1 /* $Id: tif_dir.c,v 1.121 2015-05-31 23:11:43 bfriesen Exp $ */
2 
3 /*
4  * Copyright (c) 1988-1997 Sam Leffler
5  * Copyright (c) 1991-1997 Silicon Graphics, Inc.
6  *
7  * Permission to use, copy, modify, distribute, and sell this software and
8  * its documentation for any purpose is hereby granted without fee, provided
9  * that (i) the above copyright notices and this permission notice appear in
10  * all copies of the software and related documentation, and (ii) the names of
11  * Sam Leffler and Silicon Graphics may not be used in any advertising or
12  * publicity relating to the software without the specific, prior written
13  * permission of Sam Leffler and Silicon Graphics.
14  *
15  * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
17  * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
18  *
19  * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
20  * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
21  * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
22  * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
23  * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
24  * OF THIS SOFTWARE.
25  */
26 
27 /*
28  * TIFF Library.
29  *
30  * Directory Tag Get & Set Routines.
31  * (and also some miscellaneous stuff)
32  */
33 #include "tiffiop.h"
34 
35 /*
36  * These are used in the backwards compatibility code...
37  */
38 #define DATATYPE_VOID		0       /* !untyped data */
39 #define DATATYPE_INT		1       /* !signed integer data */
40 #define DATATYPE_UINT		2       /* !unsigned integer data */
41 #define DATATYPE_IEEEFP		3       /* !IEEE floating point data */
42 
43 static void
setByteArray(void ** vpp,void * vp,size_t nmemb,size_t elem_size)44 setByteArray(void** vpp, void* vp, size_t nmemb, size_t elem_size)
45 {
46 	if (*vpp)
47 		_TIFFfree(*vpp), *vpp = 0;
48 	if (vp) {
49 		tmsize_t bytes = (tmsize_t)(nmemb * elem_size);
50 		if (elem_size && bytes / elem_size == nmemb)
51 			*vpp = (void*) _TIFFmalloc(bytes);
52 		if (*vpp)
53 			_TIFFmemcpy(*vpp, vp, bytes);
54 	}
55 }
_TIFFsetByteArray(void ** vpp,void * vp,uint32 n)56 void _TIFFsetByteArray(void** vpp, void* vp, uint32 n)
57     { setByteArray(vpp, vp, n, 1); }
_TIFFsetString(char ** cpp,char * cp)58 void _TIFFsetString(char** cpp, char* cp)
59     { setByteArray((void**) cpp, (void*) cp, strlen(cp)+1, 1); }
_TIFFsetNString(char ** cpp,char * cp,uint32 n)60 void _TIFFsetNString(char** cpp, char* cp, uint32 n)
61     { setByteArray((void**) cpp, (void*) cp, n, 1); }
_TIFFsetShortArray(uint16 ** wpp,uint16 * wp,uint32 n)62 void _TIFFsetShortArray(uint16** wpp, uint16* wp, uint32 n)
63     { setByteArray((void**) wpp, (void*) wp, n, sizeof (uint16)); }
_TIFFsetLongArray(uint32 ** lpp,uint32 * lp,uint32 n)64 void _TIFFsetLongArray(uint32** lpp, uint32* lp, uint32 n)
65     { setByteArray((void**) lpp, (void*) lp, n, sizeof (uint32)); }
_TIFFsetLong8Array(uint64 ** lpp,uint64 * lp,uint32 n)66 void _TIFFsetLong8Array(uint64** lpp, uint64* lp, uint32 n)
67     { setByteArray((void**) lpp, (void*) lp, n, sizeof (uint64)); }
_TIFFsetFloatArray(float ** fpp,float * fp,uint32 n)68 void _TIFFsetFloatArray(float** fpp, float* fp, uint32 n)
69     { setByteArray((void**) fpp, (void*) fp, n, sizeof (float)); }
_TIFFsetDoubleArray(double ** dpp,double * dp,uint32 n)70 void _TIFFsetDoubleArray(double** dpp, double* dp, uint32 n)
71     { setByteArray((void**) dpp, (void*) dp, n, sizeof (double)); }
72 
73 static void
setDoubleArrayOneValue(double ** vpp,double value,size_t nmemb)74 setDoubleArrayOneValue(double** vpp, double value, size_t nmemb)
75 {
76 	if (*vpp)
77 		_TIFFfree(*vpp);
78 	*vpp = _TIFFmalloc(nmemb*sizeof(double));
79 	if (*vpp)
80 	{
81 		while (nmemb--)
82 			((double*)*vpp)[nmemb] = value;
83 	}
84 }
85 
86 /*
87  * Install extra samples information.
88  */
89 static int
setExtraSamples(TIFFDirectory * td,va_list ap,uint32 * v)90 setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v)
91 {
92 /* XXX: Unassociated alpha data == 999 is a known Corel Draw bug, see below */
93 #define EXTRASAMPLE_COREL_UNASSALPHA 999
94 
95 	uint16* va;
96 	uint32 i;
97 
98 	*v = (uint16) va_arg(ap, uint16_vap);
99 	if ((uint16) *v > td->td_samplesperpixel)
100 		return 0;
101 	va = va_arg(ap, uint16*);
102 	if (*v > 0 && va == NULL)		/* typically missing param */
103 		return 0;
104 	for (i = 0; i < *v; i++) {
105 		if (va[i] > EXTRASAMPLE_UNASSALPHA) {
106 			/*
107 			 * XXX: Corel Draw is known to produce incorrect
108 			 * ExtraSamples tags which must be patched here if we
109 			 * want to be able to open some of the damaged TIFF
110 			 * files:
111 			 */
112 			if (va[i] == EXTRASAMPLE_COREL_UNASSALPHA)
113 				va[i] = EXTRASAMPLE_UNASSALPHA;
114 			else
115 				return 0;
116 		}
117 	}
118 	td->td_extrasamples = (uint16) *v;
119 	_TIFFsetShortArray(&td->td_sampleinfo, va, td->td_extrasamples);
120 	return 1;
121 
122 #undef EXTRASAMPLE_COREL_UNASSALPHA
123 }
124 
125 /*
126  * Confirm we have "samplesperpixel" ink names separated by \0.  Returns
127  * zero if the ink names are not as expected.
128  */
129 static uint32
checkInkNamesString(TIFF * tif,uint32 slen,const char * s)130 checkInkNamesString(TIFF* tif, uint32 slen, const char* s)
131 {
132 	TIFFDirectory* td = &tif->tif_dir;
133 	uint16 i = td->td_samplesperpixel;
134 
135 	if (slen > 0) {
136 		const char* ep = s+slen;
137 		const char* cp = s;
138 		for (; i > 0; i--) {
139 			for (; cp < ep && *cp != '\0'; cp++) {}
140 			if (cp >= ep)
141 				goto bad;
142 			cp++;				/* skip \0 */
143 		}
144 		return ((uint32)(cp-s));
145 	}
146 bad:
147 	TIFFErrorExt(tif->tif_clientdata, "TIFFSetField",
148 	    "%s: Invalid InkNames value; expecting %d names, found %d",
149 	    tif->tif_name,
150 	    td->td_samplesperpixel,
151 	    td->td_samplesperpixel-i);
152 	return (0);
153 }
154 
155 static int
_TIFFVSetField(TIFF * tif,uint32 tag,va_list ap)156 _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
157 {
158 	static const char module[] = "_TIFFVSetField";
159 
160 	TIFFDirectory* td = &tif->tif_dir;
161 	int status = 1;
162 	uint32 v32, i, v;
163     double dblval;
164 	char* s;
165 	const TIFFField *fip = TIFFFindField(tif, tag, TIFF_ANY);
166 	uint32 standard_tag = tag;
167 	if( fip == NULL ) /* cannot happen since OkToChangeTag() already checks it */
168 	    return 0;
169 	/*
170 	 * We want to force the custom code to be used for custom
171 	 * fields even if the tag happens to match a well known
172 	 * one - important for reinterpreted handling of standard
173 	 * tag values in custom directories (ie. EXIF)
174 	 */
175 	if (fip->field_bit == FIELD_CUSTOM) {
176 		standard_tag = 0;
177 	}
178 
179 	switch (standard_tag) {
180 	case TIFFTAG_SUBFILETYPE:
181 		td->td_subfiletype = (uint32) va_arg(ap, uint32);
182 		break;
183 	case TIFFTAG_IMAGEWIDTH:
184 		td->td_imagewidth = (uint32) va_arg(ap, uint32);
185 		break;
186 	case TIFFTAG_IMAGELENGTH:
187 		td->td_imagelength = (uint32) va_arg(ap, uint32);
188 		break;
189 	case TIFFTAG_BITSPERSAMPLE:
190 		td->td_bitspersample = (uint16) va_arg(ap, uint16_vap);
191 		/*
192 		 * If the data require post-decoding processing to byte-swap
193 		 * samples, set it up here.  Note that since tags are required
194 		 * to be ordered, compression code can override this behaviour
195 		 * in the setup method if it wants to roll the post decoding
196 		 * work in with its normal work.
197 		 */
198 		if (tif->tif_flags & TIFF_SWAB) {
199 			if (td->td_bitspersample == 8)
200 				tif->tif_postdecode = _TIFFNoPostDecode;
201 			else if (td->td_bitspersample == 16)
202 				tif->tif_postdecode = _TIFFSwab16BitData;
203 			else if (td->td_bitspersample == 24)
204 				tif->tif_postdecode = _TIFFSwab24BitData;
205 			else if (td->td_bitspersample == 32)
206 				tif->tif_postdecode = _TIFFSwab32BitData;
207 			else if (td->td_bitspersample == 64)
208 				tif->tif_postdecode = _TIFFSwab64BitData;
209 			else if (td->td_bitspersample == 128) /* two 64's */
210 				tif->tif_postdecode = _TIFFSwab64BitData;
211 		}
212 		break;
213 	case TIFFTAG_COMPRESSION:
214 		v = (uint16) va_arg(ap, uint16_vap);
215 		/*
216 		 * If we're changing the compression scheme, the notify the
217 		 * previous module so that it can cleanup any state it's
218 		 * setup.
219 		 */
220 		if (TIFFFieldSet(tif, FIELD_COMPRESSION)) {
221 			if ((uint32)td->td_compression == v)
222 				break;
223 			(*tif->tif_cleanup)(tif);
224 			tif->tif_flags &= ~TIFF_CODERSETUP;
225 		}
226 		/*
227 		 * Setup new compression routine state.
228 		 */
229 		if( (status = TIFFSetCompressionScheme(tif, v)) != 0 )
230 		    td->td_compression = (uint16) v;
231 		else
232 		    status = 0;
233 		break;
234 	case TIFFTAG_PHOTOMETRIC:
235 		td->td_photometric = (uint16) va_arg(ap, uint16_vap);
236 		break;
237 	case TIFFTAG_THRESHHOLDING:
238 		td->td_threshholding = (uint16) va_arg(ap, uint16_vap);
239 		break;
240 	case TIFFTAG_FILLORDER:
241 		v = (uint16) va_arg(ap, uint16_vap);
242 		if (v != FILLORDER_LSB2MSB && v != FILLORDER_MSB2LSB)
243 			goto badvalue;
244 		td->td_fillorder = (uint16) v;
245 		break;
246 	case TIFFTAG_ORIENTATION:
247 		v = (uint16) va_arg(ap, uint16_vap);
248 		if (v < ORIENTATION_TOPLEFT || ORIENTATION_LEFTBOT < v)
249 			goto badvalue;
250 		else
251 			td->td_orientation = (uint16) v;
252 		break;
253 	case TIFFTAG_SAMPLESPERPIXEL:
254 		v = (uint16) va_arg(ap, uint16_vap);
255 		if (v == 0)
256 			goto badvalue;
257 		td->td_samplesperpixel = (uint16) v;
258 		break;
259 	case TIFFTAG_ROWSPERSTRIP:
260 		v32 = (uint32) va_arg(ap, uint32);
261 		if (v32 == 0)
262 			goto badvalue32;
263 		td->td_rowsperstrip = v32;
264 		if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
265 			td->td_tilelength = v32;
266 			td->td_tilewidth = td->td_imagewidth;
267 		}
268 		break;
269 	case TIFFTAG_MINSAMPLEVALUE:
270 		td->td_minsamplevalue = (uint16) va_arg(ap, uint16_vap);
271 		break;
272 	case TIFFTAG_MAXSAMPLEVALUE:
273 		td->td_maxsamplevalue = (uint16) va_arg(ap, uint16_vap);
274 		break;
275 	case TIFFTAG_SMINSAMPLEVALUE:
276 		if (tif->tif_flags & TIFF_PERSAMPLE)
277 			_TIFFsetDoubleArray(&td->td_sminsamplevalue, va_arg(ap, double*), td->td_samplesperpixel);
278 		else
279 			setDoubleArrayOneValue(&td->td_sminsamplevalue, va_arg(ap, double), td->td_samplesperpixel);
280 		break;
281 	case TIFFTAG_SMAXSAMPLEVALUE:
282 		if (tif->tif_flags & TIFF_PERSAMPLE)
283 			_TIFFsetDoubleArray(&td->td_smaxsamplevalue, va_arg(ap, double*), td->td_samplesperpixel);
284 		else
285 			setDoubleArrayOneValue(&td->td_smaxsamplevalue, va_arg(ap, double), td->td_samplesperpixel);
286 		break;
287 	case TIFFTAG_XRESOLUTION:
288         dblval = va_arg(ap, double);
289         if( dblval < 0 )
290             goto badvaluedouble;
291 		td->td_xresolution = (float) dblval;
292 		break;
293 	case TIFFTAG_YRESOLUTION:
294         dblval = va_arg(ap, double);
295         if( dblval < 0 )
296             goto badvaluedouble;
297 		td->td_yresolution = (float) dblval;
298 		break;
299 	case TIFFTAG_PLANARCONFIG:
300 		v = (uint16) va_arg(ap, uint16_vap);
301 		if (v != PLANARCONFIG_CONTIG && v != PLANARCONFIG_SEPARATE)
302 			goto badvalue;
303 		td->td_planarconfig = (uint16) v;
304 		break;
305 	case TIFFTAG_XPOSITION:
306 		td->td_xposition = (float) va_arg(ap, double);
307 		break;
308 	case TIFFTAG_YPOSITION:
309 		td->td_yposition = (float) va_arg(ap, double);
310 		break;
311 	case TIFFTAG_RESOLUTIONUNIT:
312 		v = (uint16) va_arg(ap, uint16_vap);
313 		if (v < RESUNIT_NONE || RESUNIT_CENTIMETER < v)
314 			goto badvalue;
315 		td->td_resolutionunit = (uint16) v;
316 		break;
317 	case TIFFTAG_PAGENUMBER:
318 		td->td_pagenumber[0] = (uint16) va_arg(ap, uint16_vap);
319 		td->td_pagenumber[1] = (uint16) va_arg(ap, uint16_vap);
320 		break;
321 	case TIFFTAG_HALFTONEHINTS:
322 		td->td_halftonehints[0] = (uint16) va_arg(ap, uint16_vap);
323 		td->td_halftonehints[1] = (uint16) va_arg(ap, uint16_vap);
324 		break;
325 	case TIFFTAG_COLORMAP:
326 		v32 = (uint32)(1L<<td->td_bitspersample);
327 		_TIFFsetShortArray(&td->td_colormap[0], va_arg(ap, uint16*), v32);
328 		_TIFFsetShortArray(&td->td_colormap[1], va_arg(ap, uint16*), v32);
329 		_TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32);
330 		break;
331 	case TIFFTAG_EXTRASAMPLES:
332 		if (!setExtraSamples(td, ap, &v))
333 			goto badvalue;
334 		break;
335 	case TIFFTAG_MATTEING:
336 		td->td_extrasamples =  (((uint16) va_arg(ap, uint16_vap)) != 0);
337 		if (td->td_extrasamples) {
338 			uint16 sv = EXTRASAMPLE_ASSOCALPHA;
339 			_TIFFsetShortArray(&td->td_sampleinfo, &sv, 1);
340 		}
341 		break;
342 	case TIFFTAG_TILEWIDTH:
343 		v32 = (uint32) va_arg(ap, uint32);
344 		if (v32 % 16) {
345 			if (tif->tif_mode != O_RDONLY)
346 				goto badvalue32;
347 			TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
348 				"Nonstandard tile width %d, convert file", v32);
349 		}
350 		td->td_tilewidth = v32;
351 		tif->tif_flags |= TIFF_ISTILED;
352 		break;
353 	case TIFFTAG_TILELENGTH:
354 		v32 = (uint32) va_arg(ap, uint32);
355 		if (v32 % 16) {
356 			if (tif->tif_mode != O_RDONLY)
357 				goto badvalue32;
358 			TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
359 			    "Nonstandard tile length %d, convert file", v32);
360 		}
361 		td->td_tilelength = v32;
362 		tif->tif_flags |= TIFF_ISTILED;
363 		break;
364 	case TIFFTAG_TILEDEPTH:
365 		v32 = (uint32) va_arg(ap, uint32);
366 		if (v32 == 0)
367 			goto badvalue32;
368 		td->td_tiledepth = v32;
369 		break;
370 	case TIFFTAG_DATATYPE:
371 		v = (uint16) va_arg(ap, uint16_vap);
372 		switch (v) {
373 		case DATATYPE_VOID:	v = SAMPLEFORMAT_VOID;	break;
374 		case DATATYPE_INT:	v = SAMPLEFORMAT_INT;	break;
375 		case DATATYPE_UINT:	v = SAMPLEFORMAT_UINT;	break;
376 		case DATATYPE_IEEEFP:	v = SAMPLEFORMAT_IEEEFP;break;
377 		default:		goto badvalue;
378 		}
379 		td->td_sampleformat = (uint16) v;
380 		break;
381 	case TIFFTAG_SAMPLEFORMAT:
382 		v = (uint16) va_arg(ap, uint16_vap);
383 		if (v < SAMPLEFORMAT_UINT || SAMPLEFORMAT_COMPLEXIEEEFP < v)
384 			goto badvalue;
385 		td->td_sampleformat = (uint16) v;
386 
387 		/*  Try to fix up the SWAB function for complex data. */
388 		if( td->td_sampleformat == SAMPLEFORMAT_COMPLEXINT
389 		    && td->td_bitspersample == 32
390 		    && tif->tif_postdecode == _TIFFSwab32BitData )
391 		    tif->tif_postdecode = _TIFFSwab16BitData;
392 		else if( (td->td_sampleformat == SAMPLEFORMAT_COMPLEXINT
393 			  || td->td_sampleformat == SAMPLEFORMAT_COMPLEXIEEEFP)
394 			 && td->td_bitspersample == 64
395 			 && tif->tif_postdecode == _TIFFSwab64BitData )
396 		    tif->tif_postdecode = _TIFFSwab32BitData;
397 		break;
398 	case TIFFTAG_IMAGEDEPTH:
399 		td->td_imagedepth = (uint32) va_arg(ap, uint32);
400 		break;
401 	case TIFFTAG_SUBIFD:
402 		if ((tif->tif_flags & TIFF_INSUBIFD) == 0) {
403 			td->td_nsubifd = (uint16) va_arg(ap, uint16_vap);
404 			_TIFFsetLong8Array(&td->td_subifd, (uint64*) va_arg(ap, uint64*),
405 			    (long) td->td_nsubifd);
406 		} else {
407 			TIFFErrorExt(tif->tif_clientdata, module,
408 				     "%s: Sorry, cannot nest SubIFDs",
409 				     tif->tif_name);
410 			status = 0;
411 		}
412 		break;
413 	case TIFFTAG_YCBCRPOSITIONING:
414 		td->td_ycbcrpositioning = (uint16) va_arg(ap, uint16_vap);
415 		break;
416 	case TIFFTAG_YCBCRSUBSAMPLING:
417 		td->td_ycbcrsubsampling[0] = (uint16) va_arg(ap, uint16_vap);
418 		td->td_ycbcrsubsampling[1] = (uint16) va_arg(ap, uint16_vap);
419 		break;
420 	case TIFFTAG_TRANSFERFUNCTION:
421 		v = (td->td_samplesperpixel - td->td_extrasamples) > 1 ? 3 : 1;
422 		for (i = 0; i < v; i++)
423 			_TIFFsetShortArray(&td->td_transferfunction[i],
424 			    va_arg(ap, uint16*), 1L<<td->td_bitspersample);
425 		break;
426 	case TIFFTAG_REFERENCEBLACKWHITE:
427 		/* XXX should check for null range */
428 		_TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6);
429 		for (int i = 0; i < 6; i++) {
430 			if (isnan(td->td_refblackwhite[i])) {
431 				if (i % 2 == 0)
432 					td->td_refblackwhite[i] = 0;
433 				else
434 					td->td_refblackwhite[i] = pow(2, td->td_bitspersample) - 1;
435 			}
436 		}
437 		break;
438 	case TIFFTAG_INKNAMES:
439 		v = (uint16) va_arg(ap, uint16_vap);
440 		s = va_arg(ap, char*);
441 		v = checkInkNamesString(tif, v, s);
442 		status = v > 0;
443 		if( v > 0 ) {
444 			_TIFFsetNString(&td->td_inknames, s, v);
445 			td->td_inknameslen = v;
446 		}
447 		break;
448 	case TIFFTAG_PERSAMPLE:
449 		v = (uint16) va_arg(ap, uint16_vap);
450 		if( v == PERSAMPLE_MULTI )
451 			tif->tif_flags |= TIFF_PERSAMPLE;
452 		else
453 			tif->tif_flags &= ~TIFF_PERSAMPLE;
454 		break;
455 	default: {
456 		TIFFTagValue *tv;
457 		int tv_size, iCustom;
458 
459 		/*
460 		 * This can happen if multiple images are open with different
461 		 * codecs which have private tags.  The global tag information
462 		 * table may then have tags that are valid for one file but not
463 		 * the other. If the client tries to set a tag that is not valid
464 		 * for the image's codec then we'll arrive here.  This
465 		 * happens, for example, when tiffcp is used to convert between
466 		 * compression schemes and codec-specific tags are blindly copied.
467 		 */
468 		if(fip->field_bit != FIELD_CUSTOM) {
469 			TIFFErrorExt(tif->tif_clientdata, module,
470 			    "%s: Invalid %stag \"%s\" (not supported by codec)",
471 			    tif->tif_name, isPseudoTag(tag) ? "pseudo-" : "",
472 			    fip->field_name);
473 			status = 0;
474 			break;
475 		}
476 
477 		/*
478 		 * Find the existing entry for this custom value.
479 		 */
480 		tv = NULL;
481 		for (iCustom = 0; iCustom < td->td_customValueCount; iCustom++) {
482 			if (td->td_customValues[iCustom].info->field_tag == tag) {
483 				tv = td->td_customValues + iCustom;
484 				if (tv->value != NULL) {
485 					_TIFFfree(tv->value);
486 					tv->value = NULL;
487 				}
488 				break;
489 			}
490 		}
491 
492 		/*
493 		 * Grow the custom list if the entry was not found.
494 		 */
495 		if(tv == NULL) {
496 			TIFFTagValue *new_customValues;
497 
498 			td->td_customValueCount++;
499 			new_customValues = (TIFFTagValue *)
500 			    _TIFFrealloc(td->td_customValues,
501 			    sizeof(TIFFTagValue) * td->td_customValueCount);
502 			if (!new_customValues) {
503 				TIFFErrorExt(tif->tif_clientdata, module,
504 				    "%s: Failed to allocate space for list of custom values",
505 				    tif->tif_name);
506 				status = 0;
507 				goto end;
508 			}
509 
510 			td->td_customValues = new_customValues;
511 
512 			tv = td->td_customValues + (td->td_customValueCount - 1);
513 			tv->info = fip;
514 			tv->value = NULL;
515 			tv->count = 0;
516 		}
517 
518 		/*
519 		 * Set custom value ... save a copy of the custom tag value.
520 		 */
521 		tv_size = _TIFFDataSize(fip->field_type);
522 		if (tv_size == 0) {
523 			status = 0;
524 			TIFFErrorExt(tif->tif_clientdata, module,
525 			    "%s: Bad field type %d for \"%s\"",
526 			    tif->tif_name, fip->field_type,
527 			    fip->field_name);
528 			goto end;
529 		}
530 
531 		if (fip->field_type == TIFF_ASCII)
532 		{
533 			uint32 ma;
534 			char* mb;
535 			if (fip->field_passcount)
536 			{
537 				assert(fip->field_writecount==TIFF_VARIABLE2);
538 				ma=(uint32)va_arg(ap,uint32);
539 				mb=(char*)va_arg(ap,char*);
540 			}
541 			else
542 			{
543 				mb=(char*)va_arg(ap,char*);
544 				ma=(uint32)(strlen(mb)+1);
545 			}
546 			tv->count=ma;
547 			setByteArray(&tv->value,mb,ma,1);
548 		}
549 		else
550 		{
551 			if (fip->field_passcount) {
552 				if (fip->field_writecount == TIFF_VARIABLE2)
553 					tv->count = (uint32) va_arg(ap, uint32);
554 				else
555 					tv->count = (int) va_arg(ap, int);
556 			} else if (fip->field_writecount == TIFF_VARIABLE
557 			   || fip->field_writecount == TIFF_VARIABLE2)
558 				tv->count = 1;
559 			else if (fip->field_writecount == TIFF_SPP)
560 				tv->count = td->td_samplesperpixel;
561 			else
562 				tv->count = fip->field_writecount;
563 
564 			if (tv->count == 0) {
565 				status = 0;
566 				TIFFErrorExt(tif->tif_clientdata, module,
567 					     "%s: Null count for \"%s\" (type "
568 					     "%d, writecount %d, passcount %d)",
569 					     tif->tif_name,
570 					     fip->field_name,
571 					     fip->field_type,
572 					     fip->field_writecount,
573 					     fip->field_passcount);
574 				goto end;
575 			}
576 
577 			tv->value = _TIFFCheckMalloc(tif, tv->count, tv_size,
578 			    "custom tag binary object");
579 			if (!tv->value) {
580 				status = 0;
581 				goto end;
582 			}
583 
584 			if (fip->field_tag == TIFFTAG_DOTRANGE
585 			    && strcmp(fip->field_name,"DotRange") == 0) {
586 				/* TODO: This is an evil exception and should not have been
587 				   handled this way ... likely best if we move it into
588 				   the directory structure with an explicit field in
589 				   libtiff 4.1 and assign it a FIELD_ value */
590 				uint16 v[2];
591 				v[0] = (uint16)va_arg(ap, int);
592 				v[1] = (uint16)va_arg(ap, int);
593 				_TIFFmemcpy(tv->value, &v, 4);
594 			}
595 
596 			else if (fip->field_passcount
597 				  || fip->field_writecount == TIFF_VARIABLE
598 				  || fip->field_writecount == TIFF_VARIABLE2
599 				  || fip->field_writecount == TIFF_SPP
600 				  || tv->count > 1) {
601 				_TIFFmemcpy(tv->value, va_arg(ap, void *),
602 				    tv->count * tv_size);
603 			} else {
604 				char *val = (char *)tv->value;
605 				assert( tv->count == 1 );
606 
607 				switch (fip->field_type) {
608 				case TIFF_BYTE:
609 				case TIFF_UNDEFINED:
610 					{
611 						uint8 v = (uint8)va_arg(ap, int);
612 						_TIFFmemcpy(val, &v, tv_size);
613 					}
614 					break;
615 				case TIFF_SBYTE:
616 					{
617 						int8 v = (int8)va_arg(ap, int);
618 						_TIFFmemcpy(val, &v, tv_size);
619 					}
620 					break;
621 				case TIFF_SHORT:
622 					{
623 						uint16 v = (uint16)va_arg(ap, int);
624 						_TIFFmemcpy(val, &v, tv_size);
625 					}
626 					break;
627 				case TIFF_SSHORT:
628 					{
629 						int16 v = (int16)va_arg(ap, int);
630 						_TIFFmemcpy(val, &v, tv_size);
631 					}
632 					break;
633 				case TIFF_LONG:
634 				case TIFF_IFD:
635 					{
636 						uint32 v = va_arg(ap, uint32);
637 						_TIFFmemcpy(val, &v, tv_size);
638 					}
639 					break;
640 				case TIFF_SLONG:
641 					{
642 						int32 v = va_arg(ap, int32);
643 						_TIFFmemcpy(val, &v, tv_size);
644 					}
645 					break;
646 				case TIFF_LONG8:
647 				case TIFF_IFD8:
648 					{
649 						uint64 v = va_arg(ap, uint64);
650 						_TIFFmemcpy(val, &v, tv_size);
651 					}
652 					break;
653 				case TIFF_SLONG8:
654 					{
655 						int64 v = va_arg(ap, int64);
656 						_TIFFmemcpy(val, &v, tv_size);
657 					}
658 					break;
659 				case TIFF_RATIONAL:
660 				case TIFF_SRATIONAL:
661 				case TIFF_FLOAT:
662 					{
663 						float v = (float)va_arg(ap, double);
664 						_TIFFmemcpy(val, &v, tv_size);
665 					}
666 					break;
667 				case TIFF_DOUBLE:
668 					{
669 						double v = va_arg(ap, double);
670 						_TIFFmemcpy(val, &v, tv_size);
671 					}
672 					break;
673 				default:
674 					_TIFFmemset(val, 0, tv_size);
675 					status = 0;
676 					break;
677 				}
678 			}
679 		}
680 	}
681 	}
682 	if (status) {
683 		const TIFFField* fip=TIFFFieldWithTag(tif,tag);
684 		if (fip)
685 			TIFFSetFieldBit(tif, fip->field_bit);
686 		tif->tif_flags |= TIFF_DIRTYDIRECT;
687 	}
688 
689 end:
690 	va_end(ap);
691 	return (status);
692 badvalue:
693         {
694 		const TIFFField* fip=TIFFFieldWithTag(tif,tag);
695 		TIFFErrorExt(tif->tif_clientdata, module,
696 		     "%s: Bad value %u for \"%s\" tag",
697 		     tif->tif_name, v,
698 		     fip ? fip->field_name : "Unknown");
699 		va_end(ap);
700         }
701 	return (0);
702 badvalue32:
703         {
704 		const TIFFField* fip=TIFFFieldWithTag(tif,tag);
705 		TIFFErrorExt(tif->tif_clientdata, module,
706 		     "%s: Bad value %u for \"%s\" tag",
707 		     tif->tif_name, v32,
708 		     fip ? fip->field_name : "Unknown");
709 		va_end(ap);
710         }
711 	return (0);
712 badvaluedouble:
713         {
714         const TIFFField* fip=TIFFFieldWithTag(tif,tag);
715         TIFFErrorExt(tif->tif_clientdata, module,
716              "%s: Bad value %f for \"%s\" tag",
717              tif->tif_name, dblval,
718              fip ? fip->field_name : "Unknown");
719         va_end(ap);
720         }
721     return (0);
722 }
723 
724 /*
725  * Return 1/0 according to whether or not
726  * it is permissible to set the tag's value.
727  * Note that we allow ImageLength to be changed
728  * so that we can append and extend to images.
729  * Any other tag may not be altered once writing
730  * has commenced, unless its value has no effect
731  * on the format of the data that is written.
732  */
733 static int
OkToChangeTag(TIFF * tif,uint32 tag)734 OkToChangeTag(TIFF* tif, uint32 tag)
735 {
736 	const TIFFField* fip = TIFFFindField(tif, tag, TIFF_ANY);
737 	if (!fip) {			/* unknown tag */
738 		TIFFErrorExt(tif->tif_clientdata, "TIFFSetField", "%s: Unknown %stag %u",
739 		    tif->tif_name, isPseudoTag(tag) ? "pseudo-" : "", tag);
740 		return (0);
741 	}
742 	if (tag != TIFFTAG_IMAGELENGTH && (tif->tif_flags & TIFF_BEENWRITING) &&
743 	    !fip->field_oktochange) {
744 		/*
745 		 * Consult info table to see if tag can be changed
746 		 * after we've started writing.  We only allow changes
747 		 * to those tags that don't/shouldn't affect the
748 		 * compression and/or format of the data.
749 		 */
750 		TIFFErrorExt(tif->tif_clientdata, "TIFFSetField",
751 		    "%s: Cannot modify tag \"%s\" while writing",
752 		    tif->tif_name, fip->field_name);
753 		return (0);
754 	}
755 	return (1);
756 }
757 
758 /*
759  * Record the value of a field in the
760  * internal directory structure.  The
761  * field will be written to the file
762  * when/if the directory structure is
763  * updated.
764  */
765 int
TIFFSetField(TIFF * tif,uint32 tag,...)766 TIFFSetField(TIFF* tif, uint32 tag, ...)
767 {
768 	va_list ap;
769 	int status;
770 
771 	va_start(ap, tag);
772 	status = TIFFVSetField(tif, tag, ap);
773 	va_end(ap);
774 	return (status);
775 }
776 
777 /*
778  * Clear the contents of the field in the internal structure.
779  */
780 int
TIFFUnsetField(TIFF * tif,uint32 tag)781 TIFFUnsetField(TIFF* tif, uint32 tag)
782 {
783     const TIFFField *fip =  TIFFFieldWithTag(tif, tag);
784     TIFFDirectory* td = &tif->tif_dir;
785 
786     if( !fip )
787         return 0;
788 
789     if( fip->field_bit != FIELD_CUSTOM )
790         TIFFClrFieldBit(tif, fip->field_bit);
791     else
792     {
793         TIFFTagValue *tv = NULL;
794         int i;
795 
796         for (i = 0; i < td->td_customValueCount; i++) {
797 
798             tv = td->td_customValues + i;
799             if( tv->info->field_tag == tag )
800                 break;
801         }
802 
803         if( i < td->td_customValueCount )
804         {
805             _TIFFfree(tv->value);
806             for( ; i < td->td_customValueCount-1; i++) {
807                 td->td_customValues[i] = td->td_customValues[i+1];
808             }
809             td->td_customValueCount--;
810         }
811     }
812 
813     tif->tif_flags |= TIFF_DIRTYDIRECT;
814 
815     return (1);
816 }
817 
818 /*
819  * Like TIFFSetField, but taking a varargs
820  * parameter list.  This routine is useful
821  * for building higher-level interfaces on
822  * top of the library.
823  */
824 int
TIFFVSetField(TIFF * tif,uint32 tag,va_list ap)825 TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
826 {
827 	return OkToChangeTag(tif, tag) ?
828 	    (*tif->tif_tagmethods.vsetfield)(tif, tag, ap) : 0;
829 }
830 
831 static int
_TIFFVGetField(TIFF * tif,uint32 tag,va_list ap)832 _TIFFVGetField(TIFF* tif, uint32 tag, va_list ap)
833 {
834 	TIFFDirectory* td = &tif->tif_dir;
835 	int ret_val = 1;
836 	uint32 standard_tag = tag;
837 	const TIFFField* fip = TIFFFindField(tif, tag, TIFF_ANY);
838 	if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */
839 	    return 0;
840 
841 	/*
842 	 * We want to force the custom code to be used for custom
843 	 * fields even if the tag happens to match a well known
844 	 * one - important for reinterpreted handling of standard
845 	 * tag values in custom directories (ie. EXIF)
846 	 */
847 	if (fip->field_bit == FIELD_CUSTOM) {
848 		standard_tag = 0;
849 	}
850 
851 	switch (standard_tag) {
852 		case TIFFTAG_SUBFILETYPE:
853 			*va_arg(ap, uint32*) = td->td_subfiletype;
854 			break;
855 		case TIFFTAG_IMAGEWIDTH:
856 			*va_arg(ap, uint32*) = td->td_imagewidth;
857 			break;
858 		case TIFFTAG_IMAGELENGTH:
859 			*va_arg(ap, uint32*) = td->td_imagelength;
860 			break;
861 		case TIFFTAG_BITSPERSAMPLE:
862 			*va_arg(ap, uint16*) = td->td_bitspersample;
863 			break;
864 		case TIFFTAG_COMPRESSION:
865 			*va_arg(ap, uint16*) = td->td_compression;
866 			break;
867 		case TIFFTAG_PHOTOMETRIC:
868 			*va_arg(ap, uint16*) = td->td_photometric;
869 			break;
870 		case TIFFTAG_THRESHHOLDING:
871 			*va_arg(ap, uint16*) = td->td_threshholding;
872 			break;
873 		case TIFFTAG_FILLORDER:
874 			*va_arg(ap, uint16*) = td->td_fillorder;
875 			break;
876 		case TIFFTAG_ORIENTATION:
877 			*va_arg(ap, uint16*) = td->td_orientation;
878 			break;
879 		case TIFFTAG_SAMPLESPERPIXEL:
880 			*va_arg(ap, uint16*) = td->td_samplesperpixel;
881 			break;
882 		case TIFFTAG_ROWSPERSTRIP:
883 			*va_arg(ap, uint32*) = td->td_rowsperstrip;
884 			break;
885 		case TIFFTAG_MINSAMPLEVALUE:
886 			*va_arg(ap, uint16*) = td->td_minsamplevalue;
887 			break;
888 		case TIFFTAG_MAXSAMPLEVALUE:
889 			*va_arg(ap, uint16*) = td->td_maxsamplevalue;
890 			break;
891 		case TIFFTAG_SMINSAMPLEVALUE:
892 			if (tif->tif_flags & TIFF_PERSAMPLE)
893 				*va_arg(ap, double**) = td->td_sminsamplevalue;
894 			else
895 			{
896 				/* libtiff historially treats this as a single value. */
897 				uint16 i;
898 				double v = td->td_sminsamplevalue[0];
899 				for (i=1; i < td->td_samplesperpixel; ++i)
900 					if( td->td_sminsamplevalue[i] < v )
901 						v = td->td_sminsamplevalue[i];
902 				*va_arg(ap, double*) = v;
903 			}
904 			break;
905 		case TIFFTAG_SMAXSAMPLEVALUE:
906 			if (tif->tif_flags & TIFF_PERSAMPLE)
907 				*va_arg(ap, double**) = td->td_smaxsamplevalue;
908 			else
909 			{
910 				/* libtiff historially treats this as a single value. */
911 				uint16 i;
912 				double v = td->td_smaxsamplevalue[0];
913 				for (i=1; i < td->td_samplesperpixel; ++i)
914 					if( td->td_smaxsamplevalue[i] > v )
915 						v = td->td_smaxsamplevalue[i];
916 				*va_arg(ap, double*) = v;
917 			}
918 			break;
919 		case TIFFTAG_XRESOLUTION:
920 			*va_arg(ap, float*) = td->td_xresolution;
921 			break;
922 		case TIFFTAG_YRESOLUTION:
923 			*va_arg(ap, float*) = td->td_yresolution;
924 			break;
925 		case TIFFTAG_PLANARCONFIG:
926 			*va_arg(ap, uint16*) = td->td_planarconfig;
927 			break;
928 		case TIFFTAG_XPOSITION:
929 			*va_arg(ap, float*) = td->td_xposition;
930 			break;
931 		case TIFFTAG_YPOSITION:
932 			*va_arg(ap, float*) = td->td_yposition;
933 			break;
934 		case TIFFTAG_RESOLUTIONUNIT:
935 			*va_arg(ap, uint16*) = td->td_resolutionunit;
936 			break;
937 		case TIFFTAG_PAGENUMBER:
938 			*va_arg(ap, uint16*) = td->td_pagenumber[0];
939 			*va_arg(ap, uint16*) = td->td_pagenumber[1];
940 			break;
941 		case TIFFTAG_HALFTONEHINTS:
942 			*va_arg(ap, uint16*) = td->td_halftonehints[0];
943 			*va_arg(ap, uint16*) = td->td_halftonehints[1];
944 			break;
945 		case TIFFTAG_COLORMAP:
946 			*va_arg(ap, uint16**) = td->td_colormap[0];
947 			*va_arg(ap, uint16**) = td->td_colormap[1];
948 			*va_arg(ap, uint16**) = td->td_colormap[2];
949 			break;
950 		case TIFFTAG_STRIPOFFSETS:
951 		case TIFFTAG_TILEOFFSETS:
952 			_TIFFFillStriles( tif );
953 			*va_arg(ap, uint64**) = td->td_stripoffset;
954 			break;
955 		case TIFFTAG_STRIPBYTECOUNTS:
956 		case TIFFTAG_TILEBYTECOUNTS:
957 			_TIFFFillStriles( tif );
958 			*va_arg(ap, uint64**) = td->td_stripbytecount;
959 			break;
960 		case TIFFTAG_MATTEING:
961 			*va_arg(ap, uint16*) =
962 			    (td->td_extrasamples == 1 &&
963 			    td->td_sampleinfo[0] == EXTRASAMPLE_ASSOCALPHA);
964 			break;
965 		case TIFFTAG_EXTRASAMPLES:
966 			*va_arg(ap, uint16*) = td->td_extrasamples;
967 			*va_arg(ap, uint16**) = td->td_sampleinfo;
968 			break;
969 		case TIFFTAG_TILEWIDTH:
970 			*va_arg(ap, uint32*) = td->td_tilewidth;
971 			break;
972 		case TIFFTAG_TILELENGTH:
973 			*va_arg(ap, uint32*) = td->td_tilelength;
974 			break;
975 		case TIFFTAG_TILEDEPTH:
976 			*va_arg(ap, uint32*) = td->td_tiledepth;
977 			break;
978 		case TIFFTAG_DATATYPE:
979 			switch (td->td_sampleformat) {
980 				case SAMPLEFORMAT_UINT:
981 					*va_arg(ap, uint16*) = DATATYPE_UINT;
982 					break;
983 				case SAMPLEFORMAT_INT:
984 					*va_arg(ap, uint16*) = DATATYPE_INT;
985 					break;
986 				case SAMPLEFORMAT_IEEEFP:
987 					*va_arg(ap, uint16*) = DATATYPE_IEEEFP;
988 					break;
989 				case SAMPLEFORMAT_VOID:
990 					*va_arg(ap, uint16*) = DATATYPE_VOID;
991 					break;
992 			}
993 			break;
994 		case TIFFTAG_SAMPLEFORMAT:
995 			*va_arg(ap, uint16*) = td->td_sampleformat;
996 			break;
997 		case TIFFTAG_IMAGEDEPTH:
998 			*va_arg(ap, uint32*) = td->td_imagedepth;
999 			break;
1000 		case TIFFTAG_SUBIFD:
1001 			*va_arg(ap, uint16*) = td->td_nsubifd;
1002 			*va_arg(ap, uint64**) = td->td_subifd;
1003 			break;
1004 		case TIFFTAG_YCBCRPOSITIONING:
1005 			*va_arg(ap, uint16*) = td->td_ycbcrpositioning;
1006 			break;
1007 		case TIFFTAG_YCBCRSUBSAMPLING:
1008 			*va_arg(ap, uint16*) = td->td_ycbcrsubsampling[0];
1009 			*va_arg(ap, uint16*) = td->td_ycbcrsubsampling[1];
1010 			break;
1011 		case TIFFTAG_TRANSFERFUNCTION:
1012 			*va_arg(ap, uint16**) = td->td_transferfunction[0];
1013 			if (td->td_samplesperpixel - td->td_extrasamples > 1) {
1014 				*va_arg(ap, uint16**) = td->td_transferfunction[1];
1015 				*va_arg(ap, uint16**) = td->td_transferfunction[2];
1016 			}
1017 			break;
1018 		case TIFFTAG_REFERENCEBLACKWHITE:
1019 			*va_arg(ap, float**) = td->td_refblackwhite;
1020 			break;
1021 		case TIFFTAG_INKNAMES:
1022 			*va_arg(ap, char**) = td->td_inknames;
1023 			break;
1024 		default:
1025 			{
1026 				int i;
1027 
1028 				/*
1029 				 * This can happen if multiple images are open
1030 				 * with different codecs which have private
1031 				 * tags.  The global tag information table may
1032 				 * then have tags that are valid for one file
1033 				 * but not the other. If the client tries to
1034 				 * get a tag that is not valid for the image's
1035 				 * codec then we'll arrive here.
1036 				 */
1037 				if( fip->field_bit != FIELD_CUSTOM )
1038 				{
1039 					TIFFErrorExt(tif->tif_clientdata, "_TIFFVGetField",
1040 					    "%s: Invalid %stag \"%s\" "
1041 					    "(not supported by codec)",
1042 					    tif->tif_name,
1043 					    isPseudoTag(tag) ? "pseudo-" : "",
1044 					    fip->field_name);
1045 					ret_val = 0;
1046 					break;
1047 				}
1048 
1049 				/*
1050 				 * Do we have a custom value?
1051 				 */
1052 				ret_val = 0;
1053 				for (i = 0; i < td->td_customValueCount; i++) {
1054 					TIFFTagValue *tv = td->td_customValues + i;
1055 
1056 					if (tv->info->field_tag != tag)
1057 						continue;
1058 
1059 					if (fip->field_passcount) {
1060 						if (fip->field_readcount == TIFF_VARIABLE2)
1061 							*va_arg(ap, uint32*) = (uint32)tv->count;
1062 						else  /* Assume TIFF_VARIABLE */
1063 							*va_arg(ap, uint16*) = (uint16)tv->count;
1064 						*va_arg(ap, void **) = tv->value;
1065 						ret_val = 1;
1066 					} else if (fip->field_tag == TIFFTAG_DOTRANGE
1067 						   && strcmp(fip->field_name,"DotRange") == 0) {
1068 						/* TODO: This is an evil exception and should not have been
1069 						   handled this way ... likely best if we move it into
1070 						   the directory structure with an explicit field in
1071 						   libtiff 4.1 and assign it a FIELD_ value */
1072 						*va_arg(ap, uint16*) = ((uint16 *)tv->value)[0];
1073 						*va_arg(ap, uint16*) = ((uint16 *)tv->value)[1];
1074 						ret_val = 1;
1075 					} else {
1076 						if (fip->field_type == TIFF_ASCII
1077 						    || fip->field_readcount == TIFF_VARIABLE
1078 						    || fip->field_readcount == TIFF_VARIABLE2
1079 						    || fip->field_readcount == TIFF_SPP
1080 						    || tv->count > 1) {
1081 							*va_arg(ap, void **) = tv->value;
1082 							ret_val = 1;
1083 						} else {
1084 							char *val = (char *)tv->value;
1085 							assert( tv->count == 1 );
1086 							switch (fip->field_type) {
1087 							case TIFF_BYTE:
1088 							case TIFF_UNDEFINED:
1089 								*va_arg(ap, uint8*) =
1090 									*(uint8 *)val;
1091 								ret_val = 1;
1092 								break;
1093 							case TIFF_SBYTE:
1094 								*va_arg(ap, int8*) =
1095 									*(int8 *)val;
1096 								ret_val = 1;
1097 								break;
1098 							case TIFF_SHORT:
1099 								*va_arg(ap, uint16*) =
1100 									*(uint16 *)val;
1101 								ret_val = 1;
1102 								break;
1103 							case TIFF_SSHORT:
1104 								*va_arg(ap, int16*) =
1105 									*(int16 *)val;
1106 								ret_val = 1;
1107 								break;
1108 							case TIFF_LONG:
1109 							case TIFF_IFD:
1110 								*va_arg(ap, uint32*) =
1111 									*(uint32 *)val;
1112 								ret_val = 1;
1113 								break;
1114 							case TIFF_SLONG:
1115 								*va_arg(ap, int32*) =
1116 									*(int32 *)val;
1117 								ret_val = 1;
1118 								break;
1119 							case TIFF_LONG8:
1120 							case TIFF_IFD8:
1121 								*va_arg(ap, uint64*) =
1122 									*(uint64 *)val;
1123 								ret_val = 1;
1124 								break;
1125 							case TIFF_SLONG8:
1126 								*va_arg(ap, int64*) =
1127 									*(int64 *)val;
1128 								ret_val = 1;
1129 								break;
1130 							case TIFF_RATIONAL:
1131 							case TIFF_SRATIONAL:
1132 							case TIFF_FLOAT:
1133 								*va_arg(ap, float*) =
1134 									*(float *)val;
1135 								ret_val = 1;
1136 								break;
1137 							case TIFF_DOUBLE:
1138 								*va_arg(ap, double*) =
1139 									*(double *)val;
1140 								ret_val = 1;
1141 								break;
1142 							default:
1143 								ret_val = 0;
1144 								break;
1145 							}
1146 						}
1147 					}
1148 					break;
1149 				}
1150 			}
1151 	}
1152 	return(ret_val);
1153 }
1154 
1155 /*
1156  * Return the value of a field in the
1157  * internal directory structure.
1158  */
1159 int
TIFFGetField(TIFF * tif,uint32 tag,...)1160 TIFFGetField(TIFF* tif, uint32 tag, ...)
1161 {
1162 	int status;
1163 	va_list ap;
1164 
1165 	va_start(ap, tag);
1166 	status = TIFFVGetField(tif, tag, ap);
1167 	va_end(ap);
1168 	return (status);
1169 }
1170 
1171 /*
1172  * Like TIFFGetField, but taking a varargs
1173  * parameter list.  This routine is useful
1174  * for building higher-level interfaces on
1175  * top of the library.
1176  */
1177 int
TIFFVGetField(TIFF * tif,uint32 tag,va_list ap)1178 TIFFVGetField(TIFF* tif, uint32 tag, va_list ap)
1179 {
1180 	const TIFFField* fip = TIFFFindField(tif, tag, TIFF_ANY);
1181 	return (fip && (isPseudoTag(tag) || TIFFFieldSet(tif, fip->field_bit)) ?
1182 	    (*tif->tif_tagmethods.vgetfield)(tif, tag, ap) : 0);
1183 }
1184 
1185 #define	CleanupField(member) {		\
1186     if (td->member) {			\
1187 	_TIFFfree(td->member);		\
1188 	td->member = 0;			\
1189     }					\
1190 }
1191 
1192 /*
1193  * Release storage associated with a directory.
1194  */
1195 void
TIFFFreeDirectory(TIFF * tif)1196 TIFFFreeDirectory(TIFF* tif)
1197 {
1198 	TIFFDirectory *td = &tif->tif_dir;
1199 	int            i;
1200 
1201 	_TIFFmemset(td->td_fieldsset, 0, FIELD_SETLONGS);
1202 	CleanupField(td_sminsamplevalue);
1203 	CleanupField(td_smaxsamplevalue);
1204 	CleanupField(td_colormap[0]);
1205 	CleanupField(td_colormap[1]);
1206 	CleanupField(td_colormap[2]);
1207 	CleanupField(td_sampleinfo);
1208 	CleanupField(td_subifd);
1209 	CleanupField(td_inknames);
1210 	CleanupField(td_refblackwhite);
1211 	CleanupField(td_transferfunction[0]);
1212 	CleanupField(td_transferfunction[1]);
1213 	CleanupField(td_transferfunction[2]);
1214 	CleanupField(td_stripoffset);
1215 	CleanupField(td_stripbytecount);
1216 	TIFFClrFieldBit(tif, FIELD_YCBCRSUBSAMPLING);
1217 	TIFFClrFieldBit(tif, FIELD_YCBCRPOSITIONING);
1218 
1219 	/* Cleanup custom tag values */
1220 	for( i = 0; i < td->td_customValueCount; i++ ) {
1221 		if (td->td_customValues[i].value)
1222 			_TIFFfree(td->td_customValues[i].value);
1223 	}
1224 
1225 	td->td_customValueCount = 0;
1226 	CleanupField(td_customValues);
1227 
1228 #if defined(DEFER_STRILE_LOAD)
1229         _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry));
1230         _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry));
1231 #endif
1232 }
1233 #undef CleanupField
1234 
1235 /*
1236  * Client Tag extension support (from Niles Ritter).
1237  */
1238 static TIFFExtendProc _TIFFextender = (TIFFExtendProc) NULL;
1239 
1240 TIFFExtendProc
TIFFSetTagExtender(TIFFExtendProc extender)1241 TIFFSetTagExtender(TIFFExtendProc extender)
1242 {
1243 	TIFFExtendProc prev = _TIFFextender;
1244 	_TIFFextender = extender;
1245 	return (prev);
1246 }
1247 
1248 /*
1249  * Setup for a new directory.  Should we automatically call
1250  * TIFFWriteDirectory() if the current one is dirty?
1251  *
1252  * The newly created directory will not exist on the file till
1253  * TIFFWriteDirectory(), TIFFFlush() or TIFFClose() is called.
1254  */
1255 int
TIFFCreateDirectory(TIFF * tif)1256 TIFFCreateDirectory(TIFF* tif)
1257 {
1258 	TIFFDefaultDirectory(tif);
1259 	tif->tif_diroff = 0;
1260 	tif->tif_nextdiroff = 0;
1261 	tif->tif_curoff = 0;
1262 	tif->tif_row = (uint32) -1;
1263 	tif->tif_curstrip = (uint32) -1;
1264 
1265 	return 0;
1266 }
1267 
1268 int
TIFFCreateCustomDirectory(TIFF * tif,const TIFFFieldArray * infoarray)1269 TIFFCreateCustomDirectory(TIFF* tif, const TIFFFieldArray* infoarray)
1270 {
1271 	TIFFDefaultDirectory(tif);
1272 
1273 	/*
1274 	 * Reset the field definitions to match the application provided list.
1275 	 * Hopefully TIFFDefaultDirectory() won't have done anything irreversable
1276 	 * based on it's assumption this is an image directory.
1277 	 */
1278 	_TIFFSetupFields(tif, infoarray);
1279 
1280 	tif->tif_diroff = 0;
1281 	tif->tif_nextdiroff = 0;
1282 	tif->tif_curoff = 0;
1283 	tif->tif_row = (uint32) -1;
1284 	tif->tif_curstrip = (uint32) -1;
1285 
1286 	return 0;
1287 }
1288 
1289 int
TIFFCreateEXIFDirectory(TIFF * tif)1290 TIFFCreateEXIFDirectory(TIFF* tif)
1291 {
1292 	const TIFFFieldArray* exifFieldArray;
1293 	exifFieldArray = _TIFFGetExifFields();
1294 	return TIFFCreateCustomDirectory(tif, exifFieldArray);
1295 }
1296 
1297 /*
1298  * Setup a default directory structure.
1299  */
1300 int
TIFFDefaultDirectory(TIFF * tif)1301 TIFFDefaultDirectory(TIFF* tif)
1302 {
1303 	register TIFFDirectory* td = &tif->tif_dir;
1304 	const TIFFFieldArray* tiffFieldArray;
1305 
1306 	tiffFieldArray = _TIFFGetFields();
1307 	_TIFFSetupFields(tif, tiffFieldArray);
1308 
1309 	_TIFFmemset(td, 0, sizeof (*td));
1310 	td->td_fillorder = FILLORDER_MSB2LSB;
1311 	td->td_bitspersample = 1;
1312 	td->td_threshholding = THRESHHOLD_BILEVEL;
1313 	td->td_orientation = ORIENTATION_TOPLEFT;
1314 	td->td_samplesperpixel = 1;
1315 	td->td_rowsperstrip = (uint32) -1;
1316 	td->td_tilewidth = 0;
1317 	td->td_tilelength = 0;
1318 	td->td_tiledepth = 1;
1319 	td->td_stripbytecountsorted = 1; /* Our own arrays always sorted. */
1320 	td->td_resolutionunit = RESUNIT_INCH;
1321 	td->td_sampleformat = SAMPLEFORMAT_UINT;
1322 	td->td_imagedepth = 1;
1323 	td->td_ycbcrsubsampling[0] = 2;
1324 	td->td_ycbcrsubsampling[1] = 2;
1325 	td->td_ycbcrpositioning = YCBCRPOSITION_CENTERED;
1326 	tif->tif_postdecode = _TIFFNoPostDecode;
1327 	tif->tif_foundfield = NULL;
1328 	tif->tif_tagmethods.vsetfield = _TIFFVSetField;
1329 	tif->tif_tagmethods.vgetfield = _TIFFVGetField;
1330 	tif->tif_tagmethods.printdir = NULL;
1331 	/*
1332 	 *  Give client code a chance to install their own
1333 	 *  tag extensions & methods, prior to compression overloads,
1334 	 *  but do some prior cleanup first. (http://trac.osgeo.org/gdal/ticket/5054)
1335 	 */
1336 	if (tif->tif_nfieldscompat > 0) {
1337 		uint32 i;
1338 
1339 		for (i = 0; i < tif->tif_nfieldscompat; i++) {
1340 				if (tif->tif_fieldscompat[i].allocated_size)
1341 						_TIFFfree(tif->tif_fieldscompat[i].fields);
1342 		}
1343 		_TIFFfree(tif->tif_fieldscompat);
1344 		tif->tif_nfieldscompat = 0;
1345 		tif->tif_fieldscompat = NULL;
1346 	}
1347 	if (_TIFFextender)
1348 		(*_TIFFextender)(tif);
1349 	(void) TIFFSetField(tif, TIFFTAG_COMPRESSION, COMPRESSION_NONE);
1350 	/*
1351 	 * NB: The directory is marked dirty as a result of setting
1352 	 * up the default compression scheme.  However, this really
1353 	 * isn't correct -- we want TIFF_DIRTYDIRECT to be set only
1354 	 * if the user does something.  We could just do the setup
1355 	 * by hand, but it seems better to use the normal mechanism
1356 	 * (i.e. TIFFSetField).
1357 	 */
1358 	tif->tif_flags &= ~TIFF_DIRTYDIRECT;
1359 
1360 	/*
1361 	 * As per http://bugzilla.remotesensing.org/show_bug.cgi?id=19
1362 	 * we clear the ISTILED flag when setting up a new directory.
1363 	 * Should we also be clearing stuff like INSUBIFD?
1364 	 */
1365 	tif->tif_flags &= ~TIFF_ISTILED;
1366 
1367 	return (1);
1368 }
1369 
1370 static int
TIFFAdvanceDirectory(TIFF * tif,uint64 * nextdir,uint64 * off)1371 TIFFAdvanceDirectory(TIFF* tif, uint64* nextdir, uint64* off)
1372 {
1373 	static const char module[] = "TIFFAdvanceDirectory";
1374 	if (isMapped(tif))
1375 	{
1376 		uint64 poff=*nextdir;
1377 		if (!(tif->tif_flags&TIFF_BIGTIFF))
1378 		{
1379 			tmsize_t poffa,poffb,poffc,poffd;
1380 			uint16 dircount;
1381 			uint32 nextdir32;
1382 			poffa=(tmsize_t)poff;
1383 			poffb=poffa+sizeof(uint16);
1384 			if (((uint64)poffa!=poff)||(poffb<poffa)||(poffb<(tmsize_t)sizeof(uint16))||(poffb>tif->tif_size))
1385 			{
1386 				TIFFErrorExt(tif->tif_clientdata,module,"Error fetching directory count");
1387                                   *nextdir=0;
1388 				return(0);
1389 			}
1390 			_TIFFmemcpy(&dircount,tif->tif_base+poffa,sizeof(uint16));
1391 			if (tif->tif_flags&TIFF_SWAB)
1392 				TIFFSwabShort(&dircount);
1393 			poffc=poffb+dircount*12;
1394 			poffd=poffc+sizeof(uint32);
1395 			if ((poffc<poffb)||(poffc<dircount*12)||(poffd<poffc)||(poffd<(tmsize_t)sizeof(uint32))||(poffd>tif->tif_size))
1396 			{
1397 				TIFFErrorExt(tif->tif_clientdata,module,"Error fetching directory link");
1398 				return(0);
1399 			}
1400 			if (off!=NULL)
1401 				*off=(uint64)poffc;
1402 			_TIFFmemcpy(&nextdir32,tif->tif_base+poffc,sizeof(uint32));
1403 			if (tif->tif_flags&TIFF_SWAB)
1404 				TIFFSwabLong(&nextdir32);
1405 			*nextdir=nextdir32;
1406 		}
1407 		else
1408 		{
1409 			tmsize_t poffa,poffb,poffc,poffd;
1410 			uint64 dircount64;
1411 			uint16 dircount16;
1412 			poffa=(tmsize_t)poff;
1413 			poffb=poffa+sizeof(uint64);
1414 			if (((uint64)poffa!=poff)||(poffb<poffa)||(poffb<(tmsize_t)sizeof(uint64))||(poffb>tif->tif_size))
1415 			{
1416 				TIFFErrorExt(tif->tif_clientdata,module,"Error fetching directory count");
1417 				return(0);
1418 			}
1419 			_TIFFmemcpy(&dircount64,tif->tif_base+poffa,sizeof(uint64));
1420 			if (tif->tif_flags&TIFF_SWAB)
1421 				TIFFSwabLong8(&dircount64);
1422 			if (dircount64>0xFFFF)
1423 			{
1424 				TIFFErrorExt(tif->tif_clientdata,module,"Sanity check on directory count failed");
1425 				return(0);
1426 			}
1427 			dircount16=(uint16)dircount64;
1428 			poffc=poffb+dircount16*20;
1429 			poffd=poffc+sizeof(uint64);
1430 			if ((poffc<poffb)||(poffc<dircount16*20)||(poffd<poffc)||(poffd<(tmsize_t)sizeof(uint64))||(poffd>tif->tif_size))
1431 			{
1432 				TIFFErrorExt(tif->tif_clientdata,module,"Error fetching directory link");
1433 				return(0);
1434 			}
1435 			if (off!=NULL)
1436 				*off=(uint64)poffc;
1437 			_TIFFmemcpy(nextdir,tif->tif_base+poffc,sizeof(uint64));
1438 			if (tif->tif_flags&TIFF_SWAB)
1439 				TIFFSwabLong8(nextdir);
1440 		}
1441 		return(1);
1442 	}
1443 	else
1444 	{
1445 		if (!(tif->tif_flags&TIFF_BIGTIFF))
1446 		{
1447 			uint16 dircount;
1448 			uint32 nextdir32;
1449 			if (!SeekOK(tif, *nextdir) ||
1450 			    !ReadOK(tif, &dircount, sizeof (uint16))) {
1451 				TIFFErrorExt(tif->tif_clientdata, module, "%s: Error fetching directory count",
1452 				    tif->tif_name);
1453 				return (0);
1454 			}
1455 			if (tif->tif_flags & TIFF_SWAB)
1456 				TIFFSwabShort(&dircount);
1457 			if (off != NULL)
1458 				*off = TIFFSeekFile(tif,
1459 				    dircount*12, SEEK_CUR);
1460 			else
1461 				(void) TIFFSeekFile(tif,
1462 				    dircount*12, SEEK_CUR);
1463 			if (!ReadOK(tif, &nextdir32, sizeof (uint32))) {
1464 				TIFFErrorExt(tif->tif_clientdata, module, "%s: Error fetching directory link",
1465 				    tif->tif_name);
1466 				return (0);
1467 			}
1468 			if (tif->tif_flags & TIFF_SWAB)
1469 				TIFFSwabLong(&nextdir32);
1470 			*nextdir=nextdir32;
1471 		}
1472 		else
1473 		{
1474 			uint64 dircount64;
1475 			uint16 dircount16;
1476 			if (!SeekOK(tif, *nextdir) ||
1477 			    !ReadOK(tif, &dircount64, sizeof (uint64))) {
1478 				TIFFErrorExt(tif->tif_clientdata, module, "%s: Error fetching directory count",
1479 				    tif->tif_name);
1480 				return (0);
1481 			}
1482 			if (tif->tif_flags & TIFF_SWAB)
1483 				TIFFSwabLong8(&dircount64);
1484 			if (dircount64>0xFFFF)
1485 			{
1486 				TIFFErrorExt(tif->tif_clientdata, module, "Error fetching directory count");
1487 				return(0);
1488 			}
1489 			dircount16 = (uint16)dircount64;
1490 			if (off != NULL)
1491 				*off = TIFFSeekFile(tif,
1492 				    dircount16*20, SEEK_CUR);
1493 			else
1494 				(void) TIFFSeekFile(tif,
1495 				    dircount16*20, SEEK_CUR);
1496 			if (!ReadOK(tif, nextdir, sizeof (uint64))) {
1497 				TIFFErrorExt(tif->tif_clientdata, module,
1498                                              "%s: Error fetching directory link",
1499 				    tif->tif_name);
1500 				return (0);
1501 			}
1502 			if (tif->tif_flags & TIFF_SWAB)
1503 				TIFFSwabLong8(nextdir);
1504 		}
1505 		return (1);
1506 	}
1507 }
1508 
1509 /*
1510  * Count the number of directories in a file.
1511  */
1512 uint16
TIFFNumberOfDirectories(TIFF * tif)1513 TIFFNumberOfDirectories(TIFF* tif)
1514 {
1515 	static const char module[] = "TIFFNumberOfDirectories";
1516 	uint64 nextdir;
1517 	uint16 n;
1518 	if (!(tif->tif_flags&TIFF_BIGTIFF))
1519 		nextdir = tif->tif_header.classic.tiff_diroff;
1520 	else
1521 		nextdir = tif->tif_header.big.tiff_diroff;
1522 	n = 0;
1523 	while (nextdir != 0 && TIFFAdvanceDirectory(tif, &nextdir, NULL))
1524         {
1525                 if (n != 65535) {
1526                         ++n;
1527                 }
1528 		else
1529                 {
1530                         TIFFErrorExt(tif->tif_clientdata, module,
1531                                      "Directory count exceeded 65535 limit,"
1532                                      " giving up on counting.");
1533                         return (65535);
1534                 }
1535         }
1536 	return (n);
1537 }
1538 
1539 /*
1540  * Set the n-th directory as the current directory.
1541  * NB: Directories are numbered starting at 0.
1542  */
1543 int
TIFFSetDirectory(TIFF * tif,uint16 dirn)1544 TIFFSetDirectory(TIFF* tif, uint16 dirn)
1545 {
1546 	uint64 nextdir;
1547 	uint16 n;
1548 
1549 	if (!(tif->tif_flags&TIFF_BIGTIFF))
1550 		nextdir = tif->tif_header.classic.tiff_diroff;
1551 	else
1552 		nextdir = tif->tif_header.big.tiff_diroff;
1553 	for (n = dirn; n > 0 && nextdir != 0; n--)
1554 		if (!TIFFAdvanceDirectory(tif, &nextdir, NULL))
1555 			return (0);
1556 	tif->tif_nextdiroff = nextdir;
1557 	/*
1558 	 * Set curdir to the actual directory index.  The
1559 	 * -1 is because TIFFReadDirectory will increment
1560 	 * tif_curdir after successfully reading the directory.
1561 	 */
1562 	tif->tif_curdir = (dirn - n) - 1;
1563 	/*
1564 	 * Reset tif_dirnumber counter and start new list of seen directories.
1565 	 * We need this to prevent IFD loops.
1566 	 */
1567 	tif->tif_dirnumber = 0;
1568 	return (TIFFReadDirectory(tif));
1569 }
1570 
1571 /*
1572  * Set the current directory to be the directory
1573  * located at the specified file offset.  This interface
1574  * is used mainly to access directories linked with
1575  * the SubIFD tag (e.g. thumbnail images).
1576  */
1577 int
TIFFSetSubDirectory(TIFF * tif,uint64 diroff)1578 TIFFSetSubDirectory(TIFF* tif, uint64 diroff)
1579 {
1580 	tif->tif_nextdiroff = diroff;
1581 	/*
1582 	 * Reset tif_dirnumber counter and start new list of seen directories.
1583 	 * We need this to prevent IFD loops.
1584 	 */
1585 	tif->tif_dirnumber = 0;
1586 	return (TIFFReadDirectory(tif));
1587 }
1588 
1589 /*
1590  * Return file offset of the current directory.
1591  */
1592 uint64
TIFFCurrentDirOffset(TIFF * tif)1593 TIFFCurrentDirOffset(TIFF* tif)
1594 {
1595 	return (tif->tif_diroff);
1596 }
1597 
1598 /*
1599  * Return an indication of whether or not we are
1600  * at the last directory in the file.
1601  */
1602 int
TIFFLastDirectory(TIFF * tif)1603 TIFFLastDirectory(TIFF* tif)
1604 {
1605 	return (tif->tif_nextdiroff == 0);
1606 }
1607 
1608 /*
1609  * Unlink the specified directory from the directory chain.
1610  */
1611 int
TIFFUnlinkDirectory(TIFF * tif,uint16 dirn)1612 TIFFUnlinkDirectory(TIFF* tif, uint16 dirn)
1613 {
1614 	static const char module[] = "TIFFUnlinkDirectory";
1615 	uint64 nextdir;
1616 	uint64 off;
1617 	uint16 n;
1618 
1619 	if (tif->tif_mode == O_RDONLY) {
1620 		TIFFErrorExt(tif->tif_clientdata, module,
1621                              "Can not unlink directory in read-only file");
1622 		return (0);
1623 	}
1624 	/*
1625 	 * Go to the directory before the one we want
1626 	 * to unlink and nab the offset of the link
1627 	 * field we'll need to patch.
1628 	 */
1629 	if (!(tif->tif_flags&TIFF_BIGTIFF))
1630 	{
1631 		nextdir = tif->tif_header.classic.tiff_diroff;
1632 		off = 4;
1633 	}
1634 	else
1635 	{
1636 		nextdir = tif->tif_header.big.tiff_diroff;
1637 		off = 8;
1638 	}
1639 	for (n = dirn-1; n > 0; n--) {
1640 		if (nextdir == 0) {
1641 			TIFFErrorExt(tif->tif_clientdata, module, "Directory %d does not exist", dirn);
1642 			return (0);
1643 		}
1644 		if (!TIFFAdvanceDirectory(tif, &nextdir, &off))
1645 			return (0);
1646 	}
1647 	/*
1648 	 * Advance to the directory to be unlinked and fetch
1649 	 * the offset of the directory that follows.
1650 	 */
1651 	if (!TIFFAdvanceDirectory(tif, &nextdir, NULL))
1652 		return (0);
1653 	/*
1654 	 * Go back and patch the link field of the preceding
1655 	 * directory to point to the offset of the directory
1656 	 * that follows.
1657 	 */
1658 	(void) TIFFSeekFile(tif, off, SEEK_SET);
1659 	if (!(tif->tif_flags&TIFF_BIGTIFF))
1660 	{
1661 		uint32 nextdir32;
1662 		nextdir32=(uint32)nextdir;
1663 		assert((uint64)nextdir32==nextdir);
1664 		if (tif->tif_flags & TIFF_SWAB)
1665 			TIFFSwabLong(&nextdir32);
1666 		if (!WriteOK(tif, &nextdir32, sizeof (uint32))) {
1667 			TIFFErrorExt(tif->tif_clientdata, module, "Error writing directory link");
1668 			return (0);
1669 		}
1670 	}
1671 	else
1672 	{
1673 		if (tif->tif_flags & TIFF_SWAB)
1674 			TIFFSwabLong8(&nextdir);
1675 		if (!WriteOK(tif, &nextdir, sizeof (uint64))) {
1676 			TIFFErrorExt(tif->tif_clientdata, module, "Error writing directory link");
1677 			return (0);
1678 		}
1679 	}
1680 	/*
1681 	 * Leave directory state setup safely.  We don't have
1682 	 * facilities for doing inserting and removing directories,
1683 	 * so it's safest to just invalidate everything.  This
1684 	 * means that the caller can only append to the directory
1685 	 * chain.
1686 	 */
1687 	(*tif->tif_cleanup)(tif);
1688 	if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata) {
1689 		_TIFFfree(tif->tif_rawdata);
1690 		tif->tif_rawdata = NULL;
1691 		tif->tif_rawcc = 0;
1692                 tif->tif_rawdataoff = 0;
1693                 tif->tif_rawdataloaded = 0;
1694 	}
1695 	tif->tif_flags &= ~(TIFF_BEENWRITING|TIFF_BUFFERSETUP|TIFF_POSTENCODE|TIFF_BUF4WRITE);
1696 	TIFFFreeDirectory(tif);
1697 	TIFFDefaultDirectory(tif);
1698 	tif->tif_diroff = 0;			/* force link on next write */
1699 	tif->tif_nextdiroff = 0;		/* next write must be at end */
1700 	tif->tif_curoff = 0;
1701 	tif->tif_row = (uint32) -1;
1702 	tif->tif_curstrip = (uint32) -1;
1703 	return (1);
1704 }
1705 
1706 /* vim: set ts=8 sts=8 sw=8 noet: */
1707 /*
1708  * Local Variables:
1709  * mode: c
1710  * c-basic-offset: 8
1711  * fill-column: 78
1712  * End:
1713  */
1714