1 /* exif-mnote-data-pentax.c
2 *
3 * Copyright (c) 2002, 2003 Lutz Mueller <lutz@users.sourceforge.net>
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 * Boston, MA 02110-1301 USA.
19 *
20 * SPDX-License-Identifier: LGPL-2.0-or-later
21 */
22
23 #include "config.h"
24 #include "exif-mnote-data-pentax.h"
25
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdio.h>
29
30 #include <libexif/exif-byte-order.h>
31 #include <libexif/exif-utils.h>
32
33 #define CHECKOVERFLOW(offset,datasize,structsize) (( (offset) >= (datasize)) || ((structsize) > (datasize)) || ((offset) > (datasize) - (structsize) ))
34
35 static void
exif_mnote_data_pentax_clear(ExifMnoteDataPentax * n)36 exif_mnote_data_pentax_clear (ExifMnoteDataPentax *n)
37 {
38 ExifMnoteData *d = (ExifMnoteData *) n;
39 unsigned int i;
40
41 if (!n) return;
42
43 if (n->entries) {
44 for (i = 0; i < n->count; i++)
45 if (n->entries[i].data) {
46 exif_mem_free (d->mem, n->entries[i].data);
47 n->entries[i].data = NULL;
48 }
49 exif_mem_free (d->mem, n->entries);
50 n->entries = NULL;
51 n->count = 0;
52 }
53 }
54
55 static void
exif_mnote_data_pentax_free(ExifMnoteData * n)56 exif_mnote_data_pentax_free (ExifMnoteData *n)
57 {
58 if (!n) return;
59
60 exif_mnote_data_pentax_clear ((ExifMnoteDataPentax *) n);
61 }
62
63 static char *
exif_mnote_data_pentax_get_value(ExifMnoteData * d,unsigned int i,char * val,unsigned int maxlen)64 exif_mnote_data_pentax_get_value (ExifMnoteData *d, unsigned int i, char *val, unsigned int maxlen)
65 {
66 ExifMnoteDataPentax *n = (ExifMnoteDataPentax *) d;
67
68 if (!n) return NULL;
69 if (n->count <= i) return NULL;
70 return mnote_pentax_entry_get_value (&n->entries[i], val, maxlen);
71 }
72
73 /**
74 * @brief save the MnoteData from ne to buf
75 *
76 * @param ne extract the data from this structure
77 * @param *buf write the mnoteData to this buffer (buffer will be allocated)
78 * @param buf_size the final size of the buffer
79 */
80 static void
exif_mnote_data_pentax_save(ExifMnoteData * ne,unsigned char ** buf,unsigned int * buf_size)81 exif_mnote_data_pentax_save (ExifMnoteData *ne,
82 unsigned char **buf, unsigned int *buf_size)
83 {
84 ExifMnoteDataPentax *n = (ExifMnoteDataPentax *) ne;
85 size_t i, datao,
86 base = 0, /* internal MakerNote tag number offset */
87 o2 = 4 + 2; /* offset to first tag entry, past header */
88
89 if (!n || !buf || !buf_size) return;
90 datao = n->offset; /* this MakerNote style uses offsets
91 based on main IFD, not makernote IFD */
92
93 /*
94 * Allocate enough memory for header, the number of entries, entries,
95 * and next IFD pointer
96 */
97 *buf_size = o2 + 2 + n->count * 12 + 4;
98 switch (n->version) {
99 case casioV2:
100 base = MNOTE_PENTAX2_TAG_BASE;
101 *buf = exif_mem_alloc (ne->mem, *buf_size);
102 if (!*buf) {
103 EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size);
104 return;
105 }
106 /* Write the magic header */
107 strcpy ((char *)*buf, "QVC");
108 exif_set_short (*buf + 4, n->order, (ExifShort) 0);
109
110 break;
111
112 case pentaxV3:
113 base = MNOTE_PENTAX2_TAG_BASE;
114 *buf = exif_mem_alloc (ne->mem, *buf_size);
115 if (!*buf) {
116 EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size);
117 return;
118 }
119
120 /* Write the magic header */
121 strcpy ((char *)*buf, "AOC");
122 exif_set_short (*buf + 4, n->order, (ExifShort) (
123 (n->order == EXIF_BYTE_ORDER_INTEL) ?
124 ('I' << 8) | 'I' :
125 ('M' << 8) | 'M'));
126 break;
127
128 case pentaxV2:
129 base = MNOTE_PENTAX2_TAG_BASE;
130 *buf = exif_mem_alloc (ne->mem, *buf_size);
131 if (!*buf) {
132 EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size);
133 return;
134 }
135
136 /* Write the magic header */
137 strcpy ((char *)*buf, "AOC");
138 exif_set_short (*buf + 4, n->order, (ExifShort) 0);
139 break;
140
141 case pentaxV1:
142 /* It looks like this format doesn't have a magic header as
143 * such, just has a fixed number of entries equal to 0x001b */
144 *buf_size -= 6;
145 o2 -= 6;
146 *buf = exif_mem_alloc (ne->mem, *buf_size);
147 if (!*buf) {
148 EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size);
149 return;
150 }
151 break;
152
153 default:
154 /* internal error */
155 return;
156 }
157
158 /* Write the number of entries. */
159 exif_set_short (*buf + o2, n->order, (ExifShort) n->count);
160 o2 += 2;
161
162 /* Save each entry */
163 for (i = 0; i < n->count; i++) {
164 size_t doff; /* offset to current data portion of tag */
165 size_t s;
166 unsigned char *t;
167 size_t o = o2 + i * 12; /* current offset into output buffer */
168 exif_set_short (*buf + o + 0, n->order,
169 (ExifShort) (n->entries[i].tag - base));
170 exif_set_short (*buf + o + 2, n->order,
171 (ExifShort) n->entries[i].format);
172 exif_set_long (*buf + o + 4, n->order,
173 n->entries[i].components);
174 o += 8;
175 s = exif_format_get_size (n->entries[i].format) *
176 n->entries[i].components;
177 if (s > 65536) {
178 /* Corrupt data: EXIF data size is limited to the
179 * maximum size of a JPEG segment (64 kb).
180 */
181 continue;
182 }
183 if (s > 4) {
184 size_t ts = *buf_size + s;
185 doff = *buf_size;
186 t = exif_mem_realloc (ne->mem, *buf,
187 sizeof (char) * ts);
188 if (!t) {
189 EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", ts);
190 return;
191 }
192 *buf = t;
193 *buf_size = ts;
194 exif_set_long (*buf + o, n->order, datao + doff);
195 } else
196 doff = o;
197
198 /* Write the data. */
199 if (n->entries[i].data) {
200 memcpy (*buf + doff, n->entries[i].data, s);
201 } else {
202 /* Most certainly damaged input file */
203 memset (*buf + doff, 0, s);
204 }
205 }
206
207 /* Sanity check the buffer size */
208 if (*buf_size < (o2 + n->count * 12 + 4)) {
209 exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataPentax",
210 "Buffer overflow");
211 }
212
213 /* Reset next IFD pointer */
214 exif_set_long (*buf + o2 + n->count * 12, n->order, 0);
215 }
216
217 static void
exif_mnote_data_pentax_load(ExifMnoteData * en,const unsigned char * buf,unsigned int buf_size)218 exif_mnote_data_pentax_load (ExifMnoteData *en,
219 const unsigned char *buf, unsigned int buf_size)
220 {
221 ExifMnoteDataPentax *n = (ExifMnoteDataPentax *) en;
222 size_t i, tcount, o, datao, base = 0;
223 ExifShort c;
224
225 if (!n) return;
226
227 if (!buf || !buf_size) {
228 exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
229 "ExifMnoteDataPentax", "Short MakerNote");
230 return;
231 }
232 datao = 6 + n->offset;
233 if (CHECKOVERFLOW(datao, buf_size, 8)) {
234 exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
235 "ExifMnoteDataPentax", "Short MakerNote");
236 return;
237 }
238
239 /* Detect variant of Pentax/Casio MakerNote found */
240 if (!memcmp(buf + datao, "AOC", 4)) {
241 if ((buf[datao + 4] == 'I') && (buf[datao + 5] == 'I')) {
242 n->version = pentaxV3;
243 n->order = EXIF_BYTE_ORDER_INTEL;
244 } else if ((buf[datao + 4] == 'M') && (buf[datao + 5] == 'M')) {
245 n->version = pentaxV3;
246 n->order = EXIF_BYTE_ORDER_MOTOROLA;
247 } else {
248 /* Uses Casio v2 tags */
249 n->version = pentaxV2;
250 }
251 exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax",
252 "Parsing Pentax maker note v%d...", (int)n->version);
253 datao += 4 + 2;
254 base = MNOTE_PENTAX2_TAG_BASE;
255 } else if (!memcmp(buf + datao, "QVC", 4)) {
256 exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax",
257 "Parsing Casio maker note v2...");
258 n->version = casioV2;
259 base = MNOTE_CASIO2_TAG_BASE;
260 datao += 4 + 2;
261 } else {
262 /* probably assert(!memcmp(buf + datao, "\x00\x1b", 2)) */
263 exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax",
264 "Parsing Pentax maker note v1...");
265 n->version = pentaxV1;
266 }
267
268 /* Read the number of tags */
269 c = exif_get_short (buf + datao, n->order);
270 datao += 2;
271
272 /* Just use an arbitrary max tag limit here to avoid needing to much memory or time. There are 102 named tags currently.
273 * The format allows specifying the same range of memory as often as it can, so this multiplies quickly. */
274 if (c > 200) {
275 exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataPentax", "Too much tags (%d) in Pentax MakerNote", c);
276 return;
277 }
278
279
280 /* Remove any old entries */
281 exif_mnote_data_pentax_clear (n);
282
283 /* Reserve enough space for all the possible MakerNote tags */
284 n->entries = exif_mem_alloc (en->mem, sizeof (MnotePentaxEntry) * c);
285 if (!n->entries) {
286 EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataPentax", sizeof (MnotePentaxEntry) * c);
287 return;
288 }
289
290 /* Parse all c entries, storing ones that are successfully parsed */
291 tcount = 0;
292 for (i = c, o = datao; i; --i, o += 12) {
293 size_t s;
294
295 memset(&n->entries[tcount], 0, sizeof(MnotePentaxEntry));
296 if (CHECKOVERFLOW(o,buf_size,12)) {
297 exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
298 "ExifMnoteDataPentax", "Short MakerNote");
299 break;
300 }
301
302 n->entries[tcount].tag = exif_get_short (buf + o + 0, n->order) + base;
303 n->entries[tcount].format = exif_get_short (buf + o + 2, n->order);
304 n->entries[tcount].components = exif_get_long (buf + o + 4, n->order);
305 n->entries[tcount].order = n->order;
306
307 exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnotePentax",
308 "Loading entry 0x%x ('%s')...", n->entries[tcount].tag,
309 mnote_pentax_tag_get_name (n->entries[tcount].tag));
310
311 /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection,
312 * we will check the buffer sizes closer later. */
313 if ( exif_format_get_size (n->entries[tcount].format) &&
314 buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components
315 ) {
316 exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
317 "ExifMnoteDataPentax", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components);
318 break;
319 }
320 /*
321 * Size? If bigger than 4 bytes, the actual data is not
322 * in the entry but somewhere else (offset).
323 */
324 s = exif_format_get_size (n->entries[tcount].format) *
325 n->entries[tcount].components;
326 n->entries[tcount].size = s;
327 if (s) {
328 size_t dataofs = o + 8;
329 if (s > 4)
330 /* The data in this case is merely a pointer */
331 dataofs = exif_get_long (buf + dataofs, n->order) + 6;
332
333 if (CHECKOVERFLOW(dataofs, buf_size, s)) {
334 exif_log (en->log, EXIF_LOG_CODE_DEBUG,
335 "ExifMnoteDataPentax", "Tag data past end "
336 "of buffer (%u > %u)", (unsigned)(dataofs + s), buf_size);
337 continue;
338 }
339
340 n->entries[tcount].data = exif_mem_alloc (en->mem, s);
341 if (!n->entries[tcount].data) {
342 EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataPentax", s);
343 continue;
344 }
345 memcpy (n->entries[tcount].data, buf + dataofs, s);
346 }
347
348 /* Tag was successfully parsed */
349 ++tcount;
350 }
351 /* Store the count of successfully parsed tags */
352 n->count = tcount;
353 }
354
355 static unsigned int
exif_mnote_data_pentax_count(ExifMnoteData * n)356 exif_mnote_data_pentax_count (ExifMnoteData *n)
357 {
358 return n ? ((ExifMnoteDataPentax *) n)->count : 0;
359 }
360
361 static unsigned int
exif_mnote_data_pentax_get_id(ExifMnoteData * d,unsigned int n)362 exif_mnote_data_pentax_get_id (ExifMnoteData *d, unsigned int n)
363 {
364 ExifMnoteDataPentax *note = (ExifMnoteDataPentax *) d;
365
366 if (!note) return 0;
367 if (note->count <= n) return 0;
368 return note->entries[n].tag;
369 }
370
371 static const char *
exif_mnote_data_pentax_get_name(ExifMnoteData * d,unsigned int n)372 exif_mnote_data_pentax_get_name (ExifMnoteData *d, unsigned int n)
373 {
374 ExifMnoteDataPentax *note = (ExifMnoteDataPentax *) d;
375
376 if (!note) return NULL;
377 if (note->count <= n) return NULL;
378 return mnote_pentax_tag_get_name (note->entries[n].tag);
379 }
380
381 static const char *
exif_mnote_data_pentax_get_title(ExifMnoteData * d,unsigned int n)382 exif_mnote_data_pentax_get_title (ExifMnoteData *d, unsigned int n)
383 {
384 ExifMnoteDataPentax *note = (ExifMnoteDataPentax *) d;
385
386 if (!note) return NULL;
387 if (note->count <= n) return NULL;
388 return mnote_pentax_tag_get_title (note->entries[n].tag);
389 }
390
391 static const char *
exif_mnote_data_pentax_get_description(ExifMnoteData * d,unsigned int n)392 exif_mnote_data_pentax_get_description (ExifMnoteData *d, unsigned int n)
393 {
394 ExifMnoteDataPentax *note = (ExifMnoteDataPentax *) d;
395
396 if (!note) return NULL;
397 if (note->count <= n) return NULL;
398 return mnote_pentax_tag_get_description (note->entries[n].tag);
399 }
400
401 static void
exif_mnote_data_pentax_set_offset(ExifMnoteData * d,unsigned int o)402 exif_mnote_data_pentax_set_offset (ExifMnoteData *d, unsigned int o)
403 {
404 if (d) ((ExifMnoteDataPentax *) d)->offset = o;
405 }
406
407 static void
exif_mnote_data_pentax_set_byte_order(ExifMnoteData * d,ExifByteOrder o)408 exif_mnote_data_pentax_set_byte_order (ExifMnoteData *d, ExifByteOrder o)
409 {
410 ExifByteOrder o_orig;
411 ExifMnoteDataPentax *n = (ExifMnoteDataPentax *) d;
412 unsigned int i;
413
414 if (!n) return;
415
416 o_orig = n->order;
417 n->order = o;
418 for (i = 0; i < n->count; i++) {
419 if (n->entries[i].components && (n->entries[i].size/n->entries[i].components < exif_format_get_size (n->entries[i].format)))
420 continue;
421 n->entries[i].order = o;
422 exif_array_set_byte_order (n->entries[i].format, n->entries[i].data,
423 n->entries[i].components, o_orig, o);
424 }
425 }
426
427 int
exif_mnote_data_pentax_identify(const ExifData * ed,const ExifEntry * e)428 exif_mnote_data_pentax_identify (const ExifData *ed, const ExifEntry *e)
429 {
430 (void) ed; /* unused */
431 if ((e->size >= 8) && !memcmp (e->data, "AOC", 4)) {
432 if (((e->data[4] == 'I') && (e->data[5] == 'I')) ||
433 ((e->data[4] == 'M') && (e->data[5] == 'M')))
434 return pentaxV3;
435 else
436 /* Uses Casio v2 tags */
437 return pentaxV2;
438 }
439
440 if ((e->size >= 8) && !memcmp (e->data, "QVC", 4))
441 return casioV2;
442
443 /* This isn't a very robust test, so make sure it's done last */
444 /* Maybe we should additionally check for a make of Asahi or Pentax */
445 if ((e->size >= 2) && (e->data[0] == 0x00) && (e->data[1] == 0x1b))
446 return pentaxV1;
447
448 return 0;
449 }
450
451 ExifMnoteData *
exif_mnote_data_pentax_new(ExifMem * mem)452 exif_mnote_data_pentax_new (ExifMem *mem)
453 {
454 ExifMnoteData *d;
455
456 if (!mem) return NULL;
457
458 d = exif_mem_alloc (mem, sizeof (ExifMnoteDataPentax));
459 if (!d) return NULL;
460
461 exif_mnote_data_construct (d, mem);
462
463 /* Set up function pointers */
464 d->methods.free = exif_mnote_data_pentax_free;
465 d->methods.set_byte_order = exif_mnote_data_pentax_set_byte_order;
466 d->methods.set_offset = exif_mnote_data_pentax_set_offset;
467 d->methods.load = exif_mnote_data_pentax_load;
468 d->methods.save = exif_mnote_data_pentax_save;
469 d->methods.count = exif_mnote_data_pentax_count;
470 d->methods.get_id = exif_mnote_data_pentax_get_id;
471 d->methods.get_name = exif_mnote_data_pentax_get_name;
472 d->methods.get_title = exif_mnote_data_pentax_get_title;
473 d->methods.get_description = exif_mnote_data_pentax_get_description;
474 d->methods.get_value = exif_mnote_data_pentax_get_value;
475
476 return d;
477 }
478