1 /* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */ 2 3 /* 4 * Copyright (c) 1988-1997 Sam Leffler 5 * Copyright (c) 1991-1997 Silicon Graphics, Inc. 6 * 7 * Permission to use, copy, modify, distribute, and sell this software and 8 * its documentation for any purpose is hereby granted without fee, provided 9 * that (i) the above copyright notices and this permission notice appear in 10 * all copies of the software and related documentation, and (ii) the names of 11 * Sam Leffler and Silicon Graphics may not be used in any advertising or 12 * publicity relating to the software without the specific, prior written 13 * permission of Sam Leffler and Silicon Graphics. 14 * 15 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY 17 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 18 * 19 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR 20 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, 21 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, 22 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF 23 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE 24 * OF THIS SOFTWARE. 25 */ 26 27 /* 28 * TIFF Library. 29 * 30 * Directory Read Support Routines. 31 */ 32 33 /* Suggested pending improvements: 34 * - add a field 'ignore' to the TIFFDirEntry structure, to flag status, 35 * eliminating current use of the IGNORE value, and therefore eliminating 36 * current irrational behaviour on tags with tag id code 0 37 * - add a field 'field_info' to the TIFFDirEntry structure, and set that with 38 * the pointer to the appropriate TIFFField structure early on in 39 * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup. 40 */ 41 42 #include "tiffiop.h" 43 #include <float.h> 44 #include <limits.h> 45 46 #define IGNORE 0 /* tag placeholder used below */ 47 #define FAILED_FII ((uint32) -1) 48 49 #ifdef HAVE_IEEEFP 50 # define TIFFCvtIEEEFloatToNative(tif, n, fp) 51 # define TIFFCvtIEEEDoubleToNative(tif, n, dp) 52 #else 53 extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32, float*); 54 extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32, double*); 55 #endif 56 57 enum TIFFReadDirEntryErr { 58 TIFFReadDirEntryErrOk = 0, 59 TIFFReadDirEntryErrCount = 1, 60 TIFFReadDirEntryErrType = 2, 61 TIFFReadDirEntryErrIo = 3, 62 TIFFReadDirEntryErrRange = 4, 63 TIFFReadDirEntryErrPsdif = 5, 64 TIFFReadDirEntryErrSizesan = 6, 65 TIFFReadDirEntryErrAlloc = 7, 66 }; 67 68 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value); 69 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value); 70 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value); 71 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value); 72 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value); 73 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value); 74 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value); 75 76 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value); 77 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value); 78 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value); 79 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value); 80 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value); 81 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value); 82 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value); 83 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value); 84 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value); 85 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value); 86 static enum TIFFReadDirEntryErr TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value); 87 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value); 88 89 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value); 90 #if 0 91 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value); 92 #endif 93 94 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value); 95 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value); 96 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value); 97 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value); 98 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value); 99 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value); 100 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value); 101 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value); 102 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value); 103 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value); 104 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value); 105 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value); 106 107 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value); 108 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value); 109 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value); 110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value); 111 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value); 112 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value); 113 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value); 114 115 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value); 116 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value); 117 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value); 118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value); 119 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value); 120 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value); 121 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value); 122 123 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value); 124 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value); 125 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value); 126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value); 127 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value); 128 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value); 129 130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value); 131 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value); 132 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value); 133 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value); 134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value); 135 136 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value); 137 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value); 138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value); 139 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongLong8(uint64 value); 140 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong8(int64 value); 141 142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong(uint32 value); 143 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong8(uint64 value); 144 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongSlong8(int64 value); 145 146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value); 147 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sshort(int16 value); 148 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong(int32 value); 149 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong8(int64 value); 150 151 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value); 152 153 static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest); 154 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover); 155 156 static void TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount); 157 static TIFFDirEntry* TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid); 158 static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii); 159 160 static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount); 161 static void MissingRequired(TIFF*, const char*); 162 static int TIFFCheckDirOffset(TIFF* tif, uint64 diroff); 163 static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32); 164 static uint16 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, uint64* nextdiroff); 165 static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover); 166 static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp); 167 static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*); 168 static void ChopUpSingleUncompressedStrip(TIFF*); 169 static uint64 TIFFReadUInt64(const uint8 *value); 170 171 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount ); 172 173 typedef union _UInt64Aligned_t 174 { 175 double d; 176 uint64 l; 177 uint32 i[2]; 178 uint16 s[4]; 179 uint8 c[8]; 180 } UInt64Aligned_t; 181 182 /* 183 Unaligned safe copy of a uint64 value from an octet array. 184 */ 185 static uint64 TIFFReadUInt64(const uint8 *value) 186 { 187 UInt64Aligned_t result; 188 189 result.c[0]=value[0]; 190 result.c[1]=value[1]; 191 result.c[2]=value[2]; 192 result.c[3]=value[3]; 193 result.c[4]=value[4]; 194 result.c[5]=value[5]; 195 result.c[6]=value[6]; 196 result.c[7]=value[7]; 197 198 return result.l; 199 } 200 201 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value) 202 { 203 enum TIFFReadDirEntryErr err; 204 if (direntry->tdir_count!=1) 205 return(TIFFReadDirEntryErrCount); 206 switch (direntry->tdir_type) 207 { 208 case TIFF_BYTE: 209 TIFFReadDirEntryCheckedByte(tif,direntry,value); 210 return(TIFFReadDirEntryErrOk); 211 case TIFF_SBYTE: 212 { 213 int8 m; 214 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); 215 err=TIFFReadDirEntryCheckRangeByteSbyte(m); 216 if (err!=TIFFReadDirEntryErrOk) 217 return(err); 218 *value=(uint8)m; 219 return(TIFFReadDirEntryErrOk); 220 } 221 case TIFF_SHORT: 222 { 223 uint16 m; 224 TIFFReadDirEntryCheckedShort(tif,direntry,&m); 225 err=TIFFReadDirEntryCheckRangeByteShort(m); 226 if (err!=TIFFReadDirEntryErrOk) 227 return(err); 228 *value=(uint8)m; 229 return(TIFFReadDirEntryErrOk); 230 } 231 case TIFF_SSHORT: 232 { 233 int16 m; 234 TIFFReadDirEntryCheckedSshort(tif,direntry,&m); 235 err=TIFFReadDirEntryCheckRangeByteSshort(m); 236 if (err!=TIFFReadDirEntryErrOk) 237 return(err); 238 *value=(uint8)m; 239 return(TIFFReadDirEntryErrOk); 240 } 241 case TIFF_LONG: 242 { 243 uint32 m; 244 TIFFReadDirEntryCheckedLong(tif,direntry,&m); 245 err=TIFFReadDirEntryCheckRangeByteLong(m); 246 if (err!=TIFFReadDirEntryErrOk) 247 return(err); 248 *value=(uint8)m; 249 return(TIFFReadDirEntryErrOk); 250 } 251 case TIFF_SLONG: 252 { 253 int32 m; 254 TIFFReadDirEntryCheckedSlong(tif,direntry,&m); 255 err=TIFFReadDirEntryCheckRangeByteSlong(m); 256 if (err!=TIFFReadDirEntryErrOk) 257 return(err); 258 *value=(uint8)m; 259 return(TIFFReadDirEntryErrOk); 260 } 261 case TIFF_LONG8: 262 { 263 uint64 m; 264 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); 265 if (err!=TIFFReadDirEntryErrOk) 266 return(err); 267 err=TIFFReadDirEntryCheckRangeByteLong8(m); 268 if (err!=TIFFReadDirEntryErrOk) 269 return(err); 270 *value=(uint8)m; 271 return(TIFFReadDirEntryErrOk); 272 } 273 case TIFF_SLONG8: 274 { 275 int64 m; 276 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); 277 if (err!=TIFFReadDirEntryErrOk) 278 return(err); 279 err=TIFFReadDirEntryCheckRangeByteSlong8(m); 280 if (err!=TIFFReadDirEntryErrOk) 281 return(err); 282 *value=(uint8)m; 283 return(TIFFReadDirEntryErrOk); 284 } 285 default: 286 return(TIFFReadDirEntryErrType); 287 } 288 } 289 290 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value) 291 { 292 enum TIFFReadDirEntryErr err; 293 if (direntry->tdir_count!=1) 294 return(TIFFReadDirEntryErrCount); 295 switch (direntry->tdir_type) 296 { 297 case TIFF_BYTE: 298 { 299 uint8 m; 300 TIFFReadDirEntryCheckedByte(tif,direntry,&m); 301 *value=(uint16)m; 302 return(TIFFReadDirEntryErrOk); 303 } 304 case TIFF_SBYTE: 305 { 306 int8 m; 307 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); 308 err=TIFFReadDirEntryCheckRangeShortSbyte(m); 309 if (err!=TIFFReadDirEntryErrOk) 310 return(err); 311 *value=(uint16)m; 312 return(TIFFReadDirEntryErrOk); 313 } 314 case TIFF_SHORT: 315 TIFFReadDirEntryCheckedShort(tif,direntry,value); 316 return(TIFFReadDirEntryErrOk); 317 case TIFF_SSHORT: 318 { 319 int16 m; 320 TIFFReadDirEntryCheckedSshort(tif,direntry,&m); 321 err=TIFFReadDirEntryCheckRangeShortSshort(m); 322 if (err!=TIFFReadDirEntryErrOk) 323 return(err); 324 *value=(uint16)m; 325 return(TIFFReadDirEntryErrOk); 326 } 327 case TIFF_LONG: 328 { 329 uint32 m; 330 TIFFReadDirEntryCheckedLong(tif,direntry,&m); 331 err=TIFFReadDirEntryCheckRangeShortLong(m); 332 if (err!=TIFFReadDirEntryErrOk) 333 return(err); 334 *value=(uint16)m; 335 return(TIFFReadDirEntryErrOk); 336 } 337 case TIFF_SLONG: 338 { 339 int32 m; 340 TIFFReadDirEntryCheckedSlong(tif,direntry,&m); 341 err=TIFFReadDirEntryCheckRangeShortSlong(m); 342 if (err!=TIFFReadDirEntryErrOk) 343 return(err); 344 *value=(uint16)m; 345 return(TIFFReadDirEntryErrOk); 346 } 347 case TIFF_LONG8: 348 { 349 uint64 m; 350 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); 351 if (err!=TIFFReadDirEntryErrOk) 352 return(err); 353 err=TIFFReadDirEntryCheckRangeShortLong8(m); 354 if (err!=TIFFReadDirEntryErrOk) 355 return(err); 356 *value=(uint16)m; 357 return(TIFFReadDirEntryErrOk); 358 } 359 case TIFF_SLONG8: 360 { 361 int64 m; 362 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); 363 if (err!=TIFFReadDirEntryErrOk) 364 return(err); 365 err=TIFFReadDirEntryCheckRangeShortSlong8(m); 366 if (err!=TIFFReadDirEntryErrOk) 367 return(err); 368 *value=(uint16)m; 369 return(TIFFReadDirEntryErrOk); 370 } 371 default: 372 return(TIFFReadDirEntryErrType); 373 } 374 } 375 376 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value) 377 { 378 enum TIFFReadDirEntryErr err; 379 if (direntry->tdir_count!=1) 380 return(TIFFReadDirEntryErrCount); 381 switch (direntry->tdir_type) 382 { 383 case TIFF_BYTE: 384 { 385 uint8 m; 386 TIFFReadDirEntryCheckedByte(tif,direntry,&m); 387 *value=(uint32)m; 388 return(TIFFReadDirEntryErrOk); 389 } 390 case TIFF_SBYTE: 391 { 392 int8 m; 393 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); 394 err=TIFFReadDirEntryCheckRangeLongSbyte(m); 395 if (err!=TIFFReadDirEntryErrOk) 396 return(err); 397 *value=(uint32)m; 398 return(TIFFReadDirEntryErrOk); 399 } 400 case TIFF_SHORT: 401 { 402 uint16 m; 403 TIFFReadDirEntryCheckedShort(tif,direntry,&m); 404 *value=(uint32)m; 405 return(TIFFReadDirEntryErrOk); 406 } 407 case TIFF_SSHORT: 408 { 409 int16 m; 410 TIFFReadDirEntryCheckedSshort(tif,direntry,&m); 411 err=TIFFReadDirEntryCheckRangeLongSshort(m); 412 if (err!=TIFFReadDirEntryErrOk) 413 return(err); 414 *value=(uint32)m; 415 return(TIFFReadDirEntryErrOk); 416 } 417 case TIFF_LONG: 418 TIFFReadDirEntryCheckedLong(tif,direntry,value); 419 return(TIFFReadDirEntryErrOk); 420 case TIFF_SLONG: 421 { 422 int32 m; 423 TIFFReadDirEntryCheckedSlong(tif,direntry,&m); 424 err=TIFFReadDirEntryCheckRangeLongSlong(m); 425 if (err!=TIFFReadDirEntryErrOk) 426 return(err); 427 *value=(uint32)m; 428 return(TIFFReadDirEntryErrOk); 429 } 430 case TIFF_LONG8: 431 { 432 uint64 m; 433 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); 434 if (err!=TIFFReadDirEntryErrOk) 435 return(err); 436 err=TIFFReadDirEntryCheckRangeLongLong8(m); 437 if (err!=TIFFReadDirEntryErrOk) 438 return(err); 439 *value=(uint32)m; 440 return(TIFFReadDirEntryErrOk); 441 } 442 case TIFF_SLONG8: 443 { 444 int64 m; 445 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); 446 if (err!=TIFFReadDirEntryErrOk) 447 return(err); 448 err=TIFFReadDirEntryCheckRangeLongSlong8(m); 449 if (err!=TIFFReadDirEntryErrOk) 450 return(err); 451 *value=(uint32)m; 452 return(TIFFReadDirEntryErrOk); 453 } 454 default: 455 return(TIFFReadDirEntryErrType); 456 } 457 } 458 459 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value) 460 { 461 enum TIFFReadDirEntryErr err; 462 if (direntry->tdir_count!=1) 463 return(TIFFReadDirEntryErrCount); 464 switch (direntry->tdir_type) 465 { 466 case TIFF_BYTE: 467 { 468 uint8 m; 469 TIFFReadDirEntryCheckedByte(tif,direntry,&m); 470 *value=(uint64)m; 471 return(TIFFReadDirEntryErrOk); 472 } 473 case TIFF_SBYTE: 474 { 475 int8 m; 476 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); 477 err=TIFFReadDirEntryCheckRangeLong8Sbyte(m); 478 if (err!=TIFFReadDirEntryErrOk) 479 return(err); 480 *value=(uint64)m; 481 return(TIFFReadDirEntryErrOk); 482 } 483 case TIFF_SHORT: 484 { 485 uint16 m; 486 TIFFReadDirEntryCheckedShort(tif,direntry,&m); 487 *value=(uint64)m; 488 return(TIFFReadDirEntryErrOk); 489 } 490 case TIFF_SSHORT: 491 { 492 int16 m; 493 TIFFReadDirEntryCheckedSshort(tif,direntry,&m); 494 err=TIFFReadDirEntryCheckRangeLong8Sshort(m); 495 if (err!=TIFFReadDirEntryErrOk) 496 return(err); 497 *value=(uint64)m; 498 return(TIFFReadDirEntryErrOk); 499 } 500 case TIFF_LONG: 501 { 502 uint32 m; 503 TIFFReadDirEntryCheckedLong(tif,direntry,&m); 504 *value=(uint64)m; 505 return(TIFFReadDirEntryErrOk); 506 } 507 case TIFF_SLONG: 508 { 509 int32 m; 510 TIFFReadDirEntryCheckedSlong(tif,direntry,&m); 511 err=TIFFReadDirEntryCheckRangeLong8Slong(m); 512 if (err!=TIFFReadDirEntryErrOk) 513 return(err); 514 *value=(uint64)m; 515 return(TIFFReadDirEntryErrOk); 516 } 517 case TIFF_LONG8: 518 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value); 519 return(err); 520 case TIFF_SLONG8: 521 { 522 int64 m; 523 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); 524 if (err!=TIFFReadDirEntryErrOk) 525 return(err); 526 err=TIFFReadDirEntryCheckRangeLong8Slong8(m); 527 if (err!=TIFFReadDirEntryErrOk) 528 return(err); 529 *value=(uint64)m; 530 return(TIFFReadDirEntryErrOk); 531 } 532 default: 533 return(TIFFReadDirEntryErrType); 534 } 535 } 536 537 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value) 538 { 539 enum TIFFReadDirEntryErr err; 540 if (direntry->tdir_count!=1) 541 return(TIFFReadDirEntryErrCount); 542 switch (direntry->tdir_type) 543 { 544 case TIFF_BYTE: 545 { 546 uint8 m; 547 TIFFReadDirEntryCheckedByte(tif,direntry,&m); 548 *value=(float)m; 549 return(TIFFReadDirEntryErrOk); 550 } 551 case TIFF_SBYTE: 552 { 553 int8 m; 554 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); 555 *value=(float)m; 556 return(TIFFReadDirEntryErrOk); 557 } 558 case TIFF_SHORT: 559 { 560 uint16 m; 561 TIFFReadDirEntryCheckedShort(tif,direntry,&m); 562 *value=(float)m; 563 return(TIFFReadDirEntryErrOk); 564 } 565 case TIFF_SSHORT: 566 { 567 int16 m; 568 TIFFReadDirEntryCheckedSshort(tif,direntry,&m); 569 *value=(float)m; 570 return(TIFFReadDirEntryErrOk); 571 } 572 case TIFF_LONG: 573 { 574 uint32 m; 575 TIFFReadDirEntryCheckedLong(tif,direntry,&m); 576 *value=(float)m; 577 return(TIFFReadDirEntryErrOk); 578 } 579 case TIFF_SLONG: 580 { 581 int32 m; 582 TIFFReadDirEntryCheckedSlong(tif,direntry,&m); 583 *value=(float)m; 584 return(TIFFReadDirEntryErrOk); 585 } 586 case TIFF_LONG8: 587 { 588 uint64 m; 589 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); 590 if (err!=TIFFReadDirEntryErrOk) 591 return(err); 592 #if defined(__WIN32__) && (_MSC_VER < 1500) 593 /* 594 * XXX: MSVC 6.0 does not support conversion 595 * of 64-bit integers into floating point 596 * values. 597 */ 598 *value = _TIFFUInt64ToFloat(m); 599 #else 600 *value=(float)m; 601 #endif 602 return(TIFFReadDirEntryErrOk); 603 } 604 case TIFF_SLONG8: 605 { 606 int64 m; 607 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); 608 if (err!=TIFFReadDirEntryErrOk) 609 return(err); 610 *value=(float)m; 611 return(TIFFReadDirEntryErrOk); 612 } 613 case TIFF_RATIONAL: 614 { 615 double m; 616 err=TIFFReadDirEntryCheckedRational(tif,direntry,&m); 617 if (err!=TIFFReadDirEntryErrOk) 618 return(err); 619 *value=(float)m; 620 return(TIFFReadDirEntryErrOk); 621 } 622 case TIFF_SRATIONAL: 623 { 624 double m; 625 err=TIFFReadDirEntryCheckedSrational(tif,direntry,&m); 626 if (err!=TIFFReadDirEntryErrOk) 627 return(err); 628 *value=(float)m; 629 return(TIFFReadDirEntryErrOk); 630 } 631 case TIFF_FLOAT: 632 TIFFReadDirEntryCheckedFloat(tif,direntry,value); 633 return(TIFFReadDirEntryErrOk); 634 case TIFF_DOUBLE: 635 { 636 double m; 637 err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m); 638 if (err!=TIFFReadDirEntryErrOk) 639 return(err); 640 *value=(float)m; 641 return(TIFFReadDirEntryErrOk); 642 } 643 default: 644 return(TIFFReadDirEntryErrType); 645 } 646 } 647 648 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value) 649 { 650 enum TIFFReadDirEntryErr err; 651 if (direntry->tdir_count!=1) 652 return(TIFFReadDirEntryErrCount); 653 switch (direntry->tdir_type) 654 { 655 case TIFF_BYTE: 656 { 657 uint8 m; 658 TIFFReadDirEntryCheckedByte(tif,direntry,&m); 659 *value=(double)m; 660 return(TIFFReadDirEntryErrOk); 661 } 662 case TIFF_SBYTE: 663 { 664 int8 m; 665 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m); 666 *value=(double)m; 667 return(TIFFReadDirEntryErrOk); 668 } 669 case TIFF_SHORT: 670 { 671 uint16 m; 672 TIFFReadDirEntryCheckedShort(tif,direntry,&m); 673 *value=(double)m; 674 return(TIFFReadDirEntryErrOk); 675 } 676 case TIFF_SSHORT: 677 { 678 int16 m; 679 TIFFReadDirEntryCheckedSshort(tif,direntry,&m); 680 *value=(double)m; 681 return(TIFFReadDirEntryErrOk); 682 } 683 case TIFF_LONG: 684 { 685 uint32 m; 686 TIFFReadDirEntryCheckedLong(tif,direntry,&m); 687 *value=(double)m; 688 return(TIFFReadDirEntryErrOk); 689 } 690 case TIFF_SLONG: 691 { 692 int32 m; 693 TIFFReadDirEntryCheckedSlong(tif,direntry,&m); 694 *value=(double)m; 695 return(TIFFReadDirEntryErrOk); 696 } 697 case TIFF_LONG8: 698 { 699 uint64 m; 700 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m); 701 if (err!=TIFFReadDirEntryErrOk) 702 return(err); 703 #if defined(__WIN32__) && (_MSC_VER < 1500) 704 /* 705 * XXX: MSVC 6.0 does not support conversion 706 * of 64-bit integers into floating point 707 * values. 708 */ 709 *value = _TIFFUInt64ToDouble(m); 710 #else 711 *value = (double)m; 712 #endif 713 return(TIFFReadDirEntryErrOk); 714 } 715 case TIFF_SLONG8: 716 { 717 int64 m; 718 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m); 719 if (err!=TIFFReadDirEntryErrOk) 720 return(err); 721 *value=(double)m; 722 return(TIFFReadDirEntryErrOk); 723 } 724 case TIFF_RATIONAL: 725 err=TIFFReadDirEntryCheckedRational(tif,direntry,value); 726 return(err); 727 case TIFF_SRATIONAL: 728 err=TIFFReadDirEntryCheckedSrational(tif,direntry,value); 729 return(err); 730 case TIFF_FLOAT: 731 { 732 float m; 733 TIFFReadDirEntryCheckedFloat(tif,direntry,&m); 734 *value=(double)m; 735 return(TIFFReadDirEntryErrOk); 736 } 737 case TIFF_DOUBLE: 738 err=TIFFReadDirEntryCheckedDouble(tif,direntry,value); 739 return(err); 740 default: 741 return(TIFFReadDirEntryErrType); 742 } 743 } 744 745 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value) 746 { 747 enum TIFFReadDirEntryErr err; 748 if (direntry->tdir_count!=1) 749 return(TIFFReadDirEntryErrCount); 750 switch (direntry->tdir_type) 751 { 752 case TIFF_LONG: 753 case TIFF_IFD: 754 { 755 uint32 m; 756 TIFFReadDirEntryCheckedLong(tif,direntry,&m); 757 *value=(uint64)m; 758 return(TIFFReadDirEntryErrOk); 759 } 760 case TIFF_LONG8: 761 case TIFF_IFD8: 762 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value); 763 return(err); 764 default: 765 return(TIFFReadDirEntryErrType); 766 } 767 } 768 769 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value) 770 { 771 int typesize; 772 uint32 datasize; 773 void* data; 774 typesize=TIFFDataWidth(direntry->tdir_type); 775 if ((direntry->tdir_count==0)||(typesize==0)) 776 { 777 *value=0; 778 return(TIFFReadDirEntryErrOk); 779 } 780 (void) desttypesize; 781 782 /* 783 * As a sanity check, make sure we have no more than a 2GB tag array 784 * in either the current data type or the dest data type. This also 785 * avoids problems with overflow of tmsize_t on 32bit systems. 786 */ 787 if ((uint64)(2147483647/typesize)<direntry->tdir_count) 788 return(TIFFReadDirEntryErrSizesan); 789 if ((uint64)(2147483647/desttypesize)<direntry->tdir_count) 790 return(TIFFReadDirEntryErrSizesan); 791 792 *count=(uint32)direntry->tdir_count; 793 datasize=(*count)*typesize; 794 assert((tmsize_t)datasize>0); 795 data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray"); 796 if (data==0) 797 return(TIFFReadDirEntryErrAlloc); 798 if (!(tif->tif_flags&TIFF_BIGTIFF)) 799 { 800 if (datasize<=4) 801 _TIFFmemcpy(data,&direntry->tdir_offset,datasize); 802 else 803 { 804 enum TIFFReadDirEntryErr err; 805 uint32 offset = direntry->tdir_offset.toff_long; 806 if (tif->tif_flags&TIFF_SWAB) 807 TIFFSwabLong(&offset); 808 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data); 809 if (err!=TIFFReadDirEntryErrOk) 810 { 811 _TIFFfree(data); 812 return(err); 813 } 814 } 815 } 816 else 817 { 818 if (datasize<=8) 819 _TIFFmemcpy(data,&direntry->tdir_offset,datasize); 820 else 821 { 822 enum TIFFReadDirEntryErr err; 823 uint64 offset = direntry->tdir_offset.toff_long8; 824 if (tif->tif_flags&TIFF_SWAB) 825 TIFFSwabLong8(&offset); 826 err=TIFFReadDirEntryData(tif,offset,(tmsize_t)datasize,data); 827 if (err!=TIFFReadDirEntryErrOk) 828 { 829 _TIFFfree(data); 830 return(err); 831 } 832 } 833 } 834 *value=data; 835 return(TIFFReadDirEntryErrOk); 836 } 837 838 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value) 839 { 840 enum TIFFReadDirEntryErr err; 841 uint32 count; 842 void* origdata; 843 uint8* data; 844 switch (direntry->tdir_type) 845 { 846 case TIFF_ASCII: 847 case TIFF_UNDEFINED: 848 case TIFF_BYTE: 849 case TIFF_SBYTE: 850 case TIFF_SHORT: 851 case TIFF_SSHORT: 852 case TIFF_LONG: 853 case TIFF_SLONG: 854 case TIFF_LONG8: 855 case TIFF_SLONG8: 856 break; 857 default: 858 return(TIFFReadDirEntryErrType); 859 } 860 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata); 861 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 862 { 863 *value=0; 864 return(err); 865 } 866 switch (direntry->tdir_type) 867 { 868 case TIFF_ASCII: 869 case TIFF_UNDEFINED: 870 case TIFF_BYTE: 871 *value=(uint8*)origdata; 872 return(TIFFReadDirEntryErrOk); 873 case TIFF_SBYTE: 874 { 875 int8* m; 876 uint32 n; 877 m=(int8*)origdata; 878 for (n=0; n<count; n++) 879 { 880 err=TIFFReadDirEntryCheckRangeByteSbyte(*m); 881 if (err!=TIFFReadDirEntryErrOk) 882 { 883 _TIFFfree(origdata); 884 return(err); 885 } 886 m++; 887 } 888 *value=(uint8*)origdata; 889 return(TIFFReadDirEntryErrOk); 890 } 891 } 892 data=(uint8*)_TIFFmalloc(count); 893 if (data==0) 894 { 895 _TIFFfree(origdata); 896 return(TIFFReadDirEntryErrAlloc); 897 } 898 switch (direntry->tdir_type) 899 { 900 case TIFF_SHORT: 901 { 902 uint16* ma; 903 uint8* mb; 904 uint32 n; 905 ma=(uint16*)origdata; 906 mb=data; 907 for (n=0; n<count; n++) 908 { 909 if (tif->tif_flags&TIFF_SWAB) 910 TIFFSwabShort(ma); 911 err=TIFFReadDirEntryCheckRangeByteShort(*ma); 912 if (err!=TIFFReadDirEntryErrOk) 913 break; 914 *mb++=(uint8)(*ma++); 915 } 916 } 917 break; 918 case TIFF_SSHORT: 919 { 920 int16* ma; 921 uint8* mb; 922 uint32 n; 923 ma=(int16*)origdata; 924 mb=data; 925 for (n=0; n<count; n++) 926 { 927 if (tif->tif_flags&TIFF_SWAB) 928 TIFFSwabShort((uint16*)ma); 929 err=TIFFReadDirEntryCheckRangeByteSshort(*ma); 930 if (err!=TIFFReadDirEntryErrOk) 931 break; 932 *mb++=(uint8)(*ma++); 933 } 934 } 935 break; 936 case TIFF_LONG: 937 { 938 uint32* ma; 939 uint8* mb; 940 uint32 n; 941 ma=(uint32*)origdata; 942 mb=data; 943 for (n=0; n<count; n++) 944 { 945 if (tif->tif_flags&TIFF_SWAB) 946 TIFFSwabLong(ma); 947 err=TIFFReadDirEntryCheckRangeByteLong(*ma); 948 if (err!=TIFFReadDirEntryErrOk) 949 break; 950 *mb++=(uint8)(*ma++); 951 } 952 } 953 break; 954 case TIFF_SLONG: 955 { 956 int32* ma; 957 uint8* mb; 958 uint32 n; 959 ma=(int32*)origdata; 960 mb=data; 961 for (n=0; n<count; n++) 962 { 963 if (tif->tif_flags&TIFF_SWAB) 964 TIFFSwabLong((uint32*)ma); 965 err=TIFFReadDirEntryCheckRangeByteSlong(*ma); 966 if (err!=TIFFReadDirEntryErrOk) 967 break; 968 *mb++=(uint8)(*ma++); 969 } 970 } 971 break; 972 case TIFF_LONG8: 973 { 974 uint64* ma; 975 uint8* mb; 976 uint32 n; 977 ma=(uint64*)origdata; 978 mb=data; 979 for (n=0; n<count; n++) 980 { 981 if (tif->tif_flags&TIFF_SWAB) 982 TIFFSwabLong8(ma); 983 err=TIFFReadDirEntryCheckRangeByteLong8(*ma); 984 if (err!=TIFFReadDirEntryErrOk) 985 break; 986 *mb++=(uint8)(*ma++); 987 } 988 } 989 break; 990 case TIFF_SLONG8: 991 { 992 int64* ma; 993 uint8* mb; 994 uint32 n; 995 ma=(int64*)origdata; 996 mb=data; 997 for (n=0; n<count; n++) 998 { 999 if (tif->tif_flags&TIFF_SWAB) 1000 TIFFSwabLong8((uint64*)ma); 1001 err=TIFFReadDirEntryCheckRangeByteSlong8(*ma); 1002 if (err!=TIFFReadDirEntryErrOk) 1003 break; 1004 *mb++=(uint8)(*ma++); 1005 } 1006 } 1007 break; 1008 } 1009 _TIFFfree(origdata); 1010 if (err!=TIFFReadDirEntryErrOk) 1011 { 1012 _TIFFfree(data); 1013 return(err); 1014 } 1015 *value=data; 1016 return(TIFFReadDirEntryErrOk); 1017 } 1018 1019 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value) 1020 { 1021 enum TIFFReadDirEntryErr err; 1022 uint32 count; 1023 void* origdata; 1024 int8* data; 1025 switch (direntry->tdir_type) 1026 { 1027 case TIFF_UNDEFINED: 1028 case TIFF_BYTE: 1029 case TIFF_SBYTE: 1030 case TIFF_SHORT: 1031 case TIFF_SSHORT: 1032 case TIFF_LONG: 1033 case TIFF_SLONG: 1034 case TIFF_LONG8: 1035 case TIFF_SLONG8: 1036 break; 1037 default: 1038 return(TIFFReadDirEntryErrType); 1039 } 1040 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata); 1041 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 1042 { 1043 *value=0; 1044 return(err); 1045 } 1046 switch (direntry->tdir_type) 1047 { 1048 case TIFF_UNDEFINED: 1049 case TIFF_BYTE: 1050 { 1051 uint8* m; 1052 uint32 n; 1053 m=(uint8*)origdata; 1054 for (n=0; n<count; n++) 1055 { 1056 err=TIFFReadDirEntryCheckRangeSbyteByte(*m); 1057 if (err!=TIFFReadDirEntryErrOk) 1058 { 1059 _TIFFfree(origdata); 1060 return(err); 1061 } 1062 m++; 1063 } 1064 *value=(int8*)origdata; 1065 return(TIFFReadDirEntryErrOk); 1066 } 1067 case TIFF_SBYTE: 1068 *value=(int8*)origdata; 1069 return(TIFFReadDirEntryErrOk); 1070 } 1071 data=(int8*)_TIFFmalloc(count); 1072 if (data==0) 1073 { 1074 _TIFFfree(origdata); 1075 return(TIFFReadDirEntryErrAlloc); 1076 } 1077 switch (direntry->tdir_type) 1078 { 1079 case TIFF_SHORT: 1080 { 1081 uint16* ma; 1082 int8* mb; 1083 uint32 n; 1084 ma=(uint16*)origdata; 1085 mb=data; 1086 for (n=0; n<count; n++) 1087 { 1088 if (tif->tif_flags&TIFF_SWAB) 1089 TIFFSwabShort(ma); 1090 err=TIFFReadDirEntryCheckRangeSbyteShort(*ma); 1091 if (err!=TIFFReadDirEntryErrOk) 1092 break; 1093 *mb++=(int8)(*ma++); 1094 } 1095 } 1096 break; 1097 case TIFF_SSHORT: 1098 { 1099 int16* ma; 1100 int8* mb; 1101 uint32 n; 1102 ma=(int16*)origdata; 1103 mb=data; 1104 for (n=0; n<count; n++) 1105 { 1106 if (tif->tif_flags&TIFF_SWAB) 1107 TIFFSwabShort((uint16*)ma); 1108 err=TIFFReadDirEntryCheckRangeSbyteSshort(*ma); 1109 if (err!=TIFFReadDirEntryErrOk) 1110 break; 1111 *mb++=(int8)(*ma++); 1112 } 1113 } 1114 break; 1115 case TIFF_LONG: 1116 { 1117 uint32* ma; 1118 int8* mb; 1119 uint32 n; 1120 ma=(uint32*)origdata; 1121 mb=data; 1122 for (n=0; n<count; n++) 1123 { 1124 if (tif->tif_flags&TIFF_SWAB) 1125 TIFFSwabLong(ma); 1126 err=TIFFReadDirEntryCheckRangeSbyteLong(*ma); 1127 if (err!=TIFFReadDirEntryErrOk) 1128 break; 1129 *mb++=(int8)(*ma++); 1130 } 1131 } 1132 break; 1133 case TIFF_SLONG: 1134 { 1135 int32* ma; 1136 int8* mb; 1137 uint32 n; 1138 ma=(int32*)origdata; 1139 mb=data; 1140 for (n=0; n<count; n++) 1141 { 1142 if (tif->tif_flags&TIFF_SWAB) 1143 TIFFSwabLong((uint32*)ma); 1144 err=TIFFReadDirEntryCheckRangeSbyteSlong(*ma); 1145 if (err!=TIFFReadDirEntryErrOk) 1146 break; 1147 *mb++=(int8)(*ma++); 1148 } 1149 } 1150 break; 1151 case TIFF_LONG8: 1152 { 1153 uint64* ma; 1154 int8* mb; 1155 uint32 n; 1156 ma=(uint64*)origdata; 1157 mb=data; 1158 for (n=0; n<count; n++) 1159 { 1160 if (tif->tif_flags&TIFF_SWAB) 1161 TIFFSwabLong8(ma); 1162 err=TIFFReadDirEntryCheckRangeSbyteLong8(*ma); 1163 if (err!=TIFFReadDirEntryErrOk) 1164 break; 1165 *mb++=(int8)(*ma++); 1166 } 1167 } 1168 break; 1169 case TIFF_SLONG8: 1170 { 1171 int64* ma; 1172 int8* mb; 1173 uint32 n; 1174 ma=(int64*)origdata; 1175 mb=data; 1176 for (n=0; n<count; n++) 1177 { 1178 if (tif->tif_flags&TIFF_SWAB) 1179 TIFFSwabLong8((uint64*)ma); 1180 err=TIFFReadDirEntryCheckRangeSbyteSlong8(*ma); 1181 if (err!=TIFFReadDirEntryErrOk) 1182 break; 1183 *mb++=(int8)(*ma++); 1184 } 1185 } 1186 break; 1187 } 1188 _TIFFfree(origdata); 1189 if (err!=TIFFReadDirEntryErrOk) 1190 { 1191 _TIFFfree(data); 1192 return(err); 1193 } 1194 *value=data; 1195 return(TIFFReadDirEntryErrOk); 1196 } 1197 1198 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value) 1199 { 1200 enum TIFFReadDirEntryErr err; 1201 uint32 count; 1202 void* origdata; 1203 uint16* data; 1204 switch (direntry->tdir_type) 1205 { 1206 case TIFF_BYTE: 1207 case TIFF_SBYTE: 1208 case TIFF_SHORT: 1209 case TIFF_SSHORT: 1210 case TIFF_LONG: 1211 case TIFF_SLONG: 1212 case TIFF_LONG8: 1213 case TIFF_SLONG8: 1214 break; 1215 default: 1216 return(TIFFReadDirEntryErrType); 1217 } 1218 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata); 1219 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 1220 { 1221 *value=0; 1222 return(err); 1223 } 1224 switch (direntry->tdir_type) 1225 { 1226 case TIFF_SHORT: 1227 *value=(uint16*)origdata; 1228 if (tif->tif_flags&TIFF_SWAB) 1229 TIFFSwabArrayOfShort(*value,count); 1230 return(TIFFReadDirEntryErrOk); 1231 case TIFF_SSHORT: 1232 { 1233 int16* m; 1234 uint32 n; 1235 m=(int16*)origdata; 1236 for (n=0; n<count; n++) 1237 { 1238 if (tif->tif_flags&TIFF_SWAB) 1239 TIFFSwabShort((uint16*)m); 1240 err=TIFFReadDirEntryCheckRangeShortSshort(*m); 1241 if (err!=TIFFReadDirEntryErrOk) 1242 { 1243 _TIFFfree(origdata); 1244 return(err); 1245 } 1246 m++; 1247 } 1248 *value=(uint16*)origdata; 1249 return(TIFFReadDirEntryErrOk); 1250 } 1251 } 1252 data=(uint16*)_TIFFmalloc(count*2); 1253 if (data==0) 1254 { 1255 _TIFFfree(origdata); 1256 return(TIFFReadDirEntryErrAlloc); 1257 } 1258 switch (direntry->tdir_type) 1259 { 1260 case TIFF_BYTE: 1261 { 1262 uint8* ma; 1263 uint16* mb; 1264 uint32 n; 1265 ma=(uint8*)origdata; 1266 mb=data; 1267 for (n=0; n<count; n++) 1268 *mb++=(uint16)(*ma++); 1269 } 1270 break; 1271 case TIFF_SBYTE: 1272 { 1273 int8* ma; 1274 uint16* mb; 1275 uint32 n; 1276 ma=(int8*)origdata; 1277 mb=data; 1278 for (n=0; n<count; n++) 1279 { 1280 err=TIFFReadDirEntryCheckRangeShortSbyte(*ma); 1281 if (err!=TIFFReadDirEntryErrOk) 1282 break; 1283 *mb++=(uint16)(*ma++); 1284 } 1285 } 1286 break; 1287 case TIFF_LONG: 1288 { 1289 uint32* ma; 1290 uint16* mb; 1291 uint32 n; 1292 ma=(uint32*)origdata; 1293 mb=data; 1294 for (n=0; n<count; n++) 1295 { 1296 if (tif->tif_flags&TIFF_SWAB) 1297 TIFFSwabLong(ma); 1298 err=TIFFReadDirEntryCheckRangeShortLong(*ma); 1299 if (err!=TIFFReadDirEntryErrOk) 1300 break; 1301 *mb++=(uint16)(*ma++); 1302 } 1303 } 1304 break; 1305 case TIFF_SLONG: 1306 { 1307 int32* ma; 1308 uint16* mb; 1309 uint32 n; 1310 ma=(int32*)origdata; 1311 mb=data; 1312 for (n=0; n<count; n++) 1313 { 1314 if (tif->tif_flags&TIFF_SWAB) 1315 TIFFSwabLong((uint32*)ma); 1316 err=TIFFReadDirEntryCheckRangeShortSlong(*ma); 1317 if (err!=TIFFReadDirEntryErrOk) 1318 break; 1319 *mb++=(uint16)(*ma++); 1320 } 1321 } 1322 break; 1323 case TIFF_LONG8: 1324 { 1325 uint64* ma; 1326 uint16* mb; 1327 uint32 n; 1328 ma=(uint64*)origdata; 1329 mb=data; 1330 for (n=0; n<count; n++) 1331 { 1332 if (tif->tif_flags&TIFF_SWAB) 1333 TIFFSwabLong8(ma); 1334 err=TIFFReadDirEntryCheckRangeShortLong8(*ma); 1335 if (err!=TIFFReadDirEntryErrOk) 1336 break; 1337 *mb++=(uint16)(*ma++); 1338 } 1339 } 1340 break; 1341 case TIFF_SLONG8: 1342 { 1343 int64* ma; 1344 uint16* mb; 1345 uint32 n; 1346 ma=(int64*)origdata; 1347 mb=data; 1348 for (n=0; n<count; n++) 1349 { 1350 if (tif->tif_flags&TIFF_SWAB) 1351 TIFFSwabLong8((uint64*)ma); 1352 err=TIFFReadDirEntryCheckRangeShortSlong8(*ma); 1353 if (err!=TIFFReadDirEntryErrOk) 1354 break; 1355 *mb++=(uint16)(*ma++); 1356 } 1357 } 1358 break; 1359 } 1360 _TIFFfree(origdata); 1361 if (err!=TIFFReadDirEntryErrOk) 1362 { 1363 _TIFFfree(data); 1364 return(err); 1365 } 1366 *value=data; 1367 return(TIFFReadDirEntryErrOk); 1368 } 1369 1370 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value) 1371 { 1372 enum TIFFReadDirEntryErr err; 1373 uint32 count; 1374 void* origdata; 1375 int16* data; 1376 switch (direntry->tdir_type) 1377 { 1378 case TIFF_BYTE: 1379 case TIFF_SBYTE: 1380 case TIFF_SHORT: 1381 case TIFF_SSHORT: 1382 case TIFF_LONG: 1383 case TIFF_SLONG: 1384 case TIFF_LONG8: 1385 case TIFF_SLONG8: 1386 break; 1387 default: 1388 return(TIFFReadDirEntryErrType); 1389 } 1390 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata); 1391 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 1392 { 1393 *value=0; 1394 return(err); 1395 } 1396 switch (direntry->tdir_type) 1397 { 1398 case TIFF_SHORT: 1399 { 1400 uint16* m; 1401 uint32 n; 1402 m=(uint16*)origdata; 1403 for (n=0; n<count; n++) 1404 { 1405 if (tif->tif_flags&TIFF_SWAB) 1406 TIFFSwabShort(m); 1407 err=TIFFReadDirEntryCheckRangeSshortShort(*m); 1408 if (err!=TIFFReadDirEntryErrOk) 1409 { 1410 _TIFFfree(origdata); 1411 return(err); 1412 } 1413 m++; 1414 } 1415 *value=(int16*)origdata; 1416 return(TIFFReadDirEntryErrOk); 1417 } 1418 case TIFF_SSHORT: 1419 *value=(int16*)origdata; 1420 if (tif->tif_flags&TIFF_SWAB) 1421 TIFFSwabArrayOfShort((uint16*)(*value),count); 1422 return(TIFFReadDirEntryErrOk); 1423 } 1424 data=(int16*)_TIFFmalloc(count*2); 1425 if (data==0) 1426 { 1427 _TIFFfree(origdata); 1428 return(TIFFReadDirEntryErrAlloc); 1429 } 1430 switch (direntry->tdir_type) 1431 { 1432 case TIFF_BYTE: 1433 { 1434 uint8* ma; 1435 int16* mb; 1436 uint32 n; 1437 ma=(uint8*)origdata; 1438 mb=data; 1439 for (n=0; n<count; n++) 1440 *mb++=(int16)(*ma++); 1441 } 1442 break; 1443 case TIFF_SBYTE: 1444 { 1445 int8* ma; 1446 int16* mb; 1447 uint32 n; 1448 ma=(int8*)origdata; 1449 mb=data; 1450 for (n=0; n<count; n++) 1451 *mb++=(int16)(*ma++); 1452 } 1453 break; 1454 case TIFF_LONG: 1455 { 1456 uint32* ma; 1457 int16* mb; 1458 uint32 n; 1459 ma=(uint32*)origdata; 1460 mb=data; 1461 for (n=0; n<count; n++) 1462 { 1463 if (tif->tif_flags&TIFF_SWAB) 1464 TIFFSwabLong(ma); 1465 err=TIFFReadDirEntryCheckRangeSshortLong(*ma); 1466 if (err!=TIFFReadDirEntryErrOk) 1467 break; 1468 *mb++=(int16)(*ma++); 1469 } 1470 } 1471 break; 1472 case TIFF_SLONG: 1473 { 1474 int32* ma; 1475 int16* mb; 1476 uint32 n; 1477 ma=(int32*)origdata; 1478 mb=data; 1479 for (n=0; n<count; n++) 1480 { 1481 if (tif->tif_flags&TIFF_SWAB) 1482 TIFFSwabLong((uint32*)ma); 1483 err=TIFFReadDirEntryCheckRangeSshortSlong(*ma); 1484 if (err!=TIFFReadDirEntryErrOk) 1485 break; 1486 *mb++=(int16)(*ma++); 1487 } 1488 } 1489 break; 1490 case TIFF_LONG8: 1491 { 1492 uint64* ma; 1493 int16* mb; 1494 uint32 n; 1495 ma=(uint64*)origdata; 1496 mb=data; 1497 for (n=0; n<count; n++) 1498 { 1499 if (tif->tif_flags&TIFF_SWAB) 1500 TIFFSwabLong8(ma); 1501 err=TIFFReadDirEntryCheckRangeSshortLong8(*ma); 1502 if (err!=TIFFReadDirEntryErrOk) 1503 break; 1504 *mb++=(int16)(*ma++); 1505 } 1506 } 1507 break; 1508 case TIFF_SLONG8: 1509 { 1510 int64* ma; 1511 int16* mb; 1512 uint32 n; 1513 ma=(int64*)origdata; 1514 mb=data; 1515 for (n=0; n<count; n++) 1516 { 1517 if (tif->tif_flags&TIFF_SWAB) 1518 TIFFSwabLong8((uint64*)ma); 1519 err=TIFFReadDirEntryCheckRangeSshortSlong8(*ma); 1520 if (err!=TIFFReadDirEntryErrOk) 1521 break; 1522 *mb++=(int16)(*ma++); 1523 } 1524 } 1525 break; 1526 } 1527 _TIFFfree(origdata); 1528 if (err!=TIFFReadDirEntryErrOk) 1529 { 1530 _TIFFfree(data); 1531 return(err); 1532 } 1533 *value=data; 1534 return(TIFFReadDirEntryErrOk); 1535 } 1536 1537 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value) 1538 { 1539 enum TIFFReadDirEntryErr err; 1540 uint32 count; 1541 void* origdata; 1542 uint32* data; 1543 switch (direntry->tdir_type) 1544 { 1545 case TIFF_BYTE: 1546 case TIFF_SBYTE: 1547 case TIFF_SHORT: 1548 case TIFF_SSHORT: 1549 case TIFF_LONG: 1550 case TIFF_SLONG: 1551 case TIFF_LONG8: 1552 case TIFF_SLONG8: 1553 break; 1554 default: 1555 return(TIFFReadDirEntryErrType); 1556 } 1557 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata); 1558 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 1559 { 1560 *value=0; 1561 return(err); 1562 } 1563 switch (direntry->tdir_type) 1564 { 1565 case TIFF_LONG: 1566 *value=(uint32*)origdata; 1567 if (tif->tif_flags&TIFF_SWAB) 1568 TIFFSwabArrayOfLong(*value,count); 1569 return(TIFFReadDirEntryErrOk); 1570 case TIFF_SLONG: 1571 { 1572 int32* m; 1573 uint32 n; 1574 m=(int32*)origdata; 1575 for (n=0; n<count; n++) 1576 { 1577 if (tif->tif_flags&TIFF_SWAB) 1578 TIFFSwabLong((uint32*)m); 1579 err=TIFFReadDirEntryCheckRangeLongSlong(*m); 1580 if (err!=TIFFReadDirEntryErrOk) 1581 { 1582 _TIFFfree(origdata); 1583 return(err); 1584 } 1585 m++; 1586 } 1587 *value=(uint32*)origdata; 1588 return(TIFFReadDirEntryErrOk); 1589 } 1590 } 1591 data=(uint32*)_TIFFmalloc(count*4); 1592 if (data==0) 1593 { 1594 _TIFFfree(origdata); 1595 return(TIFFReadDirEntryErrAlloc); 1596 } 1597 switch (direntry->tdir_type) 1598 { 1599 case TIFF_BYTE: 1600 { 1601 uint8* ma; 1602 uint32* mb; 1603 uint32 n; 1604 ma=(uint8*)origdata; 1605 mb=data; 1606 for (n=0; n<count; n++) 1607 *mb++=(uint32)(*ma++); 1608 } 1609 break; 1610 case TIFF_SBYTE: 1611 { 1612 int8* ma; 1613 uint32* mb; 1614 uint32 n; 1615 ma=(int8*)origdata; 1616 mb=data; 1617 for (n=0; n<count; n++) 1618 { 1619 err=TIFFReadDirEntryCheckRangeLongSbyte(*ma); 1620 if (err!=TIFFReadDirEntryErrOk) 1621 break; 1622 *mb++=(uint32)(*ma++); 1623 } 1624 } 1625 break; 1626 case TIFF_SHORT: 1627 { 1628 uint16* ma; 1629 uint32* mb; 1630 uint32 n; 1631 ma=(uint16*)origdata; 1632 mb=data; 1633 for (n=0; n<count; n++) 1634 { 1635 if (tif->tif_flags&TIFF_SWAB) 1636 TIFFSwabShort(ma); 1637 *mb++=(uint32)(*ma++); 1638 } 1639 } 1640 break; 1641 case TIFF_SSHORT: 1642 { 1643 int16* ma; 1644 uint32* mb; 1645 uint32 n; 1646 ma=(int16*)origdata; 1647 mb=data; 1648 for (n=0; n<count; n++) 1649 { 1650 if (tif->tif_flags&TIFF_SWAB) 1651 TIFFSwabShort((uint16*)ma); 1652 err=TIFFReadDirEntryCheckRangeLongSshort(*ma); 1653 if (err!=TIFFReadDirEntryErrOk) 1654 break; 1655 *mb++=(uint32)(*ma++); 1656 } 1657 } 1658 break; 1659 case TIFF_LONG8: 1660 { 1661 uint64* ma; 1662 uint32* mb; 1663 uint32 n; 1664 ma=(uint64*)origdata; 1665 mb=data; 1666 for (n=0; n<count; n++) 1667 { 1668 if (tif->tif_flags&TIFF_SWAB) 1669 TIFFSwabLong8(ma); 1670 err=TIFFReadDirEntryCheckRangeLongLong8(*ma); 1671 if (err!=TIFFReadDirEntryErrOk) 1672 break; 1673 *mb++=(uint32)(*ma++); 1674 } 1675 } 1676 break; 1677 case TIFF_SLONG8: 1678 { 1679 int64* ma; 1680 uint32* mb; 1681 uint32 n; 1682 ma=(int64*)origdata; 1683 mb=data; 1684 for (n=0; n<count; n++) 1685 { 1686 if (tif->tif_flags&TIFF_SWAB) 1687 TIFFSwabLong8((uint64*)ma); 1688 err=TIFFReadDirEntryCheckRangeLongSlong8(*ma); 1689 if (err!=TIFFReadDirEntryErrOk) 1690 break; 1691 *mb++=(uint32)(*ma++); 1692 } 1693 } 1694 break; 1695 } 1696 _TIFFfree(origdata); 1697 if (err!=TIFFReadDirEntryErrOk) 1698 { 1699 _TIFFfree(data); 1700 return(err); 1701 } 1702 *value=data; 1703 return(TIFFReadDirEntryErrOk); 1704 } 1705 1706 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value) 1707 { 1708 enum TIFFReadDirEntryErr err; 1709 uint32 count; 1710 void* origdata; 1711 int32* data; 1712 switch (direntry->tdir_type) 1713 { 1714 case TIFF_BYTE: 1715 case TIFF_SBYTE: 1716 case TIFF_SHORT: 1717 case TIFF_SSHORT: 1718 case TIFF_LONG: 1719 case TIFF_SLONG: 1720 case TIFF_LONG8: 1721 case TIFF_SLONG8: 1722 break; 1723 default: 1724 return(TIFFReadDirEntryErrType); 1725 } 1726 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata); 1727 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 1728 { 1729 *value=0; 1730 return(err); 1731 } 1732 switch (direntry->tdir_type) 1733 { 1734 case TIFF_LONG: 1735 { 1736 uint32* m; 1737 uint32 n; 1738 m=(uint32*)origdata; 1739 for (n=0; n<count; n++) 1740 { 1741 if (tif->tif_flags&TIFF_SWAB) 1742 TIFFSwabLong((uint32*)m); 1743 err=TIFFReadDirEntryCheckRangeSlongLong(*m); 1744 if (err!=TIFFReadDirEntryErrOk) 1745 { 1746 _TIFFfree(origdata); 1747 return(err); 1748 } 1749 m++; 1750 } 1751 *value=(int32*)origdata; 1752 return(TIFFReadDirEntryErrOk); 1753 } 1754 case TIFF_SLONG: 1755 *value=(int32*)origdata; 1756 if (tif->tif_flags&TIFF_SWAB) 1757 TIFFSwabArrayOfLong((uint32*)(*value),count); 1758 return(TIFFReadDirEntryErrOk); 1759 } 1760 data=(int32*)_TIFFmalloc(count*4); 1761 if (data==0) 1762 { 1763 _TIFFfree(origdata); 1764 return(TIFFReadDirEntryErrAlloc); 1765 } 1766 switch (direntry->tdir_type) 1767 { 1768 case TIFF_BYTE: 1769 { 1770 uint8* ma; 1771 int32* mb; 1772 uint32 n; 1773 ma=(uint8*)origdata; 1774 mb=data; 1775 for (n=0; n<count; n++) 1776 *mb++=(int32)(*ma++); 1777 } 1778 break; 1779 case TIFF_SBYTE: 1780 { 1781 int8* ma; 1782 int32* mb; 1783 uint32 n; 1784 ma=(int8*)origdata; 1785 mb=data; 1786 for (n=0; n<count; n++) 1787 *mb++=(int32)(*ma++); 1788 } 1789 break; 1790 case TIFF_SHORT: 1791 { 1792 uint16* ma; 1793 int32* mb; 1794 uint32 n; 1795 ma=(uint16*)origdata; 1796 mb=data; 1797 for (n=0; n<count; n++) 1798 { 1799 if (tif->tif_flags&TIFF_SWAB) 1800 TIFFSwabShort(ma); 1801 *mb++=(int32)(*ma++); 1802 } 1803 } 1804 break; 1805 case TIFF_SSHORT: 1806 { 1807 int16* ma; 1808 int32* mb; 1809 uint32 n; 1810 ma=(int16*)origdata; 1811 mb=data; 1812 for (n=0; n<count; n++) 1813 { 1814 if (tif->tif_flags&TIFF_SWAB) 1815 TIFFSwabShort((uint16*)ma); 1816 *mb++=(int32)(*ma++); 1817 } 1818 } 1819 break; 1820 case TIFF_LONG8: 1821 { 1822 uint64* ma; 1823 int32* mb; 1824 uint32 n; 1825 ma=(uint64*)origdata; 1826 mb=data; 1827 for (n=0; n<count; n++) 1828 { 1829 if (tif->tif_flags&TIFF_SWAB) 1830 TIFFSwabLong8(ma); 1831 err=TIFFReadDirEntryCheckRangeSlongLong8(*ma); 1832 if (err!=TIFFReadDirEntryErrOk) 1833 break; 1834 *mb++=(int32)(*ma++); 1835 } 1836 } 1837 break; 1838 case TIFF_SLONG8: 1839 { 1840 int64* ma; 1841 int32* mb; 1842 uint32 n; 1843 ma=(int64*)origdata; 1844 mb=data; 1845 for (n=0; n<count; n++) 1846 { 1847 if (tif->tif_flags&TIFF_SWAB) 1848 TIFFSwabLong8((uint64*)ma); 1849 err=TIFFReadDirEntryCheckRangeSlongSlong8(*ma); 1850 if (err!=TIFFReadDirEntryErrOk) 1851 break; 1852 *mb++=(int32)(*ma++); 1853 } 1854 } 1855 break; 1856 } 1857 _TIFFfree(origdata); 1858 if (err!=TIFFReadDirEntryErrOk) 1859 { 1860 _TIFFfree(data); 1861 return(err); 1862 } 1863 *value=data; 1864 return(TIFFReadDirEntryErrOk); 1865 } 1866 1867 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value) 1868 { 1869 enum TIFFReadDirEntryErr err; 1870 uint32 count; 1871 void* origdata; 1872 uint64* data; 1873 switch (direntry->tdir_type) 1874 { 1875 case TIFF_BYTE: 1876 case TIFF_SBYTE: 1877 case TIFF_SHORT: 1878 case TIFF_SSHORT: 1879 case TIFF_LONG: 1880 case TIFF_SLONG: 1881 case TIFF_LONG8: 1882 case TIFF_SLONG8: 1883 break; 1884 default: 1885 return(TIFFReadDirEntryErrType); 1886 } 1887 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata); 1888 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 1889 { 1890 *value=0; 1891 return(err); 1892 } 1893 switch (direntry->tdir_type) 1894 { 1895 case TIFF_LONG8: 1896 *value=(uint64*)origdata; 1897 if (tif->tif_flags&TIFF_SWAB) 1898 TIFFSwabArrayOfLong8(*value,count); 1899 return(TIFFReadDirEntryErrOk); 1900 case TIFF_SLONG8: 1901 { 1902 int64* m; 1903 uint32 n; 1904 m=(int64*)origdata; 1905 for (n=0; n<count; n++) 1906 { 1907 if (tif->tif_flags&TIFF_SWAB) 1908 TIFFSwabLong8((uint64*)m); 1909 err=TIFFReadDirEntryCheckRangeLong8Slong8(*m); 1910 if (err!=TIFFReadDirEntryErrOk) 1911 { 1912 _TIFFfree(origdata); 1913 return(err); 1914 } 1915 m++; 1916 } 1917 *value=(uint64*)origdata; 1918 return(TIFFReadDirEntryErrOk); 1919 } 1920 } 1921 data=(uint64*)_TIFFmalloc(count*8); 1922 if (data==0) 1923 { 1924 _TIFFfree(origdata); 1925 return(TIFFReadDirEntryErrAlloc); 1926 } 1927 switch (direntry->tdir_type) 1928 { 1929 case TIFF_BYTE: 1930 { 1931 uint8* ma; 1932 uint64* mb; 1933 uint32 n; 1934 ma=(uint8*)origdata; 1935 mb=data; 1936 for (n=0; n<count; n++) 1937 *mb++=(uint64)(*ma++); 1938 } 1939 break; 1940 case TIFF_SBYTE: 1941 { 1942 int8* ma; 1943 uint64* mb; 1944 uint32 n; 1945 ma=(int8*)origdata; 1946 mb=data; 1947 for (n=0; n<count; n++) 1948 { 1949 err=TIFFReadDirEntryCheckRangeLong8Sbyte(*ma); 1950 if (err!=TIFFReadDirEntryErrOk) 1951 break; 1952 *mb++=(uint64)(*ma++); 1953 } 1954 } 1955 break; 1956 case TIFF_SHORT: 1957 { 1958 uint16* ma; 1959 uint64* mb; 1960 uint32 n; 1961 ma=(uint16*)origdata; 1962 mb=data; 1963 for (n=0; n<count; n++) 1964 { 1965 if (tif->tif_flags&TIFF_SWAB) 1966 TIFFSwabShort(ma); 1967 *mb++=(uint64)(*ma++); 1968 } 1969 } 1970 break; 1971 case TIFF_SSHORT: 1972 { 1973 int16* ma; 1974 uint64* mb; 1975 uint32 n; 1976 ma=(int16*)origdata; 1977 mb=data; 1978 for (n=0; n<count; n++) 1979 { 1980 if (tif->tif_flags&TIFF_SWAB) 1981 TIFFSwabShort((uint16*)ma); 1982 err=TIFFReadDirEntryCheckRangeLong8Sshort(*ma); 1983 if (err!=TIFFReadDirEntryErrOk) 1984 break; 1985 *mb++=(uint64)(*ma++); 1986 } 1987 } 1988 break; 1989 case TIFF_LONG: 1990 { 1991 uint32* ma; 1992 uint64* mb; 1993 uint32 n; 1994 ma=(uint32*)origdata; 1995 mb=data; 1996 for (n=0; n<count; n++) 1997 { 1998 if (tif->tif_flags&TIFF_SWAB) 1999 TIFFSwabLong(ma); 2000 *mb++=(uint64)(*ma++); 2001 } 2002 } 2003 break; 2004 case TIFF_SLONG: 2005 { 2006 int32* ma; 2007 uint64* mb; 2008 uint32 n; 2009 ma=(int32*)origdata; 2010 mb=data; 2011 for (n=0; n<count; n++) 2012 { 2013 if (tif->tif_flags&TIFF_SWAB) 2014 TIFFSwabLong((uint32*)ma); 2015 err=TIFFReadDirEntryCheckRangeLong8Slong(*ma); 2016 if (err!=TIFFReadDirEntryErrOk) 2017 break; 2018 *mb++=(uint64)(*ma++); 2019 } 2020 } 2021 break; 2022 } 2023 _TIFFfree(origdata); 2024 if (err!=TIFFReadDirEntryErrOk) 2025 { 2026 _TIFFfree(data); 2027 return(err); 2028 } 2029 *value=data; 2030 return(TIFFReadDirEntryErrOk); 2031 } 2032 2033 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value) 2034 { 2035 enum TIFFReadDirEntryErr err; 2036 uint32 count; 2037 void* origdata; 2038 int64* data; 2039 switch (direntry->tdir_type) 2040 { 2041 case TIFF_BYTE: 2042 case TIFF_SBYTE: 2043 case TIFF_SHORT: 2044 case TIFF_SSHORT: 2045 case TIFF_LONG: 2046 case TIFF_SLONG: 2047 case TIFF_LONG8: 2048 case TIFF_SLONG8: 2049 break; 2050 default: 2051 return(TIFFReadDirEntryErrType); 2052 } 2053 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata); 2054 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 2055 { 2056 *value=0; 2057 return(err); 2058 } 2059 switch (direntry->tdir_type) 2060 { 2061 case TIFF_LONG8: 2062 { 2063 uint64* m; 2064 uint32 n; 2065 m=(uint64*)origdata; 2066 for (n=0; n<count; n++) 2067 { 2068 if (tif->tif_flags&TIFF_SWAB) 2069 TIFFSwabLong8(m); 2070 err=TIFFReadDirEntryCheckRangeSlong8Long8(*m); 2071 if (err!=TIFFReadDirEntryErrOk) 2072 { 2073 _TIFFfree(origdata); 2074 return(err); 2075 } 2076 m++; 2077 } 2078 *value=(int64*)origdata; 2079 return(TIFFReadDirEntryErrOk); 2080 } 2081 case TIFF_SLONG8: 2082 *value=(int64*)origdata; 2083 if (tif->tif_flags&TIFF_SWAB) 2084 TIFFSwabArrayOfLong8((uint64*)(*value),count); 2085 return(TIFFReadDirEntryErrOk); 2086 } 2087 data=(int64*)_TIFFmalloc(count*8); 2088 if (data==0) 2089 { 2090 _TIFFfree(origdata); 2091 return(TIFFReadDirEntryErrAlloc); 2092 } 2093 switch (direntry->tdir_type) 2094 { 2095 case TIFF_BYTE: 2096 { 2097 uint8* ma; 2098 int64* mb; 2099 uint32 n; 2100 ma=(uint8*)origdata; 2101 mb=data; 2102 for (n=0; n<count; n++) 2103 *mb++=(int64)(*ma++); 2104 } 2105 break; 2106 case TIFF_SBYTE: 2107 { 2108 int8* ma; 2109 int64* mb; 2110 uint32 n; 2111 ma=(int8*)origdata; 2112 mb=data; 2113 for (n=0; n<count; n++) 2114 *mb++=(int64)(*ma++); 2115 } 2116 break; 2117 case TIFF_SHORT: 2118 { 2119 uint16* ma; 2120 int64* mb; 2121 uint32 n; 2122 ma=(uint16*)origdata; 2123 mb=data; 2124 for (n=0; n<count; n++) 2125 { 2126 if (tif->tif_flags&TIFF_SWAB) 2127 TIFFSwabShort(ma); 2128 *mb++=(int64)(*ma++); 2129 } 2130 } 2131 break; 2132 case TIFF_SSHORT: 2133 { 2134 int16* ma; 2135 int64* mb; 2136 uint32 n; 2137 ma=(int16*)origdata; 2138 mb=data; 2139 for (n=0; n<count; n++) 2140 { 2141 if (tif->tif_flags&TIFF_SWAB) 2142 TIFFSwabShort((uint16*)ma); 2143 *mb++=(int64)(*ma++); 2144 } 2145 } 2146 break; 2147 case TIFF_LONG: 2148 { 2149 uint32* ma; 2150 int64* mb; 2151 uint32 n; 2152 ma=(uint32*)origdata; 2153 mb=data; 2154 for (n=0; n<count; n++) 2155 { 2156 if (tif->tif_flags&TIFF_SWAB) 2157 TIFFSwabLong(ma); 2158 *mb++=(int64)(*ma++); 2159 } 2160 } 2161 break; 2162 case TIFF_SLONG: 2163 { 2164 int32* ma; 2165 int64* mb; 2166 uint32 n; 2167 ma=(int32*)origdata; 2168 mb=data; 2169 for (n=0; n<count; n++) 2170 { 2171 if (tif->tif_flags&TIFF_SWAB) 2172 TIFFSwabLong((uint32*)ma); 2173 *mb++=(int64)(*ma++); 2174 } 2175 } 2176 break; 2177 } 2178 _TIFFfree(origdata); 2179 *value=data; 2180 return(TIFFReadDirEntryErrOk); 2181 } 2182 2183 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value) 2184 { 2185 enum TIFFReadDirEntryErr err; 2186 uint32 count; 2187 void* origdata; 2188 float* data; 2189 switch (direntry->tdir_type) 2190 { 2191 case TIFF_BYTE: 2192 case TIFF_SBYTE: 2193 case TIFF_SHORT: 2194 case TIFF_SSHORT: 2195 case TIFF_LONG: 2196 case TIFF_SLONG: 2197 case TIFF_LONG8: 2198 case TIFF_SLONG8: 2199 case TIFF_RATIONAL: 2200 case TIFF_SRATIONAL: 2201 case TIFF_FLOAT: 2202 case TIFF_DOUBLE: 2203 break; 2204 default: 2205 return(TIFFReadDirEntryErrType); 2206 } 2207 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata); 2208 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 2209 { 2210 *value=0; 2211 return(err); 2212 } 2213 switch (direntry->tdir_type) 2214 { 2215 case TIFF_FLOAT: 2216 if (tif->tif_flags&TIFF_SWAB) 2217 TIFFSwabArrayOfLong((uint32*)origdata,count); 2218 TIFFCvtIEEEDoubleToNative(tif,count,(float*)origdata); 2219 *value=(float*)origdata; 2220 return(TIFFReadDirEntryErrOk); 2221 } 2222 data=(float*)_TIFFmalloc(count*sizeof(float)); 2223 if (data==0) 2224 { 2225 _TIFFfree(origdata); 2226 return(TIFFReadDirEntryErrAlloc); 2227 } 2228 switch (direntry->tdir_type) 2229 { 2230 case TIFF_BYTE: 2231 { 2232 uint8* ma; 2233 float* mb; 2234 uint32 n; 2235 ma=(uint8*)origdata; 2236 mb=data; 2237 for (n=0; n<count; n++) 2238 *mb++=(float)(*ma++); 2239 } 2240 break; 2241 case TIFF_SBYTE: 2242 { 2243 int8* ma; 2244 float* mb; 2245 uint32 n; 2246 ma=(int8*)origdata; 2247 mb=data; 2248 for (n=0; n<count; n++) 2249 *mb++=(float)(*ma++); 2250 } 2251 break; 2252 case TIFF_SHORT: 2253 { 2254 uint16* ma; 2255 float* mb; 2256 uint32 n; 2257 ma=(uint16*)origdata; 2258 mb=data; 2259 for (n=0; n<count; n++) 2260 { 2261 if (tif->tif_flags&TIFF_SWAB) 2262 TIFFSwabShort(ma); 2263 *mb++=(float)(*ma++); 2264 } 2265 } 2266 break; 2267 case TIFF_SSHORT: 2268 { 2269 int16* ma; 2270 float* mb; 2271 uint32 n; 2272 ma=(int16*)origdata; 2273 mb=data; 2274 for (n=0; n<count; n++) 2275 { 2276 if (tif->tif_flags&TIFF_SWAB) 2277 TIFFSwabShort((uint16*)ma); 2278 *mb++=(float)(*ma++); 2279 } 2280 } 2281 break; 2282 case TIFF_LONG: 2283 { 2284 uint32* ma; 2285 float* mb; 2286 uint32 n; 2287 ma=(uint32*)origdata; 2288 mb=data; 2289 for (n=0; n<count; n++) 2290 { 2291 if (tif->tif_flags&TIFF_SWAB) 2292 TIFFSwabLong(ma); 2293 *mb++=(float)(*ma++); 2294 } 2295 } 2296 break; 2297 case TIFF_SLONG: 2298 { 2299 int32* ma; 2300 float* mb; 2301 uint32 n; 2302 ma=(int32*)origdata; 2303 mb=data; 2304 for (n=0; n<count; n++) 2305 { 2306 if (tif->tif_flags&TIFF_SWAB) 2307 TIFFSwabLong((uint32*)ma); 2308 *mb++=(float)(*ma++); 2309 } 2310 } 2311 break; 2312 case TIFF_LONG8: 2313 { 2314 uint64* ma; 2315 float* mb; 2316 uint32 n; 2317 ma=(uint64*)origdata; 2318 mb=data; 2319 for (n=0; n<count; n++) 2320 { 2321 if (tif->tif_flags&TIFF_SWAB) 2322 TIFFSwabLong8(ma); 2323 #if defined(__WIN32__) && (_MSC_VER < 1500) 2324 /* 2325 * XXX: MSVC 6.0 does not support 2326 * conversion of 64-bit integers into 2327 * floating point values. 2328 */ 2329 *mb++ = _TIFFUInt64ToFloat(*ma++); 2330 #else 2331 *mb++ = (float)(*ma++); 2332 #endif 2333 } 2334 } 2335 break; 2336 case TIFF_SLONG8: 2337 { 2338 int64* ma; 2339 float* mb; 2340 uint32 n; 2341 ma=(int64*)origdata; 2342 mb=data; 2343 for (n=0; n<count; n++) 2344 { 2345 if (tif->tif_flags&TIFF_SWAB) 2346 TIFFSwabLong8((uint64*)ma); 2347 *mb++=(float)(*ma++); 2348 } 2349 } 2350 break; 2351 case TIFF_RATIONAL: 2352 { 2353 uint32* ma; 2354 uint32 maa; 2355 uint32 mab; 2356 float* mb; 2357 uint32 n; 2358 ma=(uint32*)origdata; 2359 mb=data; 2360 for (n=0; n<count; n++) 2361 { 2362 if (tif->tif_flags&TIFF_SWAB) 2363 TIFFSwabLong(ma); 2364 maa=*ma++; 2365 if (tif->tif_flags&TIFF_SWAB) 2366 TIFFSwabLong(ma); 2367 mab=*ma++; 2368 if (mab==0) 2369 *mb++=0.0; 2370 else 2371 *mb++=(float)maa/(float)mab; 2372 } 2373 } 2374 break; 2375 case TIFF_SRATIONAL: 2376 { 2377 uint32* ma; 2378 int32 maa; 2379 uint32 mab; 2380 float* mb; 2381 uint32 n; 2382 ma=(uint32*)origdata; 2383 mb=data; 2384 for (n=0; n<count; n++) 2385 { 2386 if (tif->tif_flags&TIFF_SWAB) 2387 TIFFSwabLong(ma); 2388 maa=*(int32*)ma; 2389 ma++; 2390 if (tif->tif_flags&TIFF_SWAB) 2391 TIFFSwabLong(ma); 2392 mab=*ma++; 2393 if (mab==0) 2394 *mb++=0.0; 2395 else 2396 *mb++=(float)maa/(float)mab; 2397 } 2398 } 2399 break; 2400 case TIFF_DOUBLE: 2401 { 2402 double* ma; 2403 float* mb; 2404 uint32 n; 2405 if (tif->tif_flags&TIFF_SWAB) 2406 TIFFSwabArrayOfLong8((uint64*)origdata,count); 2407 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata); 2408 ma=(double*)origdata; 2409 mb=data; 2410 for (n=0; n<count; n++) 2411 { 2412 double val = *ma++; 2413 if( val > FLT_MAX ) 2414 val = FLT_MAX; 2415 else if( val < -FLT_MAX ) 2416 val = -FLT_MAX; 2417 *mb++=(float)val; 2418 } 2419 } 2420 break; 2421 } 2422 _TIFFfree(origdata); 2423 *value=data; 2424 return(TIFFReadDirEntryErrOk); 2425 } 2426 2427 static enum TIFFReadDirEntryErr 2428 TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value) 2429 { 2430 enum TIFFReadDirEntryErr err; 2431 uint32 count; 2432 void* origdata; 2433 double* data; 2434 switch (direntry->tdir_type) 2435 { 2436 case TIFF_BYTE: 2437 case TIFF_SBYTE: 2438 case TIFF_SHORT: 2439 case TIFF_SSHORT: 2440 case TIFF_LONG: 2441 case TIFF_SLONG: 2442 case TIFF_LONG8: 2443 case TIFF_SLONG8: 2444 case TIFF_RATIONAL: 2445 case TIFF_SRATIONAL: 2446 case TIFF_FLOAT: 2447 case TIFF_DOUBLE: 2448 break; 2449 default: 2450 return(TIFFReadDirEntryErrType); 2451 } 2452 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata); 2453 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 2454 { 2455 *value=0; 2456 return(err); 2457 } 2458 switch (direntry->tdir_type) 2459 { 2460 case TIFF_DOUBLE: 2461 if (tif->tif_flags&TIFF_SWAB) 2462 TIFFSwabArrayOfLong8((uint64*)origdata,count); 2463 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata); 2464 *value=(double*)origdata; 2465 return(TIFFReadDirEntryErrOk); 2466 } 2467 data=(double*)_TIFFmalloc(count*sizeof(double)); 2468 if (data==0) 2469 { 2470 _TIFFfree(origdata); 2471 return(TIFFReadDirEntryErrAlloc); 2472 } 2473 switch (direntry->tdir_type) 2474 { 2475 case TIFF_BYTE: 2476 { 2477 uint8* ma; 2478 double* mb; 2479 uint32 n; 2480 ma=(uint8*)origdata; 2481 mb=data; 2482 for (n=0; n<count; n++) 2483 *mb++=(double)(*ma++); 2484 } 2485 break; 2486 case TIFF_SBYTE: 2487 { 2488 int8* ma; 2489 double* mb; 2490 uint32 n; 2491 ma=(int8*)origdata; 2492 mb=data; 2493 for (n=0; n<count; n++) 2494 *mb++=(double)(*ma++); 2495 } 2496 break; 2497 case TIFF_SHORT: 2498 { 2499 uint16* ma; 2500 double* mb; 2501 uint32 n; 2502 ma=(uint16*)origdata; 2503 mb=data; 2504 for (n=0; n<count; n++) 2505 { 2506 if (tif->tif_flags&TIFF_SWAB) 2507 TIFFSwabShort(ma); 2508 *mb++=(double)(*ma++); 2509 } 2510 } 2511 break; 2512 case TIFF_SSHORT: 2513 { 2514 int16* ma; 2515 double* mb; 2516 uint32 n; 2517 ma=(int16*)origdata; 2518 mb=data; 2519 for (n=0; n<count; n++) 2520 { 2521 if (tif->tif_flags&TIFF_SWAB) 2522 TIFFSwabShort((uint16*)ma); 2523 *mb++=(double)(*ma++); 2524 } 2525 } 2526 break; 2527 case TIFF_LONG: 2528 { 2529 uint32* ma; 2530 double* mb; 2531 uint32 n; 2532 ma=(uint32*)origdata; 2533 mb=data; 2534 for (n=0; n<count; n++) 2535 { 2536 if (tif->tif_flags&TIFF_SWAB) 2537 TIFFSwabLong(ma); 2538 *mb++=(double)(*ma++); 2539 } 2540 } 2541 break; 2542 case TIFF_SLONG: 2543 { 2544 int32* ma; 2545 double* mb; 2546 uint32 n; 2547 ma=(int32*)origdata; 2548 mb=data; 2549 for (n=0; n<count; n++) 2550 { 2551 if (tif->tif_flags&TIFF_SWAB) 2552 TIFFSwabLong((uint32*)ma); 2553 *mb++=(double)(*ma++); 2554 } 2555 } 2556 break; 2557 case TIFF_LONG8: 2558 { 2559 uint64* ma; 2560 double* mb; 2561 uint32 n; 2562 ma=(uint64*)origdata; 2563 mb=data; 2564 for (n=0; n<count; n++) 2565 { 2566 if (tif->tif_flags&TIFF_SWAB) 2567 TIFFSwabLong8(ma); 2568 #if defined(__WIN32__) && (_MSC_VER < 1500) 2569 /* 2570 * XXX: MSVC 6.0 does not support 2571 * conversion of 64-bit integers into 2572 * floating point values. 2573 */ 2574 *mb++ = _TIFFUInt64ToDouble(*ma++); 2575 #else 2576 *mb++ = (double)(*ma++); 2577 #endif 2578 } 2579 } 2580 break; 2581 case TIFF_SLONG8: 2582 { 2583 int64* ma; 2584 double* mb; 2585 uint32 n; 2586 ma=(int64*)origdata; 2587 mb=data; 2588 for (n=0; n<count; n++) 2589 { 2590 if (tif->tif_flags&TIFF_SWAB) 2591 TIFFSwabLong8((uint64*)ma); 2592 *mb++=(double)(*ma++); 2593 } 2594 } 2595 break; 2596 case TIFF_RATIONAL: 2597 { 2598 uint32* ma; 2599 uint32 maa; 2600 uint32 mab; 2601 double* mb; 2602 uint32 n; 2603 ma=(uint32*)origdata; 2604 mb=data; 2605 for (n=0; n<count; n++) 2606 { 2607 if (tif->tif_flags&TIFF_SWAB) 2608 TIFFSwabLong(ma); 2609 maa=*ma++; 2610 if (tif->tif_flags&TIFF_SWAB) 2611 TIFFSwabLong(ma); 2612 mab=*ma++; 2613 if (mab==0) 2614 *mb++=0.0; 2615 else 2616 *mb++=(double)maa/(double)mab; 2617 } 2618 } 2619 break; 2620 case TIFF_SRATIONAL: 2621 { 2622 uint32* ma; 2623 int32 maa; 2624 uint32 mab; 2625 double* mb; 2626 uint32 n; 2627 ma=(uint32*)origdata; 2628 mb=data; 2629 for (n=0; n<count; n++) 2630 { 2631 if (tif->tif_flags&TIFF_SWAB) 2632 TIFFSwabLong(ma); 2633 maa=*(int32*)ma; 2634 ma++; 2635 if (tif->tif_flags&TIFF_SWAB) 2636 TIFFSwabLong(ma); 2637 mab=*ma++; 2638 if (mab==0) 2639 *mb++=0.0; 2640 else 2641 *mb++=(double)maa/(double)mab; 2642 } 2643 } 2644 break; 2645 case TIFF_FLOAT: 2646 { 2647 float* ma; 2648 double* mb; 2649 uint32 n; 2650 if (tif->tif_flags&TIFF_SWAB) 2651 TIFFSwabArrayOfLong((uint32*)origdata,count); 2652 TIFFCvtIEEEFloatToNative(tif,count,(float*)origdata); 2653 ma=(float*)origdata; 2654 mb=data; 2655 for (n=0; n<count; n++) 2656 *mb++=(double)(*ma++); 2657 } 2658 break; 2659 } 2660 _TIFFfree(origdata); 2661 *value=data; 2662 return(TIFFReadDirEntryErrOk); 2663 } 2664 2665 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value) 2666 { 2667 enum TIFFReadDirEntryErr err; 2668 uint32 count; 2669 void* origdata; 2670 uint64* data; 2671 switch (direntry->tdir_type) 2672 { 2673 case TIFF_LONG: 2674 case TIFF_LONG8: 2675 case TIFF_IFD: 2676 case TIFF_IFD8: 2677 break; 2678 default: 2679 return(TIFFReadDirEntryErrType); 2680 } 2681 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata); 2682 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0)) 2683 { 2684 *value=0; 2685 return(err); 2686 } 2687 switch (direntry->tdir_type) 2688 { 2689 case TIFF_LONG8: 2690 case TIFF_IFD8: 2691 *value=(uint64*)origdata; 2692 if (tif->tif_flags&TIFF_SWAB) 2693 TIFFSwabArrayOfLong8(*value,count); 2694 return(TIFFReadDirEntryErrOk); 2695 } 2696 data=(uint64*)_TIFFmalloc(count*8); 2697 if (data==0) 2698 { 2699 _TIFFfree(origdata); 2700 return(TIFFReadDirEntryErrAlloc); 2701 } 2702 switch (direntry->tdir_type) 2703 { 2704 case TIFF_LONG: 2705 case TIFF_IFD: 2706 { 2707 uint32* ma; 2708 uint64* mb; 2709 uint32 n; 2710 ma=(uint32*)origdata; 2711 mb=data; 2712 for (n=0; n<count; n++) 2713 { 2714 if (tif->tif_flags&TIFF_SWAB) 2715 TIFFSwabLong(ma); 2716 *mb++=(uint64)(*ma++); 2717 } 2718 } 2719 break; 2720 } 2721 _TIFFfree(origdata); 2722 *value=data; 2723 return(TIFFReadDirEntryErrOk); 2724 } 2725 2726 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value) 2727 { 2728 enum TIFFReadDirEntryErr err; 2729 uint16* m; 2730 uint16* na; 2731 uint16 nb; 2732 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel) 2733 return(TIFFReadDirEntryErrCount); 2734 err=TIFFReadDirEntryShortArray(tif,direntry,&m); 2735 if (err!=TIFFReadDirEntryErrOk) 2736 return(err); 2737 na=m; 2738 nb=tif->tif_dir.td_samplesperpixel; 2739 *value=*na++; 2740 nb--; 2741 while (nb>0) 2742 { 2743 if (*na++!=*value) 2744 { 2745 err=TIFFReadDirEntryErrPsdif; 2746 break; 2747 } 2748 nb--; 2749 } 2750 _TIFFfree(m); 2751 return(err); 2752 } 2753 2754 #if 0 2755 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value) 2756 { 2757 enum TIFFReadDirEntryErr err; 2758 double* m; 2759 double* na; 2760 uint16 nb; 2761 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel) 2762 return(TIFFReadDirEntryErrCount); 2763 err=TIFFReadDirEntryDoubleArray(tif,direntry,&m); 2764 if (err!=TIFFReadDirEntryErrOk) 2765 return(err); 2766 na=m; 2767 nb=tif->tif_dir.td_samplesperpixel; 2768 *value=*na++; 2769 nb--; 2770 while (nb>0) 2771 { 2772 if (*na++!=*value) 2773 { 2774 err=TIFFReadDirEntryErrPsdif; 2775 break; 2776 } 2777 nb--; 2778 } 2779 _TIFFfree(m); 2780 return(err); 2781 } 2782 #endif 2783 2784 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value) 2785 { 2786 (void) tif; 2787 *value=*(uint8*)(&direntry->tdir_offset); 2788 } 2789 2790 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value) 2791 { 2792 (void) tif; 2793 *value=*(int8*)(&direntry->tdir_offset); 2794 } 2795 2796 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value) 2797 { 2798 *value = direntry->tdir_offset.toff_short; 2799 /* *value=*(uint16*)(&direntry->tdir_offset); */ 2800 if (tif->tif_flags&TIFF_SWAB) 2801 TIFFSwabShort(value); 2802 } 2803 2804 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value) 2805 { 2806 *value=*(int16*)(&direntry->tdir_offset); 2807 if (tif->tif_flags&TIFF_SWAB) 2808 TIFFSwabShort((uint16*)value); 2809 } 2810 2811 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value) 2812 { 2813 *value=*(uint32*)(&direntry->tdir_offset); 2814 if (tif->tif_flags&TIFF_SWAB) 2815 TIFFSwabLong(value); 2816 } 2817 2818 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value) 2819 { 2820 *value=*(int32*)(&direntry->tdir_offset); 2821 if (tif->tif_flags&TIFF_SWAB) 2822 TIFFSwabLong((uint32*)value); 2823 } 2824 2825 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value) 2826 { 2827 if (!(tif->tif_flags&TIFF_BIGTIFF)) 2828 { 2829 enum TIFFReadDirEntryErr err; 2830 uint32 offset = direntry->tdir_offset.toff_long; 2831 if (tif->tif_flags&TIFF_SWAB) 2832 TIFFSwabLong(&offset); 2833 err=TIFFReadDirEntryData(tif,offset,8,value); 2834 if (err!=TIFFReadDirEntryErrOk) 2835 return(err); 2836 } 2837 else 2838 *value = direntry->tdir_offset.toff_long8; 2839 if (tif->tif_flags&TIFF_SWAB) 2840 TIFFSwabLong8(value); 2841 return(TIFFReadDirEntryErrOk); 2842 } 2843 2844 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value) 2845 { 2846 if (!(tif->tif_flags&TIFF_BIGTIFF)) 2847 { 2848 enum TIFFReadDirEntryErr err; 2849 uint32 offset = direntry->tdir_offset.toff_long; 2850 if (tif->tif_flags&TIFF_SWAB) 2851 TIFFSwabLong(&offset); 2852 err=TIFFReadDirEntryData(tif,offset,8,value); 2853 if (err!=TIFFReadDirEntryErrOk) 2854 return(err); 2855 } 2856 else 2857 *value=*(int64*)(&direntry->tdir_offset); 2858 if (tif->tif_flags&TIFF_SWAB) 2859 TIFFSwabLong8((uint64*)value); 2860 return(TIFFReadDirEntryErrOk); 2861 } 2862 2863 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value) 2864 { 2865 UInt64Aligned_t m; 2866 2867 assert(sizeof(double)==8); 2868 assert(sizeof(uint64)==8); 2869 assert(sizeof(uint32)==4); 2870 if (!(tif->tif_flags&TIFF_BIGTIFF)) 2871 { 2872 enum TIFFReadDirEntryErr err; 2873 uint32 offset = direntry->tdir_offset.toff_long; 2874 if (tif->tif_flags&TIFF_SWAB) 2875 TIFFSwabLong(&offset); 2876 err=TIFFReadDirEntryData(tif,offset,8,m.i); 2877 if (err!=TIFFReadDirEntryErrOk) 2878 return(err); 2879 } 2880 else 2881 m.l = direntry->tdir_offset.toff_long8; 2882 if (tif->tif_flags&TIFF_SWAB) 2883 TIFFSwabArrayOfLong(m.i,2); 2884 /* Not completely sure what we should do when m.i[1]==0, but some */ 2885 /* sanitizers do not like division by 0.0: */ 2886 /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ 2887 if (m.i[0]==0 || m.i[1]==0) 2888 *value=0.0; 2889 else 2890 *value=(double)m.i[0]/(double)m.i[1]; 2891 return(TIFFReadDirEntryErrOk); 2892 } 2893 2894 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value) 2895 { 2896 UInt64Aligned_t m; 2897 assert(sizeof(double)==8); 2898 assert(sizeof(uint64)==8); 2899 assert(sizeof(int32)==4); 2900 assert(sizeof(uint32)==4); 2901 if (!(tif->tif_flags&TIFF_BIGTIFF)) 2902 { 2903 enum TIFFReadDirEntryErr err; 2904 uint32 offset = direntry->tdir_offset.toff_long; 2905 if (tif->tif_flags&TIFF_SWAB) 2906 TIFFSwabLong(&offset); 2907 err=TIFFReadDirEntryData(tif,offset,8,m.i); 2908 if (err!=TIFFReadDirEntryErrOk) 2909 return(err); 2910 } 2911 else 2912 m.l=direntry->tdir_offset.toff_long8; 2913 if (tif->tif_flags&TIFF_SWAB) 2914 TIFFSwabArrayOfLong(m.i,2); 2915 /* Not completely sure what we should do when m.i[1]==0, but some */ 2916 /* sanitizers do not like division by 0.0: */ 2917 /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */ 2918 if ((int32)m.i[0]==0 || m.i[1]==0) 2919 *value=0.0; 2920 else 2921 *value=(double)((int32)m.i[0])/(double)m.i[1]; 2922 return(TIFFReadDirEntryErrOk); 2923 } 2924 2925 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value) 2926 { 2927 union 2928 { 2929 float f; 2930 uint32 i; 2931 } float_union; 2932 assert(sizeof(float)==4); 2933 assert(sizeof(uint32)==4); 2934 assert(sizeof(float_union)==4); 2935 float_union.i=*(uint32*)(&direntry->tdir_offset); 2936 *value=float_union.f; 2937 if (tif->tif_flags&TIFF_SWAB) 2938 TIFFSwabLong((uint32*)value); 2939 } 2940 2941 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value) 2942 { 2943 assert(sizeof(double)==8); 2944 assert(sizeof(uint64)==8); 2945 assert(sizeof(UInt64Aligned_t)==8); 2946 if (!(tif->tif_flags&TIFF_BIGTIFF)) 2947 { 2948 enum TIFFReadDirEntryErr err; 2949 uint32 offset = direntry->tdir_offset.toff_long; 2950 if (tif->tif_flags&TIFF_SWAB) 2951 TIFFSwabLong(&offset); 2952 err=TIFFReadDirEntryData(tif,offset,8,value); 2953 if (err!=TIFFReadDirEntryErrOk) 2954 return(err); 2955 } 2956 else 2957 { 2958 UInt64Aligned_t uint64_union; 2959 uint64_union.l=direntry->tdir_offset.toff_long8; 2960 *value=uint64_union.d; 2961 } 2962 if (tif->tif_flags&TIFF_SWAB) 2963 TIFFSwabLong8((uint64*)value); 2964 return(TIFFReadDirEntryErrOk); 2965 } 2966 2967 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value) 2968 { 2969 if (value<0) 2970 return(TIFFReadDirEntryErrRange); 2971 else 2972 return(TIFFReadDirEntryErrOk); 2973 } 2974 2975 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value) 2976 { 2977 if (value>0xFF) 2978 return(TIFFReadDirEntryErrRange); 2979 else 2980 return(TIFFReadDirEntryErrOk); 2981 } 2982 2983 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value) 2984 { 2985 if ((value<0)||(value>0xFF)) 2986 return(TIFFReadDirEntryErrRange); 2987 else 2988 return(TIFFReadDirEntryErrOk); 2989 } 2990 2991 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value) 2992 { 2993 if (value>0xFF) 2994 return(TIFFReadDirEntryErrRange); 2995 else 2996 return(TIFFReadDirEntryErrOk); 2997 } 2998 2999 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value) 3000 { 3001 if ((value<0)||(value>0xFF)) 3002 return(TIFFReadDirEntryErrRange); 3003 else 3004 return(TIFFReadDirEntryErrOk); 3005 } 3006 3007 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value) 3008 { 3009 if (value>0xFF) 3010 return(TIFFReadDirEntryErrRange); 3011 else 3012 return(TIFFReadDirEntryErrOk); 3013 } 3014 3015 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value) 3016 { 3017 if ((value<0)||(value>0xFF)) 3018 return(TIFFReadDirEntryErrRange); 3019 else 3020 return(TIFFReadDirEntryErrOk); 3021 } 3022 3023 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value) 3024 { 3025 if (value>0x7F) 3026 return(TIFFReadDirEntryErrRange); 3027 else 3028 return(TIFFReadDirEntryErrOk); 3029 } 3030 3031 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value) 3032 { 3033 if (value>0x7F) 3034 return(TIFFReadDirEntryErrRange); 3035 else 3036 return(TIFFReadDirEntryErrOk); 3037 } 3038 3039 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value) 3040 { 3041 if ((value<-0x80)||(value>0x7F)) 3042 return(TIFFReadDirEntryErrRange); 3043 else 3044 return(TIFFReadDirEntryErrOk); 3045 } 3046 3047 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value) 3048 { 3049 if (value>0x7F) 3050 return(TIFFReadDirEntryErrRange); 3051 else 3052 return(TIFFReadDirEntryErrOk); 3053 } 3054 3055 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value) 3056 { 3057 if ((value<-0x80)||(value>0x7F)) 3058 return(TIFFReadDirEntryErrRange); 3059 else 3060 return(TIFFReadDirEntryErrOk); 3061 } 3062 3063 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value) 3064 { 3065 if (value>0x7F) 3066 return(TIFFReadDirEntryErrRange); 3067 else 3068 return(TIFFReadDirEntryErrOk); 3069 } 3070 3071 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value) 3072 { 3073 if ((value<-0x80)||(value>0x7F)) 3074 return(TIFFReadDirEntryErrRange); 3075 else 3076 return(TIFFReadDirEntryErrOk); 3077 } 3078 3079 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value) 3080 { 3081 if (value<0) 3082 return(TIFFReadDirEntryErrRange); 3083 else 3084 return(TIFFReadDirEntryErrOk); 3085 } 3086 3087 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value) 3088 { 3089 if (value<0) 3090 return(TIFFReadDirEntryErrRange); 3091 else 3092 return(TIFFReadDirEntryErrOk); 3093 } 3094 3095 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value) 3096 { 3097 if (value>0xFFFF) 3098 return(TIFFReadDirEntryErrRange); 3099 else 3100 return(TIFFReadDirEntryErrOk); 3101 } 3102 3103 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value) 3104 { 3105 if ((value<0)||(value>0xFFFF)) 3106 return(TIFFReadDirEntryErrRange); 3107 else 3108 return(TIFFReadDirEntryErrOk); 3109 } 3110 3111 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value) 3112 { 3113 if (value>0xFFFF) 3114 return(TIFFReadDirEntryErrRange); 3115 else 3116 return(TIFFReadDirEntryErrOk); 3117 } 3118 3119 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value) 3120 { 3121 if ((value<0)||(value>0xFFFF)) 3122 return(TIFFReadDirEntryErrRange); 3123 else 3124 return(TIFFReadDirEntryErrOk); 3125 } 3126 3127 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value) 3128 { 3129 if (value>0x7FFF) 3130 return(TIFFReadDirEntryErrRange); 3131 else 3132 return(TIFFReadDirEntryErrOk); 3133 } 3134 3135 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value) 3136 { 3137 if (value>0x7FFF) 3138 return(TIFFReadDirEntryErrRange); 3139 else 3140 return(TIFFReadDirEntryErrOk); 3141 } 3142 3143 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value) 3144 { 3145 if ((value<-0x8000)||(value>0x7FFF)) 3146 return(TIFFReadDirEntryErrRange); 3147 else 3148 return(TIFFReadDirEntryErrOk); 3149 } 3150 3151 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value) 3152 { 3153 if (value>0x7FFF) 3154 return(TIFFReadDirEntryErrRange); 3155 else 3156 return(TIFFReadDirEntryErrOk); 3157 } 3158 3159 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value) 3160 { 3161 if ((value<-0x8000)||(value>0x7FFF)) 3162 return(TIFFReadDirEntryErrRange); 3163 else 3164 return(TIFFReadDirEntryErrOk); 3165 } 3166 3167 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value) 3168 { 3169 if (value<0) 3170 return(TIFFReadDirEntryErrRange); 3171 else 3172 return(TIFFReadDirEntryErrOk); 3173 } 3174 3175 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value) 3176 { 3177 if (value<0) 3178 return(TIFFReadDirEntryErrRange); 3179 else 3180 return(TIFFReadDirEntryErrOk); 3181 } 3182 3183 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value) 3184 { 3185 if (value<0) 3186 return(TIFFReadDirEntryErrRange); 3187 else 3188 return(TIFFReadDirEntryErrOk); 3189 } 3190 3191 /* 3192 * Largest 32-bit unsigned integer value. 3193 */ 3194 #define TIFF_UINT32_MAX 0xFFFFFFFFU 3195 3196 static enum TIFFReadDirEntryErr 3197 TIFFReadDirEntryCheckRangeLongLong8(uint64 value) 3198 { 3199 if (value > TIFF_UINT32_MAX) 3200 return(TIFFReadDirEntryErrRange); 3201 else 3202 return(TIFFReadDirEntryErrOk); 3203 } 3204 3205 static enum TIFFReadDirEntryErr 3206 TIFFReadDirEntryCheckRangeLongSlong8(int64 value) 3207 { 3208 if ((value < 0) || (value > (int64) TIFF_UINT32_MAX)) 3209 return(TIFFReadDirEntryErrRange); 3210 else 3211 return(TIFFReadDirEntryErrOk); 3212 } 3213 3214 #undef TIFF_UINT32_MAX 3215 3216 static enum TIFFReadDirEntryErr 3217 TIFFReadDirEntryCheckRangeSlongLong(uint32 value) 3218 { 3219 if (value > 0x7FFFFFFFUL) 3220 return(TIFFReadDirEntryErrRange); 3221 else 3222 return(TIFFReadDirEntryErrOk); 3223 } 3224 3225 /* Check that the 8-byte unsigned value can fit in a 4-byte unsigned range */ 3226 static enum TIFFReadDirEntryErr 3227 TIFFReadDirEntryCheckRangeSlongLong8(uint64 value) 3228 { 3229 if (value > 0x7FFFFFFF) 3230 return(TIFFReadDirEntryErrRange); 3231 else 3232 return(TIFFReadDirEntryErrOk); 3233 } 3234 3235 /* Check that the 8-byte signed value can fit in a 4-byte signed range */ 3236 static enum TIFFReadDirEntryErr 3237 TIFFReadDirEntryCheckRangeSlongSlong8(int64 value) 3238 { 3239 if ((value < 0-((int64) 0x7FFFFFFF+1)) || (value > 0x7FFFFFFF)) 3240 return(TIFFReadDirEntryErrRange); 3241 else 3242 return(TIFFReadDirEntryErrOk); 3243 } 3244 3245 static enum TIFFReadDirEntryErr 3246 TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value) 3247 { 3248 if (value < 0) 3249 return(TIFFReadDirEntryErrRange); 3250 else 3251 return(TIFFReadDirEntryErrOk); 3252 } 3253 3254 static enum TIFFReadDirEntryErr 3255 TIFFReadDirEntryCheckRangeLong8Sshort(int16 value) 3256 { 3257 if (value < 0) 3258 return(TIFFReadDirEntryErrRange); 3259 else 3260 return(TIFFReadDirEntryErrOk); 3261 } 3262 3263 static enum TIFFReadDirEntryErr 3264 TIFFReadDirEntryCheckRangeLong8Slong(int32 value) 3265 { 3266 if (value < 0) 3267 return(TIFFReadDirEntryErrRange); 3268 else 3269 return(TIFFReadDirEntryErrOk); 3270 } 3271 3272 static enum TIFFReadDirEntryErr 3273 TIFFReadDirEntryCheckRangeLong8Slong8(int64 value) 3274 { 3275 if (value < 0) 3276 return(TIFFReadDirEntryErrRange); 3277 else 3278 return(TIFFReadDirEntryErrOk); 3279 } 3280 3281 /* 3282 * Largest 64-bit signed integer value. 3283 */ 3284 #define TIFF_INT64_MAX ((int64)(((uint64) ~0) >> 1)) 3285 3286 static enum TIFFReadDirEntryErr 3287 TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value) 3288 { 3289 if (value > TIFF_INT64_MAX) 3290 return(TIFFReadDirEntryErrRange); 3291 else 3292 return(TIFFReadDirEntryErrOk); 3293 } 3294 3295 #undef TIFF_INT64_MAX 3296 3297 static enum TIFFReadDirEntryErr 3298 TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest) 3299 { 3300 assert(size>0); 3301 if (!isMapped(tif)) { 3302 if (!SeekOK(tif,offset)) 3303 return(TIFFReadDirEntryErrIo); 3304 if (!ReadOK(tif,dest,size)) 3305 return(TIFFReadDirEntryErrIo); 3306 } else { 3307 size_t ma,mb; 3308 ma=(size_t)offset; 3309 mb=ma+size; 3310 if (((uint64)ma!=offset) 3311 || (mb < ma) 3312 || (mb - ma != (size_t) size) 3313 || (mb < (size_t)size) 3314 || (mb > (size_t)tif->tif_size) 3315 ) 3316 return(TIFFReadDirEntryErrIo); 3317 _TIFFmemcpy(dest,tif->tif_base+ma,size); 3318 } 3319 return(TIFFReadDirEntryErrOk); 3320 } 3321 3322 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover) 3323 { 3324 if (!recover) { 3325 switch (err) { 3326 case TIFFReadDirEntryErrCount: 3327 TIFFErrorExt(tif->tif_clientdata, module, 3328 "Incorrect count for \"%s\"", 3329 tagname); 3330 break; 3331 case TIFFReadDirEntryErrType: 3332 TIFFErrorExt(tif->tif_clientdata, module, 3333 "Incompatible type for \"%s\"", 3334 tagname); 3335 break; 3336 case TIFFReadDirEntryErrIo: 3337 TIFFErrorExt(tif->tif_clientdata, module, 3338 "IO error during reading of \"%s\"", 3339 tagname); 3340 break; 3341 case TIFFReadDirEntryErrRange: 3342 TIFFErrorExt(tif->tif_clientdata, module, 3343 "Incorrect value for \"%s\"", 3344 tagname); 3345 break; 3346 case TIFFReadDirEntryErrPsdif: 3347 TIFFErrorExt(tif->tif_clientdata, module, 3348 "Cannot handle different values per sample for \"%s\"", 3349 tagname); 3350 break; 3351 case TIFFReadDirEntryErrSizesan: 3352 TIFFErrorExt(tif->tif_clientdata, module, 3353 "Sanity check on size of \"%s\" value failed", 3354 tagname); 3355 break; 3356 case TIFFReadDirEntryErrAlloc: 3357 TIFFErrorExt(tif->tif_clientdata, module, 3358 "Out of memory reading of \"%s\"", 3359 tagname); 3360 break; 3361 default: 3362 assert(0); /* we should never get here */ 3363 break; 3364 } 3365 } else { 3366 switch (err) { 3367 case TIFFReadDirEntryErrCount: 3368 TIFFWarningExt(tif->tif_clientdata, module, 3369 "Incorrect count for \"%s\"; tag ignored", 3370 tagname); 3371 break; 3372 case TIFFReadDirEntryErrType: 3373 TIFFWarningExt(tif->tif_clientdata, module, 3374 "Incompatible type for \"%s\"; tag ignored", 3375 tagname); 3376 break; 3377 case TIFFReadDirEntryErrIo: 3378 TIFFWarningExt(tif->tif_clientdata, module, 3379 "IO error during reading of \"%s\"; tag ignored", 3380 tagname); 3381 break; 3382 case TIFFReadDirEntryErrRange: 3383 TIFFWarningExt(tif->tif_clientdata, module, 3384 "Incorrect value for \"%s\"; tag ignored", 3385 tagname); 3386 break; 3387 case TIFFReadDirEntryErrPsdif: 3388 TIFFWarningExt(tif->tif_clientdata, module, 3389 "Cannot handle different values per sample for \"%s\"; tag ignored", 3390 tagname); 3391 break; 3392 case TIFFReadDirEntryErrSizesan: 3393 TIFFWarningExt(tif->tif_clientdata, module, 3394 "Sanity check on size of \"%s\" value failed; tag ignored", 3395 tagname); 3396 break; 3397 case TIFFReadDirEntryErrAlloc: 3398 TIFFWarningExt(tif->tif_clientdata, module, 3399 "Out of memory reading of \"%s\"; tag ignored", 3400 tagname); 3401 break; 3402 default: 3403 assert(0); /* we should never get here */ 3404 break; 3405 } 3406 } 3407 } 3408 3409 /* 3410 * Read the next TIFF directory from a file and convert it to the internal 3411 * format. We read directories sequentially. 3412 */ 3413 int 3414 TIFFReadDirectory(TIFF* tif) 3415 { 3416 static const char module[] = "TIFFReadDirectory"; 3417 TIFFDirEntry* dir; 3418 uint16 dircount; 3419 TIFFDirEntry* dp; 3420 uint16 di; 3421 const TIFFField* fip; 3422 uint32 fii=FAILED_FII; 3423 toff_t nextdiroff; 3424 int bitspersample_read = FALSE; 3425 3426 tif->tif_diroff=tif->tif_nextdiroff; 3427 if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff)) 3428 return 0; /* last offset or bad offset (IFD looping) */ 3429 (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */ 3430 tif->tif_curdir++; 3431 nextdiroff = tif->tif_nextdiroff; 3432 dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff); 3433 if (!dircount) 3434 { 3435 TIFFErrorExt(tif->tif_clientdata,module, 3436 "Failed to read directory at offset " TIFF_UINT64_FORMAT,nextdiroff); 3437 return 0; 3438 } 3439 TIFFReadDirectoryCheckOrder(tif,dir,dircount); 3440 3441 /* 3442 * Mark duplicates of any tag to be ignored (bugzilla 1994) 3443 * to avoid certain pathological problems. 3444 */ 3445 { 3446 TIFFDirEntry* ma; 3447 uint16 mb; 3448 for (ma=dir, mb=0; mb<dircount; ma++, mb++) 3449 { 3450 TIFFDirEntry* na; 3451 uint16 nb; 3452 for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++) 3453 { 3454 if (ma->tdir_tag==na->tdir_tag) 3455 na->tdir_tag=IGNORE; 3456 } 3457 } 3458 } 3459 3460 tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */ 3461 tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */ 3462 /* free any old stuff and reinit */ 3463 TIFFFreeDirectory(tif); 3464 TIFFDefaultDirectory(tif); 3465 /* 3466 * Electronic Arts writes gray-scale TIFF files 3467 * without a PlanarConfiguration directory entry. 3468 * Thus we setup a default value here, even though 3469 * the TIFF spec says there is no default value. 3470 */ 3471 TIFFSetField(tif,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG); 3472 /* 3473 * Setup default value and then make a pass over 3474 * the fields to check type and tag information, 3475 * and to extract info required to size data 3476 * structures. A second pass is made afterwards 3477 * to read in everything not taken in the first pass. 3478 * But we must process the Compression tag first 3479 * in order to merge in codec-private tag definitions (otherwise 3480 * we may get complaints about unknown tags). However, the 3481 * Compression tag may be dependent on the SamplesPerPixel 3482 * tag value because older TIFF specs permitted Compression 3483 * to be written as a SamplesPerPixel-count tag entry. 3484 * Thus if we don't first figure out the correct SamplesPerPixel 3485 * tag value then we may end up ignoring the Compression tag 3486 * value because it has an incorrect count value (if the 3487 * true value of SamplesPerPixel is not 1). 3488 */ 3489 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_SAMPLESPERPIXEL); 3490 if (dp) 3491 { 3492 if (!TIFFFetchNormalTag(tif,dp,0)) 3493 goto bad; 3494 dp->tdir_tag=IGNORE; 3495 } 3496 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION); 3497 if (dp) 3498 { 3499 /* 3500 * The 5.0 spec says the Compression tag has one value, while 3501 * earlier specs say it has one value per sample. Because of 3502 * this, we accept the tag if one value is supplied with either 3503 * count. 3504 */ 3505 uint16 value; 3506 enum TIFFReadDirEntryErr err; 3507 err=TIFFReadDirEntryShort(tif,dp,&value); 3508 if (err==TIFFReadDirEntryErrCount) 3509 err=TIFFReadDirEntryPersampleShort(tif,dp,&value); 3510 if (err!=TIFFReadDirEntryErrOk) 3511 { 3512 TIFFReadDirEntryOutputErr(tif,err,module,"Compression",0); 3513 goto bad; 3514 } 3515 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value)) 3516 goto bad; 3517 dp->tdir_tag=IGNORE; 3518 } 3519 else 3520 { 3521 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,COMPRESSION_NONE)) 3522 goto bad; 3523 } 3524 /* 3525 * First real pass over the directory. 3526 */ 3527 for (di=0, dp=dir; di<dircount; di++, dp++) 3528 { 3529 if (dp->tdir_tag!=IGNORE) 3530 { 3531 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); 3532 if (fii == FAILED_FII) 3533 { 3534 TIFFWarningExt(tif->tif_clientdata, module, 3535 "Unknown field with tag %d (0x%x) encountered", 3536 dp->tdir_tag,dp->tdir_tag); 3537 /* the following knowingly leaks the 3538 anonymous field structure */ 3539 if (!_TIFFMergeFields(tif, 3540 _TIFFCreateAnonField(tif, 3541 dp->tdir_tag, 3542 (TIFFDataType) dp->tdir_type), 3543 1)) { 3544 TIFFWarningExt(tif->tif_clientdata, 3545 module, 3546 "Registering anonymous field with tag %d (0x%x) failed", 3547 dp->tdir_tag, 3548 dp->tdir_tag); 3549 dp->tdir_tag=IGNORE; 3550 } else { 3551 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); 3552 assert(fii != FAILED_FII); 3553 } 3554 } 3555 } 3556 if (dp->tdir_tag!=IGNORE) 3557 { 3558 fip=tif->tif_fields[fii]; 3559 if (fip->field_bit==FIELD_IGNORE) 3560 dp->tdir_tag=IGNORE; 3561 else 3562 { 3563 switch (dp->tdir_tag) 3564 { 3565 case TIFFTAG_STRIPOFFSETS: 3566 case TIFFTAG_STRIPBYTECOUNTS: 3567 case TIFFTAG_TILEOFFSETS: 3568 case TIFFTAG_TILEBYTECOUNTS: 3569 TIFFSetFieldBit(tif,fip->field_bit); 3570 break; 3571 case TIFFTAG_IMAGEWIDTH: 3572 case TIFFTAG_IMAGELENGTH: 3573 case TIFFTAG_IMAGEDEPTH: 3574 case TIFFTAG_TILELENGTH: 3575 case TIFFTAG_TILEWIDTH: 3576 case TIFFTAG_TILEDEPTH: 3577 case TIFFTAG_PLANARCONFIG: 3578 case TIFFTAG_ROWSPERSTRIP: 3579 case TIFFTAG_EXTRASAMPLES: 3580 if (!TIFFFetchNormalTag(tif,dp,0)) 3581 goto bad; 3582 dp->tdir_tag=IGNORE; 3583 break; 3584 } 3585 } 3586 } 3587 } 3588 /* 3589 * XXX: OJPEG hack. 3590 * If a) compression is OJPEG, b) planarconfig tag says it's separate, 3591 * c) strip offsets/bytecounts tag are both present and 3592 * d) both contain exactly one value, then we consistently find 3593 * that the buggy implementation of the buggy compression scheme 3594 * matches contig planarconfig best. So we 'fix-up' the tag here 3595 */ 3596 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&& 3597 (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE)) 3598 { 3599 if (!_TIFFFillStriles(tif)) 3600 goto bad; 3601 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS); 3602 if ((dp!=0)&&(dp->tdir_count==1)) 3603 { 3604 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount, 3605 TIFFTAG_STRIPBYTECOUNTS); 3606 if ((dp!=0)&&(dp->tdir_count==1)) 3607 { 3608 tif->tif_dir.td_planarconfig=PLANARCONFIG_CONTIG; 3609 TIFFWarningExt(tif->tif_clientdata,module, 3610 "Planarconfig tag value assumed incorrect, " 3611 "assuming data is contig instead of chunky"); 3612 } 3613 } 3614 } 3615 /* 3616 * Allocate directory structure and setup defaults. 3617 */ 3618 if (!TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS)) 3619 { 3620 MissingRequired(tif,"ImageLength"); 3621 goto bad; 3622 } 3623 /* 3624 * Setup appropriate structures (by strip or by tile) 3625 */ 3626 if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) { 3627 tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif); 3628 tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth; 3629 tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip; 3630 tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth; 3631 tif->tif_flags &= ~TIFF_ISTILED; 3632 } else { 3633 tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif); 3634 tif->tif_flags |= TIFF_ISTILED; 3635 } 3636 if (!tif->tif_dir.td_nstrips) { 3637 TIFFErrorExt(tif->tif_clientdata, module, 3638 "Cannot handle zero number of %s", 3639 isTiled(tif) ? "tiles" : "strips"); 3640 goto bad; 3641 } 3642 if (tif->tif_dir.td_nstrips > INT_MAX) { 3643 TIFFErrorExt(tif->tif_clientdata, module, 3644 "Cannot handle %u number of %s", 3645 tif->tif_dir.td_nstrips, 3646 isTiled(tif) ? "tiles" : "strips"); 3647 goto bad; 3648 } 3649 tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips; 3650 if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE) 3651 tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel; 3652 if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) { 3653 #ifdef OJPEG_SUPPORT 3654 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) && 3655 (isTiled(tif)==0) && 3656 (tif->tif_dir.td_nstrips==1)) { 3657 /* 3658 * XXX: OJPEG hack. 3659 * If a) compression is OJPEG, b) it's not a tiled TIFF, 3660 * and c) the number of strips is 1, 3661 * then we tolerate the absence of stripoffsets tag, 3662 * because, presumably, all required data is in the 3663 * JpegInterchangeFormat stream. 3664 */ 3665 TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS); 3666 } else 3667 #endif 3668 { 3669 MissingRequired(tif, 3670 isTiled(tif) ? "TileOffsets" : "StripOffsets"); 3671 goto bad; 3672 } 3673 } 3674 /* 3675 * Second pass: extract other information. 3676 */ 3677 for (di=0, dp=dir; di<dircount; di++, dp++) 3678 { 3679 switch (dp->tdir_tag) 3680 { 3681 case IGNORE: 3682 break; 3683 case TIFFTAG_MINSAMPLEVALUE: 3684 case TIFFTAG_MAXSAMPLEVALUE: 3685 case TIFFTAG_BITSPERSAMPLE: 3686 case TIFFTAG_DATATYPE: 3687 case TIFFTAG_SAMPLEFORMAT: 3688 /* 3689 * The MinSampleValue, MaxSampleValue, BitsPerSample 3690 * DataType and SampleFormat tags are supposed to be 3691 * written as one value/sample, but some vendors 3692 * incorrectly write one value only -- so we accept 3693 * that as well (yuck). Other vendors write correct 3694 * value for NumberOfSamples, but incorrect one for 3695 * BitsPerSample and friends, and we will read this 3696 * too. 3697 */ 3698 { 3699 uint16 value; 3700 enum TIFFReadDirEntryErr err; 3701 err=TIFFReadDirEntryShort(tif,dp,&value); 3702 if (err==TIFFReadDirEntryErrCount) 3703 err=TIFFReadDirEntryPersampleShort(tif,dp,&value); 3704 if (err!=TIFFReadDirEntryErrOk) 3705 { 3706 fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3707 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); 3708 goto bad; 3709 } 3710 if (!TIFFSetField(tif,dp->tdir_tag,value)) 3711 goto bad; 3712 if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE ) 3713 bitspersample_read = TRUE; 3714 } 3715 break; 3716 case TIFFTAG_SMINSAMPLEVALUE: 3717 case TIFFTAG_SMAXSAMPLEVALUE: 3718 { 3719 3720 double *data = NULL; 3721 enum TIFFReadDirEntryErr err; 3722 uint32 saved_flags; 3723 int m; 3724 if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel) 3725 err = TIFFReadDirEntryErrCount; 3726 else 3727 err = TIFFReadDirEntryDoubleArray(tif, dp, &data); 3728 if (err!=TIFFReadDirEntryErrOk) 3729 { 3730 fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3731 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); 3732 goto bad; 3733 } 3734 saved_flags = tif->tif_flags; 3735 tif->tif_flags |= TIFF_PERSAMPLE; 3736 m = TIFFSetField(tif,dp->tdir_tag,data); 3737 tif->tif_flags = saved_flags; 3738 _TIFFfree(data); 3739 if (!m) 3740 goto bad; 3741 } 3742 break; 3743 case TIFFTAG_STRIPOFFSETS: 3744 case TIFFTAG_TILEOFFSETS: 3745 #if defined(DEFER_STRILE_LOAD) 3746 _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry), 3747 dp, sizeof(TIFFDirEntry) ); 3748 #else 3749 if( tif->tif_dir.td_stripoffset != NULL ) 3750 { 3751 TIFFErrorExt(tif->tif_clientdata, module, 3752 "tif->tif_dir.td_stripoffset is " 3753 "already allocated. Likely duplicated " 3754 "StripOffsets/TileOffsets tag"); 3755 goto bad; 3756 } 3757 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset)) 3758 goto bad; 3759 #endif 3760 break; 3761 case TIFFTAG_STRIPBYTECOUNTS: 3762 case TIFFTAG_TILEBYTECOUNTS: 3763 #if defined(DEFER_STRILE_LOAD) 3764 _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry), 3765 dp, sizeof(TIFFDirEntry) ); 3766 #else 3767 if( tif->tif_dir.td_stripbytecount != NULL ) 3768 { 3769 TIFFErrorExt(tif->tif_clientdata, module, 3770 "tif->tif_dir.td_stripbytecount is " 3771 "already allocated. Likely duplicated " 3772 "StripByteCounts/TileByteCounts tag"); 3773 goto bad; 3774 } 3775 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount)) 3776 goto bad; 3777 #endif 3778 break; 3779 case TIFFTAG_COLORMAP: 3780 case TIFFTAG_TRANSFERFUNCTION: 3781 { 3782 enum TIFFReadDirEntryErr err; 3783 uint32 countpersample; 3784 uint32 countrequired; 3785 uint32 incrementpersample; 3786 uint16* value=NULL; 3787 /* It would be dangerous to instantiate those tag values */ 3788 /* since if td_bitspersample has not yet been read (due to */ 3789 /* unordered tags), it could be read afterwards with a */ 3790 /* values greater than the default one (1), which may cause */ 3791 /* crashes in user code */ 3792 if( !bitspersample_read ) 3793 { 3794 fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3795 TIFFWarningExt(tif->tif_clientdata,module, 3796 "Ignoring %s since BitsPerSample tag not found", 3797 fip ? fip->field_name : "unknown tagname"); 3798 continue; 3799 } 3800 /* ColorMap or TransferFunction for high bit */ 3801 /* depths do not make much sense and could be */ 3802 /* used as a denial of service vector */ 3803 if (tif->tif_dir.td_bitspersample > 24) 3804 { 3805 fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3806 TIFFWarningExt(tif->tif_clientdata,module, 3807 "Ignoring %s because BitsPerSample=%d>24", 3808 fip ? fip->field_name : "unknown tagname", 3809 tif->tif_dir.td_bitspersample); 3810 continue; 3811 } 3812 countpersample=(1U<<tif->tif_dir.td_bitspersample); 3813 if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample)) 3814 { 3815 countrequired=countpersample; 3816 incrementpersample=0; 3817 } 3818 else 3819 { 3820 countrequired=3*countpersample; 3821 incrementpersample=countpersample; 3822 } 3823 if (dp->tdir_count!=(uint64)countrequired) 3824 err=TIFFReadDirEntryErrCount; 3825 else 3826 err=TIFFReadDirEntryShortArray(tif,dp,&value); 3827 if (err!=TIFFReadDirEntryErrOk) 3828 { 3829 fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3830 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1); 3831 } 3832 else 3833 { 3834 TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample); 3835 _TIFFfree(value); 3836 } 3837 } 3838 break; 3839 /* BEGIN REV 4.0 COMPATIBILITY */ 3840 case TIFFTAG_OSUBFILETYPE: 3841 { 3842 uint16 valueo; 3843 uint32 value; 3844 if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk) 3845 { 3846 switch (valueo) 3847 { 3848 case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break; 3849 case OFILETYPE_PAGE: value=FILETYPE_PAGE; break; 3850 default: value=0; break; 3851 } 3852 if (value!=0) 3853 TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value); 3854 } 3855 } 3856 break; 3857 /* END REV 4.0 COMPATIBILITY */ 3858 default: 3859 (void) TIFFFetchNormalTag(tif, dp, TRUE); 3860 break; 3861 } 3862 } 3863 /* 3864 * OJPEG hack: 3865 * - If a) compression is OJPEG, and b) photometric tag is missing, 3866 * then we consistently find that photometric should be YCbCr 3867 * - If a) compression is OJPEG, and b) photometric tag says it's RGB, 3868 * then we consistently find that the buggy implementation of the 3869 * buggy compression scheme matches photometric YCbCr instead. 3870 * - If a) compression is OJPEG, and b) bitspersample tag is missing, 3871 * then we consistently find bitspersample should be 8. 3872 * - If a) compression is OJPEG, b) samplesperpixel tag is missing, 3873 * and c) photometric is RGB or YCbCr, then we consistently find 3874 * samplesperpixel should be 3 3875 * - If a) compression is OJPEG, b) samplesperpixel tag is missing, 3876 * and c) photometric is MINISWHITE or MINISBLACK, then we consistently 3877 * find samplesperpixel should be 3 3878 */ 3879 if (tif->tif_dir.td_compression==COMPRESSION_OJPEG) 3880 { 3881 if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC)) 3882 { 3883 TIFFWarningExt(tif->tif_clientdata, module, 3884 "Photometric tag is missing, assuming data is YCbCr"); 3885 if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR)) 3886 goto bad; 3887 } 3888 else if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB) 3889 { 3890 tif->tif_dir.td_photometric=PHOTOMETRIC_YCBCR; 3891 TIFFWarningExt(tif->tif_clientdata, module, 3892 "Photometric tag value assumed incorrect, " 3893 "assuming data is YCbCr instead of RGB"); 3894 } 3895 if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE)) 3896 { 3897 TIFFWarningExt(tif->tif_clientdata,module, 3898 "BitsPerSample tag is missing, assuming 8 bits per sample"); 3899 if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8)) 3900 goto bad; 3901 } 3902 if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL)) 3903 { 3904 if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB) 3905 { 3906 TIFFWarningExt(tif->tif_clientdata,module, 3907 "SamplesPerPixel tag is missing, " 3908 "assuming correct SamplesPerPixel value is 3"); 3909 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3)) 3910 goto bad; 3911 } 3912 if (tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR) 3913 { 3914 TIFFWarningExt(tif->tif_clientdata,module, 3915 "SamplesPerPixel tag is missing, " 3916 "applying correct SamplesPerPixel value of 3"); 3917 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3)) 3918 goto bad; 3919 } 3920 else if ((tif->tif_dir.td_photometric==PHOTOMETRIC_MINISWHITE) 3921 || (tif->tif_dir.td_photometric==PHOTOMETRIC_MINISBLACK)) 3922 { 3923 /* 3924 * SamplesPerPixel tag is missing, but is not required 3925 * by spec. Assume correct SamplesPerPixel value of 1. 3926 */ 3927 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1)) 3928 goto bad; 3929 } 3930 } 3931 } 3932 /* 3933 * Verify Palette image has a Colormap. 3934 */ 3935 if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE && 3936 !TIFFFieldSet(tif, FIELD_COLORMAP)) { 3937 if ( tif->tif_dir.td_bitspersample>=8 && tif->tif_dir.td_samplesperpixel==3) 3938 tif->tif_dir.td_photometric = PHOTOMETRIC_RGB; 3939 else if (tif->tif_dir.td_bitspersample>=8) 3940 tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK; 3941 else { 3942 MissingRequired(tif, "Colormap"); 3943 goto bad; 3944 } 3945 } 3946 /* 3947 * OJPEG hack: 3948 * We do no further messing with strip/tile offsets/bytecounts in OJPEG 3949 * TIFFs 3950 */ 3951 if (tif->tif_dir.td_compression!=COMPRESSION_OJPEG) 3952 { 3953 /* 3954 * Attempt to deal with a missing StripByteCounts tag. 3955 */ 3956 if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) { 3957 /* 3958 * Some manufacturers violate the spec by not giving 3959 * the size of the strips. In this case, assume there 3960 * is one uncompressed strip of data. 3961 */ 3962 if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG && 3963 tif->tif_dir.td_nstrips > 1) || 3964 (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE && 3965 tif->tif_dir.td_nstrips != (uint32)tif->tif_dir.td_samplesperpixel)) { 3966 MissingRequired(tif, "StripByteCounts"); 3967 goto bad; 3968 } 3969 TIFFWarningExt(tif->tif_clientdata, module, 3970 "TIFF directory is missing required " 3971 "\"StripByteCounts\" field, calculating from imagelength"); 3972 if (EstimateStripByteCounts(tif, dir, dircount) < 0) 3973 goto bad; 3974 /* 3975 * Assume we have wrong StripByteCount value (in case 3976 * of single strip) in following cases: 3977 * - it is equal to zero along with StripOffset; 3978 * - it is larger than file itself (in case of uncompressed 3979 * image); 3980 * - it is smaller than the size of the bytes per row 3981 * multiplied on the number of rows. The last case should 3982 * not be checked in the case of writing new image, 3983 * because we may do not know the exact strip size 3984 * until the whole image will be written and directory 3985 * dumped out. 3986 */ 3987 #define BYTECOUNTLOOKSBAD \ 3988 ( (tif->tif_dir.td_stripbytecount[0] == 0 && tif->tif_dir.td_stripoffset[0] != 0) || \ 3989 (tif->tif_dir.td_compression == COMPRESSION_NONE && \ 3990 tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) || \ 3991 (tif->tif_mode == O_RDONLY && \ 3992 tif->tif_dir.td_compression == COMPRESSION_NONE && \ 3993 tif->tif_dir.td_stripbytecount[0] < TIFFScanlineSize64(tif) * tif->tif_dir.td_imagelength) ) 3994 3995 } else if (tif->tif_dir.td_nstrips == 1 3996 && _TIFFFillStriles(tif) 3997 && tif->tif_dir.td_stripoffset[0] != 0 3998 && BYTECOUNTLOOKSBAD) { 3999 /* 4000 * XXX: Plexus (and others) sometimes give a value of 4001 * zero for a tag when they don't know what the 4002 * correct value is! Try and handle the simple case 4003 * of estimating the size of a one strip image. 4004 */ 4005 TIFFWarningExt(tif->tif_clientdata, module, 4006 "Bogus \"StripByteCounts\" field, ignoring and calculating from imagelength"); 4007 if(EstimateStripByteCounts(tif, dir, dircount) < 0) 4008 goto bad; 4009 4010 #if !defined(DEFER_STRILE_LOAD) 4011 } else if (tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG 4012 && tif->tif_dir.td_nstrips > 2 4013 && tif->tif_dir.td_compression == COMPRESSION_NONE 4014 && tif->tif_dir.td_stripbytecount[0] != tif->tif_dir.td_stripbytecount[1] 4015 && tif->tif_dir.td_stripbytecount[0] != 0 4016 && tif->tif_dir.td_stripbytecount[1] != 0 ) { 4017 /* 4018 * XXX: Some vendors fill StripByteCount array with 4019 * absolutely wrong values (it can be equal to 4020 * StripOffset array, for example). Catch this case 4021 * here. 4022 * 4023 * We avoid this check if deferring strile loading 4024 * as it would always force us to load the strip/tile 4025 * information. 4026 */ 4027 TIFFWarningExt(tif->tif_clientdata, module, 4028 "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength"); 4029 if (EstimateStripByteCounts(tif, dir, dircount) < 0) 4030 goto bad; 4031 #endif /* !defined(DEFER_STRILE_LOAD) */ 4032 } 4033 } 4034 if (dir) 4035 { 4036 _TIFFfree(dir); 4037 dir=NULL; 4038 } 4039 if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE)) 4040 { 4041 if (tif->tif_dir.td_bitspersample>=16) 4042 tif->tif_dir.td_maxsamplevalue=0xFFFF; 4043 else 4044 tif->tif_dir.td_maxsamplevalue = (uint16)((1L<<tif->tif_dir.td_bitspersample)-1); 4045 } 4046 /* 4047 * XXX: We can optimize checking for the strip bounds using the sorted 4048 * bytecounts array. See also comments for TIFFAppendToStrip() 4049 * function in tif_write.c. 4050 */ 4051 #if !defined(DEFER_STRILE_LOAD) 4052 if (tif->tif_dir.td_nstrips > 1) { 4053 uint32 strip; 4054 4055 tif->tif_dir.td_stripbytecountsorted = 1; 4056 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) { 4057 if (tif->tif_dir.td_stripoffset[strip - 1] > 4058 tif->tif_dir.td_stripoffset[strip]) { 4059 tif->tif_dir.td_stripbytecountsorted = 0; 4060 break; 4061 } 4062 } 4063 } 4064 #endif /* !defined(DEFER_STRILE_LOAD) */ 4065 4066 /* 4067 * An opportunity for compression mode dependent tag fixup 4068 */ 4069 (*tif->tif_fixuptags)(tif); 4070 4071 /* 4072 * Some manufacturers make life difficult by writing 4073 * large amounts of uncompressed data as a single strip. 4074 * This is contrary to the recommendations of the spec. 4075 * The following makes an attempt at breaking such images 4076 * into strips closer to the recommended 8k bytes. A 4077 * side effect, however, is that the RowsPerStrip tag 4078 * value may be changed. 4079 */ 4080 if ((tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&& 4081 (tif->tif_dir.td_nstrips==1)&& 4082 (tif->tif_dir.td_compression==COMPRESSION_NONE)&& 4083 ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP)) 4084 { 4085 if ( !_TIFFFillStriles(tif) || !tif->tif_dir.td_stripbytecount ) 4086 return 0; 4087 ChopUpSingleUncompressedStrip(tif); 4088 } 4089 4090 /* 4091 * Clear the dirty directory flag. 4092 */ 4093 tif->tif_flags &= ~TIFF_DIRTYDIRECT; 4094 tif->tif_flags &= ~TIFF_DIRTYSTRIP; 4095 4096 /* 4097 * Reinitialize i/o since we are starting on a new directory. 4098 */ 4099 tif->tif_row = (uint32) -1; 4100 tif->tif_curstrip = (uint32) -1; 4101 tif->tif_col = (uint32) -1; 4102 tif->tif_curtile = (uint32) -1; 4103 tif->tif_tilesize = (tmsize_t) -1; 4104 4105 tif->tif_scanlinesize = TIFFScanlineSize(tif); 4106 if (!tif->tif_scanlinesize) { 4107 TIFFErrorExt(tif->tif_clientdata, module, 4108 "Cannot handle zero scanline size"); 4109 return (0); 4110 } 4111 4112 if (isTiled(tif)) { 4113 tif->tif_tilesize = TIFFTileSize(tif); 4114 if (!tif->tif_tilesize) { 4115 TIFFErrorExt(tif->tif_clientdata, module, 4116 "Cannot handle zero tile size"); 4117 return (0); 4118 } 4119 } else { 4120 if (!TIFFStripSize(tif)) { 4121 TIFFErrorExt(tif->tif_clientdata, module, 4122 "Cannot handle zero strip size"); 4123 return (0); 4124 } 4125 } 4126 return (1); 4127 bad: 4128 if (dir) 4129 _TIFFfree(dir); 4130 return (0); 4131 } 4132 4133 static void 4134 TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount) 4135 { 4136 static const char module[] = "TIFFReadDirectoryCheckOrder"; 4137 uint16 m; 4138 uint16 n; 4139 TIFFDirEntry* o; 4140 m=0; 4141 for (n=0, o=dir; n<dircount; n++, o++) 4142 { 4143 if (o->tdir_tag<m) 4144 { 4145 TIFFWarningExt(tif->tif_clientdata,module, 4146 "Invalid TIFF directory; tags are not sorted in ascending order"); 4147 break; 4148 } 4149 m=o->tdir_tag+1; 4150 } 4151 } 4152 4153 static TIFFDirEntry* 4154 TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid) 4155 { 4156 TIFFDirEntry* m; 4157 uint16 n; 4158 (void) tif; 4159 for (m=dir, n=0; n<dircount; m++, n++) 4160 { 4161 if (m->tdir_tag==tagid) 4162 return(m); 4163 } 4164 return(0); 4165 } 4166 4167 static void 4168 TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii) 4169 { 4170 int32 ma,mb,mc; 4171 ma=-1; 4172 mc=(int32)tif->tif_nfields; 4173 while (1) 4174 { 4175 if (ma+1==mc) 4176 { 4177 *fii = FAILED_FII; 4178 return; 4179 } 4180 mb=(ma+mc)/2; 4181 if (tif->tif_fields[mb]->field_tag==(uint32)tagid) 4182 break; 4183 if (tif->tif_fields[mb]->field_tag<(uint32)tagid) 4184 ma=mb; 4185 else 4186 mc=mb; 4187 } 4188 while (1) 4189 { 4190 if (mb==0) 4191 break; 4192 if (tif->tif_fields[mb-1]->field_tag!=(uint32)tagid) 4193 break; 4194 mb--; 4195 } 4196 *fii=mb; 4197 } 4198 4199 /* 4200 * Read custom directory from the arbitrary offset. 4201 * The code is very similar to TIFFReadDirectory(). 4202 */ 4203 int 4204 TIFFReadCustomDirectory(TIFF* tif, toff_t diroff, 4205 const TIFFFieldArray* infoarray) 4206 { 4207 static const char module[] = "TIFFReadCustomDirectory"; 4208 TIFFDirEntry* dir; 4209 uint16 dircount; 4210 TIFFDirEntry* dp; 4211 uint16 di; 4212 const TIFFField* fip; 4213 uint32 fii; 4214 _TIFFSetupFields(tif, infoarray); 4215 dircount=TIFFFetchDirectory(tif,diroff,&dir,NULL); 4216 if (!dircount) 4217 { 4218 TIFFErrorExt(tif->tif_clientdata,module, 4219 "Failed to read custom directory at offset " TIFF_UINT64_FORMAT,diroff); 4220 return 0; 4221 } 4222 TIFFFreeDirectory(tif); 4223 _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory)); 4224 TIFFReadDirectoryCheckOrder(tif,dir,dircount); 4225 for (di=0, dp=dir; di<dircount; di++, dp++) 4226 { 4227 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); 4228 if (fii == FAILED_FII) 4229 { 4230 TIFFWarningExt(tif->tif_clientdata, module, 4231 "Unknown field with tag %d (0x%x) encountered", 4232 dp->tdir_tag, dp->tdir_tag); 4233 if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif, 4234 dp->tdir_tag, 4235 (TIFFDataType) dp->tdir_type), 4236 1)) { 4237 TIFFWarningExt(tif->tif_clientdata, module, 4238 "Registering anonymous field with tag %d (0x%x) failed", 4239 dp->tdir_tag, dp->tdir_tag); 4240 dp->tdir_tag=IGNORE; 4241 } else { 4242 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); 4243 assert( fii != FAILED_FII ); 4244 } 4245 } 4246 if (dp->tdir_tag!=IGNORE) 4247 { 4248 fip=tif->tif_fields[fii]; 4249 if (fip->field_bit==FIELD_IGNORE) 4250 dp->tdir_tag=IGNORE; 4251 else 4252 { 4253 /* check data type */ 4254 while ((fip->field_type!=TIFF_ANY)&&(fip->field_type!=dp->tdir_type)) 4255 { 4256 fii++; 4257 if ((fii==tif->tif_nfields)|| 4258 (tif->tif_fields[fii]->field_tag!=(uint32)dp->tdir_tag)) 4259 { 4260 fii=0xFFFF; 4261 break; 4262 } 4263 fip=tif->tif_fields[fii]; 4264 } 4265 if (fii==0xFFFF) 4266 { 4267 TIFFWarningExt(tif->tif_clientdata, module, 4268 "Wrong data type %d for \"%s\"; tag ignored", 4269 dp->tdir_type,fip->field_name); 4270 dp->tdir_tag=IGNORE; 4271 } 4272 else 4273 { 4274 /* check count if known in advance */ 4275 if ((fip->field_readcount!=TIFF_VARIABLE)&& 4276 (fip->field_readcount!=TIFF_VARIABLE2)) 4277 { 4278 uint32 expected; 4279 if (fip->field_readcount==TIFF_SPP) 4280 expected=(uint32)tif->tif_dir.td_samplesperpixel; 4281 else 4282 expected=(uint32)fip->field_readcount; 4283 if (!CheckDirCount(tif,dp,expected)) 4284 dp->tdir_tag=IGNORE; 4285 } 4286 } 4287 } 4288 switch (dp->tdir_tag) 4289 { 4290 case IGNORE: 4291 break; 4292 case EXIFTAG_SUBJECTDISTANCE: 4293 (void) TIFFFetchSubjectDistance(tif,dp); 4294 break; 4295 default: 4296 (void) TIFFFetchNormalTag(tif, dp, TRUE); 4297 break; 4298 } 4299 } 4300 } 4301 if (dir) 4302 _TIFFfree(dir); 4303 return 1; 4304 } 4305 4306 /* 4307 * EXIF is important special case of custom IFD, so we have a special 4308 * function to read it. 4309 */ 4310 int 4311 TIFFReadEXIFDirectory(TIFF* tif, toff_t diroff) 4312 { 4313 const TIFFFieldArray* exifFieldArray; 4314 exifFieldArray = _TIFFGetExifFields(); 4315 return TIFFReadCustomDirectory(tif, diroff, exifFieldArray); 4316 } 4317 4318 static int 4319 EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount) 4320 { 4321 static const char module[] = "EstimateStripByteCounts"; 4322 4323 TIFFDirEntry *dp; 4324 TIFFDirectory *td = &tif->tif_dir; 4325 uint32 strip; 4326 4327 /* Do not try to load stripbytecount as we will compute it */ 4328 if( !_TIFFFillStrilesInternal( tif, 0 ) ) 4329 return -1; 4330 4331 if (td->td_stripbytecount) 4332 _TIFFfree(td->td_stripbytecount); 4333 td->td_stripbytecount = (uint64*) 4334 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64), 4335 "for \"StripByteCounts\" array"); 4336 if( td->td_stripbytecount == NULL ) 4337 return -1; 4338 4339 if (td->td_compression != COMPRESSION_NONE) { 4340 uint64 space; 4341 uint64 filesize; 4342 uint16 n; 4343 filesize = TIFFGetFileSize(tif); 4344 if (!(tif->tif_flags&TIFF_BIGTIFF)) 4345 space=sizeof(TIFFHeaderClassic)+2+dircount*12+4; 4346 else 4347 space=sizeof(TIFFHeaderBig)+8+dircount*20+8; 4348 /* calculate amount of space used by indirect values */ 4349 for (dp = dir, n = dircount; n > 0; n--, dp++) 4350 { 4351 uint32 typewidth; 4352 uint64 datasize; 4353 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type); 4354 if (typewidth == 0) { 4355 TIFFErrorExt(tif->tif_clientdata, module, 4356 "Cannot determine size of unknown tag type %d", 4357 dp->tdir_type); 4358 return -1; 4359 } 4360 datasize=(uint64)typewidth*dp->tdir_count; 4361 if (!(tif->tif_flags&TIFF_BIGTIFF)) 4362 { 4363 if (datasize<=4) 4364 datasize=0; 4365 } 4366 else 4367 { 4368 if (datasize<=8) 4369 datasize=0; 4370 } 4371 space+=datasize; 4372 } 4373 space = filesize - space; 4374 if (td->td_planarconfig == PLANARCONFIG_SEPARATE) 4375 space /= td->td_samplesperpixel; 4376 for (strip = 0; strip < td->td_nstrips; strip++) 4377 td->td_stripbytecount[strip] = space; 4378 /* 4379 * This gross hack handles the case were the offset to 4380 * the last strip is past the place where we think the strip 4381 * should begin. Since a strip of data must be contiguous, 4382 * it's safe to assume that we've overestimated the amount 4383 * of data in the strip and trim this number back accordingly. 4384 */ 4385 strip--; 4386 if (td->td_stripoffset[strip]+td->td_stripbytecount[strip] > filesize) 4387 td->td_stripbytecount[strip] = filesize - td->td_stripoffset[strip]; 4388 } else if (isTiled(tif)) { 4389 uint64 bytespertile = TIFFTileSize64(tif); 4390 4391 for (strip = 0; strip < td->td_nstrips; strip++) 4392 td->td_stripbytecount[strip] = bytespertile; 4393 } else { 4394 uint64 rowbytes = TIFFScanlineSize64(tif); 4395 uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage; 4396 for (strip = 0; strip < td->td_nstrips; strip++) 4397 td->td_stripbytecount[strip] = rowbytes * rowsperstrip; 4398 } 4399 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS); 4400 if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP)) 4401 td->td_rowsperstrip = td->td_imagelength; 4402 return 1; 4403 } 4404 4405 static void 4406 MissingRequired(TIFF* tif, const char* tagname) 4407 { 4408 static const char module[] = "MissingRequired"; 4409 4410 TIFFErrorExt(tif->tif_clientdata, module, 4411 "TIFF directory is missing required \"%s\" field", 4412 tagname); 4413 } 4414 4415 /* 4416 * Check the directory offset against the list of already seen directory 4417 * offsets. This is a trick to prevent IFD looping. The one can create TIFF 4418 * file with looped directory pointers. We will maintain a list of already 4419 * seen directories and check every IFD offset against that list. 4420 */ 4421 static int 4422 TIFFCheckDirOffset(TIFF* tif, uint64 diroff) 4423 { 4424 uint16 n; 4425 4426 if (diroff == 0) /* no more directories */ 4427 return 0; 4428 if (tif->tif_dirnumber == 65535) { 4429 TIFFErrorExt(tif->tif_clientdata, "TIFFCheckDirOffset", 4430 "Cannot handle more than 65535 TIFF directories"); 4431 return 0; 4432 } 4433 4434 for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) { 4435 if (tif->tif_dirlist[n] == diroff) 4436 return 0; 4437 } 4438 4439 tif->tif_dirnumber++; 4440 4441 if (tif->tif_dirlist == NULL || tif->tif_dirnumber > tif->tif_dirlistsize) { 4442 uint64* new_dirlist; 4443 4444 /* 4445 * XXX: Reduce memory allocation granularity of the dirlist 4446 * array. 4447 */ 4448 new_dirlist = (uint64*)_TIFFCheckRealloc(tif, tif->tif_dirlist, 4449 tif->tif_dirnumber, 2 * sizeof(uint64), "for IFD list"); 4450 if (!new_dirlist) 4451 return 0; 4452 if( tif->tif_dirnumber >= 32768 ) 4453 tif->tif_dirlistsize = 65535; 4454 else 4455 tif->tif_dirlistsize = 2 * tif->tif_dirnumber; 4456 tif->tif_dirlist = new_dirlist; 4457 } 4458 4459 tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff; 4460 4461 return 1; 4462 } 4463 4464 /* 4465 * Check the count field of a directory entry against a known value. The 4466 * caller is expected to skip/ignore the tag if there is a mismatch. 4467 */ 4468 static int 4469 CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count) 4470 { 4471 if ((uint64)count > dir->tdir_count) { 4472 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag); 4473 TIFFWarningExt(tif->tif_clientdata, tif->tif_name, 4474 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag ignored", 4475 fip ? fip->field_name : "unknown tagname", 4476 dir->tdir_count, count); 4477 return (0); 4478 } else if ((uint64)count < dir->tdir_count) { 4479 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag); 4480 TIFFWarningExt(tif->tif_clientdata, tif->tif_name, 4481 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag trimmed", 4482 fip ? fip->field_name : "unknown tagname", 4483 dir->tdir_count, count); 4484 dir->tdir_count = count; 4485 return (1); 4486 } 4487 return (1); 4488 } 4489 4490 /* 4491 * Read IFD structure from the specified offset. If the pointer to 4492 * nextdiroff variable has been specified, read it too. Function returns a 4493 * number of fields in the directory or 0 if failed. 4494 */ 4495 static uint16 4496 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, 4497 uint64 *nextdiroff) 4498 { 4499 static const char module[] = "TIFFFetchDirectory"; 4500 4501 void* origdir; 4502 uint16 dircount16; 4503 uint32 dirsize; 4504 TIFFDirEntry* dir; 4505 uint8* ma; 4506 TIFFDirEntry* mb; 4507 uint16 n; 4508 4509 assert(pdir); 4510 4511 tif->tif_diroff = diroff; 4512 if (nextdiroff) 4513 *nextdiroff = 0; 4514 if (!isMapped(tif)) { 4515 if (!SeekOK(tif, tif->tif_diroff)) { 4516 TIFFErrorExt(tif->tif_clientdata, module, 4517 "%s: Seek error accessing TIFF directory", 4518 tif->tif_name); 4519 return 0; 4520 } 4521 if (!(tif->tif_flags&TIFF_BIGTIFF)) 4522 { 4523 if (!ReadOK(tif, &dircount16, sizeof (uint16))) { 4524 TIFFErrorExt(tif->tif_clientdata, module, 4525 "%s: Can not read TIFF directory count", 4526 tif->tif_name); 4527 return 0; 4528 } 4529 if (tif->tif_flags & TIFF_SWAB) 4530 TIFFSwabShort(&dircount16); 4531 if (dircount16>4096) 4532 { 4533 TIFFErrorExt(tif->tif_clientdata, module, 4534 "Sanity check on directory count failed, this is probably not a valid IFD offset"); 4535 return 0; 4536 } 4537 dirsize = 12; 4538 } else { 4539 uint64 dircount64; 4540 if (!ReadOK(tif, &dircount64, sizeof (uint64))) { 4541 TIFFErrorExt(tif->tif_clientdata, module, 4542 "%s: Can not read TIFF directory count", 4543 tif->tif_name); 4544 return 0; 4545 } 4546 if (tif->tif_flags & TIFF_SWAB) 4547 TIFFSwabLong8(&dircount64); 4548 if (dircount64>4096) 4549 { 4550 TIFFErrorExt(tif->tif_clientdata, module, 4551 "Sanity check on directory count failed, this is probably not a valid IFD offset"); 4552 return 0; 4553 } 4554 dircount16 = (uint16)dircount64; 4555 dirsize = 20; 4556 } 4557 origdir = _TIFFCheckMalloc(tif, dircount16, 4558 dirsize, "to read TIFF directory"); 4559 if (origdir == NULL) 4560 return 0; 4561 if (!ReadOK(tif, origdir, (tmsize_t)(dircount16*dirsize))) { 4562 TIFFErrorExt(tif->tif_clientdata, module, 4563 "%.100s: Can not read TIFF directory", 4564 tif->tif_name); 4565 _TIFFfree(origdir); 4566 return 0; 4567 } 4568 /* 4569 * Read offset to next directory for sequential scans if 4570 * needed. 4571 */ 4572 if (nextdiroff) 4573 { 4574 if (!(tif->tif_flags&TIFF_BIGTIFF)) 4575 { 4576 uint32 nextdiroff32; 4577 if (!ReadOK(tif, &nextdiroff32, sizeof(uint32))) 4578 nextdiroff32 = 0; 4579 if (tif->tif_flags&TIFF_SWAB) 4580 TIFFSwabLong(&nextdiroff32); 4581 *nextdiroff=nextdiroff32; 4582 } else { 4583 if (!ReadOK(tif, nextdiroff, sizeof(uint64))) 4584 *nextdiroff = 0; 4585 if (tif->tif_flags&TIFF_SWAB) 4586 TIFFSwabLong8(nextdiroff); 4587 } 4588 } 4589 } else { 4590 tmsize_t m; 4591 tmsize_t off = (tmsize_t) tif->tif_diroff; 4592 if ((uint64)off!=tif->tif_diroff) 4593 { 4594 TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count"); 4595 return(0); 4596 } 4597 4598 /* 4599 * Check for integer overflow when validating the dir_off, 4600 * otherwise a very high offset may cause an OOB read and 4601 * crash the client. Make two comparisons instead of 4602 * 4603 * off + sizeof(uint16) > tif->tif_size 4604 * 4605 * to avoid overflow. 4606 */ 4607 if (!(tif->tif_flags&TIFF_BIGTIFF)) 4608 { 4609 m=off+sizeof(uint16); 4610 if ((m<off)||(m<(tmsize_t)sizeof(uint16))||(m>tif->tif_size)) { 4611 TIFFErrorExt(tif->tif_clientdata, module, 4612 "Can not read TIFF directory count"); 4613 return 0; 4614 } else { 4615 _TIFFmemcpy(&dircount16, tif->tif_base + off, 4616 sizeof(uint16)); 4617 } 4618 off += sizeof (uint16); 4619 if (tif->tif_flags & TIFF_SWAB) 4620 TIFFSwabShort(&dircount16); 4621 if (dircount16>4096) 4622 { 4623 TIFFErrorExt(tif->tif_clientdata, module, 4624 "Sanity check on directory count failed, this is probably not a valid IFD offset"); 4625 return 0; 4626 } 4627 dirsize = 12; 4628 } 4629 else 4630 { 4631 uint64 dircount64; 4632 m=off+sizeof(uint64); 4633 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size)) { 4634 TIFFErrorExt(tif->tif_clientdata, module, 4635 "Can not read TIFF directory count"); 4636 return 0; 4637 } else { 4638 _TIFFmemcpy(&dircount64, tif->tif_base + off, 4639 sizeof(uint64)); 4640 } 4641 off += sizeof (uint64); 4642 if (tif->tif_flags & TIFF_SWAB) 4643 TIFFSwabLong8(&dircount64); 4644 if (dircount64>4096) 4645 { 4646 TIFFErrorExt(tif->tif_clientdata, module, 4647 "Sanity check on directory count failed, this is probably not a valid IFD offset"); 4648 return 0; 4649 } 4650 dircount16 = (uint16)dircount64; 4651 dirsize = 20; 4652 } 4653 if (dircount16 == 0 ) 4654 { 4655 TIFFErrorExt(tif->tif_clientdata, module, 4656 "Sanity check on directory count failed, zero tag directories not supported"); 4657 return 0; 4658 } 4659 origdir = _TIFFCheckMalloc(tif, dircount16, 4660 dirsize, 4661 "to read TIFF directory"); 4662 if (origdir == NULL) 4663 return 0; 4664 m=off+dircount16*dirsize; 4665 if ((m<off)||(m<(tmsize_t)(dircount16*dirsize))||(m>tif->tif_size)) { 4666 TIFFErrorExt(tif->tif_clientdata, module, 4667 "Can not read TIFF directory"); 4668 _TIFFfree(origdir); 4669 return 0; 4670 } else { 4671 _TIFFmemcpy(origdir, tif->tif_base + off, 4672 dircount16 * dirsize); 4673 } 4674 if (nextdiroff) { 4675 off += dircount16 * dirsize; 4676 if (!(tif->tif_flags&TIFF_BIGTIFF)) 4677 { 4678 uint32 nextdiroff32; 4679 m=off+sizeof(uint32); 4680 if ((m<off)||(m<(tmsize_t)sizeof(uint32))||(m>tif->tif_size)) 4681 nextdiroff32 = 0; 4682 else 4683 _TIFFmemcpy(&nextdiroff32, tif->tif_base + off, 4684 sizeof (uint32)); 4685 if (tif->tif_flags&TIFF_SWAB) 4686 TIFFSwabLong(&nextdiroff32); 4687 *nextdiroff = nextdiroff32; 4688 } 4689 else 4690 { 4691 m=off+sizeof(uint64); 4692 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size)) 4693 *nextdiroff = 0; 4694 else 4695 _TIFFmemcpy(nextdiroff, tif->tif_base + off, 4696 sizeof (uint64)); 4697 if (tif->tif_flags&TIFF_SWAB) 4698 TIFFSwabLong8(nextdiroff); 4699 } 4700 } 4701 } 4702 dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16, 4703 sizeof(TIFFDirEntry), 4704 "to read TIFF directory"); 4705 if (dir==0) 4706 { 4707 _TIFFfree(origdir); 4708 return 0; 4709 } 4710 ma=(uint8*)origdir; 4711 mb=dir; 4712 for (n=0; n<dircount16; n++) 4713 { 4714 if (tif->tif_flags&TIFF_SWAB) 4715 TIFFSwabShort((uint16*)ma); 4716 mb->tdir_tag=*(uint16*)ma; 4717 ma+=sizeof(uint16); 4718 if (tif->tif_flags&TIFF_SWAB) 4719 TIFFSwabShort((uint16*)ma); 4720 mb->tdir_type=*(uint16*)ma; 4721 ma+=sizeof(uint16); 4722 if (!(tif->tif_flags&TIFF_BIGTIFF)) 4723 { 4724 if (tif->tif_flags&TIFF_SWAB) 4725 TIFFSwabLong((uint32*)ma); 4726 mb->tdir_count=(uint64)(*(uint32*)ma); 4727 ma+=sizeof(uint32); 4728 *(uint32*)(&mb->tdir_offset)=*(uint32*)ma; 4729 ma+=sizeof(uint32); 4730 } 4731 else 4732 { 4733 if (tif->tif_flags&TIFF_SWAB) 4734 TIFFSwabLong8((uint64*)ma); 4735 mb->tdir_count=TIFFReadUInt64(ma); 4736 ma+=sizeof(uint64); 4737 mb->tdir_offset.toff_long8=TIFFReadUInt64(ma); 4738 ma+=sizeof(uint64); 4739 } 4740 mb++; 4741 } 4742 _TIFFfree(origdir); 4743 *pdir = dir; 4744 return dircount16; 4745 } 4746 4747 /* 4748 * Fetch a tag that is not handled by special case code. 4749 */ 4750 static int 4751 TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover) 4752 { 4753 static const char module[] = "TIFFFetchNormalTag"; 4754 enum TIFFReadDirEntryErr err; 4755 uint32 fii; 4756 const TIFFField* fip = NULL; 4757 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); 4758 if( fii == FAILED_FII ) 4759 { 4760 TIFFErrorExt(tif->tif_clientdata, "TIFFFetchNormalTag", 4761 "No definition found for tag %d", 4762 dp->tdir_tag); 4763 return 0; 4764 } 4765 fip=tif->tif_fields[fii]; 4766 assert(fip != NULL); /* should not happen */ 4767 assert(fip->set_field_type!=TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with this in specialized code */ 4768 assert(fip->set_field_type!=TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only the case for pseudo-tags */ 4769 err=TIFFReadDirEntryErrOk; 4770 switch (fip->set_field_type) 4771 { 4772 case TIFF_SETGET_UNDEFINED: 4773 break; 4774 case TIFF_SETGET_ASCII: 4775 { 4776 uint8* data; 4777 assert(fip->field_passcount==0); 4778 err=TIFFReadDirEntryByteArray(tif,dp,&data); 4779 if (err==TIFFReadDirEntryErrOk) 4780 { 4781 uint8* ma; 4782 uint32 mb; 4783 int n; 4784 ma=data; 4785 mb=0; 4786 while (mb<(uint32)dp->tdir_count) 4787 { 4788 if (*ma==0) 4789 break; 4790 ma++; 4791 mb++; 4792 } 4793 if (mb+1<(uint32)dp->tdir_count) 4794 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" contains null byte in value; value incorrectly truncated during reading due to implementation limitations",fip->field_name); 4795 else if (mb+1>(uint32)dp->tdir_count) 4796 { 4797 uint8* o; 4798 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte",fip->field_name); 4799 if ((uint32)dp->tdir_count+1!=dp->tdir_count+1) 4800 o=NULL; 4801 else 4802 o=_TIFFmalloc((uint32)dp->tdir_count+1); 4803 if (o==NULL) 4804 { 4805 if (data!=NULL) 4806 _TIFFfree(data); 4807 return(0); 4808 } 4809 _TIFFmemcpy(o,data,(uint32)dp->tdir_count); 4810 o[(uint32)dp->tdir_count]=0; 4811 if (data!=0) 4812 _TIFFfree(data); 4813 data=o; 4814 } 4815 n=TIFFSetField(tif,dp->tdir_tag,data); 4816 if (data!=0) 4817 _TIFFfree(data); 4818 if (!n) 4819 return(0); 4820 } 4821 } 4822 break; 4823 case TIFF_SETGET_UINT8: 4824 { 4825 uint8 data=0; 4826 assert(fip->field_readcount==1); 4827 assert(fip->field_passcount==0); 4828 err=TIFFReadDirEntryByte(tif,dp,&data); 4829 if (err==TIFFReadDirEntryErrOk) 4830 { 4831 if (!TIFFSetField(tif,dp->tdir_tag,data)) 4832 return(0); 4833 } 4834 } 4835 break; 4836 case TIFF_SETGET_UINT16: 4837 { 4838 uint16 data; 4839 assert(fip->field_readcount==1); 4840 assert(fip->field_passcount==0); 4841 err=TIFFReadDirEntryShort(tif,dp,&data); 4842 if (err==TIFFReadDirEntryErrOk) 4843 { 4844 if (!TIFFSetField(tif,dp->tdir_tag,data)) 4845 return(0); 4846 } 4847 } 4848 break; 4849 case TIFF_SETGET_UINT32: 4850 { 4851 uint32 data; 4852 assert(fip->field_readcount==1); 4853 assert(fip->field_passcount==0); 4854 err=TIFFReadDirEntryLong(tif,dp,&data); 4855 if (err==TIFFReadDirEntryErrOk) 4856 { 4857 if (!TIFFSetField(tif,dp->tdir_tag,data)) 4858 return(0); 4859 } 4860 } 4861 break; 4862 case TIFF_SETGET_UINT64: 4863 { 4864 uint64 data; 4865 assert(fip->field_readcount==1); 4866 assert(fip->field_passcount==0); 4867 err=TIFFReadDirEntryLong8(tif,dp,&data); 4868 if (err==TIFFReadDirEntryErrOk) 4869 { 4870 if (!TIFFSetField(tif,dp->tdir_tag,data)) 4871 return(0); 4872 } 4873 } 4874 break; 4875 case TIFF_SETGET_FLOAT: 4876 { 4877 float data; 4878 assert(fip->field_readcount==1); 4879 assert(fip->field_passcount==0); 4880 err=TIFFReadDirEntryFloat(tif,dp,&data); 4881 if (err==TIFFReadDirEntryErrOk) 4882 { 4883 if (!TIFFSetField(tif,dp->tdir_tag,data)) 4884 return(0); 4885 } 4886 } 4887 break; 4888 case TIFF_SETGET_DOUBLE: 4889 { 4890 double data; 4891 assert(fip->field_readcount==1); 4892 assert(fip->field_passcount==0); 4893 err=TIFFReadDirEntryDouble(tif,dp,&data); 4894 if (err==TIFFReadDirEntryErrOk) 4895 { 4896 if (!TIFFSetField(tif,dp->tdir_tag,data)) 4897 return(0); 4898 } 4899 } 4900 break; 4901 case TIFF_SETGET_IFD8: 4902 { 4903 uint64 data; 4904 assert(fip->field_readcount==1); 4905 assert(fip->field_passcount==0); 4906 err=TIFFReadDirEntryIfd8(tif,dp,&data); 4907 if (err==TIFFReadDirEntryErrOk) 4908 { 4909 if (!TIFFSetField(tif,dp->tdir_tag,data)) 4910 return(0); 4911 } 4912 } 4913 break; 4914 case TIFF_SETGET_UINT16_PAIR: 4915 { 4916 uint16* data; 4917 assert(fip->field_readcount==2); 4918 assert(fip->field_passcount==0); 4919 if (dp->tdir_count!=2) { 4920 TIFFWarningExt(tif->tif_clientdata,module, 4921 "incorrect count for field \"%s\", expected 2, got %d", 4922 fip->field_name,(int)dp->tdir_count); 4923 return(0); 4924 } 4925 err=TIFFReadDirEntryShortArray(tif,dp,&data); 4926 if (err==TIFFReadDirEntryErrOk) 4927 { 4928 int m; 4929 m=TIFFSetField(tif,dp->tdir_tag,data[0],data[1]); 4930 _TIFFfree(data); 4931 if (!m) 4932 return(0); 4933 } 4934 } 4935 break; 4936 case TIFF_SETGET_C0_UINT8: 4937 { 4938 uint8* data; 4939 assert(fip->field_readcount>=1); 4940 assert(fip->field_passcount==0); 4941 if (dp->tdir_count!=(uint64)fip->field_readcount) { 4942 TIFFWarningExt(tif->tif_clientdata,module, 4943 "incorrect count for field \"%s\", expected %d, got %d", 4944 fip->field_name,(int) fip->field_readcount, (int)dp->tdir_count); 4945 return 0; 4946 } 4947 else 4948 { 4949 err=TIFFReadDirEntryByteArray(tif,dp,&data); 4950 if (err==TIFFReadDirEntryErrOk) 4951 { 4952 int m; 4953 m=TIFFSetField(tif,dp->tdir_tag,data); 4954 if (data!=0) 4955 _TIFFfree(data); 4956 if (!m) 4957 return(0); 4958 } 4959 } 4960 } 4961 break; 4962 case TIFF_SETGET_C0_UINT16: 4963 { 4964 uint16* data; 4965 assert(fip->field_readcount>=1); 4966 assert(fip->field_passcount==0); 4967 if (dp->tdir_count!=(uint64)fip->field_readcount) 4968 /* corrupt file */; 4969 else 4970 { 4971 err=TIFFReadDirEntryShortArray(tif,dp,&data); 4972 if (err==TIFFReadDirEntryErrOk) 4973 { 4974 int m; 4975 m=TIFFSetField(tif,dp->tdir_tag,data); 4976 if (data!=0) 4977 _TIFFfree(data); 4978 if (!m) 4979 return(0); 4980 } 4981 } 4982 } 4983 break; 4984 case TIFF_SETGET_C0_UINT32: 4985 { 4986 uint32* data; 4987 assert(fip->field_readcount>=1); 4988 assert(fip->field_passcount==0); 4989 if (dp->tdir_count!=(uint64)fip->field_readcount) 4990 /* corrupt file */; 4991 else 4992 { 4993 err=TIFFReadDirEntryLongArray(tif,dp,&data); 4994 if (err==TIFFReadDirEntryErrOk) 4995 { 4996 int m; 4997 m=TIFFSetField(tif,dp->tdir_tag,data); 4998 if (data!=0) 4999 _TIFFfree(data); 5000 if (!m) 5001 return(0); 5002 } 5003 } 5004 } 5005 break; 5006 case TIFF_SETGET_C0_FLOAT: 5007 { 5008 float* data; 5009 assert(fip->field_readcount>=1); 5010 assert(fip->field_passcount==0); 5011 if (dp->tdir_count!=(uint64)fip->field_readcount) 5012 /* corrupt file */; 5013 else 5014 { 5015 err=TIFFReadDirEntryFloatArray(tif,dp,&data); 5016 if (err==TIFFReadDirEntryErrOk) 5017 { 5018 int m; 5019 m=TIFFSetField(tif,dp->tdir_tag,data); 5020 if (data!=0) 5021 _TIFFfree(data); 5022 if (!m) 5023 return(0); 5024 } 5025 } 5026 } 5027 break; 5028 case TIFF_SETGET_C16_ASCII: 5029 { 5030 uint8* data; 5031 assert(fip->field_readcount==TIFF_VARIABLE); 5032 assert(fip->field_passcount==1); 5033 if (dp->tdir_count>0xFFFF) 5034 err=TIFFReadDirEntryErrCount; 5035 else 5036 { 5037 err=TIFFReadDirEntryByteArray(tif,dp,&data); 5038 if (err==TIFFReadDirEntryErrOk) 5039 { 5040 int m; 5041 if( dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' ) 5042 { 5043 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name); 5044 data[dp->tdir_count-1] = '\0'; 5045 } 5046 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data); 5047 if (data!=0) 5048 _TIFFfree(data); 5049 if (!m) 5050 return(0); 5051 } 5052 } 5053 } 5054 break; 5055 case TIFF_SETGET_C16_UINT8: 5056 { 5057 uint8* data; 5058 assert(fip->field_readcount==TIFF_VARIABLE); 5059 assert(fip->field_passcount==1); 5060 if (dp->tdir_count>0xFFFF) 5061 err=TIFFReadDirEntryErrCount; 5062 else 5063 { 5064 err=TIFFReadDirEntryByteArray(tif,dp,&data); 5065 if (err==TIFFReadDirEntryErrOk) 5066 { 5067 int m; 5068 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data); 5069 if (data!=0) 5070 _TIFFfree(data); 5071 if (!m) 5072 return(0); 5073 } 5074 } 5075 } 5076 break; 5077 case TIFF_SETGET_C16_UINT16: 5078 { 5079 uint16* data; 5080 assert(fip->field_readcount==TIFF_VARIABLE); 5081 assert(fip->field_passcount==1); 5082 if (dp->tdir_count>0xFFFF) 5083 err=TIFFReadDirEntryErrCount; 5084 else 5085 { 5086 err=TIFFReadDirEntryShortArray(tif,dp,&data); 5087 if (err==TIFFReadDirEntryErrOk) 5088 { 5089 int m; 5090 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data); 5091 if (data!=0) 5092 _TIFFfree(data); 5093 if (!m) 5094 return(0); 5095 } 5096 } 5097 } 5098 break; 5099 case TIFF_SETGET_C16_UINT32: 5100 { 5101 uint32* data; 5102 assert(fip->field_readcount==TIFF_VARIABLE); 5103 assert(fip->field_passcount==1); 5104 if (dp->tdir_count>0xFFFF) 5105 err=TIFFReadDirEntryErrCount; 5106 else 5107 { 5108 err=TIFFReadDirEntryLongArray(tif,dp,&data); 5109 if (err==TIFFReadDirEntryErrOk) 5110 { 5111 int m; 5112 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data); 5113 if (data!=0) 5114 _TIFFfree(data); 5115 if (!m) 5116 return(0); 5117 } 5118 } 5119 } 5120 break; 5121 case TIFF_SETGET_C16_UINT64: 5122 { 5123 uint64* data; 5124 assert(fip->field_readcount==TIFF_VARIABLE); 5125 assert(fip->field_passcount==1); 5126 if (dp->tdir_count>0xFFFF) 5127 err=TIFFReadDirEntryErrCount; 5128 else 5129 { 5130 err=TIFFReadDirEntryLong8Array(tif,dp,&data); 5131 if (err==TIFFReadDirEntryErrOk) 5132 { 5133 int m; 5134 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data); 5135 if (data!=0) 5136 _TIFFfree(data); 5137 if (!m) 5138 return(0); 5139 } 5140 } 5141 } 5142 break; 5143 case TIFF_SETGET_C16_FLOAT: 5144 { 5145 float* data; 5146 assert(fip->field_readcount==TIFF_VARIABLE); 5147 assert(fip->field_passcount==1); 5148 if (dp->tdir_count>0xFFFF) 5149 err=TIFFReadDirEntryErrCount; 5150 else 5151 { 5152 err=TIFFReadDirEntryFloatArray(tif,dp,&data); 5153 if (err==TIFFReadDirEntryErrOk) 5154 { 5155 int m; 5156 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data); 5157 if (data!=0) 5158 _TIFFfree(data); 5159 if (!m) 5160 return(0); 5161 } 5162 } 5163 } 5164 break; 5165 case TIFF_SETGET_C16_DOUBLE: 5166 { 5167 double* data; 5168 assert(fip->field_readcount==TIFF_VARIABLE); 5169 assert(fip->field_passcount==1); 5170 if (dp->tdir_count>0xFFFF) 5171 err=TIFFReadDirEntryErrCount; 5172 else 5173 { 5174 err=TIFFReadDirEntryDoubleArray(tif,dp,&data); 5175 if (err==TIFFReadDirEntryErrOk) 5176 { 5177 int m; 5178 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data); 5179 if (data!=0) 5180 _TIFFfree(data); 5181 if (!m) 5182 return(0); 5183 } 5184 } 5185 } 5186 break; 5187 case TIFF_SETGET_C16_IFD8: 5188 { 5189 uint64* data; 5190 assert(fip->field_readcount==TIFF_VARIABLE); 5191 assert(fip->field_passcount==1); 5192 if (dp->tdir_count>0xFFFF) 5193 err=TIFFReadDirEntryErrCount; 5194 else 5195 { 5196 err=TIFFReadDirEntryIfd8Array(tif,dp,&data); 5197 if (err==TIFFReadDirEntryErrOk) 5198 { 5199 int m; 5200 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data); 5201 if (data!=0) 5202 _TIFFfree(data); 5203 if (!m) 5204 return(0); 5205 } 5206 } 5207 } 5208 break; 5209 case TIFF_SETGET_C32_ASCII: 5210 { 5211 uint8* data; 5212 assert(fip->field_readcount==TIFF_VARIABLE2); 5213 assert(fip->field_passcount==1); 5214 err=TIFFReadDirEntryByteArray(tif,dp,&data); 5215 if (err==TIFFReadDirEntryErrOk) 5216 { 5217 int m; 5218 if( dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' ) 5219 { 5220 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name); 5221 data[dp->tdir_count-1] = '\0'; 5222 } 5223 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5224 if (data!=0) 5225 _TIFFfree(data); 5226 if (!m) 5227 return(0); 5228 } 5229 } 5230 break; 5231 case TIFF_SETGET_C32_UINT8: 5232 { 5233 uint8* data; 5234 assert(fip->field_readcount==TIFF_VARIABLE2); 5235 assert(fip->field_passcount==1); 5236 err=TIFFReadDirEntryByteArray(tif,dp,&data); 5237 if (err==TIFFReadDirEntryErrOk) 5238 { 5239 int m; 5240 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5241 if (data!=0) 5242 _TIFFfree(data); 5243 if (!m) 5244 return(0); 5245 } 5246 } 5247 break; 5248 case TIFF_SETGET_C32_SINT8: 5249 { 5250 int8* data = NULL; 5251 assert(fip->field_readcount==TIFF_VARIABLE2); 5252 assert(fip->field_passcount==1); 5253 err=TIFFReadDirEntrySbyteArray(tif,dp,&data); 5254 if (err==TIFFReadDirEntryErrOk) 5255 { 5256 int m; 5257 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5258 if (data!=0) 5259 _TIFFfree(data); 5260 if (!m) 5261 return(0); 5262 } 5263 } 5264 break; 5265 case TIFF_SETGET_C32_UINT16: 5266 { 5267 uint16* data; 5268 assert(fip->field_readcount==TIFF_VARIABLE2); 5269 assert(fip->field_passcount==1); 5270 err=TIFFReadDirEntryShortArray(tif,dp,&data); 5271 if (err==TIFFReadDirEntryErrOk) 5272 { 5273 int m; 5274 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5275 if (data!=0) 5276 _TIFFfree(data); 5277 if (!m) 5278 return(0); 5279 } 5280 } 5281 break; 5282 case TIFF_SETGET_C32_SINT16: 5283 { 5284 int16* data = NULL; 5285 assert(fip->field_readcount==TIFF_VARIABLE2); 5286 assert(fip->field_passcount==1); 5287 err=TIFFReadDirEntrySshortArray(tif,dp,&data); 5288 if (err==TIFFReadDirEntryErrOk) 5289 { 5290 int m; 5291 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5292 if (data!=0) 5293 _TIFFfree(data); 5294 if (!m) 5295 return(0); 5296 } 5297 } 5298 break; 5299 case TIFF_SETGET_C32_UINT32: 5300 { 5301 uint32* data; 5302 assert(fip->field_readcount==TIFF_VARIABLE2); 5303 assert(fip->field_passcount==1); 5304 err=TIFFReadDirEntryLongArray(tif,dp,&data); 5305 if (err==TIFFReadDirEntryErrOk) 5306 { 5307 int m; 5308 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5309 if (data!=0) 5310 _TIFFfree(data); 5311 if (!m) 5312 return(0); 5313 } 5314 } 5315 break; 5316 case TIFF_SETGET_C32_SINT32: 5317 { 5318 int32* data = NULL; 5319 assert(fip->field_readcount==TIFF_VARIABLE2); 5320 assert(fip->field_passcount==1); 5321 err=TIFFReadDirEntrySlongArray(tif,dp,&data); 5322 if (err==TIFFReadDirEntryErrOk) 5323 { 5324 int m; 5325 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5326 if (data!=0) 5327 _TIFFfree(data); 5328 if (!m) 5329 return(0); 5330 } 5331 } 5332 break; 5333 case TIFF_SETGET_C32_UINT64: 5334 { 5335 uint64* data; 5336 assert(fip->field_readcount==TIFF_VARIABLE2); 5337 assert(fip->field_passcount==1); 5338 err=TIFFReadDirEntryLong8Array(tif,dp,&data); 5339 if (err==TIFFReadDirEntryErrOk) 5340 { 5341 int m; 5342 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5343 if (data!=0) 5344 _TIFFfree(data); 5345 if (!m) 5346 return(0); 5347 } 5348 } 5349 break; 5350 case TIFF_SETGET_C32_SINT64: 5351 { 5352 int64* data = NULL; 5353 assert(fip->field_readcount==TIFF_VARIABLE2); 5354 assert(fip->field_passcount==1); 5355 err=TIFFReadDirEntrySlong8Array(tif,dp,&data); 5356 if (err==TIFFReadDirEntryErrOk) 5357 { 5358 int m; 5359 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5360 if (data!=0) 5361 _TIFFfree(data); 5362 if (!m) 5363 return(0); 5364 } 5365 } 5366 break; 5367 case TIFF_SETGET_C32_FLOAT: 5368 { 5369 float* data; 5370 assert(fip->field_readcount==TIFF_VARIABLE2); 5371 assert(fip->field_passcount==1); 5372 err=TIFFReadDirEntryFloatArray(tif,dp,&data); 5373 if (err==TIFFReadDirEntryErrOk) 5374 { 5375 int m; 5376 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5377 if (data!=0) 5378 _TIFFfree(data); 5379 if (!m) 5380 return(0); 5381 } 5382 } 5383 break; 5384 case TIFF_SETGET_C32_DOUBLE: 5385 { 5386 double* data; 5387 assert(fip->field_readcount==TIFF_VARIABLE2); 5388 assert(fip->field_passcount==1); 5389 err=TIFFReadDirEntryDoubleArray(tif,dp,&data); 5390 if (err==TIFFReadDirEntryErrOk) 5391 { 5392 int m; 5393 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5394 if (data!=0) 5395 _TIFFfree(data); 5396 if (!m) 5397 return(0); 5398 } 5399 } 5400 break; 5401 case TIFF_SETGET_C32_IFD8: 5402 { 5403 uint64* data; 5404 assert(fip->field_readcount==TIFF_VARIABLE2); 5405 assert(fip->field_passcount==1); 5406 err=TIFFReadDirEntryIfd8Array(tif,dp,&data); 5407 if (err==TIFFReadDirEntryErrOk) 5408 { 5409 int m; 5410 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data); 5411 if (data!=0) 5412 _TIFFfree(data); 5413 if (!m) 5414 return(0); 5415 } 5416 } 5417 break; 5418 default: 5419 assert(0); /* we should never get here */ 5420 break; 5421 } 5422 if (err!=TIFFReadDirEntryErrOk) 5423 { 5424 TIFFReadDirEntryOutputErr(tif,err,module,fip->field_name,recover); 5425 return(0); 5426 } 5427 return(1); 5428 } 5429 5430 /* 5431 * Fetch a set of offsets or lengths. 5432 * While this routine says "strips", in fact it's also used for tiles. 5433 */ 5434 static int 5435 TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp) 5436 { 5437 static const char module[] = "TIFFFetchStripThing"; 5438 enum TIFFReadDirEntryErr err; 5439 uint64* data; 5440 err=TIFFReadDirEntryLong8Array(tif,dir,&data); 5441 if (err!=TIFFReadDirEntryErrOk) 5442 { 5443 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag); 5444 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); 5445 return(0); 5446 } 5447 if (dir->tdir_count!=(uint64)nstrips) 5448 { 5449 uint64* resizeddata; 5450 resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array"); 5451 if (resizeddata==0) { 5452 _TIFFfree(data); 5453 return(0); 5454 } 5455 if (dir->tdir_count<(uint64)nstrips) 5456 { 5457 _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64)); 5458 _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64)); 5459 } 5460 else 5461 _TIFFmemcpy(resizeddata,data,nstrips*sizeof(uint64)); 5462 _TIFFfree(data); 5463 data=resizeddata; 5464 } 5465 *lpp=data; 5466 return(1); 5467 } 5468 5469 /* 5470 * Fetch and set the SubjectDistance EXIF tag. 5471 */ 5472 static int 5473 TIFFFetchSubjectDistance(TIFF* tif, TIFFDirEntry* dir) 5474 { 5475 static const char module[] = "TIFFFetchSubjectDistance"; 5476 enum TIFFReadDirEntryErr err; 5477 UInt64Aligned_t m; 5478 m.l=0; 5479 assert(sizeof(double)==8); 5480 assert(sizeof(uint64)==8); 5481 assert(sizeof(uint32)==4); 5482 if (dir->tdir_count!=1) 5483 err=TIFFReadDirEntryErrCount; 5484 else if (dir->tdir_type!=TIFF_RATIONAL) 5485 err=TIFFReadDirEntryErrType; 5486 else 5487 { 5488 if (!(tif->tif_flags&TIFF_BIGTIFF)) 5489 { 5490 uint32 offset; 5491 offset=*(uint32*)(&dir->tdir_offset); 5492 if (tif->tif_flags&TIFF_SWAB) 5493 TIFFSwabLong(&offset); 5494 err=TIFFReadDirEntryData(tif,offset,8,m.i); 5495 } 5496 else 5497 { 5498 m.l=dir->tdir_offset.toff_long8; 5499 err=TIFFReadDirEntryErrOk; 5500 } 5501 } 5502 if (err==TIFFReadDirEntryErrOk) 5503 { 5504 double n; 5505 if (tif->tif_flags&TIFF_SWAB) 5506 TIFFSwabArrayOfLong(m.i,2); 5507 if (m.i[0]==0) 5508 n=0.0; 5509 else if (m.i[0]==0xFFFFFFFF) 5510 /* 5511 * XXX: Numerator 0xFFFFFFFF means that we have infinite 5512 * distance. Indicate that with a negative floating point 5513 * SubjectDistance value. 5514 */ 5515 n=-1.0; 5516 else 5517 n=(double)m.i[0]/(double)m.i[1]; 5518 return(TIFFSetField(tif,dir->tdir_tag,n)); 5519 } 5520 else 5521 { 5522 TIFFReadDirEntryOutputErr(tif,err,module,"SubjectDistance",TRUE); 5523 return(0); 5524 } 5525 } 5526 5527 /* 5528 * Replace a single strip (tile) of uncompressed data by multiple strips 5529 * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for 5530 * dealing with large images or for dealing with machines with a limited 5531 * amount memory. 5532 */ 5533 static void 5534 ChopUpSingleUncompressedStrip(TIFF* tif) 5535 { 5536 register TIFFDirectory *td = &tif->tif_dir; 5537 uint64 bytecount; 5538 uint64 offset; 5539 uint32 rowblock; 5540 uint64 rowblockbytes; 5541 uint64 stripbytes; 5542 uint32 strip; 5543 uint32 nstrips; 5544 uint32 rowsperstrip; 5545 uint64* newcounts; 5546 uint64* newoffsets; 5547 5548 bytecount = td->td_stripbytecount[0]; 5549 offset = td->td_stripoffset[0]; 5550 assert(td->td_planarconfig == PLANARCONFIG_CONTIG); 5551 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&& 5552 (!isUpSampled(tif))) 5553 rowblock = td->td_ycbcrsubsampling[1]; 5554 else 5555 rowblock = 1; 5556 rowblockbytes = TIFFVTileSize64(tif, rowblock); 5557 /* 5558 * Make the rows hold at least one scanline, but fill specified amount 5559 * of data if possible. 5560 */ 5561 if (rowblockbytes > STRIP_SIZE_DEFAULT) { 5562 stripbytes = rowblockbytes; 5563 rowsperstrip = rowblock; 5564 } else if (rowblockbytes > 0 ) { 5565 uint32 rowblocksperstrip; 5566 rowblocksperstrip = (uint32) (STRIP_SIZE_DEFAULT / rowblockbytes); 5567 rowsperstrip = rowblocksperstrip * rowblock; 5568 stripbytes = rowblocksperstrip * rowblockbytes; 5569 } 5570 else 5571 return; 5572 5573 /* 5574 * never increase the number of rows per strip 5575 */ 5576 if (rowsperstrip >= td->td_rowsperstrip) 5577 return; 5578 nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); 5579 if( nstrips == 0 ) 5580 return; 5581 5582 newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), 5583 "for chopped \"StripByteCounts\" array"); 5584 newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), 5585 "for chopped \"StripOffsets\" array"); 5586 if (newcounts == NULL || newoffsets == NULL) { 5587 /* 5588 * Unable to allocate new strip information, give up and use 5589 * the original one strip information. 5590 */ 5591 if (newcounts != NULL) 5592 _TIFFfree(newcounts); 5593 if (newoffsets != NULL) 5594 _TIFFfree(newoffsets); 5595 return; 5596 } 5597 /* 5598 * Fill the strip information arrays with new bytecounts and offsets 5599 * that reflect the broken-up format. 5600 */ 5601 for (strip = 0; strip < nstrips; strip++) { 5602 if (stripbytes > bytecount) 5603 stripbytes = bytecount; 5604 newcounts[strip] = stripbytes; 5605 newoffsets[strip] = stripbytes ? offset : 0; 5606 offset += stripbytes; 5607 bytecount -= stripbytes; 5608 } 5609 /* 5610 * Replace old single strip info with multi-strip info. 5611 */ 5612 td->td_stripsperimage = td->td_nstrips = nstrips; 5613 TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); 5614 5615 _TIFFfree(td->td_stripbytecount); 5616 _TIFFfree(td->td_stripoffset); 5617 td->td_stripbytecount = newcounts; 5618 td->td_stripoffset = newoffsets; 5619 td->td_stripbytecountsorted = 1; 5620 } 5621 5622 int _TIFFFillStriles( TIFF *tif ) 5623 { 5624 return _TIFFFillStrilesInternal( tif, 1 ); 5625 } 5626 5627 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount ) 5628 { 5629 #if defined(DEFER_STRILE_LOAD) 5630 register TIFFDirectory *td = &tif->tif_dir; 5631 int return_value = 1; 5632 5633 if( td->td_stripoffset != NULL ) 5634 return 1; 5635 5636 if( td->td_stripoffset_entry.tdir_count == 0 ) 5637 return 0; 5638 5639 if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry), 5640 td->td_nstrips,&td->td_stripoffset)) 5641 { 5642 return_value = 0; 5643 } 5644 5645 if (loadStripByteCount && 5646 !TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry), 5647 td->td_nstrips,&td->td_stripbytecount)) 5648 { 5649 return_value = 0; 5650 } 5651 5652 _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry)); 5653 _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry)); 5654 5655 if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) { 5656 uint32 strip; 5657 5658 tif->tif_dir.td_stripbytecountsorted = 1; 5659 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) { 5660 if (tif->tif_dir.td_stripoffset[strip - 1] > 5661 tif->tif_dir.td_stripoffset[strip]) { 5662 tif->tif_dir.td_stripbytecountsorted = 0; 5663 break; 5664 } 5665 } 5666 } 5667 5668 return return_value; 5669 #else /* !defined(DEFER_STRILE_LOAD) */ 5670 (void) tif; 5671 (void) loadStripByteCount; 5672 return 1; 5673 #endif 5674 } 5675 5676 5677 /* vim: set ts=8 sts=8 sw=8 noet: */ 5678 /* 5679 * Local Variables: 5680 * mode: c 5681 * c-basic-offset: 8 5682 * fill-column: 78 5683 * End: 5684 */ 5685