1 /* $Id: tif_read.c,v 1.59 2017-05-13 15:34:06 erouault Exp $ */ 2 3 /* 4 * Copyright (c) 1988-1997 Sam Leffler 5 * Copyright (c) 1991-1997 Silicon Graphics, Inc. 6 * 7 * Permission to use, copy, modify, distribute, and sell this software and 8 * its documentation for any purpose is hereby granted without fee, provided 9 * that (i) the above copyright notices and this permission notice appear in 10 * all copies of the software and related documentation, and (ii) the names of 11 * Sam Leffler and Silicon Graphics may not be used in any advertising or 12 * publicity relating to the software without the specific, prior written 13 * permission of Sam Leffler and Silicon Graphics. 14 * 15 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY 17 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 18 * 19 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR 20 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, 21 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, 22 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF 23 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE 24 * OF THIS SOFTWARE. 25 */ 26 27 /* 28 * TIFF Library. 29 * Scanline-oriented Read Support 30 */ 31 #include "tiffiop.h" 32 #include <stdio.h> 33 34 #define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) 35 #define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) 36 37 int TIFFFillStrip(TIFF* tif, uint32 strip); 38 int TIFFFillTile(TIFF* tif, uint32 tile); 39 static int TIFFStartStrip(TIFF* tif, uint32 strip); 40 static int TIFFStartTile(TIFF* tif, uint32 tile); 41 static int TIFFCheckRead(TIFF*, int); 42 static tmsize_t 43 TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size,const char* module); 44 static tmsize_t 45 TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* module); 46 47 #define NOSTRIP ((uint32)(-1)) /* undefined state */ 48 #define NOTILE ((uint32)(-1)) /* undefined state */ 49 50 #define INITIAL_THRESHOLD (1024 * 1024) 51 #define THRESHOLD_MULTIPLIER 10 52 #define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD) 53 54 /* Read 'size' bytes in tif_rawdata buffer starting at offset 'rawdata_offset' 55 * Returns 1 in case of success, 0 otherwise. */ 56 static int TIFFReadAndRealloc( TIFF* tif, tmsize_t size, 57 tmsize_t rawdata_offset, 58 int is_strip, uint32 strip_or_tile, 59 const char* module ) 60 { 61 #if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8 62 tmsize_t threshold = INITIAL_THRESHOLD; 63 #endif 64 tmsize_t already_read = 0; 65 66 /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */ 67 /* so as to avoid allocating too much memory in case the file is too */ 68 /* short. We could ask for the file size, but this might be */ 69 /* expensive with some I/O layers (think of reading a gzipped file) */ 70 /* Restrict to 64 bit processes, so as to avoid reallocs() */ 71 /* on 32 bit processes where virtual memory is scarce. */ 72 while( already_read < size ) 73 { 74 tmsize_t bytes_read; 75 tmsize_t to_read = size - already_read; 76 #if SIZEOF_VOIDP == 8 || SIZEOF_SIZE_T == 8 77 if( to_read >= threshold && threshold < MAX_THRESHOLD && 78 already_read + to_read + rawdata_offset > tif->tif_rawdatasize ) 79 { 80 to_read = threshold; 81 threshold *= THRESHOLD_MULTIPLIER; 82 } 83 #endif 84 if (already_read + to_read + rawdata_offset > tif->tif_rawdatasize) { 85 uint8* new_rawdata; 86 assert((tif->tif_flags & TIFF_MYBUFFER) != 0); 87 tif->tif_rawdatasize = (tmsize_t)TIFFroundup_64( 88 (uint64)already_read + to_read + rawdata_offset, 1024); 89 if (tif->tif_rawdatasize==0) { 90 TIFFErrorExt(tif->tif_clientdata, module, 91 "Invalid buffer size"); 92 return 0; 93 } 94 new_rawdata = (uint8*) _TIFFrealloc( 95 tif->tif_rawdata, tif->tif_rawdatasize); 96 if( new_rawdata == 0 ) 97 { 98 TIFFErrorExt(tif->tif_clientdata, module, 99 "No space for data buffer at scanline %lu", 100 (unsigned long) tif->tif_row); 101 _TIFFfree(tif->tif_rawdata); 102 tif->tif_rawdata = 0; 103 tif->tif_rawdatasize = 0; 104 return 0; 105 } 106 tif->tif_rawdata = new_rawdata; 107 } 108 109 bytes_read = TIFFReadFile(tif, 110 tif->tif_rawdata + rawdata_offset + already_read, to_read); 111 already_read += bytes_read; 112 if (bytes_read != to_read) { 113 memset( tif->tif_rawdata + rawdata_offset + already_read, 0, 114 tif->tif_rawdatasize - rawdata_offset - already_read ); 115 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 116 if( is_strip ) 117 { 118 TIFFErrorExt(tif->tif_clientdata, module, 119 "Read error at scanline %lu; got %I64u bytes, " 120 "expected %I64u", 121 (unsigned long) tif->tif_row, 122 (unsigned __int64) already_read, 123 (unsigned __int64) size); 124 } 125 else 126 { 127 TIFFErrorExt(tif->tif_clientdata, module, 128 "Read error at row %lu, col %lu, tile %lu; " 129 "got %I64u bytes, expected %I64u", 130 (unsigned long) tif->tif_row, 131 (unsigned long) tif->tif_col, 132 (unsigned long) strip_or_tile, 133 (unsigned __int64) already_read, 134 (unsigned __int64) size); 135 } 136 #else 137 if( is_strip ) 138 { 139 TIFFErrorExt(tif->tif_clientdata, module, 140 "Read error at scanline %lu; got %llu bytes, " 141 "expected %llu", 142 (unsigned long) tif->tif_row, 143 (unsigned long long) already_read, 144 (unsigned long long) size); 145 } 146 else 147 { 148 TIFFErrorExt(tif->tif_clientdata, module, 149 "Read error at row %lu, col %lu, tile %lu; " 150 "got %llu bytes, expected %llu", 151 (unsigned long) tif->tif_row, 152 (unsigned long) tif->tif_col, 153 (unsigned long) strip_or_tile, 154 (unsigned long long) already_read, 155 (unsigned long long) size); 156 } 157 #endif 158 return 0; 159 } 160 } 161 return 1; 162 } 163 164 165 static int 166 TIFFFillStripPartial( TIFF *tif, int strip, tmsize_t read_ahead, int restart ) 167 { 168 static const char module[] = "TIFFFillStripPartial"; 169 register TIFFDirectory *td = &tif->tif_dir; 170 tmsize_t unused_data; 171 uint64 read_offset; 172 tmsize_t to_read; 173 tmsize_t read_ahead_mod; 174 /* tmsize_t bytecountm; */ 175 176 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 177 return 0; 178 179 /* 180 * Expand raw data buffer, if needed, to hold data 181 * strip coming from file (perhaps should set upper 182 * bound on the size of a buffer we'll use?). 183 */ 184 185 /* bytecountm=(tmsize_t) td->td_stripbytecount[strip]; */ 186 187 /* Not completely sure where the * 2 comes from, but probably for */ 188 /* an exponentional growth strategy of tif_rawdatasize */ 189 if( read_ahead < TIFF_TMSIZE_T_MAX / 2 ) 190 read_ahead_mod = read_ahead * 2; 191 else 192 read_ahead_mod = read_ahead; 193 if (read_ahead_mod > tif->tif_rawdatasize) { 194 assert( restart ); 195 196 tif->tif_curstrip = NOSTRIP; 197 if ((tif->tif_flags & TIFF_MYBUFFER) == 0) { 198 TIFFErrorExt(tif->tif_clientdata, module, 199 "Data buffer too small to hold part of strip %lu", 200 (unsigned long) strip); 201 return (0); 202 } 203 } 204 205 if( restart ) 206 { 207 tif->tif_rawdataloaded = 0; 208 tif->tif_rawdataoff = 0; 209 } 210 211 /* 212 ** If we are reading more data, move any unused data to the 213 ** start of the buffer. 214 */ 215 if( tif->tif_rawdataloaded > 0 ) 216 unused_data = tif->tif_rawdataloaded - (tif->tif_rawcp - tif->tif_rawdata); 217 else 218 unused_data = 0; 219 220 if( unused_data > 0 ) 221 { 222 assert((tif->tif_flags&TIFF_BUFFERMMAP)==0); 223 memmove( tif->tif_rawdata, tif->tif_rawcp, unused_data ); 224 } 225 226 /* 227 ** Seek to the point in the file where more data should be read. 228 */ 229 read_offset = td->td_stripoffset[strip] 230 + tif->tif_rawdataoff + tif->tif_rawdataloaded; 231 232 if (!SeekOK(tif, read_offset)) { 233 TIFFErrorExt(tif->tif_clientdata, module, 234 "Seek error at scanline %lu, strip %lu", 235 (unsigned long) tif->tif_row, (unsigned long) strip); 236 return 0; 237 } 238 239 /* 240 ** How much do we want to read? 241 */ 242 if( read_ahead_mod > tif->tif_rawdatasize ) 243 to_read = read_ahead_mod - unused_data; 244 else 245 to_read = tif->tif_rawdatasize - unused_data; 246 if( (uint64) to_read > td->td_stripbytecount[strip] 247 - tif->tif_rawdataoff - tif->tif_rawdataloaded ) 248 { 249 to_read = (tmsize_t) td->td_stripbytecount[strip] 250 - tif->tif_rawdataoff - tif->tif_rawdataloaded; 251 } 252 253 assert((tif->tif_flags&TIFF_BUFFERMMAP)==0); 254 if( !TIFFReadAndRealloc( tif, to_read, unused_data, 255 1, /* is_strip */ 256 0, /* strip_or_tile */ 257 module) ) 258 { 259 return 0; 260 } 261 262 tif->tif_rawdataoff = tif->tif_rawdataoff + tif->tif_rawdataloaded - unused_data ; 263 tif->tif_rawdataloaded = unused_data + to_read; 264 265 tif->tif_rawcp = tif->tif_rawdata; 266 267 if (!isFillOrder(tif, td->td_fillorder) && 268 (tif->tif_flags & TIFF_NOBITREV) == 0) { 269 assert((tif->tif_flags&TIFF_BUFFERMMAP)==0); 270 TIFFReverseBits(tif->tif_rawdata + unused_data, to_read ); 271 } 272 273 /* 274 ** When starting a strip from the beginning we need to 275 ** restart the decoder. 276 */ 277 if( restart ) 278 return TIFFStartStrip(tif, strip); 279 else 280 { 281 tif->tif_rawcc = tif->tif_rawdataloaded; 282 return 1; 283 } 284 } 285 286 /* 287 * Seek to a random row+sample in a file. 288 * 289 * Only used by TIFFReadScanline, and is only used on 290 * strip organized files. We do some tricky stuff to try 291 * and avoid reading the whole compressed raw data for big 292 * strips. 293 */ 294 static int 295 TIFFSeek(TIFF* tif, uint32 row, uint16 sample ) 296 { 297 register TIFFDirectory *td = &tif->tif_dir; 298 uint32 strip; 299 int whole_strip; 300 tmsize_t read_ahead = 0; 301 302 /* 303 ** Establish what strip we are working from. 304 */ 305 if (row >= td->td_imagelength) { /* out of range */ 306 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, 307 "%lu: Row out of range, max %lu", 308 (unsigned long) row, 309 (unsigned long) td->td_imagelength); 310 return (0); 311 } 312 if (td->td_planarconfig == PLANARCONFIG_SEPARATE) { 313 if (sample >= td->td_samplesperpixel) { 314 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, 315 "%lu: Sample out of range, max %lu", 316 (unsigned long) sample, (unsigned long) td->td_samplesperpixel); 317 return (0); 318 } 319 strip = (uint32)sample*td->td_stripsperimage + row/td->td_rowsperstrip; 320 } else 321 strip = row / td->td_rowsperstrip; 322 323 /* 324 * Do we want to treat this strip as one whole chunk or 325 * read it a few lines at a time? 326 */ 327 #if defined(CHUNKY_STRIP_READ_SUPPORT) 328 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 329 return 0; 330 whole_strip = tif->tif_dir.td_stripbytecount[strip] < 10 331 || isMapped(tif); 332 #else 333 whole_strip = 1; 334 #endif 335 336 if( !whole_strip ) 337 { 338 /* 16 is for YCbCr mode where we may need to read 16 */ 339 /* lines at a time to get a decompressed line, and 5000 */ 340 /* is some constant value, for example for JPEG tables */ 341 if( tif->tif_scanlinesize < TIFF_TMSIZE_T_MAX / 16 && 342 tif->tif_scanlinesize * 16 < TIFF_TMSIZE_T_MAX - 5000 ) 343 { 344 read_ahead = tif->tif_scanlinesize * 16 + 5000; 345 } 346 else 347 { 348 read_ahead = tif->tif_scanlinesize; 349 } 350 } 351 352 /* 353 * If we haven't loaded this strip, do so now, possibly 354 * only reading the first part. 355 */ 356 if (strip != tif->tif_curstrip) { /* different strip, refill */ 357 358 if( whole_strip ) 359 { 360 if (!TIFFFillStrip(tif, strip)) 361 return (0); 362 } 363 else 364 { 365 if( !TIFFFillStripPartial(tif,strip,read_ahead,1) ) 366 return 0; 367 } 368 } 369 370 /* 371 ** If we already have some data loaded, do we need to read some more? 372 */ 373 else if( !whole_strip ) 374 { 375 if( ((tif->tif_rawdata + tif->tif_rawdataloaded) - tif->tif_rawcp) < read_ahead 376 && (uint64) tif->tif_rawdataoff+tif->tif_rawdataloaded < td->td_stripbytecount[strip] ) 377 { 378 if( !TIFFFillStripPartial(tif,strip,read_ahead,0) ) 379 return 0; 380 } 381 } 382 383 if (row < tif->tif_row) { 384 /* 385 * Moving backwards within the same strip: backup 386 * to the start and then decode forward (below). 387 * 388 * NB: If you're planning on lots of random access within a 389 * strip, it's better to just read and decode the entire 390 * strip, and then access the decoded data in a random fashion. 391 */ 392 393 if( tif->tif_rawdataoff != 0 ) 394 { 395 if( !TIFFFillStripPartial(tif,strip,read_ahead,1) ) 396 return 0; 397 } 398 else 399 { 400 if (!TIFFStartStrip(tif, strip)) 401 return (0); 402 } 403 } 404 405 if (row != tif->tif_row) { 406 /* 407 * Seek forward to the desired row. 408 */ 409 410 /* TODO: Will this really work with partial buffers? */ 411 412 if (!(*tif->tif_seek)(tif, row - tif->tif_row)) 413 return (0); 414 tif->tif_row = row; 415 } 416 417 return (1); 418 } 419 420 int 421 TIFFReadScanline(TIFF* tif, void* buf, uint32 row, uint16 sample) 422 { 423 int e; 424 425 if (!TIFFCheckRead(tif, 0)) 426 return (-1); 427 if( (e = TIFFSeek(tif, row, sample)) != 0) { 428 /* 429 * Decompress desired row into user buffer. 430 */ 431 e = (*tif->tif_decoderow) 432 (tif, (uint8*) buf, tif->tif_scanlinesize, sample); 433 434 /* we are now poised at the beginning of the next row */ 435 tif->tif_row = row + 1; 436 437 if (e) 438 (*tif->tif_postdecode)(tif, (uint8*) buf, 439 tif->tif_scanlinesize); 440 } 441 return (e > 0 ? 1 : -1); 442 } 443 444 /* 445 * Calculate the strip size according to the number of 446 * rows in the strip (check for truncated last strip on any 447 * of the separations). 448 */ 449 static tmsize_t TIFFReadEncodedStripGetStripSize(TIFF* tif, uint32 strip, uint16* pplane) 450 { 451 static const char module[] = "TIFFReadEncodedStrip"; 452 TIFFDirectory *td = &tif->tif_dir; 453 uint32 rowsperstrip; 454 uint32 stripsperplane; 455 uint32 stripinplane; 456 uint32 rows; 457 tmsize_t stripsize; 458 if (!TIFFCheckRead(tif,0)) 459 return((tmsize_t)(-1)); 460 if (strip>=td->td_nstrips) 461 { 462 TIFFErrorExt(tif->tif_clientdata,module, 463 "%lu: Strip out of range, max %lu",(unsigned long)strip, 464 (unsigned long)td->td_nstrips); 465 return((tmsize_t)(-1)); 466 } 467 468 rowsperstrip=td->td_rowsperstrip; 469 if (rowsperstrip>td->td_imagelength) 470 rowsperstrip=td->td_imagelength; 471 stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip); 472 stripinplane=(strip%stripsperplane); 473 if( pplane ) *pplane=(uint16)(strip/stripsperplane); 474 rows=td->td_imagelength-stripinplane*rowsperstrip; 475 if (rows>rowsperstrip) 476 rows=rowsperstrip; 477 stripsize=TIFFVStripSize(tif,rows); 478 if (stripsize==0) 479 return((tmsize_t)(-1)); 480 return stripsize; 481 } 482 483 /* 484 * Read a strip of data and decompress the specified 485 * amount into the user-supplied buffer. 486 */ 487 tmsize_t 488 TIFFReadEncodedStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size) 489 { 490 static const char module[] = "TIFFReadEncodedStrip"; 491 TIFFDirectory *td = &tif->tif_dir; 492 tmsize_t stripsize; 493 uint16 plane; 494 495 stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane); 496 if (stripsize==((tmsize_t)(-1))) 497 return((tmsize_t)(-1)); 498 499 /* shortcut to avoid an extra memcpy() */ 500 if( td->td_compression == COMPRESSION_NONE && 501 size!=(tmsize_t)(-1) && size >= stripsize && 502 !isMapped(tif) && 503 ((tif->tif_flags&TIFF_NOREADRAW)==0) ) 504 { 505 if (TIFFReadRawStrip1(tif, strip, buf, stripsize, module) != stripsize) 506 return ((tmsize_t)(-1)); 507 508 if (!isFillOrder(tif, td->td_fillorder) && 509 (tif->tif_flags & TIFF_NOBITREV) == 0) 510 TIFFReverseBits(buf,stripsize); 511 512 (*tif->tif_postdecode)(tif,buf,stripsize); 513 return (stripsize); 514 } 515 516 if ((size!=(tmsize_t)(-1))&&(size<stripsize)) 517 stripsize=size; 518 if (!TIFFFillStrip(tif,strip)) 519 return((tmsize_t)(-1)); 520 if ((*tif->tif_decodestrip)(tif,buf,stripsize,plane)<=0) 521 return((tmsize_t)(-1)); 522 (*tif->tif_postdecode)(tif,buf,stripsize); 523 return(stripsize); 524 } 525 526 /* Variant of TIFFReadEncodedStrip() that does 527 * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillStrip() has 528 * suceeded. This avoid excessive memory allocation in case of truncated 529 * file. 530 * * calls regular TIFFReadEncodedStrip() if *buf != NULL 531 */ 532 tmsize_t 533 _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip, 534 void **buf, tmsize_t bufsizetoalloc, 535 tmsize_t size_to_read) 536 { 537 tmsize_t this_stripsize; 538 uint16 plane; 539 540 if( *buf != NULL ) 541 { 542 return TIFFReadEncodedStrip(tif, strip, *buf, size_to_read); 543 } 544 545 this_stripsize=TIFFReadEncodedStripGetStripSize(tif, strip, &plane); 546 if (this_stripsize==((tmsize_t)(-1))) 547 return((tmsize_t)(-1)); 548 549 if ((size_to_read!=(tmsize_t)(-1))&&(size_to_read<this_stripsize)) 550 this_stripsize=size_to_read; 551 if (!TIFFFillStrip(tif,strip)) 552 return((tmsize_t)(-1)); 553 554 *buf = _TIFFmalloc(bufsizetoalloc); 555 if (*buf == NULL) { 556 TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "No space for strip buffer"); 557 return((tmsize_t)(-1)); 558 } 559 _TIFFmemset(*buf, 0, bufsizetoalloc); 560 561 if ((*tif->tif_decodestrip)(tif,*buf,this_stripsize,plane)<=0) 562 return((tmsize_t)(-1)); 563 (*tif->tif_postdecode)(tif,*buf,this_stripsize); 564 return(this_stripsize); 565 566 567 } 568 569 570 static tmsize_t 571 TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size, 572 const char* module) 573 { 574 TIFFDirectory *td = &tif->tif_dir; 575 576 if (!_TIFFFillStriles( tif )) 577 return ((tmsize_t)(-1)); 578 579 assert((tif->tif_flags&TIFF_NOREADRAW)==0); 580 if (!isMapped(tif)) { 581 tmsize_t cc; 582 583 if (!SeekOK(tif, td->td_stripoffset[strip])) { 584 TIFFErrorExt(tif->tif_clientdata, module, 585 "Seek error at scanline %lu, strip %lu", 586 (unsigned long) tif->tif_row, (unsigned long) strip); 587 return ((tmsize_t)(-1)); 588 } 589 cc = TIFFReadFile(tif, buf, size); 590 if (cc != size) { 591 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 592 TIFFErrorExt(tif->tif_clientdata, module, 593 "Read error at scanline %lu; got %I64u bytes, expected %I64u", 594 (unsigned long) tif->tif_row, 595 (unsigned __int64) cc, 596 (unsigned __int64) size); 597 #else 598 TIFFErrorExt(tif->tif_clientdata, module, 599 "Read error at scanline %lu; got %llu bytes, expected %llu", 600 (unsigned long) tif->tif_row, 601 (unsigned long long) cc, 602 (unsigned long long) size); 603 #endif 604 return ((tmsize_t)(-1)); 605 } 606 } else { 607 tmsize_t ma = 0; 608 tmsize_t n; 609 if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)|| 610 ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size)) 611 { 612 n=0; 613 } 614 else if( ma > TIFF_TMSIZE_T_MAX - size ) 615 { 616 n=0; 617 } 618 else 619 { 620 tmsize_t mb=ma+size; 621 if (mb>tif->tif_size) 622 n=tif->tif_size-ma; 623 else 624 n=size; 625 } 626 if (n!=size) { 627 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 628 TIFFErrorExt(tif->tif_clientdata, module, 629 "Read error at scanline %lu, strip %lu; got %I64u bytes, expected %I64u", 630 (unsigned long) tif->tif_row, 631 (unsigned long) strip, 632 (unsigned __int64) n, 633 (unsigned __int64) size); 634 #else 635 TIFFErrorExt(tif->tif_clientdata, module, 636 "Read error at scanline %lu, strip %lu; got %llu bytes, expected %llu", 637 (unsigned long) tif->tif_row, 638 (unsigned long) strip, 639 (unsigned long long) n, 640 (unsigned long long) size); 641 #endif 642 return ((tmsize_t)(-1)); 643 } 644 _TIFFmemcpy(buf, tif->tif_base + ma, 645 size); 646 } 647 return (size); 648 } 649 650 static tmsize_t 651 TIFFReadRawStripOrTile2(TIFF* tif, uint32 strip_or_tile, int is_strip, 652 tmsize_t size, const char* module) 653 { 654 TIFFDirectory *td = &tif->tif_dir; 655 656 assert( !isMapped(tif) ); 657 assert((tif->tif_flags&TIFF_NOREADRAW)==0); 658 659 if (!SeekOK(tif, td->td_stripoffset[strip_or_tile])) { 660 if( is_strip ) 661 { 662 TIFFErrorExt(tif->tif_clientdata, module, 663 "Seek error at scanline %lu, strip %lu", 664 (unsigned long) tif->tif_row, 665 (unsigned long) strip_or_tile); 666 } 667 else 668 { 669 TIFFErrorExt(tif->tif_clientdata, module, 670 "Seek error at row %lu, col %lu, tile %lu", 671 (unsigned long) tif->tif_row, 672 (unsigned long) tif->tif_col, 673 (unsigned long) strip_or_tile); 674 } 675 return ((tmsize_t)(-1)); 676 } 677 678 if( !TIFFReadAndRealloc( tif, size, 0, is_strip, 679 strip_or_tile, module ) ) 680 { 681 return ((tmsize_t)(-1)); 682 } 683 684 return (size); 685 } 686 687 /* 688 * Read a strip of data from the file. 689 */ 690 tmsize_t 691 TIFFReadRawStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size) 692 { 693 static const char module[] = "TIFFReadRawStrip"; 694 TIFFDirectory *td = &tif->tif_dir; 695 uint64 bytecount; 696 tmsize_t bytecountm; 697 698 if (!TIFFCheckRead(tif, 0)) 699 return ((tmsize_t)(-1)); 700 if (strip >= td->td_nstrips) { 701 TIFFErrorExt(tif->tif_clientdata, module, 702 "%lu: Strip out of range, max %lu", 703 (unsigned long) strip, 704 (unsigned long) td->td_nstrips); 705 return ((tmsize_t)(-1)); 706 } 707 if (tif->tif_flags&TIFF_NOREADRAW) 708 { 709 TIFFErrorExt(tif->tif_clientdata, module, 710 "Compression scheme does not support access to raw uncompressed data"); 711 return ((tmsize_t)(-1)); 712 } 713 bytecount = td->td_stripbytecount[strip]; 714 if ((int64)bytecount <= 0) { 715 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 716 TIFFErrorExt(tif->tif_clientdata, module, 717 "%I64u: Invalid strip byte count, strip %lu", 718 (unsigned __int64) bytecount, 719 (unsigned long) strip); 720 #else 721 TIFFErrorExt(tif->tif_clientdata, module, 722 "%llu: Invalid strip byte count, strip %lu", 723 (unsigned long long) bytecount, 724 (unsigned long) strip); 725 #endif 726 return ((tmsize_t)(-1)); 727 } 728 bytecountm = (tmsize_t)bytecount; 729 if ((uint64)bytecountm!=bytecount) { 730 TIFFErrorExt(tif->tif_clientdata, module, "Integer overflow"); 731 return ((tmsize_t)(-1)); 732 } 733 if (size != (tmsize_t)(-1) && size < bytecountm) 734 bytecountm = size; 735 return (TIFFReadRawStrip1(tif, strip, buf, bytecountm, module)); 736 } 737 738 /* 739 * Read the specified strip and setup for decoding. The data buffer is 740 * expanded, as necessary, to hold the strip's data. 741 */ 742 int 743 TIFFFillStrip(TIFF* tif, uint32 strip) 744 { 745 static const char module[] = "TIFFFillStrip"; 746 TIFFDirectory *td = &tif->tif_dir; 747 748 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 749 return 0; 750 751 if ((tif->tif_flags&TIFF_NOREADRAW)==0) 752 { 753 uint64 bytecount = td->td_stripbytecount[strip]; 754 if ((int64)bytecount <= 0) { 755 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 756 TIFFErrorExt(tif->tif_clientdata, module, 757 "Invalid strip byte count %I64u, strip %lu", 758 (unsigned __int64) bytecount, 759 (unsigned long) strip); 760 #else 761 TIFFErrorExt(tif->tif_clientdata, module, 762 "Invalid strip byte count %llu, strip %lu", 763 (unsigned long long) bytecount, 764 (unsigned long) strip); 765 #endif 766 return (0); 767 } 768 769 /* To avoid excessive memory allocations: */ 770 /* Byte count should normally not be larger than a number of */ 771 /* times the uncompressed size plus some margin */ 772 if( bytecount > 1024 * 1024 ) 773 { 774 /* 10 and 4096 are just values that could be adjusted. */ 775 /* Hopefully they are safe enough for all codecs */ 776 tmsize_t stripsize = TIFFStripSize(tif); 777 if( stripsize != 0 && 778 (bytecount - 4096) / 10 > (uint64)stripsize ) 779 { 780 uint64 newbytecount = (uint64)stripsize * 10 + 4096; 781 if( (int64)newbytecount >= 0 ) 782 { 783 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 784 TIFFWarningExt(tif->tif_clientdata, module, 785 "Too large strip byte count %I64u, strip %lu. Limiting to %I64u", 786 (unsigned __int64) bytecount, 787 (unsigned long) strip, 788 (unsigned __int64) newbytecount); 789 #else 790 TIFFErrorExt(tif->tif_clientdata, module, 791 "Too large strip byte count %llu, strip %lu. Limiting to %llu", 792 (unsigned long long) bytecount, 793 (unsigned long) strip, 794 (unsigned long long) newbytecount); 795 #endif 796 bytecount = newbytecount; 797 } 798 } 799 } 800 801 if (isMapped(tif) && 802 (isFillOrder(tif, td->td_fillorder) 803 || (tif->tif_flags & TIFF_NOBITREV))) { 804 /* 805 * The image is mapped into memory and we either don't 806 * need to flip bits or the compression routine is 807 * going to handle this operation itself. In this 808 * case, avoid copying the raw data and instead just 809 * reference the data from the memory mapped file 810 * image. This assumes that the decompression 811 * routines do not modify the contents of the raw data 812 * buffer (if they try to, the application will get a 813 * fault since the file is mapped read-only). 814 */ 815 if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata) { 816 _TIFFfree(tif->tif_rawdata); 817 tif->tif_rawdata = NULL; 818 tif->tif_rawdatasize = 0; 819 } 820 tif->tif_flags &= ~TIFF_MYBUFFER; 821 /* 822 * We must check for overflow, potentially causing 823 * an OOB read. Instead of simple 824 * 825 * td->td_stripoffset[strip]+bytecount > tif->tif_size 826 * 827 * comparison (which can overflow) we do the following 828 * two comparisons: 829 */ 830 if (bytecount > (uint64)tif->tif_size || 831 td->td_stripoffset[strip] > (uint64)tif->tif_size - bytecount) { 832 /* 833 * This error message might seem strange, but 834 * it's what would happen if a read were done 835 * instead. 836 */ 837 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 838 TIFFErrorExt(tif->tif_clientdata, module, 839 840 "Read error on strip %lu; " 841 "got %I64u bytes, expected %I64u", 842 (unsigned long) strip, 843 (unsigned __int64) tif->tif_size - td->td_stripoffset[strip], 844 (unsigned __int64) bytecount); 845 #else 846 TIFFErrorExt(tif->tif_clientdata, module, 847 848 "Read error on strip %lu; " 849 "got %llu bytes, expected %llu", 850 (unsigned long) strip, 851 (unsigned long long) tif->tif_size - td->td_stripoffset[strip], 852 (unsigned long long) bytecount); 853 #endif 854 tif->tif_curstrip = NOSTRIP; 855 return (0); 856 } 857 tif->tif_rawdatasize = (tmsize_t)bytecount; 858 tif->tif_rawdata = tif->tif_base + (tmsize_t)td->td_stripoffset[strip]; 859 tif->tif_rawdataoff = 0; 860 tif->tif_rawdataloaded = (tmsize_t) bytecount; 861 862 /* 863 * When we have tif_rawdata reference directly into the memory mapped file 864 * we need to be pretty careful about how we use the rawdata. It is not 865 * a general purpose working buffer as it normally otherwise is. So we 866 * keep track of this fact to avoid using it improperly. 867 */ 868 tif->tif_flags |= TIFF_BUFFERMMAP; 869 } else { 870 /* 871 * Expand raw data buffer, if needed, to hold data 872 * strip coming from file (perhaps should set upper 873 * bound on the size of a buffer we'll use?). 874 */ 875 tmsize_t bytecountm; 876 bytecountm=(tmsize_t)bytecount; 877 if ((uint64)bytecountm!=bytecount) 878 { 879 TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 880 return(0); 881 } 882 if (bytecountm > tif->tif_rawdatasize) { 883 tif->tif_curstrip = NOSTRIP; 884 if ((tif->tif_flags & TIFF_MYBUFFER) == 0) { 885 TIFFErrorExt(tif->tif_clientdata, module, 886 "Data buffer too small to hold strip %lu", 887 (unsigned long) strip); 888 return (0); 889 } 890 } 891 if (tif->tif_flags&TIFF_BUFFERMMAP) { 892 tif->tif_curstrip = NOSTRIP; 893 tif->tif_rawdata = NULL; 894 tif->tif_rawdatasize = 0; 895 tif->tif_flags &= ~TIFF_BUFFERMMAP; 896 } 897 898 if( isMapped(tif) ) 899 { 900 if (bytecountm > tif->tif_rawdatasize && 901 !TIFFReadBufferSetup(tif, 0, bytecountm)) 902 { 903 return (0); 904 } 905 if (TIFFReadRawStrip1(tif, strip, tif->tif_rawdata, 906 bytecountm, module) != bytecountm) 907 { 908 return (0); 909 } 910 } 911 else 912 { 913 if (TIFFReadRawStripOrTile2(tif, strip, 1, 914 bytecountm, module) != bytecountm) 915 { 916 return (0); 917 } 918 } 919 920 921 tif->tif_rawdataoff = 0; 922 tif->tif_rawdataloaded = bytecountm; 923 924 if (!isFillOrder(tif, td->td_fillorder) && 925 (tif->tif_flags & TIFF_NOBITREV) == 0) 926 TIFFReverseBits(tif->tif_rawdata, bytecountm); 927 } 928 } 929 return (TIFFStartStrip(tif, strip)); 930 } 931 932 /* 933 * Tile-oriented Read Support 934 * Contributed by Nancy Cam (Silicon Graphics). 935 */ 936 937 /* 938 * Read and decompress a tile of data. The 939 * tile is selected by the (x,y,z,s) coordinates. 940 */ 941 tmsize_t 942 TIFFReadTile(TIFF* tif, void* buf, uint32 x, uint32 y, uint32 z, uint16 s) 943 { 944 if (!TIFFCheckRead(tif, 1) || !TIFFCheckTile(tif, x, y, z, s)) 945 return ((tmsize_t)(-1)); 946 return (TIFFReadEncodedTile(tif, 947 TIFFComputeTile(tif, x, y, z, s), buf, (tmsize_t)(-1))); 948 } 949 950 /* 951 * Read a tile of data and decompress the specified 952 * amount into the user-supplied buffer. 953 */ 954 tmsize_t 955 TIFFReadEncodedTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size) 956 { 957 static const char module[] = "TIFFReadEncodedTile"; 958 TIFFDirectory *td = &tif->tif_dir; 959 tmsize_t tilesize = tif->tif_tilesize; 960 961 if (!TIFFCheckRead(tif, 1)) 962 return ((tmsize_t)(-1)); 963 if (tile >= td->td_nstrips) { 964 TIFFErrorExt(tif->tif_clientdata, module, 965 "%lu: Tile out of range, max %lu", 966 (unsigned long) tile, (unsigned long) td->td_nstrips); 967 return ((tmsize_t)(-1)); 968 } 969 970 /* shortcut to avoid an extra memcpy() */ 971 if( td->td_compression == COMPRESSION_NONE && 972 size!=(tmsize_t)(-1) && size >= tilesize && 973 !isMapped(tif) && 974 ((tif->tif_flags&TIFF_NOREADRAW)==0) ) 975 { 976 if (TIFFReadRawTile1(tif, tile, buf, tilesize, module) != tilesize) 977 return ((tmsize_t)(-1)); 978 979 if (!isFillOrder(tif, td->td_fillorder) && 980 (tif->tif_flags & TIFF_NOBITREV) == 0) 981 TIFFReverseBits(buf,tilesize); 982 983 (*tif->tif_postdecode)(tif,buf,tilesize); 984 return (tilesize); 985 } 986 987 if (size == (tmsize_t)(-1)) 988 size = tilesize; 989 else if (size > tilesize) 990 size = tilesize; 991 if (TIFFFillTile(tif, tile) && (*tif->tif_decodetile)(tif, 992 (uint8*) buf, size, (uint16)(tile/td->td_stripsperimage))) { 993 (*tif->tif_postdecode)(tif, (uint8*) buf, size); 994 return (size); 995 } else 996 return ((tmsize_t)(-1)); 997 } 998 999 /* Variant of TIFFReadTile() that does 1000 * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has 1001 * suceeded. This avoid excessive memory allocation in case of truncated 1002 * file. 1003 * * calls regular TIFFReadEncodedTile() if *buf != NULL 1004 */ 1005 tmsize_t 1006 _TIFFReadTileAndAllocBuffer(TIFF* tif, 1007 void **buf, tmsize_t bufsizetoalloc, 1008 uint32 x, uint32 y, uint32 z, uint16 s) 1009 { 1010 if (!TIFFCheckRead(tif, 1) || !TIFFCheckTile(tif, x, y, z, s)) 1011 return ((tmsize_t)(-1)); 1012 return (_TIFFReadEncodedTileAndAllocBuffer(tif, 1013 TIFFComputeTile(tif, x, y, z, s), 1014 buf, bufsizetoalloc, 1015 (tmsize_t)(-1))); 1016 } 1017 1018 /* Variant of TIFFReadEncodedTile() that does 1019 * * if *buf == NULL, *buf = _TIFFmalloc(bufsizetoalloc) only after TIFFFillTile() has 1020 * suceeded. This avoid excessive memory allocation in case of truncated 1021 * file. 1022 * * calls regular TIFFReadEncodedTile() if *buf != NULL 1023 */ 1024 tmsize_t 1025 _TIFFReadEncodedTileAndAllocBuffer(TIFF* tif, uint32 tile, 1026 void **buf, tmsize_t bufsizetoalloc, 1027 tmsize_t size_to_read) 1028 { 1029 static const char module[] = "_TIFFReadEncodedTileAndAllocBuffer"; 1030 TIFFDirectory *td = &tif->tif_dir; 1031 tmsize_t tilesize = tif->tif_tilesize; 1032 1033 if( *buf != NULL ) 1034 { 1035 return TIFFReadEncodedTile(tif, tile, *buf, size_to_read); 1036 } 1037 1038 if (!TIFFCheckRead(tif, 1)) 1039 return ((tmsize_t)(-1)); 1040 if (tile >= td->td_nstrips) { 1041 TIFFErrorExt(tif->tif_clientdata, module, 1042 "%lu: Tile out of range, max %lu", 1043 (unsigned long) tile, (unsigned long) td->td_nstrips); 1044 return ((tmsize_t)(-1)); 1045 } 1046 1047 if (!TIFFFillTile(tif,tile)) 1048 return((tmsize_t)(-1)); 1049 1050 *buf = _TIFFmalloc(bufsizetoalloc); 1051 if (*buf == NULL) { 1052 TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), 1053 "No space for tile buffer"); 1054 return((tmsize_t)(-1)); 1055 } 1056 _TIFFmemset(*buf, 0, bufsizetoalloc); 1057 1058 if (size_to_read == (tmsize_t)(-1)) 1059 size_to_read = tilesize; 1060 else if (size_to_read > tilesize) 1061 size_to_read = tilesize; 1062 if( (*tif->tif_decodetile)(tif, 1063 (uint8*) *buf, size_to_read, (uint16)(tile/td->td_stripsperimage))) { 1064 (*tif->tif_postdecode)(tif, (uint8*) *buf, size_to_read); 1065 return (size_to_read); 1066 } else 1067 return ((tmsize_t)(-1)); 1068 } 1069 1070 1071 static tmsize_t 1072 TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* module) 1073 { 1074 TIFFDirectory *td = &tif->tif_dir; 1075 1076 if (!_TIFFFillStriles( tif )) 1077 return ((tmsize_t)(-1)); 1078 1079 assert((tif->tif_flags&TIFF_NOREADRAW)==0); 1080 if (!isMapped(tif)) { 1081 tmsize_t cc; 1082 1083 if (!SeekOK(tif, td->td_stripoffset[tile])) { 1084 TIFFErrorExt(tif->tif_clientdata, module, 1085 "Seek error at row %lu, col %lu, tile %lu", 1086 (unsigned long) tif->tif_row, 1087 (unsigned long) tif->tif_col, 1088 (unsigned long) tile); 1089 return ((tmsize_t)(-1)); 1090 } 1091 cc = TIFFReadFile(tif, buf, size); 1092 if (cc != size) { 1093 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 1094 TIFFErrorExt(tif->tif_clientdata, module, 1095 "Read error at row %lu, col %lu; got %I64u bytes, expected %I64u", 1096 (unsigned long) tif->tif_row, 1097 (unsigned long) tif->tif_col, 1098 (unsigned __int64) cc, 1099 (unsigned __int64) size); 1100 #else 1101 TIFFErrorExt(tif->tif_clientdata, module, 1102 "Read error at row %lu, col %lu; got %llu bytes, expected %llu", 1103 (unsigned long) tif->tif_row, 1104 (unsigned long) tif->tif_col, 1105 (unsigned long long) cc, 1106 (unsigned long long) size); 1107 #endif 1108 return ((tmsize_t)(-1)); 1109 } 1110 } else { 1111 tmsize_t ma,mb; 1112 tmsize_t n; 1113 ma=(tmsize_t)td->td_stripoffset[tile]; 1114 mb=ma+size; 1115 if ((td->td_stripoffset[tile] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size)) 1116 n=0; 1117 else if ((mb<ma)||(mb<size)||(mb>tif->tif_size)) 1118 n=tif->tif_size-ma; 1119 else 1120 n=size; 1121 if (n!=size) { 1122 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 1123 TIFFErrorExt(tif->tif_clientdata, module, 1124 "Read error at row %lu, col %lu, tile %lu; got %I64u bytes, expected %I64u", 1125 (unsigned long) tif->tif_row, 1126 (unsigned long) tif->tif_col, 1127 (unsigned long) tile, 1128 (unsigned __int64) n, 1129 (unsigned __int64) size); 1130 #else 1131 TIFFErrorExt(tif->tif_clientdata, module, 1132 "Read error at row %lu, col %lu, tile %lu; got %llu bytes, expected %llu", 1133 (unsigned long) tif->tif_row, 1134 (unsigned long) tif->tif_col, 1135 (unsigned long) tile, 1136 (unsigned long long) n, 1137 (unsigned long long) size); 1138 #endif 1139 return ((tmsize_t)(-1)); 1140 } 1141 _TIFFmemcpy(buf, tif->tif_base + ma, size); 1142 } 1143 return (size); 1144 } 1145 1146 /* 1147 * Read a tile of data from the file. 1148 */ 1149 tmsize_t 1150 TIFFReadRawTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size) 1151 { 1152 static const char module[] = "TIFFReadRawTile"; 1153 TIFFDirectory *td = &tif->tif_dir; 1154 uint64 bytecount64; 1155 tmsize_t bytecountm; 1156 1157 if (!TIFFCheckRead(tif, 1)) 1158 return ((tmsize_t)(-1)); 1159 if (tile >= td->td_nstrips) { 1160 TIFFErrorExt(tif->tif_clientdata, module, 1161 "%lu: Tile out of range, max %lu", 1162 (unsigned long) tile, (unsigned long) td->td_nstrips); 1163 return ((tmsize_t)(-1)); 1164 } 1165 if (tif->tif_flags&TIFF_NOREADRAW) 1166 { 1167 TIFFErrorExt(tif->tif_clientdata, module, 1168 "Compression scheme does not support access to raw uncompressed data"); 1169 return ((tmsize_t)(-1)); 1170 } 1171 bytecount64 = td->td_stripbytecount[tile]; 1172 if (size != (tmsize_t)(-1) && (uint64)size < bytecount64) 1173 bytecount64 = (uint64)size; 1174 bytecountm = (tmsize_t)bytecount64; 1175 if ((uint64)bytecountm!=bytecount64) 1176 { 1177 TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 1178 return ((tmsize_t)(-1)); 1179 } 1180 return (TIFFReadRawTile1(tif, tile, buf, bytecountm, module)); 1181 } 1182 1183 /* 1184 * Read the specified tile and setup for decoding. The data buffer is 1185 * expanded, as necessary, to hold the tile's data. 1186 */ 1187 int 1188 TIFFFillTile(TIFF* tif, uint32 tile) 1189 { 1190 static const char module[] = "TIFFFillTile"; 1191 TIFFDirectory *td = &tif->tif_dir; 1192 1193 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 1194 return 0; 1195 1196 if ((tif->tif_flags&TIFF_NOREADRAW)==0) 1197 { 1198 uint64 bytecount = td->td_stripbytecount[tile]; 1199 if ((int64)bytecount <= 0) { 1200 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 1201 TIFFErrorExt(tif->tif_clientdata, module, 1202 "%I64u: Invalid tile byte count, tile %lu", 1203 (unsigned __int64) bytecount, 1204 (unsigned long) tile); 1205 #else 1206 TIFFErrorExt(tif->tif_clientdata, module, 1207 "%llu: Invalid tile byte count, tile %lu", 1208 (unsigned long long) bytecount, 1209 (unsigned long) tile); 1210 #endif 1211 return (0); 1212 } 1213 if (isMapped(tif) && 1214 (isFillOrder(tif, td->td_fillorder) 1215 || (tif->tif_flags & TIFF_NOBITREV))) { 1216 /* 1217 * The image is mapped into memory and we either don't 1218 * need to flip bits or the compression routine is 1219 * going to handle this operation itself. In this 1220 * case, avoid copying the raw data and instead just 1221 * reference the data from the memory mapped file 1222 * image. This assumes that the decompression 1223 * routines do not modify the contents of the raw data 1224 * buffer (if they try to, the application will get a 1225 * fault since the file is mapped read-only). 1226 */ 1227 if ((tif->tif_flags & TIFF_MYBUFFER) && tif->tif_rawdata) { 1228 _TIFFfree(tif->tif_rawdata); 1229 tif->tif_rawdata = NULL; 1230 tif->tif_rawdatasize = 0; 1231 } 1232 tif->tif_flags &= ~TIFF_MYBUFFER; 1233 /* 1234 * We must check for overflow, potentially causing 1235 * an OOB read. Instead of simple 1236 * 1237 * td->td_stripoffset[tile]+bytecount > tif->tif_size 1238 * 1239 * comparison (which can overflow) we do the following 1240 * two comparisons: 1241 */ 1242 if (bytecount > (uint64)tif->tif_size || 1243 td->td_stripoffset[tile] > (uint64)tif->tif_size - bytecount) { 1244 tif->tif_curtile = NOTILE; 1245 return (0); 1246 } 1247 tif->tif_rawdatasize = (tmsize_t)bytecount; 1248 tif->tif_rawdata = 1249 tif->tif_base + (tmsize_t)td->td_stripoffset[tile]; 1250 tif->tif_rawdataoff = 0; 1251 tif->tif_rawdataloaded = (tmsize_t) bytecount; 1252 tif->tif_flags |= TIFF_BUFFERMMAP; 1253 } else { 1254 /* 1255 * Expand raw data buffer, if needed, to hold data 1256 * tile coming from file (perhaps should set upper 1257 * bound on the size of a buffer we'll use?). 1258 */ 1259 tmsize_t bytecountm; 1260 bytecountm=(tmsize_t)bytecount; 1261 if ((uint64)bytecountm!=bytecount) 1262 { 1263 TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 1264 return(0); 1265 } 1266 if (bytecountm > tif->tif_rawdatasize) { 1267 tif->tif_curtile = NOTILE; 1268 if ((tif->tif_flags & TIFF_MYBUFFER) == 0) { 1269 TIFFErrorExt(tif->tif_clientdata, module, 1270 "Data buffer too small to hold tile %lu", 1271 (unsigned long) tile); 1272 return (0); 1273 } 1274 } 1275 if (tif->tif_flags&TIFF_BUFFERMMAP) { 1276 tif->tif_curtile = NOTILE; 1277 tif->tif_rawdata = NULL; 1278 tif->tif_rawdatasize = 0; 1279 tif->tif_flags &= ~TIFF_BUFFERMMAP; 1280 } 1281 1282 if( isMapped(tif) ) 1283 { 1284 if (bytecountm > tif->tif_rawdatasize && 1285 !TIFFReadBufferSetup(tif, 0, bytecountm)) 1286 { 1287 return (0); 1288 } 1289 if (TIFFReadRawTile1(tif, tile, tif->tif_rawdata, 1290 bytecountm, module) != bytecountm) 1291 { 1292 return (0); 1293 } 1294 } 1295 else 1296 { 1297 if (TIFFReadRawStripOrTile2(tif, tile, 0, 1298 bytecountm, module) != bytecountm) 1299 { 1300 return (0); 1301 } 1302 } 1303 1304 1305 tif->tif_rawdataoff = 0; 1306 tif->tif_rawdataloaded = bytecountm; 1307 1308 if (!isFillOrder(tif, td->td_fillorder) && 1309 (tif->tif_flags & TIFF_NOBITREV) == 0) 1310 TIFFReverseBits(tif->tif_rawdata, 1311 tif->tif_rawdataloaded); 1312 } 1313 } 1314 return (TIFFStartTile(tif, tile)); 1315 } 1316 1317 /* 1318 * Setup the raw data buffer in preparation for 1319 * reading a strip of raw data. If the buffer 1320 * is specified as zero, then a buffer of appropriate 1321 * size is allocated by the library. Otherwise, 1322 * the client must guarantee that the buffer is 1323 * large enough to hold any individual strip of 1324 * raw data. 1325 */ 1326 int 1327 TIFFReadBufferSetup(TIFF* tif, void* bp, tmsize_t size) 1328 { 1329 static const char module[] = "TIFFReadBufferSetup"; 1330 1331 assert((tif->tif_flags&TIFF_NOREADRAW)==0); 1332 tif->tif_flags &= ~TIFF_BUFFERMMAP; 1333 1334 if (tif->tif_rawdata) { 1335 if (tif->tif_flags & TIFF_MYBUFFER) 1336 _TIFFfree(tif->tif_rawdata); 1337 tif->tif_rawdata = NULL; 1338 tif->tif_rawdatasize = 0; 1339 } 1340 if (bp) { 1341 tif->tif_rawdatasize = size; 1342 tif->tif_rawdata = (uint8*) bp; 1343 tif->tif_flags &= ~TIFF_MYBUFFER; 1344 } else { 1345 tif->tif_rawdatasize = (tmsize_t)TIFFroundup_64((uint64)size, 1024); 1346 if (tif->tif_rawdatasize==0) { 1347 TIFFErrorExt(tif->tif_clientdata, module, 1348 "Invalid buffer size"); 1349 return (0); 1350 } 1351 /* Initialize to zero to avoid uninitialized buffers in case of */ 1352 /* short reads (http://bugzilla.maptools.org/show_bug.cgi?id=2651) */ 1353 tif->tif_rawdata = (uint8*) _TIFFcalloc(1, tif->tif_rawdatasize); 1354 tif->tif_flags |= TIFF_MYBUFFER; 1355 } 1356 if (tif->tif_rawdata == NULL) { 1357 TIFFErrorExt(tif->tif_clientdata, module, 1358 "No space for data buffer at scanline %lu", 1359 (unsigned long) tif->tif_row); 1360 tif->tif_rawdatasize = 0; 1361 return (0); 1362 } 1363 return (1); 1364 } 1365 1366 /* 1367 * Set state to appear as if a 1368 * strip has just been read in. 1369 */ 1370 static int 1371 TIFFStartStrip(TIFF* tif, uint32 strip) 1372 { 1373 TIFFDirectory *td = &tif->tif_dir; 1374 1375 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 1376 return 0; 1377 1378 if ((tif->tif_flags & TIFF_CODERSETUP) == 0) { 1379 if (!(*tif->tif_setupdecode)(tif)) 1380 return (0); 1381 tif->tif_flags |= TIFF_CODERSETUP; 1382 } 1383 tif->tif_curstrip = strip; 1384 tif->tif_row = (strip % td->td_stripsperimage) * td->td_rowsperstrip; 1385 tif->tif_flags &= ~TIFF_BUF4WRITE; 1386 1387 if (tif->tif_flags&TIFF_NOREADRAW) 1388 { 1389 tif->tif_rawcp = NULL; 1390 tif->tif_rawcc = 0; 1391 } 1392 else 1393 { 1394 tif->tif_rawcp = tif->tif_rawdata; 1395 if( tif->tif_rawdataloaded > 0 ) 1396 tif->tif_rawcc = tif->tif_rawdataloaded; 1397 else 1398 tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[strip]; 1399 } 1400 return ((*tif->tif_predecode)(tif, 1401 (uint16)(strip / td->td_stripsperimage))); 1402 } 1403 1404 /* 1405 * Set state to appear as if a 1406 * tile has just been read in. 1407 */ 1408 static int 1409 TIFFStartTile(TIFF* tif, uint32 tile) 1410 { 1411 static const char module[] = "TIFFStartTile"; 1412 TIFFDirectory *td = &tif->tif_dir; 1413 uint32 howmany32; 1414 1415 if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 1416 return 0; 1417 1418 if ((tif->tif_flags & TIFF_CODERSETUP) == 0) { 1419 if (!(*tif->tif_setupdecode)(tif)) 1420 return (0); 1421 tif->tif_flags |= TIFF_CODERSETUP; 1422 } 1423 tif->tif_curtile = tile; 1424 howmany32=TIFFhowmany_32(td->td_imagewidth, td->td_tilewidth); 1425 if (howmany32 == 0) { 1426 TIFFErrorExt(tif->tif_clientdata,module,"Zero tiles"); 1427 return 0; 1428 } 1429 tif->tif_row = (tile % howmany32) * td->td_tilelength; 1430 howmany32=TIFFhowmany_32(td->td_imagelength, td->td_tilelength); 1431 if (howmany32 == 0) { 1432 TIFFErrorExt(tif->tif_clientdata,module,"Zero tiles"); 1433 return 0; 1434 } 1435 tif->tif_col = (tile % howmany32) * td->td_tilewidth; 1436 tif->tif_flags &= ~TIFF_BUF4WRITE; 1437 if (tif->tif_flags&TIFF_NOREADRAW) 1438 { 1439 tif->tif_rawcp = NULL; 1440 tif->tif_rawcc = 0; 1441 } 1442 else 1443 { 1444 tif->tif_rawcp = tif->tif_rawdata; 1445 tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[tile]; 1446 } 1447 return ((*tif->tif_predecode)(tif, 1448 (uint16)(tile/td->td_stripsperimage))); 1449 } 1450 1451 static int 1452 TIFFCheckRead(TIFF* tif, int tiles) 1453 { 1454 if (tif->tif_mode == O_WRONLY) { 1455 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "File not open for reading"); 1456 return (0); 1457 } 1458 if (tiles ^ isTiled(tif)) { 1459 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, tiles ? 1460 "Can not read tiles from a stripped image" : 1461 "Can not read scanlines from a tiled image"); 1462 return (0); 1463 } 1464 return (1); 1465 } 1466 1467 void 1468 _TIFFNoPostDecode(TIFF* tif, uint8* buf, tmsize_t cc) 1469 { 1470 (void) tif; (void) buf; (void) cc; 1471 } 1472 1473 void 1474 _TIFFSwab16BitData(TIFF* tif, uint8* buf, tmsize_t cc) 1475 { 1476 (void) tif; 1477 assert((cc & 1) == 0); 1478 TIFFSwabArrayOfShort((uint16*) buf, cc/2); 1479 } 1480 1481 void 1482 _TIFFSwab24BitData(TIFF* tif, uint8* buf, tmsize_t cc) 1483 { 1484 (void) tif; 1485 assert((cc % 3) == 0); 1486 TIFFSwabArrayOfTriples((uint8*) buf, cc/3); 1487 } 1488 1489 void 1490 _TIFFSwab32BitData(TIFF* tif, uint8* buf, tmsize_t cc) 1491 { 1492 (void) tif; 1493 assert((cc & 3) == 0); 1494 TIFFSwabArrayOfLong((uint32*) buf, cc/4); 1495 } 1496 1497 void 1498 _TIFFSwab64BitData(TIFF* tif, uint8* buf, tmsize_t cc) 1499 { 1500 (void) tif; 1501 assert((cc & 7) == 0); 1502 TIFFSwabArrayOfDouble((double*) buf, cc/8); 1503 } 1504 1505 /* vim: set ts=8 sts=8 sw=8 noet: */ 1506 /* 1507 * Local Variables: 1508 * mode: c 1509 * c-basic-offset: 8 1510 * fill-column: 78 1511 * End: 1512 */ 1513
