yaroslav <yari...@gmail.com> wrote:
>There's a bug in topng(1) which under certain circumstances may result in >broken output image. When such an image then is fed to png(1) >diagnostics like the following are produced: > > term% png /tmp/1.png > png: unknown filtering scheme 49 > >(The filtering scheme number may differ.) > >This happens when at the beginning of an input line (z->x == 0) there >are only room for exactly one pixel in output buffer (b+pixwids == e), >at /sys/src/cmd/jpg/writepng.c:/^zread/+/while/. > >Since every scan line should start with a filter algorithm ID it >consumes a byte in the buffer, leaving no room for the pixel. The >"pixels" variable turns zero, no pixels are emitted, yet the alg byte >slips out. During next run of zread() with empty buffer, the alg byte >is emitted again, causing permanent skew of output bytes. > >The proposed fix is to modify the loop condition so the loop won't >proceed if there are not enough room for at least one pixel plus a >byte for the filter alg ID. > >Submitted /n/sources/patch/topng-extrabyte/. > >- yk > > >
