abdelrahman/tiffread
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Check field sizes against field type sizes instead of C primitives

Browse Source
This commit is contained in:
Abdelrahman Said 2024-05-05 18:42:24 +01:00
parent 9b7e07b9ad
commit ed2737d330
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/tiff/tiffread.c
View File

@ -33,6 +33,9 @@
#define INVALID_ALPHA_OFFSET -1 #define INVALID_ALPHA_OFFSET -1
#define TIFF_SHORT_BYTE_COUNT field_types[TIFF_FIELD_TYPE_SHORT].byte_count
#define TIFF_LONG_BYTE_COUNT field_types[TIFF_FIELD_TYPE_LONG].byte_count
#define TEMP_ARENA_CAPACITY (20 * 1024 * 1024) #define TEMP_ARENA_CAPACITY (20 * 1024 * 1024)
typedef struct tiff_reader TiffReader; typedef struct tiff_reader TiffReader;
@ -307,9 +310,9 @@ internal bool read_strip_data(TiffReader *reader, Arena *arena) {
reader->img.strip_count * reader->img.strip_byte_count_type_byte_count; reader->img.strip_count * reader->img.strip_byte_count_type_byte_count;
if ((!(reader->img.strip_offsets_offset) && if ((!(reader->img.strip_offsets_offset) &&
offsets_total_bytes > sizeof(u32)) || offsets_total_bytes > TIFF_LONG_BYTE_COUNT) ||
(!(reader->img.strip_byte_counts_offset) && (!(reader->img.strip_byte_counts_offset) &&
byte_count_total_bytes > sizeof(u32))) { byte_count_total_bytes > TIFF_LONG_BYTE_COUNT)) {
return false; return false;
} }
@ -378,18 +381,17 @@ internal void read_strip_data_field(const TiffReader *reader,
field->type_byte_count, field->type_byte_count,
field->value_from_file->long_val + offset); field->value_from_file->long_val + offset);
u16 tiff_short_byte_count = field_types[TIFF_FIELD_TYPE_SHORT].byte_count;
switch (reader->header.order) { switch (reader->header.order) {
case TIFF_ORDER_BIG_ENDIAN: case TIFF_ORDER_BIG_ENDIAN:
if (IS_LITTLE_ENDIAN) { if (IS_LITTLE_ENDIAN) {
*(field->strip_value) = field->type_byte_count > tiff_short_byte_count *(field->strip_value) = field->type_byte_count > TIFF_SHORT_BYTE_COUNT
? ntohl(*(field->strip_value)) ? ntohl(*(field->strip_value))
: ntohs(*(field->strip_value)); : ntohs(*(field->strip_value));
} }
break; break;
case TIFF_ORDER_LITTLE_ENDIAN: case TIFF_ORDER_LITTLE_ENDIAN:
if (IS_BIG_ENDIAN) { if (IS_BIG_ENDIAN) {
*(field->strip_value) = field->type_byte_count > tiff_short_byte_count *(field->strip_value) = field->type_byte_count > TIFF_SHORT_BYTE_COUNT
? htonl(*(field->strip_value)) ? htonl(*(field->strip_value))
: htons(*(field->strip_value)); : htons(*(field->strip_value));
} }
@ -450,9 +452,9 @@ internal bool read_field(const TiffField *field, TiffImage *img) {
case TIFF_PUBLIC_TAG_STRIP_OFFSETS: case TIFF_PUBLIC_TAG_STRIP_OFFSETS:
img->strip_offsets_type_byte_count = field_types[field->type].byte_count; img->strip_offsets_type_byte_count = field_types[field->type].byte_count;
if (img->strip_offsets_type_byte_count == sizeof(u16)) { if (img->strip_offsets_type_byte_count == TIFF_SHORT_BYTE_COUNT) {
img->strip_offsets.short_val = field->value_offset; img->strip_offsets.short_val = field->value_offset;
} else if (img->strip_offsets_type_byte_count == sizeof(u32)) { } else if (img->strip_offsets_type_byte_count == TIFF_LONG_BYTE_COUNT) {
img->strip_offsets.long_val = field->value_offset; img->strip_offsets.long_val = field->value_offset;
} }
@ -495,9 +497,9 @@ internal bool read_field(const TiffField *field, TiffImage *img) {
case TIFF_PUBLIC_TAG_STRIP_BYTE_COUNTS: case TIFF_PUBLIC_TAG_STRIP_BYTE_COUNTS:
img->strip_byte_count_type_byte_count = field_types[field->type].byte_count; img->strip_byte_count_type_byte_count = field_types[field->type].byte_count;
if (img->strip_byte_count_type_byte_count == sizeof(u16)) { if (img->strip_byte_count_type_byte_count == TIFF_SHORT_BYTE_COUNT) {
img->strip_byte_counts.short_val = field->value_offset; img->strip_byte_counts.short_val = field->value_offset;
} else if (img->strip_byte_count_type_byte_count == sizeof(u32)) { } else if (img->strip_byte_count_type_byte_count == TIFF_LONG_BYTE_COUNT) {
img->strip_byte_counts.long_val = field->value_offset; img->strip_byte_counts.long_val = field->value_offset;
} }