1 /*
2 * Copyright (c) 1988-1997 Sam Leffler
3 * Copyright (c) 1991-1997 Silicon Graphics, Inc.
4 *
5 * Permission to use, copy, modify, distribute, and sell this software and
6 * its documentation for any purpose is hereby granted without fee, provided
7 * that (i) the above copyright notices and this permission notice appear in
8 * all copies of the software and related documentation, and (ii) the names of
9 * Sam Leffler and Silicon Graphics may not be used in any advertising or
10 * publicity relating to the software without the specific, prior written
11 * permission of Sam Leffler and Silicon Graphics.
12 *
13 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
14 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
15 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
16 *
17 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
18 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
19 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
20 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
21 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
22 * OF THIS SOFTWARE.
23 */
24
25 /*
26 * TIFF Library.
27 *
28 * Directory Read Support Routines.
29 */
30
31 /* Suggested pending improvements:
32 * - add a field 'field_info' to the TIFFDirEntry structure, and set that with
33 * the pointer to the appropriate TIFFField structure early on in
34 * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup.
35 */
36
37 #include "tiffiop.h"
38 #include <float.h>
39 #include <limits.h>
40 #include <stdlib.h>
41
42 #define FAILED_FII ((uint32) -1)
43
44 /*
45 * Largest 64-bit signed integer value.
46 */
47 #define TIFF_INT64_MAX ((int64)(TIFF_UINT64_MAX >> 1))
48
49 #ifdef HAVE_IEEEFP
50 # define TIFFCvtIEEEFloatToNative(tif, n, fp)
51 # define TIFFCvtIEEEDoubleToNative(tif, n, dp)
52 #else
53 extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32, float*);
54 extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32, double*);
55 #endif
56
57 enum TIFFReadDirEntryErr {
58 TIFFReadDirEntryErrOk = 0,
59 TIFFReadDirEntryErrCount = 1,
60 TIFFReadDirEntryErrType = 2,
61 TIFFReadDirEntryErrIo = 3,
62 TIFFReadDirEntryErrRange = 4,
63 TIFFReadDirEntryErrPsdif = 5,
64 TIFFReadDirEntryErrSizesan = 6,
65 TIFFReadDirEntryErrAlloc = 7,
66 };
67
68 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
69 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
70 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
71 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
72 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
73 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
74 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
75
76 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value);
77 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value);
78 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value);
79 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value);
80 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value);
81 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value);
82 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value);
83 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
84 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value);
85 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value);
86 static enum TIFFReadDirEntryErr TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value);
87 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
88
89 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
90 #if 0
91 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
92 #endif
93
94 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
95 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value);
96 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
97 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value);
98 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
99 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value);
100 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
101 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value);
102 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value);
103 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value);
104 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
105 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
106
107 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value);
108 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value);
109 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value);
110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value);
111 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value);
112 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value);
113 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value);
114
115 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value);
116 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value);
117 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value);
118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value);
119 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value);
120 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value);
121 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value);
122
123 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value);
124 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value);
125 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value);
126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value);
127 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value);
128 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value);
129
130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value);
131 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value);
132 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value);
133 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value);
134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value);
135
136 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value);
137 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value);
138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value);
139 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongLong8(uint64 value);
140 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong8(int64 value);
141
142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong(uint32 value);
143 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong8(uint64 value);
144 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongSlong8(int64 value);
145
146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value);
147 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sshort(int16 value);
148 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong(int32 value);
149 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong8(int64 value);
150
151 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value);
152
153 static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest);
154 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover);
155
156 static void TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
157 static TIFFDirEntry* TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid);
158 static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii);
159
160 static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
161 static void MissingRequired(TIFF*, const char*);
162 static int TIFFCheckDirOffset(TIFF* tif, uint64 diroff);
163 static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32);
164 static uint16 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, uint64* nextdiroff);
165 static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover);
166 static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp);
167 static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
168 static void ChopUpSingleUncompressedStrip(TIFF*);
169 static void TryChopUpUncompressedBigTiff(TIFF*);
170 static uint64 TIFFReadUInt64(const uint8 *value);
171 static int _TIFFGetMaxColorChannels(uint16 photometric);
172
173 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
174
175 typedef union _UInt64Aligned_t
176 {
177 double d;
178 uint64 l;
179 uint32 i[2];
180 uint16 s[4];
181 uint8 c[8];
182 } UInt64Aligned_t;
183
184 /*
185 Unaligned safe copy of a uint64 value from an octet array.
186 */
TIFFReadUInt64(const uint8 * value)187 static uint64 TIFFReadUInt64(const uint8 *value)
188 {
189 UInt64Aligned_t result;
190
191 result.c[0]=value[0];
192 result.c[1]=value[1];
193 result.c[2]=value[2];
194 result.c[3]=value[3];
195 result.c[4]=value[4];
196 result.c[5]=value[5];
197 result.c[6]=value[6];
198 result.c[7]=value[7];
199
200 return result.l;
201 }
202
TIFFReadDirEntryByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)203 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
204 {
205 enum TIFFReadDirEntryErr err;
206 if (direntry->tdir_count!=1)
207 return(TIFFReadDirEntryErrCount);
208 switch (direntry->tdir_type)
209 {
210 case TIFF_BYTE:
211 case TIFF_UNDEFINED: /* Support to read TIFF_UNDEFINED with field_readcount==1 */
212 TIFFReadDirEntryCheckedByte(tif,direntry,value);
213 return(TIFFReadDirEntryErrOk);
214 case TIFF_SBYTE:
215 {
216 int8 m;
217 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
218 err=TIFFReadDirEntryCheckRangeByteSbyte(m);
219 if (err!=TIFFReadDirEntryErrOk)
220 return(err);
221 *value=(uint8)m;
222 return(TIFFReadDirEntryErrOk);
223 }
224 case TIFF_SHORT:
225 {
226 uint16 m;
227 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
228 err=TIFFReadDirEntryCheckRangeByteShort(m);
229 if (err!=TIFFReadDirEntryErrOk)
230 return(err);
231 *value=(uint8)m;
232 return(TIFFReadDirEntryErrOk);
233 }
234 case TIFF_SSHORT:
235 {
236 int16 m;
237 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
238 err=TIFFReadDirEntryCheckRangeByteSshort(m);
239 if (err!=TIFFReadDirEntryErrOk)
240 return(err);
241 *value=(uint8)m;
242 return(TIFFReadDirEntryErrOk);
243 }
244 case TIFF_LONG:
245 {
246 uint32 m;
247 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
248 err=TIFFReadDirEntryCheckRangeByteLong(m);
249 if (err!=TIFFReadDirEntryErrOk)
250 return(err);
251 *value=(uint8)m;
252 return(TIFFReadDirEntryErrOk);
253 }
254 case TIFF_SLONG:
255 {
256 int32 m;
257 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
258 err=TIFFReadDirEntryCheckRangeByteSlong(m);
259 if (err!=TIFFReadDirEntryErrOk)
260 return(err);
261 *value=(uint8)m;
262 return(TIFFReadDirEntryErrOk);
263 }
264 case TIFF_LONG8:
265 {
266 uint64 m;
267 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
268 if (err!=TIFFReadDirEntryErrOk)
269 return(err);
270 err=TIFFReadDirEntryCheckRangeByteLong8(m);
271 if (err!=TIFFReadDirEntryErrOk)
272 return(err);
273 *value=(uint8)m;
274 return(TIFFReadDirEntryErrOk);
275 }
276 case TIFF_SLONG8:
277 {
278 int64 m;
279 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
280 if (err!=TIFFReadDirEntryErrOk)
281 return(err);
282 err=TIFFReadDirEntryCheckRangeByteSlong8(m);
283 if (err!=TIFFReadDirEntryErrOk)
284 return(err);
285 *value=(uint8)m;
286 return(TIFFReadDirEntryErrOk);
287 }
288 default:
289 return(TIFFReadDirEntryErrType);
290 }
291 }
292
TIFFReadDirEntryShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)293 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
294 {
295 enum TIFFReadDirEntryErr err;
296 if (direntry->tdir_count!=1)
297 return(TIFFReadDirEntryErrCount);
298 switch (direntry->tdir_type)
299 {
300 case TIFF_BYTE:
301 {
302 uint8 m;
303 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
304 *value=(uint16)m;
305 return(TIFFReadDirEntryErrOk);
306 }
307 case TIFF_SBYTE:
308 {
309 int8 m;
310 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
311 err=TIFFReadDirEntryCheckRangeShortSbyte(m);
312 if (err!=TIFFReadDirEntryErrOk)
313 return(err);
314 *value=(uint16)m;
315 return(TIFFReadDirEntryErrOk);
316 }
317 case TIFF_SHORT:
318 TIFFReadDirEntryCheckedShort(tif,direntry,value);
319 return(TIFFReadDirEntryErrOk);
320 case TIFF_SSHORT:
321 {
322 int16 m;
323 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
324 err=TIFFReadDirEntryCheckRangeShortSshort(m);
325 if (err!=TIFFReadDirEntryErrOk)
326 return(err);
327 *value=(uint16)m;
328 return(TIFFReadDirEntryErrOk);
329 }
330 case TIFF_LONG:
331 {
332 uint32 m;
333 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
334 err=TIFFReadDirEntryCheckRangeShortLong(m);
335 if (err!=TIFFReadDirEntryErrOk)
336 return(err);
337 *value=(uint16)m;
338 return(TIFFReadDirEntryErrOk);
339 }
340 case TIFF_SLONG:
341 {
342 int32 m;
343 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
344 err=TIFFReadDirEntryCheckRangeShortSlong(m);
345 if (err!=TIFFReadDirEntryErrOk)
346 return(err);
347 *value=(uint16)m;
348 return(TIFFReadDirEntryErrOk);
349 }
350 case TIFF_LONG8:
351 {
352 uint64 m;
353 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
354 if (err!=TIFFReadDirEntryErrOk)
355 return(err);
356 err=TIFFReadDirEntryCheckRangeShortLong8(m);
357 if (err!=TIFFReadDirEntryErrOk)
358 return(err);
359 *value=(uint16)m;
360 return(TIFFReadDirEntryErrOk);
361 }
362 case TIFF_SLONG8:
363 {
364 int64 m;
365 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
366 if (err!=TIFFReadDirEntryErrOk)
367 return(err);
368 err=TIFFReadDirEntryCheckRangeShortSlong8(m);
369 if (err!=TIFFReadDirEntryErrOk)
370 return(err);
371 *value=(uint16)m;
372 return(TIFFReadDirEntryErrOk);
373 }
374 default:
375 return(TIFFReadDirEntryErrType);
376 }
377 }
378
TIFFReadDirEntryLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)379 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
380 {
381 enum TIFFReadDirEntryErr err;
382 if (direntry->tdir_count!=1)
383 return(TIFFReadDirEntryErrCount);
384 switch (direntry->tdir_type)
385 {
386 case TIFF_BYTE:
387 {
388 uint8 m;
389 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
390 *value=(uint32)m;
391 return(TIFFReadDirEntryErrOk);
392 }
393 case TIFF_SBYTE:
394 {
395 int8 m;
396 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
397 err=TIFFReadDirEntryCheckRangeLongSbyte(m);
398 if (err!=TIFFReadDirEntryErrOk)
399 return(err);
400 *value=(uint32)m;
401 return(TIFFReadDirEntryErrOk);
402 }
403 case TIFF_SHORT:
404 {
405 uint16 m;
406 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
407 *value=(uint32)m;
408 return(TIFFReadDirEntryErrOk);
409 }
410 case TIFF_SSHORT:
411 {
412 int16 m;
413 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
414 err=TIFFReadDirEntryCheckRangeLongSshort(m);
415 if (err!=TIFFReadDirEntryErrOk)
416 return(err);
417 *value=(uint32)m;
418 return(TIFFReadDirEntryErrOk);
419 }
420 case TIFF_LONG:
421 TIFFReadDirEntryCheckedLong(tif,direntry,value);
422 return(TIFFReadDirEntryErrOk);
423 case TIFF_SLONG:
424 {
425 int32 m;
426 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
427 err=TIFFReadDirEntryCheckRangeLongSlong(m);
428 if (err!=TIFFReadDirEntryErrOk)
429 return(err);
430 *value=(uint32)m;
431 return(TIFFReadDirEntryErrOk);
432 }
433 case TIFF_LONG8:
434 {
435 uint64 m;
436 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
437 if (err!=TIFFReadDirEntryErrOk)
438 return(err);
439 err=TIFFReadDirEntryCheckRangeLongLong8(m);
440 if (err!=TIFFReadDirEntryErrOk)
441 return(err);
442 *value=(uint32)m;
443 return(TIFFReadDirEntryErrOk);
444 }
445 case TIFF_SLONG8:
446 {
447 int64 m;
448 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
449 if (err!=TIFFReadDirEntryErrOk)
450 return(err);
451 err=TIFFReadDirEntryCheckRangeLongSlong8(m);
452 if (err!=TIFFReadDirEntryErrOk)
453 return(err);
454 *value=(uint32)m;
455 return(TIFFReadDirEntryErrOk);
456 }
457 default:
458 return(TIFFReadDirEntryErrType);
459 }
460 }
461
TIFFReadDirEntryLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)462 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
463 {
464 enum TIFFReadDirEntryErr err;
465 if (direntry->tdir_count!=1)
466 return(TIFFReadDirEntryErrCount);
467 switch (direntry->tdir_type)
468 {
469 case TIFF_BYTE:
470 {
471 uint8 m;
472 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
473 *value=(uint64)m;
474 return(TIFFReadDirEntryErrOk);
475 }
476 case TIFF_SBYTE:
477 {
478 int8 m;
479 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
480 err=TIFFReadDirEntryCheckRangeLong8Sbyte(m);
481 if (err!=TIFFReadDirEntryErrOk)
482 return(err);
483 *value=(uint64)m;
484 return(TIFFReadDirEntryErrOk);
485 }
486 case TIFF_SHORT:
487 {
488 uint16 m;
489 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
490 *value=(uint64)m;
491 return(TIFFReadDirEntryErrOk);
492 }
493 case TIFF_SSHORT:
494 {
495 int16 m;
496 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
497 err=TIFFReadDirEntryCheckRangeLong8Sshort(m);
498 if (err!=TIFFReadDirEntryErrOk)
499 return(err);
500 *value=(uint64)m;
501 return(TIFFReadDirEntryErrOk);
502 }
503 case TIFF_LONG:
504 {
505 uint32 m;
506 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
507 *value=(uint64)m;
508 return(TIFFReadDirEntryErrOk);
509 }
510 case TIFF_SLONG:
511 {
512 int32 m;
513 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
514 err=TIFFReadDirEntryCheckRangeLong8Slong(m);
515 if (err!=TIFFReadDirEntryErrOk)
516 return(err);
517 *value=(uint64)m;
518 return(TIFFReadDirEntryErrOk);
519 }
520 case TIFF_LONG8:
521 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
522 return(err);
523 case TIFF_SLONG8:
524 {
525 int64 m;
526 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
527 if (err!=TIFFReadDirEntryErrOk)
528 return(err);
529 err=TIFFReadDirEntryCheckRangeLong8Slong8(m);
530 if (err!=TIFFReadDirEntryErrOk)
531 return(err);
532 *value=(uint64)m;
533 return(TIFFReadDirEntryErrOk);
534 }
535 default:
536 return(TIFFReadDirEntryErrType);
537 }
538 }
539
TIFFReadDirEntryFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)540 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
541 {
542 enum TIFFReadDirEntryErr err;
543 if (direntry->tdir_count!=1)
544 return(TIFFReadDirEntryErrCount);
545 switch (direntry->tdir_type)
546 {
547 case TIFF_BYTE:
548 {
549 uint8 m;
550 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
551 *value=(float)m;
552 return(TIFFReadDirEntryErrOk);
553 }
554 case TIFF_SBYTE:
555 {
556 int8 m;
557 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
558 *value=(float)m;
559 return(TIFFReadDirEntryErrOk);
560 }
561 case TIFF_SHORT:
562 {
563 uint16 m;
564 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
565 *value=(float)m;
566 return(TIFFReadDirEntryErrOk);
567 }
568 case TIFF_SSHORT:
569 {
570 int16 m;
571 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
572 *value=(float)m;
573 return(TIFFReadDirEntryErrOk);
574 }
575 case TIFF_LONG:
576 {
577 uint32 m;
578 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
579 *value=(float)m;
580 return(TIFFReadDirEntryErrOk);
581 }
582 case TIFF_SLONG:
583 {
584 int32 m;
585 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
586 *value=(float)m;
587 return(TIFFReadDirEntryErrOk);
588 }
589 case TIFF_LONG8:
590 {
591 uint64 m;
592 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
593 if (err!=TIFFReadDirEntryErrOk)
594 return(err);
595 #if defined(__WIN32__) && (_MSC_VER < 1500)
596 /*
597 * XXX: MSVC 6.0 does not support conversion
598 * of 64-bit integers into floating point
599 * values.
600 */
601 *value = _TIFFUInt64ToFloat(m);
602 #else
603 *value=(float)m;
604 #endif
605 return(TIFFReadDirEntryErrOk);
606 }
607 case TIFF_SLONG8:
608 {
609 int64 m;
610 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
611 if (err!=TIFFReadDirEntryErrOk)
612 return(err);
613 *value=(float)m;
614 return(TIFFReadDirEntryErrOk);
615 }
616 case TIFF_RATIONAL:
617 {
618 double m;
619 err=TIFFReadDirEntryCheckedRational(tif,direntry,&m);
620 if (err!=TIFFReadDirEntryErrOk)
621 return(err);
622 *value=(float)m;
623 return(TIFFReadDirEntryErrOk);
624 }
625 case TIFF_SRATIONAL:
626 {
627 double m;
628 err=TIFFReadDirEntryCheckedSrational(tif,direntry,&m);
629 if (err!=TIFFReadDirEntryErrOk)
630 return(err);
631 *value=(float)m;
632 return(TIFFReadDirEntryErrOk);
633 }
634 case TIFF_FLOAT:
635 TIFFReadDirEntryCheckedFloat(tif,direntry,value);
636 return(TIFFReadDirEntryErrOk);
637 case TIFF_DOUBLE:
638 {
639 double m;
640 err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m);
641 if (err!=TIFFReadDirEntryErrOk)
642 return(err);
643 if ((m > FLT_MAX) || (m < FLT_MIN))
644 return(TIFFReadDirEntryErrRange);
645 *value=(float)m;
646 return(TIFFReadDirEntryErrOk);
647 }
648 default:
649 return(TIFFReadDirEntryErrType);
650 }
651 }
652
TIFFReadDirEntryDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)653 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
654 {
655 enum TIFFReadDirEntryErr err;
656 if (direntry->tdir_count!=1)
657 return(TIFFReadDirEntryErrCount);
658 switch (direntry->tdir_type)
659 {
660 case TIFF_BYTE:
661 {
662 uint8 m;
663 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
664 *value=(double)m;
665 return(TIFFReadDirEntryErrOk);
666 }
667 case TIFF_SBYTE:
668 {
669 int8 m;
670 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
671 *value=(double)m;
672 return(TIFFReadDirEntryErrOk);
673 }
674 case TIFF_SHORT:
675 {
676 uint16 m;
677 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
678 *value=(double)m;
679 return(TIFFReadDirEntryErrOk);
680 }
681 case TIFF_SSHORT:
682 {
683 int16 m;
684 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
685 *value=(double)m;
686 return(TIFFReadDirEntryErrOk);
687 }
688 case TIFF_LONG:
689 {
690 uint32 m;
691 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
692 *value=(double)m;
693 return(TIFFReadDirEntryErrOk);
694 }
695 case TIFF_SLONG:
696 {
697 int32 m;
698 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
699 *value=(double)m;
700 return(TIFFReadDirEntryErrOk);
701 }
702 case TIFF_LONG8:
703 {
704 uint64 m;
705 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
706 if (err!=TIFFReadDirEntryErrOk)
707 return(err);
708 #if defined(__WIN32__) && (_MSC_VER < 1500)
709 /*
710 * XXX: MSVC 6.0 does not support conversion
711 * of 64-bit integers into floating point
712 * values.
713 */
714 *value = _TIFFUInt64ToDouble(m);
715 #else
716 *value = (double)m;
717 #endif
718 return(TIFFReadDirEntryErrOk);
719 }
720 case TIFF_SLONG8:
721 {
722 int64 m;
723 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
724 if (err!=TIFFReadDirEntryErrOk)
725 return(err);
726 *value=(double)m;
727 return(TIFFReadDirEntryErrOk);
728 }
729 case TIFF_RATIONAL:
730 err=TIFFReadDirEntryCheckedRational(tif,direntry,value);
731 return(err);
732 case TIFF_SRATIONAL:
733 err=TIFFReadDirEntryCheckedSrational(tif,direntry,value);
734 return(err);
735 case TIFF_FLOAT:
736 {
737 float m;
738 TIFFReadDirEntryCheckedFloat(tif,direntry,&m);
739 *value=(double)m;
740 return(TIFFReadDirEntryErrOk);
741 }
742 case TIFF_DOUBLE:
743 err=TIFFReadDirEntryCheckedDouble(tif,direntry,value);
744 return(err);
745 default:
746 return(TIFFReadDirEntryErrType);
747 }
748 }
749
TIFFReadDirEntryIfd8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)750 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
751 {
752 enum TIFFReadDirEntryErr err;
753 if (direntry->tdir_count!=1)
754 return(TIFFReadDirEntryErrCount);
755 switch (direntry->tdir_type)
756 {
757 case TIFF_LONG:
758 case TIFF_IFD:
759 {
760 uint32 m;
761 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
762 *value=(uint64)m;
763 return(TIFFReadDirEntryErrOk);
764 }
765 case TIFF_LONG8:
766 case TIFF_IFD8:
767 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
768 return(err);
769 default:
770 return(TIFFReadDirEntryErrType);
771 }
772 }
773
774
775 #define INITIAL_THRESHOLD (1024 * 1024)
776 #define THRESHOLD_MULTIPLIER 10
777 #define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD)
778
TIFFReadDirEntryDataAndRealloc(TIFF * tif,uint64 offset,tmsize_t size,void ** pdest)779 static enum TIFFReadDirEntryErr TIFFReadDirEntryDataAndRealloc(
780 TIFF* tif, uint64 offset, tmsize_t size, void** pdest)
781 {
782 #if SIZEOF_SIZE_T == 8
783 tmsize_t threshold = INITIAL_THRESHOLD;
784 #endif
785 tmsize_t already_read = 0;
786
787 assert( !isMapped(tif) );
788
789 if (!SeekOK(tif,offset))
790 return(TIFFReadDirEntryErrIo);
791
792 /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */
793 /* so as to avoid allocating too much memory in case the file is too */
794 /* short. We could ask for the file size, but this might be */
795 /* expensive with some I/O layers (think of reading a gzipped file) */
796 /* Restrict to 64 bit processes, so as to avoid reallocs() */
797 /* on 32 bit processes where virtual memory is scarce. */
798 while( already_read < size )
799 {
800 void* new_dest;
801 tmsize_t bytes_read;
802 tmsize_t to_read = size - already_read;
803 #if SIZEOF_SIZE_T == 8
804 if( to_read >= threshold && threshold < MAX_THRESHOLD )
805 {
806 to_read = threshold;
807 threshold *= THRESHOLD_MULTIPLIER;
808 }
809 #endif
810
811 new_dest = (uint8*) _TIFFrealloc(
812 *pdest, already_read + to_read);
813 if( new_dest == NULL )
814 {
815 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
816 "Failed to allocate memory for %s "
817 "(%ld elements of %ld bytes each)",
818 "TIFFReadDirEntryArray",
819 (long) 1, (long) (already_read + to_read));
820 return TIFFReadDirEntryErrAlloc;
821 }
822 *pdest = new_dest;
823
824 bytes_read = TIFFReadFile(tif,
825 (char*)*pdest + already_read, to_read);
826 already_read += bytes_read;
827 if (bytes_read != to_read) {
828 return TIFFReadDirEntryErrIo;
829 }
830 }
831 return TIFFReadDirEntryErrOk;
832 }
833
TIFFReadDirEntryArrayWithLimit(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value,uint64 maxcount)834 static enum TIFFReadDirEntryErr TIFFReadDirEntryArrayWithLimit(
835 TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize,
836 void** value, uint64 maxcount)
837 {
838 int typesize;
839 uint32 datasize;
840 void* data;
841 uint64 target_count64;
842 typesize=TIFFDataWidth(direntry->tdir_type);
843
844 target_count64 = (direntry->tdir_count > maxcount) ?
845 maxcount : direntry->tdir_count;
846
847 if ((target_count64==0)||(typesize==0))
848 {
849 *value=0;
850 return(TIFFReadDirEntryErrOk);
851 }
852 (void) desttypesize;
853
854 /*
855 * As a sanity check, make sure we have no more than a 2GB tag array
856 * in either the current data type or the dest data type. This also
857 * avoids problems with overflow of tmsize_t on 32bit systems.
858 */
859 if ((uint64)(2147483647/typesize)<target_count64)
860 return(TIFFReadDirEntryErrSizesan);
861 if ((uint64)(2147483647/desttypesize)<target_count64)
862 return(TIFFReadDirEntryErrSizesan);
863
864 *count=(uint32)target_count64;
865 datasize=(*count)*typesize;
866 assert((tmsize_t)datasize>0);
867
868 if( isMapped(tif) && datasize > (uint32)tif->tif_size )
869 return TIFFReadDirEntryErrIo;
870
871 if( !isMapped(tif) &&
872 (((tif->tif_flags&TIFF_BIGTIFF) && datasize > 8) ||
873 (!(tif->tif_flags&TIFF_BIGTIFF) && datasize > 4)) )
874 {
875 data = NULL;
876 }
877 else
878 {
879 data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
880 if (data==0)
881 return(TIFFReadDirEntryErrAlloc);
882 }
883 if (!(tif->tif_flags&TIFF_BIGTIFF))
884 {
885 if (datasize<=4)
886 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
887 else
888 {
889 enum TIFFReadDirEntryErr err;
890 uint32 offset = direntry->tdir_offset.toff_long;
891 if (tif->tif_flags&TIFF_SWAB)
892 TIFFSwabLong(&offset);
893 if( isMapped(tif) )
894 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
895 else
896 err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data);
897 if (err!=TIFFReadDirEntryErrOk)
898 {
899 _TIFFfree(data);
900 return(err);
901 }
902 }
903 }
904 else
905 {
906 if (datasize<=8)
907 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
908 else
909 {
910 enum TIFFReadDirEntryErr err;
911 uint64 offset = direntry->tdir_offset.toff_long8;
912 if (tif->tif_flags&TIFF_SWAB)
913 TIFFSwabLong8(&offset);
914 if( isMapped(tif) )
915 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
916 else
917 err=TIFFReadDirEntryDataAndRealloc(tif,(uint64)offset,(tmsize_t)datasize,&data);
918 if (err!=TIFFReadDirEntryErrOk)
919 {
920 _TIFFfree(data);
921 return(err);
922 }
923 }
924 }
925 *value=data;
926 return(TIFFReadDirEntryErrOk);
927 }
928
TIFFReadDirEntryArray(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value)929 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value)
930 {
931 return TIFFReadDirEntryArrayWithLimit(tif, direntry, count,
932 desttypesize, value, ~((uint64)0));
933 }
934
TIFFReadDirEntryByteArray(TIFF * tif,TIFFDirEntry * direntry,uint8 ** value)935 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value)
936 {
937 enum TIFFReadDirEntryErr err;
938 uint32 count;
939 void* origdata;
940 uint8* data;
941 switch (direntry->tdir_type)
942 {
943 case TIFF_ASCII:
944 case TIFF_UNDEFINED:
945 case TIFF_BYTE:
946 case TIFF_SBYTE:
947 case TIFF_SHORT:
948 case TIFF_SSHORT:
949 case TIFF_LONG:
950 case TIFF_SLONG:
951 case TIFF_LONG8:
952 case TIFF_SLONG8:
953 break;
954 default:
955 return(TIFFReadDirEntryErrType);
956 }
957 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
958 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
959 {
960 *value=0;
961 return(err);
962 }
963 switch (direntry->tdir_type)
964 {
965 case TIFF_ASCII:
966 case TIFF_UNDEFINED:
967 case TIFF_BYTE:
968 *value=(uint8*)origdata;
969 return(TIFFReadDirEntryErrOk);
970 case TIFF_SBYTE:
971 {
972 int8* m;
973 uint32 n;
974 m=(int8*)origdata;
975 for (n=0; n<count; n++)
976 {
977 err=TIFFReadDirEntryCheckRangeByteSbyte(*m);
978 if (err!=TIFFReadDirEntryErrOk)
979 {
980 _TIFFfree(origdata);
981 return(err);
982 }
983 m++;
984 }
985 *value=(uint8*)origdata;
986 return(TIFFReadDirEntryErrOk);
987 }
988 }
989 data=(uint8*)_TIFFmalloc(count);
990 if (data==0)
991 {
992 _TIFFfree(origdata);
993 return(TIFFReadDirEntryErrAlloc);
994 }
995 switch (direntry->tdir_type)
996 {
997 case TIFF_SHORT:
998 {
999 uint16* ma;
1000 uint8* mb;
1001 uint32 n;
1002 ma=(uint16*)origdata;
1003 mb=data;
1004 for (n=0; n<count; n++)
1005 {
1006 if (tif->tif_flags&TIFF_SWAB)
1007 TIFFSwabShort(ma);
1008 err=TIFFReadDirEntryCheckRangeByteShort(*ma);
1009 if (err!=TIFFReadDirEntryErrOk)
1010 break;
1011 *mb++=(uint8)(*ma++);
1012 }
1013 }
1014 break;
1015 case TIFF_SSHORT:
1016 {
1017 int16* ma;
1018 uint8* mb;
1019 uint32 n;
1020 ma=(int16*)origdata;
1021 mb=data;
1022 for (n=0; n<count; n++)
1023 {
1024 if (tif->tif_flags&TIFF_SWAB)
1025 TIFFSwabShort((uint16*)ma);
1026 err=TIFFReadDirEntryCheckRangeByteSshort(*ma);
1027 if (err!=TIFFReadDirEntryErrOk)
1028 break;
1029 *mb++=(uint8)(*ma++);
1030 }
1031 }
1032 break;
1033 case TIFF_LONG:
1034 {
1035 uint32* ma;
1036 uint8* mb;
1037 uint32 n;
1038 ma=(uint32*)origdata;
1039 mb=data;
1040 for (n=0; n<count; n++)
1041 {
1042 if (tif->tif_flags&TIFF_SWAB)
1043 TIFFSwabLong(ma);
1044 err=TIFFReadDirEntryCheckRangeByteLong(*ma);
1045 if (err!=TIFFReadDirEntryErrOk)
1046 break;
1047 *mb++=(uint8)(*ma++);
1048 }
1049 }
1050 break;
1051 case TIFF_SLONG:
1052 {
1053 int32* ma;
1054 uint8* mb;
1055 uint32 n;
1056 ma=(int32*)origdata;
1057 mb=data;
1058 for (n=0; n<count; n++)
1059 {
1060 if (tif->tif_flags&TIFF_SWAB)
1061 TIFFSwabLong((uint32*)ma);
1062 err=TIFFReadDirEntryCheckRangeByteSlong(*ma);
1063 if (err!=TIFFReadDirEntryErrOk)
1064 break;
1065 *mb++=(uint8)(*ma++);
1066 }
1067 }
1068 break;
1069 case TIFF_LONG8:
1070 {
1071 uint64* ma;
1072 uint8* mb;
1073 uint32 n;
1074 ma=(uint64*)origdata;
1075 mb=data;
1076 for (n=0; n<count; n++)
1077 {
1078 if (tif->tif_flags&TIFF_SWAB)
1079 TIFFSwabLong8(ma);
1080 err=TIFFReadDirEntryCheckRangeByteLong8(*ma);
1081 if (err!=TIFFReadDirEntryErrOk)
1082 break;
1083 *mb++=(uint8)(*ma++);
1084 }
1085 }
1086 break;
1087 case TIFF_SLONG8:
1088 {
1089 int64* ma;
1090 uint8* mb;
1091 uint32 n;
1092 ma=(int64*)origdata;
1093 mb=data;
1094 for (n=0; n<count; n++)
1095 {
1096 if (tif->tif_flags&TIFF_SWAB)
1097 TIFFSwabLong8((uint64*)ma);
1098 err=TIFFReadDirEntryCheckRangeByteSlong8(*ma);
1099 if (err!=TIFFReadDirEntryErrOk)
1100 break;
1101 *mb++=(uint8)(*ma++);
1102 }
1103 }
1104 break;
1105 }
1106 _TIFFfree(origdata);
1107 if (err!=TIFFReadDirEntryErrOk)
1108 {
1109 _TIFFfree(data);
1110 return(err);
1111 }
1112 *value=data;
1113 return(TIFFReadDirEntryErrOk);
1114 }
1115
TIFFReadDirEntrySbyteArray(TIFF * tif,TIFFDirEntry * direntry,int8 ** value)1116 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value)
1117 {
1118 enum TIFFReadDirEntryErr err;
1119 uint32 count;
1120 void* origdata;
1121 int8* data;
1122 switch (direntry->tdir_type)
1123 {
1124 case TIFF_UNDEFINED:
1125 case TIFF_BYTE:
1126 case TIFF_SBYTE:
1127 case TIFF_SHORT:
1128 case TIFF_SSHORT:
1129 case TIFF_LONG:
1130 case TIFF_SLONG:
1131 case TIFF_LONG8:
1132 case TIFF_SLONG8:
1133 break;
1134 default:
1135 return(TIFFReadDirEntryErrType);
1136 }
1137 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
1138 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1139 {
1140 *value=0;
1141 return(err);
1142 }
1143 switch (direntry->tdir_type)
1144 {
1145 case TIFF_UNDEFINED:
1146 case TIFF_BYTE:
1147 {
1148 uint8* m;
1149 uint32 n;
1150 m=(uint8*)origdata;
1151 for (n=0; n<count; n++)
1152 {
1153 err=TIFFReadDirEntryCheckRangeSbyteByte(*m);
1154 if (err!=TIFFReadDirEntryErrOk)
1155 {
1156 _TIFFfree(origdata);
1157 return(err);
1158 }
1159 m++;
1160 }
1161 *value=(int8*)origdata;
1162 return(TIFFReadDirEntryErrOk);
1163 }
1164 case TIFF_SBYTE:
1165 *value=(int8*)origdata;
1166 return(TIFFReadDirEntryErrOk);
1167 }
1168 data=(int8*)_TIFFmalloc(count);
1169 if (data==0)
1170 {
1171 _TIFFfree(origdata);
1172 return(TIFFReadDirEntryErrAlloc);
1173 }
1174 switch (direntry->tdir_type)
1175 {
1176 case TIFF_SHORT:
1177 {
1178 uint16* ma;
1179 int8* mb;
1180 uint32 n;
1181 ma=(uint16*)origdata;
1182 mb=data;
1183 for (n=0; n<count; n++)
1184 {
1185 if (tif->tif_flags&TIFF_SWAB)
1186 TIFFSwabShort(ma);
1187 err=TIFFReadDirEntryCheckRangeSbyteShort(*ma);
1188 if (err!=TIFFReadDirEntryErrOk)
1189 break;
1190 *mb++=(int8)(*ma++);
1191 }
1192 }
1193 break;
1194 case TIFF_SSHORT:
1195 {
1196 int16* ma;
1197 int8* mb;
1198 uint32 n;
1199 ma=(int16*)origdata;
1200 mb=data;
1201 for (n=0; n<count; n++)
1202 {
1203 if (tif->tif_flags&TIFF_SWAB)
1204 TIFFSwabShort((uint16*)ma);
1205 err=TIFFReadDirEntryCheckRangeSbyteSshort(*ma);
1206 if (err!=TIFFReadDirEntryErrOk)
1207 break;
1208 *mb++=(int8)(*ma++);
1209 }
1210 }
1211 break;
1212 case TIFF_LONG:
1213 {
1214 uint32* ma;
1215 int8* mb;
1216 uint32 n;
1217 ma=(uint32*)origdata;
1218 mb=data;
1219 for (n=0; n<count; n++)
1220 {
1221 if (tif->tif_flags&TIFF_SWAB)
1222 TIFFSwabLong(ma);
1223 err=TIFFReadDirEntryCheckRangeSbyteLong(*ma);
1224 if (err!=TIFFReadDirEntryErrOk)
1225 break;
1226 *mb++=(int8)(*ma++);
1227 }
1228 }
1229 break;
1230 case TIFF_SLONG:
1231 {
1232 int32* ma;
1233 int8* mb;
1234 uint32 n;
1235 ma=(int32*)origdata;
1236 mb=data;
1237 for (n=0; n<count; n++)
1238 {
1239 if (tif->tif_flags&TIFF_SWAB)
1240 TIFFSwabLong((uint32*)ma);
1241 err=TIFFReadDirEntryCheckRangeSbyteSlong(*ma);
1242 if (err!=TIFFReadDirEntryErrOk)
1243 break;
1244 *mb++=(int8)(*ma++);
1245 }
1246 }
1247 break;
1248 case TIFF_LONG8:
1249 {
1250 uint64* ma;
1251 int8* mb;
1252 uint32 n;
1253 ma=(uint64*)origdata;
1254 mb=data;
1255 for (n=0; n<count; n++)
1256 {
1257 if (tif->tif_flags&TIFF_SWAB)
1258 TIFFSwabLong8(ma);
1259 err=TIFFReadDirEntryCheckRangeSbyteLong8(*ma);
1260 if (err!=TIFFReadDirEntryErrOk)
1261 break;
1262 *mb++=(int8)(*ma++);
1263 }
1264 }
1265 break;
1266 case TIFF_SLONG8:
1267 {
1268 int64* ma;
1269 int8* mb;
1270 uint32 n;
1271 ma=(int64*)origdata;
1272 mb=data;
1273 for (n=0; n<count; n++)
1274 {
1275 if (tif->tif_flags&TIFF_SWAB)
1276 TIFFSwabLong8((uint64*)ma);
1277 err=TIFFReadDirEntryCheckRangeSbyteSlong8(*ma);
1278 if (err!=TIFFReadDirEntryErrOk)
1279 break;
1280 *mb++=(int8)(*ma++);
1281 }
1282 }
1283 break;
1284 }
1285 _TIFFfree(origdata);
1286 if (err!=TIFFReadDirEntryErrOk)
1287 {
1288 _TIFFfree(data);
1289 return(err);
1290 }
1291 *value=data;
1292 return(TIFFReadDirEntryErrOk);
1293 }
1294
TIFFReadDirEntryShortArray(TIFF * tif,TIFFDirEntry * direntry,uint16 ** value)1295 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value)
1296 {
1297 enum TIFFReadDirEntryErr err;
1298 uint32 count;
1299 void* origdata;
1300 uint16* data;
1301 switch (direntry->tdir_type)
1302 {
1303 case TIFF_BYTE:
1304 case TIFF_SBYTE:
1305 case TIFF_SHORT:
1306 case TIFF_SSHORT:
1307 case TIFF_LONG:
1308 case TIFF_SLONG:
1309 case TIFF_LONG8:
1310 case TIFF_SLONG8:
1311 break;
1312 default:
1313 return(TIFFReadDirEntryErrType);
1314 }
1315 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1316 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1317 {
1318 *value=0;
1319 return(err);
1320 }
1321 switch (direntry->tdir_type)
1322 {
1323 case TIFF_SHORT:
1324 *value=(uint16*)origdata;
1325 if (tif->tif_flags&TIFF_SWAB)
1326 TIFFSwabArrayOfShort(*value,count);
1327 return(TIFFReadDirEntryErrOk);
1328 case TIFF_SSHORT:
1329 {
1330 int16* m;
1331 uint32 n;
1332 m=(int16*)origdata;
1333 for (n=0; n<count; n++)
1334 {
1335 if (tif->tif_flags&TIFF_SWAB)
1336 TIFFSwabShort((uint16*)m);
1337 err=TIFFReadDirEntryCheckRangeShortSshort(*m);
1338 if (err!=TIFFReadDirEntryErrOk)
1339 {
1340 _TIFFfree(origdata);
1341 return(err);
1342 }
1343 m++;
1344 }
1345 *value=(uint16*)origdata;
1346 return(TIFFReadDirEntryErrOk);
1347 }
1348 }
1349 data=(uint16*)_TIFFmalloc(count*2);
1350 if (data==0)
1351 {
1352 _TIFFfree(origdata);
1353 return(TIFFReadDirEntryErrAlloc);
1354 }
1355 switch (direntry->tdir_type)
1356 {
1357 case TIFF_BYTE:
1358 {
1359 uint8* ma;
1360 uint16* mb;
1361 uint32 n;
1362 ma=(uint8*)origdata;
1363 mb=data;
1364 for (n=0; n<count; n++)
1365 *mb++=(uint16)(*ma++);
1366 }
1367 break;
1368 case TIFF_SBYTE:
1369 {
1370 int8* ma;
1371 uint16* mb;
1372 uint32 n;
1373 ma=(int8*)origdata;
1374 mb=data;
1375 for (n=0; n<count; n++)
1376 {
1377 err=TIFFReadDirEntryCheckRangeShortSbyte(*ma);
1378 if (err!=TIFFReadDirEntryErrOk)
1379 break;
1380 *mb++=(uint16)(*ma++);
1381 }
1382 }
1383 break;
1384 case TIFF_LONG:
1385 {
1386 uint32* ma;
1387 uint16* mb;
1388 uint32 n;
1389 ma=(uint32*)origdata;
1390 mb=data;
1391 for (n=0; n<count; n++)
1392 {
1393 if (tif->tif_flags&TIFF_SWAB)
1394 TIFFSwabLong(ma);
1395 err=TIFFReadDirEntryCheckRangeShortLong(*ma);
1396 if (err!=TIFFReadDirEntryErrOk)
1397 break;
1398 *mb++=(uint16)(*ma++);
1399 }
1400 }
1401 break;
1402 case TIFF_SLONG:
1403 {
1404 int32* ma;
1405 uint16* mb;
1406 uint32 n;
1407 ma=(int32*)origdata;
1408 mb=data;
1409 for (n=0; n<count; n++)
1410 {
1411 if (tif->tif_flags&TIFF_SWAB)
1412 TIFFSwabLong((uint32*)ma);
1413 err=TIFFReadDirEntryCheckRangeShortSlong(*ma);
1414 if (err!=TIFFReadDirEntryErrOk)
1415 break;
1416 *mb++=(uint16)(*ma++);
1417 }
1418 }
1419 break;
1420 case TIFF_LONG8:
1421 {
1422 uint64* ma;
1423 uint16* mb;
1424 uint32 n;
1425 ma=(uint64*)origdata;
1426 mb=data;
1427 for (n=0; n<count; n++)
1428 {
1429 if (tif->tif_flags&TIFF_SWAB)
1430 TIFFSwabLong8(ma);
1431 err=TIFFReadDirEntryCheckRangeShortLong8(*ma);
1432 if (err!=TIFFReadDirEntryErrOk)
1433 break;
1434 *mb++=(uint16)(*ma++);
1435 }
1436 }
1437 break;
1438 case TIFF_SLONG8:
1439 {
1440 int64* ma;
1441 uint16* mb;
1442 uint32 n;
1443 ma=(int64*)origdata;
1444 mb=data;
1445 for (n=0; n<count; n++)
1446 {
1447 if (tif->tif_flags&TIFF_SWAB)
1448 TIFFSwabLong8((uint64*)ma);
1449 err=TIFFReadDirEntryCheckRangeShortSlong8(*ma);
1450 if (err!=TIFFReadDirEntryErrOk)
1451 break;
1452 *mb++=(uint16)(*ma++);
1453 }
1454 }
1455 break;
1456 }
1457 _TIFFfree(origdata);
1458 if (err!=TIFFReadDirEntryErrOk)
1459 {
1460 _TIFFfree(data);
1461 return(err);
1462 }
1463 *value=data;
1464 return(TIFFReadDirEntryErrOk);
1465 }
1466
TIFFReadDirEntrySshortArray(TIFF * tif,TIFFDirEntry * direntry,int16 ** value)1467 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value)
1468 {
1469 enum TIFFReadDirEntryErr err;
1470 uint32 count;
1471 void* origdata;
1472 int16* data;
1473 switch (direntry->tdir_type)
1474 {
1475 case TIFF_BYTE:
1476 case TIFF_SBYTE:
1477 case TIFF_SHORT:
1478 case TIFF_SSHORT:
1479 case TIFF_LONG:
1480 case TIFF_SLONG:
1481 case TIFF_LONG8:
1482 case TIFF_SLONG8:
1483 break;
1484 default:
1485 return(TIFFReadDirEntryErrType);
1486 }
1487 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1488 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1489 {
1490 *value=0;
1491 return(err);
1492 }
1493 switch (direntry->tdir_type)
1494 {
1495 case TIFF_SHORT:
1496 {
1497 uint16* m;
1498 uint32 n;
1499 m=(uint16*)origdata;
1500 for (n=0; n<count; n++)
1501 {
1502 if (tif->tif_flags&TIFF_SWAB)
1503 TIFFSwabShort(m);
1504 err=TIFFReadDirEntryCheckRangeSshortShort(*m);
1505 if (err!=TIFFReadDirEntryErrOk)
1506 {
1507 _TIFFfree(origdata);
1508 return(err);
1509 }
1510 m++;
1511 }
1512 *value=(int16*)origdata;
1513 return(TIFFReadDirEntryErrOk);
1514 }
1515 case TIFF_SSHORT:
1516 *value=(int16*)origdata;
1517 if (tif->tif_flags&TIFF_SWAB)
1518 TIFFSwabArrayOfShort((uint16*)(*value),count);
1519 return(TIFFReadDirEntryErrOk);
1520 }
1521 data=(int16*)_TIFFmalloc(count*2);
1522 if (data==0)
1523 {
1524 _TIFFfree(origdata);
1525 return(TIFFReadDirEntryErrAlloc);
1526 }
1527 switch (direntry->tdir_type)
1528 {
1529 case TIFF_BYTE:
1530 {
1531 uint8* ma;
1532 int16* mb;
1533 uint32 n;
1534 ma=(uint8*)origdata;
1535 mb=data;
1536 for (n=0; n<count; n++)
1537 *mb++=(int16)(*ma++);
1538 }
1539 break;
1540 case TIFF_SBYTE:
1541 {
1542 int8* ma;
1543 int16* mb;
1544 uint32 n;
1545 ma=(int8*)origdata;
1546 mb=data;
1547 for (n=0; n<count; n++)
1548 *mb++=(int16)(*ma++);
1549 }
1550 break;
1551 case TIFF_LONG:
1552 {
1553 uint32* ma;
1554 int16* mb;
1555 uint32 n;
1556 ma=(uint32*)origdata;
1557 mb=data;
1558 for (n=0; n<count; n++)
1559 {
1560 if (tif->tif_flags&TIFF_SWAB)
1561 TIFFSwabLong(ma);
1562 err=TIFFReadDirEntryCheckRangeSshortLong(*ma);
1563 if (err!=TIFFReadDirEntryErrOk)
1564 break;
1565 *mb++=(int16)(*ma++);
1566 }
1567 }
1568 break;
1569 case TIFF_SLONG:
1570 {
1571 int32* ma;
1572 int16* mb;
1573 uint32 n;
1574 ma=(int32*)origdata;
1575 mb=data;
1576 for (n=0; n<count; n++)
1577 {
1578 if (tif->tif_flags&TIFF_SWAB)
1579 TIFFSwabLong((uint32*)ma);
1580 err=TIFFReadDirEntryCheckRangeSshortSlong(*ma);
1581 if (err!=TIFFReadDirEntryErrOk)
1582 break;
1583 *mb++=(int16)(*ma++);
1584 }
1585 }
1586 break;
1587 case TIFF_LONG8:
1588 {
1589 uint64* ma;
1590 int16* mb;
1591 uint32 n;
1592 ma=(uint64*)origdata;
1593 mb=data;
1594 for (n=0; n<count; n++)
1595 {
1596 if (tif->tif_flags&TIFF_SWAB)
1597 TIFFSwabLong8(ma);
1598 err=TIFFReadDirEntryCheckRangeSshortLong8(*ma);
1599 if (err!=TIFFReadDirEntryErrOk)
1600 break;
1601 *mb++=(int16)(*ma++);
1602 }
1603 }
1604 break;
1605 case TIFF_SLONG8:
1606 {
1607 int64* ma;
1608 int16* mb;
1609 uint32 n;
1610 ma=(int64*)origdata;
1611 mb=data;
1612 for (n=0; n<count; n++)
1613 {
1614 if (tif->tif_flags&TIFF_SWAB)
1615 TIFFSwabLong8((uint64*)ma);
1616 err=TIFFReadDirEntryCheckRangeSshortSlong8(*ma);
1617 if (err!=TIFFReadDirEntryErrOk)
1618 break;
1619 *mb++=(int16)(*ma++);
1620 }
1621 }
1622 break;
1623 }
1624 _TIFFfree(origdata);
1625 if (err!=TIFFReadDirEntryErrOk)
1626 {
1627 _TIFFfree(data);
1628 return(err);
1629 }
1630 *value=data;
1631 return(TIFFReadDirEntryErrOk);
1632 }
1633
TIFFReadDirEntryLongArray(TIFF * tif,TIFFDirEntry * direntry,uint32 ** value)1634 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value)
1635 {
1636 enum TIFFReadDirEntryErr err;
1637 uint32 count;
1638 void* origdata;
1639 uint32* data;
1640 switch (direntry->tdir_type)
1641 {
1642 case TIFF_BYTE:
1643 case TIFF_SBYTE:
1644 case TIFF_SHORT:
1645 case TIFF_SSHORT:
1646 case TIFF_LONG:
1647 case TIFF_SLONG:
1648 case TIFF_LONG8:
1649 case TIFF_SLONG8:
1650 break;
1651 default:
1652 return(TIFFReadDirEntryErrType);
1653 }
1654 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1655 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1656 {
1657 *value=0;
1658 return(err);
1659 }
1660 switch (direntry->tdir_type)
1661 {
1662 case TIFF_LONG:
1663 *value=(uint32*)origdata;
1664 if (tif->tif_flags&TIFF_SWAB)
1665 TIFFSwabArrayOfLong(*value,count);
1666 return(TIFFReadDirEntryErrOk);
1667 case TIFF_SLONG:
1668 {
1669 int32* m;
1670 uint32 n;
1671 m=(int32*)origdata;
1672 for (n=0; n<count; n++)
1673 {
1674 if (tif->tif_flags&TIFF_SWAB)
1675 TIFFSwabLong((uint32*)m);
1676 err=TIFFReadDirEntryCheckRangeLongSlong(*m);
1677 if (err!=TIFFReadDirEntryErrOk)
1678 {
1679 _TIFFfree(origdata);
1680 return(err);
1681 }
1682 m++;
1683 }
1684 *value=(uint32*)origdata;
1685 return(TIFFReadDirEntryErrOk);
1686 }
1687 }
1688 data=(uint32*)_TIFFmalloc(count*4);
1689 if (data==0)
1690 {
1691 _TIFFfree(origdata);
1692 return(TIFFReadDirEntryErrAlloc);
1693 }
1694 switch (direntry->tdir_type)
1695 {
1696 case TIFF_BYTE:
1697 {
1698 uint8* ma;
1699 uint32* mb;
1700 uint32 n;
1701 ma=(uint8*)origdata;
1702 mb=data;
1703 for (n=0; n<count; n++)
1704 *mb++=(uint32)(*ma++);
1705 }
1706 break;
1707 case TIFF_SBYTE:
1708 {
1709 int8* ma;
1710 uint32* mb;
1711 uint32 n;
1712 ma=(int8*)origdata;
1713 mb=data;
1714 for (n=0; n<count; n++)
1715 {
1716 err=TIFFReadDirEntryCheckRangeLongSbyte(*ma);
1717 if (err!=TIFFReadDirEntryErrOk)
1718 break;
1719 *mb++=(uint32)(*ma++);
1720 }
1721 }
1722 break;
1723 case TIFF_SHORT:
1724 {
1725 uint16* ma;
1726 uint32* mb;
1727 uint32 n;
1728 ma=(uint16*)origdata;
1729 mb=data;
1730 for (n=0; n<count; n++)
1731 {
1732 if (tif->tif_flags&TIFF_SWAB)
1733 TIFFSwabShort(ma);
1734 *mb++=(uint32)(*ma++);
1735 }
1736 }
1737 break;
1738 case TIFF_SSHORT:
1739 {
1740 int16* ma;
1741 uint32* mb;
1742 uint32 n;
1743 ma=(int16*)origdata;
1744 mb=data;
1745 for (n=0; n<count; n++)
1746 {
1747 if (tif->tif_flags&TIFF_SWAB)
1748 TIFFSwabShort((uint16*)ma);
1749 err=TIFFReadDirEntryCheckRangeLongSshort(*ma);
1750 if (err!=TIFFReadDirEntryErrOk)
1751 break;
1752 *mb++=(uint32)(*ma++);
1753 }
1754 }
1755 break;
1756 case TIFF_LONG8:
1757 {
1758 uint64* ma;
1759 uint32* mb;
1760 uint32 n;
1761 ma=(uint64*)origdata;
1762 mb=data;
1763 for (n=0; n<count; n++)
1764 {
1765 if (tif->tif_flags&TIFF_SWAB)
1766 TIFFSwabLong8(ma);
1767 err=TIFFReadDirEntryCheckRangeLongLong8(*ma);
1768 if (err!=TIFFReadDirEntryErrOk)
1769 break;
1770 *mb++=(uint32)(*ma++);
1771 }
1772 }
1773 break;
1774 case TIFF_SLONG8:
1775 {
1776 int64* ma;
1777 uint32* mb;
1778 uint32 n;
1779 ma=(int64*)origdata;
1780 mb=data;
1781 for (n=0; n<count; n++)
1782 {
1783 if (tif->tif_flags&TIFF_SWAB)
1784 TIFFSwabLong8((uint64*)ma);
1785 err=TIFFReadDirEntryCheckRangeLongSlong8(*ma);
1786 if (err!=TIFFReadDirEntryErrOk)
1787 break;
1788 *mb++=(uint32)(*ma++);
1789 }
1790 }
1791 break;
1792 }
1793 _TIFFfree(origdata);
1794 if (err!=TIFFReadDirEntryErrOk)
1795 {
1796 _TIFFfree(data);
1797 return(err);
1798 }
1799 *value=data;
1800 return(TIFFReadDirEntryErrOk);
1801 }
1802
TIFFReadDirEntrySlongArray(TIFF * tif,TIFFDirEntry * direntry,int32 ** value)1803 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value)
1804 {
1805 enum TIFFReadDirEntryErr err;
1806 uint32 count;
1807 void* origdata;
1808 int32* data;
1809 switch (direntry->tdir_type)
1810 {
1811 case TIFF_BYTE:
1812 case TIFF_SBYTE:
1813 case TIFF_SHORT:
1814 case TIFF_SSHORT:
1815 case TIFF_LONG:
1816 case TIFF_SLONG:
1817 case TIFF_LONG8:
1818 case TIFF_SLONG8:
1819 break;
1820 default:
1821 return(TIFFReadDirEntryErrType);
1822 }
1823 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1824 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1825 {
1826 *value=0;
1827 return(err);
1828 }
1829 switch (direntry->tdir_type)
1830 {
1831 case TIFF_LONG:
1832 {
1833 uint32* m;
1834 uint32 n;
1835 m=(uint32*)origdata;
1836 for (n=0; n<count; n++)
1837 {
1838 if (tif->tif_flags&TIFF_SWAB)
1839 TIFFSwabLong((uint32*)m);
1840 err=TIFFReadDirEntryCheckRangeSlongLong(*m);
1841 if (err!=TIFFReadDirEntryErrOk)
1842 {
1843 _TIFFfree(origdata);
1844 return(err);
1845 }
1846 m++;
1847 }
1848 *value=(int32*)origdata;
1849 return(TIFFReadDirEntryErrOk);
1850 }
1851 case TIFF_SLONG:
1852 *value=(int32*)origdata;
1853 if (tif->tif_flags&TIFF_SWAB)
1854 TIFFSwabArrayOfLong((uint32*)(*value),count);
1855 return(TIFFReadDirEntryErrOk);
1856 }
1857 data=(int32*)_TIFFmalloc(count*4);
1858 if (data==0)
1859 {
1860 _TIFFfree(origdata);
1861 return(TIFFReadDirEntryErrAlloc);
1862 }
1863 switch (direntry->tdir_type)
1864 {
1865 case TIFF_BYTE:
1866 {
1867 uint8* ma;
1868 int32* mb;
1869 uint32 n;
1870 ma=(uint8*)origdata;
1871 mb=data;
1872 for (n=0; n<count; n++)
1873 *mb++=(int32)(*ma++);
1874 }
1875 break;
1876 case TIFF_SBYTE:
1877 {
1878 int8* ma;
1879 int32* mb;
1880 uint32 n;
1881 ma=(int8*)origdata;
1882 mb=data;
1883 for (n=0; n<count; n++)
1884 *mb++=(int32)(*ma++);
1885 }
1886 break;
1887 case TIFF_SHORT:
1888 {
1889 uint16* ma;
1890 int32* mb;
1891 uint32 n;
1892 ma=(uint16*)origdata;
1893 mb=data;
1894 for (n=0; n<count; n++)
1895 {
1896 if (tif->tif_flags&TIFF_SWAB)
1897 TIFFSwabShort(ma);
1898 *mb++=(int32)(*ma++);
1899 }
1900 }
1901 break;
1902 case TIFF_SSHORT:
1903 {
1904 int16* ma;
1905 int32* mb;
1906 uint32 n;
1907 ma=(int16*)origdata;
1908 mb=data;
1909 for (n=0; n<count; n++)
1910 {
1911 if (tif->tif_flags&TIFF_SWAB)
1912 TIFFSwabShort((uint16*)ma);
1913 *mb++=(int32)(*ma++);
1914 }
1915 }
1916 break;
1917 case TIFF_LONG8:
1918 {
1919 uint64* ma;
1920 int32* mb;
1921 uint32 n;
1922 ma=(uint64*)origdata;
1923 mb=data;
1924 for (n=0; n<count; n++)
1925 {
1926 if (tif->tif_flags&TIFF_SWAB)
1927 TIFFSwabLong8(ma);
1928 err=TIFFReadDirEntryCheckRangeSlongLong8(*ma);
1929 if (err!=TIFFReadDirEntryErrOk)
1930 break;
1931 *mb++=(int32)(*ma++);
1932 }
1933 }
1934 break;
1935 case TIFF_SLONG8:
1936 {
1937 int64* ma;
1938 int32* mb;
1939 uint32 n;
1940 ma=(int64*)origdata;
1941 mb=data;
1942 for (n=0; n<count; n++)
1943 {
1944 if (tif->tif_flags&TIFF_SWAB)
1945 TIFFSwabLong8((uint64*)ma);
1946 err=TIFFReadDirEntryCheckRangeSlongSlong8(*ma);
1947 if (err!=TIFFReadDirEntryErrOk)
1948 break;
1949 *mb++=(int32)(*ma++);
1950 }
1951 }
1952 break;
1953 }
1954 _TIFFfree(origdata);
1955 if (err!=TIFFReadDirEntryErrOk)
1956 {
1957 _TIFFfree(data);
1958 return(err);
1959 }
1960 *value=data;
1961 return(TIFFReadDirEntryErrOk);
1962 }
1963
TIFFReadDirEntryLong8ArrayWithLimit(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value,uint64 maxcount)1964 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8ArrayWithLimit(
1965 TIFF* tif, TIFFDirEntry* direntry, uint64** value, uint64 maxcount)
1966 {
1967 enum TIFFReadDirEntryErr err;
1968 uint32 count;
1969 void* origdata;
1970 uint64* data;
1971 switch (direntry->tdir_type)
1972 {
1973 case TIFF_BYTE:
1974 case TIFF_SBYTE:
1975 case TIFF_SHORT:
1976 case TIFF_SSHORT:
1977 case TIFF_LONG:
1978 case TIFF_SLONG:
1979 case TIFF_LONG8:
1980 case TIFF_SLONG8:
1981 break;
1982 default:
1983 return(TIFFReadDirEntryErrType);
1984 }
1985 err=TIFFReadDirEntryArrayWithLimit(tif,direntry,&count,8,&origdata,maxcount);
1986 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1987 {
1988 *value=0;
1989 return(err);
1990 }
1991 switch (direntry->tdir_type)
1992 {
1993 case TIFF_LONG8:
1994 *value=(uint64*)origdata;
1995 if (tif->tif_flags&TIFF_SWAB)
1996 TIFFSwabArrayOfLong8(*value,count);
1997 return(TIFFReadDirEntryErrOk);
1998 case TIFF_SLONG8:
1999 {
2000 int64* m;
2001 uint32 n;
2002 m=(int64*)origdata;
2003 for (n=0; n<count; n++)
2004 {
2005 if (tif->tif_flags&TIFF_SWAB)
2006 TIFFSwabLong8((uint64*)m);
2007 err=TIFFReadDirEntryCheckRangeLong8Slong8(*m);
2008 if (err!=TIFFReadDirEntryErrOk)
2009 {
2010 _TIFFfree(origdata);
2011 return(err);
2012 }
2013 m++;
2014 }
2015 *value=(uint64*)origdata;
2016 return(TIFFReadDirEntryErrOk);
2017 }
2018 }
2019 data=(uint64*)_TIFFmalloc(count*8);
2020 if (data==0)
2021 {
2022 _TIFFfree(origdata);
2023 return(TIFFReadDirEntryErrAlloc);
2024 }
2025 switch (direntry->tdir_type)
2026 {
2027 case TIFF_BYTE:
2028 {
2029 uint8* ma;
2030 uint64* mb;
2031 uint32 n;
2032 ma=(uint8*)origdata;
2033 mb=data;
2034 for (n=0; n<count; n++)
2035 *mb++=(uint64)(*ma++);
2036 }
2037 break;
2038 case TIFF_SBYTE:
2039 {
2040 int8* ma;
2041 uint64* mb;
2042 uint32 n;
2043 ma=(int8*)origdata;
2044 mb=data;
2045 for (n=0; n<count; n++)
2046 {
2047 err=TIFFReadDirEntryCheckRangeLong8Sbyte(*ma);
2048 if (err!=TIFFReadDirEntryErrOk)
2049 break;
2050 *mb++=(uint64)(*ma++);
2051 }
2052 }
2053 break;
2054 case TIFF_SHORT:
2055 {
2056 uint16* ma;
2057 uint64* mb;
2058 uint32 n;
2059 ma=(uint16*)origdata;
2060 mb=data;
2061 for (n=0; n<count; n++)
2062 {
2063 if (tif->tif_flags&TIFF_SWAB)
2064 TIFFSwabShort(ma);
2065 *mb++=(uint64)(*ma++);
2066 }
2067 }
2068 break;
2069 case TIFF_SSHORT:
2070 {
2071 int16* ma;
2072 uint64* mb;
2073 uint32 n;
2074 ma=(int16*)origdata;
2075 mb=data;
2076 for (n=0; n<count; n++)
2077 {
2078 if (tif->tif_flags&TIFF_SWAB)
2079 TIFFSwabShort((uint16*)ma);
2080 err=TIFFReadDirEntryCheckRangeLong8Sshort(*ma);
2081 if (err!=TIFFReadDirEntryErrOk)
2082 break;
2083 *mb++=(uint64)(*ma++);
2084 }
2085 }
2086 break;
2087 case TIFF_LONG:
2088 {
2089 uint32* ma;
2090 uint64* mb;
2091 uint32 n;
2092 ma=(uint32*)origdata;
2093 mb=data;
2094 for (n=0; n<count; n++)
2095 {
2096 if (tif->tif_flags&TIFF_SWAB)
2097 TIFFSwabLong(ma);
2098 *mb++=(uint64)(*ma++);
2099 }
2100 }
2101 break;
2102 case TIFF_SLONG:
2103 {
2104 int32* ma;
2105 uint64* mb;
2106 uint32 n;
2107 ma=(int32*)origdata;
2108 mb=data;
2109 for (n=0; n<count; n++)
2110 {
2111 if (tif->tif_flags&TIFF_SWAB)
2112 TIFFSwabLong((uint32*)ma);
2113 err=TIFFReadDirEntryCheckRangeLong8Slong(*ma);
2114 if (err!=TIFFReadDirEntryErrOk)
2115 break;
2116 *mb++=(uint64)(*ma++);
2117 }
2118 }
2119 break;
2120 }
2121 _TIFFfree(origdata);
2122 if (err!=TIFFReadDirEntryErrOk)
2123 {
2124 _TIFFfree(data);
2125 return(err);
2126 }
2127 *value=data;
2128 return(TIFFReadDirEntryErrOk);
2129 }
2130
TIFFReadDirEntryLong8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2131 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2132 {
2133 return TIFFReadDirEntryLong8ArrayWithLimit(tif, direntry, value, ~((uint64)0));
2134 }
2135
TIFFReadDirEntrySlong8Array(TIFF * tif,TIFFDirEntry * direntry,int64 ** value)2136 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value)
2137 {
2138 enum TIFFReadDirEntryErr err;
2139 uint32 count;
2140 void* origdata;
2141 int64* data;
2142 switch (direntry->tdir_type)
2143 {
2144 case TIFF_BYTE:
2145 case TIFF_SBYTE:
2146 case TIFF_SHORT:
2147 case TIFF_SSHORT:
2148 case TIFF_LONG:
2149 case TIFF_SLONG:
2150 case TIFF_LONG8:
2151 case TIFF_SLONG8:
2152 break;
2153 default:
2154 return(TIFFReadDirEntryErrType);
2155 }
2156 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2157 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2158 {
2159 *value=0;
2160 return(err);
2161 }
2162 switch (direntry->tdir_type)
2163 {
2164 case TIFF_LONG8:
2165 {
2166 uint64* m;
2167 uint32 n;
2168 m=(uint64*)origdata;
2169 for (n=0; n<count; n++)
2170 {
2171 if (tif->tif_flags&TIFF_SWAB)
2172 TIFFSwabLong8(m);
2173 err=TIFFReadDirEntryCheckRangeSlong8Long8(*m);
2174 if (err!=TIFFReadDirEntryErrOk)
2175 {
2176 _TIFFfree(origdata);
2177 return(err);
2178 }
2179 m++;
2180 }
2181 *value=(int64*)origdata;
2182 return(TIFFReadDirEntryErrOk);
2183 }
2184 case TIFF_SLONG8:
2185 *value=(int64*)origdata;
2186 if (tif->tif_flags&TIFF_SWAB)
2187 TIFFSwabArrayOfLong8((uint64*)(*value),count);
2188 return(TIFFReadDirEntryErrOk);
2189 }
2190 data=(int64*)_TIFFmalloc(count*8);
2191 if (data==0)
2192 {
2193 _TIFFfree(origdata);
2194 return(TIFFReadDirEntryErrAlloc);
2195 }
2196 switch (direntry->tdir_type)
2197 {
2198 case TIFF_BYTE:
2199 {
2200 uint8* ma;
2201 int64* mb;
2202 uint32 n;
2203 ma=(uint8*)origdata;
2204 mb=data;
2205 for (n=0; n<count; n++)
2206 *mb++=(int64)(*ma++);
2207 }
2208 break;
2209 case TIFF_SBYTE:
2210 {
2211 int8* ma;
2212 int64* mb;
2213 uint32 n;
2214 ma=(int8*)origdata;
2215 mb=data;
2216 for (n=0; n<count; n++)
2217 *mb++=(int64)(*ma++);
2218 }
2219 break;
2220 case TIFF_SHORT:
2221 {
2222 uint16* ma;
2223 int64* mb;
2224 uint32 n;
2225 ma=(uint16*)origdata;
2226 mb=data;
2227 for (n=0; n<count; n++)
2228 {
2229 if (tif->tif_flags&TIFF_SWAB)
2230 TIFFSwabShort(ma);
2231 *mb++=(int64)(*ma++);
2232 }
2233 }
2234 break;
2235 case TIFF_SSHORT:
2236 {
2237 int16* ma;
2238 int64* mb;
2239 uint32 n;
2240 ma=(int16*)origdata;
2241 mb=data;
2242 for (n=0; n<count; n++)
2243 {
2244 if (tif->tif_flags&TIFF_SWAB)
2245 TIFFSwabShort((uint16*)ma);
2246 *mb++=(int64)(*ma++);
2247 }
2248 }
2249 break;
2250 case TIFF_LONG:
2251 {
2252 uint32* ma;
2253 int64* mb;
2254 uint32 n;
2255 ma=(uint32*)origdata;
2256 mb=data;
2257 for (n=0; n<count; n++)
2258 {
2259 if (tif->tif_flags&TIFF_SWAB)
2260 TIFFSwabLong(ma);
2261 *mb++=(int64)(*ma++);
2262 }
2263 }
2264 break;
2265 case TIFF_SLONG:
2266 {
2267 int32* ma;
2268 int64* mb;
2269 uint32 n;
2270 ma=(int32*)origdata;
2271 mb=data;
2272 for (n=0; n<count; n++)
2273 {
2274 if (tif->tif_flags&TIFF_SWAB)
2275 TIFFSwabLong((uint32*)ma);
2276 *mb++=(int64)(*ma++);
2277 }
2278 }
2279 break;
2280 }
2281 _TIFFfree(origdata);
2282 *value=data;
2283 return(TIFFReadDirEntryErrOk);
2284 }
2285
TIFFReadDirEntryFloatArray(TIFF * tif,TIFFDirEntry * direntry,float ** value)2286 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value)
2287 {
2288 enum TIFFReadDirEntryErr err;
2289 uint32 count;
2290 void* origdata;
2291 float* data;
2292 switch (direntry->tdir_type)
2293 {
2294 case TIFF_BYTE:
2295 case TIFF_SBYTE:
2296 case TIFF_SHORT:
2297 case TIFF_SSHORT:
2298 case TIFF_LONG:
2299 case TIFF_SLONG:
2300 case TIFF_LONG8:
2301 case TIFF_SLONG8:
2302 case TIFF_RATIONAL:
2303 case TIFF_SRATIONAL:
2304 case TIFF_FLOAT:
2305 case TIFF_DOUBLE:
2306 break;
2307 default:
2308 return(TIFFReadDirEntryErrType);
2309 }
2310 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
2311 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2312 {
2313 *value=0;
2314 return(err);
2315 }
2316 switch (direntry->tdir_type)
2317 {
2318 case TIFF_FLOAT:
2319 if (tif->tif_flags&TIFF_SWAB)
2320 TIFFSwabArrayOfLong((uint32*)origdata,count);
2321 TIFFCvtIEEEDoubleToNative(tif,count,(float*)origdata);
2322 *value=(float*)origdata;
2323 return(TIFFReadDirEntryErrOk);
2324 }
2325 data=(float*)_TIFFmalloc(count*sizeof(float));
2326 if (data==0)
2327 {
2328 _TIFFfree(origdata);
2329 return(TIFFReadDirEntryErrAlloc);
2330 }
2331 switch (direntry->tdir_type)
2332 {
2333 case TIFF_BYTE:
2334 {
2335 uint8* ma;
2336 float* mb;
2337 uint32 n;
2338 ma=(uint8*)origdata;
2339 mb=data;
2340 for (n=0; n<count; n++)
2341 *mb++=(float)(*ma++);
2342 }
2343 break;
2344 case TIFF_SBYTE:
2345 {
2346 int8* ma;
2347 float* mb;
2348 uint32 n;
2349 ma=(int8*)origdata;
2350 mb=data;
2351 for (n=0; n<count; n++)
2352 *mb++=(float)(*ma++);
2353 }
2354 break;
2355 case TIFF_SHORT:
2356 {
2357 uint16* ma;
2358 float* mb;
2359 uint32 n;
2360 ma=(uint16*)origdata;
2361 mb=data;
2362 for (n=0; n<count; n++)
2363 {
2364 if (tif->tif_flags&TIFF_SWAB)
2365 TIFFSwabShort(ma);
2366 *mb++=(float)(*ma++);
2367 }
2368 }
2369 break;
2370 case TIFF_SSHORT:
2371 {
2372 int16* ma;
2373 float* mb;
2374 uint32 n;
2375 ma=(int16*)origdata;
2376 mb=data;
2377 for (n=0; n<count; n++)
2378 {
2379 if (tif->tif_flags&TIFF_SWAB)
2380 TIFFSwabShort((uint16*)ma);
2381 *mb++=(float)(*ma++);
2382 }
2383 }
2384 break;
2385 case TIFF_LONG:
2386 {
2387 uint32* ma;
2388 float* mb;
2389 uint32 n;
2390 ma=(uint32*)origdata;
2391 mb=data;
2392 for (n=0; n<count; n++)
2393 {
2394 if (tif->tif_flags&TIFF_SWAB)
2395 TIFFSwabLong(ma);
2396 *mb++=(float)(*ma++);
2397 }
2398 }
2399 break;
2400 case TIFF_SLONG:
2401 {
2402 int32* ma;
2403 float* mb;
2404 uint32 n;
2405 ma=(int32*)origdata;
2406 mb=data;
2407 for (n=0; n<count; n++)
2408 {
2409 if (tif->tif_flags&TIFF_SWAB)
2410 TIFFSwabLong((uint32*)ma);
2411 *mb++=(float)(*ma++);
2412 }
2413 }
2414 break;
2415 case TIFF_LONG8:
2416 {
2417 uint64* ma;
2418 float* mb;
2419 uint32 n;
2420 ma=(uint64*)origdata;
2421 mb=data;
2422 for (n=0; n<count; n++)
2423 {
2424 if (tif->tif_flags&TIFF_SWAB)
2425 TIFFSwabLong8(ma);
2426 #if defined(__WIN32__) && (_MSC_VER < 1500)
2427 /*
2428 * XXX: MSVC 6.0 does not support
2429 * conversion of 64-bit integers into
2430 * floating point values.
2431 */
2432 *mb++ = _TIFFUInt64ToFloat(*ma++);
2433 #else
2434 *mb++ = (float)(*ma++);
2435 #endif
2436 }
2437 }
2438 break;
2439 case TIFF_SLONG8:
2440 {
2441 int64* ma;
2442 float* mb;
2443 uint32 n;
2444 ma=(int64*)origdata;
2445 mb=data;
2446 for (n=0; n<count; n++)
2447 {
2448 if (tif->tif_flags&TIFF_SWAB)
2449 TIFFSwabLong8((uint64*)ma);
2450 *mb++=(float)(*ma++);
2451 }
2452 }
2453 break;
2454 case TIFF_RATIONAL:
2455 {
2456 uint32* ma;
2457 uint32 maa;
2458 uint32 mab;
2459 float* mb;
2460 uint32 n;
2461 ma=(uint32*)origdata;
2462 mb=data;
2463 for (n=0; n<count; n++)
2464 {
2465 if (tif->tif_flags&TIFF_SWAB)
2466 TIFFSwabLong(ma);
2467 maa=*ma++;
2468 if (tif->tif_flags&TIFF_SWAB)
2469 TIFFSwabLong(ma);
2470 mab=*ma++;
2471 if (mab==0)
2472 *mb++=0.0;
2473 else
2474 *mb++=(float)maa/(float)mab;
2475 }
2476 }
2477 break;
2478 case TIFF_SRATIONAL:
2479 {
2480 uint32* ma;
2481 int32 maa;
2482 uint32 mab;
2483 float* mb;
2484 uint32 n;
2485 ma=(uint32*)origdata;
2486 mb=data;
2487 for (n=0; n<count; n++)
2488 {
2489 if (tif->tif_flags&TIFF_SWAB)
2490 TIFFSwabLong(ma);
2491 maa=*(int32*)ma;
2492 ma++;
2493 if (tif->tif_flags&TIFF_SWAB)
2494 TIFFSwabLong(ma);
2495 mab=*ma++;
2496 if (mab==0)
2497 *mb++=0.0;
2498 else
2499 *mb++=(float)maa/(float)mab;
2500 }
2501 }
2502 break;
2503 case TIFF_DOUBLE:
2504 {
2505 double* ma;
2506 float* mb;
2507 uint32 n;
2508 if (tif->tif_flags&TIFF_SWAB)
2509 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2510 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2511 ma=(double*)origdata;
2512 mb=data;
2513 for (n=0; n<count; n++)
2514 {
2515 double val = *ma++;
2516 if( val > FLT_MAX )
2517 val = FLT_MAX;
2518 else if( val < -FLT_MAX )
2519 val = -FLT_MAX;
2520 *mb++=(float)val;
2521 }
2522 }
2523 break;
2524 }
2525 _TIFFfree(origdata);
2526 *value=data;
2527 return(TIFFReadDirEntryErrOk);
2528 }
2529
2530 static enum TIFFReadDirEntryErr
TIFFReadDirEntryDoubleArray(TIFF * tif,TIFFDirEntry * direntry,double ** value)2531 TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value)
2532 {
2533 enum TIFFReadDirEntryErr err;
2534 uint32 count;
2535 void* origdata;
2536 double* data;
2537 switch (direntry->tdir_type)
2538 {
2539 case TIFF_BYTE:
2540 case TIFF_SBYTE:
2541 case TIFF_SHORT:
2542 case TIFF_SSHORT:
2543 case TIFF_LONG:
2544 case TIFF_SLONG:
2545 case TIFF_LONG8:
2546 case TIFF_SLONG8:
2547 case TIFF_RATIONAL:
2548 case TIFF_SRATIONAL:
2549 case TIFF_FLOAT:
2550 case TIFF_DOUBLE:
2551 break;
2552 default:
2553 return(TIFFReadDirEntryErrType);
2554 }
2555 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2556 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2557 {
2558 *value=0;
2559 return(err);
2560 }
2561 switch (direntry->tdir_type)
2562 {
2563 case TIFF_DOUBLE:
2564 if (tif->tif_flags&TIFF_SWAB)
2565 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2566 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2567 *value=(double*)origdata;
2568 return(TIFFReadDirEntryErrOk);
2569 }
2570 data=(double*)_TIFFmalloc(count*sizeof(double));
2571 if (data==0)
2572 {
2573 _TIFFfree(origdata);
2574 return(TIFFReadDirEntryErrAlloc);
2575 }
2576 switch (direntry->tdir_type)
2577 {
2578 case TIFF_BYTE:
2579 {
2580 uint8* ma;
2581 double* mb;
2582 uint32 n;
2583 ma=(uint8*)origdata;
2584 mb=data;
2585 for (n=0; n<count; n++)
2586 *mb++=(double)(*ma++);
2587 }
2588 break;
2589 case TIFF_SBYTE:
2590 {
2591 int8* ma;
2592 double* mb;
2593 uint32 n;
2594 ma=(int8*)origdata;
2595 mb=data;
2596 for (n=0; n<count; n++)
2597 *mb++=(double)(*ma++);
2598 }
2599 break;
2600 case TIFF_SHORT:
2601 {
2602 uint16* ma;
2603 double* mb;
2604 uint32 n;
2605 ma=(uint16*)origdata;
2606 mb=data;
2607 for (n=0; n<count; n++)
2608 {
2609 if (tif->tif_flags&TIFF_SWAB)
2610 TIFFSwabShort(ma);
2611 *mb++=(double)(*ma++);
2612 }
2613 }
2614 break;
2615 case TIFF_SSHORT:
2616 {
2617 int16* ma;
2618 double* mb;
2619 uint32 n;
2620 ma=(int16*)origdata;
2621 mb=data;
2622 for (n=0; n<count; n++)
2623 {
2624 if (tif->tif_flags&TIFF_SWAB)
2625 TIFFSwabShort((uint16*)ma);
2626 *mb++=(double)(*ma++);
2627 }
2628 }
2629 break;
2630 case TIFF_LONG:
2631 {
2632 uint32* ma;
2633 double* mb;
2634 uint32 n;
2635 ma=(uint32*)origdata;
2636 mb=data;
2637 for (n=0; n<count; n++)
2638 {
2639 if (tif->tif_flags&TIFF_SWAB)
2640 TIFFSwabLong(ma);
2641 *mb++=(double)(*ma++);
2642 }
2643 }
2644 break;
2645 case TIFF_SLONG:
2646 {
2647 int32* ma;
2648 double* mb;
2649 uint32 n;
2650 ma=(int32*)origdata;
2651 mb=data;
2652 for (n=0; n<count; n++)
2653 {
2654 if (tif->tif_flags&TIFF_SWAB)
2655 TIFFSwabLong((uint32*)ma);
2656 *mb++=(double)(*ma++);
2657 }
2658 }
2659 break;
2660 case TIFF_LONG8:
2661 {
2662 uint64* ma;
2663 double* mb;
2664 uint32 n;
2665 ma=(uint64*)origdata;
2666 mb=data;
2667 for (n=0; n<count; n++)
2668 {
2669 if (tif->tif_flags&TIFF_SWAB)
2670 TIFFSwabLong8(ma);
2671 #if defined(__WIN32__) && (_MSC_VER < 1500)
2672 /*
2673 * XXX: MSVC 6.0 does not support
2674 * conversion of 64-bit integers into
2675 * floating point values.
2676 */
2677 *mb++ = _TIFFUInt64ToDouble(*ma++);
2678 #else
2679 *mb++ = (double)(*ma++);
2680 #endif
2681 }
2682 }
2683 break;
2684 case TIFF_SLONG8:
2685 {
2686 int64* ma;
2687 double* mb;
2688 uint32 n;
2689 ma=(int64*)origdata;
2690 mb=data;
2691 for (n=0; n<count; n++)
2692 {
2693 if (tif->tif_flags&TIFF_SWAB)
2694 TIFFSwabLong8((uint64*)ma);
2695 *mb++=(double)(*ma++);
2696 }
2697 }
2698 break;
2699 case TIFF_RATIONAL:
2700 {
2701 uint32* ma;
2702 uint32 maa;
2703 uint32 mab;
2704 double* mb;
2705 uint32 n;
2706 ma=(uint32*)origdata;
2707 mb=data;
2708 for (n=0; n<count; n++)
2709 {
2710 if (tif->tif_flags&TIFF_SWAB)
2711 TIFFSwabLong(ma);
2712 maa=*ma++;
2713 if (tif->tif_flags&TIFF_SWAB)
2714 TIFFSwabLong(ma);
2715 mab=*ma++;
2716 if (mab==0)
2717 *mb++=0.0;
2718 else
2719 *mb++=(double)maa/(double)mab;
2720 }
2721 }
2722 break;
2723 case TIFF_SRATIONAL:
2724 {
2725 uint32* ma;
2726 int32 maa;
2727 uint32 mab;
2728 double* mb;
2729 uint32 n;
2730 ma=(uint32*)origdata;
2731 mb=data;
2732 for (n=0; n<count; n++)
2733 {
2734 if (tif->tif_flags&TIFF_SWAB)
2735 TIFFSwabLong(ma);
2736 maa=*(int32*)ma;
2737 ma++;
2738 if (tif->tif_flags&TIFF_SWAB)
2739 TIFFSwabLong(ma);
2740 mab=*ma++;
2741 if (mab==0)
2742 *mb++=0.0;
2743 else
2744 *mb++=(double)maa/(double)mab;
2745 }
2746 }
2747 break;
2748 case TIFF_FLOAT:
2749 {
2750 float* ma;
2751 double* mb;
2752 uint32 n;
2753 if (tif->tif_flags&TIFF_SWAB)
2754 TIFFSwabArrayOfLong((uint32*)origdata,count);
2755 TIFFCvtIEEEFloatToNative(tif,count,(float*)origdata);
2756 ma=(float*)origdata;
2757 mb=data;
2758 for (n=0; n<count; n++)
2759 *mb++=(double)(*ma++);
2760 }
2761 break;
2762 }
2763 _TIFFfree(origdata);
2764 *value=data;
2765 return(TIFFReadDirEntryErrOk);
2766 }
2767
TIFFReadDirEntryIfd8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2768 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2769 {
2770 enum TIFFReadDirEntryErr err;
2771 uint32 count;
2772 void* origdata;
2773 uint64* data;
2774 switch (direntry->tdir_type)
2775 {
2776 case TIFF_LONG:
2777 case TIFF_LONG8:
2778 case TIFF_IFD:
2779 case TIFF_IFD8:
2780 break;
2781 default:
2782 return(TIFFReadDirEntryErrType);
2783 }
2784 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2785 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2786 {
2787 *value=0;
2788 return(err);
2789 }
2790 switch (direntry->tdir_type)
2791 {
2792 case TIFF_LONG8:
2793 case TIFF_IFD8:
2794 *value=(uint64*)origdata;
2795 if (tif->tif_flags&TIFF_SWAB)
2796 TIFFSwabArrayOfLong8(*value,count);
2797 return(TIFFReadDirEntryErrOk);
2798 }
2799 data=(uint64*)_TIFFmalloc(count*8);
2800 if (data==0)
2801 {
2802 _TIFFfree(origdata);
2803 return(TIFFReadDirEntryErrAlloc);
2804 }
2805 switch (direntry->tdir_type)
2806 {
2807 case TIFF_LONG:
2808 case TIFF_IFD:
2809 {
2810 uint32* ma;
2811 uint64* mb;
2812 uint32 n;
2813 ma=(uint32*)origdata;
2814 mb=data;
2815 for (n=0; n<count; n++)
2816 {
2817 if (tif->tif_flags&TIFF_SWAB)
2818 TIFFSwabLong(ma);
2819 *mb++=(uint64)(*ma++);
2820 }
2821 }
2822 break;
2823 }
2824 _TIFFfree(origdata);
2825 *value=data;
2826 return(TIFFReadDirEntryErrOk);
2827 }
2828
TIFFReadDirEntryPersampleShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2829 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2830 {
2831 enum TIFFReadDirEntryErr err;
2832 uint16* m;
2833 uint16* na;
2834 uint16 nb;
2835 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2836 return(TIFFReadDirEntryErrCount);
2837 err=TIFFReadDirEntryShortArray(tif,direntry,&m);
2838 if (err!=TIFFReadDirEntryErrOk || m == NULL)
2839 return(err);
2840 na=m;
2841 nb=tif->tif_dir.td_samplesperpixel;
2842 *value=*na++;
2843 nb--;
2844 while (nb>0)
2845 {
2846 if (*na++!=*value)
2847 {
2848 err=TIFFReadDirEntryErrPsdif;
2849 break;
2850 }
2851 nb--;
2852 }
2853 _TIFFfree(m);
2854 return(err);
2855 }
2856
2857 #if 0
2858 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2859 {
2860 enum TIFFReadDirEntryErr err;
2861 double* m;
2862 double* na;
2863 uint16 nb;
2864 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2865 return(TIFFReadDirEntryErrCount);
2866 err=TIFFReadDirEntryDoubleArray(tif,direntry,&m);
2867 if (err!=TIFFReadDirEntryErrOk)
2868 return(err);
2869 na=m;
2870 nb=tif->tif_dir.td_samplesperpixel;
2871 *value=*na++;
2872 nb--;
2873 while (nb>0)
2874 {
2875 if (*na++!=*value)
2876 {
2877 err=TIFFReadDirEntryErrPsdif;
2878 break;
2879 }
2880 nb--;
2881 }
2882 _TIFFfree(m);
2883 return(err);
2884 }
2885 #endif
2886
TIFFReadDirEntryCheckedByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)2887 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
2888 {
2889 (void) tif;
2890 *value=*(uint8*)(&direntry->tdir_offset);
2891 }
2892
TIFFReadDirEntryCheckedSbyte(TIFF * tif,TIFFDirEntry * direntry,int8 * value)2893 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value)
2894 {
2895 (void) tif;
2896 *value=*(int8*)(&direntry->tdir_offset);
2897 }
2898
TIFFReadDirEntryCheckedShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2899 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2900 {
2901 *value = direntry->tdir_offset.toff_short;
2902 /* *value=*(uint16*)(&direntry->tdir_offset); */
2903 if (tif->tif_flags&TIFF_SWAB)
2904 TIFFSwabShort(value);
2905 }
2906
TIFFReadDirEntryCheckedSshort(TIFF * tif,TIFFDirEntry * direntry,int16 * value)2907 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value)
2908 {
2909 *value=*(int16*)(&direntry->tdir_offset);
2910 if (tif->tif_flags&TIFF_SWAB)
2911 TIFFSwabShort((uint16*)value);
2912 }
2913
TIFFReadDirEntryCheckedLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)2914 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
2915 {
2916 *value=*(uint32*)(&direntry->tdir_offset);
2917 if (tif->tif_flags&TIFF_SWAB)
2918 TIFFSwabLong(value);
2919 }
2920
TIFFReadDirEntryCheckedSlong(TIFF * tif,TIFFDirEntry * direntry,int32 * value)2921 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value)
2922 {
2923 *value=*(int32*)(&direntry->tdir_offset);
2924 if (tif->tif_flags&TIFF_SWAB)
2925 TIFFSwabLong((uint32*)value);
2926 }
2927
TIFFReadDirEntryCheckedLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)2928 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
2929 {
2930 if (!(tif->tif_flags&TIFF_BIGTIFF))
2931 {
2932 enum TIFFReadDirEntryErr err;
2933 uint32 offset = direntry->tdir_offset.toff_long;
2934 if (tif->tif_flags&TIFF_SWAB)
2935 TIFFSwabLong(&offset);
2936 err=TIFFReadDirEntryData(tif,offset,8,value);
2937 if (err!=TIFFReadDirEntryErrOk)
2938 return(err);
2939 }
2940 else
2941 *value = direntry->tdir_offset.toff_long8;
2942 if (tif->tif_flags&TIFF_SWAB)
2943 TIFFSwabLong8(value);
2944 return(TIFFReadDirEntryErrOk);
2945 }
2946
TIFFReadDirEntryCheckedSlong8(TIFF * tif,TIFFDirEntry * direntry,int64 * value)2947 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value)
2948 {
2949 if (!(tif->tif_flags&TIFF_BIGTIFF))
2950 {
2951 enum TIFFReadDirEntryErr err;
2952 uint32 offset = direntry->tdir_offset.toff_long;
2953 if (tif->tif_flags&TIFF_SWAB)
2954 TIFFSwabLong(&offset);
2955 err=TIFFReadDirEntryData(tif,offset,8,value);
2956 if (err!=TIFFReadDirEntryErrOk)
2957 return(err);
2958 }
2959 else
2960 *value=*(int64*)(&direntry->tdir_offset);
2961 if (tif->tif_flags&TIFF_SWAB)
2962 TIFFSwabLong8((uint64*)value);
2963 return(TIFFReadDirEntryErrOk);
2964 }
2965
TIFFReadDirEntryCheckedRational(TIFF * tif,TIFFDirEntry * direntry,double * value)2966 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2967 {
2968 UInt64Aligned_t m;
2969
2970 assert(sizeof(double)==8);
2971 assert(sizeof(uint64)==8);
2972 assert(sizeof(uint32)==4);
2973 if (!(tif->tif_flags&TIFF_BIGTIFF))
2974 {
2975 enum TIFFReadDirEntryErr err;
2976 uint32 offset = direntry->tdir_offset.toff_long;
2977 if (tif->tif_flags&TIFF_SWAB)
2978 TIFFSwabLong(&offset);
2979 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2980 if (err!=TIFFReadDirEntryErrOk)
2981 return(err);
2982 }
2983 else
2984 m.l = direntry->tdir_offset.toff_long8;
2985 if (tif->tif_flags&TIFF_SWAB)
2986 TIFFSwabArrayOfLong(m.i,2);
2987 /* Not completely sure what we should do when m.i[1]==0, but some */
2988 /* sanitizers do not like division by 0.0: */
2989 /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
2990 if (m.i[0]==0 || m.i[1]==0)
2991 *value=0.0;
2992 else
2993 *value=(double)m.i[0]/(double)m.i[1];
2994 return(TIFFReadDirEntryErrOk);
2995 }
2996
TIFFReadDirEntryCheckedSrational(TIFF * tif,TIFFDirEntry * direntry,double * value)2997 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2998 {
2999 UInt64Aligned_t m;
3000 assert(sizeof(double)==8);
3001 assert(sizeof(uint64)==8);
3002 assert(sizeof(int32)==4);
3003 assert(sizeof(uint32)==4);
3004 if (!(tif->tif_flags&TIFF_BIGTIFF))
3005 {
3006 enum TIFFReadDirEntryErr err;
3007 uint32 offset = direntry->tdir_offset.toff_long;
3008 if (tif->tif_flags&TIFF_SWAB)
3009 TIFFSwabLong(&offset);
3010 err=TIFFReadDirEntryData(tif,offset,8,m.i);
3011 if (err!=TIFFReadDirEntryErrOk)
3012 return(err);
3013 }
3014 else
3015 m.l=direntry->tdir_offset.toff_long8;
3016 if (tif->tif_flags&TIFF_SWAB)
3017 TIFFSwabArrayOfLong(m.i,2);
3018 /* Not completely sure what we should do when m.i[1]==0, but some */
3019 /* sanitizers do not like division by 0.0: */
3020 /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
3021 if ((int32)m.i[0]==0 || m.i[1]==0)
3022 *value=0.0;
3023 else
3024 *value=(double)((int32)m.i[0])/(double)m.i[1];
3025 return(TIFFReadDirEntryErrOk);
3026 }
3027
TIFFReadDirEntryCheckedFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)3028 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
3029 {
3030 union
3031 {
3032 float f;
3033 uint32 i;
3034 } float_union;
3035 assert(sizeof(float)==4);
3036 assert(sizeof(uint32)==4);
3037 assert(sizeof(float_union)==4);
3038 float_union.i=*(uint32*)(&direntry->tdir_offset);
3039 *value=float_union.f;
3040 if (tif->tif_flags&TIFF_SWAB)
3041 TIFFSwabLong((uint32*)value);
3042 }
3043
TIFFReadDirEntryCheckedDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)3044 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
3045 {
3046 assert(sizeof(double)==8);
3047 assert(sizeof(uint64)==8);
3048 assert(sizeof(UInt64Aligned_t)==8);
3049 if (!(tif->tif_flags&TIFF_BIGTIFF))
3050 {
3051 enum TIFFReadDirEntryErr err;
3052 uint32 offset = direntry->tdir_offset.toff_long;
3053 if (tif->tif_flags&TIFF_SWAB)
3054 TIFFSwabLong(&offset);
3055 err=TIFFReadDirEntryData(tif,offset,8,value);
3056 if (err!=TIFFReadDirEntryErrOk)
3057 return(err);
3058 }
3059 else
3060 {
3061 UInt64Aligned_t uint64_union;
3062 uint64_union.l=direntry->tdir_offset.toff_long8;
3063 *value=uint64_union.d;
3064 }
3065 if (tif->tif_flags&TIFF_SWAB)
3066 TIFFSwabLong8((uint64*)value);
3067 return(TIFFReadDirEntryErrOk);
3068 }
3069
TIFFReadDirEntryCheckRangeByteSbyte(int8 value)3070 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value)
3071 {
3072 if (value<0)
3073 return(TIFFReadDirEntryErrRange);
3074 else
3075 return(TIFFReadDirEntryErrOk);
3076 }
3077
TIFFReadDirEntryCheckRangeByteShort(uint16 value)3078 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value)
3079 {
3080 if (value>0xFF)
3081 return(TIFFReadDirEntryErrRange);
3082 else
3083 return(TIFFReadDirEntryErrOk);
3084 }
3085
TIFFReadDirEntryCheckRangeByteSshort(int16 value)3086 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value)
3087 {
3088 if ((value<0)||(value>0xFF))
3089 return(TIFFReadDirEntryErrRange);
3090 else
3091 return(TIFFReadDirEntryErrOk);
3092 }
3093
TIFFReadDirEntryCheckRangeByteLong(uint32 value)3094 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value)
3095 {
3096 if (value>0xFF)
3097 return(TIFFReadDirEntryErrRange);
3098 else
3099 return(TIFFReadDirEntryErrOk);
3100 }
3101
TIFFReadDirEntryCheckRangeByteSlong(int32 value)3102 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value)
3103 {
3104 if ((value<0)||(value>0xFF))
3105 return(TIFFReadDirEntryErrRange);
3106 else
3107 return(TIFFReadDirEntryErrOk);
3108 }
3109
TIFFReadDirEntryCheckRangeByteLong8(uint64 value)3110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value)
3111 {
3112 if (value>0xFF)
3113 return(TIFFReadDirEntryErrRange);
3114 else
3115 return(TIFFReadDirEntryErrOk);
3116 }
3117
TIFFReadDirEntryCheckRangeByteSlong8(int64 value)3118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value)
3119 {
3120 if ((value<0)||(value>0xFF))
3121 return(TIFFReadDirEntryErrRange);
3122 else
3123 return(TIFFReadDirEntryErrOk);
3124 }
3125
TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)3126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)
3127 {
3128 if (value>0x7F)
3129 return(TIFFReadDirEntryErrRange);
3130 else
3131 return(TIFFReadDirEntryErrOk);
3132 }
3133
TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)3134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)
3135 {
3136 if (value>0x7F)
3137 return(TIFFReadDirEntryErrRange);
3138 else
3139 return(TIFFReadDirEntryErrOk);
3140 }
3141
TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)3142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)
3143 {
3144 if ((value<-0x80)||(value>0x7F))
3145 return(TIFFReadDirEntryErrRange);
3146 else
3147 return(TIFFReadDirEntryErrOk);
3148 }
3149
TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)3150 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)
3151 {
3152 if (value>0x7F)
3153 return(TIFFReadDirEntryErrRange);
3154 else
3155 return(TIFFReadDirEntryErrOk);
3156 }
3157
TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)3158 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)
3159 {
3160 if ((value<-0x80)||(value>0x7F))
3161 return(TIFFReadDirEntryErrRange);
3162 else
3163 return(TIFFReadDirEntryErrOk);
3164 }
3165
TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)3166 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)
3167 {
3168 if (value>0x7F)
3169 return(TIFFReadDirEntryErrRange);
3170 else
3171 return(TIFFReadDirEntryErrOk);
3172 }
3173
TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)3174 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)
3175 {
3176 if ((value<-0x80)||(value>0x7F))
3177 return(TIFFReadDirEntryErrRange);
3178 else
3179 return(TIFFReadDirEntryErrOk);
3180 }
3181
TIFFReadDirEntryCheckRangeShortSbyte(int8 value)3182 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value)
3183 {
3184 if (value<0)
3185 return(TIFFReadDirEntryErrRange);
3186 else
3187 return(TIFFReadDirEntryErrOk);
3188 }
3189
TIFFReadDirEntryCheckRangeShortSshort(int16 value)3190 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value)
3191 {
3192 if (value<0)
3193 return(TIFFReadDirEntryErrRange);
3194 else
3195 return(TIFFReadDirEntryErrOk);
3196 }
3197
TIFFReadDirEntryCheckRangeShortLong(uint32 value)3198 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value)
3199 {
3200 if (value>0xFFFF)
3201 return(TIFFReadDirEntryErrRange);
3202 else
3203 return(TIFFReadDirEntryErrOk);
3204 }
3205
TIFFReadDirEntryCheckRangeShortSlong(int32 value)3206 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value)
3207 {
3208 if ((value<0)||(value>0xFFFF))
3209 return(TIFFReadDirEntryErrRange);
3210 else
3211 return(TIFFReadDirEntryErrOk);
3212 }
3213
TIFFReadDirEntryCheckRangeShortLong8(uint64 value)3214 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value)
3215 {
3216 if (value>0xFFFF)
3217 return(TIFFReadDirEntryErrRange);
3218 else
3219 return(TIFFReadDirEntryErrOk);
3220 }
3221
TIFFReadDirEntryCheckRangeShortSlong8(int64 value)3222 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value)
3223 {
3224 if ((value<0)||(value>0xFFFF))
3225 return(TIFFReadDirEntryErrRange);
3226 else
3227 return(TIFFReadDirEntryErrOk);
3228 }
3229
TIFFReadDirEntryCheckRangeSshortShort(uint16 value)3230 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value)
3231 {
3232 if (value>0x7FFF)
3233 return(TIFFReadDirEntryErrRange);
3234 else
3235 return(TIFFReadDirEntryErrOk);
3236 }
3237
TIFFReadDirEntryCheckRangeSshortLong(uint32 value)3238 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value)
3239 {
3240 if (value>0x7FFF)
3241 return(TIFFReadDirEntryErrRange);
3242 else
3243 return(TIFFReadDirEntryErrOk);
3244 }
3245
TIFFReadDirEntryCheckRangeSshortSlong(int32 value)3246 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value)
3247 {
3248 if ((value<-0x8000)||(value>0x7FFF))
3249 return(TIFFReadDirEntryErrRange);
3250 else
3251 return(TIFFReadDirEntryErrOk);
3252 }
3253
TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)3254 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)
3255 {
3256 if (value>0x7FFF)
3257 return(TIFFReadDirEntryErrRange);
3258 else
3259 return(TIFFReadDirEntryErrOk);
3260 }
3261
TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)3262 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)
3263 {
3264 if ((value<-0x8000)||(value>0x7FFF))
3265 return(TIFFReadDirEntryErrRange);
3266 else
3267 return(TIFFReadDirEntryErrOk);
3268 }
3269
TIFFReadDirEntryCheckRangeLongSbyte(int8 value)3270 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value)
3271 {
3272 if (value<0)
3273 return(TIFFReadDirEntryErrRange);
3274 else
3275 return(TIFFReadDirEntryErrOk);
3276 }
3277
TIFFReadDirEntryCheckRangeLongSshort(int16 value)3278 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value)
3279 {
3280 if (value<0)
3281 return(TIFFReadDirEntryErrRange);
3282 else
3283 return(TIFFReadDirEntryErrOk);
3284 }
3285
TIFFReadDirEntryCheckRangeLongSlong(int32 value)3286 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value)
3287 {
3288 if (value<0)
3289 return(TIFFReadDirEntryErrRange);
3290 else
3291 return(TIFFReadDirEntryErrOk);
3292 }
3293
3294 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongLong8(uint64 value)3295 TIFFReadDirEntryCheckRangeLongLong8(uint64 value)
3296 {
3297 if (value > TIFF_UINT32_MAX)
3298 return(TIFFReadDirEntryErrRange);
3299 else
3300 return(TIFFReadDirEntryErrOk);
3301 }
3302
3303 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongSlong8(int64 value)3304 TIFFReadDirEntryCheckRangeLongSlong8(int64 value)
3305 {
3306 if ((value < 0) || (value > (int64) TIFF_UINT32_MAX))
3307 return(TIFFReadDirEntryErrRange);
3308 else
3309 return(TIFFReadDirEntryErrOk);
3310 }
3311
3312 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong(uint32 value)3313 TIFFReadDirEntryCheckRangeSlongLong(uint32 value)
3314 {
3315 if (value > 0x7FFFFFFFUL)
3316 return(TIFFReadDirEntryErrRange);
3317 else
3318 return(TIFFReadDirEntryErrOk);
3319 }
3320
3321 /* Check that the 8-byte unsigned value can fit in a 4-byte unsigned range */
3322 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)3323 TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)
3324 {
3325 if (value > 0x7FFFFFFF)
3326 return(TIFFReadDirEntryErrRange);
3327 else
3328 return(TIFFReadDirEntryErrOk);
3329 }
3330
3331 /* Check that the 8-byte signed value can fit in a 4-byte signed range */
3332 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)3333 TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)
3334 {
3335 if ((value < 0-((int64) 0x7FFFFFFF+1)) || (value > 0x7FFFFFFF))
3336 return(TIFFReadDirEntryErrRange);
3337 else
3338 return(TIFFReadDirEntryErrOk);
3339 }
3340
3341 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)3342 TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)
3343 {
3344 if (value < 0)
3345 return(TIFFReadDirEntryErrRange);
3346 else
3347 return(TIFFReadDirEntryErrOk);
3348 }
3349
3350 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)3351 TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)
3352 {
3353 if (value < 0)
3354 return(TIFFReadDirEntryErrRange);
3355 else
3356 return(TIFFReadDirEntryErrOk);
3357 }
3358
3359 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong(int32 value)3360 TIFFReadDirEntryCheckRangeLong8Slong(int32 value)
3361 {
3362 if (value < 0)
3363 return(TIFFReadDirEntryErrRange);
3364 else
3365 return(TIFFReadDirEntryErrOk);
3366 }
3367
3368 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)3369 TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)
3370 {
3371 if (value < 0)
3372 return(TIFFReadDirEntryErrRange);
3373 else
3374 return(TIFFReadDirEntryErrOk);
3375 }
3376
3377 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)3378 TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)
3379 {
3380 if (value > TIFF_INT64_MAX)
3381 return(TIFFReadDirEntryErrRange);
3382 else
3383 return(TIFFReadDirEntryErrOk);
3384 }
3385
3386 static enum TIFFReadDirEntryErr
TIFFReadDirEntryData(TIFF * tif,uint64 offset,tmsize_t size,void * dest)3387 TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest)
3388 {
3389 assert(size>0);
3390 if (!isMapped(tif)) {
3391 if (!SeekOK(tif,offset))
3392 return(TIFFReadDirEntryErrIo);
3393 if (!ReadOK(tif,dest,size))
3394 return(TIFFReadDirEntryErrIo);
3395 } else {
3396 size_t ma,mb;
3397 ma=(size_t)offset;
3398 if( (uint64)ma!=offset ||
3399 ma > (~(size_t)0) - (size_t)size )
3400 {
3401 return TIFFReadDirEntryErrIo;
3402 }
3403 mb=ma+size;
3404 if (mb > (size_t)tif->tif_size)
3405 return(TIFFReadDirEntryErrIo);
3406 _TIFFmemcpy(dest,tif->tif_base+ma,size);
3407 }
3408 return(TIFFReadDirEntryErrOk);
3409 }
3410
TIFFReadDirEntryOutputErr(TIFF * tif,enum TIFFReadDirEntryErr err,const char * module,const char * tagname,int recover)3411 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover)
3412 {
3413 if (!recover) {
3414 switch (err) {
3415 case TIFFReadDirEntryErrCount:
3416 TIFFErrorExt(tif->tif_clientdata, module,
3417 "Incorrect count for \"%s\"",
3418 tagname);
3419 break;
3420 case TIFFReadDirEntryErrType:
3421 TIFFErrorExt(tif->tif_clientdata, module,
3422 "Incompatible type for \"%s\"",
3423 tagname);
3424 break;
3425 case TIFFReadDirEntryErrIo:
3426 TIFFErrorExt(tif->tif_clientdata, module,
3427 "IO error during reading of \"%s\"",
3428 tagname);
3429 break;
3430 case TIFFReadDirEntryErrRange:
3431 TIFFErrorExt(tif->tif_clientdata, module,
3432 "Incorrect value for \"%s\"",
3433 tagname);
3434 break;
3435 case TIFFReadDirEntryErrPsdif:
3436 TIFFErrorExt(tif->tif_clientdata, module,
3437 "Cannot handle different values per sample for \"%s\"",
3438 tagname);
3439 break;
3440 case TIFFReadDirEntryErrSizesan:
3441 TIFFErrorExt(tif->tif_clientdata, module,
3442 "Sanity check on size of \"%s\" value failed",
3443 tagname);
3444 break;
3445 case TIFFReadDirEntryErrAlloc:
3446 TIFFErrorExt(tif->tif_clientdata, module,
3447 "Out of memory reading of \"%s\"",
3448 tagname);
3449 break;
3450 default:
3451 assert(0); /* we should never get here */
3452 break;
3453 }
3454 } else {
3455 switch (err) {
3456 case TIFFReadDirEntryErrCount:
3457 TIFFWarningExt(tif->tif_clientdata, module,
3458 "Incorrect count for \"%s\"; tag ignored",
3459 tagname);
3460 break;
3461 case TIFFReadDirEntryErrType:
3462 TIFFWarningExt(tif->tif_clientdata, module,
3463 "Incompatible type for \"%s\"; tag ignored",
3464 tagname);
3465 break;
3466 case TIFFReadDirEntryErrIo:
3467 TIFFWarningExt(tif->tif_clientdata, module,
3468 "IO error during reading of \"%s\"; tag ignored",
3469 tagname);
3470 break;
3471 case TIFFReadDirEntryErrRange:
3472 TIFFWarningExt(tif->tif_clientdata, module,
3473 "Incorrect value for \"%s\"; tag ignored",
3474 tagname);
3475 break;
3476 case TIFFReadDirEntryErrPsdif:
3477 TIFFWarningExt(tif->tif_clientdata, module,
3478 "Cannot handle different values per sample for \"%s\"; tag ignored",
3479 tagname);
3480 break;
3481 case TIFFReadDirEntryErrSizesan:
3482 TIFFWarningExt(tif->tif_clientdata, module,
3483 "Sanity check on size of \"%s\" value failed; tag ignored",
3484 tagname);
3485 break;
3486 case TIFFReadDirEntryErrAlloc:
3487 TIFFWarningExt(tif->tif_clientdata, module,
3488 "Out of memory reading of \"%s\"; tag ignored",
3489 tagname);
3490 break;
3491 default:
3492 assert(0); /* we should never get here */
3493 break;
3494 }
3495 }
3496 }
3497
3498 /*
3499 * Return the maximum number of color channels specified for a given photometric
3500 * type. 0 is returned if photometric type isn't supported or no default value
3501 * is defined by the specification.
3502 */
_TIFFGetMaxColorChannels(uint16 photometric)3503 static int _TIFFGetMaxColorChannels( uint16 photometric )
3504 {
3505 switch (photometric) {
3506 case PHOTOMETRIC_PALETTE:
3507 case PHOTOMETRIC_MINISWHITE:
3508 case PHOTOMETRIC_MINISBLACK:
3509 return 1;
3510 case PHOTOMETRIC_YCBCR:
3511 case PHOTOMETRIC_RGB:
3512 case PHOTOMETRIC_CIELAB:
3513 case PHOTOMETRIC_LOGLUV:
3514 case PHOTOMETRIC_ITULAB:
3515 case PHOTOMETRIC_ICCLAB:
3516 return 3;
3517 case PHOTOMETRIC_SEPARATED:
3518 case PHOTOMETRIC_MASK:
3519 return 4;
3520 case PHOTOMETRIC_LOGL:
3521 case PHOTOMETRIC_CFA:
3522 default:
3523 return 0;
3524 }
3525 }
3526
ByteCountLooksBad(TIFF * tif)3527 static int ByteCountLooksBad(TIFF* tif)
3528 {
3529 /*
3530 * Assume we have wrong StripByteCount value (in case
3531 * of single strip) in following cases:
3532 * - it is equal to zero along with StripOffset;
3533 * - it is larger than file itself (in case of uncompressed
3534 * image);
3535 * - it is smaller than the size of the bytes per row
3536 * multiplied on the number of rows. The last case should
3537 * not be checked in the case of writing new image,
3538 * because we may do not know the exact strip size
3539 * until the whole image will be written and directory
3540 * dumped out.
3541 */
3542 uint64 bytecount = TIFFGetStrileByteCount(tif, 0);
3543 uint64 offset = TIFFGetStrileOffset(tif, 0);
3544 uint64 filesize;
3545
3546 if( offset == 0 )
3547 return 0;
3548 if (bytecount == 0)
3549 return 1;
3550 if ( tif->tif_dir.td_compression != COMPRESSION_NONE )
3551 return 0;
3552 filesize = TIFFGetFileSize(tif);
3553 if( offset <= filesize && bytecount > filesize - offset )
3554 return 1;
3555 if( tif->tif_mode == O_RDONLY )
3556 {
3557 uint64 scanlinesize = TIFFScanlineSize64(tif);
3558 if( tif->tif_dir.td_imagelength > 0 &&
3559 scanlinesize > TIFF_UINT64_MAX / tif->tif_dir.td_imagelength )
3560 {
3561 return 1;
3562 }
3563 if( bytecount < scanlinesize * tif->tif_dir.td_imagelength)
3564 return 1;
3565 }
3566 return 0;
3567 }
3568
3569
3570 /*
3571 * Read the next TIFF directory from a file and convert it to the internal
3572 * format. We read directories sequentially.
3573 */
3574 int
TIFFReadDirectory(TIFF * tif)3575 TIFFReadDirectory(TIFF* tif)
3576 {
3577 static const char module[] = "TIFFReadDirectory";
3578 TIFFDirEntry* dir;
3579 uint16 dircount;
3580 TIFFDirEntry* dp;
3581 uint16 di;
3582 const TIFFField* fip;
3583 uint32 fii=FAILED_FII;
3584 toff_t nextdiroff;
3585 int bitspersample_read = FALSE;
3586 int color_channels;
3587
3588 tif->tif_diroff=tif->tif_nextdiroff;
3589 if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
3590 return 0; /* last offset or bad offset (IFD looping) */
3591 (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */
3592 tif->tif_curdir++;
3593 nextdiroff = tif->tif_nextdiroff;
3594 dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff);
3595 if (!dircount)
3596 {
3597 TIFFErrorExt(tif->tif_clientdata,module,
3598 "Failed to read directory at offset " TIFF_UINT64_FORMAT,nextdiroff);
3599 return 0;
3600 }
3601 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
3602
3603 /*
3604 * Mark duplicates of any tag to be ignored (bugzilla 1994)
3605 * to avoid certain pathological problems.
3606 */
3607 {
3608 TIFFDirEntry* ma;
3609 uint16 mb;
3610 for (ma=dir, mb=0; mb<dircount; ma++, mb++)
3611 {
3612 TIFFDirEntry* na;
3613 uint16 nb;
3614 for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++)
3615 {
3616 if (ma->tdir_tag == na->tdir_tag) {
3617 na->tdir_ignore = TRUE;
3618 }
3619 }
3620 }
3621 }
3622
3623 tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */
3624 tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */
3625 tif->tif_flags &= ~TIFF_CHOPPEDUPARRAYS;
3626
3627 /* free any old stuff and reinit */
3628 TIFFFreeDirectory(tif);
3629 TIFFDefaultDirectory(tif);
3630 /*
3631 * Electronic Arts writes gray-scale TIFF files
3632 * without a PlanarConfiguration directory entry.
3633 * Thus we setup a default value here, even though
3634 * the TIFF spec says there is no default value.
3635 */
3636 TIFFSetField(tif,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG);
3637 /*
3638 * Setup default value and then make a pass over
3639 * the fields to check type and tag information,
3640 * and to extract info required to size data
3641 * structures. A second pass is made afterwards
3642 * to read in everything not taken in the first pass.
3643 * But we must process the Compression tag first
3644 * in order to merge in codec-private tag definitions (otherwise
3645 * we may get complaints about unknown tags). However, the
3646 * Compression tag may be dependent on the SamplesPerPixel
3647 * tag value because older TIFF specs permitted Compression
3648 * to be written as a SamplesPerPixel-count tag entry.
3649 * Thus if we don't first figure out the correct SamplesPerPixel
3650 * tag value then we may end up ignoring the Compression tag
3651 * value because it has an incorrect count value (if the
3652 * true value of SamplesPerPixel is not 1).
3653 */
3654 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_SAMPLESPERPIXEL);
3655 if (dp)
3656 {
3657 if (!TIFFFetchNormalTag(tif,dp,0))
3658 goto bad;
3659 dp->tdir_ignore = TRUE;
3660 }
3661 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION);
3662 if (dp)
3663 {
3664 /*
3665 * The 5.0 spec says the Compression tag has one value, while
3666 * earlier specs say it has one value per sample. Because of
3667 * this, we accept the tag if one value is supplied with either
3668 * count.
3669 */
3670 uint16 value;
3671 enum TIFFReadDirEntryErr err;
3672 err=TIFFReadDirEntryShort(tif,dp,&value);
3673 if (err==TIFFReadDirEntryErrCount)
3674 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3675 if (err!=TIFFReadDirEntryErrOk)
3676 {
3677 TIFFReadDirEntryOutputErr(tif,err,module,"Compression",0);
3678 goto bad;
3679 }
3680 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value))
3681 goto bad;
3682 dp->tdir_ignore = TRUE;
3683 }
3684 else
3685 {
3686 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,COMPRESSION_NONE))
3687 goto bad;
3688 }
3689 /*
3690 * First real pass over the directory.
3691 */
3692 for (di=0, dp=dir; di<dircount; di++, dp++)
3693 {
3694 if (!dp->tdir_ignore)
3695 {
3696 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3697 if (fii == FAILED_FII)
3698 {
3699 TIFFWarningExt(tif->tif_clientdata, module,
3700 "Unknown field with tag %d (0x%x) encountered",
3701 dp->tdir_tag,dp->tdir_tag);
3702 /* the following knowingly leaks the
3703 anonymous field structure */
3704 if (!_TIFFMergeFields(tif,
3705 _TIFFCreateAnonField(tif,
3706 dp->tdir_tag,
3707 (TIFFDataType) dp->tdir_type),
3708 1)) {
3709 TIFFWarningExt(tif->tif_clientdata,
3710 module,
3711 "Registering anonymous field with tag %d (0x%x) failed",
3712 dp->tdir_tag,
3713 dp->tdir_tag);
3714 dp->tdir_ignore = TRUE;
3715 } else {
3716 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3717 assert(fii != FAILED_FII);
3718 }
3719 }
3720 }
3721 if (!dp->tdir_ignore)
3722 {
3723 fip=tif->tif_fields[fii];
3724 if (fip->field_bit==FIELD_IGNORE)
3725 dp->tdir_ignore = TRUE;
3726 else
3727 {
3728 switch (dp->tdir_tag)
3729 {
3730 case TIFFTAG_STRIPOFFSETS:
3731 case TIFFTAG_STRIPBYTECOUNTS:
3732 case TIFFTAG_TILEOFFSETS:
3733 case TIFFTAG_TILEBYTECOUNTS:
3734 TIFFSetFieldBit(tif,fip->field_bit);
3735 break;
3736 case TIFFTAG_IMAGEWIDTH:
3737 case TIFFTAG_IMAGELENGTH:
3738 case TIFFTAG_IMAGEDEPTH:
3739 case TIFFTAG_TILELENGTH:
3740 case TIFFTAG_TILEWIDTH:
3741 case TIFFTAG_TILEDEPTH:
3742 case TIFFTAG_PLANARCONFIG:
3743 case TIFFTAG_ROWSPERSTRIP:
3744 case TIFFTAG_EXTRASAMPLES:
3745 if (!TIFFFetchNormalTag(tif,dp,0))
3746 goto bad;
3747 dp->tdir_ignore = TRUE;
3748 break;
3749 default:
3750 if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
3751 dp->tdir_ignore = TRUE;
3752 break;
3753 }
3754 }
3755 }
3756 }
3757 /*
3758 * XXX: OJPEG hack.
3759 * If a) compression is OJPEG, b) planarconfig tag says it's separate,
3760 * c) strip offsets/bytecounts tag are both present and
3761 * d) both contain exactly one value, then we consistently find
3762 * that the buggy implementation of the buggy compression scheme
3763 * matches contig planarconfig best. So we 'fix-up' the tag here
3764 */
3765 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&&
3766 (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE))
3767 {
3768 if (!_TIFFFillStriles(tif))
3769 goto bad;
3770 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS);
3771 if ((dp!=0)&&(dp->tdir_count==1))
3772 {
3773 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,
3774 TIFFTAG_STRIPBYTECOUNTS);
3775 if ((dp!=0)&&(dp->tdir_count==1))
3776 {
3777 tif->tif_dir.td_planarconfig=PLANARCONFIG_CONTIG;
3778 TIFFWarningExt(tif->tif_clientdata,module,
3779 "Planarconfig tag value assumed incorrect, "
3780 "assuming data is contig instead of chunky");
3781 }
3782 }
3783 }
3784 /*
3785 * Allocate directory structure and setup defaults.
3786 */
3787 if (!TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS))
3788 {
3789 MissingRequired(tif,"ImageLength");
3790 goto bad;
3791 }
3792 /*
3793 * Setup appropriate structures (by strip or by tile)
3794 */
3795 if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
3796 tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif);
3797 tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth;
3798 tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip;
3799 tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth;
3800 tif->tif_flags &= ~TIFF_ISTILED;
3801 } else {
3802 tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif);
3803 tif->tif_flags |= TIFF_ISTILED;
3804 }
3805 if (!tif->tif_dir.td_nstrips) {
3806 TIFFErrorExt(tif->tif_clientdata, module,
3807 "Cannot handle zero number of %s",
3808 isTiled(tif) ? "tiles" : "strips");
3809 goto bad;
3810 }
3811 if (tif->tif_dir.td_nstrips > INT_MAX) {
3812 TIFFErrorExt(tif->tif_clientdata, module,
3813 "Cannot handle %u number of %s",
3814 tif->tif_dir.td_nstrips,
3815 isTiled(tif) ? "tiles" : "strips");
3816 goto bad;
3817 }
3818 tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips;
3819 if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)
3820 tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel;
3821 if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) {
3822 #ifdef OJPEG_SUPPORT
3823 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) &&
3824 (isTiled(tif)==0) &&
3825 (tif->tif_dir.td_nstrips==1)) {
3826 /*
3827 * XXX: OJPEG hack.
3828 * If a) compression is OJPEG, b) it's not a tiled TIFF,
3829 * and c) the number of strips is 1,
3830 * then we tolerate the absence of stripoffsets tag,
3831 * because, presumably, all required data is in the
3832 * JpegInterchangeFormat stream.
3833 */
3834 TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS);
3835 } else
3836 #endif
3837 {
3838 MissingRequired(tif,
3839 isTiled(tif) ? "TileOffsets" : "StripOffsets");
3840 goto bad;
3841 }
3842 }
3843 /*
3844 * Second pass: extract other information.
3845 */
3846 for (di=0, dp=dir; di<dircount; di++, dp++)
3847 {
3848 if (!dp->tdir_ignore) {
3849 switch (dp->tdir_tag)
3850 {
3851 case TIFFTAG_MINSAMPLEVALUE:
3852 case TIFFTAG_MAXSAMPLEVALUE:
3853 case TIFFTAG_BITSPERSAMPLE:
3854 case TIFFTAG_DATATYPE:
3855 case TIFFTAG_SAMPLEFORMAT:
3856 /*
3857 * The MinSampleValue, MaxSampleValue, BitsPerSample
3858 * DataType and SampleFormat tags are supposed to be
3859 * written as one value/sample, but some vendors
3860 * incorrectly write one value only -- so we accept
3861 * that as well (yuck). Other vendors write correct
3862 * value for NumberOfSamples, but incorrect one for
3863 * BitsPerSample and friends, and we will read this
3864 * too.
3865 */
3866 {
3867 uint16 value;
3868 enum TIFFReadDirEntryErr err;
3869 err=TIFFReadDirEntryShort(tif,dp,&value);
3870 if (err==TIFFReadDirEntryErrCount)
3871 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3872 if (err!=TIFFReadDirEntryErrOk)
3873 {
3874 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3875 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3876 goto bad;
3877 }
3878 if (!TIFFSetField(tif,dp->tdir_tag,value))
3879 goto bad;
3880 if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE )
3881 bitspersample_read = TRUE;
3882 }
3883 break;
3884 case TIFFTAG_SMINSAMPLEVALUE:
3885 case TIFFTAG_SMAXSAMPLEVALUE:
3886 {
3887
3888 double *data = NULL;
3889 enum TIFFReadDirEntryErr err;
3890 uint32 saved_flags;
3891 int m;
3892 if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel)
3893 err = TIFFReadDirEntryErrCount;
3894 else
3895 err = TIFFReadDirEntryDoubleArray(tif, dp, &data);
3896 if (err!=TIFFReadDirEntryErrOk)
3897 {
3898 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3899 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3900 goto bad;
3901 }
3902 saved_flags = tif->tif_flags;
3903 tif->tif_flags |= TIFF_PERSAMPLE;
3904 m = TIFFSetField(tif,dp->tdir_tag,data);
3905 tif->tif_flags = saved_flags;
3906 _TIFFfree(data);
3907 if (!m)
3908 goto bad;
3909 }
3910 break;
3911 case TIFFTAG_STRIPOFFSETS:
3912 case TIFFTAG_TILEOFFSETS:
3913 _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry),
3914 dp, sizeof(TIFFDirEntry) );
3915 break;
3916 case TIFFTAG_STRIPBYTECOUNTS:
3917 case TIFFTAG_TILEBYTECOUNTS:
3918 _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry),
3919 dp, sizeof(TIFFDirEntry) );
3920 break;
3921 case TIFFTAG_COLORMAP:
3922 case TIFFTAG_TRANSFERFUNCTION:
3923 {
3924 enum TIFFReadDirEntryErr err;
3925 uint32 countpersample;
3926 uint32 countrequired;
3927 uint32 incrementpersample;
3928 uint16* value=NULL;
3929 /* It would be dangerous to instantiate those tag values */
3930 /* since if td_bitspersample has not yet been read (due to */
3931 /* unordered tags), it could be read afterwards with a */
3932 /* values greater than the default one (1), which may cause */
3933 /* crashes in user code */
3934 if( !bitspersample_read )
3935 {
3936 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3937 TIFFWarningExt(tif->tif_clientdata,module,
3938 "Ignoring %s since BitsPerSample tag not found",
3939 fip ? fip->field_name : "unknown tagname");
3940 continue;
3941 }
3942 /* ColorMap or TransferFunction for high bit */
3943 /* depths do not make much sense and could be */
3944 /* used as a denial of service vector */
3945 if (tif->tif_dir.td_bitspersample > 24)
3946 {
3947 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3948 TIFFWarningExt(tif->tif_clientdata,module,
3949 "Ignoring %s because BitsPerSample=%d>24",
3950 fip ? fip->field_name : "unknown tagname",
3951 tif->tif_dir.td_bitspersample);
3952 continue;
3953 }
3954 countpersample=(1U<<tif->tif_dir.td_bitspersample);
3955 if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
3956 {
3957 countrequired=countpersample;
3958 incrementpersample=0;
3959 }
3960 else
3961 {
3962 countrequired=3*countpersample;
3963 incrementpersample=countpersample;
3964 }
3965 if (dp->tdir_count!=(uint64)countrequired)
3966 err=TIFFReadDirEntryErrCount;
3967 else
3968 err=TIFFReadDirEntryShortArray(tif,dp,&value);
3969 if (err!=TIFFReadDirEntryErrOk)
3970 {
3971 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3972 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1);
3973 }
3974 else
3975 {
3976 TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample);
3977 _TIFFfree(value);
3978 }
3979 }
3980 break;
3981 /* BEGIN REV 4.0 COMPATIBILITY */
3982 case TIFFTAG_OSUBFILETYPE:
3983 {
3984 uint16 valueo;
3985 uint32 value;
3986 if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk)
3987 {
3988 switch (valueo)
3989 {
3990 case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break;
3991 case OFILETYPE_PAGE: value=FILETYPE_PAGE; break;
3992 default: value=0; break;
3993 }
3994 if (value!=0)
3995 TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value);
3996 }
3997 }
3998 break;
3999 /* END REV 4.0 COMPATIBILITY */
4000 default:
4001 (void) TIFFFetchNormalTag(tif, dp, TRUE);
4002 break;
4003 }
4004 } /* -- if (!dp->tdir_ignore) */
4005 } /* -- for-loop -- */
4006
4007 if( tif->tif_mode == O_RDWR &&
4008 tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 &&
4009 tif->tif_dir.td_stripoffset_entry.tdir_count == 0 &&
4010 tif->tif_dir.td_stripoffset_entry.tdir_type == 0 &&
4011 tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 &&
4012 tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 &&
4013 tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 &&
4014 tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 &&
4015 tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0 )
4016 {
4017 /* Directory typically created with TIFFDeferStrileArrayWriting() */
4018 TIFFSetupStrips(tif);
4019 }
4020 else if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) )
4021 {
4022 if( tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 )
4023 {
4024 if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripoffset_entry),
4025 tif->tif_dir.td_nstrips,
4026 &tif->tif_dir.td_stripoffset_p))
4027 {
4028 goto bad;
4029 }
4030 }
4031 if( tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 )
4032 {
4033 if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripbytecount_entry),
4034 tif->tif_dir.td_nstrips,
4035 &tif->tif_dir.td_stripbytecount_p))
4036 {
4037 goto bad;
4038 }
4039 }
4040 }
4041
4042 /*
4043 * OJPEG hack:
4044 * - If a) compression is OJPEG, and b) photometric tag is missing,
4045 * then we consistently find that photometric should be YCbCr
4046 * - If a) compression is OJPEG, and b) photometric tag says it's RGB,
4047 * then we consistently find that the buggy implementation of the
4048 * buggy compression scheme matches photometric YCbCr instead.
4049 * - If a) compression is OJPEG, and b) bitspersample tag is missing,
4050 * then we consistently find bitspersample should be 8.
4051 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
4052 * and c) photometric is RGB or YCbCr, then we consistently find
4053 * samplesperpixel should be 3
4054 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
4055 * and c) photometric is MINISWHITE or MINISBLACK, then we consistently
4056 * find samplesperpixel should be 3
4057 */
4058 if (tif->tif_dir.td_compression==COMPRESSION_OJPEG)
4059 {
4060 if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC))
4061 {
4062 TIFFWarningExt(tif->tif_clientdata, module,
4063 "Photometric tag is missing, assuming data is YCbCr");
4064 if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR))
4065 goto bad;
4066 }
4067 else if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
4068 {
4069 tif->tif_dir.td_photometric=PHOTOMETRIC_YCBCR;
4070 TIFFWarningExt(tif->tif_clientdata, module,
4071 "Photometric tag value assumed incorrect, "
4072 "assuming data is YCbCr instead of RGB");
4073 }
4074 if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE))
4075 {
4076 TIFFWarningExt(tif->tif_clientdata,module,
4077 "BitsPerSample tag is missing, assuming 8 bits per sample");
4078 if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8))
4079 goto bad;
4080 }
4081 if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL))
4082 {
4083 if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
4084 {
4085 TIFFWarningExt(tif->tif_clientdata,module,
4086 "SamplesPerPixel tag is missing, "
4087 "assuming correct SamplesPerPixel value is 3");
4088 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
4089 goto bad;
4090 }
4091 if (tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR)
4092 {
4093 TIFFWarningExt(tif->tif_clientdata,module,
4094 "SamplesPerPixel tag is missing, "
4095 "applying correct SamplesPerPixel value of 3");
4096 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
4097 goto bad;
4098 }
4099 else if ((tif->tif_dir.td_photometric==PHOTOMETRIC_MINISWHITE)
4100 || (tif->tif_dir.td_photometric==PHOTOMETRIC_MINISBLACK))
4101 {
4102 /*
4103 * SamplesPerPixel tag is missing, but is not required
4104 * by spec. Assume correct SamplesPerPixel value of 1.
4105 */
4106 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1))
4107 goto bad;
4108 }
4109 }
4110 }
4111
4112 /*
4113 * Make sure all non-color channels are extrasamples.
4114 * If it's not the case, define them as such.
4115 */
4116 color_channels = _TIFFGetMaxColorChannels(tif->tif_dir.td_photometric);
4117 if (color_channels && tif->tif_dir.td_samplesperpixel - tif->tif_dir.td_extrasamples > color_channels) {
4118 uint16 old_extrasamples;
4119 uint16 *new_sampleinfo;
4120
4121 TIFFWarningExt(tif->tif_clientdata,module, "Sum of Photometric type-related "
4122 "color channels and ExtraSamples doesn't match SamplesPerPixel. "
4123 "Defining non-color channels as ExtraSamples.");
4124
4125 old_extrasamples = tif->tif_dir.td_extrasamples;
4126 tif->tif_dir.td_extrasamples = (uint16) (tif->tif_dir.td_samplesperpixel - color_channels);
4127
4128 // sampleinfo should contain information relative to these new extra samples
4129 new_sampleinfo = (uint16*) _TIFFcalloc(tif->tif_dir.td_extrasamples, sizeof(uint16));
4130 if (!new_sampleinfo) {
4131 TIFFErrorExt(tif->tif_clientdata, module, "Failed to allocate memory for "
4132 "temporary new sampleinfo array (%d 16 bit elements)",
4133 tif->tif_dir.td_extrasamples);
4134 goto bad;
4135 }
4136
4137 memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16));
4138 _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples);
4139 _TIFFfree(new_sampleinfo);
4140 }
4141
4142 /*
4143 * Verify Palette image has a Colormap.
4144 */
4145 if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE &&
4146 !TIFFFieldSet(tif, FIELD_COLORMAP)) {
4147 if ( tif->tif_dir.td_bitspersample>=8 && tif->tif_dir.td_samplesperpixel==3)
4148 tif->tif_dir.td_photometric = PHOTOMETRIC_RGB;
4149 else if (tif->tif_dir.td_bitspersample>=8)
4150 tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK;
4151 else {
4152 MissingRequired(tif, "Colormap");
4153 goto bad;
4154 }
4155 }
4156 /*
4157 * OJPEG hack:
4158 * We do no further messing with strip/tile offsets/bytecounts in OJPEG
4159 * TIFFs
4160 */
4161 if (tif->tif_dir.td_compression!=COMPRESSION_OJPEG)
4162 {
4163 /*
4164 * Attempt to deal with a missing StripByteCounts tag.
4165 */
4166 if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) {
4167 /*
4168 * Some manufacturers violate the spec by not giving
4169 * the size of the strips. In this case, assume there
4170 * is one uncompressed strip of data.
4171 */
4172 if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG &&
4173 tif->tif_dir.td_nstrips > 1) ||
4174 (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE &&
4175 tif->tif_dir.td_nstrips != (uint32)tif->tif_dir.td_samplesperpixel)) {
4176 MissingRequired(tif, "StripByteCounts");
4177 goto bad;
4178 }
4179 TIFFWarningExt(tif->tif_clientdata, module,
4180 "TIFF directory is missing required "
4181 "\"StripByteCounts\" field, calculating from imagelength");
4182 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
4183 goto bad;
4184
4185 } else if (tif->tif_dir.td_nstrips == 1
4186 && !(tif->tif_flags&TIFF_ISTILED)
4187 && ByteCountLooksBad(tif)) {
4188 /*
4189 * XXX: Plexus (and others) sometimes give a value of
4190 * zero for a tag when they don't know what the
4191 * correct value is! Try and handle the simple case
4192 * of estimating the size of a one strip image.
4193 */
4194 TIFFWarningExt(tif->tif_clientdata, module,
4195 "Bogus \"StripByteCounts\" field, ignoring and calculating from imagelength");
4196 if(EstimateStripByteCounts(tif, dir, dircount) < 0)
4197 goto bad;
4198
4199 } else if (!(tif->tif_flags&TIFF_DEFERSTRILELOAD)
4200 && tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG
4201 && tif->tif_dir.td_nstrips > 2
4202 && tif->tif_dir.td_compression == COMPRESSION_NONE
4203 && TIFFGetStrileByteCount(tif, 0) != TIFFGetStrileByteCount(tif, 1)
4204 && TIFFGetStrileByteCount(tif, 0) != 0
4205 && TIFFGetStrileByteCount(tif, 1) != 0 ) {
4206 /*
4207 * XXX: Some vendors fill StripByteCount array with
4208 * absolutely wrong values (it can be equal to
4209 * StripOffset array, for example). Catch this case
4210 * here.
4211 *
4212 * We avoid this check if deferring strile loading
4213 * as it would always force us to load the strip/tile
4214 * information.
4215 */
4216 TIFFWarningExt(tif->tif_clientdata, module,
4217 "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength");
4218 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
4219 goto bad;
4220 }
4221 }
4222 if (dir)
4223 {
4224 _TIFFfree(dir);
4225 dir=NULL;
4226 }
4227 if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE))
4228 {
4229 if (tif->tif_dir.td_bitspersample>=16)
4230 tif->tif_dir.td_maxsamplevalue=0xFFFF;
4231 else
4232 tif->tif_dir.td_maxsamplevalue = (uint16)((1L<<tif->tif_dir.td_bitspersample)-1);
4233 }
4234
4235 #ifdef STRIPBYTECOUNTSORTED_UNUSED
4236 /*
4237 * XXX: We can optimize checking for the strip bounds using the sorted
4238 * bytecounts array. See also comments for TIFFAppendToStrip()
4239 * function in tif_write.c.
4240 */
4241 if (!(tif->tif_flags&TIFF_DEFERSTRILELOAD) && tif->tif_dir.td_nstrips > 1) {
4242 uint32 strip;
4243
4244 tif->tif_dir.td_stripbytecountsorted = 1;
4245 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
4246 if (TIFFGetStrileOffset(tif, strip - 1) >
4247 TIFFGetStrileOffset(tif, strip)) {
4248 tif->tif_dir.td_stripbytecountsorted = 0;
4249 break;
4250 }
4251 }
4252 }
4253 #endif
4254
4255 /*
4256 * An opportunity for compression mode dependent tag fixup
4257 */
4258 (*tif->tif_fixuptags)(tif);
4259
4260 /*
4261 * Some manufacturers make life difficult by writing
4262 * large amounts of uncompressed data as a single strip.
4263 * This is contrary to the recommendations of the spec.
4264 * The following makes an attempt at breaking such images
4265 * into strips closer to the recommended 8k bytes. A
4266 * side effect, however, is that the RowsPerStrip tag
4267 * value may be changed.
4268 */
4269 if ((tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&&
4270 (tif->tif_dir.td_nstrips==1)&&
4271 (tif->tif_dir.td_compression==COMPRESSION_NONE)&&
4272 ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP))
4273 {
4274 ChopUpSingleUncompressedStrip(tif);
4275 }
4276
4277 /* There are also uncompressed striped files with strips larger than */
4278 /* 2 GB, which make them unfriendly with a lot of code. If possible, */
4279 /* try to expose smaller "virtual" strips. */
4280 if( tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG &&
4281 tif->tif_dir.td_compression == COMPRESSION_NONE &&
4282 (tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED)) == TIFF_STRIPCHOP &&
4283 TIFFStripSize64(tif) > 0x7FFFFFFFUL )
4284 {
4285 TryChopUpUncompressedBigTiff(tif);
4286 }
4287
4288 /*
4289 * Clear the dirty directory flag.
4290 */
4291 tif->tif_flags &= ~TIFF_DIRTYDIRECT;
4292 tif->tif_flags &= ~TIFF_DIRTYSTRIP;
4293
4294 /*
4295 * Reinitialize i/o since we are starting on a new directory.
4296 */
4297 tif->tif_row = (uint32) -1;
4298 tif->tif_curstrip = (uint32) -1;
4299 tif->tif_col = (uint32) -1;
4300 tif->tif_curtile = (uint32) -1;
4301 tif->tif_tilesize = (tmsize_t) -1;
4302
4303 tif->tif_scanlinesize = TIFFScanlineSize(tif);
4304 if (!tif->tif_scanlinesize) {
4305 TIFFErrorExt(tif->tif_clientdata, module,
4306 "Cannot handle zero scanline size");
4307 return (0);
4308 }
4309
4310 if (isTiled(tif)) {
4311 tif->tif_tilesize = TIFFTileSize(tif);
4312 if (!tif->tif_tilesize) {
4313 TIFFErrorExt(tif->tif_clientdata, module,
4314 "Cannot handle zero tile size");
4315 return (0);
4316 }
4317 } else {
4318 if (!TIFFStripSize(tif)) {
4319 TIFFErrorExt(tif->tif_clientdata, module,
4320 "Cannot handle zero strip size");
4321 return (0);
4322 }
4323 }
4324 return (1);
4325 bad:
4326 if (dir)
4327 _TIFFfree(dir);
4328 return (0);
4329 }
4330
4331 static void
TIFFReadDirectoryCheckOrder(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4332 TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4333 {
4334 static const char module[] = "TIFFReadDirectoryCheckOrder";
4335 uint16 m;
4336 uint16 n;
4337 TIFFDirEntry* o;
4338 m=0;
4339 for (n=0, o=dir; n<dircount; n++, o++)
4340 {
4341 if (o->tdir_tag<m)
4342 {
4343 TIFFWarningExt(tif->tif_clientdata,module,
4344 "Invalid TIFF directory; tags are not sorted in ascending order");
4345 break;
4346 }
4347 m=o->tdir_tag+1;
4348 }
4349 }
4350
4351 static TIFFDirEntry*
TIFFReadDirectoryFindEntry(TIFF * tif,TIFFDirEntry * dir,uint16 dircount,uint16 tagid)4352 TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid)
4353 {
4354 TIFFDirEntry* m;
4355 uint16 n;
4356 (void) tif;
4357 for (m=dir, n=0; n<dircount; m++, n++)
4358 {
4359 if (m->tdir_tag==tagid)
4360 return(m);
4361 }
4362 return(0);
4363 }
4364
4365 static void
TIFFReadDirectoryFindFieldInfo(TIFF * tif,uint16 tagid,uint32 * fii)4366 TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii)
4367 {
4368 int32 ma,mb,mc;
4369 ma=-1;
4370 mc=(int32)tif->tif_nfields;
4371 while (1)
4372 {
4373 if (ma+1==mc)
4374 {
4375 *fii = FAILED_FII;
4376 return;
4377 }
4378 mb=(ma+mc)/2;
4379 if (tif->tif_fields[mb]->field_tag==(uint32)tagid)
4380 break;
4381 if (tif->tif_fields[mb]->field_tag<(uint32)tagid)
4382 ma=mb;
4383 else
4384 mc=mb;
4385 }
4386 while (1)
4387 {
4388 if (mb==0)
4389 break;
4390 if (tif->tif_fields[mb-1]->field_tag!=(uint32)tagid)
4391 break;
4392 mb--;
4393 }
4394 *fii=mb;
4395 }
4396
4397 /*
4398 * Read custom directory from the arbitrary offset.
4399 * The code is very similar to TIFFReadDirectory().
4400 */
4401 int
TIFFReadCustomDirectory(TIFF * tif,toff_t diroff,const TIFFFieldArray * infoarray)4402 TIFFReadCustomDirectory(TIFF* tif, toff_t diroff,
4403 const TIFFFieldArray* infoarray)
4404 {
4405 static const char module[] = "TIFFReadCustomDirectory";
4406 TIFFDirEntry* dir;
4407 uint16 dircount;
4408 TIFFDirEntry* dp;
4409 uint16 di;
4410 const TIFFField* fip;
4411 uint32 fii;
4412 _TIFFSetupFields(tif, infoarray);
4413 dircount=TIFFFetchDirectory(tif,diroff,&dir,NULL);
4414 if (!dircount)
4415 {
4416 TIFFErrorExt(tif->tif_clientdata,module,
4417 "Failed to read custom directory at offset " TIFF_UINT64_FORMAT,diroff);
4418 return 0;
4419 }
4420 TIFFFreeDirectory(tif);
4421 _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory));
4422 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
4423 for (di=0, dp=dir; di<dircount; di++, dp++)
4424 {
4425 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4426 if (fii == FAILED_FII)
4427 {
4428 TIFFWarningExt(tif->tif_clientdata, module,
4429 "Unknown field with tag %d (0x%x) encountered",
4430 dp->tdir_tag, dp->tdir_tag);
4431 if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif,
4432 dp->tdir_tag,
4433 (TIFFDataType) dp->tdir_type),
4434 1)) {
4435 TIFFWarningExt(tif->tif_clientdata, module,
4436 "Registering anonymous field with tag %d (0x%x) failed",
4437 dp->tdir_tag, dp->tdir_tag);
4438 dp->tdir_ignore = TRUE;
4439 } else {
4440 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4441 assert( fii != FAILED_FII );
4442 }
4443 }
4444 if (!dp->tdir_ignore)
4445 {
4446 fip=tif->tif_fields[fii];
4447 if (fip->field_bit==FIELD_IGNORE)
4448 dp->tdir_ignore = TRUE;
4449 else
4450 {
4451 /* check data type */
4452 while ((fip->field_type!=TIFF_ANY)&&(fip->field_type!=dp->tdir_type))
4453 {
4454 fii++;
4455 if ((fii==tif->tif_nfields)||
4456 (tif->tif_fields[fii]->field_tag!=(uint32)dp->tdir_tag))
4457 {
4458 fii=0xFFFF;
4459 break;
4460 }
4461 fip=tif->tif_fields[fii];
4462 }
4463 if (fii==0xFFFF)
4464 {
4465 TIFFWarningExt(tif->tif_clientdata, module,
4466 "Wrong data type %d for \"%s\"; tag ignored",
4467 dp->tdir_type,fip->field_name);
4468 dp->tdir_ignore = TRUE;
4469 }
4470 else
4471 {
4472 /* check count if known in advance */
4473 if ((fip->field_readcount!=TIFF_VARIABLE)&&
4474 (fip->field_readcount!=TIFF_VARIABLE2))
4475 {
4476 uint32 expected;
4477 if (fip->field_readcount==TIFF_SPP)
4478 expected=(uint32)tif->tif_dir.td_samplesperpixel;
4479 else
4480 expected=(uint32)fip->field_readcount;
4481 if (!CheckDirCount(tif,dp,expected))
4482 dp->tdir_ignore = TRUE;
4483 }
4484 }
4485 }
4486 if (!dp->tdir_ignore) {
4487 switch (dp->tdir_tag)
4488 {
4489 case EXIFTAG_SUBJECTDISTANCE:
4490 (void)TIFFFetchSubjectDistance(tif, dp);
4491 break;
4492 default:
4493 (void)TIFFFetchNormalTag(tif, dp, TRUE);
4494 break;
4495 }
4496 } /*-- if (!dp->tdir_ignore) */
4497 }
4498 }
4499 if (dir)
4500 _TIFFfree(dir);
4501 return 1;
4502 }
4503
4504 /*
4505 * EXIF is important special case of custom IFD, so we have a special
4506 * function to read it.
4507 */
4508 int
TIFFReadEXIFDirectory(TIFF * tif,toff_t diroff)4509 TIFFReadEXIFDirectory(TIFF* tif, toff_t diroff)
4510 {
4511 const TIFFFieldArray* exifFieldArray;
4512 exifFieldArray = _TIFFGetExifFields();
4513 return TIFFReadCustomDirectory(tif, diroff, exifFieldArray);
4514 }
4515
4516 static int
EstimateStripByteCounts(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4517 EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4518 {
4519 static const char module[] = "EstimateStripByteCounts";
4520
4521 TIFFDirEntry *dp;
4522 TIFFDirectory *td = &tif->tif_dir;
4523 uint32 strip;
4524
4525 /* Do not try to load stripbytecount as we will compute it */
4526 if( !_TIFFFillStrilesInternal( tif, 0 ) )
4527 return -1;
4528
4529 if (td->td_stripbytecount_p)
4530 _TIFFfree(td->td_stripbytecount_p);
4531 td->td_stripbytecount_p = (uint64*)
4532 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
4533 "for \"StripByteCounts\" array");
4534 if( td->td_stripbytecount_p == NULL )
4535 return -1;
4536
4537 if (td->td_compression != COMPRESSION_NONE) {
4538 uint64 space;
4539 uint64 filesize;
4540 uint16 n;
4541 filesize = TIFFGetFileSize(tif);
4542 if (!(tif->tif_flags&TIFF_BIGTIFF))
4543 space=sizeof(TIFFHeaderClassic)+2+dircount*12+4;
4544 else
4545 space=sizeof(TIFFHeaderBig)+8+dircount*20+8;
4546 /* calculate amount of space used by indirect values */
4547 for (dp = dir, n = dircount; n > 0; n--, dp++)
4548 {
4549 uint32 typewidth;
4550 uint64 datasize;
4551 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4552 if (typewidth == 0) {
4553 TIFFErrorExt(tif->tif_clientdata, module,
4554 "Cannot determine size of unknown tag type %d",
4555 dp->tdir_type);
4556 return -1;
4557 }
4558 if( dp->tdir_count > TIFF_UINT64_MAX / typewidth )
4559 return -1;
4560 datasize=(uint64)typewidth*dp->tdir_count;
4561 if (!(tif->tif_flags&TIFF_BIGTIFF))
4562 {
4563 if (datasize<=4)
4564 datasize=0;
4565 }
4566 else
4567 {
4568 if (datasize<=8)
4569 datasize=0;
4570 }
4571 if( space > TIFF_UINT64_MAX - datasize )
4572 return -1;
4573 space+=datasize;
4574 }
4575 if( filesize < space )
4576 /* we should perhaps return in error ? */
4577 space = filesize;
4578 else
4579 space = filesize - space;
4580 if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
4581 space /= td->td_samplesperpixel;
4582 for (strip = 0; strip < td->td_nstrips; strip++)
4583 td->td_stripbytecount_p[strip] = space;
4584 /*
4585 * This gross hack handles the case were the offset to
4586 * the last strip is past the place where we think the strip
4587 * should begin. Since a strip of data must be contiguous,
4588 * it's safe to assume that we've overestimated the amount
4589 * of data in the strip and trim this number back accordingly.
4590 */
4591 strip--;
4592 if (td->td_stripoffset_p[strip] > TIFF_UINT64_MAX - td->td_stripbytecount_p[strip])
4593 return -1;
4594 if (td->td_stripoffset_p[strip]+td->td_stripbytecount_p[strip] > filesize) {
4595 if( td->td_stripoffset_p[strip] >= filesize ) {
4596 /* Not sure what we should in that case... */
4597 td->td_stripbytecount_p[strip] = 0;
4598 } else {
4599 td->td_stripbytecount_p[strip] = filesize - td->td_stripoffset_p[strip];
4600 }
4601 }
4602 } else if (isTiled(tif)) {
4603 uint64 bytespertile = TIFFTileSize64(tif);
4604
4605 for (strip = 0; strip < td->td_nstrips; strip++)
4606 td->td_stripbytecount_p[strip] = bytespertile;
4607 } else {
4608 uint64 rowbytes = TIFFScanlineSize64(tif);
4609 uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage;
4610 for (strip = 0; strip < td->td_nstrips; strip++)
4611 {
4612 if( rowbytes > 0 && rowsperstrip > TIFF_UINT64_MAX / rowbytes )
4613 return -1;
4614 td->td_stripbytecount_p[strip] = rowbytes * rowsperstrip;
4615 }
4616 }
4617 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS);
4618 if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP))
4619 td->td_rowsperstrip = td->td_imagelength;
4620 return 1;
4621 }
4622
4623 static void
MissingRequired(TIFF * tif,const char * tagname)4624 MissingRequired(TIFF* tif, const char* tagname)
4625 {
4626 static const char module[] = "MissingRequired";
4627
4628 TIFFErrorExt(tif->tif_clientdata, module,
4629 "TIFF directory is missing required \"%s\" field",
4630 tagname);
4631 }
4632
4633 /*
4634 * Check the directory offset against the list of already seen directory
4635 * offsets. This is a trick to prevent IFD looping. The one can create TIFF
4636 * file with looped directory pointers. We will maintain a list of already
4637 * seen directories and check every IFD offset against that list.
4638 */
4639 static int
TIFFCheckDirOffset(TIFF * tif,uint64 diroff)4640 TIFFCheckDirOffset(TIFF* tif, uint64 diroff)
4641 {
4642 uint16 n;
4643
4644 if (diroff == 0) /* no more directories */
4645 return 0;
4646 if (tif->tif_dirnumber == 65535) {
4647 TIFFErrorExt(tif->tif_clientdata, "TIFFCheckDirOffset",
4648 "Cannot handle more than 65535 TIFF directories");
4649 return 0;
4650 }
4651
4652 for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) {
4653 if (tif->tif_dirlist[n] == diroff)
4654 return 0;
4655 }
4656
4657 tif->tif_dirnumber++;
4658
4659 if (tif->tif_dirlist == NULL || tif->tif_dirnumber > tif->tif_dirlistsize) {
4660 uint64* new_dirlist;
4661
4662 /*
4663 * XXX: Reduce memory allocation granularity of the dirlist
4664 * array.
4665 */
4666 new_dirlist = (uint64*)_TIFFCheckRealloc(tif, tif->tif_dirlist,
4667 tif->tif_dirnumber, 2 * sizeof(uint64), "for IFD list");
4668 if (!new_dirlist)
4669 return 0;
4670 if( tif->tif_dirnumber >= 32768 )
4671 tif->tif_dirlistsize = 65535;
4672 else
4673 tif->tif_dirlistsize = 2 * tif->tif_dirnumber;
4674 tif->tif_dirlist = new_dirlist;
4675 }
4676
4677 tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff;
4678
4679 return 1;
4680 }
4681
4682 /*
4683 * Check the count field of a directory entry against a known value. The
4684 * caller is expected to skip/ignore the tag if there is a mismatch.
4685 */
4686 static int
CheckDirCount(TIFF * tif,TIFFDirEntry * dir,uint32 count)4687 CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count)
4688 {
4689 if ((uint64)count > dir->tdir_count) {
4690 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4691 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4692 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag ignored",
4693 fip ? fip->field_name : "unknown tagname",
4694 dir->tdir_count, count);
4695 return (0);
4696 } else if ((uint64)count < dir->tdir_count) {
4697 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4698 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4699 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag trimmed",
4700 fip ? fip->field_name : "unknown tagname",
4701 dir->tdir_count, count);
4702 dir->tdir_count = count;
4703 return (1);
4704 }
4705 return (1);
4706 }
4707
4708 /*
4709 * Read IFD structure from the specified offset. If the pointer to
4710 * nextdiroff variable has been specified, read it too. Function returns a
4711 * number of fields in the directory or 0 if failed.
4712 */
4713 static uint16
TIFFFetchDirectory(TIFF * tif,uint64 diroff,TIFFDirEntry ** pdir,uint64 * nextdiroff)4714 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
4715 uint64 *nextdiroff)
4716 {
4717 static const char module[] = "TIFFFetchDirectory";
4718
4719 void* origdir;
4720 uint16 dircount16;
4721 uint32 dirsize;
4722 TIFFDirEntry* dir;
4723 uint8* ma;
4724 TIFFDirEntry* mb;
4725 uint16 n;
4726
4727 assert(pdir);
4728
4729 tif->tif_diroff = diroff;
4730 if (nextdiroff)
4731 *nextdiroff = 0;
4732 if (!isMapped(tif)) {
4733 if (!SeekOK(tif, tif->tif_diroff)) {
4734 TIFFErrorExt(tif->tif_clientdata, module,
4735 "%s: Seek error accessing TIFF directory",
4736 tif->tif_name);
4737 return 0;
4738 }
4739 if (!(tif->tif_flags&TIFF_BIGTIFF))
4740 {
4741 if (!ReadOK(tif, &dircount16, sizeof (uint16))) {
4742 TIFFErrorExt(tif->tif_clientdata, module,
4743 "%s: Can not read TIFF directory count",
4744 tif->tif_name);
4745 return 0;
4746 }
4747 if (tif->tif_flags & TIFF_SWAB)
4748 TIFFSwabShort(&dircount16);
4749 if (dircount16>4096)
4750 {
4751 TIFFErrorExt(tif->tif_clientdata, module,
4752 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4753 return 0;
4754 }
4755 dirsize = 12;
4756 } else {
4757 uint64 dircount64;
4758 if (!ReadOK(tif, &dircount64, sizeof (uint64))) {
4759 TIFFErrorExt(tif->tif_clientdata, module,
4760 "%s: Can not read TIFF directory count",
4761 tif->tif_name);
4762 return 0;
4763 }
4764 if (tif->tif_flags & TIFF_SWAB)
4765 TIFFSwabLong8(&dircount64);
4766 if (dircount64>4096)
4767 {
4768 TIFFErrorExt(tif->tif_clientdata, module,
4769 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4770 return 0;
4771 }
4772 dircount16 = (uint16)dircount64;
4773 dirsize = 20;
4774 }
4775 origdir = _TIFFCheckMalloc(tif, dircount16,
4776 dirsize, "to read TIFF directory");
4777 if (origdir == NULL)
4778 return 0;
4779 if (!ReadOK(tif, origdir, (tmsize_t)(dircount16*dirsize))) {
4780 TIFFErrorExt(tif->tif_clientdata, module,
4781 "%.100s: Can not read TIFF directory",
4782 tif->tif_name);
4783 _TIFFfree(origdir);
4784 return 0;
4785 }
4786 /*
4787 * Read offset to next directory for sequential scans if
4788 * needed.
4789 */
4790 if (nextdiroff)
4791 {
4792 if (!(tif->tif_flags&TIFF_BIGTIFF))
4793 {
4794 uint32 nextdiroff32;
4795 if (!ReadOK(tif, &nextdiroff32, sizeof(uint32)))
4796 nextdiroff32 = 0;
4797 if (tif->tif_flags&TIFF_SWAB)
4798 TIFFSwabLong(&nextdiroff32);
4799 *nextdiroff=nextdiroff32;
4800 } else {
4801 if (!ReadOK(tif, nextdiroff, sizeof(uint64)))
4802 *nextdiroff = 0;
4803 if (tif->tif_flags&TIFF_SWAB)
4804 TIFFSwabLong8(nextdiroff);
4805 }
4806 }
4807 } else {
4808 tmsize_t m;
4809 tmsize_t off;
4810 if (tif->tif_diroff > (uint64)TIFF_INT64_MAX)
4811 {
4812 TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count");
4813 return(0);
4814 }
4815 off = (tmsize_t) tif->tif_diroff;
4816
4817 /*
4818 * Check for integer overflow when validating the dir_off,
4819 * otherwise a very high offset may cause an OOB read and
4820 * crash the client. Make two comparisons instead of
4821 *
4822 * off + sizeof(uint16) > tif->tif_size
4823 *
4824 * to avoid overflow.
4825 */
4826 if (!(tif->tif_flags&TIFF_BIGTIFF))
4827 {
4828 m=off+sizeof(uint16);
4829 if ((m<off)||(m<(tmsize_t)sizeof(uint16))||(m>tif->tif_size)) {
4830 TIFFErrorExt(tif->tif_clientdata, module,
4831 "Can not read TIFF directory count");
4832 return 0;
4833 } else {
4834 _TIFFmemcpy(&dircount16, tif->tif_base + off,
4835 sizeof(uint16));
4836 }
4837 off += sizeof (uint16);
4838 if (tif->tif_flags & TIFF_SWAB)
4839 TIFFSwabShort(&dircount16);
4840 if (dircount16>4096)
4841 {
4842 TIFFErrorExt(tif->tif_clientdata, module,
4843 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4844 return 0;
4845 }
4846 dirsize = 12;
4847 }
4848 else
4849 {
4850 uint64 dircount64;
4851 m=off+sizeof(uint64);
4852 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size)) {
4853 TIFFErrorExt(tif->tif_clientdata, module,
4854 "Can not read TIFF directory count");
4855 return 0;
4856 } else {
4857 _TIFFmemcpy(&dircount64, tif->tif_base + off,
4858 sizeof(uint64));
4859 }
4860 off += sizeof (uint64);
4861 if (tif->tif_flags & TIFF_SWAB)
4862 TIFFSwabLong8(&dircount64);
4863 if (dircount64>4096)
4864 {
4865 TIFFErrorExt(tif->tif_clientdata, module,
4866 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4867 return 0;
4868 }
4869 dircount16 = (uint16)dircount64;
4870 dirsize = 20;
4871 }
4872 if (dircount16 == 0 )
4873 {
4874 TIFFErrorExt(tif->tif_clientdata, module,
4875 "Sanity check on directory count failed, zero tag directories not supported");
4876 return 0;
4877 }
4878 origdir = _TIFFCheckMalloc(tif, dircount16,
4879 dirsize,
4880 "to read TIFF directory");
4881 if (origdir == NULL)
4882 return 0;
4883 m=off+dircount16*dirsize;
4884 if ((m<off)||(m<(tmsize_t)(dircount16*dirsize))||(m>tif->tif_size)) {
4885 TIFFErrorExt(tif->tif_clientdata, module,
4886 "Can not read TIFF directory");
4887 _TIFFfree(origdir);
4888 return 0;
4889 } else {
4890 _TIFFmemcpy(origdir, tif->tif_base + off,
4891 dircount16 * dirsize);
4892 }
4893 if (nextdiroff) {
4894 off += dircount16 * dirsize;
4895 if (!(tif->tif_flags&TIFF_BIGTIFF))
4896 {
4897 uint32 nextdiroff32;
4898 m=off+sizeof(uint32);
4899 if ((m<off)||(m<(tmsize_t)sizeof(uint32))||(m>tif->tif_size))
4900 nextdiroff32 = 0;
4901 else
4902 _TIFFmemcpy(&nextdiroff32, tif->tif_base + off,
4903 sizeof (uint32));
4904 if (tif->tif_flags&TIFF_SWAB)
4905 TIFFSwabLong(&nextdiroff32);
4906 *nextdiroff = nextdiroff32;
4907 }
4908 else
4909 {
4910 m=off+sizeof(uint64);
4911 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size))
4912 *nextdiroff = 0;
4913 else
4914 _TIFFmemcpy(nextdiroff, tif->tif_base + off,
4915 sizeof (uint64));
4916 if (tif->tif_flags&TIFF_SWAB)
4917 TIFFSwabLong8(nextdiroff);
4918 }
4919 }
4920 }
4921 dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16,
4922 sizeof(TIFFDirEntry),
4923 "to read TIFF directory");
4924 if (dir==0)
4925 {
4926 _TIFFfree(origdir);
4927 return 0;
4928 }
4929 ma=(uint8*)origdir;
4930 mb=dir;
4931 for (n=0; n<dircount16; n++)
4932 {
4933 mb->tdir_ignore = FALSE;
4934 if (tif->tif_flags&TIFF_SWAB)
4935 TIFFSwabShort((uint16*)ma);
4936 mb->tdir_tag=*(uint16*)ma;
4937 ma+=sizeof(uint16);
4938 if (tif->tif_flags&TIFF_SWAB)
4939 TIFFSwabShort((uint16*)ma);
4940 mb->tdir_type=*(uint16*)ma;
4941 ma+=sizeof(uint16);
4942 if (!(tif->tif_flags&TIFF_BIGTIFF))
4943 {
4944 if (tif->tif_flags&TIFF_SWAB)
4945 TIFFSwabLong((uint32*)ma);
4946 mb->tdir_count=(uint64)(*(uint32*)ma);
4947 ma+=sizeof(uint32);
4948 mb->tdir_offset.toff_long8=0;
4949 *(uint32*)(&mb->tdir_offset)=*(uint32*)ma;
4950 ma+=sizeof(uint32);
4951 }
4952 else
4953 {
4954 if (tif->tif_flags&TIFF_SWAB)
4955 TIFFSwabLong8((uint64*)ma);
4956 mb->tdir_count=TIFFReadUInt64(ma);
4957 ma+=sizeof(uint64);
4958 mb->tdir_offset.toff_long8=TIFFReadUInt64(ma);
4959 ma+=sizeof(uint64);
4960 }
4961 mb++;
4962 }
4963 _TIFFfree(origdir);
4964 *pdir = dir;
4965 return dircount16;
4966 }
4967
4968 /*
4969 * Fetch a tag that is not handled by special case code.
4970 */
4971 static int
TIFFFetchNormalTag(TIFF * tif,TIFFDirEntry * dp,int recover)4972 TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
4973 {
4974 static const char module[] = "TIFFFetchNormalTag";
4975 enum TIFFReadDirEntryErr err;
4976 uint32 fii;
4977 const TIFFField* fip = NULL;
4978 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4979 if( fii == FAILED_FII )
4980 {
4981 TIFFErrorExt(tif->tif_clientdata, "TIFFFetchNormalTag",
4982 "No definition found for tag %d",
4983 dp->tdir_tag);
4984 return 0;
4985 }
4986 fip=tif->tif_fields[fii];
4987 assert(fip != NULL); /* should not happen */
4988 assert(fip->set_field_type!=TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with this in specialized code */
4989 assert(fip->set_field_type!=TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only the case for pseudo-tags */
4990 err=TIFFReadDirEntryErrOk;
4991 switch (fip->set_field_type)
4992 {
4993 case TIFF_SETGET_UNDEFINED:
4994 break;
4995 case TIFF_SETGET_ASCII:
4996 {
4997 uint8* data;
4998 assert(fip->field_passcount==0);
4999 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5000 if (err==TIFFReadDirEntryErrOk)
5001 {
5002 uint32 mb = 0;
5003 int n;
5004 if (data != NULL)
5005 {
5006 uint8* ma = data;
5007 while (mb<(uint32)dp->tdir_count)
5008 {
5009 if (*ma==0)
5010 break;
5011 ma++;
5012 mb++;
5013 }
5014 }
5015 if (mb+1<(uint32)dp->tdir_count)
5016 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" contains null byte in value; value incorrectly truncated during reading due to implementation limitations",fip->field_name);
5017 else if (mb+1>(uint32)dp->tdir_count)
5018 {
5019 uint8* o;
5020 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte",fip->field_name);
5021 if ((uint32)dp->tdir_count+1!=dp->tdir_count+1)
5022 o=NULL;
5023 else
5024 o=_TIFFmalloc((uint32)dp->tdir_count+1);
5025 if (o==NULL)
5026 {
5027 if (data!=NULL)
5028 _TIFFfree(data);
5029 return(0);
5030 }
5031 _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
5032 o[(uint32)dp->tdir_count]=0;
5033 if (data!=0)
5034 _TIFFfree(data);
5035 data=o;
5036 }
5037 n=TIFFSetField(tif,dp->tdir_tag,data);
5038 if (data!=0)
5039 _TIFFfree(data);
5040 if (!n)
5041 return(0);
5042 }
5043 }
5044 break;
5045 case TIFF_SETGET_UINT8:
5046 {
5047 uint8 data=0;
5048 assert(fip->field_readcount==1);
5049 assert(fip->field_passcount==0);
5050 err=TIFFReadDirEntryByte(tif,dp,&data);
5051 if (err==TIFFReadDirEntryErrOk)
5052 {
5053 if (!TIFFSetField(tif,dp->tdir_tag,data))
5054 return(0);
5055 }
5056 }
5057 break;
5058 case TIFF_SETGET_UINT16:
5059 {
5060 uint16 data;
5061 assert(fip->field_readcount==1);
5062 assert(fip->field_passcount==0);
5063 err=TIFFReadDirEntryShort(tif,dp,&data);
5064 if (err==TIFFReadDirEntryErrOk)
5065 {
5066 if (!TIFFSetField(tif,dp->tdir_tag,data))
5067 return(0);
5068 }
5069 }
5070 break;
5071 case TIFF_SETGET_UINT32:
5072 {
5073 uint32 data;
5074 assert(fip->field_readcount==1);
5075 assert(fip->field_passcount==0);
5076 err=TIFFReadDirEntryLong(tif,dp,&data);
5077 if (err==TIFFReadDirEntryErrOk)
5078 {
5079 if (!TIFFSetField(tif,dp->tdir_tag,data))
5080 return(0);
5081 }
5082 }
5083 break;
5084 case TIFF_SETGET_UINT64:
5085 {
5086 uint64 data;
5087 assert(fip->field_readcount==1);
5088 assert(fip->field_passcount==0);
5089 err=TIFFReadDirEntryLong8(tif,dp,&data);
5090 if (err==TIFFReadDirEntryErrOk)
5091 {
5092 if (!TIFFSetField(tif,dp->tdir_tag,data))
5093 return(0);
5094 }
5095 }
5096 break;
5097 case TIFF_SETGET_FLOAT:
5098 {
5099 float data;
5100 assert(fip->field_readcount==1);
5101 assert(fip->field_passcount==0);
5102 err=TIFFReadDirEntryFloat(tif,dp,&data);
5103 if (err==TIFFReadDirEntryErrOk)
5104 {
5105 if (!TIFFSetField(tif,dp->tdir_tag,data))
5106 return(0);
5107 }
5108 }
5109 break;
5110 case TIFF_SETGET_DOUBLE:
5111 {
5112 double data;
5113 assert(fip->field_readcount==1);
5114 assert(fip->field_passcount==0);
5115 err=TIFFReadDirEntryDouble(tif,dp,&data);
5116 if (err==TIFFReadDirEntryErrOk)
5117 {
5118 if (!TIFFSetField(tif,dp->tdir_tag,data))
5119 return(0);
5120 }
5121 }
5122 break;
5123 case TIFF_SETGET_IFD8:
5124 {
5125 uint64 data;
5126 assert(fip->field_readcount==1);
5127 assert(fip->field_passcount==0);
5128 err=TIFFReadDirEntryIfd8(tif,dp,&data);
5129 if (err==TIFFReadDirEntryErrOk)
5130 {
5131 if (!TIFFSetField(tif,dp->tdir_tag,data))
5132 return(0);
5133 }
5134 }
5135 break;
5136 case TIFF_SETGET_UINT16_PAIR:
5137 {
5138 uint16* data;
5139 assert(fip->field_readcount==2);
5140 assert(fip->field_passcount==0);
5141 if (dp->tdir_count!=2) {
5142 TIFFWarningExt(tif->tif_clientdata,module,
5143 "incorrect count for field \"%s\", expected 2, got %d",
5144 fip->field_name,(int)dp->tdir_count);
5145 return(0);
5146 }
5147 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5148 if (err==TIFFReadDirEntryErrOk)
5149 {
5150 int m;
5151 m=TIFFSetField(tif,dp->tdir_tag,data[0],data[1]);
5152 _TIFFfree(data);
5153 if (!m)
5154 return(0);
5155 }
5156 }
5157 break;
5158 case TIFF_SETGET_C0_UINT8:
5159 {
5160 uint8* data;
5161 assert(fip->field_readcount>=1);
5162 assert(fip->field_passcount==0);
5163 if (dp->tdir_count!=(uint64)fip->field_readcount) {
5164 TIFFWarningExt(tif->tif_clientdata,module,
5165 "incorrect count for field \"%s\", expected %d, got %d",
5166 fip->field_name,(int) fip->field_readcount, (int)dp->tdir_count);
5167 return 0;
5168 }
5169 else
5170 {
5171 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5172 if (err==TIFFReadDirEntryErrOk)
5173 {
5174 int m;
5175 m=TIFFSetField(tif,dp->tdir_tag,data);
5176 if (data!=0)
5177 _TIFFfree(data);
5178 if (!m)
5179 return(0);
5180 }
5181 }
5182 }
5183 break;
5184 case TIFF_SETGET_C0_UINT16:
5185 {
5186 uint16* data;
5187 assert(fip->field_readcount>=1);
5188 assert(fip->field_passcount==0);
5189 if (dp->tdir_count!=(uint64)fip->field_readcount)
5190 /* corrupt file */;
5191 else
5192 {
5193 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5194 if (err==TIFFReadDirEntryErrOk)
5195 {
5196 int m;
5197 m=TIFFSetField(tif,dp->tdir_tag,data);
5198 if (data!=0)
5199 _TIFFfree(data);
5200 if (!m)
5201 return(0);
5202 }
5203 }
5204 }
5205 break;
5206 case TIFF_SETGET_C0_UINT32:
5207 {
5208 uint32* data;
5209 assert(fip->field_readcount>=1);
5210 assert(fip->field_passcount==0);
5211 if (dp->tdir_count!=(uint64)fip->field_readcount)
5212 /* corrupt file */;
5213 else
5214 {
5215 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5216 if (err==TIFFReadDirEntryErrOk)
5217 {
5218 int m;
5219 m=TIFFSetField(tif,dp->tdir_tag,data);
5220 if (data!=0)
5221 _TIFFfree(data);
5222 if (!m)
5223 return(0);
5224 }
5225 }
5226 }
5227 break;
5228 case TIFF_SETGET_C0_FLOAT:
5229 {
5230 float* data;
5231 assert(fip->field_readcount>=1);
5232 assert(fip->field_passcount==0);
5233 if (dp->tdir_count!=(uint64)fip->field_readcount)
5234 /* corrupt file */;
5235 else
5236 {
5237 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5238 if (err==TIFFReadDirEntryErrOk)
5239 {
5240 int m;
5241 m=TIFFSetField(tif,dp->tdir_tag,data);
5242 if (data!=0)
5243 _TIFFfree(data);
5244 if (!m)
5245 return(0);
5246 }
5247 }
5248 }
5249 break;
5250 case TIFF_SETGET_C16_ASCII:
5251 {
5252 uint8* data;
5253 assert(fip->field_readcount==TIFF_VARIABLE);
5254 assert(fip->field_passcount==1);
5255 if (dp->tdir_count>0xFFFF)
5256 err=TIFFReadDirEntryErrCount;
5257 else
5258 {
5259 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5260 if (err==TIFFReadDirEntryErrOk)
5261 {
5262 int m;
5263 if( data != 0 && dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' )
5264 {
5265 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name);
5266 data[dp->tdir_count-1] = '\0';
5267 }
5268 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5269 if (data!=0)
5270 _TIFFfree(data);
5271 if (!m)
5272 return(0);
5273 }
5274 }
5275 }
5276 break;
5277 case TIFF_SETGET_C16_UINT8:
5278 {
5279 uint8* data;
5280 assert(fip->field_readcount==TIFF_VARIABLE);
5281 assert(fip->field_passcount==1);
5282 if (dp->tdir_count>0xFFFF)
5283 err=TIFFReadDirEntryErrCount;
5284 else
5285 {
5286 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5287 if (err==TIFFReadDirEntryErrOk)
5288 {
5289 int m;
5290 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5291 if (data!=0)
5292 _TIFFfree(data);
5293 if (!m)
5294 return(0);
5295 }
5296 }
5297 }
5298 break;
5299 case TIFF_SETGET_C16_UINT16:
5300 {
5301 uint16* data;
5302 assert(fip->field_readcount==TIFF_VARIABLE);
5303 assert(fip->field_passcount==1);
5304 if (dp->tdir_count>0xFFFF)
5305 err=TIFFReadDirEntryErrCount;
5306 else
5307 {
5308 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5309 if (err==TIFFReadDirEntryErrOk)
5310 {
5311 int m;
5312 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5313 if (data!=0)
5314 _TIFFfree(data);
5315 if (!m)
5316 return(0);
5317 }
5318 }
5319 }
5320 break;
5321 case TIFF_SETGET_C16_UINT32:
5322 {
5323 uint32* data;
5324 assert(fip->field_readcount==TIFF_VARIABLE);
5325 assert(fip->field_passcount==1);
5326 if (dp->tdir_count>0xFFFF)
5327 err=TIFFReadDirEntryErrCount;
5328 else
5329 {
5330 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5331 if (err==TIFFReadDirEntryErrOk)
5332 {
5333 int m;
5334 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5335 if (data!=0)
5336 _TIFFfree(data);
5337 if (!m)
5338 return(0);
5339 }
5340 }
5341 }
5342 break;
5343 case TIFF_SETGET_C16_UINT64:
5344 {
5345 uint64* data;
5346 assert(fip->field_readcount==TIFF_VARIABLE);
5347 assert(fip->field_passcount==1);
5348 if (dp->tdir_count>0xFFFF)
5349 err=TIFFReadDirEntryErrCount;
5350 else
5351 {
5352 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5353 if (err==TIFFReadDirEntryErrOk)
5354 {
5355 int m;
5356 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5357 if (data!=0)
5358 _TIFFfree(data);
5359 if (!m)
5360 return(0);
5361 }
5362 }
5363 }
5364 break;
5365 case TIFF_SETGET_C16_FLOAT:
5366 {
5367 float* data;
5368 assert(fip->field_readcount==TIFF_VARIABLE);
5369 assert(fip->field_passcount==1);
5370 if (dp->tdir_count>0xFFFF)
5371 err=TIFFReadDirEntryErrCount;
5372 else
5373 {
5374 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5375 if (err==TIFFReadDirEntryErrOk)
5376 {
5377 int m;
5378 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5379 if (data!=0)
5380 _TIFFfree(data);
5381 if (!m)
5382 return(0);
5383 }
5384 }
5385 }
5386 break;
5387 case TIFF_SETGET_C16_DOUBLE:
5388 {
5389 double* data;
5390 assert(fip->field_readcount==TIFF_VARIABLE);
5391 assert(fip->field_passcount==1);
5392 if (dp->tdir_count>0xFFFF)
5393 err=TIFFReadDirEntryErrCount;
5394 else
5395 {
5396 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5397 if (err==TIFFReadDirEntryErrOk)
5398 {
5399 int m;
5400 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5401 if (data!=0)
5402 _TIFFfree(data);
5403 if (!m)
5404 return(0);
5405 }
5406 }
5407 }
5408 break;
5409 case TIFF_SETGET_C16_IFD8:
5410 {
5411 uint64* data;
5412 assert(fip->field_readcount==TIFF_VARIABLE);
5413 assert(fip->field_passcount==1);
5414 if (dp->tdir_count>0xFFFF)
5415 err=TIFFReadDirEntryErrCount;
5416 else
5417 {
5418 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5419 if (err==TIFFReadDirEntryErrOk)
5420 {
5421 int m;
5422 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5423 if (data!=0)
5424 _TIFFfree(data);
5425 if (!m)
5426 return(0);
5427 }
5428 }
5429 }
5430 break;
5431 case TIFF_SETGET_C32_ASCII:
5432 {
5433 uint8* data;
5434 assert(fip->field_readcount==TIFF_VARIABLE2);
5435 assert(fip->field_passcount==1);
5436 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5437 if (err==TIFFReadDirEntryErrOk)
5438 {
5439 int m;
5440 if( data != 0 && dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' )
5441 {
5442 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name);
5443 data[dp->tdir_count-1] = '\0';
5444 }
5445 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5446 if (data!=0)
5447 _TIFFfree(data);
5448 if (!m)
5449 return(0);
5450 }
5451 }
5452 break;
5453 case TIFF_SETGET_C32_UINT8:
5454 {
5455 uint8* data;
5456 assert(fip->field_readcount==TIFF_VARIABLE2);
5457 assert(fip->field_passcount==1);
5458 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5459 if (err==TIFFReadDirEntryErrOk)
5460 {
5461 int m;
5462 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5463 if (data!=0)
5464 _TIFFfree(data);
5465 if (!m)
5466 return(0);
5467 }
5468 }
5469 break;
5470 case TIFF_SETGET_C32_SINT8:
5471 {
5472 int8* data = NULL;
5473 assert(fip->field_readcount==TIFF_VARIABLE2);
5474 assert(fip->field_passcount==1);
5475 err=TIFFReadDirEntrySbyteArray(tif,dp,&data);
5476 if (err==TIFFReadDirEntryErrOk)
5477 {
5478 int m;
5479 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5480 if (data!=0)
5481 _TIFFfree(data);
5482 if (!m)
5483 return(0);
5484 }
5485 }
5486 break;
5487 case TIFF_SETGET_C32_UINT16:
5488 {
5489 uint16* data;
5490 assert(fip->field_readcount==TIFF_VARIABLE2);
5491 assert(fip->field_passcount==1);
5492 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5493 if (err==TIFFReadDirEntryErrOk)
5494 {
5495 int m;
5496 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5497 if (data!=0)
5498 _TIFFfree(data);
5499 if (!m)
5500 return(0);
5501 }
5502 }
5503 break;
5504 case TIFF_SETGET_C32_SINT16:
5505 {
5506 int16* data = NULL;
5507 assert(fip->field_readcount==TIFF_VARIABLE2);
5508 assert(fip->field_passcount==1);
5509 err=TIFFReadDirEntrySshortArray(tif,dp,&data);
5510 if (err==TIFFReadDirEntryErrOk)
5511 {
5512 int m;
5513 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5514 if (data!=0)
5515 _TIFFfree(data);
5516 if (!m)
5517 return(0);
5518 }
5519 }
5520 break;
5521 case TIFF_SETGET_C32_UINT32:
5522 {
5523 uint32* data;
5524 assert(fip->field_readcount==TIFF_VARIABLE2);
5525 assert(fip->field_passcount==1);
5526 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5527 if (err==TIFFReadDirEntryErrOk)
5528 {
5529 int m;
5530 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5531 if (data!=0)
5532 _TIFFfree(data);
5533 if (!m)
5534 return(0);
5535 }
5536 }
5537 break;
5538 case TIFF_SETGET_C32_SINT32:
5539 {
5540 int32* data = NULL;
5541 assert(fip->field_readcount==TIFF_VARIABLE2);
5542 assert(fip->field_passcount==1);
5543 err=TIFFReadDirEntrySlongArray(tif,dp,&data);
5544 if (err==TIFFReadDirEntryErrOk)
5545 {
5546 int m;
5547 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5548 if (data!=0)
5549 _TIFFfree(data);
5550 if (!m)
5551 return(0);
5552 }
5553 }
5554 break;
5555 case TIFF_SETGET_C32_UINT64:
5556 {
5557 uint64* data;
5558 assert(fip->field_readcount==TIFF_VARIABLE2);
5559 assert(fip->field_passcount==1);
5560 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5561 if (err==TIFFReadDirEntryErrOk)
5562 {
5563 int m;
5564 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5565 if (data!=0)
5566 _TIFFfree(data);
5567 if (!m)
5568 return(0);
5569 }
5570 }
5571 break;
5572 case TIFF_SETGET_C32_SINT64:
5573 {
5574 int64* data = NULL;
5575 assert(fip->field_readcount==TIFF_VARIABLE2);
5576 assert(fip->field_passcount==1);
5577 err=TIFFReadDirEntrySlong8Array(tif,dp,&data);
5578 if (err==TIFFReadDirEntryErrOk)
5579 {
5580 int m;
5581 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5582 if (data!=0)
5583 _TIFFfree(data);
5584 if (!m)
5585 return(0);
5586 }
5587 }
5588 break;
5589 case TIFF_SETGET_C32_FLOAT:
5590 {
5591 float* data;
5592 assert(fip->field_readcount==TIFF_VARIABLE2);
5593 assert(fip->field_passcount==1);
5594 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5595 if (err==TIFFReadDirEntryErrOk)
5596 {
5597 int m;
5598 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5599 if (data!=0)
5600 _TIFFfree(data);
5601 if (!m)
5602 return(0);
5603 }
5604 }
5605 break;
5606 case TIFF_SETGET_C32_DOUBLE:
5607 {
5608 double* data;
5609 assert(fip->field_readcount==TIFF_VARIABLE2);
5610 assert(fip->field_passcount==1);
5611 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5612 if (err==TIFFReadDirEntryErrOk)
5613 {
5614 int m;
5615 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5616 if (data!=0)
5617 _TIFFfree(data);
5618 if (!m)
5619 return(0);
5620 }
5621 }
5622 break;
5623 case TIFF_SETGET_C32_IFD8:
5624 {
5625 uint64* data;
5626 assert(fip->field_readcount==TIFF_VARIABLE2);
5627 assert(fip->field_passcount==1);
5628 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5629 if (err==TIFFReadDirEntryErrOk)
5630 {
5631 int m;
5632 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5633 if (data!=0)
5634 _TIFFfree(data);
5635 if (!m)
5636 return(0);
5637 }
5638 }
5639 break;
5640 default:
5641 assert(0); /* we should never get here */
5642 break;
5643 }
5644 if (err!=TIFFReadDirEntryErrOk)
5645 {
5646 TIFFReadDirEntryOutputErr(tif,err,module,fip->field_name,recover);
5647 return(0);
5648 }
5649 return(1);
5650 }
5651
5652 /*
5653 * Fetch a set of offsets or lengths.
5654 * While this routine says "strips", in fact it's also used for tiles.
5655 */
5656 static int
TIFFFetchStripThing(TIFF * tif,TIFFDirEntry * dir,uint32 nstrips,uint64 ** lpp)5657 TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
5658 {
5659 static const char module[] = "TIFFFetchStripThing";
5660 enum TIFFReadDirEntryErr err;
5661 uint64* data;
5662 err=TIFFReadDirEntryLong8ArrayWithLimit(tif,dir,&data,nstrips);
5663 if (err!=TIFFReadDirEntryErrOk)
5664 {
5665 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5666 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
5667 return(0);
5668 }
5669 if (dir->tdir_count<(uint64)nstrips)
5670 {
5671 uint64* resizeddata;
5672 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5673 const char* pszMax = getenv("LIBTIFF_STRILE_ARRAY_MAX_RESIZE_COUNT");
5674 uint32 max_nstrips = 1000000;
5675 if( pszMax )
5676 max_nstrips = (uint32) atoi(pszMax);
5677 TIFFReadDirEntryOutputErr(tif,TIFFReadDirEntryErrCount,
5678 module,
5679 fip ? fip->field_name : "unknown tagname",
5680 ( nstrips <= max_nstrips ) );
5681
5682 if( nstrips > max_nstrips )
5683 {
5684 _TIFFfree(data);
5685 return(0);
5686 }
5687
5688 resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array");
5689 if (resizeddata==0) {
5690 _TIFFfree(data);
5691 return(0);
5692 }
5693 _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
5694 _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
5695 _TIFFfree(data);
5696 data=resizeddata;
5697 }
5698 *lpp=data;
5699 return(1);
5700 }
5701
5702 /*
5703 * Fetch and set the SubjectDistance EXIF tag.
5704 */
5705 static int
TIFFFetchSubjectDistance(TIFF * tif,TIFFDirEntry * dir)5706 TIFFFetchSubjectDistance(TIFF* tif, TIFFDirEntry* dir)
5707 {
5708 static const char module[] = "TIFFFetchSubjectDistance";
5709 enum TIFFReadDirEntryErr err;
5710 UInt64Aligned_t m;
5711 m.l=0;
5712 assert(sizeof(double)==8);
5713 assert(sizeof(uint64)==8);
5714 assert(sizeof(uint32)==4);
5715 if (dir->tdir_count!=1)
5716 err=TIFFReadDirEntryErrCount;
5717 else if (dir->tdir_type!=TIFF_RATIONAL)
5718 err=TIFFReadDirEntryErrType;
5719 else
5720 {
5721 if (!(tif->tif_flags&TIFF_BIGTIFF))
5722 {
5723 uint32 offset;
5724 offset=*(uint32*)(&dir->tdir_offset);
5725 if (tif->tif_flags&TIFF_SWAB)
5726 TIFFSwabLong(&offset);
5727 err=TIFFReadDirEntryData(tif,offset,8,m.i);
5728 }
5729 else
5730 {
5731 m.l=dir->tdir_offset.toff_long8;
5732 err=TIFFReadDirEntryErrOk;
5733 }
5734 }
5735 if (err==TIFFReadDirEntryErrOk)
5736 {
5737 double n;
5738 if (tif->tif_flags&TIFF_SWAB)
5739 TIFFSwabArrayOfLong(m.i,2);
5740 if (m.i[0]==0)
5741 n=0.0;
5742 else if (m.i[0]==0xFFFFFFFF || m.i[1]==0)
5743 /*
5744 * XXX: Numerator 0xFFFFFFFF means that we have infinite
5745 * distance. Indicate that with a negative floating point
5746 * SubjectDistance value.
5747 */
5748 n=-1.0;
5749 else
5750 n=(double)m.i[0]/(double)m.i[1];
5751 return(TIFFSetField(tif,dir->tdir_tag,n));
5752 }
5753 else
5754 {
5755 TIFFReadDirEntryOutputErr(tif,err,module,"SubjectDistance",TRUE);
5756 return(0);
5757 }
5758 }
5759
allocChoppedUpStripArrays(TIFF * tif,uint32 nstrips,uint64 stripbytes,uint32 rowsperstrip)5760 static void allocChoppedUpStripArrays(TIFF* tif, uint32 nstrips,
5761 uint64 stripbytes, uint32 rowsperstrip)
5762 {
5763 TIFFDirectory *td = &tif->tif_dir;
5764 uint64 bytecount;
5765 uint64 offset;
5766 uint64 last_offset;
5767 uint64 last_bytecount;
5768 uint32 i;
5769 uint64 *newcounts;
5770 uint64 *newoffsets;
5771
5772 offset = TIFFGetStrileOffset(tif, 0);
5773 last_offset = TIFFGetStrileOffset(tif, td->td_nstrips-1);
5774 last_bytecount = TIFFGetStrileByteCount(tif, td->td_nstrips-1);
5775 if( last_offset > TIFF_UINT64_MAX - last_bytecount ||
5776 last_offset + last_bytecount < offset )
5777 {
5778 return;
5779 }
5780 bytecount = last_offset + last_bytecount - offset;
5781
5782 newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
5783 "for chopped \"StripByteCounts\" array");
5784 newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
5785 "for chopped \"StripOffsets\" array");
5786 if (newcounts == NULL || newoffsets == NULL) {
5787 /*
5788 * Unable to allocate new strip information, give up and use
5789 * the original one strip information.
5790 */
5791 if (newcounts != NULL)
5792 _TIFFfree(newcounts);
5793 if (newoffsets != NULL)
5794 _TIFFfree(newoffsets);
5795 return;
5796 }
5797
5798 /*
5799 * Fill the strip information arrays with new bytecounts and offsets
5800 * that reflect the broken-up format.
5801 */
5802 for (i = 0; i < nstrips; i++)
5803 {
5804 if (stripbytes > bytecount)
5805 stripbytes = bytecount;
5806 newcounts[i] = stripbytes;
5807 newoffsets[i] = stripbytes ? offset : 0;
5808 offset += stripbytes;
5809 bytecount -= stripbytes;
5810 }
5811
5812 /*
5813 * Replace old single strip info with multi-strip info.
5814 */
5815 td->td_stripsperimage = td->td_nstrips = nstrips;
5816 TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
5817
5818 _TIFFfree(td->td_stripbytecount_p);
5819 _TIFFfree(td->td_stripoffset_p);
5820 td->td_stripbytecount_p = newcounts;
5821 td->td_stripoffset_p = newoffsets;
5822 #ifdef STRIPBYTECOUNTSORTED_UNUSED
5823 td->td_stripbytecountsorted = 1;
5824 #endif
5825 tif->tif_flags |= TIFF_CHOPPEDUPARRAYS;
5826 }
5827
5828
5829 /*
5830 * Replace a single strip (tile) of uncompressed data by multiple strips
5831 * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for
5832 * dealing with large images or for dealing with machines with a limited
5833 * amount memory.
5834 */
5835 static void
ChopUpSingleUncompressedStrip(TIFF * tif)5836 ChopUpSingleUncompressedStrip(TIFF* tif)
5837 {
5838 register TIFFDirectory *td = &tif->tif_dir;
5839 uint64 bytecount;
5840 uint64 offset;
5841 uint32 rowblock;
5842 uint64 rowblockbytes;
5843 uint64 stripbytes;
5844 uint32 nstrips;
5845 uint32 rowsperstrip;
5846
5847 bytecount = TIFFGetStrileByteCount(tif, 0);
5848 /* On a newly created file, just re-opened to be filled, we */
5849 /* don't want strip chop to trigger as it is going to cause issues */
5850 /* later ( StripOffsets and StripByteCounts improperly filled) . */
5851 if( bytecount == 0 && tif->tif_mode != O_RDONLY )
5852 return;
5853 offset = TIFFGetStrileByteCount(tif, 0);
5854 assert(td->td_planarconfig == PLANARCONFIG_CONTIG);
5855 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&&
5856 (!isUpSampled(tif)))
5857 rowblock = td->td_ycbcrsubsampling[1];
5858 else
5859 rowblock = 1;
5860 rowblockbytes = TIFFVTileSize64(tif, rowblock);
5861 /*
5862 * Make the rows hold at least one scanline, but fill specified amount
5863 * of data if possible.
5864 */
5865 if (rowblockbytes > STRIP_SIZE_DEFAULT) {
5866 stripbytes = rowblockbytes;
5867 rowsperstrip = rowblock;
5868 } else if (rowblockbytes > 0 ) {
5869 uint32 rowblocksperstrip;
5870 rowblocksperstrip = (uint32) (STRIP_SIZE_DEFAULT / rowblockbytes);
5871 rowsperstrip = rowblocksperstrip * rowblock;
5872 stripbytes = rowblocksperstrip * rowblockbytes;
5873 }
5874 else
5875 return;
5876
5877 /*
5878 * never increase the number of rows per strip
5879 */
5880 if (rowsperstrip >= td->td_rowsperstrip)
5881 return;
5882 nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
5883 if( nstrips == 0 )
5884 return;
5885
5886 /* If we are going to allocate a lot of memory, make sure that the */
5887 /* file is as big as needed */
5888 if( tif->tif_mode == O_RDONLY &&
5889 nstrips > 1000000 &&
5890 (offset >= TIFFGetFileSize(tif) ||
5891 stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
5892 {
5893 return;
5894 }
5895
5896 allocChoppedUpStripArrays(tif, nstrips, stripbytes, rowsperstrip);
5897 }
5898
5899
5900 /*
5901 * Replace a file with contiguous strips > 2 GB of uncompressed data by
5902 * multiple smaller strips. This is useful for
5903 * dealing with large images or for dealing with machines with a limited
5904 * amount memory.
5905 */
TryChopUpUncompressedBigTiff(TIFF * tif)5906 static void TryChopUpUncompressedBigTiff( TIFF* tif )
5907 {
5908 TIFFDirectory *td = &tif->tif_dir;
5909 uint32 rowblock;
5910 uint64 rowblockbytes;
5911 uint32 i;
5912 uint64 stripsize;
5913 uint32 rowblocksperstrip;
5914 uint32 rowsperstrip;
5915 uint64 stripbytes;
5916 uint32 nstrips;
5917
5918 stripsize = TIFFStripSize64(tif);
5919
5920 assert( tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG );
5921 assert( tif->tif_dir.td_compression == COMPRESSION_NONE );
5922 assert( (tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED)) == TIFF_STRIPCHOP );
5923 assert( stripsize > 0x7FFFFFFFUL );
5924
5925 /* On a newly created file, just re-opened to be filled, we */
5926 /* don't want strip chop to trigger as it is going to cause issues */
5927 /* later ( StripOffsets and StripByteCounts improperly filled) . */
5928 if( TIFFGetStrileByteCount(tif, 0) == 0 && tif->tif_mode != O_RDONLY )
5929 return;
5930
5931 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&&
5932 (!isUpSampled(tif)))
5933 rowblock = td->td_ycbcrsubsampling[1];
5934 else
5935 rowblock = 1;
5936 rowblockbytes = TIFFVStripSize64(tif, rowblock);
5937 if( rowblockbytes == 0 || rowblockbytes > 0x7FFFFFFFUL )
5938 {
5939 /* In case of file with gigantic width */
5940 return;
5941 }
5942
5943 /* Check that the strips are contiguous and of the expected size */
5944 for( i = 0; i < td->td_nstrips; i++ )
5945 {
5946 if( i == td->td_nstrips - 1 )
5947 {
5948 if( TIFFGetStrileByteCount(tif, i) < TIFFVStripSize64(
5949 tif, td->td_imagelength - i * td->td_rowsperstrip ) )
5950 {
5951 return;
5952 }
5953 }
5954 else
5955 {
5956 if( TIFFGetStrileByteCount(tif, i) != stripsize )
5957 {
5958 return;
5959 }
5960 if( i > 0 && TIFFGetStrileOffset(tif, i) !=
5961 TIFFGetStrileOffset(tif, i-1) + TIFFGetStrileByteCount(tif, i-1) )
5962 {
5963 return;
5964 }
5965 }
5966 }
5967
5968 /* Aim for 512 MB strips (that will still be manageable by 32 bit builds */
5969 rowblocksperstrip = (uint32) (512 * 1024 * 1024 / rowblockbytes);
5970 if( rowblocksperstrip == 0 )
5971 rowblocksperstrip = 1;
5972 rowsperstrip = rowblocksperstrip * rowblock;
5973 stripbytes = rowblocksperstrip * rowblockbytes;
5974 assert( stripbytes <= 0x7FFFFFFFUL );
5975
5976 nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
5977 if( nstrips == 0 )
5978 return;
5979
5980 /* If we are going to allocate a lot of memory, make sure that the */
5981 /* file is as big as needed */
5982 if( tif->tif_mode == O_RDONLY &&
5983 nstrips > 1000000 )
5984 {
5985 uint64 last_offset = TIFFGetStrileOffset(tif, td->td_nstrips-1);
5986 uint64 filesize = TIFFGetFileSize(tif);
5987 uint64 last_bytecount = TIFFGetStrileByteCount(tif, td->td_nstrips-1);
5988 if( last_offset > filesize ||
5989 last_bytecount > filesize - last_offset )
5990 {
5991 return;
5992 }
5993 }
5994
5995 allocChoppedUpStripArrays(tif, nstrips, stripbytes, rowsperstrip);
5996 }
5997
5998
5999 TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW
_TIFFUnsanitizedAddUInt64AndInt(uint64 a,int b)6000 static uint64 _TIFFUnsanitizedAddUInt64AndInt(uint64 a, int b)
6001 {
6002 return a + b;
6003 }
6004
6005 /* Read the value of [Strip|Tile]Offset or [Strip|Tile]ByteCount around
6006 * strip/tile of number strile. Also fetch the neighbouring values using a
6007 * 4096 byte page size.
6008 */
6009 static
_TIFFPartialReadStripArray(TIFF * tif,TIFFDirEntry * dirent,int strile,uint64 * panVals)6010 int _TIFFPartialReadStripArray( TIFF* tif, TIFFDirEntry* dirent,
6011 int strile, uint64* panVals )
6012 {
6013 static const char module[] = "_TIFFPartialReadStripArray";
6014 #define IO_CACHE_PAGE_SIZE 4096
6015
6016 size_t sizeofval;
6017 const int bSwab = (tif->tif_flags & TIFF_SWAB) != 0;
6018 int sizeofvalint;
6019 uint64 nBaseOffset;
6020 uint64 nOffset;
6021 uint64 nOffsetStartPage;
6022 uint64 nOffsetEndPage;
6023 tmsize_t nToRead;
6024 tmsize_t nRead;
6025 uint64 nLastStripOffset;
6026 int iStartBefore;
6027 int i;
6028 const uint32 arraySize = tif->tif_dir.td_stripoffsetbyteallocsize;
6029 unsigned char buffer[2 * IO_CACHE_PAGE_SIZE];
6030
6031 assert( dirent->tdir_count > 4 );
6032
6033 if( dirent->tdir_type == TIFF_SHORT )
6034 {
6035 sizeofval = sizeof(uint16);
6036 }
6037 else if( dirent->tdir_type == TIFF_LONG )
6038 {
6039 sizeofval = sizeof(uint32);
6040 }
6041 else if( dirent->tdir_type == TIFF_LONG8 )
6042 {
6043 sizeofval = sizeof(uint64);
6044 }
6045 else
6046 {
6047 TIFFErrorExt(tif->tif_clientdata, module,
6048 "Invalid type for [Strip|Tile][Offset/ByteCount] tag");
6049 panVals[strile] = 0;
6050 return 0;
6051 }
6052 sizeofvalint = (int)(sizeofval);
6053
6054 if( tif->tif_flags&TIFF_BIGTIFF )
6055 {
6056 uint64 offset = dirent->tdir_offset.toff_long8;
6057 if( bSwab )
6058 TIFFSwabLong8(&offset);
6059 nBaseOffset = offset;
6060 }
6061 else
6062 {
6063 uint32 offset = dirent->tdir_offset.toff_long;
6064 if( bSwab )
6065 TIFFSwabLong(&offset);
6066 nBaseOffset = offset;
6067 }
6068 /* To avoid later unsigned integer overflows */
6069 if( nBaseOffset > (uint64)TIFF_INT64_MAX )
6070 {
6071 TIFFErrorExt(tif->tif_clientdata, module,
6072 "Cannot read offset/size for strile %d", strile);
6073 panVals[strile] = 0;
6074 return 0;
6075 }
6076 nOffset = nBaseOffset + sizeofval * strile;
6077 nOffsetStartPage =
6078 (nOffset / IO_CACHE_PAGE_SIZE) * IO_CACHE_PAGE_SIZE;
6079 nOffsetEndPage = nOffsetStartPage + IO_CACHE_PAGE_SIZE;
6080
6081 if( nOffset + sizeofval > nOffsetEndPage )
6082 nOffsetEndPage += IO_CACHE_PAGE_SIZE;
6083 #undef IO_CACHE_PAGE_SIZE
6084
6085 nLastStripOffset = nBaseOffset + arraySize * sizeofval;
6086 if( nLastStripOffset < nOffsetEndPage )
6087 nOffsetEndPage = nLastStripOffset;
6088 if( nOffsetStartPage >= nOffsetEndPage )
6089 {
6090 TIFFErrorExt(tif->tif_clientdata, module,
6091 "Cannot read offset/size for strile %d", strile);
6092 panVals[strile] = 0;
6093 return 0;
6094 }
6095 if (!SeekOK(tif,nOffsetStartPage))
6096 {
6097 panVals[strile] = 0;
6098 return 0;
6099 }
6100
6101 nToRead = (tmsize_t)(nOffsetEndPage - nOffsetStartPage);
6102 nRead = TIFFReadFile(tif, buffer, nToRead);
6103 if( nRead < nToRead )
6104 {
6105 TIFFErrorExt(tif->tif_clientdata, module,
6106 "Cannot read offset/size for strile around ~%d", strile);
6107 return 0;
6108 }
6109 iStartBefore = -(int)((nOffset - nOffsetStartPage) / sizeofval);
6110 if( strile + iStartBefore < 0 )
6111 iStartBefore = -strile;
6112 for( i = iStartBefore;
6113 (uint32)(strile + i) < arraySize &&
6114 _TIFFUnsanitizedAddUInt64AndInt(nOffset, (i + 1) * sizeofvalint) <= nOffsetEndPage;
6115 ++i )
6116 {
6117 if( sizeofval == sizeof(uint16) )
6118 {
6119 uint16 val;
6120 memcpy(&val,
6121 buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint,
6122 sizeof(val));
6123 if( bSwab )
6124 TIFFSwabShort(&val);
6125 panVals[strile + i] = val;
6126 }
6127 else if( sizeofval == sizeof(uint32) )
6128 {
6129 uint32 val;
6130 memcpy(&val,
6131 buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint,
6132 sizeof(val));
6133 if( bSwab )
6134 TIFFSwabLong(&val);
6135 panVals[strile + i] = val;
6136 }
6137 else
6138 {
6139 uint64 val;
6140 memcpy(&val,
6141 buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint,
6142 sizeof(val));
6143 if( bSwab )
6144 TIFFSwabLong8(&val);
6145 panVals[strile + i] = val;
6146 }
6147 }
6148 return 1;
6149 }
6150
_TIFFFetchStrileValue(TIFF * tif,uint32 strile,TIFFDirEntry * dirent,uint64 ** parray)6151 static int _TIFFFetchStrileValue(TIFF* tif,
6152 uint32 strile,
6153 TIFFDirEntry* dirent,
6154 uint64** parray)
6155 {
6156 static const char module[] = "_TIFFFetchStrileValue";
6157 TIFFDirectory *td = &tif->tif_dir;
6158 if( strile >= dirent->tdir_count )
6159 {
6160 return 0;
6161 }
6162 if( strile >= td->td_stripoffsetbyteallocsize )
6163 {
6164 uint32 nStripArrayAllocBefore = td->td_stripoffsetbyteallocsize;
6165 uint32 nStripArrayAllocNew;
6166 uint64 nArraySize64;
6167 size_t nArraySize;
6168 uint64* offsetArray;
6169 uint64* bytecountArray;
6170
6171 if( strile > 1000000 )
6172 {
6173 uint64 filesize = TIFFGetFileSize(tif);
6174 /* Avoid excessive memory allocation attempt */
6175 /* For such a big blockid we need at least a TIFF_LONG per strile */
6176 /* for the offset array. */
6177 if( strile > filesize / sizeof(uint32) )
6178 {
6179 TIFFErrorExt(tif->tif_clientdata, module, "File too short");
6180 return 0;
6181 }
6182 }
6183
6184 if( td->td_stripoffsetbyteallocsize == 0 &&
6185 td->td_nstrips < 1024 * 1024 )
6186 {
6187 nStripArrayAllocNew = td->td_nstrips;
6188 }
6189 else
6190 {
6191 #define TIFF_MAX(a,b) (((a)>(b)) ? (a) : (b))
6192 #define TIFF_MIN(a,b) (((a)<(b)) ? (a) : (b))
6193 nStripArrayAllocNew = TIFF_MAX(strile + 1, 1024U * 512U );
6194 if( nStripArrayAllocNew < 0xFFFFFFFFU / 2 )
6195 nStripArrayAllocNew *= 2;
6196 nStripArrayAllocNew = TIFF_MIN(nStripArrayAllocNew, td->td_nstrips);
6197 }
6198 assert( strile < nStripArrayAllocNew );
6199 nArraySize64 = (uint64)sizeof(uint64) * nStripArrayAllocNew;
6200 nArraySize = (size_t)(nArraySize64);
6201 #if SIZEOF_SIZE_T == 4
6202 if( nArraySize != nArraySize64 )
6203 {
6204 TIFFErrorExt(tif->tif_clientdata, module,
6205 "Cannot allocate strip offset and bytecount arrays");
6206 return 0;
6207 }
6208 #endif
6209 offsetArray = (uint64*)(
6210 _TIFFrealloc( td->td_stripoffset_p, nArraySize ) );
6211 bytecountArray = (uint64*)(
6212 _TIFFrealloc( td->td_stripbytecount_p, nArraySize ) );
6213 if( offsetArray )
6214 td->td_stripoffset_p = offsetArray;
6215 if( bytecountArray )
6216 td->td_stripbytecount_p = bytecountArray;
6217 if( offsetArray && bytecountArray )
6218 {
6219 td->td_stripoffsetbyteallocsize = nStripArrayAllocNew;
6220 /* Initialize new entries to ~0 / -1 */
6221 memset(td->td_stripoffset_p + nStripArrayAllocBefore,
6222 0xFF,
6223 (td->td_stripoffsetbyteallocsize - nStripArrayAllocBefore) * sizeof(uint64) );
6224 memset(td->td_stripbytecount_p + nStripArrayAllocBefore,
6225 0xFF,
6226 (td->td_stripoffsetbyteallocsize - nStripArrayAllocBefore) * sizeof(uint64) );
6227 }
6228 else
6229 {
6230 TIFFErrorExt(tif->tif_clientdata, module,
6231 "Cannot allocate strip offset and bytecount arrays");
6232 _TIFFfree(td->td_stripoffset_p);
6233 td->td_stripoffset_p = NULL;
6234 _TIFFfree(td->td_stripbytecount_p);
6235 td->td_stripbytecount_p = NULL;
6236 td->td_stripoffsetbyteallocsize = 0;
6237 }
6238 }
6239 if( *parray == NULL || strile >= td->td_stripoffsetbyteallocsize )
6240 return 0;
6241
6242 if( ~((*parray)[strile]) == 0 )
6243 {
6244 if( !_TIFFPartialReadStripArray( tif, dirent, strile, *parray ) )
6245 {
6246 (*parray)[strile] = 0;
6247 return 0;
6248 }
6249 }
6250
6251 return 1;
6252 }
6253
_TIFFGetStrileOffsetOrByteCountValue(TIFF * tif,uint32 strile,TIFFDirEntry * dirent,uint64 ** parray,int * pbErr)6254 static uint64 _TIFFGetStrileOffsetOrByteCountValue(TIFF *tif, uint32 strile,
6255 TIFFDirEntry* dirent,
6256 uint64** parray,
6257 int *pbErr)
6258 {
6259 TIFFDirectory *td = &tif->tif_dir;
6260 if( pbErr )
6261 *pbErr = 0;
6262 if( (tif->tif_flags&TIFF_DEFERSTRILELOAD) && !(tif->tif_flags&TIFF_CHOPPEDUPARRAYS) )
6263 {
6264 if( !(tif->tif_flags&TIFF_LAZYSTRILELOAD) ||
6265 /* If the values may fit in the toff_long/toff_long8 member */
6266 /* then use _TIFFFillStriles to simplify _TIFFFetchStrileValue */
6267 dirent->tdir_count <= 4 )
6268 {
6269 if( !_TIFFFillStriles(tif) )
6270 {
6271 if( pbErr )
6272 *pbErr = 1;
6273 /* Do not return, as we want this function to always */
6274 /* return the same value if called several times with */
6275 /* the same arguments */
6276 }
6277 }
6278 else
6279 {
6280 if( !_TIFFFetchStrileValue(tif, strile, dirent, parray) )
6281 {
6282 if( pbErr )
6283 *pbErr = 1;
6284 return 0;
6285 }
6286 }
6287 }
6288 if( *parray == NULL || strile >= td->td_nstrips )
6289 {
6290 if( pbErr )
6291 *pbErr = 1;
6292 return 0;
6293 }
6294 return (*parray)[strile];
6295 }
6296
6297 /* Return the value of the TileOffsets/StripOffsets array for the specified tile/strile */
TIFFGetStrileOffset(TIFF * tif,uint32 strile)6298 uint64 TIFFGetStrileOffset(TIFF *tif, uint32 strile)
6299 {
6300 return TIFFGetStrileOffsetWithErr(tif, strile, NULL);
6301 }
6302
6303 /* Return the value of the TileOffsets/StripOffsets array for the specified tile/strile */
TIFFGetStrileOffsetWithErr(TIFF * tif,uint32 strile,int * pbErr)6304 uint64 TIFFGetStrileOffsetWithErr(TIFF *tif, uint32 strile, int *pbErr)
6305 {
6306 TIFFDirectory *td = &tif->tif_dir;
6307 return _TIFFGetStrileOffsetOrByteCountValue(tif, strile,
6308 &(td->td_stripoffset_entry),
6309 &(td->td_stripoffset_p), pbErr);
6310 }
6311
6312 /* Return the value of the TileByteCounts/StripByteCounts array for the specified tile/strile */
TIFFGetStrileByteCount(TIFF * tif,uint32 strile)6313 uint64 TIFFGetStrileByteCount(TIFF *tif, uint32 strile)
6314 {
6315 return TIFFGetStrileByteCountWithErr(tif, strile, NULL);
6316 }
6317
6318 /* Return the value of the TileByteCounts/StripByteCounts array for the specified tile/strile */
TIFFGetStrileByteCountWithErr(TIFF * tif,uint32 strile,int * pbErr)6319 uint64 TIFFGetStrileByteCountWithErr(TIFF *tif, uint32 strile, int *pbErr)
6320 {
6321 TIFFDirectory *td = &tif->tif_dir;
6322 return _TIFFGetStrileOffsetOrByteCountValue(tif, strile,
6323 &(td->td_stripbytecount_entry),
6324 &(td->td_stripbytecount_p), pbErr);
6325 }
6326
6327
_TIFFFillStriles(TIFF * tif)6328 int _TIFFFillStriles( TIFF *tif )
6329 {
6330 return _TIFFFillStrilesInternal( tif, 1 );
6331 }
6332
_TIFFFillStrilesInternal(TIFF * tif,int loadStripByteCount)6333 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount )
6334 {
6335 register TIFFDirectory *td = &tif->tif_dir;
6336 int return_value = 1;
6337
6338 /* Do not do anything if TIFF_DEFERSTRILELOAD is not set */
6339 if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) || (tif->tif_flags&TIFF_CHOPPEDUPARRAYS) != 0 )
6340 return 1;
6341
6342 if( tif->tif_flags&TIFF_LAZYSTRILELOAD )
6343 {
6344 /* In case of lazy loading, reload completely the arrays */
6345 _TIFFfree(td->td_stripoffset_p);
6346 _TIFFfree(td->td_stripbytecount_p);
6347 td->td_stripoffset_p = NULL;
6348 td->td_stripbytecount_p = NULL;
6349 td->td_stripoffsetbyteallocsize = 0;
6350 tif->tif_flags &= ~TIFF_LAZYSTRILELOAD;
6351 }
6352
6353 /* If stripoffset array is already loaded, exit with success */
6354 if( td->td_stripoffset_p != NULL )
6355 return 1;
6356
6357 /* If tdir_count was cancelled, then we already got there, but in error */
6358 if( td->td_stripoffset_entry.tdir_count == 0 )
6359 return 0;
6360
6361 if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry),
6362 td->td_nstrips,&td->td_stripoffset_p))
6363 {
6364 return_value = 0;
6365 }
6366
6367 if (loadStripByteCount &&
6368 !TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry),
6369 td->td_nstrips,&td->td_stripbytecount_p))
6370 {
6371 return_value = 0;
6372 }
6373
6374 _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry));
6375 _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry));
6376
6377 #ifdef STRIPBYTECOUNTSORTED_UNUSED
6378 if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) {
6379 uint32 strip;
6380
6381 tif->tif_dir.td_stripbytecountsorted = 1;
6382 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
6383 if (tif->tif_dir.td_stripoffset_p[strip - 1] >
6384 tif->tif_dir.td_stripoffset_p[strip]) {
6385 tif->tif_dir.td_stripbytecountsorted = 0;
6386 break;
6387 }
6388 }
6389 }
6390 #endif
6391
6392 return return_value;
6393 }
6394
6395
6396 /* vim: set ts=8 sts=8 sw=8 noet: */
6397 /*
6398 * Local Variables:
6399 * mode: c
6400 * c-basic-offset: 8
6401 * fill-column: 78
6402 * End:
6403 */
6404