341 lines
9.0 KiB
Diff
341 lines
9.0 KiB
Diff
mv Index: tools/tiff2pdf.c
|
|
===================================================================
|
|
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
|
|
retrieving revision 1.37.2.19
|
|
diff -c -r1.37.2.19 tiff2pdf.c
|
|
*** tools/tiff2pdf.c 13 Dec 2010 05:41:11 -0000 1.37.2.19
|
|
--- tools/tiff2pdf.c 17 Apr 2012 20:15:03 -0000
|
|
***************
|
|
*** 431,436 ****
|
|
--- 431,464 ----
|
|
(void) handle, (void) data, (void) offset;
|
|
}
|
|
|
|
+ static uint64
|
|
+ checkAdd64(uint64 summand1, uint64 summand2, T2P* t2p)
|
|
+ {
|
|
+ uint64 bytes = summand1 + summand2;
|
|
+
|
|
+ if (bytes - summand1 != summand2) {
|
|
+ TIFFError(TIFF2PDF_MODULE, "Integer overflow");
|
|
+ t2p->t2p_error = T2P_ERR_ERROR;
|
|
+ bytes = 0;
|
|
+ }
|
|
+
|
|
+ return bytes;
|
|
+ }
|
|
+
|
|
+ static uint64
|
|
+ checkMultiply64(uint64 first, uint64 second, T2P* t2p)
|
|
+ {
|
|
+ uint64 bytes = first * second;
|
|
+
|
|
+ if (second && bytes / second != first) {
|
|
+ TIFFError(TIFF2PDF_MODULE, "Integer overflow");
|
|
+ t2p->t2p_error = T2P_ERR_ERROR;
|
|
+ bytes = 0;
|
|
+ }
|
|
+
|
|
+ return bytes;
|
|
+ }
|
|
+
|
|
/*
|
|
|
|
This is the main function.
|
|
***************
|
|
*** 1773,1781 ****
|
|
tstrip_t i=0;
|
|
tstrip_t stripcount=0;
|
|
#endif
|
|
! #ifdef OJPEG_SUPPORT
|
|
! tsize_t k = 0;
|
|
! #endif
|
|
|
|
if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){
|
|
#ifdef CCITT_SUPPORT
|
|
--- 1801,1807 ----
|
|
tstrip_t i=0;
|
|
tstrip_t stripcount=0;
|
|
#endif
|
|
! uint64 k = 0;
|
|
|
|
if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){
|
|
#ifdef CCITT_SUPPORT
|
|
***************
|
|
*** 1803,1821 ****
|
|
}
|
|
stripcount=TIFFNumberOfStrips(input);
|
|
for(i=0;i<stripcount;i++){
|
|
! k += sbc[i];
|
|
}
|
|
if(TIFFGetField(input, TIFFTAG_JPEGIFOFFSET, &(t2p->tiff_dataoffset))){
|
|
if(t2p->tiff_dataoffset != 0){
|
|
if(TIFFGetField(input, TIFFTAG_JPEGIFBYTECOUNT, &(t2p->tiff_datasize))!=0){
|
|
if(t2p->tiff_datasize < k) {
|
|
- t2p->pdf_ojpegiflength=t2p->tiff_datasize;
|
|
- t2p->tiff_datasize+=k;
|
|
- t2p->tiff_datasize+=6;
|
|
- t2p->tiff_datasize+=2*stripcount;
|
|
TIFFWarning(TIFF2PDF_MODULE,
|
|
"Input file %s has short JPEG interchange file byte count",
|
|
TIFFFileName(input));
|
|
return;
|
|
}
|
|
return;
|
|
--- 1829,1853 ----
|
|
}
|
|
stripcount=TIFFNumberOfStrips(input);
|
|
for(i=0;i<stripcount;i++){
|
|
! k = checkAdd64(k, sbc[i], t2p);
|
|
}
|
|
if(TIFFGetField(input, TIFFTAG_JPEGIFOFFSET, &(t2p->tiff_dataoffset))){
|
|
if(t2p->tiff_dataoffset != 0){
|
|
if(TIFFGetField(input, TIFFTAG_JPEGIFBYTECOUNT, &(t2p->tiff_datasize))!=0){
|
|
if(t2p->tiff_datasize < k) {
|
|
TIFFWarning(TIFF2PDF_MODULE,
|
|
"Input file %s has short JPEG interchange file byte count",
|
|
TIFFFileName(input));
|
|
+ t2p->pdf_ojpegiflength=t2p->tiff_datasize;
|
|
+ k = checkAdd64(k, t2p->tiff_datasize, t2p);
|
|
+ k = checkAdd64(k, 6, t2p);
|
|
+ k = checkAdd64(k, stripcount, t2p);
|
|
+ k = checkAdd64(k, stripcount, t2p);
|
|
+ t2p->tiff_datasize = (tsize_t) k;
|
|
+ if ((uint64) t2p->tiff_datasize != k) {
|
|
+ TIFFError(TIFF2PDF_MODULE, "Integer overflow");
|
|
+ t2p->t2p_error = T2P_ERR_ERROR;
|
|
+ }
|
|
return;
|
|
}
|
|
return;
|
|
***************
|
|
*** 1828,1836 ****
|
|
}
|
|
}
|
|
}
|
|
! t2p->tiff_datasize+=k;
|
|
! t2p->tiff_datasize+=2*stripcount;
|
|
! t2p->tiff_datasize+=2048;
|
|
return;
|
|
}
|
|
#endif
|
|
--- 1860,1873 ----
|
|
}
|
|
}
|
|
}
|
|
! k = checkAdd64(k, stripcount, t2p);
|
|
! k = checkAdd64(k, stripcount, t2p);
|
|
! k = checkAdd64(k, 2048, t2p);
|
|
! t2p->tiff_datasize = (tsize_t) k;
|
|
! if ((uint64) t2p->tiff_datasize != k) {
|
|
! TIFFError(TIFF2PDF_MODULE, "Integer overflow");
|
|
! t2p->t2p_error = T2P_ERR_ERROR;
|
|
! }
|
|
return;
|
|
}
|
|
#endif
|
|
***************
|
|
*** 1839,1849 ****
|
|
uint32 count = 0;
|
|
if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0 ){
|
|
if(count > 4){
|
|
! t2p->tiff_datasize += count;
|
|
! t2p->tiff_datasize -= 2; /* don't use EOI of header */
|
|
}
|
|
} else {
|
|
! t2p->tiff_datasize = 2; /* SOI for first strip */
|
|
}
|
|
stripcount=TIFFNumberOfStrips(input);
|
|
if(!TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc)){
|
|
--- 1876,1886 ----
|
|
uint32 count = 0;
|
|
if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0 ){
|
|
if(count > 4){
|
|
! k += count;
|
|
! k -= 2; /* don't use EOI of header */
|
|
}
|
|
} else {
|
|
! k = 2; /* SOI for first strip */
|
|
}
|
|
stripcount=TIFFNumberOfStrips(input);
|
|
if(!TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc)){
|
|
***************
|
|
*** 1854,1871 ****
|
|
return;
|
|
}
|
|
for(i=0;i<stripcount;i++){
|
|
! t2p->tiff_datasize += sbc[i];
|
|
! t2p->tiff_datasize -=4; /* don't use SOI or EOI of strip */
|
|
}
|
|
- t2p->tiff_datasize +=2; /* use EOI of last strip */
|
|
return;
|
|
}
|
|
#endif
|
|
(void) 0;
|
|
}
|
|
! t2p->tiff_datasize=TIFFScanlineSize(input) * t2p->tiff_length;
|
|
if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){
|
|
! t2p->tiff_datasize*= t2p->tiff_samplesperpixel;
|
|
}
|
|
|
|
return;
|
|
--- 1891,1923 ----
|
|
return;
|
|
}
|
|
for(i=0;i<stripcount;i++){
|
|
! k = checkAdd64(k, sbc[i], t2p);
|
|
! k -=4; /* don't use SOI or EOI of strip */
|
|
! }
|
|
! k = checkAdd64(k, 2, t2p); /* use EOI of last strip */
|
|
! t2p->tiff_datasize = (tsize_t) k;
|
|
! if ((uint64) t2p->tiff_datasize != k) {
|
|
! TIFFError(TIFF2PDF_MODULE, "Integer overflow");
|
|
! t2p->t2p_error = T2P_ERR_ERROR;
|
|
}
|
|
return;
|
|
}
|
|
#endif
|
|
(void) 0;
|
|
}
|
|
! k = checkMultiply64(TIFFScanlineSize(input), t2p->tiff_length, t2p);
|
|
if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){
|
|
! k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p);
|
|
! }
|
|
! if (k == 0) {
|
|
! /* Assume we had overflow inside TIFFScanlineSize */
|
|
! t2p->t2p_error = T2P_ERR_ERROR;
|
|
! }
|
|
!
|
|
! t2p->tiff_datasize = (tsize_t) k;
|
|
! if ((uint64) t2p->tiff_datasize != k) {
|
|
! TIFFError(TIFF2PDF_MODULE, "Integer overflow");
|
|
! t2p->t2p_error = T2P_ERR_ERROR;
|
|
}
|
|
|
|
return;
|
|
***************
|
|
*** 1883,1888 ****
|
|
--- 1935,1941 ----
|
|
#ifdef JPEG_SUPPORT
|
|
unsigned char* jpt;
|
|
#endif
|
|
+ uint64 k;
|
|
|
|
edge |= t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile);
|
|
edge |= t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile);
|
|
***************
|
|
*** 1894,1907 ****
|
|
#endif
|
|
){
|
|
t2p->tiff_datasize=TIFFTileSize(input);
|
|
return;
|
|
} else {
|
|
TIFFGetField(input, TIFFTAG_TILEBYTECOUNTS, &tbc);
|
|
! t2p->tiff_datasize=tbc[tile];
|
|
#ifdef OJPEG_SUPPORT
|
|
if(t2p->tiff_compression==COMPRESSION_OJPEG){
|
|
! t2p->tiff_datasize+=2048;
|
|
! return;
|
|
}
|
|
#endif
|
|
#ifdef JPEG_SUPPORT
|
|
--- 1947,1963 ----
|
|
#endif
|
|
){
|
|
t2p->tiff_datasize=TIFFTileSize(input);
|
|
+ if (t2p->tiff_datasize == 0) {
|
|
+ /* Assume we had overflow inside TIFFTileSize */
|
|
+ t2p->t2p_error = T2P_ERR_ERROR;
|
|
+ }
|
|
return;
|
|
} else {
|
|
TIFFGetField(input, TIFFTAG_TILEBYTECOUNTS, &tbc);
|
|
! k=tbc[tile];
|
|
#ifdef OJPEG_SUPPORT
|
|
if(t2p->tiff_compression==COMPRESSION_OJPEG){
|
|
! k = checkAdd64(k, 2048, t2p);
|
|
}
|
|
#endif
|
|
#ifdef JPEG_SUPPORT
|
|
***************
|
|
*** 1909,1926 ****
|
|
uint32 count = 0;
|
|
if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt)!=0){
|
|
if(count > 4){
|
|
! t2p->tiff_datasize += count;
|
|
! t2p->tiff_datasize -= 2; /* don't use EOI of header or SOI of tile */
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
return;
|
|
}
|
|
}
|
|
! t2p->tiff_datasize=TIFFTileSize(input);
|
|
if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){
|
|
! t2p->tiff_datasize*= t2p->tiff_samplesperpixel;
|
|
}
|
|
|
|
return;
|
|
--- 1965,1997 ----
|
|
uint32 count = 0;
|
|
if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt)!=0){
|
|
if(count > 4){
|
|
! k = checkAdd64(k, count, t2p);
|
|
! k -= 2; /* don't use EOI of header or SOI of tile */
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
+ t2p->tiff_datasize = (tsize_t) k;
|
|
+ if ((uint64) t2p->tiff_datasize != k) {
|
|
+ TIFFError(TIFF2PDF_MODULE, "Integer overflow");
|
|
+ t2p->t2p_error = T2P_ERR_ERROR;
|
|
+ }
|
|
return;
|
|
}
|
|
}
|
|
! k = TIFFTileSize(input);
|
|
if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){
|
|
! k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p);
|
|
! }
|
|
! if (k == 0) {
|
|
! /* Assume we had overflow inside TIFFTileSize */
|
|
! t2p->t2p_error = T2P_ERR_ERROR;
|
|
! }
|
|
!
|
|
! t2p->tiff_datasize = (tsize_t) k;
|
|
! if ((uint64) t2p->tiff_datasize != k) {
|
|
! TIFFError(TIFF2PDF_MODULE, "Integer overflow");
|
|
! t2p->t2p_error = T2P_ERR_ERROR;
|
|
}
|
|
|
|
return;
|
|
***************
|
|
*** 2013,2018 ****
|
|
--- 2084,2093 ----
|
|
uint32 max_striplength=0;
|
|
#endif
|
|
|
|
+ /* Fail if prior error (in particular, can't trust tiff_datasize) */
|
|
+ if (t2p->t2p_error != T2P_ERR_OK)
|
|
+ return(0);
|
|
+
|
|
if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){
|
|
#ifdef CCITT_SUPPORT
|
|
if(t2p->pdf_compression == T2P_COMPRESS_G4){
|
|
***************
|
|
*** 2586,2591 ****
|
|
--- 2661,2670 ----
|
|
uint32 xuint32=0;
|
|
#endif
|
|
|
|
+ /* Fail if prior error (in particular, can't trust tiff_datasize) */
|
|
+ if (t2p->t2p_error != T2P_ERR_OK)
|
|
+ return(0);
|
|
+
|
|
edge |= t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile);
|
|
edge |= t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile);
|
|
|
|
|