void
exif_loader_write_file (ExifLoader *l, const char *path)
{
FILE *f;
int size;
unsigned char data[1024];
if (!l)
return;
f = fopen (path, "rb");
if (!f) {
exif_log (l->log, EXIF_LOG_CODE_NONE, "ExifLoader",
_("The file '%s' could not be opened."), path);
return;
}
while (1) {
size = fread (data, 1, sizeof (data), f);
if (size <= 0)
break;
if (!exif_loader_write (l, data, size))
break;
}
fclose (f);
}
void
jpeg_data_load_file (JPEGData *data, const char *path)
{
FILE *f;
unsigned char *d;
//For Fix Prevent Issue CID :13211
int size;
if (!data) return;
if (!path) return;
f = fopen (path, "rb");
if (!f) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "jpeg-data",
_("Path '%s' invalid."), path);
return;
}
/* For now, we read the data into memory. Patches welcome... */
fseek (f, 0, SEEK_END);
size = ftell (f);
if(size <0){
fclose (f);
return;
}
fseek (f, 0, SEEK_SET);
d = malloc (size);
if (!d) {
EXIF_LOG_NO_MEMORY (data->priv->log, "jpeg-data", size);
fclose (f);
return;
}
if (fread (d, 1, size, f) != size) {
free (d);
fclose (f);
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "jpeg-data",
_("Could not read '%s'."), path);
return;
}
fclose (f);
jpeg_data_load_data (data, d, size);
free (d);
}
void
exif_content_fix (ExifContent *c)
{
ExifIfd ifd = exif_content_get_ifd (c);
ExifDataType dt;
ExifTag t;
ExifEntry *e;
if (!c) return;
dt = exif_data_get_data_type (c->parent);
/* First of all, fix all existing entries. */
exif_content_foreach_entry (c, fix_func, NULL);
/*
* Then check for existing tags that are not allowed and for
* non-existing mandatory tags.
*/
for (t = 0; t <= 0xffff; t++) {
switch (exif_tag_get_support_level_in_ifd (t, ifd, dt)) {
case EXIF_SUPPORT_LEVEL_MANDATORY:
if (exif_content_get_entry (c, t)) break;
exif_log (c->priv->log, EXIF_LOG_CODE_DEBUG, "exif-content",
"Tag '%s' is mandatory in IFD '%s' and has therefore been added.",
exif_tag_get_name_in_ifd (t, ifd), exif_ifd_get_name (ifd));
e = exif_entry_new ();
exif_content_add_entry (c, e);
exif_entry_initialize (e, t);
exif_entry_unref (e);
break;
case EXIF_SUPPORT_LEVEL_NOT_RECORDED:
e = exif_content_get_entry (c, t);
if (!e) break;
exif_log (c->priv->log, EXIF_LOG_CODE_DEBUG, "exif-content",
"Tag '%s' is not recoreded in IFD '%s' and has therefore been "
"removed.", exif_tag_get_name_in_ifd (t, ifd),
exif_ifd_get_name (ifd));
exif_content_remove_entry (c, e);
break;
case EXIF_SUPPORT_LEVEL_OPTIONAL:
default:
break;
}
}
}
void
exif_data_save_data (ExifData *data, unsigned char **d, unsigned int *ds)
{
if (ds)
*ds = 0; /* This means something went wrong */
if (!data || !d || !ds)
return;
/* Header */
*ds = 14;
*d = exif_data_alloc (data, *ds);
if (!*d) {
*ds = 0;
return;
}
memcpy (*d, ExifHeader, 6);
/* Order (offset 6) */
if (data->priv->order == EXIF_BYTE_ORDER_INTEL) {
memcpy (*d + 6, "II", 2);
} else {
memcpy (*d + 6, "MM", 2);
}
/* Fixed value (2 bytes, offset 8) */
exif_set_short (*d + 8, data->priv->order, 0x002a);
/*
* IFD 0 offset (4 bytes, offset 10).
* We will start 8 bytes after the
* EXIF header (2 bytes for order, another 2 for the test, and
* 4 bytes for the IFD 0 offset make 8 bytes together).
*/
exif_set_long (*d + 10, data->priv->order, 8);
/* Now save IFD 0. IFD 1 will be saved automatically. */
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Saving IFDs...");
exif_data_save_data_content (data, data->ifd[EXIF_IFD_0], d, ds,
*ds - 6);
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Saved %i byte(s) EXIF data.", *ds);
}
/*! If MakerNote is recognized, load it.
*
* \param[in,out] data #ExifData
* \param[in] d pointer to raw EXIF data
* \param[in] ds length of data at d
*/
static void
interpret_maker_note(ExifData *data, const unsigned char *d, unsigned int ds)
{
int mnoteid;
ExifEntry* e = exif_data_get_entry (data, EXIF_TAG_MAKER_NOTE);
if (!e)
return;
if ((mnoteid = exif_mnote_data_olympus_identify (data, e)) != 0) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG,
"ExifData", "Olympus MakerNote variant type %d", mnoteid);
data->priv->md = exif_mnote_data_olympus_new (data->priv->mem);
} else if ((mnoteid = exif_mnote_data_canon_identify (data, e)) != 0) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG,
"ExifData", "Canon MakerNote variant type %d", mnoteid);
data->priv->md = exif_mnote_data_canon_new (data->priv->mem, data->priv->options);
} else if ((mnoteid = exif_mnote_data_fuji_identify (data, e)) != 0) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG,
"ExifData", "Fuji MakerNote variant type %d", mnoteid);
data->priv->md = exif_mnote_data_fuji_new (data->priv->mem);
/* NOTE: Must do Pentax detection last because some of the
* heuristics are pretty general. */
} else if ((mnoteid = exif_mnote_data_pentax_identify (data, e)) != 0) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG,
"ExifData", "Pentax MakerNote variant type %d", mnoteid);
data->priv->md = exif_mnote_data_pentax_new (data->priv->mem);
}
/*
* If we are able to interpret the maker note, do so.
*/
if (data->priv->md) {
exif_mnote_data_log (data->priv->md, data->priv->log);
exif_mnote_data_set_byte_order (data->priv->md,
data->priv->order);
exif_mnote_data_set_offset (data->priv->md,
data->priv->offset_mnote);
exif_mnote_data_load (data->priv->md, d, ds);
}
}
static char *
exif_mnote_data_olympus_get_value (ExifMnoteData *d, unsigned int i, char *val, unsigned int maxlen)
{
ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) d;
if (!d || !val) return NULL;
if (i > n->count -1) return NULL;
exif_log (d->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Querying value for tag '%s'...",
mnote_olympus_tag_get_name (n->entries[i].tag));
return mnote_olympus_entry_get_value (&n->entries[i], val, maxlen);
}
void
exif_content_fix (ExifContent *c)
{
ExifIfd ifd = exif_content_get_ifd (c);
ExifDataType dt;
ExifEntry *e;
unsigned int i, num;
if (!c)
return;
dt = exif_data_get_data_type (c->parent);
/*
* First of all, fix all existing entries.
*/
exif_content_foreach_entry (c, fix_func, NULL);
/*
* Go through each tag and if it's not recorded, remove it. If one
* is removed, exif_content_foreach_entry() will skip the next entry,
* so if this happens do the loop again from the beginning to ensure
* they're all checked. This could be avoided if we stop relying on
* exif_content_foreach_entry but loop intelligently here.
*/
do {
num = c->count;
exif_content_foreach_entry (c, remove_not_recorded, NULL);
} while (num != c->count);
/*
* Then check for non-existing mandatory tags and create them if needed
*/
num = exif_tag_table_count();
for (i = 0; i < num; ++i) {
const ExifTag t = exif_tag_table_get_tag (i);
if (exif_tag_get_support_level_in_ifd (t, ifd, dt) ==
EXIF_SUPPORT_LEVEL_MANDATORY) {
if (exif_content_get_entry (c, t))
/* This tag already exists */
continue;
exif_log (c->priv->log, EXIF_LOG_CODE_DEBUG, "exif-content",
"Tag '%s' is mandatory in IFD '%s' and has therefore been added.",
exif_tag_get_name_in_ifd (t, ifd), exif_ifd_get_name (ifd));
e = exif_entry_new ();
exif_content_add_entry (c, e);
exif_entry_initialize (e, t);
exif_entry_unref (e);
}
}
}
static void
remove_not_recorded (ExifEntry *e, void *UNUSED(data))
{
ExifIfd ifd = exif_entry_get_ifd(e) ;
ExifContent *c = e->parent;
ExifDataType dt = exif_data_get_data_type (c->parent);
ExifTag t = e->tag;
if (exif_tag_get_support_level_in_ifd (t, ifd, dt) ==
EXIF_SUPPORT_LEVEL_NOT_RECORDED) {
exif_log (c->priv->log, EXIF_LOG_CODE_DEBUG, "exif-content",
"Tag 0x%04x is not recorded in IFD '%s' and has therefore been "
"removed.", t, exif_ifd_get_name (ifd));
exif_content_remove_entry (c, e);
}
}
static void
exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
unsigned int ds, ExifLong offset, ExifLong size)
{
if ((ds < offset + size) || (offset > ds)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Bogus thumbnail offset (%u) or size (%u).",
offset, size);
return;
}
if (data->data)
exif_mem_free (data->priv->mem, data->data);
data->size = size;
data->data = exif_data_alloc (data, data->size);
if (!data->data)
return;
memcpy (data->data, d + offset, data->size);
}
void
exif_loader_get_buf (ExifLoader *loader, const unsigned char **buf,
unsigned int *buf_size)
{
const unsigned char* b = NULL;
unsigned int s = 0;
if (!loader || (loader->data_format == EL_DATA_FORMAT_UNKNOWN)) {
exif_log (loader->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
"Loader format unknown");
} else {
b = loader->buf;
s = loader->bytes_read;
}
if (buf)
*buf = b;
if (buf_size)
*buf_size = s;
}
static void
exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
unsigned int ds, ExifLong o, ExifLong s)
{
/* Sanity checks */
if ((o + s < o) || (o + s < s) || (o + s > ds) || (o > ds)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Bogus thumbnail offset (%u) or size (%u).",
o, s);
return;
}
if (data->data)
exif_mem_free (data->priv->mem, data->data);
if (!(data->data = exif_data_alloc (data, s))) {
EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData", s);
data->size = 0;
return;
}
data->size = s;
memcpy (data->data, d + o, s);
}
void
exif_content_fix (ExifContent *c)
{
ExifIfd ifd = exif_content_get_ifd (c);
ExifDataType dt;
ExifEntry *e;
unsigned int i, num;
if (!c)
return;
dt = exif_data_get_data_type (c->parent);
exif_content_foreach_entry (c, fix_func, NULL);
do {
num = c->count;
exif_content_foreach_entry (c, remove_not_recorded, NULL);
} while (num != c->count);
num = exif_tag_table_count();
for (i = 0; i < num; ++i) {
const ExifTag t = exif_tag_table_get_tag (i);
if (exif_tag_get_support_level_in_ifd (t, ifd, dt) ==
EXIF_SUPPORT_LEVEL_MANDATORY) {
if (exif_content_get_entry (c, t))
continue;
exif_log (c->priv->log, EXIF_LOG_CODE_DEBUG, "exif-content",
"Tag '%s' is mandatory in IFD '%s' and has therefore been added.",
exif_tag_get_name_in_ifd (t, ifd), exif_ifd_get_name (ifd));
e = exif_entry_new ();
exif_content_add_entry (c, e);
exif_entry_initialize (e, t);
exif_entry_unref (e);
}
}
}
void
exif_content_add_entry (ExifContent *c, ExifEntry *entry)
{
ExifEntry **entries;
if (!c || !c->priv || !entry || entry->parent) return;
if (exif_content_get_entry (c, entry->tag)) {
exif_log (c->priv->log, EXIF_LOG_CODE_DEBUG, "ExifContent",
"An attempt has been made to add "
"the tag '%s' twice to an IFD. This is against "
"specification.", exif_tag_get_name (entry->tag));
return;
}
entries = exif_mem_realloc (c->priv->mem,
c->entries, sizeof (ExifEntry*) * (c->count + 1));
if (!entries) return;
entry->parent = c;
entries[c->count++] = entry;
c->entries = entries;
exif_entry_ref (entry);
}
void
jpeg_data_load_data (JPEGData *data, const unsigned char *d,
unsigned int size)
{
unsigned int i, o, len;
JPEGSection *s;
JPEGMarker marker;
if (!data) return;
if (!d) return;
for (o = 0; o < size;) {
/*
* JPEG sections start with 0xff. The first byte that is
* not 0xff is a marker (hopefully).
*/
for (i = 0; i < MIN(7, size - o); i++)
if (d[o + i] != 0xff)
break;
if ((i >= size - o) || !JPEG_IS_MARKER (d[o + i])) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "jpeg-data",
_("Data does not follow JPEG specification."));
return;
}
marker = d[o + i];
/* Append this section */
jpeg_data_append_section (data);
if (!data->count) return;
s = &data->sections[data->count - 1];
s->marker = marker;
o += i + 1;
switch (s->marker) {
case JPEG_MARKER_SOI:
case JPEG_MARKER_EOI:
break;
default:
/* Read the length of the section */
if (2 > size - o) { o = size; break; }
len = ((d[o] << 8) | d[o + 1]) - 2;
if (len > size) { o = size; break; }
o += 2;
if (len > size - o) { o = size; break; }
switch (s->marker) {
case JPEG_MARKER_APP1:
/* Changed to add the EXIF_LOG feature.
2012.04.05 - Samsung Electronics */
/*s->content.app1 = exif_data_new_from_data (
d + o - 4, len + 4); */
s->content.app1 = exif_data_new();
exif_data_log(s->content.app1, data->priv->log);
exif_data_load_data (s->content.app1, d + o - 4, len + 4);
break;
default:
s->content.generic.data =
malloc (sizeof (char) * len);
if (!s->content.generic.data) {
EXIF_LOG_NO_MEMORY (data->priv->log, "jpeg-data", sizeof (char) * len);
return;
}
s->content.generic.size = len;
memcpy (s->content.generic.data, &d[o], len);
/* In case of SOS, image data will follow. */
if (s->marker == JPEG_MARKER_SOS) {
data->size = size - o - len;
if (data->size >= 2) {
/* -2 means 'take all but the last 2 bytes which are
hoped to be JPEG_MARKER_EOI */
data->size -= 2;
if (d[o + len + data->size] != 0xFF) {
/* A truncated file (i.e. w/o JPEG_MARKER_EOI at the end).
Instead of trying to use the last two bytes as marker,
touching memory beyond allocated memory and posssibly saving
back screwed file, we rather take the rest of the file. */
data->size += 2;
}
}
data->data = malloc (
sizeof (char) * data->size);
if (!data->data) {
EXIF_LOG_NO_MEMORY (data->priv->log, "jpeg-data", sizeof (char) * data->size);
data->size = 0;
return;
}
memcpy (data->data, d + o + len,
data->size);
o += data->size;
}
break;
}
o += len;
break;
}
}
}
static void
exif_data_save_data_content (ExifData *data, ExifContent *ifd,
unsigned char **d, unsigned int *ds,
unsigned int offset)
{
unsigned int j, n_ptr = 0, n_thumb = 0;
ExifIfd i;
unsigned char *t;
unsigned int ts;
if (!data || !data->priv || !ifd || !d || !ds)
return;
for (i = 0; i < EXIF_IFD_COUNT; i++)
if (ifd == data->ifd[i])
break;
if (i == EXIF_IFD_COUNT)
return; /* error */
/*
* Check if we need some extra entries for pointers or the thumbnail.
*/
switch (i) {
case EXIF_IFD_0:
/*
* The pointer to IFD_EXIF is in IFD_0. The pointer to
* IFD_INTEROPERABILITY is in IFD_EXIF.
*/
if (data->ifd[EXIF_IFD_EXIF]->count ||
data->ifd[EXIF_IFD_INTEROPERABILITY]->count)
n_ptr++;
/* The pointer to IFD_GPS is in IFD_0. */
if (data->ifd[EXIF_IFD_GPS]->count)
n_ptr++;
break;
case EXIF_IFD_1:
if (data->size)
n_thumb = 2;
break;
case EXIF_IFD_EXIF:
if (data->ifd[EXIF_IFD_INTEROPERABILITY]->count)
n_ptr++;
default:
break;
}
/*
* Allocate enough memory for all entries
* and the number of entries.
*/
ts = *ds + (2 + (ifd->count + n_ptr + n_thumb) * 12 + 4);
t = exif_mem_realloc (data->priv->mem, *d, ts);
if (!t) {
EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData", ts);
return;
}
*d = t;
*ds = ts;
/* Save the number of entries */
exif_set_short (*d + 6 + offset, data->priv->order,
(ExifShort) (ifd->count + n_ptr + n_thumb));
offset += 2;
/*
* Save each entry. Make sure that no memcpys from NULL pointers are
* performed
*/
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Saving %i entries (IFD '%s', offset: %i)...",
ifd->count, exif_ifd_get_name (i), offset);
for (j = 0; j < ifd->count; j++) {
if (ifd->entries[j]) {
exif_data_save_data_entry (data, ifd->entries[j], d, ds,
offset + 12 * j);
}
}
offset += 12 * ifd->count;
/* Now save special entries. */
switch (i) {
case EXIF_IFD_0:
/*
* The pointer to IFD_EXIF is in IFD_0.
* However, the pointer to IFD_INTEROPERABILITY is in IFD_EXIF,
* therefore, if IFD_INTEROPERABILITY is not empty, we need
* IFD_EXIF even if latter is empty.
*/
if (data->ifd[EXIF_IFD_EXIF]->count ||
data->ifd[EXIF_IFD_INTEROPERABILITY]->count) {
exif_set_short (*d + 6 + offset + 0, data->priv->order,
EXIF_TAG_EXIF_IFD_POINTER);
exif_set_short (*d + 6 + offset + 2, data->priv->order,
EXIF_FORMAT_LONG);
exif_set_long (*d + 6 + offset + 4, data->priv->order,
1);
exif_set_long (*d + 6 + offset + 8, data->priv->order,
*ds - 6);
exif_data_save_data_content (data,
data->ifd[EXIF_IFD_EXIF], d, ds, *ds - 6);
offset += 12;
}
/* The pointer to IFD_GPS is in IFD_0, too. */
if (data->ifd[EXIF_IFD_GPS]->count) {
exif_set_short (*d + 6 + offset + 0, data->priv->order,
EXIF_TAG_GPS_INFO_IFD_POINTER);
exif_set_short (*d + 6 + offset + 2, data->priv->order,
EXIF_FORMAT_LONG);
exif_set_long (*d + 6 + offset + 4, data->priv->order,
1);
exif_set_long (*d + 6 + offset + 8, data->priv->order,
*ds - 6);
exif_data_save_data_content (data,
data->ifd[EXIF_IFD_GPS], d, ds, *ds - 6);
offset += 12;
}
break;
case EXIF_IFD_EXIF:
/*
* The pointer to IFD_INTEROPERABILITY is in IFD_EXIF.
* See note above.
*/
if (data->ifd[EXIF_IFD_INTEROPERABILITY]->count) {
exif_set_short (*d + 6 + offset + 0, data->priv->order,
EXIF_TAG_INTEROPERABILITY_IFD_POINTER);
exif_set_short (*d + 6 + offset + 2, data->priv->order,
EXIF_FORMAT_LONG);
exif_set_long (*d + 6 + offset + 4, data->priv->order,
1);
exif_set_long (*d + 6 + offset + 8, data->priv->order,
*ds - 6);
exif_data_save_data_content (data,
data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds,
*ds - 6);
offset += 12;
}
break;
case EXIF_IFD_1:
/*
* Information about the thumbnail (if any) is saved in
* IFD_1.
*/
if (data->size) {
/* EXIF_TAG_JPEG_INTERCHANGE_FORMAT */
exif_set_short (*d + 6 + offset + 0, data->priv->order,
EXIF_TAG_JPEG_INTERCHANGE_FORMAT);
exif_set_short (*d + 6 + offset + 2, data->priv->order,
EXIF_FORMAT_LONG);
exif_set_long (*d + 6 + offset + 4, data->priv->order,
1);
exif_set_long (*d + 6 + offset + 8, data->priv->order,
*ds - 6);
ts = *ds + data->size;
t = exif_mem_realloc (data->priv->mem, *d, ts);
if (!t) {
EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData",
ts);
return;
}
*d = t;
*ds = ts;
memcpy (*d + *ds - data->size, data->data, data->size);
offset += 12;
/* EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH */
exif_set_short (*d + 6 + offset + 0, data->priv->order,
EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH);
exif_set_short (*d + 6 + offset + 2, data->priv->order,
EXIF_FORMAT_LONG);
exif_set_long (*d + 6 + offset + 4, data->priv->order,
1);
exif_set_long (*d + 6 + offset + 8, data->priv->order,
data->size);
offset += 12;
}
break;
default:
break;
}
/* Sort the directory according to TIFF specification */
qsort (*d + 6 + offset - (ifd->count + n_ptr + n_thumb) * 12,
(ifd->count + n_ptr + n_thumb), 12,
(data->priv->order == EXIF_BYTE_ORDER_INTEL) ? cmp_func_intel : cmp_func_motorola);
/* Correctly terminate the directory */
if (i == EXIF_IFD_0 && (data->ifd[EXIF_IFD_1]->count ||
data->size)) {
/*
* We are saving IFD 0. Tell where IFD 1 starts and save
* IFD 1.
*/
exif_set_long (*d + 6 + offset, data->priv->order, *ds - 6);
exif_data_save_data_content (data, data->ifd[EXIF_IFD_1], d, ds,
*ds - 6);
} else
exif_set_long (*d + 6 + offset, data->priv->order, 0);
}
static int
exif_data_load_data_entry (ExifData *data, ExifEntry *entry,
const unsigned char *d,
unsigned int size, unsigned int offset)
{
unsigned int s, doff;
entry->tag = exif_get_short (d + offset + 0, data->priv->order);
entry->format = exif_get_short (d + offset + 2, data->priv->order);
entry->components = exif_get_long (d + offset + 4, data->priv->order);
/* FIXME: should use exif_tag_get_name_in_ifd here but entry->parent
* has not been set yet
*/
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Loading entry 0x%x ('%s')...", entry->tag,
exif_tag_get_name (entry->tag));
/* {0,1,2,4,8} x { 0x00000000 .. 0xffffffff }
* -> { 0x000000000 .. 0x7fffffff8 } */
s = exif_format_get_size(entry->format) * entry->components;
if ((s < entry->components) || (s == 0)){
return 0;
}
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
*/
if (s > 4)
doff = exif_get_long (d + offset + 8, data->priv->order);
else
doff = offset + 8;
/* Sanity checks */
if ((doff + s < doff) || (doff + s < s) || (doff + s > size)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Tag data past end of buffer (%u > %u)", doff+s, size);
return 0;
}
entry->data = exif_data_alloc (data, s);
if (entry->data) {
entry->size = s;
memcpy (entry->data, d + doff, s);
} else {
/* FIXME: What do our callers do if (entry->data == NULL)? */
EXIF_LOG_NO_MEMORY(data->priv->log, "ExifData", s);
}
/* If this is the MakerNote, remember the offset */
if (entry->tag == EXIF_TAG_MAKER_NOTE) {
if (!entry->data) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"MakerNote found with empty data");
} else if (entry->size > 6) {
exif_log (data->priv->log,
EXIF_LOG_CODE_DEBUG, "ExifData",
"MakerNote found (%02x %02x %02x %02x "
"%02x %02x %02x...).",
entry->data[0], entry->data[1], entry->data[2],
entry->data[3], entry->data[4], entry->data[5],
entry->data[6]);
}
data->priv->offset_mnote = doff;
}
return 1;
}
void
exif_data_load_data (ExifData *data, const unsigned char *d_orig,
unsigned int ds_orig)
{
unsigned int l;
ExifLong offset;
ExifShort n;
const unsigned char *d = d_orig;
unsigned int ds = ds_orig, len;
if (!data || !data->priv || !d || !ds)
return;
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Parsing %i byte(s) EXIF data...\n", ds);
/*
* It can be that the data starts with the EXIF header. If it does
* not, search the EXIF marker.
*/
if (ds < 6) {
LOG_TOO_SMALL;
return;
}
if (!memcmp (d, ExifHeader, 6)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Found EXIF header.");
} else {
while (1) {
while ((d[0] == 0xff) && ds) {
d++;
ds--;
}
/* JPEG_MARKER_SOI */
if (d[0] == JPEG_MARKER_SOI) {
d++;
ds--;
continue;
}
/* JPEG_MARKER_APP0 */
if (d[0] == JPEG_MARKER_APP0) {
d++;
ds--;
l = (d[0] << 8) | d[1];
if (l > ds)
return;
d += l;
ds -= l;
continue;
}
/* JPEG_MARKER_APP1 */
if (d[0] == JPEG_MARKER_APP1)
break;
/* Unknown marker or data. Give up. */
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifData", _("EXIF marker not found."));
return;
}
d++;
ds--;
if (ds < 2) {
LOG_TOO_SMALL;
return;
}
len = (d[0] << 8) | d[1];
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"We have to deal with %i byte(s) of EXIF data.",
len);
d += 2;
ds -= 2;
}
/*
* Verify the exif header
* (offset 2, length 6).
*/
if (ds < 6) {
LOG_TOO_SMALL;
return;
}
if (memcmp (d, ExifHeader, 6)) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifData", _("EXIF header not found."));
return;
}
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Found EXIF header.");
/* Byte order (offset 6, length 2) */
if (ds < 14)
return;
if (!memcmp (d + 6, "II", 2))
data->priv->order = EXIF_BYTE_ORDER_INTEL;
else if (!memcmp (d + 6, "MM", 2))
data->priv->order = EXIF_BYTE_ORDER_MOTOROLA;
else {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifData", _("Unknown encoding."));
return;
}
/* Fixed value */
if (exif_get_short (d + 8, data->priv->order) != 0x002a)
return;
/* IFD 0 offset */
offset = exif_get_long (d + 10, data->priv->order);
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"IFD 0 at %i.", (int) offset);
/* Parse the actual exif data (usually offset 14 from start) */
exif_data_load_data_content (data, EXIF_IFD_0, d + 6, ds - 6, offset, 0);
/* IFD 1 offset */
if (offset + 6 + 2 > ds) {
return;
}
n = exif_get_short (d + 6 + offset, data->priv->order);
if (offset + 6 + 2 + 12 * n + 4 > ds) {
return;
}
offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
if (offset) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"IFD 1 at %i.", (int) offset);
/* Sanity check. */
if (offset > ds - 6) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifData", "Bogus offset of IFD1.");
} else {
exif_data_load_data_content (data, EXIF_IFD_1, d + 6, ds - 6, offset, 0);
}
}
/*
* If we got an EXIF_TAG_MAKER_NOTE, try to interpret it. Some
* cameras use pointers in the maker note tag that point to the
* space between IFDs. Here is the only place where we have access
* to that data.
*/
interpret_maker_note(data, d, ds);
/* Fixup tags if requested */
if (data->priv->options & EXIF_DATA_OPTION_FOLLOW_SPECIFICATION)
exif_data_fix (data);
}
unsigned char
exif_loader_write (ExifLoader *eld, unsigned char *buf, unsigned int len)
{
unsigned int i;
if (!eld || (len && !buf))
return 0;
switch (eld->state) {
case EL_EXIF_FOUND:
return exif_loader_copy (eld, buf, len);
case EL_SKIP_BYTES:
if (eld->size > len) {
eld->size -= len;
return 1;
}
len -= eld->size;
buf += eld->size;
eld->size = 0;
eld->b_len = 0;
switch (eld->data_format) {
case EL_DATA_FORMAT_FUJI_RAW:
eld->state = EL_READ_SIZE_BYTE_24;
break;
default:
eld->state = EL_READ;
break;
}
break;
case EL_READ:
default:
break;
}
if (!len)
return 1;
exif_log (eld->log, EXIF_LOG_CODE_DEBUG, "ExifLoader",
"Scanning %i byte(s) of data...", len);
/*
* First fill the small buffer. Only continue if the buffer
* is filled. Note that EXIF data contains at least 12 bytes.
*/
i = MIN (len, sizeof (eld->b) - eld->b_len);
if (i) {
memcpy (&eld->b[eld->b_len], buf, i);
eld->b_len += i;
if (eld->b_len < sizeof (eld->b))
return 1;
buf += i;
len -= i;
}
switch (eld->data_format) {
case EL_DATA_FORMAT_UNKNOWN:
/* Check the small buffer against known formats. */
if (!memcmp (eld->b, "FUJIFILM", 8)) {
/* Skip to byte 84. There is another offset there. */
eld->data_format = EL_DATA_FORMAT_FUJI_RAW;
eld->size = 84;
eld->state = EL_SKIP_BYTES;
eld->size = 84;
} else if (!memcmp (eld->b + 2, ExifHeader, sizeof (ExifHeader))) {
/* Read the size (2 bytes). */
eld->data_format = EL_DATA_FORMAT_EXIF;
eld->state = EL_READ_SIZE_BYTE_08;
}
default:
break;
}
for (i = 0; i < sizeof (eld->b); i++)
switch (eld->state) {
case EL_EXIF_FOUND:
if (!exif_loader_copy (eld, eld->b + i,
sizeof (eld->b) - i))
return 0;
return exif_loader_copy (eld, buf, len);
case EL_SKIP_BYTES:
eld->size--;
if (!eld->size)
eld->state = EL_READ;
break;
case EL_READ_SIZE_BYTE_24:
eld->size |= eld->b[i] << 24;
eld->state = EL_READ_SIZE_BYTE_16;
break;
case EL_READ_SIZE_BYTE_16:
eld->size |= eld->b[i] << 16;
eld->state = EL_READ_SIZE_BYTE_08;
break;
case EL_READ_SIZE_BYTE_08:
eld->size |= eld->b[i] << 8;
eld->state = EL_READ_SIZE_BYTE_00;
break;
case EL_READ_SIZE_BYTE_00:
eld->size |= eld->b[i] << 0;
switch (eld->data_format) {
case EL_DATA_FORMAT_JPEG:
eld->state = EL_SKIP_BYTES;
eld->size -= 2;
break;
case EL_DATA_FORMAT_FUJI_RAW:
eld->data_format = EL_DATA_FORMAT_EXIF;
eld->state = EL_SKIP_BYTES;
eld->size -= 86;
break;
case EL_DATA_FORMAT_EXIF:
eld->state = EL_EXIF_FOUND;
break;
default:
break;
}
break;
default:
switch (eld->b[i]) {
case JPEG_MARKER_APP1:
if (!memcmp (eld->b + i + 3, ExifHeader, MIN((ssize_t)(sizeof(ExifHeader)), MAX(0, ((ssize_t)(sizeof(eld->b))) - ((ssize_t)i) - 3)))) {
eld->data_format = EL_DATA_FORMAT_EXIF;
} else {
eld->data_format = EL_DATA_FORMAT_JPEG; /* Probably JFIF - keep searching for APP1 EXIF*/
}
eld->size = 0;
eld->state = EL_READ_SIZE_BYTE_08;
break;
case JPEG_MARKER_DHT:
case JPEG_MARKER_DQT:
case JPEG_MARKER_APP0:
case JPEG_MARKER_APP2:
case JPEG_MARKER_APP13:
case JPEG_MARKER_COM:
eld->data_format = EL_DATA_FORMAT_JPEG;
eld->size = 0;
eld->state = EL_READ_SIZE_BYTE_08;
break;
case 0xff:
case JPEG_MARKER_SOI:
break;
default:
exif_log (eld->log,
EXIF_LOG_CODE_CORRUPT_DATA,
"ExifLoader", _("The data supplied "
"does not seem to contain "
"EXIF data."));
exif_loader_reset (eld);
return 0;
}
}
/*
* If we reach this point, the buffer has not been big enough
* to read all data we need. Fill it with new data.
*/
eld->b_len = 0;
return exif_loader_write (eld, buf, len);
}
static void
exif_mnote_data_olympus_load (ExifMnoteData *en,
const unsigned char *buf, unsigned int buf_size)
{
ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) en;
ExifShort c;
unsigned int i, s, o, o2 = 0, datao = 6, base = 0;
if (!n || !buf) return;
/* Start of interesting data */
o2 = 6 + n->offset;
/*
* Olympus headers start with "OLYMP" and need to have at least
* a size of 22 bytes (6 for 'OLYMP', 2 other bytes, 2 for the
* number of entries, and 12 for one entry.
*
* Nikon headers start with "Nikon" (6 bytes including '\0'),
* version number (1 or 2).
*
* Version 1 continues with 0, 1, 0, number_of_tags,
* or just with number_of_tags (models D1H, D1X...).
*
* Version 2 continues with an unknown byte (0 or 10),
* two unknown bytes (0), "MM" or "II", another byte 0 and
* lastly 0x2A.
*/
if (buf_size - n->offset < 22) return;
if (!memcmp (buf + o2, "OLYMP", 6)) {
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Parsing Olympus maker note v1...");
/* The number of entries is at position 8. */
n->version = olympusV1;
if (buf[o2 + 6] == 1)
n->order = EXIF_BYTE_ORDER_INTEL;
else if (buf[o2 + 6 + 1] == 1)
n->order = EXIF_BYTE_ORDER_MOTOROLA;
o2 += 8;
} else if (!memcmp (buf + o2, "OLYMPUS", 8)) {
/* Olympus S760, S770 */
datao = o2;
o2 += 8;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Parsing Olympus maker note v2 (0x%02x, %02x, %02x, %02x)...",
buf[o2], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3]);
if ((buf[o2] == 'I') && (buf[o2 + 1] == 'I'))
n->order = EXIF_BYTE_ORDER_INTEL;
else if ((buf[o2] == 'M') && (buf[o2 + 1] == 'M'))
n->order = EXIF_BYTE_ORDER_MOTOROLA;
/* The number of entries is at position 8+4. */
n->version = olympusV2;
o2 += 4;
} else if (!memcmp (buf + o2, "Nikon", 6)) {
o2 += 6;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Parsing Nikon maker note (0x%02x, %02x, %02x, "
"%02x, %02x, %02x, %02x, %02x)...",
buf[o2 + 0], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3],
buf[o2 + 4], buf[o2 + 5], buf[o2 + 6], buf[o2 + 7]);
/* The first byte is the version. */
if (o2 >= buf_size) return;
n->version = buf[o2];
o2 += 1;
/* Skip an unknown byte (00 or 0A). */
o2 += 1;
switch (n->version) {
case nikonV1:
base = MNOTE_NIKON1_TAG_BASE;
break;
case nikonV2:
/* Skip 2 unknown bytes (00 00). */
o2 += 2;
/*
* Byte order. From here the data offset
* gets calculated.
*/
datao = o2;
if (o2 >= buf_size) return;
if (!strncmp ((char *)&buf[o2], "II", 2))
n->order = EXIF_BYTE_ORDER_INTEL;
else if (!strncmp ((char *)&buf[o2], "MM", 2))
n->order = EXIF_BYTE_ORDER_MOTOROLA;
else {
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteDatalympus", "Unknown "
"byte order '%c%c'", buf[o2],
buf[o2 + 1]);
return;
}
o2 += 2;
/* Skip 2 unknown bytes (00 2A). */
o2 += 2;
/* Go to where the number of entries is. */
if (o2 >= buf_size) return;
o2 = datao + exif_get_long (buf + o2, n->order);
break;
default:
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteDataOlympus", "Unknown version "
"number %i.", n->version);
return;
}
} else if (!memcmp (buf + o2, "\0\x1b", 2)) {
n->version = nikonV2;
} else {
return;
}
/* Number of entries */
if (o2 >= buf_size) return;
c = exif_get_short (buf + o2, n->order);
o2 += 2;
/* Read the number of entries and remove old ones. */
exif_mnote_data_olympus_clear (n);
n->entries = exif_mem_alloc (en->mem, sizeof (MnoteOlympusEntry) * c);
if (!n->entries) return;
/* Parse the entries */
for (i = 0; i < c; i++) {
o = o2 + 12 * i;
if (o + 12 > buf_size) return;
n->count = i + 1;
n->entries[i].tag = exif_get_short (buf + o, n->order) + base;
n->entries[i].format = exif_get_short (buf + o + 2, n->order);
n->entries[i].components = exif_get_long (buf + o + 4, n->order);
n->entries[i].order = n->order;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteOlympus",
"Loading entry 0x%x ('%s')...", n->entries[i].tag,
mnote_olympus_tag_get_name (n->entries[i].tag));
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
*/
s = exif_format_get_size (n->entries[i].format) *
n->entries[i].components;
if (!s) continue;
o += 8;
if (s > 4) o = exif_get_long (buf + o, n->order) + datao;
if (o + s > buf_size) continue;
/* Sanity check */
n->entries[i].data = exif_mem_alloc (en->mem, s);
if (!n->entries[i].data) continue;
n->entries[i].size = s;
memcpy (n->entries[i].data, buf + o, s);
}
}
/*! Load data for an IFD.
*
* \param[in,out] data #ExifData
* \param[in] ifd IFD to load
* \param[in] d pointer to buffer containing raw IFD data
* \param[in] ds size of raw data in buffer at \c d
* \param[in] offset offset into buffer at \c d at which IFD starts
* \param[in] recursion_depth number of times this function has been
* recursively called without returning
*/
static void
exif_data_load_data_content (ExifData *data, ExifIfd ifd,
const unsigned char *d,
unsigned int ds, unsigned int offset, unsigned int recursion_depth)
{
ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
ExifShort n;
ExifEntry *entry;
unsigned int i;
ExifTag tag;
if (!data || !data->priv)
return;
/* check for valid ExifIfd enum range */
if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
return;
if (recursion_depth > 30) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
"Deep recursion detected!");
return;
}
/* Read the number of entries */
if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
"Tag data past end of buffer (%u > %u)", offset+2, ds);
return;
}
n = exif_get_short (d + offset, data->priv->order);
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Loading %hu entries...", n);
offset += 2;
/* Check if we have enough data. */
if (offset + 12 * n > ds) {
n = (ds - offset) / 12;
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Short data; only loading %hu entries...", n);
}
for (i = 0; i < n; i++) {
tag = exif_get_short (d + offset + 12 * i, data->priv->order);
switch (tag) {
case EXIF_TAG_EXIF_IFD_POINTER:
case EXIF_TAG_GPS_INFO_IFD_POINTER:
case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
case EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH:
case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
o = exif_get_long (d + offset + 12 * i + 8,
data->priv->order);
/* FIXME: IFD_POINTER tags aren't marked as being in a
* specific IFD, so exif_tag_get_name_in_ifd won't work
*/
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Sub-IFD entry 0x%x ('%s') at %u.", tag,
exif_tag_get_name(tag), o);
switch (tag) {
case EXIF_TAG_EXIF_IFD_POINTER:
CHECK_REC (EXIF_IFD_EXIF);
exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
break;
case EXIF_TAG_GPS_INFO_IFD_POINTER:
CHECK_REC (EXIF_IFD_GPS);
exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
break;
case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
CHECK_REC (EXIF_IFD_INTEROPERABILITY);
exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
break;
case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
thumbnail_offset = o;
if (thumbnail_offset && thumbnail_length)
exif_data_load_data_thumbnail (data, d,
ds, thumbnail_offset,
thumbnail_length);
break;
case EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH:
thumbnail_length = o;
if (thumbnail_offset && thumbnail_length)
exif_data_load_data_thumbnail (data, d,
ds, thumbnail_offset,
thumbnail_length);
break;
default:
return;
}
break;
default:
/*
* If we don't know the tag, don't fail. It could be that new
* versions of the standard have defined additional tags. Note that
* 0 is a valid tag in the GPS IFD.
*/
if (!exif_tag_get_name_in_ifd (tag, ifd)) {
/*
* Special case: Tag and format 0. That's against specification
* (at least up to 2.2). But Photoshop writes it anyways.
*/
if (!memcmp (d + offset + 12 * i, "\0\0\0\0", 4)) {
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Skipping empty entry at position %u in '%s'.", i,
exif_ifd_get_name (ifd));
break;
}
exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
"Unknown tag 0x%04x (entry %u in '%s'). Please report this tag "
"to <*****@*****.**>.", tag, i,
exif_ifd_get_name (ifd));
if (data->priv->options & EXIF_DATA_OPTION_IGNORE_UNKNOWN_TAGS)
break;
}
entry = exif_entry_new_mem (data->priv->mem);
if (exif_data_load_data_entry (data, entry, d, ds,
offset + 12 * i))
exif_content_add_entry (data->ifd[ifd], entry);
exif_entry_unref (entry);
break;
}
}
}
static void
exif_mnote_data_olympus_load (ExifMnoteData *en,
const unsigned char *buf, unsigned int buf_size)
{
ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) en;
ExifShort c;
size_t i, tcount, o, o2, datao = 6, base = 0;
if (!n || !buf || !buf_size) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataOlympus", "Short MakerNote");
return;
}
o2 = 6 + n->offset; /* Start of interesting data */
if ((o2 + 10 < o2) || (o2 + 10 < 10) || (o2 + 10 > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataOlympus", "Short MakerNote");
return;
}
/*
* Olympus headers start with "OLYMP" and need to have at least
* a size of 22 bytes (6 for 'OLYMP', 2 other bytes, 2 for the
* number of entries, and 12 for one entry.
*
* Sanyo format is identical and uses identical tags except that
* header starts with "SANYO".
*
* Epson format is identical and uses identical tags except that
* header starts with "EPSON".
*
* Nikon headers start with "Nikon" (6 bytes including '\0'),
* version number (1 or 2).
*
* Version 1 continues with 0, 1, 0, number_of_tags,
* or just with number_of_tags (models D1H, D1X...).
*
* Version 2 continues with an unknown byte (0 or 10),
* two unknown bytes (0), "MM" or "II", another byte 0 and
* lastly 0x2A.
*/
if (!memcmp (buf + o2, "OLYMP", 6) || !memcmp (buf + o2, "SANYO", 6) ||
!memcmp (buf + o2, "EPSON", 6)) {
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Parsing Olympus/Sanyo/Epson maker note v1...");
/* The number of entries is at position 8. */
if (!memcmp (buf + o2, "SANYO", 6))
n->version = sanyoV1;
else if (!memcmp (buf + o2, "EPSON", 6))
n->version = epsonV1;
else
n->version = olympusV1;
if (buf[o2 + 6] == 1)
n->order = EXIF_BYTE_ORDER_INTEL;
else if (buf[o2 + 6 + 1] == 1)
n->order = EXIF_BYTE_ORDER_MOTOROLA;
o2 += 8;
if (o2 + 2 > buf_size) return;
c = exif_get_short (buf + o2, n->order);
if ((!(c & 0xFF)) && (c > 0x500)) {
if (n->order == EXIF_BYTE_ORDER_INTEL) {
n->order = EXIF_BYTE_ORDER_MOTOROLA;
} else {
n->order = EXIF_BYTE_ORDER_INTEL;
}
}
} else if (!memcmp (buf + o2, "OLYMPUS", 8)) {
/* Olympus S760, S770 */
datao = o2;
o2 += 8;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Parsing Olympus maker note v2 (0x%02x, %02x, %02x, %02x)...",
buf[o2], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3]);
if ((buf[o2] == 'I') && (buf[o2 + 1] == 'I'))
n->order = EXIF_BYTE_ORDER_INTEL;
else if ((buf[o2] == 'M') && (buf[o2 + 1] == 'M'))
n->order = EXIF_BYTE_ORDER_MOTOROLA;
/* The number of entries is at position 8+4. */
n->version = olympusV2;
o2 += 4;
} else if (!memcmp (buf + o2, "Nikon", 6)) {
o2 += 6;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus",
"Parsing Nikon maker note (0x%02x, %02x, %02x, "
"%02x, %02x, %02x, %02x, %02x)...",
buf[o2 + 0], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3],
buf[o2 + 4], buf[o2 + 5], buf[o2 + 6], buf[o2 + 7]);
/* The first byte is the version. */
if (o2 >= buf_size) return;
n->version = buf[o2];
o2 += 1;
/* Skip an unknown byte (00 or 0A). */
o2 += 1;
switch (n->version) {
case nikonV1:
base = MNOTE_NIKON1_TAG_BASE;
/* Fix endianness, if needed */
if (o2 + 2 > buf_size) return;
c = exif_get_short (buf + o2, n->order);
if ((!(c & 0xFF)) && (c > 0x500)) {
if (n->order == EXIF_BYTE_ORDER_INTEL) {
n->order = EXIF_BYTE_ORDER_MOTOROLA;
} else {
n->order = EXIF_BYTE_ORDER_INTEL;
}
}
break;
case nikonV2:
/* Skip 2 unknown bytes (00 00). */
o2 += 2;
/*
* Byte order. From here the data offset
* gets calculated.
*/
datao = o2;
if (o2 >= buf_size) return;
if (!strncmp ((char *)&buf[o2], "II", 2))
n->order = EXIF_BYTE_ORDER_INTEL;
else if (!strncmp ((char *)&buf[o2], "MM", 2))
n->order = EXIF_BYTE_ORDER_MOTOROLA;
else {
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteDatalympus", "Unknown "
"byte order '%c%c'", buf[o2],
buf[o2 + 1]);
return;
}
o2 += 2;
/* Skip 2 unknown bytes (00 2A). */
o2 += 2;
/* Go to where the number of entries is. */
if (o2 + 4 > buf_size) return;
o2 = datao + exif_get_long (buf + o2, n->order);
break;
default:
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteDataOlympus", "Unknown version "
"number %i.", n->version);
return;
}
} else if (!memcmp (buf + o2, "\0\x1b", 2)) {
n->version = nikonV2;
/* 00 1b is # of entries in Motorola order - the rest should also be in MM order */
n->order = EXIF_BYTE_ORDER_MOTOROLA;
} else {
return;
}
/* Sanity check the offset */
if ((o2 + 2 < o2) || (o2 + 2 < 2) || (o2 + 2 > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteOlympus", "Short MakerNote");
return;
}
/* Read the number of tags */
c = exif_get_short (buf + o2, n->order);
o2 += 2;
/* Remove any old entries */
exif_mnote_data_olympus_clear (n);
/* Reserve enough space for all the possible MakerNote tags */
n->entries = exif_mem_alloc (en->mem, sizeof (MnoteOlympusEntry) * c);
if (!n->entries) {
EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteOlympus", sizeof (MnoteOlympusEntry) * c);
return;
}
/* Parse all c entries, storing ones that are successfully parsed */
tcount = 0;
for (i = c, o = o2; i; --i, o += 12) {
size_t s;
if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteOlympus", "Short MakerNote");
break;
}
n->entries[tcount].tag = exif_get_short (buf + o, n->order) + base;
n->entries[tcount].format = exif_get_short (buf + o + 2, n->order);
n->entries[tcount].components = exif_get_long (buf + o + 4, n->order);
n->entries[tcount].order = n->order;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteOlympus",
"Loading entry 0x%x ('%s')...", n->entries[tcount].tag,
mnote_olympus_tag_get_name (n->entries[tcount].tag));
/* exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteOlympus",
"0x%x %d %ld*(%d)",
n->entries[tcount].tag,
n->entries[tcount].format,
n->entries[tcount].components,
(int)exif_format_get_size(n->entries[tcount].format)); */
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
*/
s = exif_format_get_size (n->entries[tcount].format) *
n->entries[tcount].components;
n->entries[tcount].size = s;
if (s) {
size_t dataofs = o + 8;
if (s > 4) {
/* The data in this case is merely a pointer */
dataofs = exif_get_long (buf + dataofs, n->order) + datao;
#ifdef EXIF_OVERCOME_SANYO_OFFSET_BUG
/* Some Sanyo models (e.g. VPC-C5, C40) suffer from a bug when
* writing the offset for the MNOTE_OLYMPUS_TAG_THUMBNAILIMAGE
* tag in its MakerNote. The offset is actually the absolute
* position in the file instead of the position within the IFD.
*/
if (dataofs + s > buf_size && n->version == sanyoV1) {
/* fix pointer */
dataofs -= datao + 6;
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteOlympus",
"Inconsistent thumbnail tag offset; attempting to recover");
}
#endif
}
if ((dataofs + s < dataofs) || (dataofs + s < s) ||
(dataofs + s > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteOlympus",
"Tag data past end of buffer (%u > %u)",
dataofs + s, buf_size);
continue;
}
n->entries[tcount].data = exif_mem_alloc (en->mem, s);
if (!n->entries[tcount].data) {
EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteOlympus", s);
continue;
}
memcpy (n->entries[tcount].data, buf + dataofs, s);
}
/* Tag was successfully parsed */
++tcount;
}
/* Store the count of successfully parsed tags */
n->count = tcount;
}
/**
* @brief save the MnoteData from ne to buf
*
* @param ne extract the data from this structure
* @param *buf write the mnoteData to this buffer (buffer will be allocated)
* @param buf_size the final size of the buffer
*/
static void
exif_mnote_data_pentax_save (ExifMnoteData *ne,
unsigned char **buf, unsigned int *buf_size)
{
ExifMnoteDataPentax *n = (ExifMnoteDataPentax *) ne;
size_t i,
base = 0, /* internal MakerNote tag number offset */
o2 = 4 + 2; /* offset to first tag entry, past header */
size_t datao = n->offset; /* this MakerNote style uses offsets
based on main IFD, not makernote IFD */
if (!n || !buf || !buf_size) return;
/*
* Allocate enough memory for header, the number of entries, entries,
* and next IFD pointer
*/
*buf_size = o2 + 2 + n->count * 12 + 4;
switch (n->version) {
case casioV2:
base = MNOTE_PENTAX2_TAG_BASE;
*buf = exif_mem_alloc (ne->mem, *buf_size);
if (!*buf) {
EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size);
return;
}
/* Write the magic header */
strcpy ((char *)*buf, "QVC");
exif_set_short (*buf + 4, n->order, (ExifShort) 0);
break;
case pentaxV3:
base = MNOTE_PENTAX2_TAG_BASE;
*buf = exif_mem_alloc (ne->mem, *buf_size);
if (!*buf) {
EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size);
return;
}
/* Write the magic header */
strcpy ((char *)*buf, "AOC");
exif_set_short (*buf + 4, n->order, (ExifShort) (
(n->order == EXIF_BYTE_ORDER_INTEL) ?
('I' << 8) | 'I' :
('M' << 8) | 'M'));
break;
case pentaxV2:
base = MNOTE_PENTAX2_TAG_BASE;
*buf = exif_mem_alloc (ne->mem, *buf_size);
if (!*buf) {
EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size);
return;
}
/* Write the magic header */
strcpy ((char *)*buf, "AOC");
exif_set_short (*buf + 4, n->order, (ExifShort) 0);
break;
case pentaxV1:
/* It looks like this format doesn't have a magic header as
* such, just has a fixed number of entries equal to 0x001b */
*buf_size -= 6;
o2 -= 6;
*buf = exif_mem_alloc (ne->mem, *buf_size);
if (!*buf) {
EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size);
return;
}
break;
default:
/* internal error */
return;
}
/* Write the number of entries. */
exif_set_short (*buf + o2, n->order, (ExifShort) n->count);
o2 += 2;
/* Save each entry */
for (i = 0; i < n->count; i++) {
size_t doff; /* offset to current data portion of tag */
size_t s;
unsigned char *t;
size_t o = o2 + i * 12; /* current offset into output buffer */
exif_set_short (*buf + o + 0, n->order,
(ExifShort) (n->entries[i].tag - base));
exif_set_short (*buf + o + 2, n->order,
(ExifShort) n->entries[i].format);
exif_set_long (*buf + o + 4, n->order,
n->entries[i].components);
o += 8;
s = exif_format_get_size (n->entries[i].format) *
n->entries[i].components;
if (s > 65536) {
/* Corrupt data: EXIF data size is limited to the
* maximum size of a JPEG segment (64 kb).
*/
continue;
}
if (s > 4) {
size_t ts = *buf_size + s;
doff = *buf_size;
t = exif_mem_realloc (ne->mem, *buf,
sizeof (char) * ts);
if (!t) {
EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", ts);
return;
}
*buf = t;
*buf_size = ts;
exif_set_long (*buf + o, n->order, datao + doff);
} else
doff = o;
/* Write the data. */
if (n->entries[i].data) {
memcpy (*buf + doff, n->entries[i].data, s);
} else {
/* Most certainly damaged input file */
memset (*buf + doff, 0, s);
}
}
/* Sanity check the buffer size */
if (*buf_size < (o2 + n->count * 12 + 4)) {
exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataPentax",
"Buffer overflow");
}
/* Reset next IFD pointer */
exif_set_long (*buf + o2 + n->count * 12, n->order, 0);
}
static void
exif_mnote_data_fuji_load (ExifMnoteData *en,
const unsigned char *buf, unsigned int buf_size)
{
ExifMnoteDataFuji *n = (ExifMnoteDataFuji*) en;
ExifLong c;
size_t i, tcount, o, datao;
if (!n || !buf || !buf_size) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Short MakerNote");
return;
}
datao = 6 + n->offset;
if ((datao + 12 < datao) || (datao + 12 < 12) || (datao + 12 > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Short MakerNote");
return;
}
n->order = EXIF_BYTE_ORDER_INTEL;
datao += exif_get_long (buf + datao + 8, EXIF_BYTE_ORDER_INTEL);
if ((datao + 2 < datao) || (datao + 2 < 2) ||
(datao + 2 > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Short MakerNote");
return;
}
/* Read the number of tags */
c = exif_get_short (buf + datao, EXIF_BYTE_ORDER_INTEL);
datao += 2;
/* Remove any old entries */
exif_mnote_data_fuji_clear (n);
/* Reserve enough space for all the possible MakerNote tags */
n->entries = exif_mem_alloc (en->mem, sizeof (MnoteFujiEntry) * c);
if (!n->entries) {
EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataFuji", sizeof (MnoteFujiEntry) * c);
return;
}
/* Parse all c entries, storing ones that are successfully parsed */
tcount = 0;
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Short MakerNote");
break;
}
n->entries[tcount].tag = exif_get_short (buf + o, n->order);
n->entries[tcount].format = exif_get_short (buf + o + 2, n->order);
n->entries[tcount].components = exif_get_long (buf + o + 4, n->order);
n->entries[tcount].order = n->order;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataFuji",
"Loading entry 0x%x ('%s')...", n->entries[tcount].tag,
mnote_fuji_tag_get_name (n->entries[tcount].tag));
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
*/
s = exif_format_get_size (n->entries[tcount].format) * n->entries[tcount].components;
n->entries[tcount].size = s;
if (s) {
size_t dataofs = o + 8;
if (s > 4)
/* The data in this case is merely a pointer */
dataofs = exif_get_long (buf + dataofs, n->order) + 6 + n->offset;
if ((dataofs + s < dataofs) || (dataofs + s < s) ||
(dataofs + s >= buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataFuji", "Tag data past end of "
"buffer (%zu >= %u)", dataofs + s, buf_size);
continue;
}
n->entries[tcount].data = exif_mem_alloc (en->mem, s);
if (!n->entries[tcount].data) {
EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataFuji", s);
continue;
}
memcpy (n->entries[tcount].data, buf + dataofs, s);
}
/* Tag was successfully parsed */
++tcount;
}
/* Store the count of successfully parsed tags */
n->count = tcount;
}
static void
exif_mnote_data_pentax_load (ExifMnoteData *en,
const unsigned char *buf, unsigned int buf_size)
{
ExifMnoteDataPentax *n = (ExifMnoteDataPentax *) en;
size_t i, tcount, o, datao, base = 0;
ExifShort c;
if (!n || !buf || !buf_size) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataPentax", "Short MakerNote");
return;
}
datao = 6 + n->offset;
if ((datao + 8 < datao) || (datao + 8 < 8) || (datao + 8 > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataPentax", "Short MakerNote");
return;
}
/* Detect variant of Pentax/Casio MakerNote found */
if (!memcmp(buf + datao, "AOC", 4)) {
if ((buf[datao + 4] == 'I') && (buf[datao + 5] == 'I')) {
n->version = pentaxV3;
n->order = EXIF_BYTE_ORDER_INTEL;
} else if ((buf[datao + 4] == 'M') && (buf[datao + 5] == 'M')) {
n->version = pentaxV3;
n->order = EXIF_BYTE_ORDER_MOTOROLA;
} else {
/* Uses Casio v2 tags */
n->version = pentaxV2;
}
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax",
"Parsing Pentax maker note v%d...", (int)n->version);
datao += 4 + 2;
base = MNOTE_PENTAX2_TAG_BASE;
} else if (!memcmp(buf + datao, "QVC", 4)) {
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax",
"Parsing Casio maker note v2...");
n->version = casioV2;
base = MNOTE_CASIO2_TAG_BASE;
datao += 4 + 2;
} else {
/* probably assert(!memcmp(buf + datao, "\x00\x1b", 2)) */
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax",
"Parsing Pentax maker note v1...");
n->version = pentaxV1;
}
/* Read the number of tags */
c = exif_get_short (buf + datao, n->order);
datao += 2;
/* Remove any old entries */
exif_mnote_data_pentax_clear (n);
/* Reserve enough space for all the possible MakerNote tags */
n->entries = exif_mem_alloc (en->mem, sizeof (MnotePentaxEntry) * c);
if (!n->entries) {
EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataPentax", sizeof (MnotePentaxEntry) * c);
return;
}
/* Parse all c entries, storing ones that are successfully parsed */
tcount = 0;
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteDataPentax", "Short MakerNote");
break;
}
n->entries[tcount].tag = exif_get_short (buf + o + 0, n->order) + base;
n->entries[tcount].format = exif_get_short (buf + o + 2, n->order);
n->entries[tcount].components = exif_get_long (buf + o + 4, n->order);
n->entries[tcount].order = n->order;
exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnotePentax",
"Loading entry 0x%x ('%s')...", n->entries[tcount].tag,
mnote_pentax_tag_get_name (n->entries[tcount].tag));
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
*/
s = exif_format_get_size (n->entries[tcount].format) *
n->entries[tcount].components;
n->entries[tcount].size = s;
if (s) {
size_t dataofs = o + 8;
if (s > 4)
/* The data in this case is merely a pointer */
dataofs = exif_get_long (buf + dataofs, n->order) + 6;
if ((dataofs + s < dataofs) || (dataofs + s < s) ||
(dataofs + s > buf_size)) {
exif_log (en->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteDataPentax", "Tag data past end "
"of buffer (%u > %u)", dataofs + s, buf_size);
continue;
}
n->entries[tcount].data = exif_mem_alloc (en->mem, s);
if (!n->entries[tcount].data) {
EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataPentax", s);
continue;
}
memcpy (n->entries[tcount].data, buf + dataofs, s);
}
/* Tag was successfully parsed */
++tcount;
}
/* Store the count of successfully parsed tags */
n->count = tcount;
}
static void
exif_mnote_data_canon_load (ExifMnoteData *ne,
const unsigned char *buf, unsigned int buf_size)
{
ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne;
ExifShort c;
size_t i, tcount, o, datao;
if (!n || !buf || !buf_size) {
exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteCanon", "Short MakerNote");
return;
}
datao = 6 + n->offset;
if ((datao + 2 < datao) || (datao + 2 < 2) || (datao + 2 > buf_size)) {
exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteCanon", "Short MakerNote");
return;
}
/* Read the number of tags */
c = exif_get_short (buf + datao, n->order);
datao += 2;
/* Remove any old entries */
exif_mnote_data_canon_clear (n);
/* Reserve enough space for all the possible MakerNote tags */
n->entries = exif_mem_alloc (ne->mem, sizeof (MnoteCanonEntry) * c);
if (!n->entries) {
EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", sizeof (MnoteCanonEntry) * c);
return;
}
/* Parse the entries */
tcount = 0;
for (i = c, o = datao; i; --i, o += 12) {
size_t s;
if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) {
exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteCanon", "Short MakerNote");
break;
}
n->entries[tcount].tag = exif_get_short (buf + o, n->order);
n->entries[tcount].format = exif_get_short (buf + o + 2, n->order);
n->entries[tcount].components = exif_get_long (buf + o + 4, n->order);
n->entries[tcount].order = n->order;
exif_log (ne->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteCanon",
"Loading entry 0x%x ('%s')...", n->entries[tcount].tag,
mnote_canon_tag_get_name (n->entries[tcount].tag));
/*
* Size? If bigger than 4 bytes, the actual data is not
* in the entry but somewhere else (offset).
*/
s = exif_format_get_size (n->entries[tcount].format) *
n->entries[tcount].components;
n->entries[tcount].size = s;
if (!s) {
exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA,
"ExifMnoteCanon",
"Invalid zero-length tag size");
continue;
} else {
size_t dataofs = o + 8;
if (s > 4) dataofs = exif_get_long (buf + dataofs, n->order) + 6;
if ((dataofs + s < s) || (dataofs + s < dataofs) || (dataofs + s > buf_size)) {
exif_log (ne->log, EXIF_LOG_CODE_DEBUG,
"ExifMnoteCanon",
"Tag data past end of buffer (%u > %u)",
dataofs + s, buf_size);
continue;
}
n->entries[tcount].data = exif_mem_alloc (ne->mem, s);
if (!n->entries[tcount].data) {
EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", s);
continue;
}
memcpy (n->entries[tcount].data, buf + dataofs, s);
}
/* Tag was successfully parsed */
++tcount;
}
/* Store the count of successfully parsed tags */
n->count = tcount;
}
