/src/ghostpdl/tiff/libtiff/tif_dirread.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright (c) 1988-1997 Sam Leffler |
3 | | * Copyright (c) 1991-1997 Silicon Graphics, Inc. |
4 | | * |
5 | | * Permission to use, copy, modify, distribute, and sell this software and |
6 | | * its documentation for any purpose is hereby granted without fee, provided |
7 | | * that (i) the above copyright notices and this permission notice appear in |
8 | | * all copies of the software and related documentation, and (ii) the names of |
9 | | * Sam Leffler and Silicon Graphics may not be used in any advertising or |
10 | | * publicity relating to the software without the specific, prior written |
11 | | * permission of Sam Leffler and Silicon Graphics. |
12 | | * |
13 | | * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, |
14 | | * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY |
15 | | * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. |
16 | | * |
17 | | * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR |
18 | | * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, |
19 | | * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, |
20 | | * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF |
21 | | * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE |
22 | | * OF THIS SOFTWARE. |
23 | | */ |
24 | | |
25 | | /* |
26 | | * TIFF Library. |
27 | | * |
28 | | * Directory Read Support Routines. |
29 | | */ |
30 | | |
31 | | /* Suggested pending improvements: |
32 | | * - add a field 'field_info' to the TIFFDirEntry structure, and set that with |
33 | | * the pointer to the appropriate TIFFField structure early on in |
34 | | * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup. |
35 | | */ |
36 | | |
37 | | #include "tiffconf.h" |
38 | | #include "tiffiop.h" |
39 | | #include <float.h> |
40 | | #include <stdlib.h> |
41 | | |
42 | 0 | #define FAILED_FII ((uint32_t) -1) |
43 | | |
44 | | #ifdef HAVE_IEEEFP |
45 | | # define TIFFCvtIEEEFloatToNative(tif, n, fp) |
46 | | # define TIFFCvtIEEEDoubleToNative(tif, n, dp) |
47 | | #else |
48 | | extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32_t, float*); |
49 | | extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32_t, double*); |
50 | | #endif |
51 | | |
52 | | enum TIFFReadDirEntryErr { |
53 | | TIFFReadDirEntryErrOk = 0, |
54 | | TIFFReadDirEntryErrCount = 1, |
55 | | TIFFReadDirEntryErrType = 2, |
56 | | TIFFReadDirEntryErrIo = 3, |
57 | | TIFFReadDirEntryErrRange = 4, |
58 | | TIFFReadDirEntryErrPsdif = 5, |
59 | | TIFFReadDirEntryErrSizesan = 6, |
60 | | TIFFReadDirEntryErrAlloc = 7, |
61 | | }; |
62 | | |
63 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8_t* value); |
64 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16_t* value); |
65 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32_t* value); |
66 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64_t* value); |
67 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value); |
68 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value); |
69 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64_t* value); |
70 | | |
71 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32_t* count, uint32_t desttypesize, void** value); |
72 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8_t** value); |
73 | | static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8_t** value); |
74 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16_t** value); |
75 | | static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16_t** value); |
76 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32_t** value); |
77 | | static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32_t** value); |
78 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64_t** value); |
79 | | static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64_t** value); |
80 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value); |
81 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value); |
82 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64_t** value); |
83 | | |
84 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16_t* value); |
85 | | #if 0 |
86 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value); |
87 | | #endif |
88 | | |
89 | | static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8_t* value); |
90 | | static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8_t* value); |
91 | | static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16_t* value); |
92 | | static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16_t* value); |
93 | | static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32_t* value); |
94 | | static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32_t* value); |
95 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64_t* value); |
96 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64_t* value); |
97 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value); |
98 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value); |
99 | | static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value); |
100 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value); |
101 | | |
102 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8_t value); |
103 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16_t value); |
104 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16_t value); |
105 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32_t value); |
106 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32_t value); |
107 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64_t value); |
108 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64_t value); |
109 | | |
110 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8_t value); |
111 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16_t value); |
112 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16_t value); |
113 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32_t value); |
114 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32_t value); |
115 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64_t value); |
116 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64_t value); |
117 | | |
118 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8_t value); |
119 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16_t value); |
120 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32_t value); |
121 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32_t value); |
122 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64_t value); |
123 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64_t value); |
124 | | |
125 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16_t value); |
126 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32_t value); |
127 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32_t value); |
128 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64_t value); |
129 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64_t value); |
130 | | |
131 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8_t value); |
132 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16_t value); |
133 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32_t value); |
134 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongLong8(uint64_t value); |
135 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong8(int64_t value); |
136 | | |
137 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong(uint32_t value); |
138 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong8(uint64_t value); |
139 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongSlong8(int64_t value); |
140 | | |
141 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sbyte(int8_t value); |
142 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sshort(int16_t value); |
143 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong(int32_t value); |
144 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong8(int64_t value); |
145 | | |
146 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlong8Long8(uint64_t value); |
147 | | |
148 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF* tif, uint64_t offset, tmsize_t size, void* dest); |
149 | | static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover); |
150 | | |
151 | | static void TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16_t dircount); |
152 | | static TIFFDirEntry* TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16_t dircount, uint16_t tagid); |
153 | | static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16_t tagid, uint32_t* fii); |
154 | | |
155 | | static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16_t dircount); |
156 | | static void MissingRequired(TIFF*, const char*); |
157 | | static int TIFFCheckDirOffset(TIFF* tif, uint64_t diroff); |
158 | | static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32_t); |
159 | | static uint16_t TIFFFetchDirectory(TIFF* tif, uint64_t diroff, TIFFDirEntry** pdir, uint64_t* nextdiroff); |
160 | | static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover); |
161 | | static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** lpp); |
162 | | static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*); |
163 | | static void ChopUpSingleUncompressedStrip(TIFF*); |
164 | | static void TryChopUpUncompressedBigTiff(TIFF*); |
165 | | static uint64_t TIFFReadUInt64(const uint8_t *value); |
166 | | static int _TIFFGetMaxColorChannels(uint16_t photometric); |
167 | | |
168 | | static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount ); |
169 | | |
170 | | typedef union _UInt64Aligned_t |
171 | | { |
172 | | double d; |
173 | | uint64_t l; |
174 | | uint32_t i[2]; |
175 | | uint16_t s[4]; |
176 | | uint8_t c[8]; |
177 | | } UInt64Aligned_t; |
178 | | |
179 | | /* |
180 | | Unaligned safe copy of a uint64_t value from an octet array. |
181 | | */ |
182 | | static uint64_t TIFFReadUInt64(const uint8_t *value) |
183 | 0 | { |
184 | 0 | UInt64Aligned_t result; |
185 | |
|
186 | 0 | result.c[0]=value[0]; |
187 | 0 | result.c[1]=value[1]; |
188 | 0 | result.c[2]=value[2]; |
189 | 0 | result.c[3]=value[3]; |
190 | 0 | result.c[4]=value[4]; |
191 | 0 | result.c[5]=value[5]; |
192 | 0 | result.c[6]=value[6]; |
193 | 0 | result.c[7]=value[7]; |
194 | |
|
195 | 0 | return result.l; |
196 | 0 | } |
197 | | |
198 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8_t* value) |
199 | 0 | { |
200 | 0 | enum TIFFReadDirEntryErr err; |
201 | 0 | if (direntry->tdir_count!=1) |
202 | 0 | return(TIFFReadDirEntryErrCount); |
203 | 0 | switch (direntry->tdir_type) |
204 | 0 | { |
205 | 0 | case TIFF_BYTE: |
206 | 0 | case TIFF_UNDEFINED: /* Support to read TIFF_UNDEFINED with field_readcount==1 */ |
207 | 0 | TIFFReadDirEntryCheckedByte(tif,direntry,value); |
208 | 0 | return(TIFFReadDirEntryErrOk); |
209 | 0 | case TIFF_SBYTE: |
210 | 0 | { |
211 | 0 | int8_t m; |
212 | 0 | TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); |
213 | 0 | err=TIFFReadDirEntryCheckRangeByteSbyte(m); |
214 | 0 | if (err!=TIFFReadDirEntryErrOk) |
215 | 0 | return(err); |
216 | 0 | *value=(uint8_t)m; |
217 | 0 | return(TIFFReadDirEntryErrOk); |
218 | 0 | } |
219 | 0 | case TIFF_SHORT: |
220 | 0 | { |
221 | 0 | uint16_t m; |
222 | 0 | TIFFReadDirEntryCheckedShort(tif,direntry,&m); |
223 | 0 | err=TIFFReadDirEntryCheckRangeByteShort(m); |
224 | 0 | if (err!=TIFFReadDirEntryErrOk) |
225 | 0 | return(err); |
226 | 0 | *value=(uint8_t)m; |
227 | 0 | return(TIFFReadDirEntryErrOk); |
228 | 0 | } |
229 | 0 | case TIFF_SSHORT: |
230 | 0 | { |
231 | 0 | int16_t m; |
232 | 0 | TIFFReadDirEntryCheckedSshort(tif,direntry,&m); |
233 | 0 | err=TIFFReadDirEntryCheckRangeByteSshort(m); |
234 | 0 | if (err!=TIFFReadDirEntryErrOk) |
235 | 0 | return(err); |
236 | 0 | *value=(uint8_t)m; |
237 | 0 | return(TIFFReadDirEntryErrOk); |
238 | 0 | } |
239 | 0 | case TIFF_LONG: |
240 | 0 | { |
241 | 0 | uint32_t m; |
242 | 0 | TIFFReadDirEntryCheckedLong(tif,direntry,&m); |
243 | 0 | err=TIFFReadDirEntryCheckRangeByteLong(m); |
244 | 0 | if (err!=TIFFReadDirEntryErrOk) |
245 | 0 | return(err); |
246 | 0 | *value=(uint8_t)m; |
247 | 0 | return(TIFFReadDirEntryErrOk); |
248 | 0 | } |
249 | 0 | case TIFF_SLONG: |
250 | 0 | { |
251 | 0 | int32_t m; |
252 | 0 | TIFFReadDirEntryCheckedSlong(tif,direntry,&m); |
253 | 0 | err=TIFFReadDirEntryCheckRangeByteSlong(m); |
254 | 0 | if (err!=TIFFReadDirEntryErrOk) |
255 | 0 | return(err); |
256 | 0 | *value=(uint8_t)m; |
257 | 0 | return(TIFFReadDirEntryErrOk); |
258 | 0 | } |
259 | 0 | case TIFF_LONG8: |
260 | 0 | { |
261 | 0 | uint64_t m; |
262 | 0 | err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); |
263 | 0 | if (err!=TIFFReadDirEntryErrOk) |
264 | 0 | return(err); |
265 | 0 | err=TIFFReadDirEntryCheckRangeByteLong8(m); |
266 | 0 | if (err!=TIFFReadDirEntryErrOk) |
267 | 0 | return(err); |
268 | 0 | *value=(uint8_t)m; |
269 | 0 | return(TIFFReadDirEntryErrOk); |
270 | 0 | } |
271 | 0 | case TIFF_SLONG8: |
272 | 0 | { |
273 | 0 | int64_t m; |
274 | 0 | err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); |
275 | 0 | if (err!=TIFFReadDirEntryErrOk) |
276 | 0 | return(err); |
277 | 0 | err=TIFFReadDirEntryCheckRangeByteSlong8(m); |
278 | 0 | if (err!=TIFFReadDirEntryErrOk) |
279 | 0 | return(err); |
280 | 0 | *value=(uint8_t)m; |
281 | 0 | return(TIFFReadDirEntryErrOk); |
282 | 0 | } |
283 | 0 | default: |
284 | 0 | return(TIFFReadDirEntryErrType); |
285 | 0 | } |
286 | 0 | } |
287 | | |
288 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16_t* value) |
289 | 0 | { |
290 | 0 | enum TIFFReadDirEntryErr err; |
291 | 0 | if (direntry->tdir_count!=1) |
292 | 0 | return(TIFFReadDirEntryErrCount); |
293 | 0 | switch (direntry->tdir_type) |
294 | 0 | { |
295 | 0 | case TIFF_BYTE: |
296 | 0 | { |
297 | 0 | uint8_t m; |
298 | 0 | TIFFReadDirEntryCheckedByte(tif,direntry,&m); |
299 | 0 | *value=(uint16_t)m; |
300 | 0 | return(TIFFReadDirEntryErrOk); |
301 | 0 | } |
302 | 0 | case TIFF_SBYTE: |
303 | 0 | { |
304 | 0 | int8_t m; |
305 | 0 | TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); |
306 | 0 | err=TIFFReadDirEntryCheckRangeShortSbyte(m); |
307 | 0 | if (err!=TIFFReadDirEntryErrOk) |
308 | 0 | return(err); |
309 | 0 | *value=(uint16_t)m; |
310 | 0 | return(TIFFReadDirEntryErrOk); |
311 | 0 | } |
312 | 0 | case TIFF_SHORT: |
313 | 0 | TIFFReadDirEntryCheckedShort(tif,direntry,value); |
314 | 0 | return(TIFFReadDirEntryErrOk); |
315 | 0 | case TIFF_SSHORT: |
316 | 0 | { |
317 | 0 | int16_t m; |
318 | 0 | TIFFReadDirEntryCheckedSshort(tif,direntry,&m); |
319 | 0 | err=TIFFReadDirEntryCheckRangeShortSshort(m); |
320 | 0 | if (err!=TIFFReadDirEntryErrOk) |
321 | 0 | return(err); |
322 | 0 | *value=(uint16_t)m; |
323 | 0 | return(TIFFReadDirEntryErrOk); |
324 | 0 | } |
325 | 0 | case TIFF_LONG: |
326 | 0 | { |
327 | 0 | uint32_t m; |
328 | 0 | TIFFReadDirEntryCheckedLong(tif,direntry,&m); |
329 | 0 | err=TIFFReadDirEntryCheckRangeShortLong(m); |
330 | 0 | if (err!=TIFFReadDirEntryErrOk) |
331 | 0 | return(err); |
332 | 0 | *value=(uint16_t)m; |
333 | 0 | return(TIFFReadDirEntryErrOk); |
334 | 0 | } |
335 | 0 | case TIFF_SLONG: |
336 | 0 | { |
337 | 0 | int32_t m; |
338 | 0 | TIFFReadDirEntryCheckedSlong(tif,direntry,&m); |
339 | 0 | err=TIFFReadDirEntryCheckRangeShortSlong(m); |
340 | 0 | if (err!=TIFFReadDirEntryErrOk) |
341 | 0 | return(err); |
342 | 0 | *value=(uint16_t)m; |
343 | 0 | return(TIFFReadDirEntryErrOk); |
344 | 0 | } |
345 | 0 | case TIFF_LONG8: |
346 | 0 | { |
347 | 0 | uint64_t m; |
348 | 0 | err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); |
349 | 0 | if (err!=TIFFReadDirEntryErrOk) |
350 | 0 | return(err); |
351 | 0 | err=TIFFReadDirEntryCheckRangeShortLong8(m); |
352 | 0 | if (err!=TIFFReadDirEntryErrOk) |
353 | 0 | return(err); |
354 | 0 | *value=(uint16_t)m; |
355 | 0 | return(TIFFReadDirEntryErrOk); |
356 | 0 | } |
357 | 0 | case TIFF_SLONG8: |
358 | 0 | { |
359 | 0 | int64_t m; |
360 | 0 | err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); |
361 | 0 | if (err!=TIFFReadDirEntryErrOk) |
362 | 0 | return(err); |
363 | 0 | err=TIFFReadDirEntryCheckRangeShortSlong8(m); |
364 | 0 | if (err!=TIFFReadDirEntryErrOk) |
365 | 0 | return(err); |
366 | 0 | *value=(uint16_t)m; |
367 | 0 | return(TIFFReadDirEntryErrOk); |
368 | 0 | } |
369 | 0 | default: |
370 | 0 | return(TIFFReadDirEntryErrType); |
371 | 0 | } |
372 | 0 | } |
373 | | |
374 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32_t* value) |
375 | 0 | { |
376 | 0 | enum TIFFReadDirEntryErr err; |
377 | 0 | if (direntry->tdir_count!=1) |
378 | 0 | return(TIFFReadDirEntryErrCount); |
379 | 0 | switch (direntry->tdir_type) |
380 | 0 | { |
381 | 0 | case TIFF_BYTE: |
382 | 0 | { |
383 | 0 | uint8_t m; |
384 | 0 | TIFFReadDirEntryCheckedByte(tif,direntry,&m); |
385 | 0 | *value=(uint32_t)m; |
386 | 0 | return(TIFFReadDirEntryErrOk); |
387 | 0 | } |
388 | 0 | case TIFF_SBYTE: |
389 | 0 | { |
390 | 0 | int8_t m; |
391 | 0 | TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); |
392 | 0 | err=TIFFReadDirEntryCheckRangeLongSbyte(m); |
393 | 0 | if (err!=TIFFReadDirEntryErrOk) |
394 | 0 | return(err); |
395 | 0 | *value=(uint32_t)m; |
396 | 0 | return(TIFFReadDirEntryErrOk); |
397 | 0 | } |
398 | 0 | case TIFF_SHORT: |
399 | 0 | { |
400 | 0 | uint16_t m; |
401 | 0 | TIFFReadDirEntryCheckedShort(tif,direntry,&m); |
402 | 0 | *value=(uint32_t)m; |
403 | 0 | return(TIFFReadDirEntryErrOk); |
404 | 0 | } |
405 | 0 | case TIFF_SSHORT: |
406 | 0 | { |
407 | 0 | int16_t m; |
408 | 0 | TIFFReadDirEntryCheckedSshort(tif,direntry,&m); |
409 | 0 | err=TIFFReadDirEntryCheckRangeLongSshort(m); |
410 | 0 | if (err!=TIFFReadDirEntryErrOk) |
411 | 0 | return(err); |
412 | 0 | *value=(uint32_t)m; |
413 | 0 | return(TIFFReadDirEntryErrOk); |
414 | 0 | } |
415 | 0 | case TIFF_LONG: |
416 | 0 | TIFFReadDirEntryCheckedLong(tif,direntry,value); |
417 | 0 | return(TIFFReadDirEntryErrOk); |
418 | 0 | case TIFF_SLONG: |
419 | 0 | { |
420 | 0 | int32_t m; |
421 | 0 | TIFFReadDirEntryCheckedSlong(tif,direntry,&m); |
422 | 0 | err=TIFFReadDirEntryCheckRangeLongSlong(m); |
423 | 0 | if (err!=TIFFReadDirEntryErrOk) |
424 | 0 | return(err); |
425 | 0 | *value=(uint32_t)m; |
426 | 0 | return(TIFFReadDirEntryErrOk); |
427 | 0 | } |
428 | 0 | case TIFF_LONG8: |
429 | 0 | { |
430 | 0 | uint64_t m; |
431 | 0 | err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); |
432 | 0 | if (err!=TIFFReadDirEntryErrOk) |
433 | 0 | return(err); |
434 | 0 | err=TIFFReadDirEntryCheckRangeLongLong8(m); |
435 | 0 | if (err!=TIFFReadDirEntryErrOk) |
436 | 0 | return(err); |
437 | 0 | *value=(uint32_t)m; |
438 | 0 | return(TIFFReadDirEntryErrOk); |
439 | 0 | } |
440 | 0 | case TIFF_SLONG8: |
441 | 0 | { |
442 | 0 | int64_t m; |
443 | 0 | err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); |
444 | 0 | if (err!=TIFFReadDirEntryErrOk) |
445 | 0 | return(err); |
446 | 0 | err=TIFFReadDirEntryCheckRangeLongSlong8(m); |
447 | 0 | if (err!=TIFFReadDirEntryErrOk) |
448 | 0 | return(err); |
449 | 0 | *value=(uint32_t)m; |
450 | 0 | return(TIFFReadDirEntryErrOk); |
451 | 0 | } |
452 | 0 | default: |
453 | 0 | return(TIFFReadDirEntryErrType); |
454 | 0 | } |
455 | 0 | } |
456 | | |
457 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64_t* value) |
458 | 0 | { |
459 | 0 | enum TIFFReadDirEntryErr err; |
460 | 0 | if (direntry->tdir_count!=1) |
461 | 0 | return(TIFFReadDirEntryErrCount); |
462 | 0 | switch (direntry->tdir_type) |
463 | 0 | { |
464 | 0 | case TIFF_BYTE: |
465 | 0 | { |
466 | 0 | uint8_t m; |
467 | 0 | TIFFReadDirEntryCheckedByte(tif,direntry,&m); |
468 | 0 | *value=(uint64_t)m; |
469 | 0 | return(TIFFReadDirEntryErrOk); |
470 | 0 | } |
471 | 0 | case TIFF_SBYTE: |
472 | 0 | { |
473 | 0 | int8_t m; |
474 | 0 | TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); |
475 | 0 | err=TIFFReadDirEntryCheckRangeLong8Sbyte(m); |
476 | 0 | if (err!=TIFFReadDirEntryErrOk) |
477 | 0 | return(err); |
478 | 0 | *value=(uint64_t)m; |
479 | 0 | return(TIFFReadDirEntryErrOk); |
480 | 0 | } |
481 | 0 | case TIFF_SHORT: |
482 | 0 | { |
483 | 0 | uint16_t m; |
484 | 0 | TIFFReadDirEntryCheckedShort(tif,direntry,&m); |
485 | 0 | *value=(uint64_t)m; |
486 | 0 | return(TIFFReadDirEntryErrOk); |
487 | 0 | } |
488 | 0 | case TIFF_SSHORT: |
489 | 0 | { |
490 | 0 | int16_t m; |
491 | 0 | TIFFReadDirEntryCheckedSshort(tif,direntry,&m); |
492 | 0 | err=TIFFReadDirEntryCheckRangeLong8Sshort(m); |
493 | 0 | if (err!=TIFFReadDirEntryErrOk) |
494 | 0 | return(err); |
495 | 0 | *value=(uint64_t)m; |
496 | 0 | return(TIFFReadDirEntryErrOk); |
497 | 0 | } |
498 | 0 | case TIFF_LONG: |
499 | 0 | { |
500 | 0 | uint32_t m; |
501 | 0 | TIFFReadDirEntryCheckedLong(tif,direntry,&m); |
502 | 0 | *value=(uint64_t)m; |
503 | 0 | return(TIFFReadDirEntryErrOk); |
504 | 0 | } |
505 | 0 | case TIFF_SLONG: |
506 | 0 | { |
507 | 0 | int32_t m; |
508 | 0 | TIFFReadDirEntryCheckedSlong(tif,direntry,&m); |
509 | 0 | err=TIFFReadDirEntryCheckRangeLong8Slong(m); |
510 | 0 | if (err!=TIFFReadDirEntryErrOk) |
511 | 0 | return(err); |
512 | 0 | *value=(uint64_t)m; |
513 | 0 | return(TIFFReadDirEntryErrOk); |
514 | 0 | } |
515 | 0 | case TIFF_LONG8: |
516 | 0 | err=TIFFReadDirEntryCheckedLong8(tif,direntry,value); |
517 | 0 | return(err); |
518 | 0 | case TIFF_SLONG8: |
519 | 0 | { |
520 | 0 | int64_t m; |
521 | 0 | err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); |
522 | 0 | if (err!=TIFFReadDirEntryErrOk) |
523 | 0 | return(err); |
524 | 0 | err=TIFFReadDirEntryCheckRangeLong8Slong8(m); |
525 | 0 | if (err!=TIFFReadDirEntryErrOk) |
526 | 0 | return(err); |
527 | 0 | *value=(uint64_t)m; |
528 | 0 | return(TIFFReadDirEntryErrOk); |
529 | 0 | } |
530 | 0 | default: |
531 | 0 | return(TIFFReadDirEntryErrType); |
532 | 0 | } |
533 | 0 | } |
534 | | |
535 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value) |
536 | 0 | { |
537 | 0 | enum TIFFReadDirEntryErr err; |
538 | 0 | if (direntry->tdir_count!=1) |
539 | 0 | return(TIFFReadDirEntryErrCount); |
540 | 0 | switch (direntry->tdir_type) |
541 | 0 | { |
542 | 0 | case TIFF_BYTE: |
543 | 0 | { |
544 | 0 | uint8_t m; |
545 | 0 | TIFFReadDirEntryCheckedByte(tif,direntry,&m); |
546 | 0 | *value=(float)m; |
547 | 0 | return(TIFFReadDirEntryErrOk); |
548 | 0 | } |
549 | 0 | case TIFF_SBYTE: |
550 | 0 | { |
551 | 0 | int8_t m; |
552 | 0 | TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); |
553 | 0 | *value=(float)m; |
554 | 0 | return(TIFFReadDirEntryErrOk); |
555 | 0 | } |
556 | 0 | case TIFF_SHORT: |
557 | 0 | { |
558 | 0 | uint16_t m; |
559 | 0 | TIFFReadDirEntryCheckedShort(tif,direntry,&m); |
560 | 0 | *value=(float)m; |
561 | 0 | return(TIFFReadDirEntryErrOk); |
562 | 0 | } |
563 | 0 | case TIFF_SSHORT: |
564 | 0 | { |
565 | 0 | int16_t m; |
566 | 0 | TIFFReadDirEntryCheckedSshort(tif,direntry,&m); |
567 | 0 | *value=(float)m; |
568 | 0 | return(TIFFReadDirEntryErrOk); |
569 | 0 | } |
570 | 0 | case TIFF_LONG: |
571 | 0 | { |
572 | 0 | uint32_t m; |
573 | 0 | TIFFReadDirEntryCheckedLong(tif,direntry,&m); |
574 | 0 | *value=(float)m; |
575 | 0 | return(TIFFReadDirEntryErrOk); |
576 | 0 | } |
577 | 0 | case TIFF_SLONG: |
578 | 0 | { |
579 | 0 | int32_t m; |
580 | 0 | TIFFReadDirEntryCheckedSlong(tif,direntry,&m); |
581 | 0 | *value=(float)m; |
582 | 0 | return(TIFFReadDirEntryErrOk); |
583 | 0 | } |
584 | 0 | case TIFF_LONG8: |
585 | 0 | { |
586 | 0 | uint64_t m; |
587 | 0 | err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); |
588 | 0 | if (err!=TIFFReadDirEntryErrOk) |
589 | 0 | return(err); |
590 | | #if defined(__WIN32__) && (_MSC_VER < 1500) |
591 | | /* |
592 | | * XXX: MSVC 6.0 does not support conversion |
593 | | * of 64-bit integers into floating point |
594 | | * values. |
595 | | */ |
596 | | *value = _TIFFUInt64ToFloat(m); |
597 | | #else |
598 | 0 | *value=(float)m; |
599 | 0 | #endif |
600 | 0 | return(TIFFReadDirEntryErrOk); |
601 | 0 | } |
602 | 0 | case TIFF_SLONG8: |
603 | 0 | { |
604 | 0 | int64_t m; |
605 | 0 | err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); |
606 | 0 | if (err!=TIFFReadDirEntryErrOk) |
607 | 0 | return(err); |
608 | 0 | *value=(float)m; |
609 | 0 | return(TIFFReadDirEntryErrOk); |
610 | 0 | } |
611 | 0 | case TIFF_RATIONAL: |
612 | 0 | { |
613 | 0 | double m; |
614 | 0 | err=TIFFReadDirEntryCheckedRational(tif,direntry,&m); |
615 | 0 | if (err!=TIFFReadDirEntryErrOk) |
616 | 0 | return(err); |
617 | 0 | *value=(float)m; |
618 | 0 | return(TIFFReadDirEntryErrOk); |
619 | 0 | } |
620 | 0 | case TIFF_SRATIONAL: |
621 | 0 | { |
622 | 0 | double m; |
623 | 0 | err=TIFFReadDirEntryCheckedSrational(tif,direntry,&m); |
624 | 0 | if (err!=TIFFReadDirEntryErrOk) |
625 | 0 | return(err); |
626 | 0 | *value=(float)m; |
627 | 0 | return(TIFFReadDirEntryErrOk); |
628 | 0 | } |
629 | 0 | case TIFF_FLOAT: |
630 | 0 | TIFFReadDirEntryCheckedFloat(tif,direntry,value); |
631 | 0 | return(TIFFReadDirEntryErrOk); |
632 | 0 | case TIFF_DOUBLE: |
633 | 0 | { |
634 | 0 | double m; |
635 | 0 | err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m); |
636 | 0 | if (err!=TIFFReadDirEntryErrOk) |
637 | 0 | return(err); |
638 | 0 | if ((m > FLT_MAX) || (m < -FLT_MAX)) |
639 | 0 | return(TIFFReadDirEntryErrRange); |
640 | 0 | *value=(float)m; |
641 | 0 | return(TIFFReadDirEntryErrOk); |
642 | 0 | } |
643 | 0 | default: |
644 | 0 | return(TIFFReadDirEntryErrType); |
645 | 0 | } |
646 | 0 | } |
647 | | |
648 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value) |
649 | 0 | { |
650 | 0 | enum TIFFReadDirEntryErr err; |
651 | 0 | if (direntry->tdir_count!=1) |
652 | 0 | return(TIFFReadDirEntryErrCount); |
653 | 0 | switch (direntry->tdir_type) |
654 | 0 | { |
655 | 0 | case TIFF_BYTE: |
656 | 0 | { |
657 | 0 | uint8_t m; |
658 | 0 | TIFFReadDirEntryCheckedByte(tif,direntry,&m); |
659 | 0 | *value=(double)m; |
660 | 0 | return(TIFFReadDirEntryErrOk); |
661 | 0 | } |
662 | 0 | case TIFF_SBYTE: |
663 | 0 | { |
664 | 0 | int8_t m; |
665 | 0 | TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); |
666 | 0 | *value=(double)m; |
667 | 0 | return(TIFFReadDirEntryErrOk); |
668 | 0 | } |
669 | 0 | case TIFF_SHORT: |
670 | 0 | { |
671 | 0 | uint16_t m; |
672 | 0 | TIFFReadDirEntryCheckedShort(tif,direntry,&m); |
673 | 0 | *value=(double)m; |
674 | 0 | return(TIFFReadDirEntryErrOk); |
675 | 0 | } |
676 | 0 | case TIFF_SSHORT: |
677 | 0 | { |
678 | 0 | int16_t m; |
679 | 0 | TIFFReadDirEntryCheckedSshort(tif,direntry,&m); |
680 | 0 | *value=(double)m; |
681 | 0 | return(TIFFReadDirEntryErrOk); |
682 | 0 | } |
683 | 0 | case TIFF_LONG: |
684 | 0 | { |
685 | 0 | uint32_t m; |
686 | 0 | TIFFReadDirEntryCheckedLong(tif,direntry,&m); |
687 | 0 | *value=(double)m; |
688 | 0 | return(TIFFReadDirEntryErrOk); |
689 | 0 | } |
690 | 0 | case TIFF_SLONG: |
691 | 0 | { |
692 | 0 | int32_t m; |
693 | 0 | TIFFReadDirEntryCheckedSlong(tif,direntry,&m); |
694 | 0 | *value=(double)m; |
695 | 0 | return(TIFFReadDirEntryErrOk); |
696 | 0 | } |
697 | 0 | case TIFF_LONG8: |
698 | 0 | { |
699 | 0 | uint64_t m; |
700 | 0 | err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); |
701 | 0 | if (err!=TIFFReadDirEntryErrOk) |
702 | 0 | return(err); |
703 | | #if defined(__WIN32__) && (_MSC_VER < 1500) |
704 | | /* |
705 | | * XXX: MSVC 6.0 does not support conversion |
706 | | * of 64-bit integers into floating point |
707 | | * values. |
708 | | */ |
709 | | *value = _TIFFUInt64ToDouble(m); |
710 | | #else |
711 | 0 | *value = (double)m; |
712 | 0 | #endif |
713 | 0 | return(TIFFReadDirEntryErrOk); |
714 | 0 | } |
715 | 0 | case TIFF_SLONG8: |
716 | 0 | { |
717 | 0 | int64_t m; |
718 | 0 | err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); |
719 | 0 | if (err!=TIFFReadDirEntryErrOk) |
720 | 0 | return(err); |
721 | 0 | *value=(double)m; |
722 | 0 | return(TIFFReadDirEntryErrOk); |
723 | 0 | } |
724 | 0 | case TIFF_RATIONAL: |
725 | 0 | err=TIFFReadDirEntryCheckedRational(tif,direntry,value); |
726 | 0 | return(err); |
727 | 0 | case TIFF_SRATIONAL: |
728 | 0 | err=TIFFReadDirEntryCheckedSrational(tif,direntry,value); |
729 | 0 | return(err); |
730 | 0 | case TIFF_FLOAT: |
731 | 0 | { |
732 | 0 | float m; |
733 | 0 | TIFFReadDirEntryCheckedFloat(tif,direntry,&m); |
734 | 0 | *value=(double)m; |
735 | 0 | return(TIFFReadDirEntryErrOk); |
736 | 0 | } |
737 | 0 | case TIFF_DOUBLE: |
738 | 0 | err=TIFFReadDirEntryCheckedDouble(tif,direntry,value); |
739 | 0 | return(err); |
740 | 0 | default: |
741 | 0 | return(TIFFReadDirEntryErrType); |
742 | 0 | } |
743 | 0 | } |
744 | | |
745 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64_t* value) |
746 | 0 | { |
747 | 0 | enum TIFFReadDirEntryErr err; |
748 | 0 | if (direntry->tdir_count!=1) |
749 | 0 | return(TIFFReadDirEntryErrCount); |
750 | 0 | switch (direntry->tdir_type) |
751 | 0 | { |
752 | 0 | case TIFF_LONG: |
753 | 0 | case TIFF_IFD: |
754 | 0 | { |
755 | 0 | uint32_t m; |
756 | 0 | TIFFReadDirEntryCheckedLong(tif,direntry,&m); |
757 | 0 | *value=(uint64_t)m; |
758 | 0 | return(TIFFReadDirEntryErrOk); |
759 | 0 | } |
760 | 0 | case TIFF_LONG8: |
761 | 0 | case TIFF_IFD8: |
762 | 0 | err=TIFFReadDirEntryCheckedLong8(tif,direntry,value); |
763 | 0 | return(err); |
764 | 0 | default: |
765 | 0 | return(TIFFReadDirEntryErrType); |
766 | 0 | } |
767 | 0 | } |
768 | | |
769 | | |
770 | 0 | #define INITIAL_THRESHOLD (1024 * 1024) |
771 | 0 | #define THRESHOLD_MULTIPLIER 10 |
772 | 0 | #define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD) |
773 | | |
774 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryDataAndRealloc( |
775 | | TIFF* tif, uint64_t offset, tmsize_t size, void** pdest) |
776 | 0 | { |
777 | 0 | #if SIZEOF_SIZE_T == 8 |
778 | 0 | tmsize_t threshold = INITIAL_THRESHOLD; |
779 | 0 | #endif |
780 | 0 | tmsize_t already_read = 0; |
781 | |
|
782 | 0 | assert( !isMapped(tif) ); |
783 | |
|
784 | 0 | if (!SeekOK(tif,offset)) |
785 | 0 | return(TIFFReadDirEntryErrIo); |
786 | | |
787 | | /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */ |
788 | | /* so as to avoid allocating too much memory in case the file is too */ |
789 | | /* short. We could ask for the file size, but this might be */ |
790 | | /* expensive with some I/O layers (think of reading a gzipped file) */ |
791 | | /* Restrict to 64 bit processes, so as to avoid reallocs() */ |
792 | | /* on 32 bit processes where virtual memory is scarce. */ |
793 | 0 | while( already_read < size ) |
794 | 0 | { |
795 | 0 | void* new_dest; |
796 | 0 | tmsize_t bytes_read; |
797 | 0 | tmsize_t to_read = size - already_read; |
798 | 0 | #if SIZEOF_SIZE_T == 8 |
799 | 0 | if( to_read >= threshold && threshold < MAX_THRESHOLD ) |
800 | 0 | { |
801 | 0 | to_read = threshold; |
802 | 0 | threshold *= THRESHOLD_MULTIPLIER; |
803 | 0 | } |
804 | 0 | #endif |
805 | |
|
806 | 0 | new_dest = (uint8_t*) _TIFFrealloc( |
807 | 0 | *pdest, already_read + to_read); |
808 | 0 | if( new_dest == NULL ) |
809 | 0 | { |
810 | 0 | TIFFErrorExt(tif->tif_clientdata, tif->tif_name, |
811 | 0 | "Failed to allocate memory for %s " |
812 | 0 | "(%"TIFF_SSIZE_FORMAT" elements of %"TIFF_SSIZE_FORMAT" bytes each)", |
813 | 0 | "TIFFReadDirEntryArray", |
814 | 0 | (tmsize_t) 1, already_read + to_read); |
815 | 0 | return TIFFReadDirEntryErrAlloc; |
816 | 0 | } |
817 | 0 | *pdest = new_dest; |
818 | |
|
819 | 0 | bytes_read = TIFFReadFile(tif, |
820 | 0 | (char*)*pdest + already_read, to_read); |
821 | 0 | already_read += bytes_read; |
822 | 0 | if (bytes_read != to_read) { |
823 | 0 | return TIFFReadDirEntryErrIo; |
824 | 0 | } |
825 | 0 | } |
826 | 0 | return TIFFReadDirEntryErrOk; |
827 | 0 | } |
828 | | |
829 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryArrayWithLimit( |
830 | | TIFF* tif, TIFFDirEntry* direntry, uint32_t* count, uint32_t desttypesize, |
831 | | void** value, uint64_t maxcount) |
832 | 0 | { |
833 | 0 | int typesize; |
834 | 0 | uint32_t datasize; |
835 | 0 | void* data; |
836 | 0 | uint64_t target_count64; |
837 | 0 | int original_datasize_clamped; |
838 | 0 | typesize=TIFFDataWidth(direntry->tdir_type); |
839 | |
|
840 | 0 | target_count64 = (direntry->tdir_count > maxcount) ? |
841 | 0 | maxcount : direntry->tdir_count; |
842 | |
|
843 | 0 | if ((target_count64==0)||(typesize==0)) |
844 | 0 | { |
845 | 0 | *value=0; |
846 | 0 | return(TIFFReadDirEntryErrOk); |
847 | 0 | } |
848 | 0 | (void) desttypesize; |
849 | | |
850 | | /* We just want to know if the original tag size is more than 4 bytes |
851 | | * (classic TIFF) or 8 bytes (BigTIFF) |
852 | | */ |
853 | 0 | original_datasize_clamped = |
854 | 0 | ((direntry->tdir_count > 10) ? 10 : (int)direntry->tdir_count) * typesize; |
855 | | |
856 | | /* |
857 | | * As a sanity check, make sure we have no more than a 2GB tag array |
858 | | * in either the current data type or the dest data type. This also |
859 | | * avoids problems with overflow of tmsize_t on 32bit systems. |
860 | | */ |
861 | 0 | if ((uint64_t)(2147483647 / typesize) < target_count64) |
862 | 0 | return(TIFFReadDirEntryErrSizesan); |
863 | 0 | if ((uint64_t)(2147483647 / desttypesize) < target_count64) |
864 | 0 | return(TIFFReadDirEntryErrSizesan); |
865 | | |
866 | 0 | *count=(uint32_t)target_count64; |
867 | 0 | datasize=(*count)*typesize; |
868 | 0 | assert((tmsize_t)datasize>0); |
869 | |
|
870 | 0 | if( isMapped(tif) && datasize > (uint64_t)tif->tif_size ) |
871 | 0 | return TIFFReadDirEntryErrIo; |
872 | | |
873 | 0 | if( !isMapped(tif) && |
874 | 0 | (((tif->tif_flags&TIFF_BIGTIFF) && datasize > 8) || |
875 | 0 | (!(tif->tif_flags&TIFF_BIGTIFF) && datasize > 4)) ) |
876 | 0 | { |
877 | 0 | data = NULL; |
878 | 0 | } |
879 | 0 | else |
880 | 0 | { |
881 | 0 | data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray"); |
882 | 0 | if (data==0) |
883 | 0 | return(TIFFReadDirEntryErrAlloc); |
884 | 0 | } |
885 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
886 | 0 | { |
887 | | /* Only the condition on original_datasize_clamped. The second |
888 | | * one is implied, but Coverity Scan cannot see it. */ |
889 | 0 | if (original_datasize_clamped<=4 && datasize <= 4 ) |
890 | 0 | _TIFFmemcpy(data,&direntry->tdir_offset,datasize); |
891 | 0 | else |
892 | 0 | { |
893 | 0 | enum TIFFReadDirEntryErr err; |
894 | 0 | uint32_t offset = direntry->tdir_offset.toff_long; |
895 | 0 | if (tif->tif_flags&TIFF_SWAB) |
896 | 0 | TIFFSwabLong(&offset); |
897 | 0 | if( isMapped(tif) ) |
898 | 0 | err=TIFFReadDirEntryData(tif, (uint64_t)offset, (tmsize_t)datasize, data); |
899 | 0 | else |
900 | 0 | err=TIFFReadDirEntryDataAndRealloc(tif, (uint64_t)offset, (tmsize_t)datasize, &data); |
901 | 0 | if (err!=TIFFReadDirEntryErrOk) |
902 | 0 | { |
903 | 0 | _TIFFfree(data); |
904 | 0 | return(err); |
905 | 0 | } |
906 | 0 | } |
907 | 0 | } |
908 | 0 | else |
909 | 0 | { |
910 | | /* See above comment for the Classic TIFF case */ |
911 | 0 | if (original_datasize_clamped<=8 && datasize <= 8 ) |
912 | 0 | _TIFFmemcpy(data,&direntry->tdir_offset,datasize); |
913 | 0 | else |
914 | 0 | { |
915 | 0 | enum TIFFReadDirEntryErr err; |
916 | 0 | uint64_t offset = direntry->tdir_offset.toff_long8; |
917 | 0 | if (tif->tif_flags&TIFF_SWAB) |
918 | 0 | TIFFSwabLong8(&offset); |
919 | 0 | if( isMapped(tif) ) |
920 | 0 | err=TIFFReadDirEntryData(tif, (uint64_t)offset, (tmsize_t)datasize, data); |
921 | 0 | else |
922 | 0 | err=TIFFReadDirEntryDataAndRealloc(tif, (uint64_t)offset, (tmsize_t)datasize, &data); |
923 | 0 | if (err!=TIFFReadDirEntryErrOk) |
924 | 0 | { |
925 | 0 | _TIFFfree(data); |
926 | 0 | return(err); |
927 | 0 | } |
928 | 0 | } |
929 | 0 | } |
930 | 0 | *value=data; |
931 | 0 | return(TIFFReadDirEntryErrOk); |
932 | 0 | } |
933 | | |
934 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32_t* count, uint32_t desttypesize, void** value) |
935 | 0 | { |
936 | 0 | return TIFFReadDirEntryArrayWithLimit(tif, direntry, count, |
937 | 0 | desttypesize, value, ~((uint64_t)0)); |
938 | 0 | } |
939 | | |
940 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8_t** value) |
941 | 0 | { |
942 | 0 | enum TIFFReadDirEntryErr err; |
943 | 0 | uint32_t count; |
944 | 0 | void* origdata; |
945 | 0 | uint8_t* data; |
946 | 0 | switch (direntry->tdir_type) |
947 | 0 | { |
948 | 0 | case TIFF_ASCII: |
949 | 0 | case TIFF_UNDEFINED: |
950 | 0 | case TIFF_BYTE: |
951 | 0 | case TIFF_SBYTE: |
952 | 0 | case TIFF_SHORT: |
953 | 0 | case TIFF_SSHORT: |
954 | 0 | case TIFF_LONG: |
955 | 0 | case TIFF_SLONG: |
956 | 0 | case TIFF_LONG8: |
957 | 0 | case TIFF_SLONG8: |
958 | 0 | break; |
959 | 0 | default: |
960 | 0 | return(TIFFReadDirEntryErrType); |
961 | 0 | } |
962 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata); |
963 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
964 | 0 | { |
965 | 0 | *value=0; |
966 | 0 | return(err); |
967 | 0 | } |
968 | 0 | switch (direntry->tdir_type) |
969 | 0 | { |
970 | 0 | case TIFF_ASCII: |
971 | 0 | case TIFF_UNDEFINED: |
972 | 0 | case TIFF_BYTE: |
973 | 0 | *value=(uint8_t*)origdata; |
974 | 0 | return(TIFFReadDirEntryErrOk); |
975 | 0 | case TIFF_SBYTE: |
976 | 0 | { |
977 | 0 | int8_t* m; |
978 | 0 | uint32_t n; |
979 | 0 | m=(int8_t*)origdata; |
980 | 0 | for (n=0; n<count; n++) |
981 | 0 | { |
982 | 0 | err=TIFFReadDirEntryCheckRangeByteSbyte(*m); |
983 | 0 | if (err!=TIFFReadDirEntryErrOk) |
984 | 0 | { |
985 | 0 | _TIFFfree(origdata); |
986 | 0 | return(err); |
987 | 0 | } |
988 | 0 | m++; |
989 | 0 | } |
990 | 0 | *value=(uint8_t*)origdata; |
991 | 0 | return(TIFFReadDirEntryErrOk); |
992 | 0 | } |
993 | 0 | } |
994 | 0 | data=(uint8_t*)_TIFFmalloc(count); |
995 | 0 | if (data==0) |
996 | 0 | { |
997 | 0 | _TIFFfree(origdata); |
998 | 0 | return(TIFFReadDirEntryErrAlloc); |
999 | 0 | } |
1000 | 0 | switch (direntry->tdir_type) |
1001 | 0 | { |
1002 | 0 | case TIFF_SHORT: |
1003 | 0 | { |
1004 | 0 | uint16_t* ma; |
1005 | 0 | uint8_t* mb; |
1006 | 0 | uint32_t n; |
1007 | 0 | ma=(uint16_t*)origdata; |
1008 | 0 | mb=data; |
1009 | 0 | for (n=0; n<count; n++) |
1010 | 0 | { |
1011 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1012 | 0 | TIFFSwabShort(ma); |
1013 | 0 | err=TIFFReadDirEntryCheckRangeByteShort(*ma); |
1014 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1015 | 0 | break; |
1016 | 0 | *mb++=(uint8_t)(*ma++); |
1017 | 0 | } |
1018 | 0 | } |
1019 | 0 | break; |
1020 | 0 | case TIFF_SSHORT: |
1021 | 0 | { |
1022 | 0 | int16_t* ma; |
1023 | 0 | uint8_t* mb; |
1024 | 0 | uint32_t n; |
1025 | 0 | ma=(int16_t*)origdata; |
1026 | 0 | mb=data; |
1027 | 0 | for (n=0; n<count; n++) |
1028 | 0 | { |
1029 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1030 | 0 | TIFFSwabShort((uint16_t*)ma); |
1031 | 0 | err=TIFFReadDirEntryCheckRangeByteSshort(*ma); |
1032 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1033 | 0 | break; |
1034 | 0 | *mb++=(uint8_t)(*ma++); |
1035 | 0 | } |
1036 | 0 | } |
1037 | 0 | break; |
1038 | 0 | case TIFF_LONG: |
1039 | 0 | { |
1040 | 0 | uint32_t* ma; |
1041 | 0 | uint8_t* mb; |
1042 | 0 | uint32_t n; |
1043 | 0 | ma=(uint32_t*)origdata; |
1044 | 0 | mb=data; |
1045 | 0 | for (n=0; n<count; n++) |
1046 | 0 | { |
1047 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1048 | 0 | TIFFSwabLong(ma); |
1049 | 0 | err=TIFFReadDirEntryCheckRangeByteLong(*ma); |
1050 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1051 | 0 | break; |
1052 | 0 | *mb++=(uint8_t)(*ma++); |
1053 | 0 | } |
1054 | 0 | } |
1055 | 0 | break; |
1056 | 0 | case TIFF_SLONG: |
1057 | 0 | { |
1058 | 0 | int32_t* ma; |
1059 | 0 | uint8_t* mb; |
1060 | 0 | uint32_t n; |
1061 | 0 | ma=(int32_t*)origdata; |
1062 | 0 | mb=data; |
1063 | 0 | for (n=0; n<count; n++) |
1064 | 0 | { |
1065 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1066 | 0 | TIFFSwabLong((uint32_t*)ma); |
1067 | 0 | err=TIFFReadDirEntryCheckRangeByteSlong(*ma); |
1068 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1069 | 0 | break; |
1070 | 0 | *mb++=(uint8_t)(*ma++); |
1071 | 0 | } |
1072 | 0 | } |
1073 | 0 | break; |
1074 | 0 | case TIFF_LONG8: |
1075 | 0 | { |
1076 | 0 | uint64_t* ma; |
1077 | 0 | uint8_t* mb; |
1078 | 0 | uint32_t n; |
1079 | 0 | ma=(uint64_t*)origdata; |
1080 | 0 | mb=data; |
1081 | 0 | for (n=0; n<count; n++) |
1082 | 0 | { |
1083 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1084 | 0 | TIFFSwabLong8(ma); |
1085 | 0 | err=TIFFReadDirEntryCheckRangeByteLong8(*ma); |
1086 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1087 | 0 | break; |
1088 | 0 | *mb++=(uint8_t)(*ma++); |
1089 | 0 | } |
1090 | 0 | } |
1091 | 0 | break; |
1092 | 0 | case TIFF_SLONG8: |
1093 | 0 | { |
1094 | 0 | int64_t* ma; |
1095 | 0 | uint8_t* mb; |
1096 | 0 | uint32_t n; |
1097 | 0 | ma=(int64_t*)origdata; |
1098 | 0 | mb=data; |
1099 | 0 | for (n=0; n<count; n++) |
1100 | 0 | { |
1101 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1102 | 0 | TIFFSwabLong8((uint64_t*)ma); |
1103 | 0 | err=TIFFReadDirEntryCheckRangeByteSlong8(*ma); |
1104 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1105 | 0 | break; |
1106 | 0 | *mb++=(uint8_t)(*ma++); |
1107 | 0 | } |
1108 | 0 | } |
1109 | 0 | break; |
1110 | 0 | } |
1111 | 0 | _TIFFfree(origdata); |
1112 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1113 | 0 | { |
1114 | 0 | _TIFFfree(data); |
1115 | 0 | return(err); |
1116 | 0 | } |
1117 | 0 | *value=data; |
1118 | 0 | return(TIFFReadDirEntryErrOk); |
1119 | 0 | } |
1120 | | |
1121 | | static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8_t** value) |
1122 | 0 | { |
1123 | 0 | enum TIFFReadDirEntryErr err; |
1124 | 0 | uint32_t count; |
1125 | 0 | void* origdata; |
1126 | 0 | int8_t* data; |
1127 | 0 | switch (direntry->tdir_type) |
1128 | 0 | { |
1129 | 0 | case TIFF_UNDEFINED: |
1130 | 0 | case TIFF_BYTE: |
1131 | 0 | case TIFF_SBYTE: |
1132 | 0 | case TIFF_SHORT: |
1133 | 0 | case TIFF_SSHORT: |
1134 | 0 | case TIFF_LONG: |
1135 | 0 | case TIFF_SLONG: |
1136 | 0 | case TIFF_LONG8: |
1137 | 0 | case TIFF_SLONG8: |
1138 | 0 | break; |
1139 | 0 | default: |
1140 | 0 | return(TIFFReadDirEntryErrType); |
1141 | 0 | } |
1142 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata); |
1143 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
1144 | 0 | { |
1145 | 0 | *value=0; |
1146 | 0 | return(err); |
1147 | 0 | } |
1148 | 0 | switch (direntry->tdir_type) |
1149 | 0 | { |
1150 | 0 | case TIFF_UNDEFINED: |
1151 | 0 | case TIFF_BYTE: |
1152 | 0 | { |
1153 | 0 | uint8_t* m; |
1154 | 0 | uint32_t n; |
1155 | 0 | m=(uint8_t*)origdata; |
1156 | 0 | for (n=0; n<count; n++) |
1157 | 0 | { |
1158 | 0 | err=TIFFReadDirEntryCheckRangeSbyteByte(*m); |
1159 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1160 | 0 | { |
1161 | 0 | _TIFFfree(origdata); |
1162 | 0 | return(err); |
1163 | 0 | } |
1164 | 0 | m++; |
1165 | 0 | } |
1166 | 0 | *value=(int8_t*)origdata; |
1167 | 0 | return(TIFFReadDirEntryErrOk); |
1168 | 0 | } |
1169 | 0 | case TIFF_SBYTE: |
1170 | 0 | *value=(int8_t*)origdata; |
1171 | 0 | return(TIFFReadDirEntryErrOk); |
1172 | 0 | } |
1173 | 0 | data=(int8_t*)_TIFFmalloc(count); |
1174 | 0 | if (data==0) |
1175 | 0 | { |
1176 | 0 | _TIFFfree(origdata); |
1177 | 0 | return(TIFFReadDirEntryErrAlloc); |
1178 | 0 | } |
1179 | 0 | switch (direntry->tdir_type) |
1180 | 0 | { |
1181 | 0 | case TIFF_SHORT: |
1182 | 0 | { |
1183 | 0 | uint16_t* ma; |
1184 | 0 | int8_t* mb; |
1185 | 0 | uint32_t n; |
1186 | 0 | ma=(uint16_t*)origdata; |
1187 | 0 | mb=data; |
1188 | 0 | for (n=0; n<count; n++) |
1189 | 0 | { |
1190 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1191 | 0 | TIFFSwabShort(ma); |
1192 | 0 | err=TIFFReadDirEntryCheckRangeSbyteShort(*ma); |
1193 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1194 | 0 | break; |
1195 | 0 | *mb++=(int8_t)(*ma++); |
1196 | 0 | } |
1197 | 0 | } |
1198 | 0 | break; |
1199 | 0 | case TIFF_SSHORT: |
1200 | 0 | { |
1201 | 0 | int16_t* ma; |
1202 | 0 | int8_t* mb; |
1203 | 0 | uint32_t n; |
1204 | 0 | ma=(int16_t*)origdata; |
1205 | 0 | mb=data; |
1206 | 0 | for (n=0; n<count; n++) |
1207 | 0 | { |
1208 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1209 | 0 | TIFFSwabShort((uint16_t*)ma); |
1210 | 0 | err=TIFFReadDirEntryCheckRangeSbyteSshort(*ma); |
1211 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1212 | 0 | break; |
1213 | 0 | *mb++=(int8_t)(*ma++); |
1214 | 0 | } |
1215 | 0 | } |
1216 | 0 | break; |
1217 | 0 | case TIFF_LONG: |
1218 | 0 | { |
1219 | 0 | uint32_t* ma; |
1220 | 0 | int8_t* mb; |
1221 | 0 | uint32_t n; |
1222 | 0 | ma=(uint32_t*)origdata; |
1223 | 0 | mb=data; |
1224 | 0 | for (n=0; n<count; n++) |
1225 | 0 | { |
1226 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1227 | 0 | TIFFSwabLong(ma); |
1228 | 0 | err=TIFFReadDirEntryCheckRangeSbyteLong(*ma); |
1229 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1230 | 0 | break; |
1231 | 0 | *mb++=(int8_t)(*ma++); |
1232 | 0 | } |
1233 | 0 | } |
1234 | 0 | break; |
1235 | 0 | case TIFF_SLONG: |
1236 | 0 | { |
1237 | 0 | int32_t* ma; |
1238 | 0 | int8_t* mb; |
1239 | 0 | uint32_t n; |
1240 | 0 | ma=(int32_t*)origdata; |
1241 | 0 | mb=data; |
1242 | 0 | for (n=0; n<count; n++) |
1243 | 0 | { |
1244 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1245 | 0 | TIFFSwabLong((uint32_t*)ma); |
1246 | 0 | err=TIFFReadDirEntryCheckRangeSbyteSlong(*ma); |
1247 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1248 | 0 | break; |
1249 | 0 | *mb++=(int8_t)(*ma++); |
1250 | 0 | } |
1251 | 0 | } |
1252 | 0 | break; |
1253 | 0 | case TIFF_LONG8: |
1254 | 0 | { |
1255 | 0 | uint64_t* ma; |
1256 | 0 | int8_t* mb; |
1257 | 0 | uint32_t n; |
1258 | 0 | ma=(uint64_t*)origdata; |
1259 | 0 | mb=data; |
1260 | 0 | for (n=0; n<count; n++) |
1261 | 0 | { |
1262 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1263 | 0 | TIFFSwabLong8(ma); |
1264 | 0 | err=TIFFReadDirEntryCheckRangeSbyteLong8(*ma); |
1265 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1266 | 0 | break; |
1267 | 0 | *mb++=(int8_t)(*ma++); |
1268 | 0 | } |
1269 | 0 | } |
1270 | 0 | break; |
1271 | 0 | case TIFF_SLONG8: |
1272 | 0 | { |
1273 | 0 | int64_t* ma; |
1274 | 0 | int8_t* mb; |
1275 | 0 | uint32_t n; |
1276 | 0 | ma=(int64_t*)origdata; |
1277 | 0 | mb=data; |
1278 | 0 | for (n=0; n<count; n++) |
1279 | 0 | { |
1280 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1281 | 0 | TIFFSwabLong8((uint64_t*)ma); |
1282 | 0 | err=TIFFReadDirEntryCheckRangeSbyteSlong8(*ma); |
1283 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1284 | 0 | break; |
1285 | 0 | *mb++=(int8_t)(*ma++); |
1286 | 0 | } |
1287 | 0 | } |
1288 | 0 | break; |
1289 | 0 | } |
1290 | 0 | _TIFFfree(origdata); |
1291 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1292 | 0 | { |
1293 | 0 | _TIFFfree(data); |
1294 | 0 | return(err); |
1295 | 0 | } |
1296 | 0 | *value=data; |
1297 | 0 | return(TIFFReadDirEntryErrOk); |
1298 | 0 | } |
1299 | | |
1300 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16_t** value) |
1301 | 0 | { |
1302 | 0 | enum TIFFReadDirEntryErr err; |
1303 | 0 | uint32_t count; |
1304 | 0 | void* origdata; |
1305 | 0 | uint16_t* data; |
1306 | 0 | switch (direntry->tdir_type) |
1307 | 0 | { |
1308 | 0 | case TIFF_BYTE: |
1309 | 0 | case TIFF_SBYTE: |
1310 | 0 | case TIFF_SHORT: |
1311 | 0 | case TIFF_SSHORT: |
1312 | 0 | case TIFF_LONG: |
1313 | 0 | case TIFF_SLONG: |
1314 | 0 | case TIFF_LONG8: |
1315 | 0 | case TIFF_SLONG8: |
1316 | 0 | break; |
1317 | 0 | default: |
1318 | 0 | return(TIFFReadDirEntryErrType); |
1319 | 0 | } |
1320 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata); |
1321 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
1322 | 0 | { |
1323 | 0 | *value=0; |
1324 | 0 | return(err); |
1325 | 0 | } |
1326 | 0 | switch (direntry->tdir_type) |
1327 | 0 | { |
1328 | 0 | case TIFF_SHORT: |
1329 | 0 | *value=(uint16_t*)origdata; |
1330 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1331 | 0 | TIFFSwabArrayOfShort(*value,count); |
1332 | 0 | return(TIFFReadDirEntryErrOk); |
1333 | 0 | case TIFF_SSHORT: |
1334 | 0 | { |
1335 | 0 | int16_t* m; |
1336 | 0 | uint32_t n; |
1337 | 0 | m=(int16_t*)origdata; |
1338 | 0 | for (n=0; n<count; n++) |
1339 | 0 | { |
1340 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1341 | 0 | TIFFSwabShort((uint16_t*)m); |
1342 | 0 | err=TIFFReadDirEntryCheckRangeShortSshort(*m); |
1343 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1344 | 0 | { |
1345 | 0 | _TIFFfree(origdata); |
1346 | 0 | return(err); |
1347 | 0 | } |
1348 | 0 | m++; |
1349 | 0 | } |
1350 | 0 | *value=(uint16_t*)origdata; |
1351 | 0 | return(TIFFReadDirEntryErrOk); |
1352 | 0 | } |
1353 | 0 | } |
1354 | 0 | data=(uint16_t*)_TIFFmalloc(count * 2); |
1355 | 0 | if (data==0) |
1356 | 0 | { |
1357 | 0 | _TIFFfree(origdata); |
1358 | 0 | return(TIFFReadDirEntryErrAlloc); |
1359 | 0 | } |
1360 | 0 | switch (direntry->tdir_type) |
1361 | 0 | { |
1362 | 0 | case TIFF_BYTE: |
1363 | 0 | { |
1364 | 0 | uint8_t* ma; |
1365 | 0 | uint16_t* mb; |
1366 | 0 | uint32_t n; |
1367 | 0 | ma=(uint8_t*)origdata; |
1368 | 0 | mb=data; |
1369 | 0 | for (n=0; n<count; n++) |
1370 | 0 | *mb++=(uint16_t)(*ma++); |
1371 | 0 | } |
1372 | 0 | break; |
1373 | 0 | case TIFF_SBYTE: |
1374 | 0 | { |
1375 | 0 | int8_t* ma; |
1376 | 0 | uint16_t* mb; |
1377 | 0 | uint32_t n; |
1378 | 0 | ma=(int8_t*)origdata; |
1379 | 0 | mb=data; |
1380 | 0 | for (n=0; n<count; n++) |
1381 | 0 | { |
1382 | 0 | err=TIFFReadDirEntryCheckRangeShortSbyte(*ma); |
1383 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1384 | 0 | break; |
1385 | 0 | *mb++=(uint16_t)(*ma++); |
1386 | 0 | } |
1387 | 0 | } |
1388 | 0 | break; |
1389 | 0 | case TIFF_LONG: |
1390 | 0 | { |
1391 | 0 | uint32_t* ma; |
1392 | 0 | uint16_t* mb; |
1393 | 0 | uint32_t n; |
1394 | 0 | ma=(uint32_t*)origdata; |
1395 | 0 | mb=data; |
1396 | 0 | for (n=0; n<count; n++) |
1397 | 0 | { |
1398 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1399 | 0 | TIFFSwabLong(ma); |
1400 | 0 | err=TIFFReadDirEntryCheckRangeShortLong(*ma); |
1401 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1402 | 0 | break; |
1403 | 0 | *mb++=(uint16_t)(*ma++); |
1404 | 0 | } |
1405 | 0 | } |
1406 | 0 | break; |
1407 | 0 | case TIFF_SLONG: |
1408 | 0 | { |
1409 | 0 | int32_t* ma; |
1410 | 0 | uint16_t* mb; |
1411 | 0 | uint32_t n; |
1412 | 0 | ma=(int32_t*)origdata; |
1413 | 0 | mb=data; |
1414 | 0 | for (n=0; n<count; n++) |
1415 | 0 | { |
1416 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1417 | 0 | TIFFSwabLong((uint32_t*)ma); |
1418 | 0 | err=TIFFReadDirEntryCheckRangeShortSlong(*ma); |
1419 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1420 | 0 | break; |
1421 | 0 | *mb++=(uint16_t)(*ma++); |
1422 | 0 | } |
1423 | 0 | } |
1424 | 0 | break; |
1425 | 0 | case TIFF_LONG8: |
1426 | 0 | { |
1427 | 0 | uint64_t* ma; |
1428 | 0 | uint16_t* mb; |
1429 | 0 | uint32_t n; |
1430 | 0 | ma=(uint64_t*)origdata; |
1431 | 0 | mb=data; |
1432 | 0 | for (n=0; n<count; n++) |
1433 | 0 | { |
1434 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1435 | 0 | TIFFSwabLong8(ma); |
1436 | 0 | err=TIFFReadDirEntryCheckRangeShortLong8(*ma); |
1437 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1438 | 0 | break; |
1439 | 0 | *mb++=(uint16_t)(*ma++); |
1440 | 0 | } |
1441 | 0 | } |
1442 | 0 | break; |
1443 | 0 | case TIFF_SLONG8: |
1444 | 0 | { |
1445 | 0 | int64_t* ma; |
1446 | 0 | uint16_t* mb; |
1447 | 0 | uint32_t n; |
1448 | 0 | ma=(int64_t*)origdata; |
1449 | 0 | mb=data; |
1450 | 0 | for (n=0; n<count; n++) |
1451 | 0 | { |
1452 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1453 | 0 | TIFFSwabLong8((uint64_t*)ma); |
1454 | 0 | err=TIFFReadDirEntryCheckRangeShortSlong8(*ma); |
1455 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1456 | 0 | break; |
1457 | 0 | *mb++=(uint16_t)(*ma++); |
1458 | 0 | } |
1459 | 0 | } |
1460 | 0 | break; |
1461 | 0 | } |
1462 | 0 | _TIFFfree(origdata); |
1463 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1464 | 0 | { |
1465 | 0 | _TIFFfree(data); |
1466 | 0 | return(err); |
1467 | 0 | } |
1468 | 0 | *value=data; |
1469 | 0 | return(TIFFReadDirEntryErrOk); |
1470 | 0 | } |
1471 | | |
1472 | | static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16_t** value) |
1473 | 0 | { |
1474 | 0 | enum TIFFReadDirEntryErr err; |
1475 | 0 | uint32_t count; |
1476 | 0 | void* origdata; |
1477 | 0 | int16_t* data; |
1478 | 0 | switch (direntry->tdir_type) |
1479 | 0 | { |
1480 | 0 | case TIFF_BYTE: |
1481 | 0 | case TIFF_SBYTE: |
1482 | 0 | case TIFF_SHORT: |
1483 | 0 | case TIFF_SSHORT: |
1484 | 0 | case TIFF_LONG: |
1485 | 0 | case TIFF_SLONG: |
1486 | 0 | case TIFF_LONG8: |
1487 | 0 | case TIFF_SLONG8: |
1488 | 0 | break; |
1489 | 0 | default: |
1490 | 0 | return(TIFFReadDirEntryErrType); |
1491 | 0 | } |
1492 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata); |
1493 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
1494 | 0 | { |
1495 | 0 | *value=0; |
1496 | 0 | return(err); |
1497 | 0 | } |
1498 | 0 | switch (direntry->tdir_type) |
1499 | 0 | { |
1500 | 0 | case TIFF_SHORT: |
1501 | 0 | { |
1502 | 0 | uint16_t* m; |
1503 | 0 | uint32_t n; |
1504 | 0 | m=(uint16_t*)origdata; |
1505 | 0 | for (n=0; n<count; n++) |
1506 | 0 | { |
1507 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1508 | 0 | TIFFSwabShort(m); |
1509 | 0 | err=TIFFReadDirEntryCheckRangeSshortShort(*m); |
1510 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1511 | 0 | { |
1512 | 0 | _TIFFfree(origdata); |
1513 | 0 | return(err); |
1514 | 0 | } |
1515 | 0 | m++; |
1516 | 0 | } |
1517 | 0 | *value=(int16_t*)origdata; |
1518 | 0 | return(TIFFReadDirEntryErrOk); |
1519 | 0 | } |
1520 | 0 | case TIFF_SSHORT: |
1521 | 0 | *value=(int16_t*)origdata; |
1522 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1523 | 0 | TIFFSwabArrayOfShort((uint16_t*)(*value), count); |
1524 | 0 | return(TIFFReadDirEntryErrOk); |
1525 | 0 | } |
1526 | 0 | data=(int16_t*)_TIFFmalloc(count * 2); |
1527 | 0 | if (data==0) |
1528 | 0 | { |
1529 | 0 | _TIFFfree(origdata); |
1530 | 0 | return(TIFFReadDirEntryErrAlloc); |
1531 | 0 | } |
1532 | 0 | switch (direntry->tdir_type) |
1533 | 0 | { |
1534 | 0 | case TIFF_BYTE: |
1535 | 0 | { |
1536 | 0 | uint8_t* ma; |
1537 | 0 | int16_t* mb; |
1538 | 0 | uint32_t n; |
1539 | 0 | ma=(uint8_t*)origdata; |
1540 | 0 | mb=data; |
1541 | 0 | for (n=0; n<count; n++) |
1542 | 0 | *mb++=(int16_t)(*ma++); |
1543 | 0 | } |
1544 | 0 | break; |
1545 | 0 | case TIFF_SBYTE: |
1546 | 0 | { |
1547 | 0 | int8_t* ma; |
1548 | 0 | int16_t* mb; |
1549 | 0 | uint32_t n; |
1550 | 0 | ma=(int8_t*)origdata; |
1551 | 0 | mb=data; |
1552 | 0 | for (n=0; n<count; n++) |
1553 | 0 | *mb++=(int16_t)(*ma++); |
1554 | 0 | } |
1555 | 0 | break; |
1556 | 0 | case TIFF_LONG: |
1557 | 0 | { |
1558 | 0 | uint32_t* ma; |
1559 | 0 | int16_t* mb; |
1560 | 0 | uint32_t n; |
1561 | 0 | ma=(uint32_t*)origdata; |
1562 | 0 | mb=data; |
1563 | 0 | for (n=0; n<count; n++) |
1564 | 0 | { |
1565 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1566 | 0 | TIFFSwabLong(ma); |
1567 | 0 | err=TIFFReadDirEntryCheckRangeSshortLong(*ma); |
1568 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1569 | 0 | break; |
1570 | 0 | *mb++=(int16_t)(*ma++); |
1571 | 0 | } |
1572 | 0 | } |
1573 | 0 | break; |
1574 | 0 | case TIFF_SLONG: |
1575 | 0 | { |
1576 | 0 | int32_t* ma; |
1577 | 0 | int16_t* mb; |
1578 | 0 | uint32_t n; |
1579 | 0 | ma=(int32_t*)origdata; |
1580 | 0 | mb=data; |
1581 | 0 | for (n=0; n<count; n++) |
1582 | 0 | { |
1583 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1584 | 0 | TIFFSwabLong((uint32_t*)ma); |
1585 | 0 | err=TIFFReadDirEntryCheckRangeSshortSlong(*ma); |
1586 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1587 | 0 | break; |
1588 | 0 | *mb++=(int16_t)(*ma++); |
1589 | 0 | } |
1590 | 0 | } |
1591 | 0 | break; |
1592 | 0 | case TIFF_LONG8: |
1593 | 0 | { |
1594 | 0 | uint64_t* ma; |
1595 | 0 | int16_t* mb; |
1596 | 0 | uint32_t n; |
1597 | 0 | ma=(uint64_t*)origdata; |
1598 | 0 | mb=data; |
1599 | 0 | for (n=0; n<count; n++) |
1600 | 0 | { |
1601 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1602 | 0 | TIFFSwabLong8(ma); |
1603 | 0 | err=TIFFReadDirEntryCheckRangeSshortLong8(*ma); |
1604 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1605 | 0 | break; |
1606 | 0 | *mb++=(int16_t)(*ma++); |
1607 | 0 | } |
1608 | 0 | } |
1609 | 0 | break; |
1610 | 0 | case TIFF_SLONG8: |
1611 | 0 | { |
1612 | 0 | int64_t* ma; |
1613 | 0 | int16_t* mb; |
1614 | 0 | uint32_t n; |
1615 | 0 | ma=(int64_t*)origdata; |
1616 | 0 | mb=data; |
1617 | 0 | for (n=0; n<count; n++) |
1618 | 0 | { |
1619 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1620 | 0 | TIFFSwabLong8((uint64_t*)ma); |
1621 | 0 | err=TIFFReadDirEntryCheckRangeSshortSlong8(*ma); |
1622 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1623 | 0 | break; |
1624 | 0 | *mb++=(int16_t)(*ma++); |
1625 | 0 | } |
1626 | 0 | } |
1627 | 0 | break; |
1628 | 0 | } |
1629 | 0 | _TIFFfree(origdata); |
1630 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1631 | 0 | { |
1632 | 0 | _TIFFfree(data); |
1633 | 0 | return(err); |
1634 | 0 | } |
1635 | 0 | *value=data; |
1636 | 0 | return(TIFFReadDirEntryErrOk); |
1637 | 0 | } |
1638 | | |
1639 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32_t** value) |
1640 | 0 | { |
1641 | 0 | enum TIFFReadDirEntryErr err; |
1642 | 0 | uint32_t count; |
1643 | 0 | void* origdata; |
1644 | 0 | uint32_t* data; |
1645 | 0 | switch (direntry->tdir_type) |
1646 | 0 | { |
1647 | 0 | case TIFF_BYTE: |
1648 | 0 | case TIFF_SBYTE: |
1649 | 0 | case TIFF_SHORT: |
1650 | 0 | case TIFF_SSHORT: |
1651 | 0 | case TIFF_LONG: |
1652 | 0 | case TIFF_SLONG: |
1653 | 0 | case TIFF_LONG8: |
1654 | 0 | case TIFF_SLONG8: |
1655 | 0 | break; |
1656 | 0 | default: |
1657 | 0 | return(TIFFReadDirEntryErrType); |
1658 | 0 | } |
1659 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata); |
1660 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
1661 | 0 | { |
1662 | 0 | *value=0; |
1663 | 0 | return(err); |
1664 | 0 | } |
1665 | 0 | switch (direntry->tdir_type) |
1666 | 0 | { |
1667 | 0 | case TIFF_LONG: |
1668 | 0 | *value=(uint32_t*)origdata; |
1669 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1670 | 0 | TIFFSwabArrayOfLong(*value,count); |
1671 | 0 | return(TIFFReadDirEntryErrOk); |
1672 | 0 | case TIFF_SLONG: |
1673 | 0 | { |
1674 | 0 | int32_t* m; |
1675 | 0 | uint32_t n; |
1676 | 0 | m=(int32_t*)origdata; |
1677 | 0 | for (n=0; n<count; n++) |
1678 | 0 | { |
1679 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1680 | 0 | TIFFSwabLong((uint32_t*)m); |
1681 | 0 | err=TIFFReadDirEntryCheckRangeLongSlong(*m); |
1682 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1683 | 0 | { |
1684 | 0 | _TIFFfree(origdata); |
1685 | 0 | return(err); |
1686 | 0 | } |
1687 | 0 | m++; |
1688 | 0 | } |
1689 | 0 | *value=(uint32_t*)origdata; |
1690 | 0 | return(TIFFReadDirEntryErrOk); |
1691 | 0 | } |
1692 | 0 | } |
1693 | 0 | data=(uint32_t*)_TIFFmalloc(count * 4); |
1694 | 0 | if (data==0) |
1695 | 0 | { |
1696 | 0 | _TIFFfree(origdata); |
1697 | 0 | return(TIFFReadDirEntryErrAlloc); |
1698 | 0 | } |
1699 | 0 | switch (direntry->tdir_type) |
1700 | 0 | { |
1701 | 0 | case TIFF_BYTE: |
1702 | 0 | { |
1703 | 0 | uint8_t* ma; |
1704 | 0 | uint32_t* mb; |
1705 | 0 | uint32_t n; |
1706 | 0 | ma=(uint8_t*)origdata; |
1707 | 0 | mb=data; |
1708 | 0 | for (n=0; n<count; n++) |
1709 | 0 | *mb++=(uint32_t)(*ma++); |
1710 | 0 | } |
1711 | 0 | break; |
1712 | 0 | case TIFF_SBYTE: |
1713 | 0 | { |
1714 | 0 | int8_t* ma; |
1715 | 0 | uint32_t* mb; |
1716 | 0 | uint32_t n; |
1717 | 0 | ma=(int8_t*)origdata; |
1718 | 0 | mb=data; |
1719 | 0 | for (n=0; n<count; n++) |
1720 | 0 | { |
1721 | 0 | err=TIFFReadDirEntryCheckRangeLongSbyte(*ma); |
1722 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1723 | 0 | break; |
1724 | 0 | *mb++=(uint32_t)(*ma++); |
1725 | 0 | } |
1726 | 0 | } |
1727 | 0 | break; |
1728 | 0 | case TIFF_SHORT: |
1729 | 0 | { |
1730 | 0 | uint16_t* ma; |
1731 | 0 | uint32_t* mb; |
1732 | 0 | uint32_t n; |
1733 | 0 | ma=(uint16_t*)origdata; |
1734 | 0 | mb=data; |
1735 | 0 | for (n=0; n<count; n++) |
1736 | 0 | { |
1737 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1738 | 0 | TIFFSwabShort(ma); |
1739 | 0 | *mb++=(uint32_t)(*ma++); |
1740 | 0 | } |
1741 | 0 | } |
1742 | 0 | break; |
1743 | 0 | case TIFF_SSHORT: |
1744 | 0 | { |
1745 | 0 | int16_t* ma; |
1746 | 0 | uint32_t* mb; |
1747 | 0 | uint32_t n; |
1748 | 0 | ma=(int16_t*)origdata; |
1749 | 0 | mb=data; |
1750 | 0 | for (n=0; n<count; n++) |
1751 | 0 | { |
1752 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1753 | 0 | TIFFSwabShort((uint16_t*)ma); |
1754 | 0 | err=TIFFReadDirEntryCheckRangeLongSshort(*ma); |
1755 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1756 | 0 | break; |
1757 | 0 | *mb++=(uint32_t)(*ma++); |
1758 | 0 | } |
1759 | 0 | } |
1760 | 0 | break; |
1761 | 0 | case TIFF_LONG8: |
1762 | 0 | { |
1763 | 0 | uint64_t* ma; |
1764 | 0 | uint32_t* mb; |
1765 | 0 | uint32_t n; |
1766 | 0 | ma=(uint64_t*)origdata; |
1767 | 0 | mb=data; |
1768 | 0 | for (n=0; n<count; n++) |
1769 | 0 | { |
1770 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1771 | 0 | TIFFSwabLong8(ma); |
1772 | 0 | err=TIFFReadDirEntryCheckRangeLongLong8(*ma); |
1773 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1774 | 0 | break; |
1775 | 0 | *mb++=(uint32_t)(*ma++); |
1776 | 0 | } |
1777 | 0 | } |
1778 | 0 | break; |
1779 | 0 | case TIFF_SLONG8: |
1780 | 0 | { |
1781 | 0 | int64_t* ma; |
1782 | 0 | uint32_t* mb; |
1783 | 0 | uint32_t n; |
1784 | 0 | ma=(int64_t*)origdata; |
1785 | 0 | mb=data; |
1786 | 0 | for (n=0; n<count; n++) |
1787 | 0 | { |
1788 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1789 | 0 | TIFFSwabLong8((uint64_t*)ma); |
1790 | 0 | err=TIFFReadDirEntryCheckRangeLongSlong8(*ma); |
1791 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1792 | 0 | break; |
1793 | 0 | *mb++=(uint32_t)(*ma++); |
1794 | 0 | } |
1795 | 0 | } |
1796 | 0 | break; |
1797 | 0 | } |
1798 | 0 | _TIFFfree(origdata); |
1799 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1800 | 0 | { |
1801 | 0 | _TIFFfree(data); |
1802 | 0 | return(err); |
1803 | 0 | } |
1804 | 0 | *value=data; |
1805 | 0 | return(TIFFReadDirEntryErrOk); |
1806 | 0 | } |
1807 | | |
1808 | | static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32_t** value) |
1809 | 0 | { |
1810 | 0 | enum TIFFReadDirEntryErr err; |
1811 | 0 | uint32_t count; |
1812 | 0 | void* origdata; |
1813 | 0 | int32_t* data; |
1814 | 0 | switch (direntry->tdir_type) |
1815 | 0 | { |
1816 | 0 | case TIFF_BYTE: |
1817 | 0 | case TIFF_SBYTE: |
1818 | 0 | case TIFF_SHORT: |
1819 | 0 | case TIFF_SSHORT: |
1820 | 0 | case TIFF_LONG: |
1821 | 0 | case TIFF_SLONG: |
1822 | 0 | case TIFF_LONG8: |
1823 | 0 | case TIFF_SLONG8: |
1824 | 0 | break; |
1825 | 0 | default: |
1826 | 0 | return(TIFFReadDirEntryErrType); |
1827 | 0 | } |
1828 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata); |
1829 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
1830 | 0 | { |
1831 | 0 | *value=0; |
1832 | 0 | return(err); |
1833 | 0 | } |
1834 | 0 | switch (direntry->tdir_type) |
1835 | 0 | { |
1836 | 0 | case TIFF_LONG: |
1837 | 0 | { |
1838 | 0 | uint32_t* m; |
1839 | 0 | uint32_t n; |
1840 | 0 | m=(uint32_t*)origdata; |
1841 | 0 | for (n=0; n<count; n++) |
1842 | 0 | { |
1843 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1844 | 0 | TIFFSwabLong((uint32_t*)m); |
1845 | 0 | err=TIFFReadDirEntryCheckRangeSlongLong(*m); |
1846 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1847 | 0 | { |
1848 | 0 | _TIFFfree(origdata); |
1849 | 0 | return(err); |
1850 | 0 | } |
1851 | 0 | m++; |
1852 | 0 | } |
1853 | 0 | *value=(int32_t*)origdata; |
1854 | 0 | return(TIFFReadDirEntryErrOk); |
1855 | 0 | } |
1856 | 0 | case TIFF_SLONG: |
1857 | 0 | *value=(int32_t*)origdata; |
1858 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1859 | 0 | TIFFSwabArrayOfLong((uint32_t*)(*value), count); |
1860 | 0 | return(TIFFReadDirEntryErrOk); |
1861 | 0 | } |
1862 | 0 | data=(int32_t*)_TIFFmalloc(count * 4); |
1863 | 0 | if (data==0) |
1864 | 0 | { |
1865 | 0 | _TIFFfree(origdata); |
1866 | 0 | return(TIFFReadDirEntryErrAlloc); |
1867 | 0 | } |
1868 | 0 | switch (direntry->tdir_type) |
1869 | 0 | { |
1870 | 0 | case TIFF_BYTE: |
1871 | 0 | { |
1872 | 0 | uint8_t* ma; |
1873 | 0 | int32_t* mb; |
1874 | 0 | uint32_t n; |
1875 | 0 | ma=(uint8_t*)origdata; |
1876 | 0 | mb=data; |
1877 | 0 | for (n=0; n<count; n++) |
1878 | 0 | *mb++=(int32_t)(*ma++); |
1879 | 0 | } |
1880 | 0 | break; |
1881 | 0 | case TIFF_SBYTE: |
1882 | 0 | { |
1883 | 0 | int8_t* ma; |
1884 | 0 | int32_t* mb; |
1885 | 0 | uint32_t n; |
1886 | 0 | ma=(int8_t*)origdata; |
1887 | 0 | mb=data; |
1888 | 0 | for (n=0; n<count; n++) |
1889 | 0 | *mb++=(int32_t)(*ma++); |
1890 | 0 | } |
1891 | 0 | break; |
1892 | 0 | case TIFF_SHORT: |
1893 | 0 | { |
1894 | 0 | uint16_t* ma; |
1895 | 0 | int32_t* mb; |
1896 | 0 | uint32_t n; |
1897 | 0 | ma=(uint16_t*)origdata; |
1898 | 0 | mb=data; |
1899 | 0 | for (n=0; n<count; n++) |
1900 | 0 | { |
1901 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1902 | 0 | TIFFSwabShort(ma); |
1903 | 0 | *mb++=(int32_t)(*ma++); |
1904 | 0 | } |
1905 | 0 | } |
1906 | 0 | break; |
1907 | 0 | case TIFF_SSHORT: |
1908 | 0 | { |
1909 | 0 | int16_t* ma; |
1910 | 0 | int32_t* mb; |
1911 | 0 | uint32_t n; |
1912 | 0 | ma=(int16_t*)origdata; |
1913 | 0 | mb=data; |
1914 | 0 | for (n=0; n<count; n++) |
1915 | 0 | { |
1916 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1917 | 0 | TIFFSwabShort((uint16_t*)ma); |
1918 | 0 | *mb++=(int32_t)(*ma++); |
1919 | 0 | } |
1920 | 0 | } |
1921 | 0 | break; |
1922 | 0 | case TIFF_LONG8: |
1923 | 0 | { |
1924 | 0 | uint64_t* ma; |
1925 | 0 | int32_t* mb; |
1926 | 0 | uint32_t n; |
1927 | 0 | ma=(uint64_t*)origdata; |
1928 | 0 | mb=data; |
1929 | 0 | for (n=0; n<count; n++) |
1930 | 0 | { |
1931 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1932 | 0 | TIFFSwabLong8(ma); |
1933 | 0 | err=TIFFReadDirEntryCheckRangeSlongLong8(*ma); |
1934 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1935 | 0 | break; |
1936 | 0 | *mb++=(int32_t)(*ma++); |
1937 | 0 | } |
1938 | 0 | } |
1939 | 0 | break; |
1940 | 0 | case TIFF_SLONG8: |
1941 | 0 | { |
1942 | 0 | int64_t* ma; |
1943 | 0 | int32_t* mb; |
1944 | 0 | uint32_t n; |
1945 | 0 | ma=(int64_t*)origdata; |
1946 | 0 | mb=data; |
1947 | 0 | for (n=0; n<count; n++) |
1948 | 0 | { |
1949 | 0 | if (tif->tif_flags&TIFF_SWAB) |
1950 | 0 | TIFFSwabLong8((uint64_t*)ma); |
1951 | 0 | err=TIFFReadDirEntryCheckRangeSlongSlong8(*ma); |
1952 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1953 | 0 | break; |
1954 | 0 | *mb++=(int32_t)(*ma++); |
1955 | 0 | } |
1956 | 0 | } |
1957 | 0 | break; |
1958 | 0 | } |
1959 | 0 | _TIFFfree(origdata); |
1960 | 0 | if (err!=TIFFReadDirEntryErrOk) |
1961 | 0 | { |
1962 | 0 | _TIFFfree(data); |
1963 | 0 | return(err); |
1964 | 0 | } |
1965 | 0 | *value=data; |
1966 | 0 | return(TIFFReadDirEntryErrOk); |
1967 | 0 | } |
1968 | | |
1969 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8ArrayWithLimit( |
1970 | | TIFF* tif, TIFFDirEntry* direntry, uint64_t** value, uint64_t maxcount) |
1971 | 0 | { |
1972 | 0 | enum TIFFReadDirEntryErr err; |
1973 | 0 | uint32_t count; |
1974 | 0 | void* origdata; |
1975 | 0 | uint64_t* data; |
1976 | 0 | switch (direntry->tdir_type) |
1977 | 0 | { |
1978 | 0 | case TIFF_BYTE: |
1979 | 0 | case TIFF_SBYTE: |
1980 | 0 | case TIFF_SHORT: |
1981 | 0 | case TIFF_SSHORT: |
1982 | 0 | case TIFF_LONG: |
1983 | 0 | case TIFF_SLONG: |
1984 | 0 | case TIFF_LONG8: |
1985 | 0 | case TIFF_SLONG8: |
1986 | 0 | break; |
1987 | 0 | default: |
1988 | 0 | return(TIFFReadDirEntryErrType); |
1989 | 0 | } |
1990 | 0 | err=TIFFReadDirEntryArrayWithLimit(tif,direntry,&count,8,&origdata,maxcount); |
1991 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
1992 | 0 | { |
1993 | 0 | *value=0; |
1994 | 0 | return(err); |
1995 | 0 | } |
1996 | 0 | switch (direntry->tdir_type) |
1997 | 0 | { |
1998 | 0 | case TIFF_LONG8: |
1999 | 0 | *value=(uint64_t*)origdata; |
2000 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2001 | 0 | TIFFSwabArrayOfLong8(*value,count); |
2002 | 0 | return(TIFFReadDirEntryErrOk); |
2003 | 0 | case TIFF_SLONG8: |
2004 | 0 | { |
2005 | 0 | int64_t* m; |
2006 | 0 | uint32_t n; |
2007 | 0 | m=(int64_t*)origdata; |
2008 | 0 | for (n=0; n<count; n++) |
2009 | 0 | { |
2010 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2011 | 0 | TIFFSwabLong8((uint64_t*)m); |
2012 | 0 | err=TIFFReadDirEntryCheckRangeLong8Slong8(*m); |
2013 | 0 | if (err!=TIFFReadDirEntryErrOk) |
2014 | 0 | { |
2015 | 0 | _TIFFfree(origdata); |
2016 | 0 | return(err); |
2017 | 0 | } |
2018 | 0 | m++; |
2019 | 0 | } |
2020 | 0 | *value=(uint64_t*)origdata; |
2021 | 0 | return(TIFFReadDirEntryErrOk); |
2022 | 0 | } |
2023 | 0 | } |
2024 | 0 | data=(uint64_t*)_TIFFmalloc(count * 8); |
2025 | 0 | if (data==0) |
2026 | 0 | { |
2027 | 0 | _TIFFfree(origdata); |
2028 | 0 | return(TIFFReadDirEntryErrAlloc); |
2029 | 0 | } |
2030 | 0 | switch (direntry->tdir_type) |
2031 | 0 | { |
2032 | 0 | case TIFF_BYTE: |
2033 | 0 | { |
2034 | 0 | uint8_t* ma; |
2035 | 0 | uint64_t* mb; |
2036 | 0 | uint32_t n; |
2037 | 0 | ma=(uint8_t*)origdata; |
2038 | 0 | mb=data; |
2039 | 0 | for (n=0; n<count; n++) |
2040 | 0 | *mb++=(uint64_t)(*ma++); |
2041 | 0 | } |
2042 | 0 | break; |
2043 | 0 | case TIFF_SBYTE: |
2044 | 0 | { |
2045 | 0 | int8_t* ma; |
2046 | 0 | uint64_t* mb; |
2047 | 0 | uint32_t n; |
2048 | 0 | ma=(int8_t*)origdata; |
2049 | 0 | mb=data; |
2050 | 0 | for (n=0; n<count; n++) |
2051 | 0 | { |
2052 | 0 | err=TIFFReadDirEntryCheckRangeLong8Sbyte(*ma); |
2053 | 0 | if (err!=TIFFReadDirEntryErrOk) |
2054 | 0 | break; |
2055 | 0 | *mb++=(uint64_t)(*ma++); |
2056 | 0 | } |
2057 | 0 | } |
2058 | 0 | break; |
2059 | 0 | case TIFF_SHORT: |
2060 | 0 | { |
2061 | 0 | uint16_t* ma; |
2062 | 0 | uint64_t* mb; |
2063 | 0 | uint32_t n; |
2064 | 0 | ma=(uint16_t*)origdata; |
2065 | 0 | mb=data; |
2066 | 0 | for (n=0; n<count; n++) |
2067 | 0 | { |
2068 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2069 | 0 | TIFFSwabShort(ma); |
2070 | 0 | *mb++=(uint64_t)(*ma++); |
2071 | 0 | } |
2072 | 0 | } |
2073 | 0 | break; |
2074 | 0 | case TIFF_SSHORT: |
2075 | 0 | { |
2076 | 0 | int16_t* ma; |
2077 | 0 | uint64_t* mb; |
2078 | 0 | uint32_t n; |
2079 | 0 | ma=(int16_t*)origdata; |
2080 | 0 | mb=data; |
2081 | 0 | for (n=0; n<count; n++) |
2082 | 0 | { |
2083 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2084 | 0 | TIFFSwabShort((uint16_t*)ma); |
2085 | 0 | err=TIFFReadDirEntryCheckRangeLong8Sshort(*ma); |
2086 | 0 | if (err!=TIFFReadDirEntryErrOk) |
2087 | 0 | break; |
2088 | 0 | *mb++=(uint64_t)(*ma++); |
2089 | 0 | } |
2090 | 0 | } |
2091 | 0 | break; |
2092 | 0 | case TIFF_LONG: |
2093 | 0 | { |
2094 | 0 | uint32_t* ma; |
2095 | 0 | uint64_t* mb; |
2096 | 0 | uint32_t n; |
2097 | 0 | ma=(uint32_t*)origdata; |
2098 | 0 | mb=data; |
2099 | 0 | for (n=0; n<count; n++) |
2100 | 0 | { |
2101 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2102 | 0 | TIFFSwabLong(ma); |
2103 | 0 | *mb++=(uint64_t)(*ma++); |
2104 | 0 | } |
2105 | 0 | } |
2106 | 0 | break; |
2107 | 0 | case TIFF_SLONG: |
2108 | 0 | { |
2109 | 0 | int32_t* ma; |
2110 | 0 | uint64_t* mb; |
2111 | 0 | uint32_t n; |
2112 | 0 | ma=(int32_t*)origdata; |
2113 | 0 | mb=data; |
2114 | 0 | for (n=0; n<count; n++) |
2115 | 0 | { |
2116 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2117 | 0 | TIFFSwabLong((uint32_t*)ma); |
2118 | 0 | err=TIFFReadDirEntryCheckRangeLong8Slong(*ma); |
2119 | 0 | if (err!=TIFFReadDirEntryErrOk) |
2120 | 0 | break; |
2121 | 0 | *mb++=(uint64_t)(*ma++); |
2122 | 0 | } |
2123 | 0 | } |
2124 | 0 | break; |
2125 | 0 | } |
2126 | 0 | _TIFFfree(origdata); |
2127 | 0 | if (err!=TIFFReadDirEntryErrOk) |
2128 | 0 | { |
2129 | 0 | _TIFFfree(data); |
2130 | 0 | return(err); |
2131 | 0 | } |
2132 | 0 | *value=data; |
2133 | 0 | return(TIFFReadDirEntryErrOk); |
2134 | 0 | } |
2135 | | |
2136 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64_t** value) |
2137 | 0 | { |
2138 | 0 | return TIFFReadDirEntryLong8ArrayWithLimit(tif, direntry, value, ~((uint64_t)0)); |
2139 | 0 | } |
2140 | | |
2141 | | static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64_t** value) |
2142 | 0 | { |
2143 | 0 | enum TIFFReadDirEntryErr err; |
2144 | 0 | uint32_t count; |
2145 | 0 | void* origdata; |
2146 | 0 | int64_t* data; |
2147 | 0 | switch (direntry->tdir_type) |
2148 | 0 | { |
2149 | 0 | case TIFF_BYTE: |
2150 | 0 | case TIFF_SBYTE: |
2151 | 0 | case TIFF_SHORT: |
2152 | 0 | case TIFF_SSHORT: |
2153 | 0 | case TIFF_LONG: |
2154 | 0 | case TIFF_SLONG: |
2155 | 0 | case TIFF_LONG8: |
2156 | 0 | case TIFF_SLONG8: |
2157 | 0 | break; |
2158 | 0 | default: |
2159 | 0 | return(TIFFReadDirEntryErrType); |
2160 | 0 | } |
2161 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata); |
2162 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
2163 | 0 | { |
2164 | 0 | *value=0; |
2165 | 0 | return(err); |
2166 | 0 | } |
2167 | 0 | switch (direntry->tdir_type) |
2168 | 0 | { |
2169 | 0 | case TIFF_LONG8: |
2170 | 0 | { |
2171 | 0 | uint64_t* m; |
2172 | 0 | uint32_t n; |
2173 | 0 | m=(uint64_t*)origdata; |
2174 | 0 | for (n=0; n<count; n++) |
2175 | 0 | { |
2176 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2177 | 0 | TIFFSwabLong8(m); |
2178 | 0 | err=TIFFReadDirEntryCheckRangeSlong8Long8(*m); |
2179 | 0 | if (err!=TIFFReadDirEntryErrOk) |
2180 | 0 | { |
2181 | 0 | _TIFFfree(origdata); |
2182 | 0 | return(err); |
2183 | 0 | } |
2184 | 0 | m++; |
2185 | 0 | } |
2186 | 0 | *value=(int64_t*)origdata; |
2187 | 0 | return(TIFFReadDirEntryErrOk); |
2188 | 0 | } |
2189 | 0 | case TIFF_SLONG8: |
2190 | 0 | *value=(int64_t*)origdata; |
2191 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2192 | 0 | TIFFSwabArrayOfLong8((uint64_t*)(*value), count); |
2193 | 0 | return(TIFFReadDirEntryErrOk); |
2194 | 0 | } |
2195 | 0 | data=(int64_t*)_TIFFmalloc(count * 8); |
2196 | 0 | if (data==0) |
2197 | 0 | { |
2198 | 0 | _TIFFfree(origdata); |
2199 | 0 | return(TIFFReadDirEntryErrAlloc); |
2200 | 0 | } |
2201 | 0 | switch (direntry->tdir_type) |
2202 | 0 | { |
2203 | 0 | case TIFF_BYTE: |
2204 | 0 | { |
2205 | 0 | uint8_t* ma; |
2206 | 0 | int64_t* mb; |
2207 | 0 | uint32_t n; |
2208 | 0 | ma=(uint8_t*)origdata; |
2209 | 0 | mb=data; |
2210 | 0 | for (n=0; n<count; n++) |
2211 | 0 | *mb++=(int64_t)(*ma++); |
2212 | 0 | } |
2213 | 0 | break; |
2214 | 0 | case TIFF_SBYTE: |
2215 | 0 | { |
2216 | 0 | int8_t* ma; |
2217 | 0 | int64_t* mb; |
2218 | 0 | uint32_t n; |
2219 | 0 | ma=(int8_t*)origdata; |
2220 | 0 | mb=data; |
2221 | 0 | for (n=0; n<count; n++) |
2222 | 0 | *mb++=(int64_t)(*ma++); |
2223 | 0 | } |
2224 | 0 | break; |
2225 | 0 | case TIFF_SHORT: |
2226 | 0 | { |
2227 | 0 | uint16_t* ma; |
2228 | 0 | int64_t* mb; |
2229 | 0 | uint32_t n; |
2230 | 0 | ma=(uint16_t*)origdata; |
2231 | 0 | mb=data; |
2232 | 0 | for (n=0; n<count; n++) |
2233 | 0 | { |
2234 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2235 | 0 | TIFFSwabShort(ma); |
2236 | 0 | *mb++=(int64_t)(*ma++); |
2237 | 0 | } |
2238 | 0 | } |
2239 | 0 | break; |
2240 | 0 | case TIFF_SSHORT: |
2241 | 0 | { |
2242 | 0 | int16_t* ma; |
2243 | 0 | int64_t* mb; |
2244 | 0 | uint32_t n; |
2245 | 0 | ma=(int16_t*)origdata; |
2246 | 0 | mb=data; |
2247 | 0 | for (n=0; n<count; n++) |
2248 | 0 | { |
2249 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2250 | 0 | TIFFSwabShort((uint16_t*)ma); |
2251 | 0 | *mb++=(int64_t)(*ma++); |
2252 | 0 | } |
2253 | 0 | } |
2254 | 0 | break; |
2255 | 0 | case TIFF_LONG: |
2256 | 0 | { |
2257 | 0 | uint32_t* ma; |
2258 | 0 | int64_t* mb; |
2259 | 0 | uint32_t n; |
2260 | 0 | ma=(uint32_t*)origdata; |
2261 | 0 | mb=data; |
2262 | 0 | for (n=0; n<count; n++) |
2263 | 0 | { |
2264 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2265 | 0 | TIFFSwabLong(ma); |
2266 | 0 | *mb++=(int64_t)(*ma++); |
2267 | 0 | } |
2268 | 0 | } |
2269 | 0 | break; |
2270 | 0 | case TIFF_SLONG: |
2271 | 0 | { |
2272 | 0 | int32_t* ma; |
2273 | 0 | int64_t* mb; |
2274 | 0 | uint32_t n; |
2275 | 0 | ma=(int32_t*)origdata; |
2276 | 0 | mb=data; |
2277 | 0 | for (n=0; n<count; n++) |
2278 | 0 | { |
2279 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2280 | 0 | TIFFSwabLong((uint32_t*)ma); |
2281 | 0 | *mb++=(int64_t)(*ma++); |
2282 | 0 | } |
2283 | 0 | } |
2284 | 0 | break; |
2285 | 0 | } |
2286 | 0 | _TIFFfree(origdata); |
2287 | 0 | *value=data; |
2288 | 0 | return(TIFFReadDirEntryErrOk); |
2289 | 0 | } |
2290 | | |
2291 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value) |
2292 | 0 | { |
2293 | 0 | enum TIFFReadDirEntryErr err; |
2294 | 0 | uint32_t count; |
2295 | 0 | void* origdata; |
2296 | 0 | float* data; |
2297 | 0 | switch (direntry->tdir_type) |
2298 | 0 | { |
2299 | 0 | case TIFF_BYTE: |
2300 | 0 | case TIFF_SBYTE: |
2301 | 0 | case TIFF_SHORT: |
2302 | 0 | case TIFF_SSHORT: |
2303 | 0 | case TIFF_LONG: |
2304 | 0 | case TIFF_SLONG: |
2305 | 0 | case TIFF_LONG8: |
2306 | 0 | case TIFF_SLONG8: |
2307 | 0 | case TIFF_RATIONAL: |
2308 | 0 | case TIFF_SRATIONAL: |
2309 | 0 | case TIFF_FLOAT: |
2310 | 0 | case TIFF_DOUBLE: |
2311 | 0 | break; |
2312 | 0 | default: |
2313 | 0 | return(TIFFReadDirEntryErrType); |
2314 | 0 | } |
2315 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata); |
2316 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
2317 | 0 | { |
2318 | 0 | *value=0; |
2319 | 0 | return(err); |
2320 | 0 | } |
2321 | 0 | switch (direntry->tdir_type) |
2322 | 0 | { |
2323 | 0 | case TIFF_FLOAT: |
2324 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2325 | 0 | TIFFSwabArrayOfLong((uint32_t*)origdata, count); |
2326 | 0 | TIFFCvtIEEEDoubleToNative(tif,count,(float*)origdata); |
2327 | 0 | *value=(float*)origdata; |
2328 | 0 | return(TIFFReadDirEntryErrOk); |
2329 | 0 | } |
2330 | 0 | data=(float*)_TIFFmalloc(count*sizeof(float)); |
2331 | 0 | if (data==0) |
2332 | 0 | { |
2333 | 0 | _TIFFfree(origdata); |
2334 | 0 | return(TIFFReadDirEntryErrAlloc); |
2335 | 0 | } |
2336 | 0 | switch (direntry->tdir_type) |
2337 | 0 | { |
2338 | 0 | case TIFF_BYTE: |
2339 | 0 | { |
2340 | 0 | uint8_t* ma; |
2341 | 0 | float* mb; |
2342 | 0 | uint32_t n; |
2343 | 0 | ma=(uint8_t*)origdata; |
2344 | 0 | mb=data; |
2345 | 0 | for (n=0; n<count; n++) |
2346 | 0 | *mb++=(float)(*ma++); |
2347 | 0 | } |
2348 | 0 | break; |
2349 | 0 | case TIFF_SBYTE: |
2350 | 0 | { |
2351 | 0 | int8_t* ma; |
2352 | 0 | float* mb; |
2353 | 0 | uint32_t n; |
2354 | 0 | ma=(int8_t*)origdata; |
2355 | 0 | mb=data; |
2356 | 0 | for (n=0; n<count; n++) |
2357 | 0 | *mb++=(float)(*ma++); |
2358 | 0 | } |
2359 | 0 | break; |
2360 | 0 | case TIFF_SHORT: |
2361 | 0 | { |
2362 | 0 | uint16_t* ma; |
2363 | 0 | float* mb; |
2364 | 0 | uint32_t n; |
2365 | 0 | ma=(uint16_t*)origdata; |
2366 | 0 | mb=data; |
2367 | 0 | for (n=0; n<count; n++) |
2368 | 0 | { |
2369 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2370 | 0 | TIFFSwabShort(ma); |
2371 | 0 | *mb++=(float)(*ma++); |
2372 | 0 | } |
2373 | 0 | } |
2374 | 0 | break; |
2375 | 0 | case TIFF_SSHORT: |
2376 | 0 | { |
2377 | 0 | int16_t* ma; |
2378 | 0 | float* mb; |
2379 | 0 | uint32_t n; |
2380 | 0 | ma=(int16_t*)origdata; |
2381 | 0 | mb=data; |
2382 | 0 | for (n=0; n<count; n++) |
2383 | 0 | { |
2384 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2385 | 0 | TIFFSwabShort((uint16_t*)ma); |
2386 | 0 | *mb++=(float)(*ma++); |
2387 | 0 | } |
2388 | 0 | } |
2389 | 0 | break; |
2390 | 0 | case TIFF_LONG: |
2391 | 0 | { |
2392 | 0 | uint32_t* ma; |
2393 | 0 | float* mb; |
2394 | 0 | uint32_t n; |
2395 | 0 | ma=(uint32_t*)origdata; |
2396 | 0 | mb=data; |
2397 | 0 | for (n=0; n<count; n++) |
2398 | 0 | { |
2399 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2400 | 0 | TIFFSwabLong(ma); |
2401 | 0 | *mb++=(float)(*ma++); |
2402 | 0 | } |
2403 | 0 | } |
2404 | 0 | break; |
2405 | 0 | case TIFF_SLONG: |
2406 | 0 | { |
2407 | 0 | int32_t* ma; |
2408 | 0 | float* mb; |
2409 | 0 | uint32_t n; |
2410 | 0 | ma=(int32_t*)origdata; |
2411 | 0 | mb=data; |
2412 | 0 | for (n=0; n<count; n++) |
2413 | 0 | { |
2414 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2415 | 0 | TIFFSwabLong((uint32_t*)ma); |
2416 | 0 | *mb++=(float)(*ma++); |
2417 | 0 | } |
2418 | 0 | } |
2419 | 0 | break; |
2420 | 0 | case TIFF_LONG8: |
2421 | 0 | { |
2422 | 0 | uint64_t* ma; |
2423 | 0 | float* mb; |
2424 | 0 | uint32_t n; |
2425 | 0 | ma=(uint64_t*)origdata; |
2426 | 0 | mb=data; |
2427 | 0 | for (n=0; n<count; n++) |
2428 | 0 | { |
2429 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2430 | 0 | TIFFSwabLong8(ma); |
2431 | | #if defined(__WIN32__) && (_MSC_VER < 1500) |
2432 | | /* |
2433 | | * XXX: MSVC 6.0 does not support |
2434 | | * conversion of 64-bit integers into |
2435 | | * floating point values. |
2436 | | */ |
2437 | | *mb++ = _TIFFUInt64ToFloat(*ma++); |
2438 | | #else |
2439 | 0 | *mb++ = (float)(*ma++); |
2440 | 0 | #endif |
2441 | 0 | } |
2442 | 0 | } |
2443 | 0 | break; |
2444 | 0 | case TIFF_SLONG8: |
2445 | 0 | { |
2446 | 0 | int64_t* ma; |
2447 | 0 | float* mb; |
2448 | 0 | uint32_t n; |
2449 | 0 | ma=(int64_t*)origdata; |
2450 | 0 | mb=data; |
2451 | 0 | for (n=0; n<count; n++) |
2452 | 0 | { |
2453 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2454 | 0 | TIFFSwabLong8((uint64_t*)ma); |
2455 | 0 | *mb++=(float)(*ma++); |
2456 | 0 | } |
2457 | 0 | } |
2458 | 0 | break; |
2459 | 0 | case TIFF_RATIONAL: |
2460 | 0 | { |
2461 | 0 | uint32_t* ma; |
2462 | 0 | uint32_t maa; |
2463 | 0 | uint32_t mab; |
2464 | 0 | float* mb; |
2465 | 0 | uint32_t n; |
2466 | 0 | ma=(uint32_t*)origdata; |
2467 | 0 | mb=data; |
2468 | 0 | for (n=0; n<count; n++) |
2469 | 0 | { |
2470 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2471 | 0 | TIFFSwabLong(ma); |
2472 | 0 | maa=*ma++; |
2473 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2474 | 0 | TIFFSwabLong(ma); |
2475 | 0 | mab=*ma++; |
2476 | 0 | if (mab==0) |
2477 | 0 | *mb++=0.0; |
2478 | 0 | else |
2479 | 0 | *mb++=(float)maa/(float)mab; |
2480 | 0 | } |
2481 | 0 | } |
2482 | 0 | break; |
2483 | 0 | case TIFF_SRATIONAL: |
2484 | 0 | { |
2485 | 0 | uint32_t* ma; |
2486 | 0 | int32_t maa; |
2487 | 0 | uint32_t mab; |
2488 | 0 | float* mb; |
2489 | 0 | uint32_t n; |
2490 | 0 | ma=(uint32_t*)origdata; |
2491 | 0 | mb=data; |
2492 | 0 | for (n=0; n<count; n++) |
2493 | 0 | { |
2494 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2495 | 0 | TIFFSwabLong(ma); |
2496 | 0 | maa=*(int32_t*)ma; |
2497 | 0 | ma++; |
2498 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2499 | 0 | TIFFSwabLong(ma); |
2500 | 0 | mab=*ma++; |
2501 | 0 | if (mab==0) |
2502 | 0 | *mb++=0.0; |
2503 | 0 | else |
2504 | 0 | *mb++=(float)maa/(float)mab; |
2505 | 0 | } |
2506 | 0 | } |
2507 | 0 | break; |
2508 | 0 | case TIFF_DOUBLE: |
2509 | 0 | { |
2510 | 0 | double* ma; |
2511 | 0 | float* mb; |
2512 | 0 | uint32_t n; |
2513 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2514 | 0 | TIFFSwabArrayOfLong8((uint64_t*)origdata, count); |
2515 | 0 | TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata); |
2516 | 0 | ma=(double*)origdata; |
2517 | 0 | mb=data; |
2518 | 0 | for (n=0; n<count; n++) |
2519 | 0 | { |
2520 | 0 | double val = *ma++; |
2521 | 0 | if( val > FLT_MAX ) |
2522 | 0 | val = FLT_MAX; |
2523 | 0 | else if( val < -FLT_MAX ) |
2524 | 0 | val = -FLT_MAX; |
2525 | 0 | *mb++=(float)val; |
2526 | 0 | } |
2527 | 0 | } |
2528 | 0 | break; |
2529 | 0 | } |
2530 | 0 | _TIFFfree(origdata); |
2531 | 0 | *value=data; |
2532 | 0 | return(TIFFReadDirEntryErrOk); |
2533 | 0 | } |
2534 | | |
2535 | | static enum TIFFReadDirEntryErr |
2536 | | TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value) |
2537 | 0 | { |
2538 | 0 | enum TIFFReadDirEntryErr err; |
2539 | 0 | uint32_t count; |
2540 | 0 | void* origdata; |
2541 | 0 | double* data; |
2542 | 0 | switch (direntry->tdir_type) |
2543 | 0 | { |
2544 | 0 | case TIFF_BYTE: |
2545 | 0 | case TIFF_SBYTE: |
2546 | 0 | case TIFF_SHORT: |
2547 | 0 | case TIFF_SSHORT: |
2548 | 0 | case TIFF_LONG: |
2549 | 0 | case TIFF_SLONG: |
2550 | 0 | case TIFF_LONG8: |
2551 | 0 | case TIFF_SLONG8: |
2552 | 0 | case TIFF_RATIONAL: |
2553 | 0 | case TIFF_SRATIONAL: |
2554 | 0 | case TIFF_FLOAT: |
2555 | 0 | case TIFF_DOUBLE: |
2556 | 0 | break; |
2557 | 0 | default: |
2558 | 0 | return(TIFFReadDirEntryErrType); |
2559 | 0 | } |
2560 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata); |
2561 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
2562 | 0 | { |
2563 | 0 | *value=0; |
2564 | 0 | return(err); |
2565 | 0 | } |
2566 | 0 | switch (direntry->tdir_type) |
2567 | 0 | { |
2568 | 0 | case TIFF_DOUBLE: |
2569 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2570 | 0 | TIFFSwabArrayOfLong8((uint64_t*)origdata, count); |
2571 | 0 | TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata); |
2572 | 0 | *value=(double*)origdata; |
2573 | 0 | return(TIFFReadDirEntryErrOk); |
2574 | 0 | } |
2575 | 0 | data=(double*)_TIFFmalloc(count*sizeof(double)); |
2576 | 0 | if (data==0) |
2577 | 0 | { |
2578 | 0 | _TIFFfree(origdata); |
2579 | 0 | return(TIFFReadDirEntryErrAlloc); |
2580 | 0 | } |
2581 | 0 | switch (direntry->tdir_type) |
2582 | 0 | { |
2583 | 0 | case TIFF_BYTE: |
2584 | 0 | { |
2585 | 0 | uint8_t* ma; |
2586 | 0 | double* mb; |
2587 | 0 | uint32_t n; |
2588 | 0 | ma=(uint8_t*)origdata; |
2589 | 0 | mb=data; |
2590 | 0 | for (n=0; n<count; n++) |
2591 | 0 | *mb++=(double)(*ma++); |
2592 | 0 | } |
2593 | 0 | break; |
2594 | 0 | case TIFF_SBYTE: |
2595 | 0 | { |
2596 | 0 | int8_t* ma; |
2597 | 0 | double* mb; |
2598 | 0 | uint32_t n; |
2599 | 0 | ma=(int8_t*)origdata; |
2600 | 0 | mb=data; |
2601 | 0 | for (n=0; n<count; n++) |
2602 | 0 | *mb++=(double)(*ma++); |
2603 | 0 | } |
2604 | 0 | break; |
2605 | 0 | case TIFF_SHORT: |
2606 | 0 | { |
2607 | 0 | uint16_t* ma; |
2608 | 0 | double* mb; |
2609 | 0 | uint32_t n; |
2610 | 0 | ma=(uint16_t*)origdata; |
2611 | 0 | mb=data; |
2612 | 0 | for (n=0; n<count; n++) |
2613 | 0 | { |
2614 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2615 | 0 | TIFFSwabShort(ma); |
2616 | 0 | *mb++=(double)(*ma++); |
2617 | 0 | } |
2618 | 0 | } |
2619 | 0 | break; |
2620 | 0 | case TIFF_SSHORT: |
2621 | 0 | { |
2622 | 0 | int16_t* ma; |
2623 | 0 | double* mb; |
2624 | 0 | uint32_t n; |
2625 | 0 | ma=(int16_t*)origdata; |
2626 | 0 | mb=data; |
2627 | 0 | for (n=0; n<count; n++) |
2628 | 0 | { |
2629 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2630 | 0 | TIFFSwabShort((uint16_t*)ma); |
2631 | 0 | *mb++=(double)(*ma++); |
2632 | 0 | } |
2633 | 0 | } |
2634 | 0 | break; |
2635 | 0 | case TIFF_LONG: |
2636 | 0 | { |
2637 | 0 | uint32_t* ma; |
2638 | 0 | double* mb; |
2639 | 0 | uint32_t n; |
2640 | 0 | ma=(uint32_t*)origdata; |
2641 | 0 | mb=data; |
2642 | 0 | for (n=0; n<count; n++) |
2643 | 0 | { |
2644 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2645 | 0 | TIFFSwabLong(ma); |
2646 | 0 | *mb++=(double)(*ma++); |
2647 | 0 | } |
2648 | 0 | } |
2649 | 0 | break; |
2650 | 0 | case TIFF_SLONG: |
2651 | 0 | { |
2652 | 0 | int32_t* ma; |
2653 | 0 | double* mb; |
2654 | 0 | uint32_t n; |
2655 | 0 | ma=(int32_t*)origdata; |
2656 | 0 | mb=data; |
2657 | 0 | for (n=0; n<count; n++) |
2658 | 0 | { |
2659 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2660 | 0 | TIFFSwabLong((uint32_t*)ma); |
2661 | 0 | *mb++=(double)(*ma++); |
2662 | 0 | } |
2663 | 0 | } |
2664 | 0 | break; |
2665 | 0 | case TIFF_LONG8: |
2666 | 0 | { |
2667 | 0 | uint64_t* ma; |
2668 | 0 | double* mb; |
2669 | 0 | uint32_t n; |
2670 | 0 | ma=(uint64_t*)origdata; |
2671 | 0 | mb=data; |
2672 | 0 | for (n=0; n<count; n++) |
2673 | 0 | { |
2674 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2675 | 0 | TIFFSwabLong8(ma); |
2676 | | #if defined(__WIN32__) && (_MSC_VER < 1500) |
2677 | | /* |
2678 | | * XXX: MSVC 6.0 does not support |
2679 | | * conversion of 64-bit integers into |
2680 | | * floating point values. |
2681 | | */ |
2682 | | *mb++ = _TIFFUInt64ToDouble(*ma++); |
2683 | | #else |
2684 | 0 | *mb++ = (double)(*ma++); |
2685 | 0 | #endif |
2686 | 0 | } |
2687 | 0 | } |
2688 | 0 | break; |
2689 | 0 | case TIFF_SLONG8: |
2690 | 0 | { |
2691 | 0 | int64_t* ma; |
2692 | 0 | double* mb; |
2693 | 0 | uint32_t n; |
2694 | 0 | ma=(int64_t*)origdata; |
2695 | 0 | mb=data; |
2696 | 0 | for (n=0; n<count; n++) |
2697 | 0 | { |
2698 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2699 | 0 | TIFFSwabLong8((uint64_t*)ma); |
2700 | 0 | *mb++=(double)(*ma++); |
2701 | 0 | } |
2702 | 0 | } |
2703 | 0 | break; |
2704 | 0 | case TIFF_RATIONAL: |
2705 | 0 | { |
2706 | 0 | uint32_t* ma; |
2707 | 0 | uint32_t maa; |
2708 | 0 | uint32_t mab; |
2709 | 0 | double* mb; |
2710 | 0 | uint32_t n; |
2711 | 0 | ma=(uint32_t*)origdata; |
2712 | 0 | mb=data; |
2713 | 0 | for (n=0; n<count; n++) |
2714 | 0 | { |
2715 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2716 | 0 | TIFFSwabLong(ma); |
2717 | 0 | maa=*ma++; |
2718 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2719 | 0 | TIFFSwabLong(ma); |
2720 | 0 | mab=*ma++; |
2721 | 0 | if (mab==0) |
2722 | 0 | *mb++=0.0; |
2723 | 0 | else |
2724 | 0 | *mb++=(double)maa/(double)mab; |
2725 | 0 | } |
2726 | 0 | } |
2727 | 0 | break; |
2728 | 0 | case TIFF_SRATIONAL: |
2729 | 0 | { |
2730 | 0 | uint32_t* ma; |
2731 | 0 | int32_t maa; |
2732 | 0 | uint32_t mab; |
2733 | 0 | double* mb; |
2734 | 0 | uint32_t n; |
2735 | 0 | ma=(uint32_t*)origdata; |
2736 | 0 | mb=data; |
2737 | 0 | for (n=0; n<count; n++) |
2738 | 0 | { |
2739 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2740 | 0 | TIFFSwabLong(ma); |
2741 | 0 | maa=*(int32_t*)ma; |
2742 | 0 | ma++; |
2743 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2744 | 0 | TIFFSwabLong(ma); |
2745 | 0 | mab=*ma++; |
2746 | 0 | if (mab==0) |
2747 | 0 | *mb++=0.0; |
2748 | 0 | else |
2749 | 0 | *mb++=(double)maa/(double)mab; |
2750 | 0 | } |
2751 | 0 | } |
2752 | 0 | break; |
2753 | 0 | case TIFF_FLOAT: |
2754 | 0 | { |
2755 | 0 | float* ma; |
2756 | 0 | double* mb; |
2757 | 0 | uint32_t n; |
2758 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2759 | 0 | TIFFSwabArrayOfLong((uint32_t*)origdata, count); |
2760 | 0 | TIFFCvtIEEEFloatToNative(tif,count,(float*)origdata); |
2761 | 0 | ma=(float*)origdata; |
2762 | 0 | mb=data; |
2763 | 0 | for (n=0; n<count; n++) |
2764 | 0 | *mb++=(double)(*ma++); |
2765 | 0 | } |
2766 | 0 | break; |
2767 | 0 | } |
2768 | 0 | _TIFFfree(origdata); |
2769 | 0 | *value=data; |
2770 | 0 | return(TIFFReadDirEntryErrOk); |
2771 | 0 | } |
2772 | | |
2773 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64_t** value) |
2774 | 0 | { |
2775 | 0 | enum TIFFReadDirEntryErr err; |
2776 | 0 | uint32_t count; |
2777 | 0 | void* origdata; |
2778 | 0 | uint64_t* data; |
2779 | 0 | switch (direntry->tdir_type) |
2780 | 0 | { |
2781 | 0 | case TIFF_LONG: |
2782 | 0 | case TIFF_LONG8: |
2783 | 0 | case TIFF_IFD: |
2784 | 0 | case TIFF_IFD8: |
2785 | 0 | break; |
2786 | 0 | default: |
2787 | 0 | return(TIFFReadDirEntryErrType); |
2788 | 0 | } |
2789 | 0 | err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata); |
2790 | 0 | if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) |
2791 | 0 | { |
2792 | 0 | *value=0; |
2793 | 0 | return(err); |
2794 | 0 | } |
2795 | 0 | switch (direntry->tdir_type) |
2796 | 0 | { |
2797 | 0 | case TIFF_LONG8: |
2798 | 0 | case TIFF_IFD8: |
2799 | 0 | *value=(uint64_t*)origdata; |
2800 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2801 | 0 | TIFFSwabArrayOfLong8(*value,count); |
2802 | 0 | return(TIFFReadDirEntryErrOk); |
2803 | 0 | } |
2804 | 0 | data=(uint64_t*)_TIFFmalloc(count * 8); |
2805 | 0 | if (data==0) |
2806 | 0 | { |
2807 | 0 | _TIFFfree(origdata); |
2808 | 0 | return(TIFFReadDirEntryErrAlloc); |
2809 | 0 | } |
2810 | 0 | switch (direntry->tdir_type) |
2811 | 0 | { |
2812 | 0 | case TIFF_LONG: |
2813 | 0 | case TIFF_IFD: |
2814 | 0 | { |
2815 | 0 | uint32_t* ma; |
2816 | 0 | uint64_t* mb; |
2817 | 0 | uint32_t n; |
2818 | 0 | ma=(uint32_t*)origdata; |
2819 | 0 | mb=data; |
2820 | 0 | for (n=0; n<count; n++) |
2821 | 0 | { |
2822 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2823 | 0 | TIFFSwabLong(ma); |
2824 | 0 | *mb++=(uint64_t)(*ma++); |
2825 | 0 | } |
2826 | 0 | } |
2827 | 0 | break; |
2828 | 0 | } |
2829 | 0 | _TIFFfree(origdata); |
2830 | 0 | *value=data; |
2831 | 0 | return(TIFFReadDirEntryErrOk); |
2832 | 0 | } |
2833 | | |
2834 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16_t* value) |
2835 | 0 | { |
2836 | 0 | enum TIFFReadDirEntryErr err; |
2837 | 0 | uint16_t* m; |
2838 | 0 | uint16_t* na; |
2839 | 0 | uint16_t nb; |
2840 | 0 | if (direntry->tdir_count<(uint64_t)tif->tif_dir.td_samplesperpixel) |
2841 | 0 | return(TIFFReadDirEntryErrCount); |
2842 | 0 | err=TIFFReadDirEntryShortArray(tif,direntry,&m); |
2843 | 0 | if (err!=TIFFReadDirEntryErrOk || m == NULL) |
2844 | 0 | return(err); |
2845 | 0 | na=m; |
2846 | 0 | nb=tif->tif_dir.td_samplesperpixel; |
2847 | 0 | *value=*na++; |
2848 | 0 | nb--; |
2849 | 0 | while (nb>0) |
2850 | 0 | { |
2851 | 0 | if (*na++!=*value) |
2852 | 0 | { |
2853 | 0 | err=TIFFReadDirEntryErrPsdif; |
2854 | 0 | break; |
2855 | 0 | } |
2856 | 0 | nb--; |
2857 | 0 | } |
2858 | 0 | _TIFFfree(m); |
2859 | 0 | return(err); |
2860 | 0 | } |
2861 | | |
2862 | | #if 0 |
2863 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value) |
2864 | | { |
2865 | | enum TIFFReadDirEntryErr err; |
2866 | | double* m; |
2867 | | double* na; |
2868 | | uint16_t nb; |
2869 | | if (direntry->tdir_count<(uint64_t)tif->tif_dir.td_samplesperpixel) |
2870 | | return(TIFFReadDirEntryErrCount); |
2871 | | err=TIFFReadDirEntryDoubleArray(tif,direntry,&m); |
2872 | | if (err!=TIFFReadDirEntryErrOk) |
2873 | | return(err); |
2874 | | na=m; |
2875 | | nb=tif->tif_dir.td_samplesperpixel; |
2876 | | *value=*na++; |
2877 | | nb--; |
2878 | | while (nb>0) |
2879 | | { |
2880 | | if (*na++!=*value) |
2881 | | { |
2882 | | err=TIFFReadDirEntryErrPsdif; |
2883 | | break; |
2884 | | } |
2885 | | nb--; |
2886 | | } |
2887 | | _TIFFfree(m); |
2888 | | return(err); |
2889 | | } |
2890 | | #endif |
2891 | | |
2892 | | static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8_t* value) |
2893 | 0 | { |
2894 | 0 | (void) tif; |
2895 | 0 | *value=*(uint8_t*)(&direntry->tdir_offset); |
2896 | 0 | } |
2897 | | |
2898 | | static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8_t* value) |
2899 | 0 | { |
2900 | 0 | (void) tif; |
2901 | 0 | *value=*(int8_t*)(&direntry->tdir_offset); |
2902 | 0 | } |
2903 | | |
2904 | | static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16_t* value) |
2905 | 0 | { |
2906 | 0 | *value = direntry->tdir_offset.toff_short; |
2907 | | /* *value=*(uint16_t*)(&direntry->tdir_offset); */ |
2908 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2909 | 0 | TIFFSwabShort(value); |
2910 | 0 | } |
2911 | | |
2912 | | static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16_t* value) |
2913 | 0 | { |
2914 | 0 | *value=*(int16_t*)(&direntry->tdir_offset); |
2915 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2916 | 0 | TIFFSwabShort((uint16_t*)value); |
2917 | 0 | } |
2918 | | |
2919 | | static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32_t* value) |
2920 | 0 | { |
2921 | 0 | *value=*(uint32_t*)(&direntry->tdir_offset); |
2922 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2923 | 0 | TIFFSwabLong(value); |
2924 | 0 | } |
2925 | | |
2926 | | static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32_t* value) |
2927 | 0 | { |
2928 | 0 | *value=*(int32_t*)(&direntry->tdir_offset); |
2929 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2930 | 0 | TIFFSwabLong((uint32_t*)value); |
2931 | 0 | } |
2932 | | |
2933 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64_t* value) |
2934 | 0 | { |
2935 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
2936 | 0 | { |
2937 | 0 | enum TIFFReadDirEntryErr err; |
2938 | 0 | uint32_t offset = direntry->tdir_offset.toff_long; |
2939 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2940 | 0 | TIFFSwabLong(&offset); |
2941 | 0 | err=TIFFReadDirEntryData(tif,offset,8,value); |
2942 | 0 | if (err!=TIFFReadDirEntryErrOk) |
2943 | 0 | return(err); |
2944 | 0 | } |
2945 | 0 | else |
2946 | 0 | *value = direntry->tdir_offset.toff_long8; |
2947 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2948 | 0 | TIFFSwabLong8(value); |
2949 | 0 | return(TIFFReadDirEntryErrOk); |
2950 | 0 | } |
2951 | | |
2952 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64_t* value) |
2953 | 0 | { |
2954 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
2955 | 0 | { |
2956 | 0 | enum TIFFReadDirEntryErr err; |
2957 | 0 | uint32_t offset = direntry->tdir_offset.toff_long; |
2958 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2959 | 0 | TIFFSwabLong(&offset); |
2960 | 0 | err=TIFFReadDirEntryData(tif,offset,8,value); |
2961 | 0 | if (err!=TIFFReadDirEntryErrOk) |
2962 | 0 | return(err); |
2963 | 0 | } |
2964 | 0 | else |
2965 | 0 | *value=*(int64_t*)(&direntry->tdir_offset); |
2966 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2967 | 0 | TIFFSwabLong8((uint64_t*)value); |
2968 | 0 | return(TIFFReadDirEntryErrOk); |
2969 | 0 | } |
2970 | | |
2971 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value) |
2972 | 0 | { |
2973 | 0 | UInt64Aligned_t m; |
2974 | |
|
2975 | 0 | assert(sizeof(double)==8); |
2976 | 0 | assert(sizeof(uint64_t) == 8); |
2977 | 0 | assert(sizeof(uint32_t) == 4); |
2978 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
2979 | 0 | { |
2980 | 0 | enum TIFFReadDirEntryErr err; |
2981 | 0 | uint32_t offset = direntry->tdir_offset.toff_long; |
2982 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2983 | 0 | TIFFSwabLong(&offset); |
2984 | 0 | err=TIFFReadDirEntryData(tif,offset,8,m.i); |
2985 | 0 | if (err!=TIFFReadDirEntryErrOk) |
2986 | 0 | return(err); |
2987 | 0 | } |
2988 | 0 | else |
2989 | 0 | m.l = direntry->tdir_offset.toff_long8; |
2990 | 0 | if (tif->tif_flags&TIFF_SWAB) |
2991 | 0 | TIFFSwabArrayOfLong(m.i,2); |
2992 | | /* Not completely sure what we should do when m.i[1]==0, but some */ |
2993 | | /* sanitizers do not like division by 0.0: */ |
2994 | | /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ |
2995 | 0 | if (m.i[0]==0 || m.i[1]==0) |
2996 | 0 | *value=0.0; |
2997 | 0 | else |
2998 | 0 | *value=(double)m.i[0]/(double)m.i[1]; |
2999 | 0 | return(TIFFReadDirEntryErrOk); |
3000 | 0 | } |
3001 | | |
3002 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value) |
3003 | 0 | { |
3004 | 0 | UInt64Aligned_t m; |
3005 | 0 | assert(sizeof(double)==8); |
3006 | 0 | assert(sizeof(uint64_t) == 8); |
3007 | 0 | assert(sizeof(int32_t) == 4); |
3008 | 0 | assert(sizeof(uint32_t) == 4); |
3009 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
3010 | 0 | { |
3011 | 0 | enum TIFFReadDirEntryErr err; |
3012 | 0 | uint32_t offset = direntry->tdir_offset.toff_long; |
3013 | 0 | if (tif->tif_flags&TIFF_SWAB) |
3014 | 0 | TIFFSwabLong(&offset); |
3015 | 0 | err=TIFFReadDirEntryData(tif,offset,8,m.i); |
3016 | 0 | if (err!=TIFFReadDirEntryErrOk) |
3017 | 0 | return(err); |
3018 | 0 | } |
3019 | 0 | else |
3020 | 0 | m.l=direntry->tdir_offset.toff_long8; |
3021 | 0 | if (tif->tif_flags&TIFF_SWAB) |
3022 | 0 | TIFFSwabArrayOfLong(m.i,2); |
3023 | | /* Not completely sure what we should do when m.i[1]==0, but some */ |
3024 | | /* sanitizers do not like division by 0.0: */ |
3025 | | /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ |
3026 | 0 | if ((int32_t)m.i[0] == 0 || m.i[1] == 0) |
3027 | 0 | *value=0.0; |
3028 | 0 | else |
3029 | 0 | *value= (double)((int32_t)m.i[0]) / (double)m.i[1]; |
3030 | 0 | return(TIFFReadDirEntryErrOk); |
3031 | 0 | } |
3032 | | |
3033 | | static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value) |
3034 | 0 | { |
3035 | 0 | union |
3036 | 0 | { |
3037 | 0 | float f; |
3038 | 0 | uint32_t i; |
3039 | 0 | } float_union; |
3040 | 0 | assert(sizeof(float)==4); |
3041 | 0 | assert(sizeof(uint32_t) == 4); |
3042 | 0 | assert(sizeof(float_union)==4); |
3043 | 0 | float_union.i=*(uint32_t*)(&direntry->tdir_offset); |
3044 | 0 | *value=float_union.f; |
3045 | 0 | if (tif->tif_flags&TIFF_SWAB) |
3046 | 0 | TIFFSwabLong((uint32_t*)value); |
3047 | 0 | } |
3048 | | |
3049 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value) |
3050 | 0 | { |
3051 | 0 | assert(sizeof(double)==8); |
3052 | 0 | assert(sizeof(uint64_t) == 8); |
3053 | 0 | assert(sizeof(UInt64Aligned_t)==8); |
3054 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
3055 | 0 | { |
3056 | 0 | enum TIFFReadDirEntryErr err; |
3057 | 0 | uint32_t offset = direntry->tdir_offset.toff_long; |
3058 | 0 | if (tif->tif_flags&TIFF_SWAB) |
3059 | 0 | TIFFSwabLong(&offset); |
3060 | 0 | err=TIFFReadDirEntryData(tif,offset,8,value); |
3061 | 0 | if (err!=TIFFReadDirEntryErrOk) |
3062 | 0 | return(err); |
3063 | 0 | } |
3064 | 0 | else |
3065 | 0 | { |
3066 | 0 | UInt64Aligned_t uint64_union; |
3067 | 0 | uint64_union.l=direntry->tdir_offset.toff_long8; |
3068 | 0 | *value=uint64_union.d; |
3069 | 0 | } |
3070 | 0 | if (tif->tif_flags&TIFF_SWAB) |
3071 | 0 | TIFFSwabLong8((uint64_t*)value); |
3072 | 0 | return(TIFFReadDirEntryErrOk); |
3073 | 0 | } |
3074 | | |
3075 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8_t value) |
3076 | 0 | { |
3077 | 0 | if (value<0) |
3078 | 0 | return(TIFFReadDirEntryErrRange); |
3079 | 0 | else |
3080 | 0 | return(TIFFReadDirEntryErrOk); |
3081 | 0 | } |
3082 | | |
3083 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16_t value) |
3084 | 0 | { |
3085 | 0 | if (value>0xFF) |
3086 | 0 | return(TIFFReadDirEntryErrRange); |
3087 | 0 | else |
3088 | 0 | return(TIFFReadDirEntryErrOk); |
3089 | 0 | } |
3090 | | |
3091 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16_t value) |
3092 | 0 | { |
3093 | 0 | if ((value<0)||(value>0xFF)) |
3094 | 0 | return(TIFFReadDirEntryErrRange); |
3095 | 0 | else |
3096 | 0 | return(TIFFReadDirEntryErrOk); |
3097 | 0 | } |
3098 | | |
3099 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32_t value) |
3100 | 0 | { |
3101 | 0 | if (value>0xFF) |
3102 | 0 | return(TIFFReadDirEntryErrRange); |
3103 | 0 | else |
3104 | 0 | return(TIFFReadDirEntryErrOk); |
3105 | 0 | } |
3106 | | |
3107 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32_t value) |
3108 | 0 | { |
3109 | 0 | if ((value<0)||(value>0xFF)) |
3110 | 0 | return(TIFFReadDirEntryErrRange); |
3111 | 0 | else |
3112 | 0 | return(TIFFReadDirEntryErrOk); |
3113 | 0 | } |
3114 | | |
3115 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64_t value) |
3116 | 0 | { |
3117 | 0 | if (value>0xFF) |
3118 | 0 | return(TIFFReadDirEntryErrRange); |
3119 | 0 | else |
3120 | 0 | return(TIFFReadDirEntryErrOk); |
3121 | 0 | } |
3122 | | |
3123 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64_t value) |
3124 | 0 | { |
3125 | 0 | if ((value<0)||(value>0xFF)) |
3126 | 0 | return(TIFFReadDirEntryErrRange); |
3127 | 0 | else |
3128 | 0 | return(TIFFReadDirEntryErrOk); |
3129 | 0 | } |
3130 | | |
3131 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8_t value) |
3132 | 0 | { |
3133 | 0 | if (value>0x7F) |
3134 | 0 | return(TIFFReadDirEntryErrRange); |
3135 | 0 | else |
3136 | 0 | return(TIFFReadDirEntryErrOk); |
3137 | 0 | } |
3138 | | |
3139 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16_t value) |
3140 | 0 | { |
3141 | 0 | if (value>0x7F) |
3142 | 0 | return(TIFFReadDirEntryErrRange); |
3143 | 0 | else |
3144 | 0 | return(TIFFReadDirEntryErrOk); |
3145 | 0 | } |
3146 | | |
3147 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16_t value) |
3148 | 0 | { |
3149 | 0 | if ((value<-0x80)||(value>0x7F)) |
3150 | 0 | return(TIFFReadDirEntryErrRange); |
3151 | 0 | else |
3152 | 0 | return(TIFFReadDirEntryErrOk); |
3153 | 0 | } |
3154 | | |
3155 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32_t value) |
3156 | 0 | { |
3157 | 0 | if (value>0x7F) |
3158 | 0 | return(TIFFReadDirEntryErrRange); |
3159 | 0 | else |
3160 | 0 | return(TIFFReadDirEntryErrOk); |
3161 | 0 | } |
3162 | | |
3163 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32_t value) |
3164 | 0 | { |
3165 | 0 | if ((value<-0x80)||(value>0x7F)) |
3166 | 0 | return(TIFFReadDirEntryErrRange); |
3167 | 0 | else |
3168 | 0 | return(TIFFReadDirEntryErrOk); |
3169 | 0 | } |
3170 | | |
3171 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64_t value) |
3172 | 0 | { |
3173 | 0 | if (value>0x7F) |
3174 | 0 | return(TIFFReadDirEntryErrRange); |
3175 | 0 | else |
3176 | 0 | return(TIFFReadDirEntryErrOk); |
3177 | 0 | } |
3178 | | |
3179 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64_t value) |
3180 | 0 | { |
3181 | 0 | if ((value<-0x80)||(value>0x7F)) |
3182 | 0 | return(TIFFReadDirEntryErrRange); |
3183 | 0 | else |
3184 | 0 | return(TIFFReadDirEntryErrOk); |
3185 | 0 | } |
3186 | | |
3187 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8_t value) |
3188 | 0 | { |
3189 | 0 | if (value<0) |
3190 | 0 | return(TIFFReadDirEntryErrRange); |
3191 | 0 | else |
3192 | 0 | return(TIFFReadDirEntryErrOk); |
3193 | 0 | } |
3194 | | |
3195 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16_t value) |
3196 | 0 | { |
3197 | 0 | if (value<0) |
3198 | 0 | return(TIFFReadDirEntryErrRange); |
3199 | 0 | else |
3200 | 0 | return(TIFFReadDirEntryErrOk); |
3201 | 0 | } |
3202 | | |
3203 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32_t value) |
3204 | 0 | { |
3205 | 0 | if (value>0xFFFF) |
3206 | 0 | return(TIFFReadDirEntryErrRange); |
3207 | 0 | else |
3208 | 0 | return(TIFFReadDirEntryErrOk); |
3209 | 0 | } |
3210 | | |
3211 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32_t value) |
3212 | 0 | { |
3213 | 0 | if ((value<0)||(value>0xFFFF)) |
3214 | 0 | return(TIFFReadDirEntryErrRange); |
3215 | 0 | else |
3216 | 0 | return(TIFFReadDirEntryErrOk); |
3217 | 0 | } |
3218 | | |
3219 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64_t value) |
3220 | 0 | { |
3221 | 0 | if (value>0xFFFF) |
3222 | 0 | return(TIFFReadDirEntryErrRange); |
3223 | 0 | else |
3224 | 0 | return(TIFFReadDirEntryErrOk); |
3225 | 0 | } |
3226 | | |
3227 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64_t value) |
3228 | 0 | { |
3229 | 0 | if ((value<0)||(value>0xFFFF)) |
3230 | 0 | return(TIFFReadDirEntryErrRange); |
3231 | 0 | else |
3232 | 0 | return(TIFFReadDirEntryErrOk); |
3233 | 0 | } |
3234 | | |
3235 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16_t value) |
3236 | 0 | { |
3237 | 0 | if (value>0x7FFF) |
3238 | 0 | return(TIFFReadDirEntryErrRange); |
3239 | 0 | else |
3240 | 0 | return(TIFFReadDirEntryErrOk); |
3241 | 0 | } |
3242 | | |
3243 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32_t value) |
3244 | 0 | { |
3245 | 0 | if (value>0x7FFF) |
3246 | 0 | return(TIFFReadDirEntryErrRange); |
3247 | 0 | else |
3248 | 0 | return(TIFFReadDirEntryErrOk); |
3249 | 0 | } |
3250 | | |
3251 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32_t value) |
3252 | 0 | { |
3253 | 0 | if ((value<-0x8000)||(value>0x7FFF)) |
3254 | 0 | return(TIFFReadDirEntryErrRange); |
3255 | 0 | else |
3256 | 0 | return(TIFFReadDirEntryErrOk); |
3257 | 0 | } |
3258 | | |
3259 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64_t value) |
3260 | 0 | { |
3261 | 0 | if (value>0x7FFF) |
3262 | 0 | return(TIFFReadDirEntryErrRange); |
3263 | 0 | else |
3264 | 0 | return(TIFFReadDirEntryErrOk); |
3265 | 0 | } |
3266 | | |
3267 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64_t value) |
3268 | 0 | { |
3269 | 0 | if ((value<-0x8000)||(value>0x7FFF)) |
3270 | 0 | return(TIFFReadDirEntryErrRange); |
3271 | 0 | else |
3272 | 0 | return(TIFFReadDirEntryErrOk); |
3273 | 0 | } |
3274 | | |
3275 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8_t value) |
3276 | 0 | { |
3277 | 0 | if (value<0) |
3278 | 0 | return(TIFFReadDirEntryErrRange); |
3279 | 0 | else |
3280 | 0 | return(TIFFReadDirEntryErrOk); |
3281 | 0 | } |
3282 | | |
3283 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16_t value) |
3284 | 0 | { |
3285 | 0 | if (value<0) |
3286 | 0 | return(TIFFReadDirEntryErrRange); |
3287 | 0 | else |
3288 | 0 | return(TIFFReadDirEntryErrOk); |
3289 | 0 | } |
3290 | | |
3291 | | static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32_t value) |
3292 | 0 | { |
3293 | 0 | if (value<0) |
3294 | 0 | return(TIFFReadDirEntryErrRange); |
3295 | 0 | else |
3296 | 0 | return(TIFFReadDirEntryErrOk); |
3297 | 0 | } |
3298 | | |
3299 | | static enum TIFFReadDirEntryErr |
3300 | | TIFFReadDirEntryCheckRangeLongLong8(uint64_t value) |
3301 | 0 | { |
3302 | 0 | if (value > UINT32_MAX) |
3303 | 0 | return(TIFFReadDirEntryErrRange); |
3304 | 0 | else |
3305 | 0 | return(TIFFReadDirEntryErrOk); |
3306 | 0 | } |
3307 | | |
3308 | | static enum TIFFReadDirEntryErr |
3309 | | TIFFReadDirEntryCheckRangeLongSlong8(int64_t value) |
3310 | 0 | { |
3311 | 0 | if ((value < 0) || (value > (int64_t) UINT32_MAX)) |
3312 | 0 | return(TIFFReadDirEntryErrRange); |
3313 | 0 | else |
3314 | 0 | return(TIFFReadDirEntryErrOk); |
3315 | 0 | } |
3316 | | |
3317 | | static enum TIFFReadDirEntryErr |
3318 | | TIFFReadDirEntryCheckRangeSlongLong(uint32_t value) |
3319 | 0 | { |
3320 | 0 | if (value > 0x7FFFFFFFUL) |
3321 | 0 | return(TIFFReadDirEntryErrRange); |
3322 | 0 | else |
3323 | 0 | return(TIFFReadDirEntryErrOk); |
3324 | 0 | } |
3325 | | |
3326 | | /* Check that the 8-byte unsigned value can fit in a 4-byte unsigned range */ |
3327 | | static enum TIFFReadDirEntryErr |
3328 | | TIFFReadDirEntryCheckRangeSlongLong8(uint64_t value) |
3329 | 0 | { |
3330 | 0 | if (value > 0x7FFFFFFF) |
3331 | 0 | return(TIFFReadDirEntryErrRange); |
3332 | 0 | else |
3333 | 0 | return(TIFFReadDirEntryErrOk); |
3334 | 0 | } |
3335 | | |
3336 | | /* Check that the 8-byte signed value can fit in a 4-byte signed range */ |
3337 | | static enum TIFFReadDirEntryErr |
3338 | | TIFFReadDirEntryCheckRangeSlongSlong8(int64_t value) |
3339 | 0 | { |
3340 | 0 | if ((value < 0-((int64_t) 0x7FFFFFFF + 1)) || (value > 0x7FFFFFFF)) |
3341 | 0 | return(TIFFReadDirEntryErrRange); |
3342 | 0 | else |
3343 | 0 | return(TIFFReadDirEntryErrOk); |
3344 | 0 | } |
3345 | | |
3346 | | static enum TIFFReadDirEntryErr |
3347 | | TIFFReadDirEntryCheckRangeLong8Sbyte(int8_t value) |
3348 | 0 | { |
3349 | 0 | if (value < 0) |
3350 | 0 | return(TIFFReadDirEntryErrRange); |
3351 | 0 | else |
3352 | 0 | return(TIFFReadDirEntryErrOk); |
3353 | 0 | } |
3354 | | |
3355 | | static enum TIFFReadDirEntryErr |
3356 | | TIFFReadDirEntryCheckRangeLong8Sshort(int16_t value) |
3357 | 0 | { |
3358 | 0 | if (value < 0) |
3359 | 0 | return(TIFFReadDirEntryErrRange); |
3360 | 0 | else |
3361 | 0 | return(TIFFReadDirEntryErrOk); |
3362 | 0 | } |
3363 | | |
3364 | | static enum TIFFReadDirEntryErr |
3365 | | TIFFReadDirEntryCheckRangeLong8Slong(int32_t value) |
3366 | 0 | { |
3367 | 0 | if (value < 0) |
3368 | 0 | return(TIFFReadDirEntryErrRange); |
3369 | 0 | else |
3370 | 0 | return(TIFFReadDirEntryErrOk); |
3371 | 0 | } |
3372 | | |
3373 | | static enum TIFFReadDirEntryErr |
3374 | | TIFFReadDirEntryCheckRangeLong8Slong8(int64_t value) |
3375 | 0 | { |
3376 | 0 | if (value < 0) |
3377 | 0 | return(TIFFReadDirEntryErrRange); |
3378 | 0 | else |
3379 | 0 | return(TIFFReadDirEntryErrOk); |
3380 | 0 | } |
3381 | | |
3382 | | static enum TIFFReadDirEntryErr |
3383 | | TIFFReadDirEntryCheckRangeSlong8Long8(uint64_t value) |
3384 | 0 | { |
3385 | 0 | if (value > INT64_MAX) |
3386 | 0 | return(TIFFReadDirEntryErrRange); |
3387 | 0 | else |
3388 | 0 | return(TIFFReadDirEntryErrOk); |
3389 | 0 | } |
3390 | | |
3391 | | static enum TIFFReadDirEntryErr |
3392 | | TIFFReadDirEntryData(TIFF* tif, uint64_t offset, tmsize_t size, void* dest) |
3393 | 0 | { |
3394 | 0 | assert(size>0); |
3395 | 0 | if (!isMapped(tif)) { |
3396 | 0 | if (!SeekOK(tif,offset)) |
3397 | 0 | return(TIFFReadDirEntryErrIo); |
3398 | 0 | if (!ReadOK(tif,dest,size)) |
3399 | 0 | return(TIFFReadDirEntryErrIo); |
3400 | 0 | } else { |
3401 | 0 | size_t ma,mb; |
3402 | 0 | ma=(size_t)offset; |
3403 | 0 | if((uint64_t)ma != offset || |
3404 | 0 | ma > (~(size_t)0) - (size_t)size ) |
3405 | 0 | { |
3406 | 0 | return TIFFReadDirEntryErrIo; |
3407 | 0 | } |
3408 | 0 | mb=ma+size; |
3409 | 0 | if (mb > (uint64_t)tif->tif_size) |
3410 | 0 | return(TIFFReadDirEntryErrIo); |
3411 | 0 | _TIFFmemcpy(dest,tif->tif_base+ma,size); |
3412 | 0 | } |
3413 | 0 | return(TIFFReadDirEntryErrOk); |
3414 | 0 | } |
3415 | | |
3416 | | static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover) |
3417 | 0 | { |
3418 | 0 | if (!recover) { |
3419 | 0 | switch (err) { |
3420 | 0 | case TIFFReadDirEntryErrCount: |
3421 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
3422 | 0 | "Incorrect count for \"%s\"", |
3423 | 0 | tagname); |
3424 | 0 | break; |
3425 | 0 | case TIFFReadDirEntryErrType: |
3426 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
3427 | 0 | "Incompatible type for \"%s\"", |
3428 | 0 | tagname); |
3429 | 0 | break; |
3430 | 0 | case TIFFReadDirEntryErrIo: |
3431 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
3432 | 0 | "IO error during reading of \"%s\"", |
3433 | 0 | tagname); |
3434 | 0 | break; |
3435 | 0 | case TIFFReadDirEntryErrRange: |
3436 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
3437 | 0 | "Incorrect value for \"%s\"", |
3438 | 0 | tagname); |
3439 | 0 | break; |
3440 | 0 | case TIFFReadDirEntryErrPsdif: |
3441 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
3442 | 0 | "Cannot handle different values per sample for \"%s\"", |
3443 | 0 | tagname); |
3444 | 0 | break; |
3445 | 0 | case TIFFReadDirEntryErrSizesan: |
3446 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
3447 | 0 | "Sanity check on size of \"%s\" value failed", |
3448 | 0 | tagname); |
3449 | 0 | break; |
3450 | 0 | case TIFFReadDirEntryErrAlloc: |
3451 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
3452 | 0 | "Out of memory reading of \"%s\"", |
3453 | 0 | tagname); |
3454 | 0 | break; |
3455 | 0 | default: |
3456 | 0 | assert(0); /* we should never get here */ |
3457 | 0 | break; |
3458 | 0 | } |
3459 | 0 | } else { |
3460 | 0 | switch (err) { |
3461 | 0 | case TIFFReadDirEntryErrCount: |
3462 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
3463 | 0 | "Incorrect count for \"%s\"; tag ignored", |
3464 | 0 | tagname); |
3465 | 0 | break; |
3466 | 0 | case TIFFReadDirEntryErrType: |
3467 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
3468 | 0 | "Incompatible type for \"%s\"; tag ignored", |
3469 | 0 | tagname); |
3470 | 0 | break; |
3471 | 0 | case TIFFReadDirEntryErrIo: |
3472 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
3473 | 0 | "IO error during reading of \"%s\"; tag ignored", |
3474 | 0 | tagname); |
3475 | 0 | break; |
3476 | 0 | case TIFFReadDirEntryErrRange: |
3477 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
3478 | 0 | "Incorrect value for \"%s\"; tag ignored", |
3479 | 0 | tagname); |
3480 | 0 | break; |
3481 | 0 | case TIFFReadDirEntryErrPsdif: |
3482 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
3483 | 0 | "Cannot handle different values per sample for \"%s\"; tag ignored", |
3484 | 0 | tagname); |
3485 | 0 | break; |
3486 | 0 | case TIFFReadDirEntryErrSizesan: |
3487 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
3488 | 0 | "Sanity check on size of \"%s\" value failed; tag ignored", |
3489 | 0 | tagname); |
3490 | 0 | break; |
3491 | 0 | case TIFFReadDirEntryErrAlloc: |
3492 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
3493 | 0 | "Out of memory reading of \"%s\"; tag ignored", |
3494 | 0 | tagname); |
3495 | 0 | break; |
3496 | 0 | default: |
3497 | 0 | assert(0); /* we should never get here */ |
3498 | 0 | break; |
3499 | 0 | } |
3500 | 0 | } |
3501 | 0 | } |
3502 | | |
3503 | | /* |
3504 | | * Return the maximum number of color channels specified for a given photometric |
3505 | | * type. 0 is returned if photometric type isn't supported or no default value |
3506 | | * is defined by the specification. |
3507 | | */ |
3508 | | static int _TIFFGetMaxColorChannels(uint16_t photometric ) |
3509 | 0 | { |
3510 | 0 | switch (photometric) { |
3511 | 0 | case PHOTOMETRIC_PALETTE: |
3512 | 0 | case PHOTOMETRIC_MINISWHITE: |
3513 | 0 | case PHOTOMETRIC_MINISBLACK: |
3514 | 0 | return 1; |
3515 | 0 | case PHOTOMETRIC_YCBCR: |
3516 | 0 | case PHOTOMETRIC_RGB: |
3517 | 0 | case PHOTOMETRIC_CIELAB: |
3518 | 0 | case PHOTOMETRIC_LOGLUV: |
3519 | 0 | case PHOTOMETRIC_ITULAB: |
3520 | 0 | case PHOTOMETRIC_ICCLAB: |
3521 | 0 | return 3; |
3522 | 0 | case PHOTOMETRIC_SEPARATED: |
3523 | 0 | case PHOTOMETRIC_MASK: |
3524 | 0 | return 4; |
3525 | 0 | case PHOTOMETRIC_LOGL: |
3526 | 0 | case PHOTOMETRIC_CFA: |
3527 | 0 | default: |
3528 | 0 | return 0; |
3529 | 0 | } |
3530 | 0 | } |
3531 | | |
3532 | | static int ByteCountLooksBad(TIFF* tif) |
3533 | 0 | { |
3534 | | /* |
3535 | | * Assume we have wrong StripByteCount value (in case |
3536 | | * of single strip) in following cases: |
3537 | | * - it is equal to zero along with StripOffset; |
3538 | | * - it is larger than file itself (in case of uncompressed |
3539 | | * image); |
3540 | | * - it is smaller than the size of the bytes per row |
3541 | | * multiplied on the number of rows. The last case should |
3542 | | * not be checked in the case of writing new image, |
3543 | | * because we may do not know the exact strip size |
3544 | | * until the whole image will be written and directory |
3545 | | * dumped out. |
3546 | | */ |
3547 | 0 | uint64_t bytecount = TIFFGetStrileByteCount(tif, 0); |
3548 | 0 | uint64_t offset = TIFFGetStrileOffset(tif, 0); |
3549 | 0 | uint64_t filesize; |
3550 | |
|
3551 | 0 | if( offset == 0 ) |
3552 | 0 | return 0; |
3553 | 0 | if (bytecount == 0) |
3554 | 0 | return 1; |
3555 | 0 | if ( tif->tif_dir.td_compression != COMPRESSION_NONE ) |
3556 | 0 | return 0; |
3557 | 0 | filesize = TIFFGetFileSize(tif); |
3558 | 0 | if( offset <= filesize && bytecount > filesize - offset ) |
3559 | 0 | return 1; |
3560 | 0 | if( tif->tif_mode == O_RDONLY ) |
3561 | 0 | { |
3562 | 0 | uint64_t scanlinesize = TIFFScanlineSize64(tif); |
3563 | 0 | if( tif->tif_dir.td_imagelength > 0 && |
3564 | 0 | scanlinesize > UINT64_MAX / tif->tif_dir.td_imagelength ) |
3565 | 0 | { |
3566 | 0 | return 1; |
3567 | 0 | } |
3568 | 0 | if( bytecount < scanlinesize * tif->tif_dir.td_imagelength) |
3569 | 0 | return 1; |
3570 | 0 | } |
3571 | 0 | return 0; |
3572 | 0 | } |
3573 | | |
3574 | | |
3575 | | /* |
3576 | | * Read the next TIFF directory from a file and convert it to the internal |
3577 | | * format. We read directories sequentially. |
3578 | | */ |
3579 | | int |
3580 | | TIFFReadDirectory(TIFF* tif) |
3581 | 0 | { |
3582 | 0 | static const char module[] = "TIFFReadDirectory"; |
3583 | 0 | TIFFDirEntry* dir; |
3584 | 0 | uint16_t dircount; |
3585 | 0 | TIFFDirEntry* dp; |
3586 | 0 | uint16_t di; |
3587 | 0 | const TIFFField* fip; |
3588 | 0 | uint32_t fii=FAILED_FII; |
3589 | 0 | toff_t nextdiroff; |
3590 | 0 | int bitspersample_read = FALSE; |
3591 | 0 | int color_channels; |
3592 | |
|
3593 | 0 | tif->tif_diroff=tif->tif_nextdiroff; |
3594 | 0 | if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff)) |
3595 | 0 | return 0; /* last offset or bad offset (IFD looping) */ |
3596 | 0 | (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */ |
3597 | 0 | tif->tif_curdir++; |
3598 | 0 | nextdiroff = tif->tif_nextdiroff; |
3599 | 0 | dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff); |
3600 | 0 | if (!dircount) |
3601 | 0 | { |
3602 | 0 | TIFFErrorExt(tif->tif_clientdata,module, |
3603 | 0 | "Failed to read directory at offset %" PRIu64, nextdiroff); |
3604 | 0 | return 0; |
3605 | 0 | } |
3606 | 0 | TIFFReadDirectoryCheckOrder(tif,dir,dircount); |
3607 | | |
3608 | | /* |
3609 | | * Mark duplicates of any tag to be ignored (bugzilla 1994) |
3610 | | * to avoid certain pathological problems. |
3611 | | */ |
3612 | 0 | { |
3613 | 0 | TIFFDirEntry* ma; |
3614 | 0 | uint16_t mb; |
3615 | 0 | for (ma=dir, mb=0; mb<dircount; ma++, mb++) |
3616 | 0 | { |
3617 | 0 | TIFFDirEntry* na; |
3618 | 0 | uint16_t nb; |
3619 | 0 | for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++) |
3620 | 0 | { |
3621 | 0 | if (ma->tdir_tag == na->tdir_tag) { |
3622 | 0 | na->tdir_ignore = TRUE; |
3623 | 0 | } |
3624 | 0 | } |
3625 | 0 | } |
3626 | 0 | } |
3627 | | |
3628 | 0 | tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */ |
3629 | 0 | tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */ |
3630 | 0 | tif->tif_flags &= ~TIFF_CHOPPEDUPARRAYS; |
3631 | | |
3632 | | /* free any old stuff and reinit */ |
3633 | 0 | TIFFFreeDirectory(tif); |
3634 | 0 | TIFFDefaultDirectory(tif); |
3635 | | /* |
3636 | | * Electronic Arts writes gray-scale TIFF files |
3637 | | * without a PlanarConfiguration directory entry. |
3638 | | * Thus we setup a default value here, even though |
3639 | | * the TIFF spec says there is no default value. |
3640 | | */ |
3641 | 0 | TIFFSetField(tif,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG); |
3642 | | /* |
3643 | | * Setup default value and then make a pass over |
3644 | | * the fields to check type and tag information, |
3645 | | * and to extract info required to size data |
3646 | | * structures. A second pass is made afterwards |
3647 | | * to read in everything not taken in the first pass. |
3648 | | * But we must process the Compression tag first |
3649 | | * in order to merge in codec-private tag definitions (otherwise |
3650 | | * we may get complaints about unknown tags). However, the |
3651 | | * Compression tag may be dependent on the SamplesPerPixel |
3652 | | * tag value because older TIFF specs permitted Compression |
3653 | | * to be written as a SamplesPerPixel-count tag entry. |
3654 | | * Thus if we don't first figure out the correct SamplesPerPixel |
3655 | | * tag value then we may end up ignoring the Compression tag |
3656 | | * value because it has an incorrect count value (if the |
3657 | | * true value of SamplesPerPixel is not 1). |
3658 | | */ |
3659 | 0 | dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_SAMPLESPERPIXEL); |
3660 | 0 | if (dp) |
3661 | 0 | { |
3662 | 0 | if (!TIFFFetchNormalTag(tif,dp,0)) |
3663 | 0 | goto bad; |
3664 | 0 | dp->tdir_ignore = TRUE; |
3665 | 0 | } |
3666 | 0 | dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION); |
3667 | 0 | if (dp) |
3668 | 0 | { |
3669 | | /* |
3670 | | * The 5.0 spec says the Compression tag has one value, while |
3671 | | * earlier specs say it has one value per sample. Because of |
3672 | | * this, we accept the tag if one value is supplied with either |
3673 | | * count. |
3674 | | */ |
3675 | 0 | uint16_t value; |
3676 | 0 | enum TIFFReadDirEntryErr err; |
3677 | 0 | err=TIFFReadDirEntryShort(tif,dp,&value); |
3678 | 0 | if (err==TIFFReadDirEntryErrCount) |
3679 | 0 | err=TIFFReadDirEntryPersampleShort(tif,dp,&value); |
3680 | 0 | if (err!=TIFFReadDirEntryErrOk) |
3681 | 0 | { |
3682 | 0 | TIFFReadDirEntryOutputErr(tif,err,module,"Compression",0); |
3683 | 0 | goto bad; |
3684 | 0 | } |
3685 | 0 | if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value)) |
3686 | 0 | goto bad; |
3687 | 0 | dp->tdir_ignore = TRUE; |
3688 | 0 | } |
3689 | 0 | else |
3690 | 0 | { |
3691 | 0 | if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,COMPRESSION_NONE)) |
3692 | 0 | goto bad; |
3693 | 0 | } |
3694 | | /* |
3695 | | * First real pass over the directory. |
3696 | | */ |
3697 | 0 | for (di=0, dp=dir; di<dircount; di++, dp++) |
3698 | 0 | { |
3699 | 0 | if (!dp->tdir_ignore) |
3700 | 0 | { |
3701 | 0 | TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); |
3702 | 0 | if (fii == FAILED_FII) |
3703 | 0 | { |
3704 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
3705 | 0 | "Unknown field with tag %"PRIu16" (0x%"PRIx16") encountered", |
3706 | 0 | dp->tdir_tag,dp->tdir_tag); |
3707 | | /* the following knowingly leaks the |
3708 | | anonymous field structure */ |
3709 | 0 | if (!_TIFFMergeFields(tif, |
3710 | 0 | _TIFFCreateAnonField(tif, |
3711 | 0 | dp->tdir_tag, |
3712 | 0 | (TIFFDataType) dp->tdir_type), |
3713 | 0 | 1)) { |
3714 | 0 | TIFFWarningExt(tif->tif_clientdata, |
3715 | 0 | module, |
3716 | 0 | "Registering anonymous field with tag %"PRIu16" (0x%"PRIx16") failed", |
3717 | 0 | dp->tdir_tag, |
3718 | 0 | dp->tdir_tag); |
3719 | 0 | dp->tdir_ignore = TRUE; |
3720 | 0 | } else { |
3721 | 0 | TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); |
3722 | 0 | assert(fii != FAILED_FII); |
3723 | 0 | } |
3724 | 0 | } |
3725 | 0 | } |
3726 | 0 | if (!dp->tdir_ignore) |
3727 | 0 | { |
3728 | 0 | fip=tif->tif_fields[fii]; |
3729 | 0 | if (fip->field_bit==FIELD_IGNORE) |
3730 | 0 | dp->tdir_ignore = TRUE; |
3731 | 0 | else |
3732 | 0 | { |
3733 | 0 | switch (dp->tdir_tag) |
3734 | 0 | { |
3735 | 0 | case TIFFTAG_STRIPOFFSETS: |
3736 | 0 | case TIFFTAG_STRIPBYTECOUNTS: |
3737 | 0 | case TIFFTAG_TILEOFFSETS: |
3738 | 0 | case TIFFTAG_TILEBYTECOUNTS: |
3739 | 0 | TIFFSetFieldBit(tif,fip->field_bit); |
3740 | 0 | break; |
3741 | 0 | case TIFFTAG_IMAGEWIDTH: |
3742 | 0 | case TIFFTAG_IMAGELENGTH: |
3743 | 0 | case TIFFTAG_IMAGEDEPTH: |
3744 | 0 | case TIFFTAG_TILELENGTH: |
3745 | 0 | case TIFFTAG_TILEWIDTH: |
3746 | 0 | case TIFFTAG_TILEDEPTH: |
3747 | 0 | case TIFFTAG_PLANARCONFIG: |
3748 | 0 | case TIFFTAG_ROWSPERSTRIP: |
3749 | 0 | case TIFFTAG_EXTRASAMPLES: |
3750 | 0 | if (!TIFFFetchNormalTag(tif,dp,0)) |
3751 | 0 | goto bad; |
3752 | 0 | dp->tdir_ignore = TRUE; |
3753 | 0 | break; |
3754 | 0 | default: |
3755 | 0 | if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) |
3756 | 0 | dp->tdir_ignore = TRUE; |
3757 | 0 | break; |
3758 | 0 | } |
3759 | 0 | } |
3760 | 0 | } |
3761 | 0 | } |
3762 | | /* |
3763 | | * XXX: OJPEG hack. |
3764 | | * If a) compression is OJPEG, b) planarconfig tag says it's separate, |
3765 | | * c) strip offsets/bytecounts tag are both present and |
3766 | | * d) both contain exactly one value, then we consistently find |
3767 | | * that the buggy implementation of the buggy compression scheme |
3768 | | * matches contig planarconfig best. So we 'fix-up' the tag here |
3769 | | */ |
3770 | 0 | if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&& |
3771 | 0 | (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE)) |
3772 | 0 | { |
3773 | 0 | if (!_TIFFFillStriles(tif)) |
3774 | 0 | goto bad; |
3775 | 0 | dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS); |
3776 | 0 | if ((dp!=0)&&(dp->tdir_count==1)) |
3777 | 0 | { |
3778 | 0 | dp=TIFFReadDirectoryFindEntry(tif,dir,dircount, |
3779 | 0 | TIFFTAG_STRIPBYTECOUNTS); |
3780 | 0 | if ((dp!=0)&&(dp->tdir_count==1)) |
3781 | 0 | { |
3782 | 0 | tif->tif_dir.td_planarconfig=PLANARCONFIG_CONTIG; |
3783 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
3784 | 0 | "Planarconfig tag value assumed incorrect, " |
3785 | 0 | "assuming data is contig instead of chunky"); |
3786 | 0 | } |
3787 | 0 | } |
3788 | 0 | } |
3789 | | /* |
3790 | | * Allocate directory structure and setup defaults. |
3791 | | */ |
3792 | 0 | if (!TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS)) |
3793 | 0 | { |
3794 | 0 | MissingRequired(tif,"ImageLength"); |
3795 | 0 | goto bad; |
3796 | 0 | } |
3797 | | /* |
3798 | | * Setup appropriate structures (by strip or by tile) |
3799 | | */ |
3800 | 0 | if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) { |
3801 | 0 | tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif); |
3802 | 0 | tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth; |
3803 | 0 | tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip; |
3804 | 0 | tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth; |
3805 | 0 | tif->tif_flags &= ~TIFF_ISTILED; |
3806 | 0 | } else { |
3807 | 0 | tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif); |
3808 | 0 | tif->tif_flags |= TIFF_ISTILED; |
3809 | 0 | } |
3810 | 0 | if (!tif->tif_dir.td_nstrips) { |
3811 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
3812 | 0 | "Cannot handle zero number of %s", |
3813 | 0 | isTiled(tif) ? "tiles" : "strips"); |
3814 | 0 | goto bad; |
3815 | 0 | } |
3816 | 0 | tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips; |
3817 | 0 | if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE) |
3818 | 0 | tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel; |
3819 | 0 | if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) { |
3820 | | #ifdef OJPEG_SUPPORT |
3821 | | if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) && |
3822 | | (isTiled(tif)==0) && |
3823 | | (tif->tif_dir.td_nstrips==1)) { |
3824 | | /* |
3825 | | * XXX: OJPEG hack. |
3826 | | * If a) compression is OJPEG, b) it's not a tiled TIFF, |
3827 | | * and c) the number of strips is 1, |
3828 | | * then we tolerate the absence of stripoffsets tag, |
3829 | | * because, presumably, all required data is in the |
3830 | | * JpegInterchangeFormat stream. |
3831 | | */ |
3832 | | TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS); |
3833 | | } else |
3834 | | #endif |
3835 | 0 | { |
3836 | 0 | MissingRequired(tif, |
3837 | 0 | isTiled(tif) ? "TileOffsets" : "StripOffsets"); |
3838 | 0 | goto bad; |
3839 | 0 | } |
3840 | 0 | } |
3841 | | /* |
3842 | | * Second pass: extract other information. |
3843 | | */ |
3844 | 0 | for (di=0, dp=dir; di<dircount; di++, dp++) |
3845 | 0 | { |
3846 | 0 | if (!dp->tdir_ignore) { |
3847 | 0 | switch (dp->tdir_tag) |
3848 | 0 | { |
3849 | 0 | case TIFFTAG_MINSAMPLEVALUE: |
3850 | 0 | case TIFFTAG_MAXSAMPLEVALUE: |
3851 | 0 | case TIFFTAG_BITSPERSAMPLE: |
3852 | 0 | case TIFFTAG_DATATYPE: |
3853 | 0 | case TIFFTAG_SAMPLEFORMAT: |
3854 | | /* |
3855 | | * The MinSampleValue, MaxSampleValue, BitsPerSample |
3856 | | * DataType and SampleFormat tags are supposed to be |
3857 | | * written as one value/sample, but some vendors |
3858 | | * incorrectly write one value only -- so we accept |
3859 | | * that as well (yuck). Other vendors write correct |
3860 | | * value for NumberOfSamples, but incorrect one for |
3861 | | * BitsPerSample and friends, and we will read this |
3862 | | * too. |
3863 | | */ |
3864 | 0 | { |
3865 | 0 | uint16_t value; |
3866 | 0 | enum TIFFReadDirEntryErr err; |
3867 | 0 | err=TIFFReadDirEntryShort(tif,dp,&value); |
3868 | 0 | if (err==TIFFReadDirEntryErrCount) |
3869 | 0 | err=TIFFReadDirEntryPersampleShort(tif,dp,&value); |
3870 | 0 | if (err!=TIFFReadDirEntryErrOk) |
3871 | 0 | { |
3872 | 0 | fip = TIFFFieldWithTag(tif,dp->tdir_tag); |
3873 | 0 | TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); |
3874 | 0 | goto bad; |
3875 | 0 | } |
3876 | 0 | if (!TIFFSetField(tif,dp->tdir_tag,value)) |
3877 | 0 | goto bad; |
3878 | 0 | if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE ) |
3879 | 0 | bitspersample_read = TRUE; |
3880 | 0 | } |
3881 | 0 | break; |
3882 | 0 | case TIFFTAG_SMINSAMPLEVALUE: |
3883 | 0 | case TIFFTAG_SMAXSAMPLEVALUE: |
3884 | 0 | { |
3885 | |
|
3886 | 0 | double *data = NULL; |
3887 | 0 | enum TIFFReadDirEntryErr err; |
3888 | 0 | uint32_t saved_flags; |
3889 | 0 | int m; |
3890 | 0 | if (dp->tdir_count != (uint64_t)tif->tif_dir.td_samplesperpixel) |
3891 | 0 | err = TIFFReadDirEntryErrCount; |
3892 | 0 | else |
3893 | 0 | err = TIFFReadDirEntryDoubleArray(tif, dp, &data); |
3894 | 0 | if (err!=TIFFReadDirEntryErrOk) |
3895 | 0 | { |
3896 | 0 | fip = TIFFFieldWithTag(tif,dp->tdir_tag); |
3897 | 0 | TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); |
3898 | 0 | goto bad; |
3899 | 0 | } |
3900 | 0 | saved_flags = tif->tif_flags; |
3901 | 0 | tif->tif_flags |= TIFF_PERSAMPLE; |
3902 | 0 | m = TIFFSetField(tif,dp->tdir_tag,data); |
3903 | 0 | tif->tif_flags = saved_flags; |
3904 | 0 | _TIFFfree(data); |
3905 | 0 | if (!m) |
3906 | 0 | goto bad; |
3907 | 0 | } |
3908 | 0 | break; |
3909 | 0 | case TIFFTAG_STRIPOFFSETS: |
3910 | 0 | case TIFFTAG_TILEOFFSETS: |
3911 | 0 | switch( dp->tdir_type ) |
3912 | 0 | { |
3913 | 0 | case TIFF_SHORT: |
3914 | 0 | case TIFF_LONG: |
3915 | 0 | case TIFF_LONG8: |
3916 | 0 | break; |
3917 | 0 | default: |
3918 | | /* Warn except if directory typically created with TIFFDeferStrileArrayWriting() */ |
3919 | 0 | if( !(tif->tif_mode == O_RDWR && |
3920 | 0 | dp->tdir_count == 0 && |
3921 | 0 | dp->tdir_type == 0 && |
3922 | 0 | dp->tdir_offset.toff_long8 == 0) ) |
3923 | 0 | { |
3924 | 0 | fip = TIFFFieldWithTag(tif,dp->tdir_tag); |
3925 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
3926 | 0 | "Invalid data type for tag %s", |
3927 | 0 | fip ? fip->field_name : "unknown tagname"); |
3928 | 0 | } |
3929 | 0 | break; |
3930 | 0 | } |
3931 | 0 | _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry), |
3932 | 0 | dp, sizeof(TIFFDirEntry) ); |
3933 | 0 | break; |
3934 | 0 | case TIFFTAG_STRIPBYTECOUNTS: |
3935 | 0 | case TIFFTAG_TILEBYTECOUNTS: |
3936 | 0 | switch( dp->tdir_type ) |
3937 | 0 | { |
3938 | 0 | case TIFF_SHORT: |
3939 | 0 | case TIFF_LONG: |
3940 | 0 | case TIFF_LONG8: |
3941 | 0 | break; |
3942 | 0 | default: |
3943 | | /* Warn except if directory typically created with TIFFDeferStrileArrayWriting() */ |
3944 | 0 | if( !(tif->tif_mode == O_RDWR && |
3945 | 0 | dp->tdir_count == 0 && |
3946 | 0 | dp->tdir_type == 0 && |
3947 | 0 | dp->tdir_offset.toff_long8 == 0) ) |
3948 | 0 | { |
3949 | 0 | fip = TIFFFieldWithTag(tif,dp->tdir_tag); |
3950 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
3951 | 0 | "Invalid data type for tag %s", |
3952 | 0 | fip ? fip->field_name : "unknown tagname"); |
3953 | 0 | } |
3954 | 0 | break; |
3955 | 0 | } |
3956 | 0 | _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry), |
3957 | 0 | dp, sizeof(TIFFDirEntry) ); |
3958 | 0 | break; |
3959 | 0 | case TIFFTAG_COLORMAP: |
3960 | 0 | case TIFFTAG_TRANSFERFUNCTION: |
3961 | 0 | { |
3962 | 0 | enum TIFFReadDirEntryErr err; |
3963 | 0 | uint32_t countpersample; |
3964 | 0 | uint32_t countrequired; |
3965 | 0 | uint32_t incrementpersample; |
3966 | 0 | uint16_t* value=NULL; |
3967 | | /* It would be dangerous to instantiate those tag values */ |
3968 | | /* since if td_bitspersample has not yet been read (due to */ |
3969 | | /* unordered tags), it could be read afterwards with a */ |
3970 | | /* values greater than the default one (1), which may cause */ |
3971 | | /* crashes in user code */ |
3972 | 0 | if( !bitspersample_read ) |
3973 | 0 | { |
3974 | 0 | fip = TIFFFieldWithTag(tif,dp->tdir_tag); |
3975 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
3976 | 0 | "Ignoring %s since BitsPerSample tag not found", |
3977 | 0 | fip ? fip->field_name : "unknown tagname"); |
3978 | 0 | continue; |
3979 | 0 | } |
3980 | | /* ColorMap or TransferFunction for high bit */ |
3981 | | /* depths do not make much sense and could be */ |
3982 | | /* used as a denial of service vector */ |
3983 | 0 | if (tif->tif_dir.td_bitspersample > 24) |
3984 | 0 | { |
3985 | 0 | fip = TIFFFieldWithTag(tif,dp->tdir_tag); |
3986 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
3987 | 0 | "Ignoring %s because BitsPerSample=%"PRIu16">24", |
3988 | 0 | fip ? fip->field_name : "unknown tagname", |
3989 | 0 | tif->tif_dir.td_bitspersample); |
3990 | 0 | continue; |
3991 | 0 | } |
3992 | 0 | countpersample=(1U<<tif->tif_dir.td_bitspersample); |
3993 | 0 | if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64_t)countpersample)) |
3994 | 0 | { |
3995 | 0 | countrequired=countpersample; |
3996 | 0 | incrementpersample=0; |
3997 | 0 | } |
3998 | 0 | else |
3999 | 0 | { |
4000 | 0 | countrequired=3*countpersample; |
4001 | 0 | incrementpersample=countpersample; |
4002 | 0 | } |
4003 | 0 | if (dp->tdir_count!=(uint64_t)countrequired) |
4004 | 0 | err=TIFFReadDirEntryErrCount; |
4005 | 0 | else |
4006 | 0 | err=TIFFReadDirEntryShortArray(tif,dp,&value); |
4007 | 0 | if (err!=TIFFReadDirEntryErrOk) |
4008 | 0 | { |
4009 | 0 | fip = TIFFFieldWithTag(tif,dp->tdir_tag); |
4010 | 0 | TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1); |
4011 | 0 | } |
4012 | 0 | else |
4013 | 0 | { |
4014 | 0 | TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample); |
4015 | 0 | _TIFFfree(value); |
4016 | 0 | } |
4017 | 0 | } |
4018 | 0 | break; |
4019 | | /* BEGIN REV 4.0 COMPATIBILITY */ |
4020 | 0 | case TIFFTAG_OSUBFILETYPE: |
4021 | 0 | { |
4022 | 0 | uint16_t valueo; |
4023 | 0 | uint32_t value; |
4024 | 0 | if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk) |
4025 | 0 | { |
4026 | 0 | switch (valueo) |
4027 | 0 | { |
4028 | 0 | case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break; |
4029 | 0 | case OFILETYPE_PAGE: value=FILETYPE_PAGE; break; |
4030 | 0 | default: value=0; break; |
4031 | 0 | } |
4032 | 0 | if (value!=0) |
4033 | 0 | TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value); |
4034 | 0 | } |
4035 | 0 | } |
4036 | 0 | break; |
4037 | | /* END REV 4.0 COMPATIBILITY */ |
4038 | 0 | default: |
4039 | 0 | (void) TIFFFetchNormalTag(tif, dp, TRUE); |
4040 | 0 | break; |
4041 | 0 | } |
4042 | 0 | } /* -- if (!dp->tdir_ignore) */ |
4043 | 0 | } /* -- for-loop -- */ |
4044 | | |
4045 | 0 | if( tif->tif_mode == O_RDWR && |
4046 | 0 | tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 && |
4047 | 0 | tif->tif_dir.td_stripoffset_entry.tdir_count == 0 && |
4048 | 0 | tif->tif_dir.td_stripoffset_entry.tdir_type == 0 && |
4049 | 0 | tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 && |
4050 | 0 | tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 && |
4051 | 0 | tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 && |
4052 | 0 | tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 && |
4053 | 0 | tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0 ) |
4054 | 0 | { |
4055 | | /* Directory typically created with TIFFDeferStrileArrayWriting() */ |
4056 | 0 | TIFFSetupStrips(tif); |
4057 | 0 | } |
4058 | 0 | else if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) ) |
4059 | 0 | { |
4060 | 0 | if( tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 ) |
4061 | 0 | { |
4062 | 0 | if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripoffset_entry), |
4063 | 0 | tif->tif_dir.td_nstrips, |
4064 | 0 | &tif->tif_dir.td_stripoffset_p)) |
4065 | 0 | { |
4066 | 0 | goto bad; |
4067 | 0 | } |
4068 | 0 | } |
4069 | 0 | if( tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 ) |
4070 | 0 | { |
4071 | 0 | if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripbytecount_entry), |
4072 | 0 | tif->tif_dir.td_nstrips, |
4073 | 0 | &tif->tif_dir.td_stripbytecount_p)) |
4074 | 0 | { |
4075 | 0 | goto bad; |
4076 | 0 | } |
4077 | 0 | } |
4078 | 0 | } |
4079 | | |
4080 | | /* |
4081 | | * OJPEG hack: |
4082 | | * - If a) compression is OJPEG, and b) photometric tag is missing, |
4083 | | * then we consistently find that photometric should be YCbCr |
4084 | | * - If a) compression is OJPEG, and b) photometric tag says it's RGB, |
4085 | | * then we consistently find that the buggy implementation of the |
4086 | | * buggy compression scheme matches photometric YCbCr instead. |
4087 | | * - If a) compression is OJPEG, and b) bitspersample tag is missing, |
4088 | | * then we consistently find bitspersample should be 8. |
4089 | | * - If a) compression is OJPEG, b) samplesperpixel tag is missing, |
4090 | | * and c) photometric is RGB or YCbCr, then we consistently find |
4091 | | * samplesperpixel should be 3 |
4092 | | * - If a) compression is OJPEG, b) samplesperpixel tag is missing, |
4093 | | * and c) photometric is MINISWHITE or MINISBLACK, then we consistently |
4094 | | * find samplesperpixel should be 3 |
4095 | | */ |
4096 | 0 | if (tif->tif_dir.td_compression==COMPRESSION_OJPEG) |
4097 | 0 | { |
4098 | 0 | if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC)) |
4099 | 0 | { |
4100 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
4101 | 0 | "Photometric tag is missing, assuming data is YCbCr"); |
4102 | 0 | if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR)) |
4103 | 0 | goto bad; |
4104 | 0 | } |
4105 | 0 | else if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB) |
4106 | 0 | { |
4107 | 0 | tif->tif_dir.td_photometric=PHOTOMETRIC_YCBCR; |
4108 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
4109 | 0 | "Photometric tag value assumed incorrect, " |
4110 | 0 | "assuming data is YCbCr instead of RGB"); |
4111 | 0 | } |
4112 | 0 | if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE)) |
4113 | 0 | { |
4114 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
4115 | 0 | "BitsPerSample tag is missing, assuming 8 bits per sample"); |
4116 | 0 | if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8)) |
4117 | 0 | goto bad; |
4118 | 0 | } |
4119 | 0 | if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL)) |
4120 | 0 | { |
4121 | 0 | if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB) |
4122 | 0 | { |
4123 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
4124 | 0 | "SamplesPerPixel tag is missing, " |
4125 | 0 | "assuming correct SamplesPerPixel value is 3"); |
4126 | 0 | if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3)) |
4127 | 0 | goto bad; |
4128 | 0 | } |
4129 | 0 | if (tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR) |
4130 | 0 | { |
4131 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
4132 | 0 | "SamplesPerPixel tag is missing, " |
4133 | 0 | "applying correct SamplesPerPixel value of 3"); |
4134 | 0 | if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3)) |
4135 | 0 | goto bad; |
4136 | 0 | } |
4137 | 0 | else if ((tif->tif_dir.td_photometric==PHOTOMETRIC_MINISWHITE) |
4138 | 0 | || (tif->tif_dir.td_photometric==PHOTOMETRIC_MINISBLACK)) |
4139 | 0 | { |
4140 | | /* |
4141 | | * SamplesPerPixel tag is missing, but is not required |
4142 | | * by spec. Assume correct SamplesPerPixel value of 1. |
4143 | | */ |
4144 | 0 | if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1)) |
4145 | 0 | goto bad; |
4146 | 0 | } |
4147 | 0 | } |
4148 | 0 | } |
4149 | | |
4150 | | /* |
4151 | | * Make sure all non-color channels are extrasamples. |
4152 | | * If it's not the case, define them as such. |
4153 | | */ |
4154 | 0 | color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric); |
4155 | 0 | if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) { |
4156 | 0 | uint16_t old_extrasamples; |
4157 | 0 | uint16_t *new_sampleinfo; |
4158 | |
|
4159 | 0 | TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related " |
4160 | 0 | "color channels and ExtraSamples doesn't match SamplesPerPixel. " |
4161 | 0 | "Defining non-color channels as ExtraSamples."); |
4162 | |
|
4163 | 0 | old_extrasamples = tif->tif_dir.td_extrasamples; |
4164 | 0 | tif->tif_dir.td_extrasamples = (uint16_t) (tif->tif_dir.td_samplesperpixel - color_channels); |
4165 | | |
4166 | | // sampleinfo should contain information relative to these new extra samples |
4167 | 0 | new_sampleinfo = (uint16_t*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16_t)); |
4168 | 0 | if (!new_sampleinfo) { |
4169 | 0 | TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for " |
4170 | 0 | "temporary new sampleinfo array " |
4171 | 0 | "(%"PRIu16" 16 bit elements)", |
4172 | 0 | tif->tif_dir.td_extrasamples); |
4173 | 0 | goto bad; |
4174 | 0 | } |
4175 | | |
4176 | 0 | memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); |
4177 | 0 | _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); |
4178 | 0 | _TIFFfree(new_sampleinfo); |
4179 | 0 | } |
4180 | | |
4181 | | /* |
4182 | | * Verify Palette image has a Colormap. |
4183 | | */ |
4184 | 0 | if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE && |
4185 | 0 | !TIFFFieldSet(tif, FIELD_COLORMAP)) { |
4186 | 0 | if ( tif->tif_dir.td_bitspersample>=8 && tif->tif_dir.td_samplesperpixel==3) |
4187 | 0 | tif->tif_dir.td_photometric = PHOTOMETRIC_RGB; |
4188 | 0 | else if (tif->tif_dir.td_bitspersample>=8) |
4189 | 0 | tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK; |
4190 | 0 | else { |
4191 | 0 | MissingRequired(tif, "Colormap"); |
4192 | 0 | goto bad; |
4193 | 0 | } |
4194 | 0 | } |
4195 | | /* |
4196 | | * OJPEG hack: |
4197 | | * We do no further messing with strip/tile offsets/bytecounts in OJPEG |
4198 | | * TIFFs |
4199 | | */ |
4200 | 0 | if (tif->tif_dir.td_compression!=COMPRESSION_OJPEG) |
4201 | 0 | { |
4202 | | /* |
4203 | | * Attempt to deal with a missing StripByteCounts tag. |
4204 | | */ |
4205 | 0 | if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) { |
4206 | | /* |
4207 | | * Some manufacturers violate the spec by not giving |
4208 | | * the size of the strips. In this case, assume there |
4209 | | * is one uncompressed strip of data. |
4210 | | */ |
4211 | 0 | if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG && |
4212 | 0 | tif->tif_dir.td_nstrips > 1) || |
4213 | 0 | (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE && |
4214 | 0 | tif->tif_dir.td_nstrips != (uint32_t)tif->tif_dir.td_samplesperpixel)) { |
4215 | 0 | MissingRequired(tif, "StripByteCounts"); |
4216 | 0 | goto bad; |
4217 | 0 | } |
4218 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
4219 | 0 | "TIFF directory is missing required " |
4220 | 0 | "\"StripByteCounts\" field, calculating from imagelength"); |
4221 | 0 | if (EstimateStripByteCounts(tif, dir, dircount) < 0) |
4222 | 0 | goto bad; |
4223 | |
|
4224 | 0 | } else if (tif->tif_dir.td_nstrips == 1 |
4225 | 0 | && !(tif->tif_flags&TIFF_ISTILED) |
4226 | 0 | && ByteCountLooksBad(tif)) { |
4227 | | /* |
4228 | | * XXX: Plexus (and others) sometimes give a value of |
4229 | | * zero for a tag when they don't know what the |
4230 | | * correct value is! Try and handle the simple case |
4231 | | * of estimating the size of a one strip image. |
4232 | | */ |
4233 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
4234 | 0 | "Bogus \"StripByteCounts\" field, ignoring and calculating from imagelength"); |
4235 | 0 | if(EstimateStripByteCounts(tif, dir, dircount) < 0) |
4236 | 0 | goto bad; |
4237 | |
|
4238 | 0 | } else if (!(tif->tif_flags&TIFF_DEFERSTRILELOAD) |
4239 | 0 | && tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG |
4240 | 0 | && tif->tif_dir.td_nstrips > 2 |
4241 | 0 | && tif->tif_dir.td_compression == COMPRESSION_NONE |
4242 | 0 | && TIFFGetStrileByteCount(tif, 0) != TIFFGetStrileByteCount(tif, 1) |
4243 | 0 | && TIFFGetStrileByteCount(tif, 0) != 0 |
4244 | 0 | && TIFFGetStrileByteCount(tif, 1) != 0 ) { |
4245 | | /* |
4246 | | * XXX: Some vendors fill StripByteCount array with |
4247 | | * absolutely wrong values (it can be equal to |
4248 | | * StripOffset array, for example). Catch this case |
4249 | | * here. |
4250 | | * |
4251 | | * We avoid this check if deferring strile loading |
4252 | | * as it would always force us to load the strip/tile |
4253 | | * information. |
4254 | | */ |
4255 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
4256 | 0 | "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength"); |
4257 | 0 | if (EstimateStripByteCounts(tif, dir, dircount) < 0) |
4258 | 0 | goto bad; |
4259 | 0 | } |
4260 | 0 | } |
4261 | 0 | if (dir) |
4262 | 0 | { |
4263 | 0 | _TIFFfree(dir); |
4264 | 0 | dir=NULL; |
4265 | 0 | } |
4266 | 0 | if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE)) |
4267 | 0 | { |
4268 | 0 | if (tif->tif_dir.td_bitspersample>=16) |
4269 | 0 | tif->tif_dir.td_maxsamplevalue=0xFFFF; |
4270 | 0 | else |
4271 | 0 | tif->tif_dir.td_maxsamplevalue = (uint16_t)((1L << tif->tif_dir.td_bitspersample) - 1); |
4272 | 0 | } |
4273 | |
|
4274 | | #ifdef STRIPBYTECOUNTSORTED_UNUSED |
4275 | | /* |
4276 | | * XXX: We can optimize checking for the strip bounds using the sorted |
4277 | | * bytecounts array. See also comments for TIFFAppendToStrip() |
4278 | | * function in tif_write.c. |
4279 | | */ |
4280 | | if (!(tif->tif_flags&TIFF_DEFERSTRILELOAD) && tif->tif_dir.td_nstrips > 1) { |
4281 | | uint32_t strip; |
4282 | | |
4283 | | tif->tif_dir.td_stripbytecountsorted = 1; |
4284 | | for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) { |
4285 | | if (TIFFGetStrileOffset(tif, strip - 1) > |
4286 | | TIFFGetStrileOffset(tif, strip)) { |
4287 | | tif->tif_dir.td_stripbytecountsorted = 0; |
4288 | | break; |
4289 | | } |
4290 | | } |
4291 | | } |
4292 | | #endif |
4293 | | |
4294 | | /* |
4295 | | * An opportunity for compression mode dependent tag fixup |
4296 | | */ |
4297 | 0 | (*tif->tif_fixuptags)(tif); |
4298 | | |
4299 | | /* |
4300 | | * Some manufacturers make life difficult by writing |
4301 | | * large amounts of uncompressed data as a single strip. |
4302 | | * This is contrary to the recommendations of the spec. |
4303 | | * The following makes an attempt at breaking such images |
4304 | | * into strips closer to the recommended 8k bytes. A |
4305 | | * side effect, however, is that the RowsPerStrip tag |
4306 | | * value may be changed. |
4307 | | */ |
4308 | 0 | if ((tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&& |
4309 | 0 | (tif->tif_dir.td_nstrips==1)&& |
4310 | 0 | (tif->tif_dir.td_compression==COMPRESSION_NONE)&& |
4311 | 0 | ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP)) |
4312 | 0 | { |
4313 | 0 | ChopUpSingleUncompressedStrip(tif); |
4314 | 0 | } |
4315 | | |
4316 | | /* There are also uncompressed striped files with strips larger than */ |
4317 | | /* 2 GB, which make them unfriendly with a lot of code. If possible, */ |
4318 | | /* try to expose smaller "virtual" strips. */ |
4319 | 0 | if( tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG && |
4320 | 0 | tif->tif_dir.td_compression == COMPRESSION_NONE && |
4321 | 0 | (tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED)) == TIFF_STRIPCHOP && |
4322 | 0 | TIFFStripSize64(tif) > 0x7FFFFFFFUL ) |
4323 | 0 | { |
4324 | 0 | TryChopUpUncompressedBigTiff(tif); |
4325 | 0 | } |
4326 | | |
4327 | | /* |
4328 | | * Clear the dirty directory flag. |
4329 | | */ |
4330 | 0 | tif->tif_flags &= ~TIFF_DIRTYDIRECT; |
4331 | 0 | tif->tif_flags &= ~TIFF_DIRTYSTRIP; |
4332 | | |
4333 | | /* |
4334 | | * Reinitialize i/o since we are starting on a new directory. |
4335 | | */ |
4336 | 0 | tif->tif_row = (uint32_t) -1; |
4337 | 0 | tif->tif_curstrip = (uint32_t) -1; |
4338 | 0 | tif->tif_col = (uint32_t) -1; |
4339 | 0 | tif->tif_curtile = (uint32_t) -1; |
4340 | 0 | tif->tif_tilesize = (tmsize_t) -1; |
4341 | |
|
4342 | 0 | tif->tif_scanlinesize = TIFFScanlineSize(tif); |
4343 | 0 | if (!tif->tif_scanlinesize) { |
4344 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4345 | 0 | "Cannot handle zero scanline size"); |
4346 | 0 | return (0); |
4347 | 0 | } |
4348 | | |
4349 | 0 | if (isTiled(tif)) { |
4350 | 0 | tif->tif_tilesize = TIFFTileSize(tif); |
4351 | 0 | if (!tif->tif_tilesize) { |
4352 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4353 | 0 | "Cannot handle zero tile size"); |
4354 | 0 | return (0); |
4355 | 0 | } |
4356 | 0 | } else { |
4357 | 0 | if (!TIFFStripSize(tif)) { |
4358 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4359 | 0 | "Cannot handle zero strip size"); |
4360 | 0 | return (0); |
4361 | 0 | } |
4362 | 0 | } |
4363 | 0 | return (1); |
4364 | 0 | bad: |
4365 | 0 | if (dir) |
4366 | 0 | _TIFFfree(dir); |
4367 | 0 | return (0); |
4368 | 0 | } |
4369 | | |
4370 | | static void |
4371 | | TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16_t dircount) |
4372 | 0 | { |
4373 | 0 | static const char module[] = "TIFFReadDirectoryCheckOrder"; |
4374 | 0 | uint16_t m; |
4375 | 0 | uint16_t n; |
4376 | 0 | TIFFDirEntry* o; |
4377 | 0 | m=0; |
4378 | 0 | for (n=0, o=dir; n<dircount; n++, o++) |
4379 | 0 | { |
4380 | 0 | if (o->tdir_tag<m) |
4381 | 0 | { |
4382 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
4383 | 0 | "Invalid TIFF directory; tags are not sorted in ascending order"); |
4384 | 0 | break; |
4385 | 0 | } |
4386 | 0 | m=o->tdir_tag+1; |
4387 | 0 | } |
4388 | 0 | } |
4389 | | |
4390 | | static TIFFDirEntry* |
4391 | | TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16_t dircount, uint16_t tagid) |
4392 | 0 | { |
4393 | 0 | TIFFDirEntry* m; |
4394 | 0 | uint16_t n; |
4395 | 0 | (void) tif; |
4396 | 0 | for (m=dir, n=0; n<dircount; m++, n++) |
4397 | 0 | { |
4398 | 0 | if (m->tdir_tag==tagid) |
4399 | 0 | return(m); |
4400 | 0 | } |
4401 | 0 | return(0); |
4402 | 0 | } |
4403 | | |
4404 | | static void |
4405 | | TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16_t tagid, uint32_t* fii) |
4406 | 0 | { |
4407 | 0 | int32_t ma,mb,mc; |
4408 | 0 | ma=-1; |
4409 | 0 | mc=(int32_t)tif->tif_nfields; |
4410 | 0 | while (1) |
4411 | 0 | { |
4412 | 0 | if (ma+1==mc) |
4413 | 0 | { |
4414 | 0 | *fii = FAILED_FII; |
4415 | 0 | return; |
4416 | 0 | } |
4417 | 0 | mb=(ma+mc)/2; |
4418 | 0 | if (tif->tif_fields[mb]->field_tag==(uint32_t)tagid) |
4419 | 0 | break; |
4420 | 0 | if (tif->tif_fields[mb]->field_tag<(uint32_t)tagid) |
4421 | 0 | ma=mb; |
4422 | 0 | else |
4423 | 0 | mc=mb; |
4424 | 0 | } |
4425 | 0 | while (1) |
4426 | 0 | { |
4427 | 0 | if (mb==0) |
4428 | 0 | break; |
4429 | 0 | if (tif->tif_fields[mb-1]->field_tag!=(uint32_t)tagid) |
4430 | 0 | break; |
4431 | 0 | mb--; |
4432 | 0 | } |
4433 | 0 | *fii=mb; |
4434 | 0 | } |
4435 | | |
4436 | | /* |
4437 | | * Read custom directory from the arbitrary offset. |
4438 | | * The code is very similar to TIFFReadDirectory(). |
4439 | | */ |
4440 | | int |
4441 | | TIFFReadCustomDirectory(TIFF* tif, toff_t diroff, |
4442 | | const TIFFFieldArray* infoarray) |
4443 | 0 | { |
4444 | 0 | static const char module[] = "TIFFReadCustomDirectory"; |
4445 | 0 | TIFFDirEntry* dir; |
4446 | 0 | uint16_t dircount; |
4447 | 0 | TIFFDirEntry* dp; |
4448 | 0 | uint16_t di; |
4449 | 0 | const TIFFField* fip; |
4450 | 0 | uint32_t fii; |
4451 | 0 | (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */ |
4452 | 0 | _TIFFSetupFields(tif, infoarray); |
4453 | 0 | dircount=TIFFFetchDirectory(tif,diroff,&dir,NULL); |
4454 | 0 | if (!dircount) |
4455 | 0 | { |
4456 | 0 | TIFFErrorExt(tif->tif_clientdata,module, |
4457 | 0 | "Failed to read custom directory at offset %" PRIu64,diroff); |
4458 | 0 | return 0; |
4459 | 0 | } |
4460 | 0 | TIFFFreeDirectory(tif); |
4461 | 0 | _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory)); |
4462 | 0 | TIFFReadDirectoryCheckOrder(tif,dir,dircount); |
4463 | 0 | for (di=0, dp=dir; di<dircount; di++, dp++) |
4464 | 0 | { |
4465 | 0 | TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); |
4466 | 0 | if (fii == FAILED_FII) |
4467 | 0 | { |
4468 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
4469 | 0 | "Unknown field with tag %"PRIu16" (0x%"PRIx16") encountered", |
4470 | 0 | dp->tdir_tag, dp->tdir_tag); |
4471 | 0 | if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif, |
4472 | 0 | dp->tdir_tag, |
4473 | 0 | (TIFFDataType) dp->tdir_type), |
4474 | 0 | 1)) { |
4475 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
4476 | 0 | "Registering anonymous field with tag %"PRIu16" (0x%"PRIx16") failed", |
4477 | 0 | dp->tdir_tag, dp->tdir_tag); |
4478 | 0 | dp->tdir_ignore = TRUE; |
4479 | 0 | } else { |
4480 | 0 | TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); |
4481 | 0 | assert( fii != FAILED_FII ); |
4482 | 0 | } |
4483 | 0 | } |
4484 | 0 | if (!dp->tdir_ignore) |
4485 | 0 | { |
4486 | 0 | fip=tif->tif_fields[fii]; |
4487 | 0 | if (fip->field_bit==FIELD_IGNORE) |
4488 | 0 | dp->tdir_ignore = TRUE; |
4489 | 0 | else |
4490 | 0 | { |
4491 | | /* check data type */ |
4492 | 0 | while ((fip->field_type!=TIFF_ANY)&&(fip->field_type!=dp->tdir_type)) |
4493 | 0 | { |
4494 | 0 | fii++; |
4495 | 0 | if ((fii==tif->tif_nfields)|| |
4496 | 0 | (tif->tif_fields[fii]->field_tag!=(uint32_t)dp->tdir_tag)) |
4497 | 0 | { |
4498 | 0 | fii=0xFFFF; |
4499 | 0 | break; |
4500 | 0 | } |
4501 | 0 | fip=tif->tif_fields[fii]; |
4502 | 0 | } |
4503 | 0 | if (fii==0xFFFF) |
4504 | 0 | { |
4505 | 0 | TIFFWarningExt(tif->tif_clientdata, module, |
4506 | 0 | "Wrong data type %"PRIu16" for \"%s\"; tag ignored", |
4507 | 0 | dp->tdir_type,fip->field_name); |
4508 | 0 | dp->tdir_ignore = TRUE; |
4509 | 0 | } |
4510 | 0 | else |
4511 | 0 | { |
4512 | | /* check count if known in advance */ |
4513 | 0 | if ((fip->field_readcount!=TIFF_VARIABLE)&& |
4514 | 0 | (fip->field_readcount!=TIFF_VARIABLE2)) |
4515 | 0 | { |
4516 | 0 | uint32_t expected; |
4517 | 0 | if (fip->field_readcount==TIFF_SPP) |
4518 | 0 | expected=(uint32_t)tif->tif_dir.td_samplesperpixel; |
4519 | 0 | else |
4520 | 0 | expected=(uint32_t)fip->field_readcount; |
4521 | 0 | if (!CheckDirCount(tif,dp,expected)) |
4522 | 0 | dp->tdir_ignore = TRUE; |
4523 | 0 | } |
4524 | 0 | } |
4525 | 0 | } |
4526 | 0 | if (!dp->tdir_ignore) { |
4527 | 0 | switch (dp->tdir_tag) |
4528 | 0 | { |
4529 | 0 | case EXIFTAG_SUBJECTDISTANCE: |
4530 | 0 | (void)TIFFFetchSubjectDistance(tif, dp); |
4531 | 0 | break; |
4532 | 0 | default: |
4533 | 0 | (void)TIFFFetchNormalTag(tif, dp, TRUE); |
4534 | 0 | break; |
4535 | 0 | } |
4536 | 0 | } /*-- if (!dp->tdir_ignore) */ |
4537 | 0 | } |
4538 | 0 | } |
4539 | 0 | if (dir) |
4540 | 0 | _TIFFfree(dir); |
4541 | 0 | return 1; |
4542 | 0 | } |
4543 | | |
4544 | | /* |
4545 | | * EXIF is important special case of custom IFD, so we have a special |
4546 | | * function to read it. |
4547 | | */ |
4548 | | int |
4549 | | TIFFReadEXIFDirectory(TIFF* tif, toff_t diroff) |
4550 | 0 | { |
4551 | 0 | const TIFFFieldArray* exifFieldArray; |
4552 | 0 | exifFieldArray = _TIFFGetExifFields(); |
4553 | 0 | return TIFFReadCustomDirectory(tif, diroff, exifFieldArray); |
4554 | 0 | } |
4555 | | |
4556 | | /* |
4557 | | *--: EXIF-GPS custom directory reading as another special case of custom IFD. |
4558 | | */ |
4559 | | int |
4560 | | TIFFReadGPSDirectory(TIFF* tif, toff_t diroff) |
4561 | 0 | { |
4562 | 0 | const TIFFFieldArray* gpsFieldArray; |
4563 | 0 | gpsFieldArray = _TIFFGetGpsFields(); |
4564 | 0 | return TIFFReadCustomDirectory(tif, diroff, gpsFieldArray); |
4565 | 0 | } |
4566 | | |
4567 | | static int |
4568 | | EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16_t dircount) |
4569 | 0 | { |
4570 | 0 | static const char module[] = "EstimateStripByteCounts"; |
4571 | |
|
4572 | 0 | TIFFDirEntry *dp; |
4573 | 0 | TIFFDirectory *td = &tif->tif_dir; |
4574 | 0 | uint32_t strip; |
4575 | | |
4576 | | /* Do not try to load stripbytecount as we will compute it */ |
4577 | 0 | if( !_TIFFFillStrilesInternal( tif, 0 ) ) |
4578 | 0 | return -1; |
4579 | | |
4580 | 0 | if (td->td_stripbytecount_p) |
4581 | 0 | _TIFFfree(td->td_stripbytecount_p); |
4582 | 0 | td->td_stripbytecount_p = (uint64_t*) |
4583 | 0 | _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64_t), |
4584 | 0 | "for \"StripByteCounts\" array"); |
4585 | 0 | if( td->td_stripbytecount_p == NULL ) |
4586 | 0 | return -1; |
4587 | | |
4588 | 0 | if (td->td_compression != COMPRESSION_NONE) { |
4589 | 0 | uint64_t space; |
4590 | 0 | uint64_t filesize; |
4591 | 0 | uint16_t n; |
4592 | 0 | filesize = TIFFGetFileSize(tif); |
4593 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
4594 | 0 | space=sizeof(TIFFHeaderClassic)+2+dircount*12+4; |
4595 | 0 | else |
4596 | 0 | space=sizeof(TIFFHeaderBig)+8+dircount*20+8; |
4597 | | /* calculate amount of space used by indirect values */ |
4598 | 0 | for (dp = dir, n = dircount; n > 0; n--, dp++) |
4599 | 0 | { |
4600 | 0 | uint32_t typewidth; |
4601 | 0 | uint64_t datasize; |
4602 | 0 | typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type); |
4603 | 0 | if (typewidth == 0) { |
4604 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4605 | 0 | "Cannot determine size of unknown tag type %"PRIu16, |
4606 | 0 | dp->tdir_type); |
4607 | 0 | return -1; |
4608 | 0 | } |
4609 | 0 | if( dp->tdir_count > UINT64_MAX / typewidth ) |
4610 | 0 | return -1; |
4611 | 0 | datasize= (uint64_t)typewidth * dp->tdir_count; |
4612 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
4613 | 0 | { |
4614 | 0 | if (datasize<=4) |
4615 | 0 | datasize=0; |
4616 | 0 | } |
4617 | 0 | else |
4618 | 0 | { |
4619 | 0 | if (datasize<=8) |
4620 | 0 | datasize=0; |
4621 | 0 | } |
4622 | 0 | if( space > UINT64_MAX - datasize ) |
4623 | 0 | return -1; |
4624 | 0 | space+=datasize; |
4625 | 0 | } |
4626 | 0 | if( filesize < space ) |
4627 | | /* we should perhaps return in error ? */ |
4628 | 0 | space = filesize; |
4629 | 0 | else |
4630 | 0 | space = filesize - space; |
4631 | 0 | if (td->td_planarconfig == PLANARCONFIG_SEPARATE) |
4632 | 0 | space /= td->td_samplesperpixel; |
4633 | 0 | for (strip = 0; strip < td->td_nstrips; strip++) |
4634 | 0 | td->td_stripbytecount_p[strip] = space; |
4635 | | /* |
4636 | | * This gross hack handles the case were the offset to |
4637 | | * the last strip is past the place where we think the strip |
4638 | | * should begin. Since a strip of data must be contiguous, |
4639 | | * it's safe to assume that we've overestimated the amount |
4640 | | * of data in the strip and trim this number back accordingly. |
4641 | | */ |
4642 | 0 | strip--; |
4643 | 0 | if (td->td_stripoffset_p[strip] > UINT64_MAX - td->td_stripbytecount_p[strip]) |
4644 | 0 | return -1; |
4645 | 0 | if (td->td_stripoffset_p[strip]+td->td_stripbytecount_p[strip] > filesize) { |
4646 | 0 | if( td->td_stripoffset_p[strip] >= filesize ) { |
4647 | | /* Not sure what we should in that case... */ |
4648 | 0 | td->td_stripbytecount_p[strip] = 0; |
4649 | 0 | } else { |
4650 | 0 | td->td_stripbytecount_p[strip] = filesize - td->td_stripoffset_p[strip]; |
4651 | 0 | } |
4652 | 0 | } |
4653 | 0 | } else if (isTiled(tif)) { |
4654 | 0 | uint64_t bytespertile = TIFFTileSize64(tif); |
4655 | |
|
4656 | 0 | for (strip = 0; strip < td->td_nstrips; strip++) |
4657 | 0 | td->td_stripbytecount_p[strip] = bytespertile; |
4658 | 0 | } else { |
4659 | 0 | uint64_t rowbytes = TIFFScanlineSize64(tif); |
4660 | 0 | uint32_t rowsperstrip = td->td_imagelength / td->td_stripsperimage; |
4661 | 0 | for (strip = 0; strip < td->td_nstrips; strip++) |
4662 | 0 | { |
4663 | 0 | if( rowbytes > 0 && rowsperstrip > UINT64_MAX / rowbytes ) |
4664 | 0 | return -1; |
4665 | 0 | td->td_stripbytecount_p[strip] = rowbytes * rowsperstrip; |
4666 | 0 | } |
4667 | 0 | } |
4668 | 0 | TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS); |
4669 | 0 | if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP)) |
4670 | 0 | td->td_rowsperstrip = td->td_imagelength; |
4671 | 0 | return 1; |
4672 | 0 | } |
4673 | | |
4674 | | static void |
4675 | | MissingRequired(TIFF* tif, const char* tagname) |
4676 | 0 | { |
4677 | 0 | static const char module[] = "MissingRequired"; |
4678 | |
|
4679 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4680 | 0 | "TIFF directory is missing required \"%s\" field", |
4681 | 0 | tagname); |
4682 | 0 | } |
4683 | | |
4684 | | /* |
4685 | | * Check the directory offset against the list of already seen directory |
4686 | | * offsets. This is a trick to prevent IFD looping. The one can create TIFF |
4687 | | * file with looped directory pointers. We will maintain a list of already |
4688 | | * seen directories and check every IFD offset against that list. |
4689 | | */ |
4690 | | static int |
4691 | | TIFFCheckDirOffset(TIFF* tif, uint64_t diroff) |
4692 | 0 | { |
4693 | 0 | uint16_t n; |
4694 | |
|
4695 | 0 | if (diroff == 0) /* no more directories */ |
4696 | 0 | return 0; |
4697 | 0 | if (tif->tif_dirnumber == 65535) { |
4698 | 0 | TIFFErrorExt(tif->tif_clientdata, "TIFFCheckDirOffset", |
4699 | 0 | "Cannot handle more than 65535 TIFF directories"); |
4700 | 0 | return 0; |
4701 | 0 | } |
4702 | | |
4703 | 0 | for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) { |
4704 | 0 | if (tif->tif_dirlist[n] == diroff) |
4705 | 0 | return 0; |
4706 | 0 | } |
4707 | | |
4708 | 0 | tif->tif_dirnumber++; |
4709 | |
|
4710 | 0 | if (tif->tif_dirlist == NULL || tif->tif_dirnumber > tif->tif_dirlistsize) { |
4711 | 0 | uint64_t* new_dirlist; |
4712 | | |
4713 | | /* |
4714 | | * XXX: Reduce memory allocation granularity of the dirlist |
4715 | | * array. |
4716 | | */ |
4717 | 0 | new_dirlist = (uint64_t*)_TIFFCheckRealloc(tif, tif->tif_dirlist, |
4718 | 0 | tif->tif_dirnumber, 2 * sizeof(uint64_t), "for IFD list"); |
4719 | 0 | if (!new_dirlist) |
4720 | 0 | return 0; |
4721 | 0 | if( tif->tif_dirnumber >= 32768 ) |
4722 | 0 | tif->tif_dirlistsize = 65535; |
4723 | 0 | else |
4724 | 0 | tif->tif_dirlistsize = 2 * tif->tif_dirnumber; |
4725 | 0 | tif->tif_dirlist = new_dirlist; |
4726 | 0 | } |
4727 | | |
4728 | 0 | tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff; |
4729 | |
|
4730 | 0 | return 1; |
4731 | 0 | } |
4732 | | |
4733 | | /* |
4734 | | * Check the count field of a directory entry against a known value. The |
4735 | | * caller is expected to skip/ignore the tag if there is a mismatch. |
4736 | | */ |
4737 | | static int |
4738 | | CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32_t count) |
4739 | 0 | { |
4740 | 0 | if ((uint64_t)count > dir->tdir_count) { |
4741 | 0 | const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag); |
4742 | 0 | TIFFWarningExt(tif->tif_clientdata, tif->tif_name, |
4743 | 0 | "incorrect count for field \"%s\" (%" PRIu64 ", expecting %"PRIu32"); tag ignored", |
4744 | 0 | fip ? fip->field_name : "unknown tagname", |
4745 | 0 | dir->tdir_count, count); |
4746 | 0 | return (0); |
4747 | 0 | } else if ((uint64_t)count < dir->tdir_count) { |
4748 | 0 | const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag); |
4749 | 0 | TIFFWarningExt(tif->tif_clientdata, tif->tif_name, |
4750 | 0 | "incorrect count for field \"%s\" (%" PRIu64 ", expecting %"PRIu32"); tag trimmed", |
4751 | 0 | fip ? fip->field_name : "unknown tagname", |
4752 | 0 | dir->tdir_count, count); |
4753 | 0 | dir->tdir_count = count; |
4754 | 0 | return (1); |
4755 | 0 | } |
4756 | 0 | return (1); |
4757 | 0 | } |
4758 | | |
4759 | | /* |
4760 | | * Read IFD structure from the specified offset. If the pointer to |
4761 | | * nextdiroff variable has been specified, read it too. Function returns a |
4762 | | * number of fields in the directory or 0 if failed. |
4763 | | */ |
4764 | | static uint16_t |
4765 | | TIFFFetchDirectory(TIFF* tif, uint64_t diroff, TIFFDirEntry** pdir, |
4766 | | uint64_t *nextdiroff) |
4767 | 0 | { |
4768 | 0 | static const char module[] = "TIFFFetchDirectory"; |
4769 | |
|
4770 | 0 | void* origdir; |
4771 | 0 | uint16_t dircount16; |
4772 | 0 | uint32_t dirsize; |
4773 | 0 | TIFFDirEntry* dir; |
4774 | 0 | uint8_t* ma; |
4775 | 0 | TIFFDirEntry* mb; |
4776 | 0 | uint16_t n; |
4777 | |
|
4778 | 0 | assert(pdir); |
4779 | |
|
4780 | 0 | tif->tif_diroff = diroff; |
4781 | 0 | if (nextdiroff) |
4782 | 0 | *nextdiroff = 0; |
4783 | 0 | if (!isMapped(tif)) { |
4784 | 0 | if (!SeekOK(tif, tif->tif_diroff)) { |
4785 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4786 | 0 | "%s: Seek error accessing TIFF directory", |
4787 | 0 | tif->tif_name); |
4788 | 0 | return 0; |
4789 | 0 | } |
4790 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
4791 | 0 | { |
4792 | 0 | if (!ReadOK(tif, &dircount16, sizeof (uint16_t))) { |
4793 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4794 | 0 | "%s: Can not read TIFF directory count", |
4795 | 0 | tif->tif_name); |
4796 | 0 | return 0; |
4797 | 0 | } |
4798 | 0 | if (tif->tif_flags & TIFF_SWAB) |
4799 | 0 | TIFFSwabShort(&dircount16); |
4800 | 0 | if (dircount16>4096) |
4801 | 0 | { |
4802 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4803 | 0 | "Sanity check on directory count failed, this is probably not a valid IFD offset"); |
4804 | 0 | return 0; |
4805 | 0 | } |
4806 | 0 | dirsize = 12; |
4807 | 0 | } else { |
4808 | 0 | uint64_t dircount64; |
4809 | 0 | if (!ReadOK(tif, &dircount64, sizeof (uint64_t))) { |
4810 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4811 | 0 | "%s: Can not read TIFF directory count", |
4812 | 0 | tif->tif_name); |
4813 | 0 | return 0; |
4814 | 0 | } |
4815 | 0 | if (tif->tif_flags & TIFF_SWAB) |
4816 | 0 | TIFFSwabLong8(&dircount64); |
4817 | 0 | if (dircount64>4096) |
4818 | 0 | { |
4819 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4820 | 0 | "Sanity check on directory count failed, this is probably not a valid IFD offset"); |
4821 | 0 | return 0; |
4822 | 0 | } |
4823 | 0 | dircount16 = (uint16_t)dircount64; |
4824 | 0 | dirsize = 20; |
4825 | 0 | } |
4826 | 0 | origdir = _TIFFCheckMalloc(tif, dircount16, |
4827 | 0 | dirsize, "to read TIFF directory"); |
4828 | 0 | if (origdir == NULL) |
4829 | 0 | return 0; |
4830 | 0 | if (!ReadOK(tif, origdir, (tmsize_t)(dircount16*dirsize))) { |
4831 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4832 | 0 | "%.100s: Can not read TIFF directory", |
4833 | 0 | tif->tif_name); |
4834 | 0 | _TIFFfree(origdir); |
4835 | 0 | return 0; |
4836 | 0 | } |
4837 | | /* |
4838 | | * Read offset to next directory for sequential scans if |
4839 | | * needed. |
4840 | | */ |
4841 | 0 | if (nextdiroff) |
4842 | 0 | { |
4843 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
4844 | 0 | { |
4845 | 0 | uint32_t nextdiroff32; |
4846 | 0 | if (!ReadOK(tif, &nextdiroff32, sizeof(uint32_t))) |
4847 | 0 | nextdiroff32 = 0; |
4848 | 0 | if (tif->tif_flags&TIFF_SWAB) |
4849 | 0 | TIFFSwabLong(&nextdiroff32); |
4850 | 0 | *nextdiroff=nextdiroff32; |
4851 | 0 | } else { |
4852 | 0 | if (!ReadOK(tif, nextdiroff, sizeof(uint64_t))) |
4853 | 0 | *nextdiroff = 0; |
4854 | 0 | if (tif->tif_flags&TIFF_SWAB) |
4855 | 0 | TIFFSwabLong8(nextdiroff); |
4856 | 0 | } |
4857 | 0 | } |
4858 | 0 | } else { |
4859 | 0 | tmsize_t m; |
4860 | 0 | tmsize_t off; |
4861 | 0 | if (tif->tif_diroff > (uint64_t)INT64_MAX) |
4862 | 0 | { |
4863 | 0 | TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count"); |
4864 | 0 | return(0); |
4865 | 0 | } |
4866 | 0 | off = (tmsize_t) tif->tif_diroff; |
4867 | | |
4868 | | /* |
4869 | | * Check for integer overflow when validating the dir_off, |
4870 | | * otherwise a very high offset may cause an OOB read and |
4871 | | * crash the client. Make two comparisons instead of |
4872 | | * |
4873 | | * off + sizeof(uint16_t) > tif->tif_size |
4874 | | * |
4875 | | * to avoid overflow. |
4876 | | */ |
4877 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
4878 | 0 | { |
4879 | 0 | m=off+sizeof(uint16_t); |
4880 | 0 | if ((m<off) || (m<(tmsize_t)sizeof(uint16_t)) || (m > tif->tif_size)) { |
4881 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4882 | 0 | "Can not read TIFF directory count"); |
4883 | 0 | return 0; |
4884 | 0 | } else { |
4885 | 0 | _TIFFmemcpy(&dircount16, tif->tif_base + off, |
4886 | 0 | sizeof(uint16_t)); |
4887 | 0 | } |
4888 | 0 | off += sizeof (uint16_t); |
4889 | 0 | if (tif->tif_flags & TIFF_SWAB) |
4890 | 0 | TIFFSwabShort(&dircount16); |
4891 | 0 | if (dircount16>4096) |
4892 | 0 | { |
4893 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4894 | 0 | "Sanity check on directory count failed, this is probably not a valid IFD offset"); |
4895 | 0 | return 0; |
4896 | 0 | } |
4897 | 0 | dirsize = 12; |
4898 | 0 | } |
4899 | 0 | else |
4900 | 0 | { |
4901 | 0 | uint64_t dircount64; |
4902 | 0 | m=off+sizeof(uint64_t); |
4903 | 0 | if ((m<off) || (m<(tmsize_t)sizeof(uint64_t)) || (m > tif->tif_size)) { |
4904 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4905 | 0 | "Can not read TIFF directory count"); |
4906 | 0 | return 0; |
4907 | 0 | } else { |
4908 | 0 | _TIFFmemcpy(&dircount64, tif->tif_base + off, |
4909 | 0 | sizeof(uint64_t)); |
4910 | 0 | } |
4911 | 0 | off += sizeof (uint64_t); |
4912 | 0 | if (tif->tif_flags & TIFF_SWAB) |
4913 | 0 | TIFFSwabLong8(&dircount64); |
4914 | 0 | if (dircount64>4096) |
4915 | 0 | { |
4916 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4917 | 0 | "Sanity check on directory count failed, this is probably not a valid IFD offset"); |
4918 | 0 | return 0; |
4919 | 0 | } |
4920 | 0 | dircount16 = (uint16_t)dircount64; |
4921 | 0 | dirsize = 20; |
4922 | 0 | } |
4923 | 0 | if (dircount16 == 0 ) |
4924 | 0 | { |
4925 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4926 | 0 | "Sanity check on directory count failed, zero tag directories not supported"); |
4927 | 0 | return 0; |
4928 | 0 | } |
4929 | 0 | origdir = _TIFFCheckMalloc(tif, dircount16, |
4930 | 0 | dirsize, |
4931 | 0 | "to read TIFF directory"); |
4932 | 0 | if (origdir == NULL) |
4933 | 0 | return 0; |
4934 | 0 | m=off+dircount16*dirsize; |
4935 | 0 | if ((m<off)||(m<(tmsize_t)(dircount16*dirsize))||(m>tif->tif_size)) { |
4936 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
4937 | 0 | "Can not read TIFF directory"); |
4938 | 0 | _TIFFfree(origdir); |
4939 | 0 | return 0; |
4940 | 0 | } else { |
4941 | 0 | _TIFFmemcpy(origdir, tif->tif_base + off, |
4942 | 0 | dircount16 * dirsize); |
4943 | 0 | } |
4944 | 0 | if (nextdiroff) { |
4945 | 0 | off += dircount16 * dirsize; |
4946 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
4947 | 0 | { |
4948 | 0 | uint32_t nextdiroff32; |
4949 | 0 | m=off+sizeof(uint32_t); |
4950 | 0 | if ((m<off) || (m<(tmsize_t)sizeof(uint32_t)) || (m > tif->tif_size)) |
4951 | 0 | nextdiroff32 = 0; |
4952 | 0 | else |
4953 | 0 | _TIFFmemcpy(&nextdiroff32, tif->tif_base + off, |
4954 | 0 | sizeof (uint32_t)); |
4955 | 0 | if (tif->tif_flags&TIFF_SWAB) |
4956 | 0 | TIFFSwabLong(&nextdiroff32); |
4957 | 0 | *nextdiroff = nextdiroff32; |
4958 | 0 | } |
4959 | 0 | else |
4960 | 0 | { |
4961 | 0 | m=off+sizeof(uint64_t); |
4962 | 0 | if ((m<off) || (m<(tmsize_t)sizeof(uint64_t)) || (m > tif->tif_size)) |
4963 | 0 | *nextdiroff = 0; |
4964 | 0 | else |
4965 | 0 | _TIFFmemcpy(nextdiroff, tif->tif_base + off, |
4966 | 0 | sizeof (uint64_t)); |
4967 | 0 | if (tif->tif_flags&TIFF_SWAB) |
4968 | 0 | TIFFSwabLong8(nextdiroff); |
4969 | 0 | } |
4970 | 0 | } |
4971 | 0 | } |
4972 | 0 | dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16, |
4973 | 0 | sizeof(TIFFDirEntry), |
4974 | 0 | "to read TIFF directory"); |
4975 | 0 | if (dir==0) |
4976 | 0 | { |
4977 | 0 | _TIFFfree(origdir); |
4978 | 0 | return 0; |
4979 | 0 | } |
4980 | 0 | ma=(uint8_t*)origdir; |
4981 | 0 | mb=dir; |
4982 | 0 | for (n=0; n<dircount16; n++) |
4983 | 0 | { |
4984 | 0 | mb->tdir_ignore = FALSE; |
4985 | 0 | if (tif->tif_flags&TIFF_SWAB) |
4986 | 0 | TIFFSwabShort((uint16_t*)ma); |
4987 | 0 | mb->tdir_tag=*(uint16_t*)ma; |
4988 | 0 | ma+=sizeof(uint16_t); |
4989 | 0 | if (tif->tif_flags&TIFF_SWAB) |
4990 | 0 | TIFFSwabShort((uint16_t*)ma); |
4991 | 0 | mb->tdir_type=*(uint16_t*)ma; |
4992 | 0 | ma+=sizeof(uint16_t); |
4993 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
4994 | 0 | { |
4995 | 0 | if (tif->tif_flags&TIFF_SWAB) |
4996 | 0 | TIFFSwabLong((uint32_t*)ma); |
4997 | 0 | mb->tdir_count=(uint64_t)(*(uint32_t*)ma); |
4998 | 0 | ma+=sizeof(uint32_t); |
4999 | 0 | mb->tdir_offset.toff_long8=0; |
5000 | 0 | *(uint32_t*)(&mb->tdir_offset)=*(uint32_t*)ma; |
5001 | 0 | ma+=sizeof(uint32_t); |
5002 | 0 | } |
5003 | 0 | else |
5004 | 0 | { |
5005 | 0 | if (tif->tif_flags&TIFF_SWAB) |
5006 | 0 | TIFFSwabLong8((uint64_t*)ma); |
5007 | 0 | mb->tdir_count=TIFFReadUInt64(ma); |
5008 | 0 | ma+=sizeof(uint64_t); |
5009 | 0 | mb->tdir_offset.toff_long8=TIFFReadUInt64(ma); |
5010 | 0 | ma+=sizeof(uint64_t); |
5011 | 0 | } |
5012 | 0 | mb++; |
5013 | 0 | } |
5014 | 0 | _TIFFfree(origdir); |
5015 | 0 | *pdir = dir; |
5016 | 0 | return dircount16; |
5017 | 0 | } |
5018 | | |
5019 | | /* |
5020 | | * Fetch a tag that is not handled by special case code. |
5021 | | */ |
5022 | | static int |
5023 | | TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover) |
5024 | 0 | { |
5025 | 0 | static const char module[] = "TIFFFetchNormalTag"; |
5026 | 0 | enum TIFFReadDirEntryErr err; |
5027 | 0 | uint32_t fii; |
5028 | 0 | const TIFFField* fip = NULL; |
5029 | 0 | TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); |
5030 | 0 | if( fii == FAILED_FII ) |
5031 | 0 | { |
5032 | 0 | TIFFErrorExt(tif->tif_clientdata, "TIFFFetchNormalTag", |
5033 | 0 | "No definition found for tag %"PRIu16, |
5034 | 0 | dp->tdir_tag); |
5035 | 0 | return 0; |
5036 | 0 | } |
5037 | 0 | fip=tif->tif_fields[fii]; |
5038 | 0 | assert(fip != NULL); /* should not happen */ |
5039 | 0 | assert(fip->set_field_type!=TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with this in specialized code */ |
5040 | 0 | assert(fip->set_field_type!=TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only the case for pseudo-tags */ |
5041 | 0 | err=TIFFReadDirEntryErrOk; |
5042 | 0 | switch (fip->set_field_type) |
5043 | 0 | { |
5044 | 0 | case TIFF_SETGET_UNDEFINED: |
5045 | 0 | break; |
5046 | 0 | case TIFF_SETGET_ASCII: |
5047 | 0 | { |
5048 | 0 | uint8_t* data; |
5049 | 0 | assert(fip->field_passcount==0); |
5050 | 0 | err=TIFFReadDirEntryByteArray(tif,dp,&data); |
5051 | 0 | if (err==TIFFReadDirEntryErrOk) |
5052 | 0 | { |
5053 | 0 | uint32_t mb = 0; |
5054 | 0 | int n; |
5055 | 0 | if (data != NULL) |
5056 | 0 | { |
5057 | 0 | uint8_t* ma = data; |
5058 | 0 | while (mb<(uint32_t)dp->tdir_count) |
5059 | 0 | { |
5060 | 0 | if (*ma==0) |
5061 | 0 | break; |
5062 | 0 | ma++; |
5063 | 0 | mb++; |
5064 | 0 | } |
5065 | 0 | } |
5066 | 0 | if (mb+1<(uint32_t)dp->tdir_count) |
5067 | 0 | TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" contains null byte in value; value incorrectly truncated during reading due to implementation limitations",fip->field_name); |
5068 | 0 | else if (mb+1>(uint32_t)dp->tdir_count) |
5069 | 0 | { |
5070 | 0 | uint8_t* o; |
5071 | 0 | TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte",fip->field_name); |
5072 | 0 | if ((uint32_t)dp->tdir_count + 1 != dp->tdir_count + 1) |
5073 | 0 | o=NULL; |
5074 | 0 | else |
5075 | 0 | o=_TIFFmalloc((uint32_t)dp->tdir_count + 1); |
5076 | 0 | if (o==NULL) |
5077 | 0 | { |
5078 | 0 | if (data!=NULL) |
5079 | 0 | _TIFFfree(data); |
5080 | 0 | return(0); |
5081 | 0 | } |
5082 | 0 | _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count); |
5083 | 0 | o[(uint32_t)dp->tdir_count]=0; |
5084 | 0 | if (data!=0) |
5085 | 0 | _TIFFfree(data); |
5086 | 0 | data=o; |
5087 | 0 | } |
5088 | 0 | n=TIFFSetField(tif,dp->tdir_tag,data); |
5089 | 0 | if (data!=0) |
5090 | 0 | _TIFFfree(data); |
5091 | 0 | if (!n) |
5092 | 0 | return(0); |
5093 | 0 | } |
5094 | 0 | } |
5095 | 0 | break; |
5096 | 0 | case TIFF_SETGET_UINT8: |
5097 | 0 | { |
5098 | 0 | uint8_t data=0; |
5099 | 0 | assert(fip->field_readcount==1); |
5100 | 0 | assert(fip->field_passcount==0); |
5101 | 0 | err=TIFFReadDirEntryByte(tif,dp,&data); |
5102 | 0 | if (err==TIFFReadDirEntryErrOk) |
5103 | 0 | { |
5104 | 0 | if (!TIFFSetField(tif,dp->tdir_tag,data)) |
5105 | 0 | return(0); |
5106 | 0 | } |
5107 | 0 | } |
5108 | 0 | break; |
5109 | 0 | case TIFF_SETGET_UINT16: |
5110 | 0 | { |
5111 | 0 | uint16_t data; |
5112 | 0 | assert(fip->field_readcount==1); |
5113 | 0 | assert(fip->field_passcount==0); |
5114 | 0 | err=TIFFReadDirEntryShort(tif,dp,&data); |
5115 | 0 | if (err==TIFFReadDirEntryErrOk) |
5116 | 0 | { |
5117 | 0 | if (!TIFFSetField(tif,dp->tdir_tag,data)) |
5118 | 0 | return(0); |
5119 | 0 | } |
5120 | 0 | } |
5121 | 0 | break; |
5122 | 0 | case TIFF_SETGET_UINT32: |
5123 | 0 | { |
5124 | 0 | uint32_t data; |
5125 | 0 | assert(fip->field_readcount==1); |
5126 | 0 | assert(fip->field_passcount==0); |
5127 | 0 | err=TIFFReadDirEntryLong(tif,dp,&data); |
5128 | 0 | if (err==TIFFReadDirEntryErrOk) |
5129 | 0 | { |
5130 | 0 | if (!TIFFSetField(tif,dp->tdir_tag,data)) |
5131 | 0 | return(0); |
5132 | 0 | } |
5133 | 0 | } |
5134 | 0 | break; |
5135 | 0 | case TIFF_SETGET_UINT64: |
5136 | 0 | { |
5137 | 0 | uint64_t data; |
5138 | 0 | assert(fip->field_readcount==1); |
5139 | 0 | assert(fip->field_passcount==0); |
5140 | 0 | err=TIFFReadDirEntryLong8(tif,dp,&data); |
5141 | 0 | if (err==TIFFReadDirEntryErrOk) |
5142 | 0 | { |
5143 | 0 | if (!TIFFSetField(tif,dp->tdir_tag,data)) |
5144 | 0 | return(0); |
5145 | 0 | } |
5146 | 0 | } |
5147 | 0 | break; |
5148 | 0 | case TIFF_SETGET_FLOAT: |
5149 | 0 | { |
5150 | 0 | float data; |
5151 | 0 | assert(fip->field_readcount==1); |
5152 | 0 | assert(fip->field_passcount==0); |
5153 | 0 | err=TIFFReadDirEntryFloat(tif,dp,&data); |
5154 | 0 | if (err==TIFFReadDirEntryErrOk) |
5155 | 0 | { |
5156 | 0 | if (!TIFFSetField(tif,dp->tdir_tag,data)) |
5157 | 0 | return(0); |
5158 | 0 | } |
5159 | 0 | } |
5160 | 0 | break; |
5161 | 0 | case TIFF_SETGET_DOUBLE: |
5162 | 0 | { |
5163 | 0 | double data; |
5164 | 0 | assert(fip->field_readcount==1); |
5165 | 0 | assert(fip->field_passcount==0); |
5166 | 0 | err=TIFFReadDirEntryDouble(tif,dp,&data); |
5167 | 0 | if (err==TIFFReadDirEntryErrOk) |
5168 | 0 | { |
5169 | 0 | if (!TIFFSetField(tif,dp->tdir_tag,data)) |
5170 | 0 | return(0); |
5171 | 0 | } |
5172 | 0 | } |
5173 | 0 | break; |
5174 | 0 | case TIFF_SETGET_IFD8: |
5175 | 0 | { |
5176 | 0 | uint64_t data; |
5177 | 0 | assert(fip->field_readcount==1); |
5178 | 0 | assert(fip->field_passcount==0); |
5179 | 0 | err=TIFFReadDirEntryIfd8(tif,dp,&data); |
5180 | 0 | if (err==TIFFReadDirEntryErrOk) |
5181 | 0 | { |
5182 | 0 | if (!TIFFSetField(tif,dp->tdir_tag,data)) |
5183 | 0 | return(0); |
5184 | 0 | } |
5185 | 0 | } |
5186 | 0 | break; |
5187 | 0 | case TIFF_SETGET_UINT16_PAIR: |
5188 | 0 | { |
5189 | 0 | uint16_t* data; |
5190 | 0 | assert(fip->field_readcount==2); |
5191 | 0 | assert(fip->field_passcount==0); |
5192 | 0 | if (dp->tdir_count!=2) { |
5193 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
5194 | 0 | "incorrect count for field \"%s\", expected 2, got %"PRIu64, |
5195 | 0 | fip->field_name, dp->tdir_count); |
5196 | 0 | return(0); |
5197 | 0 | } |
5198 | 0 | err=TIFFReadDirEntryShortArray(tif,dp,&data); |
5199 | 0 | if (err==TIFFReadDirEntryErrOk) |
5200 | 0 | { |
5201 | 0 | int m; |
5202 | 0 | assert(data); /* avoid CLang static Analyzer false positive */ |
5203 | 0 | m=TIFFSetField(tif,dp->tdir_tag,data[0],data[1]); |
5204 | 0 | _TIFFfree(data); |
5205 | 0 | if (!m) |
5206 | 0 | return(0); |
5207 | 0 | } |
5208 | 0 | } |
5209 | 0 | break; |
5210 | 0 | case TIFF_SETGET_C0_UINT8: |
5211 | 0 | { |
5212 | 0 | uint8_t* data; |
5213 | 0 | assert(fip->field_readcount>=1); |
5214 | 0 | assert(fip->field_passcount==0); |
5215 | 0 | if (dp->tdir_count!=(uint64_t)fip->field_readcount) { |
5216 | 0 | TIFFWarningExt(tif->tif_clientdata,module, |
5217 | 0 | "incorrect count for field \"%s\", expected %d, got %"PRIu64, |
5218 | 0 | fip->field_name,(int) fip->field_readcount, dp->tdir_count); |
5219 | 0 | return 0; |
5220 | 0 | } |
5221 | 0 | else |
5222 | 0 | { |
5223 | 0 | err=TIFFReadDirEntryByteArray(tif,dp,&data); |
5224 | 0 | if (err==TIFFReadDirEntryErrOk) |
5225 | 0 | { |
5226 | 0 | int m; |
5227 | 0 | m=TIFFSetField(tif,dp->tdir_tag,data); |
5228 | 0 | if (data!=0) |
5229 | 0 | _TIFFfree(data); |
5230 | 0 | if (!m) |
5231 | 0 | return(0); |
5232 | 0 | } |
5233 | 0 | } |
5234 | 0 | } |
5235 | 0 | break; |
5236 | 0 | case TIFF_SETGET_C0_UINT16: |
5237 | 0 | { |
5238 | 0 | uint16_t* data; |
5239 | 0 | assert(fip->field_readcount>=1); |
5240 | 0 | assert(fip->field_passcount==0); |
5241 | 0 | if (dp->tdir_count!=(uint64_t)fip->field_readcount) |
5242 | 0 | /* corrupt file */; |
5243 | 0 | else |
5244 | 0 | { |
5245 | 0 | err=TIFFReadDirEntryShortArray(tif,dp,&data); |
5246 | 0 | if (err==TIFFReadDirEntryErrOk) |
5247 | 0 | { |
5248 | 0 | int m; |
5249 | 0 | m=TIFFSetField(tif,dp->tdir_tag,data); |
5250 | 0 | if (data!=0) |
5251 | 0 | _TIFFfree(data); |
5252 | 0 | if (!m) |
5253 | 0 | return(0); |
5254 | 0 | } |
5255 | 0 | } |
5256 | 0 | } |
5257 | 0 | break; |
5258 | 0 | case TIFF_SETGET_C0_UINT32: |
5259 | 0 | { |
5260 | 0 | uint32_t* data; |
5261 | 0 | assert(fip->field_readcount>=1); |
5262 | 0 | assert(fip->field_passcount==0); |
5263 | 0 | if (dp->tdir_count!=(uint64_t)fip->field_readcount) |
5264 | 0 | /* corrupt file */; |
5265 | 0 | else |
5266 | 0 | { |
5267 | 0 | err=TIFFReadDirEntryLongArray(tif,dp,&data); |
5268 | 0 | if (err==TIFFReadDirEntryErrOk) |
5269 | 0 | { |
5270 | 0 | int m; |
5271 | 0 | m=TIFFSetField(tif,dp->tdir_tag,data); |
5272 | 0 | if (data!=0) |
5273 | 0 | _TIFFfree(data); |
5274 | 0 | if (!m) |
5275 | 0 | return(0); |
5276 | 0 | } |
5277 | 0 | } |
5278 | 0 | } |
5279 | 0 | break; |
5280 | 0 | case TIFF_SETGET_C0_FLOAT: |
5281 | 0 | { |
5282 | 0 | float* data; |
5283 | 0 | assert(fip->field_readcount>=1); |
5284 | 0 | assert(fip->field_passcount==0); |
5285 | 0 | if (dp->tdir_count!=(uint64_t)fip->field_readcount) |
5286 | 0 | /* corrupt file */; |
5287 | 0 | else |
5288 | 0 | { |
5289 | 0 | err=TIFFReadDirEntryFloatArray(tif,dp,&data); |
5290 | 0 | if (err==TIFFReadDirEntryErrOk) |
5291 | 0 | { |
5292 | 0 | int m; |
5293 | 0 | m=TIFFSetField(tif,dp->tdir_tag,data); |
5294 | 0 | if (data!=0) |
5295 | 0 | _TIFFfree(data); |
5296 | 0 | if (!m) |
5297 | 0 | return(0); |
5298 | 0 | } |
5299 | 0 | } |
5300 | 0 | } |
5301 | 0 | break; |
5302 | | /*--: Rational2Double: Extend for Double Arrays and Rational-Arrays read into Double-Arrays. */ |
5303 | 0 | case TIFF_SETGET_C0_DOUBLE: |
5304 | 0 | { |
5305 | 0 | double* data; |
5306 | 0 | assert(fip->field_readcount>=1); |
5307 | 0 | assert(fip->field_passcount==0); |
5308 | 0 | if (dp->tdir_count!=(uint64_t)fip->field_readcount) |
5309 | 0 | /* corrupt file */; |
5310 | 0 | else |
5311 | 0 | { |
5312 | 0 | err=TIFFReadDirEntryDoubleArray(tif,dp,&data); |
5313 | 0 | if (err==TIFFReadDirEntryErrOk) |
5314 | 0 | { |
5315 | 0 | int m; |
5316 | 0 | m=TIFFSetField(tif,dp->tdir_tag,data); |
5317 | 0 | if (data!=0) |
5318 | 0 | _TIFFfree(data); |
5319 | 0 | if (!m) |
5320 | 0 | return(0); |
5321 | 0 | } |
5322 | 0 | } |
5323 | 0 | } |
5324 | 0 | break; |
5325 | 0 | case TIFF_SETGET_C16_ASCII: |
5326 | 0 | { |
5327 | 0 | uint8_t* data; |
5328 | 0 | assert(fip->field_readcount==TIFF_VARIABLE); |
5329 | 0 | assert(fip->field_passcount==1); |
5330 | 0 | if (dp->tdir_count>0xFFFF) |
5331 | 0 | err=TIFFReadDirEntryErrCount; |
5332 | 0 | else |
5333 | 0 | { |
5334 | 0 | err=TIFFReadDirEntryByteArray(tif,dp,&data); |
5335 | 0 | if (err==TIFFReadDirEntryErrOk) |
5336 | 0 | { |
5337 | 0 | int m; |
5338 | 0 | if( data != 0 && dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' ) |
5339 | 0 | { |
5340 | 0 | TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name); |
5341 | 0 | data[dp->tdir_count-1] = '\0'; |
5342 | 0 | } |
5343 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint16_t)(dp->tdir_count), data); |
5344 | 0 | if (data!=0) |
5345 | 0 | _TIFFfree(data); |
5346 | 0 | if (!m) |
5347 | 0 | return(0); |
5348 | 0 | } |
5349 | 0 | } |
5350 | 0 | } |
5351 | 0 | break; |
5352 | 0 | case TIFF_SETGET_C16_UINT8: |
5353 | 0 | { |
5354 | 0 | uint8_t* data; |
5355 | 0 | assert(fip->field_readcount==TIFF_VARIABLE); |
5356 | 0 | assert(fip->field_passcount==1); |
5357 | 0 | if (dp->tdir_count>0xFFFF) |
5358 | 0 | err=TIFFReadDirEntryErrCount; |
5359 | 0 | else |
5360 | 0 | { |
5361 | 0 | err=TIFFReadDirEntryByteArray(tif,dp,&data); |
5362 | 0 | if (err==TIFFReadDirEntryErrOk) |
5363 | 0 | { |
5364 | 0 | int m; |
5365 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint16_t)(dp->tdir_count), data); |
5366 | 0 | if (data!=0) |
5367 | 0 | _TIFFfree(data); |
5368 | 0 | if (!m) |
5369 | 0 | return(0); |
5370 | 0 | } |
5371 | 0 | } |
5372 | 0 | } |
5373 | 0 | break; |
5374 | 0 | case TIFF_SETGET_C16_UINT16: |
5375 | 0 | { |
5376 | 0 | uint16_t* data; |
5377 | 0 | assert(fip->field_readcount==TIFF_VARIABLE); |
5378 | 0 | assert(fip->field_passcount==1); |
5379 | 0 | if (dp->tdir_count>0xFFFF) |
5380 | 0 | err=TIFFReadDirEntryErrCount; |
5381 | 0 | else |
5382 | 0 | { |
5383 | 0 | err=TIFFReadDirEntryShortArray(tif,dp,&data); |
5384 | 0 | if (err==TIFFReadDirEntryErrOk) |
5385 | 0 | { |
5386 | 0 | int m; |
5387 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint16_t)(dp->tdir_count), data); |
5388 | 0 | if (data!=0) |
5389 | 0 | _TIFFfree(data); |
5390 | 0 | if (!m) |
5391 | 0 | return(0); |
5392 | 0 | } |
5393 | 0 | } |
5394 | 0 | } |
5395 | 0 | break; |
5396 | 0 | case TIFF_SETGET_C16_UINT32: |
5397 | 0 | { |
5398 | 0 | uint32_t* data; |
5399 | 0 | assert(fip->field_readcount==TIFF_VARIABLE); |
5400 | 0 | assert(fip->field_passcount==1); |
5401 | 0 | if (dp->tdir_count>0xFFFF) |
5402 | 0 | err=TIFFReadDirEntryErrCount; |
5403 | 0 | else |
5404 | 0 | { |
5405 | 0 | err=TIFFReadDirEntryLongArray(tif,dp,&data); |
5406 | 0 | if (err==TIFFReadDirEntryErrOk) |
5407 | 0 | { |
5408 | 0 | int m; |
5409 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint16_t)(dp->tdir_count), data); |
5410 | 0 | if (data!=0) |
5411 | 0 | _TIFFfree(data); |
5412 | 0 | if (!m) |
5413 | 0 | return(0); |
5414 | 0 | } |
5415 | 0 | } |
5416 | 0 | } |
5417 | 0 | break; |
5418 | 0 | case TIFF_SETGET_C16_UINT64: |
5419 | 0 | { |
5420 | 0 | uint64_t* data; |
5421 | 0 | assert(fip->field_readcount==TIFF_VARIABLE); |
5422 | 0 | assert(fip->field_passcount==1); |
5423 | 0 | if (dp->tdir_count>0xFFFF) |
5424 | 0 | err=TIFFReadDirEntryErrCount; |
5425 | 0 | else |
5426 | 0 | { |
5427 | 0 | err=TIFFReadDirEntryLong8Array(tif,dp,&data); |
5428 | 0 | if (err==TIFFReadDirEntryErrOk) |
5429 | 0 | { |
5430 | 0 | int m; |
5431 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint16_t)(dp->tdir_count), data); |
5432 | 0 | if (data!=0) |
5433 | 0 | _TIFFfree(data); |
5434 | 0 | if (!m) |
5435 | 0 | return(0); |
5436 | 0 | } |
5437 | 0 | } |
5438 | 0 | } |
5439 | 0 | break; |
5440 | 0 | case TIFF_SETGET_C16_FLOAT: |
5441 | 0 | { |
5442 | 0 | float* data; |
5443 | 0 | assert(fip->field_readcount==TIFF_VARIABLE); |
5444 | 0 | assert(fip->field_passcount==1); |
5445 | 0 | if (dp->tdir_count>0xFFFF) |
5446 | 0 | err=TIFFReadDirEntryErrCount; |
5447 | 0 | else |
5448 | 0 | { |
5449 | 0 | err=TIFFReadDirEntryFloatArray(tif,dp,&data); |
5450 | 0 | if (err==TIFFReadDirEntryErrOk) |
5451 | 0 | { |
5452 | 0 | int m; |
5453 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint16_t)(dp->tdir_count), data); |
5454 | 0 | if (data!=0) |
5455 | 0 | _TIFFfree(data); |
5456 | 0 | if (!m) |
5457 | 0 | return(0); |
5458 | 0 | } |
5459 | 0 | } |
5460 | 0 | } |
5461 | 0 | break; |
5462 | 0 | case TIFF_SETGET_C16_DOUBLE: |
5463 | 0 | { |
5464 | 0 | double* data; |
5465 | 0 | assert(fip->field_readcount==TIFF_VARIABLE); |
5466 | 0 | assert(fip->field_passcount==1); |
5467 | 0 | if (dp->tdir_count>0xFFFF) |
5468 | 0 | err=TIFFReadDirEntryErrCount; |
5469 | 0 | else |
5470 | 0 | { |
5471 | 0 | err=TIFFReadDirEntryDoubleArray(tif,dp,&data); |
5472 | 0 | if (err==TIFFReadDirEntryErrOk) |
5473 | 0 | { |
5474 | 0 | int m; |
5475 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint16_t)(dp->tdir_count), data); |
5476 | 0 | if (data!=0) |
5477 | 0 | _TIFFfree(data); |
5478 | 0 | if (!m) |
5479 | 0 | return(0); |
5480 | 0 | } |
5481 | 0 | } |
5482 | 0 | } |
5483 | 0 | break; |
5484 | 0 | case TIFF_SETGET_C16_IFD8: |
5485 | 0 | { |
5486 | 0 | uint64_t* data; |
5487 | 0 | assert(fip->field_readcount==TIFF_VARIABLE); |
5488 | 0 | assert(fip->field_passcount==1); |
5489 | 0 | if (dp->tdir_count>0xFFFF) |
5490 | 0 | err=TIFFReadDirEntryErrCount; |
5491 | 0 | else |
5492 | 0 | { |
5493 | 0 | err=TIFFReadDirEntryIfd8Array(tif,dp,&data); |
5494 | 0 | if (err==TIFFReadDirEntryErrOk) |
5495 | 0 | { |
5496 | 0 | int m; |
5497 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint16_t)(dp->tdir_count), data); |
5498 | 0 | if (data!=0) |
5499 | 0 | _TIFFfree(data); |
5500 | 0 | if (!m) |
5501 | 0 | return(0); |
5502 | 0 | } |
5503 | 0 | } |
5504 | 0 | } |
5505 | 0 | break; |
5506 | 0 | case TIFF_SETGET_C32_ASCII: |
5507 | 0 | { |
5508 | 0 | uint8_t* data; |
5509 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5510 | 0 | assert(fip->field_passcount==1); |
5511 | 0 | err=TIFFReadDirEntryByteArray(tif,dp,&data); |
5512 | 0 | if (err==TIFFReadDirEntryErrOk) |
5513 | 0 | { |
5514 | 0 | int m; |
5515 | 0 | if( data != 0 && dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' ) |
5516 | 0 | { |
5517 | 0 | TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name); |
5518 | 0 | data[dp->tdir_count-1] = '\0'; |
5519 | 0 | } |
5520 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5521 | 0 | if (data!=0) |
5522 | 0 | _TIFFfree(data); |
5523 | 0 | if (!m) |
5524 | 0 | return(0); |
5525 | 0 | } |
5526 | 0 | } |
5527 | 0 | break; |
5528 | 0 | case TIFF_SETGET_C32_UINT8: |
5529 | 0 | { |
5530 | 0 | uint8_t* data; |
5531 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5532 | 0 | assert(fip->field_passcount==1); |
5533 | 0 | err=TIFFReadDirEntryByteArray(tif,dp,&data); |
5534 | 0 | if (err==TIFFReadDirEntryErrOk) |
5535 | 0 | { |
5536 | 0 | int m; |
5537 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5538 | 0 | if (data!=0) |
5539 | 0 | _TIFFfree(data); |
5540 | 0 | if (!m) |
5541 | 0 | return(0); |
5542 | 0 | } |
5543 | 0 | } |
5544 | 0 | break; |
5545 | 0 | case TIFF_SETGET_C32_SINT8: |
5546 | 0 | { |
5547 | 0 | int8_t* data = NULL; |
5548 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5549 | 0 | assert(fip->field_passcount==1); |
5550 | 0 | err=TIFFReadDirEntrySbyteArray(tif,dp,&data); |
5551 | 0 | if (err==TIFFReadDirEntryErrOk) |
5552 | 0 | { |
5553 | 0 | int m; |
5554 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5555 | 0 | if (data!=0) |
5556 | 0 | _TIFFfree(data); |
5557 | 0 | if (!m) |
5558 | 0 | return(0); |
5559 | 0 | } |
5560 | 0 | } |
5561 | 0 | break; |
5562 | 0 | case TIFF_SETGET_C32_UINT16: |
5563 | 0 | { |
5564 | 0 | uint16_t* data; |
5565 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5566 | 0 | assert(fip->field_passcount==1); |
5567 | 0 | err=TIFFReadDirEntryShortArray(tif,dp,&data); |
5568 | 0 | if (err==TIFFReadDirEntryErrOk) |
5569 | 0 | { |
5570 | 0 | int m; |
5571 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5572 | 0 | if (data!=0) |
5573 | 0 | _TIFFfree(data); |
5574 | 0 | if (!m) |
5575 | 0 | return(0); |
5576 | 0 | } |
5577 | 0 | } |
5578 | 0 | break; |
5579 | 0 | case TIFF_SETGET_C32_SINT16: |
5580 | 0 | { |
5581 | 0 | int16_t* data = NULL; |
5582 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5583 | 0 | assert(fip->field_passcount==1); |
5584 | 0 | err=TIFFReadDirEntrySshortArray(tif,dp,&data); |
5585 | 0 | if (err==TIFFReadDirEntryErrOk) |
5586 | 0 | { |
5587 | 0 | int m; |
5588 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5589 | 0 | if (data!=0) |
5590 | 0 | _TIFFfree(data); |
5591 | 0 | if (!m) |
5592 | 0 | return(0); |
5593 | 0 | } |
5594 | 0 | } |
5595 | 0 | break; |
5596 | 0 | case TIFF_SETGET_C32_UINT32: |
5597 | 0 | { |
5598 | 0 | uint32_t* data; |
5599 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5600 | 0 | assert(fip->field_passcount==1); |
5601 | 0 | err=TIFFReadDirEntryLongArray(tif,dp,&data); |
5602 | 0 | if (err==TIFFReadDirEntryErrOk) |
5603 | 0 | { |
5604 | 0 | int m; |
5605 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5606 | 0 | if (data!=0) |
5607 | 0 | _TIFFfree(data); |
5608 | 0 | if (!m) |
5609 | 0 | return(0); |
5610 | 0 | } |
5611 | 0 | } |
5612 | 0 | break; |
5613 | 0 | case TIFF_SETGET_C32_SINT32: |
5614 | 0 | { |
5615 | 0 | int32_t* data = NULL; |
5616 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5617 | 0 | assert(fip->field_passcount==1); |
5618 | 0 | err=TIFFReadDirEntrySlongArray(tif,dp,&data); |
5619 | 0 | if (err==TIFFReadDirEntryErrOk) |
5620 | 0 | { |
5621 | 0 | int m; |
5622 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5623 | 0 | if (data!=0) |
5624 | 0 | _TIFFfree(data); |
5625 | 0 | if (!m) |
5626 | 0 | return(0); |
5627 | 0 | } |
5628 | 0 | } |
5629 | 0 | break; |
5630 | 0 | case TIFF_SETGET_C32_UINT64: |
5631 | 0 | { |
5632 | 0 | uint64_t* data; |
5633 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5634 | 0 | assert(fip->field_passcount==1); |
5635 | 0 | err=TIFFReadDirEntryLong8Array(tif,dp,&data); |
5636 | 0 | if (err==TIFFReadDirEntryErrOk) |
5637 | 0 | { |
5638 | 0 | int m; |
5639 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5640 | 0 | if (data!=0) |
5641 | 0 | _TIFFfree(data); |
5642 | 0 | if (!m) |
5643 | 0 | return(0); |
5644 | 0 | } |
5645 | 0 | } |
5646 | 0 | break; |
5647 | 0 | case TIFF_SETGET_C32_SINT64: |
5648 | 0 | { |
5649 | 0 | int64_t* data = NULL; |
5650 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5651 | 0 | assert(fip->field_passcount==1); |
5652 | 0 | err=TIFFReadDirEntrySlong8Array(tif,dp,&data); |
5653 | 0 | if (err==TIFFReadDirEntryErrOk) |
5654 | 0 | { |
5655 | 0 | int m; |
5656 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5657 | 0 | if (data!=0) |
5658 | 0 | _TIFFfree(data); |
5659 | 0 | if (!m) |
5660 | 0 | return(0); |
5661 | 0 | } |
5662 | 0 | } |
5663 | 0 | break; |
5664 | 0 | case TIFF_SETGET_C32_FLOAT: |
5665 | 0 | { |
5666 | 0 | float* data; |
5667 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5668 | 0 | assert(fip->field_passcount==1); |
5669 | 0 | err=TIFFReadDirEntryFloatArray(tif,dp,&data); |
5670 | 0 | if (err==TIFFReadDirEntryErrOk) |
5671 | 0 | { |
5672 | 0 | int m; |
5673 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5674 | 0 | if (data!=0) |
5675 | 0 | _TIFFfree(data); |
5676 | 0 | if (!m) |
5677 | 0 | return(0); |
5678 | 0 | } |
5679 | 0 | } |
5680 | 0 | break; |
5681 | 0 | case TIFF_SETGET_C32_DOUBLE: |
5682 | 0 | { |
5683 | 0 | double* data; |
5684 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5685 | 0 | assert(fip->field_passcount==1); |
5686 | 0 | err=TIFFReadDirEntryDoubleArray(tif,dp,&data); |
5687 | 0 | if (err==TIFFReadDirEntryErrOk) |
5688 | 0 | { |
5689 | 0 | int m; |
5690 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5691 | 0 | if (data!=0) |
5692 | 0 | _TIFFfree(data); |
5693 | 0 | if (!m) |
5694 | 0 | return(0); |
5695 | 0 | } |
5696 | 0 | } |
5697 | 0 | break; |
5698 | 0 | case TIFF_SETGET_C32_IFD8: |
5699 | 0 | { |
5700 | 0 | uint64_t* data; |
5701 | 0 | assert(fip->field_readcount==TIFF_VARIABLE2); |
5702 | 0 | assert(fip->field_passcount==1); |
5703 | 0 | err=TIFFReadDirEntryIfd8Array(tif,dp,&data); |
5704 | 0 | if (err==TIFFReadDirEntryErrOk) |
5705 | 0 | { |
5706 | 0 | int m; |
5707 | 0 | m=TIFFSetField(tif, dp->tdir_tag, (uint32_t)(dp->tdir_count), data); |
5708 | 0 | if (data!=0) |
5709 | 0 | _TIFFfree(data); |
5710 | 0 | if (!m) |
5711 | 0 | return(0); |
5712 | 0 | } |
5713 | 0 | } |
5714 | 0 | break; |
5715 | 0 | default: |
5716 | 0 | assert(0); /* we should never get here */ |
5717 | 0 | break; |
5718 | 0 | } |
5719 | 0 | if (err!=TIFFReadDirEntryErrOk) |
5720 | 0 | { |
5721 | 0 | TIFFReadDirEntryOutputErr(tif,err,module,fip->field_name,recover); |
5722 | 0 | return(0); |
5723 | 0 | } |
5724 | 0 | return(1); |
5725 | 0 | } |
5726 | | |
5727 | | /* |
5728 | | * Fetch a set of offsets or lengths. |
5729 | | * While this routine says "strips", in fact it's also used for tiles. |
5730 | | */ |
5731 | | static int |
5732 | | TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** lpp) |
5733 | 0 | { |
5734 | 0 | static const char module[] = "TIFFFetchStripThing"; |
5735 | 0 | enum TIFFReadDirEntryErr err; |
5736 | 0 | uint64_t* data; |
5737 | 0 | err=TIFFReadDirEntryLong8ArrayWithLimit(tif,dir,&data,nstrips); |
5738 | 0 | if (err!=TIFFReadDirEntryErrOk) |
5739 | 0 | { |
5740 | 0 | const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag); |
5741 | 0 | TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); |
5742 | 0 | return(0); |
5743 | 0 | } |
5744 | 0 | if (dir->tdir_count<(uint64_t)nstrips) |
5745 | 0 | { |
5746 | 0 | uint64_t* resizeddata; |
5747 | 0 | const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag); |
5748 | 0 | const char* pszMax = getenv("LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT"); |
5749 | 0 | uint32_t max_nstrips = 1000000; |
5750 | 0 | if( pszMax ) |
5751 | 0 | max_nstrips = (uint32_t) atoi(pszMax); |
5752 | 0 | TIFFReadDirEntryOutputErr(tif,TIFFReadDirEntryErrCount, |
5753 | 0 | module, |
5754 | 0 | fip ? fip->field_name : "unknown tagname", |
5755 | 0 | ( nstrips <= max_nstrips ) ); |
5756 | |
|
5757 | 0 | if( nstrips > max_nstrips ) |
5758 | 0 | { |
5759 | 0 | _TIFFfree(data); |
5760 | 0 | return(0); |
5761 | 0 | } |
5762 | | |
5763 | 0 | resizeddata=(uint64_t*)_TIFFCheckMalloc(tif, nstrips, sizeof(uint64_t), "for strip array"); |
5764 | 0 | if (resizeddata==0) { |
5765 | 0 | _TIFFfree(data); |
5766 | 0 | return(0); |
5767 | 0 | } |
5768 | 0 | _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); |
5769 | 0 | _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); |
5770 | 0 | _TIFFfree(data); |
5771 | 0 | data=resizeddata; |
5772 | 0 | } |
5773 | 0 | *lpp=data; |
5774 | 0 | return(1); |
5775 | 0 | } |
5776 | | |
5777 | | /* |
5778 | | * Fetch and set the SubjectDistance EXIF tag. |
5779 | | */ |
5780 | | static int |
5781 | | TIFFFetchSubjectDistance(TIFF* tif, TIFFDirEntry* dir) |
5782 | 0 | { |
5783 | 0 | static const char module[] = "TIFFFetchSubjectDistance"; |
5784 | 0 | enum TIFFReadDirEntryErr err; |
5785 | 0 | UInt64Aligned_t m; |
5786 | 0 | m.l=0; |
5787 | 0 | assert(sizeof(double)==8); |
5788 | 0 | assert(sizeof(uint64_t) == 8); |
5789 | 0 | assert(sizeof(uint32_t) == 4); |
5790 | 0 | if (dir->tdir_count!=1) |
5791 | 0 | err=TIFFReadDirEntryErrCount; |
5792 | 0 | else if (dir->tdir_type!=TIFF_RATIONAL) |
5793 | 0 | err=TIFFReadDirEntryErrType; |
5794 | 0 | else |
5795 | 0 | { |
5796 | 0 | if (!(tif->tif_flags&TIFF_BIGTIFF)) |
5797 | 0 | { |
5798 | 0 | uint32_t offset; |
5799 | 0 | offset=*(uint32_t*)(&dir->tdir_offset); |
5800 | 0 | if (tif->tif_flags&TIFF_SWAB) |
5801 | 0 | TIFFSwabLong(&offset); |
5802 | 0 | err=TIFFReadDirEntryData(tif,offset,8,m.i); |
5803 | 0 | } |
5804 | 0 | else |
5805 | 0 | { |
5806 | 0 | m.l=dir->tdir_offset.toff_long8; |
5807 | 0 | err=TIFFReadDirEntryErrOk; |
5808 | 0 | } |
5809 | 0 | } |
5810 | 0 | if (err==TIFFReadDirEntryErrOk) |
5811 | 0 | { |
5812 | 0 | double n; |
5813 | 0 | if (tif->tif_flags&TIFF_SWAB) |
5814 | 0 | TIFFSwabArrayOfLong(m.i,2); |
5815 | 0 | if (m.i[0]==0) |
5816 | 0 | n=0.0; |
5817 | 0 | else if (m.i[0]==0xFFFFFFFF || m.i[1]==0) |
5818 | | /* |
5819 | | * XXX: Numerator 0xFFFFFFFF means that we have infinite |
5820 | | * distance. Indicate that with a negative floating point |
5821 | | * SubjectDistance value. |
5822 | | */ |
5823 | 0 | n=-1.0; |
5824 | 0 | else |
5825 | 0 | n=(double)m.i[0]/(double)m.i[1]; |
5826 | 0 | return(TIFFSetField(tif,dir->tdir_tag,n)); |
5827 | 0 | } |
5828 | 0 | else |
5829 | 0 | { |
5830 | 0 | TIFFReadDirEntryOutputErr(tif,err,module,"SubjectDistance",TRUE); |
5831 | 0 | return(0); |
5832 | 0 | } |
5833 | 0 | } |
5834 | | |
5835 | | static void allocChoppedUpStripArrays(TIFF* tif, uint32_t nstrips, |
5836 | | uint64_t stripbytes, uint32_t rowsperstrip) |
5837 | 0 | { |
5838 | 0 | TIFFDirectory *td = &tif->tif_dir; |
5839 | 0 | uint64_t bytecount; |
5840 | 0 | uint64_t offset; |
5841 | 0 | uint64_t last_offset; |
5842 | 0 | uint64_t last_bytecount; |
5843 | 0 | uint32_t i; |
5844 | 0 | uint64_t *newcounts; |
5845 | 0 | uint64_t *newoffsets; |
5846 | |
|
5847 | 0 | offset = TIFFGetStrileOffset(tif, 0); |
5848 | 0 | last_offset = TIFFGetStrileOffset(tif, td->td_nstrips-1); |
5849 | 0 | last_bytecount = TIFFGetStrileByteCount(tif, td->td_nstrips-1); |
5850 | 0 | if( last_offset > UINT64_MAX - last_bytecount || |
5851 | 0 | last_offset + last_bytecount < offset ) |
5852 | 0 | { |
5853 | 0 | return; |
5854 | 0 | } |
5855 | 0 | bytecount = last_offset + last_bytecount - offset; |
5856 | |
|
5857 | 0 | newcounts = (uint64_t*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64_t), |
5858 | 0 | "for chopped \"StripByteCounts\" array"); |
5859 | 0 | newoffsets = (uint64_t*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64_t), |
5860 | 0 | "for chopped \"StripOffsets\" array"); |
5861 | 0 | if (newcounts == NULL || newoffsets == NULL) { |
5862 | | /* |
5863 | | * Unable to allocate new strip information, give up and use |
5864 | | * the original one strip information. |
5865 | | */ |
5866 | 0 | if (newcounts != NULL) |
5867 | 0 | _TIFFfree(newcounts); |
5868 | 0 | if (newoffsets != NULL) |
5869 | 0 | _TIFFfree(newoffsets); |
5870 | 0 | return; |
5871 | 0 | } |
5872 | | |
5873 | | /* |
5874 | | * Fill the strip information arrays with new bytecounts and offsets |
5875 | | * that reflect the broken-up format. |
5876 | | */ |
5877 | 0 | for (i = 0; i < nstrips; i++) |
5878 | 0 | { |
5879 | 0 | if (stripbytes > bytecount) |
5880 | 0 | stripbytes = bytecount; |
5881 | 0 | newcounts[i] = stripbytes; |
5882 | 0 | newoffsets[i] = stripbytes ? offset : 0; |
5883 | 0 | offset += stripbytes; |
5884 | 0 | bytecount -= stripbytes; |
5885 | 0 | } |
5886 | | |
5887 | | /* |
5888 | | * Replace old single strip info with multi-strip info. |
5889 | | */ |
5890 | 0 | td->td_stripsperimage = td->td_nstrips = nstrips; |
5891 | 0 | TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); |
5892 | |
|
5893 | 0 | _TIFFfree(td->td_stripbytecount_p); |
5894 | 0 | _TIFFfree(td->td_stripoffset_p); |
5895 | 0 | td->td_stripbytecount_p = newcounts; |
5896 | 0 | td->td_stripoffset_p = newoffsets; |
5897 | | #ifdef STRIPBYTECOUNTSORTED_UNUSED |
5898 | | td->td_stripbytecountsorted = 1; |
5899 | | #endif |
5900 | 0 | tif->tif_flags |= TIFF_CHOPPEDUPARRAYS; |
5901 | 0 | } |
5902 | | |
5903 | | |
5904 | | /* |
5905 | | * Replace a single strip (tile) of uncompressed data by multiple strips |
5906 | | * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for |
5907 | | * dealing with large images or for dealing with machines with a limited |
5908 | | * amount memory. |
5909 | | */ |
5910 | | static void |
5911 | | ChopUpSingleUncompressedStrip(TIFF* tif) |
5912 | 0 | { |
5913 | 0 | register TIFFDirectory *td = &tif->tif_dir; |
5914 | 0 | uint64_t bytecount; |
5915 | 0 | uint64_t offset; |
5916 | 0 | uint32_t rowblock; |
5917 | 0 | uint64_t rowblockbytes; |
5918 | 0 | uint64_t stripbytes; |
5919 | 0 | uint32_t nstrips; |
5920 | 0 | uint32_t rowsperstrip; |
5921 | |
|
5922 | 0 | bytecount = TIFFGetStrileByteCount(tif, 0); |
5923 | | /* On a newly created file, just re-opened to be filled, we */ |
5924 | | /* don't want strip chop to trigger as it is going to cause issues */ |
5925 | | /* later ( StripOffsets and StripByteCounts improperly filled) . */ |
5926 | 0 | if( bytecount == 0 && tif->tif_mode != O_RDONLY ) |
5927 | 0 | return; |
5928 | 0 | offset = TIFFGetStrileByteCount(tif, 0); |
5929 | 0 | assert(td->td_planarconfig == PLANARCONFIG_CONTIG); |
5930 | 0 | if ((td->td_photometric == PHOTOMETRIC_YCBCR)&& |
5931 | 0 | (!isUpSampled(tif))) |
5932 | 0 | rowblock = td->td_ycbcrsubsampling[1]; |
5933 | 0 | else |
5934 | 0 | rowblock = 1; |
5935 | 0 | rowblockbytes = TIFFVTileSize64(tif, rowblock); |
5936 | | /* |
5937 | | * Make the rows hold at least one scanline, but fill specified amount |
5938 | | * of data if possible. |
5939 | | */ |
5940 | 0 | if (rowblockbytes > STRIP_SIZE_DEFAULT) { |
5941 | 0 | stripbytes = rowblockbytes; |
5942 | 0 | rowsperstrip = rowblock; |
5943 | 0 | } else if (rowblockbytes > 0 ) { |
5944 | 0 | uint32_t rowblocksperstrip; |
5945 | 0 | rowblocksperstrip = (uint32_t) (STRIP_SIZE_DEFAULT / rowblockbytes); |
5946 | 0 | rowsperstrip = rowblocksperstrip * rowblock; |
5947 | 0 | stripbytes = rowblocksperstrip * rowblockbytes; |
5948 | 0 | } |
5949 | 0 | else |
5950 | 0 | return; |
5951 | | |
5952 | | /* |
5953 | | * never increase the number of rows per strip |
5954 | | */ |
5955 | 0 | if (rowsperstrip >= td->td_rowsperstrip) |
5956 | 0 | return; |
5957 | 0 | nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); |
5958 | 0 | if( nstrips == 0 ) |
5959 | 0 | return; |
5960 | | |
5961 | | /* If we are going to allocate a lot of memory, make sure that the */ |
5962 | | /* file is as big as needed */ |
5963 | 0 | if( tif->tif_mode == O_RDONLY && |
5964 | 0 | nstrips > 1000000 && |
5965 | 0 | (offset >= TIFFGetFileSize(tif) || |
5966 | 0 | stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) ) |
5967 | 0 | { |
5968 | 0 | return; |
5969 | 0 | } |
5970 | | |
5971 | 0 | allocChoppedUpStripArrays(tif, nstrips, stripbytes, rowsperstrip); |
5972 | 0 | } |
5973 | | |
5974 | | |
5975 | | /* |
5976 | | * Replace a file with contiguous strips > 2 GB of uncompressed data by |
5977 | | * multiple smaller strips. This is useful for |
5978 | | * dealing with large images or for dealing with machines with a limited |
5979 | | * amount memory. |
5980 | | */ |
5981 | | static void TryChopUpUncompressedBigTiff( TIFF* tif ) |
5982 | 0 | { |
5983 | 0 | TIFFDirectory *td = &tif->tif_dir; |
5984 | 0 | uint32_t rowblock; |
5985 | 0 | uint64_t rowblockbytes; |
5986 | 0 | uint32_t i; |
5987 | 0 | uint64_t stripsize; |
5988 | 0 | uint32_t rowblocksperstrip; |
5989 | 0 | uint32_t rowsperstrip; |
5990 | 0 | uint64_t stripbytes; |
5991 | 0 | uint32_t nstrips; |
5992 | |
|
5993 | 0 | stripsize = TIFFStripSize64(tif); |
5994 | |
|
5995 | 0 | assert( tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG ); |
5996 | 0 | assert( tif->tif_dir.td_compression == COMPRESSION_NONE ); |
5997 | 0 | assert( (tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED)) == TIFF_STRIPCHOP ); |
5998 | 0 | assert( stripsize > 0x7FFFFFFFUL ); |
5999 | | |
6000 | | /* On a newly created file, just re-opened to be filled, we */ |
6001 | | /* don't want strip chop to trigger as it is going to cause issues */ |
6002 | | /* later ( StripOffsets and StripByteCounts improperly filled) . */ |
6003 | 0 | if( TIFFGetStrileByteCount(tif, 0) == 0 && tif->tif_mode != O_RDONLY ) |
6004 | 0 | return; |
6005 | | |
6006 | 0 | if ((td->td_photometric == PHOTOMETRIC_YCBCR)&& |
6007 | 0 | (!isUpSampled(tif))) |
6008 | 0 | rowblock = td->td_ycbcrsubsampling[1]; |
6009 | 0 | else |
6010 | 0 | rowblock = 1; |
6011 | 0 | rowblockbytes = TIFFVStripSize64(tif, rowblock); |
6012 | 0 | if( rowblockbytes == 0 || rowblockbytes > 0x7FFFFFFFUL ) |
6013 | 0 | { |
6014 | | /* In case of file with gigantic width */ |
6015 | 0 | return; |
6016 | 0 | } |
6017 | | |
6018 | | /* Check that the strips are contiguous and of the expected size */ |
6019 | 0 | for( i = 0; i < td->td_nstrips; i++ ) |
6020 | 0 | { |
6021 | 0 | if( i == td->td_nstrips - 1 ) |
6022 | 0 | { |
6023 | 0 | if( TIFFGetStrileByteCount(tif, i) < TIFFVStripSize64( |
6024 | 0 | tif, td->td_imagelength - i * td->td_rowsperstrip ) ) |
6025 | 0 | { |
6026 | 0 | return; |
6027 | 0 | } |
6028 | 0 | } |
6029 | 0 | else |
6030 | 0 | { |
6031 | 0 | if( TIFFGetStrileByteCount(tif, i) != stripsize ) |
6032 | 0 | { |
6033 | 0 | return; |
6034 | 0 | } |
6035 | 0 | if( i > 0 && TIFFGetStrileOffset(tif, i) != |
6036 | 0 | TIFFGetStrileOffset(tif, i-1) + TIFFGetStrileByteCount(tif, i-1) ) |
6037 | 0 | { |
6038 | 0 | return; |
6039 | 0 | } |
6040 | 0 | } |
6041 | 0 | } |
6042 | | |
6043 | | /* Aim for 512 MB strips (that will still be manageable by 32 bit builds */ |
6044 | 0 | rowblocksperstrip = (uint32_t) (512 * 1024 * 1024 / rowblockbytes); |
6045 | 0 | if( rowblocksperstrip == 0 ) |
6046 | 0 | rowblocksperstrip = 1; |
6047 | 0 | rowsperstrip = rowblocksperstrip * rowblock; |
6048 | 0 | stripbytes = rowblocksperstrip * rowblockbytes; |
6049 | 0 | assert( stripbytes <= 0x7FFFFFFFUL ); |
6050 | |
|
6051 | 0 | nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); |
6052 | 0 | if( nstrips == 0 ) |
6053 | 0 | return; |
6054 | | |
6055 | | /* If we are going to allocate a lot of memory, make sure that the */ |
6056 | | /* file is as big as needed */ |
6057 | 0 | if( tif->tif_mode == O_RDONLY && |
6058 | 0 | nstrips > 1000000 ) |
6059 | 0 | { |
6060 | 0 | uint64_t last_offset = TIFFGetStrileOffset(tif, td->td_nstrips - 1); |
6061 | 0 | uint64_t filesize = TIFFGetFileSize(tif); |
6062 | 0 | uint64_t last_bytecount = TIFFGetStrileByteCount(tif, td->td_nstrips - 1); |
6063 | 0 | if( last_offset > filesize || |
6064 | 0 | last_bytecount > filesize - last_offset ) |
6065 | 0 | { |
6066 | 0 | return; |
6067 | 0 | } |
6068 | 0 | } |
6069 | | |
6070 | 0 | allocChoppedUpStripArrays(tif, nstrips, stripbytes, rowsperstrip); |
6071 | 0 | } |
6072 | | |
6073 | | |
6074 | | TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW |
6075 | | static uint64_t _TIFFUnsanitizedAddUInt64AndInt(uint64_t a, int b) |
6076 | 0 | { |
6077 | 0 | return a + b; |
6078 | 0 | } |
6079 | | |
6080 | | /* Read the value of [Strip|Tile]Offset or [Strip|Tile]ByteCount around |
6081 | | * strip/tile of number strile. Also fetch the neighbouring values using a |
6082 | | * 4096 byte page size. |
6083 | | */ |
6084 | | static |
6085 | | int _TIFFPartialReadStripArray(TIFF* tif, TIFFDirEntry* dirent, |
6086 | | int strile, uint64_t* panVals ) |
6087 | 0 | { |
6088 | 0 | static const char module[] = "_TIFFPartialReadStripArray"; |
6089 | 0 | #define IO_CACHE_PAGE_SIZE 4096 |
6090 | |
|
6091 | 0 | size_t sizeofval; |
6092 | 0 | const int bSwab = (tif->tif_flags & TIFF_SWAB) != 0; |
6093 | 0 | int sizeofvalint; |
6094 | 0 | uint64_t nBaseOffset; |
6095 | 0 | uint64_t nOffset; |
6096 | 0 | uint64_t nOffsetStartPage; |
6097 | 0 | uint64_t nOffsetEndPage; |
6098 | 0 | tmsize_t nToRead; |
6099 | 0 | tmsize_t nRead; |
6100 | 0 | uint64_t nLastStripOffset; |
6101 | 0 | int iStartBefore; |
6102 | 0 | int i; |
6103 | 0 | const uint32_t arraySize = tif->tif_dir.td_stripoffsetbyteallocsize; |
6104 | 0 | unsigned char buffer[2 * IO_CACHE_PAGE_SIZE]; |
6105 | |
|
6106 | 0 | assert( dirent->tdir_count > 4 ); |
6107 | |
|
6108 | 0 | if( dirent->tdir_type == TIFF_SHORT ) |
6109 | 0 | { |
6110 | 0 | sizeofval = sizeof(uint16_t); |
6111 | 0 | } |
6112 | 0 | else if( dirent->tdir_type == TIFF_LONG ) |
6113 | 0 | { |
6114 | 0 | sizeofval = sizeof(uint32_t); |
6115 | 0 | } |
6116 | 0 | else if( dirent->tdir_type == TIFF_LONG8 ) |
6117 | 0 | { |
6118 | 0 | sizeofval = sizeof(uint64_t); |
6119 | 0 | } |
6120 | 0 | else if( dirent->tdir_type == TIFF_SLONG8 ) |
6121 | 0 | { |
6122 | | /* Non conformant but used by some images as in */ |
6123 | | /* https://github.com/OSGeo/gdal/issues/2165 */ |
6124 | 0 | sizeofval = sizeof(int64_t); |
6125 | 0 | } |
6126 | 0 | else |
6127 | 0 | { |
6128 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
6129 | 0 | "Invalid type for [Strip|Tile][Offset/ByteCount] tag"); |
6130 | 0 | panVals[strile] = 0; |
6131 | 0 | return 0; |
6132 | 0 | } |
6133 | 0 | sizeofvalint = (int)(sizeofval); |
6134 | |
|
6135 | 0 | if( tif->tif_flags&TIFF_BIGTIFF ) |
6136 | 0 | { |
6137 | 0 | uint64_t offset = dirent->tdir_offset.toff_long8; |
6138 | 0 | if( bSwab ) |
6139 | 0 | TIFFSwabLong8(&offset); |
6140 | 0 | nBaseOffset = offset; |
6141 | 0 | } |
6142 | 0 | else |
6143 | 0 | { |
6144 | 0 | uint32_t offset = dirent->tdir_offset.toff_long; |
6145 | 0 | if( bSwab ) |
6146 | 0 | TIFFSwabLong(&offset); |
6147 | 0 | nBaseOffset = offset; |
6148 | 0 | } |
6149 | | /* To avoid later unsigned integer overflows */ |
6150 | 0 | if( nBaseOffset > (uint64_t)INT64_MAX ) |
6151 | 0 | { |
6152 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
6153 | 0 | "Cannot read offset/size for strile %d", strile); |
6154 | 0 | panVals[strile] = 0; |
6155 | 0 | return 0; |
6156 | 0 | } |
6157 | 0 | nOffset = nBaseOffset + sizeofval * strile; |
6158 | 0 | nOffsetStartPage = |
6159 | 0 | (nOffset / IO_CACHE_PAGE_SIZE) * IO_CACHE_PAGE_SIZE; |
6160 | 0 | nOffsetEndPage = nOffsetStartPage + IO_CACHE_PAGE_SIZE; |
6161 | |
|
6162 | 0 | if( nOffset + sizeofval > nOffsetEndPage ) |
6163 | 0 | nOffsetEndPage += IO_CACHE_PAGE_SIZE; |
6164 | 0 | #undef IO_CACHE_PAGE_SIZE |
6165 | |
|
6166 | 0 | nLastStripOffset = nBaseOffset + arraySize * sizeofval; |
6167 | 0 | if( nLastStripOffset < nOffsetEndPage ) |
6168 | 0 | nOffsetEndPage = nLastStripOffset; |
6169 | 0 | if( nOffsetStartPage >= nOffsetEndPage ) |
6170 | 0 | { |
6171 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
6172 | 0 | "Cannot read offset/size for strile %d", strile); |
6173 | 0 | panVals[strile] = 0; |
6174 | 0 | return 0; |
6175 | 0 | } |
6176 | 0 | if (!SeekOK(tif,nOffsetStartPage)) |
6177 | 0 | { |
6178 | 0 | panVals[strile] = 0; |
6179 | 0 | return 0; |
6180 | 0 | } |
6181 | | |
6182 | 0 | nToRead = (tmsize_t)(nOffsetEndPage - nOffsetStartPage); |
6183 | 0 | nRead = TIFFReadFile(tif, buffer, nToRead); |
6184 | 0 | if( nRead < nToRead ) |
6185 | 0 | { |
6186 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
6187 | 0 | "Cannot read offset/size for strile around ~%d", strile); |
6188 | 0 | return 0; |
6189 | 0 | } |
6190 | 0 | iStartBefore = -(int)((nOffset - nOffsetStartPage) / sizeofval); |
6191 | 0 | if( strile + iStartBefore < 0 ) |
6192 | 0 | iStartBefore = -strile; |
6193 | 0 | for( i = iStartBefore; |
6194 | 0 | (uint32_t)(strile + i) < arraySize && |
6195 | 0 | _TIFFUnsanitizedAddUInt64AndInt(nOffset, (i + 1) * sizeofvalint) <= nOffsetEndPage; |
6196 | 0 | ++i ) |
6197 | 0 | { |
6198 | 0 | if( dirent->tdir_type == TIFF_SHORT ) |
6199 | 0 | { |
6200 | 0 | uint16_t val; |
6201 | 0 | memcpy(&val, |
6202 | 0 | buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, |
6203 | 0 | sizeof(val)); |
6204 | 0 | if( bSwab ) |
6205 | 0 | TIFFSwabShort(&val); |
6206 | 0 | panVals[strile + i] = val; |
6207 | 0 | } |
6208 | 0 | else if( dirent->tdir_type == TIFF_LONG ) |
6209 | 0 | { |
6210 | 0 | uint32_t val; |
6211 | 0 | memcpy(&val, |
6212 | 0 | buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, |
6213 | 0 | sizeof(val)); |
6214 | 0 | if( bSwab ) |
6215 | 0 | TIFFSwabLong(&val); |
6216 | 0 | panVals[strile + i] = val; |
6217 | 0 | } |
6218 | 0 | else if( dirent->tdir_type == TIFF_LONG8 ) |
6219 | 0 | { |
6220 | 0 | uint64_t val; |
6221 | 0 | memcpy(&val, |
6222 | 0 | buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, |
6223 | 0 | sizeof(val)); |
6224 | 0 | if( bSwab ) |
6225 | 0 | TIFFSwabLong8(&val); |
6226 | 0 | panVals[strile + i] = val; |
6227 | 0 | } |
6228 | 0 | else /* if( dirent->tdir_type == TIFF_SLONG8 ) */ |
6229 | 0 | { |
6230 | | /* Non conformant data type */ |
6231 | 0 | int64_t val; |
6232 | 0 | memcpy(&val, |
6233 | 0 | buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, |
6234 | 0 | sizeof(val)); |
6235 | 0 | if( bSwab ) |
6236 | 0 | TIFFSwabLong8((uint64_t*) &val); |
6237 | 0 | panVals[strile + i] = (uint64_t) val; |
6238 | 0 | } |
6239 | 0 | } |
6240 | 0 | return 1; |
6241 | 0 | } |
6242 | | |
6243 | | static int _TIFFFetchStrileValue(TIFF* tif, |
6244 | | uint32_t strile, |
6245 | | TIFFDirEntry* dirent, |
6246 | | uint64_t** parray) |
6247 | 0 | { |
6248 | 0 | static const char module[] = "_TIFFFetchStrileValue"; |
6249 | 0 | TIFFDirectory *td = &tif->tif_dir; |
6250 | 0 | if( strile >= dirent->tdir_count ) |
6251 | 0 | { |
6252 | 0 | return 0; |
6253 | 0 | } |
6254 | 0 | if( strile >= td->td_stripoffsetbyteallocsize ) |
6255 | 0 | { |
6256 | 0 | uint32_t nStripArrayAllocBefore = td->td_stripoffsetbyteallocsize; |
6257 | 0 | uint32_t nStripArrayAllocNew; |
6258 | 0 | uint64_t nArraySize64; |
6259 | 0 | size_t nArraySize; |
6260 | 0 | uint64_t* offsetArray; |
6261 | 0 | uint64_t* bytecountArray; |
6262 | |
|
6263 | 0 | if( strile > 1000000 ) |
6264 | 0 | { |
6265 | 0 | uint64_t filesize = TIFFGetFileSize(tif); |
6266 | | /* Avoid excessive memory allocation attempt */ |
6267 | | /* For such a big blockid we need at least a TIFF_LONG per strile */ |
6268 | | /* for the offset array. */ |
6269 | 0 | if( strile > filesize / sizeof(uint32_t) ) |
6270 | 0 | { |
6271 | 0 | TIFFErrorExt(tif->tif_clientdata, module, "File too short"); |
6272 | 0 | return 0; |
6273 | 0 | } |
6274 | 0 | } |
6275 | | |
6276 | 0 | if( td->td_stripoffsetbyteallocsize == 0 && |
6277 | 0 | td->td_nstrips < 1024 * 1024 ) |
6278 | 0 | { |
6279 | 0 | nStripArrayAllocNew = td->td_nstrips; |
6280 | 0 | } |
6281 | 0 | else |
6282 | 0 | { |
6283 | 0 | #define TIFF_MAX(a,b) (((a)>(b)) ? (a) : (b)) |
6284 | 0 | #define TIFF_MIN(a,b) (((a)<(b)) ? (a) : (b)) |
6285 | 0 | nStripArrayAllocNew = TIFF_MAX(strile + 1, 1024U * 512U ); |
6286 | 0 | if( nStripArrayAllocNew < 0xFFFFFFFFU / 2 ) |
6287 | 0 | nStripArrayAllocNew *= 2; |
6288 | 0 | nStripArrayAllocNew = TIFF_MIN(nStripArrayAllocNew, td->td_nstrips); |
6289 | 0 | } |
6290 | 0 | assert( strile < nStripArrayAllocNew ); |
6291 | 0 | nArraySize64 = (uint64_t)sizeof(uint64_t) * nStripArrayAllocNew; |
6292 | 0 | nArraySize = (size_t)(nArraySize64); |
6293 | | #if SIZEOF_SIZE_T == 4 |
6294 | | if( nArraySize != nArraySize64 ) |
6295 | | { |
6296 | | TIFFErrorExt(tif->tif_clientdata, module, |
6297 | | "Cannot allocate strip offset and bytecount arrays"); |
6298 | | return 0; |
6299 | | } |
6300 | | #endif |
6301 | 0 | offsetArray = (uint64_t*)( |
6302 | 0 | _TIFFrealloc( td->td_stripoffset_p, nArraySize ) ); |
6303 | 0 | bytecountArray = (uint64_t*)( |
6304 | 0 | _TIFFrealloc( td->td_stripbytecount_p, nArraySize ) ); |
6305 | 0 | if( offsetArray ) |
6306 | 0 | td->td_stripoffset_p = offsetArray; |
6307 | 0 | if( bytecountArray ) |
6308 | 0 | td->td_stripbytecount_p = bytecountArray; |
6309 | 0 | if( offsetArray && bytecountArray ) |
6310 | 0 | { |
6311 | 0 | td->td_stripoffsetbyteallocsize = nStripArrayAllocNew; |
6312 | | /* Initialize new entries to ~0 / -1 */ |
6313 | 0 | memset(td->td_stripoffset_p + nStripArrayAllocBefore, |
6314 | 0 | 0xFF, |
6315 | 0 | (td->td_stripoffsetbyteallocsize - nStripArrayAllocBefore) * sizeof(uint64_t) ); |
6316 | 0 | memset(td->td_stripbytecount_p + nStripArrayAllocBefore, |
6317 | 0 | 0xFF, |
6318 | 0 | (td->td_stripoffsetbyteallocsize - nStripArrayAllocBefore) * sizeof(uint64_t) ); |
6319 | 0 | } |
6320 | 0 | else |
6321 | 0 | { |
6322 | 0 | TIFFErrorExt(tif->tif_clientdata, module, |
6323 | 0 | "Cannot allocate strip offset and bytecount arrays"); |
6324 | 0 | _TIFFfree(td->td_stripoffset_p); |
6325 | 0 | td->td_stripoffset_p = NULL; |
6326 | 0 | _TIFFfree(td->td_stripbytecount_p); |
6327 | 0 | td->td_stripbytecount_p = NULL; |
6328 | 0 | td->td_stripoffsetbyteallocsize = 0; |
6329 | 0 | } |
6330 | 0 | } |
6331 | 0 | if( *parray == NULL || strile >= td->td_stripoffsetbyteallocsize ) |
6332 | 0 | return 0; |
6333 | | |
6334 | 0 | if( ~((*parray)[strile]) == 0 ) |
6335 | 0 | { |
6336 | 0 | if( !_TIFFPartialReadStripArray( tif, dirent, strile, *parray ) ) |
6337 | 0 | { |
6338 | 0 | (*parray)[strile] = 0; |
6339 | 0 | return 0; |
6340 | 0 | } |
6341 | 0 | } |
6342 | | |
6343 | 0 | return 1; |
6344 | 0 | } |
6345 | | |
6346 | | static uint64_t _TIFFGetStrileOffsetOrByteCountValue(TIFF *tif, uint32_t strile, |
6347 | | TIFFDirEntry* dirent, |
6348 | | uint64_t** parray, |
6349 | | int *pbErr) |
6350 | 0 | { |
6351 | 0 | TIFFDirectory *td = &tif->tif_dir; |
6352 | 0 | if( pbErr ) |
6353 | 0 | *pbErr = 0; |
6354 | 0 | if( (tif->tif_flags&TIFF_DEFERSTRILELOAD) && !(tif->tif_flags&TIFF_CHOPPEDUPARRAYS) ) |
6355 | 0 | { |
6356 | 0 | if( !(tif->tif_flags&TIFF_LAZYSTRILELOAD) || |
6357 | | /* If the values may fit in the toff_long/toff_long8 member */ |
6358 | | /* then use _TIFFFillStriles to simplify _TIFFFetchStrileValue */ |
6359 | 0 | dirent->tdir_count <= 4 ) |
6360 | 0 | { |
6361 | 0 | if( !_TIFFFillStriles(tif) ) |
6362 | 0 | { |
6363 | 0 | if( pbErr ) |
6364 | 0 | *pbErr = 1; |
6365 | | /* Do not return, as we want this function to always */ |
6366 | | /* return the same value if called several times with */ |
6367 | | /* the same arguments */ |
6368 | 0 | } |
6369 | 0 | } |
6370 | 0 | else |
6371 | 0 | { |
6372 | 0 | if( !_TIFFFetchStrileValue(tif, strile, dirent, parray) ) |
6373 | 0 | { |
6374 | 0 | if( pbErr ) |
6375 | 0 | *pbErr = 1; |
6376 | 0 | return 0; |
6377 | 0 | } |
6378 | 0 | } |
6379 | 0 | } |
6380 | 0 | if( *parray == NULL || strile >= td->td_nstrips ) |
6381 | 0 | { |
6382 | 0 | if( pbErr ) |
6383 | 0 | *pbErr = 1; |
6384 | 0 | return 0; |
6385 | 0 | } |
6386 | 0 | return (*parray)[strile]; |
6387 | 0 | } |
6388 | | |
6389 | | /* Return the value of the TileOffsets/StripOffsets array for the specified tile/strile */ |
6390 | | uint64_t TIFFGetStrileOffset(TIFF *tif, uint32_t strile) |
6391 | 0 | { |
6392 | 0 | return TIFFGetStrileOffsetWithErr(tif, strile, NULL); |
6393 | 0 | } |
6394 | | |
6395 | | /* Return the value of the TileOffsets/StripOffsets array for the specified tile/strile */ |
6396 | | uint64_t TIFFGetStrileOffsetWithErr(TIFF *tif, uint32_t strile, int *pbErr) |
6397 | 0 | { |
6398 | 0 | TIFFDirectory *td = &tif->tif_dir; |
6399 | 0 | return _TIFFGetStrileOffsetOrByteCountValue(tif, strile, |
6400 | 0 | &(td->td_stripoffset_entry), |
6401 | 0 | &(td->td_stripoffset_p), pbErr); |
6402 | 0 | } |
6403 | | |
6404 | | /* Return the value of the TileByteCounts/StripByteCounts array for the specified tile/strile */ |
6405 | | uint64_t TIFFGetStrileByteCount(TIFF *tif, uint32_t strile) |
6406 | 0 | { |
6407 | 0 | return TIFFGetStrileByteCountWithErr(tif, strile, NULL); |
6408 | 0 | } |
6409 | | |
6410 | | /* Return the value of the TileByteCounts/StripByteCounts array for the specified tile/strile */ |
6411 | | uint64_t TIFFGetStrileByteCountWithErr(TIFF *tif, uint32_t strile, int *pbErr) |
6412 | 0 | { |
6413 | 0 | TIFFDirectory *td = &tif->tif_dir; |
6414 | 0 | return _TIFFGetStrileOffsetOrByteCountValue(tif, strile, |
6415 | 0 | &(td->td_stripbytecount_entry), |
6416 | 0 | &(td->td_stripbytecount_p), pbErr); |
6417 | 0 | } |
6418 | | |
6419 | | |
6420 | | int _TIFFFillStriles( TIFF *tif ) |
6421 | 6.38k | { |
6422 | 6.38k | return _TIFFFillStrilesInternal( tif, 1 ); |
6423 | 6.38k | } |
6424 | | |
6425 | | static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount ) |
6426 | 6.38k | { |
6427 | 6.38k | register TIFFDirectory *td = &tif->tif_dir; |
6428 | 6.38k | int return_value = 1; |
6429 | | |
6430 | | /* Do not do anything if TIFF_DEFERSTRILELOAD is not set */ |
6431 | 6.38k | if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) || (tif->tif_flags&TIFF_CHOPPEDUPARRAYS) != 0 ) |
6432 | 6.38k | return 1; |
6433 | | |
6434 | 0 | if( tif->tif_flags&TIFF_LAZYSTRILELOAD ) |
6435 | 0 | { |
6436 | | /* In case of lazy loading, reload completely the arrays */ |
6437 | 0 | _TIFFfree(td->td_stripoffset_p); |
6438 | 0 | _TIFFfree(td->td_stripbytecount_p); |
6439 | 0 | td->td_stripoffset_p = NULL; |
6440 | 0 | td->td_stripbytecount_p = NULL; |
6441 | 0 | td->td_stripoffsetbyteallocsize = 0; |
6442 | 0 | tif->tif_flags &= ~TIFF_LAZYSTRILELOAD; |
6443 | 0 | } |
6444 | | |
6445 | | /* If stripoffset array is already loaded, exit with success */ |
6446 | 0 | if( td->td_stripoffset_p != NULL ) |
6447 | 0 | return 1; |
6448 | | |
6449 | | /* If tdir_count was canceled, then we already got there, but in error */ |
6450 | 0 | if( td->td_stripoffset_entry.tdir_count == 0 ) |
6451 | 0 | return 0; |
6452 | | |
6453 | 0 | if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry), |
6454 | 0 | td->td_nstrips,&td->td_stripoffset_p)) |
6455 | 0 | { |
6456 | 0 | return_value = 0; |
6457 | 0 | } |
6458 | |
|
6459 | 0 | if (loadStripByteCount && |
6460 | 0 | !TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry), |
6461 | 0 | td->td_nstrips,&td->td_stripbytecount_p)) |
6462 | 0 | { |
6463 | 0 | return_value = 0; |
6464 | 0 | } |
6465 | |
|
6466 | 0 | _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry)); |
6467 | 0 | _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry)); |
6468 | |
|
6469 | | #ifdef STRIPBYTECOUNTSORTED_UNUSED |
6470 | | if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) { |
6471 | | uint32_t strip; |
6472 | | |
6473 | | tif->tif_dir.td_stripbytecountsorted = 1; |
6474 | | for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) { |
6475 | | if (tif->tif_dir.td_stripoffset_p[strip - 1] > |
6476 | | tif->tif_dir.td_stripoffset_p[strip]) { |
6477 | | tif->tif_dir.td_stripbytecountsorted = 0; |
6478 | | break; |
6479 | | } |
6480 | | } |
6481 | | } |
6482 | | #endif |
6483 | |
|
6484 | 0 | return return_value; |
6485 | 0 | } |
6486 | | |
6487 | | |
6488 | | /* vim: set ts=8 sts=8 sw=8 noet: */ |
6489 | | /* |
6490 | | * Local Variables: |
6491 | | * mode: c |
6492 | | * c-basic-offset: 8 |
6493 | | * fill-column: 78 |
6494 | | * End: |
6495 | | */ |