Bug Summary

File:libclamav/png.c
Location:line 248, column 11
Description:Value stored to 'have_sign' is never read

Annotated Source Code

1/*
2 * Copyright 1995-2007 by Alexander Lehmann <lehmann@usa.net>,
3 * Andreas Dilger <adilger@enel.ucalgary.ca>,
4 * Glenn Randers-Pehrson <randeg@alum.rpi.edu>,
5 * Greg Roelofs <newt@pobox.com>,
6 * John Bowler <jbowler@acm.org>,
7 * Tom Lane <tgl@sss.pgh.pa.us>
8 * Copyright (C) 2011 Sourcefire, Inc.
9 * Maintainer: Tomasz Kojm <tkojm@clamav.net>
10 *
11 * Permission to use, copy, modify, and distribute this software and its
12 * documentation for any purpose and without fee is hereby granted, provided
13 * that the above copyright notice appear in all copies and that both that
14 * copyright notice and this permission notice appear in supporting
15 * documentation. This software is provided "as is" without express or
16 * implied warranty.
17 *
18 */
19
20#if HAVE_CONFIG_H1
21#include "clamav-config.h"
22#endif
23
24#include <stdio.h>
25#include <stdlib.h>
26#include <ctype.h>
27#include <string.h>
28#include <fcntl.h>
29#include <sys/types.h>
30#include <sys/stat.h>
31#ifdef HAVE_UNISTD_H1
32#include <unistd.h>
33#endif
34#include <zlib.h>
35
36#include "clamav.h"
37#include "others.h"
38#include "png.h"
39
40typedef unsigned char uch;
41typedef unsigned short ush;
42typedef unsigned long ulg;
43
44#define BS32000 32000 /* size of read block for CRC calculation (and zlib) */
45
46/* Mark's macros to extract big-endian short and long ints: */
47#define SH(p)((ush)(uch)((p)[1]) | ((ush)(uch)((p)[0]) << 8)) ((ush)(uch)((p)[1]) | ((ush)(uch)((p)[0]) << 8))
48#define LG(p)((ulg)(((ush)(uch)(((p)+2)[1]) | ((ush)(uch)(((p)+2)[0]) <<
8))) | ((ulg)(((ush)(uch)((p)[1]) | ((ush)(uch)((p)[0]) <<
8))) << 16)) ((ulg)(SH((p)+2)((ush)(uch)(((p)+2)[1]) | ((ush)(uch)(((p)+2)[0]) << 8)
)) | ((ulg)(SH(p)((ush)(uch)((p)[1]) | ((ush)(uch)((p)[0]) << 8))) << 16))
49
50#define isASCIIalpha(x)(ascii_alpha_table[x] & 0x1) (ascii_alpha_table[x] & 0x1)
51
52#define ANCILLARY(chunkID)((chunkID)[0] & 0x20) ((chunkID)[0] & 0x20)
53#define PRIVATE(chunkID)((chunkID)[1] & 0x20) ((chunkID)[1] & 0x20)
54#define RESERVED(chunkID)((chunkID)[2] & 0x20) ((chunkID)[2] & 0x20)
55#define SAFECOPY(chunkID)((chunkID)[3] & 0x20) ((chunkID)[3] & 0x20)
56#define CRITICAL(chunkID)(!((chunkID)[0] & 0x20)) (!ANCILLARY(chunkID)((chunkID)[0] & 0x20))
57#define PUBLIC(chunkID)(!((chunkID)[1] & 0x20)) (!PRIVATE(chunkID)((chunkID)[1] & 0x20))
58
59/* GRR FIXME: could merge all three of these into single table (bit fields) */
60
61/* GRR 20061203: for "isalpha()" that works even on EBCDIC machines */
62static const uch ascii_alpha_table[256] = {
63 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
64 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
65 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,
66 0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0,0,0,0,0,
67 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
68 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
69 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
70 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
71};
72
73/* GRR 20070707: list of forbidden characters in various keywords */
74static const uch latin1_keyword_forbidden[256] = {
75 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
76 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
77 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
78 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,
79 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
80 1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
81 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
82 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
83};
84
85/* GRR 20070707: list of discouraged (control) characters in tEXt/zTXt text */
86static const uch latin1_text_discouraged[256] = {
87 1,1,1,1,1,1,1,1,1,1,0,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
88 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
89 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
90 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,
91 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,
92 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
93 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
94 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
95};
96
97/* PNG stuff */
98
99static const char *png_type[] = { /* IHDR, tRNS, BASI, summary */
100 "grayscale",
101 "INVALID",
102 "RGB",
103 "palette",
104 "grayscale+alpha",
105 "INVALID",
106 "RGB+alpha"
107};
108
109#define CRCCOMPL(c)c c
110#define CRCINIT(0) (0)
111#define update_crccrc32 crc32
112
113static ulg getlong(fmap_t *map, unsigned int *offset, const char *where)
114{
115 ulg res = 0;
116 int j;
117
118 for (j = 0; j < 4; ++j) {
119 unsigned char c;
120 if(fmap_readn(map, &c, *offset, sizeof(c)) != sizeof(c)) {
121 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: EOF(?) while reading %s\n", where);
122 return 0;
123 }
124 (*offset)++;
125 res <<= 8;
126 res |= c & 0xff;
127 }
128
129 return res;
130}
131
132static int keywordlen(uch *buf, int maxsize)
133{
134 int j = 0;
135
136 while (j < maxsize && buf[j])
137 ++j;
138
139 return j;
140}
141
142static const char *getmonth(int m)
143{
144 static const char *month[] = {
145 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
146 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
147 };
148
149 return (m < 1 || m > 12)? "INVALID" : month[m-1];
150}
151
152/* GRR 20061203: now EBCDIC-safe */
153static int check_chunk_name(char *chunk_name)
154{
155 if (isASCIIalpha((int)chunk_name[0])(ascii_alpha_table[(int)chunk_name[0]] & 0x1) && isASCIIalpha((int)chunk_name[1])(ascii_alpha_table[(int)chunk_name[1]] & 0x1) &&
156 isASCIIalpha((int)chunk_name[2])(ascii_alpha_table[(int)chunk_name[2]] & 0x1) && isASCIIalpha((int)chunk_name[3])(ascii_alpha_table[(int)chunk_name[3]] & 0x1))
157 return 0;
158
159 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid chunk name\n");
160 return CL_EPARSE; /* usually means we've "jumped the tracks": bail! */
161}
162
163/* GRR 20050724 */
164/* caller must do return CL_EPARSE based on return value (0 == OK) */
165/* keyword_name is "keyword" for most chunks, but it can instead be "name" or
166 * "identifier" or whatever makes sense for the chunk in question */
167static int check_keyword(uch *buffer, int maxsize, int *pKeylen)
168{
169 int j, prev_space = 0;
170 int keylen = keywordlen(buffer, maxsize);
171
172 if (pKeylen)
173 *pKeylen = keylen;
174
175 if (keylen == 0) {
176 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: zero length keyword\n");
177 return 1;
178 }
179
180 if (keylen > 79) {
181 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: keyword is longer than 79 characters\n");
182 return 2;
183 }
184
185 if (buffer[0] == ' ') {
186 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: keyword has leading space(s)\n");
187 return 3;
188 }
189
190 if (buffer[keylen - 1] == ' ') {
191 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: keyword has trailing space(s)\n");
192 return 4;
193 }
194
195 for (j = 0; j < keylen; ++j) {
196 if (buffer[j] == ' ') {
197 if (prev_space) {
198 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: keyword has consecutive spaces\n");
199 return 5;
200 }
201 prev_space = 1;
202 } else {
203 prev_space = 0;
204 }
205 }
206
207 for (j = 0; j < keylen; ++j) {
208 if (latin1_keyword_forbidden[buffer[j]]) { /* [0,31] || [127,160] */
209 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: keyword has control character(s)\n");
210 return 6;
211 }
212 }
213 return 0;
214}
215
216/* GRR 20070707 */
217/* caller must do return CL_EPARSE based on return value (0 == OK) */
218static int check_text(uch *buffer, int maxsize)
219{
220 int j;
221
222 for (j = 0; j < maxsize; ++j) {
223 if (buffer[j] == 0) {
224 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: text contains NULL character(s)\n");
225 return 1;
226 } else if (latin1_text_discouraged[buffer[j]]) {
227 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: text has control character(s)\n");
228 return 1;
229 }
230 }
231 return 0;
232}
233
234/* GRR 20061203 (used only for sCAL) */
235static int check_ascii_float(uch *buffer, int len)
236{
237 uch *qq = buffer, *bufEnd = buffer + len;
238 int have_sign = 0, have_integer = 0, have_dot = 0, have_fraction = 0;
239 int have_E = 0, have_Esign = 0, have_exponent = 0, in_digits = 0;
240 int have_nonzero = 0;
241 int rc = 0;
242
243 for (qq = buffer; qq < bufEnd && !rc; ++qq) {
244 switch (*qq) {
245 case '+':
246 case '-':
247 if (qq == buffer) {
248 have_sign = 1;
Value stored to 'have_sign' is never read
249 in_digits = 0;
250 } else if (have_E && !have_Esign) {
251 have_Esign = 1;
252 in_digits = 0;
253 } else {
254 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sign character\n");
255 rc = 1;
256 }
257 break;
258
259 case '.':
260 if (!have_dot && !have_E) {
261 have_dot = 1;
262 in_digits = 0;
263 } else {
264 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid decimal point\n");
265 rc = 2;
266 }
267 break;
268
269 case 'e':
270 case 'E':
271 if (have_integer || have_fraction) {
272 have_E = 1;
273 in_digits = 0;
274 } else {
275 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid exponent before mantissa\n");
276 rc = 3;
277 }
278 break;
279
280 default:
281 if (*qq < '0' || *qq > '9') {
282 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid character\n");
283 rc = 4;
284 } else if (in_digits) {
285 /* still in digits: do nothing except check for non-zero digits */
286 if (!have_exponent && *qq != '0')
287 have_nonzero = 1;
288 } else if (!have_integer && !have_dot) {
289 have_integer = 1;
290 in_digits = 1;
291 if (*qq != '0')
292 have_nonzero = 1;
293 } else if (have_dot && !have_fraction) {
294 have_fraction = 1;
295 in_digits = 1;
296 if (*qq != '0')
297 have_nonzero = 1;
298 } else if (have_E && !have_exponent) {
299 have_exponent = 1;
300 in_digits = 1;
301 } else {
302 /* is this case possible? */
303 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid digits\n");
304 rc = 5;
305 }
306 break;
307 }
308 }
309
310 /* must have either integer part or fractional part; all else is optional */
311 if (rc == 0 && !have_integer && !have_fraction) {
312 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: missing mantissa\n");
313 rc = 6;
314 }
315
316 /* non-exponent part must be non-zero (=> must have seen a non-zero digit) */
317 if (rc == 0 && !have_nonzero) {
318 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid zero value(s)\n");
319 rc = 7;
320 }
321
322 return rc;
323}
324
325int cli_parsepng(cli_ctx *ctx)
326{
327 long sz;
328 uch magic[8];
329 char chunkid[5] = {'\0', '\0', '\0', '\0', '\0'};
330 int toread;
331 int c;
332 int have_IHDR = 0, have_IEND = 0;
333 int have_PLTE = 0;
334 int have_IDAT = 0, have_JDAT = 0, last_is_IDAT = 0, last_is_JDAT = 0;
335 int have_bKGD = 0, have_cHRM = 0, have_gAMA = 0, have_hIST = 0, have_iCCP = 0;
336 int have_oFFs = 0, have_pCAL = 0, have_pHYs = 0, have_sBIT = 0, have_sCAL = 0;
337 int have_sRGB = 0, have_sTER = 0, have_tIME = 0, have_tRNS = 0;
338 ulg zhead = 1; /* 0x10000 indicates both zlib header bytes read */
339 ulg crc, filecrc;
340 long num_chunks = 0L;
341 long w = 0L, h = 0L;
342 int bitdepth = 0, sampledepth = 0, lace = 0, nplte = 0;
343 unsigned int ityp = 1;
344 uch buffer[BS32000];
345 int first_idat = 1; /* flag: is this the first IDAT chunk? */
346 int zlib_error = 0; /* reset in IHDR section; used for IDAT */
347 int check_zlib = 1; /* validate zlib stream (just IDATs for now) */
348 unsigned zlib_windowbits = 15;
349 uch outbuf[BS32000];
350 z_stream zstrm;
351 unsigned int offset = 0;
352 fmap_t *map = *ctx->fmap;
353
354 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("in cli_parsepng()\n");
355
356 if(fmap_readn(map, magic, offset, 8) != 8)
357 return CL_SUCCESS; /* Ignore */
358
359 if(memcmp(magic, "\x89\x50\x4e\x47\x0d\x0a\x1a\x0a", 8))
360 return CL_SUCCESS; /* Not a PNG file */
361
362 offset += 8;
363
364 /*-------------------- BEGINNING OF IMMENSE WHILE-LOOP --------------------*/
365
366
367 while(fmap_readn(map, &c, offset, sizeof(c)) == sizeof(c)) {
368
369 if (have_IEND) {
370 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: additional data after END chunk\n");
371 return CL_EPARSE;
372 }
373
374 sz = getlong(map, &offset, "chunk length");
375 if (sz < 0 || sz > 0x7fffffff) { /* FIXME: convert to ulg, lose "< 0" */
376 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid chunk length (too large)\n");
377 return CL_EPARSE;
378 }
379
380 if(fmap_readn(map, chunkid, offset, 4) != 4) {
381 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: EOF while reading chunk type\n");
382 return CL_EPARSE;
383 }
384 offset += 4;
385
386 /* GRR: add 4-character EBCDIC conversion here (chunkid) */
387
388 chunkid[4] = '\0';
389 ++num_chunks;
390
391 if (check_chunk_name(chunkid) != 0)
392 return CL_EPARSE;
393
394 if (!have_IHDR && strcmp(chunkid,"IHDR")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("IHDR") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("IHDR"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("IHDR") + 1) - (size_t)(const void
*)("IHDR") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "IHDR") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("IHDR") && ((size_t
)(const void *)(("IHDR") + 1) - (size_t)(const void *)("IHDR"
) == 1) ? __builtin_strcmp (chunkid, "IHDR") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("IHDR"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("IHDR") && ((size_t)(const void *)(("IHDR") + 1) - (
size_t)(const void *)("IHDR") == 1) && (__s2_len = __builtin_strlen
("IHDR"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "IHDR"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("IHDR"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("IHDR"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("IHDR"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("IHDR"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "IHDR")))); })!=0)
395 {
396 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: first chunk must be IHDR\n");
397 return CL_EPARSE;
398 }
399
400 crc = update_crccrc32(CRCINIT(0), (uch *)chunkid, 4);
401 toread = (sz > BS32000)? BS32000:sz;
402 if(toread && fmap_readn(map, buffer, offset, toread) != toread) {
403 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: EOF while reading data\n");
404 return CL_EPARSE;
405 }
406 offset += toread;
407
408 crc = update_crccrc32(crc, (uch *)buffer, toread);
409
410 /*------*
411 | IHDR |
412 *------*/
413 if (strcmp(chunkid, "IHDR")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("IHDR") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("IHDR"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("IHDR") + 1) - (size_t)(const void
*)("IHDR") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "IHDR") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("IHDR") && ((size_t
)(const void *)(("IHDR") + 1) - (size_t)(const void *)("IHDR"
) == 1) ? __builtin_strcmp (chunkid, "IHDR") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("IHDR"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("IHDR") && ((size_t)(const void *)(("IHDR") + 1) - (
size_t)(const void *)("IHDR") == 1) && (__s2_len = __builtin_strlen
("IHDR"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "IHDR"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("IHDR"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("IHDR"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("IHDR"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("IHDR"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "IHDR")))); }) == 0) {
414 if (have_IHDR) {
415 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple IHDR not allowed\n");
416 return CL_EPARSE;
417 } else if (sz != 13) {
418 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid IHDR length\n");
419 return CL_EPARSE;
420 } else {
421 int compr, filt;
422
423 w = LG(buffer)((ulg)(((ush)(uch)(((buffer)+2)[1]) | ((ush)(uch)(((buffer)+2
)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer)[1]) | ((ush
)(uch)((buffer)[0]) << 8))) << 16));
424 h = LG(buffer+4)((ulg)(((ush)(uch)(((buffer+4)+2)[1]) | ((ush)(uch)(((buffer+
4)+2)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer+4)[1]) |
((ush)(uch)((buffer+4)[0]) << 8))) << 16));
425 if (w <= 0 || h <= 0 || w > 2147483647 || h > 2147483647) {
426 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid image dimensions\n");
427 return CL_EPARSE;
428 }
429 bitdepth = sampledepth = (uch)buffer[8];
430 ityp = (uch)buffer[9];
431 if (ityp == 1 || ityp == 5 || ityp > sizeof(png_type)/sizeof(char*)) {
432 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid image type (%d)\n", ityp);
433 return CL_EPARSE;
434 }
435 switch (sampledepth) {
436 case 1:
437 case 2:
438 case 4:
439 if (ityp == 2 || ityp == 4 || ityp == 6) { /* RGB or GA or RGBA */
440 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sample depth (%d)\n", sampledepth);
441 return CL_EPARSE;
442 }
443 break;
444 case 8:
445 break;
446 case 16:
447 if (ityp == 3) { /* palette */
448 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sample depth (%d)\n", sampledepth);
449 return CL_EPARSE;
450 }
451 break;
452 default:
453 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sample depth (%d)\n", sampledepth);
454 return CL_EPARSE;
455 }
456 compr = (uch)buffer[10];
457 if (compr > 127) {
458 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: private (invalid?) compression method (%d)\n", compr);
459 return CL_EPARSE;
460 } else if (compr > 0) {
461 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid compression method (%d)\n", compr);
462 return CL_EPARSE;
463 }
464 filt = (uch)buffer[11];
465 if (filt > 127) {
466 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: private (invalid?) filter method (%d)\n", filt);
467 return CL_EPARSE;
468 } else if (filt > 0)
469 {
470 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid filter method (%d)\n", filt);
471 return CL_EPARSE;
472 }
473 lace = (uch)buffer[12];
474 if (lace > 127) {
475 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: private (invalid?) interlace method (%d)\n", lace);
476 return CL_EPARSE;
477 } else if (lace > 1) {
478 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid interlace method (%d)\n", lace);
479 return CL_EPARSE;
480 }
481 switch (ityp) {
482 case 2:
483 bitdepth = sampledepth * 3; /* RGB */
484 break;
485 case 4:
486 bitdepth = sampledepth * 2; /* gray+alpha */
487 break;
488 case 6:
489 bitdepth = sampledepth * 4; /* RGBA */
490 break;
491 }
492 }
493 have_IHDR = 1;
494 last_is_IDAT = last_is_JDAT = 0;
495 first_idat = 1; /* flag: next IDAT will be the first in this subimage */
496 zlib_error = 0; /* flag: no zlib errors yet in this file */
497 /* GRR 20000304: data dump not yet compatible with interlaced images: */
498 /*================================================*
499 * PNG chunks (with the exception of IHDR, above) *
500 *================================================*/
501
502 /*------*
503 | PLTE |
504 *------*/
505 } else if (strcmp(chunkid, "PLTE")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("PLTE") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("PLTE"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("PLTE") + 1) - (size_t)(const void
*)("PLTE") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "PLTE") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("PLTE") && ((size_t
)(const void *)(("PLTE") + 1) - (size_t)(const void *)("PLTE"
) == 1) ? __builtin_strcmp (chunkid, "PLTE") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("PLTE"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("PLTE") && ((size_t)(const void *)(("PLTE") + 1) - (
size_t)(const void *)("PLTE") == 1) && (__s2_len = __builtin_strlen
("PLTE"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "PLTE"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("PLTE"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("PLTE"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("PLTE"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("PLTE"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "PLTE")))); }) == 0) {
506 if (have_PLTE) {
507 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple PLTE not allowed\n");
508 return CL_EPARSE;
509 } else if (ityp != 3 && ityp != 2 && ityp != 6) {
510 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: PLTE not allowed in %s image\n", png_type[ityp]);
511 return CL_EPARSE;
512 } else if (have_IDAT) {
513 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: PLTE must precede IDAT\n");
514 return CL_EPARSE;
515 } else if (have_bKGD) {
516 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: PLTE must precede bKGD\n");
517 return CL_EPARSE;
518 } else if (sz > 768 || sz % 3 != 0) {
519 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid number of PLTE entries (%g)\n", (double)sz / 3);
520 return CL_EPARSE;
521 } else {
522 nplte = sz / 3;
523 if (((bitdepth == 1 && nplte > 2) ||
524 (bitdepth == 2 && nplte > 4) || (bitdepth == 4 && nplte > 16)))
525 {
526 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid number of PLTE entries (%d) for %d-bit image\n", nplte, bitdepth);
527 return CL_EPARSE;
528 }
529 }
530 if (ityp == 1) /* for MNG and tRNS */
531 ityp = 3;
532 have_PLTE = 1;
533 last_is_IDAT = last_is_JDAT = 0;
534
535 } else if (strcmp(chunkid, "IDAT")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("IDAT") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("IDAT"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("IDAT") + 1) - (size_t)(const void
*)("IDAT") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "IDAT") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("IDAT") && ((size_t
)(const void *)(("IDAT") + 1) - (size_t)(const void *)("IDAT"
) == 1) ? __builtin_strcmp (chunkid, "IDAT") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("IDAT"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("IDAT") && ((size_t)(const void *)(("IDAT") + 1) - (
size_t)(const void *)("IDAT") == 1) && (__s2_len = __builtin_strlen
("IDAT"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "IDAT"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("IDAT"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("IDAT"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("IDAT"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("IDAT"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "IDAT")))); }) == 0) {
536 /* GRR FIXME: need to check for consecutive IDATs within MNG segments */
537 if (have_IDAT && !last_is_IDAT) {
538 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: IDAT chunks must be consecutive\n");
539 return CL_EPARSE;
540 } else if (ityp == 3 && !have_PLTE) {
541 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: IDAT must follow PLTE in %s image\n", png_type[ityp]);
542 return CL_EPARSE;
543 }
544
545 /* We just want to check that we have read at least the minimum (10)
546 * IDAT bytes possible, but avoid any overflow for short ints. We
547 * must also take into account that 0-length IDAT chunks are legal.
548 */
549 if (have_IDAT <= 0)
550 have_IDAT = (sz > 0)? sz : -1; /* -1 as marker for IDAT(s), no data */
551 else if (have_IDAT < 10)
552 have_IDAT += (sz > 10)? 10 : sz; /* FIXME? could cap at 10 always */
553
554 /* Dump the zlib header from the first two bytes. */
555 if (zhead < 0x10000 && sz > 0) {
556 zhead = (zhead << 8) + buffer[0];
557 if (sz > 1 && zhead < 0x10000)
558 zhead = (zhead << 8) + buffer[1];
559 if (zhead >= 0x10000) {
560 /* formerly print_zlibheader(zhead & 0xffff); */
561 /* See the code in zlib deflate.c that writes out the header when
562 s->status is INIT_STATE. In fact this code is based on the zlib
563 specification in RFC 1950 (ftp://ds.internic.net/rfc/rfc1950.txt),
564 with the implicit assumption that the zlib header *is* written (it
565 always should be inside a valid PNG file). The variable names are
566 taken, verbatim, from the RFC. */
567 unsigned int CINFO = (zhead & 0xf000) >> 12;
568 unsigned int CM = (zhead & 0xf00) >> 8;
569 zlib_windowbits = CINFO + 8;
570 if((zhead & 0xffff) % 31) {
571 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: compression header fails checksum\n");
572 return CL_EPARSE;
573 } else if (CM != 8) {
574 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: non-deflate compression method (%d)\n", CM);
575 return CL_EPARSE;
576 }
577 }
578 }
579
580 if (check_zlib && !zlib_error) {
581 static uch *p; /* always points to next filter byte */
582 static int cur_y, cur_pass, cur_xoff, cur_yoff, cur_xskip, cur_yskip;
583 static long cur_width, cur_linebytes;
584 static long numfilt, numfilt_this_block, numfilt_total, numfilt_pass[7];
585 uch *eod;
586 int err=Z_OK0;
587
588 zstrm.next_in = buffer;
589 zstrm.avail_in = toread;
590
591 /* initialize zlib and bit/byte/line variables if not already done */
592 if (first_idat) {
593 zstrm.next_out = p = outbuf;
594 zstrm.avail_out = BS32000;
595 zstrm.zalloc = (alloc_func)Z_NULL0;
596 zstrm.zfree = (free_func)Z_NULL0;
597 zstrm.opaque = (voidpf)Z_NULL0;
598 if ((err = inflateInit2(&zstrm, zlib_windowbits)inflateInit2_((&zstrm), (zlib_windowbits), "1.2.8", (int)
sizeof(z_stream))) != Z_OK0) {
599 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: zlib: can't initialize (error = %d)\n", err);
600 return CL_EUNPACK;
601 }
602 cur_y = 0;
603 cur_pass = 1; /* interlace pass: 1 through 7 */
604 cur_xoff = cur_yoff = 0;
605 cur_xskip = cur_yskip = lace? 8 : 1;
606 cur_width = (w - cur_xoff + cur_xskip - 1) / cur_xskip; /* round up */
607 cur_linebytes = ((cur_width*bitdepth + 7) >> 3) + 1; /* round, fltr */
608 numfilt = 0L;
609 first_idat = 0;
610 if (lace) { /* loop through passes to calculate total filters */
611 int passm1, yskip=0, yoff=0, xoff=0;
612
613 for (passm1 = 0; passm1 < 7; ++passm1) {
614 switch (passm1) { /* (see table below for full summary) */
615 case 0: yskip = 8; yoff = 0; xoff = 0; break;
616 case 1: yskip = 8; yoff = 0; xoff = 4; break;
617 case 2: yskip = 8; yoff = 4; xoff = 0; break;
618 case 3: yskip = 4; yoff = 0; xoff = 2; break;
619 case 4: yskip = 4; yoff = 2; xoff = 0; break;
620 case 5: yskip = 2; yoff = 0; xoff = 1; break;
621 case 6: yskip = 2; yoff = 1; xoff = 0; break;
622 }
623 /* effective height is reduced if odd pass: subtract yoff (but
624 * if effective width of pass is 0 => no rows and no filters) */
625 numfilt_pass[passm1] =
626 (w <= xoff)? 0 : (h - yoff + yskip - 1) / yskip;
627 if (passm1 > 0) /* now make it cumulative */
628 numfilt_pass[passm1] += numfilt_pass[passm1 - 1];
629 }
630 } else {
631 numfilt_pass[0] = h; /* if non-interlaced */
632 numfilt_pass[1] = numfilt_pass[2] = numfilt_pass[3] = h;
633 numfilt_pass[4] = numfilt_pass[5] = numfilt_pass[6] = h;
634 }
635 numfilt_total = numfilt_pass[6];
636 }
637 numfilt_this_block = 0L;
638
639 while (err != Z_STREAM_END1 && zstrm.avail_in > 0) {
640 /* know zstrm.avail_out > 0: get some image/filter data */
641 err = inflate(&zstrm, Z_SYNC_FLUSH2);
642 if (err != Z_OK0 && err != Z_STREAM_END1) {
643 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: zlib: inflate error\n");
644 inflateEnd(&zstrm);
645 return CL_EPARSE;
646 }
647
648 /* now have uncompressed, filtered image data in outbuf */
649 eod = outbuf + BS32000 - zstrm.avail_out;
650 while (p < eod) {
651
652 if (cur_linebytes) { /* GRP 20000727: bugfix */
653 int filttype = p[0];
654 if (filttype > 127) {
655 if (lace > 1)
656 break; /* assume it's due to unknown interlace method */
657 if (numfilt_this_block == 0) {
658 /* warn only on first one per block; don't break */
659 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: private (invalid?) row-filter type (%d)\n", filttype);
660 inflateEnd(&zstrm);
661 return CL_EPARSE;
662 }
663 } else if (filttype > 4) {
664 if (lace <= 1) {
665 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid row-filter type (%d)\n", filttype);
666 inflateEnd(&zstrm);
667 return CL_EPARSE;
668 } /* else assume it's due to unknown interlace method */
669 break;
670 }
671 ++numfilt;
672 p += cur_linebytes;
673 }
674 cur_y += cur_yskip;
675
676 if (lace) {
677 while (cur_y >= h) { /* may loop if very short image */
678 /*
679 pass xskip yskip xoff yoff
680 1 8 8 0 0
681 2 8 8 4 0
682 3 4 8 0 4
683 4 4 4 2 0
684 5 2 4 0 2
685 6 2 2 1 0
686 7 1 2 0 1
687 */
688 ++cur_pass;
689 if (cur_pass & 1) { /* beginning an odd pass */
690 cur_yoff = cur_xoff;
691 cur_xoff = 0;
692 cur_xskip >>= 1;
693 } else { /* beginning an even pass */
694 if (cur_pass == 2)
695 cur_xoff = 4;
696 else {
697 cur_xoff = cur_yoff >> 1;
698 cur_yskip >>= 1;
699 }
700 cur_yoff = 0;
701 }
702 cur_y = cur_yoff;
703 /* effective width is reduced if even pass: subtract cur_xoff */
704 cur_width = (w - cur_xoff + cur_xskip - 1) / cur_xskip;
705 cur_linebytes = ((cur_width*bitdepth + 7) >> 3) + 1;
706 if (cur_linebytes == 1) /* just the filter byte? no can do */
707 cur_linebytes = 0; /* GRP 20000727: added fix */
708 }
709 } else if (cur_y >= h) {
710 inflateEnd(&zstrm);
711 if(eod - p > 0) {
712 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: %li bytes remaining in buffer before inflateEnd()", eod-p);
713 return CL_EPARSE;
714 }
715 err = Z_STREAM_END1;
716 zlib_error = 1;
717 }
718 }
719 p -= (eod - outbuf); /* wrap p back into outbuf region */
720 zstrm.next_out = outbuf;
721 zstrm.avail_out = BS32000;
722
723 /* get more input (waiting until buffer empties is not necessary best
724 * zlib strategy, but simpler than shifting leftover data around) */
725 if (zstrm.avail_in == 0 && sz > toread) {
726 int data_read;
727
728 sz -= toread;
729 toread = (sz > BS32000)? BS32000:sz;
730 if((data_read = fmap_readn(map, buffer, offset, toread)) != toread) {
731 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: EOF while reading %s data\n", chunkid);
732 return CL_EPARSE;
733 }
734 offset += toread;
735 crc = update_crccrc32(crc, buffer, toread);
736 zstrm.next_in = buffer;
737 zstrm.avail_in = toread;
738 }
739 }
740 }
741 last_is_IDAT = 1;
742 last_is_JDAT = 0;
743
744 /*------*
745 | IEND |
746 *------*/
747 } else if (strcmp(chunkid, "IEND")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("IEND") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("IEND"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("IEND") + 1) - (size_t)(const void
*)("IEND") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "IEND") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("IEND") && ((size_t
)(const void *)(("IEND") + 1) - (size_t)(const void *)("IEND"
) == 1) ? __builtin_strcmp (chunkid, "IEND") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("IEND"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("IEND") && ((size_t)(const void *)(("IEND") + 1) - (
size_t)(const void *)("IEND") == 1) && (__s2_len = __builtin_strlen
("IEND"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "IEND"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("IEND"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("IEND"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("IEND"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("IEND"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "IEND")))); }) == 0) {
748 if (have_IEND) {
749 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple IEND not allowed\n");
750 return CL_EPARSE;
751 } else if (sz != 0) {
752 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid IEND length\n");
753 return CL_EPARSE;
754 } else if (have_IDAT <= 0) {
755 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: no IDAT chunks\n");
756 return CL_EPARSE;
757 } else if (have_IDAT < 10) {
758 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: not enough IDAT data\n");
759 return CL_EPARSE;
760 }
761 have_IEND = 1;
762 last_is_IDAT = last_is_JDAT = 0;
763
764 /*------*
765 | bKGD |
766 *------*/
767 } else if (strcmp(chunkid, "bKGD")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("bKGD") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("bKGD"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("bKGD") + 1) - (size_t)(const void
*)("bKGD") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "bKGD") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("bKGD") && ((size_t
)(const void *)(("bKGD") + 1) - (size_t)(const void *)("bKGD"
) == 1) ? __builtin_strcmp (chunkid, "bKGD") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("bKGD"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("bKGD") && ((size_t)(const void *)(("bKGD") + 1) - (
size_t)(const void *)("bKGD") == 1) && (__s2_len = __builtin_strlen
("bKGD"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "bKGD"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("bKGD"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("bKGD"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("bKGD"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("bKGD"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "bKGD")))); }) == 0) {
768 if (have_bKGD) {
769 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple bKGD not allowed\n");
770 return CL_EPARSE;
771 } else if ((have_IDAT || have_JDAT)) {
772 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: bKGD must precede IDAT\n");
773 return CL_EPARSE;
774 }
775 switch (ityp) {
776 case 0:
777 case 4:
778 if (sz != 2) {
779 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid bKGD length\n");
780 return CL_EPARSE;
781 }
782 break;
783 case 1: /* MNG top-level chunk (default values): "as if 16-bit RGBA" */
784 case 2:
785 case 6:
786 if (sz != 6) {
787 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid bKGD length\n");
788 return CL_EPARSE;
789 }
790 break;
791 case 3:
792 if (sz != 1) {
793 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid bKGD length\n");
794 return CL_EPARSE;
795 } else if (buffer[0] >= nplte) {
796 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: bKGD index falls outside PLTE\n");
797 return CL_EPARSE;
798 }
799 break;
800 }
801 have_bKGD = 1;
802 last_is_IDAT = last_is_JDAT = 0;
803
804 /*------*
805 | cHRM |
806 *------*/
807 } else if (strcmp(chunkid, "cHRM")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("cHRM") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("cHRM"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("cHRM") + 1) - (size_t)(const void
*)("cHRM") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "cHRM") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("cHRM") && ((size_t
)(const void *)(("cHRM") + 1) - (size_t)(const void *)("cHRM"
) == 1) ? __builtin_strcmp (chunkid, "cHRM") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("cHRM"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("cHRM") && ((size_t)(const void *)(("cHRM") + 1) - (
size_t)(const void *)("cHRM") == 1) && (__s2_len = __builtin_strlen
("cHRM"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "cHRM"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("cHRM"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("cHRM"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("cHRM"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("cHRM"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "cHRM")))); }) == 0) {
808 if (have_cHRM) {
809 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple cHRM not allowed\n");
810 return CL_EPARSE;
811 } else if (have_PLTE) {
812 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: cHRM must precede PLTE\n");
813 return CL_EPARSE;
814 } else if ((have_IDAT || have_JDAT)) {
815 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: cHRM must precede IDAT\n");
816 return CL_EPARSE;
817 } else if (sz != 32) {
818 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid cHRM length\n");
819 return CL_EPARSE;
820 } else {
821 double wx, wy, rx, ry, gx, gy, bx, by;
822
823 wx = (double)LG(buffer)((ulg)(((ush)(uch)(((buffer)+2)[1]) | ((ush)(uch)(((buffer)+2
)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer)[1]) | ((ush
)(uch)((buffer)[0]) << 8))) << 16))/100000;
824 wy = (double)LG(buffer+4)((ulg)(((ush)(uch)(((buffer+4)+2)[1]) | ((ush)(uch)(((buffer+
4)+2)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer+4)[1]) |
((ush)(uch)((buffer+4)[0]) << 8))) << 16))/100000;
825 rx = (double)LG(buffer+8)((ulg)(((ush)(uch)(((buffer+8)+2)[1]) | ((ush)(uch)(((buffer+
8)+2)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer+8)[1]) |
((ush)(uch)((buffer+8)[0]) << 8))) << 16))/100000;
826 ry = (double)LG(buffer+12)((ulg)(((ush)(uch)(((buffer+12)+2)[1]) | ((ush)(uch)(((buffer
+12)+2)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer+12)[1]
) | ((ush)(uch)((buffer+12)[0]) << 8))) << 16))/100000;
827 gx = (double)LG(buffer+16)((ulg)(((ush)(uch)(((buffer+16)+2)[1]) | ((ush)(uch)(((buffer
+16)+2)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer+16)[1]
) | ((ush)(uch)((buffer+16)[0]) << 8))) << 16))/100000;
828 gy = (double)LG(buffer+20)((ulg)(((ush)(uch)(((buffer+20)+2)[1]) | ((ush)(uch)(((buffer
+20)+2)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer+20)[1]
) | ((ush)(uch)((buffer+20)[0]) << 8))) << 16))/100000;
829 bx = (double)LG(buffer+24)((ulg)(((ush)(uch)(((buffer+24)+2)[1]) | ((ush)(uch)(((buffer
+24)+2)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer+24)[1]
) | ((ush)(uch)((buffer+24)[0]) << 8))) << 16))/100000;
830 by = (double)LG(buffer+28)((ulg)(((ush)(uch)(((buffer+28)+2)[1]) | ((ush)(uch)(((buffer
+28)+2)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer+28)[1]
) | ((ush)(uch)((buffer+28)[0]) << 8))) << 16))/100000;
831
832 if (wx < 0 || wx > 0.8 || wy < 0 || wy > 0.8 || wx + wy > 1.0) {
833 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid cHRM white point\n");
834 return CL_EPARSE;
835 } else if (rx < 0 || rx > 0.8 || ry < 0 || ry > 0.8 || rx + ry > 1.0) {
836 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid cHRM red point\n");
837 return CL_EPARSE;
838 } else if (gx < 0 || gx > 0.8 || gy < 0 || gy > 0.8 || gx + gy > 1.0) {
839 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid cHRM green point\n");
840 return CL_EPARSE;
841 } else if (bx < 0 || bx > 0.8 || by < 0 || by > 0.8 || bx + by > 1.0) {
842 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid cHRM blue point\n");
843 return CL_EPARSE;
844 }
845 }
846 have_cHRM = 1;
847 last_is_IDAT = last_is_JDAT = 0;
848
849 /*------*
850 | fRAc |
851 *------*/
852 } else if (strcmp(chunkid, "fRAc")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("fRAc") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("fRAc"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("fRAc") + 1) - (size_t)(const void
*)("fRAc") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "fRAc") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("fRAc") && ((size_t
)(const void *)(("fRAc") + 1) - (size_t)(const void *)("fRAc"
) == 1) ? __builtin_strcmp (chunkid, "fRAc") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("fRAc"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("fRAc") && ((size_t)(const void *)(("fRAc") + 1) - (
size_t)(const void *)("fRAc") == 1) && (__s2_len = __builtin_strlen
("fRAc"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "fRAc"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("fRAc"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("fRAc"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("fRAc"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("fRAc"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "fRAc")))); }) == 0) {
853 last_is_IDAT = last_is_JDAT = 0;
854
855 /*------*
856 | gAMA |
857 *------*/
858 } else if (strcmp(chunkid, "gAMA")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("gAMA") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("gAMA"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("gAMA") + 1) - (size_t)(const void
*)("gAMA") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "gAMA") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("gAMA") && ((size_t
)(const void *)(("gAMA") + 1) - (size_t)(const void *)("gAMA"
) == 1) ? __builtin_strcmp (chunkid, "gAMA") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("gAMA"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("gAMA") && ((size_t)(const void *)(("gAMA") + 1) - (
size_t)(const void *)("gAMA") == 1) && (__s2_len = __builtin_strlen
("gAMA"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "gAMA"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("gAMA"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("gAMA"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("gAMA"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("gAMA"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "gAMA")))); }) == 0) {
859 if (have_gAMA) {
860 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple gAMA not allowed\n");
861 return CL_EPARSE;
862 } else if (have_IDAT || have_JDAT) {
863 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: gAMA must precede IDAT\n");
864 return CL_EPARSE;
865 } else if (have_PLTE) {
866 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: gAMA must precede PLTE\n");
867 return CL_EPARSE;
868 } else if (sz != 4) {
869 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid gAMA length\n");
870 return CL_EPARSE;
871 } else if (LG(buffer)((ulg)(((ush)(uch)(((buffer)+2)[1]) | ((ush)(uch)(((buffer)+2
)[0]) << 8))) | ((ulg)(((ush)(uch)((buffer)[1]) | ((ush
)(uch)((buffer)[0]) << 8))) << 16)) == 0) {
872 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid gAMA value (0.0000)\n");
873 return CL_EPARSE;
874 }
875 have_gAMA = 1;
876 last_is_IDAT = last_is_JDAT = 0;
877
878 /*------*
879 | gIFg |
880 *------*/
881 } else if (strcmp(chunkid, "gIFg")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("gIFg") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("gIFg"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("gIFg") + 1) - (size_t)(const void
*)("gIFg") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "gIFg") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("gIFg") && ((size_t
)(const void *)(("gIFg") + 1) - (size_t)(const void *)("gIFg"
) == 1) ? __builtin_strcmp (chunkid, "gIFg") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("gIFg"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("gIFg") && ((size_t)(const void *)(("gIFg") + 1) - (
size_t)(const void *)("gIFg") == 1) && (__s2_len = __builtin_strlen
("gIFg"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "gIFg"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("gIFg"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("gIFg"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("gIFg"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("gIFg"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "gIFg")))); }) == 0) {
882 if (sz != 4) {
883 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid gIFg length\n");
884 return CL_EPARSE;
885 }
886 last_is_IDAT = last_is_JDAT = 0;
887
888 /*------*
889 | gIFt |
890 *------*/
891 } else if (strcmp(chunkid, "gIFt")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("gIFt") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("gIFt"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("gIFt") + 1) - (size_t)(const void
*)("gIFt") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "gIFt") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("gIFt") && ((size_t
)(const void *)(("gIFt") + 1) - (size_t)(const void *)("gIFt"
) == 1) ? __builtin_strcmp (chunkid, "gIFt") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("gIFt"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("gIFt") && ((size_t)(const void *)(("gIFt") + 1) - (
size_t)(const void *)("gIFt") == 1) && (__s2_len = __builtin_strlen
("gIFt"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "gIFt"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("gIFt"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("gIFt"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("gIFt"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("gIFt"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "gIFt")))); }) == 0) {
892 if (sz < 24) {
893 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid gIFt length\n");
894 return CL_EPARSE;
895 }
896 last_is_IDAT = last_is_JDAT = 0;
897
898 /*------*
899 | gIFx |
900 *------*/
901 } else if (strcmp(chunkid, "gIFx")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("gIFx") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("gIFx"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("gIFx") + 1) - (size_t)(const void
*)("gIFx") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "gIFx") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("gIFx") && ((size_t
)(const void *)(("gIFx") + 1) - (size_t)(const void *)("gIFx"
) == 1) ? __builtin_strcmp (chunkid, "gIFx") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("gIFx"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("gIFx") && ((size_t)(const void *)(("gIFx") + 1) - (
size_t)(const void *)("gIFx") == 1) && (__s2_len = __builtin_strlen
("gIFx"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "gIFx"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("gIFx"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("gIFx"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("gIFx"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("gIFx"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "gIFx")))); }) == 0) {
902 if (sz < 11) {
903 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid gIFx length\n");
904 return CL_EPARSE;
905 }
906 last_is_IDAT = last_is_JDAT = 0;
907
908 /*------*
909 | hIST |
910 *------*/
911 } else if (strcmp(chunkid, "hIST")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("hIST") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("hIST"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("hIST") + 1) - (size_t)(const void
*)("hIST") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "hIST") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("hIST") && ((size_t
)(const void *)(("hIST") + 1) - (size_t)(const void *)("hIST"
) == 1) ? __builtin_strcmp (chunkid, "hIST") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("hIST"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("hIST") && ((size_t)(const void *)(("hIST") + 1) - (
size_t)(const void *)("hIST") == 1) && (__s2_len = __builtin_strlen
("hIST"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "hIST"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("hIST"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("hIST"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("hIST"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("hIST"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "hIST")))); }) == 0) {
912 if (have_hIST) {
913 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple hIST not allowed\n");
914 return CL_EPARSE;
915 } else if (!have_PLTE) {
916 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: hIST must follow PLTE\n");
917 return CL_EPARSE;
918 } else if (have_IDAT) {
919 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: hIST must precede IDAT\n");
920 return CL_EPARSE;
921 } else if (sz != nplte * 2) {
922 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid number of hIST entries (%g)\n", (double)sz / 2);
923 return CL_EPARSE;
924 }
925 have_hIST = 1;
926 last_is_IDAT = last_is_JDAT = 0;
927
928 /*------*
929 | iCCP |
930 *------*/
931 } else if (strcmp(chunkid, "iCCP")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("iCCP") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("iCCP"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("iCCP") + 1) - (size_t)(const void
*)("iCCP") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "iCCP") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("iCCP") && ((size_t
)(const void *)(("iCCP") + 1) - (size_t)(const void *)("iCCP"
) == 1) ? __builtin_strcmp (chunkid, "iCCP") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("iCCP"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("iCCP") && ((size_t)(const void *)(("iCCP") + 1) - (
size_t)(const void *)("iCCP") == 1) && (__s2_len = __builtin_strlen
("iCCP"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "iCCP"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("iCCP"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("iCCP"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("iCCP"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("iCCP"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "iCCP")))); }) == 0) {
932 int name_len;
933
934 if (have_iCCP) {
935 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple iCCP not allowed\n");
936 return CL_EPARSE;
937 } else if (have_sRGB) {
938 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: iCCP not allowed with sRGB\n");
939 return CL_EPARSE;
940 } else if (have_PLTE) {
941 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: iCCP must precede PLTE\n");
942 return CL_EPARSE;
943 } else if (have_IDAT || have_JDAT) {
944 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: iCCP must precede IDAT\n");
945 return CL_EPARSE;
946 } else if (check_keyword(buffer, toread, &name_len)) {
947 return CL_EPARSE;
948 } else {
949 int remainder = toread - name_len - 3;
950 uch compr = buffer[name_len+1];
951
952 if (remainder < 0) {
953 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid iCCP length\n");
954 return CL_EPARSE;
955 } else if (buffer[name_len] != 0) {
956 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: missing NULL after iCCP profile name\n");
957 return CL_EPARSE;
958 } else if (compr > 0 && compr < 128) {
959 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid iCCP compression method (%d)\n", compr);
960 return CL_EPARSE;
961 } else if (compr >= 128) {
962 return CL_EPARSE;
963 }
964 }
965 have_iCCP = 1;
966 last_is_IDAT = last_is_JDAT = 0;
967
968 /*------*
969 | iTXt |
970 *------*/
971 } else if (strcmp(chunkid, "iTXt")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("iTXt") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("iTXt"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("iTXt") + 1) - (size_t)(const void
*)("iTXt") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "iTXt") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("iTXt") && ((size_t
)(const void *)(("iTXt") + 1) - (size_t)(const void *)("iTXt"
) == 1) ? __builtin_strcmp (chunkid, "iTXt") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("iTXt"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("iTXt") && ((size_t)(const void *)(("iTXt") + 1) - (
size_t)(const void *)("iTXt") == 1) && (__s2_len = __builtin_strlen
("iTXt"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "iTXt"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("iTXt"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("iTXt"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("iTXt"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("iTXt"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "iTXt")))); }) == 0) {
972 int keylen;
973
974 if (check_keyword(buffer, toread, &keylen))
975 return CL_EPARSE;
976 else {
977 int compressed = 0, compr = 0;
978
979 if(keylen + 1 >= BS32000)
980 return CL_EPARSE;
981 compressed = buffer[keylen+1];
982 if (compressed < 0 || compressed > 1) {
983 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid iTXt compression flag (%d)\n", compressed);
984 return CL_EPARSE;
985 } else if ((compr = (uch)buffer[keylen+2]) > 127) {
986 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: private (invalid?) iTXt compression method (%d)\n", compr);
987 return CL_EPARSE;
988 } else if (compr > 0) {
989 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid iTXt compression method (%d)\n", compr);
990 return CL_EPARSE;
991 }
992 }
993 last_is_IDAT = last_is_JDAT = 0;
994
995 /*------*
996 | oFFs |
997 *------*/
998 } else if (strcmp(chunkid, "oFFs")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("oFFs") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("oFFs"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("oFFs") + 1) - (size_t)(const void
*)("oFFs") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "oFFs") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("oFFs") && ((size_t
)(const void *)(("oFFs") + 1) - (size_t)(const void *)("oFFs"
) == 1) ? __builtin_strcmp (chunkid, "oFFs") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("oFFs"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("oFFs") && ((size_t)(const void *)(("oFFs") + 1) - (
size_t)(const void *)("oFFs") == 1) && (__s2_len = __builtin_strlen
("oFFs"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "oFFs"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("oFFs"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("oFFs"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("oFFs"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("oFFs"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "oFFs")))); }) == 0) {
999 if (have_oFFs) {
1000 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple oFFs not allowed\n");
1001 return CL_EPARSE;
1002 } else if (have_IDAT || have_JDAT) {
1003 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: oFFs must precede IDAT\n");
1004 return CL_EPARSE;
1005 } else if (sz != 9) {
1006 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid oFFs length\n");
1007 return CL_EPARSE;
1008 } else if (buffer[8] > 1) {
1009 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid oFFs unit specifier (%u)\n", buffer[8]);
1010 return CL_EPARSE;
1011 }
1012 have_oFFs = 1;
1013 last_is_IDAT = last_is_JDAT = 0;
1014
1015 /*------*
1016 | pCAL |
1017 *------*/
1018 } else if (strcmp(chunkid, "pCAL")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("pCAL") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("pCAL"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("pCAL") + 1) - (size_t)(const void
*)("pCAL") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "pCAL") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("pCAL") && ((size_t
)(const void *)(("pCAL") + 1) - (size_t)(const void *)("pCAL"
) == 1) ? __builtin_strcmp (chunkid, "pCAL") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("pCAL"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("pCAL") && ((size_t)(const void *)(("pCAL") + 1) - (
size_t)(const void *)("pCAL") == 1) && (__s2_len = __builtin_strlen
("pCAL"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "pCAL"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("pCAL"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("pCAL"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("pCAL"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("pCAL"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "pCAL")))); }) == 0) {
1019 if (have_pCAL) {
1020 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple pCAL not allowed\n");
1021 return CL_EPARSE;
1022 } else if (have_IDAT) {
1023 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: pCAL must precede IDAT\n");
1024 return CL_EPARSE;
1025 }
1026 have_pCAL = 1;
1027 last_is_IDAT = last_is_JDAT = 0;
1028
1029 /*------*
1030 | pHYs |
1031 *------*/
1032 } else if (strcmp(chunkid, "pHYs")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("pHYs") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("pHYs"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("pHYs") + 1) - (size_t)(const void
*)("pHYs") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "pHYs") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("pHYs") && ((size_t
)(const void *)(("pHYs") + 1) - (size_t)(const void *)("pHYs"
) == 1) ? __builtin_strcmp (chunkid, "pHYs") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("pHYs"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("pHYs") && ((size_t)(const void *)(("pHYs") + 1) - (
size_t)(const void *)("pHYs") == 1) && (__s2_len = __builtin_strlen
("pHYs"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "pHYs"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("pHYs"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("pHYs"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("pHYs"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("pHYs"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "pHYs")))); }) == 0) {
1033 if (have_pHYs) {
1034 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple pHYs not allowed\n");
1035 return CL_EPARSE;
1036 } else if (have_IDAT || have_JDAT) {
1037 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: pHYS must precede DAT\n");
1038 return CL_EPARSE;
1039 } else if (sz != 9) {
1040 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid pHYS length\n");
1041 return CL_EPARSE;
1042 } else if (buffer[8] > 1) {
1043 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid pHYs unit specifier (%u)\n", buffer[8]);
1044 return CL_EPARSE;
1045 }
1046 have_pHYs = 1;
1047 last_is_IDAT = last_is_JDAT = 0;
1048
1049 /*------*
1050 | sBIT |
1051 *------*/
1052 } else if (strcmp(chunkid, "sBIT")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("sBIT") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("sBIT"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("sBIT") + 1) - (size_t)(const void
*)("sBIT") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "sBIT") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("sBIT") && ((size_t
)(const void *)(("sBIT") + 1) - (size_t)(const void *)("sBIT"
) == 1) ? __builtin_strcmp (chunkid, "sBIT") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("sBIT"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("sBIT") && ((size_t)(const void *)(("sBIT") + 1) - (
size_t)(const void *)("sBIT") == 1) && (__s2_len = __builtin_strlen
("sBIT"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "sBIT"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("sBIT"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sBIT"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sBIT"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("sBIT"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "sBIT")))); }) == 0) {
1053 int maxbits = (ityp == 3)? 8 : sampledepth;
1054
1055 if (have_sBIT) {
1056 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple sBIT not allowed\n");
1057 return CL_EPARSE;
1058 } else if (have_PLTE) {
1059 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sBIT must precede PLTE\n");
1060 return CL_EPARSE;
1061 } else if (have_IDAT) {
1062 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sBIT must precede IDAT\n");
1063 return CL_EPARSE;
1064 }
1065 switch (ityp) {
1066 case 0:
1067 if (sz != 1) {
1068 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sBIT length\n");
1069 return CL_EPARSE;
1070 } else if (buffer[0] == 0 || buffer[0] > maxbits) {
1071 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sBIT grey bits invalid for sample image\n");
1072 return CL_EPARSE;
1073 }
1074 break;
1075 case 2:
1076 case 3:
1077 if (sz != 3) {
1078 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sBIT length\n");
1079 return CL_EPARSE;
1080 } else if (buffer[0] == 0 || buffer[0] > maxbits) {
1081 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sBIT red bits invalid for sample image\n");
1082 return CL_EPARSE;
1083 } else if (buffer[1] == 0 || buffer[1] > maxbits) {
1084 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sBIT green bits invalid for sample image\n");
1085 return CL_EPARSE;
1086 } else if (buffer[2] == 0 || buffer[2] > maxbits) {
1087 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sBIT blue bits invalid for sample image\n");
1088 return CL_EPARSE;
1089 }
1090 break;
1091 case 4:
1092 if (sz != 2) {
1093 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid length\n");
1094 return CL_EPARSE;
1095 } else if (buffer[0] == 0 || buffer[0] > maxbits) {
1096 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: grey bits invalid for sample image\n");
1097 return CL_EPARSE;
1098 } else if (buffer[1] == 0 || buffer[1] > maxbits) {
1099 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: alpha bits invalid for sample image\n");
1100 return CL_EPARSE;
1101 }
1102 break;
1103 case 6:
1104 if (sz != 4) {
1105 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sBIT length\n");
1106 return CL_EPARSE;
1107 } else if (buffer[0] == 0 || buffer[0] > maxbits) {
1108 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: red bits invalid for sample image\n");
1109 return CL_EPARSE;
1110 } else if (buffer[1] == 0 || buffer[1] > maxbits) {
1111 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: green bits invalid for sample image\n");
1112 return CL_EPARSE;
1113 } else if (buffer[2] == 0 || buffer[2] > maxbits) {
1114 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: blue bits invalid for sample image\n");
1115 return CL_EPARSE;
1116 } else if (buffer[3] == 0 || buffer[3] > maxbits) {
1117 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: alpha bits invalid for sample image\n");
1118 return CL_EPARSE;
1119 }
1120 break;
1121 }
1122 have_sBIT = 1;
1123 last_is_IDAT = last_is_JDAT = 0;
1124
1125 /*------*
1126 | sCAL |
1127 *------*/
1128 } else if (strcmp(chunkid, "sCAL")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("sCAL") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("sCAL"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("sCAL") + 1) - (size_t)(const void
*)("sCAL") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "sCAL") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("sCAL") && ((size_t
)(const void *)(("sCAL") + 1) - (size_t)(const void *)("sCAL"
) == 1) ? __builtin_strcmp (chunkid, "sCAL") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("sCAL"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("sCAL") && ((size_t)(const void *)(("sCAL") + 1) - (
size_t)(const void *)("sCAL") == 1) && (__s2_len = __builtin_strlen
("sCAL"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "sCAL"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("sCAL"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sCAL"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sCAL"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("sCAL"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "sCAL")))); }) == 0) {
1129 int unittype = buffer[0];
1130 uch *pPixwidth = buffer+1, *pPixheight=NULL((void*)0);
1131
1132 if (have_sCAL) {
1133 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple sCAL not allowed\n");
1134 return CL_EPARSE;
1135 } else if (have_IDAT || have_JDAT) {
1136 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sCAL must precede IDAT\n");
1137 return CL_EPARSE;
1138 } else if (sz < 4) {
1139 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sCAL length\n");
1140 return CL_EPARSE;
1141 } else if (unittype < 1 || unittype > 2) {
1142 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sCAL unit specifier (%d)\n", unittype);
1143 return CL_EPARSE;
1144 } else {
1145 uch *qq;
1146 for (qq = pPixwidth; qq < buffer+sz; ++qq) {
1147 if (*qq == 0)
1148 break;
1149 }
1150 if (qq == buffer+sz) {
1151 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: missing sCAL null separator\n");
1152 return CL_EPARSE;
1153 } else {
1154 pPixheight = qq + 1;
1155 if (pPixheight == buffer+sz || *pPixheight == 0) {
1156 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: missing sCAL pixel height\n");
1157 return CL_EPARSE;
1158 }
1159 }
1160 for (qq = pPixheight; qq < buffer+sz; ++qq) {
1161 if (*qq == 0)
1162 break;
1163 }
1164 if (qq != buffer+sz) {
1165 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: extra sCAL null separator\n");
1166 return CL_EPARSE;
1167 }
1168 if (*pPixwidth == '-' || *pPixheight == '-') {
1169 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid negative sCAL value(s)\n");
1170 return CL_EPARSE;
1171 } else if (check_ascii_float(pPixwidth, pPixheight-pPixwidth-1) ||
1172 check_ascii_float(pPixheight, buffer+sz-pPixheight))
1173 {
1174 return CL_EPARSE;
1175 }
1176 }
1177 have_sCAL = 1;
1178 last_is_IDAT = last_is_JDAT = 0;
1179
1180 /*------*
1181 | sPLT |
1182 *------*/
1183 } else if (strcmp(chunkid, "sPLT")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("sPLT") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("sPLT"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("sPLT") + 1) - (size_t)(const void
*)("sPLT") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "sPLT") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("sPLT") && ((size_t
)(const void *)(("sPLT") + 1) - (size_t)(const void *)("sPLT"
) == 1) ? __builtin_strcmp (chunkid, "sPLT") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("sPLT"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("sPLT") && ((size_t)(const void *)(("sPLT") + 1) - (
size_t)(const void *)("sPLT") == 1) && (__s2_len = __builtin_strlen
("sPLT"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "sPLT"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("sPLT"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sPLT"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sPLT"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("sPLT"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "sPLT")))); }) == 0) {
1184 int name_len;
1185
1186 if (have_IDAT) {
1187 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sPLT must precede IDAT\n");
1188 return CL_EPARSE;
1189 } else if (check_keyword(buffer, toread, &name_len)) {
1190 return CL_EPARSE;
1191 } else {
1192 uch bps = buffer[name_len+1];
1193 int remainder = toread - name_len - 2;
1194 int bytes = (bps >> 3);
1195 int entry_sz = 4*bytes + 2;
1196
1197 if (remainder < 0) {
1198 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sPLT length\n");
1199 return CL_EPARSE;
1200 } else if (buffer[name_len] != 0) {
1201 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: missing NULL after sPLT palette name\n");
1202 return CL_EPARSE;
1203 } else if (bps != 8 && bps != 16) {
1204 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sPLT sample depth\n");
1205 return CL_EPARSE;
1206 } else if (remainder % entry_sz != 0) {
1207 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid number of sPLT entries\n");
1208 return CL_EPARSE;
1209 }
1210 }
1211 last_is_IDAT = last_is_JDAT = 0;
1212
1213 /*------*
1214 | sRGB |
1215 *------*/
1216 } else if (strcmp(chunkid, "sRGB")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("sRGB") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("sRGB"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("sRGB") + 1) - (size_t)(const void
*)("sRGB") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "sRGB") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("sRGB") && ((size_t
)(const void *)(("sRGB") + 1) - (size_t)(const void *)("sRGB"
) == 1) ? __builtin_strcmp (chunkid, "sRGB") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("sRGB"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("sRGB") && ((size_t)(const void *)(("sRGB") + 1) - (
size_t)(const void *)("sRGB") == 1) && (__s2_len = __builtin_strlen
("sRGB"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "sRGB"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("sRGB"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sRGB"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sRGB"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("sRGB"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "sRGB")))); }) == 0) {
1217 if (have_sRGB) {
1218 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple sRGB not allowed\n");
1219 return CL_EPARSE;
1220 } else if (have_iCCP) {
1221 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sRGB not allowed with iCCP\n");
1222 return CL_EPARSE;
1223 } else if (have_PLTE) {
1224 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sRGB must precede PLTE\n");
1225 return CL_EPARSE;
1226 } else if (have_IDAT || have_JDAT) {
1227 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sRGB must precede IDAT\n");
1228 return CL_EPARSE;
1229 } else if (sz != 1) {
1230 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sRGB length\n");
1231 return CL_EPARSE;
1232 } else if (buffer[0] > 3) {
1233 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sRGB invalid rendering intent\n");
1234 return CL_EPARSE;
1235 }
1236 have_sRGB = 1;
1237 last_is_IDAT = last_is_JDAT = 0;
1238
1239 /*------*
1240 | sTER |
1241 *------*/
1242 } else if (strcmp(chunkid, "sTER")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("sTER") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("sTER"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("sTER") + 1) - (size_t)(const void
*)("sTER") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "sTER") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("sTER") && ((size_t
)(const void *)(("sTER") + 1) - (size_t)(const void *)("sTER"
) == 1) ? __builtin_strcmp (chunkid, "sTER") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("sTER"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("sTER") && ((size_t)(const void *)(("sTER") + 1) - (
size_t)(const void *)("sTER") == 1) && (__s2_len = __builtin_strlen
("sTER"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "sTER"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("sTER"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sTER"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("sTER"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("sTER"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "sTER")))); }) == 0) {
1243 if (have_sTER) {
1244 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple sTER not allowed\n");
1245 return CL_EPARSE;
1246 } else if (have_IDAT || have_JDAT) {
1247 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: sTER must precede IDAT\n");
1248 return CL_EPARSE;
1249 } else if (sz != 1) {
1250 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sTER length\n");
1251 return CL_EPARSE;
1252 } else if (buffer[0] > 1) {
1253 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid sTER layout mode\n");
1254 return CL_EPARSE;
1255 }
1256 have_sTER = 1;
1257 last_is_IDAT = last_is_JDAT = 0;
1258
1259 /*------* *------*
1260 | tEXt | | zTXt |
1261 *------* *------*/
1262 } else if (strcmp(chunkid, "tEXt")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("tEXt") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("tEXt"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("tEXt") + 1) - (size_t)(const void
*)("tEXt") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "tEXt") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("tEXt") && ((size_t
)(const void *)(("tEXt") + 1) - (size_t)(const void *)("tEXt"
) == 1) ? __builtin_strcmp (chunkid, "tEXt") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("tEXt"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("tEXt") && ((size_t)(const void *)(("tEXt") + 1) - (
size_t)(const void *)("tEXt") == 1) && (__s2_len = __builtin_strlen
("tEXt"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "tEXt"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("tEXt"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("tEXt"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("tEXt"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("tEXt"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "tEXt")))); }) == 0 || strcmp(chunkid, "zTXt")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("zTXt") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("zTXt"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("zTXt") + 1) - (size_t)(const void
*)("zTXt") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "zTXt") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("zTXt") && ((size_t
)(const void *)(("zTXt") + 1) - (size_t)(const void *)("zTXt"
) == 1) ? __builtin_strcmp (chunkid, "zTXt") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("zTXt"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("zTXt") && ((size_t)(const void *)(("zTXt") + 1) - (
size_t)(const void *)("zTXt") == 1) && (__s2_len = __builtin_strlen
("zTXt"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "zTXt"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("zTXt"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("zTXt"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("zTXt"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("zTXt"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "zTXt")))); }) == 0) {
1263 int ztxt = (chunkid[0] == 'z');
1264 int keylen;
1265
1266 if (check_keyword(buffer, toread, &keylen))
1267 return CL_EPARSE;
1268 else if (ztxt) {
1269 int compr = (uch)buffer[keylen+1];
1270 if (compr > 127) {
1271 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: private (possibly invalid) compression method\n");
1272 return CL_EPARSE;
1273 } else if (compr > 0) {
1274 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid compression method\n");
1275 return CL_EPARSE;
1276 }
1277 }
1278 else if (check_text(buffer + keylen + 1, toread - keylen - 1)) {
1279 return CL_EPARSE;
1280 }
1281 last_is_IDAT = last_is_JDAT = 0;
1282
1283 /*------*
1284 | tIME |
1285 *------*/
1286 } else if (strcmp(chunkid, "tIME")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("tIME") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("tIME"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("tIME") + 1) - (size_t)(const void
*)("tIME") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "tIME") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("tIME") && ((size_t
)(const void *)(("tIME") + 1) - (size_t)(const void *)("tIME"
) == 1) ? __builtin_strcmp (chunkid, "tIME") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("tIME"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("tIME") && ((size_t)(const void *)(("tIME") + 1) - (
size_t)(const void *)("tIME") == 1) && (__s2_len = __builtin_strlen
("tIME"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "tIME"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("tIME"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("tIME"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("tIME"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("tIME"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "tIME")))); }) == 0) {
1287 if (have_tIME) {
1288 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple tIME not allowed\n");
1289 return CL_EPARSE;
1290 } else if (sz != 7) {
1291 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid tIME length\n");
1292 return CL_EPARSE;
1293 } else {
1294 int yr = SH(buffer)((ush)(uch)((buffer)[1]) | ((ush)(uch)((buffer)[0]) << 8
));
1295 int mo = buffer[2];
1296 int dy = buffer[3];
1297 int hh = buffer[4];
1298 int mm = buffer[5];
1299 int ss = buffer[6];
1300
1301 if (yr < 1995) {
1302 /* conversion to PNG format counts as modification... */
1303 /* FIXME: also test for future dates? (may allow current year + 1) */
1304 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid year\n");
1305 return CL_EPARSE;
1306 } else if (mo < 1 || mo > 12) {
1307 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid month\n");
1308 return CL_EPARSE;
1309 } else if (dy < 1 || dy > 31) {
1310 /* FIXME: also validate day given specified month? */
1311 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid day\n");
1312 return CL_EPARSE;
1313 } else if (hh < 0 || hh > 23) {
1314 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid hour\n");
1315 return CL_EPARSE;
1316 } else if (mm < 0 || mm > 59) {
1317 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid minute\n");
1318 return CL_EPARSE;
1319 } else if (ss < 0 || ss > 60) {
1320 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid second\n");
1321 return CL_EPARSE;
1322 }
1323 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: Time: %2d %s %4d %02d:%02d:%02d UTC\n", dy, getmonth(mo), yr, hh, mm, ss);
1324 }
1325 have_tIME = 1;
1326 last_is_IDAT = last_is_JDAT = 0;
1327
1328 /*------*
1329 | tRNS |
1330 *------*/
1331 } else if (strcmp(chunkid, "tRNS")__extension__ ({ size_t __s1_len, __s2_len; (__builtin_constant_p
(chunkid) && __builtin_constant_p ("tRNS") &&
(__s1_len = __builtin_strlen (chunkid), __s2_len = __builtin_strlen
("tRNS"), (!((size_t)(const void *)((chunkid) + 1) - (size_t
)(const void *)(chunkid) == 1) || __s1_len >= 4) &&
(!((size_t)(const void *)(("tRNS") + 1) - (size_t)(const void
*)("tRNS") == 1) || __s2_len >= 4)) ? __builtin_strcmp (chunkid
, "tRNS") : (__builtin_constant_p (chunkid) && ((size_t
)(const void *)((chunkid) + 1) - (size_t)(const void *)(chunkid
) == 1) && (__s1_len = __builtin_strlen (chunkid), __s1_len
< 4) ? (__builtin_constant_p ("tRNS") && ((size_t
)(const void *)(("tRNS") + 1) - (size_t)(const void *)("tRNS"
) == 1) ? __builtin_strcmp (chunkid, "tRNS") : (__extension__
({ const unsigned char *__s2 = (const unsigned char *) (const
char *) ("tRNS"); int __result = (((const unsigned char *) (
const char *) (chunkid))[0] - __s2[0]); if (__s1_len > 0 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[1] - __s2[1]); if (__s1_len > 1 &&
__result == 0) { __result = (((const unsigned char *) (const
char *) (chunkid))[2] - __s2[2]); if (__s1_len > 2 &&
__result == 0) __result = (((const unsigned char *) (const char
*) (chunkid))[3] - __s2[3]); } } __result; }))) : (__builtin_constant_p
("tRNS") && ((size_t)(const void *)(("tRNS") + 1) - (
size_t)(const void *)("tRNS") == 1) && (__s2_len = __builtin_strlen
("tRNS"), __s2_len < 4) ? (__builtin_constant_p (chunkid)
&& ((size_t)(const void *)((chunkid) + 1) - (size_t)
(const void *)(chunkid) == 1) ? __builtin_strcmp (chunkid, "tRNS"
) : (- (__extension__ ({ const unsigned char *__s2 = (const unsigned
char *) (const char *) (chunkid); int __result = (((const unsigned
char *) (const char *) ("tRNS"))[0] - __s2[0]); if (__s2_len
> 0 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("tRNS"))[1] - __s2[1]); if (__s2_len
> 1 && __result == 0) { __result = (((const unsigned
char *) (const char *) ("tRNS"))[2] - __s2[2]); if (__s2_len
> 2 && __result == 0) __result = (((const unsigned
char *) (const char *) ("tRNS"))[3] - __s2[3]); } } __result
; })))) : __builtin_strcmp (chunkid, "tRNS")))); }) == 0) {
1332 if (have_tRNS) {
1333 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: multiple tRNS not allowed\n");
1334 return CL_EPARSE;
1335 } else if (ityp == 3 && !have_PLTE) {
1336 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: tRNS must follow PLTE\n");
1337 return CL_EPARSE;
1338 } else if (have_IDAT) {
1339 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: tRNS must precede IDAT\n");
1340 return CL_EPARSE;
1341 } else {
1342 switch (ityp) {
1343 case 0:
1344 if (sz != 2) {
1345 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid tRNS length for %s image\n", png_type[ityp]);
1346 return CL_EPARSE;
1347 }
1348 break;
1349 case 2:
1350 if (sz != 6) {
1351 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid tRNS length for %s image\n", png_type[ityp]);
1352 return CL_EPARSE;
1353 }
1354 break;
1355 case 3:
1356 if (sz > nplte) {
1357 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: invalid tRNS length for %s image\n", png_type[ityp]);
1358 return CL_EPARSE;
1359 }
1360 break;
1361 default:
1362 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: tRNS not allowed in %s image\n", png_type[ityp]);
1363 return CL_EPARSE;
1364 break;
1365 }
1366 }
1367 have_tRNS = 1;
1368 last_is_IDAT = last_is_JDAT = 0;
1369
1370 /*===============*
1371 * unknown chunk *
1372 *===============*/
1373
1374 } else {
1375 if (CRITICAL(chunkid)(!((chunkid)[0] & 0x20)) && SAFECOPY(chunkid)((chunkid)[3] & 0x20)) {
1376 /* a critical, safe-to-copy chunk is an error */
1377 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: illegal critical, safe-to-copy chunk\n");
1378 return CL_EPARSE;
1379 } else if (RESERVED(chunkid)((chunkid)[2] & 0x20)) {
1380 /* a chunk with the reserved bit set is an error (or spec updated) */
1381 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: illegal reserved-bit-set chunk\n");
1382 return CL_EPARSE;
1383 } else if (PUBLIC(chunkid)(!((chunkid)[1] & 0x20))) {
1384 /* GRR 20050725: all registered (public) PNG/MNG/JNG chunks are now
1385 * known to pngcheck, so any unknown public ones are invalid (or have
1386 * been proposed and approved since the last release of pngcheck) */
1387 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: illegal (unless recently approved) unknown, public\n");
1388 return CL_EPARSE;
1389 } else if (/* !PUBLIC(chunkid) && */ CRITICAL(chunkid)(!((chunkid)[0] & 0x20))) {
1390 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: private, critical chunk (warning)\n");
1391 return CL_EPARSE; /* not an error if used only internally */
1392 }
1393 last_is_IDAT = last_is_JDAT = 0;
1394 }
1395
1396 while (sz > toread) {
1397 int data_read;
1398 sz -= toread;
1399 toread = (sz > BS32000)? BS32000:sz;
1400
1401 data_read = fmap_readn(map, buffer, offset, toread);
1402 if (data_read != toread) {
1403 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: EOF while reading final data\n");
1404 return CL_EPARSE;
1405 }
1406 offset += toread;
1407 crc = update_crccrc32(crc, (uch *)buffer, toread);
1408 }
1409
1410 filecrc = getlong(map, &offset, "CRC value");
1411
1412 if (filecrc != CRCCOMPL(crc)crc) {
1413 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: CRC error in chunk %s (computed %08lx, expected %08lx)\n",
1414 chunkid, CRCCOMPL(crc)crc, filecrc);
1415 return CL_EPARSE;
1416 }
1417 }
1418
1419 /*----------------------- END OF IMMENSE WHILE-LOOP -----------------------*/
1420
1421 if (!have_IEND) {
1422 cli_dbgmsg(!__builtin_expect(!!(cli_debug_flag), 0)) ? (void)0 : cli_dbgmsg_internal("PNG: file doesn't end with a IEND chunk\n");
1423 return CL_EPARSE;
1424 }
1425
1426 return CL_SUCCESS;
1427}