From ed2737d3305a20b9854747c74405e6e7548c6505 Mon Sep 17 00:00:00 2001 From: Abdelrahman Date: Sun, 5 May 2024 18:42:24 +0100 Subject: [PATCH] Check field sizes against field type sizes instead of C primitives --- src/tiff/tiffread.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/tiff/tiffread.c b/src/tiff/tiffread.c index be19810..62010e4 100644 --- a/src/tiff/tiffread.c +++ b/src/tiff/tiffread.c @@ -33,6 +33,9 @@ #define INVALID_ALPHA_OFFSET -1 +#define TIFF_SHORT_BYTE_COUNT field_types[TIFF_FIELD_TYPE_SHORT].byte_count +#define TIFF_LONG_BYTE_COUNT field_types[TIFF_FIELD_TYPE_LONG].byte_count + #define TEMP_ARENA_CAPACITY (20 * 1024 * 1024) typedef struct tiff_reader TiffReader; @@ -307,9 +310,9 @@ internal bool read_strip_data(TiffReader *reader, Arena *arena) { reader->img.strip_count * reader->img.strip_byte_count_type_byte_count; if ((!(reader->img.strip_offsets_offset) && - offsets_total_bytes > sizeof(u32)) || + offsets_total_bytes > TIFF_LONG_BYTE_COUNT) || (!(reader->img.strip_byte_counts_offset) && - byte_count_total_bytes > sizeof(u32))) { + byte_count_total_bytes > TIFF_LONG_BYTE_COUNT)) { return false; } @@ -378,18 +381,17 @@ internal void read_strip_data_field(const TiffReader *reader, field->type_byte_count, field->value_from_file->long_val + offset); - u16 tiff_short_byte_count = field_types[TIFF_FIELD_TYPE_SHORT].byte_count; switch (reader->header.order) { case TIFF_ORDER_BIG_ENDIAN: if (IS_LITTLE_ENDIAN) { - *(field->strip_value) = field->type_byte_count > tiff_short_byte_count + *(field->strip_value) = field->type_byte_count > TIFF_SHORT_BYTE_COUNT ? ntohl(*(field->strip_value)) : ntohs(*(field->strip_value)); } break; case TIFF_ORDER_LITTLE_ENDIAN: if (IS_BIG_ENDIAN) { - *(field->strip_value) = field->type_byte_count > tiff_short_byte_count + *(field->strip_value) = field->type_byte_count > TIFF_SHORT_BYTE_COUNT ? htonl(*(field->strip_value)) : htons(*(field->strip_value)); } @@ -450,9 +452,9 @@ internal bool read_field(const TiffField *field, TiffImage *img) { case TIFF_PUBLIC_TAG_STRIP_OFFSETS: img->strip_offsets_type_byte_count = field_types[field->type].byte_count; - if (img->strip_offsets_type_byte_count == sizeof(u16)) { + if (img->strip_offsets_type_byte_count == TIFF_SHORT_BYTE_COUNT) { img->strip_offsets.short_val = field->value_offset; - } else if (img->strip_offsets_type_byte_count == sizeof(u32)) { + } else if (img->strip_offsets_type_byte_count == TIFF_LONG_BYTE_COUNT) { img->strip_offsets.long_val = field->value_offset; } @@ -495,9 +497,9 @@ internal bool read_field(const TiffField *field, TiffImage *img) { case TIFF_PUBLIC_TAG_STRIP_BYTE_COUNTS: img->strip_byte_count_type_byte_count = field_types[field->type].byte_count; - if (img->strip_byte_count_type_byte_count == sizeof(u16)) { + if (img->strip_byte_count_type_byte_count == TIFF_SHORT_BYTE_COUNT) { img->strip_byte_counts.short_val = field->value_offset; - } else if (img->strip_byte_count_type_byte_count == sizeof(u32)) { + } else if (img->strip_byte_count_type_byte_count == TIFF_LONG_BYTE_COUNT) { img->strip_byte_counts.long_val = field->value_offset; }