+1 -1

dll/3rdparty/libtiff/mkg3states.c

··· 40 40 #include "tif_fax3.h" 41 41 42 42 #ifndef HAVE_GETOPT 43 43 - extern int getopt(int, char**, char*); 43 43 + extern int getopt(int argc, char * const argv[], const char *optstring); 44 44 #endif 45 45 46 46 #define streq(a,b) (strcmp(a,b) == 0)

+60 -15

dll/3rdparty/libtiff/tif_aux.c

··· 31 31 #include <precomp.h> 32 32 #include "tif_predict.h" 33 33 #include <math.h> 34 34 + #include <float.h> 34 35 35 36 uint32 36 37 _TIFFMultiply32(TIFF* tif, uint32 first, uint32 second, const char* where) 37 38 { 38 38 - uint32 bytes = first * second; 39 39 - 40 40 - if (second && bytes / second != first) { 39 39 + if (second && first > TIFF_UINT32_MAX / second) { 41 40 TIFFErrorExt(tif->tif_clientdata, where, "Integer overflow in %s", where); 42 42 - bytes = 0; 41 41 + return 0; 43 42 } 44 43 45 45 - return bytes; 44 44 + return first * second; 46 45 } 47 46 48 47 uint64 49 48 _TIFFMultiply64(TIFF* tif, uint64 first, uint64 second, const char* where) 50 49 { 51 51 - uint64 bytes = first * second; 52 52 - 53 53 - if (second && bytes / second != first) { 50 50 + if (second && first > TIFF_UINT64_MAX / second) { 54 51 TIFFErrorExt(tif->tif_clientdata, where, "Integer overflow in %s", where); 55 55 - bytes = 0; 52 52 + return 0; 56 53 } 57 54 58 58 - return bytes; 55 55 + return first * second; 56 56 + } 57 57 + 58 58 + tmsize_t 59 59 + _TIFFMultiplySSize(TIFF* tif, tmsize_t first, tmsize_t second, const char* where) 60 60 + { 61 61 + if( first <= 0 || second <= 0 ) 62 62 + { 63 63 + if( tif != NULL && where != NULL ) 64 64 + { 65 65 + TIFFErrorExt(tif->tif_clientdata, where, 66 66 + "Invalid argument to _TIFFMultiplySSize() in %s", where); 67 67 + } 68 68 + return 0; 69 69 + } 70 70 + 71 71 + if( first > TIFF_TMSIZE_T_MAX / second ) 72 72 + { 73 73 + if( tif != NULL && where != NULL ) 74 74 + { 75 75 + TIFFErrorExt(tif->tif_clientdata, where, 76 76 + "Integer overflow in %s", where); 77 77 + } 78 78 + return 0; 79 79 + } 80 80 + return first * second; 81 81 + } 82 82 + 83 83 + tmsize_t _TIFFCastUInt64ToSSize(TIFF* tif, uint64 val, const char* module) 84 84 + { 85 85 + if( val > (uint64)TIFF_TMSIZE_T_MAX ) 86 86 + { 87 87 + if( tif != NULL && module != NULL ) 88 88 + { 89 89 + TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 90 90 + } 91 91 + return 0; 92 92 + } 93 93 + return (tmsize_t)val; 59 94 } 60 95 61 96 void* ··· 63 98 tmsize_t nmemb, tmsize_t elem_size, const char* what) 64 99 { 65 100 void* cp = NULL; 66 66 - tmsize_t bytes = nmemb * elem_size; 67 67 - 101 101 + tmsize_t count = _TIFFMultiplySSize(tif, nmemb, elem_size, NULL); 68 102 /* 69 69 - * XXX: Check for integer overflow. 103 103 + * Check for integer overflow. 70 104 */ 71 71 - if (nmemb && elem_size && bytes / elem_size == nmemb) 72 72 - cp = _TIFFrealloc(buffer, bytes); 105 105 + if (count != 0) 106 106 + { 107 107 + cp = _TIFFrealloc(buffer, count); 108 108 + } 73 109 74 110 if (cp == NULL) { 75 111 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, ··· 356 392 df += 18446744073709551616.0; /* adding 2**64 */ 357 393 return (double)df; 358 394 } 395 395 + } 396 396 + 397 397 + float _TIFFClampDoubleToFloat( double val ) 398 398 + { 399 399 + if( val > FLT_MAX ) 400 400 + return FLT_MAX; 401 401 + if( val < -FLT_MAX ) 402 402 + return -FLT_MAX; 403 403 + return (float)val; 359 404 } 360 405 361 406 int _TIFFSeekOK(TIFF* tif, toff_t off)

+42 -24

dll/3rdparty/libtiff/tif_dir.c

··· 47 47 *vpp = 0; 48 48 } 49 49 if (vp) { 50 50 - tmsize_t bytes = (tmsize_t)(nmemb * elem_size); 51 51 - if (elem_size && bytes / elem_size == nmemb) 50 50 + tmsize_t bytes = _TIFFMultiplySSize(NULL, nmemb, elem_size, NULL); 51 51 + if (bytes) 52 52 *vpp = (void*) _TIFFmalloc(bytes); 53 53 if (*vpp) 54 54 _TIFFmemcpy(*vpp, vp, bytes); ··· 88 88 * Install extra samples information. 89 89 */ 90 90 static int 91 91 - setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v) 91 91 + setExtraSamples(TIFF* tif, va_list ap, uint32* v) 92 92 { 93 93 /* XXX: Unassociated alpha data == 999 is a known Corel Draw bug, see below */ 94 94 #define EXTRASAMPLE_COREL_UNASSALPHA 999 95 95 96 96 uint16* va; 97 97 uint32 i; 98 98 + TIFFDirectory* td = &tif->tif_dir; 99 99 + static const char module[] = "setExtraSamples"; 98 100 99 101 *v = (uint16) va_arg(ap, uint16_vap); 100 102 if ((uint16) *v > td->td_samplesperpixel) ··· 116 118 return 0; 117 119 } 118 120 } 121 121 + 122 122 + if ( td->td_transferfunction[0] != NULL && (td->td_samplesperpixel - *v > 1) && 123 123 + !(td->td_samplesperpixel - td->td_extrasamples > 1)) 124 124 + { 125 125 + TIFFWarningExt(tif->tif_clientdata,module, 126 126 + "ExtraSamples tag value is changing, " 127 127 + "but TransferFunction was read with a different value. Cancelling it"); 128 128 + TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION); 129 129 + _TIFFfree(td->td_transferfunction[0]); 130 130 + td->td_transferfunction[0] = NULL; 131 131 + } 132 132 + 119 133 td->td_extrasamples = (uint16) *v; 120 134 _TIFFsetShortArray(&td->td_sampleinfo, va, td->td_extrasamples); 121 135 return 1; ··· 151 165 td->td_samplesperpixel, 152 166 td->td_samplesperpixel-i); 153 167 return (0); 154 154 - } 155 155 - 156 156 - static float TIFFClampDoubleToFloat( double val ) 157 157 - { 158 158 - if( val > FLT_MAX ) 159 159 - return FLT_MAX; 160 160 - if( val < -FLT_MAX ) 161 161 - return -FLT_MAX; 162 162 - return (float)val; 163 168 } 164 169 165 170 static int ··· 285 290 _TIFFfree(td->td_smaxsamplevalue); 286 291 td->td_smaxsamplevalue = NULL; 287 292 } 293 293 + /* Test if 3 transfer functions instead of just one are now needed 294 294 + See http://bugzilla.maptools.org/show_bug.cgi?id=2820 */ 295 295 + if( td->td_transferfunction[0] != NULL && (v - td->td_extrasamples > 1) && 296 296 + !(td->td_samplesperpixel - td->td_extrasamples > 1)) 297 297 + { 298 298 + TIFFWarningExt(tif->tif_clientdata,module, 299 299 + "SamplesPerPixel tag value is changing, " 300 300 + "but TransferFunction was read with a different value. Cancelling it"); 301 301 + TIFFClrFieldBit(tif,FIELD_TRANSFERFUNCTION); 302 302 + _TIFFfree(td->td_transferfunction[0]); 303 303 + td->td_transferfunction[0] = NULL; 304 304 + } 288 305 } 289 306 td->td_samplesperpixel = (uint16) v; 290 307 break; ··· 320 337 dblval = va_arg(ap, double); 321 338 if( dblval < 0 ) 322 339 goto badvaluedouble; 323 323 - td->td_xresolution = TIFFClampDoubleToFloat( dblval ); 340 340 + td->td_xresolution = _TIFFClampDoubleToFloat( dblval ); 324 341 break; 325 342 case TIFFTAG_YRESOLUTION: 326 343 dblval = va_arg(ap, double); 327 344 if( dblval < 0 ) 328 345 goto badvaluedouble; 329 329 - td->td_yresolution = TIFFClampDoubleToFloat( dblval ); 346 346 + td->td_yresolution = _TIFFClampDoubleToFloat( dblval ); 330 347 break; 331 348 case TIFFTAG_PLANARCONFIG: 332 349 v = (uint16) va_arg(ap, uint16_vap); ··· 335 352 td->td_planarconfig = (uint16) v; 336 353 break; 337 354 case TIFFTAG_XPOSITION: 338 338 - td->td_xposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); 355 355 + td->td_xposition = _TIFFClampDoubleToFloat( va_arg(ap, double) ); 339 356 break; 340 357 case TIFFTAG_YPOSITION: 341 341 - td->td_yposition = TIFFClampDoubleToFloat( va_arg(ap, double) ); 358 358 + td->td_yposition = _TIFFClampDoubleToFloat( va_arg(ap, double) ); 342 359 break; 343 360 case TIFFTAG_RESOLUTIONUNIT: 344 361 v = (uint16) va_arg(ap, uint16_vap); ··· 361 378 _TIFFsetShortArray(&td->td_colormap[2], va_arg(ap, uint16*), v32); 362 379 break; 363 380 case TIFFTAG_EXTRASAMPLES: 364 364 - if (!setExtraSamples(td, ap, &v)) 381 381 + if (!setExtraSamples(tif, ap, &v)) 365 382 goto badvalue; 366 383 break; 367 384 case TIFFTAG_MATTEING: ··· 684 701 case TIFF_SRATIONAL: 685 702 case TIFF_FLOAT: 686 703 { 687 687 - float v2 = TIFFClampDoubleToFloat(va_arg(ap, double)); 704 704 + float v2 = _TIFFClampDoubleToFloat(va_arg(ap, double)); 688 705 _TIFFmemcpy(val, &v2, tv_size); 689 706 } 690 707 break; ··· 1002 1019 case TIFFTAG_STRIPOFFSETS: 1003 1020 case TIFFTAG_TILEOFFSETS: 1004 1021 _TIFFFillStriles( tif ); 1005 1005 - *va_arg(ap, uint64**) = td->td_stripoffset; 1022 1022 + *va_arg(ap, uint64**) = td->td_stripoffset_p; 1006 1023 break; 1007 1024 case TIFFTAG_STRIPBYTECOUNTS: 1008 1025 case TIFFTAG_TILEBYTECOUNTS: 1009 1026 _TIFFFillStriles( tif ); 1010 1010 - *va_arg(ap, uint64**) = td->td_stripbytecount; 1027 1027 + *va_arg(ap, uint64**) = td->td_stripbytecount_p; 1011 1028 break; 1012 1029 case TIFFTAG_MATTEING: 1013 1030 *va_arg(ap, uint16*) = ··· 1266 1283 CleanupField(td_transferfunction[0]); 1267 1284 CleanupField(td_transferfunction[1]); 1268 1285 CleanupField(td_transferfunction[2]); 1269 1269 - CleanupField(td_stripoffset); 1270 1270 - CleanupField(td_stripbytecount); 1286 1286 + CleanupField(td_stripoffset_p); 1287 1287 + CleanupField(td_stripbytecount_p); 1288 1288 + td->td_stripoffsetbyteallocsize = 0; 1271 1289 TIFFClrFieldBit(tif, FIELD_YCBCRSUBSAMPLING); 1272 1290 TIFFClrFieldBit(tif, FIELD_YCBCRPOSITIONING); 1273 1291 ··· 1280 1298 td->td_customValueCount = 0; 1281 1299 CleanupField(td_customValues); 1282 1300 1283 1283 - #if defined(DEFER_STRILE_LOAD) 1284 1301 _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry)); 1285 1302 _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry)); 1286 1286 - #endif 1287 1303 } 1288 1304 #undef CleanupField 1289 1305 ··· 1371 1387 td->td_tilewidth = 0; 1372 1388 td->td_tilelength = 0; 1373 1389 td->td_tiledepth = 1; 1390 1390 + #ifdef STRIPBYTECOUNTSORTED_UNUSED 1374 1391 td->td_stripbytecountsorted = 1; /* Our own arrays always sorted. */ 1392 1392 + #endif 1375 1393 td->td_resolutionunit = RESUNIT_INCH; 1376 1394 td->td_sampleformat = SAMPLEFORMAT_UINT; 1377 1395 td->td_imagedepth = 1;

+879 -358

dll/3rdparty/libtiff/tif_dirread.c

··· 29 29 */ 30 30 31 31 /* Suggested pending improvements: 32 32 - * - add a field 'ignore' to the TIFFDirEntry structure, to flag status, 33 33 - * eliminating current use of the IGNORE value, and therefore eliminating 34 34 - * current irrational behaviour on tags with tag id code 0 35 32 * - add a field 'field_info' to the TIFFDirEntry structure, and set that with 36 33 * the pointer to the appropriate TIFFField structure early on in 37 34 * TIFFReadDirectory, so as to eliminate current possibly repetitive lookup. ··· 41 38 #include <float.h> 42 39 #include <stdlib.h> 43 40 44 44 - #define IGNORE 0 /* tag placeholder used below */ 45 41 #define FAILED_FII ((uint32) -1) 42 42 + 43 43 + /* 44 44 + * Largest 64-bit signed integer value. 45 45 + */ 46 46 + #define TIFF_INT64_MAX ((int64)(TIFF_UINT64_MAX >> 1)) 46 47 47 48 #ifdef HAVE_IEEEFP 48 49 # define TIFFCvtIEEEFloatToNative(tif, n, fp) ··· 164 165 static int TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32 nstrips, uint64** lpp); 165 166 static int TIFFFetchSubjectDistance(TIFF*, TIFFDirEntry*); 166 167 static void ChopUpSingleUncompressedStrip(TIFF*); 168 168 + static void TryChopUpUncompressedBigTiff(TIFF*); 167 169 static uint64 TIFFReadUInt64(const uint8 *value); 168 170 static int _TIFFGetMaxColorChannels(uint16 photometric); 169 171 ··· 205 207 switch (direntry->tdir_type) 206 208 { 207 209 case TIFF_BYTE: 210 210 + case TIFF_UNDEFINED: /* Support to read TIFF_UNDEFINED with field_readcount==1 */ 208 211 TIFFReadDirEntryCheckedByte(tif,direntry,value); 209 212 return(TIFFReadDirEntryErrOk); 210 213 case TIFF_SBYTE: ··· 3287 3290 return(TIFFReadDirEntryErrOk); 3288 3291 } 3289 3292 3290 3290 - /* 3291 3291 - * Largest 32-bit unsigned integer value. 3292 3292 - */ 3293 3293 - #define TIFF_UINT32_MAX 0xFFFFFFFFU 3294 3294 - 3295 3293 static enum TIFFReadDirEntryErr 3296 3294 TIFFReadDirEntryCheckRangeLongLong8(uint64 value) 3297 3295 { ··· 3309 3307 else 3310 3308 return(TIFFReadDirEntryErrOk); 3311 3309 } 3312 3312 - 3313 3313 - #undef TIFF_UINT32_MAX 3314 3310 3315 3311 static enum TIFFReadDirEntryErr 3316 3312 TIFFReadDirEntryCheckRangeSlongLong(uint32 value) ··· 3377 3373 return(TIFFReadDirEntryErrOk); 3378 3374 } 3379 3375 3380 3380 - /* 3381 3381 - * Largest 64-bit signed integer value. 3382 3382 - */ 3383 3383 - #define TIFF_INT64_MAX ((int64)(((uint64) ~0) >> 1)) 3384 3384 - 3385 3376 static enum TIFFReadDirEntryErr 3386 3377 TIFFReadDirEntryCheckRangeSlong8Long8(uint64 value) 3387 3378 { ··· 3391 3382 return(TIFFReadDirEntryErrOk); 3392 3383 } 3393 3384 3394 3394 - #undef TIFF_INT64_MAX 3395 3395 - 3396 3385 static enum TIFFReadDirEntryErr 3397 3386 TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest) 3398 3387 { ··· 3405 3394 } else { 3406 3395 size_t ma,mb; 3407 3396 ma=(size_t)offset; 3397 3397 + if( (uint64)ma!=offset || 3398 3398 + ma > (~(size_t)0) - (size_t)size ) 3399 3399 + { 3400 3400 + return TIFFReadDirEntryErrIo; 3401 3401 + } 3408 3402 mb=ma+size; 3409 3409 - if (((uint64)ma!=offset) 3410 3410 - || (mb < ma) 3411 3411 - || (mb - ma != (size_t) size) 3412 3412 - || (mb < (size_t)size) 3413 3413 - || (mb > (size_t)tif->tif_size) 3414 3414 - ) 3403 3403 + if (mb > (size_t)tif->tif_size) 3415 3404 return(TIFFReadDirEntryErrIo); 3416 3405 _TIFFmemcpy(dest,tif->tif_base+ma,size); 3417 3406 } ··· 3534 3523 } 3535 3524 } 3536 3525 3526 3526 + static int ByteCountLooksBad(TIFF* tif) 3527 3527 + { 3528 3528 + /* 3529 3529 + * Assume we have wrong StripByteCount value (in case 3530 3530 + * of single strip) in following cases: 3531 3531 + * - it is equal to zero along with StripOffset; 3532 3532 + * - it is larger than file itself (in case of uncompressed 3533 3533 + * image); 3534 3534 + * - it is smaller than the size of the bytes per row 3535 3535 + * multiplied on the number of rows. The last case should 3536 3536 + * not be checked in the case of writing new image, 3537 3537 + * because we may do not know the exact strip size 3538 3538 + * until the whole image will be written and directory 3539 3539 + * dumped out. 3540 3540 + */ 3541 3541 + uint64 bytecount = TIFFGetStrileByteCount(tif, 0); 3542 3542 + uint64 offset = TIFFGetStrileOffset(tif, 0); 3543 3543 + uint64 filesize; 3544 3544 + 3545 3545 + if( offset == 0 ) 3546 3546 + return 0; 3547 3547 + if (bytecount == 0) 3548 3548 + return 1; 3549 3549 + if ( tif->tif_dir.td_compression != COMPRESSION_NONE ) 3550 3550 + return 0; 3551 3551 + filesize = TIFFGetFileSize(tif); 3552 3552 + if( offset <= filesize && bytecount > filesize - offset ) 3553 3553 + return 1; 3554 3554 + if( tif->tif_mode == O_RDONLY ) 3555 3555 + { 3556 3556 + uint64 scanlinesize = TIFFScanlineSize64(tif); 3557 3557 + if( tif->tif_dir.td_imagelength > 0 && 3558 3558 + scanlinesize > TIFF_UINT64_MAX / tif->tif_dir.td_imagelength ) 3559 3559 + { 3560 3560 + return 1; 3561 3561 + } 3562 3562 + if( bytecount < scanlinesize * tif->tif_dir.td_imagelength) 3563 3563 + return 1; 3564 3564 + } 3565 3565 + return 0; 3566 3566 + } 3567 3567 + 3568 3568 + 3537 3569 /* 3538 3570 * Read the next TIFF directory from a file and convert it to the internal 3539 3571 * format. We read directories sequentially. ··· 3580 3612 uint16 nb; 3581 3613 for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++) 3582 3614 { 3583 3583 - if (ma->tdir_tag==na->tdir_tag) 3584 3584 - na->tdir_tag=IGNORE; 3615 3615 + if (ma->tdir_tag == na->tdir_tag) { 3616 3616 + na->tdir_ignore = TRUE; 3617 3617 + } 3585 3618 } 3586 3619 } 3587 3620 } 3588 3621 3589 3622 tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */ 3590 3623 tif->tif_flags &= ~TIFF_BUF4WRITE; /* reset before new dir */ 3624 3624 + tif->tif_flags &= ~TIFF_CHOPPEDUPARRAYS; 3625 3625 + 3591 3626 /* free any old stuff and reinit */ 3592 3627 TIFFFreeDirectory(tif); 3593 3628 TIFFDefaultDirectory(tif); ··· 3620 3655 { 3621 3656 if (!TIFFFetchNormalTag(tif,dp,0)) 3622 3657 goto bad; 3623 3623 - dp->tdir_tag=IGNORE; 3658 3658 + dp->tdir_ignore = TRUE; 3624 3659 } 3625 3660 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_COMPRESSION); 3626 3661 if (dp) ··· 3643 3678 } 3644 3679 if (!TIFFSetField(tif,TIFFTAG_COMPRESSION,value)) 3645 3680 goto bad; 3646 3646 - dp->tdir_tag=IGNORE; 3681 3681 + dp->tdir_ignore = TRUE; 3647 3682 } 3648 3683 else 3649 3684 { ··· 3655 3690 */ 3656 3691 for (di=0, dp=dir; di<dircount; di++, dp++) 3657 3692 { 3658 3658 - if (dp->tdir_tag!=IGNORE) 3693 3693 + if (!dp->tdir_ignore) 3659 3694 { 3660 3695 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); 3661 3696 if (fii == FAILED_FII) ··· 3663 3698 TIFFWarningExt(tif->tif_clientdata, module, 3664 3699 "Unknown field with tag %d (0x%x) encountered", 3665 3700 dp->tdir_tag,dp->tdir_tag); 3666 3666 - /* the following knowingly leaks the 3667 3667 - anonymous field structure */ 3701 3701 + /* the following knowingly leaks the 3702 3702 + anonymous field structure */ 3668 3703 if (!_TIFFMergeFields(tif, 3669 3704 _TIFFCreateAnonField(tif, 3670 3705 dp->tdir_tag, ··· 3675 3710 "Registering anonymous field with tag %d (0x%x) failed", 3676 3711 dp->tdir_tag, 3677 3712 dp->tdir_tag); 3678 3678 - dp->tdir_tag=IGNORE; 3713 3713 + dp->tdir_ignore = TRUE; 3679 3714 } else { 3680 3715 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); 3681 3716 assert(fii != FAILED_FII); 3682 3717 } 3683 3718 } 3684 3719 } 3685 3685 - if (dp->tdir_tag!=IGNORE) 3720 3720 + if (!dp->tdir_ignore) 3686 3721 { 3687 3722 fip=tif->tif_fields[fii]; 3688 3723 if (fip->field_bit==FIELD_IGNORE) 3689 3689 - dp->tdir_tag=IGNORE; 3724 3724 + dp->tdir_ignore = TRUE; 3690 3725 else 3691 3726 { 3692 3727 switch (dp->tdir_tag) ··· 3708 3743 case TIFFTAG_EXTRASAMPLES: 3709 3744 if (!TIFFFetchNormalTag(tif,dp,0)) 3710 3745 goto bad; 3711 3711 - dp->tdir_tag=IGNORE; 3746 3746 + dp->tdir_ignore = TRUE; 3712 3747 break; 3713 3713 - default: 3714 3714 - if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) 3715 3715 - dp->tdir_tag=IGNORE; 3716 3716 - break; 3748 3748 + default: 3749 3749 + if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) ) 3750 3750 + dp->tdir_ignore = TRUE; 3751 3751 + break; 3717 3752 } 3718 3753 } 3719 3754 } ··· 3729 3764 if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG)&& 3730 3765 (tif->tif_dir.td_planarconfig==PLANARCONFIG_SEPARATE)) 3731 3766 { 3732 3732 - if (!_TIFFFillStriles(tif)) 3733 3733 - goto bad; 3767 3767 + if (!_TIFFFillStriles(tif)) 3768 3768 + goto bad; 3734 3769 dp=TIFFReadDirectoryFindEntry(tif,dir,dircount,TIFFTAG_STRIPOFFSETS); 3735 3770 if ((dp!=0)&&(dp->tdir_count==1)) 3736 3771 { ··· 3802 3837 */ 3803 3838 for (di=0, dp=dir; di<dircount; di++, dp++) 3804 3839 { 3805 3805 - switch (dp->tdir_tag) 3806 3806 - { 3807 3807 - case IGNORE: 3808 3808 - break; 3809 3809 - case TIFFTAG_MINSAMPLEVALUE: 3810 3810 - case TIFFTAG_MAXSAMPLEVALUE: 3811 3811 - case TIFFTAG_BITSPERSAMPLE: 3812 3812 - case TIFFTAG_DATATYPE: 3813 3813 - case TIFFTAG_SAMPLEFORMAT: 3814 3814 - /* 3815 3815 - * The MinSampleValue, MaxSampleValue, BitsPerSample 3816 3816 - * DataType and SampleFormat tags are supposed to be 3817 3817 - * written as one value/sample, but some vendors 3818 3818 - * incorrectly write one value only -- so we accept 3819 3819 - * that as well (yuck). Other vendors write correct 3820 3820 - * value for NumberOfSamples, but incorrect one for 3821 3821 - * BitsPerSample and friends, and we will read this 3822 3822 - * too. 3823 3823 - */ 3824 3824 - { 3825 3825 - uint16 value; 3826 3826 - enum TIFFReadDirEntryErr err; 3827 3827 - err=TIFFReadDirEntryShort(tif,dp,&value); 3828 3828 - if (err==TIFFReadDirEntryErrCount) 3829 3829 - err=TIFFReadDirEntryPersampleShort(tif,dp,&value); 3830 3830 - if (err!=TIFFReadDirEntryErrOk) 3831 3831 - { 3832 3832 - fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3833 3833 - TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); 3834 3834 - goto bad; 3835 3835 - } 3836 3836 - if (!TIFFSetField(tif,dp->tdir_tag,value)) 3837 3837 - goto bad; 3838 3838 - if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE ) 3839 3839 - bitspersample_read = TRUE; 3840 3840 - } 3841 3841 - break; 3842 3842 - case TIFFTAG_SMINSAMPLEVALUE: 3843 3843 - case TIFFTAG_SMAXSAMPLEVALUE: 3844 3844 - { 3845 3845 - 3846 3846 - double *data = NULL; 3847 3847 - enum TIFFReadDirEntryErr err; 3848 3848 - uint32 saved_flags; 3849 3849 - int m; 3850 3850 - if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel) 3851 3851 - err = TIFFReadDirEntryErrCount; 3852 3852 - else 3853 3853 - err = TIFFReadDirEntryDoubleArray(tif, dp, &data); 3854 3854 - if (err!=TIFFReadDirEntryErrOk) 3855 3855 - { 3856 3856 - fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3857 3857 - TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); 3858 3858 - goto bad; 3859 3859 - } 3860 3860 - saved_flags = tif->tif_flags; 3861 3861 - tif->tif_flags |= TIFF_PERSAMPLE; 3862 3862 - m = TIFFSetField(tif,dp->tdir_tag,data); 3863 3863 - tif->tif_flags = saved_flags; 3864 3864 - _TIFFfree(data); 3865 3865 - if (!m) 3866 3866 - goto bad; 3867 3867 - } 3868 3868 - break; 3869 3869 - case TIFFTAG_STRIPOFFSETS: 3870 3870 - case TIFFTAG_TILEOFFSETS: 3871 3871 - #if defined(DEFER_STRILE_LOAD) 3872 3872 - _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry), 3873 3873 - dp, sizeof(TIFFDirEntry) ); 3874 3874 - #else 3875 3875 - if( tif->tif_dir.td_stripoffset != NULL ) 3876 3876 - { 3877 3877 - TIFFErrorExt(tif->tif_clientdata, module, 3878 3878 - "tif->tif_dir.td_stripoffset is " 3879 3879 - "already allocated. Likely duplicated " 3880 3880 - "StripOffsets/TileOffsets tag"); 3881 3881 - goto bad; 3882 3882 - } 3883 3883 - if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset)) 3884 3884 - goto bad; 3885 3885 - #endif 3886 3886 - break; 3887 3887 - case TIFFTAG_STRIPBYTECOUNTS: 3888 3888 - case TIFFTAG_TILEBYTECOUNTS: 3889 3889 - #if defined(DEFER_STRILE_LOAD) 3890 3890 - _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry), 3891 3891 - dp, sizeof(TIFFDirEntry) ); 3892 3892 - #else 3893 3893 - if( tif->tif_dir.td_stripbytecount != NULL ) 3894 3894 - { 3895 3895 - TIFFErrorExt(tif->tif_clientdata, module, 3896 3896 - "tif->tif_dir.td_stripbytecount is " 3897 3897 - "already allocated. Likely duplicated " 3898 3898 - "StripByteCounts/TileByteCounts tag"); 3899 3899 - goto bad; 3900 3900 - } 3901 3901 - if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount)) 3902 3902 - goto bad; 3903 3903 - #endif 3904 3904 - break; 3905 3905 - case TIFFTAG_COLORMAP: 3906 3906 - case TIFFTAG_TRANSFERFUNCTION: 3907 3907 - { 3908 3908 - enum TIFFReadDirEntryErr err; 3909 3909 - uint32 countpersample; 3910 3910 - uint32 countrequired; 3911 3911 - uint32 incrementpersample; 3912 3912 - uint16* value=NULL; 3913 3913 - /* It would be dangerous to instantiate those tag values */ 3914 3914 - /* since if td_bitspersample has not yet been read (due to */ 3915 3915 - /* unordered tags), it could be read afterwards with a */ 3916 3916 - /* values greater than the default one (1), which may cause */ 3917 3917 - /* crashes in user code */ 3918 3918 - if( !bitspersample_read ) 3919 3919 - { 3920 3920 - fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3921 3921 - TIFFWarningExt(tif->tif_clientdata,module, 3922 3922 - "Ignoring %s since BitsPerSample tag not found", 3923 3923 - fip ? fip->field_name : "unknown tagname"); 3924 3924 - continue; 3925 3925 - } 3926 3926 - /* ColorMap or TransferFunction for high bit */ 3927 3927 - /* depths do not make much sense and could be */ 3928 3928 - /* used as a denial of service vector */ 3929 3929 - if (tif->tif_dir.td_bitspersample > 24) 3930 3930 - { 3931 3931 - fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3932 3932 - TIFFWarningExt(tif->tif_clientdata,module, 3933 3933 - "Ignoring %s because BitsPerSample=%d>24", 3934 3934 - fip ? fip->field_name : "unknown tagname", 3935 3935 - tif->tif_dir.td_bitspersample); 3936 3936 - continue; 3937 3937 - } 3938 3938 - countpersample=(1U<<tif->tif_dir.td_bitspersample); 3939 3939 - if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample)) 3840 3840 + if (!dp->tdir_ignore) { 3841 3841 + switch (dp->tdir_tag) 3842 3842 + { 3843 3843 + case TIFFTAG_MINSAMPLEVALUE: 3844 3844 + case TIFFTAG_MAXSAMPLEVALUE: 3845 3845 + case TIFFTAG_BITSPERSAMPLE: 3846 3846 + case TIFFTAG_DATATYPE: 3847 3847 + case TIFFTAG_SAMPLEFORMAT: 3848 3848 + /* 3849 3849 + * The MinSampleValue, MaxSampleValue, BitsPerSample 3850 3850 + * DataType and SampleFormat tags are supposed to be 3851 3851 + * written as one value/sample, but some vendors 3852 3852 + * incorrectly write one value only -- so we accept 3853 3853 + * that as well (yuck). Other vendors write correct 3854 3854 + * value for NumberOfSamples, but incorrect one for 3855 3855 + * BitsPerSample and friends, and we will read this 3856 3856 + * too. 3857 3857 + */ 3940 3858 { 3941 3941 - countrequired=countpersample; 3942 3942 - incrementpersample=0; 3859 3859 + uint16 value; 3860 3860 + enum TIFFReadDirEntryErr err; 3861 3861 + err=TIFFReadDirEntryShort(tif,dp,&value); 3862 3862 + if (err==TIFFReadDirEntryErrCount) 3863 3863 + err=TIFFReadDirEntryPersampleShort(tif,dp,&value); 3864 3864 + if (err!=TIFFReadDirEntryErrOk) 3865 3865 + { 3866 3866 + fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3867 3867 + TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); 3868 3868 + goto bad; 3869 3869 + } 3870 3870 + if (!TIFFSetField(tif,dp->tdir_tag,value)) 3871 3871 + goto bad; 3872 3872 + if( dp->tdir_tag == TIFFTAG_BITSPERSAMPLE ) 3873 3873 + bitspersample_read = TRUE; 3943 3874 } 3944 3944 - else 3875 3875 + break; 3876 3876 + case TIFFTAG_SMINSAMPLEVALUE: 3877 3877 + case TIFFTAG_SMAXSAMPLEVALUE: 3945 3878 { 3946 3946 - countrequired=3*countpersample; 3947 3947 - incrementpersample=countpersample; 3879 3879 + 3880 3880 + double *data = NULL; 3881 3881 + enum TIFFReadDirEntryErr err; 3882 3882 + uint32 saved_flags; 3883 3883 + int m; 3884 3884 + if (dp->tdir_count != (uint64)tif->tif_dir.td_samplesperpixel) 3885 3885 + err = TIFFReadDirEntryErrCount; 3886 3886 + else 3887 3887 + err = TIFFReadDirEntryDoubleArray(tif, dp, &data); 3888 3888 + if (err!=TIFFReadDirEntryErrOk) 3889 3889 + { 3890 3890 + fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3891 3891 + TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",0); 3892 3892 + goto bad; 3893 3893 + } 3894 3894 + saved_flags = tif->tif_flags; 3895 3895 + tif->tif_flags |= TIFF_PERSAMPLE; 3896 3896 + m = TIFFSetField(tif,dp->tdir_tag,data); 3897 3897 + tif->tif_flags = saved_flags; 3898 3898 + _TIFFfree(data); 3899 3899 + if (!m) 3900 3900 + goto bad; 3948 3901 } 3949 3949 - if (dp->tdir_count!=(uint64)countrequired) 3950 3950 - err=TIFFReadDirEntryErrCount; 3951 3951 - else 3952 3952 - err=TIFFReadDirEntryShortArray(tif,dp,&value); 3953 3953 - if (err!=TIFFReadDirEntryErrOk) 3954 3954 - { 3955 3955 - fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3956 3956 - TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1); 3957 3957 - } 3958 3958 - else 3902 3902 + break; 3903 3903 + case TIFFTAG_STRIPOFFSETS: 3904 3904 + case TIFFTAG_TILEOFFSETS: 3905 3905 + _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry), 3906 3906 + dp, sizeof(TIFFDirEntry) ); 3907 3907 + break; 3908 3908 + case TIFFTAG_STRIPBYTECOUNTS: 3909 3909 + case TIFFTAG_TILEBYTECOUNTS: 3910 3910 + _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry), 3911 3911 + dp, sizeof(TIFFDirEntry) ); 3912 3912 + break; 3913 3913 + case TIFFTAG_COLORMAP: 3914 3914 + case TIFFTAG_TRANSFERFUNCTION: 3959 3915 { 3960 3960 - TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample); 3961 3961 - _TIFFfree(value); 3916 3916 + enum TIFFReadDirEntryErr err; 3917 3917 + uint32 countpersample; 3918 3918 + uint32 countrequired; 3919 3919 + uint32 incrementpersample; 3920 3920 + uint16* value=NULL; 3921 3921 + /* It would be dangerous to instantiate those tag values */ 3922 3922 + /* since if td_bitspersample has not yet been read (due to */ 3923 3923 + /* unordered tags), it could be read afterwards with a */ 3924 3924 + /* values greater than the default one (1), which may cause */ 3925 3925 + /* crashes in user code */ 3926 3926 + if( !bitspersample_read ) 3927 3927 + { 3928 3928 + fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3929 3929 + TIFFWarningExt(tif->tif_clientdata,module, 3930 3930 + "Ignoring %s since BitsPerSample tag not found", 3931 3931 + fip ? fip->field_name : "unknown tagname"); 3932 3932 + continue; 3933 3933 + } 3934 3934 + /* ColorMap or TransferFunction for high bit */ 3935 3935 + /* depths do not make much sense and could be */ 3936 3936 + /* used as a denial of service vector */ 3937 3937 + if (tif->tif_dir.td_bitspersample > 24) 3938 3938 + { 3939 3939 + fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3940 3940 + TIFFWarningExt(tif->tif_clientdata,module, 3941 3941 + "Ignoring %s because BitsPerSample=%d>24", 3942 3942 + fip ? fip->field_name : "unknown tagname", 3943 3943 + tif->tif_dir.td_bitspersample); 3944 3944 + continue; 3945 3945 + } 3946 3946 + countpersample=(1U<<tif->tif_dir.td_bitspersample); 3947 3947 + if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample)) 3948 3948 + { 3949 3949 + countrequired=countpersample; 3950 3950 + incrementpersample=0; 3951 3951 + } 3952 3952 + else 3953 3953 + { 3954 3954 + countrequired=3*countpersample; 3955 3955 + incrementpersample=countpersample; 3956 3956 + } 3957 3957 + if (dp->tdir_count!=(uint64)countrequired) 3958 3958 + err=TIFFReadDirEntryErrCount; 3959 3959 + else 3960 3960 + err=TIFFReadDirEntryShortArray(tif,dp,&value); 3961 3961 + if (err!=TIFFReadDirEntryErrOk) 3962 3962 + { 3963 3963 + fip = TIFFFieldWithTag(tif,dp->tdir_tag); 3964 3964 + TIFFReadDirEntryOutputErr(tif,err,module,fip ? fip->field_name : "unknown tagname",1); 3965 3965 + } 3966 3966 + else 3967 3967 + { 3968 3968 + TIFFSetField(tif,dp->tdir_tag,value,value+incrementpersample,value+2*incrementpersample); 3969 3969 + _TIFFfree(value); 3970 3970 + } 3962 3971 } 3963 3963 - } 3964 3964 - break; 3972 3972 + break; 3965 3973 /* BEGIN REV 4.0 COMPATIBILITY */ 3966 3966 - case TIFFTAG_OSUBFILETYPE: 3967 3967 - { 3968 3968 - uint16 valueo; 3969 3969 - uint32 value; 3970 3970 - if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk) 3974 3974 + case TIFFTAG_OSUBFILETYPE: 3971 3975 { 3972 3972 - switch (valueo) 3976 3976 + uint16 valueo; 3977 3977 + uint32 value; 3978 3978 + if (TIFFReadDirEntryShort(tif,dp,&valueo)==TIFFReadDirEntryErrOk) 3973 3979 { 3974 3974 - case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break; 3975 3975 - case OFILETYPE_PAGE: value=FILETYPE_PAGE; break; 3976 3976 - default: value=0; break; 3980 3980 + switch (valueo) 3981 3981 + { 3982 3982 + case OFILETYPE_REDUCEDIMAGE: value=FILETYPE_REDUCEDIMAGE; break; 3983 3983 + case OFILETYPE_PAGE: value=FILETYPE_PAGE; break; 3984 3984 + default: value=0; break; 3985 3985 + } 3986 3986 + if (value!=0) 3987 3987 + TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value); 3977 3988 } 3978 3978 - if (value!=0) 3979 3979 - TIFFSetField(tif,TIFFTAG_SUBFILETYPE,value); 3980 3989 } 3981 3981 - } 3982 3982 - break; 3990 3990 + break; 3983 3991 /* END REV 4.0 COMPATIBILITY */ 3984 3984 - default: 3985 3985 - (void) TIFFFetchNormalTag(tif, dp, TRUE); 3986 3986 - break; 3987 3987 - } 3988 3988 - } 3992 3992 + default: 3993 3993 + (void) TIFFFetchNormalTag(tif, dp, TRUE); 3994 3994 + break; 3995 3995 + } 3996 3996 + } /* -- if (!dp->tdir_ignore) */ 3997 3997 + } /* -- for-loop -- */ 3998 3998 + 3999 3999 + if( tif->tif_mode == O_RDWR && 4000 4000 + tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 && 4001 4001 + tif->tif_dir.td_stripoffset_entry.tdir_count == 0 && 4002 4002 + tif->tif_dir.td_stripoffset_entry.tdir_type == 0 && 4003 4003 + tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 && 4004 4004 + tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 && 4005 4005 + tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 && 4006 4006 + tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 && 4007 4007 + tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0 ) 4008 4008 + { 4009 4009 + /* Directory typically created with TIFFDeferStrileArrayWriting() */ 4010 4010 + TIFFSetupStrips(tif); 4011 4011 + } 4012 4012 + else if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) ) 4013 4013 + { 4014 4014 + if( tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 ) 4015 4015 + { 4016 4016 + if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripoffset_entry), 4017 4017 + tif->tif_dir.td_nstrips, 4018 4018 + &tif->tif_dir.td_stripoffset_p)) 4019 4019 + { 4020 4020 + goto bad; 4021 4021 + } 4022 4022 + } 4023 4023 + if( tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 ) 4024 4024 + { 4025 4025 + if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripbytecount_entry), 4026 4026 + tif->tif_dir.td_nstrips, 4027 4027 + &tif->tif_dir.td_stripbytecount_p)) 4028 4028 + { 4029 4029 + goto bad; 4030 4030 + } 4031 4031 + } 4032 4032 + } 4033 4033 + 3989 4034 /* 3990 4035 * OJPEG hack: 3991 4036 * - If a) compression is OJPEG, and b) photometric tag is missing, ··· 4128 4173 "\"StripByteCounts\" field, calculating from imagelength"); 4129 4174 if (EstimateStripByteCounts(tif, dir, dircount) < 0) 4130 4175 goto bad; 4131 4131 - /* 4132 4132 - * Assume we have wrong StripByteCount value (in case 4133 4133 - * of single strip) in following cases: 4134 4134 - * - it is equal to zero along with StripOffset; 4135 4135 - * - it is larger than file itself (in case of uncompressed 4136 4136 - * image); 4137 4137 - * - it is smaller than the size of the bytes per row 4138 4138 - * multiplied on the number of rows. The last case should 4139 4139 - * not be checked in the case of writing new image, 4140 4140 - * because we may do not know the exact strip size 4141 4141 - * until the whole image will be written and directory 4142 4142 - * dumped out. 4143 4143 - */ 4144 4144 - #define BYTECOUNTLOOKSBAD \ 4145 4145 - ( (tif->tif_dir.td_stripbytecount[0] == 0 && tif->tif_dir.td_stripoffset[0] != 0) || \ 4146 4146 - (tif->tif_dir.td_compression == COMPRESSION_NONE && \ 4147 4147 - (tif->tif_dir.td_stripoffset[0] <= TIFFGetFileSize(tif) && \ 4148 4148 - tif->tif_dir.td_stripbytecount[0] > TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0])) || \ 4149 4149 - (tif->tif_mode == O_RDONLY && \ 4150 4150 - tif->tif_dir.td_compression == COMPRESSION_NONE && \ 4151 4151 - tif->tif_dir.td_stripbytecount[0] < TIFFScanlineSize64(tif) * tif->tif_dir.td_imagelength) ) 4152 4176 4153 4177 } else if (tif->tif_dir.td_nstrips == 1 4154 4178 && !(tif->tif_flags&TIFF_ISTILED) 4155 4155 - && _TIFFFillStriles(tif) 4156 4156 - && tif->tif_dir.td_stripoffset[0] != 0 4157 4157 - && BYTECOUNTLOOKSBAD) { 4179 4179 + && ByteCountLooksBad(tif)) { 4158 4180 /* 4159 4181 * XXX: Plexus (and others) sometimes give a value of 4160 4182 * zero for a tag when they don't know what the ··· 4166 4188 if(EstimateStripByteCounts(tif, dir, dircount) < 0) 4167 4189 goto bad; 4168 4190 4169 4169 - #if !defined(DEFER_STRILE_LOAD) 4170 4170 - } else if (tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG 4191 4191 + } else if (!(tif->tif_flags&TIFF_DEFERSTRILELOAD) 4192 4192 + && tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG 4171 4193 && tif->tif_dir.td_nstrips > 2 4172 4194 && tif->tif_dir.td_compression == COMPRESSION_NONE 4173 4173 - && tif->tif_dir.td_stripbytecount[0] != tif->tif_dir.td_stripbytecount[1] 4174 4174 - && tif->tif_dir.td_stripbytecount[0] != 0 4175 4175 - && tif->tif_dir.td_stripbytecount[1] != 0 ) { 4195 4195 + && TIFFGetStrileByteCount(tif, 0) != TIFFGetStrileByteCount(tif, 1) 4196 4196 + && TIFFGetStrileByteCount(tif, 0) != 0 4197 4197 + && TIFFGetStrileByteCount(tif, 1) != 0 ) { 4176 4198 /* 4177 4199 * XXX: Some vendors fill StripByteCount array with 4178 4200 * absolutely wrong values (it can be equal to ··· 4187 4209 "Wrong \"StripByteCounts\" field, ignoring and calculating from imagelength"); 4188 4210 if (EstimateStripByteCounts(tif, dir, dircount) < 0) 4189 4211 goto bad; 4190 4190 - #endif /* !defined(DEFER_STRILE_LOAD) */ 4191 4212 } 4192 4213 } 4193 4214 if (dir) ··· 4202 4223 else 4203 4224 tif->tif_dir.td_maxsamplevalue = (uint16)((1L<<tif->tif_dir.td_bitspersample)-1); 4204 4225 } 4226 4226 + 4227 4227 + #ifdef STRIPBYTECOUNTSORTED_UNUSED 4205 4228 /* 4206 4229 * XXX: We can optimize checking for the strip bounds using the sorted 4207 4230 * bytecounts array. See also comments for TIFFAppendToStrip() 4208 4231 * function in tif_write.c. 4209 4232 */ 4210 4210 - #if !defined(DEFER_STRILE_LOAD) 4211 4211 - if (tif->tif_dir.td_nstrips > 1) { 4233 4233 + if (!(tif->tif_flags&TIFF_DEFERSTRILELOAD) && tif->tif_dir.td_nstrips > 1) { 4212 4234 uint32 strip; 4213 4235 4214 4236 tif->tif_dir.td_stripbytecountsorted = 1; 4215 4237 for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) { 4216 4216 - if (tif->tif_dir.td_stripoffset[strip - 1] > 4217 4217 - tif->tif_dir.td_stripoffset[strip]) { 4238 4238 + if (TIFFGetStrileOffset(tif, strip - 1) > 4239 4239 + TIFFGetStrileOffset(tif, strip)) { 4218 4240 tif->tif_dir.td_stripbytecountsorted = 0; 4219 4241 break; 4220 4242 } 4221 4243 } 4222 4244 } 4223 4223 - #endif /* !defined(DEFER_STRILE_LOAD) */ 4224 4224 - 4245 4245 + #endif 4246 4246 + 4225 4247 /* 4226 4248 * An opportunity for compression mode dependent tag fixup 4227 4249 */ ··· 4240 4262 (tif->tif_dir.td_nstrips==1)&& 4241 4263 (tif->tif_dir.td_compression==COMPRESSION_NONE)&& 4242 4264 ((tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED))==TIFF_STRIPCHOP)) 4243 4243 - { 4244 4244 - if ( !_TIFFFillStriles(tif) || !tif->tif_dir.td_stripbytecount ) 4245 4245 - return 0; 4246 4246 - ChopUpSingleUncompressedStrip(tif); 4247 4247 - } 4265 4265 + { 4266 4266 + ChopUpSingleUncompressedStrip(tif); 4267 4267 + } 4268 4268 + 4269 4269 + /* There are also uncompressed striped files with strips larger than */ 4270 4270 + /* 2 GB, which make them unfriendly with a lot of code. If possible, */ 4271 4271 + /* try to expose smaller "virtual" strips. */ 4272 4272 + if( tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG && 4273 4273 + tif->tif_dir.td_compression == COMPRESSION_NONE && 4274 4274 + (tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED)) == TIFF_STRIPCHOP && 4275 4275 + TIFFStripSize64(tif) > 0x7FFFFFFFUL ) 4276 4276 + { 4277 4277 + TryChopUpUncompressedBigTiff(tif); 4278 4278 + } 4248 4279 4249 4280 /* 4250 4281 * Clear the dirty directory flag. ··· 4396 4427 TIFFWarningExt(tif->tif_clientdata, module, 4397 4428 "Registering anonymous field with tag %d (0x%x) failed", 4398 4429 dp->tdir_tag, dp->tdir_tag); 4399 4399 - dp->tdir_tag=IGNORE; 4430 4430 + dp->tdir_ignore = TRUE; 4400 4431 } else { 4401 4432 TIFFReadDirectoryFindFieldInfo(tif,dp->tdir_tag,&fii); 4402 4433 assert( fii != FAILED_FII ); 4403 4434 } 4404 4435 } 4405 4405 - if (dp->tdir_tag!=IGNORE) 4436 4436 + if (!dp->tdir_ignore) 4406 4437 { 4407 4438 fip=tif->tif_fields[fii]; 4408 4439 if (fip->field_bit==FIELD_IGNORE) 4409 4409 - dp->tdir_tag=IGNORE; 4440 4440 + dp->tdir_ignore = TRUE; 4410 4441 else 4411 4442 { 4412 4443 /* check data type */ ··· 4426 4457 TIFFWarningExt(tif->tif_clientdata, module, 4427 4458 "Wrong data type %d for \"%s\"; tag ignored", 4428 4459 dp->tdir_type,fip->field_name); 4429 4429 - dp->tdir_tag=IGNORE; 4460 4460 + dp->tdir_ignore = TRUE; 4430 4461 } 4431 4462 else 4432 4463 { ··· 4440 4471 else 4441 4472 expected=(uint32)fip->field_readcount; 4442 4473 if (!CheckDirCount(tif,dp,expected)) 4443 4443 - dp->tdir_tag=IGNORE; 4474 4474 + dp->tdir_ignore = TRUE; 4444 4475 } 4445 4476 } 4446 4477 } 4447 4447 - switch (dp->tdir_tag) 4448 4448 - { 4449 4449 - case IGNORE: 4450 4450 - break; 4451 4451 - case EXIFTAG_SUBJECTDISTANCE: 4452 4452 - (void) TIFFFetchSubjectDistance(tif,dp); 4453 4453 - break; 4454 4454 - default: 4455 4455 - (void) TIFFFetchNormalTag(tif, dp, TRUE); 4456 4456 - break; 4457 4457 - } 4478 4478 + if (!dp->tdir_ignore) { 4479 4479 + switch (dp->tdir_tag) 4480 4480 + { 4481 4481 + case EXIFTAG_SUBJECTDISTANCE: 4482 4482 + (void)TIFFFetchSubjectDistance(tif, dp); 4483 4483 + break; 4484 4484 + default: 4485 4485 + (void)TIFFFetchNormalTag(tif, dp, TRUE); 4486 4486 + break; 4487 4487 + } 4488 4488 + } /*-- if (!dp->tdir_ignore) */ 4458 4489 } 4459 4490 } 4460 4491 if (dir) ··· 4487 4518 if( !_TIFFFillStrilesInternal( tif, 0 ) ) 4488 4519 return -1; 4489 4520 4490 4490 - if (td->td_stripbytecount) 4491 4491 - _TIFFfree(td->td_stripbytecount); 4492 4492 - td->td_stripbytecount = (uint64*) 4521 4521 + if (td->td_stripbytecount_p) 4522 4522 + _TIFFfree(td->td_stripbytecount_p); 4523 4523 + td->td_stripbytecount_p = (uint64*) 4493 4524 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64), 4494 4525 "for \"StripByteCounts\" array"); 4495 4495 - if( td->td_stripbytecount == NULL ) 4526 4526 + if( td->td_stripbytecount_p == NULL ) 4496 4527 return -1; 4497 4528 4498 4529 if (td->td_compression != COMPRESSION_NONE) { ··· 4516 4547 dp->tdir_type); 4517 4548 return -1; 4518 4549 } 4550 4550 + if( dp->tdir_count > TIFF_UINT64_MAX / typewidth ) 4551 4551 + return -1; 4519 4552 datasize=(uint64)typewidth*dp->tdir_count; 4520 4553 if (!(tif->tif_flags&TIFF_BIGTIFF)) 4521 4554 { ··· 4527 4560 if (datasize<=8) 4528 4561 datasize=0; 4529 4562 } 4563 4563 + if( space > TIFF_UINT64_MAX - datasize ) 4564 4564 + return -1; 4530 4565 space+=datasize; 4531 4566 } 4532 4567 if( filesize < space ) ··· 4537 4572 if (td->td_planarconfig == PLANARCONFIG_SEPARATE) 4538 4573 space /= td->td_samplesperpixel; 4539 4574 for (strip = 0; strip < td->td_nstrips; strip++) 4540 4540 - td->td_stripbytecount[strip] = space; 4575 4575 + td->td_stripbytecount_p[strip] = space; 4541 4576 /* 4542 4577 * This gross hack handles the case were the offset to 4543 4578 * the last strip is past the place where we think the strip ··· 4546 4581 * of data in the strip and trim this number back accordingly. 4547 4582 */ 4548 4583 strip--; 4549 4549 - if (td->td_stripoffset[strip]+td->td_stripbytecount[strip] > filesize) 4550 4550 - td->td_stripbytecount[strip] = filesize - td->td_stripoffset[strip]; 4584 4584 + if (td->td_stripoffset_p[strip] > TIFF_UINT64_MAX - td->td_stripbytecount_p[strip]) 4585 4585 + return -1; 4586 4586 + if (td->td_stripoffset_p[strip]+td->td_stripbytecount_p[strip] > filesize) { 4587 4587 + if( td->td_stripoffset_p[strip] >= filesize ) { 4588 4588 + /* Not sure what we should in that case... */ 4589 4589 + td->td_stripbytecount_p[strip] = 0; 4590 4590 + } else { 4591 4591 + td->td_stripbytecount_p[strip] = filesize - td->td_stripoffset_p[strip]; 4592 4592 + } 4593 4593 + } 4551 4594 } else if (isTiled(tif)) { 4552 4595 uint64 bytespertile = TIFFTileSize64(tif); 4553 4596 4554 4597 for (strip = 0; strip < td->td_nstrips; strip++) 4555 4555 - td->td_stripbytecount[strip] = bytespertile; 4598 4598 + td->td_stripbytecount_p[strip] = bytespertile; 4556 4599 } else { 4557 4600 uint64 rowbytes = TIFFScanlineSize64(tif); 4558 4601 uint32 rowsperstrip = td->td_imagelength/td->td_stripsperimage; 4559 4602 for (strip = 0; strip < td->td_nstrips; strip++) 4560 4560 - td->td_stripbytecount[strip] = rowbytes * rowsperstrip; 4603 4603 + { 4604 4604 + if( rowbytes > 0 && rowsperstrip > TIFF_UINT64_MAX / rowbytes ) 4605 4605 + return -1; 4606 4606 + td->td_stripbytecount_p[strip] = rowbytes * rowsperstrip; 4607 4607 + } 4561 4608 } 4562 4609 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS); 4563 4610 if (!TIFFFieldSet(tif, FIELD_ROWSPERSTRIP)) ··· 4751 4798 } 4752 4799 } else { 4753 4800 tmsize_t m; 4754 4754 - tmsize_t off = (tmsize_t) tif->tif_diroff; 4755 4755 - if ((uint64)off!=tif->tif_diroff) 4801 4801 + tmsize_t off; 4802 4802 + if (tif->tif_diroff > (uint64)TIFF_INT64_MAX) 4756 4803 { 4757 4804 TIFFErrorExt(tif->tif_clientdata,module,"Can not read TIFF directory count"); 4758 4805 return(0); 4759 4806 } 4807 4807 + off = (tmsize_t) tif->tif_diroff; 4760 4808 4761 4809 /* 4762 4810 * Check for integer overflow when validating the dir_off, ··· 4874 4922 mb=dir; 4875 4923 for (n=0; n<dircount16; n++) 4876 4924 { 4925 4925 + mb->tdir_ignore = FALSE; 4877 4926 if (tif->tif_flags&TIFF_SWAB) 4878 4927 TIFFSwabShort((uint16*)ma); 4879 4928 mb->tdir_tag=*(uint16*)ma; ··· 4888 4937 TIFFSwabLong((uint32*)ma); 4889 4938 mb->tdir_count=(uint64)(*(uint32*)ma); 4890 4939 ma+=sizeof(uint32); 4940 4940 + mb->tdir_offset.toff_long8=0; 4891 4941 *(uint32*)(&mb->tdir_offset)=*(uint32*)ma; 4892 4942 ma+=sizeof(uint32); 4893 4943 } ··· 5681 5731 TIFFSwabArrayOfLong(m.i,2); 5682 5732 if (m.i[0]==0) 5683 5733 n=0.0; 5684 5684 - else if (m.i[0]==0xFFFFFFFF) 5734 5734 + else if (m.i[0]==0xFFFFFFFF || m.i[1]==0) 5685 5735 /* 5686 5736 * XXX: Numerator 0xFFFFFFFF means that we have infinite 5687 5737 * distance. Indicate that with a negative floating point ··· 5699 5749 } 5700 5750 } 5701 5751 5752 5752 + static void allocChoppedUpStripArrays(TIFF* tif, uint32 nstrips, 5753 5753 + uint64 stripbytes, uint32 rowsperstrip) 5754 5754 + { 5755 5755 + TIFFDirectory *td = &tif->tif_dir; 5756 5756 + uint64 bytecount; 5757 5757 + uint64 offset; 5758 5758 + uint64 last_offset; 5759 5759 + uint64 last_bytecount; 5760 5760 + uint32 i; 5761 5761 + uint64 *newcounts; 5762 5762 + uint64 *newoffsets; 5763 5763 + 5764 5764 + offset = TIFFGetStrileOffset(tif, 0); 5765 5765 + last_offset = TIFFGetStrileOffset(tif, td->td_nstrips-1); 5766 5766 + last_bytecount = TIFFGetStrileByteCount(tif, td->td_nstrips-1); 5767 5767 + if( last_offset > TIFF_UINT64_MAX - last_bytecount || 5768 5768 + last_offset + last_bytecount < offset ) 5769 5769 + { 5770 5770 + return; 5771 5771 + } 5772 5772 + bytecount = last_offset + last_bytecount - offset; 5773 5773 + 5774 5774 + newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), 5775 5775 + "for chopped \"StripByteCounts\" array"); 5776 5776 + newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), 5777 5777 + "for chopped \"StripOffsets\" array"); 5778 5778 + if (newcounts == NULL || newoffsets == NULL) { 5779 5779 + /* 5780 5780 + * Unable to allocate new strip information, give up and use 5781 5781 + * the original one strip information. 5782 5782 + */ 5783 5783 + if (newcounts != NULL) 5784 5784 + _TIFFfree(newcounts); 5785 5785 + if (newoffsets != NULL) 5786 5786 + _TIFFfree(newoffsets); 5787 5787 + return; 5788 5788 + } 5789 5789 + 5790 5790 + /* 5791 5791 + * Fill the strip information arrays with new bytecounts and offsets 5792 5792 + * that reflect the broken-up format. 5793 5793 + */ 5794 5794 + for (i = 0; i < nstrips; i++) 5795 5795 + { 5796 5796 + if (stripbytes > bytecount) 5797 5797 + stripbytes = bytecount; 5798 5798 + newcounts[i] = stripbytes; 5799 5799 + newoffsets[i] = stripbytes ? offset : 0; 5800 5800 + offset += stripbytes; 5801 5801 + bytecount -= stripbytes; 5802 5802 + } 5803 5803 + 5804 5804 + /* 5805 5805 + * Replace old single strip info with multi-strip info. 5806 5806 + */ 5807 5807 + td->td_stripsperimage = td->td_nstrips = nstrips; 5808 5808 + TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); 5809 5809 + 5810 5810 + _TIFFfree(td->td_stripbytecount_p); 5811 5811 + _TIFFfree(td->td_stripoffset_p); 5812 5812 + td->td_stripbytecount_p = newcounts; 5813 5813 + td->td_stripoffset_p = newoffsets; 5814 5814 + #ifdef STRIPBYTECOUNTSORTED_UNUSED 5815 5815 + td->td_stripbytecountsorted = 1; 5816 5816 + #endif 5817 5817 + tif->tif_flags |= TIFF_CHOPPEDUPARRAYS; 5818 5818 + } 5819 5819 + 5820 5820 + 5702 5821 /* 5703 5822 * Replace a single strip (tile) of uncompressed data by multiple strips 5704 5823 * (tiles), each approximately STRIP_SIZE_DEFAULT bytes. This is useful for ··· 5714 5833 uint32 rowblock; 5715 5834 uint64 rowblockbytes; 5716 5835 uint64 stripbytes; 5717 5717 - uint32 strip; 5718 5836 uint32 nstrips; 5719 5837 uint32 rowsperstrip; 5720 5720 - uint64* newcounts; 5721 5721 - uint64* newoffsets; 5722 5838 5723 5723 - bytecount = td->td_stripbytecount[0]; 5839 5839 + bytecount = TIFFGetStrileByteCount(tif, 0); 5724 5840 /* On a newly created file, just re-opened to be filled, we */ 5725 5841 /* don't want strip chop to trigger as it is going to cause issues */ 5726 5842 /* later ( StripOffsets and StripByteCounts improperly filled) . */ 5727 5843 if( bytecount == 0 && tif->tif_mode != O_RDONLY ) 5728 5844 return; 5729 5729 - offset = td->td_stripoffset[0]; 5845 5845 + offset = TIFFGetStrileByteCount(tif, 0); 5730 5846 assert(td->td_planarconfig == PLANARCONFIG_CONTIG); 5731 5847 if ((td->td_photometric == PHOTOMETRIC_YCBCR)&& 5732 5848 (!isUpSampled(tif))) ··· 5769 5885 return; 5770 5886 } 5771 5887 5772 5772 - newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), 5773 5773 - "for chopped \"StripByteCounts\" array"); 5774 5774 - newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64), 5775 5775 - "for chopped \"StripOffsets\" array"); 5776 5776 - if (newcounts == NULL || newoffsets == NULL) { 5777 5777 - /* 5778 5778 - * Unable to allocate new strip information, give up and use 5779 5779 - * the original one strip information. 5780 5780 - */ 5781 5781 - if (newcounts != NULL) 5782 5782 - _TIFFfree(newcounts); 5783 5783 - if (newoffsets != NULL) 5784 5784 - _TIFFfree(newoffsets); 5785 5785 - return; 5786 5786 - } 5787 5787 - /* 5788 5788 - * Fill the strip information arrays with new bytecounts and offsets 5789 5789 - * that reflect the broken-up format. 5790 5790 - */ 5791 5791 - for (strip = 0; strip < nstrips; strip++) { 5792 5792 - if (stripbytes > bytecount) 5793 5793 - stripbytes = bytecount; 5794 5794 - newcounts[strip] = stripbytes; 5795 5795 - newoffsets[strip] = stripbytes ? offset : 0; 5796 5796 - offset += stripbytes; 5797 5797 - bytecount -= stripbytes; 5798 5798 - } 5799 5799 - /* 5800 5800 - * Replace old single strip info with multi-strip info. 5801 5801 - */ 5802 5802 - td->td_stripsperimage = td->td_nstrips = nstrips; 5803 5803 - TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip); 5888 5888 + allocChoppedUpStripArrays(tif, nstrips, stripbytes, rowsperstrip); 5889 5889 + } 5890 5890 + 5891 5891 + 5892 5892 + /* 5893 5893 + * Replace a file with contiguous strips > 2 GB of uncompressed data by 5894 5894 + * multiple smaller strips. This is useful for 5895 5895 + * dealing with large images or for dealing with machines with a limited 5896 5896 + * amount memory. 5897 5897 + */ 5898 5898 + static void TryChopUpUncompressedBigTiff( TIFF* tif ) 5899 5899 + { 5900 5900 + TIFFDirectory *td = &tif->tif_dir; 5901 5901 + uint32 rowblock; 5902 5902 + uint64 rowblockbytes; 5903 5903 + uint32 i; 5904 5904 + uint64 stripsize; 5905 5905 + uint32 rowblocksperstrip; 5906 5906 + uint32 rowsperstrip; 5907 5907 + uint64 stripbytes; 5908 5908 + uint32 nstrips; 5909 5909 + 5910 5910 + stripsize = TIFFStripSize64(tif); 5911 5911 + 5912 5912 + assert( tif->tif_dir.td_planarconfig == PLANARCONFIG_CONTIG ); 5913 5913 + assert( tif->tif_dir.td_compression == COMPRESSION_NONE ); 5914 5914 + assert( (tif->tif_flags&(TIFF_STRIPCHOP|TIFF_ISTILED)) == TIFF_STRIPCHOP ); 5915 5915 + assert( stripsize > 0x7FFFFFFFUL ); 5916 5916 + 5917 5917 + /* On a newly created file, just re-opened to be filled, we */ 5918 5918 + /* don't want strip chop to trigger as it is going to cause issues */ 5919 5919 + /* later ( StripOffsets and StripByteCounts improperly filled) . */ 5920 5920 + if( TIFFGetStrileByteCount(tif, 0) == 0 && tif->tif_mode != O_RDONLY ) 5921 5921 + return; 5922 5922 + 5923 5923 + if ((td->td_photometric == PHOTOMETRIC_YCBCR)&& 5924 5924 + (!isUpSampled(tif))) 5925 5925 + rowblock = td->td_ycbcrsubsampling[1]; 5926 5926 + else 5927 5927 + rowblock = 1; 5928 5928 + rowblockbytes = TIFFVStripSize64(tif, rowblock); 5929 5929 + if( rowblockbytes == 0 || rowblockbytes > 0x7FFFFFFFUL ) 5930 5930 + { 5931 5931 + /* In case of file with gigantic width */ 5932 5932 + return; 5933 5933 + } 5934 5934 + 5935 5935 + /* Check that the strips are contiguous and of the expected size */ 5936 5936 + for( i = 0; i < td->td_nstrips; i++ ) 5937 5937 + { 5938 5938 + if( i == td->td_nstrips - 1 ) 5939 5939 + { 5940 5940 + if( TIFFGetStrileByteCount(tif, i) < TIFFVStripSize64( 5941 5941 + tif, td->td_imagelength - i * td->td_rowsperstrip ) ) 5942 5942 + { 5943 5943 + return; 5944 5944 + } 5945 5945 + } 5946 5946 + else 5947 5947 + { 5948 5948 + if( TIFFGetStrileByteCount(tif, i) != stripsize ) 5949 5949 + { 5950 5950 + return; 5951 5951 + } 5952 5952 + if( i > 0 && TIFFGetStrileOffset(tif, i) != 5953 5953 + TIFFGetStrileOffset(tif, i-1) + TIFFGetStrileByteCount(tif, i-1) ) 5954 5954 + { 5955 5955 + return; 5956 5956 + } 5957 5957 + } 5958 5958 + } 5959 5959 + 5960 5960 + /* Aim for 512 MB strips (that will still be manageable by 32 bit builds */ 5961 5961 + rowblocksperstrip = (uint32) (512 * 1024 * 1024 / rowblockbytes); 5962 5962 + if( rowblocksperstrip == 0 ) 5963 5963 + rowblocksperstrip = 1; 5964 5964 + rowsperstrip = rowblocksperstrip * rowblock; 5965 5965 + stripbytes = rowblocksperstrip * rowblockbytes; 5966 5966 + assert( stripbytes <= 0x7FFFFFFFUL ); 5967 5967 + 5968 5968 + nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip); 5969 5969 + if( nstrips == 0 ) 5970 5970 + return; 5971 5971 + 5972 5972 + /* If we are going to allocate a lot of memory, make sure that the */ 5973 5973 + /* file is as big as needed */ 5974 5974 + if( tif->tif_mode == O_RDONLY && 5975 5975 + nstrips > 1000000 ) 5976 5976 + { 5977 5977 + uint64 last_offset = TIFFGetStrileOffset(tif, td->td_nstrips-1); 5978 5978 + uint64 filesize = TIFFGetFileSize(tif); 5979 5979 + uint64 last_bytecount = TIFFGetStrileByteCount(tif, td->td_nstrips-1); 5980 5980 + if( last_offset > filesize || 5981 5981 + last_bytecount > filesize - last_offset ) 5982 5982 + { 5983 5983 + return; 5984 5984 + } 5985 5985 + } 5804 5986 5805 5805 - _TIFFfree(td->td_stripbytecount); 5806 5806 - _TIFFfree(td->td_stripoffset); 5807 5807 - td->td_stripbytecount = newcounts; 5808 5808 - td->td_stripoffset = newoffsets; 5809 5809 - td->td_stripbytecountsorted = 1; 5987 5987 + allocChoppedUpStripArrays(tif, nstrips, stripbytes, rowsperstrip); 5810 5988 } 5811 5989 5812 5812 - int _TIFFFillStriles( TIFF *tif ) 5990 5990 + 5991 5991 + TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW 5992 5992 + static uint64 _TIFFUnsanitizedAddUInt64AndInt(uint64 a, int b) 5813 5993 { 5814 5814 - return _TIFFFillStrilesInternal( tif, 1 ); 5994 5994 + return a + b; 5815 5995 } 5816 5996 5817 5817 - static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount ) 5997 5997 + /* Read the value of [Strip|Tile]Offset or [Strip|Tile]ByteCount around 5998 5998 + * strip/tile of number strile. Also fetch the neighbouring values using a 5999 5999 + * 4096 byte page size. 6000 6000 + */ 6001 6001 + static 6002 6002 + int _TIFFPartialReadStripArray( TIFF* tif, TIFFDirEntry* dirent, 6003 6003 + int strile, uint64* panVals ) 5818 6004 { 5819 5819 - #if defined(DEFER_STRILE_LOAD) 5820 5820 - register TIFFDirectory *td = &tif->tif_dir; 5821 5821 - int return_value = 1; 6005 6005 + static const char module[] = "_TIFFPartialReadStripArray"; 6006 6006 + #define IO_CACHE_PAGE_SIZE 4096 5822 6007 5823 5823 - if( td->td_stripoffset != NULL ) 5824 5824 - return 1; 6008 6008 + size_t sizeofval; 6009 6009 + const int bSwab = (tif->tif_flags & TIFF_SWAB) != 0; 6010 6010 + int sizeofvalint; 6011 6011 + uint64 nBaseOffset; 6012 6012 + uint64 nOffset; 6013 6013 + uint64 nOffsetStartPage; 6014 6014 + uint64 nOffsetEndPage; 6015 6015 + tmsize_t nToRead; 6016 6016 + tmsize_t nRead; 6017 6017 + uint64 nLastStripOffset; 6018 6018 + int iStartBefore; 6019 6019 + int i; 6020 6020 + const uint32 arraySize = tif->tif_dir.td_stripoffsetbyteallocsize; 6021 6021 + unsigned char buffer[2 * IO_CACHE_PAGE_SIZE]; 5825 6022 5826 5826 - if( td->td_stripoffset_entry.tdir_count == 0 ) 6023 6023 + assert( dirent->tdir_count > 4 ); 6024 6024 + 6025 6025 + if( dirent->tdir_type == TIFF_SHORT ) 6026 6026 + { 6027 6027 + sizeofval = sizeof(uint16); 6028 6028 + } 6029 6029 + else if( dirent->tdir_type == TIFF_LONG ) 6030 6030 + { 6031 6031 + sizeofval = sizeof(uint32); 6032 6032 + } 6033 6033 + else if( dirent->tdir_type == TIFF_LONG8 ) 6034 6034 + { 6035 6035 + sizeofval = sizeof(uint64); 6036 6036 + } 6037 6037 + else 6038 6038 + { 6039 6039 + TIFFErrorExt(tif->tif_clientdata, module, 6040 6040 + "Invalid type for [Strip|Tile][Offset/ByteCount] tag"); 6041 6041 + panVals[strile] = 0; 6042 6042 + return 0; 6043 6043 + } 6044 6044 + sizeofvalint = (int)(sizeofval); 6045 6045 + 6046 6046 + if( tif->tif_flags&TIFF_BIGTIFF ) 6047 6047 + { 6048 6048 + uint64 offset = dirent->tdir_offset.toff_long8; 6049 6049 + if( bSwab ) 6050 6050 + TIFFSwabLong8(&offset); 6051 6051 + nBaseOffset = offset; 6052 6052 + } 6053 6053 + else 6054 6054 + { 6055 6055 + uint32 offset = dirent->tdir_offset.toff_long; 6056 6056 + if( bSwab ) 6057 6057 + TIFFSwabLong(&offset); 6058 6058 + nBaseOffset = offset; 6059 6059 + } 6060 6060 + /* To avoid later unsigned integer overflows */ 6061 6061 + if( nBaseOffset > (uint64)TIFF_INT64_MAX ) 6062 6062 + { 6063 6063 + TIFFErrorExt(tif->tif_clientdata, module, 6064 6064 + "Cannot read offset/size for strile %d", strile); 6065 6065 + panVals[strile] = 0; 6066 6066 + return 0; 6067 6067 + } 6068 6068 + nOffset = nBaseOffset + sizeofval * strile; 6069 6069 + nOffsetStartPage = 6070 6070 + (nOffset / IO_CACHE_PAGE_SIZE) * IO_CACHE_PAGE_SIZE; 6071 6071 + nOffsetEndPage = nOffsetStartPage + IO_CACHE_PAGE_SIZE; 6072 6072 + 6073 6073 + if( nOffset + sizeofval > nOffsetEndPage ) 6074 6074 + nOffsetEndPage += IO_CACHE_PAGE_SIZE; 6075 6075 + #undef IO_CACHE_PAGE_SIZE 6076 6076 + 6077 6077 + nLastStripOffset = nBaseOffset + arraySize * sizeofval; 6078 6078 + if( nLastStripOffset < nOffsetEndPage ) 6079 6079 + nOffsetEndPage = nLastStripOffset; 6080 6080 + if( nOffsetStartPage >= nOffsetEndPage ) 6081 6081 + { 6082 6082 + TIFFErrorExt(tif->tif_clientdata, module, 6083 6083 + "Cannot read offset/size for strile %d", strile); 6084 6084 + panVals[strile] = 0; 6085 6085 + return 0; 6086 6086 + } 6087 6087 + if (!SeekOK(tif,nOffsetStartPage)) 6088 6088 + { 6089 6089 + panVals[strile] = 0; 6090 6090 + return 0; 6091 6091 + } 6092 6092 + 6093 6093 + nToRead = (tmsize_t)(nOffsetEndPage - nOffsetStartPage); 6094 6094 + nRead = TIFFReadFile(tif, buffer, nToRead); 6095 6095 + if( nRead < nToRead ) 6096 6096 + { 6097 6097 + TIFFErrorExt(tif->tif_clientdata, module, 6098 6098 + "Cannot read offset/size for strile around ~%d", strile); 6099 6099 + return 0; 6100 6100 + } 6101 6101 + iStartBefore = -(int)((nOffset - nOffsetStartPage) / sizeofval); 6102 6102 + if( strile + iStartBefore < 0 ) 6103 6103 + iStartBefore = -strile; 6104 6104 + for( i = iStartBefore; 6105 6105 + (uint32)(strile + i) < arraySize && 6106 6106 + _TIFFUnsanitizedAddUInt64AndInt(nOffset, (i + 1) * sizeofvalint) <= nOffsetEndPage; 6107 6107 + ++i ) 6108 6108 + { 6109 6109 + if( sizeofval == sizeof(uint16) ) 6110 6110 + { 6111 6111 + uint16 val; 6112 6112 + memcpy(&val, 6113 6113 + buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, 6114 6114 + sizeof(val)); 6115 6115 + if( bSwab ) 6116 6116 + TIFFSwabShort(&val); 6117 6117 + panVals[strile + i] = val; 6118 6118 + } 6119 6119 + else if( sizeofval == sizeof(uint32) ) 6120 6120 + { 6121 6121 + uint32 val; 6122 6122 + memcpy(&val, 6123 6123 + buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, 6124 6124 + sizeof(val)); 6125 6125 + if( bSwab ) 6126 6126 + TIFFSwabLong(&val); 6127 6127 + panVals[strile + i] = val; 6128 6128 + } 6129 6129 + else 6130 6130 + { 6131 6131 + uint64 val; 6132 6132 + memcpy(&val, 6133 6133 + buffer + (nOffset - nOffsetStartPage) + i * sizeofvalint, 6134 6134 + sizeof(val)); 6135 6135 + if( bSwab ) 6136 6136 + TIFFSwabLong8(&val); 6137 6137 + panVals[strile + i] = val; 6138 6138 + } 6139 6139 + } 6140 6140 + return 1; 6141 6141 + } 6142 6142 + 6143 6143 + static int _TIFFFetchStrileValue(TIFF* tif, 6144 6144 + uint32 strile, 6145 6145 + TIFFDirEntry* dirent, 6146 6146 + uint64** parray) 6147 6147 + { 6148 6148 + static const char module[] = "_TIFFFetchStrileValue"; 6149 6149 + TIFFDirectory *td = &tif->tif_dir; 6150 6150 + if( strile >= dirent->tdir_count ) 6151 6151 + { 6152 6152 + return 0; 6153 6153 + } 6154 6154 + if( strile >= td->td_stripoffsetbyteallocsize ) 6155 6155 + { 6156 6156 + uint32 nStripArrayAllocBefore = td->td_stripoffsetbyteallocsize; 6157 6157 + uint32 nStripArrayAllocNew; 6158 6158 + uint64 nArraySize64; 6159 6159 + size_t nArraySize; 6160 6160 + uint64* offsetArray; 6161 6161 + uint64* bytecountArray; 6162 6162 + 6163 6163 + if( strile > 1000000 ) 6164 6164 + { 6165 6165 + uint64 filesize = TIFFGetFileSize(tif); 6166 6166 + /* Avoid excessive memory allocation attempt */ 6167 6167 + /* For such a big blockid we need at least a TIFF_LONG per strile */ 6168 6168 + /* for the offset array. */ 6169 6169 + if( strile > filesize / sizeof(uint32) ) 6170 6170 + { 6171 6171 + TIFFErrorExt(tif->tif_clientdata, module, "File too short"); 5827 6172 return 0; 6173 6173 + } 6174 6174 + } 5828 6175 5829 5829 - if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry), 5830 5830 - td->td_nstrips,&td->td_stripoffset)) 6176 6176 + if( td->td_stripoffsetbyteallocsize == 0 && 6177 6177 + td->td_nstrips < 1024 * 1024 ) 6178 6178 + { 6179 6179 + nStripArrayAllocNew = td->td_nstrips; 6180 6180 + } 6181 6181 + else 6182 6182 + { 6183 6183 + #define TIFF_MAX(a,b) (((a)>(b)) ? (a) : (b)) 6184 6184 + #define TIFF_MIN(a,b) (((a)<(b)) ? (a) : (b)) 6185 6185 + nStripArrayAllocNew = TIFF_MAX(strile + 1, 1024U * 512U ); 6186 6186 + if( nStripArrayAllocNew < 0xFFFFFFFFU / 2 ) 6187 6187 + nStripArrayAllocNew *= 2; 6188 6188 + nStripArrayAllocNew = TIFF_MIN(nStripArrayAllocNew, td->td_nstrips); 6189 6189 + } 6190 6190 + assert( strile < nStripArrayAllocNew ); 6191 6191 + nArraySize64 = (uint64)sizeof(uint64) * nStripArrayAllocNew; 6192 6192 + nArraySize = (size_t)(nArraySize64); 6193 6193 + #if SIZEOF_SIZE_T == 4 6194 6194 + if( nArraySize != nArraySize64 ) 6195 6195 + { 6196 6196 + TIFFErrorExt(tif->tif_clientdata, module, 6197 6197 + "Cannot allocate strip offset and bytecount arrays"); 6198 6198 + return 0; 6199 6199 + } 6200 6200 + #endif 6201 6201 + offsetArray = (uint64*)( 6202 6202 + _TIFFrealloc( td->td_stripoffset_p, nArraySize ) ); 6203 6203 + bytecountArray = (uint64*)( 6204 6204 + _TIFFrealloc( td->td_stripbytecount_p, nArraySize ) ); 6205 6205 + if( offsetArray ) 6206 6206 + td->td_stripoffset_p = offsetArray; 6207 6207 + if( bytecountArray ) 6208 6208 + td->td_stripbytecount_p = bytecountArray; 6209 6209 + if( offsetArray && bytecountArray ) 5831 6210 { 5832 5832 - return_value = 0; 6211 6211 + td->td_stripoffsetbyteallocsize = nStripArrayAllocNew; 6212 6212 + /* Initialize new entries to ~0 / -1 */ 6213 6213 + memset(td->td_stripoffset_p + nStripArrayAllocBefore, 6214 6214 + 0xFF, 6215 6215 + (td->td_stripoffsetbyteallocsize - nStripArrayAllocBefore) * sizeof(uint64) ); 6216 6216 + memset(td->td_stripbytecount_p + nStripArrayAllocBefore, 6217 6217 + 0xFF, 6218 6218 + (td->td_stripoffsetbyteallocsize - nStripArrayAllocBefore) * sizeof(uint64) ); 5833 6219 } 6220 6220 + else 6221 6221 + { 6222 6222 + TIFFErrorExt(tif->tif_clientdata, module, 6223 6223 + "Cannot allocate strip offset and bytecount arrays"); 6224 6224 + _TIFFfree(td->td_stripoffset_p); 6225 6225 + td->td_stripoffset_p = NULL; 6226 6226 + _TIFFfree(td->td_stripbytecount_p); 6227 6227 + td->td_stripbytecount_p = NULL; 6228 6228 + td->td_stripoffsetbyteallocsize = 0; 6229 6229 + } 6230 6230 + } 6231 6231 + if( *parray == NULL || strile >= td->td_stripoffsetbyteallocsize ) 6232 6232 + return 0; 6233 6233 + 6234 6234 + if( ~((*parray)[strile]) == 0 ) 6235 6235 + { 6236 6236 + if( !_TIFFPartialReadStripArray( tif, dirent, strile, *parray ) ) 6237 6237 + { 6238 6238 + (*parray)[strile] = 0; 6239 6239 + return 0; 6240 6240 + } 6241 6241 + } 6242 6242 + 6243 6243 + return 1; 6244 6244 + } 5834 6245 5835 5835 - if (loadStripByteCount && 5836 5836 - !TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry), 5837 5837 - td->td_nstrips,&td->td_stripbytecount)) 6246 6246 + static uint64 _TIFFGetStrileOffsetOrByteCountValue(TIFF *tif, uint32 strile, 6247 6247 + TIFFDirEntry* dirent, 6248 6248 + uint64** parray, 6249 6249 + int *pbErr) 6250 6250 + { 6251 6251 + TIFFDirectory *td = &tif->tif_dir; 6252 6252 + if( pbErr ) 6253 6253 + *pbErr = 0; 6254 6254 + if( (tif->tif_flags&TIFF_DEFERSTRILELOAD) && !(tif->tif_flags&TIFF_CHOPPEDUPARRAYS) ) 6255 6255 + { 6256 6256 + if( !(tif->tif_flags&TIFF_LAZYSTRILELOAD) || 6257 6257 + /* If the values may fit in the toff_long/toff_long8 member */ 6258 6258 + /* then use _TIFFFillStriles to simplify _TIFFFetchStrileValue */ 6259 6259 + dirent->tdir_count <= 4 ) 6260 6260 + { 6261 6261 + if( !_TIFFFillStriles(tif) ) 6262 6262 + { 6263 6263 + if( pbErr ) 6264 6264 + *pbErr = 1; 6265 6265 + /* Do not return, as we want this function to always */ 6266 6266 + /* return the same value if called several times with */ 6267 6267 + /* the same arguments */ 6268 6268 + } 6269 6269 + } 6270 6270 + else 5838 6271 { 5839 5839 - return_value = 0; 6272 6272 + if( !_TIFFFetchStrileValue(tif, strile, dirent, parray) ) 6273 6273 + { 6274 6274 + if( pbErr ) 6275 6275 + *pbErr = 1; 6276 6276 + return 0; 6277 6277 + } 5840 6278 } 6279 6279 + } 6280 6280 + if( *parray == NULL || strile >= td->td_nstrips ) 6281 6281 + { 6282 6282 + if( pbErr ) 6283 6283 + *pbErr = 1; 6284 6284 + return 0; 6285 6285 + } 6286 6286 + return (*parray)[strile]; 6287 6287 + } 5841 6288 5842 5842 - _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry)); 5843 5843 - _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry)); 6289 6289 + /* Return the value of the TileOffsets/StripOffsets array for the specified tile/strile */ 6290 6290 + uint64 TIFFGetStrileOffset(TIFF *tif, uint32 strile) 6291 6291 + { 6292 6292 + return TIFFGetStrileOffsetWithErr(tif, strile, NULL); 6293 6293 + } 5844 6294 5845 5845 - if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) { 5846 5846 - uint32 strip; 6295 6295 + /* Return the value of the TileOffsets/StripOffsets array for the specified tile/strile */ 6296 6296 + uint64 TIFFGetStrileOffsetWithErr(TIFF *tif, uint32 strile, int *pbErr) 6297 6297 + { 6298 6298 + TIFFDirectory *td = &tif->tif_dir; 6299 6299 + return _TIFFGetStrileOffsetOrByteCountValue(tif, strile, 6300 6300 + &(td->td_stripoffset_entry), 6301 6301 + &(td->td_stripoffset_p), pbErr); 6302 6302 + } 5847 6303 5848 5848 - tif->tif_dir.td_stripbytecountsorted = 1; 5849 5849 - for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) { 5850 5850 - if (tif->tif_dir.td_stripoffset[strip - 1] > 5851 5851 - tif->tif_dir.td_stripoffset[strip]) { 5852 5852 - tif->tif_dir.td_stripbytecountsorted = 0; 5853 5853 - break; 5854 5854 - } 5855 5855 - } 5856 5856 - } 6304 6304 + /* Return the value of the TileByteCounts/StripByteCounts array for the specified tile/strile */ 6305 6305 + uint64 TIFFGetStrileByteCount(TIFF *tif, uint32 strile) 6306 6306 + { 6307 6307 + return TIFFGetStrileByteCountWithErr(tif, strile, NULL); 6308 6308 + } 5857 6309 5858 5858 - return return_value; 5859 5859 - #else /* !defined(DEFER_STRILE_LOAD) */ 5860 5860 - (void) tif; 5861 5861 - (void) loadStripByteCount; 6310 6310 + /* Return the value of the TileByteCounts/StripByteCounts array for the specified tile/strile */ 6311 6311 + uint64 TIFFGetStrileByteCountWithErr(TIFF *tif, uint32 strile, int *pbErr) 6312 6312 + { 6313 6313 + TIFFDirectory *td = &tif->tif_dir; 6314 6314 + return _TIFFGetStrileOffsetOrByteCountValue(tif, strile, 6315 6315 + &(td->td_stripbytecount_entry), 6316 6316 + &(td->td_stripbytecount_p), pbErr); 6317 6317 + } 6318 6318 + 6319 6319 + 6320 6320 + int _TIFFFillStriles( TIFF *tif ) 6321 6321 + { 6322 6322 + return _TIFFFillStrilesInternal( tif, 1 ); 6323 6323 + } 6324 6324 + 6325 6325 + static int _TIFFFillStrilesInternal( TIFF *tif, int loadStripByteCount ) 6326 6326 + { 6327 6327 + register TIFFDirectory *td = &tif->tif_dir; 6328 6328 + int return_value = 1; 6329 6329 + 6330 6330 + /* Do not do anything if TIFF_DEFERSTRILELOAD is not set */ 6331 6331 + if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) || (tif->tif_flags&TIFF_CHOPPEDUPARRAYS) != 0 ) 5862 6332 return 1; 5863 5863 - #endif 6333 6333 + 6334 6334 + if( tif->tif_flags&TIFF_LAZYSTRILELOAD ) 6335 6335 + { 6336 6336 + /* In case of lazy loading, reload completely the arrays */ 6337 6337 + _TIFFfree(td->td_stripoffset_p); 6338 6338 + _TIFFfree(td->td_stripbytecount_p); 6339 6339 + td->td_stripoffset_p = NULL; 6340 6340 + td->td_stripbytecount_p = NULL; 6341 6341 + td->td_stripoffsetbyteallocsize = 0; 6342 6342 + tif->tif_flags &= ~TIFF_LAZYSTRILELOAD; 6343 6343 + } 6344 6344 + 6345 6345 + /* If stripoffset array is already loaded, exit with success */ 6346 6346 + if( td->td_stripoffset_p != NULL ) 6347 6347 + return 1; 6348 6348 + 6349 6349 + /* If tdir_count was cancelled, then we already got there, but in error */ 6350 6350 + if( td->td_stripoffset_entry.tdir_count == 0 ) 6351 6351 + return 0; 6352 6352 + 6353 6353 + if (!TIFFFetchStripThing(tif,&(td->td_stripoffset_entry), 6354 6354 + td->td_nstrips,&td->td_stripoffset_p)) 6355 6355 + { 6356 6356 + return_value = 0; 6357 6357 + } 6358 6358 + 6359 6359 + if (loadStripByteCount && 6360 6360 + !TIFFFetchStripThing(tif,&(td->td_stripbytecount_entry), 6361 6361 + td->td_nstrips,&td->td_stripbytecount_p)) 6362 6362 + { 6363 6363 + return_value = 0; 6364 6364 + } 6365 6365 + 6366 6366 + _TIFFmemset( &(td->td_stripoffset_entry), 0, sizeof(TIFFDirEntry)); 6367 6367 + _TIFFmemset( &(td->td_stripbytecount_entry), 0, sizeof(TIFFDirEntry)); 6368 6368 + 6369 6369 + #ifdef STRIPBYTECOUNTSORTED_UNUSED 6370 6370 + if (tif->tif_dir.td_nstrips > 1 && return_value == 1 ) { 6371 6371 + uint32 strip; 6372 6372 + 6373 6373 + tif->tif_dir.td_stripbytecountsorted = 1; 6374 6374 + for (strip = 1; strip < tif->tif_dir.td_nstrips; strip++) { 6375 6375 + if (tif->tif_dir.td_stripoffset_p[strip - 1] > 6376 6376 + tif->tif_dir.td_stripoffset_p[strip]) { 6377 6377 + tif->tif_dir.td_stripbytecountsorted = 0; 6378 6378 + break; 6379 6379 + } 6380 6380 + } 6381 6381 + } 6382 6382 + #endif 6383 6383 + 6384 6384 + return return_value; 5864 6385 } 5865 6386 5866 6387

+292 -50

dll/3rdparty/libtiff/tif_dirwrite.c

··· 183 183 } 184 184 185 185 /* 186 186 + * This is an advanced writing function that must be used in a particular 187 187 + * sequence, and generally together with TIFFForceStrileArrayWriting(), 188 188 + * to make its intended effect. Its aim is to modify the location 189 189 + * where the [Strip/Tile][Offsets/ByteCounts] arrays are located in the file. 190 190 + * More precisely, when TIFFWriteCheck() will be called, the tag entries for 191 191 + * those arrays will be written with type = count = offset = 0 as a temporary 192 192 + * value. 193 193 + * 194 194 + * Its effect is only valid for the current directory, and before 195 195 + * TIFFWriteDirectory() is first called, and will be reset when 196 196 + * changing directory. 197 197 + * 198 198 + * The typical sequence of calls is: 199 199 + * TIFFOpen() 200 200 + * [ TIFFCreateDirectory(tif) ] 201 201 + * Set fields with calls to TIFFSetField(tif, ...) 202 202 + * TIFFDeferStrileArrayWriting(tif) 203 203 + * TIFFWriteCheck(tif, ...) 204 204 + * TIFFWriteDirectory(tif) 205 205 + * ... potentially create other directories and come back to the above directory 206 206 + * TIFFForceStrileArrayWriting(tif): emit the arrays at the end of file 207 207 + * 208 208 + * Returns 1 in case of success, 0 otherwise. 209 209 + */ 210 210 + int TIFFDeferStrileArrayWriting(TIFF* tif) 211 211 + { 212 212 + static const char module[] = "TIFFDeferStrileArrayWriting"; 213 213 + if (tif->tif_mode == O_RDONLY) 214 214 + { 215 215 + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, 216 216 + "File opened in read-only mode"); 217 217 + return 0; 218 218 + } 219 219 + if( tif->tif_diroff != 0 ) 220 220 + { 221 221 + TIFFErrorExt(tif->tif_clientdata, module, 222 222 + "Directory has already been written"); 223 223 + return 0; 224 224 + } 225 225 + 226 226 + tif->tif_dir.td_deferstrilearraywriting = TRUE; 227 227 + return 1; 228 228 + } 229 229 + 230 230 + /* 186 231 * Similar to TIFFWriteDirectory(), writes the directory out 187 232 * but leaves all data structures in memory so that it can be 188 233 * written again. This will make a partially written TIFF file ··· 193 238 { 194 239 int rc; 195 240 /* Setup the strips arrays, if they haven't already been. */ 196 196 - if (tif->tif_dir.td_stripoffset == NULL) 241 241 + if (tif->tif_dir.td_stripoffset_p == NULL) 197 242 (void) TIFFSetupStrips(tif); 198 243 rc = TIFFWriteDirectorySec(tif,TRUE,FALSE,NULL); 199 244 (void) TIFFSetWriteOffset(tif, TIFFSeekFile(tif, 0, SEEK_END)); ··· 528 573 { 529 574 if (!isTiled(tif)) 530 575 { 531 531 - if (!TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPBYTECOUNTS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripbytecount)) 576 576 + if (!TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPBYTECOUNTS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripbytecount_p)) 532 577 goto bad; 533 578 } 534 579 else 535 580 { 536 536 - if (!TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_TILEBYTECOUNTS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripbytecount)) 581 581 + if (!TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_TILEBYTECOUNTS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripbytecount_p)) 537 582 goto bad; 538 583 } 539 584 } ··· 541 586 { 542 587 if (!isTiled(tif)) 543 588 { 544 544 - /* td_stripoffset might be NULL in an odd OJPEG case. See 589 589 + /* td_stripoffset_p might be NULL in an odd OJPEG case. See 545 590 * tif_dirread.c around line 3634. 546 591 * XXX: OJPEG hack. 547 592 * If a) compression is OJPEG, b) it's not a tiled TIFF, ··· 552 597 * We can get here when using tiffset on such a file. 553 598 * See http://bugzilla.maptools.org/show_bug.cgi?id=2500 554 599 */ 555 555 - if (tif->tif_dir.td_stripoffset != NULL && 556 556 - !TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset)) 600 600 + if (tif->tif_dir.td_stripoffset_p != NULL && 601 601 + !TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset_p)) 557 602 goto bad; 558 603 } 559 604 else 560 605 { 561 561 - if (!TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_TILEOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset)) 606 606 + if (!TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_TILEOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset_p)) 562 607 goto bad; 563 608 } 564 609 } ··· 946 991 return(0); 947 992 } 948 993 949 949 - static float TIFFClampDoubleToFloat( double val ) 950 950 - { 951 951 - if( val > FLT_MAX ) 952 952 - return FLT_MAX; 953 953 - if( val < -FLT_MAX ) 954 954 - return -FLT_MAX; 955 955 - return (float)val; 956 956 - } 957 957 - 958 994 static int8 TIFFClampDoubleToInt8( double val ) 959 995 { 960 996 if( val > 127 ) ··· 1029 1065 if (tif->tif_dir.td_bitspersample<=32) 1030 1066 { 1031 1067 for (i = 0; i < count; ++i) 1032 1032 - ((float*)conv)[i] = TIFFClampDoubleToFloat(value[i]); 1068 1068 + ((float*)conv)[i] = _TIFFClampDoubleToFloat(value[i]); 1033 1069 ok = TIFFWriteDirectoryTagFloatArray(tif,ndir,dir,tag,count,(float*)conv); 1034 1070 } 1035 1071 else ··· 1661 1697 return(TIFFWriteDirectoryTagCheckedLong(tif,ndir,dir,tag,value)); 1662 1698 } 1663 1699 1700 1700 + static int _WriteAsType(TIFF* tif, uint64 strile_size, uint64 uncompressed_threshold) 1701 1701 + { 1702 1702 + const uint16 compression = tif->tif_dir.td_compression; 1703 1703 + if ( compression == COMPRESSION_NONE ) 1704 1704 + { 1705 1705 + return strile_size > uncompressed_threshold; 1706 1706 + } 1707 1707 + else if ( compression == COMPRESSION_JPEG || 1708 1708 + compression == COMPRESSION_LZW || 1709 1709 + compression == COMPRESSION_ADOBE_DEFLATE || 1710 1710 + compression == COMPRESSION_LZMA || 1711 1711 + compression == COMPRESSION_LERC || 1712 1712 + compression == COMPRESSION_ZSTD || 1713 1713 + compression == COMPRESSION_WEBP ) 1714 1714 + { 1715 1715 + /* For a few select compression types, we assume that in the worst */ 1716 1716 + /* case the compressed size will be 10 times the uncompressed size */ 1717 1717 + /* This is overly pessismistic ! */ 1718 1718 + return strile_size >= uncompressed_threshold / 10; 1719 1719 + } 1720 1720 + return 1; 1721 1721 + } 1722 1722 + 1723 1723 + static int WriteAsLong8(TIFF* tif, uint64 strile_size) 1724 1724 + { 1725 1725 + return _WriteAsType(tif, strile_size, 0xFFFFFFFFU); 1726 1726 + } 1727 1727 + 1728 1728 + static int WriteAsLong4(TIFF* tif, uint64 strile_size) 1729 1729 + { 1730 1730 + return _WriteAsType(tif, strile_size, 0xFFFFU); 1731 1731 + } 1732 1732 + 1664 1733 /************************************************************************/ 1665 1734 /* TIFFWriteDirectoryTagLongLong8Array() */ 1666 1735 /* */ 1667 1667 - /* Write out LONG8 array as LONG8 for BigTIFF or LONG for */ 1668 1668 - /* Classic TIFF with some checking. */ 1736 1736 + /* Write out LONG8 array and write a SHORT/LONG/LONG8 depending */ 1737 1737 + /* on strile size and Classic/BigTIFF mode. */ 1669 1738 /************************************************************************/ 1670 1739 1671 1740 static int 1672 1741 TIFFWriteDirectoryTagLongLong8Array(TIFF* tif, uint32* ndir, TIFFDirEntry* dir, uint16 tag, uint32 count, uint64* value) 1673 1742 { 1674 1743 static const char module[] = "TIFFWriteDirectoryTagLongLong8Array"; 1675 1675 - uint64* ma; 1676 1676 - uint32 mb; 1677 1677 - uint32* p; 1678 1678 - uint32* q; 1679 1744 int o; 1745 1745 + int write_aslong4; 1680 1746 1681 1747 /* is this just a counting pass? */ 1682 1748 if (dir==NULL) ··· 1685 1751 return(1); 1686 1752 } 1687 1753 1688 1688 - /* We always write LONG8 for BigTIFF, no checking needed. */ 1754 1754 + if( tif->tif_dir.td_deferstrilearraywriting ) 1755 1755 + { 1756 1756 + return TIFFWriteDirectoryTagData(tif, ndir, dir, tag, TIFF_NOTYPE, 0, 0, NULL); 1757 1757 + } 1758 1758 + 1689 1759 if( tif->tif_flags&TIFF_BIGTIFF ) 1690 1690 - return TIFFWriteDirectoryTagCheckedLong8Array(tif,ndir,dir, 1691 1691 - tag,count,value); 1760 1760 + { 1761 1761 + int write_aslong8 = 1; 1762 1762 + /* In the case of ByteCounts array, we may be able to write them on */ 1763 1763 + /* LONG if the strip/tilesize is not too big. */ 1764 1764 + /* Also do that for count > 1 in the case someone would want to create */ 1765 1765 + /* a single-strip file with a growing height, in which case using */ 1766 1766 + /* LONG8 will be safer. */ 1767 1767 + if( count > 1 && tag == TIFFTAG_STRIPBYTECOUNTS ) 1768 1768 + { 1769 1769 + write_aslong8 = WriteAsLong8(tif, TIFFStripSize64(tif)); 1770 1770 + } 1771 1771 + else if( count > 1 && tag == TIFFTAG_TILEBYTECOUNTS ) 1772 1772 + { 1773 1773 + write_aslong8 = WriteAsLong8(tif, TIFFTileSize64(tif)); 1774 1774 + } 1775 1775 + if( write_aslong8 ) 1776 1776 + { 1777 1777 + return TIFFWriteDirectoryTagCheckedLong8Array(tif,ndir,dir, 1778 1778 + tag,count,value); 1779 1779 + } 1780 1780 + } 1692 1781 1693 1693 - /* 1694 1694 - ** For classic tiff we want to verify everything is in range for LONG 1695 1695 - ** and convert to long format. 1696 1696 - */ 1697 1697 - 1698 1698 - p = _TIFFmalloc(count*sizeof(uint32)); 1699 1699 - if (p==NULL) 1782 1782 + write_aslong4 = 1; 1783 1783 + if( count > 1 && tag == TIFFTAG_STRIPBYTECOUNTS ) 1700 1784 { 1701 1701 - TIFFErrorExt(tif->tif_clientdata,module,"Out of memory"); 1702 1702 - return(0); 1785 1785 + write_aslong4 = WriteAsLong4(tif, TIFFStripSize64(tif)); 1786 1786 + } 1787 1787 + else if( count > 1 && tag == TIFFTAG_TILEBYTECOUNTS ) 1788 1788 + { 1789 1789 + write_aslong4 = WriteAsLong4(tif, TIFFTileSize64(tif)); 1703 1790 } 1791 1791 + if( write_aslong4 ) 1792 1792 + { 1793 1793 + /* 1794 1794 + ** For classic tiff we want to verify everything is in range for LONG 1795 1795 + ** and convert to long format. 1796 1796 + */ 1704 1797 1705 1705 - for (q=p, ma=value, mb=0; mb<count; ma++, mb++, q++) 1706 1706 - { 1707 1707 - if (*ma>0xFFFFFFFF) 1798 1798 + uint32* p = _TIFFmalloc(count*sizeof(uint32)); 1799 1799 + uint32* q; 1800 1800 + uint64* ma; 1801 1801 + uint32 mb; 1802 1802 + 1803 1803 + if (p==NULL) 1708 1804 { 1709 1709 - TIFFErrorExt(tif->tif_clientdata,module, 1710 1710 - "Attempt to write value larger than 0xFFFFFFFF in Classic TIFF file."); 1711 1711 - _TIFFfree(p); 1805 1805 + TIFFErrorExt(tif->tif_clientdata,module,"Out of memory"); 1712 1806 return(0); 1713 1807 } 1714 1714 - *q= (uint32)(*ma); 1808 1808 + 1809 1809 + for (q=p, ma=value, mb=0; mb<count; ma++, mb++, q++) 1810 1810 + { 1811 1811 + if (*ma>0xFFFFFFFF) 1812 1812 + { 1813 1813 + TIFFErrorExt(tif->tif_clientdata,module, 1814 1814 + "Attempt to write value larger than 0xFFFFFFFF in LONG array."); 1815 1815 + _TIFFfree(p); 1816 1816 + return(0); 1817 1817 + } 1818 1818 + *q= (uint32)(*ma); 1819 1819 + } 1820 1820 + 1821 1821 + o=TIFFWriteDirectoryTagCheckedLongArray(tif,ndir,dir,tag,count,p); 1822 1822 + _TIFFfree(p); 1715 1823 } 1824 1824 + else 1825 1825 + { 1826 1826 + uint16* p = _TIFFmalloc(count*sizeof(uint16)); 1827 1827 + uint16* q; 1828 1828 + uint64* ma; 1829 1829 + uint32 mb; 1716 1830 1717 1717 - o=TIFFWriteDirectoryTagCheckedLongArray(tif,ndir,dir,tag,count,p); 1718 1718 - _TIFFfree(p); 1831 1831 + if (p==NULL) 1832 1832 + { 1833 1833 + TIFFErrorExt(tif->tif_clientdata,module,"Out of memory"); 1834 1834 + return(0); 1835 1835 + } 1836 1836 + 1837 1837 + for (q=p, ma=value, mb=0; mb<count; ma++, mb++, q++) 1838 1838 + { 1839 1839 + if (*ma>0xFFFF) 1840 1840 + { 1841 1841 + /* Should not happen normally given the check we did before */ 1842 1842 + TIFFErrorExt(tif->tif_clientdata,module, 1843 1843 + "Attempt to write value larger than 0xFFFF in SHORT array."); 1844 1844 + _TIFFfree(p); 1845 1845 + return(0); 1846 1846 + } 1847 1847 + *q= (uint16)(*ma); 1848 1848 + } 1849 1849 + 1850 1850 + o=TIFFWriteDirectoryTagCheckedShortArray(tif,ndir,dir,tag,count,p); 1851 1851 + _TIFFfree(p); 1852 1852 + } 1719 1853 1720 1854 return(o); 1721 1855 } ··· 1893 2027 n=3; 1894 2028 if (n==3) 1895 2029 { 1896 1896 - if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) 2030 2030 + if (tif->tif_dir.td_transferfunction[2] == NULL || 2031 2031 + !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[2],m*sizeof(uint16))) 1897 2032 n=2; 1898 2033 } 1899 2034 if (n==2) 1900 2035 { 1901 1901 - if (!_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) 2036 2036 + if (tif->tif_dir.td_transferfunction[1] == NULL || 2037 2037 + !_TIFFmemcmp(tif->tif_dir.td_transferfunction[0],tif->tif_dir.td_transferfunction[1],m*sizeof(uint16))) 1902 2038 n=1; 1903 2039 } 1904 2040 if (n==0) ··· 2428 2564 dir[m].tdir_count=count; 2429 2565 dir[m].tdir_offset.toff_long8 = 0; 2430 2566 if (datalength<=((tif->tif_flags&TIFF_BIGTIFF)?0x8U:0x4U)) 2431 2431 - _TIFFmemcpy(&dir[m].tdir_offset,data,datalength); 2567 2567 + { 2568 2568 + if( data && datalength ) 2569 2569 + { 2570 2570 + _TIFFmemcpy(&dir[m].tdir_offset,data,datalength); 2571 2571 + } 2572 2572 + } 2432 2573 else 2433 2574 { 2434 2575 uint64 na,nb; ··· 2821 2962 } 2822 2963 2823 2964 /* -------------------------------------------------------------------- */ 2965 2965 + /* When a dummy tag was written due to TIFFDeferStrileArrayWriting() */ 2966 2966 + /* -------------------------------------------------------------------- */ 2967 2967 + if( entry_offset == 0 && entry_count == 0 && entry_type == 0 ) 2968 2968 + { 2969 2969 + if( tag == TIFFTAG_TILEOFFSETS || tag == TIFFTAG_STRIPOFFSETS ) 2970 2970 + { 2971 2971 + entry_type = (tif->tif_flags&TIFF_BIGTIFF) ? TIFF_LONG8 : TIFF_LONG; 2972 2972 + } 2973 2973 + else 2974 2974 + { 2975 2975 + int write_aslong8 = 1; 2976 2976 + if( count > 1 && tag == TIFFTAG_STRIPBYTECOUNTS ) 2977 2977 + { 2978 2978 + write_aslong8 = WriteAsLong8(tif, TIFFStripSize64(tif)); 2979 2979 + } 2980 2980 + else if( count > 1 && tag == TIFFTAG_TILEBYTECOUNTS ) 2981 2981 + { 2982 2982 + write_aslong8 = WriteAsLong8(tif, TIFFTileSize64(tif)); 2983 2983 + } 2984 2984 + if( write_aslong8 ) 2985 2985 + { 2986 2986 + entry_type = TIFF_LONG8; 2987 2987 + } 2988 2988 + else 2989 2989 + { 2990 2990 + int write_aslong4 = 1; 2991 2991 + if( count > 1 && tag == TIFFTAG_STRIPBYTECOUNTS ) 2992 2992 + { 2993 2993 + write_aslong4 = WriteAsLong4(tif, TIFFStripSize64(tif)); 2994 2994 + } 2995 2995 + else if( count > 1 && tag == TIFFTAG_TILEBYTECOUNTS ) 2996 2996 + { 2997 2997 + write_aslong4 = WriteAsLong4(tif, TIFFTileSize64(tif)); 2998 2998 + } 2999 2999 + if( write_aslong4 ) 3000 3000 + { 3001 3001 + entry_type = TIFF_LONG; 3002 3002 + } 3003 3003 + else 3004 3004 + { 3005 3005 + entry_type = TIFF_SHORT; 3006 3006 + } 3007 3007 + } 3008 3008 + } 3009 3009 + } 3010 3010 + 3011 3011 + /* -------------------------------------------------------------------- */ 2824 3012 /* What data type do we want to write this as? */ 2825 3013 /* -------------------------------------------------------------------- */ 2826 3014 if( TIFFDataWidth(in_datatype) == 8 && !(tif->tif_flags&TIFF_BIGTIFF) ) 2827 3015 { 2828 3016 if( in_datatype == TIFF_LONG8 ) 2829 2829 - datatype = TIFF_LONG; 3017 3017 + datatype = entry_type == TIFF_SHORT ? TIFF_SHORT : TIFF_LONG; 2830 3018 else if( in_datatype == TIFF_SLONG8 ) 2831 3019 datatype = TIFF_SLONG; 2832 3020 else if( in_datatype == TIFF_IFD8 ) ··· 2834 3022 else 2835 3023 datatype = in_datatype; 2836 3024 } 2837 2837 - else 2838 2838 - datatype = in_datatype; 3025 3025 + else 3026 3026 + { 3027 3027 + if( in_datatype == TIFF_LONG8 && 3028 3028 + (entry_type == TIFF_SHORT || entry_type == TIFF_LONG || 3029 3029 + entry_type == TIFF_LONG8 ) ) 3030 3030 + datatype = entry_type; 3031 3031 + else if( in_datatype == TIFF_SLONG8 && 3032 3032 + (entry_type == TIFF_SLONG || entry_type == TIFF_SLONG8 ) ) 3033 3033 + datatype = entry_type; 3034 3034 + else if( in_datatype == TIFF_IFD8 && 3035 3035 + (entry_type == TIFF_IFD || entry_type == TIFF_IFD8 ) ) 3036 3036 + datatype = entry_type; 3037 3037 + else 3038 3038 + datatype = in_datatype; 3039 3039 + } 2839 3040 2840 3041 /* -------------------------------------------------------------------- */ 2841 3042 /* Prepare buffer of actual data to write. This includes */ ··· 2884 3085 } 2885 3086 } 2886 3087 } 3088 3088 + else if( datatype == TIFF_SHORT && in_datatype == TIFF_LONG8 ) 3089 3089 + { 3090 3090 + tmsize_t i; 3091 3091 + 3092 3092 + for( i = 0; i < count; i++ ) 3093 3093 + { 3094 3094 + ((uint16 *) buf_to_write)[i] = 3095 3095 + (uint16) ((uint64 *) data)[i]; 3096 3096 + if( (uint64) ((uint16 *) buf_to_write)[i] != ((uint64 *) data)[i] ) 3097 3097 + { 3098 3098 + _TIFFfree( buf_to_write ); 3099 3099 + TIFFErrorExt( tif->tif_clientdata, module, 3100 3100 + "Value exceeds 16bit range of output type." ); 3101 3101 + return 0; 3102 3102 + } 3103 3103 + } 3104 3104 + } 3105 3105 + else 3106 3106 + { 3107 3107 + TIFFErrorExt( tif->tif_clientdata, module, 3108 3108 + "Unhandled type conversion." ); 3109 3109 + return 0; 3110 3110 + } 2887 3111 2888 3112 if( TIFFDataWidth(datatype) > 1 && (tif->tif_flags&TIFF_SWAB) ) 2889 3113 { ··· 2913 3137 entry_offset = read_offset + 12; 2914 3138 value_in_entry = 1; 2915 3139 } 3140 3140 + } 3141 3141 + 3142 3142 + if( (tag == TIFFTAG_TILEOFFSETS || tag == TIFFTAG_STRIPOFFSETS) && 3143 3143 + tif->tif_dir.td_stripoffset_entry.tdir_count == 0 && 3144 3144 + tif->tif_dir.td_stripoffset_entry.tdir_type == 0 && 3145 3145 + tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 ) 3146 3146 + { 3147 3147 + tif->tif_dir.td_stripoffset_entry.tdir_type = datatype; 3148 3148 + tif->tif_dir.td_stripoffset_entry.tdir_count = count; 3149 3149 + } 3150 3150 + else if( (tag == TIFFTAG_TILEBYTECOUNTS || tag == TIFFTAG_STRIPBYTECOUNTS) && 3151 3151 + tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 && 3152 3152 + tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 && 3153 3153 + tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0 ) 3154 3154 + { 3155 3155 + tif->tif_dir.td_stripbytecount_entry.tdir_type = datatype; 3156 3156 + tif->tif_dir.td_stripbytecount_entry.tdir_count = count; 2916 3157 } 2917 3158 2918 3159 /* -------------------------------------------------------------------- */ ··· 2966 3207 /* Adjust the directory entry. */ 2967 3208 /* -------------------------------------------------------------------- */ 2968 3209 entry_type = datatype; 3210 3210 + entry_count = (uint64)count; 2969 3211 memcpy( direntry_raw + 2, &entry_type, sizeof(uint16) ); 2970 3212 if (tif->tif_flags&TIFF_SWAB) 2971 3213 TIFFSwabShort( (uint16 *) (direntry_raw + 2) );

+88 -30

dll/3rdparty/libtiff/tif_flush.c

··· 46 46 && !(tif->tif_flags & TIFF_DIRTYDIRECT) 47 47 && tif->tif_mode == O_RDWR ) 48 48 { 49 49 - uint64 *offsets=NULL, *sizes=NULL; 50 50 - 51 51 - if( TIFFIsTiled(tif) ) 52 52 - { 53 53 - if( TIFFGetField( tif, TIFFTAG_TILEOFFSETS, &offsets ) 54 54 - && TIFFGetField( tif, TIFFTAG_TILEBYTECOUNTS, &sizes ) 55 55 - && _TIFFRewriteField( tif, TIFFTAG_TILEOFFSETS, TIFF_LONG8, 56 56 - tif->tif_dir.td_nstrips, offsets ) 57 57 - && _TIFFRewriteField( tif, TIFFTAG_TILEBYTECOUNTS, TIFF_LONG8, 58 58 - tif->tif_dir.td_nstrips, sizes ) ) 59 59 - { 60 60 - tif->tif_flags &= ~TIFF_DIRTYSTRIP; 61 61 - tif->tif_flags &= ~TIFF_BEENWRITING; 62 62 - return 1; 63 63 - } 64 64 - } 65 65 - else 66 66 - { 67 67 - if( TIFFGetField( tif, TIFFTAG_STRIPOFFSETS, &offsets ) 68 68 - && TIFFGetField( tif, TIFFTAG_STRIPBYTECOUNTS, &sizes ) 69 69 - && _TIFFRewriteField( tif, TIFFTAG_STRIPOFFSETS, TIFF_LONG8, 70 70 - tif->tif_dir.td_nstrips, offsets ) 71 71 - && _TIFFRewriteField( tif, TIFFTAG_STRIPBYTECOUNTS, TIFF_LONG8, 72 72 - tif->tif_dir.td_nstrips, sizes ) ) 73 73 - { 74 74 - tif->tif_flags &= ~TIFF_DIRTYSTRIP; 75 75 - tif->tif_flags &= ~TIFF_BEENWRITING; 76 76 - return 1; 77 77 - } 78 78 - } 49 49 + if( TIFFForceStrileArrayWriting(tif) ) 50 50 + return 1; 79 51 } 80 52 81 53 if ((tif->tif_flags & (TIFF_DIRTYDIRECT|TIFF_DIRTYSTRIP)) ··· 83 55 return (0); 84 56 85 57 return (1); 58 58 + } 59 59 + 60 60 + /* 61 61 + * This is an advanced writing function that must be used in a particular 62 62 + * sequence, and together with TIFFDeferStrileArrayWriting(), 63 63 + * to make its intended effect. Its aim is to force the writing of 64 64 + * the [Strip/Tile][Offsets/ByteCounts] arrays at the end of the file, when 65 65 + * they have not yet been rewritten. 66 66 + * 67 67 + * The typical sequence of calls is: 68 68 + * TIFFOpen() 69 69 + * [ TIFFCreateDirectory(tif) ] 70 70 + * Set fields with calls to TIFFSetField(tif, ...) 71 71 + * TIFFDeferStrileArrayWriting(tif) 72 72 + * TIFFWriteCheck(tif, ...) 73 73 + * TIFFWriteDirectory(tif) 74 74 + * ... potentially create other directories and come back to the above directory 75 75 + * TIFFForceStrileArrayWriting(tif) 76 76 + * 77 77 + * Returns 1 in case of success, 0 otherwise. 78 78 + */ 79 79 + int TIFFForceStrileArrayWriting(TIFF* tif) 80 80 + { 81 81 + static const char module[] = "TIFFForceStrileArrayWriting"; 82 82 + const int isTiled = TIFFIsTiled(tif); 83 83 + 84 84 + if (tif->tif_mode == O_RDONLY) 85 85 + { 86 86 + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, 87 87 + "File opened in read-only mode"); 88 88 + return 0; 89 89 + } 90 90 + if( tif->tif_diroff == 0 ) 91 91 + { 92 92 + TIFFErrorExt(tif->tif_clientdata, module, 93 93 + "Directory has not yet been written"); 94 94 + return 0; 95 95 + } 96 96 + if( (tif->tif_flags & TIFF_DIRTYDIRECT) != 0 ) 97 97 + { 98 98 + TIFFErrorExt(tif->tif_clientdata, module, 99 99 + "Directory has changes other than the strile arrays. " 100 100 + "TIFFRewriteDirectory() should be called instead"); 101 101 + return 0; 102 102 + } 103 103 + 104 104 + if( !(tif->tif_flags & TIFF_DIRTYSTRIP) ) 105 105 + { 106 106 + if( !(tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 && 107 107 + tif->tif_dir.td_stripoffset_entry.tdir_count == 0 && 108 108 + tif->tif_dir.td_stripoffset_entry.tdir_type == 0 && 109 109 + tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 && 110 110 + tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 && 111 111 + tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 && 112 112 + tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 && 113 113 + tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0) ) 114 114 + { 115 115 + TIFFErrorExt(tif->tif_clientdata, module, 116 116 + "Function not called together with " 117 117 + "TIFFDeferStrileArrayWriting()"); 118 118 + return 0; 119 119 + } 120 120 + 121 121 + if (tif->tif_dir.td_stripoffset_p == NULL && !TIFFSetupStrips(tif)) 122 122 + return 0; 123 123 + } 124 124 + 125 125 + if( _TIFFRewriteField( tif, 126 126 + isTiled ? TIFFTAG_TILEOFFSETS : 127 127 + TIFFTAG_STRIPOFFSETS, 128 128 + TIFF_LONG8, 129 129 + tif->tif_dir.td_nstrips, 130 130 + tif->tif_dir.td_stripoffset_p ) 131 131 + && _TIFFRewriteField( tif, 132 132 + isTiled ? TIFFTAG_TILEBYTECOUNTS : 133 133 + TIFFTAG_STRIPBYTECOUNTS, 134 134 + TIFF_LONG8, 135 135 + tif->tif_dir.td_nstrips, 136 136 + tif->tif_dir.td_stripbytecount_p ) ) 137 137 + { 138 138 + tif->tif_flags &= ~TIFF_DIRTYSTRIP; 139 139 + tif->tif_flags &= ~TIFF_BEENWRITING; 140 140 + return 1; 141 141 + } 142 142 + 143 143 + return 0; 86 144 } 87 145 88 146 /*

+23 -11

dll/3rdparty/libtiff/tif_getimage.c

··· 755 755 uint32 leftmost_tw; 756 756 757 757 tilesize = TIFFTileSize(tif); 758 758 - bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,tilesize); 758 758 + bufsize = _TIFFMultiplySSize(tif, alpha?4:3,tilesize, "gtTileSeparate"); 759 759 if (bufsize == 0) { 760 760 - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtTileSeparate"); 761 760 return (0); 762 761 } 763 762 ··· 950 949 fromskew = (w < imagewidth ? imagewidth - w : 0); 951 950 for (row = 0; row < h; row += nrow) 952 951 { 952 952 + uint32 temp; 953 953 rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip; 954 954 nrow = (row + rowstoread > h ? h - row : rowstoread); 955 955 nrowsub = nrow; 956 956 if ((nrowsub%subsamplingver)!=0) 957 957 nrowsub+=subsamplingver-nrowsub%subsamplingver; 958 958 + temp = (row + img->row_offset)%rowsperstrip + nrowsub; 959 959 + if( scanline > 0 && temp > (size_t)(TIFF_TMSIZE_T_MAX / scanline) ) 960 960 + { 961 961 + TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in gtStripContig"); 962 962 + return 0; 963 963 + } 958 964 if (_TIFFReadEncodedStripAndAllocBuffer(tif, 959 965 TIFFComputeStrip(tif,row+img->row_offset, 0), 960 966 (void**)(&buf), 961 967 maxstripsize, 962 962 - ((row + img->row_offset)%rowsperstrip + nrowsub) * scanline)==(tmsize_t)(-1) 968 968 + temp * scanline)==(tmsize_t)(-1) 963 969 && (buf == NULL || img->stoponerr)) 964 970 { 965 971 ret = 0; ··· 1019 1025 uint16 colorchannels; 1020 1026 1021 1027 stripsize = TIFFStripSize(tif); 1022 1022 - bufsize = TIFFSafeMultiply(tmsize_t,alpha?4:3,stripsize); 1028 1028 + bufsize = _TIFFMultiplySSize(tif,alpha?4:3,stripsize, "gtStripSeparate"); 1023 1029 if (bufsize == 0) { 1024 1024 - TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in %s", "gtStripSeparate"); 1025 1030 return (0); 1026 1031 } 1027 1032 ··· 1053 1058 fromskew = (w < imagewidth ? imagewidth - w : 0); 1054 1059 for (row = 0; row < h; row += nrow) 1055 1060 { 1061 1061 + uint32 temp; 1056 1062 rowstoread = rowsperstrip - (row + img->row_offset) % rowsperstrip; 1057 1063 nrow = (row + rowstoread > h ? h - row : rowstoread); 1058 1064 offset_row = row + img->row_offset; 1065 1065 + temp = (row + img->row_offset)%rowsperstrip + nrow; 1066 1066 + if( scanline > 0 && temp > (size_t)(TIFF_TMSIZE_T_MAX / scanline) ) 1067 1067 + { 1068 1068 + TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), "Integer overflow in gtStripSeparate"); 1069 1069 + return 0; 1070 1070 + } 1059 1071 if( buf == NULL ) 1060 1072 { 1061 1073 if (_TIFFReadEncodedStripAndAllocBuffer( 1062 1074 tif, TIFFComputeStrip(tif, offset_row, 0), 1063 1075 (void**) &buf, bufsize, 1064 1064 - ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) 1076 1076 + temp * scanline)==(tmsize_t)(-1) 1065 1077 && (buf == NULL || img->stoponerr)) 1066 1078 { 1067 1079 ret = 0; ··· 1081 1093 } 1082 1094 } 1083 1095 else if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 0), 1084 1084 - p0, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) 1096 1096 + p0, temp * scanline)==(tmsize_t)(-1) 1085 1097 && img->stoponerr) 1086 1098 { 1087 1099 ret = 0; ··· 1089 1101 } 1090 1102 if (colorchannels > 1 1091 1103 && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 1), 1092 1092 - p1, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1) 1104 1104 + p1, temp * scanline) == (tmsize_t)(-1) 1093 1105 && img->stoponerr) 1094 1106 { 1095 1107 ret = 0; ··· 1097 1109 } 1098 1110 if (colorchannels > 1 1099 1111 && TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, 2), 1100 1100 - p2, ((row + img->row_offset)%rowsperstrip + nrow) * scanline) == (tmsize_t)(-1) 1112 1112 + p2, temp * scanline) == (tmsize_t)(-1) 1101 1113 && img->stoponerr) 1102 1114 { 1103 1115 ret = 0; ··· 1106 1118 if (alpha) 1107 1119 { 1108 1120 if (TIFFReadEncodedStrip(tif, TIFFComputeStrip(tif, offset_row, colorchannels), 1109 1109 - pa, ((row + img->row_offset)%rowsperstrip + nrow) * scanline)==(tmsize_t)(-1) 1121 1121 + pa, temp * scanline)==(tmsize_t)(-1) 1110 1122 && img->stoponerr) 1111 1123 { 1112 1124 ret = 0; ··· 2957 2969 if( !TIFFIsTiled( tif ) ) 2958 2970 { 2959 2971 TIFFErrorExt(tif->tif_clientdata, TIFFFileName(tif), 2960 2960 - "Can't use TIFFReadRGBATile() with stripped file."); 2972 2972 + "Can't use TIFFReadRGBATile() with striped file."); 2961 2973 return (0); 2962 2974 } 2963 2975

+7 -10

dll/3rdparty/libtiff/tif_jpeg.c

··· 780 780 */ 781 781 static const char module[] = "JPEGFixupTagsSubsampling"; 782 782 struct JPEGFixupTagsSubsamplingData m; 783 783 + uint64 fileoffset = TIFFGetStrileOffset(tif, 0); 783 784 784 784 - _TIFFFillStriles( tif ); 785 785 - 786 786 - if( tif->tif_dir.td_stripbytecount == NULL 787 787 - || tif->tif_dir.td_stripoffset == NULL 788 788 - || tif->tif_dir.td_stripbytecount[0] == 0 ) 785 785 + if( fileoffset == 0 ) 789 786 { 790 787 /* Do not even try to check if the first strip/tile does not 791 788 yet exist, as occurs when GDAL has created a new NULL file ··· 804 801 } 805 802 m.buffercurrentbyte=NULL; 806 803 m.bufferbytesleft=0; 807 807 - m.fileoffset=tif->tif_dir.td_stripoffset[0]; 804 804 + m.fileoffset=fileoffset; 808 805 m.filepositioned=0; 809 809 - m.filebytesleft=tif->tif_dir.td_stripbytecount[0]; 806 806 + m.filebytesleft=TIFFGetStrileByteCount(tif, 0); 810 807 if (!JPEGFixupTagsSubsamplingSec(&m)) 811 808 TIFFWarningExt(tif->tif_clientdata,module, 812 809 "Unable to auto-correct subsampling values, likely corrupt JPEG compressed data in first strip/tile; auto-correcting skipped"); ··· 1566 1563 JSAMPLE *outptr = (JSAMPLE*)tmpbuf + clumpoffset; 1567 1564 #else 1568 1565 JSAMPLE *outptr = (JSAMPLE*)buf + clumpoffset; 1569 1569 - if (cc < (tmsize_t) (clumpoffset + samples_per_clump*(clumps_per_line-1) + hsamp)) { 1566 1566 + if (cc < (tmsize_t)(clumpoffset + (tmsize_t)samples_per_clump*(clumps_per_line-1) + hsamp)) { 1570 1567 TIFFErrorExt(tif->tif_clientdata, "JPEGDecodeRaw", 1571 1568 "application buffer not large enough for all data, possible subsampling issue"); 1572 1569 return 0; ··· 2126 2123 /* data is expected to be supplied in multiples of a clumpline */ 2127 2124 /* a clumpline is equivalent to v_sampling desubsampled scanlines */ 2128 2125 /* TODO: the following calculation of bytesperclumpline, should substitute calculation of sp->bytesperline, except that it is per v_sampling lines */ 2129 2129 - bytesperclumpline = (((sp->cinfo.c.image_width+sp->h_sampling-1)/sp->h_sampling) 2130 2130 - *(sp->h_sampling*sp->v_sampling+2)*sp->cinfo.c.data_precision+7) 2126 2126 + bytesperclumpline = ((((tmsize_t)sp->cinfo.c.image_width+sp->h_sampling-1)/sp->h_sampling) 2127 2127 + *((tmsize_t)sp->h_sampling*sp->v_sampling+2)*sp->cinfo.c.data_precision+7) 2131 2128 /8; 2132 2129 2133 2130 nrows = ( cc / bytesperclumpline ) * sp->v_sampling;

+12 -13

dll/3rdparty/libtiff/tif_luv.c

··· 742 742 #undef exp2 /* Conflict with C'99 function */ 743 743 #define exp2(x) exp(M_LN2*(x)) 744 744 745 745 - #define itrunc(x,m) ((m)==SGILOGENCODE_NODITHER ? \ 746 746 - (int)(x) : \ 747 747 - (int)((x) + rand()*(1./RAND_MAX) - .5)) 745 745 + static int itrunc(double x, int m) 746 746 + { 747 747 + if( m == SGILOGENCODE_NODITHER ) 748 748 + return (int)x; 749 749 + /* Silence CoverityScan warning about bad crypto function */ 750 750 + /* coverity[dont_call] */ 751 751 + return (int)(x + rand()*(1./RAND_MAX) - .5); 752 752 + } 748 753 749 754 #if !LOGLUV_PUBLIC 750 755 static ··· 1264 1269 return (SGILOGDATAFMT_UNKNOWN); 1265 1270 } 1266 1271 1267 1267 - 1268 1268 - #define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) 1269 1269 - #define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) 1270 1270 - 1271 1272 static tmsize_t 1272 1273 multiply_ms(tmsize_t m1, tmsize_t m2) 1273 1274 { 1274 1274 - if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 ) 1275 1275 - return 0; 1276 1276 - return m1 * m2; 1275 1275 + return _TIFFMultiplySSize(NULL, m1, m2, NULL); 1277 1276 } 1278 1277 1279 1278 static int ··· 1507 1506 switch (td->td_photometric) { 1508 1507 case PHOTOMETRIC_LOGLUV: 1509 1508 if (!LogLuvInitState(tif)) 1510 1510 - break; 1509 1509 + return (0); 1511 1510 if (td->td_compression == COMPRESSION_SGILOG24) { 1512 1511 tif->tif_encoderow = LogLuvEncode24; 1513 1512 switch (sp->user_datafmt) { ··· 1540 1539 break; 1541 1540 case PHOTOMETRIC_LOGL: 1542 1541 if (!LogL16InitState(tif)) 1543 1543 - break; 1542 1542 + return (0); 1544 1543 tif->tif_encoderow = LogL16Encode; 1545 1544 switch (sp->user_datafmt) { 1546 1545 case SGILOGDATAFMT_FLOAT: ··· 1556 1555 TIFFErrorExt(tif->tif_clientdata, module, 1557 1556 "Inappropriate photometric interpretation %d for SGILog compression; %s", 1558 1557 td->td_photometric, "must be either LogLUV or LogL"); 1559 1559 - break; 1558 1558 + return (0); 1560 1559 } 1561 1560 sp->encoder_state = 1; 1562 1561 return (1);

+2

dll/3rdparty/libtiff/tif_lzw.c

··· 247 247 /* 248 248 * Zero-out the unused entries 249 249 */ 250 250 + /* Silence false positive */ 251 251 + /* coverity[overrun-buffer-arg] */ 250 252 _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0, 251 253 (CODE_FIRST - CODE_CLEAR) * sizeof (code_t)); 252 254 }

+71 -20

dll/3rdparty/libtiff/tif_ojpeg.c

··· 243 243 typedef struct { 244 244 TIFF* tif; 245 245 int decoder_ok; 246 246 + int error_in_raw_data_decoding; 246 247 #ifndef LIBJPEG_ENCAP_EXTERNAL 247 248 JMP_BUF exit_jmpbuf; 248 249 #endif ··· 678 679 if (OJPEGReadSecondarySos(tif,s)==0) 679 680 return(0); 680 681 } 681 681 - if isTiled(tif) 682 682 + if (isTiled(tif)) 682 683 m=tif->tif_curtile; 683 684 else 684 685 m=tif->tif_curstrip; ··· 742 743 } 743 744 m-=sp->subsampling_convert_clines-sp->subsampling_convert_state; 744 745 sp->subsampling_convert_state=0; 746 746 + sp->error_in_raw_data_decoding=0; 745 747 } 746 748 while (m>=sp->subsampling_convert_clines) 747 749 { ··· 792 794 TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized"); 793 795 return 0; 794 796 } 797 797 + if( sp->error_in_raw_data_decoding ) 798 798 + { 799 799 + return 0; 800 800 + } 795 801 if (sp->libjpeg_jpeg_query_style==0) 796 802 { 797 803 if (OJPEGDecodeRaw(tif,buf,cc)==0) ··· 831 837 { 832 838 if (sp->subsampling_convert_state==0) 833 839 { 840 840 + const jpeg_decompress_struct* cinfo = &sp->libjpeg_jpeg_decompress_struct; 841 841 + int width = 0; 842 842 + int last_col_width = 0; 843 843 + int jpeg_bytes; 844 844 + int expected_bytes; 845 845 + int i; 846 846 + if (cinfo->MCUs_per_row == 0) 847 847 + { 848 848 + sp->error_in_raw_data_decoding = 1; 849 849 + return 0; 850 850 + } 851 851 + for (i = 0; i < cinfo->comps_in_scan; ++i) 852 852 + { 853 853 + const jpeg_component_info* info = cinfo->cur_comp_info[i]; 854 854 + #if JPEG_LIB_VERSION >= 70 855 855 + width += info->MCU_width * info->DCT_h_scaled_size; 856 856 + last_col_width += info->last_col_width * info->DCT_h_scaled_size; 857 857 + #else 858 858 + width += info->MCU_width * info->DCT_scaled_size; 859 859 + last_col_width += info->last_col_width * info->DCT_scaled_size; 860 860 + #endif 861 861 + } 862 862 + jpeg_bytes = (cinfo->MCUs_per_row - 1) * width + last_col_width; 863 863 + expected_bytes = sp->subsampling_convert_clinelenout * sp->subsampling_ver * sp->subsampling_hor; 864 864 + if (jpeg_bytes != expected_bytes) 865 865 + { 866 866 + TIFFErrorExt(tif->tif_clientdata,module,"Inconsistent number of MCU in codestream"); 867 867 + sp->error_in_raw_data_decoding = 1; 868 868 + return(0); 869 869 + } 834 870 if (jpeg_read_raw_data_encap(sp,&(sp->libjpeg_jpeg_decompress_struct),sp->subsampling_convert_ycbcrimage,sp->subsampling_ver*8)==0) 871 871 + { 872 872 + sp->error_in_raw_data_decoding = 1; 835 873 return(0); 874 874 + } 836 875 } 837 876 oy=sp->subsampling_convert_ybuf+sp->subsampling_convert_state*sp->subsampling_ver*sp->subsampling_convert_ylinelen; 838 877 ocb=sp->subsampling_convert_cbbuf+sp->subsampling_convert_state*sp->subsampling_convert_clinelen; ··· 990 1029 OJPEGState* sp=(OJPEGState*)tif->tif_data; 991 1030 uint8 mh; 992 1031 uint8 mv; 993 993 - _TIFFFillStriles( tif ); 994 1032 995 1033 assert(sp->subsamplingcorrect_done==0); 996 1034 if ((tif->tif_dir.td_samplesperpixel!=3) || ((tif->tif_dir.td_photometric!=PHOTOMETRIC_YCBCR) && ··· 1046 1084 assert(sp->readheader_done==0); 1047 1085 sp->image_width=tif->tif_dir.td_imagewidth; 1048 1086 sp->image_length=tif->tif_dir.td_imagelength; 1049 1049 - if isTiled(tif) 1087 1087 + if (isTiled(tif)) 1050 1088 { 1051 1089 sp->strile_width=tif->tif_dir.td_tilewidth; 1052 1090 sp->strile_length=tif->tif_dir.td_tilelength; ··· 1082 1120 } 1083 1121 if (sp->strile_length<sp->image_length) 1084 1122 { 1123 1123 + if (((sp->subsampling_hor!=1) && (sp->subsampling_hor!=2) && (sp->subsampling_hor!=4)) || 1124 1124 + ((sp->subsampling_ver!=1) && (sp->subsampling_ver!=2) && (sp->subsampling_ver!=4))) 1125 1125 + { 1126 1126 + TIFFErrorExt(tif->tif_clientdata,module,"Invalid subsampling values"); 1127 1127 + return(0); 1128 1128 + } 1085 1129 if (sp->strile_length%(sp->subsampling_ver*8)!=0) 1086 1130 { 1087 1131 TIFFErrorExt(tif->tif_clientdata,module,"Incompatible vertical subsampling and image strip/tile length"); ··· 1197 1241 sp->subsampling_convert_ybuflen=sp->subsampling_convert_ylinelen*sp->subsampling_convert_ylines; 1198 1242 sp->subsampling_convert_cbuflen=sp->subsampling_convert_clinelen*sp->subsampling_convert_clines; 1199 1243 sp->subsampling_convert_ycbcrbuflen=sp->subsampling_convert_ybuflen+2*sp->subsampling_convert_cbuflen; 1200 1200 - sp->subsampling_convert_ycbcrbuf=_TIFFmalloc(sp->subsampling_convert_ycbcrbuflen); 1244 1244 + /* The calloc is not normally necessary, except in some edge/broken cases */ 1245 1245 + /* for example for a tiled image of height 1 with a tile height of 1 and subsampling_hor=subsampling_ver=2 */ 1246 1246 + /* In that case, libjpeg will only fill the 8 first lines of the 16 lines */ 1247 1247 + /* See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16844 */ 1248 1248 + /* Even if this case is allowed (?), its handling is broken because OJPEGPreDecode() should also likely */ 1249 1249 + /* reset subsampling_convert_state to 0 when changing tile. */ 1250 1250 + sp->subsampling_convert_ycbcrbuf=_TIFFcalloc(1, sp->subsampling_convert_ycbcrbuflen); 1201 1251 if (sp->subsampling_convert_ycbcrbuf==0) 1202 1252 { 1203 1253 TIFFErrorExt(tif->tif_clientdata,module,"Out of memory"); ··· 1223 1273 *m++=sp->subsampling_convert_cbbuf+n*sp->subsampling_convert_clinelen; 1224 1274 for (n=0; n<sp->subsampling_convert_clines; n++) 1225 1275 *m++=sp->subsampling_convert_crbuf+n*sp->subsampling_convert_clinelen; 1226 1226 - sp->subsampling_convert_clinelenout=((sp->strile_width+sp->subsampling_hor-1)/sp->subsampling_hor); 1276 1276 + sp->subsampling_convert_clinelenout=sp->strile_width/sp->subsampling_hor + ((sp->strile_width % sp->subsampling_hor) != 0 ? 1 : 0); 1227 1277 sp->subsampling_convert_state=0; 1278 1278 + sp->error_in_raw_data_decoding=0; 1228 1279 sp->bytes_per_line=sp->subsampling_convert_clinelenout*(sp->subsampling_ver*sp->subsampling_hor+2); 1229 1229 - sp->lines_per_strile=((sp->strile_length+sp->subsampling_ver-1)/sp->subsampling_ver); 1280 1280 + sp->lines_per_strile=sp->strile_length/sp->subsampling_ver + ((sp->strile_length % sp->subsampling_ver) != 0 ? 1 : 0); 1230 1281 sp->subsampling_convert_log=1; 1231 1282 } 1232 1283 } ··· 1272 1323 } 1273 1324 else 1274 1325 { 1275 1275 - if ((sp->jpeg_interchange_format_length==0) || (sp->jpeg_interchange_format+sp->jpeg_interchange_format_length>sp->file_size)) 1326 1326 + if ((sp->jpeg_interchange_format_length==0) || 1327 1327 + (sp->jpeg_interchange_format > TIFF_UINT64_MAX - sp->jpeg_interchange_format_length) || 1328 1328 + (sp->jpeg_interchange_format+sp->jpeg_interchange_format_length>sp->file_size)) 1276 1329 sp->jpeg_interchange_format_length=sp->file_size-sp->jpeg_interchange_format; 1277 1330 } 1278 1331 } ··· 1989 2042 sp->in_buffer_source=osibsStrile; 1990 2043 break; 1991 2044 case osibsStrile: 1992 1992 - if (!_TIFFFillStriles( sp->tif ) 1993 1993 - || sp->tif->tif_dir.td_stripoffset == NULL 1994 1994 - || sp->tif->tif_dir.td_stripbytecount == NULL) 1995 1995 - return 0; 1996 1996 - 1997 2045 if (sp->in_buffer_next_strile==sp->in_buffer_strile_count) 1998 2046 sp->in_buffer_source=osibsEof; 1999 2047 else 2000 2048 { 2001 2001 - sp->in_buffer_file_pos=sp->tif->tif_dir.td_stripoffset[sp->in_buffer_next_strile]; 2049 2049 + int err = 0; 2050 2050 + sp->in_buffer_file_pos=TIFFGetStrileOffsetWithErr(sp->tif, sp->in_buffer_next_strile, &err); 2051 2051 + if( err ) 2052 2052 + return 0; 2002 2053 if (sp->in_buffer_file_pos!=0) 2003 2054 { 2055 2055 + uint64 bytecount = TIFFGetStrileByteCountWithErr(sp->tif, sp->in_buffer_next_strile, &err); 2056 2056 + if( err ) 2057 2057 + return 0; 2004 2058 if (sp->in_buffer_file_pos>=sp->file_size) 2005 2059 sp->in_buffer_file_pos=0; 2006 2006 - else if (sp->tif->tif_dir.td_stripbytecount==NULL) 2060 2060 + else if (bytecount==0) 2007 2061 sp->in_buffer_file_togo=sp->file_size-sp->in_buffer_file_pos; 2008 2062 else 2009 2063 { 2010 2010 - if (sp->tif->tif_dir.td_stripbytecount == 0) { 2011 2011 - TIFFErrorExt(sp->tif->tif_clientdata,sp->tif->tif_name,"Strip byte counts are missing"); 2012 2012 - return(0); 2013 2013 - } 2014 2014 - sp->in_buffer_file_togo=sp->tif->tif_dir.td_stripbytecount[sp->in_buffer_next_strile]; 2064 2064 + sp->in_buffer_file_togo=bytecount; 2015 2065 if (sp->in_buffer_file_togo==0) 2016 2066 sp->in_buffer_file_pos=0; 2017 2017 - else if (sp->in_buffer_file_pos+sp->in_buffer_file_togo>sp->file_size) 2067 2067 + else if (sp->in_buffer_file_pos > TIFF_UINT64_MAX - sp->in_buffer_file_togo || 2068 2068 + sp->in_buffer_file_pos+sp->in_buffer_file_togo>sp->file_size) 2018 2069 sp->in_buffer_file_togo=sp->file_size-sp->in_buffer_file_pos; 2019 2070 } 2020 2071 }

+18 -1

dll/3rdparty/libtiff/tif_open.c

··· 25 25 /* 26 26 * TIFF Library. 27 27 */ 28 28 - 29 28 #include <precomp.h> 30 29 31 30 /* ··· 132 131 if (!readproc || !writeproc || !seekproc || !closeproc || !sizeproc) { 133 132 TIFFErrorExt(clientdata, module, 134 133 "One of the client procedures is NULL pointer."); 134 134 + _TIFFfree(tif); 135 135 goto bad2; 136 136 } 137 137 tif->tif_readproc = readproc; ··· 182 182 * 'h' read TIFF header only, do not load the first IFD 183 183 * '4' ClassicTIFF for creating a file (default) 184 184 * '8' BigTIFF for creating a file 185 185 + * 'D' enable use of deferred strip/tile offset/bytecount array loading. 186 186 + * 'O' on-demand loading of values instead of whole array loading (implies D) 185 187 * 186 188 * The use of the 'l' and 'b' flags is strongly discouraged. 187 189 * These flags are provided solely because numerous vendors, ··· 263 265 if (m&O_CREAT) 264 266 tif->tif_flags |= TIFF_BIGTIFF; 265 267 break; 268 268 + case 'D': 269 269 + tif->tif_flags |= TIFF_DEFERSTRILELOAD; 270 270 + break; 271 271 + case 'O': 272 272 + if( m == O_RDONLY ) 273 273 + tif->tif_flags |= (TIFF_LAZYSTRILELOAD | TIFF_DEFERSTRILELOAD); 274 274 + break; 266 275 } 276 276 + 277 277 + #ifdef DEFER_STRILE_LOAD 278 278 + /* Compatibility with old DEFER_STRILE_LOAD compilation flag */ 279 279 + /* Probably unneeded, since to the best of my knowledge (E. Rouault) */ 280 280 + /* GDAL was the only user of this, and will now use the new 'D' flag */ 281 281 + tif->tif_flags |= TIFF_DEFERSTRILELOAD; 282 282 + #endif 283 283 + 267 284 /* 268 285 * Read in TIFF header. 269 286 */

-1

dll/3rdparty/libtiff/tif_packbits.c

··· 23 23 */ 24 24 25 25 #include <precomp.h> 26 26 - 27 26 #ifdef PACKBITS_SUPPORT 28 27 /* 29 28 * TIFF Library.

+6 -12

dll/3rdparty/libtiff/tif_pixarlog.c

··· 90 90 #include "tif_predict.h" 91 91 #include "zlib.h" 92 92 93 93 - //#include <stdio.h> 94 94 - //#include <stdlib.h> 93 93 + #include <stdio.h> 94 94 + #include <stdlib.h> 95 95 #include <math.h> 96 96 97 97 /* Tables for converting to/from 11 bit coded values */ ··· 634 634 return guess; 635 635 } 636 636 637 637 - #define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) 638 638 - #define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) 639 639 - 640 637 static tmsize_t 641 638 multiply_ms(tmsize_t m1, tmsize_t m2) 642 639 { 643 643 - if( m1 == 0 || m2 > TIFF_TMSIZE_T_MAX / m1 ) 644 644 - return 0; 645 645 - return m1 * m2; 640 640 + return _TIFFMultiplySSize(NULL, m1, m2, NULL); 646 641 } 647 642 648 643 static tmsize_t 649 644 add_ms(tmsize_t m1, tmsize_t m2) 650 645 { 646 646 + assert(m1 >= 0 && m2 >= 0); 651 647 /* if either input is zero, assume overflow already occurred */ 652 648 if (m1 == 0 || m2 == 0) 653 649 return 0; ··· 817 813 TIFFErrorExt(tif->tif_clientdata, module, 818 814 "Decoding error at scanline %lu, %s", 819 815 (unsigned long) tif->tif_row, sp->stream.msg ? sp->stream.msg : "(null)"); 820 820 - if (inflateSync(&sp->stream) != Z_OK) 821 821 - return (0); 822 822 - continue; 816 816 + return (0); 823 817 } 824 818 if (state != Z_OK) { 825 819 TIFFErrorExt(tif->tif_clientdata, module, "ZLib error: %s", ··· 1153 1147 1154 1148 llen = sp->stride * td->td_imagewidth; 1155 1149 /* Check against the number of elements (of size uint16) of sp->tbuf */ 1156 1156 - if( n > (tmsize_t)(td->td_rowsperstrip * llen) ) 1150 1150 + if( n > ((tmsize_t)td->td_rowsperstrip * llen) ) 1157 1151 { 1158 1152 TIFFErrorExt(tif->tif_clientdata, module, 1159 1153 "Too many input bytes provided");

+4 -7

dll/3rdparty/libtiff/tif_print.c

··· 27 27 * 28 28 * Directory Printing Support 29 29 */ 30 30 - 31 30 #include <precomp.h> 32 31 //#include <stdio.h> 33 32 ··· 653 652 if (tif->tif_tagmethods.printdir) 654 653 (*tif->tif_tagmethods.printdir)(tif, fd, flags); 655 654 656 656 - _TIFFFillStriles( tif ); 657 657 - 658 655 if ((flags & TIFFPRINT_STRIPS) && 659 656 TIFFFieldSet(tif,FIELD_STRIPOFFSETS)) { 660 657 uint32 s; ··· 666 663 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 667 664 fprintf(fd, " %3lu: [%8I64u, %8I64u]\n", 668 665 (unsigned long) s, 669 669 - td->td_stripoffset ? (unsigned __int64) td->td_stripoffset[s] : 0, 670 670 - td->td_stripbytecount ? (unsigned __int64) td->td_stripbytecount[s] : 0); 666 666 + (unsigned __int64) TIFFGetStrileOffset(tif, s), 667 667 + (unsigned __int64) TIFFGetStrileByteCount(tif, s)); 671 668 #else 672 669 fprintf(fd, " %3lu: [%8llu, %8llu]\n", 673 670 (unsigned long) s, 674 674 - td->td_stripoffset ? (unsigned long long) td->td_stripoffset[s] : 0, 675 675 - td->td_stripbytecount ? (unsigned long long) td->td_stripbytecount[s] : 0); 671 671 + (unsigned long long) TIFFGetStrileOffset(tif, s), 672 672 + (unsigned long long) TIFFGetStrileByteCount(tif, s)); 676 673 #endif 677 674 } 678 675 }

+163 -93

dll/3rdparty/libtiff/tif_read.c

··· 29 29 #include <precomp.h> 30 30 //#include <stdio.h> 31 31 32 32 - #define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) 33 33 - #define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) 34 34 - 35 32 int TIFFFillStrip(TIFF* tif, uint32 strip); 36 33 int TIFFFillTile(TIFF* tif, uint32 tile); 37 34 static int TIFFStartStrip(TIFF* tif, uint32 strip); ··· 49 46 #define THRESHOLD_MULTIPLIER 10 50 47 #define MAX_THRESHOLD (THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * THRESHOLD_MULTIPLIER * INITIAL_THRESHOLD) 51 48 49 49 + #define TIFF_INT64_MAX ((((int64)0x7FFFFFFF) << 32) | 0xFFFFFFFF) 50 50 + 52 51 /* Read 'size' bytes in tif_rawdata buffer starting at offset 'rawdata_offset' 53 52 * Returns 1 in case of success, 0 otherwise. */ 54 53 static int TIFFReadAndRealloc( TIFF* tif, tmsize_t size, ··· 61 60 #endif 62 61 tmsize_t already_read = 0; 63 62 63 63 + 64 64 + #if SIZEOF_SIZE_T != 8 65 65 + /* On 32 bit processes, if the request is large enough, check against */ 66 66 + /* file size */ 67 67 + if( size > 1000 * 1000 * 1000 ) 68 68 + { 69 69 + uint64 filesize = TIFFGetFileSize(tif); 70 70 + if( (uint64)size >= filesize ) 71 71 + { 72 72 + TIFFErrorExt(tif->tif_clientdata, module, 73 73 + "Chunk size requested is larger than file size."); 74 74 + return 0; 75 75 + } 76 76 + } 77 77 + #endif 78 78 + 64 79 /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */ 65 80 /* so as to avoid allocating too much memory in case the file is too */ 66 81 /* short. We could ask for the file size, but this might be */ ··· 102 117 return 0; 103 118 } 104 119 tif->tif_rawdata = new_rawdata; 120 120 + } 121 121 + if( tif->tif_rawdata == NULL ) 122 122 + { 123 123 + /* should not happen in practice but helps CoverityScan */ 124 124 + return 0; 105 125 } 106 126 107 127 bytes_read = TIFFReadFile(tif, ··· 170 190 tmsize_t to_read; 171 191 tmsize_t read_ahead_mod; 172 192 /* tmsize_t bytecountm; */ 173 173 - 174 174 - if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 175 175 - return 0; 176 176 - 193 193 + 177 194 /* 178 195 * Expand raw data buffer, if needed, to hold data 179 196 * strip coming from file (perhaps should set upper 180 197 * bound on the size of a buffer we'll use?). 181 198 */ 182 199 183 183 - /* bytecountm=(tmsize_t) td->td_stripbytecount[strip]; */ 200 200 + /* bytecountm=(tmsize_t) TIFFGetStrileByteCount(tif, strip); */ 184 201 185 202 /* Not completely sure where the * 2 comes from, but probably for */ 186 203 /* an exponentional growth strategy of tif_rawdatasize */ ··· 224 241 /* 225 242 ** Seek to the point in the file where more data should be read. 226 243 */ 227 227 - read_offset = td->td_stripoffset[strip] 244 244 + read_offset = TIFFGetStrileOffset(tif, strip) 228 245 + tif->tif_rawdataoff + tif->tif_rawdataloaded; 229 246 230 247 if (!SeekOK(tif, read_offset)) { ··· 241 258 to_read = read_ahead_mod - unused_data; 242 259 else 243 260 to_read = tif->tif_rawdatasize - unused_data; 244 244 - if( (uint64) to_read > td->td_stripbytecount[strip] 261 261 + if( (uint64) to_read > TIFFGetStrileByteCount(tif, strip) 245 262 - tif->tif_rawdataoff - tif->tif_rawdataloaded ) 246 263 { 247 247 - to_read = (tmsize_t) td->td_stripbytecount[strip] 264 264 + to_read = (tmsize_t) TIFFGetStrileByteCount(tif, strip) 248 265 - tif->tif_rawdataoff - tif->tif_rawdataloaded; 249 266 } 250 267 ··· 283 300 /* For JPEG, if there are multiple scans (can generally be known */ 284 301 /* with the read_ahead used), we need to read the whole strip */ 285 302 if( tif->tif_dir.td_compression==COMPRESSION_JPEG && 286 286 - (uint64)tif->tif_rawcc < td->td_stripbytecount[strip] ) 303 303 + (uint64)tif->tif_rawcc < TIFFGetStrileByteCount(tif, strip) ) 287 304 { 288 305 if( TIFFJPEGIsFullStripRequired(tif) ) 289 306 { ··· 342 359 * read it a few lines at a time? 343 360 */ 344 361 #if defined(CHUNKY_STRIP_READ_SUPPORT) 345 345 - if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 346 346 - return 0; 347 347 - whole_strip = tif->tif_dir.td_stripbytecount[strip] < 10 362 362 + whole_strip = TIFFGetStrileByteCount(tif, strip) < 10 348 363 || isMapped(tif); 349 364 if( td->td_compression == COMPRESSION_LERC || 350 365 td->td_compression == COMPRESSION_JBIG ) ··· 397 412 else if( !whole_strip ) 398 413 { 399 414 if( ((tif->tif_rawdata + tif->tif_rawdataloaded) - tif->tif_rawcp) < read_ahead 400 400 - && (uint64) tif->tif_rawdataoff+tif->tif_rawdataloaded < td->td_stripbytecount[strip] ) 415 415 + && (uint64) tif->tif_rawdataoff+tif->tif_rawdataloaded < TIFFGetStrileByteCount(tif, strip) ) 401 416 { 402 417 if( !TIFFFillStripPartial(tif,strip,read_ahead,0) ) 403 418 return 0; ··· 594 609 TIFFReadRawStrip1(TIFF* tif, uint32 strip, void* buf, tmsize_t size, 595 610 const char* module) 596 611 { 597 597 - TIFFDirectory *td = &tif->tif_dir; 598 598 - 599 599 - if (!_TIFFFillStriles( tif )) 600 600 - return ((tmsize_t)(-1)); 601 601 - 602 612 assert((tif->tif_flags&TIFF_NOREADRAW)==0); 603 613 if (!isMapped(tif)) { 604 614 tmsize_t cc; 605 615 606 606 - if (!SeekOK(tif, td->td_stripoffset[strip])) { 616 616 + if (!SeekOK(tif, TIFFGetStrileOffset(tif, strip))) { 607 617 TIFFErrorExt(tif->tif_clientdata, module, 608 618 "Seek error at scanline %lu, strip %lu", 609 619 (unsigned long) tif->tif_row, (unsigned long) strip); ··· 629 639 } else { 630 640 tmsize_t ma = 0; 631 641 tmsize_t n; 632 632 - if ((td->td_stripoffset[strip] > (uint64)TIFF_TMSIZE_T_MAX)|| 633 633 - ((ma=(tmsize_t)td->td_stripoffset[strip])>tif->tif_size)) 642 642 + if ((TIFFGetStrileOffset(tif, strip) > (uint64)TIFF_TMSIZE_T_MAX)|| 643 643 + ((ma=(tmsize_t)TIFFGetStrileOffset(tif, strip))>tif->tif_size)) 634 644 { 635 645 n=0; 636 646 } ··· 674 684 TIFFReadRawStripOrTile2(TIFF* tif, uint32 strip_or_tile, int is_strip, 675 685 tmsize_t size, const char* module) 676 686 { 677 677 - TIFFDirectory *td = &tif->tif_dir; 678 678 - 679 687 assert( !isMapped(tif) ); 680 688 assert((tif->tif_flags&TIFF_NOREADRAW)==0); 681 689 682 682 - if (!SeekOK(tif, td->td_stripoffset[strip_or_tile])) { 690 690 + if (!SeekOK(tif, TIFFGetStrileOffset(tif, strip_or_tile))) { 683 691 if( is_strip ) 684 692 { 685 693 TIFFErrorExt(tif->tif_clientdata, module, ··· 715 723 { 716 724 static const char module[] = "TIFFReadRawStrip"; 717 725 TIFFDirectory *td = &tif->tif_dir; 718 718 - uint64 bytecount; 726 726 + uint64 bytecount64; 719 727 tmsize_t bytecountm; 720 728 721 729 if (!TIFFCheckRead(tif, 0)) ··· 733 741 "Compression scheme does not support access to raw uncompressed data"); 734 742 return ((tmsize_t)(-1)); 735 743 } 736 736 - bytecount = td->td_stripbytecount[strip]; 737 737 - if ((int64)bytecount <= 0) { 738 738 - #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 739 739 - TIFFErrorExt(tif->tif_clientdata, module, 740 740 - "%I64u: Invalid strip byte count, strip %lu", 741 741 - (unsigned __int64) bytecount, 742 742 - (unsigned long) strip); 743 743 - #else 744 744 - TIFFErrorExt(tif->tif_clientdata, module, 745 745 - "%llu: Invalid strip byte count, strip %lu", 746 746 - (unsigned long long) bytecount, 747 747 - (unsigned long) strip); 748 748 - #endif 749 749 - return ((tmsize_t)(-1)); 750 750 - } 751 751 - bytecountm = (tmsize_t)bytecount; 752 752 - if ((uint64)bytecountm!=bytecount) { 753 753 - TIFFErrorExt(tif->tif_clientdata, module, "Integer overflow"); 744 744 + bytecount64 = TIFFGetStrileByteCount(tif, strip); 745 745 + if (size != (tmsize_t)(-1) && (uint64)size <= bytecount64) 746 746 + bytecountm = size; 747 747 + else 748 748 + bytecountm = _TIFFCastUInt64ToSSize(tif, bytecount64, module); 749 749 + if( bytecountm == 0 ) { 754 750 return ((tmsize_t)(-1)); 755 751 } 756 756 - if (size != (tmsize_t)(-1) && size < bytecountm) 757 757 - bytecountm = size; 758 752 return (TIFFReadRawStrip1(tif, strip, buf, bytecountm, module)); 753 753 + } 754 754 + 755 755 + TIFF_NOSANITIZE_UNSIGNED_INT_OVERFLOW 756 756 + static uint64 NoSantizeSubUInt64(uint64 a, uint64 b) 757 757 + { 758 758 + return a - b; 759 759 } 760 760 761 761 /* ··· 768 768 static const char module[] = "TIFFFillStrip"; 769 769 TIFFDirectory *td = &tif->tif_dir; 770 770 771 771 - if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 772 772 - return 0; 773 773 - 774 771 if ((tif->tif_flags&TIFF_NOREADRAW)==0) 775 772 { 776 776 - uint64 bytecount = td->td_stripbytecount[strip]; 777 777 - if ((int64)bytecount <= 0) { 773 773 + uint64 bytecount = TIFFGetStrileByteCount(tif, strip); 774 774 + if( bytecount == 0 || bytecount > (uint64)TIFF_INT64_MAX ) { 778 775 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 779 776 TIFFErrorExt(tif->tif_clientdata, module, 780 777 "Invalid strip byte count %I64u, strip %lu", ··· 801 798 (bytecount - 4096) / 10 > (uint64)stripsize ) 802 799 { 803 800 uint64 newbytecount = (uint64)stripsize * 10 + 4096; 804 804 - if( (int64)newbytecount >= 0 ) 801 801 + if( newbytecount == 0 || newbytecount > (uint64)TIFF_INT64_MAX ) 805 802 { 806 803 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 807 804 TIFFWarningExt(tif->tif_clientdata, module, ··· 826 823 * We must check for overflow, potentially causing 827 824 * an OOB read. Instead of simple 828 825 * 829 829 - * td->td_stripoffset[strip]+bytecount > tif->tif_size 826 826 + * TIFFGetStrileOffset(tif, strip)+bytecount > tif->tif_size 830 827 * 831 828 * comparison (which can overflow) we do the following 832 829 * two comparisons: 833 830 */ 834 831 if (bytecount > (uint64)tif->tif_size || 835 835 - td->td_stripoffset[strip] > (uint64)tif->tif_size - bytecount) { 832 832 + TIFFGetStrileOffset(tif, strip) > (uint64)tif->tif_size - bytecount) { 836 833 /* 837 834 * This error message might seem strange, but 838 835 * it's what would happen if a read were done ··· 844 841 "Read error on strip %lu; " 845 842 "got %I64u bytes, expected %I64u", 846 843 (unsigned long) strip, 847 847 - (unsigned __int64) tif->tif_size - td->td_stripoffset[strip], 844 844 + (unsigned __int64) NoSantizeSubUInt64(tif->tif_size, TIFFGetStrileOffset(tif, strip)), 848 845 (unsigned __int64) bytecount); 849 846 #else 850 847 TIFFErrorExt(tif->tif_clientdata, module, ··· 852 849 "Read error on strip %lu; " 853 850 "got %llu bytes, expected %llu", 854 851 (unsigned long) strip, 855 855 - (unsigned long long) tif->tif_size - td->td_stripoffset[strip], 852 852 + (unsigned long long) NoSantizeSubUInt64(tif->tif_size, TIFFGetStrileOffset(tif, strip)), 856 853 (unsigned long long) bytecount); 857 854 #endif 858 855 tif->tif_curstrip = NOSTRIP; ··· 881 878 } 882 879 tif->tif_flags &= ~TIFF_MYBUFFER; 883 880 tif->tif_rawdatasize = (tmsize_t)bytecount; 884 884 - tif->tif_rawdata = tif->tif_base + (tmsize_t)td->td_stripoffset[strip]; 881 881 + tif->tif_rawdata = tif->tif_base + (tmsize_t)TIFFGetStrileOffset(tif, strip); 885 882 tif->tif_rawdataoff = 0; 886 883 tif->tif_rawdataloaded = (tmsize_t) bytecount; 887 884 ··· 1096 1093 static tmsize_t 1097 1094 TIFFReadRawTile1(TIFF* tif, uint32 tile, void* buf, tmsize_t size, const char* module) 1098 1095 { 1099 1099 - TIFFDirectory *td = &tif->tif_dir; 1100 1100 - 1101 1101 - if (!_TIFFFillStriles( tif )) 1102 1102 - return ((tmsize_t)(-1)); 1103 1103 - 1104 1096 assert((tif->tif_flags&TIFF_NOREADRAW)==0); 1105 1097 if (!isMapped(tif)) { 1106 1098 tmsize_t cc; 1107 1099 1108 1108 - if (!SeekOK(tif, td->td_stripoffset[tile])) { 1100 1100 + if (!SeekOK(tif, TIFFGetStrileOffset(tif, tile))) { 1109 1101 TIFFErrorExt(tif->tif_clientdata, module, 1110 1102 "Seek error at row %lu, col %lu, tile %lu", 1111 1103 (unsigned long) tif->tif_row, ··· 1135 1127 } else { 1136 1128 tmsize_t ma,mb; 1137 1129 tmsize_t n; 1138 1138 - ma=(tmsize_t)td->td_stripoffset[tile]; 1130 1130 + ma=(tmsize_t)TIFFGetStrileOffset(tif, tile); 1139 1131 mb=ma+size; 1140 1140 - if ((td->td_stripoffset[tile] > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size)) 1132 1132 + if ((TIFFGetStrileOffset(tif, tile) > (uint64)TIFF_TMSIZE_T_MAX)||(ma>tif->tif_size)) 1141 1133 n=0; 1142 1134 else if ((mb<ma)||(mb<size)||(mb>tif->tif_size)) 1143 1135 n=tif->tif_size-ma; ··· 1193 1185 "Compression scheme does not support access to raw uncompressed data"); 1194 1186 return ((tmsize_t)(-1)); 1195 1187 } 1196 1196 - bytecount64 = td->td_stripbytecount[tile]; 1197 1197 - if (size != (tmsize_t)(-1) && (uint64)size < bytecount64) 1198 1198 - bytecount64 = (uint64)size; 1199 1199 - bytecountm = (tmsize_t)bytecount64; 1200 1200 - if ((uint64)bytecountm!=bytecount64) 1201 1201 - { 1202 1202 - TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 1188 1188 + bytecount64 = TIFFGetStrileByteCount(tif, tile); 1189 1189 + if (size != (tmsize_t)(-1) && (uint64)size <= bytecount64) 1190 1190 + bytecountm = size; 1191 1191 + else 1192 1192 + bytecountm = _TIFFCastUInt64ToSSize(tif, bytecount64, module); 1193 1193 + if( bytecountm == 0 ) { 1203 1194 return ((tmsize_t)(-1)); 1204 1195 } 1205 1196 return (TIFFReadRawTile1(tif, tile, buf, bytecountm, module)); ··· 1215 1206 static const char module[] = "TIFFFillTile"; 1216 1207 TIFFDirectory *td = &tif->tif_dir; 1217 1208 1218 1218 - if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 1219 1219 - return 0; 1220 1220 - 1221 1209 if ((tif->tif_flags&TIFF_NOREADRAW)==0) 1222 1210 { 1223 1223 - uint64 bytecount = td->td_stripbytecount[tile]; 1224 1224 - if ((int64)bytecount <= 0) { 1211 1211 + uint64 bytecount = TIFFGetStrileByteCount(tif, tile); 1212 1212 + if( bytecount == 0 || bytecount > (uint64)TIFF_INT64_MAX ) { 1225 1213 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 1226 1214 TIFFErrorExt(tif->tif_clientdata, module, 1227 1215 "%I64u: Invalid tile byte count, tile %lu", ··· 1248 1236 (bytecount - 4096) / 10 > (uint64)stripsize ) 1249 1237 { 1250 1238 uint64 newbytecount = (uint64)stripsize * 10 + 4096; 1251 1251 - if( (int64)newbytecount >= 0 ) 1239 1239 + if( newbytecount == 0 || newbytecount > (uint64)TIFF_INT64_MAX ) 1252 1240 { 1253 1241 #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__)) 1254 1242 TIFFWarningExt(tif->tif_clientdata, module, ··· 1273 1261 * We must check for overflow, potentially causing 1274 1262 * an OOB read. Instead of simple 1275 1263 * 1276 1276 - * td->td_stripoffset[tile]+bytecount > tif->tif_size 1264 1264 + * TIFFGetStrileOffset(tif, tile)+bytecount > tif->tif_size 1277 1265 * 1278 1266 * comparison (which can overflow) we do the following 1279 1267 * two comparisons: 1280 1268 */ 1281 1269 if (bytecount > (uint64)tif->tif_size || 1282 1282 - td->td_stripoffset[tile] > (uint64)tif->tif_size - bytecount) { 1270 1270 + TIFFGetStrileOffset(tif, tile) > (uint64)tif->tif_size - bytecount) { 1283 1271 tif->tif_curtile = NOTILE; 1284 1272 return (0); 1285 1273 } ··· 1308 1296 1309 1297 tif->tif_rawdatasize = (tmsize_t)bytecount; 1310 1298 tif->tif_rawdata = 1311 1311 - tif->tif_base + (tmsize_t)td->td_stripoffset[tile]; 1299 1299 + tif->tif_base + (tmsize_t)TIFFGetStrileOffset(tif, tile); 1312 1300 tif->tif_rawdataoff = 0; 1313 1301 tif->tif_rawdataloaded = (tmsize_t) bytecount; 1314 1302 tif->tif_flags |= TIFF_BUFFERMMAP; ··· 1367 1355 tif->tif_rawdataoff = 0; 1368 1356 tif->tif_rawdataloaded = bytecountm; 1369 1357 1370 1370 - if (!isFillOrder(tif, td->td_fillorder) && 1358 1358 + if (tif->tif_rawdata != NULL && 1359 1359 + !isFillOrder(tif, td->td_fillorder) && 1371 1360 (tif->tif_flags & TIFF_NOBITREV) == 0) 1372 1361 TIFFReverseBits(tif->tif_rawdata, 1373 1362 tif->tif_rawdataloaded); ··· 1433 1422 TIFFStartStrip(TIFF* tif, uint32 strip) 1434 1423 { 1435 1424 TIFFDirectory *td = &tif->tif_dir; 1436 1436 - 1437 1437 - if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 1438 1438 - return 0; 1439 1425 1440 1426 if ((tif->tif_flags & TIFF_CODERSETUP) == 0) { 1441 1427 if (!(*tif->tif_setupdecode)(tif)) ··· 1457 1443 if( tif->tif_rawdataloaded > 0 ) 1458 1444 tif->tif_rawcc = tif->tif_rawdataloaded; 1459 1445 else 1460 1460 - tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[strip]; 1446 1446 + tif->tif_rawcc = (tmsize_t)TIFFGetStrileByteCount(tif, strip); 1461 1447 } 1462 1448 return ((*tif->tif_predecode)(tif, 1463 1449 (uint16)(strip / td->td_stripsperimage))); ··· 1474 1460 TIFFDirectory *td = &tif->tif_dir; 1475 1461 uint32 howmany32; 1476 1462 1477 1477 - if (!_TIFFFillStriles( tif ) || !tif->tif_dir.td_stripbytecount) 1478 1478 - return 0; 1479 1479 - 1480 1463 if ((tif->tif_flags & TIFF_CODERSETUP) == 0) { 1481 1464 if (!(*tif->tif_setupdecode)(tif)) 1482 1465 return (0); ··· 1507 1490 if( tif->tif_rawdataloaded > 0 ) 1508 1491 tif->tif_rawcc = tif->tif_rawdataloaded; 1509 1492 else 1510 1510 - tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[tile]; 1493 1493 + tif->tif_rawcc = (tmsize_t)TIFFGetStrileByteCount(tif, tile); 1511 1494 } 1512 1495 return ((*tif->tif_predecode)(tif, 1513 1496 (uint16)(tile/td->td_stripsperimage))); ··· 1522 1505 } 1523 1506 if (tiles ^ isTiled(tif)) { 1524 1507 TIFFErrorExt(tif->tif_clientdata, tif->tif_name, tiles ? 1525 1525 - "Can not read tiles from a stripped image" : 1508 1508 + "Can not read tiles from a striped image" : 1526 1509 "Can not read scanlines from a tiled image"); 1527 1510 return (0); 1528 1511 } 1529 1512 return (1); 1513 1513 + } 1514 1514 + 1515 1515 + /* Use the provided input buffer (inbuf, insize) and decompress it into 1516 1516 + * (outbuf, outsize). 1517 1517 + * This function replaces the use of TIFFReadEncodedStrip()/TIFFReadEncodedTile() 1518 1518 + * when the user can provide the buffer for the input data, for example when 1519 1519 + * he wants to avoid libtiff to read the strile offset/count values from the 1520 1520 + * [Strip|Tile][Offsets/ByteCounts] array. 1521 1521 + * inbuf content must be writable (if bit reversal is needed) 1522 1522 + * Returns 1 in case of success, 0 otherwise. 1523 1523 + */ 1524 1524 + int TIFFReadFromUserBuffer(TIFF* tif, uint32 strile, 1525 1525 + void* inbuf, tmsize_t insize, 1526 1526 + void* outbuf, tmsize_t outsize) 1527 1527 + { 1528 1528 + static const char module[] = "TIFFReadFromUserBuffer"; 1529 1529 + TIFFDirectory *td = &tif->tif_dir; 1530 1530 + int ret = 1; 1531 1531 + uint32 old_tif_flags = tif->tif_flags; 1532 1532 + tmsize_t old_rawdatasize = tif->tif_rawdatasize; 1533 1533 + void* old_rawdata = tif->tif_rawdata; 1534 1534 + 1535 1535 + if (tif->tif_mode == O_WRONLY) { 1536 1536 + TIFFErrorExt(tif->tif_clientdata, tif->tif_name, "File not open for reading"); 1537 1537 + return 0; 1538 1538 + } 1539 1539 + if (tif->tif_flags&TIFF_NOREADRAW) 1540 1540 + { 1541 1541 + TIFFErrorExt(tif->tif_clientdata, module, 1542 1542 + "Compression scheme does not support access to raw uncompressed data"); 1543 1543 + return 0; 1544 1544 + } 1545 1545 + 1546 1546 + tif->tif_flags &= ~TIFF_MYBUFFER; 1547 1547 + tif->tif_flags |= TIFF_BUFFERMMAP; 1548 1548 + tif->tif_rawdatasize = insize; 1549 1549 + tif->tif_rawdata = inbuf; 1550 1550 + tif->tif_rawdataoff = 0; 1551 1551 + tif->tif_rawdataloaded = insize; 1552 1552 + 1553 1553 + if (!isFillOrder(tif, td->td_fillorder) && 1554 1554 + (tif->tif_flags & TIFF_NOBITREV) == 0) 1555 1555 + { 1556 1556 + TIFFReverseBits(inbuf, insize); 1557 1557 + } 1558 1558 + 1559 1559 + if( TIFFIsTiled(tif) ) 1560 1560 + { 1561 1561 + if( !TIFFStartTile(tif, strile) || 1562 1562 + !(*tif->tif_decodetile)(tif, (uint8*) outbuf, outsize, 1563 1563 + (uint16)(strile/td->td_stripsperimage)) ) 1564 1564 + { 1565 1565 + ret = 0; 1566 1566 + } 1567 1567 + } 1568 1568 + else 1569 1569 + { 1570 1570 + uint32 rowsperstrip=td->td_rowsperstrip; 1571 1571 + uint32 stripsperplane; 1572 1572 + if (rowsperstrip>td->td_imagelength) 1573 1573 + rowsperstrip=td->td_imagelength; 1574 1574 + stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip); 1575 1575 + if( !TIFFStartStrip(tif, strile) || 1576 1576 + !(*tif->tif_decodestrip)(tif, (uint8*) outbuf, outsize, 1577 1577 + (uint16)(strile/stripsperplane)) ) 1578 1578 + { 1579 1579 + ret = 0; 1580 1580 + } 1581 1581 + } 1582 1582 + if( ret ) 1583 1583 + { 1584 1584 + (*tif->tif_postdecode)(tif, (uint8*) outbuf, outsize); 1585 1585 + } 1586 1586 + 1587 1587 + if (!isFillOrder(tif, td->td_fillorder) && 1588 1588 + (tif->tif_flags & TIFF_NOBITREV) == 0) 1589 1589 + { 1590 1590 + TIFFReverseBits(inbuf, insize); 1591 1591 + } 1592 1592 + 1593 1593 + tif->tif_flags = old_tif_flags; 1594 1594 + tif->tif_rawdatasize = old_rawdatasize; 1595 1595 + tif->tif_rawdata = old_rawdata; 1596 1596 + tif->tif_rawdataoff = 0; 1597 1597 + tif->tif_rawdataloaded = 0; 1598 1598 + 1599 1599 + return ret; 1530 1600 } 1531 1601 1532 1602 void

+5 -34

dll/3rdparty/libtiff/tif_strip.c

··· 27 27 * 28 28 * Strip-organized Image Support Routines. 29 29 */ 30 30 - 31 30 #include <precomp.h> 32 31 33 32 /* ··· 130 129 { 131 130 static const char module[] = "TIFFVStripSize"; 132 131 uint64 m; 133 133 - tmsize_t n; 134 132 m=TIFFVStripSize64(tif,nrows); 135 135 - n=(tmsize_t)m; 136 136 - if ((uint64)n!=m) 137 137 - { 138 138 - TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 139 139 - n=0; 140 140 - } 141 141 - return(n); 133 133 + return _TIFFCastUInt64ToSSize(tif, m, module); 142 134 } 143 135 144 136 /* ··· 148 140 TIFFRawStripSize64(TIFF* tif, uint32 strip) 149 141 { 150 142 static const char module[] = "TIFFRawStripSize64"; 151 151 - TIFFDirectory* td = &tif->tif_dir; 152 152 - uint64 bytecount = td->td_stripbytecount[strip]; 143 143 + uint64 bytecount = TIFFGetStrileByteCount(tif, strip); 153 144 154 145 if (bytecount == 0) 155 146 { ··· 212 203 { 213 204 static const char module[] = "TIFFStripSize"; 214 205 uint64 m; 215 215 - tmsize_t n; 216 206 m=TIFFStripSize64(tif); 217 217 - n=(tmsize_t)m; 218 218 - if ((uint64)n!=m) 219 219 - { 220 220 - TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 221 221 - n=0; 222 222 - } 223 223 - return(n); 207 207 + return _TIFFCastUInt64ToSSize(tif, m, module); 224 208 } 225 209 226 210 /* ··· 331 315 { 332 316 static const char module[] = "TIFFScanlineSize"; 333 317 uint64 m; 334 334 - tmsize_t n; 335 318 m=TIFFScanlineSize64(tif); 336 336 - n=(tmsize_t)m; 337 337 - if ((uint64)n!=m) { 338 338 - TIFFErrorExt(tif->tif_clientdata,module,"Integer arithmetic overflow"); 339 339 - n=0; 340 340 - } 341 341 - return(n); 319 319 + return _TIFFCastUInt64ToSSize(tif, m, module); 342 320 } 343 321 344 322 /* ··· 367 345 { 368 346 static const char module[] = "TIFFRasterScanlineSize"; 369 347 uint64 m; 370 370 - tmsize_t n; 371 348 m=TIFFRasterScanlineSize64(tif); 372 372 - n=(tmsize_t)m; 373 373 - if ((uint64)n!=m) 374 374 - { 375 375 - TIFFErrorExt(tif->tif_clientdata,module,"Integer arithmetic overflow"); 376 376 - n=0; 377 377 - } 378 378 - return(n); 349 349 + return _TIFFCastUInt64ToSSize(tif, m, module); 379 350 } 380 351 381 352 /* vim: set ts=8 sts=8 sw=8 noet: */

+5 -5

dll/3rdparty/libtiff/tif_thunder.c

··· 123 123 break; 124 124 case THUNDER_2BITDELTAS: /* 2-bit deltas */ 125 125 if ((delta = ((n >> 4) & 3)) != DELTA2_SKIP) 126 126 - SETPIXEL(op, lastpixel + twobitdeltas[delta]); 126 126 + SETPIXEL(op, (unsigned)((int)lastpixel + twobitdeltas[delta])); 127 127 if ((delta = ((n >> 2) & 3)) != DELTA2_SKIP) 128 128 - SETPIXEL(op, lastpixel + twobitdeltas[delta]); 128 128 + SETPIXEL(op, (unsigned)((int)lastpixel + twobitdeltas[delta])); 129 129 if ((delta = (n & 3)) != DELTA2_SKIP) 130 130 - SETPIXEL(op, lastpixel + twobitdeltas[delta]); 130 130 + SETPIXEL(op, (unsigned)((int)lastpixel + twobitdeltas[delta])); 131 131 break; 132 132 case THUNDER_3BITDELTAS: /* 3-bit deltas */ 133 133 if ((delta = ((n >> 3) & 7)) != DELTA3_SKIP) 134 134 - SETPIXEL(op, lastpixel + threebitdeltas[delta]); 134 134 + SETPIXEL(op, (unsigned)((int)lastpixel + threebitdeltas[delta])); 135 135 if ((delta = (n & 7)) != DELTA3_SKIP) 136 136 - SETPIXEL(op, lastpixel + threebitdeltas[delta]); 136 136 + SETPIXEL(op, (unsigned)((int)lastpixel + threebitdeltas[delta])); 137 137 break; 138 138 case THUNDER_RAW: /* raw data */ 139 139 SETPIXEL(op, n);

+3 -25

dll/3rdparty/libtiff/tif_tile.c

··· 27 27 * 28 28 * Tiled Image Support Routines. 29 29 */ 30 30 - 31 30 #include <precomp.h> 32 31 33 32 /* ··· 182 181 { 183 182 static const char module[] = "TIFFTileRowSize"; 184 183 uint64 m; 185 185 - tmsize_t n; 186 184 m=TIFFTileRowSize64(tif); 187 187 - n=(tmsize_t)m; 188 188 - if ((uint64)n!=m) 189 189 - { 190 190 - TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 191 191 - n=0; 192 192 - } 193 193 - return(n); 185 185 + return _TIFFCastUInt64ToSSize(tif, m, module); 194 186 } 195 187 196 188 /* ··· 249 241 { 250 242 static const char module[] = "TIFFVTileSize"; 251 243 uint64 m; 252 252 - tmsize_t n; 253 244 m=TIFFVTileSize64(tif,nrows); 254 254 - n=(tmsize_t)m; 255 255 - if ((uint64)n!=m) 256 256 - { 257 257 - TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 258 258 - n=0; 259 259 - } 260 260 - return(n); 245 245 + return _TIFFCastUInt64ToSSize(tif, m, module); 261 246 } 262 247 263 248 /* ··· 273 258 { 274 259 static const char module[] = "TIFFTileSize"; 275 260 uint64 m; 276 276 - tmsize_t n; 277 261 m=TIFFTileSize64(tif); 278 278 - n=(tmsize_t)m; 279 279 - if ((uint64)n!=m) 280 280 - { 281 281 - TIFFErrorExt(tif->tif_clientdata,module,"Integer overflow"); 282 282 - n=0; 283 283 - } 284 284 - return(n); 262 262 + return _TIFFCastUInt64ToSSize(tif, m, module); 285 263 } 286 264 287 265 /*

-1

dll/3rdparty/libtiff/tif_version.c

··· 21 21 * LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE 22 22 * OF THIS SOFTWARE. 23 23 */ 24 24 - 25 24 #include <precomp.h> 26 25 27 26 static const char TIFFVersion[] = TIFFLIB_VERSION_STR;

+28 -17

dll/3rdparty/libtiff/tif_webp.c

··· 349 349 350 350 sp->state |= LSTATE_INIT_ENCODE; 351 351 352 352 + if (!WebPPictureInit(&sp->sPicture)) { 353 353 + TIFFErrorExt(tif->tif_clientdata, module, 354 354 + "Error initializing WebP picture."); 355 355 + return 0; 356 356 + } 357 357 + 352 358 if (!WebPConfigInitInternal(&sp->sEncoderConfig, WEBP_PRESET_DEFAULT, 353 359 sp->quality_level, 354 360 WEBP_ENCODER_ABI_VERSION)) { ··· 357 363 return 0; 358 364 } 359 365 360 360 - #if WEBP_ENCODER_ABI_VERSION >= 0x0100 361 361 - sp->sEncoderConfig.lossless = sp->lossless; 362 362 - #endif 366 366 + // WebPConfigInitInternal above sets lossless to false 367 367 + #if WEBP_ENCODER_ABI_VERSION >= 0x0100 368 368 + sp->sEncoderConfig.lossless = sp->lossless; 369 369 + if (sp->lossless) { 370 370 + sp->sPicture.use_argb = 1; 371 371 + } 372 372 + #endif 363 373 364 374 if (!WebPValidateConfig(&sp->sEncoderConfig)) { 365 375 TIFFErrorExt(tif->tif_clientdata, module, 366 376 "Error with WebP encoder configuration."); 367 367 - return 0; 368 368 - } 369 369 - 370 370 - if (!WebPPictureInit(&sp->sPicture)) { 371 371 - TIFFErrorExt(tif->tif_clientdata, module, 372 372 - "Error initializing WebP picture."); 373 377 return 0; 374 378 } 375 379 ··· 415 419 /* set up buffer for raw data */ 416 420 /* given above check and that nSamples <= 4, buffer_size is <= 1 GB */ 417 421 sp->buffer_size = segment_width * segment_height * sp->nSamples; 422 422 + 423 423 + if (sp->pBuffer != NULL) { 424 424 + _TIFFfree(sp->pBuffer); 425 425 + sp->pBuffer = NULL; 426 426 + } 427 427 + 418 428 sp->pBuffer = _TIFFmalloc(sp->buffer_size); 419 429 if( !sp->pBuffer) { 420 430 TIFFErrorExt(tif->tif_clientdata, module, "Cannot allocate buffer"); ··· 460 470 "WebPPictureImportRGB() failed"); 461 471 return 0; 462 472 } 463 463 - 473 473 + 464 474 if (!WebPEncode(&sp->sEncoderConfig, &sp->sPicture)) { 465 475 466 476 #if WEBP_ENCODER_ABI_VERSION >= 0x0100 ··· 540 550 } 541 551 542 552 if (sp->pBuffer != NULL) { 543 543 - _TIFFfree(sp->pBuffer); 544 544 - sp->pBuffer = NULL; 553 553 + _TIFFfree(sp->pBuffer); 554 554 + sp->pBuffer = NULL; 545 555 } 546 556 547 547 - if (tif->tif_data) { 548 548 - _TIFFfree(tif->tif_data); 549 549 - tif->tif_data = NULL; 550 550 - } 551 551 - 557 557 + _TIFFfree(tif->tif_data); 558 558 + tif->tif_data = NULL; 559 559 + 552 560 _TIFFSetDefaultCompressionState(tif); 553 561 } 554 562 ··· 570 578 case TIFFTAG_WEBP_LOSSLESS: 571 579 #if WEBP_ENCODER_ABI_VERSION >= 0x0100 572 580 sp->lossless = va_arg(ap, int); 581 581 + if (sp->lossless){ 582 582 + sp->quality_level = 100.0f; 583 583 + } 573 584 return 1; 574 585 #else 575 586 TIFFErrorExt(tif->tif_clientdata, module,

+75 -64

dll/3rdparty/libtiff/tif_write.c

··· 27 27 * 28 28 * Scanline-oriented Write Support 29 29 */ 30 30 - 31 30 #include <precomp.h> 32 31 //#include <stdio.h> 33 32 ··· 129 128 tif->tif_rawcc = 0; 130 129 tif->tif_rawcp = tif->tif_rawdata; 131 130 132 132 - if( td->td_stripbytecount[strip] > 0 ) 131 131 + if( td->td_stripbytecount_p[strip] > 0 ) 133 132 { 134 133 /* if we are writing over existing tiles, zero length */ 135 135 - td->td_stripbytecount[strip] = 0; 134 134 + td->td_stripbytecount_p[strip] = 0; 136 135 137 136 /* this forces TIFFAppendToStrip() to do a seek */ 138 137 tif->tif_curoff = 0; ··· 177 176 return (status); 178 177 } 179 178 179 179 + /* Make sure that at the first attempt of rewriting a tile/strip, we will have */ 180 180 + /* more bytes available in the output buffer than the previous byte count, */ 181 181 + /* so that TIFFAppendToStrip() will detect the overflow when it is called the first */ 182 182 + /* time if the new compressed tile is bigger than the older one. (GDAL #4771) */ 183 183 + static int _TIFFReserveLargeEnoughWriteBuffer(TIFF* tif, uint32 strip_or_tile) 184 184 + { 185 185 + TIFFDirectory *td = &tif->tif_dir; 186 186 + if( td->td_stripbytecount_p[strip_or_tile] > 0 ) 187 187 + { 188 188 + /* The +1 is to ensure at least one extra bytes */ 189 189 + /* The +4 is because the LZW encoder flushes 4 bytes before the limit */ 190 190 + uint64 safe_buffer_size = (uint64)(td->td_stripbytecount_p[strip_or_tile] + 1 + 4); 191 191 + if( tif->tif_rawdatasize <= (tmsize_t)safe_buffer_size ) 192 192 + { 193 193 + if( !(TIFFWriteBufferSetup(tif, NULL, 194 194 + (tmsize_t)TIFFroundup_64(safe_buffer_size, 1024))) ) 195 195 + return 0; 196 196 + } 197 197 + 198 198 + /* Force TIFFAppendToStrip() to consider placing data at end 199 199 + of file. */ 200 200 + tif->tif_curoff = 0; 201 201 + } 202 202 + return 1; 203 203 + } 204 204 + 180 205 /* 181 206 * Encode the supplied data and write it to the 182 207 * specified strip. ··· 223 248 tif->tif_flags |= TIFF_BUF4WRITE; 224 249 tif->tif_curstrip = strip; 225 250 251 251 + if( !_TIFFReserveLargeEnoughWriteBuffer(tif, strip) ) { 252 252 + return ((tmsize_t)(-1)); 253 253 + } 254 254 + 255 255 + tif->tif_rawcc = 0; 256 256 + tif->tif_rawcp = tif->tif_rawdata; 257 257 + 226 258 if (td->td_stripsperimage == 0) { 227 259 TIFFErrorExt(tif->tif_clientdata, module, "Zero strips per image"); 228 260 return ((tmsize_t) -1); ··· 234 266 return ((tmsize_t) -1); 235 267 tif->tif_flags |= TIFF_CODERSETUP; 236 268 } 237 237 - 238 238 - if( td->td_stripbytecount[strip] > 0 ) 239 239 - { 240 240 - /* Make sure that at the first attempt of rewriting the tile, we will have */ 241 241 - /* more bytes available in the output buffer than the previous byte count, */ 242 242 - /* so that TIFFAppendToStrip() will detect the overflow when it is called the first */ 243 243 - /* time if the new compressed tile is bigger than the older one. (GDAL #4771) */ 244 244 - if( tif->tif_rawdatasize <= (tmsize_t)td->td_stripbytecount[strip] ) 245 245 - { 246 246 - if( !(TIFFWriteBufferSetup(tif, NULL, 247 247 - (tmsize_t)TIFFroundup_64((uint64)(td->td_stripbytecount[strip] + 1), 1024))) ) 248 248 - return ((tmsize_t)(-1)); 249 249 - } 250 250 - 251 251 - /* Force TIFFAppendToStrip() to consider placing data at end 252 252 - of file. */ 253 253 - tif->tif_curoff = 0; 254 254 - } 255 255 - 256 256 - tif->tif_rawcc = 0; 257 257 - tif->tif_rawcp = tif->tif_rawdata; 258 269 259 270 tif->tif_flags &= ~TIFF_POSTENCODE; 260 271 ··· 403 414 tif->tif_flags |= TIFF_BUF4WRITE; 404 415 tif->tif_curtile = tile; 405 416 406 406 - if( td->td_stripbytecount[tile] > 0 ) 407 407 - { 408 408 - /* Make sure that at the first attempt of rewriting the tile, we will have */ 409 409 - /* more bytes available in the output buffer than the previous byte count, */ 410 410 - /* so that TIFFAppendToStrip() will detect the overflow when it is called the first */ 411 411 - /* time if the new compressed tile is bigger than the older one. (GDAL #4771) */ 412 412 - if( tif->tif_rawdatasize <= (tmsize_t) td->td_stripbytecount[tile] ) 413 413 - { 414 414 - if( !(TIFFWriteBufferSetup(tif, NULL, 415 415 - (tmsize_t)TIFFroundup_64((uint64)(td->td_stripbytecount[tile] + 1), 1024))) ) 416 416 - return ((tmsize_t)(-1)); 417 417 - } 418 418 - 419 419 - /* Force TIFFAppendToStrip() to consider placing data at end 420 420 - of file. */ 421 421 - tif->tif_curoff = 0; 417 417 + if( !_TIFFReserveLargeEnoughWriteBuffer(tif, tile) ) { 418 418 + return ((tmsize_t)(-1)); 422 419 } 423 420 424 421 tif->tif_rawcc = 0; ··· 538 535 td->td_nstrips = td->td_stripsperimage; 539 536 if (td->td_planarconfig == PLANARCONFIG_SEPARATE) 540 537 td->td_stripsperimage /= td->td_samplesperpixel; 541 541 - td->td_stripoffset = (uint64 *) 538 538 + td->td_stripoffset_p = (uint64 *) 542 539 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64), 543 540 "for \"StripOffsets\" array"); 544 544 - td->td_stripbytecount = (uint64 *) 541 541 + td->td_stripbytecount_p = (uint64 *) 545 542 _TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64), 546 543 "for \"StripByteCounts\" array"); 547 547 - if (td->td_stripoffset == NULL || td->td_stripbytecount == NULL) 544 544 + if (td->td_stripoffset_p == NULL || td->td_stripbytecount_p == NULL) 548 545 return (0); 549 546 /* 550 547 * Place data at the end-of-file 551 548 * (by setting offsets to zero). 552 549 */ 553 553 - _TIFFmemset(td->td_stripoffset, 0, td->td_nstrips*sizeof (uint64)); 554 554 - _TIFFmemset(td->td_stripbytecount, 0, td->td_nstrips*sizeof (uint64)); 550 550 + _TIFFmemset(td->td_stripoffset_p, 0, td->td_nstrips*sizeof (uint64)); 551 551 + _TIFFmemset(td->td_stripbytecount_p, 0, td->td_nstrips*sizeof (uint64)); 555 552 TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS); 556 553 TIFFSetFieldBit(tif, FIELD_STRIPBYTECOUNTS); 557 554 return (1); ··· 573 570 } 574 571 if (tiles ^ isTiled(tif)) { 575 572 TIFFErrorExt(tif->tif_clientdata, module, tiles ? 576 576 - "Can not write tiles to a stripped image" : 573 573 + "Can not write tiles to a striped image" : 577 574 "Can not write scanlines to a tiled image"); 578 575 return (0); 579 576 } ··· 611 608 return (0); 612 609 } 613 610 } 614 614 - if (tif->tif_dir.td_stripoffset == NULL && !TIFFSetupStrips(tif)) { 611 611 + if (tif->tif_dir.td_stripoffset_p == NULL && !TIFFSetupStrips(tif)) { 615 612 tif->tif_dir.td_nstrips = 0; 616 613 TIFFErrorExt(tif->tif_clientdata, module, "No space for %s arrays", 617 614 isTiled(tif) ? "tile" : "strip"); ··· 629 626 if (tif->tif_scanlinesize == 0) 630 627 return (0); 631 628 tif->tif_flags |= TIFF_BEENWRITING; 629 629 + 630 630 + if( tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 && 631 631 + tif->tif_dir.td_stripoffset_entry.tdir_count == 0 && 632 632 + tif->tif_dir.td_stripoffset_entry.tdir_type == 0 && 633 633 + tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 && 634 634 + tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 && 635 635 + tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 && 636 636 + tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 && 637 637 + tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0 && 638 638 + !(tif->tif_flags & TIFF_DIRTYDIRECT) ) 639 639 + { 640 640 + TIFFForceStrileArrayWriting(tif); 641 641 + } 642 642 + 632 643 return (1); 633 644 } 634 645 ··· 685 696 uint64* new_stripbytecount; 686 697 687 698 assert(td->td_planarconfig == PLANARCONFIG_CONTIG); 688 688 - new_stripoffset = (uint64*)_TIFFrealloc(td->td_stripoffset, 699 699 + new_stripoffset = (uint64*)_TIFFrealloc(td->td_stripoffset_p, 689 700 (td->td_nstrips + delta) * sizeof (uint64)); 690 690 - new_stripbytecount = (uint64*)_TIFFrealloc(td->td_stripbytecount, 701 701 + new_stripbytecount = (uint64*)_TIFFrealloc(td->td_stripbytecount_p, 691 702 (td->td_nstrips + delta) * sizeof (uint64)); 692 703 if (new_stripoffset == NULL || new_stripbytecount == NULL) { 693 704 if (new_stripoffset) ··· 698 709 TIFFErrorExt(tif->tif_clientdata, module, "No space to expand strip arrays"); 699 710 return (0); 700 711 } 701 701 - td->td_stripoffset = new_stripoffset; 702 702 - td->td_stripbytecount = new_stripbytecount; 703 703 - _TIFFmemset(td->td_stripoffset + td->td_nstrips, 712 712 + td->td_stripoffset_p = new_stripoffset; 713 713 + td->td_stripbytecount_p = new_stripbytecount; 714 714 + _TIFFmemset(td->td_stripoffset_p + td->td_nstrips, 704 715 0, delta*sizeof (uint64)); 705 705 - _TIFFmemset(td->td_stripbytecount + td->td_nstrips, 716 716 + _TIFFmemset(td->td_stripbytecount_p + td->td_nstrips, 706 717 0, delta*sizeof (uint64)); 707 718 td->td_nstrips += delta; 708 719 tif->tif_flags |= TIFF_DIRTYDIRECT; ··· 721 732 uint64 m; 722 733 int64 old_byte_count = -1; 723 734 724 724 - if (td->td_stripoffset[strip] == 0 || tif->tif_curoff == 0) { 735 735 + if (td->td_stripoffset_p[strip] == 0 || tif->tif_curoff == 0) { 725 736 assert(td->td_nstrips > 0); 726 737 727 727 - if( td->td_stripbytecount[strip] != 0 728 728 - && td->td_stripoffset[strip] != 0 729 729 - && td->td_stripbytecount[strip] >= (uint64) cc ) 738 738 + if( td->td_stripbytecount_p[strip] != 0 739 739 + && td->td_stripoffset_p[strip] != 0 740 740 + && td->td_stripbytecount_p[strip] >= (uint64) cc ) 730 741 { 731 742 /* 732 743 * There is already tile data on disk, and the new tile ··· 735 746 * more data to append to this strip before we are done 736 747 * depending on how we are getting called. 737 748 */ 738 738 - if (!SeekOK(tif, td->td_stripoffset[strip])) { 749 749 + if (!SeekOK(tif, td->td_stripoffset_p[strip])) { 739 750 TIFFErrorExt(tif->tif_clientdata, module, 740 751 "Seek error at scanline %lu", 741 752 (unsigned long)tif->tif_row); ··· 748 759 * Seek to end of file, and set that as our location to 749 760 * write this strip. 750 761 */ 751 751 - td->td_stripoffset[strip] = TIFFSeekFile(tif, 0, SEEK_END); 762 762 + td->td_stripoffset_p[strip] = TIFFSeekFile(tif, 0, SEEK_END); 752 763 tif->tif_flags |= TIFF_DIRTYSTRIP; 753 764 } 754 765 755 755 - tif->tif_curoff = td->td_stripoffset[strip]; 766 766 + tif->tif_curoff = td->td_stripoffset_p[strip]; 756 767 757 768 /* 758 769 * We are starting a fresh strip/tile, so set the size to zero. 759 770 */ 760 760 - old_byte_count = td->td_stripbytecount[strip]; 761 761 - td->td_stripbytecount[strip] = 0; 771 771 + old_byte_count = td->td_stripbytecount_p[strip]; 772 772 + td->td_stripbytecount_p[strip] = 0; 762 773 } 763 774 764 775 m = tif->tif_curoff+cc; ··· 775 786 return (0); 776 787 } 777 788 tif->tif_curoff = m; 778 778 - td->td_stripbytecount[strip] += cc; 789 789 + td->td_stripbytecount_p[strip] += cc; 779 790 780 780 - if( (int64) td->td_stripbytecount[strip] != old_byte_count ) 791 791 + if( (int64) td->td_stripbytecount_p[strip] != old_byte_count ) 781 792 tif->tif_flags |= TIFF_DIRTYSTRIP; 782 793 783 794 return (1);

+21 -40

dll/3rdparty/libtiff/tif_zip.c

··· 23 23 */ 24 24 25 25 #include <precomp.h> 26 26 - 27 26 #ifdef ZIP_SUPPORT 28 27 /* 29 28 * TIFF Library. ··· 48 47 #include "tif_predict.h" 49 48 #include "zlib.h" 50 49 51 51 - //#include <stdio.h> 50 50 + #include <stdio.h> 52 51 53 52 /* 54 53 * Sigh, ZLIB_VERSION is defined as a string so there's no ··· 125 124 static int 126 125 ZIPPreDecode(TIFF* tif, uint16 s) 127 126 { 128 128 - static const char module[] = "ZIPPreDecode"; 129 127 ZIPState* sp = DecoderState(tif); 130 128 131 129 (void) s; ··· 139 137 we need to simplify this code to reflect a ZLib that is likely updated 140 138 to deal with 8byte memory sizes, though this code will respond 141 139 appropriately even before we simplify it */ 142 142 - sp->stream.avail_in = (uInt) tif->tif_rawcc; 143 143 - if ((tmsize_t)sp->stream.avail_in != tif->tif_rawcc) 144 144 - { 145 145 - TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); 146 146 - return (0); 147 147 - } 140 140 + sp->stream.avail_in = (uint64)tif->tif_rawcc < 0xFFFFFFFFU ? (uInt) tif->tif_rawcc : 0xFFFFFFFFU; 148 141 return (inflateReset(&sp->stream) == Z_OK); 149 142 } 150 143 ··· 159 152 assert(sp->state == ZSTATE_INIT_DECODE); 160 153 161 154 sp->stream.next_in = tif->tif_rawcp; 162 162 - sp->stream.avail_in = (uInt) tif->tif_rawcc; 163 155 164 156 sp->stream.next_out = op; 165 157 assert(sizeof(sp->stream.avail_out)==4); /* if this assert gets raised, 166 158 we need to simplify this code to reflect a ZLib that is likely updated 167 159 to deal with 8byte memory sizes, though this code will respond 168 160 appropriately even before we simplify it */ 169 169 - sp->stream.avail_out = (uInt) occ; 170 170 - if ((tmsize_t)sp->stream.avail_out != occ) 171 171 - { 172 172 - TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); 173 173 - return (0); 174 174 - } 175 161 do { 176 176 - int state = inflate(&sp->stream, Z_PARTIAL_FLUSH); 162 162 + int state; 163 163 + uInt avail_in_before = (uint64)tif->tif_rawcc <= 0xFFFFFFFFU ? (uInt)tif->tif_rawcc : 0xFFFFFFFFU; 164 164 + uInt avail_out_before = (uint64)occ < 0xFFFFFFFFU ? (uInt) occ : 0xFFFFFFFFU; 165 165 + sp->stream.avail_in = avail_in_before; 166 166 + sp->stream.avail_out = avail_out_before; 167 167 + state = inflate(&sp->stream, Z_PARTIAL_FLUSH); 168 168 + tif->tif_rawcc -= (avail_in_before - sp->stream.avail_in); 169 169 + occ -= (avail_out_before - sp->stream.avail_out); 177 170 if (state == Z_STREAM_END) 178 171 break; 179 172 if (state == Z_DATA_ERROR) { 180 173 TIFFErrorExt(tif->tif_clientdata, module, 181 174 "Decoding error at scanline %lu, %s", 182 175 (unsigned long) tif->tif_row, SAFE_MSG(sp)); 183 183 - if (inflateSync(&sp->stream) != Z_OK) 184 184 - return (0); 185 185 - continue; 176 176 + return (0); 186 177 } 187 178 if (state != Z_OK) { 188 179 TIFFErrorExt(tif->tif_clientdata, module, 189 180 "ZLib error: %s", SAFE_MSG(sp)); 190 181 return (0); 191 182 } 192 192 - } while (sp->stream.avail_out > 0); 193 193 - if (sp->stream.avail_out != 0) { 183 183 + } while (occ > 0); 184 184 + if (occ != 0) { 194 185 TIFFErrorExt(tif->tif_clientdata, module, 195 186 "Not enough data at scanline %lu (short " TIFF_UINT64_FORMAT " bytes)", 196 196 - (unsigned long) tif->tif_row, (TIFF_UINT64_T) sp->stream.avail_out); 187 187 + (unsigned long) tif->tif_row, (TIFF_UINT64_T) occ); 197 188 return (0); 198 189 } 199 190 200 191 tif->tif_rawcp = sp->stream.next_in; 201 201 - tif->tif_rawcc = sp->stream.avail_in; 202 192 203 193 return (1); 204 194 } ··· 230 220 static int 231 221 ZIPPreEncode(TIFF* tif, uint16 s) 232 222 { 233 233 - static const char module[] = "ZIPPreEncode"; 234 223 ZIPState *sp = EncoderState(tif); 235 224 236 225 (void) s; ··· 243 232 we need to simplify this code to reflect a ZLib that is likely updated 244 233 to deal with 8byte memory sizes, though this code will respond 245 234 appropriately even before we simplify it */ 246 246 - sp->stream.avail_out = (uInt)tif->tif_rawdatasize; 247 247 - if ((tmsize_t)sp->stream.avail_out != tif->tif_rawdatasize) 248 248 - { 249 249 - TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); 250 250 - return (0); 251 251 - } 235 235 + sp->stream.avail_out = (uint64)tif->tif_rawdatasize <= 0xFFFFFFFFU ? (uInt)tif->tif_rawdatasize : 0xFFFFFFFFU; 252 236 return (deflateReset(&sp->stream) == Z_OK); 253 237 } 254 238 ··· 270 254 we need to simplify this code to reflect a ZLib that is likely updated 271 255 to deal with 8byte memory sizes, though this code will respond 272 256 appropriately even before we simplify it */ 273 273 - sp->stream.avail_in = (uInt) cc; 274 274 - if ((tmsize_t)sp->stream.avail_in != cc) 275 275 - { 276 276 - TIFFErrorExt(tif->tif_clientdata, module, "ZLib cannot deal with buffers this size"); 277 277 - return (0); 278 278 - } 279 257 do { 258 258 + uInt avail_in_before = (uint64)cc <= 0xFFFFFFFFU ? (uInt)cc : 0xFFFFFFFFU; 259 259 + sp->stream.avail_in = avail_in_before; 280 260 if (deflate(&sp->stream, Z_NO_FLUSH) != Z_OK) { 281 261 TIFFErrorExt(tif->tif_clientdata, module, 282 262 "Encoder error: %s", ··· 287 267 tif->tif_rawcc = tif->tif_rawdatasize; 288 268 TIFFFlushData1(tif); 289 269 sp->stream.next_out = tif->tif_rawdata; 290 290 - sp->stream.avail_out = (uInt) tif->tif_rawdatasize; /* this is a safe typecast, as check is made already in ZIPPreEncode */ 270 270 + sp->stream.avail_out = (uint64)tif->tif_rawdatasize <= 0xFFFFFFFFU ? (uInt)tif->tif_rawdatasize : 0xFFFFFFFFU; 291 271 } 292 292 - } while (sp->stream.avail_in > 0); 272 272 + cc -= (avail_in_before - sp->stream.avail_in); 273 273 + } while (cc > 0); 293 274 return (1); 294 275 } 295 276 ··· 315 296 tif->tif_rawcc = tif->tif_rawdatasize - sp->stream.avail_out; 316 297 TIFFFlushData1(tif); 317 298 sp->stream.next_out = tif->tif_rawdata; 318 318 - sp->stream.avail_out = (uInt) tif->tif_rawdatasize; /* this is a safe typecast, as check is made already in ZIPPreEncode */ 299 299 + sp->stream.avail_out = (uint64)tif->tif_rawdatasize <= 0xFFFFFFFFU ? (uInt)tif->tif_rawdatasize : 0xFFFFFFFFU; 319 300 } 320 301 break; 321 302 default:

+1 -1

media/doc/3rd Party Files.txt

··· 79 79 Website: http://www.ijg.org/ 80 80 81 81 Title: libtiff 82 82 - Used Version: 4.0.10 82 82 + Used Version: 4.1.0 83 83 Website: http://www.simplesystems.org/libtiff/ 84 84 85 85 Title: mbed TLS

+8 -4

sdk/include/reactos/libs/libtiff/tif_dir.h

··· 58 58 uint32 toff_long; 59 59 uint64 toff_long8; 60 60 } tdir_offset; /* either offset or the data itself if fits */ 61 61 + uint8 tdir_ignore; /* flag status to ignore tag when parsing tags in tif_dirread.c */ 61 62 } TIFFDirEntry; 62 63 63 64 /* ··· 97 98 * number of striles */ 98 99 uint32 td_stripsperimage; 99 100 uint32 td_nstrips; /* size of offset & bytecount arrays */ 100 100 - uint64* td_stripoffset; 101 101 - uint64* td_stripbytecount; 101 101 + uint64* td_stripoffset_p; /* should be accessed with TIFFGetStrileOffset */ 102 102 + uint64* td_stripbytecount_p; /* should be accessed with TIFFGetStrileByteCount */ 103 103 + uint32 td_stripoffsetbyteallocsize; /* number of elements currently allocated for td_stripoffset/td_stripbytecount. Only used if TIFF_LAZYSTRILELOAD is set */ 104 104 + #ifdef STRIPBYTECOUNTSORTED_UNUSED 102 105 int td_stripbytecountsorted; /* is the bytecount array sorted ascending? */ 103 103 - #if defined(DEFER_STRILE_LOAD) 106 106 + #endif 104 107 TIFFDirEntry td_stripoffset_entry; /* for deferred loading */ 105 108 TIFFDirEntry td_stripbytecount_entry; /* for deferred loading */ 106 106 - #endif 107 109 uint16 td_nsubifd; 108 110 uint64* td_subifd; 109 111 /* YCbCr parameters */ ··· 118 120 119 121 int td_customValueCount; 120 122 TIFFTagValue *td_customValues; 123 123 + 124 124 + unsigned char td_deferstrilearraywriting; /* see TIFFDeferStrileArrayWriting() */ 121 125 } TIFFDirectory; 122 126 123 127 /*

+10 -5

sdk/include/reactos/libs/libtiff/tiffio.h

··· 94 94 95 95 #if defined(USE_WIN32_FILEIO) 96 96 # define VC_EXTRALEAN 97 97 - #ifdef __REACTOS__ 98 98 - # define WIN32_NO_STATUS 99 99 - # include <windef.h> 100 100 - #else /* __REACTOS__ */ 101 97 # include <windows.h> 102 102 - #endif /* __REACTOS__ */ 103 98 # ifdef __WIN32__ 104 99 DECLARE_HANDLE(thandle_t); /* Win32 file handle */ 105 100 # else ··· 416 411 extern int TIFFWriteCustomDirectory(TIFF *, uint64 *); 417 412 extern int TIFFCheckpointDirectory(TIFF *); 418 413 extern int TIFFRewriteDirectory(TIFF *); 414 414 + extern int TIFFDeferStrileArrayWriting(TIFF *); 415 415 + extern int TIFFForceStrileArrayWriting(TIFF* ); 419 416 420 417 #if defined(c_plusplus) || defined(__cplusplus) 421 418 extern void TIFFPrintDirectory(TIFF*, FILE*, long = 0); ··· 473 470 extern tmsize_t TIFFReadRawStrip(TIFF* tif, uint32 strip, void* buf, tmsize_t size); 474 471 extern tmsize_t TIFFReadEncodedTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size); 475 472 extern tmsize_t TIFFReadRawTile(TIFF* tif, uint32 tile, void* buf, tmsize_t size); 473 473 + extern int TIFFReadFromUserBuffer(TIFF* tif, uint32 strile, 474 474 + void* inbuf, tmsize_t insize, 475 475 + void* outbuf, tmsize_t outsize); 476 476 extern tmsize_t TIFFWriteEncodedStrip(TIFF* tif, uint32 strip, void* data, tmsize_t cc); 477 477 extern tmsize_t TIFFWriteRawStrip(TIFF* tif, uint32 strip, void* data, tmsize_t cc); 478 478 extern tmsize_t TIFFWriteEncodedTile(TIFF* tif, uint32 tile, void* data, tmsize_t cc); ··· 492 492 extern void TIFFSwabArrayOfDouble(double* dp, tmsize_t n); 493 493 extern void TIFFReverseBits(uint8* cp, tmsize_t n); 494 494 extern const unsigned char* TIFFGetBitRevTable(int); 495 495 + 496 496 + extern uint64 TIFFGetStrileOffset(TIFF *tif, uint32 strile); 497 497 + extern uint64 TIFFGetStrileByteCount(TIFF *tif, uint32 strile); 498 498 + extern uint64 TIFFGetStrileOffsetWithErr(TIFF *tif, uint32 strile, int *pbErr); 499 499 + extern uint64 TIFFGetStrileByteCountWithErr(TIFF *tif, uint32 strile, int *pbErr); 495 500 496 501 #ifdef LOGLUV_PUBLIC 497 502 #define U_NEU 0.210526316

+21 -1

sdk/include/reactos/libs/libtiff/tiffiop.h

··· 77 77 #define FALSE 0 78 78 #endif 79 79 80 80 + #define TIFF_SIZE_T_MAX ((size_t) ~ ((size_t)0)) 81 81 + #define TIFF_TMSIZE_T_MAX (tmsize_t)(TIFF_SIZE_T_MAX >> 1) 82 82 + 83 83 + /* 84 84 + * Largest 32-bit unsigned integer value. 85 85 + */ 86 86 + #define TIFF_UINT32_MAX 0xFFFFFFFFU 87 87 + 88 88 + /* 89 89 + * Largest 64-bit unsigned integer value. 90 90 + */ 91 91 + #define TIFF_UINT64_MAX (((uint64)(TIFF_UINT32_MAX)) << 32 | TIFF_UINT32_MAX) 92 92 + 80 93 typedef struct client_info { 81 94 struct client_info *next; 82 95 void *data; ··· 127 140 #define TIFF_DIRTYSTRIP 0x200000U /* stripoffsets/stripbytecount dirty*/ 128 141 #define TIFF_PERSAMPLE 0x400000U /* get/set per sample tags as arrays */ 129 142 #define TIFF_BUFFERMMAP 0x800000U /* read buffer (tif_rawdata) points into mmap() memory */ 143 143 + #define TIFF_DEFERSTRILELOAD 0x1000000U /* defer strip/tile offset/bytecount array loading. */ 144 144 + #define TIFF_LAZYSTRILELOAD 0x2000000U /* lazy/ondemand loading of strip/tile offset/bytecount values. Only used if TIFF_DEFERSTRILELOAD is set and in read-only mode */ 145 145 + #define TIFF_CHOPPEDUPARRAYS 0x4000000U /* set when allocChoppedUpStripArrays() has modified strip array */ 130 146 uint64 tif_diroff; /* file offset of current directory */ 131 147 uint64 tif_nextdiroff; /* file offset of following directory */ 132 148 uint64* tif_dirlist; /* list of offsets to already seen directories to prevent IFD looping */ ··· 258 274 #define TIFFhowmany8_64(x) (((x)&0x07)?((uint64)(x)>>3)+1:(uint64)(x)>>3) 259 275 #define TIFFroundup_64(x, y) (TIFFhowmany_64(x,y)*(y)) 260 276 261 261 - /* Safe multiply which returns zero if there is an integer overflow */ 277 277 + /* Safe multiply which returns zero if there is an *unsigned* integer overflow. This macro is not safe for *signed* integer types */ 262 278 #define TIFFSafeMultiply(t,v,m) ((((t)(m) != (t)0) && (((t)(((v)*(m))/(m))) == (t)(v))) ? (t)((v)*(m)) : (t)0) 263 279 264 280 #define TIFFmax(A,B) ((A)>(B)?(A):(B)) ··· 368 384 369 385 extern uint32 _TIFFMultiply32(TIFF*, uint32, uint32, const char*); 370 386 extern uint64 _TIFFMultiply64(TIFF*, uint64, uint64, const char*); 387 387 + extern tmsize_t _TIFFMultiplySSize(TIFF*, tmsize_t, tmsize_t, const char*); 388 388 + extern tmsize_t _TIFFCastUInt64ToSSize(TIFF*, uint64, const char*); 371 389 extern void* _TIFFCheckMalloc(TIFF*, tmsize_t, tmsize_t, const char*); 372 390 extern void* _TIFFCheckRealloc(TIFF*, void*, tmsize_t, tmsize_t, const char*); 373 391 374 392 extern double _TIFFUInt64ToDouble(uint64); 375 393 extern float _TIFFUInt64ToFloat(uint64); 394 394 + 395 395 + extern float _TIFFClampDoubleToFloat(double); 376 396 377 397 extern tmsize_t 378 398 _TIFFReadEncodedStripAndAllocBuffer(TIFF* tif, uint32 strip,

+2 -2

sdk/include/reactos/libs/libtiff/tiffvers.h

··· 1 1 - #define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.0.10\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc." 1 1 + #define TIFFLIB_VERSION_STR "LIBTIFF, Version 4.1.0\nCopyright (c) 1988-1996 Sam Leffler\nCopyright (c) 1991-1996 Silicon Graphics, Inc." 2 2 /* 3 3 * This define can be used in code that requires 4 4 * compilation-related definitions specific to a ··· 6 6 * version checking should be done based on the 7 7 * string returned by TIFFGetVersion. 8 8 */ 9 9 - #define TIFFLIB_VERSION 20181110 9 9 + #define TIFFLIB_VERSION 20191103