1 /*
2 * Copyright (c) 1988-1997 Sam Leffler
3 * Copyright (c) 1991-1997 Silicon Graphics, Inc.
4 *
5 * Permission to use, copy, modify, distribute, and sell this software and
6 * its documentation for any purpose is hereby granted without fee, provided
7 * that (i) the above copyright notices and this permission notice appear in
8 * all copies of the software and related documentation, and (ii) the names of
9 * Sam Leffler and Silicon Graphics may not be used in any advertising or
10 * publicity relating to the software without the specific, prior written
11 * permission of Sam Leffler and Silicon Graphics.
12 *
13 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
14 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
15 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
16 *
17 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
18 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
19 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
20 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
21 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
22 * OF THIS SOFTWARE.
23 */
24
25 /*
26 * TIFF Library.
27 *
28 * Directory Read Support Routines.
29 */
30
31 /* Suggested pending improvements:
32 * - add a field 'ignore' to the TIFFDirEntry structure, to flag status,
33 * eliminating current use of the IGNORE value, and therefore eliminating
34 * current irrational behaviour on tags with tag id code 0
35 * - add a field 'field_info' to the TIFFDirEntry structure, and set that with
36 * the pointer to the appropriate TIFFField structure early on in
37 * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup.
38 */
39
40 #include "tiffiop.h"
41 #include <float.h>
42 #include <stdlib.h>
43
44 #define IGNORE 0 /* tag placeholder used below */
45 #define FAILED_FII ((uint32) -1)
46
47 #ifdef HAVE_IEEEFP
48 # define TIFFCvtIEEEFloatToNative(tif, n, fp)
49 # define TIFFCvtIEEEDoubleToNative(tif, n, dp)
50 #else
51 extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32, float*);
52 extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32, double*);
53 #endif
54
55 enum TIFFReadDirEntryErr {
56 TIFFReadDirEntryErrOk = 0,
57 TIFFReadDirEntryErrCount = 1,
58 TIFFReadDirEntryErrType = 2,
59 TIFFReadDirEntryErrIo = 3,
60 TIFFReadDirEntryErrRange = 4,
61 TIFFReadDirEntryErrPsdif = 5,
62 TIFFReadDirEntryErrSizesan = 6,
63 TIFFReadDirEntryErrAlloc = 7,
64 };
65
66 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
67 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
68 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
69 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
70 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
71 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
72 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
73
74 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value);
75 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value);
76 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value);
77 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value);
78 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value);
79 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value);
80 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value);
81 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
82 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value);
83 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value);
84 static enum TIFFReadDirEntryErr TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value);
85 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
86
87 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
88 #if 0
89 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
90 #endif
91
92 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
93 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value);
94 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
95 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value);
96 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
97 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value);
98 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
99 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value);
100 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value);
101 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value);
102 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
103 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
104
105 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value);
106 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value);
107 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value);
108 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value);
109 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value);
110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value);
111 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value);
112
113 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value);
114 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value);
115 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value);
116 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value);
117 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value);
118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value);
119 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value);
120
121 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value);
122 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value);
123 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value);
124 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value);
125 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value);
126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value);
127
128 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value);
129 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value);
130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value);
131 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value);
132 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value);
133
134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value);
135 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value);
136 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value);
137 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongLong8(uint64 value);
138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong8(int64 value);
139
140 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong(uint32 value);
141 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong8(uint64 value);
142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongSlong8(int64 value);
143
144 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value);
145 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sshort(int16 value);
146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong(int32 value);
147 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong8(int64 value);
148
149 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value);
150
151 static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest);
152 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover);
153
154 static void TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
155 static TIFFDirEntry* TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid);
156 static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii);
157
158 static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
159 static void MissingRequired(TIFF*, const char*);
160 static int TIFFCheckDirOffset(TIFF* tif, uint64 diroff);
161 static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32);
162 static uint16 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, uint64* nextdiroff);
163 static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover);
164 static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp);
165 static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
166 static void ChopUpSingleUncompressedStrip(TIFF*);
167 static uint64 TIFFReadUInt64(const uint8 *value);
168 static int _TIFFGetMaxColorChannels(uint16 photometric);
169
170 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
171
172 typedef union _UInt64Aligned_t
173 {
174 double d;
175 uint64 l;
176 uint32 i[2];
177 uint16 s[4];
178 uint8 c[8];
179 } UInt64Aligned_t;
180
181 /*
182 Unaligned safe copy of a uint64 value from an octet array.
183 */
TIFFReadUInt64(const uint8 * value)184 static uint64 TIFFReadUInt64(const uint8 *value)
185 {
186 UInt64Aligned_t result;
187
188 result.c[0]=value[0];
189 result.c[1]=value[1];
190 result.c[2]=value[2];
191 result.c[3]=value[3];
192 result.c[4]=value[4];
193 result.c[5]=value[5];
194 result.c[6]=value[6];
195 result.c[7]=value[7];
196
197 return result.l;
198 }
199
TIFFReadDirEntryByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)200 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
201 {
202 enum TIFFReadDirEntryErr err;
203 if (direntry->tdir_count!=1)
204 return(TIFFReadDirEntryErrCount);
205 switch (direntry->tdir_type)
206 {
207 case TIFF_BYTE:
208 TIFFReadDirEntryCheckedByte(tif,direntry,value);
209 return(TIFFReadDirEntryErrOk);
210 case TIFF_SBYTE:
211 {
212 int8 m;
213 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
214 err=TIFFReadDirEntryCheckRangeByteSbyte(m);
215 if (err!=TIFFReadDirEntryErrOk)
216 return(err);
217 *value=(uint8)m;
218 return(TIFFReadDirEntryErrOk);
219 }
220 case TIFF_SHORT:
221 {
222 uint16 m;
223 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
224 err=TIFFReadDirEntryCheckRangeByteShort(m);
225 if (err!=TIFFReadDirEntryErrOk)
226 return(err);
227 *value=(uint8)m;
228 return(TIFFReadDirEntryErrOk);
229 }
230 case TIFF_SSHORT:
231 {
232 int16 m;
233 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
234 err=TIFFReadDirEntryCheckRangeByteSshort(m);
235 if (err!=TIFFReadDirEntryErrOk)
236 return(err);
237 *value=(uint8)m;
238 return(TIFFReadDirEntryErrOk);
239 }
240 case TIFF_LONG:
241 {
242 uint32 m;
243 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
244 err=TIFFReadDirEntryCheckRangeByteLong(m);
245 if (err!=TIFFReadDirEntryErrOk)
246 return(err);
247 *value=(uint8)m;
248 return(TIFFReadDirEntryErrOk);
249 }
250 case TIFF_SLONG:
251 {
252 int32 m;
253 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
254 err=TIFFReadDirEntryCheckRangeByteSlong(m);
255 if (err!=TIFFReadDirEntryErrOk)
256 return(err);
257 *value=(uint8)m;
258 return(TIFFReadDirEntryErrOk);
259 }
260 case TIFF_LONG8:
261 {
262 uint64 m;
263 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
264 if (err!=TIFFReadDirEntryErrOk)
265 return(err);
266 err=TIFFReadDirEntryCheckRangeByteLong8(m);
267 if (err!=TIFFReadDirEntryErrOk)
268 return(err);
269 *value=(uint8)m;
270 return(TIFFReadDirEntryErrOk);
271 }
272 case TIFF_SLONG8:
273 {
274 int64 m;
275 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
276 if (err!=TIFFReadDirEntryErrOk)
277 return(err);
278 err=TIFFReadDirEntryCheckRangeByteSlong8(m);
279 if (err!=TIFFReadDirEntryErrOk)
280 return(err);
281 *value=(uint8)m;
282 return(TIFFReadDirEntryErrOk);
283 }
284 default:
285 return(TIFFReadDirEntryErrType);
286 }
287 }
288
TIFFReadDirEntryShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)289 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
290 {
291 enum TIFFReadDirEntryErr err;
292 if (direntry->tdir_count!=1)
293 return(TIFFReadDirEntryErrCount);
294 switch (direntry->tdir_type)
295 {
296 case TIFF_BYTE:
297 {
298 uint8 m;
299 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
300 *value=(uint16)m;
301 return(TIFFReadDirEntryErrOk);
302 }
303 case TIFF_SBYTE:
304 {
305 int8 m;
306 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
307 err=TIFFReadDirEntryCheckRangeShortSbyte(m);
308 if (err!=TIFFReadDirEntryErrOk)
309 return(err);
310 *value=(uint16)m;
311 return(TIFFReadDirEntryErrOk);
312 }
313 case TIFF_SHORT:
314 TIFFReadDirEntryCheckedShort(tif,direntry,value);
315 return(TIFFReadDirEntryErrOk);
316 case TIFF_SSHORT:
317 {
318 int16 m;
319 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
320 err=TIFFReadDirEntryCheckRangeShortSshort(m);
321 if (err!=TIFFReadDirEntryErrOk)
322 return(err);
323 *value=(uint16)m;
324 return(TIFFReadDirEntryErrOk);
325 }
326 case TIFF_LONG:
327 {
328 uint32 m;
329 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
330 err=TIFFReadDirEntryCheckRangeShortLong(m);
331 if (err!=TIFFReadDirEntryErrOk)
332 return(err);
333 *value=(uint16)m;
334 return(TIFFReadDirEntryErrOk);
335 }
336 case TIFF_SLONG:
337 {
338 int32 m;
339 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
340 err=TIFFReadDirEntryCheckRangeShortSlong(m);
341 if (err!=TIFFReadDirEntryErrOk)
342 return(err);
343 *value=(uint16)m;
344 return(TIFFReadDirEntryErrOk);
345 }
346 case TIFF_LONG8:
347 {
348 uint64 m;
349 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
350 if (err!=TIFFReadDirEntryErrOk)
351 return(err);
352 err=TIFFReadDirEntryCheckRangeShortLong8(m);
353 if (err!=TIFFReadDirEntryErrOk)
354 return(err);
355 *value=(uint16)m;
356 return(TIFFReadDirEntryErrOk);
357 }
358 case TIFF_SLONG8:
359 {
360 int64 m;
361 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
362 if (err!=TIFFReadDirEntryErrOk)
363 return(err);
364 err=TIFFReadDirEntryCheckRangeShortSlong8(m);
365 if (err!=TIFFReadDirEntryErrOk)
366 return(err);
367 *value=(uint16)m;
368 return(TIFFReadDirEntryErrOk);
369 }
370 default:
371 return(TIFFReadDirEntryErrType);
372 }
373 }
374
TIFFReadDirEntryLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)375 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
376 {
377 enum TIFFReadDirEntryErr err;
378 if (direntry->tdir_count!=1)
379 return(TIFFReadDirEntryErrCount);
380 switch (direntry->tdir_type)
381 {
382 case TIFF_BYTE:
383 {
384 uint8 m;
385 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
386 *value=(uint32)m;
387 return(TIFFReadDirEntryErrOk);
388 }
389 case TIFF_SBYTE:
390 {
391 int8 m;
392 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
393 err=TIFFReadDirEntryCheckRangeLongSbyte(m);
394 if (err!=TIFFReadDirEntryErrOk)
395 return(err);
396 *value=(uint32)m;
397 return(TIFFReadDirEntryErrOk);
398 }
399 case TIFF_SHORT:
400 {
401 uint16 m;
402 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
403 *value=(uint32)m;
404 return(TIFFReadDirEntryErrOk);
405 }
406 case TIFF_SSHORT:
407 {
408 int16 m;
409 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
410 err=TIFFReadDirEntryCheckRangeLongSshort(m);
411 if (err!=TIFFReadDirEntryErrOk)
412 return(err);
413 *value=(uint32)m;
414 return(TIFFReadDirEntryErrOk);
415 }
416 case TIFF_LONG:
417 TIFFReadDirEntryCheckedLong(tif,direntry,value);
418 return(TIFFReadDirEntryErrOk);
419 case TIFF_SLONG:
420 {
421 int32 m;
422 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
423 err=TIFFReadDirEntryCheckRangeLongSlong(m);
424 if (err!=TIFFReadDirEntryErrOk)
425 return(err);
426 *value=(uint32)m;
427 return(TIFFReadDirEntryErrOk);
428 }
429 case TIFF_LONG8:
430 {
431 uint64 m;
432 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
433 if (err!=TIFFReadDirEntryErrOk)
434 return(err);
435 err=TIFFReadDirEntryCheckRangeLongLong8(m);
436 if (err!=TIFFReadDirEntryErrOk)
437 return(err);
438 *value=(uint32)m;
439 return(TIFFReadDirEntryErrOk);
440 }
441 case TIFF_SLONG8:
442 {
443 int64 m;
444 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
445 if (err!=TIFFReadDirEntryErrOk)
446 return(err);
447 err=TIFFReadDirEntryCheckRangeLongSlong8(m);
448 if (err!=TIFFReadDirEntryErrOk)
449 return(err);
450 *value=(uint32)m;
451 return(TIFFReadDirEntryErrOk);
452 }
453 default:
454 return(TIFFReadDirEntryErrType);
455 }
456 }
457
TIFFReadDirEntryLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)458 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
459 {
460 enum TIFFReadDirEntryErr err;
461 if (direntry->tdir_count!=1)
462 return(TIFFReadDirEntryErrCount);
463 switch (direntry->tdir_type)
464 {
465 case TIFF_BYTE:
466 {
467 uint8 m;
468 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
469 *value=(uint64)m;
470 return(TIFFReadDirEntryErrOk);
471 }
472 case TIFF_SBYTE:
473 {
474 int8 m;
475 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
476 err=TIFFReadDirEntryCheckRangeLong8Sbyte(m);
477 if (err!=TIFFReadDirEntryErrOk)
478 return(err);
479 *value=(uint64)m;
480 return(TIFFReadDirEntryErrOk);
481 }
482 case TIFF_SHORT:
483 {
484 uint16 m;
485 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
486 *value=(uint64)m;
487 return(TIFFReadDirEntryErrOk);
488 }
489 case TIFF_SSHORT:
490 {
491 int16 m;
492 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
493 err=TIFFReadDirEntryCheckRangeLong8Sshort(m);
494 if (err!=TIFFReadDirEntryErrOk)
495 return(err);
496 *value=(uint64)m;
497 return(TIFFReadDirEntryErrOk);
498 }
499 case TIFF_LONG:
500 {
501 uint32 m;
502 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
503 *value=(uint64)m;
504 return(TIFFReadDirEntryErrOk);
505 }
506 case TIFF_SLONG:
507 {
508 int32 m;
509 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
510 err=TIFFReadDirEntryCheckRangeLong8Slong(m);
511 if (err!=TIFFReadDirEntryErrOk)
512 return(err);
513 *value=(uint64)m;
514 return(TIFFReadDirEntryErrOk);
515 }
516 case TIFF_LONG8:
517 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
518 return(err);
519 case TIFF_SLONG8:
520 {
521 int64 m;
522 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
523 if (err!=TIFFReadDirEntryErrOk)
524 return(err);
525 err=TIFFReadDirEntryCheckRangeLong8Slong8(m);
526 if (err!=TIFFReadDirEntryErrOk)
527 return(err);
528 *value=(uint64)m;
529 return(TIFFReadDirEntryErrOk);
530 }
531 default:
532 return(TIFFReadDirEntryErrType);
533 }
534 }
535
TIFFReadDirEntryFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)536 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
537 {
538 enum TIFFReadDirEntryErr err;
539 if (direntry->tdir_count!=1)
540 return(TIFFReadDirEntryErrCount);
541 switch (direntry->tdir_type)
542 {
543 case TIFF_BYTE:
544 {
545 uint8 m;
546 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
547 *value=(float)m;
548 return(TIFFReadDirEntryErrOk);
549 }
550 case TIFF_SBYTE:
551 {
552 int8 m;
553 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
554 *value=(float)m;
555 return(TIFFReadDirEntryErrOk);
556 }
557 case TIFF_SHORT:
558 {
559 uint16 m;
560 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
561 *value=(float)m;
562 return(TIFFReadDirEntryErrOk);
563 }
564 case TIFF_SSHORT:
565 {
566 int16 m;
567 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
568 *value=(float)m;
569 return(TIFFReadDirEntryErrOk);
570 }
571 case TIFF_LONG:
572 {
573 uint32 m;
574 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
575 *value=(float)m;
576 return(TIFFReadDirEntryErrOk);
577 }
578 case TIFF_SLONG:
579 {
580 int32 m;
581 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
582 *value=(float)m;
583 return(TIFFReadDirEntryErrOk);
584 }
585 case TIFF_LONG8:
586 {
587 uint64 m;
588 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
589 if (err!=TIFFReadDirEntryErrOk)
590 return(err);
591 #if defined(__WIN32__) && (_MSC_VER < 1500)
592 /*
593 * XXX: MSVC 6.0 does not support conversion
594 * of 64-bit integers into floating point
595 * values.
596 */
597 *value = _TIFFUInt64ToFloat(m);
598 #else
599 *value=(float)m;
600 #endif
601 return(TIFFReadDirEntryErrOk);
602 }
603 case TIFF_SLONG8:
604 {
605 int64 m;
606 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
607 if (err!=TIFFReadDirEntryErrOk)
608 return(err);
609 *value=(float)m;
610 return(TIFFReadDirEntryErrOk);
611 }
612 case TIFF_RATIONAL:
613 {
614 double m;
615 err=TIFFReadDirEntryCheckedRational(tif,direntry,&m);
616 if (err!=TIFFReadDirEntryErrOk)
617 return(err);
618 *value=(float)m;
619 return(TIFFReadDirEntryErrOk);
620 }
621 case TIFF_SRATIONAL:
622 {
623 double m;
624 err=TIFFReadDirEntryCheckedSrational(tif,direntry,&m);
625 if (err!=TIFFReadDirEntryErrOk)
626 return(err);
627 *value=(float)m;
628 return(TIFFReadDirEntryErrOk);
629 }
630 case TIFF_FLOAT:
631 TIFFReadDirEntryCheckedFloat(tif,direntry,value);
632 return(TIFFReadDirEntryErrOk);
633 case TIFF_DOUBLE:
634 {
635 double m;
636 err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m);
637 if (err!=TIFFReadDirEntryErrOk)
638 return(err);
639 if ((m > FLT_MAX) || (m < FLT_MIN))
640 return(TIFFReadDirEntryErrRange);
641 *value=(float)m;
642 return(TIFFReadDirEntryErrOk);
643 }
644 default:
645 return(TIFFReadDirEntryErrType);
646 }
647 }
648
TIFFReadDirEntryDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)649 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
650 {
651 enum TIFFReadDirEntryErr err;
652 if (direntry->tdir_count!=1)
653 return(TIFFReadDirEntryErrCount);
654 switch (direntry->tdir_type)
655 {
656 case TIFF_BYTE:
657 {
658 uint8 m;
659 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
660 *value=(double)m;
661 return(TIFFReadDirEntryErrOk);
662 }
663 case TIFF_SBYTE:
664 {
665 int8 m;
666 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
667 *value=(double)m;
668 return(TIFFReadDirEntryErrOk);
669 }
670 case TIFF_SHORT:
671 {
672 uint16 m;
673 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
674 *value=(double)m;
675 return(TIFFReadDirEntryErrOk);
676 }
677 case TIFF_SSHORT:
678 {
679 int16 m;
680 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
681 *value=(double)m;
682 return(TIFFReadDirEntryErrOk);
683 }
684 case TIFF_LONG:
685 {
686 uint32 m;
687 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
688 *value=(double)m;
689 return(TIFFReadDirEntryErrOk);
690 }
691 case TIFF_SLONG:
692 {
693 int32 m;
694 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
695 *value=(double)m;
696 return(TIFFReadDirEntryErrOk);
697 }
698 case TIFF_LONG8:
699 {
700 uint64 m;
701 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
702 if (err!=TIFFReadDirEntryErrOk)
703 return(err);
704 #if defined(__WIN32__) && (_MSC_VER < 1500)
705 /*
706 * XXX: MSVC 6.0 does not support conversion
707 * of 64-bit integers into floating point
708 * values.
709 */
710 *value = _TIFFUInt64ToDouble(m);
711 #else
712 *value = (double)m;
713 #endif
714 return(TIFFReadDirEntryErrOk);
715 }
716 case TIFF_SLONG8:
717 {
718 int64 m;
719 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
720 if (err!=TIFFReadDirEntryErrOk)
721 return(err);
722 *value=(double)m;
723 return(TIFFReadDirEntryErrOk);
724 }
725 case TIFF_RATIONAL:
726 err=TIFFReadDirEntryCheckedRational(tif,direntry,value);
727 return(err);
728 case TIFF_SRATIONAL:
729 err=TIFFReadDirEntryCheckedSrational(tif,direntry,value);
730 return(err);
731 case TIFF_FLOAT:
732 {
733 float m;
734 TIFFReadDirEntryCheckedFloat(tif,direntry,&m);
735 *value=(double)m;
736 return(TIFFReadDirEntryErrOk);
737 }
738 case TIFF_DOUBLE:
739 err=TIFFReadDirEntryCheckedDouble(tif,direntry,value);
740 return(err);
741 default:
742 return(TIFFReadDirEntryErrType);
743 }
744 }
745
TIFFReadDirEntryIfd8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)746 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
747 {
748 enum TIFFReadDirEntryErr err;
749 if (direntry->tdir_count!=1)
750 return(TIFFReadDirEntryErrCount);
751 switch (direntry->tdir_type)
752 {
753 case TIFF_LONG:
754 case TIFF_IFD:
755 {
756 uint32 m;
757 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
758 *value=(uint64)m;
759 return(TIFFReadDirEntryErrOk);
760 }
761 case TIFF_LONG8:
762 case TIFF_IFD8:
763 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
764 return(err);
765 default:
766 return(TIFFReadDirEntryErrType);
767 }
768 }
769
770
771 #define INITIAL_THRESHOLD (1024 * 1024)
772 #define THRESHOLD_MULTIPLIER 10
773 #define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD)
774
TIFFReadDirEntryDataAndRealloc(TIFF * tif,uint64 offset,tmsize_t size,void ** pdest)775 static enum TIFFReadDirEntryErr TIFFReadDirEntryDataAndRealloc(
776 TIFF* tif, uint64 offset, tmsize_t size, void** pdest)
777 {
778 #if SIZEOF_SIZE_T == 8
779 tmsize_t threshold = INITIAL_THRESHOLD;
780 #endif
781 tmsize_t already_read = 0;
782
783 assert( !isMapped(tif) );
784
785 if (!SeekOK(tif,offset))
786 return(TIFFReadDirEntryErrIo);
787
788 /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */
789 /* so as to avoid allocating too much memory in case the file is too */
790 /* short. We could ask for the file size, but this might be */
791 /* expensive with some I/O layers (think of reading a gzipped file) */
792 /* Restrict to 64 bit processes, so as to avoid reallocs() */
793 /* on 32 bit processes where virtual memory is scarce. */
794 while( already_read < size )
795 {
796 void* new_dest;
797 tmsize_t bytes_read;
798 tmsize_t to_read = size - already_read;
799 #if SIZEOF_SIZE_T == 8
800 if( to_read >= threshold && threshold < MAX_THRESHOLD )
801 {
802 to_read = threshold;
803 threshold *= THRESHOLD_MULTIPLIER;
804 }
805 #endif
806
807 new_dest = (uint8*) _TIFFrealloc(
808 *pdest, already_read + to_read);
809 if( new_dest == NULL )
810 {
811 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
812 "Failed to allocate memory for %s "
813 "(%ld elements of %ld bytes each)",
814 "TIFFReadDirEntryArray",
815 (long) 1, (long) (already_read + to_read));
816 return TIFFReadDirEntryErrAlloc;
817 }
818 *pdest = new_dest;
819
820 bytes_read = TIFFReadFile(tif,
821 (char*)*pdest + already_read, to_read);
822 already_read += bytes_read;
823 if (bytes_read != to_read) {
824 return TIFFReadDirEntryErrIo;
825 }
826 }
827 return TIFFReadDirEntryErrOk;
828 }
829
TIFFReadDirEntryArrayWithLimit(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value,uint64 maxcount)830 static enum TIFFReadDirEntryErr TIFFReadDirEntryArrayWithLimit(
831 TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize,
832 void** value, uint64 maxcount)
833 {
834 int typesize;
835 uint32 datasize;
836 void* data;
837 uint64 target_count64;
838 typesize=TIFFDataWidth(direntry->tdir_type);
839
840 target_count64 = (direntry->tdir_count > maxcount) ?
841 maxcount : direntry->tdir_count;
842
843 if ((target_count64==0)||(typesize==0))
844 {
845 *value=0;
846 return(TIFFReadDirEntryErrOk);
847 }
848 (void) desttypesize;
849
850 /*
851 * As a sanity check, make sure we have no more than a 2GB tag array
852 * in either the current data type or the dest data type. This also
853 * avoids problems with overflow of tmsize_t on 32bit systems.
854 */
855 if ((uint64)(2147483647/typesize)<target_count64)
856 return(TIFFReadDirEntryErrSizesan);
857 if ((uint64)(2147483647/desttypesize)<target_count64)
858 return(TIFFReadDirEntryErrSizesan);
859
860 *count=(uint32)target_count64;
861 datasize=(*count)*typesize;
862 assert((tmsize_t)datasize>0);
863
864 if( isMapped(tif) && datasize > (uint32)tif->tif_size )
865 return TIFFReadDirEntryErrIo;
866
867 if( !isMapped(tif) &&
868 (((tif->tif_flags&TIFF_BIGTIFF) && datasize > 8) ||
869 (!(tif->tif_flags&TIFF_BIGTIFF) && datasize > 4)) )
870 {
871 data = NULL;
872 }
873 else
874 {
875 data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
876 if (data==0)
877 return(TIFFReadDirEntryErrAlloc);
878 }
879 if (!(tif->tif_flags&TIFF_BIGTIFF))
880 {
881 if (datasize<=4)
882 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
883 else
884 {
885 enum TIFFReadDirEntryErr err;
886 uint32 offset = direntry->tdir_offset.toff_long;
887 if (tif->tif_flags&TIFF_SWAB)
888 TIFFSwabLong(&offset);
889 if( isMapped(tif) )
890 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
891 else
892 err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data);
893 if (err!=TIFFReadDirEntryErrOk)
894 {
895 _TIFFfree(data);
896 return(err);
897 }
898 }
899 }
900 else
901 {
902 if (datasize<=8)
903 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
904 else
905 {
906 enum TIFFReadDirEntryErr err;
907 uint64 offset = direntry->tdir_offset.toff_long8;
908 if (tif->tif_flags&TIFF_SWAB)
909 TIFFSwabLong8(&offset);
910 if( isMapped(tif) )
911 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
912 else
913 err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data);
914 if (err!=TIFFReadDirEntryErrOk)
915 {
916 _TIFFfree(data);
917 return(err);
918 }
919 }
920 }
921 *value=data;
922 return(TIFFReadDirEntryErrOk);
923 }
924
TIFFReadDirEntryArray(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value)925 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value)
926 {
927 return TIFFReadDirEntryArrayWithLimit(tif, direntry, count,
928 desttypesize, value, ~((uint64)0));
929 }
930
TIFFReadDirEntryByteArray(TIFF * tif,TIFFDirEntry * direntry,uint8 ** value)931 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value)
932 {
933 enum TIFFReadDirEntryErr err;
934 uint32 count;
935 void* origdata;
936 uint8* data;
937 switch (direntry->tdir_type)
938 {
939 case TIFF_ASCII:
940 case TIFF_UNDEFINED:
941 case TIFF_BYTE:
942 case TIFF_SBYTE:
943 case TIFF_SHORT:
944 case TIFF_SSHORT:
945 case TIFF_LONG:
946 case TIFF_SLONG:
947 case TIFF_LONG8:
948 case TIFF_SLONG8:
949 break;
950 default:
951 return(TIFFReadDirEntryErrType);
952 }
953 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
954 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
955 {
956 *value=0;
957 return(err);
958 }
959 switch (direntry->tdir_type)
960 {
961 case TIFF_ASCII:
962 case TIFF_UNDEFINED:
963 case TIFF_BYTE:
964 *value=(uint8*)origdata;
965 return(TIFFReadDirEntryErrOk);
966 case TIFF_SBYTE:
967 {
968 int8* m;
969 uint32 n;
970 m=(int8*)origdata;
971 for (n=0; n<count; n++)
972 {
973 err=TIFFReadDirEntryCheckRangeByteSbyte(*m);
974 if (err!=TIFFReadDirEntryErrOk)
975 {
976 _TIFFfree(origdata);
977 return(err);
978 }
979 m++;
980 }
981 *value=(uint8*)origdata;
982 return(TIFFReadDirEntryErrOk);
983 }
984 }
985 data=(uint8*)_TIFFmalloc(count);
986 if (data==0)
987 {
988 _TIFFfree(origdata);
989 return(TIFFReadDirEntryErrAlloc);
990 }
991 switch (direntry->tdir_type)
992 {
993 case TIFF_SHORT:
994 {
995 uint16* ma;
996 uint8* mb;
997 uint32 n;
998 ma=(uint16*)origdata;
999 mb=data;
1000 for (n=0; n<count; n++)
1001 {
1002 if (tif->tif_flags&TIFF_SWAB)
1003 TIFFSwabShort(ma);
1004 err=TIFFReadDirEntryCheckRangeByteShort(*ma);
1005 if (err!=TIFFReadDirEntryErrOk)
1006 break;
1007 *mb++=(uint8)(*ma++);
1008 }
1009 }
1010 break;
1011 case TIFF_SSHORT:
1012 {
1013 int16* ma;
1014 uint8* mb;
1015 uint32 n;
1016 ma=(int16*)origdata;
1017 mb=data;
1018 for (n=0; n<count; n++)
1019 {
1020 if (tif->tif_flags&TIFF_SWAB)
1021 TIFFSwabShort((uint16*)ma);
1022 err=TIFFReadDirEntryCheckRangeByteSshort(*ma);
1023 if (err!=TIFFReadDirEntryErrOk)
1024 break;
1025 *mb++=(uint8)(*ma++);
1026 }
1027 }
1028 break;
1029 case TIFF_LONG:
1030 {
1031 uint32* ma;
1032 uint8* mb;
1033 uint32 n;
1034 ma=(uint32*)origdata;
1035 mb=data;
1036 for (n=0; n<count; n++)
1037 {
1038 if (tif->tif_flags&TIFF_SWAB)
1039 TIFFSwabLong(ma);
1040 err=TIFFReadDirEntryCheckRangeByteLong(*ma);
1041 if (err!=TIFFReadDirEntryErrOk)
1042 break;
1043 *mb++=(uint8)(*ma++);
1044 }
1045 }
1046 break;
1047 case TIFF_SLONG:
1048 {
1049 int32* ma;
1050 uint8* mb;
1051 uint32 n;
1052 ma=(int32*)origdata;
1053 mb=data;
1054 for (n=0; n<count; n++)
1055 {
1056 if (tif->tif_flags&TIFF_SWAB)
1057 TIFFSwabLong((uint32*)ma);
1058 err=TIFFReadDirEntryCheckRangeByteSlong(*ma);
1059 if (err!=TIFFReadDirEntryErrOk)
1060 break;
1061 *mb++=(uint8)(*ma++);
1062 }
1063 }
1064 break;
1065 case TIFF_LONG8:
1066 {
1067 uint64* ma;
1068 uint8* mb;
1069 uint32 n;
1070 ma=(uint64*)origdata;
1071 mb=data;
1072 for (n=0; n<count; n++)
1073 {
1074 if (tif->tif_flags&TIFF_SWAB)
1075 TIFFSwabLong8(ma);
1076 err=TIFFReadDirEntryCheckRangeByteLong8(*ma);
1077 if (err!=TIFFReadDirEntryErrOk)
1078 break;
1079 *mb++=(uint8)(*ma++);
1080 }
1081 }
1082 break;
1083 case TIFF_SLONG8:
1084 {
1085 int64* ma;
1086 uint8* mb;
1087 uint32 n;
1088 ma=(int64*)origdata;
1089 mb=data;
1090 for (n=0; n<count; n++)
1091 {
1092 if (tif->tif_flags&TIFF_SWAB)
1093 TIFFSwabLong8((uint64*)ma);
1094 err=TIFFReadDirEntryCheckRangeByteSlong8(*ma);
1095 if (err!=TIFFReadDirEntryErrOk)
1096 break;
1097 *mb++=(uint8)(*ma++);
1098 }
1099 }
1100 break;
1101 }
1102 _TIFFfree(origdata);
1103 if (err!=TIFFReadDirEntryErrOk)
1104 {
1105 _TIFFfree(data);
1106 return(err);
1107 }
1108 *value=data;
1109 return(TIFFReadDirEntryErrOk);
1110 }
1111
TIFFReadDirEntrySbyteArray(TIFF * tif,TIFFDirEntry * direntry,int8 ** value)1112 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value)
1113 {
1114 enum TIFFReadDirEntryErr err;
1115 uint32 count;
1116 void* origdata;
1117 int8* data;
1118 switch (direntry->tdir_type)
1119 {
1120 case TIFF_UNDEFINED:
1121 case TIFF_BYTE:
1122 case TIFF_SBYTE:
1123 case TIFF_SHORT:
1124 case TIFF_SSHORT:
1125 case TIFF_LONG:
1126 case TIFF_SLONG:
1127 case TIFF_LONG8:
1128 case TIFF_SLONG8:
1129 break;
1130 default:
1131 return(TIFFReadDirEntryErrType);
1132 }
1133 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
1134 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1135 {
1136 *value=0;
1137 return(err);
1138 }
1139 switch (direntry->tdir_type)
1140 {
1141 case TIFF_UNDEFINED:
1142 case TIFF_BYTE:
1143 {
1144 uint8* m;
1145 uint32 n;
1146 m=(uint8*)origdata;
1147 for (n=0; n<count; n++)
1148 {
1149 err=TIFFReadDirEntryCheckRangeSbyteByte(*m);
1150 if (err!=TIFFReadDirEntryErrOk)
1151 {
1152 _TIFFfree(origdata);
1153 return(err);
1154 }
1155 m++;
1156 }
1157 *value=(int8*)origdata;
1158 return(TIFFReadDirEntryErrOk);
1159 }
1160 case TIFF_SBYTE:
1161 *value=(int8*)origdata;
1162 return(TIFFReadDirEntryErrOk);
1163 }
1164 data=(int8*)_TIFFmalloc(count);
1165 if (data==0)
1166 {
1167 _TIFFfree(origdata);
1168 return(TIFFReadDirEntryErrAlloc);
1169 }
1170 switch (direntry->tdir_type)
1171 {
1172 case TIFF_SHORT:
1173 {
1174 uint16* ma;
1175 int8* mb;
1176 uint32 n;
1177 ma=(uint16*)origdata;
1178 mb=data;
1179 for (n=0; n<count; n++)
1180 {
1181 if (tif->tif_flags&TIFF_SWAB)
1182 TIFFSwabShort(ma);
1183 err=TIFFReadDirEntryCheckRangeSbyteShort(*ma);
1184 if (err!=TIFFReadDirEntryErrOk)
1185 break;
1186 *mb++=(int8)(*ma++);
1187 }
1188 }
1189 break;
1190 case TIFF_SSHORT:
1191 {
1192 int16* ma;
1193 int8* mb;
1194 uint32 n;
1195 ma=(int16*)origdata;
1196 mb=data;
1197 for (n=0; n<count; n++)
1198 {
1199 if (tif->tif_flags&TIFF_SWAB)
1200 TIFFSwabShort((uint16*)ma);
1201 err=TIFFReadDirEntryCheckRangeSbyteSshort(*ma);
1202 if (err!=TIFFReadDirEntryErrOk)
1203 break;
1204 *mb++=(int8)(*ma++);
1205 }
1206 }
1207 break;
1208 case TIFF_LONG:
1209 {
1210 uint32* ma;
1211 int8* mb;
1212 uint32 n;
1213 ma=(uint32*)origdata;
1214 mb=data;
1215 for (n=0; n<count; n++)
1216 {
1217 if (tif->tif_flags&TIFF_SWAB)
1218 TIFFSwabLong(ma);
1219 err=TIFFReadDirEntryCheckRangeSbyteLong(*ma);
1220 if (err!=TIFFReadDirEntryErrOk)
1221 break;
1222 *mb++=(int8)(*ma++);
1223 }
1224 }
1225 break;
1226 case TIFF_SLONG:
1227 {
1228 int32* ma;
1229 int8* mb;
1230 uint32 n;
1231 ma=(int32*)origdata;
1232 mb=data;
1233 for (n=0; n<count; n++)
1234 {
1235 if (tif->tif_flags&TIFF_SWAB)
1236 TIFFSwabLong((uint32*)ma);
1237 err=TIFFReadDirEntryCheckRangeSbyteSlong(*ma);
1238 if (err!=TIFFReadDirEntryErrOk)
1239 break;
1240 *mb++=(int8)(*ma++);
1241 }
1242 }
1243 break;
1244 case TIFF_LONG8:
1245 {
1246 uint64* ma;
1247 int8* mb;
1248 uint32 n;
1249 ma=(uint64*)origdata;
1250 mb=data;
1251 for (n=0; n<count; n++)
1252 {
1253 if (tif->tif_flags&TIFF_SWAB)
1254 TIFFSwabLong8(ma);
1255 err=TIFFReadDirEntryCheckRangeSbyteLong8(*ma);
1256 if (err!=TIFFReadDirEntryErrOk)
1257 break;
1258 *mb++=(int8)(*ma++);
1259 }
1260 }
1261 break;
1262 case TIFF_SLONG8:
1263 {
1264 int64* ma;
1265 int8* mb;
1266 uint32 n;
1267 ma=(int64*)origdata;
1268 mb=data;
1269 for (n=0; n<count; n++)
1270 {
1271 if (tif->tif_flags&TIFF_SWAB)
1272 TIFFSwabLong8((uint64*)ma);
1273 err=TIFFReadDirEntryCheckRangeSbyteSlong8(*ma);
1274 if (err!=TIFFReadDirEntryErrOk)
1275 break;
1276 *mb++=(int8)(*ma++);
1277 }
1278 }
1279 break;
1280 }
1281 _TIFFfree(origdata);
1282 if (err!=TIFFReadDirEntryErrOk)
1283 {
1284 _TIFFfree(data);
1285 return(err);
1286 }
1287 *value=data;
1288 return(TIFFReadDirEntryErrOk);
1289 }
1290
TIFFReadDirEntryShortArray(TIFF * tif,TIFFDirEntry * direntry,uint16 ** value)1291 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value)
1292 {
1293 enum TIFFReadDirEntryErr err;
1294 uint32 count;
1295 void* origdata;
1296 uint16* data;
1297 switch (direntry->tdir_type)
1298 {
1299 case TIFF_BYTE:
1300 case TIFF_SBYTE:
1301 case TIFF_SHORT:
1302 case TIFF_SSHORT:
1303 case TIFF_LONG:
1304 case TIFF_SLONG:
1305 case TIFF_LONG8:
1306 case TIFF_SLONG8:
1307 break;
1308 default:
1309 return(TIFFReadDirEntryErrType);
1310 }
1311 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1312 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1313 {
1314 *value=0;
1315 return(err);
1316 }
1317 switch (direntry->tdir_type)
1318 {
1319 case TIFF_SHORT:
1320 *value=(uint16*)origdata;
1321 if (tif->tif_flags&TIFF_SWAB)
1322 TIFFSwabArrayOfShort(*value,count);
1323 return(TIFFReadDirEntryErrOk);
1324 case TIFF_SSHORT:
1325 {
1326 int16* m;
1327 uint32 n;
1328 m=(int16*)origdata;
1329 for (n=0; n<count; n++)
1330 {
1331 if (tif->tif_flags&TIFF_SWAB)
1332 TIFFSwabShort((uint16*)m);
1333 err=TIFFReadDirEntryCheckRangeShortSshort(*m);
1334 if (err!=TIFFReadDirEntryErrOk)
1335 {
1336 _TIFFfree(origdata);
1337 return(err);
1338 }
1339 m++;
1340 }
1341 *value=(uint16*)origdata;
1342 return(TIFFReadDirEntryErrOk);
1343 }
1344 }
1345 data=(uint16*)_TIFFmalloc(count*2);
1346 if (data==0)
1347 {
1348 _TIFFfree(origdata);
1349 return(TIFFReadDirEntryErrAlloc);
1350 }
1351 switch (direntry->tdir_type)
1352 {
1353 case TIFF_BYTE:
1354 {
1355 uint8* ma;
1356 uint16* mb;
1357 uint32 n;
1358 ma=(uint8*)origdata;
1359 mb=data;
1360 for (n=0; n<count; n++)
1361 *mb++=(uint16)(*ma++);
1362 }
1363 break;
1364 case TIFF_SBYTE:
1365 {
1366 int8* ma;
1367 uint16* mb;
1368 uint32 n;
1369 ma=(int8*)origdata;
1370 mb=data;
1371 for (n=0; n<count; n++)
1372 {
1373 err=TIFFReadDirEntryCheckRangeShortSbyte(*ma);
1374 if (err!=TIFFReadDirEntryErrOk)
1375 break;
1376 *mb++=(uint16)(*ma++);
1377 }
1378 }
1379 break;
1380 case TIFF_LONG:
1381 {
1382 uint32* ma;
1383 uint16* mb;
1384 uint32 n;
1385 ma=(uint32*)origdata;
1386 mb=data;
1387 for (n=0; n<count; n++)
1388 {
1389 if (tif->tif_flags&TIFF_SWAB)
1390 TIFFSwabLong(ma);
1391 err=TIFFReadDirEntryCheckRangeShortLong(*ma);
1392 if (err!=TIFFReadDirEntryErrOk)
1393 break;
1394 *mb++=(uint16)(*ma++);
1395 }
1396 }
1397 break;
1398 case TIFF_SLONG:
1399 {
1400 int32* ma;
1401 uint16* mb;
1402 uint32 n;
1403 ma=(int32*)origdata;
1404 mb=data;
1405 for (n=0; n<count; n++)
1406 {
1407 if (tif->tif_flags&TIFF_SWAB)
1408 TIFFSwabLong((uint32*)ma);
1409 err=TIFFReadDirEntryCheckRangeShortSlong(*ma);
1410 if (err!=TIFFReadDirEntryErrOk)
1411 break;
1412 *mb++=(uint16)(*ma++);
1413 }
1414 }
1415 break;
1416 case TIFF_LONG8:
1417 {
1418 uint64* ma;
1419 uint16* mb;
1420 uint32 n;
1421 ma=(uint64*)origdata;
1422 mb=data;
1423 for (n=0; n<count; n++)
1424 {
1425 if (tif->tif_flags&TIFF_SWAB)
1426 TIFFSwabLong8(ma);
1427 err=TIFFReadDirEntryCheckRangeShortLong8(*ma);
1428 if (err!=TIFFReadDirEntryErrOk)
1429 break;
1430 *mb++=(uint16)(*ma++);
1431 }
1432 }
1433 break;
1434 case TIFF_SLONG8:
1435 {
1436 int64* ma;
1437 uint16* mb;
1438 uint32 n;
1439 ma=(int64*)origdata;
1440 mb=data;
1441 for (n=0; n<count; n++)
1442 {
1443 if (tif->tif_flags&TIFF_SWAB)
1444 TIFFSwabLong8((uint64*)ma);
1445 err=TIFFReadDirEntryCheckRangeShortSlong8(*ma);
1446 if (err!=TIFFReadDirEntryErrOk)
1447 break;
1448 *mb++=(uint16)(*ma++);
1449 }
1450 }
1451 break;
1452 }
1453 _TIFFfree(origdata);
1454 if (err!=TIFFReadDirEntryErrOk)
1455 {
1456 _TIFFfree(data);
1457 return(err);
1458 }
1459 *value=data;
1460 return(TIFFReadDirEntryErrOk);
1461 }
1462
TIFFReadDirEntrySshortArray(TIFF * tif,TIFFDirEntry * direntry,int16 ** value)1463 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value)
1464 {
1465 enum TIFFReadDirEntryErr err;
1466 uint32 count;
1467 void* origdata;
1468 int16* data;
1469 switch (direntry->tdir_type)
1470 {
1471 case TIFF_BYTE:
1472 case TIFF_SBYTE:
1473 case TIFF_SHORT:
1474 case TIFF_SSHORT:
1475 case TIFF_LONG:
1476 case TIFF_SLONG:
1477 case TIFF_LONG8:
1478 case TIFF_SLONG8:
1479 break;
1480 default:
1481 return(TIFFReadDirEntryErrType);
1482 }
1483 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1484 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1485 {
1486 *value=0;
1487 return(err);
1488 }
1489 switch (direntry->tdir_type)
1490 {
1491 case TIFF_SHORT:
1492 {
1493 uint16* m;
1494 uint32 n;
1495 m=(uint16*)origdata;
1496 for (n=0; n<count; n++)
1497 {
1498 if (tif->tif_flags&TIFF_SWAB)
1499 TIFFSwabShort(m);
1500 err=TIFFReadDirEntryCheckRangeSshortShort(*m);
1501 if (err!=TIFFReadDirEntryErrOk)
1502 {
1503 _TIFFfree(origdata);
1504 return(err);
1505 }
1506 m++;
1507 }
1508 *value=(int16*)origdata;
1509 return(TIFFReadDirEntryErrOk);
1510 }
1511 case TIFF_SSHORT:
1512 *value=(int16*)origdata;
1513 if (tif->tif_flags&TIFF_SWAB)
1514 TIFFSwabArrayOfShort((uint16*)(*value),count);
1515 return(TIFFReadDirEntryErrOk);
1516 }
1517 data=(int16*)_TIFFmalloc(count*2);
1518 if (data==0)
1519 {
1520 _TIFFfree(origdata);
1521 return(TIFFReadDirEntryErrAlloc);
1522 }
1523 switch (direntry->tdir_type)
1524 {
1525 case TIFF_BYTE:
1526 {
1527 uint8* ma;
1528 int16* mb;
1529 uint32 n;
1530 ma=(uint8*)origdata;
1531 mb=data;
1532 for (n=0; n<count; n++)
1533 *mb++=(int16)(*ma++);
1534 }
1535 break;
1536 case TIFF_SBYTE:
1537 {
1538 int8* ma;
1539 int16* mb;
1540 uint32 n;
1541 ma=(int8*)origdata;
1542 mb=data;
1543 for (n=0; n<count; n++)
1544 *mb++=(int16)(*ma++);
1545 }
1546 break;
1547 case TIFF_LONG:
1548 {
1549 uint32* ma;
1550 int16* mb;
1551 uint32 n;
1552 ma=(uint32*)origdata;
1553 mb=data;
1554 for (n=0; n<count; n++)
1555 {
1556 if (tif->tif_flags&TIFF_SWAB)
1557 TIFFSwabLong(ma);
1558 err=TIFFReadDirEntryCheckRangeSshortLong(*ma);
1559 if (err!=TIFFReadDirEntryErrOk)
1560 break;
1561 *mb++=(int16)(*ma++);
1562 }
1563 }
1564 break;
1565 case TIFF_SLONG:
1566 {
1567 int32* ma;
1568 int16* mb;
1569 uint32 n;
1570 ma=(int32*)origdata;
1571 mb=data;
1572 for (n=0; n<count; n++)
1573 {
1574 if (tif->tif_flags&TIFF_SWAB)
1575 TIFFSwabLong((uint32*)ma);
1576 err=TIFFReadDirEntryCheckRangeSshortSlong(*ma);
1577 if (err!=TIFFReadDirEntryErrOk)
1578 break;
1579 *mb++=(int16)(*ma++);
1580 }
1581 }
1582 break;
1583 case TIFF_LONG8:
1584 {
1585 uint64* ma;
1586 int16* mb;
1587 uint32 n;
1588 ma=(uint64*)origdata;
1589 mb=data;
1590 for (n=0; n<count; n++)
1591 {
1592 if (tif->tif_flags&TIFF_SWAB)
1593 TIFFSwabLong8(ma);
1594 err=TIFFReadDirEntryCheckRangeSshortLong8(*ma);
1595 if (err!=TIFFReadDirEntryErrOk)
1596 break;
1597 *mb++=(int16)(*ma++);
1598 }
1599 }
1600 break;
1601 case TIFF_SLONG8:
1602 {
1603 int64* ma;
1604 int16* mb;
1605 uint32 n;
1606 ma=(int64*)origdata;
1607 mb=data;
1608 for (n=0; n<count; n++)
1609 {
1610 if (tif->tif_flags&TIFF_SWAB)
1611 TIFFSwabLong8((uint64*)ma);
1612 err=TIFFReadDirEntryCheckRangeSshortSlong8(*ma);
1613 if (err!=TIFFReadDirEntryErrOk)
1614 break;
1615 *mb++=(int16)(*ma++);
1616 }
1617 }
1618 break;
1619 }
1620 _TIFFfree(origdata);
1621 if (err!=TIFFReadDirEntryErrOk)
1622 {
1623 _TIFFfree(data);
1624 return(err);
1625 }
1626 *value=data;
1627 return(TIFFReadDirEntryErrOk);
1628 }
1629
TIFFReadDirEntryLongArray(TIFF * tif,TIFFDirEntry * direntry,uint32 ** value)1630 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value)
1631 {
1632 enum TIFFReadDirEntryErr err;
1633 uint32 count;
1634 void* origdata;
1635 uint32* data;
1636 switch (direntry->tdir_type)
1637 {
1638 case TIFF_BYTE:
1639 case TIFF_SBYTE:
1640 case TIFF_SHORT:
1641 case TIFF_SSHORT:
1642 case TIFF_LONG:
1643 case TIFF_SLONG:
1644 case TIFF_LONG8:
1645 case TIFF_SLONG8:
1646 break;
1647 default:
1648 return(TIFFReadDirEntryErrType);
1649 }
1650 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1651 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1652 {
1653 *value=0;
1654 return(err);
1655 }
1656 switch (direntry->tdir_type)
1657 {
1658 case TIFF_LONG:
1659 *value=(uint32*)origdata;
1660 if (tif->tif_flags&TIFF_SWAB)
1661 TIFFSwabArrayOfLong(*value,count);
1662 return(TIFFReadDirEntryErrOk);
1663 case TIFF_SLONG:
1664 {
1665 int32* m;
1666 uint32 n;
1667 m=(int32*)origdata;
1668 for (n=0; n<count; n++)
1669 {
1670 if (tif->tif_flags&TIFF_SWAB)
1671 TIFFSwabLong((uint32*)m);
1672 err=TIFFReadDirEntryCheckRangeLongSlong(*m);
1673 if (err!=TIFFReadDirEntryErrOk)
1674 {
1675 _TIFFfree(origdata);
1676 return(err);
1677 }
1678 m++;
1679 }
1680 *value=(uint32*)origdata;
1681 return(TIFFReadDirEntryErrOk);
1682 }
1683 }
1684 data=(uint32*)_TIFFmalloc(count*4);
1685 if (data==0)
1686 {
1687 _TIFFfree(origdata);
1688 return(TIFFReadDirEntryErrAlloc);
1689 }
1690 switch (direntry->tdir_type)
1691 {
1692 case TIFF_BYTE:
1693 {
1694 uint8* ma;
1695 uint32* mb;
1696 uint32 n;
1697 ma=(uint8*)origdata;
1698 mb=data;
1699 for (n=0; n<count; n++)
1700 *mb++=(uint32)(*ma++);
1701 }
1702 break;
1703 case TIFF_SBYTE:
1704 {
1705 int8* ma;
1706 uint32* mb;
1707 uint32 n;
1708 ma=(int8*)origdata;
1709 mb=data;
1710 for (n=0; n<count; n++)
1711 {
1712 err=TIFFReadDirEntryCheckRangeLongSbyte(*ma);
1713 if (err!=TIFFReadDirEntryErrOk)
1714 break;
1715 *mb++=(uint32)(*ma++);
1716 }
1717 }
1718 break;
1719 case TIFF_SHORT:
1720 {
1721 uint16* ma;
1722 uint32* mb;
1723 uint32 n;
1724 ma=(uint16*)origdata;
1725 mb=data;
1726 for (n=0; n<count; n++)
1727 {
1728 if (tif->tif_flags&TIFF_SWAB)
1729 TIFFSwabShort(ma);
1730 *mb++=(uint32)(*ma++);
1731 }
1732 }
1733 break;
1734 case TIFF_SSHORT:
1735 {
1736 int16* ma;
1737 uint32* mb;
1738 uint32 n;
1739 ma=(int16*)origdata;
1740 mb=data;
1741 for (n=0; n<count; n++)
1742 {
1743 if (tif->tif_flags&TIFF_SWAB)
1744 TIFFSwabShort((uint16*)ma);
1745 err=TIFFReadDirEntryCheckRangeLongSshort(*ma);
1746 if (err!=TIFFReadDirEntryErrOk)
1747 break;
1748 *mb++=(uint32)(*ma++);
1749 }
1750 }
1751 break;
1752 case TIFF_LONG8:
1753 {
1754 uint64* ma;
1755 uint32* mb;
1756 uint32 n;
1757 ma=(uint64*)origdata;
1758 mb=data;
1759 for (n=0; n<count; n++)
1760 {
1761 if (tif->tif_flags&TIFF_SWAB)
1762 TIFFSwabLong8(ma);
1763 err=TIFFReadDirEntryCheckRangeLongLong8(*ma);
1764 if (err!=TIFFReadDirEntryErrOk)
1765 break;
1766 *mb++=(uint32)(*ma++);
1767 }
1768 }
1769 break;
1770 case TIFF_SLONG8:
1771 {
1772 int64* ma;
1773 uint32* mb;
1774 uint32 n;
1775 ma=(int64*)origdata;
1776 mb=data;
1777 for (n=0; n<count; n++)
1778 {
1779 if (tif->tif_flags&TIFF_SWAB)
1780 TIFFSwabLong8((uint64*)ma);
1781 err=TIFFReadDirEntryCheckRangeLongSlong8(*ma);
1782 if (err!=TIFFReadDirEntryErrOk)
1783 break;
1784 *mb++=(uint32)(*ma++);
1785 }
1786 }
1787 break;
1788 }
1789 _TIFFfree(origdata);
1790 if (err!=TIFFReadDirEntryErrOk)
1791 {
1792 _TIFFfree(data);
1793 return(err);
1794 }
1795 *value=data;
1796 return(TIFFReadDirEntryErrOk);
1797 }
1798
TIFFReadDirEntrySlongArray(TIFF * tif,TIFFDirEntry * direntry,int32 ** value)1799 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value)
1800 {
1801 enum TIFFReadDirEntryErr err;
1802 uint32 count;
1803 void* origdata;
1804 int32* data;
1805 switch (direntry->tdir_type)
1806 {
1807 case TIFF_BYTE:
1808 case TIFF_SBYTE:
1809 case TIFF_SHORT:
1810 case TIFF_SSHORT:
1811 case TIFF_LONG:
1812 case TIFF_SLONG:
1813 case TIFF_LONG8:
1814 case TIFF_SLONG8:
1815 break;
1816 default:
1817 return(TIFFReadDirEntryErrType);
1818 }
1819 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1820 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1821 {
1822 *value=0;
1823 return(err);
1824 }
1825 switch (direntry->tdir_type)
1826 {
1827 case TIFF_LONG:
1828 {
1829 uint32* m;
1830 uint32 n;
1831 m=(uint32*)origdata;
1832 for (n=0; n<count; n++)
1833 {
1834 if (tif->tif_flags&TIFF_SWAB)
1835 TIFFSwabLong((uint32*)m);
1836 err=TIFFReadDirEntryCheckRangeSlongLong(*m);
1837 if (err!=TIFFReadDirEntryErrOk)
1838 {
1839 _TIFFfree(origdata);
1840 return(err);
1841 }
1842 m++;
1843 }
1844 *value=(int32*)origdata;
1845 return(TIFFReadDirEntryErrOk);
1846 }
1847 case TIFF_SLONG:
1848 *value=(int32*)origdata;
1849 if (tif->tif_flags&TIFF_SWAB)
1850 TIFFSwabArrayOfLong((uint32*)(*value),count);
1851 return(TIFFReadDirEntryErrOk);
1852 }
1853 data=(int32*)_TIFFmalloc(count*4);
1854 if (data==0)
1855 {
1856 _TIFFfree(origdata);
1857 return(TIFFReadDirEntryErrAlloc);
1858 }
1859 switch (direntry->tdir_type)
1860 {
1861 case TIFF_BYTE:
1862 {
1863 uint8* ma;
1864 int32* mb;
1865 uint32 n;
1866 ma=(uint8*)origdata;
1867 mb=data;
1868 for (n=0; n<count; n++)
1869 *mb++=(int32)(*ma++);
1870 }
1871 break;
1872 case TIFF_SBYTE:
1873 {
1874 int8* ma;
1875 int32* mb;
1876 uint32 n;
1877 ma=(int8*)origdata;
1878 mb=data;
1879 for (n=0; n<count; n++)
1880 *mb++=(int32)(*ma++);
1881 }
1882 break;
1883 case TIFF_SHORT:
1884 {
1885 uint16* ma;
1886 int32* mb;
1887 uint32 n;
1888 ma=(uint16*)origdata;
1889 mb=data;
1890 for (n=0; n<count; n++)
1891 {
1892 if (tif->tif_flags&TIFF_SWAB)
1893 TIFFSwabShort(ma);
1894 *mb++=(int32)(*ma++);
1895 }
1896 }
1897 break;
1898 case TIFF_SSHORT:
1899 {
1900 int16* ma;
1901 int32* mb;
1902 uint32 n;
1903 ma=(int16*)origdata;
1904 mb=data;
1905 for (n=0; n<count; n++)
1906 {
1907 if (tif->tif_flags&TIFF_SWAB)
1908 TIFFSwabShort((uint16*)ma);
1909 *mb++=(int32)(*ma++);
1910 }
1911 }
1912 break;
1913 case TIFF_LONG8:
1914 {
1915 uint64* ma;
1916 int32* mb;
1917 uint32 n;
1918 ma=(uint64*)origdata;
1919 mb=data;
1920 for (n=0; n<count; n++)
1921 {
1922 if (tif->tif_flags&TIFF_SWAB)
1923 TIFFSwabLong8(ma);
1924 err=TIFFReadDirEntryCheckRangeSlongLong8(*ma);
1925 if (err!=TIFFReadDirEntryErrOk)
1926 break;
1927 *mb++=(int32)(*ma++);
1928 }
1929 }
1930 break;
1931 case TIFF_SLONG8:
1932 {
1933 int64* ma;
1934 int32* mb;
1935 uint32 n;
1936 ma=(int64*)origdata;
1937 mb=data;
1938 for (n=0; n<count; n++)
1939 {
1940 if (tif->tif_flags&TIFF_SWAB)
1941 TIFFSwabLong8((uint64*)ma);
1942 err=TIFFReadDirEntryCheckRangeSlongSlong8(*ma);
1943 if (err!=TIFFReadDirEntryErrOk)
1944 break;
1945 *mb++=(int32)(*ma++);
1946 }
1947 }
1948 break;
1949 }
1950 _TIFFfree(origdata);
1951 if (err!=TIFFReadDirEntryErrOk)
1952 {
1953 _TIFFfree(data);
1954 return(err);
1955 }
1956 *value=data;
1957 return(TIFFReadDirEntryErrOk);
1958 }
1959
TIFFReadDirEntryLong8ArrayWithLimit(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value,uint64 maxcount)1960 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8ArrayWithLimit(
1961 TIFF* tif, TIFFDirEntry* direntry, uint64** value, uint64 maxcount)
1962 {
1963 enum TIFFReadDirEntryErr err;
1964 uint32 count;
1965 void* origdata;
1966 uint64* data;
1967 switch (direntry->tdir_type)
1968 {
1969 case TIFF_BYTE:
1970 case TIFF_SBYTE:
1971 case TIFF_SHORT:
1972 case TIFF_SSHORT:
1973 case TIFF_LONG:
1974 case TIFF_SLONG:
1975 case TIFF_LONG8:
1976 case TIFF_SLONG8:
1977 break;
1978 default:
1979 return(TIFFReadDirEntryErrType);
1980 }
1981 err=TIFFReadDirEntryArrayWithLimit(tif,direntry,&count,8,&origdata,maxcount);
1982 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1983 {
1984 *value=0;
1985 return(err);
1986 }
1987 switch (direntry->tdir_type)
1988 {
1989 case TIFF_LONG8:
1990 *value=(uint64*)origdata;
1991 if (tif->tif_flags&TIFF_SWAB)
1992 TIFFSwabArrayOfLong8(*value,count);
1993 return(TIFFReadDirEntryErrOk);
1994 case TIFF_SLONG8:
1995 {
1996 int64* m;
1997 uint32 n;
1998 m=(int64*)origdata;
1999 for (n=0; n<count; n++)
2000 {
2001 if (tif->tif_flags&TIFF_SWAB)
2002 TIFFSwabLong8((uint64*)m);
2003 err=TIFFReadDirEntryCheckRangeLong8Slong8(*m);
2004 if (err!=TIFFReadDirEntryErrOk)
2005 {
2006 _TIFFfree(origdata);
2007 return(err);
2008 }
2009 m++;
2010 }
2011 *value=(uint64*)origdata;
2012 return(TIFFReadDirEntryErrOk);
2013 }
2014 }
2015 data=(uint64*)_TIFFmalloc(count*8);
2016 if (data==0)
2017 {
2018 _TIFFfree(origdata);
2019 return(TIFFReadDirEntryErrAlloc);
2020 }
2021 switch (direntry->tdir_type)
2022 {
2023 case TIFF_BYTE:
2024 {
2025 uint8* ma;
2026 uint64* mb;
2027 uint32 n;
2028 ma=(uint8*)origdata;
2029 mb=data;
2030 for (n=0; n<count; n++)
2031 *mb++=(uint64)(*ma++);
2032 }
2033 break;
2034 case TIFF_SBYTE:
2035 {
2036 int8* ma;
2037 uint64* mb;
2038 uint32 n;
2039 ma=(int8*)origdata;
2040 mb=data;
2041 for (n=0; n<count; n++)
2042 {
2043 err=TIFFReadDirEntryCheckRangeLong8Sbyte(*ma);
2044 if (err!=TIFFReadDirEntryErrOk)
2045 break;
2046 *mb++=(uint64)(*ma++);
2047 }
2048 }
2049 break;
2050 case TIFF_SHORT:
2051 {
2052 uint16* ma;
2053 uint64* mb;
2054 uint32 n;
2055 ma=(uint16*)origdata;
2056 mb=data;
2057 for (n=0; n<count; n++)
2058 {
2059 if (tif->tif_flags&TIFF_SWAB)
2060 TIFFSwabShort(ma);
2061 *mb++=(uint64)(*ma++);
2062 }
2063 }
2064 break;
2065 case TIFF_SSHORT:
2066 {
2067 int16* ma;
2068 uint64* mb;
2069 uint32 n;
2070 ma=(int16*)origdata;
2071 mb=data;
2072 for (n=0; n<count; n++)
2073 {
2074 if (tif->tif_flags&TIFF_SWAB)
2075 TIFFSwabShort((uint16*)ma);
2076 err=TIFFReadDirEntryCheckRangeLong8Sshort(*ma);
2077 if (err!=TIFFReadDirEntryErrOk)
2078 break;
2079 *mb++=(uint64)(*ma++);
2080 }
2081 }
2082 break;
2083 case TIFF_LONG:
2084 {
2085 uint32* ma;
2086 uint64* mb;
2087 uint32 n;
2088 ma=(uint32*)origdata;
2089 mb=data;
2090 for (n=0; n<count; n++)
2091 {
2092 if (tif->tif_flags&TIFF_SWAB)
2093 TIFFSwabLong(ma);
2094 *mb++=(uint64)(*ma++);
2095 }
2096 }
2097 break;
2098 case TIFF_SLONG:
2099 {
2100 int32* ma;
2101 uint64* mb;
2102 uint32 n;
2103 ma=(int32*)origdata;
2104 mb=data;
2105 for (n=0; n<count; n++)
2106 {
2107 if (tif->tif_flags&TIFF_SWAB)
2108 TIFFSwabLong((uint32*)ma);
2109 err=TIFFReadDirEntryCheckRangeLong8Slong(*ma);
2110 if (err!=TIFFReadDirEntryErrOk)
2111 break;
2112 *mb++=(uint64)(*ma++);
2113 }
2114 }
2115 break;
2116 }
2117 _TIFFfree(origdata);
2118 if (err!=TIFFReadDirEntryErrOk)
2119 {
2120 _TIFFfree(data);
2121 return(err);
2122 }
2123 *value=data;
2124 return(TIFFReadDirEntryErrOk);
2125 }
2126
TIFFReadDirEntryLong8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2127 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2128 {
2129 return TIFFReadDirEntryLong8ArrayWithLimit(tif, direntry, value, ~((uint64)0));
2130 }
2131
TIFFReadDirEntrySlong8Array(TIFF * tif,TIFFDirEntry * direntry,int64 ** value)2132 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value)
2133 {
2134 enum TIFFReadDirEntryErr err;
2135 uint32 count;
2136 void* origdata;
2137 int64* data;
2138 switch (direntry->tdir_type)
2139 {
2140 case TIFF_BYTE:
2141 case TIFF_SBYTE:
2142 case TIFF_SHORT:
2143 case TIFF_SSHORT:
2144 case TIFF_LONG:
2145 case TIFF_SLONG:
2146 case TIFF_LONG8:
2147 case TIFF_SLONG8:
2148 break;
2149 default:
2150 return(TIFFReadDirEntryErrType);
2151 }
2152 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2153 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2154 {
2155 *value=0;
2156 return(err);
2157 }
2158 switch (direntry->tdir_type)
2159 {
2160 case TIFF_LONG8:
2161 {
2162 uint64* m;
2163 uint32 n;
2164 m=(uint64*)origdata;
2165 for (n=0; n<count; n++)
2166 {
2167 if (tif->tif_flags&TIFF_SWAB)
2168 TIFFSwabLong8(m);
2169 err=TIFFReadDirEntryCheckRangeSlong8Long8(*m);
2170 if (err!=TIFFReadDirEntryErrOk)
2171 {
2172 _TIFFfree(origdata);
2173 return(err);
2174 }
2175 m++;
2176 }
2177 *value=(int64*)origdata;
2178 return(TIFFReadDirEntryErrOk);
2179 }
2180 case TIFF_SLONG8:
2181 *value=(int64*)origdata;
2182 if (tif->tif_flags&TIFF_SWAB)
2183 TIFFSwabArrayOfLong8((uint64*)(*value),count);
2184 return(TIFFReadDirEntryErrOk);
2185 }
2186 data=(int64*)_TIFFmalloc(count*8);
2187 if (data==0)
2188 {
2189 _TIFFfree(origdata);
2190 return(TIFFReadDirEntryErrAlloc);
2191 }
2192 switch (direntry->tdir_type)
2193 {
2194 case TIFF_BYTE:
2195 {
2196 uint8* ma;
2197 int64* mb;
2198 uint32 n;
2199 ma=(uint8*)origdata;
2200 mb=data;
2201 for (n=0; n<count; n++)
2202 *mb++=(int64)(*ma++);
2203 }
2204 break;
2205 case TIFF_SBYTE:
2206 {
2207 int8* ma;
2208 int64* mb;
2209 uint32 n;
2210 ma=(int8*)origdata;
2211 mb=data;
2212 for (n=0; n<count; n++)
2213 *mb++=(int64)(*ma++);
2214 }
2215 break;
2216 case TIFF_SHORT:
2217 {
2218 uint16* ma;
2219 int64* mb;
2220 uint32 n;
2221 ma=(uint16*)origdata;
2222 mb=data;
2223 for (n=0; n<count; n++)
2224 {
2225 if (tif->tif_flags&TIFF_SWAB)
2226 TIFFSwabShort(ma);
2227 *mb++=(int64)(*ma++);
2228 }
2229 }
2230 break;
2231 case TIFF_SSHORT:
2232 {
2233 int16* ma;
2234 int64* mb;
2235 uint32 n;
2236 ma=(int16*)origdata;
2237 mb=data;
2238 for (n=0; n<count; n++)
2239 {
2240 if (tif->tif_flags&TIFF_SWAB)
2241 TIFFSwabShort((uint16*)ma);
2242 *mb++=(int64)(*ma++);
2243 }
2244 }
2245 break;
2246 case TIFF_LONG:
2247 {
2248 uint32* ma;
2249 int64* mb;
2250 uint32 n;
2251 ma=(uint32*)origdata;
2252 mb=data;
2253 for (n=0; n<count; n++)
2254 {
2255 if (tif->tif_flags&TIFF_SWAB)
2256 TIFFSwabLong(ma);
2257 *mb++=(int64)(*ma++);
2258 }
2259 }
2260 break;
2261 case TIFF_SLONG:
2262 {
2263 int32* ma;
2264 int64* mb;
2265 uint32 n;
2266 ma=(int32*)origdata;
2267 mb=data;
2268 for (n=0; n<count; n++)
2269 {
2270 if (tif->tif_flags&TIFF_SWAB)
2271 TIFFSwabLong((uint32*)ma);
2272 *mb++=(int64)(*ma++);
2273 }
2274 }
2275 break;
2276 }
2277 _TIFFfree(origdata);
2278 *value=data;
2279 return(TIFFReadDirEntryErrOk);
2280 }
2281
TIFFReadDirEntryFloatArray(TIFF * tif,TIFFDirEntry * direntry,float ** value)2282 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value)
2283 {
2284 enum TIFFReadDirEntryErr err;
2285 uint32 count;
2286 void* origdata;
2287 float* data;
2288 switch (direntry->tdir_type)
2289 {
2290 case TIFF_BYTE:
2291 case TIFF_SBYTE:
2292 case TIFF_SHORT:
2293 case TIFF_SSHORT:
2294 case TIFF_LONG:
2295 case TIFF_SLONG:
2296 case TIFF_LONG8:
2297 case TIFF_SLONG8:
2298 case TIFF_RATIONAL:
2299 case TIFF_SRATIONAL:
2300 case TIFF_FLOAT:
2301 case TIFF_DOUBLE:
2302 break;
2303 default:
2304 return(TIFFReadDirEntryErrType);
2305 }
2306 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
2307 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2308 {
2309 *value=0;
2310 return(err);
2311 }
2312 switch (direntry->tdir_type)
2313 {
2314 case TIFF_FLOAT:
2315 if (tif->tif_flags&TIFF_SWAB)
2316 TIFFSwabArrayOfLong((uint32*)origdata,count);
2317 TIFFCvtIEEEDoubleToNative(tif,count,(float*)origdata);
2318 *value=(float*)origdata;
2319 return(TIFFReadDirEntryErrOk);
2320 }
2321 data=(float*)_TIFFmalloc(count*sizeof(float));
2322 if (data==0)
2323 {
2324 _TIFFfree(origdata);
2325 return(TIFFReadDirEntryErrAlloc);
2326 }
2327 switch (direntry->tdir_type)
2328 {
2329 case TIFF_BYTE:
2330 {
2331 uint8* ma;
2332 float* mb;
2333 uint32 n;
2334 ma=(uint8*)origdata;
2335 mb=data;
2336 for (n=0; n<count; n++)
2337 *mb++=(float)(*ma++);
2338 }
2339 break;
2340 case TIFF_SBYTE:
2341 {
2342 int8* ma;
2343 float* mb;
2344 uint32 n;
2345 ma=(int8*)origdata;
2346 mb=data;
2347 for (n=0; n<count; n++)
2348 *mb++=(float)(*ma++);
2349 }
2350 break;
2351 case TIFF_SHORT:
2352 {
2353 uint16* ma;
2354 float* mb;
2355 uint32 n;
2356 ma=(uint16*)origdata;
2357 mb=data;
2358 for (n=0; n<count; n++)
2359 {
2360 if (tif->tif_flags&TIFF_SWAB)
2361 TIFFSwabShort(ma);
2362 *mb++=(float)(*ma++);
2363 }
2364 }
2365 break;
2366 case TIFF_SSHORT:
2367 {
2368 int16* ma;
2369 float* mb;
2370 uint32 n;
2371 ma=(int16*)origdata;
2372 mb=data;
2373 for (n=0; n<count; n++)
2374 {
2375 if (tif->tif_flags&TIFF_SWAB)
2376 TIFFSwabShort((uint16*)ma);
2377 *mb++=(float)(*ma++);
2378 }
2379 }
2380 break;
2381 case TIFF_LONG:
2382 {
2383 uint32* ma;
2384 float* mb;
2385 uint32 n;
2386 ma=(uint32*)origdata;
2387 mb=data;
2388 for (n=0; n<count; n++)
2389 {
2390 if (tif->tif_flags&TIFF_SWAB)
2391 TIFFSwabLong(ma);
2392 *mb++=(float)(*ma++);
2393 }
2394 }
2395 break;
2396 case TIFF_SLONG:
2397 {
2398 int32* ma;
2399 float* mb;
2400 uint32 n;
2401 ma=(int32*)origdata;
2402 mb=data;
2403 for (n=0; n<count; n++)
2404 {
2405 if (tif->tif_flags&TIFF_SWAB)
2406 TIFFSwabLong((uint32*)ma);
2407 *mb++=(float)(*ma++);
2408 }
2409 }
2410 break;
2411 case TIFF_LONG8:
2412 {
2413 uint64* ma;
2414 float* mb;
2415 uint32 n;
2416 ma=(uint64*)origdata;
2417 mb=data;
2418 for (n=0; n<count; n++)
2419 {
2420 if (tif->tif_flags&TIFF_SWAB)
2421 TIFFSwabLong8(ma);
2422 #if defined(__WIN32__) && (_MSC_VER < 1500)
2423 /*
2424 * XXX: MSVC 6.0 does not support
2425 * conversion of 64-bit integers into
2426 * floating point values.
2427 */
2428 *mb++ = _TIFFUInt64ToFloat(*ma++);
2429 #else
2430 *mb++ = (float)(*ma++);
2431 #endif
2432 }
2433 }
2434 break;
2435 case TIFF_SLONG8:
2436 {
2437 int64* ma;
2438 float* mb;
2439 uint32 n;
2440 ma=(int64*)origdata;
2441 mb=data;
2442 for (n=0; n<count; n++)
2443 {
2444 if (tif->tif_flags&TIFF_SWAB)
2445 TIFFSwabLong8((uint64*)ma);
2446 *mb++=(float)(*ma++);
2447 }
2448 }
2449 break;
2450 case TIFF_RATIONAL:
2451 {
2452 uint32* ma;
2453 uint32 maa;
2454 uint32 mab;
2455 float* mb;
2456 uint32 n;
2457 ma=(uint32*)origdata;
2458 mb=data;
2459 for (n=0; n<count; n++)
2460 {
2461 if (tif->tif_flags&TIFF_SWAB)
2462 TIFFSwabLong(ma);
2463 maa=*ma++;
2464 if (tif->tif_flags&TIFF_SWAB)
2465 TIFFSwabLong(ma);
2466 mab=*ma++;
2467 if (mab==0)
2468 *mb++=0.0;
2469 else
2470 *mb++=(float)maa/(float)mab;
2471 }
2472 }
2473 break;
2474 case TIFF_SRATIONAL:
2475 {
2476 uint32* ma;
2477 int32 maa;
2478 uint32 mab;
2479 float* mb;
2480 uint32 n;
2481 ma=(uint32*)origdata;
2482 mb=data;
2483 for (n=0; n<count; n++)
2484 {
2485 if (tif->tif_flags&TIFF_SWAB)
2486 TIFFSwabLong(ma);
2487 maa=*(int32*)ma;
2488 ma++;
2489 if (tif->tif_flags&TIFF_SWAB)
2490 TIFFSwabLong(ma);
2491 mab=*ma++;
2492 if (mab==0)
2493 *mb++=0.0;
2494 else
2495 *mb++=(float)maa/(float)mab;
2496 }
2497 }
2498 break;
2499 case TIFF_DOUBLE:
2500 {
2501 double* ma;
2502 float* mb;
2503 uint32 n;
2504 if (tif->tif_flags&TIFF_SWAB)
2505 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2506 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2507 ma=(double*)origdata;
2508 mb=data;
2509 for (n=0; n<count; n++)
2510 {
2511 double val = *ma++;
2512 if( val > FLT_MAX )
2513 val = FLT_MAX;
2514 else if( val < -FLT_MAX )
2515 val = -FLT_MAX;
2516 *mb++=(float)val;
2517 }
2518 }
2519 break;
2520 }
2521 _TIFFfree(origdata);
2522 *value=data;
2523 return(TIFFReadDirEntryErrOk);
2524 }
2525
2526 static enum TIFFReadDirEntryErr
TIFFReadDirEntryDoubleArray(TIFF * tif,TIFFDirEntry * direntry,double ** value)2527 TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value)
2528 {
2529 enum TIFFReadDirEntryErr err;
2530 uint32 count;
2531 void* origdata;
2532 double* data;
2533 switch (direntry->tdir_type)
2534 {
2535 case TIFF_BYTE:
2536 case TIFF_SBYTE:
2537 case TIFF_SHORT:
2538 case TIFF_SSHORT:
2539 case TIFF_LONG:
2540 case TIFF_SLONG:
2541 case TIFF_LONG8:
2542 case TIFF_SLONG8:
2543 case TIFF_RATIONAL:
2544 case TIFF_SRATIONAL:
2545 case TIFF_FLOAT:
2546 case TIFF_DOUBLE:
2547 break;
2548 default:
2549 return(TIFFReadDirEntryErrType);
2550 }
2551 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2552 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2553 {
2554 *value=0;
2555 return(err);
2556 }
2557 switch (direntry->tdir_type)
2558 {
2559 case TIFF_DOUBLE:
2560 if (tif->tif_flags&TIFF_SWAB)
2561 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2562 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2563 *value=(double*)origdata;
2564 return(TIFFReadDirEntryErrOk);
2565 }
2566 data=(double*)_TIFFmalloc(count*sizeof(double));
2567 if (data==0)
2568 {
2569 _TIFFfree(origdata);
2570 return(TIFFReadDirEntryErrAlloc);
2571 }
2572 switch (direntry->tdir_type)
2573 {
2574 case TIFF_BYTE:
2575 {
2576 uint8* ma;
2577 double* mb;
2578 uint32 n;
2579 ma=(uint8*)origdata;
2580 mb=data;
2581 for (n=0; n<count; n++)
2582 *mb++=(double)(*ma++);
2583 }
2584 break;
2585 case TIFF_SBYTE:
2586 {
2587 int8* ma;
2588 double* mb;
2589 uint32 n;
2590 ma=(int8*)origdata;
2591 mb=data;
2592 for (n=0; n<count; n++)
2593 *mb++=(double)(*ma++);
2594 }
2595 break;
2596 case TIFF_SHORT:
2597 {
2598 uint16* ma;
2599 double* mb;
2600 uint32 n;
2601 ma=(uint16*)origdata;
2602 mb=data;
2603 for (n=0; n<count; n++)
2604 {
2605 if (tif->tif_flags&TIFF_SWAB)
2606 TIFFSwabShort(ma);
2607 *mb++=(double)(*ma++);
2608 }
2609 }
2610 break;
2611 case TIFF_SSHORT:
2612 {
2613 int16* ma;
2614 double* mb;
2615 uint32 n;
2616 ma=(int16*)origdata;
2617 mb=data;
2618 for (n=0; n<count; n++)
2619 {
2620 if (tif->tif_flags&TIFF_SWAB)
2621 TIFFSwabShort((uint16*)ma);
2622 *mb++=(double)(*ma++);
2623 }
2624 }
2625 break;
2626 case TIFF_LONG:
2627 {
2628 uint32* ma;
2629 double* mb;
2630 uint32 n;
2631 ma=(uint32*)origdata;
2632 mb=data;
2633 for (n=0; n<count; n++)
2634 {
2635 if (tif->tif_flags&TIFF_SWAB)
2636 TIFFSwabLong(ma);
2637 *mb++=(double)(*ma++);
2638 }
2639 }
2640 break;
2641 case TIFF_SLONG:
2642 {
2643 int32* ma;
2644 double* mb;
2645 uint32 n;
2646 ma=(int32*)origdata;
2647 mb=data;
2648 for (n=0; n<count; n++)
2649 {
2650 if (tif->tif_flags&TIFF_SWAB)
2651 TIFFSwabLong((uint32*)ma);
2652 *mb++=(double)(*ma++);
2653 }
2654 }
2655 break;
2656 case TIFF_LONG8:
2657 {
2658 uint64* ma;
2659 double* mb;
2660 uint32 n;
2661 ma=(uint64*)origdata;
2662 mb=data;
2663 for (n=0; n<count; n++)
2664 {
2665 if (tif->tif_flags&TIFF_SWAB)
2666 TIFFSwabLong8(ma);
2667 #if defined(__WIN32__) && (_MSC_VER < 1500)
2668 /*
2669 * XXX: MSVC 6.0 does not support
2670 * conversion of 64-bit integers into
2671 * floating point values.
2672 */
2673 *mb++ = _TIFFUInt64ToDouble(*ma++);
2674 #else
2675 *mb++ = (double)(*ma++);
2676 #endif
2677 }
2678 }
2679 break;
2680 case TIFF_SLONG8:
2681 {
2682 int64* ma;
2683 double* mb;
2684 uint32 n;
2685 ma=(int64*)origdata;
2686 mb=data;
2687 for (n=0; n<count; n++)
2688 {
2689 if (tif->tif_flags&TIFF_SWAB)
2690 TIFFSwabLong8((uint64*)ma);
2691 *mb++=(double)(*ma++);
2692 }
2693 }
2694 break;
2695 case TIFF_RATIONAL:
2696 {
2697 uint32* ma;
2698 uint32 maa;
2699 uint32 mab;
2700 double* mb;
2701 uint32 n;
2702 ma=(uint32*)origdata;
2703 mb=data;
2704 for (n=0; n<count; n++)
2705 {
2706 if (tif->tif_flags&TIFF_SWAB)
2707 TIFFSwabLong(ma);
2708 maa=*ma++;
2709 if (tif->tif_flags&TIFF_SWAB)
2710 TIFFSwabLong(ma);
2711 mab=*ma++;
2712 if (mab==0)
2713 *mb++=0.0;
2714 else
2715 *mb++=(double)maa/(double)mab;
2716 }
2717 }
2718 break;
2719 case TIFF_SRATIONAL:
2720 {
2721 uint32* ma;
2722 int32 maa;
2723 uint32 mab;
2724 double* mb;
2725 uint32 n;
2726 ma=(uint32*)origdata;
2727 mb=data;
2728 for (n=0; n<count; n++)
2729 {
2730 if (tif->tif_flags&TIFF_SWAB)
2731 TIFFSwabLong(ma);
2732 maa=*(int32*)ma;
2733 ma++;
2734 if (tif->tif_flags&TIFF_SWAB)
2735 TIFFSwabLong(ma);
2736 mab=*ma++;
2737 if (mab==0)
2738 *mb++=0.0;
2739 else
2740 *mb++=(double)maa/(double)mab;
2741 }
2742 }
2743 break;
2744 case TIFF_FLOAT:
2745 {
2746 float* ma;
2747 double* mb;
2748 uint32 n;
2749 if (tif->tif_flags&TIFF_SWAB)
2750 TIFFSwabArrayOfLong((uint32*)origdata,count);
2751 TIFFCvtIEEEFloatToNative(tif,count,(float*)origdata);
2752 ma=(float*)origdata;
2753 mb=data;
2754 for (n=0; n<count; n++)
2755 *mb++=(double)(*ma++);
2756 }
2757 break;
2758 }
2759 _TIFFfree(origdata);
2760 *value=data;
2761 return(TIFFReadDirEntryErrOk);
2762 }
2763
TIFFReadDirEntryIfd8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2764 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2765 {
2766 enum TIFFReadDirEntryErr err;
2767 uint32 count;
2768 void* origdata;
2769 uint64* data;
2770 switch (direntry->tdir_type)
2771 {
2772 case TIFF_LONG:
2773 case TIFF_LONG8:
2774 case TIFF_IFD:
2775 case TIFF_IFD8:
2776 break;
2777 default:
2778 return(TIFFReadDirEntryErrType);
2779 }
2780 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2781 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2782 {
2783 *value=0;
2784 return(err);
2785 }
2786 switch (direntry->tdir_type)
2787 {
2788 case TIFF_LONG8:
2789 case TIFF_IFD8:
2790 *value=(uint64*)origdata;
2791 if (tif->tif_flags&TIFF_SWAB)
2792 TIFFSwabArrayOfLong8(*value,count);
2793 return(TIFFReadDirEntryErrOk);
2794 }
2795 data=(uint64*)_TIFFmalloc(count*8);
2796 if (data==0)
2797 {
2798 _TIFFfree(origdata);
2799 return(TIFFReadDirEntryErrAlloc);
2800 }
2801 switch (direntry->tdir_type)
2802 {
2803 case TIFF_LONG:
2804 case TIFF_IFD:
2805 {
2806 uint32* ma;
2807 uint64* mb;
2808 uint32 n;
2809 ma=(uint32*)origdata;
2810 mb=data;
2811 for (n=0; n<count; n++)
2812 {
2813 if (tif->tif_flags&TIFF_SWAB)
2814 TIFFSwabLong(ma);
2815 *mb++=(uint64)(*ma++);
2816 }
2817 }
2818 break;
2819 }
2820 _TIFFfree(origdata);
2821 *value=data;
2822 return(TIFFReadDirEntryErrOk);
2823 }
2824
TIFFReadDirEntryPersampleShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2825 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2826 {
2827 enum TIFFReadDirEntryErr err;
2828 uint16* m;
2829 uint16* na;
2830 uint16 nb;
2831 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2832 return(TIFFReadDirEntryErrCount);
2833 err=TIFFReadDirEntryShortArray(tif,direntry,&m);
2834 if (err!=TIFFReadDirEntryErrOk || m == NULL)
2835 return(err);
2836 na=m;
2837 nb=tif->tif_dir.td_samplesperpixel;
2838 *value=*na++;
2839 nb--;
2840 while (nb>0)
2841 {
2842 if (*na++!=*value)
2843 {
2844 err=TIFFReadDirEntryErrPsdif;
2845 break;
2846 }
2847 nb--;
2848 }
2849 _TIFFfree(m);
2850 return(err);
2851 }
2852
2853 #if 0
2854 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2855 {
2856 enum TIFFReadDirEntryErr err;
2857 double* m;
2858 double* na;
2859 uint16 nb;
2860 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2861 return(TIFFReadDirEntryErrCount);
2862 err=TIFFReadDirEntryDoubleArray(tif,direntry,&m);
2863 if (err!=TIFFReadDirEntryErrOk)
2864 return(err);
2865 na=m;
2866 nb=tif->tif_dir.td_samplesperpixel;
2867 *value=*na++;
2868 nb--;
2869 while (nb>0)
2870 {
2871 if (*na++!=*value)
2872 {
2873 err=TIFFReadDirEntryErrPsdif;
2874 break;
2875 }
2876 nb--;
2877 }
2878 _TIFFfree(m);
2879 return(err);
2880 }
2881 #endif
2882
TIFFReadDirEntryCheckedByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)2883 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
2884 {
2885 (void) tif;
2886 *value=*(uint8*)(&direntry->tdir_offset);
2887 }
2888
TIFFReadDirEntryCheckedSbyte(TIFF * tif,TIFFDirEntry * direntry,int8 * value)2889 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value)
2890 {
2891 (void) tif;
2892 *value=*(int8*)(&direntry->tdir_offset);
2893 }
2894
TIFFReadDirEntryCheckedShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2895 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2896 {
2897 *value = direntry->tdir_offset.toff_short;
2898 /* *value=*(uint16*)(&direntry->tdir_offset); */
2899 if (tif->tif_flags&TIFF_SWAB)
2900 TIFFSwabShort(value);
2901 }
2902
TIFFReadDirEntryCheckedSshort(TIFF * tif,TIFFDirEntry * direntry,int16 * value)2903 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value)
2904 {
2905 *value=*(int16*)(&direntry->tdir_offset);
2906 if (tif->tif_flags&TIFF_SWAB)
2907 TIFFSwabShort((uint16*)value);
2908 }
2909
TIFFReadDirEntryCheckedLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)2910 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
2911 {
2912 *value=*(uint32*)(&direntry->tdir_offset);
2913 if (tif->tif_flags&TIFF_SWAB)
2914 TIFFSwabLong(value);
2915 }
2916
TIFFReadDirEntryCheckedSlong(TIFF * tif,TIFFDirEntry * direntry,int32 * value)2917 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value)
2918 {
2919 *value=*(int32*)(&direntry->tdir_offset);
2920 if (tif->tif_flags&TIFF_SWAB)
2921 TIFFSwabLong((uint32*)value);
2922 }
2923
TIFFReadDirEntryCheckedLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)2924 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
2925 {
2926 if (!(tif->tif_flags&TIFF_BIGTIFF))
2927 {
2928 enum TIFFReadDirEntryErr err;
2929 uint32 offset = direntry->tdir_offset.toff_long;
2930 if (tif->tif_flags&TIFF_SWAB)
2931 TIFFSwabLong(&offset);
2932 err=TIFFReadDirEntryData(tif,offset,8,value);
2933 if (err!=TIFFReadDirEntryErrOk)
2934 return(err);
2935 }
2936 else
2937 *value = direntry->tdir_offset.toff_long8;
2938 if (tif->tif_flags&TIFF_SWAB)
2939 TIFFSwabLong8(value);
2940 return(TIFFReadDirEntryErrOk);
2941 }
2942
TIFFReadDirEntryCheckedSlong8(TIFF * tif,TIFFDirEntry * direntry,int64 * value)2943 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value)
2944 {
2945 if (!(tif->tif_flags&TIFF_BIGTIFF))
2946 {
2947 enum TIFFReadDirEntryErr err;
2948 uint32 offset = direntry->tdir_offset.toff_long;
2949 if (tif->tif_flags&TIFF_SWAB)
2950 TIFFSwabLong(&offset);
2951 err=TIFFReadDirEntryData(tif,offset,8,value);
2952 if (err!=TIFFReadDirEntryErrOk)
2953 return(err);
2954 }
2955 else
2956 *value=*(int64*)(&direntry->tdir_offset);
2957 if (tif->tif_flags&TIFF_SWAB)
2958 TIFFSwabLong8((uint64*)value);
2959 return(TIFFReadDirEntryErrOk);
2960 }
2961
TIFFReadDirEntryCheckedRational(TIFF * tif,TIFFDirEntry * direntry,double * value)2962 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2963 {
2964 UInt64Aligned_t m;
2965
2966 assert(sizeof(double)==8);
2967 assert(sizeof(uint64)==8);
2968 assert(sizeof(uint32)==4);
2969 if (!(tif->tif_flags&TIFF_BIGTIFF))
2970 {
2971 enum TIFFReadDirEntryErr err;
2972 uint32 offset = direntry->tdir_offset.toff_long;
2973 if (tif->tif_flags&TIFF_SWAB)
2974 TIFFSwabLong(&offset);
2975 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2976 if (err!=TIFFReadDirEntryErrOk)
2977 return(err);
2978 }
2979 else
2980 m.l = direntry->tdir_offset.toff_long8;
2981 if (tif->tif_flags&TIFF_SWAB)
2982 TIFFSwabArrayOfLong(m.i,2);
2983 /* Not completely sure what we should do when m.i[1]==0, but some */
2984 /* sanitizers do not like division by 0.0: */
2985 /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
2986 if (m.i[0]==0 || m.i[1]==0)
2987 *value=0.0;
2988 else
2989 *value=(double)m.i[0]/(double)m.i[1];
2990 return(TIFFReadDirEntryErrOk);
2991 }
2992
TIFFReadDirEntryCheckedSrational(TIFF * tif,TIFFDirEntry * direntry,double * value)2993 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2994 {
2995 UInt64Aligned_t m;
2996 assert(sizeof(double)==8);
2997 assert(sizeof(uint64)==8);
2998 assert(sizeof(int32)==4);
2999 assert(sizeof(uint32)==4);
3000 if (!(tif->tif_flags&TIFF_BIGTIFF))
3001 {
3002 enum TIFFReadDirEntryErr err;
3003 uint32 offset = direntry->tdir_offset.toff_long;
3004 if (tif->tif_flags&TIFF_SWAB)
3005 TIFFSwabLong(&offset);
3006 err=TIFFReadDirEntryData(tif,offset,8,m.i);
3007 if (err!=TIFFReadDirEntryErrOk)
3008 return(err);
3009 }
3010 else
3011 m.l=direntry->tdir_offset.toff_long8;
3012 if (tif->tif_flags&TIFF_SWAB)
3013 TIFFSwabArrayOfLong(m.i,2);
3014 /* Not completely sure what we should do when m.i[1]==0, but some */
3015 /* sanitizers do not like division by 0.0: */
3016 /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
3017 if ((int32)m.i[0]==0 || m.i[1]==0)
3018 *value=0.0;
3019 else
3020 *value=(double)((int32)m.i[0])/(double)m.i[1];
3021 return(TIFFReadDirEntryErrOk);
3022 }
3023
TIFFReadDirEntryCheckedFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)3024 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
3025 {
3026 union
3027 {
3028 float f;
3029 uint32 i;
3030 } float_union;
3031 assert(sizeof(float)==4);
3032 assert(sizeof(uint32)==4);
3033 assert(sizeof(float_union)==4);
3034 float_union.i=*(uint32*)(&direntry->tdir_offset);
3035 *value=float_union.f;
3036 if (tif->tif_flags&TIFF_SWAB)
3037 TIFFSwabLong((uint32*)value);
3038 }
3039
TIFFReadDirEntryCheckedDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)3040 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
3041 {
3042 assert(sizeof(double)==8);
3043 assert(sizeof(uint64)==8);
3044 assert(sizeof(UInt64Aligned_t)==8);
3045 if (!(tif->tif_flags&TIFF_BIGTIFF))
3046 {
3047 enum TIFFReadDirEntryErr err;
3048 uint32 offset = direntry->tdir_offset.toff_long;
3049 if (tif->tif_flags&TIFF_SWAB)
3050 TIFFSwabLong(&offset);
3051 err=TIFFReadDirEntryData(tif,offset,8,value);
3052 if (err!=TIFFReadDirEntryErrOk)
3053 return(err);
3054 }
3055 else
3056 {
3057 UInt64Aligned_t uint64_union;
3058 uint64_union.l=direntry->tdir_offset.toff_long8;
3059 *value=uint64_union.d;
3060 }
3061 if (tif->tif_flags&TIFF_SWAB)
3062 TIFFSwabLong8((uint64*)value);
3063 return(TIFFReadDirEntryErrOk);
3064 }
3065
TIFFReadDirEntryCheckRangeByteSbyte(int8 value)3066 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value)
3067 {
3068 if (value<0)
3069 return(TIFFReadDirEntryErrRange);
3070 else
3071 return(TIFFReadDirEntryErrOk);
3072 }
3073
TIFFReadDirEntryCheckRangeByteShort(uint16 value)3074 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value)
3075 {
3076 if (value>0xFF)
3077 return(TIFFReadDirEntryErrRange);
3078 else
3079 return(TIFFReadDirEntryErrOk);
3080 }
3081
TIFFReadDirEntryCheckRangeByteSshort(int16 value)3082 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value)
3083 {
3084 if ((value<0)||(value>0xFF))
3085 return(TIFFReadDirEntryErrRange);
3086 else
3087 return(TIFFReadDirEntryErrOk);
3088 }
3089
TIFFReadDirEntryCheckRangeByteLong(uint32 value)3090 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value)
3091 {
3092 if (value>0xFF)
3093 return(TIFFReadDirEntryErrRange);
3094 else
3095 return(TIFFReadDirEntryErrOk);
3096 }
3097
TIFFReadDirEntryCheckRangeByteSlong(int32 value)3098 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value)
3099 {
3100 if ((value<0)||(value>0xFF))
3101 return(TIFFReadDirEntryErrRange);
3102 else
3103 return(TIFFReadDirEntryErrOk);
3104 }
3105
TIFFReadDirEntryCheckRangeByteLong8(uint64 value)3106 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value)
3107 {
3108 if (value>0xFF)
3109 return(TIFFReadDirEntryErrRange);
3110 else
3111 return(TIFFReadDirEntryErrOk);
3112 }
3113
TIFFReadDirEntryCheckRangeByteSlong8(int64 value)3114 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value)
3115 {
3116 if ((value<0)||(value>0xFF))
3117 return(TIFFReadDirEntryErrRange);
3118 else
3119 return(TIFFReadDirEntryErrOk);
3120 }
3121
TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)3122 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)
3123 {
3124 if (value>0x7F)
3125 return(TIFFReadDirEntryErrRange);
3126 else
3127 return(TIFFReadDirEntryErrOk);
3128 }
3129
TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)3130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)
3131 {
3132 if (value>0x7F)
3133 return(TIFFReadDirEntryErrRange);
3134 else
3135 return(TIFFReadDirEntryErrOk);
3136 }
3137
TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)3138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)
3139 {
3140 if ((value<-0x80)||(value>0x7F))
3141 return(TIFFReadDirEntryErrRange);
3142 else
3143 return(TIFFReadDirEntryErrOk);
3144 }
3145
TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)3146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)
3147 {
3148 if (value>0x7F)
3149 return(TIFFReadDirEntryErrRange);
3150 else
3151 return(TIFFReadDirEntryErrOk);
3152 }
3153
TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)3154 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)
3155 {
3156 if ((value<-0x80)||(value>0x7F))
3157 return(TIFFReadDirEntryErrRange);
3158 else
3159 return(TIFFReadDirEntryErrOk);
3160 }
3161
TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)3162 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)
3163 {
3164 if (value>0x7F)
3165 return(TIFFReadDirEntryErrRange);
3166 else
3167 return(TIFFReadDirEntryErrOk);
3168 }
3169
TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)3170 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)
3171 {
3172 if ((value<-0x80)||(value>0x7F))
3173 return(TIFFReadDirEntryErrRange);
3174 else
3175 return(TIFFReadDirEntryErrOk);
3176 }
3177
TIFFReadDirEntryCheckRangeShortSbyte(int8 value)3178 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value)
3179 {
3180 if (value<0)
3181 return(TIFFReadDirEntryErrRange);
3182 else
3183 return(TIFFReadDirEntryErrOk);
3184 }
3185
TIFFReadDirEntryCheckRangeShortSshort(int16 value)3186 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value)
3187 {
3188 if (value<0)
3189 return(TIFFReadDirEntryErrRange);
3190 else
3191 return(TIFFReadDirEntryErrOk);
3192 }
3193
TIFFReadDirEntryCheckRangeShortLong(uint32 value)3194 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value)
3195 {
3196 if (value>0xFFFF)
3197 return(TIFFReadDirEntryErrRange);
3198 else
3199 return(TIFFReadDirEntryErrOk);
3200 }
3201
TIFFReadDirEntryCheckRangeShortSlong(int32 value)3202 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value)
3203 {
3204 if ((value<0)||(value>0xFFFF))
3205 return(TIFFReadDirEntryErrRange);
3206 else
3207 return(TIFFReadDirEntryErrOk);
3208 }
3209
TIFFReadDirEntryCheckRangeShortLong8(uint64 value)3210 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value)
3211 {
3212 if (value>0xFFFF)
3213 return(TIFFReadDirEntryErrRange);
3214 else
3215 return(TIFFReadDirEntryErrOk);
3216 }
3217
TIFFReadDirEntryCheckRangeShortSlong8(int64 value)3218 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value)
3219 {
3220 if ((value<0)||(value>0xFFFF))
3221 return(TIFFReadDirEntryErrRange);
3222 else
3223 return(TIFFReadDirEntryErrOk);
3224 }
3225
TIFFReadDirEntryCheckRangeSshortShort(uint16 value)3226 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value)
3227 {
3228 if (value>0x7FFF)
3229 return(TIFFReadDirEntryErrRange);
3230 else
3231 return(TIFFReadDirEntryErrOk);
3232 }
3233
TIFFReadDirEntryCheckRangeSshortLong(uint32 value)3234 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value)
3235 {
3236 if (value>0x7FFF)
3237 return(TIFFReadDirEntryErrRange);
3238 else
3239 return(TIFFReadDirEntryErrOk);
3240 }
3241
TIFFReadDirEntryCheckRangeSshortSlong(int32 value)3242 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value)
3243 {
3244 if ((value<-0x8000)||(value>0x7FFF))
3245 return(TIFFReadDirEntryErrRange);
3246 else
3247 return(TIFFReadDirEntryErrOk);
3248 }
3249
TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)3250 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)
3251 {
3252 if (value>0x7FFF)
3253 return(TIFFReadDirEntryErrRange);
3254 else
3255 return(TIFFReadDirEntryErrOk);
3256 }
3257
TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)3258 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)
3259 {
3260 if ((value<-0x8000)||(value>0x7FFF))
3261 return(TIFFReadDirEntryErrRange);
3262 else
3263 return(TIFFReadDirEntryErrOk);
3264 }
3265
TIFFReadDirEntryCheckRangeLongSbyte(int8 value)3266 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value)
3267 {
3268 if (value<0)
3269 return(TIFFReadDirEntryErrRange);
3270 else
3271 return(TIFFReadDirEntryErrOk);
3272 }
3273
TIFFReadDirEntryCheckRangeLongSshort(int16 value)3274 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value)
3275 {
3276 if (value<0)
3277 return(TIFFReadDirEntryErrRange);
3278 else
3279 return(TIFFReadDirEntryErrOk);
3280 }
3281
TIFFReadDirEntryCheckRangeLongSlong(int32 value)3282 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value)
3283 {
3284 if (value<0)
3285 return(TIFFReadDirEntryErrRange);
3286 else
3287 return(TIFFReadDirEntryErrOk);
3288 }
3289
3290 /*
3291 * Largest 32-bit unsigned integer value.
3292 */
3293 #define TIFF_UINT32_MAX 0xFFFFFFFFU
3294
3295 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongLong8(uint64 value)3296 TIFFReadDirEntryCheckRangeLongLong8(uint64 value)
3297 {
3298 if (value > TIFF_UINT32_MAX)
3299 return(TIFFReadDirEntryErrRange);
3300 else
3301 return(TIFFReadDirEntryErrOk);
3302 }
3303
3304 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongSlong8(int64 value)3305 TIFFReadDirEntryCheckRangeLongSlong8(int64 value)
3306 {
3307 if ((value < 0) || (value > (int64) TIFF_UINT32_MAX))
3308 return(TIFFReadDirEntryErrRange);
3309 else
3310 return(TIFFReadDirEntryErrOk);
3311 }
3312
3313 #undef TIFF_UINT32_MAX
3314
3315 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong(uint32 value)3316 TIFFReadDirEntryCheckRangeSlongLong(uint32 value)
3317 {
3318 if (value > 0x7FFFFFFFUL)
3319 return(TIFFReadDirEntryErrRange);
3320 else
3321 return(TIFFReadDirEntryErrOk);
3322 }
3323
3324 /* Check that the 8-byte unsigned value can fit in a 4-byte unsigned range */
3325 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)3326 TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)
3327 {
3328 if (value > 0x7FFFFFFF)
3329 return(TIFFReadDirEntryErrRange);
3330 else
3331 return(TIFFReadDirEntryErrOk);
3332 }
3333
3334 /* Check that the 8-byte signed value can fit in a 4-byte signed range */
3335 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)3336 TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)
3337 {
3338 if ((value < 0-((int64) 0x7FFFFFFF+1)) || (value > 0x7FFFFFFF))
3339 return(TIFFReadDirEntryErrRange);
3340 else
3341 return(TIFFReadDirEntryErrOk);
3342 }
3343
3344 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)3345 TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)
3346 {
3347 if (value < 0)
3348 return(TIFFReadDirEntryErrRange);
3349 else
3350 return(TIFFReadDirEntryErrOk);
3351 }
3352
3353 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)3354 TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)
3355 {
3356 if (value < 0)
3357 return(TIFFReadDirEntryErrRange);
3358 else
3359 return(TIFFReadDirEntryErrOk);
3360 }
3361
3362 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong(int32 value)3363 TIFFReadDirEntryCheckRangeLong8Slong(int32 value)
3364 {
3365 if (value < 0)
3366 return(TIFFReadDirEntryErrRange);
3367 else
3368 return(TIFFReadDirEntryErrOk);
3369 }
3370
3371 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)3372 TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)
3373 {
3374 if (value < 0)
3375 return(TIFFReadDirEntryErrRange);
3376 else
3377 return(TIFFReadDirEntryErrOk);
3378 }
3379
3380 /*
3381 * Largest 64-bit signed integer value.
3382 */
3383 #define TIFF_INT64_MAX ((int64)(((uint64) ~0) >> 1))
3384
3385 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)3386 TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)
3387 {
3388 if (value > TIFF_INT64_MAX)
3389 return(TIFFReadDirEntryErrRange);
3390 else
3391 return(TIFFReadDirEntryErrOk);
3392 }
3393
3394 #undef TIFF_INT64_MAX
3395
3396 static enum TIFFReadDirEntryErr
TIFFReadDirEntryData(TIFF * tif,uint64 offset,tmsize_t size,void * dest)3397 TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest)
3398 {
3399 assert(size>0);
3400 if (!isMapped(tif)) {
3401 if (!SeekOK(tif,offset))
3402 return(TIFFReadDirEntryErrIo);
3403 if (!ReadOK(tif,dest,size))
3404 return(TIFFReadDirEntryErrIo);
3405 } else {
3406 size_t ma,mb;
3407 ma=(size_t)offset;
3408 mb=ma+size;
3409 if (((uint64)ma!=offset)
3410 || (mb < ma)
3411 || (mb - ma != (size_t) size)
3412 || (mb < (size_t)size)
3413 || (mb > (size_t)tif->tif_size)
3414 )
3415 return(TIFFReadDirEntryErrIo);
3416 _TIFFmemcpy(dest,tif->tif_base+ma,size);
3417 }
3418 return(TIFFReadDirEntryErrOk);
3419 }
3420
TIFFReadDirEntryOutputErr(TIFF * tif,enum TIFFReadDirEntryErr err,const char * module,const char * tagname,int recover)3421 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover)
3422 {
3423 if (!recover) {
3424 switch (err) {
3425 case TIFFReadDirEntryErrCount:
3426 TIFFErrorExt(tif->tif_clientdata, module,
3427 "Incorrect count for \"%s\"",
3428 tagname);
3429 break;
3430 case TIFFReadDirEntryErrType:
3431 TIFFErrorExt(tif->tif_clientdata, module,
3432 "Incompatible type for \"%s\"",
3433 tagname);
3434 break;
3435 case TIFFReadDirEntryErrIo:
3436 TIFFErrorExt(tif->tif_clientdata, module,
3437 "IO error during reading of \"%s\"",
3438 tagname);
3439 break;
3440 case TIFFReadDirEntryErrRange:
3441 TIFFErrorExt(tif->tif_clientdata, module,
3442 "Incorrect value for \"%s\"",
3443 tagname);
3444 break;
3445 case TIFFReadDirEntryErrPsdif:
3446 TIFFErrorExt(tif->tif_clientdata, module,
3447 "Cannot handle different values per sample for \"%s\"",
3448 tagname);
3449 break;
3450 case TIFFReadDirEntryErrSizesan:
3451 TIFFErrorExt(tif->tif_clientdata, module,
3452 "Sanity check on size of \"%s\" value failed",
3453 tagname);
3454 break;
3455 case TIFFReadDirEntryErrAlloc:
3456 TIFFErrorExt(tif->tif_clientdata, module,
3457 "Out of memory reading of \"%s\"",
3458 tagname);
3459 break;
3460 default:
3461 assert(0); /* we should never get here */
3462 break;
3463 }
3464 } else {
3465 switch (err) {
3466 case TIFFReadDirEntryErrCount:
3467 TIFFWarningExt(tif->tif_clientdata, module,
3468 "Incorrect count for \"%s\"; tag ignored",
3469 tagname);
3470 break;
3471 case TIFFReadDirEntryErrType:
3472 TIFFWarningExt(tif->tif_clientdata, module,
3473 "Incompatible type for \"%s\"; tag ignored",
3474 tagname);
3475 break;
3476 case TIFFReadDirEntryErrIo:
3477 TIFFWarningExt(tif->tif_clientdata, module,
3478 "IO error during reading of \"%s\"; tag ignored",
3479 tagname);
3480 break;
3481 case TIFFReadDirEntryErrRange:
3482 TIFFWarningExt(tif->tif_clientdata, module,
3483 "Incorrect value for \"%s\"; tag ignored",
3484 tagname);
3485 break;
3486 case TIFFReadDirEntryErrPsdif:
3487 TIFFWarningExt(tif->tif_clientdata, module,
3488 "Cannot handle different values per sample for \"%s\"; tag ignored",
3489 tagname);
3490 break;
3491 case TIFFReadDirEntryErrSizesan:
3492 TIFFWarningExt(tif->tif_clientdata, module,
3493 "Sanity check on size of \"%s\" value failed; tag ignored",
3494 tagname);
3495 break;
3496 case TIFFReadDirEntryErrAlloc:
3497 TIFFWarningExt(tif->tif_clientdata, module,
3498 "Out of memory reading of \"%s\"; tag ignored",
3499 tagname);
3500 break;
3501 default:
3502 assert(0); /* we should never get here */
3503 break;
3504 }
3505 }
3506 }
3507
3508 /*
3509 * Return the maximum number of color channels specified for a given photometric
3510 * type. 0 is returned if photometric type isn't supported or no default value
3511 * is defined by the specification.
3512 */
_TIFFGetMaxColorChannels(uint16 photometric)3513 static int _TIFFGetMaxColorChannels( uint16 photometric )
3514 {
3515 switch (photometric) {
3516 case PHOTOMETRIC_PALETTE:
3517 case PHOTOMETRIC_MINISWHITE:
3518 case PHOTOMETRIC_MINISBLACK:
3519 return 1;
3520 case PHOTOMETRIC_YCBCR:
3521 case PHOTOMETRIC_RGB:
3522 case PHOTOMETRIC_CIELAB:
3523 case PHOTOMETRIC_LOGLUV:
3524 case PHOTOMETRIC_ITULAB:
3525 case PHOTOMETRIC_ICCLAB:
3526 return 3;
3527 case PHOTOMETRIC_SEPARATED:
3528 case PHOTOMETRIC_MASK:
3529 return 4;
3530 case PHOTOMETRIC_LOGL:
3531 case PHOTOMETRIC_CFA:
3532 default:
3533 return 0;
3534 }
3535 }
3536
3537 /*
3538 * Read the next TIFF directory from a file and convert it to the internal
3539 * format. We read directories sequentially.
3540 */
3541 int
TIFFReadDirectory(TIFF * tif)3542 TIFFReadDirectory(TIFF* tif)
3543 {
3544 static const char module[] = "TIFFReadDirectory";
3545 TIFFDirEntry* dir;
3546 uint16 dircount;
3547 TIFFDirEntry* dp;
3548 uint16 di;
3549 const TIFFField* fip;
3550 uint32 fii=FAILED_FII;
3551 toff_t nextdiroff;
3552 int bitspersample_read = FALSE;
3553 int color_channels;
3554
3555 tif->tif_diroff=tif->tif_nextdiroff;
3556 if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
3557 return 0; /* last offset or bad offset (IFD looping) */
3558 (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */
3559 tif->tif_curdir++;
3560 nextdiroff = tif->tif_nextdiroff;
3561 dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff);
3562 if (!dircount)
3563 {
3564 TIFFErrorExt(tif->tif_clientdata,module,
3565 "Failed to read directory at offset " TIFF_UINT64_FORMAT,nextdiroff);
3566 return 0;
3567 }
3568 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
3569
3570 /*
3571 * Mark duplicates of any tag to be ignored (bugzilla 1994)
3572 * to avoid certain pathological problems.
3573 */
3574 {
3575 TIFFDirEntry* ma;
3576 uint16 mb;
3577 for (ma=dir, mb=0; mb<dircount; ma++, mb++)
3578 {
3579 TIFFDirEntry* na;
3580 uint16 nb;
3581 for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++)
3582 {
3583 if (ma->tdir_tag==na->tdir_tag)
3584 na->tdir_tag=IGNORE;
3585 }
3586 }
3587 }
3588
3589 tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */
3590 tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */
3591 /* free any old stuff and reinit */
3592 TIFFFreeDirectory(tif);
3593 TIFFDefaultDirectory(tif);
3594 /*
3595 * Electronic Arts writes gray-scale TIFF files
3596 * without a PlanarConfiguration directory entry.
3597 * Thus we setup a default value here, even though
3598 * the TIFF spec says there is no default value.
3599 */
3600 TIFFSetField(tif,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG);
3601 /*
3602 * Setup default value and then make a pass over
3603 * the fields to check type and tag information,
3604 * and to extract info required to size data
3605 * structures. A second pass is made afterwards
3606 * to read in everything not taken in the first pass.
3607 * But we must process the Compression tag first
3608 * in order to merge in codec-private tag definitions (otherwise
3609 * we may get complaints about unknown tags). However, the
3610 * Compression tag may be dependent on the SamplesPerPixel
3611 * tag value because older TIFF specs permitted Compression
3612 * to be written as a SamplesPerPixel-count tag entry.
3613 * Thus if we don't first figure out the correct SamplesPerPixel
3614 * tag value then we may end up ignoring the Compression tag
3615 * value because it has an incorrect count value (if the
3616 * true value of SamplesPerPixel is not 1).
3617 */
3618 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_SAMPLESPERPIXEL);
3619 if (dp)
3620 {
3621 if (!TIFFFetchNormalTag(tif,dp,0))
3622 goto bad;
3623 dp->tdir_tag=IGNORE;
3624 }
3625 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION);
3626 if (dp)
3627 {
3628 /*
3629 * The 5.0 spec says the Compression tag has one value, while
3630 * earlier specs say it has one value per sample. Because of
3631 * this, we accept the tag if one value is supplied with either
3632 * count.
3633 */
3634 uint16 value;
3635 enum TIFFReadDirEntryErr err;
3636 err=TIFFReadDirEntryShort(tif,dp,&value);
3637 if (err==TIFFReadDirEntryErrCount)
3638 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3639 if (err!=TIFFReadDirEntryErrOk)
3640 {
3641 TIFFReadDirEntryOutputErr(tif,err,module,"Compression",0);
3642 goto bad;
3643 }
3644 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value))
3645 goto bad;
3646 dp->tdir_tag=IGNORE;
3647 }
3648 else
3649 {
3650 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,COMPRESSION_NONE))
3651 goto bad;
3652 }
3653 /*
3654 * First real pass over the directory.
3655 */
3656 for (di=0, dp=dir; di<dircount; di++, dp++)
3657 {
3658 if (dp->tdir_tag!=IGNORE)
3659 {
3660 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3661 if (fii == FAILED_FII)
3662 {
3663 TIFFWarningExt(tif->tif_clientdata, module,
3664 "Unknown field with tag %d (0x%x) encountered",
3665 dp->tdir_tag,dp->tdir_tag);
3666 /* the following knowingly leaks the
3667 anonymous field structure */
3668 if (!_TIFFMergeFields(tif,
3669 _TIFFCreateAnonField(tif,
3670 dp->tdir_tag,
3671 (TIFFDataType) dp->tdir_type),
3672 1)) {
3673 TIFFWarningExt(tif->tif_clientdata,
3674 module,
3675 "Registering anonymous field with tag %d (0x%x) failed",
3676 dp->tdir_tag,
3677 dp->tdir_tag);
3678 dp->tdir_tag=IGNORE;
3679 } else {
3680 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3681 assert(fii != FAILED_FII);
3682 }
3683 }
3684 }
3685 if (dp->tdir_tag!=IGNORE)
3686 {
3687 fip=tif->tif_fields[fii];
3688 if (fip->field_bit==FIELD_IGNORE)
3689 dp->tdir_tag=IGNORE;
3690 else
3691 {
3692 switch (dp->tdir_tag)
3693 {
3694 case TIFFTAG_STRIPOFFSETS:
3695 case TIFFTAG_STRIPBYTECOUNTS:
3696 case TIFFTAG_TILEOFFSETS:
3697 case TIFFTAG_TILEBYTECOUNTS:
3698 TIFFSetFieldBit(tif,fip->field_bit);
3699 break;
3700 case TIFFTAG_IMAGEWIDTH:
3701 case TIFFTAG_IMAGELENGTH:
3702 case TIFFTAG_IMAGEDEPTH:
3703 case TIFFTAG_TILELENGTH:
3704 case TIFFTAG_TILEWIDTH:
3705 case TIFFTAG_TILEDEPTH:
3706 case TIFFTAG_PLANARCONFIG:
3707 case TIFFTAG_ROWSPERSTRIP:
3708 case TIFFTAG_EXTRASAMPLES:
3709 if (!TIFFFetchNormalTag(tif,dp,0))
3710 goto bad;
3711 dp->tdir_tag=IGNORE;
3712 break;
3713 default:
3714 if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
3715 dp->tdir_tag=IGNORE;
3716 break;
3717 }
3718 }
3719 }
3720 }
3721 /*
3722 * XXX: OJPEG hack.
3723 * If a) compression is OJPEG, b) planarconfig tag says it's separate,
3724 * c) strip offsets/bytecounts tag are both present and
3725 * d) both contain exactly one value, then we consistently find
3726 * that the buggy implementation of the buggy compression scheme
3727 * matches contig planarconfig best. So we 'fix-up' the tag here
3728 */
3729 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&&
3730 (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE))
3731 {
3732 if (!_TIFFFillStriles(tif))
3733 goto bad;
3734 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS);
3735 if ((dp!=0)&&(dp->tdir_count==1))
3736 {
3737 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,
3738 TIFFTAG_STRIPBYTECOUNTS);
3739 if ((dp!=0)&&(dp->tdir_count==1))
3740 {
3741 tif->tif_dir.td_planarconfig=PLANARCONFIG_CONTIG;
3742 TIFFWarningExt(tif->tif_clientdata,module,
3743 "Planarconfig tag value assumed incorrect, "
3744 "assuming data is contig instead of chunky");
3745 }
3746 }
3747 }
3748 /*
3749 * Allocate directory structure and setup defaults.
3750 */
3751 if (!TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS))
3752 {
3753 MissingRequired(tif,"ImageLength");
3754 goto bad;
3755 }
3756 /*
3757 * Setup appropriate structures (by strip or by tile)
3758 */
3759 if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
3760 tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif);
3761 tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth;
3762 tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip;
3763 tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth;
3764 tif->tif_flags &= ~TIFF_ISTILED;
3765 } else {
3766 tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif);
3767 tif->tif_flags |= TIFF_ISTILED;
3768 }
3769 if (!tif->tif_dir.td_nstrips) {
3770 TIFFErrorExt(tif->tif_clientdata, module,
3771 "Cannot handle zero number of %s",
3772 isTiled(tif) ? "tiles" : "strips");
3773 goto bad;
3774 }
3775 tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips;
3776 if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)
3777 tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel;
3778 if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) {
3779 #ifdef OJPEG_SUPPORT
3780 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) &&
3781 (isTiled(tif)==0) &&
3782 (tif->tif_dir.td_nstrips==1)) {
3783 /*
3784 * XXX: OJPEG hack.
3785 * If a) compression is OJPEG, b) it's not a tiled TIFF,
3786 * and c) the number of strips is 1,
3787 * then we tolerate the absence of stripoffsets tag,
3788 * because, presumably, all required data is in the
3789 * JpegInterchangeFormat stream.
3790 */
3791 TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS);
3792 } else
3793 #endif
3794 {
3795 MissingRequired(tif,
3796 isTiled(tif) ? "TileOffsets" : "StripOffsets");
3797 goto bad;
3798 }
3799 }
3800 /*
3801 * Second pass: extract other information.
3802 */
3803 for (di=0, dp=dir; di<dircount; di++, dp++)
3804 {
3805 switch (dp->tdir_tag)
3806 {
3807 case IGNORE:
3808 break;
3809 case TIFFTAG_MINSAMPLEVALUE:
3810 case TIFFTAG_MAXSAMPLEVALUE:
3811 case TIFFTAG_BITSPERSAMPLE:
3812 case TIFFTAG_DATATYPE:
3813 case TIFFTAG_SAMPLEFORMAT:
3814 /*
3815 * The MinSampleValue, MaxSampleValue, BitsPerSample
3816 * DataType and SampleFormat tags are supposed to be
3817 * written as one value/sample, but some vendors
3818 * incorrectly write one value only -- so we accept
3819 * that as well (yuck). Other vendors write correct
3820 * value for NumberOfSamples, but incorrect one for
3821 * BitsPerSample and friends, and we will read this
3822 * too.
3823 */
3824 {
3825 uint16 value;
3826 enum TIFFReadDirEntryErr err;
3827 err=TIFFReadDirEntryShort(tif,dp,&value);
3828 if (err==TIFFReadDirEntryErrCount)
3829 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3830 if (err!=TIFFReadDirEntryErrOk)
3831 {
3832 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3833 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3834 goto bad;
3835 }
3836 if (!TIFFSetField(tif,dp->tdir_tag,value))
3837 goto bad;
3838 if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE )
3839 bitspersample_read = TRUE;
3840 }
3841 break;
3842 case TIFFTAG_SMINSAMPLEVALUE:
3843 case TIFFTAG_SMAXSAMPLEVALUE:
3844 {
3845
3846 double *data = NULL;
3847 enum TIFFReadDirEntryErr err;
3848 uint32 saved_flags;
3849 int m;
3850 if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel)
3851 err = TIFFReadDirEntryErrCount;
3852 else
3853 err = TIFFReadDirEntryDoubleArray(tif, dp, &data);
3854 if (err!=TIFFReadDirEntryErrOk)
3855 {
3856 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3857 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3858 goto bad;
3859 }
3860 saved_flags = tif->tif_flags;
3861 tif->tif_flags |= TIFF_PERSAMPLE;
3862 m = TIFFSetField(tif,dp->tdir_tag,data);
3863 tif->tif_flags = saved_flags;
3864 _TIFFfree(data);
3865 if (!m)
3866 goto bad;
3867 }
3868 break;
3869 case TIFFTAG_STRIPOFFSETS:
3870 case TIFFTAG_TILEOFFSETS:
3871 #if defined(DEFER_STRILE_LOAD)
3872 _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry),
3873 dp, sizeof(TIFFDirEntry) );
3874 #else
3875 if( tif->tif_dir.td_stripoffset != NULL )
3876 {
3877 TIFFErrorExt(tif->tif_clientdata, module,
3878 "tif->tif_dir.td_stripoffset is "
3879 "already allocated. Likely duplicated "
3880 "StripOffsets/TileOffsets tag");
3881 goto bad;
3882 }
3883 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset))
3884 goto bad;
3885 #endif
3886 break;
3887 case TIFFTAG_STRIPBYTECOUNTS:
3888 case TIFFTAG_TILEBYTECOUNTS:
3889 #if defined(DEFER_STRILE_LOAD)
3890 _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry),
3891 dp, sizeof(TIFFDirEntry) );
3892 #else
3893 if( tif->tif_dir.td_stripbytecount != NULL )
3894 {
3895 TIFFErrorExt(tif->tif_clientdata, module,
3896 "tif->tif_dir.td_stripbytecount is "
3897 "already allocated. Likely duplicated "
3898 "StripByteCounts/TileByteCounts tag");
3899 goto bad;
3900 }
3901 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount))
3902 goto bad;
3903 #endif
3904 break;
3905 case TIFFTAG_COLORMAP:
3906 case TIFFTAG_TRANSFERFUNCTION:
3907 {
3908 enum TIFFReadDirEntryErr err;
3909 uint32 countpersample;
3910 uint32 countrequired;
3911 uint32 incrementpersample;
3912 uint16* value=NULL;
3913 /* It would be dangerous to instantiate those tag values */
3914 /* since if td_bitspersample has not yet been read (due to */
3915 /* unordered tags), it could be read afterwards with a */
3916 /* values greater than the default one (1), which may cause */
3917 /* crashes in user code */
3918 if( !bitspersample_read )
3919 {
3920 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3921 TIFFWarningExt(tif->tif_clientdata,module,
3922 "Ignoring %s since BitsPerSample tag not found",
3923 fip ? fip->field_name : "unknown tagname");
3924 continue;
3925 }
3926 /* ColorMap or TransferFunction for high bit */
3927 /* depths do not make much sense and could be */
3928 /* used as a denial of service vector */
3929 if (tif->tif_dir.td_bitspersample > 24)
3930 {
3931 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3932 TIFFWarningExt(tif->tif_clientdata,module,
3933 "Ignoring %s because BitsPerSample=%d>24",
3934 fip ? fip->field_name : "unknown tagname",
3935 tif->tif_dir.td_bitspersample);
3936 continue;
3937 }
3938 countpersample=(1U<<tif->tif_dir.td_bitspersample);
3939 if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
3940 {
3941 countrequired=countpersample;
3942 incrementpersample=0;
3943 }
3944 else
3945 {
3946 countrequired=3*countpersample;
3947 incrementpersample=countpersample;
3948 }
3949 if (dp->tdir_count!=(uint64)countrequired)
3950 err=TIFFReadDirEntryErrCount;
3951 else
3952 err=TIFFReadDirEntryShortArray(tif,dp,&value);
3953 if (err!=TIFFReadDirEntryErrOk)
3954 {
3955 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3956 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1);
3957 }
3958 else
3959 {
3960 TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample);
3961 _TIFFfree(value);
3962 }
3963 }
3964 break;
3965 /* BEGIN REV 4.0 COMPATIBILITY */
3966 case TIFFTAG_OSUBFILETYPE:
3967 {
3968 uint16 valueo;
3969 uint32 value;
3970 if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk)
3971 {
3972 switch (valueo)
3973 {
3974 case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break;
3975 case OFILETYPE_PAGE: value=FILETYPE_PAGE; break;
3976 default: value=0; break;
3977 }
3978 if (value!=0)
3979 TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value);
3980 }
3981 }
3982 break;
3983 /* END REV 4.0 COMPATIBILITY */
3984 default:
3985 (void) TIFFFetchNormalTag(tif, dp, TRUE);
3986 break;
3987 }
3988 }
3989 /*
3990 * OJPEG hack:
3991 * - If a) compression is OJPEG, and b) photometric tag is missing,
3992 * then we consistently find that photometric should be YCbCr
3993 * - If a) compression is OJPEG, and b) photometric tag says it's RGB,
3994 * then we consistently find that the buggy implementation of the
3995 * buggy compression scheme matches photometric YCbCr instead.
3996 * - If a) compression is OJPEG, and b) bitspersample tag is missing,
3997 * then we consistently find bitspersample should be 8.
3998 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3999 * and c) photometric is RGB or YCbCr, then we consistently find
4000 * samplesperpixel should be 3
4001 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
4002 * and c) photometric is MINISWHITE or MINISBLACK, then we consistently
4003 * find samplesperpixel should be 3
4004 */
4005 if (tif->tif_dir.td_compression==COMPRESSION_OJPEG)
4006 {
4007 if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC))
4008 {
4009 TIFFWarningExt(tif->tif_clientdata, module,
4010 "Photometric tag is missing, assuming data is YCbCr");
4011 if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR))
4012 goto bad;
4013 }
4014 else if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
4015 {
4016 tif->tif_dir.td_photometric=PHOTOMETRIC_YCBCR;
4017 TIFFWarningExt(tif->tif_clientdata, module,
4018 "Photometric tag value assumed incorrect, "
4019 "assuming data is YCbCr instead of RGB");
4020 }
4021 if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE))
4022 {
4023 TIFFWarningExt(tif->tif_clientdata,module,
4024 "BitsPerSample tag is missing, assuming 8 bits per sample");
4025 if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8))
4026 goto bad;
4027 }
4028 if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL))
4029 {
4030 if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
4031 {
4032 TIFFWarningExt(tif->tif_clientdata,module,
4033 "SamplesPerPixel tag is missing, "
4034 "assuming correct SamplesPerPixel value is 3");
4035 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
4036 goto bad;
4037 }
4038 if (tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR)
4039 {
4040 TIFFWarningExt(tif->tif_clientdata,module,
4041 "SamplesPerPixel tag is missing, "
4042 "applying correct SamplesPerPixel value of 3");
4043 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
4044 goto bad;
4045 }
4046 else if ((tif->tif_dir.td_photometric==PHOTOMETRIC_MINISWHITE)
4047 || (tif->tif_dir.td_photometric==PHOTOMETRIC_MINISBLACK))
4048 {
4049 /*
4050 * SamplesPerPixel tag is missing, but is not required
4051 * by spec. Assume correct SamplesPerPixel value of 1.
4052 */
4053 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1))
4054 goto bad;
4055 }
4056 }
4057 }
4058
4059 /*
4060 * Make sure all non-color channels are extrasamples.
4061 * If it's not the case, define them as such.
4062 */
4063 color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric);
4064 if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) {
4065 uint16 old_extrasamples;
4066 uint16 *new_sampleinfo;
4067
4068 TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related "
4069 "color channels and ExtraSamples doesn't match SamplesPerPixel. "
4070 "Defining non-color channels as ExtraSamples.");
4071
4072 old_extrasamples = tif->tif_dir.td_extrasamples;
4073 tif->tif_dir.td_extrasamples = (uint16) (tif->tif_dir.td_samplesperpixel - color_channels);
4074
4075 // sampleinfo should contain information relative to these new extra samples
4076 new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16));
4077 if (!new_sampleinfo) {
4078 TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for "
4079 "temporary new sampleinfo array (%d 16 bit elements)",
4080 tif->tif_dir.td_extrasamples);
4081 goto bad;
4082 }
4083
4084 memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
4085 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
4086 _TIFFfree(new_sampleinfo);
4087 }
4088
4089 /*
4090 * Verify Palette image has a Colormap.
4091 */
4092 if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE &&
4093 !TIFFFieldSet(tif, FIELD_COLORMAP)) {
4094 if ( tif->tif_dir.td_bitspersample>=8 && tif->tif_dir.td_samplesperpixel==3)
4095 tif->tif_dir.td_photometric = PHOTOMETRIC_RGB;
4096 else if (tif->tif_dir.td_bitspersample>=8)
4097 tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK;
4098 else {
4099 MissingRequired(tif, "Colormap");
4100 goto bad;
4101 }
4102 }
4103 /*
4104 * OJPEG hack:
4105 * We do no further messing with strip/tile offsets/bytecounts in OJPEG
4106 * TIFFs
4107 */
4108 if (tif->tif_dir.td_compression!=COMPRESSION_OJPEG)
4109 {
4110 /*
4111 * Attempt to deal with a missing StripByteCounts tag.
4112 */
4113 if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) {
4114 /*
4115 * Some manufacturers violate the spec by not giving
4116 * the size of the strips. In this case, assume there
4117 * is one uncompressed strip of data.
4118 */
4119 if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG &&
4120 tif->tif_dir.td_nstrips > 1) ||
4121 (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE &&
4122 tif->tif_dir.td_nstrips != (uint32)tif->tif_dir.td_samplesperpixel)) {
4123 MissingRequired(tif, "StripByteCounts");
4124 goto bad;
4125 }
4126 TIFFWarningExt(tif->tif_clientdata, module,
4127 "TIFF directory is missing required "
4128 "\"StripByteCounts\" field, calculating from imagelength");
4129 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
4130 goto bad;
4131 /*
4132 * Assume we have wrong StripByteCount value (in case
4133 * of single strip) in following cases:
4134 * - it is equal to zero along with StripOffset;
4135 * - it is larger than file itself (in case of uncompressed
4136 * image);
4137 * - it is smaller than the size of the bytes per row
4138 * multiplied on the number of rows. The last case should
4139 * not be checked in the case of writing new image,
4140 * because we may do not know the exact strip size
4141 * until the whole image will be written and directory
4142 * dumped out.
4143 */
4144 #define BYTECOUNTLOOKSBAD \
4145 ( (tif->tif_dir.td_stripbytecount[0] == 0 && tif->tif_dir.td_stripoffset[0] != 0) || \
4146 (tif->tif_dir.td_compression == COMPRESSION_NONE && \
4147 (tif->tif_dir.td_stripoffset[0] <= TIFFGetFileSize(tif) && \
4148 tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0])) || \
4149 (tif->tif_mode == O_RDONLY && \
4150 tif->tif_dir.td_compression == COMPRESSION_NONE && \
4151 tif->tif_dir.td_stripbytecount[0] < TIFFScanlineSize64(tif) * tif->tif_dir.td_imagelength) )
4152
4153 } else if (tif->tif_dir.td_nstrips == 1
4154 && !(tif->tif_flags&TIFF_ISTILED)
4155 && _TIFFFillStriles(tif)
4156 && tif->tif_dir.td_stripoffset[0] != 0
4157 && BYTECOUNTLOOKSBAD) {
4158 /*
4159 * XXX: Plexus (and others) sometimes give a value of
4160 * zero for a tag when they don't know what the
4161 * correct value is! Try and handle the simple case
4162 * of estimating the size of a one strip image.
4163 */
4164 TIFFWarningExt(tif->tif_clientdata, module,
4165 "Bogus \"StripByteCounts\" field, ignoring and calculating from imagelength");
4166 if(EstimateStripByteCounts(tif, dir, dircount) < 0)
4167 goto bad;
4168
4169 #if !defined(DEFER_STRILE_LOAD)
4170 } else if (tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG
4171 && tif->tif_dir.td_nstrips > 2
4172 && tif->tif_dir.td_compression == COMPRESSION_NONE
4173 && tif->tif_dir.td_stripbytecount[0] != tif->tif_dir.td_stripbytecount[1]
4174 && tif->tif_dir.td_stripbytecount[0] != 0
4175 && tif->tif_dir.td_stripbytecount[1] != 0 ) {
4176 /*
4177 * XXX: Some vendors fill StripByteCount array with
4178 * absolutely wrong values (it can be equal to
4179 * StripOffset array, for example). Catch this case
4180 * here.
4181 *
4182 * We avoid this check if deferring strile loading
4183 * as it would always force us to load the strip/tile
4184 * information.
4185 */
4186 TIFFWarningExt(tif->tif_clientdata, module,
4187 "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength");
4188 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
4189 goto bad;
4190 #endif /* !defined(DEFER_STRILE_LOAD) */
4191 }
4192 }
4193 if (dir)
4194 {
4195 _TIFFfree(dir);
4196 dir=NULL;
4197 }
4198 if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE))
4199 {
4200 if (tif->tif_dir.td_bitspersample>=16)
4201 tif->tif_dir.td_maxsamplevalue=0xFFFF;
4202 else
4203 tif->tif_dir.td_maxsamplevalue = (uint16)((1L<<tif->tif_dir.td_bitspersample)-1);
4204 }
4205 /*
4206 * XXX: We can optimize checking for the strip bounds using the sorted
4207 * bytecounts array. See also comments for TIFFAppendToStrip()
4208 * function in tif_write.c.
4209 */
4210 #if !defined(DEFER_STRILE_LOAD)
4211 if (tif->tif_dir.td_nstrips > 1) {
4212 uint32 strip;
4213
4214 tif->tif_dir.td_stripbytecountsorted = 1;
4215 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
4216 if (tif->tif_dir.td_stripoffset[strip - 1] >
4217 tif->tif_dir.td_stripoffset[strip]) {
4218 tif->tif_dir.td_stripbytecountsorted = 0;
4219 break;
4220 }
4221 }
4222 }
4223 #endif /* !defined(DEFER_STRILE_LOAD) */
4224
4225 /*
4226 * An opportunity for compression mode dependent tag fixup
4227 */
4228 (*tif->tif_fixuptags)(tif);
4229
4230 /*
4231 * Some manufacturers make life difficult by writing
4232 * large amounts of uncompressed data as a single strip.
4233 * This is contrary to the recommendations of the spec.
4234 * The following makes an attempt at breaking such images
4235 * into strips closer to the recommended 8k bytes. A
4236 * side effect, however, is that the RowsPerStrip tag
4237 * value may be changed.
4238 */
4239 if ((tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&&
4240 (tif->tif_dir.td_nstrips==1)&&
4241 (tif->tif_dir.td_compression==COMPRESSION_NONE)&&
4242 ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP))
4243 {
4244 if ( !_TIFFFillStriles(tif) || !tif->tif_dir.td_stripbytecount )
4245 return 0;
4246 ChopUpSingleUncompressedStrip(tif);
4247 }
4248
4249 /*
4250 * Clear the dirty directory flag.
4251 */
4252 tif->tif_flags &= ~TIFF_DIRTYDIRECT;
4253 tif->tif_flags &= ~TIFF_DIRTYSTRIP;
4254
4255 /*
4256 * Reinitialize i/o since we are starting on a new directory.
4257 */
4258 tif->tif_row = (uint32) -1;
4259 tif->tif_curstrip = (uint32) -1;
4260 tif->tif_col = (uint32) -1;
4261 tif->tif_curtile = (uint32) -1;
4262 tif->tif_tilesize = (tmsize_t) -1;
4263
4264 tif->tif_scanlinesize = TIFFScanlineSize(tif);
4265 if (!tif->tif_scanlinesize) {
4266 TIFFErrorExt(tif->tif_clientdata, module,
4267 "Cannot handle zero scanline size");
4268 return (0);
4269 }
4270
4271 if (isTiled(tif)) {
4272 tif->tif_tilesize = TIFFTileSize(tif);
4273 if (!tif->tif_tilesize) {
4274 TIFFErrorExt(tif->tif_clientdata, module,
4275 "Cannot handle zero tile size");
4276 return (0);
4277 }
4278 } else {
4279 if (!TIFFStripSize(tif)) {
4280 TIFFErrorExt(tif->tif_clientdata, module,
4281 "Cannot handle zero strip size");
4282 return (0);
4283 }
4284 }
4285 return (1);
4286 bad:
4287 if (dir)
4288 _TIFFfree(dir);
4289 return (0);
4290 }
4291
4292 static void
TIFFReadDirectoryCheckOrder(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4293 TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4294 {
4295 static const char module[] = "TIFFReadDirectoryCheckOrder";
4296 uint16 m;
4297 uint16 n;
4298 TIFFDirEntry* o;
4299 m=0;
4300 for (n=0, o=dir; n<dircount; n++, o++)
4301 {
4302 if (o->tdir_tag<m)
4303 {
4304 TIFFWarningExt(tif->tif_clientdata,module,
4305 "Invalid TIFF directory; tags are not sorted in ascending order");
4306 break;
4307 }
4308 m=o->tdir_tag+1;
4309 }
4310 }
4311
4312 static TIFFDirEntry*
TIFFReadDirectoryFindEntry(TIFF * tif,TIFFDirEntry * dir,uint16 dircount,uint16 tagid)4313 TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid)
4314 {
4315 TIFFDirEntry* m;
4316 uint16 n;
4317 (void) tif;
4318 for (m=dir, n=0; n<dircount; m++, n++)
4319 {
4320 if (m->tdir_tag==tagid)
4321 return(m);
4322 }
4323 return(0);
4324 }
4325
4326 static void
TIFFReadDirectoryFindFieldInfo(TIFF * tif,uint16 tagid,uint32 * fii)4327 TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii)
4328 {
4329 int32 ma,mb,mc;
4330 ma=-1;
4331 mc=(int32)tif->tif_nfields;
4332 while (1)
4333 {
4334 if (ma+1==mc)
4335 {
4336 *fii = FAILED_FII;
4337 return;
4338 }
4339 mb=(ma+mc)/2;
4340 if (tif->tif_fields[mb]->field_tag==(uint32)tagid)
4341 break;
4342 if (tif->tif_fields[mb]->field_tag<(uint32)tagid)
4343 ma=mb;
4344 else
4345 mc=mb;
4346 }
4347 while (1)
4348 {
4349 if (mb==0)
4350 break;
4351 if (tif->tif_fields[mb-1]->field_tag!=(uint32)tagid)
4352 break;
4353 mb--;
4354 }
4355 *fii=mb;
4356 }
4357
4358 /*
4359 * Read custom directory from the arbitrary offset.
4360 * The code is very similar to TIFFReadDirectory().
4361 */
4362 int
TIFFReadCustomDirectory(TIFF * tif,toff_t diroff,const TIFFFieldArray * infoarray)4363 TIFFReadCustomDirectory(TIFF* tif, toff_t diroff,
4364 const TIFFFieldArray* infoarray)
4365 {
4366 static const char module[] = "TIFFReadCustomDirectory";
4367 TIFFDirEntry* dir;
4368 uint16 dircount;
4369 TIFFDirEntry* dp;
4370 uint16 di;
4371 const TIFFField* fip;
4372 uint32 fii;
4373 _TIFFSetupFields(tif, infoarray);
4374 dircount=TIFFFetchDirectory(tif,diroff,&dir,NULL);
4375 if (!dircount)
4376 {
4377 TIFFErrorExt(tif->tif_clientdata,module,
4378 "Failed to read custom directory at offset " TIFF_UINT64_FORMAT,diroff);
4379 return 0;
4380 }
4381 TIFFFreeDirectory(tif);
4382 _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory));
4383 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
4384 for (di=0, dp=dir; di<dircount; di++, dp++)
4385 {
4386 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4387 if (fii == FAILED_FII)
4388 {
4389 TIFFWarningExt(tif->tif_clientdata, module,
4390 "Unknown field with tag %d (0x%x) encountered",
4391 dp->tdir_tag, dp->tdir_tag);
4392 if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif,
4393 dp->tdir_tag,
4394 (TIFFDataType) dp->tdir_type),
4395 1)) {
4396 TIFFWarningExt(tif->tif_clientdata, module,
4397 "Registering anonymous field with tag %d (0x%x) failed",
4398 dp->tdir_tag, dp->tdir_tag);
4399 dp->tdir_tag=IGNORE;
4400 } else {
4401 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4402 assert( fii != FAILED_FII );
4403 }
4404 }
4405 if (dp->tdir_tag!=IGNORE)
4406 {
4407 fip=tif->tif_fields[fii];
4408 if (fip->field_bit==FIELD_IGNORE)
4409 dp->tdir_tag=IGNORE;
4410 else
4411 {
4412 /* check data type */
4413 while ((fip->field_type!=TIFF_ANY)&&(fip->field_type!=dp->tdir_type))
4414 {
4415 fii++;
4416 if ((fii==tif->tif_nfields)||
4417 (tif->tif_fields[fii]->field_tag!=(uint32)dp->tdir_tag))
4418 {
4419 fii=0xFFFF;
4420 break;
4421 }
4422 fip=tif->tif_fields[fii];
4423 }
4424 if (fii==0xFFFF)
4425 {
4426 TIFFWarningExt(tif->tif_clientdata, module,
4427 "Wrong data type %d for \"%s\"; tag ignored",
4428 dp->tdir_type,fip->field_name);
4429 dp->tdir_tag=IGNORE;
4430 }
4431 else
4432 {
4433 /* check count if known in advance */
4434 if ((fip->field_readcount!=TIFF_VARIABLE)&&
4435 (fip->field_readcount!=TIFF_VARIABLE2))
4436 {
4437 uint32 expected;
4438 if (fip->field_readcount==TIFF_SPP)
4439 expected=(uint32)tif->tif_dir.td_samplesperpixel;
4440 else
4441 expected=(uint32)fip->field_readcount;
4442 if (!CheckDirCount(tif,dp,expected))
4443 dp->tdir_tag=IGNORE;
4444 }
4445 }
4446 }
4447 switch (dp->tdir_tag)
4448 {
4449 case IGNORE:
4450 break;
4451 case EXIFTAG_SUBJECTDISTANCE:
4452 (void) TIFFFetchSubjectDistance(tif,dp);
4453 break;
4454 default:
4455 (void) TIFFFetchNormalTag(tif, dp, TRUE);
4456 break;
4457 }
4458 }
4459 }
4460 if (dir)
4461 _TIFFfree(dir);
4462 return 1;
4463 }
4464
4465 /*
4466 * EXIF is important special case of custom IFD, so we have a special
4467 * function to read it.
4468 */
4469 int
TIFFReadEXIFDirectory(TIFF * tif,toff_t diroff)4470 TIFFReadEXIFDirectory(TIFF* tif, toff_t diroff)
4471 {
4472 const TIFFFieldArray* exifFieldArray;
4473 exifFieldArray = _TIFFGetExifFields();
4474 return TIFFReadCustomDirectory(tif, diroff, exifFieldArray);
4475 }
4476
4477 static int
EstimateStripByteCounts(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4478 EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4479 {
4480 static const char module[] = "EstimateStripByteCounts";
4481
4482 TIFFDirEntry *dp;
4483 TIFFDirectory *td = &tif->tif_dir;
4484 uint32 strip;
4485
4486 /* Do not try to load stripbytecount as we will compute it */
4487 if( !_TIFFFillStrilesInternal( tif, 0 ) )
4488 return -1;
4489
4490 if (td->td_stripbytecount)
4491 _TIFFfree(td->td_stripbytecount);
4492 td->td_stripbytecount = (uint64*)
4493 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
4494 "for \"StripByteCounts\" array");
4495 if( td->td_stripbytecount == NULL )
4496 return -1;
4497
4498 if (td->td_compression != COMPRESSION_NONE) {
4499 uint64 space;
4500 uint64 filesize;
4501 uint16 n;
4502 filesize = TIFFGetFileSize(tif);
4503 if (!(tif->tif_flags&TIFF_BIGTIFF))
4504 space=sizeof(TIFFHeaderClassic)+2+dircount*12+4;
4505 else
4506 space=sizeof(TIFFHeaderBig)+8+dircount*20+8;
4507 /* calculate amount of space used by indirect values */
4508 for (dp = dir, n = dircount; n > 0; n--, dp++)
4509 {
4510 uint32 typewidth;
4511 uint64 datasize;
4512 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4513 if (typewidth == 0) {
4514 TIFFErrorExt(tif->tif_clientdata, module,
4515 "Cannot determine size of unknown tag type %d",
4516 dp->tdir_type);
4517 return -1;
4518 }
4519 datasize=(uint64)typewidth*dp->tdir_count;
4520 if (!(tif->tif_flags&TIFF_BIGTIFF))
4521 {
4522 if (datasize<=4)
4523 datasize=0;
4524 }
4525 else
4526 {
4527 if (datasize<=8)
4528 datasize=0;
4529 }
4530 space+=datasize;
4531 }
4532 if( filesize < space )
4533 /* we should perhaps return in error ? */
4534 space = filesize;
4535 else
4536 space = filesize - space;
4537 if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
4538 space /= td->td_samplesperpixel;
4539 for (strip = 0; strip < td->td_nstrips; strip++)
4540 td->td_stripbytecount[strip] = space;
4541 /*
4542 * This gross hack handles the case were the offset to
4543 * the last strip is past the place where we think the strip
4544 * should begin. Since a strip of data must be contiguous,
4545 * it's safe to assume that we've overestimated the amount
4546 * of data in the strip and trim this number back accordingly.
4547 */
4548 strip--;
4549 if (td->td_stripoffset[strip]+td->td_stripbytecount[strip] > filesize)
4550 td->td_stripbytecount[strip] = filesize - td->td_stripoffset[strip];
4551 } else if (isTiled(tif)) {
4552 uint64 bytespertile = TIFFTileSize64(tif);
4553
4554 for (strip = 0; strip < td->td_nstrips; strip++)
4555 td->td_stripbytecount[strip] = bytespertile;
4556 } else {
4557 uint64 rowbytes = TIFFScanlineSize64(tif);
4558 uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage;
4559 for (strip = 0; strip < td->td_nstrips; strip++)
4560 td->td_stripbytecount[strip] = rowbytes * rowsperstrip;
4561 }
4562 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS);
4563 if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP))
4564 td->td_rowsperstrip = td->td_imagelength;
4565 return 1;
4566 }
4567
4568 static void
MissingRequired(TIFF * tif,const char * tagname)4569 MissingRequired(TIFF* tif, const char* tagname)
4570 {
4571 static const char module[] = "MissingRequired";
4572
4573 TIFFErrorExt(tif->tif_clientdata, module,
4574 "TIFF directory is missing required \"%s\" field",
4575 tagname);
4576 }
4577
4578 /*
4579 * Check the directory offset against the list of already seen directory
4580 * offsets. This is a trick to prevent IFD looping. The one can create TIFF
4581 * file with looped directory pointers. We will maintain a list of already
4582 * seen directories and check every IFD offset against that list.
4583 */
4584 static int
TIFFCheckDirOffset(TIFF * tif,uint64 diroff)4585 TIFFCheckDirOffset(TIFF* tif, uint64 diroff)
4586 {
4587 uint16 n;
4588
4589 if (diroff == 0) /* no more directories */
4590 return 0;
4591 if (tif->tif_dirnumber == 65535) {
4592 TIFFErrorExt(tif->tif_clientdata, "TIFFCheckDirOffset",
4593 "Cannot handle more than 65535 TIFF directories");
4594 return 0;
4595 }
4596
4597 for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) {
4598 if (tif->tif_dirlist[n] == diroff)
4599 return 0;
4600 }
4601
4602 tif->tif_dirnumber++;
4603
4604 if (tif->tif_dirlist == NULL || tif->tif_dirnumber > tif->tif_dirlistsize) {
4605 uint64* new_dirlist;
4606
4607 /*
4608 * XXX: Reduce memory allocation granularity of the dirlist
4609 * array.
4610 */
4611 new_dirlist = (uint64*)_TIFFCheckRealloc(tif, tif->tif_dirlist,
4612 tif->tif_dirnumber, 2 * sizeof(uint64), "for IFD list");
4613 if (!new_dirlist)
4614 return 0;
4615 if( tif->tif_dirnumber >= 32768 )
4616 tif->tif_dirlistsize = 65535;
4617 else
4618 tif->tif_dirlistsize = 2 * tif->tif_dirnumber;
4619 tif->tif_dirlist = new_dirlist;
4620 }
4621
4622 tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff;
4623
4624 return 1;
4625 }
4626
4627 /*
4628 * Check the count field of a directory entry against a known value. The
4629 * caller is expected to skip/ignore the tag if there is a mismatch.
4630 */
4631 static int
CheckDirCount(TIFF * tif,TIFFDirEntry * dir,uint32 count)4632 CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count)
4633 {
4634 if ((uint64)count > dir->tdir_count) {
4635 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4636 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4637 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag ignored",
4638 fip ? fip->field_name : "unknown tagname",
4639 dir->tdir_count, count);
4640 return (0);
4641 } else if ((uint64)count < dir->tdir_count) {
4642 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4643 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4644 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag trimmed",
4645 fip ? fip->field_name : "unknown tagname",
4646 dir->tdir_count, count);
4647 dir->tdir_count = count;
4648 return (1);
4649 }
4650 return (1);
4651 }
4652
4653 /*
4654 * Read IFD structure from the specified offset. If the pointer to
4655 * nextdiroff variable has been specified, read it too. Function returns a
4656 * number of fields in the directory or 0 if failed.
4657 */
4658 static uint16
TIFFFetchDirectory(TIFF * tif,uint64 diroff,TIFFDirEntry ** pdir,uint64 * nextdiroff)4659 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
4660 uint64 *nextdiroff)
4661 {
4662 static const char module[] = "TIFFFetchDirectory";
4663
4664 void* origdir;
4665 uint16 dircount16;
4666 uint32 dirsize;
4667 TIFFDirEntry* dir;
4668 uint8* ma;
4669 TIFFDirEntry* mb;
4670 uint16 n;
4671
4672 assert(pdir);
4673
4674 tif->tif_diroff = diroff;
4675 if (nextdiroff)
4676 *nextdiroff = 0;
4677 if (!isMapped(tif)) {
4678 if (!SeekOK(tif, tif->tif_diroff)) {
4679 TIFFErrorExt(tif->tif_clientdata, module,
4680 "%s: Seek error accessing TIFF directory",
4681 tif->tif_name);
4682 return 0;
4683 }
4684 if (!(tif->tif_flags&TIFF_BIGTIFF))
4685 {
4686 if (!ReadOK(tif, &dircount16, sizeof (uint16))) {
4687 TIFFErrorExt(tif->tif_clientdata, module,
4688 "%s: Can not read TIFF directory count",
4689 tif->tif_name);
4690 return 0;
4691 }
4692 if (tif->tif_flags & TIFF_SWAB)
4693 TIFFSwabShort(&dircount16);
4694 if (dircount16>4096)
4695 {
4696 TIFFErrorExt(tif->tif_clientdata, module,
4697 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4698 return 0;
4699 }
4700 dirsize = 12;
4701 } else {
4702 uint64 dircount64;
4703 if (!ReadOK(tif, &dircount64, sizeof (uint64))) {
4704 TIFFErrorExt(tif->tif_clientdata, module,
4705 "%s: Can not read TIFF directory count",
4706 tif->tif_name);
4707 return 0;
4708 }
4709 if (tif->tif_flags & TIFF_SWAB)
4710 TIFFSwabLong8(&dircount64);
4711 if (dircount64>4096)
4712 {
4713 TIFFErrorExt(tif->tif_clientdata, module,
4714 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4715 return 0;
4716 }
4717 dircount16 = (uint16)dircount64;
4718 dirsize = 20;
4719 }
4720 origdir = _TIFFCheckMalloc(tif, dircount16,
4721 dirsize, "to read TIFF directory");
4722 if (origdir == NULL)
4723 return 0;
4724 if (!ReadOK(tif, origdir, (tmsize_t)(dircount16*dirsize))) {
4725 TIFFErrorExt(tif->tif_clientdata, module,
4726 "%.100s: Can not read TIFF directory",
4727 tif->tif_name);
4728 _TIFFfree(origdir);
4729 return 0;
4730 }
4731 /*
4732 * Read offset to next directory for sequential scans if
4733 * needed.
4734 */
4735 if (nextdiroff)
4736 {
4737 if (!(tif->tif_flags&TIFF_BIGTIFF))
4738 {
4739 uint32 nextdiroff32;
4740 if (!ReadOK(tif, &nextdiroff32, sizeof(uint32)))
4741 nextdiroff32 = 0;
4742 if (tif->tif_flags&TIFF_SWAB)
4743 TIFFSwabLong(&nextdiroff32);
4744 *nextdiroff=nextdiroff32;
4745 } else {
4746 if (!ReadOK(tif, nextdiroff, sizeof(uint64)))
4747 *nextdiroff = 0;
4748 if (tif->tif_flags&TIFF_SWAB)
4749 TIFFSwabLong8(nextdiroff);
4750 }
4751 }
4752 } else {
4753 tmsize_t m;
4754 tmsize_t off = (tmsize_t) tif->tif_diroff;
4755 if ((uint64)off!=tif->tif_diroff)
4756 {
4757 TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count");
4758 return(0);
4759 }
4760
4761 /*
4762 * Check for integer overflow when validating the dir_off,
4763 * otherwise a very high offset may cause an OOB read and
4764 * crash the client. Make two comparisons instead of
4765 *
4766 * off + sizeof(uint16) > tif->tif_size
4767 *
4768 * to avoid overflow.
4769 */
4770 if (!(tif->tif_flags&TIFF_BIGTIFF))
4771 {
4772 m=off+sizeof(uint16);
4773 if ((m<off)||(m<(tmsize_t)sizeof(uint16))||(m>tif->tif_size)) {
4774 TIFFErrorExt(tif->tif_clientdata, module,
4775 "Can not read TIFF directory count");
4776 return 0;
4777 } else {
4778 _TIFFmemcpy(&dircount16, tif->tif_base + off,
4779 sizeof(uint16));
4780 }
4781 off += sizeof (uint16);
4782 if (tif->tif_flags & TIFF_SWAB)
4783 TIFFSwabShort(&dircount16);
4784 if (dircount16>4096)
4785 {
4786 TIFFErrorExt(tif->tif_clientdata, module,
4787 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4788 return 0;
4789 }
4790 dirsize = 12;
4791 }
4792 else
4793 {
4794 uint64 dircount64;
4795 m=off+sizeof(uint64);
4796 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size)) {
4797 TIFFErrorExt(tif->tif_clientdata, module,
4798 "Can not read TIFF directory count");
4799 return 0;
4800 } else {
4801 _TIFFmemcpy(&dircount64, tif->tif_base + off,
4802 sizeof(uint64));
4803 }
4804 off += sizeof (uint64);
4805 if (tif->tif_flags & TIFF_SWAB)
4806 TIFFSwabLong8(&dircount64);
4807 if (dircount64>4096)
4808 {
4809 TIFFErrorExt(tif->tif_clientdata, module,
4810 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4811 return 0;
4812 }
4813 dircount16 = (uint16)dircount64;
4814 dirsize = 20;
4815 }
4816 if (dircount16 == 0 )
4817 {
4818 TIFFErrorExt(tif->tif_clientdata, module,
4819 "Sanity check on directory count failed, zero tag directories not supported");
4820 return 0;
4821 }
4822 origdir = _TIFFCheckMalloc(tif, dircount16,
4823 dirsize,
4824 "to read TIFF directory");
4825 if (origdir == NULL)
4826 return 0;
4827 m=off+dircount16*dirsize;
4828 if ((m<off)||(m<(tmsize_t)(dircount16*dirsize))||(m>tif->tif_size)) {
4829 TIFFErrorExt(tif->tif_clientdata, module,
4830 "Can not read TIFF directory");
4831 _TIFFfree(origdir);
4832 return 0;
4833 } else {
4834 _TIFFmemcpy(origdir, tif->tif_base + off,
4835 dircount16 * dirsize);
4836 }
4837 if (nextdiroff) {
4838 off += dircount16 * dirsize;
4839 if (!(tif->tif_flags&TIFF_BIGTIFF))
4840 {
4841 uint32 nextdiroff32;
4842 m=off+sizeof(uint32);
4843 if ((m<off)||(m<(tmsize_t)sizeof(uint32))||(m>tif->tif_size))
4844 nextdiroff32 = 0;
4845 else
4846 _TIFFmemcpy(&nextdiroff32, tif->tif_base + off,
4847 sizeof (uint32));
4848 if (tif->tif_flags&TIFF_SWAB)
4849 TIFFSwabLong(&nextdiroff32);
4850 *nextdiroff = nextdiroff32;
4851 }
4852 else
4853 {
4854 m=off+sizeof(uint64);
4855 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size))
4856 *nextdiroff = 0;
4857 else
4858 _TIFFmemcpy(nextdiroff, tif->tif_base + off,
4859 sizeof (uint64));
4860 if (tif->tif_flags&TIFF_SWAB)
4861 TIFFSwabLong8(nextdiroff);
4862 }
4863 }
4864 }
4865 dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16,
4866 sizeof(TIFFDirEntry),
4867 "to read TIFF directory");
4868 if (dir==0)
4869 {
4870 _TIFFfree(origdir);
4871 return 0;
4872 }
4873 ma=(uint8*)origdir;
4874 mb=dir;
4875 for (n=0; n<dircount16; n++)
4876 {
4877 if (tif->tif_flags&TIFF_SWAB)
4878 TIFFSwabShort((uint16*)ma);
4879 mb->tdir_tag=*(uint16*)ma;
4880 ma+=sizeof(uint16);
4881 if (tif->tif_flags&TIFF_SWAB)
4882 TIFFSwabShort((uint16*)ma);
4883 mb->tdir_type=*(uint16*)ma;
4884 ma+=sizeof(uint16);
4885 if (!(tif->tif_flags&TIFF_BIGTIFF))
4886 {
4887 if (tif->tif_flags&TIFF_SWAB)
4888 TIFFSwabLong((uint32*)ma);
4889 mb->tdir_count=(uint64)(*(uint32*)ma);
4890 ma+=sizeof(uint32);
4891 *(uint32*)(&mb->tdir_offset)=*(uint32*)ma;
4892 ma+=sizeof(uint32);
4893 }
4894 else
4895 {
4896 if (tif->tif_flags&TIFF_SWAB)
4897 TIFFSwabLong8((uint64*)ma);
4898 mb->tdir_count=TIFFReadUInt64(ma);
4899 ma+=sizeof(uint64);
4900 mb->tdir_offset.toff_long8=TIFFReadUInt64(ma);
4901 ma+=sizeof(uint64);
4902 }
4903 mb++;
4904 }
4905 _TIFFfree(origdir);
4906 *pdir = dir;
4907 return dircount16;
4908 }
4909
4910 /*
4911 * Fetch a tag that is not handled by special case code.
4912 */
4913 static int
TIFFFetchNormalTag(TIFF * tif,TIFFDirEntry * dp,int recover)4914 TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
4915 {
4916 static const char module[] = "TIFFFetchNormalTag";
4917 enum TIFFReadDirEntryErr err;
4918 uint32 fii;
4919 const TIFFField* fip = NULL;
4920 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4921 if( fii == FAILED_FII )
4922 {
4923 TIFFErrorExt(tif->tif_clientdata, "TIFFFetchNormalTag",
4924 "No definition found for tag %d",
4925 dp->tdir_tag);
4926 return 0;
4927 }
4928 fip=tif->tif_fields[fii];
4929 assert(fip != NULL); /* should not happen */
4930 assert(fip->set_field_type!=TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with this in specialized code */
4931 assert(fip->set_field_type!=TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only the case for pseudo-tags */
4932 err=TIFFReadDirEntryErrOk;
4933 switch (fip->set_field_type)
4934 {
4935 case TIFF_SETGET_UNDEFINED:
4936 break;
4937 case TIFF_SETGET_ASCII:
4938 {
4939 uint8* data;
4940 assert(fip->field_passcount==0);
4941 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4942 if (err==TIFFReadDirEntryErrOk)
4943 {
4944 uint32 mb = 0;
4945 int n;
4946 if (data != NULL)
4947 {
4948 uint8* ma = data;
4949 while (mb<(uint32)dp->tdir_count)
4950 {
4951 if (*ma==0)
4952 break;
4953 ma++;
4954 mb++;
4955 }
4956 }
4957 if (mb+1<(uint32)dp->tdir_count)
4958 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" contains null byte in value; value incorrectly truncated during reading due to implementation limitations",fip->field_name);
4959 else if (mb+1>(uint32)dp->tdir_count)
4960 {
4961 uint8* o;
4962 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte",fip->field_name);
4963 if ((uint32)dp->tdir_count+1!=dp->tdir_count+1)
4964 o=NULL;
4965 else
4966 o=_TIFFmalloc((uint32)dp->tdir_count+1);
4967 if (o==NULL)
4968 {
4969 if (data!=NULL)
4970 _TIFFfree(data);
4971 return(0);
4972 }
4973 _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
4974 o[(uint32)dp->tdir_count]=0;
4975 if (data!=0)
4976 _TIFFfree(data);
4977 data=o;
4978 }
4979 n=TIFFSetField(tif,dp->tdir_tag,data);
4980 if (data!=0)
4981 _TIFFfree(data);
4982 if (!n)
4983 return(0);
4984 }
4985 }
4986 break;
4987 case TIFF_SETGET_UINT8:
4988 {
4989 uint8 data=0;
4990 assert(fip->field_readcount==1);
4991 assert(fip->field_passcount==0);
4992 err=TIFFReadDirEntryByte(tif,dp,&data);
4993 if (err==TIFFReadDirEntryErrOk)
4994 {
4995 if (!TIFFSetField(tif,dp->tdir_tag,data))
4996 return(0);
4997 }
4998 }
4999 break;
5000 case TIFF_SETGET_UINT16:
5001 {
5002 uint16 data;
5003 assert(fip->field_readcount==1);
5004 assert(fip->field_passcount==0);
5005 err=TIFFReadDirEntryShort(tif,dp,&data);
5006 if (err==TIFFReadDirEntryErrOk)
5007 {
5008 if (!TIFFSetField(tif,dp->tdir_tag,data))
5009 return(0);
5010 }
5011 }
5012 break;
5013 case TIFF_SETGET_UINT32:
5014 {
5015 uint32 data;
5016 assert(fip->field_readcount==1);
5017 assert(fip->field_passcount==0);
5018 err=TIFFReadDirEntryLong(tif,dp,&data);
5019 if (err==TIFFReadDirEntryErrOk)
5020 {
5021 if (!TIFFSetField(tif,dp->tdir_tag,data))
5022 return(0);
5023 }
5024 }
5025 break;
5026 case TIFF_SETGET_UINT64:
5027 {
5028 uint64 data;
5029 assert(fip->field_readcount==1);
5030 assert(fip->field_passcount==0);
5031 err=TIFFReadDirEntryLong8(tif,dp,&data);
5032 if (err==TIFFReadDirEntryErrOk)
5033 {
5034 if (!TIFFSetField(tif,dp->tdir_tag,data))
5035 return(0);
5036 }
5037 }
5038 break;
5039 case TIFF_SETGET_FLOAT:
5040 {
5041 float data;
5042 assert(fip->field_readcount==1);
5043 assert(fip->field_passcount==0);
5044 err=TIFFReadDirEntryFloat(tif,dp,&data);
5045 if (err==TIFFReadDirEntryErrOk)
5046 {
5047 if (!TIFFSetField(tif,dp->tdir_tag,data))
5048 return(0);
5049 }
5050 }
5051 break;
5052 case TIFF_SETGET_DOUBLE:
5053 {
5054 double data;
5055 assert(fip->field_readcount==1);
5056 assert(fip->field_passcount==0);
5057 err=TIFFReadDirEntryDouble(tif,dp,&data);
5058 if (err==TIFFReadDirEntryErrOk)
5059 {
5060 if (!TIFFSetField(tif,dp->tdir_tag,data))
5061 return(0);
5062 }
5063 }
5064 break;
5065 case TIFF_SETGET_IFD8:
5066 {
5067 uint64 data;
5068 assert(fip->field_readcount==1);
5069 assert(fip->field_passcount==0);
5070 err=TIFFReadDirEntryIfd8(tif,dp,&data);
5071 if (err==TIFFReadDirEntryErrOk)
5072 {
5073 if (!TIFFSetField(tif,dp->tdir_tag,data))
5074 return(0);
5075 }
5076 }
5077 break;
5078 case TIFF_SETGET_UINT16_PAIR:
5079 {
5080 uint16* data;
5081 assert(fip->field_readcount==2);
5082 assert(fip->field_passcount==0);
5083 if (dp->tdir_count!=2) {
5084 TIFFWarningExt(tif->tif_clientdata,module,
5085 "incorrect count for field \"%s\", expected 2, got %d",
5086 fip->field_name,(int)dp->tdir_count);
5087 return(0);
5088 }
5089 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5090 if (err==TIFFReadDirEntryErrOk)
5091 {
5092 int m;
5093 m=TIFFSetField(tif,dp->tdir_tag,data[0],data[1]);
5094 _TIFFfree(data);
5095 if (!m)
5096 return(0);
5097 }
5098 }
5099 break;
5100 case TIFF_SETGET_C0_UINT8:
5101 {
5102 uint8* data;
5103 assert(fip->field_readcount>=1);
5104 assert(fip->field_passcount==0);
5105 if (dp->tdir_count!=(uint64)fip->field_readcount) {
5106 TIFFWarningExt(tif->tif_clientdata,module,
5107 "incorrect count for field \"%s\", expected %d, got %d",
5108 fip->field_name,(int) fip->field_readcount, (int)dp->tdir_count);
5109 return 0;
5110 }
5111 else
5112 {
5113 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5114 if (err==TIFFReadDirEntryErrOk)
5115 {
5116 int m;
5117 m=TIFFSetField(tif,dp->tdir_tag,data);
5118 if (data!=0)
5119 _TIFFfree(data);
5120 if (!m)
5121 return(0);
5122 }
5123 }
5124 }
5125 break;
5126 case TIFF_SETGET_C0_UINT16:
5127 {
5128 uint16* data;
5129 assert(fip->field_readcount>=1);
5130 assert(fip->field_passcount==0);
5131 if (dp->tdir_count!=(uint64)fip->field_readcount)
5132 /* corrupt file */;
5133 else
5134 {
5135 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5136 if (err==TIFFReadDirEntryErrOk)
5137 {
5138 int m;
5139 m=TIFFSetField(tif,dp->tdir_tag,data);
5140 if (data!=0)
5141 _TIFFfree(data);
5142 if (!m)
5143 return(0);
5144 }
5145 }
5146 }
5147 break;
5148 case TIFF_SETGET_C0_UINT32:
5149 {
5150 uint32* data;
5151 assert(fip->field_readcount>=1);
5152 assert(fip->field_passcount==0);
5153 if (dp->tdir_count!=(uint64)fip->field_readcount)
5154 /* corrupt file */;
5155 else
5156 {
5157 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5158 if (err==TIFFReadDirEntryErrOk)
5159 {
5160 int m;
5161 m=TIFFSetField(tif,dp->tdir_tag,data);
5162 if (data!=0)
5163 _TIFFfree(data);
5164 if (!m)
5165 return(0);
5166 }
5167 }
5168 }
5169 break;
5170 case TIFF_SETGET_C0_FLOAT:
5171 {
5172 float* data;
5173 assert(fip->field_readcount>=1);
5174 assert(fip->field_passcount==0);
5175 if (dp->tdir_count!=(uint64)fip->field_readcount)
5176 /* corrupt file */;
5177 else
5178 {
5179 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5180 if (err==TIFFReadDirEntryErrOk)
5181 {
5182 int m;
5183 m=TIFFSetField(tif,dp->tdir_tag,data);
5184 if (data!=0)
5185 _TIFFfree(data);
5186 if (!m)
5187 return(0);
5188 }
5189 }
5190 }
5191 break;
5192 case TIFF_SETGET_C16_ASCII:
5193 {
5194 uint8* data;
5195 assert(fip->field_readcount==TIFF_VARIABLE);
5196 assert(fip->field_passcount==1);
5197 if (dp->tdir_count>0xFFFF)
5198 err=TIFFReadDirEntryErrCount;
5199 else
5200 {
5201 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5202 if (err==TIFFReadDirEntryErrOk)
5203 {
5204 int m;
5205 if( data != 0 && dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' )
5206 {
5207 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name);
5208 data[dp->tdir_count-1] = '\0';
5209 }
5210 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5211 if (data!=0)
5212 _TIFFfree(data);
5213 if (!m)
5214 return(0);
5215 }
5216 }
5217 }
5218 break;
5219 case TIFF_SETGET_C16_UINT8:
5220 {
5221 uint8* data;
5222 assert(fip->field_readcount==TIFF_VARIABLE);
5223 assert(fip->field_passcount==1);
5224 if (dp->tdir_count>0xFFFF)
5225 err=TIFFReadDirEntryErrCount;
5226 else
5227 {
5228 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5229 if (err==TIFFReadDirEntryErrOk)
5230 {
5231 int m;
5232 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5233 if (data!=0)
5234 _TIFFfree(data);
5235 if (!m)
5236 return(0);
5237 }
5238 }
5239 }
5240 break;
5241 case TIFF_SETGET_C16_UINT16:
5242 {
5243 uint16* data;
5244 assert(fip->field_readcount==TIFF_VARIABLE);
5245 assert(fip->field_passcount==1);
5246 if (dp->tdir_count>0xFFFF)
5247 err=TIFFReadDirEntryErrCount;
5248 else
5249 {
5250 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5251 if (err==TIFFReadDirEntryErrOk)
5252 {
5253 int m;
5254 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5255 if (data!=0)
5256 _TIFFfree(data);
5257 if (!m)
5258 return(0);
5259 }
5260 }
5261 }
5262 break;
5263 case TIFF_SETGET_C16_UINT32:
5264 {
5265 uint32* data;
5266 assert(fip->field_readcount==TIFF_VARIABLE);
5267 assert(fip->field_passcount==1);
5268 if (dp->tdir_count>0xFFFF)
5269 err=TIFFReadDirEntryErrCount;
5270 else
5271 {
5272 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5273 if (err==TIFFReadDirEntryErrOk)
5274 {
5275 int m;
5276 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5277 if (data!=0)
5278 _TIFFfree(data);
5279 if (!m)
5280 return(0);
5281 }
5282 }
5283 }
5284 break;
5285 case TIFF_SETGET_C16_UINT64:
5286 {
5287 uint64* data;
5288 assert(fip->field_readcount==TIFF_VARIABLE);
5289 assert(fip->field_passcount==1);
5290 if (dp->tdir_count>0xFFFF)
5291 err=TIFFReadDirEntryErrCount;
5292 else
5293 {
5294 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5295 if (err==TIFFReadDirEntryErrOk)
5296 {
5297 int m;
5298 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5299 if (data!=0)
5300 _TIFFfree(data);
5301 if (!m)
5302 return(0);
5303 }
5304 }
5305 }
5306 break;
5307 case TIFF_SETGET_C16_FLOAT:
5308 {
5309 float* data;
5310 assert(fip->field_readcount==TIFF_VARIABLE);
5311 assert(fip->field_passcount==1);
5312 if (dp->tdir_count>0xFFFF)
5313 err=TIFFReadDirEntryErrCount;
5314 else
5315 {
5316 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5317 if (err==TIFFReadDirEntryErrOk)
5318 {
5319 int m;
5320 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5321 if (data!=0)
5322 _TIFFfree(data);
5323 if (!m)
5324 return(0);
5325 }
5326 }
5327 }
5328 break;
5329 case TIFF_SETGET_C16_DOUBLE:
5330 {
5331 double* data;
5332 assert(fip->field_readcount==TIFF_VARIABLE);
5333 assert(fip->field_passcount==1);
5334 if (dp->tdir_count>0xFFFF)
5335 err=TIFFReadDirEntryErrCount;
5336 else
5337 {
5338 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5339 if (err==TIFFReadDirEntryErrOk)
5340 {
5341 int m;
5342 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5343 if (data!=0)
5344 _TIFFfree(data);
5345 if (!m)
5346 return(0);
5347 }
5348 }
5349 }
5350 break;
5351 case TIFF_SETGET_C16_IFD8:
5352 {
5353 uint64* data;
5354 assert(fip->field_readcount==TIFF_VARIABLE);
5355 assert(fip->field_passcount==1);
5356 if (dp->tdir_count>0xFFFF)
5357 err=TIFFReadDirEntryErrCount;
5358 else
5359 {
5360 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5361 if (err==TIFFReadDirEntryErrOk)
5362 {
5363 int m;
5364 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5365 if (data!=0)
5366 _TIFFfree(data);
5367 if (!m)
5368 return(0);
5369 }
5370 }
5371 }
5372 break;
5373 case TIFF_SETGET_C32_ASCII:
5374 {
5375 uint8* data;
5376 assert(fip->field_readcount==TIFF_VARIABLE2);
5377 assert(fip->field_passcount==1);
5378 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5379 if (err==TIFFReadDirEntryErrOk)
5380 {
5381 int m;
5382 if( data != 0 && dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' )
5383 {
5384 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name);
5385 data[dp->tdir_count-1] = '\0';
5386 }
5387 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5388 if (data!=0)
5389 _TIFFfree(data);
5390 if (!m)
5391 return(0);
5392 }
5393 }
5394 break;
5395 case TIFF_SETGET_C32_UINT8:
5396 {
5397 uint8* data;
5398 assert(fip->field_readcount==TIFF_VARIABLE2);
5399 assert(fip->field_passcount==1);
5400 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5401 if (err==TIFFReadDirEntryErrOk)
5402 {
5403 int m;
5404 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5405 if (data!=0)
5406 _TIFFfree(data);
5407 if (!m)
5408 return(0);
5409 }
5410 }
5411 break;
5412 case TIFF_SETGET_C32_SINT8:
5413 {
5414 int8* data = NULL;
5415 assert(fip->field_readcount==TIFF_VARIABLE2);
5416 assert(fip->field_passcount==1);
5417 err=TIFFReadDirEntrySbyteArray(tif,dp,&data);
5418 if (err==TIFFReadDirEntryErrOk)
5419 {
5420 int m;
5421 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5422 if (data!=0)
5423 _TIFFfree(data);
5424 if (!m)
5425 return(0);
5426 }
5427 }
5428 break;
5429 case TIFF_SETGET_C32_UINT16:
5430 {
5431 uint16* data;
5432 assert(fip->field_readcount==TIFF_VARIABLE2);
5433 assert(fip->field_passcount==1);
5434 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5435 if (err==TIFFReadDirEntryErrOk)
5436 {
5437 int m;
5438 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5439 if (data!=0)
5440 _TIFFfree(data);
5441 if (!m)
5442 return(0);
5443 }
5444 }
5445 break;
5446 case TIFF_SETGET_C32_SINT16:
5447 {
5448 int16* data = NULL;
5449 assert(fip->field_readcount==TIFF_VARIABLE2);
5450 assert(fip->field_passcount==1);
5451 err=TIFFReadDirEntrySshortArray(tif,dp,&data);
5452 if (err==TIFFReadDirEntryErrOk)
5453 {
5454 int m;
5455 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5456 if (data!=0)
5457 _TIFFfree(data);
5458 if (!m)
5459 return(0);
5460 }
5461 }
5462 break;
5463 case TIFF_SETGET_C32_UINT32:
5464 {
5465 uint32* data;
5466 assert(fip->field_readcount==TIFF_VARIABLE2);
5467 assert(fip->field_passcount==1);
5468 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5469 if (err==TIFFReadDirEntryErrOk)
5470 {
5471 int m;
5472 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5473 if (data!=0)
5474 _TIFFfree(data);
5475 if (!m)
5476 return(0);
5477 }
5478 }
5479 break;
5480 case TIFF_SETGET_C32_SINT32:
5481 {
5482 int32* data = NULL;
5483 assert(fip->field_readcount==TIFF_VARIABLE2);
5484 assert(fip->field_passcount==1);
5485 err=TIFFReadDirEntrySlongArray(tif,dp,&data);
5486 if (err==TIFFReadDirEntryErrOk)
5487 {
5488 int m;
5489 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5490 if (data!=0)
5491 _TIFFfree(data);
5492 if (!m)
5493 return(0);
5494 }
5495 }
5496 break;
5497 case TIFF_SETGET_C32_UINT64:
5498 {
5499 uint64* data;
5500 assert(fip->field_readcount==TIFF_VARIABLE2);
5501 assert(fip->field_passcount==1);
5502 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5503 if (err==TIFFReadDirEntryErrOk)
5504 {
5505 int m;
5506 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5507 if (data!=0)
5508 _TIFFfree(data);
5509 if (!m)
5510 return(0);
5511 }
5512 }
5513 break;
5514 case TIFF_SETGET_C32_SINT64:
5515 {
5516 int64* data = NULL;
5517 assert(fip->field_readcount==TIFF_VARIABLE2);
5518 assert(fip->field_passcount==1);
5519 err=TIFFReadDirEntrySlong8Array(tif,dp,&data);
5520 if (err==TIFFReadDirEntryErrOk)
5521 {
5522 int m;
5523 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5524 if (data!=0)
5525 _TIFFfree(data);
5526 if (!m)
5527 return(0);
5528 }
5529 }
5530 break;
5531 case TIFF_SETGET_C32_FLOAT:
5532 {
5533 float* data;
5534 assert(fip->field_readcount==TIFF_VARIABLE2);
5535 assert(fip->field_passcount==1);
5536 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5537 if (err==TIFFReadDirEntryErrOk)
5538 {
5539 int m;
5540 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5541 if (data!=0)
5542 _TIFFfree(data);
5543 if (!m)
5544 return(0);
5545 }
5546 }
5547 break;
5548 case TIFF_SETGET_C32_DOUBLE:
5549 {
5550 double* data;
5551 assert(fip->field_readcount==TIFF_VARIABLE2);
5552 assert(fip->field_passcount==1);
5553 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5554 if (err==TIFFReadDirEntryErrOk)
5555 {
5556 int m;
5557 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5558 if (data!=0)
5559 _TIFFfree(data);
5560 if (!m)
5561 return(0);
5562 }
5563 }
5564 break;
5565 case TIFF_SETGET_C32_IFD8:
5566 {
5567 uint64* data;
5568 assert(fip->field_readcount==TIFF_VARIABLE2);
5569 assert(fip->field_passcount==1);
5570 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5571 if (err==TIFFReadDirEntryErrOk)
5572 {
5573 int m;
5574 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5575 if (data!=0)
5576 _TIFFfree(data);
5577 if (!m)
5578 return(0);
5579 }
5580 }
5581 break;
5582 default:
5583 assert(0); /* we should never get here */
5584 break;
5585 }
5586 if (err!=TIFFReadDirEntryErrOk)
5587 {
5588 TIFFReadDirEntryOutputErr(tif,err,module,fip->field_name,recover);
5589 return(0);
5590 }
5591 return(1);
5592 }
5593
5594 /*
5595 * Fetch a set of offsets or lengths.
5596 * While this routine says "strips", in fact it's also used for tiles.
5597 */
5598 static int
TIFFFetchStripThing(TIFF * tif,TIFFDirEntry * dir,uint32 nstrips,uint64 ** lpp)5599 TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
5600 {
5601 static const char module[] = "TIFFFetchStripThing";
5602 enum TIFFReadDirEntryErr err;
5603 uint64* data;
5604 err=TIFFReadDirEntryLong8ArrayWithLimit(tif,dir,&data,nstrips);
5605 if (err!=TIFFReadDirEntryErrOk)
5606 {
5607 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5608 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
5609 return(0);
5610 }
5611 if (dir->tdir_count<(uint64)nstrips)
5612 {
5613 uint64* resizeddata;
5614 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5615 const char* pszMax = getenv("LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT");
5616 uint32 max_nstrips = 1000000;
5617 if( pszMax )
5618 max_nstrips = (uint32) atoi(pszMax);
5619 TIFFReadDirEntryOutputErr(tif,TIFFReadDirEntryErrCount,
5620 module,
5621 fip ? fip->field_name : "unknown tagname",
5622 ( nstrips <= max_nstrips ) );
5623
5624 if( nstrips > max_nstrips )
5625 {
5626 _TIFFfree(data);
5627 return(0);
5628 }
5629
5630 resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array");
5631 if (resizeddata==0) {
5632 _TIFFfree(data);
5633 return(0);
5634 }
5635 _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
5636 _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
5637 _TIFFfree(data);
5638 data=resizeddata;
5639 }
5640 *lpp=data;
5641 return(1);
5642 }
5643
5644 /*
5645 * Fetch and set the SubjectDistance EXIF tag.
5646 */
5647 static int
TIFFFetchSubjectDistance(TIFF * tif,TIFFDirEntry * dir)5648 TIFFFetchSubjectDistance(TIFF* tif, TIFFDirEntry* dir)
5649 {
5650 static const char module[] = "TIFFFetchSubjectDistance";
5651 enum TIFFReadDirEntryErr err;
5652 UInt64Aligned_t m;
5653 m.l=0;
5654 assert(sizeof(double)==8);
5655 assert(sizeof(uint64)==8);
5656 assert(sizeof(uint32)==4);
5657 if (dir->tdir_count!=1)
5658 err=TIFFReadDirEntryErrCount;
5659 else if (dir->tdir_type!=TIFF_RATIONAL)
5660 err=TIFFReadDirEntryErrType;
5661 else
5662 {
5663 if (!(tif->tif_flags&TIFF_BIGTIFF))
5664 {
5665 uint32 offset;
5666 offset=*(uint32*)(&dir->tdir_offset);
5667 if (tif->tif_flags&TIFF_SWAB)
5668 TIFFSwabLong(&offset);
5669 err=TIFFReadDirEntryData(tif,offset,8,m.i);
5670 }
5671 else
5672 {
5673 m.l=dir->tdir_offset.toff_long8;
5674 err=TIFFReadDirEntryErrOk;
5675 }
5676 }
5677 if (err==TIFFReadDirEntryErrOk)
5678 {
5679 double n;
5680 if (tif->tif_flags&TIFF_SWAB)
5681 TIFFSwabArrayOfLong(m.i,2);
5682 if (m.i[0]==0)
5683 n=0.0;
5684 else if (m.i[0]==0xFFFFFFFF)
5685 /*
5686 * XXX: Numerator 0xFFFFFFFF means that we have infinite
5687 * distance. Indicate that with a negative floating point
5688 * SubjectDistance value.
5689 */
5690 n=-1.0;
5691 else
5692 n=(double)m.i[0]/(double)m.i[1];
5693 return(TIFFSetField(tif,dir->tdir_tag,n));
5694 }
5695 else
5696 {
5697 TIFFReadDirEntryOutputErr(tif,err,module,"SubjectDistance",TRUE);
5698 return(0);
5699 }
5700 }
5701
5702 /*
5703 * Replace a single strip (tile) of uncompressed data by multiple strips
5704 * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for
5705 * dealing with large images or for dealing with machines with a limited
5706 * amount memory.
5707 */
5708 static void
ChopUpSingleUncompressedStrip(TIFF * tif)5709 ChopUpSingleUncompressedStrip(TIFF* tif)
5710 {
5711 register TIFFDirectory *td = &tif->tif_dir;
5712 uint64 bytecount;
5713 uint64 offset;
5714 uint32 rowblock;
5715 uint64 rowblockbytes;
5716 uint64 stripbytes;
5717 uint32 strip;
5718 uint32 nstrips;
5719 uint32 rowsperstrip;
5720 uint64* newcounts;
5721 uint64* newoffsets;
5722
5723 bytecount = td->td_stripbytecount[0];
5724 /* On a newly created file, just re-opened to be filled, we */
5725 /* don't want strip chop to trigger as it is going to cause issues */
5726 /* later ( StripOffsets and StripByteCounts improperly filled) . */
5727 if( bytecount == 0 && tif->tif_mode != O_RDONLY )
5728 return;
5729 offset = td->td_stripoffset[0];
5730 assert(td->td_planarconfig == PLANARCONFIG_CONTIG);
5731 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&&
5732 (!isUpSampled(tif)))
5733 rowblock = td->td_ycbcrsubsampling[1];
5734 else
5735 rowblock = 1;
5736 rowblockbytes = TIFFVTileSize64(tif, rowblock);
5737 /*
5738 * Make the rows hold at least one scanline, but fill specified amount
5739 * of data if possible.
5740 */
5741 if (rowblockbytes > STRIP_SIZE_DEFAULT) {
5742 stripbytes = rowblockbytes;
5743 rowsperstrip = rowblock;
5744 } else if (rowblockbytes > 0 ) {
5745 uint32 rowblocksperstrip;
5746 rowblocksperstrip = (uint32) (STRIP_SIZE_DEFAULT / rowblockbytes);
5747 rowsperstrip = rowblocksperstrip * rowblock;
5748 stripbytes = rowblocksperstrip * rowblockbytes;
5749 }
5750 else
5751 return;
5752
5753 /*
5754 * never increase the number of rows per strip
5755 */
5756 if (rowsperstrip >= td->td_rowsperstrip)
5757 return;
5758 nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
5759 if( nstrips == 0 )
5760 return;
5761
5762 /* If we are going to allocate a lot of memory, make sure that the */
5763 /* file is as big as needed */
5764 if( tif->tif_mode == O_RDONLY &&
5765 nstrips > 1000000 &&
5766 (offset >= TIFFGetFileSize(tif) ||
5767 stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
5768 {
5769 return;
5770 }
5771
5772 newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
5773 "for chopped \"StripByteCounts\" array");
5774 newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
5775 "for chopped \"StripOffsets\" array");
5776 if (newcounts == NULL || newoffsets == NULL) {
5777 /*
5778 * Unable to allocate new strip information, give up and use
5779 * the original one strip information.
5780 */
5781 if (newcounts != NULL)
5782 _TIFFfree(newcounts);
5783 if (newoffsets != NULL)
5784 _TIFFfree(newoffsets);
5785 return;
5786 }
5787 /*
5788 * Fill the strip information arrays with new bytecounts and offsets
5789 * that reflect the broken-up format.
5790 */
5791 for (strip = 0; strip < nstrips; strip++) {
5792 if (stripbytes > bytecount)
5793 stripbytes = bytecount;
5794 newcounts[strip] = stripbytes;
5795 newoffsets[strip] = stripbytes ? offset : 0;
5796 offset += stripbytes;
5797 bytecount -= stripbytes;
5798 }
5799 /*
5800 * Replace old single strip info with multi-strip info.
5801 */
5802 td->td_stripsperimage = td->td_nstrips = nstrips;
5803 TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
5804
5805 _TIFFfree(td->td_stripbytecount);
5806 _TIFFfree(td->td_stripoffset);
5807 td->td_stripbytecount = newcounts;
5808 td->td_stripoffset = newoffsets;
5809 td->td_stripbytecountsorted = 1;
5810 }
5811
_TIFFFillStriles(TIFF * tif)5812 int _TIFFFillStriles( TIFF *tif )
5813 {
5814 return _TIFFFillStrilesInternal( tif, 1 );
5815 }
5816
_TIFFFillStrilesInternal(TIFF * tif,int loadStripByteCount)5817 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount )
5818 {
5819 #if defined(DEFER_STRILE_LOAD)
5820 register TIFFDirectory *td = &tif->tif_dir;
5821 int return_value = 1;
5822
5823 if( td->td_stripoffset != NULL )
5824 return 1;
5825
5826 if( td->td_stripoffset_entry.tdir_count == 0 )
5827 return 0;
5828
5829 if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry),
5830 td->td_nstrips,&td->td_stripoffset))
5831 {
5832 return_value = 0;
5833 }
5834
5835 if (loadStripByteCount &&
5836 !TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry),
5837 td->td_nstrips,&td->td_stripbytecount))
5838 {
5839 return_value = 0;
5840 }
5841
5842 _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry));
5843 _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry));
5844
5845 if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) {
5846 uint32 strip;
5847
5848 tif->tif_dir.td_stripbytecountsorted = 1;
5849 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
5850 if (tif->tif_dir.td_stripoffset[strip - 1] >
5851 tif->tif_dir.td_stripoffset[strip]) {
5852 tif->tif_dir.td_stripbytecountsorted = 0;
5853 break;
5854 }
5855 }
5856 }
5857
5858 return return_value;
5859 #else /* !defined(DEFER_STRILE_LOAD) */
5860 (void) tif;
5861 (void) loadStripByteCount;
5862 return 1;
5863 #endif
5864 }
5865
5866
5867 /* vim: set ts=8 sts=8 sw=8 noet: */
5868 /*
5869 * Local Variables:
5870 * mode: c
5871 * c-basic-offset: 8
5872 * fill-column: 78
5873 * End:
5874 */
5875