From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <3c86a4fb63baedd9ccb7697326b7f3d7@isd.dp.ua> To: 9fans@9fans.net From: yaroslav Date: Mon, 24 Dec 2012 14:27:46 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: [9fans] bug in topng(1) Topicbox-Message-UUID: f95d17ca-ead7-11e9-9d60-3106f5b1d025 There's a bug in topng(1) which under certain circumstances may result in broken output image. When such an image then is fed to png(1) diagnostics like the following are produced: term% png /tmp/1.png png: unknown filtering scheme 49 (The filtering scheme number may differ.) This happens when at the beginning of an input line (z->x == 0) there are only room for exactly one pixel in output buffer (b+pixwids == e), at /sys/src/cmd/jpg/writepng.c:/^zread/+/while/. Since every scan line should start with a filter algorithm ID it consumes a byte in the buffer, leaving no room for the pixel. The "pixels" variable turns zero, no pixels are emitted, yet the alg byte slips out. During next run of zread() with empty buffer, the alg byte is emitted again, causing permanent skew of output bytes. The proposed fix is to modify the loop condition so the loop won't proceed if there are not enough room for at least one pixel plus a byte for the filter alg ID. Submitted /n/sources/patch/topng-extrabyte/. - yk