aboutsummaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorPřemysl Eric Janouch <p@janouch.name>2023-05-28 03:22:36 +0200
committerPřemysl Eric Janouch <p@janouch.name>2023-05-28 08:12:22 +0200
commit902eaf5a015145c56894f21315420de29f28337c (patch)
tree9b01a3f5e04080dd7c0b9690d260b46c3236a9ee /tools
parentdf7c7b9f6b12a80f3a1de01c35e77ef2f919d28e (diff)
downloadfiv-902eaf5a015145c56894f21315420de29f28337c.tar.gz
fiv-902eaf5a015145c56894f21315420de29f28337c.tar.xz
fiv-902eaf5a015145c56894f21315420de29f28337c.zip
Make TIFF parsing a bit safer
At least on 64-bit systems, 32-bit may still have holes.
Diffstat (limited to 'tools')
-rw-r--r--tools/info.h15
1 files changed, 9 insertions, 6 deletions
diff --git a/tools/info.h b/tools/info.h
index 8dcd3d2..b15b1d5 100644
--- a/tools/info.h
+++ b/tools/info.h
@@ -92,8 +92,8 @@ static jv parse_jpeg(jv o, const uint8_t *p, size_t len);
static jv parse_exif_ifd(struct tiffer *T, const struct tiff_entry *info);
static bool
-parse_exif_subifds_entry(struct tiffer *T, const struct tiffer_entry *entry,
- struct tiffer *subT)
+parse_exif_subifds_entry(const struct tiffer *T,
+ const struct tiffer_entry *entry, struct tiffer *subT)
{
int64_t offset = 0;
return tiffer_integer(T, entry, &offset) &&
@@ -101,7 +101,7 @@ parse_exif_subifds_entry(struct tiffer *T, const struct tiffer_entry *entry,
}
static jv
-parse_exif_subifds(struct tiffer *T, struct tiffer_entry *entry,
+parse_exif_subifds(const struct tiffer *T, struct tiffer_entry *entry,
struct tiff_entry *info)
{
struct tiffer subT = {};
@@ -173,7 +173,7 @@ parse_exif_extract_sole_array_element(jv a)
}
static jv
-parse_exif_entry(jv o, struct tiffer *T, struct tiffer_entry *entry,
+parse_exif_entry(jv o, const struct tiffer *T, struct tiffer_entry *entry,
const struct tiff_entry *info)
{
static struct tiff_entry empty[] = {{}};
@@ -679,7 +679,7 @@ static struct tiff_entry mpf_entries[] = {
};
static uint32_t
-parse_mpf_mpentry(jv *a, const uint8_t *p, struct tiffer *T)
+parse_mpf_mpentry(jv *a, const uint8_t *p, const struct tiffer *T)
{
uint32_t attrs = T->un->u32(p);
uint32_t offset = T->un->u32(p + 8);
@@ -725,7 +725,7 @@ parse_mpf_mpentry(jv *a, const uint8_t *p, struct tiffer *T)
}
static jv
-parse_mpf_index_entry(jv o, const uint8_t ***offsets, struct tiffer *T,
+parse_mpf_index_entry(jv o, const uint8_t ***offsets, const struct tiffer *T,
struct tiffer_entry *entry)
{
// 5.2.3.3. MP Entry
@@ -738,6 +738,9 @@ parse_mpf_index_entry(jv o, const uint8_t ***offsets, struct tiffer *T,
jv a = jv_array_sized(count);
const uint8_t **out = *offsets = calloc(sizeof *out, count + 1);
for (uint32_t i = 0; i < count; i++) {
+ // 5.2.3.3.3. Individual Image Data Offset
+ // XXX: We might want to warn about out-of-bounds pointers,
+ // however T->end is for the MPF segment and ends too early.
uint32_t offset = parse_mpf_mpentry(&a, entry->p + i * 16, T);
if (offset)
*out++ = T->begin + offset;