 28, 2017] + No changes. + +Version 1.6.31beta01 [July 5, 2017] + Guard the definition of _POSIX_SOURCE in pngpriv.h (AIX already defines it; + bug report by Michael Felt). + Revised pngpriv.h to work around failure to compile arm/filter_neon.S + ("typedef" directive is unrecognized by the assembler). The problem + was introduced in libpng-1.6.30beta01. + Added "Requires: zlib" to libpng.pc.in (Pieter Neerincx). + Added special case for FreeBSD in arm/filter_neon.S (Maya Rashish). + +Version 1.6.31beta02 [July 8, 2017] + Added instructions for disabling hardware optimizations in INSTALL. + Added "--enable-hardware-optimizations" configuration flag to enable + or disable all hardware optimizations with one flag. + +Version 1.6.31beta03 [July 9, 2017] + Updated CMakeLists.txt to add INTEL_SSE and MIPS_MSA platforms. + Changed "int" to "png_size_t" in intel/filter_sse2.c to prevent + possible integer overflow (Bug report by John Bowler). + Quieted "declaration after statement" warnings in intel/filter_sse2.c. + Added scripts/makefile-linux-opt, which has hardware optimizations enabled. + +Version 1.6.31beta04 [July 11, 2017] + Removed one of the GCC-7.1.0 'strict-overflow' warnings that result when + integers appear on both sides of a compare. Worked around the others by + forcing the strict-overflow setting in the relevant functions to a level + where they are not reported (John Bowler). + Changed "FALL THROUGH" comments to "FALLTHROUGH" because GCC doesn't like + the space. + Worked around some C-style casts from (void*) because g++ 5.4.0 objects + to them. + Increased the buffer size for 'sprint' to pass the gcc 7.1.0 'sprint + overflow' check that is on by default with -Wall -Wextra. + +Version 1.6.31beta05 [July 13, 2017] + Added eXIf chunk support. + +Version 1.6.31beta06 [July 17, 2017] + Added a minimal eXIf chunk (with Orientation and FocalLengthIn35mmFilm + tags) to pngtest.png. + +Version 1.6.31beta07 [July 18, 2017] + Revised the eXIf chunk in pngtest.png to fix "Bad IFD1 Directory" warning. + +Version 1.6.31rc01 [July 19, 2017] + No changes. + +Version 1.6.31rc02 [July 25, 2017] + Fixed typo in example.c (png_free_image should be png_image_free) (Bug + report by John Smith) + +Version 1.6.31 [July 27, 2017] + No changes. + +Version 1.6.32beta01 [July 31, 2017] + Avoid possible NULL dereference in png_handle_eXIf when benign_errors + are allowed. Avoid leaking the input buffer "eXIf_buf". + Eliminated png_ptr->num_exif member from pngstruct.h and added num_exif + to arguments for png_get_eXIf() and png_set_eXIf(). + Added calls to png_handle_eXIf(() in pngread.c and png_write_eXIf() in + pngwrite.c, and made various other fixes to png_write_eXIf(). + Changed name of png_get_eXIF and png_set_eXIf() to png_get_eXIf_1() and + png_set_eXIf_1(), respectively, to avoid breaking API compatibility + with libpng-1.6.31. + +Version 1.6.32beta02 [August 1, 2017] + Updated contrib/libtests/pngunknown.c with eXIf chunk. + +Version 1.6.32beta03 [August 2, 2017] + Initialized btoa[] in pngstest.c + Stop memory leak when returning from png_handle_eXIf() with an error + (Bug report from the OSS-fuzz project). + +Version 1.6.32beta04 [August 2, 2017] + Replaced local eXIf_buf with info_ptr-eXIf_buf in png_handle_eXIf(). + Update libpng.3 and libpng-manual.txt about eXIf functions. + +Version 1.6.32beta05 [August 2, 2017] + Restored png_get_eXIf() and png_set_eXIf() to maintain API compatability. + +Version 1.6.32beta06 [August 2, 2017] + Removed png_get_eXIf_1() and png_set_eXIf_1(). + +Version 1.6.32beta07 [August 3, 2017] + Check length of all chunks except IDAT against user limit to fix an + OSS-fuzz issue. + +Version 1.6.32beta08 [August 3, 2017] + Check length of IDAT against maximum possible IDAT size, accounting + for height, rowbytes, interlacing and zlib/deflate overhead. + Restored png_get_eXIf_1() and png_set_eXIf_1(), because strlen(eXIf_buf) + does not work (the eXIf chunk data can contain zeroes). + +Version 1.6.32beta09 [August 3, 2017] + Require cmake-2.8.8 in CMakeLists.txt. Revised symlink creation, + no longer using deprecated cmake LOCATION feature (Clifford Yapp). + Fixed five-byte error in the calculation of IDAT maximum possible size. + +Version 1.6.32beta10 [August 5, 2017] + Moved chunk-length check into a png_check_chunk_length() private + function (Suggested by Max Stepin). + Moved bad pngs from tests to contrib/libtests/crashers + Moved testing of bad pngs into a separate tests/pngtest-badpngs script + Added the --xfail (expected FAIL) option to pngtest.c. It writes XFAIL + in the output but PASS for the libpng test. + Require cmake-3.0.2 in CMakeLists.txt (Clifford Yapp). + Fix "const" declaration info_ptr argument to png_get_eXIf_1() and the + num_exif argument to png_get_eXIf_1() (Github Issue 171). + +Version 1.6.32beta11 [August 7, 2017] + Added "eXIf" to "chunks_to_ignore[]" in png_set_keep_unknown_chunks(). + Added huge_IDAT.png and empty_ancillary_chunks.png to testpngs/crashers. + Make pngtest --strict, --relax, --xfail options imply -m (multiple). + Removed unused chunk_name parameter from png_check_chunk_length(). + Relocated setting free_me for eXIf data, to stop an OSS-fuzz leak. + Initialize profile_header[] in png_handle_iCCP() to fix OSS-fuzz issue. + Initialize png_ptr->row_buf[0] to 255 in png_read_row() to fix OSS-fuzz UMR. + Attempt to fix a UMR in png_set_text_2() to fix OSS-fuzz issue. + Increase minimum zlib stream from 9 to 14 in png_handle_iCCP(), to account + for the minimum 'deflate' stream, and relocate the test to a point + after the keyword has been read. + Check that the eXIf chunk has at least 2 bytes and begins with "II" or "MM". + +Version 1.6.32rc01 [August 18, 2017] + Added a set of "huge_xxxx_chunk.png" files to contrib/testpngs/crashers, + one for each known chunk type, with length = 2GB-1. + Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts + in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706, + and 162707). + Renamed chunks in contrib/testpngs/crashers to avoid having files whose + names differ only in case; this causes problems with some platforms + (github issue #172). + +Version 1.6.32rc02 [August 22, 2017] + Added contrib/oss-fuzz directory which contains files used by the oss-fuzz + project (https://github.com/google/oss-fuzz/tree/master/projects/libpng). + +Version 1.6.32 [August 24, 2017] No changes. Send comments/corrections/commendations to png-mng-implement at lists.sf.net Modified: trunk/reactos/dll/3rdparty/libpng/docs/INSTALL URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/docs/I… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/docs/INSTALL [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/docs/INSTALL [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -16,10 +16,11 @@ XI. Prepending a prefix to exported symbols XII. Configuring for compiler xxx: XIII. Removing unwanted object code - XIV. Changes to the build and configuration of libpng in libpng-1.5.x - XV. Setjmp/longjmp issues - XVI. Common linking failures - XVII. Other sources of information about libpng + XIV. Enabling or disabling hardware optimizations + XV. Changes to the build and configuration of libpng in libpng-1.5.x + XVI. Setjmp/longjmp issues + XVII. Common linking failures + XVIII. Other sources of information about libpng I. Simple installation @@ -78,8 +79,8 @@ Before installing libpng, you must first install zlib, if it is not already on your system. zlib can usually be found -wherever you got libpng; otherwise go to http://zlib.net. You can place -zlib in the same directory as libpng or in another directory. +wherever you got libpng; otherwise go to https://zlib.net/. You can +place zlib in the same directory as libpng or in another directory. If your system already has a preinstalled zlib you will still need to have access to the zlib.h and zconf.h include files that @@ -281,7 +282,57 @@ The size of the library itself should not be an issue, because only those sections that are actually used will be loaded into memory. -XIV. Changes to the build and configuration of libpng in libpng-1.5.x +XIV. Enabling or disabling hardware optimizations + +Certain hardware capabilites, such as the Intel SSE instructions, +are normally detected at run time. Enable them with configure options +such as one of + + --enable-arm-neon=yes + --enable-mips-msa=yes + --enable-intel-sse=yes + --enable-powerpc-vsx=yes + +or enable them all at once with + + --enable-hardware-optimizations=yes + +or, if you are not using "configure", you can use one +or more of + + CPPFLAGS += "-DPNG_ARM_NEON" + CPPFLAGS += "-DPNG_MIPS_MSA" + CPPFLAGS += "-DPNG_INTEL_SSE" + CPPFLAGS += "-DPNG_POWERPC_VSX" + +See for example scripts/makefile.linux-opt + +If you wish to avoid using them, +you can disable them via the configure option + + --disable-hardware-optimizations + +to disable them all, or + + --enable-intel-sse=no + +to disable a particular one, +or via compiler-command options such as + + CPPFLAGS += "-DPNG_ARM_NEON_OPT=0, -DPNG_MIPS_MSA_OPT=0, + -DPNG_INTEL_SSE_OPT=0, -DPNG_POWERPC_VSX_OPT=0" + +If you are using cmake, hardware optimizations are "on" +by default. To disable them, use + + cmake . -DPNG_ARM_NEON=no -DPNG_INTEL_SSE=no \ + -DPNG_MIPS_MSA=no -DPNG_POWERPC_VSX=no + +or disable them all at once with + + cmake . -DPNG_HARDWARE_OPTIMIZATIONS=no + +XV. Changes to the build and configuration of libpng in libpng-1.5.x Details of internal changes to the library code can be found in the CHANGES file and in the GIT repository logs. These will be of no concern to the vast @@ -372,7 +423,7 @@ libpng, because than the settings would not accurately reflect the settings that were used to build libpng. -XV. Setjmp/longjmp issues +XVI. Setjmp/longjmp issues Libpng uses setjmp()/longjmp() for error handling. Unfortunately setjmp() is known to be not thread-safe on some platforms and we don't know of @@ -390,7 +441,7 @@ with PNG_SETJMP_SUPPORTED defined, or with PNG_SIMPLIFIED_READ_SUPPORTED and PNG_SIMPLIFIED_WRITE_SUPPORTED undefined. -XVI. Common linking failures +XVII. Common linking failures If your application fails to find libpng or zlib entries while linking: @@ -402,7 +453,7 @@ If you are using the vstudio project, observe the WARNING in project/vstudio/README.txt. -XVII. Other sources of information about libpng: +XVIII. Other sources of information about libpng: Further information can be found in the README and libpng-manual.txt files, in the individual makefiles, in png.h, and the manual pages Modified: trunk/reactos/dll/3rdparty/libpng/docs/LICENSE URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/docs/L… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/docs/LICENSE [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/docs/LICENSE [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -10,7 +10,7 @@ This code is released under the libpng license. -libpng versions 1.0.7, July 1, 2000 through 1.6.29, March 16, 2017 are +libpng versions 1.0.7, July 1, 2000 through 1.6.32, August 24, 2017 are Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are derived from libpng-1.0.6, and are distributed according to the same disclaimer and license as libpng-1.0.6 with the following individuals @@ -130,4 +130,4 @@ Glenn Randers-Pehrson glennrp at users.sourceforge.net -March 16, 2017 +April 1, 2017 Modified: trunk/reactos/dll/3rdparty/libpng/docs/README URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/docs/R… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/docs/README [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/docs/README [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,4 +1,4 @@ -README for libpng version 1.6.29 - March 16, 2017 (shared library 16.0) +README for libpng version 1.6.32 - August 24, 2017 (shared library 16.0) See the note about version numbers near the top of png.h See INSTALL for instructions on how to install libpng. @@ -23,7 +23,7 @@ png_uint_32, which will affect shared-library applications that use this function. -To avoid problems with changes to the internals of png info_struct, +To avoid problems with changes to the internals of the png info_struct, new APIs have been made available in 0.95 to avoid direct application access to info_ptr. These functions are the png_set_<chunk> and png_get_<chunk> functions. These functions should be used when @@ -88,11 +88,11 @@ You may also want a copy of the PNG specification. It is available as an RFC, a W3C Recommendation, and an ISO/IEC Standard. You can find -these at http://www.libpng.org/pub/png/documents/ - -This code is currently being archived at libpng.sf.net in the -[DOWNLOAD] area, and at ftp://ftp.simplesystems.org. If you can't find it -in any of those places, e-mail me, and I'll help you find it. +these at http://www.libpng.org/pub/png/pngdocs.html . + +This code is currently being archived at libpng.sourceforge.io in the +[DOWNLOAD] area, and at http://libpng.download/src . If you +can't find it in any of those places, e-mail me, and I'll help you find it. I am not a lawyer, but I believe that the Export Control Classification Number (ECCN) for libpng is EAR99, which means not subject to export Modified: trunk/reactos/dll/3rdparty/libpng/docs/example.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/docs/e… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/docs/example.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/docs/example.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -114,13 +114,13 @@ else { - /* Calling png_free_image is optional unless the simplified API was + /* Calling png_image_free is optional unless the simplified API was * not run to completion. In this case if there wasn't enough * memory for 'buffer' we didn't complete the read, so we must free * the image: */ if (buffer == NULL) - png_free_image(&image); + png_image_free(&image); else free(buffer); @@ -983,6 +983,11 @@ png_uint_32 k, height, width; /* In this example, "image" is a one-dimensional array of bytes */ + + /* Guard against integer overflow */ + if (height > PNG_SIZE_MAX/(width*bytes_per_pixel)) { + png_error(png_ptr, "Image_data buffer would be too large"); + } png_byte image[height*width*bytes_per_pixel]; png_bytep row_pointers[height]; Modified: trunk/reactos/dll/3rdparty/libpng/docs/libpng-manual.txt URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/docs/l… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/docs/libpng-manual.txt [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/docs/libpng-manual.txt [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,9 +1,9 @@ libpng-manual.txt - A description on how to use and modify libpng - libpng version 1.6.29 - March 16, 2017 + libpng version 1.6.32 - August 24, 2017 Updated and distributed by Glenn Randers-Pehrson <glennrp at users.sourceforge.net> - Copyright (c) 1998-2016 Glenn Randers-Pehrson + Copyright (c) 1998-2017 Glenn Randers-Pehrson This document is released under the libpng license. For conditions of distribution and use, see the disclaimer @@ -11,9 +11,9 @@ Based on: - libpng versions 0.97, January 1998, through 1.6.29 - March 16, 2017 + libpng versions 0.97, January 1998, through 1.6.32 - August 24, 2017 Updated and distributed by Glenn Randers-Pehrson - Copyright (c) 1998-2016 Glenn Randers-Pehrson + Copyright (c) 1998-2017 Glenn Randers-Pehrson libpng 1.0 beta 6 - version 0.96 - May 28, 1997 Updated and distributed by Andreas Dilger @@ -66,17 +66,17 @@ The PNG specification (second edition), November 2003, is available as a W3C Recommendation and as an ISO Standard (ISO/IEC 15948:2004 (E)) at -<http://www.w3.org/TR/2003/REC-PNG-20031110/ +<https://www.w3.org/TR/2003/REC-PNG-20031110/ The W3C and ISO documents have identical technical content. The PNG-1.2 specification is available at -<http://png-mng.sourceforge.net/pub/png/spec/1.2/>. +<https://png-mng.sourceforge.io/pub/png/spec/1.2/>. It is technically equivalent to the PNG specification (second edition) but has some additional material. -The PNG-1.0 specification is available as RFC 2083 -<http://png-mng.sourceforge.net/pub/png/spec/1.0/> and as a -W3C Recommendation <http://www.w3.org/TR/REC-png-961001>. +The PNG-1.0 specification is available as RFC 2083 +<https://png-mng.sourceforge.io/pub/png/spec/1.0/> and as a +W3C Recommendation <https://www.w3.org/TR/REC-png-961001>. Some additional chunks are described in the special-purpose public chunks documents at <http://www.libpng.org/pub/png/spec/register/> @@ -101,7 +101,7 @@ Libpng uses zlib for its compression and decompression of PNG files. Further information about zlib, and the latest version of zlib, can -be found at the zlib home page, <http://zlib.net/>. +be found at the zlib home page, <https://zlib.net/>. The zlib compression utility is a general purpose utility that is useful for more than PNG files, and can be used without libpng. See the documentation delivered with zlib for more details. @@ -688,8 +688,9 @@ chunk_cache_max = png_get_chunk_cache_max(png_ptr); Libpng imposes a limit of 8 Megabytes (8,000,000 bytes) on the amount of -memory that a compressed chunk other than IDAT can occupy, when decompressed. -You can change this limit with +memory that any chunk other than IDAT can occupy, originally or when +decompressed (prior to libpng-1.6.32 the limit was only applied to compressed +chunks after decompression). You can change this limit with png_set_chunk_malloc_max(png_ptr, user_chunk_malloc_max); @@ -1190,7 +1191,20 @@ png_set_rows(png_ptr, info_ptr, &row_pointers); Alternatively you could allocate your image in one big block and define -row_pointers[i] to point into the proper places in your block. +row_pointers[i] to point into the proper places in your block, but first +be sure that your platform is able to allocate such a large buffer: + + /* Guard against integer overflow */ + if (height > PNG_SIZE_MAX/(width*pixel_size)) { + png_error(png_ptr,"image_data buffer would be too large"); + } + + png_bytep buffer=png_malloc(png_ptr,height*width*pixel_size); + + for (int i=0; i<height, i++) + row_pointers[i]=buffer+i*width*pixel_size; + + png_set_rows(png_ptr, info_ptr, &row_pointers); If you use png_set_rows(), the application is responsible for freeing row_pointers (and row_pointers[i], if they were separately allocated). @@ -1317,6 +1331,11 @@ rowbytes = png_get_rowbytes(png_ptr, info_ptr); rowbytes - number of bytes needed to hold a row + This value, the bit_depth, color_type, + and the number of channels can change + if you use transforms such as + png_set_expand(). See + png_read_update_info(), below. signature = png_get_signature(png_ptr, info_ptr); @@ -1434,6 +1453,11 @@ trans_color - graylevel or color sample values of the single transparent color for non-paletted images (PNG_INFO_tRNS) + + png_get_eXIf_1(png_ptr, info_ptr, &num_exif, &exif); + (PNG_INFO_eXIf) + + exif - Exif profile (array of png_byte) png_get_hIST(png_ptr, info_ptr, &hist); (PNG_INFO_hIST) @@ -2146,6 +2170,16 @@ array of pointers to each row, as it will be needed for some of the functions below. +Be sure that your platform can allocate the buffer that you'll need. +libpng internally checks for oversize width, but you'll need to +do your own check for number_of_rows*width*pixel_size if you are using +a multiple-row buffer: + + /* Guard against integer overflow */ + if (number_of_rows > PNG_SIZE_MAX/(width*pixel_size)) { + png_error(png_ptr,"image_data buffer would be too large"); + } + Remember: Before you call png_read_update_info(), the png_get_*() functions return the values corresponding to the original PNG image. After you call png_read_update_info the values refer to the image @@ -2470,6 +2504,7 @@ PNG_INFO_gAMA, PNG_INFO_sBIT, PNG_INFO_cHRM, PNG_INFO_PLTE, PNG_INFO_tRNS, PNG_INFO_bKGD, + PNG_INFO_eXIf, PNG_INFO_hIST, PNG_INFO_pHYs, PNG_INFO_oFFs, PNG_INFO_tIME, PNG_INFO_pCAL, PNG_INFO_sRGB, @@ -3068,6 +3103,11 @@ (in order red, green, blue) of the single transparent color for non-paletted images (PNG_INFO_tRNS) + + png_set_eXIf_1(png_ptr, info_ptr, num_exif, exif); + + exif - Exif profile (array of + png_byte) (PNG_INFO_eXIf) png_set_hIST(png_ptr, info_ptr, hist); @@ -3824,7 +3864,7 @@ When the simplified API needs to convert between sRGB and linear colorspaces, the actual sRGB transfer curve defined in the sRGB specification (see the -article at http://en.wikipedia.org/wiki/SRGB) is used, not the gamma=1/2.2 +article at https://en.wikipedia.org/wiki/SRGB) is used, not the gamma=1/2.2 approximation used elsewhere in libpng. When an alpha channel is present it is expected to denote pixel coverage @@ -4088,7 +4128,7 @@ When the simplified API needs to convert between sRGB and linear colorspaces, the actual sRGB transfer curve defined in the sRGB specification (see the -article at http://en.wikipedia.org/wiki/SRGB) is used, not the gamma=1/2.2 +article at https://en.wikipedia.org/wiki/SRGB) is used, not the gamma=1/2.2 approximation used elsewhere in libpng. WRITE APIS @@ -4246,8 +4286,6 @@ png_voidp error_ptr, png_error_ptr error_fn, png_error_ptr warning_fn); - png_voidp error_ptr = png_get_error_ptr(png_ptr); - If NULL is supplied for either error_fn or warning_fn, then the libpng default function will be used, calling fprintf() and/or longjmp() if a problem is encountered. The replacement error functions should have @@ -4258,6 +4296,11 @@ void user_warning_fn(png_structp png_ptr, png_const_charp warning_msg); + +Then, within your user_error_fn or user_warning_fn, you can retrieve +the error_ptr if you need it, by calling + + png_voidp error_ptr = png_get_error_ptr(png_ptr); The motivation behind using setjmp() and longjmp() is the C++ throw and catch exception handling methods. This makes the code much easier to write, @@ -4266,7 +4309,7 @@ after a longjmp, so the user may want to be careful about doing anything after setjmp returns non-zero besides returning itself. Consult your compiler documentation for more details. For an alternative approach, you -may wish to use the "cexcept" facility (see http://cexcept.sourceforge.net), +may wish to use the "cexcept" facility (see https://cexcept.sourceforge.io/), which is illustrated in pngvalid.c and in contrib/visupng. Beginning in libpng-1.4.0, the png_set_benign_errors() API became available. @@ -4494,7 +4537,7 @@ and the MHDR and MEND chunks. Libpng does not provide support for these or any other MNG chunks; your application must provide its own support for them. You may wish to consider using libmng (available at -http://www.libmng.com) instead. +https://www.libmng.com/) instead. VIII. Changes to Libpng from version 0.88 @@ -4917,18 +4960,14 @@ that it could be used to override them. Now this function will reduce or increase the limits. -Starting in libpng-1.5.10, the user limits can be set en masse with the -configuration option PNG_SAFE_LIMITS_SUPPORTED. If this option is enabled, -a set of "safe" limits is applied in pngpriv.h. These can be overridden by -application calls to png_set_user_limits(), png_set_user_chunk_cache_max(), -and/or png_set_user_malloc_max() that increase or decrease the limits. Also, -in libpng-1.5.10 the default width and height limits were increased -from 1,000,000 to 0x7fffffff (i.e., made unlimited). Therefore, the -limits are now - default safe +Starting in libpng-1.5.22, default user limits were established. These +can be overridden by application calls to png_set_user_limits(), +png_set_user_chunk_cache_max(), and/or png_set_user_malloc_max(). +The limits are now + max possible default png_user_width_max 0x7fffffff 1,000,000 png_user_height_max 0x7fffffff 1,000,000 - png_user_chunk_cache_max 0 (unlimited) 128 + png_user_chunk_cache_max 0 (unlimited) 1000 png_user_chunk_malloc_max 0 (unlimited) 8,000,000 The png_set_option() function (and the "options" member of the png struct) was @@ -5178,6 +5217,11 @@ enforced, and the palette was always limited to 256 entries. An over-length PLTE chunk found in an input PNG is silently truncated. +Starting with libpng-1.6.31, the eXIf chunk is supported. Libpng does not +attempt to decode the Exif profile; it simply returns a byte array +containing the profile to the calling application which must do its own +decoding. + XIII. Detecting libpng The png_get_io_ptr() function has been present since libpng-0.88, has never @@ -5194,27 +5238,33 @@ going back to version 0.70. You can access the git repository (read only) at - git://git.code.sf.net/p/libpng/code - -or you can browse it with a web browser by selecting the "code" button at - - https://sourceforge.net/projects/libpng + https://github.com/glennrp/libpng or + https://git.code.sf.net/p/libpng/code.git + +or you can browse it with a web browser at + + https://github.com/glennrp/libpng or + https://sourceforge.net/p/libpng/code/ci/libpng16/tree/ Patches can be sent to glennrp at users.sourceforge.net or to png-mng-implement at lists.sourceforge.net or you can upload them to the libpng bug tracker at - http://libpng.sourceforge.net + https://libpng.sourceforge.io/ + +or as a "pull request" to + + https://github.com/glennrp/libpng/pulls We also accept patches built from the tar or zip distributions, and simple verbal discriptions of bug fixes, reported either to the SourceForge bug tracker, to the png-mng-implement at lists.sf.net -mailing list, or directly to glennrp. +mailing list, as github issues, or directly to glennrp. XV. Coding style Our coding style is similar to the "Allman" style -(See http://en.wikipedia.org/wiki/Indent_style#Allman_style), with curly +(See https://en.wikipedia.org/wiki/Indent_style#Allman_style), with curly braces on separate lines: if (condition) @@ -5315,7 +5365,7 @@ though it were a function. Control keywords if, for, while, and switch are always followed by a space -to distinguish them from function calls, which have no trailing space. +to distinguish them from function calls, which have no trailing space. We put a space after each comma and after each semicolon in "for" statements, and we put spaces before and after each @@ -5341,7 +5391,7 @@ We prefer "if (something != 0)" and "if (something == 0)" over "if (something)" and if "(!something)", respectively, and for pointers -we prefer "if (some_pointer != NULL)" or "if (some_pointer == NULL)". +we prefer "if (some_pointer != NULL)" or "if (some_pointer == NULL)". We do not use the TAB character for indentation in the C sources. @@ -5355,7 +5405,7 @@ an official declaration. This is your unofficial assurance that libpng from version 0.71 and -upward through 1.6.29 are Y2K compliant. It is my belief that earlier +upward through 1.6.32 are Y2K compliant. It is my belief that earlier versions were also Y2K compliant. Libpng only has two year fields. One is a 2-byte unsigned integer Modified: trunk/reactos/dll/3rdparty/libpng/png.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/png.c?… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/png.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/png.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,7 +1,7 @@ /* png.c - location for general purpose libpng functions * - * Last changed in libpng 1.6.29 [March 16, 2017] + * Last changed in libpng 1.6.32 [August 24, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -14,7 +14,27 @@ #include "pngpriv.h" /* Generate a compiler error if there is an old png.h in the search path. */ -typedef png_libpng_version_1_6_29 Your_png_h_is_not_version_1_6_29; +typedef png_libpng_version_1_6_32 Your_png_h_is_not_version_1_6_32; + +#ifdef __GNUC__ +/* The version tests may need to be added to, but the problem warning has + * consistently been fixed in GCC versions which obtain wide-spread release. + * The problem is that many versions of GCC rearrange comparison expressions in + * the optimizer in such a way that the results of the comparison will change + * if signed integer overflow occurs. Such comparisons are not permitted in + * ANSI C90, however GCC isn't clever enough to work out that that do not occur + * below in png_ascii_from_fp and png_muldiv, so it produces a warning with + * -Wextra. Unfortunately this is highly dependent on the optimizer and the + * machine architecture so the warning comes and goes unpredictably and is + * impossible to "fix", even were that a good idea. + */ +#if __GNUC__ == 7 && __GNUC_MINOR__ == 1 +#define GCC_STRICT_OVERFLOW 1 +#endif /* GNU 7.1.x */ +#endif /* GNU */ +#ifndef GCC_STRICT_OVERFLOW +#define GCC_STRICT_OVERFLOW 0 +#endif /* Tells libpng that we have already handled the first "num_bytes" bytes * of the PNG file signature. If the PNG data is embedded into another @@ -595,6 +615,26 @@ } #endif +#ifdef PNG_eXIf_SUPPORTED + /* Free any eXIf entry */ + if (((mask & PNG_FREE_EXIF) & info_ptr->free_me) != 0) + { +# ifdef PNG_READ_eXIf_SUPPORTED + if (info_ptr->eXIf_buf) + { + png_free(png_ptr, info_ptr->eXIf_buf); + info_ptr->eXIf_buf = NULL; + } +# endif + if (info_ptr->exif) + { + png_free(png_ptr, info_ptr->exif); + info_ptr->exif = NULL; + } + info_ptr->valid &= ~PNG_INFO_eXIf; + } +#endif + #ifdef PNG_hIST_SUPPORTED /* Free any hIST entry */ if (((mask & PNG_FREE_HIST) & info_ptr->free_me) != 0) @@ -776,14 +816,14 @@ #else # ifdef __STDC__ return PNG_STRING_NEWLINE \ - "libpng version 1.6.29 - March 16, 2017" PNG_STRING_NEWLINE \ + "libpng version 1.6.32 - August 24, 2017" PNG_STRING_NEWLINE \ "Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson" \ PNG_STRING_NEWLINE \ "Copyright (c) 1996-1997 Andreas Dilger" PNG_STRING_NEWLINE \ "Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc." \ PNG_STRING_NEWLINE; # else - return "libpng version 1.6.29 - March 16, 2017\ + return "libpng version 1.6.32 - August 24, 2017\ Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson\ Copyright (c) 1996-1997 Andreas Dilger\ Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc."; @@ -2832,7 +2872,7 @@ if (power < 0) { if (power < DBL_MIN_10_EXP) return 0; - recip = 1, power = -power; + recip = 1; power = -power; } if (power > 0) @@ -2857,6 +2897,14 @@ /* Function to format a floating point value in ASCII with a given * precision. */ +#if GCC_STRICT_OVERFLOW +#pragma GCC diagnostic push +/* The problem arises below with exp_b10, which can never overflow because it + * comes, originally, from frexp and is therefore limited to a range which is + * typically +/-710 (log2(DBL_MAX)/log2(DBL_MIN)). + */ +#pragma GCC diagnostic warning "-Wstrict-overflow=2" +#endif /* GCC_STRICT_OVERFLOW */ void /* PRIVATE */ png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, png_size_t size, double fp, unsigned int precision) @@ -2910,7 +2958,9 @@ double test = png_pow10(exp_b10+1); if (test <= DBL_MAX) - ++exp_b10, base = test; + { + ++exp_b10; base = test; + } else break; @@ -2924,7 +2974,10 @@ * test on DBL_MAX above. */ fp /= base; - while (fp >= 1) fp /= 10, ++exp_b10; + while (fp >= 1) + { + fp /= 10; ++exp_b10; + } /* Because of the code above fp may, at this point, be * less than .1, this is ok because the code below can @@ -2941,7 +2994,7 @@ */ if (exp_b10 < 0 && exp_b10 > -3) /* PLUS 3 TOTAL 4 */ { - czero = (unsigned int)(-exp_b10); /* PLUS 2 digits: TOTAL 3 */ + czero = 0U-exp_b10; /* PLUS 2 digits: TOTAL 3 */ exp_b10 = 0; /* Dot added below before first output. */ } else @@ -2975,7 +3028,7 @@ /* Rounding up to 10, handle that here. */ if (czero > 0) { - --czero, d = 1; + --czero; d = 1; if (cdigits == 0) --clead; } else @@ -2989,7 +3042,7 @@ else if (ch == 46) { - ch = *--ascii, ++size; + ch = *--ascii; ++size; /* Advance exp_b10 to '1', so that the * decimal point happens after the * previous digit. @@ -3016,7 +3069,9 @@ int ch = *--ascii; if (ch == 46) - ++size, exp_b10 = 1; + { + ++size; exp_b10 = 1; + } /* Else lost a leading zero, so 'exp_b10' is * still ok at (-1) @@ -3052,21 +3107,26 @@ */ if (exp_b10 != (-1)) { - if (exp_b10 == 0) *ascii++ = 46, --size; + if (exp_b10 == 0) + { + *ascii++ = 46; --size; + } /* PLUS 1: TOTAL 4 */ --exp_b10; } - *ascii++ = 48, --czero; + *ascii++ = 48; --czero; } if (exp_b10 != (-1)) { if (exp_b10 == 0) - *ascii++ = 46, --size; /* counted above */ + { + *ascii++ = 46; --size; /* counted above */ + } --exp_b10; } - *ascii++ = (char)(48 + (int)d), ++cdigits; + *ascii++ = (char)(48 + (int)d); ++cdigits; } } while (cdigits+czero < precision+clead && fp > DBL_MIN); @@ -3075,7 +3135,7 @@ /* Check for an exponent, if we don't need one we are * done and just need to terminate the string. At - * this point exp_b10==(-1) is effectively if flag - it got + * this point exp_b10==(-1) is effectively a flag - it got * to '-1' because of the decrement after outputting * the decimal point above (the exponent required is * *not* -1!) @@ -3089,7 +3149,7 @@ * zeros were *not* output, so this doesn't increase * the output count. */ - while (--exp_b10 >= 0) *ascii++ = 48; + while (exp_b10-- > 0) *ascii++ = 48; *ascii = 0; @@ -3107,7 +3167,7 @@ */ size -= cdigits; - *ascii++ = 69, --size; /* 'E': PLUS 1 TOTAL 2+precision */ + *ascii++ = 69; --size; /* 'E': PLUS 1 TOTAL 2+precision */ /* The following use of an unsigned temporary avoids ambiguities in * the signed arithmetic on exp_b10 and permits GCC at least to do @@ -3118,12 +3178,12 @@ if (exp_b10 < 0) { - *ascii++ = 45, --size; /* '-': PLUS 1 TOTAL 3+precision */ - uexp_b10 = (unsigned int)(-exp_b10); + *ascii++ = 45; --size; /* '-': PLUS 1 TOTAL 3+precision */ + uexp_b10 = 0U-exp_b10; } else - uexp_b10 = (unsigned int)exp_b10; + uexp_b10 = 0U+exp_b10; cdigits = 0; @@ -3166,6 +3226,9 @@ /* Here on buffer too small. */ png_error(png_ptr, "ASCII conversion buffer too small"); } +#if GCC_STRICT_OVERFLOW +#pragma GCC diagnostic pop +#endif /* GCC_STRICT_OVERFLOW */ # endif /* FLOATING_POINT */ @@ -3185,7 +3248,9 @@ /* Avoid overflow here on the minimum integer. */ if (fp < 0) - *ascii++ = 45, num = (png_uint_32)(-fp); + { + *ascii++ = 45; num = (png_uint_32)(-fp); + } else num = (png_uint_32)fp; @@ -3223,7 +3288,10 @@ * then ndigits digits to first: */ i = 5; - while (ndigits < i) *ascii++ = 48, --i; + while (ndigits < i) + { + *ascii++ = 48; --i; + } while (ndigits >= first) *ascii++ = digits[--ndigits]; /* Don't output the trailing zeros! */ } @@ -3274,6 +3342,15 @@ * the nearest .00001). Overflow and divide by zero are signalled in * the result, a boolean - true on success, false on overflow. */ +#if GCC_STRICT_OVERFLOW /* from above */ +/* It is not obvious which comparison below gets optimized in such a way that + * signed overflow would change the result; looking through the code does not + * reveal any tests which have the form GCC complains about, so presumably the + * optimizer is moving an add or subtract into the 'if' somewhere. + */ +#pragma GCC diagnostic push +#pragma GCC diagnostic warning "-Wstrict-overflow=2" +#endif /* GCC_STRICT_OVERFLOW */ int png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times, png_int_32 divisor) @@ -3388,6 +3465,9 @@ return 0; } +#if GCC_STRICT_OVERFLOW +#pragma GCC diagnostic pop +#endif /* GCC_STRICT_OVERFLOW */ #endif /* READ_GAMMA || INCH_CONVERSIONS */ #if defined(PNG_READ_GAMMA_SUPPORTED) || defined(PNG_INCH_CONVERSIONS_SUPPORTED) @@ -4278,7 +4358,7 @@ defined(PNG_SIMPLIFIED_WRITE_SUPPORTED) /* sRGB conversion tables; these are machine generated with the code in * contrib/tools/makesRGB.c. The actual sRGB transfer curve defined in the - * specification (see the article at http://en.wikipedia.org/wiki/SRGB) + * specification (see the article at https://en.wikipedia.org/wiki/SRGB) * is used, not the gamma=1/2.2 approximation use elsewhere in libpng. * The sRGB to linear table is exact (to the nearest 16-bit linear fraction). * The inverse (linear to sRGB) table has accuracies as follows: Modified: trunk/reactos/dll/3rdparty/libpng/pngerror.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngerr… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngerror.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngerror.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,8 +1,8 @@ /* pngerror.c - stub functions for i/o and memory allocation * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.31 [July 27, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -163,7 +163,7 @@ case PNG_NUMBER_FORMAT_02u: /* Expects at least 2 digits. */ mincount = 2; - /* FALL THROUGH */ + /* FALLTHROUGH */ case PNG_NUMBER_FORMAT_u: *--end = digits[number % 10]; @@ -173,7 +173,7 @@ case PNG_NUMBER_FORMAT_02x: /* This format expects at least two digits */ mincount = 2; - /* FALL THROUGH */ + /* FALLTHROUGH */ case PNG_NUMBER_FORMAT_x: *--end = digits[number & 0xf]; Modified: trunk/reactos/dll/3rdparty/libpng/pngget.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngget… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngget.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngget.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,8 +1,8 @@ /* pngget.c - retrieval of values from info struct * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.32 [August 24, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -773,6 +773,35 @@ } #endif +#ifdef PNG_eXIf_SUPPORTED +png_uint_32 PNGAPI +png_get_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, + png_bytep *exif) +{ + png_warning(png_ptr, "png_get_eXIf does not work; use png_get_eXIf_1"); + PNG_UNUSED(info_ptr) + PNG_UNUSED(exif) + return 0; +} + +png_uint_32 PNGAPI +png_get_eXIf_1(png_const_structrp png_ptr, png_const_inforp info_ptr, + png_uint_32 *num_exif, png_bytep *exif) +{ + png_debug1(1, "in %s retrieval function", "eXIf"); + + if (png_ptr != NULL && info_ptr != NULL && + (info_ptr->valid & PNG_INFO_eXIf) != 0 && exif != NULL) + { + *num_exif = info_ptr->num_exif; + *exif = info_ptr->exif; + return (PNG_INFO_eXIf); + } + + return (0); +} +#endif + #ifdef PNG_hIST_SUPPORTED png_uint_32 PNGAPI png_get_hIST(png_const_structrp png_ptr, png_inforp info_ptr, Modified: trunk/reactos/dll/3rdparty/libpng/pnginfo.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pnginf… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pnginfo.h [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pnginfo.h [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -185,6 +185,14 @@ png_byte phys_unit_type; /* resolution type (see PNG_RESOLUTION_ below) */ #endif +#ifdef PNG_eXIf_SUPPORTED + int num_exif; /* Added at libpng-1.6.31 */ + png_bytep exif; +# ifdef PNG_READ_eXIf_SUPPORTED + png_bytep eXIf_buf; /* Added at libpng-1.6.32 */ +# endif +#endif + #ifdef PNG_hIST_SUPPORTED /* The hIST chunk contains the relative frequency or importance of the * various palette entries, so that a viewer can intelligently select a Modified: trunk/reactos/dll/3rdparty/libpng/pngpread.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngpre… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngpread.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngpread.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,8 +1,8 @@ /* pngpread.c - read a png file in push mode * - * Last changed in libpng 1.6.24 [August 4, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.32 [August 24, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -189,6 +189,7 @@ png_crc_read(png_ptr, chunk_tag, 4); png_ptr->chunk_name = PNG_CHUNK_FROM_STRING(chunk_tag); png_check_chunk_name(png_ptr, png_ptr->chunk_name); + png_check_chunk_length(png_ptr, png_ptr->push_length); png_ptr->mode |= PNG_HAVE_CHUNK_HEADER; } Modified: trunk/reactos/dll/3rdparty/libpng/pngpriv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngpri… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngpriv.h [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngpriv.h [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,7 +1,7 @@ /* pngpriv.h - private declarations for use inside libpng * - * Last changed in libpng 1.6.29 [March 16, 2017] + * Last changed in libpng 1.6.32 [August 24, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -35,7 +35,9 @@ * Windows/Visual Studio) there is no effect; the OS specific tests below are * still required (as of 2011-05-02.) */ -#define _POSIX_SOURCE 1 /* Just the POSIX 1003.1 and C89 APIs */ +#ifndef _POSIX_SOURCE +# define _POSIX_SOURCE 1 /* Just the POSIX 1003.1 and C89 APIs */ +#endif #ifndef PNG_VERSION_INFO_ONLY /* Standard library headers not required by png.h: */ @@ -452,6 +454,21 @@ # define png_fixed_error(s1,s2) png_err(s1) #endif +/* Some fixed point APIs are still required even if not exported because + * they get used by the corresponding floating point APIs. This magic + * deals with this: + */ +#ifdef PNG_FIXED_POINT_SUPPORTED +# define PNGFAPI PNGAPI +#else +# define PNGFAPI /* PRIVATE */ +#endif + +#ifndef PNG_VERSION_INFO_ONLY +/* Other defines specific to compilers can go here. Try to keep + * them inside an appropriate ifdef/endif pair for portability. + */ + /* C allows up-casts from (void*) to any pointer and (const void*) to any * pointer to a const object. C++ regards this as a type error and requires an * explicit, static, cast and provides the static_cast<> rune to ensure that @@ -466,25 +483,20 @@ static_cast<type>(static_cast<const void*>(value)) #else # define png_voidcast(type, value) (value) -# define png_constcast(type, value) ((type)(value)) +# ifdef _WIN64 +# ifdef __GNUC__ + typedef unsigned long long png_ptruint; +# else + typedef unsigned __int64 png_ptruint; +# endif +# else + typedef unsigned long png_ptruint; +# endif +# define png_constcast(type, value) ((type)(png_ptruint)(const void*)(value)) # define png_aligncast(type, value) ((void*)(value)) # define png_aligncastconst(type, value) ((const void*)(value)) #endif /* __cplusplus */ -/* Some fixed point APIs are still required even if not exported because - * they get used by the corresponding floating point APIs. This magic - * deals with this: - */ -#ifdef PNG_FIXED_POINT_SUPPORTED -# define PNGFAPI PNGAPI -#else -# define PNGFAPI /* PRIVATE */ -#endif - -#ifndef PNG_VERSION_INFO_ONLY -/* Other defines specific to compilers can go here. Try to keep - * them inside an appropriate ifdef/endif pair for portability. - */ #if defined(PNG_FLOATING_POINT_SUPPORTED) ||\ defined(PNG_FLOATING_ARITHMETIC_SUPPORTED) /* png.c requires the following ANSI-C constants if the conversion of @@ -830,6 +842,7 @@ #define png_PLTE PNG_U32( 80, 76, 84, 69) #define png_bKGD PNG_U32( 98, 75, 71, 68) #define png_cHRM PNG_U32( 99, 72, 82, 77) +#define png_eXIf PNG_U32(101, 88, 73, 102) /* registered July 2017 */ #define png_fRAc PNG_U32(102, 82, 65, 99) /* registered, not defined */ #define png_gAMA PNG_U32(103, 65, 77, 65) #define png_gIFg PNG_U32(103, 73, 70, 103) @@ -1130,6 +1143,11 @@ int intent),PNG_EMPTY); #endif +#ifdef PNG_WRITE_eXIf_SUPPORTED +PNG_INTERNAL_FUNCTION(void,png_write_eXIf,(png_structrp png_ptr, + png_bytep exif, int num_exif),PNG_EMPTY); +#endif + #ifdef PNG_WRITE_iCCP_SUPPORTED PNG_INTERNAL_FUNCTION(void,png_write_iCCP,(png_structrp png_ptr, png_const_charp name, png_const_bytep profile), PNG_EMPTY); @@ -1429,6 +1447,11 @@ png_inforp info_ptr, png_uint_32 length),PNG_EMPTY); #endif +#ifdef PNG_READ_eXIf_SUPPORTED +PNG_INTERNAL_FUNCTION(void,png_handle_eXIf,(png_structrp png_ptr, + png_inforp info_ptr, png_uint_32 length),PNG_EMPTY); +#endif + #ifdef PNG_READ_gAMA_SUPPORTED PNG_INTERNAL_FUNCTION(void,png_handle_gAMA,(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length),PNG_EMPTY); @@ -1504,8 +1527,11 @@ png_inforp info_ptr, png_uint_32 length),PNG_EMPTY); #endif -PNG_INTERNAL_FUNCTION(void,png_check_chunk_name,(png_structrp png_ptr, - png_uint_32 chunk_name),PNG_EMPTY); +PNG_INTERNAL_FUNCTION(void,png_check_chunk_name,(png_const_structrp png_ptr, + const png_uint_32 chunk_name),PNG_EMPTY); + +PNG_INTERNAL_FUNCTION(void,png_check_chunk_length,(png_const_structrp png_ptr, + const png_uint_32 chunk_length),PNG_EMPTY); PNG_INTERNAL_FUNCTION(void,png_handle_unknown,(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length, int keep),PNG_EMPTY); Modified: trunk/reactos/dll/3rdparty/libpng/pngread.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngrea… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngread.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngread.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,8 +1,8 @@ /* pngread.c - read a PNG file * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.32 [August 24, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -175,6 +175,11 @@ png_handle_cHRM(png_ptr, info_ptr, length); #endif +#ifdef PNG_READ_eXIf_SUPPORTED + else if (chunk_name == png_eXIf) + png_handle_eXIf(png_ptr, info_ptr, length); +#endif + #ifdef PNG_READ_gAMA_SUPPORTED else if (chunk_name == png_gAMA) png_handle_gAMA(png_ptr, info_ptr, length); @@ -534,6 +539,7 @@ png_error(png_ptr, "Invalid attempt to read row data"); /* Fill the row with IDAT data: */ + png_ptr->row_buf[0]=255; /* to force error if no data was found */ png_read_IDAT_data(png_ptr, png_ptr->row_buf, row_info.rowbytes + 1); if (png_ptr->row_buf[0] > PNG_FILTER_VALUE_NONE) @@ -840,6 +846,11 @@ #ifdef PNG_READ_cHRM_SUPPORTED else if (chunk_name == png_cHRM) png_handle_cHRM(png_ptr, info_ptr, length); +#endif + +#ifdef PNG_READ_eXIf_SUPPORTED + else if (chunk_name == png_eXIf) + png_handle_eXIf(png_ptr, info_ptr, length); #endif #ifdef PNG_READ_gAMA_SUPPORTED @@ -1883,7 +1894,7 @@ { case 4: entry[afirst ? 0 : 3] = (png_uint_16)alpha; - /* FALL THROUGH */ + /* FALLTHROUGH */ case 3: if (alpha < 65535) @@ -1905,7 +1916,7 @@ case 2: entry[1 ^ afirst] = (png_uint_16)alpha; - /* FALL THROUGH */ + /* FALLTHROUGH */ case 1: if (alpha < 65535) @@ -1934,6 +1945,7 @@ { case 4: entry[afirst ? 0 : 3] = (png_byte)alpha; + /* FALLTHROUGH */ case 3: entry[afirst + (2 ^ bgr)] = (png_byte)blue; entry[afirst + 1] = (png_byte)green; @@ -1942,6 +1954,7 @@ case 2: entry[1 ^ afirst] = (png_byte)alpha; + /* FALLTHROUGH */ case 1: entry[afirst] = (png_byte)green; break; @@ -2861,7 +2874,7 @@ case P_sRGB: /* Change to 8-bit sRGB */ png_set_alpha_mode_fixed(png_ptr, PNG_ALPHA_PNG, PNG_GAMMA_sRGB); - /* FALL THROUGH */ + /* FALLTHROUGH */ case P_FILE: if (png_ptr->bit_depth > 8) @@ -3179,8 +3192,7 @@ image->colormap_entries == 244 /* 216 + 1 + 27 */) break; - /* goto bad_output; */ - /* FALL THROUGH */ + goto bad_output; default: bad_output: Modified: trunk/reactos/dll/3rdparty/libpng/pngrtran.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngrtr… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngrtran.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngrtran.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,7 +1,7 @@ /* pngrtran.c - transforms the data in a row for PNG readers * - * Last changed in libpng 1.6.29 [March 16, 2017] + * Last changed in libpng 1.6.31 [July 27, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -49,6 +49,7 @@ case PNG_CRC_WARN_DISCARD: /* Not a valid action for critical data */ png_warning(png_ptr, "Can't discard critical data on CRC error"); + /* FALLTHROUGH */ case PNG_CRC_ERROR_QUIT: /* Error/quit */ case PNG_CRC_DEFAULT: @@ -1253,7 +1254,7 @@ default: case 8: - /* FALL THROUGH (Already 8 bits) */ + /* FALLTHROUGH */ /* (Already 8 bits) */ case 16: /* Already a full 16 bits */ @@ -2934,7 +2935,7 @@ * using the equation given in Poynton's ColorFAQ of 1998-01-04 at * <http://www.inforamp.net/~poynton/> (THIS LINK IS DEAD June 2008 but * versions dated 1998 through November 2002 have been archived at - * http://web.archive.org/web/20000816232553/http://www.inforamp.net/ + * https://web.archive.org/web/20000816232553/www.inforamp.net/ * ~poynton/notes/colour_and_gamma/ColorFAQ.txt ) * Charles Poynton poynton at poynton.com * @@ -4601,7 +4602,9 @@ png_byte *sp = row + row_info->rowbytes; /* source, last byte + 1 */ png_byte *dp = sp + row_info->rowbytes; /* destination, end + 1 */ while (dp > sp) - dp[-2] = dp[-1] = *--sp, dp -= 2; + { + dp[-2] = dp[-1] = *--sp; dp -= 2; + } row_info->rowbytes *= 2; row_info->bit_depth = 16; Modified: trunk/reactos/dll/3rdparty/libpng/pngrutil.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngrut… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngrutil.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngrutil.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,7 +1,7 @@ /* pngrutil.c - utilities to read a PNG file * - * Last changed in libpng 1.6.29 [March 16, 2017] + * Last changed in libpng 1.6.32 [August 24, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) @@ -180,6 +180,9 @@ /* Check to see if chunk name is valid. */ png_check_chunk_name(png_ptr, png_ptr->chunk_name); + + /* Check for too-large chunk length */ + png_check_chunk_length(png_ptr, length); #ifdef PNG_IO_STATE_SUPPORTED png_ptr->io_state = PNG_IO_READING | PNG_IO_CHUNK_DATA; @@ -1377,11 +1380,13 @@ * chunk is just ignored, so does not invalidate the color space. An * alternative is to set the 'invalid' flags at the start of this routine * and only clear them in they were not set before and all the tests pass. - * The minimum 'deflate' stream is assumed to be just the 2 byte header and - * 4 byte checksum. The keyword must be at least one character and there is - * a terminator (0) byte and the compression method. */ - if (length < 9) + + /* The keyword must be at least one character and there is a + * terminator (0) byte and the compression method byte, and the + * 'zlib' datastream is at least 11 bytes. + */ + if (length < 14) { png_crc_finish(png_ptr, length); png_chunk_benign_error(png_ptr, "too short"); @@ -1412,6 +1417,16 @@ png_crc_read(png_ptr, (png_bytep)keyword, read_length); length -= read_length; + + /* The minimum 'zlib' stream is assumed to be just the 2 byte header, + * 5 bytes minimum 'deflate' stream, and the 4 byte checksum. + */ + if (length < 11) + { + png_crc_finish(png_ptr, length); + png_chunk_benign_error(png_ptr, "too short"); + return; + } keyword_length = 0; while (keyword_length < 80 && keyword_length < read_length && @@ -1431,7 +1446,7 @@ if (png_inflate_claim(png_ptr, png_iCCP) == Z_OK) { - Byte profile_header[132]; + Byte profile_header[132]={0}; Byte local_buffer[PNG_INFLATE_BUF_SIZE]; png_alloc_size_t size = (sizeof profile_header); @@ -2009,6 +2024,69 @@ } #endif +#ifdef PNG_READ_eXIf_SUPPORTED +void /* PRIVATE */ +png_handle_eXIf(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) +{ + unsigned int i; + + png_debug(1, "in png_handle_eXIf"); + + if ((png_ptr->mode & PNG_HAVE_IHDR) == 0) + png_chunk_error(png_ptr, "missing IHDR"); + + if (length < 2) + { + png_crc_finish(png_ptr, length); + png_chunk_benign_error(png_ptr, "too short"); + return; + } + + else if (info_ptr == NULL || (info_ptr->valid & PNG_INFO_eXIf) != 0) + { + png_crc_finish(png_ptr, length); + png_chunk_benign_error(png_ptr, "duplicate"); + return; + } + + info_ptr->free_me |= PNG_FREE_EXIF; + + info_ptr->eXIf_buf = png_voidcast(png_bytep, + png_malloc_warn(png_ptr, length)); + + if (info_ptr->eXIf_buf == NULL) + { + png_crc_finish(png_ptr, length); + png_chunk_benign_error(png_ptr, "out of memory"); + return; + } + + for (i = 0; i < length; i++) + { + png_byte buf[1]; + png_crc_read(png_ptr, buf, 1); + info_ptr->eXIf_buf[i] = buf[0]; + if (i == 1 && buf[0] != 'M' && buf[0] != 'I' + && info_ptr->eXIf_buf[0] != buf[0]) + { + png_crc_finish(png_ptr, length); + png_chunk_benign_error(png_ptr, "incorrect byte-order specifier"); + png_free(png_ptr, info_ptr->eXIf_buf); + info_ptr->eXIf_buf = NULL; + return; + } + } + + if (png_crc_finish(png_ptr, 0) != 0) + return; + + png_set_eXIf_1(png_ptr, info_ptr, length, info_ptr->eXIf_buf); + + png_free(png_ptr, info_ptr->eXIf_buf); + info_ptr->eXIf_buf = NULL; +} +#endif + #ifdef PNG_READ_hIST_SUPPORTED void /* PRIVATE */ png_handle_hIST(png_structrp png_ptr, png_inforp info_ptr, png_uint_32 length) @@ -2537,6 +2615,9 @@ if ((png_ptr->mode & PNG_HAVE_IDAT) != 0) png_ptr->mode |= PNG_AFTER_IDAT; + /* Note, "length" is sufficient here; we won't be adding + * a null terminator later. + */ buffer = png_read_buffer(png_ptr, length, 2/*silent*/); if (buffer == NULL) @@ -2583,23 +2664,28 @@ { png_text text; - /* It worked; png_ptr->read_buffer now looks like a tEXt chunk except - * for the extra compression type byte and the fact that it isn't - * necessarily '\0' terminated. - */ - buffer = png_ptr->read_buffer; - buffer[uncompressed_length+(keyword_length+2)] = 0; - - text.compression = PNG_TEXT_COMPRESSION_zTXt; - text.key = (png_charp)buffer; - text.text = (png_charp)(buffer + keyword_length+2); - text.text_length = uncompressed_length; - text.itxt_length = 0; - text.lang = NULL; - text.lang_key = NULL; - - if (png_set_text_2(png_ptr, info_ptr, &text, 1) != 0) - errmsg = "insufficient memory"; + if (png_ptr->read_buffer == NULL) + errmsg="Read failure in png_handle_zTXt"; + else + { + /* It worked; png_ptr->read_buffer now looks like a tEXt chunk + * except for the extra compression type byte and the fact that + * it isn't necessarily '\0' terminated. + */ + buffer = png_ptr->read_buffer; + buffer[uncompressed_length+(keyword_length+2)] = 0; + + text.compression = PNG_TEXT_COMPRESSION_zTXt; + text.key = (png_charp)buffer; + text.text = (png_charp)(buffer + keyword_length+2); + text.text_length = uncompressed_length; + text.itxt_length = 0; + text.lang = NULL; + text.lang_key = NULL; + + if (png_set_text_2(png_ptr, info_ptr, &text, 1) != 0) + errmsg = "insufficient memory"; + } } else @@ -2975,7 +3061,7 @@ case 2: png_ptr->user_chunk_cache_max = 1; png_chunk_benign_error(png_ptr, "no space in chunk cache"); - /* FALL THROUGH */ + /* FALLTHROUGH */ case 1: /* NOTE: prior to 1.6.0 this case resulted in an unknown critical * chunk being skipped, now there will be a hard error below. @@ -2984,7 +3070,7 @@ default: /* not at limit */ --(png_ptr->user_chunk_cache_max); - /* FALL THROUGH */ + /* FALLTHROUGH */ case 0: /* no limit */ # endif /* USER_LIMITS */ /* Here when the limit isn't reached or when limits are compiled @@ -3035,20 +3121,58 @@ */ void /* PRIVATE */ -png_check_chunk_name(png_structrp png_ptr, png_uint_32 chunk_name) +png_check_chunk_name(png_const_structrp png_ptr, const png_uint_32 chunk_name) { int i; + png_uint_32 cn=chunk_name; png_debug(1, "in png_check_chunk_name"); for (i=1; i<=4; ++i) { - int c = chunk_name & 0xff; + int c = cn & 0xff; if (c < 65 || c > 122 || (c > 90 && c < 97)) png_chunk_error(png_ptr, "invalid chunk type"); - chunk_name >>= 8; + cn >>= 8; + } +} + +void /* PRIVATE */ +png_check_chunk_length(png_const_structrp png_ptr, const png_uint_32 length) +{ + png_alloc_size_t limit = PNG_UINT_31_MAX; + + if (png_ptr->chunk_name != png_IDAT) + { +# ifdef PNG_SET_USER_LIMITS_SUPPORTED + if (png_ptr->user_chunk_malloc_max > 0 && + png_ptr->user_chunk_malloc_max < limit) + limit = png_ptr->user_chunk_malloc_max; +# elif PNG_USER_CHUNK_MALLOC_MAX > 0 + if (PNG_USER_CHUNK_MALLOC_MAX < limit) + limit = PNG_USER_CHUNK_MALLOC_MAX; +# endif + } + else + { + size_t row_factor = + (png_ptr->width * png_ptr->channels * (png_ptr->bit_depth > 8? 2: 1) + + 1 + (png_ptr->interlaced? 6: 0)); + if (png_ptr->height > PNG_UINT_32_MAX/row_factor) + limit=PNG_UINT_31_MAX; + else + limit = png_ptr->height * row_factor; + limit += 6 + 5*(limit/32566+1); /* zlib+deflate overhead */ + limit=limit < PNG_UINT_31_MAX? limit : PNG_UINT_31_MAX; + } + + if (length > limit) + { + png_debug2(0," length = %lu, limit = %lu", + (unsigned long)length,(unsigned long)limit); + png_chunk_error(png_ptr, "chunk data is too large"); } } @@ -3377,7 +3501,7 @@ */ do { - dp[0] = sp[0], dp[1] = sp[1]; + dp[0] = sp[0]; dp[1] = sp[1]; if (row_width <= bytes_to_jump) return; @@ -3398,7 +3522,7 @@ */ for (;;) { - dp[0] = sp[0], dp[1] = sp[1], dp[2] = sp[2]; + dp[0] = sp[0]; dp[1] = sp[1]; dp[2] = sp[2]; if (row_width <= bytes_to_jump) return; @@ -3887,7 +4011,10 @@ /* Find the best predictor, the least of pa, pb, pc favoring the earlier * ones in the case of a tie. */ - if (pb < pa) pa = pb, a = b; + if (pb < pa) + { + pa = pb; a = b; + } if (pc < pa) a = c; /* Calculate the current pixel in a, and move the previous row pixel to c @@ -3939,7 +4066,10 @@ pc = (p + pc) < 0 ? -(p + pc) : p + pc; #endif - if (pb < pa) pa = pb, a = b; + if (pb < pa) + { + pa = pb; a = b; + } if (pc < pa) a = c; a += *row; Modified: trunk/reactos/dll/3rdparty/libpng/pngset.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngset… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngset.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngset.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,8 +1,8 @@ /* pngset.c - storage of image information into info struct * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.32 [August 24, 2017] + * Copyright (c) 1998-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -134,6 +134,53 @@ #endif /* cHRM */ +#ifdef PNG_eXIf_SUPPORTED +void PNGAPI +png_set_eXIf(png_const_structrp png_ptr, png_inforp info_ptr, + const png_bytep eXIf_buf) +{ + png_warning(png_ptr, "png_set_eXIf does not work; use png_set_eXIf_1"); + PNG_UNUSED(info_ptr) + PNG_UNUSED(eXIf_buf) +} + +void PNGAPI +png_set_eXIf_1(png_const_structrp png_ptr, png_inforp info_ptr, + const png_uint_32 num_exif, const png_bytep eXIf_buf) +{ + int i; + + png_debug1(1, "in %s storage function", "eXIf"); + + if (png_ptr == NULL || info_ptr == NULL) + return; + + if (info_ptr->exif) + { + png_free(png_ptr, info_ptr->exif); + info_ptr->exif = NULL; + } + + info_ptr->num_exif = num_exif; + + info_ptr->exif = png_voidcast(png_bytep, png_malloc_warn(png_ptr, + info_ptr->num_exif)); + + if (info_ptr->exif == NULL) + { + png_warning(png_ptr, "Insufficient memory for eXIf chunk data"); + return; + } + + info_ptr->free_me |= PNG_FREE_EXIF; + + for (i = 0; i < (int) info_ptr->num_exif; i++) + info_ptr->exif[i] = eXIf_buf[i]; + + info_ptr->valid |= PNG_INFO_eXIf; +} +#endif /* eXIf */ + #ifdef PNG_gAMA_SUPPORTED void PNGFAPI png_set_gAMA_fixed(png_const_structrp png_ptr, png_inforp info_ptr, @@ -1102,8 +1149,9 @@ info_ptr->valid |= PNG_INFO_sPLT; ++(info_ptr->splt_palettes_num); ++np; - } - while (++entries, --nentries); + ++entries; + } + while (--nentries); if (nentries > 0) png_chunk_report(png_ptr, "sPLT out of memory", PNG_CHUNK_WRITE_ERROR); @@ -1354,6 +1402,7 @@ static PNG_CONST png_byte chunks_to_ignore[] = { 98, 75, 71, 68, '\0', /* bKGD */ 99, 72, 82, 77, '\0', /* cHRM */ + 101, 88, 73, 102, '\0', /* eXIf */ 103, 65, 77, 65, '\0', /* gAMA */ 104, 73, 83, 84, '\0', /* hIST */ 105, 67, 67, 80, '\0', /* iCCP */ @@ -1696,14 +1745,16 @@ png_byte ch = (png_byte)*key++; if ((ch > 32 && ch <= 126) || (ch >= 161 /*&& ch <= 255*/)) - *new_key++ = ch, ++key_len, space = 0; + { + *new_key++ = ch; ++key_len; space = 0; + } else if (space == 0) { /* A space or an invalid character when one wasn't seen immediately * before; output just a space. */ - *new_key++ = 32, ++key_len, space = 1; + *new_key++ = 32; ++key_len; space = 1; /* If the character was not a space then it is invalid. */ if (ch != 32) @@ -1716,7 +1767,7 @@ if (key_len > 0 && space != 0) /* trailing space */ { - --key_len, --new_key; + --key_len; --new_key; if (bad_character == 0) bad_character = 32; } Modified: trunk/reactos/dll/3rdparty/libpng/pngstruct.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngstr… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngstruct.h [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngstruct.h [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,7 +1,7 @@ /* pngstruct.h - header file for PNG reference library * - * Last changed in libpng 1.6.28 [January 5, 2017] + * Last changed in libpng 1.6.32 [August 24, 2017] * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) Modified: trunk/reactos/dll/3rdparty/libpng/pngtrans.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngtra… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngtrans.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngtrans.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,8 +1,8 @@ /* pngtrans.c - transforms the data in a row (used by both readers and writers) * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.30 [June 28, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -514,11 +514,15 @@ if (at_start != 0) /* Skip initial filler */ ++sp; else /* Skip initial channel and, for sp, the filler */ - sp += 2, ++dp; + { + sp += 2; ++dp; + } /* For a 1 pixel wide image there is nothing to do */ while (sp < ep) - *dp++ = *sp, sp += 2; + { + *dp++ = *sp; sp += 2; + } row_info->pixel_depth = 8; } @@ -528,10 +532,14 @@ if (at_start != 0) /* Skip initial filler */ sp += 2; else /* Skip initial channel and, for sp, the filler */ - sp += 4, dp += 2; + { + sp += 4; dp += 2; + } while (sp < ep) - *dp++ = *sp++, *dp++ = *sp, sp += 3; + { + *dp++ = *sp++; *dp++ = *sp; sp += 3; + } row_info->pixel_depth = 16; } @@ -554,11 +562,15 @@ if (at_start != 0) /* Skip initial filler */ ++sp; else /* Skip initial channels and, for sp, the filler */ - sp += 4, dp += 3; + { + sp += 4; dp += 3; + } /* Note that the loop adds 3 to dp and 4 to sp each time. */ while (sp < ep) - *dp++ = *sp++, *dp++ = *sp++, *dp++ = *sp, sp += 2; + { + *dp++ = *sp++; *dp++ = *sp++; *dp++ = *sp; sp += 2; + } row_info->pixel_depth = 24; } @@ -568,14 +580,16 @@ if (at_start != 0) /* Skip initial filler */ sp += 2; else /* Skip initial channels and, for sp, the filler */ - sp += 8, dp += 6; + { + sp += 8; dp += 6; + } while (sp < ep) { /* Copy 6 bytes, skip 2 */ - *dp++ = *sp++, *dp++ = *sp++; - *dp++ = *sp++, *dp++ = *sp++; - *dp++ = *sp++, *dp++ = *sp, sp += 3; + *dp++ = *sp++; *dp++ = *sp++; + *dp++ = *sp++; *dp++ = *sp++; + *dp++ = *sp++; *dp++ = *sp; sp += 3; } row_info->pixel_depth = 48; Modified: trunk/reactos/dll/3rdparty/libpng/pngwrite.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngwri… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngwrite.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngwrite.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,8 +1,8 @@ /* pngwrite.c - general routines to write a PNG file * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.32 [August 24, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -237,6 +237,11 @@ png_write_bKGD(png_ptr, &(info_ptr->background), info_ptr->color_type); #endif +#ifdef PNG_WRITE_eXIf_SUPPORTED + if ((info_ptr->valid & PNG_INFO_eXIf) != 0) + png_write_eXIf(png_ptr, info_ptr->exif, info_ptr->num_exif); +#endif + #ifdef PNG_WRITE_hIST_SUPPORTED if ((info_ptr->valid & PNG_INFO_hIST) != 0) png_write_hIST(png_ptr, info_ptr->hist, info_ptr->num_palette); @@ -432,6 +437,12 @@ } } #endif + +#ifdef PNG_WRITE_eXIf_SUPPORTED + if ((info_ptr->valid & PNG_INFO_eXIf) != 0) + png_write_eXIf(png_ptr, info_ptr->exif, info_ptr->num_exif); +#endif + #ifdef PNG_WRITE_UNKNOWN_CHUNKS_SUPPORTED write_unknown_chunks(png_ptr, info_ptr, PNG_AFTER_IDAT); #endif @@ -1007,8 +1018,8 @@ case 5: case 6: case 7: png_app_error(png_ptr, "Unknown row filter for method 0"); - /* FALL THROUGH */ #endif /* WRITE_FILTER */ + /* FALLTHROUGH */ case PNG_FILTER_VALUE_NONE: png_ptr->do_filter = PNG_FILTER_NONE; break; @@ -1875,7 +1886,7 @@ tRNS[i] = entry[afirst ? 0 : 3]; if (tRNS[i] < 255) num_trans = i+1; - /* FALL THROUGH */ + /* FALLTHROUGH */ case 3: palette[i].blue = entry[afirst + (2 ^ bgr)]; palette[i].green = entry[afirst + 1]; @@ -1886,7 +1897,7 @@ tRNS[i] = entry[1 ^ afirst]; if (tRNS[i] < 255) num_trans = i+1; - /* FALL THROUGH */ + /* FALLTHROUGH */ case 1: palette[i].blue = palette[i].red = palette[i].green = entry[afirst]; Modified: trunk/reactos/dll/3rdparty/libpng/pngwutil.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/3rdparty/libpng/pngwut… ============================================================================== --- trunk/reactos/dll/3rdparty/libpng/pngwutil.c [iso-8859-1] (original) +++ trunk/reactos/dll/3rdparty/libpng/pngwutil.c [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,8 +1,8 @@ /* pngwutil.c - utilities to write a PNG file * - * Last changed in libpng 1.6.26 [October 20, 2016] - * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson + * Last changed in libpng 1.6.32 [August 24, 2017] + * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) * (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.) * @@ -1003,7 +1003,8 @@ optimize_cmf(data, png_image_size(png_ptr)); #endif - png_write_complete_chunk(png_ptr, png_IDAT, data, size); + if (size > 0) + png_write_complete_chunk(png_ptr, png_IDAT, data, size); png_ptr->mode |= PNG_HAVE_IDAT; png_ptr->zstream.next_out = data; @@ -1049,7 +1050,8 @@ optimize_cmf(data, png_image_size(png_ptr)); #endif - png_write_complete_chunk(png_ptr, png_IDAT, data, size); + if (size > 0) + png_write_complete_chunk(png_ptr, png_IDAT, data, size); png_ptr->zstream.avail_out = 0; png_ptr->zstream.next_out = NULL; png_ptr->mode |= PNG_HAVE_IDAT | PNG_AFTER_IDAT; @@ -1468,6 +1470,28 @@ png_save_uint_16(buf, back->gray); png_write_complete_chunk(png_ptr, png_bKGD, buf, (png_size_t)2); } +} +#endif + +#ifdef PNG_WRITE_eXIf_SUPPORTED +/* Write the Exif data */ +void /* PRIVATE */ +png_write_eXIf(png_structrp png_ptr, png_bytep exif, int num_exif) +{ + int i; + png_byte buf[1]; + + png_debug(1, "in png_write_eXIf"); + + png_write_chunk_header(png_ptr, png_eXIf, (png_uint_32)(num_exif)); + + for (i = 0; i < num_exif; i++) + { + buf[0] = exif[i]; + png_write_chunk_data(png_ptr, buf, (png_size_t)1); + } + + png_write_chunk_end(png_ptr); } #endif Modified: trunk/reactos/sdk/include/reactos/libs/libpng/png.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/l… ============================================================================== --- trunk/reactos/sdk/include/reactos/libs/libpng/png.h [iso-8859-1] (original) +++ trunk/reactos/sdk/include/reactos/libs/libpng/png.h [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,7 +1,7 @@ /* png.h - header file for PNG reference library * - * libpng version 1.6.29, March 16, 2017 + * libpng version 1.6.32, August 24, 2017 * * Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) @@ -12,7 +12,7 @@ * Authors and maintainers: * libpng versions 0.71, May 1995, through 0.88, January 1996: Guy Schalnat * libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger - * libpng versions 0.97, January 1998, through 1.6.29, March 16, 2017: + * libpng versions 0.97, January 1998, through 1.6.32, August 24, 2017: * Glenn Randers-Pehrson. * See also "Contributing Authors", below. */ @@ -25,7 +25,7 @@ * * This code is released under the libpng license. * - * libpng versions 1.0.7, July 1, 2000 through 1.6.29, March 16, 2017 are + * libpng versions 1.0.7, July 1, 2000 through 1.6.32, August 24, 2017 are * Copyright (c) 2000-2002, 2004, 2006-2017 Glenn Randers-Pehrson, are * derived from libpng-1.0.6, and are distributed according to the same * disclaimer and license as libpng-1.0.6 with the following individuals @@ -213,7 +213,7 @@ * ... * 1.5.28 15 10527 15.so.15.28[.0] * ... - * 1.6.29 16 10629 16.so.16.29[.0] + * 1.6.32 16 10632 16.so.16.32[.0] * * Henceforth the source version will match the shared-library major * and minor numbers; the shared-library major version number will be @@ -234,20 +234,20 @@ * * See libpng.txt or libpng.3 for more information. The PNG specification * is available as a W3C Recommendation and as an ISO Specification, - * <http://www.w3.org/TR/2003/REC-PNG-20031110/ + * <https://www.w3.org/TR/2003/REC-PNG-20031110/ */ /* * Y2K compliance in libpng: * ========================= * - * March 16, 2017 + * August 24, 2017 * * Since the PNG Development group is an ad-hoc body, we can't make * an official declaration. * * This is your unofficial assurance that libpng from version 0.71 and - * upward through 1.6.29 are Y2K compliant. It is my belief that + * upward through 1.6.32 are Y2K compliant. It is my belief that * earlier versions were also Y2K compliant. * * Libpng only has two year fields. One is a 2-byte unsigned integer @@ -309,8 +309,8 @@ */ /* Version information for png.h - this should match the version in png.c */ -#define PNG_LIBPNG_VER_STRING "1.6.29" -#define PNG_HEADER_VERSION_STRING " libpng version 1.6.29 - March 16, 2017\n" +#define PNG_LIBPNG_VER_STRING "1.6.32" +#define PNG_HEADER_VERSION_STRING " libpng version 1.6.32 - August 24, 2017\n" #define PNG_LIBPNG_VER_SONUM 16 #define PNG_LIBPNG_VER_DLLNUM 16 @@ -318,7 +318,7 @@ /* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */ #define PNG_LIBPNG_VER_MAJOR 1 #define PNG_LIBPNG_VER_MINOR 6 -#define PNG_LIBPNG_VER_RELEASE 29 +#define PNG_LIBPNG_VER_RELEASE 32 /* This should match the numeric part of the final component of * PNG_LIBPNG_VER_STRING, omitting any leading zero: @@ -349,7 +349,7 @@ * version 1.0.0 was mis-numbered 100 instead of 10000). From * version 1.0.1 it's xxyyzz, where x=major, y=minor, z=release */ -#define PNG_LIBPNG_VER 10629 /* 1.6.29 */ +#define PNG_LIBPNG_VER 10632 /* 1.6.32 */ /* Library configuration: these options cannot be changed after * the library has been built. @@ -459,7 +459,7 @@ /* This triggers a compiler error in png.c, if png.c and png.h * do not agree upon the version number. */ -typedef char* png_libpng_version_1_6_29; +typedef char* png_libpng_version_1_6_32; /* Basic control structions. Read libpng-manual.txt or libpng.3 for more info. * @@ -776,6 +776,7 @@ #define PNG_INFO_sPLT 0x2000U /* ESR, 1.0.6 */ #define PNG_INFO_sCAL 0x4000U /* ESR, 1.0.6 */ #define PNG_INFO_IDAT 0x8000U /* ESR, 1.0.6 */ +#define PNG_INFO_eXIf 0x10000U /* GR-P, 1.6.31 */ /* This is used for the transformation routines, as some of them * change these values for the row. It also should enable using @@ -1788,7 +1789,8 @@ #define PNG_FREE_PLTE 0x1000U #define PNG_FREE_TRNS 0x2000U #define PNG_FREE_TEXT 0x4000U -#define PNG_FREE_ALL 0x7fffU +#define PNG_FREE_EXIF 0x8000U /* Added at libpng-1.6.31 */ +#define PNG_FREE_ALL 0xffffU #define PNG_FREE_MUL 0x4220U /* PNG_FREE_SPLT|PNG_FREE_TEXT|PNG_FREE_UNKN */ #ifdef PNG_USER_MEM_SUPPORTED @@ -2007,6 +2009,18 @@ png_fixed_point int_blue_Z)) #endif +#ifdef PNG_eXIf_SUPPORTED +PNG_EXPORT(246, png_uint_32, png_get_eXIf, (png_const_structrp png_ptr, + png_inforp info_ptr, png_bytep *exif)); +PNG_EXPORT(247, void, png_set_eXIf, (png_const_structrp png_ptr, + png_inforp info_ptr, const png_bytep exif)); + +PNG_EXPORT(248, png_uint_32, png_get_eXIf_1, (png_const_structrp png_ptr, + png_const_inforp info_ptr, png_uint_32 *num_exif, png_bytep *exif)); +PNG_EXPORT(249, void, png_set_eXIf_1, (png_const_structrp png_ptr, + png_inforp info_ptr, const png_uint_32 num_exif, const png_bytep exif)); +#endif + #ifdef PNG_gAMA_SUPPORTED PNG_FP_EXPORT(137, png_uint_32, png_get_gAMA, (png_const_structrp png_ptr, png_const_inforp info_ptr, double *file_gamma)) @@ -2025,9 +2039,6 @@ #ifdef PNG_hIST_SUPPORTED PNG_EXPORT(141, png_uint_32, png_get_hIST, (png_const_structrp png_ptr, png_inforp info_ptr, png_uint_16p *hist)); -#endif - -#ifdef PNG_hIST_SUPPORTED PNG_EXPORT(142, void, png_set_hIST, (png_const_structrp png_ptr, png_inforp info_ptr, png_const_uint_16p hist)); #endif @@ -2753,7 +2764,7 @@ * * When the simplified API needs to convert between sRGB and linear colorspaces, * the actual sRGB transfer curve defined in the sRGB specification (see the - * article at http://en.wikipedia.org/wiki/SRGB) is used, not the gamma=1/2.2 + * article at https://en.wikipedia.org/wiki/SRGB) is used, not the gamma=1/2.2 * approximation used elsewhere in libpng. * * When an alpha channel is present it is expected to denote pixel coverage @@ -3253,7 +3264,7 @@ * one to use is one more than this.) */ #ifdef PNG_EXPORT_LAST_ORDINAL - PNG_EXPORT_LAST_ORDINAL(245); + PNG_EXPORT_LAST_ORDINAL(249); #endif #ifdef __cplusplus Modified: trunk/reactos/sdk/include/reactos/libs/libpng/pngconf.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/l… ============================================================================== --- trunk/reactos/sdk/include/reactos/libs/libpng/pngconf.h [iso-8859-1] (original) +++ trunk/reactos/sdk/include/reactos/libs/libpng/pngconf.h [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,7 +1,7 @@ /* pngconf.h - machine configurable file for libpng * - * libpng version 1.6.29, March 16, 2017 + * libpng version 1.6.32, August 24, 2017 * * Copyright (c) 1998-2002,2004,2006-2016 Glenn Randers-Pehrson * (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger) Modified: trunk/reactos/sdk/include/reactos/libs/libpng/pnglibconf.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/sdk/include/reactos/libs/l… ============================================================================== --- trunk/reactos/sdk/include/reactos/libs/libpng/pnglibconf.h [iso-8859-1] (original) +++ trunk/reactos/sdk/include/reactos/libs/libpng/pnglibconf.h [iso-8859-1] Sat Sep 2 12:44:21 2017 @@ -1,10 +1,10 @@ -/* libpng 1.6.29 STANDARD API DEFINITION */ +/* libpng 1.6.32 STANDARD API DEFINITION */ /* pnglibconf.h - library build configuration */ -/* Libpng version 1.6.29 - March 16, 2017 */ - -/* Copyright (c) 1998-2015 Glenn Randers-Pehrson */ +/* Libpng version 1.6.32 - August 24, 2017 */ + +/* Copyright (c) 1998-2017 Glenn Randers-Pehrson */ /* This code is released under the libpng license. */ /* For conditions of distribution and use, see the disclaimer */ @@ -84,6 +84,7 @@ #define PNG_READ_USER_TRANSFORM_SUPPORTED #define PNG_READ_bKGD_SUPPORTED #define PNG_READ_cHRM_SUPPORTED +#define PNG_READ_eXIf_SUPPORTED #define PNG_READ_gAMA_SUPPORTED #define PNG_READ_hIST_SUPPORTED #define PNG_READ_iCCP_SUPPORTED @@ -153,6 +154,7 @@ #define PNG_WRITE_WEIGHTED_FILTER_SUPPORTED #define PNG_WRITE_bKGD_SUPPORTED #define PNG_WRITE_cHRM_SUPPORTED +#define PNG_WRITE_eXIf_SUPPORTED #define PNG_WRITE_gAMA_SUPPORTED #define PNG_WRITE_hIST_SUPPORTED #define PNG_WRITE_iCCP_SUPPORTED @@ -170,6 +172,7 @@ #define PNG_WRITE_zTXt_SUPPORTED #define PNG_bKGD_SUPPORTED #define PNG_cHRM_SUPPORTED +#define PNG_eXIf_SUPPORTED #define PNG_gAMA_SUPPORTED #define PNG_hIST_SUPPORTED #define PNG_iCCP_SUPPORTED

7 years

[tfaber] 75737: [USBPORT] - Avoid unnecessary duplicate variables in USBPORT_FlushPendingTransfers

by tfaber＠svn.reactos.org

Author: tfaber Date: Sat Sep 2 09:03:07 2017 New Revision: 75737 URL: http://svn.reactos.org/svn/reactos?rev=75737&view=rev Log: [USBPORT] - Avoid unnecessary duplicate variables in USBPORT_FlushPendingTransfers Modified: trunk/reactos/drivers/usb/usbport/queue.c Modified: trunk/reactos/drivers/usb/usbport/queue.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/usbport/queue.… ============================================================================== --- trunk/reactos/drivers/usb/usbport/queue.c [iso-8859-1] (original) +++ trunk/reactos/drivers/usb/usbport/queue.c [iso-8859-1] Sat Sep 2 09:03:07 2017 @@ -759,10 +759,8 @@ BOOLEAN IsEnd = FALSE; PLIST_ENTRY List; PUSBPORT_TRANSFER Transfer; - KIRQL PrevIrql; PURB Urb; PIRP Irp; - PIRP irp; KIRQL OldIrql; BOOLEAN Result; @@ -877,11 +875,9 @@ Transfer->TransferLink.Flink = NULL; Transfer->TransferLink.Blink = NULL; - irp = Irp; - if (Irp) { - irp = USBPORT_RemovePendingTransferIrp(FdoDevice, Irp); + Irp = USBPORT_RemovePendingTransferIrp(FdoDevice, Irp); } KeReleaseSpinLockFromDpcLevel(&Endpoint->EndpointSpinLock); @@ -890,13 +886,13 @@ KeAcquireSpinLock(&FdoExtension->FlushTransferSpinLock, &OldIrql); - if (irp) - { - IoSetCancelRoutine(irp, USBPORT_CancelActiveTransferIrp); - - if (Irp->Cancel && IoSetCancelRoutine(irp, NULL)) + if (Irp) + { + IoSetCancelRoutine(Irp, USBPORT_CancelActiveTransferIrp); + + if (Irp->Cancel && IoSetCancelRoutine(Irp, NULL)) { - DPRINT_CORE("USBPORT_FlushPendingTransfers: irp - %p\n", irp); + DPRINT_CORE("USBPORT_FlushPendingTransfers: irp - %p\n", Irp); KeReleaseSpinLock(&FdoExtension->FlushTransferSpinLock, OldIrql); @@ -905,8 +901,8 @@ goto Worker; } - USBPORT_FindUrbInIrpTable(FdoExtension->ActiveIrpTable, Urb, irp); - USBPORT_InsertIrpInTable(FdoExtension->ActiveIrpTable, irp); + USBPORT_FindUrbInIrpTable(FdoExtension->ActiveIrpTable, Urb, Irp); + USBPORT_InsertIrpInTable(FdoExtension->ActiveIrpTable, Irp); } IsMapTransfer = USBPORT_QueueActiveUrbToEndpoint(Endpoint, Urb); @@ -920,9 +916,9 @@ } Worker: - KeRaiseIrql(DISPATCH_LEVEL, &PrevIrql); + KeRaiseIrql(DISPATCH_LEVEL, &OldIrql); Result = USBPORT_EndpointWorker(Endpoint, FALSE); - KeLowerIrql(PrevIrql); + KeLowerIrql(OldIrql); if (Result) USBPORT_InvalidateEndpointHandler(FdoDevice,

7 years

[tfaber] 75736: [USBPORT] - Fix logic error: don't complete IRPs for which the cancel routine has been called.

by tfaber＠svn.reactos.org

Author: tfaber Date: Sat Sep 2 08:59:52 2017 New Revision: 75736 URL: http://svn.reactos.org/svn/reactos?rev=75736&view=rev Log: [USBPORT] - Fix logic error: don't complete IRPs for which the cancel routine has been called. Modified: trunk/reactos/drivers/usb/usbport/queue.c Modified: trunk/reactos/drivers/usb/usbport/queue.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/usb/usbport/queue.… ============================================================================== --- trunk/reactos/drivers/usb/usbport/queue.c [iso-8859-1] (original) +++ trunk/reactos/drivers/usb/usbport/queue.c [iso-8859-1] Sat Sep 2 08:59:52 2017 @@ -1042,7 +1042,7 @@ IoSetCancelRoutine(Irp, USBPORT_CancelPendingTransferIrp); - if (Irp->Cancel && !IoSetCancelRoutine(Irp, NULL)) + if (Irp->Cancel && IoSetCancelRoutine(Irp, NULL)) { USBPORT_CompleteTransfer(Urb, USBD_STATUS_CANCELED); }

7 years

[jimtabor] 75735: [NtUser] - Patch by Fabian Maurer : Send WM_NCPAINT and WM_ERASEBKGND when window is shown. Only send position-change messages when needed. - Adapted patch and fixes CORE-3998.

by jimtabor＠svn.reactos.org

Author: jimtabor Date: Sat Sep 2 04:45:16 2017 New Revision: 75735 URL: http://svn.reactos.org/svn/reactos?rev=75735&view=rev Log: [NtUser] - Patch by Fabian Maurer : Send WM_NCPAINT and WM_ERASEBKGND when window is shown. Only send position-change messages when needed. - Adapted patch and fixes CORE-3998. Modified: trunk/reactos/win32ss/user/ntuser/winpos.c Modified: trunk/reactos/win32ss/user/ntuser/winpos.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/winpos… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/winpos.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/winpos.c [iso-8859-1] Sat Sep 2 04:45:16 2017 @@ -22,6 +22,8 @@ (SWP_NOSIZE | SWP_NOMOVE | SWP_NOCLIENTSIZE | SWP_NOCLIENTMOVE | SWP_NOZORDER) #define SWP_AGG_STATUSFLAGS \ (SWP_AGG_NOPOSCHANGE | SWP_FRAMECHANGED | SWP_HIDEWINDOW | SWP_SHOWWINDOW) +#define SWP_AGG_NOCLIENTCHANGE \ + (SWP_NOCLIENTSIZE | SWP_NOCLIENTMOVE) #define EMPTYPOINT(pt) ((pt).x == -1 && (pt).y == -1) #define PLACE_MIN 0x0001 @@ -1263,7 +1265,8 @@ /* Send WM_WINDOWPOSCHANGING message */ - if (!(WinPos->flags & SWP_NOSENDCHANGING)) + if (!(WinPos->flags & SWP_NOSENDCHANGING) + && !((WinPos->flags & SWP_AGG_NOCLIENTCHANGE) && (WinPos->flags & SWP_SHOWWINDOW))) { TRACE("Sending WM_WINDOWPOSCHANGING to hwnd %p flags %04x.\n", Window->head.h,WinPos->flags); co_IntSendMessage(Window->head.h, WM_WINDOWPOSCHANGING, 0, (LPARAM) WinPos); @@ -2105,11 +2108,32 @@ WinPos.flags |= SWP_NOZORDER|SWP_NOREDRAW; } + if(!(flags & SWP_DEFERERASE)) + { + /* erase parent when hiding or resizing child */ + if ((flags & SWP_HIDEWINDOW) || + (!(flags & SWP_SHOWWINDOW) && + (WinPos.flags & SWP_AGG_STATUSFLAGS) != SWP_AGG_NOGEOMETRYCHANGE)) + { + PWND Parent = Window->spwndParent; + if (!Parent || UserIsDesktopWindow(Parent)) Parent = Window; + UserSyncAndPaintWindows( Parent, RDW_ERASENOW); + } + + /* Give newly shown windows a chance to redraw */ + if(((WinPos.flags & SWP_AGG_STATUSFLAGS) != SWP_AGG_NOPOSCHANGE) + && !(flags & SWP_AGG_NOCLIENTCHANGE) && (flags & SWP_SHOWWINDOW)) + { + UserSyncAndPaintWindows( Window, RDW_ERASENOW); + } + } + /* And last, send the WM_WINDOWPOSCHANGED message */ TRACE("\tstatus hwnd %p flags = %04x\n",Window?Window->head.h:NULL,WinPos.flags & SWP_AGG_STATUSFLAGS); - if ((WinPos.flags & SWP_AGG_STATUSFLAGS) != SWP_AGG_NOPOSCHANGE) + if (((WinPos.flags & SWP_AGG_STATUSFLAGS) != SWP_AGG_NOPOSCHANGE) + && !((flags & SWP_AGG_NOCLIENTCHANGE) && (flags & SWP_SHOWWINDOW))) { /* WM_WINDOWPOSCHANGED is sent even if SWP_NOSENDCHANGING is set and always contains final window position.

7 years

[jimtabor] 75734: [NtUser] - Fix a potential crash in test_menu_locked_by_window.

by jimtabor＠svn.reactos.org

Author: jimtabor Date: Sat Sep 2 04:08:22 2017 New Revision: 75734 URL: http://svn.reactos.org/svn/reactos?rev=75734&view=rev Log: [NtUser] - Fix a potential crash in test_menu_locked_by_window. Modified: trunk/reactos/win32ss/user/ntuser/nonclient.c Modified: trunk/reactos/win32ss/user/ntuser/nonclient.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/win32ss/user/ntuser/noncli… ============================================================================== --- trunk/reactos/win32ss/user/ntuser/nonclient.c [iso-8859-1] (original) +++ trunk/reactos/win32ss/user/ntuser/nonclient.c [iso-8859-1] Sat Sep 2 04:08:22 2017 @@ -940,10 +940,13 @@ /* Draw menu bar */ if (pWnd->state & WNDS_HASMENU && pWnd->IDMenu) // Should be pWnd->spmenu { - PMENU menu = UserGetMenuObject(UlongToHandle(pWnd->IDMenu)); // FIXME! - TempRect = CurrentRect; - TempRect.bottom = TempRect.top + menu->cyMenu; // Should be pWnd->spmenu->cyMenu; - CurrentRect.top += MENU_DrawMenuBar(hDC, &TempRect, pWnd, FALSE); + PMENU menu; + if ((menu = UserGetMenuObject(UlongToHandle(pWnd->IDMenu)))) // FIXME! Use pWnd->spmenu, + { + TempRect = CurrentRect; + TempRect.bottom = TempRect.top + menu->cyMenu; // Should be pWnd->spmenu->cyMenu; + CurrentRect.top += MENU_DrawMenuBar(hDC, &TempRect, pWnd, FALSE); + } } if (ExStyle & WS_EX_CLIENTEDGE) @@ -1111,10 +1114,14 @@ { if (!(Flags & DC_NOSENDMSG)) { - PMENU menu = UserGetMenuObject(UlongToHandle(pWnd->IDMenu)); // FIXME! - TempRect = CurrentRect; - TempRect.bottom = TempRect.top + menu->cyMenu; // Should be pWnd->spmenu->cyMenu; - CurrentRect.top += MENU_DrawMenuBar(hDC, &TempRect, pWnd, FALSE); + PMENU menu; + // Fix crash in test_menu_locked_by_window, should use pWnd->spmenu.... + if ((menu = UserGetMenuObject(UlongToHandle(pWnd->IDMenu)))) // FIXME! Use pWnd->spmenu, + { + TempRect = CurrentRect; + TempRect.bottom = TempRect.top + menu->cyMenu; // Should be pWnd->spmenu->cyMenu; + CurrentRect.top += MENU_DrawMenuBar(hDC, &TempRect, pWnd, FALSE); + } } }

7 years

[hbelusca] 75733: [EVENTCREATE]: Use wcstoul() to retrieve and check for valid numerical values.

by hbelusca＠svn.reactos.org

Author: hbelusca Date: Fri Sep 1 20:35:25 2017 New Revision: 75733 URL: http://svn.reactos.org/svn/reactos?rev=75733&view=rev Log: [EVENTCREATE]: Use wcstoul() to retrieve and check for valid numerical values. Modified: trunk/reactos/base/applications/cmdutils/eventcreate/eventcreate.c Modified: trunk/reactos/base/applications/cmdutils/eventcreate/eventcreate.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/applications/cmdutils… ============================================================================== --- trunk/reactos/base/applications/cmdutils/eventcreate/eventcreate.c [iso-8859-1] (original) +++ trunk/reactos/base/applications/cmdutils/eventcreate/eventcreate.c [iso-8859-1] Fri Sep 1 20:35:25 2017 @@ -914,7 +914,18 @@ // case TYPE_U16: case TYPE_U32: { - *(ULONG*)Options[Option].Value = (ULONG)_wtol(argv[i]); + PWCHAR pszNext = NULL; + + /* The number is specified in base 10 */ + // NOTE: We might use '0' so that the base is automatically determined. + *(ULONG*)Options[Option].Value = wcstoul(argv[i], &pszNext, 10); + if (*pszNext) + { + /* The value is not a valid numeric value and is not allowed */ + if (PrintErrorFunc) + PrintErrorFunc(InvalidValue, argv[i], OptionStr); + return FALSE; + } break; }

7 years

[hbelusca] 75732: [CONSOLE.CPL]: Fix an invalid success check after calling wcstoul(), plus usage fixes for the True-Type combobox edit box.

by hbelusca＠svn.reactos.org

Author: hbelusca Date: Fri Sep 1 20:17:25 2017 New Revision: 75732 URL: http://svn.reactos.org/svn/reactos?rev=75732&view=rev Log: [CONSOLE.CPL]: Fix an invalid success check after calling wcstoul(), plus usage fixes for the True-Type combobox edit box. Modified: trunk/reactos/dll/cpl/console/font.c Modified: trunk/reactos/dll/cpl/console/font.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/cpl/console/font.c?rev… ============================================================================== --- trunk/reactos/dll/cpl/console/font.c [iso-8859-1] (original) +++ trunk/reactos/dll/cpl/console/font.c [iso-8859-1] Fri Sep 1 20:17:25 2017 @@ -168,6 +168,7 @@ { INT nSel; LONG FontSize; + PWCHAR pszNext = NULL; WCHAR szFontSize[100]; if (SizeList->UseRasterOrTTList) @@ -196,6 +197,11 @@ */ nSel = SendMessageW(SizeList->hWndTTSizeList, CB_GETCURSEL, 0, 0); SendMessageW(SizeList->hWndTTSizeList, CB_GETLBTEXT, nSel, (LPARAM)szFontSize); + + /* Validate the font size */ + FontSize = wcstoul(szFontSize, &pszNext, 10); + if ((FontSize == 0) || (*pszNext)) + return 0; } else { @@ -203,7 +209,12 @@ // ComboBox_GetText(...) GetWindowTextW(SizeList->hWndTTSizeList, szFontSize, ARRAYSIZE(szFontSize)); - // HACK??? + /* Validate the font size */ + FontSize = wcstoul(szFontSize, &pszNext, 10); + if ((FontSize == 0) || (*pszNext)) + return 0; + + /* Find if the font size already exists in the list; if not, add it */ nSel = SendMessageW(SizeList->hWndTTSizeList, CB_FINDSTRINGEXACT, 0, (LPARAM)szFontSize); if (nSel == CB_ERR) { @@ -216,11 +227,6 @@ } SizeList->bIsTTSizeDirty = FALSE; - - /* If _wtol fails and returns 0, the font size is considered invalid */ - // FontSize = wcstoul(szFontSize, &pszNext, 10); if (!*pszNext) { /* Error */ } - FontSize = _wtol(szFontSize); - if (FontSize == 0) return 0; SizeList->CurrentTTSize = FontSize; @@ -601,7 +607,10 @@ * if SizeList->TTSizePixelUnit is TRUE, then the font size is in pixels; * - If SizeList->TTSizePixelUnit is FALSE, then the font size is in points. */ - FontSize = FontSizeList_GetSelectedFontSize(SizeList); + FontSize = FontSizeList_GetSelectedFontSize(SizeList); + if (FontSize == 0) + return FALSE; // We have got an invalid font size... + CharHeight = (SizeList->UseRasterOrTTList ? (LONG)HIWORD(FontSize) : FontSize); CharWidth = (SizeList->UseRasterOrTTList ? (LONG)LOWORD(FontSize) : 0); @@ -776,14 +785,16 @@ WCHAR szFontSize[100]; WCHAR szMessage[260]; + /* Read the ComboBox edit string, as the user has entered a custom size */ GetWindowTextW(SizeList->hWndTTSizeList, szFontSize, ARRAYSIZE(szFontSize)); + + /* Validate the font size */ FontSize = wcstoul(szFontSize, &pszNext, 10); - if (!*pszNext) + if ((FontSize == 0) || (*pszNext)) { // FIXME: Localize! StringCchPrintfW(szMessage, ARRAYSIZE(szMessage), L"\"%s\" is not a valid font size.", szFontSize); MessageBoxW(hDlg, szMessage, L"Error", MB_ICONINFORMATION | MB_OK); - FontSizeList_SelectFontSize(SizeList, FontSize); } /**/SizeList->bIsTTSizeDirty = TRUE;/**/ }

7 years

[mjansen] 75731: [SHIMENG] Fix logging when handling ordinal ordinal functions.

by mjansen＠svn.reactos.org

Author: mjansen Date: Fri Sep 1 19:06:04 2017 New Revision: 75731 URL: http://svn.reactos.org/svn/reactos?rev=75731&view=rev Log: [SHIMENG] Fix logging when handling ordinal ordinal functions. Modified: trunk/reactos/dll/appcompat/apphelp/shimeng.c Modified: trunk/reactos/dll/appcompat/apphelp/shimeng.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/appcompat/apphelp/shim… ============================================================================== --- trunk/reactos/dll/appcompat/apphelp/shimeng.c [iso-8859-1] (original) +++ trunk/reactos/dll/appcompat/apphelp/shimeng.c [iso-8859-1] Fri Sep 1 19:06:04 2017 @@ -580,7 +580,7 @@ return proc; } - SHIMENG_MSG("(GetProcAddress(%p!%s) => %p\n", hModule, lpProcName, lpPrintName); + SHIMENG_MSG("(GetProcAddress(%p!%s) => %p\n", hModule, lpPrintName, proc); HookModuleInfo = SeiFindHookModuleInfo(NULL, hModule);

7 years

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Ros-diffs September 2017