1 /* $Id: tif_dirread.c,v 1.218 2017-09-09 21:44:42 erouault Exp $ */
2
3 /*
4 * Copyright (c) 1988-1997 Sam Leffler
5 * Copyright (c) 1991-1997 Silicon Graphics, Inc.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software and
8 * its documentation for any purpose is hereby granted without fee, provided
9 * that (i) the above copyright notices and this permission notice appear in
10 * all copies of the software and related documentation, and (ii) the names of
11 * Sam Leffler and Silicon Graphics may not be used in any advertising or
12 * publicity relating to the software without the specific, prior written
13 * permission of Sam Leffler and Silicon Graphics.
14 *
15 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
17 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
18 *
19 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
20 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
21 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
22 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
23 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
24 * OF THIS SOFTWARE.
25 */
26
27 /*
28 * TIFF Library.
29 *
30 * Directory Read Support Routines.
31 */
32
33 /* Suggested pending improvements:
34 * - add a field 'ignore' to the TIFFDirEntry structure, to flag status,
35 * eliminating current use of the IGNORE value, and therefore eliminating
36 * current irrational behaviour on tags with tag id code 0
37 * - add a field 'field_info' to the TIFFDirEntry structure, and set that with
38 * the pointer to the appropriate TIFFField structure early on in
39 * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup.
40 */
41
42 #include "tiffiop.h"
43 #include <float.h>
44 #include <stdlib.h>
45
46 #define IGNORE 0 /* tag placeholder used below */
47 #define FAILED_FII ((uint32) -1)
48
49 #ifdef HAVE_IEEEFP
50 # define TIFFCvtIEEEFloatToNative(tif, n, fp)
51 # define TIFFCvtIEEEDoubleToNative(tif, n, dp)
52 #else
53 extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32, float*);
54 extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32, double*);
55 #endif
56
57 enum TIFFReadDirEntryErr {
58 TIFFReadDirEntryErrOk = 0,
59 TIFFReadDirEntryErrCount = 1,
60 TIFFReadDirEntryErrType = 2,
61 TIFFReadDirEntryErrIo = 3,
62 TIFFReadDirEntryErrRange = 4,
63 TIFFReadDirEntryErrPsdif = 5,
64 TIFFReadDirEntryErrSizesan = 6,
65 TIFFReadDirEntryErrAlloc = 7,
66 };
67
68 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
69 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
70 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
71 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
72 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
73 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
74 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
75
76 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value);
77 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value);
78 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value);
79 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value);
80 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value);
81 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value);
82 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value);
83 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
84 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value);
85 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value);
86 static enum TIFFReadDirEntryErr TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value);
87 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
88
89 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
90 #if 0
91 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
92 #endif
93
94 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
95 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value);
96 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
97 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value);
98 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
99 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value);
100 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
101 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value);
102 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value);
103 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value);
104 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
105 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
106
107 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value);
108 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value);
109 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value);
110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value);
111 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value);
112 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value);
113 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value);
114
115 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value);
116 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value);
117 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value);
118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value);
119 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value);
120 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value);
121 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value);
122
123 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value);
124 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value);
125 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value);
126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value);
127 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value);
128 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value);
129
130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value);
131 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value);
132 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value);
133 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value);
134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value);
135
136 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value);
137 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value);
138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value);
139 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongLong8(uint64 value);
140 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong8(int64 value);
141
142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong(uint32 value);
143 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong8(uint64 value);
144 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongSlong8(int64 value);
145
146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value);
147 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sshort(int16 value);
148 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong(int32 value);
149 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong8(int64 value);
150
151 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value);
152
153 static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest);
154 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover);
155
156 static void TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
157 static TIFFDirEntry* TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid);
158 static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii);
159
160 static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
161 static void MissingRequired(TIFF*, const char*);
162 static int TIFFCheckDirOffset(TIFF* tif, uint64 diroff);
163 static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32);
164 static uint16 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, uint64* nextdiroff);
165 static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover);
166 static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp);
167 static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
168 static void ChopUpSingleUncompressedStrip(TIFF*);
169 static uint64 TIFFReadUInt64(const uint8 *value);
170
171 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
172
173 typedef union _UInt64Aligned_t
174 {
175 double d;
176 uint64 l;
177 uint32 i[2];
178 uint16 s[4];
179 uint8 c[8];
180 } UInt64Aligned_t;
181
182 /*
183 Unaligned safe copy of a uint64 value from an octet array.
184 */
TIFFReadUInt64(const uint8 * value)185 static uint64 TIFFReadUInt64(const uint8 *value)
186 {
187 UInt64Aligned_t result;
188
189 result.c[0]=value[0];
190 result.c[1]=value[1];
191 result.c[2]=value[2];
192 result.c[3]=value[3];
193 result.c[4]=value[4];
194 result.c[5]=value[5];
195 result.c[6]=value[6];
196 result.c[7]=value[7];
197
198 return result.l;
199 }
200
TIFFReadDirEntryByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)201 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
202 {
203 enum TIFFReadDirEntryErr err;
204 if (direntry->tdir_count!=1)
205 return(TIFFReadDirEntryErrCount);
206 switch (direntry->tdir_type)
207 {
208 case TIFF_BYTE:
209 TIFFReadDirEntryCheckedByte(tif,direntry,value);
210 return(TIFFReadDirEntryErrOk);
211 case TIFF_SBYTE:
212 {
213 int8 m;
214 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
215 err=TIFFReadDirEntryCheckRangeByteSbyte(m);
216 if (err!=TIFFReadDirEntryErrOk)
217 return(err);
218 *value=(uint8)m;
219 return(TIFFReadDirEntryErrOk);
220 }
221 case TIFF_SHORT:
222 {
223 uint16 m;
224 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
225 err=TIFFReadDirEntryCheckRangeByteShort(m);
226 if (err!=TIFFReadDirEntryErrOk)
227 return(err);
228 *value=(uint8)m;
229 return(TIFFReadDirEntryErrOk);
230 }
231 case TIFF_SSHORT:
232 {
233 int16 m;
234 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
235 err=TIFFReadDirEntryCheckRangeByteSshort(m);
236 if (err!=TIFFReadDirEntryErrOk)
237 return(err);
238 *value=(uint8)m;
239 return(TIFFReadDirEntryErrOk);
240 }
241 case TIFF_LONG:
242 {
243 uint32 m;
244 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
245 err=TIFFReadDirEntryCheckRangeByteLong(m);
246 if (err!=TIFFReadDirEntryErrOk)
247 return(err);
248 *value=(uint8)m;
249 return(TIFFReadDirEntryErrOk);
250 }
251 case TIFF_SLONG:
252 {
253 int32 m;
254 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
255 err=TIFFReadDirEntryCheckRangeByteSlong(m);
256 if (err!=TIFFReadDirEntryErrOk)
257 return(err);
258 *value=(uint8)m;
259 return(TIFFReadDirEntryErrOk);
260 }
261 case TIFF_LONG8:
262 {
263 uint64 m;
264 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
265 if (err!=TIFFReadDirEntryErrOk)
266 return(err);
267 err=TIFFReadDirEntryCheckRangeByteLong8(m);
268 if (err!=TIFFReadDirEntryErrOk)
269 return(err);
270 *value=(uint8)m;
271 return(TIFFReadDirEntryErrOk);
272 }
273 case TIFF_SLONG8:
274 {
275 int64 m;
276 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
277 if (err!=TIFFReadDirEntryErrOk)
278 return(err);
279 err=TIFFReadDirEntryCheckRangeByteSlong8(m);
280 if (err!=TIFFReadDirEntryErrOk)
281 return(err);
282 *value=(uint8)m;
283 return(TIFFReadDirEntryErrOk);
284 }
285 default:
286 return(TIFFReadDirEntryErrType);
287 }
288 }
289
TIFFReadDirEntryShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)290 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
291 {
292 enum TIFFReadDirEntryErr err;
293 if (direntry->tdir_count!=1)
294 return(TIFFReadDirEntryErrCount);
295 switch (direntry->tdir_type)
296 {
297 case TIFF_BYTE:
298 {
299 uint8 m;
300 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
301 *value=(uint16)m;
302 return(TIFFReadDirEntryErrOk);
303 }
304 case TIFF_SBYTE:
305 {
306 int8 m;
307 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
308 err=TIFFReadDirEntryCheckRangeShortSbyte(m);
309 if (err!=TIFFReadDirEntryErrOk)
310 return(err);
311 *value=(uint16)m;
312 return(TIFFReadDirEntryErrOk);
313 }
314 case TIFF_SHORT:
315 TIFFReadDirEntryCheckedShort(tif,direntry,value);
316 return(TIFFReadDirEntryErrOk);
317 case TIFF_SSHORT:
318 {
319 int16 m;
320 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
321 err=TIFFReadDirEntryCheckRangeShortSshort(m);
322 if (err!=TIFFReadDirEntryErrOk)
323 return(err);
324 *value=(uint16)m;
325 return(TIFFReadDirEntryErrOk);
326 }
327 case TIFF_LONG:
328 {
329 uint32 m;
330 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
331 err=TIFFReadDirEntryCheckRangeShortLong(m);
332 if (err!=TIFFReadDirEntryErrOk)
333 return(err);
334 *value=(uint16)m;
335 return(TIFFReadDirEntryErrOk);
336 }
337 case TIFF_SLONG:
338 {
339 int32 m;
340 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
341 err=TIFFReadDirEntryCheckRangeShortSlong(m);
342 if (err!=TIFFReadDirEntryErrOk)
343 return(err);
344 *value=(uint16)m;
345 return(TIFFReadDirEntryErrOk);
346 }
347 case TIFF_LONG8:
348 {
349 uint64 m;
350 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
351 if (err!=TIFFReadDirEntryErrOk)
352 return(err);
353 err=TIFFReadDirEntryCheckRangeShortLong8(m);
354 if (err!=TIFFReadDirEntryErrOk)
355 return(err);
356 *value=(uint16)m;
357 return(TIFFReadDirEntryErrOk);
358 }
359 case TIFF_SLONG8:
360 {
361 int64 m;
362 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
363 if (err!=TIFFReadDirEntryErrOk)
364 return(err);
365 err=TIFFReadDirEntryCheckRangeShortSlong8(m);
366 if (err!=TIFFReadDirEntryErrOk)
367 return(err);
368 *value=(uint16)m;
369 return(TIFFReadDirEntryErrOk);
370 }
371 default:
372 return(TIFFReadDirEntryErrType);
373 }
374 }
375
TIFFReadDirEntryLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)376 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
377 {
378 enum TIFFReadDirEntryErr err;
379 if (direntry->tdir_count!=1)
380 return(TIFFReadDirEntryErrCount);
381 switch (direntry->tdir_type)
382 {
383 case TIFF_BYTE:
384 {
385 uint8 m;
386 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
387 *value=(uint32)m;
388 return(TIFFReadDirEntryErrOk);
389 }
390 case TIFF_SBYTE:
391 {
392 int8 m;
393 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
394 err=TIFFReadDirEntryCheckRangeLongSbyte(m);
395 if (err!=TIFFReadDirEntryErrOk)
396 return(err);
397 *value=(uint32)m;
398 return(TIFFReadDirEntryErrOk);
399 }
400 case TIFF_SHORT:
401 {
402 uint16 m;
403 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
404 *value=(uint32)m;
405 return(TIFFReadDirEntryErrOk);
406 }
407 case TIFF_SSHORT:
408 {
409 int16 m;
410 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
411 err=TIFFReadDirEntryCheckRangeLongSshort(m);
412 if (err!=TIFFReadDirEntryErrOk)
413 return(err);
414 *value=(uint32)m;
415 return(TIFFReadDirEntryErrOk);
416 }
417 case TIFF_LONG:
418 TIFFReadDirEntryCheckedLong(tif,direntry,value);
419 return(TIFFReadDirEntryErrOk);
420 case TIFF_SLONG:
421 {
422 int32 m;
423 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
424 err=TIFFReadDirEntryCheckRangeLongSlong(m);
425 if (err!=TIFFReadDirEntryErrOk)
426 return(err);
427 *value=(uint32)m;
428 return(TIFFReadDirEntryErrOk);
429 }
430 case TIFF_LONG8:
431 {
432 uint64 m;
433 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
434 if (err!=TIFFReadDirEntryErrOk)
435 return(err);
436 err=TIFFReadDirEntryCheckRangeLongLong8(m);
437 if (err!=TIFFReadDirEntryErrOk)
438 return(err);
439 *value=(uint32)m;
440 return(TIFFReadDirEntryErrOk);
441 }
442 case TIFF_SLONG8:
443 {
444 int64 m;
445 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
446 if (err!=TIFFReadDirEntryErrOk)
447 return(err);
448 err=TIFFReadDirEntryCheckRangeLongSlong8(m);
449 if (err!=TIFFReadDirEntryErrOk)
450 return(err);
451 *value=(uint32)m;
452 return(TIFFReadDirEntryErrOk);
453 }
454 default:
455 return(TIFFReadDirEntryErrType);
456 }
457 }
458
TIFFReadDirEntryLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)459 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
460 {
461 enum TIFFReadDirEntryErr err;
462 if (direntry->tdir_count!=1)
463 return(TIFFReadDirEntryErrCount);
464 switch (direntry->tdir_type)
465 {
466 case TIFF_BYTE:
467 {
468 uint8 m;
469 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
470 *value=(uint64)m;
471 return(TIFFReadDirEntryErrOk);
472 }
473 case TIFF_SBYTE:
474 {
475 int8 m;
476 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
477 err=TIFFReadDirEntryCheckRangeLong8Sbyte(m);
478 if (err!=TIFFReadDirEntryErrOk)
479 return(err);
480 *value=(uint64)m;
481 return(TIFFReadDirEntryErrOk);
482 }
483 case TIFF_SHORT:
484 {
485 uint16 m;
486 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
487 *value=(uint64)m;
488 return(TIFFReadDirEntryErrOk);
489 }
490 case TIFF_SSHORT:
491 {
492 int16 m;
493 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
494 err=TIFFReadDirEntryCheckRangeLong8Sshort(m);
495 if (err!=TIFFReadDirEntryErrOk)
496 return(err);
497 *value=(uint64)m;
498 return(TIFFReadDirEntryErrOk);
499 }
500 case TIFF_LONG:
501 {
502 uint32 m;
503 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
504 *value=(uint64)m;
505 return(TIFFReadDirEntryErrOk);
506 }
507 case TIFF_SLONG:
508 {
509 int32 m;
510 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
511 err=TIFFReadDirEntryCheckRangeLong8Slong(m);
512 if (err!=TIFFReadDirEntryErrOk)
513 return(err);
514 *value=(uint64)m;
515 return(TIFFReadDirEntryErrOk);
516 }
517 case TIFF_LONG8:
518 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
519 return(err);
520 case TIFF_SLONG8:
521 {
522 int64 m;
523 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
524 if (err!=TIFFReadDirEntryErrOk)
525 return(err);
526 err=TIFFReadDirEntryCheckRangeLong8Slong8(m);
527 if (err!=TIFFReadDirEntryErrOk)
528 return(err);
529 *value=(uint64)m;
530 return(TIFFReadDirEntryErrOk);
531 }
532 default:
533 return(TIFFReadDirEntryErrType);
534 }
535 }
536
TIFFReadDirEntryFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)537 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
538 {
539 enum TIFFReadDirEntryErr err;
540 if (direntry->tdir_count!=1)
541 return(TIFFReadDirEntryErrCount);
542 switch (direntry->tdir_type)
543 {
544 case TIFF_BYTE:
545 {
546 uint8 m;
547 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
548 *value=(float)m;
549 return(TIFFReadDirEntryErrOk);
550 }
551 case TIFF_SBYTE:
552 {
553 int8 m;
554 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
555 *value=(float)m;
556 return(TIFFReadDirEntryErrOk);
557 }
558 case TIFF_SHORT:
559 {
560 uint16 m;
561 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
562 *value=(float)m;
563 return(TIFFReadDirEntryErrOk);
564 }
565 case TIFF_SSHORT:
566 {
567 int16 m;
568 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
569 *value=(float)m;
570 return(TIFFReadDirEntryErrOk);
571 }
572 case TIFF_LONG:
573 {
574 uint32 m;
575 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
576 *value=(float)m;
577 return(TIFFReadDirEntryErrOk);
578 }
579 case TIFF_SLONG:
580 {
581 int32 m;
582 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
583 *value=(float)m;
584 return(TIFFReadDirEntryErrOk);
585 }
586 case TIFF_LONG8:
587 {
588 uint64 m;
589 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
590 if (err!=TIFFReadDirEntryErrOk)
591 return(err);
592 #if defined(__WIN32__) && (_MSC_VER < 1500)
593 /*
594 * XXX: MSVC 6.0 does not support conversion
595 * of 64-bit integers into floating point
596 * values.
597 */
598 *value = _TIFFUInt64ToFloat(m);
599 #else
600 *value=(float)m;
601 #endif
602 return(TIFFReadDirEntryErrOk);
603 }
604 case TIFF_SLONG8:
605 {
606 int64 m;
607 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
608 if (err!=TIFFReadDirEntryErrOk)
609 return(err);
610 *value=(float)m;
611 return(TIFFReadDirEntryErrOk);
612 }
613 case TIFF_RATIONAL:
614 {
615 double m;
616 err=TIFFReadDirEntryCheckedRational(tif,direntry,&m);
617 if (err!=TIFFReadDirEntryErrOk)
618 return(err);
619 *value=(float)m;
620 return(TIFFReadDirEntryErrOk);
621 }
622 case TIFF_SRATIONAL:
623 {
624 double m;
625 err=TIFFReadDirEntryCheckedSrational(tif,direntry,&m);
626 if (err!=TIFFReadDirEntryErrOk)
627 return(err);
628 *value=(float)m;
629 return(TIFFReadDirEntryErrOk);
630 }
631 case TIFF_FLOAT:
632 TIFFReadDirEntryCheckedFloat(tif,direntry,value);
633 return(TIFFReadDirEntryErrOk);
634 case TIFF_DOUBLE:
635 {
636 double m;
637 err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m);
638 if (err!=TIFFReadDirEntryErrOk)
639 return(err);
640 if ((m > FLT_MAX) || (m < FLT_MIN))
641 return(TIFFReadDirEntryErrRange);
642 *value=(float)m;
643 return(TIFFReadDirEntryErrOk);
644 }
645 default:
646 return(TIFFReadDirEntryErrType);
647 }
648 }
649
TIFFReadDirEntryDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)650 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
651 {
652 enum TIFFReadDirEntryErr err;
653 if (direntry->tdir_count!=1)
654 return(TIFFReadDirEntryErrCount);
655 switch (direntry->tdir_type)
656 {
657 case TIFF_BYTE:
658 {
659 uint8 m;
660 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
661 *value=(double)m;
662 return(TIFFReadDirEntryErrOk);
663 }
664 case TIFF_SBYTE:
665 {
666 int8 m;
667 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
668 *value=(double)m;
669 return(TIFFReadDirEntryErrOk);
670 }
671 case TIFF_SHORT:
672 {
673 uint16 m;
674 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
675 *value=(double)m;
676 return(TIFFReadDirEntryErrOk);
677 }
678 case TIFF_SSHORT:
679 {
680 int16 m;
681 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
682 *value=(double)m;
683 return(TIFFReadDirEntryErrOk);
684 }
685 case TIFF_LONG:
686 {
687 uint32 m;
688 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
689 *value=(double)m;
690 return(TIFFReadDirEntryErrOk);
691 }
692 case TIFF_SLONG:
693 {
694 int32 m;
695 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
696 *value=(double)m;
697 return(TIFFReadDirEntryErrOk);
698 }
699 case TIFF_LONG8:
700 {
701 uint64 m;
702 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
703 if (err!=TIFFReadDirEntryErrOk)
704 return(err);
705 #if defined(__WIN32__) && (_MSC_VER < 1500)
706 /*
707 * XXX: MSVC 6.0 does not support conversion
708 * of 64-bit integers into floating point
709 * values.
710 */
711 *value = _TIFFUInt64ToDouble(m);
712 #else
713 *value = (double)m;
714 #endif
715 return(TIFFReadDirEntryErrOk);
716 }
717 case TIFF_SLONG8:
718 {
719 int64 m;
720 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
721 if (err!=TIFFReadDirEntryErrOk)
722 return(err);
723 *value=(double)m;
724 return(TIFFReadDirEntryErrOk);
725 }
726 case TIFF_RATIONAL:
727 err=TIFFReadDirEntryCheckedRational(tif,direntry,value);
728 return(err);
729 case TIFF_SRATIONAL:
730 err=TIFFReadDirEntryCheckedSrational(tif,direntry,value);
731 return(err);
732 case TIFF_FLOAT:
733 {
734 float m;
735 TIFFReadDirEntryCheckedFloat(tif,direntry,&m);
736 *value=(double)m;
737 return(TIFFReadDirEntryErrOk);
738 }
739 case TIFF_DOUBLE:
740 err=TIFFReadDirEntryCheckedDouble(tif,direntry,value);
741 return(err);
742 default:
743 return(TIFFReadDirEntryErrType);
744 }
745 }
746
TIFFReadDirEntryIfd8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)747 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
748 {
749 enum TIFFReadDirEntryErr err;
750 if (direntry->tdir_count!=1)
751 return(TIFFReadDirEntryErrCount);
752 switch (direntry->tdir_type)
753 {
754 case TIFF_LONG:
755 case TIFF_IFD:
756 {
757 uint32 m;
758 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
759 *value=(uint64)m;
760 return(TIFFReadDirEntryErrOk);
761 }
762 case TIFF_LONG8:
763 case TIFF_IFD8:
764 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
765 return(err);
766 default:
767 return(TIFFReadDirEntryErrType);
768 }
769 }
770
771
772 #define INITIAL_THRESHOLD (1024 * 1024)
773 #define THRESHOLD_MULTIPLIER 10
774 #define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD)
775
TIFFReadDirEntryDataAndRealloc(TIFF * tif,uint64 offset,tmsize_t size,void ** pdest)776 static enum TIFFReadDirEntryErr TIFFReadDirEntryDataAndRealloc(
777 TIFF* tif, uint64 offset, tmsize_t size, void** pdest)
778 {
779 #if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8
780 tmsize_t threshold = INITIAL_THRESHOLD;
781 #endif
782 tmsize_t already_read = 0;
783
784 assert( !isMapped(tif) );
785
786 if (!SeekOK(tif,offset))
787 return(TIFFReadDirEntryErrIo);
788
789 /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */
790 /* so as to avoid allocating too much memory in case the file is too */
791 /* short. We could ask for the file size, but this might be */
792 /* expensive with some I/O layers (think of reading a gzipped file) */
793 /* Restrict to 64 bit processes, so as to avoid reallocs() */
794 /* on 32 bit processes where virtual memory is scarce. */
795 while( already_read < size )
796 {
797 void* new_dest;
798 tmsize_t bytes_read;
799 tmsize_t to_read = size - already_read;
800 #if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8
801 if( to_read >= threshold && threshold < MAX_THRESHOLD )
802 {
803 to_read = threshold;
804 threshold *= THRESHOLD_MULTIPLIER;
805 }
806 #endif
807
808 new_dest = (uint8*) _TIFFrealloc(
809 *pdest, already_read + to_read);
810 if( new_dest == NULL )
811 {
812 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
813 "Failed to allocate memory for %s "
814 "(%ld elements of %ld bytes each)",
815 "TIFFReadDirEntryArray",
816 (long) 1, (long) (already_read + to_read));
817 return TIFFReadDirEntryErrAlloc;
818 }
819 *pdest = new_dest;
820
821 bytes_read = TIFFReadFile(tif,
822 (char*)*pdest + already_read, to_read);
823 already_read += bytes_read;
824 if (bytes_read != to_read) {
825 return TIFFReadDirEntryErrIo;
826 }
827 }
828 return TIFFReadDirEntryErrOk;
829 }
830
TIFFReadDirEntryArrayWithLimit(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value,uint64 maxcount)831 static enum TIFFReadDirEntryErr TIFFReadDirEntryArrayWithLimit(
832 TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize,
833 void** value, uint64 maxcount)
834 {
835 int typesize;
836 uint32 datasize;
837 void* data;
838 uint64 target_count64;
839 typesize=TIFFDataWidth(direntry->tdir_type);
840
841 target_count64 = (direntry->tdir_count > maxcount) ?
842 maxcount : direntry->tdir_count;
843
844 if ((target_count64==0)||(typesize==0))
845 {
846 *value=0;
847 return(TIFFReadDirEntryErrOk);
848 }
849 (void) desttypesize;
850
851 /*
852 * As a sanity check, make sure we have no more than a 2GB tag array
853 * in either the current data type or the dest data type. This also
854 * avoids problems with overflow of tmsize_t on 32bit systems.
855 */
856 if ((uint64)(2147483647/typesize)<target_count64)
857 return(TIFFReadDirEntryErrSizesan);
858 if ((uint64)(2147483647/desttypesize)<target_count64)
859 return(TIFFReadDirEntryErrSizesan);
860
861 *count=(uint32)target_count64;
862 datasize=(*count)*typesize;
863 assert((tmsize_t)datasize>0);
864
865 if( isMapped(tif) && datasize > (uint32)tif->tif_size )
866 return TIFFReadDirEntryErrIo;
867
868 if( !isMapped(tif) &&
869 (((tif->tif_flags&TIFF_BIGTIFF) && datasize > 8) ||
870 (!(tif->tif_flags&TIFF_BIGTIFF) && datasize > 4)) )
871 {
872 data = NULL;
873 }
874 else
875 {
876 data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
877 if (data==0)
878 return(TIFFReadDirEntryErrAlloc);
879 }
880 if (!(tif->tif_flags&TIFF_BIGTIFF))
881 {
882 if (datasize<=4)
883 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
884 else
885 {
886 enum TIFFReadDirEntryErr err;
887 uint32 offset = direntry->tdir_offset.toff_long;
888 if (tif->tif_flags&TIFF_SWAB)
889 TIFFSwabLong(&offset);
890 if( isMapped(tif) )
891 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
892 else
893 err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data);
894 if (err!=TIFFReadDirEntryErrOk)
895 {
896 _TIFFfree(data);
897 return(err);
898 }
899 }
900 }
901 else
902 {
903 if (datasize<=8)
904 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
905 else
906 {
907 enum TIFFReadDirEntryErr err;
908 uint64 offset = direntry->tdir_offset.toff_long8;
909 if (tif->tif_flags&TIFF_SWAB)
910 TIFFSwabLong8(&offset);
911 if( isMapped(tif) )
912 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
913 else
914 err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data);
915 if (err!=TIFFReadDirEntryErrOk)
916 {
917 _TIFFfree(data);
918 return(err);
919 }
920 }
921 }
922 *value=data;
923 return(TIFFReadDirEntryErrOk);
924 }
925
TIFFReadDirEntryArray(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value)926 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value)
927 {
928 return TIFFReadDirEntryArrayWithLimit(tif, direntry, count,
929 desttypesize, value, ~((uint64)0));
930 }
931
TIFFReadDirEntryByteArray(TIFF * tif,TIFFDirEntry * direntry,uint8 ** value)932 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value)
933 {
934 enum TIFFReadDirEntryErr err;
935 uint32 count;
936 void* origdata;
937 uint8* data;
938 switch (direntry->tdir_type)
939 {
940 case TIFF_ASCII:
941 case TIFF_UNDEFINED:
942 case TIFF_BYTE:
943 case TIFF_SBYTE:
944 case TIFF_SHORT:
945 case TIFF_SSHORT:
946 case TIFF_LONG:
947 case TIFF_SLONG:
948 case TIFF_LONG8:
949 case TIFF_SLONG8:
950 break;
951 default:
952 return(TIFFReadDirEntryErrType);
953 }
954 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
955 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
956 {
957 *value=0;
958 return(err);
959 }
960 switch (direntry->tdir_type)
961 {
962 case TIFF_ASCII:
963 case TIFF_UNDEFINED:
964 case TIFF_BYTE:
965 *value=(uint8*)origdata;
966 return(TIFFReadDirEntryErrOk);
967 case TIFF_SBYTE:
968 {
969 int8* m;
970 uint32 n;
971 m=(int8*)origdata;
972 for (n=0; n<count; n++)
973 {
974 err=TIFFReadDirEntryCheckRangeByteSbyte(*m);
975 if (err!=TIFFReadDirEntryErrOk)
976 {
977 _TIFFfree(origdata);
978 return(err);
979 }
980 m++;
981 }
982 *value=(uint8*)origdata;
983 return(TIFFReadDirEntryErrOk);
984 }
985 }
986 data=(uint8*)_TIFFmalloc(count);
987 if (data==0)
988 {
989 _TIFFfree(origdata);
990 return(TIFFReadDirEntryErrAlloc);
991 }
992 switch (direntry->tdir_type)
993 {
994 case TIFF_SHORT:
995 {
996 uint16* ma;
997 uint8* mb;
998 uint32 n;
999 ma=(uint16*)origdata;
1000 mb=data;
1001 for (n=0; n<count; n++)
1002 {
1003 if (tif->tif_flags&TIFF_SWAB)
1004 TIFFSwabShort(ma);
1005 err=TIFFReadDirEntryCheckRangeByteShort(*ma);
1006 if (err!=TIFFReadDirEntryErrOk)
1007 break;
1008 *mb++=(uint8)(*ma++);
1009 }
1010 }
1011 break;
1012 case TIFF_SSHORT:
1013 {
1014 int16* ma;
1015 uint8* mb;
1016 uint32 n;
1017 ma=(int16*)origdata;
1018 mb=data;
1019 for (n=0; n<count; n++)
1020 {
1021 if (tif->tif_flags&TIFF_SWAB)
1022 TIFFSwabShort((uint16*)ma);
1023 err=TIFFReadDirEntryCheckRangeByteSshort(*ma);
1024 if (err!=TIFFReadDirEntryErrOk)
1025 break;
1026 *mb++=(uint8)(*ma++);
1027 }
1028 }
1029 break;
1030 case TIFF_LONG:
1031 {
1032 uint32* ma;
1033 uint8* mb;
1034 uint32 n;
1035 ma=(uint32*)origdata;
1036 mb=data;
1037 for (n=0; n<count; n++)
1038 {
1039 if (tif->tif_flags&TIFF_SWAB)
1040 TIFFSwabLong(ma);
1041 err=TIFFReadDirEntryCheckRangeByteLong(*ma);
1042 if (err!=TIFFReadDirEntryErrOk)
1043 break;
1044 *mb++=(uint8)(*ma++);
1045 }
1046 }
1047 break;
1048 case TIFF_SLONG:
1049 {
1050 int32* ma;
1051 uint8* mb;
1052 uint32 n;
1053 ma=(int32*)origdata;
1054 mb=data;
1055 for (n=0; n<count; n++)
1056 {
1057 if (tif->tif_flags&TIFF_SWAB)
1058 TIFFSwabLong((uint32*)ma);
1059 err=TIFFReadDirEntryCheckRangeByteSlong(*ma);
1060 if (err!=TIFFReadDirEntryErrOk)
1061 break;
1062 *mb++=(uint8)(*ma++);
1063 }
1064 }
1065 break;
1066 case TIFF_LONG8:
1067 {
1068 uint64* ma;
1069 uint8* mb;
1070 uint32 n;
1071 ma=(uint64*)origdata;
1072 mb=data;
1073 for (n=0; n<count; n++)
1074 {
1075 if (tif->tif_flags&TIFF_SWAB)
1076 TIFFSwabLong8(ma);
1077 err=TIFFReadDirEntryCheckRangeByteLong8(*ma);
1078 if (err!=TIFFReadDirEntryErrOk)
1079 break;
1080 *mb++=(uint8)(*ma++);
1081 }
1082 }
1083 break;
1084 case TIFF_SLONG8:
1085 {
1086 int64* ma;
1087 uint8* mb;
1088 uint32 n;
1089 ma=(int64*)origdata;
1090 mb=data;
1091 for (n=0; n<count; n++)
1092 {
1093 if (tif->tif_flags&TIFF_SWAB)
1094 TIFFSwabLong8((uint64*)ma);
1095 err=TIFFReadDirEntryCheckRangeByteSlong8(*ma);
1096 if (err!=TIFFReadDirEntryErrOk)
1097 break;
1098 *mb++=(uint8)(*ma++);
1099 }
1100 }
1101 break;
1102 }
1103 _TIFFfree(origdata);
1104 if (err!=TIFFReadDirEntryErrOk)
1105 {
1106 _TIFFfree(data);
1107 return(err);
1108 }
1109 *value=data;
1110 return(TIFFReadDirEntryErrOk);
1111 }
1112
TIFFReadDirEntrySbyteArray(TIFF * tif,TIFFDirEntry * direntry,int8 ** value)1113 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value)
1114 {
1115 enum TIFFReadDirEntryErr err;
1116 uint32 count;
1117 void* origdata;
1118 int8* data;
1119 switch (direntry->tdir_type)
1120 {
1121 case TIFF_UNDEFINED:
1122 case TIFF_BYTE:
1123 case TIFF_SBYTE:
1124 case TIFF_SHORT:
1125 case TIFF_SSHORT:
1126 case TIFF_LONG:
1127 case TIFF_SLONG:
1128 case TIFF_LONG8:
1129 case TIFF_SLONG8:
1130 break;
1131 default:
1132 return(TIFFReadDirEntryErrType);
1133 }
1134 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
1135 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1136 {
1137 *value=0;
1138 return(err);
1139 }
1140 switch (direntry->tdir_type)
1141 {
1142 case TIFF_UNDEFINED:
1143 case TIFF_BYTE:
1144 {
1145 uint8* m;
1146 uint32 n;
1147 m=(uint8*)origdata;
1148 for (n=0; n<count; n++)
1149 {
1150 err=TIFFReadDirEntryCheckRangeSbyteByte(*m);
1151 if (err!=TIFFReadDirEntryErrOk)
1152 {
1153 _TIFFfree(origdata);
1154 return(err);
1155 }
1156 m++;
1157 }
1158 *value=(int8*)origdata;
1159 return(TIFFReadDirEntryErrOk);
1160 }
1161 case TIFF_SBYTE:
1162 *value=(int8*)origdata;
1163 return(TIFFReadDirEntryErrOk);
1164 }
1165 data=(int8*)_TIFFmalloc(count);
1166 if (data==0)
1167 {
1168 _TIFFfree(origdata);
1169 return(TIFFReadDirEntryErrAlloc);
1170 }
1171 switch (direntry->tdir_type)
1172 {
1173 case TIFF_SHORT:
1174 {
1175 uint16* ma;
1176 int8* mb;
1177 uint32 n;
1178 ma=(uint16*)origdata;
1179 mb=data;
1180 for (n=0; n<count; n++)
1181 {
1182 if (tif->tif_flags&TIFF_SWAB)
1183 TIFFSwabShort(ma);
1184 err=TIFFReadDirEntryCheckRangeSbyteShort(*ma);
1185 if (err!=TIFFReadDirEntryErrOk)
1186 break;
1187 *mb++=(int8)(*ma++);
1188 }
1189 }
1190 break;
1191 case TIFF_SSHORT:
1192 {
1193 int16* ma;
1194 int8* mb;
1195 uint32 n;
1196 ma=(int16*)origdata;
1197 mb=data;
1198 for (n=0; n<count; n++)
1199 {
1200 if (tif->tif_flags&TIFF_SWAB)
1201 TIFFSwabShort((uint16*)ma);
1202 err=TIFFReadDirEntryCheckRangeSbyteSshort(*ma);
1203 if (err!=TIFFReadDirEntryErrOk)
1204 break;
1205 *mb++=(int8)(*ma++);
1206 }
1207 }
1208 break;
1209 case TIFF_LONG:
1210 {
1211 uint32* ma;
1212 int8* mb;
1213 uint32 n;
1214 ma=(uint32*)origdata;
1215 mb=data;
1216 for (n=0; n<count; n++)
1217 {
1218 if (tif->tif_flags&TIFF_SWAB)
1219 TIFFSwabLong(ma);
1220 err=TIFFReadDirEntryCheckRangeSbyteLong(*ma);
1221 if (err!=TIFFReadDirEntryErrOk)
1222 break;
1223 *mb++=(int8)(*ma++);
1224 }
1225 }
1226 break;
1227 case TIFF_SLONG:
1228 {
1229 int32* ma;
1230 int8* mb;
1231 uint32 n;
1232 ma=(int32*)origdata;
1233 mb=data;
1234 for (n=0; n<count; n++)
1235 {
1236 if (tif->tif_flags&TIFF_SWAB)
1237 TIFFSwabLong((uint32*)ma);
1238 err=TIFFReadDirEntryCheckRangeSbyteSlong(*ma);
1239 if (err!=TIFFReadDirEntryErrOk)
1240 break;
1241 *mb++=(int8)(*ma++);
1242 }
1243 }
1244 break;
1245 case TIFF_LONG8:
1246 {
1247 uint64* ma;
1248 int8* mb;
1249 uint32 n;
1250 ma=(uint64*)origdata;
1251 mb=data;
1252 for (n=0; n<count; n++)
1253 {
1254 if (tif->tif_flags&TIFF_SWAB)
1255 TIFFSwabLong8(ma);
1256 err=TIFFReadDirEntryCheckRangeSbyteLong8(*ma);
1257 if (err!=TIFFReadDirEntryErrOk)
1258 break;
1259 *mb++=(int8)(*ma++);
1260 }
1261 }
1262 break;
1263 case TIFF_SLONG8:
1264 {
1265 int64* ma;
1266 int8* mb;
1267 uint32 n;
1268 ma=(int64*)origdata;
1269 mb=data;
1270 for (n=0; n<count; n++)
1271 {
1272 if (tif->tif_flags&TIFF_SWAB)
1273 TIFFSwabLong8((uint64*)ma);
1274 err=TIFFReadDirEntryCheckRangeSbyteSlong8(*ma);
1275 if (err!=TIFFReadDirEntryErrOk)
1276 break;
1277 *mb++=(int8)(*ma++);
1278 }
1279 }
1280 break;
1281 }
1282 _TIFFfree(origdata);
1283 if (err!=TIFFReadDirEntryErrOk)
1284 {
1285 _TIFFfree(data);
1286 return(err);
1287 }
1288 *value=data;
1289 return(TIFFReadDirEntryErrOk);
1290 }
1291
TIFFReadDirEntryShortArray(TIFF * tif,TIFFDirEntry * direntry,uint16 ** value)1292 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value)
1293 {
1294 enum TIFFReadDirEntryErr err;
1295 uint32 count;
1296 void* origdata;
1297 uint16* data;
1298 switch (direntry->tdir_type)
1299 {
1300 case TIFF_BYTE:
1301 case TIFF_SBYTE:
1302 case TIFF_SHORT:
1303 case TIFF_SSHORT:
1304 case TIFF_LONG:
1305 case TIFF_SLONG:
1306 case TIFF_LONG8:
1307 case TIFF_SLONG8:
1308 break;
1309 default:
1310 return(TIFFReadDirEntryErrType);
1311 }
1312 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1313 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1314 {
1315 *value=0;
1316 return(err);
1317 }
1318 switch (direntry->tdir_type)
1319 {
1320 case TIFF_SHORT:
1321 *value=(uint16*)origdata;
1322 if (tif->tif_flags&TIFF_SWAB)
1323 TIFFSwabArrayOfShort(*value,count);
1324 return(TIFFReadDirEntryErrOk);
1325 case TIFF_SSHORT:
1326 {
1327 int16* m;
1328 uint32 n;
1329 m=(int16*)origdata;
1330 for (n=0; n<count; n++)
1331 {
1332 if (tif->tif_flags&TIFF_SWAB)
1333 TIFFSwabShort((uint16*)m);
1334 err=TIFFReadDirEntryCheckRangeShortSshort(*m);
1335 if (err!=TIFFReadDirEntryErrOk)
1336 {
1337 _TIFFfree(origdata);
1338 return(err);
1339 }
1340 m++;
1341 }
1342 *value=(uint16*)origdata;
1343 return(TIFFReadDirEntryErrOk);
1344 }
1345 }
1346 data=(uint16*)_TIFFmalloc(count*2);
1347 if (data==0)
1348 {
1349 _TIFFfree(origdata);
1350 return(TIFFReadDirEntryErrAlloc);
1351 }
1352 switch (direntry->tdir_type)
1353 {
1354 case TIFF_BYTE:
1355 {
1356 uint8* ma;
1357 uint16* mb;
1358 uint32 n;
1359 ma=(uint8*)origdata;
1360 mb=data;
1361 for (n=0; n<count; n++)
1362 *mb++=(uint16)(*ma++);
1363 }
1364 break;
1365 case TIFF_SBYTE:
1366 {
1367 int8* ma;
1368 uint16* mb;
1369 uint32 n;
1370 ma=(int8*)origdata;
1371 mb=data;
1372 for (n=0; n<count; n++)
1373 {
1374 err=TIFFReadDirEntryCheckRangeShortSbyte(*ma);
1375 if (err!=TIFFReadDirEntryErrOk)
1376 break;
1377 *mb++=(uint16)(*ma++);
1378 }
1379 }
1380 break;
1381 case TIFF_LONG:
1382 {
1383 uint32* ma;
1384 uint16* mb;
1385 uint32 n;
1386 ma=(uint32*)origdata;
1387 mb=data;
1388 for (n=0; n<count; n++)
1389 {
1390 if (tif->tif_flags&TIFF_SWAB)
1391 TIFFSwabLong(ma);
1392 err=TIFFReadDirEntryCheckRangeShortLong(*ma);
1393 if (err!=TIFFReadDirEntryErrOk)
1394 break;
1395 *mb++=(uint16)(*ma++);
1396 }
1397 }
1398 break;
1399 case TIFF_SLONG:
1400 {
1401 int32* ma;
1402 uint16* mb;
1403 uint32 n;
1404 ma=(int32*)origdata;
1405 mb=data;
1406 for (n=0; n<count; n++)
1407 {
1408 if (tif->tif_flags&TIFF_SWAB)
1409 TIFFSwabLong((uint32*)ma);
1410 err=TIFFReadDirEntryCheckRangeShortSlong(*ma);
1411 if (err!=TIFFReadDirEntryErrOk)
1412 break;
1413 *mb++=(uint16)(*ma++);
1414 }
1415 }
1416 break;
1417 case TIFF_LONG8:
1418 {
1419 uint64* ma;
1420 uint16* mb;
1421 uint32 n;
1422 ma=(uint64*)origdata;
1423 mb=data;
1424 for (n=0; n<count; n++)
1425 {
1426 if (tif->tif_flags&TIFF_SWAB)
1427 TIFFSwabLong8(ma);
1428 err=TIFFReadDirEntryCheckRangeShortLong8(*ma);
1429 if (err!=TIFFReadDirEntryErrOk)
1430 break;
1431 *mb++=(uint16)(*ma++);
1432 }
1433 }
1434 break;
1435 case TIFF_SLONG8:
1436 {
1437 int64* ma;
1438 uint16* mb;
1439 uint32 n;
1440 ma=(int64*)origdata;
1441 mb=data;
1442 for (n=0; n<count; n++)
1443 {
1444 if (tif->tif_flags&TIFF_SWAB)
1445 TIFFSwabLong8((uint64*)ma);
1446 err=TIFFReadDirEntryCheckRangeShortSlong8(*ma);
1447 if (err!=TIFFReadDirEntryErrOk)
1448 break;
1449 *mb++=(uint16)(*ma++);
1450 }
1451 }
1452 break;
1453 }
1454 _TIFFfree(origdata);
1455 if (err!=TIFFReadDirEntryErrOk)
1456 {
1457 _TIFFfree(data);
1458 return(err);
1459 }
1460 *value=data;
1461 return(TIFFReadDirEntryErrOk);
1462 }
1463
TIFFReadDirEntrySshortArray(TIFF * tif,TIFFDirEntry * direntry,int16 ** value)1464 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value)
1465 {
1466 enum TIFFReadDirEntryErr err;
1467 uint32 count;
1468 void* origdata;
1469 int16* data;
1470 switch (direntry->tdir_type)
1471 {
1472 case TIFF_BYTE:
1473 case TIFF_SBYTE:
1474 case TIFF_SHORT:
1475 case TIFF_SSHORT:
1476 case TIFF_LONG:
1477 case TIFF_SLONG:
1478 case TIFF_LONG8:
1479 case TIFF_SLONG8:
1480 break;
1481 default:
1482 return(TIFFReadDirEntryErrType);
1483 }
1484 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1485 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1486 {
1487 *value=0;
1488 return(err);
1489 }
1490 switch (direntry->tdir_type)
1491 {
1492 case TIFF_SHORT:
1493 {
1494 uint16* m;
1495 uint32 n;
1496 m=(uint16*)origdata;
1497 for (n=0; n<count; n++)
1498 {
1499 if (tif->tif_flags&TIFF_SWAB)
1500 TIFFSwabShort(m);
1501 err=TIFFReadDirEntryCheckRangeSshortShort(*m);
1502 if (err!=TIFFReadDirEntryErrOk)
1503 {
1504 _TIFFfree(origdata);
1505 return(err);
1506 }
1507 m++;
1508 }
1509 *value=(int16*)origdata;
1510 return(TIFFReadDirEntryErrOk);
1511 }
1512 case TIFF_SSHORT:
1513 *value=(int16*)origdata;
1514 if (tif->tif_flags&TIFF_SWAB)
1515 TIFFSwabArrayOfShort((uint16*)(*value),count);
1516 return(TIFFReadDirEntryErrOk);
1517 }
1518 data=(int16*)_TIFFmalloc(count*2);
1519 if (data==0)
1520 {
1521 _TIFFfree(origdata);
1522 return(TIFFReadDirEntryErrAlloc);
1523 }
1524 switch (direntry->tdir_type)
1525 {
1526 case TIFF_BYTE:
1527 {
1528 uint8* ma;
1529 int16* mb;
1530 uint32 n;
1531 ma=(uint8*)origdata;
1532 mb=data;
1533 for (n=0; n<count; n++)
1534 *mb++=(int16)(*ma++);
1535 }
1536 break;
1537 case TIFF_SBYTE:
1538 {
1539 int8* ma;
1540 int16* mb;
1541 uint32 n;
1542 ma=(int8*)origdata;
1543 mb=data;
1544 for (n=0; n<count; n++)
1545 *mb++=(int16)(*ma++);
1546 }
1547 break;
1548 case TIFF_LONG:
1549 {
1550 uint32* ma;
1551 int16* mb;
1552 uint32 n;
1553 ma=(uint32*)origdata;
1554 mb=data;
1555 for (n=0; n<count; n++)
1556 {
1557 if (tif->tif_flags&TIFF_SWAB)
1558 TIFFSwabLong(ma);
1559 err=TIFFReadDirEntryCheckRangeSshortLong(*ma);
1560 if (err!=TIFFReadDirEntryErrOk)
1561 break;
1562 *mb++=(int16)(*ma++);
1563 }
1564 }
1565 break;
1566 case TIFF_SLONG:
1567 {
1568 int32* ma;
1569 int16* mb;
1570 uint32 n;
1571 ma=(int32*)origdata;
1572 mb=data;
1573 for (n=0; n<count; n++)
1574 {
1575 if (tif->tif_flags&TIFF_SWAB)
1576 TIFFSwabLong((uint32*)ma);
1577 err=TIFFReadDirEntryCheckRangeSshortSlong(*ma);
1578 if (err!=TIFFReadDirEntryErrOk)
1579 break;
1580 *mb++=(int16)(*ma++);
1581 }
1582 }
1583 break;
1584 case TIFF_LONG8:
1585 {
1586 uint64* ma;
1587 int16* mb;
1588 uint32 n;
1589 ma=(uint64*)origdata;
1590 mb=data;
1591 for (n=0; n<count; n++)
1592 {
1593 if (tif->tif_flags&TIFF_SWAB)
1594 TIFFSwabLong8(ma);
1595 err=TIFFReadDirEntryCheckRangeSshortLong8(*ma);
1596 if (err!=TIFFReadDirEntryErrOk)
1597 break;
1598 *mb++=(int16)(*ma++);
1599 }
1600 }
1601 break;
1602 case TIFF_SLONG8:
1603 {
1604 int64* ma;
1605 int16* mb;
1606 uint32 n;
1607 ma=(int64*)origdata;
1608 mb=data;
1609 for (n=0; n<count; n++)
1610 {
1611 if (tif->tif_flags&TIFF_SWAB)
1612 TIFFSwabLong8((uint64*)ma);
1613 err=TIFFReadDirEntryCheckRangeSshortSlong8(*ma);
1614 if (err!=TIFFReadDirEntryErrOk)
1615 break;
1616 *mb++=(int16)(*ma++);
1617 }
1618 }
1619 break;
1620 }
1621 _TIFFfree(origdata);
1622 if (err!=TIFFReadDirEntryErrOk)
1623 {
1624 _TIFFfree(data);
1625 return(err);
1626 }
1627 *value=data;
1628 return(TIFFReadDirEntryErrOk);
1629 }
1630
TIFFReadDirEntryLongArray(TIFF * tif,TIFFDirEntry * direntry,uint32 ** value)1631 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value)
1632 {
1633 enum TIFFReadDirEntryErr err;
1634 uint32 count;
1635 void* origdata;
1636 uint32* data;
1637 switch (direntry->tdir_type)
1638 {
1639 case TIFF_BYTE:
1640 case TIFF_SBYTE:
1641 case TIFF_SHORT:
1642 case TIFF_SSHORT:
1643 case TIFF_LONG:
1644 case TIFF_SLONG:
1645 case TIFF_LONG8:
1646 case TIFF_SLONG8:
1647 break;
1648 default:
1649 return(TIFFReadDirEntryErrType);
1650 }
1651 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1652 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1653 {
1654 *value=0;
1655 return(err);
1656 }
1657 switch (direntry->tdir_type)
1658 {
1659 case TIFF_LONG:
1660 *value=(uint32*)origdata;
1661 if (tif->tif_flags&TIFF_SWAB)
1662 TIFFSwabArrayOfLong(*value,count);
1663 return(TIFFReadDirEntryErrOk);
1664 case TIFF_SLONG:
1665 {
1666 int32* m;
1667 uint32 n;
1668 m=(int32*)origdata;
1669 for (n=0; n<count; n++)
1670 {
1671 if (tif->tif_flags&TIFF_SWAB)
1672 TIFFSwabLong((uint32*)m);
1673 err=TIFFReadDirEntryCheckRangeLongSlong(*m);
1674 if (err!=TIFFReadDirEntryErrOk)
1675 {
1676 _TIFFfree(origdata);
1677 return(err);
1678 }
1679 m++;
1680 }
1681 *value=(uint32*)origdata;
1682 return(TIFFReadDirEntryErrOk);
1683 }
1684 }
1685 data=(uint32*)_TIFFmalloc(count*4);
1686 if (data==0)
1687 {
1688 _TIFFfree(origdata);
1689 return(TIFFReadDirEntryErrAlloc);
1690 }
1691 switch (direntry->tdir_type)
1692 {
1693 case TIFF_BYTE:
1694 {
1695 uint8* ma;
1696 uint32* mb;
1697 uint32 n;
1698 ma=(uint8*)origdata;
1699 mb=data;
1700 for (n=0; n<count; n++)
1701 *mb++=(uint32)(*ma++);
1702 }
1703 break;
1704 case TIFF_SBYTE:
1705 {
1706 int8* ma;
1707 uint32* mb;
1708 uint32 n;
1709 ma=(int8*)origdata;
1710 mb=data;
1711 for (n=0; n<count; n++)
1712 {
1713 err=TIFFReadDirEntryCheckRangeLongSbyte(*ma);
1714 if (err!=TIFFReadDirEntryErrOk)
1715 break;
1716 *mb++=(uint32)(*ma++);
1717 }
1718 }
1719 break;
1720 case TIFF_SHORT:
1721 {
1722 uint16* ma;
1723 uint32* mb;
1724 uint32 n;
1725 ma=(uint16*)origdata;
1726 mb=data;
1727 for (n=0; n<count; n++)
1728 {
1729 if (tif->tif_flags&TIFF_SWAB)
1730 TIFFSwabShort(ma);
1731 *mb++=(uint32)(*ma++);
1732 }
1733 }
1734 break;
1735 case TIFF_SSHORT:
1736 {
1737 int16* ma;
1738 uint32* mb;
1739 uint32 n;
1740 ma=(int16*)origdata;
1741 mb=data;
1742 for (n=0; n<count; n++)
1743 {
1744 if (tif->tif_flags&TIFF_SWAB)
1745 TIFFSwabShort((uint16*)ma);
1746 err=TIFFReadDirEntryCheckRangeLongSshort(*ma);
1747 if (err!=TIFFReadDirEntryErrOk)
1748 break;
1749 *mb++=(uint32)(*ma++);
1750 }
1751 }
1752 break;
1753 case TIFF_LONG8:
1754 {
1755 uint64* ma;
1756 uint32* mb;
1757 uint32 n;
1758 ma=(uint64*)origdata;
1759 mb=data;
1760 for (n=0; n<count; n++)
1761 {
1762 if (tif->tif_flags&TIFF_SWAB)
1763 TIFFSwabLong8(ma);
1764 err=TIFFReadDirEntryCheckRangeLongLong8(*ma);
1765 if (err!=TIFFReadDirEntryErrOk)
1766 break;
1767 *mb++=(uint32)(*ma++);
1768 }
1769 }
1770 break;
1771 case TIFF_SLONG8:
1772 {
1773 int64* ma;
1774 uint32* mb;
1775 uint32 n;
1776 ma=(int64*)origdata;
1777 mb=data;
1778 for (n=0; n<count; n++)
1779 {
1780 if (tif->tif_flags&TIFF_SWAB)
1781 TIFFSwabLong8((uint64*)ma);
1782 err=TIFFReadDirEntryCheckRangeLongSlong8(*ma);
1783 if (err!=TIFFReadDirEntryErrOk)
1784 break;
1785 *mb++=(uint32)(*ma++);
1786 }
1787 }
1788 break;
1789 }
1790 _TIFFfree(origdata);
1791 if (err!=TIFFReadDirEntryErrOk)
1792 {
1793 _TIFFfree(data);
1794 return(err);
1795 }
1796 *value=data;
1797 return(TIFFReadDirEntryErrOk);
1798 }
1799
TIFFReadDirEntrySlongArray(TIFF * tif,TIFFDirEntry * direntry,int32 ** value)1800 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value)
1801 {
1802 enum TIFFReadDirEntryErr err;
1803 uint32 count;
1804 void* origdata;
1805 int32* data;
1806 switch (direntry->tdir_type)
1807 {
1808 case TIFF_BYTE:
1809 case TIFF_SBYTE:
1810 case TIFF_SHORT:
1811 case TIFF_SSHORT:
1812 case TIFF_LONG:
1813 case TIFF_SLONG:
1814 case TIFF_LONG8:
1815 case TIFF_SLONG8:
1816 break;
1817 default:
1818 return(TIFFReadDirEntryErrType);
1819 }
1820 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1821 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1822 {
1823 *value=0;
1824 return(err);
1825 }
1826 switch (direntry->tdir_type)
1827 {
1828 case TIFF_LONG:
1829 {
1830 uint32* m;
1831 uint32 n;
1832 m=(uint32*)origdata;
1833 for (n=0; n<count; n++)
1834 {
1835 if (tif->tif_flags&TIFF_SWAB)
1836 TIFFSwabLong((uint32*)m);
1837 err=TIFFReadDirEntryCheckRangeSlongLong(*m);
1838 if (err!=TIFFReadDirEntryErrOk)
1839 {
1840 _TIFFfree(origdata);
1841 return(err);
1842 }
1843 m++;
1844 }
1845 *value=(int32*)origdata;
1846 return(TIFFReadDirEntryErrOk);
1847 }
1848 case TIFF_SLONG:
1849 *value=(int32*)origdata;
1850 if (tif->tif_flags&TIFF_SWAB)
1851 TIFFSwabArrayOfLong((uint32*)(*value),count);
1852 return(TIFFReadDirEntryErrOk);
1853 }
1854 data=(int32*)_TIFFmalloc(count*4);
1855 if (data==0)
1856 {
1857 _TIFFfree(origdata);
1858 return(TIFFReadDirEntryErrAlloc);
1859 }
1860 switch (direntry->tdir_type)
1861 {
1862 case TIFF_BYTE:
1863 {
1864 uint8* ma;
1865 int32* mb;
1866 uint32 n;
1867 ma=(uint8*)origdata;
1868 mb=data;
1869 for (n=0; n<count; n++)
1870 *mb++=(int32)(*ma++);
1871 }
1872 break;
1873 case TIFF_SBYTE:
1874 {
1875 int8* ma;
1876 int32* mb;
1877 uint32 n;
1878 ma=(int8*)origdata;
1879 mb=data;
1880 for (n=0; n<count; n++)
1881 *mb++=(int32)(*ma++);
1882 }
1883 break;
1884 case TIFF_SHORT:
1885 {
1886 uint16* ma;
1887 int32* mb;
1888 uint32 n;
1889 ma=(uint16*)origdata;
1890 mb=data;
1891 for (n=0; n<count; n++)
1892 {
1893 if (tif->tif_flags&TIFF_SWAB)
1894 TIFFSwabShort(ma);
1895 *mb++=(int32)(*ma++);
1896 }
1897 }
1898 break;
1899 case TIFF_SSHORT:
1900 {
1901 int16* ma;
1902 int32* mb;
1903 uint32 n;
1904 ma=(int16*)origdata;
1905 mb=data;
1906 for (n=0; n<count; n++)
1907 {
1908 if (tif->tif_flags&TIFF_SWAB)
1909 TIFFSwabShort((uint16*)ma);
1910 *mb++=(int32)(*ma++);
1911 }
1912 }
1913 break;
1914 case TIFF_LONG8:
1915 {
1916 uint64* ma;
1917 int32* mb;
1918 uint32 n;
1919 ma=(uint64*)origdata;
1920 mb=data;
1921 for (n=0; n<count; n++)
1922 {
1923 if (tif->tif_flags&TIFF_SWAB)
1924 TIFFSwabLong8(ma);
1925 err=TIFFReadDirEntryCheckRangeSlongLong8(*ma);
1926 if (err!=TIFFReadDirEntryErrOk)
1927 break;
1928 *mb++=(int32)(*ma++);
1929 }
1930 }
1931 break;
1932 case TIFF_SLONG8:
1933 {
1934 int64* ma;
1935 int32* mb;
1936 uint32 n;
1937 ma=(int64*)origdata;
1938 mb=data;
1939 for (n=0; n<count; n++)
1940 {
1941 if (tif->tif_flags&TIFF_SWAB)
1942 TIFFSwabLong8((uint64*)ma);
1943 err=TIFFReadDirEntryCheckRangeSlongSlong8(*ma);
1944 if (err!=TIFFReadDirEntryErrOk)
1945 break;
1946 *mb++=(int32)(*ma++);
1947 }
1948 }
1949 break;
1950 }
1951 _TIFFfree(origdata);
1952 if (err!=TIFFReadDirEntryErrOk)
1953 {
1954 _TIFFfree(data);
1955 return(err);
1956 }
1957 *value=data;
1958 return(TIFFReadDirEntryErrOk);
1959 }
1960
TIFFReadDirEntryLong8ArrayWithLimit(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value,uint64 maxcount)1961 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8ArrayWithLimit(
1962 TIFF* tif, TIFFDirEntry* direntry, uint64** value, uint64 maxcount)
1963 {
1964 enum TIFFReadDirEntryErr err;
1965 uint32 count;
1966 void* origdata;
1967 uint64* data;
1968 switch (direntry->tdir_type)
1969 {
1970 case TIFF_BYTE:
1971 case TIFF_SBYTE:
1972 case TIFF_SHORT:
1973 case TIFF_SSHORT:
1974 case TIFF_LONG:
1975 case TIFF_SLONG:
1976 case TIFF_LONG8:
1977 case TIFF_SLONG8:
1978 break;
1979 default:
1980 return(TIFFReadDirEntryErrType);
1981 }
1982 err=TIFFReadDirEntryArrayWithLimit(tif,direntry,&count,8,&origdata,maxcount);
1983 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1984 {
1985 *value=0;
1986 return(err);
1987 }
1988 switch (direntry->tdir_type)
1989 {
1990 case TIFF_LONG8:
1991 *value=(uint64*)origdata;
1992 if (tif->tif_flags&TIFF_SWAB)
1993 TIFFSwabArrayOfLong8(*value,count);
1994 return(TIFFReadDirEntryErrOk);
1995 case TIFF_SLONG8:
1996 {
1997 int64* m;
1998 uint32 n;
1999 m=(int64*)origdata;
2000 for (n=0; n<count; n++)
2001 {
2002 if (tif->tif_flags&TIFF_SWAB)
2003 TIFFSwabLong8((uint64*)m);
2004 err=TIFFReadDirEntryCheckRangeLong8Slong8(*m);
2005 if (err!=TIFFReadDirEntryErrOk)
2006 {
2007 _TIFFfree(origdata);
2008 return(err);
2009 }
2010 m++;
2011 }
2012 *value=(uint64*)origdata;
2013 return(TIFFReadDirEntryErrOk);
2014 }
2015 }
2016 data=(uint64*)_TIFFmalloc(count*8);
2017 if (data==0)
2018 {
2019 _TIFFfree(origdata);
2020 return(TIFFReadDirEntryErrAlloc);
2021 }
2022 switch (direntry->tdir_type)
2023 {
2024 case TIFF_BYTE:
2025 {
2026 uint8* ma;
2027 uint64* mb;
2028 uint32 n;
2029 ma=(uint8*)origdata;
2030 mb=data;
2031 for (n=0; n<count; n++)
2032 *mb++=(uint64)(*ma++);
2033 }
2034 break;
2035 case TIFF_SBYTE:
2036 {
2037 int8* ma;
2038 uint64* mb;
2039 uint32 n;
2040 ma=(int8*)origdata;
2041 mb=data;
2042 for (n=0; n<count; n++)
2043 {
2044 err=TIFFReadDirEntryCheckRangeLong8Sbyte(*ma);
2045 if (err!=TIFFReadDirEntryErrOk)
2046 break;
2047 *mb++=(uint64)(*ma++);
2048 }
2049 }
2050 break;
2051 case TIFF_SHORT:
2052 {
2053 uint16* ma;
2054 uint64* mb;
2055 uint32 n;
2056 ma=(uint16*)origdata;
2057 mb=data;
2058 for (n=0; n<count; n++)
2059 {
2060 if (tif->tif_flags&TIFF_SWAB)
2061 TIFFSwabShort(ma);
2062 *mb++=(uint64)(*ma++);
2063 }
2064 }
2065 break;
2066 case TIFF_SSHORT:
2067 {
2068 int16* ma;
2069 uint64* mb;
2070 uint32 n;
2071 ma=(int16*)origdata;
2072 mb=data;
2073 for (n=0; n<count; n++)
2074 {
2075 if (tif->tif_flags&TIFF_SWAB)
2076 TIFFSwabShort((uint16*)ma);
2077 err=TIFFReadDirEntryCheckRangeLong8Sshort(*ma);
2078 if (err!=TIFFReadDirEntryErrOk)
2079 break;
2080 *mb++=(uint64)(*ma++);
2081 }
2082 }
2083 break;
2084 case TIFF_LONG:
2085 {
2086 uint32* ma;
2087 uint64* mb;
2088 uint32 n;
2089 ma=(uint32*)origdata;
2090 mb=data;
2091 for (n=0; n<count; n++)
2092 {
2093 if (tif->tif_flags&TIFF_SWAB)
2094 TIFFSwabLong(ma);
2095 *mb++=(uint64)(*ma++);
2096 }
2097 }
2098 break;
2099 case TIFF_SLONG:
2100 {
2101 int32* ma;
2102 uint64* mb;
2103 uint32 n;
2104 ma=(int32*)origdata;
2105 mb=data;
2106 for (n=0; n<count; n++)
2107 {
2108 if (tif->tif_flags&TIFF_SWAB)
2109 TIFFSwabLong((uint32*)ma);
2110 err=TIFFReadDirEntryCheckRangeLong8Slong(*ma);
2111 if (err!=TIFFReadDirEntryErrOk)
2112 break;
2113 *mb++=(uint64)(*ma++);
2114 }
2115 }
2116 break;
2117 }
2118 _TIFFfree(origdata);
2119 if (err!=TIFFReadDirEntryErrOk)
2120 {
2121 _TIFFfree(data);
2122 return(err);
2123 }
2124 *value=data;
2125 return(TIFFReadDirEntryErrOk);
2126 }
2127
TIFFReadDirEntryLong8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2128 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2129 {
2130 return TIFFReadDirEntryLong8ArrayWithLimit(tif, direntry, value, ~((uint64)0));
2131 }
2132
TIFFReadDirEntrySlong8Array(TIFF * tif,TIFFDirEntry * direntry,int64 ** value)2133 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value)
2134 {
2135 enum TIFFReadDirEntryErr err;
2136 uint32 count;
2137 void* origdata;
2138 int64* data;
2139 switch (direntry->tdir_type)
2140 {
2141 case TIFF_BYTE:
2142 case TIFF_SBYTE:
2143 case TIFF_SHORT:
2144 case TIFF_SSHORT:
2145 case TIFF_LONG:
2146 case TIFF_SLONG:
2147 case TIFF_LONG8:
2148 case TIFF_SLONG8:
2149 break;
2150 default:
2151 return(TIFFReadDirEntryErrType);
2152 }
2153 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2154 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2155 {
2156 *value=0;
2157 return(err);
2158 }
2159 switch (direntry->tdir_type)
2160 {
2161 case TIFF_LONG8:
2162 {
2163 uint64* m;
2164 uint32 n;
2165 m=(uint64*)origdata;
2166 for (n=0; n<count; n++)
2167 {
2168 if (tif->tif_flags&TIFF_SWAB)
2169 TIFFSwabLong8(m);
2170 err=TIFFReadDirEntryCheckRangeSlong8Long8(*m);
2171 if (err!=TIFFReadDirEntryErrOk)
2172 {
2173 _TIFFfree(origdata);
2174 return(err);
2175 }
2176 m++;
2177 }
2178 *value=(int64*)origdata;
2179 return(TIFFReadDirEntryErrOk);
2180 }
2181 case TIFF_SLONG8:
2182 *value=(int64*)origdata;
2183 if (tif->tif_flags&TIFF_SWAB)
2184 TIFFSwabArrayOfLong8((uint64*)(*value),count);
2185 return(TIFFReadDirEntryErrOk);
2186 }
2187 data=(int64*)_TIFFmalloc(count*8);
2188 if (data==0)
2189 {
2190 _TIFFfree(origdata);
2191 return(TIFFReadDirEntryErrAlloc);
2192 }
2193 switch (direntry->tdir_type)
2194 {
2195 case TIFF_BYTE:
2196 {
2197 uint8* ma;
2198 int64* mb;
2199 uint32 n;
2200 ma=(uint8*)origdata;
2201 mb=data;
2202 for (n=0; n<count; n++)
2203 *mb++=(int64)(*ma++);
2204 }
2205 break;
2206 case TIFF_SBYTE:
2207 {
2208 int8* ma;
2209 int64* mb;
2210 uint32 n;
2211 ma=(int8*)origdata;
2212 mb=data;
2213 for (n=0; n<count; n++)
2214 *mb++=(int64)(*ma++);
2215 }
2216 break;
2217 case TIFF_SHORT:
2218 {
2219 uint16* ma;
2220 int64* mb;
2221 uint32 n;
2222 ma=(uint16*)origdata;
2223 mb=data;
2224 for (n=0; n<count; n++)
2225 {
2226 if (tif->tif_flags&TIFF_SWAB)
2227 TIFFSwabShort(ma);
2228 *mb++=(int64)(*ma++);
2229 }
2230 }
2231 break;
2232 case TIFF_SSHORT:
2233 {
2234 int16* ma;
2235 int64* mb;
2236 uint32 n;
2237 ma=(int16*)origdata;
2238 mb=data;
2239 for (n=0; n<count; n++)
2240 {
2241 if (tif->tif_flags&TIFF_SWAB)
2242 TIFFSwabShort((uint16*)ma);
2243 *mb++=(int64)(*ma++);
2244 }
2245 }
2246 break;
2247 case TIFF_LONG:
2248 {
2249 uint32* ma;
2250 int64* mb;
2251 uint32 n;
2252 ma=(uint32*)origdata;
2253 mb=data;
2254 for (n=0; n<count; n++)
2255 {
2256 if (tif->tif_flags&TIFF_SWAB)
2257 TIFFSwabLong(ma);
2258 *mb++=(int64)(*ma++);
2259 }
2260 }
2261 break;
2262 case TIFF_SLONG:
2263 {
2264 int32* ma;
2265 int64* mb;
2266 uint32 n;
2267 ma=(int32*)origdata;
2268 mb=data;
2269 for (n=0; n<count; n++)
2270 {
2271 if (tif->tif_flags&TIFF_SWAB)
2272 TIFFSwabLong((uint32*)ma);
2273 *mb++=(int64)(*ma++);
2274 }
2275 }
2276 break;
2277 }
2278 _TIFFfree(origdata);
2279 *value=data;
2280 return(TIFFReadDirEntryErrOk);
2281 }
2282
TIFFReadDirEntryFloatArray(TIFF * tif,TIFFDirEntry * direntry,float ** value)2283 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value)
2284 {
2285 enum TIFFReadDirEntryErr err;
2286 uint32 count;
2287 void* origdata;
2288 float* data;
2289 switch (direntry->tdir_type)
2290 {
2291 case TIFF_BYTE:
2292 case TIFF_SBYTE:
2293 case TIFF_SHORT:
2294 case TIFF_SSHORT:
2295 case TIFF_LONG:
2296 case TIFF_SLONG:
2297 case TIFF_LONG8:
2298 case TIFF_SLONG8:
2299 case TIFF_RATIONAL:
2300 case TIFF_SRATIONAL:
2301 case TIFF_FLOAT:
2302 case TIFF_DOUBLE:
2303 break;
2304 default:
2305 return(TIFFReadDirEntryErrType);
2306 }
2307 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
2308 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2309 {
2310 *value=0;
2311 return(err);
2312 }
2313 switch (direntry->tdir_type)
2314 {
2315 case TIFF_FLOAT:
2316 if (tif->tif_flags&TIFF_SWAB)
2317 TIFFSwabArrayOfLong((uint32*)origdata,count);
2318 TIFFCvtIEEEDoubleToNative(tif,count,(float*)origdata);
2319 *value=(float*)origdata;
2320 return(TIFFReadDirEntryErrOk);
2321 }
2322 data=(float*)_TIFFmalloc(count*sizeof(float));
2323 if (data==0)
2324 {
2325 _TIFFfree(origdata);
2326 return(TIFFReadDirEntryErrAlloc);
2327 }
2328 switch (direntry->tdir_type)
2329 {
2330 case TIFF_BYTE:
2331 {
2332 uint8* ma;
2333 float* mb;
2334 uint32 n;
2335 ma=(uint8*)origdata;
2336 mb=data;
2337 for (n=0; n<count; n++)
2338 *mb++=(float)(*ma++);
2339 }
2340 break;
2341 case TIFF_SBYTE:
2342 {
2343 int8* ma;
2344 float* mb;
2345 uint32 n;
2346 ma=(int8*)origdata;
2347 mb=data;
2348 for (n=0; n<count; n++)
2349 *mb++=(float)(*ma++);
2350 }
2351 break;
2352 case TIFF_SHORT:
2353 {
2354 uint16* ma;
2355 float* mb;
2356 uint32 n;
2357 ma=(uint16*)origdata;
2358 mb=data;
2359 for (n=0; n<count; n++)
2360 {
2361 if (tif->tif_flags&TIFF_SWAB)
2362 TIFFSwabShort(ma);
2363 *mb++=(float)(*ma++);
2364 }
2365 }
2366 break;
2367 case TIFF_SSHORT:
2368 {
2369 int16* ma;
2370 float* mb;
2371 uint32 n;
2372 ma=(int16*)origdata;
2373 mb=data;
2374 for (n=0; n<count; n++)
2375 {
2376 if (tif->tif_flags&TIFF_SWAB)
2377 TIFFSwabShort((uint16*)ma);
2378 *mb++=(float)(*ma++);
2379 }
2380 }
2381 break;
2382 case TIFF_LONG:
2383 {
2384 uint32* ma;
2385 float* mb;
2386 uint32 n;
2387 ma=(uint32*)origdata;
2388 mb=data;
2389 for (n=0; n<count; n++)
2390 {
2391 if (tif->tif_flags&TIFF_SWAB)
2392 TIFFSwabLong(ma);
2393 *mb++=(float)(*ma++);
2394 }
2395 }
2396 break;
2397 case TIFF_SLONG:
2398 {
2399 int32* ma;
2400 float* mb;
2401 uint32 n;
2402 ma=(int32*)origdata;
2403 mb=data;
2404 for (n=0; n<count; n++)
2405 {
2406 if (tif->tif_flags&TIFF_SWAB)
2407 TIFFSwabLong((uint32*)ma);
2408 *mb++=(float)(*ma++);
2409 }
2410 }
2411 break;
2412 case TIFF_LONG8:
2413 {
2414 uint64* ma;
2415 float* mb;
2416 uint32 n;
2417 ma=(uint64*)origdata;
2418 mb=data;
2419 for (n=0; n<count; n++)
2420 {
2421 if (tif->tif_flags&TIFF_SWAB)
2422 TIFFSwabLong8(ma);
2423 #if defined(__WIN32__) && (_MSC_VER < 1500)
2424 /*
2425 * XXX: MSVC 6.0 does not support
2426 * conversion of 64-bit integers into
2427 * floating point values.
2428 */
2429 *mb++ = _TIFFUInt64ToFloat(*ma++);
2430 #else
2431 *mb++ = (float)(*ma++);
2432 #endif
2433 }
2434 }
2435 break;
2436 case TIFF_SLONG8:
2437 {
2438 int64* ma;
2439 float* mb;
2440 uint32 n;
2441 ma=(int64*)origdata;
2442 mb=data;
2443 for (n=0; n<count; n++)
2444 {
2445 if (tif->tif_flags&TIFF_SWAB)
2446 TIFFSwabLong8((uint64*)ma);
2447 *mb++=(float)(*ma++);
2448 }
2449 }
2450 break;
2451 case TIFF_RATIONAL:
2452 {
2453 uint32* ma;
2454 uint32 maa;
2455 uint32 mab;
2456 float* mb;
2457 uint32 n;
2458 ma=(uint32*)origdata;
2459 mb=data;
2460 for (n=0; n<count; n++)
2461 {
2462 if (tif->tif_flags&TIFF_SWAB)
2463 TIFFSwabLong(ma);
2464 maa=*ma++;
2465 if (tif->tif_flags&TIFF_SWAB)
2466 TIFFSwabLong(ma);
2467 mab=*ma++;
2468 if (mab==0)
2469 *mb++=0.0;
2470 else
2471 *mb++=(float)maa/(float)mab;
2472 }
2473 }
2474 break;
2475 case TIFF_SRATIONAL:
2476 {
2477 uint32* ma;
2478 int32 maa;
2479 uint32 mab;
2480 float* mb;
2481 uint32 n;
2482 ma=(uint32*)origdata;
2483 mb=data;
2484 for (n=0; n<count; n++)
2485 {
2486 if (tif->tif_flags&TIFF_SWAB)
2487 TIFFSwabLong(ma);
2488 maa=*(int32*)ma;
2489 ma++;
2490 if (tif->tif_flags&TIFF_SWAB)
2491 TIFFSwabLong(ma);
2492 mab=*ma++;
2493 if (mab==0)
2494 *mb++=0.0;
2495 else
2496 *mb++=(float)maa/(float)mab;
2497 }
2498 }
2499 break;
2500 case TIFF_DOUBLE:
2501 {
2502 double* ma;
2503 float* mb;
2504 uint32 n;
2505 if (tif->tif_flags&TIFF_SWAB)
2506 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2507 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2508 ma=(double*)origdata;
2509 mb=data;
2510 for (n=0; n<count; n++)
2511 {
2512 double val = *ma++;
2513 if( val > FLT_MAX )
2514 val = FLT_MAX;
2515 else if( val < -FLT_MAX )
2516 val = -FLT_MAX;
2517 *mb++=(float)val;
2518 }
2519 }
2520 break;
2521 }
2522 _TIFFfree(origdata);
2523 *value=data;
2524 return(TIFFReadDirEntryErrOk);
2525 }
2526
2527 static enum TIFFReadDirEntryErr
TIFFReadDirEntryDoubleArray(TIFF * tif,TIFFDirEntry * direntry,double ** value)2528 TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value)
2529 {
2530 enum TIFFReadDirEntryErr err;
2531 uint32 count;
2532 void* origdata;
2533 double* data;
2534 switch (direntry->tdir_type)
2535 {
2536 case TIFF_BYTE:
2537 case TIFF_SBYTE:
2538 case TIFF_SHORT:
2539 case TIFF_SSHORT:
2540 case TIFF_LONG:
2541 case TIFF_SLONG:
2542 case TIFF_LONG8:
2543 case TIFF_SLONG8:
2544 case TIFF_RATIONAL:
2545 case TIFF_SRATIONAL:
2546 case TIFF_FLOAT:
2547 case TIFF_DOUBLE:
2548 break;
2549 default:
2550 return(TIFFReadDirEntryErrType);
2551 }
2552 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2553 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2554 {
2555 *value=0;
2556 return(err);
2557 }
2558 switch (direntry->tdir_type)
2559 {
2560 case TIFF_DOUBLE:
2561 if (tif->tif_flags&TIFF_SWAB)
2562 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2563 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2564 *value=(double*)origdata;
2565 return(TIFFReadDirEntryErrOk);
2566 }
2567 data=(double*)_TIFFmalloc(count*sizeof(double));
2568 if (data==0)
2569 {
2570 _TIFFfree(origdata);
2571 return(TIFFReadDirEntryErrAlloc);
2572 }
2573 switch (direntry->tdir_type)
2574 {
2575 case TIFF_BYTE:
2576 {
2577 uint8* ma;
2578 double* mb;
2579 uint32 n;
2580 ma=(uint8*)origdata;
2581 mb=data;
2582 for (n=0; n<count; n++)
2583 *mb++=(double)(*ma++);
2584 }
2585 break;
2586 case TIFF_SBYTE:
2587 {
2588 int8* ma;
2589 double* mb;
2590 uint32 n;
2591 ma=(int8*)origdata;
2592 mb=data;
2593 for (n=0; n<count; n++)
2594 *mb++=(double)(*ma++);
2595 }
2596 break;
2597 case TIFF_SHORT:
2598 {
2599 uint16* ma;
2600 double* mb;
2601 uint32 n;
2602 ma=(uint16*)origdata;
2603 mb=data;
2604 for (n=0; n<count; n++)
2605 {
2606 if (tif->tif_flags&TIFF_SWAB)
2607 TIFFSwabShort(ma);
2608 *mb++=(double)(*ma++);
2609 }
2610 }
2611 break;
2612 case TIFF_SSHORT:
2613 {
2614 int16* ma;
2615 double* mb;
2616 uint32 n;
2617 ma=(int16*)origdata;
2618 mb=data;
2619 for (n=0; n<count; n++)
2620 {
2621 if (tif->tif_flags&TIFF_SWAB)
2622 TIFFSwabShort((uint16*)ma);
2623 *mb++=(double)(*ma++);
2624 }
2625 }
2626 break;
2627 case TIFF_LONG:
2628 {
2629 uint32* ma;
2630 double* mb;
2631 uint32 n;
2632 ma=(uint32*)origdata;
2633 mb=data;
2634 for (n=0; n<count; n++)
2635 {
2636 if (tif->tif_flags&TIFF_SWAB)
2637 TIFFSwabLong(ma);
2638 *mb++=(double)(*ma++);
2639 }
2640 }
2641 break;
2642 case TIFF_SLONG:
2643 {
2644 int32* ma;
2645 double* mb;
2646 uint32 n;
2647 ma=(int32*)origdata;
2648 mb=data;
2649 for (n=0; n<count; n++)
2650 {
2651 if (tif->tif_flags&TIFF_SWAB)
2652 TIFFSwabLong((uint32*)ma);
2653 *mb++=(double)(*ma++);
2654 }
2655 }
2656 break;
2657 case TIFF_LONG8:
2658 {
2659 uint64* ma;
2660 double* mb;
2661 uint32 n;
2662 ma=(uint64*)origdata;
2663 mb=data;
2664 for (n=0; n<count; n++)
2665 {
2666 if (tif->tif_flags&TIFF_SWAB)
2667 TIFFSwabLong8(ma);
2668 #if defined(__WIN32__) && (_MSC_VER < 1500)
2669 /*
2670 * XXX: MSVC 6.0 does not support
2671 * conversion of 64-bit integers into
2672 * floating point values.
2673 */
2674 *mb++ = _TIFFUInt64ToDouble(*ma++);
2675 #else
2676 *mb++ = (double)(*ma++);
2677 #endif
2678 }
2679 }
2680 break;
2681 case TIFF_SLONG8:
2682 {
2683 int64* ma;
2684 double* mb;
2685 uint32 n;
2686 ma=(int64*)origdata;
2687 mb=data;
2688 for (n=0; n<count; n++)
2689 {
2690 if (tif->tif_flags&TIFF_SWAB)
2691 TIFFSwabLong8((uint64*)ma);
2692 *mb++=(double)(*ma++);
2693 }
2694 }
2695 break;
2696 case TIFF_RATIONAL:
2697 {
2698 uint32* ma;
2699 uint32 maa;
2700 uint32 mab;
2701 double* mb;
2702 uint32 n;
2703 ma=(uint32*)origdata;
2704 mb=data;
2705 for (n=0; n<count; n++)
2706 {
2707 if (tif->tif_flags&TIFF_SWAB)
2708 TIFFSwabLong(ma);
2709 maa=*ma++;
2710 if (tif->tif_flags&TIFF_SWAB)
2711 TIFFSwabLong(ma);
2712 mab=*ma++;
2713 if (mab==0)
2714 *mb++=0.0;
2715 else
2716 *mb++=(double)maa/(double)mab;
2717 }
2718 }
2719 break;
2720 case TIFF_SRATIONAL:
2721 {
2722 uint32* ma;
2723 int32 maa;
2724 uint32 mab;
2725 double* mb;
2726 uint32 n;
2727 ma=(uint32*)origdata;
2728 mb=data;
2729 for (n=0; n<count; n++)
2730 {
2731 if (tif->tif_flags&TIFF_SWAB)
2732 TIFFSwabLong(ma);
2733 maa=*(int32*)ma;
2734 ma++;
2735 if (tif->tif_flags&TIFF_SWAB)
2736 TIFFSwabLong(ma);
2737 mab=*ma++;
2738 if (mab==0)
2739 *mb++=0.0;
2740 else
2741 *mb++=(double)maa/(double)mab;
2742 }
2743 }
2744 break;
2745 case TIFF_FLOAT:
2746 {
2747 float* ma;
2748 double* mb;
2749 uint32 n;
2750 if (tif->tif_flags&TIFF_SWAB)
2751 TIFFSwabArrayOfLong((uint32*)origdata,count);
2752 TIFFCvtIEEEFloatToNative(tif,count,(float*)origdata);
2753 ma=(float*)origdata;
2754 mb=data;
2755 for (n=0; n<count; n++)
2756 *mb++=(double)(*ma++);
2757 }
2758 break;
2759 }
2760 _TIFFfree(origdata);
2761 *value=data;
2762 return(TIFFReadDirEntryErrOk);
2763 }
2764
TIFFReadDirEntryIfd8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2765 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2766 {
2767 enum TIFFReadDirEntryErr err;
2768 uint32 count;
2769 void* origdata;
2770 uint64* data;
2771 switch (direntry->tdir_type)
2772 {
2773 case TIFF_LONG:
2774 case TIFF_LONG8:
2775 case TIFF_IFD:
2776 case TIFF_IFD8:
2777 break;
2778 default:
2779 return(TIFFReadDirEntryErrType);
2780 }
2781 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2782 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2783 {
2784 *value=0;
2785 return(err);
2786 }
2787 switch (direntry->tdir_type)
2788 {
2789 case TIFF_LONG8:
2790 case TIFF_IFD8:
2791 *value=(uint64*)origdata;
2792 if (tif->tif_flags&TIFF_SWAB)
2793 TIFFSwabArrayOfLong8(*value,count);
2794 return(TIFFReadDirEntryErrOk);
2795 }
2796 data=(uint64*)_TIFFmalloc(count*8);
2797 if (data==0)
2798 {
2799 _TIFFfree(origdata);
2800 return(TIFFReadDirEntryErrAlloc);
2801 }
2802 switch (direntry->tdir_type)
2803 {
2804 case TIFF_LONG:
2805 case TIFF_IFD:
2806 {
2807 uint32* ma;
2808 uint64* mb;
2809 uint32 n;
2810 ma=(uint32*)origdata;
2811 mb=data;
2812 for (n=0; n<count; n++)
2813 {
2814 if (tif->tif_flags&TIFF_SWAB)
2815 TIFFSwabLong(ma);
2816 *mb++=(uint64)(*ma++);
2817 }
2818 }
2819 break;
2820 }
2821 _TIFFfree(origdata);
2822 *value=data;
2823 return(TIFFReadDirEntryErrOk);
2824 }
2825
TIFFReadDirEntryPersampleShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2826 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2827 {
2828 enum TIFFReadDirEntryErr err;
2829 uint16* m;
2830 uint16* na;
2831 uint16 nb;
2832 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2833 return(TIFFReadDirEntryErrCount);
2834 err=TIFFReadDirEntryShortArray(tif,direntry,&m);
2835 if (err!=TIFFReadDirEntryErrOk || m == NULL)
2836 return(err);
2837 na=m;
2838 nb=tif->tif_dir.td_samplesperpixel;
2839 *value=*na++;
2840 nb--;
2841 while (nb>0)
2842 {
2843 if (*na++!=*value)
2844 {
2845 err=TIFFReadDirEntryErrPsdif;
2846 break;
2847 }
2848 nb--;
2849 }
2850 _TIFFfree(m);
2851 return(err);
2852 }
2853
2854 #if 0
2855 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2856 {
2857 enum TIFFReadDirEntryErr err;
2858 double* m;
2859 double* na;
2860 uint16 nb;
2861 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2862 return(TIFFReadDirEntryErrCount);
2863 err=TIFFReadDirEntryDoubleArray(tif,direntry,&m);
2864 if (err!=TIFFReadDirEntryErrOk)
2865 return(err);
2866 na=m;
2867 nb=tif->tif_dir.td_samplesperpixel;
2868 *value=*na++;
2869 nb--;
2870 while (nb>0)
2871 {
2872 if (*na++!=*value)
2873 {
2874 err=TIFFReadDirEntryErrPsdif;
2875 break;
2876 }
2877 nb--;
2878 }
2879 _TIFFfree(m);
2880 return(err);
2881 }
2882 #endif
2883
TIFFReadDirEntryCheckedByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)2884 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
2885 {
2886 (void) tif;
2887 *value=*(uint8*)(&direntry->tdir_offset);
2888 }
2889
TIFFReadDirEntryCheckedSbyte(TIFF * tif,TIFFDirEntry * direntry,int8 * value)2890 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value)
2891 {
2892 (void) tif;
2893 *value=*(int8*)(&direntry->tdir_offset);
2894 }
2895
TIFFReadDirEntryCheckedShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2896 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2897 {
2898 *value = direntry->tdir_offset.toff_short;
2899 /* *value=*(uint16*)(&direntry->tdir_offset); */
2900 if (tif->tif_flags&TIFF_SWAB)
2901 TIFFSwabShort(value);
2902 }
2903
TIFFReadDirEntryCheckedSshort(TIFF * tif,TIFFDirEntry * direntry,int16 * value)2904 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value)
2905 {
2906 *value=*(int16*)(&direntry->tdir_offset);
2907 if (tif->tif_flags&TIFF_SWAB)
2908 TIFFSwabShort((uint16*)value);
2909 }
2910
TIFFReadDirEntryCheckedLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)2911 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
2912 {
2913 *value=*(uint32*)(&direntry->tdir_offset);
2914 if (tif->tif_flags&TIFF_SWAB)
2915 TIFFSwabLong(value);
2916 }
2917
TIFFReadDirEntryCheckedSlong(TIFF * tif,TIFFDirEntry * direntry,int32 * value)2918 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value)
2919 {
2920 *value=*(int32*)(&direntry->tdir_offset);
2921 if (tif->tif_flags&TIFF_SWAB)
2922 TIFFSwabLong((uint32*)value);
2923 }
2924
TIFFReadDirEntryCheckedLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)2925 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
2926 {
2927 if (!(tif->tif_flags&TIFF_BIGTIFF))
2928 {
2929 enum TIFFReadDirEntryErr err;
2930 uint32 offset = direntry->tdir_offset.toff_long;
2931 if (tif->tif_flags&TIFF_SWAB)
2932 TIFFSwabLong(&offset);
2933 err=TIFFReadDirEntryData(tif,offset,8,value);
2934 if (err!=TIFFReadDirEntryErrOk)
2935 return(err);
2936 }
2937 else
2938 *value = direntry->tdir_offset.toff_long8;
2939 if (tif->tif_flags&TIFF_SWAB)
2940 TIFFSwabLong8(value);
2941 return(TIFFReadDirEntryErrOk);
2942 }
2943
TIFFReadDirEntryCheckedSlong8(TIFF * tif,TIFFDirEntry * direntry,int64 * value)2944 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value)
2945 {
2946 if (!(tif->tif_flags&TIFF_BIGTIFF))
2947 {
2948 enum TIFFReadDirEntryErr err;
2949 uint32 offset = direntry->tdir_offset.toff_long;
2950 if (tif->tif_flags&TIFF_SWAB)
2951 TIFFSwabLong(&offset);
2952 err=TIFFReadDirEntryData(tif,offset,8,value);
2953 if (err!=TIFFReadDirEntryErrOk)
2954 return(err);
2955 }
2956 else
2957 *value=*(int64*)(&direntry->tdir_offset);
2958 if (tif->tif_flags&TIFF_SWAB)
2959 TIFFSwabLong8((uint64*)value);
2960 return(TIFFReadDirEntryErrOk);
2961 }
2962
TIFFReadDirEntryCheckedRational(TIFF * tif,TIFFDirEntry * direntry,double * value)2963 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2964 {
2965 UInt64Aligned_t m;
2966
2967 assert(sizeof(double)==8);
2968 assert(sizeof(uint64)==8);
2969 assert(sizeof(uint32)==4);
2970 if (!(tif->tif_flags&TIFF_BIGTIFF))
2971 {
2972 enum TIFFReadDirEntryErr err;
2973 uint32 offset = direntry->tdir_offset.toff_long;
2974 if (tif->tif_flags&TIFF_SWAB)
2975 TIFFSwabLong(&offset);
2976 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2977 if (err!=TIFFReadDirEntryErrOk)
2978 return(err);
2979 }
2980 else
2981 m.l = direntry->tdir_offset.toff_long8;
2982 if (tif->tif_flags&TIFF_SWAB)
2983 TIFFSwabArrayOfLong(m.i,2);
2984 /* Not completely sure what we should do when m.i[1]==0, but some */
2985 /* sanitizers do not like division by 0.0: */
2986 /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
2987 if (m.i[0]==0 || m.i[1]==0)
2988 *value=0.0;
2989 else
2990 *value=(double)m.i[0]/(double)m.i[1];
2991 return(TIFFReadDirEntryErrOk);
2992 }
2993
TIFFReadDirEntryCheckedSrational(TIFF * tif,TIFFDirEntry * direntry,double * value)2994 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2995 {
2996 UInt64Aligned_t m;
2997 assert(sizeof(double)==8);
2998 assert(sizeof(uint64)==8);
2999 assert(sizeof(int32)==4);
3000 assert(sizeof(uint32)==4);
3001 if (!(tif->tif_flags&TIFF_BIGTIFF))
3002 {
3003 enum TIFFReadDirEntryErr err;
3004 uint32 offset = direntry->tdir_offset.toff_long;
3005 if (tif->tif_flags&TIFF_SWAB)
3006 TIFFSwabLong(&offset);
3007 err=TIFFReadDirEntryData(tif,offset,8,m.i);
3008 if (err!=TIFFReadDirEntryErrOk)
3009 return(err);
3010 }
3011 else
3012 m.l=direntry->tdir_offset.toff_long8;
3013 if (tif->tif_flags&TIFF_SWAB)
3014 TIFFSwabArrayOfLong(m.i,2);
3015 /* Not completely sure what we should do when m.i[1]==0, but some */
3016 /* sanitizers do not like division by 0.0: */
3017 /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
3018 if ((int32)m.i[0]==0 || m.i[1]==0)
3019 *value=0.0;
3020 else
3021 *value=(double)((int32)m.i[0])/(double)m.i[1];
3022 return(TIFFReadDirEntryErrOk);
3023 }
3024
TIFFReadDirEntryCheckedFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)3025 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
3026 {
3027 union
3028 {
3029 float f;
3030 uint32 i;
3031 } float_union;
3032 assert(sizeof(float)==4);
3033 assert(sizeof(uint32)==4);
3034 assert(sizeof(float_union)==4);
3035 float_union.i=*(uint32*)(&direntry->tdir_offset);
3036 *value=float_union.f;
3037 if (tif->tif_flags&TIFF_SWAB)
3038 TIFFSwabLong((uint32*)value);
3039 }
3040
TIFFReadDirEntryCheckedDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)3041 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
3042 {
3043 assert(sizeof(double)==8);
3044 assert(sizeof(uint64)==8);
3045 assert(sizeof(UInt64Aligned_t)==8);
3046 if (!(tif->tif_flags&TIFF_BIGTIFF))
3047 {
3048 enum TIFFReadDirEntryErr err;
3049 uint32 offset = direntry->tdir_offset.toff_long;
3050 if (tif->tif_flags&TIFF_SWAB)
3051 TIFFSwabLong(&offset);
3052 err=TIFFReadDirEntryData(tif,offset,8,value);
3053 if (err!=TIFFReadDirEntryErrOk)
3054 return(err);
3055 }
3056 else
3057 {
3058 UInt64Aligned_t uint64_union;
3059 uint64_union.l=direntry->tdir_offset.toff_long8;
3060 *value=uint64_union.d;
3061 }
3062 if (tif->tif_flags&TIFF_SWAB)
3063 TIFFSwabLong8((uint64*)value);
3064 return(TIFFReadDirEntryErrOk);
3065 }
3066
TIFFReadDirEntryCheckRangeByteSbyte(int8 value)3067 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value)
3068 {
3069 if (value<0)
3070 return(TIFFReadDirEntryErrRange);
3071 else
3072 return(TIFFReadDirEntryErrOk);
3073 }
3074
TIFFReadDirEntryCheckRangeByteShort(uint16 value)3075 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value)
3076 {
3077 if (value>0xFF)
3078 return(TIFFReadDirEntryErrRange);
3079 else
3080 return(TIFFReadDirEntryErrOk);
3081 }
3082
TIFFReadDirEntryCheckRangeByteSshort(int16 value)3083 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value)
3084 {
3085 if ((value<0)||(value>0xFF))
3086 return(TIFFReadDirEntryErrRange);
3087 else
3088 return(TIFFReadDirEntryErrOk);
3089 }
3090
TIFFReadDirEntryCheckRangeByteLong(uint32 value)3091 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value)
3092 {
3093 if (value>0xFF)
3094 return(TIFFReadDirEntryErrRange);
3095 else
3096 return(TIFFReadDirEntryErrOk);
3097 }
3098
TIFFReadDirEntryCheckRangeByteSlong(int32 value)3099 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value)
3100 {
3101 if ((value<0)||(value>0xFF))
3102 return(TIFFReadDirEntryErrRange);
3103 else
3104 return(TIFFReadDirEntryErrOk);
3105 }
3106
TIFFReadDirEntryCheckRangeByteLong8(uint64 value)3107 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value)
3108 {
3109 if (value>0xFF)
3110 return(TIFFReadDirEntryErrRange);
3111 else
3112 return(TIFFReadDirEntryErrOk);
3113 }
3114
TIFFReadDirEntryCheckRangeByteSlong8(int64 value)3115 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value)
3116 {
3117 if ((value<0)||(value>0xFF))
3118 return(TIFFReadDirEntryErrRange);
3119 else
3120 return(TIFFReadDirEntryErrOk);
3121 }
3122
TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)3123 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)
3124 {
3125 if (value>0x7F)
3126 return(TIFFReadDirEntryErrRange);
3127 else
3128 return(TIFFReadDirEntryErrOk);
3129 }
3130
TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)3131 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)
3132 {
3133 if (value>0x7F)
3134 return(TIFFReadDirEntryErrRange);
3135 else
3136 return(TIFFReadDirEntryErrOk);
3137 }
3138
TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)3139 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)
3140 {
3141 if ((value<-0x80)||(value>0x7F))
3142 return(TIFFReadDirEntryErrRange);
3143 else
3144 return(TIFFReadDirEntryErrOk);
3145 }
3146
TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)3147 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)
3148 {
3149 if (value>0x7F)
3150 return(TIFFReadDirEntryErrRange);
3151 else
3152 return(TIFFReadDirEntryErrOk);
3153 }
3154
TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)3155 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)
3156 {
3157 if ((value<-0x80)||(value>0x7F))
3158 return(TIFFReadDirEntryErrRange);
3159 else
3160 return(TIFFReadDirEntryErrOk);
3161 }
3162
TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)3163 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)
3164 {
3165 if (value>0x7F)
3166 return(TIFFReadDirEntryErrRange);
3167 else
3168 return(TIFFReadDirEntryErrOk);
3169 }
3170
TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)3171 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)
3172 {
3173 if ((value<-0x80)||(value>0x7F))
3174 return(TIFFReadDirEntryErrRange);
3175 else
3176 return(TIFFReadDirEntryErrOk);
3177 }
3178
TIFFReadDirEntryCheckRangeShortSbyte(int8 value)3179 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value)
3180 {
3181 if (value<0)
3182 return(TIFFReadDirEntryErrRange);
3183 else
3184 return(TIFFReadDirEntryErrOk);
3185 }
3186
TIFFReadDirEntryCheckRangeShortSshort(int16 value)3187 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value)
3188 {
3189 if (value<0)
3190 return(TIFFReadDirEntryErrRange);
3191 else
3192 return(TIFFReadDirEntryErrOk);
3193 }
3194
TIFFReadDirEntryCheckRangeShortLong(uint32 value)3195 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value)
3196 {
3197 if (value>0xFFFF)
3198 return(TIFFReadDirEntryErrRange);
3199 else
3200 return(TIFFReadDirEntryErrOk);
3201 }
3202
TIFFReadDirEntryCheckRangeShortSlong(int32 value)3203 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value)
3204 {
3205 if ((value<0)||(value>0xFFFF))
3206 return(TIFFReadDirEntryErrRange);
3207 else
3208 return(TIFFReadDirEntryErrOk);
3209 }
3210
TIFFReadDirEntryCheckRangeShortLong8(uint64 value)3211 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value)
3212 {
3213 if (value>0xFFFF)
3214 return(TIFFReadDirEntryErrRange);
3215 else
3216 return(TIFFReadDirEntryErrOk);
3217 }
3218
TIFFReadDirEntryCheckRangeShortSlong8(int64 value)3219 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value)
3220 {
3221 if ((value<0)||(value>0xFFFF))
3222 return(TIFFReadDirEntryErrRange);
3223 else
3224 return(TIFFReadDirEntryErrOk);
3225 }
3226
TIFFReadDirEntryCheckRangeSshortShort(uint16 value)3227 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value)
3228 {
3229 if (value>0x7FFF)
3230 return(TIFFReadDirEntryErrRange);
3231 else
3232 return(TIFFReadDirEntryErrOk);
3233 }
3234
TIFFReadDirEntryCheckRangeSshortLong(uint32 value)3235 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value)
3236 {
3237 if (value>0x7FFF)
3238 return(TIFFReadDirEntryErrRange);
3239 else
3240 return(TIFFReadDirEntryErrOk);
3241 }
3242
TIFFReadDirEntryCheckRangeSshortSlong(int32 value)3243 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value)
3244 {
3245 if ((value<-0x8000)||(value>0x7FFF))
3246 return(TIFFReadDirEntryErrRange);
3247 else
3248 return(TIFFReadDirEntryErrOk);
3249 }
3250
TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)3251 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)
3252 {
3253 if (value>0x7FFF)
3254 return(TIFFReadDirEntryErrRange);
3255 else
3256 return(TIFFReadDirEntryErrOk);
3257 }
3258
TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)3259 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)
3260 {
3261 if ((value<-0x8000)||(value>0x7FFF))
3262 return(TIFFReadDirEntryErrRange);
3263 else
3264 return(TIFFReadDirEntryErrOk);
3265 }
3266
TIFFReadDirEntryCheckRangeLongSbyte(int8 value)3267 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value)
3268 {
3269 if (value<0)
3270 return(TIFFReadDirEntryErrRange);
3271 else
3272 return(TIFFReadDirEntryErrOk);
3273 }
3274
TIFFReadDirEntryCheckRangeLongSshort(int16 value)3275 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value)
3276 {
3277 if (value<0)
3278 return(TIFFReadDirEntryErrRange);
3279 else
3280 return(TIFFReadDirEntryErrOk);
3281 }
3282
TIFFReadDirEntryCheckRangeLongSlong(int32 value)3283 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value)
3284 {
3285 if (value<0)
3286 return(TIFFReadDirEntryErrRange);
3287 else
3288 return(TIFFReadDirEntryErrOk);
3289 }
3290
3291 /*
3292 * Largest 32-bit unsigned integer value.
3293 */
3294 #define TIFF_UINT32_MAX 0xFFFFFFFFU
3295
3296 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongLong8(uint64 value)3297 TIFFReadDirEntryCheckRangeLongLong8(uint64 value)
3298 {
3299 if (value > TIFF_UINT32_MAX)
3300 return(TIFFReadDirEntryErrRange);
3301 else
3302 return(TIFFReadDirEntryErrOk);
3303 }
3304
3305 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongSlong8(int64 value)3306 TIFFReadDirEntryCheckRangeLongSlong8(int64 value)
3307 {
3308 if ((value < 0) || (value > (int64) TIFF_UINT32_MAX))
3309 return(TIFFReadDirEntryErrRange);
3310 else
3311 return(TIFFReadDirEntryErrOk);
3312 }
3313
3314 #undef TIFF_UINT32_MAX
3315
3316 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong(uint32 value)3317 TIFFReadDirEntryCheckRangeSlongLong(uint32 value)
3318 {
3319 if (value > 0x7FFFFFFFUL)
3320 return(TIFFReadDirEntryErrRange);
3321 else
3322 return(TIFFReadDirEntryErrOk);
3323 }
3324
3325 /* Check that the 8-byte unsigned value can fit in a 4-byte unsigned range */
3326 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)3327 TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)
3328 {
3329 if (value > 0x7FFFFFFF)
3330 return(TIFFReadDirEntryErrRange);
3331 else
3332 return(TIFFReadDirEntryErrOk);
3333 }
3334
3335 /* Check that the 8-byte signed value can fit in a 4-byte signed range */
3336 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)3337 TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)
3338 {
3339 if ((value < 0-((int64) 0x7FFFFFFF+1)) || (value > 0x7FFFFFFF))
3340 return(TIFFReadDirEntryErrRange);
3341 else
3342 return(TIFFReadDirEntryErrOk);
3343 }
3344
3345 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)3346 TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)
3347 {
3348 if (value < 0)
3349 return(TIFFReadDirEntryErrRange);
3350 else
3351 return(TIFFReadDirEntryErrOk);
3352 }
3353
3354 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)3355 TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)
3356 {
3357 if (value < 0)
3358 return(TIFFReadDirEntryErrRange);
3359 else
3360 return(TIFFReadDirEntryErrOk);
3361 }
3362
3363 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong(int32 value)3364 TIFFReadDirEntryCheckRangeLong8Slong(int32 value)
3365 {
3366 if (value < 0)
3367 return(TIFFReadDirEntryErrRange);
3368 else
3369 return(TIFFReadDirEntryErrOk);
3370 }
3371
3372 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)3373 TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)
3374 {
3375 if (value < 0)
3376 return(TIFFReadDirEntryErrRange);
3377 else
3378 return(TIFFReadDirEntryErrOk);
3379 }
3380
3381 /*
3382 * Largest 64-bit signed integer value.
3383 */
3384 #define TIFF_INT64_MAX ((int64)(((uint64) ~0) >> 1))
3385
3386 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)3387 TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)
3388 {
3389 if (value > TIFF_INT64_MAX)
3390 return(TIFFReadDirEntryErrRange);
3391 else
3392 return(TIFFReadDirEntryErrOk);
3393 }
3394
3395 #undef TIFF_INT64_MAX
3396
3397 static enum TIFFReadDirEntryErr
TIFFReadDirEntryData(TIFF * tif,uint64 offset,tmsize_t size,void * dest)3398 TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest)
3399 {
3400 assert(size>0);
3401 if (!isMapped(tif)) {
3402 if (!SeekOK(tif,offset))
3403 return(TIFFReadDirEntryErrIo);
3404 if (!ReadOK(tif,dest,size))
3405 return(TIFFReadDirEntryErrIo);
3406 } else {
3407 size_t ma,mb;
3408 ma=(size_t)offset;
3409 mb=ma+size;
3410 if (((uint64)ma!=offset)
3411 || (mb < ma)
3412 || (mb - ma != (size_t) size)
3413 || (mb < (size_t)size)
3414 || (mb > (size_t)tif->tif_size)
3415 )
3416 return(TIFFReadDirEntryErrIo);
3417 _TIFFmemcpy(dest,tif->tif_base+ma,size);
3418 }
3419 return(TIFFReadDirEntryErrOk);
3420 }
3421
TIFFReadDirEntryOutputErr(TIFF * tif,enum TIFFReadDirEntryErr err,const char * module,const char * tagname,int recover)3422 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover)
3423 {
3424 if (!recover) {
3425 switch (err) {
3426 case TIFFReadDirEntryErrCount:
3427 TIFFErrorExt(tif->tif_clientdata, module,
3428 "Incorrect count for \"%s\"",
3429 tagname);
3430 break;
3431 case TIFFReadDirEntryErrType:
3432 TIFFErrorExt(tif->tif_clientdata, module,
3433 "Incompatible type for \"%s\"",
3434 tagname);
3435 break;
3436 case TIFFReadDirEntryErrIo:
3437 TIFFErrorExt(tif->tif_clientdata, module,
3438 "IO error during reading of \"%s\"",
3439 tagname);
3440 break;
3441 case TIFFReadDirEntryErrRange:
3442 TIFFErrorExt(tif->tif_clientdata, module,
3443 "Incorrect value for \"%s\"",
3444 tagname);
3445 break;
3446 case TIFFReadDirEntryErrPsdif:
3447 TIFFErrorExt(tif->tif_clientdata, module,
3448 "Cannot handle different values per sample for \"%s\"",
3449 tagname);
3450 break;
3451 case TIFFReadDirEntryErrSizesan:
3452 TIFFErrorExt(tif->tif_clientdata, module,
3453 "Sanity check on size of \"%s\" value failed",
3454 tagname);
3455 break;
3456 case TIFFReadDirEntryErrAlloc:
3457 TIFFErrorExt(tif->tif_clientdata, module,
3458 "Out of memory reading of \"%s\"",
3459 tagname);
3460 break;
3461 default:
3462 assert(0); /* we should never get here */
3463 break;
3464 }
3465 } else {
3466 switch (err) {
3467 case TIFFReadDirEntryErrCount:
3468 TIFFWarningExt(tif->tif_clientdata, module,
3469 "Incorrect count for \"%s\"; tag ignored",
3470 tagname);
3471 break;
3472 case TIFFReadDirEntryErrType:
3473 TIFFWarningExt(tif->tif_clientdata, module,
3474 "Incompatible type for \"%s\"; tag ignored",
3475 tagname);
3476 break;
3477 case TIFFReadDirEntryErrIo:
3478 TIFFWarningExt(tif->tif_clientdata, module,
3479 "IO error during reading of \"%s\"; tag ignored",
3480 tagname);
3481 break;
3482 case TIFFReadDirEntryErrRange:
3483 TIFFWarningExt(tif->tif_clientdata, module,
3484 "Incorrect value for \"%s\"; tag ignored",
3485 tagname);
3486 break;
3487 case TIFFReadDirEntryErrPsdif:
3488 TIFFWarningExt(tif->tif_clientdata, module,
3489 "Cannot handle different values per sample for \"%s\"; tag ignored",
3490 tagname);
3491 break;
3492 case TIFFReadDirEntryErrSizesan:
3493 TIFFWarningExt(tif->tif_clientdata, module,
3494 "Sanity check on size of \"%s\" value failed; tag ignored",
3495 tagname);
3496 break;
3497 case TIFFReadDirEntryErrAlloc:
3498 TIFFWarningExt(tif->tif_clientdata, module,
3499 "Out of memory reading of \"%s\"; tag ignored",
3500 tagname);
3501 break;
3502 default:
3503 assert(0); /* we should never get here */
3504 break;
3505 }
3506 }
3507 }
3508
3509 /*
3510 * Read the next TIFF directory from a file and convert it to the internal
3511 * format. We read directories sequentially.
3512 */
3513 int
TIFFReadDirectory(TIFF * tif)3514 TIFFReadDirectory(TIFF* tif)
3515 {
3516 static const char module[] = "TIFFReadDirectory";
3517 TIFFDirEntry* dir;
3518 uint16 dircount;
3519 TIFFDirEntry* dp;
3520 uint16 di;
3521 const TIFFField* fip;
3522 uint32 fii=FAILED_FII;
3523 toff_t nextdiroff;
3524 int bitspersample_read = FALSE;
3525
3526 tif->tif_diroff=tif->tif_nextdiroff;
3527 if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
3528 return 0; /* last offset or bad offset (IFD looping) */
3529 (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */
3530 tif->tif_curdir++;
3531 nextdiroff = tif->tif_nextdiroff;
3532 dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff);
3533 if (!dircount)
3534 {
3535 TIFFErrorExt(tif->tif_clientdata,module,
3536 "Failed to read directory at offset " TIFF_UINT64_FORMAT,nextdiroff);
3537 return 0;
3538 }
3539 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
3540
3541 /*
3542 * Mark duplicates of any tag to be ignored (bugzilla 1994)
3543 * to avoid certain pathological problems.
3544 */
3545 {
3546 TIFFDirEntry* ma;
3547 uint16 mb;
3548 for (ma=dir, mb=0; mb<dircount; ma++, mb++)
3549 {
3550 TIFFDirEntry* na;
3551 uint16 nb;
3552 for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++)
3553 {
3554 if (ma->tdir_tag==na->tdir_tag)
3555 na->tdir_tag=IGNORE;
3556 }
3557 }
3558 }
3559
3560 tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */
3561 tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */
3562 /* free any old stuff and reinit */
3563 TIFFFreeDirectory(tif);
3564 TIFFDefaultDirectory(tif);
3565 /*
3566 * Electronic Arts writes gray-scale TIFF files
3567 * without a PlanarConfiguration directory entry.
3568 * Thus we setup a default value here, even though
3569 * the TIFF spec says there is no default value.
3570 */
3571 TIFFSetField(tif,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG);
3572 /*
3573 * Setup default value and then make a pass over
3574 * the fields to check type and tag information,
3575 * and to extract info required to size data
3576 * structures. A second pass is made afterwards
3577 * to read in everything not taken in the first pass.
3578 * But we must process the Compression tag first
3579 * in order to merge in codec-private tag definitions (otherwise
3580 * we may get complaints about unknown tags). However, the
3581 * Compression tag may be dependent on the SamplesPerPixel
3582 * tag value because older TIFF specs permitted Compression
3583 * to be written as a SamplesPerPixel-count tag entry.
3584 * Thus if we don't first figure out the correct SamplesPerPixel
3585 * tag value then we may end up ignoring the Compression tag
3586 * value because it has an incorrect count value (if the
3587 * true value of SamplesPerPixel is not 1).
3588 */
3589 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_SAMPLESPERPIXEL);
3590 if (dp)
3591 {
3592 if (!TIFFFetchNormalTag(tif,dp,0))
3593 goto bad;
3594 dp->tdir_tag=IGNORE;
3595 }
3596 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION);
3597 if (dp)
3598 {
3599 /*
3600 * The 5.0 spec says the Compression tag has one value, while
3601 * earlier specs say it has one value per sample. Because of
3602 * this, we accept the tag if one value is supplied with either
3603 * count.
3604 */
3605 uint16 value;
3606 enum TIFFReadDirEntryErr err;
3607 err=TIFFReadDirEntryShort(tif,dp,&value);
3608 if (err==TIFFReadDirEntryErrCount)
3609 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3610 if (err!=TIFFReadDirEntryErrOk)
3611 {
3612 TIFFReadDirEntryOutputErr(tif,err,module,"Compression",0);
3613 goto bad;
3614 }
3615 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value))
3616 goto bad;
3617 dp->tdir_tag=IGNORE;
3618 }
3619 else
3620 {
3621 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,COMPRESSION_NONE))
3622 goto bad;
3623 }
3624 /*
3625 * First real pass over the directory.
3626 */
3627 for (di=0, dp=dir; di<dircount; di++, dp++)
3628 {
3629 if (dp->tdir_tag!=IGNORE)
3630 {
3631 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3632 if (fii == FAILED_FII)
3633 {
3634 TIFFWarningExt(tif->tif_clientdata, module,
3635 "Unknown field with tag %d (0x%x) encountered",
3636 dp->tdir_tag,dp->tdir_tag);
3637 /* the following knowingly leaks the
3638 anonymous field structure */
3639 if (!_TIFFMergeFields(tif,
3640 _TIFFCreateAnonField(tif,
3641 dp->tdir_tag,
3642 (TIFFDataType) dp->tdir_type),
3643 1)) {
3644 TIFFWarningExt(tif->tif_clientdata,
3645 module,
3646 "Registering anonymous field with tag %d (0x%x) failed",
3647 dp->tdir_tag,
3648 dp->tdir_tag);
3649 dp->tdir_tag=IGNORE;
3650 } else {
3651 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3652 assert(fii != FAILED_FII);
3653 }
3654 }
3655 }
3656 if (dp->tdir_tag!=IGNORE)
3657 {
3658 fip=tif->tif_fields[fii];
3659 if (fip->field_bit==FIELD_IGNORE)
3660 dp->tdir_tag=IGNORE;
3661 else
3662 {
3663 switch (dp->tdir_tag)
3664 {
3665 case TIFFTAG_STRIPOFFSETS:
3666 case TIFFTAG_STRIPBYTECOUNTS:
3667 case TIFFTAG_TILEOFFSETS:
3668 case TIFFTAG_TILEBYTECOUNTS:
3669 TIFFSetFieldBit(tif,fip->field_bit);
3670 break;
3671 case TIFFTAG_IMAGEWIDTH:
3672 case TIFFTAG_IMAGELENGTH:
3673 case TIFFTAG_IMAGEDEPTH:
3674 case TIFFTAG_TILELENGTH:
3675 case TIFFTAG_TILEWIDTH:
3676 case TIFFTAG_TILEDEPTH:
3677 case TIFFTAG_PLANARCONFIG:
3678 case TIFFTAG_ROWSPERSTRIP:
3679 case TIFFTAG_EXTRASAMPLES:
3680 if (!TIFFFetchNormalTag(tif,dp,0))
3681 goto bad;
3682 dp->tdir_tag=IGNORE;
3683 break;
3684 default:
3685 if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
3686 dp->tdir_tag=IGNORE;
3687 break;
3688 }
3689 }
3690 }
3691 }
3692 /*
3693 * XXX: OJPEG hack.
3694 * If a) compression is OJPEG, b) planarconfig tag says it's separate,
3695 * c) strip offsets/bytecounts tag are both present and
3696 * d) both contain exactly one value, then we consistently find
3697 * that the buggy implementation of the buggy compression scheme
3698 * matches contig planarconfig best. So we 'fix-up' the tag here
3699 */
3700 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&&
3701 (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE))
3702 {
3703 if (!_TIFFFillStriles(tif))
3704 goto bad;
3705 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS);
3706 if ((dp!=0)&&(dp->tdir_count==1))
3707 {
3708 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,
3709 TIFFTAG_STRIPBYTECOUNTS);
3710 if ((dp!=0)&&(dp->tdir_count==1))
3711 {
3712 tif->tif_dir.td_planarconfig=PLANARCONFIG_CONTIG;
3713 TIFFWarningExt(tif->tif_clientdata,module,
3714 "Planarconfig tag value assumed incorrect, "
3715 "assuming data is contig instead of chunky");
3716 }
3717 }
3718 }
3719 /*
3720 * Allocate directory structure and setup defaults.
3721 */
3722 if (!TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS))
3723 {
3724 MissingRequired(tif,"ImageLength");
3725 goto bad;
3726 }
3727 /*
3728 * Setup appropriate structures (by strip or by tile)
3729 */
3730 if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
3731 tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif);
3732 tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth;
3733 tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip;
3734 tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth;
3735 tif->tif_flags &= ~TIFF_ISTILED;
3736 } else {
3737 tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif);
3738 tif->tif_flags |= TIFF_ISTILED;
3739 }
3740 if (!tif->tif_dir.td_nstrips) {
3741 TIFFErrorExt(tif->tif_clientdata, module,
3742 "Cannot handle zero number of %s",
3743 isTiled(tif) ? "tiles" : "strips");
3744 goto bad;
3745 }
3746 tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips;
3747 if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)
3748 tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel;
3749 if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) {
3750 #ifdef OJPEG_SUPPORT
3751 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) &&
3752 (isTiled(tif)==0) &&
3753 (tif->tif_dir.td_nstrips==1)) {
3754 /*
3755 * XXX: OJPEG hack.
3756 * If a) compression is OJPEG, b) it's not a tiled TIFF,
3757 * and c) the number of strips is 1,
3758 * then we tolerate the absence of stripoffsets tag,
3759 * because, presumably, all required data is in the
3760 * JpegInterchangeFormat stream.
3761 */
3762 TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS);
3763 } else
3764 #endif
3765 {
3766 MissingRequired(tif,
3767 isTiled(tif) ? "TileOffsets" : "StripOffsets");
3768 goto bad;
3769 }
3770 }
3771 /*
3772 * Second pass: extract other information.
3773 */
3774 for (di=0, dp=dir; di<dircount; di++, dp++)
3775 {
3776 switch (dp->tdir_tag)
3777 {
3778 case IGNORE:
3779 break;
3780 case TIFFTAG_MINSAMPLEVALUE:
3781 case TIFFTAG_MAXSAMPLEVALUE:
3782 case TIFFTAG_BITSPERSAMPLE:
3783 case TIFFTAG_DATATYPE:
3784 case TIFFTAG_SAMPLEFORMAT:
3785 /*
3786 * The MinSampleValue, MaxSampleValue, BitsPerSample
3787 * DataType and SampleFormat tags are supposed to be
3788 * written as one value/sample, but some vendors
3789 * incorrectly write one value only -- so we accept
3790 * that as well (yuck). Other vendors write correct
3791 * value for NumberOfSamples, but incorrect one for
3792 * BitsPerSample and friends, and we will read this
3793 * too.
3794 */
3795 {
3796 uint16 value;
3797 enum TIFFReadDirEntryErr err;
3798 err=TIFFReadDirEntryShort(tif,dp,&value);
3799 if (err==TIFFReadDirEntryErrCount)
3800 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3801 if (err!=TIFFReadDirEntryErrOk)
3802 {
3803 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3804 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3805 goto bad;
3806 }
3807 if (!TIFFSetField(tif,dp->tdir_tag,value))
3808 goto bad;
3809 if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE )
3810 bitspersample_read = TRUE;
3811 }
3812 break;
3813 case TIFFTAG_SMINSAMPLEVALUE:
3814 case TIFFTAG_SMAXSAMPLEVALUE:
3815 {
3816
3817 double *data = NULL;
3818 enum TIFFReadDirEntryErr err;
3819 uint32 saved_flags;
3820 int m;
3821 if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel)
3822 err = TIFFReadDirEntryErrCount;
3823 else
3824 err = TIFFReadDirEntryDoubleArray(tif, dp, &data);
3825 if (err!=TIFFReadDirEntryErrOk)
3826 {
3827 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3828 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3829 goto bad;
3830 }
3831 saved_flags = tif->tif_flags;
3832 tif->tif_flags |= TIFF_PERSAMPLE;
3833 m = TIFFSetField(tif,dp->tdir_tag,data);
3834 tif->tif_flags = saved_flags;
3835 _TIFFfree(data);
3836 if (!m)
3837 goto bad;
3838 }
3839 break;
3840 case TIFFTAG_STRIPOFFSETS:
3841 case TIFFTAG_TILEOFFSETS:
3842 #if defined(DEFER_STRILE_LOAD)
3843 _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry),
3844 dp, sizeof(TIFFDirEntry) );
3845 #else
3846 if( tif->tif_dir.td_stripoffset != NULL )
3847 {
3848 TIFFErrorExt(tif->tif_clientdata, module,
3849 "tif->tif_dir.td_stripoffset is "
3850 "already allocated. Likely duplicated "
3851 "StripOffsets/TileOffsets tag");
3852 goto bad;
3853 }
3854 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset))
3855 goto bad;
3856 #endif
3857 break;
3858 case TIFFTAG_STRIPBYTECOUNTS:
3859 case TIFFTAG_TILEBYTECOUNTS:
3860 #if defined(DEFER_STRILE_LOAD)
3861 _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry),
3862 dp, sizeof(TIFFDirEntry) );
3863 #else
3864 if( tif->tif_dir.td_stripbytecount != NULL )
3865 {
3866 TIFFErrorExt(tif->tif_clientdata, module,
3867 "tif->tif_dir.td_stripbytecount is "
3868 "already allocated. Likely duplicated "
3869 "StripByteCounts/TileByteCounts tag");
3870 goto bad;
3871 }
3872 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount))
3873 goto bad;
3874 #endif
3875 break;
3876 case TIFFTAG_COLORMAP:
3877 case TIFFTAG_TRANSFERFUNCTION:
3878 {
3879 enum TIFFReadDirEntryErr err;
3880 uint32 countpersample;
3881 uint32 countrequired;
3882 uint32 incrementpersample;
3883 uint16* value=NULL;
3884 /* It would be dangerous to instantiate those tag values */
3885 /* since if td_bitspersample has not yet been read (due to */
3886 /* unordered tags), it could be read afterwards with a */
3887 /* values greater than the default one (1), which may cause */
3888 /* crashes in user code */
3889 if( !bitspersample_read )
3890 {
3891 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3892 TIFFWarningExt(tif->tif_clientdata,module,
3893 "Ignoring %s since BitsPerSample tag not found",
3894 fip ? fip->field_name : "unknown tagname");
3895 continue;
3896 }
3897 /* ColorMap or TransferFunction for high bit */
3898 /* depths do not make much sense and could be */
3899 /* used as a denial of service vector */
3900 if (tif->tif_dir.td_bitspersample > 24)
3901 {
3902 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3903 TIFFWarningExt(tif->tif_clientdata,module,
3904 "Ignoring %s because BitsPerSample=%d>24",
3905 fip ? fip->field_name : "unknown tagname",
3906 tif->tif_dir.td_bitspersample);
3907 continue;
3908 }
3909 countpersample=(1U<<tif->tif_dir.td_bitspersample);
3910 if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
3911 {
3912 countrequired=countpersample;
3913 incrementpersample=0;
3914 }
3915 else
3916 {
3917 countrequired=3*countpersample;
3918 incrementpersample=countpersample;
3919 }
3920 if (dp->tdir_count!=(uint64)countrequired)
3921 err=TIFFReadDirEntryErrCount;
3922 else
3923 err=TIFFReadDirEntryShortArray(tif,dp,&value);
3924 if (err!=TIFFReadDirEntryErrOk)
3925 {
3926 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3927 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1);
3928 }
3929 else
3930 {
3931 TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample);
3932 _TIFFfree(value);
3933 }
3934 }
3935 break;
3936 /* BEGIN REV 4.0 COMPATIBILITY */
3937 case TIFFTAG_OSUBFILETYPE:
3938 {
3939 uint16 valueo;
3940 uint32 value;
3941 if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk)
3942 {
3943 switch (valueo)
3944 {
3945 case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break;
3946 case OFILETYPE_PAGE: value=FILETYPE_PAGE; break;
3947 default: value=0; break;
3948 }
3949 if (value!=0)
3950 TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value);
3951 }
3952 }
3953 break;
3954 /* END REV 4.0 COMPATIBILITY */
3955 default:
3956 (void) TIFFFetchNormalTag(tif, dp, TRUE);
3957 break;
3958 }
3959 }
3960 /*
3961 * OJPEG hack:
3962 * - If a) compression is OJPEG, and b) photometric tag is missing,
3963 * then we consistently find that photometric should be YCbCr
3964 * - If a) compression is OJPEG, and b) photometric tag says it's RGB,
3965 * then we consistently find that the buggy implementation of the
3966 * buggy compression scheme matches photometric YCbCr instead.
3967 * - If a) compression is OJPEG, and b) bitspersample tag is missing,
3968 * then we consistently find bitspersample should be 8.
3969 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3970 * and c) photometric is RGB or YCbCr, then we consistently find
3971 * samplesperpixel should be 3
3972 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3973 * and c) photometric is MINISWHITE or MINISBLACK, then we consistently
3974 * find samplesperpixel should be 3
3975 */
3976 if (tif->tif_dir.td_compression==COMPRESSION_OJPEG)
3977 {
3978 if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC))
3979 {
3980 TIFFWarningExt(tif->tif_clientdata, module,
3981 "Photometric tag is missing, assuming data is YCbCr");
3982 if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR))
3983 goto bad;
3984 }
3985 else if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
3986 {
3987 tif->tif_dir.td_photometric=PHOTOMETRIC_YCBCR;
3988 TIFFWarningExt(tif->tif_clientdata, module,
3989 "Photometric tag value assumed incorrect, "
3990 "assuming data is YCbCr instead of RGB");
3991 }
3992 if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE))
3993 {
3994 TIFFWarningExt(tif->tif_clientdata,module,
3995 "BitsPerSample tag is missing, assuming 8 bits per sample");
3996 if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8))
3997 goto bad;
3998 }
3999 if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL))
4000 {
4001 if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
4002 {
4003 TIFFWarningExt(tif->tif_clientdata,module,
4004 "SamplesPerPixel tag is missing, "
4005 "assuming correct SamplesPerPixel value is 3");
4006 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
4007 goto bad;
4008 }
4009 if (tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR)
4010 {
4011 TIFFWarningExt(tif->tif_clientdata,module,
4012 "SamplesPerPixel tag is missing, "
4013 "applying correct SamplesPerPixel value of 3");
4014 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
4015 goto bad;
4016 }
4017 else if ((tif->tif_dir.td_photometric==PHOTOMETRIC_MINISWHITE)
4018 || (tif->tif_dir.td_photometric==PHOTOMETRIC_MINISBLACK))
4019 {
4020 /*
4021 * SamplesPerPixel tag is missing, but is not required
4022 * by spec. Assume correct SamplesPerPixel value of 1.
4023 */
4024 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1))
4025 goto bad;
4026 }
4027 }
4028 }
4029 /*
4030 * Verify Palette image has a Colormap.
4031 */
4032 if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE &&
4033 !TIFFFieldSet(tif, FIELD_COLORMAP)) {
4034 if ( tif->tif_dir.td_bitspersample>=8 && tif->tif_dir.td_samplesperpixel==3)
4035 tif->tif_dir.td_photometric = PHOTOMETRIC_RGB;
4036 else if (tif->tif_dir.td_bitspersample>=8)
4037 tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK;
4038 else {
4039 MissingRequired(tif, "Colormap");
4040 goto bad;
4041 }
4042 }
4043 /*
4044 * OJPEG hack:
4045 * We do no further messing with strip/tile offsets/bytecounts in OJPEG
4046 * TIFFs
4047 */
4048 if (tif->tif_dir.td_compression!=COMPRESSION_OJPEG)
4049 {
4050 /*
4051 * Attempt to deal with a missing StripByteCounts tag.
4052 */
4053 if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) {
4054 /*
4055 * Some manufacturers violate the spec by not giving
4056 * the size of the strips. In this case, assume there
4057 * is one uncompressed strip of data.
4058 */
4059 if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG &&
4060 tif->tif_dir.td_nstrips > 1) ||
4061 (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE &&
4062 tif->tif_dir.td_nstrips != (uint32)tif->tif_dir.td_samplesperpixel)) {
4063 MissingRequired(tif, "StripByteCounts");
4064 goto bad;
4065 }
4066 TIFFWarningExt(tif->tif_clientdata, module,
4067 "TIFF directory is missing required "
4068 "\"StripByteCounts\" field, calculating from imagelength");
4069 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
4070 goto bad;
4071 /*
4072 * Assume we have wrong StripByteCount value (in case
4073 * of single strip) in following cases:
4074 * - it is equal to zero along with StripOffset;
4075 * - it is larger than file itself (in case of uncompressed
4076 * image);
4077 * - it is smaller than the size of the bytes per row
4078 * multiplied on the number of rows. The last case should
4079 * not be checked in the case of writing new image,
4080 * because we may do not know the exact strip size
4081 * until the whole image will be written and directory
4082 * dumped out.
4083 */
4084 #define BYTECOUNTLOOKSBAD \
4085 ( (tif->tif_dir.td_stripbytecount[0] == 0 && tif->tif_dir.td_stripoffset[0] != 0) || \
4086 (tif->tif_dir.td_compression == COMPRESSION_NONE && \
4087 (tif->tif_dir.td_stripoffset[0] <= TIFFGetFileSize(tif) && \
4088 tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0])) || \
4089 (tif->tif_mode == O_RDONLY && \
4090 tif->tif_dir.td_compression == COMPRESSION_NONE && \
4091 tif->tif_dir.td_stripbytecount[0] < TIFFScanlineSize64(tif) * tif->tif_dir.td_imagelength) )
4092
4093 } else if (tif->tif_dir.td_nstrips == 1
4094 && !(tif->tif_flags&TIFF_ISTILED)
4095 && _TIFFFillStriles(tif)
4096 && tif->tif_dir.td_stripoffset[0] != 0
4097 && BYTECOUNTLOOKSBAD) {
4098 /*
4099 * XXX: Plexus (and others) sometimes give a value of
4100 * zero for a tag when they don't know what the
4101 * correct value is! Try and handle the simple case
4102 * of estimating the size of a one strip image.
4103 */
4104 TIFFWarningExt(tif->tif_clientdata, module,
4105 "Bogus \"StripByteCounts\" field, ignoring and calculating from imagelength");
4106 if(EstimateStripByteCounts(tif, dir, dircount) < 0)
4107 goto bad;
4108
4109 #if !defined(DEFER_STRILE_LOAD)
4110 } else if (tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG
4111 && tif->tif_dir.td_nstrips > 2
4112 && tif->tif_dir.td_compression == COMPRESSION_NONE
4113 && tif->tif_dir.td_stripbytecount[0] != tif->tif_dir.td_stripbytecount[1]
4114 && tif->tif_dir.td_stripbytecount[0] != 0
4115 && tif->tif_dir.td_stripbytecount[1] != 0 ) {
4116 /*
4117 * XXX: Some vendors fill StripByteCount array with
4118 * absolutely wrong values (it can be equal to
4119 * StripOffset array, for example). Catch this case
4120 * here.
4121 *
4122 * We avoid this check if deferring strile loading
4123 * as it would always force us to load the strip/tile
4124 * information.
4125 */
4126 TIFFWarningExt(tif->tif_clientdata, module,
4127 "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength");
4128 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
4129 goto bad;
4130 #endif /* !defined(DEFER_STRILE_LOAD) */
4131 }
4132 }
4133 if (dir)
4134 {
4135 _TIFFfree(dir);
4136 dir=NULL;
4137 }
4138 if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE))
4139 {
4140 if (tif->tif_dir.td_bitspersample>=16)
4141 tif->tif_dir.td_maxsamplevalue=0xFFFF;
4142 else
4143 tif->tif_dir.td_maxsamplevalue = (uint16)((1L<<tif->tif_dir.td_bitspersample)-1);
4144 }
4145 /*
4146 * XXX: We can optimize checking for the strip bounds using the sorted
4147 * bytecounts array. See also comments for TIFFAppendToStrip()
4148 * function in tif_write.c.
4149 */
4150 #if !defined(DEFER_STRILE_LOAD)
4151 if (tif->tif_dir.td_nstrips > 1) {
4152 uint32 strip;
4153
4154 tif->tif_dir.td_stripbytecountsorted = 1;
4155 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
4156 if (tif->tif_dir.td_stripoffset[strip - 1] >
4157 tif->tif_dir.td_stripoffset[strip]) {
4158 tif->tif_dir.td_stripbytecountsorted = 0;
4159 break;
4160 }
4161 }
4162 }
4163 #endif /* !defined(DEFER_STRILE_LOAD) */
4164
4165 /*
4166 * An opportunity for compression mode dependent tag fixup
4167 */
4168 (*tif->tif_fixuptags)(tif);
4169
4170 /*
4171 * Some manufacturers make life difficult by writing
4172 * large amounts of uncompressed data as a single strip.
4173 * This is contrary to the recommendations of the spec.
4174 * The following makes an attempt at breaking such images
4175 * into strips closer to the recommended 8k bytes. A
4176 * side effect, however, is that the RowsPerStrip tag
4177 * value may be changed.
4178 */
4179 if ((tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&&
4180 (tif->tif_dir.td_nstrips==1)&&
4181 (tif->tif_dir.td_compression==COMPRESSION_NONE)&&
4182 ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP))
4183 {
4184 if ( !_TIFFFillStriles(tif) || !tif->tif_dir.td_stripbytecount )
4185 return 0;
4186 ChopUpSingleUncompressedStrip(tif);
4187 }
4188
4189 /*
4190 * Clear the dirty directory flag.
4191 */
4192 tif->tif_flags &= ~TIFF_DIRTYDIRECT;
4193 tif->tif_flags &= ~TIFF_DIRTYSTRIP;
4194
4195 /*
4196 * Reinitialize i/o since we are starting on a new directory.
4197 */
4198 tif->tif_row = (uint32) -1;
4199 tif->tif_curstrip = (uint32) -1;
4200 tif->tif_col = (uint32) -1;
4201 tif->tif_curtile = (uint32) -1;
4202 tif->tif_tilesize = (tmsize_t) -1;
4203
4204 tif->tif_scanlinesize = TIFFScanlineSize(tif);
4205 if (!tif->tif_scanlinesize) {
4206 TIFFErrorExt(tif->tif_clientdata, module,
4207 "Cannot handle zero scanline size");
4208 return (0);
4209 }
4210
4211 if (isTiled(tif)) {
4212 tif->tif_tilesize = TIFFTileSize(tif);
4213 if (!tif->tif_tilesize) {
4214 TIFFErrorExt(tif->tif_clientdata, module,
4215 "Cannot handle zero tile size");
4216 return (0);
4217 }
4218 } else {
4219 if (!TIFFStripSize(tif)) {
4220 TIFFErrorExt(tif->tif_clientdata, module,
4221 "Cannot handle zero strip size");
4222 return (0);
4223 }
4224 }
4225 return (1);
4226 bad:
4227 if (dir)
4228 _TIFFfree(dir);
4229 return (0);
4230 }
4231
4232 static void
TIFFReadDirectoryCheckOrder(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4233 TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4234 {
4235 static const char module[] = "TIFFReadDirectoryCheckOrder";
4236 uint16 m;
4237 uint16 n;
4238 TIFFDirEntry* o;
4239 m=0;
4240 for (n=0, o=dir; n<dircount; n++, o++)
4241 {
4242 if (o->tdir_tag<m)
4243 {
4244 TIFFWarningExt(tif->tif_clientdata,module,
4245 "Invalid TIFF directory; tags are not sorted in ascending order");
4246 break;
4247 }
4248 m=o->tdir_tag+1;
4249 }
4250 }
4251
4252 static TIFFDirEntry*
TIFFReadDirectoryFindEntry(TIFF * tif,TIFFDirEntry * dir,uint16 dircount,uint16 tagid)4253 TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid)
4254 {
4255 TIFFDirEntry* m;
4256 uint16 n;
4257 (void) tif;
4258 for (m=dir, n=0; n<dircount; m++, n++)
4259 {
4260 if (m->tdir_tag==tagid)
4261 return(m);
4262 }
4263 return(0);
4264 }
4265
4266 static void
TIFFReadDirectoryFindFieldInfo(TIFF * tif,uint16 tagid,uint32 * fii)4267 TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii)
4268 {
4269 int32 ma,mb,mc;
4270 ma=-1;
4271 mc=(int32)tif->tif_nfields;
4272 while (1)
4273 {
4274 if (ma+1==mc)
4275 {
4276 *fii = FAILED_FII;
4277 return;
4278 }
4279 mb=(ma+mc)/2;
4280 if (tif->tif_fields[mb]->field_tag==(uint32)tagid)
4281 break;
4282 if (tif->tif_fields[mb]->field_tag<(uint32)tagid)
4283 ma=mb;
4284 else
4285 mc=mb;
4286 }
4287 while (1)
4288 {
4289 if (mb==0)
4290 break;
4291 if (tif->tif_fields[mb-1]->field_tag!=(uint32)tagid)
4292 break;
4293 mb--;
4294 }
4295 *fii=mb;
4296 }
4297
4298 /*
4299 * Read custom directory from the arbitrary offset.
4300 * The code is very similar to TIFFReadDirectory().
4301 */
4302 int
TIFFReadCustomDirectory(TIFF * tif,toff_t diroff,const TIFFFieldArray * infoarray)4303 TIFFReadCustomDirectory(TIFF* tif, toff_t diroff,
4304 const TIFFFieldArray* infoarray)
4305 {
4306 static const char module[] = "TIFFReadCustomDirectory";
4307 TIFFDirEntry* dir;
4308 uint16 dircount;
4309 TIFFDirEntry* dp;
4310 uint16 di;
4311 const TIFFField* fip;
4312 uint32 fii;
4313 _TIFFSetupFields(tif, infoarray);
4314 dircount=TIFFFetchDirectory(tif,diroff,&dir,NULL);
4315 if (!dircount)
4316 {
4317 TIFFErrorExt(tif->tif_clientdata,module,
4318 "Failed to read custom directory at offset " TIFF_UINT64_FORMAT,diroff);
4319 return 0;
4320 }
4321 TIFFFreeDirectory(tif);
4322 _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory));
4323 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
4324 for (di=0, dp=dir; di<dircount; di++, dp++)
4325 {
4326 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4327 if (fii == FAILED_FII)
4328 {
4329 TIFFWarningExt(tif->tif_clientdata, module,
4330 "Unknown field with tag %d (0x%x) encountered",
4331 dp->tdir_tag, dp->tdir_tag);
4332 if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif,
4333 dp->tdir_tag,
4334 (TIFFDataType) dp->tdir_type),
4335 1)) {
4336 TIFFWarningExt(tif->tif_clientdata, module,
4337 "Registering anonymous field with tag %d (0x%x) failed",
4338 dp->tdir_tag, dp->tdir_tag);
4339 dp->tdir_tag=IGNORE;
4340 } else {
4341 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4342 assert( fii != FAILED_FII );
4343 }
4344 }
4345 if (dp->tdir_tag!=IGNORE)
4346 {
4347 fip=tif->tif_fields[fii];
4348 if (fip->field_bit==FIELD_IGNORE)
4349 dp->tdir_tag=IGNORE;
4350 else
4351 {
4352 /* check data type */
4353 while ((fip->field_type!=TIFF_ANY)&&(fip->field_type!=dp->tdir_type))
4354 {
4355 fii++;
4356 if ((fii==tif->tif_nfields)||
4357 (tif->tif_fields[fii]->field_tag!=(uint32)dp->tdir_tag))
4358 {
4359 fii=0xFFFF;
4360 break;
4361 }
4362 fip=tif->tif_fields[fii];
4363 }
4364 if (fii==0xFFFF)
4365 {
4366 TIFFWarningExt(tif->tif_clientdata, module,
4367 "Wrong data type %d for \"%s\"; tag ignored",
4368 dp->tdir_type,fip->field_name);
4369 dp->tdir_tag=IGNORE;
4370 }
4371 else
4372 {
4373 /* check count if known in advance */
4374 if ((fip->field_readcount!=TIFF_VARIABLE)&&
4375 (fip->field_readcount!=TIFF_VARIABLE2))
4376 {
4377 uint32 expected;
4378 if (fip->field_readcount==TIFF_SPP)
4379 expected=(uint32)tif->tif_dir.td_samplesperpixel;
4380 else
4381 expected=(uint32)fip->field_readcount;
4382 if (!CheckDirCount(tif,dp,expected))
4383 dp->tdir_tag=IGNORE;
4384 }
4385 }
4386 }
4387 switch (dp->tdir_tag)
4388 {
4389 case IGNORE:
4390 break;
4391 case EXIFTAG_SUBJECTDISTANCE:
4392 (void) TIFFFetchSubjectDistance(tif,dp);
4393 break;
4394 default:
4395 (void) TIFFFetchNormalTag(tif, dp, TRUE);
4396 break;
4397 }
4398 }
4399 }
4400 if (dir)
4401 _TIFFfree(dir);
4402 return 1;
4403 }
4404
4405 /*
4406 * EXIF is important special case of custom IFD, so we have a special
4407 * function to read it.
4408 */
4409 int
TIFFReadEXIFDirectory(TIFF * tif,toff_t diroff)4410 TIFFReadEXIFDirectory(TIFF* tif, toff_t diroff)
4411 {
4412 const TIFFFieldArray* exifFieldArray;
4413 exifFieldArray = _TIFFGetExifFields();
4414 return TIFFReadCustomDirectory(tif, diroff, exifFieldArray);
4415 }
4416
4417 static int
EstimateStripByteCounts(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4418 EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4419 {
4420 static const char module[] = "EstimateStripByteCounts";
4421
4422 TIFFDirEntry *dp;
4423 TIFFDirectory *td = &tif->tif_dir;
4424 uint32 strip;
4425
4426 /* Do not try to load stripbytecount as we will compute it */
4427 if( !_TIFFFillStrilesInternal( tif, 0 ) )
4428 return -1;
4429
4430 if (td->td_stripbytecount)
4431 _TIFFfree(td->td_stripbytecount);
4432 td->td_stripbytecount = (uint64*)
4433 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
4434 "for \"StripByteCounts\" array");
4435 if( td->td_stripbytecount == NULL )
4436 return -1;
4437
4438 if (td->td_compression != COMPRESSION_NONE) {
4439 uint64 space;
4440 uint64 filesize;
4441 uint16 n;
4442 filesize = TIFFGetFileSize(tif);
4443 if (!(tif->tif_flags&TIFF_BIGTIFF))
4444 space=sizeof(TIFFHeaderClassic)+2+dircount*12+4;
4445 else
4446 space=sizeof(TIFFHeaderBig)+8+dircount*20+8;
4447 /* calculate amount of space used by indirect values */
4448 for (dp = dir, n = dircount; n > 0; n--, dp++)
4449 {
4450 uint32 typewidth;
4451 uint64 datasize;
4452 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4453 if (typewidth == 0) {
4454 TIFFErrorExt(tif->tif_clientdata, module,
4455 "Cannot determine size of unknown tag type %d",
4456 dp->tdir_type);
4457 return -1;
4458 }
4459 datasize=(uint64)typewidth*dp->tdir_count;
4460 if (!(tif->tif_flags&TIFF_BIGTIFF))
4461 {
4462 if (datasize<=4)
4463 datasize=0;
4464 }
4465 else
4466 {
4467 if (datasize<=8)
4468 datasize=0;
4469 }
4470 space+=datasize;
4471 }
4472 if( filesize < space )
4473 /* we should perhaps return in error ? */
4474 space = filesize;
4475 else
4476 space = filesize - space;
4477 if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
4478 space /= td->td_samplesperpixel;
4479 for (strip = 0; strip < td->td_nstrips; strip++)
4480 td->td_stripbytecount[strip] = space;
4481 /*
4482 * This gross hack handles the case were the offset to
4483 * the last strip is past the place where we think the strip
4484 * should begin. Since a strip of data must be contiguous,
4485 * it's safe to assume that we've overestimated the amount
4486 * of data in the strip and trim this number back accordingly.
4487 */
4488 strip--;
4489 if (td->td_stripoffset[strip]+td->td_stripbytecount[strip] > filesize)
4490 td->td_stripbytecount[strip] = filesize - td->td_stripoffset[strip];
4491 } else if (isTiled(tif)) {
4492 uint64 bytespertile = TIFFTileSize64(tif);
4493
4494 for (strip = 0; strip < td->td_nstrips; strip++)
4495 td->td_stripbytecount[strip] = bytespertile;
4496 } else {
4497 uint64 rowbytes = TIFFScanlineSize64(tif);
4498 uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage;
4499 for (strip = 0; strip < td->td_nstrips; strip++)
4500 td->td_stripbytecount[strip] = rowbytes * rowsperstrip;
4501 }
4502 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS);
4503 if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP))
4504 td->td_rowsperstrip = td->td_imagelength;
4505 return 1;
4506 }
4507
4508 static void
MissingRequired(TIFF * tif,const char * tagname)4509 MissingRequired(TIFF* tif, const char* tagname)
4510 {
4511 static const char module[] = "MissingRequired";
4512
4513 TIFFErrorExt(tif->tif_clientdata, module,
4514 "TIFF directory is missing required \"%s\" field",
4515 tagname);
4516 }
4517
4518 /*
4519 * Check the directory offset against the list of already seen directory
4520 * offsets. This is a trick to prevent IFD looping. The one can create TIFF
4521 * file with looped directory pointers. We will maintain a list of already
4522 * seen directories and check every IFD offset against that list.
4523 */
4524 static int
TIFFCheckDirOffset(TIFF * tif,uint64 diroff)4525 TIFFCheckDirOffset(TIFF* tif, uint64 diroff)
4526 {
4527 uint16 n;
4528
4529 if (diroff == 0) /* no more directories */
4530 return 0;
4531 if (tif->tif_dirnumber == 65535) {
4532 TIFFErrorExt(tif->tif_clientdata, "TIFFCheckDirOffset",
4533 "Cannot handle more than 65535 TIFF directories");
4534 return 0;
4535 }
4536
4537 for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) {
4538 if (tif->tif_dirlist[n] == diroff)
4539 return 0;
4540 }
4541
4542 tif->tif_dirnumber++;
4543
4544 if (tif->tif_dirlist == NULL || tif->tif_dirnumber > tif->tif_dirlistsize) {
4545 uint64* new_dirlist;
4546
4547 /*
4548 * XXX: Reduce memory allocation granularity of the dirlist
4549 * array.
4550 */
4551 new_dirlist = (uint64*)_TIFFCheckRealloc(tif, tif->tif_dirlist,
4552 tif->tif_dirnumber, 2 * sizeof(uint64), "for IFD list");
4553 if (!new_dirlist)
4554 return 0;
4555 if( tif->tif_dirnumber >= 32768 )
4556 tif->tif_dirlistsize = 65535;
4557 else
4558 tif->tif_dirlistsize = 2 * tif->tif_dirnumber;
4559 tif->tif_dirlist = new_dirlist;
4560 }
4561
4562 tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff;
4563
4564 return 1;
4565 }
4566
4567 /*
4568 * Check the count field of a directory entry against a known value. The
4569 * caller is expected to skip/ignore the tag if there is a mismatch.
4570 */
4571 static int
CheckDirCount(TIFF * tif,TIFFDirEntry * dir,uint32 count)4572 CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count)
4573 {
4574 if ((uint64)count > dir->tdir_count) {
4575 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4576 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4577 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag ignored",
4578 fip ? fip->field_name : "unknown tagname",
4579 dir->tdir_count, count);
4580 return (0);
4581 } else if ((uint64)count < dir->tdir_count) {
4582 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4583 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4584 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag trimmed",
4585 fip ? fip->field_name : "unknown tagname",
4586 dir->tdir_count, count);
4587 dir->tdir_count = count;
4588 return (1);
4589 }
4590 return (1);
4591 }
4592
4593 /*
4594 * Read IFD structure from the specified offset. If the pointer to
4595 * nextdiroff variable has been specified, read it too. Function returns a
4596 * number of fields in the directory or 0 if failed.
4597 */
4598 static uint16
TIFFFetchDirectory(TIFF * tif,uint64 diroff,TIFFDirEntry ** pdir,uint64 * nextdiroff)4599 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
4600 uint64 *nextdiroff)
4601 {
4602 static const char module[] = "TIFFFetchDirectory";
4603
4604 void* origdir;
4605 uint16 dircount16;
4606 uint32 dirsize;
4607 TIFFDirEntry* dir;
4608 uint8* ma;
4609 TIFFDirEntry* mb;
4610 uint16 n;
4611
4612 assert(pdir);
4613
4614 tif->tif_diroff = diroff;
4615 if (nextdiroff)
4616 *nextdiroff = 0;
4617 if (!isMapped(tif)) {
4618 if (!SeekOK(tif, tif->tif_diroff)) {
4619 TIFFErrorExt(tif->tif_clientdata, module,
4620 "%s: Seek error accessing TIFF directory",
4621 tif->tif_name);
4622 return 0;
4623 }
4624 if (!(tif->tif_flags&TIFF_BIGTIFF))
4625 {
4626 if (!ReadOK(tif, &dircount16, sizeof (uint16))) {
4627 TIFFErrorExt(tif->tif_clientdata, module,
4628 "%s: Can not read TIFF directory count",
4629 tif->tif_name);
4630 return 0;
4631 }
4632 if (tif->tif_flags & TIFF_SWAB)
4633 TIFFSwabShort(&dircount16);
4634 if (dircount16>4096)
4635 {
4636 TIFFErrorExt(tif->tif_clientdata, module,
4637 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4638 return 0;
4639 }
4640 dirsize = 12;
4641 } else {
4642 uint64 dircount64;
4643 if (!ReadOK(tif, &dircount64, sizeof (uint64))) {
4644 TIFFErrorExt(tif->tif_clientdata, module,
4645 "%s: Can not read TIFF directory count",
4646 tif->tif_name);
4647 return 0;
4648 }
4649 if (tif->tif_flags & TIFF_SWAB)
4650 TIFFSwabLong8(&dircount64);
4651 if (dircount64>4096)
4652 {
4653 TIFFErrorExt(tif->tif_clientdata, module,
4654 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4655 return 0;
4656 }
4657 dircount16 = (uint16)dircount64;
4658 dirsize = 20;
4659 }
4660 origdir = _TIFFCheckMalloc(tif, dircount16,
4661 dirsize, "to read TIFF directory");
4662 if (origdir == NULL)
4663 return 0;
4664 if (!ReadOK(tif, origdir, (tmsize_t)(dircount16*dirsize))) {
4665 TIFFErrorExt(tif->tif_clientdata, module,
4666 "%.100s: Can not read TIFF directory",
4667 tif->tif_name);
4668 _TIFFfree(origdir);
4669 return 0;
4670 }
4671 /*
4672 * Read offset to next directory for sequential scans if
4673 * needed.
4674 */
4675 if (nextdiroff)
4676 {
4677 if (!(tif->tif_flags&TIFF_BIGTIFF))
4678 {
4679 uint32 nextdiroff32;
4680 if (!ReadOK(tif, &nextdiroff32, sizeof(uint32)))
4681 nextdiroff32 = 0;
4682 if (tif->tif_flags&TIFF_SWAB)
4683 TIFFSwabLong(&nextdiroff32);
4684 *nextdiroff=nextdiroff32;
4685 } else {
4686 if (!ReadOK(tif, nextdiroff, sizeof(uint64)))
4687 *nextdiroff = 0;
4688 if (tif->tif_flags&TIFF_SWAB)
4689 TIFFSwabLong8(nextdiroff);
4690 }
4691 }
4692 } else {
4693 tmsize_t m;
4694 tmsize_t off = (tmsize_t) tif->tif_diroff;
4695 if ((uint64)off!=tif->tif_diroff)
4696 {
4697 TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count");
4698 return(0);
4699 }
4700
4701 /*
4702 * Check for integer overflow when validating the dir_off,
4703 * otherwise a very high offset may cause an OOB read and
4704 * crash the client. Make two comparisons instead of
4705 *
4706 * off + sizeof(uint16) > tif->tif_size
4707 *
4708 * to avoid overflow.
4709 */
4710 if (!(tif->tif_flags&TIFF_BIGTIFF))
4711 {
4712 m=off+sizeof(uint16);
4713 if ((m<off)||(m<(tmsize_t)sizeof(uint16))||(m>tif->tif_size)) {
4714 TIFFErrorExt(tif->tif_clientdata, module,
4715 "Can not read TIFF directory count");
4716 return 0;
4717 } else {
4718 _TIFFmemcpy(&dircount16, tif->tif_base + off,
4719 sizeof(uint16));
4720 }
4721 off += sizeof (uint16);
4722 if (tif->tif_flags & TIFF_SWAB)
4723 TIFFSwabShort(&dircount16);
4724 if (dircount16>4096)
4725 {
4726 TIFFErrorExt(tif->tif_clientdata, module,
4727 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4728 return 0;
4729 }
4730 dirsize = 12;
4731 }
4732 else
4733 {
4734 uint64 dircount64;
4735 m=off+sizeof(uint64);
4736 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size)) {
4737 TIFFErrorExt(tif->tif_clientdata, module,
4738 "Can not read TIFF directory count");
4739 return 0;
4740 } else {
4741 _TIFFmemcpy(&dircount64, tif->tif_base + off,
4742 sizeof(uint64));
4743 }
4744 off += sizeof (uint64);
4745 if (tif->tif_flags & TIFF_SWAB)
4746 TIFFSwabLong8(&dircount64);
4747 if (dircount64>4096)
4748 {
4749 TIFFErrorExt(tif->tif_clientdata, module,
4750 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4751 return 0;
4752 }
4753 dircount16 = (uint16)dircount64;
4754 dirsize = 20;
4755 }
4756 if (dircount16 == 0 )
4757 {
4758 TIFFErrorExt(tif->tif_clientdata, module,
4759 "Sanity check on directory count failed, zero tag directories not supported");
4760 return 0;
4761 }
4762 origdir = _TIFFCheckMalloc(tif, dircount16,
4763 dirsize,
4764 "to read TIFF directory");
4765 if (origdir == NULL)
4766 return 0;
4767 m=off+dircount16*dirsize;
4768 if ((m<off)||(m<(tmsize_t)(dircount16*dirsize))||(m>tif->tif_size)) {
4769 TIFFErrorExt(tif->tif_clientdata, module,
4770 "Can not read TIFF directory");
4771 _TIFFfree(origdir);
4772 return 0;
4773 } else {
4774 _TIFFmemcpy(origdir, tif->tif_base + off,
4775 dircount16 * dirsize);
4776 }
4777 if (nextdiroff) {
4778 off += dircount16 * dirsize;
4779 if (!(tif->tif_flags&TIFF_BIGTIFF))
4780 {
4781 uint32 nextdiroff32;
4782 m=off+sizeof(uint32);
4783 if ((m<off)||(m<(tmsize_t)sizeof(uint32))||(m>tif->tif_size))
4784 nextdiroff32 = 0;
4785 else
4786 _TIFFmemcpy(&nextdiroff32, tif->tif_base + off,
4787 sizeof (uint32));
4788 if (tif->tif_flags&TIFF_SWAB)
4789 TIFFSwabLong(&nextdiroff32);
4790 *nextdiroff = nextdiroff32;
4791 }
4792 else
4793 {
4794 m=off+sizeof(uint64);
4795 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size))
4796 *nextdiroff = 0;
4797 else
4798 _TIFFmemcpy(nextdiroff, tif->tif_base + off,
4799 sizeof (uint64));
4800 if (tif->tif_flags&TIFF_SWAB)
4801 TIFFSwabLong8(nextdiroff);
4802 }
4803 }
4804 }
4805 dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16,
4806 sizeof(TIFFDirEntry),
4807 "to read TIFF directory");
4808 if (dir==0)
4809 {
4810 _TIFFfree(origdir);
4811 return 0;
4812 }
4813 ma=(uint8*)origdir;
4814 mb=dir;
4815 for (n=0; n<dircount16; n++)
4816 {
4817 if (tif->tif_flags&TIFF_SWAB)
4818 TIFFSwabShort((uint16*)ma);
4819 mb->tdir_tag=*(uint16*)ma;
4820 ma+=sizeof(uint16);
4821 if (tif->tif_flags&TIFF_SWAB)
4822 TIFFSwabShort((uint16*)ma);
4823 mb->tdir_type=*(uint16*)ma;
4824 ma+=sizeof(uint16);
4825 if (!(tif->tif_flags&TIFF_BIGTIFF))
4826 {
4827 if (tif->tif_flags&TIFF_SWAB)
4828 TIFFSwabLong((uint32*)ma);
4829 mb->tdir_count=(uint64)(*(uint32*)ma);
4830 ma+=sizeof(uint32);
4831 *(uint32*)(&mb->tdir_offset)=*(uint32*)ma;
4832 ma+=sizeof(uint32);
4833 }
4834 else
4835 {
4836 if (tif->tif_flags&TIFF_SWAB)
4837 TIFFSwabLong8((uint64*)ma);
4838 mb->tdir_count=TIFFReadUInt64(ma);
4839 ma+=sizeof(uint64);
4840 mb->tdir_offset.toff_long8=TIFFReadUInt64(ma);
4841 ma+=sizeof(uint64);
4842 }
4843 mb++;
4844 }
4845 _TIFFfree(origdir);
4846 *pdir = dir;
4847 return dircount16;
4848 }
4849
4850 /*
4851 * Fetch a tag that is not handled by special case code.
4852 */
4853 static int
TIFFFetchNormalTag(TIFF * tif,TIFFDirEntry * dp,int recover)4854 TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
4855 {
4856 static const char module[] = "TIFFFetchNormalTag";
4857 enum TIFFReadDirEntryErr err;
4858 uint32 fii;
4859 const TIFFField* fip = NULL;
4860 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4861 if( fii == FAILED_FII )
4862 {
4863 TIFFErrorExt(tif->tif_clientdata, "TIFFFetchNormalTag",
4864 "No definition found for tag %d",
4865 dp->tdir_tag);
4866 return 0;
4867 }
4868 fip=tif->tif_fields[fii];
4869 assert(fip != NULL); /* should not happen */
4870 assert(fip->set_field_type!=TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with this in specialized code */
4871 assert(fip->set_field_type!=TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only the case for pseudo-tags */
4872 err=TIFFReadDirEntryErrOk;
4873 switch (fip->set_field_type)
4874 {
4875 case TIFF_SETGET_UNDEFINED:
4876 break;
4877 case TIFF_SETGET_ASCII:
4878 {
4879 uint8* data;
4880 assert(fip->field_passcount==0);
4881 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4882 if (err==TIFFReadDirEntryErrOk)
4883 {
4884 uint8* ma;
4885 uint32 mb;
4886 int n;
4887 ma=data;
4888 mb=0;
4889 while (mb<(uint32)dp->tdir_count)
4890 {
4891 if (*ma==0)
4892 break;
4893 ma++;
4894 mb++;
4895 }
4896 if (mb+1<(uint32)dp->tdir_count)
4897 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" contains null byte in value; value incorrectly truncated during reading due to implementation limitations",fip->field_name);
4898 else if (mb+1>(uint32)dp->tdir_count)
4899 {
4900 uint8* o;
4901 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte",fip->field_name);
4902 if ((uint32)dp->tdir_count+1!=dp->tdir_count+1)
4903 o=NULL;
4904 else
4905 o=_TIFFmalloc((uint32)dp->tdir_count+1);
4906 if (o==NULL)
4907 {
4908 if (data!=NULL)
4909 _TIFFfree(data);
4910 return(0);
4911 }
4912 _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
4913 o[(uint32)dp->tdir_count]=0;
4914 if (data!=0)
4915 _TIFFfree(data);
4916 data=o;
4917 }
4918 n=TIFFSetField(tif,dp->tdir_tag,data);
4919 if (data!=0)
4920 _TIFFfree(data);
4921 if (!n)
4922 return(0);
4923 }
4924 }
4925 break;
4926 case TIFF_SETGET_UINT8:
4927 {
4928 uint8 data=0;
4929 assert(fip->field_readcount==1);
4930 assert(fip->field_passcount==0);
4931 err=TIFFReadDirEntryByte(tif,dp,&data);
4932 if (err==TIFFReadDirEntryErrOk)
4933 {
4934 if (!TIFFSetField(tif,dp->tdir_tag,data))
4935 return(0);
4936 }
4937 }
4938 break;
4939 case TIFF_SETGET_UINT16:
4940 {
4941 uint16 data;
4942 assert(fip->field_readcount==1);
4943 assert(fip->field_passcount==0);
4944 err=TIFFReadDirEntryShort(tif,dp,&data);
4945 if (err==TIFFReadDirEntryErrOk)
4946 {
4947 if (!TIFFSetField(tif,dp->tdir_tag,data))
4948 return(0);
4949 }
4950 }
4951 break;
4952 case TIFF_SETGET_UINT32:
4953 {
4954 uint32 data;
4955 assert(fip->field_readcount==1);
4956 assert(fip->field_passcount==0);
4957 err=TIFFReadDirEntryLong(tif,dp,&data);
4958 if (err==TIFFReadDirEntryErrOk)
4959 {
4960 if (!TIFFSetField(tif,dp->tdir_tag,data))
4961 return(0);
4962 }
4963 }
4964 break;
4965 case TIFF_SETGET_UINT64:
4966 {
4967 uint64 data;
4968 assert(fip->field_readcount==1);
4969 assert(fip->field_passcount==0);
4970 err=TIFFReadDirEntryLong8(tif,dp,&data);
4971 if (err==TIFFReadDirEntryErrOk)
4972 {
4973 if (!TIFFSetField(tif,dp->tdir_tag,data))
4974 return(0);
4975 }
4976 }
4977 break;
4978 case TIFF_SETGET_FLOAT:
4979 {
4980 float data;
4981 assert(fip->field_readcount==1);
4982 assert(fip->field_passcount==0);
4983 err=TIFFReadDirEntryFloat(tif,dp,&data);
4984 if (err==TIFFReadDirEntryErrOk)
4985 {
4986 if (!TIFFSetField(tif,dp->tdir_tag,data))
4987 return(0);
4988 }
4989 }
4990 break;
4991 case TIFF_SETGET_DOUBLE:
4992 {
4993 double data;
4994 assert(fip->field_readcount==1);
4995 assert(fip->field_passcount==0);
4996 err=TIFFReadDirEntryDouble(tif,dp,&data);
4997 if (err==TIFFReadDirEntryErrOk)
4998 {
4999 if (!TIFFSetField(tif,dp->tdir_tag,data))
5000 return(0);
5001 }
5002 }
5003 break;
5004 case TIFF_SETGET_IFD8:
5005 {
5006 uint64 data;
5007 assert(fip->field_readcount==1);
5008 assert(fip->field_passcount==0);
5009 err=TIFFReadDirEntryIfd8(tif,dp,&data);
5010 if (err==TIFFReadDirEntryErrOk)
5011 {
5012 if (!TIFFSetField(tif,dp->tdir_tag,data))
5013 return(0);
5014 }
5015 }
5016 break;
5017 case TIFF_SETGET_UINT16_PAIR:
5018 {
5019 uint16* data;
5020 assert(fip->field_readcount==2);
5021 assert(fip->field_passcount==0);
5022 if (dp->tdir_count!=2) {
5023 TIFFWarningExt(tif->tif_clientdata,module,
5024 "incorrect count for field \"%s\", expected 2, got %d",
5025 fip->field_name,(int)dp->tdir_count);
5026 return(0);
5027 }
5028 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5029 if (err==TIFFReadDirEntryErrOk)
5030 {
5031 int m;
5032 m=TIFFSetField(tif,dp->tdir_tag,data[0],data[1]);
5033 _TIFFfree(data);
5034 if (!m)
5035 return(0);
5036 }
5037 }
5038 break;
5039 case TIFF_SETGET_C0_UINT8:
5040 {
5041 uint8* data;
5042 assert(fip->field_readcount>=1);
5043 assert(fip->field_passcount==0);
5044 if (dp->tdir_count!=(uint64)fip->field_readcount) {
5045 TIFFWarningExt(tif->tif_clientdata,module,
5046 "incorrect count for field \"%s\", expected %d, got %d",
5047 fip->field_name,(int) fip->field_readcount, (int)dp->tdir_count);
5048 return 0;
5049 }
5050 else
5051 {
5052 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5053 if (err==TIFFReadDirEntryErrOk)
5054 {
5055 int m;
5056 m=TIFFSetField(tif,dp->tdir_tag,data);
5057 if (data!=0)
5058 _TIFFfree(data);
5059 if (!m)
5060 return(0);
5061 }
5062 }
5063 }
5064 break;
5065 case TIFF_SETGET_C0_UINT16:
5066 {
5067 uint16* data;
5068 assert(fip->field_readcount>=1);
5069 assert(fip->field_passcount==0);
5070 if (dp->tdir_count!=(uint64)fip->field_readcount)
5071 /* corrupt file */;
5072 else
5073 {
5074 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5075 if (err==TIFFReadDirEntryErrOk)
5076 {
5077 int m;
5078 m=TIFFSetField(tif,dp->tdir_tag,data);
5079 if (data!=0)
5080 _TIFFfree(data);
5081 if (!m)
5082 return(0);
5083 }
5084 }
5085 }
5086 break;
5087 case TIFF_SETGET_C0_UINT32:
5088 {
5089 uint32* data;
5090 assert(fip->field_readcount>=1);
5091 assert(fip->field_passcount==0);
5092 if (dp->tdir_count!=(uint64)fip->field_readcount)
5093 /* corrupt file */;
5094 else
5095 {
5096 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5097 if (err==TIFFReadDirEntryErrOk)
5098 {
5099 int m;
5100 m=TIFFSetField(tif,dp->tdir_tag,data);
5101 if (data!=0)
5102 _TIFFfree(data);
5103 if (!m)
5104 return(0);
5105 }
5106 }
5107 }
5108 break;
5109 case TIFF_SETGET_C0_FLOAT:
5110 {
5111 float* data;
5112 assert(fip->field_readcount>=1);
5113 assert(fip->field_passcount==0);
5114 if (dp->tdir_count!=(uint64)fip->field_readcount)
5115 /* corrupt file */;
5116 else
5117 {
5118 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5119 if (err==TIFFReadDirEntryErrOk)
5120 {
5121 int m;
5122 m=TIFFSetField(tif,dp->tdir_tag,data);
5123 if (data!=0)
5124 _TIFFfree(data);
5125 if (!m)
5126 return(0);
5127 }
5128 }
5129 }
5130 break;
5131 case TIFF_SETGET_C16_ASCII:
5132 {
5133 uint8* data;
5134 assert(fip->field_readcount==TIFF_VARIABLE);
5135 assert(fip->field_passcount==1);
5136 if (dp->tdir_count>0xFFFF)
5137 err=TIFFReadDirEntryErrCount;
5138 else
5139 {
5140 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5141 if (err==TIFFReadDirEntryErrOk)
5142 {
5143 int m;
5144 if( dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' )
5145 {
5146 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name);
5147 data[dp->tdir_count-1] = '\0';
5148 }
5149 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5150 if (data!=0)
5151 _TIFFfree(data);
5152 if (!m)
5153 return(0);
5154 }
5155 }
5156 }
5157 break;
5158 case TIFF_SETGET_C16_UINT8:
5159 {
5160 uint8* data;
5161 assert(fip->field_readcount==TIFF_VARIABLE);
5162 assert(fip->field_passcount==1);
5163 if (dp->tdir_count>0xFFFF)
5164 err=TIFFReadDirEntryErrCount;
5165 else
5166 {
5167 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5168 if (err==TIFFReadDirEntryErrOk)
5169 {
5170 int m;
5171 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5172 if (data!=0)
5173 _TIFFfree(data);
5174 if (!m)
5175 return(0);
5176 }
5177 }
5178 }
5179 break;
5180 case TIFF_SETGET_C16_UINT16:
5181 {
5182 uint16* data;
5183 assert(fip->field_readcount==TIFF_VARIABLE);
5184 assert(fip->field_passcount==1);
5185 if (dp->tdir_count>0xFFFF)
5186 err=TIFFReadDirEntryErrCount;
5187 else
5188 {
5189 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5190 if (err==TIFFReadDirEntryErrOk)
5191 {
5192 int m;
5193 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5194 if (data!=0)
5195 _TIFFfree(data);
5196 if (!m)
5197 return(0);
5198 }
5199 }
5200 }
5201 break;
5202 case TIFF_SETGET_C16_UINT32:
5203 {
5204 uint32* data;
5205 assert(fip->field_readcount==TIFF_VARIABLE);
5206 assert(fip->field_passcount==1);
5207 if (dp->tdir_count>0xFFFF)
5208 err=TIFFReadDirEntryErrCount;
5209 else
5210 {
5211 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5212 if (err==TIFFReadDirEntryErrOk)
5213 {
5214 int m;
5215 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5216 if (data!=0)
5217 _TIFFfree(data);
5218 if (!m)
5219 return(0);
5220 }
5221 }
5222 }
5223 break;
5224 case TIFF_SETGET_C16_UINT64:
5225 {
5226 uint64* data;
5227 assert(fip->field_readcount==TIFF_VARIABLE);
5228 assert(fip->field_passcount==1);
5229 if (dp->tdir_count>0xFFFF)
5230 err=TIFFReadDirEntryErrCount;
5231 else
5232 {
5233 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5234 if (err==TIFFReadDirEntryErrOk)
5235 {
5236 int m;
5237 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5238 if (data!=0)
5239 _TIFFfree(data);
5240 if (!m)
5241 return(0);
5242 }
5243 }
5244 }
5245 break;
5246 case TIFF_SETGET_C16_FLOAT:
5247 {
5248 float* data;
5249 assert(fip->field_readcount==TIFF_VARIABLE);
5250 assert(fip->field_passcount==1);
5251 if (dp->tdir_count>0xFFFF)
5252 err=TIFFReadDirEntryErrCount;
5253 else
5254 {
5255 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5256 if (err==TIFFReadDirEntryErrOk)
5257 {
5258 int m;
5259 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5260 if (data!=0)
5261 _TIFFfree(data);
5262 if (!m)
5263 return(0);
5264 }
5265 }
5266 }
5267 break;
5268 case TIFF_SETGET_C16_DOUBLE:
5269 {
5270 double* data;
5271 assert(fip->field_readcount==TIFF_VARIABLE);
5272 assert(fip->field_passcount==1);
5273 if (dp->tdir_count>0xFFFF)
5274 err=TIFFReadDirEntryErrCount;
5275 else
5276 {
5277 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5278 if (err==TIFFReadDirEntryErrOk)
5279 {
5280 int m;
5281 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5282 if (data!=0)
5283 _TIFFfree(data);
5284 if (!m)
5285 return(0);
5286 }
5287 }
5288 }
5289 break;
5290 case TIFF_SETGET_C16_IFD8:
5291 {
5292 uint64* data;
5293 assert(fip->field_readcount==TIFF_VARIABLE);
5294 assert(fip->field_passcount==1);
5295 if (dp->tdir_count>0xFFFF)
5296 err=TIFFReadDirEntryErrCount;
5297 else
5298 {
5299 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5300 if (err==TIFFReadDirEntryErrOk)
5301 {
5302 int m;
5303 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5304 if (data!=0)
5305 _TIFFfree(data);
5306 if (!m)
5307 return(0);
5308 }
5309 }
5310 }
5311 break;
5312 case TIFF_SETGET_C32_ASCII:
5313 {
5314 uint8* data;
5315 assert(fip->field_readcount==TIFF_VARIABLE2);
5316 assert(fip->field_passcount==1);
5317 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5318 if (err==TIFFReadDirEntryErrOk)
5319 {
5320 int m;
5321 if( dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' )
5322 {
5323 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name);
5324 data[dp->tdir_count-1] = '\0';
5325 }
5326 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5327 if (data!=0)
5328 _TIFFfree(data);
5329 if (!m)
5330 return(0);
5331 }
5332 }
5333 break;
5334 case TIFF_SETGET_C32_UINT8:
5335 {
5336 uint8* data;
5337 assert(fip->field_readcount==TIFF_VARIABLE2);
5338 assert(fip->field_passcount==1);
5339 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5340 if (err==TIFFReadDirEntryErrOk)
5341 {
5342 int m;
5343 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5344 if (data!=0)
5345 _TIFFfree(data);
5346 if (!m)
5347 return(0);
5348 }
5349 }
5350 break;
5351 case TIFF_SETGET_C32_SINT8:
5352 {
5353 int8* data = NULL;
5354 assert(fip->field_readcount==TIFF_VARIABLE2);
5355 assert(fip->field_passcount==1);
5356 err=TIFFReadDirEntrySbyteArray(tif,dp,&data);
5357 if (err==TIFFReadDirEntryErrOk)
5358 {
5359 int m;
5360 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5361 if (data!=0)
5362 _TIFFfree(data);
5363 if (!m)
5364 return(0);
5365 }
5366 }
5367 break;
5368 case TIFF_SETGET_C32_UINT16:
5369 {
5370 uint16* data;
5371 assert(fip->field_readcount==TIFF_VARIABLE2);
5372 assert(fip->field_passcount==1);
5373 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5374 if (err==TIFFReadDirEntryErrOk)
5375 {
5376 int m;
5377 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5378 if (data!=0)
5379 _TIFFfree(data);
5380 if (!m)
5381 return(0);
5382 }
5383 }
5384 break;
5385 case TIFF_SETGET_C32_SINT16:
5386 {
5387 int16* data = NULL;
5388 assert(fip->field_readcount==TIFF_VARIABLE2);
5389 assert(fip->field_passcount==1);
5390 err=TIFFReadDirEntrySshortArray(tif,dp,&data);
5391 if (err==TIFFReadDirEntryErrOk)
5392 {
5393 int m;
5394 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5395 if (data!=0)
5396 _TIFFfree(data);
5397 if (!m)
5398 return(0);
5399 }
5400 }
5401 break;
5402 case TIFF_SETGET_C32_UINT32:
5403 {
5404 uint32* data;
5405 assert(fip->field_readcount==TIFF_VARIABLE2);
5406 assert(fip->field_passcount==1);
5407 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5408 if (err==TIFFReadDirEntryErrOk)
5409 {
5410 int m;
5411 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5412 if (data!=0)
5413 _TIFFfree(data);
5414 if (!m)
5415 return(0);
5416 }
5417 }
5418 break;
5419 case TIFF_SETGET_C32_SINT32:
5420 {
5421 int32* data = NULL;
5422 assert(fip->field_readcount==TIFF_VARIABLE2);
5423 assert(fip->field_passcount==1);
5424 err=TIFFReadDirEntrySlongArray(tif,dp,&data);
5425 if (err==TIFFReadDirEntryErrOk)
5426 {
5427 int m;
5428 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5429 if (data!=0)
5430 _TIFFfree(data);
5431 if (!m)
5432 return(0);
5433 }
5434 }
5435 break;
5436 case TIFF_SETGET_C32_UINT64:
5437 {
5438 uint64* data;
5439 assert(fip->field_readcount==TIFF_VARIABLE2);
5440 assert(fip->field_passcount==1);
5441 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5442 if (err==TIFFReadDirEntryErrOk)
5443 {
5444 int m;
5445 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5446 if (data!=0)
5447 _TIFFfree(data);
5448 if (!m)
5449 return(0);
5450 }
5451 }
5452 break;
5453 case TIFF_SETGET_C32_SINT64:
5454 {
5455 int64* data = NULL;
5456 assert(fip->field_readcount==TIFF_VARIABLE2);
5457 assert(fip->field_passcount==1);
5458 err=TIFFReadDirEntrySlong8Array(tif,dp,&data);
5459 if (err==TIFFReadDirEntryErrOk)
5460 {
5461 int m;
5462 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5463 if (data!=0)
5464 _TIFFfree(data);
5465 if (!m)
5466 return(0);
5467 }
5468 }
5469 break;
5470 case TIFF_SETGET_C32_FLOAT:
5471 {
5472 float* data;
5473 assert(fip->field_readcount==TIFF_VARIABLE2);
5474 assert(fip->field_passcount==1);
5475 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5476 if (err==TIFFReadDirEntryErrOk)
5477 {
5478 int m;
5479 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5480 if (data!=0)
5481 _TIFFfree(data);
5482 if (!m)
5483 return(0);
5484 }
5485 }
5486 break;
5487 case TIFF_SETGET_C32_DOUBLE:
5488 {
5489 double* data;
5490 assert(fip->field_readcount==TIFF_VARIABLE2);
5491 assert(fip->field_passcount==1);
5492 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5493 if (err==TIFFReadDirEntryErrOk)
5494 {
5495 int m;
5496 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5497 if (data!=0)
5498 _TIFFfree(data);
5499 if (!m)
5500 return(0);
5501 }
5502 }
5503 break;
5504 case TIFF_SETGET_C32_IFD8:
5505 {
5506 uint64* data;
5507 assert(fip->field_readcount==TIFF_VARIABLE2);
5508 assert(fip->field_passcount==1);
5509 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5510 if (err==TIFFReadDirEntryErrOk)
5511 {
5512 int m;
5513 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5514 if (data!=0)
5515 _TIFFfree(data);
5516 if (!m)
5517 return(0);
5518 }
5519 }
5520 break;
5521 default:
5522 assert(0); /* we should never get here */
5523 break;
5524 }
5525 if (err!=TIFFReadDirEntryErrOk)
5526 {
5527 TIFFReadDirEntryOutputErr(tif,err,module,fip->field_name,recover);
5528 return(0);
5529 }
5530 return(1);
5531 }
5532
5533 /*
5534 * Fetch a set of offsets or lengths.
5535 * While this routine says "strips", in fact it's also used for tiles.
5536 */
5537 static int
TIFFFetchStripThing(TIFF * tif,TIFFDirEntry * dir,uint32 nstrips,uint64 ** lpp)5538 TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
5539 {
5540 static const char module[] = "TIFFFetchStripThing";
5541 enum TIFFReadDirEntryErr err;
5542 uint64* data;
5543 err=TIFFReadDirEntryLong8ArrayWithLimit(tif,dir,&data,nstrips);
5544 if (err!=TIFFReadDirEntryErrOk)
5545 {
5546 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5547 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
5548 return(0);
5549 }
5550 if (dir->tdir_count<(uint64)nstrips)
5551 {
5552 uint64* resizeddata;
5553 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5554 const char* pszMax = getenv("LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT");
5555 uint32 max_nstrips = 1000000;
5556 if( pszMax )
5557 max_nstrips = (uint32) atoi(pszMax);
5558 TIFFReadDirEntryOutputErr(tif,TIFFReadDirEntryErrCount,
5559 module,
5560 fip ? fip->field_name : "unknown tagname",
5561 ( nstrips <= max_nstrips ) );
5562
5563 if( nstrips > max_nstrips )
5564 {
5565 _TIFFfree(data);
5566 return(0);
5567 }
5568
5569 resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array");
5570 if (resizeddata==0) {
5571 _TIFFfree(data);
5572 return(0);
5573 }
5574 _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
5575 _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
5576 _TIFFfree(data);
5577 data=resizeddata;
5578 }
5579 *lpp=data;
5580 return(1);
5581 }
5582
5583 /*
5584 * Fetch and set the SubjectDistance EXIF tag.
5585 */
5586 static int
TIFFFetchSubjectDistance(TIFF * tif,TIFFDirEntry * dir)5587 TIFFFetchSubjectDistance(TIFF* tif, TIFFDirEntry* dir)
5588 {
5589 static const char module[] = "TIFFFetchSubjectDistance";
5590 enum TIFFReadDirEntryErr err;
5591 UInt64Aligned_t m;
5592 m.l=0;
5593 assert(sizeof(double)==8);
5594 assert(sizeof(uint64)==8);
5595 assert(sizeof(uint32)==4);
5596 if (dir->tdir_count!=1)
5597 err=TIFFReadDirEntryErrCount;
5598 else if (dir->tdir_type!=TIFF_RATIONAL)
5599 err=TIFFReadDirEntryErrType;
5600 else
5601 {
5602 if (!(tif->tif_flags&TIFF_BIGTIFF))
5603 {
5604 uint32 offset;
5605 offset=*(uint32*)(&dir->tdir_offset);
5606 if (tif->tif_flags&TIFF_SWAB)
5607 TIFFSwabLong(&offset);
5608 err=TIFFReadDirEntryData(tif,offset,8,m.i);
5609 }
5610 else
5611 {
5612 m.l=dir->tdir_offset.toff_long8;
5613 err=TIFFReadDirEntryErrOk;
5614 }
5615 }
5616 if (err==TIFFReadDirEntryErrOk)
5617 {
5618 double n;
5619 if (tif->tif_flags&TIFF_SWAB)
5620 TIFFSwabArrayOfLong(m.i,2);
5621 if (m.i[0]==0)
5622 n=0.0;
5623 else if (m.i[0]==0xFFFFFFFF)
5624 /*
5625 * XXX: Numerator 0xFFFFFFFF means that we have infinite
5626 * distance. Indicate that with a negative floating point
5627 * SubjectDistance value.
5628 */
5629 n=-1.0;
5630 else
5631 n=(double)m.i[0]/(double)m.i[1];
5632 return(TIFFSetField(tif,dir->tdir_tag,n));
5633 }
5634 else
5635 {
5636 TIFFReadDirEntryOutputErr(tif,err,module,"SubjectDistance",TRUE);
5637 return(0);
5638 }
5639 }
5640
5641 /*
5642 * Replace a single strip (tile) of uncompressed data by multiple strips
5643 * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for
5644 * dealing with large images or for dealing with machines with a limited
5645 * amount memory.
5646 */
5647 static void
ChopUpSingleUncompressedStrip(TIFF * tif)5648 ChopUpSingleUncompressedStrip(TIFF* tif)
5649 {
5650 register TIFFDirectory *td = &tif->tif_dir;
5651 uint64 bytecount;
5652 uint64 offset;
5653 uint32 rowblock;
5654 uint64 rowblockbytes;
5655 uint64 stripbytes;
5656 uint32 strip;
5657 uint32 nstrips;
5658 uint32 rowsperstrip;
5659 uint64* newcounts;
5660 uint64* newoffsets;
5661
5662 bytecount = td->td_stripbytecount[0];
5663 /* On a newly created file, just re-opened to be filled, we */
5664 /* don't want strip chop to trigger as it is going to cause issues */
5665 /* later ( StripOffsets and StripByteCounts improperly filled) . */
5666 if( bytecount == 0 && tif->tif_mode != O_RDONLY )
5667 return;
5668 offset = td->td_stripoffset[0];
5669 assert(td->td_planarconfig == PLANARCONFIG_CONTIG);
5670 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&&
5671 (!isUpSampled(tif)))
5672 rowblock = td->td_ycbcrsubsampling[1];
5673 else
5674 rowblock = 1;
5675 rowblockbytes = TIFFVTileSize64(tif, rowblock);
5676 /*
5677 * Make the rows hold at least one scanline, but fill specified amount
5678 * of data if possible.
5679 */
5680 if (rowblockbytes > STRIP_SIZE_DEFAULT) {
5681 stripbytes = rowblockbytes;
5682 rowsperstrip = rowblock;
5683 } else if (rowblockbytes > 0 ) {
5684 uint32 rowblocksperstrip;
5685 rowblocksperstrip = (uint32) (STRIP_SIZE_DEFAULT / rowblockbytes);
5686 rowsperstrip = rowblocksperstrip * rowblock;
5687 stripbytes = rowblocksperstrip * rowblockbytes;
5688 }
5689 else
5690 return;
5691
5692 /*
5693 * never increase the number of rows per strip
5694 */
5695 if (rowsperstrip >= td->td_rowsperstrip)
5696 return;
5697 nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
5698 if( nstrips == 0 )
5699 return;
5700
5701 newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
5702 "for chopped \"StripByteCounts\" array");
5703 newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
5704 "for chopped \"StripOffsets\" array");
5705 if (newcounts == NULL || newoffsets == NULL) {
5706 /*
5707 * Unable to allocate new strip information, give up and use
5708 * the original one strip information.
5709 */
5710 if (newcounts != NULL)
5711 _TIFFfree(newcounts);
5712 if (newoffsets != NULL)
5713 _TIFFfree(newoffsets);
5714 return;
5715 }
5716 /*
5717 * Fill the strip information arrays with new bytecounts and offsets
5718 * that reflect the broken-up format.
5719 */
5720 for (strip = 0; strip < nstrips; strip++) {
5721 if (stripbytes > bytecount)
5722 stripbytes = bytecount;
5723 newcounts[strip] = stripbytes;
5724 newoffsets[strip] = stripbytes ? offset : 0;
5725 offset += stripbytes;
5726 bytecount -= stripbytes;
5727 }
5728 /*
5729 * Replace old single strip info with multi-strip info.
5730 */
5731 td->td_stripsperimage = td->td_nstrips = nstrips;
5732 TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
5733
5734 _TIFFfree(td->td_stripbytecount);
5735 _TIFFfree(td->td_stripoffset);
5736 td->td_stripbytecount = newcounts;
5737 td->td_stripoffset = newoffsets;
5738 td->td_stripbytecountsorted = 1;
5739 }
5740
_TIFFFillStriles(TIFF * tif)5741 int _TIFFFillStriles( TIFF *tif )
5742 {
5743 return _TIFFFillStrilesInternal( tif, 1 );
5744 }
5745
_TIFFFillStrilesInternal(TIFF * tif,int loadStripByteCount)5746 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount )
5747 {
5748 #if defined(DEFER_STRILE_LOAD)
5749 register TIFFDirectory *td = &tif->tif_dir;
5750 int return_value = 1;
5751
5752 if( td->td_stripoffset != NULL )
5753 return 1;
5754
5755 if( td->td_stripoffset_entry.tdir_count == 0 )
5756 return 0;
5757
5758 if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry),
5759 td->td_nstrips,&td->td_stripoffset))
5760 {
5761 return_value = 0;
5762 }
5763
5764 if (loadStripByteCount &&
5765 !TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry),
5766 td->td_nstrips,&td->td_stripbytecount))
5767 {
5768 return_value = 0;
5769 }
5770
5771 _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry));
5772 _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry));
5773
5774 if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) {
5775 uint32 strip;
5776
5777 tif->tif_dir.td_stripbytecountsorted = 1;
5778 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
5779 if (tif->tif_dir.td_stripoffset[strip - 1] >
5780 tif->tif_dir.td_stripoffset[strip]) {
5781 tif->tif_dir.td_stripbytecountsorted = 0;
5782 break;
5783 }
5784 }
5785 }
5786
5787 return return_value;
5788 #else /* !defined(DEFER_STRILE_LOAD) */
5789 (void) tif;
5790 (void) loadStripByteCount;
5791 return 1;
5792 #endif
5793 }
5794
5795
5796 /* vim: set ts=8 sts=8 sw=8 noet: */
5797 /*
5798 * Local Variables:
5799 * mode: c
5800 * c-basic-offset: 8
5801 * fill-column: 78
5802 * End:
5803 */
5804