1 /* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */
2
3 /*
4 * Copyright (c) 1988-1997 Sam Leffler
5 * Copyright (c) 1991-1997 Silicon Graphics, Inc.
6 *
7 * Permission to use, copy, modify, distribute, and sell this software and
8 * its documentation for any purpose is hereby granted without fee, provided
9 * that (i) the above copyright notices and this permission notice appear in
10 * all copies of the software and related documentation, and (ii) the names of
11 * Sam Leffler and Silicon Graphics may not be used in any advertising or
12 * publicity relating to the software without the specific, prior written
13 * permission of Sam Leffler and Silicon Graphics.
14 *
15 * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY
17 * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
18 *
19 * IN NO EVENT SHALL SAM LEFFLER OR SILICON GRAPHICS BE LIABLE FOR
20 * ANY SPECIAL, INCIDENTAL, INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND,
21 * OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
22 * WHETHER OR NOT ADVISED OF THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF
23 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
24 * OF THIS SOFTWARE.
25 */
26
27 /*
28 * TIFF Library.
29 *
30 * Directory Read Support Routines.
31 */
32
33 /* Suggested pending improvements:
34 * - add a field 'ignore' to the TIFFDirEntry structure, to flag status,
35 * eliminating current use of the IGNORE value, and therefore eliminating
36 * current irrational behaviour on tags with tag id code 0
37 * - add a field 'field_info' to the TIFFDirEntry structure, and set that with
38 * the pointer to the appropriate TIFFField structure early on in
39 * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup.
40 */
41
42 #include "tiffiop.h"
43
44 #define IGNORE 0 /* tag placeholder used below */
45 #define FAILED_FII ((uint32) -1)
46
47 #ifdef HAVE_IEEEFP
48 # define TIFFCvtIEEEFloatToNative(tif, n, fp)
49 # define TIFFCvtIEEEDoubleToNative(tif, n, dp)
50 #else
51 extern void TIFFCvtIEEEFloatToNative(TIFF*, uint32, float*);
52 extern void TIFFCvtIEEEDoubleToNative(TIFF*, uint32, double*);
53 #endif
54
55 enum TIFFReadDirEntryErr {
56 TIFFReadDirEntryErrOk = 0,
57 TIFFReadDirEntryErrCount = 1,
58 TIFFReadDirEntryErrType = 2,
59 TIFFReadDirEntryErrIo = 3,
60 TIFFReadDirEntryErrRange = 4,
61 TIFFReadDirEntryErrPsdif = 5,
62 TIFFReadDirEntryErrSizesan = 6,
63 TIFFReadDirEntryErrAlloc = 7,
64 };
65
66 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
67 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
68 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
69 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
70 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
71 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
72 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
73
74 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value);
75 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value);
76 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value);
77 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value);
78 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value);
79 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value);
80 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value);
81 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
82 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value);
83 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value);
84 static enum TIFFReadDirEntryErr TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value);
85 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value);
86
87 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
88 #if 0
89 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
90 #endif
91
92 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value);
93 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value);
94 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value);
95 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value);
96 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value);
97 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value);
98 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value);
99 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value);
100 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value);
101 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value);
102 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value);
103 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value);
104
105 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value);
106 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value);
107 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value);
108 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value);
109 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value);
110 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value);
111 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value);
112
113 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value);
114 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value);
115 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value);
116 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value);
117 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value);
118 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value);
119 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value);
120
121 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value);
122 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value);
123 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value);
124 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value);
125 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value);
126 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value);
127
128 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value);
129 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value);
130 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value);
131 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value);
132 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value);
133
134 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value);
135 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value);
136 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value);
137 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongLong8(uint64 value);
138 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong8(int64 value);
139
140 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong(uint32 value);
141 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongLong8(uint64 value);
142 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlongSlong8(int64 value);
143
144 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value);
145 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Sshort(int16 value);
146 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong(int32 value);
147 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLong8Slong8(int64 value);
148
149 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value);
150
151 static enum TIFFReadDirEntryErr TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest);
152 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover);
153
154 static void TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
155 static TIFFDirEntry* TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid);
156 static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii);
157
158 static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount);
159 static void MissingRequired(TIFF*, const char*);
160 static int TIFFCheckDirOffset(TIFF* tif, uint64 diroff);
161 static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32);
162 static uint16 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir, uint64* nextdiroff);
163 static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover);
164 static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp);
165 static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*);
166 static void ChopUpSingleUncompressedStrip(TIFF*);
167 static uint64 TIFFReadUInt64(const uint8 *value);
168
169 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount );
170
171 typedef union _UInt64Aligned_t
172 {
173 double d;
174 uint64 l;
175 uint32 i[2];
176 uint16 s[4];
177 uint8 c[8];
178 } UInt64Aligned_t;
179
180 /*
181 Unaligned safe copy of a uint64 value from an octet array.
182 */
TIFFReadUInt64(const uint8 * value)183 static uint64 TIFFReadUInt64(const uint8 *value)
184 {
185 UInt64Aligned_t result;
186
187 result.c[0]=value[0];
188 result.c[1]=value[1];
189 result.c[2]=value[2];
190 result.c[3]=value[3];
191 result.c[4]=value[4];
192 result.c[5]=value[5];
193 result.c[6]=value[6];
194 result.c[7]=value[7];
195
196 return result.l;
197 }
198
TIFFReadDirEntryByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)199 static enum TIFFReadDirEntryErr TIFFReadDirEntryByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
200 {
201 enum TIFFReadDirEntryErr err;
202 if (direntry->tdir_count!=1)
203 return(TIFFReadDirEntryErrCount);
204 switch (direntry->tdir_type)
205 {
206 case TIFF_BYTE:
207 TIFFReadDirEntryCheckedByte(tif,direntry,value);
208 return(TIFFReadDirEntryErrOk);
209 case TIFF_SBYTE:
210 {
211 int8 m;
212 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
213 err=TIFFReadDirEntryCheckRangeByteSbyte(m);
214 if (err!=TIFFReadDirEntryErrOk)
215 return(err);
216 *value=(uint8)m;
217 return(TIFFReadDirEntryErrOk);
218 }
219 case TIFF_SHORT:
220 {
221 uint16 m;
222 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
223 err=TIFFReadDirEntryCheckRangeByteShort(m);
224 if (err!=TIFFReadDirEntryErrOk)
225 return(err);
226 *value=(uint8)m;
227 return(TIFFReadDirEntryErrOk);
228 }
229 case TIFF_SSHORT:
230 {
231 int16 m;
232 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
233 err=TIFFReadDirEntryCheckRangeByteSshort(m);
234 if (err!=TIFFReadDirEntryErrOk)
235 return(err);
236 *value=(uint8)m;
237 return(TIFFReadDirEntryErrOk);
238 }
239 case TIFF_LONG:
240 {
241 uint32 m;
242 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
243 err=TIFFReadDirEntryCheckRangeByteLong(m);
244 if (err!=TIFFReadDirEntryErrOk)
245 return(err);
246 *value=(uint8)m;
247 return(TIFFReadDirEntryErrOk);
248 }
249 case TIFF_SLONG:
250 {
251 int32 m;
252 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
253 err=TIFFReadDirEntryCheckRangeByteSlong(m);
254 if (err!=TIFFReadDirEntryErrOk)
255 return(err);
256 *value=(uint8)m;
257 return(TIFFReadDirEntryErrOk);
258 }
259 case TIFF_LONG8:
260 {
261 uint64 m;
262 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
263 if (err!=TIFFReadDirEntryErrOk)
264 return(err);
265 err=TIFFReadDirEntryCheckRangeByteLong8(m);
266 if (err!=TIFFReadDirEntryErrOk)
267 return(err);
268 *value=(uint8)m;
269 return(TIFFReadDirEntryErrOk);
270 }
271 case TIFF_SLONG8:
272 {
273 int64 m;
274 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
275 if (err!=TIFFReadDirEntryErrOk)
276 return(err);
277 err=TIFFReadDirEntryCheckRangeByteSlong8(m);
278 if (err!=TIFFReadDirEntryErrOk)
279 return(err);
280 *value=(uint8)m;
281 return(TIFFReadDirEntryErrOk);
282 }
283 default:
284 return(TIFFReadDirEntryErrType);
285 }
286 }
287
TIFFReadDirEntryShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)288 static enum TIFFReadDirEntryErr TIFFReadDirEntryShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
289 {
290 enum TIFFReadDirEntryErr err;
291 if (direntry->tdir_count!=1)
292 return(TIFFReadDirEntryErrCount);
293 switch (direntry->tdir_type)
294 {
295 case TIFF_BYTE:
296 {
297 uint8 m;
298 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
299 *value=(uint16)m;
300 return(TIFFReadDirEntryErrOk);
301 }
302 case TIFF_SBYTE:
303 {
304 int8 m;
305 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
306 err=TIFFReadDirEntryCheckRangeShortSbyte(m);
307 if (err!=TIFFReadDirEntryErrOk)
308 return(err);
309 *value=(uint16)m;
310 return(TIFFReadDirEntryErrOk);
311 }
312 case TIFF_SHORT:
313 TIFFReadDirEntryCheckedShort(tif,direntry,value);
314 return(TIFFReadDirEntryErrOk);
315 case TIFF_SSHORT:
316 {
317 int16 m;
318 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
319 err=TIFFReadDirEntryCheckRangeShortSshort(m);
320 if (err!=TIFFReadDirEntryErrOk)
321 return(err);
322 *value=(uint16)m;
323 return(TIFFReadDirEntryErrOk);
324 }
325 case TIFF_LONG:
326 {
327 uint32 m;
328 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
329 err=TIFFReadDirEntryCheckRangeShortLong(m);
330 if (err!=TIFFReadDirEntryErrOk)
331 return(err);
332 *value=(uint16)m;
333 return(TIFFReadDirEntryErrOk);
334 }
335 case TIFF_SLONG:
336 {
337 int32 m;
338 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
339 err=TIFFReadDirEntryCheckRangeShortSlong(m);
340 if (err!=TIFFReadDirEntryErrOk)
341 return(err);
342 *value=(uint16)m;
343 return(TIFFReadDirEntryErrOk);
344 }
345 case TIFF_LONG8:
346 {
347 uint64 m;
348 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
349 if (err!=TIFFReadDirEntryErrOk)
350 return(err);
351 err=TIFFReadDirEntryCheckRangeShortLong8(m);
352 if (err!=TIFFReadDirEntryErrOk)
353 return(err);
354 *value=(uint16)m;
355 return(TIFFReadDirEntryErrOk);
356 }
357 case TIFF_SLONG8:
358 {
359 int64 m;
360 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
361 if (err!=TIFFReadDirEntryErrOk)
362 return(err);
363 err=TIFFReadDirEntryCheckRangeShortSlong8(m);
364 if (err!=TIFFReadDirEntryErrOk)
365 return(err);
366 *value=(uint16)m;
367 return(TIFFReadDirEntryErrOk);
368 }
369 default:
370 return(TIFFReadDirEntryErrType);
371 }
372 }
373
TIFFReadDirEntryLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)374 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
375 {
376 enum TIFFReadDirEntryErr err;
377 if (direntry->tdir_count!=1)
378 return(TIFFReadDirEntryErrCount);
379 switch (direntry->tdir_type)
380 {
381 case TIFF_BYTE:
382 {
383 uint8 m;
384 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
385 *value=(uint32)m;
386 return(TIFFReadDirEntryErrOk);
387 }
388 case TIFF_SBYTE:
389 {
390 int8 m;
391 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
392 err=TIFFReadDirEntryCheckRangeLongSbyte(m);
393 if (err!=TIFFReadDirEntryErrOk)
394 return(err);
395 *value=(uint32)m;
396 return(TIFFReadDirEntryErrOk);
397 }
398 case TIFF_SHORT:
399 {
400 uint16 m;
401 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
402 *value=(uint32)m;
403 return(TIFFReadDirEntryErrOk);
404 }
405 case TIFF_SSHORT:
406 {
407 int16 m;
408 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
409 err=TIFFReadDirEntryCheckRangeLongSshort(m);
410 if (err!=TIFFReadDirEntryErrOk)
411 return(err);
412 *value=(uint32)m;
413 return(TIFFReadDirEntryErrOk);
414 }
415 case TIFF_LONG:
416 TIFFReadDirEntryCheckedLong(tif,direntry,value);
417 return(TIFFReadDirEntryErrOk);
418 case TIFF_SLONG:
419 {
420 int32 m;
421 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
422 err=TIFFReadDirEntryCheckRangeLongSlong(m);
423 if (err!=TIFFReadDirEntryErrOk)
424 return(err);
425 *value=(uint32)m;
426 return(TIFFReadDirEntryErrOk);
427 }
428 case TIFF_LONG8:
429 {
430 uint64 m;
431 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
432 if (err!=TIFFReadDirEntryErrOk)
433 return(err);
434 err=TIFFReadDirEntryCheckRangeLongLong8(m);
435 if (err!=TIFFReadDirEntryErrOk)
436 return(err);
437 *value=(uint32)m;
438 return(TIFFReadDirEntryErrOk);
439 }
440 case TIFF_SLONG8:
441 {
442 int64 m;
443 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
444 if (err!=TIFFReadDirEntryErrOk)
445 return(err);
446 err=TIFFReadDirEntryCheckRangeLongSlong8(m);
447 if (err!=TIFFReadDirEntryErrOk)
448 return(err);
449 *value=(uint32)m;
450 return(TIFFReadDirEntryErrOk);
451 }
452 default:
453 return(TIFFReadDirEntryErrType);
454 }
455 }
456
TIFFReadDirEntryLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)457 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
458 {
459 enum TIFFReadDirEntryErr err;
460 if (direntry->tdir_count!=1)
461 return(TIFFReadDirEntryErrCount);
462 switch (direntry->tdir_type)
463 {
464 case TIFF_BYTE:
465 {
466 uint8 m;
467 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
468 *value=(uint64)m;
469 return(TIFFReadDirEntryErrOk);
470 }
471 case TIFF_SBYTE:
472 {
473 int8 m;
474 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
475 err=TIFFReadDirEntryCheckRangeLong8Sbyte(m);
476 if (err!=TIFFReadDirEntryErrOk)
477 return(err);
478 *value=(uint64)m;
479 return(TIFFReadDirEntryErrOk);
480 }
481 case TIFF_SHORT:
482 {
483 uint16 m;
484 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
485 *value=(uint64)m;
486 return(TIFFReadDirEntryErrOk);
487 }
488 case TIFF_SSHORT:
489 {
490 int16 m;
491 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
492 err=TIFFReadDirEntryCheckRangeLong8Sshort(m);
493 if (err!=TIFFReadDirEntryErrOk)
494 return(err);
495 *value=(uint64)m;
496 return(TIFFReadDirEntryErrOk);
497 }
498 case TIFF_LONG:
499 {
500 uint32 m;
501 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
502 *value=(uint64)m;
503 return(TIFFReadDirEntryErrOk);
504 }
505 case TIFF_SLONG:
506 {
507 int32 m;
508 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
509 err=TIFFReadDirEntryCheckRangeLong8Slong(m);
510 if (err!=TIFFReadDirEntryErrOk)
511 return(err);
512 *value=(uint64)m;
513 return(TIFFReadDirEntryErrOk);
514 }
515 case TIFF_LONG8:
516 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
517 return(err);
518 case TIFF_SLONG8:
519 {
520 int64 m;
521 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
522 if (err!=TIFFReadDirEntryErrOk)
523 return(err);
524 err=TIFFReadDirEntryCheckRangeLong8Slong8(m);
525 if (err!=TIFFReadDirEntryErrOk)
526 return(err);
527 *value=(uint64)m;
528 return(TIFFReadDirEntryErrOk);
529 }
530 default:
531 return(TIFFReadDirEntryErrType);
532 }
533 }
534
TIFFReadDirEntryFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)535 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
536 {
537 enum TIFFReadDirEntryErr err;
538 if (direntry->tdir_count!=1)
539 return(TIFFReadDirEntryErrCount);
540 switch (direntry->tdir_type)
541 {
542 case TIFF_BYTE:
543 {
544 uint8 m;
545 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
546 *value=(float)m;
547 return(TIFFReadDirEntryErrOk);
548 }
549 case TIFF_SBYTE:
550 {
551 int8 m;
552 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
553 *value=(float)m;
554 return(TIFFReadDirEntryErrOk);
555 }
556 case TIFF_SHORT:
557 {
558 uint16 m;
559 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
560 *value=(float)m;
561 return(TIFFReadDirEntryErrOk);
562 }
563 case TIFF_SSHORT:
564 {
565 int16 m;
566 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
567 *value=(float)m;
568 return(TIFFReadDirEntryErrOk);
569 }
570 case TIFF_LONG:
571 {
572 uint32 m;
573 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
574 *value=(float)m;
575 return(TIFFReadDirEntryErrOk);
576 }
577 case TIFF_SLONG:
578 {
579 int32 m;
580 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
581 *value=(float)m;
582 return(TIFFReadDirEntryErrOk);
583 }
584 case TIFF_LONG8:
585 {
586 uint64 m;
587 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
588 if (err!=TIFFReadDirEntryErrOk)
589 return(err);
590 #if defined(__WIN32__) && (_MSC_VER < 1500)
591 /*
592 * XXX: MSVC 6.0 does not support conversion
593 * of 64-bit integers into floating point
594 * values.
595 */
596 *value = _TIFFUInt64ToFloat(m);
597 #else
598 *value=(float)m;
599 #endif
600 return(TIFFReadDirEntryErrOk);
601 }
602 case TIFF_SLONG8:
603 {
604 int64 m;
605 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
606 if (err!=TIFFReadDirEntryErrOk)
607 return(err);
608 *value=(float)m;
609 return(TIFFReadDirEntryErrOk);
610 }
611 case TIFF_RATIONAL:
612 {
613 double m;
614 err=TIFFReadDirEntryCheckedRational(tif,direntry,&m);
615 if (err!=TIFFReadDirEntryErrOk)
616 return(err);
617 *value=(float)m;
618 return(TIFFReadDirEntryErrOk);
619 }
620 case TIFF_SRATIONAL:
621 {
622 double m;
623 err=TIFFReadDirEntryCheckedSrational(tif,direntry,&m);
624 if (err!=TIFFReadDirEntryErrOk)
625 return(err);
626 *value=(float)m;
627 return(TIFFReadDirEntryErrOk);
628 }
629 case TIFF_FLOAT:
630 TIFFReadDirEntryCheckedFloat(tif,direntry,value);
631 return(TIFFReadDirEntryErrOk);
632 case TIFF_DOUBLE:
633 {
634 double m;
635 err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m);
636 if (err!=TIFFReadDirEntryErrOk)
637 return(err);
638 *value=(float)m;
639 return(TIFFReadDirEntryErrOk);
640 }
641 default:
642 return(TIFFReadDirEntryErrType);
643 }
644 }
645
TIFFReadDirEntryDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)646 static enum TIFFReadDirEntryErr TIFFReadDirEntryDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
647 {
648 enum TIFFReadDirEntryErr err;
649 if (direntry->tdir_count!=1)
650 return(TIFFReadDirEntryErrCount);
651 switch (direntry->tdir_type)
652 {
653 case TIFF_BYTE:
654 {
655 uint8 m;
656 TIFFReadDirEntryCheckedByte(tif,direntry,&m);
657 *value=(double)m;
658 return(TIFFReadDirEntryErrOk);
659 }
660 case TIFF_SBYTE:
661 {
662 int8 m;
663 TIFFReadDirEntryCheckedSbyte(tif,direntry,&m);
664 *value=(double)m;
665 return(TIFFReadDirEntryErrOk);
666 }
667 case TIFF_SHORT:
668 {
669 uint16 m;
670 TIFFReadDirEntryCheckedShort(tif,direntry,&m);
671 *value=(double)m;
672 return(TIFFReadDirEntryErrOk);
673 }
674 case TIFF_SSHORT:
675 {
676 int16 m;
677 TIFFReadDirEntryCheckedSshort(tif,direntry,&m);
678 *value=(double)m;
679 return(TIFFReadDirEntryErrOk);
680 }
681 case TIFF_LONG:
682 {
683 uint32 m;
684 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
685 *value=(double)m;
686 return(TIFFReadDirEntryErrOk);
687 }
688 case TIFF_SLONG:
689 {
690 int32 m;
691 TIFFReadDirEntryCheckedSlong(tif,direntry,&m);
692 *value=(double)m;
693 return(TIFFReadDirEntryErrOk);
694 }
695 case TIFF_LONG8:
696 {
697 uint64 m;
698 err=TIFFReadDirEntryCheckedLong8(tif,direntry,&m);
699 if (err!=TIFFReadDirEntryErrOk)
700 return(err);
701 #if defined(__WIN32__) && (_MSC_VER < 1500)
702 /*
703 * XXX: MSVC 6.0 does not support conversion
704 * of 64-bit integers into floating point
705 * values.
706 */
707 *value = _TIFFUInt64ToDouble(m);
708 #else
709 *value = (double)m;
710 #endif
711 return(TIFFReadDirEntryErrOk);
712 }
713 case TIFF_SLONG8:
714 {
715 int64 m;
716 err=TIFFReadDirEntryCheckedSlong8(tif,direntry,&m);
717 if (err!=TIFFReadDirEntryErrOk)
718 return(err);
719 *value=(double)m;
720 return(TIFFReadDirEntryErrOk);
721 }
722 case TIFF_RATIONAL:
723 err=TIFFReadDirEntryCheckedRational(tif,direntry,value);
724 return(err);
725 case TIFF_SRATIONAL:
726 err=TIFFReadDirEntryCheckedSrational(tif,direntry,value);
727 return(err);
728 case TIFF_FLOAT:
729 {
730 float m;
731 TIFFReadDirEntryCheckedFloat(tif,direntry,&m);
732 *value=(double)m;
733 return(TIFFReadDirEntryErrOk);
734 }
735 case TIFF_DOUBLE:
736 err=TIFFReadDirEntryCheckedDouble(tif,direntry,value);
737 return(err);
738 default:
739 return(TIFFReadDirEntryErrType);
740 }
741 }
742
TIFFReadDirEntryIfd8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)743 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
744 {
745 enum TIFFReadDirEntryErr err;
746 if (direntry->tdir_count!=1)
747 return(TIFFReadDirEntryErrCount);
748 switch (direntry->tdir_type)
749 {
750 case TIFF_LONG:
751 case TIFF_IFD:
752 {
753 uint32 m;
754 TIFFReadDirEntryCheckedLong(tif,direntry,&m);
755 *value=(uint64)m;
756 return(TIFFReadDirEntryErrOk);
757 }
758 case TIFF_LONG8:
759 case TIFF_IFD8:
760 err=TIFFReadDirEntryCheckedLong8(tif,direntry,value);
761 return(err);
762 default:
763 return(TIFFReadDirEntryErrType);
764 }
765 }
766
TIFFReadDirEntryArray(TIFF * tif,TIFFDirEntry * direntry,uint32 * count,uint32 desttypesize,void ** value)767 static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* direntry, uint32* count, uint32 desttypesize, void** value)
768 {
769 int typesize;
770 uint32 datasize;
771 void* data;
772 typesize=TIFFDataWidth(direntry->tdir_type);
773 if ((direntry->tdir_count==0)||(typesize==0))
774 {
775 *value=0;
776 return(TIFFReadDirEntryErrOk);
777 }
778 (void) desttypesize;
779
780 /*
781 * As a sanity check, make sure we have no more than a 2GB tag array
782 * in either the current data type or the dest data type. This also
783 * avoids problems with overflow of tmsize_t on 32bit systems.
784 */
785 if ((uint64)(2147483647/typesize)<direntry->tdir_count)
786 return(TIFFReadDirEntryErrSizesan);
787 if ((uint64)(2147483647/desttypesize)<direntry->tdir_count)
788 return(TIFFReadDirEntryErrSizesan);
789
790 *count=(uint32)direntry->tdir_count;
791 datasize=(*count)*typesize;
792 assert((tmsize_t)datasize>0);
793 data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
794 if (data==0)
795 return(TIFFReadDirEntryErrAlloc);
796 if (!(tif->tif_flags&TIFF_BIGTIFF))
797 {
798 if (datasize<=4)
799 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
800 else
801 {
802 enum TIFFReadDirEntryErr err;
803 uint32 offset = direntry->tdir_offset.toff_long;
804 if (tif->tif_flags&TIFF_SWAB)
805 TIFFSwabLong(&offset);
806 err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
807 if (err!=TIFFReadDirEntryErrOk)
808 {
809 _TIFFfree(data);
810 return(err);
811 }
812 }
813 }
814 else
815 {
816 if (datasize<=8)
817 _TIFFmemcpy(data,&direntry->tdir_offset,datasize);
818 else
819 {
820 enum TIFFReadDirEntryErr err;
821 uint64 offset = direntry->tdir_offset.toff_long8;
822 if (tif->tif_flags&TIFF_SWAB)
823 TIFFSwabLong8(&offset);
824 err=TIFFReadDirEntryData(tif,offset,(tmsize_t)datasize,data);
825 if (err!=TIFFReadDirEntryErrOk)
826 {
827 _TIFFfree(data);
828 return(err);
829 }
830 }
831 }
832 *value=data;
833 return(TIFFReadDirEntryErrOk);
834 }
835
TIFFReadDirEntryByteArray(TIFF * tif,TIFFDirEntry * direntry,uint8 ** value)836 static enum TIFFReadDirEntryErr TIFFReadDirEntryByteArray(TIFF* tif, TIFFDirEntry* direntry, uint8** value)
837 {
838 enum TIFFReadDirEntryErr err;
839 uint32 count;
840 void* origdata;
841 uint8* data;
842 switch (direntry->tdir_type)
843 {
844 case TIFF_ASCII:
845 case TIFF_UNDEFINED:
846 case TIFF_BYTE:
847 case TIFF_SBYTE:
848 case TIFF_SHORT:
849 case TIFF_SSHORT:
850 case TIFF_LONG:
851 case TIFF_SLONG:
852 case TIFF_LONG8:
853 case TIFF_SLONG8:
854 break;
855 default:
856 return(TIFFReadDirEntryErrType);
857 }
858 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
859 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
860 {
861 *value=0;
862 return(err);
863 }
864 switch (direntry->tdir_type)
865 {
866 case TIFF_ASCII:
867 case TIFF_UNDEFINED:
868 case TIFF_BYTE:
869 *value=(uint8*)origdata;
870 return(TIFFReadDirEntryErrOk);
871 case TIFF_SBYTE:
872 {
873 int8* m;
874 uint32 n;
875 m=(int8*)origdata;
876 for (n=0; n<count; n++)
877 {
878 err=TIFFReadDirEntryCheckRangeByteSbyte(*m);
879 if (err!=TIFFReadDirEntryErrOk)
880 {
881 _TIFFfree(origdata);
882 return(err);
883 }
884 m++;
885 }
886 *value=(uint8*)origdata;
887 return(TIFFReadDirEntryErrOk);
888 }
889 }
890 data=(uint8*)_TIFFmalloc(count);
891 if (data==0)
892 {
893 _TIFFfree(origdata);
894 return(TIFFReadDirEntryErrAlloc);
895 }
896 switch (direntry->tdir_type)
897 {
898 case TIFF_SHORT:
899 {
900 uint16* ma;
901 uint8* mb;
902 uint32 n;
903 ma=(uint16*)origdata;
904 mb=data;
905 for (n=0; n<count; n++)
906 {
907 if (tif->tif_flags&TIFF_SWAB)
908 TIFFSwabShort(ma);
909 err=TIFFReadDirEntryCheckRangeByteShort(*ma);
910 if (err!=TIFFReadDirEntryErrOk)
911 break;
912 *mb++=(uint8)(*ma++);
913 }
914 }
915 break;
916 case TIFF_SSHORT:
917 {
918 int16* ma;
919 uint8* mb;
920 uint32 n;
921 ma=(int16*)origdata;
922 mb=data;
923 for (n=0; n<count; n++)
924 {
925 if (tif->tif_flags&TIFF_SWAB)
926 TIFFSwabShort((uint16*)ma);
927 err=TIFFReadDirEntryCheckRangeByteSshort(*ma);
928 if (err!=TIFFReadDirEntryErrOk)
929 break;
930 *mb++=(uint8)(*ma++);
931 }
932 }
933 break;
934 case TIFF_LONG:
935 {
936 uint32* ma;
937 uint8* mb;
938 uint32 n;
939 ma=(uint32*)origdata;
940 mb=data;
941 for (n=0; n<count; n++)
942 {
943 if (tif->tif_flags&TIFF_SWAB)
944 TIFFSwabLong(ma);
945 err=TIFFReadDirEntryCheckRangeByteLong(*ma);
946 if (err!=TIFFReadDirEntryErrOk)
947 break;
948 *mb++=(uint8)(*ma++);
949 }
950 }
951 break;
952 case TIFF_SLONG:
953 {
954 int32* ma;
955 uint8* mb;
956 uint32 n;
957 ma=(int32*)origdata;
958 mb=data;
959 for (n=0; n<count; n++)
960 {
961 if (tif->tif_flags&TIFF_SWAB)
962 TIFFSwabLong((uint32*)ma);
963 err=TIFFReadDirEntryCheckRangeByteSlong(*ma);
964 if (err!=TIFFReadDirEntryErrOk)
965 break;
966 *mb++=(uint8)(*ma++);
967 }
968 }
969 break;
970 case TIFF_LONG8:
971 {
972 uint64* ma;
973 uint8* mb;
974 uint32 n;
975 ma=(uint64*)origdata;
976 mb=data;
977 for (n=0; n<count; n++)
978 {
979 if (tif->tif_flags&TIFF_SWAB)
980 TIFFSwabLong8(ma);
981 err=TIFFReadDirEntryCheckRangeByteLong8(*ma);
982 if (err!=TIFFReadDirEntryErrOk)
983 break;
984 *mb++=(uint8)(*ma++);
985 }
986 }
987 break;
988 case TIFF_SLONG8:
989 {
990 int64* ma;
991 uint8* mb;
992 uint32 n;
993 ma=(int64*)origdata;
994 mb=data;
995 for (n=0; n<count; n++)
996 {
997 if (tif->tif_flags&TIFF_SWAB)
998 TIFFSwabLong8((uint64*)ma);
999 err=TIFFReadDirEntryCheckRangeByteSlong8(*ma);
1000 if (err!=TIFFReadDirEntryErrOk)
1001 break;
1002 *mb++=(uint8)(*ma++);
1003 }
1004 }
1005 break;
1006 }
1007 _TIFFfree(origdata);
1008 if (err!=TIFFReadDirEntryErrOk)
1009 {
1010 _TIFFfree(data);
1011 return(err);
1012 }
1013 *value=data;
1014 return(TIFFReadDirEntryErrOk);
1015 }
1016
TIFFReadDirEntrySbyteArray(TIFF * tif,TIFFDirEntry * direntry,int8 ** value)1017 static enum TIFFReadDirEntryErr TIFFReadDirEntrySbyteArray(TIFF* tif, TIFFDirEntry* direntry, int8** value)
1018 {
1019 enum TIFFReadDirEntryErr err;
1020 uint32 count;
1021 void* origdata;
1022 int8* data;
1023 switch (direntry->tdir_type)
1024 {
1025 case TIFF_UNDEFINED:
1026 case TIFF_BYTE:
1027 case TIFF_SBYTE:
1028 case TIFF_SHORT:
1029 case TIFF_SSHORT:
1030 case TIFF_LONG:
1031 case TIFF_SLONG:
1032 case TIFF_LONG8:
1033 case TIFF_SLONG8:
1034 break;
1035 default:
1036 return(TIFFReadDirEntryErrType);
1037 }
1038 err=TIFFReadDirEntryArray(tif,direntry,&count,1,&origdata);
1039 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1040 {
1041 *value=0;
1042 return(err);
1043 }
1044 switch (direntry->tdir_type)
1045 {
1046 case TIFF_UNDEFINED:
1047 case TIFF_BYTE:
1048 {
1049 uint8* m;
1050 uint32 n;
1051 m=(uint8*)origdata;
1052 for (n=0; n<count; n++)
1053 {
1054 err=TIFFReadDirEntryCheckRangeSbyteByte(*m);
1055 if (err!=TIFFReadDirEntryErrOk)
1056 {
1057 _TIFFfree(origdata);
1058 return(err);
1059 }
1060 m++;
1061 }
1062 *value=(int8*)origdata;
1063 return(TIFFReadDirEntryErrOk);
1064 }
1065 case TIFF_SBYTE:
1066 *value=(int8*)origdata;
1067 return(TIFFReadDirEntryErrOk);
1068 }
1069 data=(int8*)_TIFFmalloc(count);
1070 if (data==0)
1071 {
1072 _TIFFfree(origdata);
1073 return(TIFFReadDirEntryErrAlloc);
1074 }
1075 switch (direntry->tdir_type)
1076 {
1077 case TIFF_SHORT:
1078 {
1079 uint16* ma;
1080 int8* mb;
1081 uint32 n;
1082 ma=(uint16*)origdata;
1083 mb=data;
1084 for (n=0; n<count; n++)
1085 {
1086 if (tif->tif_flags&TIFF_SWAB)
1087 TIFFSwabShort(ma);
1088 err=TIFFReadDirEntryCheckRangeSbyteShort(*ma);
1089 if (err!=TIFFReadDirEntryErrOk)
1090 break;
1091 *mb++=(int8)(*ma++);
1092 }
1093 }
1094 break;
1095 case TIFF_SSHORT:
1096 {
1097 int16* ma;
1098 int8* mb;
1099 uint32 n;
1100 ma=(int16*)origdata;
1101 mb=data;
1102 for (n=0; n<count; n++)
1103 {
1104 if (tif->tif_flags&TIFF_SWAB)
1105 TIFFSwabShort((uint16*)ma);
1106 err=TIFFReadDirEntryCheckRangeSbyteSshort(*ma);
1107 if (err!=TIFFReadDirEntryErrOk)
1108 break;
1109 *mb++=(int8)(*ma++);
1110 }
1111 }
1112 break;
1113 case TIFF_LONG:
1114 {
1115 uint32* ma;
1116 int8* mb;
1117 uint32 n;
1118 ma=(uint32*)origdata;
1119 mb=data;
1120 for (n=0; n<count; n++)
1121 {
1122 if (tif->tif_flags&TIFF_SWAB)
1123 TIFFSwabLong(ma);
1124 err=TIFFReadDirEntryCheckRangeSbyteLong(*ma);
1125 if (err!=TIFFReadDirEntryErrOk)
1126 break;
1127 *mb++=(int8)(*ma++);
1128 }
1129 }
1130 break;
1131 case TIFF_SLONG:
1132 {
1133 int32* ma;
1134 int8* mb;
1135 uint32 n;
1136 ma=(int32*)origdata;
1137 mb=data;
1138 for (n=0; n<count; n++)
1139 {
1140 if (tif->tif_flags&TIFF_SWAB)
1141 TIFFSwabLong((uint32*)ma);
1142 err=TIFFReadDirEntryCheckRangeSbyteSlong(*ma);
1143 if (err!=TIFFReadDirEntryErrOk)
1144 break;
1145 *mb++=(int8)(*ma++);
1146 }
1147 }
1148 break;
1149 case TIFF_LONG8:
1150 {
1151 uint64* ma;
1152 int8* mb;
1153 uint32 n;
1154 ma=(uint64*)origdata;
1155 mb=data;
1156 for (n=0; n<count; n++)
1157 {
1158 if (tif->tif_flags&TIFF_SWAB)
1159 TIFFSwabLong8(ma);
1160 err=TIFFReadDirEntryCheckRangeSbyteLong8(*ma);
1161 if (err!=TIFFReadDirEntryErrOk)
1162 break;
1163 *mb++=(int8)(*ma++);
1164 }
1165 }
1166 break;
1167 case TIFF_SLONG8:
1168 {
1169 int64* ma;
1170 int8* mb;
1171 uint32 n;
1172 ma=(int64*)origdata;
1173 mb=data;
1174 for (n=0; n<count; n++)
1175 {
1176 if (tif->tif_flags&TIFF_SWAB)
1177 TIFFSwabLong8((uint64*)ma);
1178 err=TIFFReadDirEntryCheckRangeSbyteSlong8(*ma);
1179 if (err!=TIFFReadDirEntryErrOk)
1180 break;
1181 *mb++=(int8)(*ma++);
1182 }
1183 }
1184 break;
1185 }
1186 _TIFFfree(origdata);
1187 if (err!=TIFFReadDirEntryErrOk)
1188 {
1189 _TIFFfree(data);
1190 return(err);
1191 }
1192 *value=data;
1193 return(TIFFReadDirEntryErrOk);
1194 }
1195
TIFFReadDirEntryShortArray(TIFF * tif,TIFFDirEntry * direntry,uint16 ** value)1196 static enum TIFFReadDirEntryErr TIFFReadDirEntryShortArray(TIFF* tif, TIFFDirEntry* direntry, uint16** value)
1197 {
1198 enum TIFFReadDirEntryErr err;
1199 uint32 count;
1200 void* origdata;
1201 uint16* data;
1202 switch (direntry->tdir_type)
1203 {
1204 case TIFF_BYTE:
1205 case TIFF_SBYTE:
1206 case TIFF_SHORT:
1207 case TIFF_SSHORT:
1208 case TIFF_LONG:
1209 case TIFF_SLONG:
1210 case TIFF_LONG8:
1211 case TIFF_SLONG8:
1212 break;
1213 default:
1214 return(TIFFReadDirEntryErrType);
1215 }
1216 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1217 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1218 {
1219 *value=0;
1220 return(err);
1221 }
1222 switch (direntry->tdir_type)
1223 {
1224 case TIFF_SHORT:
1225 *value=(uint16*)origdata;
1226 if (tif->tif_flags&TIFF_SWAB)
1227 TIFFSwabArrayOfShort(*value,count);
1228 return(TIFFReadDirEntryErrOk);
1229 case TIFF_SSHORT:
1230 {
1231 int16* m;
1232 uint32 n;
1233 m=(int16*)origdata;
1234 for (n=0; n<count; n++)
1235 {
1236 if (tif->tif_flags&TIFF_SWAB)
1237 TIFFSwabShort((uint16*)m);
1238 err=TIFFReadDirEntryCheckRangeShortSshort(*m);
1239 if (err!=TIFFReadDirEntryErrOk)
1240 {
1241 _TIFFfree(origdata);
1242 return(err);
1243 }
1244 m++;
1245 }
1246 *value=(uint16*)origdata;
1247 return(TIFFReadDirEntryErrOk);
1248 }
1249 }
1250 data=(uint16*)_TIFFmalloc(count*2);
1251 if (data==0)
1252 {
1253 _TIFFfree(origdata);
1254 return(TIFFReadDirEntryErrAlloc);
1255 }
1256 switch (direntry->tdir_type)
1257 {
1258 case TIFF_BYTE:
1259 {
1260 uint8* ma;
1261 uint16* mb;
1262 uint32 n;
1263 ma=(uint8*)origdata;
1264 mb=data;
1265 for (n=0; n<count; n++)
1266 *mb++=(uint16)(*ma++);
1267 }
1268 break;
1269 case TIFF_SBYTE:
1270 {
1271 int8* ma;
1272 uint16* mb;
1273 uint32 n;
1274 ma=(int8*)origdata;
1275 mb=data;
1276 for (n=0; n<count; n++)
1277 {
1278 err=TIFFReadDirEntryCheckRangeShortSbyte(*ma);
1279 if (err!=TIFFReadDirEntryErrOk)
1280 break;
1281 *mb++=(uint16)(*ma++);
1282 }
1283 }
1284 break;
1285 case TIFF_LONG:
1286 {
1287 uint32* ma;
1288 uint16* mb;
1289 uint32 n;
1290 ma=(uint32*)origdata;
1291 mb=data;
1292 for (n=0; n<count; n++)
1293 {
1294 if (tif->tif_flags&TIFF_SWAB)
1295 TIFFSwabLong(ma);
1296 err=TIFFReadDirEntryCheckRangeShortLong(*ma);
1297 if (err!=TIFFReadDirEntryErrOk)
1298 break;
1299 *mb++=(uint16)(*ma++);
1300 }
1301 }
1302 break;
1303 case TIFF_SLONG:
1304 {
1305 int32* ma;
1306 uint16* mb;
1307 uint32 n;
1308 ma=(int32*)origdata;
1309 mb=data;
1310 for (n=0; n<count; n++)
1311 {
1312 if (tif->tif_flags&TIFF_SWAB)
1313 TIFFSwabLong((uint32*)ma);
1314 err=TIFFReadDirEntryCheckRangeShortSlong(*ma);
1315 if (err!=TIFFReadDirEntryErrOk)
1316 break;
1317 *mb++=(uint16)(*ma++);
1318 }
1319 }
1320 break;
1321 case TIFF_LONG8:
1322 {
1323 uint64* ma;
1324 uint16* mb;
1325 uint32 n;
1326 ma=(uint64*)origdata;
1327 mb=data;
1328 for (n=0; n<count; n++)
1329 {
1330 if (tif->tif_flags&TIFF_SWAB)
1331 TIFFSwabLong8(ma);
1332 err=TIFFReadDirEntryCheckRangeShortLong8(*ma);
1333 if (err!=TIFFReadDirEntryErrOk)
1334 break;
1335 *mb++=(uint16)(*ma++);
1336 }
1337 }
1338 break;
1339 case TIFF_SLONG8:
1340 {
1341 int64* ma;
1342 uint16* mb;
1343 uint32 n;
1344 ma=(int64*)origdata;
1345 mb=data;
1346 for (n=0; n<count; n++)
1347 {
1348 if (tif->tif_flags&TIFF_SWAB)
1349 TIFFSwabLong8((uint64*)ma);
1350 err=TIFFReadDirEntryCheckRangeShortSlong8(*ma);
1351 if (err!=TIFFReadDirEntryErrOk)
1352 break;
1353 *mb++=(uint16)(*ma++);
1354 }
1355 }
1356 break;
1357 }
1358 _TIFFfree(origdata);
1359 if (err!=TIFFReadDirEntryErrOk)
1360 {
1361 _TIFFfree(data);
1362 return(err);
1363 }
1364 *value=data;
1365 return(TIFFReadDirEntryErrOk);
1366 }
1367
TIFFReadDirEntrySshortArray(TIFF * tif,TIFFDirEntry * direntry,int16 ** value)1368 static enum TIFFReadDirEntryErr TIFFReadDirEntrySshortArray(TIFF* tif, TIFFDirEntry* direntry, int16** value)
1369 {
1370 enum TIFFReadDirEntryErr err;
1371 uint32 count;
1372 void* origdata;
1373 int16* data;
1374 switch (direntry->tdir_type)
1375 {
1376 case TIFF_BYTE:
1377 case TIFF_SBYTE:
1378 case TIFF_SHORT:
1379 case TIFF_SSHORT:
1380 case TIFF_LONG:
1381 case TIFF_SLONG:
1382 case TIFF_LONG8:
1383 case TIFF_SLONG8:
1384 break;
1385 default:
1386 return(TIFFReadDirEntryErrType);
1387 }
1388 err=TIFFReadDirEntryArray(tif,direntry,&count,2,&origdata);
1389 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1390 {
1391 *value=0;
1392 return(err);
1393 }
1394 switch (direntry->tdir_type)
1395 {
1396 case TIFF_SHORT:
1397 {
1398 uint16* m;
1399 uint32 n;
1400 m=(uint16*)origdata;
1401 for (n=0; n<count; n++)
1402 {
1403 if (tif->tif_flags&TIFF_SWAB)
1404 TIFFSwabShort(m);
1405 err=TIFFReadDirEntryCheckRangeSshortShort(*m);
1406 if (err!=TIFFReadDirEntryErrOk)
1407 {
1408 _TIFFfree(origdata);
1409 return(err);
1410 }
1411 m++;
1412 }
1413 *value=(int16*)origdata;
1414 return(TIFFReadDirEntryErrOk);
1415 }
1416 case TIFF_SSHORT:
1417 *value=(int16*)origdata;
1418 if (tif->tif_flags&TIFF_SWAB)
1419 TIFFSwabArrayOfShort((uint16*)(*value),count);
1420 return(TIFFReadDirEntryErrOk);
1421 }
1422 data=(int16*)_TIFFmalloc(count*2);
1423 if (data==0)
1424 {
1425 _TIFFfree(origdata);
1426 return(TIFFReadDirEntryErrAlloc);
1427 }
1428 switch (direntry->tdir_type)
1429 {
1430 case TIFF_BYTE:
1431 {
1432 uint8* ma;
1433 int16* mb;
1434 uint32 n;
1435 ma=(uint8*)origdata;
1436 mb=data;
1437 for (n=0; n<count; n++)
1438 *mb++=(int16)(*ma++);
1439 }
1440 break;
1441 case TIFF_SBYTE:
1442 {
1443 int8* ma;
1444 int16* mb;
1445 uint32 n;
1446 ma=(int8*)origdata;
1447 mb=data;
1448 for (n=0; n<count; n++)
1449 *mb++=(int16)(*ma++);
1450 }
1451 break;
1452 case TIFF_LONG:
1453 {
1454 uint32* ma;
1455 int16* mb;
1456 uint32 n;
1457 ma=(uint32*)origdata;
1458 mb=data;
1459 for (n=0; n<count; n++)
1460 {
1461 if (tif->tif_flags&TIFF_SWAB)
1462 TIFFSwabLong(ma);
1463 err=TIFFReadDirEntryCheckRangeSshortLong(*ma);
1464 if (err!=TIFFReadDirEntryErrOk)
1465 break;
1466 *mb++=(int16)(*ma++);
1467 }
1468 }
1469 break;
1470 case TIFF_SLONG:
1471 {
1472 int32* ma;
1473 int16* mb;
1474 uint32 n;
1475 ma=(int32*)origdata;
1476 mb=data;
1477 for (n=0; n<count; n++)
1478 {
1479 if (tif->tif_flags&TIFF_SWAB)
1480 TIFFSwabLong((uint32*)ma);
1481 err=TIFFReadDirEntryCheckRangeSshortSlong(*ma);
1482 if (err!=TIFFReadDirEntryErrOk)
1483 break;
1484 *mb++=(int16)(*ma++);
1485 }
1486 }
1487 break;
1488 case TIFF_LONG8:
1489 {
1490 uint64* ma;
1491 int16* mb;
1492 uint32 n;
1493 ma=(uint64*)origdata;
1494 mb=data;
1495 for (n=0; n<count; n++)
1496 {
1497 if (tif->tif_flags&TIFF_SWAB)
1498 TIFFSwabLong8(ma);
1499 err=TIFFReadDirEntryCheckRangeSshortLong8(*ma);
1500 if (err!=TIFFReadDirEntryErrOk)
1501 break;
1502 *mb++=(int16)(*ma++);
1503 }
1504 }
1505 break;
1506 case TIFF_SLONG8:
1507 {
1508 int64* ma;
1509 int16* mb;
1510 uint32 n;
1511 ma=(int64*)origdata;
1512 mb=data;
1513 for (n=0; n<count; n++)
1514 {
1515 if (tif->tif_flags&TIFF_SWAB)
1516 TIFFSwabLong8((uint64*)ma);
1517 err=TIFFReadDirEntryCheckRangeSshortSlong8(*ma);
1518 if (err!=TIFFReadDirEntryErrOk)
1519 break;
1520 *mb++=(int16)(*ma++);
1521 }
1522 }
1523 break;
1524 }
1525 _TIFFfree(origdata);
1526 if (err!=TIFFReadDirEntryErrOk)
1527 {
1528 _TIFFfree(data);
1529 return(err);
1530 }
1531 *value=data;
1532 return(TIFFReadDirEntryErrOk);
1533 }
1534
TIFFReadDirEntryLongArray(TIFF * tif,TIFFDirEntry * direntry,uint32 ** value)1535 static enum TIFFReadDirEntryErr TIFFReadDirEntryLongArray(TIFF* tif, TIFFDirEntry* direntry, uint32** value)
1536 {
1537 enum TIFFReadDirEntryErr err;
1538 uint32 count;
1539 void* origdata;
1540 uint32* data;
1541 switch (direntry->tdir_type)
1542 {
1543 case TIFF_BYTE:
1544 case TIFF_SBYTE:
1545 case TIFF_SHORT:
1546 case TIFF_SSHORT:
1547 case TIFF_LONG:
1548 case TIFF_SLONG:
1549 case TIFF_LONG8:
1550 case TIFF_SLONG8:
1551 break;
1552 default:
1553 return(TIFFReadDirEntryErrType);
1554 }
1555 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1556 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1557 {
1558 *value=0;
1559 return(err);
1560 }
1561 switch (direntry->tdir_type)
1562 {
1563 case TIFF_LONG:
1564 *value=(uint32*)origdata;
1565 if (tif->tif_flags&TIFF_SWAB)
1566 TIFFSwabArrayOfLong(*value,count);
1567 return(TIFFReadDirEntryErrOk);
1568 case TIFF_SLONG:
1569 {
1570 int32* m;
1571 uint32 n;
1572 m=(int32*)origdata;
1573 for (n=0; n<count; n++)
1574 {
1575 if (tif->tif_flags&TIFF_SWAB)
1576 TIFFSwabLong((uint32*)m);
1577 err=TIFFReadDirEntryCheckRangeLongSlong(*m);
1578 if (err!=TIFFReadDirEntryErrOk)
1579 {
1580 _TIFFfree(origdata);
1581 return(err);
1582 }
1583 m++;
1584 }
1585 *value=(uint32*)origdata;
1586 return(TIFFReadDirEntryErrOk);
1587 }
1588 }
1589 data=(uint32*)_TIFFmalloc(count*4);
1590 if (data==0)
1591 {
1592 _TIFFfree(origdata);
1593 return(TIFFReadDirEntryErrAlloc);
1594 }
1595 switch (direntry->tdir_type)
1596 {
1597 case TIFF_BYTE:
1598 {
1599 uint8* ma;
1600 uint32* mb;
1601 uint32 n;
1602 ma=(uint8*)origdata;
1603 mb=data;
1604 for (n=0; n<count; n++)
1605 *mb++=(uint32)(*ma++);
1606 }
1607 break;
1608 case TIFF_SBYTE:
1609 {
1610 int8* ma;
1611 uint32* mb;
1612 uint32 n;
1613 ma=(int8*)origdata;
1614 mb=data;
1615 for (n=0; n<count; n++)
1616 {
1617 err=TIFFReadDirEntryCheckRangeLongSbyte(*ma);
1618 if (err!=TIFFReadDirEntryErrOk)
1619 break;
1620 *mb++=(uint32)(*ma++);
1621 }
1622 }
1623 break;
1624 case TIFF_SHORT:
1625 {
1626 uint16* ma;
1627 uint32* mb;
1628 uint32 n;
1629 ma=(uint16*)origdata;
1630 mb=data;
1631 for (n=0; n<count; n++)
1632 {
1633 if (tif->tif_flags&TIFF_SWAB)
1634 TIFFSwabShort(ma);
1635 *mb++=(uint32)(*ma++);
1636 }
1637 }
1638 break;
1639 case TIFF_SSHORT:
1640 {
1641 int16* ma;
1642 uint32* mb;
1643 uint32 n;
1644 ma=(int16*)origdata;
1645 mb=data;
1646 for (n=0; n<count; n++)
1647 {
1648 if (tif->tif_flags&TIFF_SWAB)
1649 TIFFSwabShort((uint16*)ma);
1650 err=TIFFReadDirEntryCheckRangeLongSshort(*ma);
1651 if (err!=TIFFReadDirEntryErrOk)
1652 break;
1653 *mb++=(uint32)(*ma++);
1654 }
1655 }
1656 break;
1657 case TIFF_LONG8:
1658 {
1659 uint64* ma;
1660 uint32* mb;
1661 uint32 n;
1662 ma=(uint64*)origdata;
1663 mb=data;
1664 for (n=0; n<count; n++)
1665 {
1666 if (tif->tif_flags&TIFF_SWAB)
1667 TIFFSwabLong8(ma);
1668 err=TIFFReadDirEntryCheckRangeLongLong8(*ma);
1669 if (err!=TIFFReadDirEntryErrOk)
1670 break;
1671 *mb++=(uint32)(*ma++);
1672 }
1673 }
1674 break;
1675 case TIFF_SLONG8:
1676 {
1677 int64* ma;
1678 uint32* mb;
1679 uint32 n;
1680 ma=(int64*)origdata;
1681 mb=data;
1682 for (n=0; n<count; n++)
1683 {
1684 if (tif->tif_flags&TIFF_SWAB)
1685 TIFFSwabLong8((uint64*)ma);
1686 err=TIFFReadDirEntryCheckRangeLongSlong8(*ma);
1687 if (err!=TIFFReadDirEntryErrOk)
1688 break;
1689 *mb++=(uint32)(*ma++);
1690 }
1691 }
1692 break;
1693 }
1694 _TIFFfree(origdata);
1695 if (err!=TIFFReadDirEntryErrOk)
1696 {
1697 _TIFFfree(data);
1698 return(err);
1699 }
1700 *value=data;
1701 return(TIFFReadDirEntryErrOk);
1702 }
1703
TIFFReadDirEntrySlongArray(TIFF * tif,TIFFDirEntry * direntry,int32 ** value)1704 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlongArray(TIFF* tif, TIFFDirEntry* direntry, int32** value)
1705 {
1706 enum TIFFReadDirEntryErr err;
1707 uint32 count;
1708 void* origdata;
1709 int32* data;
1710 switch (direntry->tdir_type)
1711 {
1712 case TIFF_BYTE:
1713 case TIFF_SBYTE:
1714 case TIFF_SHORT:
1715 case TIFF_SSHORT:
1716 case TIFF_LONG:
1717 case TIFF_SLONG:
1718 case TIFF_LONG8:
1719 case TIFF_SLONG8:
1720 break;
1721 default:
1722 return(TIFFReadDirEntryErrType);
1723 }
1724 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
1725 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1726 {
1727 *value=0;
1728 return(err);
1729 }
1730 switch (direntry->tdir_type)
1731 {
1732 case TIFF_LONG:
1733 {
1734 uint32* m;
1735 uint32 n;
1736 m=(uint32*)origdata;
1737 for (n=0; n<count; n++)
1738 {
1739 if (tif->tif_flags&TIFF_SWAB)
1740 TIFFSwabLong((uint32*)m);
1741 err=TIFFReadDirEntryCheckRangeSlongLong(*m);
1742 if (err!=TIFFReadDirEntryErrOk)
1743 {
1744 _TIFFfree(origdata);
1745 return(err);
1746 }
1747 m++;
1748 }
1749 *value=(int32*)origdata;
1750 return(TIFFReadDirEntryErrOk);
1751 }
1752 case TIFF_SLONG:
1753 *value=(int32*)origdata;
1754 if (tif->tif_flags&TIFF_SWAB)
1755 TIFFSwabArrayOfLong((uint32*)(*value),count);
1756 return(TIFFReadDirEntryErrOk);
1757 }
1758 data=(int32*)_TIFFmalloc(count*4);
1759 if (data==0)
1760 {
1761 _TIFFfree(origdata);
1762 return(TIFFReadDirEntryErrAlloc);
1763 }
1764 switch (direntry->tdir_type)
1765 {
1766 case TIFF_BYTE:
1767 {
1768 uint8* ma;
1769 int32* mb;
1770 uint32 n;
1771 ma=(uint8*)origdata;
1772 mb=data;
1773 for (n=0; n<count; n++)
1774 *mb++=(int32)(*ma++);
1775 }
1776 break;
1777 case TIFF_SBYTE:
1778 {
1779 int8* ma;
1780 int32* mb;
1781 uint32 n;
1782 ma=(int8*)origdata;
1783 mb=data;
1784 for (n=0; n<count; n++)
1785 *mb++=(int32)(*ma++);
1786 }
1787 break;
1788 case TIFF_SHORT:
1789 {
1790 uint16* ma;
1791 int32* mb;
1792 uint32 n;
1793 ma=(uint16*)origdata;
1794 mb=data;
1795 for (n=0; n<count; n++)
1796 {
1797 if (tif->tif_flags&TIFF_SWAB)
1798 TIFFSwabShort(ma);
1799 *mb++=(int32)(*ma++);
1800 }
1801 }
1802 break;
1803 case TIFF_SSHORT:
1804 {
1805 int16* ma;
1806 int32* mb;
1807 uint32 n;
1808 ma=(int16*)origdata;
1809 mb=data;
1810 for (n=0; n<count; n++)
1811 {
1812 if (tif->tif_flags&TIFF_SWAB)
1813 TIFFSwabShort((uint16*)ma);
1814 *mb++=(int32)(*ma++);
1815 }
1816 }
1817 break;
1818 case TIFF_LONG8:
1819 {
1820 uint64* ma;
1821 int32* mb;
1822 uint32 n;
1823 ma=(uint64*)origdata;
1824 mb=data;
1825 for (n=0; n<count; n++)
1826 {
1827 if (tif->tif_flags&TIFF_SWAB)
1828 TIFFSwabLong8(ma);
1829 err=TIFFReadDirEntryCheckRangeSlongLong8(*ma);
1830 if (err!=TIFFReadDirEntryErrOk)
1831 break;
1832 *mb++=(int32)(*ma++);
1833 }
1834 }
1835 break;
1836 case TIFF_SLONG8:
1837 {
1838 int64* ma;
1839 int32* mb;
1840 uint32 n;
1841 ma=(int64*)origdata;
1842 mb=data;
1843 for (n=0; n<count; n++)
1844 {
1845 if (tif->tif_flags&TIFF_SWAB)
1846 TIFFSwabLong8((uint64*)ma);
1847 err=TIFFReadDirEntryCheckRangeSlongSlong8(*ma);
1848 if (err!=TIFFReadDirEntryErrOk)
1849 break;
1850 *mb++=(int32)(*ma++);
1851 }
1852 }
1853 break;
1854 }
1855 _TIFFfree(origdata);
1856 if (err!=TIFFReadDirEntryErrOk)
1857 {
1858 _TIFFfree(data);
1859 return(err);
1860 }
1861 *value=data;
1862 return(TIFFReadDirEntryErrOk);
1863 }
1864
TIFFReadDirEntryLong8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)1865 static enum TIFFReadDirEntryErr TIFFReadDirEntryLong8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
1866 {
1867 enum TIFFReadDirEntryErr err;
1868 uint32 count;
1869 void* origdata;
1870 uint64* data;
1871 switch (direntry->tdir_type)
1872 {
1873 case TIFF_BYTE:
1874 case TIFF_SBYTE:
1875 case TIFF_SHORT:
1876 case TIFF_SSHORT:
1877 case TIFF_LONG:
1878 case TIFF_SLONG:
1879 case TIFF_LONG8:
1880 case TIFF_SLONG8:
1881 break;
1882 default:
1883 return(TIFFReadDirEntryErrType);
1884 }
1885 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
1886 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
1887 {
1888 *value=0;
1889 return(err);
1890 }
1891 switch (direntry->tdir_type)
1892 {
1893 case TIFF_LONG8:
1894 *value=(uint64*)origdata;
1895 if (tif->tif_flags&TIFF_SWAB)
1896 TIFFSwabArrayOfLong8(*value,count);
1897 return(TIFFReadDirEntryErrOk);
1898 case TIFF_SLONG8:
1899 {
1900 int64* m;
1901 uint32 n;
1902 m=(int64*)origdata;
1903 for (n=0; n<count; n++)
1904 {
1905 if (tif->tif_flags&TIFF_SWAB)
1906 TIFFSwabLong8((uint64*)m);
1907 err=TIFFReadDirEntryCheckRangeLong8Slong8(*m);
1908 if (err!=TIFFReadDirEntryErrOk)
1909 {
1910 _TIFFfree(origdata);
1911 return(err);
1912 }
1913 m++;
1914 }
1915 *value=(uint64*)origdata;
1916 return(TIFFReadDirEntryErrOk);
1917 }
1918 }
1919 data=(uint64*)_TIFFmalloc(count*8);
1920 if (data==0)
1921 {
1922 _TIFFfree(origdata);
1923 return(TIFFReadDirEntryErrAlloc);
1924 }
1925 switch (direntry->tdir_type)
1926 {
1927 case TIFF_BYTE:
1928 {
1929 uint8* ma;
1930 uint64* mb;
1931 uint32 n;
1932 ma=(uint8*)origdata;
1933 mb=data;
1934 for (n=0; n<count; n++)
1935 *mb++=(uint64)(*ma++);
1936 }
1937 break;
1938 case TIFF_SBYTE:
1939 {
1940 int8* ma;
1941 uint64* mb;
1942 uint32 n;
1943 ma=(int8*)origdata;
1944 mb=data;
1945 for (n=0; n<count; n++)
1946 {
1947 err=TIFFReadDirEntryCheckRangeLong8Sbyte(*ma);
1948 if (err!=TIFFReadDirEntryErrOk)
1949 break;
1950 *mb++=(uint64)(*ma++);
1951 }
1952 }
1953 break;
1954 case TIFF_SHORT:
1955 {
1956 uint16* ma;
1957 uint64* mb;
1958 uint32 n;
1959 ma=(uint16*)origdata;
1960 mb=data;
1961 for (n=0; n<count; n++)
1962 {
1963 if (tif->tif_flags&TIFF_SWAB)
1964 TIFFSwabShort(ma);
1965 *mb++=(uint64)(*ma++);
1966 }
1967 }
1968 break;
1969 case TIFF_SSHORT:
1970 {
1971 int16* ma;
1972 uint64* mb;
1973 uint32 n;
1974 ma=(int16*)origdata;
1975 mb=data;
1976 for (n=0; n<count; n++)
1977 {
1978 if (tif->tif_flags&TIFF_SWAB)
1979 TIFFSwabShort((uint16*)ma);
1980 err=TIFFReadDirEntryCheckRangeLong8Sshort(*ma);
1981 if (err!=TIFFReadDirEntryErrOk)
1982 break;
1983 *mb++=(uint64)(*ma++);
1984 }
1985 }
1986 break;
1987 case TIFF_LONG:
1988 {
1989 uint32* ma;
1990 uint64* mb;
1991 uint32 n;
1992 ma=(uint32*)origdata;
1993 mb=data;
1994 for (n=0; n<count; n++)
1995 {
1996 if (tif->tif_flags&TIFF_SWAB)
1997 TIFFSwabLong(ma);
1998 *mb++=(uint64)(*ma++);
1999 }
2000 }
2001 break;
2002 case TIFF_SLONG:
2003 {
2004 int32* ma;
2005 uint64* mb;
2006 uint32 n;
2007 ma=(int32*)origdata;
2008 mb=data;
2009 for (n=0; n<count; n++)
2010 {
2011 if (tif->tif_flags&TIFF_SWAB)
2012 TIFFSwabLong((uint32*)ma);
2013 err=TIFFReadDirEntryCheckRangeLong8Slong(*ma);
2014 if (err!=TIFFReadDirEntryErrOk)
2015 break;
2016 *mb++=(uint64)(*ma++);
2017 }
2018 }
2019 break;
2020 }
2021 _TIFFfree(origdata);
2022 if (err!=TIFFReadDirEntryErrOk)
2023 {
2024 _TIFFfree(data);
2025 return(err);
2026 }
2027 *value=data;
2028 return(TIFFReadDirEntryErrOk);
2029 }
2030
TIFFReadDirEntrySlong8Array(TIFF * tif,TIFFDirEntry * direntry,int64 ** value)2031 static enum TIFFReadDirEntryErr TIFFReadDirEntrySlong8Array(TIFF* tif, TIFFDirEntry* direntry, int64** value)
2032 {
2033 enum TIFFReadDirEntryErr err;
2034 uint32 count;
2035 void* origdata;
2036 int64* data;
2037 switch (direntry->tdir_type)
2038 {
2039 case TIFF_BYTE:
2040 case TIFF_SBYTE:
2041 case TIFF_SHORT:
2042 case TIFF_SSHORT:
2043 case TIFF_LONG:
2044 case TIFF_SLONG:
2045 case TIFF_LONG8:
2046 case TIFF_SLONG8:
2047 break;
2048 default:
2049 return(TIFFReadDirEntryErrType);
2050 }
2051 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2052 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2053 {
2054 *value=0;
2055 return(err);
2056 }
2057 switch (direntry->tdir_type)
2058 {
2059 case TIFF_LONG8:
2060 {
2061 uint64* m;
2062 uint32 n;
2063 m=(uint64*)origdata;
2064 for (n=0; n<count; n++)
2065 {
2066 if (tif->tif_flags&TIFF_SWAB)
2067 TIFFSwabLong8(m);
2068 err=TIFFReadDirEntryCheckRangeSlong8Long8(*m);
2069 if (err!=TIFFReadDirEntryErrOk)
2070 {
2071 _TIFFfree(origdata);
2072 return(err);
2073 }
2074 m++;
2075 }
2076 *value=(int64*)origdata;
2077 return(TIFFReadDirEntryErrOk);
2078 }
2079 case TIFF_SLONG8:
2080 *value=(int64*)origdata;
2081 if (tif->tif_flags&TIFF_SWAB)
2082 TIFFSwabArrayOfLong8((uint64*)(*value),count);
2083 return(TIFFReadDirEntryErrOk);
2084 }
2085 data=(int64*)_TIFFmalloc(count*8);
2086 if (data==0)
2087 {
2088 _TIFFfree(origdata);
2089 return(TIFFReadDirEntryErrAlloc);
2090 }
2091 switch (direntry->tdir_type)
2092 {
2093 case TIFF_BYTE:
2094 {
2095 uint8* ma;
2096 int64* mb;
2097 uint32 n;
2098 ma=(uint8*)origdata;
2099 mb=data;
2100 for (n=0; n<count; n++)
2101 *mb++=(int64)(*ma++);
2102 }
2103 break;
2104 case TIFF_SBYTE:
2105 {
2106 int8* ma;
2107 int64* mb;
2108 uint32 n;
2109 ma=(int8*)origdata;
2110 mb=data;
2111 for (n=0; n<count; n++)
2112 *mb++=(int64)(*ma++);
2113 }
2114 break;
2115 case TIFF_SHORT:
2116 {
2117 uint16* ma;
2118 int64* mb;
2119 uint32 n;
2120 ma=(uint16*)origdata;
2121 mb=data;
2122 for (n=0; n<count; n++)
2123 {
2124 if (tif->tif_flags&TIFF_SWAB)
2125 TIFFSwabShort(ma);
2126 *mb++=(int64)(*ma++);
2127 }
2128 }
2129 break;
2130 case TIFF_SSHORT:
2131 {
2132 int16* ma;
2133 int64* mb;
2134 uint32 n;
2135 ma=(int16*)origdata;
2136 mb=data;
2137 for (n=0; n<count; n++)
2138 {
2139 if (tif->tif_flags&TIFF_SWAB)
2140 TIFFSwabShort((uint16*)ma);
2141 *mb++=(int64)(*ma++);
2142 }
2143 }
2144 break;
2145 case TIFF_LONG:
2146 {
2147 uint32* ma;
2148 int64* mb;
2149 uint32 n;
2150 ma=(uint32*)origdata;
2151 mb=data;
2152 for (n=0; n<count; n++)
2153 {
2154 if (tif->tif_flags&TIFF_SWAB)
2155 TIFFSwabLong(ma);
2156 *mb++=(int64)(*ma++);
2157 }
2158 }
2159 break;
2160 case TIFF_SLONG:
2161 {
2162 int32* ma;
2163 int64* mb;
2164 uint32 n;
2165 ma=(int32*)origdata;
2166 mb=data;
2167 for (n=0; n<count; n++)
2168 {
2169 if (tif->tif_flags&TIFF_SWAB)
2170 TIFFSwabLong((uint32*)ma);
2171 *mb++=(int64)(*ma++);
2172 }
2173 }
2174 break;
2175 }
2176 _TIFFfree(origdata);
2177 *value=data;
2178 return(TIFFReadDirEntryErrOk);
2179 }
2180
TIFFReadDirEntryFloatArray(TIFF * tif,TIFFDirEntry * direntry,float ** value)2181 static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEntry* direntry, float** value)
2182 {
2183 enum TIFFReadDirEntryErr err;
2184 uint32 count;
2185 void* origdata;
2186 float* data;
2187 switch (direntry->tdir_type)
2188 {
2189 case TIFF_BYTE:
2190 case TIFF_SBYTE:
2191 case TIFF_SHORT:
2192 case TIFF_SSHORT:
2193 case TIFF_LONG:
2194 case TIFF_SLONG:
2195 case TIFF_LONG8:
2196 case TIFF_SLONG8:
2197 case TIFF_RATIONAL:
2198 case TIFF_SRATIONAL:
2199 case TIFF_FLOAT:
2200 case TIFF_DOUBLE:
2201 break;
2202 default:
2203 return(TIFFReadDirEntryErrType);
2204 }
2205 err=TIFFReadDirEntryArray(tif,direntry,&count,4,&origdata);
2206 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2207 {
2208 *value=0;
2209 return(err);
2210 }
2211 switch (direntry->tdir_type)
2212 {
2213 case TIFF_FLOAT:
2214 if (tif->tif_flags&TIFF_SWAB)
2215 TIFFSwabArrayOfLong((uint32*)origdata,count);
2216 TIFFCvtIEEEDoubleToNative(tif,count,(float*)origdata);
2217 *value=(float*)origdata;
2218 return(TIFFReadDirEntryErrOk);
2219 }
2220 data=(float*)_TIFFmalloc(count*sizeof(float));
2221 if (data==0)
2222 {
2223 _TIFFfree(origdata);
2224 return(TIFFReadDirEntryErrAlloc);
2225 }
2226 switch (direntry->tdir_type)
2227 {
2228 case TIFF_BYTE:
2229 {
2230 uint8* ma;
2231 float* mb;
2232 uint32 n;
2233 ma=(uint8*)origdata;
2234 mb=data;
2235 for (n=0; n<count; n++)
2236 *mb++=(float)(*ma++);
2237 }
2238 break;
2239 case TIFF_SBYTE:
2240 {
2241 int8* ma;
2242 float* mb;
2243 uint32 n;
2244 ma=(int8*)origdata;
2245 mb=data;
2246 for (n=0; n<count; n++)
2247 *mb++=(float)(*ma++);
2248 }
2249 break;
2250 case TIFF_SHORT:
2251 {
2252 uint16* ma;
2253 float* mb;
2254 uint32 n;
2255 ma=(uint16*)origdata;
2256 mb=data;
2257 for (n=0; n<count; n++)
2258 {
2259 if (tif->tif_flags&TIFF_SWAB)
2260 TIFFSwabShort(ma);
2261 *mb++=(float)(*ma++);
2262 }
2263 }
2264 break;
2265 case TIFF_SSHORT:
2266 {
2267 int16* ma;
2268 float* mb;
2269 uint32 n;
2270 ma=(int16*)origdata;
2271 mb=data;
2272 for (n=0; n<count; n++)
2273 {
2274 if (tif->tif_flags&TIFF_SWAB)
2275 TIFFSwabShort((uint16*)ma);
2276 *mb++=(float)(*ma++);
2277 }
2278 }
2279 break;
2280 case TIFF_LONG:
2281 {
2282 uint32* ma;
2283 float* mb;
2284 uint32 n;
2285 ma=(uint32*)origdata;
2286 mb=data;
2287 for (n=0; n<count; n++)
2288 {
2289 if (tif->tif_flags&TIFF_SWAB)
2290 TIFFSwabLong(ma);
2291 *mb++=(float)(*ma++);
2292 }
2293 }
2294 break;
2295 case TIFF_SLONG:
2296 {
2297 int32* ma;
2298 float* mb;
2299 uint32 n;
2300 ma=(int32*)origdata;
2301 mb=data;
2302 for (n=0; n<count; n++)
2303 {
2304 if (tif->tif_flags&TIFF_SWAB)
2305 TIFFSwabLong((uint32*)ma);
2306 *mb++=(float)(*ma++);
2307 }
2308 }
2309 break;
2310 case TIFF_LONG8:
2311 {
2312 uint64* ma;
2313 float* mb;
2314 uint32 n;
2315 ma=(uint64*)origdata;
2316 mb=data;
2317 for (n=0; n<count; n++)
2318 {
2319 if (tif->tif_flags&TIFF_SWAB)
2320 TIFFSwabLong8(ma);
2321 #if defined(__WIN32__) && (_MSC_VER < 1500)
2322 /*
2323 * XXX: MSVC 6.0 does not support
2324 * conversion of 64-bit integers into
2325 * floating point values.
2326 */
2327 *mb++ = _TIFFUInt64ToFloat(*ma++);
2328 #else
2329 *mb++ = (float)(*ma++);
2330 #endif
2331 }
2332 }
2333 break;
2334 case TIFF_SLONG8:
2335 {
2336 int64* ma;
2337 float* mb;
2338 uint32 n;
2339 ma=(int64*)origdata;
2340 mb=data;
2341 for (n=0; n<count; n++)
2342 {
2343 if (tif->tif_flags&TIFF_SWAB)
2344 TIFFSwabLong8((uint64*)ma);
2345 *mb++=(float)(*ma++);
2346 }
2347 }
2348 break;
2349 case TIFF_RATIONAL:
2350 {
2351 uint32* ma;
2352 uint32 maa;
2353 uint32 mab;
2354 float* mb;
2355 uint32 n;
2356 ma=(uint32*)origdata;
2357 mb=data;
2358 for (n=0; n<count; n++)
2359 {
2360 if (tif->tif_flags&TIFF_SWAB)
2361 TIFFSwabLong(ma);
2362 maa=*ma++;
2363 if (tif->tif_flags&TIFF_SWAB)
2364 TIFFSwabLong(ma);
2365 mab=*ma++;
2366 if (mab==0)
2367 *mb++=0.0;
2368 else
2369 *mb++=(float)maa/(float)mab;
2370 }
2371 }
2372 break;
2373 case TIFF_SRATIONAL:
2374 {
2375 uint32* ma;
2376 int32 maa;
2377 uint32 mab;
2378 float* mb;
2379 uint32 n;
2380 ma=(uint32*)origdata;
2381 mb=data;
2382 for (n=0; n<count; n++)
2383 {
2384 if (tif->tif_flags&TIFF_SWAB)
2385 TIFFSwabLong(ma);
2386 maa=*(int32*)ma;
2387 ma++;
2388 if (tif->tif_flags&TIFF_SWAB)
2389 TIFFSwabLong(ma);
2390 mab=*ma++;
2391 if (mab==0)
2392 *mb++=0.0;
2393 else
2394 *mb++=(float)maa/(float)mab;
2395 }
2396 }
2397 break;
2398 case TIFF_DOUBLE:
2399 {
2400 double* ma;
2401 float* mb;
2402 uint32 n;
2403 if (tif->tif_flags&TIFF_SWAB)
2404 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2405 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2406 ma=(double*)origdata;
2407 mb=data;
2408 for (n=0; n<count; n++)
2409 *mb++=(float)(*ma++);
2410 }
2411 break;
2412 }
2413 _TIFFfree(origdata);
2414 *value=data;
2415 return(TIFFReadDirEntryErrOk);
2416 }
2417
2418 static enum TIFFReadDirEntryErr
TIFFReadDirEntryDoubleArray(TIFF * tif,TIFFDirEntry * direntry,double ** value)2419 TIFFReadDirEntryDoubleArray(TIFF* tif, TIFFDirEntry* direntry, double** value)
2420 {
2421 enum TIFFReadDirEntryErr err;
2422 uint32 count;
2423 void* origdata;
2424 double* data;
2425 switch (direntry->tdir_type)
2426 {
2427 case TIFF_BYTE:
2428 case TIFF_SBYTE:
2429 case TIFF_SHORT:
2430 case TIFF_SSHORT:
2431 case TIFF_LONG:
2432 case TIFF_SLONG:
2433 case TIFF_LONG8:
2434 case TIFF_SLONG8:
2435 case TIFF_RATIONAL:
2436 case TIFF_SRATIONAL:
2437 case TIFF_FLOAT:
2438 case TIFF_DOUBLE:
2439 break;
2440 default:
2441 return(TIFFReadDirEntryErrType);
2442 }
2443 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2444 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2445 {
2446 *value=0;
2447 return(err);
2448 }
2449 switch (direntry->tdir_type)
2450 {
2451 case TIFF_DOUBLE:
2452 if (tif->tif_flags&TIFF_SWAB)
2453 TIFFSwabArrayOfLong8((uint64*)origdata,count);
2454 TIFFCvtIEEEDoubleToNative(tif,count,(double*)origdata);
2455 *value=(double*)origdata;
2456 return(TIFFReadDirEntryErrOk);
2457 }
2458 data=(double*)_TIFFmalloc(count*sizeof(double));
2459 if (data==0)
2460 {
2461 _TIFFfree(origdata);
2462 return(TIFFReadDirEntryErrAlloc);
2463 }
2464 switch (direntry->tdir_type)
2465 {
2466 case TIFF_BYTE:
2467 {
2468 uint8* ma;
2469 double* mb;
2470 uint32 n;
2471 ma=(uint8*)origdata;
2472 mb=data;
2473 for (n=0; n<count; n++)
2474 *mb++=(double)(*ma++);
2475 }
2476 break;
2477 case TIFF_SBYTE:
2478 {
2479 int8* ma;
2480 double* mb;
2481 uint32 n;
2482 ma=(int8*)origdata;
2483 mb=data;
2484 for (n=0; n<count; n++)
2485 *mb++=(double)(*ma++);
2486 }
2487 break;
2488 case TIFF_SHORT:
2489 {
2490 uint16* ma;
2491 double* mb;
2492 uint32 n;
2493 ma=(uint16*)origdata;
2494 mb=data;
2495 for (n=0; n<count; n++)
2496 {
2497 if (tif->tif_flags&TIFF_SWAB)
2498 TIFFSwabShort(ma);
2499 *mb++=(double)(*ma++);
2500 }
2501 }
2502 break;
2503 case TIFF_SSHORT:
2504 {
2505 int16* ma;
2506 double* mb;
2507 uint32 n;
2508 ma=(int16*)origdata;
2509 mb=data;
2510 for (n=0; n<count; n++)
2511 {
2512 if (tif->tif_flags&TIFF_SWAB)
2513 TIFFSwabShort((uint16*)ma);
2514 *mb++=(double)(*ma++);
2515 }
2516 }
2517 break;
2518 case TIFF_LONG:
2519 {
2520 uint32* ma;
2521 double* mb;
2522 uint32 n;
2523 ma=(uint32*)origdata;
2524 mb=data;
2525 for (n=0; n<count; n++)
2526 {
2527 if (tif->tif_flags&TIFF_SWAB)
2528 TIFFSwabLong(ma);
2529 *mb++=(double)(*ma++);
2530 }
2531 }
2532 break;
2533 case TIFF_SLONG:
2534 {
2535 int32* ma;
2536 double* mb;
2537 uint32 n;
2538 ma=(int32*)origdata;
2539 mb=data;
2540 for (n=0; n<count; n++)
2541 {
2542 if (tif->tif_flags&TIFF_SWAB)
2543 TIFFSwabLong((uint32*)ma);
2544 *mb++=(double)(*ma++);
2545 }
2546 }
2547 break;
2548 case TIFF_LONG8:
2549 {
2550 uint64* ma;
2551 double* mb;
2552 uint32 n;
2553 ma=(uint64*)origdata;
2554 mb=data;
2555 for (n=0; n<count; n++)
2556 {
2557 if (tif->tif_flags&TIFF_SWAB)
2558 TIFFSwabLong8(ma);
2559 #if defined(__WIN32__) && (_MSC_VER < 1500)
2560 /*
2561 * XXX: MSVC 6.0 does not support
2562 * conversion of 64-bit integers into
2563 * floating point values.
2564 */
2565 *mb++ = _TIFFUInt64ToDouble(*ma++);
2566 #else
2567 *mb++ = (double)(*ma++);
2568 #endif
2569 }
2570 }
2571 break;
2572 case TIFF_SLONG8:
2573 {
2574 int64* ma;
2575 double* mb;
2576 uint32 n;
2577 ma=(int64*)origdata;
2578 mb=data;
2579 for (n=0; n<count; n++)
2580 {
2581 if (tif->tif_flags&TIFF_SWAB)
2582 TIFFSwabLong8((uint64*)ma);
2583 *mb++=(double)(*ma++);
2584 }
2585 }
2586 break;
2587 case TIFF_RATIONAL:
2588 {
2589 uint32* ma;
2590 uint32 maa;
2591 uint32 mab;
2592 double* mb;
2593 uint32 n;
2594 ma=(uint32*)origdata;
2595 mb=data;
2596 for (n=0; n<count; n++)
2597 {
2598 if (tif->tif_flags&TIFF_SWAB)
2599 TIFFSwabLong(ma);
2600 maa=*ma++;
2601 if (tif->tif_flags&TIFF_SWAB)
2602 TIFFSwabLong(ma);
2603 mab=*ma++;
2604 if (mab==0)
2605 *mb++=0.0;
2606 else
2607 *mb++=(double)maa/(double)mab;
2608 }
2609 }
2610 break;
2611 case TIFF_SRATIONAL:
2612 {
2613 uint32* ma;
2614 int32 maa;
2615 uint32 mab;
2616 double* mb;
2617 uint32 n;
2618 ma=(uint32*)origdata;
2619 mb=data;
2620 for (n=0; n<count; n++)
2621 {
2622 if (tif->tif_flags&TIFF_SWAB)
2623 TIFFSwabLong(ma);
2624 maa=*(int32*)ma;
2625 ma++;
2626 if (tif->tif_flags&TIFF_SWAB)
2627 TIFFSwabLong(ma);
2628 mab=*ma++;
2629 if (mab==0)
2630 *mb++=0.0;
2631 else
2632 *mb++=(double)maa/(double)mab;
2633 }
2634 }
2635 break;
2636 case TIFF_FLOAT:
2637 {
2638 float* ma;
2639 double* mb;
2640 uint32 n;
2641 if (tif->tif_flags&TIFF_SWAB)
2642 TIFFSwabArrayOfLong((uint32*)origdata,count);
2643 TIFFCvtIEEEFloatToNative(tif,count,(float*)origdata);
2644 ma=(float*)origdata;
2645 mb=data;
2646 for (n=0; n<count; n++)
2647 *mb++=(double)(*ma++);
2648 }
2649 break;
2650 }
2651 _TIFFfree(origdata);
2652 *value=data;
2653 return(TIFFReadDirEntryErrOk);
2654 }
2655
TIFFReadDirEntryIfd8Array(TIFF * tif,TIFFDirEntry * direntry,uint64 ** value)2656 static enum TIFFReadDirEntryErr TIFFReadDirEntryIfd8Array(TIFF* tif, TIFFDirEntry* direntry, uint64** value)
2657 {
2658 enum TIFFReadDirEntryErr err;
2659 uint32 count;
2660 void* origdata;
2661 uint64* data;
2662 switch (direntry->tdir_type)
2663 {
2664 case TIFF_LONG:
2665 case TIFF_LONG8:
2666 case TIFF_IFD:
2667 case TIFF_IFD8:
2668 break;
2669 default:
2670 return(TIFFReadDirEntryErrType);
2671 }
2672 err=TIFFReadDirEntryArray(tif,direntry,&count,8,&origdata);
2673 if ((err!=TIFFReadDirEntryErrOk)||(origdata==0))
2674 {
2675 *value=0;
2676 return(err);
2677 }
2678 switch (direntry->tdir_type)
2679 {
2680 case TIFF_LONG8:
2681 case TIFF_IFD8:
2682 *value=(uint64*)origdata;
2683 if (tif->tif_flags&TIFF_SWAB)
2684 TIFFSwabArrayOfLong8(*value,count);
2685 return(TIFFReadDirEntryErrOk);
2686 }
2687 data=(uint64*)_TIFFmalloc(count*8);
2688 if (data==0)
2689 {
2690 _TIFFfree(origdata);
2691 return(TIFFReadDirEntryErrAlloc);
2692 }
2693 switch (direntry->tdir_type)
2694 {
2695 case TIFF_LONG:
2696 case TIFF_IFD:
2697 {
2698 uint32* ma;
2699 uint64* mb;
2700 uint32 n;
2701 ma=(uint32*)origdata;
2702 mb=data;
2703 for (n=0; n<count; n++)
2704 {
2705 if (tif->tif_flags&TIFF_SWAB)
2706 TIFFSwabLong(ma);
2707 *mb++=(uint64)(*ma++);
2708 }
2709 }
2710 break;
2711 }
2712 _TIFFfree(origdata);
2713 *value=data;
2714 return(TIFFReadDirEntryErrOk);
2715 }
2716
TIFFReadDirEntryPersampleShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2717 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2718 {
2719 enum TIFFReadDirEntryErr err;
2720 uint16* m;
2721 uint16* na;
2722 uint16 nb;
2723 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2724 return(TIFFReadDirEntryErrCount);
2725 err=TIFFReadDirEntryShortArray(tif,direntry,&m);
2726 if (err!=TIFFReadDirEntryErrOk)
2727 return(err);
2728 na=m;
2729 nb=tif->tif_dir.td_samplesperpixel;
2730 *value=*na++;
2731 nb--;
2732 while (nb>0)
2733 {
2734 if (*na++!=*value)
2735 {
2736 err=TIFFReadDirEntryErrPsdif;
2737 break;
2738 }
2739 nb--;
2740 }
2741 _TIFFfree(m);
2742 return(err);
2743 }
2744
2745 #if 0
2746 static enum TIFFReadDirEntryErr TIFFReadDirEntryPersampleDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2747 {
2748 enum TIFFReadDirEntryErr err;
2749 double* m;
2750 double* na;
2751 uint16 nb;
2752 if (direntry->tdir_count<(uint64)tif->tif_dir.td_samplesperpixel)
2753 return(TIFFReadDirEntryErrCount);
2754 err=TIFFReadDirEntryDoubleArray(tif,direntry,&m);
2755 if (err!=TIFFReadDirEntryErrOk)
2756 return(err);
2757 na=m;
2758 nb=tif->tif_dir.td_samplesperpixel;
2759 *value=*na++;
2760 nb--;
2761 while (nb>0)
2762 {
2763 if (*na++!=*value)
2764 {
2765 err=TIFFReadDirEntryErrPsdif;
2766 break;
2767 }
2768 nb--;
2769 }
2770 _TIFFfree(m);
2771 return(err);
2772 }
2773 #endif
2774
TIFFReadDirEntryCheckedByte(TIFF * tif,TIFFDirEntry * direntry,uint8 * value)2775 static void TIFFReadDirEntryCheckedByte(TIFF* tif, TIFFDirEntry* direntry, uint8* value)
2776 {
2777 (void) tif;
2778 *value=*(uint8*)(&direntry->tdir_offset);
2779 }
2780
TIFFReadDirEntryCheckedSbyte(TIFF * tif,TIFFDirEntry * direntry,int8 * value)2781 static void TIFFReadDirEntryCheckedSbyte(TIFF* tif, TIFFDirEntry* direntry, int8* value)
2782 {
2783 (void) tif;
2784 *value=*(int8*)(&direntry->tdir_offset);
2785 }
2786
TIFFReadDirEntryCheckedShort(TIFF * tif,TIFFDirEntry * direntry,uint16 * value)2787 static void TIFFReadDirEntryCheckedShort(TIFF* tif, TIFFDirEntry* direntry, uint16* value)
2788 {
2789 *value = direntry->tdir_offset.toff_short;
2790 /* *value=*(uint16*)(&direntry->tdir_offset); */
2791 if (tif->tif_flags&TIFF_SWAB)
2792 TIFFSwabShort(value);
2793 }
2794
TIFFReadDirEntryCheckedSshort(TIFF * tif,TIFFDirEntry * direntry,int16 * value)2795 static void TIFFReadDirEntryCheckedSshort(TIFF* tif, TIFFDirEntry* direntry, int16* value)
2796 {
2797 *value=*(int16*)(&direntry->tdir_offset);
2798 if (tif->tif_flags&TIFF_SWAB)
2799 TIFFSwabShort((uint16*)value);
2800 }
2801
TIFFReadDirEntryCheckedLong(TIFF * tif,TIFFDirEntry * direntry,uint32 * value)2802 static void TIFFReadDirEntryCheckedLong(TIFF* tif, TIFFDirEntry* direntry, uint32* value)
2803 {
2804 *value=*(uint32*)(&direntry->tdir_offset);
2805 if (tif->tif_flags&TIFF_SWAB)
2806 TIFFSwabLong(value);
2807 }
2808
TIFFReadDirEntryCheckedSlong(TIFF * tif,TIFFDirEntry * direntry,int32 * value)2809 static void TIFFReadDirEntryCheckedSlong(TIFF* tif, TIFFDirEntry* direntry, int32* value)
2810 {
2811 *value=*(int32*)(&direntry->tdir_offset);
2812 if (tif->tif_flags&TIFF_SWAB)
2813 TIFFSwabLong((uint32*)value);
2814 }
2815
TIFFReadDirEntryCheckedLong8(TIFF * tif,TIFFDirEntry * direntry,uint64 * value)2816 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedLong8(TIFF* tif, TIFFDirEntry* direntry, uint64* value)
2817 {
2818 if (!(tif->tif_flags&TIFF_BIGTIFF))
2819 {
2820 enum TIFFReadDirEntryErr err;
2821 uint32 offset = direntry->tdir_offset.toff_long;
2822 if (tif->tif_flags&TIFF_SWAB)
2823 TIFFSwabLong(&offset);
2824 err=TIFFReadDirEntryData(tif,offset,8,value);
2825 if (err!=TIFFReadDirEntryErrOk)
2826 return(err);
2827 }
2828 else
2829 *value = direntry->tdir_offset.toff_long8;
2830 if (tif->tif_flags&TIFF_SWAB)
2831 TIFFSwabLong8(value);
2832 return(TIFFReadDirEntryErrOk);
2833 }
2834
TIFFReadDirEntryCheckedSlong8(TIFF * tif,TIFFDirEntry * direntry,int64 * value)2835 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSlong8(TIFF* tif, TIFFDirEntry* direntry, int64* value)
2836 {
2837 if (!(tif->tif_flags&TIFF_BIGTIFF))
2838 {
2839 enum TIFFReadDirEntryErr err;
2840 uint32 offset = direntry->tdir_offset.toff_long;
2841 if (tif->tif_flags&TIFF_SWAB)
2842 TIFFSwabLong(&offset);
2843 err=TIFFReadDirEntryData(tif,offset,8,value);
2844 if (err!=TIFFReadDirEntryErrOk)
2845 return(err);
2846 }
2847 else
2848 *value=*(int64*)(&direntry->tdir_offset);
2849 if (tif->tif_flags&TIFF_SWAB)
2850 TIFFSwabLong8((uint64*)value);
2851 return(TIFFReadDirEntryErrOk);
2852 }
2853
TIFFReadDirEntryCheckedRational(TIFF * tif,TIFFDirEntry * direntry,double * value)2854 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2855 {
2856 UInt64Aligned_t m;
2857
2858 assert(sizeof(double)==8);
2859 assert(sizeof(uint64)==8);
2860 assert(sizeof(uint32)==4);
2861 if (!(tif->tif_flags&TIFF_BIGTIFF))
2862 {
2863 enum TIFFReadDirEntryErr err;
2864 uint32 offset = direntry->tdir_offset.toff_long;
2865 if (tif->tif_flags&TIFF_SWAB)
2866 TIFFSwabLong(&offset);
2867 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2868 if (err!=TIFFReadDirEntryErrOk)
2869 return(err);
2870 }
2871 else
2872 m.l = direntry->tdir_offset.toff_long8;
2873 if (tif->tif_flags&TIFF_SWAB)
2874 TIFFSwabArrayOfLong(m.i,2);
2875 if (m.i[0]==0)
2876 *value=0.0;
2877 else
2878 *value=(double)m.i[0]/(double)m.i[1];
2879 return(TIFFReadDirEntryErrOk);
2880 }
2881
TIFFReadDirEntryCheckedSrational(TIFF * tif,TIFFDirEntry * direntry,double * value)2882 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFFDirEntry* direntry, double* value)
2883 {
2884 UInt64Aligned_t m;
2885 assert(sizeof(double)==8);
2886 assert(sizeof(uint64)==8);
2887 assert(sizeof(int32)==4);
2888 assert(sizeof(uint32)==4);
2889 if (!(tif->tif_flags&TIFF_BIGTIFF))
2890 {
2891 enum TIFFReadDirEntryErr err;
2892 uint32 offset = direntry->tdir_offset.toff_long;
2893 if (tif->tif_flags&TIFF_SWAB)
2894 TIFFSwabLong(&offset);
2895 err=TIFFReadDirEntryData(tif,offset,8,m.i);
2896 if (err!=TIFFReadDirEntryErrOk)
2897 return(err);
2898 }
2899 else
2900 m.l=direntry->tdir_offset.toff_long8;
2901 if (tif->tif_flags&TIFF_SWAB)
2902 TIFFSwabArrayOfLong(m.i,2);
2903 if ((int32)m.i[0]==0)
2904 *value=0.0;
2905 else
2906 *value=(double)((int32)m.i[0])/(double)m.i[1];
2907 return(TIFFReadDirEntryErrOk);
2908 }
2909
TIFFReadDirEntryCheckedFloat(TIFF * tif,TIFFDirEntry * direntry,float * value)2910 static void TIFFReadDirEntryCheckedFloat(TIFF* tif, TIFFDirEntry* direntry, float* value)
2911 {
2912 union
2913 {
2914 float f;
2915 uint32 i;
2916 } float_union;
2917 assert(sizeof(float)==4);
2918 assert(sizeof(uint32)==4);
2919 assert(sizeof(float_union)==4);
2920 float_union.i=*(uint32*)(&direntry->tdir_offset);
2921 *value=float_union.f;
2922 if (tif->tif_flags&TIFF_SWAB)
2923 TIFFSwabLong((uint32*)value);
2924 }
2925
TIFFReadDirEntryCheckedDouble(TIFF * tif,TIFFDirEntry * direntry,double * value)2926 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedDouble(TIFF* tif, TIFFDirEntry* direntry, double* value)
2927 {
2928 assert(sizeof(double)==8);
2929 assert(sizeof(uint64)==8);
2930 assert(sizeof(UInt64Aligned_t)==8);
2931 if (!(tif->tif_flags&TIFF_BIGTIFF))
2932 {
2933 enum TIFFReadDirEntryErr err;
2934 uint32 offset = direntry->tdir_offset.toff_long;
2935 if (tif->tif_flags&TIFF_SWAB)
2936 TIFFSwabLong(&offset);
2937 err=TIFFReadDirEntryData(tif,offset,8,value);
2938 if (err!=TIFFReadDirEntryErrOk)
2939 return(err);
2940 }
2941 else
2942 {
2943 UInt64Aligned_t uint64_union;
2944 uint64_union.l=direntry->tdir_offset.toff_long8;
2945 *value=uint64_union.d;
2946 }
2947 if (tif->tif_flags&TIFF_SWAB)
2948 TIFFSwabLong8((uint64*)value);
2949 return(TIFFReadDirEntryErrOk);
2950 }
2951
TIFFReadDirEntryCheckRangeByteSbyte(int8 value)2952 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSbyte(int8 value)
2953 {
2954 if (value<0)
2955 return(TIFFReadDirEntryErrRange);
2956 else
2957 return(TIFFReadDirEntryErrOk);
2958 }
2959
TIFFReadDirEntryCheckRangeByteShort(uint16 value)2960 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteShort(uint16 value)
2961 {
2962 if (value>0xFF)
2963 return(TIFFReadDirEntryErrRange);
2964 else
2965 return(TIFFReadDirEntryErrOk);
2966 }
2967
TIFFReadDirEntryCheckRangeByteSshort(int16 value)2968 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSshort(int16 value)
2969 {
2970 if ((value<0)||(value>0xFF))
2971 return(TIFFReadDirEntryErrRange);
2972 else
2973 return(TIFFReadDirEntryErrOk);
2974 }
2975
TIFFReadDirEntryCheckRangeByteLong(uint32 value)2976 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong(uint32 value)
2977 {
2978 if (value>0xFF)
2979 return(TIFFReadDirEntryErrRange);
2980 else
2981 return(TIFFReadDirEntryErrOk);
2982 }
2983
TIFFReadDirEntryCheckRangeByteSlong(int32 value)2984 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong(int32 value)
2985 {
2986 if ((value<0)||(value>0xFF))
2987 return(TIFFReadDirEntryErrRange);
2988 else
2989 return(TIFFReadDirEntryErrOk);
2990 }
2991
TIFFReadDirEntryCheckRangeByteLong8(uint64 value)2992 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteLong8(uint64 value)
2993 {
2994 if (value>0xFF)
2995 return(TIFFReadDirEntryErrRange);
2996 else
2997 return(TIFFReadDirEntryErrOk);
2998 }
2999
TIFFReadDirEntryCheckRangeByteSlong8(int64 value)3000 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeByteSlong8(int64 value)
3001 {
3002 if ((value<0)||(value>0xFF))
3003 return(TIFFReadDirEntryErrRange);
3004 else
3005 return(TIFFReadDirEntryErrOk);
3006 }
3007
TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)3008 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteByte(uint8 value)
3009 {
3010 if (value>0x7F)
3011 return(TIFFReadDirEntryErrRange);
3012 else
3013 return(TIFFReadDirEntryErrOk);
3014 }
3015
TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)3016 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteShort(uint16 value)
3017 {
3018 if (value>0x7F)
3019 return(TIFFReadDirEntryErrRange);
3020 else
3021 return(TIFFReadDirEntryErrOk);
3022 }
3023
TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)3024 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSshort(int16 value)
3025 {
3026 if ((value<-0x80)||(value>0x7F))
3027 return(TIFFReadDirEntryErrRange);
3028 else
3029 return(TIFFReadDirEntryErrOk);
3030 }
3031
TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)3032 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong(uint32 value)
3033 {
3034 if (value>0x7F)
3035 return(TIFFReadDirEntryErrRange);
3036 else
3037 return(TIFFReadDirEntryErrOk);
3038 }
3039
TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)3040 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong(int32 value)
3041 {
3042 if ((value<-0x80)||(value>0x7F))
3043 return(TIFFReadDirEntryErrRange);
3044 else
3045 return(TIFFReadDirEntryErrOk);
3046 }
3047
TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)3048 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteLong8(uint64 value)
3049 {
3050 if (value>0x7F)
3051 return(TIFFReadDirEntryErrRange);
3052 else
3053 return(TIFFReadDirEntryErrOk);
3054 }
3055
TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)3056 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSbyteSlong8(int64 value)
3057 {
3058 if ((value<-0x80)||(value>0x7F))
3059 return(TIFFReadDirEntryErrRange);
3060 else
3061 return(TIFFReadDirEntryErrOk);
3062 }
3063
TIFFReadDirEntryCheckRangeShortSbyte(int8 value)3064 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSbyte(int8 value)
3065 {
3066 if (value<0)
3067 return(TIFFReadDirEntryErrRange);
3068 else
3069 return(TIFFReadDirEntryErrOk);
3070 }
3071
TIFFReadDirEntryCheckRangeShortSshort(int16 value)3072 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSshort(int16 value)
3073 {
3074 if (value<0)
3075 return(TIFFReadDirEntryErrRange);
3076 else
3077 return(TIFFReadDirEntryErrOk);
3078 }
3079
TIFFReadDirEntryCheckRangeShortLong(uint32 value)3080 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong(uint32 value)
3081 {
3082 if (value>0xFFFF)
3083 return(TIFFReadDirEntryErrRange);
3084 else
3085 return(TIFFReadDirEntryErrOk);
3086 }
3087
TIFFReadDirEntryCheckRangeShortSlong(int32 value)3088 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong(int32 value)
3089 {
3090 if ((value<0)||(value>0xFFFF))
3091 return(TIFFReadDirEntryErrRange);
3092 else
3093 return(TIFFReadDirEntryErrOk);
3094 }
3095
TIFFReadDirEntryCheckRangeShortLong8(uint64 value)3096 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortLong8(uint64 value)
3097 {
3098 if (value>0xFFFF)
3099 return(TIFFReadDirEntryErrRange);
3100 else
3101 return(TIFFReadDirEntryErrOk);
3102 }
3103
TIFFReadDirEntryCheckRangeShortSlong8(int64 value)3104 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeShortSlong8(int64 value)
3105 {
3106 if ((value<0)||(value>0xFFFF))
3107 return(TIFFReadDirEntryErrRange);
3108 else
3109 return(TIFFReadDirEntryErrOk);
3110 }
3111
TIFFReadDirEntryCheckRangeSshortShort(uint16 value)3112 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortShort(uint16 value)
3113 {
3114 if (value>0x7FFF)
3115 return(TIFFReadDirEntryErrRange);
3116 else
3117 return(TIFFReadDirEntryErrOk);
3118 }
3119
TIFFReadDirEntryCheckRangeSshortLong(uint32 value)3120 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong(uint32 value)
3121 {
3122 if (value>0x7FFF)
3123 return(TIFFReadDirEntryErrRange);
3124 else
3125 return(TIFFReadDirEntryErrOk);
3126 }
3127
TIFFReadDirEntryCheckRangeSshortSlong(int32 value)3128 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong(int32 value)
3129 {
3130 if ((value<-0x8000)||(value>0x7FFF))
3131 return(TIFFReadDirEntryErrRange);
3132 else
3133 return(TIFFReadDirEntryErrOk);
3134 }
3135
TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)3136 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortLong8(uint64 value)
3137 {
3138 if (value>0x7FFF)
3139 return(TIFFReadDirEntryErrRange);
3140 else
3141 return(TIFFReadDirEntryErrOk);
3142 }
3143
TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)3144 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeSshortSlong8(int64 value)
3145 {
3146 if ((value<-0x8000)||(value>0x7FFF))
3147 return(TIFFReadDirEntryErrRange);
3148 else
3149 return(TIFFReadDirEntryErrOk);
3150 }
3151
TIFFReadDirEntryCheckRangeLongSbyte(int8 value)3152 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSbyte(int8 value)
3153 {
3154 if (value<0)
3155 return(TIFFReadDirEntryErrRange);
3156 else
3157 return(TIFFReadDirEntryErrOk);
3158 }
3159
TIFFReadDirEntryCheckRangeLongSshort(int16 value)3160 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSshort(int16 value)
3161 {
3162 if (value<0)
3163 return(TIFFReadDirEntryErrRange);
3164 else
3165 return(TIFFReadDirEntryErrOk);
3166 }
3167
TIFFReadDirEntryCheckRangeLongSlong(int32 value)3168 static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckRangeLongSlong(int32 value)
3169 {
3170 if (value<0)
3171 return(TIFFReadDirEntryErrRange);
3172 else
3173 return(TIFFReadDirEntryErrOk);
3174 }
3175
3176 /*
3177 * Largest 32-bit unsigned integer value.
3178 */
3179 #define TIFF_UINT32_MAX 0xFFFFFFFFU
3180
3181 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongLong8(uint64 value)3182 TIFFReadDirEntryCheckRangeLongLong8(uint64 value)
3183 {
3184 if (value > TIFF_UINT32_MAX)
3185 return(TIFFReadDirEntryErrRange);
3186 else
3187 return(TIFFReadDirEntryErrOk);
3188 }
3189
3190 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLongSlong8(int64 value)3191 TIFFReadDirEntryCheckRangeLongSlong8(int64 value)
3192 {
3193 if ((value < 0) || (value > (int64) TIFF_UINT32_MAX))
3194 return(TIFFReadDirEntryErrRange);
3195 else
3196 return(TIFFReadDirEntryErrOk);
3197 }
3198
3199 #undef TIFF_UINT32_MAX
3200
3201 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong(uint32 value)3202 TIFFReadDirEntryCheckRangeSlongLong(uint32 value)
3203 {
3204 if (value > 0x7FFFFFFFUL)
3205 return(TIFFReadDirEntryErrRange);
3206 else
3207 return(TIFFReadDirEntryErrOk);
3208 }
3209
3210 /* Check that the 8-byte unsigned value can fit in a 4-byte unsigned range */
3211 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)3212 TIFFReadDirEntryCheckRangeSlongLong8(uint64 value)
3213 {
3214 if (value > 0x7FFFFFFF)
3215 return(TIFFReadDirEntryErrRange);
3216 else
3217 return(TIFFReadDirEntryErrOk);
3218 }
3219
3220 /* Check that the 8-byte signed value can fit in a 4-byte signed range */
3221 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)3222 TIFFReadDirEntryCheckRangeSlongSlong8(int64 value)
3223 {
3224 if ((value < 0-((int64) 0x7FFFFFFF+1)) || (value > 0x7FFFFFFF))
3225 return(TIFFReadDirEntryErrRange);
3226 else
3227 return(TIFFReadDirEntryErrOk);
3228 }
3229
3230 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)3231 TIFFReadDirEntryCheckRangeLong8Sbyte(int8 value)
3232 {
3233 if (value < 0)
3234 return(TIFFReadDirEntryErrRange);
3235 else
3236 return(TIFFReadDirEntryErrOk);
3237 }
3238
3239 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)3240 TIFFReadDirEntryCheckRangeLong8Sshort(int16 value)
3241 {
3242 if (value < 0)
3243 return(TIFFReadDirEntryErrRange);
3244 else
3245 return(TIFFReadDirEntryErrOk);
3246 }
3247
3248 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong(int32 value)3249 TIFFReadDirEntryCheckRangeLong8Slong(int32 value)
3250 {
3251 if (value < 0)
3252 return(TIFFReadDirEntryErrRange);
3253 else
3254 return(TIFFReadDirEntryErrOk);
3255 }
3256
3257 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)3258 TIFFReadDirEntryCheckRangeLong8Slong8(int64 value)
3259 {
3260 if (value < 0)
3261 return(TIFFReadDirEntryErrRange);
3262 else
3263 return(TIFFReadDirEntryErrOk);
3264 }
3265
3266 /*
3267 * Largest 64-bit signed integer value.
3268 */
3269 #define TIFF_INT64_MAX ((int64)(((uint64) ~0) >> 1))
3270
3271 static enum TIFFReadDirEntryErr
TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)3272 TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value)
3273 {
3274 if (value > TIFF_INT64_MAX)
3275 return(TIFFReadDirEntryErrRange);
3276 else
3277 return(TIFFReadDirEntryErrOk);
3278 }
3279
3280 #undef TIFF_INT64_MAX
3281
3282 static enum TIFFReadDirEntryErr
TIFFReadDirEntryData(TIFF * tif,uint64 offset,tmsize_t size,void * dest)3283 TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest)
3284 {
3285 assert(size>0);
3286 if (!isMapped(tif)) {
3287 if (!SeekOK(tif,offset))
3288 return(TIFFReadDirEntryErrIo);
3289 if (!ReadOK(tif,dest,size))
3290 return(TIFFReadDirEntryErrIo);
3291 } else {
3292 size_t ma,mb;
3293 ma=(size_t)offset;
3294 mb=ma+size;
3295 if (((uint64)ma!=offset)
3296 || (mb < ma)
3297 || (mb - ma != (size_t) size)
3298 || (mb < (size_t)size)
3299 || (mb > (size_t)tif->tif_size)
3300 )
3301 return(TIFFReadDirEntryErrIo);
3302 _TIFFmemcpy(dest,tif->tif_base+ma,size);
3303 }
3304 return(TIFFReadDirEntryErrOk);
3305 }
3306
TIFFReadDirEntryOutputErr(TIFF * tif,enum TIFFReadDirEntryErr err,const char * module,const char * tagname,int recover)3307 static void TIFFReadDirEntryOutputErr(TIFF* tif, enum TIFFReadDirEntryErr err, const char* module, const char* tagname, int recover)
3308 {
3309 if (!recover) {
3310 switch (err) {
3311 case TIFFReadDirEntryErrCount:
3312 TIFFErrorExt(tif->tif_clientdata, module,
3313 "Incorrect count for \"%s\"",
3314 tagname);
3315 break;
3316 case TIFFReadDirEntryErrType:
3317 TIFFErrorExt(tif->tif_clientdata, module,
3318 "Incompatible type for \"%s\"",
3319 tagname);
3320 break;
3321 case TIFFReadDirEntryErrIo:
3322 TIFFErrorExt(tif->tif_clientdata, module,
3323 "IO error during reading of \"%s\"",
3324 tagname);
3325 break;
3326 case TIFFReadDirEntryErrRange:
3327 TIFFErrorExt(tif->tif_clientdata, module,
3328 "Incorrect value for \"%s\"",
3329 tagname);
3330 break;
3331 case TIFFReadDirEntryErrPsdif:
3332 TIFFErrorExt(tif->tif_clientdata, module,
3333 "Cannot handle different values per sample for \"%s\"",
3334 tagname);
3335 break;
3336 case TIFFReadDirEntryErrSizesan:
3337 TIFFErrorExt(tif->tif_clientdata, module,
3338 "Sanity check on size of \"%s\" value failed",
3339 tagname);
3340 break;
3341 case TIFFReadDirEntryErrAlloc:
3342 TIFFErrorExt(tif->tif_clientdata, module,
3343 "Out of memory reading of \"%s\"",
3344 tagname);
3345 break;
3346 default:
3347 assert(0); /* we should never get here */
3348 break;
3349 }
3350 } else {
3351 switch (err) {
3352 case TIFFReadDirEntryErrCount:
3353 TIFFWarningExt(tif->tif_clientdata, module,
3354 "Incorrect count for \"%s\"; tag ignored",
3355 tagname);
3356 break;
3357 case TIFFReadDirEntryErrType:
3358 TIFFWarningExt(tif->tif_clientdata, module,
3359 "Incompatible type for \"%s\"; tag ignored",
3360 tagname);
3361 break;
3362 case TIFFReadDirEntryErrIo:
3363 TIFFWarningExt(tif->tif_clientdata, module,
3364 "IO error during reading of \"%s\"; tag ignored",
3365 tagname);
3366 break;
3367 case TIFFReadDirEntryErrRange:
3368 TIFFWarningExt(tif->tif_clientdata, module,
3369 "Incorrect value for \"%s\"; tag ignored",
3370 tagname);
3371 break;
3372 case TIFFReadDirEntryErrPsdif:
3373 TIFFWarningExt(tif->tif_clientdata, module,
3374 "Cannot handle different values per sample for \"%s\"; tag ignored",
3375 tagname);
3376 break;
3377 case TIFFReadDirEntryErrSizesan:
3378 TIFFWarningExt(tif->tif_clientdata, module,
3379 "Sanity check on size of \"%s\" value failed; tag ignored",
3380 tagname);
3381 break;
3382 case TIFFReadDirEntryErrAlloc:
3383 TIFFWarningExt(tif->tif_clientdata, module,
3384 "Out of memory reading of \"%s\"; tag ignored",
3385 tagname);
3386 break;
3387 default:
3388 assert(0); /* we should never get here */
3389 break;
3390 }
3391 }
3392 }
3393
3394 /*
3395 * Read the next TIFF directory from a file and convert it to the internal
3396 * format. We read directories sequentially.
3397 */
3398 int
TIFFReadDirectory(TIFF * tif)3399 TIFFReadDirectory(TIFF* tif)
3400 {
3401 static const char module[] = "TIFFReadDirectory";
3402 TIFFDirEntry* dir;
3403 uint16 dircount;
3404 TIFFDirEntry* dp;
3405 uint16 di;
3406 const TIFFField* fip;
3407 uint32 fii=FAILED_FII;
3408 toff_t nextdiroff;
3409 int bitspersample_read = FALSE;
3410
3411 tif->tif_diroff=tif->tif_nextdiroff;
3412 if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff))
3413 return 0; /* last offset or bad offset (IFD looping) */
3414 (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */
3415 tif->tif_curdir++;
3416 nextdiroff = tif->tif_nextdiroff;
3417 dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff);
3418 if (!dircount)
3419 {
3420 TIFFErrorExt(tif->tif_clientdata,module,
3421 "Failed to read directory at offset " TIFF_UINT64_FORMAT,nextdiroff);
3422 return 0;
3423 }
3424 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
3425
3426 /*
3427 * Mark duplicates of any tag to be ignored (bugzilla 1994)
3428 * to avoid certain pathological problems.
3429 */
3430 {
3431 TIFFDirEntry* ma;
3432 uint16 mb;
3433 for (ma=dir, mb=0; mb<dircount; ma++, mb++)
3434 {
3435 TIFFDirEntry* na;
3436 uint16 nb;
3437 for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++)
3438 {
3439 if (ma->tdir_tag==na->tdir_tag)
3440 na->tdir_tag=IGNORE;
3441 }
3442 }
3443 }
3444
3445 tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */
3446 tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */
3447 /* free any old stuff and reinit */
3448 TIFFFreeDirectory(tif);
3449 TIFFDefaultDirectory(tif);
3450 /*
3451 * Electronic Arts writes gray-scale TIFF files
3452 * without a PlanarConfiguration directory entry.
3453 * Thus we setup a default value here, even though
3454 * the TIFF spec says there is no default value.
3455 */
3456 TIFFSetField(tif,TIFFTAG_PLANARCONFIG,PLANARCONFIG_CONTIG);
3457 /*
3458 * Setup default value and then make a pass over
3459 * the fields to check type and tag information,
3460 * and to extract info required to size data
3461 * structures. A second pass is made afterwards
3462 * to read in everything not taken in the first pass.
3463 * But we must process the Compression tag first
3464 * in order to merge in codec-private tag definitions (otherwise
3465 * we may get complaints about unknown tags). However, the
3466 * Compression tag may be dependent on the SamplesPerPixel
3467 * tag value because older TIFF specs permitted Compression
3468 * to be written as a SamplesPerPixel-count tag entry.
3469 * Thus if we don't first figure out the correct SamplesPerPixel
3470 * tag value then we may end up ignoring the Compression tag
3471 * value because it has an incorrect count value (if the
3472 * true value of SamplesPerPixel is not 1).
3473 */
3474 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_SAMPLESPERPIXEL);
3475 if (dp)
3476 {
3477 if (!TIFFFetchNormalTag(tif,dp,0))
3478 goto bad;
3479 dp->tdir_tag=IGNORE;
3480 }
3481 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION);
3482 if (dp)
3483 {
3484 /*
3485 * The 5.0 spec says the Compression tag has one value, while
3486 * earlier specs say it has one value per sample. Because of
3487 * this, we accept the tag if one value is supplied with either
3488 * count.
3489 */
3490 uint16 value;
3491 enum TIFFReadDirEntryErr err;
3492 err=TIFFReadDirEntryShort(tif,dp,&value);
3493 if (err==TIFFReadDirEntryErrCount)
3494 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3495 if (err!=TIFFReadDirEntryErrOk)
3496 {
3497 TIFFReadDirEntryOutputErr(tif,err,module,"Compression",0);
3498 goto bad;
3499 }
3500 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value))
3501 goto bad;
3502 dp->tdir_tag=IGNORE;
3503 }
3504 else
3505 {
3506 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,COMPRESSION_NONE))
3507 goto bad;
3508 }
3509 /*
3510 * First real pass over the directory.
3511 */
3512 for (di=0, dp=dir; di<dircount; di++, dp++)
3513 {
3514 if (dp->tdir_tag!=IGNORE)
3515 {
3516 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3517 if (fii == FAILED_FII)
3518 {
3519 TIFFWarningExt(tif->tif_clientdata, module,
3520 "Unknown field with tag %d (0x%x) encountered",
3521 dp->tdir_tag,dp->tdir_tag);
3522 /* the following knowingly leaks the
3523 anonymous field structure */
3524 if (!_TIFFMergeFields(tif,
3525 _TIFFCreateAnonField(tif,
3526 dp->tdir_tag,
3527 (TIFFDataType) dp->tdir_type),
3528 1)) {
3529 TIFFWarningExt(tif->tif_clientdata,
3530 module,
3531 "Registering anonymous field with tag %d (0x%x) failed",
3532 dp->tdir_tag,
3533 dp->tdir_tag);
3534 dp->tdir_tag=IGNORE;
3535 } else {
3536 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
3537 assert(fii != FAILED_FII);
3538 }
3539 }
3540 }
3541 if (dp->tdir_tag!=IGNORE)
3542 {
3543 fip=tif->tif_fields[fii];
3544 if (fip->field_bit==FIELD_IGNORE)
3545 dp->tdir_tag=IGNORE;
3546 else
3547 {
3548 switch (dp->tdir_tag)
3549 {
3550 case TIFFTAG_STRIPOFFSETS:
3551 case TIFFTAG_STRIPBYTECOUNTS:
3552 case TIFFTAG_TILEOFFSETS:
3553 case TIFFTAG_TILEBYTECOUNTS:
3554 TIFFSetFieldBit(tif,fip->field_bit);
3555 break;
3556 case TIFFTAG_IMAGEWIDTH:
3557 case TIFFTAG_IMAGELENGTH:
3558 case TIFFTAG_IMAGEDEPTH:
3559 case TIFFTAG_TILELENGTH:
3560 case TIFFTAG_TILEWIDTH:
3561 case TIFFTAG_TILEDEPTH:
3562 case TIFFTAG_PLANARCONFIG:
3563 case TIFFTAG_ROWSPERSTRIP:
3564 case TIFFTAG_EXTRASAMPLES:
3565 if (!TIFFFetchNormalTag(tif,dp,0))
3566 goto bad;
3567 dp->tdir_tag=IGNORE;
3568 break;
3569 }
3570 }
3571 }
3572 }
3573 /*
3574 * XXX: OJPEG hack.
3575 * If a) compression is OJPEG, b) planarconfig tag says it's separate,
3576 * c) strip offsets/bytecounts tag are both present and
3577 * d) both contain exactly one value, then we consistently find
3578 * that the buggy implementation of the buggy compression scheme
3579 * matches contig planarconfig best. So we 'fix-up' the tag here
3580 */
3581 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&&
3582 (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE))
3583 {
3584 if (!_TIFFFillStriles(tif))
3585 goto bad;
3586 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS);
3587 if ((dp!=0)&&(dp->tdir_count==1))
3588 {
3589 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,
3590 TIFFTAG_STRIPBYTECOUNTS);
3591 if ((dp!=0)&&(dp->tdir_count==1))
3592 {
3593 tif->tif_dir.td_planarconfig=PLANARCONFIG_CONTIG;
3594 TIFFWarningExt(tif->tif_clientdata,module,
3595 "Planarconfig tag value assumed incorrect, "
3596 "assuming data is contig instead of chunky");
3597 }
3598 }
3599 }
3600 /*
3601 * Allocate directory structure and setup defaults.
3602 */
3603 if (!TIFFFieldSet(tif,FIELD_IMAGEDIMENSIONS))
3604 {
3605 MissingRequired(tif,"ImageLength");
3606 goto bad;
3607 }
3608 /*
3609 * Setup appropriate structures (by strip or by tile)
3610 */
3611 if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
3612 tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif);
3613 tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth;
3614 tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip;
3615 tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth;
3616 tif->tif_flags &= ~TIFF_ISTILED;
3617 } else {
3618 tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif);
3619 tif->tif_flags |= TIFF_ISTILED;
3620 }
3621 if (!tif->tif_dir.td_nstrips) {
3622 TIFFErrorExt(tif->tif_clientdata, module,
3623 "Cannot handle zero number of %s",
3624 isTiled(tif) ? "tiles" : "strips");
3625 goto bad;
3626 }
3627 tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips;
3628 if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)
3629 tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel;
3630 if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) {
3631 #ifdef OJPEG_SUPPORT
3632 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) &&
3633 (isTiled(tif)==0) &&
3634 (tif->tif_dir.td_nstrips==1)) {
3635 /*
3636 * XXX: OJPEG hack.
3637 * If a) compression is OJPEG, b) it's not a tiled TIFF,
3638 * and c) the number of strips is 1,
3639 * then we tolerate the absence of stripoffsets tag,
3640 * because, presumably, all required data is in the
3641 * JpegInterchangeFormat stream.
3642 */
3643 TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS);
3644 } else
3645 #endif
3646 {
3647 MissingRequired(tif,
3648 isTiled(tif) ? "TileOffsets" : "StripOffsets");
3649 goto bad;
3650 }
3651 }
3652 /*
3653 * Second pass: extract other information.
3654 */
3655 for (di=0, dp=dir; di<dircount; di++, dp++)
3656 {
3657 switch (dp->tdir_tag)
3658 {
3659 case IGNORE:
3660 break;
3661 case TIFFTAG_MINSAMPLEVALUE:
3662 case TIFFTAG_MAXSAMPLEVALUE:
3663 case TIFFTAG_BITSPERSAMPLE:
3664 case TIFFTAG_DATATYPE:
3665 case TIFFTAG_SAMPLEFORMAT:
3666 /*
3667 * The MinSampleValue, MaxSampleValue, BitsPerSample
3668 * DataType and SampleFormat tags are supposed to be
3669 * written as one value/sample, but some vendors
3670 * incorrectly write one value only -- so we accept
3671 * that as well (yuck). Other vendors write correct
3672 * value for NumberOfSamples, but incorrect one for
3673 * BitsPerSample and friends, and we will read this
3674 * too.
3675 */
3676 {
3677 uint16 value;
3678 enum TIFFReadDirEntryErr err;
3679 err=TIFFReadDirEntryShort(tif,dp,&value);
3680 if (err==TIFFReadDirEntryErrCount)
3681 err=TIFFReadDirEntryPersampleShort(tif,dp,&value);
3682 if (err!=TIFFReadDirEntryErrOk)
3683 {
3684 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3685 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3686 goto bad;
3687 }
3688 if (!TIFFSetField(tif,dp->tdir_tag,value))
3689 goto bad;
3690 if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE )
3691 bitspersample_read = TRUE;
3692 }
3693 break;
3694 case TIFFTAG_SMINSAMPLEVALUE:
3695 case TIFFTAG_SMAXSAMPLEVALUE:
3696 {
3697
3698 double *data = NULL;
3699 enum TIFFReadDirEntryErr err;
3700 uint32 saved_flags;
3701 int m;
3702 if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel)
3703 err = TIFFReadDirEntryErrCount;
3704 else
3705 err = TIFFReadDirEntryDoubleArray(tif, dp, &data);
3706 if (err!=TIFFReadDirEntryErrOk)
3707 {
3708 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3709 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
3710 goto bad;
3711 }
3712 saved_flags = tif->tif_flags;
3713 tif->tif_flags |= TIFF_PERSAMPLE;
3714 m = TIFFSetField(tif,dp->tdir_tag,data);
3715 tif->tif_flags = saved_flags;
3716 _TIFFfree(data);
3717 if (!m)
3718 goto bad;
3719 }
3720 break;
3721 case TIFFTAG_STRIPOFFSETS:
3722 case TIFFTAG_TILEOFFSETS:
3723 #if defined(DEFER_STRILE_LOAD)
3724 _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry),
3725 dp, sizeof(TIFFDirEntry) );
3726 #else
3727 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset))
3728 goto bad;
3729 #endif
3730 break;
3731 case TIFFTAG_STRIPBYTECOUNTS:
3732 case TIFFTAG_TILEBYTECOUNTS:
3733 #if defined(DEFER_STRILE_LOAD)
3734 _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry),
3735 dp, sizeof(TIFFDirEntry) );
3736 #else
3737 if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount))
3738 goto bad;
3739 #endif
3740 break;
3741 case TIFFTAG_COLORMAP:
3742 case TIFFTAG_TRANSFERFUNCTION:
3743 {
3744 enum TIFFReadDirEntryErr err;
3745 uint32 countpersample;
3746 uint32 countrequired;
3747 uint32 incrementpersample;
3748 uint16* value=NULL;
3749 /* It would be dangerous to instantiate those tag values */
3750 /* since if td_bitspersample has not yet been read (due to */
3751 /* unordered tags), it could be read afterwards with a */
3752 /* values greater than the default one (1), which may cause */
3753 /* crashes in user code */
3754 if( !bitspersample_read )
3755 {
3756 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3757 TIFFWarningExt(tif->tif_clientdata,module,
3758 "Ignoring %s since BitsPerSample tag not found",
3759 fip ? fip->field_name : "unknown tagname");
3760 continue;
3761 }
3762 /* ColorMap or TransferFunction for high bit */
3763 /* depths do not make much sense and could be */
3764 /* used as a denial of service vector */
3765 if (tif->tif_dir.td_bitspersample > 24)
3766 {
3767 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3768 TIFFWarningExt(tif->tif_clientdata,module,
3769 "Ignoring %s because BitsPerSample=%d>24",
3770 fip ? fip->field_name : "unknown tagname",
3771 tif->tif_dir.td_bitspersample);
3772 continue;
3773 }
3774 countpersample=(1U<<tif->tif_dir.td_bitspersample);
3775 if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
3776 {
3777 countrequired=countpersample;
3778 incrementpersample=0;
3779 }
3780 else
3781 {
3782 countrequired=3*countpersample;
3783 incrementpersample=countpersample;
3784 }
3785 if (dp->tdir_count!=(uint64)countrequired)
3786 err=TIFFReadDirEntryErrCount;
3787 else
3788 err=TIFFReadDirEntryShortArray(tif,dp,&value);
3789 if (err!=TIFFReadDirEntryErrOk)
3790 {
3791 fip = TIFFFieldWithTag(tif,dp->tdir_tag);
3792 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1);
3793 }
3794 else
3795 {
3796 TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample);
3797 _TIFFfree(value);
3798 }
3799 }
3800 break;
3801 /* BEGIN REV 4.0 COMPATIBILITY */
3802 case TIFFTAG_OSUBFILETYPE:
3803 {
3804 uint16 valueo;
3805 uint32 value;
3806 if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk)
3807 {
3808 switch (valueo)
3809 {
3810 case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break;
3811 case OFILETYPE_PAGE: value=FILETYPE_PAGE; break;
3812 default: value=0; break;
3813 }
3814 if (value!=0)
3815 TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value);
3816 }
3817 }
3818 break;
3819 /* END REV 4.0 COMPATIBILITY */
3820 default:
3821 (void) TIFFFetchNormalTag(tif, dp, TRUE);
3822 break;
3823 }
3824 }
3825 /*
3826 * OJPEG hack:
3827 * - If a) compression is OJPEG, and b) photometric tag is missing,
3828 * then we consistently find that photometric should be YCbCr
3829 * - If a) compression is OJPEG, and b) photometric tag says it's RGB,
3830 * then we consistently find that the buggy implementation of the
3831 * buggy compression scheme matches photometric YCbCr instead.
3832 * - If a) compression is OJPEG, and b) bitspersample tag is missing,
3833 * then we consistently find bitspersample should be 8.
3834 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3835 * and c) photometric is RGB or YCbCr, then we consistently find
3836 * samplesperpixel should be 3
3837 * - If a) compression is OJPEG, b) samplesperpixel tag is missing,
3838 * and c) photometric is MINISWHITE or MINISBLACK, then we consistently
3839 * find samplesperpixel should be 3
3840 */
3841 if (tif->tif_dir.td_compression==COMPRESSION_OJPEG)
3842 {
3843 if (!TIFFFieldSet(tif,FIELD_PHOTOMETRIC))
3844 {
3845 TIFFWarningExt(tif->tif_clientdata, module,
3846 "Photometric tag is missing, assuming data is YCbCr");
3847 if (!TIFFSetField(tif,TIFFTAG_PHOTOMETRIC,PHOTOMETRIC_YCBCR))
3848 goto bad;
3849 }
3850 else if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
3851 {
3852 tif->tif_dir.td_photometric=PHOTOMETRIC_YCBCR;
3853 TIFFWarningExt(tif->tif_clientdata, module,
3854 "Photometric tag value assumed incorrect, "
3855 "assuming data is YCbCr instead of RGB");
3856 }
3857 if (!TIFFFieldSet(tif,FIELD_BITSPERSAMPLE))
3858 {
3859 TIFFWarningExt(tif->tif_clientdata,module,
3860 "BitsPerSample tag is missing, assuming 8 bits per sample");
3861 if (!TIFFSetField(tif,TIFFTAG_BITSPERSAMPLE,8))
3862 goto bad;
3863 }
3864 if (!TIFFFieldSet(tif,FIELD_SAMPLESPERPIXEL))
3865 {
3866 if (tif->tif_dir.td_photometric==PHOTOMETRIC_RGB)
3867 {
3868 TIFFWarningExt(tif->tif_clientdata,module,
3869 "SamplesPerPixel tag is missing, "
3870 "assuming correct SamplesPerPixel value is 3");
3871 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
3872 goto bad;
3873 }
3874 if (tif->tif_dir.td_photometric==PHOTOMETRIC_YCBCR)
3875 {
3876 TIFFWarningExt(tif->tif_clientdata,module,
3877 "SamplesPerPixel tag is missing, "
3878 "applying correct SamplesPerPixel value of 3");
3879 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,3))
3880 goto bad;
3881 }
3882 else if ((tif->tif_dir.td_photometric==PHOTOMETRIC_MINISWHITE)
3883 || (tif->tif_dir.td_photometric==PHOTOMETRIC_MINISBLACK))
3884 {
3885 /*
3886 * SamplesPerPixel tag is missing, but is not required
3887 * by spec. Assume correct SamplesPerPixel value of 1.
3888 */
3889 if (!TIFFSetField(tif,TIFFTAG_SAMPLESPERPIXEL,1))
3890 goto bad;
3891 }
3892 }
3893 }
3894 /*
3895 * Verify Palette image has a Colormap.
3896 */
3897 if (tif->tif_dir.td_photometric == PHOTOMETRIC_PALETTE &&
3898 !TIFFFieldSet(tif, FIELD_COLORMAP)) {
3899 if ( tif->tif_dir.td_bitspersample>=8 && tif->tif_dir.td_samplesperpixel==3)
3900 tif->tif_dir.td_photometric = PHOTOMETRIC_RGB;
3901 else if (tif->tif_dir.td_bitspersample>=8)
3902 tif->tif_dir.td_photometric = PHOTOMETRIC_MINISBLACK;
3903 else {
3904 MissingRequired(tif, "Colormap");
3905 goto bad;
3906 }
3907 }
3908 /*
3909 * OJPEG hack:
3910 * We do no further messing with strip/tile offsets/bytecounts in OJPEG
3911 * TIFFs
3912 */
3913 if (tif->tif_dir.td_compression!=COMPRESSION_OJPEG)
3914 {
3915 /*
3916 * Attempt to deal with a missing StripByteCounts tag.
3917 */
3918 if (!TIFFFieldSet(tif, FIELD_STRIPBYTECOUNTS)) {
3919 /*
3920 * Some manufacturers violate the spec by not giving
3921 * the size of the strips. In this case, assume there
3922 * is one uncompressed strip of data.
3923 */
3924 if ((tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG &&
3925 tif->tif_dir.td_nstrips > 1) ||
3926 (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE &&
3927 tif->tif_dir.td_nstrips != (uint32)tif->tif_dir.td_samplesperpixel)) {
3928 MissingRequired(tif, "StripByteCounts");
3929 goto bad;
3930 }
3931 TIFFWarningExt(tif->tif_clientdata, module,
3932 "TIFF directory is missing required "
3933 "\"StripByteCounts\" field, calculating from imagelength");
3934 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
3935 goto bad;
3936 /*
3937 * Assume we have wrong StripByteCount value (in case
3938 * of single strip) in following cases:
3939 * - it is equal to zero along with StripOffset;
3940 * - it is larger than file itself (in case of uncompressed
3941 * image);
3942 * - it is smaller than the size of the bytes per row
3943 * multiplied on the number of rows. The last case should
3944 * not be checked in the case of writing new image,
3945 * because we may do not know the exact strip size
3946 * until the whole image will be written and directory
3947 * dumped out.
3948 */
3949 #define BYTECOUNTLOOKSBAD \
3950 ( (tif->tif_dir.td_stripbytecount[0] == 0 && tif->tif_dir.td_stripoffset[0] != 0) || \
3951 (tif->tif_dir.td_compression == COMPRESSION_NONE && \
3952 tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) || \
3953 (tif->tif_mode == O_RDONLY && \
3954 tif->tif_dir.td_compression == COMPRESSION_NONE && \
3955 tif->tif_dir.td_stripbytecount[0] < TIFFScanlineSize64(tif) * tif->tif_dir.td_imagelength) )
3956
3957 } else if (tif->tif_dir.td_nstrips == 1
3958 && _TIFFFillStriles(tif)
3959 && tif->tif_dir.td_stripoffset[0] != 0
3960 && BYTECOUNTLOOKSBAD) {
3961 /*
3962 * XXX: Plexus (and others) sometimes give a value of
3963 * zero for a tag when they don't know what the
3964 * correct value is! Try and handle the simple case
3965 * of estimating the size of a one strip image.
3966 */
3967 TIFFWarningExt(tif->tif_clientdata, module,
3968 "Bogus \"StripByteCounts\" field, ignoring and calculating from imagelength");
3969 if(EstimateStripByteCounts(tif, dir, dircount) < 0)
3970 goto bad;
3971
3972 #if !defined(DEFER_STRILE_LOAD)
3973 } else if (tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG
3974 && tif->tif_dir.td_nstrips > 2
3975 && tif->tif_dir.td_compression == COMPRESSION_NONE
3976 && tif->tif_dir.td_stripbytecount[0] != tif->tif_dir.td_stripbytecount[1]
3977 && tif->tif_dir.td_stripbytecount[0] != 0
3978 && tif->tif_dir.td_stripbytecount[1] != 0 ) {
3979 /*
3980 * XXX: Some vendors fill StripByteCount array with
3981 * absolutely wrong values (it can be equal to
3982 * StripOffset array, for example). Catch this case
3983 * here.
3984 *
3985 * We avoid this check if deferring strile loading
3986 * as it would always force us to load the strip/tile
3987 * information.
3988 */
3989 TIFFWarningExt(tif->tif_clientdata, module,
3990 "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength");
3991 if (EstimateStripByteCounts(tif, dir, dircount) < 0)
3992 goto bad;
3993 #endif /* !defined(DEFER_STRILE_LOAD) */
3994 }
3995 }
3996 if (dir)
3997 {
3998 _TIFFfree(dir);
3999 dir=NULL;
4000 }
4001 if (!TIFFFieldSet(tif, FIELD_MAXSAMPLEVALUE))
4002 {
4003 if (tif->tif_dir.td_bitspersample>=16)
4004 tif->tif_dir.td_maxsamplevalue=0xFFFF;
4005 else
4006 tif->tif_dir.td_maxsamplevalue = (uint16)((1L<<tif->tif_dir.td_bitspersample)-1);
4007 }
4008 /*
4009 * XXX: We can optimize checking for the strip bounds using the sorted
4010 * bytecounts array. See also comments for TIFFAppendToStrip()
4011 * function in tif_write.c.
4012 */
4013 #if !defined(DEFER_STRILE_LOAD)
4014 if (tif->tif_dir.td_nstrips > 1) {
4015 uint32 strip;
4016
4017 tif->tif_dir.td_stripbytecountsorted = 1;
4018 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
4019 if (tif->tif_dir.td_stripoffset[strip - 1] >
4020 tif->tif_dir.td_stripoffset[strip]) {
4021 tif->tif_dir.td_stripbytecountsorted = 0;
4022 break;
4023 }
4024 }
4025 }
4026 #endif /* !defined(DEFER_STRILE_LOAD) */
4027
4028 /*
4029 * An opportunity for compression mode dependent tag fixup
4030 */
4031 (*tif->tif_fixuptags)(tif);
4032
4033 /*
4034 * Some manufacturers make life difficult by writing
4035 * large amounts of uncompressed data as a single strip.
4036 * This is contrary to the recommendations of the spec.
4037 * The following makes an attempt at breaking such images
4038 * into strips closer to the recommended 8k bytes. A
4039 * side effect, however, is that the RowsPerStrip tag
4040 * value may be changed.
4041 */
4042 if ((tif->tif_dir.td_planarconfig==PLANARCONFIG_CONTIG)&&
4043 (tif->tif_dir.td_nstrips==1)&&
4044 (tif->tif_dir.td_compression==COMPRESSION_NONE)&&
4045 ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP))
4046 {
4047 if ( !_TIFFFillStriles(tif) || !tif->tif_dir.td_stripbytecount )
4048 return 0;
4049 ChopUpSingleUncompressedStrip(tif);
4050 }
4051
4052 /*
4053 * Clear the dirty directory flag.
4054 */
4055 tif->tif_flags &= ~TIFF_DIRTYDIRECT;
4056 tif->tif_flags &= ~TIFF_DIRTYSTRIP;
4057
4058 /*
4059 * Reinitialize i/o since we are starting on a new directory.
4060 */
4061 tif->tif_row = (uint32) -1;
4062 tif->tif_curstrip = (uint32) -1;
4063 tif->tif_col = (uint32) -1;
4064 tif->tif_curtile = (uint32) -1;
4065 tif->tif_tilesize = (tmsize_t) -1;
4066
4067 tif->tif_scanlinesize = TIFFScanlineSize(tif);
4068 if (!tif->tif_scanlinesize) {
4069 TIFFErrorExt(tif->tif_clientdata, module,
4070 "Cannot handle zero scanline size");
4071 return (0);
4072 }
4073
4074 if (isTiled(tif)) {
4075 tif->tif_tilesize = TIFFTileSize(tif);
4076 if (!tif->tif_tilesize) {
4077 TIFFErrorExt(tif->tif_clientdata, module,
4078 "Cannot handle zero tile size");
4079 return (0);
4080 }
4081 } else {
4082 if (!TIFFStripSize(tif)) {
4083 TIFFErrorExt(tif->tif_clientdata, module,
4084 "Cannot handle zero strip size");
4085 return (0);
4086 }
4087 }
4088 return (1);
4089 bad:
4090 if (dir)
4091 _TIFFfree(dir);
4092 return (0);
4093 }
4094
4095 static void
TIFFReadDirectoryCheckOrder(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4096 TIFFReadDirectoryCheckOrder(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4097 {
4098 static const char module[] = "TIFFReadDirectoryCheckOrder";
4099 uint16 m;
4100 uint16 n;
4101 TIFFDirEntry* o;
4102 m=0;
4103 for (n=0, o=dir; n<dircount; n++, o++)
4104 {
4105 if (o->tdir_tag<m)
4106 {
4107 TIFFWarningExt(tif->tif_clientdata,module,
4108 "Invalid TIFF directory; tags are not sorted in ascending order");
4109 break;
4110 }
4111 m=o->tdir_tag+1;
4112 }
4113 }
4114
4115 static TIFFDirEntry*
TIFFReadDirectoryFindEntry(TIFF * tif,TIFFDirEntry * dir,uint16 dircount,uint16 tagid)4116 TIFFReadDirectoryFindEntry(TIFF* tif, TIFFDirEntry* dir, uint16 dircount, uint16 tagid)
4117 {
4118 TIFFDirEntry* m;
4119 uint16 n;
4120 (void) tif;
4121 for (m=dir, n=0; n<dircount; m++, n++)
4122 {
4123 if (m->tdir_tag==tagid)
4124 return(m);
4125 }
4126 return(0);
4127 }
4128
4129 static void
TIFFReadDirectoryFindFieldInfo(TIFF * tif,uint16 tagid,uint32 * fii)4130 TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16 tagid, uint32* fii)
4131 {
4132 int32 ma,mb,mc;
4133 ma=-1;
4134 mc=(int32)tif->tif_nfields;
4135 while (1)
4136 {
4137 if (ma+1==mc)
4138 {
4139 *fii = FAILED_FII;
4140 return;
4141 }
4142 mb=(ma+mc)/2;
4143 if (tif->tif_fields[mb]->field_tag==(uint32)tagid)
4144 break;
4145 if (tif->tif_fields[mb]->field_tag<(uint32)tagid)
4146 ma=mb;
4147 else
4148 mc=mb;
4149 }
4150 while (1)
4151 {
4152 if (mb==0)
4153 break;
4154 if (tif->tif_fields[mb-1]->field_tag!=(uint32)tagid)
4155 break;
4156 mb--;
4157 }
4158 *fii=mb;
4159 }
4160
4161 /*
4162 * Read custom directory from the arbitrary offset.
4163 * The code is very similar to TIFFReadDirectory().
4164 */
4165 int
TIFFReadCustomDirectory(TIFF * tif,toff_t diroff,const TIFFFieldArray * infoarray)4166 TIFFReadCustomDirectory(TIFF* tif, toff_t diroff,
4167 const TIFFFieldArray* infoarray)
4168 {
4169 static const char module[] = "TIFFReadCustomDirectory";
4170 TIFFDirEntry* dir;
4171 uint16 dircount;
4172 TIFFDirEntry* dp;
4173 uint16 di;
4174 const TIFFField* fip;
4175 uint32 fii;
4176 _TIFFSetupFields(tif, infoarray);
4177 dircount=TIFFFetchDirectory(tif,diroff,&dir,NULL);
4178 if (!dircount)
4179 {
4180 TIFFErrorExt(tif->tif_clientdata,module,
4181 "Failed to read custom directory at offset " TIFF_UINT64_FORMAT,diroff);
4182 return 0;
4183 }
4184 TIFFFreeDirectory(tif);
4185 _TIFFmemset(&tif->tif_dir, 0, sizeof(TIFFDirectory));
4186 TIFFReadDirectoryCheckOrder(tif,dir,dircount);
4187 for (di=0, dp=dir; di<dircount; di++, dp++)
4188 {
4189 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4190 if (fii == FAILED_FII)
4191 {
4192 TIFFWarningExt(tif->tif_clientdata, module,
4193 "Unknown field with tag %d (0x%x) encountered",
4194 dp->tdir_tag, dp->tdir_tag);
4195 if (!_TIFFMergeFields(tif, _TIFFCreateAnonField(tif,
4196 dp->tdir_tag,
4197 (TIFFDataType) dp->tdir_type),
4198 1)) {
4199 TIFFWarningExt(tif->tif_clientdata, module,
4200 "Registering anonymous field with tag %d (0x%x) failed",
4201 dp->tdir_tag, dp->tdir_tag);
4202 dp->tdir_tag=IGNORE;
4203 } else {
4204 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4205 assert( fii != FAILED_FII );
4206 }
4207 }
4208 if (dp->tdir_tag!=IGNORE)
4209 {
4210 fip=tif->tif_fields[fii];
4211 if (fip->field_bit==FIELD_IGNORE)
4212 dp->tdir_tag=IGNORE;
4213 else
4214 {
4215 /* check data type */
4216 while ((fip->field_type!=TIFF_ANY)&&(fip->field_type!=dp->tdir_type))
4217 {
4218 fii++;
4219 if ((fii==tif->tif_nfields)||
4220 (tif->tif_fields[fii]->field_tag!=(uint32)dp->tdir_tag))
4221 {
4222 fii=0xFFFF;
4223 break;
4224 }
4225 fip=tif->tif_fields[fii];
4226 }
4227 if (fii==0xFFFF)
4228 {
4229 TIFFWarningExt(tif->tif_clientdata, module,
4230 "Wrong data type %d for \"%s\"; tag ignored",
4231 dp->tdir_type,fip->field_name);
4232 dp->tdir_tag=IGNORE;
4233 }
4234 else
4235 {
4236 /* check count if known in advance */
4237 if ((fip->field_readcount!=TIFF_VARIABLE)&&
4238 (fip->field_readcount!=TIFF_VARIABLE2))
4239 {
4240 uint32 expected;
4241 if (fip->field_readcount==TIFF_SPP)
4242 expected=(uint32)tif->tif_dir.td_samplesperpixel;
4243 else
4244 expected=(uint32)fip->field_readcount;
4245 if (!CheckDirCount(tif,dp,expected))
4246 dp->tdir_tag=IGNORE;
4247 }
4248 }
4249 }
4250 switch (dp->tdir_tag)
4251 {
4252 case IGNORE:
4253 break;
4254 case EXIFTAG_SUBJECTDISTANCE:
4255 (void) TIFFFetchSubjectDistance(tif,dp);
4256 break;
4257 default:
4258 (void) TIFFFetchNormalTag(tif, dp, TRUE);
4259 break;
4260 }
4261 }
4262 }
4263 if (dir)
4264 _TIFFfree(dir);
4265 return 1;
4266 }
4267
4268 /*
4269 * EXIF is important special case of custom IFD, so we have a special
4270 * function to read it.
4271 */
4272 int
TIFFReadEXIFDirectory(TIFF * tif,toff_t diroff)4273 TIFFReadEXIFDirectory(TIFF* tif, toff_t diroff)
4274 {
4275 const TIFFFieldArray* exifFieldArray;
4276 exifFieldArray = _TIFFGetExifFields();
4277 return TIFFReadCustomDirectory(tif, diroff, exifFieldArray);
4278 }
4279
4280 static int
EstimateStripByteCounts(TIFF * tif,TIFFDirEntry * dir,uint16 dircount)4281 EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16 dircount)
4282 {
4283 static const char module[] = "EstimateStripByteCounts";
4284
4285 TIFFDirEntry *dp;
4286 TIFFDirectory *td = &tif->tif_dir;
4287 uint32 strip;
4288
4289 /* Do not try to load stripbytecount as we will compute it */
4290 if( !_TIFFFillStrilesInternal( tif, 0 ) )
4291 return -1;
4292
4293 if (td->td_stripbytecount)
4294 _TIFFfree(td->td_stripbytecount);
4295 td->td_stripbytecount = (uint64*)
4296 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
4297 "for \"StripByteCounts\" array");
4298 if( td->td_stripbytecount == NULL )
4299 return -1;
4300
4301 if (td->td_compression != COMPRESSION_NONE) {
4302 uint64 space;
4303 uint64 filesize;
4304 uint16 n;
4305 filesize = TIFFGetFileSize(tif);
4306 if (!(tif->tif_flags&TIFF_BIGTIFF))
4307 space=sizeof(TIFFHeaderClassic)+2+dircount*12+4;
4308 else
4309 space=sizeof(TIFFHeaderBig)+8+dircount*20+8;
4310 /* calculate amount of space used by indirect values */
4311 for (dp = dir, n = dircount; n > 0; n--, dp++)
4312 {
4313 uint32 typewidth;
4314 uint64 datasize;
4315 typewidth = TIFFDataWidth((TIFFDataType) dp->tdir_type);
4316 if (typewidth == 0) {
4317 TIFFErrorExt(tif->tif_clientdata, module,
4318 "Cannot determine size of unknown tag type %d",
4319 dp->tdir_type);
4320 return -1;
4321 }
4322 datasize=(uint64)typewidth*dp->tdir_count;
4323 if (!(tif->tif_flags&TIFF_BIGTIFF))
4324 {
4325 if (datasize<=4)
4326 datasize=0;
4327 }
4328 else
4329 {
4330 if (datasize<=8)
4331 datasize=0;
4332 }
4333 space+=datasize;
4334 }
4335 space = filesize - space;
4336 if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
4337 space /= td->td_samplesperpixel;
4338 for (strip = 0; strip < td->td_nstrips; strip++)
4339 td->td_stripbytecount[strip] = space;
4340 /*
4341 * This gross hack handles the case were the offset to
4342 * the last strip is past the place where we think the strip
4343 * should begin. Since a strip of data must be contiguous,
4344 * it's safe to assume that we've overestimated the amount
4345 * of data in the strip and trim this number back accordingly.
4346 */
4347 strip--;
4348 if (td->td_stripoffset[strip]+td->td_stripbytecount[strip] > filesize)
4349 td->td_stripbytecount[strip] = filesize - td->td_stripoffset[strip];
4350 } else if (isTiled(tif)) {
4351 uint64 bytespertile = TIFFTileSize64(tif);
4352
4353 for (strip = 0; strip < td->td_nstrips; strip++)
4354 td->td_stripbytecount[strip] = bytespertile;
4355 } else {
4356 uint64 rowbytes = TIFFScanlineSize64(tif);
4357 uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage;
4358 for (strip = 0; strip < td->td_nstrips; strip++)
4359 td->td_stripbytecount[strip] = rowbytes * rowsperstrip;
4360 }
4361 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS);
4362 if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP))
4363 td->td_rowsperstrip = td->td_imagelength;
4364 return 1;
4365 }
4366
4367 static void
MissingRequired(TIFF * tif,const char * tagname)4368 MissingRequired(TIFF* tif, const char* tagname)
4369 {
4370 static const char module[] = "MissingRequired";
4371
4372 TIFFErrorExt(tif->tif_clientdata, module,
4373 "TIFF directory is missing required \"%s\" field",
4374 tagname);
4375 }
4376
4377 /*
4378 * Check the directory offset against the list of already seen directory
4379 * offsets. This is a trick to prevent IFD looping. The one can create TIFF
4380 * file with looped directory pointers. We will maintain a list of already
4381 * seen directories and check every IFD offset against that list.
4382 */
4383 static int
TIFFCheckDirOffset(TIFF * tif,uint64 diroff)4384 TIFFCheckDirOffset(TIFF* tif, uint64 diroff)
4385 {
4386 uint16 n;
4387
4388 if (diroff == 0) /* no more directories */
4389 return 0;
4390 if (tif->tif_dirnumber == 65535) {
4391 TIFFErrorExt(tif->tif_clientdata, "TIFFCheckDirOffset",
4392 "Cannot handle more than 65535 TIFF directories");
4393 return 0;
4394 }
4395
4396 for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) {
4397 if (tif->tif_dirlist[n] == diroff)
4398 return 0;
4399 }
4400
4401 tif->tif_dirnumber++;
4402
4403 if (tif->tif_dirlist == NULL || tif->tif_dirnumber > tif->tif_dirlistsize) {
4404 uint64* new_dirlist;
4405
4406 /*
4407 * XXX: Reduce memory allocation granularity of the dirlist
4408 * array.
4409 */
4410 new_dirlist = (uint64*)_TIFFCheckRealloc(tif, tif->tif_dirlist,
4411 tif->tif_dirnumber, 2 * sizeof(uint64), "for IFD list");
4412 if (!new_dirlist)
4413 return 0;
4414 if( tif->tif_dirnumber >= 32768 )
4415 tif->tif_dirlistsize = 65535;
4416 else
4417 tif->tif_dirlistsize = 2 * tif->tif_dirnumber;
4418 tif->tif_dirlist = new_dirlist;
4419 }
4420
4421 tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff;
4422
4423 return 1;
4424 }
4425
4426 /*
4427 * Check the count field of a directory entry against a known value. The
4428 * caller is expected to skip/ignore the tag if there is a mismatch.
4429 */
4430 static int
CheckDirCount(TIFF * tif,TIFFDirEntry * dir,uint32 count)4431 CheckDirCount(TIFF* tif, TIFFDirEntry* dir, uint32 count)
4432 {
4433 if ((uint64)count > dir->tdir_count) {
4434 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4435 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4436 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag ignored",
4437 fip ? fip->field_name : "unknown tagname",
4438 dir->tdir_count, count);
4439 return (0);
4440 } else if ((uint64)count < dir->tdir_count) {
4441 const TIFFField* fip = TIFFFieldWithTag(tif, dir->tdir_tag);
4442 TIFFWarningExt(tif->tif_clientdata, tif->tif_name,
4443 "incorrect count for field \"%s\" (" TIFF_UINT64_FORMAT ", expecting %u); tag trimmed",
4444 fip ? fip->field_name : "unknown tagname",
4445 dir->tdir_count, count);
4446 dir->tdir_count = count;
4447 return (1);
4448 }
4449 return (1);
4450 }
4451
4452 /*
4453 * Read IFD structure from the specified offset. If the pointer to
4454 * nextdiroff variable has been specified, read it too. Function returns a
4455 * number of fields in the directory or 0 if failed.
4456 */
4457 static uint16
TIFFFetchDirectory(TIFF * tif,uint64 diroff,TIFFDirEntry ** pdir,uint64 * nextdiroff)4458 TIFFFetchDirectory(TIFF* tif, uint64 diroff, TIFFDirEntry** pdir,
4459 uint64 *nextdiroff)
4460 {
4461 static const char module[] = "TIFFFetchDirectory";
4462
4463 void* origdir;
4464 uint16 dircount16;
4465 uint32 dirsize;
4466 TIFFDirEntry* dir;
4467 uint8* ma;
4468 TIFFDirEntry* mb;
4469 uint16 n;
4470
4471 assert(pdir);
4472
4473 tif->tif_diroff = diroff;
4474 if (nextdiroff)
4475 *nextdiroff = 0;
4476 if (!isMapped(tif)) {
4477 if (!SeekOK(tif, tif->tif_diroff)) {
4478 TIFFErrorExt(tif->tif_clientdata, module,
4479 "%s: Seek error accessing TIFF directory",
4480 tif->tif_name);
4481 return 0;
4482 }
4483 if (!(tif->tif_flags&TIFF_BIGTIFF))
4484 {
4485 if (!ReadOK(tif, &dircount16, sizeof (uint16))) {
4486 TIFFErrorExt(tif->tif_clientdata, module,
4487 "%s: Can not read TIFF directory count",
4488 tif->tif_name);
4489 return 0;
4490 }
4491 if (tif->tif_flags & TIFF_SWAB)
4492 TIFFSwabShort(&dircount16);
4493 if (dircount16>4096)
4494 {
4495 TIFFErrorExt(tif->tif_clientdata, module,
4496 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4497 return 0;
4498 }
4499 dirsize = 12;
4500 } else {
4501 uint64 dircount64;
4502 if (!ReadOK(tif, &dircount64, sizeof (uint64))) {
4503 TIFFErrorExt(tif->tif_clientdata, module,
4504 "%s: Can not read TIFF directory count",
4505 tif->tif_name);
4506 return 0;
4507 }
4508 if (tif->tif_flags & TIFF_SWAB)
4509 TIFFSwabLong8(&dircount64);
4510 if (dircount64>4096)
4511 {
4512 TIFFErrorExt(tif->tif_clientdata, module,
4513 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4514 return 0;
4515 }
4516 dircount16 = (uint16)dircount64;
4517 dirsize = 20;
4518 }
4519 origdir = _TIFFCheckMalloc(tif, dircount16,
4520 dirsize, "to read TIFF directory");
4521 if (origdir == NULL)
4522 return 0;
4523 if (!ReadOK(tif, origdir, (tmsize_t)(dircount16*dirsize))) {
4524 TIFFErrorExt(tif->tif_clientdata, module,
4525 "%.100s: Can not read TIFF directory",
4526 tif->tif_name);
4527 _TIFFfree(origdir);
4528 return 0;
4529 }
4530 /*
4531 * Read offset to next directory for sequential scans if
4532 * needed.
4533 */
4534 if (nextdiroff)
4535 {
4536 if (!(tif->tif_flags&TIFF_BIGTIFF))
4537 {
4538 uint32 nextdiroff32;
4539 if (!ReadOK(tif, &nextdiroff32, sizeof(uint32)))
4540 nextdiroff32 = 0;
4541 if (tif->tif_flags&TIFF_SWAB)
4542 TIFFSwabLong(&nextdiroff32);
4543 *nextdiroff=nextdiroff32;
4544 } else {
4545 if (!ReadOK(tif, nextdiroff, sizeof(uint64)))
4546 *nextdiroff = 0;
4547 if (tif->tif_flags&TIFF_SWAB)
4548 TIFFSwabLong8(nextdiroff);
4549 }
4550 }
4551 } else {
4552 tmsize_t m;
4553 tmsize_t off = (tmsize_t) tif->tif_diroff;
4554 if ((uint64)off!=tif->tif_diroff)
4555 {
4556 TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count");
4557 return(0);
4558 }
4559
4560 /*
4561 * Check for integer overflow when validating the dir_off,
4562 * otherwise a very high offset may cause an OOB read and
4563 * crash the client. Make two comparisons instead of
4564 *
4565 * off + sizeof(uint16) > tif->tif_size
4566 *
4567 * to avoid overflow.
4568 */
4569 if (!(tif->tif_flags&TIFF_BIGTIFF))
4570 {
4571 m=off+sizeof(uint16);
4572 if ((m<off)||(m<(tmsize_t)sizeof(uint16))||(m>tif->tif_size)) {
4573 TIFFErrorExt(tif->tif_clientdata, module,
4574 "Can not read TIFF directory count");
4575 return 0;
4576 } else {
4577 _TIFFmemcpy(&dircount16, tif->tif_base + off,
4578 sizeof(uint16));
4579 }
4580 off += sizeof (uint16);
4581 if (tif->tif_flags & TIFF_SWAB)
4582 TIFFSwabShort(&dircount16);
4583 if (dircount16>4096)
4584 {
4585 TIFFErrorExt(tif->tif_clientdata, module,
4586 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4587 return 0;
4588 }
4589 dirsize = 12;
4590 }
4591 else
4592 {
4593 uint64 dircount64;
4594 m=off+sizeof(uint64);
4595 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size)) {
4596 TIFFErrorExt(tif->tif_clientdata, module,
4597 "Can not read TIFF directory count");
4598 return 0;
4599 } else {
4600 _TIFFmemcpy(&dircount64, tif->tif_base + off,
4601 sizeof(uint64));
4602 }
4603 off += sizeof (uint64);
4604 if (tif->tif_flags & TIFF_SWAB)
4605 TIFFSwabLong8(&dircount64);
4606 if (dircount64>4096)
4607 {
4608 TIFFErrorExt(tif->tif_clientdata, module,
4609 "Sanity check on directory count failed, this is probably not a valid IFD offset");
4610 return 0;
4611 }
4612 dircount16 = (uint16)dircount64;
4613 dirsize = 20;
4614 }
4615 if (dircount16 == 0 )
4616 {
4617 TIFFErrorExt(tif->tif_clientdata, module,
4618 "Sanity check on directory count failed, zero tag directories not supported");
4619 return 0;
4620 }
4621 origdir = _TIFFCheckMalloc(tif, dircount16,
4622 dirsize,
4623 "to read TIFF directory");
4624 if (origdir == NULL)
4625 return 0;
4626 m=off+dircount16*dirsize;
4627 if ((m<off)||(m<(tmsize_t)(dircount16*dirsize))||(m>tif->tif_size)) {
4628 TIFFErrorExt(tif->tif_clientdata, module,
4629 "Can not read TIFF directory");
4630 _TIFFfree(origdir);
4631 return 0;
4632 } else {
4633 _TIFFmemcpy(origdir, tif->tif_base + off,
4634 dircount16 * dirsize);
4635 }
4636 if (nextdiroff) {
4637 off += dircount16 * dirsize;
4638 if (!(tif->tif_flags&TIFF_BIGTIFF))
4639 {
4640 uint32 nextdiroff32;
4641 m=off+sizeof(uint32);
4642 if ((m<off)||(m<(tmsize_t)sizeof(uint32))||(m>tif->tif_size))
4643 nextdiroff32 = 0;
4644 else
4645 _TIFFmemcpy(&nextdiroff32, tif->tif_base + off,
4646 sizeof (uint32));
4647 if (tif->tif_flags&TIFF_SWAB)
4648 TIFFSwabLong(&nextdiroff32);
4649 *nextdiroff = nextdiroff32;
4650 }
4651 else
4652 {
4653 m=off+sizeof(uint64);
4654 if ((m<off)||(m<(tmsize_t)sizeof(uint64))||(m>tif->tif_size))
4655 *nextdiroff = 0;
4656 else
4657 _TIFFmemcpy(nextdiroff, tif->tif_base + off,
4658 sizeof (uint64));
4659 if (tif->tif_flags&TIFF_SWAB)
4660 TIFFSwabLong8(nextdiroff);
4661 }
4662 }
4663 }
4664 dir = (TIFFDirEntry*)_TIFFCheckMalloc(tif, dircount16,
4665 sizeof(TIFFDirEntry),
4666 "to read TIFF directory");
4667 if (dir==0)
4668 {
4669 _TIFFfree(origdir);
4670 return 0;
4671 }
4672 ma=(uint8*)origdir;
4673 mb=dir;
4674 for (n=0; n<dircount16; n++)
4675 {
4676 if (tif->tif_flags&TIFF_SWAB)
4677 TIFFSwabShort((uint16*)ma);
4678 mb->tdir_tag=*(uint16*)ma;
4679 ma+=sizeof(uint16);
4680 if (tif->tif_flags&TIFF_SWAB)
4681 TIFFSwabShort((uint16*)ma);
4682 mb->tdir_type=*(uint16*)ma;
4683 ma+=sizeof(uint16);
4684 if (!(tif->tif_flags&TIFF_BIGTIFF))
4685 {
4686 if (tif->tif_flags&TIFF_SWAB)
4687 TIFFSwabLong((uint32*)ma);
4688 mb->tdir_count=(uint64)(*(uint32*)ma);
4689 ma+=sizeof(uint32);
4690 *(uint32*)(&mb->tdir_offset)=*(uint32*)ma;
4691 ma+=sizeof(uint32);
4692 }
4693 else
4694 {
4695 if (tif->tif_flags&TIFF_SWAB)
4696 TIFFSwabLong8((uint64*)ma);
4697 mb->tdir_count=TIFFReadUInt64(ma);
4698 ma+=sizeof(uint64);
4699 mb->tdir_offset.toff_long8=TIFFReadUInt64(ma);
4700 ma+=sizeof(uint64);
4701 }
4702 mb++;
4703 }
4704 _TIFFfree(origdir);
4705 *pdir = dir;
4706 return dircount16;
4707 }
4708
4709 /*
4710 * Fetch a tag that is not handled by special case code.
4711 */
4712 static int
TIFFFetchNormalTag(TIFF * tif,TIFFDirEntry * dp,int recover)4713 TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover)
4714 {
4715 static const char module[] = "TIFFFetchNormalTag";
4716 enum TIFFReadDirEntryErr err;
4717 uint32 fii;
4718 const TIFFField* fip = NULL;
4719 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii);
4720 if( fii == FAILED_FII )
4721 {
4722 TIFFErrorExt(tif->tif_clientdata, "TIFFFetchNormalTag",
4723 "No definition found for tag %d",
4724 dp->tdir_tag);
4725 return 0;
4726 }
4727 fip=tif->tif_fields[fii];
4728 assert(fip != NULL); /* should not happen */
4729 assert(fip->set_field_type!=TIFF_SETGET_OTHER); /* if so, we shouldn't arrive here but deal with this in specialized code */
4730 assert(fip->set_field_type!=TIFF_SETGET_INT); /* if so, we shouldn't arrive here as this is only the case for pseudo-tags */
4731 err=TIFFReadDirEntryErrOk;
4732 switch (fip->set_field_type)
4733 {
4734 case TIFF_SETGET_UNDEFINED:
4735 break;
4736 case TIFF_SETGET_ASCII:
4737 {
4738 uint8* data;
4739 assert(fip->field_passcount==0);
4740 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4741 if (err==TIFFReadDirEntryErrOk)
4742 {
4743 uint8* ma;
4744 uint32 mb;
4745 int n;
4746 ma=data;
4747 mb=0;
4748 while (mb<(uint32)dp->tdir_count)
4749 {
4750 if (*ma==0)
4751 break;
4752 ma++;
4753 mb++;
4754 }
4755 if (mb+1<(uint32)dp->tdir_count)
4756 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" contains null byte in value; value incorrectly truncated during reading due to implementation limitations",fip->field_name);
4757 else if (mb+1>(uint32)dp->tdir_count)
4758 {
4759 uint8* o;
4760 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte",fip->field_name);
4761 if ((uint32)dp->tdir_count+1!=dp->tdir_count+1)
4762 o=NULL;
4763 else
4764 o=_TIFFmalloc((uint32)dp->tdir_count+1);
4765 if (o==NULL)
4766 {
4767 if (data!=NULL)
4768 _TIFFfree(data);
4769 return(0);
4770 }
4771 _TIFFmemcpy(o,data,(uint32)dp->tdir_count);
4772 o[(uint32)dp->tdir_count]=0;
4773 if (data!=0)
4774 _TIFFfree(data);
4775 data=o;
4776 }
4777 n=TIFFSetField(tif,dp->tdir_tag,data);
4778 if (data!=0)
4779 _TIFFfree(data);
4780 if (!n)
4781 return(0);
4782 }
4783 }
4784 break;
4785 case TIFF_SETGET_UINT8:
4786 {
4787 uint8 data=0;
4788 assert(fip->field_readcount==1);
4789 assert(fip->field_passcount==0);
4790 err=TIFFReadDirEntryByte(tif,dp,&data);
4791 if (err==TIFFReadDirEntryErrOk)
4792 {
4793 if (!TIFFSetField(tif,dp->tdir_tag,data))
4794 return(0);
4795 }
4796 }
4797 break;
4798 case TIFF_SETGET_UINT16:
4799 {
4800 uint16 data;
4801 assert(fip->field_readcount==1);
4802 assert(fip->field_passcount==0);
4803 err=TIFFReadDirEntryShort(tif,dp,&data);
4804 if (err==TIFFReadDirEntryErrOk)
4805 {
4806 if (!TIFFSetField(tif,dp->tdir_tag,data))
4807 return(0);
4808 }
4809 }
4810 break;
4811 case TIFF_SETGET_UINT32:
4812 {
4813 uint32 data;
4814 assert(fip->field_readcount==1);
4815 assert(fip->field_passcount==0);
4816 err=TIFFReadDirEntryLong(tif,dp,&data);
4817 if (err==TIFFReadDirEntryErrOk)
4818 {
4819 if (!TIFFSetField(tif,dp->tdir_tag,data))
4820 return(0);
4821 }
4822 }
4823 break;
4824 case TIFF_SETGET_UINT64:
4825 {
4826 uint64 data;
4827 assert(fip->field_readcount==1);
4828 assert(fip->field_passcount==0);
4829 err=TIFFReadDirEntryLong8(tif,dp,&data);
4830 if (err==TIFFReadDirEntryErrOk)
4831 {
4832 if (!TIFFSetField(tif,dp->tdir_tag,data))
4833 return(0);
4834 }
4835 }
4836 break;
4837 case TIFF_SETGET_FLOAT:
4838 {
4839 float data;
4840 assert(fip->field_readcount==1);
4841 assert(fip->field_passcount==0);
4842 err=TIFFReadDirEntryFloat(tif,dp,&data);
4843 if (err==TIFFReadDirEntryErrOk)
4844 {
4845 if (!TIFFSetField(tif,dp->tdir_tag,data))
4846 return(0);
4847 }
4848 }
4849 break;
4850 case TIFF_SETGET_DOUBLE:
4851 {
4852 double data;
4853 assert(fip->field_readcount==1);
4854 assert(fip->field_passcount==0);
4855 err=TIFFReadDirEntryDouble(tif,dp,&data);
4856 if (err==TIFFReadDirEntryErrOk)
4857 {
4858 if (!TIFFSetField(tif,dp->tdir_tag,data))
4859 return(0);
4860 }
4861 }
4862 break;
4863 case TIFF_SETGET_IFD8:
4864 {
4865 uint64 data;
4866 assert(fip->field_readcount==1);
4867 assert(fip->field_passcount==0);
4868 err=TIFFReadDirEntryIfd8(tif,dp,&data);
4869 if (err==TIFFReadDirEntryErrOk)
4870 {
4871 if (!TIFFSetField(tif,dp->tdir_tag,data))
4872 return(0);
4873 }
4874 }
4875 break;
4876 case TIFF_SETGET_UINT16_PAIR:
4877 {
4878 uint16* data;
4879 assert(fip->field_readcount==2);
4880 assert(fip->field_passcount==0);
4881 if (dp->tdir_count!=2) {
4882 TIFFWarningExt(tif->tif_clientdata,module,
4883 "incorrect count for field \"%s\", expected 2, got %d",
4884 fip->field_name,(int)dp->tdir_count);
4885 return(0);
4886 }
4887 err=TIFFReadDirEntryShortArray(tif,dp,&data);
4888 if (err==TIFFReadDirEntryErrOk)
4889 {
4890 int m;
4891 m=TIFFSetField(tif,dp->tdir_tag,data[0],data[1]);
4892 _TIFFfree(data);
4893 if (!m)
4894 return(0);
4895 }
4896 }
4897 break;
4898 case TIFF_SETGET_C0_UINT8:
4899 {
4900 uint8* data;
4901 assert(fip->field_readcount>=1);
4902 assert(fip->field_passcount==0);
4903 if (dp->tdir_count!=(uint64)fip->field_readcount) {
4904 TIFFWarningExt(tif->tif_clientdata,module,
4905 "incorrect count for field \"%s\", expected %d, got %d",
4906 fip->field_name,(int) fip->field_readcount, (int)dp->tdir_count);
4907 return 0;
4908 }
4909 else
4910 {
4911 err=TIFFReadDirEntryByteArray(tif,dp,&data);
4912 if (err==TIFFReadDirEntryErrOk)
4913 {
4914 int m;
4915 m=TIFFSetField(tif,dp->tdir_tag,data);
4916 if (data!=0)
4917 _TIFFfree(data);
4918 if (!m)
4919 return(0);
4920 }
4921 }
4922 }
4923 break;
4924 case TIFF_SETGET_C0_UINT16:
4925 {
4926 uint16* data;
4927 assert(fip->field_readcount>=1);
4928 assert(fip->field_passcount==0);
4929 if (dp->tdir_count!=(uint64)fip->field_readcount)
4930 /* corrupt file */;
4931 else
4932 {
4933 err=TIFFReadDirEntryShortArray(tif,dp,&data);
4934 if (err==TIFFReadDirEntryErrOk)
4935 {
4936 int m;
4937 m=TIFFSetField(tif,dp->tdir_tag,data);
4938 if (data!=0)
4939 _TIFFfree(data);
4940 if (!m)
4941 return(0);
4942 }
4943 }
4944 }
4945 break;
4946 case TIFF_SETGET_C0_UINT32:
4947 {
4948 uint32* data;
4949 assert(fip->field_readcount>=1);
4950 assert(fip->field_passcount==0);
4951 if (dp->tdir_count!=(uint64)fip->field_readcount)
4952 /* corrupt file */;
4953 else
4954 {
4955 err=TIFFReadDirEntryLongArray(tif,dp,&data);
4956 if (err==TIFFReadDirEntryErrOk)
4957 {
4958 int m;
4959 m=TIFFSetField(tif,dp->tdir_tag,data);
4960 if (data!=0)
4961 _TIFFfree(data);
4962 if (!m)
4963 return(0);
4964 }
4965 }
4966 }
4967 break;
4968 case TIFF_SETGET_C0_FLOAT:
4969 {
4970 float* data;
4971 assert(fip->field_readcount>=1);
4972 assert(fip->field_passcount==0);
4973 if (dp->tdir_count!=(uint64)fip->field_readcount)
4974 /* corrupt file */;
4975 else
4976 {
4977 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
4978 if (err==TIFFReadDirEntryErrOk)
4979 {
4980 int m;
4981 m=TIFFSetField(tif,dp->tdir_tag,data);
4982 if (data!=0)
4983 _TIFFfree(data);
4984 if (!m)
4985 return(0);
4986 }
4987 }
4988 }
4989 break;
4990 case TIFF_SETGET_C16_ASCII:
4991 {
4992 uint8* data;
4993 assert(fip->field_readcount==TIFF_VARIABLE);
4994 assert(fip->field_passcount==1);
4995 if (dp->tdir_count>0xFFFF)
4996 err=TIFFReadDirEntryErrCount;
4997 else
4998 {
4999 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5000 if (err==TIFFReadDirEntryErrOk)
5001 {
5002 int m;
5003 if( dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' )
5004 {
5005 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name);
5006 data[dp->tdir_count-1] = '\0';
5007 }
5008 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5009 if (data!=0)
5010 _TIFFfree(data);
5011 if (!m)
5012 return(0);
5013 }
5014 }
5015 }
5016 break;
5017 case TIFF_SETGET_C16_UINT8:
5018 {
5019 uint8* data;
5020 assert(fip->field_readcount==TIFF_VARIABLE);
5021 assert(fip->field_passcount==1);
5022 if (dp->tdir_count>0xFFFF)
5023 err=TIFFReadDirEntryErrCount;
5024 else
5025 {
5026 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5027 if (err==TIFFReadDirEntryErrOk)
5028 {
5029 int m;
5030 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5031 if (data!=0)
5032 _TIFFfree(data);
5033 if (!m)
5034 return(0);
5035 }
5036 }
5037 }
5038 break;
5039 case TIFF_SETGET_C16_UINT16:
5040 {
5041 uint16* data;
5042 assert(fip->field_readcount==TIFF_VARIABLE);
5043 assert(fip->field_passcount==1);
5044 if (dp->tdir_count>0xFFFF)
5045 err=TIFFReadDirEntryErrCount;
5046 else
5047 {
5048 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5049 if (err==TIFFReadDirEntryErrOk)
5050 {
5051 int m;
5052 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5053 if (data!=0)
5054 _TIFFfree(data);
5055 if (!m)
5056 return(0);
5057 }
5058 }
5059 }
5060 break;
5061 case TIFF_SETGET_C16_UINT32:
5062 {
5063 uint32* data;
5064 assert(fip->field_readcount==TIFF_VARIABLE);
5065 assert(fip->field_passcount==1);
5066 if (dp->tdir_count>0xFFFF)
5067 err=TIFFReadDirEntryErrCount;
5068 else
5069 {
5070 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5071 if (err==TIFFReadDirEntryErrOk)
5072 {
5073 int m;
5074 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5075 if (data!=0)
5076 _TIFFfree(data);
5077 if (!m)
5078 return(0);
5079 }
5080 }
5081 }
5082 break;
5083 case TIFF_SETGET_C16_UINT64:
5084 {
5085 uint64* data;
5086 assert(fip->field_readcount==TIFF_VARIABLE);
5087 assert(fip->field_passcount==1);
5088 if (dp->tdir_count>0xFFFF)
5089 err=TIFFReadDirEntryErrCount;
5090 else
5091 {
5092 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5093 if (err==TIFFReadDirEntryErrOk)
5094 {
5095 int m;
5096 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5097 if (data!=0)
5098 _TIFFfree(data);
5099 if (!m)
5100 return(0);
5101 }
5102 }
5103 }
5104 break;
5105 case TIFF_SETGET_C16_FLOAT:
5106 {
5107 float* data;
5108 assert(fip->field_readcount==TIFF_VARIABLE);
5109 assert(fip->field_passcount==1);
5110 if (dp->tdir_count>0xFFFF)
5111 err=TIFFReadDirEntryErrCount;
5112 else
5113 {
5114 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5115 if (err==TIFFReadDirEntryErrOk)
5116 {
5117 int m;
5118 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5119 if (data!=0)
5120 _TIFFfree(data);
5121 if (!m)
5122 return(0);
5123 }
5124 }
5125 }
5126 break;
5127 case TIFF_SETGET_C16_DOUBLE:
5128 {
5129 double* data;
5130 assert(fip->field_readcount==TIFF_VARIABLE);
5131 assert(fip->field_passcount==1);
5132 if (dp->tdir_count>0xFFFF)
5133 err=TIFFReadDirEntryErrCount;
5134 else
5135 {
5136 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5137 if (err==TIFFReadDirEntryErrOk)
5138 {
5139 int m;
5140 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5141 if (data!=0)
5142 _TIFFfree(data);
5143 if (!m)
5144 return(0);
5145 }
5146 }
5147 }
5148 break;
5149 case TIFF_SETGET_C16_IFD8:
5150 {
5151 uint64* data;
5152 assert(fip->field_readcount==TIFF_VARIABLE);
5153 assert(fip->field_passcount==1);
5154 if (dp->tdir_count>0xFFFF)
5155 err=TIFFReadDirEntryErrCount;
5156 else
5157 {
5158 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5159 if (err==TIFFReadDirEntryErrOk)
5160 {
5161 int m;
5162 m=TIFFSetField(tif,dp->tdir_tag,(uint16)(dp->tdir_count),data);
5163 if (data!=0)
5164 _TIFFfree(data);
5165 if (!m)
5166 return(0);
5167 }
5168 }
5169 }
5170 break;
5171 case TIFF_SETGET_C32_ASCII:
5172 {
5173 uint8* data;
5174 assert(fip->field_readcount==TIFF_VARIABLE2);
5175 assert(fip->field_passcount==1);
5176 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5177 if (err==TIFFReadDirEntryErrOk)
5178 {
5179 int m;
5180 if( dp->tdir_count > 0 && data[dp->tdir_count-1] != '\0' )
5181 {
5182 TIFFWarningExt(tif->tif_clientdata,module,"ASCII value for tag \"%s\" does not end in null byte. Forcing it to be null",fip->field_name);
5183 data[dp->tdir_count-1] = '\0';
5184 }
5185 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5186 if (data!=0)
5187 _TIFFfree(data);
5188 if (!m)
5189 return(0);
5190 }
5191 }
5192 break;
5193 case TIFF_SETGET_C32_UINT8:
5194 {
5195 uint8* data;
5196 assert(fip->field_readcount==TIFF_VARIABLE2);
5197 assert(fip->field_passcount==1);
5198 err=TIFFReadDirEntryByteArray(tif,dp,&data);
5199 if (err==TIFFReadDirEntryErrOk)
5200 {
5201 int m;
5202 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5203 if (data!=0)
5204 _TIFFfree(data);
5205 if (!m)
5206 return(0);
5207 }
5208 }
5209 break;
5210 case TIFF_SETGET_C32_SINT8:
5211 {
5212 int8* data = NULL;
5213 assert(fip->field_readcount==TIFF_VARIABLE2);
5214 assert(fip->field_passcount==1);
5215 err=TIFFReadDirEntrySbyteArray(tif,dp,&data);
5216 if (err==TIFFReadDirEntryErrOk)
5217 {
5218 int m;
5219 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5220 if (data!=0)
5221 _TIFFfree(data);
5222 if (!m)
5223 return(0);
5224 }
5225 }
5226 break;
5227 case TIFF_SETGET_C32_UINT16:
5228 {
5229 uint16* data;
5230 assert(fip->field_readcount==TIFF_VARIABLE2);
5231 assert(fip->field_passcount==1);
5232 err=TIFFReadDirEntryShortArray(tif,dp,&data);
5233 if (err==TIFFReadDirEntryErrOk)
5234 {
5235 int m;
5236 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5237 if (data!=0)
5238 _TIFFfree(data);
5239 if (!m)
5240 return(0);
5241 }
5242 }
5243 break;
5244 case TIFF_SETGET_C32_SINT16:
5245 {
5246 int16* data = NULL;
5247 assert(fip->field_readcount==TIFF_VARIABLE2);
5248 assert(fip->field_passcount==1);
5249 err=TIFFReadDirEntrySshortArray(tif,dp,&data);
5250 if (err==TIFFReadDirEntryErrOk)
5251 {
5252 int m;
5253 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5254 if (data!=0)
5255 _TIFFfree(data);
5256 if (!m)
5257 return(0);
5258 }
5259 }
5260 break;
5261 case TIFF_SETGET_C32_UINT32:
5262 {
5263 uint32* data;
5264 assert(fip->field_readcount==TIFF_VARIABLE2);
5265 assert(fip->field_passcount==1);
5266 err=TIFFReadDirEntryLongArray(tif,dp,&data);
5267 if (err==TIFFReadDirEntryErrOk)
5268 {
5269 int m;
5270 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5271 if (data!=0)
5272 _TIFFfree(data);
5273 if (!m)
5274 return(0);
5275 }
5276 }
5277 break;
5278 case TIFF_SETGET_C32_SINT32:
5279 {
5280 int32* data = NULL;
5281 assert(fip->field_readcount==TIFF_VARIABLE2);
5282 assert(fip->field_passcount==1);
5283 err=TIFFReadDirEntrySlongArray(tif,dp,&data);
5284 if (err==TIFFReadDirEntryErrOk)
5285 {
5286 int m;
5287 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5288 if (data!=0)
5289 _TIFFfree(data);
5290 if (!m)
5291 return(0);
5292 }
5293 }
5294 break;
5295 case TIFF_SETGET_C32_UINT64:
5296 {
5297 uint64* data;
5298 assert(fip->field_readcount==TIFF_VARIABLE2);
5299 assert(fip->field_passcount==1);
5300 err=TIFFReadDirEntryLong8Array(tif,dp,&data);
5301 if (err==TIFFReadDirEntryErrOk)
5302 {
5303 int m;
5304 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5305 if (data!=0)
5306 _TIFFfree(data);
5307 if (!m)
5308 return(0);
5309 }
5310 }
5311 break;
5312 case TIFF_SETGET_C32_SINT64:
5313 {
5314 int64* data = NULL;
5315 assert(fip->field_readcount==TIFF_VARIABLE2);
5316 assert(fip->field_passcount==1);
5317 err=TIFFReadDirEntrySlong8Array(tif,dp,&data);
5318 if (err==TIFFReadDirEntryErrOk)
5319 {
5320 int m;
5321 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5322 if (data!=0)
5323 _TIFFfree(data);
5324 if (!m)
5325 return(0);
5326 }
5327 }
5328 break;
5329 case TIFF_SETGET_C32_FLOAT:
5330 {
5331 float* data;
5332 assert(fip->field_readcount==TIFF_VARIABLE2);
5333 assert(fip->field_passcount==1);
5334 err=TIFFReadDirEntryFloatArray(tif,dp,&data);
5335 if (err==TIFFReadDirEntryErrOk)
5336 {
5337 int m;
5338 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5339 if (data!=0)
5340 _TIFFfree(data);
5341 if (!m)
5342 return(0);
5343 }
5344 }
5345 break;
5346 case TIFF_SETGET_C32_DOUBLE:
5347 {
5348 double* data;
5349 assert(fip->field_readcount==TIFF_VARIABLE2);
5350 assert(fip->field_passcount==1);
5351 err=TIFFReadDirEntryDoubleArray(tif,dp,&data);
5352 if (err==TIFFReadDirEntryErrOk)
5353 {
5354 int m;
5355 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5356 if (data!=0)
5357 _TIFFfree(data);
5358 if (!m)
5359 return(0);
5360 }
5361 }
5362 break;
5363 case TIFF_SETGET_C32_IFD8:
5364 {
5365 uint64* data;
5366 assert(fip->field_readcount==TIFF_VARIABLE2);
5367 assert(fip->field_passcount==1);
5368 err=TIFFReadDirEntryIfd8Array(tif,dp,&data);
5369 if (err==TIFFReadDirEntryErrOk)
5370 {
5371 int m;
5372 m=TIFFSetField(tif,dp->tdir_tag,(uint32)(dp->tdir_count),data);
5373 if (data!=0)
5374 _TIFFfree(data);
5375 if (!m)
5376 return(0);
5377 }
5378 }
5379 break;
5380 default:
5381 assert(0); /* we should never get here */
5382 break;
5383 }
5384 if (err!=TIFFReadDirEntryErrOk)
5385 {
5386 TIFFReadDirEntryOutputErr(tif,err,module,fip->field_name,recover);
5387 return(0);
5388 }
5389 return(1);
5390 }
5391
5392 /*
5393 * Fetch a set of offsets or lengths.
5394 * While this routine says "strips", in fact it's also used for tiles.
5395 */
5396 static int
TIFFFetchStripThing(TIFF * tif,TIFFDirEntry * dir,uint32 nstrips,uint64 ** lpp)5397 TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp)
5398 {
5399 static const char module[] = "TIFFFetchStripThing";
5400 enum TIFFReadDirEntryErr err;
5401 uint64* data;
5402 err=TIFFReadDirEntryLong8Array(tif,dir,&data);
5403 if (err!=TIFFReadDirEntryErrOk)
5404 {
5405 const TIFFField* fip = TIFFFieldWithTag(tif,dir->tdir_tag);
5406 TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0);
5407 return(0);
5408 }
5409 if (dir->tdir_count!=(uint64)nstrips)
5410 {
5411 uint64* resizeddata;
5412 resizeddata=(uint64*)_TIFFCheckMalloc(tif,nstrips,sizeof(uint64),"for strip array");
5413 if (resizeddata==0) {
5414 _TIFFfree(data);
5415 return(0);
5416 }
5417 if (dir->tdir_count<(uint64)nstrips)
5418 {
5419 _TIFFmemcpy(resizeddata,data,(uint32)dir->tdir_count*sizeof(uint64));
5420 _TIFFmemset(resizeddata+(uint32)dir->tdir_count,0,(nstrips-(uint32)dir->tdir_count)*sizeof(uint64));
5421 }
5422 else
5423 _TIFFmemcpy(resizeddata,data,nstrips*sizeof(uint64));
5424 _TIFFfree(data);
5425 data=resizeddata;
5426 }
5427 *lpp=data;
5428 return(1);
5429 }
5430
5431 /*
5432 * Fetch and set the SubjectDistance EXIF tag.
5433 */
5434 static int
TIFFFetchSubjectDistance(TIFF * tif,TIFFDirEntry * dir)5435 TIFFFetchSubjectDistance(TIFF* tif, TIFFDirEntry* dir)
5436 {
5437 static const char module[] = "TIFFFetchSubjectDistance";
5438 enum TIFFReadDirEntryErr err;
5439 UInt64Aligned_t m;
5440 m.l=0;
5441 assert(sizeof(double)==8);
5442 assert(sizeof(uint64)==8);
5443 assert(sizeof(uint32)==4);
5444 if (dir->tdir_count!=1)
5445 err=TIFFReadDirEntryErrCount;
5446 else if (dir->tdir_type!=TIFF_RATIONAL)
5447 err=TIFFReadDirEntryErrType;
5448 else
5449 {
5450 if (!(tif->tif_flags&TIFF_BIGTIFF))
5451 {
5452 uint32 offset;
5453 offset=*(uint32*)(&dir->tdir_offset);
5454 if (tif->tif_flags&TIFF_SWAB)
5455 TIFFSwabLong(&offset);
5456 err=TIFFReadDirEntryData(tif,offset,8,m.i);
5457 }
5458 else
5459 {
5460 m.l=dir->tdir_offset.toff_long8;
5461 err=TIFFReadDirEntryErrOk;
5462 }
5463 }
5464 if (err==TIFFReadDirEntryErrOk)
5465 {
5466 double n;
5467 if (tif->tif_flags&TIFF_SWAB)
5468 TIFFSwabArrayOfLong(m.i,2);
5469 if (m.i[0]==0)
5470 n=0.0;
5471 else if (m.i[0]==0xFFFFFFFF)
5472 /*
5473 * XXX: Numerator 0xFFFFFFFF means that we have infinite
5474 * distance. Indicate that with a negative floating point
5475 * SubjectDistance value.
5476 */
5477 n=-1.0;
5478 else
5479 n=(double)m.i[0]/(double)m.i[1];
5480 return(TIFFSetField(tif,dir->tdir_tag,n));
5481 }
5482 else
5483 {
5484 TIFFReadDirEntryOutputErr(tif,err,module,"SubjectDistance",TRUE);
5485 return(0);
5486 }
5487 }
5488
5489 /*
5490 * Replace a single strip (tile) of uncompressed data by multiple strips
5491 * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for
5492 * dealing with large images or for dealing with machines with a limited
5493 * amount memory.
5494 */
5495 static void
ChopUpSingleUncompressedStrip(TIFF * tif)5496 ChopUpSingleUncompressedStrip(TIFF* tif)
5497 {
5498 register TIFFDirectory *td = &tif->tif_dir;
5499 uint64 bytecount;
5500 uint64 offset;
5501 uint32 rowblock;
5502 uint64 rowblockbytes;
5503 uint64 stripbytes;
5504 uint32 strip;
5505 uint64 nstrips64;
5506 uint32 nstrips32;
5507 uint32 rowsperstrip;
5508 uint64* newcounts;
5509 uint64* newoffsets;
5510
5511 bytecount = td->td_stripbytecount[0];
5512 offset = td->td_stripoffset[0];
5513 assert(td->td_planarconfig == PLANARCONFIG_CONTIG);
5514 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&&
5515 (!isUpSampled(tif)))
5516 rowblock = td->td_ycbcrsubsampling[1];
5517 else
5518 rowblock = 1;
5519 rowblockbytes = TIFFVTileSize64(tif, rowblock);
5520 /*
5521 * Make the rows hold at least one scanline, but fill specified amount
5522 * of data if possible.
5523 */
5524 if (rowblockbytes > STRIP_SIZE_DEFAULT) {
5525 stripbytes = rowblockbytes;
5526 rowsperstrip = rowblock;
5527 } else if (rowblockbytes > 0 ) {
5528 uint32 rowblocksperstrip;
5529 rowblocksperstrip = (uint32) (STRIP_SIZE_DEFAULT / rowblockbytes);
5530 rowsperstrip = rowblocksperstrip * rowblock;
5531 stripbytes = rowblocksperstrip * rowblockbytes;
5532 }
5533 else
5534 return;
5535
5536 /*
5537 * never increase the number of strips in an image
5538 */
5539 if (rowsperstrip >= td->td_rowsperstrip)
5540 return;
5541 nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
5542 if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
5543 return;
5544 nstrips32 = (uint32)nstrips64;
5545
5546 newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
5547 "for chopped \"StripByteCounts\" array");
5548 newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
5549 "for chopped \"StripOffsets\" array");
5550 if (newcounts == NULL || newoffsets == NULL) {
5551 /*
5552 * Unable to allocate new strip information, give up and use
5553 * the original one strip information.
5554 */
5555 if (newcounts != NULL)
5556 _TIFFfree(newcounts);
5557 if (newoffsets != NULL)
5558 _TIFFfree(newoffsets);
5559 return;
5560 }
5561 /*
5562 * Fill the strip information arrays with new bytecounts and offsets
5563 * that reflect the broken-up format.
5564 */
5565 for (strip = 0; strip < nstrips32; strip++) {
5566 if (stripbytes > bytecount)
5567 stripbytes = bytecount;
5568 newcounts[strip] = stripbytes;
5569 newoffsets[strip] = offset;
5570 offset += stripbytes;
5571 bytecount -= stripbytes;
5572 }
5573 /*
5574 * Replace old single strip info with multi-strip info.
5575 */
5576 td->td_stripsperimage = td->td_nstrips = nstrips32;
5577 TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
5578
5579 _TIFFfree(td->td_stripbytecount);
5580 _TIFFfree(td->td_stripoffset);
5581 td->td_stripbytecount = newcounts;
5582 td->td_stripoffset = newoffsets;
5583 td->td_stripbytecountsorted = 1;
5584 }
5585
_TIFFFillStriles(TIFF * tif)5586 int _TIFFFillStriles( TIFF *tif )
5587 {
5588 return _TIFFFillStrilesInternal( tif, 1 );
5589 }
5590
_TIFFFillStrilesInternal(TIFF * tif,int loadStripByteCount)5591 static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount )
5592 {
5593 #if defined(DEFER_STRILE_LOAD)
5594 register TIFFDirectory *td = &tif->tif_dir;
5595 int return_value = 1;
5596
5597 if( td->td_stripoffset != NULL )
5598 return 1;
5599
5600 if( td->td_stripoffset_entry.tdir_count == 0 )
5601 return 0;
5602
5603 if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry),
5604 td->td_nstrips,&td->td_stripoffset))
5605 {
5606 return_value = 0;
5607 }
5608
5609 if (loadStripByteCount &&
5610 !TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry),
5611 td->td_nstrips,&td->td_stripbytecount))
5612 {
5613 return_value = 0;
5614 }
5615
5616 _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry));
5617 _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry));
5618
5619 if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) {
5620 uint32 strip;
5621
5622 tif->tif_dir.td_stripbytecountsorted = 1;
5623 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) {
5624 if (tif->tif_dir.td_stripoffset[strip - 1] >
5625 tif->tif_dir.td_stripoffset[strip]) {
5626 tif->tif_dir.td_stripbytecountsorted = 0;
5627 break;
5628 }
5629 }
5630 }
5631
5632 return return_value;
5633 #else /* !defined(DEFER_STRILE_LOAD) */
5634 (void) tif;
5635 (void) loadStripByteCount;
5636 return 1;
5637 #endif
5638 }
5639
5640
5641 /* vim: set ts=8 sts=8 sw=8 noet: */
5642 /*
5643 * Local Variables:
5644 * mode: c
5645 * c-basic-offset: 8
5646 * fill-column: 78
5647 * End:
5648 */
5649