1 /*
2  * jdmarker.c
3  *
4  * Copyright (C) 1991-1998, Thomas G. Lane.
5  * This file is part of the Independent JPEG Group's software.
6  * For conditions of distribution and use, see the accompanying README file.
7  *
8  * This file contains routines to decode JPEG datastream markers.
9  * Most of the complexity arises from our desire to support input
10  * suspension: if not all of the data for a marker is available,
11  * we must exit back to the application.  On resumption, we reprocess
12  * the marker.
13  */
14 
15 #define JPEG_INTERNALS
16 #include "jinclude8.h"
17 #include "jpeglib8.h"
18 
19 
20 typedef enum {          /* JPEG marker codes */
21   M_SOF0  = 0xc0,
22   M_SOF1  = 0xc1,
23   M_SOF2  = 0xc2,
24   M_SOF3  = 0xc3,
25 
26   M_SOF5  = 0xc5,
27   M_SOF6  = 0xc6,
28   M_SOF7  = 0xc7,
29 
30   M_JPG   = 0xc8,
31   M_SOF9  = 0xc9,
32   M_SOF10 = 0xca,
33   M_SOF11 = 0xcb,
34 
35   M_SOF13 = 0xcd,
36   M_SOF14 = 0xce,
37   M_SOF15 = 0xcf,
38 
39   M_DHT   = 0xc4,
40 
41   M_DAC   = 0xcc,
42 
43   M_RST0  = 0xd0,
44   M_RST1  = 0xd1,
45   M_RST2  = 0xd2,
46   M_RST3  = 0xd3,
47   M_RST4  = 0xd4,
48   M_RST5  = 0xd5,
49   M_RST6  = 0xd6,
50   M_RST7  = 0xd7,
51 
52   M_SOI   = 0xd8,
53   M_EOI   = 0xd9,
54   M_SOS   = 0xda,
55   M_DQT   = 0xdb,
56   M_DNL   = 0xdc,
57   M_DRI   = 0xdd,
58   M_DHP   = 0xde,
59   M_EXP   = 0xdf,
60 
61   M_APP0  = 0xe0,
62   M_APP1  = 0xe1,
63   M_APP2  = 0xe2,
64   M_APP3  = 0xe3,
65   M_APP4  = 0xe4,
66   M_APP5  = 0xe5,
67   M_APP6  = 0xe6,
68   M_APP7  = 0xe7,
69   M_APP8  = 0xe8,
70   M_APP9  = 0xe9,
71   M_APP10 = 0xea,
72   M_APP11 = 0xeb,
73   M_APP12 = 0xec,
74   M_APP13 = 0xed,
75   M_APP14 = 0xee,
76   M_APP15 = 0xef,
77 
78   M_JPG0  = 0xf0,
79   M_JPG13 = 0xfd,
80   M_COM   = 0xfe,
81 
82   M_TEM   = 0x01,
83 
84   M_ERROR = 0x100
85 } JPEG_MARKER;
86 
87 
88 /* Private state */
89 
90 typedef struct {
91   struct jpeg_marker_reader pub; /* public fields */
92 
93   /* Application-overridable marker processing methods */
94   jpeg_marker_parser_method process_COM;
95   jpeg_marker_parser_method process_APPn[16];
96 
97   /* Limit on marker data length to save for each marker type */
98   unsigned int length_limit_COM;
99   unsigned int length_limit_APPn[16];
100 
101   /* Status of COM/APPn marker saving */
102   jpeg_saved_marker_ptr cur_marker; /* NULL if not processing a marker */
103   unsigned int bytes_read;      /* data bytes read so far in marker */
104   /* Note: cur_marker is not linked into marker_list until it's all read. */
105 } my_marker_reader;
106 
107 typedef my_marker_reader * my_marker_ptr;
108 
109 
110 /*
111  * Macros for fetching data from the data source module.
112  *
113  * At all times, cinfo->src->next_input_byte and ->bytes_in_buffer reflect
114  * the current restart point; we update them only when we have reached a
115  * suitable place to restart if a suspension occurs.
116  */
117 
118 /* Declare and initialize local copies of input pointer/count */
119 #define INPUT_VARS(cinfo)  \
120     struct jpeg_source_mgr * datasrc = (cinfo)->src;  \
121     const JOCTET * next_input_byte = datasrc->next_input_byte;  \
122     size_t bytes_in_buffer = datasrc->bytes_in_buffer
123 
124 /* Unload the local copies --- do this only at a restart boundary */
125 #define INPUT_SYNC(cinfo)  \
126     ( datasrc->next_input_byte = next_input_byte,  \
127       datasrc->bytes_in_buffer = bytes_in_buffer )
128 
129 /* Reload the local copies --- used only in MAKE_BYTE_AVAIL */
130 #define INPUT_RELOAD(cinfo)  \
131     ( next_input_byte = datasrc->next_input_byte,  \
132       bytes_in_buffer = datasrc->bytes_in_buffer )
133 
134 /* Internal macro for INPUT_BYTE and INPUT_2BYTES: make a byte available.
135  * Note we do *not* do INPUT_SYNC before calling fill_input_buffer,
136  * but we must reload the local copies after a successful fill.
137  */
138 #define MAKE_BYTE_AVAIL(cinfo,action)  \
139     if (bytes_in_buffer == 0) {  \
140       if (! (*datasrc->fill_input_buffer) (cinfo))  \
141         { action; }  \
142       INPUT_RELOAD(cinfo);  \
143     }
144 
145 /* Read a byte into variable V.
146  * If must suspend, take the specified action (typically "return FALSE").
147  */
148 #define INPUT_BYTE(cinfo,V,action)  \
149     MAKESTMT( MAKE_BYTE_AVAIL(cinfo,action); \
150           bytes_in_buffer--; \
151           V = GETJOCTET(*next_input_byte++); )
152 
153 /* As above, but read two bytes interpreted as an unsigned 16-bit integer.
154  * V should be declared unsigned int or perhaps IJG_INT32.
155  */
156 #define INPUT_2BYTES(cinfo,V,action)  \
157     MAKESTMT( MAKE_BYTE_AVAIL(cinfo,action); \
158           bytes_in_buffer--; \
159           V = ((unsigned int) GETJOCTET(*next_input_byte++)) << 8; \
160           MAKE_BYTE_AVAIL(cinfo,action); \
161           bytes_in_buffer--; \
162           V += GETJOCTET(*next_input_byte++); )
163 
164 
165 /*
166  * Routines to process JPEG markers.
167  *
168  * Entry condition: JPEG marker itself has been read and its code saved
169  *   in cinfo->unread_marker; input restart point is just after the marker.
170  *
171  * Exit: if return TRUE, have read and processed any parameters, and have
172  *   updated the restart point to point after the parameters.
173  *   If return FALSE, was forced to suspend before reaching end of
174  *   marker parameters; restart point has not been moved.  Same routine
175  *   will be called again after application supplies more input data.
176  *
177  * This approach to suspension assumes that all of a marker's parameters
178  * can fit into a single input bufferload.  This should hold for "normal"
179  * markers.  Some COM/APPn markers might have large parameter segments
180  * that might not fit.  If we are simply dropping such a marker, we use
181  * skip_input_data to get past it, and thereby put the problem on the
182  * source manager's shoulders.  If we are saving the marker's contents
183  * into memory, we use a slightly different convention: when forced to
184  * suspend, the marker processor updates the restart point to the end of
185  * what it's consumed (ie, the end of the buffer) before returning FALSE.
186  * On resumption, cinfo->unread_marker still contains the marker code,
187  * but the data source will point to the next chunk of marker data.
188  * The marker processor must retain internal state to deal with this.
189  *
190  * Note that we don't bother to avoid duplicate trace messages if a
191  * suspension occurs within marker parameters.  Other side effects
192  * require more care.
193  */
194 
195 
196 LOCAL(boolean)
get_soi(j_decompress_ptr cinfo)197 get_soi (j_decompress_ptr cinfo)
198 /* Process an SOI marker */
199 {
200   int i;
201 
202   TRACEMS(cinfo, 1, JTRC_SOI);
203 
204   if (cinfo->marker->saw_SOI)
205     ERREXIT(cinfo, JERR_SOI_DUPLICATE);
206 
207   /* Reset all parameters that are defined to be reset by SOI */
208 
209   for (i = 0; i < NUM_ARITH_TBLS; i++) {
210     cinfo->arith_dc_L[i] = 0;
211     cinfo->arith_dc_U[i] = 1;
212     cinfo->arith_ac_K[i] = 5;
213   }
214   cinfo->restart_interval = 0;
215 
216   /* Set initial assumptions for colorspace etc */
217 
218   cinfo->jpeg_color_space = JCS_UNKNOWN;
219   cinfo->CCIR601_sampling = FALSE; /* Assume non-CCIR sampling??? */
220 
221   cinfo->saw_JFIF_marker = FALSE;
222   cinfo->JFIF_major_version = 1; /* set default JFIF APP0 values */
223   cinfo->JFIF_minor_version = 1;
224   cinfo->density_unit = 0;
225   cinfo->X_density = 1;
226   cinfo->Y_density = 1;
227   cinfo->saw_Adobe_marker = FALSE;
228   cinfo->Adobe_transform = 0;
229 
230   cinfo->marker->saw_SOI = TRUE;
231 
232   return TRUE;
233 }
234 
235 
236 LOCAL(boolean)
get_sof(j_decompress_ptr cinfo,J_CODEC_PROCESS process,boolean is_arith,int data_unit)237 get_sof (j_decompress_ptr cinfo, J_CODEC_PROCESS process, boolean is_arith,
238      int data_unit)
239 /* Process a SOFn marker */
240 {
241   IJG_INT32 length;
242   int c, ci;
243   jpeg_component_info * compptr;
244   INPUT_VARS(cinfo);
245 
246   cinfo->data_unit = data_unit;
247   cinfo->process = process;
248   cinfo->arith_code = is_arith;
249 
250   INPUT_2BYTES(cinfo, length, return FALSE);
251 
252   INPUT_BYTE(cinfo, cinfo->data_precision, return FALSE);
253   INPUT_2BYTES(cinfo, cinfo->image_height, return FALSE);
254   INPUT_2BYTES(cinfo, cinfo->image_width, return FALSE);
255   INPUT_BYTE(cinfo, cinfo->num_components, return FALSE);
256 
257   length -= 8;
258 
259   TRACEMS4(cinfo, 1, JTRC_SOF, cinfo->unread_marker,
260        (int) cinfo->image_width, (int) cinfo->image_height,
261        cinfo->num_components);
262 
263   if (cinfo->marker->saw_SOF)
264     ERREXIT(cinfo, JERR_SOF_DUPLICATE);
265 
266   /* We don't support files in which the image height is initially specified */
267   /* as 0 and is later redefined by DNL.  As long as we have to check that,  */
268   /* might as well have a general sanity check. */
269   if (cinfo->image_height <= 0 || cinfo->image_width <= 0
270       || cinfo->num_components <= 0)
271     ERREXIT(cinfo, JERR_EMPTY_IMAGE);
272 
273   if (length != (cinfo->num_components * 3))
274     ERREXIT(cinfo, JERR_BAD_LENGTH);
275 
276   if (cinfo->comp_info == NULL) /* do only once, even if suspend */
277     cinfo->comp_info = (jpeg_component_info *) (*cinfo->mem->alloc_small)
278             ((j_common_ptr) cinfo, JPOOL_IMAGE,
279              (size_t)cinfo->num_components * SIZEOF(jpeg_component_info));
280 
281   for (ci = 0, compptr = cinfo->comp_info; ci < cinfo->num_components;
282        ci++, compptr++) {
283     compptr->component_index = ci;
284     INPUT_BYTE(cinfo, compptr->component_id, return FALSE);
285     INPUT_BYTE(cinfo, c, return FALSE);
286     compptr->h_samp_factor = (c >> 4) & 15;
287     compptr->v_samp_factor = (c     ) & 15;
288     INPUT_BYTE(cinfo, compptr->quant_tbl_no, return FALSE);
289 
290     TRACEMS4(cinfo, 1, JTRC_SOF_COMPONENT,
291          compptr->component_id, compptr->h_samp_factor,
292          compptr->v_samp_factor, compptr->quant_tbl_no);
293   }
294 
295   cinfo->marker->saw_SOF = TRUE;
296 
297   INPUT_SYNC(cinfo);
298   return TRUE;
299 }
300 
301 
302 LOCAL(boolean)
get_sos(j_decompress_ptr cinfo)303 get_sos (j_decompress_ptr cinfo)
304 /* Process a SOS marker */
305 {
306   IJG_INT32 length;
307   int i, ci, n, c, cc;
308   jpeg_component_info * compptr;
309   INPUT_VARS(cinfo);
310 
311   if (! cinfo->marker->saw_SOF)
312     ERREXIT(cinfo, JERR_SOS_NO_SOF);
313 
314   INPUT_2BYTES(cinfo, length, return FALSE);
315 
316   INPUT_BYTE(cinfo, n, return FALSE); /* Number of components */
317 
318   TRACEMS1(cinfo, 1, JTRC_SOS, n);
319 
320   if (length != (n * 2 + 6) || n < 1 || n > MAX_COMPS_IN_SCAN)
321     ERREXIT(cinfo, JERR_BAD_LENGTH);
322 
323   cinfo->comps_in_scan = n;
324 
325   /* Collect the component-spec parameters */
326 
327   for (i = 0; i < n; i++) {
328     INPUT_BYTE(cinfo, cc, return FALSE);
329     INPUT_BYTE(cinfo, c, return FALSE);
330 
331     for (ci = 0, compptr = cinfo->comp_info; ci < cinfo->num_components;
332      ci++, compptr++) {
333       if (cc == compptr->component_id)
334     goto id_found;
335     }
336 
337     ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
338 
339   id_found:
340 
341     cinfo->cur_comp_info[i] = compptr;
342     compptr->dc_tbl_no = (c >> 4) & 15;
343     compptr->ac_tbl_no = (c     ) & 15;
344 
345     TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
346          compptr->dc_tbl_no, compptr->ac_tbl_no);
347   }
348 
349   /* Collect the additional scan parameters Ss, Se, Ah/Al. */
350   INPUT_BYTE(cinfo, c, return FALSE);
351   cinfo->Ss = c;
352   INPUT_BYTE(cinfo, c, return FALSE);
353   cinfo->Se = c;
354   INPUT_BYTE(cinfo, c, return FALSE);
355   cinfo->Ah = (c >> 4) & 15;
356   cinfo->Al = (c     ) & 15;
357 
358   TRACEMS4(cinfo, 1, JTRC_SOS_PARAMS, cinfo->Ss, cinfo->Se,
359        cinfo->Ah, cinfo->Al);
360 
361   /* Prepare to scan data & restart markers */
362   cinfo->marker->next_restart_num = 0;
363 
364   /* Count another SOS marker */
365   cinfo->input_scan_number++;
366 
367   INPUT_SYNC(cinfo);
368   return TRUE;
369 }
370 
371 
372 #ifdef D_ARITH_CODING_SUPPORTED
373 
374 LOCAL(boolean)
get_dac(j_decompress_ptr cinfo)375 get_dac (j_decompress_ptr cinfo)
376 /* Process a DAC marker */
377 {
378   IJG_INT32 length;
379   int idx, val;
380   INPUT_VARS(cinfo);
381 
382   INPUT_2BYTES(cinfo, length, return FALSE);
383   length -= 2;
384 
385   while (length > 0) {
386     INPUT_BYTE(cinfo, idx, return FALSE);
387     INPUT_BYTE(cinfo, val, return FALSE);
388 
389     length -= 2;
390 
391     TRACEMS2(cinfo, 1, JTRC_DAC, idx, val);
392 
393     if (idx < 0 || idx >= (2*NUM_ARITH_TBLS))
394       ERREXIT1(cinfo, JERR_DAC_INDEX, idx);
395 
396     if (idx >= NUM_ARITH_TBLS) { /* define AC table */
397       cinfo->arith_ac_K[idx-NUM_ARITH_TBLS] = (UINT8) val;
398     } else {            /* define DC table */
399       cinfo->arith_dc_L[idx] = (UINT8) (val & 0x0F);
400       cinfo->arith_dc_U[idx] = (UINT8) (val >> 4);
401       if (cinfo->arith_dc_L[idx] > cinfo->arith_dc_U[idx])
402     ERREXIT1(cinfo, JERR_DAC_VALUE, val);
403     }
404   }
405 
406   if (length != 0)
407     ERREXIT(cinfo, JERR_BAD_LENGTH);
408 
409   INPUT_SYNC(cinfo);
410   return TRUE;
411 }
412 
413 #else /* ! D_ARITH_CODING_SUPPORTED */
414 
415 #define get_dac(cinfo)  skip_variable(cinfo)
416 
417 #endif /* D_ARITH_CODING_SUPPORTED */
418 
419 
420 LOCAL(boolean)
get_dht(j_decompress_ptr cinfo)421 get_dht (j_decompress_ptr cinfo)
422 /* Process a DHT marker */
423 {
424   IJG_INT32 length;
425   UINT8 bits[17];
426   UINT8 huffval[256];
427   int i, idx, count;
428   JHUFF_TBL **htblptr;
429   INPUT_VARS(cinfo);
430 
431   INPUT_2BYTES(cinfo, length, return FALSE);
432   length -= 2;
433 
434   while (length > 16) {
435     INPUT_BYTE(cinfo, idx, return FALSE);
436 
437     TRACEMS1(cinfo, 1, JTRC_DHT, idx);
438 
439     bits[0] = 0;
440     count = 0;
441     for (i = 1; i <= 16; i++) {
442       INPUT_BYTE(cinfo, bits[i], return FALSE);
443       count += bits[i];
444     }
445 
446     length -= 1 + 16;
447 
448     TRACEMS8(cinfo, 2, JTRC_HUFFBITS,
449          bits[1], bits[2], bits[3], bits[4],
450          bits[5], bits[6], bits[7], bits[8]);
451     TRACEMS8(cinfo, 2, JTRC_HUFFBITS,
452          bits[9], bits[10], bits[11], bits[12],
453          bits[13], bits[14], bits[15], bits[16]);
454 
455     /* Here we just do minimal validation of the counts to avoid walking
456      * off the end of our table space.  jdhuff.c will check more carefully.
457      */
458     if (count > 256 || ((IJG_INT32) count) > length)
459       ERREXIT(cinfo, JERR_BAD_HUFF_TABLE);
460 
461     for (i = 0; i < count; i++)
462       INPUT_BYTE(cinfo, huffval[i], return FALSE);
463 
464     length -= count;
465 
466     if (idx & 0x10) {       /* AC table definition */
467       idx -= 0x10;
468       htblptr = &cinfo->ac_huff_tbl_ptrs[idx];
469     } else {            /* DC table definition */
470       htblptr = &cinfo->dc_huff_tbl_ptrs[idx];
471     }
472 
473     if (idx < 0 || idx >= NUM_HUFF_TBLS)
474       ERREXIT1(cinfo, JERR_DHT_INDEX, idx);
475 
476     if (*htblptr == NULL)
477       *htblptr = jpeg_alloc_huff_table((j_common_ptr) cinfo);
478 
479     MEMCOPY((*htblptr)->bits, bits, SIZEOF((*htblptr)->bits));
480     MEMCOPY((*htblptr)->huffval, huffval, SIZEOF((*htblptr)->huffval));
481   }
482 
483   if (length != 0)
484     ERREXIT(cinfo, JERR_BAD_LENGTH);
485 
486   INPUT_SYNC(cinfo);
487   return TRUE;
488 }
489 
490 
491 LOCAL(boolean)
get_dqt(j_decompress_ptr cinfo)492 get_dqt (j_decompress_ptr cinfo)
493 /* Process a DQT marker */
494 {
495   IJG_INT32 length;
496   int n, i, prec;
497   unsigned int tmp;
498   JQUANT_TBL *quant_ptr;
499   INPUT_VARS(cinfo);
500 
501   INPUT_2BYTES(cinfo, length, return FALSE);
502   length -= 2;
503 
504   while (length > 0) {
505     INPUT_BYTE(cinfo, n, return FALSE);
506     prec = n >> 4;
507     n &= 0x0F;
508 
509     TRACEMS2(cinfo, 1, JTRC_DQT, n, prec);
510 
511     if (n >= NUM_QUANT_TBLS)
512       ERREXIT1(cinfo, JERR_DQT_INDEX, n);
513 
514     if (cinfo->quant_tbl_ptrs[n] == NULL)
515       cinfo->quant_tbl_ptrs[n] = jpeg_alloc_quant_table((j_common_ptr) cinfo);
516     quant_ptr = cinfo->quant_tbl_ptrs[n];
517 
518     for (i = 0; i < DCTSIZE2; i++) {
519       if (prec)
520     INPUT_2BYTES(cinfo, tmp, return FALSE);
521       else
522     INPUT_BYTE(cinfo, tmp, return FALSE);
523       /* We convert the zigzag-order table to natural array order. */
524       quant_ptr->quantval[jpeg_natural_order[i]] = (UINT16) tmp;
525     }
526 
527     if (cinfo->err->trace_level >= 2) {
528       for (i = 0; i < DCTSIZE2; i += 8) {
529     TRACEMS8(cinfo, 2, JTRC_QUANTVALS,
530          quant_ptr->quantval[i],   quant_ptr->quantval[i+1],
531          quant_ptr->quantval[i+2], quant_ptr->quantval[i+3],
532          quant_ptr->quantval[i+4], quant_ptr->quantval[i+5],
533          quant_ptr->quantval[i+6], quant_ptr->quantval[i+7]);
534       }
535     }
536 
537     length -= DCTSIZE2+1;
538     if (prec) length -= DCTSIZE2;
539   }
540 
541   if (length != 0)
542     ERREXIT(cinfo, JERR_BAD_LENGTH);
543 
544   INPUT_SYNC(cinfo);
545   return TRUE;
546 }
547 
548 
549 LOCAL(boolean)
get_dri(j_decompress_ptr cinfo)550 get_dri (j_decompress_ptr cinfo)
551 /* Process a DRI marker */
552 {
553   IJG_INT32 length;
554   unsigned int tmp;
555   INPUT_VARS(cinfo);
556 
557   INPUT_2BYTES(cinfo, length, return FALSE);
558 
559   if (length != 4)
560     ERREXIT(cinfo, JERR_BAD_LENGTH);
561 
562   INPUT_2BYTES(cinfo, tmp, return FALSE);
563 
564   TRACEMS1(cinfo, 1, JTRC_DRI, (int)tmp);
565 
566   cinfo->restart_interval = tmp;
567 
568   INPUT_SYNC(cinfo);
569   return TRUE;
570 }
571 
572 
573 /*
574  * Routines for processing APPn and COM markers.
575  * These are either saved in memory or discarded, per application request.
576  * APP0 and APP14 are specially checked to see if they are
577  * JFIF and Adobe markers, respectively.
578  */
579 
580 #define APP0_DATA_LEN   14  /* Length of interesting data in APP0 */
581 #define APP14_DATA_LEN  12  /* Length of interesting data in APP14 */
582 #define APPN_DATA_LEN   14  /* Must be the largest of the above!! */
583 
584 
585 LOCAL(void)
examine_app0(j_decompress_ptr cinfo,const JOCTET FAR * data,unsigned int datalen,IJG_INT32 remaining)586 examine_app0 (j_decompress_ptr cinfo, const JOCTET FAR * data,
587           unsigned int datalen, IJG_INT32 remaining)
588 /* Examine first few bytes from an APP0.
589  * Take appropriate action if it is a JFIF marker.
590  * datalen is # of bytes at data[], remaining is length of rest of marker data.
591  */
592 {
593   IJG_INT32 totallen = (IJG_INT32) datalen + remaining;
594 
595   if (datalen >= APP0_DATA_LEN &&
596       GETJOCTET(data[0]) == 0x4A &&
597       GETJOCTET(data[1]) == 0x46 &&
598       GETJOCTET(data[2]) == 0x49 &&
599       GETJOCTET(data[3]) == 0x46 &&
600       GETJOCTET(data[4]) == 0) {
601     /* Found JFIF APP0 marker: save info */
602     cinfo->saw_JFIF_marker = TRUE;
603     cinfo->JFIF_major_version = GETJOCTET(data[5]);
604     cinfo->JFIF_minor_version = GETJOCTET(data[6]);
605     cinfo->density_unit = GETJOCTET(data[7]);
606     cinfo->X_density = (UINT16)((GETJOCTET(data[8]) << 8) + GETJOCTET(data[9]));
607     cinfo->Y_density = (UINT16)((GETJOCTET(data[10]) << 8) + GETJOCTET(data[11]));
608     /* Check version.
609      * Major version must be 1, anything else signals an incompatible change.
610      * (We used to treat this as an error, but now it's a nonfatal warning,
611      * because some bozo at Hijaak couldn't read the spec.)
612      * Minor version should be 0..2, but process anyway if newer.
613      */
614     if (cinfo->JFIF_major_version != 1)
615       WARNMS2(cinfo, JWRN_JFIF_MAJOR,
616           cinfo->JFIF_major_version, cinfo->JFIF_minor_version);
617     /* Generate trace messages */
618     TRACEMS5(cinfo, 1, JTRC_JFIF,
619          cinfo->JFIF_major_version, cinfo->JFIF_minor_version,
620          cinfo->X_density, cinfo->Y_density, cinfo->density_unit);
621     /* Validate thumbnail dimensions and issue appropriate messages */
622     if (GETJOCTET(data[12]) | GETJOCTET(data[13]))
623       TRACEMS2(cinfo, 1, JTRC_JFIF_THUMBNAIL,
624            GETJOCTET(data[12]), GETJOCTET(data[13]));
625     totallen -= APP0_DATA_LEN;
626     if (totallen !=
627     ((IJG_INT32)GETJOCTET(data[12]) * (IJG_INT32)GETJOCTET(data[13]) * (IJG_INT32) 3))
628       TRACEMS1(cinfo, 1, JTRC_JFIF_BADTHUMBNAILSIZE, (int) totallen);
629   } else if (datalen >= 6 &&
630       GETJOCTET(data[0]) == 0x4A &&
631       GETJOCTET(data[1]) == 0x46 &&
632       GETJOCTET(data[2]) == 0x58 &&
633       GETJOCTET(data[3]) == 0x58 &&
634       GETJOCTET(data[4]) == 0) {
635     /* Found JFIF "JFXX" extension APP0 marker */
636     /* The library doesn't actually do anything with these,
637      * but we try to produce a helpful trace message.
638      */
639     switch (GETJOCTET(data[5])) {
640     case 0x10:
641       TRACEMS1(cinfo, 1, JTRC_THUMB_JPEG, (int) totallen);
642       break;
643     case 0x11:
644       TRACEMS1(cinfo, 1, JTRC_THUMB_PALETTE, (int) totallen);
645       break;
646     case 0x13:
647       TRACEMS1(cinfo, 1, JTRC_THUMB_RGB, (int) totallen);
648       break;
649     default:
650       TRACEMS2(cinfo, 1, JTRC_JFIF_EXTENSION,
651            GETJOCTET(data[5]), (int) totallen);
652       break;
653     }
654   } else {
655     /* Start of APP0 does not match "JFIF" or "JFXX", or too short */
656     TRACEMS1(cinfo, 1, JTRC_APP0, (int) totallen);
657   }
658 }
659 
660 
661 LOCAL(void)
examine_app14(j_decompress_ptr cinfo,const JOCTET FAR * data,unsigned int datalen,IJG_INT32 remaining)662 examine_app14 (j_decompress_ptr cinfo, const JOCTET FAR * data,
663            unsigned int datalen, IJG_INT32 remaining)
664 /* Examine first few bytes from an APP14.
665  * Take appropriate action if it is an Adobe marker.
666  * datalen is # of bytes at data[], remaining is length of rest of marker data.
667  */
668 {
669   unsigned int version, flags0, flags1, transform;
670 
671   if (datalen >= APP14_DATA_LEN &&
672       GETJOCTET(data[0]) == 0x41 &&
673       GETJOCTET(data[1]) == 0x64 &&
674       GETJOCTET(data[2]) == 0x6F &&
675       GETJOCTET(data[3]) == 0x62 &&
676       GETJOCTET(data[4]) == 0x65) {
677     /* Found Adobe APP14 marker */
678     version = (unsigned int)((GETJOCTET(data[5]) << 8) + GETJOCTET(data[6]));
679     flags0 = (unsigned int)((GETJOCTET(data[7]) << 8) + GETJOCTET(data[8]));
680     flags1 = (unsigned int)((GETJOCTET(data[9]) << 8) + GETJOCTET(data[10]));
681     transform = GETJOCTET(data[11]);
682     TRACEMS4(cinfo, 1, JTRC_ADOBE, (int)version, (int)flags0, (int)flags1, (int)transform);
683     cinfo->saw_Adobe_marker = TRUE;
684     cinfo->Adobe_transform = (UINT8) transform;
685   } else {
686     /* Start of APP14 does not match "Adobe", or too short */
687     TRACEMS1(cinfo, 1, JTRC_APP14, (int) (datalen + remaining));
688   }
689 }
690 
691 
692 METHODDEF(boolean)
get_interesting_appn(j_decompress_ptr cinfo)693 get_interesting_appn (j_decompress_ptr cinfo)
694 /* Process an APP0 or APP14 marker without saving it */
695 {
696   IJG_INT32 length;
697   JOCTET b[APPN_DATA_LEN];
698   unsigned int i, numtoread;
699   INPUT_VARS(cinfo);
700 
701   INPUT_2BYTES(cinfo, length, return FALSE);
702   length -= 2;
703 
704   /* get the interesting part of the marker data */
705   if (length >= APPN_DATA_LEN)
706     numtoread = APPN_DATA_LEN;
707   else if (length > 0)
708     numtoread = (unsigned int) length;
709   else
710     numtoread = 0;
711   for (i = 0; i < numtoread; i++)
712     INPUT_BYTE(cinfo, b[i], return FALSE);
713   length -= numtoread;
714 
715   /* process it */
716   switch (cinfo->unread_marker) {
717   case M_APP0:
718     examine_app0(cinfo, (JOCTET FAR *) b, numtoread, length);
719     break;
720   case M_APP14:
721     examine_app14(cinfo, (JOCTET FAR *) b, numtoread, length);
722     break;
723   default:
724     /* can't get here unless jpeg_save_markers chooses wrong processor */
725     ERREXIT1(cinfo, JERR_UNKNOWN_MARKER, cinfo->unread_marker);
726     break;
727   }
728 
729   /* skip any remaining data -- could be lots */
730   INPUT_SYNC(cinfo);
731   if (length > 0)
732     (*cinfo->src->skip_input_data) (cinfo, (long) length);
733 
734   return TRUE;
735 }
736 
737 
738 #ifdef SAVE_MARKERS_SUPPORTED
739 
740 METHODDEF(boolean)
save_marker(j_decompress_ptr cinfo)741 save_marker (j_decompress_ptr cinfo)
742 /* Save an APPn or COM marker into the marker list */
743 {
744   my_marker_ptr marker = (my_marker_ptr) cinfo->marker;
745   jpeg_saved_marker_ptr cur_marker = marker->cur_marker;
746   unsigned int bytes_read, data_length;
747   JOCTET FAR * data;
748   IJG_INT32 length = 0;
749   INPUT_VARS(cinfo);
750 
751   if (cur_marker == NULL) {
752     /* begin reading a marker */
753     INPUT_2BYTES(cinfo, length, return FALSE);
754     length -= 2;
755     if (length >= 0) {      /* watch out for bogus length word */
756       /* figure out how much we want to save */
757       unsigned int limit;
758       if (cinfo->unread_marker == (int) M_COM)
759     limit = marker->length_limit_COM;
760       else
761     limit = marker->length_limit_APPn[cinfo->unread_marker - (int) M_APP0];
762       if ((unsigned int) length < limit)
763     limit = (unsigned int) length;
764       /* allocate and initialize the marker item */
765       cur_marker = (jpeg_saved_marker_ptr)
766     (*cinfo->mem->alloc_large) ((j_common_ptr) cinfo, JPOOL_IMAGE,
767                     SIZEOF(struct jpeg_marker_struct) + limit);
768       cur_marker->next = NULL;
769       cur_marker->marker = (UINT8) cinfo->unread_marker;
770       cur_marker->original_length = (unsigned int) length;
771       cur_marker->data_length = limit;
772       /* data area is just beyond the jpeg_marker_struct */
773       data = cur_marker->data = (JOCTET FAR *) (cur_marker + 1);
774       marker->cur_marker = cur_marker;
775       marker->bytes_read = 0;
776       bytes_read = 0;
777       data_length = limit;
778     } else {
779       /* deal with bogus length word */
780       bytes_read = data_length = 0;
781       data = NULL;
782     }
783   } else {
784     /* resume reading a marker */
785     bytes_read = marker->bytes_read;
786     data_length = cur_marker->data_length;
787     data = cur_marker->data + bytes_read;
788   }
789 
790   while (bytes_read < data_length) {
791     INPUT_SYNC(cinfo);      /* move the restart point to here */
792     marker->bytes_read = bytes_read;
793     /* If there's not at least one byte in buffer, suspend */
794     MAKE_BYTE_AVAIL(cinfo, return FALSE);
795     /* Copy bytes with reasonable rapidity */
796     while (bytes_read < data_length && bytes_in_buffer > 0) {
797       *data++ = *next_input_byte++;
798       bytes_in_buffer--;
799       bytes_read++;
800     }
801   }
802 
803   /* Done reading what we want to read */
804   if (cur_marker != NULL) { /* will be NULL if bogus length word */
805     /* Add new marker to end of list */
806     if (cinfo->marker_list == NULL) {
807       cinfo->marker_list = cur_marker;
808     } else {
809       jpeg_saved_marker_ptr prev = cinfo->marker_list;
810       while (prev->next != NULL)
811     prev = prev->next;
812       prev->next = cur_marker;
813     }
814     /* Reset pointer & calc remaining data length */
815     data = cur_marker->data;
816     length = cur_marker->original_length - data_length;
817   }
818   /* Reset to initial state for next marker */
819   marker->cur_marker = NULL;
820 
821   /* Process the marker if interesting; else just make a generic trace msg */
822   switch (cinfo->unread_marker) {
823   case M_APP0:
824     examine_app0(cinfo, data, data_length, length);
825     break;
826   case M_APP14:
827     examine_app14(cinfo, data, data_length, length);
828     break;
829   default:
830     TRACEMS2(cinfo, 1, JTRC_MISC_MARKER, cinfo->unread_marker,
831          (int) (data_length + length));
832     break;
833   }
834 
835   /* skip any remaining data -- could be lots */
836   INPUT_SYNC(cinfo);        /* do before skip_input_data */
837   if (length > 0)
838     (*cinfo->src->skip_input_data) (cinfo, (long) length);
839 
840   return TRUE;
841 }
842 
843 #endif /* SAVE_MARKERS_SUPPORTED */
844 
845 
846 METHODDEF(boolean)
skip_variable(j_decompress_ptr cinfo)847 skip_variable (j_decompress_ptr cinfo)
848 /* Skip over an unknown or uninteresting variable-length marker */
849 {
850   IJG_INT32 length;
851   INPUT_VARS(cinfo);
852 
853   INPUT_2BYTES(cinfo, length, return FALSE);
854   length -= 2;
855 
856   TRACEMS2(cinfo, 1, JTRC_MISC_MARKER, cinfo->unread_marker, (int) length);
857 
858   INPUT_SYNC(cinfo);        /* do before skip_input_data */
859   if (length > 0)
860     (*cinfo->src->skip_input_data) (cinfo, (long) length);
861 
862   return TRUE;
863 }
864 
865 
866 /*
867  * Find the next JPEG marker, save it in cinfo->unread_marker.
868  * Returns FALSE if had to suspend before reaching a marker;
869  * in that case cinfo->unread_marker is unchanged.
870  *
871  * Note that the result might not be a valid marker code,
872  * but it will never be 0 or FF.
873  */
874 
875 LOCAL(boolean)
next_marker(j_decompress_ptr cinfo)876 next_marker (j_decompress_ptr cinfo)
877 {
878   int c;
879   INPUT_VARS(cinfo);
880 
881   for (;;) {
882     INPUT_BYTE(cinfo, c, return FALSE);
883     /* Skip any non-FF bytes.
884      * This may look a bit inefficient, but it will not occur in a valid file.
885      * We sync after each discarded byte so that a suspending data source
886      * can discard the byte from its buffer.
887      */
888     while (c != 0xFF) {
889       cinfo->marker->discarded_bytes++;
890       INPUT_SYNC(cinfo);
891       INPUT_BYTE(cinfo, c, return FALSE);
892     }
893     /* This loop swallows any duplicate FF bytes.  Extra FFs are legal as
894      * pad bytes, so don't count them in discarded_bytes.  We assume there
895      * will not be so many consecutive FF bytes as to overflow a suspending
896      * data source's input buffer.
897      */
898     do {
899       INPUT_BYTE(cinfo, c, return FALSE);
900     } while (c == 0xFF);
901     if (c != 0)
902       break;            /* found a valid marker, exit loop */
903     /* Reach here if we found a stuffed-zero data sequence (FF/00).
904      * Discard it and loop back to try again.
905      */
906     cinfo->marker->discarded_bytes += 2;
907     INPUT_SYNC(cinfo);
908   }
909 
910   if (cinfo->marker->discarded_bytes != 0) {
911     WARNMS2(cinfo, JWRN_EXTRANEOUS_DATA, (int)cinfo->marker->discarded_bytes, c);
912     cinfo->marker->discarded_bytes = 0;
913   }
914 
915   cinfo->unread_marker = c;
916 
917   INPUT_SYNC(cinfo);
918   return TRUE;
919 }
920 
921 
922 LOCAL(boolean)
first_marker(j_decompress_ptr cinfo)923 first_marker (j_decompress_ptr cinfo)
924 /* Like next_marker, but used to obtain the initial SOI marker. */
925 /* For this marker, we do not allow preceding garbage or fill; otherwise,
926  * we might well scan an entire input file before realizing it ain't JPEG.
927  * If an application wants to process non-JFIF files, it must seek to the
928  * SOI before calling the JPEG library.
929  */
930 {
931   int c, c2;
932   INPUT_VARS(cinfo);
933 
934   INPUT_BYTE(cinfo, c, return FALSE);
935   INPUT_BYTE(cinfo, c2, return FALSE);
936   if (c != 0xFF || c2 != (int) M_SOI)
937     ERREXIT2(cinfo, JERR_NO_SOI, c, c2);
938 
939   cinfo->unread_marker = c2;
940 
941   INPUT_SYNC(cinfo);
942   return TRUE;
943 }
944 
945 
946 /*
947  * Read markers until SOS or EOI.
948  *
949  * Returns same codes as are defined for jpeg_consume_input:
950  * JPEG_SUSPENDED, JPEG_REACHED_SOS, or JPEG_REACHED_EOI.
951  */
952 
953 METHODDEF(int)
read_markers(j_decompress_ptr cinfo)954 read_markers (j_decompress_ptr cinfo)
955 {
956   /* Outer loop repeats once for each marker. */
957   for (;;) {
958     /* Collect the marker proper, unless we already did. */
959     /* NB: first_marker() enforces the requirement that SOI appear first. */
960     if (cinfo->unread_marker == 0) {
961       if (! cinfo->marker->saw_SOI) {
962     if (! first_marker(cinfo))
963       return JPEG_SUSPENDED;
964       } else {
965     if (! next_marker(cinfo))
966       return JPEG_SUSPENDED;
967       }
968     }
969     /* At this point cinfo->unread_marker contains the marker code and the
970      * input point is just past the marker proper, but before any parameters.
971      * A suspension will cause us to return with this state still true.
972      */
973     switch (cinfo->unread_marker) {
974     case M_SOI:
975       if (! get_soi(cinfo))
976     return JPEG_SUSPENDED;
977       break;
978 
979     case M_SOF0:        /* Baseline */
980     case M_SOF1:        /* Extended sequential, Huffman */
981       if (! get_sof(cinfo, JPROC_SEQUENTIAL, FALSE, DCTSIZE))
982     return JPEG_SUSPENDED;
983       break;
984 
985     case M_SOF2:        /* Progressive, Huffman */
986       if (! get_sof(cinfo, JPROC_PROGRESSIVE, FALSE, DCTSIZE))
987     return JPEG_SUSPENDED;
988       break;
989 
990     case M_SOF3:        /* Lossless, Huffman */
991       if (! get_sof(cinfo, JPROC_LOSSLESS, FALSE, 1))
992     return JPEG_SUSPENDED;
993       break;
994 
995     case M_SOF9:        /* Extended sequential, arithmetic */
996       if (! get_sof(cinfo, JPROC_SEQUENTIAL, TRUE, DCTSIZE))
997     return JPEG_SUSPENDED;
998       break;
999 
1000     case M_SOF10:       /* Progressive, arithmetic */
1001       if (! get_sof(cinfo, JPROC_PROGRESSIVE, TRUE, DCTSIZE))
1002     return JPEG_SUSPENDED;
1003       break;
1004 
1005     case M_SOF11:       /* Lossless, arithmetic */
1006       if (! get_sof(cinfo, JPROC_LOSSLESS, TRUE, 1))
1007     return JPEG_SUSPENDED;
1008       break;
1009 
1010     /* Currently unsupported SOFn types */
1011     case M_SOF5:        /* Differential sequential, Huffman */
1012     case M_SOF6:        /* Differential progressive, Huffman */
1013     case M_SOF7:        /* Differential lossless, Huffman */
1014     case M_JPG:         /* Reserved for JPEG extensions */
1015     case M_SOF13:       /* Differential sequential, arithmetic */
1016     case M_SOF14:       /* Differential progressive, arithmetic */
1017     case M_SOF15:       /* Differential lossless, arithmetic */
1018       ERREXIT1(cinfo, JERR_SOF_UNSUPPORTED, cinfo->unread_marker);
1019       break;
1020 
1021     case M_SOS:
1022       if (! get_sos(cinfo))
1023     return JPEG_SUSPENDED;
1024       cinfo->unread_marker = 0; /* processed the marker */
1025       return JPEG_REACHED_SOS;
1026 
1027     case M_EOI:
1028       TRACEMS(cinfo, 1, JTRC_EOI);
1029       cinfo->unread_marker = 0; /* processed the marker */
1030       return JPEG_REACHED_EOI;
1031 
1032     case M_DAC:
1033       if (! get_dac(cinfo))
1034     return JPEG_SUSPENDED;
1035       break;
1036 
1037     case M_DHT:
1038       if (! get_dht(cinfo))
1039     return JPEG_SUSPENDED;
1040       break;
1041 
1042     case M_DQT:
1043       if (! get_dqt(cinfo))
1044     return JPEG_SUSPENDED;
1045       break;
1046 
1047     case M_DRI:
1048       if (! get_dri(cinfo))
1049     return JPEG_SUSPENDED;
1050       break;
1051 
1052     case M_APP0:
1053     case M_APP1:
1054     case M_APP2:
1055     case M_APP3:
1056     case M_APP4:
1057     case M_APP5:
1058     case M_APP6:
1059     case M_APP7:
1060     case M_APP8:
1061     case M_APP9:
1062     case M_APP10:
1063     case M_APP11:
1064     case M_APP12:
1065     case M_APP13:
1066     case M_APP14:
1067     case M_APP15:
1068       if (! (*((my_marker_ptr) cinfo->marker)->process_APPn[
1069         cinfo->unread_marker - (int) M_APP0]) (cinfo))
1070     return JPEG_SUSPENDED;
1071       break;
1072 
1073     case M_COM:
1074       if (! (*((my_marker_ptr) cinfo->marker)->process_COM) (cinfo))
1075     return JPEG_SUSPENDED;
1076       break;
1077 
1078     case M_RST0:        /* these are all parameterless */
1079     case M_RST1:
1080     case M_RST2:
1081     case M_RST3:
1082     case M_RST4:
1083     case M_RST5:
1084     case M_RST6:
1085     case M_RST7:
1086     case M_TEM:
1087       TRACEMS1(cinfo, 1, JTRC_PARMLESS_MARKER, cinfo->unread_marker);
1088       break;
1089 
1090     case M_DNL:         /* Ignore DNL ... perhaps the wrong thing */
1091       if (! skip_variable(cinfo))
1092     return JPEG_SUSPENDED;
1093       break;
1094 
1095     default:            /* must be DHP, EXP, JPGn, or RESn */
1096       /* For now, we treat the reserved markers as fatal errors since they are
1097        * likely to be used to signal incompatible JPEG Part 3 extensions.
1098        * Once the JPEG 3 version-number marker is well defined, this code
1099        * ought to change!
1100        */
1101       ERREXIT1(cinfo, JERR_UNKNOWN_MARKER, cinfo->unread_marker);
1102       break;
1103     }
1104     /* Successfully processed marker, so reset state variable */
1105     cinfo->unread_marker = 0;
1106   } /* end loop */
1107 }
1108 
1109 
1110 /*
1111  * Read a restart marker, which is expected to appear next in the datastream;
1112  * if the marker is not there, take appropriate recovery action.
1113  * Returns FALSE if suspension is required.
1114  *
1115  * This is called by the entropy decoder after it has read an appropriate
1116  * number of MCUs.  cinfo->unread_marker may be nonzero if the entropy decoder
1117  * has already read a marker from the data source.  Under normal conditions
1118  * cinfo->unread_marker will be reset to 0 before returning; if not reset,
1119  * it holds a marker which the decoder will be unable to read past.
1120  */
1121 
1122 METHODDEF(boolean)
read_restart_marker(j_decompress_ptr cinfo)1123 read_restart_marker (j_decompress_ptr cinfo)
1124 {
1125   /* Obtain a marker unless we already did. */
1126   /* Note that next_marker will complain if it skips any data. */
1127   if (cinfo->unread_marker == 0) {
1128     if (! next_marker(cinfo))
1129       return FALSE;
1130   }
1131 
1132   if (cinfo->unread_marker ==
1133       ((int) M_RST0 + cinfo->marker->next_restart_num)) {
1134     /* Normal case --- swallow the marker and let entropy decoder continue */
1135     TRACEMS1(cinfo, 3, JTRC_RST, cinfo->marker->next_restart_num);
1136     cinfo->unread_marker = 0;
1137   } else {
1138     /* Uh-oh, the restart markers have been messed up. */
1139     /* Let the data source manager determine how to resync. */
1140     if (! (*cinfo->src->resync_to_restart) (cinfo,
1141                         cinfo->marker->next_restart_num))
1142       return FALSE;
1143   }
1144 
1145   /* Update next-restart state */
1146   cinfo->marker->next_restart_num = (cinfo->marker->next_restart_num + 1) & 7;
1147 
1148   return TRUE;
1149 }
1150 
1151 
1152 /*
1153  * This is the default resync_to_restart method for data source managers
1154  * to use if they don't have any better approach.  Some data source managers
1155  * may be able to back up, or may have additional knowledge about the data
1156  * which permits a more intelligent recovery strategy; such managers would
1157  * presumably supply their own resync method.
1158  *
1159  * read_restart_marker calls resync_to_restart if it finds a marker other than
1160  * the restart marker it was expecting.  (This code is *not* used unless
1161  * a nonzero restart interval has been declared.)  cinfo->unread_marker is
1162  * the marker code actually found (might be anything, except 0 or FF).
1163  * The desired restart marker number (0..7) is passed as a parameter.
1164  * This routine is supposed to apply whatever error recovery strategy seems
1165  * appropriate in order to position the input stream to the next data segment.
1166  * Note that cinfo->unread_marker is treated as a marker appearing before
1167  * the current data-source input point; usually it should be reset to zero
1168  * before returning.
1169  * Returns FALSE if suspension is required.
1170  *
1171  * This implementation is substantially constrained by wanting to treat the
1172  * input as a data stream; this means we can't back up.  Therefore, we have
1173  * only the following actions to work with:
1174  *   1. Simply discard the marker and let the entropy decoder resume at next
1175  *      byte of file.
1176  *   2. Read forward until we find another marker, discarding intervening
1177  *      data.  (In theory we could look ahead within the current bufferload,
1178  *      without having to discard data if we don't find the desired marker.
1179  *      This idea is not implemented here, in part because it makes behavior
1180  *      dependent on buffer size and chance buffer-boundary positions.)
1181  *   3. Leave the marker unread (by failing to zero cinfo->unread_marker).
1182  *      This will cause the entropy decoder to process an empty data segment,
1183  *      inserting dummy zeroes, and then we will reprocess the marker.
1184  *
1185  * #2 is appropriate if we think the desired marker lies ahead, while #3 is
1186  * appropriate if the found marker is a future restart marker (indicating
1187  * that we have missed the desired restart marker, probably because it got
1188  * corrupted).
1189  * We apply #2 or #3 if the found marker is a restart marker no more than
1190  * two counts behind or ahead of the expected one.  We also apply #2 if the
1191  * found marker is not a legal JPEG marker code (it's certainly bogus data).
1192  * If the found marker is a restart marker more than 2 counts away, we do #1
1193  * (too much risk that the marker is erroneous; with luck we will be able to
1194  * resync at some future point).
1195  * For any valid non-restart JPEG marker, we apply #3.  This keeps us from
1196  * overrunning the end of a scan.  An implementation limited to single-scan
1197  * files might find it better to apply #2 for markers other than EOI, since
1198  * any other marker would have to be bogus data in that case.
1199  */
1200 
1201 GLOBAL(boolean)
jpeg_resync_to_restart(j_decompress_ptr cinfo,int desired)1202 jpeg_resync_to_restart (j_decompress_ptr cinfo, int desired)
1203 {
1204   int marker = cinfo->unread_marker;
1205   int action = 1;
1206 
1207   /* Always put up a warning. */
1208   WARNMS2(cinfo, JWRN_MUST_RESYNC, marker, desired);
1209 
1210   /* Outer loop handles repeated decision after scanning forward. */
1211   for (;;) {
1212     if (marker < (int) M_SOF0)
1213       action = 2;       /* invalid marker */
1214     else if (marker < (int) M_RST0 || marker > (int) M_RST7)
1215       action = 3;       /* valid non-restart marker */
1216     else {
1217       if (marker == ((int) M_RST0 + ((desired+1) & 7)) ||
1218       marker == ((int) M_RST0 + ((desired+2) & 7)))
1219     action = 3;     /* one of the next two expected restarts */
1220       else if (marker == ((int) M_RST0 + ((desired-1) & 7)) ||
1221            marker == ((int) M_RST0 + ((desired-2) & 7)))
1222     action = 2;     /* a prior restart, so advance */
1223       else
1224     action = 1;     /* desired restart or too far away */
1225     }
1226     TRACEMS2(cinfo, 4, JTRC_RECOVERY_ACTION, marker, action);
1227     switch (action) {
1228     case 1:
1229       /* Discard marker and let entropy decoder resume processing. */
1230       cinfo->unread_marker = 0;
1231       return TRUE;
1232     case 2:
1233       /* Scan to the next marker, and repeat the decision loop. */
1234       if (! next_marker(cinfo))
1235     return FALSE;
1236       marker = cinfo->unread_marker;
1237       break;
1238     case 3:
1239       /* Return without advancing past this marker. */
1240       /* Entropy decoder will be forced to process an empty segment. */
1241       return TRUE;
1242     }
1243   } /* end loop */
1244 }
1245 
1246 
1247 /*
1248  * Reset marker processing state to begin a fresh datastream.
1249  */
1250 
1251 METHODDEF(void)
reset_marker_reader(j_decompress_ptr cinfo)1252 reset_marker_reader (j_decompress_ptr cinfo)
1253 {
1254   my_marker_ptr marker = (my_marker_ptr) cinfo->marker;
1255 
1256   cinfo->comp_info = NULL;      /* until allocated by get_sof */
1257   cinfo->input_scan_number = 0;     /* no SOS seen yet */
1258   cinfo->unread_marker = 0;     /* no pending marker */
1259   marker->pub.saw_SOI = FALSE;      /* set internal state too */
1260   marker->pub.saw_SOF = FALSE;
1261   marker->pub.discarded_bytes = 0;
1262   marker->cur_marker = NULL;
1263 }
1264 
1265 
1266 /*
1267  * Initialize the marker reader module.
1268  * This is called only once, when the decompression object is created.
1269  */
1270 
1271 GLOBAL(void)
jinit_marker_reader(j_decompress_ptr cinfo)1272 jinit_marker_reader (j_decompress_ptr cinfo)
1273 {
1274   my_marker_ptr marker;
1275   int i;
1276 
1277   /* Create subobject in permanent pool */
1278   marker = (my_marker_ptr)
1279     (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_PERMANENT,
1280                 SIZEOF(my_marker_reader));
1281   cinfo->marker = (struct jpeg_marker_reader *) marker;
1282   /* Initialize public method pointers */
1283   marker->pub.reset_marker_reader = reset_marker_reader;
1284   marker->pub.read_markers = read_markers;
1285   marker->pub.read_restart_marker = read_restart_marker;
1286   /* Initialize COM/APPn processing.
1287    * By default, we examine and then discard APP0 and APP14,
1288    * but simply discard COM and all other APPn.
1289    */
1290   marker->process_COM = skip_variable;
1291   marker->length_limit_COM = 0;
1292   for (i = 0; i < 16; i++) {
1293     marker->process_APPn[i] = skip_variable;
1294     marker->length_limit_APPn[i] = 0;
1295   }
1296   marker->process_APPn[0] = get_interesting_appn;
1297   marker->process_APPn[14] = get_interesting_appn;
1298   /* Reset marker processing state */
1299   reset_marker_reader(cinfo);
1300 }
1301 
1302 
1303 /*
1304  * Control saving of COM and APPn markers into marker_list.
1305  */
1306 
1307 #ifdef SAVE_MARKERS_SUPPORTED
1308 
1309 GLOBAL(void)
jpeg_save_markers(j_decompress_ptr cinfo,int marker_code,unsigned int length_limit)1310 jpeg_save_markers (j_decompress_ptr cinfo, int marker_code,
1311            unsigned int length_limit)
1312 {
1313   my_marker_ptr marker = (my_marker_ptr) cinfo->marker;
1314   long maxlength;
1315   jpeg_marker_parser_method processor;
1316 
1317   /* Length limit mustn't be larger than what we can allocate
1318    * (should only be a concern in a 16-bit environment).
1319    */
1320   maxlength = cinfo->mem->max_alloc_chunk - (long)SIZEOF(struct jpeg_marker_struct);
1321   if (((long) length_limit) > maxlength)
1322     length_limit = (unsigned int) maxlength;
1323 
1324   /* Choose processor routine to use.
1325    * APP0/APP14 have special requirements.
1326    */
1327   if (length_limit) {
1328     processor = save_marker;
1329     /* If saving APP0/APP14, save at least enough for our internal use. */
1330     if (marker_code == (int) M_APP0 && length_limit < APP0_DATA_LEN)
1331       length_limit = APP0_DATA_LEN;
1332     else if (marker_code == (int) M_APP14 && length_limit < APP14_DATA_LEN)
1333       length_limit = APP14_DATA_LEN;
1334   } else {
1335     processor = skip_variable;
1336     /* If discarding APP0/APP14, use our regular on-the-fly processor. */
1337     if (marker_code == (int) M_APP0 || marker_code == (int) M_APP14)
1338       processor = get_interesting_appn;
1339   }
1340 
1341   if (marker_code == (int) M_COM) {
1342     marker->process_COM = processor;
1343     marker->length_limit_COM = length_limit;
1344   } else if (marker_code >= (int) M_APP0 && marker_code <= (int) M_APP15) {
1345     marker->process_APPn[marker_code - (int) M_APP0] = processor;
1346     marker->length_limit_APPn[marker_code - (int) M_APP0] = length_limit;
1347   } else
1348     ERREXIT1(cinfo, JERR_UNKNOWN_MARKER, marker_code);
1349 }
1350 
1351 #endif /* SAVE_MARKERS_SUPPORTED */
1352 
1353 
1354 /*
1355  * Install a special processing method for COM or APPn markers.
1356  */
1357 
1358 GLOBAL(void)
jpeg_set_marker_processor(j_decompress_ptr cinfo,int marker_code,jpeg_marker_parser_method routine)1359 jpeg_set_marker_processor (j_decompress_ptr cinfo, int marker_code,
1360                jpeg_marker_parser_method routine)
1361 {
1362   my_marker_ptr marker = (my_marker_ptr) cinfo->marker;
1363 
1364   if (marker_code == (int) M_COM)
1365     marker->process_COM = routine;
1366   else if (marker_code >= (int) M_APP0 && marker_code <= (int) M_APP15)
1367     marker->process_APPn[marker_code - (int) M_APP0] = routine;
1368   else
1369     ERREXIT1(cinfo, JERR_UNKNOWN_MARKER, marker_code);
1370 }
1371