1 /* $Id: tif_dirread.c,v 1.178 2012-08-19 16:56:34 bfriesen Exp $ */
2
3 /*
4 * Copyright (c) 1988-1997 Sam Leffler
5 * Copyright (c) 1991-1997 Silicon Graphics, Inc.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software and
8 * its documentation for any purpose is hereby granted without fee, provided
9 * that (i) the above copyright notices and this permission notice appear in
10 * all copies of the software and related documentation, and (ii) the names of
11 * Sam Leffler and Silicon Graphics may not be used in any advertising or
12 * publicity relating to the software without the specific, prior written
13 * permission of Sam Leffler and Silicon Graphics.
14 *
15 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
17 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
18 *
19 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
20 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
21 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
22 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
23 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
24 * OF THIS SOFTWARE.
25 */
26
27 /*
28 * TIFF Library.
29 *
30 * Directory Read Support Routines.
31 */
32
33 /* Suggested pending improvements:
34 * - add a field 'ignore' to the TIFFDirEntry structure, to flag status,
35 * eliminating current use of the IGNORE value, and therefore eliminating
36 * current irrational behaviour on tags with tag id code 0
37 * - add a field 'field_info' to the TIFFDirEntry structure, and set that with
38 * the pointer to the appropriate TIFFField structure early on in
39 * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup.
40 */
41
42 #include "tiffiop.h"
43
44 #define IGNORE 0 /* tag placeholder used below */
45 #define FAILED_FII ((uint32) -1)
46
47 #ifdef HAVE_IEEEFP
48 # define TIFFCvtIEEEFloatToNative(tif, n, fp)
49 # define TIFFCvtIEEEDoubleToNative(tif, n, dp)
50 #else
51 extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32, float*);
52 extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32, double*);
53 #endif
54
55 enum TIFFReadDirEntryErr {
56 TIFFReadDirEntryErrOk = 0,
57 TIFFReadDirEntryErrCount = 1,
58 TIFFReadDirEntryErrType = 2,
59 TIFFReadDirEntryErrIo = 3,
60 TIFFReadDirEntryErrRange = 4,
61 TIFFReadDirEntryErrPsdif = 5,
62 TIFFReadDirEntryErrSizesan = 6,
63 TIFFReadDirEntryErrAlloc = 7,
64 };
65
66 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
67 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
68 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
69 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
70 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
71 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
72 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
73
74 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value);
75 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value);
76 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value);
77 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value);
78 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value);
79 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value);
80 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value);
81 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
82 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value);
83 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value);
84 static enum TIFFReadDirEntryErr TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value);
85 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
86
87 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
88 #if 0
89 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
90 #endif
91
92 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
93 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value);
94 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
95 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value);
96 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
97 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value);
98 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
99 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value);
100 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value);
101 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value);
102 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
103 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
104
105 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value);
106 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value);
107 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value);
108 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value);
109 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value);
110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value);
111 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value);
112
113 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value);
114 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value);
115 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value);
116 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value);
117 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value);
118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value);
119 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value);
120
121 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value);
122 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value);
123 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value);
124 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value);
125 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value);
126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value);
127
128 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value);
129 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value);
130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value);
131 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value);
132 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value);
133
134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value);
135 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value);
136 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value);
137 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongLong8(uint64 value);
138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong8(int64 value);
139
140 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong(uint32 value);
141 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong8(uint64 value);
142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongSlong8(int64 value);
143
144 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value);
145 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sshort(int16 value);
146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong(int32 value);
147 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong8(int64 value);
148
149 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value);
150
151 static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest);
152 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover);
153
154 static void TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
155 static TIFFDirEntry* TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid);
156 static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii);
157
158 static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
159 static void MissingRequired(TIFF*, const char*);
160 static int TIFFCheckDirOffset(TIFF* tif, uint64 diroff);
161 static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32);
162 static uint16 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, uint64* nextdiroff);
163 static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover);
164 static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp);
165 static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
166 static void ChopUpSingleUncompressedStrip(TIFF*);
167 static uint64 TIFFReadUInt64(const uint8 *value);
168
169 typedef union _UInt64Aligned_t
170 {
171 double d;
172 uint64 l;
173 uint32 i[2];
174 uint16 s[4];
175 uint8 c[8];
176 } UInt64Aligned_t;
177
178 /*
179 Unaligned safe copy of a uint64 value from an octet array.
180 */
TIFFReadUInt64(const uint8 * value)181 static uint64 TIFFReadUInt64(const uint8 *value)
182 {
183 UInt64Aligned_t result;
184
185 result.c[0]=value[0];
186 result.c[1]=value[1];
187 result.c[2]=value[2];
188 result.c[3]=value[3];
189 result.c[4]=value[4];
190 result.c[5]=value[5];
191 result.c[6]=value[6];
192 result.c[7]=value[7];
193
194 return result.l;
195 }
196
TIFFReadDirEntryByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)197 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
198 {
199 enum TIFFReadDirEntryErr err;
200 if (direntry->tdir_count!=1)
201 return(TIFFReadDirEntryErrCount);
202 switch (direntry->tdir_type)
203 {
204 case TIFF_BYTE:
205 TIFFReadDirEntryCheckedByte(tif,direntry,value);
206 return(TIFFReadDirEntryErrOk);
207 case TIFF_SBYTE:
208 {
209 int8 m;
210 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
211 err=TIFFReadDirEntryCheckRangeByteSbyte(m);
212 if (err!=TIFFReadDirEntryErrOk)
213 return(err);
214 *value=(uint8)m;
215 return(TIFFReadDirEntryErrOk);
216 }
217 case TIFF_SHORT:
218 {
219 uint16 m;
220 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
221 err=TIFFReadDirEntryCheckRangeByteShort(m);
222 if (err!=TIFFReadDirEntryErrOk)
223 return(err);
224 *value=(uint8)m;
225 return(TIFFReadDirEntryErrOk);
226 }
227 case TIFF_SSHORT:
228 {
229 int16 m;
230 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
231 err=TIFFReadDirEntryCheckRangeByteSshort(m);
232 if (err!=TIFFReadDirEntryErrOk)
233 return(err);
234 *value=(uint8)m;
235 return(TIFFReadDirEntryErrOk);
236 }
237 case TIFF_LONG:
238 {
239 uint32 m;
240 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
241 err=TIFFReadDirEntryCheckRangeByteLong(m);
242 if (err!=TIFFReadDirEntryErrOk)
243 return(err);
244 *value=(uint8)m;
245 return(TIFFReadDirEntryErrOk);
246 }
247 case TIFF_SLONG:
248 {
249 int32 m;
250 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
251 err=TIFFReadDirEntryCheckRangeByteSlong(m);
252 if (err!=TIFFReadDirEntryErrOk)
253 return(err);
254 *value=(uint8)m;
255 return(TIFFReadDirEntryErrOk);
256 }
257 case TIFF_LONG8:
258 {
259 uint64 m;
260 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
261 if (err!=TIFFReadDirEntryErrOk)
262 return(err);
263 err=TIFFReadDirEntryCheckRangeByteLong8(m);
264 if (err!=TIFFReadDirEntryErrOk)
265 return(err);
266 *value=(uint8)m;
267 return(TIFFReadDirEntryErrOk);
268 }
269 case TIFF_SLONG8:
270 {
271 int64 m;
272 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
273 if (err!=TIFFReadDirEntryErrOk)
274 return(err);
275 err=TIFFReadDirEntryCheckRangeByteSlong8(m);
276 if (err!=TIFFReadDirEntryErrOk)
277 return(err);
278 *value=(uint8)m;
279 return(TIFFReadDirEntryErrOk);
280 }
281 default:
282 return(TIFFReadDirEntryErrType);
283 }
284 }
285
TIFFReadDirEntryShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)286 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
287 {
288 enum TIFFReadDirEntryErr err;
289 if (direntry->tdir_count!=1)
290 return(TIFFReadDirEntryErrCount);
291 switch (direntry->tdir_type)
292 {
293 case TIFF_BYTE:
294 {
295 uint8 m;
296 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
297 *value=(uint16)m;
298 return(TIFFReadDirEntryErrOk);
299 }
300 case TIFF_SBYTE:
301 {
302 int8 m;
303 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
304 err=TIFFReadDirEntryCheckRangeShortSbyte(m);
305 if (err!=TIFFReadDirEntryErrOk)
306 return(err);
307 *value=(uint16)m;
308 return(TIFFReadDirEntryErrOk);
309 }
310 case TIFF_SHORT:
311 TIFFReadDirEntryCheckedShort(tif,direntry,value);
312 return(TIFFReadDirEntryErrOk);
313 case TIFF_SSHORT:
314 {
315 int16 m;
316 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
317 err=TIFFReadDirEntryCheckRangeShortSshort(m);
318 if (err!=TIFFReadDirEntryErrOk)
319 return(err);
320 *value=(uint16)m;
321 return(TIFFReadDirEntryErrOk);
322 }
323 case TIFF_LONG:
324 {
325 uint32 m;
326 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
327 err=TIFFReadDirEntryCheckRangeShortLong(m);
328 if (err!=TIFFReadDirEntryErrOk)
329 return(err);
330 *value=(uint16)m;
331 return(TIFFReadDirEntryErrOk);
332 }
333 case TIFF_SLONG:
334 {
335 int32 m;
336 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
337 err=TIFFReadDirEntryCheckRangeShortSlong(m);
338 if (err!=TIFFReadDirEntryErrOk)
339 return(err);
340 *value=(uint16)m;
341 return(TIFFReadDirEntryErrOk);
342 }
343 case TIFF_LONG8:
344 {
345 uint64 m;
346 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
347 if (err!=TIFFReadDirEntryErrOk)
348 return(err);
349 err=TIFFReadDirEntryCheckRangeShortLong8(m);
350 if (err!=TIFFReadDirEntryErrOk)
351 return(err);
352 *value=(uint16)m;
353 return(TIFFReadDirEntryErrOk);
354 }
355 case TIFF_SLONG8:
356 {
357 int64 m;
358 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
359 if (err!=TIFFReadDirEntryErrOk)
360 return(err);
361 err=TIFFReadDirEntryCheckRangeShortSlong8(m);
362 if (err!=TIFFReadDirEntryErrOk)
363 return(err);
364 *value=(uint16)m;
365 return(TIFFReadDirEntryErrOk);
366 }
367 default:
368 return(TIFFReadDirEntryErrType);
369 }
370 }
371
TIFFReadDirEntryLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)372 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
373 {
374 enum TIFFReadDirEntryErr err;
375 if (direntry->tdir_count!=1)
376 return(TIFFReadDirEntryErrCount);
377 switch (direntry->tdir_type)
378 {
379 case TIFF_BYTE:
380 {
381 uint8 m;
382 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
383 *value=(uint32)m;
384 return(TIFFReadDirEntryErrOk);
385 }
386 case TIFF_SBYTE:
387 {
388 int8 m;
389 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
390 err=TIFFReadDirEntryCheckRangeLongSbyte(m);
391 if (err!=TIFFReadDirEntryErrOk)
392 return(err);
393 *value=(uint32)m;
394 return(TIFFReadDirEntryErrOk);
395 }
396 case TIFF_SHORT:
397 {
398 uint16 m;
399 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
400 *value=(uint32)m;
401 return(TIFFReadDirEntryErrOk);
402 }
403 case TIFF_SSHORT:
404 {
405 int16 m;
406 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
407 err=TIFFReadDirEntryCheckRangeLongSshort(m);
408 if (err!=TIFFReadDirEntryErrOk)
409 return(err);
410 *value=(uint32)m;
411 return(TIFFReadDirEntryErrOk);
412 }
413 case TIFF_LONG:
414 TIFFReadDirEntryCheckedLong(tif,direntry,value);
415 return(TIFFReadDirEntryErrOk);
416 case TIFF_SLONG:
417 {
418 int32 m;
419 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
420 err=TIFFReadDirEntryCheckRangeLongSlong(m);
421 if (err!=TIFFReadDirEntryErrOk)
422 return(err);
423 *value=(uint32)m;
424 return(TIFFReadDirEntryErrOk);
425 }
426 case TIFF_LONG8:
427 {
428 uint64 m;
429 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
430 if (err!=TIFFReadDirEntryErrOk)
431 return(err);
432 err=TIFFReadDirEntryCheckRangeLongLong8(m);
433 if (err!=TIFFReadDirEntryErrOk)
434 return(err);
435 *value=(uint32)m;
436 return(TIFFReadDirEntryErrOk);
437 }
438 case TIFF_SLONG8:
439 {
440 int64 m;
441 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
442 if (err!=TIFFReadDirEntryErrOk)
443 return(err);
444 err=TIFFReadDirEntryCheckRangeLongSlong8(m);
445 if (err!=TIFFReadDirEntryErrOk)
446 return(err);
447 *value=(uint32)m;
448 return(TIFFReadDirEntryErrOk);
449 }
450 default:
451 return(TIFFReadDirEntryErrType);
452 }
453 }
454
TIFFReadDirEntryLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)455 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
456 {
457 enum TIFFReadDirEntryErr err;
458 if (direntry->tdir_count!=1)
459 return(TIFFReadDirEntryErrCount);
460 switch (direntry->tdir_type)
461 {
462 case TIFF_BYTE:
463 {
464 uint8 m;
465 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
466 *value=(uint64)m;
467 return(TIFFReadDirEntryErrOk);
468 }
469 case TIFF_SBYTE:
470 {
471 int8 m;
472 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
473 err=TIFFReadDirEntryCheckRangeLong8Sbyte(m);
474 if (err!=TIFFReadDirEntryErrOk)
475 return(err);
476 *value=(uint64)m;
477 return(TIFFReadDirEntryErrOk);
478 }
479 case TIFF_SHORT:
480 {
481 uint16 m;
482 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
483 *value=(uint64)m;
484 return(TIFFReadDirEntryErrOk);
485 }
486 case TIFF_SSHORT:
487 {
488 int16 m;
489 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
490 err=TIFFReadDirEntryCheckRangeLong8Sshort(m);
491 if (err!=TIFFReadDirEntryErrOk)
492 return(err);
493 *value=(uint64)m;
494 return(TIFFReadDirEntryErrOk);
495 }
496 case TIFF_LONG:
497 {
498 uint32 m;
499 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
500 *value=(uint64)m;
501 return(TIFFReadDirEntryErrOk);
502 }
503 case TIFF_SLONG:
504 {
505 int32 m;
506 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
507 err=TIFFReadDirEntryCheckRangeLong8Slong(m);
508 if (err!=TIFFReadDirEntryErrOk)
509 return(err);
510 *value=(uint64)m;
511 return(TIFFReadDirEntryErrOk);
512 }
513 case TIFF_LONG8:
514 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
515 return(err);
516 case TIFF_SLONG8:
517 {
518 int64 m;
519 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
520 if (err!=TIFFReadDirEntryErrOk)
521 return(err);
522 err=TIFFReadDirEntryCheckRangeLong8Slong8(m);
523 if (err!=TIFFReadDirEntryErrOk)
524 return(err);
525 *value=(uint64)m;
526 return(TIFFReadDirEntryErrOk);
527 }
528 default:
529 return(TIFFReadDirEntryErrType);
530 }
531 }
532
TIFFReadDirEntryFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)533 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
534 {
535 enum TIFFReadDirEntryErr err;
536 if (direntry->tdir_count!=1)
537 return(TIFFReadDirEntryErrCount);
538 switch (direntry->tdir_type)
539 {
540 case TIFF_BYTE:
541 {
542 uint8 m;
543 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
544 *value=(float)m;
545 return(TIFFReadDirEntryErrOk);
546 }
547 case TIFF_SBYTE:
548 {
549 int8 m;
550 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
551 *value=(float)m;
552 return(TIFFReadDirEntryErrOk);
553 }
554 case TIFF_SHORT:
555 {
556 uint16 m;
557 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
558 *value=(float)m;
559 return(TIFFReadDirEntryErrOk);
560 }
561 case TIFF_SSHORT:
562 {
563 int16 m;
564 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
565 *value=(float)m;
566 return(TIFFReadDirEntryErrOk);
567 }
568 case TIFF_LONG:
569 {
570 uint32 m;
571 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
572 *value=(float)m;
573 return(TIFFReadDirEntryErrOk);
574 }
575 case TIFF_SLONG:
576 {
577 int32 m;
578 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
579 *value=(float)m;
580 return(TIFFReadDirEntryErrOk);
581 }
582 case TIFF_LONG8:
583 {
584 uint64 m;
585 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
586 if (err!=TIFFReadDirEntryErrOk)
587 return(err);
588 #if defined(__WIN32__) && (_MSC_VER < 1500)
589 /*
590 * XXX: MSVC 6.0 does not support conversion
591 * of 64-bit integers into floating point
592 * values.
593 */
594 *value = _TIFFUInt64ToFloat(m);
595 #else
596 *value=(float)m;
597 #endif
598 return(TIFFReadDirEntryErrOk);
599 }
600 case TIFF_SLONG8:
601 {
602 int64 m;
603 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
604 if (err!=TIFFReadDirEntryErrOk)
605 return(err);
606 *value=(float)m;
607 return(TIFFReadDirEntryErrOk);
608 }
609 case TIFF_RATIONAL:
610 {
611 double m;
612 err=TIFFReadDirEntryCheckedRational(tif,direntry,&m);
613 if (err!=TIFFReadDirEntryErrOk)
614 return(err);
615 *value=(float)m;
616 return(TIFFReadDirEntryErrOk);
617 }
618 case TIFF_SRATIONAL:
619 {
620 double m;
621 err=TIFFReadDirEntryCheckedSrational(tif,direntry,&m);
622 if (err!=TIFFReadDirEntryErrOk)
623 return(err);
624 *value=(float)m;
625 return(TIFFReadDirEntryErrOk);
626 }
627 case TIFF_FLOAT:
628 TIFFReadDirEntryCheckedFloat(tif,direntry,value);
629 return(TIFFReadDirEntryErrOk);
630 case TIFF_DOUBLE:
631 {
632 double m;
633 err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m);
634 if (err!=TIFFReadDirEntryErrOk)
635 return(err);
636 *value=(float)m;
637 return(TIFFReadDirEntryErrOk);
638 }
639 default:
640 return(TIFFReadDirEntryErrType);
641 }
642 }
643
TIFFReadDirEntryDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)644 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
645 {
646 enum TIFFReadDirEntryErr err;
647 if (direntry->tdir_count!=1)
648 return(TIFFReadDirEntryErrCount);
649 switch (direntry->tdir_type)
650 {
651 case TIFF_BYTE:
652 {
653 uint8 m;
654 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
655 *value=(double)m;
656 return(TIFFReadDirEntryErrOk);
657 }
658 case TIFF_SBYTE:
659 {
660 int8 m;
661 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
662 *value=(double)m;
663 return(TIFFReadDirEntryErrOk);
664 }
665 case TIFF_SHORT:
666 {
667 uint16 m;
668 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
669 *value=(double)m;
670 return(TIFFReadDirEntryErrOk);
671 }
672 case TIFF_SSHORT:
673 {
674 int16 m;
675 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
676 *value=(double)m;
677 return(TIFFReadDirEntryErrOk);
678 }
679 case TIFF_LONG:
680 {
681 uint32 m;
682 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
683 *value=(double)m;
684 return(TIFFReadDirEntryErrOk);
685 }
686 case TIFF_SLONG:
687 {
688 int32 m;
689 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
690 *value=(double)m;
691 return(TIFFReadDirEntryErrOk);
692 }
693 case TIFF_LONG8:
694 {
695 uint64 m;
696 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
697 if (err!=TIFFReadDirEntryErrOk)
698 return(err);
699 #if defined(__WIN32__) && (_MSC_VER < 1500)
700 /*
701 * XXX: MSVC 6.0 does not support conversion
702 * of 64-bit integers into floating point
703 * values.
704 */
705 *value = _TIFFUInt64ToDouble(m);
706 #else
707 *value = (double)m;
708 #endif
709 return(TIFFReadDirEntryErrOk);
710 }
711 case TIFF_SLONG8:
712 {
713 int64 m;
714 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
715 if (err!=TIFFReadDirEntryErrOk)
716 return(err);
717 *value=(double)m;
718 return(TIFFReadDirEntryErrOk);
719 }
720 case TIFF_RATIONAL:
721 err=TIFFReadDirEntryCheckedRational(tif,direntry,value);
722 return(err);
723 case TIFF_SRATIONAL:
724 err=TIFFReadDirEntryCheckedSrational(tif,direntry,value);
725 return(err);
726 case TIFF_FLOAT:
727 {
728 float m;
729 TIFFReadDirEntryCheckedFloat(tif,direntry,&m);
730 *value=(double)m;
731 return(TIFFReadDirEntryErrOk);
732 }
733 case TIFF_DOUBLE:
734 err=TIFFReadDirEntryCheckedDouble(tif,direntry,value);
735 return(err);
736 default:
737 return(TIFFReadDirEntryErrType);
738 }
739 }
740
TIFFReadDirEntryIfd8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)741 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
742 {
743 enum TIFFReadDirEntryErr err;
744 if (direntry->tdir_count!=1)
745 return(TIFFReadDirEntryErrCount);
746 switch (direntry->tdir_type)
747 {
748 case TIFF_LONG:
749 case TIFF_IFD:
750 {
751 uint32 m;
752 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
753 *value=(uint64)m;
754 return(TIFFReadDirEntryErrOk);
755 }
756 case TIFF_LONG8:
757 case TIFF_IFD8:
758 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
759 return(err);
760 default:
761 return(TIFFReadDirEntryErrType);
762 }
763 }
764
TIFFReadDirEntryArray(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value)765 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value)
766 {
767 int typesize;
768 uint32 datasize;
769 void* data;
770 typesize=TIFFDataWidth(direntry->tdir_type);
771 if ((direntry->tdir_count==0)||(typesize==0))
772 {
773 *value=0;
774 return(TIFFReadDirEntryErrOk);
775 }
776 (void) desttypesize;
777
778 /*
779 * As a sanity check, make sure we have no more than a 2GB tag array
780 * in either the current data type or the dest data type. This also
781 * avoids problems with overflow of tmsize_t on 32bit systems.
782 */
783 if ((uint64)(2147483647/typesize)<direntry->tdir_count)
784 return(TIFFReadDirEntryErrSizesan);
785 if ((uint64)(2147483647/desttypesize)<direntry->tdir_count)
786 return(TIFFReadDirEntryErrSizesan);
787
788 *count=(uint32)direntry->tdir_count;
789 datasize=(*count)*typesize;
790 assert((tmsize_t)datasize>0);
791 data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
792 if (data==0)
793 return(TIFFReadDirEntryErrAlloc);
794 if (!(tif->tif_flags&TIFF_BIGTIFF))
795 {
796 if (datasize<=4)
797 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
798 else
799 {
800 enum TIFFReadDirEntryErr err;
801 uint32 offset = direntry->tdir_offset.toff_long;
802 if (tif->tif_flags&TIFF_SWAB)
803 TIFFSwabLong(&offset);
804 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
805 if (err!=TIFFReadDirEntryErrOk)
806 {
807 _TIFFfree(data);
808 return(err);
809 }
810 }
811 }
812 else
813 {
814 if (datasize<=8)
815 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
816 else
817 {
818 enum TIFFReadDirEntryErr err;
819 uint64 offset = direntry->tdir_offset.toff_long8;
820 if (tif->tif_flags&TIFF_SWAB)
821 TIFFSwabLong8(&offset);
822 err=TIFFReadDirEntryData(tif,offset,(tmsize_t)datasize,data);
823 if (err!=TIFFReadDirEntryErrOk)
824 {
825 _TIFFfree(data);
826 return(err);
827 }
828 }
829 }
830 *value=data;
831 return(TIFFReadDirEntryErrOk);
832 }
833
TIFFReadDirEntryByteArray(TIFF * tif,TIFFDirEntry * direntry,uint8 ** value)834 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value)
835 {
836 enum TIFFReadDirEntryErr err;
837 uint32 count;
838 void* origdata;
839 uint8* data;
840 switch (direntry->tdir_type)
841 {
842 case TIFF_ASCII:
843 case TIFF_UNDEFINED:
844 case TIFF_BYTE:
845 case TIFF_SBYTE:
846 case TIFF_SHORT:
847 case TIFF_SSHORT:
848 case TIFF_LONG:
849 case TIFF_SLONG:
850 case TIFF_LONG8:
851 case TIFF_SLONG8:
852 break;
853 default:
854 return(TIFFReadDirEntryErrType);
855 }
856 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
857 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
858 {
859 *value=0;
860 return(err);
861 }
862 switch (direntry->tdir_type)
863 {
864 case TIFF_ASCII:
865 case TIFF_UNDEFINED:
866 case TIFF_BYTE:
867 *value=(uint8*)origdata;
868 return(TIFFReadDirEntryErrOk);
869 case TIFF_SBYTE:
870 {
871 int8* m;
872 uint32 n;
873 m=(int8*)origdata;
874 for (n=0; n<count; n++)
875 {
876 err=TIFFReadDirEntryCheckRangeByteSbyte(*m);
877 if (err!=TIFFReadDirEntryErrOk)
878 {
879 _TIFFfree(origdata);
880 return(err);
881 }
882 m++;
883 }
884 *value=(uint8*)origdata;
885 return(TIFFReadDirEntryErrOk);
886 }
887 }
888 data=(uint8*)_TIFFmalloc(count);
889 if (data==0)
890 {
891 _TIFFfree(origdata);
892 return(TIFFReadDirEntryErrAlloc);
893 }
894 switch (direntry->tdir_type)
895 {
896 case TIFF_SHORT:
897 {
898 uint16* ma;
899 uint8* mb;
900 uint32 n;
901 ma=(uint16*)origdata;
902 mb=data;
903 for (n=0; n<count; n++)
904 {
905 if (tif->tif_flags&TIFF_SWAB)
906 TIFFSwabShort(ma);
907 err=TIFFReadDirEntryCheckRangeByteShort(*ma);
908 if (err!=TIFFReadDirEntryErrOk)
909 break;
910 *mb++=(uint8)(*ma++);
911 }
912 }
913 break;
914 case TIFF_SSHORT:
915 {
916 int16* ma;
917 uint8* mb;
918 uint32 n;
919 ma=(int16*)origdata;
920 mb=data;
921 for (n=0; n<count; n++)
922 {
923 if (tif->tif_flags&TIFF_SWAB)
924 TIFFSwabShort((uint16*)ma);
925 err=TIFFReadDirEntryCheckRangeByteSshort(*ma);
926 if (err!=TIFFReadDirEntryErrOk)
927 break;
928 *mb++=(uint8)(*ma++);
929 }
930 }
931 break;
932 case TIFF_LONG:
933 {
934 uint32* ma;
935 uint8* mb;
936 uint32 n;
937 ma=(uint32*)origdata;
938 mb=data;
939 for (n=0; n<count; n++)
940 {
941 if (tif->tif_flags&TIFF_SWAB)
942 TIFFSwabLong(ma);
943 err=TIFFReadDirEntryCheckRangeByteLong(*ma);
944 if (err!=TIFFReadDirEntryErrOk)
945 break;
946 *mb++=(uint8)(*ma++);
947 }
948 }
949 break;
950 case TIFF_SLONG:
951 {
952 int32* ma;
953 uint8* mb;
954 uint32 n;
955 ma=(int32*)origdata;
956 mb=data;
957 for (n=0; n<count; n++)
958 {
959 if (tif->tif_flags&TIFF_SWAB)
960 TIFFSwabLong((uint32*)ma);
961 err=TIFFReadDirEntryCheckRangeByteSlong(*ma);
962 if (err!=TIFFReadDirEntryErrOk)
963 break;
964 *mb++=(uint8)(*ma++);
965 }
966 }
967 break;
968 case TIFF_LONG8:
969 {
970 uint64* ma;
971 uint8* mb;
972 uint32 n;
973 ma=(uint64*)origdata;
974 mb=data;
975 for (n=0; n<count; n++)
976 {
977 if (tif->tif_flags&TIFF_SWAB)
978 TIFFSwabLong8(ma);
979 err=TIFFReadDirEntryCheckRangeByteLong8(*ma);
980 if (err!=TIFFReadDirEntryErrOk)
981 break;
982 *mb++=(uint8)(*ma++);
983 }
984 }
985 break;
986 case TIFF_SLONG8:
987 {
988 int64* ma;
989 uint8* mb;
990 uint32 n;
991 ma=(int64*)origdata;
992 mb=data;
993 for (n=0; n<count; n++)
994 {
995 if (tif->tif_flags&TIFF_SWAB)
996 TIFFSwabLong8((uint64*)ma);
997 err=TIFFReadDirEntryCheckRangeByteSlong8(*ma);
998 if (err!=TIFFReadDirEntryErrOk)
999 break;
1000 *mb++=(uint8)(*ma++);
1001 }
1002 }
1003 break;
1004 }
1005 _TIFFfree(origdata);
1006 if (err!=TIFFReadDirEntryErrOk)
1007 {
1008 _TIFFfree(data);
1009 return(err);
1010 }
1011 *value=data;
1012 return(TIFFReadDirEntryErrOk);
1013 }
1014
TIFFReadDirEntrySbyteArray(TIFF * tif,TIFFDirEntry * direntry,int8 ** value)1015 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value)
1016 {
1017 enum TIFFReadDirEntryErr err;
1018 uint32 count;
1019 void* origdata;
1020 int8* data;
1021 switch (direntry->tdir_type)
1022 {
1023 case TIFF_UNDEFINED:
1024 case TIFF_BYTE:
1025 case TIFF_SBYTE:
1026 case TIFF_SHORT:
1027 case TIFF_SSHORT:
1028 case TIFF_LONG:
1029 case TIFF_SLONG:
1030 case TIFF_LONG8:
1031 case TIFF_SLONG8:
1032 break;
1033 default:
1034 return(TIFFReadDirEntryErrType);
1035 }
1036 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
1037 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1038 {
1039 *value=0;
1040 return(err);
1041 }
1042 switch (direntry->tdir_type)
1043 {
1044 case TIFF_UNDEFINED:
1045 case TIFF_BYTE:
1046 {
1047 uint8* m;
1048 uint32 n;
1049 m=(uint8*)origdata;
1050 for (n=0; n<count; n++)
1051 {
1052 err=TIFFReadDirEntryCheckRangeSbyteByte(*m);
1053 if (err!=TIFFReadDirEntryErrOk)
1054 {
1055 _TIFFfree(origdata);
1056 return(err);
1057 }
1058 m++;
1059 }
1060 *value=(int8*)origdata;
1061 return(TIFFReadDirEntryErrOk);
1062 }
1063 case TIFF_SBYTE:
1064 *value=(int8*)origdata;
1065 return(TIFFReadDirEntryErrOk);
1066 }
1067 data=(int8*)_TIFFmalloc(count);
1068 if (data==0)
1069 {
1070 _TIFFfree(origdata);
1071 return(TIFFReadDirEntryErrAlloc);
1072 }
1073 switch (direntry->tdir_type)
1074 {
1075 case TIFF_SHORT:
1076 {
1077 uint16* ma;
1078 int8* mb;
1079 uint32 n;
1080 ma=(uint16*)origdata;
1081 mb=data;
1082 for (n=0; n<count; n++)
1083 {
1084 if (tif->tif_flags&TIFF_SWAB)
1085 TIFFSwabShort(ma);
1086 err=TIFFReadDirEntryCheckRangeSbyteShort(*ma);
1087 if (err!=TIFFReadDirEntryErrOk)
1088 break;
1089 *mb++=(int8)(*ma++);
1090 }
1091 }
1092 break;
1093 case TIFF_SSHORT:
1094 {
1095 int16* ma;
1096 int8* mb;
1097 uint32 n;
1098 ma=(int16*)origdata;
1099 mb=data;
1100 for (n=0; n<count; n++)
1101 {
1102 if (tif->tif_flags&TIFF_SWAB)
1103 TIFFSwabShort((uint16*)ma);
1104 err=TIFFReadDirEntryCheckRangeSbyteSshort(*ma);
1105 if (err!=TIFFReadDirEntryErrOk)
1106 break;
1107 *mb++=(int8)(*ma++);
1108 }
1109 }
1110 break;
1111 case TIFF_LONG:
1112 {
1113 uint32* ma;
1114 int8* mb;
1115 uint32 n;
1116 ma=(uint32*)origdata;
1117 mb=data;
1118 for (n=0; n<count; n++)
1119 {
1120 if (tif->tif_flags&TIFF_SWAB)
1121 TIFFSwabLong(ma);
1122 err=TIFFReadDirEntryCheckRangeSbyteLong(*ma);
1123 if (err!=TIFFReadDirEntryErrOk)
1124 break;
1125 *mb++=(int8)(*ma++);
1126 }
1127 }
1128 break;
1129 case TIFF_SLONG:
1130 {
1131 int32* ma;
1132 int8* mb;
1133 uint32 n;
1134 ma=(int32*)origdata;
1135 mb=data;
1136 for (n=0; n<count; n++)
1137 {
1138 if (tif->tif_flags&TIFF_SWAB)
1139 TIFFSwabLong((uint32*)ma);
1140 err=TIFFReadDirEntryCheckRangeSbyteSlong(*ma);
1141 if (err!=TIFFReadDirEntryErrOk)
1142 break;
1143 *mb++=(int8)(*ma++);
1144 }
1145 }
1146 break;
1147 case TIFF_LONG8:
1148 {
1149 uint64* ma;
1150 int8* mb;
1151 uint32 n;
1152 ma=(uint64*)origdata;
1153 mb=data;
1154 for (n=0; n<count; n++)
1155 {
1156 if (tif->tif_flags&TIFF_SWAB)
1157 TIFFSwabLong8(ma);
1158 err=TIFFReadDirEntryCheckRangeSbyteLong8(*ma);
1159 if (err!=TIFFReadDirEntryErrOk)
1160 break;
1161 *mb++=(int8)(*ma++);
1162 }
1163 }
1164 break;
1165 case TIFF_SLONG8:
1166 {
1167 int64* ma;
1168 int8* mb;
1169 uint32 n;
1170 ma=(int64*)origdata;
1171 mb=data;
1172 for (n=0; n<count; n++)
1173 {
1174 if (tif->tif_flags&TIFF_SWAB)
1175 TIFFSwabLong8((uint64*)ma);
1176 err=TIFFReadDirEntryCheckRangeSbyteSlong8(*ma);
1177 if (err!=TIFFReadDirEntryErrOk)
1178 break;
1179 *mb++=(int8)(*ma++);
1180 }
1181 }
1182 break;
1183 }
1184 _TIFFfree(origdata);
1185 if (err!=TIFFReadDirEntryErrOk)
1186 {
1187 _TIFFfree(data);
1188 return(err);
1189 }
1190 *value=data;
1191 return(TIFFReadDirEntryErrOk);
1192 }
1193
TIFFReadDirEntryShortArray(TIFF * tif,TIFFDirEntry * direntry,uint16 ** value)1194 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value)
1195 {
1196 enum TIFFReadDirEntryErr err;
1197 uint32 count;
1198 void* origdata;
1199 uint16* data;
1200 switch (direntry->tdir_type)
1201 {
1202 case TIFF_BYTE:
1203 case TIFF_SBYTE:
1204 case TIFF_SHORT:
1205 case TIFF_SSHORT:
1206 case TIFF_LONG:
1207 case TIFF_SLONG:
1208 case TIFF_LONG8:
1209 case TIFF_SLONG8:
1210 break;
1211 default:
1212 return(TIFFReadDirEntryErrType);
1213 }
1214 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1215 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1216 {
1217 *value=0;
1218 return(err);
1219 }
1220 switch (direntry->tdir_type)
1221 {
1222 case TIFF_SHORT:
1223 *value=(uint16*)origdata;
1224 if (tif->tif_flags&TIFF_SWAB)
1225 TIFFSwabArrayOfShort(*value,count);
1226 return(TIFFReadDirEntryErrOk);
1227 case TIFF_SSHORT:
1228 {
1229 int16* m;
1230 uint32 n;
1231 m=(int16*)origdata;
1232 for (n=0; n<count; n++)
1233 {
1234 if (tif->tif_flags&TIFF_SWAB)
1235 TIFFSwabShort((uint16*)m);
1236 err=TIFFReadDirEntryCheckRangeShortSshort(*m);
1237 if (err!=TIFFReadDirEntryErrOk)
1238 {
1239 _TIFFfree(origdata);
1240 return(err);
1241 }
1242 m++;
1243 }
1244 *value=(uint16*)origdata;
1245 return(TIFFReadDirEntryErrOk);
1246 }
1247 }
1248 data=(uint16*)_TIFFmalloc(count*2);
1249 if (data==0)
1250 {
1251 _TIFFfree(origdata);
1252 return(TIFFReadDirEntryErrAlloc);
1253 }
1254 switch (direntry->tdir_type)
1255 {
1256 case TIFF_BYTE:
1257 {
1258 uint8* ma;
1259 uint16* mb;
1260 uint32 n;
1261 ma=(uint8*)origdata;
1262 mb=data;
1263 for (n=0; n<count; n++)
1264 *mb++=(uint16)(*ma++);
1265 }
1266 break;
1267 case TIFF_SBYTE:
1268 {
1269 int8* ma;
1270 uint16* mb;
1271 uint32 n;
1272 ma=(int8*)origdata;
1273 mb=data;
1274 for (n=0; n<count; n++)
1275 {
1276 err=TIFFReadDirEntryCheckRangeShortSbyte(*ma);
1277 if (err!=TIFFReadDirEntryErrOk)
1278 break;
1279 *mb++=(uint16)(*ma++);
1280 }
1281 }
1282 break;
1283 case TIFF_LONG:
1284 {
1285 uint32* ma;
1286 uint16* mb;
1287 uint32 n;
1288 ma=(uint32*)origdata;
1289 mb=data;
1290 for (n=0; n<count; n++)
1291 {
1292 if (tif->tif_flags&TIFF_SWAB)
1293 TIFFSwabLong(ma);
1294 err=TIFFReadDirEntryCheckRangeShortLong(*ma);
1295 if (err!=TIFFReadDirEntryErrOk)
1296 break;
1297 *mb++=(uint16)(*ma++);
1298 }
1299 }
1300 break;
1301 case TIFF_SLONG:
1302 {
1303 int32* ma;
1304 uint16* mb;
1305 uint32 n;
1306 ma=(int32*)origdata;
1307 mb=data;
1308 for (n=0; n<count; n++)
1309 {
1310 if (tif->tif_flags&TIFF_SWAB)
1311 TIFFSwabLong((uint32*)ma);
1312 err=TIFFReadDirEntryCheckRangeShortSlong(*ma);
1313 if (err!=TIFFReadDirEntryErrOk)
1314 break;
1315 *mb++=(uint16)(*ma++);
1316 }
1317 }
1318 break;
1319 case TIFF_LONG8:
1320 {
1321 uint64* ma;
1322 uint16* mb;
1323 uint32 n;
1324 ma=(uint64*)origdata;
1325 mb=data;
1326 for (n=0; n<count; n++)
1327 {
1328 if (tif->tif_flags&TIFF_SWAB)
1329 TIFFSwabLong8(ma);
1330 err=TIFFReadDirEntryCheckRangeShortLong8(*ma);
1331 if (err!=TIFFReadDirEntryErrOk)
1332 break;
1333 *mb++=(uint16)(*ma++);
1334 }
1335 }
1336 break;
1337 case TIFF_SLONG8:
1338 {
1339 int64* ma;
1340 uint16* mb;
1341 uint32 n;
1342 ma=(int64*)origdata;
1343 mb=data;
1344 for (n=0; n<count; n++)
1345 {
1346 if (tif->tif_flags&TIFF_SWAB)
1347 TIFFSwabLong8((uint64*)ma);
1348 err=TIFFReadDirEntryCheckRangeShortSlong8(*ma);
1349 if (err!=TIFFReadDirEntryErrOk)
1350 break;
1351 *mb++=(uint16)(*ma++);
1352 }
1353 }
1354 break;
1355 }
1356 _TIFFfree(origdata);
1357 if (err!=TIFFReadDirEntryErrOk)
1358 {
1359 _TIFFfree(data);
1360 return(err);
1361 }
1362 *value=data;
1363 return(TIFFReadDirEntryErrOk);
1364 }
1365
TIFFReadDirEntrySshortArray(TIFF * tif,TIFFDirEntry * direntry,int16 ** value)1366 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value)
1367 {
1368 enum TIFFReadDirEntryErr err;
1369 uint32 count;
1370 void* origdata;
1371 int16* data;
1372 switch (direntry->tdir_type)
1373 {
1374 case TIFF_BYTE:
1375 case TIFF_SBYTE:
1376 case TIFF_SHORT:
1377 case TIFF_SSHORT:
1378 case TIFF_LONG:
1379 case TIFF_SLONG:
1380 case TIFF_LONG8:
1381 case TIFF_SLONG8:
1382 break;
1383 default:
1384 return(TIFFReadDirEntryErrType);
1385 }
1386 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1387 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1388 {
1389 *value=0;
1390 return(err);
1391 }
1392 switch (direntry->tdir_type)
1393 {
1394 case TIFF_SHORT:
1395 {
1396 uint16* m;
1397 uint32 n;
1398 m=(uint16*)origdata;
1399 for (n=0; n<count; n++)
1400 {
1401 if (tif->tif_flags&TIFF_SWAB)
1402 TIFFSwabShort(m);
1403 err=TIFFReadDirEntryCheckRangeSshortShort(*m);
1404 if (err!=TIFFReadDirEntryErrOk)
1405 {
1406 _TIFFfree(origdata);
1407 return(err);
1408 }
1409 m++;
1410 }
1411 *value=(int16*)origdata;
1412 return(TIFFReadDirEntryErrOk);
1413 }
1414 case TIFF_SSHORT:
1415 *value=(int16*)origdata;
1416 if (tif->tif_flags&TIFF_SWAB)
1417 TIFFSwabArrayOfShort((uint16*)(*value),count);
1418 return(TIFFReadDirEntryErrOk);
1419 }
1420 data=(int16*)_TIFFmalloc(count*2);
1421 if (data==0)
1422 {
1423 _TIFFfree(origdata);
1424 return(TIFFReadDirEntryErrAlloc);
1425 }
1426 switch (direntry->tdir_type)
1427 {
1428 case TIFF_BYTE:
1429 {
1430 uint8* ma;
1431 int16* mb;
1432 uint32 n;
1433 ma=(uint8*)origdata;
1434 mb=data;
1435 for (n=0; n<count; n++)
1436 *mb++=(int16)(*ma++);
1437 }
1438 break;
1439 case TIFF_SBYTE:
1440 {
1441 int8* ma;
1442 int16* mb;
1443 uint32 n;
1444 ma=(int8*)origdata;
1445 mb=data;
1446 for (n=0; n<count; n++)
1447 *mb++=(int16)(*ma++);
1448 }
1449 break;
1450 case TIFF_LONG:
1451 {
1452 uint32* ma;
1453 int16* mb;
1454 uint32 n;
1455 ma=(uint32*)origdata;
1456 mb=data;
1457 for (n=0; n<count; n++)
1458 {
1459 if (tif->tif_flags&TIFF_SWAB)
1460 TIFFSwabLong(ma);
1461 err=TIFFReadDirEntryCheckRangeSshortLong(*ma);
1462 if (err!=TIFFReadDirEntryErrOk)
1463 break;
1464 *mb++=(int16)(*ma++);
1465 }
1466 }
1467 break;
1468 case TIFF_SLONG:
1469 {
1470 int32* ma;
1471 int16* mb;
1472 uint32 n;
1473 ma=(int32*)origdata;
1474 mb=data;
1475 for (n=0; n<count; n++)
1476 {
1477 if (tif->tif_flags&TIFF_SWAB)
1478 TIFFSwabLong((uint32*)ma);
1479 err=TIFFReadDirEntryCheckRangeSshortSlong(*ma);
1480 if (err!=TIFFReadDirEntryErrOk)
1481 break;
1482 *mb++=(int16)(*ma++);
1483 }
1484 }
1485 break;
1486 case TIFF_LONG8:
1487 {
1488 uint64* ma;
1489 int16* mb;
1490 uint32 n;
1491 ma=(uint64*)origdata;
1492 mb=data;
1493 for (n=0; n<count; n++)
1494 {
1495 if (tif->tif_flags&TIFF_SWAB)
1496 TIFFSwabLong8(ma);
1497 err=TIFFReadDirEntryCheckRangeSshortLong8(*ma);
1498 if (err!=TIFFReadDirEntryErrOk)
1499 break;
1500 *mb++=(int16)(*ma++);
1501 }
1502 }
1503 break;
1504 case TIFF_SLONG8:
1505 {
1506 int64* ma;
1507 int16* mb;
1508 uint32 n;
1509 ma=(int64*)origdata;
1510 mb=data;
1511 for (n=0; n<count; n++)
1512 {
1513 if (tif->tif_flags&TIFF_SWAB)
1514 TIFFSwabLong8((uint64*)ma);
1515 err=TIFFReadDirEntryCheckRangeSshortSlong8(*ma);
1516 if (err!=TIFFReadDirEntryErrOk)
1517 break;
1518 *mb++=(int16)(*ma++);
1519 }
1520 }
1521 break;
1522 }
1523 _TIFFfree(origdata);
1524 if (err!=TIFFReadDirEntryErrOk)
1525 {
1526 _TIFFfree(data);
1527 return(err);
1528 }
1529 *value=data;
1530 return(TIFFReadDirEntryErrOk);
1531 }
1532
TIFFReadDirEntryLongArray(TIFF * tif,TIFFDirEntry * direntry,uint32 ** value)1533 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value)
1534 {
1535 enum TIFFReadDirEntryErr err;
1536 uint32 count;
1537 void* origdata;
1538 uint32* data;
1539 switch (direntry->tdir_type)
1540 {
1541 case TIFF_BYTE:
1542 case TIFF_SBYTE:
1543 case TIFF_SHORT:
1544 case TIFF_SSHORT:
1545 case TIFF_LONG:
1546 case TIFF_SLONG:
1547 case TIFF_LONG8:
1548 case TIFF_SLONG8:
1549 break;
1550 default:
1551 return(TIFFReadDirEntryErrType);
1552 }
1553 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1554 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1555 {
1556 *value=0;
1557 return(err);
1558 }
1559 switch (direntry->tdir_type)
1560 {
1561 case TIFF_LONG:
1562 *value=(uint32*)origdata;
1563 if (tif->tif_flags&TIFF_SWAB)
1564 TIFFSwabArrayOfLong(*value,count);
1565 return(TIFFReadDirEntryErrOk);
1566 case TIFF_SLONG:
1567 {
1568 int32* m;
1569 uint32 n;
1570 m=(int32*)origdata;
1571 for (n=0; n<count; n++)
1572 {
1573 if (tif->tif_flags&TIFF_SWAB)
1574 TIFFSwabLong((uint32*)m);
1575 err=TIFFReadDirEntryCheckRangeLongSlong(*m);
1576 if (err!=TIFFReadDirEntryErrOk)
1577 {
1578 _TIFFfree(origdata);
1579 return(err);
1580 }
1581 m++;
1582 }
1583 *value=(uint32*)origdata;
1584 return(TIFFReadDirEntryErrOk);
1585 }
1586 }
1587 data=(uint32*)_TIFFmalloc(count*4);
1588 if (data==0)
1589 {
1590 _TIFFfree(origdata);
1591 return(TIFFReadDirEntryErrAlloc);
1592 }
1593 switch (direntry->tdir_type)
1594 {
1595 case TIFF_BYTE:
1596 {
1597 uint8* ma;
1598 uint32* mb;
1599 uint32 n;
1600 ma=(uint8*)origdata;
1601 mb=data;
1602 for (n=0; n<count; n++)
1603 *mb++=(uint32)(*ma++);
1604 }
1605 break;
1606 case TIFF_SBYTE:
1607 {
1608 int8* ma;
1609 uint32* mb;
1610 uint32 n;
1611 ma=(int8*)origdata;
1612 mb=data;
1613 for (n=0; n<count; n++)
1614 {
1615 err=TIFFReadDirEntryCheckRangeLongSbyte(*ma);
1616 if (err!=TIFFReadDirEntryErrOk)
1617 break;
1618 *mb++=(uint32)(*ma++);
1619 }
1620 }
1621 break;
1622 case TIFF_SHORT:
1623 {
1624 uint16* ma;
1625 uint32* mb;
1626 uint32 n;
1627 ma=(uint16*)origdata;
1628 mb=data;
1629 for (n=0; n<count; n++)
1630 {
1631 if (tif->tif_flags&TIFF_SWAB)
1632 TIFFSwabShort(ma);
1633 *mb++=(uint32)(*ma++);
1634 }
1635 }
1636 break;
1637 case TIFF_SSHORT:
1638 {
1639 int16* ma;
1640 uint32* mb;
1641 uint32 n;
1642 ma=(int16*)origdata;
1643 mb=data;
1644 for (n=0; n<count; n++)
1645 {
1646 if (tif->tif_flags&TIFF_SWAB)
1647 TIFFSwabShort((uint16*)ma);
1648 err=TIFFReadDirEntryCheckRangeLongSshort(*ma);
1649 if (err!=TIFFReadDirEntryErrOk)
1650 break;
1651 *mb++=(uint32)(*ma++);
1652 }
1653 }
1654 break;
1655 case TIFF_LONG8:
1656 {
1657 uint64* ma;
1658 uint32* mb;
1659 uint32 n;
1660 ma=(uint64*)origdata;
1661 mb=data;
1662 for (n=0; n<count; n++)
1663 {
1664 if (tif->tif_flags&TIFF_SWAB)
1665 TIFFSwabLong8(ma);
1666 err=TIFFReadDirEntryCheckRangeLongLong8(*ma);
1667 if (err!=TIFFReadDirEntryErrOk)
1668 break;
1669 *mb++=(uint32)(*ma++);
1670 }
1671 }
1672 break;
1673 case TIFF_SLONG8:
1674 {
1675 int64* ma;
1676 uint32* mb;
1677 uint32 n;
1678 ma=(int64*)origdata;
1679 mb=data;
1680 for (n=0; n<count; n++)
1681 {
1682 if (tif->tif_flags&TIFF_SWAB)
1683 TIFFSwabLong8((uint64*)ma);
1684 err=TIFFReadDirEntryCheckRangeLongSlong8(*ma);
1685 if (err!=TIFFReadDirEntryErrOk)
1686 break;
1687 *mb++=(uint32)(*ma++);
1688 }
1689 }
1690 break;
1691 }
1692 _TIFFfree(origdata);
1693 if (err!=TIFFReadDirEntryErrOk)
1694 {
1695 _TIFFfree(data);
1696 return(err);
1697 }
1698 *value=data;
1699 return(TIFFReadDirEntryErrOk);
1700 }
1701
TIFFReadDirEntrySlongArray(TIFF * tif,TIFFDirEntry * direntry,int32 ** value)1702 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value)
1703 {
1704 enum TIFFReadDirEntryErr err;
1705 uint32 count;
1706 void* origdata;
1707 int32* data;
1708 switch (direntry->tdir_type)
1709 {
1710 case TIFF_BYTE:
1711 case TIFF_SBYTE:
1712 case TIFF_SHORT:
1713 case TIFF_SSHORT:
1714 case TIFF_LONG:
1715 case TIFF_SLONG:
1716 case TIFF_LONG8:
1717 case TIFF_SLONG8:
1718 break;
1719 default:
1720 return(TIFFReadDirEntryErrType);
1721 }
1722 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1723 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1724 {
1725 *value=0;
1726 return(err);
1727 }
1728 switch (direntry->tdir_type)
1729 {
1730 case TIFF_LONG:
1731 {
1732 uint32* m;
1733 uint32 n;
1734 m=(uint32*)origdata;
1735 for (n=0; n<count; n++)
1736 {
1737 if (tif->tif_flags&TIFF_SWAB)
1738 TIFFSwabLong((uint32*)m);
1739 err=TIFFReadDirEntryCheckRangeSlongLong(*m);
1740 if (err!=TIFFReadDirEntryErrOk)
1741 {
1742 _TIFFfree(origdata);
1743 return(err);
1744 }
1745 m++;
1746 }
1747 *value=(int32*)origdata;
1748 return(TIFFReadDirEntryErrOk);
1749 }
1750 case TIFF_SLONG:
1751 *value=(int32*)origdata;
1752 if (tif->tif_flags&TIFF_SWAB)
1753 TIFFSwabArrayOfLong((uint32*)(*value),count);
1754 return(TIFFReadDirEntryErrOk);
1755 }
1756 data=(int32*)_TIFFmalloc(count*4);
1757 if (data==0)
1758 {
1759 _TIFFfree(origdata);
1760 return(TIFFReadDirEntryErrAlloc);
1761 }
1762 switch (direntry->tdir_type)
1763 {
1764 case TIFF_BYTE:
1765 {
1766 uint8* ma;
1767 int32* mb;
1768 uint32 n;
1769 ma=(uint8*)origdata;
1770 mb=data;
1771 for (n=0; n<count; n++)
1772 *mb++=(int32)(*ma++);
1773 }
1774 break;
1775 case TIFF_SBYTE:
1776 {
1777 int8* ma;
1778 int32* mb;
1779 uint32 n;
1780 ma=(int8*)origdata;
1781 mb=data;
1782 for (n=0; n<count; n++)
1783 *mb++=(int32)(*ma++);
1784 }
1785 break;
1786 case TIFF_SHORT:
1787 {
1788 uint16* ma;
1789 int32* mb;
1790 uint32 n;
1791 ma=(uint16*)origdata;
1792 mb=data;
1793 for (n=0; n<count; n++)
1794 {
1795 if (tif->tif_flags&TIFF_SWAB)
1796 TIFFSwabShort(ma);
1797 *mb++=(int32)(*ma++);
1798 }
1799 }
1800 break;
1801 case TIFF_SSHORT:
1802 {
1803 int16* ma;
1804 int32* mb;
1805 uint32 n;
1806 ma=(int16*)origdata;
1807 mb=data;
1808 for (n=0; n<count; n++)
1809 {
1810 if (tif->tif_flags&TIFF_SWAB)
1811 TIFFSwabShort((uint16*)ma);
1812 *mb++=(int32)(*ma++);
1813 }
1814 }
1815 break;
1816 case TIFF_LONG8:
1817 {
1818 uint64* ma;
1819 int32* mb;
1820 uint32 n;
1821 ma=(uint64*)origdata;
1822 mb=data;
1823 for (n=0; n<count; n++)
1824 {
1825 if (tif->tif_flags&TIFF_SWAB)
1826 TIFFSwabLong8(ma);
1827 err=TIFFReadDirEntryCheckRangeSlongLong8(*ma);
1828 if (err!=TIFFReadDirEntryErrOk)
1829 break;
1830 *mb++=(int32)(*ma++);
1831 }
1832 }
1833 break;
1834 case TIFF_SLONG8:
1835 {
1836 int64* ma;
1837 int32* mb;
1838 uint32 n;
1839 ma=(int64*)origdata;
1840 mb=data;
1841 for (n=0; n<count; n++)
1842 {
1843 if (tif->tif_flags&TIFF_SWAB)
1844 TIFFSwabLong8((uint64*)ma);
1845 err=TIFFReadDirEntryCheckRangeSlongSlong8(*ma);
1846 if (err!=TIFFReadDirEntryErrOk)
1847 break;
1848 *mb++=(int32)(*ma++);
1849 }
1850 }
1851 break;
1852 }
1853 _TIFFfree(origdata);
1854 if (err!=TIFFReadDirEntryErrOk)
1855 {
1856 _TIFFfree(data);
1857 return(err);
1858 }
1859 *value=data;
1860 return(TIFFReadDirEntryErrOk);
1861 }
1862
TIFFReadDirEntryLong8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)1863 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
1864 {
1865 enum TIFFReadDirEntryErr err;
1866 uint32 count;
1867 void* origdata;
1868 uint64* data;
1869 switch (direntry->tdir_type)
1870 {
1871 case TIFF_BYTE:
1872 case TIFF_SBYTE:
1873 case TIFF_SHORT:
1874 case TIFF_SSHORT:
1875 case TIFF_LONG:
1876 case TIFF_SLONG:
1877 case TIFF_LONG8:
1878 case TIFF_SLONG8:
1879 break;
1880 default:
1881 return(TIFFReadDirEntryErrType);
1882 }
1883 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
1884 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1885 {
1886 *value=0;
1887 return(err);
1888 }
1889 switch (direntry->tdir_type)
1890 {
1891 case TIFF_LONG8:
1892 *value=(uint64*)origdata;
1893 if (tif->tif_flags&TIFF_SWAB)
1894 TIFFSwabArrayOfLong8(*value,count);
1895 return(TIFFReadDirEntryErrOk);
1896 case TIFF_SLONG8:
1897 {
1898 int64* m;
1899 uint32 n;
1900 m=(int64*)origdata;
1901 for (n=0; n<count; n++)
1902 {
1903 if (tif->tif_flags&TIFF_SWAB)
1904 TIFFSwabLong8((uint64*)m);
1905 err=TIFFReadDirEntryCheckRangeLong8Slong8(*m);
1906 if (err!=TIFFReadDirEntryErrOk)
1907 {
1908 _TIFFfree(origdata);
1909 return(err);
1910 }
1911 m++;
1912 }
1913 *value=(uint64*)origdata;
1914 return(TIFFReadDirEntryErrOk);
1915 }
1916 }
1917 data=(uint64*)_TIFFmalloc(count*8);
1918 if (data==0)
1919 {
1920 _TIFFfree(origdata);
1921 return(TIFFReadDirEntryErrAlloc);
1922 }
1923 switch (direntry->tdir_type)
1924 {
1925 case TIFF_BYTE:
1926 {
1927 uint8* ma;
1928 uint64* mb;
1929 uint32 n;
1930 ma=(uint8*)origdata;
1931 mb=data;
1932 for (n=0; n<count; n++)
1933 *mb++=(uint64)(*ma++);
1934 }
1935 break;
1936 case TIFF_SBYTE:
1937 {
1938 int8* ma;
1939 uint64* mb;
1940 uint32 n;
1941 ma=(int8*)origdata;
1942 mb=data;
1943 for (n=0; n<count; n++)
1944 {
1945 err=TIFFReadDirEntryCheckRangeLong8Sbyte(*ma);
1946 if (err!=TIFFReadDirEntryErrOk)
1947 break;
1948 *mb++=(uint64)(*ma++);
1949 }
1950 }
1951 break;
1952 case TIFF_SHORT:
1953 {
1954 uint16* ma;
1955 uint64* mb;
1956 uint32 n;
1957 ma=(uint16*)origdata;
1958 mb=data;
1959 for (n=0; n<count; n++)
1960 {
1961 if (tif->tif_flags&TIFF_SWAB)
1962 TIFFSwabShort(ma);
1963 *mb++=(uint64)(*ma++);
1964 }
1965 }
1966 break;
1967 case TIFF_SSHORT:
1968 {
1969 int16* ma;
1970 uint64* mb;
1971 uint32 n;
1972 ma=(int16*)origdata;
1973 mb=data;
1974 for (n=0; n<count; n++)
1975 {
1976 if (tif->tif_flags&TIFF_SWAB)
1977 TIFFSwabShort((uint16*)ma);
1978 err=TIFFReadDirEntryCheckRangeLong8Sshort(*ma);
1979 if (err!=TIFFReadDirEntryErrOk)
1980 break;
1981 *mb++=(uint64)(*ma++);
1982 }
1983 }
1984 break;
1985 case TIFF_LONG:
1986 {
1987 uint32* ma;
1988 uint64* mb;
1989 uint32 n;
1990 ma=(uint32*)origdata;
1991 mb=data;
1992 for (n=0; n<count; n++)
1993 {
1994 if (tif->tif_flags&TIFF_SWAB)
1995 TIFFSwabLong(ma);
1996 *mb++=(uint64)(*ma++);
1997 }
1998 }
1999 break;
2000 case TIFF_SLONG:
2001 {
2002 int32* ma;
2003 uint64* mb;
2004 uint32 n;
2005 ma=(int32*)origdata;
2006 mb=data;
2007 for (n=0; n<count; n++)
2008 {
2009 if (tif->tif_flags&TIFF_SWAB)
2010 TIFFSwabLong((uint32*)ma);
2011 err=TIFFReadDirEntryCheckRangeLong8Slong(*ma);
2012 if (err!=TIFFReadDirEntryErrOk)
2013 break;
2014 *mb++=(uint64)(*ma++);
2015 }
2016 }
2017 break;
2018 }
2019 _TIFFfree(origdata);
2020 if (err!=TIFFReadDirEntryErrOk)
2021 {
2022 _TIFFfree(data);
2023 return(err);
2024 }
2025 *value=data;
2026 return(TIFFReadDirEntryErrOk);
2027 }
2028
TIFFReadDirEntrySlong8Array(TIFF * tif,TIFFDirEntry * direntry,int64 ** value)2029 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value)
2030 {
2031 enum TIFFReadDirEntryErr err;
2032 uint32 count;
2033 void* origdata;
2034 int64* data;
2035 switch (direntry->tdir_type)
2036 {
2037 case TIFF_BYTE:
2038 case TIFF_SBYTE:
2039 case TIFF_SHORT:
2040 case TIFF_SSHORT:
2041 case TIFF_LONG:
2042 case TIFF_SLONG:
2043 case TIFF_LONG8:
2044 case TIFF_SLONG8:
2045 break;
2046 default:
2047 return(TIFFReadDirEntryErrType);
2048 }
2049 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2050 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2051 {
2052 *value=0;
2053 return(err);
2054 }
2055 switch (direntry->tdir_type)
2056 {
2057 case TIFF_LONG8:
2058 {
2059 uint64* m;
2060 uint32 n;
2061 m=(uint64*)origdata;
2062 for (n=0; n<count; n++)
2063 {
2064 if (tif->tif_flags&TIFF_SWAB)
2065 TIFFSwabLong8(m);
2066 err=TIFFReadDirEntryCheckRangeSlong8Long8(*m);
2067 if (err!=TIFFReadDirEntryErrOk)
2068 {
2069 _TIFFfree(origdata);
2070 return(err);
2071 }
2072 m++;
2073 }
2074 *value=(int64*)origdata;
2075 return(TIFFReadDirEntryErrOk);
2076 }
2077 case TIFF_SLONG8:
2078 *value=(int64*)origdata;
2079 if (tif->tif_flags&TIFF_SWAB)
2080 TIFFSwabArrayOfLong8((uint64*)(*value),count);
2081 return(TIFFReadDirEntryErrOk);
2082 }
2083 data=(int64*)_TIFFmalloc(count*8);
2084 if (data==0)
2085 {
2086 _TIFFfree(origdata);
2087 return(TIFFReadDirEntryErrAlloc);
2088 }
2089 switch (direntry->tdir_type)
2090 {
2091 case TIFF_BYTE:
2092 {
2093 uint8* ma;
2094 int64* mb;
2095 uint32 n;
2096 ma=(uint8*)origdata;
2097 mb=data;
2098 for (n=0; n<count; n++)
2099 *mb++=(int64)(*ma++);
2100 }
2101 break;
2102 case TIFF_SBYTE:
2103 {
2104 int8* ma;
2105 int64* mb;
2106 uint32 n;
2107 ma=(int8*)origdata;
2108 mb=data;
2109 for (n=0; n<count; n++)
2110 *mb++=(int64)(*ma++);
2111 }
2112 break;
2113 case TIFF_SHORT:
2114 {
2115 uint16* ma;
2116 int64* mb;
2117 uint32 n;
2118 ma=(uint16*)origdata;
2119 mb=data;
2120 for (n=0; n<count; n++)
2121 {
2122 if (tif->tif_flags&TIFF_SWAB)
2123 TIFFSwabShort(ma);
2124 *mb++=(int64)(*ma++);
2125 }
2126 }
2127 break;
2128 case TIFF_SSHORT:
2129 {
2130 int16* ma;
2131 int64* mb;
2132 uint32 n;
2133 ma=(int16*)origdata;
2134 mb=data;
2135 for (n=0; n<count; n++)
2136 {
2137 if (tif->tif_flags&TIFF_SWAB)
2138 TIFFSwabShort((uint16*)ma);
2139 *mb++=(int64)(*ma++);
2140 }
2141 }
2142 break;
2143 case TIFF_LONG:
2144 {
2145 uint32* ma;
2146 int64* mb;
2147 uint32 n;
2148 ma=(uint32*)origdata;
2149 mb=data;
2150 for (n=0; n<count; n++)
2151 {
2152 if (tif->tif_flags&TIFF_SWAB)
2153 TIFFSwabLong(ma);
2154 *mb++=(int64)(*ma++);
2155 }
2156 }
2157 break;
2158 case TIFF_SLONG:
2159 {
2160 int32* ma;
2161 int64* mb;
2162 uint32 n;
2163 ma=(int32*)origdata;
2164 mb=data;
2165 for (n=0; n<count; n++)
2166 {
2167 if (tif->tif_flags&TIFF_SWAB)
2168 TIFFSwabLong((uint32*)ma);
2169 *mb++=(int64)(*ma++);
2170 }
2171 }
2172 break;
2173 }
2174 _TIFFfree(origdata);
2175 if (err!=TIFFReadDirEntryErrOk)
2176 {
2177 _TIFFfree(data);
2178 return(err);
2179 }
2180 *value=data;
2181 return(TIFFReadDirEntryErrOk);
2182 }
2183
TIFFReadDirEntryFloatArray(TIFF * tif,TIFFDirEntry * direntry,float ** value)2184 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value)
2185 {
2186 enum TIFFReadDirEntryErr err;
2187 uint32 count;
2188 void* origdata;
2189 float* data;
2190 switch (direntry->tdir_type)
2191 {
2192 case TIFF_BYTE:
2193 case TIFF_SBYTE:
2194 case TIFF_SHORT:
2195 case TIFF_SSHORT:
2196 case TIFF_LONG:
2197 case TIFF_SLONG:
2198 case TIFF_LONG8:
2199 case TIFF_SLONG8:
2200 case TIFF_RATIONAL:
2201 case TIFF_SRATIONAL:
2202 case TIFF_FLOAT:
2203 case TIFF_DOUBLE:
2204 break;
2205 default:
2206 return(TIFFReadDirEntryErrType);
2207 }
2208 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
2209 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2210 {
2211 *value=0;
2212 return(err);
2213 }
2214 switch (direntry->tdir_type)
2215 {
2216 case TIFF_FLOAT:
2217 if (tif->tif_flags&TIFF_SWAB)
2218 TIFFSwabArrayOfLong((uint32*)origdata,count);
2219 TIFFCvtIEEEDoubleToNative(tif,count,(float*)origdata);
2220 *value=(float*)origdata;
2221 return(TIFFReadDirEntryErrOk);
2222 }
2223 data=(float*)_TIFFmalloc(count*sizeof(float));
2224 if (data==0)
2225 {
2226 _TIFFfree(origdata);
2227 return(TIFFReadDirEntryErrAlloc);
2228 }
2229 switch (direntry->tdir_type)
2230 {
2231 case TIFF_BYTE:
2232 {
2233 uint8* ma;
2234 float* mb;
2235 uint32 n;
2236 ma=(uint8*)origdata;
2237 mb=data;
2238 for (n=0; n<count; n++)
2239 *mb++=(float)(*ma++);
2240 }
2241 break;
2242 case TIFF_SBYTE:
2243 {
2244 int8* ma;
2245 float* mb;
2246 uint32 n;
2247 ma=(int8*)origdata;
2248 mb=data;
2249 for (n=0; n<count; n++)
2250 *mb++=(float)(*ma++);
2251 }
2252 break;
2253 case TIFF_SHORT:
2254 {
2255 uint16* ma;
2256 float* mb;
2257 uint32 n;
2258 ma=(uint16*)origdata;
2259 mb=data;
2260 for (n=0; n<count; n++)
2261 {
2262 if (tif->tif_flags&TIFF_SWAB)
2263 TIFFSwabShort(ma);
2264 *mb++=(float)(*ma++);
2265 }
2266 }
2267 break;
2268 case TIFF_SSHORT:
2269 {
2270 int16* ma;
2271 float* mb;
2272 uint32 n;
2273 ma=(int16*)origdata;
2274 mb=data;
2275 for (n=0; n<count; n++)
2276 {
2277 if (tif->tif_flags&TIFF_SWAB)
2278 TIFFSwabShort((uint16*)ma);
2279 *mb++=(float)(*ma++);
2280 }
2281 }
2282 break;
2283 case TIFF_LONG:
2284 {
2285 uint32* ma;
2286 float* mb;
2287 uint32 n;
2288 ma=(uint32*)origdata;
2289 mb=data;
2290 for (n=0; n<count; n++)
2291 {
2292 if (tif->tif_flags&TIFF_SWAB)
2293 TIFFSwabLong(ma);
2294 *mb++=(float)(*ma++);
2295 }
2296 }
2297 break;
2298 case TIFF_SLONG:
2299 {
2300 int32* ma;
2301 float* mb;
2302 uint32 n;
2303 ma=(int32*)origdata;
2304 mb=data;
2305 for (n=0; n<count; n++)
2306 {
2307 if (tif->tif_flags&TIFF_SWAB)
2308 TIFFSwabLong((uint32*)ma);
2309 *mb++=(float)(*ma++);
2310 }
2311 }
2312 break;
2313 case TIFF_LONG8:
2314 {
2315 uint64* ma;
2316 float* mb;
2317 uint32 n;
2318 ma=(uint64*)origdata;
2319 mb=data;
2320 for (n=0; n<count; n++)
2321 {
2322 if (tif->tif_flags&TIFF_SWAB)
2323 TIFFSwabLong8(ma);
2324 #if defined(__WIN32__) && (_MSC_VER < 1500)
2325 /*
2326 * XXX: MSVC 6.0 does not support
2327 * conversion of 64-bit integers into
2328 * floating point values.
2329 */
2330 *mb++ = _TIFFUInt64ToFloat(*ma++);
2331 #else
2332 *mb++ = (float)(*ma++);
2333 #endif
2334 }
2335 }
2336 break;
2337 case TIFF_SLONG8:
2338 {
2339 int64* ma;
2340 float* mb;
2341 uint32 n;
2342 ma=(int64*)origdata;
2343 mb=data;
2344 for (n=0; n<count; n++)
2345 {
2346 if (tif->tif_flags&TIFF_SWAB)
2347 TIFFSwabLong8((uint64*)ma);
2348 *mb++=(float)(*ma++);
2349 }
2350 }
2351 break;
2352 case TIFF_RATIONAL:
2353 {
2354 uint32* ma;
2355 uint32 maa;
2356 uint32 mab;
2357 float* mb;
2358 uint32 n;
2359 ma=(uint32*)origdata;
2360 mb=data;
2361 for (n=0; n<count; n++)
2362 {
2363 if (tif->tif_flags&TIFF_SWAB)
2364 TIFFSwabLong(ma);
2365 maa=*ma++;
2366 if (tif->tif_flags&TIFF_SWAB)
2367 TIFFSwabLong(ma);
2368 mab=*ma++;
2369 if (mab==0)
2370 *mb++=0.0;
2371 else
2372 *mb++=(float)maa/(float)mab;
2373 }
2374 }
2375 break;
2376 case TIFF_SRATIONAL:
2377 {
2378 uint32* ma;
2379 int32 maa;
2380 uint32 mab;
2381 float* mb;
2382 uint32 n;
2383 ma=(uint32*)origdata;
2384 mb=data;
2385 for (n=0; n<count; n++)
2386 {
2387 if (tif->tif_flags&TIFF_SWAB)
2388 TIFFSwabLong(ma);
2389 maa=*(int32*)ma;
2390 ma++;
2391 if (tif->tif_flags&TIFF_SWAB)
2392 TIFFSwabLong(ma);
2393 mab=*ma++;
2394 if (mab==0)
2395 *mb++=0.0;
2396 else
2397 *mb++=(float)maa/(float)mab;
2398 }
2399 }
2400 break;
2401 case TIFF_DOUBLE:
2402 {
2403 double* ma;
2404 float* mb;
2405 uint32 n;
2406 if (tif->tif_flags&TIFF_SWAB)
2407 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2408 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2409 ma=(double*)origdata;
2410 mb=data;
2411 for (n=0; n<count; n++)
2412 *mb++=(float)(*ma++);
2413 }
2414 break;
2415 }
2416 _TIFFfree(origdata);
2417 if (err!=TIFFReadDirEntryErrOk)
2418 {
2419 _TIFFfree(data);
2420 return(err);
2421 }
2422 *value=data;
2423 return(TIFFReadDirEntryErrOk);
2424 }
2425
2426 static enum TIFFReadDirEntryErr
TIFFReadDirEntryDoubleArray(TIFF * tif,TIFFDirEntry * direntry,double ** value)2427 TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value)
2428 {
2429 enum TIFFReadDirEntryErr err;
2430 uint32 count;
2431 void* origdata;
2432 double* data;
2433 switch (direntry->tdir_type)
2434 {
2435 case TIFF_BYTE:
2436 case TIFF_SBYTE:
2437 case TIFF_SHORT:
2438 case TIFF_SSHORT:
2439 case TIFF_LONG:
2440 case TIFF_SLONG:
2441 case TIFF_LONG8:
2442 case TIFF_SLONG8:
2443 case TIFF_RATIONAL:
2444 case TIFF_SRATIONAL:
2445 case TIFF_FLOAT:
2446 case TIFF_DOUBLE:
2447 break;
2448 default:
2449 return(TIFFReadDirEntryErrType);
2450 }
2451 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2452 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2453 {
2454 *value=0;
2455 return(err);
2456 }
2457 switch (direntry->tdir_type)
2458 {
2459 case TIFF_DOUBLE:
2460 if (tif->tif_flags&TIFF_SWAB)
2461 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2462 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2463 *value=(double*)origdata;
2464 return(TIFFReadDirEntryErrOk);
2465 }
2466 data=(double*)_TIFFmalloc(count*sizeof(double));
2467 if (data==0)
2468 {
2469 _TIFFfree(origdata);
2470 return(TIFFReadDirEntryErrAlloc);
2471 }
2472 switch (direntry->tdir_type)
2473 {
2474 case TIFF_BYTE:
2475 {
2476 uint8* ma;
2477 double* mb;
2478 uint32 n;
2479 ma=(uint8*)origdata;
2480 mb=data;
2481 for (n=0; n<count; n++)
2482 *mb++=(double)(*ma++);
2483 }
2484 break;
2485 case TIFF_SBYTE:
2486 {
2487 int8* ma;
2488 double* mb;
2489 uint32 n;
2490 ma=(int8*)origdata;
2491 mb=data;
2492 for (n=0; n<count; n++)
2493 *mb++=(double)(*ma++);
2494 }
2495 break;
2496 case TIFF_SHORT:
2497 {
2498 uint16* ma;
2499 double* mb;
2500 uint32 n;
2501 ma=(uint16*)origdata;
2502 mb=data;
2503 for (n=0; n<count; n++)
2504 {
2505 if (tif->tif_flags&TIFF_SWAB)
2506 TIFFSwabShort(ma);
2507 *mb++=(double)(*ma++);
2508 }
2509 }
2510 break;
2511 case TIFF_SSHORT:
2512 {
2513 int16* ma;
2514 double* mb;
2515 uint32 n;
2516 ma=(int16*)origdata;
2517 mb=data;
2518 for (n=0; n<count; n++)
2519 {
2520 if (tif->tif_flags&TIFF_SWAB)
2521 TIFFSwabShort((uint16*)ma);
2522 *mb++=(double)(*ma++);
2523 }
2524 }
2525 break;
2526 case TIFF_LONG:
2527 {
2528 uint32* ma;
2529 double* mb;
2530 uint32 n;
2531 ma=(uint32*)origdata;
2532 mb=data;
2533 for (n=0; n<count; n++)
2534 {
2535 if (tif->tif_flags&TIFF_SWAB)
2536 TIFFSwabLong(ma);
2537 *mb++=(double)(*ma++);
2538 }
2539 }
2540 break;
2541 case TIFF_SLONG:
2542 {
2543 int32* ma;
2544 double* mb;
2545 uint32 n;
2546 ma=(int32*)origdata;
2547 mb=data;
2548 for (n=0; n<count; n++)
2549 {
2550 if (tif->tif_flags&TIFF_SWAB)
2551 TIFFSwabLong((uint32*)ma);
2552 *mb++=(double)(*ma++);
2553 }
2554 }
2555 break;
2556 case TIFF_LONG8:
2557 {
2558 uint64* ma;
2559 double* mb;
2560 uint32 n;
2561 ma=(uint64*)origdata;
2562 mb=data;
2563 for (n=0; n<count; n++)
2564 {
2565 if (tif->tif_flags&TIFF_SWAB)
2566 TIFFSwabLong8(ma);
2567 #if defined(__WIN32__) && (_MSC_VER < 1500)
2568 /*
2569 * XXX: MSVC 6.0 does not support
2570 * conversion of 64-bit integers into
2571 * floating point values.
2572 */
2573 *mb++ = _TIFFUInt64ToDouble(*ma++);
2574 #else
2575 *mb++ = (double)(*ma++);
2576 #endif
2577 }
2578 }
2579 break;
2580 case TIFF_SLONG8:
2581 {
2582 int64* ma;
2583 double* mb;
2584 uint32 n;
2585 ma=(int64*)origdata;
2586 mb=data;
2587 for (n=0; n<count; n++)
2588 {
2589 if (tif->tif_flags&TIFF_SWAB)
2590 TIFFSwabLong8((uint64*)ma);
2591 *mb++=(double)(*ma++);
2592 }
2593 }
2594 break;
2595 case TIFF_RATIONAL:
2596 {
2597 uint32* ma;
2598 uint32 maa;
2599 uint32 mab;
2600 double* mb;
2601 uint32 n;
2602 ma=(uint32*)origdata;
2603 mb=data;
2604 for (n=0; n<count; n++)
2605 {
2606 if (tif->tif_flags&TIFF_SWAB)
2607 TIFFSwabLong(ma);
2608 maa=*ma++;
2609 if (tif->tif_flags&TIFF_SWAB)
2610 TIFFSwabLong(ma);
2611 mab=*ma++;
2612 if (mab==0)
2613 *mb++=0.0;
2614 else
2615 *mb++=(double)maa/(double)mab;
2616 }
2617 }
2618 break;
2619 case TIFF_SRATIONAL:
2620 {
2621 uint32* ma;
2622 int32 maa;
2623 uint32 mab;
2624 double* mb;
2625 uint32 n;
2626 ma=(uint32*)origdata;
2627 mb=data;
2628 for (n=0; n<count; n++)
2629 {
2630 if (tif->tif_flags&TIFF_SWAB)
2631 TIFFSwabLong(ma);
2632 maa=*(int32*)ma;
2633 ma++;
2634 if (tif->tif_flags&TIFF_SWAB)
2635 TIFFSwabLong(ma);
2636 mab=*ma++;
2637 if (mab==0)
2638 *mb++=0.0;
2639 else
2640 *mb++=(double)maa/(double)mab;
2641 }
2642 }
2643 break;
2644 case TIFF_FLOAT:
2645 {
2646 float* ma;
2647 double* mb;
2648 uint32 n;
2649 if (tif->tif_flags&TIFF_SWAB)
2650 TIFFSwabArrayOfLong((uint32*)origdata,count);
2651 TIFFCvtIEEEFloatToNative(tif,count,(float*)origdata);
2652 ma=(float*)origdata;
2653 mb=data;
2654 for (n=0; n<count; n++)
2655 *mb++=(double)(*ma++);
2656 }
2657 break;
2658 }
2659 _TIFFfree(origdata);
2660 if (err!=TIFFReadDirEntryErrOk)
2661 {
2662 _TIFFfree(data);
2663 return(err);
2664 }
2665 *value=data;
2666 return(TIFFReadDirEntryErrOk);
2667 }
2668
TIFFReadDirEntryIfd8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2669 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2670 {
2671 enum TIFFReadDirEntryErr err;
2672 uint32 count;
2673 void* origdata;
2674 uint64* data;
2675 switch (direntry->tdir_type)
2676 {
2677 case TIFF_LONG:
2678 case TIFF_LONG8:
2679 case TIFF_IFD:
2680 case TIFF_IFD8:
2681 break;
2682 default:
2683 return(TIFFReadDirEntryErrType);
2684 }
2685 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2686 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2687 {
2688 *value=0;
2689 return(err);
2690 }
2691 switch (direntry->tdir_type)
2692 {
2693 case TIFF_LONG8:
2694 case TIFF_IFD8:
2695 *value=(uint64*)origdata;
2696 if (tif->tif_flags&TIFF_SWAB)
2697 TIFFSwabArrayOfLong8(*value,count);
2698 return(TIFFReadDirEntryErrOk);
2699 }
2700 data=(uint64*)_TIFFmalloc(count*8);
2701 if (data==0)
2702 {
2703 _TIFFfree(origdata);
2704 return(TIFFReadDirEntryErrAlloc);
2705 }
2706 switch (direntry->tdir_type)
2707 {
2708 case TIFF_LONG:
2709 case TIFF_IFD:
2710 {
2711 uint32* ma;
2712 uint64* mb;
2713 uint32 n;
2714 ma=(uint32*)origdata;
2715 mb=data;
2716 for (n=0; n<count; n++)
2717 {
2718 if (tif->tif_flags&TIFF_SWAB)
2719 TIFFSwabLong(ma);
2720 *mb++=(uint64)(*ma++);
2721 }
2722 }
2723 break;
2724 }
2725 _TIFFfree(origdata);
2726 if (err!=TIFFReadDirEntryErrOk)
2727 {
2728 _TIFFfree(data);
2729 return(err);
2730 }
2731 *value=data;
2732 return(TIFFReadDirEntryErrOk);
2733 }
2734
TIFFReadDirEntryPersampleShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2735 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2736 {
2737 enum TIFFReadDirEntryErr err;
2738 uint16* m;
2739 uint16* na;
2740 uint16 nb;
2741 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2742 return(TIFFReadDirEntryErrCount);
2743 err=TIFFReadDirEntryShortArray(tif,direntry,&m);
2744 if (err!=TIFFReadDirEntryErrOk)
2745 return(err);
2746 na=m;
2747 nb=tif->tif_dir.td_samplesperpixel;
2748 *value=*na++;
2749 nb--;
2750 while (nb>0)
2751 {
2752 if (*na++!=*value)
2753 {
2754 err=TIFFReadDirEntryErrPsdif;
2755 break;
2756 }
2757 nb--;
2758 }
2759 _TIFFfree(m);
2760 return(err);
2761 }
2762
2763 #if 0
2764 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2765 {
2766 enum TIFFReadDirEntryErr err;
2767 double* m;
2768 double* na;
2769 uint16 nb;
2770 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2771 return(TIFFReadDirEntryErrCount);
2772 err=TIFFReadDirEntryDoubleArray(tif,direntry,&m);
2773 if (err!=TIFFReadDirEntryErrOk)
2774 return(err);
2775 na=m;
2776 nb=tif->tif_dir.td_samplesperpixel;
2777 *value=*na++;
2778 nb--;
2779 while (nb>0)
2780 {
2781 if (*na++!=*value)
2782 {
2783 err=TIFFReadDirEntryErrPsdif;
2784 break;
2785 }
2786 nb--;
2787 }
2788 _TIFFfree(m);
2789 return(err);
2790 }
2791 #endif
2792
TIFFReadDirEntryCheckedByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)2793 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
2794 {
2795 (void) tif;
2796 *value=*(uint8*)(&direntry->tdir_offset);
2797 }
2798
TIFFReadDirEntryCheckedSbyte(TIFF * tif,TIFFDirEntry * direntry,int8 * value)2799 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value)
2800 {
2801 (void) tif;
2802 *value=*(int8*)(&direntry->tdir_offset);
2803 }
2804
TIFFReadDirEntryCheckedShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2805 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2806 {
2807 *value = direntry->tdir_offset.toff_short;
2808 /* *value=*(uint16*)(&direntry->tdir_offset); */
2809 if (tif->tif_flags&TIFF_SWAB)
2810 TIFFSwabShort(value);
2811 }
2812
TIFFReadDirEntryCheckedSshort(TIFF * tif,TIFFDirEntry * direntry,int16 * value)2813 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value)
2814 {
2815 *value=*(int16*)(&direntry->tdir_offset);
2816 if (tif->tif_flags&TIFF_SWAB)
2817 TIFFSwabShort((uint16*)value);
2818 }
2819
TIFFReadDirEntryCheckedLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)2820 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
2821 {
2822 *value=*(uint32*)(&direntry->tdir_offset);
2823 if (tif->tif_flags&TIFF_SWAB)
2824 TIFFSwabLong(value);
2825 }
2826
TIFFReadDirEntryCheckedSlong(TIFF * tif,TIFFDirEntry * direntry,int32 * value)2827 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value)
2828 {
2829 *value=*(int32*)(&direntry->tdir_offset);
2830 if (tif->tif_flags&TIFF_SWAB)
2831 TIFFSwabLong((uint32*)value);
2832 }
2833
TIFFReadDirEntryCheckedLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)2834 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
2835 {
2836 if (!(tif->tif_flags&TIFF_BIGTIFF))
2837 {
2838 enum TIFFReadDirEntryErr err;
2839 uint32 offset = direntry->tdir_offset.toff_long;
2840 if (tif->tif_flags&TIFF_SWAB)
2841 TIFFSwabLong(&offset);
2842 err=TIFFReadDirEntryData(tif,offset,8,value);
2843 if (err!=TIFFReadDirEntryErrOk)
2844 return(err);
2845 }
2846 else
2847 *value = direntry->tdir_offset.toff_long8;
2848 if (tif->tif_flags&TIFF_SWAB)
2849 TIFFSwabLong8(value);
2850 return(TIFFReadDirEntryErrOk);
2851 }
2852
TIFFReadDirEntryCheckedSlong8(TIFF * tif,TIFFDirEntry * direntry,int64 * value)2853 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value)
2854 {
2855 if (!(tif->tif_flags&TIFF_BIGTIFF))
2856 {
2857 enum TIFFReadDirEntryErr err;
2858 uint32 offset = direntry->tdir_offset.toff_long;
2859 if (tif->tif_flags&TIFF_SWAB)
2860 TIFFSwabLong(&offset);
2861 err=TIFFReadDirEntryData(tif,offset,8,value);
2862 if (err!=TIFFReadDirEntryErrOk)
2863 return(err);
2864 }
2865 else
2866 *value=*(int64*)(&direntry->tdir_offset);
2867 if (tif->tif_flags&TIFF_SWAB)
2868 TIFFSwabLong8((uint64*)value);
2869 return(TIFFReadDirEntryErrOk);
2870 }
2871
TIFFReadDirEntryCheckedRational(TIFF * tif,TIFFDirEntry * direntry,double * value)2872 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2873 {
2874 UInt64Aligned_t m;
2875
2876 assert(sizeof(double)==8);
2877 assert(sizeof(uint64)==8);
2878 assert(sizeof(uint32)==4);
2879 if (!(tif->tif_flags&TIFF_BIGTIFF))
2880 {
2881 enum TIFFReadDirEntryErr err;
2882 uint32 offset = direntry->tdir_offset.toff_long;
2883 if (tif->tif_flags&TIFF_SWAB)
2884 TIFFSwabLong(&offset);
2885 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2886 if (err!=TIFFReadDirEntryErrOk)
2887 return(err);
2888 }
2889 else
2890 m.l = direntry->tdir_offset.toff_long8;
2891 if (tif->tif_flags&TIFF_SWAB)
2892 TIFFSwabArrayOfLong(m.i,2);
2893 if (m.i[0]==0)
2894 *value=0.0;
2895 else
2896 *value=(double)m.i[0]/(double)m.i[1];
2897 return(TIFFReadDirEntryErrOk);
2898 }
2899
TIFFReadDirEntryCheckedSrational(TIFF * tif,TIFFDirEntry * direntry,double * value)2900 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2901 {
2902 UInt64Aligned_t m;
2903 assert(sizeof(double)==8);
2904 assert(sizeof(uint64)==8);
2905 assert(sizeof(int32)==4);
2906 assert(sizeof(uint32)==4);
2907 if (!(tif->tif_flags&TIFF_BIGTIFF))
2908 {
2909 enum TIFFReadDirEntryErr err;
2910 uint32 offset = direntry->tdir_offset.toff_long;
2911 if (tif->tif_flags&TIFF_SWAB)
2912 TIFFSwabLong(&offset);
2913 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2914 if (err!=TIFFReadDirEntryErrOk)
2915 return(err);
2916 }
2917 else
2918 m.l=direntry->tdir_offset.toff_long8;
2919 if (tif->tif_flags&TIFF_SWAB)
2920 TIFFSwabArrayOfLong(m.i,2);
2921 if ((int32)m.i[0]==0)
2922 *value=0.0;
2923 else
2924 *value=(double)((int32)m.i[0])/(double)m.i[1];
2925 return(TIFFReadDirEntryErrOk);
2926 }
2927
TIFFReadDirEntryCheckedFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)2928 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
2929 {
2930 union
2931 {
2932 float f;
2933 uint32 i;
2934 } float_union;
2935 assert(sizeof(float)==4);
2936 assert(sizeof(uint32)==4);
2937 assert(sizeof(float_union)==4);
2938 float_union.i=*(uint32*)(&direntry->tdir_offset);
2939 *value=float_union.f;
2940 if (tif->tif_flags&TIFF_SWAB)
2941 TIFFSwabLong((uint32*)value);
2942 }
2943
TIFFReadDirEntryCheckedDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)2944 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2945 {
2946 assert(sizeof(double)==8);
2947 assert(sizeof(uint64)==8);
2948 assert(sizeof(UInt64Aligned_t)==8);
2949 if (!(tif->tif_flags&TIFF_BIGTIFF))
2950 {
2951 enum TIFFReadDirEntryErr err;
2952 uint32 offset = direntry->tdir_offset.toff_long;
2953 if (tif->tif_flags&TIFF_SWAB)
2954 TIFFSwabLong(&offset);
2955 err=TIFFReadDirEntryData(tif,offset,8,value);
2956 if (err!=TIFFReadDirEntryErrOk)
2957 return(err);
2958 }
2959 else
2960 {
2961 UInt64Aligned_t uint64_union;
2962 uint64_union.l=direntry->tdir_offset.toff_long8;
2963 *value=uint64_union.d;
2964 }
2965 if (tif->tif_flags&TIFF_SWAB)
2966 TIFFSwabLong8((uint64*)value);
2967 return(TIFFReadDirEntryErrOk);
2968 }
2969
TIFFReadDirEntryCheckRangeByteSbyte(int8 value)2970 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value)
2971 {
2972 if (value<0)
2973 return(TIFFReadDirEntryErrRange);
2974 else
2975 return(TIFFReadDirEntryErrOk);
2976 }
2977
TIFFReadDirEntryCheckRangeByteShort(uint16 value)2978 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value)
2979 {
2980 if (value>0xFF)
2981 return(TIFFReadDirEntryErrRange);
2982 else
2983 return(TIFFReadDirEntryErrOk);
2984 }
2985
TIFFReadDirEntryCheckRangeByteSshort(int16 value)2986 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value)
2987 {
2988 if ((value<0)||(value>0xFF))
2989 return(TIFFReadDirEntryErrRange);
2990 else
2991 return(TIFFReadDirEntryErrOk);
2992 }
2993
TIFFReadDirEntryCheckRangeByteLong(uint32 value)2994 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value)
2995 {
2996 if (value>0xFF)
2997 return(TIFFReadDirEntryErrRange);
2998 else
2999 return(TIFFReadDirEntryErrOk);
3000 }
3001
TIFFReadDirEntryCheckRangeByteSlong(int32 value)3002 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value)
3003 {
3004 if ((value<0)||(value>0xFF))
3005 return(TIFFReadDirEntryErrRange);
3006 else
3007 return(TIFFReadDirEntryErrOk);
3008 }
3009
TIFFReadDirEntryCheckRangeByteLong8(uint64 value)3010 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value)
3011 {
3012 if (value>0xFF)
3013 return(TIFFReadDirEntryErrRange);
3014 else
3015 return(TIFFReadDirEntryErrOk);
3016 }
3017
TIFFReadDirEntryCheckRangeByteSlong8(int64 value)3018 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value)
3019 {
3020 if ((value<0)||(value>0xFF))
3021 return(TIFFReadDirEntryErrRange);
3022 else
3023 return(TIFFReadDirEntryErrOk);
3024 }
3025
TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)3026 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)
3027 {
3028 if (value>0x7F)
3029 return(TIFFReadDirEntryErrRange);
3030 else
3031 return(TIFFReadDirEntryErrOk);
3032 }
3033
TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)3034 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)
3035 {
3036 if (value>0x7F)
3037 return(TIFFReadDirEntryErrRange);
3038 else
3039 return(TIFFReadDirEntryErrOk);
3040 }
3041
TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)3042 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)
3043 {
3044 if ((value<-0x80)||(value>0x7F))
3045 return(TIFFReadDirEntryErrRange);
3046 else
3047 return(TIFFReadDirEntryErrOk);
3048 }
3049
TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)3050 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)
3051 {
3052 if (value>0x7F)
3053 return(TIFFReadDirEntryErrRange);
3054 else
3055 return(TIFFReadDirEntryErrOk);
3056 }
3057
TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)3058 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)
3059 {
3060 if ((value<-0x80)||(value>0x7F))
3061 return(TIFFReadDirEntryErrRange);
3062 else
3063 return(TIFFReadDirEntryErrOk);
3064 }
3065
TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)3066 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)
3067 {
3068 if (value>0x7F)
3069 return(TIFFReadDirEntryErrRange);
3070 else
3071 return(TIFFReadDirEntryErrOk);
3072 }
3073
TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)3074 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)
3075 {
3076 if ((value<-0x80)||(value>0x7F))
3077 return(TIFFReadDirEntryErrRange);
3078 else
3079 return(TIFFReadDirEntryErrOk);
3080 }
3081
TIFFReadDirEntryCheckRangeShortSbyte(int8 value)3082 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value)
3083 {
3084 if (value<0)
3085 return(TIFFReadDirEntryErrRange);
3086 else
3087 return(TIFFReadDirEntryErrOk);
3088 }
3089
TIFFReadDirEntryCheckRangeShortSshort(int16 value)3090 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value)
3091 {
3092 if (value<0)
3093 return(TIFFReadDirEntryErrRange);
3094 else
3095 return(TIFFReadDirEntryErrOk);
3096 }
3097
TIFFReadDirEntryCheckRangeShortLong(uint32 value)3098 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value)
3099 {
3100 if (value>0xFFFF)
3101 return(TIFFReadDirEntryErrRange);
3102 else
3103 return(TIFFReadDirEntryErrOk);
3104 }
3105
TIFFReadDirEntryCheckRangeShortSlong(int32 value)3106 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value)
3107 {
3108 if ((value<0)||(value>0xFFFF))
3109 return(TIFFReadDirEntryErrRange);
3110 else
3111 return(TIFFReadDirEntryErrOk);
3112 }
3113
TIFFReadDirEntryCheckRangeShortLong8(uint64 value)3114 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value)
3115 {
3116 if (value>0xFFFF)
3117 return(TIFFReadDirEntryErrRange);
3118 else
3119 return(TIFFReadDirEntryErrOk);
3120 }
3121
TIFFReadDirEntryCheckRangeShortSlong8(int64 value)3122 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value)
3123 {
3124 if ((value<0)||(value>0xFFFF))
3125 return(TIFFReadDirEntryErrRange);
3126 else
3127 return(TIFFReadDirEntryErrOk);
3128 }
3129
TIFFReadDirEntryCheckRangeSshortShort(uint16 value)3130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value)
3131 {
3132 if (value>0x7FFF)
3133 return(TIFFReadDirEntryErrRange);
3134 else
3135 return(TIFFReadDirEntryErrOk);
3136 }
3137
TIFFReadDirEntryCheckRangeSshortLong(uint32 value)3138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value)
3139 {
3140 if (value>0x7FFF)
3141 return(TIFFReadDirEntryErrRange);
3142 else
3143 return(TIFFReadDirEntryErrOk);
3144 }
3145
TIFFReadDirEntryCheckRangeSshortSlong(int32 value)3146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value)
3147 {
3148 if ((value<-0x8000)||(value>0x7FFF))
3149 return(TIFFReadDirEntryErrRange);
3150 else
3151 return(TIFFReadDirEntryErrOk);
3152 }
3153
TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)3154 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)
3155 {
3156 if (value>0x7FFF)
3157 return(TIFFReadDirEntryErrRange);
3158 else
3159 return(TIFFReadDirEntryErrOk);
3160 }
3161
TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)3162 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)
3163 {
3164 if ((value<-0x8000)||(value>0x7FFF))
3165 return(TIFFReadDirEntryErrRange);
3166 else
3167 return(TIFFReadDirEntryErrOk);
3168 }
3169
TIFFReadDirEntryCheckRangeLongSbyte(int8 value)3170 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value)
3171 {
3172 if (value<0)
3173 return(TIFFReadDirEntryErrRange);
3174 else
3175 return(TIFFReadDirEntryErrOk);
3176 }
3177
TIFFReadDirEntryCheckRangeLongSshort(int16 value)3178 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value)
3179 {
3180 if (value<0)
3181 return(TIFFReadDirEntryErrRange);
3182 else
3183 return(TIFFReadDirEntryErrOk);
3184 }
3185
TIFFReadDirEntryCheckRangeLongSlong(int32 value)3186 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value)
3187 {
3188 if (value<0)
3189 return(TIFFReadDirEntryErrRange);
3190 else
3191 return(TIFFReadDirEntryErrOk);
3192 }
3193
3194 /*
3195 * Largest 32-bit unsigned integer value.
3196 */
3197 #if defined(__WIN32__) && defined(_MSC_VER)
3198 # define TIFF_UINT32_MAX 0xFFFFFFFFI64
3199 #else
3200 # define TIFF_UINT32_MAX 0xFFFFFFFFLL
3201 #endif
3202
3203 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongLong8(uint64 value)3204 TIFFReadDirEntryCheckRangeLongLong8(uint64 value)
3205 {
3206 if (value > TIFF_UINT32_MAX)
3207 return(TIFFReadDirEntryErrRange);
3208 else
3209 return(TIFFReadDirEntryErrOk);
3210 }
3211
3212 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongSlong8(int64 value)3213 TIFFReadDirEntryCheckRangeLongSlong8(int64 value)
3214 {
3215 if ((value<0) || (value > TIFF_UINT32_MAX))
3216 return(TIFFReadDirEntryErrRange);
3217 else
3218 return(TIFFReadDirEntryErrOk);
3219 }
3220
3221 #undef TIFF_UINT32_MAX
3222
3223 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong(uint32 value)3224 TIFFReadDirEntryCheckRangeSlongLong(uint32 value)
3225 {
3226 if (value > 0x7FFFFFFFUL)
3227 return(TIFFReadDirEntryErrRange);
3228 else
3229 return(TIFFReadDirEntryErrOk);
3230 }
3231
3232 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)3233 TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)
3234 {
3235 if (value > 0x7FFFFFFFUL)
3236 return(TIFFReadDirEntryErrRange);
3237 else
3238 return(TIFFReadDirEntryErrOk);
3239 }
3240
3241 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)3242 TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)
3243 {
3244 if ((value < 0L-0x80000000L) || (value > 0x7FFFFFFFL))
3245 return(TIFFReadDirEntryErrRange);
3246 else
3247 return(TIFFReadDirEntryErrOk);
3248 }
3249
3250 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)3251 TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)
3252 {
3253 if (value < 0)
3254 return(TIFFReadDirEntryErrRange);
3255 else
3256 return(TIFFReadDirEntryErrOk);
3257 }
3258
3259 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)3260 TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)
3261 {
3262 if (value < 0)
3263 return(TIFFReadDirEntryErrRange);
3264 else
3265 return(TIFFReadDirEntryErrOk);
3266 }
3267
3268 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong(int32 value)3269 TIFFReadDirEntryCheckRangeLong8Slong(int32 value)
3270 {
3271 if (value < 0)
3272 return(TIFFReadDirEntryErrRange);
3273 else
3274 return(TIFFReadDirEntryErrOk);
3275 }
3276
3277 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)3278 TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)
3279 {
3280 if (value < 0)
3281 return(TIFFReadDirEntryErrRange);
3282 else
3283 return(TIFFReadDirEntryErrOk);
3284 }
3285
3286 /*
3287 * Largest 64-bit signed integer value.
3288 */
3289 #if defined(__WIN32__) && defined(_MSC_VER)
3290 # define TIFF_INT64_MAX 0x7FFFFFFFFFFFFFFFI64
3291 #else
3292 # define TIFF_INT64_MAX 0x7FFFFFFFFFFFFFFFLL
3293 #endif
3294
3295 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)3296 TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)
3297 {
3298 if (value > TIFF_INT64_MAX)
3299 return(TIFFReadDirEntryErrRange);
3300 else
3301 return(TIFFReadDirEntryErrOk);
3302 }
3303
3304 #undef TIFF_INT64_MAX
3305
3306 static enum TIFFReadDirEntryErr
TIFFReadDirEntryData(TIFF * tif,uint64 offset,tmsize_t size,void * dest)3307 TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest)
3308 {
3309 assert(size>0);
3310 if (!isMapped(tif)) {
3311 if (!SeekOK(tif,offset))
3312 return(TIFFReadDirEntryErrIo);
3313 if (!ReadOK(tif,dest,size))
3314 return(TIFFReadDirEntryErrIo);
3315 } else {
3316 size_t ma,mb;
3317 ma=(size_t)offset;
3318 mb=ma+size;
3319 if (((uint64)ma!=offset)
3320 || (mb < ma)
3321 || (mb - ma != (size_t) size)
3322 || (mb < (size_t)size)
3323 || (mb > (size_t)tif->tif_size)
3324 )
3325 return(TIFFReadDirEntryErrIo);
3326 _TIFFmemcpy(dest,tif->tif_base+ma,size);
3327 }
3328 return(TIFFReadDirEntryErrOk);
3329 }
3330
TIFFReadDirEntryOutputErr(TIFF * tif,enum TIFFReadDirEntryErr err,const char * module,const char * tagname,int recover)3331 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover)
3332 {
3333 if (!recover) {
3334 switch (err) {
3335 case TIFFReadDirEntryErrCount:
3336 TIFFErrorExt(tif->tif_clientdata, module,
3337 "Incorrect count for \"%s\"",
3338 tagname);
3339 break;
3340 case TIFFReadDirEntryErrType:
3341 TIFFErrorExt(tif->tif_clientdata, module,
3342 "Incompatible type for \"%s\"",
3343 tagname);
3344 break;
3345 case TIFFReadDirEntryErrIo:
3346 TIFFErrorExt(tif->tif_clientdata, module,
3347 "IO error during reading of \"%s\"",
3348 tagname);
3349 break;
3350 case TIFFReadDirEntryErrRange:
3351 TIFFErrorExt(tif->tif_clientdata, module,
3352 "Incorrect value for \"%s\"",
3353 tagname);
3354 break;
3355 case TIFFReadDirEntryErrPsdif:
3356 TIFFErrorExt(tif->tif_clientdata, module,
3357 "Cannot handle different values per sample for \"%s\"",
3358 tagname);
3359 break;
3360 case TIFFReadDirEntryErrSizesan:
3361 TIFFErrorExt(tif->tif_clientdata, module,
3362 "Sanity check on size of \"%s\" value failed",
3363 tagname);
3364 break;
3365 case TIFFReadDirEntryErrAlloc:
3366 TIFFErrorExt(tif->tif_clientdata, module,
3367 "Out of memory reading of \"%s\"",
3368 tagname);
3369 break;
3370 default:
3371 assert(0); /* we should never get here */
3372 break;
3373 }
3374 } else {
3375 switch (err) {
3376 case TIFFReadDirEntryErrCount:
3377 TIFFErrorExt(tif->tif_clientdata, module,
3378 "Incorrect count for \"%s\"; tag ignored",
3379 tagname);
3380 break;
3381 case TIFFReadDirEntryErrType:
3382 TIFFWarningExt(tif->tif_clientdata, module,
3383 "Incompatible type for \"%s\"; tag ignored",
3384 tagname);
3385 break;
3386 case TIFFReadDirEntryErrIo:
3387 TIFFWarningExt(tif->tif_clientdata, module,
3388 "IO error during reading of \"%s\"; tag ignored",
3389 tagname);
3390 break;
3391 case TIFFReadDirEntryErrRange:
3392 TIFFWarningExt(tif->tif_clientdata, module,
3393 "Incorrect value for \"%s\"; tag ignored",
3394 tagname);
3395 break;
3396 case TIFFReadDirEntryErrPsdif:
3397 TIFFWarningExt(tif->tif_clientdata, module,
3398 "Cannot handle different values per sample for \"%s\"; tag ignored",
3399 tagname);
3400 break;
3401 case TIFFReadDirEntryErrSizesan:
3402 TIFFWarningExt(tif->tif_clientdata, module,
3403 "Sanity check on size of \"%s\" value failed; tag ignored",
3404 tagname);
3405 break;
3406 case TIFFReadDirEntryErrAlloc:
3407 TIFFWarningExt(tif->tif_clientdata, module,
3408 "Out of memory reading of \"%s\"; tag ignored",
3409 tagname);
3410 break;
3411 default:
3412 assert(0); /* we should never get here */
3413 break;
3414 }
3415 }
3416 }
3417
3418 /*
3419 * Read the next TIFF directory from a file and convert it to the internal
3420 * format. We read directories sequentially.
3421 */
3422 int
TIFFReadDirectory(TIFF * tif)3423 TIFFReadDirectory(TIFF* tif)
3424 {
3425 static const char module[] = "TIFFReadDirectory";
3426 TIFFDirEntry* dir;
3427 uint16 dircount;
3428 TIFFDirEntry* dp;
3429 uint16 di;
3430 const TIFFField* fip;
3431 uint32 fii=FAILED_FII;
3432 toff_t nextdiroff;
3433 tif->tif_diroff=tif->tif_nextdiroff;
3434 if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
3435 return 0; /* last offset or bad offset (IFD looping) */
3436 (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */
3437 tif->tif_curdir++;
3438 nextdiroff = tif->tif_nextdiroff;
3439 dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff);
3440 if (!dircount)
3441 {
3442 TIFFErrorExt(tif->tif_clientdata,module,
3443 "Failed to read directory at offset " TIFF_UINT64_FORMAT,nextdiroff);
3444 return 0;
3445 }
3446 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
3447
3448 /*
3449 * Mark duplicates of any tag to be ignored (bugzilla 1994)
3450 * to avoid certain pathological problems.
3451 */
3452 {
3453 TIFFDirEntry* ma;
3454 uint16 mb;
3455 for (ma=dir, mb=0; mb<dircount; ma++, mb++)
3456 {
3457 TIFFDirEntry* na;
3458 uint16 nb;
3459 for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++)
3460 {
3461 if (ma->tdir_tag==na->tdir_tag)
3462 na->tdir_tag=IGNORE;
3463 }
3464 }
3465 }
3466
3467 tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */
3468 tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */
3469 /* free any old stuff and reinit */
3470 TIFFFreeDirectory(tif);
3471 TIFFDefaultDirectory(tif);
3472 /*
3473 * Electronic Arts writes gray-scale TIFF files
3474 * without a PlanarConfiguration directory entry.
3475 * Thus we setup a default value here, even though
3476 * the TIFF spec says there is no default value.
3477 */
3478 TIFFSetField(tif,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG);
3479 /*
3480 * Setup default value and then make a pass over
3481 * the fields to check type and tag information,
3482 * and to extract info required to size data
3483 * structures. A second pass is made afterwards
3484 * to read in everthing not taken in the first pass.
3485 * But we must process the Compression tag first
3486 * in order to merge in codec-private tag definitions (otherwise
3487 * we may get complaints about unknown tags). However, the
3488 * Compression tag may be dependent on the SamplesPerPixel
3489 * tag value because older TIFF specs permited Compression
3490 * to be written as a SamplesPerPixel-count tag entry.
3491 * Thus if we don't first figure out the correct SamplesPerPixel
3492 * tag value then we may end up ignoring the Compression tag
3493 * value because it has an incorrect count value (if the
3494 * true value of SamplesPerPixel is not 1).
3495 */
3496 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_SAMPLESPERPIXEL);
3497 if (dp)
3498 {
3499 if (!TIFFFetchNormalTag(tif,dp,0))
3500 goto bad;
3501 dp->tdir_tag=IGNORE;
3502 }
3503 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION);
3504 if (dp)
3505 {
3506 /*
3507 * The 5.0 spec says the Compression tag has one value, while
3508 * earlier specs say it has one value per sample. Because of
3509 * this, we accept the tag if one value is supplied with either
3510 * count.
3511 */
3512 uint16 value;
3513 enum TIFFReadDirEntryErr err;
3514 err=TIFFReadDirEntryShort(tif,dp,&value);
3515 if (err==TIFFReadDirEntryErrCount)
3516 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3517 if (err!=TIFFReadDirEntryErrOk)
3518 {
3519 TIFFReadDirEntryOutputErr(tif,err,module,"Compression",0);
3520 goto bad;
3521 }
3522 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value))
3523 goto bad;
3524 dp->tdir_tag=IGNORE;
3525 }
3526 else
3527 {
3528 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,COMPRESSION_NONE))
3529 goto bad;
3530 }
3531 /*
3532 * First real pass over the directory.
3533 */
3534 for (di=0, dp=dir; di<dircount; di++, dp++)
3535 {
3536 if (dp->tdir_tag!=IGNORE)
3537 {
3538 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3539 if (fii == FAILED_FII)
3540 {
3541 TIFFWarningExt(tif->tif_clientdata, module,
3542 "Unknown field with tag %d (0x%x) encountered",
3543 dp->tdir_tag,dp->tdir_tag);
3544 /* the following knowingly leaks the
3545 anonymous field structure */
3546 if (!_TIFFMergeFields(tif,
3547 _TIFFCreateAnonField(tif,
3548 dp->tdir_tag,
3549 (TIFFDataType) dp->tdir_type),
3550 1)) {
3551 TIFFWarningExt(tif->tif_clientdata,
3552 module,
3553 "Registering anonymous field with tag %d (0x%x) failed",
3554 dp->tdir_tag,
3555 dp->tdir_tag);
3556 dp->tdir_tag=IGNORE;
3557 } else {
3558 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3559 assert(fii != FAILED_FII);
3560 }
3561 }
3562 }
3563 if (dp->tdir_tag!=IGNORE)
3564 {
3565 fip=tif->tif_fields[fii];
3566 if (fip->field_bit==FIELD_IGNORE)
3567 dp->tdir_tag=IGNORE;
3568 else
3569 {
3570 switch (dp->tdir_tag)
3571 {
3572 case TIFFTAG_STRIPOFFSETS:
3573 case TIFFTAG_STRIPBYTECOUNTS:
3574 case TIFFTAG_TILEOFFSETS:
3575 case TIFFTAG_TILEBYTECOUNTS:
3576 TIFFSetFieldBit(tif,fip->field_bit);
3577 break;
3578 case TIFFTAG_IMAGEWIDTH:
3579 case TIFFTAG_IMAGELENGTH:
3580 case TIFFTAG_IMAGEDEPTH:
3581 case TIFFTAG_TILELENGTH:
3582 case TIFFTAG_TILEWIDTH:
3583 case TIFFTAG_TILEDEPTH:
3584 case TIFFTAG_PLANARCONFIG:
3585 case TIFFTAG_ROWSPERSTRIP:
3586 case TIFFTAG_EXTRASAMPLES:
3587 if (!TIFFFetchNormalTag(tif,dp,0))
3588 goto bad;
3589 dp->tdir_tag=IGNORE;
3590 break;
3591 }
3592 }
3593 }
3594 }
3595 /*
3596 * XXX: OJPEG hack.
3597 * If a) compression is OJPEG, b) planarconfig tag says it's separate,
3598 * c) strip offsets/bytecounts tag are both present and
3599 * d) both contain exactly one value, then we consistently find
3600 * that the buggy implementation of the buggy compression scheme
3601 * matches contig planarconfig best. So we 'fix-up' the tag here
3602 */
3603 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&&
3604 (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE))
3605 {
3606 if (!_TIFFFillStriles(tif))
3607 goto bad;
3608 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS);
3609 if ((dp!=0)&&(dp->tdir_count==1))
3610 {
3611 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,
3612 TIFFTAG_STRIPBYTECOUNTS);
3613 if ((dp!=0)&&(dp->tdir_count==1))
3614 {
3615 tif->tif_dir.td_planarconfig=PLANARCONFIG_CONTIG;
3616 TIFFWarningExt(tif->tif_clientdata,module,
3617 "Planarconfig tag value assumed incorrect, "
3618 "assuming data is contig instead of chunky");
3619 }
3620 }
3621 }
3622 /*
3623 * Allocate directory structure and setup defaults.
3624 */
3625 if (!TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS))
3626 {
3627 MissingRequired(tif,"ImageLength");
3628 goto bad;
3629 }
3630 /*
3631 * Setup appropriate structures (by strip or by tile)
3632 */
3633 if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
3634 tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif);
3635 tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth;
3636 tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip;
3637 tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth;
3638 tif->tif_flags &= ~TIFF_ISTILED;
3639 } else {
3640 tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif);
3641 tif->tif_flags |= TIFF_ISTILED;
3642 }
3643 if (!tif->tif_dir.td_nstrips) {
3644 TIFFErrorExt(tif->tif_clientdata, module,
3645 "Cannot handle zero number of %s",
3646 isTiled(tif) ? "tiles" : "strips");
3647 goto bad;
3648 }
3649 tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips;
3650 if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)
3651 tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel;
3652 if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) {
3653 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) &&
3654 (isTiled(tif)==0) &&
3655 (tif->tif_dir.td_nstrips==1)) {
3656 /*
3657 * XXX: OJPEG hack.
3658 * If a) compression is OJPEG, b) it's not a tiled TIFF,
3659 * and c) the number of strips is 1,
3660 * then we tolerate the absence of stripoffsets tag,
3661 * because, presumably, all required data is in the
3662 * JpegInterchangeFormat stream.
3663 */
3664 TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS);
3665 } else {
3666 MissingRequired(tif,
3667 isTiled(tif) ? "TileOffsets" : "StripOffsets");
3668 goto bad;
3669 }
3670 }
3671 /*
3672 * Second pass: extract other information.
3673 */
3674 for (di=0, dp=dir; di<dircount; di++, dp++)
3675 {
3676 switch (dp->tdir_tag)
3677 {
3678 case IGNORE:
3679 break;
3680 case TIFFTAG_MINSAMPLEVALUE:
3681 case TIFFTAG_MAXSAMPLEVALUE:
3682 case TIFFTAG_BITSPERSAMPLE:
3683 case TIFFTAG_DATATYPE:
3684 case TIFFTAG_SAMPLEFORMAT:
3685 /*
3686 * The MinSampleValue, MaxSampleValue, BitsPerSample
3687 * DataType and SampleFormat tags are supposed to be
3688 * written as one value/sample, but some vendors
3689 * incorrectly write one value only -- so we accept
3690 * that as well (yech). Other vendors write correct
3691 * value for NumberOfSamples, but incorrect one for
3692 * BitsPerSample and friends, and we will read this
3693 * too.
3694 */
3695 {
3696 uint16 value;
3697 enum TIFFReadDirEntryErr err;
3698 err=TIFFReadDirEntryShort(tif,dp,&value);
3699 if (err==TIFFReadDirEntryErrCount)
3700 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3701 if (err!=TIFFReadDirEntryErrOk)
3702 {
3703 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3704 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3705 goto bad;
3706 }
3707 if (!TIFFSetField(tif,dp->tdir_tag,value))
3708 goto bad;
3709 }
3710 break;
3711 case TIFFTAG_SMINSAMPLEVALUE:
3712 case TIFFTAG_SMAXSAMPLEVALUE:
3713 {
3714
3715 double *data;
3716 enum TIFFReadDirEntryErr err;
3717 uint32 saved_flags;
3718 int m;
3719 if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel)
3720 err = TIFFReadDirEntryErrCount;
3721 else
3722 err = TIFFReadDirEntryDoubleArray(tif, dp, &data);
3723 if (err!=TIFFReadDirEntryErrOk)
3724 {
3725 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3726 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3727 goto bad;
3728 }
3729 saved_flags = tif->tif_flags;
3730 tif->tif_flags |= TIFF_PERSAMPLE;
3731 m = TIFFSetField(tif,dp->tdir_tag,data);
3732 tif->tif_flags = saved_flags;
3733 _TIFFfree(data);
3734 if (!m)
3735 goto bad;
3736 }
3737 break;
3738 case TIFFTAG_STRIPOFFSETS:
3739 case TIFFTAG_TILEOFFSETS:
3740 #if defined(DEFER_STRILE_LOAD)
3741 _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry),
3742 dp, sizeof(TIFFDirEntry) );
3743 #else
3744 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset))
3745 goto bad;
3746 #endif
3747 break;
3748 case TIFFTAG_STRIPBYTECOUNTS:
3749 case TIFFTAG_TILEBYTECOUNTS:
3750 #if defined(DEFER_STRILE_LOAD)
3751 _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry),
3752 dp, sizeof(TIFFDirEntry) );
3753 #else
3754 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount))
3755 goto bad;
3756 #endif
3757 break;
3758 case TIFFTAG_COLORMAP:
3759 case TIFFTAG_TRANSFERFUNCTION:
3760 {
3761 enum TIFFReadDirEntryErr err;
3762 uint32 countpersample;
3763 uint32 countrequired;
3764 uint32 incrementpersample;
3765 uint16* value=NULL;
3766 countpersample=(1L<<tif->tif_dir.td_bitspersample);
3767 if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
3768 {
3769 countrequired=countpersample;
3770 incrementpersample=0;
3771 }
3772 else
3773 {
3774 countrequired=3*countpersample;
3775 incrementpersample=countpersample;
3776 }
3777 if (dp->tdir_count!=(uint64)countrequired)
3778 err=TIFFReadDirEntryErrCount;
3779 else
3780 err=TIFFReadDirEntryShortArray(tif,dp,&value);
3781 if (err!=TIFFReadDirEntryErrOk)
3782 {
3783 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3784 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1);
3785 }
3786 else
3787 {
3788 TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample);
3789 _TIFFfree(value);
3790 }
3791 }
3792 break;
3793 /* BEGIN REV 4.0 COMPATIBILITY */
3794 case TIFFTAG_OSUBFILETYPE:
3795 {
3796 uint16 valueo;
3797 uint32 value;
3798 if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk)
3799 {
3800 switch (valueo)
3801 {
3802 case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break;
3803 case OFILETYPE_PAGE: value=FILETYPE_PAGE; break;
3804 default: value=0; break;
3805 }
3806 if (value!=0)
3807 TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value);
3808 }
3809 }
3810 break;
3811 /* END REV 4.0 COMPATIBILITY */
3812 default:
3813 (void) TIFFFetchNormalTag(tif, dp, TRUE);
3814 break;
3815 }
3816 }
3817 /*
3818 * OJPEG hack:
3819 * - If a) compression is OJPEG, and b) photometric tag is missing,
3820 * then we consistently find that photometric should be YCbCr
3821 * - If a) compression is OJPEG, and b) photometric tag says it's RGB,
3822 * then we consistently find that the buggy implementation of the
3823 * buggy compression scheme matches photometric YCbCr instead.
3824 * - If a) compression is OJPEG, and b) bitspersample tag is missing,
3825 * then we consistently find bitspersample should be 8.
3826 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3827 * and c) photometric is RGB or YCbCr, then we consistently find
3828 * samplesperpixel should be 3
3829 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3830 * and c) photometric is MINISWHITE or MINISBLACK, then we consistently
3831 * find samplesperpixel should be 3
3832 */
3833 if (tif->tif_dir.td_compression==COMPRESSION_OJPEG)
3834 {
3835 if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC))
3836 {
3837 TIFFWarningExt(tif->tif_clientdata, module,
3838 "Photometric tag is missing, assuming data is YCbCr");
3839 if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR))
3840 goto bad;
3841 }
3842 else if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
3843 {
3844 tif->tif_dir.td_photometric=PHOTOMETRIC_YCBCR;
3845 TIFFWarningExt(tif->tif_clientdata, module,
3846 "Photometric tag value assumed incorrect, "
3847 "assuming data is YCbCr instead of RGB");
3848 }
3849 if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE))
3850 {
3851 TIFFWarningExt(tif->tif_clientdata,module,
3852 "BitsPerSample tag is missing, assuming 8 bits per sample");
3853 if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8))
3854 goto bad;
3855 }
3856 if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL))
3857 {
3858 if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
3859 {
3860 TIFFWarningExt(tif->tif_clientdata,module,
3861 "SamplesPerPixel tag is missing, "
3862 "assuming correct SamplesPerPixel value is 3");
3863 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
3864 goto bad;
3865 }
3866 if (tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR)
3867 {
3868 TIFFWarningExt(tif->tif_clientdata,module,
3869 "SamplesPerPixel tag is missing, "
3870 "applying correct SamplesPerPixel value of 3");
3871 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
3872 goto bad;
3873 }
3874 else if ((tif->tif_dir.td_photometric==PHOTOMETRIC_MINISWHITE)
3875 || (tif->tif_dir.td_photometric==PHOTOMETRIC_MINISBLACK))
3876 {
3877 /*
3878 * SamplesPerPixel tag is missing, but is not required
3879 * by spec. Assume correct SamplesPerPixel value of 1.
3880 */
3881 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1))
3882 goto bad;
3883 }
3884 }
3885 }
3886 /*
3887 * Verify Palette image has a Colormap.
3888 */
3889 if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE &&
3890 !TIFFFieldSet(tif, FIELD_COLORMAP)) {
3891 if ( tif->tif_dir.td_bitspersample>=8 && tif->tif_dir.td_samplesperpixel==3)
3892 tif->tif_dir.td_photometric = PHOTOMETRIC_RGB;
3893 else if (tif->tif_dir.td_bitspersample>=8)
3894 tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK;
3895 else {
3896 MissingRequired(tif, "Colormap");
3897 goto bad;
3898 }
3899 }
3900 /*
3901 * OJPEG hack:
3902 * We do no further messing with strip/tile offsets/bytecounts in OJPEG
3903 * TIFFs
3904 */
3905 if (tif->tif_dir.td_compression!=COMPRESSION_OJPEG)
3906 {
3907 /*
3908 * Attempt to deal with a missing StripByteCounts tag.
3909 */
3910 if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) {
3911 /*
3912 * Some manufacturers violate the spec by not giving
3913 * the size of the strips. In this case, assume there
3914 * is one uncompressed strip of data.
3915 */
3916 if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG &&
3917 tif->tif_dir.td_nstrips > 1) ||
3918 (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE &&
3919 tif->tif_dir.td_nstrips != (uint32)tif->tif_dir.td_samplesperpixel)) {
3920 MissingRequired(tif, "StripByteCounts");
3921 goto bad;
3922 }
3923 TIFFWarningExt(tif->tif_clientdata, module,
3924 "TIFF directory is missing required "
3925 "\"StripByteCounts\" field, calculating from imagelength");
3926 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
3927 goto bad;
3928 /*
3929 * Assume we have wrong StripByteCount value (in case
3930 * of single strip) in following cases:
3931 * - it is equal to zero along with StripOffset;
3932 * - it is larger than file itself (in case of uncompressed
3933 * image);
3934 * - it is smaller than the size of the bytes per row
3935 * multiplied on the number of rows. The last case should
3936 * not be checked in the case of writing new image,
3937 * because we may do not know the exact strip size
3938 * until the whole image will be written and directory
3939 * dumped out.
3940 */
3941 #define BYTECOUNTLOOKSBAD \
3942 ( (tif->tif_dir.td_stripbytecount[0] == 0 && tif->tif_dir.td_stripoffset[0] != 0) || \
3943 (tif->tif_dir.td_compression == COMPRESSION_NONE && \
3944 tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) || \
3945 (tif->tif_mode == O_RDONLY && \
3946 tif->tif_dir.td_compression == COMPRESSION_NONE && \
3947 tif->tif_dir.td_stripbytecount[0] < TIFFScanlineSize64(tif) * tif->tif_dir.td_imagelength) )
3948
3949 } else if (tif->tif_dir.td_nstrips == 1
3950 && _TIFFFillStriles(tif)
3951 && tif->tif_dir.td_stripoffset[0] != 0
3952 && BYTECOUNTLOOKSBAD) {
3953 /*
3954 * XXX: Plexus (and others) sometimes give a value of
3955 * zero for a tag when they don't know what the
3956 * correct value is! Try and handle the simple case
3957 * of estimating the size of a one strip image.
3958 */
3959 TIFFWarningExt(tif->tif_clientdata, module,
3960 "Bogus \"StripByteCounts\" field, ignoring and calculating from imagelength");
3961 if(EstimateStripByteCounts(tif, dir, dircount) < 0)
3962 goto bad;
3963
3964 #if !defined(DEFER_STRILE_LOAD)
3965 } else if (tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG
3966 && tif->tif_dir.td_nstrips > 2
3967 && tif->tif_dir.td_compression == COMPRESSION_NONE
3968 && tif->tif_dir.td_stripbytecount[0] != tif->tif_dir.td_stripbytecount[1]
3969 && tif->tif_dir.td_stripbytecount[0] != 0
3970 && tif->tif_dir.td_stripbytecount[1] != 0 ) {
3971 /*
3972 * XXX: Some vendors fill StripByteCount array with
3973 * absolutely wrong values (it can be equal to
3974 * StripOffset array, for example). Catch this case
3975 * here.
3976 *
3977 * We avoid this check if deferring strile loading
3978 * as it would always force us to load the strip/tile
3979 * information.
3980 */
3981 TIFFWarningExt(tif->tif_clientdata, module,
3982 "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength");
3983 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
3984 goto bad;
3985 #endif /* !defined(DEFER_STRILE_LOAD) */
3986 }
3987 }
3988 if (dir)
3989 {
3990 _TIFFfree(dir);
3991 dir=NULL;
3992 }
3993 if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE))
3994 {
3995 if (tif->tif_dir.td_bitspersample>=16)
3996 tif->tif_dir.td_maxsamplevalue=0xFFFF;
3997 else
3998 tif->tif_dir.td_maxsamplevalue = (uint16)((1L<<tif->tif_dir.td_bitspersample)-1);
3999 }
4000 /*
4001 * XXX: We can optimize checking for the strip bounds using the sorted
4002 * bytecounts array. See also comments for TIFFAppendToStrip()
4003 * function in tif_write.c.
4004 */
4005 #if !defined(DEFER_STRILE_LOAD)
4006 if (tif->tif_dir.td_nstrips > 1) {
4007 uint32 strip;
4008
4009 tif->tif_dir.td_stripbytecountsorted = 1;
4010 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
4011 if (tif->tif_dir.td_stripoffset[strip - 1] >
4012 tif->tif_dir.td_stripoffset[strip]) {
4013 tif->tif_dir.td_stripbytecountsorted = 0;
4014 break;
4015 }
4016 }
4017 }
4018 #endif /* !defined(DEFER_STRILE_LOAD) */
4019
4020 /*
4021 * An opportunity for compression mode dependent tag fixup
4022 */
4023 (*tif->tif_fixuptags)(tif);
4024
4025 /*
4026 * Some manufacturers make life difficult by writing
4027 * large amounts of uncompressed data as a single strip.
4028 * This is contrary to the recommendations of the spec.
4029 * The following makes an attempt at breaking such images
4030 * into strips closer to the recommended 8k bytes. A
4031 * side effect, however, is that the RowsPerStrip tag
4032 * value may be changed.
4033 */
4034 if ((tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&&
4035 (tif->tif_dir.td_nstrips==1)&&
4036 (tif->tif_dir.td_compression==COMPRESSION_NONE)&&
4037 ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP))
4038 {
4039 if ( !_TIFFFillStriles(tif) || !tif->tif_dir.td_stripbytecount )
4040 return 0;
4041 ChopUpSingleUncompressedStrip(tif);
4042 }
4043
4044 /*
4045 * Clear the dirty directory flag.
4046 */
4047 tif->tif_flags &= ~TIFF_DIRTYDIRECT;
4048 tif->tif_flags &= ~TIFF_DIRTYSTRIP;
4049
4050 /*
4051 * Reinitialize i/o since we are starting on a new directory.
4052 */
4053 tif->tif_row = (uint32) -1;
4054 tif->tif_curstrip = (uint32) -1;
4055 tif->tif_col = (uint32) -1;
4056 tif->tif_curtile = (uint32) -1;
4057 tif->tif_tilesize = (tmsize_t) -1;
4058
4059 tif->tif_scanlinesize = TIFFScanlineSize(tif);
4060 if (!tif->tif_scanlinesize) {
4061 TIFFErrorExt(tif->tif_clientdata, module,
4062 "Cannot handle zero scanline size");
4063 return (0);
4064 }
4065
4066 if (isTiled(tif)) {
4067 tif->tif_tilesize = TIFFTileSize(tif);
4068 if (!tif->tif_tilesize) {
4069 TIFFErrorExt(tif->tif_clientdata, module,
4070 "Cannot handle zero tile size");
4071 return (0);
4072 }
4073 } else {
4074 if (!TIFFStripSize(tif)) {
4075 TIFFErrorExt(tif->tif_clientdata, module,
4076 "Cannot handle zero strip size");
4077 return (0);
4078 }
4079 }
4080 return (1);
4081 bad:
4082 if (dir)
4083 _TIFFfree(dir);
4084 return (0);
4085 }
4086
4087 static void
TIFFReadDirectoryCheckOrder(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4088 TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4089 {
4090 static const char module[] = "TIFFReadDirectoryCheckOrder";
4091 uint16 m;
4092 uint16 n;
4093 TIFFDirEntry* o;
4094 m=0;
4095 for (n=0, o=dir; n<dircount; n++, o++)
4096 {
4097 if (o->tdir_tag<m)
4098 {
4099 TIFFWarningExt(tif->tif_clientdata,module,
4100 "Invalid TIFF directory; tags are not sorted in ascending order");
4101 break;
4102 }
4103 m=o->tdir_tag+1;
4104 }
4105 }
4106
4107 static TIFFDirEntry*
TIFFReadDirectoryFindEntry(TIFF * tif,TIFFDirEntry * dir,uint16 dircount,uint16 tagid)4108 TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid)
4109 {
4110 TIFFDirEntry* m;
4111 uint16 n;
4112 (void) tif;
4113 for (m=dir, n=0; n<dircount; m++, n++)
4114 {
4115 if (m->tdir_tag==tagid)
4116 return(m);
4117 }
4118 return(0);
4119 }
4120
4121 static void
TIFFReadDirectoryFindFieldInfo(TIFF * tif,uint16 tagid,uint32 * fii)4122 TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii)
4123 {
4124 int32 ma,mb,mc;
4125 ma=-1;
4126 mc=(int32)tif->tif_nfields;
4127 while (1)
4128 {
4129 if (ma+1==mc)
4130 {
4131 *fii = FAILED_FII;
4132 return;
4133 }
4134 mb=(ma+mc)/2;
4135 if (tif->tif_fields[mb]->field_tag==(uint32)tagid)
4136 break;
4137 if (tif->tif_fields[mb]->field_tag<(uint32)tagid)
4138 ma=mb;
4139 else
4140 mc=mb;
4141 }
4142 while (1)
4143 {
4144 if (mb==0)
4145 break;
4146 if (tif->tif_fields[mb-1]->field_tag!=(uint32)tagid)
4147 break;
4148 mb--;
4149 }
4150 *fii=mb;
4151 }
4152
4153 /*
4154 * Read custom directory from the arbitarry offset.
4155 * The code is very similar to TIFFReadDirectory().
4156 */
4157 int
TIFFReadCustomDirectory(TIFF * tif,toff_t diroff,const TIFFFieldArray * infoarray)4158 TIFFReadCustomDirectory(TIFF* tif, toff_t diroff,
4159 const TIFFFieldArray* infoarray)
4160 {
4161 static const char module[] = "TIFFReadCustomDirectory";
4162 TIFFDirEntry* dir;
4163 uint16 dircount;
4164 TIFFDirEntry* dp;
4165 uint16 di;
4166 const TIFFField* fip;
4167 uint32 fii;
4168 _TIFFSetupFields(tif, infoarray);
4169 dircount=TIFFFetchDirectory(tif,diroff,&dir,NULL);
4170 if (!dircount)
4171 {
4172 TIFFErrorExt(tif->tif_clientdata,module,
4173 "Failed to read custom directory at offset " TIFF_UINT64_FORMAT,diroff);
4174 return 0;
4175 }
4176 TIFFFreeDirectory(tif);
4177 _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory));
4178 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
4179 for (di=0, dp=dir; di<dircount; di++, dp++)
4180 {
4181 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4182 if (fii == FAILED_FII)
4183 {
4184 TIFFWarningExt(tif->tif_clientdata, module,
4185 "Unknown field with tag %d (0x%x) encountered",
4186 dp->tdir_tag, dp->tdir_tag);
4187 if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif,
4188 dp->tdir_tag,
4189 (TIFFDataType) dp->tdir_type),
4190 1)) {
4191 TIFFWarningExt(tif->tif_clientdata, module,
4192 "Registering anonymous field with tag %d (0x%x) failed",
4193 dp->tdir_tag, dp->tdir_tag);
4194 dp->tdir_tag=IGNORE;
4195 } else {
4196 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4197 assert( fii != FAILED_FII );
4198 }
4199 }
4200 if (dp->tdir_tag!=IGNORE)
4201 {
4202 fip=tif->tif_fields[fii];
4203 if (fip->field_bit==FIELD_IGNORE)
4204 dp->tdir_tag=IGNORE;
4205 else
4206 {
4207 /* check data type */
4208 while ((fip->field_type!=TIFF_ANY)&&(fip->field_type!=dp->tdir_type))
4209 {
4210 fii++;
4211 if ((fii==tif->tif_nfields)||
4212 (tif->tif_fields[fii]->field_tag!=(uint32)dp->tdir_tag))
4213 {
4214 fii=0xFFFF;
4215 break;
4216 }
4217 fip=tif->tif_fields[fii];
4218 }
4219 if (fii==0xFFFF)
4220 {
4221 TIFFWarningExt(tif->tif_clientdata, module,
4222 "Wrong data type %d for \"%s\"; tag ignored",
4223 dp->tdir_type,fip->field_name);
4224 dp->tdir_tag=IGNORE;
4225 }
4226 else
4227 {
4228 /* check count if known in advance */
4229 if ((fip->field_readcount!=TIFF_VARIABLE)&&
4230 (fip->field_readcount!=TIFF_VARIABLE2))
4231 {
4232 uint32 expected;
4233 if (fip->field_readcount==TIFF_SPP)
4234 expected=(uint32)tif->tif_dir.td_samplesperpixel;
4235 else
4236 expected=(uint32)fip->field_readcount;
4237 if (!CheckDirCount(tif,dp,expected))
4238 dp->tdir_tag=IGNORE;
4239 }
4240 }
4241 }
4242 switch (dp->tdir_tag)
4243 {
4244 case IGNORE:
4245 break;
4246 case EXIFTAG_SUBJECTDISTANCE:
4247 (void) TIFFFetchSubjectDistance(tif,dp);
4248 break;
4249 default:
4250 (void) TIFFFetchNormalTag(tif, dp, TRUE);
4251 break;
4252 }
4253 }
4254 }
4255 if (dir)
4256 _TIFFfree(dir);
4257 return 1;
4258 }
4259
4260 /*
4261 * EXIF is important special case of custom IFD, so we have a special
4262 * function to read it.
4263 */
4264 int
TIFFReadEXIFDirectory(TIFF * tif,toff_t diroff)4265 TIFFReadEXIFDirectory(TIFF* tif, toff_t diroff)
4266 {
4267 const TIFFFieldArray* exifFieldArray;
4268 exifFieldArray = _TIFFGetExifFields();
4269 return TIFFReadCustomDirectory(tif, diroff, exifFieldArray);
4270 }
4271
4272 static int
EstimateStripByteCounts(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4273 EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4274 {
4275 static const char module[] = "EstimateStripByteCounts";
4276
4277 TIFFDirEntry *dp;
4278 TIFFDirectory *td = &tif->tif_dir;
4279 uint32 strip;
4280
4281 _TIFFFillStriles( tif );
4282
4283 if (td->td_stripbytecount)
4284 _TIFFfree(td->td_stripbytecount);
4285 td->td_stripbytecount = (uint64*)
4286 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
4287 "for \"StripByteCounts\" array");
4288 if( td->td_stripbytecount == NULL )
4289 return -1;
4290
4291 if (td->td_compression != COMPRESSION_NONE) {
4292 uint64 space;
4293 uint64 filesize;
4294 uint16 n;
4295 filesize = TIFFGetFileSize(tif);
4296 if (!(tif->tif_flags&TIFF_BIGTIFF))
4297 space=sizeof(TIFFHeaderClassic)+2+dircount*12+4;
4298 else
4299 space=sizeof(TIFFHeaderBig)+8+dircount*20+8;
4300 /* calculate amount of space used by indirect values */
4301 for (dp = dir, n = dircount; n > 0; n--, dp++)
4302 {
4303 uint32 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4304 uint64 datasize;
4305 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4306 if (typewidth == 0) {
4307 TIFFErrorExt(tif->tif_clientdata, module,
4308 "Cannot determine size of unknown tag type %d",
4309 dp->tdir_type);
4310 return -1;
4311 }
4312 datasize=(uint64)typewidth*dp->tdir_count;
4313 if (!(tif->tif_flags&TIFF_BIGTIFF))
4314 {
4315 if (datasize<=4)
4316 datasize=0;
4317 }
4318 else
4319 {
4320 if (datasize<=8)
4321 datasize=0;
4322 }
4323 space+=datasize;
4324 }
4325 space = filesize - space;
4326 if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
4327 space /= td->td_samplesperpixel;
4328 for (strip = 0; strip < td->td_nstrips; strip++)
4329 td->td_stripbytecount[strip] = space;
4330 /*
4331 * This gross hack handles the case were the offset to
4332 * the last strip is past the place where we think the strip
4333 * should begin. Since a strip of data must be contiguous,
4334 * it's safe to assume that we've overestimated the amount
4335 * of data in the strip and trim this number back accordingly.
4336 */
4337 strip--;
4338 if (td->td_stripoffset[strip]+td->td_stripbytecount[strip] > filesize)
4339 td->td_stripbytecount[strip] = filesize - td->td_stripoffset[strip];
4340 } else if (isTiled(tif)) {
4341 uint64 bytespertile = TIFFTileSize64(tif);
4342
4343 for (strip = 0; strip < td->td_nstrips; strip++)
4344 td->td_stripbytecount[strip] = bytespertile;
4345 } else {
4346 uint64 rowbytes = TIFFScanlineSize64(tif);
4347 uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage;
4348 for (strip = 0; strip < td->td_nstrips; strip++)
4349 td->td_stripbytecount[strip] = rowbytes * rowsperstrip;
4350 }
4351 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS);
4352 if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP))
4353 td->td_rowsperstrip = td->td_imagelength;
4354 return 1;
4355 }
4356
4357 static void
MissingRequired(TIFF * tif,const char * tagname)4358 MissingRequired(TIFF* tif, const char* tagname)
4359 {
4360 static const char module[] = "MissingRequired";
4361
4362 TIFFErrorExt(tif->tif_clientdata, module,
4363 "TIFF directory is missing required \"%s\" field",
4364 tagname);
4365 }
4366
4367 /*
4368 * Check the directory offset against the list of already seen directory
4369 * offsets. This is a trick to prevent IFD looping. The one can create TIFF
4370 * file with looped directory pointers. We will maintain a list of already
4371 * seen directories and check every IFD offset against that list.
4372 */
4373 static int
TIFFCheckDirOffset(TIFF * tif,uint64 diroff)4374 TIFFCheckDirOffset(TIFF* tif, uint64 diroff)
4375 {
4376 uint16 n;
4377
4378 if (diroff == 0) /* no more directories */
4379 return 0;
4380
4381 for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) {
4382 if (tif->tif_dirlist[n] == diroff)
4383 return 0;
4384 }
4385
4386 tif->tif_dirnumber++;
4387
4388 if (tif->tif_dirnumber > tif->tif_dirlistsize) {
4389 uint64* new_dirlist;
4390
4391 /*
4392 * XXX: Reduce memory allocation granularity of the dirlist
4393 * array.
4394 */
4395 new_dirlist = (uint64*)_TIFFCheckRealloc(tif, tif->tif_dirlist,
4396 tif->tif_dirnumber, 2 * sizeof(uint64), "for IFD list");
4397 if (!new_dirlist)
4398 return 0;
4399 tif->tif_dirlistsize = 2 * tif->tif_dirnumber;
4400 tif->tif_dirlist = new_dirlist;
4401 }
4402
4403 tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff;
4404
4405 return 1;
4406 }
4407
4408 /*
4409 * Check the count field of a directory entry against a known value. The
4410 * caller is expected to skip/ignore the tag if there is a mismatch.
4411 */
4412 static int
CheckDirCount(TIFF * tif,TIFFDirEntry * dir,uint32 count)4413 CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count)
4414 {
4415 if ((uint64)count > dir->tdir_count) {
4416 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4417 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4418 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag ignored",
4419 fip ? fip->field_name : "unknown tagname",
4420 dir->tdir_count, count);
4421 return (0);
4422 } else if ((uint64)count < dir->tdir_count) {
4423 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4424 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4425 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag trimmed",
4426 fip ? fip->field_name : "unknown tagname",
4427 dir->tdir_count, count);
4428 dir->tdir_count = count;
4429 return (1);
4430 }
4431 return (1);
4432 }
4433
4434 /*
4435 * Read IFD structure from the specified offset. If the pointer to
4436 * nextdiroff variable has been specified, read it too. Function returns a
4437 * number of fields in the directory or 0 if failed.
4438 */
4439 static uint16
TIFFFetchDirectory(TIFF * tif,uint64 diroff,TIFFDirEntry ** pdir,uint64 * nextdiroff)4440 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
4441 uint64 *nextdiroff)
4442 {
4443 static const char module[] = "TIFFFetchDirectory";
4444
4445 void* origdir;
4446 uint16 dircount16;
4447 uint32 dirsize;
4448 TIFFDirEntry* dir;
4449 uint8* ma;
4450 TIFFDirEntry* mb;
4451 uint16 n;
4452
4453 assert(pdir);
4454
4455 tif->tif_diroff = diroff;
4456 if (nextdiroff)
4457 *nextdiroff = 0;
4458 if (!isMapped(tif)) {
4459 if (!SeekOK(tif, tif->tif_diroff)) {
4460 TIFFErrorExt(tif->tif_clientdata, module,
4461 "%s: Seek error accessing TIFF directory",
4462 tif->tif_name);
4463 return 0;
4464 }
4465 if (!(tif->tif_flags&TIFF_BIGTIFF))
4466 {
4467 if (!ReadOK(tif, &dircount16, sizeof (uint16))) {
4468 TIFFErrorExt(tif->tif_clientdata, module,
4469 "%s: Can not read TIFF directory count",
4470 tif->tif_name);
4471 return 0;
4472 }
4473 if (tif->tif_flags & TIFF_SWAB)
4474 TIFFSwabShort(&dircount16);
4475 if (dircount16>4096)
4476 {
4477 TIFFErrorExt(tif->tif_clientdata, module,
4478 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4479 return 0;
4480 }
4481 dirsize = 12;
4482 } else {
4483 uint64 dircount64;
4484 if (!ReadOK(tif, &dircount64, sizeof (uint64))) {
4485 TIFFErrorExt(tif->tif_clientdata, module,
4486 "%s: Can not read TIFF directory count",
4487 tif->tif_name);
4488 return 0;
4489 }
4490 if (tif->tif_flags & TIFF_SWAB)
4491 TIFFSwabLong8(&dircount64);
4492 if (dircount64>4096)
4493 {
4494 TIFFErrorExt(tif->tif_clientdata, module,
4495 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4496 return 0;
4497 }
4498 dircount16 = (uint16)dircount64;
4499 dirsize = 20;
4500 }
4501 origdir = _TIFFCheckMalloc(tif, dircount16,
4502 dirsize, "to read TIFF directory");
4503 if (origdir == NULL)
4504 return 0;
4505 if (!ReadOK(tif, origdir, (tmsize_t)(dircount16*dirsize))) {
4506 TIFFErrorExt(tif->tif_clientdata, module,
4507 "%.100s: Can not read TIFF directory",
4508 tif->tif_name);
4509 _TIFFfree(origdir);
4510 return 0;
4511 }
4512 /*
4513 * Read offset to next directory for sequential scans if
4514 * needed.
4515 */
4516 if (nextdiroff)
4517 {
4518 if (!(tif->tif_flags&TIFF_BIGTIFF))
4519 {
4520 uint32 nextdiroff32;
4521 if (!ReadOK(tif, &nextdiroff32, sizeof(uint32)))
4522 nextdiroff32 = 0;
4523 if (tif->tif_flags&TIFF_SWAB)
4524 TIFFSwabLong(&nextdiroff32);
4525 *nextdiroff=nextdiroff32;
4526 } else {
4527 if (!ReadOK(tif, nextdiroff, sizeof(uint64)))
4528 *nextdiroff = 0;
4529 if (tif->tif_flags&TIFF_SWAB)
4530 TIFFSwabLong8(nextdiroff);
4531 }
4532 }
4533 } else {
4534 tmsize_t m;
4535 tmsize_t off = (tmsize_t) tif->tif_diroff;
4536 if ((uint64)off!=tif->tif_diroff)
4537 {
4538 TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count");
4539 return(0);
4540 }
4541
4542 /*
4543 * Check for integer overflow when validating the dir_off,
4544 * otherwise a very high offset may cause an OOB read and
4545 * crash the client. Make two comparisons instead of
4546 *
4547 * off + sizeof(uint16) > tif->tif_size
4548 *
4549 * to avoid overflow.
4550 */
4551 if (!(tif->tif_flags&TIFF_BIGTIFF))
4552 {
4553 m=off+sizeof(uint16);
4554 if ((m<off)||(m<(tmsize_t)sizeof(uint16))||(m>tif->tif_size)) {
4555 TIFFErrorExt(tif->tif_clientdata, module,
4556 "Can not read TIFF directory count");
4557 return 0;
4558 } else {
4559 _TIFFmemcpy(&dircount16, tif->tif_base + off,
4560 sizeof(uint16));
4561 }
4562 off += sizeof (uint16);
4563 if (tif->tif_flags & TIFF_SWAB)
4564 TIFFSwabShort(&dircount16);
4565 if (dircount16>4096)
4566 {
4567 TIFFErrorExt(tif->tif_clientdata, module,
4568 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4569 return 0;
4570 }
4571 dirsize = 12;
4572 }
4573 else
4574 {
4575 tmsize_t m;
4576 uint64 dircount64;
4577 m=off+sizeof(uint64);
4578 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size)) {
4579 TIFFErrorExt(tif->tif_clientdata, module,
4580 "Can not read TIFF directory count");
4581 return 0;
4582 } else {
4583 _TIFFmemcpy(&dircount64, tif->tif_base + off,
4584 sizeof(uint64));
4585 }
4586 off += sizeof (uint64);
4587 if (tif->tif_flags & TIFF_SWAB)
4588 TIFFSwabLong8(&dircount64);
4589 if (dircount64>4096)
4590 {
4591 TIFFErrorExt(tif->tif_clientdata, module,
4592 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4593 return 0;
4594 }
4595 dircount16 = (uint16)dircount64;
4596 dirsize = 20;
4597 }
4598 if (dircount16 == 0 )
4599 {
4600 TIFFErrorExt(tif->tif_clientdata, module,
4601 "Sanity check on directory count failed, zero tag directories not supported");
4602 return 0;
4603 }
4604 origdir = _TIFFCheckMalloc(tif, dircount16,
4605 dirsize,
4606 "to read TIFF directory");
4607 if (origdir == NULL)
4608 return 0;
4609 m=off+dircount16*dirsize;
4610 if ((m<off)||(m<(tmsize_t)(dircount16*dirsize))||(m>tif->tif_size)) {
4611 TIFFErrorExt(tif->tif_clientdata, module,
4612 "Can not read TIFF directory");
4613 _TIFFfree(origdir);
4614 return 0;
4615 } else {
4616 _TIFFmemcpy(origdir, tif->tif_base + off,
4617 dircount16 * dirsize);
4618 }
4619 if (nextdiroff) {
4620 off += dircount16 * dirsize;
4621 if (!(tif->tif_flags&TIFF_BIGTIFF))
4622 {
4623 uint32 nextdiroff32;
4624 m=off+sizeof(uint32);
4625 if ((m<off)||(m<(tmsize_t)sizeof(uint32))||(m>tif->tif_size))
4626 nextdiroff32 = 0;
4627 else
4628 _TIFFmemcpy(&nextdiroff32, tif->tif_base + off,
4629 sizeof (uint32));
4630 if (tif->tif_flags&TIFF_SWAB)
4631 TIFFSwabLong(&nextdiroff32);
4632 *nextdiroff = nextdiroff32;
4633 }
4634 else
4635 {
4636 m=off+sizeof(uint64);
4637 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size))
4638 *nextdiroff = 0;
4639 else
4640 _TIFFmemcpy(nextdiroff, tif->tif_base + off,
4641 sizeof (uint64));
4642 if (tif->tif_flags&TIFF_SWAB)
4643 TIFFSwabLong8(nextdiroff);
4644 }
4645 }
4646 }
4647 dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16,
4648 sizeof(TIFFDirEntry),
4649 "to read TIFF directory");
4650 if (dir==0)
4651 {
4652 _TIFFfree(origdir);
4653 return 0;
4654 }
4655 ma=(uint8*)origdir;
4656 mb=dir;
4657 for (n=0; n<dircount16; n++)
4658 {
4659 if (tif->tif_flags&TIFF_SWAB)
4660 TIFFSwabShort((uint16*)ma);
4661 mb->tdir_tag=*(uint16*)ma;
4662 ma+=sizeof(uint16);
4663 if (tif->tif_flags&TIFF_SWAB)
4664 TIFFSwabShort((uint16*)ma);
4665 mb->tdir_type=*(uint16*)ma;
4666 ma+=sizeof(uint16);
4667 if (!(tif->tif_flags&TIFF_BIGTIFF))
4668 {
4669 if (tif->tif_flags&TIFF_SWAB)
4670 TIFFSwabLong((uint32*)ma);
4671 mb->tdir_count=(uint64)(*(uint32*)ma);
4672 ma+=sizeof(uint32);
4673 *(uint32*)(&mb->tdir_offset)=*(uint32*)ma;
4674 ma+=sizeof(uint32);
4675 }
4676 else
4677 {
4678 if (tif->tif_flags&TIFF_SWAB)
4679 TIFFSwabLong8((uint64*)ma);
4680 mb->tdir_count=TIFFReadUInt64(ma);
4681 ma+=sizeof(uint64);
4682 mb->tdir_offset.toff_long8=TIFFReadUInt64(ma);
4683 ma+=sizeof(uint64);
4684 }
4685 mb++;
4686 }
4687 _TIFFfree(origdir);
4688 *pdir = dir;
4689 return dircount16;
4690 }
4691
4692 /*
4693 * Fetch a tag that is not handled by special case code.
4694 */
4695 static int
TIFFFetchNormalTag(TIFF * tif,TIFFDirEntry * dp,int recover)4696 TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
4697 {
4698 static const char module[] = "TIFFFetchNormalTag";
4699 enum TIFFReadDirEntryErr err;
4700 uint32 fii;
4701 const TIFFField* fip = NULL;
4702 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4703 if( fii == FAILED_FII )
4704 {
4705 TIFFErrorExt(tif->tif_clientdata, "TIFFFetchNormalTag",
4706 "No definition found for tag %d",
4707 dp->tdir_tag);
4708 return 0;
4709 }
4710 fip=tif->tif_fields[fii];
4711 assert(fip->set_field_type!=TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with this in specialized code */
4712 assert(fip->set_field_type!=TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only the case for pseudo-tags */
4713 err=TIFFReadDirEntryErrOk;
4714 switch (fip->set_field_type)
4715 {
4716 case TIFF_SETGET_UNDEFINED:
4717 break;
4718 case TIFF_SETGET_ASCII:
4719 {
4720 uint8* data;
4721 assert(fip->field_passcount==0);
4722 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4723 if (err==TIFFReadDirEntryErrOk)
4724 {
4725 uint8* ma;
4726 uint32 mb;
4727 int n;
4728 ma=data;
4729 mb=0;
4730 while (mb<(uint32)dp->tdir_count)
4731 {
4732 if (*ma==0)
4733 break;
4734 ma++;
4735 mb++;
4736 }
4737 if (mb+1<(uint32)dp->tdir_count)
4738 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" contains null byte in value; value incorrectly truncated during reading due to implementation limitations",fip->field_name);
4739 else if (mb+1>(uint32)dp->tdir_count)
4740 {
4741 uint8* o;
4742 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte",fip->field_name);
4743 if ((uint32)dp->tdir_count+1!=dp->tdir_count+1)
4744 o=NULL;
4745 else
4746 o=_TIFFmalloc((uint32)dp->tdir_count+1);
4747 if (o==NULL)
4748 {
4749 if (data!=NULL)
4750 _TIFFfree(data);
4751 return(0);
4752 }
4753 _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
4754 o[(uint32)dp->tdir_count]=0;
4755 if (data!=0)
4756 _TIFFfree(data);
4757 data=o;
4758 }
4759 n=TIFFSetField(tif,dp->tdir_tag,data);
4760 if (data!=0)
4761 _TIFFfree(data);
4762 if (!n)
4763 return(0);
4764 }
4765 }
4766 break;
4767 case TIFF_SETGET_UINT8:
4768 {
4769 uint8 data=0;
4770 assert(fip->field_readcount==1);
4771 assert(fip->field_passcount==0);
4772 err=TIFFReadDirEntryByte(tif,dp,&data);
4773 if (err==TIFFReadDirEntryErrOk)
4774 {
4775 if (!TIFFSetField(tif,dp->tdir_tag,data))
4776 return(0);
4777 }
4778 }
4779 break;
4780 case TIFF_SETGET_UINT16:
4781 {
4782 uint16 data;
4783 assert(fip->field_readcount==1);
4784 assert(fip->field_passcount==0);
4785 err=TIFFReadDirEntryShort(tif,dp,&data);
4786 if (err==TIFFReadDirEntryErrOk)
4787 {
4788 if (!TIFFSetField(tif,dp->tdir_tag,data))
4789 return(0);
4790 }
4791 }
4792 break;
4793 case TIFF_SETGET_UINT32:
4794 {
4795 uint32 data;
4796 assert(fip->field_readcount==1);
4797 assert(fip->field_passcount==0);
4798 err=TIFFReadDirEntryLong(tif,dp,&data);
4799 if (err==TIFFReadDirEntryErrOk)
4800 {
4801 if (!TIFFSetField(tif,dp->tdir_tag,data))
4802 return(0);
4803 }
4804 }
4805 break;
4806 case TIFF_SETGET_UINT64:
4807 {
4808 uint64 data;
4809 assert(fip->field_readcount==1);
4810 assert(fip->field_passcount==0);
4811 err=TIFFReadDirEntryLong8(tif,dp,&data);
4812 if (err==TIFFReadDirEntryErrOk)
4813 {
4814 if (!TIFFSetField(tif,dp->tdir_tag,data))
4815 return(0);
4816 }
4817 }
4818 break;
4819 case TIFF_SETGET_FLOAT:
4820 {
4821 float data;
4822 assert(fip->field_readcount==1);
4823 assert(fip->field_passcount==0);
4824 err=TIFFReadDirEntryFloat(tif,dp,&data);
4825 if (err==TIFFReadDirEntryErrOk)
4826 {
4827 if (!TIFFSetField(tif,dp->tdir_tag,data))
4828 return(0);
4829 }
4830 }
4831 break;
4832 case TIFF_SETGET_DOUBLE:
4833 {
4834 double data;
4835 assert(fip->field_readcount==1);
4836 assert(fip->field_passcount==0);
4837 err=TIFFReadDirEntryDouble(tif,dp,&data);
4838 if (err==TIFFReadDirEntryErrOk)
4839 {
4840 if (!TIFFSetField(tif,dp->tdir_tag,data))
4841 return(0);
4842 }
4843 }
4844 break;
4845 case TIFF_SETGET_IFD8:
4846 {
4847 uint64 data;
4848 assert(fip->field_readcount==1);
4849 assert(fip->field_passcount==0);
4850 err=TIFFReadDirEntryIfd8(tif,dp,&data);
4851 if (err==TIFFReadDirEntryErrOk)
4852 {
4853 if (!TIFFSetField(tif,dp->tdir_tag,data))
4854 return(0);
4855 }
4856 }
4857 break;
4858 case TIFF_SETGET_UINT16_PAIR:
4859 {
4860 uint16* data;
4861 assert(fip->field_readcount==2);
4862 assert(fip->field_passcount==0);
4863 if (dp->tdir_count!=2) {
4864 TIFFWarningExt(tif->tif_clientdata,module,
4865 "incorrect count for field \"%s\", expected 2, got %d",
4866 fip->field_name,(int)dp->tdir_count);
4867 return(0);
4868 }
4869 err=TIFFReadDirEntryShortArray(tif,dp,&data);
4870 if (err==TIFFReadDirEntryErrOk)
4871 {
4872 int m;
4873 m=TIFFSetField(tif,dp->tdir_tag,data[0],data[1]);
4874 _TIFFfree(data);
4875 if (!m)
4876 return(0);
4877 }
4878 }
4879 break;
4880 case TIFF_SETGET_C0_UINT8:
4881 {
4882 uint8* data;
4883 assert(fip->field_readcount>=1);
4884 assert(fip->field_passcount==0);
4885 if (dp->tdir_count!=(uint64)fip->field_readcount) {
4886 TIFFWarningExt(tif->tif_clientdata,module,
4887 "incorrect count for field \"%s\", expected %d, got %d",
4888 fip->field_name,(int) fip->field_readcount, (int)dp->tdir_count);
4889 return 0;
4890 }
4891 else
4892 {
4893 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4894 if (err==TIFFReadDirEntryErrOk)
4895 {
4896 int m;
4897 m=TIFFSetField(tif,dp->tdir_tag,data);
4898 if (data!=0)
4899 _TIFFfree(data);
4900 if (!m)
4901 return(0);
4902 }
4903 }
4904 }
4905 break;
4906 case TIFF_SETGET_C0_UINT16:
4907 {
4908 uint16* data;
4909 assert(fip->field_readcount>=1);
4910 assert(fip->field_passcount==0);
4911 if (dp->tdir_count!=(uint64)fip->field_readcount)
4912 /* corrupt file */;
4913 else
4914 {
4915 err=TIFFReadDirEntryShortArray(tif,dp,&data);
4916 if (err==TIFFReadDirEntryErrOk)
4917 {
4918 int m;
4919 m=TIFFSetField(tif,dp->tdir_tag,data);
4920 if (data!=0)
4921 _TIFFfree(data);
4922 if (!m)
4923 return(0);
4924 }
4925 }
4926 }
4927 break;
4928 case TIFF_SETGET_C0_UINT32:
4929 {
4930 uint32* data;
4931 assert(fip->field_readcount>=1);
4932 assert(fip->field_passcount==0);
4933 if (dp->tdir_count!=(uint64)fip->field_readcount)
4934 /* corrupt file */;
4935 else
4936 {
4937 err=TIFFReadDirEntryLongArray(tif,dp,&data);
4938 if (err==TIFFReadDirEntryErrOk)
4939 {
4940 int m;
4941 m=TIFFSetField(tif,dp->tdir_tag,data);
4942 if (data!=0)
4943 _TIFFfree(data);
4944 if (!m)
4945 return(0);
4946 }
4947 }
4948 }
4949 break;
4950 case TIFF_SETGET_C0_FLOAT:
4951 {
4952 float* data;
4953 assert(fip->field_readcount>=1);
4954 assert(fip->field_passcount==0);
4955 if (dp->tdir_count!=(uint64)fip->field_readcount)
4956 /* corrupt file */;
4957 else
4958 {
4959 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
4960 if (err==TIFFReadDirEntryErrOk)
4961 {
4962 int m;
4963 m=TIFFSetField(tif,dp->tdir_tag,data);
4964 if (data!=0)
4965 _TIFFfree(data);
4966 if (!m)
4967 return(0);
4968 }
4969 }
4970 }
4971 break;
4972 case TIFF_SETGET_C16_ASCII:
4973 {
4974 uint8* data;
4975 assert(fip->field_readcount==TIFF_VARIABLE);
4976 assert(fip->field_passcount==1);
4977 if (dp->tdir_count>0xFFFF)
4978 err=TIFFReadDirEntryErrCount;
4979 else
4980 {
4981 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4982 if (err==TIFFReadDirEntryErrOk)
4983 {
4984 int m;
4985 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
4986 if (data!=0)
4987 _TIFFfree(data);
4988 if (!m)
4989 return(0);
4990 }
4991 }
4992 }
4993 break;
4994 case TIFF_SETGET_C16_UINT8:
4995 {
4996 uint8* data;
4997 assert(fip->field_readcount==TIFF_VARIABLE);
4998 assert(fip->field_passcount==1);
4999 if (dp->tdir_count>0xFFFF)
5000 err=TIFFReadDirEntryErrCount;
5001 else
5002 {
5003 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5004 if (err==TIFFReadDirEntryErrOk)
5005 {
5006 int m;
5007 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5008 if (data!=0)
5009 _TIFFfree(data);
5010 if (!m)
5011 return(0);
5012 }
5013 }
5014 }
5015 break;
5016 case TIFF_SETGET_C16_UINT16:
5017 {
5018 uint16* data;
5019 assert(fip->field_readcount==TIFF_VARIABLE);
5020 assert(fip->field_passcount==1);
5021 if (dp->tdir_count>0xFFFF)
5022 err=TIFFReadDirEntryErrCount;
5023 else
5024 {
5025 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5026 if (err==TIFFReadDirEntryErrOk)
5027 {
5028 int m;
5029 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5030 if (data!=0)
5031 _TIFFfree(data);
5032 if (!m)
5033 return(0);
5034 }
5035 }
5036 }
5037 break;
5038 case TIFF_SETGET_C16_UINT32:
5039 {
5040 uint32* data;
5041 assert(fip->field_readcount==TIFF_VARIABLE);
5042 assert(fip->field_passcount==1);
5043 if (dp->tdir_count>0xFFFF)
5044 err=TIFFReadDirEntryErrCount;
5045 else
5046 {
5047 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5048 if (err==TIFFReadDirEntryErrOk)
5049 {
5050 int m;
5051 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5052 if (data!=0)
5053 _TIFFfree(data);
5054 if (!m)
5055 return(0);
5056 }
5057 }
5058 }
5059 break;
5060 case TIFF_SETGET_C16_UINT64:
5061 {
5062 uint64* data;
5063 assert(fip->field_readcount==TIFF_VARIABLE);
5064 assert(fip->field_passcount==1);
5065 if (dp->tdir_count>0xFFFF)
5066 err=TIFFReadDirEntryErrCount;
5067 else
5068 {
5069 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5070 if (err==TIFFReadDirEntryErrOk)
5071 {
5072 int m;
5073 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5074 if (data!=0)
5075 _TIFFfree(data);
5076 if (!m)
5077 return(0);
5078 }
5079 }
5080 }
5081 break;
5082 case TIFF_SETGET_C16_FLOAT:
5083 {
5084 float* data;
5085 assert(fip->field_readcount==TIFF_VARIABLE);
5086 assert(fip->field_passcount==1);
5087 if (dp->tdir_count>0xFFFF)
5088 err=TIFFReadDirEntryErrCount;
5089 else
5090 {
5091 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5092 if (err==TIFFReadDirEntryErrOk)
5093 {
5094 int m;
5095 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5096 if (data!=0)
5097 _TIFFfree(data);
5098 if (!m)
5099 return(0);
5100 }
5101 }
5102 }
5103 break;
5104 case TIFF_SETGET_C16_DOUBLE:
5105 {
5106 double* data;
5107 assert(fip->field_readcount==TIFF_VARIABLE);
5108 assert(fip->field_passcount==1);
5109 if (dp->tdir_count>0xFFFF)
5110 err=TIFFReadDirEntryErrCount;
5111 else
5112 {
5113 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5114 if (err==TIFFReadDirEntryErrOk)
5115 {
5116 int m;
5117 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5118 if (data!=0)
5119 _TIFFfree(data);
5120 if (!m)
5121 return(0);
5122 }
5123 }
5124 }
5125 break;
5126 case TIFF_SETGET_C16_IFD8:
5127 {
5128 uint64* data;
5129 assert(fip->field_readcount==TIFF_VARIABLE);
5130 assert(fip->field_passcount==1);
5131 if (dp->tdir_count>0xFFFF)
5132 err=TIFFReadDirEntryErrCount;
5133 else
5134 {
5135 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5136 if (err==TIFFReadDirEntryErrOk)
5137 {
5138 int m;
5139 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5140 if (data!=0)
5141 _TIFFfree(data);
5142 if (!m)
5143 return(0);
5144 }
5145 }
5146 }
5147 break;
5148 case TIFF_SETGET_C32_ASCII:
5149 {
5150 uint8* data;
5151 assert(fip->field_readcount==TIFF_VARIABLE2);
5152 assert(fip->field_passcount==1);
5153 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5154 if (err==TIFFReadDirEntryErrOk)
5155 {
5156 int m;
5157 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5158 if (data!=0)
5159 _TIFFfree(data);
5160 if (!m)
5161 return(0);
5162 }
5163 }
5164 break;
5165 case TIFF_SETGET_C32_UINT8:
5166 {
5167 uint8* data;
5168 assert(fip->field_readcount==TIFF_VARIABLE2);
5169 assert(fip->field_passcount==1);
5170 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5171 if (err==TIFFReadDirEntryErrOk)
5172 {
5173 int m;
5174 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5175 if (data!=0)
5176 _TIFFfree(data);
5177 if (!m)
5178 return(0);
5179 }
5180 }
5181 break;
5182 case TIFF_SETGET_C32_SINT8:
5183 {
5184 int8* data = NULL;
5185 assert(fip->field_readcount==TIFF_VARIABLE2);
5186 assert(fip->field_passcount==1);
5187 err=TIFFReadDirEntrySbyteArray(tif,dp,&data);
5188 if (err==TIFFReadDirEntryErrOk)
5189 {
5190 int m;
5191 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5192 if (data!=0)
5193 _TIFFfree(data);
5194 if (!m)
5195 return(0);
5196 }
5197 }
5198 break;
5199 case TIFF_SETGET_C32_UINT16:
5200 {
5201 uint16* data;
5202 assert(fip->field_readcount==TIFF_VARIABLE2);
5203 assert(fip->field_passcount==1);
5204 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5205 if (err==TIFFReadDirEntryErrOk)
5206 {
5207 int m;
5208 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5209 if (data!=0)
5210 _TIFFfree(data);
5211 if (!m)
5212 return(0);
5213 }
5214 }
5215 break;
5216 case TIFF_SETGET_C32_SINT16:
5217 {
5218 int16* data = NULL;
5219 assert(fip->field_readcount==TIFF_VARIABLE2);
5220 assert(fip->field_passcount==1);
5221 err=TIFFReadDirEntrySshortArray(tif,dp,&data);
5222 if (err==TIFFReadDirEntryErrOk)
5223 {
5224 int m;
5225 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5226 if (data!=0)
5227 _TIFFfree(data);
5228 if (!m)
5229 return(0);
5230 }
5231 }
5232 break;
5233 case TIFF_SETGET_C32_UINT32:
5234 {
5235 uint32* data;
5236 assert(fip->field_readcount==TIFF_VARIABLE2);
5237 assert(fip->field_passcount==1);
5238 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5239 if (err==TIFFReadDirEntryErrOk)
5240 {
5241 int m;
5242 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5243 if (data!=0)
5244 _TIFFfree(data);
5245 if (!m)
5246 return(0);
5247 }
5248 }
5249 break;
5250 case TIFF_SETGET_C32_SINT32:
5251 {
5252 int32* data = NULL;
5253 assert(fip->field_readcount==TIFF_VARIABLE2);
5254 assert(fip->field_passcount==1);
5255 err=TIFFReadDirEntrySlongArray(tif,dp,&data);
5256 if (err==TIFFReadDirEntryErrOk)
5257 {
5258 int m;
5259 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5260 if (data!=0)
5261 _TIFFfree(data);
5262 if (!m)
5263 return(0);
5264 }
5265 }
5266 break;
5267 case TIFF_SETGET_C32_UINT64:
5268 {
5269 uint64* data;
5270 assert(fip->field_readcount==TIFF_VARIABLE2);
5271 assert(fip->field_passcount==1);
5272 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5273 if (err==TIFFReadDirEntryErrOk)
5274 {
5275 int m;
5276 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5277 if (data!=0)
5278 _TIFFfree(data);
5279 if (!m)
5280 return(0);
5281 }
5282 }
5283 break;
5284 case TIFF_SETGET_C32_SINT64:
5285 {
5286 int64* data = NULL;
5287 assert(fip->field_readcount==TIFF_VARIABLE2);
5288 assert(fip->field_passcount==1);
5289 err=TIFFReadDirEntrySlong8Array(tif,dp,&data);
5290 if (err==TIFFReadDirEntryErrOk)
5291 {
5292 int m;
5293 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5294 if (data!=0)
5295 _TIFFfree(data);
5296 if (!m)
5297 return(0);
5298 }
5299 }
5300 break;
5301 case TIFF_SETGET_C32_FLOAT:
5302 {
5303 float* data;
5304 assert(fip->field_readcount==TIFF_VARIABLE2);
5305 assert(fip->field_passcount==1);
5306 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5307 if (err==TIFFReadDirEntryErrOk)
5308 {
5309 int m;
5310 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5311 if (data!=0)
5312 _TIFFfree(data);
5313 if (!m)
5314 return(0);
5315 }
5316 }
5317 break;
5318 case TIFF_SETGET_C32_DOUBLE:
5319 {
5320 double* data;
5321 assert(fip->field_readcount==TIFF_VARIABLE2);
5322 assert(fip->field_passcount==1);
5323 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5324 if (err==TIFFReadDirEntryErrOk)
5325 {
5326 int m;
5327 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5328 if (data!=0)
5329 _TIFFfree(data);
5330 if (!m)
5331 return(0);
5332 }
5333 }
5334 break;
5335 case TIFF_SETGET_C32_IFD8:
5336 {
5337 uint64* data;
5338 assert(fip->field_readcount==TIFF_VARIABLE2);
5339 assert(fip->field_passcount==1);
5340 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5341 if (err==TIFFReadDirEntryErrOk)
5342 {
5343 int m;
5344 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5345 if (data!=0)
5346 _TIFFfree(data);
5347 if (!m)
5348 return(0);
5349 }
5350 }
5351 break;
5352 default:
5353 assert(0); /* we should never get here */
5354 break;
5355 }
5356 if (err!=TIFFReadDirEntryErrOk)
5357 {
5358 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",recover);
5359 return(0);
5360 }
5361 return(1);
5362 }
5363
5364 /*
5365 * Fetch a set of offsets or lengths.
5366 * While this routine says "strips", in fact it's also used for tiles.
5367 */
5368 static int
TIFFFetchStripThing(TIFF * tif,TIFFDirEntry * dir,uint32 nstrips,uint64 ** lpp)5369 TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
5370 {
5371 static const char module[] = "TIFFFetchStripThing";
5372 enum TIFFReadDirEntryErr err;
5373 uint64* data;
5374 err=TIFFReadDirEntryLong8Array(tif,dir,&data);
5375 if (err!=TIFFReadDirEntryErrOk)
5376 {
5377 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5378 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
5379 return(0);
5380 }
5381 if (dir->tdir_count!=(uint64)nstrips)
5382 {
5383 uint64* resizeddata;
5384 resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array");
5385 if (resizeddata==0) {
5386 _TIFFfree(data);
5387 return(0);
5388 }
5389 if (dir->tdir_count<(uint64)nstrips)
5390 {
5391 _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
5392 _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
5393 }
5394 else
5395 _TIFFmemcpy(resizeddata,data,nstrips*sizeof(uint64));
5396 _TIFFfree(data);
5397 data=resizeddata;
5398 }
5399 *lpp=data;
5400 return(1);
5401 }
5402
5403 /*
5404 * Fetch and set the SubjectDistance EXIF tag.
5405 */
5406 static int
TIFFFetchSubjectDistance(TIFF * tif,TIFFDirEntry * dir)5407 TIFFFetchSubjectDistance(TIFF* tif, TIFFDirEntry* dir)
5408 {
5409 static const char module[] = "TIFFFetchSubjectDistance";
5410 enum TIFFReadDirEntryErr err;
5411 UInt64Aligned_t m;
5412 m.l=0;
5413 assert(sizeof(double)==8);
5414 assert(sizeof(uint64)==8);
5415 assert(sizeof(uint32)==4);
5416 if (dir->tdir_count!=1)
5417 err=TIFFReadDirEntryErrCount;
5418 else if (dir->tdir_type!=TIFF_RATIONAL)
5419 err=TIFFReadDirEntryErrType;
5420 else
5421 {
5422 if (!(tif->tif_flags&TIFF_BIGTIFF))
5423 {
5424 uint32 offset;
5425 offset=*(uint32*)(&dir->tdir_offset);
5426 if (tif->tif_flags&TIFF_SWAB)
5427 TIFFSwabLong(&offset);
5428 err=TIFFReadDirEntryData(tif,offset,8,m.i);
5429 }
5430 else
5431 {
5432 m.l=dir->tdir_offset.toff_long8;
5433 err=TIFFReadDirEntryErrOk;
5434 }
5435 }
5436 if (err==TIFFReadDirEntryErrOk)
5437 {
5438 double n;
5439 if (tif->tif_flags&TIFF_SWAB)
5440 TIFFSwabArrayOfLong(m.i,2);
5441 if (m.i[0]==0)
5442 n=0.0;
5443 else if (m.i[0]==0xFFFFFFFF)
5444 /*
5445 * XXX: Numerator 0xFFFFFFFF means that we have infinite
5446 * distance. Indicate that with a negative floating point
5447 * SubjectDistance value.
5448 */
5449 n=-1.0;
5450 else
5451 n=(double)m.i[0]/(double)m.i[1];
5452 return(TIFFSetField(tif,dir->tdir_tag,n));
5453 }
5454 else
5455 {
5456 TIFFReadDirEntryOutputErr(tif,err,module,"SubjectDistance",TRUE);
5457 return(0);
5458 }
5459 }
5460
5461 /*
5462 * Replace a single strip (tile) of uncompressed data by multiple strips
5463 * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for
5464 * dealing with large images or for dealing with machines with a limited
5465 * amount memory.
5466 */
5467 static void
ChopUpSingleUncompressedStrip(TIFF * tif)5468 ChopUpSingleUncompressedStrip(TIFF* tif)
5469 {
5470 register TIFFDirectory *td = &tif->tif_dir;
5471 uint64 bytecount;
5472 uint64 offset;
5473 uint32 rowblock;
5474 uint64 rowblockbytes;
5475 uint64 stripbytes;
5476 uint32 strip;
5477 uint64 nstrips64;
5478 uint32 nstrips32;
5479 uint32 rowsperstrip;
5480 uint64* newcounts;
5481 uint64* newoffsets;
5482
5483 bytecount = td->td_stripbytecount[0];
5484 offset = td->td_stripoffset[0];
5485 assert(td->td_planarconfig == PLANARCONFIG_CONTIG);
5486 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&&
5487 (!isUpSampled(tif)))
5488 rowblock = td->td_ycbcrsubsampling[1];
5489 else
5490 rowblock = 1;
5491 rowblockbytes = TIFFVTileSize64(tif, rowblock);
5492 /*
5493 * Make the rows hold at least one scanline, but fill specified amount
5494 * of data if possible.
5495 */
5496 if (rowblockbytes > STRIP_SIZE_DEFAULT) {
5497 stripbytes = rowblockbytes;
5498 rowsperstrip = rowblock;
5499 } else if (rowblockbytes > 0 ) {
5500 uint32 rowblocksperstrip;
5501 rowblocksperstrip = (uint32) (STRIP_SIZE_DEFAULT / rowblockbytes);
5502 rowsperstrip = rowblocksperstrip * rowblock;
5503 stripbytes = rowblocksperstrip * rowblockbytes;
5504 }
5505 else
5506 return;
5507
5508 /*
5509 * never increase the number of strips in an image
5510 */
5511 if (rowsperstrip >= td->td_rowsperstrip)
5512 return;
5513 nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
5514 if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
5515 return;
5516 nstrips32 = (uint32)nstrips64;
5517
5518 newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
5519 "for chopped \"StripByteCounts\" array");
5520 newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
5521 "for chopped \"StripOffsets\" array");
5522 if (newcounts == NULL || newoffsets == NULL) {
5523 /*
5524 * Unable to allocate new strip information, give up and use
5525 * the original one strip information.
5526 */
5527 if (newcounts != NULL)
5528 _TIFFfree(newcounts);
5529 if (newoffsets != NULL)
5530 _TIFFfree(newoffsets);
5531 return;
5532 }
5533 /*
5534 * Fill the strip information arrays with new bytecounts and offsets
5535 * that reflect the broken-up format.
5536 */
5537 for (strip = 0; strip < nstrips32; strip++) {
5538 if (stripbytes > bytecount)
5539 stripbytes = bytecount;
5540 newcounts[strip] = stripbytes;
5541 newoffsets[strip] = offset;
5542 offset += stripbytes;
5543 bytecount -= stripbytes;
5544 }
5545 /*
5546 * Replace old single strip info with multi-strip info.
5547 */
5548 td->td_stripsperimage = td->td_nstrips = nstrips32;
5549 TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
5550
5551 _TIFFfree(td->td_stripbytecount);
5552 _TIFFfree(td->td_stripoffset);
5553 td->td_stripbytecount = newcounts;
5554 td->td_stripoffset = newoffsets;
5555 td->td_stripbytecountsorted = 1;
5556 }
5557
_TIFFFillStriles(TIFF * tif)5558 int _TIFFFillStriles( TIFF *tif )
5559 {
5560 #if defined(DEFER_STRILE_LOAD)
5561 register TIFFDirectory *td = &tif->tif_dir;
5562 int return_value = 1;
5563
5564 if( td->td_stripoffset != NULL )
5565 return 1;
5566
5567 if( td->td_stripoffset_entry.tdir_count == 0 )
5568 return 0;
5569
5570 if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry),
5571 td->td_nstrips,&td->td_stripoffset))
5572 {
5573 return_value = 0;
5574 }
5575
5576 if (!TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry),
5577 td->td_nstrips,&td->td_stripbytecount))
5578 {
5579 return_value = 0;
5580 }
5581
5582 _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry));
5583 _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry));
5584
5585 if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) {
5586 uint32 strip;
5587
5588 tif->tif_dir.td_stripbytecountsorted = 1;
5589 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
5590 if (tif->tif_dir.td_stripoffset[strip - 1] >
5591 tif->tif_dir.td_stripoffset[strip]) {
5592 tif->tif_dir.td_stripbytecountsorted = 0;
5593 break;
5594 }
5595 }
5596 }
5597
5598 return return_value;
5599 #else /* !defined(DEFER_STRILE_LOAD) */
5600 (void) tif;
5601 return 1;
5602 #endif
5603 }
5604
5605
5606 /* vim: set ts=8 sts=8 sw=8 noet: */
5607 /*
5608 * Local Variables:
5609 * mode: c
5610 * c-basic-offset: 8
5611 * fill-column: 78
5612 * End:
5613 */
5614