1 /* $Id: tif_read.c,v 1.59 2017-05-13 15:34:06 erouault Exp $ */
2
3 /*
4 * Copyright (c) 1988-1997 Sam Leffler
5 * Copyright (c) 1991-1997 Silicon Graphics, Inc.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software and
8 * its documentation for any purpose is hereby granted without fee, provided
9 * that (i) the above copyright notices and this permission notice appear in
10 * all copies of the software and related documentation, and (ii) the names of
11 * Sam Leffler and Silicon Graphics may not be used in any advertising or
12 * publicity relating to the software without the specific, prior written
13 * permission of Sam Leffler and Silicon Graphics.
14 *
15 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
17 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
18 *
19 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
20 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
21 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
22 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
23 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
24 * OF THIS SOFTWARE.
25 */
26
27 /*
28 * TIFF Library.
29 * Scanline-oriented Read Support
30 */
31 #include "tiffiop.h"
32 #include <stdio.h>
33
34 #define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0))
35 #define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1)
36
37 int TIFFFillStrip(TIFF* tif, uint32 strip);
38 int TIFFFillTile(TIFF* tif, uint32 tile);
39 static int TIFFStartStrip(TIFF* tif, uint32 strip);
40 static int TIFFStartTile(TIFF* tif, uint32 tile);
41 static int TIFFCheckRead(TIFF*, int);
42 static tmsize_t
43 TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,const char* module);
44 static tmsize_t
45 TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* module);
46
47 #define NOSTRIP ((uint32)(-1)) /* undefined state */
48 #define NOTILE ((uint32)(-1)) /* undefined state */
49
50 #define INITIAL_THRESHOLD (1024 * 1024)
51 #define THRESHOLD_MULTIPLIER 10
52 #define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD)
53
54 /* Read 'size' bytes in tif_rawdata buffer starting at offset 'rawdata_offset'
55 * Returns 1 in case of success, 0 otherwise. */
TIFFReadAndRealloc(TIFF * tif,tmsize_t size,tmsize_t rawdata_offset,int is_strip,uint32 strip_or_tile,const char * module)56 static int TIFFReadAndRealloc( TIFF* tif, tmsize_t size,
57 tmsize_t rawdata_offset,
58 int is_strip, uint32 strip_or_tile,
59 const char* module )
60 {
61 #if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8
62 tmsize_t threshold = INITIAL_THRESHOLD;
63 #endif
64 tmsize_t already_read = 0;
65
66 /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */
67 /* so as to avoid allocating too much memory in case the file is too */
68 /* short. We could ask for the file size, but this might be */
69 /* expensive with some I/O layers (think of reading a gzipped file) */
70 /* Restrict to 64 bit processes, so as to avoid reallocs() */
71 /* on 32 bit processes where virtual memory is scarce. */
72 while( already_read < size )
73 {
74 tmsize_t bytes_read;
75 tmsize_t to_read = size - already_read;
76 #if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8
77 if( to_read >= threshold && threshold < MAX_THRESHOLD &&
78 already_read + to_read + rawdata_offset > tif->tif_rawdatasize )
79 {
80 to_read = threshold;
81 threshold *= THRESHOLD_MULTIPLIER;
82 }
83 #endif
84 if (already_read + to_read + rawdata_offset > tif->tif_rawdatasize) {
85 uint8* new_rawdata;
86 assert((tif->tif_flags & TIFF_MYBUFFER) != 0);
87 tif->tif_rawdatasize = (tmsize_t)TIFFroundup_64(
88 (uint64)already_read + to_read + rawdata_offset, 1024);
89 if (tif->tif_rawdatasize==0) {
90 TIFFErrorExt(tif->tif_clientdata, module,
91 "Invalid buffer size");
92 return 0;
93 }
94 new_rawdata = (uint8*) _TIFFrealloc(
95 tif->tif_rawdata, tif->tif_rawdatasize);
96 if( new_rawdata == 0 )
97 {
98 TIFFErrorExt(tif->tif_clientdata, module,
99 "No space for data buffer at scanline %lu",
100 (unsigned long) tif->tif_row);
101 _TIFFfree(tif->tif_rawdata);
102 tif->tif_rawdata = 0;
103 tif->tif_rawdatasize = 0;
104 return 0;
105 }
106 tif->tif_rawdata = new_rawdata;
107 }
108
109 bytes_read = TIFFReadFile(tif,
110 tif->tif_rawdata + rawdata_offset + already_read, to_read);
111 already_read += bytes_read;
112 if (bytes_read != to_read) {
113 memset( tif->tif_rawdata + rawdata_offset + already_read, 0,
114 tif->tif_rawdatasize - rawdata_offset - already_read );
115 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
116 if( is_strip )
117 {
118 TIFFErrorExt(tif->tif_clientdata, module,
119 "Read error at scanline %lu; got %I64u bytes, "
120 "expected %I64u",
121 (unsigned long) tif->tif_row,
122 (unsigned __int64) already_read,
123 (unsigned __int64) size);
124 }
125 else
126 {
127 TIFFErrorExt(tif->tif_clientdata, module,
128 "Read error at row %lu, col %lu, tile %lu; "
129 "got %I64u bytes, expected %I64u",
130 (unsigned long) tif->tif_row,
131 (unsigned long) tif->tif_col,
132 (unsigned long) strip_or_tile,
133 (unsigned __int64) already_read,
134 (unsigned __int64) size);
135 }
136 #else
137 if( is_strip )
138 {
139 TIFFErrorExt(tif->tif_clientdata, module,
140 "Read error at scanline %lu; got %llu bytes, "
141 "expected %llu",
142 (unsigned long) tif->tif_row,
143 (unsigned long long) already_read,
144 (unsigned long long) size);
145 }
146 else
147 {
148 TIFFErrorExt(tif->tif_clientdata, module,
149 "Read error at row %lu, col %lu, tile %lu; "
150 "got %llu bytes, expected %llu",
151 (unsigned long) tif->tif_row,
152 (unsigned long) tif->tif_col,
153 (unsigned long) strip_or_tile,
154 (unsigned long long) already_read,
155 (unsigned long long) size);
156 }
157 #endif
158 return 0;
159 }
160 }
161 return 1;
162 }
163
164
165 static int
TIFFFillStripPartial(TIFF * tif,int strip,tmsize_t read_ahead,int restart)166 TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart )
167 {
168 static const char module[] = "TIFFFillStripPartial";
169 register TIFFDirectory *td = &tif->tif_dir;
170 tmsize_t unused_data;
171 uint64 read_offset;
172 tmsize_t to_read;
173 tmsize_t read_ahead_mod;
174 /* tmsize_t bytecountm; */
175
176 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
177 return 0;
178
179 /*
180 * Expand raw data buffer, if needed, to hold data
181 * strip coming from file (perhaps should set upper
182 * bound on the size of a buffer we'll use?).
183 */
184
185 /* bytecountm=(tmsize_t) td->td_stripbytecount[strip]; */
186
187 /* Not completely sure where the * 2 comes from, but probably for */
188 /* an exponentional growth strategy of tif_rawdatasize */
189 if( read_ahead < TIFF_TMSIZE_T_MAX / 2 )
190 read_ahead_mod = read_ahead * 2;
191 else
192 read_ahead_mod = read_ahead;
193 if (read_ahead_mod > tif->tif_rawdatasize) {
194 assert( restart );
195
196 tif->tif_curstrip = NOSTRIP;
197 if ((tif->tif_flags & TIFF_MYBUFFER) == 0) {
198 TIFFErrorExt(tif->tif_clientdata, module,
199 "Data buffer too small to hold part of strip %lu",
200 (unsigned long) strip);
201 return (0);
202 }
203 }
204
205 if( restart )
206 {
207 tif->tif_rawdataloaded = 0;
208 tif->tif_rawdataoff = 0;
209 }
210
211 /*
212 ** If we are reading more data, move any unused data to the
213 ** start of the buffer.
214 */
215 if( tif->tif_rawdataloaded > 0 )
216 unused_data = tif->tif_rawdataloaded - (tif->tif_rawcp - tif->tif_rawdata);
217 else
218 unused_data = 0;
219
220 if( unused_data > 0 )
221 {
222 assert((tif->tif_flags&TIFF_BUFFERMMAP)==0);
223 memmove( tif->tif_rawdata, tif->tif_rawcp, unused_data );
224 }
225
226 /*
227 ** Seek to the point in the file where more data should be read.
228 */
229 read_offset = td->td_stripoffset[strip]
230 + tif->tif_rawdataoff + tif->tif_rawdataloaded;
231
232 if (!SeekOK(tif, read_offset)) {
233 TIFFErrorExt(tif->tif_clientdata, module,
234 "Seek error at scanline %lu, strip %lu",
235 (unsigned long) tif->tif_row, (unsigned long) strip);
236 return 0;
237 }
238
239 /*
240 ** How much do we want to read?
241 */
242 if( read_ahead_mod > tif->tif_rawdatasize )
243 to_read = read_ahead_mod - unused_data;
244 else
245 to_read = tif->tif_rawdatasize - unused_data;
246 if( (uint64) to_read > td->td_stripbytecount[strip]
247 - tif->tif_rawdataoff - tif->tif_rawdataloaded )
248 {
249 to_read = (tmsize_t) td->td_stripbytecount[strip]
250 - tif->tif_rawdataoff - tif->tif_rawdataloaded;
251 }
252
253 assert((tif->tif_flags&TIFF_BUFFERMMAP)==0);
254 if( !TIFFReadAndRealloc( tif, to_read, unused_data,
255 1, /* is_strip */
256 0, /* strip_or_tile */
257 module) )
258 {
259 return 0;
260 }
261
262 tif->tif_rawdataoff = tif->tif_rawdataoff + tif->tif_rawdataloaded - unused_data ;
263 tif->tif_rawdataloaded = unused_data + to_read;
264
265 tif->tif_rawcp = tif->tif_rawdata;
266
267 if (!isFillOrder(tif, td->td_fillorder) &&
268 (tif->tif_flags & TIFF_NOBITREV) == 0) {
269 assert((tif->tif_flags&TIFF_BUFFERMMAP)==0);
270 TIFFReverseBits(tif->tif_rawdata + unused_data, to_read );
271 }
272
273 /*
274 ** When starting a strip from the beginning we need to
275 ** restart the decoder.
276 */
277 if( restart )
278 return TIFFStartStrip(tif, strip);
279 else
280 {
281 tif->tif_rawcc = tif->tif_rawdataloaded;
282 return 1;
283 }
284 }
285
286 /*
287 * Seek to a random row+sample in a file.
288 *
289 * Only used by TIFFReadScanline, and is only used on
290 * strip organized files. We do some tricky stuff to try
291 * and avoid reading the whole compressed raw data for big
292 * strips.
293 */
294 static int
TIFFSeek(TIFF * tif,uint32 row,uint16 sample)295 TIFFSeek(TIFF* tif, uint32 row, uint16 sample )
296 {
297 register TIFFDirectory *td = &tif->tif_dir;
298 uint32 strip;
299 int whole_strip;
300 tmsize_t read_ahead = 0;
301
302 /*
303 ** Establish what strip we are working from.
304 */
305 if (row >= td->td_imagelength) { /* out of range */
306 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
307 "%lu: Row out of range, max %lu",
308 (unsigned long) row,
309 (unsigned long) td->td_imagelength);
310 return (0);
311 }
312 if (td->td_planarconfig == PLANARCONFIG_SEPARATE) {
313 if (sample >= td->td_samplesperpixel) {
314 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
315 "%lu: Sample out of range, max %lu",
316 (unsigned long) sample, (unsigned long) td->td_samplesperpixel);
317 return (0);
318 }
319 strip = (uint32)sample*td->td_stripsperimage + row/td->td_rowsperstrip;
320 } else
321 strip = row / td->td_rowsperstrip;
322
323 /*
324 * Do we want to treat this strip as one whole chunk or
325 * read it a few lines at a time?
326 */
327 #if defined(CHUNKY_STRIP_READ_SUPPORT)
328 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
329 return 0;
330 whole_strip = tif->tif_dir.td_stripbytecount[strip] < 10
331 || isMapped(tif);
332 #else
333 whole_strip = 1;
334 #endif
335
336 if( !whole_strip )
337 {
338 /* 16 is for YCbCr mode where we may need to read 16 */
339 /* lines at a time to get a decompressed line, and 5000 */
340 /* is some constant value, for example for JPEG tables */
341 if( tif->tif_scanlinesize < TIFF_TMSIZE_T_MAX / 16 &&
342 tif->tif_scanlinesize * 16 < TIFF_TMSIZE_T_MAX - 5000 )
343 {
344 read_ahead = tif->tif_scanlinesize * 16 + 5000;
345 }
346 else
347 {
348 read_ahead = tif->tif_scanlinesize;
349 }
350 }
351
352 /*
353 * If we haven't loaded this strip, do so now, possibly
354 * only reading the first part.
355 */
356 if (strip != tif->tif_curstrip) { /* different strip, refill */
357
358 if( whole_strip )
359 {
360 if (!TIFFFillStrip(tif, strip))
361 return (0);
362 }
363 else
364 {
365 if( !TIFFFillStripPartial(tif,strip,read_ahead,1) )
366 return 0;
367 }
368 }
369
370 /*
371 ** If we already have some data loaded, do we need to read some more?
372 */
373 else if( !whole_strip )
374 {
375 if( ((tif->tif_rawdata + tif->tif_rawdataloaded) - tif->tif_rawcp) < read_ahead
376 && (uint64) tif->tif_rawdataoff+tif->tif_rawdataloaded < td->td_stripbytecount[strip] )
377 {
378 if( !TIFFFillStripPartial(tif,strip,read_ahead,0) )
379 return 0;
380 }
381 }
382
383 if (row < tif->tif_row) {
384 /*
385 * Moving backwards within the same strip: backup
386 * to the start and then decode forward (below).
387 *
388 * NB: If you're planning on lots of random access within a
389 * strip, it's better to just read and decode the entire
390 * strip, and then access the decoded data in a random fashion.
391 */
392
393 if( tif->tif_rawdataoff != 0 )
394 {
395 if( !TIFFFillStripPartial(tif,strip,read_ahead,1) )
396 return 0;
397 }
398 else
399 {
400 if (!TIFFStartStrip(tif, strip))
401 return (0);
402 }
403 }
404
405 if (row != tif->tif_row) {
406 /*
407 * Seek forward to the desired row.
408 */
409
410 /* TODO: Will this really work with partial buffers? */
411
412 if (!(*tif->tif_seek)(tif, row - tif->tif_row))
413 return (0);
414 tif->tif_row = row;
415 }
416
417 return (1);
418 }
419
420 int
TIFFReadScanline(TIFF * tif,void * buf,uint32 row,uint16 sample)421 TIFFReadScanline(TIFF* tif, void* buf, uint32 row, uint16 sample)
422 {
423 int e;
424
425 if (!TIFFCheckRead(tif, 0))
426 return (-1);
427 if( (e = TIFFSeek(tif, row, sample)) != 0) {
428 /*
429 * Decompress desired row into user buffer.
430 */
431 e = (*tif->tif_decoderow)
432 (tif, (uint8*) buf, tif->tif_scanlinesize, sample);
433
434 /* we are now poised at the beginning of the next row */
435 tif->tif_row = row + 1;
436
437 if (e)
438 (*tif->tif_postdecode)(tif, (uint8*) buf,
439 tif->tif_scanlinesize);
440 }
441 return (e > 0 ? 1 : -1);
442 }
443
444 /*
445 * Calculate the strip size according to the number of
446 * rows in the strip (check for truncated last strip on any
447 * of the separations).
448 */
TIFFReadEncodedStripGetStripSize(TIFF * tif,uint32 strip,uint16 * pplane)449 static tmsize_t TIFFReadEncodedStripGetStripSize(TIFF* tif, uint32 strip, uint16* pplane)
450 {
451 static const char module[] = "TIFFReadEncodedStrip";
452 TIFFDirectory *td = &tif->tif_dir;
453 uint32 rowsperstrip;
454 uint32 stripsperplane;
455 uint32 stripinplane;
456 uint32 rows;
457 tmsize_t stripsize;
458 if (!TIFFCheckRead(tif,0))
459 return((tmsize_t)(-1));
460 if (strip>=td->td_nstrips)
461 {
462 TIFFErrorExt(tif->tif_clientdata,module,
463 "%lu: Strip out of range, max %lu",(unsigned long)strip,
464 (unsigned long)td->td_nstrips);
465 return((tmsize_t)(-1));
466 }
467
468 rowsperstrip=td->td_rowsperstrip;
469 if (rowsperstrip>td->td_imagelength)
470 rowsperstrip=td->td_imagelength;
471 stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
472 stripinplane=(strip%stripsperplane);
473 if( pplane ) *pplane=(uint16)(strip/stripsperplane);
474 rows=td->td_imagelength-stripinplane*rowsperstrip;
475 if (rows>rowsperstrip)
476 rows=rowsperstrip;
477 stripsize=TIFFVStripSize(tif,rows);
478 if (stripsize==0)
479 return((tmsize_t)(-1));
480 return stripsize;
481 }
482
483 /*
484 * Read a strip of data and decompress the specified
485 * amount into the user-supplied buffer.
486 */
487 tmsize_t
TIFFReadEncodedStrip(TIFF * tif,uint32 strip,void * buf,tmsize_t size)488 TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
489 {
490 static const char module[] = "TIFFReadEncodedStrip";
491 TIFFDirectory *td = &tif->tif_dir;
492 tmsize_t stripsize;
493 uint16 plane;
494
495 stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane);
496 if (stripsize==((tmsize_t)(-1)))
497 return((tmsize_t)(-1));
498
499 /* shortcut to avoid an extra memcpy() */
500 if( td->td_compression == COMPRESSION_NONE &&
501 size!=(tmsize_t)(-1) && size >= stripsize &&
502 !isMapped(tif) &&
503 ((tif->tif_flags&TIFF_NOREADRAW)==0) )
504 {
505 if (TIFFReadRawStrip1(tif, strip, buf, stripsize, module) != stripsize)
506 return ((tmsize_t)(-1));
507
508 if (!isFillOrder(tif, td->td_fillorder) &&
509 (tif->tif_flags & TIFF_NOBITREV) == 0)
510 TIFFReverseBits(buf,stripsize);
511
512 (*tif->tif_postdecode)(tif,buf,stripsize);
513 return (stripsize);
514 }
515
516 if ((size!=(tmsize_t)(-1))&&(size<stripsize))
517 stripsize=size;
518 if (!TIFFFillStrip(tif,strip))
519 return((tmsize_t)(-1));
520 if ((*tif->tif_decodestrip)(tif,buf,stripsize,plane)<=0)
521 return((tmsize_t)(-1));
522 (*tif->tif_postdecode)(tif,buf,stripsize);
523 return(stripsize);
524 }
525
526 /* Variant of TIFFReadEncodedStrip() that does
527 * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillStrip() has
528 * suceeded. This avoid excessive memory allocation in case of truncated
529 * file.
530 * * calls regular TIFFReadEncodedStrip() if *buf != NULL
531 */
532 tmsize_t
_TIFFReadEncodedStripAndAllocBuffer(TIFF * tif,uint32 strip,void ** buf,tmsize_t bufsizetoalloc,tmsize_t size_to_read)533 _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,
534 void **buf, tmsize_t bufsizetoalloc,
535 tmsize_t size_to_read)
536 {
537 tmsize_t this_stripsize;
538 uint16 plane;
539
540 if( *buf != NULL )
541 {
542 return TIFFReadEncodedStrip(tif, strip, *buf, size_to_read);
543 }
544
545 this_stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane);
546 if (this_stripsize==((tmsize_t)(-1)))
547 return((tmsize_t)(-1));
548
549 if ((size_to_read!=(tmsize_t)(-1))&&(size_to_read<this_stripsize))
550 this_stripsize=size_to_read;
551 if (!TIFFFillStrip(tif,strip))
552 return((tmsize_t)(-1));
553
554 *buf = _TIFFmalloc(bufsizetoalloc);
555 if (*buf == NULL) {
556 TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for strip buffer");
557 return((tmsize_t)(-1));
558 }
559 _TIFFmemset(*buf, 0, bufsizetoalloc);
560
561 if ((*tif->tif_decodestrip)(tif,*buf,this_stripsize,plane)<=0)
562 return((tmsize_t)(-1));
563 (*tif->tif_postdecode)(tif,*buf,this_stripsize);
564 return(this_stripsize);
565
566
567 }
568
569
570 static tmsize_t
TIFFReadRawStrip1(TIFF * tif,uint32 strip,void * buf,tmsize_t size,const char * module)571 TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,
572 const char* module)
573 {
574 TIFFDirectory *td = &tif->tif_dir;
575
576 if (!_TIFFFillStriles( tif ))
577 return ((tmsize_t)(-1));
578
579 assert((tif->tif_flags&TIFF_NOREADRAW)==0);
580 if (!isMapped(tif)) {
581 tmsize_t cc;
582
583 if (!SeekOK(tif, td->td_stripoffset[strip])) {
584 TIFFErrorExt(tif->tif_clientdata, module,
585 "Seek error at scanline %lu, strip %lu",
586 (unsigned long) tif->tif_row, (unsigned long) strip);
587 return ((tmsize_t)(-1));
588 }
589 cc = TIFFReadFile(tif, buf, size);
590 if (cc != size) {
591 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
592 TIFFErrorExt(tif->tif_clientdata, module,
593 "Read error at scanline %lu; got %I64u bytes, expected %I64u",
594 (unsigned long) tif->tif_row,
595 (unsigned __int64) cc,
596 (unsigned __int64) size);
597 #else
598 TIFFErrorExt(tif->tif_clientdata, module,
599 "Read error at scanline %lu; got %llu bytes, expected %llu",
600 (unsigned long) tif->tif_row,
601 (unsigned long long) cc,
602 (unsigned long long) size);
603 #endif
604 return ((tmsize_t)(-1));
605 }
606 } else {
607 tmsize_t ma = 0;
608 tmsize_t n;
609 if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)||
610 ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size))
611 {
612 n=0;
613 }
614 else if( ma > TIFF_TMSIZE_T_MAX - size )
615 {
616 n=0;
617 }
618 else
619 {
620 tmsize_t mb=ma+size;
621 if (mb>tif->tif_size)
622 n=tif->tif_size-ma;
623 else
624 n=size;
625 }
626 if (n!=size) {
627 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
628 TIFFErrorExt(tif->tif_clientdata, module,
629 "Read error at scanline %lu, strip %lu; got %I64u bytes, expected %I64u",
630 (unsigned long) tif->tif_row,
631 (unsigned long) strip,
632 (unsigned __int64) n,
633 (unsigned __int64) size);
634 #else
635 TIFFErrorExt(tif->tif_clientdata, module,
636 "Read error at scanline %lu, strip %lu; got %llu bytes, expected %llu",
637 (unsigned long) tif->tif_row,
638 (unsigned long) strip,
639 (unsigned long long) n,
640 (unsigned long long) size);
641 #endif
642 return ((tmsize_t)(-1));
643 }
644 _TIFFmemcpy(buf, tif->tif_base + ma,
645 size);
646 }
647 return (size);
648 }
649
650 static tmsize_t
TIFFReadRawStripOrTile2(TIFF * tif,uint32 strip_or_tile,int is_strip,tmsize_t size,const char * module)651 TIFFReadRawStripOrTile2(TIFF* tif, uint32 strip_or_tile, int is_strip,
652 tmsize_t size, const char* module)
653 {
654 TIFFDirectory *td = &tif->tif_dir;
655
656 assert( !isMapped(tif) );
657 assert((tif->tif_flags&TIFF_NOREADRAW)==0);
658
659 if (!SeekOK(tif, td->td_stripoffset[strip_or_tile])) {
660 if( is_strip )
661 {
662 TIFFErrorExt(tif->tif_clientdata, module,
663 "Seek error at scanline %lu, strip %lu",
664 (unsigned long) tif->tif_row,
665 (unsigned long) strip_or_tile);
666 }
667 else
668 {
669 TIFFErrorExt(tif->tif_clientdata, module,
670 "Seek error at row %lu, col %lu, tile %lu",
671 (unsigned long) tif->tif_row,
672 (unsigned long) tif->tif_col,
673 (unsigned long) strip_or_tile);
674 }
675 return ((tmsize_t)(-1));
676 }
677
678 if( !TIFFReadAndRealloc( tif, size, 0, is_strip,
679 strip_or_tile, module ) )
680 {
681 return ((tmsize_t)(-1));
682 }
683
684 return (size);
685 }
686
687 /*
688 * Read a strip of data from the file.
689 */
690 tmsize_t
TIFFReadRawStrip(TIFF * tif,uint32 strip,void * buf,tmsize_t size)691 TIFFReadRawStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size)
692 {
693 static const char module[] = "TIFFReadRawStrip";
694 TIFFDirectory *td = &tif->tif_dir;
695 uint64 bytecount;
696 tmsize_t bytecountm;
697
698 if (!TIFFCheckRead(tif, 0))
699 return ((tmsize_t)(-1));
700 if (strip >= td->td_nstrips) {
701 TIFFErrorExt(tif->tif_clientdata, module,
702 "%lu: Strip out of range, max %lu",
703 (unsigned long) strip,
704 (unsigned long) td->td_nstrips);
705 return ((tmsize_t)(-1));
706 }
707 if (tif->tif_flags&TIFF_NOREADRAW)
708 {
709 TIFFErrorExt(tif->tif_clientdata, module,
710 "Compression scheme does not support access to raw uncompressed data");
711 return ((tmsize_t)(-1));
712 }
713 bytecount = td->td_stripbytecount[strip];
714 if ((int64)bytecount <= 0) {
715 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
716 TIFFErrorExt(tif->tif_clientdata, module,
717 "%I64u: Invalid strip byte count, strip %lu",
718 (unsigned __int64) bytecount,
719 (unsigned long) strip);
720 #else
721 TIFFErrorExt(tif->tif_clientdata, module,
722 "%llu: Invalid strip byte count, strip %lu",
723 (unsigned long long) bytecount,
724 (unsigned long) strip);
725 #endif
726 return ((tmsize_t)(-1));
727 }
728 bytecountm = (tmsize_t)bytecount;
729 if ((uint64)bytecountm!=bytecount) {
730 TIFFErrorExt(tif->tif_clientdata, module, "Integer overflow");
731 return ((tmsize_t)(-1));
732 }
733 if (size != (tmsize_t)(-1) && size < bytecountm)
734 bytecountm = size;
735 return (TIFFReadRawStrip1(tif, strip, buf, bytecountm, module));
736 }
737
738 /*
739 * Read the specified strip and setup for decoding. The data buffer is
740 * expanded, as necessary, to hold the strip's data.
741 */
742 int
TIFFFillStrip(TIFF * tif,uint32 strip)743 TIFFFillStrip(TIFF* tif, uint32 strip)
744 {
745 static const char module[] = "TIFFFillStrip";
746 TIFFDirectory *td = &tif->tif_dir;
747
748 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
749 return 0;
750
751 if ((tif->tif_flags&TIFF_NOREADRAW)==0)
752 {
753 uint64 bytecount = td->td_stripbytecount[strip];
754 if ((int64)bytecount <= 0) {
755 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
756 TIFFErrorExt(tif->tif_clientdata, module,
757 "Invalid strip byte count %I64u, strip %lu",
758 (unsigned __int64) bytecount,
759 (unsigned long) strip);
760 #else
761 TIFFErrorExt(tif->tif_clientdata, module,
762 "Invalid strip byte count %llu, strip %lu",
763 (unsigned long long) bytecount,
764 (unsigned long) strip);
765 #endif
766 return (0);
767 }
768
769 /* To avoid excessive memory allocations: */
770 /* Byte count should normally not be larger than a number of */
771 /* times the uncompressed size plus some margin */
772 if( bytecount > 1024 * 1024 )
773 {
774 /* 10 and 4096 are just values that could be adjusted. */
775 /* Hopefully they are safe enough for all codecs */
776 tmsize_t stripsize = TIFFStripSize(tif);
777 if( stripsize != 0 &&
778 (bytecount - 4096) / 10 > (uint64)stripsize )
779 {
780 uint64 newbytecount = (uint64)stripsize * 10 + 4096;
781 if( (int64)newbytecount >= 0 )
782 {
783 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
784 TIFFWarningExt(tif->tif_clientdata, module,
785 "Too large strip byte count %I64u, strip %lu. Limiting to %I64u",
786 (unsigned __int64) bytecount,
787 (unsigned long) strip,
788 (unsigned __int64) newbytecount);
789 #else
790 TIFFErrorExt(tif->tif_clientdata, module,
791 "Too large strip byte count %llu, strip %lu. Limiting to %llu",
792 (unsigned long long) bytecount,
793 (unsigned long) strip,
794 (unsigned long long) newbytecount);
795 #endif
796 bytecount = newbytecount;
797 }
798 }
799 }
800
801 if (isMapped(tif) &&
802 (isFillOrder(tif, td->td_fillorder)
803 || (tif->tif_flags & TIFF_NOBITREV))) {
804 /*
805 * The image is mapped into memory and we either don't
806 * need to flip bits or the compression routine is
807 * going to handle this operation itself. In this
808 * case, avoid copying the raw data and instead just
809 * reference the data from the memory mapped file
810 * image. This assumes that the decompression
811 * routines do not modify the contents of the raw data
812 * buffer (if they try to, the application will get a
813 * fault since the file is mapped read-only).
814 */
815 if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata) {
816 _TIFFfree(tif->tif_rawdata);
817 tif->tif_rawdata = NULL;
818 tif->tif_rawdatasize = 0;
819 }
820 tif->tif_flags &= ~TIFF_MYBUFFER;
821 /*
822 * We must check for overflow, potentially causing
823 * an OOB read. Instead of simple
824 *
825 * td->td_stripoffset[strip]+bytecount > tif->tif_size
826 *
827 * comparison (which can overflow) we do the following
828 * two comparisons:
829 */
830 if (bytecount > (uint64)tif->tif_size ||
831 td->td_stripoffset[strip] > (uint64)tif->tif_size - bytecount) {
832 /*
833 * This error message might seem strange, but
834 * it's what would happen if a read were done
835 * instead.
836 */
837 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
838 TIFFErrorExt(tif->tif_clientdata, module,
839
840 "Read error on strip %lu; "
841 "got %I64u bytes, expected %I64u",
842 (unsigned long) strip,
843 (unsigned __int64) tif->tif_size - td->td_stripoffset[strip],
844 (unsigned __int64) bytecount);
845 #else
846 TIFFErrorExt(tif->tif_clientdata, module,
847
848 "Read error on strip %lu; "
849 "got %llu bytes, expected %llu",
850 (unsigned long) strip,
851 (unsigned long long) tif->tif_size - td->td_stripoffset[strip],
852 (unsigned long long) bytecount);
853 #endif
854 tif->tif_curstrip = NOSTRIP;
855 return (0);
856 }
857 tif->tif_rawdatasize = (tmsize_t)bytecount;
858 tif->tif_rawdata = tif->tif_base + (tmsize_t)td->td_stripoffset[strip];
859 tif->tif_rawdataoff = 0;
860 tif->tif_rawdataloaded = (tmsize_t) bytecount;
861
862 /*
863 * When we have tif_rawdata reference directly into the memory mapped file
864 * we need to be pretty careful about how we use the rawdata. It is not
865 * a general purpose working buffer as it normally otherwise is. So we
866 * keep track of this fact to avoid using it improperly.
867 */
868 tif->tif_flags |= TIFF_BUFFERMMAP;
869 } else {
870 /*
871 * Expand raw data buffer, if needed, to hold data
872 * strip coming from file (perhaps should set upper
873 * bound on the size of a buffer we'll use?).
874 */
875 tmsize_t bytecountm;
876 bytecountm=(tmsize_t)bytecount;
877 if ((uint64)bytecountm!=bytecount)
878 {
879 TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
880 return(0);
881 }
882 if (bytecountm > tif->tif_rawdatasize) {
883 tif->tif_curstrip = NOSTRIP;
884 if ((tif->tif_flags & TIFF_MYBUFFER) == 0) {
885 TIFFErrorExt(tif->tif_clientdata, module,
886 "Data buffer too small to hold strip %lu",
887 (unsigned long) strip);
888 return (0);
889 }
890 }
891 if (tif->tif_flags&TIFF_BUFFERMMAP) {
892 tif->tif_curstrip = NOSTRIP;
893 tif->tif_rawdata = NULL;
894 tif->tif_rawdatasize = 0;
895 tif->tif_flags &= ~TIFF_BUFFERMMAP;
896 }
897
898 if( isMapped(tif) )
899 {
900 if (bytecountm > tif->tif_rawdatasize &&
901 !TIFFReadBufferSetup(tif, 0, bytecountm))
902 {
903 return (0);
904 }
905 if (TIFFReadRawStrip1(tif, strip, tif->tif_rawdata,
906 bytecountm, module) != bytecountm)
907 {
908 return (0);
909 }
910 }
911 else
912 {
913 if (TIFFReadRawStripOrTile2(tif, strip, 1,
914 bytecountm, module) != bytecountm)
915 {
916 return (0);
917 }
918 }
919
920
921 tif->tif_rawdataoff = 0;
922 tif->tif_rawdataloaded = bytecountm;
923
924 if (!isFillOrder(tif, td->td_fillorder) &&
925 (tif->tif_flags & TIFF_NOBITREV) == 0)
926 TIFFReverseBits(tif->tif_rawdata, bytecountm);
927 }
928 }
929 return (TIFFStartStrip(tif, strip));
930 }
931
932 /*
933 * Tile-oriented Read Support
934 * Contributed by Nancy Cam (Silicon Graphics).
935 */
936
937 /*
938 * Read and decompress a tile of data. The
939 * tile is selected by the (x,y,z,s) coordinates.
940 */
941 tmsize_t
TIFFReadTile(TIFF * tif,void * buf,uint32 x,uint32 y,uint32 z,uint16 s)942 TIFFReadTile(TIFF* tif, void* buf, uint32 x, uint32 y, uint32 z, uint16 s)
943 {
944 if (!TIFFCheckRead(tif, 1) || !TIFFCheckTile(tif, x, y, z, s))
945 return ((tmsize_t)(-1));
946 return (TIFFReadEncodedTile(tif,
947 TIFFComputeTile(tif, x, y, z, s), buf, (tmsize_t)(-1)));
948 }
949
950 /*
951 * Read a tile of data and decompress the specified
952 * amount into the user-supplied buffer.
953 */
954 tmsize_t
TIFFReadEncodedTile(TIFF * tif,uint32 tile,void * buf,tmsize_t size)955 TIFFReadEncodedTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size)
956 {
957 static const char module[] = "TIFFReadEncodedTile";
958 TIFFDirectory *td = &tif->tif_dir;
959 tmsize_t tilesize = tif->tif_tilesize;
960
961 if (!TIFFCheckRead(tif, 1))
962 return ((tmsize_t)(-1));
963 if (tile >= td->td_nstrips) {
964 TIFFErrorExt(tif->tif_clientdata, module,
965 "%lu: Tile out of range, max %lu",
966 (unsigned long) tile, (unsigned long) td->td_nstrips);
967 return ((tmsize_t)(-1));
968 }
969
970 /* shortcut to avoid an extra memcpy() */
971 if( td->td_compression == COMPRESSION_NONE &&
972 size!=(tmsize_t)(-1) && size >= tilesize &&
973 !isMapped(tif) &&
974 ((tif->tif_flags&TIFF_NOREADRAW)==0) )
975 {
976 if (TIFFReadRawTile1(tif, tile, buf, tilesize, module) != tilesize)
977 return ((tmsize_t)(-1));
978
979 if (!isFillOrder(tif, td->td_fillorder) &&
980 (tif->tif_flags & TIFF_NOBITREV) == 0)
981 TIFFReverseBits(buf,tilesize);
982
983 (*tif->tif_postdecode)(tif,buf,tilesize);
984 return (tilesize);
985 }
986
987 if (size == (tmsize_t)(-1))
988 size = tilesize;
989 else if (size > tilesize)
990 size = tilesize;
991 if (TIFFFillTile(tif, tile) && (*tif->tif_decodetile)(tif,
992 (uint8*) buf, size, (uint16)(tile/td->td_stripsperimage))) {
993 (*tif->tif_postdecode)(tif, (uint8*) buf, size);
994 return (size);
995 } else
996 return ((tmsize_t)(-1));
997 }
998
999 /* Variant of TIFFReadTile() that does
1000 * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has
1001 * suceeded. This avoid excessive memory allocation in case of truncated
1002 * file.
1003 * * calls regular TIFFReadEncodedTile() if *buf != NULL
1004 */
1005 tmsize_t
_TIFFReadTileAndAllocBuffer(TIFF * tif,void ** buf,tmsize_t bufsizetoalloc,uint32 x,uint32 y,uint32 z,uint16 s)1006 _TIFFReadTileAndAllocBuffer(TIFF* tif,
1007 void **buf, tmsize_t bufsizetoalloc,
1008 uint32 x, uint32 y, uint32 z, uint16 s)
1009 {
1010 if (!TIFFCheckRead(tif, 1) || !TIFFCheckTile(tif, x, y, z, s))
1011 return ((tmsize_t)(-1));
1012 return (_TIFFReadEncodedTileAndAllocBuffer(tif,
1013 TIFFComputeTile(tif, x, y, z, s),
1014 buf, bufsizetoalloc,
1015 (tmsize_t)(-1)));
1016 }
1017
1018 /* Variant of TIFFReadEncodedTile() that does
1019 * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has
1020 * suceeded. This avoid excessive memory allocation in case of truncated
1021 * file.
1022 * * calls regular TIFFReadEncodedTile() if *buf != NULL
1023 */
1024 tmsize_t
_TIFFReadEncodedTileAndAllocBuffer(TIFF * tif,uint32 tile,void ** buf,tmsize_t bufsizetoalloc,tmsize_t size_to_read)1025 _TIFFReadEncodedTileAndAllocBuffer(TIFF* tif, uint32 tile,
1026 void **buf, tmsize_t bufsizetoalloc,
1027 tmsize_t size_to_read)
1028 {
1029 static const char module[] = "_TIFFReadEncodedTileAndAllocBuffer";
1030 TIFFDirectory *td = &tif->tif_dir;
1031 tmsize_t tilesize = tif->tif_tilesize;
1032
1033 if( *buf != NULL )
1034 {
1035 return TIFFReadEncodedTile(tif, tile, *buf, size_to_read);
1036 }
1037
1038 if (!TIFFCheckRead(tif, 1))
1039 return ((tmsize_t)(-1));
1040 if (tile >= td->td_nstrips) {
1041 TIFFErrorExt(tif->tif_clientdata, module,
1042 "%lu: Tile out of range, max %lu",
1043 (unsigned long) tile, (unsigned long) td->td_nstrips);
1044 return ((tmsize_t)(-1));
1045 }
1046
1047 if (!TIFFFillTile(tif,tile))
1048 return((tmsize_t)(-1));
1049
1050 *buf = _TIFFmalloc(bufsizetoalloc);
1051 if (*buf == NULL) {
1052 TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif),
1053 "No space for tile buffer");
1054 return((tmsize_t)(-1));
1055 }
1056 _TIFFmemset(*buf, 0, bufsizetoalloc);
1057
1058 if (size_to_read == (tmsize_t)(-1))
1059 size_to_read = tilesize;
1060 else if (size_to_read > tilesize)
1061 size_to_read = tilesize;
1062 if( (*tif->tif_decodetile)(tif,
1063 (uint8*) *buf, size_to_read, (uint16)(tile/td->td_stripsperimage))) {
1064 (*tif->tif_postdecode)(tif, (uint8*) *buf, size_to_read);
1065 return (size_to_read);
1066 } else
1067 return ((tmsize_t)(-1));
1068 }
1069
1070
1071 static tmsize_t
TIFFReadRawTile1(TIFF * tif,uint32 tile,void * buf,tmsize_t size,const char * module)1072 TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* module)
1073 {
1074 TIFFDirectory *td = &tif->tif_dir;
1075
1076 if (!_TIFFFillStriles( tif ))
1077 return ((tmsize_t)(-1));
1078
1079 assert((tif->tif_flags&TIFF_NOREADRAW)==0);
1080 if (!isMapped(tif)) {
1081 tmsize_t cc;
1082
1083 if (!SeekOK(tif, td->td_stripoffset[tile])) {
1084 TIFFErrorExt(tif->tif_clientdata, module,
1085 "Seek error at row %lu, col %lu, tile %lu",
1086 (unsigned long) tif->tif_row,
1087 (unsigned long) tif->tif_col,
1088 (unsigned long) tile);
1089 return ((tmsize_t)(-1));
1090 }
1091 cc = TIFFReadFile(tif, buf, size);
1092 if (cc != size) {
1093 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
1094 TIFFErrorExt(tif->tif_clientdata, module,
1095 "Read error at row %lu, col %lu; got %I64u bytes, expected %I64u",
1096 (unsigned long) tif->tif_row,
1097 (unsigned long) tif->tif_col,
1098 (unsigned __int64) cc,
1099 (unsigned __int64) size);
1100 #else
1101 TIFFErrorExt(tif->tif_clientdata, module,
1102 "Read error at row %lu, col %lu; got %llu bytes, expected %llu",
1103 (unsigned long) tif->tif_row,
1104 (unsigned long) tif->tif_col,
1105 (unsigned long long) cc,
1106 (unsigned long long) size);
1107 #endif
1108 return ((tmsize_t)(-1));
1109 }
1110 } else {
1111 tmsize_t ma,mb;
1112 tmsize_t n;
1113 ma=(tmsize_t)td->td_stripoffset[tile];
1114 mb=ma+size;
1115 if ((td->td_stripoffset[tile] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size))
1116 n=0;
1117 else if ((mb<ma)||(mb<size)||(mb>tif->tif_size))
1118 n=tif->tif_size-ma;
1119 else
1120 n=size;
1121 if (n!=size) {
1122 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
1123 TIFFErrorExt(tif->tif_clientdata, module,
1124 "Read error at row %lu, col %lu, tile %lu; got %I64u bytes, expected %I64u",
1125 (unsigned long) tif->tif_row,
1126 (unsigned long) tif->tif_col,
1127 (unsigned long) tile,
1128 (unsigned __int64) n,
1129 (unsigned __int64) size);
1130 #else
1131 TIFFErrorExt(tif->tif_clientdata, module,
1132 "Read error at row %lu, col %lu, tile %lu; got %llu bytes, expected %llu",
1133 (unsigned long) tif->tif_row,
1134 (unsigned long) tif->tif_col,
1135 (unsigned long) tile,
1136 (unsigned long long) n,
1137 (unsigned long long) size);
1138 #endif
1139 return ((tmsize_t)(-1));
1140 }
1141 _TIFFmemcpy(buf, tif->tif_base + ma, size);
1142 }
1143 return (size);
1144 }
1145
1146 /*
1147 * Read a tile of data from the file.
1148 */
1149 tmsize_t
TIFFReadRawTile(TIFF * tif,uint32 tile,void * buf,tmsize_t size)1150 TIFFReadRawTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size)
1151 {
1152 static const char module[] = "TIFFReadRawTile";
1153 TIFFDirectory *td = &tif->tif_dir;
1154 uint64 bytecount64;
1155 tmsize_t bytecountm;
1156
1157 if (!TIFFCheckRead(tif, 1))
1158 return ((tmsize_t)(-1));
1159 if (tile >= td->td_nstrips) {
1160 TIFFErrorExt(tif->tif_clientdata, module,
1161 "%lu: Tile out of range, max %lu",
1162 (unsigned long) tile, (unsigned long) td->td_nstrips);
1163 return ((tmsize_t)(-1));
1164 }
1165 if (tif->tif_flags&TIFF_NOREADRAW)
1166 {
1167 TIFFErrorExt(tif->tif_clientdata, module,
1168 "Compression scheme does not support access to raw uncompressed data");
1169 return ((tmsize_t)(-1));
1170 }
1171 bytecount64 = td->td_stripbytecount[tile];
1172 if (size != (tmsize_t)(-1) && (uint64)size < bytecount64)
1173 bytecount64 = (uint64)size;
1174 bytecountm = (tmsize_t)bytecount64;
1175 if ((uint64)bytecountm!=bytecount64)
1176 {
1177 TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
1178 return ((tmsize_t)(-1));
1179 }
1180 return (TIFFReadRawTile1(tif, tile, buf, bytecountm, module));
1181 }
1182
1183 /*
1184 * Read the specified tile and setup for decoding. The data buffer is
1185 * expanded, as necessary, to hold the tile's data.
1186 */
1187 int
TIFFFillTile(TIFF * tif,uint32 tile)1188 TIFFFillTile(TIFF* tif, uint32 tile)
1189 {
1190 static const char module[] = "TIFFFillTile";
1191 TIFFDirectory *td = &tif->tif_dir;
1192
1193 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
1194 return 0;
1195
1196 if ((tif->tif_flags&TIFF_NOREADRAW)==0)
1197 {
1198 uint64 bytecount = td->td_stripbytecount[tile];
1199 if ((int64)bytecount <= 0) {
1200 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
1201 TIFFErrorExt(tif->tif_clientdata, module,
1202 "%I64u: Invalid tile byte count, tile %lu",
1203 (unsigned __int64) bytecount,
1204 (unsigned long) tile);
1205 #else
1206 TIFFErrorExt(tif->tif_clientdata, module,
1207 "%llu: Invalid tile byte count, tile %lu",
1208 (unsigned long long) bytecount,
1209 (unsigned long) tile);
1210 #endif
1211 return (0);
1212 }
1213 if (isMapped(tif) &&
1214 (isFillOrder(tif, td->td_fillorder)
1215 || (tif->tif_flags & TIFF_NOBITREV))) {
1216 /*
1217 * The image is mapped into memory and we either don't
1218 * need to flip bits or the compression routine is
1219 * going to handle this operation itself. In this
1220 * case, avoid copying the raw data and instead just
1221 * reference the data from the memory mapped file
1222 * image. This assumes that the decompression
1223 * routines do not modify the contents of the raw data
1224 * buffer (if they try to, the application will get a
1225 * fault since the file is mapped read-only).
1226 */
1227 if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata) {
1228 _TIFFfree(tif->tif_rawdata);
1229 tif->tif_rawdata = NULL;
1230 tif->tif_rawdatasize = 0;
1231 }
1232 tif->tif_flags &= ~TIFF_MYBUFFER;
1233 /*
1234 * We must check for overflow, potentially causing
1235 * an OOB read. Instead of simple
1236 *
1237 * td->td_stripoffset[tile]+bytecount > tif->tif_size
1238 *
1239 * comparison (which can overflow) we do the following
1240 * two comparisons:
1241 */
1242 if (bytecount > (uint64)tif->tif_size ||
1243 td->td_stripoffset[tile] > (uint64)tif->tif_size - bytecount) {
1244 tif->tif_curtile = NOTILE;
1245 return (0);
1246 }
1247 tif->tif_rawdatasize = (tmsize_t)bytecount;
1248 tif->tif_rawdata =
1249 tif->tif_base + (tmsize_t)td->td_stripoffset[tile];
1250 tif->tif_rawdataoff = 0;
1251 tif->tif_rawdataloaded = (tmsize_t) bytecount;
1252 tif->tif_flags |= TIFF_BUFFERMMAP;
1253 } else {
1254 /*
1255 * Expand raw data buffer, if needed, to hold data
1256 * tile coming from file (perhaps should set upper
1257 * bound on the size of a buffer we'll use?).
1258 */
1259 tmsize_t bytecountm;
1260 bytecountm=(tmsize_t)bytecount;
1261 if ((uint64)bytecountm!=bytecount)
1262 {
1263 TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow");
1264 return(0);
1265 }
1266 if (bytecountm > tif->tif_rawdatasize) {
1267 tif->tif_curtile = NOTILE;
1268 if ((tif->tif_flags & TIFF_MYBUFFER) == 0) {
1269 TIFFErrorExt(tif->tif_clientdata, module,
1270 "Data buffer too small to hold tile %lu",
1271 (unsigned long) tile);
1272 return (0);
1273 }
1274 }
1275 if (tif->tif_flags&TIFF_BUFFERMMAP) {
1276 tif->tif_curtile = NOTILE;
1277 tif->tif_rawdata = NULL;
1278 tif->tif_rawdatasize = 0;
1279 tif->tif_flags &= ~TIFF_BUFFERMMAP;
1280 }
1281
1282 if( isMapped(tif) )
1283 {
1284 if (bytecountm > tif->tif_rawdatasize &&
1285 !TIFFReadBufferSetup(tif, 0, bytecountm))
1286 {
1287 return (0);
1288 }
1289 if (TIFFReadRawTile1(tif, tile, tif->tif_rawdata,
1290 bytecountm, module) != bytecountm)
1291 {
1292 return (0);
1293 }
1294 }
1295 else
1296 {
1297 if (TIFFReadRawStripOrTile2(tif, tile, 0,
1298 bytecountm, module) != bytecountm)
1299 {
1300 return (0);
1301 }
1302 }
1303
1304
1305 tif->tif_rawdataoff = 0;
1306 tif->tif_rawdataloaded = bytecountm;
1307
1308 if (!isFillOrder(tif, td->td_fillorder) &&
1309 (tif->tif_flags & TIFF_NOBITREV) == 0)
1310 TIFFReverseBits(tif->tif_rawdata,
1311 tif->tif_rawdataloaded);
1312 }
1313 }
1314 return (TIFFStartTile(tif, tile));
1315 }
1316
1317 /*
1318 * Setup the raw data buffer in preparation for
1319 * reading a strip of raw data. If the buffer
1320 * is specified as zero, then a buffer of appropriate
1321 * size is allocated by the library. Otherwise,
1322 * the client must guarantee that the buffer is
1323 * large enough to hold any individual strip of
1324 * raw data.
1325 */
1326 int
TIFFReadBufferSetup(TIFF * tif,void * bp,tmsize_t size)1327 TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size)
1328 {
1329 static const char module[] = "TIFFReadBufferSetup";
1330
1331 assert((tif->tif_flags&TIFF_NOREADRAW)==0);
1332 tif->tif_flags &= ~TIFF_BUFFERMMAP;
1333
1334 if (tif->tif_rawdata) {
1335 if (tif->tif_flags & TIFF_MYBUFFER)
1336 _TIFFfree(tif->tif_rawdata);
1337 tif->tif_rawdata = NULL;
1338 tif->tif_rawdatasize = 0;
1339 }
1340 if (bp) {
1341 tif->tif_rawdatasize = size;
1342 tif->tif_rawdata = (uint8*) bp;
1343 tif->tif_flags &= ~TIFF_MYBUFFER;
1344 } else {
1345 tif->tif_rawdatasize = (tmsize_t)TIFFroundup_64((uint64)size, 1024);
1346 if (tif->tif_rawdatasize==0) {
1347 TIFFErrorExt(tif->tif_clientdata, module,
1348 "Invalid buffer size");
1349 return (0);
1350 }
1351 /* Initialize to zero to avoid uninitialized buffers in case of */
1352 /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */
1353 tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize);
1354 tif->tif_flags |= TIFF_MYBUFFER;
1355 }
1356 if (tif->tif_rawdata == NULL) {
1357 TIFFErrorExt(tif->tif_clientdata, module,
1358 "No space for data buffer at scanline %lu",
1359 (unsigned long) tif->tif_row);
1360 tif->tif_rawdatasize = 0;
1361 return (0);
1362 }
1363 return (1);
1364 }
1365
1366 /*
1367 * Set state to appear as if a
1368 * strip has just been read in.
1369 */
1370 static int
TIFFStartStrip(TIFF * tif,uint32 strip)1371 TIFFStartStrip(TIFF* tif, uint32 strip)
1372 {
1373 TIFFDirectory *td = &tif->tif_dir;
1374
1375 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
1376 return 0;
1377
1378 if ((tif->tif_flags & TIFF_CODERSETUP) == 0) {
1379 if (!(*tif->tif_setupdecode)(tif))
1380 return (0);
1381 tif->tif_flags |= TIFF_CODERSETUP;
1382 }
1383 tif->tif_curstrip = strip;
1384 tif->tif_row = (strip % td->td_stripsperimage) * td->td_rowsperstrip;
1385 tif->tif_flags &= ~TIFF_BUF4WRITE;
1386
1387 if (tif->tif_flags&TIFF_NOREADRAW)
1388 {
1389 tif->tif_rawcp = NULL;
1390 tif->tif_rawcc = 0;
1391 }
1392 else
1393 {
1394 tif->tif_rawcp = tif->tif_rawdata;
1395 if( tif->tif_rawdataloaded > 0 )
1396 tif->tif_rawcc = tif->tif_rawdataloaded;
1397 else
1398 tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[strip];
1399 }
1400 return ((*tif->tif_predecode)(tif,
1401 (uint16)(strip / td->td_stripsperimage)));
1402 }
1403
1404 /*
1405 * Set state to appear as if a
1406 * tile has just been read in.
1407 */
1408 static int
TIFFStartTile(TIFF * tif,uint32 tile)1409 TIFFStartTile(TIFF* tif, uint32 tile)
1410 {
1411 static const char module[] = "TIFFStartTile";
1412 TIFFDirectory *td = &tif->tif_dir;
1413 uint32 howmany32;
1414
1415 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount)
1416 return 0;
1417
1418 if ((tif->tif_flags & TIFF_CODERSETUP) == 0) {
1419 if (!(*tif->tif_setupdecode)(tif))
1420 return (0);
1421 tif->tif_flags |= TIFF_CODERSETUP;
1422 }
1423 tif->tif_curtile = tile;
1424 howmany32=TIFFhowmany_32(td->td_imagewidth, td->td_tilewidth);
1425 if (howmany32 == 0) {
1426 TIFFErrorExt(tif->tif_clientdata,module,"Zero tiles");
1427 return 0;
1428 }
1429 tif->tif_row = (tile % howmany32) * td->td_tilelength;
1430 howmany32=TIFFhowmany_32(td->td_imagelength, td->td_tilelength);
1431 if (howmany32 == 0) {
1432 TIFFErrorExt(tif->tif_clientdata,module,"Zero tiles");
1433 return 0;
1434 }
1435 tif->tif_col = (tile % howmany32) * td->td_tilewidth;
1436 tif->tif_flags &= ~TIFF_BUF4WRITE;
1437 if (tif->tif_flags&TIFF_NOREADRAW)
1438 {
1439 tif->tif_rawcp = NULL;
1440 tif->tif_rawcc = 0;
1441 }
1442 else
1443 {
1444 tif->tif_rawcp = tif->tif_rawdata;
1445 tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[tile];
1446 }
1447 return ((*tif->tif_predecode)(tif,
1448 (uint16)(tile/td->td_stripsperimage)));
1449 }
1450
1451 static int
TIFFCheckRead(TIFF * tif,int tiles)1452 TIFFCheckRead(TIFF* tif, int tiles)
1453 {
1454 if (tif->tif_mode == O_WRONLY) {
1455 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "File not open for reading");
1456 return (0);
1457 }
1458 if (tiles ^ isTiled(tif)) {
1459 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, tiles ?
1460 "Can not read tiles from a stripped image" :
1461 "Can not read scanlines from a tiled image");
1462 return (0);
1463 }
1464 return (1);
1465 }
1466
1467 void
_TIFFNoPostDecode(TIFF * tif,uint8 * buf,tmsize_t cc)1468 _TIFFNoPostDecode(TIFF* tif, uint8* buf, tmsize_t cc)
1469 {
1470 (void) tif; (void) buf; (void) cc;
1471 }
1472
1473 void
_TIFFSwab16BitData(TIFF * tif,uint8 * buf,tmsize_t cc)1474 _TIFFSwab16BitData(TIFF* tif, uint8* buf, tmsize_t cc)
1475 {
1476 (void) tif;
1477 assert((cc & 1) == 0);
1478 TIFFSwabArrayOfShort((uint16*) buf, cc/2);
1479 }
1480
1481 void
_TIFFSwab24BitData(TIFF * tif,uint8 * buf,tmsize_t cc)1482 _TIFFSwab24BitData(TIFF* tif, uint8* buf, tmsize_t cc)
1483 {
1484 (void) tif;
1485 assert((cc % 3) == 0);
1486 TIFFSwabArrayOfTriples((uint8*) buf, cc/3);
1487 }
1488
1489 void
_TIFFSwab32BitData(TIFF * tif,uint8 * buf,tmsize_t cc)1490 _TIFFSwab32BitData(TIFF* tif, uint8* buf, tmsize_t cc)
1491 {
1492 (void) tif;
1493 assert((cc & 3) == 0);
1494 TIFFSwabArrayOfLong((uint32*) buf, cc/4);
1495 }
1496
1497 void
_TIFFSwab64BitData(TIFF * tif,uint8 * buf,tmsize_t cc)1498 _TIFFSwab64BitData(TIFF* tif, uint8* buf, tmsize_t cc)
1499 {
1500 (void) tif;
1501 assert((cc & 7) == 0);
1502 TIFFSwabArrayOfDouble((double*) buf, cc/8);
1503 }
1504
1505 /* vim: set ts=8 sts=8 sw=8 noet: */
1506 /*
1507 * Local Variables:
1508 * mode: c
1509 * c-basic-offset: 8
1510 * fill-column: 78
1511 * End:
1512 */
1513