1 /* $Id: tif_dirread.c,v 1.191 2015-09-05 20:31:41 bfriesen Exp $ */
2
3 /*
4 * Copyright (c) 1988-1997 Sam Leffler
5 * Copyright (c) 1991-1997 Silicon Graphics, Inc.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software and
8 * its documentation for any purpose is hereby granted without fee, provided
9 * that (i) the above copyright notices and this permission notice appear in
10 * all copies of the software and related documentation, and (ii) the names of
11 * Sam Leffler and Silicon Graphics may not be used in any advertising or
12 * publicity relating to the software without the specific, prior written
13 * permission of Sam Leffler and Silicon Graphics.
14 *
15 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
17 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
18 *
19 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
20 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
21 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
22 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
23 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
24 * OF THIS SOFTWARE.
25 */
26
27 /*
28 * TIFF Library.
29 *
30 * Directory Read Support Routines.
31 */
32
33 /* Suggested pending improvements:
34 * - add a field 'ignore' to the TIFFDirEntry structure, to flag status,
35 * eliminating current use of the IGNORE value, and therefore eliminating
36 * current irrational behaviour on tags with tag id code 0
37 * - add a field 'field_info' to the TIFFDirEntry structure, and set that with
38 * the pointer to the appropriate TIFFField structure early on in
39 * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup.
40 */
41
42 #include "tiffiop.h"
43
44 #define IGNORE 0 /* tag placeholder used below */
45 #define FAILED_FII ((uint32) -1)
46
47 #ifdef HAVE_IEEEFP
48 # define TIFFCvtIEEEFloatToNative(tif, n, fp)
49 # define TIFFCvtIEEEDoubleToNative(tif, n, dp)
50 #else
51 extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32, float*);
52 extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32, double*);
53 #endif
54
55 enum TIFFReadDirEntryErr {
56 TIFFReadDirEntryErrOk = 0,
57 TIFFReadDirEntryErrCount = 1,
58 TIFFReadDirEntryErrType = 2,
59 TIFFReadDirEntryErrIo = 3,
60 TIFFReadDirEntryErrRange = 4,
61 TIFFReadDirEntryErrPsdif = 5,
62 TIFFReadDirEntryErrSizesan = 6,
63 TIFFReadDirEntryErrAlloc = 7,
64 };
65
66 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
67 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
68 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
69 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
70 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
71 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
72 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
73
74 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value);
75 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value);
76 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value);
77 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value);
78 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value);
79 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value);
80 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value);
81 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
82 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value);
83 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value);
84 static enum TIFFReadDirEntryErr TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value);
85 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
86
87 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
88 #if 0
89 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
90 #endif
91
92 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
93 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value);
94 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
95 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value);
96 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
97 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value);
98 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
99 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value);
100 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value);
101 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value);
102 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
103 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
104
105 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value);
106 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value);
107 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value);
108 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value);
109 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value);
110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value);
111 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value);
112
113 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value);
114 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value);
115 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value);
116 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value);
117 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value);
118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value);
119 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value);
120
121 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value);
122 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value);
123 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value);
124 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value);
125 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value);
126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value);
127
128 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value);
129 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value);
130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value);
131 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value);
132 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value);
133
134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value);
135 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value);
136 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value);
137 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongLong8(uint64 value);
138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong8(int64 value);
139
140 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong(uint32 value);
141 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong8(uint64 value);
142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongSlong8(int64 value);
143
144 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value);
145 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sshort(int16 value);
146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong(int32 value);
147 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong8(int64 value);
148
149 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value);
150
151 static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest);
152 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover);
153
154 static void TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
155 static TIFFDirEntry* TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid);
156 static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii);
157
158 static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
159 static void MissingRequired(TIFF*, const char*);
160 static int TIFFCheckDirOffset(TIFF* tif, uint64 diroff);
161 static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32);
162 static uint16 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, uint64* nextdiroff);
163 static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover);
164 static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp);
165 static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
166 static void ChopUpSingleUncompressedStrip(TIFF*);
167 static uint64 TIFFReadUInt64(const uint8 *value);
168
169 typedef union _UInt64Aligned_t
170 {
171 double d;
172 uint64 l;
173 uint32 i[2];
174 uint16 s[4];
175 uint8 c[8];
176 } UInt64Aligned_t;
177
178 /*
179 Unaligned safe copy of a uint64 value from an octet array.
180 */
TIFFReadUInt64(const uint8 * value)181 static uint64 TIFFReadUInt64(const uint8 *value)
182 {
183 UInt64Aligned_t result;
184
185 result.c[0]=value[0];
186 result.c[1]=value[1];
187 result.c[2]=value[2];
188 result.c[3]=value[3];
189 result.c[4]=value[4];
190 result.c[5]=value[5];
191 result.c[6]=value[6];
192 result.c[7]=value[7];
193
194 return result.l;
195 }
196
TIFFReadDirEntryByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)197 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
198 {
199 enum TIFFReadDirEntryErr err;
200 if (direntry->tdir_count!=1)
201 return(TIFFReadDirEntryErrCount);
202 switch (direntry->tdir_type)
203 {
204 case TIFF_BYTE:
205 TIFFReadDirEntryCheckedByte(tif,direntry,value);
206 return(TIFFReadDirEntryErrOk);
207 case TIFF_SBYTE:
208 {
209 int8 m;
210 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
211 err=TIFFReadDirEntryCheckRangeByteSbyte(m);
212 if (err!=TIFFReadDirEntryErrOk)
213 return(err);
214 *value=(uint8)m;
215 return(TIFFReadDirEntryErrOk);
216 }
217 case TIFF_SHORT:
218 {
219 uint16 m;
220 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
221 err=TIFFReadDirEntryCheckRangeByteShort(m);
222 if (err!=TIFFReadDirEntryErrOk)
223 return(err);
224 *value=(uint8)m;
225 return(TIFFReadDirEntryErrOk);
226 }
227 case TIFF_SSHORT:
228 {
229 int16 m;
230 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
231 err=TIFFReadDirEntryCheckRangeByteSshort(m);
232 if (err!=TIFFReadDirEntryErrOk)
233 return(err);
234 *value=(uint8)m;
235 return(TIFFReadDirEntryErrOk);
236 }
237 case TIFF_LONG:
238 {
239 uint32 m;
240 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
241 err=TIFFReadDirEntryCheckRangeByteLong(m);
242 if (err!=TIFFReadDirEntryErrOk)
243 return(err);
244 *value=(uint8)m;
245 return(TIFFReadDirEntryErrOk);
246 }
247 case TIFF_SLONG:
248 {
249 int32 m;
250 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
251 err=TIFFReadDirEntryCheckRangeByteSlong(m);
252 if (err!=TIFFReadDirEntryErrOk)
253 return(err);
254 *value=(uint8)m;
255 return(TIFFReadDirEntryErrOk);
256 }
257 case TIFF_LONG8:
258 {
259 uint64 m;
260 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
261 if (err!=TIFFReadDirEntryErrOk)
262 return(err);
263 err=TIFFReadDirEntryCheckRangeByteLong8(m);
264 if (err!=TIFFReadDirEntryErrOk)
265 return(err);
266 *value=(uint8)m;
267 return(TIFFReadDirEntryErrOk);
268 }
269 case TIFF_SLONG8:
270 {
271 int64 m;
272 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
273 if (err!=TIFFReadDirEntryErrOk)
274 return(err);
275 err=TIFFReadDirEntryCheckRangeByteSlong8(m);
276 if (err!=TIFFReadDirEntryErrOk)
277 return(err);
278 *value=(uint8)m;
279 return(TIFFReadDirEntryErrOk);
280 }
281 default:
282 return(TIFFReadDirEntryErrType);
283 }
284 }
285
TIFFReadDirEntryShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)286 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
287 {
288 enum TIFFReadDirEntryErr err;
289 if (direntry->tdir_count!=1)
290 return(TIFFReadDirEntryErrCount);
291 switch (direntry->tdir_type)
292 {
293 case TIFF_BYTE:
294 {
295 uint8 m;
296 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
297 *value=(uint16)m;
298 return(TIFFReadDirEntryErrOk);
299 }
300 case TIFF_SBYTE:
301 {
302 int8 m;
303 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
304 err=TIFFReadDirEntryCheckRangeShortSbyte(m);
305 if (err!=TIFFReadDirEntryErrOk)
306 return(err);
307 *value=(uint16)m;
308 return(TIFFReadDirEntryErrOk);
309 }
310 case TIFF_SHORT:
311 TIFFReadDirEntryCheckedShort(tif,direntry,value);
312 return(TIFFReadDirEntryErrOk);
313 case TIFF_SSHORT:
314 {
315 int16 m;
316 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
317 err=TIFFReadDirEntryCheckRangeShortSshort(m);
318 if (err!=TIFFReadDirEntryErrOk)
319 return(err);
320 *value=(uint16)m;
321 return(TIFFReadDirEntryErrOk);
322 }
323 case TIFF_LONG:
324 {
325 uint32 m;
326 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
327 err=TIFFReadDirEntryCheckRangeShortLong(m);
328 if (err!=TIFFReadDirEntryErrOk)
329 return(err);
330 *value=(uint16)m;
331 return(TIFFReadDirEntryErrOk);
332 }
333 case TIFF_SLONG:
334 {
335 int32 m;
336 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
337 err=TIFFReadDirEntryCheckRangeShortSlong(m);
338 if (err!=TIFFReadDirEntryErrOk)
339 return(err);
340 *value=(uint16)m;
341 return(TIFFReadDirEntryErrOk);
342 }
343 case TIFF_LONG8:
344 {
345 uint64 m;
346 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
347 if (err!=TIFFReadDirEntryErrOk)
348 return(err);
349 err=TIFFReadDirEntryCheckRangeShortLong8(m);
350 if (err!=TIFFReadDirEntryErrOk)
351 return(err);
352 *value=(uint16)m;
353 return(TIFFReadDirEntryErrOk);
354 }
355 case TIFF_SLONG8:
356 {
357 int64 m;
358 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
359 if (err!=TIFFReadDirEntryErrOk)
360 return(err);
361 err=TIFFReadDirEntryCheckRangeShortSlong8(m);
362 if (err!=TIFFReadDirEntryErrOk)
363 return(err);
364 *value=(uint16)m;
365 return(TIFFReadDirEntryErrOk);
366 }
367 default:
368 return(TIFFReadDirEntryErrType);
369 }
370 }
371
TIFFReadDirEntryLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)372 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
373 {
374 enum TIFFReadDirEntryErr err;
375 if (direntry->tdir_count!=1)
376 return(TIFFReadDirEntryErrCount);
377 switch (direntry->tdir_type)
378 {
379 case TIFF_BYTE:
380 {
381 uint8 m;
382 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
383 *value=(uint32)m;
384 return(TIFFReadDirEntryErrOk);
385 }
386 case TIFF_SBYTE:
387 {
388 int8 m;
389 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
390 err=TIFFReadDirEntryCheckRangeLongSbyte(m);
391 if (err!=TIFFReadDirEntryErrOk)
392 return(err);
393 *value=(uint32)m;
394 return(TIFFReadDirEntryErrOk);
395 }
396 case TIFF_SHORT:
397 {
398 uint16 m;
399 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
400 *value=(uint32)m;
401 return(TIFFReadDirEntryErrOk);
402 }
403 case TIFF_SSHORT:
404 {
405 int16 m;
406 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
407 err=TIFFReadDirEntryCheckRangeLongSshort(m);
408 if (err!=TIFFReadDirEntryErrOk)
409 return(err);
410 *value=(uint32)m;
411 return(TIFFReadDirEntryErrOk);
412 }
413 case TIFF_LONG:
414 TIFFReadDirEntryCheckedLong(tif,direntry,value);
415 return(TIFFReadDirEntryErrOk);
416 case TIFF_SLONG:
417 {
418 int32 m;
419 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
420 err=TIFFReadDirEntryCheckRangeLongSlong(m);
421 if (err!=TIFFReadDirEntryErrOk)
422 return(err);
423 *value=(uint32)m;
424 return(TIFFReadDirEntryErrOk);
425 }
426 case TIFF_LONG8:
427 {
428 uint64 m;
429 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
430 if (err!=TIFFReadDirEntryErrOk)
431 return(err);
432 err=TIFFReadDirEntryCheckRangeLongLong8(m);
433 if (err!=TIFFReadDirEntryErrOk)
434 return(err);
435 *value=(uint32)m;
436 return(TIFFReadDirEntryErrOk);
437 }
438 case TIFF_SLONG8:
439 {
440 int64 m;
441 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
442 if (err!=TIFFReadDirEntryErrOk)
443 return(err);
444 err=TIFFReadDirEntryCheckRangeLongSlong8(m);
445 if (err!=TIFFReadDirEntryErrOk)
446 return(err);
447 *value=(uint32)m;
448 return(TIFFReadDirEntryErrOk);
449 }
450 default:
451 return(TIFFReadDirEntryErrType);
452 }
453 }
454
TIFFReadDirEntryLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)455 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
456 {
457 enum TIFFReadDirEntryErr err;
458 if (direntry->tdir_count!=1)
459 return(TIFFReadDirEntryErrCount);
460 switch (direntry->tdir_type)
461 {
462 case TIFF_BYTE:
463 {
464 uint8 m;
465 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
466 *value=(uint64)m;
467 return(TIFFReadDirEntryErrOk);
468 }
469 case TIFF_SBYTE:
470 {
471 int8 m;
472 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
473 err=TIFFReadDirEntryCheckRangeLong8Sbyte(m);
474 if (err!=TIFFReadDirEntryErrOk)
475 return(err);
476 *value=(uint64)m;
477 return(TIFFReadDirEntryErrOk);
478 }
479 case TIFF_SHORT:
480 {
481 uint16 m;
482 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
483 *value=(uint64)m;
484 return(TIFFReadDirEntryErrOk);
485 }
486 case TIFF_SSHORT:
487 {
488 int16 m;
489 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
490 err=TIFFReadDirEntryCheckRangeLong8Sshort(m);
491 if (err!=TIFFReadDirEntryErrOk)
492 return(err);
493 *value=(uint64)m;
494 return(TIFFReadDirEntryErrOk);
495 }
496 case TIFF_LONG:
497 {
498 uint32 m;
499 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
500 *value=(uint64)m;
501 return(TIFFReadDirEntryErrOk);
502 }
503 case TIFF_SLONG:
504 {
505 int32 m;
506 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
507 err=TIFFReadDirEntryCheckRangeLong8Slong(m);
508 if (err!=TIFFReadDirEntryErrOk)
509 return(err);
510 *value=(uint64)m;
511 return(TIFFReadDirEntryErrOk);
512 }
513 case TIFF_LONG8:
514 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
515 return(err);
516 case TIFF_SLONG8:
517 {
518 int64 m;
519 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
520 if (err!=TIFFReadDirEntryErrOk)
521 return(err);
522 err=TIFFReadDirEntryCheckRangeLong8Slong8(m);
523 if (err!=TIFFReadDirEntryErrOk)
524 return(err);
525 *value=(uint64)m;
526 return(TIFFReadDirEntryErrOk);
527 }
528 default:
529 return(TIFFReadDirEntryErrType);
530 }
531 }
532
TIFFReadDirEntryFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)533 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
534 {
535 enum TIFFReadDirEntryErr err;
536 if (direntry->tdir_count!=1)
537 return(TIFFReadDirEntryErrCount);
538 switch (direntry->tdir_type)
539 {
540 case TIFF_BYTE:
541 {
542 uint8 m;
543 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
544 *value=(float)m;
545 return(TIFFReadDirEntryErrOk);
546 }
547 case TIFF_SBYTE:
548 {
549 int8 m;
550 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
551 *value=(float)m;
552 return(TIFFReadDirEntryErrOk);
553 }
554 case TIFF_SHORT:
555 {
556 uint16 m;
557 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
558 *value=(float)m;
559 return(TIFFReadDirEntryErrOk);
560 }
561 case TIFF_SSHORT:
562 {
563 int16 m;
564 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
565 *value=(float)m;
566 return(TIFFReadDirEntryErrOk);
567 }
568 case TIFF_LONG:
569 {
570 uint32 m;
571 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
572 *value=(float)m;
573 return(TIFFReadDirEntryErrOk);
574 }
575 case TIFF_SLONG:
576 {
577 int32 m;
578 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
579 *value=(float)m;
580 return(TIFFReadDirEntryErrOk);
581 }
582 case TIFF_LONG8:
583 {
584 uint64 m;
585 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
586 if (err!=TIFFReadDirEntryErrOk)
587 return(err);
588 #if defined(__WIN32__) && (_MSC_VER < 1500)
589 /*
590 * XXX: MSVC 6.0 does not support conversion
591 * of 64-bit integers into floating point
592 * values.
593 */
594 *value = _TIFFUInt64ToFloat(m);
595 #else
596 *value=(float)m;
597 #endif
598 return(TIFFReadDirEntryErrOk);
599 }
600 case TIFF_SLONG8:
601 {
602 int64 m;
603 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
604 if (err!=TIFFReadDirEntryErrOk)
605 return(err);
606 *value=(float)m;
607 return(TIFFReadDirEntryErrOk);
608 }
609 case TIFF_RATIONAL:
610 {
611 double m;
612 err=TIFFReadDirEntryCheckedRational(tif,direntry,&m);
613 if (err!=TIFFReadDirEntryErrOk)
614 return(err);
615 *value=(float)m;
616 return(TIFFReadDirEntryErrOk);
617 }
618 case TIFF_SRATIONAL:
619 {
620 double m;
621 err=TIFFReadDirEntryCheckedSrational(tif,direntry,&m);
622 if (err!=TIFFReadDirEntryErrOk)
623 return(err);
624 *value=(float)m;
625 return(TIFFReadDirEntryErrOk);
626 }
627 case TIFF_FLOAT:
628 TIFFReadDirEntryCheckedFloat(tif,direntry,value);
629 return(TIFFReadDirEntryErrOk);
630 case TIFF_DOUBLE:
631 {
632 double m;
633 err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m);
634 if (err!=TIFFReadDirEntryErrOk)
635 return(err);
636 *value=(float)m;
637 return(TIFFReadDirEntryErrOk);
638 }
639 default:
640 return(TIFFReadDirEntryErrType);
641 }
642 }
643
TIFFReadDirEntryDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)644 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
645 {
646 enum TIFFReadDirEntryErr err;
647 if (direntry->tdir_count!=1)
648 return(TIFFReadDirEntryErrCount);
649 switch (direntry->tdir_type)
650 {
651 case TIFF_BYTE:
652 {
653 uint8 m;
654 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
655 *value=(double)m;
656 return(TIFFReadDirEntryErrOk);
657 }
658 case TIFF_SBYTE:
659 {
660 int8 m;
661 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
662 *value=(double)m;
663 return(TIFFReadDirEntryErrOk);
664 }
665 case TIFF_SHORT:
666 {
667 uint16 m;
668 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
669 *value=(double)m;
670 return(TIFFReadDirEntryErrOk);
671 }
672 case TIFF_SSHORT:
673 {
674 int16 m;
675 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
676 *value=(double)m;
677 return(TIFFReadDirEntryErrOk);
678 }
679 case TIFF_LONG:
680 {
681 uint32 m;
682 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
683 *value=(double)m;
684 return(TIFFReadDirEntryErrOk);
685 }
686 case TIFF_SLONG:
687 {
688 int32 m;
689 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
690 *value=(double)m;
691 return(TIFFReadDirEntryErrOk);
692 }
693 case TIFF_LONG8:
694 {
695 uint64 m;
696 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
697 if (err!=TIFFReadDirEntryErrOk)
698 return(err);
699 #if defined(__WIN32__) && (_MSC_VER < 1500)
700 /*
701 * XXX: MSVC 6.0 does not support conversion
702 * of 64-bit integers into floating point
703 * values.
704 */
705 *value = _TIFFUInt64ToDouble(m);
706 #else
707 *value = (double)m;
708 #endif
709 return(TIFFReadDirEntryErrOk);
710 }
711 case TIFF_SLONG8:
712 {
713 int64 m;
714 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
715 if (err!=TIFFReadDirEntryErrOk)
716 return(err);
717 *value=(double)m;
718 return(TIFFReadDirEntryErrOk);
719 }
720 case TIFF_RATIONAL:
721 err=TIFFReadDirEntryCheckedRational(tif,direntry,value);
722 return(err);
723 case TIFF_SRATIONAL:
724 err=TIFFReadDirEntryCheckedSrational(tif,direntry,value);
725 return(err);
726 case TIFF_FLOAT:
727 {
728 float m;
729 TIFFReadDirEntryCheckedFloat(tif,direntry,&m);
730 *value=(double)m;
731 return(TIFFReadDirEntryErrOk);
732 }
733 case TIFF_DOUBLE:
734 err=TIFFReadDirEntryCheckedDouble(tif,direntry,value);
735 return(err);
736 default:
737 return(TIFFReadDirEntryErrType);
738 }
739 }
740
TIFFReadDirEntryIfd8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)741 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
742 {
743 enum TIFFReadDirEntryErr err;
744 if (direntry->tdir_count!=1)
745 return(TIFFReadDirEntryErrCount);
746 switch (direntry->tdir_type)
747 {
748 case TIFF_LONG:
749 case TIFF_IFD:
750 {
751 uint32 m;
752 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
753 *value=(uint64)m;
754 return(TIFFReadDirEntryErrOk);
755 }
756 case TIFF_LONG8:
757 case TIFF_IFD8:
758 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
759 return(err);
760 default:
761 return(TIFFReadDirEntryErrType);
762 }
763 }
764
TIFFReadDirEntryArray(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value)765 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value)
766 {
767 int typesize;
768 uint32 datasize;
769 void* data;
770 typesize=TIFFDataWidth(direntry->tdir_type);
771 if ((direntry->tdir_count==0)||(typesize==0))
772 {
773 *value=0;
774 return(TIFFReadDirEntryErrOk);
775 }
776 (void) desttypesize;
777
778 /*
779 * As a sanity check, make sure we have no more than a 2GB tag array
780 * in either the current data type or the dest data type. This also
781 * avoids problems with overflow of tmsize_t on 32bit systems.
782 */
783 if ((uint64)(2147483647/typesize)<direntry->tdir_count)
784 return(TIFFReadDirEntryErrSizesan);
785 if ((uint64)(2147483647/desttypesize)<direntry->tdir_count)
786 return(TIFFReadDirEntryErrSizesan);
787
788 *count=(uint32)direntry->tdir_count;
789 datasize=(*count)*typesize;
790 assert((tmsize_t)datasize>0);
791 data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
792 if (data==0)
793 return(TIFFReadDirEntryErrAlloc);
794 if (!(tif->tif_flags&TIFF_BIGTIFF))
795 {
796 if (datasize<=4)
797 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
798 else
799 {
800 enum TIFFReadDirEntryErr err;
801 uint32 offset = direntry->tdir_offset.toff_long;
802 if (tif->tif_flags&TIFF_SWAB)
803 TIFFSwabLong(&offset);
804 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
805 if (err!=TIFFReadDirEntryErrOk)
806 {
807 _TIFFfree(data);
808 return(err);
809 }
810 }
811 }
812 else
813 {
814 if (datasize<=8)
815 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
816 else
817 {
818 enum TIFFReadDirEntryErr err;
819 uint64 offset = direntry->tdir_offset.toff_long8;
820 if (tif->tif_flags&TIFF_SWAB)
821 TIFFSwabLong8(&offset);
822 err=TIFFReadDirEntryData(tif,offset,(tmsize_t)datasize,data);
823 if (err!=TIFFReadDirEntryErrOk)
824 {
825 _TIFFfree(data);
826 return(err);
827 }
828 }
829 }
830 *value=data;
831 return(TIFFReadDirEntryErrOk);
832 }
833
TIFFReadDirEntryByteArray(TIFF * tif,TIFFDirEntry * direntry,uint8 ** value)834 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value)
835 {
836 enum TIFFReadDirEntryErr err;
837 uint32 count;
838 void* origdata;
839 uint8* data;
840 switch (direntry->tdir_type)
841 {
842 case TIFF_ASCII:
843 case TIFF_UNDEFINED:
844 case TIFF_BYTE:
845 case TIFF_SBYTE:
846 case TIFF_SHORT:
847 case TIFF_SSHORT:
848 case TIFF_LONG:
849 case TIFF_SLONG:
850 case TIFF_LONG8:
851 case TIFF_SLONG8:
852 break;
853 default:
854 return(TIFFReadDirEntryErrType);
855 }
856 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
857 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
858 {
859 *value=0;
860 return(err);
861 }
862 switch (direntry->tdir_type)
863 {
864 case TIFF_ASCII:
865 case TIFF_UNDEFINED:
866 case TIFF_BYTE:
867 *value=(uint8*)origdata;
868 return(TIFFReadDirEntryErrOk);
869 case TIFF_SBYTE:
870 {
871 int8* m;
872 uint32 n;
873 m=(int8*)origdata;
874 for (n=0; n<count; n++)
875 {
876 err=TIFFReadDirEntryCheckRangeByteSbyte(*m);
877 if (err!=TIFFReadDirEntryErrOk)
878 {
879 _TIFFfree(origdata);
880 return(err);
881 }
882 m++;
883 }
884 *value=(uint8*)origdata;
885 return(TIFFReadDirEntryErrOk);
886 }
887 }
888 data=(uint8*)_TIFFmalloc(count);
889 if (data==0)
890 {
891 _TIFFfree(origdata);
892 return(TIFFReadDirEntryErrAlloc);
893 }
894 switch (direntry->tdir_type)
895 {
896 case TIFF_SHORT:
897 {
898 uint16* ma;
899 uint8* mb;
900 uint32 n;
901 ma=(uint16*)origdata;
902 mb=data;
903 for (n=0; n<count; n++)
904 {
905 if (tif->tif_flags&TIFF_SWAB)
906 TIFFSwabShort(ma);
907 err=TIFFReadDirEntryCheckRangeByteShort(*ma);
908 if (err!=TIFFReadDirEntryErrOk)
909 break;
910 *mb++=(uint8)(*ma++);
911 }
912 }
913 break;
914 case TIFF_SSHORT:
915 {
916 int16* ma;
917 uint8* mb;
918 uint32 n;
919 ma=(int16*)origdata;
920 mb=data;
921 for (n=0; n<count; n++)
922 {
923 if (tif->tif_flags&TIFF_SWAB)
924 TIFFSwabShort((uint16*)ma);
925 err=TIFFReadDirEntryCheckRangeByteSshort(*ma);
926 if (err!=TIFFReadDirEntryErrOk)
927 break;
928 *mb++=(uint8)(*ma++);
929 }
930 }
931 break;
932 case TIFF_LONG:
933 {
934 uint32* ma;
935 uint8* mb;
936 uint32 n;
937 ma=(uint32*)origdata;
938 mb=data;
939 for (n=0; n<count; n++)
940 {
941 if (tif->tif_flags&TIFF_SWAB)
942 TIFFSwabLong(ma);
943 err=TIFFReadDirEntryCheckRangeByteLong(*ma);
944 if (err!=TIFFReadDirEntryErrOk)
945 break;
946 *mb++=(uint8)(*ma++);
947 }
948 }
949 break;
950 case TIFF_SLONG:
951 {
952 int32* ma;
953 uint8* mb;
954 uint32 n;
955 ma=(int32*)origdata;
956 mb=data;
957 for (n=0; n<count; n++)
958 {
959 if (tif->tif_flags&TIFF_SWAB)
960 TIFFSwabLong((uint32*)ma);
961 err=TIFFReadDirEntryCheckRangeByteSlong(*ma);
962 if (err!=TIFFReadDirEntryErrOk)
963 break;
964 *mb++=(uint8)(*ma++);
965 }
966 }
967 break;
968 case TIFF_LONG8:
969 {
970 uint64* ma;
971 uint8* mb;
972 uint32 n;
973 ma=(uint64*)origdata;
974 mb=data;
975 for (n=0; n<count; n++)
976 {
977 if (tif->tif_flags&TIFF_SWAB)
978 TIFFSwabLong8(ma);
979 err=TIFFReadDirEntryCheckRangeByteLong8(*ma);
980 if (err!=TIFFReadDirEntryErrOk)
981 break;
982 *mb++=(uint8)(*ma++);
983 }
984 }
985 break;
986 case TIFF_SLONG8:
987 {
988 int64* ma;
989 uint8* mb;
990 uint32 n;
991 ma=(int64*)origdata;
992 mb=data;
993 for (n=0; n<count; n++)
994 {
995 if (tif->tif_flags&TIFF_SWAB)
996 TIFFSwabLong8((uint64*)ma);
997 err=TIFFReadDirEntryCheckRangeByteSlong8(*ma);
998 if (err!=TIFFReadDirEntryErrOk)
999 break;
1000 *mb++=(uint8)(*ma++);
1001 }
1002 }
1003 break;
1004 }
1005 _TIFFfree(origdata);
1006 if (err!=TIFFReadDirEntryErrOk)
1007 {
1008 _TIFFfree(data);
1009 return(err);
1010 }
1011 *value=data;
1012 return(TIFFReadDirEntryErrOk);
1013 }
1014
TIFFReadDirEntrySbyteArray(TIFF * tif,TIFFDirEntry * direntry,int8 ** value)1015 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value)
1016 {
1017 enum TIFFReadDirEntryErr err;
1018 uint32 count;
1019 void* origdata;
1020 int8* data;
1021 switch (direntry->tdir_type)
1022 {
1023 case TIFF_UNDEFINED:
1024 case TIFF_BYTE:
1025 case TIFF_SBYTE:
1026 case TIFF_SHORT:
1027 case TIFF_SSHORT:
1028 case TIFF_LONG:
1029 case TIFF_SLONG:
1030 case TIFF_LONG8:
1031 case TIFF_SLONG8:
1032 break;
1033 default:
1034 return(TIFFReadDirEntryErrType);
1035 }
1036 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
1037 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1038 {
1039 *value=0;
1040 return(err);
1041 }
1042 switch (direntry->tdir_type)
1043 {
1044 case TIFF_UNDEFINED:
1045 case TIFF_BYTE:
1046 {
1047 uint8* m;
1048 uint32 n;
1049 m=(uint8*)origdata;
1050 for (n=0; n<count; n++)
1051 {
1052 err=TIFFReadDirEntryCheckRangeSbyteByte(*m);
1053 if (err!=TIFFReadDirEntryErrOk)
1054 {
1055 _TIFFfree(origdata);
1056 return(err);
1057 }
1058 m++;
1059 }
1060 *value=(int8*)origdata;
1061 return(TIFFReadDirEntryErrOk);
1062 }
1063 case TIFF_SBYTE:
1064 *value=(int8*)origdata;
1065 return(TIFFReadDirEntryErrOk);
1066 }
1067 data=(int8*)_TIFFmalloc(count);
1068 if (data==0)
1069 {
1070 _TIFFfree(origdata);
1071 return(TIFFReadDirEntryErrAlloc);
1072 }
1073 switch (direntry->tdir_type)
1074 {
1075 case TIFF_SHORT:
1076 {
1077 uint16* ma;
1078 int8* mb;
1079 uint32 n;
1080 ma=(uint16*)origdata;
1081 mb=data;
1082 for (n=0; n<count; n++)
1083 {
1084 if (tif->tif_flags&TIFF_SWAB)
1085 TIFFSwabShort(ma);
1086 err=TIFFReadDirEntryCheckRangeSbyteShort(*ma);
1087 if (err!=TIFFReadDirEntryErrOk)
1088 break;
1089 *mb++=(int8)(*ma++);
1090 }
1091 }
1092 break;
1093 case TIFF_SSHORT:
1094 {
1095 int16* ma;
1096 int8* mb;
1097 uint32 n;
1098 ma=(int16*)origdata;
1099 mb=data;
1100 for (n=0; n<count; n++)
1101 {
1102 if (tif->tif_flags&TIFF_SWAB)
1103 TIFFSwabShort((uint16*)ma);
1104 err=TIFFReadDirEntryCheckRangeSbyteSshort(*ma);
1105 if (err!=TIFFReadDirEntryErrOk)
1106 break;
1107 *mb++=(int8)(*ma++);
1108 }
1109 }
1110 break;
1111 case TIFF_LONG:
1112 {
1113 uint32* ma;
1114 int8* mb;
1115 uint32 n;
1116 ma=(uint32*)origdata;
1117 mb=data;
1118 for (n=0; n<count; n++)
1119 {
1120 if (tif->tif_flags&TIFF_SWAB)
1121 TIFFSwabLong(ma);
1122 err=TIFFReadDirEntryCheckRangeSbyteLong(*ma);
1123 if (err!=TIFFReadDirEntryErrOk)
1124 break;
1125 *mb++=(int8)(*ma++);
1126 }
1127 }
1128 break;
1129 case TIFF_SLONG:
1130 {
1131 int32* ma;
1132 int8* mb;
1133 uint32 n;
1134 ma=(int32*)origdata;
1135 mb=data;
1136 for (n=0; n<count; n++)
1137 {
1138 if (tif->tif_flags&TIFF_SWAB)
1139 TIFFSwabLong((uint32*)ma);
1140 err=TIFFReadDirEntryCheckRangeSbyteSlong(*ma);
1141 if (err!=TIFFReadDirEntryErrOk)
1142 break;
1143 *mb++=(int8)(*ma++);
1144 }
1145 }
1146 break;
1147 case TIFF_LONG8:
1148 {
1149 uint64* ma;
1150 int8* mb;
1151 uint32 n;
1152 ma=(uint64*)origdata;
1153 mb=data;
1154 for (n=0; n<count; n++)
1155 {
1156 if (tif->tif_flags&TIFF_SWAB)
1157 TIFFSwabLong8(ma);
1158 err=TIFFReadDirEntryCheckRangeSbyteLong8(*ma);
1159 if (err!=TIFFReadDirEntryErrOk)
1160 break;
1161 *mb++=(int8)(*ma++);
1162 }
1163 }
1164 break;
1165 case TIFF_SLONG8:
1166 {
1167 int64* ma;
1168 int8* mb;
1169 uint32 n;
1170 ma=(int64*)origdata;
1171 mb=data;
1172 for (n=0; n<count; n++)
1173 {
1174 if (tif->tif_flags&TIFF_SWAB)
1175 TIFFSwabLong8((uint64*)ma);
1176 err=TIFFReadDirEntryCheckRangeSbyteSlong8(*ma);
1177 if (err!=TIFFReadDirEntryErrOk)
1178 break;
1179 *mb++=(int8)(*ma++);
1180 }
1181 }
1182 break;
1183 }
1184 _TIFFfree(origdata);
1185 if (err!=TIFFReadDirEntryErrOk)
1186 {
1187 _TIFFfree(data);
1188 return(err);
1189 }
1190 *value=data;
1191 return(TIFFReadDirEntryErrOk);
1192 }
1193
TIFFReadDirEntryShortArray(TIFF * tif,TIFFDirEntry * direntry,uint16 ** value)1194 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value)
1195 {
1196 enum TIFFReadDirEntryErr err;
1197 uint32 count;
1198 void* origdata;
1199 uint16* data;
1200 switch (direntry->tdir_type)
1201 {
1202 case TIFF_BYTE:
1203 case TIFF_SBYTE:
1204 case TIFF_SHORT:
1205 case TIFF_SSHORT:
1206 case TIFF_LONG:
1207 case TIFF_SLONG:
1208 case TIFF_LONG8:
1209 case TIFF_SLONG8:
1210 break;
1211 default:
1212 return(TIFFReadDirEntryErrType);
1213 }
1214 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1215 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1216 {
1217 *value=0;
1218 return(err);
1219 }
1220 switch (direntry->tdir_type)
1221 {
1222 case TIFF_SHORT:
1223 *value=(uint16*)origdata;
1224 if (tif->tif_flags&TIFF_SWAB)
1225 TIFFSwabArrayOfShort(*value,count);
1226 return(TIFFReadDirEntryErrOk);
1227 case TIFF_SSHORT:
1228 {
1229 int16* m;
1230 uint32 n;
1231 m=(int16*)origdata;
1232 for (n=0; n<count; n++)
1233 {
1234 if (tif->tif_flags&TIFF_SWAB)
1235 TIFFSwabShort((uint16*)m);
1236 err=TIFFReadDirEntryCheckRangeShortSshort(*m);
1237 if (err!=TIFFReadDirEntryErrOk)
1238 {
1239 _TIFFfree(origdata);
1240 return(err);
1241 }
1242 m++;
1243 }
1244 *value=(uint16*)origdata;
1245 return(TIFFReadDirEntryErrOk);
1246 }
1247 }
1248 data=(uint16*)_TIFFmalloc(count*2);
1249 if (data==0)
1250 {
1251 _TIFFfree(origdata);
1252 return(TIFFReadDirEntryErrAlloc);
1253 }
1254 switch (direntry->tdir_type)
1255 {
1256 case TIFF_BYTE:
1257 {
1258 uint8* ma;
1259 uint16* mb;
1260 uint32 n;
1261 ma=(uint8*)origdata;
1262 mb=data;
1263 for (n=0; n<count; n++)
1264 *mb++=(uint16)(*ma++);
1265 }
1266 break;
1267 case TIFF_SBYTE:
1268 {
1269 int8* ma;
1270 uint16* mb;
1271 uint32 n;
1272 ma=(int8*)origdata;
1273 mb=data;
1274 for (n=0; n<count; n++)
1275 {
1276 err=TIFFReadDirEntryCheckRangeShortSbyte(*ma);
1277 if (err!=TIFFReadDirEntryErrOk)
1278 break;
1279 *mb++=(uint16)(*ma++);
1280 }
1281 }
1282 break;
1283 case TIFF_LONG:
1284 {
1285 uint32* ma;
1286 uint16* mb;
1287 uint32 n;
1288 ma=(uint32*)origdata;
1289 mb=data;
1290 for (n=0; n<count; n++)
1291 {
1292 if (tif->tif_flags&TIFF_SWAB)
1293 TIFFSwabLong(ma);
1294 err=TIFFReadDirEntryCheckRangeShortLong(*ma);
1295 if (err!=TIFFReadDirEntryErrOk)
1296 break;
1297 *mb++=(uint16)(*ma++);
1298 }
1299 }
1300 break;
1301 case TIFF_SLONG:
1302 {
1303 int32* ma;
1304 uint16* mb;
1305 uint32 n;
1306 ma=(int32*)origdata;
1307 mb=data;
1308 for (n=0; n<count; n++)
1309 {
1310 if (tif->tif_flags&TIFF_SWAB)
1311 TIFFSwabLong((uint32*)ma);
1312 err=TIFFReadDirEntryCheckRangeShortSlong(*ma);
1313 if (err!=TIFFReadDirEntryErrOk)
1314 break;
1315 *mb++=(uint16)(*ma++);
1316 }
1317 }
1318 break;
1319 case TIFF_LONG8:
1320 {
1321 uint64* ma;
1322 uint16* mb;
1323 uint32 n;
1324 ma=(uint64*)origdata;
1325 mb=data;
1326 for (n=0; n<count; n++)
1327 {
1328 if (tif->tif_flags&TIFF_SWAB)
1329 TIFFSwabLong8(ma);
1330 err=TIFFReadDirEntryCheckRangeShortLong8(*ma);
1331 if (err!=TIFFReadDirEntryErrOk)
1332 break;
1333 *mb++=(uint16)(*ma++);
1334 }
1335 }
1336 break;
1337 case TIFF_SLONG8:
1338 {
1339 int64* ma;
1340 uint16* mb;
1341 uint32 n;
1342 ma=(int64*)origdata;
1343 mb=data;
1344 for (n=0; n<count; n++)
1345 {
1346 if (tif->tif_flags&TIFF_SWAB)
1347 TIFFSwabLong8((uint64*)ma);
1348 err=TIFFReadDirEntryCheckRangeShortSlong8(*ma);
1349 if (err!=TIFFReadDirEntryErrOk)
1350 break;
1351 *mb++=(uint16)(*ma++);
1352 }
1353 }
1354 break;
1355 }
1356 _TIFFfree(origdata);
1357 if (err!=TIFFReadDirEntryErrOk)
1358 {
1359 _TIFFfree(data);
1360 return(err);
1361 }
1362 *value=data;
1363 return(TIFFReadDirEntryErrOk);
1364 }
1365
TIFFReadDirEntrySshortArray(TIFF * tif,TIFFDirEntry * direntry,int16 ** value)1366 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value)
1367 {
1368 enum TIFFReadDirEntryErr err;
1369 uint32 count;
1370 void* origdata;
1371 int16* data;
1372 switch (direntry->tdir_type)
1373 {
1374 case TIFF_BYTE:
1375 case TIFF_SBYTE:
1376 case TIFF_SHORT:
1377 case TIFF_SSHORT:
1378 case TIFF_LONG:
1379 case TIFF_SLONG:
1380 case TIFF_LONG8:
1381 case TIFF_SLONG8:
1382 break;
1383 default:
1384 return(TIFFReadDirEntryErrType);
1385 }
1386 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1387 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1388 {
1389 *value=0;
1390 return(err);
1391 }
1392 switch (direntry->tdir_type)
1393 {
1394 case TIFF_SHORT:
1395 {
1396 uint16* m;
1397 uint32 n;
1398 m=(uint16*)origdata;
1399 for (n=0; n<count; n++)
1400 {
1401 if (tif->tif_flags&TIFF_SWAB)
1402 TIFFSwabShort(m);
1403 err=TIFFReadDirEntryCheckRangeSshortShort(*m);
1404 if (err!=TIFFReadDirEntryErrOk)
1405 {
1406 _TIFFfree(origdata);
1407 return(err);
1408 }
1409 m++;
1410 }
1411 *value=(int16*)origdata;
1412 return(TIFFReadDirEntryErrOk);
1413 }
1414 case TIFF_SSHORT:
1415 *value=(int16*)origdata;
1416 if (tif->tif_flags&TIFF_SWAB)
1417 TIFFSwabArrayOfShort((uint16*)(*value),count);
1418 return(TIFFReadDirEntryErrOk);
1419 }
1420 data=(int16*)_TIFFmalloc(count*2);
1421 if (data==0)
1422 {
1423 _TIFFfree(origdata);
1424 return(TIFFReadDirEntryErrAlloc);
1425 }
1426 switch (direntry->tdir_type)
1427 {
1428 case TIFF_BYTE:
1429 {
1430 uint8* ma;
1431 int16* mb;
1432 uint32 n;
1433 ma=(uint8*)origdata;
1434 mb=data;
1435 for (n=0; n<count; n++)
1436 *mb++=(int16)(*ma++);
1437 }
1438 break;
1439 case TIFF_SBYTE:
1440 {
1441 int8* ma;
1442 int16* mb;
1443 uint32 n;
1444 ma=(int8*)origdata;
1445 mb=data;
1446 for (n=0; n<count; n++)
1447 *mb++=(int16)(*ma++);
1448 }
1449 break;
1450 case TIFF_LONG:
1451 {
1452 uint32* ma;
1453 int16* mb;
1454 uint32 n;
1455 ma=(uint32*)origdata;
1456 mb=data;
1457 for (n=0; n<count; n++)
1458 {
1459 if (tif->tif_flags&TIFF_SWAB)
1460 TIFFSwabLong(ma);
1461 err=TIFFReadDirEntryCheckRangeSshortLong(*ma);
1462 if (err!=TIFFReadDirEntryErrOk)
1463 break;
1464 *mb++=(int16)(*ma++);
1465 }
1466 }
1467 break;
1468 case TIFF_SLONG:
1469 {
1470 int32* ma;
1471 int16* mb;
1472 uint32 n;
1473 ma=(int32*)origdata;
1474 mb=data;
1475 for (n=0; n<count; n++)
1476 {
1477 if (tif->tif_flags&TIFF_SWAB)
1478 TIFFSwabLong((uint32*)ma);
1479 err=TIFFReadDirEntryCheckRangeSshortSlong(*ma);
1480 if (err!=TIFFReadDirEntryErrOk)
1481 break;
1482 *mb++=(int16)(*ma++);
1483 }
1484 }
1485 break;
1486 case TIFF_LONG8:
1487 {
1488 uint64* ma;
1489 int16* mb;
1490 uint32 n;
1491 ma=(uint64*)origdata;
1492 mb=data;
1493 for (n=0; n<count; n++)
1494 {
1495 if (tif->tif_flags&TIFF_SWAB)
1496 TIFFSwabLong8(ma);
1497 err=TIFFReadDirEntryCheckRangeSshortLong8(*ma);
1498 if (err!=TIFFReadDirEntryErrOk)
1499 break;
1500 *mb++=(int16)(*ma++);
1501 }
1502 }
1503 break;
1504 case TIFF_SLONG8:
1505 {
1506 int64* ma;
1507 int16* mb;
1508 uint32 n;
1509 ma=(int64*)origdata;
1510 mb=data;
1511 for (n=0; n<count; n++)
1512 {
1513 if (tif->tif_flags&TIFF_SWAB)
1514 TIFFSwabLong8((uint64*)ma);
1515 err=TIFFReadDirEntryCheckRangeSshortSlong8(*ma);
1516 if (err!=TIFFReadDirEntryErrOk)
1517 break;
1518 *mb++=(int16)(*ma++);
1519 }
1520 }
1521 break;
1522 }
1523 _TIFFfree(origdata);
1524 if (err!=TIFFReadDirEntryErrOk)
1525 {
1526 _TIFFfree(data);
1527 return(err);
1528 }
1529 *value=data;
1530 return(TIFFReadDirEntryErrOk);
1531 }
1532
TIFFReadDirEntryLongArray(TIFF * tif,TIFFDirEntry * direntry,uint32 ** value)1533 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value)
1534 {
1535 enum TIFFReadDirEntryErr err;
1536 uint32 count;
1537 void* origdata;
1538 uint32* data;
1539 switch (direntry->tdir_type)
1540 {
1541 case TIFF_BYTE:
1542 case TIFF_SBYTE:
1543 case TIFF_SHORT:
1544 case TIFF_SSHORT:
1545 case TIFF_LONG:
1546 case TIFF_SLONG:
1547 case TIFF_LONG8:
1548 case TIFF_SLONG8:
1549 break;
1550 default:
1551 return(TIFFReadDirEntryErrType);
1552 }
1553 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1554 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1555 {
1556 *value=0;
1557 return(err);
1558 }
1559 switch (direntry->tdir_type)
1560 {
1561 case TIFF_LONG:
1562 *value=(uint32*)origdata;
1563 if (tif->tif_flags&TIFF_SWAB)
1564 TIFFSwabArrayOfLong(*value,count);
1565 return(TIFFReadDirEntryErrOk);
1566 case TIFF_SLONG:
1567 {
1568 int32* m;
1569 uint32 n;
1570 m=(int32*)origdata;
1571 for (n=0; n<count; n++)
1572 {
1573 if (tif->tif_flags&TIFF_SWAB)
1574 TIFFSwabLong((uint32*)m);
1575 err=TIFFReadDirEntryCheckRangeLongSlong(*m);
1576 if (err!=TIFFReadDirEntryErrOk)
1577 {
1578 _TIFFfree(origdata);
1579 return(err);
1580 }
1581 m++;
1582 }
1583 *value=(uint32*)origdata;
1584 return(TIFFReadDirEntryErrOk);
1585 }
1586 }
1587 data=(uint32*)_TIFFmalloc(count*4);
1588 if (data==0)
1589 {
1590 _TIFFfree(origdata);
1591 return(TIFFReadDirEntryErrAlloc);
1592 }
1593 switch (direntry->tdir_type)
1594 {
1595 case TIFF_BYTE:
1596 {
1597 uint8* ma;
1598 uint32* mb;
1599 uint32 n;
1600 ma=(uint8*)origdata;
1601 mb=data;
1602 for (n=0; n<count; n++)
1603 *mb++=(uint32)(*ma++);
1604 }
1605 break;
1606 case TIFF_SBYTE:
1607 {
1608 int8* ma;
1609 uint32* mb;
1610 uint32 n;
1611 ma=(int8*)origdata;
1612 mb=data;
1613 for (n=0; n<count; n++)
1614 {
1615 err=TIFFReadDirEntryCheckRangeLongSbyte(*ma);
1616 if (err!=TIFFReadDirEntryErrOk)
1617 break;
1618 *mb++=(uint32)(*ma++);
1619 }
1620 }
1621 break;
1622 case TIFF_SHORT:
1623 {
1624 uint16* ma;
1625 uint32* mb;
1626 uint32 n;
1627 ma=(uint16*)origdata;
1628 mb=data;
1629 for (n=0; n<count; n++)
1630 {
1631 if (tif->tif_flags&TIFF_SWAB)
1632 TIFFSwabShort(ma);
1633 *mb++=(uint32)(*ma++);
1634 }
1635 }
1636 break;
1637 case TIFF_SSHORT:
1638 {
1639 int16* ma;
1640 uint32* mb;
1641 uint32 n;
1642 ma=(int16*)origdata;
1643 mb=data;
1644 for (n=0; n<count; n++)
1645 {
1646 if (tif->tif_flags&TIFF_SWAB)
1647 TIFFSwabShort((uint16*)ma);
1648 err=TIFFReadDirEntryCheckRangeLongSshort(*ma);
1649 if (err!=TIFFReadDirEntryErrOk)
1650 break;
1651 *mb++=(uint32)(*ma++);
1652 }
1653 }
1654 break;
1655 case TIFF_LONG8:
1656 {
1657 uint64* ma;
1658 uint32* mb;
1659 uint32 n;
1660 ma=(uint64*)origdata;
1661 mb=data;
1662 for (n=0; n<count; n++)
1663 {
1664 if (tif->tif_flags&TIFF_SWAB)
1665 TIFFSwabLong8(ma);
1666 err=TIFFReadDirEntryCheckRangeLongLong8(*ma);
1667 if (err!=TIFFReadDirEntryErrOk)
1668 break;
1669 *mb++=(uint32)(*ma++);
1670 }
1671 }
1672 break;
1673 case TIFF_SLONG8:
1674 {
1675 int64* ma;
1676 uint32* mb;
1677 uint32 n;
1678 ma=(int64*)origdata;
1679 mb=data;
1680 for (n=0; n<count; n++)
1681 {
1682 if (tif->tif_flags&TIFF_SWAB)
1683 TIFFSwabLong8((uint64*)ma);
1684 err=TIFFReadDirEntryCheckRangeLongSlong8(*ma);
1685 if (err!=TIFFReadDirEntryErrOk)
1686 break;
1687 *mb++=(uint32)(*ma++);
1688 }
1689 }
1690 break;
1691 }
1692 _TIFFfree(origdata);
1693 if (err!=TIFFReadDirEntryErrOk)
1694 {
1695 _TIFFfree(data);
1696 return(err);
1697 }
1698 *value=data;
1699 return(TIFFReadDirEntryErrOk);
1700 }
1701
TIFFReadDirEntrySlongArray(TIFF * tif,TIFFDirEntry * direntry,int32 ** value)1702 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value)
1703 {
1704 enum TIFFReadDirEntryErr err;
1705 uint32 count;
1706 void* origdata;
1707 int32* data;
1708 switch (direntry->tdir_type)
1709 {
1710 case TIFF_BYTE:
1711 case TIFF_SBYTE:
1712 case TIFF_SHORT:
1713 case TIFF_SSHORT:
1714 case TIFF_LONG:
1715 case TIFF_SLONG:
1716 case TIFF_LONG8:
1717 case TIFF_SLONG8:
1718 break;
1719 default:
1720 return(TIFFReadDirEntryErrType);
1721 }
1722 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1723 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1724 {
1725 *value=0;
1726 return(err);
1727 }
1728 switch (direntry->tdir_type)
1729 {
1730 case TIFF_LONG:
1731 {
1732 uint32* m;
1733 uint32 n;
1734 m=(uint32*)origdata;
1735 for (n=0; n<count; n++)
1736 {
1737 if (tif->tif_flags&TIFF_SWAB)
1738 TIFFSwabLong((uint32*)m);
1739 err=TIFFReadDirEntryCheckRangeSlongLong(*m);
1740 if (err!=TIFFReadDirEntryErrOk)
1741 {
1742 _TIFFfree(origdata);
1743 return(err);
1744 }
1745 m++;
1746 }
1747 *value=(int32*)origdata;
1748 return(TIFFReadDirEntryErrOk);
1749 }
1750 case TIFF_SLONG:
1751 *value=(int32*)origdata;
1752 if (tif->tif_flags&TIFF_SWAB)
1753 TIFFSwabArrayOfLong((uint32*)(*value),count);
1754 return(TIFFReadDirEntryErrOk);
1755 }
1756 data=(int32*)_TIFFmalloc(count*4);
1757 if (data==0)
1758 {
1759 _TIFFfree(origdata);
1760 return(TIFFReadDirEntryErrAlloc);
1761 }
1762 switch (direntry->tdir_type)
1763 {
1764 case TIFF_BYTE:
1765 {
1766 uint8* ma;
1767 int32* mb;
1768 uint32 n;
1769 ma=(uint8*)origdata;
1770 mb=data;
1771 for (n=0; n<count; n++)
1772 *mb++=(int32)(*ma++);
1773 }
1774 break;
1775 case TIFF_SBYTE:
1776 {
1777 int8* ma;
1778 int32* mb;
1779 uint32 n;
1780 ma=(int8*)origdata;
1781 mb=data;
1782 for (n=0; n<count; n++)
1783 *mb++=(int32)(*ma++);
1784 }
1785 break;
1786 case TIFF_SHORT:
1787 {
1788 uint16* ma;
1789 int32* mb;
1790 uint32 n;
1791 ma=(uint16*)origdata;
1792 mb=data;
1793 for (n=0; n<count; n++)
1794 {
1795 if (tif->tif_flags&TIFF_SWAB)
1796 TIFFSwabShort(ma);
1797 *mb++=(int32)(*ma++);
1798 }
1799 }
1800 break;
1801 case TIFF_SSHORT:
1802 {
1803 int16* ma;
1804 int32* mb;
1805 uint32 n;
1806 ma=(int16*)origdata;
1807 mb=data;
1808 for (n=0; n<count; n++)
1809 {
1810 if (tif->tif_flags&TIFF_SWAB)
1811 TIFFSwabShort((uint16*)ma);
1812 *mb++=(int32)(*ma++);
1813 }
1814 }
1815 break;
1816 case TIFF_LONG8:
1817 {
1818 uint64* ma;
1819 int32* mb;
1820 uint32 n;
1821 ma=(uint64*)origdata;
1822 mb=data;
1823 for (n=0; n<count; n++)
1824 {
1825 if (tif->tif_flags&TIFF_SWAB)
1826 TIFFSwabLong8(ma);
1827 err=TIFFReadDirEntryCheckRangeSlongLong8(*ma);
1828 if (err!=TIFFReadDirEntryErrOk)
1829 break;
1830 *mb++=(int32)(*ma++);
1831 }
1832 }
1833 break;
1834 case TIFF_SLONG8:
1835 {
1836 int64* ma;
1837 int32* mb;
1838 uint32 n;
1839 ma=(int64*)origdata;
1840 mb=data;
1841 for (n=0; n<count; n++)
1842 {
1843 if (tif->tif_flags&TIFF_SWAB)
1844 TIFFSwabLong8((uint64*)ma);
1845 err=TIFFReadDirEntryCheckRangeSlongSlong8(*ma);
1846 if (err!=TIFFReadDirEntryErrOk)
1847 break;
1848 *mb++=(int32)(*ma++);
1849 }
1850 }
1851 break;
1852 }
1853 _TIFFfree(origdata);
1854 if (err!=TIFFReadDirEntryErrOk)
1855 {
1856 _TIFFfree(data);
1857 return(err);
1858 }
1859 *value=data;
1860 return(TIFFReadDirEntryErrOk);
1861 }
1862
TIFFReadDirEntryLong8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)1863 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
1864 {
1865 enum TIFFReadDirEntryErr err;
1866 uint32 count;
1867 void* origdata;
1868 uint64* data;
1869 switch (direntry->tdir_type)
1870 {
1871 case TIFF_BYTE:
1872 case TIFF_SBYTE:
1873 case TIFF_SHORT:
1874 case TIFF_SSHORT:
1875 case TIFF_LONG:
1876 case TIFF_SLONG:
1877 case TIFF_LONG8:
1878 case TIFF_SLONG8:
1879 break;
1880 default:
1881 return(TIFFReadDirEntryErrType);
1882 }
1883 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
1884 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1885 {
1886 *value=0;
1887 return(err);
1888 }
1889 switch (direntry->tdir_type)
1890 {
1891 case TIFF_LONG8:
1892 *value=(uint64*)origdata;
1893 if (tif->tif_flags&TIFF_SWAB)
1894 TIFFSwabArrayOfLong8(*value,count);
1895 return(TIFFReadDirEntryErrOk);
1896 case TIFF_SLONG8:
1897 {
1898 int64* m;
1899 uint32 n;
1900 m=(int64*)origdata;
1901 for (n=0; n<count; n++)
1902 {
1903 if (tif->tif_flags&TIFF_SWAB)
1904 TIFFSwabLong8((uint64*)m);
1905 err=TIFFReadDirEntryCheckRangeLong8Slong8(*m);
1906 if (err!=TIFFReadDirEntryErrOk)
1907 {
1908 _TIFFfree(origdata);
1909 return(err);
1910 }
1911 m++;
1912 }
1913 *value=(uint64*)origdata;
1914 return(TIFFReadDirEntryErrOk);
1915 }
1916 }
1917 data=(uint64*)_TIFFmalloc(count*8);
1918 if (data==0)
1919 {
1920 _TIFFfree(origdata);
1921 return(TIFFReadDirEntryErrAlloc);
1922 }
1923 switch (direntry->tdir_type)
1924 {
1925 case TIFF_BYTE:
1926 {
1927 uint8* ma;
1928 uint64* mb;
1929 uint32 n;
1930 ma=(uint8*)origdata;
1931 mb=data;
1932 for (n=0; n<count; n++)
1933 *mb++=(uint64)(*ma++);
1934 }
1935 break;
1936 case TIFF_SBYTE:
1937 {
1938 int8* ma;
1939 uint64* mb;
1940 uint32 n;
1941 ma=(int8*)origdata;
1942 mb=data;
1943 for (n=0; n<count; n++)
1944 {
1945 err=TIFFReadDirEntryCheckRangeLong8Sbyte(*ma);
1946 if (err!=TIFFReadDirEntryErrOk)
1947 break;
1948 *mb++=(uint64)(*ma++);
1949 }
1950 }
1951 break;
1952 case TIFF_SHORT:
1953 {
1954 uint16* ma;
1955 uint64* mb;
1956 uint32 n;
1957 ma=(uint16*)origdata;
1958 mb=data;
1959 for (n=0; n<count; n++)
1960 {
1961 if (tif->tif_flags&TIFF_SWAB)
1962 TIFFSwabShort(ma);
1963 *mb++=(uint64)(*ma++);
1964 }
1965 }
1966 break;
1967 case TIFF_SSHORT:
1968 {
1969 int16* ma;
1970 uint64* mb;
1971 uint32 n;
1972 ma=(int16*)origdata;
1973 mb=data;
1974 for (n=0; n<count; n++)
1975 {
1976 if (tif->tif_flags&TIFF_SWAB)
1977 TIFFSwabShort((uint16*)ma);
1978 err=TIFFReadDirEntryCheckRangeLong8Sshort(*ma);
1979 if (err!=TIFFReadDirEntryErrOk)
1980 break;
1981 *mb++=(uint64)(*ma++);
1982 }
1983 }
1984 break;
1985 case TIFF_LONG:
1986 {
1987 uint32* ma;
1988 uint64* mb;
1989 uint32 n;
1990 ma=(uint32*)origdata;
1991 mb=data;
1992 for (n=0; n<count; n++)
1993 {
1994 if (tif->tif_flags&TIFF_SWAB)
1995 TIFFSwabLong(ma);
1996 *mb++=(uint64)(*ma++);
1997 }
1998 }
1999 break;
2000 case TIFF_SLONG:
2001 {
2002 int32* ma;
2003 uint64* mb;
2004 uint32 n;
2005 ma=(int32*)origdata;
2006 mb=data;
2007 for (n=0; n<count; n++)
2008 {
2009 if (tif->tif_flags&TIFF_SWAB)
2010 TIFFSwabLong((uint32*)ma);
2011 err=TIFFReadDirEntryCheckRangeLong8Slong(*ma);
2012 if (err!=TIFFReadDirEntryErrOk)
2013 break;
2014 *mb++=(uint64)(*ma++);
2015 }
2016 }
2017 break;
2018 }
2019 _TIFFfree(origdata);
2020 if (err!=TIFFReadDirEntryErrOk)
2021 {
2022 _TIFFfree(data);
2023 return(err);
2024 }
2025 *value=data;
2026 return(TIFFReadDirEntryErrOk);
2027 }
2028
TIFFReadDirEntrySlong8Array(TIFF * tif,TIFFDirEntry * direntry,int64 ** value)2029 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value)
2030 {
2031 enum TIFFReadDirEntryErr err;
2032 uint32 count;
2033 void* origdata;
2034 int64* data;
2035 switch (direntry->tdir_type)
2036 {
2037 case TIFF_BYTE:
2038 case TIFF_SBYTE:
2039 case TIFF_SHORT:
2040 case TIFF_SSHORT:
2041 case TIFF_LONG:
2042 case TIFF_SLONG:
2043 case TIFF_LONG8:
2044 case TIFF_SLONG8:
2045 break;
2046 default:
2047 return(TIFFReadDirEntryErrType);
2048 }
2049 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2050 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2051 {
2052 *value=0;
2053 return(err);
2054 }
2055 switch (direntry->tdir_type)
2056 {
2057 case TIFF_LONG8:
2058 {
2059 uint64* m;
2060 uint32 n;
2061 m=(uint64*)origdata;
2062 for (n=0; n<count; n++)
2063 {
2064 if (tif->tif_flags&TIFF_SWAB)
2065 TIFFSwabLong8(m);
2066 err=TIFFReadDirEntryCheckRangeSlong8Long8(*m);
2067 if (err!=TIFFReadDirEntryErrOk)
2068 {
2069 _TIFFfree(origdata);
2070 return(err);
2071 }
2072 m++;
2073 }
2074 *value=(int64*)origdata;
2075 return(TIFFReadDirEntryErrOk);
2076 }
2077 case TIFF_SLONG8:
2078 *value=(int64*)origdata;
2079 if (tif->tif_flags&TIFF_SWAB)
2080 TIFFSwabArrayOfLong8((uint64*)(*value),count);
2081 return(TIFFReadDirEntryErrOk);
2082 }
2083 data=(int64*)_TIFFmalloc(count*8);
2084 if (data==0)
2085 {
2086 _TIFFfree(origdata);
2087 return(TIFFReadDirEntryErrAlloc);
2088 }
2089 switch (direntry->tdir_type)
2090 {
2091 case TIFF_BYTE:
2092 {
2093 uint8* ma;
2094 int64* mb;
2095 uint32 n;
2096 ma=(uint8*)origdata;
2097 mb=data;
2098 for (n=0; n<count; n++)
2099 *mb++=(int64)(*ma++);
2100 }
2101 break;
2102 case TIFF_SBYTE:
2103 {
2104 int8* ma;
2105 int64* mb;
2106 uint32 n;
2107 ma=(int8*)origdata;
2108 mb=data;
2109 for (n=0; n<count; n++)
2110 *mb++=(int64)(*ma++);
2111 }
2112 break;
2113 case TIFF_SHORT:
2114 {
2115 uint16* ma;
2116 int64* mb;
2117 uint32 n;
2118 ma=(uint16*)origdata;
2119 mb=data;
2120 for (n=0; n<count; n++)
2121 {
2122 if (tif->tif_flags&TIFF_SWAB)
2123 TIFFSwabShort(ma);
2124 *mb++=(int64)(*ma++);
2125 }
2126 }
2127 break;
2128 case TIFF_SSHORT:
2129 {
2130 int16* ma;
2131 int64* mb;
2132 uint32 n;
2133 ma=(int16*)origdata;
2134 mb=data;
2135 for (n=0; n<count; n++)
2136 {
2137 if (tif->tif_flags&TIFF_SWAB)
2138 TIFFSwabShort((uint16*)ma);
2139 *mb++=(int64)(*ma++);
2140 }
2141 }
2142 break;
2143 case TIFF_LONG:
2144 {
2145 uint32* ma;
2146 int64* mb;
2147 uint32 n;
2148 ma=(uint32*)origdata;
2149 mb=data;
2150 for (n=0; n<count; n++)
2151 {
2152 if (tif->tif_flags&TIFF_SWAB)
2153 TIFFSwabLong(ma);
2154 *mb++=(int64)(*ma++);
2155 }
2156 }
2157 break;
2158 case TIFF_SLONG:
2159 {
2160 int32* ma;
2161 int64* mb;
2162 uint32 n;
2163 ma=(int32*)origdata;
2164 mb=data;
2165 for (n=0; n<count; n++)
2166 {
2167 if (tif->tif_flags&TIFF_SWAB)
2168 TIFFSwabLong((uint32*)ma);
2169 *mb++=(int64)(*ma++);
2170 }
2171 }
2172 break;
2173 }
2174 _TIFFfree(origdata);
2175 *value=data;
2176 return(TIFFReadDirEntryErrOk);
2177 }
2178
TIFFReadDirEntryFloatArray(TIFF * tif,TIFFDirEntry * direntry,float ** value)2179 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value)
2180 {
2181 enum TIFFReadDirEntryErr err;
2182 uint32 count;
2183 void* origdata;
2184 float* data;
2185 switch (direntry->tdir_type)
2186 {
2187 case TIFF_BYTE:
2188 case TIFF_SBYTE:
2189 case TIFF_SHORT:
2190 case TIFF_SSHORT:
2191 case TIFF_LONG:
2192 case TIFF_SLONG:
2193 case TIFF_LONG8:
2194 case TIFF_SLONG8:
2195 case TIFF_RATIONAL:
2196 case TIFF_SRATIONAL:
2197 case TIFF_FLOAT:
2198 case TIFF_DOUBLE:
2199 break;
2200 default:
2201 return(TIFFReadDirEntryErrType);
2202 }
2203 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
2204 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2205 {
2206 *value=0;
2207 return(err);
2208 }
2209 switch (direntry->tdir_type)
2210 {
2211 case TIFF_FLOAT:
2212 if (tif->tif_flags&TIFF_SWAB)
2213 TIFFSwabArrayOfLong((uint32*)origdata,count);
2214 TIFFCvtIEEEDoubleToNative(tif,count,(float*)origdata);
2215 *value=(float*)origdata;
2216 return(TIFFReadDirEntryErrOk);
2217 }
2218 data=(float*)_TIFFmalloc(count*sizeof(float));
2219 if (data==0)
2220 {
2221 _TIFFfree(origdata);
2222 return(TIFFReadDirEntryErrAlloc);
2223 }
2224 switch (direntry->tdir_type)
2225 {
2226 case TIFF_BYTE:
2227 {
2228 uint8* ma;
2229 float* mb;
2230 uint32 n;
2231 ma=(uint8*)origdata;
2232 mb=data;
2233 for (n=0; n<count; n++)
2234 *mb++=(float)(*ma++);
2235 }
2236 break;
2237 case TIFF_SBYTE:
2238 {
2239 int8* ma;
2240 float* mb;
2241 uint32 n;
2242 ma=(int8*)origdata;
2243 mb=data;
2244 for (n=0; n<count; n++)
2245 *mb++=(float)(*ma++);
2246 }
2247 break;
2248 case TIFF_SHORT:
2249 {
2250 uint16* ma;
2251 float* mb;
2252 uint32 n;
2253 ma=(uint16*)origdata;
2254 mb=data;
2255 for (n=0; n<count; n++)
2256 {
2257 if (tif->tif_flags&TIFF_SWAB)
2258 TIFFSwabShort(ma);
2259 *mb++=(float)(*ma++);
2260 }
2261 }
2262 break;
2263 case TIFF_SSHORT:
2264 {
2265 int16* ma;
2266 float* mb;
2267 uint32 n;
2268 ma=(int16*)origdata;
2269 mb=data;
2270 for (n=0; n<count; n++)
2271 {
2272 if (tif->tif_flags&TIFF_SWAB)
2273 TIFFSwabShort((uint16*)ma);
2274 *mb++=(float)(*ma++);
2275 }
2276 }
2277 break;
2278 case TIFF_LONG:
2279 {
2280 uint32* ma;
2281 float* mb;
2282 uint32 n;
2283 ma=(uint32*)origdata;
2284 mb=data;
2285 for (n=0; n<count; n++)
2286 {
2287 if (tif->tif_flags&TIFF_SWAB)
2288 TIFFSwabLong(ma);
2289 *mb++=(float)(*ma++);
2290 }
2291 }
2292 break;
2293 case TIFF_SLONG:
2294 {
2295 int32* ma;
2296 float* mb;
2297 uint32 n;
2298 ma=(int32*)origdata;
2299 mb=data;
2300 for (n=0; n<count; n++)
2301 {
2302 if (tif->tif_flags&TIFF_SWAB)
2303 TIFFSwabLong((uint32*)ma);
2304 *mb++=(float)(*ma++);
2305 }
2306 }
2307 break;
2308 case TIFF_LONG8:
2309 {
2310 uint64* ma;
2311 float* mb;
2312 uint32 n;
2313 ma=(uint64*)origdata;
2314 mb=data;
2315 for (n=0; n<count; n++)
2316 {
2317 if (tif->tif_flags&TIFF_SWAB)
2318 TIFFSwabLong8(ma);
2319 #if defined(__WIN32__) && (_MSC_VER < 1500)
2320 /*
2321 * XXX: MSVC 6.0 does not support
2322 * conversion of 64-bit integers into
2323 * floating point values.
2324 */
2325 *mb++ = _TIFFUInt64ToFloat(*ma++);
2326 #else
2327 *mb++ = (float)(*ma++);
2328 #endif
2329 }
2330 }
2331 break;
2332 case TIFF_SLONG8:
2333 {
2334 int64* ma;
2335 float* mb;
2336 uint32 n;
2337 ma=(int64*)origdata;
2338 mb=data;
2339 for (n=0; n<count; n++)
2340 {
2341 if (tif->tif_flags&TIFF_SWAB)
2342 TIFFSwabLong8((uint64*)ma);
2343 *mb++=(float)(*ma++);
2344 }
2345 }
2346 break;
2347 case TIFF_RATIONAL:
2348 {
2349 uint32* ma;
2350 uint32 maa;
2351 uint32 mab;
2352 float* mb;
2353 uint32 n;
2354 ma=(uint32*)origdata;
2355 mb=data;
2356 for (n=0; n<count; n++)
2357 {
2358 if (tif->tif_flags&TIFF_SWAB)
2359 TIFFSwabLong(ma);
2360 maa=*ma++;
2361 if (tif->tif_flags&TIFF_SWAB)
2362 TIFFSwabLong(ma);
2363 mab=*ma++;
2364 if (mab==0)
2365 *mb++=0.0;
2366 else
2367 *mb++=(float)maa/(float)mab;
2368 }
2369 }
2370 break;
2371 case TIFF_SRATIONAL:
2372 {
2373 uint32* ma;
2374 int32 maa;
2375 uint32 mab;
2376 float* mb;
2377 uint32 n;
2378 ma=(uint32*)origdata;
2379 mb=data;
2380 for (n=0; n<count; n++)
2381 {
2382 if (tif->tif_flags&TIFF_SWAB)
2383 TIFFSwabLong(ma);
2384 maa=*(int32*)ma;
2385 ma++;
2386 if (tif->tif_flags&TIFF_SWAB)
2387 TIFFSwabLong(ma);
2388 mab=*ma++;
2389 if (mab==0)
2390 *mb++=0.0;
2391 else
2392 *mb++=(float)maa/(float)mab;
2393 }
2394 }
2395 break;
2396 case TIFF_DOUBLE:
2397 {
2398 double* ma;
2399 float* mb;
2400 uint32 n;
2401 if (tif->tif_flags&TIFF_SWAB)
2402 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2403 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2404 ma=(double*)origdata;
2405 mb=data;
2406 for (n=0; n<count; n++)
2407 *mb++=(float)(*ma++);
2408 }
2409 break;
2410 }
2411 _TIFFfree(origdata);
2412 *value=data;
2413 return(TIFFReadDirEntryErrOk);
2414 }
2415
2416 static enum TIFFReadDirEntryErr
TIFFReadDirEntryDoubleArray(TIFF * tif,TIFFDirEntry * direntry,double ** value)2417 TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value)
2418 {
2419 enum TIFFReadDirEntryErr err;
2420 uint32 count;
2421 void* origdata;
2422 double* data;
2423 switch (direntry->tdir_type)
2424 {
2425 case TIFF_BYTE:
2426 case TIFF_SBYTE:
2427 case TIFF_SHORT:
2428 case TIFF_SSHORT:
2429 case TIFF_LONG:
2430 case TIFF_SLONG:
2431 case TIFF_LONG8:
2432 case TIFF_SLONG8:
2433 case TIFF_RATIONAL:
2434 case TIFF_SRATIONAL:
2435 case TIFF_FLOAT:
2436 case TIFF_DOUBLE:
2437 break;
2438 default:
2439 return(TIFFReadDirEntryErrType);
2440 }
2441 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2442 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2443 {
2444 *value=0;
2445 return(err);
2446 }
2447 switch (direntry->tdir_type)
2448 {
2449 case TIFF_DOUBLE:
2450 if (tif->tif_flags&TIFF_SWAB)
2451 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2452 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2453 *value=(double*)origdata;
2454 return(TIFFReadDirEntryErrOk);
2455 }
2456 data=(double*)_TIFFmalloc(count*sizeof(double));
2457 if (data==0)
2458 {
2459 _TIFFfree(origdata);
2460 return(TIFFReadDirEntryErrAlloc);
2461 }
2462 switch (direntry->tdir_type)
2463 {
2464 case TIFF_BYTE:
2465 {
2466 uint8* ma;
2467 double* mb;
2468 uint32 n;
2469 ma=(uint8*)origdata;
2470 mb=data;
2471 for (n=0; n<count; n++)
2472 *mb++=(double)(*ma++);
2473 }
2474 break;
2475 case TIFF_SBYTE:
2476 {
2477 int8* ma;
2478 double* mb;
2479 uint32 n;
2480 ma=(int8*)origdata;
2481 mb=data;
2482 for (n=0; n<count; n++)
2483 *mb++=(double)(*ma++);
2484 }
2485 break;
2486 case TIFF_SHORT:
2487 {
2488 uint16* ma;
2489 double* mb;
2490 uint32 n;
2491 ma=(uint16*)origdata;
2492 mb=data;
2493 for (n=0; n<count; n++)
2494 {
2495 if (tif->tif_flags&TIFF_SWAB)
2496 TIFFSwabShort(ma);
2497 *mb++=(double)(*ma++);
2498 }
2499 }
2500 break;
2501 case TIFF_SSHORT:
2502 {
2503 int16* ma;
2504 double* mb;
2505 uint32 n;
2506 ma=(int16*)origdata;
2507 mb=data;
2508 for (n=0; n<count; n++)
2509 {
2510 if (tif->tif_flags&TIFF_SWAB)
2511 TIFFSwabShort((uint16*)ma);
2512 *mb++=(double)(*ma++);
2513 }
2514 }
2515 break;
2516 case TIFF_LONG:
2517 {
2518 uint32* ma;
2519 double* mb;
2520 uint32 n;
2521 ma=(uint32*)origdata;
2522 mb=data;
2523 for (n=0; n<count; n++)
2524 {
2525 if (tif->tif_flags&TIFF_SWAB)
2526 TIFFSwabLong(ma);
2527 *mb++=(double)(*ma++);
2528 }
2529 }
2530 break;
2531 case TIFF_SLONG:
2532 {
2533 int32* ma;
2534 double* mb;
2535 uint32 n;
2536 ma=(int32*)origdata;
2537 mb=data;
2538 for (n=0; n<count; n++)
2539 {
2540 if (tif->tif_flags&TIFF_SWAB)
2541 TIFFSwabLong((uint32*)ma);
2542 *mb++=(double)(*ma++);
2543 }
2544 }
2545 break;
2546 case TIFF_LONG8:
2547 {
2548 uint64* ma;
2549 double* mb;
2550 uint32 n;
2551 ma=(uint64*)origdata;
2552 mb=data;
2553 for (n=0; n<count; n++)
2554 {
2555 if (tif->tif_flags&TIFF_SWAB)
2556 TIFFSwabLong8(ma);
2557 #if defined(__WIN32__) && (_MSC_VER < 1500)
2558 /*
2559 * XXX: MSVC 6.0 does not support
2560 * conversion of 64-bit integers into
2561 * floating point values.
2562 */
2563 *mb++ = _TIFFUInt64ToDouble(*ma++);
2564 #else
2565 *mb++ = (double)(*ma++);
2566 #endif
2567 }
2568 }
2569 break;
2570 case TIFF_SLONG8:
2571 {
2572 int64* ma;
2573 double* mb;
2574 uint32 n;
2575 ma=(int64*)origdata;
2576 mb=data;
2577 for (n=0; n<count; n++)
2578 {
2579 if (tif->tif_flags&TIFF_SWAB)
2580 TIFFSwabLong8((uint64*)ma);
2581 *mb++=(double)(*ma++);
2582 }
2583 }
2584 break;
2585 case TIFF_RATIONAL:
2586 {
2587 uint32* ma;
2588 uint32 maa;
2589 uint32 mab;
2590 double* mb;
2591 uint32 n;
2592 ma=(uint32*)origdata;
2593 mb=data;
2594 for (n=0; n<count; n++)
2595 {
2596 if (tif->tif_flags&TIFF_SWAB)
2597 TIFFSwabLong(ma);
2598 maa=*ma++;
2599 if (tif->tif_flags&TIFF_SWAB)
2600 TIFFSwabLong(ma);
2601 mab=*ma++;
2602 if (mab==0)
2603 *mb++=0.0;
2604 else
2605 *mb++=(double)maa/(double)mab;
2606 }
2607 }
2608 break;
2609 case TIFF_SRATIONAL:
2610 {
2611 uint32* ma;
2612 int32 maa;
2613 uint32 mab;
2614 double* mb;
2615 uint32 n;
2616 ma=(uint32*)origdata;
2617 mb=data;
2618 for (n=0; n<count; n++)
2619 {
2620 if (tif->tif_flags&TIFF_SWAB)
2621 TIFFSwabLong(ma);
2622 maa=*(int32*)ma;
2623 ma++;
2624 if (tif->tif_flags&TIFF_SWAB)
2625 TIFFSwabLong(ma);
2626 mab=*ma++;
2627 if (mab==0)
2628 *mb++=0.0;
2629 else
2630 *mb++=(double)maa/(double)mab;
2631 }
2632 }
2633 break;
2634 case TIFF_FLOAT:
2635 {
2636 float* ma;
2637 double* mb;
2638 uint32 n;
2639 if (tif->tif_flags&TIFF_SWAB)
2640 TIFFSwabArrayOfLong((uint32*)origdata,count);
2641 TIFFCvtIEEEFloatToNative(tif,count,(float*)origdata);
2642 ma=(float*)origdata;
2643 mb=data;
2644 for (n=0; n<count; n++)
2645 *mb++=(double)(*ma++);
2646 }
2647 break;
2648 }
2649 _TIFFfree(origdata);
2650 *value=data;
2651 return(TIFFReadDirEntryErrOk);
2652 }
2653
TIFFReadDirEntryIfd8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2654 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2655 {
2656 enum TIFFReadDirEntryErr err;
2657 uint32 count;
2658 void* origdata;
2659 uint64* data;
2660 switch (direntry->tdir_type)
2661 {
2662 case TIFF_LONG:
2663 case TIFF_LONG8:
2664 case TIFF_IFD:
2665 case TIFF_IFD8:
2666 break;
2667 default:
2668 return(TIFFReadDirEntryErrType);
2669 }
2670 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2671 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2672 {
2673 *value=0;
2674 return(err);
2675 }
2676 switch (direntry->tdir_type)
2677 {
2678 case TIFF_LONG8:
2679 case TIFF_IFD8:
2680 *value=(uint64*)origdata;
2681 if (tif->tif_flags&TIFF_SWAB)
2682 TIFFSwabArrayOfLong8(*value,count);
2683 return(TIFFReadDirEntryErrOk);
2684 }
2685 data=(uint64*)_TIFFmalloc(count*8);
2686 if (data==0)
2687 {
2688 _TIFFfree(origdata);
2689 return(TIFFReadDirEntryErrAlloc);
2690 }
2691 switch (direntry->tdir_type)
2692 {
2693 case TIFF_LONG:
2694 case TIFF_IFD:
2695 {
2696 uint32* ma;
2697 uint64* mb;
2698 uint32 n;
2699 ma=(uint32*)origdata;
2700 mb=data;
2701 for (n=0; n<count; n++)
2702 {
2703 if (tif->tif_flags&TIFF_SWAB)
2704 TIFFSwabLong(ma);
2705 *mb++=(uint64)(*ma++);
2706 }
2707 }
2708 break;
2709 }
2710 _TIFFfree(origdata);
2711 *value=data;
2712 return(TIFFReadDirEntryErrOk);
2713 }
2714
TIFFReadDirEntryPersampleShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2715 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2716 {
2717 enum TIFFReadDirEntryErr err;
2718 uint16* m;
2719 uint16* na;
2720 uint16 nb;
2721 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2722 return(TIFFReadDirEntryErrCount);
2723 err=TIFFReadDirEntryShortArray(tif,direntry,&m);
2724 if (err!=TIFFReadDirEntryErrOk)
2725 return(err);
2726 na=m;
2727 nb=tif->tif_dir.td_samplesperpixel;
2728 *value=*na++;
2729 nb--;
2730 while (nb>0)
2731 {
2732 if (*na++!=*value)
2733 {
2734 err=TIFFReadDirEntryErrPsdif;
2735 break;
2736 }
2737 nb--;
2738 }
2739 _TIFFfree(m);
2740 return(err);
2741 }
2742
2743 #if 0
2744 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2745 {
2746 enum TIFFReadDirEntryErr err;
2747 double* m;
2748 double* na;
2749 uint16 nb;
2750 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2751 return(TIFFReadDirEntryErrCount);
2752 err=TIFFReadDirEntryDoubleArray(tif,direntry,&m);
2753 if (err!=TIFFReadDirEntryErrOk)
2754 return(err);
2755 na=m;
2756 nb=tif->tif_dir.td_samplesperpixel;
2757 *value=*na++;
2758 nb--;
2759 while (nb>0)
2760 {
2761 if (*na++!=*value)
2762 {
2763 err=TIFFReadDirEntryErrPsdif;
2764 break;
2765 }
2766 nb--;
2767 }
2768 _TIFFfree(m);
2769 return(err);
2770 }
2771 #endif
2772
TIFFReadDirEntryCheckedByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)2773 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
2774 {
2775 (void) tif;
2776 *value=*(uint8*)(&direntry->tdir_offset);
2777 }
2778
TIFFReadDirEntryCheckedSbyte(TIFF * tif,TIFFDirEntry * direntry,int8 * value)2779 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value)
2780 {
2781 (void) tif;
2782 *value=*(int8*)(&direntry->tdir_offset);
2783 }
2784
TIFFReadDirEntryCheckedShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2785 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2786 {
2787 *value = direntry->tdir_offset.toff_short;
2788 /* *value=*(uint16*)(&direntry->tdir_offset); */
2789 if (tif->tif_flags&TIFF_SWAB)
2790 TIFFSwabShort(value);
2791 }
2792
TIFFReadDirEntryCheckedSshort(TIFF * tif,TIFFDirEntry * direntry,int16 * value)2793 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value)
2794 {
2795 *value=*(int16*)(&direntry->tdir_offset);
2796 if (tif->tif_flags&TIFF_SWAB)
2797 TIFFSwabShort((uint16*)value);
2798 }
2799
TIFFReadDirEntryCheckedLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)2800 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
2801 {
2802 *value=*(uint32*)(&direntry->tdir_offset);
2803 if (tif->tif_flags&TIFF_SWAB)
2804 TIFFSwabLong(value);
2805 }
2806
TIFFReadDirEntryCheckedSlong(TIFF * tif,TIFFDirEntry * direntry,int32 * value)2807 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value)
2808 {
2809 *value=*(int32*)(&direntry->tdir_offset);
2810 if (tif->tif_flags&TIFF_SWAB)
2811 TIFFSwabLong((uint32*)value);
2812 }
2813
TIFFReadDirEntryCheckedLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)2814 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
2815 {
2816 if (!(tif->tif_flags&TIFF_BIGTIFF))
2817 {
2818 enum TIFFReadDirEntryErr err;
2819 uint32 offset = direntry->tdir_offset.toff_long;
2820 if (tif->tif_flags&TIFF_SWAB)
2821 TIFFSwabLong(&offset);
2822 err=TIFFReadDirEntryData(tif,offset,8,value);
2823 if (err!=TIFFReadDirEntryErrOk)
2824 return(err);
2825 }
2826 else
2827 *value = direntry->tdir_offset.toff_long8;
2828 if (tif->tif_flags&TIFF_SWAB)
2829 TIFFSwabLong8(value);
2830 return(TIFFReadDirEntryErrOk);
2831 }
2832
TIFFReadDirEntryCheckedSlong8(TIFF * tif,TIFFDirEntry * direntry,int64 * value)2833 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value)
2834 {
2835 if (!(tif->tif_flags&TIFF_BIGTIFF))
2836 {
2837 enum TIFFReadDirEntryErr err;
2838 uint32 offset = direntry->tdir_offset.toff_long;
2839 if (tif->tif_flags&TIFF_SWAB)
2840 TIFFSwabLong(&offset);
2841 err=TIFFReadDirEntryData(tif,offset,8,value);
2842 if (err!=TIFFReadDirEntryErrOk)
2843 return(err);
2844 }
2845 else
2846 *value=*(int64*)(&direntry->tdir_offset);
2847 if (tif->tif_flags&TIFF_SWAB)
2848 TIFFSwabLong8((uint64*)value);
2849 return(TIFFReadDirEntryErrOk);
2850 }
2851
TIFFReadDirEntryCheckedRational(TIFF * tif,TIFFDirEntry * direntry,double * value)2852 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2853 {
2854 UInt64Aligned_t m;
2855
2856 assert(sizeof(double)==8);
2857 assert(sizeof(uint64)==8);
2858 assert(sizeof(uint32)==4);
2859 if (!(tif->tif_flags&TIFF_BIGTIFF))
2860 {
2861 enum TIFFReadDirEntryErr err;
2862 uint32 offset = direntry->tdir_offset.toff_long;
2863 if (tif->tif_flags&TIFF_SWAB)
2864 TIFFSwabLong(&offset);
2865 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2866 if (err!=TIFFReadDirEntryErrOk)
2867 return(err);
2868 }
2869 else
2870 m.l = direntry->tdir_offset.toff_long8;
2871 if (tif->tif_flags&TIFF_SWAB)
2872 TIFFSwabArrayOfLong(m.i,2);
2873 if (m.i[0]==0)
2874 *value=0.0;
2875 else
2876 *value=(double)m.i[0]/(double)m.i[1];
2877 return(TIFFReadDirEntryErrOk);
2878 }
2879
TIFFReadDirEntryCheckedSrational(TIFF * tif,TIFFDirEntry * direntry,double * value)2880 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2881 {
2882 UInt64Aligned_t m;
2883 assert(sizeof(double)==8);
2884 assert(sizeof(uint64)==8);
2885 assert(sizeof(int32)==4);
2886 assert(sizeof(uint32)==4);
2887 if (!(tif->tif_flags&TIFF_BIGTIFF))
2888 {
2889 enum TIFFReadDirEntryErr err;
2890 uint32 offset = direntry->tdir_offset.toff_long;
2891 if (tif->tif_flags&TIFF_SWAB)
2892 TIFFSwabLong(&offset);
2893 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2894 if (err!=TIFFReadDirEntryErrOk)
2895 return(err);
2896 }
2897 else
2898 m.l=direntry->tdir_offset.toff_long8;
2899 if (tif->tif_flags&TIFF_SWAB)
2900 TIFFSwabArrayOfLong(m.i,2);
2901 if ((int32)m.i[0]==0)
2902 *value=0.0;
2903 else
2904 *value=(double)((int32)m.i[0])/(double)m.i[1];
2905 return(TIFFReadDirEntryErrOk);
2906 }
2907
TIFFReadDirEntryCheckedFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)2908 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
2909 {
2910 union
2911 {
2912 float f;
2913 uint32 i;
2914 } float_union;
2915 assert(sizeof(float)==4);
2916 assert(sizeof(uint32)==4);
2917 assert(sizeof(float_union)==4);
2918 float_union.i=*(uint32*)(&direntry->tdir_offset);
2919 *value=float_union.f;
2920 if (tif->tif_flags&TIFF_SWAB)
2921 TIFFSwabLong((uint32*)value);
2922 }
2923
TIFFReadDirEntryCheckedDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)2924 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2925 {
2926 assert(sizeof(double)==8);
2927 assert(sizeof(uint64)==8);
2928 assert(sizeof(UInt64Aligned_t)==8);
2929 if (!(tif->tif_flags&TIFF_BIGTIFF))
2930 {
2931 enum TIFFReadDirEntryErr err;
2932 uint32 offset = direntry->tdir_offset.toff_long;
2933 if (tif->tif_flags&TIFF_SWAB)
2934 TIFFSwabLong(&offset);
2935 err=TIFFReadDirEntryData(tif,offset,8,value);
2936 if (err!=TIFFReadDirEntryErrOk)
2937 return(err);
2938 }
2939 else
2940 {
2941 UInt64Aligned_t uint64_union;
2942 uint64_union.l=direntry->tdir_offset.toff_long8;
2943 *value=uint64_union.d;
2944 }
2945 if (tif->tif_flags&TIFF_SWAB)
2946 TIFFSwabLong8((uint64*)value);
2947 return(TIFFReadDirEntryErrOk);
2948 }
2949
TIFFReadDirEntryCheckRangeByteSbyte(int8 value)2950 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value)
2951 {
2952 if (value<0)
2953 return(TIFFReadDirEntryErrRange);
2954 else
2955 return(TIFFReadDirEntryErrOk);
2956 }
2957
TIFFReadDirEntryCheckRangeByteShort(uint16 value)2958 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value)
2959 {
2960 if (value>0xFF)
2961 return(TIFFReadDirEntryErrRange);
2962 else
2963 return(TIFFReadDirEntryErrOk);
2964 }
2965
TIFFReadDirEntryCheckRangeByteSshort(int16 value)2966 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value)
2967 {
2968 if ((value<0)||(value>0xFF))
2969 return(TIFFReadDirEntryErrRange);
2970 else
2971 return(TIFFReadDirEntryErrOk);
2972 }
2973
TIFFReadDirEntryCheckRangeByteLong(uint32 value)2974 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value)
2975 {
2976 if (value>0xFF)
2977 return(TIFFReadDirEntryErrRange);
2978 else
2979 return(TIFFReadDirEntryErrOk);
2980 }
2981
TIFFReadDirEntryCheckRangeByteSlong(int32 value)2982 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value)
2983 {
2984 if ((value<0)||(value>0xFF))
2985 return(TIFFReadDirEntryErrRange);
2986 else
2987 return(TIFFReadDirEntryErrOk);
2988 }
2989
TIFFReadDirEntryCheckRangeByteLong8(uint64 value)2990 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value)
2991 {
2992 if (value>0xFF)
2993 return(TIFFReadDirEntryErrRange);
2994 else
2995 return(TIFFReadDirEntryErrOk);
2996 }
2997
TIFFReadDirEntryCheckRangeByteSlong8(int64 value)2998 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value)
2999 {
3000 if ((value<0)||(value>0xFF))
3001 return(TIFFReadDirEntryErrRange);
3002 else
3003 return(TIFFReadDirEntryErrOk);
3004 }
3005
TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)3006 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)
3007 {
3008 if (value>0x7F)
3009 return(TIFFReadDirEntryErrRange);
3010 else
3011 return(TIFFReadDirEntryErrOk);
3012 }
3013
TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)3014 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)
3015 {
3016 if (value>0x7F)
3017 return(TIFFReadDirEntryErrRange);
3018 else
3019 return(TIFFReadDirEntryErrOk);
3020 }
3021
TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)3022 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)
3023 {
3024 if ((value<-0x80)||(value>0x7F))
3025 return(TIFFReadDirEntryErrRange);
3026 else
3027 return(TIFFReadDirEntryErrOk);
3028 }
3029
TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)3030 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)
3031 {
3032 if (value>0x7F)
3033 return(TIFFReadDirEntryErrRange);
3034 else
3035 return(TIFFReadDirEntryErrOk);
3036 }
3037
TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)3038 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)
3039 {
3040 if ((value<-0x80)||(value>0x7F))
3041 return(TIFFReadDirEntryErrRange);
3042 else
3043 return(TIFFReadDirEntryErrOk);
3044 }
3045
TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)3046 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)
3047 {
3048 if (value>0x7F)
3049 return(TIFFReadDirEntryErrRange);
3050 else
3051 return(TIFFReadDirEntryErrOk);
3052 }
3053
TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)3054 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)
3055 {
3056 if ((value<-0x80)||(value>0x7F))
3057 return(TIFFReadDirEntryErrRange);
3058 else
3059 return(TIFFReadDirEntryErrOk);
3060 }
3061
TIFFReadDirEntryCheckRangeShortSbyte(int8 value)3062 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value)
3063 {
3064 if (value<0)
3065 return(TIFFReadDirEntryErrRange);
3066 else
3067 return(TIFFReadDirEntryErrOk);
3068 }
3069
TIFFReadDirEntryCheckRangeShortSshort(int16 value)3070 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value)
3071 {
3072 if (value<0)
3073 return(TIFFReadDirEntryErrRange);
3074 else
3075 return(TIFFReadDirEntryErrOk);
3076 }
3077
TIFFReadDirEntryCheckRangeShortLong(uint32 value)3078 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value)
3079 {
3080 if (value>0xFFFF)
3081 return(TIFFReadDirEntryErrRange);
3082 else
3083 return(TIFFReadDirEntryErrOk);
3084 }
3085
TIFFReadDirEntryCheckRangeShortSlong(int32 value)3086 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value)
3087 {
3088 if ((value<0)||(value>0xFFFF))
3089 return(TIFFReadDirEntryErrRange);
3090 else
3091 return(TIFFReadDirEntryErrOk);
3092 }
3093
TIFFReadDirEntryCheckRangeShortLong8(uint64 value)3094 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value)
3095 {
3096 if (value>0xFFFF)
3097 return(TIFFReadDirEntryErrRange);
3098 else
3099 return(TIFFReadDirEntryErrOk);
3100 }
3101
TIFFReadDirEntryCheckRangeShortSlong8(int64 value)3102 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value)
3103 {
3104 if ((value<0)||(value>0xFFFF))
3105 return(TIFFReadDirEntryErrRange);
3106 else
3107 return(TIFFReadDirEntryErrOk);
3108 }
3109
TIFFReadDirEntryCheckRangeSshortShort(uint16 value)3110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value)
3111 {
3112 if (value>0x7FFF)
3113 return(TIFFReadDirEntryErrRange);
3114 else
3115 return(TIFFReadDirEntryErrOk);
3116 }
3117
TIFFReadDirEntryCheckRangeSshortLong(uint32 value)3118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value)
3119 {
3120 if (value>0x7FFF)
3121 return(TIFFReadDirEntryErrRange);
3122 else
3123 return(TIFFReadDirEntryErrOk);
3124 }
3125
TIFFReadDirEntryCheckRangeSshortSlong(int32 value)3126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value)
3127 {
3128 if ((value<-0x8000)||(value>0x7FFF))
3129 return(TIFFReadDirEntryErrRange);
3130 else
3131 return(TIFFReadDirEntryErrOk);
3132 }
3133
TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)3134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)
3135 {
3136 if (value>0x7FFF)
3137 return(TIFFReadDirEntryErrRange);
3138 else
3139 return(TIFFReadDirEntryErrOk);
3140 }
3141
TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)3142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)
3143 {
3144 if ((value<-0x8000)||(value>0x7FFF))
3145 return(TIFFReadDirEntryErrRange);
3146 else
3147 return(TIFFReadDirEntryErrOk);
3148 }
3149
TIFFReadDirEntryCheckRangeLongSbyte(int8 value)3150 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value)
3151 {
3152 if (value<0)
3153 return(TIFFReadDirEntryErrRange);
3154 else
3155 return(TIFFReadDirEntryErrOk);
3156 }
3157
TIFFReadDirEntryCheckRangeLongSshort(int16 value)3158 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value)
3159 {
3160 if (value<0)
3161 return(TIFFReadDirEntryErrRange);
3162 else
3163 return(TIFFReadDirEntryErrOk);
3164 }
3165
TIFFReadDirEntryCheckRangeLongSlong(int32 value)3166 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value)
3167 {
3168 if (value<0)
3169 return(TIFFReadDirEntryErrRange);
3170 else
3171 return(TIFFReadDirEntryErrOk);
3172 }
3173
3174 /*
3175 * Largest 32-bit unsigned integer value.
3176 */
3177 #define TIFF_UINT32_MAX 0xFFFFFFFFU
3178
3179 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongLong8(uint64 value)3180 TIFFReadDirEntryCheckRangeLongLong8(uint64 value)
3181 {
3182 if (value > TIFF_UINT32_MAX)
3183 return(TIFFReadDirEntryErrRange);
3184 else
3185 return(TIFFReadDirEntryErrOk);
3186 }
3187
3188 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongSlong8(int64 value)3189 TIFFReadDirEntryCheckRangeLongSlong8(int64 value)
3190 {
3191 if ((value < 0) || (value > (int64) TIFF_UINT32_MAX))
3192 return(TIFFReadDirEntryErrRange);
3193 else
3194 return(TIFFReadDirEntryErrOk);
3195 }
3196
3197 #undef TIFF_UINT32_MAX
3198
3199 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong(uint32 value)3200 TIFFReadDirEntryCheckRangeSlongLong(uint32 value)
3201 {
3202 if (value > 0x7FFFFFFFUL)
3203 return(TIFFReadDirEntryErrRange);
3204 else
3205 return(TIFFReadDirEntryErrOk);
3206 }
3207
3208 /* Check that the 8-byte unsigned value can fit in a 4-byte unsigned range */
3209 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)3210 TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)
3211 {
3212 if (value > 0x7FFFFFFF)
3213 return(TIFFReadDirEntryErrRange);
3214 else
3215 return(TIFFReadDirEntryErrOk);
3216 }
3217
3218 /* Check that the 8-byte signed value can fit in a 4-byte signed range */
3219 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)3220 TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)
3221 {
3222 if ((value < 0-((int64) 0x7FFFFFFF+1)) || (value > 0x7FFFFFFF))
3223 return(TIFFReadDirEntryErrRange);
3224 else
3225 return(TIFFReadDirEntryErrOk);
3226 }
3227
3228 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)3229 TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)
3230 {
3231 if (value < 0)
3232 return(TIFFReadDirEntryErrRange);
3233 else
3234 return(TIFFReadDirEntryErrOk);
3235 }
3236
3237 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)3238 TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)
3239 {
3240 if (value < 0)
3241 return(TIFFReadDirEntryErrRange);
3242 else
3243 return(TIFFReadDirEntryErrOk);
3244 }
3245
3246 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong(int32 value)3247 TIFFReadDirEntryCheckRangeLong8Slong(int32 value)
3248 {
3249 if (value < 0)
3250 return(TIFFReadDirEntryErrRange);
3251 else
3252 return(TIFFReadDirEntryErrOk);
3253 }
3254
3255 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)3256 TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)
3257 {
3258 if (value < 0)
3259 return(TIFFReadDirEntryErrRange);
3260 else
3261 return(TIFFReadDirEntryErrOk);
3262 }
3263
3264 /*
3265 * Largest 64-bit signed integer value.
3266 */
3267 #define TIFF_INT64_MAX ((int64)(((uint64) ~0) >> 1))
3268
3269 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)3270 TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)
3271 {
3272 if (value > TIFF_INT64_MAX)
3273 return(TIFFReadDirEntryErrRange);
3274 else
3275 return(TIFFReadDirEntryErrOk);
3276 }
3277
3278 #undef TIFF_INT64_MAX
3279
3280 static enum TIFFReadDirEntryErr
TIFFReadDirEntryData(TIFF * tif,uint64 offset,tmsize_t size,void * dest)3281 TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest)
3282 {
3283 assert(size>0);
3284 if (!isMapped(tif)) {
3285 if (!SeekOK(tif,offset))
3286 return(TIFFReadDirEntryErrIo);
3287 if (!ReadOK(tif,dest,size))
3288 return(TIFFReadDirEntryErrIo);
3289 } else {
3290 size_t ma,mb;
3291 ma=(size_t)offset;
3292 mb=ma+size;
3293 if (((uint64)ma!=offset)
3294 || (mb < ma)
3295 || (mb - ma != (size_t) size)
3296 || (mb < (size_t)size)
3297 || (mb > (size_t)tif->tif_size)
3298 )
3299 return(TIFFReadDirEntryErrIo);
3300 _TIFFmemcpy(dest,tif->tif_base+ma,size);
3301 }
3302 return(TIFFReadDirEntryErrOk);
3303 }
3304
TIFFReadDirEntryOutputErr(TIFF * tif,enum TIFFReadDirEntryErr err,const char * module,const char * tagname,int recover)3305 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover)
3306 {
3307 if (!recover) {
3308 switch (err) {
3309 case TIFFReadDirEntryErrCount:
3310 TIFFErrorExt(tif->tif_clientdata, module,
3311 "Incorrect count for \"%s\"",
3312 tagname);
3313 break;
3314 case TIFFReadDirEntryErrType:
3315 TIFFErrorExt(tif->tif_clientdata, module,
3316 "Incompatible type for \"%s\"",
3317 tagname);
3318 break;
3319 case TIFFReadDirEntryErrIo:
3320 TIFFErrorExt(tif->tif_clientdata, module,
3321 "IO error during reading of \"%s\"",
3322 tagname);
3323 break;
3324 case TIFFReadDirEntryErrRange:
3325 TIFFErrorExt(tif->tif_clientdata, module,
3326 "Incorrect value for \"%s\"",
3327 tagname);
3328 break;
3329 case TIFFReadDirEntryErrPsdif:
3330 TIFFErrorExt(tif->tif_clientdata, module,
3331 "Cannot handle different values per sample for \"%s\"",
3332 tagname);
3333 break;
3334 case TIFFReadDirEntryErrSizesan:
3335 TIFFErrorExt(tif->tif_clientdata, module,
3336 "Sanity check on size of \"%s\" value failed",
3337 tagname);
3338 break;
3339 case TIFFReadDirEntryErrAlloc:
3340 TIFFErrorExt(tif->tif_clientdata, module,
3341 "Out of memory reading of \"%s\"",
3342 tagname);
3343 break;
3344 default:
3345 assert(0); /* we should never get here */
3346 break;
3347 }
3348 } else {
3349 switch (err) {
3350 case TIFFReadDirEntryErrCount:
3351 TIFFWarningExt(tif->tif_clientdata, module,
3352 "Incorrect count for \"%s\"; tag ignored",
3353 tagname);
3354 break;
3355 case TIFFReadDirEntryErrType:
3356 TIFFWarningExt(tif->tif_clientdata, module,
3357 "Incompatible type for \"%s\"; tag ignored",
3358 tagname);
3359 break;
3360 case TIFFReadDirEntryErrIo:
3361 TIFFWarningExt(tif->tif_clientdata, module,
3362 "IO error during reading of \"%s\"; tag ignored",
3363 tagname);
3364 break;
3365 case TIFFReadDirEntryErrRange:
3366 TIFFWarningExt(tif->tif_clientdata, module,
3367 "Incorrect value for \"%s\"; tag ignored",
3368 tagname);
3369 break;
3370 case TIFFReadDirEntryErrPsdif:
3371 TIFFWarningExt(tif->tif_clientdata, module,
3372 "Cannot handle different values per sample for \"%s\"; tag ignored",
3373 tagname);
3374 break;
3375 case TIFFReadDirEntryErrSizesan:
3376 TIFFWarningExt(tif->tif_clientdata, module,
3377 "Sanity check on size of \"%s\" value failed; tag ignored",
3378 tagname);
3379 break;
3380 case TIFFReadDirEntryErrAlloc:
3381 TIFFWarningExt(tif->tif_clientdata, module,
3382 "Out of memory reading of \"%s\"; tag ignored",
3383 tagname);
3384 break;
3385 default:
3386 assert(0); /* we should never get here */
3387 break;
3388 }
3389 }
3390 }
3391
3392 /*
3393 * Read the next TIFF directory from a file and convert it to the internal
3394 * format. We read directories sequentially.
3395 */
3396 int
TIFFReadDirectory(TIFF * tif)3397 TIFFReadDirectory(TIFF* tif)
3398 {
3399 static const char module[] = "TIFFReadDirectory";
3400 TIFFDirEntry* dir;
3401 uint16 dircount;
3402 TIFFDirEntry* dp;
3403 uint16 di;
3404 const TIFFField* fip;
3405 uint32 fii=FAILED_FII;
3406 toff_t nextdiroff;
3407 int bitspersample_read = FALSE;
3408
3409 tif->tif_diroff=tif->tif_nextdiroff;
3410 if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
3411 return 0; /* last offset or bad offset (IFD looping) */
3412 (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */
3413 tif->tif_curdir++;
3414 nextdiroff = tif->tif_nextdiroff;
3415 dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff);
3416 if (!dircount)
3417 {
3418 TIFFErrorExt(tif->tif_clientdata,module,
3419 "Failed to read directory at offset " TIFF_UINT64_FORMAT,nextdiroff);
3420 return 0;
3421 }
3422 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
3423
3424 /*
3425 * Mark duplicates of any tag to be ignored (bugzilla 1994)
3426 * to avoid certain pathological problems.
3427 */
3428 {
3429 TIFFDirEntry* ma;
3430 uint16 mb;
3431 for (ma=dir, mb=0; mb<dircount; ma++, mb++)
3432 {
3433 TIFFDirEntry* na;
3434 uint16 nb;
3435 for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++)
3436 {
3437 if (ma->tdir_tag==na->tdir_tag)
3438 na->tdir_tag=IGNORE;
3439 }
3440 }
3441 }
3442
3443 tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */
3444 tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */
3445 /* free any old stuff and reinit */
3446 TIFFFreeDirectory(tif);
3447 TIFFDefaultDirectory(tif);
3448 /*
3449 * Electronic Arts writes gray-scale TIFF files
3450 * without a PlanarConfiguration directory entry.
3451 * Thus we setup a default value here, even though
3452 * the TIFF spec says there is no default value.
3453 */
3454 TIFFSetField(tif,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG);
3455 /*
3456 * Setup default value and then make a pass over
3457 * the fields to check type and tag information,
3458 * and to extract info required to size data
3459 * structures. A second pass is made afterwards
3460 * to read in everthing not taken in the first pass.
3461 * But we must process the Compression tag first
3462 * in order to merge in codec-private tag definitions (otherwise
3463 * we may get complaints about unknown tags). However, the
3464 * Compression tag may be dependent on the SamplesPerPixel
3465 * tag value because older TIFF specs permited Compression
3466 * to be written as a SamplesPerPixel-count tag entry.
3467 * Thus if we don't first figure out the correct SamplesPerPixel
3468 * tag value then we may end up ignoring the Compression tag
3469 * value because it has an incorrect count value (if the
3470 * true value of SamplesPerPixel is not 1).
3471 */
3472 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_SAMPLESPERPIXEL);
3473 if (dp)
3474 {
3475 if (!TIFFFetchNormalTag(tif,dp,0))
3476 goto bad;
3477 dp->tdir_tag=IGNORE;
3478 }
3479 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION);
3480 if (dp)
3481 {
3482 /*
3483 * The 5.0 spec says the Compression tag has one value, while
3484 * earlier specs say it has one value per sample. Because of
3485 * this, we accept the tag if one value is supplied with either
3486 * count.
3487 */
3488 uint16 value;
3489 enum TIFFReadDirEntryErr err;
3490 err=TIFFReadDirEntryShort(tif,dp,&value);
3491 if (err==TIFFReadDirEntryErrCount)
3492 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3493 if (err!=TIFFReadDirEntryErrOk)
3494 {
3495 TIFFReadDirEntryOutputErr(tif,err,module,"Compression",0);
3496 goto bad;
3497 }
3498 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value))
3499 goto bad;
3500 dp->tdir_tag=IGNORE;
3501 }
3502 else
3503 {
3504 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,COMPRESSION_NONE))
3505 goto bad;
3506 }
3507 /*
3508 * First real pass over the directory.
3509 */
3510 for (di=0, dp=dir; di<dircount; di++, dp++)
3511 {
3512 if (dp->tdir_tag!=IGNORE)
3513 {
3514 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3515 if (fii == FAILED_FII)
3516 {
3517 TIFFWarningExt(tif->tif_clientdata, module,
3518 "Unknown field with tag %d (0x%x) encountered",
3519 dp->tdir_tag,dp->tdir_tag);
3520 /* the following knowingly leaks the
3521 anonymous field structure */
3522 if (!_TIFFMergeFields(tif,
3523 _TIFFCreateAnonField(tif,
3524 dp->tdir_tag,
3525 (TIFFDataType) dp->tdir_type),
3526 1)) {
3527 TIFFWarningExt(tif->tif_clientdata,
3528 module,
3529 "Registering anonymous field with tag %d (0x%x) failed",
3530 dp->tdir_tag,
3531 dp->tdir_tag);
3532 dp->tdir_tag=IGNORE;
3533 } else {
3534 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3535 assert(fii != FAILED_FII);
3536 }
3537 }
3538 }
3539 if (dp->tdir_tag!=IGNORE)
3540 {
3541 fip=tif->tif_fields[fii];
3542 if (fip->field_bit==FIELD_IGNORE)
3543 dp->tdir_tag=IGNORE;
3544 else
3545 {
3546 switch (dp->tdir_tag)
3547 {
3548 case TIFFTAG_STRIPOFFSETS:
3549 case TIFFTAG_STRIPBYTECOUNTS:
3550 case TIFFTAG_TILEOFFSETS:
3551 case TIFFTAG_TILEBYTECOUNTS:
3552 TIFFSetFieldBit(tif,fip->field_bit);
3553 break;
3554 case TIFFTAG_IMAGEWIDTH:
3555 case TIFFTAG_IMAGELENGTH:
3556 case TIFFTAG_IMAGEDEPTH:
3557 case TIFFTAG_TILELENGTH:
3558 case TIFFTAG_TILEWIDTH:
3559 case TIFFTAG_TILEDEPTH:
3560 case TIFFTAG_PLANARCONFIG:
3561 case TIFFTAG_ROWSPERSTRIP:
3562 case TIFFTAG_EXTRASAMPLES:
3563 if (!TIFFFetchNormalTag(tif,dp,0))
3564 goto bad;
3565 dp->tdir_tag=IGNORE;
3566 break;
3567 }
3568 }
3569 }
3570 }
3571 /*
3572 * XXX: OJPEG hack.
3573 * If a) compression is OJPEG, b) planarconfig tag says it's separate,
3574 * c) strip offsets/bytecounts tag are both present and
3575 * d) both contain exactly one value, then we consistently find
3576 * that the buggy implementation of the buggy compression scheme
3577 * matches contig planarconfig best. So we 'fix-up' the tag here
3578 */
3579 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&&
3580 (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE))
3581 {
3582 if (!_TIFFFillStriles(tif))
3583 goto bad;
3584 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS);
3585 if ((dp!=0)&&(dp->tdir_count==1))
3586 {
3587 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,
3588 TIFFTAG_STRIPBYTECOUNTS);
3589 if ((dp!=0)&&(dp->tdir_count==1))
3590 {
3591 tif->tif_dir.td_planarconfig=PLANARCONFIG_CONTIG;
3592 TIFFWarningExt(tif->tif_clientdata,module,
3593 "Planarconfig tag value assumed incorrect, "
3594 "assuming data is contig instead of chunky");
3595 }
3596 }
3597 }
3598 /*
3599 * Allocate directory structure and setup defaults.
3600 */
3601 if (!TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS))
3602 {
3603 MissingRequired(tif,"ImageLength");
3604 goto bad;
3605 }
3606 /*
3607 * Setup appropriate structures (by strip or by tile)
3608 */
3609 if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
3610 tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif);
3611 tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth;
3612 tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip;
3613 tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth;
3614 tif->tif_flags &= ~TIFF_ISTILED;
3615 } else {
3616 tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif);
3617 tif->tif_flags |= TIFF_ISTILED;
3618 }
3619 if (!tif->tif_dir.td_nstrips) {
3620 TIFFErrorExt(tif->tif_clientdata, module,
3621 "Cannot handle zero number of %s",
3622 isTiled(tif) ? "tiles" : "strips");
3623 goto bad;
3624 }
3625 tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips;
3626 if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)
3627 tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel;
3628 if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) {
3629 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) &&
3630 (isTiled(tif)==0) &&
3631 (tif->tif_dir.td_nstrips==1)) {
3632 /*
3633 * XXX: OJPEG hack.
3634 * If a) compression is OJPEG, b) it's not a tiled TIFF,
3635 * and c) the number of strips is 1,
3636 * then we tolerate the absence of stripoffsets tag,
3637 * because, presumably, all required data is in the
3638 * JpegInterchangeFormat stream.
3639 */
3640 TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS);
3641 } else {
3642 MissingRequired(tif,
3643 isTiled(tif) ? "TileOffsets" : "StripOffsets");
3644 goto bad;
3645 }
3646 }
3647 /*
3648 * Second pass: extract other information.
3649 */
3650 for (di=0, dp=dir; di<dircount; di++, dp++)
3651 {
3652 switch (dp->tdir_tag)
3653 {
3654 case IGNORE:
3655 break;
3656 case TIFFTAG_MINSAMPLEVALUE:
3657 case TIFFTAG_MAXSAMPLEVALUE:
3658 case TIFFTAG_BITSPERSAMPLE:
3659 case TIFFTAG_DATATYPE:
3660 case TIFFTAG_SAMPLEFORMAT:
3661 /*
3662 * The MinSampleValue, MaxSampleValue, BitsPerSample
3663 * DataType and SampleFormat tags are supposed to be
3664 * written as one value/sample, but some vendors
3665 * incorrectly write one value only -- so we accept
3666 * that as well (yech). Other vendors write correct
3667 * value for NumberOfSamples, but incorrect one for
3668 * BitsPerSample and friends, and we will read this
3669 * too.
3670 */
3671 {
3672 uint16 value;
3673 enum TIFFReadDirEntryErr err;
3674 err=TIFFReadDirEntryShort(tif,dp,&value);
3675 if (err==TIFFReadDirEntryErrCount)
3676 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3677 if (err!=TIFFReadDirEntryErrOk)
3678 {
3679 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3680 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3681 goto bad;
3682 }
3683 if (!TIFFSetField(tif,dp->tdir_tag,value))
3684 goto bad;
3685 if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE )
3686 bitspersample_read = TRUE;
3687 }
3688 break;
3689 case TIFFTAG_SMINSAMPLEVALUE:
3690 case TIFFTAG_SMAXSAMPLEVALUE:
3691 {
3692
3693 double *data;
3694 enum TIFFReadDirEntryErr err;
3695 uint32 saved_flags;
3696 int m;
3697 if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel)
3698 err = TIFFReadDirEntryErrCount;
3699 else
3700 err = TIFFReadDirEntryDoubleArray(tif, dp, &data);
3701 if (err!=TIFFReadDirEntryErrOk)
3702 {
3703 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3704 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3705 goto bad;
3706 }
3707 saved_flags = tif->tif_flags;
3708 tif->tif_flags |= TIFF_PERSAMPLE;
3709 m = TIFFSetField(tif,dp->tdir_tag,data);
3710 tif->tif_flags = saved_flags;
3711 _TIFFfree(data);
3712 if (!m)
3713 goto bad;
3714 }
3715 break;
3716 case TIFFTAG_STRIPOFFSETS:
3717 case TIFFTAG_TILEOFFSETS:
3718 #if defined(DEFER_STRILE_LOAD)
3719 _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry),
3720 dp, sizeof(TIFFDirEntry) );
3721 #else
3722 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset))
3723 goto bad;
3724 #endif
3725 break;
3726 case TIFFTAG_STRIPBYTECOUNTS:
3727 case TIFFTAG_TILEBYTECOUNTS:
3728 #if defined(DEFER_STRILE_LOAD)
3729 _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry),
3730 dp, sizeof(TIFFDirEntry) );
3731 #else
3732 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount))
3733 goto bad;
3734 #endif
3735 break;
3736 case TIFFTAG_COLORMAP:
3737 case TIFFTAG_TRANSFERFUNCTION:
3738 {
3739 enum TIFFReadDirEntryErr err;
3740 uint32 countpersample;
3741 uint32 countrequired;
3742 uint32 incrementpersample;
3743 uint16* value=NULL;
3744 /* It would be dangerous to instanciate those tag values */
3745 /* since if td_bitspersample has not yet been read (due to */
3746 /* unordered tags), it could be read afterwards with a */
3747 /* values greater than the default one (1), which may cause */
3748 /* crashes in user code */
3749 if( !bitspersample_read )
3750 {
3751 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3752 TIFFWarningExt(tif->tif_clientdata,module,
3753 "Ignoring %s since BitsPerSample tag not found",
3754 fip ? fip->field_name : "unknown tagname");
3755 continue;
3756 }
3757 countpersample=(1L<<tif->tif_dir.td_bitspersample);
3758 if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
3759 {
3760 countrequired=countpersample;
3761 incrementpersample=0;
3762 }
3763 else
3764 {
3765 countrequired=3*countpersample;
3766 incrementpersample=countpersample;
3767 }
3768 if (dp->tdir_count!=(uint64)countrequired)
3769 err=TIFFReadDirEntryErrCount;
3770 else
3771 err=TIFFReadDirEntryShortArray(tif,dp,&value);
3772 if (err!=TIFFReadDirEntryErrOk)
3773 {
3774 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3775 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1);
3776 }
3777 else
3778 {
3779 TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample);
3780 _TIFFfree(value);
3781 }
3782 }
3783 break;
3784 /* BEGIN REV 4.0 COMPATIBILITY */
3785 case TIFFTAG_OSUBFILETYPE:
3786 {
3787 uint16 valueo;
3788 uint32 value;
3789 if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk)
3790 {
3791 switch (valueo)
3792 {
3793 case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break;
3794 case OFILETYPE_PAGE: value=FILETYPE_PAGE; break;
3795 default: value=0; break;
3796 }
3797 if (value!=0)
3798 TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value);
3799 }
3800 }
3801 break;
3802 /* END REV 4.0 COMPATIBILITY */
3803 default:
3804 (void) TIFFFetchNormalTag(tif, dp, TRUE);
3805 break;
3806 }
3807 }
3808 /*
3809 * OJPEG hack:
3810 * - If a) compression is OJPEG, and b) photometric tag is missing,
3811 * then we consistently find that photometric should be YCbCr
3812 * - If a) compression is OJPEG, and b) photometric tag says it's RGB,
3813 * then we consistently find that the buggy implementation of the
3814 * buggy compression scheme matches photometric YCbCr instead.
3815 * - If a) compression is OJPEG, and b) bitspersample tag is missing,
3816 * then we consistently find bitspersample should be 8.
3817 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3818 * and c) photometric is RGB or YCbCr, then we consistently find
3819 * samplesperpixel should be 3
3820 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3821 * and c) photometric is MINISWHITE or MINISBLACK, then we consistently
3822 * find samplesperpixel should be 3
3823 */
3824 if (tif->tif_dir.td_compression==COMPRESSION_OJPEG)
3825 {
3826 if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC))
3827 {
3828 TIFFWarningExt(tif->tif_clientdata, module,
3829 "Photometric tag is missing, assuming data is YCbCr");
3830 if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR))
3831 goto bad;
3832 }
3833 else if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
3834 {
3835 tif->tif_dir.td_photometric=PHOTOMETRIC_YCBCR;
3836 TIFFWarningExt(tif->tif_clientdata, module,
3837 "Photometric tag value assumed incorrect, "
3838 "assuming data is YCbCr instead of RGB");
3839 }
3840 if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE))
3841 {
3842 TIFFWarningExt(tif->tif_clientdata,module,
3843 "BitsPerSample tag is missing, assuming 8 bits per sample");
3844 if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8))
3845 goto bad;
3846 }
3847 if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL))
3848 {
3849 if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
3850 {
3851 TIFFWarningExt(tif->tif_clientdata,module,
3852 "SamplesPerPixel tag is missing, "
3853 "assuming correct SamplesPerPixel value is 3");
3854 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
3855 goto bad;
3856 }
3857 if (tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR)
3858 {
3859 TIFFWarningExt(tif->tif_clientdata,module,
3860 "SamplesPerPixel tag is missing, "
3861 "applying correct SamplesPerPixel value of 3");
3862 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
3863 goto bad;
3864 }
3865 else if ((tif->tif_dir.td_photometric==PHOTOMETRIC_MINISWHITE)
3866 || (tif->tif_dir.td_photometric==PHOTOMETRIC_MINISBLACK))
3867 {
3868 /*
3869 * SamplesPerPixel tag is missing, but is not required
3870 * by spec. Assume correct SamplesPerPixel value of 1.
3871 */
3872 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1))
3873 goto bad;
3874 }
3875 }
3876 }
3877 /*
3878 * Verify Palette image has a Colormap.
3879 */
3880 if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE &&
3881 !TIFFFieldSet(tif, FIELD_COLORMAP)) {
3882 if ( tif->tif_dir.td_bitspersample>=8 && tif->tif_dir.td_samplesperpixel==3)
3883 tif->tif_dir.td_photometric = PHOTOMETRIC_RGB;
3884 else if (tif->tif_dir.td_bitspersample>=8)
3885 tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK;
3886 else {
3887 MissingRequired(tif, "Colormap");
3888 goto bad;
3889 }
3890 }
3891 /*
3892 * OJPEG hack:
3893 * We do no further messing with strip/tile offsets/bytecounts in OJPEG
3894 * TIFFs
3895 */
3896 if (tif->tif_dir.td_compression!=COMPRESSION_OJPEG)
3897 {
3898 /*
3899 * Attempt to deal with a missing StripByteCounts tag.
3900 */
3901 if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) {
3902 /*
3903 * Some manufacturers violate the spec by not giving
3904 * the size of the strips. In this case, assume there
3905 * is one uncompressed strip of data.
3906 */
3907 if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG &&
3908 tif->tif_dir.td_nstrips > 1) ||
3909 (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE &&
3910 tif->tif_dir.td_nstrips != (uint32)tif->tif_dir.td_samplesperpixel)) {
3911 MissingRequired(tif, "StripByteCounts");
3912 goto bad;
3913 }
3914 TIFFWarningExt(tif->tif_clientdata, module,
3915 "TIFF directory is missing required "
3916 "\"StripByteCounts\" field, calculating from imagelength");
3917 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
3918 goto bad;
3919 /*
3920 * Assume we have wrong StripByteCount value (in case
3921 * of single strip) in following cases:
3922 * - it is equal to zero along with StripOffset;
3923 * - it is larger than file itself (in case of uncompressed
3924 * image);
3925 * - it is smaller than the size of the bytes per row
3926 * multiplied on the number of rows. The last case should
3927 * not be checked in the case of writing new image,
3928 * because we may do not know the exact strip size
3929 * until the whole image will be written and directory
3930 * dumped out.
3931 */
3932 #define BYTECOUNTLOOKSBAD \
3933 ( (tif->tif_dir.td_stripbytecount[0] == 0 && tif->tif_dir.td_stripoffset[0] != 0) || \
3934 (tif->tif_dir.td_compression == COMPRESSION_NONE && \
3935 tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) || \
3936 (tif->tif_mode == O_RDONLY && \
3937 tif->tif_dir.td_compression == COMPRESSION_NONE && \
3938 tif->tif_dir.td_stripbytecount[0] < TIFFScanlineSize64(tif) * tif->tif_dir.td_imagelength) )
3939
3940 } else if (tif->tif_dir.td_nstrips == 1
3941 && _TIFFFillStriles(tif)
3942 && tif->tif_dir.td_stripoffset[0] != 0
3943 && BYTECOUNTLOOKSBAD) {
3944 /*
3945 * XXX: Plexus (and others) sometimes give a value of
3946 * zero for a tag when they don't know what the
3947 * correct value is! Try and handle the simple case
3948 * of estimating the size of a one strip image.
3949 */
3950 TIFFWarningExt(tif->tif_clientdata, module,
3951 "Bogus \"StripByteCounts\" field, ignoring and calculating from imagelength");
3952 if(EstimateStripByteCounts(tif, dir, dircount) < 0)
3953 goto bad;
3954
3955 #if !defined(DEFER_STRILE_LOAD)
3956 } else if (tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG
3957 && tif->tif_dir.td_nstrips > 2
3958 && tif->tif_dir.td_compression == COMPRESSION_NONE
3959 && tif->tif_dir.td_stripbytecount[0] != tif->tif_dir.td_stripbytecount[1]
3960 && tif->tif_dir.td_stripbytecount[0] != 0
3961 && tif->tif_dir.td_stripbytecount[1] != 0 ) {
3962 /*
3963 * XXX: Some vendors fill StripByteCount array with
3964 * absolutely wrong values (it can be equal to
3965 * StripOffset array, for example). Catch this case
3966 * here.
3967 *
3968 * We avoid this check if deferring strile loading
3969 * as it would always force us to load the strip/tile
3970 * information.
3971 */
3972 TIFFWarningExt(tif->tif_clientdata, module,
3973 "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength");
3974 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
3975 goto bad;
3976 #endif /* !defined(DEFER_STRILE_LOAD) */
3977 }
3978 }
3979 if (dir)
3980 {
3981 _TIFFfree(dir);
3982 dir=NULL;
3983 }
3984 if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE))
3985 {
3986 if (tif->tif_dir.td_bitspersample>=16)
3987 tif->tif_dir.td_maxsamplevalue=0xFFFF;
3988 else
3989 tif->tif_dir.td_maxsamplevalue = (uint16)((1L<<tif->tif_dir.td_bitspersample)-1);
3990 }
3991 /*
3992 * XXX: We can optimize checking for the strip bounds using the sorted
3993 * bytecounts array. See also comments for TIFFAppendToStrip()
3994 * function in tif_write.c.
3995 */
3996 #if !defined(DEFER_STRILE_LOAD)
3997 if (tif->tif_dir.td_nstrips > 1) {
3998 uint32 strip;
3999
4000 tif->tif_dir.td_stripbytecountsorted = 1;
4001 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
4002 if (tif->tif_dir.td_stripoffset[strip - 1] >
4003 tif->tif_dir.td_stripoffset[strip]) {
4004 tif->tif_dir.td_stripbytecountsorted = 0;
4005 break;
4006 }
4007 }
4008 }
4009 #endif /* !defined(DEFER_STRILE_LOAD) */
4010
4011 /*
4012 * An opportunity for compression mode dependent tag fixup
4013 */
4014 (*tif->tif_fixuptags)(tif);
4015
4016 /*
4017 * Some manufacturers make life difficult by writing
4018 * large amounts of uncompressed data as a single strip.
4019 * This is contrary to the recommendations of the spec.
4020 * The following makes an attempt at breaking such images
4021 * into strips closer to the recommended 8k bytes. A
4022 * side effect, however, is that the RowsPerStrip tag
4023 * value may be changed.
4024 */
4025 if ((tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&&
4026 (tif->tif_dir.td_nstrips==1)&&
4027 (tif->tif_dir.td_compression==COMPRESSION_NONE)&&
4028 ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP))
4029 {
4030 if ( !_TIFFFillStriles(tif) || !tif->tif_dir.td_stripbytecount )
4031 return 0;
4032 ChopUpSingleUncompressedStrip(tif);
4033 }
4034
4035 /*
4036 * Clear the dirty directory flag.
4037 */
4038 tif->tif_flags &= ~TIFF_DIRTYDIRECT;
4039 tif->tif_flags &= ~TIFF_DIRTYSTRIP;
4040
4041 /*
4042 * Reinitialize i/o since we are starting on a new directory.
4043 */
4044 tif->tif_row = (uint32) -1;
4045 tif->tif_curstrip = (uint32) -1;
4046 tif->tif_col = (uint32) -1;
4047 tif->tif_curtile = (uint32) -1;
4048 tif->tif_tilesize = (tmsize_t) -1;
4049
4050 tif->tif_scanlinesize = TIFFScanlineSize(tif);
4051 if (!tif->tif_scanlinesize) {
4052 TIFFErrorExt(tif->tif_clientdata, module,
4053 "Cannot handle zero scanline size");
4054 return (0);
4055 }
4056
4057 if (isTiled(tif)) {
4058 tif->tif_tilesize = TIFFTileSize(tif);
4059 if (!tif->tif_tilesize) {
4060 TIFFErrorExt(tif->tif_clientdata, module,
4061 "Cannot handle zero tile size");
4062 return (0);
4063 }
4064 } else {
4065 if (!TIFFStripSize(tif)) {
4066 TIFFErrorExt(tif->tif_clientdata, module,
4067 "Cannot handle zero strip size");
4068 return (0);
4069 }
4070 }
4071 return (1);
4072 bad:
4073 if (dir)
4074 _TIFFfree(dir);
4075 return (0);
4076 }
4077
4078 static void
TIFFReadDirectoryCheckOrder(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4079 TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4080 {
4081 static const char module[] = "TIFFReadDirectoryCheckOrder";
4082 uint16 m;
4083 uint16 n;
4084 TIFFDirEntry* o;
4085 m=0;
4086 for (n=0, o=dir; n<dircount; n++, o++)
4087 {
4088 if (o->tdir_tag<m)
4089 {
4090 TIFFWarningExt(tif->tif_clientdata,module,
4091 "Invalid TIFF directory; tags are not sorted in ascending order");
4092 break;
4093 }
4094 m=o->tdir_tag+1;
4095 }
4096 }
4097
4098 static TIFFDirEntry*
TIFFReadDirectoryFindEntry(TIFF * tif,TIFFDirEntry * dir,uint16 dircount,uint16 tagid)4099 TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid)
4100 {
4101 TIFFDirEntry* m;
4102 uint16 n;
4103 (void) tif;
4104 for (m=dir, n=0; n<dircount; m++, n++)
4105 {
4106 if (m->tdir_tag==tagid)
4107 return(m);
4108 }
4109 return(0);
4110 }
4111
4112 static void
TIFFReadDirectoryFindFieldInfo(TIFF * tif,uint16 tagid,uint32 * fii)4113 TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii)
4114 {
4115 int32 ma,mb,mc;
4116 ma=-1;
4117 mc=(int32)tif->tif_nfields;
4118 while (1)
4119 {
4120 if (ma+1==mc)
4121 {
4122 *fii = FAILED_FII;
4123 return;
4124 }
4125 mb=(ma+mc)/2;
4126 if (tif->tif_fields[mb]->field_tag==(uint32)tagid)
4127 break;
4128 if (tif->tif_fields[mb]->field_tag<(uint32)tagid)
4129 ma=mb;
4130 else
4131 mc=mb;
4132 }
4133 while (1)
4134 {
4135 if (mb==0)
4136 break;
4137 if (tif->tif_fields[mb-1]->field_tag!=(uint32)tagid)
4138 break;
4139 mb--;
4140 }
4141 *fii=mb;
4142 }
4143
4144 /*
4145 * Read custom directory from the arbitarry offset.
4146 * The code is very similar to TIFFReadDirectory().
4147 */
4148 int
TIFFReadCustomDirectory(TIFF * tif,toff_t diroff,const TIFFFieldArray * infoarray)4149 TIFFReadCustomDirectory(TIFF* tif, toff_t diroff,
4150 const TIFFFieldArray* infoarray)
4151 {
4152 static const char module[] = "TIFFReadCustomDirectory";
4153 TIFFDirEntry* dir;
4154 uint16 dircount;
4155 TIFFDirEntry* dp;
4156 uint16 di;
4157 const TIFFField* fip;
4158 uint32 fii;
4159 _TIFFSetupFields(tif, infoarray);
4160 dircount=TIFFFetchDirectory(tif,diroff,&dir,NULL);
4161 if (!dircount)
4162 {
4163 TIFFErrorExt(tif->tif_clientdata,module,
4164 "Failed to read custom directory at offset " TIFF_UINT64_FORMAT,diroff);
4165 return 0;
4166 }
4167 TIFFFreeDirectory(tif);
4168 _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory));
4169 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
4170 for (di=0, dp=dir; di<dircount; di++, dp++)
4171 {
4172 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4173 if (fii == FAILED_FII)
4174 {
4175 TIFFWarningExt(tif->tif_clientdata, module,
4176 "Unknown field with tag %d (0x%x) encountered",
4177 dp->tdir_tag, dp->tdir_tag);
4178 if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif,
4179 dp->tdir_tag,
4180 (TIFFDataType) dp->tdir_type),
4181 1)) {
4182 TIFFWarningExt(tif->tif_clientdata, module,
4183 "Registering anonymous field with tag %d (0x%x) failed",
4184 dp->tdir_tag, dp->tdir_tag);
4185 dp->tdir_tag=IGNORE;
4186 } else {
4187 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4188 assert( fii != FAILED_FII );
4189 }
4190 }
4191 if (dp->tdir_tag!=IGNORE)
4192 {
4193 fip=tif->tif_fields[fii];
4194 if (fip->field_bit==FIELD_IGNORE)
4195 dp->tdir_tag=IGNORE;
4196 else
4197 {
4198 /* check data type */
4199 while ((fip->field_type!=TIFF_ANY)&&(fip->field_type!=dp->tdir_type))
4200 {
4201 fii++;
4202 if ((fii==tif->tif_nfields)||
4203 (tif->tif_fields[fii]->field_tag!=(uint32)dp->tdir_tag))
4204 {
4205 fii=0xFFFF;
4206 break;
4207 }
4208 fip=tif->tif_fields[fii];
4209 }
4210 if (fii==0xFFFF)
4211 {
4212 TIFFWarningExt(tif->tif_clientdata, module,
4213 "Wrong data type %d for \"%s\"; tag ignored",
4214 dp->tdir_type,fip->field_name);
4215 dp->tdir_tag=IGNORE;
4216 }
4217 else
4218 {
4219 /* check count if known in advance */
4220 if ((fip->field_readcount!=TIFF_VARIABLE)&&
4221 (fip->field_readcount!=TIFF_VARIABLE2))
4222 {
4223 uint32 expected;
4224 if (fip->field_readcount==TIFF_SPP)
4225 expected=(uint32)tif->tif_dir.td_samplesperpixel;
4226 else
4227 expected=(uint32)fip->field_readcount;
4228 if (!CheckDirCount(tif,dp,expected))
4229 dp->tdir_tag=IGNORE;
4230 }
4231 }
4232 }
4233 switch (dp->tdir_tag)
4234 {
4235 case IGNORE:
4236 break;
4237 case EXIFTAG_SUBJECTDISTANCE:
4238 (void) TIFFFetchSubjectDistance(tif,dp);
4239 break;
4240 default:
4241 (void) TIFFFetchNormalTag(tif, dp, TRUE);
4242 break;
4243 }
4244 }
4245 }
4246 if (dir)
4247 _TIFFfree(dir);
4248 return 1;
4249 }
4250
4251 /*
4252 * EXIF is important special case of custom IFD, so we have a special
4253 * function to read it.
4254 */
4255 int
TIFFReadEXIFDirectory(TIFF * tif,toff_t diroff)4256 TIFFReadEXIFDirectory(TIFF* tif, toff_t diroff)
4257 {
4258 const TIFFFieldArray* exifFieldArray;
4259 exifFieldArray = _TIFFGetExifFields();
4260 return TIFFReadCustomDirectory(tif, diroff, exifFieldArray);
4261 }
4262
4263 static int
EstimateStripByteCounts(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4264 EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4265 {
4266 static const char module[] = "EstimateStripByteCounts";
4267
4268 TIFFDirEntry *dp;
4269 TIFFDirectory *td = &tif->tif_dir;
4270 uint32 strip;
4271
4272 if( !_TIFFFillStriles( tif ) )
4273 return -1;
4274
4275 if (td->td_stripbytecount)
4276 _TIFFfree(td->td_stripbytecount);
4277 td->td_stripbytecount = (uint64*)
4278 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
4279 "for \"StripByteCounts\" array");
4280 if( td->td_stripbytecount == NULL )
4281 return -1;
4282
4283 if (td->td_compression != COMPRESSION_NONE) {
4284 uint64 space;
4285 uint64 filesize;
4286 uint16 n;
4287 filesize = TIFFGetFileSize(tif);
4288 if (!(tif->tif_flags&TIFF_BIGTIFF))
4289 space=sizeof(TIFFHeaderClassic)+2+dircount*12+4;
4290 else
4291 space=sizeof(TIFFHeaderBig)+8+dircount*20+8;
4292 /* calculate amount of space used by indirect values */
4293 for (dp = dir, n = dircount; n > 0; n--, dp++)
4294 {
4295 uint32 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4296 uint64 datasize;
4297 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4298 if (typewidth == 0) {
4299 TIFFErrorExt(tif->tif_clientdata, module,
4300 "Cannot determine size of unknown tag type %d",
4301 dp->tdir_type);
4302 return -1;
4303 }
4304 datasize=(uint64)typewidth*dp->tdir_count;
4305 if (!(tif->tif_flags&TIFF_BIGTIFF))
4306 {
4307 if (datasize<=4)
4308 datasize=0;
4309 }
4310 else
4311 {
4312 if (datasize<=8)
4313 datasize=0;
4314 }
4315 space+=datasize;
4316 }
4317 space = filesize - space;
4318 if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
4319 space /= td->td_samplesperpixel;
4320 for (strip = 0; strip < td->td_nstrips; strip++)
4321 td->td_stripbytecount[strip] = space;
4322 /*
4323 * This gross hack handles the case were the offset to
4324 * the last strip is past the place where we think the strip
4325 * should begin. Since a strip of data must be contiguous,
4326 * it's safe to assume that we've overestimated the amount
4327 * of data in the strip and trim this number back accordingly.
4328 */
4329 strip--;
4330 if (td->td_stripoffset[strip]+td->td_stripbytecount[strip] > filesize)
4331 td->td_stripbytecount[strip] = filesize - td->td_stripoffset[strip];
4332 } else if (isTiled(tif)) {
4333 uint64 bytespertile = TIFFTileSize64(tif);
4334
4335 for (strip = 0; strip < td->td_nstrips; strip++)
4336 td->td_stripbytecount[strip] = bytespertile;
4337 } else {
4338 uint64 rowbytes = TIFFScanlineSize64(tif);
4339 uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage;
4340 for (strip = 0; strip < td->td_nstrips; strip++)
4341 td->td_stripbytecount[strip] = rowbytes * rowsperstrip;
4342 }
4343 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS);
4344 if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP))
4345 td->td_rowsperstrip = td->td_imagelength;
4346 return 1;
4347 }
4348
4349 static void
MissingRequired(TIFF * tif,const char * tagname)4350 MissingRequired(TIFF* tif, const char* tagname)
4351 {
4352 static const char module[] = "MissingRequired";
4353
4354 TIFFErrorExt(tif->tif_clientdata, module,
4355 "TIFF directory is missing required \"%s\" field",
4356 tagname);
4357 }
4358
4359 /*
4360 * Check the directory offset against the list of already seen directory
4361 * offsets. This is a trick to prevent IFD looping. The one can create TIFF
4362 * file with looped directory pointers. We will maintain a list of already
4363 * seen directories and check every IFD offset against that list.
4364 */
4365 static int
TIFFCheckDirOffset(TIFF * tif,uint64 diroff)4366 TIFFCheckDirOffset(TIFF* tif, uint64 diroff)
4367 {
4368 uint16 n;
4369
4370 if (diroff == 0) /* no more directories */
4371 return 0;
4372 if (tif->tif_dirnumber == 65535) {
4373 TIFFErrorExt(tif->tif_clientdata, "TIFFCheckDirOffset",
4374 "Cannot handle more than 65535 TIFF directories");
4375 return 0;
4376 }
4377
4378 for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) {
4379 if (tif->tif_dirlist[n] == diroff)
4380 return 0;
4381 }
4382
4383 tif->tif_dirnumber++;
4384
4385 if (tif->tif_dirnumber > tif->tif_dirlistsize) {
4386 uint64* new_dirlist;
4387
4388 /*
4389 * XXX: Reduce memory allocation granularity of the dirlist
4390 * array.
4391 */
4392 new_dirlist = (uint64*)_TIFFCheckRealloc(tif, tif->tif_dirlist,
4393 tif->tif_dirnumber, 2 * sizeof(uint64), "for IFD list");
4394 if (!new_dirlist)
4395 return 0;
4396 if( tif->tif_dirnumber >= 32768 )
4397 tif->tif_dirlistsize = 65535;
4398 else
4399 tif->tif_dirlistsize = 2 * tif->tif_dirnumber;
4400 tif->tif_dirlist = new_dirlist;
4401 }
4402
4403 tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff;
4404
4405 return 1;
4406 }
4407
4408 /*
4409 * Check the count field of a directory entry against a known value. The
4410 * caller is expected to skip/ignore the tag if there is a mismatch.
4411 */
4412 static int
CheckDirCount(TIFF * tif,TIFFDirEntry * dir,uint32 count)4413 CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count)
4414 {
4415 if ((uint64)count > dir->tdir_count) {
4416 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4417 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4418 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag ignored",
4419 fip ? fip->field_name : "unknown tagname",
4420 dir->tdir_count, count);
4421 return (0);
4422 } else if ((uint64)count < dir->tdir_count) {
4423 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4424 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4425 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag trimmed",
4426 fip ? fip->field_name : "unknown tagname",
4427 dir->tdir_count, count);
4428 dir->tdir_count = count;
4429 return (1);
4430 }
4431 return (1);
4432 }
4433
4434 /*
4435 * Read IFD structure from the specified offset. If the pointer to
4436 * nextdiroff variable has been specified, read it too. Function returns a
4437 * number of fields in the directory or 0 if failed.
4438 */
4439 static uint16
TIFFFetchDirectory(TIFF * tif,uint64 diroff,TIFFDirEntry ** pdir,uint64 * nextdiroff)4440 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
4441 uint64 *nextdiroff)
4442 {
4443 static const char module[] = "TIFFFetchDirectory";
4444
4445 void* origdir;
4446 uint16 dircount16;
4447 uint32 dirsize;
4448 TIFFDirEntry* dir;
4449 uint8* ma;
4450 TIFFDirEntry* mb;
4451 uint16 n;
4452
4453 assert(pdir);
4454
4455 tif->tif_diroff = diroff;
4456 if (nextdiroff)
4457 *nextdiroff = 0;
4458 if (!isMapped(tif)) {
4459 if (!SeekOK(tif, tif->tif_diroff)) {
4460 TIFFErrorExt(tif->tif_clientdata, module,
4461 "%s: Seek error accessing TIFF directory",
4462 tif->tif_name);
4463 return 0;
4464 }
4465 if (!(tif->tif_flags&TIFF_BIGTIFF))
4466 {
4467 if (!ReadOK(tif, &dircount16, sizeof (uint16))) {
4468 TIFFErrorExt(tif->tif_clientdata, module,
4469 "%s: Can not read TIFF directory count",
4470 tif->tif_name);
4471 return 0;
4472 }
4473 if (tif->tif_flags & TIFF_SWAB)
4474 TIFFSwabShort(&dircount16);
4475 if (dircount16>4096)
4476 {
4477 TIFFErrorExt(tif->tif_clientdata, module,
4478 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4479 return 0;
4480 }
4481 dirsize = 12;
4482 } else {
4483 uint64 dircount64;
4484 if (!ReadOK(tif, &dircount64, sizeof (uint64))) {
4485 TIFFErrorExt(tif->tif_clientdata, module,
4486 "%s: Can not read TIFF directory count",
4487 tif->tif_name);
4488 return 0;
4489 }
4490 if (tif->tif_flags & TIFF_SWAB)
4491 TIFFSwabLong8(&dircount64);
4492 if (dircount64>4096)
4493 {
4494 TIFFErrorExt(tif->tif_clientdata, module,
4495 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4496 return 0;
4497 }
4498 dircount16 = (uint16)dircount64;
4499 dirsize = 20;
4500 }
4501 origdir = _TIFFCheckMalloc(tif, dircount16,
4502 dirsize, "to read TIFF directory");
4503 if (origdir == NULL)
4504 return 0;
4505 if (!ReadOK(tif, origdir, (tmsize_t)(dircount16*dirsize))) {
4506 TIFFErrorExt(tif->tif_clientdata, module,
4507 "%.100s: Can not read TIFF directory",
4508 tif->tif_name);
4509 _TIFFfree(origdir);
4510 return 0;
4511 }
4512 /*
4513 * Read offset to next directory for sequential scans if
4514 * needed.
4515 */
4516 if (nextdiroff)
4517 {
4518 if (!(tif->tif_flags&TIFF_BIGTIFF))
4519 {
4520 uint32 nextdiroff32;
4521 if (!ReadOK(tif, &nextdiroff32, sizeof(uint32)))
4522 nextdiroff32 = 0;
4523 if (tif->tif_flags&TIFF_SWAB)
4524 TIFFSwabLong(&nextdiroff32);
4525 *nextdiroff=nextdiroff32;
4526 } else {
4527 if (!ReadOK(tif, nextdiroff, sizeof(uint64)))
4528 *nextdiroff = 0;
4529 if (tif->tif_flags&TIFF_SWAB)
4530 TIFFSwabLong8(nextdiroff);
4531 }
4532 }
4533 } else {
4534 tmsize_t m;
4535 tmsize_t off = (tmsize_t) tif->tif_diroff;
4536 if ((uint64)off!=tif->tif_diroff)
4537 {
4538 TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count");
4539 return(0);
4540 }
4541
4542 /*
4543 * Check for integer overflow when validating the dir_off,
4544 * otherwise a very high offset may cause an OOB read and
4545 * crash the client. Make two comparisons instead of
4546 *
4547 * off + sizeof(uint16) > tif->tif_size
4548 *
4549 * to avoid overflow.
4550 */
4551 if (!(tif->tif_flags&TIFF_BIGTIFF))
4552 {
4553 m=off+sizeof(uint16);
4554 if ((m<off)||(m<(tmsize_t)sizeof(uint16))||(m>tif->tif_size)) {
4555 TIFFErrorExt(tif->tif_clientdata, module,
4556 "Can not read TIFF directory count");
4557 return 0;
4558 } else {
4559 _TIFFmemcpy(&dircount16, tif->tif_base + off,
4560 sizeof(uint16));
4561 }
4562 off += sizeof (uint16);
4563 if (tif->tif_flags & TIFF_SWAB)
4564 TIFFSwabShort(&dircount16);
4565 if (dircount16>4096)
4566 {
4567 TIFFErrorExt(tif->tif_clientdata, module,
4568 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4569 return 0;
4570 }
4571 dirsize = 12;
4572 }
4573 else
4574 {
4575 tmsize_t m;
4576 uint64 dircount64;
4577 m=off+sizeof(uint64);
4578 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size)) {
4579 TIFFErrorExt(tif->tif_clientdata, module,
4580 "Can not read TIFF directory count");
4581 return 0;
4582 } else {
4583 _TIFFmemcpy(&dircount64, tif->tif_base + off,
4584 sizeof(uint64));
4585 }
4586 off += sizeof (uint64);
4587 if (tif->tif_flags & TIFF_SWAB)
4588 TIFFSwabLong8(&dircount64);
4589 if (dircount64>4096)
4590 {
4591 TIFFErrorExt(tif->tif_clientdata, module,
4592 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4593 return 0;
4594 }
4595 dircount16 = (uint16)dircount64;
4596 dirsize = 20;
4597 }
4598 if (dircount16 == 0 )
4599 {
4600 TIFFErrorExt(tif->tif_clientdata, module,
4601 "Sanity check on directory count failed, zero tag directories not supported");
4602 return 0;
4603 }
4604 origdir = _TIFFCheckMalloc(tif, dircount16,
4605 dirsize,
4606 "to read TIFF directory");
4607 if (origdir == NULL)
4608 return 0;
4609 m=off+dircount16*dirsize;
4610 if ((m<off)||(m<(tmsize_t)(dircount16*dirsize))||(m>tif->tif_size)) {
4611 TIFFErrorExt(tif->tif_clientdata, module,
4612 "Can not read TIFF directory");
4613 _TIFFfree(origdir);
4614 return 0;
4615 } else {
4616 _TIFFmemcpy(origdir, tif->tif_base + off,
4617 dircount16 * dirsize);
4618 }
4619 if (nextdiroff) {
4620 off += dircount16 * dirsize;
4621 if (!(tif->tif_flags&TIFF_BIGTIFF))
4622 {
4623 uint32 nextdiroff32;
4624 m=off+sizeof(uint32);
4625 if ((m<off)||(m<(tmsize_t)sizeof(uint32))||(m>tif->tif_size))
4626 nextdiroff32 = 0;
4627 else
4628 _TIFFmemcpy(&nextdiroff32, tif->tif_base + off,
4629 sizeof (uint32));
4630 if (tif->tif_flags&TIFF_SWAB)
4631 TIFFSwabLong(&nextdiroff32);
4632 *nextdiroff = nextdiroff32;
4633 }
4634 else
4635 {
4636 m=off+sizeof(uint64);
4637 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size))
4638 *nextdiroff = 0;
4639 else
4640 _TIFFmemcpy(nextdiroff, tif->tif_base + off,
4641 sizeof (uint64));
4642 if (tif->tif_flags&TIFF_SWAB)
4643 TIFFSwabLong8(nextdiroff);
4644 }
4645 }
4646 }
4647 dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16,
4648 sizeof(TIFFDirEntry),
4649 "to read TIFF directory");
4650 if (dir==0)
4651 {
4652 _TIFFfree(origdir);
4653 return 0;
4654 }
4655 ma=(uint8*)origdir;
4656 mb=dir;
4657 for (n=0; n<dircount16; n++)
4658 {
4659 if (tif->tif_flags&TIFF_SWAB)
4660 TIFFSwabShort((uint16*)ma);
4661 mb->tdir_tag=*(uint16*)ma;
4662 ma+=sizeof(uint16);
4663 if (tif->tif_flags&TIFF_SWAB)
4664 TIFFSwabShort((uint16*)ma);
4665 mb->tdir_type=*(uint16*)ma;
4666 ma+=sizeof(uint16);
4667 if (!(tif->tif_flags&TIFF_BIGTIFF))
4668 {
4669 if (tif->tif_flags&TIFF_SWAB)
4670 TIFFSwabLong((uint32*)ma);
4671 mb->tdir_count=(uint64)(*(uint32*)ma);
4672 ma+=sizeof(uint32);
4673 *(uint32*)(&mb->tdir_offset)=*(uint32*)ma;
4674 ma+=sizeof(uint32);
4675 }
4676 else
4677 {
4678 if (tif->tif_flags&TIFF_SWAB)
4679 TIFFSwabLong8((uint64*)ma);
4680 mb->tdir_count=TIFFReadUInt64(ma);
4681 ma+=sizeof(uint64);
4682 mb->tdir_offset.toff_long8=TIFFReadUInt64(ma);
4683 ma+=sizeof(uint64);
4684 }
4685 mb++;
4686 }
4687 _TIFFfree(origdir);
4688 *pdir = dir;
4689 return dircount16;
4690 }
4691
4692 /*
4693 * Fetch a tag that is not handled by special case code.
4694 */
4695 static int
TIFFFetchNormalTag(TIFF * tif,TIFFDirEntry * dp,int recover)4696 TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
4697 {
4698 static const char module[] = "TIFFFetchNormalTag";
4699 enum TIFFReadDirEntryErr err;
4700 uint32 fii;
4701 const TIFFField* fip = NULL;
4702 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4703 if( fii == FAILED_FII )
4704 {
4705 TIFFErrorExt(tif->tif_clientdata, "TIFFFetchNormalTag",
4706 "No definition found for tag %d",
4707 dp->tdir_tag);
4708 return 0;
4709 }
4710 fip=tif->tif_fields[fii];
4711 assert(fip != NULL); /* should not happen */
4712 assert(fip->set_field_type!=TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with this in specialized code */
4713 assert(fip->set_field_type!=TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only the case for pseudo-tags */
4714 err=TIFFReadDirEntryErrOk;
4715 switch (fip->set_field_type)
4716 {
4717 case TIFF_SETGET_UNDEFINED:
4718 break;
4719 case TIFF_SETGET_ASCII:
4720 {
4721 uint8* data;
4722 assert(fip->field_passcount==0);
4723 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4724 if (err==TIFFReadDirEntryErrOk)
4725 {
4726 uint8* ma;
4727 uint32 mb;
4728 int n;
4729 ma=data;
4730 mb=0;
4731 while (mb<(uint32)dp->tdir_count)
4732 {
4733 if (*ma==0)
4734 break;
4735 ma++;
4736 mb++;
4737 }
4738 if (mb+1<(uint32)dp->tdir_count)
4739 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" contains null byte in value; value incorrectly truncated during reading due to implementation limitations",fip->field_name);
4740 else if (mb+1>(uint32)dp->tdir_count)
4741 {
4742 uint8* o;
4743 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte",fip->field_name);
4744 if ((uint32)dp->tdir_count+1!=dp->tdir_count+1)
4745 o=NULL;
4746 else
4747 o=_TIFFmalloc((uint32)dp->tdir_count+1);
4748 if (o==NULL)
4749 {
4750 if (data!=NULL)
4751 _TIFFfree(data);
4752 return(0);
4753 }
4754 _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
4755 o[(uint32)dp->tdir_count]=0;
4756 if (data!=0)
4757 _TIFFfree(data);
4758 data=o;
4759 }
4760 n=TIFFSetField(tif,dp->tdir_tag,data);
4761 if (data!=0)
4762 _TIFFfree(data);
4763 if (!n)
4764 return(0);
4765 }
4766 }
4767 break;
4768 case TIFF_SETGET_UINT8:
4769 {
4770 uint8 data=0;
4771 assert(fip->field_readcount==1);
4772 assert(fip->field_passcount==0);
4773 err=TIFFReadDirEntryByte(tif,dp,&data);
4774 if (err==TIFFReadDirEntryErrOk)
4775 {
4776 if (!TIFFSetField(tif,dp->tdir_tag,data))
4777 return(0);
4778 }
4779 }
4780 break;
4781 case TIFF_SETGET_UINT16:
4782 {
4783 uint16 data;
4784 assert(fip->field_readcount==1);
4785 assert(fip->field_passcount==0);
4786 err=TIFFReadDirEntryShort(tif,dp,&data);
4787 if (err==TIFFReadDirEntryErrOk)
4788 {
4789 if (!TIFFSetField(tif,dp->tdir_tag,data))
4790 return(0);
4791 }
4792 }
4793 break;
4794 case TIFF_SETGET_UINT32:
4795 {
4796 uint32 data;
4797 assert(fip->field_readcount==1);
4798 assert(fip->field_passcount==0);
4799 err=TIFFReadDirEntryLong(tif,dp,&data);
4800 if (err==TIFFReadDirEntryErrOk)
4801 {
4802 if (!TIFFSetField(tif,dp->tdir_tag,data))
4803 return(0);
4804 }
4805 }
4806 break;
4807 case TIFF_SETGET_UINT64:
4808 {
4809 uint64 data;
4810 assert(fip->field_readcount==1);
4811 assert(fip->field_passcount==0);
4812 err=TIFFReadDirEntryLong8(tif,dp,&data);
4813 if (err==TIFFReadDirEntryErrOk)
4814 {
4815 if (!TIFFSetField(tif,dp->tdir_tag,data))
4816 return(0);
4817 }
4818 }
4819 break;
4820 case TIFF_SETGET_FLOAT:
4821 {
4822 float data;
4823 assert(fip->field_readcount==1);
4824 assert(fip->field_passcount==0);
4825 err=TIFFReadDirEntryFloat(tif,dp,&data);
4826 if (err==TIFFReadDirEntryErrOk)
4827 {
4828 if (!TIFFSetField(tif,dp->tdir_tag,data))
4829 return(0);
4830 }
4831 }
4832 break;
4833 case TIFF_SETGET_DOUBLE:
4834 {
4835 double data;
4836 assert(fip->field_readcount==1);
4837 assert(fip->field_passcount==0);
4838 err=TIFFReadDirEntryDouble(tif,dp,&data);
4839 if (err==TIFFReadDirEntryErrOk)
4840 {
4841 if (!TIFFSetField(tif,dp->tdir_tag,data))
4842 return(0);
4843 }
4844 }
4845 break;
4846 case TIFF_SETGET_IFD8:
4847 {
4848 uint64 data;
4849 assert(fip->field_readcount==1);
4850 assert(fip->field_passcount==0);
4851 err=TIFFReadDirEntryIfd8(tif,dp,&data);
4852 if (err==TIFFReadDirEntryErrOk)
4853 {
4854 if (!TIFFSetField(tif,dp->tdir_tag,data))
4855 return(0);
4856 }
4857 }
4858 break;
4859 case TIFF_SETGET_UINT16_PAIR:
4860 {
4861 uint16* data;
4862 assert(fip->field_readcount==2);
4863 assert(fip->field_passcount==0);
4864 if (dp->tdir_count!=2) {
4865 TIFFWarningExt(tif->tif_clientdata,module,
4866 "incorrect count for field \"%s\", expected 2, got %d",
4867 fip->field_name,(int)dp->tdir_count);
4868 return(0);
4869 }
4870 err=TIFFReadDirEntryShortArray(tif,dp,&data);
4871 if (err==TIFFReadDirEntryErrOk)
4872 {
4873 int m;
4874 m=TIFFSetField(tif,dp->tdir_tag,data[0],data[1]);
4875 _TIFFfree(data);
4876 if (!m)
4877 return(0);
4878 }
4879 }
4880 break;
4881 case TIFF_SETGET_C0_UINT8:
4882 {
4883 uint8* data;
4884 assert(fip->field_readcount>=1);
4885 assert(fip->field_passcount==0);
4886 if (dp->tdir_count!=(uint64)fip->field_readcount) {
4887 TIFFWarningExt(tif->tif_clientdata,module,
4888 "incorrect count for field \"%s\", expected %d, got %d",
4889 fip->field_name,(int) fip->field_readcount, (int)dp->tdir_count);
4890 return 0;
4891 }
4892 else
4893 {
4894 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4895 if (err==TIFFReadDirEntryErrOk)
4896 {
4897 int m;
4898 m=TIFFSetField(tif,dp->tdir_tag,data);
4899 if (data!=0)
4900 _TIFFfree(data);
4901 if (!m)
4902 return(0);
4903 }
4904 }
4905 }
4906 break;
4907 case TIFF_SETGET_C0_UINT16:
4908 {
4909 uint16* data;
4910 assert(fip->field_readcount>=1);
4911 assert(fip->field_passcount==0);
4912 if (dp->tdir_count!=(uint64)fip->field_readcount)
4913 /* corrupt file */;
4914 else
4915 {
4916 err=TIFFReadDirEntryShortArray(tif,dp,&data);
4917 if (err==TIFFReadDirEntryErrOk)
4918 {
4919 int m;
4920 m=TIFFSetField(tif,dp->tdir_tag,data);
4921 if (data!=0)
4922 _TIFFfree(data);
4923 if (!m)
4924 return(0);
4925 }
4926 }
4927 }
4928 break;
4929 case TIFF_SETGET_C0_UINT32:
4930 {
4931 uint32* data;
4932 assert(fip->field_readcount>=1);
4933 assert(fip->field_passcount==0);
4934 if (dp->tdir_count!=(uint64)fip->field_readcount)
4935 /* corrupt file */;
4936 else
4937 {
4938 err=TIFFReadDirEntryLongArray(tif,dp,&data);
4939 if (err==TIFFReadDirEntryErrOk)
4940 {
4941 int m;
4942 m=TIFFSetField(tif,dp->tdir_tag,data);
4943 if (data!=0)
4944 _TIFFfree(data);
4945 if (!m)
4946 return(0);
4947 }
4948 }
4949 }
4950 break;
4951 case TIFF_SETGET_C0_FLOAT:
4952 {
4953 float* data;
4954 assert(fip->field_readcount>=1);
4955 assert(fip->field_passcount==0);
4956 if (dp->tdir_count!=(uint64)fip->field_readcount)
4957 /* corrupt file */;
4958 else
4959 {
4960 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
4961 if (err==TIFFReadDirEntryErrOk)
4962 {
4963 int m;
4964 m=TIFFSetField(tif,dp->tdir_tag,data);
4965 if (data!=0)
4966 _TIFFfree(data);
4967 if (!m)
4968 return(0);
4969 }
4970 }
4971 }
4972 break;
4973 case TIFF_SETGET_C16_ASCII:
4974 {
4975 uint8* data;
4976 assert(fip->field_readcount==TIFF_VARIABLE);
4977 assert(fip->field_passcount==1);
4978 if (dp->tdir_count>0xFFFF)
4979 err=TIFFReadDirEntryErrCount;
4980 else
4981 {
4982 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4983 if (err==TIFFReadDirEntryErrOk)
4984 {
4985 int m;
4986 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
4987 if (data!=0)
4988 _TIFFfree(data);
4989 if (!m)
4990 return(0);
4991 }
4992 }
4993 }
4994 break;
4995 case TIFF_SETGET_C16_UINT8:
4996 {
4997 uint8* data;
4998 assert(fip->field_readcount==TIFF_VARIABLE);
4999 assert(fip->field_passcount==1);
5000 if (dp->tdir_count>0xFFFF)
5001 err=TIFFReadDirEntryErrCount;
5002 else
5003 {
5004 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5005 if (err==TIFFReadDirEntryErrOk)
5006 {
5007 int m;
5008 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5009 if (data!=0)
5010 _TIFFfree(data);
5011 if (!m)
5012 return(0);
5013 }
5014 }
5015 }
5016 break;
5017 case TIFF_SETGET_C16_UINT16:
5018 {
5019 uint16* data;
5020 assert(fip->field_readcount==TIFF_VARIABLE);
5021 assert(fip->field_passcount==1);
5022 if (dp->tdir_count>0xFFFF)
5023 err=TIFFReadDirEntryErrCount;
5024 else
5025 {
5026 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5027 if (err==TIFFReadDirEntryErrOk)
5028 {
5029 int m;
5030 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5031 if (data!=0)
5032 _TIFFfree(data);
5033 if (!m)
5034 return(0);
5035 }
5036 }
5037 }
5038 break;
5039 case TIFF_SETGET_C16_UINT32:
5040 {
5041 uint32* data;
5042 assert(fip->field_readcount==TIFF_VARIABLE);
5043 assert(fip->field_passcount==1);
5044 if (dp->tdir_count>0xFFFF)
5045 err=TIFFReadDirEntryErrCount;
5046 else
5047 {
5048 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5049 if (err==TIFFReadDirEntryErrOk)
5050 {
5051 int m;
5052 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5053 if (data!=0)
5054 _TIFFfree(data);
5055 if (!m)
5056 return(0);
5057 }
5058 }
5059 }
5060 break;
5061 case TIFF_SETGET_C16_UINT64:
5062 {
5063 uint64* data;
5064 assert(fip->field_readcount==TIFF_VARIABLE);
5065 assert(fip->field_passcount==1);
5066 if (dp->tdir_count>0xFFFF)
5067 err=TIFFReadDirEntryErrCount;
5068 else
5069 {
5070 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5071 if (err==TIFFReadDirEntryErrOk)
5072 {
5073 int m;
5074 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5075 if (data!=0)
5076 _TIFFfree(data);
5077 if (!m)
5078 return(0);
5079 }
5080 }
5081 }
5082 break;
5083 case TIFF_SETGET_C16_FLOAT:
5084 {
5085 float* data;
5086 assert(fip->field_readcount==TIFF_VARIABLE);
5087 assert(fip->field_passcount==1);
5088 if (dp->tdir_count>0xFFFF)
5089 err=TIFFReadDirEntryErrCount;
5090 else
5091 {
5092 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5093 if (err==TIFFReadDirEntryErrOk)
5094 {
5095 int m;
5096 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5097 if (data!=0)
5098 _TIFFfree(data);
5099 if (!m)
5100 return(0);
5101 }
5102 }
5103 }
5104 break;
5105 case TIFF_SETGET_C16_DOUBLE:
5106 {
5107 double* data;
5108 assert(fip->field_readcount==TIFF_VARIABLE);
5109 assert(fip->field_passcount==1);
5110 if (dp->tdir_count>0xFFFF)
5111 err=TIFFReadDirEntryErrCount;
5112 else
5113 {
5114 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5115 if (err==TIFFReadDirEntryErrOk)
5116 {
5117 int m;
5118 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5119 if (data!=0)
5120 _TIFFfree(data);
5121 if (!m)
5122 return(0);
5123 }
5124 }
5125 }
5126 break;
5127 case TIFF_SETGET_C16_IFD8:
5128 {
5129 uint64* data;
5130 assert(fip->field_readcount==TIFF_VARIABLE);
5131 assert(fip->field_passcount==1);
5132 if (dp->tdir_count>0xFFFF)
5133 err=TIFFReadDirEntryErrCount;
5134 else
5135 {
5136 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5137 if (err==TIFFReadDirEntryErrOk)
5138 {
5139 int m;
5140 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5141 if (data!=0)
5142 _TIFFfree(data);
5143 if (!m)
5144 return(0);
5145 }
5146 }
5147 }
5148 break;
5149 case TIFF_SETGET_C32_ASCII:
5150 {
5151 uint8* data;
5152 assert(fip->field_readcount==TIFF_VARIABLE2);
5153 assert(fip->field_passcount==1);
5154 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5155 if (err==TIFFReadDirEntryErrOk)
5156 {
5157 int m;
5158 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5159 if (data!=0)
5160 _TIFFfree(data);
5161 if (!m)
5162 return(0);
5163 }
5164 }
5165 break;
5166 case TIFF_SETGET_C32_UINT8:
5167 {
5168 uint8* data;
5169 assert(fip->field_readcount==TIFF_VARIABLE2);
5170 assert(fip->field_passcount==1);
5171 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5172 if (err==TIFFReadDirEntryErrOk)
5173 {
5174 int m;
5175 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5176 if (data!=0)
5177 _TIFFfree(data);
5178 if (!m)
5179 return(0);
5180 }
5181 }
5182 break;
5183 case TIFF_SETGET_C32_SINT8:
5184 {
5185 int8* data = NULL;
5186 assert(fip->field_readcount==TIFF_VARIABLE2);
5187 assert(fip->field_passcount==1);
5188 err=TIFFReadDirEntrySbyteArray(tif,dp,&data);
5189 if (err==TIFFReadDirEntryErrOk)
5190 {
5191 int m;
5192 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5193 if (data!=0)
5194 _TIFFfree(data);
5195 if (!m)
5196 return(0);
5197 }
5198 }
5199 break;
5200 case TIFF_SETGET_C32_UINT16:
5201 {
5202 uint16* data;
5203 assert(fip->field_readcount==TIFF_VARIABLE2);
5204 assert(fip->field_passcount==1);
5205 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5206 if (err==TIFFReadDirEntryErrOk)
5207 {
5208 int m;
5209 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5210 if (data!=0)
5211 _TIFFfree(data);
5212 if (!m)
5213 return(0);
5214 }
5215 }
5216 break;
5217 case TIFF_SETGET_C32_SINT16:
5218 {
5219 int16* data = NULL;
5220 assert(fip->field_readcount==TIFF_VARIABLE2);
5221 assert(fip->field_passcount==1);
5222 err=TIFFReadDirEntrySshortArray(tif,dp,&data);
5223 if (err==TIFFReadDirEntryErrOk)
5224 {
5225 int m;
5226 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5227 if (data!=0)
5228 _TIFFfree(data);
5229 if (!m)
5230 return(0);
5231 }
5232 }
5233 break;
5234 case TIFF_SETGET_C32_UINT32:
5235 {
5236 uint32* data;
5237 assert(fip->field_readcount==TIFF_VARIABLE2);
5238 assert(fip->field_passcount==1);
5239 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5240 if (err==TIFFReadDirEntryErrOk)
5241 {
5242 int m;
5243 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5244 if (data!=0)
5245 _TIFFfree(data);
5246 if (!m)
5247 return(0);
5248 }
5249 }
5250 break;
5251 case TIFF_SETGET_C32_SINT32:
5252 {
5253 int32* data = NULL;
5254 assert(fip->field_readcount==TIFF_VARIABLE2);
5255 assert(fip->field_passcount==1);
5256 err=TIFFReadDirEntrySlongArray(tif,dp,&data);
5257 if (err==TIFFReadDirEntryErrOk)
5258 {
5259 int m;
5260 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5261 if (data!=0)
5262 _TIFFfree(data);
5263 if (!m)
5264 return(0);
5265 }
5266 }
5267 break;
5268 case TIFF_SETGET_C32_UINT64:
5269 {
5270 uint64* data;
5271 assert(fip->field_readcount==TIFF_VARIABLE2);
5272 assert(fip->field_passcount==1);
5273 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5274 if (err==TIFFReadDirEntryErrOk)
5275 {
5276 int m;
5277 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5278 if (data!=0)
5279 _TIFFfree(data);
5280 if (!m)
5281 return(0);
5282 }
5283 }
5284 break;
5285 case TIFF_SETGET_C32_SINT64:
5286 {
5287 int64* data = NULL;
5288 assert(fip->field_readcount==TIFF_VARIABLE2);
5289 assert(fip->field_passcount==1);
5290 err=TIFFReadDirEntrySlong8Array(tif,dp,&data);
5291 if (err==TIFFReadDirEntryErrOk)
5292 {
5293 int m;
5294 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5295 if (data!=0)
5296 _TIFFfree(data);
5297 if (!m)
5298 return(0);
5299 }
5300 }
5301 break;
5302 case TIFF_SETGET_C32_FLOAT:
5303 {
5304 float* data;
5305 assert(fip->field_readcount==TIFF_VARIABLE2);
5306 assert(fip->field_passcount==1);
5307 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5308 if (err==TIFFReadDirEntryErrOk)
5309 {
5310 int m;
5311 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5312 if (data!=0)
5313 _TIFFfree(data);
5314 if (!m)
5315 return(0);
5316 }
5317 }
5318 break;
5319 case TIFF_SETGET_C32_DOUBLE:
5320 {
5321 double* data;
5322 assert(fip->field_readcount==TIFF_VARIABLE2);
5323 assert(fip->field_passcount==1);
5324 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5325 if (err==TIFFReadDirEntryErrOk)
5326 {
5327 int m;
5328 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5329 if (data!=0)
5330 _TIFFfree(data);
5331 if (!m)
5332 return(0);
5333 }
5334 }
5335 break;
5336 case TIFF_SETGET_C32_IFD8:
5337 {
5338 uint64* data;
5339 assert(fip->field_readcount==TIFF_VARIABLE2);
5340 assert(fip->field_passcount==1);
5341 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5342 if (err==TIFFReadDirEntryErrOk)
5343 {
5344 int m;
5345 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5346 if (data!=0)
5347 _TIFFfree(data);
5348 if (!m)
5349 return(0);
5350 }
5351 }
5352 break;
5353 default:
5354 assert(0); /* we should never get here */
5355 break;
5356 }
5357 if (err!=TIFFReadDirEntryErrOk)
5358 {
5359 TIFFReadDirEntryOutputErr(tif,err,module,fip->field_name,recover);
5360 return(0);
5361 }
5362 return(1);
5363 }
5364
5365 /*
5366 * Fetch a set of offsets or lengths.
5367 * While this routine says "strips", in fact it's also used for tiles.
5368 */
5369 static int
TIFFFetchStripThing(TIFF * tif,TIFFDirEntry * dir,uint32 nstrips,uint64 ** lpp)5370 TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
5371 {
5372 static const char module[] = "TIFFFetchStripThing";
5373 enum TIFFReadDirEntryErr err;
5374 uint64* data;
5375 err=TIFFReadDirEntryLong8Array(tif,dir,&data);
5376 if (err!=TIFFReadDirEntryErrOk)
5377 {
5378 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5379 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
5380 return(0);
5381 }
5382 if (dir->tdir_count!=(uint64)nstrips)
5383 {
5384 uint64* resizeddata;
5385 resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array");
5386 if (resizeddata==0) {
5387 _TIFFfree(data);
5388 return(0);
5389 }
5390 if (dir->tdir_count<(uint64)nstrips)
5391 {
5392 _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
5393 _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
5394 }
5395 else
5396 _TIFFmemcpy(resizeddata,data,nstrips*sizeof(uint64));
5397 _TIFFfree(data);
5398 data=resizeddata;
5399 }
5400 *lpp=data;
5401 return(1);
5402 }
5403
5404 /*
5405 * Fetch and set the SubjectDistance EXIF tag.
5406 */
5407 static int
TIFFFetchSubjectDistance(TIFF * tif,TIFFDirEntry * dir)5408 TIFFFetchSubjectDistance(TIFF* tif, TIFFDirEntry* dir)
5409 {
5410 static const char module[] = "TIFFFetchSubjectDistance";
5411 enum TIFFReadDirEntryErr err;
5412 UInt64Aligned_t m;
5413 m.l=0;
5414 assert(sizeof(double)==8);
5415 assert(sizeof(uint64)==8);
5416 assert(sizeof(uint32)==4);
5417 if (dir->tdir_count!=1)
5418 err=TIFFReadDirEntryErrCount;
5419 else if (dir->tdir_type!=TIFF_RATIONAL)
5420 err=TIFFReadDirEntryErrType;
5421 else
5422 {
5423 if (!(tif->tif_flags&TIFF_BIGTIFF))
5424 {
5425 uint32 offset;
5426 offset=*(uint32*)(&dir->tdir_offset);
5427 if (tif->tif_flags&TIFF_SWAB)
5428 TIFFSwabLong(&offset);
5429 err=TIFFReadDirEntryData(tif,offset,8,m.i);
5430 }
5431 else
5432 {
5433 m.l=dir->tdir_offset.toff_long8;
5434 err=TIFFReadDirEntryErrOk;
5435 }
5436 }
5437 if (err==TIFFReadDirEntryErrOk)
5438 {
5439 double n;
5440 if (tif->tif_flags&TIFF_SWAB)
5441 TIFFSwabArrayOfLong(m.i,2);
5442 if (m.i[0]==0)
5443 n=0.0;
5444 else if (m.i[0]==0xFFFFFFFF)
5445 /*
5446 * XXX: Numerator 0xFFFFFFFF means that we have infinite
5447 * distance. Indicate that with a negative floating point
5448 * SubjectDistance value.
5449 */
5450 n=-1.0;
5451 else
5452 n=(double)m.i[0]/(double)m.i[1];
5453 return(TIFFSetField(tif,dir->tdir_tag,n));
5454 }
5455 else
5456 {
5457 TIFFReadDirEntryOutputErr(tif,err,module,"SubjectDistance",TRUE);
5458 return(0);
5459 }
5460 }
5461
5462 /*
5463 * Replace a single strip (tile) of uncompressed data by multiple strips
5464 * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for
5465 * dealing with large images or for dealing with machines with a limited
5466 * amount memory.
5467 */
5468 static void
ChopUpSingleUncompressedStrip(TIFF * tif)5469 ChopUpSingleUncompressedStrip(TIFF* tif)
5470 {
5471 register TIFFDirectory *td = &tif->tif_dir;
5472 uint64 bytecount;
5473 uint64 offset;
5474 uint32 rowblock;
5475 uint64 rowblockbytes;
5476 uint64 stripbytes;
5477 uint32 strip;
5478 uint64 nstrips64;
5479 uint32 nstrips32;
5480 uint32 rowsperstrip;
5481 uint64* newcounts;
5482 uint64* newoffsets;
5483
5484 bytecount = td->td_stripbytecount[0];
5485 offset = td->td_stripoffset[0];
5486 assert(td->td_planarconfig == PLANARCONFIG_CONTIG);
5487 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&&
5488 (!isUpSampled(tif)))
5489 rowblock = td->td_ycbcrsubsampling[1];
5490 else
5491 rowblock = 1;
5492 rowblockbytes = TIFFVTileSize64(tif, rowblock);
5493 /*
5494 * Make the rows hold at least one scanline, but fill specified amount
5495 * of data if possible.
5496 */
5497 if (rowblockbytes > STRIP_SIZE_DEFAULT) {
5498 stripbytes = rowblockbytes;
5499 rowsperstrip = rowblock;
5500 } else if (rowblockbytes > 0 ) {
5501 uint32 rowblocksperstrip;
5502 rowblocksperstrip = (uint32) (STRIP_SIZE_DEFAULT / rowblockbytes);
5503 rowsperstrip = rowblocksperstrip * rowblock;
5504 stripbytes = rowblocksperstrip * rowblockbytes;
5505 }
5506 else
5507 return;
5508
5509 /*
5510 * never increase the number of strips in an image
5511 */
5512 if (rowsperstrip >= td->td_rowsperstrip)
5513 return;
5514 nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
5515 if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
5516 return;
5517 nstrips32 = (uint32)nstrips64;
5518
5519 newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
5520 "for chopped \"StripByteCounts\" array");
5521 newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
5522 "for chopped \"StripOffsets\" array");
5523 if (newcounts == NULL || newoffsets == NULL) {
5524 /*
5525 * Unable to allocate new strip information, give up and use
5526 * the original one strip information.
5527 */
5528 if (newcounts != NULL)
5529 _TIFFfree(newcounts);
5530 if (newoffsets != NULL)
5531 _TIFFfree(newoffsets);
5532 return;
5533 }
5534 /*
5535 * Fill the strip information arrays with new bytecounts and offsets
5536 * that reflect the broken-up format.
5537 */
5538 for (strip = 0; strip < nstrips32; strip++) {
5539 if (stripbytes > bytecount)
5540 stripbytes = bytecount;
5541 newcounts[strip] = stripbytes;
5542 newoffsets[strip] = offset;
5543 offset += stripbytes;
5544 bytecount -= stripbytes;
5545 }
5546 /*
5547 * Replace old single strip info with multi-strip info.
5548 */
5549 td->td_stripsperimage = td->td_nstrips = nstrips32;
5550 TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
5551
5552 _TIFFfree(td->td_stripbytecount);
5553 _TIFFfree(td->td_stripoffset);
5554 td->td_stripbytecount = newcounts;
5555 td->td_stripoffset = newoffsets;
5556 td->td_stripbytecountsorted = 1;
5557 }
5558
_TIFFFillStriles(TIFF * tif)5559 int _TIFFFillStriles( TIFF *tif )
5560 {
5561 #if defined(DEFER_STRILE_LOAD)
5562 register TIFFDirectory *td = &tif->tif_dir;
5563 int return_value = 1;
5564
5565 if( td->td_stripoffset != NULL )
5566 return 1;
5567
5568 if( td->td_stripoffset_entry.tdir_count == 0 )
5569 return 0;
5570
5571 if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry),
5572 td->td_nstrips,&td->td_stripoffset))
5573 {
5574 return_value = 0;
5575 }
5576
5577 if (!TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry),
5578 td->td_nstrips,&td->td_stripbytecount))
5579 {
5580 return_value = 0;
5581 }
5582
5583 _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry));
5584 _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry));
5585
5586 if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) {
5587 uint32 strip;
5588
5589 tif->tif_dir.td_stripbytecountsorted = 1;
5590 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
5591 if (tif->tif_dir.td_stripoffset[strip - 1] >
5592 tif->tif_dir.td_stripoffset[strip]) {
5593 tif->tif_dir.td_stripbytecountsorted = 0;
5594 break;
5595 }
5596 }
5597 }
5598
5599 return return_value;
5600 #else /* !defined(DEFER_STRILE_LOAD) */
5601 (void) tif;
5602 return 1;
5603 #endif
5604 }
5605
5606
5607 /* vim: set ts=8 sts=8 sw=8 noet: */
5608 /*
5609 * Local Variables:
5610 * mode: c
5611 * c-basic-offset: 8
5612 * fill-column: 78
5613 * End:
5614 */
5615