1 /* $Id: tif_dirread.c,v 1.174 2012-02-01 02:24:47 fwarmerdam Exp $ */
2
3 /*
4 * Copyright (c) 1988-1997 Sam Leffler
5 * Copyright (c) 1991-1997 Silicon Graphics, Inc.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software and
8 * its documentation for any purpose is hereby granted without fee, provided
9 * that (i) the above copyright notices and this permission notice appear in
10 * all copies of the software and related documentation, and (ii) the names of
11 * Sam Leffler and Silicon Graphics may not be used in any advertising or
12 * publicity relating to the software without the specific, prior written
13 * permission of Sam Leffler and Silicon Graphics.
14 *
15 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
17 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
18 *
19 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
20 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
21 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
22 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
23 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
24 * OF THIS SOFTWARE.
25 */
26
27 /*
28 * TIFF Library.
29 *
30 * Directory Read Support Routines.
31 */
32
33 /* Suggested pending improvements:
34 * - add a field 'ignore' to the TIFFDirEntry structure, to flag status,
35 * eliminating current use of the IGNORE value, and therefore eliminating
36 * current irrational behaviour on tags with tag id code 0
37 * - add a field 'field_info' to the TIFFDirEntry structure, and set that with
38 * the pointer to the appropriate TIFFField structure early on in
39 * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup.
40 */
41
42 #include "tiffiop.h"
43
44 #define IGNORE 0 /* tag placeholder used below */
45 #define FAILED_FII ((uint32) -1)
46
47 #ifdef HAVE_IEEEFP
48 # define TIFFCvtIEEEFloatToNative(tif, n, fp)
49 # define TIFFCvtIEEEDoubleToNative(tif, n, dp)
50 #else
51 extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32, float*);
52 extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32, double*);
53 #endif
54
55 enum TIFFReadDirEntryErr {
56 TIFFReadDirEntryErrOk = 0,
57 TIFFReadDirEntryErrCount = 1,
58 TIFFReadDirEntryErrType = 2,
59 TIFFReadDirEntryErrIo = 3,
60 TIFFReadDirEntryErrRange = 4,
61 TIFFReadDirEntryErrPsdif = 5,
62 TIFFReadDirEntryErrSizesan = 6,
63 TIFFReadDirEntryErrAlloc = 7,
64 };
65
66 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
67 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
68 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
69 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
70 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
71 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
72 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
73
74 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value);
75 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value);
76 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value);
77 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value);
78 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value);
79 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value);
80 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value);
81 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
82 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value);
83 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value);
84 static enum TIFFReadDirEntryErr TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value);
85 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
86
87 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
88 #if 0
89 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
90 #endif
91
92 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
93 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value);
94 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
95 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value);
96 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
97 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value);
98 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
99 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value);
100 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value);
101 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value);
102 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
103 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
104
105 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value);
106 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value);
107 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value);
108 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value);
109 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value);
110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value);
111 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value);
112
113 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value);
114 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value);
115 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value);
116 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value);
117 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value);
118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value);
119 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value);
120
121 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value);
122 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value);
123 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value);
124 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value);
125 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value);
126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value);
127
128 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value);
129 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value);
130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value);
131 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value);
132 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value);
133
134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value);
135 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value);
136 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value);
137 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongLong8(uint64 value);
138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong8(int64 value);
139
140 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong(uint32 value);
141 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong8(uint64 value);
142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongSlong8(int64 value);
143
144 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value);
145 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sshort(int16 value);
146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong(int32 value);
147 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong8(int64 value);
148
149 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value);
150
151 static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest);
152 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover);
153
154 static void TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
155 static TIFFDirEntry* TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid);
156 static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii);
157
158 static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
159 static void MissingRequired(TIFF*, const char*);
160 static int TIFFCheckDirOffset(TIFF* tif, uint64 diroff);
161 static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32);
162 static uint16 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, uint64* nextdiroff);
163 static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover);
164 static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp);
165 static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
166 static void ChopUpSingleUncompressedStrip(TIFF*);
167 static uint64 TIFFReadUInt64(const uint8 *value);
168
169 typedef union _UInt64Aligned_t
170 {
171 double d;
172 uint64 l;
173 uint32 i[2];
174 uint16 s[4];
175 uint8 c[8];
176 } UInt64Aligned_t;
177
178 /*
179 Unaligned safe copy of a uint64 value from an octet array.
180 */
TIFFReadUInt64(const uint8 * value)181 static uint64 TIFFReadUInt64(const uint8 *value)
182 {
183 UInt64Aligned_t result;
184
185 result.c[0]=value[0];
186 result.c[1]=value[1];
187 result.c[2]=value[2];
188 result.c[3]=value[3];
189 result.c[4]=value[4];
190 result.c[5]=value[5];
191 result.c[6]=value[6];
192 result.c[7]=value[7];
193
194 return result.l;
195 }
196
TIFFReadDirEntryByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)197 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
198 {
199 enum TIFFReadDirEntryErr err;
200 if (direntry->tdir_count!=1)
201 return(TIFFReadDirEntryErrCount);
202 switch (direntry->tdir_type)
203 {
204 case TIFF_BYTE:
205 TIFFReadDirEntryCheckedByte(tif,direntry,value);
206 return(TIFFReadDirEntryErrOk);
207 case TIFF_SBYTE:
208 {
209 int8 m;
210 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
211 err=TIFFReadDirEntryCheckRangeByteSbyte(m);
212 if (err!=TIFFReadDirEntryErrOk)
213 return(err);
214 *value=(uint8)m;
215 return(TIFFReadDirEntryErrOk);
216 }
217 case TIFF_SHORT:
218 {
219 uint16 m;
220 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
221 err=TIFFReadDirEntryCheckRangeByteShort(m);
222 if (err!=TIFFReadDirEntryErrOk)
223 return(err);
224 *value=(uint8)m;
225 return(TIFFReadDirEntryErrOk);
226 }
227 case TIFF_SSHORT:
228 {
229 int16 m;
230 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
231 err=TIFFReadDirEntryCheckRangeByteSshort(m);
232 if (err!=TIFFReadDirEntryErrOk)
233 return(err);
234 *value=(uint8)m;
235 return(TIFFReadDirEntryErrOk);
236 }
237 case TIFF_LONG:
238 {
239 uint32 m;
240 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
241 err=TIFFReadDirEntryCheckRangeByteLong(m);
242 if (err!=TIFFReadDirEntryErrOk)
243 return(err);
244 *value=(uint8)m;
245 return(TIFFReadDirEntryErrOk);
246 }
247 case TIFF_SLONG:
248 {
249 int32 m;
250 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
251 err=TIFFReadDirEntryCheckRangeByteSlong(m);
252 if (err!=TIFFReadDirEntryErrOk)
253 return(err);
254 *value=(uint8)m;
255 return(TIFFReadDirEntryErrOk);
256 }
257 case TIFF_LONG8:
258 {
259 uint64 m;
260 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
261 if (err!=TIFFReadDirEntryErrOk)
262 return(err);
263 err=TIFFReadDirEntryCheckRangeByteLong8(m);
264 if (err!=TIFFReadDirEntryErrOk)
265 return(err);
266 *value=(uint8)m;
267 return(TIFFReadDirEntryErrOk);
268 }
269 case TIFF_SLONG8:
270 {
271 int64 m;
272 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
273 if (err!=TIFFReadDirEntryErrOk)
274 return(err);
275 err=TIFFReadDirEntryCheckRangeByteSlong8(m);
276 if (err!=TIFFReadDirEntryErrOk)
277 return(err);
278 *value=(uint8)m;
279 return(TIFFReadDirEntryErrOk);
280 }
281 default:
282 return(TIFFReadDirEntryErrType);
283 }
284 }
285
TIFFReadDirEntryShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)286 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
287 {
288 enum TIFFReadDirEntryErr err;
289 if (direntry->tdir_count!=1)
290 return(TIFFReadDirEntryErrCount);
291 switch (direntry->tdir_type)
292 {
293 case TIFF_BYTE:
294 {
295 uint8 m;
296 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
297 *value=(uint16)m;
298 return(TIFFReadDirEntryErrOk);
299 }
300 case TIFF_SBYTE:
301 {
302 int8 m;
303 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
304 err=TIFFReadDirEntryCheckRangeShortSbyte(m);
305 if (err!=TIFFReadDirEntryErrOk)
306 return(err);
307 *value=(uint16)m;
308 return(TIFFReadDirEntryErrOk);
309 }
310 case TIFF_SHORT:
311 TIFFReadDirEntryCheckedShort(tif,direntry,value);
312 return(TIFFReadDirEntryErrOk);
313 case TIFF_SSHORT:
314 {
315 int16 m;
316 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
317 err=TIFFReadDirEntryCheckRangeShortSshort(m);
318 if (err!=TIFFReadDirEntryErrOk)
319 return(err);
320 *value=(uint16)m;
321 return(TIFFReadDirEntryErrOk);
322 }
323 case TIFF_LONG:
324 {
325 uint32 m;
326 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
327 err=TIFFReadDirEntryCheckRangeShortLong(m);
328 if (err!=TIFFReadDirEntryErrOk)
329 return(err);
330 *value=(uint16)m;
331 return(TIFFReadDirEntryErrOk);
332 }
333 case TIFF_SLONG:
334 {
335 int32 m;
336 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
337 err=TIFFReadDirEntryCheckRangeShortSlong(m);
338 if (err!=TIFFReadDirEntryErrOk)
339 return(err);
340 *value=(uint16)m;
341 return(TIFFReadDirEntryErrOk);
342 }
343 case TIFF_LONG8:
344 {
345 uint64 m;
346 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
347 if (err!=TIFFReadDirEntryErrOk)
348 return(err);
349 err=TIFFReadDirEntryCheckRangeShortLong8(m);
350 if (err!=TIFFReadDirEntryErrOk)
351 return(err);
352 *value=(uint16)m;
353 return(TIFFReadDirEntryErrOk);
354 }
355 case TIFF_SLONG8:
356 {
357 int64 m;
358 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
359 if (err!=TIFFReadDirEntryErrOk)
360 return(err);
361 err=TIFFReadDirEntryCheckRangeShortSlong8(m);
362 if (err!=TIFFReadDirEntryErrOk)
363 return(err);
364 *value=(uint16)m;
365 return(TIFFReadDirEntryErrOk);
366 }
367 default:
368 return(TIFFReadDirEntryErrType);
369 }
370 }
371
TIFFReadDirEntryLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)372 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
373 {
374 enum TIFFReadDirEntryErr err;
375 if (direntry->tdir_count!=1)
376 return(TIFFReadDirEntryErrCount);
377 switch (direntry->tdir_type)
378 {
379 case TIFF_BYTE:
380 {
381 uint8 m;
382 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
383 *value=(uint32)m;
384 return(TIFFReadDirEntryErrOk);
385 }
386 case TIFF_SBYTE:
387 {
388 int8 m;
389 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
390 err=TIFFReadDirEntryCheckRangeLongSbyte(m);
391 if (err!=TIFFReadDirEntryErrOk)
392 return(err);
393 *value=(uint32)m;
394 return(TIFFReadDirEntryErrOk);
395 }
396 case TIFF_SHORT:
397 {
398 uint16 m;
399 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
400 *value=(uint32)m;
401 return(TIFFReadDirEntryErrOk);
402 }
403 case TIFF_SSHORT:
404 {
405 int16 m;
406 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
407 err=TIFFReadDirEntryCheckRangeLongSshort(m);
408 if (err!=TIFFReadDirEntryErrOk)
409 return(err);
410 *value=(uint32)m;
411 return(TIFFReadDirEntryErrOk);
412 }
413 case TIFF_LONG:
414 TIFFReadDirEntryCheckedLong(tif,direntry,value);
415 return(TIFFReadDirEntryErrOk);
416 case TIFF_SLONG:
417 {
418 int32 m;
419 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
420 err=TIFFReadDirEntryCheckRangeLongSlong(m);
421 if (err!=TIFFReadDirEntryErrOk)
422 return(err);
423 *value=(uint32)m;
424 return(TIFFReadDirEntryErrOk);
425 }
426 case TIFF_LONG8:
427 {
428 uint64 m;
429 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
430 if (err!=TIFFReadDirEntryErrOk)
431 return(err);
432 err=TIFFReadDirEntryCheckRangeLongLong8(m);
433 if (err!=TIFFReadDirEntryErrOk)
434 return(err);
435 *value=(uint32)m;
436 return(TIFFReadDirEntryErrOk);
437 }
438 case TIFF_SLONG8:
439 {
440 int64 m;
441 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
442 if (err!=TIFFReadDirEntryErrOk)
443 return(err);
444 err=TIFFReadDirEntryCheckRangeLongSlong8(m);
445 if (err!=TIFFReadDirEntryErrOk)
446 return(err);
447 *value=(uint32)m;
448 return(TIFFReadDirEntryErrOk);
449 }
450 default:
451 return(TIFFReadDirEntryErrType);
452 }
453 }
454
TIFFReadDirEntryLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)455 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
456 {
457 enum TIFFReadDirEntryErr err;
458 if (direntry->tdir_count!=1)
459 return(TIFFReadDirEntryErrCount);
460 switch (direntry->tdir_type)
461 {
462 case TIFF_BYTE:
463 {
464 uint8 m;
465 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
466 *value=(uint64)m;
467 return(TIFFReadDirEntryErrOk);
468 }
469 case TIFF_SBYTE:
470 {
471 int8 m;
472 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
473 err=TIFFReadDirEntryCheckRangeLong8Sbyte(m);
474 if (err!=TIFFReadDirEntryErrOk)
475 return(err);
476 *value=(uint64)m;
477 return(TIFFReadDirEntryErrOk);
478 }
479 case TIFF_SHORT:
480 {
481 uint16 m;
482 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
483 *value=(uint64)m;
484 return(TIFFReadDirEntryErrOk);
485 }
486 case TIFF_SSHORT:
487 {
488 int16 m;
489 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
490 err=TIFFReadDirEntryCheckRangeLong8Sshort(m);
491 if (err!=TIFFReadDirEntryErrOk)
492 return(err);
493 *value=(uint64)m;
494 return(TIFFReadDirEntryErrOk);
495 }
496 case TIFF_LONG:
497 {
498 uint32 m;
499 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
500 *value=(uint64)m;
501 return(TIFFReadDirEntryErrOk);
502 }
503 case TIFF_SLONG:
504 {
505 int32 m;
506 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
507 err=TIFFReadDirEntryCheckRangeLong8Slong(m);
508 if (err!=TIFFReadDirEntryErrOk)
509 return(err);
510 *value=(uint64)m;
511 return(TIFFReadDirEntryErrOk);
512 }
513 case TIFF_LONG8:
514 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
515 return(err);
516 case TIFF_SLONG8:
517 {
518 int64 m;
519 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
520 if (err!=TIFFReadDirEntryErrOk)
521 return(err);
522 err=TIFFReadDirEntryCheckRangeLong8Slong8(m);
523 if (err!=TIFFReadDirEntryErrOk)
524 return(err);
525 *value=(uint64)m;
526 return(TIFFReadDirEntryErrOk);
527 }
528 default:
529 return(TIFFReadDirEntryErrType);
530 }
531 }
532
TIFFReadDirEntryFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)533 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
534 {
535 enum TIFFReadDirEntryErr err;
536 if (direntry->tdir_count!=1)
537 return(TIFFReadDirEntryErrCount);
538 switch (direntry->tdir_type)
539 {
540 case TIFF_BYTE:
541 {
542 uint8 m;
543 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
544 *value=(float)m;
545 return(TIFFReadDirEntryErrOk);
546 }
547 case TIFF_SBYTE:
548 {
549 int8 m;
550 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
551 *value=(float)m;
552 return(TIFFReadDirEntryErrOk);
553 }
554 case TIFF_SHORT:
555 {
556 uint16 m;
557 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
558 *value=(float)m;
559 return(TIFFReadDirEntryErrOk);
560 }
561 case TIFF_SSHORT:
562 {
563 int16 m;
564 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
565 *value=(float)m;
566 return(TIFFReadDirEntryErrOk);
567 }
568 case TIFF_LONG:
569 {
570 uint32 m;
571 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
572 *value=(float)m;
573 return(TIFFReadDirEntryErrOk);
574 }
575 case TIFF_SLONG:
576 {
577 int32 m;
578 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
579 *value=(float)m;
580 return(TIFFReadDirEntryErrOk);
581 }
582 case TIFF_LONG8:
583 {
584 uint64 m;
585 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
586 if (err!=TIFFReadDirEntryErrOk)
587 return(err);
588 #if defined(__WIN32__) && (_MSC_VER < 1500)
589 /*
590 * XXX: MSVC 6.0 does not support conversion
591 * of 64-bit integers into floating point
592 * values.
593 */
594 *value = _TIFFUInt64ToFloat(m);
595 #else
596 *value=(float)m;
597 #endif
598 return(TIFFReadDirEntryErrOk);
599 }
600 case TIFF_SLONG8:
601 {
602 int64 m;
603 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
604 if (err!=TIFFReadDirEntryErrOk)
605 return(err);
606 *value=(float)m;
607 return(TIFFReadDirEntryErrOk);
608 }
609 case TIFF_RATIONAL:
610 {
611 double m;
612 err=TIFFReadDirEntryCheckedRational(tif,direntry,&m);
613 if (err!=TIFFReadDirEntryErrOk)
614 return(err);
615 *value=(float)m;
616 return(TIFFReadDirEntryErrOk);
617 }
618 case TIFF_SRATIONAL:
619 {
620 double m;
621 err=TIFFReadDirEntryCheckedSrational(tif,direntry,&m);
622 if (err!=TIFFReadDirEntryErrOk)
623 return(err);
624 *value=(float)m;
625 return(TIFFReadDirEntryErrOk);
626 }
627 case TIFF_FLOAT:
628 TIFFReadDirEntryCheckedFloat(tif,direntry,value);
629 return(TIFFReadDirEntryErrOk);
630 case TIFF_DOUBLE:
631 {
632 double m;
633 err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m);
634 if (err!=TIFFReadDirEntryErrOk)
635 return(err);
636 *value=(float)m;
637 return(TIFFReadDirEntryErrOk);
638 }
639 default:
640 return(TIFFReadDirEntryErrType);
641 }
642 }
643
TIFFReadDirEntryDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)644 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
645 {
646 enum TIFFReadDirEntryErr err;
647 if (direntry->tdir_count!=1)
648 return(TIFFReadDirEntryErrCount);
649 switch (direntry->tdir_type)
650 {
651 case TIFF_BYTE:
652 {
653 uint8 m;
654 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
655 *value=(double)m;
656 return(TIFFReadDirEntryErrOk);
657 }
658 case TIFF_SBYTE:
659 {
660 int8 m;
661 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
662 *value=(double)m;
663 return(TIFFReadDirEntryErrOk);
664 }
665 case TIFF_SHORT:
666 {
667 uint16 m;
668 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
669 *value=(double)m;
670 return(TIFFReadDirEntryErrOk);
671 }
672 case TIFF_SSHORT:
673 {
674 int16 m;
675 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
676 *value=(double)m;
677 return(TIFFReadDirEntryErrOk);
678 }
679 case TIFF_LONG:
680 {
681 uint32 m;
682 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
683 *value=(double)m;
684 return(TIFFReadDirEntryErrOk);
685 }
686 case TIFF_SLONG:
687 {
688 int32 m;
689 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
690 *value=(double)m;
691 return(TIFFReadDirEntryErrOk);
692 }
693 case TIFF_LONG8:
694 {
695 uint64 m;
696 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
697 if (err!=TIFFReadDirEntryErrOk)
698 return(err);
699 #if defined(__WIN32__) && (_MSC_VER < 1500)
700 /*
701 * XXX: MSVC 6.0 does not support conversion
702 * of 64-bit integers into floating point
703 * values.
704 */
705 *value = _TIFFUInt64ToDouble(m);
706 #else
707 *value = (double)m;
708 #endif
709 return(TIFFReadDirEntryErrOk);
710 }
711 case TIFF_SLONG8:
712 {
713 int64 m;
714 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
715 if (err!=TIFFReadDirEntryErrOk)
716 return(err);
717 *value=(double)m;
718 return(TIFFReadDirEntryErrOk);
719 }
720 case TIFF_RATIONAL:
721 err=TIFFReadDirEntryCheckedRational(tif,direntry,value);
722 return(err);
723 case TIFF_SRATIONAL:
724 err=TIFFReadDirEntryCheckedSrational(tif,direntry,value);
725 return(err);
726 case TIFF_FLOAT:
727 {
728 float m;
729 TIFFReadDirEntryCheckedFloat(tif,direntry,&m);
730 *value=(double)m;
731 return(TIFFReadDirEntryErrOk);
732 }
733 case TIFF_DOUBLE:
734 err=TIFFReadDirEntryCheckedDouble(tif,direntry,value);
735 return(err);
736 default:
737 return(TIFFReadDirEntryErrType);
738 }
739 }
740
TIFFReadDirEntryIfd8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)741 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
742 {
743 enum TIFFReadDirEntryErr err;
744 if (direntry->tdir_count!=1)
745 return(TIFFReadDirEntryErrCount);
746 switch (direntry->tdir_type)
747 {
748 case TIFF_LONG:
749 case TIFF_IFD:
750 {
751 uint32 m;
752 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
753 *value=(uint64)m;
754 return(TIFFReadDirEntryErrOk);
755 }
756 case TIFF_LONG8:
757 case TIFF_IFD8:
758 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
759 return(err);
760 default:
761 return(TIFFReadDirEntryErrType);
762 }
763 }
764
TIFFReadDirEntryArray(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value)765 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value)
766 {
767 int typesize;
768 uint32 datasize;
769 void* data;
770 typesize=TIFFDataWidth(direntry->tdir_type);
771 if ((direntry->tdir_count==0)||(typesize==0))
772 {
773 *value=0;
774 return(TIFFReadDirEntryErrOk);
775 }
776 (void) desttypesize;
777
778 /*
779 * As a sanity check, make sure we have no more than a 2GB tag array
780 * in either the current data type or the dest data type. This also
781 * avoids problems with overflow of tmsize_t on 32bit systems.
782 */
783 if ((uint64)(2147483647/typesize)<direntry->tdir_count)
784 return(TIFFReadDirEntryErrSizesan);
785 if ((uint64)(2147483647/desttypesize)<direntry->tdir_count)
786 return(TIFFReadDirEntryErrSizesan);
787
788 *count=(uint32)direntry->tdir_count;
789 datasize=(*count)*typesize;
790 assert((tmsize_t)datasize>0);
791 data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
792 if (data==0)
793 return(TIFFReadDirEntryErrAlloc);
794 if (!(tif->tif_flags&TIFF_BIGTIFF))
795 {
796 if (datasize<=4)
797 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
798 else
799 {
800 enum TIFFReadDirEntryErr err;
801 uint32 offset = direntry->tdir_offset.toff_long;
802 if (tif->tif_flags&TIFF_SWAB)
803 TIFFSwabLong(&offset);
804 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
805 if (err!=TIFFReadDirEntryErrOk)
806 {
807 _TIFFfree(data);
808 return(err);
809 }
810 }
811 }
812 else
813 {
814 if (datasize<=8)
815 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
816 else
817 {
818 enum TIFFReadDirEntryErr err;
819 uint64 offset = direntry->tdir_offset.toff_long8;
820 if (tif->tif_flags&TIFF_SWAB)
821 TIFFSwabLong8(&offset);
822 err=TIFFReadDirEntryData(tif,offset,(tmsize_t)datasize,data);
823 if (err!=TIFFReadDirEntryErrOk)
824 {
825 _TIFFfree(data);
826 return(err);
827 }
828 }
829 }
830 *value=data;
831 return(TIFFReadDirEntryErrOk);
832 }
833
TIFFReadDirEntryByteArray(TIFF * tif,TIFFDirEntry * direntry,uint8 ** value)834 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value)
835 {
836 enum TIFFReadDirEntryErr err;
837 uint32 count;
838 void* origdata;
839 uint8* data;
840 switch (direntry->tdir_type)
841 {
842 case TIFF_ASCII:
843 case TIFF_UNDEFINED:
844 case TIFF_BYTE:
845 case TIFF_SBYTE:
846 case TIFF_SHORT:
847 case TIFF_SSHORT:
848 case TIFF_LONG:
849 case TIFF_SLONG:
850 case TIFF_LONG8:
851 case TIFF_SLONG8:
852 break;
853 default:
854 return(TIFFReadDirEntryErrType);
855 }
856 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
857 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
858 {
859 *value=0;
860 return(err);
861 }
862 switch (direntry->tdir_type)
863 {
864 case TIFF_ASCII:
865 case TIFF_UNDEFINED:
866 case TIFF_BYTE:
867 *value=(uint8*)origdata;
868 return(TIFFReadDirEntryErrOk);
869 case TIFF_SBYTE:
870 {
871 int8* m;
872 uint32 n;
873 m=(int8*)origdata;
874 for (n=0; n<count; n++)
875 {
876 err=TIFFReadDirEntryCheckRangeByteSbyte(*m);
877 if (err!=TIFFReadDirEntryErrOk)
878 {
879 _TIFFfree(origdata);
880 return(err);
881 }
882 m++;
883 }
884 *value=(uint8*)origdata;
885 return(TIFFReadDirEntryErrOk);
886 }
887 }
888 data=(uint8*)_TIFFmalloc(count);
889 if (data==0)
890 {
891 _TIFFfree(origdata);
892 return(TIFFReadDirEntryErrAlloc);
893 }
894 switch (direntry->tdir_type)
895 {
896 case TIFF_SHORT:
897 {
898 uint16* ma;
899 uint8* mb;
900 uint32 n;
901 ma=(uint16*)origdata;
902 mb=data;
903 for (n=0; n<count; n++)
904 {
905 if (tif->tif_flags&TIFF_SWAB)
906 TIFFSwabShort(ma);
907 err=TIFFReadDirEntryCheckRangeByteShort(*ma);
908 if (err!=TIFFReadDirEntryErrOk)
909 break;
910 *mb++=(uint8)(*ma++);
911 }
912 }
913 break;
914 case TIFF_SSHORT:
915 {
916 int16* ma;
917 uint8* mb;
918 uint32 n;
919 ma=(int16*)origdata;
920 mb=data;
921 for (n=0; n<count; n++)
922 {
923 if (tif->tif_flags&TIFF_SWAB)
924 TIFFSwabShort((uint16*)ma);
925 err=TIFFReadDirEntryCheckRangeByteSshort(*ma);
926 if (err!=TIFFReadDirEntryErrOk)
927 break;
928 *mb++=(uint8)(*ma++);
929 }
930 }
931 break;
932 case TIFF_LONG:
933 {
934 uint32* ma;
935 uint8* mb;
936 uint32 n;
937 ma=(uint32*)origdata;
938 mb=data;
939 for (n=0; n<count; n++)
940 {
941 if (tif->tif_flags&TIFF_SWAB)
942 TIFFSwabLong(ma);
943 err=TIFFReadDirEntryCheckRangeByteLong(*ma);
944 if (err!=TIFFReadDirEntryErrOk)
945 break;
946 *mb++=(uint8)(*ma++);
947 }
948 }
949 break;
950 case TIFF_SLONG:
951 {
952 int32* ma;
953 uint8* mb;
954 uint32 n;
955 ma=(int32*)origdata;
956 mb=data;
957 for (n=0; n<count; n++)
958 {
959 if (tif->tif_flags&TIFF_SWAB)
960 TIFFSwabLong((uint32*)ma);
961 err=TIFFReadDirEntryCheckRangeByteSlong(*ma);
962 if (err!=TIFFReadDirEntryErrOk)
963 break;
964 *mb++=(uint8)(*ma++);
965 }
966 }
967 break;
968 case TIFF_LONG8:
969 {
970 uint64* ma;
971 uint8* mb;
972 uint32 n;
973 ma=(uint64*)origdata;
974 mb=data;
975 for (n=0; n<count; n++)
976 {
977 if (tif->tif_flags&TIFF_SWAB)
978 TIFFSwabLong8(ma);
979 err=TIFFReadDirEntryCheckRangeByteLong8(*ma);
980 if (err!=TIFFReadDirEntryErrOk)
981 break;
982 *mb++=(uint8)(*ma++);
983 }
984 }
985 break;
986 case TIFF_SLONG8:
987 {
988 int64* ma;
989 uint8* mb;
990 uint32 n;
991 ma=(int64*)origdata;
992 mb=data;
993 for (n=0; n<count; n++)
994 {
995 if (tif->tif_flags&TIFF_SWAB)
996 TIFFSwabLong8((uint64*)ma);
997 err=TIFFReadDirEntryCheckRangeByteSlong8(*ma);
998 if (err!=TIFFReadDirEntryErrOk)
999 break;
1000 *mb++=(uint8)(*ma++);
1001 }
1002 }
1003 break;
1004 }
1005 _TIFFfree(origdata);
1006 if (err!=TIFFReadDirEntryErrOk)
1007 {
1008 _TIFFfree(data);
1009 return(err);
1010 }
1011 *value=data;
1012 return(TIFFReadDirEntryErrOk);
1013 }
1014
TIFFReadDirEntrySbyteArray(TIFF * tif,TIFFDirEntry * direntry,int8 ** value)1015 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value)
1016 {
1017 enum TIFFReadDirEntryErr err;
1018 uint32 count;
1019 void* origdata;
1020 int8* data;
1021 switch (direntry->tdir_type)
1022 {
1023 case TIFF_UNDEFINED:
1024 case TIFF_BYTE:
1025 case TIFF_SBYTE:
1026 case TIFF_SHORT:
1027 case TIFF_SSHORT:
1028 case TIFF_LONG:
1029 case TIFF_SLONG:
1030 case TIFF_LONG8:
1031 case TIFF_SLONG8:
1032 break;
1033 default:
1034 return(TIFFReadDirEntryErrType);
1035 }
1036 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
1037 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1038 {
1039 *value=0;
1040 return(err);
1041 }
1042 switch (direntry->tdir_type)
1043 {
1044 case TIFF_UNDEFINED:
1045 case TIFF_BYTE:
1046 {
1047 uint8* m;
1048 uint32 n;
1049 m=(uint8*)origdata;
1050 for (n=0; n<count; n++)
1051 {
1052 err=TIFFReadDirEntryCheckRangeSbyteByte(*m);
1053 if (err!=TIFFReadDirEntryErrOk)
1054 {
1055 _TIFFfree(origdata);
1056 return(err);
1057 }
1058 m++;
1059 }
1060 *value=(int8*)origdata;
1061 return(TIFFReadDirEntryErrOk);
1062 }
1063 case TIFF_SBYTE:
1064 *value=(int8*)origdata;
1065 return(TIFFReadDirEntryErrOk);
1066 }
1067 data=(int8*)_TIFFmalloc(count);
1068 if (data==0)
1069 {
1070 _TIFFfree(origdata);
1071 return(TIFFReadDirEntryErrAlloc);
1072 }
1073 switch (direntry->tdir_type)
1074 {
1075 case TIFF_SHORT:
1076 {
1077 uint16* ma;
1078 int8* mb;
1079 uint32 n;
1080 ma=(uint16*)origdata;
1081 mb=data;
1082 for (n=0; n<count; n++)
1083 {
1084 if (tif->tif_flags&TIFF_SWAB)
1085 TIFFSwabShort(ma);
1086 err=TIFFReadDirEntryCheckRangeSbyteShort(*ma);
1087 if (err!=TIFFReadDirEntryErrOk)
1088 break;
1089 *mb++=(int8)(*ma++);
1090 }
1091 }
1092 break;
1093 case TIFF_SSHORT:
1094 {
1095 int16* ma;
1096 int8* mb;
1097 uint32 n;
1098 ma=(int16*)origdata;
1099 mb=data;
1100 for (n=0; n<count; n++)
1101 {
1102 if (tif->tif_flags&TIFF_SWAB)
1103 TIFFSwabShort((uint16*)ma);
1104 err=TIFFReadDirEntryCheckRangeSbyteSshort(*ma);
1105 if (err!=TIFFReadDirEntryErrOk)
1106 break;
1107 *mb++=(int8)(*ma++);
1108 }
1109 }
1110 break;
1111 case TIFF_LONG:
1112 {
1113 uint32* ma;
1114 int8* mb;
1115 uint32 n;
1116 ma=(uint32*)origdata;
1117 mb=data;
1118 for (n=0; n<count; n++)
1119 {
1120 if (tif->tif_flags&TIFF_SWAB)
1121 TIFFSwabLong(ma);
1122 err=TIFFReadDirEntryCheckRangeSbyteLong(*ma);
1123 if (err!=TIFFReadDirEntryErrOk)
1124 break;
1125 *mb++=(int8)(*ma++);
1126 }
1127 }
1128 break;
1129 case TIFF_SLONG:
1130 {
1131 int32* ma;
1132 int8* mb;
1133 uint32 n;
1134 ma=(int32*)origdata;
1135 mb=data;
1136 for (n=0; n<count; n++)
1137 {
1138 if (tif->tif_flags&TIFF_SWAB)
1139 TIFFSwabLong((uint32*)ma);
1140 err=TIFFReadDirEntryCheckRangeSbyteSlong(*ma);
1141 if (err!=TIFFReadDirEntryErrOk)
1142 break;
1143 *mb++=(int8)(*ma++);
1144 }
1145 }
1146 break;
1147 case TIFF_LONG8:
1148 {
1149 uint64* ma;
1150 int8* mb;
1151 uint32 n;
1152 ma=(uint64*)origdata;
1153 mb=data;
1154 for (n=0; n<count; n++)
1155 {
1156 if (tif->tif_flags&TIFF_SWAB)
1157 TIFFSwabLong8(ma);
1158 err=TIFFReadDirEntryCheckRangeSbyteLong8(*ma);
1159 if (err!=TIFFReadDirEntryErrOk)
1160 break;
1161 *mb++=(int8)(*ma++);
1162 }
1163 }
1164 break;
1165 case TIFF_SLONG8:
1166 {
1167 int64* ma;
1168 int8* mb;
1169 uint32 n;
1170 ma=(int64*)origdata;
1171 mb=data;
1172 for (n=0; n<count; n++)
1173 {
1174 if (tif->tif_flags&TIFF_SWAB)
1175 TIFFSwabLong8((uint64*)ma);
1176 err=TIFFReadDirEntryCheckRangeSbyteSlong8(*ma);
1177 if (err!=TIFFReadDirEntryErrOk)
1178 break;
1179 *mb++=(int8)(*ma++);
1180 }
1181 }
1182 break;
1183 }
1184 _TIFFfree(origdata);
1185 if (err!=TIFFReadDirEntryErrOk)
1186 {
1187 _TIFFfree(data);
1188 return(err);
1189 }
1190 *value=data;
1191 return(TIFFReadDirEntryErrOk);
1192 }
1193
TIFFReadDirEntryShortArray(TIFF * tif,TIFFDirEntry * direntry,uint16 ** value)1194 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value)
1195 {
1196 enum TIFFReadDirEntryErr err;
1197 uint32 count;
1198 void* origdata;
1199 uint16* data;
1200 switch (direntry->tdir_type)
1201 {
1202 case TIFF_BYTE:
1203 case TIFF_SBYTE:
1204 case TIFF_SHORT:
1205 case TIFF_SSHORT:
1206 case TIFF_LONG:
1207 case TIFF_SLONG:
1208 case TIFF_LONG8:
1209 case TIFF_SLONG8:
1210 break;
1211 default:
1212 return(TIFFReadDirEntryErrType);
1213 }
1214 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1215 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1216 {
1217 *value=0;
1218 return(err);
1219 }
1220 switch (direntry->tdir_type)
1221 {
1222 case TIFF_SHORT:
1223 *value=(uint16*)origdata;
1224 if (tif->tif_flags&TIFF_SWAB)
1225 TIFFSwabArrayOfShort(*value,count);
1226 return(TIFFReadDirEntryErrOk);
1227 case TIFF_SSHORT:
1228 {
1229 int16* m;
1230 uint32 n;
1231 m=(int16*)origdata;
1232 for (n=0; n<count; n++)
1233 {
1234 if (tif->tif_flags&TIFF_SWAB)
1235 TIFFSwabShort((uint16*)m);
1236 err=TIFFReadDirEntryCheckRangeShortSshort(*m);
1237 if (err!=TIFFReadDirEntryErrOk)
1238 {
1239 _TIFFfree(origdata);
1240 return(err);
1241 }
1242 m++;
1243 }
1244 *value=(uint16*)origdata;
1245 return(TIFFReadDirEntryErrOk);
1246 }
1247 }
1248 data=(uint16*)_TIFFmalloc(count*2);
1249 if (data==0)
1250 {
1251 _TIFFfree(origdata);
1252 return(TIFFReadDirEntryErrAlloc);
1253 }
1254 switch (direntry->tdir_type)
1255 {
1256 case TIFF_BYTE:
1257 {
1258 uint8* ma;
1259 uint16* mb;
1260 uint32 n;
1261 ma=(uint8*)origdata;
1262 mb=data;
1263 for (n=0; n<count; n++)
1264 *mb++=(uint16)(*ma++);
1265 }
1266 break;
1267 case TIFF_SBYTE:
1268 {
1269 int8* ma;
1270 uint16* mb;
1271 uint32 n;
1272 ma=(int8*)origdata;
1273 mb=data;
1274 for (n=0; n<count; n++)
1275 {
1276 err=TIFFReadDirEntryCheckRangeShortSbyte(*ma);
1277 if (err!=TIFFReadDirEntryErrOk)
1278 break;
1279 *mb++=(uint16)(*ma++);
1280 }
1281 }
1282 break;
1283 case TIFF_LONG:
1284 {
1285 uint32* ma;
1286 uint16* mb;
1287 uint32 n;
1288 ma=(uint32*)origdata;
1289 mb=data;
1290 for (n=0; n<count; n++)
1291 {
1292 if (tif->tif_flags&TIFF_SWAB)
1293 TIFFSwabLong(ma);
1294 err=TIFFReadDirEntryCheckRangeShortLong(*ma);
1295 if (err!=TIFFReadDirEntryErrOk)
1296 break;
1297 *mb++=(uint16)(*ma++);
1298 }
1299 }
1300 break;
1301 case TIFF_SLONG:
1302 {
1303 int32* ma;
1304 uint16* mb;
1305 uint32 n;
1306 ma=(int32*)origdata;
1307 mb=data;
1308 for (n=0; n<count; n++)
1309 {
1310 if (tif->tif_flags&TIFF_SWAB)
1311 TIFFSwabLong((uint32*)ma);
1312 err=TIFFReadDirEntryCheckRangeShortSlong(*ma);
1313 if (err!=TIFFReadDirEntryErrOk)
1314 break;
1315 *mb++=(uint16)(*ma++);
1316 }
1317 }
1318 break;
1319 case TIFF_LONG8:
1320 {
1321 uint64* ma;
1322 uint16* mb;
1323 uint32 n;
1324 ma=(uint64*)origdata;
1325 mb=data;
1326 for (n=0; n<count; n++)
1327 {
1328 if (tif->tif_flags&TIFF_SWAB)
1329 TIFFSwabLong8(ma);
1330 err=TIFFReadDirEntryCheckRangeShortLong8(*ma);
1331 if (err!=TIFFReadDirEntryErrOk)
1332 break;
1333 *mb++=(uint16)(*ma++);
1334 }
1335 }
1336 break;
1337 case TIFF_SLONG8:
1338 {
1339 int64* ma;
1340 uint16* mb;
1341 uint32 n;
1342 ma=(int64*)origdata;
1343 mb=data;
1344 for (n=0; n<count; n++)
1345 {
1346 if (tif->tif_flags&TIFF_SWAB)
1347 TIFFSwabLong8((uint64*)ma);
1348 err=TIFFReadDirEntryCheckRangeShortSlong8(*ma);
1349 if (err!=TIFFReadDirEntryErrOk)
1350 break;
1351 *mb++=(uint16)(*ma++);
1352 }
1353 }
1354 break;
1355 }
1356 _TIFFfree(origdata);
1357 if (err!=TIFFReadDirEntryErrOk)
1358 {
1359 _TIFFfree(data);
1360 return(err);
1361 }
1362 *value=data;
1363 return(TIFFReadDirEntryErrOk);
1364 }
1365
TIFFReadDirEntrySshortArray(TIFF * tif,TIFFDirEntry * direntry,int16 ** value)1366 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value)
1367 {
1368 enum TIFFReadDirEntryErr err;
1369 uint32 count;
1370 void* origdata;
1371 int16* data;
1372 switch (direntry->tdir_type)
1373 {
1374 case TIFF_BYTE:
1375 case TIFF_SBYTE:
1376 case TIFF_SHORT:
1377 case TIFF_SSHORT:
1378 case TIFF_LONG:
1379 case TIFF_SLONG:
1380 case TIFF_LONG8:
1381 case TIFF_SLONG8:
1382 break;
1383 default:
1384 return(TIFFReadDirEntryErrType);
1385 }
1386 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1387 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1388 {
1389 *value=0;
1390 return(err);
1391 }
1392 switch (direntry->tdir_type)
1393 {
1394 case TIFF_SHORT:
1395 {
1396 uint16* m;
1397 uint32 n;
1398 m=(uint16*)origdata;
1399 for (n=0; n<count; n++)
1400 {
1401 if (tif->tif_flags&TIFF_SWAB)
1402 TIFFSwabShort(m);
1403 err=TIFFReadDirEntryCheckRangeSshortShort(*m);
1404 if (err!=TIFFReadDirEntryErrOk)
1405 {
1406 _TIFFfree(origdata);
1407 return(err);
1408 }
1409 m++;
1410 }
1411 *value=(int16*)origdata;
1412 return(TIFFReadDirEntryErrOk);
1413 }
1414 case TIFF_SSHORT:
1415 *value=(int16*)origdata;
1416 if (tif->tif_flags&TIFF_SWAB)
1417 TIFFSwabArrayOfShort((uint16*)(*value),count);
1418 return(TIFFReadDirEntryErrOk);
1419 }
1420 data=(int16*)_TIFFmalloc(count*2);
1421 if (data==0)
1422 {
1423 _TIFFfree(origdata);
1424 return(TIFFReadDirEntryErrAlloc);
1425 }
1426 switch (direntry->tdir_type)
1427 {
1428 case TIFF_BYTE:
1429 {
1430 uint8* ma;
1431 int16* mb;
1432 uint32 n;
1433 ma=(uint8*)origdata;
1434 mb=data;
1435 for (n=0; n<count; n++)
1436 *mb++=(int16)(*ma++);
1437 }
1438 break;
1439 case TIFF_SBYTE:
1440 {
1441 int8* ma;
1442 int16* mb;
1443 uint32 n;
1444 ma=(int8*)origdata;
1445 mb=data;
1446 for (n=0; n<count; n++)
1447 *mb++=(int16)(*ma++);
1448 }
1449 break;
1450 case TIFF_LONG:
1451 {
1452 uint32* ma;
1453 int16* mb;
1454 uint32 n;
1455 ma=(uint32*)origdata;
1456 mb=data;
1457 for (n=0; n<count; n++)
1458 {
1459 if (tif->tif_flags&TIFF_SWAB)
1460 TIFFSwabLong(ma);
1461 err=TIFFReadDirEntryCheckRangeSshortLong(*ma);
1462 if (err!=TIFFReadDirEntryErrOk)
1463 break;
1464 *mb++=(int16)(*ma++);
1465 }
1466 }
1467 break;
1468 case TIFF_SLONG:
1469 {
1470 int32* ma;
1471 int16* mb;
1472 uint32 n;
1473 ma=(int32*)origdata;
1474 mb=data;
1475 for (n=0; n<count; n++)
1476 {
1477 if (tif->tif_flags&TIFF_SWAB)
1478 TIFFSwabLong((uint32*)ma);
1479 err=TIFFReadDirEntryCheckRangeSshortSlong(*ma);
1480 if (err!=TIFFReadDirEntryErrOk)
1481 break;
1482 *mb++=(int16)(*ma++);
1483 }
1484 }
1485 break;
1486 case TIFF_LONG8:
1487 {
1488 uint64* ma;
1489 int16* mb;
1490 uint32 n;
1491 ma=(uint64*)origdata;
1492 mb=data;
1493 for (n=0; n<count; n++)
1494 {
1495 if (tif->tif_flags&TIFF_SWAB)
1496 TIFFSwabLong8(ma);
1497 err=TIFFReadDirEntryCheckRangeSshortLong8(*ma);
1498 if (err!=TIFFReadDirEntryErrOk)
1499 break;
1500 *mb++=(int16)(*ma++);
1501 }
1502 }
1503 break;
1504 case TIFF_SLONG8:
1505 {
1506 int64* ma;
1507 int16* mb;
1508 uint32 n;
1509 ma=(int64*)origdata;
1510 mb=data;
1511 for (n=0; n<count; n++)
1512 {
1513 if (tif->tif_flags&TIFF_SWAB)
1514 TIFFSwabLong8((uint64*)ma);
1515 err=TIFFReadDirEntryCheckRangeSshortSlong8(*ma);
1516 if (err!=TIFFReadDirEntryErrOk)
1517 break;
1518 *mb++=(int16)(*ma++);
1519 }
1520 }
1521 break;
1522 }
1523 _TIFFfree(origdata);
1524 if (err!=TIFFReadDirEntryErrOk)
1525 {
1526 _TIFFfree(data);
1527 return(err);
1528 }
1529 *value=data;
1530 return(TIFFReadDirEntryErrOk);
1531 }
1532
TIFFReadDirEntryLongArray(TIFF * tif,TIFFDirEntry * direntry,uint32 ** value)1533 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value)
1534 {
1535 enum TIFFReadDirEntryErr err;
1536 uint32 count;
1537 void* origdata;
1538 uint32* data;
1539 switch (direntry->tdir_type)
1540 {
1541 case TIFF_BYTE:
1542 case TIFF_SBYTE:
1543 case TIFF_SHORT:
1544 case TIFF_SSHORT:
1545 case TIFF_LONG:
1546 case TIFF_SLONG:
1547 case TIFF_LONG8:
1548 case TIFF_SLONG8:
1549 break;
1550 default:
1551 return(TIFFReadDirEntryErrType);
1552 }
1553 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1554 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1555 {
1556 *value=0;
1557 return(err);
1558 }
1559 switch (direntry->tdir_type)
1560 {
1561 case TIFF_LONG:
1562 *value=(uint32*)origdata;
1563 if (tif->tif_flags&TIFF_SWAB)
1564 TIFFSwabArrayOfLong(*value,count);
1565 return(TIFFReadDirEntryErrOk);
1566 case TIFF_SLONG:
1567 {
1568 int32* m;
1569 uint32 n;
1570 m=(int32*)origdata;
1571 for (n=0; n<count; n++)
1572 {
1573 if (tif->tif_flags&TIFF_SWAB)
1574 TIFFSwabLong((uint32*)m);
1575 err=TIFFReadDirEntryCheckRangeLongSlong(*m);
1576 if (err!=TIFFReadDirEntryErrOk)
1577 {
1578 _TIFFfree(origdata);
1579 return(err);
1580 }
1581 m++;
1582 }
1583 *value=(uint32*)origdata;
1584 return(TIFFReadDirEntryErrOk);
1585 }
1586 }
1587 data=(uint32*)_TIFFmalloc(count*4);
1588 if (data==0)
1589 {
1590 _TIFFfree(origdata);
1591 return(TIFFReadDirEntryErrAlloc);
1592 }
1593 switch (direntry->tdir_type)
1594 {
1595 case TIFF_BYTE:
1596 {
1597 uint8* ma;
1598 uint32* mb;
1599 uint32 n;
1600 ma=(uint8*)origdata;
1601 mb=data;
1602 for (n=0; n<count; n++)
1603 *mb++=(uint32)(*ma++);
1604 }
1605 break;
1606 case TIFF_SBYTE:
1607 {
1608 int8* ma;
1609 uint32* mb;
1610 uint32 n;
1611 ma=(int8*)origdata;
1612 mb=data;
1613 for (n=0; n<count; n++)
1614 {
1615 err=TIFFReadDirEntryCheckRangeLongSbyte(*ma);
1616 if (err!=TIFFReadDirEntryErrOk)
1617 break;
1618 *mb++=(uint32)(*ma++);
1619 }
1620 }
1621 break;
1622 case TIFF_SHORT:
1623 {
1624 uint16* ma;
1625 uint32* mb;
1626 uint32 n;
1627 ma=(uint16*)origdata;
1628 mb=data;
1629 for (n=0; n<count; n++)
1630 {
1631 if (tif->tif_flags&TIFF_SWAB)
1632 TIFFSwabShort(ma);
1633 *mb++=(uint32)(*ma++);
1634 }
1635 }
1636 break;
1637 case TIFF_SSHORT:
1638 {
1639 int16* ma;
1640 uint32* mb;
1641 uint32 n;
1642 ma=(int16*)origdata;
1643 mb=data;
1644 for (n=0; n<count; n++)
1645 {
1646 if (tif->tif_flags&TIFF_SWAB)
1647 TIFFSwabShort((uint16*)ma);
1648 err=TIFFReadDirEntryCheckRangeLongSshort(*ma);
1649 if (err!=TIFFReadDirEntryErrOk)
1650 break;
1651 *mb++=(uint32)(*ma++);
1652 }
1653 }
1654 break;
1655 case TIFF_LONG8:
1656 {
1657 uint64* ma;
1658 uint32* mb;
1659 uint32 n;
1660 ma=(uint64*)origdata;
1661 mb=data;
1662 for (n=0; n<count; n++)
1663 {
1664 if (tif->tif_flags&TIFF_SWAB)
1665 TIFFSwabLong8(ma);
1666 err=TIFFReadDirEntryCheckRangeLongLong8(*ma);
1667 if (err!=TIFFReadDirEntryErrOk)
1668 break;
1669 *mb++=(uint32)(*ma++);
1670 }
1671 }
1672 break;
1673 case TIFF_SLONG8:
1674 {
1675 int64* ma;
1676 uint32* mb;
1677 uint32 n;
1678 ma=(int64*)origdata;
1679 mb=data;
1680 for (n=0; n<count; n++)
1681 {
1682 if (tif->tif_flags&TIFF_SWAB)
1683 TIFFSwabLong8((uint64*)ma);
1684 err=TIFFReadDirEntryCheckRangeLongSlong8(*ma);
1685 if (err!=TIFFReadDirEntryErrOk)
1686 break;
1687 *mb++=(uint32)(*ma++);
1688 }
1689 }
1690 break;
1691 }
1692 _TIFFfree(origdata);
1693 if (err!=TIFFReadDirEntryErrOk)
1694 {
1695 _TIFFfree(data);
1696 return(err);
1697 }
1698 *value=data;
1699 return(TIFFReadDirEntryErrOk);
1700 }
1701
TIFFReadDirEntrySlongArray(TIFF * tif,TIFFDirEntry * direntry,int32 ** value)1702 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value)
1703 {
1704 enum TIFFReadDirEntryErr err;
1705 uint32 count;
1706 void* origdata;
1707 int32* data;
1708 switch (direntry->tdir_type)
1709 {
1710 case TIFF_BYTE:
1711 case TIFF_SBYTE:
1712 case TIFF_SHORT:
1713 case TIFF_SSHORT:
1714 case TIFF_LONG:
1715 case TIFF_SLONG:
1716 case TIFF_LONG8:
1717 case TIFF_SLONG8:
1718 break;
1719 default:
1720 return(TIFFReadDirEntryErrType);
1721 }
1722 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1723 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1724 {
1725 *value=0;
1726 return(err);
1727 }
1728 switch (direntry->tdir_type)
1729 {
1730 case TIFF_LONG:
1731 {
1732 uint32* m;
1733 uint32 n;
1734 m=(uint32*)origdata;
1735 for (n=0; n<count; n++)
1736 {
1737 if (tif->tif_flags&TIFF_SWAB)
1738 TIFFSwabLong((uint32*)m);
1739 err=TIFFReadDirEntryCheckRangeSlongLong(*m);
1740 if (err!=TIFFReadDirEntryErrOk)
1741 {
1742 _TIFFfree(origdata);
1743 return(err);
1744 }
1745 m++;
1746 }
1747 *value=(int32*)origdata;
1748 return(TIFFReadDirEntryErrOk);
1749 }
1750 case TIFF_SLONG:
1751 *value=(int32*)origdata;
1752 if (tif->tif_flags&TIFF_SWAB)
1753 TIFFSwabArrayOfLong((uint32*)(*value),count);
1754 return(TIFFReadDirEntryErrOk);
1755 }
1756 data=(int32*)_TIFFmalloc(count*4);
1757 if (data==0)
1758 {
1759 _TIFFfree(origdata);
1760 return(TIFFReadDirEntryErrAlloc);
1761 }
1762 switch (direntry->tdir_type)
1763 {
1764 case TIFF_BYTE:
1765 {
1766 uint8* ma;
1767 int32* mb;
1768 uint32 n;
1769 ma=(uint8*)origdata;
1770 mb=data;
1771 for (n=0; n<count; n++)
1772 *mb++=(int32)(*ma++);
1773 }
1774 break;
1775 case TIFF_SBYTE:
1776 {
1777 int8* ma;
1778 int32* mb;
1779 uint32 n;
1780 ma=(int8*)origdata;
1781 mb=data;
1782 for (n=0; n<count; n++)
1783 *mb++=(int32)(*ma++);
1784 }
1785 break;
1786 case TIFF_SHORT:
1787 {
1788 uint16* ma;
1789 int32* mb;
1790 uint32 n;
1791 ma=(uint16*)origdata;
1792 mb=data;
1793 for (n=0; n<count; n++)
1794 {
1795 if (tif->tif_flags&TIFF_SWAB)
1796 TIFFSwabShort(ma);
1797 *mb++=(int32)(*ma++);
1798 }
1799 }
1800 break;
1801 case TIFF_SSHORT:
1802 {
1803 int16* ma;
1804 int32* mb;
1805 uint32 n;
1806 ma=(int16*)origdata;
1807 mb=data;
1808 for (n=0; n<count; n++)
1809 {
1810 if (tif->tif_flags&TIFF_SWAB)
1811 TIFFSwabShort((uint16*)ma);
1812 *mb++=(int32)(*ma++);
1813 }
1814 }
1815 break;
1816 case TIFF_LONG8:
1817 {
1818 uint64* ma;
1819 int32* mb;
1820 uint32 n;
1821 ma=(uint64*)origdata;
1822 mb=data;
1823 for (n=0; n<count; n++)
1824 {
1825 if (tif->tif_flags&TIFF_SWAB)
1826 TIFFSwabLong8(ma);
1827 err=TIFFReadDirEntryCheckRangeSlongLong8(*ma);
1828 if (err!=TIFFReadDirEntryErrOk)
1829 break;
1830 *mb++=(int32)(*ma++);
1831 }
1832 }
1833 break;
1834 case TIFF_SLONG8:
1835 {
1836 int64* ma;
1837 int32* mb;
1838 uint32 n;
1839 ma=(int64*)origdata;
1840 mb=data;
1841 for (n=0; n<count; n++)
1842 {
1843 if (tif->tif_flags&TIFF_SWAB)
1844 TIFFSwabLong8((uint64*)ma);
1845 err=TIFFReadDirEntryCheckRangeSlongSlong8(*ma);
1846 if (err!=TIFFReadDirEntryErrOk)
1847 break;
1848 *mb++=(int32)(*ma++);
1849 }
1850 }
1851 break;
1852 }
1853 _TIFFfree(origdata);
1854 if (err!=TIFFReadDirEntryErrOk)
1855 {
1856 _TIFFfree(data);
1857 return(err);
1858 }
1859 *value=data;
1860 return(TIFFReadDirEntryErrOk);
1861 }
1862
TIFFReadDirEntryLong8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)1863 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
1864 {
1865 enum TIFFReadDirEntryErr err;
1866 uint32 count;
1867 void* origdata;
1868 uint64* data;
1869 switch (direntry->tdir_type)
1870 {
1871 case TIFF_BYTE:
1872 case TIFF_SBYTE:
1873 case TIFF_SHORT:
1874 case TIFF_SSHORT:
1875 case TIFF_LONG:
1876 case TIFF_SLONG:
1877 case TIFF_LONG8:
1878 case TIFF_SLONG8:
1879 break;
1880 default:
1881 return(TIFFReadDirEntryErrType);
1882 }
1883 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
1884 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1885 {
1886 *value=0;
1887 return(err);
1888 }
1889 switch (direntry->tdir_type)
1890 {
1891 case TIFF_LONG8:
1892 *value=(uint64*)origdata;
1893 if (tif->tif_flags&TIFF_SWAB)
1894 TIFFSwabArrayOfLong8(*value,count);
1895 return(TIFFReadDirEntryErrOk);
1896 case TIFF_SLONG8:
1897 {
1898 int64* m;
1899 uint32 n;
1900 m=(int64*)origdata;
1901 for (n=0; n<count; n++)
1902 {
1903 if (tif->tif_flags&TIFF_SWAB)
1904 TIFFSwabLong8((uint64*)m);
1905 err=TIFFReadDirEntryCheckRangeLong8Slong8(*m);
1906 if (err!=TIFFReadDirEntryErrOk)
1907 {
1908 _TIFFfree(origdata);
1909 return(err);
1910 }
1911 m++;
1912 }
1913 *value=(uint64*)origdata;
1914 return(TIFFReadDirEntryErrOk);
1915 }
1916 }
1917 data=(uint64*)_TIFFmalloc(count*8);
1918 if (data==0)
1919 {
1920 _TIFFfree(origdata);
1921 return(TIFFReadDirEntryErrAlloc);
1922 }
1923 switch (direntry->tdir_type)
1924 {
1925 case TIFF_BYTE:
1926 {
1927 uint8* ma;
1928 uint64* mb;
1929 uint32 n;
1930 ma=(uint8*)origdata;
1931 mb=data;
1932 for (n=0; n<count; n++)
1933 *mb++=(uint64)(*ma++);
1934 }
1935 break;
1936 case TIFF_SBYTE:
1937 {
1938 int8* ma;
1939 uint64* mb;
1940 uint32 n;
1941 ma=(int8*)origdata;
1942 mb=data;
1943 for (n=0; n<count; n++)
1944 {
1945 err=TIFFReadDirEntryCheckRangeLong8Sbyte(*ma);
1946 if (err!=TIFFReadDirEntryErrOk)
1947 break;
1948 *mb++=(uint64)(*ma++);
1949 }
1950 }
1951 break;
1952 case TIFF_SHORT:
1953 {
1954 uint16* ma;
1955 uint64* mb;
1956 uint32 n;
1957 ma=(uint16*)origdata;
1958 mb=data;
1959 for (n=0; n<count; n++)
1960 {
1961 if (tif->tif_flags&TIFF_SWAB)
1962 TIFFSwabShort(ma);
1963 *mb++=(uint64)(*ma++);
1964 }
1965 }
1966 break;
1967 case TIFF_SSHORT:
1968 {
1969 int16* ma;
1970 uint64* mb;
1971 uint32 n;
1972 ma=(int16*)origdata;
1973 mb=data;
1974 for (n=0; n<count; n++)
1975 {
1976 if (tif->tif_flags&TIFF_SWAB)
1977 TIFFSwabShort((uint16*)ma);
1978 err=TIFFReadDirEntryCheckRangeLong8Sshort(*ma);
1979 if (err!=TIFFReadDirEntryErrOk)
1980 break;
1981 *mb++=(uint64)(*ma++);
1982 }
1983 }
1984 break;
1985 case TIFF_LONG:
1986 {
1987 uint32* ma;
1988 uint64* mb;
1989 uint32 n;
1990 ma=(uint32*)origdata;
1991 mb=data;
1992 for (n=0; n<count; n++)
1993 {
1994 if (tif->tif_flags&TIFF_SWAB)
1995 TIFFSwabLong(ma);
1996 *mb++=(uint64)(*ma++);
1997 }
1998 }
1999 break;
2000 case TIFF_SLONG:
2001 {
2002 int32* ma;
2003 uint64* mb;
2004 uint32 n;
2005 ma=(int32*)origdata;
2006 mb=data;
2007 for (n=0; n<count; n++)
2008 {
2009 if (tif->tif_flags&TIFF_SWAB)
2010 TIFFSwabLong((uint32*)ma);
2011 err=TIFFReadDirEntryCheckRangeLong8Slong(*ma);
2012 if (err!=TIFFReadDirEntryErrOk)
2013 break;
2014 *mb++=(uint64)(*ma++);
2015 }
2016 }
2017 break;
2018 }
2019 _TIFFfree(origdata);
2020 if (err!=TIFFReadDirEntryErrOk)
2021 {
2022 _TIFFfree(data);
2023 return(err);
2024 }
2025 *value=data;
2026 return(TIFFReadDirEntryErrOk);
2027 }
2028
TIFFReadDirEntrySlong8Array(TIFF * tif,TIFFDirEntry * direntry,int64 ** value)2029 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value)
2030 {
2031 enum TIFFReadDirEntryErr err;
2032 uint32 count;
2033 void* origdata;
2034 int64* data;
2035 switch (direntry->tdir_type)
2036 {
2037 case TIFF_BYTE:
2038 case TIFF_SBYTE:
2039 case TIFF_SHORT:
2040 case TIFF_SSHORT:
2041 case TIFF_LONG:
2042 case TIFF_SLONG:
2043 case TIFF_LONG8:
2044 case TIFF_SLONG8:
2045 break;
2046 default:
2047 return(TIFFReadDirEntryErrType);
2048 }
2049 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2050 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2051 {
2052 *value=0;
2053 return(err);
2054 }
2055 switch (direntry->tdir_type)
2056 {
2057 case TIFF_LONG8:
2058 {
2059 uint64* m;
2060 uint32 n;
2061 m=(uint64*)origdata;
2062 for (n=0; n<count; n++)
2063 {
2064 if (tif->tif_flags&TIFF_SWAB)
2065 TIFFSwabLong8(m);
2066 err=TIFFReadDirEntryCheckRangeSlong8Long8(*m);
2067 if (err!=TIFFReadDirEntryErrOk)
2068 {
2069 _TIFFfree(origdata);
2070 return(err);
2071 }
2072 m++;
2073 }
2074 *value=(int64*)origdata;
2075 return(TIFFReadDirEntryErrOk);
2076 }
2077 case TIFF_SLONG8:
2078 *value=(int64*)origdata;
2079 if (tif->tif_flags&TIFF_SWAB)
2080 TIFFSwabArrayOfLong8((uint64*)(*value),count);
2081 return(TIFFReadDirEntryErrOk);
2082 }
2083 data=(int64*)_TIFFmalloc(count*8);
2084 if (data==0)
2085 {
2086 _TIFFfree(origdata);
2087 return(TIFFReadDirEntryErrAlloc);
2088 }
2089 switch (direntry->tdir_type)
2090 {
2091 case TIFF_BYTE:
2092 {
2093 uint8* ma;
2094 int64* mb;
2095 uint32 n;
2096 ma=(uint8*)origdata;
2097 mb=data;
2098 for (n=0; n<count; n++)
2099 *mb++=(int64)(*ma++);
2100 }
2101 break;
2102 case TIFF_SBYTE:
2103 {
2104 int8* ma;
2105 int64* mb;
2106 uint32 n;
2107 ma=(int8*)origdata;
2108 mb=data;
2109 for (n=0; n<count; n++)
2110 *mb++=(int64)(*ma++);
2111 }
2112 break;
2113 case TIFF_SHORT:
2114 {
2115 uint16* ma;
2116 int64* mb;
2117 uint32 n;
2118 ma=(uint16*)origdata;
2119 mb=data;
2120 for (n=0; n<count; n++)
2121 {
2122 if (tif->tif_flags&TIFF_SWAB)
2123 TIFFSwabShort(ma);
2124 *mb++=(int64)(*ma++);
2125 }
2126 }
2127 break;
2128 case TIFF_SSHORT:
2129 {
2130 int16* ma;
2131 int64* mb;
2132 uint32 n;
2133 ma=(int16*)origdata;
2134 mb=data;
2135 for (n=0; n<count; n++)
2136 {
2137 if (tif->tif_flags&TIFF_SWAB)
2138 TIFFSwabShort((uint16*)ma);
2139 *mb++=(int64)(*ma++);
2140 }
2141 }
2142 break;
2143 case TIFF_LONG:
2144 {
2145 uint32* ma;
2146 int64* mb;
2147 uint32 n;
2148 ma=(uint32*)origdata;
2149 mb=data;
2150 for (n=0; n<count; n++)
2151 {
2152 if (tif->tif_flags&TIFF_SWAB)
2153 TIFFSwabLong(ma);
2154 *mb++=(int64)(*ma++);
2155 }
2156 }
2157 break;
2158 case TIFF_SLONG:
2159 {
2160 int32* ma;
2161 int64* mb;
2162 uint32 n;
2163 ma=(int32*)origdata;
2164 mb=data;
2165 for (n=0; n<count; n++)
2166 {
2167 if (tif->tif_flags&TIFF_SWAB)
2168 TIFFSwabLong((uint32*)ma);
2169 *mb++=(int64)(*ma++);
2170 }
2171 }
2172 break;
2173 }
2174 _TIFFfree(origdata);
2175 if (err!=TIFFReadDirEntryErrOk)
2176 {
2177 _TIFFfree(data);
2178 return(err);
2179 }
2180 *value=data;
2181 return(TIFFReadDirEntryErrOk);
2182 }
2183
TIFFReadDirEntryFloatArray(TIFF * tif,TIFFDirEntry * direntry,float ** value)2184 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value)
2185 {
2186 enum TIFFReadDirEntryErr err;
2187 uint32 count;
2188 void* origdata;
2189 float* data;
2190 switch (direntry->tdir_type)
2191 {
2192 case TIFF_BYTE:
2193 case TIFF_SBYTE:
2194 case TIFF_SHORT:
2195 case TIFF_SSHORT:
2196 case TIFF_LONG:
2197 case TIFF_SLONG:
2198 case TIFF_LONG8:
2199 case TIFF_SLONG8:
2200 case TIFF_RATIONAL:
2201 case TIFF_SRATIONAL:
2202 case TIFF_FLOAT:
2203 case TIFF_DOUBLE:
2204 break;
2205 default:
2206 return(TIFFReadDirEntryErrType);
2207 }
2208 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
2209 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2210 {
2211 *value=0;
2212 return(err);
2213 }
2214 switch (direntry->tdir_type)
2215 {
2216 case TIFF_FLOAT:
2217 if (tif->tif_flags&TIFF_SWAB)
2218 TIFFSwabArrayOfLong((uint32*)origdata,count);
2219 TIFFCvtIEEEDoubleToNative(tif,count,(float*)origdata);
2220 *value=(float*)origdata;
2221 return(TIFFReadDirEntryErrOk);
2222 }
2223 data=(float*)_TIFFmalloc(count*sizeof(float));
2224 if (data==0)
2225 {
2226 _TIFFfree(origdata);
2227 return(TIFFReadDirEntryErrAlloc);
2228 }
2229 switch (direntry->tdir_type)
2230 {
2231 case TIFF_BYTE:
2232 {
2233 uint8* ma;
2234 float* mb;
2235 uint32 n;
2236 ma=(uint8*)origdata;
2237 mb=data;
2238 for (n=0; n<count; n++)
2239 *mb++=(float)(*ma++);
2240 }
2241 break;
2242 case TIFF_SBYTE:
2243 {
2244 int8* ma;
2245 float* mb;
2246 uint32 n;
2247 ma=(int8*)origdata;
2248 mb=data;
2249 for (n=0; n<count; n++)
2250 *mb++=(float)(*ma++);
2251 }
2252 break;
2253 case TIFF_SHORT:
2254 {
2255 uint16* ma;
2256 float* mb;
2257 uint32 n;
2258 ma=(uint16*)origdata;
2259 mb=data;
2260 for (n=0; n<count; n++)
2261 {
2262 if (tif->tif_flags&TIFF_SWAB)
2263 TIFFSwabShort(ma);
2264 *mb++=(float)(*ma++);
2265 }
2266 }
2267 break;
2268 case TIFF_SSHORT:
2269 {
2270 int16* ma;
2271 float* mb;
2272 uint32 n;
2273 ma=(int16*)origdata;
2274 mb=data;
2275 for (n=0; n<count; n++)
2276 {
2277 if (tif->tif_flags&TIFF_SWAB)
2278 TIFFSwabShort((uint16*)ma);
2279 *mb++=(float)(*ma++);
2280 }
2281 }
2282 break;
2283 case TIFF_LONG:
2284 {
2285 uint32* ma;
2286 float* mb;
2287 uint32 n;
2288 ma=(uint32*)origdata;
2289 mb=data;
2290 for (n=0; n<count; n++)
2291 {
2292 if (tif->tif_flags&TIFF_SWAB)
2293 TIFFSwabLong(ma);
2294 *mb++=(float)(*ma++);
2295 }
2296 }
2297 break;
2298 case TIFF_SLONG:
2299 {
2300 int32* ma;
2301 float* mb;
2302 uint32 n;
2303 ma=(int32*)origdata;
2304 mb=data;
2305 for (n=0; n<count; n++)
2306 {
2307 if (tif->tif_flags&TIFF_SWAB)
2308 TIFFSwabLong((uint32*)ma);
2309 *mb++=(float)(*ma++);
2310 }
2311 }
2312 break;
2313 case TIFF_LONG8:
2314 {
2315 uint64* ma;
2316 float* mb;
2317 uint32 n;
2318 ma=(uint64*)origdata;
2319 mb=data;
2320 for (n=0; n<count; n++)
2321 {
2322 if (tif->tif_flags&TIFF_SWAB)
2323 TIFFSwabLong8(ma);
2324 #if defined(__WIN32__) && (_MSC_VER < 1500)
2325 /*
2326 * XXX: MSVC 6.0 does not support
2327 * conversion of 64-bit integers into
2328 * floating point values.
2329 */
2330 *mb++ = _TIFFUInt64ToFloat(*ma++);
2331 #else
2332 *mb++ = (float)(*ma++);
2333 #endif
2334 }
2335 }
2336 break;
2337 case TIFF_SLONG8:
2338 {
2339 int64* ma;
2340 float* mb;
2341 uint32 n;
2342 ma=(int64*)origdata;
2343 mb=data;
2344 for (n=0; n<count; n++)
2345 {
2346 if (tif->tif_flags&TIFF_SWAB)
2347 TIFFSwabLong8((uint64*)ma);
2348 *mb++=(float)(*ma++);
2349 }
2350 }
2351 break;
2352 case TIFF_RATIONAL:
2353 {
2354 uint32* ma;
2355 uint32 maa;
2356 uint32 mab;
2357 float* mb;
2358 uint32 n;
2359 ma=(uint32*)origdata;
2360 mb=data;
2361 for (n=0; n<count; n++)
2362 {
2363 if (tif->tif_flags&TIFF_SWAB)
2364 TIFFSwabLong(ma);
2365 maa=*ma++;
2366 if (tif->tif_flags&TIFF_SWAB)
2367 TIFFSwabLong(ma);
2368 mab=*ma++;
2369 if (mab==0)
2370 *mb++=0.0;
2371 else
2372 *mb++=(float)maa/(float)mab;
2373 }
2374 }
2375 break;
2376 case TIFF_SRATIONAL:
2377 {
2378 uint32* ma;
2379 int32 maa;
2380 uint32 mab;
2381 float* mb;
2382 uint32 n;
2383 ma=(uint32*)origdata;
2384 mb=data;
2385 for (n=0; n<count; n++)
2386 {
2387 if (tif->tif_flags&TIFF_SWAB)
2388 TIFFSwabLong(ma);
2389 maa=*(int32*)ma;
2390 ma++;
2391 if (tif->tif_flags&TIFF_SWAB)
2392 TIFFSwabLong(ma);
2393 mab=*ma++;
2394 if (mab==0)
2395 *mb++=0.0;
2396 else
2397 *mb++=(float)maa/(float)mab;
2398 }
2399 }
2400 break;
2401 case TIFF_DOUBLE:
2402 {
2403 double* ma;
2404 float* mb;
2405 uint32 n;
2406 if (tif->tif_flags&TIFF_SWAB)
2407 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2408 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2409 ma=(double*)origdata;
2410 mb=data;
2411 for (n=0; n<count; n++)
2412 *mb++=(float)(*ma++);
2413 }
2414 break;
2415 }
2416 _TIFFfree(origdata);
2417 if (err!=TIFFReadDirEntryErrOk)
2418 {
2419 _TIFFfree(data);
2420 return(err);
2421 }
2422 *value=data;
2423 return(TIFFReadDirEntryErrOk);
2424 }
2425
2426 static enum TIFFReadDirEntryErr
TIFFReadDirEntryDoubleArray(TIFF * tif,TIFFDirEntry * direntry,double ** value)2427 TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value)
2428 {
2429 enum TIFFReadDirEntryErr err;
2430 uint32 count;
2431 void* origdata;
2432 double* data;
2433 switch (direntry->tdir_type)
2434 {
2435 case TIFF_BYTE:
2436 case TIFF_SBYTE:
2437 case TIFF_SHORT:
2438 case TIFF_SSHORT:
2439 case TIFF_LONG:
2440 case TIFF_SLONG:
2441 case TIFF_LONG8:
2442 case TIFF_SLONG8:
2443 case TIFF_RATIONAL:
2444 case TIFF_SRATIONAL:
2445 case TIFF_FLOAT:
2446 case TIFF_DOUBLE:
2447 break;
2448 default:
2449 return(TIFFReadDirEntryErrType);
2450 }
2451 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2452 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2453 {
2454 *value=0;
2455 return(err);
2456 }
2457 switch (direntry->tdir_type)
2458 {
2459 case TIFF_DOUBLE:
2460 if (tif->tif_flags&TIFF_SWAB)
2461 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2462 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2463 *value=(double*)origdata;
2464 return(TIFFReadDirEntryErrOk);
2465 }
2466 data=(double*)_TIFFmalloc(count*sizeof(double));
2467 if (data==0)
2468 {
2469 _TIFFfree(origdata);
2470 return(TIFFReadDirEntryErrAlloc);
2471 }
2472 switch (direntry->tdir_type)
2473 {
2474 case TIFF_BYTE:
2475 {
2476 uint8* ma;
2477 double* mb;
2478 uint32 n;
2479 ma=(uint8*)origdata;
2480 mb=data;
2481 for (n=0; n<count; n++)
2482 *mb++=(double)(*ma++);
2483 }
2484 break;
2485 case TIFF_SBYTE:
2486 {
2487 int8* ma;
2488 double* mb;
2489 uint32 n;
2490 ma=(int8*)origdata;
2491 mb=data;
2492 for (n=0; n<count; n++)
2493 *mb++=(double)(*ma++);
2494 }
2495 break;
2496 case TIFF_SHORT:
2497 {
2498 uint16* ma;
2499 double* mb;
2500 uint32 n;
2501 ma=(uint16*)origdata;
2502 mb=data;
2503 for (n=0; n<count; n++)
2504 {
2505 if (tif->tif_flags&TIFF_SWAB)
2506 TIFFSwabShort(ma);
2507 *mb++=(double)(*ma++);
2508 }
2509 }
2510 break;
2511 case TIFF_SSHORT:
2512 {
2513 int16* ma;
2514 double* mb;
2515 uint32 n;
2516 ma=(int16*)origdata;
2517 mb=data;
2518 for (n=0; n<count; n++)
2519 {
2520 if (tif->tif_flags&TIFF_SWAB)
2521 TIFFSwabShort((uint16*)ma);
2522 *mb++=(double)(*ma++);
2523 }
2524 }
2525 break;
2526 case TIFF_LONG:
2527 {
2528 uint32* ma;
2529 double* mb;
2530 uint32 n;
2531 ma=(uint32*)origdata;
2532 mb=data;
2533 for (n=0; n<count; n++)
2534 {
2535 if (tif->tif_flags&TIFF_SWAB)
2536 TIFFSwabLong(ma);
2537 *mb++=(double)(*ma++);
2538 }
2539 }
2540 break;
2541 case TIFF_SLONG:
2542 {
2543 int32* ma;
2544 double* mb;
2545 uint32 n;
2546 ma=(int32*)origdata;
2547 mb=data;
2548 for (n=0; n<count; n++)
2549 {
2550 if (tif->tif_flags&TIFF_SWAB)
2551 TIFFSwabLong((uint32*)ma);
2552 *mb++=(double)(*ma++);
2553 }
2554 }
2555 break;
2556 case TIFF_LONG8:
2557 {
2558 uint64* ma;
2559 double* mb;
2560 uint32 n;
2561 ma=(uint64*)origdata;
2562 mb=data;
2563 for (n=0; n<count; n++)
2564 {
2565 if (tif->tif_flags&TIFF_SWAB)
2566 TIFFSwabLong8(ma);
2567 #if defined(__WIN32__) && (_MSC_VER < 1500)
2568 /*
2569 * XXX: MSVC 6.0 does not support
2570 * conversion of 64-bit integers into
2571 * floating point values.
2572 */
2573 *mb++ = _TIFFUInt64ToDouble(*ma++);
2574 #else
2575 *mb++ = (double)(*ma++);
2576 #endif
2577 }
2578 }
2579 break;
2580 case TIFF_SLONG8:
2581 {
2582 int64* ma;
2583 double* mb;
2584 uint32 n;
2585 ma=(int64*)origdata;
2586 mb=data;
2587 for (n=0; n<count; n++)
2588 {
2589 if (tif->tif_flags&TIFF_SWAB)
2590 TIFFSwabLong8((uint64*)ma);
2591 *mb++=(double)(*ma++);
2592 }
2593 }
2594 break;
2595 case TIFF_RATIONAL:
2596 {
2597 uint32* ma;
2598 uint32 maa;
2599 uint32 mab;
2600 double* mb;
2601 uint32 n;
2602 ma=(uint32*)origdata;
2603 mb=data;
2604 for (n=0; n<count; n++)
2605 {
2606 if (tif->tif_flags&TIFF_SWAB)
2607 TIFFSwabLong(ma);
2608 maa=*ma++;
2609 if (tif->tif_flags&TIFF_SWAB)
2610 TIFFSwabLong(ma);
2611 mab=*ma++;
2612 if (mab==0)
2613 *mb++=0.0;
2614 else
2615 *mb++=(double)maa/(double)mab;
2616 }
2617 }
2618 break;
2619 case TIFF_SRATIONAL:
2620 {
2621 uint32* ma;
2622 int32 maa;
2623 uint32 mab;
2624 double* mb;
2625 uint32 n;
2626 ma=(uint32*)origdata;
2627 mb=data;
2628 for (n=0; n<count; n++)
2629 {
2630 if (tif->tif_flags&TIFF_SWAB)
2631 TIFFSwabLong(ma);
2632 maa=*(int32*)ma;
2633 ma++;
2634 if (tif->tif_flags&TIFF_SWAB)
2635 TIFFSwabLong(ma);
2636 mab=*ma++;
2637 if (mab==0)
2638 *mb++=0.0;
2639 else
2640 *mb++=(double)maa/(double)mab;
2641 }
2642 }
2643 break;
2644 case TIFF_FLOAT:
2645 {
2646 float* ma;
2647 double* mb;
2648 uint32 n;
2649 if (tif->tif_flags&TIFF_SWAB)
2650 TIFFSwabArrayOfLong((uint32*)origdata,count);
2651 TIFFCvtIEEEFloatToNative(tif,count,(float*)origdata);
2652 ma=(float*)origdata;
2653 mb=data;
2654 for (n=0; n<count; n++)
2655 *mb++=(double)(*ma++);
2656 }
2657 break;
2658 }
2659 _TIFFfree(origdata);
2660 if (err!=TIFFReadDirEntryErrOk)
2661 {
2662 _TIFFfree(data);
2663 return(err);
2664 }
2665 *value=data;
2666 return(TIFFReadDirEntryErrOk);
2667 }
2668
TIFFReadDirEntryIfd8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2669 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2670 {
2671 enum TIFFReadDirEntryErr err;
2672 uint32 count;
2673 void* origdata;
2674 uint64* data;
2675 switch (direntry->tdir_type)
2676 {
2677 case TIFF_LONG:
2678 case TIFF_LONG8:
2679 case TIFF_IFD:
2680 case TIFF_IFD8:
2681 break;
2682 default:
2683 return(TIFFReadDirEntryErrType);
2684 }
2685 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2686 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2687 {
2688 *value=0;
2689 return(err);
2690 }
2691 switch (direntry->tdir_type)
2692 {
2693 case TIFF_LONG8:
2694 case TIFF_IFD8:
2695 *value=(uint64*)origdata;
2696 if (tif->tif_flags&TIFF_SWAB)
2697 TIFFSwabArrayOfLong8(*value,count);
2698 return(TIFFReadDirEntryErrOk);
2699 }
2700 data=(uint64*)_TIFFmalloc(count*8);
2701 if (data==0)
2702 {
2703 _TIFFfree(origdata);
2704 return(TIFFReadDirEntryErrAlloc);
2705 }
2706 switch (direntry->tdir_type)
2707 {
2708 case TIFF_LONG:
2709 case TIFF_IFD:
2710 {
2711 uint32* ma;
2712 uint64* mb;
2713 uint32 n;
2714 ma=(uint32*)origdata;
2715 mb=data;
2716 for (n=0; n<count; n++)
2717 {
2718 if (tif->tif_flags&TIFF_SWAB)
2719 TIFFSwabLong(ma);
2720 *mb++=(uint64)(*ma++);
2721 }
2722 }
2723 break;
2724 }
2725 _TIFFfree(origdata);
2726 if (err!=TIFFReadDirEntryErrOk)
2727 {
2728 _TIFFfree(data);
2729 return(err);
2730 }
2731 *value=data;
2732 return(TIFFReadDirEntryErrOk);
2733 }
2734
TIFFReadDirEntryPersampleShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2735 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2736 {
2737 enum TIFFReadDirEntryErr err;
2738 uint16* m;
2739 uint16* na;
2740 uint16 nb;
2741 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2742 return(TIFFReadDirEntryErrCount);
2743 err=TIFFReadDirEntryShortArray(tif,direntry,&m);
2744 if (err!=TIFFReadDirEntryErrOk)
2745 return(err);
2746 na=m;
2747 nb=tif->tif_dir.td_samplesperpixel;
2748 *value=*na++;
2749 nb--;
2750 while (nb>0)
2751 {
2752 if (*na++!=*value)
2753 {
2754 err=TIFFReadDirEntryErrPsdif;
2755 break;
2756 }
2757 nb--;
2758 }
2759 _TIFFfree(m);
2760 return(err);
2761 }
2762
2763 #if 0
2764 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2765 {
2766 enum TIFFReadDirEntryErr err;
2767 double* m;
2768 double* na;
2769 uint16 nb;
2770 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2771 return(TIFFReadDirEntryErrCount);
2772 err=TIFFReadDirEntryDoubleArray(tif,direntry,&m);
2773 if (err!=TIFFReadDirEntryErrOk)
2774 return(err);
2775 na=m;
2776 nb=tif->tif_dir.td_samplesperpixel;
2777 *value=*na++;
2778 nb--;
2779 while (nb>0)
2780 {
2781 if (*na++!=*value)
2782 {
2783 err=TIFFReadDirEntryErrPsdif;
2784 break;
2785 }
2786 nb--;
2787 }
2788 _TIFFfree(m);
2789 return(err);
2790 }
2791 #endif
2792
TIFFReadDirEntryCheckedByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)2793 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
2794 {
2795 (void) tif;
2796 *value=*(uint8*)(&direntry->tdir_offset);
2797 }
2798
TIFFReadDirEntryCheckedSbyte(TIFF * tif,TIFFDirEntry * direntry,int8 * value)2799 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value)
2800 {
2801 (void) tif;
2802 *value=*(int8*)(&direntry->tdir_offset);
2803 }
2804
TIFFReadDirEntryCheckedShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2805 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2806 {
2807 *value = direntry->tdir_offset.toff_short;
2808 /* *value=*(uint16*)(&direntry->tdir_offset); */
2809 if (tif->tif_flags&TIFF_SWAB)
2810 TIFFSwabShort(value);
2811 }
2812
TIFFReadDirEntryCheckedSshort(TIFF * tif,TIFFDirEntry * direntry,int16 * value)2813 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value)
2814 {
2815 *value=*(int16*)(&direntry->tdir_offset);
2816 if (tif->tif_flags&TIFF_SWAB)
2817 TIFFSwabShort((uint16*)value);
2818 }
2819
TIFFReadDirEntryCheckedLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)2820 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
2821 {
2822 *value=*(uint32*)(&direntry->tdir_offset);
2823 if (tif->tif_flags&TIFF_SWAB)
2824 TIFFSwabLong(value);
2825 }
2826
TIFFReadDirEntryCheckedSlong(TIFF * tif,TIFFDirEntry * direntry,int32 * value)2827 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value)
2828 {
2829 *value=*(int32*)(&direntry->tdir_offset);
2830 if (tif->tif_flags&TIFF_SWAB)
2831 TIFFSwabLong((uint32*)value);
2832 }
2833
TIFFReadDirEntryCheckedLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)2834 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
2835 {
2836 if (!(tif->tif_flags&TIFF_BIGTIFF))
2837 {
2838 enum TIFFReadDirEntryErr err;
2839 uint32 offset = direntry->tdir_offset.toff_long;
2840 if (tif->tif_flags&TIFF_SWAB)
2841 TIFFSwabLong(&offset);
2842 err=TIFFReadDirEntryData(tif,offset,8,value);
2843 if (err!=TIFFReadDirEntryErrOk)
2844 return(err);
2845 }
2846 else
2847 *value = direntry->tdir_offset.toff_long8;
2848 if (tif->tif_flags&TIFF_SWAB)
2849 TIFFSwabLong8(value);
2850 return(TIFFReadDirEntryErrOk);
2851 }
2852
TIFFReadDirEntryCheckedSlong8(TIFF * tif,TIFFDirEntry * direntry,int64 * value)2853 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value)
2854 {
2855 if (!(tif->tif_flags&TIFF_BIGTIFF))
2856 {
2857 enum TIFFReadDirEntryErr err;
2858 uint32 offset = direntry->tdir_offset.toff_long;
2859 if (tif->tif_flags&TIFF_SWAB)
2860 TIFFSwabLong(&offset);
2861 err=TIFFReadDirEntryData(tif,offset,8,value);
2862 if (err!=TIFFReadDirEntryErrOk)
2863 return(err);
2864 }
2865 else
2866 *value=*(int64*)(&direntry->tdir_offset);
2867 if (tif->tif_flags&TIFF_SWAB)
2868 TIFFSwabLong8((uint64*)value);
2869 return(TIFFReadDirEntryErrOk);
2870 }
2871
TIFFReadDirEntryCheckedRational(TIFF * tif,TIFFDirEntry * direntry,double * value)2872 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2873 {
2874 UInt64Aligned_t m;
2875
2876 assert(sizeof(double)==8);
2877 assert(sizeof(uint64)==8);
2878 assert(sizeof(uint32)==4);
2879 if (!(tif->tif_flags&TIFF_BIGTIFF))
2880 {
2881 enum TIFFReadDirEntryErr err;
2882 uint32 offset = direntry->tdir_offset.toff_long;
2883 if (tif->tif_flags&TIFF_SWAB)
2884 TIFFSwabLong(&offset);
2885 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2886 if (err!=TIFFReadDirEntryErrOk)
2887 return(err);
2888 }
2889 else
2890 m.l = direntry->tdir_offset.toff_long8;
2891 if (tif->tif_flags&TIFF_SWAB)
2892 TIFFSwabArrayOfLong(m.i,2);
2893 if (m.i[0]==0)
2894 *value=0.0;
2895 else
2896 *value=(double)m.i[0]/(double)m.i[1];
2897 return(TIFFReadDirEntryErrOk);
2898 }
2899
TIFFReadDirEntryCheckedSrational(TIFF * tif,TIFFDirEntry * direntry,double * value)2900 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2901 {
2902 UInt64Aligned_t m;
2903 assert(sizeof(double)==8);
2904 assert(sizeof(uint64)==8);
2905 assert(sizeof(int32)==4);
2906 assert(sizeof(uint32)==4);
2907 if (!(tif->tif_flags&TIFF_BIGTIFF))
2908 {
2909 enum TIFFReadDirEntryErr err;
2910 uint32 offset = direntry->tdir_offset.toff_long;
2911 if (tif->tif_flags&TIFF_SWAB)
2912 TIFFSwabLong(&offset);
2913 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2914 if (err!=TIFFReadDirEntryErrOk)
2915 return(err);
2916 }
2917 else
2918 m.l=direntry->tdir_offset.toff_long8;
2919 if (tif->tif_flags&TIFF_SWAB)
2920 TIFFSwabArrayOfLong(m.i,2);
2921 if ((int32)m.i[0]==0)
2922 *value=0.0;
2923 else
2924 *value=(double)((int32)m.i[0])/(double)m.i[1];
2925 return(TIFFReadDirEntryErrOk);
2926 }
2927
TIFFReadDirEntryCheckedFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)2928 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
2929 {
2930 union
2931 {
2932 float f;
2933 uint32 i;
2934 } float_union;
2935 assert(sizeof(float)==4);
2936 assert(sizeof(uint32)==4);
2937 assert(sizeof(float_union)==4);
2938 float_union.i=*(uint32*)(&direntry->tdir_offset);
2939 *value=float_union.f;
2940 if (tif->tif_flags&TIFF_SWAB)
2941 TIFFSwabLong((uint32*)value);
2942 }
2943
TIFFReadDirEntryCheckedDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)2944 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2945 {
2946 assert(sizeof(double)==8);
2947 assert(sizeof(uint64)==8);
2948 assert(sizeof(UInt64Aligned_t)==8);
2949 if (!(tif->tif_flags&TIFF_BIGTIFF))
2950 {
2951 enum TIFFReadDirEntryErr err;
2952 uint32 offset = direntry->tdir_offset.toff_long;
2953 if (tif->tif_flags&TIFF_SWAB)
2954 TIFFSwabLong(&offset);
2955 err=TIFFReadDirEntryData(tif,offset,8,value);
2956 if (err!=TIFFReadDirEntryErrOk)
2957 return(err);
2958 }
2959 else
2960 {
2961 UInt64Aligned_t uint64_union;
2962 uint64_union.l=direntry->tdir_offset.toff_long8;
2963 *value=uint64_union.d;
2964 }
2965 if (tif->tif_flags&TIFF_SWAB)
2966 TIFFSwabLong8((uint64*)value);
2967 return(TIFFReadDirEntryErrOk);
2968 }
2969
TIFFReadDirEntryCheckRangeByteSbyte(int8 value)2970 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value)
2971 {
2972 if (value<0)
2973 return(TIFFReadDirEntryErrRange);
2974 else
2975 return(TIFFReadDirEntryErrOk);
2976 }
2977
TIFFReadDirEntryCheckRangeByteShort(uint16 value)2978 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value)
2979 {
2980 if (value>0xFF)
2981 return(TIFFReadDirEntryErrRange);
2982 else
2983 return(TIFFReadDirEntryErrOk);
2984 }
2985
TIFFReadDirEntryCheckRangeByteSshort(int16 value)2986 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value)
2987 {
2988 if ((value<0)||(value>0xFF))
2989 return(TIFFReadDirEntryErrRange);
2990 else
2991 return(TIFFReadDirEntryErrOk);
2992 }
2993
TIFFReadDirEntryCheckRangeByteLong(uint32 value)2994 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value)
2995 {
2996 if (value>0xFF)
2997 return(TIFFReadDirEntryErrRange);
2998 else
2999 return(TIFFReadDirEntryErrOk);
3000 }
3001
TIFFReadDirEntryCheckRangeByteSlong(int32 value)3002 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value)
3003 {
3004 if ((value<0)||(value>0xFF))
3005 return(TIFFReadDirEntryErrRange);
3006 else
3007 return(TIFFReadDirEntryErrOk);
3008 }
3009
TIFFReadDirEntryCheckRangeByteLong8(uint64 value)3010 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value)
3011 {
3012 if (value>0xFF)
3013 return(TIFFReadDirEntryErrRange);
3014 else
3015 return(TIFFReadDirEntryErrOk);
3016 }
3017
TIFFReadDirEntryCheckRangeByteSlong8(int64 value)3018 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value)
3019 {
3020 if ((value<0)||(value>0xFF))
3021 return(TIFFReadDirEntryErrRange);
3022 else
3023 return(TIFFReadDirEntryErrOk);
3024 }
3025
TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)3026 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)
3027 {
3028 if (value>0x7F)
3029 return(TIFFReadDirEntryErrRange);
3030 else
3031 return(TIFFReadDirEntryErrOk);
3032 }
3033
TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)3034 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)
3035 {
3036 if (value>0x7F)
3037 return(TIFFReadDirEntryErrRange);
3038 else
3039 return(TIFFReadDirEntryErrOk);
3040 }
3041
TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)3042 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)
3043 {
3044 if ((value<-0x80)||(value>0x7F))
3045 return(TIFFReadDirEntryErrRange);
3046 else
3047 return(TIFFReadDirEntryErrOk);
3048 }
3049
TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)3050 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)
3051 {
3052 if (value>0x7F)
3053 return(TIFFReadDirEntryErrRange);
3054 else
3055 return(TIFFReadDirEntryErrOk);
3056 }
3057
TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)3058 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)
3059 {
3060 if ((value<-0x80)||(value>0x7F))
3061 return(TIFFReadDirEntryErrRange);
3062 else
3063 return(TIFFReadDirEntryErrOk);
3064 }
3065
TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)3066 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)
3067 {
3068 if (value>0x7F)
3069 return(TIFFReadDirEntryErrRange);
3070 else
3071 return(TIFFReadDirEntryErrOk);
3072 }
3073
TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)3074 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)
3075 {
3076 if ((value<-0x80)||(value>0x7F))
3077 return(TIFFReadDirEntryErrRange);
3078 else
3079 return(TIFFReadDirEntryErrOk);
3080 }
3081
TIFFReadDirEntryCheckRangeShortSbyte(int8 value)3082 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value)
3083 {
3084 if (value<0)
3085 return(TIFFReadDirEntryErrRange);
3086 else
3087 return(TIFFReadDirEntryErrOk);
3088 }
3089
TIFFReadDirEntryCheckRangeShortSshort(int16 value)3090 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value)
3091 {
3092 if (value<0)
3093 return(TIFFReadDirEntryErrRange);
3094 else
3095 return(TIFFReadDirEntryErrOk);
3096 }
3097
TIFFReadDirEntryCheckRangeShortLong(uint32 value)3098 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value)
3099 {
3100 if (value>0xFFFF)
3101 return(TIFFReadDirEntryErrRange);
3102 else
3103 return(TIFFReadDirEntryErrOk);
3104 }
3105
TIFFReadDirEntryCheckRangeShortSlong(int32 value)3106 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value)
3107 {
3108 if ((value<0)||(value>0xFFFF))
3109 return(TIFFReadDirEntryErrRange);
3110 else
3111 return(TIFFReadDirEntryErrOk);
3112 }
3113
TIFFReadDirEntryCheckRangeShortLong8(uint64 value)3114 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value)
3115 {
3116 if (value>0xFFFF)
3117 return(TIFFReadDirEntryErrRange);
3118 else
3119 return(TIFFReadDirEntryErrOk);
3120 }
3121
TIFFReadDirEntryCheckRangeShortSlong8(int64 value)3122 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value)
3123 {
3124 if ((value<0)||(value>0xFFFF))
3125 return(TIFFReadDirEntryErrRange);
3126 else
3127 return(TIFFReadDirEntryErrOk);
3128 }
3129
TIFFReadDirEntryCheckRangeSshortShort(uint16 value)3130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value)
3131 {
3132 if (value>0x7FFF)
3133 return(TIFFReadDirEntryErrRange);
3134 else
3135 return(TIFFReadDirEntryErrOk);
3136 }
3137
TIFFReadDirEntryCheckRangeSshortLong(uint32 value)3138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value)
3139 {
3140 if (value>0x7FFF)
3141 return(TIFFReadDirEntryErrRange);
3142 else
3143 return(TIFFReadDirEntryErrOk);
3144 }
3145
TIFFReadDirEntryCheckRangeSshortSlong(int32 value)3146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value)
3147 {
3148 if ((value<-0x8000)||(value>0x7FFF))
3149 return(TIFFReadDirEntryErrRange);
3150 else
3151 return(TIFFReadDirEntryErrOk);
3152 }
3153
TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)3154 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)
3155 {
3156 if (value>0x7FFF)
3157 return(TIFFReadDirEntryErrRange);
3158 else
3159 return(TIFFReadDirEntryErrOk);
3160 }
3161
TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)3162 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)
3163 {
3164 if ((value<-0x8000)||(value>0x7FFF))
3165 return(TIFFReadDirEntryErrRange);
3166 else
3167 return(TIFFReadDirEntryErrOk);
3168 }
3169
TIFFReadDirEntryCheckRangeLongSbyte(int8 value)3170 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value)
3171 {
3172 if (value<0)
3173 return(TIFFReadDirEntryErrRange);
3174 else
3175 return(TIFFReadDirEntryErrOk);
3176 }
3177
TIFFReadDirEntryCheckRangeLongSshort(int16 value)3178 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value)
3179 {
3180 if (value<0)
3181 return(TIFFReadDirEntryErrRange);
3182 else
3183 return(TIFFReadDirEntryErrOk);
3184 }
3185
TIFFReadDirEntryCheckRangeLongSlong(int32 value)3186 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value)
3187 {
3188 if (value<0)
3189 return(TIFFReadDirEntryErrRange);
3190 else
3191 return(TIFFReadDirEntryErrOk);
3192 }
3193
3194 /*
3195 * Largest 32-bit unsigned integer value.
3196 */
3197 #if defined(__WIN32__) && defined(_MSC_VER)
3198 # define TIFF_UINT32_MAX 0xFFFFFFFFI64
3199 #else
3200 # define TIFF_UINT32_MAX 0xFFFFFFFFLL
3201 #endif
3202
3203 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongLong8(uint64 value)3204 TIFFReadDirEntryCheckRangeLongLong8(uint64 value)
3205 {
3206 if (value > TIFF_UINT32_MAX)
3207 return(TIFFReadDirEntryErrRange);
3208 else
3209 return(TIFFReadDirEntryErrOk);
3210 }
3211
3212 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongSlong8(int64 value)3213 TIFFReadDirEntryCheckRangeLongSlong8(int64 value)
3214 {
3215 if ((value<0) || (value > TIFF_UINT32_MAX))
3216 return(TIFFReadDirEntryErrRange);
3217 else
3218 return(TIFFReadDirEntryErrOk);
3219 }
3220
3221 #undef TIFF_UINT32_MAX
3222
3223 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong(uint32 value)3224 TIFFReadDirEntryCheckRangeSlongLong(uint32 value)
3225 {
3226 if (value > 0x7FFFFFFFUL)
3227 return(TIFFReadDirEntryErrRange);
3228 else
3229 return(TIFFReadDirEntryErrOk);
3230 }
3231
3232 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)3233 TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)
3234 {
3235 if (value > 0x7FFFFFFFUL)
3236 return(TIFFReadDirEntryErrRange);
3237 else
3238 return(TIFFReadDirEntryErrOk);
3239 }
3240
3241 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)3242 TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)
3243 {
3244 if ((value < 0L-0x80000000L) || (value > 0x7FFFFFFFL))
3245 return(TIFFReadDirEntryErrRange);
3246 else
3247 return(TIFFReadDirEntryErrOk);
3248 }
3249
3250 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)3251 TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)
3252 {
3253 if (value < 0)
3254 return(TIFFReadDirEntryErrRange);
3255 else
3256 return(TIFFReadDirEntryErrOk);
3257 }
3258
3259 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)3260 TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)
3261 {
3262 if (value < 0)
3263 return(TIFFReadDirEntryErrRange);
3264 else
3265 return(TIFFReadDirEntryErrOk);
3266 }
3267
3268 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong(int32 value)3269 TIFFReadDirEntryCheckRangeLong8Slong(int32 value)
3270 {
3271 if (value < 0)
3272 return(TIFFReadDirEntryErrRange);
3273 else
3274 return(TIFFReadDirEntryErrOk);
3275 }
3276
3277 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)3278 TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)
3279 {
3280 if (value < 0)
3281 return(TIFFReadDirEntryErrRange);
3282 else
3283 return(TIFFReadDirEntryErrOk);
3284 }
3285
3286 /*
3287 * Largest 64-bit signed integer value.
3288 */
3289 #if defined(__WIN32__) && defined(_MSC_VER)
3290 # define TIFF_INT64_MAX 0x7FFFFFFFFFFFFFFFI64
3291 #else
3292 # define TIFF_INT64_MAX 0x7FFFFFFFFFFFFFFFLL
3293 #endif
3294
3295 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)3296 TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)
3297 {
3298 if (value > TIFF_INT64_MAX)
3299 return(TIFFReadDirEntryErrRange);
3300 else
3301 return(TIFFReadDirEntryErrOk);
3302 }
3303
3304 #undef TIFF_INT64_MAX
3305
3306 static enum TIFFReadDirEntryErr
TIFFReadDirEntryData(TIFF * tif,uint64 offset,tmsize_t size,void * dest)3307 TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest)
3308 {
3309 assert(size>0);
3310 if (!isMapped(tif)) {
3311 if (!SeekOK(tif,offset))
3312 return(TIFFReadDirEntryErrIo);
3313 if (!ReadOK(tif,dest,size))
3314 return(TIFFReadDirEntryErrIo);
3315 } else {
3316 tmsize_t ma,mb;
3317 ma=(tmsize_t)offset;
3318 mb=ma+size;
3319 if (((uint64)ma!=offset)||(mb<ma)||(mb<size)||(mb>tif->tif_size))
3320 return(TIFFReadDirEntryErrIo);
3321 _TIFFmemcpy(dest,tif->tif_base+ma,size);
3322 }
3323 return(TIFFReadDirEntryErrOk);
3324 }
3325
TIFFReadDirEntryOutputErr(TIFF * tif,enum TIFFReadDirEntryErr err,const char * module,const char * tagname,int recover)3326 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover)
3327 {
3328 if (!recover) {
3329 switch (err) {
3330 case TIFFReadDirEntryErrCount:
3331 TIFFErrorExt(tif->tif_clientdata, module,
3332 "Incorrect count for \"%s\"",
3333 tagname);
3334 break;
3335 case TIFFReadDirEntryErrType:
3336 TIFFErrorExt(tif->tif_clientdata, module,
3337 "Incompatible type for \"%s\"",
3338 tagname);
3339 break;
3340 case TIFFReadDirEntryErrIo:
3341 TIFFErrorExt(tif->tif_clientdata, module,
3342 "IO error during reading of \"%s\"",
3343 tagname);
3344 break;
3345 case TIFFReadDirEntryErrRange:
3346 TIFFErrorExt(tif->tif_clientdata, module,
3347 "Incorrect value for \"%s\"",
3348 tagname);
3349 break;
3350 case TIFFReadDirEntryErrPsdif:
3351 TIFFErrorExt(tif->tif_clientdata, module,
3352 "Cannot handle different values per sample for \"%s\"",
3353 tagname);
3354 break;
3355 case TIFFReadDirEntryErrSizesan:
3356 TIFFErrorExt(tif->tif_clientdata, module,
3357 "Sanity check on size of \"%s\" value failed",
3358 tagname);
3359 break;
3360 case TIFFReadDirEntryErrAlloc:
3361 TIFFErrorExt(tif->tif_clientdata, module,
3362 "Out of memory reading of \"%s\"",
3363 tagname);
3364 break;
3365 default:
3366 assert(0); /* we should never get here */
3367 break;
3368 }
3369 } else {
3370 switch (err) {
3371 case TIFFReadDirEntryErrCount:
3372 TIFFErrorExt(tif->tif_clientdata, module,
3373 "Incorrect count for \"%s\"; tag ignored",
3374 tagname);
3375 break;
3376 case TIFFReadDirEntryErrType:
3377 TIFFWarningExt(tif->tif_clientdata, module,
3378 "Incompatible type for \"%s\"; tag ignored",
3379 tagname);
3380 break;
3381 case TIFFReadDirEntryErrIo:
3382 TIFFWarningExt(tif->tif_clientdata, module,
3383 "IO error during reading of \"%s\"; tag ignored",
3384 tagname);
3385 break;
3386 case TIFFReadDirEntryErrRange:
3387 TIFFWarningExt(tif->tif_clientdata, module,
3388 "Incorrect value for \"%s\"; tag ignored",
3389 tagname);
3390 break;
3391 case TIFFReadDirEntryErrPsdif:
3392 TIFFWarningExt(tif->tif_clientdata, module,
3393 "Cannot handle different values per sample for \"%s\"; tag ignored",
3394 tagname);
3395 break;
3396 case TIFFReadDirEntryErrSizesan:
3397 TIFFWarningExt(tif->tif_clientdata, module,
3398 "Sanity check on size of \"%s\" value failed; tag ignored",
3399 tagname);
3400 break;
3401 case TIFFReadDirEntryErrAlloc:
3402 TIFFWarningExt(tif->tif_clientdata, module,
3403 "Out of memory reading of \"%s\"; tag ignored",
3404 tagname);
3405 break;
3406 default:
3407 assert(0); /* we should never get here */
3408 break;
3409 }
3410 }
3411 }
3412
3413 /*
3414 * Read the next TIFF directory from a file and convert it to the internal
3415 * format. We read directories sequentially.
3416 */
3417 int
TIFFReadDirectory(TIFF * tif)3418 TIFFReadDirectory(TIFF* tif)
3419 {
3420 static const char module[] = "TIFFReadDirectory";
3421 TIFFDirEntry* dir;
3422 uint16 dircount;
3423 TIFFDirEntry* dp;
3424 uint16 di;
3425 const TIFFField* fip;
3426 uint32 fii=FAILED_FII;
3427 toff_t nextdiroff;
3428 tif->tif_diroff=tif->tif_nextdiroff;
3429 if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
3430 return 0; /* last offset or bad offset (IFD looping) */
3431 (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */
3432 tif->tif_curdir++;
3433 nextdiroff = tif->tif_nextdiroff;
3434 dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff);
3435 if (!dircount)
3436 {
3437 TIFFErrorExt(tif->tif_clientdata,module,
3438 "Failed to read directory at offset " TIFF_UINT64_FORMAT,nextdiroff);
3439 return 0;
3440 }
3441 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
3442
3443 /*
3444 * Mark duplicates of any tag to be ignored (bugzilla 1994)
3445 * to avoid certain pathological problems.
3446 */
3447 {
3448 TIFFDirEntry* ma;
3449 uint16 mb;
3450 for (ma=dir, mb=0; mb<dircount; ma++, mb++)
3451 {
3452 TIFFDirEntry* na;
3453 uint16 nb;
3454 for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++)
3455 {
3456 if (ma->tdir_tag==na->tdir_tag)
3457 na->tdir_tag=IGNORE;
3458 }
3459 }
3460 }
3461
3462 tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */
3463 tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */
3464 /* free any old stuff and reinit */
3465 TIFFFreeDirectory(tif);
3466 TIFFDefaultDirectory(tif);
3467 /*
3468 * Electronic Arts writes gray-scale TIFF files
3469 * without a PlanarConfiguration directory entry.
3470 * Thus we setup a default value here, even though
3471 * the TIFF spec says there is no default value.
3472 */
3473 TIFFSetField(tif,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG);
3474 /*
3475 * Setup default value and then make a pass over
3476 * the fields to check type and tag information,
3477 * and to extract info required to size data
3478 * structures. A second pass is made afterwards
3479 * to read in everthing not taken in the first pass.
3480 * But we must process the Compression tag first
3481 * in order to merge in codec-private tag definitions (otherwise
3482 * we may get complaints about unknown tags). However, the
3483 * Compression tag may be dependent on the SamplesPerPixel
3484 * tag value because older TIFF specs permited Compression
3485 * to be written as a SamplesPerPixel-count tag entry.
3486 * Thus if we don't first figure out the correct SamplesPerPixel
3487 * tag value then we may end up ignoring the Compression tag
3488 * value because it has an incorrect count value (if the
3489 * true value of SamplesPerPixel is not 1).
3490 */
3491 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_SAMPLESPERPIXEL);
3492 if (dp)
3493 {
3494 if (!TIFFFetchNormalTag(tif,dp,0))
3495 goto bad;
3496 dp->tdir_tag=IGNORE;
3497 }
3498 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION);
3499 if (dp)
3500 {
3501 /*
3502 * The 5.0 spec says the Compression tag has one value, while
3503 * earlier specs say it has one value per sample. Because of
3504 * this, we accept the tag if one value is supplied with either
3505 * count.
3506 */
3507 uint16 value;
3508 enum TIFFReadDirEntryErr err;
3509 err=TIFFReadDirEntryShort(tif,dp,&value);
3510 if (err==TIFFReadDirEntryErrCount)
3511 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3512 if (err!=TIFFReadDirEntryErrOk)
3513 {
3514 TIFFReadDirEntryOutputErr(tif,err,module,"Compression",0);
3515 goto bad;
3516 }
3517 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value))
3518 goto bad;
3519 dp->tdir_tag=IGNORE;
3520 }
3521 else
3522 {
3523 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,COMPRESSION_NONE))
3524 goto bad;
3525 }
3526 /*
3527 * First real pass over the directory.
3528 */
3529 for (di=0, dp=dir; di<dircount; di++, dp++)
3530 {
3531 if (dp->tdir_tag!=IGNORE)
3532 {
3533 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3534 if (fii == FAILED_FII)
3535 {
3536 TIFFWarningExt(tif->tif_clientdata, module,
3537 "Unknown field with tag %d (0x%x) encountered",
3538 dp->tdir_tag,dp->tdir_tag);
3539 /* the following knowingly leaks the
3540 anonymous field structure */
3541 if (!_TIFFMergeFields(tif,
3542 _TIFFCreateAnonField(tif,
3543 dp->tdir_tag,
3544 (TIFFDataType) dp->tdir_type),
3545 1)) {
3546 TIFFWarningExt(tif->tif_clientdata,
3547 module,
3548 "Registering anonymous field with tag %d (0x%x) failed",
3549 dp->tdir_tag,
3550 dp->tdir_tag);
3551 dp->tdir_tag=IGNORE;
3552 } else {
3553 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3554 assert(fii != FAILED_FII);
3555 }
3556 }
3557 }
3558 if (dp->tdir_tag!=IGNORE)
3559 {
3560 fip=tif->tif_fields[fii];
3561 if (fip->field_bit==FIELD_IGNORE)
3562 dp->tdir_tag=IGNORE;
3563 else
3564 {
3565 switch (dp->tdir_tag)
3566 {
3567 case TIFFTAG_STRIPOFFSETS:
3568 case TIFFTAG_STRIPBYTECOUNTS:
3569 case TIFFTAG_TILEOFFSETS:
3570 case TIFFTAG_TILEBYTECOUNTS:
3571 TIFFSetFieldBit(tif,fip->field_bit);
3572 break;
3573 case TIFFTAG_IMAGEWIDTH:
3574 case TIFFTAG_IMAGELENGTH:
3575 case TIFFTAG_IMAGEDEPTH:
3576 case TIFFTAG_TILELENGTH:
3577 case TIFFTAG_TILEWIDTH:
3578 case TIFFTAG_TILEDEPTH:
3579 case TIFFTAG_PLANARCONFIG:
3580 case TIFFTAG_ROWSPERSTRIP:
3581 case TIFFTAG_EXTRASAMPLES:
3582 if (!TIFFFetchNormalTag(tif,dp,0))
3583 goto bad;
3584 dp->tdir_tag=IGNORE;
3585 break;
3586 }
3587 }
3588 }
3589 }
3590 /*
3591 * XXX: OJPEG hack.
3592 * If a) compression is OJPEG, b) planarconfig tag says it's separate,
3593 * c) strip offsets/bytecounts tag are both present and
3594 * d) both contain exactly one value, then we consistently find
3595 * that the buggy implementation of the buggy compression scheme
3596 * matches contig planarconfig best. So we 'fix-up' the tag here
3597 */
3598 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&&
3599 (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE))
3600 {
3601 if (!_TIFFFillStriles(tif))
3602 goto bad;
3603 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS);
3604 if ((dp!=0)&&(dp->tdir_count==1))
3605 {
3606 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,
3607 TIFFTAG_STRIPBYTECOUNTS);
3608 if ((dp!=0)&&(dp->tdir_count==1))
3609 {
3610 tif->tif_dir.td_planarconfig=PLANARCONFIG_CONTIG;
3611 TIFFWarningExt(tif->tif_clientdata,module,
3612 "Planarconfig tag value assumed incorrect, "
3613 "assuming data is contig instead of chunky");
3614 }
3615 }
3616 }
3617 /*
3618 * Allocate directory structure and setup defaults.
3619 */
3620 if (!TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS))
3621 {
3622 MissingRequired(tif,"ImageLength");
3623 goto bad;
3624 }
3625 /*
3626 * Setup appropriate structures (by strip or by tile)
3627 */
3628 if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
3629 tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif);
3630 tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth;
3631 tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip;
3632 tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth;
3633 tif->tif_flags &= ~TIFF_ISTILED;
3634 } else {
3635 tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif);
3636 tif->tif_flags |= TIFF_ISTILED;
3637 }
3638 if (!tif->tif_dir.td_nstrips) {
3639 TIFFErrorExt(tif->tif_clientdata, module,
3640 "Cannot handle zero number of %s",
3641 isTiled(tif) ? "tiles" : "strips");
3642 goto bad;
3643 }
3644 tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips;
3645 if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)
3646 tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel;
3647 if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) {
3648 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) &&
3649 (isTiled(tif)==0) &&
3650 (tif->tif_dir.td_nstrips==1)) {
3651 /*
3652 * XXX: OJPEG hack.
3653 * If a) compression is OJPEG, b) it's not a tiled TIFF,
3654 * and c) the number of strips is 1,
3655 * then we tolerate the absence of stripoffsets tag,
3656 * because, presumably, all required data is in the
3657 * JpegInterchangeFormat stream.
3658 */
3659 TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS);
3660 } else {
3661 MissingRequired(tif,
3662 isTiled(tif) ? "TileOffsets" : "StripOffsets");
3663 goto bad;
3664 }
3665 }
3666 /*
3667 * Second pass: extract other information.
3668 */
3669 for (di=0, dp=dir; di<dircount; di++, dp++)
3670 {
3671 switch (dp->tdir_tag)
3672 {
3673 case IGNORE:
3674 break;
3675 case TIFFTAG_MINSAMPLEVALUE:
3676 case TIFFTAG_MAXSAMPLEVALUE:
3677 case TIFFTAG_BITSPERSAMPLE:
3678 case TIFFTAG_DATATYPE:
3679 case TIFFTAG_SAMPLEFORMAT:
3680 /*
3681 * The MinSampleValue, MaxSampleValue, BitsPerSample
3682 * DataType and SampleFormat tags are supposed to be
3683 * written as one value/sample, but some vendors
3684 * incorrectly write one value only -- so we accept
3685 * that as well (yech). Other vendors write correct
3686 * value for NumberOfSamples, but incorrect one for
3687 * BitsPerSample and friends, and we will read this
3688 * too.
3689 */
3690 {
3691 uint16 value;
3692 enum TIFFReadDirEntryErr err;
3693 err=TIFFReadDirEntryShort(tif,dp,&value);
3694 if (err==TIFFReadDirEntryErrCount)
3695 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3696 if (err!=TIFFReadDirEntryErrOk)
3697 {
3698 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3699 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3700 goto bad;
3701 }
3702 if (!TIFFSetField(tif,dp->tdir_tag,value))
3703 goto bad;
3704 }
3705 break;
3706 case TIFFTAG_SMINSAMPLEVALUE:
3707 case TIFFTAG_SMAXSAMPLEVALUE:
3708 {
3709
3710 double *data;
3711 enum TIFFReadDirEntryErr err;
3712 uint32 saved_flags;
3713 int m;
3714 if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel)
3715 err = TIFFReadDirEntryErrCount;
3716 else
3717 err = TIFFReadDirEntryDoubleArray(tif, dp, &data);
3718 if (err!=TIFFReadDirEntryErrOk)
3719 {
3720 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3721 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3722 goto bad;
3723 }
3724 saved_flags = tif->tif_flags;
3725 tif->tif_flags |= TIFF_PERSAMPLE;
3726 m = TIFFSetField(tif,dp->tdir_tag,data);
3727 tif->tif_flags = saved_flags;
3728 _TIFFfree(data);
3729 if (!m)
3730 goto bad;
3731 }
3732 break;
3733 case TIFFTAG_STRIPOFFSETS:
3734 case TIFFTAG_TILEOFFSETS:
3735 #if defined(DEFER_STRILE_LOAD)
3736 _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry),
3737 dp, sizeof(TIFFDirEntry) );
3738 #else
3739 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset))
3740 goto bad;
3741 #endif
3742 break;
3743 case TIFFTAG_STRIPBYTECOUNTS:
3744 case TIFFTAG_TILEBYTECOUNTS:
3745 #if defined(DEFER_STRILE_LOAD)
3746 _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry),
3747 dp, sizeof(TIFFDirEntry) );
3748 #else
3749 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount))
3750 goto bad;
3751 #endif
3752 break;
3753 case TIFFTAG_COLORMAP:
3754 case TIFFTAG_TRANSFERFUNCTION:
3755 {
3756 enum TIFFReadDirEntryErr err;
3757 uint32 countpersample;
3758 uint32 countrequired;
3759 uint32 incrementpersample;
3760 uint16* value=NULL;
3761 countpersample=(1L<<tif->tif_dir.td_bitspersample);
3762 if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
3763 {
3764 countrequired=countpersample;
3765 incrementpersample=0;
3766 }
3767 else
3768 {
3769 countrequired=3*countpersample;
3770 incrementpersample=countpersample;
3771 }
3772 if (dp->tdir_count!=(uint64)countrequired)
3773 err=TIFFReadDirEntryErrCount;
3774 else
3775 err=TIFFReadDirEntryShortArray(tif,dp,&value);
3776 if (err!=TIFFReadDirEntryErrOk)
3777 {
3778 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3779 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1);
3780 }
3781 else
3782 {
3783 TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample);
3784 _TIFFfree(value);
3785 }
3786 }
3787 break;
3788 /* BEGIN REV 4.0 COMPATIBILITY */
3789 case TIFFTAG_OSUBFILETYPE:
3790 {
3791 uint16 valueo;
3792 uint32 value;
3793 if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk)
3794 {
3795 switch (valueo)
3796 {
3797 case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break;
3798 case OFILETYPE_PAGE: value=FILETYPE_PAGE; break;
3799 default: value=0; break;
3800 }
3801 if (value!=0)
3802 TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value);
3803 }
3804 }
3805 break;
3806 /* END REV 4.0 COMPATIBILITY */
3807 default:
3808 (void) TIFFFetchNormalTag(tif, dp, TRUE);
3809 break;
3810 }
3811 }
3812 /*
3813 * OJPEG hack:
3814 * - If a) compression is OJPEG, and b) photometric tag is missing,
3815 * then we consistently find that photometric should be YCbCr
3816 * - If a) compression is OJPEG, and b) photometric tag says it's RGB,
3817 * then we consistently find that the buggy implementation of the
3818 * buggy compression scheme matches photometric YCbCr instead.
3819 * - If a) compression is OJPEG, and b) bitspersample tag is missing,
3820 * then we consistently find bitspersample should be 8.
3821 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3822 * and c) photometric is RGB or YCbCr, then we consistently find
3823 * samplesperpixel should be 3
3824 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3825 * and c) photometric is MINISWHITE or MINISBLACK, then we consistently
3826 * find samplesperpixel should be 3
3827 */
3828 if (tif->tif_dir.td_compression==COMPRESSION_OJPEG)
3829 {
3830 if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC))
3831 {
3832 TIFFWarningExt(tif->tif_clientdata, module,
3833 "Photometric tag is missing, assuming data is YCbCr");
3834 if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR))
3835 goto bad;
3836 }
3837 else if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
3838 {
3839 tif->tif_dir.td_photometric=PHOTOMETRIC_YCBCR;
3840 TIFFWarningExt(tif->tif_clientdata, module,
3841 "Photometric tag value assumed incorrect, "
3842 "assuming data is YCbCr instead of RGB");
3843 }
3844 if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE))
3845 {
3846 TIFFWarningExt(tif->tif_clientdata,module,
3847 "BitsPerSample tag is missing, assuming 8 bits per sample");
3848 if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8))
3849 goto bad;
3850 }
3851 if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL))
3852 {
3853 if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
3854 {
3855 TIFFWarningExt(tif->tif_clientdata,module,
3856 "SamplesPerPixel tag is missing, "
3857 "assuming correct SamplesPerPixel value is 3");
3858 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
3859 goto bad;
3860 }
3861 if (tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR)
3862 {
3863 TIFFWarningExt(tif->tif_clientdata,module,
3864 "SamplesPerPixel tag is missing, "
3865 "applying correct SamplesPerPixel value of 3");
3866 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
3867 goto bad;
3868 }
3869 else if ((tif->tif_dir.td_photometric==PHOTOMETRIC_MINISWHITE)
3870 || (tif->tif_dir.td_photometric==PHOTOMETRIC_MINISBLACK))
3871 {
3872 /*
3873 * SamplesPerPixel tag is missing, but is not required
3874 * by spec. Assume correct SamplesPerPixel value of 1.
3875 */
3876 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1))
3877 goto bad;
3878 }
3879 }
3880 }
3881 /*
3882 * Verify Palette image has a Colormap.
3883 */
3884 if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE &&
3885 !TIFFFieldSet(tif, FIELD_COLORMAP)) {
3886 if ( tif->tif_dir.td_bitspersample>=8 && tif->tif_dir.td_samplesperpixel==3)
3887 tif->tif_dir.td_photometric = PHOTOMETRIC_RGB;
3888 else if (tif->tif_dir.td_bitspersample>=8)
3889 tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK;
3890 else {
3891 MissingRequired(tif, "Colormap");
3892 goto bad;
3893 }
3894 }
3895 /*
3896 * OJPEG hack:
3897 * We do no further messing with strip/tile offsets/bytecounts in OJPEG
3898 * TIFFs
3899 */
3900 if (tif->tif_dir.td_compression!=COMPRESSION_OJPEG)
3901 {
3902 /*
3903 * Attempt to deal with a missing StripByteCounts tag.
3904 */
3905 if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) {
3906 /*
3907 * Some manufacturers violate the spec by not giving
3908 * the size of the strips. In this case, assume there
3909 * is one uncompressed strip of data.
3910 */
3911 if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG &&
3912 tif->tif_dir.td_nstrips > 1) ||
3913 (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE &&
3914 tif->tif_dir.td_nstrips != (uint32)tif->tif_dir.td_samplesperpixel)) {
3915 MissingRequired(tif, "StripByteCounts");
3916 goto bad;
3917 }
3918 TIFFWarningExt(tif->tif_clientdata, module,
3919 "TIFF directory is missing required "
3920 "\"StripByteCounts\" field, calculating from imagelength");
3921 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
3922 goto bad;
3923 /*
3924 * Assume we have wrong StripByteCount value (in case
3925 * of single strip) in following cases:
3926 * - it is equal to zero along with StripOffset;
3927 * - it is larger than file itself (in case of uncompressed
3928 * image);
3929 * - it is smaller than the size of the bytes per row
3930 * multiplied on the number of rows. The last case should
3931 * not be checked in the case of writing new image,
3932 * because we may do not know the exact strip size
3933 * until the whole image will be written and directory
3934 * dumped out.
3935 */
3936 #define BYTECOUNTLOOKSBAD \
3937 ( (tif->tif_dir.td_stripbytecount[0] == 0 && tif->tif_dir.td_stripoffset[0] != 0) || \
3938 (tif->tif_dir.td_compression == COMPRESSION_NONE && \
3939 tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) || \
3940 (tif->tif_mode == O_RDONLY && \
3941 tif->tif_dir.td_compression == COMPRESSION_NONE && \
3942 tif->tif_dir.td_stripbytecount[0] < TIFFScanlineSize64(tif) * tif->tif_dir.td_imagelength) )
3943
3944 } else if (tif->tif_dir.td_nstrips == 1
3945 && _TIFFFillStriles(tif)
3946 && tif->tif_dir.td_stripoffset[0] != 0
3947 && BYTECOUNTLOOKSBAD) {
3948 /*
3949 * XXX: Plexus (and others) sometimes give a value of
3950 * zero for a tag when they don't know what the
3951 * correct value is! Try and handle the simple case
3952 * of estimating the size of a one strip image.
3953 */
3954 TIFFWarningExt(tif->tif_clientdata, module,
3955 "Bogus \"StripByteCounts\" field, ignoring and calculating from imagelength");
3956 if(EstimateStripByteCounts(tif, dir, dircount) < 0)
3957 goto bad;
3958
3959 #if !defined(DEFER_STRILE_LOAD)
3960 } else if (tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG
3961 && tif->tif_dir.td_nstrips > 2
3962 && tif->tif_dir.td_compression == COMPRESSION_NONE
3963 && tif->tif_dir.td_stripbytecount[0] != tif->tif_dir.td_stripbytecount[1]
3964 && tif->tif_dir.td_stripbytecount[0] != 0
3965 && tif->tif_dir.td_stripbytecount[1] != 0 ) {
3966 /*
3967 * XXX: Some vendors fill StripByteCount array with
3968 * absolutely wrong values (it can be equal to
3969 * StripOffset array, for example). Catch this case
3970 * here.
3971 *
3972 * We avoid this check if deferring strile loading
3973 * as it would always force us to load the strip/tile
3974 * information.
3975 */
3976 TIFFWarningExt(tif->tif_clientdata, module,
3977 "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength");
3978 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
3979 goto bad;
3980 #endif /* !defined(DEFER_STRILE_LOAD) */
3981 }
3982 }
3983 if (dir)
3984 {
3985 _TIFFfree(dir);
3986 dir=NULL;
3987 }
3988 if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE))
3989 {
3990 if (tif->tif_dir.td_bitspersample>=16)
3991 tif->tif_dir.td_maxsamplevalue=0xFFFF;
3992 else
3993 tif->tif_dir.td_maxsamplevalue = (uint16)((1L<<tif->tif_dir.td_bitspersample)-1);
3994 }
3995 /*
3996 * XXX: We can optimize checking for the strip bounds using the sorted
3997 * bytecounts array. See also comments for TIFFAppendToStrip()
3998 * function in tif_write.c.
3999 */
4000 #if !defined(DEFER_STRILE_LOAD)
4001 if (tif->tif_dir.td_nstrips > 1) {
4002 uint32 strip;
4003
4004 tif->tif_dir.td_stripbytecountsorted = 1;
4005 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
4006 if (tif->tif_dir.td_stripoffset[strip - 1] >
4007 tif->tif_dir.td_stripoffset[strip]) {
4008 tif->tif_dir.td_stripbytecountsorted = 0;
4009 break;
4010 }
4011 }
4012 }
4013 #endif /* !defined(DEFER_STRILE_LOAD) */
4014
4015 /*
4016 * An opportunity for compression mode dependent tag fixup
4017 */
4018 (*tif->tif_fixuptags)(tif);
4019
4020 /*
4021 * Some manufacturers make life difficult by writing
4022 * large amounts of uncompressed data as a single strip.
4023 * This is contrary to the recommendations of the spec.
4024 * The following makes an attempt at breaking such images
4025 * into strips closer to the recommended 8k bytes. A
4026 * side effect, however, is that the RowsPerStrip tag
4027 * value may be changed.
4028 */
4029 if ((tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&&
4030 (tif->tif_dir.td_nstrips==1)&&
4031 (tif->tif_dir.td_compression==COMPRESSION_NONE)&&
4032 ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP))
4033 {
4034 if ( !_TIFFFillStriles(tif) || !tif->tif_dir.td_stripbytecount )
4035 return 0;
4036 ChopUpSingleUncompressedStrip(tif);
4037 }
4038
4039 /*
4040 * Clear the dirty directory flag.
4041 */
4042 tif->tif_flags &= ~TIFF_DIRTYDIRECT;
4043 tif->tif_flags &= ~TIFF_DIRTYSTRIP;
4044
4045 /*
4046 * Reinitialize i/o since we are starting on a new directory.
4047 */
4048 tif->tif_row = (uint32) -1;
4049 tif->tif_curstrip = (uint32) -1;
4050 tif->tif_col = (uint32) -1;
4051 tif->tif_curtile = (uint32) -1;
4052 tif->tif_tilesize = (tmsize_t) -1;
4053
4054 tif->tif_scanlinesize = TIFFScanlineSize(tif);
4055 if (!tif->tif_scanlinesize) {
4056 TIFFErrorExt(tif->tif_clientdata, module,
4057 "Cannot handle zero scanline size");
4058 return (0);
4059 }
4060
4061 if (isTiled(tif)) {
4062 tif->tif_tilesize = TIFFTileSize(tif);
4063 if (!tif->tif_tilesize) {
4064 TIFFErrorExt(tif->tif_clientdata, module,
4065 "Cannot handle zero tile size");
4066 return (0);
4067 }
4068 } else {
4069 if (!TIFFStripSize(tif)) {
4070 TIFFErrorExt(tif->tif_clientdata, module,
4071 "Cannot handle zero strip size");
4072 return (0);
4073 }
4074 }
4075 return (1);
4076 bad:
4077 if (dir)
4078 _TIFFfree(dir);
4079 return (0);
4080 }
4081
4082 static void
TIFFReadDirectoryCheckOrder(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4083 TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4084 {
4085 static const char module[] = "TIFFReadDirectoryCheckOrder";
4086 uint16 m;
4087 uint16 n;
4088 TIFFDirEntry* o;
4089 m=0;
4090 for (n=0, o=dir; n<dircount; n++, o++)
4091 {
4092 if (o->tdir_tag<m)
4093 {
4094 TIFFWarningExt(tif->tif_clientdata,module,
4095 "Invalid TIFF directory; tags are not sorted in ascending order");
4096 break;
4097 }
4098 m=o->tdir_tag+1;
4099 }
4100 }
4101
4102 static TIFFDirEntry*
TIFFReadDirectoryFindEntry(TIFF * tif,TIFFDirEntry * dir,uint16 dircount,uint16 tagid)4103 TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid)
4104 {
4105 TIFFDirEntry* m;
4106 uint16 n;
4107 (void) tif;
4108 for (m=dir, n=0; n<dircount; m++, n++)
4109 {
4110 if (m->tdir_tag==tagid)
4111 return(m);
4112 }
4113 return(0);
4114 }
4115
4116 static void
TIFFReadDirectoryFindFieldInfo(TIFF * tif,uint16 tagid,uint32 * fii)4117 TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii)
4118 {
4119 int32 ma,mb,mc;
4120 ma=-1;
4121 mc=(int32)tif->tif_nfields;
4122 while (1)
4123 {
4124 if (ma+1==mc)
4125 {
4126 *fii = FAILED_FII;
4127 return;
4128 }
4129 mb=(ma+mc)/2;
4130 if (tif->tif_fields[mb]->field_tag==(uint32)tagid)
4131 break;
4132 if (tif->tif_fields[mb]->field_tag<(uint32)tagid)
4133 ma=mb;
4134 else
4135 mc=mb;
4136 }
4137 while (1)
4138 {
4139 if (mb==0)
4140 break;
4141 if (tif->tif_fields[mb-1]->field_tag!=(uint32)tagid)
4142 break;
4143 mb--;
4144 }
4145 *fii=mb;
4146 }
4147
4148 /*
4149 * Read custom directory from the arbitarry offset.
4150 * The code is very similar to TIFFReadDirectory().
4151 */
4152 int
TIFFReadCustomDirectory(TIFF * tif,toff_t diroff,const TIFFFieldArray * infoarray)4153 TIFFReadCustomDirectory(TIFF* tif, toff_t diroff,
4154 const TIFFFieldArray* infoarray)
4155 {
4156 static const char module[] = "TIFFReadCustomDirectory";
4157 TIFFDirEntry* dir;
4158 uint16 dircount;
4159 TIFFDirEntry* dp;
4160 uint16 di;
4161 const TIFFField* fip;
4162 uint32 fii;
4163 _TIFFSetupFields(tif, infoarray);
4164 dircount=TIFFFetchDirectory(tif,diroff,&dir,NULL);
4165 if (!dircount)
4166 {
4167 TIFFErrorExt(tif->tif_clientdata,module,
4168 "Failed to read custom directory at offset " TIFF_UINT64_FORMAT,diroff);
4169 return 0;
4170 }
4171 TIFFFreeDirectory(tif);
4172 _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory));
4173 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
4174 for (di=0, dp=dir; di<dircount; di++, dp++)
4175 {
4176 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4177 if (fii == FAILED_FII)
4178 {
4179 TIFFWarningExt(tif->tif_clientdata, module,
4180 "Unknown field with tag %d (0x%x) encountered",
4181 dp->tdir_tag, dp->tdir_tag);
4182 if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif,
4183 dp->tdir_tag,
4184 (TIFFDataType) dp->tdir_type),
4185 1)) {
4186 TIFFWarningExt(tif->tif_clientdata, module,
4187 "Registering anonymous field with tag %d (0x%x) failed",
4188 dp->tdir_tag, dp->tdir_tag);
4189 dp->tdir_tag=IGNORE;
4190 } else {
4191 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4192 assert( fii != FAILED_FII );
4193 }
4194 }
4195 if (dp->tdir_tag!=IGNORE)
4196 {
4197 fip=tif->tif_fields[fii];
4198 if (fip->field_bit==FIELD_IGNORE)
4199 dp->tdir_tag=IGNORE;
4200 else
4201 {
4202 /* check data type */
4203 while ((fip->field_type!=TIFF_ANY)&&(fip->field_type!=dp->tdir_type))
4204 {
4205 fii++;
4206 if ((fii==tif->tif_nfields)||
4207 (tif->tif_fields[fii]->field_tag!=(uint32)dp->tdir_tag))
4208 {
4209 fii=0xFFFF;
4210 break;
4211 }
4212 fip=tif->tif_fields[fii];
4213 }
4214 if (fii==0xFFFF)
4215 {
4216 TIFFWarningExt(tif->tif_clientdata, module,
4217 "Wrong data type %d for \"%s\"; tag ignored",
4218 dp->tdir_type,fip->field_name);
4219 dp->tdir_tag=IGNORE;
4220 }
4221 else
4222 {
4223 /* check count if known in advance */
4224 if ((fip->field_readcount!=TIFF_VARIABLE)&&
4225 (fip->field_readcount!=TIFF_VARIABLE2))
4226 {
4227 uint32 expected;
4228 if (fip->field_readcount==TIFF_SPP)
4229 expected=(uint32)tif->tif_dir.td_samplesperpixel;
4230 else
4231 expected=(uint32)fip->field_readcount;
4232 if (!CheckDirCount(tif,dp,expected))
4233 dp->tdir_tag=IGNORE;
4234 }
4235 }
4236 }
4237 switch (dp->tdir_tag)
4238 {
4239 case IGNORE:
4240 break;
4241 case EXIFTAG_SUBJECTDISTANCE:
4242 (void) TIFFFetchSubjectDistance(tif,dp);
4243 break;
4244 default:
4245 (void) TIFFFetchNormalTag(tif, dp, TRUE);
4246 break;
4247 }
4248 }
4249 }
4250 if (dir)
4251 _TIFFfree(dir);
4252 return 1;
4253 }
4254
4255 /*
4256 * EXIF is important special case of custom IFD, so we have a special
4257 * function to read it.
4258 */
4259 int
TIFFReadEXIFDirectory(TIFF * tif,toff_t diroff)4260 TIFFReadEXIFDirectory(TIFF* tif, toff_t diroff)
4261 {
4262 const TIFFFieldArray* exifFieldArray;
4263 exifFieldArray = _TIFFGetExifFields();
4264 return TIFFReadCustomDirectory(tif, diroff, exifFieldArray);
4265 }
4266
4267 static int
EstimateStripByteCounts(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4268 EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4269 {
4270 static const char module[] = "EstimateStripByteCounts";
4271
4272 TIFFDirEntry *dp;
4273 TIFFDirectory *td = &tif->tif_dir;
4274 uint32 strip;
4275
4276 _TIFFFillStriles( tif );
4277
4278 if (td->td_stripbytecount)
4279 _TIFFfree(td->td_stripbytecount);
4280 td->td_stripbytecount = (uint64*)
4281 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
4282 "for \"StripByteCounts\" array");
4283 if( td->td_stripbytecount == NULL )
4284 return -1;
4285
4286 if (td->td_compression != COMPRESSION_NONE) {
4287 uint64 space;
4288 uint64 filesize;
4289 uint16 n;
4290 filesize = TIFFGetFileSize(tif);
4291 if (!(tif->tif_flags&TIFF_BIGTIFF))
4292 space=sizeof(TIFFHeaderClassic)+2+dircount*12+4;
4293 else
4294 space=sizeof(TIFFHeaderBig)+8+dircount*20+8;
4295 /* calculate amount of space used by indirect values */
4296 for (dp = dir, n = dircount; n > 0; n--, dp++)
4297 {
4298 uint32 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4299 uint64 datasize;
4300 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4301 if (typewidth == 0) {
4302 TIFFErrorExt(tif->tif_clientdata, module,
4303 "Cannot determine size of unknown tag type %d",
4304 dp->tdir_type);
4305 return -1;
4306 }
4307 datasize=(uint64)typewidth*dp->tdir_count;
4308 if (!(tif->tif_flags&TIFF_BIGTIFF))
4309 {
4310 if (datasize<=4)
4311 datasize=0;
4312 }
4313 else
4314 {
4315 if (datasize<=8)
4316 datasize=0;
4317 }
4318 space+=datasize;
4319 }
4320 space = filesize - space;
4321 if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
4322 space /= td->td_samplesperpixel;
4323 for (strip = 0; strip < td->td_nstrips; strip++)
4324 td->td_stripbytecount[strip] = space;
4325 /*
4326 * This gross hack handles the case were the offset to
4327 * the last strip is past the place where we think the strip
4328 * should begin. Since a strip of data must be contiguous,
4329 * it's safe to assume that we've overestimated the amount
4330 * of data in the strip and trim this number back accordingly.
4331 */
4332 strip--;
4333 if (td->td_stripoffset[strip]+td->td_stripbytecount[strip] > filesize)
4334 td->td_stripbytecount[strip] = filesize - td->td_stripoffset[strip];
4335 } else if (isTiled(tif)) {
4336 uint64 bytespertile = TIFFTileSize64(tif);
4337
4338 for (strip = 0; strip < td->td_nstrips; strip++)
4339 td->td_stripbytecount[strip] = bytespertile;
4340 } else {
4341 uint64 rowbytes = TIFFScanlineSize64(tif);
4342 uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage;
4343 for (strip = 0; strip < td->td_nstrips; strip++)
4344 td->td_stripbytecount[strip] = rowbytes * rowsperstrip;
4345 }
4346 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS);
4347 if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP))
4348 td->td_rowsperstrip = td->td_imagelength;
4349 return 1;
4350 }
4351
4352 static void
MissingRequired(TIFF * tif,const char * tagname)4353 MissingRequired(TIFF* tif, const char* tagname)
4354 {
4355 static const char module[] = "MissingRequired";
4356
4357 TIFFErrorExt(tif->tif_clientdata, module,
4358 "TIFF directory is missing required \"%s\" field",
4359 tagname);
4360 }
4361
4362 /*
4363 * Check the directory offset against the list of already seen directory
4364 * offsets. This is a trick to prevent IFD looping. The one can create TIFF
4365 * file with looped directory pointers. We will maintain a list of already
4366 * seen directories and check every IFD offset against that list.
4367 */
4368 static int
TIFFCheckDirOffset(TIFF * tif,uint64 diroff)4369 TIFFCheckDirOffset(TIFF* tif, uint64 diroff)
4370 {
4371 uint16 n;
4372
4373 if (diroff == 0) /* no more directories */
4374 return 0;
4375
4376 for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) {
4377 if (tif->tif_dirlist[n] == diroff)
4378 return 0;
4379 }
4380
4381 tif->tif_dirnumber++;
4382
4383 if (tif->tif_dirnumber > tif->tif_dirlistsize) {
4384 uint64* new_dirlist;
4385
4386 /*
4387 * XXX: Reduce memory allocation granularity of the dirlist
4388 * array.
4389 */
4390 new_dirlist = (uint64*)_TIFFCheckRealloc(tif, tif->tif_dirlist,
4391 tif->tif_dirnumber, 2 * sizeof(uint64), "for IFD list");
4392 if (!new_dirlist)
4393 return 0;
4394 tif->tif_dirlistsize = 2 * tif->tif_dirnumber;
4395 tif->tif_dirlist = new_dirlist;
4396 }
4397
4398 tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff;
4399
4400 return 1;
4401 }
4402
4403 /*
4404 * Check the count field of a directory entry against a known value. The
4405 * caller is expected to skip/ignore the tag if there is a mismatch.
4406 */
4407 static int
CheckDirCount(TIFF * tif,TIFFDirEntry * dir,uint32 count)4408 CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count)
4409 {
4410 if ((uint64)count > dir->tdir_count) {
4411 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4412 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4413 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag ignored",
4414 fip ? fip->field_name : "unknown tagname",
4415 dir->tdir_count, count);
4416 return (0);
4417 } else if ((uint64)count < dir->tdir_count) {
4418 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4419 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4420 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag trimmed",
4421 fip ? fip->field_name : "unknown tagname",
4422 dir->tdir_count, count);
4423 dir->tdir_count = count;
4424 return (1);
4425 }
4426 return (1);
4427 }
4428
4429 /*
4430 * Read IFD structure from the specified offset. If the pointer to
4431 * nextdiroff variable has been specified, read it too. Function returns a
4432 * number of fields in the directory or 0 if failed.
4433 */
4434 static uint16
TIFFFetchDirectory(TIFF * tif,uint64 diroff,TIFFDirEntry ** pdir,uint64 * nextdiroff)4435 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
4436 uint64 *nextdiroff)
4437 {
4438 static const char module[] = "TIFFFetchDirectory";
4439
4440 void* origdir;
4441 uint16 dircount16;
4442 uint32 dirsize;
4443 TIFFDirEntry* dir;
4444 uint8* ma;
4445 TIFFDirEntry* mb;
4446 uint16 n;
4447
4448 assert(pdir);
4449
4450 tif->tif_diroff = diroff;
4451 if (nextdiroff)
4452 *nextdiroff = 0;
4453 if (!isMapped(tif)) {
4454 if (!SeekOK(tif, tif->tif_diroff)) {
4455 TIFFErrorExt(tif->tif_clientdata, module,
4456 "%s: Seek error accessing TIFF directory",
4457 tif->tif_name);
4458 return 0;
4459 }
4460 if (!(tif->tif_flags&TIFF_BIGTIFF))
4461 {
4462 if (!ReadOK(tif, &dircount16, sizeof (uint16))) {
4463 TIFFErrorExt(tif->tif_clientdata, module,
4464 "%s: Can not read TIFF directory count",
4465 tif->tif_name);
4466 return 0;
4467 }
4468 if (tif->tif_flags & TIFF_SWAB)
4469 TIFFSwabShort(&dircount16);
4470 if (dircount16>4096)
4471 {
4472 TIFFErrorExt(tif->tif_clientdata, module,
4473 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4474 return 0;
4475 }
4476 dirsize = 12;
4477 } else {
4478 uint64 dircount64;
4479 if (!ReadOK(tif, &dircount64, sizeof (uint64))) {
4480 TIFFErrorExt(tif->tif_clientdata, module,
4481 "%s: Can not read TIFF directory count",
4482 tif->tif_name);
4483 return 0;
4484 }
4485 if (tif->tif_flags & TIFF_SWAB)
4486 TIFFSwabLong8(&dircount64);
4487 if (dircount64>4096)
4488 {
4489 TIFFErrorExt(tif->tif_clientdata, module,
4490 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4491 return 0;
4492 }
4493 dircount16 = (uint16)dircount64;
4494 dirsize = 20;
4495 }
4496 origdir = _TIFFCheckMalloc(tif, dircount16,
4497 dirsize, "to read TIFF directory");
4498 if (origdir == NULL)
4499 return 0;
4500 if (!ReadOK(tif, origdir, (tmsize_t)(dircount16*dirsize))) {
4501 TIFFErrorExt(tif->tif_clientdata, module,
4502 "%.100s: Can not read TIFF directory",
4503 tif->tif_name);
4504 _TIFFfree(origdir);
4505 return 0;
4506 }
4507 /*
4508 * Read offset to next directory for sequential scans if
4509 * needed.
4510 */
4511 if (nextdiroff)
4512 {
4513 if (!(tif->tif_flags&TIFF_BIGTIFF))
4514 {
4515 uint32 nextdiroff32;
4516 if (!ReadOK(tif, &nextdiroff32, sizeof(uint32)))
4517 nextdiroff32 = 0;
4518 if (tif->tif_flags&TIFF_SWAB)
4519 TIFFSwabLong(&nextdiroff32);
4520 *nextdiroff=nextdiroff32;
4521 } else {
4522 if (!ReadOK(tif, nextdiroff, sizeof(uint64)))
4523 *nextdiroff = 0;
4524 if (tif->tif_flags&TIFF_SWAB)
4525 TIFFSwabLong8(nextdiroff);
4526 }
4527 }
4528 } else {
4529 tmsize_t m;
4530 tmsize_t off = (tmsize_t) tif->tif_diroff;
4531 if ((uint64)off!=tif->tif_diroff)
4532 {
4533 TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count");
4534 return(0);
4535 }
4536
4537 /*
4538 * Check for integer overflow when validating the dir_off,
4539 * otherwise a very high offset may cause an OOB read and
4540 * crash the client. Make two comparisons instead of
4541 *
4542 * off + sizeof(uint16) > tif->tif_size
4543 *
4544 * to avoid overflow.
4545 */
4546 if (!(tif->tif_flags&TIFF_BIGTIFF))
4547 {
4548 m=off+sizeof(uint16);
4549 if ((m<off)||(m<(tmsize_t)sizeof(uint16))||(m>tif->tif_size)) {
4550 TIFFErrorExt(tif->tif_clientdata, module,
4551 "Can not read TIFF directory count");
4552 return 0;
4553 } else {
4554 _TIFFmemcpy(&dircount16, tif->tif_base + off,
4555 sizeof(uint16));
4556 }
4557 off += sizeof (uint16);
4558 if (tif->tif_flags & TIFF_SWAB)
4559 TIFFSwabShort(&dircount16);
4560 if (dircount16>4096)
4561 {
4562 TIFFErrorExt(tif->tif_clientdata, module,
4563 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4564 return 0;
4565 }
4566 dirsize = 12;
4567 }
4568 else
4569 {
4570 tmsize_t m;
4571 uint64 dircount64;
4572 m=off+sizeof(uint64);
4573 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size)) {
4574 TIFFErrorExt(tif->tif_clientdata, module,
4575 "Can not read TIFF directory count");
4576 return 0;
4577 } else {
4578 _TIFFmemcpy(&dircount64, tif->tif_base + off,
4579 sizeof(uint64));
4580 }
4581 off += sizeof (uint64);
4582 if (tif->tif_flags & TIFF_SWAB)
4583 TIFFSwabLong8(&dircount64);
4584 if (dircount64>4096)
4585 {
4586 TIFFErrorExt(tif->tif_clientdata, module,
4587 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4588 return 0;
4589 }
4590 dircount16 = (uint16)dircount64;
4591 dirsize = 20;
4592 }
4593 if (dircount16 == 0 )
4594 {
4595 TIFFErrorExt(tif->tif_clientdata, module,
4596 "Sanity check on directory count failed, zero tag directories not supported");
4597 return 0;
4598 }
4599 origdir = _TIFFCheckMalloc(tif, dircount16,
4600 dirsize,
4601 "to read TIFF directory");
4602 if (origdir == NULL)
4603 return 0;
4604 m=off+dircount16*dirsize;
4605 if ((m<off)||(m<(tmsize_t)(dircount16*dirsize))||(m>tif->tif_size)) {
4606 TIFFErrorExt(tif->tif_clientdata, module,
4607 "Can not read TIFF directory");
4608 _TIFFfree(origdir);
4609 return 0;
4610 } else {
4611 _TIFFmemcpy(origdir, tif->tif_base + off,
4612 dircount16 * dirsize);
4613 }
4614 if (nextdiroff) {
4615 off += dircount16 * dirsize;
4616 if (!(tif->tif_flags&TIFF_BIGTIFF))
4617 {
4618 uint32 nextdiroff32;
4619 m=off+sizeof(uint32);
4620 if ((m<off)||(m<(tmsize_t)sizeof(uint32))||(m>tif->tif_size))
4621 nextdiroff32 = 0;
4622 else
4623 _TIFFmemcpy(&nextdiroff32, tif->tif_base + off,
4624 sizeof (uint32));
4625 if (tif->tif_flags&TIFF_SWAB)
4626 TIFFSwabLong(&nextdiroff32);
4627 *nextdiroff = nextdiroff32;
4628 }
4629 else
4630 {
4631 m=off+sizeof(uint64);
4632 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size))
4633 *nextdiroff = 0;
4634 else
4635 _TIFFmemcpy(nextdiroff, tif->tif_base + off,
4636 sizeof (uint64));
4637 if (tif->tif_flags&TIFF_SWAB)
4638 TIFFSwabLong8(nextdiroff);
4639 }
4640 }
4641 }
4642 dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16,
4643 sizeof(TIFFDirEntry),
4644 "to read TIFF directory");
4645 if (dir==0)
4646 {
4647 _TIFFfree(origdir);
4648 return 0;
4649 }
4650 ma=(uint8*)origdir;
4651 mb=dir;
4652 for (n=0; n<dircount16; n++)
4653 {
4654 if (tif->tif_flags&TIFF_SWAB)
4655 TIFFSwabShort((uint16*)ma);
4656 mb->tdir_tag=*(uint16*)ma;
4657 ma+=sizeof(uint16);
4658 if (tif->tif_flags&TIFF_SWAB)
4659 TIFFSwabShort((uint16*)ma);
4660 mb->tdir_type=*(uint16*)ma;
4661 ma+=sizeof(uint16);
4662 if (!(tif->tif_flags&TIFF_BIGTIFF))
4663 {
4664 if (tif->tif_flags&TIFF_SWAB)
4665 TIFFSwabLong((uint32*)ma);
4666 mb->tdir_count=(uint64)(*(uint32*)ma);
4667 ma+=sizeof(uint32);
4668 *(uint32*)(&mb->tdir_offset)=*(uint32*)ma;
4669 ma+=sizeof(uint32);
4670 }
4671 else
4672 {
4673 if (tif->tif_flags&TIFF_SWAB)
4674 TIFFSwabLong8((uint64*)ma);
4675 mb->tdir_count=TIFFReadUInt64(ma);
4676 ma+=sizeof(uint64);
4677 mb->tdir_offset.toff_long8=TIFFReadUInt64(ma);
4678 ma+=sizeof(uint64);
4679 }
4680 mb++;
4681 }
4682 _TIFFfree(origdir);
4683 *pdir = dir;
4684 return dircount16;
4685 }
4686
4687 /*
4688 * Fetch a tag that is not handled by special case code.
4689 */
4690 static int
TIFFFetchNormalTag(TIFF * tif,TIFFDirEntry * dp,int recover)4691 TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
4692 {
4693 static const char module[] = "TIFFFetchNormalTag";
4694 enum TIFFReadDirEntryErr err;
4695 uint32 fii;
4696 const TIFFField* fip = NULL;
4697 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4698 if( fii == FAILED_FII )
4699 {
4700 TIFFErrorExt(tif->tif_clientdata, "TIFFFetchNormalTag",
4701 "No definition found for tag %d",
4702 dp->tdir_tag);
4703 return 0;
4704 }
4705 fip=tif->tif_fields[fii];
4706 assert(fip->set_field_type!=TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with this in specialized code */
4707 assert(fip->set_field_type!=TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only the case for pseudo-tags */
4708 err=TIFFReadDirEntryErrOk;
4709 switch (fip->set_field_type)
4710 {
4711 case TIFF_SETGET_UNDEFINED:
4712 break;
4713 case TIFF_SETGET_ASCII:
4714 {
4715 uint8* data;
4716 assert(fip->field_passcount==0);
4717 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4718 if (err==TIFFReadDirEntryErrOk)
4719 {
4720 uint8* ma;
4721 uint32 mb;
4722 int n;
4723 ma=data;
4724 mb=0;
4725 while (mb<(uint32)dp->tdir_count)
4726 {
4727 if (*ma==0)
4728 break;
4729 ma++;
4730 mb++;
4731 }
4732 if (mb+1<(uint32)dp->tdir_count)
4733 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" contains null byte in value; value incorrectly truncated during reading due to implementation limitations",fip->field_name);
4734 else if (mb+1>(uint32)dp->tdir_count)
4735 {
4736 uint8* o;
4737 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte",fip->field_name);
4738 if ((uint32)dp->tdir_count+1!=dp->tdir_count+1)
4739 o=NULL;
4740 else
4741 o=_TIFFmalloc((uint32)dp->tdir_count+1);
4742 if (o==NULL)
4743 {
4744 if (data!=NULL)
4745 _TIFFfree(data);
4746 return(0);
4747 }
4748 _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
4749 o[(uint32)dp->tdir_count]=0;
4750 if (data!=0)
4751 _TIFFfree(data);
4752 data=o;
4753 }
4754 n=TIFFSetField(tif,dp->tdir_tag,data);
4755 if (data!=0)
4756 _TIFFfree(data);
4757 if (!n)
4758 return(0);
4759 }
4760 }
4761 break;
4762 case TIFF_SETGET_UINT8:
4763 {
4764 uint8 data;
4765 assert(fip->field_readcount==1);
4766 assert(fip->field_passcount==0);
4767 err=TIFFReadDirEntryByte(tif,dp,&data);
4768 if (err==TIFFReadDirEntryErrOk)
4769 {
4770 if (!TIFFSetField(tif,dp->tdir_tag,data))
4771 return(0);
4772 }
4773 }
4774 break;
4775 case TIFF_SETGET_UINT16:
4776 {
4777 uint16 data;
4778 assert(fip->field_readcount==1);
4779 assert(fip->field_passcount==0);
4780 err=TIFFReadDirEntryShort(tif,dp,&data);
4781 if (err==TIFFReadDirEntryErrOk)
4782 {
4783 if (!TIFFSetField(tif,dp->tdir_tag,data))
4784 return(0);
4785 }
4786 }
4787 break;
4788 case TIFF_SETGET_UINT32:
4789 {
4790 uint32 data;
4791 assert(fip->field_readcount==1);
4792 assert(fip->field_passcount==0);
4793 err=TIFFReadDirEntryLong(tif,dp,&data);
4794 if (err==TIFFReadDirEntryErrOk)
4795 {
4796 if (!TIFFSetField(tif,dp->tdir_tag,data))
4797 return(0);
4798 }
4799 }
4800 break;
4801 case TIFF_SETGET_UINT64:
4802 {
4803 uint64 data;
4804 assert(fip->field_readcount==1);
4805 assert(fip->field_passcount==0);
4806 err=TIFFReadDirEntryLong8(tif,dp,&data);
4807 if (err==TIFFReadDirEntryErrOk)
4808 {
4809 if (!TIFFSetField(tif,dp->tdir_tag,data))
4810 return(0);
4811 }
4812 }
4813 break;
4814 case TIFF_SETGET_FLOAT:
4815 {
4816 float data;
4817 assert(fip->field_readcount==1);
4818 assert(fip->field_passcount==0);
4819 err=TIFFReadDirEntryFloat(tif,dp,&data);
4820 if (err==TIFFReadDirEntryErrOk)
4821 {
4822 if (!TIFFSetField(tif,dp->tdir_tag,data))
4823 return(0);
4824 }
4825 }
4826 break;
4827 case TIFF_SETGET_DOUBLE:
4828 {
4829 double data;
4830 assert(fip->field_readcount==1);
4831 assert(fip->field_passcount==0);
4832 err=TIFFReadDirEntryDouble(tif,dp,&data);
4833 if (err==TIFFReadDirEntryErrOk)
4834 {
4835 if (!TIFFSetField(tif,dp->tdir_tag,data))
4836 return(0);
4837 }
4838 }
4839 break;
4840 case TIFF_SETGET_IFD8:
4841 {
4842 uint64 data;
4843 assert(fip->field_readcount==1);
4844 assert(fip->field_passcount==0);
4845 err=TIFFReadDirEntryIfd8(tif,dp,&data);
4846 if (err==TIFFReadDirEntryErrOk)
4847 {
4848 if (!TIFFSetField(tif,dp->tdir_tag,data))
4849 return(0);
4850 }
4851 }
4852 break;
4853 case TIFF_SETGET_UINT16_PAIR:
4854 {
4855 uint16* data;
4856 assert(fip->field_readcount==2);
4857 assert(fip->field_passcount==0);
4858 if (dp->tdir_count!=2)
4859 return(0);
4860 err=TIFFReadDirEntryShortArray(tif,dp,&data);
4861 if (err==TIFFReadDirEntryErrOk)
4862 {
4863 int m;
4864 m=TIFFSetField(tif,dp->tdir_tag,data[0],data[1]);
4865 _TIFFfree(data);
4866 if (!m)
4867 return(0);
4868 }
4869 }
4870 break;
4871 case TIFF_SETGET_C0_UINT8:
4872 {
4873 uint8* data;
4874 assert(fip->field_readcount>=1);
4875 assert(fip->field_passcount==0);
4876 if (dp->tdir_count!=(uint64)fip->field_readcount)
4877 /* corrupt file */;
4878 else
4879 {
4880 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4881 if (err==TIFFReadDirEntryErrOk)
4882 {
4883 int m;
4884 m=TIFFSetField(tif,dp->tdir_tag,data);
4885 if (data!=0)
4886 _TIFFfree(data);
4887 if (!m)
4888 return(0);
4889 }
4890 }
4891 }
4892 break;
4893 case TIFF_SETGET_C0_UINT16:
4894 {
4895 uint16* data;
4896 assert(fip->field_readcount>=1);
4897 assert(fip->field_passcount==0);
4898 if (dp->tdir_count!=(uint64)fip->field_readcount)
4899 /* corrupt file */;
4900 else
4901 {
4902 err=TIFFReadDirEntryShortArray(tif,dp,&data);
4903 if (err==TIFFReadDirEntryErrOk)
4904 {
4905 int m;
4906 m=TIFFSetField(tif,dp->tdir_tag,data);
4907 if (data!=0)
4908 _TIFFfree(data);
4909 if (!m)
4910 return(0);
4911 }
4912 }
4913 }
4914 break;
4915 case TIFF_SETGET_C0_UINT32:
4916 {
4917 uint32* data;
4918 assert(fip->field_readcount>=1);
4919 assert(fip->field_passcount==0);
4920 if (dp->tdir_count!=(uint64)fip->field_readcount)
4921 /* corrupt file */;
4922 else
4923 {
4924 err=TIFFReadDirEntryLongArray(tif,dp,&data);
4925 if (err==TIFFReadDirEntryErrOk)
4926 {
4927 int m;
4928 m=TIFFSetField(tif,dp->tdir_tag,data);
4929 if (data!=0)
4930 _TIFFfree(data);
4931 if (!m)
4932 return(0);
4933 }
4934 }
4935 }
4936 break;
4937 case TIFF_SETGET_C0_FLOAT:
4938 {
4939 float* data;
4940 assert(fip->field_readcount>=1);
4941 assert(fip->field_passcount==0);
4942 if (dp->tdir_count!=(uint64)fip->field_readcount)
4943 /* corrupt file */;
4944 else
4945 {
4946 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
4947 if (err==TIFFReadDirEntryErrOk)
4948 {
4949 int m;
4950 m=TIFFSetField(tif,dp->tdir_tag,data);
4951 if (data!=0)
4952 _TIFFfree(data);
4953 if (!m)
4954 return(0);
4955 }
4956 }
4957 }
4958 break;
4959 case TIFF_SETGET_C16_ASCII:
4960 {
4961 uint8* data;
4962 assert(fip->field_readcount==TIFF_VARIABLE);
4963 assert(fip->field_passcount==1);
4964 if (dp->tdir_count>0xFFFF)
4965 err=TIFFReadDirEntryErrCount;
4966 else
4967 {
4968 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4969 if (err==TIFFReadDirEntryErrOk)
4970 {
4971 int m;
4972 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
4973 if (data!=0)
4974 _TIFFfree(data);
4975 if (!m)
4976 return(0);
4977 }
4978 }
4979 }
4980 break;
4981 case TIFF_SETGET_C16_UINT8:
4982 {
4983 uint8* data;
4984 assert(fip->field_readcount==TIFF_VARIABLE);
4985 assert(fip->field_passcount==1);
4986 if (dp->tdir_count>0xFFFF)
4987 err=TIFFReadDirEntryErrCount;
4988 else
4989 {
4990 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4991 if (err==TIFFReadDirEntryErrOk)
4992 {
4993 int m;
4994 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
4995 if (data!=0)
4996 _TIFFfree(data);
4997 if (!m)
4998 return(0);
4999 }
5000 }
5001 }
5002 break;
5003 case TIFF_SETGET_C16_UINT16:
5004 {
5005 uint16* data;
5006 assert(fip->field_readcount==TIFF_VARIABLE);
5007 assert(fip->field_passcount==1);
5008 if (dp->tdir_count>0xFFFF)
5009 err=TIFFReadDirEntryErrCount;
5010 else
5011 {
5012 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5013 if (err==TIFFReadDirEntryErrOk)
5014 {
5015 int m;
5016 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5017 if (data!=0)
5018 _TIFFfree(data);
5019 if (!m)
5020 return(0);
5021 }
5022 }
5023 }
5024 break;
5025 case TIFF_SETGET_C16_UINT32:
5026 {
5027 uint32* data;
5028 assert(fip->field_readcount==TIFF_VARIABLE);
5029 assert(fip->field_passcount==1);
5030 if (dp->tdir_count>0xFFFF)
5031 err=TIFFReadDirEntryErrCount;
5032 else
5033 {
5034 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5035 if (err==TIFFReadDirEntryErrOk)
5036 {
5037 int m;
5038 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5039 if (data!=0)
5040 _TIFFfree(data);
5041 if (!m)
5042 return(0);
5043 }
5044 }
5045 }
5046 break;
5047 case TIFF_SETGET_C16_UINT64:
5048 {
5049 uint64* data;
5050 assert(fip->field_readcount==TIFF_VARIABLE);
5051 assert(fip->field_passcount==1);
5052 if (dp->tdir_count>0xFFFF)
5053 err=TIFFReadDirEntryErrCount;
5054 else
5055 {
5056 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5057 if (err==TIFFReadDirEntryErrOk)
5058 {
5059 int m;
5060 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5061 if (data!=0)
5062 _TIFFfree(data);
5063 if (!m)
5064 return(0);
5065 }
5066 }
5067 }
5068 break;
5069 case TIFF_SETGET_C16_FLOAT:
5070 {
5071 float* data;
5072 assert(fip->field_readcount==TIFF_VARIABLE);
5073 assert(fip->field_passcount==1);
5074 if (dp->tdir_count>0xFFFF)
5075 err=TIFFReadDirEntryErrCount;
5076 else
5077 {
5078 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5079 if (err==TIFFReadDirEntryErrOk)
5080 {
5081 int m;
5082 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5083 if (data!=0)
5084 _TIFFfree(data);
5085 if (!m)
5086 return(0);
5087 }
5088 }
5089 }
5090 break;
5091 case TIFF_SETGET_C16_DOUBLE:
5092 {
5093 double* data;
5094 assert(fip->field_readcount==TIFF_VARIABLE);
5095 assert(fip->field_passcount==1);
5096 if (dp->tdir_count>0xFFFF)
5097 err=TIFFReadDirEntryErrCount;
5098 else
5099 {
5100 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5101 if (err==TIFFReadDirEntryErrOk)
5102 {
5103 int m;
5104 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5105 if (data!=0)
5106 _TIFFfree(data);
5107 if (!m)
5108 return(0);
5109 }
5110 }
5111 }
5112 break;
5113 case TIFF_SETGET_C16_IFD8:
5114 {
5115 uint64* data;
5116 assert(fip->field_readcount==TIFF_VARIABLE);
5117 assert(fip->field_passcount==1);
5118 if (dp->tdir_count>0xFFFF)
5119 err=TIFFReadDirEntryErrCount;
5120 else
5121 {
5122 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5123 if (err==TIFFReadDirEntryErrOk)
5124 {
5125 int m;
5126 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5127 if (data!=0)
5128 _TIFFfree(data);
5129 if (!m)
5130 return(0);
5131 }
5132 }
5133 }
5134 break;
5135 case TIFF_SETGET_C32_ASCII:
5136 {
5137 uint8* data;
5138 assert(fip->field_readcount==TIFF_VARIABLE2);
5139 assert(fip->field_passcount==1);
5140 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5141 if (err==TIFFReadDirEntryErrOk)
5142 {
5143 int m;
5144 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5145 if (data!=0)
5146 _TIFFfree(data);
5147 if (!m)
5148 return(0);
5149 }
5150 }
5151 break;
5152 case TIFF_SETGET_C32_UINT8:
5153 {
5154 uint8* data;
5155 assert(fip->field_readcount==TIFF_VARIABLE2);
5156 assert(fip->field_passcount==1);
5157 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5158 if (err==TIFFReadDirEntryErrOk)
5159 {
5160 int m;
5161 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5162 if (data!=0)
5163 _TIFFfree(data);
5164 if (!m)
5165 return(0);
5166 }
5167 }
5168 break;
5169 case TIFF_SETGET_C32_SINT8:
5170 {
5171 int8* data = NULL;
5172 assert(fip->field_readcount==TIFF_VARIABLE2);
5173 assert(fip->field_passcount==1);
5174 err=TIFFReadDirEntrySbyteArray(tif,dp,&data);
5175 if (err==TIFFReadDirEntryErrOk)
5176 {
5177 int m;
5178 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5179 if (data!=0)
5180 _TIFFfree(data);
5181 if (!m)
5182 return(0);
5183 }
5184 }
5185 break;
5186 case TIFF_SETGET_C32_UINT16:
5187 {
5188 uint16* data;
5189 assert(fip->field_readcount==TIFF_VARIABLE2);
5190 assert(fip->field_passcount==1);
5191 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5192 if (err==TIFFReadDirEntryErrOk)
5193 {
5194 int m;
5195 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5196 if (data!=0)
5197 _TIFFfree(data);
5198 if (!m)
5199 return(0);
5200 }
5201 }
5202 break;
5203 case TIFF_SETGET_C32_SINT16:
5204 {
5205 int16* data = NULL;
5206 assert(fip->field_readcount==TIFF_VARIABLE2);
5207 assert(fip->field_passcount==1);
5208 err=TIFFReadDirEntrySshortArray(tif,dp,&data);
5209 if (err==TIFFReadDirEntryErrOk)
5210 {
5211 int m;
5212 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5213 if (data!=0)
5214 _TIFFfree(data);
5215 if (!m)
5216 return(0);
5217 }
5218 }
5219 break;
5220 case TIFF_SETGET_C32_UINT32:
5221 {
5222 uint32* data;
5223 assert(fip->field_readcount==TIFF_VARIABLE2);
5224 assert(fip->field_passcount==1);
5225 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5226 if (err==TIFFReadDirEntryErrOk)
5227 {
5228 int m;
5229 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5230 if (data!=0)
5231 _TIFFfree(data);
5232 if (!m)
5233 return(0);
5234 }
5235 }
5236 break;
5237 case TIFF_SETGET_C32_SINT32:
5238 {
5239 int32* data = NULL;
5240 assert(fip->field_readcount==TIFF_VARIABLE2);
5241 assert(fip->field_passcount==1);
5242 err=TIFFReadDirEntrySlongArray(tif,dp,&data);
5243 if (err==TIFFReadDirEntryErrOk)
5244 {
5245 int m;
5246 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5247 if (data!=0)
5248 _TIFFfree(data);
5249 if (!m)
5250 return(0);
5251 }
5252 }
5253 break;
5254 case TIFF_SETGET_C32_UINT64:
5255 {
5256 uint64* data;
5257 assert(fip->field_readcount==TIFF_VARIABLE2);
5258 assert(fip->field_passcount==1);
5259 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5260 if (err==TIFFReadDirEntryErrOk)
5261 {
5262 int m;
5263 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5264 if (data!=0)
5265 _TIFFfree(data);
5266 if (!m)
5267 return(0);
5268 }
5269 }
5270 break;
5271 case TIFF_SETGET_C32_SINT64:
5272 {
5273 int64* data = NULL;
5274 assert(fip->field_readcount==TIFF_VARIABLE2);
5275 assert(fip->field_passcount==1);
5276 err=TIFFReadDirEntrySlong8Array(tif,dp,&data);
5277 if (err==TIFFReadDirEntryErrOk)
5278 {
5279 int m;
5280 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5281 if (data!=0)
5282 _TIFFfree(data);
5283 if (!m)
5284 return(0);
5285 }
5286 }
5287 break;
5288 case TIFF_SETGET_C32_FLOAT:
5289 {
5290 float* data;
5291 assert(fip->field_readcount==TIFF_VARIABLE2);
5292 assert(fip->field_passcount==1);
5293 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5294 if (err==TIFFReadDirEntryErrOk)
5295 {
5296 int m;
5297 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5298 if (data!=0)
5299 _TIFFfree(data);
5300 if (!m)
5301 return(0);
5302 }
5303 }
5304 break;
5305 case TIFF_SETGET_C32_DOUBLE:
5306 {
5307 double* data;
5308 assert(fip->field_readcount==TIFF_VARIABLE2);
5309 assert(fip->field_passcount==1);
5310 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5311 if (err==TIFFReadDirEntryErrOk)
5312 {
5313 int m;
5314 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5315 if (data!=0)
5316 _TIFFfree(data);
5317 if (!m)
5318 return(0);
5319 }
5320 }
5321 break;
5322 case TIFF_SETGET_C32_IFD8:
5323 {
5324 uint64* data;
5325 assert(fip->field_readcount==TIFF_VARIABLE2);
5326 assert(fip->field_passcount==1);
5327 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5328 if (err==TIFFReadDirEntryErrOk)
5329 {
5330 int m;
5331 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5332 if (data!=0)
5333 _TIFFfree(data);
5334 if (!m)
5335 return(0);
5336 }
5337 }
5338 break;
5339 default:
5340 assert(0); /* we should never get here */
5341 break;
5342 }
5343 if (err!=TIFFReadDirEntryErrOk)
5344 {
5345 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",recover);
5346 return(0);
5347 }
5348 return(1);
5349 }
5350
5351 /*
5352 * Fetch a set of offsets or lengths.
5353 * While this routine says "strips", in fact it's also used for tiles.
5354 */
5355 static int
TIFFFetchStripThing(TIFF * tif,TIFFDirEntry * dir,uint32 nstrips,uint64 ** lpp)5356 TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
5357 {
5358 static const char module[] = "TIFFFetchStripThing";
5359 enum TIFFReadDirEntryErr err;
5360 uint64* data;
5361 err=TIFFReadDirEntryLong8Array(tif,dir,&data);
5362 if (err!=TIFFReadDirEntryErrOk)
5363 {
5364 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5365 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
5366 return(0);
5367 }
5368 if (dir->tdir_count!=(uint64)nstrips)
5369 {
5370 uint64* resizeddata;
5371 resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array");
5372 if (resizeddata==0) {
5373 _TIFFfree(data);
5374 return(0);
5375 }
5376 if (dir->tdir_count<(uint64)nstrips)
5377 {
5378 _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
5379 _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
5380 }
5381 else
5382 _TIFFmemcpy(resizeddata,data,nstrips*sizeof(uint64));
5383 _TIFFfree(data);
5384 data=resizeddata;
5385 }
5386 *lpp=data;
5387 return(1);
5388 }
5389
5390 /*
5391 * Fetch and set the SubjectDistance EXIF tag.
5392 */
5393 static int
TIFFFetchSubjectDistance(TIFF * tif,TIFFDirEntry * dir)5394 TIFFFetchSubjectDistance(TIFF* tif, TIFFDirEntry* dir)
5395 {
5396 static const char module[] = "TIFFFetchSubjectDistance";
5397 enum TIFFReadDirEntryErr err;
5398 UInt64Aligned_t m;
5399 m.l=0;
5400 assert(sizeof(double)==8);
5401 assert(sizeof(uint64)==8);
5402 assert(sizeof(uint32)==4);
5403 if (dir->tdir_count!=1)
5404 err=TIFFReadDirEntryErrCount;
5405 else if (dir->tdir_type!=TIFF_RATIONAL)
5406 err=TIFFReadDirEntryErrType;
5407 else
5408 {
5409 if (!(tif->tif_flags&TIFF_BIGTIFF))
5410 {
5411 uint32 offset;
5412 offset=*(uint32*)(&dir->tdir_offset);
5413 if (tif->tif_flags&TIFF_SWAB)
5414 TIFFSwabLong(&offset);
5415 err=TIFFReadDirEntryData(tif,offset,8,m.i);
5416 }
5417 else
5418 {
5419 m.l=dir->tdir_offset.toff_long8;
5420 err=TIFFReadDirEntryErrOk;
5421 }
5422 }
5423 if (err==TIFFReadDirEntryErrOk)
5424 {
5425 double n;
5426 if (tif->tif_flags&TIFF_SWAB)
5427 TIFFSwabArrayOfLong(m.i,2);
5428 if (m.i[0]==0)
5429 n=0.0;
5430 else if (m.i[0]==0xFFFFFFFF)
5431 /*
5432 * XXX: Numerator 0xFFFFFFFF means that we have infinite
5433 * distance. Indicate that with a negative floating point
5434 * SubjectDistance value.
5435 */
5436 n=-1.0;
5437 else
5438 n=(double)m.i[0]/(double)m.i[1];
5439 return(TIFFSetField(tif,dir->tdir_tag,n));
5440 }
5441 else
5442 {
5443 TIFFReadDirEntryOutputErr(tif,err,module,"SubjectDistance",TRUE);
5444 return(0);
5445 }
5446 }
5447
5448 /*
5449 * Replace a single strip (tile) of uncompressed data by multiple strips
5450 * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for
5451 * dealing with large images or for dealing with machines with a limited
5452 * amount memory.
5453 */
5454 static void
ChopUpSingleUncompressedStrip(TIFF * tif)5455 ChopUpSingleUncompressedStrip(TIFF* tif)
5456 {
5457 register TIFFDirectory *td = &tif->tif_dir;
5458 uint64 bytecount;
5459 uint64 offset;
5460 uint32 rowblock;
5461 uint64 rowblockbytes;
5462 uint64 stripbytes;
5463 uint32 strip;
5464 uint64 nstrips64;
5465 uint32 nstrips32;
5466 uint32 rowsperstrip;
5467 uint64* newcounts;
5468 uint64* newoffsets;
5469
5470 bytecount = td->td_stripbytecount[0];
5471 offset = td->td_stripoffset[0];
5472 assert(td->td_planarconfig == PLANARCONFIG_CONTIG);
5473 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&&
5474 (!isUpSampled(tif)))
5475 rowblock = td->td_ycbcrsubsampling[1];
5476 else
5477 rowblock = 1;
5478 rowblockbytes = TIFFVTileSize64(tif, rowblock);
5479 /*
5480 * Make the rows hold at least one scanline, but fill specified amount
5481 * of data if possible.
5482 */
5483 if (rowblockbytes > STRIP_SIZE_DEFAULT) {
5484 stripbytes = rowblockbytes;
5485 rowsperstrip = rowblock;
5486 } else if (rowblockbytes > 0 ) {
5487 uint32 rowblocksperstrip;
5488 rowblocksperstrip = (uint32) (STRIP_SIZE_DEFAULT / rowblockbytes);
5489 rowsperstrip = rowblocksperstrip * rowblock;
5490 stripbytes = rowblocksperstrip * rowblockbytes;
5491 }
5492 else
5493 return;
5494
5495 /*
5496 * never increase the number of strips in an image
5497 */
5498 if (rowsperstrip >= td->td_rowsperstrip)
5499 return;
5500 nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
5501 if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
5502 return;
5503 nstrips32 = (uint32)nstrips64;
5504
5505 newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
5506 "for chopped \"StripByteCounts\" array");
5507 newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
5508 "for chopped \"StripOffsets\" array");
5509 if (newcounts == NULL || newoffsets == NULL) {
5510 /*
5511 * Unable to allocate new strip information, give up and use
5512 * the original one strip information.
5513 */
5514 if (newcounts != NULL)
5515 _TIFFfree(newcounts);
5516 if (newoffsets != NULL)
5517 _TIFFfree(newoffsets);
5518 return;
5519 }
5520 /*
5521 * Fill the strip information arrays with new bytecounts and offsets
5522 * that reflect the broken-up format.
5523 */
5524 for (strip = 0; strip < nstrips32; strip++) {
5525 if (stripbytes > bytecount)
5526 stripbytes = bytecount;
5527 newcounts[strip] = stripbytes;
5528 newoffsets[strip] = offset;
5529 offset += stripbytes;
5530 bytecount -= stripbytes;
5531 }
5532 /*
5533 * Replace old single strip info with multi-strip info.
5534 */
5535 td->td_stripsperimage = td->td_nstrips = nstrips32;
5536 TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
5537
5538 _TIFFfree(td->td_stripbytecount);
5539 _TIFFfree(td->td_stripoffset);
5540 td->td_stripbytecount = newcounts;
5541 td->td_stripoffset = newoffsets;
5542 td->td_stripbytecountsorted = 1;
5543 }
5544
_TIFFFillStriles(TIFF * tif)5545 int _TIFFFillStriles( TIFF *tif )
5546 {
5547 #if defined(DEFER_STRILE_LOAD)
5548 register TIFFDirectory *td = &tif->tif_dir;
5549 int return_value = 1;
5550
5551 if( td->td_stripoffset != NULL )
5552 return 1;
5553
5554 if( td->td_stripoffset_entry.tdir_count == 0 )
5555 return 0;
5556
5557 if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry),
5558 td->td_nstrips,&td->td_stripoffset))
5559 {
5560 return_value = 0;
5561 }
5562
5563 if (!TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry),
5564 td->td_nstrips,&td->td_stripbytecount))
5565 {
5566 return_value = 0;
5567 }
5568
5569 _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry));
5570 _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry));
5571
5572 if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) {
5573 uint32 strip;
5574
5575 tif->tif_dir.td_stripbytecountsorted = 1;
5576 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
5577 if (tif->tif_dir.td_stripoffset[strip - 1] >
5578 tif->tif_dir.td_stripoffset[strip]) {
5579 tif->tif_dir.td_stripbytecountsorted = 0;
5580 break;
5581 }
5582 }
5583 }
5584
5585 return return_value;
5586 #else /* !defined(DEFER_STRILE_LOAD) */
5587 (void) tif;
5588 return 1;
5589 #endif
5590 }
5591
5592
5593 /* vim: set ts=8 sts=8 sw=8 noet: */
5594 /*
5595 * Local Variables:
5596 * mode: c
5597 * c-basic-offset: 8
5598 * fill-column: 78
5599 * End:
5600 */
5601