435
435
(void) handle, (void) data, (void) offset;
439
checkAdd64(uint64 summand1, uint64 summand2, T2P* t2p)
441
uint64 bytes = summand1 + summand2;
443
if (bytes - summand1 != summand2) {
444
TIFFError(TIFF2PDF_MODULE, "Integer overflow");
445
t2p->t2p_error = T2P_ERR_ERROR;
453
checkMultiply64(uint64 first, uint64 second, T2P* t2p)
455
uint64 bytes = first * second;
457
if (second && bytes / second != first) {
458
TIFFError(TIFF2PDF_MODULE, "Integer overflow");
459
t2p->t2p_error = T2P_ERR_ERROR;
440
468
This is the main function.
1807
1833
stripcount=TIFFNumberOfStrips(input);
1808
1834
for(i=0;i<stripcount;i++){
1835
k = checkAdd64(k, sbc[i], t2p);
1811
1837
if(TIFFGetField(input, TIFFTAG_JPEGIFOFFSET, &(t2p->tiff_dataoffset))){
1812
1838
if(t2p->tiff_dataoffset != 0){
1813
1839
if(TIFFGetField(input, TIFFTAG_JPEGIFBYTECOUNT, &(t2p->tiff_datasize))!=0){
1814
if(t2p->tiff_datasize < k) {
1815
t2p->pdf_ojpegiflength=t2p->tiff_datasize;
1816
t2p->tiff_datasize+=k;
1817
t2p->tiff_datasize+=6;
1818
t2p->tiff_datasize+=2*stripcount;
1840
if((uint64)t2p->tiff_datasize < k) {
1819
1841
TIFFWarning(TIFF2PDF_MODULE,
1820
1842
"Input file %s has short JPEG interchange file byte count",
1821
1843
TIFFFileName(input));
1844
t2p->pdf_ojpegiflength=t2p->tiff_datasize;
1845
k = checkAdd64(k, t2p->tiff_datasize, t2p);
1846
k = checkAdd64(k, 6, t2p);
1847
k = checkAdd64(k, stripcount, t2p);
1848
k = checkAdd64(k, stripcount, t2p);
1849
t2p->tiff_datasize = (tsize_t) k;
1850
if ((uint64) t2p->tiff_datasize != k) {
1851
TIFFError(TIFF2PDF_MODULE, "Integer overflow");
1852
t2p->t2p_error = T2P_ERR_ERROR;
1834
t2p->tiff_datasize+=k;
1835
t2p->tiff_datasize+=2*stripcount;
1836
t2p->tiff_datasize+=2048;
1866
k = checkAdd64(k, stripcount, t2p);
1867
k = checkAdd64(k, stripcount, t2p);
1868
k = checkAdd64(k, 2048, t2p);
1869
t2p->tiff_datasize = (tsize_t) k;
1870
if ((uint64) t2p->tiff_datasize != k) {
1871
TIFFError(TIFF2PDF_MODULE, "Integer overflow");
1872
t2p->t2p_error = T2P_ERR_ERROR;
1842
1879
uint32 count = 0;
1843
1880
if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0 ){
1845
t2p->tiff_datasize += count;
1846
t2p->tiff_datasize -= 2; /* don't use EOI of header */
1883
k -= 2; /* don't use EOI of header */
1849
t2p->tiff_datasize = 2; /* SOI for first strip */
1886
k = 2; /* SOI for first strip */
1851
1888
stripcount=TIFFNumberOfStrips(input);
1852
1889
if(!TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc)){
1859
1896
for(i=0;i<stripcount;i++){
1860
t2p->tiff_datasize += sbc[i];
1861
t2p->tiff_datasize -=4; /* don't use SOI or EOI of strip */
1863
t2p->tiff_datasize +=2; /* use EOI of last strip */
1897
k = checkAdd64(k, sbc[i], t2p);
1898
k -=4; /* don't use SOI or EOI of strip */
1900
k = checkAdd64(k, 2, t2p); /* use EOI of last strip */
1901
t2p->tiff_datasize = (tsize_t) k;
1902
if ((uint64) t2p->tiff_datasize != k) {
1903
TIFFError(TIFF2PDF_MODULE, "Integer overflow");
1904
t2p->t2p_error = T2P_ERR_ERROR;
1869
t2p->tiff_datasize=TIFFScanlineSize(input) * t2p->tiff_length;
1911
k = checkMultiply64(TIFFScanlineSize(input), t2p->tiff_length, t2p);
1870
1912
if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){
1871
t2p->tiff_datasize*= t2p->tiff_samplesperpixel;
1913
k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p);
1916
/* Assume we had overflow inside TIFFScanlineSize */
1917
t2p->t2p_error = T2P_ERR_ERROR;
1920
t2p->tiff_datasize = (tsize_t) k;
1921
if ((uint64) t2p->tiff_datasize != k) {
1922
TIFFError(TIFF2PDF_MODULE, "Integer overflow");
1923
t2p->t2p_error = T2P_ERR_ERROR;
1899
1952
t2p->tiff_datasize=TIFFTileSize(input);
1953
if (t2p->tiff_datasize == 0) {
1954
/* Assume we had overflow inside TIFFTileSize */
1955
t2p->t2p_error = T2P_ERR_ERROR;
1902
1959
TIFFGetField(input, TIFFTAG_TILEBYTECOUNTS, &tbc);
1903
t2p->tiff_datasize=(tmsize_t)tbc[tile];
1904
1961
#ifdef OJPEG_SUPPORT
1905
1962
if(t2p->tiff_compression==COMPRESSION_OJPEG){
1906
t2p->tiff_datasize+=2048;
1963
k = checkAdd64(k, 2048, t2p);
1910
1966
#ifdef JPEG_SUPPORT
1912
1968
uint32 count = 0;
1913
1969
if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt)!=0){
1915
t2p->tiff_datasize += count;
1916
t2p->tiff_datasize -= 2; /* don't use EOI of header or SOI of tile */
1971
k = checkAdd64(k, count, t2p);
1972
k -= 2; /* don't use EOI of header or SOI of tile */
1977
t2p->tiff_datasize = (tsize_t) k;
1978
if ((uint64) t2p->tiff_datasize != k) {
1979
TIFFError(TIFF2PDF_MODULE, "Integer overflow");
1980
t2p->t2p_error = T2P_ERR_ERROR;
1924
t2p->tiff_datasize=TIFFTileSize(input);
1985
k = TIFFTileSize(input);
1925
1986
if(t2p->tiff_planar==PLANARCONFIG_SEPARATE){
1926
t2p->tiff_datasize*= t2p->tiff_samplesperpixel;
1987
k = checkMultiply64(k, t2p->tiff_samplesperpixel, t2p);
1990
/* Assume we had overflow inside TIFFTileSize */
1991
t2p->t2p_error = T2P_ERR_ERROR;
1994
t2p->tiff_datasize = (tsize_t) k;
1995
if ((uint64) t2p->tiff_datasize != k) {
1996
TIFFError(TIFF2PDF_MODULE, "Integer overflow");
1997
t2p->t2p_error = T2P_ERR_ERROR;
2016
2087
uint32 max_striplength=0;
2090
/* Fail if prior error (in particular, can't trust tiff_datasize) */
2091
if (t2p->t2p_error != T2P_ERR_OK)
2019
2094
if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){
2020
2095
#ifdef CCITT_SUPPORT
2021
2096
if(t2p->pdf_compression == T2P_COMPRESS_G4){
2590
2665
uint32 xuint32=0;
2668
/* Fail if prior error (in particular, can't trust tiff_datasize) */
2669
if (t2p->t2p_error != T2P_ERR_OK)
2593
2672
edge |= t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile);
2594
2673
edge |= t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile);
3354
3433
uint32 edgetilewidth,
3355
3434
uint32 tilelength){
3358
3437
tsize_t edgescanwidth=0;
3360
3439
edgescanwidth = (scanwidth * edgetilewidth + (tilewidth - 1))/ tilewidth;
3361
for(i=i;i<tilelength;i++){
3440
for(i=0;i<tilelength;i++){
3363
3442
&(((char*)buffer)[edgescanwidth*i]),
3364
3443
&(((char*)buffer)[scanwidth*i]),