From f96acf5a1329b8237be2ce87d9824412bde98622 Mon Sep 17 00:00:00 2001 From: "reed@reedloden.com" Date: Tue, 8 Apr 2008 11:38:22 -0700 Subject: [PATCH] Bug 420416 - "Artifacts in some APNG frames" [p=glennrp@gmail.com (Glenn Randers-Pehrson) r+sr=stuart a=blocking1.9+] --- modules/libimg/png/MOZCHANGES | 3 +++ modules/libimg/png/png.h | 3 +++ modules/libimg/png/pngrutil.c | 28 +++++++++++++++++++++------- 3 files changed, 27 insertions(+), 7 deletions(-) diff --git a/modules/libimg/png/MOZCHANGES b/modules/libimg/png/MOZCHANGES index 88f7ed906b77..49761528c8b1 100644 --- a/modules/libimg/png/MOZCHANGES +++ b/modules/libimg/png/MOZCHANGES @@ -1,6 +1,9 @@ Changes made to pristine png source by mozilla.org developers. +2008/03/29 -- Initialize prev_row for each APNG frame, only when + the frame size increases (bug #420416) + 2008/01/18 -- Synced with libpng-1.2.24 (bug #408429). 2007/11/13 -- Synced with libpng-1.2.23; Removed pnggccrd.c and pngvcrd.c; diff --git a/modules/libimg/png/png.h b/modules/libimg/png/png.h index 53904fa48e8b..6680791e72d8 100644 --- a/modules/libimg/png/png.h +++ b/modules/libimg/png/png.h @@ -1476,6 +1476,9 @@ struct png_struct_def /* storage for unknown chunk that the library doesn't recognize. */ png_unknown_chunk unknown_chunk; #endif + +/* New members added in libpng-1.2.26 */ + png_uint_32 old_big_row_buf_size, old_prev_row_size; }; diff --git a/modules/libimg/png/pngrutil.c b/modules/libimg/png/pngrutil.c index 25aa9e975072..3cdff63c266d 100644 --- a/modules/libimg/png/pngrutil.c +++ b/modules/libimg/png/pngrutil.c @@ -3305,10 +3305,15 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED) if (row_bytes > (png_uint_32)65536L) png_error(png_ptr, "This image requires a row greater than 64KB"); #endif - if (png_ptr->big_row_buf == NULL) - png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes+64); - if (png_ptr->row_buf == NULL) - png_ptr->row_buf = png_ptr->big_row_buf+32; + + if(row_bytes + 64 > png_ptr->old_big_row_buf_size) + { + if (png_ptr->big_row_buf) + png_free(png_ptr,png_ptr->big_row_buf); + png_ptr->big_row_buf = (png_bytep)png_malloc(png_ptr, row_bytes+64); + png_ptr->row_buf = png_ptr->big_row_buf+32; + png_ptr->old_big_row_buf_size = row_bytes+64; + } #ifdef PNG_MAX_MALLOC_64K if ((png_uint_32)png_ptr->rowbytes + 1 > (png_uint_32)65536L) @@ -3316,8 +3321,15 @@ defined(PNG_USER_TRANSFORM_PTR_SUPPORTED) #endif if ((png_uint_32)png_ptr->rowbytes > (png_uint_32)(PNG_SIZE_MAX - 1)) png_error(png_ptr, "Row has too many bytes to allocate in memory."); - png_ptr->prev_row = (png_bytep)png_malloc(png_ptr, (png_uint_32)( - png_ptr->rowbytes + 1)); + + if(png_ptr->rowbytes+1 > png_ptr->old_prev_row_size) + { + if (png_ptr->prev_row) + png_free(png_ptr,png_ptr->prev_row); + png_ptr->prev_row = (png_bytep)png_malloc(png_ptr, (png_uint_32)( + png_ptr->rowbytes + 1)); + png_ptr->old_prev_row_size = png_ptr->rowbytes+1; + } png_memset_check(png_ptr, png_ptr->prev_row, 0, png_ptr->rowbytes + 1); @@ -3342,7 +3354,10 @@ png_read_reset(png_structp png_ptr) png_ptr->mode &= ~PNG_AFTER_IDAT; png_ptr->row_number = 0; png_ptr->pass = 0; +#if 0 /* this isn't needed now but might be if png_read_start_row() uses it */ png_ptr->flags &= ~PNG_FLAG_ROW_INIT; +#endif + png_read_start_row(png_ptr); } void /* PRIVATE */ @@ -3398,7 +3413,6 @@ png_progressive_read_reset(png_structp png_ptr) png_ptr->iwidth = png_ptr->width; png_ptr->irowbytes = png_ptr->rowbytes + 1; } - png_ptr->flags &= ~PNG_FLAG_ZLIB_FINISHED; if (inflateReset(&(png_ptr->zstream)) != Z_OK) png_error(png_ptr, "inflateReset failed");