/src/gdal/frmts/gtiff/libtiff/tif_dirread.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (c) 1988-1997 Sam Leffler |
3 | | * Copyright (c) 1991-1997 Silicon Graphics, Inc. |
4 | | * |
5 | | * Permission to use, copy, modify, distribute, and sell this software and |
6 | | * its documentation for any purpose is hereby granted without fee, provided |
7 | | * that (i) the above copyright notices and this permission notice appear in |
8 | | * all copies of the software and related documentation, and (ii) the names of |
9 | | * Sam Leffler and Silicon Graphics may not be used in any advertising or |
10 | | * publicity relating to the software without the specific, prior written |
11 | | * permission of Sam Leffler and Silicon Graphics. |
12 | | * |
13 | | * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, |
14 | | * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY |
15 | | * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. |
16 | | * |
17 | | * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR |
18 | | * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, |
19 | | * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, |
20 | | * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF |
21 | | * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE |
22 | | * OF THIS SOFTWARE. |
23 | | */ |
24 | | |
25 | | /* |
26 | | * TIFF Library. |
27 | | * |
28 | | * Directory Read Support Routines. |
29 | | */ |
30 | | |
31 | | /* Suggested pending improvements: |
32 | | * - add a field 'field_info' to the TIFFDirEntry structure, and set that with |
33 | | * the pointer to the appropriate TIFFField structure early on in |
34 | | * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup. |
35 | | */ |
36 | | |
37 | | #include "tiffconf.h" |
38 | | #include "tiffiop.h" |
39 | | #include <float.h> |
40 | | #include <limits.h> |
41 | | #include <stdlib.h> |
42 | | #include <string.h> |
43 | | |
44 | 106M | #define FAILED_FII ((uint32_t)-1) |
45 | | |
46 | | #ifdef HAVE_IEEEFP |
47 | | #define TIFFCvtIEEEFloatToNative(tif, n, fp) |
48 | | #define TIFFCvtIEEEDoubleToNative(tif, n, dp) |
49 | | #else |
50 | | /* If your machine does not support IEEE floating point then you will need to |
51 | | * add support to tif_machdep.c to convert between the native format and |
52 | | * IEEE format. */ |
53 | | extern void TIFFCvtIEEEFloatToNative(TIFF *, uint32_t, float *); |
54 | | extern void TIFFCvtIEEEDoubleToNative(TIFF *, uint32_t, double *); |
55 | | #endif |
56 | | |
57 | | enum TIFFReadDirEntryErr |
58 | | { |
59 | | TIFFReadDirEntryErrOk = 0, |
60 | | TIFFReadDirEntryErrCount = 1, |
61 | | TIFFReadDirEntryErrType = 2, |
62 | | TIFFReadDirEntryErrIo = 3, |
63 | | TIFFReadDirEntryErrRange = 4, |
64 | | TIFFReadDirEntryErrPsdif = 5, |
65 | | TIFFReadDirEntryErrSizesan = 6, |
66 | | TIFFReadDirEntryErrAlloc = 7, |
67 | | }; |
68 | | |
69 | | static enum TIFFReadDirEntryErr |
70 | | TIFFReadDirEntryByte(TIFF *tif, TIFFDirEntry *direntry, uint8_t *value); |
71 | | static enum TIFFReadDirEntryErr |
72 | | TIFFReadDirEntrySbyte(TIFF *tif, TIFFDirEntry *direntry, int8_t *value); |
73 | | static enum TIFFReadDirEntryErr |
74 | | TIFFReadDirEntryShort(TIFF *tif, TIFFDirEntry *direntry, uint16_t *value); |
75 | | static enum TIFFReadDirEntryErr |
76 | | TIFFReadDirEntrySshort(TIFF *tif, TIFFDirEntry *direntry, int16_t *value); |
77 | | static enum TIFFReadDirEntryErr |
78 | | TIFFReadDirEntryLong(TIFF *tif, TIFFDirEntry *direntry, uint32_t *value); |
79 | | static enum TIFFReadDirEntryErr |
80 | | TIFFReadDirEntrySlong(TIFF *tif, TIFFDirEntry *direntry, int32_t *value); |
81 | | static enum TIFFReadDirEntryErr |
82 | | TIFFReadDirEntryLong8(TIFF *tif, TIFFDirEntry *direntry, uint64_t *value); |
83 | | static enum TIFFReadDirEntryErr |
84 | | TIFFReadDirEntrySlong8(TIFF *tif, TIFFDirEntry *direntry, int64_t *value); |
85 | | static enum TIFFReadDirEntryErr |
86 | | TIFFReadDirEntryFloat(TIFF *tif, TIFFDirEntry *direntry, float *value); |
87 | | static enum TIFFReadDirEntryErr |
88 | | TIFFReadDirEntryDouble(TIFF *tif, TIFFDirEntry *direntry, double *value); |
89 | | static enum TIFFReadDirEntryErr |
90 | | TIFFReadDirEntryIfd8(TIFF *tif, TIFFDirEntry *direntry, uint64_t *value); |
91 | | |
92 | | static enum TIFFReadDirEntryErr |
93 | | TIFFReadDirEntryArray(TIFF *tif, TIFFDirEntry *direntry, uint32_t *count, |
94 | | uint32_t desttypesize, void **value); |
95 | | static enum TIFFReadDirEntryErr |
96 | | TIFFReadDirEntryByteArray(TIFF *tif, TIFFDirEntry *direntry, uint8_t **value); |
97 | | static enum TIFFReadDirEntryErr |
98 | | TIFFReadDirEntrySbyteArray(TIFF *tif, TIFFDirEntry *direntry, int8_t **value); |
99 | | static enum TIFFReadDirEntryErr |
100 | | TIFFReadDirEntryShortArray(TIFF *tif, TIFFDirEntry *direntry, uint16_t **value); |
101 | | static enum TIFFReadDirEntryErr |
102 | | TIFFReadDirEntrySshortArray(TIFF *tif, TIFFDirEntry *direntry, int16_t **value); |
103 | | static enum TIFFReadDirEntryErr |
104 | | TIFFReadDirEntryLongArray(TIFF *tif, TIFFDirEntry *direntry, uint32_t **value); |
105 | | static enum TIFFReadDirEntryErr |
106 | | TIFFReadDirEntrySlongArray(TIFF *tif, TIFFDirEntry *direntry, int32_t **value); |
107 | | static enum TIFFReadDirEntryErr |
108 | | TIFFReadDirEntryLong8Array(TIFF *tif, TIFFDirEntry *direntry, uint64_t **value); |
109 | | static enum TIFFReadDirEntryErr |
110 | | TIFFReadDirEntrySlong8Array(TIFF *tif, TIFFDirEntry *direntry, int64_t **value); |
111 | | static enum TIFFReadDirEntryErr |
112 | | TIFFReadDirEntryFloatArray(TIFF *tif, TIFFDirEntry *direntry, float **value); |
113 | | static enum TIFFReadDirEntryErr |
114 | | TIFFReadDirEntryDoubleArray(TIFF *tif, TIFFDirEntry *direntry, double **value); |
115 | | static enum TIFFReadDirEntryErr |
116 | | TIFFReadDirEntryIfd8Array(TIFF *tif, TIFFDirEntry *direntry, uint64_t **value); |
117 | | |
118 | | static enum TIFFReadDirEntryErr |
119 | | TIFFReadDirEntryPersampleShort(TIFF *tif, TIFFDirEntry *direntry, |
120 | | uint16_t *value); |
121 | | |
122 | | static void TIFFReadDirEntryCheckedByte(TIFF *tif, TIFFDirEntry *direntry, |
123 | | uint8_t *value); |
124 | | static void TIFFReadDirEntryCheckedSbyte(TIFF *tif, TIFFDirEntry *direntry, |
125 | | int8_t *value); |
126 | | static void TIFFReadDirEntryCheckedShort(TIFF *tif, TIFFDirEntry *direntry, |
127 | | uint16_t *value); |
128 | | static void TIFFReadDirEntryCheckedSshort(TIFF *tif, TIFFDirEntry *direntry, |
129 | | int16_t *value); |
130 | | static void TIFFReadDirEntryCheckedLong(TIFF *tif, TIFFDirEntry *direntry, |
131 | | uint32_t *value); |
132 | | static void TIFFReadDirEntryCheckedSlong(TIFF *tif, TIFFDirEntry *direntry, |
133 | | int32_t *value); |
134 | | static enum TIFFReadDirEntryErr |
135 | | TIFFReadDirEntryCheckedLong8(TIFF *tif, TIFFDirEntry *direntry, |
136 | | uint64_t *value); |
137 | | static enum TIFFReadDirEntryErr |
138 | | TIFFReadDirEntryCheckedSlong8(TIFF *tif, TIFFDirEntry *direntry, |
139 | | int64_t *value); |
140 | | static enum TIFFReadDirEntryErr |
141 | | TIFFReadDirEntryCheckedRational(TIFF *tif, TIFFDirEntry *direntry, |
142 | | double *value); |
143 | | static enum TIFFReadDirEntryErr |
144 | | TIFFReadDirEntryCheckedSrational(TIFF *tif, TIFFDirEntry *direntry, |
145 | | double *value); |
146 | | static void TIFFReadDirEntryCheckedFloat(TIFF *tif, TIFFDirEntry *direntry, |
147 | | float *value); |
148 | | static enum TIFFReadDirEntryErr |
149 | | TIFFReadDirEntryCheckedDouble(TIFF *tif, TIFFDirEntry *direntry, double *value); |
150 | | #if 0 |
151 | | static enum TIFFReadDirEntryErr |
152 | | TIFFReadDirEntryCheckedRationalDirect(TIFF *tif, TIFFDirEntry *direntry, |
153 | | TIFFRational_t *value); |
154 | | #endif |
155 | | static enum TIFFReadDirEntryErr |
156 | | TIFFReadDirEntryCheckRangeByteSbyte(int8_t value); |
157 | | static enum TIFFReadDirEntryErr |
158 | | TIFFReadDirEntryCheckRangeByteShort(uint16_t value); |
159 | | static enum TIFFReadDirEntryErr |
160 | | TIFFReadDirEntryCheckRangeByteSshort(int16_t value); |
161 | | static enum TIFFReadDirEntryErr |
162 | | TIFFReadDirEntryCheckRangeByteLong(uint32_t value); |
163 | | static enum TIFFReadDirEntryErr |
164 | | TIFFReadDirEntryCheckRangeByteSlong(int32_t value); |
165 | | static enum TIFFReadDirEntryErr |
166 | | TIFFReadDirEntryCheckRangeByteLong8(uint64_t value); |
167 | | static enum TIFFReadDirEntryErr |
168 | | TIFFReadDirEntryCheckRangeByteSlong8(int64_t value); |
169 | | |
170 | | static enum TIFFReadDirEntryErr |
171 | | TIFFReadDirEntryCheckRangeSbyteByte(uint8_t value); |
172 | | static enum TIFFReadDirEntryErr |
173 | | TIFFReadDirEntryCheckRangeSbyteShort(uint16_t value); |
174 | | static enum TIFFReadDirEntryErr |
175 | | TIFFReadDirEntryCheckRangeSbyteSshort(int16_t value); |
176 | | static enum TIFFReadDirEntryErr |
177 | | TIFFReadDirEntryCheckRangeSbyteLong(uint32_t value); |
178 | | static enum TIFFReadDirEntryErr |
179 | | TIFFReadDirEntryCheckRangeSbyteSlong(int32_t value); |
180 | | static enum TIFFReadDirEntryErr |
181 | | TIFFReadDirEntryCheckRangeSbyteLong8(uint64_t value); |
182 | | static enum TIFFReadDirEntryErr |
183 | | TIFFReadDirEntryCheckRangeSbyteSlong8(int64_t value); |
184 | | |
185 | | static enum TIFFReadDirEntryErr |
186 | | TIFFReadDirEntryCheckRangeShortSbyte(int8_t value); |
187 | | static enum TIFFReadDirEntryErr |
188 | | TIFFReadDirEntryCheckRangeShortSshort(int16_t value); |
189 | | static enum TIFFReadDirEntryErr |
190 | | TIFFReadDirEntryCheckRangeShortLong(uint32_t value); |
191 | | static enum TIFFReadDirEntryErr |
192 | | TIFFReadDirEntryCheckRangeShortSlong(int32_t value); |
193 | | static enum TIFFReadDirEntryErr |
194 | | TIFFReadDirEntryCheckRangeShortLong8(uint64_t value); |
195 | | static enum TIFFReadDirEntryErr |
196 | | TIFFReadDirEntryCheckRangeShortSlong8(int64_t value); |
197 | | |
198 | | static enum TIFFReadDirEntryErr |
199 | | TIFFReadDirEntryCheckRangeSshortShort(uint16_t value); |
200 | | static enum TIFFReadDirEntryErr |
201 | | TIFFReadDirEntryCheckRangeSshortLong(uint32_t value); |
202 | | static enum TIFFReadDirEntryErr |
203 | | TIFFReadDirEntryCheckRangeSshortSlong(int32_t value); |
204 | | static enum TIFFReadDirEntryErr |
205 | | TIFFReadDirEntryCheckRangeSshortLong8(uint64_t value); |
206 | | static enum TIFFReadDirEntryErr |
207 | | TIFFReadDirEntryCheckRangeSshortSlong8(int64_t value); |
208 | | |
209 | | static enum TIFFReadDirEntryErr |
210 | | TIFFReadDirEntryCheckRangeLongSbyte(int8_t value); |
211 | | static enum TIFFReadDirEntryErr |
212 | | TIFFReadDirEntryCheckRangeLongSshort(int16_t value); |
213 | | static enum TIFFReadDirEntryErr |
214 | | TIFFReadDirEntryCheckRangeLongSlong(int32_t value); |
215 | | static enum TIFFReadDirEntryErr |
216 | | TIFFReadDirEntryCheckRangeLongLong8(uint64_t value); |
217 | | static enum TIFFReadDirEntryErr |
218 | | TIFFReadDirEntryCheckRangeLongSlong8(int64_t value); |
219 | | |
220 | | static enum TIFFReadDirEntryErr |
221 | | TIFFReadDirEntryCheckRangeSlongLong(uint32_t value); |
222 | | static enum TIFFReadDirEntryErr |
223 | | TIFFReadDirEntryCheckRangeSlongLong8(uint64_t value); |
224 | | static enum TIFFReadDirEntryErr |
225 | | TIFFReadDirEntryCheckRangeSlongSlong8(int64_t value); |
226 | | |
227 | | static enum TIFFReadDirEntryErr |
228 | | TIFFReadDirEntryCheckRangeLong8Sbyte(int8_t value); |
229 | | static enum TIFFReadDirEntryErr |
230 | | TIFFReadDirEntryCheckRangeLong8Sshort(int16_t value); |
231 | | static enum TIFFReadDirEntryErr |
232 | | TIFFReadDirEntryCheckRangeLong8Slong(int32_t value); |
233 | | static enum TIFFReadDirEntryErr |
234 | | TIFFReadDirEntryCheckRangeLong8Slong8(int64_t value); |
235 | | |
236 | | static enum TIFFReadDirEntryErr |
237 | | TIFFReadDirEntryCheckRangeSlong8Long8(uint64_t value); |
238 | | |
239 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF *tif, uint64_t offset, |
240 | | tmsize_t size, void *dest); |
241 | | static void TIFFReadDirEntryOutputErr(TIFF *tif, enum TIFFReadDirEntryErr err, |
242 | | const char *module, const char *tagname, |
243 | | int recover); |
244 | | |
245 | | static void TIFFReadDirectoryCheckOrder(TIFF *tif, TIFFDirEntry *dir, |
246 | | uint16_t dircount); |
247 | | static TIFFDirEntry *TIFFReadDirectoryFindEntry(TIFF *tif, TIFFDirEntry *dir, |
248 | | uint16_t dircount, |
249 | | uint16_t tagid); |
250 | | static void TIFFReadDirectoryFindFieldInfo(TIFF *tif, uint16_t tagid, |
251 | | uint32_t *fii); |
252 | | |
253 | | static int EstimateStripByteCounts(TIFF *tif, TIFFDirEntry *dir, |
254 | | uint16_t dircount); |
255 | | static void MissingRequired(TIFF *, const char *); |
256 | | static int CheckDirCount(TIFF *, TIFFDirEntry *, uint32_t); |
257 | | static uint16_t TIFFFetchDirectory(TIFF *tif, uint64_t diroff, |
258 | | TIFFDirEntry **pdir, uint64_t *nextdiroff); |
259 | | static int TIFFFetchNormalTag(TIFF *, TIFFDirEntry *, int recover); |
260 | | static int TIFFFetchStripThing(TIFF *tif, TIFFDirEntry *dir, uint32_t nstrips, |
261 | | uint64_t **lpp); |
262 | | static int TIFFFetchSubjectDistance(TIFF *, TIFFDirEntry *); |
263 | | static void ChopUpSingleUncompressedStrip(TIFF *); |
264 | | static void TryChopUpUncompressedBigTiff(TIFF *); |
265 | | static uint64_t TIFFReadUInt64(const uint8_t *value); |
266 | | static int _TIFFGetMaxColorChannels(uint16_t photometric); |
267 | | |
268 | | static int _TIFFFillStrilesInternal(TIFF *tif, int loadStripByteCount); |
269 | | |
270 | | typedef union _UInt64Aligned_t |
271 | | { |
272 | | double d; |
273 | | uint64_t l; |
274 | | uint32_t i[2]; |
275 | | uint16_t s[4]; |
276 | | uint8_t c[8]; |
277 | | } UInt64Aligned_t; |
278 | | |
279 | | /* |
280 | | Unaligned safe copy of a uint64_t value from an octet array. |
281 | | */ |
282 | | static uint64_t TIFFReadUInt64(const uint8_t *value) |
283 | 274k | { |
284 | 274k | UInt64Aligned_t result; |
285 | | |
286 | 274k | result.c[0] = value[0]; |
287 | 274k | result.c[1] = value[1]; |
288 | 274k | result.c[2] = value[2]; |
289 | 274k | result.c[3] = value[3]; |
290 | 274k | result.c[4] = value[4]; |
291 | 274k | result.c[5] = value[5]; |
292 | 274k | result.c[6] = value[6]; |
293 | 274k | result.c[7] = value[7]; |
294 | | |
295 | 274k | return result.l; |
296 | 274k | } |
297 | | |
298 | | static enum TIFFReadDirEntryErr |
299 | | TIFFReadDirEntryByte(TIFF *tif, TIFFDirEntry *direntry, uint8_t *value) |
300 | 14.0k | { |
301 | 14.0k | enum TIFFReadDirEntryErr err; |
302 | 14.0k | if (direntry->tdir_count != 1) |
303 | 3.07k | return (TIFFReadDirEntryErrCount); |
304 | 10.9k | switch (direntry->tdir_type) |
305 | 10.9k | { |
306 | 109 | case TIFF_BYTE: |
307 | 376 | case TIFF_UNDEFINED: /* Support to read TIFF_UNDEFINED with |
308 | | field_readcount==1 */ |
309 | 376 | TIFFReadDirEntryCheckedByte(tif, direntry, value); |
310 | 376 | return (TIFFReadDirEntryErrOk); |
311 | 469 | case TIFF_SBYTE: |
312 | 469 | { |
313 | 469 | int8_t m; |
314 | 469 | TIFFReadDirEntryCheckedSbyte(tif, direntry, &m); |
315 | 469 | err = TIFFReadDirEntryCheckRangeByteSbyte(m); |
316 | 469 | if (err != TIFFReadDirEntryErrOk) |
317 | 343 | return (err); |
318 | 126 | *value = (uint8_t)m; |
319 | 126 | return (TIFFReadDirEntryErrOk); |
320 | 469 | } |
321 | 1.66k | case TIFF_SHORT: |
322 | 1.66k | { |
323 | 1.66k | uint16_t m; |
324 | 1.66k | TIFFReadDirEntryCheckedShort(tif, direntry, &m); |
325 | 1.66k | err = TIFFReadDirEntryCheckRangeByteShort(m); |
326 | 1.66k | if (err != TIFFReadDirEntryErrOk) |
327 | 707 | return (err); |
328 | 953 | *value = (uint8_t)m; |
329 | 953 | return (TIFFReadDirEntryErrOk); |
330 | 1.66k | } |
331 | 859 | case TIFF_SSHORT: |
332 | 859 | { |
333 | 859 | int16_t m; |
334 | 859 | TIFFReadDirEntryCheckedSshort(tif, direntry, &m); |
335 | 859 | err = TIFFReadDirEntryCheckRangeByteSshort(m); |
336 | 859 | if (err != TIFFReadDirEntryErrOk) |
337 | 682 | return (err); |
338 | 177 | *value = (uint8_t)m; |
339 | 177 | return (TIFFReadDirEntryErrOk); |
340 | 859 | } |
341 | 1.11k | case TIFF_LONG: |
342 | 1.11k | { |
343 | 1.11k | uint32_t m; |
344 | 1.11k | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
345 | 1.11k | err = TIFFReadDirEntryCheckRangeByteLong(m); |
346 | 1.11k | if (err != TIFFReadDirEntryErrOk) |
347 | 793 | return (err); |
348 | 322 | *value = (uint8_t)m; |
349 | 322 | return (TIFFReadDirEntryErrOk); |
350 | 1.11k | } |
351 | 1.21k | case TIFF_SLONG: |
352 | 1.21k | { |
353 | 1.21k | int32_t m; |
354 | 1.21k | TIFFReadDirEntryCheckedSlong(tif, direntry, &m); |
355 | 1.21k | err = TIFFReadDirEntryCheckRangeByteSlong(m); |
356 | 1.21k | if (err != TIFFReadDirEntryErrOk) |
357 | 951 | return (err); |
358 | 265 | *value = (uint8_t)m; |
359 | 265 | return (TIFFReadDirEntryErrOk); |
360 | 1.21k | } |
361 | 2.14k | case TIFF_LONG8: |
362 | 2.14k | { |
363 | 2.14k | uint64_t m; |
364 | 2.14k | err = TIFFReadDirEntryCheckedLong8(tif, direntry, &m); |
365 | 2.14k | if (err != TIFFReadDirEntryErrOk) |
366 | 637 | return (err); |
367 | 1.50k | err = TIFFReadDirEntryCheckRangeByteLong8(m); |
368 | 1.50k | if (err != TIFFReadDirEntryErrOk) |
369 | 1.29k | return (err); |
370 | 205 | *value = (uint8_t)m; |
371 | 205 | return (TIFFReadDirEntryErrOk); |
372 | 1.50k | } |
373 | 2.49k | case TIFF_SLONG8: |
374 | 2.49k | { |
375 | 2.49k | int64_t m; |
376 | 2.49k | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, &m); |
377 | 2.49k | if (err != TIFFReadDirEntryErrOk) |
378 | 587 | return (err); |
379 | 1.90k | err = TIFFReadDirEntryCheckRangeByteSlong8(m); |
380 | 1.90k | if (err != TIFFReadDirEntryErrOk) |
381 | 1.57k | return (err); |
382 | 333 | *value = (uint8_t)m; |
383 | 333 | return (TIFFReadDirEntryErrOk); |
384 | 1.90k | } |
385 | 611 | default: |
386 | 611 | return (TIFFReadDirEntryErrType); |
387 | 10.9k | } |
388 | 10.9k | } |
389 | | |
390 | | static enum TIFFReadDirEntryErr |
391 | | TIFFReadDirEntrySbyte(TIFF *tif, TIFFDirEntry *direntry, int8_t *value) |
392 | 0 | { |
393 | 0 | enum TIFFReadDirEntryErr err; |
394 | 0 | if (direntry->tdir_count != 1) |
395 | 0 | return (TIFFReadDirEntryErrCount); |
396 | 0 | switch (direntry->tdir_type) |
397 | 0 | { |
398 | 0 | case TIFF_BYTE: |
399 | 0 | case TIFF_UNDEFINED: /* Support to read TIFF_UNDEFINED with |
400 | | field_readcount==1 */ |
401 | 0 | { |
402 | 0 | uint8_t m; |
403 | 0 | TIFFReadDirEntryCheckedByte(tif, direntry, &m); |
404 | 0 | err = TIFFReadDirEntryCheckRangeSbyteByte(m); |
405 | 0 | if (err != TIFFReadDirEntryErrOk) |
406 | 0 | return (err); |
407 | 0 | *value = (int8_t)m; |
408 | 0 | return (TIFFReadDirEntryErrOk); |
409 | 0 | } |
410 | 0 | case TIFF_SBYTE: |
411 | 0 | { |
412 | 0 | TIFFReadDirEntryCheckedSbyte(tif, direntry, value); |
413 | 0 | return (TIFFReadDirEntryErrOk); |
414 | 0 | } |
415 | 0 | case TIFF_SHORT: |
416 | 0 | { |
417 | 0 | uint16_t m; |
418 | 0 | TIFFReadDirEntryCheckedShort(tif, direntry, &m); |
419 | 0 | err = TIFFReadDirEntryCheckRangeSbyteShort(m); |
420 | 0 | if (err != TIFFReadDirEntryErrOk) |
421 | 0 | return (err); |
422 | 0 | *value = (int8_t)m; |
423 | 0 | return (TIFFReadDirEntryErrOk); |
424 | 0 | } |
425 | 0 | case TIFF_SSHORT: |
426 | 0 | { |
427 | 0 | int16_t m; |
428 | 0 | TIFFReadDirEntryCheckedSshort(tif, direntry, &m); |
429 | 0 | err = TIFFReadDirEntryCheckRangeSbyteSshort(m); |
430 | 0 | if (err != TIFFReadDirEntryErrOk) |
431 | 0 | return (err); |
432 | 0 | *value = (int8_t)m; |
433 | 0 | return (TIFFReadDirEntryErrOk); |
434 | 0 | } |
435 | 0 | case TIFF_LONG: |
436 | 0 | { |
437 | 0 | uint32_t m; |
438 | 0 | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
439 | 0 | err = TIFFReadDirEntryCheckRangeSbyteLong(m); |
440 | 0 | if (err != TIFFReadDirEntryErrOk) |
441 | 0 | return (err); |
442 | 0 | *value = (int8_t)m; |
443 | 0 | return (TIFFReadDirEntryErrOk); |
444 | 0 | } |
445 | 0 | case TIFF_SLONG: |
446 | 0 | { |
447 | 0 | int32_t m; |
448 | 0 | TIFFReadDirEntryCheckedSlong(tif, direntry, &m); |
449 | 0 | err = TIFFReadDirEntryCheckRangeSbyteSlong(m); |
450 | 0 | if (err != TIFFReadDirEntryErrOk) |
451 | 0 | return (err); |
452 | 0 | *value = (int8_t)m; |
453 | 0 | return (TIFFReadDirEntryErrOk); |
454 | 0 | } |
455 | 0 | case TIFF_LONG8: |
456 | 0 | { |
457 | 0 | uint64_t m; |
458 | 0 | err = TIFFReadDirEntryCheckedLong8(tif, direntry, &m); |
459 | 0 | if (err != TIFFReadDirEntryErrOk) |
460 | 0 | return (err); |
461 | 0 | err = TIFFReadDirEntryCheckRangeSbyteLong8(m); |
462 | 0 | if (err != TIFFReadDirEntryErrOk) |
463 | 0 | return (err); |
464 | 0 | *value = (int8_t)m; |
465 | 0 | return (TIFFReadDirEntryErrOk); |
466 | 0 | } |
467 | 0 | case TIFF_SLONG8: |
468 | 0 | { |
469 | 0 | int64_t m; |
470 | 0 | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, &m); |
471 | 0 | if (err != TIFFReadDirEntryErrOk) |
472 | 0 | return (err); |
473 | 0 | err = TIFFReadDirEntryCheckRangeSbyteSlong8(m); |
474 | 0 | if (err != TIFFReadDirEntryErrOk) |
475 | 0 | return (err); |
476 | 0 | *value = (int8_t)m; |
477 | 0 | return (TIFFReadDirEntryErrOk); |
478 | 0 | } |
479 | 0 | default: |
480 | 0 | return (TIFFReadDirEntryErrType); |
481 | 0 | } |
482 | 0 | } /*-- TIFFReadDirEntrySbyte() --*/ |
483 | | |
484 | | static enum TIFFReadDirEntryErr |
485 | | TIFFReadDirEntryShort(TIFF *tif, TIFFDirEntry *direntry, uint16_t *value) |
486 | 5.05M | { |
487 | 5.05M | enum TIFFReadDirEntryErr err; |
488 | 5.05M | if (direntry->tdir_count != 1) |
489 | 371k | return (TIFFReadDirEntryErrCount); |
490 | 4.68M | switch (direntry->tdir_type) |
491 | 4.68M | { |
492 | 31.2k | case TIFF_BYTE: |
493 | 31.2k | { |
494 | 31.2k | uint8_t m; |
495 | 31.2k | TIFFReadDirEntryCheckedByte(tif, direntry, &m); |
496 | 31.2k | *value = (uint16_t)m; |
497 | 31.2k | return (TIFFReadDirEntryErrOk); |
498 | 0 | } |
499 | 7.55k | case TIFF_SBYTE: |
500 | 7.55k | { |
501 | 7.55k | int8_t m; |
502 | 7.55k | TIFFReadDirEntryCheckedSbyte(tif, direntry, &m); |
503 | 7.55k | err = TIFFReadDirEntryCheckRangeShortSbyte(m); |
504 | 7.55k | if (err != TIFFReadDirEntryErrOk) |
505 | 555 | return (err); |
506 | 7.00k | *value = (uint16_t)m; |
507 | 7.00k | return (TIFFReadDirEntryErrOk); |
508 | 7.55k | } |
509 | 4.58M | case TIFF_SHORT: |
510 | 4.58M | TIFFReadDirEntryCheckedShort(tif, direntry, value); |
511 | 4.58M | return (TIFFReadDirEntryErrOk); |
512 | 16.9k | case TIFF_SSHORT: |
513 | 16.9k | { |
514 | 16.9k | int16_t m; |
515 | 16.9k | TIFFReadDirEntryCheckedSshort(tif, direntry, &m); |
516 | 16.9k | err = TIFFReadDirEntryCheckRangeShortSshort(m); |
517 | 16.9k | if (err != TIFFReadDirEntryErrOk) |
518 | 455 | return (err); |
519 | 16.4k | *value = (uint16_t)m; |
520 | 16.4k | return (TIFFReadDirEntryErrOk); |
521 | 16.9k | } |
522 | 16.2k | case TIFF_LONG: |
523 | 16.2k | { |
524 | 16.2k | uint32_t m; |
525 | 16.2k | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
526 | 16.2k | err = TIFFReadDirEntryCheckRangeShortLong(m); |
527 | 16.2k | if (err != TIFFReadDirEntryErrOk) |
528 | 8.56k | return (err); |
529 | 7.71k | *value = (uint16_t)m; |
530 | 7.71k | return (TIFFReadDirEntryErrOk); |
531 | 16.2k | } |
532 | 6.90k | case TIFF_SLONG: |
533 | 6.90k | { |
534 | 6.90k | int32_t m; |
535 | 6.90k | TIFFReadDirEntryCheckedSlong(tif, direntry, &m); |
536 | 6.90k | err = TIFFReadDirEntryCheckRangeShortSlong(m); |
537 | 6.90k | if (err != TIFFReadDirEntryErrOk) |
538 | 1.31k | return (err); |
539 | 5.59k | *value = (uint16_t)m; |
540 | 5.59k | return (TIFFReadDirEntryErrOk); |
541 | 6.90k | } |
542 | 1.98k | case TIFF_LONG8: |
543 | 1.98k | { |
544 | 1.98k | uint64_t m; |
545 | 1.98k | err = TIFFReadDirEntryCheckedLong8(tif, direntry, &m); |
546 | 1.98k | if (err != TIFFReadDirEntryErrOk) |
547 | 684 | return (err); |
548 | 1.29k | err = TIFFReadDirEntryCheckRangeShortLong8(m); |
549 | 1.29k | if (err != TIFFReadDirEntryErrOk) |
550 | 864 | return (err); |
551 | 433 | *value = (uint16_t)m; |
552 | 433 | return (TIFFReadDirEntryErrOk); |
553 | 1.29k | } |
554 | 7.94k | case TIFF_SLONG8: |
555 | 7.94k | { |
556 | 7.94k | int64_t m; |
557 | 7.94k | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, &m); |
558 | 7.94k | if (err != TIFFReadDirEntryErrOk) |
559 | 1.61k | return (err); |
560 | 6.33k | err = TIFFReadDirEntryCheckRangeShortSlong8(m); |
561 | 6.33k | if (err != TIFFReadDirEntryErrOk) |
562 | 4.88k | return (err); |
563 | 1.45k | *value = (uint16_t)m; |
564 | 1.45k | return (TIFFReadDirEntryErrOk); |
565 | 6.33k | } |
566 | 9.57k | default: |
567 | 9.57k | return (TIFFReadDirEntryErrType); |
568 | 4.68M | } |
569 | 4.68M | } /*-- TIFFReadDirEntryShort() --*/ |
570 | | |
571 | | static enum TIFFReadDirEntryErr |
572 | | TIFFReadDirEntrySshort(TIFF *tif, TIFFDirEntry *direntry, int16_t *value) |
573 | 0 | { |
574 | 0 | enum TIFFReadDirEntryErr err; |
575 | 0 | if (direntry->tdir_count != 1) |
576 | 0 | return (TIFFReadDirEntryErrCount); |
577 | 0 | switch (direntry->tdir_type) |
578 | 0 | { |
579 | 0 | case TIFF_BYTE: |
580 | 0 | { |
581 | 0 | uint8_t m; |
582 | 0 | TIFFReadDirEntryCheckedByte(tif, direntry, &m); |
583 | 0 | *value = (int16_t)m; |
584 | 0 | return (TIFFReadDirEntryErrOk); |
585 | 0 | } |
586 | 0 | case TIFF_SBYTE: |
587 | 0 | { |
588 | 0 | int8_t m; |
589 | 0 | TIFFReadDirEntryCheckedSbyte(tif, direntry, &m); |
590 | 0 | *value = (int16_t)m; |
591 | 0 | return (TIFFReadDirEntryErrOk); |
592 | 0 | } |
593 | 0 | case TIFF_SHORT: |
594 | 0 | { |
595 | 0 | uint16_t m; |
596 | 0 | TIFFReadDirEntryCheckedShort(tif, direntry, &m); |
597 | 0 | err = TIFFReadDirEntryCheckRangeSshortShort(m); |
598 | 0 | if (err != TIFFReadDirEntryErrOk) |
599 | 0 | return (err); |
600 | 0 | *value = (uint16_t)m; |
601 | 0 | return (TIFFReadDirEntryErrOk); |
602 | 0 | } |
603 | 0 | case TIFF_SSHORT: |
604 | 0 | TIFFReadDirEntryCheckedSshort(tif, direntry, value); |
605 | 0 | return (TIFFReadDirEntryErrOk); |
606 | 0 | case TIFF_LONG: |
607 | 0 | { |
608 | 0 | uint32_t m; |
609 | 0 | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
610 | 0 | err = TIFFReadDirEntryCheckRangeSshortLong(m); |
611 | 0 | if (err != TIFFReadDirEntryErrOk) |
612 | 0 | return (err); |
613 | 0 | *value = (int16_t)m; |
614 | 0 | return (TIFFReadDirEntryErrOk); |
615 | 0 | } |
616 | 0 | case TIFF_SLONG: |
617 | 0 | { |
618 | 0 | int32_t m; |
619 | 0 | TIFFReadDirEntryCheckedSlong(tif, direntry, &m); |
620 | 0 | err = TIFFReadDirEntryCheckRangeSshortSlong(m); |
621 | 0 | if (err != TIFFReadDirEntryErrOk) |
622 | 0 | return (err); |
623 | 0 | *value = (int16_t)m; |
624 | 0 | return (TIFFReadDirEntryErrOk); |
625 | 0 | } |
626 | 0 | case TIFF_LONG8: |
627 | 0 | { |
628 | 0 | uint64_t m; |
629 | 0 | err = TIFFReadDirEntryCheckedLong8(tif, direntry, &m); |
630 | 0 | if (err != TIFFReadDirEntryErrOk) |
631 | 0 | return (err); |
632 | 0 | err = TIFFReadDirEntryCheckRangeSshortLong8(m); |
633 | 0 | if (err != TIFFReadDirEntryErrOk) |
634 | 0 | return (err); |
635 | 0 | *value = (int16_t)m; |
636 | 0 | return (TIFFReadDirEntryErrOk); |
637 | 0 | } |
638 | 0 | case TIFF_SLONG8: |
639 | 0 | { |
640 | 0 | int64_t m; |
641 | 0 | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, &m); |
642 | 0 | if (err != TIFFReadDirEntryErrOk) |
643 | 0 | return (err); |
644 | 0 | err = TIFFReadDirEntryCheckRangeSshortSlong8(m); |
645 | 0 | if (err != TIFFReadDirEntryErrOk) |
646 | 0 | return (err); |
647 | 0 | *value = (int16_t)m; |
648 | 0 | return (TIFFReadDirEntryErrOk); |
649 | 0 | } |
650 | 0 | default: |
651 | 0 | return (TIFFReadDirEntryErrType); |
652 | 0 | } |
653 | 0 | } /*-- TIFFReadDirEntrySshort() --*/ |
654 | | |
655 | | static enum TIFFReadDirEntryErr |
656 | | TIFFReadDirEntryLong(TIFF *tif, TIFFDirEntry *direntry, uint32_t *value) |
657 | 3.93M | { |
658 | 3.93M | enum TIFFReadDirEntryErr err; |
659 | 3.93M | if (direntry->tdir_count != 1) |
660 | 31.2k | return (TIFFReadDirEntryErrCount); |
661 | 3.90M | switch (direntry->tdir_type) |
662 | 3.90M | { |
663 | 64.3k | case TIFF_BYTE: |
664 | 64.3k | { |
665 | 64.3k | uint8_t m; |
666 | 64.3k | TIFFReadDirEntryCheckedByte(tif, direntry, &m); |
667 | 64.3k | *value = (uint32_t)m; |
668 | 64.3k | return (TIFFReadDirEntryErrOk); |
669 | 0 | } |
670 | 19.3k | case TIFF_SBYTE: |
671 | 19.3k | { |
672 | 19.3k | int8_t m; |
673 | 19.3k | TIFFReadDirEntryCheckedSbyte(tif, direntry, &m); |
674 | 19.3k | err = TIFFReadDirEntryCheckRangeLongSbyte(m); |
675 | 19.3k | if (err != TIFFReadDirEntryErrOk) |
676 | 180 | return (err); |
677 | 19.2k | *value = (uint32_t)m; |
678 | 19.2k | return (TIFFReadDirEntryErrOk); |
679 | 19.3k | } |
680 | 3.67M | case TIFF_SHORT: |
681 | 3.67M | { |
682 | 3.67M | uint16_t m; |
683 | 3.67M | TIFFReadDirEntryCheckedShort(tif, direntry, &m); |
684 | 3.67M | *value = (uint32_t)m; |
685 | 3.67M | return (TIFFReadDirEntryErrOk); |
686 | 19.3k | } |
687 | 28.3k | case TIFF_SSHORT: |
688 | 28.3k | { |
689 | 28.3k | int16_t m; |
690 | 28.3k | TIFFReadDirEntryCheckedSshort(tif, direntry, &m); |
691 | 28.3k | err = TIFFReadDirEntryCheckRangeLongSshort(m); |
692 | 28.3k | if (err != TIFFReadDirEntryErrOk) |
693 | 373 | return (err); |
694 | 28.0k | *value = (uint32_t)m; |
695 | 28.0k | return (TIFFReadDirEntryErrOk); |
696 | 28.3k | } |
697 | 75.4k | case TIFF_LONG: |
698 | 75.4k | TIFFReadDirEntryCheckedLong(tif, direntry, value); |
699 | 75.4k | return (TIFFReadDirEntryErrOk); |
700 | 22.7k | case TIFF_SLONG: |
701 | 22.7k | { |
702 | 22.7k | int32_t m; |
703 | 22.7k | TIFFReadDirEntryCheckedSlong(tif, direntry, &m); |
704 | 22.7k | err = TIFFReadDirEntryCheckRangeLongSlong(m); |
705 | 22.7k | if (err != TIFFReadDirEntryErrOk) |
706 | 644 | return (err); |
707 | 22.1k | *value = (uint32_t)m; |
708 | 22.1k | return (TIFFReadDirEntryErrOk); |
709 | 22.7k | } |
710 | 9.30k | case TIFF_LONG8: |
711 | 9.30k | { |
712 | 9.30k | uint64_t m; |
713 | 9.30k | err = TIFFReadDirEntryCheckedLong8(tif, direntry, &m); |
714 | 9.30k | if (err != TIFFReadDirEntryErrOk) |
715 | 574 | return (err); |
716 | 8.73k | err = TIFFReadDirEntryCheckRangeLongLong8(m); |
717 | 8.73k | if (err != TIFFReadDirEntryErrOk) |
718 | 773 | return (err); |
719 | 7.95k | *value = (uint32_t)m; |
720 | 7.95k | return (TIFFReadDirEntryErrOk); |
721 | 8.73k | } |
722 | 4.38k | case TIFF_SLONG8: |
723 | 4.38k | { |
724 | 4.38k | int64_t m; |
725 | 4.38k | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, &m); |
726 | 4.38k | if (err != TIFFReadDirEntryErrOk) |
727 | 581 | return (err); |
728 | 3.80k | err = TIFFReadDirEntryCheckRangeLongSlong8(m); |
729 | 3.80k | if (err != TIFFReadDirEntryErrOk) |
730 | 1.70k | return (err); |
731 | 2.10k | *value = (uint32_t)m; |
732 | 2.10k | return (TIFFReadDirEntryErrOk); |
733 | 3.80k | } |
734 | 3.31k | default: |
735 | 3.31k | return (TIFFReadDirEntryErrType); |
736 | 3.90M | } |
737 | 3.90M | } /*-- TIFFReadDirEntryLong() --*/ |
738 | | |
739 | | static enum TIFFReadDirEntryErr |
740 | | TIFFReadDirEntrySlong(TIFF *tif, TIFFDirEntry *direntry, int32_t *value) |
741 | 0 | { |
742 | 0 | enum TIFFReadDirEntryErr err; |
743 | 0 | if (direntry->tdir_count != 1) |
744 | 0 | return (TIFFReadDirEntryErrCount); |
745 | 0 | switch (direntry->tdir_type) |
746 | 0 | { |
747 | 0 | case TIFF_BYTE: |
748 | 0 | { |
749 | 0 | uint8_t m; |
750 | 0 | TIFFReadDirEntryCheckedByte(tif, direntry, &m); |
751 | 0 | *value = (int32_t)m; |
752 | 0 | return (TIFFReadDirEntryErrOk); |
753 | 0 | } |
754 | 0 | case TIFF_SBYTE: |
755 | 0 | { |
756 | 0 | int8_t m; |
757 | 0 | TIFFReadDirEntryCheckedSbyte(tif, direntry, &m); |
758 | 0 | *value = (int32_t)m; |
759 | 0 | return (TIFFReadDirEntryErrOk); |
760 | 0 | } |
761 | 0 | case TIFF_SHORT: |
762 | 0 | { |
763 | 0 | uint16_t m; |
764 | 0 | TIFFReadDirEntryCheckedShort(tif, direntry, &m); |
765 | 0 | *value = (int32_t)m; |
766 | 0 | return (TIFFReadDirEntryErrOk); |
767 | 0 | } |
768 | 0 | case TIFF_SSHORT: |
769 | 0 | { |
770 | 0 | int16_t m; |
771 | 0 | TIFFReadDirEntryCheckedSshort(tif, direntry, &m); |
772 | 0 | *value = (int32_t)m; |
773 | 0 | return (TIFFReadDirEntryErrOk); |
774 | 0 | } |
775 | 0 | case TIFF_LONG: |
776 | 0 | { |
777 | 0 | uint32_t m; |
778 | 0 | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
779 | 0 | err = TIFFReadDirEntryCheckRangeSlongLong(m); |
780 | 0 | if (err != TIFFReadDirEntryErrOk) |
781 | 0 | return (err); |
782 | 0 | *value = (int32_t)m; |
783 | 0 | return (TIFFReadDirEntryErrOk); |
784 | 0 | } |
785 | 0 | case TIFF_SLONG: |
786 | 0 | TIFFReadDirEntryCheckedSlong(tif, direntry, value); |
787 | 0 | return (TIFFReadDirEntryErrOk); |
788 | 0 | case TIFF_LONG8: |
789 | 0 | { |
790 | 0 | uint64_t m; |
791 | 0 | err = TIFFReadDirEntryCheckedLong8(tif, direntry, &m); |
792 | 0 | if (err != TIFFReadDirEntryErrOk) |
793 | 0 | return (err); |
794 | 0 | err = TIFFReadDirEntryCheckRangeSlongLong8(m); |
795 | 0 | if (err != TIFFReadDirEntryErrOk) |
796 | 0 | return (err); |
797 | 0 | *value = (int32_t)m; |
798 | 0 | return (TIFFReadDirEntryErrOk); |
799 | 0 | } |
800 | 0 | case TIFF_SLONG8: |
801 | 0 | { |
802 | 0 | int64_t m; |
803 | 0 | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, &m); |
804 | 0 | if (err != TIFFReadDirEntryErrOk) |
805 | 0 | return (err); |
806 | 0 | err = TIFFReadDirEntryCheckRangeSlongSlong8(m); |
807 | 0 | if (err != TIFFReadDirEntryErrOk) |
808 | 0 | return (err); |
809 | 0 | *value = (int32_t)m; |
810 | 0 | return (TIFFReadDirEntryErrOk); |
811 | 0 | } |
812 | 0 | default: |
813 | 0 | return (TIFFReadDirEntryErrType); |
814 | 0 | } |
815 | 0 | } /*-- TIFFReadDirEntrySlong() --*/ |
816 | | |
817 | | static enum TIFFReadDirEntryErr |
818 | | TIFFReadDirEntryLong8(TIFF *tif, TIFFDirEntry *direntry, uint64_t *value) |
819 | 23.3k | { |
820 | 23.3k | enum TIFFReadDirEntryErr err; |
821 | 23.3k | if (direntry->tdir_count != 1) |
822 | 7.88k | return (TIFFReadDirEntryErrCount); |
823 | 15.4k | switch (direntry->tdir_type) |
824 | 15.4k | { |
825 | 718 | case TIFF_BYTE: |
826 | 718 | { |
827 | 718 | uint8_t m; |
828 | 718 | TIFFReadDirEntryCheckedByte(tif, direntry, &m); |
829 | 718 | *value = (uint64_t)m; |
830 | 718 | return (TIFFReadDirEntryErrOk); |
831 | 0 | } |
832 | 2.40k | case TIFF_SBYTE: |
833 | 2.40k | { |
834 | 2.40k | int8_t m; |
835 | 2.40k | TIFFReadDirEntryCheckedSbyte(tif, direntry, &m); |
836 | 2.40k | err = TIFFReadDirEntryCheckRangeLong8Sbyte(m); |
837 | 2.40k | if (err != TIFFReadDirEntryErrOk) |
838 | 590 | return (err); |
839 | 1.81k | *value = (uint64_t)m; |
840 | 1.81k | return (TIFFReadDirEntryErrOk); |
841 | 2.40k | } |
842 | 1.04k | case TIFF_SHORT: |
843 | 1.04k | { |
844 | 1.04k | uint16_t m; |
845 | 1.04k | TIFFReadDirEntryCheckedShort(tif, direntry, &m); |
846 | 1.04k | *value = (uint64_t)m; |
847 | 1.04k | return (TIFFReadDirEntryErrOk); |
848 | 2.40k | } |
849 | 730 | case TIFF_SSHORT: |
850 | 730 | { |
851 | 730 | int16_t m; |
852 | 730 | TIFFReadDirEntryCheckedSshort(tif, direntry, &m); |
853 | 730 | err = TIFFReadDirEntryCheckRangeLong8Sshort(m); |
854 | 730 | if (err != TIFFReadDirEntryErrOk) |
855 | 213 | return (err); |
856 | 517 | *value = (uint64_t)m; |
857 | 517 | return (TIFFReadDirEntryErrOk); |
858 | 730 | } |
859 | 462 | case TIFF_LONG: |
860 | 462 | { |
861 | 462 | uint32_t m; |
862 | 462 | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
863 | 462 | *value = (uint64_t)m; |
864 | 462 | return (TIFFReadDirEntryErrOk); |
865 | 730 | } |
866 | 2.44k | case TIFF_SLONG: |
867 | 2.44k | { |
868 | 2.44k | int32_t m; |
869 | 2.44k | TIFFReadDirEntryCheckedSlong(tif, direntry, &m); |
870 | 2.44k | err = TIFFReadDirEntryCheckRangeLong8Slong(m); |
871 | 2.44k | if (err != TIFFReadDirEntryErrOk) |
872 | 561 | return (err); |
873 | 1.88k | *value = (uint64_t)m; |
874 | 1.88k | return (TIFFReadDirEntryErrOk); |
875 | 2.44k | } |
876 | 2.79k | case TIFF_LONG8: |
877 | 2.79k | err = TIFFReadDirEntryCheckedLong8(tif, direntry, value); |
878 | 2.79k | return (err); |
879 | 3.45k | case TIFF_SLONG8: |
880 | 3.45k | { |
881 | 3.45k | int64_t m; |
882 | 3.45k | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, &m); |
883 | 3.45k | if (err != TIFFReadDirEntryErrOk) |
884 | 1.18k | return (err); |
885 | 2.27k | err = TIFFReadDirEntryCheckRangeLong8Slong8(m); |
886 | 2.27k | if (err != TIFFReadDirEntryErrOk) |
887 | 806 | return (err); |
888 | 1.46k | *value = (uint64_t)m; |
889 | 1.46k | return (TIFFReadDirEntryErrOk); |
890 | 2.27k | } |
891 | 1.42k | default: |
892 | 1.42k | return (TIFFReadDirEntryErrType); |
893 | 15.4k | } |
894 | 15.4k | } /*-- TIFFReadDirEntryLong8() --*/ |
895 | | |
896 | | static enum TIFFReadDirEntryErr |
897 | | TIFFReadDirEntrySlong8(TIFF *tif, TIFFDirEntry *direntry, int64_t *value) |
898 | 0 | { |
899 | 0 | enum TIFFReadDirEntryErr err; |
900 | 0 | if (direntry->tdir_count != 1) |
901 | 0 | return (TIFFReadDirEntryErrCount); |
902 | 0 | switch (direntry->tdir_type) |
903 | 0 | { |
904 | 0 | case TIFF_BYTE: |
905 | 0 | { |
906 | 0 | uint8_t m; |
907 | 0 | TIFFReadDirEntryCheckedByte(tif, direntry, &m); |
908 | 0 | *value = (int64_t)m; |
909 | 0 | return (TIFFReadDirEntryErrOk); |
910 | 0 | } |
911 | 0 | case TIFF_SBYTE: |
912 | 0 | { |
913 | 0 | int8_t m; |
914 | 0 | TIFFReadDirEntryCheckedSbyte(tif, direntry, &m); |
915 | 0 | *value = (int64_t)m; |
916 | 0 | return (TIFFReadDirEntryErrOk); |
917 | 0 | } |
918 | 0 | case TIFF_SHORT: |
919 | 0 | { |
920 | 0 | uint16_t m; |
921 | 0 | TIFFReadDirEntryCheckedShort(tif, direntry, &m); |
922 | 0 | *value = (int64_t)m; |
923 | 0 | return (TIFFReadDirEntryErrOk); |
924 | 0 | } |
925 | 0 | case TIFF_SSHORT: |
926 | 0 | { |
927 | 0 | int16_t m; |
928 | 0 | TIFFReadDirEntryCheckedSshort(tif, direntry, &m); |
929 | 0 | *value = (int64_t)m; |
930 | 0 | return (TIFFReadDirEntryErrOk); |
931 | 0 | } |
932 | 0 | case TIFF_LONG: |
933 | 0 | { |
934 | 0 | uint32_t m; |
935 | 0 | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
936 | 0 | *value = (int64_t)m; |
937 | 0 | return (TIFFReadDirEntryErrOk); |
938 | 0 | } |
939 | 0 | case TIFF_SLONG: |
940 | 0 | { |
941 | 0 | int32_t m; |
942 | 0 | TIFFReadDirEntryCheckedSlong(tif, direntry, &m); |
943 | 0 | *value = (int64_t)m; |
944 | 0 | return (TIFFReadDirEntryErrOk); |
945 | 0 | } |
946 | 0 | case TIFF_LONG8: |
947 | 0 | { |
948 | 0 | uint64_t m; |
949 | 0 | err = TIFFReadDirEntryCheckedLong8(tif, direntry, &m); |
950 | 0 | if (err != TIFFReadDirEntryErrOk) |
951 | 0 | return (err); |
952 | 0 | err = TIFFReadDirEntryCheckRangeSlong8Long8(m); |
953 | 0 | if (err != TIFFReadDirEntryErrOk) |
954 | 0 | return (err); |
955 | 0 | *value = (int64_t)m; |
956 | 0 | return (TIFFReadDirEntryErrOk); |
957 | 0 | } |
958 | 0 | case TIFF_SLONG8: |
959 | 0 | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, value); |
960 | 0 | return (err); |
961 | 0 | default: |
962 | 0 | return (TIFFReadDirEntryErrType); |
963 | 0 | } |
964 | 0 | } /*-- TIFFReadDirEntrySlong8() --*/ |
965 | | |
966 | | static enum TIFFReadDirEntryErr |
967 | | TIFFReadDirEntryFloat(TIFF *tif, TIFFDirEntry *direntry, float *value) |
968 | 101k | { |
969 | 101k | enum TIFFReadDirEntryErr err; |
970 | 101k | if (direntry->tdir_count != 1) |
971 | 37.9k | return (TIFFReadDirEntryErrCount); |
972 | 63.2k | switch (direntry->tdir_type) |
973 | 63.2k | { |
974 | 794 | case TIFF_BYTE: |
975 | 794 | { |
976 | 794 | uint8_t m; |
977 | 794 | TIFFReadDirEntryCheckedByte(tif, direntry, &m); |
978 | 794 | *value = (float)m; |
979 | 794 | return (TIFFReadDirEntryErrOk); |
980 | 0 | } |
981 | 1.52k | case TIFF_SBYTE: |
982 | 1.52k | { |
983 | 1.52k | int8_t m; |
984 | 1.52k | TIFFReadDirEntryCheckedSbyte(tif, direntry, &m); |
985 | 1.52k | *value = (float)m; |
986 | 1.52k | return (TIFFReadDirEntryErrOk); |
987 | 0 | } |
988 | 19.1k | case TIFF_SHORT: |
989 | 19.1k | { |
990 | 19.1k | uint16_t m; |
991 | 19.1k | TIFFReadDirEntryCheckedShort(tif, direntry, &m); |
992 | 19.1k | *value = (float)m; |
993 | 19.1k | return (TIFFReadDirEntryErrOk); |
994 | 0 | } |
995 | 6.43k | case TIFF_SSHORT: |
996 | 6.43k | { |
997 | 6.43k | int16_t m; |
998 | 6.43k | TIFFReadDirEntryCheckedSshort(tif, direntry, &m); |
999 | 6.43k | *value = (float)m; |
1000 | 6.43k | return (TIFFReadDirEntryErrOk); |
1001 | 0 | } |
1002 | 3.69k | case TIFF_LONG: |
1003 | 3.69k | { |
1004 | 3.69k | uint32_t m; |
1005 | 3.69k | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
1006 | 3.69k | *value = (float)m; |
1007 | 3.69k | return (TIFFReadDirEntryErrOk); |
1008 | 0 | } |
1009 | 746 | case TIFF_SLONG: |
1010 | 746 | { |
1011 | 746 | int32_t m; |
1012 | 746 | TIFFReadDirEntryCheckedSlong(tif, direntry, &m); |
1013 | 746 | *value = (float)m; |
1014 | 746 | return (TIFFReadDirEntryErrOk); |
1015 | 0 | } |
1016 | 1.33k | case TIFF_LONG8: |
1017 | 1.33k | { |
1018 | 1.33k | uint64_t m; |
1019 | 1.33k | err = TIFFReadDirEntryCheckedLong8(tif, direntry, &m); |
1020 | 1.33k | if (err != TIFFReadDirEntryErrOk) |
1021 | 524 | return (err); |
1022 | 811 | *value = (float)m; |
1023 | 811 | return (TIFFReadDirEntryErrOk); |
1024 | 1.33k | } |
1025 | 1.21k | case TIFF_SLONG8: |
1026 | 1.21k | { |
1027 | 1.21k | int64_t m; |
1028 | 1.21k | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, &m); |
1029 | 1.21k | if (err != TIFFReadDirEntryErrOk) |
1030 | 710 | return (err); |
1031 | 505 | *value = (float)m; |
1032 | 505 | return (TIFFReadDirEntryErrOk); |
1033 | 1.21k | } |
1034 | 15.9k | case TIFF_RATIONAL: |
1035 | 15.9k | { |
1036 | 15.9k | double m; |
1037 | 15.9k | err = TIFFReadDirEntryCheckedRational(tif, direntry, &m); |
1038 | 15.9k | if (err != TIFFReadDirEntryErrOk) |
1039 | 4.24k | return (err); |
1040 | 11.6k | *value = (float)m; |
1041 | 11.6k | return (TIFFReadDirEntryErrOk); |
1042 | 15.9k | } |
1043 | 4.49k | case TIFF_SRATIONAL: |
1044 | 4.49k | { |
1045 | 4.49k | double m; |
1046 | 4.49k | err = TIFFReadDirEntryCheckedSrational(tif, direntry, &m); |
1047 | 4.49k | if (err != TIFFReadDirEntryErrOk) |
1048 | 1.22k | return (err); |
1049 | 3.26k | *value = (float)m; |
1050 | 3.26k | return (TIFFReadDirEntryErrOk); |
1051 | 4.49k | } |
1052 | 1.06k | case TIFF_FLOAT: |
1053 | 1.06k | TIFFReadDirEntryCheckedFloat(tif, direntry, value); |
1054 | 1.06k | return (TIFFReadDirEntryErrOk); |
1055 | 2.61k | case TIFF_DOUBLE: |
1056 | 2.61k | { |
1057 | 2.61k | double m; |
1058 | 2.61k | err = TIFFReadDirEntryCheckedDouble(tif, direntry, &m); |
1059 | 2.61k | if (err != TIFFReadDirEntryErrOk) |
1060 | 694 | return (err); |
1061 | 1.91k | if ((m > FLT_MAX) || (m < -FLT_MAX)) |
1062 | 590 | return (TIFFReadDirEntryErrRange); |
1063 | 1.32k | *value = (float)m; |
1064 | 1.32k | return (TIFFReadDirEntryErrOk); |
1065 | 1.91k | } |
1066 | 4.27k | default: |
1067 | 4.27k | return (TIFFReadDirEntryErrType); |
1068 | 63.2k | } |
1069 | 63.2k | } |
1070 | | |
1071 | | static enum TIFFReadDirEntryErr |
1072 | | TIFFReadDirEntryDouble(TIFF *tif, TIFFDirEntry *direntry, double *value) |
1073 | 6.29k | { |
1074 | 6.29k | enum TIFFReadDirEntryErr err; |
1075 | 6.29k | if (direntry->tdir_count != 1) |
1076 | 1.04k | return (TIFFReadDirEntryErrCount); |
1077 | 5.24k | switch (direntry->tdir_type) |
1078 | 5.24k | { |
1079 | 365 | case TIFF_BYTE: |
1080 | 365 | { |
1081 | 365 | uint8_t m; |
1082 | 365 | TIFFReadDirEntryCheckedByte(tif, direntry, &m); |
1083 | 365 | *value = (double)m; |
1084 | 365 | return (TIFFReadDirEntryErrOk); |
1085 | 0 | } |
1086 | 79 | case TIFF_SBYTE: |
1087 | 79 | { |
1088 | 79 | int8_t m; |
1089 | 79 | TIFFReadDirEntryCheckedSbyte(tif, direntry, &m); |
1090 | 79 | *value = (double)m; |
1091 | 79 | return (TIFFReadDirEntryErrOk); |
1092 | 0 | } |
1093 | 382 | case TIFF_SHORT: |
1094 | 382 | { |
1095 | 382 | uint16_t m; |
1096 | 382 | TIFFReadDirEntryCheckedShort(tif, direntry, &m); |
1097 | 382 | *value = (double)m; |
1098 | 382 | return (TIFFReadDirEntryErrOk); |
1099 | 0 | } |
1100 | 483 | case TIFF_SSHORT: |
1101 | 483 | { |
1102 | 483 | int16_t m; |
1103 | 483 | TIFFReadDirEntryCheckedSshort(tif, direntry, &m); |
1104 | 483 | *value = (double)m; |
1105 | 483 | return (TIFFReadDirEntryErrOk); |
1106 | 0 | } |
1107 | 67 | case TIFF_LONG: |
1108 | 67 | { |
1109 | 67 | uint32_t m; |
1110 | 67 | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
1111 | 67 | *value = (double)m; |
1112 | 67 | return (TIFFReadDirEntryErrOk); |
1113 | 0 | } |
1114 | 81 | case TIFF_SLONG: |
1115 | 81 | { |
1116 | 81 | int32_t m; |
1117 | 81 | TIFFReadDirEntryCheckedSlong(tif, direntry, &m); |
1118 | 81 | *value = (double)m; |
1119 | 81 | return (TIFFReadDirEntryErrOk); |
1120 | 0 | } |
1121 | 838 | case TIFF_LONG8: |
1122 | 838 | { |
1123 | 838 | uint64_t m; |
1124 | 838 | err = TIFFReadDirEntryCheckedLong8(tif, direntry, &m); |
1125 | 838 | if (err != TIFFReadDirEntryErrOk) |
1126 | 384 | return (err); |
1127 | 454 | *value = (double)m; |
1128 | 454 | return (TIFFReadDirEntryErrOk); |
1129 | 838 | } |
1130 | 1.24k | case TIFF_SLONG8: |
1131 | 1.24k | { |
1132 | 1.24k | int64_t m; |
1133 | 1.24k | err = TIFFReadDirEntryCheckedSlong8(tif, direntry, &m); |
1134 | 1.24k | if (err != TIFFReadDirEntryErrOk) |
1135 | 947 | return (err); |
1136 | 299 | *value = (double)m; |
1137 | 299 | return (TIFFReadDirEntryErrOk); |
1138 | 1.24k | } |
1139 | 414 | case TIFF_RATIONAL: |
1140 | 414 | err = TIFFReadDirEntryCheckedRational(tif, direntry, value); |
1141 | 414 | return (err); |
1142 | 130 | case TIFF_SRATIONAL: |
1143 | 130 | err = TIFFReadDirEntryCheckedSrational(tif, direntry, value); |
1144 | 130 | return (err); |
1145 | 320 | case TIFF_FLOAT: |
1146 | 320 | { |
1147 | 320 | float m; |
1148 | 320 | TIFFReadDirEntryCheckedFloat(tif, direntry, &m); |
1149 | 320 | *value = (double)m; |
1150 | 320 | return (TIFFReadDirEntryErrOk); |
1151 | 1.24k | } |
1152 | 326 | case TIFF_DOUBLE: |
1153 | 326 | err = TIFFReadDirEntryCheckedDouble(tif, direntry, value); |
1154 | 326 | return (err); |
1155 | 518 | default: |
1156 | 518 | return (TIFFReadDirEntryErrType); |
1157 | 5.24k | } |
1158 | 5.24k | } |
1159 | | |
1160 | | static enum TIFFReadDirEntryErr |
1161 | | TIFFReadDirEntryIfd8(TIFF *tif, TIFFDirEntry *direntry, uint64_t *value) |
1162 | 9.87k | { |
1163 | 9.87k | enum TIFFReadDirEntryErr err; |
1164 | 9.87k | if (direntry->tdir_count != 1) |
1165 | 5.58k | return (TIFFReadDirEntryErrCount); |
1166 | 4.29k | switch (direntry->tdir_type) |
1167 | 4.29k | { |
1168 | 970 | case TIFF_LONG: |
1169 | 1.53k | case TIFF_IFD: |
1170 | 1.53k | { |
1171 | 1.53k | uint32_t m; |
1172 | 1.53k | TIFFReadDirEntryCheckedLong(tif, direntry, &m); |
1173 | 1.53k | *value = (uint64_t)m; |
1174 | 1.53k | return (TIFFReadDirEntryErrOk); |
1175 | 970 | } |
1176 | 660 | case TIFF_LONG8: |
1177 | 994 | case TIFF_IFD8: |
1178 | 994 | err = TIFFReadDirEntryCheckedLong8(tif, direntry, value); |
1179 | 994 | return (err); |
1180 | 1.76k | default: |
1181 | 1.76k | return (TIFFReadDirEntryErrType); |
1182 | 4.29k | } |
1183 | 4.29k | } |
1184 | | |
1185 | 1.79M | #define INITIAL_THRESHOLD (1024 * 1024) |
1186 | 929k | #define THRESHOLD_MULTIPLIER 10 |
1187 | | #define MAX_THRESHOLD \ |
1188 | 232k | (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * \ |
1189 | 232k | INITIAL_THRESHOLD) |
1190 | | |
1191 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryDataAndRealloc(TIFF *tif, |
1192 | | uint64_t offset, |
1193 | | tmsize_t size, |
1194 | | void **pdest) |
1195 | 1.56M | { |
1196 | 1.56M | #if SIZEOF_SIZE_T == 8 |
1197 | 1.56M | tmsize_t threshold = INITIAL_THRESHOLD; |
1198 | 1.56M | #endif |
1199 | 1.56M | tmsize_t already_read = 0; |
1200 | | |
1201 | 1.56M | assert(!isMapped(tif)); |
1202 | | |
1203 | 1.56M | if (!SeekOK(tif, offset)) |
1204 | 93 | return (TIFFReadDirEntryErrIo); |
1205 | | |
1206 | | /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */ |
1207 | | /* so as to avoid allocating too much memory in case the file is too */ |
1208 | | /* short. We could ask for the file size, but this might be */ |
1209 | | /* expensive with some I/O layers (think of reading a gzipped file) */ |
1210 | | /* Restrict to 64 bit processes, so as to avoid reallocs() */ |
1211 | | /* on 32 bit processes where virtual memory is scarce. */ |
1212 | 2.59M | while (already_read < size) |
1213 | 1.56M | { |
1214 | 1.56M | void *new_dest; |
1215 | 1.56M | tmsize_t bytes_read; |
1216 | 1.56M | tmsize_t to_read = size - already_read; |
1217 | 1.56M | #if SIZEOF_SIZE_T == 8 |
1218 | 1.56M | if (to_read >= threshold && threshold < MAX_THRESHOLD) |
1219 | 232k | { |
1220 | 232k | to_read = threshold; |
1221 | 232k | threshold *= THRESHOLD_MULTIPLIER; |
1222 | 232k | } |
1223 | 1.56M | #endif |
1224 | | |
1225 | 1.56M | new_dest = |
1226 | 1.56M | (uint8_t *)_TIFFreallocExt(tif, *pdest, already_read + to_read); |
1227 | 1.56M | if (new_dest == NULL) |
1228 | 0 | { |
1229 | 0 | TIFFErrorExtR(tif, tif->tif_name, |
1230 | 0 | "Failed to allocate memory for %s " |
1231 | 0 | "(%" TIFF_SSIZE_FORMAT |
1232 | 0 | " elements of %" TIFF_SSIZE_FORMAT " bytes each)", |
1233 | 0 | "TIFFReadDirEntryArray", (tmsize_t)1, |
1234 | 0 | already_read + to_read); |
1235 | 0 | return TIFFReadDirEntryErrAlloc; |
1236 | 0 | } |
1237 | 1.56M | *pdest = new_dest; |
1238 | | |
1239 | 1.56M | bytes_read = TIFFReadFile(tif, (char *)*pdest + already_read, to_read); |
1240 | 1.56M | already_read += bytes_read; |
1241 | 1.56M | if (bytes_read != to_read) |
1242 | 527k | { |
1243 | 527k | return TIFFReadDirEntryErrIo; |
1244 | 527k | } |
1245 | 1.56M | } |
1246 | 1.03M | return TIFFReadDirEntryErrOk; |
1247 | 1.56M | } |
1248 | | |
1249 | | /* Caution: if raising that value, make sure int32 / uint32 overflows can't |
1250 | | * occur elsewhere */ |
1251 | 9.15M | #define MAX_SIZE_TAG_DATA 2147483647U |
1252 | | |
1253 | | static enum TIFFReadDirEntryErr |
1254 | | TIFFReadDirEntryArrayWithLimit(TIFF *tif, TIFFDirEntry *direntry, |
1255 | | uint32_t *count, uint32_t desttypesize, |
1256 | | void **value, uint64_t maxcount) |
1257 | 4.88M | { |
1258 | 4.88M | int typesize; |
1259 | 4.88M | uint32_t datasize; |
1260 | 4.88M | void *data; |
1261 | 4.88M | uint64_t target_count64; |
1262 | 4.88M | int original_datasize_clamped; |
1263 | 4.88M | typesize = TIFFDataWidth(direntry->tdir_type); |
1264 | | |
1265 | 4.88M | target_count64 = |
1266 | 4.88M | (direntry->tdir_count > maxcount) ? maxcount : direntry->tdir_count; |
1267 | | |
1268 | 4.88M | if ((target_count64 == 0) || (typesize == 0)) |
1269 | 152k | { |
1270 | 152k | *value = 0; |
1271 | 152k | return (TIFFReadDirEntryErrOk); |
1272 | 152k | } |
1273 | 4.73M | (void)desttypesize; |
1274 | | |
1275 | | /* We just want to know if the original tag size is more than 4 bytes |
1276 | | * (classic TIFF) or 8 bytes (BigTIFF) |
1277 | | */ |
1278 | 4.73M | original_datasize_clamped = |
1279 | 4.73M | ((direntry->tdir_count > 10) ? 10 : (int)direntry->tdir_count) * |
1280 | 4.73M | typesize; |
1281 | | |
1282 | | /* |
1283 | | * As a sanity check, make sure we have no more than a 2GB tag array |
1284 | | * in either the current data type or the dest data type. This also |
1285 | | * avoids problems with overflow of tmsize_t on 32bit systems. |
1286 | | */ |
1287 | 4.73M | if ((uint64_t)(MAX_SIZE_TAG_DATA / typesize) < target_count64) |
1288 | 323k | return (TIFFReadDirEntryErrSizesan); |
1289 | 4.41M | if ((uint64_t)(MAX_SIZE_TAG_DATA / desttypesize) < target_count64) |
1290 | 2.42k | return (TIFFReadDirEntryErrSizesan); |
1291 | | |
1292 | 4.41M | *count = (uint32_t)target_count64; |
1293 | 4.41M | datasize = (*count) * typesize; |
1294 | 4.41M | assert((tmsize_t)datasize > 0); |
1295 | | |
1296 | 4.41M | if (datasize > 100 * 1024 * 1024) |
1297 | 336k | { |
1298 | | /* Before allocating a huge amount of memory for corrupted files, check |
1299 | | * if size of requested memory is not greater than file size. |
1300 | | */ |
1301 | 336k | const uint64_t filesize = TIFFGetFileSize(tif); |
1302 | 336k | if (datasize > filesize) |
1303 | 336k | { |
1304 | 336k | TIFFWarningExtR(tif, "ReadDirEntryArray", |
1305 | 336k | "Requested memory size for tag %d (0x%x) %" PRIu32 |
1306 | 336k | " is greater than filesize %" PRIu64 |
1307 | 336k | ". Memory not allocated, tag not read", |
1308 | 336k | direntry->tdir_tag, direntry->tdir_tag, datasize, |
1309 | 336k | filesize); |
1310 | 336k | return (TIFFReadDirEntryErrAlloc); |
1311 | 336k | } |
1312 | 336k | } |
1313 | | |
1314 | 4.07M | if (isMapped(tif) && datasize > (uint64_t)tif->tif_size) |
1315 | 213k | return TIFFReadDirEntryErrIo; |
1316 | | |
1317 | 3.86M | if (!isMapped(tif) && (((tif->tif_flags & TIFF_BIGTIFF) && datasize > 8) || |
1318 | 3.33M | (!(tif->tif_flags & TIFF_BIGTIFF) && datasize > 4))) |
1319 | 1.47M | { |
1320 | 1.47M | data = NULL; |
1321 | 1.47M | } |
1322 | 2.38M | else |
1323 | 2.38M | { |
1324 | 2.38M | data = _TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray"); |
1325 | 2.38M | if (data == 0) |
1326 | 0 | return (TIFFReadDirEntryErrAlloc); |
1327 | 2.38M | } |
1328 | 3.86M | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
1329 | 3.85M | { |
1330 | | /* Only the condition on original_datasize_clamped. The second |
1331 | | * one is implied, but Coverity Scan cannot see it. */ |
1332 | 3.85M | if (original_datasize_clamped <= 4 && datasize <= 4) |
1333 | 1.99M | _TIFFmemcpy(data, &direntry->tdir_offset, datasize); |
1334 | 1.85M | else |
1335 | 1.85M | { |
1336 | 1.85M | enum TIFFReadDirEntryErr err; |
1337 | 1.85M | uint32_t offset = direntry->tdir_offset.toff_long; |
1338 | 1.85M | if (tif->tif_flags & TIFF_SWAB) |
1339 | 11.0k | TIFFSwabLong(&offset); |
1340 | 1.85M | if (isMapped(tif)) |
1341 | 296k | err = TIFFReadDirEntryData(tif, (uint64_t)offset, |
1342 | 296k | (tmsize_t)datasize, data); |
1343 | 1.56M | else |
1344 | 1.56M | err = TIFFReadDirEntryDataAndRealloc(tif, (uint64_t)offset, |
1345 | 1.56M | (tmsize_t)datasize, &data); |
1346 | 1.85M | if (err != TIFFReadDirEntryErrOk) |
1347 | 580k | { |
1348 | 580k | _TIFFfreeExt(tif, data); |
1349 | 580k | return (err); |
1350 | 580k | } |
1351 | 1.85M | } |
1352 | 3.85M | } |
1353 | 4.04k | else |
1354 | 4.04k | { |
1355 | | /* See above comment for the Classic TIFF case */ |
1356 | 4.04k | if (original_datasize_clamped <= 8 && datasize <= 8) |
1357 | 1.93k | _TIFFmemcpy(data, &direntry->tdir_offset, datasize); |
1358 | 2.11k | else |
1359 | 2.11k | { |
1360 | 2.11k | enum TIFFReadDirEntryErr err; |
1361 | 2.11k | uint64_t offset = direntry->tdir_offset.toff_long8; |
1362 | 2.11k | if (tif->tif_flags & TIFF_SWAB) |
1363 | 853 | TIFFSwabLong8(&offset); |
1364 | 2.11k | if (isMapped(tif)) |
1365 | 846 | err = TIFFReadDirEntryData(tif, (uint64_t)offset, |
1366 | 846 | (tmsize_t)datasize, data); |
1367 | 1.27k | else |
1368 | 1.27k | err = TIFFReadDirEntryDataAndRealloc(tif, (uint64_t)offset, |
1369 | 1.27k | (tmsize_t)datasize, &data); |
1370 | 2.11k | if (err != TIFFReadDirEntryErrOk) |
1371 | 566 | { |
1372 | 566 | _TIFFfreeExt(tif, data); |
1373 | 566 | return (err); |
1374 | 566 | } |
1375 | 2.11k | } |
1376 | 4.04k | } |
1377 | 3.27M | *value = data; |
1378 | 3.27M | return (TIFFReadDirEntryErrOk); |
1379 | 3.86M | } |
1380 | | |
1381 | | static enum TIFFReadDirEntryErr |
1382 | | TIFFReadDirEntryArray(TIFF *tif, TIFFDirEntry *direntry, uint32_t *count, |
1383 | | uint32_t desttypesize, void **value) |
1384 | 3.19M | { |
1385 | 3.19M | return TIFFReadDirEntryArrayWithLimit(tif, direntry, count, desttypesize, |
1386 | 3.19M | value, ~((uint64_t)0)); |
1387 | 3.19M | } |
1388 | | |
1389 | | static enum TIFFReadDirEntryErr |
1390 | | TIFFReadDirEntryByteArray(TIFF *tif, TIFFDirEntry *direntry, uint8_t **value) |
1391 | 1.23M | { |
1392 | 1.23M | enum TIFFReadDirEntryErr err; |
1393 | 1.23M | uint32_t count; |
1394 | 1.23M | void *origdata; |
1395 | 1.23M | uint8_t *data; |
1396 | 1.23M | switch (direntry->tdir_type) |
1397 | 1.23M | { |
1398 | 317k | case TIFF_ASCII: |
1399 | 564k | case TIFF_UNDEFINED: |
1400 | 1.09M | case TIFF_BYTE: |
1401 | 1.10M | case TIFF_SBYTE: |
1402 | 1.13M | case TIFF_SHORT: |
1403 | 1.14M | case TIFF_SSHORT: |
1404 | 1.15M | case TIFF_LONG: |
1405 | 1.15M | case TIFF_SLONG: |
1406 | 1.16M | case TIFF_LONG8: |
1407 | 1.16M | case TIFF_SLONG8: |
1408 | 1.16M | break; |
1409 | 68.1k | default: |
1410 | 68.1k | return (TIFFReadDirEntryErrType); |
1411 | 1.23M | } |
1412 | 1.16M | err = TIFFReadDirEntryArray(tif, direntry, &count, 1, &origdata); |
1413 | 1.16M | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
1414 | 662k | { |
1415 | 662k | *value = 0; |
1416 | 662k | return (err); |
1417 | 662k | } |
1418 | 503k | switch (direntry->tdir_type) |
1419 | 503k | { |
1420 | 205k | case TIFF_ASCII: |
1421 | 418k | case TIFF_UNDEFINED: |
1422 | 455k | case TIFF_BYTE: |
1423 | 455k | *value = (uint8_t *)origdata; |
1424 | 455k | return (TIFFReadDirEntryErrOk); |
1425 | 2.14k | case TIFF_SBYTE: |
1426 | 2.14k | { |
1427 | 2.14k | int8_t *m; |
1428 | 2.14k | uint32_t n; |
1429 | 2.14k | m = (int8_t *)origdata; |
1430 | 15.1k | for (n = 0; n < count; n++) |
1431 | 14.2k | { |
1432 | 14.2k | err = TIFFReadDirEntryCheckRangeByteSbyte(*m); |
1433 | 14.2k | if (err != TIFFReadDirEntryErrOk) |
1434 | 1.24k | { |
1435 | 1.24k | _TIFFfreeExt(tif, origdata); |
1436 | 1.24k | return (err); |
1437 | 1.24k | } |
1438 | 12.9k | m++; |
1439 | 12.9k | } |
1440 | 893 | *value = (uint8_t *)origdata; |
1441 | 893 | return (TIFFReadDirEntryErrOk); |
1442 | 2.14k | } |
1443 | 503k | } |
1444 | 45.2k | data = (uint8_t *)_TIFFmallocExt(tif, count); |
1445 | 45.2k | if (data == 0) |
1446 | 0 | { |
1447 | 0 | _TIFFfreeExt(tif, origdata); |
1448 | 0 | return (TIFFReadDirEntryErrAlloc); |
1449 | 0 | } |
1450 | 45.2k | switch (direntry->tdir_type) |
1451 | 45.2k | { |
1452 | 21.3k | case TIFF_SHORT: |
1453 | 21.3k | { |
1454 | 21.3k | uint16_t *ma; |
1455 | 21.3k | uint8_t *mb; |
1456 | 21.3k | uint32_t n; |
1457 | 21.3k | ma = (uint16_t *)origdata; |
1458 | 21.3k | mb = data; |
1459 | 78.9k | for (n = 0; n < count; n++) |
1460 | 69.2k | { |
1461 | 69.2k | if (tif->tif_flags & TIFF_SWAB) |
1462 | 572 | TIFFSwabShort(ma); |
1463 | 69.2k | err = TIFFReadDirEntryCheckRangeByteShort(*ma); |
1464 | 69.2k | if (err != TIFFReadDirEntryErrOk) |
1465 | 11.7k | break; |
1466 | 57.5k | *mb++ = (uint8_t)(*ma++); |
1467 | 57.5k | } |
1468 | 21.3k | } |
1469 | 21.3k | break; |
1470 | 4.00k | case TIFF_SSHORT: |
1471 | 4.00k | { |
1472 | 4.00k | int16_t *ma; |
1473 | 4.00k | uint8_t *mb; |
1474 | 4.00k | uint32_t n; |
1475 | 4.00k | ma = (int16_t *)origdata; |
1476 | 4.00k | mb = data; |
1477 | 18.4k | for (n = 0; n < count; n++) |
1478 | 16.1k | { |
1479 | 16.1k | if (tif->tif_flags & TIFF_SWAB) |
1480 | 223 | TIFFSwabShort((uint16_t *)ma); |
1481 | 16.1k | err = TIFFReadDirEntryCheckRangeByteSshort(*ma); |
1482 | 16.1k | if (err != TIFFReadDirEntryErrOk) |
1483 | 1.68k | break; |
1484 | 14.4k | *mb++ = (uint8_t)(*ma++); |
1485 | 14.4k | } |
1486 | 4.00k | } |
1487 | 4.00k | break; |
1488 | 10.8k | case TIFF_LONG: |
1489 | 10.8k | { |
1490 | 10.8k | uint32_t *ma; |
1491 | 10.8k | uint8_t *mb; |
1492 | 10.8k | uint32_t n; |
1493 | 10.8k | ma = (uint32_t *)origdata; |
1494 | 10.8k | mb = data; |
1495 | 28.7k | for (n = 0; n < count; n++) |
1496 | 25.4k | { |
1497 | 25.4k | if (tif->tif_flags & TIFF_SWAB) |
1498 | 547 | TIFFSwabLong(ma); |
1499 | 25.4k | err = TIFFReadDirEntryCheckRangeByteLong(*ma); |
1500 | 25.4k | if (err != TIFFReadDirEntryErrOk) |
1501 | 7.52k | break; |
1502 | 17.9k | *mb++ = (uint8_t)(*ma++); |
1503 | 17.9k | } |
1504 | 10.8k | } |
1505 | 10.8k | break; |
1506 | 2.82k | case TIFF_SLONG: |
1507 | 2.82k | { |
1508 | 2.82k | int32_t *ma; |
1509 | 2.82k | uint8_t *mb; |
1510 | 2.82k | uint32_t n; |
1511 | 2.82k | ma = (int32_t *)origdata; |
1512 | 2.82k | mb = data; |
1513 | 9.79k | for (n = 0; n < count; n++) |
1514 | 9.32k | { |
1515 | 9.32k | if (tif->tif_flags & TIFF_SWAB) |
1516 | 289 | TIFFSwabLong((uint32_t *)ma); |
1517 | 9.32k | err = TIFFReadDirEntryCheckRangeByteSlong(*ma); |
1518 | 9.32k | if (err != TIFFReadDirEntryErrOk) |
1519 | 2.35k | break; |
1520 | 6.97k | *mb++ = (uint8_t)(*ma++); |
1521 | 6.97k | } |
1522 | 2.82k | } |
1523 | 2.82k | break; |
1524 | 2.78k | case TIFF_LONG8: |
1525 | 2.78k | { |
1526 | 2.78k | uint64_t *ma; |
1527 | 2.78k | uint8_t *mb; |
1528 | 2.78k | uint32_t n; |
1529 | 2.78k | ma = (uint64_t *)origdata; |
1530 | 2.78k | mb = data; |
1531 | 6.45k | for (n = 0; n < count; n++) |
1532 | 5.84k | { |
1533 | 5.84k | if (tif->tif_flags & TIFF_SWAB) |
1534 | 371 | TIFFSwabLong8(ma); |
1535 | 5.84k | err = TIFFReadDirEntryCheckRangeByteLong8(*ma); |
1536 | 5.84k | if (err != TIFFReadDirEntryErrOk) |
1537 | 2.17k | break; |
1538 | 3.67k | *mb++ = (uint8_t)(*ma++); |
1539 | 3.67k | } |
1540 | 2.78k | } |
1541 | 2.78k | break; |
1542 | 3.49k | case TIFF_SLONG8: |
1543 | 3.49k | { |
1544 | 3.49k | int64_t *ma; |
1545 | 3.49k | uint8_t *mb; |
1546 | 3.49k | uint32_t n; |
1547 | 3.49k | ma = (int64_t *)origdata; |
1548 | 3.49k | mb = data; |
1549 | 8.19k | for (n = 0; n < count; n++) |
1550 | 7.82k | { |
1551 | 7.82k | if (tif->tif_flags & TIFF_SWAB) |
1552 | 511 | TIFFSwabLong8((uint64_t *)ma); |
1553 | 7.82k | err = TIFFReadDirEntryCheckRangeByteSlong8(*ma); |
1554 | 7.82k | if (err != TIFFReadDirEntryErrOk) |
1555 | 3.12k | break; |
1556 | 4.69k | *mb++ = (uint8_t)(*ma++); |
1557 | 4.69k | } |
1558 | 3.49k | } |
1559 | 3.49k | break; |
1560 | 45.2k | } |
1561 | 45.2k | _TIFFfreeExt(tif, origdata); |
1562 | 45.2k | if (err != TIFFReadDirEntryErrOk) |
1563 | 28.5k | { |
1564 | 28.5k | _TIFFfreeExt(tif, data); |
1565 | 28.5k | return (err); |
1566 | 28.5k | } |
1567 | 16.6k | *value = data; |
1568 | 16.6k | return (TIFFReadDirEntryErrOk); |
1569 | 45.2k | } |
1570 | | |
1571 | | static enum TIFFReadDirEntryErr |
1572 | | TIFFReadDirEntrySbyteArray(TIFF *tif, TIFFDirEntry *direntry, int8_t **value) |
1573 | 69.9k | { |
1574 | 69.9k | enum TIFFReadDirEntryErr err; |
1575 | 69.9k | uint32_t count; |
1576 | 69.9k | void *origdata; |
1577 | 69.9k | int8_t *data; |
1578 | 69.9k | switch (direntry->tdir_type) |
1579 | 69.9k | { |
1580 | 0 | case TIFF_UNDEFINED: |
1581 | 0 | case TIFF_BYTE: |
1582 | 69.9k | case TIFF_SBYTE: |
1583 | 69.9k | case TIFF_SHORT: |
1584 | 69.9k | case TIFF_SSHORT: |
1585 | 69.9k | case TIFF_LONG: |
1586 | 69.9k | case TIFF_SLONG: |
1587 | 69.9k | case TIFF_LONG8: |
1588 | 69.9k | case TIFF_SLONG8: |
1589 | 69.9k | break; |
1590 | 0 | default: |
1591 | 0 | return (TIFFReadDirEntryErrType); |
1592 | 69.9k | } |
1593 | 69.9k | err = TIFFReadDirEntryArray(tif, direntry, &count, 1, &origdata); |
1594 | 69.9k | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
1595 | 46.3k | { |
1596 | 46.3k | *value = 0; |
1597 | 46.3k | return (err); |
1598 | 46.3k | } |
1599 | 23.5k | switch (direntry->tdir_type) |
1600 | 23.5k | { |
1601 | 0 | case TIFF_UNDEFINED: |
1602 | 0 | case TIFF_BYTE: |
1603 | 0 | { |
1604 | 0 | uint8_t *m; |
1605 | 0 | uint32_t n; |
1606 | 0 | m = (uint8_t *)origdata; |
1607 | 0 | for (n = 0; n < count; n++) |
1608 | 0 | { |
1609 | 0 | err = TIFFReadDirEntryCheckRangeSbyteByte(*m); |
1610 | 0 | if (err != TIFFReadDirEntryErrOk) |
1611 | 0 | { |
1612 | 0 | _TIFFfreeExt(tif, origdata); |
1613 | 0 | return (err); |
1614 | 0 | } |
1615 | 0 | m++; |
1616 | 0 | } |
1617 | 0 | *value = (int8_t *)origdata; |
1618 | 0 | return (TIFFReadDirEntryErrOk); |
1619 | 0 | } |
1620 | 23.5k | case TIFF_SBYTE: |
1621 | 23.5k | *value = (int8_t *)origdata; |
1622 | 23.5k | return (TIFFReadDirEntryErrOk); |
1623 | 23.5k | } |
1624 | 0 | data = (int8_t *)_TIFFmallocExt(tif, count); |
1625 | 0 | if (data == 0) |
1626 | 0 | { |
1627 | 0 | _TIFFfreeExt(tif, origdata); |
1628 | 0 | return (TIFFReadDirEntryErrAlloc); |
1629 | 0 | } |
1630 | 0 | switch (direntry->tdir_type) |
1631 | 0 | { |
1632 | 0 | case TIFF_SHORT: |
1633 | 0 | { |
1634 | 0 | uint16_t *ma; |
1635 | 0 | int8_t *mb; |
1636 | 0 | uint32_t n; |
1637 | 0 | ma = (uint16_t *)origdata; |
1638 | 0 | mb = data; |
1639 | 0 | for (n = 0; n < count; n++) |
1640 | 0 | { |
1641 | 0 | if (tif->tif_flags & TIFF_SWAB) |
1642 | 0 | TIFFSwabShort(ma); |
1643 | 0 | err = TIFFReadDirEntryCheckRangeSbyteShort(*ma); |
1644 | 0 | if (err != TIFFReadDirEntryErrOk) |
1645 | 0 | break; |
1646 | 0 | *mb++ = (int8_t)(*ma++); |
1647 | 0 | } |
1648 | 0 | } |
1649 | 0 | break; |
1650 | 0 | case TIFF_SSHORT: |
1651 | 0 | { |
1652 | 0 | int16_t *ma; |
1653 | 0 | int8_t *mb; |
1654 | 0 | uint32_t n; |
1655 | 0 | ma = (int16_t *)origdata; |
1656 | 0 | mb = data; |
1657 | 0 | for (n = 0; n < count; n++) |
1658 | 0 | { |
1659 | 0 | if (tif->tif_flags & TIFF_SWAB) |
1660 | 0 | TIFFSwabShort((uint16_t *)ma); |
1661 | 0 | err = TIFFReadDirEntryCheckRangeSbyteSshort(*ma); |
1662 | 0 | if (err != TIFFReadDirEntryErrOk) |
1663 | 0 | break; |
1664 | 0 | *mb++ = (int8_t)(*ma++); |
1665 | 0 | } |
1666 | 0 | } |
1667 | 0 | break; |
1668 | 0 | case TIFF_LONG: |
1669 | 0 | { |
1670 | 0 | uint32_t *ma; |
1671 | 0 | int8_t *mb; |
1672 | 0 | uint32_t n; |
1673 | 0 | ma = (uint32_t *)origdata; |
1674 | 0 | mb = data; |
1675 | 0 | for (n = 0; n < count; n++) |
1676 | 0 | { |
1677 | 0 | if (tif->tif_flags & TIFF_SWAB) |
1678 | 0 | TIFFSwabLong(ma); |
1679 | 0 | err = TIFFReadDirEntryCheckRangeSbyteLong(*ma); |
1680 | 0 | if (err != TIFFReadDirEntryErrOk) |
1681 | 0 | break; |
1682 | 0 | *mb++ = (int8_t)(*ma++); |
1683 | 0 | } |
1684 | 0 | } |
1685 | 0 | break; |
1686 | 0 | case TIFF_SLONG: |
1687 | 0 | { |
1688 | 0 | int32_t *ma; |
1689 | 0 | int8_t *mb; |
1690 | 0 | uint32_t n; |
1691 | 0 | ma = (int32_t *)origdata; |
1692 | 0 | mb = data; |
1693 | 0 | for (n = 0; n < count; n++) |
1694 | 0 | { |
1695 | 0 | if (tif->tif_flags & TIFF_SWAB) |
1696 | 0 | TIFFSwabLong((uint32_t *)ma); |
1697 | 0 | err = TIFFReadDirEntryCheckRangeSbyteSlong(*ma); |
1698 | 0 | if (err != TIFFReadDirEntryErrOk) |
1699 | 0 | break; |
1700 | 0 | *mb++ = (int8_t)(*ma++); |
1701 | 0 | } |
1702 | 0 | } |
1703 | 0 | break; |
1704 | 0 | case TIFF_LONG8: |
1705 | 0 | { |
1706 | 0 | uint64_t *ma; |
1707 | 0 | int8_t *mb; |
1708 | 0 | uint32_t n; |
1709 | 0 | ma = (uint64_t *)origdata; |
1710 | 0 | mb = data; |
1711 | 0 | for (n = 0; n < count; n++) |
1712 | 0 | { |
1713 | 0 | if (tif->tif_flags & TIFF_SWAB) |
1714 | 0 | TIFFSwabLong8(ma); |
1715 | 0 | err = TIFFReadDirEntryCheckRangeSbyteLong8(*ma); |
1716 | 0 | if (err != TIFFReadDirEntryErrOk) |
1717 | 0 | break; |
1718 | 0 | *mb++ = (int8_t)(*ma++); |
1719 | 0 | } |
1720 | 0 | } |
1721 | 0 | break; |
1722 | 0 | case TIFF_SLONG8: |
1723 | 0 | { |
1724 | 0 | int64_t *ma; |
1725 | 0 | int8_t *mb; |
1726 | 0 | uint32_t n; |
1727 | 0 | ma = (int64_t *)origdata; |
1728 | 0 | mb = data; |
1729 | 0 | for (n = 0; n < count; n++) |
1730 | 0 | { |
1731 | 0 | if (tif->tif_flags & TIFF_SWAB) |
1732 | 0 | TIFFSwabLong8((uint64_t *)ma); |
1733 | 0 | err = TIFFReadDirEntryCheckRangeSbyteSlong8(*ma); |
1734 | 0 | if (err != TIFFReadDirEntryErrOk) |
1735 | 0 | break; |
1736 | 0 | *mb++ = (int8_t)(*ma++); |
1737 | 0 | } |
1738 | 0 | } |
1739 | 0 | break; |
1740 | 0 | } |
1741 | 0 | _TIFFfreeExt(tif, origdata); |
1742 | 0 | if (err != TIFFReadDirEntryErrOk) |
1743 | 0 | { |
1744 | 0 | _TIFFfreeExt(tif, data); |
1745 | 0 | return (err); |
1746 | 0 | } |
1747 | 0 | *value = data; |
1748 | 0 | return (TIFFReadDirEntryErrOk); |
1749 | 0 | } |
1750 | | |
1751 | | static enum TIFFReadDirEntryErr |
1752 | | TIFFReadDirEntryShortArray(TIFF *tif, TIFFDirEntry *direntry, uint16_t **value) |
1753 | 1.04M | { |
1754 | 1.04M | enum TIFFReadDirEntryErr err; |
1755 | 1.04M | uint32_t count; |
1756 | 1.04M | void *origdata; |
1757 | 1.04M | uint16_t *data; |
1758 | 1.04M | switch (direntry->tdir_type) |
1759 | 1.04M | { |
1760 | 4.89k | case TIFF_BYTE: |
1761 | 6.66k | case TIFF_SBYTE: |
1762 | 1.02M | case TIFF_SHORT: |
1763 | 1.03M | case TIFF_SSHORT: |
1764 | 1.03M | case TIFF_LONG: |
1765 | 1.03M | case TIFF_SLONG: |
1766 | 1.03M | case TIFF_LONG8: |
1767 | 1.03M | case TIFF_SLONG8: |
1768 | 1.03M | break; |
1769 | 5.03k | default: |
1770 | 5.03k | return (TIFFReadDirEntryErrType); |
1771 | 1.04M | } |
1772 | 1.03M | err = TIFFReadDirEntryArray(tif, direntry, &count, 2, &origdata); |
1773 | 1.03M | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
1774 | 314k | { |
1775 | 314k | *value = 0; |
1776 | 314k | return (err); |
1777 | 314k | } |
1778 | 725k | switch (direntry->tdir_type) |
1779 | 725k | { |
1780 | 709k | case TIFF_SHORT: |
1781 | 709k | *value = (uint16_t *)origdata; |
1782 | 709k | if (tif->tif_flags & TIFF_SWAB) |
1783 | 2.57k | TIFFSwabArrayOfShort(*value, count); |
1784 | 709k | return (TIFFReadDirEntryErrOk); |
1785 | 1.47k | case TIFF_SSHORT: |
1786 | 1.47k | { |
1787 | 1.47k | int16_t *m; |
1788 | 1.47k | uint32_t n; |
1789 | 1.47k | m = (int16_t *)origdata; |
1790 | 10.1k | for (n = 0; n < count; n++) |
1791 | 9.32k | { |
1792 | 9.32k | if (tif->tif_flags & TIFF_SWAB) |
1793 | 758 | TIFFSwabShort((uint16_t *)m); |
1794 | 9.32k | err = TIFFReadDirEntryCheckRangeShortSshort(*m); |
1795 | 9.32k | if (err != TIFFReadDirEntryErrOk) |
1796 | 666 | { |
1797 | 666 | _TIFFfreeExt(tif, origdata); |
1798 | 666 | return (err); |
1799 | 666 | } |
1800 | 8.65k | m++; |
1801 | 8.65k | } |
1802 | 807 | *value = (uint16_t *)origdata; |
1803 | 807 | return (TIFFReadDirEntryErrOk); |
1804 | 1.47k | } |
1805 | 725k | } |
1806 | 14.0k | data = (uint16_t *)_TIFFmallocExt(tif, count * 2); |
1807 | 14.0k | if (data == 0) |
1808 | 0 | { |
1809 | 0 | _TIFFfreeExt(tif, origdata); |
1810 | 0 | return (TIFFReadDirEntryErrAlloc); |
1811 | 0 | } |
1812 | 14.0k | switch (direntry->tdir_type) |
1813 | 14.0k | { |
1814 | 4.42k | case TIFF_BYTE: |
1815 | 4.42k | { |
1816 | 4.42k | uint8_t *ma; |
1817 | 4.42k | uint16_t *mb; |
1818 | 4.42k | uint32_t n; |
1819 | 4.42k | ma = (uint8_t *)origdata; |
1820 | 4.42k | mb = data; |
1821 | 639k | for (n = 0; n < count; n++) |
1822 | 635k | *mb++ = (uint16_t)(*ma++); |
1823 | 4.42k | } |
1824 | 4.42k | break; |
1825 | 1.73k | case TIFF_SBYTE: |
1826 | 1.73k | { |
1827 | 1.73k | int8_t *ma; |
1828 | 1.73k | uint16_t *mb; |
1829 | 1.73k | uint32_t n; |
1830 | 1.73k | ma = (int8_t *)origdata; |
1831 | 1.73k | mb = data; |
1832 | 18.4k | for (n = 0; n < count; n++) |
1833 | 16.9k | { |
1834 | 16.9k | err = TIFFReadDirEntryCheckRangeShortSbyte(*ma); |
1835 | 16.9k | if (err != TIFFReadDirEntryErrOk) |
1836 | 262 | break; |
1837 | 16.7k | *mb++ = (uint16_t)(*ma++); |
1838 | 16.7k | } |
1839 | 1.73k | } |
1840 | 1.73k | break; |
1841 | 1.90k | case TIFF_LONG: |
1842 | 1.90k | { |
1843 | 1.90k | uint32_t *ma; |
1844 | 1.90k | uint16_t *mb; |
1845 | 1.90k | uint32_t n; |
1846 | 1.90k | ma = (uint32_t *)origdata; |
1847 | 1.90k | mb = data; |
1848 | 5.29k | for (n = 0; n < count; n++) |
1849 | 3.85k | { |
1850 | 3.85k | if (tif->tif_flags & TIFF_SWAB) |
1851 | 264 | TIFFSwabLong(ma); |
1852 | 3.85k | err = TIFFReadDirEntryCheckRangeShortLong(*ma); |
1853 | 3.85k | if (err != TIFFReadDirEntryErrOk) |
1854 | 470 | break; |
1855 | 3.38k | *mb++ = (uint16_t)(*ma++); |
1856 | 3.38k | } |
1857 | 1.90k | } |
1858 | 1.90k | break; |
1859 | 3.21k | case TIFF_SLONG: |
1860 | 3.21k | { |
1861 | 3.21k | int32_t *ma; |
1862 | 3.21k | uint16_t *mb; |
1863 | 3.21k | uint32_t n; |
1864 | 3.21k | ma = (int32_t *)origdata; |
1865 | 3.21k | mb = data; |
1866 | 8.48k | for (n = 0; n < count; n++) |
1867 | 7.14k | { |
1868 | 7.14k | if (tif->tif_flags & TIFF_SWAB) |
1869 | 481 | TIFFSwabLong((uint32_t *)ma); |
1870 | 7.14k | err = TIFFReadDirEntryCheckRangeShortSlong(*ma); |
1871 | 7.14k | if (err != TIFFReadDirEntryErrOk) |
1872 | 1.87k | break; |
1873 | 5.27k | *mb++ = (uint16_t)(*ma++); |
1874 | 5.27k | } |
1875 | 3.21k | } |
1876 | 3.21k | break; |
1877 | 1.00k | case TIFF_LONG8: |
1878 | 1.00k | { |
1879 | 1.00k | uint64_t *ma; |
1880 | 1.00k | uint16_t *mb; |
1881 | 1.00k | uint32_t n; |
1882 | 1.00k | ma = (uint64_t *)origdata; |
1883 | 1.00k | mb = data; |
1884 | 1.91k | for (n = 0; n < count; n++) |
1885 | 1.82k | { |
1886 | 1.82k | if (tif->tif_flags & TIFF_SWAB) |
1887 | 541 | TIFFSwabLong8(ma); |
1888 | 1.82k | err = TIFFReadDirEntryCheckRangeShortLong8(*ma); |
1889 | 1.82k | if (err != TIFFReadDirEntryErrOk) |
1890 | 905 | break; |
1891 | 916 | *mb++ = (uint16_t)(*ma++); |
1892 | 916 | } |
1893 | 1.00k | } |
1894 | 1.00k | break; |
1895 | 1.73k | case TIFF_SLONG8: |
1896 | 1.73k | { |
1897 | 1.73k | int64_t *ma; |
1898 | 1.73k | uint16_t *mb; |
1899 | 1.73k | uint32_t n; |
1900 | 1.73k | ma = (int64_t *)origdata; |
1901 | 1.73k | mb = data; |
1902 | 3.67k | for (n = 0; n < count; n++) |
1903 | 3.33k | { |
1904 | 3.33k | if (tif->tif_flags & TIFF_SWAB) |
1905 | 810 | TIFFSwabLong8((uint64_t *)ma); |
1906 | 3.33k | err = TIFFReadDirEntryCheckRangeShortSlong8(*ma); |
1907 | 3.33k | if (err != TIFFReadDirEntryErrOk) |
1908 | 1.39k | break; |
1909 | 1.93k | *mb++ = (uint16_t)(*ma++); |
1910 | 1.93k | } |
1911 | 1.73k | } |
1912 | 1.73k | break; |
1913 | 14.0k | } |
1914 | 14.0k | _TIFFfreeExt(tif, origdata); |
1915 | 14.0k | if (err != TIFFReadDirEntryErrOk) |
1916 | 4.90k | { |
1917 | 4.90k | _TIFFfreeExt(tif, data); |
1918 | 4.90k | return (err); |
1919 | 4.90k | } |
1920 | 9.10k | *value = data; |
1921 | 9.10k | return (TIFFReadDirEntryErrOk); |
1922 | 14.0k | } |
1923 | | |
1924 | | static enum TIFFReadDirEntryErr |
1925 | | TIFFReadDirEntrySshortArray(TIFF *tif, TIFFDirEntry *direntry, int16_t **value) |
1926 | 115k | { |
1927 | 115k | enum TIFFReadDirEntryErr err; |
1928 | 115k | uint32_t count; |
1929 | 115k | void *origdata; |
1930 | 115k | int16_t *data; |
1931 | 115k | switch (direntry->tdir_type) |
1932 | 115k | { |
1933 | 0 | case TIFF_BYTE: |
1934 | 0 | case TIFF_SBYTE: |
1935 | 0 | case TIFF_SHORT: |
1936 | 115k | case TIFF_SSHORT: |
1937 | 115k | case TIFF_LONG: |
1938 | 115k | case TIFF_SLONG: |
1939 | 115k | case TIFF_LONG8: |
1940 | 115k | case TIFF_SLONG8: |
1941 | 115k | break; |
1942 | 0 | default: |
1943 | 0 | return (TIFFReadDirEntryErrType); |
1944 | 115k | } |
1945 | 115k | err = TIFFReadDirEntryArray(tif, direntry, &count, 2, &origdata); |
1946 | 115k | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
1947 | 109k | { |
1948 | 109k | *value = 0; |
1949 | 109k | return (err); |
1950 | 109k | } |
1951 | 6.19k | switch (direntry->tdir_type) |
1952 | 6.19k | { |
1953 | 0 | case TIFF_SHORT: |
1954 | 0 | { |
1955 | 0 | uint16_t *m; |
1956 | 0 | uint32_t n; |
1957 | 0 | m = (uint16_t *)origdata; |
1958 | 0 | for (n = 0; n < count; n++) |
1959 | 0 | { |
1960 | 0 | if (tif->tif_flags & TIFF_SWAB) |
1961 | 0 | TIFFSwabShort(m); |
1962 | 0 | err = TIFFReadDirEntryCheckRangeSshortShort(*m); |
1963 | 0 | if (err != TIFFReadDirEntryErrOk) |
1964 | 0 | { |
1965 | 0 | _TIFFfreeExt(tif, origdata); |
1966 | 0 | return (err); |
1967 | 0 | } |
1968 | 0 | m++; |
1969 | 0 | } |
1970 | 0 | *value = (int16_t *)origdata; |
1971 | 0 | return (TIFFReadDirEntryErrOk); |
1972 | 0 | } |
1973 | 6.19k | case TIFF_SSHORT: |
1974 | 6.19k | *value = (int16_t *)origdata; |
1975 | 6.19k | if (tif->tif_flags & TIFF_SWAB) |
1976 | 112 | TIFFSwabArrayOfShort((uint16_t *)(*value), count); |
1977 | 6.19k | return (TIFFReadDirEntryErrOk); |
1978 | 6.19k | } |
1979 | 0 | data = (int16_t *)_TIFFmallocExt(tif, count * 2); |
1980 | 0 | if (data == 0) |
1981 | 0 | { |
1982 | 0 | _TIFFfreeExt(tif, origdata); |
1983 | 0 | return (TIFFReadDirEntryErrAlloc); |
1984 | 0 | } |
1985 | 0 | switch (direntry->tdir_type) |
1986 | 0 | { |
1987 | 0 | case TIFF_BYTE: |
1988 | 0 | { |
1989 | 0 | uint8_t *ma; |
1990 | 0 | int16_t *mb; |
1991 | 0 | uint32_t n; |
1992 | 0 | ma = (uint8_t *)origdata; |
1993 | 0 | mb = data; |
1994 | 0 | for (n = 0; n < count; n++) |
1995 | 0 | *mb++ = (int16_t)(*ma++); |
1996 | 0 | } |
1997 | 0 | break; |
1998 | 0 | case TIFF_SBYTE: |
1999 | 0 | { |
2000 | 0 | int8_t *ma; |
2001 | 0 | int16_t *mb; |
2002 | 0 | uint32_t n; |
2003 | 0 | ma = (int8_t *)origdata; |
2004 | 0 | mb = data; |
2005 | 0 | for (n = 0; n < count; n++) |
2006 | 0 | *mb++ = (int16_t)(*ma++); |
2007 | 0 | } |
2008 | 0 | break; |
2009 | 0 | case TIFF_LONG: |
2010 | 0 | { |
2011 | 0 | uint32_t *ma; |
2012 | 0 | int16_t *mb; |
2013 | 0 | uint32_t n; |
2014 | 0 | ma = (uint32_t *)origdata; |
2015 | 0 | mb = data; |
2016 | 0 | for (n = 0; n < count; n++) |
2017 | 0 | { |
2018 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2019 | 0 | TIFFSwabLong(ma); |
2020 | 0 | err = TIFFReadDirEntryCheckRangeSshortLong(*ma); |
2021 | 0 | if (err != TIFFReadDirEntryErrOk) |
2022 | 0 | break; |
2023 | 0 | *mb++ = (int16_t)(*ma++); |
2024 | 0 | } |
2025 | 0 | } |
2026 | 0 | break; |
2027 | 0 | case TIFF_SLONG: |
2028 | 0 | { |
2029 | 0 | int32_t *ma; |
2030 | 0 | int16_t *mb; |
2031 | 0 | uint32_t n; |
2032 | 0 | ma = (int32_t *)origdata; |
2033 | 0 | mb = data; |
2034 | 0 | for (n = 0; n < count; n++) |
2035 | 0 | { |
2036 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2037 | 0 | TIFFSwabLong((uint32_t *)ma); |
2038 | 0 | err = TIFFReadDirEntryCheckRangeSshortSlong(*ma); |
2039 | 0 | if (err != TIFFReadDirEntryErrOk) |
2040 | 0 | break; |
2041 | 0 | *mb++ = (int16_t)(*ma++); |
2042 | 0 | } |
2043 | 0 | } |
2044 | 0 | break; |
2045 | 0 | case TIFF_LONG8: |
2046 | 0 | { |
2047 | 0 | uint64_t *ma; |
2048 | 0 | int16_t *mb; |
2049 | 0 | uint32_t n; |
2050 | 0 | ma = (uint64_t *)origdata; |
2051 | 0 | mb = data; |
2052 | 0 | for (n = 0; n < count; n++) |
2053 | 0 | { |
2054 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2055 | 0 | TIFFSwabLong8(ma); |
2056 | 0 | err = TIFFReadDirEntryCheckRangeSshortLong8(*ma); |
2057 | 0 | if (err != TIFFReadDirEntryErrOk) |
2058 | 0 | break; |
2059 | 0 | *mb++ = (int16_t)(*ma++); |
2060 | 0 | } |
2061 | 0 | } |
2062 | 0 | break; |
2063 | 0 | case TIFF_SLONG8: |
2064 | 0 | { |
2065 | 0 | int64_t *ma; |
2066 | 0 | int16_t *mb; |
2067 | 0 | uint32_t n; |
2068 | 0 | ma = (int64_t *)origdata; |
2069 | 0 | mb = data; |
2070 | 0 | for (n = 0; n < count; n++) |
2071 | 0 | { |
2072 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2073 | 0 | TIFFSwabLong8((uint64_t *)ma); |
2074 | 0 | err = TIFFReadDirEntryCheckRangeSshortSlong8(*ma); |
2075 | 0 | if (err != TIFFReadDirEntryErrOk) |
2076 | 0 | break; |
2077 | 0 | *mb++ = (int16_t)(*ma++); |
2078 | 0 | } |
2079 | 0 | } |
2080 | 0 | break; |
2081 | 0 | } |
2082 | 0 | _TIFFfreeExt(tif, origdata); |
2083 | 0 | if (err != TIFFReadDirEntryErrOk) |
2084 | 0 | { |
2085 | 0 | _TIFFfreeExt(tif, data); |
2086 | 0 | return (err); |
2087 | 0 | } |
2088 | 0 | *value = data; |
2089 | 0 | return (TIFFReadDirEntryErrOk); |
2090 | 0 | } |
2091 | | |
2092 | | static enum TIFFReadDirEntryErr |
2093 | | TIFFReadDirEntryLongArray(TIFF *tif, TIFFDirEntry *direntry, uint32_t **value) |
2094 | 149k | { |
2095 | 149k | enum TIFFReadDirEntryErr err; |
2096 | 149k | uint32_t count; |
2097 | 149k | void *origdata; |
2098 | 149k | uint32_t *data; |
2099 | 149k | switch (direntry->tdir_type) |
2100 | 149k | { |
2101 | 1.21k | case TIFF_BYTE: |
2102 | 4.07k | case TIFF_SBYTE: |
2103 | 4.99k | case TIFF_SHORT: |
2104 | 5.92k | case TIFF_SSHORT: |
2105 | 140k | case TIFF_LONG: |
2106 | 142k | case TIFF_SLONG: |
2107 | 144k | case TIFF_LONG8: |
2108 | 147k | case TIFF_SLONG8: |
2109 | 147k | break; |
2110 | 2.35k | default: |
2111 | 2.35k | return (TIFFReadDirEntryErrType); |
2112 | 149k | } |
2113 | 147k | err = TIFFReadDirEntryArray(tif, direntry, &count, 4, &origdata); |
2114 | 147k | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
2115 | 116k | { |
2116 | 116k | *value = 0; |
2117 | 116k | return (err); |
2118 | 116k | } |
2119 | 30.3k | switch (direntry->tdir_type) |
2120 | 30.3k | { |
2121 | 21.1k | case TIFF_LONG: |
2122 | 21.1k | *value = (uint32_t *)origdata; |
2123 | 21.1k | if (tif->tif_flags & TIFF_SWAB) |
2124 | 686 | TIFFSwabArrayOfLong(*value, count); |
2125 | 21.1k | return (TIFFReadDirEntryErrOk); |
2126 | 1.46k | case TIFF_SLONG: |
2127 | 1.46k | { |
2128 | 1.46k | int32_t *m; |
2129 | 1.46k | uint32_t n; |
2130 | 1.46k | m = (int32_t *)origdata; |
2131 | 10.7k | for (n = 0; n < count; n++) |
2132 | 10.1k | { |
2133 | 10.1k | if (tif->tif_flags & TIFF_SWAB) |
2134 | 469 | TIFFSwabLong((uint32_t *)m); |
2135 | 10.1k | err = TIFFReadDirEntryCheckRangeLongSlong(*m); |
2136 | 10.1k | if (err != TIFFReadDirEntryErrOk) |
2137 | 872 | { |
2138 | 872 | _TIFFfreeExt(tif, origdata); |
2139 | 872 | return (err); |
2140 | 872 | } |
2141 | 9.26k | m++; |
2142 | 9.26k | } |
2143 | 590 | *value = (uint32_t *)origdata; |
2144 | 590 | return (TIFFReadDirEntryErrOk); |
2145 | 1.46k | } |
2146 | 30.3k | } |
2147 | 7.72k | data = (uint32_t *)_TIFFmallocExt(tif, count * 4); |
2148 | 7.72k | if (data == 0) |
2149 | 0 | { |
2150 | 0 | _TIFFfreeExt(tif, origdata); |
2151 | 0 | return (TIFFReadDirEntryErrAlloc); |
2152 | 0 | } |
2153 | 7.72k | switch (direntry->tdir_type) |
2154 | 7.72k | { |
2155 | 978 | case TIFF_BYTE: |
2156 | 978 | { |
2157 | 978 | uint8_t *ma; |
2158 | 978 | uint32_t *mb; |
2159 | 978 | uint32_t n; |
2160 | 978 | ma = (uint8_t *)origdata; |
2161 | 978 | mb = data; |
2162 | 6.96k | for (n = 0; n < count; n++) |
2163 | 5.99k | *mb++ = (uint32_t)(*ma++); |
2164 | 978 | } |
2165 | 978 | break; |
2166 | 1.44k | case TIFF_SBYTE: |
2167 | 1.44k | { |
2168 | 1.44k | int8_t *ma; |
2169 | 1.44k | uint32_t *mb; |
2170 | 1.44k | uint32_t n; |
2171 | 1.44k | ma = (int8_t *)origdata; |
2172 | 1.44k | mb = data; |
2173 | 12.9k | for (n = 0; n < count; n++) |
2174 | 11.9k | { |
2175 | 11.9k | err = TIFFReadDirEntryCheckRangeLongSbyte(*ma); |
2176 | 11.9k | if (err != TIFFReadDirEntryErrOk) |
2177 | 455 | break; |
2178 | 11.5k | *mb++ = (uint32_t)(*ma++); |
2179 | 11.5k | } |
2180 | 1.44k | } |
2181 | 1.44k | break; |
2182 | 885 | case TIFF_SHORT: |
2183 | 885 | { |
2184 | 885 | uint16_t *ma; |
2185 | 885 | uint32_t *mb; |
2186 | 885 | uint32_t n; |
2187 | 885 | ma = (uint16_t *)origdata; |
2188 | 885 | mb = data; |
2189 | 59.9k | for (n = 0; n < count; n++) |
2190 | 59.0k | { |
2191 | 59.0k | if (tif->tif_flags & TIFF_SWAB) |
2192 | 1.06k | TIFFSwabShort(ma); |
2193 | 59.0k | *mb++ = (uint32_t)(*ma++); |
2194 | 59.0k | } |
2195 | 885 | } |
2196 | 885 | break; |
2197 | 758 | case TIFF_SSHORT: |
2198 | 758 | { |
2199 | 758 | int16_t *ma; |
2200 | 758 | uint32_t *mb; |
2201 | 758 | uint32_t n; |
2202 | 758 | ma = (int16_t *)origdata; |
2203 | 758 | mb = data; |
2204 | 6.70k | for (n = 0; n < count; n++) |
2205 | 6.17k | { |
2206 | 6.17k | if (tif->tif_flags & TIFF_SWAB) |
2207 | 856 | TIFFSwabShort((uint16_t *)ma); |
2208 | 6.17k | err = TIFFReadDirEntryCheckRangeLongSshort(*ma); |
2209 | 6.17k | if (err != TIFFReadDirEntryErrOk) |
2210 | 232 | break; |
2211 | 5.94k | *mb++ = (uint32_t)(*ma++); |
2212 | 5.94k | } |
2213 | 758 | } |
2214 | 758 | break; |
2215 | 1.18k | case TIFF_LONG8: |
2216 | 1.18k | { |
2217 | 1.18k | uint64_t *ma; |
2218 | 1.18k | uint32_t *mb; |
2219 | 1.18k | uint32_t n; |
2220 | 1.18k | ma = (uint64_t *)origdata; |
2221 | 1.18k | mb = data; |
2222 | 2.47k | for (n = 0; n < count; n++) |
2223 | 2.26k | { |
2224 | 2.26k | if (tif->tif_flags & TIFF_SWAB) |
2225 | 806 | TIFFSwabLong8(ma); |
2226 | 2.26k | err = TIFFReadDirEntryCheckRangeLongLong8(*ma); |
2227 | 2.26k | if (err != TIFFReadDirEntryErrOk) |
2228 | 972 | break; |
2229 | 1.28k | *mb++ = (uint32_t)(*ma++); |
2230 | 1.28k | } |
2231 | 1.18k | } |
2232 | 1.18k | break; |
2233 | 2.47k | case TIFF_SLONG8: |
2234 | 2.47k | { |
2235 | 2.47k | int64_t *ma; |
2236 | 2.47k | uint32_t *mb; |
2237 | 2.47k | uint32_t n; |
2238 | 2.47k | ma = (int64_t *)origdata; |
2239 | 2.47k | mb = data; |
2240 | 80.1k | for (n = 0; n < count; n++) |
2241 | 79.9k | { |
2242 | 79.9k | if (tif->tif_flags & TIFF_SWAB) |
2243 | 38.4k | TIFFSwabLong8((uint64_t *)ma); |
2244 | 79.9k | err = TIFFReadDirEntryCheckRangeLongSlong8(*ma); |
2245 | 79.9k | if (err != TIFFReadDirEntryErrOk) |
2246 | 2.23k | break; |
2247 | 77.6k | *mb++ = (uint32_t)(*ma++); |
2248 | 77.6k | } |
2249 | 2.47k | } |
2250 | 2.47k | break; |
2251 | 7.72k | } |
2252 | 7.72k | _TIFFfreeExt(tif, origdata); |
2253 | 7.72k | if (err != TIFFReadDirEntryErrOk) |
2254 | 3.89k | { |
2255 | 3.89k | _TIFFfreeExt(tif, data); |
2256 | 3.89k | return (err); |
2257 | 3.89k | } |
2258 | 3.83k | *value = data; |
2259 | 3.83k | return (TIFFReadDirEntryErrOk); |
2260 | 7.72k | } |
2261 | | |
2262 | | static enum TIFFReadDirEntryErr |
2263 | | TIFFReadDirEntrySlongArray(TIFF *tif, TIFFDirEntry *direntry, int32_t **value) |
2264 | 38.6k | { |
2265 | 38.6k | enum TIFFReadDirEntryErr err; |
2266 | 38.6k | uint32_t count; |
2267 | 38.6k | void *origdata; |
2268 | 38.6k | int32_t *data; |
2269 | 38.6k | switch (direntry->tdir_type) |
2270 | 38.6k | { |
2271 | 0 | case TIFF_BYTE: |
2272 | 0 | case TIFF_SBYTE: |
2273 | 0 | case TIFF_SHORT: |
2274 | 0 | case TIFF_SSHORT: |
2275 | 0 | case TIFF_LONG: |
2276 | 38.6k | case TIFF_SLONG: |
2277 | 38.6k | case TIFF_LONG8: |
2278 | 38.6k | case TIFF_SLONG8: |
2279 | 38.6k | break; |
2280 | 0 | default: |
2281 | 0 | return (TIFFReadDirEntryErrType); |
2282 | 38.6k | } |
2283 | 38.6k | err = TIFFReadDirEntryArray(tif, direntry, &count, 4, &origdata); |
2284 | 38.6k | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
2285 | 24.0k | { |
2286 | 24.0k | *value = 0; |
2287 | 24.0k | return (err); |
2288 | 24.0k | } |
2289 | 14.5k | switch (direntry->tdir_type) |
2290 | 14.5k | { |
2291 | 0 | case TIFF_LONG: |
2292 | 0 | { |
2293 | 0 | uint32_t *m; |
2294 | 0 | uint32_t n; |
2295 | 0 | m = (uint32_t *)origdata; |
2296 | 0 | for (n = 0; n < count; n++) |
2297 | 0 | { |
2298 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2299 | 0 | TIFFSwabLong((uint32_t *)m); |
2300 | 0 | err = TIFFReadDirEntryCheckRangeSlongLong(*m); |
2301 | 0 | if (err != TIFFReadDirEntryErrOk) |
2302 | 0 | { |
2303 | 0 | _TIFFfreeExt(tif, origdata); |
2304 | 0 | return (err); |
2305 | 0 | } |
2306 | 0 | m++; |
2307 | 0 | } |
2308 | 0 | *value = (int32_t *)origdata; |
2309 | 0 | return (TIFFReadDirEntryErrOk); |
2310 | 0 | } |
2311 | 14.5k | case TIFF_SLONG: |
2312 | 14.5k | *value = (int32_t *)origdata; |
2313 | 14.5k | if (tif->tif_flags & TIFF_SWAB) |
2314 | 172 | TIFFSwabArrayOfLong((uint32_t *)(*value), count); |
2315 | 14.5k | return (TIFFReadDirEntryErrOk); |
2316 | 14.5k | } |
2317 | 0 | data = (int32_t *)_TIFFmallocExt(tif, count * 4); |
2318 | 0 | if (data == 0) |
2319 | 0 | { |
2320 | 0 | _TIFFfreeExt(tif, origdata); |
2321 | 0 | return (TIFFReadDirEntryErrAlloc); |
2322 | 0 | } |
2323 | 0 | switch (direntry->tdir_type) |
2324 | 0 | { |
2325 | 0 | case TIFF_BYTE: |
2326 | 0 | { |
2327 | 0 | uint8_t *ma; |
2328 | 0 | int32_t *mb; |
2329 | 0 | uint32_t n; |
2330 | 0 | ma = (uint8_t *)origdata; |
2331 | 0 | mb = data; |
2332 | 0 | for (n = 0; n < count; n++) |
2333 | 0 | *mb++ = (int32_t)(*ma++); |
2334 | 0 | } |
2335 | 0 | break; |
2336 | 0 | case TIFF_SBYTE: |
2337 | 0 | { |
2338 | 0 | int8_t *ma; |
2339 | 0 | int32_t *mb; |
2340 | 0 | uint32_t n; |
2341 | 0 | ma = (int8_t *)origdata; |
2342 | 0 | mb = data; |
2343 | 0 | for (n = 0; n < count; n++) |
2344 | 0 | *mb++ = (int32_t)(*ma++); |
2345 | 0 | } |
2346 | 0 | break; |
2347 | 0 | case TIFF_SHORT: |
2348 | 0 | { |
2349 | 0 | uint16_t *ma; |
2350 | 0 | int32_t *mb; |
2351 | 0 | uint32_t n; |
2352 | 0 | ma = (uint16_t *)origdata; |
2353 | 0 | mb = data; |
2354 | 0 | for (n = 0; n < count; n++) |
2355 | 0 | { |
2356 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2357 | 0 | TIFFSwabShort(ma); |
2358 | 0 | *mb++ = (int32_t)(*ma++); |
2359 | 0 | } |
2360 | 0 | } |
2361 | 0 | break; |
2362 | 0 | case TIFF_SSHORT: |
2363 | 0 | { |
2364 | 0 | int16_t *ma; |
2365 | 0 | int32_t *mb; |
2366 | 0 | uint32_t n; |
2367 | 0 | ma = (int16_t *)origdata; |
2368 | 0 | mb = data; |
2369 | 0 | for (n = 0; n < count; n++) |
2370 | 0 | { |
2371 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2372 | 0 | TIFFSwabShort((uint16_t *)ma); |
2373 | 0 | *mb++ = (int32_t)(*ma++); |
2374 | 0 | } |
2375 | 0 | } |
2376 | 0 | break; |
2377 | 0 | case TIFF_LONG8: |
2378 | 0 | { |
2379 | 0 | uint64_t *ma; |
2380 | 0 | int32_t *mb; |
2381 | 0 | uint32_t n; |
2382 | 0 | ma = (uint64_t *)origdata; |
2383 | 0 | mb = data; |
2384 | 0 | for (n = 0; n < count; n++) |
2385 | 0 | { |
2386 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2387 | 0 | TIFFSwabLong8(ma); |
2388 | 0 | err = TIFFReadDirEntryCheckRangeSlongLong8(*ma); |
2389 | 0 | if (err != TIFFReadDirEntryErrOk) |
2390 | 0 | break; |
2391 | 0 | *mb++ = (int32_t)(*ma++); |
2392 | 0 | } |
2393 | 0 | } |
2394 | 0 | break; |
2395 | 0 | case TIFF_SLONG8: |
2396 | 0 | { |
2397 | 0 | int64_t *ma; |
2398 | 0 | int32_t *mb; |
2399 | 0 | uint32_t n; |
2400 | 0 | ma = (int64_t *)origdata; |
2401 | 0 | mb = data; |
2402 | 0 | for (n = 0; n < count; n++) |
2403 | 0 | { |
2404 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2405 | 0 | TIFFSwabLong8((uint64_t *)ma); |
2406 | 0 | err = TIFFReadDirEntryCheckRangeSlongSlong8(*ma); |
2407 | 0 | if (err != TIFFReadDirEntryErrOk) |
2408 | 0 | break; |
2409 | 0 | *mb++ = (int32_t)(*ma++); |
2410 | 0 | } |
2411 | 0 | } |
2412 | 0 | break; |
2413 | 0 | } |
2414 | 0 | _TIFFfreeExt(tif, origdata); |
2415 | 0 | if (err != TIFFReadDirEntryErrOk) |
2416 | 0 | { |
2417 | 0 | _TIFFfreeExt(tif, data); |
2418 | 0 | return (err); |
2419 | 0 | } |
2420 | 0 | *value = data; |
2421 | 0 | return (TIFFReadDirEntryErrOk); |
2422 | 0 | } |
2423 | | |
2424 | | static enum TIFFReadDirEntryErr |
2425 | | TIFFReadDirEntryLong8ArrayWithLimit(TIFF *tif, TIFFDirEntry *direntry, |
2426 | | uint64_t **value, uint64_t maxcount) |
2427 | 1.75M | { |
2428 | 1.75M | enum TIFFReadDirEntryErr err; |
2429 | 1.75M | uint32_t count; |
2430 | 1.75M | void *origdata; |
2431 | 1.75M | uint64_t *data; |
2432 | 1.75M | switch (direntry->tdir_type) |
2433 | 1.75M | { |
2434 | 28.1k | case TIFF_BYTE: |
2435 | 45.7k | case TIFF_SBYTE: |
2436 | 91.3k | case TIFF_SHORT: |
2437 | 95.1k | case TIFF_SSHORT: |
2438 | 1.62M | case TIFF_LONG: |
2439 | 1.63M | case TIFF_SLONG: |
2440 | 1.68M | case TIFF_LONG8: |
2441 | 1.69M | case TIFF_SLONG8: |
2442 | 1.69M | break; |
2443 | 55.8k | default: |
2444 | 55.8k | return (TIFFReadDirEntryErrType); |
2445 | 1.75M | } |
2446 | 1.69M | err = TIFFReadDirEntryArrayWithLimit(tif, direntry, &count, 8, &origdata, |
2447 | 1.69M | maxcount); |
2448 | 1.69M | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
2449 | 82.5k | { |
2450 | 82.5k | *value = 0; |
2451 | 82.5k | return (err); |
2452 | 82.5k | } |
2453 | 1.61M | switch (direntry->tdir_type) |
2454 | 1.61M | { |
2455 | 18.7k | case TIFF_LONG8: |
2456 | 18.7k | *value = (uint64_t *)origdata; |
2457 | 18.7k | if (tif->tif_flags & TIFF_SWAB) |
2458 | 622 | TIFFSwabArrayOfLong8(*value, count); |
2459 | 18.7k | return (TIFFReadDirEntryErrOk); |
2460 | 11.1k | case TIFF_SLONG8: |
2461 | 11.1k | { |
2462 | 11.1k | int64_t *m; |
2463 | 11.1k | uint32_t n; |
2464 | 11.1k | m = (int64_t *)origdata; |
2465 | 22.7k | for (n = 0; n < count; n++) |
2466 | 12.7k | { |
2467 | 12.7k | if (tif->tif_flags & TIFF_SWAB) |
2468 | 292 | TIFFSwabLong8((uint64_t *)m); |
2469 | 12.7k | err = TIFFReadDirEntryCheckRangeLong8Slong8(*m); |
2470 | 12.7k | if (err != TIFFReadDirEntryErrOk) |
2471 | 1.14k | { |
2472 | 1.14k | _TIFFfreeExt(tif, origdata); |
2473 | 1.14k | return (err); |
2474 | 1.14k | } |
2475 | 11.6k | m++; |
2476 | 11.6k | } |
2477 | 10.0k | *value = (uint64_t *)origdata; |
2478 | 10.0k | return (TIFFReadDirEntryErrOk); |
2479 | 11.1k | } |
2480 | 1.61M | } |
2481 | 1.58M | data = (uint64_t *)_TIFFmallocExt(tif, count * 8); |
2482 | 1.58M | if (data == 0) |
2483 | 0 | { |
2484 | 0 | _TIFFfreeExt(tif, origdata); |
2485 | 0 | return (TIFFReadDirEntryErrAlloc); |
2486 | 0 | } |
2487 | 1.58M | switch (direntry->tdir_type) |
2488 | 1.58M | { |
2489 | 22.5k | case TIFF_BYTE: |
2490 | 22.5k | { |
2491 | 22.5k | uint8_t *ma; |
2492 | 22.5k | uint64_t *mb; |
2493 | 22.5k | uint32_t n; |
2494 | 22.5k | ma = (uint8_t *)origdata; |
2495 | 22.5k | mb = data; |
2496 | 268k | for (n = 0; n < count; n++) |
2497 | 246k | *mb++ = (uint64_t)(*ma++); |
2498 | 22.5k | } |
2499 | 22.5k | break; |
2500 | 17.2k | case TIFF_SBYTE: |
2501 | 17.2k | { |
2502 | 17.2k | int8_t *ma; |
2503 | 17.2k | uint64_t *mb; |
2504 | 17.2k | uint32_t n; |
2505 | 17.2k | ma = (int8_t *)origdata; |
2506 | 17.2k | mb = data; |
2507 | 33.4k | for (n = 0; n < count; n++) |
2508 | 20.4k | { |
2509 | 20.4k | err = TIFFReadDirEntryCheckRangeLong8Sbyte(*ma); |
2510 | 20.4k | if (err != TIFFReadDirEntryErrOk) |
2511 | 4.15k | break; |
2512 | 16.2k | *mb++ = (uint64_t)(*ma++); |
2513 | 16.2k | } |
2514 | 17.2k | } |
2515 | 17.2k | break; |
2516 | 41.6k | case TIFF_SHORT: |
2517 | 41.6k | { |
2518 | 41.6k | uint16_t *ma; |
2519 | 41.6k | uint64_t *mb; |
2520 | 41.6k | uint32_t n; |
2521 | 41.6k | ma = (uint16_t *)origdata; |
2522 | 41.6k | mb = data; |
2523 | 1.12M | for (n = 0; n < count; n++) |
2524 | 1.08M | { |
2525 | 1.08M | if (tif->tif_flags & TIFF_SWAB) |
2526 | 2.84k | TIFFSwabShort(ma); |
2527 | 1.08M | *mb++ = (uint64_t)(*ma++); |
2528 | 1.08M | } |
2529 | 41.6k | } |
2530 | 41.6k | break; |
2531 | 3.57k | case TIFF_SSHORT: |
2532 | 3.57k | { |
2533 | 3.57k | int16_t *ma; |
2534 | 3.57k | uint64_t *mb; |
2535 | 3.57k | uint32_t n; |
2536 | 3.57k | ma = (int16_t *)origdata; |
2537 | 3.57k | mb = data; |
2538 | 9.89k | for (n = 0; n < count; n++) |
2539 | 6.88k | { |
2540 | 6.88k | if (tif->tif_flags & TIFF_SWAB) |
2541 | 169 | TIFFSwabShort((uint16_t *)ma); |
2542 | 6.88k | err = TIFFReadDirEntryCheckRangeLong8Sshort(*ma); |
2543 | 6.88k | if (err != TIFFReadDirEntryErrOk) |
2544 | 561 | break; |
2545 | 6.32k | *mb++ = (uint64_t)(*ma++); |
2546 | 6.32k | } |
2547 | 3.57k | } |
2548 | 3.57k | break; |
2549 | 1.49M | case TIFF_LONG: |
2550 | 1.49M | { |
2551 | 1.49M | uint32_t *ma; |
2552 | 1.49M | uint64_t *mb; |
2553 | 1.49M | uint32_t n; |
2554 | 1.49M | ma = (uint32_t *)origdata; |
2555 | 1.49M | mb = data; |
2556 | 5.25M | for (n = 0; n < count; n++) |
2557 | 3.75M | { |
2558 | 3.75M | if (tif->tif_flags & TIFF_SWAB) |
2559 | 4.11k | TIFFSwabLong(ma); |
2560 | 3.75M | *mb++ = (uint64_t)(*ma++); |
2561 | 3.75M | } |
2562 | 1.49M | } |
2563 | 1.49M | break; |
2564 | 3.76k | case TIFF_SLONG: |
2565 | 3.76k | { |
2566 | 3.76k | int32_t *ma; |
2567 | 3.76k | uint64_t *mb; |
2568 | 3.76k | uint32_t n; |
2569 | 3.76k | ma = (int32_t *)origdata; |
2570 | 3.76k | mb = data; |
2571 | 9.54k | for (n = 0; n < count; n++) |
2572 | 6.50k | { |
2573 | 6.50k | if (tif->tif_flags & TIFF_SWAB) |
2574 | 493 | TIFFSwabLong((uint32_t *)ma); |
2575 | 6.50k | err = TIFFReadDirEntryCheckRangeLong8Slong(*ma); |
2576 | 6.50k | if (err != TIFFReadDirEntryErrOk) |
2577 | 718 | break; |
2578 | 5.78k | *mb++ = (uint64_t)(*ma++); |
2579 | 5.78k | } |
2580 | 3.76k | } |
2581 | 3.76k | break; |
2582 | 1.58M | } |
2583 | 1.58M | _TIFFfreeExt(tif, origdata); |
2584 | 1.58M | if (err != TIFFReadDirEntryErrOk) |
2585 | 5.43k | { |
2586 | 5.43k | _TIFFfreeExt(tif, data); |
2587 | 5.43k | return (err); |
2588 | 5.43k | } |
2589 | 1.57M | *value = data; |
2590 | 1.57M | return (TIFFReadDirEntryErrOk); |
2591 | 1.58M | } |
2592 | | |
2593 | | static enum TIFFReadDirEntryErr |
2594 | | TIFFReadDirEntryLong8Array(TIFF *tif, TIFFDirEntry *direntry, uint64_t **value) |
2595 | 57.3k | { |
2596 | 57.3k | return TIFFReadDirEntryLong8ArrayWithLimit(tif, direntry, value, |
2597 | 57.3k | ~((uint64_t)0)); |
2598 | 57.3k | } |
2599 | | |
2600 | | static enum TIFFReadDirEntryErr |
2601 | | TIFFReadDirEntrySlong8Array(TIFF *tif, TIFFDirEntry *direntry, int64_t **value) |
2602 | 25.7k | { |
2603 | 25.7k | enum TIFFReadDirEntryErr err; |
2604 | 25.7k | uint32_t count; |
2605 | 25.7k | void *origdata; |
2606 | 25.7k | int64_t *data; |
2607 | 25.7k | switch (direntry->tdir_type) |
2608 | 25.7k | { |
2609 | 0 | case TIFF_BYTE: |
2610 | 0 | case TIFF_SBYTE: |
2611 | 0 | case TIFF_SHORT: |
2612 | 0 | case TIFF_SSHORT: |
2613 | 0 | case TIFF_LONG: |
2614 | 0 | case TIFF_SLONG: |
2615 | 0 | case TIFF_LONG8: |
2616 | 25.7k | case TIFF_SLONG8: |
2617 | 25.7k | break; |
2618 | 0 | default: |
2619 | 0 | return (TIFFReadDirEntryErrType); |
2620 | 25.7k | } |
2621 | 25.7k | err = TIFFReadDirEntryArray(tif, direntry, &count, 8, &origdata); |
2622 | 25.7k | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
2623 | 20.1k | { |
2624 | 20.1k | *value = 0; |
2625 | 20.1k | return (err); |
2626 | 20.1k | } |
2627 | 5.67k | switch (direntry->tdir_type) |
2628 | 5.67k | { |
2629 | 0 | case TIFF_LONG8: |
2630 | 0 | { |
2631 | 0 | uint64_t *m; |
2632 | 0 | uint32_t n; |
2633 | 0 | m = (uint64_t *)origdata; |
2634 | 0 | for (n = 0; n < count; n++) |
2635 | 0 | { |
2636 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2637 | 0 | TIFFSwabLong8(m); |
2638 | 0 | err = TIFFReadDirEntryCheckRangeSlong8Long8(*m); |
2639 | 0 | if (err != TIFFReadDirEntryErrOk) |
2640 | 0 | { |
2641 | 0 | _TIFFfreeExt(tif, origdata); |
2642 | 0 | return (err); |
2643 | 0 | } |
2644 | 0 | m++; |
2645 | 0 | } |
2646 | 0 | *value = (int64_t *)origdata; |
2647 | 0 | return (TIFFReadDirEntryErrOk); |
2648 | 0 | } |
2649 | 5.67k | case TIFF_SLONG8: |
2650 | 5.67k | *value = (int64_t *)origdata; |
2651 | 5.67k | if (tif->tif_flags & TIFF_SWAB) |
2652 | 240 | TIFFSwabArrayOfLong8((uint64_t *)(*value), count); |
2653 | 5.67k | return (TIFFReadDirEntryErrOk); |
2654 | 5.67k | } |
2655 | 0 | data = (int64_t *)_TIFFmallocExt(tif, count * 8); |
2656 | 0 | if (data == 0) |
2657 | 0 | { |
2658 | 0 | _TIFFfreeExt(tif, origdata); |
2659 | 0 | return (TIFFReadDirEntryErrAlloc); |
2660 | 0 | } |
2661 | 0 | switch (direntry->tdir_type) |
2662 | 0 | { |
2663 | 0 | case TIFF_BYTE: |
2664 | 0 | { |
2665 | 0 | uint8_t *ma; |
2666 | 0 | int64_t *mb; |
2667 | 0 | uint32_t n; |
2668 | 0 | ma = (uint8_t *)origdata; |
2669 | 0 | mb = data; |
2670 | 0 | for (n = 0; n < count; n++) |
2671 | 0 | *mb++ = (int64_t)(*ma++); |
2672 | 0 | } |
2673 | 0 | break; |
2674 | 0 | case TIFF_SBYTE: |
2675 | 0 | { |
2676 | 0 | int8_t *ma; |
2677 | 0 | int64_t *mb; |
2678 | 0 | uint32_t n; |
2679 | 0 | ma = (int8_t *)origdata; |
2680 | 0 | mb = data; |
2681 | 0 | for (n = 0; n < count; n++) |
2682 | 0 | *mb++ = (int64_t)(*ma++); |
2683 | 0 | } |
2684 | 0 | break; |
2685 | 0 | case TIFF_SHORT: |
2686 | 0 | { |
2687 | 0 | uint16_t *ma; |
2688 | 0 | int64_t *mb; |
2689 | 0 | uint32_t n; |
2690 | 0 | ma = (uint16_t *)origdata; |
2691 | 0 | mb = data; |
2692 | 0 | for (n = 0; n < count; n++) |
2693 | 0 | { |
2694 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2695 | 0 | TIFFSwabShort(ma); |
2696 | 0 | *mb++ = (int64_t)(*ma++); |
2697 | 0 | } |
2698 | 0 | } |
2699 | 0 | break; |
2700 | 0 | case TIFF_SSHORT: |
2701 | 0 | { |
2702 | 0 | int16_t *ma; |
2703 | 0 | int64_t *mb; |
2704 | 0 | uint32_t n; |
2705 | 0 | ma = (int16_t *)origdata; |
2706 | 0 | mb = data; |
2707 | 0 | for (n = 0; n < count; n++) |
2708 | 0 | { |
2709 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2710 | 0 | TIFFSwabShort((uint16_t *)ma); |
2711 | 0 | *mb++ = (int64_t)(*ma++); |
2712 | 0 | } |
2713 | 0 | } |
2714 | 0 | break; |
2715 | 0 | case TIFF_LONG: |
2716 | 0 | { |
2717 | 0 | uint32_t *ma; |
2718 | 0 | int64_t *mb; |
2719 | 0 | uint32_t n; |
2720 | 0 | ma = (uint32_t *)origdata; |
2721 | 0 | mb = data; |
2722 | 0 | for (n = 0; n < count; n++) |
2723 | 0 | { |
2724 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2725 | 0 | TIFFSwabLong(ma); |
2726 | 0 | *mb++ = (int64_t)(*ma++); |
2727 | 0 | } |
2728 | 0 | } |
2729 | 0 | break; |
2730 | 0 | case TIFF_SLONG: |
2731 | 0 | { |
2732 | 0 | int32_t *ma; |
2733 | 0 | int64_t *mb; |
2734 | 0 | uint32_t n; |
2735 | 0 | ma = (int32_t *)origdata; |
2736 | 0 | mb = data; |
2737 | 0 | for (n = 0; n < count; n++) |
2738 | 0 | { |
2739 | 0 | if (tif->tif_flags & TIFF_SWAB) |
2740 | 0 | TIFFSwabLong((uint32_t *)ma); |
2741 | 0 | *mb++ = (int64_t)(*ma++); |
2742 | 0 | } |
2743 | 0 | } |
2744 | 0 | break; |
2745 | 0 | } |
2746 | 0 | _TIFFfreeExt(tif, origdata); |
2747 | 0 | *value = data; |
2748 | 0 | return (TIFFReadDirEntryErrOk); |
2749 | 0 | } |
2750 | | |
2751 | | static enum TIFFReadDirEntryErr |
2752 | | TIFFReadDirEntryFloatArray(TIFF *tif, TIFFDirEntry *direntry, float **value) |
2753 | 145k | { |
2754 | 145k | enum TIFFReadDirEntryErr err; |
2755 | 145k | uint32_t count; |
2756 | 145k | void *origdata; |
2757 | 145k | float *data; |
2758 | 145k | switch (direntry->tdir_type) |
2759 | 145k | { |
2760 | 1.24k | case TIFF_BYTE: |
2761 | 1.86k | case TIFF_SBYTE: |
2762 | 3.32k | case TIFF_SHORT: |
2763 | 5.39k | case TIFF_SSHORT: |
2764 | 6.30k | case TIFF_LONG: |
2765 | 7.14k | case TIFF_SLONG: |
2766 | 8.06k | case TIFF_LONG8: |
2767 | 8.89k | case TIFF_SLONG8: |
2768 | 59.9k | case TIFF_RATIONAL: |
2769 | 94.9k | case TIFF_SRATIONAL: |
2770 | 141k | case TIFF_FLOAT: |
2771 | 142k | case TIFF_DOUBLE: |
2772 | 142k | break; |
2773 | 2.37k | default: |
2774 | 2.37k | return (TIFFReadDirEntryErrType); |
2775 | 145k | } |
2776 | 142k | err = TIFFReadDirEntryArray(tif, direntry, &count, 4, &origdata); |
2777 | 142k | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
2778 | 86.1k | { |
2779 | 86.1k | *value = 0; |
2780 | 86.1k | return (err); |
2781 | 86.1k | } |
2782 | 56.6k | switch (direntry->tdir_type) |
2783 | 56.6k | { |
2784 | 24.5k | case TIFF_FLOAT: |
2785 | 24.5k | if (tif->tif_flags & TIFF_SWAB) |
2786 | 62 | TIFFSwabArrayOfLong((uint32_t *)origdata, count); |
2787 | 24.5k | TIFFCvtIEEEFloatToNative(tif, count, (float *)origdata); |
2788 | 24.5k | *value = (float *)origdata; |
2789 | 24.5k | return (TIFFReadDirEntryErrOk); |
2790 | 56.6k | } |
2791 | 32.1k | data = (float *)_TIFFmallocExt(tif, count * sizeof(float)); |
2792 | 32.1k | if (data == 0) |
2793 | 0 | { |
2794 | 0 | _TIFFfreeExt(tif, origdata); |
2795 | 0 | return (TIFFReadDirEntryErrAlloc); |
2796 | 0 | } |
2797 | 32.1k | switch (direntry->tdir_type) |
2798 | 32.1k | { |
2799 | 802 | case TIFF_BYTE: |
2800 | 802 | { |
2801 | 802 | uint8_t *ma; |
2802 | 802 | float *mb; |
2803 | 802 | uint32_t n; |
2804 | 802 | ma = (uint8_t *)origdata; |
2805 | 802 | mb = data; |
2806 | 62.4k | for (n = 0; n < count; n++) |
2807 | 61.6k | *mb++ = (float)(*ma++); |
2808 | 802 | } |
2809 | 802 | break; |
2810 | 400 | case TIFF_SBYTE: |
2811 | 400 | { |
2812 | 400 | int8_t *ma; |
2813 | 400 | float *mb; |
2814 | 400 | uint32_t n; |
2815 | 400 | ma = (int8_t *)origdata; |
2816 | 400 | mb = data; |
2817 | 7.03k | for (n = 0; n < count; n++) |
2818 | 6.63k | *mb++ = (float)(*ma++); |
2819 | 400 | } |
2820 | 400 | break; |
2821 | 938 | case TIFF_SHORT: |
2822 | 938 | { |
2823 | 938 | uint16_t *ma; |
2824 | 938 | float *mb; |
2825 | 938 | uint32_t n; |
2826 | 938 | ma = (uint16_t *)origdata; |
2827 | 938 | mb = data; |
2828 | 48.3k | for (n = 0; n < count; n++) |
2829 | 47.4k | { |
2830 | 47.4k | if (tif->tif_flags & TIFF_SWAB) |
2831 | 371 | TIFFSwabShort(ma); |
2832 | 47.4k | *mb++ = (float)(*ma++); |
2833 | 47.4k | } |
2834 | 938 | } |
2835 | 938 | break; |
2836 | 1.83k | case TIFF_SSHORT: |
2837 | 1.83k | { |
2838 | 1.83k | int16_t *ma; |
2839 | 1.83k | float *mb; |
2840 | 1.83k | uint32_t n; |
2841 | 1.83k | ma = (int16_t *)origdata; |
2842 | 1.83k | mb = data; |
2843 | 592k | for (n = 0; n < count; n++) |
2844 | 590k | { |
2845 | 590k | if (tif->tif_flags & TIFF_SWAB) |
2846 | 592 | TIFFSwabShort((uint16_t *)ma); |
2847 | 590k | *mb++ = (float)(*ma++); |
2848 | 590k | } |
2849 | 1.83k | } |
2850 | 1.83k | break; |
2851 | 525 | case TIFF_LONG: |
2852 | 525 | { |
2853 | 525 | uint32_t *ma; |
2854 | 525 | float *mb; |
2855 | 525 | uint32_t n; |
2856 | 525 | ma = (uint32_t *)origdata; |
2857 | 525 | mb = data; |
2858 | 29.8k | for (n = 0; n < count; n++) |
2859 | 29.2k | { |
2860 | 29.2k | if (tif->tif_flags & TIFF_SWAB) |
2861 | 511 | TIFFSwabLong(ma); |
2862 | 29.2k | *mb++ = (float)(*ma++); |
2863 | 29.2k | } |
2864 | 525 | } |
2865 | 525 | break; |
2866 | 706 | case TIFF_SLONG: |
2867 | 706 | { |
2868 | 706 | int32_t *ma; |
2869 | 706 | float *mb; |
2870 | 706 | uint32_t n; |
2871 | 706 | ma = (int32_t *)origdata; |
2872 | 706 | mb = data; |
2873 | 110k | for (n = 0; n < count; n++) |
2874 | 110k | { |
2875 | 110k | if (tif->tif_flags & TIFF_SWAB) |
2876 | 932 | TIFFSwabLong((uint32_t *)ma); |
2877 | 110k | *mb++ = (float)(*ma++); |
2878 | 110k | } |
2879 | 706 | } |
2880 | 706 | break; |
2881 | 814 | case TIFF_LONG8: |
2882 | 814 | { |
2883 | 814 | uint64_t *ma; |
2884 | 814 | float *mb; |
2885 | 814 | uint32_t n; |
2886 | 814 | ma = (uint64_t *)origdata; |
2887 | 814 | mb = data; |
2888 | 8.68k | for (n = 0; n < count; n++) |
2889 | 7.87k | { |
2890 | 7.87k | if (tif->tif_flags & TIFF_SWAB) |
2891 | 1.95k | TIFFSwabLong8(ma); |
2892 | 7.87k | *mb++ = (float)(*ma++); |
2893 | 7.87k | } |
2894 | 814 | } |
2895 | 814 | break; |
2896 | 640 | case TIFF_SLONG8: |
2897 | 640 | { |
2898 | 640 | int64_t *ma; |
2899 | 640 | float *mb; |
2900 | 640 | uint32_t n; |
2901 | 640 | ma = (int64_t *)origdata; |
2902 | 640 | mb = data; |
2903 | 69.8k | for (n = 0; n < count; n++) |
2904 | 69.2k | { |
2905 | 69.2k | if (tif->tif_flags & TIFF_SWAB) |
2906 | 66.2k | TIFFSwabLong8((uint64_t *)ma); |
2907 | 69.2k | *mb++ = (float)(*ma++); |
2908 | 69.2k | } |
2909 | 640 | } |
2910 | 640 | break; |
2911 | 20.4k | case TIFF_RATIONAL: |
2912 | 20.4k | { |
2913 | 20.4k | uint32_t *ma; |
2914 | 20.4k | uint32_t maa; |
2915 | 20.4k | uint32_t mab; |
2916 | 20.4k | float *mb; |
2917 | 20.4k | uint32_t n; |
2918 | 20.4k | ma = (uint32_t *)origdata; |
2919 | 20.4k | mb = data; |
2920 | 1.69M | for (n = 0; n < count; n++) |
2921 | 1.67M | { |
2922 | 1.67M | if (tif->tif_flags & TIFF_SWAB) |
2923 | 11.8k | TIFFSwabLong(ma); |
2924 | 1.67M | maa = *ma++; |
2925 | 1.67M | if (tif->tif_flags & TIFF_SWAB) |
2926 | 11.8k | TIFFSwabLong(ma); |
2927 | 1.67M | mab = *ma++; |
2928 | 1.67M | if (mab == 0) |
2929 | 173k | *mb++ = 0.0; |
2930 | 1.49M | else |
2931 | 1.49M | *mb++ = (float)maa / (float)mab; |
2932 | 1.67M | } |
2933 | 20.4k | } |
2934 | 20.4k | break; |
2935 | 3.47k | case TIFF_SRATIONAL: |
2936 | 3.47k | { |
2937 | 3.47k | uint32_t *ma; |
2938 | 3.47k | int32_t maa; |
2939 | 3.47k | uint32_t mab; |
2940 | 3.47k | float *mb; |
2941 | 3.47k | uint32_t n; |
2942 | 3.47k | ma = (uint32_t *)origdata; |
2943 | 3.47k | mb = data; |
2944 | 276k | for (n = 0; n < count; n++) |
2945 | 273k | { |
2946 | 273k | if (tif->tif_flags & TIFF_SWAB) |
2947 | 13.3k | TIFFSwabLong(ma); |
2948 | 273k | maa = *(int32_t *)ma; |
2949 | 273k | ma++; |
2950 | 273k | if (tif->tif_flags & TIFF_SWAB) |
2951 | 13.3k | TIFFSwabLong(ma); |
2952 | 273k | mab = *ma++; |
2953 | 273k | if (mab == 0) |
2954 | 31.6k | *mb++ = 0.0; |
2955 | 241k | else |
2956 | 241k | *mb++ = (float)maa / (float)mab; |
2957 | 273k | } |
2958 | 3.47k | } |
2959 | 3.47k | break; |
2960 | 1.60k | case TIFF_DOUBLE: |
2961 | 1.60k | { |
2962 | 1.60k | double *ma; |
2963 | 1.60k | float *mb; |
2964 | 1.60k | uint32_t n; |
2965 | 1.60k | if (tif->tif_flags & TIFF_SWAB) |
2966 | 46 | TIFFSwabArrayOfLong8((uint64_t *)origdata, count); |
2967 | 1.60k | TIFFCvtIEEEDoubleToNative(tif, count, (double *)origdata); |
2968 | 1.60k | ma = (double *)origdata; |
2969 | 1.60k | mb = data; |
2970 | 111k | for (n = 0; n < count; n++) |
2971 | 110k | { |
2972 | 110k | double val = *ma++; |
2973 | 110k | if (val > FLT_MAX) |
2974 | 20.8k | val = FLT_MAX; |
2975 | 89.2k | else if (val < -FLT_MAX) |
2976 | 13.6k | val = -FLT_MAX; |
2977 | 110k | *mb++ = (float)val; |
2978 | 110k | } |
2979 | 1.60k | } |
2980 | 1.60k | break; |
2981 | 32.1k | } |
2982 | 32.1k | _TIFFfreeExt(tif, origdata); |
2983 | 32.1k | *value = data; |
2984 | 32.1k | return (TIFFReadDirEntryErrOk); |
2985 | 32.1k | } |
2986 | | |
2987 | | static enum TIFFReadDirEntryErr |
2988 | | TIFFReadDirEntryDoubleArray(TIFF *tif, TIFFDirEntry *direntry, double **value) |
2989 | 229k | { |
2990 | 229k | enum TIFFReadDirEntryErr err; |
2991 | 229k | uint32_t count; |
2992 | 229k | void *origdata; |
2993 | 229k | double *data; |
2994 | 229k | switch (direntry->tdir_type) |
2995 | 229k | { |
2996 | 4.49k | case TIFF_BYTE: |
2997 | 5.60k | case TIFF_SBYTE: |
2998 | 11.2k | case TIFF_SHORT: |
2999 | 13.3k | case TIFF_SSHORT: |
3000 | 14.5k | case TIFF_LONG: |
3001 | 16.7k | case TIFF_SLONG: |
3002 | 17.3k | case TIFF_LONG8: |
3003 | 18.1k | case TIFF_SLONG8: |
3004 | 19.4k | case TIFF_RATIONAL: |
3005 | 21.9k | case TIFF_SRATIONAL: |
3006 | 22.9k | case TIFF_FLOAT: |
3007 | 215k | case TIFF_DOUBLE: |
3008 | 215k | break; |
3009 | 13.5k | default: |
3010 | 13.5k | return (TIFFReadDirEntryErrType); |
3011 | 229k | } |
3012 | 215k | err = TIFFReadDirEntryArray(tif, direntry, &count, 8, &origdata); |
3013 | 215k | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
3014 | 101k | { |
3015 | 101k | *value = 0; |
3016 | 101k | return (err); |
3017 | 101k | } |
3018 | 114k | switch (direntry->tdir_type) |
3019 | 114k | { |
3020 | 94.8k | case TIFF_DOUBLE: |
3021 | 94.8k | if (tif->tif_flags & TIFF_SWAB) |
3022 | 120 | TIFFSwabArrayOfLong8((uint64_t *)origdata, count); |
3023 | 94.8k | TIFFCvtIEEEDoubleToNative(tif, count, (double *)origdata); |
3024 | 94.8k | *value = (double *)origdata; |
3025 | 94.8k | return (TIFFReadDirEntryErrOk); |
3026 | 114k | } |
3027 | 19.5k | data = (double *)_TIFFmallocExt(tif, count * sizeof(double)); |
3028 | 19.5k | if (data == 0) |
3029 | 0 | { |
3030 | 0 | _TIFFfreeExt(tif, origdata); |
3031 | 0 | return (TIFFReadDirEntryErrAlloc); |
3032 | 0 | } |
3033 | 19.5k | switch (direntry->tdir_type) |
3034 | 19.5k | { |
3035 | 4.03k | case TIFF_BYTE: |
3036 | 4.03k | { |
3037 | 4.03k | uint8_t *ma; |
3038 | 4.03k | double *mb; |
3039 | 4.03k | uint32_t n; |
3040 | 4.03k | ma = (uint8_t *)origdata; |
3041 | 4.03k | mb = data; |
3042 | 272k | for (n = 0; n < count; n++) |
3043 | 268k | *mb++ = (double)(*ma++); |
3044 | 4.03k | } |
3045 | 4.03k | break; |
3046 | 1.08k | case TIFF_SBYTE: |
3047 | 1.08k | { |
3048 | 1.08k | int8_t *ma; |
3049 | 1.08k | double *mb; |
3050 | 1.08k | uint32_t n; |
3051 | 1.08k | ma = (int8_t *)origdata; |
3052 | 1.08k | mb = data; |
3053 | 63.7k | for (n = 0; n < count; n++) |
3054 | 62.7k | *mb++ = (double)(*ma++); |
3055 | 1.08k | } |
3056 | 1.08k | break; |
3057 | 5.55k | case TIFF_SHORT: |
3058 | 5.55k | { |
3059 | 5.55k | uint16_t *ma; |
3060 | 5.55k | double *mb; |
3061 | 5.55k | uint32_t n; |
3062 | 5.55k | ma = (uint16_t *)origdata; |
3063 | 5.55k | mb = data; |
3064 | 75.4k | for (n = 0; n < count; n++) |
3065 | 69.8k | { |
3066 | 69.8k | if (tif->tif_flags & TIFF_SWAB) |
3067 | 303 | TIFFSwabShort(ma); |
3068 | 69.8k | *mb++ = (double)(*ma++); |
3069 | 69.8k | } |
3070 | 5.55k | } |
3071 | 5.55k | break; |
3072 | 1.51k | case TIFF_SSHORT: |
3073 | 1.51k | { |
3074 | 1.51k | int16_t *ma; |
3075 | 1.51k | double *mb; |
3076 | 1.51k | uint32_t n; |
3077 | 1.51k | ma = (int16_t *)origdata; |
3078 | 1.51k | mb = data; |
3079 | 24.1k | for (n = 0; n < count; n++) |
3080 | 22.6k | { |
3081 | 22.6k | if (tif->tif_flags & TIFF_SWAB) |
3082 | 505 | TIFFSwabShort((uint16_t *)ma); |
3083 | 22.6k | *mb++ = (double)(*ma++); |
3084 | 22.6k | } |
3085 | 1.51k | } |
3086 | 1.51k | break; |
3087 | 1.10k | case TIFF_LONG: |
3088 | 1.10k | { |
3089 | 1.10k | uint32_t *ma; |
3090 | 1.10k | double *mb; |
3091 | 1.10k | uint32_t n; |
3092 | 1.10k | ma = (uint32_t *)origdata; |
3093 | 1.10k | mb = data; |
3094 | 16.5k | for (n = 0; n < count; n++) |
3095 | 15.4k | { |
3096 | 15.4k | if (tif->tif_flags & TIFF_SWAB) |
3097 | 210 | TIFFSwabLong(ma); |
3098 | 15.4k | *mb++ = (double)(*ma++); |
3099 | 15.4k | } |
3100 | 1.10k | } |
3101 | 1.10k | break; |
3102 | 889 | case TIFF_SLONG: |
3103 | 889 | { |
3104 | 889 | int32_t *ma; |
3105 | 889 | double *mb; |
3106 | 889 | uint32_t n; |
3107 | 889 | ma = (int32_t *)origdata; |
3108 | 889 | mb = data; |
3109 | 24.5k | for (n = 0; n < count; n++) |
3110 | 23.7k | { |
3111 | 23.7k | if (tif->tif_flags & TIFF_SWAB) |
3112 | 67 | TIFFSwabLong((uint32_t *)ma); |
3113 | 23.7k | *mb++ = (double)(*ma++); |
3114 | 23.7k | } |
3115 | 889 | } |
3116 | 889 | break; |
3117 | 648 | case TIFF_LONG8: |
3118 | 648 | { |
3119 | 648 | uint64_t *ma; |
3120 | 648 | double *mb; |
3121 | 648 | uint32_t n; |
3122 | 648 | ma = (uint64_t *)origdata; |
3123 | 648 | mb = data; |
3124 | 13.4k | for (n = 0; n < count; n++) |
3125 | 12.8k | { |
3126 | 12.8k | if (tif->tif_flags & TIFF_SWAB) |
3127 | 78 | TIFFSwabLong8(ma); |
3128 | 12.8k | *mb++ = (double)(*ma++); |
3129 | 12.8k | } |
3130 | 648 | } |
3131 | 648 | break; |
3132 | 599 | case TIFF_SLONG8: |
3133 | 599 | { |
3134 | 599 | int64_t *ma; |
3135 | 599 | double *mb; |
3136 | 599 | uint32_t n; |
3137 | 599 | ma = (int64_t *)origdata; |
3138 | 599 | mb = data; |
3139 | 16.5k | for (n = 0; n < count; n++) |
3140 | 15.9k | { |
3141 | 15.9k | if (tif->tif_flags & TIFF_SWAB) |
3142 | 51 | TIFFSwabLong8((uint64_t *)ma); |
3143 | 15.9k | *mb++ = (double)(*ma++); |
3144 | 15.9k | } |
3145 | 599 | } |
3146 | 599 | break; |
3147 | 1.06k | case TIFF_RATIONAL: |
3148 | 1.06k | { |
3149 | 1.06k | uint32_t *ma; |
3150 | 1.06k | uint32_t maa; |
3151 | 1.06k | uint32_t mab; |
3152 | 1.06k | double *mb; |
3153 | 1.06k | uint32_t n; |
3154 | 1.06k | ma = (uint32_t *)origdata; |
3155 | 1.06k | mb = data; |
3156 | 346k | for (n = 0; n < count; n++) |
3157 | 345k | { |
3158 | 345k | if (tif->tif_flags & TIFF_SWAB) |
3159 | 865 | TIFFSwabLong(ma); |
3160 | 345k | maa = *ma++; |
3161 | 345k | if (tif->tif_flags & TIFF_SWAB) |
3162 | 865 | TIFFSwabLong(ma); |
3163 | 345k | mab = *ma++; |
3164 | 345k | if (mab == 0) |
3165 | 208k | *mb++ = 0.0; |
3166 | 137k | else |
3167 | 137k | *mb++ = (double)maa / (double)mab; |
3168 | 345k | } |
3169 | 1.06k | } |
3170 | 1.06k | break; |
3171 | 2.26k | case TIFF_SRATIONAL: |
3172 | 2.26k | { |
3173 | 2.26k | uint32_t *ma; |
3174 | 2.26k | int32_t maa; |
3175 | 2.26k | uint32_t mab; |
3176 | 2.26k | double *mb; |
3177 | 2.26k | uint32_t n; |
3178 | 2.26k | ma = (uint32_t *)origdata; |
3179 | 2.26k | mb = data; |
3180 | 50.0k | for (n = 0; n < count; n++) |
3181 | 47.7k | { |
3182 | 47.7k | if (tif->tif_flags & TIFF_SWAB) |
3183 | 105 | TIFFSwabLong(ma); |
3184 | 47.7k | maa = *(int32_t *)ma; |
3185 | 47.7k | ma++; |
3186 | 47.7k | if (tif->tif_flags & TIFF_SWAB) |
3187 | 105 | TIFFSwabLong(ma); |
3188 | 47.7k | mab = *ma++; |
3189 | 47.7k | if (mab == 0) |
3190 | 4.87k | *mb++ = 0.0; |
3191 | 42.8k | else |
3192 | 42.8k | *mb++ = (double)maa / (double)mab; |
3193 | 47.7k | } |
3194 | 2.26k | } |
3195 | 2.26k | break; |
3196 | 764 | case TIFF_FLOAT: |
3197 | 764 | { |
3198 | 764 | float *ma; |
3199 | 764 | double *mb; |
3200 | 764 | uint32_t n; |
3201 | 764 | if (tif->tif_flags & TIFF_SWAB) |
3202 | 13 | TIFFSwabArrayOfLong((uint32_t *)origdata, count); |
3203 | 764 | TIFFCvtIEEEFloatToNative(tif, count, (float *)origdata); |
3204 | 764 | ma = (float *)origdata; |
3205 | 764 | mb = data; |
3206 | 12.6k | for (n = 0; n < count; n++) |
3207 | 11.8k | *mb++ = (double)(*ma++); |
3208 | 764 | } |
3209 | 764 | break; |
3210 | 19.5k | } |
3211 | 19.5k | _TIFFfreeExt(tif, origdata); |
3212 | 19.5k | *value = data; |
3213 | 19.5k | return (TIFFReadDirEntryErrOk); |
3214 | 19.5k | } |
3215 | | |
3216 | | static enum TIFFReadDirEntryErr |
3217 | | TIFFReadDirEntryIfd8Array(TIFF *tif, TIFFDirEntry *direntry, uint64_t **value) |
3218 | 232k | { |
3219 | 232k | enum TIFFReadDirEntryErr err; |
3220 | 232k | uint32_t count; |
3221 | 232k | void *origdata; |
3222 | 232k | uint64_t *data; |
3223 | 232k | switch (direntry->tdir_type) |
3224 | 232k | { |
3225 | 178k | case TIFF_LONG: |
3226 | 183k | case TIFF_LONG8: |
3227 | 206k | case TIFF_IFD: |
3228 | 229k | case TIFF_IFD8: |
3229 | 229k | break; |
3230 | 2.23k | default: |
3231 | 2.23k | return (TIFFReadDirEntryErrType); |
3232 | 232k | } |
3233 | 229k | err = TIFFReadDirEntryArray(tif, direntry, &count, 8, &origdata); |
3234 | 229k | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
3235 | 45.6k | { |
3236 | 45.6k | *value = 0; |
3237 | 45.6k | return (err); |
3238 | 45.6k | } |
3239 | 184k | switch (direntry->tdir_type) |
3240 | 184k | { |
3241 | 4.47k | case TIFF_LONG8: |
3242 | 7.20k | case TIFF_IFD8: |
3243 | 7.20k | *value = (uint64_t *)origdata; |
3244 | 7.20k | if (tif->tif_flags & TIFF_SWAB) |
3245 | 259 | TIFFSwabArrayOfLong8(*value, count); |
3246 | 7.20k | return (TIFFReadDirEntryErrOk); |
3247 | 184k | } |
3248 | 177k | data = (uint64_t *)_TIFFmallocExt(tif, count * 8); |
3249 | 177k | if (data == 0) |
3250 | 0 | { |
3251 | 0 | _TIFFfreeExt(tif, origdata); |
3252 | 0 | return (TIFFReadDirEntryErrAlloc); |
3253 | 0 | } |
3254 | 177k | switch (direntry->tdir_type) |
3255 | 177k | { |
3256 | 171k | case TIFF_LONG: |
3257 | 177k | case TIFF_IFD: |
3258 | 177k | { |
3259 | 177k | uint32_t *ma; |
3260 | 177k | uint64_t *mb; |
3261 | 177k | uint32_t n; |
3262 | 177k | ma = (uint32_t *)origdata; |
3263 | 177k | mb = data; |
3264 | 31.3M | for (n = 0; n < count; n++) |
3265 | 31.1M | { |
3266 | 31.1M | if (tif->tif_flags & TIFF_SWAB) |
3267 | 34.0k | TIFFSwabLong(ma); |
3268 | 31.1M | *mb++ = (uint64_t)(*ma++); |
3269 | 31.1M | } |
3270 | 177k | } |
3271 | 177k | break; |
3272 | 177k | } |
3273 | 177k | _TIFFfreeExt(tif, origdata); |
3274 | 177k | *value = data; |
3275 | 177k | return (TIFFReadDirEntryErrOk); |
3276 | 177k | } |
3277 | | |
3278 | | static enum TIFFReadDirEntryErr |
3279 | | TIFFReadDirEntryPersampleShort(TIFF *tif, TIFFDirEntry *direntry, |
3280 | | uint16_t *value) |
3281 | 175k | { |
3282 | 175k | enum TIFFReadDirEntryErr err; |
3283 | 175k | uint16_t *m; |
3284 | 175k | uint16_t *na; |
3285 | 175k | uint16_t nb; |
3286 | 175k | if (direntry->tdir_count < (uint64_t)tif->tif_dir.td_samplesperpixel) |
3287 | 173 | return (TIFFReadDirEntryErrCount); |
3288 | 175k | err = TIFFReadDirEntryShortArray(tif, direntry, &m); |
3289 | 175k | if (err != TIFFReadDirEntryErrOk || m == NULL) |
3290 | 2.72k | return (err); |
3291 | 172k | na = m; |
3292 | 172k | nb = tif->tif_dir.td_samplesperpixel; |
3293 | 172k | *value = *na++; |
3294 | 172k | nb--; |
3295 | 2.29M | while (nb > 0) |
3296 | 2.11M | { |
3297 | 2.11M | if (*na++ != *value) |
3298 | 186 | { |
3299 | 186 | err = TIFFReadDirEntryErrPsdif; |
3300 | 186 | break; |
3301 | 186 | } |
3302 | 2.11M | nb--; |
3303 | 2.11M | } |
3304 | 172k | _TIFFfreeExt(tif, m); |
3305 | 172k | return (err); |
3306 | 175k | } |
3307 | | |
3308 | | static void TIFFReadDirEntryCheckedByte(TIFF *tif, TIFFDirEntry *direntry, |
3309 | | uint8_t *value) |
3310 | 97.8k | { |
3311 | 97.8k | (void)tif; |
3312 | 97.8k | *value = *(uint8_t *)(&direntry->tdir_offset); |
3313 | 97.8k | } |
3314 | | |
3315 | | static void TIFFReadDirEntryCheckedSbyte(TIFF *tif, TIFFDirEntry *direntry, |
3316 | | int8_t *value) |
3317 | 31.4k | { |
3318 | 31.4k | (void)tif; |
3319 | 31.4k | *value = *(int8_t *)(&direntry->tdir_offset); |
3320 | 31.4k | } |
3321 | | |
3322 | | static void TIFFReadDirEntryCheckedShort(TIFF *tif, TIFFDirEntry *direntry, |
3323 | | uint16_t *value) |
3324 | 8.28M | { |
3325 | 8.28M | *value = direntry->tdir_offset.toff_short; |
3326 | | /* *value=*(uint16_t*)(&direntry->tdir_offset); */ |
3327 | 8.28M | if (tif->tif_flags & TIFF_SWAB) |
3328 | 13.7k | TIFFSwabShort(value); |
3329 | 8.28M | } |
3330 | | |
3331 | | static void TIFFReadDirEntryCheckedSshort(TIFF *tif, TIFFDirEntry *direntry, |
3332 | | int16_t *value) |
3333 | 53.7k | { |
3334 | 53.7k | *value = *(int16_t *)(&direntry->tdir_offset); |
3335 | 53.7k | if (tif->tif_flags & TIFF_SWAB) |
3336 | 673 | TIFFSwabShort((uint16_t *)value); |
3337 | 53.7k | } |
3338 | | |
3339 | | static void TIFFReadDirEntryCheckedLong(TIFF *tif, TIFFDirEntry *direntry, |
3340 | | uint32_t *value) |
3341 | 98.5k | { |
3342 | 98.5k | *value = *(uint32_t *)(&direntry->tdir_offset); |
3343 | 98.5k | if (tif->tif_flags & TIFF_SWAB) |
3344 | 4.21k | TIFFSwabLong(value); |
3345 | 98.5k | } |
3346 | | |
3347 | | static void TIFFReadDirEntryCheckedSlong(TIFF *tif, TIFFDirEntry *direntry, |
3348 | | int32_t *value) |
3349 | 34.1k | { |
3350 | 34.1k | *value = *(int32_t *)(&direntry->tdir_offset); |
3351 | 34.1k | if (tif->tif_flags & TIFF_SWAB) |
3352 | 648 | TIFFSwabLong((uint32_t *)value); |
3353 | 34.1k | } |
3354 | | |
3355 | | static enum TIFFReadDirEntryErr |
3356 | | TIFFReadDirEntryCheckedLong8(TIFF *tif, TIFFDirEntry *direntry, uint64_t *value) |
3357 | 19.3k | { |
3358 | 19.3k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
3359 | 19.1k | { |
3360 | 19.1k | enum TIFFReadDirEntryErr err; |
3361 | 19.1k | uint32_t offset = direntry->tdir_offset.toff_long; |
3362 | 19.1k | if (tif->tif_flags & TIFF_SWAB) |
3363 | 215 | TIFFSwabLong(&offset); |
3364 | 19.1k | err = TIFFReadDirEntryData(tif, offset, 8, value); |
3365 | 19.1k | if (err != TIFFReadDirEntryErrOk) |
3366 | 3.91k | return (err); |
3367 | 19.1k | } |
3368 | 218 | else |
3369 | 218 | *value = direntry->tdir_offset.toff_long8; |
3370 | 15.4k | if (tif->tif_flags & TIFF_SWAB) |
3371 | 220 | TIFFSwabLong8(value); |
3372 | 15.4k | return (TIFFReadDirEntryErrOk); |
3373 | 19.3k | } |
3374 | | |
3375 | | static enum TIFFReadDirEntryErr |
3376 | | TIFFReadDirEntryCheckedSlong8(TIFF *tif, TIFFDirEntry *direntry, int64_t *value) |
3377 | 20.7k | { |
3378 | 20.7k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
3379 | 19.2k | { |
3380 | 19.2k | enum TIFFReadDirEntryErr err; |
3381 | 19.2k | uint32_t offset = direntry->tdir_offset.toff_long; |
3382 | 19.2k | if (tif->tif_flags & TIFF_SWAB) |
3383 | 285 | TIFFSwabLong(&offset); |
3384 | 19.2k | err = TIFFReadDirEntryData(tif, offset, 8, value); |
3385 | 19.2k | if (err != TIFFReadDirEntryErrOk) |
3386 | 5.62k | return (err); |
3387 | 19.2k | } |
3388 | 1.47k | else |
3389 | 1.47k | *value = *(int64_t *)(&direntry->tdir_offset); |
3390 | 15.1k | if (tif->tif_flags & TIFF_SWAB) |
3391 | 254 | TIFFSwabLong8((uint64_t *)value); |
3392 | 15.1k | return (TIFFReadDirEntryErrOk); |
3393 | 20.7k | } |
3394 | | |
3395 | | static enum TIFFReadDirEntryErr |
3396 | | TIFFReadDirEntryCheckedRational(TIFF *tif, TIFFDirEntry *direntry, |
3397 | | double *value) |
3398 | 16.3k | { |
3399 | 16.3k | UInt64Aligned_t m; |
3400 | | |
3401 | 16.3k | assert(sizeof(double) == 8); |
3402 | 16.3k | assert(sizeof(uint64_t) == 8); |
3403 | 16.3k | assert(sizeof(uint32_t) == 4); |
3404 | 16.3k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
3405 | 16.3k | { |
3406 | 16.3k | enum TIFFReadDirEntryErr err; |
3407 | 16.3k | uint32_t offset = direntry->tdir_offset.toff_long; |
3408 | 16.3k | if (tif->tif_flags & TIFF_SWAB) |
3409 | 497 | TIFFSwabLong(&offset); |
3410 | 16.3k | err = TIFFReadDirEntryData(tif, offset, 8, m.i); |
3411 | 16.3k | if (err != TIFFReadDirEntryErrOk) |
3412 | 4.38k | return (err); |
3413 | 16.3k | } |
3414 | 14 | else |
3415 | 14 | m.l = direntry->tdir_offset.toff_long8; |
3416 | 11.9k | if (tif->tif_flags & TIFF_SWAB) |
3417 | 336 | TIFFSwabArrayOfLong(m.i, 2); |
3418 | | /* Not completely sure what we should do when m.i[1]==0, but some */ |
3419 | | /* sanitizers do not like division by 0.0: */ |
3420 | | /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ |
3421 | 11.9k | if (m.i[0] == 0 || m.i[1] == 0) |
3422 | 2.20k | *value = 0.0; |
3423 | 9.74k | else |
3424 | 9.74k | *value = (double)m.i[0] / (double)m.i[1]; |
3425 | 11.9k | return (TIFFReadDirEntryErrOk); |
3426 | 16.3k | } |
3427 | | |
3428 | | static enum TIFFReadDirEntryErr |
3429 | | TIFFReadDirEntryCheckedSrational(TIFF *tif, TIFFDirEntry *direntry, |
3430 | | double *value) |
3431 | 4.62k | { |
3432 | 4.62k | UInt64Aligned_t m; |
3433 | 4.62k | assert(sizeof(double) == 8); |
3434 | 4.62k | assert(sizeof(uint64_t) == 8); |
3435 | 4.62k | assert(sizeof(int32_t) == 4); |
3436 | 4.62k | assert(sizeof(uint32_t) == 4); |
3437 | 4.62k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
3438 | 4.61k | { |
3439 | 4.61k | enum TIFFReadDirEntryErr err; |
3440 | 4.61k | uint32_t offset = direntry->tdir_offset.toff_long; |
3441 | 4.61k | if (tif->tif_flags & TIFF_SWAB) |
3442 | 44 | TIFFSwabLong(&offset); |
3443 | 4.61k | err = TIFFReadDirEntryData(tif, offset, 8, m.i); |
3444 | 4.61k | if (err != TIFFReadDirEntryErrOk) |
3445 | 1.32k | return (err); |
3446 | 4.61k | } |
3447 | 6 | else |
3448 | 6 | m.l = direntry->tdir_offset.toff_long8; |
3449 | 3.30k | if (tif->tif_flags & TIFF_SWAB) |
3450 | 38 | TIFFSwabArrayOfLong(m.i, 2); |
3451 | | /* Not completely sure what we should do when m.i[1]==0, but some */ |
3452 | | /* sanitizers do not like division by 0.0: */ |
3453 | | /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ |
3454 | 3.30k | if ((int32_t)m.i[0] == 0 || m.i[1] == 0) |
3455 | 1.28k | *value = 0.0; |
3456 | 2.01k | else |
3457 | 2.01k | *value = (double)((int32_t)m.i[0]) / (double)m.i[1]; |
3458 | 3.30k | return (TIFFReadDirEntryErrOk); |
3459 | 4.62k | } |
3460 | | |
3461 | | #if 0 |
3462 | | static enum TIFFReadDirEntryErr |
3463 | | TIFFReadDirEntryCheckedRationalDirect(TIFF *tif, TIFFDirEntry *direntry, |
3464 | | TIFFRational_t *value) |
3465 | | { /*--: SetGetRATIONAL_directly:_CustomTag: Read rational (and signed rationals) |
3466 | | directly --*/ |
3467 | | UInt64Aligned_t m; |
3468 | | |
3469 | | assert(sizeof(double) == 8); |
3470 | | assert(sizeof(uint64_t) == 8); |
3471 | | assert(sizeof(uint32_t) == 4); |
3472 | | |
3473 | | if (direntry->tdir_count != 1) |
3474 | | return (TIFFReadDirEntryErrCount); |
3475 | | |
3476 | | if (direntry->tdir_type != TIFF_RATIONAL && |
3477 | | direntry->tdir_type != TIFF_SRATIONAL) |
3478 | | return (TIFFReadDirEntryErrType); |
3479 | | |
3480 | | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
3481 | | { |
3482 | | enum TIFFReadDirEntryErr err; |
3483 | | uint32_t offset = direntry->tdir_offset.toff_long; |
3484 | | if (tif->tif_flags & TIFF_SWAB) |
3485 | | TIFFSwabLong(&offset); |
3486 | | err = TIFFReadDirEntryData(tif, offset, 8, m.i); |
3487 | | if (err != TIFFReadDirEntryErrOk) |
3488 | | return (err); |
3489 | | } |
3490 | | else |
3491 | | { |
3492 | | m.l = direntry->tdir_offset.toff_long8; |
3493 | | } |
3494 | | |
3495 | | if (tif->tif_flags & TIFF_SWAB) |
3496 | | TIFFSwabArrayOfLong(m.i, 2); |
3497 | | |
3498 | | value->uNum = m.i[0]; |
3499 | | value->uDenom = m.i[1]; |
3500 | | return (TIFFReadDirEntryErrOk); |
3501 | | } /*-- TIFFReadDirEntryCheckedRationalDirect() --*/ |
3502 | | #endif |
3503 | | |
3504 | | static void TIFFReadDirEntryCheckedFloat(TIFF *tif, TIFFDirEntry *direntry, |
3505 | | float *value) |
3506 | 1.38k | { |
3507 | 1.38k | union |
3508 | 1.38k | { |
3509 | 1.38k | float f; |
3510 | 1.38k | uint32_t i; |
3511 | 1.38k | } float_union; |
3512 | 1.38k | assert(sizeof(float) == 4); |
3513 | 1.38k | assert(sizeof(uint32_t) == 4); |
3514 | 1.38k | assert(sizeof(float_union) == 4); |
3515 | 1.38k | float_union.i = *(uint32_t *)(&direntry->tdir_offset); |
3516 | 1.38k | *value = float_union.f; |
3517 | 1.38k | if (tif->tif_flags & TIFF_SWAB) |
3518 | 199 | TIFFSwabLong((uint32_t *)value); |
3519 | 1.38k | } |
3520 | | |
3521 | | static enum TIFFReadDirEntryErr |
3522 | | TIFFReadDirEntryCheckedDouble(TIFF *tif, TIFFDirEntry *direntry, double *value) |
3523 | 2.93k | { |
3524 | 2.93k | assert(sizeof(double) == 8); |
3525 | 2.93k | assert(sizeof(uint64_t) == 8); |
3526 | 2.93k | assert(sizeof(UInt64Aligned_t) == 8); |
3527 | 2.93k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
3528 | 2.90k | { |
3529 | 2.90k | enum TIFFReadDirEntryErr err; |
3530 | 2.90k | uint32_t offset = direntry->tdir_offset.toff_long; |
3531 | 2.90k | if (tif->tif_flags & TIFF_SWAB) |
3532 | 28 | TIFFSwabLong(&offset); |
3533 | 2.90k | err = TIFFReadDirEntryData(tif, offset, 8, value); |
3534 | 2.90k | if (err != TIFFReadDirEntryErrOk) |
3535 | 851 | return (err); |
3536 | 2.90k | } |
3537 | 29 | else |
3538 | 29 | { |
3539 | 29 | UInt64Aligned_t uint64_union; |
3540 | 29 | uint64_union.l = direntry->tdir_offset.toff_long8; |
3541 | 29 | *value = uint64_union.d; |
3542 | 29 | } |
3543 | 2.08k | if (tif->tif_flags & TIFF_SWAB) |
3544 | 41 | TIFFSwabLong8((uint64_t *)value); |
3545 | 2.08k | return (TIFFReadDirEntryErrOk); |
3546 | 2.93k | } |
3547 | | |
3548 | | static enum TIFFReadDirEntryErr |
3549 | | TIFFReadDirEntryCheckRangeByteSbyte(int8_t value) |
3550 | 14.6k | { |
3551 | 14.6k | if (value < 0) |
3552 | 1.59k | return (TIFFReadDirEntryErrRange); |
3553 | 13.1k | else |
3554 | 13.1k | return (TIFFReadDirEntryErrOk); |
3555 | 14.6k | } |
3556 | | |
3557 | | static enum TIFFReadDirEntryErr |
3558 | | TIFFReadDirEntryCheckRangeByteShort(uint16_t value) |
3559 | 70.9k | { |
3560 | 70.9k | if (value > 0xFF) |
3561 | 12.4k | return (TIFFReadDirEntryErrRange); |
3562 | 58.5k | else |
3563 | 58.5k | return (TIFFReadDirEntryErrOk); |
3564 | 70.9k | } |
3565 | | |
3566 | | static enum TIFFReadDirEntryErr |
3567 | | TIFFReadDirEntryCheckRangeByteSshort(int16_t value) |
3568 | 16.9k | { |
3569 | 16.9k | if ((value < 0) || (value > 0xFF)) |
3570 | 2.36k | return (TIFFReadDirEntryErrRange); |
3571 | 14.6k | else |
3572 | 14.6k | return (TIFFReadDirEntryErrOk); |
3573 | 16.9k | } |
3574 | | |
3575 | | static enum TIFFReadDirEntryErr |
3576 | | TIFFReadDirEntryCheckRangeByteLong(uint32_t value) |
3577 | 26.5k | { |
3578 | 26.5k | if (value > 0xFF) |
3579 | 8.31k | return (TIFFReadDirEntryErrRange); |
3580 | 18.2k | else |
3581 | 18.2k | return (TIFFReadDirEntryErrOk); |
3582 | 26.5k | } |
3583 | | |
3584 | | static enum TIFFReadDirEntryErr |
3585 | | TIFFReadDirEntryCheckRangeByteSlong(int32_t value) |
3586 | 10.5k | { |
3587 | 10.5k | if ((value < 0) || (value > 0xFF)) |
3588 | 3.30k | return (TIFFReadDirEntryErrRange); |
3589 | 7.24k | else |
3590 | 7.24k | return (TIFFReadDirEntryErrOk); |
3591 | 10.5k | } |
3592 | | |
3593 | | static enum TIFFReadDirEntryErr |
3594 | | TIFFReadDirEntryCheckRangeByteLong8(uint64_t value) |
3595 | 7.34k | { |
3596 | 7.34k | if (value > 0xFF) |
3597 | 3.47k | return (TIFFReadDirEntryErrRange); |
3598 | 3.87k | else |
3599 | 3.87k | return (TIFFReadDirEntryErrOk); |
3600 | 7.34k | } |
3601 | | |
3602 | | static enum TIFFReadDirEntryErr |
3603 | | TIFFReadDirEntryCheckRangeByteSlong8(int64_t value) |
3604 | 9.72k | { |
3605 | 9.72k | if ((value < 0) || (value > 0xFF)) |
3606 | 4.69k | return (TIFFReadDirEntryErrRange); |
3607 | 5.03k | else |
3608 | 5.03k | return (TIFFReadDirEntryErrOk); |
3609 | 9.72k | } |
3610 | | |
3611 | | static enum TIFFReadDirEntryErr |
3612 | | TIFFReadDirEntryCheckRangeSbyteByte(uint8_t value) |
3613 | 0 | { |
3614 | 0 | if (value > 0x7F) |
3615 | 0 | return (TIFFReadDirEntryErrRange); |
3616 | 0 | else |
3617 | 0 | return (TIFFReadDirEntryErrOk); |
3618 | 0 | } |
3619 | | |
3620 | | static enum TIFFReadDirEntryErr |
3621 | | TIFFReadDirEntryCheckRangeSbyteShort(uint16_t value) |
3622 | 0 | { |
3623 | 0 | if (value > 0x7F) |
3624 | 0 | return (TIFFReadDirEntryErrRange); |
3625 | 0 | else |
3626 | 0 | return (TIFFReadDirEntryErrOk); |
3627 | 0 | } |
3628 | | |
3629 | | static enum TIFFReadDirEntryErr |
3630 | | TIFFReadDirEntryCheckRangeSbyteSshort(int16_t value) |
3631 | 0 | { |
3632 | 0 | if ((value < -0x80) || (value > 0x7F)) |
3633 | 0 | return (TIFFReadDirEntryErrRange); |
3634 | 0 | else |
3635 | 0 | return (TIFFReadDirEntryErrOk); |
3636 | 0 | } |
3637 | | |
3638 | | static enum TIFFReadDirEntryErr |
3639 | | TIFFReadDirEntryCheckRangeSbyteLong(uint32_t value) |
3640 | 0 | { |
3641 | 0 | if (value > 0x7F) |
3642 | 0 | return (TIFFReadDirEntryErrRange); |
3643 | 0 | else |
3644 | 0 | return (TIFFReadDirEntryErrOk); |
3645 | 0 | } |
3646 | | |
3647 | | static enum TIFFReadDirEntryErr |
3648 | | TIFFReadDirEntryCheckRangeSbyteSlong(int32_t value) |
3649 | 0 | { |
3650 | 0 | if ((value < -0x80) || (value > 0x7F)) |
3651 | 0 | return (TIFFReadDirEntryErrRange); |
3652 | 0 | else |
3653 | 0 | return (TIFFReadDirEntryErrOk); |
3654 | 0 | } |
3655 | | |
3656 | | static enum TIFFReadDirEntryErr |
3657 | | TIFFReadDirEntryCheckRangeSbyteLong8(uint64_t value) |
3658 | 0 | { |
3659 | 0 | if (value > 0x7F) |
3660 | 0 | return (TIFFReadDirEntryErrRange); |
3661 | 0 | else |
3662 | 0 | return (TIFFReadDirEntryErrOk); |
3663 | 0 | } |
3664 | | |
3665 | | static enum TIFFReadDirEntryErr |
3666 | | TIFFReadDirEntryCheckRangeSbyteSlong8(int64_t value) |
3667 | 0 | { |
3668 | 0 | if ((value < -0x80) || (value > 0x7F)) |
3669 | 0 | return (TIFFReadDirEntryErrRange); |
3670 | 0 | else |
3671 | 0 | return (TIFFReadDirEntryErrOk); |
3672 | 0 | } |
3673 | | |
3674 | | static enum TIFFReadDirEntryErr |
3675 | | TIFFReadDirEntryCheckRangeShortSbyte(int8_t value) |
3676 | 24.5k | { |
3677 | 24.5k | if (value < 0) |
3678 | 817 | return (TIFFReadDirEntryErrRange); |
3679 | 23.7k | else |
3680 | 23.7k | return (TIFFReadDirEntryErrOk); |
3681 | 24.5k | } |
3682 | | |
3683 | | static enum TIFFReadDirEntryErr |
3684 | | TIFFReadDirEntryCheckRangeShortSshort(int16_t value) |
3685 | 26.2k | { |
3686 | 26.2k | if (value < 0) |
3687 | 1.12k | return (TIFFReadDirEntryErrRange); |
3688 | 25.1k | else |
3689 | 25.1k | return (TIFFReadDirEntryErrOk); |
3690 | 26.2k | } |
3691 | | |
3692 | | static enum TIFFReadDirEntryErr |
3693 | | TIFFReadDirEntryCheckRangeShortLong(uint32_t value) |
3694 | 20.1k | { |
3695 | 20.1k | if (value > 0xFFFF) |
3696 | 9.03k | return (TIFFReadDirEntryErrRange); |
3697 | 11.1k | else |
3698 | 11.1k | return (TIFFReadDirEntryErrOk); |
3699 | 20.1k | } |
3700 | | |
3701 | | static enum TIFFReadDirEntryErr |
3702 | | TIFFReadDirEntryCheckRangeShortSlong(int32_t value) |
3703 | 14.0k | { |
3704 | 14.0k | if ((value < 0) || (value > 0xFFFF)) |
3705 | 3.18k | return (TIFFReadDirEntryErrRange); |
3706 | 10.8k | else |
3707 | 10.8k | return (TIFFReadDirEntryErrOk); |
3708 | 14.0k | } |
3709 | | |
3710 | | static enum TIFFReadDirEntryErr |
3711 | | TIFFReadDirEntryCheckRangeShortLong8(uint64_t value) |
3712 | 3.11k | { |
3713 | 3.11k | if (value > 0xFFFF) |
3714 | 1.76k | return (TIFFReadDirEntryErrRange); |
3715 | 1.34k | else |
3716 | 1.34k | return (TIFFReadDirEntryErrOk); |
3717 | 3.11k | } |
3718 | | |
3719 | | static enum TIFFReadDirEntryErr |
3720 | | TIFFReadDirEntryCheckRangeShortSlong8(int64_t value) |
3721 | 9.66k | { |
3722 | 9.66k | if ((value < 0) || (value > 0xFFFF)) |
3723 | 6.27k | return (TIFFReadDirEntryErrRange); |
3724 | 3.38k | else |
3725 | 3.38k | return (TIFFReadDirEntryErrOk); |
3726 | 9.66k | } |
3727 | | |
3728 | | static enum TIFFReadDirEntryErr |
3729 | | TIFFReadDirEntryCheckRangeSshortShort(uint16_t value) |
3730 | 0 | { |
3731 | 0 | if (value > 0x7FFF) |
3732 | 0 | return (TIFFReadDirEntryErrRange); |
3733 | 0 | else |
3734 | 0 | return (TIFFReadDirEntryErrOk); |
3735 | 0 | } |
3736 | | |
3737 | | static enum TIFFReadDirEntryErr |
3738 | | TIFFReadDirEntryCheckRangeSshortLong(uint32_t value) |
3739 | 0 | { |
3740 | 0 | if (value > 0x7FFF) |
3741 | 0 | return (TIFFReadDirEntryErrRange); |
3742 | 0 | else |
3743 | 0 | return (TIFFReadDirEntryErrOk); |
3744 | 0 | } |
3745 | | |
3746 | | static enum TIFFReadDirEntryErr |
3747 | | TIFFReadDirEntryCheckRangeSshortSlong(int32_t value) |
3748 | 0 | { |
3749 | 0 | if ((value < -0x8000) || (value > 0x7FFF)) |
3750 | 0 | return (TIFFReadDirEntryErrRange); |
3751 | 0 | else |
3752 | 0 | return (TIFFReadDirEntryErrOk); |
3753 | 0 | } |
3754 | | |
3755 | | static enum TIFFReadDirEntryErr |
3756 | | TIFFReadDirEntryCheckRangeSshortLong8(uint64_t value) |
3757 | 0 | { |
3758 | 0 | if (value > 0x7FFF) |
3759 | 0 | return (TIFFReadDirEntryErrRange); |
3760 | 0 | else |
3761 | 0 | return (TIFFReadDirEntryErrOk); |
3762 | 0 | } |
3763 | | |
3764 | | static enum TIFFReadDirEntryErr |
3765 | | TIFFReadDirEntryCheckRangeSshortSlong8(int64_t value) |
3766 | 0 | { |
3767 | 0 | if ((value < -0x8000) || (value > 0x7FFF)) |
3768 | 0 | return (TIFFReadDirEntryErrRange); |
3769 | 0 | else |
3770 | 0 | return (TIFFReadDirEntryErrOk); |
3771 | 0 | } |
3772 | | |
3773 | | static enum TIFFReadDirEntryErr |
3774 | | TIFFReadDirEntryCheckRangeLongSbyte(int8_t value) |
3775 | 31.3k | { |
3776 | 31.3k | if (value < 0) |
3777 | 635 | return (TIFFReadDirEntryErrRange); |
3778 | 30.7k | else |
3779 | 30.7k | return (TIFFReadDirEntryErrOk); |
3780 | 31.3k | } |
3781 | | |
3782 | | static enum TIFFReadDirEntryErr |
3783 | | TIFFReadDirEntryCheckRangeLongSshort(int16_t value) |
3784 | 34.5k | { |
3785 | 34.5k | if (value < 0) |
3786 | 605 | return (TIFFReadDirEntryErrRange); |
3787 | 33.9k | else |
3788 | 33.9k | return (TIFFReadDirEntryErrOk); |
3789 | 34.5k | } |
3790 | | |
3791 | | static enum TIFFReadDirEntryErr |
3792 | | TIFFReadDirEntryCheckRangeLongSlong(int32_t value) |
3793 | 32.9k | { |
3794 | 32.9k | if (value < 0) |
3795 | 1.51k | return (TIFFReadDirEntryErrRange); |
3796 | 31.4k | else |
3797 | 31.4k | return (TIFFReadDirEntryErrOk); |
3798 | 32.9k | } |
3799 | | |
3800 | | static enum TIFFReadDirEntryErr |
3801 | | TIFFReadDirEntryCheckRangeLongLong8(uint64_t value) |
3802 | 10.9k | { |
3803 | 10.9k | if (value > UINT32_MAX) |
3804 | 1.74k | return (TIFFReadDirEntryErrRange); |
3805 | 9.24k | else |
3806 | 9.24k | return (TIFFReadDirEntryErrOk); |
3807 | 10.9k | } |
3808 | | |
3809 | | static enum TIFFReadDirEntryErr |
3810 | | TIFFReadDirEntryCheckRangeLongSlong8(int64_t value) |
3811 | 83.7k | { |
3812 | 83.7k | if ((value < 0) || (value > (int64_t)UINT32_MAX)) |
3813 | 3.93k | return (TIFFReadDirEntryErrRange); |
3814 | 79.7k | else |
3815 | 79.7k | return (TIFFReadDirEntryErrOk); |
3816 | 83.7k | } |
3817 | | |
3818 | | static enum TIFFReadDirEntryErr |
3819 | | TIFFReadDirEntryCheckRangeSlongLong(uint32_t value) |
3820 | 0 | { |
3821 | 0 | if (value > 0x7FFFFFFFUL) |
3822 | 0 | return (TIFFReadDirEntryErrRange); |
3823 | 0 | else |
3824 | 0 | return (TIFFReadDirEntryErrOk); |
3825 | 0 | } |
3826 | | |
3827 | | /* Check that the 8-byte unsigned value can fit in a 4-byte unsigned range */ |
3828 | | static enum TIFFReadDirEntryErr |
3829 | | TIFFReadDirEntryCheckRangeSlongLong8(uint64_t value) |
3830 | 0 | { |
3831 | 0 | if (value > 0x7FFFFFFF) |
3832 | 0 | return (TIFFReadDirEntryErrRange); |
3833 | 0 | else |
3834 | 0 | return (TIFFReadDirEntryErrOk); |
3835 | 0 | } |
3836 | | |
3837 | | /* Check that the 8-byte signed value can fit in a 4-byte signed range */ |
3838 | | static enum TIFFReadDirEntryErr |
3839 | | TIFFReadDirEntryCheckRangeSlongSlong8(int64_t value) |
3840 | 0 | { |
3841 | 0 | if ((value < 0 - ((int64_t)0x7FFFFFFF + 1)) || (value > 0x7FFFFFFF)) |
3842 | 0 | return (TIFFReadDirEntryErrRange); |
3843 | 0 | else |
3844 | 0 | return (TIFFReadDirEntryErrOk); |
3845 | 0 | } |
3846 | | |
3847 | | static enum TIFFReadDirEntryErr |
3848 | | TIFFReadDirEntryCheckRangeLong8Sbyte(int8_t value) |
3849 | 22.8k | { |
3850 | 22.8k | if (value < 0) |
3851 | 4.74k | return (TIFFReadDirEntryErrRange); |
3852 | 18.0k | else |
3853 | 18.0k | return (TIFFReadDirEntryErrOk); |
3854 | 22.8k | } |
3855 | | |
3856 | | static enum TIFFReadDirEntryErr |
3857 | | TIFFReadDirEntryCheckRangeLong8Sshort(int16_t value) |
3858 | 7.61k | { |
3859 | 7.61k | if (value < 0) |
3860 | 774 | return (TIFFReadDirEntryErrRange); |
3861 | 6.83k | else |
3862 | 6.83k | return (TIFFReadDirEntryErrOk); |
3863 | 7.61k | } |
3864 | | |
3865 | | static enum TIFFReadDirEntryErr |
3866 | | TIFFReadDirEntryCheckRangeLong8Slong(int32_t value) |
3867 | 8.94k | { |
3868 | 8.94k | if (value < 0) |
3869 | 1.27k | return (TIFFReadDirEntryErrRange); |
3870 | 7.66k | else |
3871 | 7.66k | return (TIFFReadDirEntryErrOk); |
3872 | 8.94k | } |
3873 | | |
3874 | | static enum TIFFReadDirEntryErr |
3875 | | TIFFReadDirEntryCheckRangeLong8Slong8(int64_t value) |
3876 | 15.0k | { |
3877 | 15.0k | if (value < 0) |
3878 | 1.95k | return (TIFFReadDirEntryErrRange); |
3879 | 13.1k | else |
3880 | 13.1k | return (TIFFReadDirEntryErrOk); |
3881 | 15.0k | } |
3882 | | |
3883 | | static enum TIFFReadDirEntryErr |
3884 | | TIFFReadDirEntryCheckRangeSlong8Long8(uint64_t value) |
3885 | 0 | { |
3886 | 0 | if (value > INT64_MAX) |
3887 | 0 | return (TIFFReadDirEntryErrRange); |
3888 | 0 | else |
3889 | 0 | return (TIFFReadDirEntryErrOk); |
3890 | 0 | } |
3891 | | |
3892 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF *tif, uint64_t offset, |
3893 | | tmsize_t size, void *dest) |
3894 | 360k | { |
3895 | 360k | assert(size > 0); |
3896 | 360k | if (!isMapped(tif)) |
3897 | 39.9k | { |
3898 | 39.9k | if (!SeekOK(tif, offset)) |
3899 | 0 | return (TIFFReadDirEntryErrIo); |
3900 | 39.9k | if (!ReadOK(tif, dest, size)) |
3901 | 7.31k | return (TIFFReadDirEntryErrIo); |
3902 | 39.9k | } |
3903 | 320k | else |
3904 | 320k | { |
3905 | 320k | size_t ma, mb; |
3906 | 320k | ma = (size_t)offset; |
3907 | 320k | if ((uint64_t)ma != offset || ma > (~(size_t)0) - (size_t)size) |
3908 | 10 | { |
3909 | 10 | return TIFFReadDirEntryErrIo; |
3910 | 10 | } |
3911 | 320k | mb = ma + size; |
3912 | 320k | if (mb > (uint64_t)tif->tif_size) |
3913 | 62.1k | return (TIFFReadDirEntryErrIo); |
3914 | 257k | _TIFFmemcpy(dest, tif->tif_base + ma, size); |
3915 | 257k | } |
3916 | 290k | return (TIFFReadDirEntryErrOk); |
3917 | 360k | } |
3918 | | |
3919 | | static void TIFFReadDirEntryOutputErr(TIFF *tif, enum TIFFReadDirEntryErr err, |
3920 | | const char *module, const char *tagname, |
3921 | | int recover) |
3922 | 2.09M | { |
3923 | 2.09M | if (!recover) |
3924 | 110k | { |
3925 | 110k | switch (err) |
3926 | 110k | { |
3927 | 4.17k | case TIFFReadDirEntryErrCount: |
3928 | 4.17k | TIFFErrorExtR(tif, module, "Incorrect count for \"%s\"", |
3929 | 4.17k | tagname); |
3930 | 4.17k | break; |
3931 | 54.8k | case TIFFReadDirEntryErrType: |
3932 | 54.8k | TIFFErrorExtR(tif, module, "Incompatible type for \"%s\"", |
3933 | 54.8k | tagname); |
3934 | 54.8k | break; |
3935 | 41.4k | case TIFFReadDirEntryErrIo: |
3936 | 41.4k | TIFFErrorExtR(tif, module, "IO error during reading of \"%s\"", |
3937 | 41.4k | tagname); |
3938 | 41.4k | break; |
3939 | 8.33k | case TIFFReadDirEntryErrRange: |
3940 | 8.33k | TIFFErrorExtR(tif, module, "Incorrect value for \"%s\"", |
3941 | 8.33k | tagname); |
3942 | 8.33k | break; |
3943 | 186 | case TIFFReadDirEntryErrPsdif: |
3944 | 186 | TIFFErrorExtR( |
3945 | 186 | tif, module, |
3946 | 186 | "Cannot handle different values per sample for \"%s\"", |
3947 | 186 | tagname); |
3948 | 186 | break; |
3949 | 1.25k | case TIFFReadDirEntryErrSizesan: |
3950 | 1.25k | TIFFErrorExtR(tif, module, |
3951 | 1.25k | "Sanity check on size of \"%s\" value failed", |
3952 | 1.25k | tagname); |
3953 | 1.25k | break; |
3954 | 473 | case TIFFReadDirEntryErrAlloc: |
3955 | 473 | TIFFErrorExtR(tif, module, "Out of memory reading of \"%s\"", |
3956 | 473 | tagname); |
3957 | 473 | break; |
3958 | 0 | default: |
3959 | 0 | assert(0); /* we should never get here */ |
3960 | 0 | break; |
3961 | 110k | } |
3962 | 110k | } |
3963 | 1.98M | else |
3964 | 1.98M | { |
3965 | 1.98M | switch (err) |
3966 | 1.98M | { |
3967 | 367k | case TIFFReadDirEntryErrCount: |
3968 | 367k | TIFFWarningExtR(tif, module, |
3969 | 367k | "Incorrect count for \"%s\"; tag ignored", |
3970 | 367k | tagname); |
3971 | 367k | break; |
3972 | 116k | case TIFFReadDirEntryErrType: |
3973 | 116k | TIFFWarningExtR(tif, module, |
3974 | 116k | "Incompatible type for \"%s\"; tag ignored", |
3975 | 116k | tagname); |
3976 | 116k | break; |
3977 | 769k | case TIFFReadDirEntryErrIo: |
3978 | 769k | TIFFWarningExtR( |
3979 | 769k | tif, module, |
3980 | 769k | "IO error during reading of \"%s\"; tag ignored", tagname); |
3981 | 769k | break; |
3982 | 67.8k | case TIFFReadDirEntryErrRange: |
3983 | 67.8k | TIFFWarningExtR(tif, module, |
3984 | 67.8k | "Incorrect value for \"%s\"; tag ignored", |
3985 | 67.8k | tagname); |
3986 | 67.8k | break; |
3987 | 0 | case TIFFReadDirEntryErrPsdif: |
3988 | 0 | TIFFWarningExtR(tif, module, |
3989 | 0 | "Cannot handle different values per sample for " |
3990 | 0 | "\"%s\"; tag ignored", |
3991 | 0 | tagname); |
3992 | 0 | break; |
3993 | 324k | case TIFFReadDirEntryErrSizesan: |
3994 | 324k | TIFFWarningExtR( |
3995 | 324k | tif, module, |
3996 | 324k | "Sanity check on size of \"%s\" value failed; tag ignored", |
3997 | 324k | tagname); |
3998 | 324k | break; |
3999 | 336k | case TIFFReadDirEntryErrAlloc: |
4000 | 336k | TIFFWarningExtR(tif, module, |
4001 | 336k | "Out of memory reading of \"%s\"; tag ignored", |
4002 | 336k | tagname); |
4003 | 336k | break; |
4004 | 0 | default: |
4005 | 0 | assert(0); /* we should never get here */ |
4006 | 0 | break; |
4007 | 1.98M | } |
4008 | 1.98M | } |
4009 | 2.09M | } |
4010 | | |
4011 | | /* |
4012 | | * Return the maximum number of color channels specified for a given photometric |
4013 | | * type. 0 is returned if photometric type isn't supported or no default value |
4014 | | * is defined by the specification. |
4015 | | */ |
4016 | | static int _TIFFGetMaxColorChannels(uint16_t photometric) |
4017 | 1.26M | { |
4018 | 1.26M | switch (photometric) |
4019 | 1.26M | { |
4020 | 3.70k | case PHOTOMETRIC_PALETTE: |
4021 | 472k | case PHOTOMETRIC_MINISWHITE: |
4022 | 1.07M | case PHOTOMETRIC_MINISBLACK: |
4023 | 1.07M | return 1; |
4024 | 124k | case PHOTOMETRIC_YCBCR: |
4025 | 146k | case PHOTOMETRIC_RGB: |
4026 | 154k | case PHOTOMETRIC_CIELAB: |
4027 | 162k | case PHOTOMETRIC_LOGLUV: |
4028 | 163k | case PHOTOMETRIC_ITULAB: |
4029 | 164k | case PHOTOMETRIC_ICCLAB: |
4030 | 164k | return 3; |
4031 | 10.2k | case PHOTOMETRIC_SEPARATED: |
4032 | 11.0k | case PHOTOMETRIC_MASK: |
4033 | 11.0k | return 4; |
4034 | 4.37k | case PHOTOMETRIC_LOGL: |
4035 | 4.38k | case PHOTOMETRIC_CFA: |
4036 | 11.6k | default: |
4037 | 11.6k | return 0; |
4038 | 1.26M | } |
4039 | 1.26M | } |
4040 | | |
4041 | | static int ByteCountLooksBad(TIFF *tif) |
4042 | 897k | { |
4043 | | /* |
4044 | | * Assume we have wrong StripByteCount value (in case |
4045 | | * of single strip) in following cases: |
4046 | | * - it is equal to zero along with StripOffset; |
4047 | | * - it is larger than file itself (in case of uncompressed |
4048 | | * image); |
4049 | | * - it is smaller than the size of the bytes per row |
4050 | | * multiplied on the number of rows. The last case should |
4051 | | * not be checked in the case of writing new image, |
4052 | | * because we may do not know the exact strip size |
4053 | | * until the whole image will be written and directory |
4054 | | * dumped out. |
4055 | | */ |
4056 | 897k | uint64_t bytecount = TIFFGetStrileByteCount(tif, 0); |
4057 | 897k | uint64_t offset = TIFFGetStrileOffset(tif, 0); |
4058 | 897k | uint64_t filesize; |
4059 | | |
4060 | 897k | if (offset == 0) |
4061 | 785k | return 0; |
4062 | 112k | if (bytecount == 0) |
4063 | 29.5k | return 1; |
4064 | 82.8k | if (tif->tif_dir.td_compression != COMPRESSION_NONE) |
4065 | 31.6k | return 0; |
4066 | 51.2k | filesize = TIFFGetFileSize(tif); |
4067 | 51.2k | if (offset <= filesize && bytecount > filesize - offset) |
4068 | 19.0k | return 1; |
4069 | 32.1k | if (tif->tif_mode == O_RDONLY) |
4070 | 32.1k | { |
4071 | 32.1k | uint64_t scanlinesize = TIFFScanlineSize64(tif); |
4072 | 32.1k | if (tif->tif_dir.td_imagelength > 0 && |
4073 | 32.1k | scanlinesize > UINT64_MAX / tif->tif_dir.td_imagelength) |
4074 | 16 | { |
4075 | 16 | return 1; |
4076 | 16 | } |
4077 | 32.1k | if (bytecount < scanlinesize * tif->tif_dir.td_imagelength) |
4078 | 10.2k | return 1; |
4079 | 32.1k | } |
4080 | 21.9k | return 0; |
4081 | 32.1k | } |
4082 | | |
4083 | | /* |
4084 | | * To evaluate the IFD data size when reading, save the offset and data size of |
4085 | | * all data that does not fit into the IFD entries themselves. |
4086 | | */ |
4087 | | static bool EvaluateIFDdatasizeReading(TIFF *tif, TIFFDirEntry *dp) |
4088 | 5.63M | { |
4089 | 5.63M | const uint64_t data_width = TIFFDataWidth(dp->tdir_type); |
4090 | 5.63M | if (data_width != 0 && dp->tdir_count > UINT64_MAX / data_width) |
4091 | 29 | { |
4092 | 29 | TIFFErrorExtR(tif, "EvaluateIFDdatasizeReading", |
4093 | 29 | "Too large IFD data size"); |
4094 | 29 | return false; |
4095 | 29 | } |
4096 | 5.63M | const uint64_t datalength = dp->tdir_count * data_width; |
4097 | 5.63M | if (datalength > ((tif->tif_flags & TIFF_BIGTIFF) ? 0x8U : 0x4U)) |
4098 | 1.87M | { |
4099 | 1.87M | if (tif->tif_dir.td_dirdatasize_read > UINT64_MAX - datalength) |
4100 | 7 | { |
4101 | 7 | TIFFErrorExtR(tif, "EvaluateIFDdatasizeReading", |
4102 | 7 | "Too large IFD data size"); |
4103 | 7 | return false; |
4104 | 7 | } |
4105 | 1.87M | tif->tif_dir.td_dirdatasize_read += datalength; |
4106 | 1.87M | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
4107 | 1.87M | { |
4108 | | /* The offset of TIFFDirEntry are not swapped when read in. That has |
4109 | | * to be done when used. */ |
4110 | 1.87M | uint32_t offset = dp->tdir_offset.toff_long; |
4111 | 1.87M | if (tif->tif_flags & TIFF_SWAB) |
4112 | 8.14k | TIFFSwabLong(&offset); |
4113 | 1.87M | tif->tif_dir |
4114 | 1.87M | .td_dirdatasize_offsets[tif->tif_dir.td_dirdatasize_Noffsets] |
4115 | 1.87M | .offset = (uint64_t)offset; |
4116 | 1.87M | } |
4117 | 2.70k | else |
4118 | 2.70k | { |
4119 | 2.70k | tif->tif_dir |
4120 | 2.70k | .td_dirdatasize_offsets[tif->tif_dir.td_dirdatasize_Noffsets] |
4121 | 2.70k | .offset = dp->tdir_offset.toff_long8; |
4122 | 2.70k | if (tif->tif_flags & TIFF_SWAB) |
4123 | 962 | TIFFSwabLong8( |
4124 | 962 | &tif->tif_dir |
4125 | 962 | .td_dirdatasize_offsets[tif->tif_dir |
4126 | 962 | .td_dirdatasize_Noffsets] |
4127 | 962 | .offset); |
4128 | 2.70k | } |
4129 | 1.87M | tif->tif_dir |
4130 | 1.87M | .td_dirdatasize_offsets[tif->tif_dir.td_dirdatasize_Noffsets] |
4131 | 1.87M | .length = datalength; |
4132 | 1.87M | tif->tif_dir.td_dirdatasize_Noffsets++; |
4133 | 1.87M | } |
4134 | 5.63M | return true; |
4135 | 5.63M | } |
4136 | | |
4137 | | /* |
4138 | | * Compare function for qsort() sorting TIFFEntryOffsetAndLength array entries. |
4139 | | */ |
4140 | | static int cmpTIFFEntryOffsetAndLength(const void *a, const void *b) |
4141 | 220k | { |
4142 | 220k | const TIFFEntryOffsetAndLength *ta = (const TIFFEntryOffsetAndLength *)a; |
4143 | 220k | const TIFFEntryOffsetAndLength *tb = (const TIFFEntryOffsetAndLength *)b; |
4144 | | /* Compare offsets */ |
4145 | 220k | if (ta->offset > tb->offset) |
4146 | 50.8k | return 1; |
4147 | 169k | else if (ta->offset < tb->offset) |
4148 | 169k | return -1; |
4149 | 0 | else |
4150 | 0 | return 0; |
4151 | 220k | } |
4152 | | |
4153 | | /* |
4154 | | * Determine the IFD data size after reading an IFD from the file that can be |
4155 | | * overwritten and saving it in tif_dir.td_dirdatasize_read. This data size |
4156 | | * includes the IFD entries themselves as well as the data that does not fit |
4157 | | * directly into the IFD entries but is located directly after the IFD entries |
4158 | | * in the file. |
4159 | | */ |
4160 | | static void CalcFinalIFDdatasizeReading(TIFF *tif, uint16_t dircount) |
4161 | 1.27M | { |
4162 | | /* IFD data size is only needed if file-writing is enabled. |
4163 | | * This also avoids the seek() to EOF to determine the file size, which |
4164 | | * causes the stdin-streaming-friendly mode of libtiff for GDAL to fail. */ |
4165 | 1.27M | if (tif->tif_mode == O_RDONLY) |
4166 | 659k | return; |
4167 | | |
4168 | | /* Sort TIFFEntryOffsetAndLength array in ascending order. */ |
4169 | 615k | qsort(tif->tif_dir.td_dirdatasize_offsets, |
4170 | 615k | tif->tif_dir.td_dirdatasize_Noffsets, |
4171 | 615k | sizeof(TIFFEntryOffsetAndLength), cmpTIFFEntryOffsetAndLength); |
4172 | | |
4173 | | /* Get offset of end of IFD entry space. */ |
4174 | 615k | uint64_t IFDendoffset; |
4175 | 615k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
4176 | 615k | IFDendoffset = tif->tif_diroff + 2 + dircount * 12 + 4; |
4177 | 0 | else |
4178 | 0 | IFDendoffset = tif->tif_diroff + 8 + dircount * 20 + 8; |
4179 | | |
4180 | | /* Check which offsets are right behind IFD entries. However, LibTIFF |
4181 | | * increments the writing address for every external data to an even offset. |
4182 | | * Thus gaps of 1 byte can occur. */ |
4183 | 615k | uint64_t size = 0; |
4184 | 615k | uint64_t offset; |
4185 | 615k | uint32_t i; |
4186 | 1.03M | for (i = 0; i < tif->tif_dir.td_dirdatasize_Noffsets; i++) |
4187 | 415k | { |
4188 | 415k | offset = tif->tif_dir.td_dirdatasize_offsets[i].offset; |
4189 | 415k | if (offset == IFDendoffset) |
4190 | 410k | { |
4191 | 410k | size += tif->tif_dir.td_dirdatasize_offsets[i].length; |
4192 | 410k | IFDendoffset += tif->tif_dir.td_dirdatasize_offsets[i].length; |
4193 | 410k | } |
4194 | 5.38k | else if (offset == IFDendoffset + 1) |
4195 | 5.29k | { |
4196 | | /* Add gap byte after previous IFD data set. */ |
4197 | 5.29k | size += tif->tif_dir.td_dirdatasize_offsets[i].length + 1; |
4198 | 5.29k | IFDendoffset += tif->tif_dir.td_dirdatasize_offsets[i].length; |
4199 | 5.29k | } |
4200 | 92 | else |
4201 | 92 | { |
4202 | | /* Further data is no more continuously after IFD */ |
4203 | 92 | break; |
4204 | 92 | } |
4205 | 415k | } |
4206 | | /* Check for gap byte of some easy cases. This should cover 90% of cases. |
4207 | | * Otherwise, IFD will be re-written even it might be safely overwritten. */ |
4208 | 615k | if (tif->tif_nextdiroff != 0) |
4209 | 399 | { |
4210 | 399 | if (tif->tif_nextdiroff == IFDendoffset + 1) |
4211 | 174 | size++; |
4212 | 399 | } |
4213 | 614k | else |
4214 | 614k | { |
4215 | | /* Check for IFD data ends at EOF. Then IFD can always be safely |
4216 | | * overwritten. */ |
4217 | 614k | offset = TIFFSeekFile(tif, 0, SEEK_END); |
4218 | 614k | if (offset == IFDendoffset) |
4219 | 612k | { |
4220 | 612k | tif->tif_dir.td_dirdatasize_read = UINT64_MAX; |
4221 | 612k | return; |
4222 | 612k | } |
4223 | 614k | } |
4224 | | |
4225 | | /* Finally, add the size of the IFD tag entries themselves. */ |
4226 | 2.52k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
4227 | 2.52k | tif->tif_dir.td_dirdatasize_read = 2 + dircount * 12 + 4 + size; |
4228 | 0 | else |
4229 | 0 | tif->tif_dir.td_dirdatasize_read = 8 + dircount * 20 + 8 + size; |
4230 | 2.52k | } /*-- CalcFinalIFDdatasizeReading() --*/ |
4231 | | |
4232 | | /* |
4233 | | * Read the next TIFF directory from a file and convert it to the internal |
4234 | | * format. We read directories sequentially. |
4235 | | */ |
4236 | | int TIFFReadDirectory(TIFF *tif) |
4237 | 1.48M | { |
4238 | 1.48M | static const char module[] = "TIFFReadDirectory"; |
4239 | 1.48M | TIFFDirEntry *dir; |
4240 | 1.48M | uint16_t dircount; |
4241 | 1.48M | TIFFDirEntry *dp; |
4242 | 1.48M | uint16_t di; |
4243 | 1.48M | const TIFFField *fip; |
4244 | 1.48M | uint32_t fii = FAILED_FII; |
4245 | 1.48M | toff_t nextdiroff; |
4246 | 1.48M | int bitspersample_read = FALSE; |
4247 | 1.48M | int color_channels; |
4248 | | |
4249 | 1.48M | if (tif->tif_nextdiroff == 0) |
4250 | 113k | { |
4251 | | /* In this special case, tif_diroff needs also to be set to 0. |
4252 | | * This is behind the last IFD, thus no checking or reading necessary. |
4253 | | */ |
4254 | 113k | tif->tif_diroff = tif->tif_nextdiroff; |
4255 | 113k | return 0; |
4256 | 113k | } |
4257 | | |
4258 | 1.36M | nextdiroff = tif->tif_nextdiroff; |
4259 | | /* tif_curdir++ and tif_nextdiroff should only be updated after SUCCESSFUL |
4260 | | * reading of the directory. Otherwise, invalid IFD offsets could corrupt |
4261 | | * the IFD list. */ |
4262 | 1.36M | if (!_TIFFCheckDirNumberAndOffset(tif, |
4263 | 1.36M | tif->tif_curdir == |
4264 | 1.36M | TIFF_NON_EXISTENT_DIR_NUMBER |
4265 | 1.36M | ? 0 |
4266 | 1.36M | : tif->tif_curdir + 1, |
4267 | 1.36M | nextdiroff)) |
4268 | 3.59k | { |
4269 | 3.59k | return 0; /* bad offset (IFD looping or more than TIFF_MAX_DIR_COUNT |
4270 | | IFDs) */ |
4271 | 3.59k | } |
4272 | 1.36M | dircount = TIFFFetchDirectory(tif, nextdiroff, &dir, &tif->tif_nextdiroff); |
4273 | 1.36M | if (!dircount) |
4274 | 81.1k | { |
4275 | 81.1k | TIFFErrorExtR(tif, module, |
4276 | 81.1k | "Failed to read directory at offset %" PRIu64, |
4277 | 81.1k | nextdiroff); |
4278 | 81.1k | return 0; |
4279 | 81.1k | } |
4280 | | /* Set global values after a valid directory has been fetched. |
4281 | | * tif_diroff is already set to nextdiroff in TIFFFetchDirectory() in the |
4282 | | * beginning. */ |
4283 | 1.28M | if (tif->tif_curdir == TIFF_NON_EXISTENT_DIR_NUMBER) |
4284 | 1.14M | tif->tif_curdir = 0; |
4285 | 143k | else |
4286 | 143k | tif->tif_curdir++; |
4287 | | |
4288 | 1.28M | TIFFReadDirectoryCheckOrder(tif, dir, dircount); |
4289 | | |
4290 | | /* |
4291 | | * Mark duplicates of any tag to be ignored (bugzilla 1994) |
4292 | | * to avoid certain pathological problems. |
4293 | | */ |
4294 | 1.28M | { |
4295 | 1.28M | TIFFDirEntry *ma; |
4296 | 1.28M | uint16_t mb; |
4297 | 90.4M | for (ma = dir, mb = 0; mb < dircount; ma++, mb++) |
4298 | 89.1M | { |
4299 | 89.1M | TIFFDirEntry *na; |
4300 | 89.1M | uint16_t nb; |
4301 | 40.1G | for (na = ma + 1, nb = mb + 1; nb < dircount; na++, nb++) |
4302 | 40.0G | { |
4303 | 40.0G | if (ma->tdir_tag == na->tdir_tag) |
4304 | 3.77G | { |
4305 | 3.77G | na->tdir_ignore = TRUE; |
4306 | 3.77G | } |
4307 | 40.0G | } |
4308 | 89.1M | } |
4309 | 1.28M | } |
4310 | | |
4311 | 1.28M | tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */ |
4312 | 1.28M | tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */ |
4313 | 1.28M | tif->tif_flags &= ~TIFF_CHOPPEDUPARRAYS; |
4314 | | |
4315 | | /* free any old stuff and reinit */ |
4316 | 1.28M | TIFFFreeDirectory(tif); |
4317 | 1.28M | TIFFDefaultDirectory(tif); |
4318 | | |
4319 | | /* After setup a fresh directory indicate that now active IFD is also |
4320 | | * present on file, even if its entries could not be read successfully |
4321 | | * below. */ |
4322 | 1.28M | tif->tif_dir.td_iswrittentofile = TRUE; |
4323 | | |
4324 | | /* Allocate arrays for offset values outside IFD entry for IFD data size |
4325 | | * checking. Note: Counter are reset within TIFFFreeDirectory(). */ |
4326 | 1.28M | tif->tif_dir.td_dirdatasize_offsets = |
4327 | 1.28M | (TIFFEntryOffsetAndLength *)_TIFFmallocExt( |
4328 | 1.28M | tif, dircount * sizeof(TIFFEntryOffsetAndLength)); |
4329 | 1.28M | if (tif->tif_dir.td_dirdatasize_offsets == NULL) |
4330 | 0 | { |
4331 | 0 | TIFFErrorExtR( |
4332 | 0 | tif, module, |
4333 | 0 | "Failed to allocate memory for counting IFD data size at reading"); |
4334 | 0 | goto bad; |
4335 | 0 | } |
4336 | | /* |
4337 | | * Electronic Arts writes gray-scale TIFF files |
4338 | | * without a PlanarConfiguration directory entry. |
4339 | | * Thus we setup a default value here, even though |
4340 | | * the TIFF spec says there is no default value. |
4341 | | * After PlanarConfiguration is preset in TIFFDefaultDirectory() |
4342 | | * the following setting is not needed, but does not harm either. |
4343 | | */ |
4344 | 1.28M | TIFFSetField(tif, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG); |
4345 | | /* |
4346 | | * Setup default value and then make a pass over |
4347 | | * the fields to check type and tag information, |
4348 | | * and to extract info required to size data |
4349 | | * structures. A second pass is made afterwards |
4350 | | * to read in everything not taken in the first pass. |
4351 | | * But we must process the Compression tag first |
4352 | | * in order to merge in codec-private tag definitions (otherwise |
4353 | | * we may get complaints about unknown tags). However, the |
4354 | | * Compression tag may be dependent on the SamplesPerPixel |
4355 | | * tag value because older TIFF specs permitted Compression |
4356 | | * to be written as a SamplesPerPixel-count tag entry. |
4357 | | * Thus if we don't first figure out the correct SamplesPerPixel |
4358 | | * tag value then we may end up ignoring the Compression tag |
4359 | | * value because it has an incorrect count value (if the |
4360 | | * true value of SamplesPerPixel is not 1). |
4361 | | */ |
4362 | 1.28M | dp = |
4363 | 1.28M | TIFFReadDirectoryFindEntry(tif, dir, dircount, TIFFTAG_SAMPLESPERPIXEL); |
4364 | 1.28M | if (dp) |
4365 | 847k | { |
4366 | 847k | if (!TIFFFetchNormalTag(tif, dp, 0)) |
4367 | 357 | goto bad; |
4368 | 847k | dp->tdir_ignore = TRUE; |
4369 | 847k | } |
4370 | 1.28M | dp = TIFFReadDirectoryFindEntry(tif, dir, dircount, TIFFTAG_COMPRESSION); |
4371 | 1.28M | if (dp) |
4372 | 872k | { |
4373 | | /* |
4374 | | * The 5.0 spec says the Compression tag has one value, while |
4375 | | * earlier specs say it has one value per sample. Because of |
4376 | | * this, we accept the tag if one value is supplied with either |
4377 | | * count. |
4378 | | */ |
4379 | 872k | uint16_t value; |
4380 | 872k | enum TIFFReadDirEntryErr err; |
4381 | 872k | err = TIFFReadDirEntryShort(tif, dp, &value); |
4382 | 872k | if (err == TIFFReadDirEntryErrCount) |
4383 | 5.24k | err = TIFFReadDirEntryPersampleShort(tif, dp, &value); |
4384 | 872k | if (err != TIFFReadDirEntryErrOk) |
4385 | 2.53k | { |
4386 | 2.53k | TIFFReadDirEntryOutputErr(tif, err, module, "Compression", 0); |
4387 | 2.53k | goto bad; |
4388 | 2.53k | } |
4389 | 869k | if (!TIFFSetField(tif, TIFFTAG_COMPRESSION, value)) |
4390 | 0 | goto bad; |
4391 | 869k | dp->tdir_ignore = TRUE; |
4392 | 869k | } |
4393 | 412k | else |
4394 | 412k | { |
4395 | 412k | if (!TIFFSetField(tif, TIFFTAG_COMPRESSION, COMPRESSION_NONE)) |
4396 | 0 | goto bad; |
4397 | 412k | } |
4398 | | /* |
4399 | | * First real pass over the directory. |
4400 | | */ |
4401 | 89.6M | for (di = 0, dp = dir; di < dircount; di++, dp++) |
4402 | 88.3M | { |
4403 | 88.3M | if (!dp->tdir_ignore) |
4404 | 40.1M | { |
4405 | 40.1M | TIFFReadDirectoryFindFieldInfo(tif, dp->tdir_tag, &fii); |
4406 | 40.1M | if (fii == FAILED_FII) |
4407 | 28.6M | { |
4408 | 28.6M | if (tif->tif_warn_about_unknown_tags) |
4409 | 0 | { |
4410 | 0 | TIFFWarningExtR(tif, module, |
4411 | 0 | "Unknown field with tag %" PRIu16 |
4412 | 0 | " (0x%" PRIx16 ") encountered", |
4413 | 0 | dp->tdir_tag, dp->tdir_tag); |
4414 | 0 | } |
4415 | | /* the following knowingly leaks the |
4416 | | anonymous field structure */ |
4417 | 28.6M | const TIFFField *fld = _TIFFCreateAnonField( |
4418 | 28.6M | tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); |
4419 | 28.6M | if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) |
4420 | 0 | { |
4421 | 0 | TIFFWarningExtR( |
4422 | 0 | tif, module, |
4423 | 0 | "Registering anonymous field with tag %" PRIu16 |
4424 | 0 | " (0x%" PRIx16 ") failed", |
4425 | 0 | dp->tdir_tag, dp->tdir_tag); |
4426 | 0 | dp->tdir_ignore = TRUE; |
4427 | 0 | } |
4428 | 28.6M | else |
4429 | 28.6M | { |
4430 | 28.6M | TIFFReadDirectoryFindFieldInfo(tif, dp->tdir_tag, &fii); |
4431 | 28.6M | assert(fii != FAILED_FII); |
4432 | 28.6M | } |
4433 | 28.6M | } |
4434 | 40.1M | } |
4435 | 88.3M | if (!dp->tdir_ignore) |
4436 | 40.1M | { |
4437 | 40.1M | fip = tif->tif_fields[fii]; |
4438 | 40.1M | if (fip->field_bit == FIELD_IGNORE) |
4439 | 208k | dp->tdir_ignore = TRUE; |
4440 | 39.9M | else |
4441 | 39.9M | { |
4442 | 39.9M | switch (dp->tdir_tag) |
4443 | 39.9M | { |
4444 | 1.13M | case TIFFTAG_STRIPOFFSETS: |
4445 | 2.07M | case TIFFTAG_STRIPBYTECOUNTS: |
4446 | 2.25M | case TIFFTAG_TILEOFFSETS: |
4447 | 2.48M | case TIFFTAG_TILEBYTECOUNTS: |
4448 | 2.48M | TIFFSetFieldBit(tif, fip->field_bit); |
4449 | 2.48M | break; |
4450 | 1.27M | case TIFFTAG_IMAGEWIDTH: |
4451 | 2.54M | case TIFFTAG_IMAGELENGTH: |
4452 | 2.54M | case TIFFTAG_IMAGEDEPTH: |
4453 | 2.70M | case TIFFTAG_TILELENGTH: |
4454 | 2.86M | case TIFFTAG_TILEWIDTH: |
4455 | 2.86M | case TIFFTAG_TILEDEPTH: |
4456 | 3.65M | case TIFFTAG_PLANARCONFIG: |
4457 | 4.40M | case TIFFTAG_ROWSPERSTRIP: |
4458 | 4.45M | case TIFFTAG_EXTRASAMPLES: |
4459 | 4.45M | if (!TIFFFetchNormalTag(tif, dp, 0)) |
4460 | 4.24k | goto bad; |
4461 | 4.45M | dp->tdir_ignore = TRUE; |
4462 | 4.45M | break; |
4463 | 32.9M | default: |
4464 | 32.9M | if (!_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag)) |
4465 | 314k | dp->tdir_ignore = TRUE; |
4466 | 32.9M | break; |
4467 | 39.9M | } |
4468 | 39.9M | } |
4469 | 40.1M | } |
4470 | 88.3M | } |
4471 | | /* |
4472 | | * XXX: OJPEG hack. |
4473 | | * If a) compression is OJPEG, b) planarconfig tag says it's separate, |
4474 | | * c) strip offsets/bytecounts tag are both present and |
4475 | | * d) both contain exactly one value, then we consistently find |
4476 | | * that the buggy implementation of the buggy compression scheme |
4477 | | * matches contig planarconfig best. So we 'fix-up' the tag here |
4478 | | */ |
4479 | 1.27M | if ((tif->tif_dir.td_compression == COMPRESSION_OJPEG) && |
4480 | 1.27M | (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)) |
4481 | 44 | { |
4482 | 44 | if (!_TIFFFillStriles(tif)) |
4483 | 44 | goto bad; |
4484 | 0 | dp = TIFFReadDirectoryFindEntry(tif, dir, dircount, |
4485 | 0 | TIFFTAG_STRIPOFFSETS); |
4486 | 0 | if ((dp != 0) && (dp->tdir_count == 1)) |
4487 | 0 | { |
4488 | 0 | dp = TIFFReadDirectoryFindEntry(tif, dir, dircount, |
4489 | 0 | TIFFTAG_STRIPBYTECOUNTS); |
4490 | 0 | if ((dp != 0) && (dp->tdir_count == 1)) |
4491 | 0 | { |
4492 | 0 | tif->tif_dir.td_planarconfig = PLANARCONFIG_CONTIG; |
4493 | 0 | TIFFWarningExtR(tif, module, |
4494 | 0 | "Planarconfig tag value assumed incorrect, " |
4495 | 0 | "assuming data is contig instead of chunky"); |
4496 | 0 | } |
4497 | 0 | } |
4498 | 0 | } |
4499 | | /* |
4500 | | * Allocate directory structure and setup defaults. |
4501 | | */ |
4502 | 1.27M | if (!TIFFFieldSet(tif, FIELD_IMAGEDIMENSIONS)) |
4503 | 1.46k | { |
4504 | 1.46k | MissingRequired(tif, "ImageLength"); |
4505 | 1.46k | goto bad; |
4506 | 1.46k | } |
4507 | | |
4508 | | /* |
4509 | | * Second pass: extract other information. |
4510 | | */ |
4511 | 88.7M | for (di = 0, dp = dir; di < dircount; di++, dp++) |
4512 | 87.4M | { |
4513 | 87.4M | if (!dp->tdir_ignore) |
4514 | 34.8M | { |
4515 | 34.8M | switch (dp->tdir_tag) |
4516 | 34.8M | { |
4517 | 11.9k | case TIFFTAG_MINSAMPLEVALUE: |
4518 | 21.5k | case TIFFTAG_MAXSAMPLEVALUE: |
4519 | 837k | case TIFFTAG_BITSPERSAMPLE: |
4520 | 841k | case TIFFTAG_DATATYPE: |
4521 | 1.50M | case TIFFTAG_SAMPLEFORMAT: |
4522 | | /* |
4523 | | * The MinSampleValue, MaxSampleValue, BitsPerSample |
4524 | | * DataType and SampleFormat tags are supposed to be |
4525 | | * written as one value/sample, but some vendors |
4526 | | * incorrectly write one value only -- so we accept |
4527 | | * that as well (yuck). Other vendors write correct |
4528 | | * value for NumberOfSamples, but incorrect one for |
4529 | | * BitsPerSample and friends, and we will read this |
4530 | | * too. |
4531 | | */ |
4532 | 1.50M | { |
4533 | 1.50M | uint16_t value; |
4534 | 1.50M | enum TIFFReadDirEntryErr err; |
4535 | 1.50M | err = TIFFReadDirEntryShort(tif, dp, &value); |
4536 | 1.50M | if (!EvaluateIFDdatasizeReading(tif, dp)) |
4537 | 5 | goto bad; |
4538 | 1.50M | if (err == TIFFReadDirEntryErrCount) |
4539 | 170k | err = |
4540 | 170k | TIFFReadDirEntryPersampleShort(tif, dp, &value); |
4541 | 1.50M | if (err != TIFFReadDirEntryErrOk) |
4542 | 1.40k | { |
4543 | 1.40k | fip = TIFFFieldWithTag(tif, dp->tdir_tag); |
4544 | 1.40k | TIFFReadDirEntryOutputErr( |
4545 | 1.40k | tif, err, module, |
4546 | 1.40k | fip ? fip->field_name : "unknown tagname", 0); |
4547 | 1.40k | goto bad; |
4548 | 1.40k | } |
4549 | 1.50M | if (!TIFFSetField(tif, dp->tdir_tag, value)) |
4550 | 147 | goto bad; |
4551 | 1.50M | if (dp->tdir_tag == TIFFTAG_BITSPERSAMPLE) |
4552 | 814k | bitspersample_read = TRUE; |
4553 | 1.50M | } |
4554 | 0 | break; |
4555 | 2.11k | case TIFFTAG_SMINSAMPLEVALUE: |
4556 | 5.39k | case TIFFTAG_SMAXSAMPLEVALUE: |
4557 | 5.39k | { |
4558 | | |
4559 | 5.39k | double *data = NULL; |
4560 | 5.39k | enum TIFFReadDirEntryErr err; |
4561 | 5.39k | uint32_t saved_flags; |
4562 | 5.39k | int m; |
4563 | 5.39k | if (dp->tdir_count != |
4564 | 5.39k | (uint64_t)tif->tif_dir.td_samplesperpixel) |
4565 | 296 | err = TIFFReadDirEntryErrCount; |
4566 | 5.09k | else |
4567 | 5.09k | err = TIFFReadDirEntryDoubleArray(tif, dp, &data); |
4568 | 5.39k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
4569 | 3 | goto bad; |
4570 | 5.39k | if (err != TIFFReadDirEntryErrOk) |
4571 | 295 | { |
4572 | 295 | fip = TIFFFieldWithTag(tif, dp->tdir_tag); |
4573 | 295 | TIFFReadDirEntryOutputErr( |
4574 | 295 | tif, err, module, |
4575 | 295 | fip ? fip->field_name : "unknown tagname", 0); |
4576 | 295 | goto bad; |
4577 | 295 | } |
4578 | 5.09k | saved_flags = tif->tif_flags; |
4579 | 5.09k | tif->tif_flags |= TIFF_PERSAMPLE; |
4580 | 5.09k | m = TIFFSetField(tif, dp->tdir_tag, data); |
4581 | 5.09k | tif->tif_flags = saved_flags; |
4582 | 5.09k | _TIFFfreeExt(tif, data); |
4583 | 5.09k | if (!m) |
4584 | 0 | goto bad; |
4585 | 5.09k | } |
4586 | 5.09k | break; |
4587 | 1.12M | case TIFFTAG_STRIPOFFSETS: |
4588 | 1.30M | case TIFFTAG_TILEOFFSETS: |
4589 | 1.30M | { |
4590 | 1.30M | switch (dp->tdir_type) |
4591 | 1.30M | { |
4592 | 35.2k | case TIFF_SHORT: |
4593 | 1.00M | case TIFF_LONG: |
4594 | 1.02M | case TIFF_LONG8: |
4595 | 1.02M | break; |
4596 | 288k | default: |
4597 | | /* Warn except if directory typically created with |
4598 | | * TIFFDeferStrileArrayWriting() */ |
4599 | 288k | if (!(tif->tif_mode == O_RDWR && |
4600 | 288k | dp->tdir_count == 0 && dp->tdir_type == 0 && |
4601 | 288k | dp->tdir_offset.toff_long8 == 0)) |
4602 | 288k | { |
4603 | 288k | fip = TIFFFieldWithTag(tif, dp->tdir_tag); |
4604 | 288k | TIFFWarningExtR( |
4605 | 288k | tif, module, "Invalid data type for tag %s", |
4606 | 288k | fip ? fip->field_name : "unknown tagname"); |
4607 | 288k | } |
4608 | 288k | break; |
4609 | 1.30M | } |
4610 | 1.30M | _TIFFmemcpy(&(tif->tif_dir.td_stripoffset_entry), dp, |
4611 | 1.30M | sizeof(TIFFDirEntry)); |
4612 | 1.30M | if (!EvaluateIFDdatasizeReading(tif, dp)) |
4613 | 19 | goto bad; |
4614 | 1.30M | } |
4615 | 1.30M | break; |
4616 | 1.30M | case TIFFTAG_STRIPBYTECOUNTS: |
4617 | 1.17M | case TIFFTAG_TILEBYTECOUNTS: |
4618 | 1.17M | { |
4619 | 1.17M | switch (dp->tdir_type) |
4620 | 1.17M | { |
4621 | 49.6k | case TIFF_SHORT: |
4622 | 1.03M | case TIFF_LONG: |
4623 | 1.05M | case TIFF_LONG8: |
4624 | 1.05M | break; |
4625 | 110k | default: |
4626 | | /* Warn except if directory typically created with |
4627 | | * TIFFDeferStrileArrayWriting() */ |
4628 | 110k | if (!(tif->tif_mode == O_RDWR && |
4629 | 110k | dp->tdir_count == 0 && dp->tdir_type == 0 && |
4630 | 110k | dp->tdir_offset.toff_long8 == 0)) |
4631 | 110k | { |
4632 | 110k | fip = TIFFFieldWithTag(tif, dp->tdir_tag); |
4633 | 110k | TIFFWarningExtR( |
4634 | 110k | tif, module, "Invalid data type for tag %s", |
4635 | 110k | fip ? fip->field_name : "unknown tagname"); |
4636 | 110k | } |
4637 | 110k | break; |
4638 | 1.17M | } |
4639 | 1.17M | _TIFFmemcpy(&(tif->tif_dir.td_stripbytecount_entry), dp, |
4640 | 1.17M | sizeof(TIFFDirEntry)); |
4641 | 1.17M | if (!EvaluateIFDdatasizeReading(tif, dp)) |
4642 | 6 | goto bad; |
4643 | 1.17M | } |
4644 | 1.17M | break; |
4645 | 1.17M | case TIFFTAG_COLORMAP: |
4646 | 27.9k | case TIFFTAG_TRANSFERFUNCTION: |
4647 | 27.9k | { |
4648 | 27.9k | enum TIFFReadDirEntryErr err; |
4649 | 27.9k | uint32_t countpersample; |
4650 | 27.9k | uint32_t countrequired; |
4651 | 27.9k | uint32_t incrementpersample; |
4652 | 27.9k | uint16_t *value = NULL; |
4653 | | /* It would be dangerous to instantiate those tag values */ |
4654 | | /* since if td_bitspersample has not yet been read (due to |
4655 | | */ |
4656 | | /* unordered tags), it could be read afterwards with a */ |
4657 | | /* values greater than the default one (1), which may cause |
4658 | | */ |
4659 | | /* crashes in user code */ |
4660 | 27.9k | if (!bitspersample_read) |
4661 | 13.5k | { |
4662 | 13.5k | fip = TIFFFieldWithTag(tif, dp->tdir_tag); |
4663 | 13.5k | TIFFWarningExtR( |
4664 | 13.5k | tif, module, |
4665 | 13.5k | "Ignoring %s since BitsPerSample tag not found", |
4666 | 13.5k | fip ? fip->field_name : "unknown tagname"); |
4667 | 13.5k | continue; |
4668 | 13.5k | } |
4669 | | /* ColorMap or TransferFunction for high bit */ |
4670 | | /* depths do not make much sense and could be */ |
4671 | | /* used as a denial of service vector */ |
4672 | 14.3k | if (tif->tif_dir.td_bitspersample > 24) |
4673 | 2.08k | { |
4674 | 2.08k | fip = TIFFFieldWithTag(tif, dp->tdir_tag); |
4675 | 2.08k | TIFFWarningExtR( |
4676 | 2.08k | tif, module, |
4677 | 2.08k | "Ignoring %s because BitsPerSample=%" PRIu16 ">24", |
4678 | 2.08k | fip ? fip->field_name : "unknown tagname", |
4679 | 2.08k | tif->tif_dir.td_bitspersample); |
4680 | 2.08k | continue; |
4681 | 2.08k | } |
4682 | 12.2k | countpersample = (1U << tif->tif_dir.td_bitspersample); |
4683 | 12.2k | if ((dp->tdir_tag == TIFFTAG_TRANSFERFUNCTION) && |
4684 | 12.2k | (dp->tdir_count == (uint64_t)countpersample)) |
4685 | 1.28k | { |
4686 | 1.28k | countrequired = countpersample; |
4687 | 1.28k | incrementpersample = 0; |
4688 | 1.28k | } |
4689 | 11.0k | else |
4690 | 11.0k | { |
4691 | 11.0k | countrequired = 3 * countpersample; |
4692 | 11.0k | incrementpersample = countpersample; |
4693 | 11.0k | } |
4694 | 12.2k | if (dp->tdir_count != (uint64_t)countrequired) |
4695 | 4.46k | err = TIFFReadDirEntryErrCount; |
4696 | 7.83k | else |
4697 | 7.83k | err = TIFFReadDirEntryShortArray(tif, dp, &value); |
4698 | 12.2k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
4699 | 2 | goto bad; |
4700 | 12.2k | if (err != TIFFReadDirEntryErrOk) |
4701 | 5.26k | { |
4702 | 5.26k | fip = TIFFFieldWithTag(tif, dp->tdir_tag); |
4703 | 5.26k | TIFFReadDirEntryOutputErr( |
4704 | 5.26k | tif, err, module, |
4705 | 5.26k | fip ? fip->field_name : "unknown tagname", 1); |
4706 | 5.26k | } |
4707 | 7.03k | else |
4708 | 7.03k | { |
4709 | 7.03k | TIFFSetField(tif, dp->tdir_tag, value, |
4710 | 7.03k | value + incrementpersample, |
4711 | 7.03k | value + 2 * incrementpersample); |
4712 | 7.03k | _TIFFfreeExt(tif, value); |
4713 | 7.03k | } |
4714 | 12.2k | } |
4715 | 0 | break; |
4716 | | /* BEGIN REV 4.0 COMPATIBILITY */ |
4717 | 0 | case TIFFTAG_OSUBFILETYPE: |
4718 | 0 | { |
4719 | 0 | uint16_t valueo; |
4720 | 0 | uint32_t value; |
4721 | 0 | if (TIFFReadDirEntryShort(tif, dp, &valueo) == |
4722 | 0 | TIFFReadDirEntryErrOk) |
4723 | 0 | { |
4724 | 0 | switch (valueo) |
4725 | 0 | { |
4726 | 0 | case OFILETYPE_REDUCEDIMAGE: |
4727 | 0 | value = FILETYPE_REDUCEDIMAGE; |
4728 | 0 | break; |
4729 | 0 | case OFILETYPE_PAGE: |
4730 | 0 | value = FILETYPE_PAGE; |
4731 | 0 | break; |
4732 | 0 | default: |
4733 | 0 | value = 0; |
4734 | 0 | break; |
4735 | 0 | } |
4736 | 0 | if (value != 0) |
4737 | 0 | TIFFSetField(tif, TIFFTAG_SUBFILETYPE, value); |
4738 | 0 | } |
4739 | 0 | } |
4740 | 0 | break; |
4741 | | /* END REV 4.0 COMPATIBILITY */ |
4742 | | #if 0 |
4743 | | case TIFFTAG_EP_BATTERYLEVEL: |
4744 | | /* TIFFTAG_EP_BATTERYLEVEL can be RATIONAL or ASCII. |
4745 | | * LibTiff defines it as ASCII and converts RATIONAL to an |
4746 | | * ASCII string. */ |
4747 | | switch (dp->tdir_type) |
4748 | | { |
4749 | | case TIFF_RATIONAL: |
4750 | | { |
4751 | | /* Read rational and convert to ASCII*/ |
4752 | | enum TIFFReadDirEntryErr err; |
4753 | | TIFFRational_t rValue; |
4754 | | err = TIFFReadDirEntryCheckedRationalDirect( |
4755 | | tif, dp, &rValue); |
4756 | | if (err != TIFFReadDirEntryErrOk) |
4757 | | { |
4758 | | fip = TIFFFieldWithTag(tif, dp->tdir_tag); |
4759 | | TIFFReadDirEntryOutputErr( |
4760 | | tif, err, module, |
4761 | | fip ? fip->field_name : "unknown tagname", |
4762 | | 1); |
4763 | | } |
4764 | | else |
4765 | | { |
4766 | | char szAux[32]; |
4767 | | snprintf(szAux, sizeof(szAux) - 1, "%d/%d", |
4768 | | rValue.uNum, rValue.uDenom); |
4769 | | TIFFSetField(tif, dp->tdir_tag, szAux); |
4770 | | } |
4771 | | } |
4772 | | break; |
4773 | | case TIFF_ASCII: |
4774 | | (void)TIFFFetchNormalTag(tif, dp, TRUE); |
4775 | | break; |
4776 | | default: |
4777 | | fip = TIFFFieldWithTag(tif, dp->tdir_tag); |
4778 | | TIFFWarningExtR(tif, module, |
4779 | | "Invalid data type for tag %s. " |
4780 | | "ASCII or RATIONAL expected", |
4781 | | fip ? fip->field_name |
4782 | | : "unknown tagname"); |
4783 | | break; |
4784 | | } |
4785 | | break; |
4786 | | #endif |
4787 | 30.8M | default: |
4788 | 30.8M | (void)TIFFFetchNormalTag(tif, dp, TRUE); |
4789 | 30.8M | break; |
4790 | 34.8M | } /* -- switch (dp->tdir_tag) -- */ |
4791 | 34.8M | } /* -- if (!dp->tdir_ignore) */ |
4792 | 87.4M | } /* -- for-loop -- */ |
4793 | | |
4794 | | /* Evaluate final IFD data size. */ |
4795 | 1.27M | CalcFinalIFDdatasizeReading(tif, dircount); |
4796 | | |
4797 | | /* |
4798 | | * OJPEG hack: |
4799 | | * - If a) compression is OJPEG, and b) photometric tag is missing, |
4800 | | * then we consistently find that photometric should be YCbCr |
4801 | | * - If a) compression is OJPEG, and b) photometric tag says it's RGB, |
4802 | | * then we consistently find that the buggy implementation of the |
4803 | | * buggy compression scheme matches photometric YCbCr instead. |
4804 | | * - If a) compression is OJPEG, and b) bitspersample tag is missing, |
4805 | | * then we consistently find bitspersample should be 8. |
4806 | | * - If a) compression is OJPEG, b) samplesperpixel tag is missing, |
4807 | | * and c) photometric is RGB or YCbCr, then we consistently find |
4808 | | * samplesperpixel should be 3 |
4809 | | * - If a) compression is OJPEG, b) samplesperpixel tag is missing, |
4810 | | * and c) photometric is MINISWHITE or MINISBLACK, then we consistently |
4811 | | * find samplesperpixel should be 3 |
4812 | | */ |
4813 | 1.27M | if (tif->tif_dir.td_compression == COMPRESSION_OJPEG) |
4814 | 38.9k | { |
4815 | 38.9k | if (!TIFFFieldSet(tif, FIELD_PHOTOMETRIC)) |
4816 | 33.4k | { |
4817 | 33.4k | TIFFWarningExtR( |
4818 | 33.4k | tif, module, |
4819 | 33.4k | "Photometric tag is missing, assuming data is YCbCr"); |
4820 | 33.4k | if (!TIFFSetField(tif, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_YCBCR)) |
4821 | 0 | goto bad; |
4822 | 33.4k | } |
4823 | 5.54k | else if (tif->tif_dir.td_photometric == PHOTOMETRIC_RGB) |
4824 | 670 | { |
4825 | 670 | tif->tif_dir.td_photometric = PHOTOMETRIC_YCBCR; |
4826 | 670 | TIFFWarningExtR(tif, module, |
4827 | 670 | "Photometric tag value assumed incorrect, " |
4828 | 670 | "assuming data is YCbCr instead of RGB"); |
4829 | 670 | } |
4830 | 38.9k | if (!TIFFFieldSet(tif, FIELD_BITSPERSAMPLE)) |
4831 | 32.6k | { |
4832 | 32.6k | TIFFWarningExtR( |
4833 | 32.6k | tif, module, |
4834 | 32.6k | "BitsPerSample tag is missing, assuming 8 bits per sample"); |
4835 | 32.6k | if (!TIFFSetField(tif, TIFFTAG_BITSPERSAMPLE, 8)) |
4836 | 0 | goto bad; |
4837 | 32.6k | } |
4838 | 38.9k | if (!TIFFFieldSet(tif, FIELD_SAMPLESPERPIXEL)) |
4839 | 34.2k | { |
4840 | 34.2k | if (tif->tif_dir.td_photometric == PHOTOMETRIC_RGB) |
4841 | 0 | { |
4842 | 0 | TIFFWarningExtR(tif, module, |
4843 | 0 | "SamplesPerPixel tag is missing, " |
4844 | 0 | "assuming correct SamplesPerPixel value is 3"); |
4845 | 0 | if (!TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, 3)) |
4846 | 0 | goto bad; |
4847 | 0 | } |
4848 | 34.2k | if (tif->tif_dir.td_photometric == PHOTOMETRIC_YCBCR) |
4849 | 31.8k | { |
4850 | 31.8k | TIFFWarningExtR(tif, module, |
4851 | 31.8k | "SamplesPerPixel tag is missing, " |
4852 | 31.8k | "applying correct SamplesPerPixel value of 3"); |
4853 | 31.8k | if (!TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, 3)) |
4854 | 0 | goto bad; |
4855 | 31.8k | } |
4856 | 2.35k | else if ((tif->tif_dir.td_photometric == PHOTOMETRIC_MINISWHITE) || |
4857 | 2.35k | (tif->tif_dir.td_photometric == PHOTOMETRIC_MINISBLACK)) |
4858 | 1.04k | { |
4859 | | /* |
4860 | | * SamplesPerPixel tag is missing, but is not required |
4861 | | * by spec. Assume correct SamplesPerPixel value of 1. |
4862 | | */ |
4863 | 1.04k | if (!TIFFSetField(tif, TIFFTAG_SAMPLESPERPIXEL, 1)) |
4864 | 0 | goto bad; |
4865 | 1.04k | } |
4866 | 34.2k | } |
4867 | 38.9k | } |
4868 | | |
4869 | | /* |
4870 | | * Setup appropriate structures (by strip or by tile) |
4871 | | * We do that only after the above OJPEG hack which alters SamplesPerPixel |
4872 | | * and thus influences the number of strips in the separate planarconfig. |
4873 | | */ |
4874 | 1.27M | if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) |
4875 | 1.10M | { |
4876 | 1.10M | tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif); |
4877 | 1.10M | tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth; |
4878 | 1.10M | tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip; |
4879 | 1.10M | tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth; |
4880 | 1.10M | tif->tif_flags &= ~TIFF_ISTILED; |
4881 | 1.10M | } |
4882 | 167k | else |
4883 | 167k | { |
4884 | 167k | tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif); |
4885 | 167k | tif->tif_flags |= TIFF_ISTILED; |
4886 | 167k | } |
4887 | 1.27M | if (!tif->tif_dir.td_nstrips) |
4888 | 1.26k | { |
4889 | 1.26k | TIFFErrorExtR(tif, module, "Cannot handle zero number of %s", |
4890 | 1.26k | isTiled(tif) ? "tiles" : "strips"); |
4891 | 1.26k | goto bad; |
4892 | 1.26k | } |
4893 | 1.27M | tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips; |
4894 | 1.27M | if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE) |
4895 | 18.6k | tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel; |
4896 | 1.27M | if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) |
4897 | 16.6k | { |
4898 | 16.6k | #ifdef OJPEG_SUPPORT |
4899 | 16.6k | if ((tif->tif_dir.td_compression == COMPRESSION_OJPEG) && |
4900 | 16.6k | (isTiled(tif) == 0) && (tif->tif_dir.td_nstrips == 1)) |
4901 | 9.53k | { |
4902 | | /* |
4903 | | * XXX: OJPEG hack. |
4904 | | * If a) compression is OJPEG, b) it's not a tiled TIFF, |
4905 | | * and c) the number of strips is 1, |
4906 | | * then we tolerate the absence of stripoffsets tag, |
4907 | | * because, presumably, all required data is in the |
4908 | | * JpegInterchangeFormat stream. |
4909 | | */ |
4910 | 9.53k | TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS); |
4911 | 9.53k | } |
4912 | 7.09k | else |
4913 | 7.09k | #endif |
4914 | 7.09k | { |
4915 | 7.09k | MissingRequired(tif, isTiled(tif) ? "TileOffsets" : "StripOffsets"); |
4916 | 7.09k | goto bad; |
4917 | 7.09k | } |
4918 | 16.6k | } |
4919 | | |
4920 | 1.26M | if (tif->tif_mode == O_RDWR && |
4921 | 1.26M | tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 && |
4922 | 1.26M | tif->tif_dir.td_stripoffset_entry.tdir_count == 0 && |
4923 | 1.26M | tif->tif_dir.td_stripoffset_entry.tdir_type == 0 && |
4924 | 1.26M | tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 && |
4925 | 1.26M | tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 && |
4926 | 1.26M | tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 && |
4927 | 1.26M | tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 && |
4928 | 1.26M | tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0) |
4929 | 0 | { |
4930 | | /* Directory typically created with TIFFDeferStrileArrayWriting() */ |
4931 | 0 | TIFFSetupStrips(tif); |
4932 | 0 | } |
4933 | 1.26M | else if (!(tif->tif_flags & TIFF_DEFERSTRILELOAD)) |
4934 | 615k | { |
4935 | 615k | if (tif->tif_dir.td_stripoffset_entry.tdir_tag != 0) |
4936 | 615k | { |
4937 | 615k | if (!TIFFFetchStripThing(tif, &(tif->tif_dir.td_stripoffset_entry), |
4938 | 615k | tif->tif_dir.td_nstrips, |
4939 | 615k | &tif->tif_dir.td_stripoffset_p)) |
4940 | 0 | { |
4941 | 0 | goto bad; |
4942 | 0 | } |
4943 | 615k | } |
4944 | 615k | if (tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0) |
4945 | 615k | { |
4946 | 615k | if (!TIFFFetchStripThing( |
4947 | 615k | tif, &(tif->tif_dir.td_stripbytecount_entry), |
4948 | 615k | tif->tif_dir.td_nstrips, &tif->tif_dir.td_stripbytecount_p)) |
4949 | 0 | { |
4950 | 0 | goto bad; |
4951 | 0 | } |
4952 | 615k | } |
4953 | 615k | } |
4954 | | |
4955 | | /* |
4956 | | * Make sure all non-color channels are extrasamples. |
4957 | | * If it's not the case, define them as such. |
4958 | | */ |
4959 | 1.26M | color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric); |
4960 | 1.26M | if (color_channels && |
4961 | 1.26M | tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > |
4962 | 1.25M | color_channels) |
4963 | 92.1k | { |
4964 | 92.1k | uint16_t old_extrasamples; |
4965 | 92.1k | uint16_t *new_sampleinfo; |
4966 | | |
4967 | 92.1k | TIFFWarningExtR( |
4968 | 92.1k | tif, module, |
4969 | 92.1k | "Sum of Photometric type-related " |
4970 | 92.1k | "color channels and ExtraSamples doesn't match SamplesPerPixel. " |
4971 | 92.1k | "Defining non-color channels as ExtraSamples."); |
4972 | | |
4973 | 92.1k | old_extrasamples = tif->tif_dir.td_extrasamples; |
4974 | 92.1k | tif->tif_dir.td_extrasamples = |
4975 | 92.1k | (uint16_t)(tif->tif_dir.td_samplesperpixel - color_channels); |
4976 | | |
4977 | | // sampleinfo should contain information relative to these new extra |
4978 | | // samples |
4979 | 92.1k | new_sampleinfo = (uint16_t *)_TIFFcallocExt( |
4980 | 92.1k | tif, tif->tif_dir.td_extrasamples, sizeof(uint16_t)); |
4981 | 92.1k | if (!new_sampleinfo) |
4982 | 0 | { |
4983 | 0 | TIFFErrorExtR(tif, module, |
4984 | 0 | "Failed to allocate memory for " |
4985 | 0 | "temporary new sampleinfo array " |
4986 | 0 | "(%" PRIu16 " 16 bit elements)", |
4987 | 0 | tif->tif_dir.td_extrasamples); |
4988 | 0 | goto bad; |
4989 | 0 | } |
4990 | | |
4991 | 92.1k | if (old_extrasamples > 0) |
4992 | 3.96k | memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, |
4993 | 3.96k | old_extrasamples * sizeof(uint16_t)); |
4994 | 92.1k | _TIFFsetShortArrayExt(tif, &tif->tif_dir.td_sampleinfo, new_sampleinfo, |
4995 | 92.1k | tif->tif_dir.td_extrasamples); |
4996 | 92.1k | _TIFFfreeExt(tif, new_sampleinfo); |
4997 | 92.1k | } |
4998 | | |
4999 | | /* |
5000 | | * Verify Palette image has a Colormap. |
5001 | | */ |
5002 | 1.26M | if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE && |
5003 | 1.26M | !TIFFFieldSet(tif, FIELD_COLORMAP)) |
5004 | 1.27k | { |
5005 | 1.27k | if (tif->tif_dir.td_bitspersample >= 8 && |
5006 | 1.27k | tif->tif_dir.td_samplesperpixel == 3) |
5007 | 291 | tif->tif_dir.td_photometric = PHOTOMETRIC_RGB; |
5008 | 988 | else if (tif->tif_dir.td_bitspersample >= 8) |
5009 | 949 | tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK; |
5010 | 39 | else |
5011 | 39 | { |
5012 | 39 | MissingRequired(tif, "Colormap"); |
5013 | 39 | goto bad; |
5014 | 39 | } |
5015 | 1.27k | } |
5016 | | /* |
5017 | | * OJPEG hack: |
5018 | | * We do no further messing with strip/tile offsets/bytecounts in OJPEG |
5019 | | * TIFFs |
5020 | | */ |
5021 | 1.26M | if (tif->tif_dir.td_compression != COMPRESSION_OJPEG) |
5022 | 1.22M | { |
5023 | | /* |
5024 | | * Attempt to deal with a missing StripByteCounts tag. |
5025 | | */ |
5026 | 1.22M | if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) |
5027 | 121k | { |
5028 | | /* |
5029 | | * Some manufacturers violate the spec by not giving |
5030 | | * the size of the strips. In this case, assume there |
5031 | | * is one uncompressed strip of data. |
5032 | | */ |
5033 | 121k | if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG && |
5034 | 121k | tif->tif_dir.td_nstrips > 1) || |
5035 | 121k | (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE && |
5036 | 120k | tif->tif_dir.td_nstrips != |
5037 | 2.74k | (uint32_t)tif->tif_dir.td_samplesperpixel)) |
5038 | 824 | { |
5039 | 824 | MissingRequired(tif, "StripByteCounts"); |
5040 | 824 | goto bad; |
5041 | 824 | } |
5042 | 120k | TIFFWarningExtR( |
5043 | 120k | tif, module, |
5044 | 120k | "TIFF directory is missing required " |
5045 | 120k | "\"StripByteCounts\" field, calculating from imagelength"); |
5046 | 120k | if (EstimateStripByteCounts(tif, dir, dircount) < 0) |
5047 | 2.39k | goto bad; |
5048 | 120k | } |
5049 | 1.10M | else if (tif->tif_dir.td_nstrips == 1 && |
5050 | 1.10M | !(tif->tif_flags & TIFF_ISTILED) && ByteCountLooksBad(tif)) |
5051 | 58.8k | { |
5052 | | /* |
5053 | | * XXX: Plexus (and others) sometimes give a value of |
5054 | | * zero for a tag when they don't know what the |
5055 | | * correct value is! Try and handle the simple case |
5056 | | * of estimating the size of a one strip image. |
5057 | | */ |
5058 | 58.8k | TIFFWarningExtR(tif, module, |
5059 | 58.8k | "Bogus \"StripByteCounts\" field, ignoring and " |
5060 | 58.8k | "calculating from imagelength"); |
5061 | 58.8k | if (EstimateStripByteCounts(tif, dir, dircount) < 0) |
5062 | 537 | goto bad; |
5063 | 58.8k | } |
5064 | 1.04M | else if (!(tif->tif_flags & TIFF_DEFERSTRILELOAD) && |
5065 | 1.04M | tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG && |
5066 | 1.04M | tif->tif_dir.td_nstrips > 2 && |
5067 | 1.04M | tif->tif_dir.td_compression == COMPRESSION_NONE && |
5068 | 1.04M | TIFFGetStrileByteCount(tif, 0) != |
5069 | 4.69k | TIFFGetStrileByteCount(tif, 1) && |
5070 | 1.04M | TIFFGetStrileByteCount(tif, 0) != 0 && |
5071 | 1.04M | TIFFGetStrileByteCount(tif, 1) != 0) |
5072 | 0 | { |
5073 | | /* |
5074 | | * XXX: Some vendors fill StripByteCount array with |
5075 | | * absolutely wrong values (it can be equal to |
5076 | | * StripOffset array, for example). Catch this case |
5077 | | * here. |
5078 | | * |
5079 | | * We avoid this check if deferring strile loading |
5080 | | * as it would always force us to load the strip/tile |
5081 | | * information. |
5082 | | */ |
5083 | 0 | TIFFWarningExtR(tif, module, |
5084 | 0 | "Wrong \"StripByteCounts\" field, ignoring and " |
5085 | 0 | "calculating from imagelength"); |
5086 | 0 | if (EstimateStripByteCounts(tif, dir, dircount) < 0) |
5087 | 0 | goto bad; |
5088 | 0 | } |
5089 | 1.22M | } |
5090 | 1.26M | if (dir) |
5091 | 1.26M | { |
5092 | 1.26M | _TIFFfreeExt(tif, dir); |
5093 | 1.26M | dir = NULL; |
5094 | 1.26M | } |
5095 | 1.26M | if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE)) |
5096 | 1.25M | { |
5097 | 1.25M | if (tif->tif_dir.td_bitspersample >= 16) |
5098 | 247k | tif->tif_dir.td_maxsamplevalue = 0xFFFF; |
5099 | 1.00M | else |
5100 | 1.00M | tif->tif_dir.td_maxsamplevalue = |
5101 | 1.00M | (uint16_t)((1L << tif->tif_dir.td_bitspersample) - 1); |
5102 | 1.25M | } |
5103 | | |
5104 | | #ifdef STRIPBYTECOUNTSORTED_UNUSED |
5105 | | /* |
5106 | | * XXX: We can optimize checking for the strip bounds using the sorted |
5107 | | * bytecounts array. See also comments for TIFFAppendToStrip() |
5108 | | * function in tif_write.c. |
5109 | | */ |
5110 | | if (!(tif->tif_flags & TIFF_DEFERSTRILELOAD) && tif->tif_dir.td_nstrips > 1) |
5111 | | { |
5112 | | uint32_t strip; |
5113 | | |
5114 | | tif->tif_dir.td_stripbytecountsorted = 1; |
5115 | | for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) |
5116 | | { |
5117 | | if (TIFFGetStrileOffset(tif, strip - 1) > |
5118 | | TIFFGetStrileOffset(tif, strip)) |
5119 | | { |
5120 | | tif->tif_dir.td_stripbytecountsorted = 0; |
5121 | | break; |
5122 | | } |
5123 | | } |
5124 | | } |
5125 | | #endif |
5126 | | |
5127 | | /* |
5128 | | * An opportunity for compression mode dependent tag fixup |
5129 | | */ |
5130 | 1.26M | (*tif->tif_fixuptags)(tif); |
5131 | | |
5132 | | /* |
5133 | | * Some manufacturers make life difficult by writing |
5134 | | * large amounts of uncompressed data as a single strip. |
5135 | | * This is contrary to the recommendations of the spec. |
5136 | | * The following makes an attempt at breaking such images |
5137 | | * into strips closer to the recommended 8k bytes. A |
5138 | | * side effect, however, is that the RowsPerStrip tag |
5139 | | * value may be changed. |
5140 | | */ |
5141 | 1.26M | if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG) && |
5142 | 1.26M | (tif->tif_dir.td_nstrips == 1) && |
5143 | 1.26M | (tif->tif_dir.td_compression == COMPRESSION_NONE) && |
5144 | 1.26M | ((tif->tif_flags & (TIFF_STRIPCHOP | TIFF_ISTILED)) == TIFF_STRIPCHOP)) |
5145 | 281k | { |
5146 | 281k | ChopUpSingleUncompressedStrip(tif); |
5147 | 281k | } |
5148 | | |
5149 | | /* There are also uncompressed striped files with strips larger than */ |
5150 | | /* 2 GB, which make them unfriendly with a lot of code. If possible, */ |
5151 | | /* try to expose smaller "virtual" strips. */ |
5152 | 1.26M | if (tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG && |
5153 | 1.26M | tif->tif_dir.td_compression == COMPRESSION_NONE && |
5154 | 1.26M | (tif->tif_flags & (TIFF_STRIPCHOP | TIFF_ISTILED)) == TIFF_STRIPCHOP && |
5155 | 1.26M | TIFFStripSize64(tif) > 0x7FFFFFFFUL) |
5156 | 21.2k | { |
5157 | 21.2k | TryChopUpUncompressedBigTiff(tif); |
5158 | 21.2k | } |
5159 | | |
5160 | | /* |
5161 | | * Clear the dirty directory flag. |
5162 | | */ |
5163 | 1.26M | tif->tif_flags &= ~TIFF_DIRTYDIRECT; |
5164 | 1.26M | tif->tif_flags &= ~TIFF_DIRTYSTRIP; |
5165 | | |
5166 | | /* |
5167 | | * Reinitialize i/o since we are starting on a new directory. |
5168 | | */ |
5169 | 1.26M | tif->tif_row = (uint32_t)-1; |
5170 | 1.26M | tif->tif_curstrip = (uint32_t)-1; |
5171 | 1.26M | tif->tif_col = (uint32_t)-1; |
5172 | 1.26M | tif->tif_curtile = (uint32_t)-1; |
5173 | 1.26M | tif->tif_tilesize = (tmsize_t)-1; |
5174 | | |
5175 | 1.26M | tif->tif_scanlinesize = TIFFScanlineSize(tif); |
5176 | 1.26M | if (!tif->tif_scanlinesize) |
5177 | 2.26k | { |
5178 | 2.26k | TIFFErrorExtR(tif, module, "Cannot handle zero scanline size"); |
5179 | 2.26k | return (0); |
5180 | 2.26k | } |
5181 | | |
5182 | 1.26M | if (isTiled(tif)) |
5183 | 166k | { |
5184 | 166k | tif->tif_tilesize = TIFFTileSize(tif); |
5185 | 166k | if (!tif->tif_tilesize) |
5186 | 24 | { |
5187 | 24 | TIFFErrorExtR(tif, module, "Cannot handle zero tile size"); |
5188 | 24 | return (0); |
5189 | 24 | } |
5190 | 166k | } |
5191 | 1.09M | else |
5192 | 1.09M | { |
5193 | 1.09M | if (!TIFFStripSize(tif)) |
5194 | 5.23k | { |
5195 | 5.23k | TIFFErrorExtR(tif, module, "Cannot handle zero strip size"); |
5196 | 5.23k | return (0); |
5197 | 5.23k | } |
5198 | 1.09M | } |
5199 | 1.25M | return (1); |
5200 | 22.6k | bad: |
5201 | 22.6k | if (dir) |
5202 | 22.6k | _TIFFfreeExt(tif, dir); |
5203 | 22.6k | return (0); |
5204 | 1.26M | } /*-- TIFFReadDirectory() --*/ |
5205 | | |
5206 | | static void TIFFReadDirectoryCheckOrder(TIFF *tif, TIFFDirEntry *dir, |
5207 | | uint16_t dircount) |
5208 | 1.28M | { |
5209 | 1.28M | static const char module[] = "TIFFReadDirectoryCheckOrder"; |
5210 | 1.28M | uint32_t m; |
5211 | 1.28M | uint16_t n; |
5212 | 1.28M | TIFFDirEntry *o; |
5213 | 1.28M | m = 0; |
5214 | 10.1M | for (n = 0, o = dir; n < dircount; n++, o++) |
5215 | 9.45M | { |
5216 | 9.45M | if (o->tdir_tag < m) |
5217 | 641k | { |
5218 | 641k | TIFFWarningExtR(tif, module, |
5219 | 641k | "Invalid TIFF directory; tags are not sorted in " |
5220 | 641k | "ascending order"); |
5221 | 641k | break; |
5222 | 641k | } |
5223 | 8.81M | m = o->tdir_tag + 1; |
5224 | 8.81M | } |
5225 | 1.28M | } |
5226 | | |
5227 | | static TIFFDirEntry *TIFFReadDirectoryFindEntry(TIFF *tif, TIFFDirEntry *dir, |
5228 | | uint16_t dircount, |
5229 | | uint16_t tagid) |
5230 | 2.56M | { |
5231 | 2.56M | TIFFDirEntry *m; |
5232 | 2.56M | uint16_t n; |
5233 | 2.56M | (void)tif; |
5234 | 116M | for (m = dir, n = 0; n < dircount; m++, n++) |
5235 | 116M | { |
5236 | 116M | if (m->tdir_tag == tagid) |
5237 | 1.72M | return (m); |
5238 | 116M | } |
5239 | 849k | return (0); |
5240 | 2.56M | } |
5241 | | |
5242 | | static void TIFFReadDirectoryFindFieldInfo(TIFF *tif, uint16_t tagid, |
5243 | | uint32_t *fii) |
5244 | 104M | { |
5245 | 104M | int32_t ma, mb, mc; |
5246 | 104M | ma = -1; |
5247 | 104M | mc = (int32_t)tif->tif_nfields; |
5248 | 810M | while (1) |
5249 | 810M | { |
5250 | 810M | if (ma + 1 == mc) |
5251 | 28.6M | { |
5252 | 28.6M | *fii = FAILED_FII; |
5253 | 28.6M | return; |
5254 | 28.6M | } |
5255 | 781M | mb = (ma + mc) / 2; |
5256 | 781M | if (tif->tif_fields[mb]->field_tag == (uint32_t)tagid) |
5257 | 76.2M | break; |
5258 | 705M | if (tif->tif_fields[mb]->field_tag < (uint32_t)tagid) |
5259 | 363M | ma = mb; |
5260 | 341M | else |
5261 | 341M | mc = mb; |
5262 | 705M | } |
5263 | 76.2M | while (1) |
5264 | 76.2M | { |
5265 | 76.2M | if (mb == 0) |
5266 | 1.16M | break; |
5267 | 75.0M | if (tif->tif_fields[mb - 1]->field_tag != (uint32_t)tagid) |
5268 | 75.0M | break; |
5269 | 0 | mb--; |
5270 | 0 | } |
5271 | 76.2M | *fii = mb; |
5272 | 76.2M | } |
5273 | | |
5274 | | /* |
5275 | | * Read custom directory from the arbitrary offset. |
5276 | | * The code is very similar to TIFFReadDirectory(). |
5277 | | */ |
5278 | | int TIFFReadCustomDirectory(TIFF *tif, toff_t diroff, |
5279 | | const TIFFFieldArray *infoarray) |
5280 | 0 | { |
5281 | 0 | static const char module[] = "TIFFReadCustomDirectory"; |
5282 | 0 | TIFFDirEntry *dir; |
5283 | 0 | uint16_t dircount; |
5284 | 0 | TIFFDirEntry *dp; |
5285 | 0 | uint16_t di; |
5286 | 0 | const TIFFField *fip; |
5287 | 0 | uint32_t fii; |
5288 | |
|
5289 | 0 | dircount = TIFFFetchDirectory(tif, diroff, &dir, NULL); |
5290 | 0 | if (!dircount) |
5291 | 0 | { |
5292 | 0 | TIFFErrorExtR(tif, module, |
5293 | 0 | "Failed to read custom directory at offset %" PRIu64, |
5294 | 0 | diroff); |
5295 | 0 | return 0; |
5296 | 0 | } |
5297 | 0 | TIFFReadDirectoryCheckOrder(tif, dir, dircount); |
5298 | | |
5299 | | /* |
5300 | | * Mark duplicates of any tag to be ignored (bugzilla 1994) |
5301 | | * to avoid certain pathological problems. |
5302 | | */ |
5303 | 0 | { |
5304 | 0 | TIFFDirEntry *ma; |
5305 | 0 | uint16_t mb; |
5306 | 0 | for (ma = dir, mb = 0; mb < dircount; ma++, mb++) |
5307 | 0 | { |
5308 | 0 | TIFFDirEntry *na; |
5309 | 0 | uint16_t nb; |
5310 | 0 | for (na = ma + 1, nb = mb + 1; nb < dircount; na++, nb++) |
5311 | 0 | { |
5312 | 0 | if (ma->tdir_tag == na->tdir_tag) |
5313 | 0 | { |
5314 | 0 | na->tdir_ignore = TRUE; |
5315 | 0 | } |
5316 | 0 | } |
5317 | 0 | } |
5318 | 0 | } |
5319 | | |
5320 | | /* Free any old stuff and reinit. */ |
5321 | 0 | TIFFFreeDirectory(tif); |
5322 | | /* Even if custom directories do not need the default settings of a standard |
5323 | | * IFD, the pointer to the TIFFSetField() and TIFFGetField() (i.e. |
5324 | | * tif->tif_tagmethods.vsetfield and tif->tif_tagmethods.vgetfield) need to |
5325 | | * be initialized, which is done in TIFFDefaultDirectory(). |
5326 | | * After that, the field array for the custom tags needs to be setup again. |
5327 | | */ |
5328 | 0 | TIFFDefaultDirectory(tif); |
5329 | 0 | _TIFFSetupFields(tif, infoarray); |
5330 | | |
5331 | | /* Allocate arrays for offset values outside IFD entry for IFD data size |
5332 | | * checking. Note: Counter are reset within TIFFFreeDirectory(). */ |
5333 | 0 | tif->tif_dir.td_dirdatasize_offsets = |
5334 | 0 | (TIFFEntryOffsetAndLength *)_TIFFmallocExt( |
5335 | 0 | tif, dircount * sizeof(TIFFEntryOffsetAndLength)); |
5336 | 0 | if (tif->tif_dir.td_dirdatasize_offsets == NULL) |
5337 | 0 | { |
5338 | 0 | TIFFErrorExtR( |
5339 | 0 | tif, module, |
5340 | 0 | "Failed to allocate memory for counting IFD data size at reading"); |
5341 | 0 | if (dir) |
5342 | 0 | _TIFFfreeExt(tif, dir); |
5343 | 0 | return 0; |
5344 | 0 | } |
5345 | | |
5346 | 0 | for (di = 0, dp = dir; di < dircount; di++, dp++) |
5347 | 0 | { |
5348 | 0 | TIFFReadDirectoryFindFieldInfo(tif, dp->tdir_tag, &fii); |
5349 | 0 | if (fii == FAILED_FII) |
5350 | 0 | { |
5351 | 0 | if (tif->tif_warn_about_unknown_tags) |
5352 | 0 | { |
5353 | 0 | TIFFWarningExtR(tif, module, |
5354 | 0 | "Unknown field with tag %" PRIu16 " (0x%" PRIx16 |
5355 | 0 | ") encountered", |
5356 | 0 | dp->tdir_tag, dp->tdir_tag); |
5357 | 0 | } |
5358 | 0 | const TIFFField *fld = _TIFFCreateAnonField( |
5359 | 0 | tif, dp->tdir_tag, (TIFFDataType)dp->tdir_type); |
5360 | 0 | if (fld == NULL || !_TIFFMergeFields(tif, fld, 1)) |
5361 | 0 | { |
5362 | 0 | if (tif->tif_warn_about_unknown_tags) |
5363 | 0 | { |
5364 | 0 | TIFFWarningExtR( |
5365 | 0 | tif, module, |
5366 | 0 | "Registering anonymous field with tag %" PRIu16 |
5367 | 0 | " (0x%" PRIx16 ") failed", |
5368 | 0 | dp->tdir_tag, dp->tdir_tag); |
5369 | 0 | } |
5370 | 0 | dp->tdir_ignore = TRUE; |
5371 | 0 | } |
5372 | 0 | else |
5373 | 0 | { |
5374 | 0 | TIFFReadDirectoryFindFieldInfo(tif, dp->tdir_tag, &fii); |
5375 | 0 | assert(fii != FAILED_FII); |
5376 | 0 | } |
5377 | 0 | } |
5378 | 0 | if (!dp->tdir_ignore) |
5379 | 0 | { |
5380 | 0 | fip = tif->tif_fields[fii]; |
5381 | 0 | if (fip->field_bit == FIELD_IGNORE) |
5382 | 0 | dp->tdir_ignore = TRUE; |
5383 | 0 | else |
5384 | 0 | { |
5385 | | /* check data type */ |
5386 | 0 | while ((fip->field_type != TIFF_ANY) && |
5387 | 0 | (fip->field_type != dp->tdir_type)) |
5388 | 0 | { |
5389 | 0 | fii++; |
5390 | 0 | if ((fii == tif->tif_nfields) || |
5391 | 0 | (tif->tif_fields[fii]->field_tag != |
5392 | 0 | (uint32_t)dp->tdir_tag)) |
5393 | 0 | { |
5394 | 0 | fii = 0xFFFF; |
5395 | 0 | break; |
5396 | 0 | } |
5397 | 0 | fip = tif->tif_fields[fii]; |
5398 | 0 | } |
5399 | 0 | if (fii == 0xFFFF) |
5400 | 0 | { |
5401 | 0 | TIFFWarningExtR(tif, module, |
5402 | 0 | "Wrong data type %" PRIu16 |
5403 | 0 | " for \"%s\"; tag ignored", |
5404 | 0 | dp->tdir_type, fip->field_name); |
5405 | 0 | dp->tdir_ignore = TRUE; |
5406 | 0 | } |
5407 | 0 | else |
5408 | 0 | { |
5409 | | /* check count if known in advance */ |
5410 | 0 | if ((fip->field_readcount != TIFF_VARIABLE) && |
5411 | 0 | (fip->field_readcount != TIFF_VARIABLE2)) |
5412 | 0 | { |
5413 | 0 | uint32_t expected; |
5414 | 0 | if (fip->field_readcount == TIFF_SPP) |
5415 | 0 | expected = |
5416 | 0 | (uint32_t)tif->tif_dir.td_samplesperpixel; |
5417 | 0 | else |
5418 | 0 | expected = (uint32_t)fip->field_readcount; |
5419 | 0 | if (!CheckDirCount(tif, dp, expected)) |
5420 | 0 | dp->tdir_ignore = TRUE; |
5421 | 0 | } |
5422 | 0 | } |
5423 | 0 | } |
5424 | 0 | if (!dp->tdir_ignore) |
5425 | 0 | { |
5426 | 0 | switch (dp->tdir_tag) |
5427 | 0 | { |
5428 | 0 | case EXIFTAG_SUBJECTDISTANCE: |
5429 | 0 | if (!TIFFFieldIsAnonymous(fip)) |
5430 | 0 | { |
5431 | | /* should only be called on a Exif directory */ |
5432 | | /* when exifFields[] is active */ |
5433 | 0 | (void)TIFFFetchSubjectDistance(tif, dp); |
5434 | 0 | } |
5435 | 0 | else |
5436 | 0 | { |
5437 | 0 | (void)TIFFFetchNormalTag(tif, dp, TRUE); |
5438 | 0 | } |
5439 | 0 | break; |
5440 | 0 | default: |
5441 | 0 | (void)TIFFFetchNormalTag(tif, dp, TRUE); |
5442 | 0 | break; |
5443 | 0 | } |
5444 | 0 | } /*-- if (!dp->tdir_ignore) */ |
5445 | 0 | } |
5446 | 0 | } |
5447 | | /* Evaluate final IFD data size. */ |
5448 | 0 | CalcFinalIFDdatasizeReading(tif, dircount); |
5449 | | |
5450 | | /* To be able to return from SubIFD or custom-IFD to main-IFD */ |
5451 | 0 | tif->tif_setdirectory_force_absolute = TRUE; |
5452 | 0 | if (dir) |
5453 | 0 | _TIFFfreeExt(tif, dir); |
5454 | 0 | return 1; |
5455 | 0 | } |
5456 | | |
5457 | | /* |
5458 | | * EXIF is important special case of custom IFD, so we have a special |
5459 | | * function to read it. |
5460 | | */ |
5461 | | int TIFFReadEXIFDirectory(TIFF *tif, toff_t diroff) |
5462 | 0 | { |
5463 | 0 | return TIFFReadCustomDirectory(tif, diroff, _TIFFGetExifFields()); |
5464 | 0 | } |
5465 | | |
5466 | | /* |
5467 | | *--: EXIF-GPS custom directory reading as another special case of custom IFD. |
5468 | | */ |
5469 | | int TIFFReadGPSDirectory(TIFF *tif, toff_t diroff) |
5470 | 0 | { |
5471 | 0 | return TIFFReadCustomDirectory(tif, diroff, _TIFFGetGpsFields()); |
5472 | 0 | } |
5473 | | |
5474 | | static int EstimateStripByteCounts(TIFF *tif, TIFFDirEntry *dir, |
5475 | | uint16_t dircount) |
5476 | 179k | { |
5477 | 179k | static const char module[] = "EstimateStripByteCounts"; |
5478 | | |
5479 | 179k | TIFFDirEntry *dp; |
5480 | 179k | TIFFDirectory *td = &tif->tif_dir; |
5481 | 179k | uint32_t strip; |
5482 | | |
5483 | | /* Do not try to load stripbytecount as we will compute it */ |
5484 | 179k | if (!_TIFFFillStrilesInternal(tif, 0)) |
5485 | 1.97k | return -1; |
5486 | | |
5487 | 177k | const uint64_t allocsize = (uint64_t)td->td_nstrips * sizeof(uint64_t); |
5488 | 177k | uint64_t filesize = 0; |
5489 | 177k | if (allocsize > 100 * 1024 * 1024) |
5490 | 0 | { |
5491 | | /* Before allocating a huge amount of memory for corrupted files, check |
5492 | | * if size of requested memory is not greater than file size. */ |
5493 | 0 | filesize = TIFFGetFileSize(tif); |
5494 | 0 | if (allocsize > filesize) |
5495 | 0 | { |
5496 | 0 | TIFFWarningExtR( |
5497 | 0 | tif, module, |
5498 | 0 | "Requested memory size for StripByteCounts of %" PRIu64 |
5499 | 0 | " is greater than filesize %" PRIu64 ". Memory not allocated", |
5500 | 0 | allocsize, filesize); |
5501 | 0 | return -1; |
5502 | 0 | } |
5503 | 0 | } |
5504 | | |
5505 | 177k | if (td->td_stripbytecount_p) |
5506 | 24.8k | _TIFFfreeExt(tif, td->td_stripbytecount_p); |
5507 | 177k | td->td_stripbytecount_p = (uint64_t *)_TIFFCheckMalloc( |
5508 | 177k | tif, td->td_nstrips, sizeof(uint64_t), "for \"StripByteCounts\" array"); |
5509 | 177k | if (td->td_stripbytecount_p == NULL) |
5510 | 0 | return -1; |
5511 | | |
5512 | 177k | if (td->td_compression != COMPRESSION_NONE) |
5513 | 39.7k | { |
5514 | 39.7k | uint64_t space; |
5515 | 39.7k | uint16_t n; |
5516 | 39.7k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
5517 | 39.5k | space = sizeof(TIFFHeaderClassic) + 2 + dircount * 12 + 4; |
5518 | 194 | else |
5519 | 194 | space = sizeof(TIFFHeaderBig) + 8 + dircount * 20 + 8; |
5520 | | /* calculate amount of space used by indirect values */ |
5521 | 433k | for (dp = dir, n = dircount; n > 0; n--, dp++) |
5522 | 394k | { |
5523 | 394k | uint32_t typewidth; |
5524 | 394k | uint64_t datasize; |
5525 | 394k | typewidth = TIFFDataWidth((TIFFDataType)dp->tdir_type); |
5526 | 394k | if (typewidth == 0) |
5527 | 883 | { |
5528 | 883 | TIFFErrorExtR( |
5529 | 883 | tif, module, |
5530 | 883 | "Cannot determine size of unknown tag type %" PRIu16, |
5531 | 883 | dp->tdir_type); |
5532 | 883 | return -1; |
5533 | 883 | } |
5534 | 394k | if (dp->tdir_count > UINT64_MAX / typewidth) |
5535 | 3 | return -1; |
5536 | 394k | datasize = (uint64_t)typewidth * dp->tdir_count; |
5537 | 394k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
5538 | 393k | { |
5539 | 393k | if (datasize <= 4) |
5540 | 237k | datasize = 0; |
5541 | 393k | } |
5542 | 1.06k | else |
5543 | 1.06k | { |
5544 | 1.06k | if (datasize <= 8) |
5545 | 626 | datasize = 0; |
5546 | 1.06k | } |
5547 | 394k | if (space > UINT64_MAX - datasize) |
5548 | 33 | return -1; |
5549 | 394k | space += datasize; |
5550 | 394k | } |
5551 | 38.8k | if (filesize == 0) |
5552 | 38.8k | filesize = TIFFGetFileSize(tif); |
5553 | 38.8k | if (filesize < space) |
5554 | | /* we should perhaps return in error ? */ |
5555 | 29.4k | space = filesize; |
5556 | 9.34k | else |
5557 | 9.34k | space = filesize - space; |
5558 | 38.8k | if (td->td_planarconfig == PLANARCONFIG_SEPARATE) |
5559 | 1.06k | space /= td->td_samplesperpixel; |
5560 | 444k | for (strip = 0; strip < td->td_nstrips; strip++) |
5561 | 405k | td->td_stripbytecount_p[strip] = space; |
5562 | | /* |
5563 | | * This gross hack handles the case were the offset to |
5564 | | * the last strip is past the place where we think the strip |
5565 | | * should begin. Since a strip of data must be contiguous, |
5566 | | * it's safe to assume that we've overestimated the amount |
5567 | | * of data in the strip and trim this number back accordingly. |
5568 | | */ |
5569 | 38.8k | strip--; |
5570 | 38.8k | if (td->td_stripoffset_p[strip] > |
5571 | 38.8k | UINT64_MAX - td->td_stripbytecount_p[strip]) |
5572 | 4 | return -1; |
5573 | 38.8k | if (td->td_stripoffset_p[strip] + td->td_stripbytecount_p[strip] > |
5574 | 38.8k | filesize) |
5575 | 32.6k | { |
5576 | 32.6k | if (td->td_stripoffset_p[strip] >= filesize) |
5577 | 9.41k | { |
5578 | | /* Not sure what we should in that case... */ |
5579 | 9.41k | td->td_stripbytecount_p[strip] = 0; |
5580 | 9.41k | } |
5581 | 23.2k | else |
5582 | 23.2k | { |
5583 | 23.2k | td->td_stripbytecount_p[strip] = |
5584 | 23.2k | filesize - td->td_stripoffset_p[strip]; |
5585 | 23.2k | } |
5586 | 32.6k | } |
5587 | 38.8k | } |
5588 | 137k | else if (isTiled(tif)) |
5589 | 11.5k | { |
5590 | 11.5k | uint64_t bytespertile = TIFFTileSize64(tif); |
5591 | | |
5592 | 98.8k | for (strip = 0; strip < td->td_nstrips; strip++) |
5593 | 87.3k | td->td_stripbytecount_p[strip] = bytespertile; |
5594 | 11.5k | } |
5595 | 126k | else |
5596 | 126k | { |
5597 | 126k | uint64_t rowbytes = TIFFScanlineSize64(tif); |
5598 | 126k | uint32_t rowsperstrip = td->td_imagelength / td->td_stripsperimage; |
5599 | 1.07M | for (strip = 0; strip < td->td_nstrips; strip++) |
5600 | 943k | { |
5601 | 943k | if (rowbytes > 0 && rowsperstrip > UINT64_MAX / rowbytes) |
5602 | 31 | return -1; |
5603 | 943k | td->td_stripbytecount_p[strip] = rowbytes * rowsperstrip; |
5604 | 943k | } |
5605 | 126k | } |
5606 | 176k | TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS); |
5607 | 176k | if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP)) |
5608 | 143k | td->td_rowsperstrip = td->td_imagelength; |
5609 | 176k | return 1; |
5610 | 177k | } |
5611 | | |
5612 | | static void MissingRequired(TIFF *tif, const char *tagname) |
5613 | 9.41k | { |
5614 | 9.41k | static const char module[] = "MissingRequired"; |
5615 | | |
5616 | 9.41k | TIFFErrorExtR(tif, module, |
5617 | 9.41k | "TIFF directory is missing required \"%s\" field", tagname); |
5618 | 9.41k | } |
5619 | | |
5620 | | static unsigned long hashFuncOffsetToNumber(const void *elt) |
5621 | 7.06M | { |
5622 | 7.06M | const TIFFOffsetAndDirNumber *offsetAndDirNumber = |
5623 | 7.06M | (const TIFFOffsetAndDirNumber *)elt; |
5624 | 7.06M | const uint32_t hash = (uint32_t)(offsetAndDirNumber->offset >> 32) ^ |
5625 | 7.06M | ((uint32_t)offsetAndDirNumber->offset & 0xFFFFFFFFU); |
5626 | 7.06M | return hash; |
5627 | 7.06M | } |
5628 | | |
5629 | | static bool equalFuncOffsetToNumber(const void *elt1, const void *elt2) |
5630 | 2.28M | { |
5631 | 2.28M | const TIFFOffsetAndDirNumber *offsetAndDirNumber1 = |
5632 | 2.28M | (const TIFFOffsetAndDirNumber *)elt1; |
5633 | 2.28M | const TIFFOffsetAndDirNumber *offsetAndDirNumber2 = |
5634 | 2.28M | (const TIFFOffsetAndDirNumber *)elt2; |
5635 | 2.28M | return offsetAndDirNumber1->offset == offsetAndDirNumber2->offset; |
5636 | 2.28M | } |
5637 | | |
5638 | | static unsigned long hashFuncNumberToOffset(const void *elt) |
5639 | 5.78M | { |
5640 | 5.78M | const TIFFOffsetAndDirNumber *offsetAndDirNumber = |
5641 | 5.78M | (const TIFFOffsetAndDirNumber *)elt; |
5642 | 5.78M | return offsetAndDirNumber->dirNumber; |
5643 | 5.78M | } |
5644 | | |
5645 | | static bool equalFuncNumberToOffset(const void *elt1, const void *elt2) |
5646 | 1.30M | { |
5647 | 1.30M | const TIFFOffsetAndDirNumber *offsetAndDirNumber1 = |
5648 | 1.30M | (const TIFFOffsetAndDirNumber *)elt1; |
5649 | 1.30M | const TIFFOffsetAndDirNumber *offsetAndDirNumber2 = |
5650 | 1.30M | (const TIFFOffsetAndDirNumber *)elt2; |
5651 | 1.30M | return offsetAndDirNumber1->dirNumber == offsetAndDirNumber2->dirNumber; |
5652 | 1.30M | } |
5653 | | |
5654 | | /* |
5655 | | * Check the directory number and offset against the list of already seen |
5656 | | * directory numbers and offsets. This is a trick to prevent IFD looping. |
5657 | | * The one can create TIFF file with looped directory pointers. We will |
5658 | | * maintain a list of already seen directories and check every IFD offset |
5659 | | * and its IFD number against that list. However, the offset of an IFD number |
5660 | | * can change - e.g. when writing updates to file. |
5661 | | * Returns 1 if all is ok; 0 if last directory or IFD loop is encountered, |
5662 | | * or an error has occurred. |
5663 | | */ |
5664 | | int _TIFFCheckDirNumberAndOffset(TIFF *tif, tdir_t dirn, uint64_t diroff) |
5665 | 2.85M | { |
5666 | 2.85M | if (diroff == 0) /* no more directories */ |
5667 | 0 | return 0; |
5668 | | |
5669 | 2.85M | if (tif->tif_map_dir_offset_to_number == NULL) |
5670 | 962k | { |
5671 | 962k | tif->tif_map_dir_offset_to_number = TIFFHashSetNew( |
5672 | 962k | hashFuncOffsetToNumber, equalFuncOffsetToNumber, free); |
5673 | 962k | if (tif->tif_map_dir_offset_to_number == NULL) |
5674 | 0 | { |
5675 | 0 | TIFFErrorExtR(tif, "_TIFFCheckDirNumberAndOffset", |
5676 | 0 | "Not enough memory"); |
5677 | 0 | return 1; |
5678 | 0 | } |
5679 | 962k | } |
5680 | | |
5681 | 2.85M | if (tif->tif_map_dir_number_to_offset == NULL) |
5682 | 962k | { |
5683 | | /* No free callback for this map, as it shares the same items as |
5684 | | * tif->tif_map_dir_offset_to_number. */ |
5685 | 962k | tif->tif_map_dir_number_to_offset = TIFFHashSetNew( |
5686 | 962k | hashFuncNumberToOffset, equalFuncNumberToOffset, NULL); |
5687 | 962k | if (tif->tif_map_dir_number_to_offset == NULL) |
5688 | 0 | { |
5689 | 0 | TIFFErrorExtR(tif, "_TIFFCheckDirNumberAndOffset", |
5690 | 0 | "Not enough memory"); |
5691 | 0 | return 1; |
5692 | 0 | } |
5693 | 962k | } |
5694 | | |
5695 | | /* Check if offset is already in the list: |
5696 | | * - yes: check, if offset is at the same IFD number - if not, it is an IFD |
5697 | | * loop |
5698 | | * - no: add to list or update offset at that IFD number |
5699 | | */ |
5700 | 2.85M | TIFFOffsetAndDirNumber entry; |
5701 | 2.85M | entry.offset = diroff; |
5702 | 2.85M | entry.dirNumber = dirn; |
5703 | | |
5704 | 2.85M | TIFFOffsetAndDirNumber *foundEntry = |
5705 | 2.85M | (TIFFOffsetAndDirNumber *)TIFFHashSetLookup( |
5706 | 2.85M | tif->tif_map_dir_offset_to_number, &entry); |
5707 | 2.85M | if (foundEntry) |
5708 | 1.32M | { |
5709 | 1.32M | if (foundEntry->dirNumber == dirn) |
5710 | 1.32M | { |
5711 | 1.32M | return 1; |
5712 | 1.32M | } |
5713 | 7.12k | else |
5714 | 7.12k | { |
5715 | 7.12k | TIFFWarningExtR(tif, "_TIFFCheckDirNumberAndOffset", |
5716 | 7.12k | "TIFF directory %d has IFD looping to directory %u " |
5717 | 7.12k | "at offset 0x%" PRIx64 " (%" PRIu64 ")", |
5718 | 7.12k | (int)dirn - 1, foundEntry->dirNumber, diroff, |
5719 | 7.12k | diroff); |
5720 | 7.12k | return 0; |
5721 | 7.12k | } |
5722 | 1.32M | } |
5723 | | |
5724 | | /* Check if offset of an IFD has been changed and update offset of that IFD |
5725 | | * number. */ |
5726 | 1.52M | foundEntry = (TIFFOffsetAndDirNumber *)TIFFHashSetLookup( |
5727 | 1.52M | tif->tif_map_dir_number_to_offset, &entry); |
5728 | 1.52M | if (foundEntry) |
5729 | 97.1k | { |
5730 | 97.1k | if (foundEntry->offset != diroff) |
5731 | 97.1k | { |
5732 | 97.1k | TIFFOffsetAndDirNumber entryOld; |
5733 | 97.1k | entryOld.offset = foundEntry->offset; |
5734 | 97.1k | entryOld.dirNumber = dirn; |
5735 | | /* We must remove first from tif_map_dir_number_to_offset as the */ |
5736 | | /* entry is owned (and thus freed) by */ |
5737 | | /* tif_map_dir_offset_to_number */ |
5738 | 97.1k | TIFFOffsetAndDirNumber *foundEntryOld = |
5739 | 97.1k | (TIFFOffsetAndDirNumber *)TIFFHashSetLookup( |
5740 | 97.1k | tif->tif_map_dir_number_to_offset, &entryOld); |
5741 | 97.1k | if (foundEntryOld) |
5742 | 97.1k | { |
5743 | 97.1k | TIFFHashSetRemove(tif->tif_map_dir_number_to_offset, |
5744 | 97.1k | foundEntryOld); |
5745 | 97.1k | } |
5746 | 97.1k | foundEntryOld = (TIFFOffsetAndDirNumber *)TIFFHashSetLookup( |
5747 | 97.1k | tif->tif_map_dir_offset_to_number, &entryOld); |
5748 | 97.1k | if (foundEntryOld) |
5749 | 97.1k | { |
5750 | 97.1k | TIFFHashSetRemove(tif->tif_map_dir_offset_to_number, |
5751 | 97.1k | foundEntryOld); |
5752 | 97.1k | } |
5753 | | |
5754 | 97.1k | TIFFOffsetAndDirNumber *entryPtr = (TIFFOffsetAndDirNumber *)malloc( |
5755 | 97.1k | sizeof(TIFFOffsetAndDirNumber)); |
5756 | 97.1k | if (entryPtr == NULL) |
5757 | 0 | { |
5758 | 0 | return 0; |
5759 | 0 | } |
5760 | | |
5761 | | /* Add IFD offset and dirn to IFD directory list */ |
5762 | 97.1k | *entryPtr = entry; |
5763 | | |
5764 | 97.1k | if (!TIFFHashSetInsert(tif->tif_map_dir_offset_to_number, entryPtr)) |
5765 | 0 | { |
5766 | 0 | TIFFErrorExtR( |
5767 | 0 | tif, "_TIFFCheckDirNumberAndOffset", |
5768 | 0 | "Insertion in tif_map_dir_offset_to_number failed"); |
5769 | 0 | return 0; |
5770 | 0 | } |
5771 | 97.1k | if (!TIFFHashSetInsert(tif->tif_map_dir_number_to_offset, entryPtr)) |
5772 | 0 | { |
5773 | 0 | TIFFErrorExtR( |
5774 | 0 | tif, "_TIFFCheckDirNumberAndOffset", |
5775 | 0 | "Insertion in tif_map_dir_number_to_offset failed"); |
5776 | 0 | return 0; |
5777 | 0 | } |
5778 | 97.1k | } |
5779 | 97.1k | return 1; |
5780 | 97.1k | } |
5781 | | |
5782 | | /* Arbitrary (hopefully big enough) limit */ |
5783 | 1.42M | if (TIFFHashSetSize(tif->tif_map_dir_offset_to_number) >= |
5784 | 1.42M | TIFF_MAX_DIR_COUNT) |
5785 | 0 | { |
5786 | 0 | TIFFErrorExtR(tif, "_TIFFCheckDirNumberAndOffset", |
5787 | 0 | "Cannot handle more than %u TIFF directories", |
5788 | 0 | TIFF_MAX_DIR_COUNT); |
5789 | 0 | return 0; |
5790 | 0 | } |
5791 | | |
5792 | 1.42M | TIFFOffsetAndDirNumber *entryPtr = |
5793 | 1.42M | (TIFFOffsetAndDirNumber *)malloc(sizeof(TIFFOffsetAndDirNumber)); |
5794 | 1.42M | if (entryPtr == NULL) |
5795 | 0 | { |
5796 | 0 | TIFFErrorExtR(tif, "_TIFFCheckDirNumberAndOffset", |
5797 | 0 | "malloc(sizeof(TIFFOffsetAndDirNumber)) failed"); |
5798 | 0 | return 0; |
5799 | 0 | } |
5800 | | |
5801 | | /* Add IFD offset and dirn to IFD directory list */ |
5802 | 1.42M | *entryPtr = entry; |
5803 | | |
5804 | 1.42M | if (!TIFFHashSetInsert(tif->tif_map_dir_offset_to_number, entryPtr)) |
5805 | 0 | { |
5806 | 0 | TIFFErrorExtR(tif, "_TIFFCheckDirNumberAndOffset", |
5807 | 0 | "Insertion in tif_map_dir_offset_to_number failed"); |
5808 | 0 | return 0; |
5809 | 0 | } |
5810 | 1.42M | if (!TIFFHashSetInsert(tif->tif_map_dir_number_to_offset, entryPtr)) |
5811 | 0 | { |
5812 | 0 | TIFFErrorExtR(tif, "_TIFFCheckDirNumberAndOffset", |
5813 | 0 | "Insertion in tif_map_dir_number_to_offset failed"); |
5814 | 0 | return 0; |
5815 | 0 | } |
5816 | | |
5817 | 1.42M | return 1; |
5818 | 1.42M | } /* --- _TIFFCheckDirNumberAndOffset() ---*/ |
5819 | | |
5820 | | /* |
5821 | | * Retrieve the matching IFD directory number of a given IFD offset |
5822 | | * from the list of directories already seen. |
5823 | | * Returns 1 if the offset was in the list and the directory number |
5824 | | * can be returned. |
5825 | | * Otherwise returns 0 or if an error occurred. |
5826 | | */ |
5827 | | int _TIFFGetDirNumberFromOffset(TIFF *tif, uint64_t diroff, tdir_t *dirn) |
5828 | 402k | { |
5829 | 402k | if (diroff == 0) /* no more directories */ |
5830 | 0 | return 0; |
5831 | | |
5832 | | /* Check if offset is already in the list and return matching directory |
5833 | | * number. Otherwise update IFD list using TIFFNumberOfDirectories() and |
5834 | | * search again in IFD list. |
5835 | | */ |
5836 | 402k | if (tif->tif_map_dir_offset_to_number == NULL) |
5837 | 0 | return 0; |
5838 | 402k | TIFFOffsetAndDirNumber entry; |
5839 | 402k | entry.offset = diroff; |
5840 | 402k | entry.dirNumber = 0; /* not used */ |
5841 | | |
5842 | 402k | TIFFOffsetAndDirNumber *foundEntry = |
5843 | 402k | (TIFFOffsetAndDirNumber *)TIFFHashSetLookup( |
5844 | 402k | tif->tif_map_dir_offset_to_number, &entry); |
5845 | 402k | if (foundEntry) |
5846 | 248k | { |
5847 | 248k | *dirn = foundEntry->dirNumber; |
5848 | 248k | return 1; |
5849 | 248k | } |
5850 | | |
5851 | | /* This updates the directory list for all main-IFDs in the file. */ |
5852 | 154k | TIFFNumberOfDirectories(tif); |
5853 | | |
5854 | 154k | foundEntry = (TIFFOffsetAndDirNumber *)TIFFHashSetLookup( |
5855 | 154k | tif->tif_map_dir_offset_to_number, &entry); |
5856 | 154k | if (foundEntry) |
5857 | 76.9k | { |
5858 | 76.9k | *dirn = foundEntry->dirNumber; |
5859 | 76.9k | return 1; |
5860 | 76.9k | } |
5861 | | |
5862 | 77.3k | return 0; |
5863 | 154k | } /*--- _TIFFGetDirNumberFromOffset() ---*/ |
5864 | | |
5865 | | /* |
5866 | | * Retrieve the matching IFD directory offset of a given IFD number |
5867 | | * from the list of directories already seen. |
5868 | | * Returns 1 if the offset was in the list of already seen IFDs and the |
5869 | | * directory offset can be returned. The directory list is not updated. |
5870 | | * Otherwise returns 0 or if an error occurred. |
5871 | | */ |
5872 | | int _TIFFGetOffsetFromDirNumber(TIFF *tif, tdir_t dirn, uint64_t *diroff) |
5873 | 608k | { |
5874 | | |
5875 | 608k | if (tif->tif_map_dir_number_to_offset == NULL) |
5876 | 0 | return 0; |
5877 | 608k | TIFFOffsetAndDirNumber entry; |
5878 | 608k | entry.offset = 0; /* not used */ |
5879 | 608k | entry.dirNumber = dirn; |
5880 | | |
5881 | 608k | TIFFOffsetAndDirNumber *foundEntry = |
5882 | 608k | (TIFFOffsetAndDirNumber *)TIFFHashSetLookup( |
5883 | 608k | tif->tif_map_dir_number_to_offset, &entry); |
5884 | 608k | if (foundEntry) |
5885 | 608k | { |
5886 | 608k | *diroff = foundEntry->offset; |
5887 | 608k | return 1; |
5888 | 608k | } |
5889 | | |
5890 | 0 | return 0; |
5891 | 608k | } /*--- _TIFFGetOffsetFromDirNumber() ---*/ |
5892 | | |
5893 | | /* |
5894 | | * Remove an entry from the directory list of already seen directories |
5895 | | * by directory offset. |
5896 | | * If an entry is to be removed from the list, it is also okay if the entry |
5897 | | * is not in the list or the list does not exist. |
5898 | | */ |
5899 | | int _TIFFRemoveEntryFromDirectoryListByOffset(TIFF *tif, uint64_t diroff) |
5900 | 203k | { |
5901 | 203k | if (tif->tif_map_dir_offset_to_number == NULL) |
5902 | 0 | return 1; |
5903 | | |
5904 | 203k | TIFFOffsetAndDirNumber entryOld; |
5905 | 203k | entryOld.offset = diroff; |
5906 | 203k | entryOld.dirNumber = 0; |
5907 | | /* We must remove first from tif_map_dir_number_to_offset as the |
5908 | | * entry is owned (and thus freed) by tif_map_dir_offset_to_number. |
5909 | | * However, we need firstly to find the directory number from offset. */ |
5910 | | |
5911 | 203k | TIFFOffsetAndDirNumber *foundEntryOldOff = |
5912 | 203k | (TIFFOffsetAndDirNumber *)TIFFHashSetLookup( |
5913 | 203k | tif->tif_map_dir_offset_to_number, &entryOld); |
5914 | 203k | if (foundEntryOldOff) |
5915 | 203k | { |
5916 | 203k | entryOld.dirNumber = foundEntryOldOff->dirNumber; |
5917 | 203k | if (tif->tif_map_dir_number_to_offset != NULL) |
5918 | 203k | { |
5919 | 203k | TIFFOffsetAndDirNumber *foundEntryOldDir = |
5920 | 203k | (TIFFOffsetAndDirNumber *)TIFFHashSetLookup( |
5921 | 203k | tif->tif_map_dir_number_to_offset, &entryOld); |
5922 | 203k | if (foundEntryOldDir) |
5923 | 203k | { |
5924 | 203k | TIFFHashSetRemove(tif->tif_map_dir_number_to_offset, |
5925 | 203k | foundEntryOldDir); |
5926 | 203k | TIFFHashSetRemove(tif->tif_map_dir_offset_to_number, |
5927 | 203k | foundEntryOldOff); |
5928 | 203k | return 1; |
5929 | 203k | } |
5930 | 203k | } |
5931 | 0 | else |
5932 | 0 | { |
5933 | 0 | TIFFErrorExtR(tif, "_TIFFRemoveEntryFromDirectoryListByOffset", |
5934 | 0 | "Unexpectedly tif_map_dir_number_to_offset is " |
5935 | 0 | "missing but tif_map_dir_offset_to_number exists."); |
5936 | 0 | return 0; |
5937 | 0 | } |
5938 | 203k | } |
5939 | 0 | return 1; |
5940 | 203k | } /*--- _TIFFRemoveEntryFromDirectoryListByOffset() ---*/ |
5941 | | |
5942 | | /* |
5943 | | * Check the count field of a directory entry against a known value. The |
5944 | | * caller is expected to skip/ignore the tag if there is a mismatch. |
5945 | | */ |
5946 | | static int CheckDirCount(TIFF *tif, TIFFDirEntry *dir, uint32_t count) |
5947 | 0 | { |
5948 | 0 | if ((uint64_t)count > dir->tdir_count) |
5949 | 0 | { |
5950 | 0 | const TIFFField *fip = TIFFFieldWithTag(tif, dir->tdir_tag); |
5951 | 0 | TIFFWarningExtR(tif, tif->tif_name, |
5952 | 0 | "incorrect count for field \"%s\" (%" PRIu64 |
5953 | 0 | ", expecting %" PRIu32 "); tag ignored", |
5954 | 0 | fip ? fip->field_name : "unknown tagname", |
5955 | 0 | dir->tdir_count, count); |
5956 | 0 | return (0); |
5957 | 0 | } |
5958 | 0 | else if ((uint64_t)count < dir->tdir_count) |
5959 | 0 | { |
5960 | 0 | const TIFFField *fip = TIFFFieldWithTag(tif, dir->tdir_tag); |
5961 | 0 | TIFFWarningExtR(tif, tif->tif_name, |
5962 | 0 | "incorrect count for field \"%s\" (%" PRIu64 |
5963 | 0 | ", expecting %" PRIu32 "); tag trimmed", |
5964 | 0 | fip ? fip->field_name : "unknown tagname", |
5965 | 0 | dir->tdir_count, count); |
5966 | 0 | dir->tdir_count = count; |
5967 | 0 | return (1); |
5968 | 0 | } |
5969 | 0 | return (1); |
5970 | 0 | } |
5971 | | |
5972 | | /* |
5973 | | * Read IFD structure from the specified offset. If the pointer to |
5974 | | * nextdiroff variable has been specified, read it too. Function returns a |
5975 | | * number of fields in the directory or 0 if failed. |
5976 | | */ |
5977 | | static uint16_t TIFFFetchDirectory(TIFF *tif, uint64_t diroff, |
5978 | | TIFFDirEntry **pdir, uint64_t *nextdiroff) |
5979 | 1.36M | { |
5980 | 1.36M | static const char module[] = "TIFFFetchDirectory"; |
5981 | | |
5982 | 1.36M | void *origdir; |
5983 | 1.36M | uint16_t dircount16; |
5984 | 1.36M | uint32_t dirsize; |
5985 | 1.36M | TIFFDirEntry *dir; |
5986 | 1.36M | uint8_t *ma; |
5987 | 1.36M | TIFFDirEntry *mb; |
5988 | 1.36M | uint16_t n; |
5989 | | |
5990 | 1.36M | assert(pdir); |
5991 | | |
5992 | 1.36M | tif->tif_diroff = diroff; |
5993 | 1.36M | if (nextdiroff) |
5994 | 1.36M | *nextdiroff = 0; |
5995 | 1.36M | if (!isMapped(tif)) |
5996 | 1.12M | { |
5997 | 1.12M | if (!SeekOK(tif, tif->tif_diroff)) |
5998 | 612 | { |
5999 | 612 | TIFFErrorExtR(tif, module, |
6000 | 612 | "%s: Seek error accessing TIFF directory", |
6001 | 612 | tif->tif_name); |
6002 | 612 | return 0; |
6003 | 612 | } |
6004 | 1.12M | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
6005 | 1.12M | { |
6006 | 1.12M | if (!ReadOK(tif, &dircount16, sizeof(uint16_t))) |
6007 | 51.9k | { |
6008 | 51.9k | TIFFErrorExtR(tif, module, |
6009 | 51.9k | "%s: Can not read TIFF directory count", |
6010 | 51.9k | tif->tif_name); |
6011 | 51.9k | return 0; |
6012 | 51.9k | } |
6013 | 1.06M | if (tif->tif_flags & TIFF_SWAB) |
6014 | 3.66k | TIFFSwabShort(&dircount16); |
6015 | 1.06M | if (dircount16 > 4096) |
6016 | 6.75k | { |
6017 | 6.75k | TIFFErrorExtR(tif, module, |
6018 | 6.75k | "Sanity check on directory count failed, this is " |
6019 | 6.75k | "probably not a valid IFD offset"); |
6020 | 6.75k | return 0; |
6021 | 6.75k | } |
6022 | 1.06M | dirsize = 12; |
6023 | 1.06M | } |
6024 | 3.77k | else |
6025 | 3.77k | { |
6026 | 3.77k | uint64_t dircount64; |
6027 | 3.77k | if (!ReadOK(tif, &dircount64, sizeof(uint64_t))) |
6028 | 378 | { |
6029 | 378 | TIFFErrorExtR(tif, module, |
6030 | 378 | "%s: Can not read TIFF directory count", |
6031 | 378 | tif->tif_name); |
6032 | 378 | return 0; |
6033 | 378 | } |
6034 | 3.39k | if (tif->tif_flags & TIFF_SWAB) |
6035 | 534 | TIFFSwabLong8(&dircount64); |
6036 | 3.39k | if (dircount64 > 4096) |
6037 | 310 | { |
6038 | 310 | TIFFErrorExtR(tif, module, |
6039 | 310 | "Sanity check on directory count failed, this is " |
6040 | 310 | "probably not a valid IFD offset"); |
6041 | 310 | return 0; |
6042 | 310 | } |
6043 | 3.08k | dircount16 = (uint16_t)dircount64; |
6044 | 3.08k | dirsize = 20; |
6045 | 3.08k | } |
6046 | 1.06M | origdir = _TIFFCheckMalloc(tif, dircount16, dirsize, |
6047 | 1.06M | "to read TIFF directory"); |
6048 | 1.06M | if (origdir == NULL) |
6049 | 1.10k | return 0; |
6050 | 1.06M | if (!ReadOK(tif, origdir, (tmsize_t)(dircount16 * dirsize))) |
6051 | 2.17k | { |
6052 | 2.17k | TIFFErrorExtR(tif, module, "%.100s: Can not read TIFF directory", |
6053 | 2.17k | tif->tif_name); |
6054 | 2.17k | _TIFFfreeExt(tif, origdir); |
6055 | 2.17k | return 0; |
6056 | 2.17k | } |
6057 | | /* |
6058 | | * Read offset to next directory for sequential scans if |
6059 | | * needed. |
6060 | | */ |
6061 | 1.06M | if (nextdiroff) |
6062 | 1.06M | { |
6063 | 1.06M | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
6064 | 1.05M | { |
6065 | 1.05M | uint32_t nextdiroff32; |
6066 | 1.05M | if (!ReadOK(tif, &nextdiroff32, sizeof(uint32_t))) |
6067 | 30.0k | nextdiroff32 = 0; |
6068 | 1.05M | if (tif->tif_flags & TIFF_SWAB) |
6069 | 3.52k | TIFFSwabLong(&nextdiroff32); |
6070 | 1.05M | *nextdiroff = nextdiroff32; |
6071 | 1.05M | } |
6072 | 2.95k | else |
6073 | 2.95k | { |
6074 | 2.95k | if (!ReadOK(tif, nextdiroff, sizeof(uint64_t))) |
6075 | 841 | *nextdiroff = 0; |
6076 | 2.95k | if (tif->tif_flags & TIFF_SWAB) |
6077 | 479 | TIFFSwabLong8(nextdiroff); |
6078 | 2.95k | } |
6079 | 1.06M | } |
6080 | 1.06M | } |
6081 | 240k | else |
6082 | 240k | { |
6083 | 240k | tmsize_t m; |
6084 | 240k | tmsize_t off; |
6085 | 240k | if (tif->tif_diroff > (uint64_t)INT64_MAX) |
6086 | 225 | { |
6087 | 225 | TIFFErrorExtR(tif, module, "Can not read TIFF directory count"); |
6088 | 225 | return (0); |
6089 | 225 | } |
6090 | 239k | off = (tmsize_t)tif->tif_diroff; |
6091 | | |
6092 | | /* |
6093 | | * Check for integer overflow when validating the dir_off, |
6094 | | * otherwise a very high offset may cause an OOB read and |
6095 | | * crash the client. Make two comparisons instead of |
6096 | | * |
6097 | | * off + sizeof(uint16_t) > tif->tif_size |
6098 | | * |
6099 | | * to avoid overflow. |
6100 | | */ |
6101 | 239k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
6102 | 237k | { |
6103 | 237k | m = off + sizeof(uint16_t); |
6104 | 237k | if ((m < off) || (m < (tmsize_t)sizeof(uint16_t)) || |
6105 | 237k | (m > tif->tif_size)) |
6106 | 14.6k | { |
6107 | 14.6k | TIFFErrorExtR(tif, module, "Can not read TIFF directory count"); |
6108 | 14.6k | return 0; |
6109 | 14.6k | } |
6110 | 223k | else |
6111 | 223k | { |
6112 | 223k | _TIFFmemcpy(&dircount16, tif->tif_base + off, sizeof(uint16_t)); |
6113 | 223k | } |
6114 | 223k | off += sizeof(uint16_t); |
6115 | 223k | if (tif->tif_flags & TIFF_SWAB) |
6116 | 2.04k | TIFFSwabShort(&dircount16); |
6117 | 223k | if (dircount16 > 4096) |
6118 | 1.02k | { |
6119 | 1.02k | TIFFErrorExtR(tif, module, |
6120 | 1.02k | "Sanity check on directory count failed, this is " |
6121 | 1.02k | "probably not a valid IFD offset"); |
6122 | 1.02k | return 0; |
6123 | 1.02k | } |
6124 | 222k | dirsize = 12; |
6125 | 222k | } |
6126 | 2.18k | else |
6127 | 2.18k | { |
6128 | 2.18k | uint64_t dircount64; |
6129 | 2.18k | m = off + sizeof(uint64_t); |
6130 | 2.18k | if ((m < off) || (m < (tmsize_t)sizeof(uint64_t)) || |
6131 | 2.18k | (m > tif->tif_size)) |
6132 | 377 | { |
6133 | 377 | TIFFErrorExtR(tif, module, "Can not read TIFF directory count"); |
6134 | 377 | return 0; |
6135 | 377 | } |
6136 | 1.80k | else |
6137 | 1.80k | { |
6138 | 1.80k | _TIFFmemcpy(&dircount64, tif->tif_base + off, sizeof(uint64_t)); |
6139 | 1.80k | } |
6140 | 1.80k | off += sizeof(uint64_t); |
6141 | 1.80k | if (tif->tif_flags & TIFF_SWAB) |
6142 | 821 | TIFFSwabLong8(&dircount64); |
6143 | 1.80k | if (dircount64 > 4096) |
6144 | 120 | { |
6145 | 120 | TIFFErrorExtR(tif, module, |
6146 | 120 | "Sanity check on directory count failed, this is " |
6147 | 120 | "probably not a valid IFD offset"); |
6148 | 120 | return 0; |
6149 | 120 | } |
6150 | 1.68k | dircount16 = (uint16_t)dircount64; |
6151 | 1.68k | dirsize = 20; |
6152 | 1.68k | } |
6153 | 223k | if (dircount16 == 0) |
6154 | 748 | { |
6155 | 748 | TIFFErrorExtR(tif, module, |
6156 | 748 | "Sanity check on directory count failed, zero tag " |
6157 | 748 | "directories not supported"); |
6158 | 748 | return 0; |
6159 | 748 | } |
6160 | | /* Before allocating a huge amount of memory for corrupted files, check |
6161 | | * if size of requested memory is not greater than file size. */ |
6162 | 223k | uint64_t filesize = TIFFGetFileSize(tif); |
6163 | 223k | uint64_t allocsize = (uint64_t)dircount16 * dirsize; |
6164 | 223k | if (allocsize > filesize) |
6165 | 639 | { |
6166 | 639 | TIFFWarningExtR( |
6167 | 639 | tif, module, |
6168 | 639 | "Requested memory size for TIFF directory of %" PRIu64 |
6169 | 639 | " is greater than filesize %" PRIu64 |
6170 | 639 | ". Memory not allocated, TIFF directory not read", |
6171 | 639 | allocsize, filesize); |
6172 | 639 | return 0; |
6173 | 639 | } |
6174 | 222k | origdir = _TIFFCheckMalloc(tif, dircount16, dirsize, |
6175 | 222k | "to read TIFF directory"); |
6176 | 222k | if (origdir == NULL) |
6177 | 0 | return 0; |
6178 | 222k | m = off + dircount16 * dirsize; |
6179 | 222k | if ((m < off) || (m < (tmsize_t)(dircount16 * dirsize)) || |
6180 | 222k | (m > tif->tif_size)) |
6181 | 101 | { |
6182 | 101 | TIFFErrorExtR(tif, module, "Can not read TIFF directory"); |
6183 | 101 | _TIFFfreeExt(tif, origdir); |
6184 | 101 | return 0; |
6185 | 101 | } |
6186 | 222k | else |
6187 | 222k | { |
6188 | 222k | _TIFFmemcpy(origdir, tif->tif_base + off, dircount16 * dirsize); |
6189 | 222k | } |
6190 | 222k | if (nextdiroff) |
6191 | 222k | { |
6192 | 222k | off += dircount16 * dirsize; |
6193 | 222k | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
6194 | 220k | { |
6195 | 220k | uint32_t nextdiroff32; |
6196 | 220k | m = off + sizeof(uint32_t); |
6197 | 220k | if ((m < off) || (m < (tmsize_t)sizeof(uint32_t)) || |
6198 | 220k | (m > tif->tif_size)) |
6199 | 16.1k | nextdiroff32 = 0; |
6200 | 204k | else |
6201 | 204k | _TIFFmemcpy(&nextdiroff32, tif->tif_base + off, |
6202 | 204k | sizeof(uint32_t)); |
6203 | 220k | if (tif->tif_flags & TIFF_SWAB) |
6204 | 1.98k | TIFFSwabLong(&nextdiroff32); |
6205 | 220k | *nextdiroff = nextdiroff32; |
6206 | 220k | } |
6207 | 1.67k | else |
6208 | 1.67k | { |
6209 | 1.67k | m = off + sizeof(uint64_t); |
6210 | 1.67k | if ((m < off) || (m < (tmsize_t)sizeof(uint64_t)) || |
6211 | 1.67k | (m > tif->tif_size)) |
6212 | 704 | *nextdiroff = 0; |
6213 | 968 | else |
6214 | 968 | _TIFFmemcpy(nextdiroff, tif->tif_base + off, |
6215 | 968 | sizeof(uint64_t)); |
6216 | 1.67k | if (tif->tif_flags & TIFF_SWAB) |
6217 | 771 | TIFFSwabLong8(nextdiroff); |
6218 | 1.67k | } |
6219 | 222k | } |
6220 | 222k | } |
6221 | | /* No check against filesize needed here because "dir" should have same size |
6222 | | * than "origdir" checked above. */ |
6223 | 1.28M | dir = (TIFFDirEntry *)_TIFFCheckMalloc( |
6224 | 1.28M | tif, dircount16, sizeof(TIFFDirEntry), "to read TIFF directory"); |
6225 | 1.28M | if (dir == 0) |
6226 | 0 | { |
6227 | 0 | _TIFFfreeExt(tif, origdir); |
6228 | 0 | return 0; |
6229 | 0 | } |
6230 | 1.28M | ma = (uint8_t *)origdir; |
6231 | 1.28M | mb = dir; |
6232 | 90.4M | for (n = 0; n < dircount16; n++) |
6233 | 89.1M | { |
6234 | 89.1M | mb->tdir_ignore = FALSE; |
6235 | 89.1M | if (tif->tif_flags & TIFF_SWAB) |
6236 | 330k | TIFFSwabShort((uint16_t *)ma); |
6237 | 89.1M | mb->tdir_tag = *(uint16_t *)ma; |
6238 | 89.1M | ma += sizeof(uint16_t); |
6239 | 89.1M | if (tif->tif_flags & TIFF_SWAB) |
6240 | 330k | TIFFSwabShort((uint16_t *)ma); |
6241 | 89.1M | mb->tdir_type = *(uint16_t *)ma; |
6242 | 89.1M | ma += sizeof(uint16_t); |
6243 | 89.1M | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
6244 | 89.0M | { |
6245 | 89.0M | if (tif->tif_flags & TIFF_SWAB) |
6246 | 315k | TIFFSwabLong((uint32_t *)ma); |
6247 | 89.0M | mb->tdir_count = (uint64_t)(*(uint32_t *)ma); |
6248 | 89.0M | ma += sizeof(uint32_t); |
6249 | 89.0M | mb->tdir_offset.toff_long8 = 0; |
6250 | 89.0M | *(uint32_t *)(&mb->tdir_offset) = *(uint32_t *)ma; |
6251 | 89.0M | ma += sizeof(uint32_t); |
6252 | 89.0M | } |
6253 | 137k | else |
6254 | 137k | { |
6255 | 137k | if (tif->tif_flags & TIFF_SWAB) |
6256 | 15.1k | TIFFSwabLong8((uint64_t *)ma); |
6257 | 137k | mb->tdir_count = TIFFReadUInt64(ma); |
6258 | 137k | ma += sizeof(uint64_t); |
6259 | 137k | mb->tdir_offset.toff_long8 = TIFFReadUInt64(ma); |
6260 | 137k | ma += sizeof(uint64_t); |
6261 | 137k | } |
6262 | 89.1M | mb++; |
6263 | 89.1M | } |
6264 | 1.28M | _TIFFfreeExt(tif, origdir); |
6265 | 1.28M | *pdir = dir; |
6266 | 1.28M | return dircount16; |
6267 | 1.28M | } |
6268 | | |
6269 | | /* |
6270 | | * Fetch a tag that is not handled by special case code. |
6271 | | */ |
6272 | | static int TIFFFetchNormalTag(TIFF *tif, TIFFDirEntry *dp, int recover) |
6273 | 36.1M | { |
6274 | 36.1M | static const char module[] = "TIFFFetchNormalTag"; |
6275 | 36.1M | enum TIFFReadDirEntryErr err; |
6276 | 36.1M | uint32_t fii; |
6277 | 36.1M | const TIFFField *fip = NULL; |
6278 | 36.1M | TIFFReadDirectoryFindFieldInfo(tif, dp->tdir_tag, &fii); |
6279 | 36.1M | if (fii == FAILED_FII) |
6280 | 0 | { |
6281 | 0 | TIFFErrorExtR(tif, "TIFFFetchNormalTag", |
6282 | 0 | "No definition found for tag %" PRIu16, dp->tdir_tag); |
6283 | 0 | return 0; |
6284 | 0 | } |
6285 | 36.1M | fip = tif->tif_fields[fii]; |
6286 | 36.1M | assert(fip != NULL); /* should not happen */ |
6287 | 36.1M | assert(fip->set_get_field_type != |
6288 | 36.1M | TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with |
6289 | | this in specialized code */ |
6290 | 36.1M | assert(fip->set_get_field_type != |
6291 | 36.1M | TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only |
6292 | | the case for pseudo-tags */ |
6293 | 36.1M | err = TIFFReadDirEntryErrOk; |
6294 | 36.1M | switch (fip->set_get_field_type) |
6295 | 36.1M | { |
6296 | 26.1M | case TIFF_SETGET_UNDEFINED: |
6297 | 26.1M | TIFFErrorExtR( |
6298 | 26.1M | tif, "TIFFFetchNormalTag", |
6299 | 26.1M | "Defined set_get_field_type of custom tag %u (%s) is " |
6300 | 26.1M | "TIFF_SETGET_UNDEFINED and thus tag is not read from file", |
6301 | 26.1M | fip->field_tag, fip->field_name); |
6302 | 26.1M | break; |
6303 | 343k | case TIFF_SETGET_ASCII: |
6304 | 343k | { |
6305 | 343k | uint8_t *data; |
6306 | 343k | assert(fip->field_passcount == 0); |
6307 | 343k | err = TIFFReadDirEntryByteArray(tif, dp, &data); |
6308 | 343k | if (err == TIFFReadDirEntryErrOk) |
6309 | 202k | { |
6310 | 202k | size_t mb = 0; |
6311 | 202k | int n; |
6312 | 202k | if (data != NULL) |
6313 | 199k | { |
6314 | 199k | if (dp->tdir_count > 0 && data[dp->tdir_count - 1] == 0) |
6315 | 78.3k | { |
6316 | | /* optimization: if data is known to be 0 terminated, we |
6317 | | * can use strlen() */ |
6318 | 78.3k | mb = strlen((const char *)data); |
6319 | 78.3k | } |
6320 | 121k | else |
6321 | 121k | { |
6322 | | /* general case. equivalent to non-portable */ |
6323 | | /* mb = strnlen((const char*)data, |
6324 | | * (uint32_t)dp->tdir_count); */ |
6325 | 121k | uint8_t *ma = data; |
6326 | 13.1M | while (mb < (uint32_t)dp->tdir_count) |
6327 | 13.1M | { |
6328 | 13.1M | if (*ma == 0) |
6329 | 71.3k | break; |
6330 | 13.0M | ma++; |
6331 | 13.0M | mb++; |
6332 | 13.0M | } |
6333 | 121k | } |
6334 | 199k | } |
6335 | 202k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6336 | 0 | { |
6337 | 0 | if (data != NULL) |
6338 | 0 | _TIFFfreeExt(tif, data); |
6339 | 0 | return (0); |
6340 | 0 | } |
6341 | 202k | if (mb + 1 < (uint32_t)dp->tdir_count) |
6342 | 125k | TIFFWarningExtR( |
6343 | 125k | tif, module, |
6344 | 125k | "ASCII value for tag \"%s\" contains null byte in " |
6345 | 125k | "value; value incorrectly truncated during reading due " |
6346 | 125k | "to implementation limitations", |
6347 | 125k | fip->field_name); |
6348 | 76.7k | else if (mb + 1 > (uint32_t)dp->tdir_count) |
6349 | 52.9k | { |
6350 | 52.9k | TIFFWarningExtR(tif, module, |
6351 | 52.9k | "ASCII value for tag \"%s\" does not end " |
6352 | 52.9k | "in null byte. Forcing it to be null", |
6353 | 52.9k | fip->field_name); |
6354 | | /* TIFFReadDirEntryArrayWithLimit() ensures this can't be |
6355 | | * larger than MAX_SIZE_TAG_DATA */ |
6356 | 52.9k | assert((uint32_t)dp->tdir_count + 1 == dp->tdir_count + 1); |
6357 | 52.9k | uint8_t *o = |
6358 | 52.9k | _TIFFmallocExt(tif, (uint32_t)dp->tdir_count + 1); |
6359 | 52.9k | if (o == NULL) |
6360 | 0 | { |
6361 | 0 | if (data != NULL) |
6362 | 0 | _TIFFfreeExt(tif, data); |
6363 | 0 | return (0); |
6364 | 0 | } |
6365 | 52.9k | if (dp->tdir_count > 0) |
6366 | 50.2k | { |
6367 | 50.2k | _TIFFmemcpy(o, data, (uint32_t)dp->tdir_count); |
6368 | 50.2k | } |
6369 | 52.9k | o[(uint32_t)dp->tdir_count] = 0; |
6370 | 52.9k | if (data != 0) |
6371 | 50.2k | _TIFFfreeExt(tif, data); |
6372 | 52.9k | data = o; |
6373 | 52.9k | } |
6374 | 202k | n = TIFFSetField(tif, dp->tdir_tag, data); |
6375 | 202k | if (data != 0) |
6376 | 202k | _TIFFfreeExt(tif, data); |
6377 | 202k | if (!n) |
6378 | 0 | return (0); |
6379 | 202k | } |
6380 | 343k | } |
6381 | 343k | break; |
6382 | 343k | case TIFF_SETGET_UINT8: |
6383 | 14.0k | { |
6384 | 14.0k | uint8_t data = 0; |
6385 | 14.0k | assert(fip->field_readcount == 1); |
6386 | 14.0k | assert(fip->field_passcount == 0); |
6387 | 14.0k | err = TIFFReadDirEntryByte(tif, dp, &data); |
6388 | 14.0k | if (err == TIFFReadDirEntryErrOk) |
6389 | 2.75k | { |
6390 | 2.75k | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6391 | 0 | return (0); |
6392 | 2.75k | } |
6393 | 14.0k | } |
6394 | 14.0k | break; |
6395 | 14.0k | case TIFF_SETGET_SINT8: |
6396 | 0 | { |
6397 | 0 | int8_t data = 0; |
6398 | 0 | assert(fip->field_readcount == 1); |
6399 | 0 | assert(fip->field_passcount == 0); |
6400 | 0 | err = TIFFReadDirEntrySbyte(tif, dp, &data); |
6401 | 0 | if (err == TIFFReadDirEntryErrOk) |
6402 | 0 | { |
6403 | 0 | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6404 | 0 | return (0); |
6405 | 0 | } |
6406 | 0 | } |
6407 | 0 | break; |
6408 | 2.67M | case TIFF_SETGET_UINT16: |
6409 | 2.67M | { |
6410 | 2.67M | uint16_t data; |
6411 | 2.67M | assert(fip->field_readcount == 1); |
6412 | 2.67M | assert(fip->field_passcount == 0); |
6413 | 2.67M | err = TIFFReadDirEntryShort(tif, dp, &data); |
6414 | 2.67M | if (err == TIFFReadDirEntryErrOk) |
6415 | 2.45M | { |
6416 | 2.45M | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6417 | 7.04k | return (0); |
6418 | 2.45M | } |
6419 | 2.67M | } |
6420 | 2.67M | break; |
6421 | 2.67M | case TIFF_SETGET_SINT16: |
6422 | 0 | { |
6423 | 0 | int16_t data; |
6424 | 0 | assert(fip->field_readcount == 1); |
6425 | 0 | assert(fip->field_passcount == 0); |
6426 | 0 | err = TIFFReadDirEntrySshort(tif, dp, &data); |
6427 | 0 | if (err == TIFFReadDirEntryErrOk) |
6428 | 0 | { |
6429 | 0 | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6430 | 0 | return (0); |
6431 | 0 | } |
6432 | 0 | } |
6433 | 0 | break; |
6434 | 3.93M | case TIFF_SETGET_UINT32: |
6435 | 3.93M | { |
6436 | 3.93M | uint32_t data; |
6437 | 3.93M | assert(fip->field_readcount == 1); |
6438 | 3.93M | assert(fip->field_passcount == 0); |
6439 | 3.93M | err = TIFFReadDirEntryLong(tif, dp, &data); |
6440 | 3.93M | if (err == TIFFReadDirEntryErrOk) |
6441 | 3.89M | { |
6442 | 3.89M | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6443 | 54 | return (0); |
6444 | 3.89M | } |
6445 | 3.93M | } |
6446 | 3.93M | break; |
6447 | 3.93M | case TIFF_SETGET_SINT32: |
6448 | 0 | { |
6449 | 0 | int32_t data; |
6450 | 0 | assert(fip->field_readcount == 1); |
6451 | 0 | assert(fip->field_passcount == 0); |
6452 | 0 | err = TIFFReadDirEntrySlong(tif, dp, &data); |
6453 | 0 | if (err == TIFFReadDirEntryErrOk) |
6454 | 0 | { |
6455 | 0 | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6456 | 0 | return (0); |
6457 | 0 | } |
6458 | 0 | } |
6459 | 0 | break; |
6460 | 23.3k | case TIFF_SETGET_UINT64: |
6461 | 23.3k | { |
6462 | 23.3k | uint64_t data; |
6463 | 23.3k | assert(fip->field_readcount == 1); |
6464 | 23.3k | assert(fip->field_passcount == 0); |
6465 | 23.3k | err = TIFFReadDirEntryLong8(tif, dp, &data); |
6466 | 23.3k | if (err == TIFFReadDirEntryErrOk) |
6467 | 9.72k | { |
6468 | 9.72k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6469 | 0 | return 0; |
6470 | 9.72k | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6471 | 0 | return (0); |
6472 | 9.72k | } |
6473 | 23.3k | } |
6474 | 23.3k | break; |
6475 | 23.3k | case TIFF_SETGET_SINT64: |
6476 | 0 | { |
6477 | 0 | int64_t data; |
6478 | 0 | assert(fip->field_readcount == 1); |
6479 | 0 | assert(fip->field_passcount == 0); |
6480 | 0 | err = TIFFReadDirEntrySlong8(tif, dp, &data); |
6481 | 0 | if (err == TIFFReadDirEntryErrOk) |
6482 | 0 | { |
6483 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6484 | 0 | return 0; |
6485 | 0 | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6486 | 0 | return (0); |
6487 | 0 | } |
6488 | 0 | } |
6489 | 0 | break; |
6490 | 101k | case TIFF_SETGET_FLOAT: |
6491 | 101k | { |
6492 | 101k | float data; |
6493 | 101k | assert(fip->field_readcount == 1); |
6494 | 101k | assert(fip->field_passcount == 0); |
6495 | 101k | err = TIFFReadDirEntryFloat(tif, dp, &data); |
6496 | 101k | if (err == TIFFReadDirEntryErrOk) |
6497 | 50.9k | { |
6498 | 50.9k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6499 | 0 | return 0; |
6500 | 50.9k | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6501 | 2.21k | return (0); |
6502 | 50.9k | } |
6503 | 101k | } |
6504 | 98.9k | break; |
6505 | 98.9k | case TIFF_SETGET_DOUBLE: |
6506 | 6.29k | { |
6507 | 6.29k | double data; |
6508 | 6.29k | assert(fip->field_readcount == 1); |
6509 | 6.29k | assert(fip->field_passcount == 0); |
6510 | 6.29k | err = TIFFReadDirEntryDouble(tif, dp, &data); |
6511 | 6.29k | if (err == TIFFReadDirEntryErrOk) |
6512 | 3.00k | { |
6513 | 3.00k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6514 | 0 | return 0; |
6515 | 3.00k | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6516 | 0 | return (0); |
6517 | 3.00k | } |
6518 | 6.29k | } |
6519 | 6.29k | break; |
6520 | 9.87k | case TIFF_SETGET_IFD8: |
6521 | 9.87k | { |
6522 | 9.87k | uint64_t data; |
6523 | 9.87k | assert(fip->field_readcount == 1); |
6524 | 9.87k | assert(fip->field_passcount == 0); |
6525 | 9.87k | err = TIFFReadDirEntryIfd8(tif, dp, &data); |
6526 | 9.87k | if (err == TIFFReadDirEntryErrOk) |
6527 | 2.38k | { |
6528 | 2.38k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6529 | 0 | return 0; |
6530 | 2.38k | if (!TIFFSetField(tif, dp->tdir_tag, data)) |
6531 | 840 | return (0); |
6532 | 2.38k | } |
6533 | 9.87k | } |
6534 | 9.03k | break; |
6535 | 59.8k | case TIFF_SETGET_UINT16_PAIR: |
6536 | 59.8k | { |
6537 | 59.8k | uint16_t *data; |
6538 | 59.8k | assert(fip->field_readcount == 2); |
6539 | 59.8k | assert(fip->field_passcount == 0); |
6540 | 59.8k | if (dp->tdir_count != 2) |
6541 | 18.9k | { |
6542 | 18.9k | TIFFWarningExtR(tif, module, |
6543 | 18.9k | "incorrect count for field \"%s\", expected 2, " |
6544 | 18.9k | "got %" PRIu64, |
6545 | 18.9k | fip->field_name, dp->tdir_count); |
6546 | 18.9k | return (0); |
6547 | 18.9k | } |
6548 | 40.8k | err = TIFFReadDirEntryShortArray(tif, dp, &data); |
6549 | 40.8k | if (err == TIFFReadDirEntryErrOk) |
6550 | 38.4k | { |
6551 | 38.4k | int m; |
6552 | 38.4k | assert(data); /* avoid CLang static Analyzer false positive */ |
6553 | 38.4k | m = TIFFSetField(tif, dp->tdir_tag, data[0], data[1]); |
6554 | 38.4k | _TIFFfreeExt(tif, data); |
6555 | 38.4k | if (!m) |
6556 | 0 | return (0); |
6557 | 38.4k | } |
6558 | 40.8k | } |
6559 | 40.8k | break; |
6560 | 40.8k | case TIFF_SETGET_C0_UINT8: |
6561 | 4.76k | { |
6562 | 4.76k | uint8_t *data; |
6563 | 4.76k | assert(fip->field_readcount >= 1); |
6564 | 4.76k | assert(fip->field_passcount == 0); |
6565 | 4.76k | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6566 | 2.99k | { |
6567 | 2.99k | TIFFWarningExtR(tif, module, |
6568 | 2.99k | "incorrect count for field \"%s\", expected " |
6569 | 2.99k | "%d, got %" PRIu64, |
6570 | 2.99k | fip->field_name, (int)fip->field_readcount, |
6571 | 2.99k | dp->tdir_count); |
6572 | 2.99k | return (0); |
6573 | 2.99k | } |
6574 | 1.76k | else |
6575 | 1.76k | { |
6576 | 1.76k | err = TIFFReadDirEntryByteArray(tif, dp, &data); |
6577 | 1.76k | if (err == TIFFReadDirEntryErrOk) |
6578 | 913 | { |
6579 | 913 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6580 | 0 | { |
6581 | 0 | if (data != 0) |
6582 | 0 | _TIFFfreeExt(tif, data); |
6583 | 0 | return 0; |
6584 | 0 | } |
6585 | 913 | int m; |
6586 | 913 | m = TIFFSetField(tif, dp->tdir_tag, data); |
6587 | 913 | if (data != 0) |
6588 | 913 | _TIFFfreeExt(tif, data); |
6589 | 913 | if (!m) |
6590 | 0 | return (0); |
6591 | 913 | } |
6592 | 1.76k | } |
6593 | 4.76k | } |
6594 | 1.76k | break; |
6595 | 1.76k | case TIFF_SETGET_C0_SINT8: |
6596 | 0 | { |
6597 | 0 | int8_t *data; |
6598 | 0 | assert(fip->field_readcount >= 1); |
6599 | 0 | assert(fip->field_passcount == 0); |
6600 | 0 | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6601 | 0 | { |
6602 | 0 | TIFFWarningExtR(tif, module, |
6603 | 0 | "incorrect count for field \"%s\", expected " |
6604 | 0 | "%d, got %" PRIu64, |
6605 | 0 | fip->field_name, (int)fip->field_readcount, |
6606 | 0 | dp->tdir_count); |
6607 | 0 | return (0); |
6608 | 0 | } |
6609 | 0 | else |
6610 | 0 | { |
6611 | 0 | err = TIFFReadDirEntrySbyteArray(tif, dp, &data); |
6612 | 0 | if (err == TIFFReadDirEntryErrOk) |
6613 | 0 | { |
6614 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6615 | 0 | { |
6616 | 0 | if (data != 0) |
6617 | 0 | _TIFFfreeExt(tif, data); |
6618 | 0 | return 0; |
6619 | 0 | } |
6620 | 0 | int m; |
6621 | 0 | m = TIFFSetField(tif, dp->tdir_tag, data); |
6622 | 0 | if (data != 0) |
6623 | 0 | _TIFFfreeExt(tif, data); |
6624 | 0 | if (!m) |
6625 | 0 | return (0); |
6626 | 0 | } |
6627 | 0 | } |
6628 | 0 | } |
6629 | 0 | break; |
6630 | 1.55k | case TIFF_SETGET_C0_UINT16: |
6631 | 1.55k | { |
6632 | 1.55k | uint16_t *data; |
6633 | 1.55k | assert(fip->field_readcount >= 1); |
6634 | 1.55k | assert(fip->field_passcount == 0); |
6635 | 1.55k | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6636 | 948 | { |
6637 | 948 | TIFFWarningExtR(tif, module, |
6638 | 948 | "incorrect count for field \"%s\", expected " |
6639 | 948 | "%d, got %" PRIu64, |
6640 | 948 | fip->field_name, (int)fip->field_readcount, |
6641 | 948 | dp->tdir_count); |
6642 | 948 | return (0); |
6643 | 948 | } |
6644 | 604 | else |
6645 | 604 | { |
6646 | 604 | err = TIFFReadDirEntryShortArray(tif, dp, &data); |
6647 | 604 | if (err == TIFFReadDirEntryErrOk) |
6648 | 110 | { |
6649 | 110 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6650 | 0 | { |
6651 | 0 | if (data != 0) |
6652 | 0 | _TIFFfreeExt(tif, data); |
6653 | 0 | return 0; |
6654 | 0 | } |
6655 | 110 | int m; |
6656 | 110 | m = TIFFSetField(tif, dp->tdir_tag, data); |
6657 | 110 | if (data != 0) |
6658 | 110 | _TIFFfreeExt(tif, data); |
6659 | 110 | if (!m) |
6660 | 0 | return (0); |
6661 | 110 | } |
6662 | 604 | } |
6663 | 1.55k | } |
6664 | 604 | break; |
6665 | 604 | case TIFF_SETGET_C0_SINT16: |
6666 | 0 | { |
6667 | 0 | int16_t *data; |
6668 | 0 | assert(fip->field_readcount >= 1); |
6669 | 0 | assert(fip->field_passcount == 0); |
6670 | 0 | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6671 | 0 | { |
6672 | 0 | TIFFWarningExtR(tif, module, |
6673 | 0 | "incorrect count for field \"%s\", expected " |
6674 | 0 | "%d, got %" PRIu64, |
6675 | 0 | fip->field_name, (int)fip->field_readcount, |
6676 | 0 | dp->tdir_count); |
6677 | 0 | return (0); |
6678 | 0 | } |
6679 | 0 | else |
6680 | 0 | { |
6681 | 0 | err = TIFFReadDirEntrySshortArray(tif, dp, &data); |
6682 | 0 | if (err == TIFFReadDirEntryErrOk) |
6683 | 0 | { |
6684 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6685 | 0 | { |
6686 | 0 | if (data != 0) |
6687 | 0 | _TIFFfreeExt(tif, data); |
6688 | 0 | return 0; |
6689 | 0 | } |
6690 | 0 | int m; |
6691 | 0 | m = TIFFSetField(tif, dp->tdir_tag, data); |
6692 | 0 | if (data != 0) |
6693 | 0 | _TIFFfreeExt(tif, data); |
6694 | 0 | if (!m) |
6695 | 0 | return (0); |
6696 | 0 | } |
6697 | 0 | } |
6698 | 0 | } |
6699 | 0 | break; |
6700 | 2.77k | case TIFF_SETGET_C0_UINT32: |
6701 | 2.77k | { |
6702 | 2.77k | uint32_t *data; |
6703 | 2.77k | assert(fip->field_readcount >= 1); |
6704 | 2.77k | assert(fip->field_passcount == 0); |
6705 | 2.77k | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6706 | 1.49k | { |
6707 | 1.49k | TIFFWarningExtR(tif, module, |
6708 | 1.49k | "incorrect count for field \"%s\", expected " |
6709 | 1.49k | "%d, got %" PRIu64, |
6710 | 1.49k | fip->field_name, (int)fip->field_readcount, |
6711 | 1.49k | dp->tdir_count); |
6712 | 1.49k | return (0); |
6713 | 1.49k | } |
6714 | 1.27k | else |
6715 | 1.27k | { |
6716 | 1.27k | err = TIFFReadDirEntryLongArray(tif, dp, &data); |
6717 | 1.27k | if (err == TIFFReadDirEntryErrOk) |
6718 | 440 | { |
6719 | 440 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6720 | 0 | { |
6721 | 0 | if (data != 0) |
6722 | 0 | _TIFFfreeExt(tif, data); |
6723 | 0 | return 0; |
6724 | 0 | } |
6725 | 440 | int m; |
6726 | 440 | m = TIFFSetField(tif, dp->tdir_tag, data); |
6727 | 440 | if (data != 0) |
6728 | 440 | _TIFFfreeExt(tif, data); |
6729 | 440 | if (!m) |
6730 | 0 | return (0); |
6731 | 440 | } |
6732 | 1.27k | } |
6733 | 2.77k | } |
6734 | 1.27k | break; |
6735 | 1.27k | case TIFF_SETGET_C0_SINT32: |
6736 | 0 | { |
6737 | 0 | int32_t *data; |
6738 | 0 | assert(fip->field_readcount >= 1); |
6739 | 0 | assert(fip->field_passcount == 0); |
6740 | 0 | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6741 | 0 | { |
6742 | 0 | TIFFWarningExtR(tif, module, |
6743 | 0 | "incorrect count for field \"%s\", expected " |
6744 | 0 | "%d, got %" PRIu64, |
6745 | 0 | fip->field_name, (int)fip->field_readcount, |
6746 | 0 | dp->tdir_count); |
6747 | 0 | return (0); |
6748 | 0 | } |
6749 | 0 | else |
6750 | 0 | { |
6751 | 0 | err = TIFFReadDirEntrySlongArray(tif, dp, &data); |
6752 | 0 | if (err == TIFFReadDirEntryErrOk) |
6753 | 0 | { |
6754 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6755 | 0 | { |
6756 | 0 | if (data != 0) |
6757 | 0 | _TIFFfreeExt(tif, data); |
6758 | 0 | return 0; |
6759 | 0 | } |
6760 | 0 | int m; |
6761 | 0 | m = TIFFSetField(tif, dp->tdir_tag, data); |
6762 | 0 | if (data != 0) |
6763 | 0 | _TIFFfreeExt(tif, data); |
6764 | 0 | if (!m) |
6765 | 0 | return (0); |
6766 | 0 | } |
6767 | 0 | } |
6768 | 0 | } |
6769 | 0 | break; |
6770 | 0 | case TIFF_SETGET_C0_UINT64: |
6771 | 0 | { |
6772 | 0 | uint64_t *data; |
6773 | 0 | assert(fip->field_readcount >= 1); |
6774 | 0 | assert(fip->field_passcount == 0); |
6775 | 0 | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6776 | 0 | { |
6777 | 0 | TIFFWarningExtR(tif, module, |
6778 | 0 | "incorrect count for field \"%s\", expected " |
6779 | 0 | "%d, got %" PRIu64, |
6780 | 0 | fip->field_name, (int)fip->field_readcount, |
6781 | 0 | dp->tdir_count); |
6782 | 0 | return (0); |
6783 | 0 | } |
6784 | 0 | else |
6785 | 0 | { |
6786 | 0 | err = TIFFReadDirEntryLong8Array(tif, dp, &data); |
6787 | 0 | if (err == TIFFReadDirEntryErrOk) |
6788 | 0 | { |
6789 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6790 | 0 | { |
6791 | 0 | if (data != 0) |
6792 | 0 | _TIFFfreeExt(tif, data); |
6793 | 0 | return 0; |
6794 | 0 | } |
6795 | 0 | int m; |
6796 | 0 | m = TIFFSetField(tif, dp->tdir_tag, data); |
6797 | 0 | if (data != 0) |
6798 | 0 | _TIFFfreeExt(tif, data); |
6799 | 0 | if (!m) |
6800 | 0 | return (0); |
6801 | 0 | } |
6802 | 0 | } |
6803 | 0 | } |
6804 | 0 | break; |
6805 | 0 | case TIFF_SETGET_C0_SINT64: |
6806 | 0 | { |
6807 | 0 | int64_t *data; |
6808 | 0 | assert(fip->field_readcount >= 1); |
6809 | 0 | assert(fip->field_passcount == 0); |
6810 | 0 | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6811 | 0 | { |
6812 | 0 | TIFFWarningExtR(tif, module, |
6813 | 0 | "incorrect count for field \"%s\", expected " |
6814 | 0 | "%d, got %" PRIu64, |
6815 | 0 | fip->field_name, (int)fip->field_readcount, |
6816 | 0 | dp->tdir_count); |
6817 | 0 | return (0); |
6818 | 0 | } |
6819 | 0 | else |
6820 | 0 | { |
6821 | 0 | err = TIFFReadDirEntrySlong8Array(tif, dp, &data); |
6822 | 0 | if (err == TIFFReadDirEntryErrOk) |
6823 | 0 | { |
6824 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6825 | 0 | { |
6826 | 0 | if (data != 0) |
6827 | 0 | _TIFFfreeExt(tif, data); |
6828 | 0 | return 0; |
6829 | 0 | } |
6830 | 0 | int m; |
6831 | 0 | m = TIFFSetField(tif, dp->tdir_tag, data); |
6832 | 0 | if (data != 0) |
6833 | 0 | _TIFFfreeExt(tif, data); |
6834 | 0 | if (!m) |
6835 | 0 | return (0); |
6836 | 0 | } |
6837 | 0 | } |
6838 | 0 | } |
6839 | 0 | break; |
6840 | 43.8k | case TIFF_SETGET_C0_FLOAT: |
6841 | 43.8k | { |
6842 | 43.8k | float *data; |
6843 | 43.8k | assert(fip->field_readcount >= 1); |
6844 | 43.8k | assert(fip->field_passcount == 0); |
6845 | 43.8k | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6846 | 22.2k | { |
6847 | 22.2k | TIFFWarningExtR(tif, module, |
6848 | 22.2k | "incorrect count for field \"%s\", expected " |
6849 | 22.2k | "%d, got %" PRIu64, |
6850 | 22.2k | fip->field_name, (int)fip->field_readcount, |
6851 | 22.2k | dp->tdir_count); |
6852 | 22.2k | return (0); |
6853 | 22.2k | } |
6854 | 21.5k | else |
6855 | 21.5k | { |
6856 | 21.5k | err = TIFFReadDirEntryFloatArray(tif, dp, &data); |
6857 | 21.5k | if (err == TIFFReadDirEntryErrOk) |
6858 | 17.6k | { |
6859 | 17.6k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6860 | 0 | { |
6861 | 0 | if (data != 0) |
6862 | 0 | _TIFFfreeExt(tif, data); |
6863 | 0 | return 0; |
6864 | 0 | } |
6865 | 17.6k | int m; |
6866 | 17.6k | m = TIFFSetField(tif, dp->tdir_tag, data); |
6867 | 17.6k | if (data != 0) |
6868 | 17.6k | _TIFFfreeExt(tif, data); |
6869 | 17.6k | if (!m) |
6870 | 0 | return (0); |
6871 | 17.6k | } |
6872 | 21.5k | } |
6873 | 43.8k | } |
6874 | 21.5k | break; |
6875 | | /*--: Rational2Double: Extend for Double Arrays and Rational-Arrays read |
6876 | | * into Double-Arrays. */ |
6877 | 21.5k | case TIFF_SETGET_C0_DOUBLE: |
6878 | 0 | { |
6879 | 0 | double *data; |
6880 | 0 | assert(fip->field_readcount >= 1); |
6881 | 0 | assert(fip->field_passcount == 0); |
6882 | 0 | if (dp->tdir_count != (uint64_t)fip->field_readcount) |
6883 | 0 | { |
6884 | 0 | TIFFWarningExtR(tif, module, |
6885 | 0 | "incorrect count for field \"%s\", expected " |
6886 | 0 | "%d, got %" PRIu64, |
6887 | 0 | fip->field_name, (int)fip->field_readcount, |
6888 | 0 | dp->tdir_count); |
6889 | 0 | return (0); |
6890 | 0 | } |
6891 | 0 | else |
6892 | 0 | { |
6893 | 0 | err = TIFFReadDirEntryDoubleArray(tif, dp, &data); |
6894 | 0 | if (err == TIFFReadDirEntryErrOk) |
6895 | 0 | { |
6896 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6897 | 0 | { |
6898 | 0 | if (data != 0) |
6899 | 0 | _TIFFfreeExt(tif, data); |
6900 | 0 | return 0; |
6901 | 0 | } |
6902 | 0 | int m; |
6903 | 0 | m = TIFFSetField(tif, dp->tdir_tag, data); |
6904 | 0 | if (data != 0) |
6905 | 0 | _TIFFfreeExt(tif, data); |
6906 | 0 | if (!m) |
6907 | 0 | return (0); |
6908 | 0 | } |
6909 | 0 | } |
6910 | 0 | } |
6911 | 0 | break; |
6912 | 13.7k | case TIFF_SETGET_C16_ASCII: |
6913 | 13.7k | { |
6914 | 13.7k | uint8_t *data; |
6915 | 13.7k | assert(fip->field_readcount == TIFF_VARIABLE); |
6916 | 13.7k | assert(fip->field_passcount == 1); |
6917 | 13.7k | if (dp->tdir_count > 0xFFFF) |
6918 | 4.47k | err = TIFFReadDirEntryErrCount; |
6919 | 9.31k | else |
6920 | 9.31k | { |
6921 | 9.31k | err = TIFFReadDirEntryByteArray(tif, dp, &data); |
6922 | 9.31k | if (err == TIFFReadDirEntryErrOk) |
6923 | 3.98k | { |
6924 | 3.98k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6925 | 0 | { |
6926 | 0 | if (data != 0) |
6927 | 0 | _TIFFfreeExt(tif, data); |
6928 | 0 | return 0; |
6929 | 0 | } |
6930 | 3.98k | int m; |
6931 | 3.98k | if (data != 0 && dp->tdir_count > 0 && |
6932 | 3.98k | data[dp->tdir_count - 1] != '\0') |
6933 | 2.03k | { |
6934 | 2.03k | TIFFWarningExtR(tif, module, |
6935 | 2.03k | "ASCII value for ASCII array tag " |
6936 | 2.03k | "\"%s\" does not end in null " |
6937 | 2.03k | "byte. Forcing it to be null", |
6938 | 2.03k | fip->field_name); |
6939 | | /* Enlarge buffer and add terminating null. */ |
6940 | 2.03k | uint8_t *o = |
6941 | 2.03k | _TIFFmallocExt(tif, (uint32_t)dp->tdir_count + 1); |
6942 | 2.03k | if (o == NULL) |
6943 | 0 | { |
6944 | 0 | if (data != NULL) |
6945 | 0 | _TIFFfreeExt(tif, data); |
6946 | 0 | return (0); |
6947 | 0 | } |
6948 | 2.03k | if (dp->tdir_count > 0) |
6949 | 2.03k | { |
6950 | 2.03k | _TIFFmemcpy(o, data, (uint32_t)dp->tdir_count); |
6951 | 2.03k | } |
6952 | 2.03k | o[(uint32_t)dp->tdir_count] = 0; |
6953 | 2.03k | dp->tdir_count++; /* Increment for added null. */ |
6954 | 2.03k | if (data != 0) |
6955 | 2.03k | _TIFFfreeExt(tif, data); |
6956 | 2.03k | data = o; |
6957 | 2.03k | } |
6958 | 3.98k | m = TIFFSetField(tif, dp->tdir_tag, |
6959 | 3.98k | (uint16_t)(dp->tdir_count), data); |
6960 | 3.98k | if (data != 0) |
6961 | 3.28k | _TIFFfreeExt(tif, data); |
6962 | 3.98k | if (!m) |
6963 | 701 | return (0); |
6964 | 3.98k | } |
6965 | 9.31k | } |
6966 | 13.7k | } |
6967 | 13.0k | break; |
6968 | 13.0k | case TIFF_SETGET_C16_UINT8: |
6969 | 3.04k | { |
6970 | 3.04k | uint8_t *data; |
6971 | 3.04k | assert(fip->field_readcount == TIFF_VARIABLE); |
6972 | 3.04k | assert(fip->field_passcount == 1); |
6973 | 3.04k | if (dp->tdir_count > 0xFFFF) |
6974 | 1.20k | err = TIFFReadDirEntryErrCount; |
6975 | 1.84k | else |
6976 | 1.84k | { |
6977 | 1.84k | err = TIFFReadDirEntryByteArray(tif, dp, &data); |
6978 | 1.84k | if (err == TIFFReadDirEntryErrOk) |
6979 | 672 | { |
6980 | 672 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
6981 | 0 | { |
6982 | 0 | if (data != 0) |
6983 | 0 | _TIFFfreeExt(tif, data); |
6984 | 0 | return 0; |
6985 | 0 | } |
6986 | 672 | int m; |
6987 | 672 | m = TIFFSetField(tif, dp->tdir_tag, |
6988 | 672 | (uint16_t)(dp->tdir_count), data); |
6989 | 672 | if (data != 0) |
6990 | 536 | _TIFFfreeExt(tif, data); |
6991 | 672 | if (!m) |
6992 | 0 | return (0); |
6993 | 672 | } |
6994 | 1.84k | } |
6995 | 3.04k | } |
6996 | 3.04k | break; |
6997 | 3.04k | case TIFF_SETGET_C16_SINT8: |
6998 | 0 | { |
6999 | 0 | int8_t *data; |
7000 | 0 | assert(fip->field_readcount == TIFF_VARIABLE); |
7001 | 0 | assert(fip->field_passcount == 1); |
7002 | 0 | if (dp->tdir_count > 0xFFFF) |
7003 | 0 | err = TIFFReadDirEntryErrCount; |
7004 | 0 | else |
7005 | 0 | { |
7006 | 0 | err = TIFFReadDirEntrySbyteArray(tif, dp, &data); |
7007 | 0 | if (err == TIFFReadDirEntryErrOk) |
7008 | 0 | { |
7009 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7010 | 0 | { |
7011 | 0 | if (data != 0) |
7012 | 0 | _TIFFfreeExt(tif, data); |
7013 | 0 | return 0; |
7014 | 0 | } |
7015 | 0 | int m; |
7016 | 0 | m = TIFFSetField(tif, dp->tdir_tag, |
7017 | 0 | (uint16_t)(dp->tdir_count), data); |
7018 | 0 | if (data != 0) |
7019 | 0 | _TIFFfreeExt(tif, data); |
7020 | 0 | if (!m) |
7021 | 0 | return (0); |
7022 | 0 | } |
7023 | 0 | } |
7024 | 0 | } |
7025 | 0 | break; |
7026 | 175k | case TIFF_SETGET_C16_UINT16: |
7027 | 175k | { |
7028 | 175k | uint16_t *data; |
7029 | 175k | assert(fip->field_readcount == TIFF_VARIABLE); |
7030 | 175k | assert(fip->field_passcount == 1); |
7031 | 175k | if (dp->tdir_count > 0xFFFF) |
7032 | 4.89k | err = TIFFReadDirEntryErrCount; |
7033 | 170k | else |
7034 | 170k | { |
7035 | 170k | err = TIFFReadDirEntryShortArray(tif, dp, &data); |
7036 | 170k | if (err == TIFFReadDirEntryErrOk) |
7037 | 159k | { |
7038 | 159k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7039 | 0 | { |
7040 | 0 | if (data != 0) |
7041 | 0 | _TIFFfreeExt(tif, data); |
7042 | 0 | return 0; |
7043 | 0 | } |
7044 | 159k | int m; |
7045 | 159k | m = TIFFSetField(tif, dp->tdir_tag, |
7046 | 159k | (uint16_t)(dp->tdir_count), data); |
7047 | 159k | if (data != 0) |
7048 | 158k | _TIFFfreeExt(tif, data); |
7049 | 159k | if (!m) |
7050 | 110 | return (0); |
7051 | 159k | } |
7052 | 170k | } |
7053 | 175k | } |
7054 | 175k | break; |
7055 | 175k | case TIFF_SETGET_C16_SINT16: |
7056 | 0 | { |
7057 | 0 | int16_t *data; |
7058 | 0 | assert(fip->field_readcount == TIFF_VARIABLE); |
7059 | 0 | assert(fip->field_passcount == 1); |
7060 | 0 | if (dp->tdir_count > 0xFFFF) |
7061 | 0 | err = TIFFReadDirEntryErrCount; |
7062 | 0 | else |
7063 | 0 | { |
7064 | 0 | err = TIFFReadDirEntrySshortArray(tif, dp, &data); |
7065 | 0 | if (err == TIFFReadDirEntryErrOk) |
7066 | 0 | { |
7067 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7068 | 0 | { |
7069 | 0 | if (data != 0) |
7070 | 0 | _TIFFfreeExt(tif, data); |
7071 | 0 | return 0; |
7072 | 0 | } |
7073 | 0 | int m; |
7074 | 0 | m = TIFFSetField(tif, dp->tdir_tag, |
7075 | 0 | (uint16_t)(dp->tdir_count), data); |
7076 | 0 | if (data != 0) |
7077 | 0 | _TIFFfreeExt(tif, data); |
7078 | 0 | if (!m) |
7079 | 0 | return (0); |
7080 | 0 | } |
7081 | 0 | } |
7082 | 0 | } |
7083 | 0 | break; |
7084 | 16.3k | case TIFF_SETGET_C16_UINT32: |
7085 | 16.3k | { |
7086 | 16.3k | uint32_t *data; |
7087 | 16.3k | assert(fip->field_readcount == TIFF_VARIABLE); |
7088 | 16.3k | assert(fip->field_passcount == 1); |
7089 | 16.3k | if (dp->tdir_count > 0xFFFF) |
7090 | 3.85k | err = TIFFReadDirEntryErrCount; |
7091 | 12.4k | else |
7092 | 12.4k | { |
7093 | 12.4k | err = TIFFReadDirEntryLongArray(tif, dp, &data); |
7094 | 12.4k | if (err == TIFFReadDirEntryErrOk) |
7095 | 4.60k | { |
7096 | 4.60k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7097 | 0 | { |
7098 | 0 | if (data != 0) |
7099 | 0 | _TIFFfreeExt(tif, data); |
7100 | 0 | return 0; |
7101 | 0 | } |
7102 | 4.60k | int m; |
7103 | 4.60k | m = TIFFSetField(tif, dp->tdir_tag, |
7104 | 4.60k | (uint16_t)(dp->tdir_count), data); |
7105 | 4.60k | if (data != 0) |
7106 | 3.93k | _TIFFfreeExt(tif, data); |
7107 | 4.60k | if (!m) |
7108 | 0 | return (0); |
7109 | 4.60k | } |
7110 | 12.4k | } |
7111 | 16.3k | } |
7112 | 16.3k | break; |
7113 | 16.3k | case TIFF_SETGET_C16_SINT32: |
7114 | 0 | { |
7115 | 0 | int32_t *data; |
7116 | 0 | assert(fip->field_readcount == TIFF_VARIABLE); |
7117 | 0 | assert(fip->field_passcount == 1); |
7118 | 0 | if (dp->tdir_count > 0xFFFF) |
7119 | 0 | err = TIFFReadDirEntryErrCount; |
7120 | 0 | else |
7121 | 0 | { |
7122 | 0 | err = TIFFReadDirEntrySlongArray(tif, dp, &data); |
7123 | 0 | if (err == TIFFReadDirEntryErrOk) |
7124 | 0 | { |
7125 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7126 | 0 | { |
7127 | 0 | if (data != 0) |
7128 | 0 | _TIFFfreeExt(tif, data); |
7129 | 0 | return 0; |
7130 | 0 | } |
7131 | 0 | int m; |
7132 | 0 | m = TIFFSetField(tif, dp->tdir_tag, |
7133 | 0 | (uint16_t)(dp->tdir_count), data); |
7134 | 0 | if (data != 0) |
7135 | 0 | _TIFFfreeExt(tif, data); |
7136 | 0 | if (!m) |
7137 | 0 | return (0); |
7138 | 0 | } |
7139 | 0 | } |
7140 | 0 | } |
7141 | 0 | break; |
7142 | 0 | case TIFF_SETGET_C16_UINT64: |
7143 | 0 | { |
7144 | 0 | uint64_t *data; |
7145 | 0 | assert(fip->field_readcount == TIFF_VARIABLE); |
7146 | 0 | assert(fip->field_passcount == 1); |
7147 | 0 | if (dp->tdir_count > 0xFFFF) |
7148 | 0 | err = TIFFReadDirEntryErrCount; |
7149 | 0 | else |
7150 | 0 | { |
7151 | 0 | err = TIFFReadDirEntryLong8Array(tif, dp, &data); |
7152 | 0 | if (err == TIFFReadDirEntryErrOk) |
7153 | 0 | { |
7154 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7155 | 0 | { |
7156 | 0 | if (data != 0) |
7157 | 0 | _TIFFfreeExt(tif, data); |
7158 | 0 | return 0; |
7159 | 0 | } |
7160 | 0 | int m; |
7161 | 0 | m = TIFFSetField(tif, dp->tdir_tag, |
7162 | 0 | (uint16_t)(dp->tdir_count), data); |
7163 | 0 | if (data != 0) |
7164 | 0 | _TIFFfreeExt(tif, data); |
7165 | 0 | if (!m) |
7166 | 0 | return (0); |
7167 | 0 | } |
7168 | 0 | } |
7169 | 0 | } |
7170 | 0 | break; |
7171 | 0 | case TIFF_SETGET_C16_SINT64: |
7172 | 0 | { |
7173 | 0 | int64_t *data; |
7174 | 0 | assert(fip->field_readcount == TIFF_VARIABLE); |
7175 | 0 | assert(fip->field_passcount == 1); |
7176 | 0 | if (dp->tdir_count > 0xFFFF) |
7177 | 0 | err = TIFFReadDirEntryErrCount; |
7178 | 0 | else |
7179 | 0 | { |
7180 | 0 | err = TIFFReadDirEntrySlong8Array(tif, dp, &data); |
7181 | 0 | if (err == TIFFReadDirEntryErrOk) |
7182 | 0 | { |
7183 | 0 | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7184 | 0 | { |
7185 | 0 | if (data != 0) |
7186 | 0 | _TIFFfreeExt(tif, data); |
7187 | 0 | return 0; |
7188 | 0 | } |
7189 | 0 | int m; |
7190 | 0 | m = TIFFSetField(tif, dp->tdir_tag, |
7191 | 0 | (uint16_t)(dp->tdir_count), data); |
7192 | 0 | if (data != 0) |
7193 | 0 | _TIFFfreeExt(tif, data); |
7194 | 0 | if (!m) |
7195 | 0 | return (0); |
7196 | 0 | } |
7197 | 0 | } |
7198 | 0 | } |
7199 | 0 | break; |
7200 | 18.9k | case TIFF_SETGET_C16_FLOAT: |
7201 | 18.9k | { |
7202 | 18.9k | float *data; |
7203 | 18.9k | assert(fip->field_readcount == TIFF_VARIABLE); |
7204 | 18.9k | assert(fip->field_passcount == 1); |
7205 | 18.9k | if (dp->tdir_count > 0xFFFF) |
7206 | 5.95k | err = TIFFReadDirEntryErrCount; |
7207 | 12.9k | else |
7208 | 12.9k | { |
7209 | 12.9k | err = TIFFReadDirEntryFloatArray(tif, dp, &data); |
7210 | 12.9k | if (err == TIFFReadDirEntryErrOk) |
7211 | 9.01k | { |
7212 | 9.01k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7213 | 0 | { |
7214 | 0 | if (data != 0) |
7215 | 0 | _TIFFfreeExt(tif, data); |
7216 | 0 | return 0; |
7217 | 0 | } |
7218 | 9.01k | int m; |
7219 | 9.01k | m = TIFFSetField(tif, dp->tdir_tag, |
7220 | 9.01k | (uint16_t)(dp->tdir_count), data); |
7221 | 9.01k | if (data != 0) |
7222 | 8.15k | _TIFFfreeExt(tif, data); |
7223 | 9.01k | if (!m) |
7224 | 0 | return (0); |
7225 | 9.01k | } |
7226 | 12.9k | } |
7227 | 18.9k | } |
7228 | 18.9k | break; |
7229 | 178k | case TIFF_SETGET_C16_DOUBLE: |
7230 | 178k | { |
7231 | 178k | double *data; |
7232 | 178k | assert(fip->field_readcount == TIFF_VARIABLE); |
7233 | 178k | assert(fip->field_passcount == 1); |
7234 | 178k | if (dp->tdir_count > 0xFFFF) |
7235 | 36.7k | err = TIFFReadDirEntryErrCount; |
7236 | 141k | else |
7237 | 141k | { |
7238 | 141k | err = TIFFReadDirEntryDoubleArray(tif, dp, &data); |
7239 | 141k | if (err == TIFFReadDirEntryErrOk) |
7240 | 100k | { |
7241 | 100k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7242 | 0 | { |
7243 | 0 | if (data != 0) |
7244 | 0 | _TIFFfreeExt(tif, data); |
7245 | 0 | return 0; |
7246 | 0 | } |
7247 | 100k | int m; |
7248 | 100k | m = TIFFSetField(tif, dp->tdir_tag, |
7249 | 100k | (uint16_t)(dp->tdir_count), data); |
7250 | 100k | if (data != 0) |
7251 | 98.8k | _TIFFfreeExt(tif, data); |
7252 | 100k | if (!m) |
7253 | 0 | return (0); |
7254 | 100k | } |
7255 | 141k | } |
7256 | 178k | } |
7257 | 178k | break; |
7258 | 193k | case TIFF_SETGET_C16_IFD8: |
7259 | 193k | { |
7260 | 193k | uint64_t *data; |
7261 | 193k | assert(fip->field_readcount == TIFF_VARIABLE); |
7262 | 193k | assert(fip->field_passcount == 1); |
7263 | 193k | if (dp->tdir_count > 0xFFFF) |
7264 | 4.81k | err = TIFFReadDirEntryErrCount; |
7265 | 188k | else |
7266 | 188k | { |
7267 | 188k | err = TIFFReadDirEntryIfd8Array(tif, dp, &data); |
7268 | 188k | if (err == TIFFReadDirEntryErrOk) |
7269 | 182k | { |
7270 | 182k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7271 | 0 | { |
7272 | 0 | if (data != 0) |
7273 | 0 | _TIFFfreeExt(tif, data); |
7274 | 0 | return 0; |
7275 | 0 | } |
7276 | 182k | int m; |
7277 | 182k | m = TIFFSetField(tif, dp->tdir_tag, |
7278 | 182k | (uint16_t)(dp->tdir_count), data); |
7279 | 182k | if (data != 0) |
7280 | 179k | _TIFFfreeExt(tif, data); |
7281 | 182k | if (!m) |
7282 | 0 | return (0); |
7283 | 182k | } |
7284 | 188k | } |
7285 | 193k | } |
7286 | 193k | break; |
7287 | 193k | case TIFF_SETGET_C32_ASCII: |
7288 | 113k | { |
7289 | 113k | uint8_t *data; |
7290 | 113k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7291 | 113k | assert(fip->field_passcount == 1); |
7292 | 113k | err = TIFFReadDirEntryByteArray(tif, dp, &data); |
7293 | 113k | if (err == TIFFReadDirEntryErrOk) |
7294 | 36.5k | { |
7295 | 36.5k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7296 | 0 | { |
7297 | 0 | if (data != 0) |
7298 | 0 | _TIFFfreeExt(tif, data); |
7299 | 0 | return 0; |
7300 | 0 | } |
7301 | 36.5k | int m; |
7302 | 36.5k | if (data != 0 && dp->tdir_count > 0 && |
7303 | 36.5k | data[dp->tdir_count - 1] != '\0') |
7304 | 16.4k | { |
7305 | 16.4k | TIFFWarningExtR( |
7306 | 16.4k | tif, module, |
7307 | 16.4k | "ASCII value for ASCII array tag \"%s\" does not end " |
7308 | 16.4k | "in null byte. Forcing it to be null", |
7309 | 16.4k | fip->field_name); |
7310 | | /* Enlarge buffer and add terminating null. */ |
7311 | 16.4k | uint8_t *o = |
7312 | 16.4k | _TIFFmallocExt(tif, (uint32_t)dp->tdir_count + 1); |
7313 | 16.4k | if (o == NULL) |
7314 | 0 | { |
7315 | 0 | if (data != NULL) |
7316 | 0 | _TIFFfreeExt(tif, data); |
7317 | 0 | return (0); |
7318 | 0 | } |
7319 | 16.4k | if (dp->tdir_count > 0) |
7320 | 16.4k | { |
7321 | 16.4k | _TIFFmemcpy(o, data, (uint32_t)dp->tdir_count); |
7322 | 16.4k | } |
7323 | 16.4k | o[(uint32_t)dp->tdir_count] = 0; |
7324 | 16.4k | dp->tdir_count++; /* Increment for added null. */ |
7325 | 16.4k | if (data != 0) |
7326 | 16.4k | _TIFFfreeExt(tif, data); |
7327 | 16.4k | data = o; |
7328 | 16.4k | } |
7329 | 36.5k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7330 | 36.5k | data); |
7331 | 36.5k | if (data != 0) |
7332 | 24.0k | _TIFFfreeExt(tif, data); |
7333 | 36.5k | if (!m) |
7334 | 0 | return (0); |
7335 | 36.5k | } |
7336 | 113k | } |
7337 | 113k | break; |
7338 | 765k | case TIFF_SETGET_C32_UINT8: |
7339 | 765k | { |
7340 | 765k | uint8_t *data; |
7341 | 765k | uint32_t count = 0; |
7342 | 765k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7343 | 765k | assert(fip->field_passcount == 1); |
7344 | 765k | if (fip->field_tag == TIFFTAG_RICHTIFFIPTC && |
7345 | 765k | dp->tdir_type == TIFF_LONG) |
7346 | 1.62k | { |
7347 | | /* Adobe's software (wrongly) writes RichTIFFIPTC tag with |
7348 | | * data type LONG instead of UNDEFINED. Work around this |
7349 | | * frequently found issue */ |
7350 | 1.62k | void *origdata; |
7351 | 1.62k | err = TIFFReadDirEntryArray(tif, dp, &count, 4, &origdata); |
7352 | 1.62k | if ((err != TIFFReadDirEntryErrOk) || (origdata == 0)) |
7353 | 972 | { |
7354 | 972 | data = NULL; |
7355 | 972 | } |
7356 | 655 | else |
7357 | 655 | { |
7358 | 655 | if (tif->tif_flags & TIFF_SWAB) |
7359 | 103 | TIFFSwabArrayOfLong((uint32_t *)origdata, count); |
7360 | 655 | data = (uint8_t *)origdata; |
7361 | 655 | count = (uint32_t)(count * 4); |
7362 | 655 | } |
7363 | 1.62k | } |
7364 | 764k | else |
7365 | 764k | { |
7366 | 764k | err = TIFFReadDirEntryByteArray(tif, dp, &data); |
7367 | 764k | count = (uint32_t)(dp->tdir_count); |
7368 | 764k | } |
7369 | 765k | if (err == TIFFReadDirEntryErrOk) |
7370 | 294k | { |
7371 | 294k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7372 | 0 | { |
7373 | 0 | if (data != 0) |
7374 | 0 | _TIFFfreeExt(tif, data); |
7375 | 0 | return 0; |
7376 | 0 | } |
7377 | 294k | int m; |
7378 | 294k | m = TIFFSetField(tif, dp->tdir_tag, count, data); |
7379 | 294k | if (data != 0) |
7380 | 245k | _TIFFfreeExt(tif, data); |
7381 | 294k | if (!m) |
7382 | 518 | return (0); |
7383 | 294k | } |
7384 | 765k | } |
7385 | 765k | break; |
7386 | 765k | case TIFF_SETGET_C32_SINT8: |
7387 | 69.9k | { |
7388 | 69.9k | int8_t *data = NULL; |
7389 | 69.9k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7390 | 69.9k | assert(fip->field_passcount == 1); |
7391 | 69.9k | err = TIFFReadDirEntrySbyteArray(tif, dp, &data); |
7392 | 69.9k | if (err == TIFFReadDirEntryErrOk) |
7393 | 27.5k | { |
7394 | 27.5k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7395 | 0 | { |
7396 | 0 | if (data != 0) |
7397 | 0 | _TIFFfreeExt(tif, data); |
7398 | 0 | return 0; |
7399 | 0 | } |
7400 | 27.5k | int m; |
7401 | 27.5k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7402 | 27.5k | data); |
7403 | 27.5k | if (data != 0) |
7404 | 23.5k | _TIFFfreeExt(tif, data); |
7405 | 27.5k | if (!m) |
7406 | 0 | return (0); |
7407 | 27.5k | } |
7408 | 69.9k | } |
7409 | 69.9k | break; |
7410 | 649k | case TIFF_SETGET_C32_UINT16: |
7411 | 649k | { |
7412 | 649k | uint16_t *data; |
7413 | 649k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7414 | 649k | assert(fip->field_passcount == 1); |
7415 | 649k | err = TIFFReadDirEntryShortArray(tif, dp, &data); |
7416 | 649k | if (err == TIFFReadDirEntryErrOk) |
7417 | 349k | { |
7418 | 349k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7419 | 0 | { |
7420 | 0 | if (data != 0) |
7421 | 0 | _TIFFfreeExt(tif, data); |
7422 | 0 | return 0; |
7423 | 0 | } |
7424 | 349k | int m; |
7425 | 349k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7426 | 349k | data); |
7427 | 349k | if (data != 0) |
7428 | 342k | _TIFFfreeExt(tif, data); |
7429 | 349k | if (!m) |
7430 | 0 | return (0); |
7431 | 349k | } |
7432 | 649k | } |
7433 | 649k | break; |
7434 | 649k | case TIFF_SETGET_C32_SINT16: |
7435 | 115k | { |
7436 | 115k | int16_t *data = NULL; |
7437 | 115k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7438 | 115k | assert(fip->field_passcount == 1); |
7439 | 115k | err = TIFFReadDirEntrySshortArray(tif, dp, &data); |
7440 | 115k | if (err == TIFFReadDirEntryErrOk) |
7441 | 12.7k | { |
7442 | 12.7k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7443 | 0 | { |
7444 | 0 | if (data != 0) |
7445 | 0 | _TIFFfreeExt(tif, data); |
7446 | 0 | return 0; |
7447 | 0 | } |
7448 | 12.7k | int m; |
7449 | 12.7k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7450 | 12.7k | data); |
7451 | 12.7k | if (data != 0) |
7452 | 6.19k | _TIFFfreeExt(tif, data); |
7453 | 12.7k | if (!m) |
7454 | 0 | return (0); |
7455 | 12.7k | } |
7456 | 115k | } |
7457 | 115k | break; |
7458 | 135k | case TIFF_SETGET_C32_UINT32: |
7459 | 135k | { |
7460 | 135k | uint32_t *data; |
7461 | 135k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7462 | 135k | assert(fip->field_passcount == 1); |
7463 | 135k | err = TIFFReadDirEntryLongArray(tif, dp, &data); |
7464 | 135k | if (err == TIFFReadDirEntryErrOk) |
7465 | 26.8k | { |
7466 | 26.8k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7467 | 0 | { |
7468 | 0 | if (data != 0) |
7469 | 0 | _TIFFfreeExt(tif, data); |
7470 | 0 | return 0; |
7471 | 0 | } |
7472 | 26.8k | int m; |
7473 | 26.8k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7474 | 26.8k | data); |
7475 | 26.8k | if (data != 0) |
7476 | 21.2k | _TIFFfreeExt(tif, data); |
7477 | 26.8k | if (!m) |
7478 | 114 | return (0); |
7479 | 26.8k | } |
7480 | 135k | } |
7481 | 135k | break; |
7482 | 135k | case TIFF_SETGET_C32_SINT32: |
7483 | 38.6k | { |
7484 | 38.6k | int32_t *data = NULL; |
7485 | 38.6k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7486 | 38.6k | assert(fip->field_passcount == 1); |
7487 | 38.6k | err = TIFFReadDirEntrySlongArray(tif, dp, &data); |
7488 | 38.6k | if (err == TIFFReadDirEntryErrOk) |
7489 | 20.7k | { |
7490 | 20.7k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7491 | 0 | { |
7492 | 0 | if (data != 0) |
7493 | 0 | _TIFFfreeExt(tif, data); |
7494 | 0 | return 0; |
7495 | 0 | } |
7496 | 20.7k | int m; |
7497 | 20.7k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7498 | 20.7k | data); |
7499 | 20.7k | if (data != 0) |
7500 | 14.5k | _TIFFfreeExt(tif, data); |
7501 | 20.7k | if (!m) |
7502 | 0 | return (0); |
7503 | 20.7k | } |
7504 | 38.6k | } |
7505 | 38.6k | break; |
7506 | 57.3k | case TIFF_SETGET_C32_UINT64: |
7507 | 57.3k | { |
7508 | 57.3k | uint64_t *data; |
7509 | 57.3k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7510 | 57.3k | assert(fip->field_passcount == 1); |
7511 | 57.3k | err = TIFFReadDirEntryLong8Array(tif, dp, &data); |
7512 | 57.3k | if (err == TIFFReadDirEntryErrOk) |
7513 | 23.6k | { |
7514 | 23.6k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7515 | 0 | { |
7516 | 0 | if (data != 0) |
7517 | 0 | _TIFFfreeExt(tif, data); |
7518 | 0 | return 0; |
7519 | 0 | } |
7520 | 23.6k | int m; |
7521 | 23.6k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7522 | 23.6k | data); |
7523 | 23.6k | if (data != 0) |
7524 | 17.8k | _TIFFfreeExt(tif, data); |
7525 | 23.6k | if (!m) |
7526 | 6.79k | return (0); |
7527 | 23.6k | } |
7528 | 57.3k | } |
7529 | 50.5k | break; |
7530 | 50.5k | case TIFF_SETGET_C32_SINT64: |
7531 | 25.7k | { |
7532 | 25.7k | int64_t *data = NULL; |
7533 | 25.7k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7534 | 25.7k | assert(fip->field_passcount == 1); |
7535 | 25.7k | err = TIFFReadDirEntrySlong8Array(tif, dp, &data); |
7536 | 25.7k | if (err == TIFFReadDirEntryErrOk) |
7537 | 9.66k | { |
7538 | 9.66k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7539 | 0 | { |
7540 | 0 | if (data != 0) |
7541 | 0 | _TIFFfreeExt(tif, data); |
7542 | 0 | return 0; |
7543 | 0 | } |
7544 | 9.66k | int m; |
7545 | 9.66k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7546 | 9.66k | data); |
7547 | 9.66k | if (data != 0) |
7548 | 5.67k | _TIFFfreeExt(tif, data); |
7549 | 9.66k | if (!m) |
7550 | 4.86k | return (0); |
7551 | 9.66k | } |
7552 | 25.7k | } |
7553 | 20.9k | break; |
7554 | 110k | case TIFF_SETGET_C32_FLOAT: |
7555 | 110k | { |
7556 | 110k | float *data; |
7557 | 110k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7558 | 110k | assert(fip->field_passcount == 1); |
7559 | 110k | err = TIFFReadDirEntryFloatArray(tif, dp, &data); |
7560 | 110k | if (err == TIFFReadDirEntryErrOk) |
7561 | 43.5k | { |
7562 | 43.5k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7563 | 0 | { |
7564 | 0 | if (data != 0) |
7565 | 0 | _TIFFfreeExt(tif, data); |
7566 | 0 | return 0; |
7567 | 0 | } |
7568 | 43.5k | int m; |
7569 | 43.5k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7570 | 43.5k | data); |
7571 | 43.5k | if (data != 0) |
7572 | 30.8k | _TIFFfreeExt(tif, data); |
7573 | 43.5k | if (!m) |
7574 | 0 | return (0); |
7575 | 43.5k | } |
7576 | 110k | } |
7577 | 110k | break; |
7578 | 110k | case TIFF_SETGET_C32_DOUBLE: |
7579 | 82.8k | { |
7580 | 82.8k | double *data; |
7581 | 82.8k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7582 | 82.8k | assert(fip->field_passcount == 1); |
7583 | 82.8k | err = TIFFReadDirEntryDoubleArray(tif, dp, &data); |
7584 | 82.8k | if (err == TIFFReadDirEntryErrOk) |
7585 | 24.4k | { |
7586 | 24.4k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7587 | 0 | { |
7588 | 0 | if (data != 0) |
7589 | 0 | _TIFFfreeExt(tif, data); |
7590 | 0 | return 0; |
7591 | 0 | } |
7592 | 24.4k | int m; |
7593 | 24.4k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7594 | 24.4k | data); |
7595 | 24.4k | if (data != 0) |
7596 | 10.4k | _TIFFfreeExt(tif, data); |
7597 | 24.4k | if (!m) |
7598 | 0 | return (0); |
7599 | 24.4k | } |
7600 | 82.8k | } |
7601 | 82.8k | break; |
7602 | 82.8k | case TIFF_SETGET_C32_IFD8: |
7603 | 43.1k | { |
7604 | 43.1k | uint64_t *data; |
7605 | 43.1k | assert(fip->field_readcount == TIFF_VARIABLE2); |
7606 | 43.1k | assert(fip->field_passcount == 1); |
7607 | 43.1k | err = TIFFReadDirEntryIfd8Array(tif, dp, &data); |
7608 | 43.1k | if (err == TIFFReadDirEntryErrOk) |
7609 | 15.7k | { |
7610 | 15.7k | if (!EvaluateIFDdatasizeReading(tif, dp)) |
7611 | 1 | { |
7612 | 1 | if (data != 0) |
7613 | 1 | _TIFFfreeExt(tif, data); |
7614 | 1 | return 0; |
7615 | 1 | } |
7616 | 15.7k | int m; |
7617 | 15.7k | m = TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), |
7618 | 15.7k | data); |
7619 | 15.7k | if (data != 0) |
7620 | 4.71k | _TIFFfreeExt(tif, data); |
7621 | 15.7k | if (!m) |
7622 | 0 | return (0); |
7623 | 15.7k | } |
7624 | 43.1k | } |
7625 | 43.1k | break; |
7626 | 43.1k | default: |
7627 | 0 | assert(0); /* we should never get here */ |
7628 | 0 | break; |
7629 | 36.1M | } |
7630 | 36.0M | if (err != TIFFReadDirEntryErrOk) |
7631 | 1.95M | { |
7632 | 1.95M | TIFFReadDirEntryOutputErr(tif, err, module, fip->field_name, recover); |
7633 | 1.95M | return (0); |
7634 | 1.95M | } |
7635 | 34.1M | return (1); |
7636 | 36.0M | } |
7637 | | |
7638 | | /* |
7639 | | * Fetch a set of offsets or lengths. |
7640 | | * While this routine says "strips", in fact it's also used for tiles. |
7641 | | */ |
7642 | | static int TIFFFetchStripThing(TIFF *tif, TIFFDirEntry *dir, uint32_t nstrips, |
7643 | | uint64_t **lpp) |
7644 | 1.69M | { |
7645 | 1.69M | static const char module[] = "TIFFFetchStripThing"; |
7646 | 1.69M | enum TIFFReadDirEntryErr err; |
7647 | 1.69M | uint64_t *data; |
7648 | 1.69M | err = TIFFReadDirEntryLong8ArrayWithLimit(tif, dir, &data, nstrips); |
7649 | 1.69M | if (err != TIFFReadDirEntryErrOk) |
7650 | 101k | { |
7651 | 101k | const TIFFField *fip = TIFFFieldWithTag(tif, dir->tdir_tag); |
7652 | 101k | TIFFReadDirEntryOutputErr(tif, err, module, |
7653 | 101k | fip ? fip->field_name : "unknown tagname", 0); |
7654 | 101k | return (0); |
7655 | 101k | } |
7656 | 1.59M | if (dir->tdir_count < (uint64_t)nstrips) |
7657 | 22.0k | { |
7658 | 22.0k | uint64_t *resizeddata; |
7659 | 22.0k | const TIFFField *fip = TIFFFieldWithTag(tif, dir->tdir_tag); |
7660 | 22.0k | const char *pszMax = getenv("LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT"); |
7661 | 22.0k | uint32_t max_nstrips = 1000000; |
7662 | 22.0k | if (pszMax) |
7663 | 0 | max_nstrips = (uint32_t)atoi(pszMax); |
7664 | 22.0k | TIFFReadDirEntryOutputErr(tif, TIFFReadDirEntryErrCount, module, |
7665 | 22.0k | fip ? fip->field_name : "unknown tagname", |
7666 | 22.0k | (nstrips <= max_nstrips)); |
7667 | | |
7668 | 22.0k | if (nstrips > max_nstrips) |
7669 | 857 | { |
7670 | 857 | _TIFFfreeExt(tif, data); |
7671 | 857 | return (0); |
7672 | 857 | } |
7673 | | |
7674 | 21.1k | const uint64_t allocsize = (uint64_t)nstrips * sizeof(uint64_t); |
7675 | 21.1k | if (allocsize > 100 * 1024 * 1024) |
7676 | 0 | { |
7677 | | /* Before allocating a huge amount of memory for corrupted files, |
7678 | | * check if size of requested memory is not greater than file size. |
7679 | | */ |
7680 | 0 | const uint64_t filesize = TIFFGetFileSize(tif); |
7681 | 0 | if (allocsize > filesize) |
7682 | 0 | { |
7683 | 0 | TIFFWarningExtR( |
7684 | 0 | tif, module, |
7685 | 0 | "Requested memory size for StripArray of %" PRIu64 |
7686 | 0 | " is greater than filesize %" PRIu64 |
7687 | 0 | ". Memory not allocated", |
7688 | 0 | allocsize, filesize); |
7689 | 0 | _TIFFfreeExt(tif, data); |
7690 | 0 | return (0); |
7691 | 0 | } |
7692 | 0 | } |
7693 | 21.1k | resizeddata = (uint64_t *)_TIFFCheckMalloc( |
7694 | 21.1k | tif, nstrips, sizeof(uint64_t), "for strip array"); |
7695 | 21.1k | if (resizeddata == 0) |
7696 | 0 | { |
7697 | 0 | _TIFFfreeExt(tif, data); |
7698 | 0 | return (0); |
7699 | 0 | } |
7700 | 21.1k | if (dir->tdir_count) |
7701 | 17.1k | _TIFFmemcpy(resizeddata, data, |
7702 | 17.1k | (uint32_t)dir->tdir_count * sizeof(uint64_t)); |
7703 | 21.1k | _TIFFmemset(resizeddata + (uint32_t)dir->tdir_count, 0, |
7704 | 21.1k | (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); |
7705 | 21.1k | _TIFFfreeExt(tif, data); |
7706 | 21.1k | data = resizeddata; |
7707 | 21.1k | } |
7708 | 1.59M | *lpp = data; |
7709 | 1.59M | return (1); |
7710 | 1.59M | } |
7711 | | |
7712 | | /* |
7713 | | * Fetch and set the SubjectDistance EXIF tag. |
7714 | | */ |
7715 | | static int TIFFFetchSubjectDistance(TIFF *tif, TIFFDirEntry *dir) |
7716 | 0 | { |
7717 | 0 | static const char module[] = "TIFFFetchSubjectDistance"; |
7718 | 0 | enum TIFFReadDirEntryErr err; |
7719 | 0 | UInt64Aligned_t m; |
7720 | 0 | m.l = 0; |
7721 | 0 | assert(sizeof(double) == 8); |
7722 | 0 | assert(sizeof(uint64_t) == 8); |
7723 | 0 | assert(sizeof(uint32_t) == 4); |
7724 | 0 | if (dir->tdir_count != 1) |
7725 | 0 | err = TIFFReadDirEntryErrCount; |
7726 | 0 | else if (dir->tdir_type != TIFF_RATIONAL) |
7727 | 0 | err = TIFFReadDirEntryErrType; |
7728 | 0 | else |
7729 | 0 | { |
7730 | 0 | if (!(tif->tif_flags & TIFF_BIGTIFF)) |
7731 | 0 | { |
7732 | 0 | uint32_t offset; |
7733 | 0 | offset = *(uint32_t *)(&dir->tdir_offset); |
7734 | 0 | if (tif->tif_flags & TIFF_SWAB) |
7735 | 0 | TIFFSwabLong(&offset); |
7736 | 0 | err = TIFFReadDirEntryData(tif, offset, 8, m.i); |
7737 | 0 | } |
7738 | 0 | else |
7739 | 0 | { |
7740 | 0 | m.l = dir->tdir_offset.toff_long8; |
7741 | 0 | err = TIFFReadDirEntryErrOk; |
7742 | 0 | } |
7743 | 0 | } |
7744 | 0 | if (err == TIFFReadDirEntryErrOk) |
7745 | 0 | { |
7746 | 0 | double n; |
7747 | 0 | if (tif->tif_flags & TIFF_SWAB) |
7748 | 0 | TIFFSwabArrayOfLong(m.i, 2); |
7749 | 0 | if (m.i[0] == 0) |
7750 | 0 | n = 0.0; |
7751 | 0 | else if (m.i[0] == 0xFFFFFFFF || m.i[1] == 0) |
7752 | | /* |
7753 | | * XXX: Numerator 0xFFFFFFFF means that we have infinite |
7754 | | * distance. Indicate that with a negative floating point |
7755 | | * SubjectDistance value. |
7756 | | */ |
7757 | 0 | n = -1.0; |
7758 | 0 | else |
7759 | 0 | n = (double)m.i[0] / (double)m.i[1]; |
7760 | 0 | return (TIFFSetField(tif, dir->tdir_tag, n)); |
7761 | 0 | } |
7762 | 0 | else |
7763 | 0 | { |
7764 | 0 | TIFFReadDirEntryOutputErr(tif, err, module, "SubjectDistance", TRUE); |
7765 | 0 | return (0); |
7766 | 0 | } |
7767 | 0 | } |
7768 | | |
7769 | | static void allocChoppedUpStripArrays(TIFF *tif, uint32_t nstrips, |
7770 | | uint64_t stripbytes, |
7771 | | uint32_t rowsperstrip) |
7772 | 196k | { |
7773 | 196k | TIFFDirectory *td = &tif->tif_dir; |
7774 | 196k | uint64_t bytecount; |
7775 | 196k | uint64_t offset; |
7776 | 196k | uint64_t last_offset; |
7777 | 196k | uint64_t last_bytecount; |
7778 | 196k | uint32_t i; |
7779 | 196k | uint64_t *newcounts; |
7780 | 196k | uint64_t *newoffsets; |
7781 | | |
7782 | 196k | offset = TIFFGetStrileOffset(tif, 0); |
7783 | 196k | last_offset = TIFFGetStrileOffset(tif, td->td_nstrips - 1); |
7784 | 196k | last_bytecount = TIFFGetStrileByteCount(tif, td->td_nstrips - 1); |
7785 | 196k | if (last_offset > UINT64_MAX - last_bytecount || |
7786 | 196k | last_offset + last_bytecount < offset) |
7787 | 1.14k | { |
7788 | 1.14k | return; |
7789 | 1.14k | } |
7790 | 195k | bytecount = last_offset + last_bytecount - offset; |
7791 | | |
7792 | | /* Before allocating a huge amount of memory for corrupted files, check if |
7793 | | * size of StripByteCount and StripOffset tags is not greater than |
7794 | | * file size. |
7795 | | */ |
7796 | 195k | const uint64_t allocsize = (uint64_t)nstrips * sizeof(uint64_t) * 2; |
7797 | 195k | if (allocsize > 100 * 1024 * 1024) |
7798 | 0 | { |
7799 | 0 | const uint64_t filesize = TIFFGetFileSize(tif); |
7800 | 0 | if (allocsize > filesize) |
7801 | 0 | { |
7802 | 0 | TIFFWarningExtR(tif, "allocChoppedUpStripArrays", |
7803 | 0 | "Requested memory size for StripByteCount and " |
7804 | 0 | "StripOffsets %" PRIu64 |
7805 | 0 | " is greater than filesize %" PRIu64 |
7806 | 0 | ". Memory not allocated", |
7807 | 0 | allocsize, filesize); |
7808 | 0 | return; |
7809 | 0 | } |
7810 | 0 | } |
7811 | | |
7812 | 195k | newcounts = |
7813 | 195k | (uint64_t *)_TIFFCheckMalloc(tif, nstrips, sizeof(uint64_t), |
7814 | 195k | "for chopped \"StripByteCounts\" array"); |
7815 | 195k | newoffsets = (uint64_t *)_TIFFCheckMalloc( |
7816 | 195k | tif, nstrips, sizeof(uint64_t), "for chopped \"StripOffsets\" array"); |
7817 | 195k | if (newcounts == NULL || newoffsets == NULL) |
7818 | 0 | { |
7819 | | /* |
7820 | | * Unable to allocate new strip information, give up and use |
7821 | | * the original one strip information. |
7822 | | */ |
7823 | 0 | if (newcounts != NULL) |
7824 | 0 | _TIFFfreeExt(tif, newcounts); |
7825 | 0 | if (newoffsets != NULL) |
7826 | 0 | _TIFFfreeExt(tif, newoffsets); |
7827 | 0 | return; |
7828 | 0 | } |
7829 | | |
7830 | | /* |
7831 | | * Fill the strip information arrays with new bytecounts and offsets |
7832 | | * that reflect the broken-up format. |
7833 | | */ |
7834 | 1.36G | for (i = 0; i < nstrips; i++) |
7835 | 1.36G | { |
7836 | 1.36G | if (stripbytes > bytecount) |
7837 | 161k | stripbytes = bytecount; |
7838 | 1.36G | newcounts[i] = stripbytes; |
7839 | 1.36G | newoffsets[i] = stripbytes ? offset : 0; |
7840 | 1.36G | offset += stripbytes; |
7841 | 1.36G | bytecount -= stripbytes; |
7842 | 1.36G | } |
7843 | | |
7844 | | /* |
7845 | | * Replace old single strip info with multi-strip info. |
7846 | | */ |
7847 | 195k | td->td_stripsperimage = td->td_nstrips = nstrips; |
7848 | 195k | TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); |
7849 | | |
7850 | 195k | _TIFFfreeExt(tif, td->td_stripbytecount_p); |
7851 | 195k | _TIFFfreeExt(tif, td->td_stripoffset_p); |
7852 | 195k | td->td_stripbytecount_p = newcounts; |
7853 | 195k | td->td_stripoffset_p = newoffsets; |
7854 | | #ifdef STRIPBYTECOUNTSORTED_UNUSED |
7855 | | td->td_stripbytecountsorted = 1; |
7856 | | #endif |
7857 | 195k | tif->tif_flags |= TIFF_CHOPPEDUPARRAYS; |
7858 | 195k | } |
7859 | | |
7860 | | /* |
7861 | | * Replace a single strip (tile) of uncompressed data by multiple strips |
7862 | | * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for |
7863 | | * dealing with large images or for dealing with machines with a limited |
7864 | | * amount memory. |
7865 | | */ |
7866 | | static void ChopUpSingleUncompressedStrip(TIFF *tif) |
7867 | 281k | { |
7868 | 281k | register TIFFDirectory *td = &tif->tif_dir; |
7869 | 281k | uint64_t bytecount; |
7870 | 281k | uint64_t offset; |
7871 | 281k | uint32_t rowblock; |
7872 | 281k | uint64_t rowblockbytes; |
7873 | 281k | uint64_t stripbytes; |
7874 | 281k | uint32_t nstrips; |
7875 | 281k | uint32_t rowsperstrip; |
7876 | | |
7877 | 281k | bytecount = TIFFGetStrileByteCount(tif, 0); |
7878 | | /* On a newly created file, just re-opened to be filled, we */ |
7879 | | /* don't want strip chop to trigger as it is going to cause issues */ |
7880 | | /* later ( StripOffsets and StripByteCounts improperly filled) . */ |
7881 | 281k | if (bytecount == 0 && tif->tif_mode != O_RDONLY) |
7882 | 3.15k | return; |
7883 | 278k | offset = TIFFGetStrileByteCount(tif, 0); |
7884 | 278k | assert(td->td_planarconfig == PLANARCONFIG_CONTIG); |
7885 | 278k | if ((td->td_photometric == PHOTOMETRIC_YCBCR) && (!isUpSampled(tif))) |
7886 | 4.46k | rowblock = td->td_ycbcrsubsampling[1]; |
7887 | 274k | else |
7888 | 274k | rowblock = 1; |
7889 | 278k | rowblockbytes = TIFFVTileSize64(tif, rowblock); |
7890 | | /* |
7891 | | * Make the rows hold at least one scanline, but fill specified amount |
7892 | | * of data if possible. |
7893 | | */ |
7894 | 278k | if (rowblockbytes > STRIP_SIZE_DEFAULT) |
7895 | 22.8k | { |
7896 | 22.8k | stripbytes = rowblockbytes; |
7897 | 22.8k | rowsperstrip = rowblock; |
7898 | 22.8k | } |
7899 | 255k | else if (rowblockbytes > 0) |
7900 | 254k | { |
7901 | 254k | uint32_t rowblocksperstrip; |
7902 | 254k | rowblocksperstrip = (uint32_t)(STRIP_SIZE_DEFAULT / rowblockbytes); |
7903 | 254k | rowsperstrip = rowblocksperstrip * rowblock; |
7904 | 254k | stripbytes = rowblocksperstrip * rowblockbytes; |
7905 | 254k | } |
7906 | 1.01k | else |
7907 | 1.01k | return; |
7908 | | |
7909 | | /* |
7910 | | * never increase the number of rows per strip |
7911 | | */ |
7912 | 277k | if (rowsperstrip >= td->td_rowsperstrip || rowsperstrip == 0) |
7913 | 69.6k | return; |
7914 | 207k | nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); |
7915 | 207k | if (nstrips == 0) |
7916 | 1.10k | return; |
7917 | | |
7918 | | /* If we are going to allocate a lot of memory, make sure that the */ |
7919 | | /* file is as big as needed */ |
7920 | 206k | if (tif->tif_mode == O_RDONLY && nstrips > 1000000 && |
7921 | 206k | (offset >= TIFFGetFileSize(tif) || |
7922 | 18.8k | stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1))) |
7923 | 18.8k | { |
7924 | 18.8k | return; |
7925 | 18.8k | } |
7926 | | |
7927 | 187k | allocChoppedUpStripArrays(tif, nstrips, stripbytes, rowsperstrip); |
7928 | 187k | } |
7929 | | |
7930 | | /* |
7931 | | * Replace a file with contiguous strips > 2 GB of uncompressed data by |
7932 | | * multiple smaller strips. This is useful for |
7933 | | * dealing with large images or for dealing with machines with a limited |
7934 | | * amount memory. |
7935 | | */ |
7936 | | static void TryChopUpUncompressedBigTiff(TIFF *tif) |
7937 | 21.2k | { |
7938 | 21.2k | TIFFDirectory *td = &tif->tif_dir; |
7939 | 21.2k | uint32_t rowblock; |
7940 | 21.2k | uint64_t rowblockbytes; |
7941 | 21.2k | uint32_t i; |
7942 | 21.2k | uint64_t stripsize; |
7943 | 21.2k | uint32_t rowblocksperstrip; |
7944 | 21.2k | uint32_t rowsperstrip; |
7945 | 21.2k | uint64_t stripbytes; |
7946 | 21.2k | uint32_t nstrips; |
7947 | | |
7948 | 21.2k | stripsize = TIFFStripSize64(tif); |
7949 | | |
7950 | 21.2k | assert(tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG); |
7951 | 21.2k | assert(tif->tif_dir.td_compression == COMPRESSION_NONE); |
7952 | 21.2k | assert((tif->tif_flags & (TIFF_STRIPCHOP | TIFF_ISTILED)) == |
7953 | 21.2k | TIFF_STRIPCHOP); |
7954 | 21.2k | assert(stripsize > 0x7FFFFFFFUL); |
7955 | | |
7956 | | /* On a newly created file, just re-opened to be filled, we */ |
7957 | | /* don't want strip chop to trigger as it is going to cause issues */ |
7958 | | /* later ( StripOffsets and StripByteCounts improperly filled) . */ |
7959 | 21.2k | if (TIFFGetStrileByteCount(tif, 0) == 0 && tif->tif_mode != O_RDONLY) |
7960 | 0 | return; |
7961 | | |
7962 | 21.2k | if ((td->td_photometric == PHOTOMETRIC_YCBCR) && (!isUpSampled(tif))) |
7963 | 525 | rowblock = td->td_ycbcrsubsampling[1]; |
7964 | 20.7k | else |
7965 | 20.7k | rowblock = 1; |
7966 | 21.2k | rowblockbytes = TIFFVStripSize64(tif, rowblock); |
7967 | 21.2k | if (rowblockbytes == 0 || rowblockbytes > 0x7FFFFFFFUL) |
7968 | 1.07k | { |
7969 | | /* In case of file with gigantic width */ |
7970 | 1.07k | return; |
7971 | 1.07k | } |
7972 | | |
7973 | | /* Check that the strips are contiguous and of the expected size */ |
7974 | 32.1k | for (i = 0; i < td->td_nstrips; i++) |
7975 | 20.2k | { |
7976 | 20.2k | if (i == td->td_nstrips - 1) |
7977 | 19.1k | { |
7978 | 19.1k | if (TIFFGetStrileByteCount(tif, i) < |
7979 | 19.1k | TIFFVStripSize64(tif, |
7980 | 19.1k | td->td_imagelength - i * td->td_rowsperstrip)) |
7981 | 7.19k | { |
7982 | 7.19k | return; |
7983 | 7.19k | } |
7984 | 19.1k | } |
7985 | 1.09k | else |
7986 | 1.09k | { |
7987 | 1.09k | if (TIFFGetStrileByteCount(tif, i) != stripsize) |
7988 | 1.08k | { |
7989 | 1.08k | return; |
7990 | 1.08k | } |
7991 | 11 | if (i > 0 && TIFFGetStrileOffset(tif, i) != |
7992 | 0 | TIFFGetStrileOffset(tif, i - 1) + |
7993 | 0 | TIFFGetStrileByteCount(tif, i - 1)) |
7994 | 0 | { |
7995 | 0 | return; |
7996 | 0 | } |
7997 | 11 | } |
7998 | 20.2k | } |
7999 | | |
8000 | | /* Aim for 512 MB strips (that will still be manageable by 32 bit builds */ |
8001 | 11.9k | rowblocksperstrip = (uint32_t)(512 * 1024 * 1024 / rowblockbytes); |
8002 | 11.9k | if (rowblocksperstrip == 0) |
8003 | 231 | rowblocksperstrip = 1; |
8004 | 11.9k | rowsperstrip = rowblocksperstrip * rowblock; |
8005 | 11.9k | stripbytes = rowblocksperstrip * rowblockbytes; |
8006 | 11.9k | assert(stripbytes <= 0x7FFFFFFFUL); |
8007 | | |
8008 | 11.9k | if (rowsperstrip == 0) |
8009 | 0 | return; |
8010 | 11.9k | nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); |
8011 | 11.9k | if (nstrips == 0) |
8012 | 484 | return; |
8013 | | |
8014 | | /* If we are going to allocate a lot of memory, make sure that the */ |
8015 | | /* file is as big as needed */ |
8016 | 11.4k | if (tif->tif_mode == O_RDONLY && nstrips > 1000000) |
8017 | 2.55k | { |
8018 | 2.55k | uint64_t last_offset = TIFFGetStrileOffset(tif, td->td_nstrips - 1); |
8019 | 2.55k | uint64_t filesize = TIFFGetFileSize(tif); |
8020 | 2.55k | uint64_t last_bytecount = |
8021 | 2.55k | TIFFGetStrileByteCount(tif, td->td_nstrips - 1); |
8022 | 2.55k | if (last_offset > filesize || last_bytecount > filesize - last_offset) |
8023 | 2.55k | { |
8024 | 2.55k | return; |
8025 | 2.55k | } |
8026 | 2.55k | } |
8027 | | |
8028 | 8.89k | allocChoppedUpStripArrays(tif, nstrips, stripbytes, rowsperstrip); |
8029 | 8.89k | } |
8030 | | |
8031 | | TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW |
8032 | | static uint64_t _TIFFUnsanitizedAddUInt64AndInt(uint64_t a, int b) |
8033 | 553M | { |
8034 | 553M | return a + b; |
8035 | 553M | } |
8036 | | |
8037 | | /* Read the value of [Strip|Tile]Offset or [Strip|Tile]ByteCount around |
8038 | | * strip/tile of number strile. Also fetch the neighbouring values using a |
8039 | | * 4096 byte page size. |
8040 | | */ |
8041 | | static int _TIFFPartialReadStripArray(TIFF *tif, TIFFDirEntry *dirent, |
8042 | | int strile, uint64_t *panVals) |
8043 | 2.00M | { |
8044 | 2.00M | static const char module[] = "_TIFFPartialReadStripArray"; |
8045 | 4.81M | #define IO_CACHE_PAGE_SIZE 4096 |
8046 | | |
8047 | 2.00M | size_t sizeofval; |
8048 | 2.00M | const int bSwab = (tif->tif_flags & TIFF_SWAB) != 0; |
8049 | 2.00M | int sizeofvalint; |
8050 | 2.00M | uint64_t nBaseOffset; |
8051 | 2.00M | uint64_t nOffset; |
8052 | 2.00M | uint64_t nOffsetStartPage; |
8053 | 2.00M | uint64_t nOffsetEndPage; |
8054 | 2.00M | tmsize_t nToRead; |
8055 | 2.00M | tmsize_t nRead; |
8056 | 2.00M | uint64_t nLastStripOffset; |
8057 | 2.00M | int iStartBefore; |
8058 | 2.00M | int i; |
8059 | 2.00M | const uint32_t arraySize = tif->tif_dir.td_stripoffsetbyteallocsize; |
8060 | 2.00M | unsigned char buffer[2 * IO_CACHE_PAGE_SIZE]; |
8061 | | |
8062 | 2.00M | assert(dirent->tdir_count > 4); |
8063 | | |
8064 | 2.00M | if (dirent->tdir_type == TIFF_SHORT) |
8065 | 183k | { |
8066 | 183k | sizeofval = sizeof(uint16_t); |
8067 | 183k | } |
8068 | 1.81M | else if (dirent->tdir_type == TIFF_LONG) |
8069 | 254k | { |
8070 | 254k | sizeofval = sizeof(uint32_t); |
8071 | 254k | } |
8072 | 1.56M | else if (dirent->tdir_type == TIFF_LONG8) |
8073 | 413k | { |
8074 | 413k | sizeofval = sizeof(uint64_t); |
8075 | 413k | } |
8076 | 1.15M | else if (dirent->tdir_type == TIFF_SLONG8) |
8077 | 753k | { |
8078 | | /* Non conformant but used by some images as in */ |
8079 | | /* https://github.com/OSGeo/gdal/issues/2165 */ |
8080 | 753k | sizeofval = sizeof(int64_t); |
8081 | 753k | } |
8082 | 397k | else |
8083 | 397k | { |
8084 | 397k | TIFFErrorExtR(tif, module, |
8085 | 397k | "Invalid type for [Strip|Tile][Offset/ByteCount] tag"); |
8086 | 397k | panVals[strile] = 0; |
8087 | 397k | return 0; |
8088 | 397k | } |
8089 | 1.60M | sizeofvalint = (int)(sizeofval); |
8090 | | |
8091 | 1.60M | if (tif->tif_flags & TIFF_BIGTIFF) |
8092 | 661 | { |
8093 | 661 | uint64_t offset = dirent->tdir_offset.toff_long8; |
8094 | 661 | if (bSwab) |
8095 | 192 | TIFFSwabLong8(&offset); |
8096 | 661 | nBaseOffset = offset; |
8097 | 661 | } |
8098 | 1.60M | else |
8099 | 1.60M | { |
8100 | 1.60M | uint32_t offset = dirent->tdir_offset.toff_long; |
8101 | 1.60M | if (bSwab) |
8102 | 2.23k | TIFFSwabLong(&offset); |
8103 | 1.60M | nBaseOffset = offset; |
8104 | 1.60M | } |
8105 | | /* To avoid later unsigned integer overflows */ |
8106 | 1.60M | if (nBaseOffset > (uint64_t)INT64_MAX) |
8107 | 197 | { |
8108 | 197 | TIFFErrorExtR(tif, module, "Cannot read offset/size for strile %d", |
8109 | 197 | strile); |
8110 | 197 | panVals[strile] = 0; |
8111 | 197 | return 0; |
8112 | 197 | } |
8113 | 1.60M | nOffset = nBaseOffset + sizeofval * strile; |
8114 | 1.60M | nOffsetStartPage = (nOffset / IO_CACHE_PAGE_SIZE) * IO_CACHE_PAGE_SIZE; |
8115 | 1.60M | nOffsetEndPage = nOffsetStartPage + IO_CACHE_PAGE_SIZE; |
8116 | | |
8117 | 1.60M | if (nOffset + sizeofval > nOffsetEndPage) |
8118 | 6.51k | nOffsetEndPage += IO_CACHE_PAGE_SIZE; |
8119 | 1.60M | #undef IO_CACHE_PAGE_SIZE |
8120 | | |
8121 | 1.60M | nLastStripOffset = nBaseOffset + arraySize * sizeofval; |
8122 | 1.60M | if (nLastStripOffset < nOffsetEndPage) |
8123 | 285k | nOffsetEndPage = nLastStripOffset; |
8124 | 1.60M | if (nOffsetStartPage >= nOffsetEndPage) |
8125 | 0 | { |
8126 | 0 | TIFFErrorExtR(tif, module, "Cannot read offset/size for strile %d", |
8127 | 0 | strile); |
8128 | 0 | panVals[strile] = 0; |
8129 | 0 | return 0; |
8130 | 0 | } |
8131 | 1.60M | if (!SeekOK(tif, nOffsetStartPage)) |
8132 | 0 | { |
8133 | 0 | panVals[strile] = 0; |
8134 | 0 | return 0; |
8135 | 0 | } |
8136 | | |
8137 | 1.60M | nToRead = (tmsize_t)(nOffsetEndPage - nOffsetStartPage); |
8138 | 1.60M | nRead = TIFFReadFile(tif, buffer, nToRead); |
8139 | 1.60M | if (nRead < nToRead) |
8140 | 412k | { |
8141 | 412k | TIFFErrorExtR(tif, module, |
8142 | 412k | "Cannot read offset/size for strile around ~%d", strile); |
8143 | 412k | return 0; |
8144 | 412k | } |
8145 | 1.19M | iStartBefore = -(int)((nOffset - nOffsetStartPage) / sizeofval); |
8146 | 1.19M | if (strile + iStartBefore < 0) |
8147 | 263k | iStartBefore = -strile; |
8148 | 1.19M | for (i = iStartBefore; |
8149 | 553M | (uint32_t)(strile + i) < arraySize && |
8150 | 553M | _TIFFUnsanitizedAddUInt64AndInt(nOffset, (i + 1) * sizeofvalint) <= |
8151 | 553M | nOffsetEndPage; |
8152 | 552M | ++i) |
8153 | 552M | { |
8154 | 552M | if (dirent->tdir_type == TIFF_SHORT) |
8155 | 18.1M | { |
8156 | 18.1M | uint16_t val; |
8157 | 18.1M | memcpy(&val, |
8158 | 18.1M | buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, |
8159 | 18.1M | sizeof(val)); |
8160 | 18.1M | if (bSwab) |
8161 | 19.5k | TIFFSwabShort(&val); |
8162 | 18.1M | panVals[strile + i] = val; |
8163 | 18.1M | } |
8164 | 534M | else if (dirent->tdir_type == TIFF_LONG) |
8165 | 2.58M | { |
8166 | 2.58M | uint32_t val; |
8167 | 2.58M | memcpy(&val, |
8168 | 2.58M | buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, |
8169 | 2.58M | sizeof(val)); |
8170 | 2.58M | if (bSwab) |
8171 | 11.9k | TIFFSwabLong(&val); |
8172 | 2.58M | panVals[strile + i] = val; |
8173 | 2.58M | } |
8174 | 531M | else if (dirent->tdir_type == TIFF_LONG8) |
8175 | 172M | { |
8176 | 172M | uint64_t val; |
8177 | 172M | memcpy(&val, |
8178 | 172M | buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, |
8179 | 172M | sizeof(val)); |
8180 | 172M | if (bSwab) |
8181 | 270k | TIFFSwabLong8(&val); |
8182 | 172M | panVals[strile + i] = val; |
8183 | 172M | } |
8184 | 359M | else /* if( dirent->tdir_type == TIFF_SLONG8 ) */ |
8185 | 359M | { |
8186 | | /* Non conformant data type */ |
8187 | 359M | int64_t val; |
8188 | 359M | memcpy(&val, |
8189 | 359M | buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, |
8190 | 359M | sizeof(val)); |
8191 | 359M | if (bSwab) |
8192 | 4.53k | TIFFSwabLong8((uint64_t *)&val); |
8193 | 359M | panVals[strile + i] = (uint64_t)val; |
8194 | 359M | } |
8195 | 552M | } |
8196 | 1.19M | return 1; |
8197 | 1.60M | } |
8198 | | |
8199 | | static int _TIFFFetchStrileValue(TIFF *tif, uint32_t strile, |
8200 | | TIFFDirEntry *dirent, uint64_t **parray) |
8201 | 10.3M | { |
8202 | 10.3M | static const char module[] = "_TIFFFetchStrileValue"; |
8203 | 10.3M | TIFFDirectory *td = &tif->tif_dir; |
8204 | 10.3M | if (strile >= dirent->tdir_count) |
8205 | 43.5k | { |
8206 | 43.5k | return 0; |
8207 | 43.5k | } |
8208 | 10.3M | if (strile >= td->td_stripoffsetbyteallocsize) |
8209 | 195k | { |
8210 | 195k | uint32_t nStripArrayAllocBefore = td->td_stripoffsetbyteallocsize; |
8211 | 195k | uint32_t nStripArrayAllocNew; |
8212 | 195k | uint64_t nArraySize64; |
8213 | 195k | size_t nArraySize; |
8214 | 195k | uint64_t *offsetArray; |
8215 | 195k | uint64_t *bytecountArray; |
8216 | | |
8217 | 195k | if (strile > 1000000) |
8218 | 384 | { |
8219 | 384 | uint64_t filesize = TIFFGetFileSize(tif); |
8220 | | /* Avoid excessive memory allocation attempt */ |
8221 | | /* For such a big blockid we need at least a TIFF_LONG per strile */ |
8222 | | /* for the offset array. */ |
8223 | 384 | if (strile > filesize / sizeof(uint32_t)) |
8224 | 384 | { |
8225 | 384 | TIFFErrorExtR(tif, module, "File too short"); |
8226 | 384 | return 0; |
8227 | 384 | } |
8228 | 384 | } |
8229 | | |
8230 | 195k | if (td->td_stripoffsetbyteallocsize == 0 && |
8231 | 195k | td->td_nstrips < 1024 * 1024) |
8232 | 193k | { |
8233 | 193k | nStripArrayAllocNew = td->td_nstrips; |
8234 | 193k | } |
8235 | 1.77k | else |
8236 | 1.77k | { |
8237 | 1.77k | #define TIFF_MAX(a, b) (((a) > (b)) ? (a) : (b)) |
8238 | 1.77k | #define TIFF_MIN(a, b) (((a) < (b)) ? (a) : (b)) |
8239 | 1.77k | nStripArrayAllocNew = TIFF_MAX(strile + 1, 1024U * 512U); |
8240 | 1.77k | if (nStripArrayAllocNew < 0xFFFFFFFFU / 2) |
8241 | 1.77k | nStripArrayAllocNew *= 2; |
8242 | 1.77k | nStripArrayAllocNew = TIFF_MIN(nStripArrayAllocNew, td->td_nstrips); |
8243 | 1.77k | } |
8244 | 195k | assert(strile < nStripArrayAllocNew); |
8245 | 195k | nArraySize64 = (uint64_t)sizeof(uint64_t) * nStripArrayAllocNew; |
8246 | 195k | nArraySize = (size_t)(nArraySize64); |
8247 | | #if SIZEOF_SIZE_T == 4 |
8248 | | if (nArraySize != nArraySize64) |
8249 | | { |
8250 | | TIFFErrorExtR(tif, module, |
8251 | | "Cannot allocate strip offset and bytecount arrays"); |
8252 | | return 0; |
8253 | | } |
8254 | | #endif |
8255 | 195k | offsetArray = (uint64_t *)(_TIFFreallocExt(tif, td->td_stripoffset_p, |
8256 | 195k | nArraySize)); |
8257 | 195k | bytecountArray = (uint64_t *)(_TIFFreallocExt( |
8258 | 195k | tif, td->td_stripbytecount_p, nArraySize)); |
8259 | 195k | if (offsetArray) |
8260 | 195k | td->td_stripoffset_p = offsetArray; |
8261 | 195k | if (bytecountArray) |
8262 | 195k | td->td_stripbytecount_p = bytecountArray; |
8263 | 195k | if (offsetArray && bytecountArray) |
8264 | 195k | { |
8265 | 195k | td->td_stripoffsetbyteallocsize = nStripArrayAllocNew; |
8266 | | /* Initialize new entries to ~0 / -1 */ |
8267 | | /* coverity[overrun-buffer-arg] */ |
8268 | 195k | memset(td->td_stripoffset_p + nStripArrayAllocBefore, 0xFF, |
8269 | 195k | (td->td_stripoffsetbyteallocsize - nStripArrayAllocBefore) * |
8270 | 195k | sizeof(uint64_t)); |
8271 | | /* coverity[overrun-buffer-arg] */ |
8272 | 195k | memset(td->td_stripbytecount_p + nStripArrayAllocBefore, 0xFF, |
8273 | 195k | (td->td_stripoffsetbyteallocsize - nStripArrayAllocBefore) * |
8274 | 195k | sizeof(uint64_t)); |
8275 | 195k | } |
8276 | 0 | else |
8277 | 0 | { |
8278 | 0 | TIFFErrorExtR(tif, module, |
8279 | 0 | "Cannot allocate strip offset and bytecount arrays"); |
8280 | 0 | _TIFFfreeExt(tif, td->td_stripoffset_p); |
8281 | 0 | td->td_stripoffset_p = NULL; |
8282 | 0 | _TIFFfreeExt(tif, td->td_stripbytecount_p); |
8283 | 0 | td->td_stripbytecount_p = NULL; |
8284 | 0 | td->td_stripoffsetbyteallocsize = 0; |
8285 | 0 | } |
8286 | 195k | } |
8287 | 10.3M | if (*parray == NULL || strile >= td->td_stripoffsetbyteallocsize) |
8288 | 0 | return 0; |
8289 | | |
8290 | 10.3M | if (~((*parray)[strile]) == 0) |
8291 | 2.00M | { |
8292 | 2.00M | if (!_TIFFPartialReadStripArray(tif, dirent, strile, *parray)) |
8293 | 810k | { |
8294 | 810k | (*parray)[strile] = 0; |
8295 | 810k | return 0; |
8296 | 810k | } |
8297 | 2.00M | } |
8298 | | |
8299 | 9.49M | return 1; |
8300 | 10.3M | } |
8301 | | |
8302 | | static uint64_t _TIFFGetStrileOffsetOrByteCountValue(TIFF *tif, uint32_t strile, |
8303 | | TIFFDirEntry *dirent, |
8304 | | uint64_t **parray, |
8305 | | int *pbErr) |
8306 | 21.5M | { |
8307 | 21.5M | TIFFDirectory *td = &tif->tif_dir; |
8308 | 21.5M | if (pbErr) |
8309 | 10.2M | *pbErr = 0; |
8310 | 21.5M | if ((tif->tif_flags & TIFF_DEFERSTRILELOAD) && |
8311 | 21.5M | !(tif->tif_flags & TIFF_CHOPPEDUPARRAYS)) |
8312 | 19.7M | { |
8313 | 19.7M | if (!(tif->tif_flags & TIFF_LAZYSTRILELOAD) || |
8314 | | /* If the values may fit in the toff_long/toff_long8 member */ |
8315 | | /* then use _TIFFFillStriles to simplify _TIFFFetchStrileValue */ |
8316 | 19.7M | dirent->tdir_count <= 4) |
8317 | 9.37M | { |
8318 | 9.37M | if (!_TIFFFillStriles(tif)) |
8319 | 403k | { |
8320 | 403k | if (pbErr) |
8321 | 69.9k | *pbErr = 1; |
8322 | | /* Do not return, as we want this function to always */ |
8323 | | /* return the same value if called several times with */ |
8324 | | /* the same arguments */ |
8325 | 403k | } |
8326 | 9.37M | } |
8327 | 10.3M | else |
8328 | 10.3M | { |
8329 | 10.3M | if (!_TIFFFetchStrileValue(tif, strile, dirent, parray)) |
8330 | 854k | { |
8331 | 854k | if (pbErr) |
8332 | 72.4k | *pbErr = 1; |
8333 | 854k | return 0; |
8334 | 854k | } |
8335 | 10.3M | } |
8336 | 19.7M | } |
8337 | 20.7M | if (*parray == NULL || strile >= td->td_nstrips) |
8338 | 308k | { |
8339 | 308k | if (pbErr) |
8340 | 25.0k | *pbErr = 1; |
8341 | 308k | return 0; |
8342 | 308k | } |
8343 | 20.3M | return (*parray)[strile]; |
8344 | 20.7M | } |
8345 | | |
8346 | | /* Return the value of the TileOffsets/StripOffsets array for the specified |
8347 | | * tile/strile */ |
8348 | | uint64_t TIFFGetStrileOffset(TIFF *tif, uint32_t strile) |
8349 | 2.94M | { |
8350 | 2.94M | return TIFFGetStrileOffsetWithErr(tif, strile, NULL); |
8351 | 2.94M | } |
8352 | | |
8353 | | /* Return the value of the TileOffsets/StripOffsets array for the specified |
8354 | | * tile/strile */ |
8355 | | uint64_t TIFFGetStrileOffsetWithErr(TIFF *tif, uint32_t strile, int *pbErr) |
8356 | 6.48M | { |
8357 | 6.48M | TIFFDirectory *td = &tif->tif_dir; |
8358 | 6.48M | return _TIFFGetStrileOffsetOrByteCountValue(tif, strile, |
8359 | 6.48M | &(td->td_stripoffset_entry), |
8360 | 6.48M | &(td->td_stripoffset_p), pbErr); |
8361 | 6.48M | } |
8362 | | |
8363 | | /* Return the value of the TileByteCounts/StripByteCounts array for the |
8364 | | * specified tile/strile */ |
8365 | | uint64_t TIFFGetStrileByteCount(TIFF *tif, uint32_t strile) |
8366 | 8.33M | { |
8367 | 8.33M | return TIFFGetStrileByteCountWithErr(tif, strile, NULL); |
8368 | 8.33M | } |
8369 | | |
8370 | | /* Return the value of the TileByteCounts/StripByteCounts array for the |
8371 | | * specified tile/strile */ |
8372 | | uint64_t TIFFGetStrileByteCountWithErr(TIFF *tif, uint32_t strile, int *pbErr) |
8373 | 15.0M | { |
8374 | 15.0M | TIFFDirectory *td = &tif->tif_dir; |
8375 | 15.0M | return _TIFFGetStrileOffsetOrByteCountValue( |
8376 | 15.0M | tif, strile, &(td->td_stripbytecount_entry), &(td->td_stripbytecount_p), |
8377 | 15.0M | pbErr); |
8378 | 15.0M | } |
8379 | | |
8380 | 11.4M | int _TIFFFillStriles(TIFF *tif) { return _TIFFFillStrilesInternal(tif, 1); } |
8381 | | |
8382 | | static int _TIFFFillStrilesInternal(TIFF *tif, int loadStripByteCount) |
8383 | 11.6M | { |
8384 | 11.6M | register TIFFDirectory *td = &tif->tif_dir; |
8385 | 11.6M | int return_value = 1; |
8386 | | |
8387 | | /* Do not do anything if TIFF_DEFERSTRILELOAD is not set */ |
8388 | 11.6M | if (!(tif->tif_flags & TIFF_DEFERSTRILELOAD) || |
8389 | 11.6M | (tif->tif_flags & TIFF_CHOPPEDUPARRAYS) != 0) |
8390 | 2.11M | return 1; |
8391 | | |
8392 | 9.55M | if (tif->tif_flags & TIFF_LAZYSTRILELOAD) |
8393 | 149k | { |
8394 | | /* In case of lazy loading, reload completely the arrays */ |
8395 | 149k | _TIFFfreeExt(tif, td->td_stripoffset_p); |
8396 | 149k | _TIFFfreeExt(tif, td->td_stripbytecount_p); |
8397 | 149k | td->td_stripoffset_p = NULL; |
8398 | 149k | td->td_stripbytecount_p = NULL; |
8399 | 149k | td->td_stripoffsetbyteallocsize = 0; |
8400 | 149k | tif->tif_flags &= ~TIFF_LAZYSTRILELOAD; |
8401 | 149k | } |
8402 | | |
8403 | | /* If stripoffset array is already loaded, exit with success */ |
8404 | 9.55M | if (td->td_stripoffset_p != NULL) |
8405 | 8.92M | return 1; |
8406 | | |
8407 | | /* If tdir_count was canceled, then we already got there, but in error */ |
8408 | 636k | if (td->td_stripoffset_entry.tdir_count == 0) |
8409 | 334k | return 0; |
8410 | | |
8411 | 301k | if (!TIFFFetchStripThing(tif, &(td->td_stripoffset_entry), td->td_nstrips, |
8412 | 301k | &td->td_stripoffset_p)) |
8413 | 46.4k | { |
8414 | 46.4k | return_value = 0; |
8415 | 46.4k | } |
8416 | | |
8417 | 301k | if (loadStripByteCount && |
8418 | 301k | !TIFFFetchStripThing(tif, &(td->td_stripbytecount_entry), |
8419 | 164k | td->td_nstrips, &td->td_stripbytecount_p)) |
8420 | 55.8k | { |
8421 | 55.8k | return_value = 0; |
8422 | 55.8k | } |
8423 | | |
8424 | 301k | _TIFFmemset(&(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry)); |
8425 | 301k | _TIFFmemset(&(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry)); |
8426 | | |
8427 | | #ifdef STRIPBYTECOUNTSORTED_UNUSED |
8428 | | if (tif->tif_dir.td_nstrips > 1 && return_value == 1) |
8429 | | { |
8430 | | uint32_t strip; |
8431 | | |
8432 | | tif->tif_dir.td_stripbytecountsorted = 1; |
8433 | | for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) |
8434 | | { |
8435 | | if (tif->tif_dir.td_stripoffset_p[strip - 1] > |
8436 | | tif->tif_dir.td_stripoffset_p[strip]) |
8437 | | { |
8438 | | tif->tif_dir.td_stripbytecountsorted = 0; |
8439 | | break; |
8440 | | } |
8441 | | } |
8442 | | } |
8443 | | #endif |
8444 | | |
8445 | 301k | return return_value; |
8446 | 636k | } |