/* exif-mnote-data-canon.c
*
- * Copyright © 2002, 2003 Lutz Müller <lutz@users.sourceforge.net>
- * Copyright © 2003 Matthieu Castet <mat-c@users.sourceforge.net>
+ * Copyright (c) 2002, 2003 Lutz Mueller <lutz@users.sourceforge.net>
+ * Copyright (c) 2003 Matthieu Castet <mat-c@users.sourceforge.net>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
- * Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- * Boston, MA 02111-1307, USA.
+ * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA 02110-1301 USA.
*/
#include <config.h>
#include <libexif/exif-utils.h>
#include <libexif/exif-data.h>
-/* #define DEBUG */
+#define CHECKOVERFLOW(offset,datasize,structsize) (( offset >= datasize) || (structsize > datasize) || (offset > datasize - structsize ))
static void
-exif_mnote_data_canon_free (ExifMnoteData *n)
+exif_mnote_data_canon_clear (ExifMnoteDataCanon *n)
{
- ExifMnoteDataCanon *note = (ExifMnoteDataCanon *) n;
- unsigned int i;
+ ExifMnoteData *d = (ExifMnoteData *) n;
+ unsigned int i;
if (!n) return;
- if (note->entries) {
- for (i = 0; i < note->count; i++)
- if (note->entries[i].data) {
- free (note->entries[i].data);
- note->entries[i].data = NULL;
+ if (n->entries) {
+ for (i = 0; i < n->count; i++)
+ if (n->entries[i].data) {
+ exif_mem_free (d->mem, n->entries[i].data);
+ n->entries[i].data = NULL;
}
- free (note->entries);
- note->entries = NULL;
- note->count = 0;
- }
+ exif_mem_free (d->mem, n->entries);
+ n->entries = NULL;
+ n->count = 0;
+ }
+}
+
+static void
+exif_mnote_data_canon_free (ExifMnoteData *n)
+{
+ if (!n) return;
+
+ exif_mnote_data_canon_clear ((ExifMnoteDataCanon *) n);
+}
+
+static void
+exif_mnote_data_canon_get_tags (ExifMnoteDataCanon *dc, unsigned int n,
+ unsigned int *m, unsigned int *s)
+{
+ unsigned int from = 0, to;
+
+ if (!dc || !m) return;
+ for (*m = 0; *m < dc->count; (*m)++) {
+ to = from + mnote_canon_entry_count_values (&dc->entries[*m]);
+ if (to > n) {
+ if (s) *s = n - from;
+ break;
+ }
+ from = to;
+ }
}
static char *
-exif_mnote_data_canon_get_value (ExifMnoteData *note, unsigned int n)
+exif_mnote_data_canon_get_value (ExifMnoteData *note, unsigned int n, char *val, unsigned int maxlen)
{
- ExifMnoteDataCanon *cnote = (ExifMnoteDataCanon *) note;
+ ExifMnoteDataCanon *dc = (ExifMnoteDataCanon *) note;
+ unsigned int m, s;
- if (!note) return NULL;
- if (cnote->count >= n) return NULL;
- return mnote_canon_entry_get_value (&cnote->entries[n]);
+ if (!dc) return NULL;
+ exif_mnote_data_canon_get_tags (dc, n, &m, &s);
+ if (m >= dc->count) return NULL;
+ return mnote_canon_entry_get_value (&dc->entries[m], s, val, maxlen);
}
static void
-exif_mnote_data_canon_load_entry_with_exif (ExifMnoteDataCanon *note,
- MnoteCanonEntry *entry,
- const unsigned char *d,
- unsigned int size, unsigned int offset,
- const unsigned char *exifdata,
- unsigned int exifsize)
+exif_mnote_data_canon_set_byte_order (ExifMnoteData *d, ExifByteOrder o)
{
- unsigned int s, doff, sizetmp = size;
- const unsigned char *temp = d;
-
- entry->tag = exif_get_short (d + offset + 0, note->order);
- entry->format = exif_get_short (d + offset + 2, note->order);
- entry->components = exif_get_long (d + offset + 4, note->order);
-
- /*
- * Size? If bigger than 4 bytes, the actual data is not
- * in the entry but somewhere else (offset).
- */
- s = exif_format_get_size (entry->format) * entry->components;
- if (!s)
- return;
- if (s > 4)
- {
- doff = exif_get_long (d + offset + 8, note->order) + 0xC;
- sizetmp = exifsize;
- temp = exifdata;
+ ExifByteOrder o_orig;
+ ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) d;
+ unsigned int i;
+
+ if (!n) return;
+
+ o_orig = n->order;
+ n->order = o;
+ for (i = 0; i < n->count; i++) {
+ if (n->entries[i].components && (n->entries[i].size/n->entries[i].components < exif_format_get_size (n->entries[i].format)))
+ continue;
+ n->entries[i].order = o;
+ exif_array_set_byte_order (n->entries[i].format, n->entries[i].data,
+ n->entries[i].components, o_orig, o);
}
- else
- doff = offset + 8;
-
-#ifdef DEBUG
- printf ("Comp %x %d %d %x %x\n",doff, s, sizetmp,temp[doff],temp[doff+1]);
-#endif
- /* Sanity check */
- if (sizetmp < doff + s)
- return;
- entry->data = malloc (sizeof (char) * s);
- if (!entry->data)
- return;
- entry->size = s;
- memcpy (entry->data, temp + doff, s);
- entry->order = note->order;
}
static void
-exif_mnote_data_canon_load_entry (ExifMnoteDataCanon *note,
- MnoteCanonEntry *entry,
- const unsigned char *d,
- unsigned int size, unsigned int offset)
+exif_mnote_data_canon_set_offset (ExifMnoteData *n, unsigned int o)
{
- unsigned int s, doff;
-
- entry->tag = exif_get_short (d + offset + 0, note->order);
- entry->format = exif_get_short (d + offset + 2, note->order);
- entry->components = exif_get_long (d + offset + 4, note->order);
-
- /*
- * Size? If bigger than 4 bytes, the actual data is not
- * in the entry but somewhere else (offset).
- */
- s = exif_format_get_size (entry->format) * entry->components;
- if (!s)
- return;
- if (s > 4)
- /* FIXME works on g3, but other should send exif data... */
- doff = exif_get_long (d + offset + 8, note->order)-0x3B0 ;
- else
- doff = offset + 8;
-
-#ifdef DEBUG
- printf ("Comp %x %d %d %x %x\n",doff, s,size,d[doff],d[doff+1]);
-#endif
- /* Sanity check */
- if (size < doff + s)
- return;
- entry->data = malloc (sizeof (char) * s);
- if (!entry->data)
- return;
- entry->size = s;
- memcpy (entry->data, d + doff, s);
+ if (n) ((ExifMnoteDataCanon *) n)->offset = o;
+}
+static void
+exif_mnote_data_canon_save (ExifMnoteData *ne,
+ unsigned char **buf, unsigned int *buf_size)
+{
+ ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne;
+ size_t i, o, s, doff;
+ unsigned char *t;
+ size_t ts;
+
+ if (!n || !buf || !buf_size) return;
+
+ /*
+ * Allocate enough memory for all entries and the number
+ * of entries.
+ */
+ *buf_size = 2 + n->count * 12 + 4;
+ *buf = exif_mem_alloc (ne->mem, sizeof (char) * *buf_size);
+ if (!*buf) {
+ EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", *buf_size);
+ return;
+ }
+
+ /* Save the number of entries */
+ exif_set_short (*buf, n->order, (ExifShort) n->count);
+
+ /* Save each entry */
+ for (i = 0; i < n->count; i++) {
+ o = 2 + i * 12;
+ exif_set_short (*buf + o + 0, n->order, (ExifShort) n->entries[i].tag);
+ exif_set_short (*buf + o + 2, n->order, (ExifShort) n->entries[i].format);
+ exif_set_long (*buf + o + 4, n->order,
+ n->entries[i].components);
+ o += 8;
+ s = exif_format_get_size (n->entries[i].format) *
+ n->entries[i].components;
+ if (s > 65536) {
+ /* Corrupt data: EXIF data size is limited to the
+ * maximum size of a JPEG segment (64 kb).
+ */
+ continue;
+ }
+ if (s > 4) {
+ ts = *buf_size + s;
+
+ /* Ensure even offsets. Set padding bytes to 0. */
+ if (s & 1) ts += 1;
+ t = exif_mem_realloc (ne->mem, *buf,
+ sizeof (char) * ts);
+ if (!t) {
+ EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", ts);
+ return;
+ }
+ *buf = t;
+ *buf_size = ts;
+ doff = *buf_size - s;
+ if (s & 1) { doff--; *(*buf + *buf_size - 1) = '\0'; }
+ exif_set_long (*buf + o, n->order, n->offset + doff);
+ } else
+ doff = o;
+
+ /*
+ * Write the data. Fill unneeded bytes with 0. Do not
+ * crash if data is NULL.
+ */
+ if (!n->entries[i].data) memset (*buf + doff, 0, s);
+ else memcpy (*buf + doff, n->entries[i].data, s);
+ if (s < 4) memset (*buf + doff + s, 0, (4 - s));
+ }
}
+/* XXX
+ * FIXME: exif_mnote_data_canon_load() may fail and there is no
+ * semantics to express that.
+ * See bug #1054323 for details, especially the comment by liblit
+ * after it has supposedly been fixed:
+ *
+ * https://sourceforge.net/tracker/?func=detail&aid=1054323&group_id=12272&atid=112272
+ * Unfortunately, the "return" statements aren't commented at
+ * all, so it isn't trivial to find out what is a normal
+ * return, and what is a reaction to an error condition.
+ */
+
static void
exif_mnote_data_canon_load (ExifMnoteData *ne,
const unsigned char *buf, unsigned int buf_size)
{
- ExifMnoteDataCanon *data = (ExifMnoteDataCanon *) ne;
-
- const unsigned char *d = buf;
- ExifData *ed = NULL;
- ExifEntry *e = NULL;
- ExifShort n;
- unsigned int i;
- unsigned int size = buf_size;
- MnoteCanonTag tag;
+ ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne;
+ ExifShort c;
+ size_t i, tcount, o, datao;
- if (!data)
+ if (!n || !buf || !buf_size) {
+ exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ "ExifMnoteCanon", "Short MakerNote");
return;
- if (!buf || !buf_size)
+ }
+ datao = 6 + n->offset;
+ if (CHECKOVERFLOW(datao, buf_size, 2)) {
+ exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ "ExifMnoteCanon", "Short MakerNote");
return;
-
- /* If we got EXIF data, go to the MakerNote tag. */
- ed = exif_data_new_from_data (buf, size);
- if (ed) {
- e = exif_content_get_entry (ed->ifd[EXIF_IFD_EXIF],
- EXIF_TAG_MAKER_NOTE);
- if (e)
- {
- d = e->data;
- size = e->size;
-#ifdef DEBUG
- printf ("Exif data\n");
-#endif
- }
}
-#ifdef DEBUG
- printf ("Parsing %i byte(s) Mnote data...\n", size);
-#endif
-#ifdef DEBUG
- int j;
- for (j=0;j<size;j++)
- {
- if (!(j%16)) printf("\n");
- printf("%02X ",d[j]);}
-
- printf("\n%d\n",size);
- printf("%d\n",data->order);
-#endif
-
- /* Read the number of entries */
- n = exif_get_short (d ,data->order);
-#ifdef DEBUG
- printf ("Loading %i entries...\n", n);
-#endif
- d+=2;
- size-=2;
-
- if ( 12 * n > size )
- return;
+ /* Read the number of tags */
+ c = exif_get_short (buf + datao, n->order);
+ datao += 2;
+
+ /* Remove any old entries */
+ exif_mnote_data_canon_clear (n);
- for (i = 0; i < n; i++) {
-
- tag = exif_get_short (d + 12 * i, data->order);
-#ifdef DEBUG
- printf ("Loading entry '%s' (%i of %i)...\n",
- exif_mnote_data_canon_tag_get_name (tag), i + 1, n);
-#endif
- data->count++;
- data->entries = realloc (data->entries,
- sizeof (MnoteCanonEntry) * data->count);
- if (e) /* we have exif data */
- exif_mnote_data_canon_load_entry_with_exif (data,
- &data->entries[data->count - 1],
- d, size, 12 * i, buf, buf_size);
- else
- exif_mnote_data_canon_load_entry (data,
- &data->entries[data->count - 1],
- d, size, 12 * i);
+ /* Reserve enough space for all the possible MakerNote tags */
+ n->entries = exif_mem_alloc (ne->mem, sizeof (MnoteCanonEntry) * c);
+ if (!n->entries) {
+ EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", sizeof (MnoteCanonEntry) * c);
+ return;
}
- exif_data_unref (ed);
+ /* Parse the entries */
+ tcount = 0;
+ for (i = c, o = datao; i; --i, o += 12) {
+ size_t s;
+
+ memset(&n->entries[tcount], 0, sizeof(MnoteCanonEntry));
+ if (CHECKOVERFLOW(o,buf_size,12)) {
+ exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ "ExifMnoteCanon", "Short MakerNote");
+ break;
+ }
+
+ n->entries[tcount].tag = exif_get_short (buf + o, n->order);
+ n->entries[tcount].format = exif_get_short (buf + o + 2, n->order);
+ n->entries[tcount].components = exif_get_long (buf + o + 4, n->order);
+ n->entries[tcount].order = n->order;
+
+ exif_log (ne->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteCanon",
+ "Loading entry 0x%x ('%s')...", n->entries[tcount].tag,
+ mnote_canon_tag_get_name (n->entries[tcount].tag));
+
+ /* Check if we overflow the multiplication. Use buf_size as the max size for integer overflow detection,
+ * we will check the buffer sizes closer later. */
+ if ( exif_format_get_size (n->entries[tcount].format) &&
+ buf_size / exif_format_get_size (n->entries[tcount].format) < n->entries[tcount].components
+ ) {
+ exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ "ExifMnoteCanon", "Tag size overflow detected (%u * %lu)", exif_format_get_size (n->entries[tcount].format), n->entries[tcount].components);
+ continue;
+ }
+
+ /*
+ * Size? If bigger than 4 bytes, the actual data is not
+ * in the entry but somewhere else (offset).
+ */
+ s = exif_format_get_size (n->entries[tcount].format) *
+ n->entries[tcount].components;
+ n->entries[tcount].size = s;
+ if (!s) {
+ exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
+ "ExifMnoteCanon",
+ "Invalid zero-length tag size");
+ continue;
+
+ } else {
+ size_t dataofs = o + 8;
+ if (s > 4) dataofs = exif_get_long (buf + dataofs, n->order) + 6;
+
+ if (CHECKOVERFLOW(dataofs, buf_size, s)) {
+ exif_log (ne->log, EXIF_LOG_CODE_DEBUG,
+ "ExifMnoteCanon",
+ "Tag data past end of buffer (%u > %u)",
+ (unsigned)(dataofs + s), buf_size);
+ continue;
+ }
+
+ n->entries[tcount].data = exif_mem_alloc (ne->mem, s);
+ if (!n->entries[tcount].data) {
+ EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", s);
+ continue;
+ }
+ memcpy (n->entries[tcount].data, buf + dataofs, s);
+ }
+
+ /* Tag was successfully parsed */
+ ++tcount;
+ }
+ /* Store the count of successfully parsed tags */
+ n->count = tcount;
}
static unsigned int
exif_mnote_data_canon_count (ExifMnoteData *n)
{
- return n ? ((ExifMnoteDataCanon *) n)->count : 0;
+ ExifMnoteDataCanon *dc = (ExifMnoteDataCanon *) n;
+ unsigned int i, c;
+
+ for (i = c = 0; dc && (i < dc->count); i++)
+ c += mnote_canon_entry_count_values (&dc->entries[i]);
+ return c;
+}
+
+static unsigned int
+exif_mnote_data_canon_get_id (ExifMnoteData *d, unsigned int i)
+{
+ ExifMnoteDataCanon *dc = (ExifMnoteDataCanon *) d;
+ unsigned int m;
+
+ if (!dc) return 0;
+ exif_mnote_data_canon_get_tags (dc, i, &m, NULL);
+ if (m >= dc->count) return 0;
+ return dc->entries[m].tag;
}
static const char *
exif_mnote_data_canon_get_name (ExifMnoteData *note, unsigned int i)
{
- ExifMnoteDataCanon *cnote = (ExifMnoteDataCanon *) note;
+ ExifMnoteDataCanon *dc = (ExifMnoteDataCanon *) note;
+ unsigned int m, s;
- if (!note) return NULL;
- if (i >= cnote->count) return NULL;
- return mnote_canon_tag_get_name (cnote->entries[i].tag);
+ if (!dc) return NULL;
+ exif_mnote_data_canon_get_tags (dc, i, &m, &s);
+ if (m >= dc->count) return NULL;
+ return mnote_canon_tag_get_name_sub (dc->entries[m].tag, s, dc->options);
}
static const char *
exif_mnote_data_canon_get_title (ExifMnoteData *note, unsigned int i)
{
- ExifMnoteDataCanon *cnote = (ExifMnoteDataCanon *) note;
+ ExifMnoteDataCanon *dc = (ExifMnoteDataCanon *) note;
+ unsigned int m, s;
- if (!note) return NULL;
- if (i >= cnote->count) return NULL;
- return mnote_canon_tag_get_title (cnote->entries[i].tag);
+ if (!dc) return NULL;
+ exif_mnote_data_canon_get_tags (dc, i, &m, &s);
+ if (m >= dc->count) return NULL;
+ return mnote_canon_tag_get_title_sub (dc->entries[m].tag, s, dc->options);
}
static const char *
exif_mnote_data_canon_get_description (ExifMnoteData *note, unsigned int i)
{
- ExifMnoteDataCanon *cnote = (ExifMnoteDataCanon *) note;
- if (!note) return NULL;
- if (i >= cnote->count) return NULL;
- return mnote_canon_tag_get_description (cnote->entries[i].tag);
+ ExifMnoteDataCanon *dc = (ExifMnoteDataCanon *) note;
+ unsigned int m;
+
+ if (!dc) return NULL;
+ exif_mnote_data_canon_get_tags (dc, i, &m, NULL);
+ if (m >= dc->count) return NULL;
+ return mnote_canon_tag_get_description (dc->entries[m].tag);
+}
+
+int
+exif_mnote_data_canon_identify (const ExifData *ed, const ExifEntry *e)
+{
+ char value[8];
+
+ (void) e; /* unused */
+ ExifEntry *em = exif_data_get_entry (ed, EXIF_TAG_MAKE);
+ if (!em)
+ return 0;
+ return !strcmp (exif_entry_get_value (em, value, sizeof (value)), "Canon");
}
ExifMnoteData *
-exif_mnote_data_canon_new (ExifByteOrder order)
+exif_mnote_data_canon_new (ExifMem *mem, ExifDataOption o)
{
ExifMnoteData *d;
+ ExifMnoteDataCanon *dc;
- d = malloc (sizeof (ExifMnoteDataCanon));
- if (!d) return NULL;
+ if (!mem) return NULL;
- ((ExifMnoteDataCanon *) d)->order = order;
+ d = exif_mem_alloc (mem, sizeof (ExifMnoteDataCanon));
+ if (!d)
+ return NULL;
- exif_mnote_data_construct (d);
+ exif_mnote_data_construct (d, mem);
/* Set up function pointers */
d->methods.free = exif_mnote_data_canon_free;
+ d->methods.set_byte_order = exif_mnote_data_canon_set_byte_order;
+ d->methods.set_offset = exif_mnote_data_canon_set_offset;
d->methods.load = exif_mnote_data_canon_load;
+ d->methods.save = exif_mnote_data_canon_save;
d->methods.count = exif_mnote_data_canon_count;
+ d->methods.get_id = exif_mnote_data_canon_get_id;
d->methods.get_name = exif_mnote_data_canon_get_name;
d->methods.get_title = exif_mnote_data_canon_get_title;
d->methods.get_description = exif_mnote_data_canon_get_description;
d->methods.get_value = exif_mnote_data_canon_get_value;
+ dc = (ExifMnoteDataCanon*)d;
+ dc->options = o;
return d;
}