1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
--- webkit-1.4.0.orig/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.cpp
+++ webkit-1.4.0/Source/WebCore/platform/image-decoders/png/PNGImageDecoder.cpp
@@ -226,7 +226,7 @@
#ifdef PNG_iCCP_SUPPORTED
char* profileName;
int compressionType;
- char* profile;
+ png_byte* profile;
png_uint_32 profileLength;
if (png_get_iCCP(png, info, &profileName, &compressionType, &profile, &profileLength)) {
ColorProfile colorProfile;
@@ -241,11 +241,11 @@
{
png_structp png = m_reader->pngPtr();
png_infop info = m_reader->infoPtr();
- png_uint_32 width = png->width;
- png_uint_32 height = png->height;
+ png_uint_32 width = png_get_image_width(png, info);
+ png_uint_32 height = png_get_image_height(png, info);
// Protect against large images.
- if (png->width > cMaxPNGSize || png->height > cMaxPNGSize) {
+ if (width > cMaxPNGSize || height > cMaxPNGSize) {
longjmp(JMPBUF(png), 1);
return;
}
@@ -318,9 +318,9 @@
m_reader->setHasAlpha(channels == 4);
if (m_reader->decodingSizeOnly()) {
- // If we only needed the size, halt the reader.
- m_reader->setReadOffset(m_reader->currentBufferSize() - png->buffer_size);
- png->buffer_size = 0;
+ // If we only needed the size, halt the reader.
+ // '0' argument to png_process_data_pause means: Do not cache unprocessed data.
+ m_reader->setReadOffset(m_reader->currentBufferSize() - png_process_data_pause(png, 0));
}
}
@@ -343,7 +343,7 @@
// For PNGs, the frame always fills the entire image.
buffer.setOriginalFrameRect(IntRect(IntPoint(), size()));
- if (m_reader->pngPtr()->interlaced)
+ if (png_get_interlace_type(m_reader->pngPtr(), m_reader->infoPtr()) != PNG_INTERLACE_NONE)
m_reader->createInterlaceBuffer((m_reader->hasAlpha() ? 4 : 3) * size().width() * size().height());
}
|
