ExifMnoteData * exif_mnote_data_canon_new (ExifMem *mem, ExifDataOption o) { ExifMnoteData *d; ExifMnoteDataCanon *dc; if (!mem) return NULL; d = exif_mem_alloc (mem, sizeof (ExifMnoteDataCanon)); if (!d) return NULL; exif_mnote_data_construct (d, mem); /* Set up function pointers */ d->methods.free = exif_mnote_data_canon_free; d->methods.set_byte_order = exif_mnote_data_canon_set_byte_order; d->methods.set_offset = exif_mnote_data_canon_set_offset; d->methods.load = exif_mnote_data_canon_load; d->methods.save = exif_mnote_data_canon_save; d->methods.count = exif_mnote_data_canon_count; d->methods.get_id = exif_mnote_data_canon_get_id; d->methods.get_name = exif_mnote_data_canon_get_name; d->methods.get_title = exif_mnote_data_canon_get_title; d->methods.get_description = exif_mnote_data_canon_get_description; d->methods.get_value = exif_mnote_data_canon_get_value; dc = (ExifMnoteDataCanon*)d; dc->options = o; return d; }
ExifMnoteData * exif_mnote_data_olympus_new (ExifMem *mem) { ExifMnoteData *d; if (!mem) return NULL; d = exif_mem_alloc (mem, sizeof (ExifMnoteDataOlympus)); if (!d) return NULL; exif_mnote_data_construct (d, mem); /* Set up function pointers */ d->methods.free = exif_mnote_data_olympus_free; d->methods.set_byte_order = exif_mnote_data_olympus_set_byte_order; d->methods.set_offset = exif_mnote_data_olympus_set_offset; d->methods.load = exif_mnote_data_olympus_load; d->methods.save = exif_mnote_data_olympus_save; d->methods.count = exif_mnote_data_olympus_count; d->methods.get_id = exif_mnote_data_olympus_get_id; d->methods.get_name = exif_mnote_data_olympus_get_name; d->methods.get_title = exif_mnote_data_olympus_get_title; d->methods.get_description = exif_mnote_data_olympus_get_description; d->methods.get_value = exif_mnote_data_olympus_get_value; return d; }
ExifData * exif_data_new_mem (ExifMem *mem) { ExifData *data; unsigned int i; if (!mem) return NULL; data = exif_mem_alloc (mem, sizeof (ExifData)); if (!data) return (NULL); data->priv = exif_mem_alloc (mem, sizeof (ExifDataPrivate)); if (!data->priv) { exif_mem_free (mem, data); return (NULL); } data->priv->ref_count = 1; data->priv->mem = mem; exif_mem_ref (mem); for (i = 0; i < EXIF_IFD_COUNT; i++) { data->ifd[i] = exif_content_new_mem (data->priv->mem); if (!data->ifd[i]) { exif_data_free (data); return (NULL); } data->ifd[i]->parent = data; } /* Default options */ #ifndef NO_VERBOSE_TAG_STRINGS /* * When the tag list is compiled away, setting this option prevents * any tags from being loaded */ exif_data_set_option (data, EXIF_DATA_OPTION_IGNORE_UNKNOWN_TAGS); #endif exif_data_set_option (data, EXIF_DATA_OPTION_FOLLOW_SPECIFICATION); /* Default data type: none */ exif_data_set_data_type (data, EXIF_DATA_TYPE_COUNT); return (data); }
static void exif_mnote_data_canon_save (ExifMnoteData *ne, unsigned char **buf, unsigned int *buf_size) { ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne; unsigned int i, o, s, doff; if (!n || !buf || !buf_size) return; /* * Allocate enough memory for all entries and the number * of entries. */ *buf_size = 2 + n->count * 12 + 4; *buf = exif_mem_alloc (ne->mem, sizeof (char) * *buf_size); if (!*buf) return; /* Save the number of entries */ exif_set_short (*buf, n->order, (ExifShort) n->count); /* Save each entry */ for (i = 0; i < n->count; i++) { o = 2 + i * 12; exif_set_short (*buf + o + 0, n->order, (ExifShort) n->entries[i].tag); exif_set_short (*buf + o + 2, n->order, (ExifShort) n->entries[i].format); exif_set_long (*buf + o + 4, n->order, n->entries[i].components); o += 8; s = exif_format_get_size (n->entries[i].format) * n->entries[i].components; if (s > 4) { *buf_size += s; /* Ensure even offsets. Set padding bytes to 0. */ if (s & 1) *buf_size += 1; *buf = exif_mem_realloc (ne->mem, *buf, sizeof (char) * *buf_size); if (!*buf) return; doff = *buf_size - s; if (s & 1) { doff--; *(*buf + *buf_size - 1) = '\0'; } exif_set_long (*buf + o, n->order, n->offset + doff); } else doff = o; /* * Write the data. Fill unneeded bytes with 0. Do not * crash if data is NULL. */ if (!n->entries[i].data) memset (*buf + doff, 0, s); else memcpy (*buf + doff, n->entries[i].data, s); if (s < 4) memset (*buf + doff + s, 0, (4 - s)); } }
void exif_mnote_data_construct (ExifMnoteData *d, ExifMem *mem) { if (!d || !mem) return; if (d->priv) return; d->priv = exif_mem_alloc (mem, sizeof (ExifMnoteDataPriv)); if (!d->priv) return; d->priv->ref_count = 1; d->mem = mem; exif_mem_ref (mem); }
ExifLog * exif_log_new_mem (ExifMem *mem) { ExifLog *log; log = (ExifLog *)exif_mem_alloc (mem, sizeof (ExifLog)); if (!log) return NULL; log->ref_count = 1; log->mem = mem; exif_mem_ref (mem); return log; }
static void * exif_data_alloc (ExifData *data, unsigned int i) { void *d; if (!data || !i) return NULL; d = exif_mem_alloc (data->priv->mem, i); if (d) return d; EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData", i); return NULL; }
static void * exif_loader_alloc (ExifLoader *l, unsigned int i) { void *d; if (!l || !i) return NULL; d = exif_mem_alloc (l->mem, i); if (d) return d; EXIF_LOG_NO_MEMORY (l->log, "ExifLog", i); return NULL; }
ExifContent * exif_content_new_mem (ExifMem *mem) { ExifContent *content; if (!mem) return NULL; content = exif_mem_alloc (mem, (ExifLong) sizeof (ExifContent)); if (!content) return NULL; content->priv = exif_mem_alloc (mem, (ExifLong) sizeof (ExifContentPrivate)); if (!content->priv) { exif_mem_free (mem, content); return NULL; } content->priv->ref_count = 1; content->priv->mem = mem; exif_mem_ref (mem); return content; }
static ExifEntry* allocateEntry(int tag, ExifFormat format, unsigned int numComponents) { ExifMem* mem = exif_mem_new_default(); ExifEntry* entry = exif_entry_new_mem(mem); unsigned int size = numComponents * exif_format_get_size(format); entry->data = reinterpret_cast<unsigned char*>(exif_mem_alloc(mem, size)); entry->size = size; entry->tag = static_cast<ExifTag>(tag); entry->components = numComponents; entry->format = format; exif_mem_unref(mem); return entry; }
static void exif_mnote_data_canon_load (ExifMnoteData *ne, const unsigned char *buf, unsigned int buf_size) { ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne; ExifShort c; unsigned int i, o, s; if (!n || !buf || !buf_size || (buf_size < 6 + n->offset + 2)) return; /* Read the number of entries and remove old ones. */ c = exif_get_short (buf + 6 + n->offset, n->order); exif_mnote_data_canon_clear (n); /* Parse the entries */ for (i = 0; i < c; i++) { o = 6 + 2 + n->offset + 12 * i; if (o + 8 > buf_size) return; n->count = i + 1; n->entries = exif_mem_realloc (ne->mem, n->entries, sizeof (MnoteCanonEntry) * (i+1)); memset (&n->entries[i], 0, sizeof (MnoteCanonEntry)); n->entries[i].tag = exif_get_short (buf + o, n->order); n->entries[i].format = exif_get_short (buf + o + 2, n->order); n->entries[i].components = exif_get_long (buf + o + 4, n->order); n->entries[i].order = n->order; /* * Size? If bigger than 4 bytes, the actual data is not * in the entry but somewhere else (offset). */ s = exif_format_get_size (n->entries[i].format) * n->entries[i].components; if (!s) return; o += 8; if (s > 4) o = exif_get_long (buf + o, n->order) + 6; if (o + s > buf_size) return; /* Sanity check */ n->entries[i].data = exif_mem_alloc (ne->mem, sizeof (char) * s); if (!n->entries[i].data) return; n->entries[i].size = s; memcpy (n->entries[i].data, buf + o, s); } }
ExifLoader * exif_loader_new_mem (ExifMem *mem) { ExifLoader *loader; if (!mem) return NULL; loader = exif_mem_alloc (mem, sizeof (ExifLoader)); if (!loader) return NULL; loader->ref_count = 1; loader->mem = mem; exif_mem_ref (mem); return loader; }
ExifEntry *create_tag_in_content(ExifContent *content, ExifTag tag, size_t len, ExifFormat exifFormat) { void *buf; ExifEntry *entry; size_t size; /* Create a memory allocator to manage this ExifEntry */ ExifMem *mem = exif_mem_new_default(); if (!mem) return NULL; /* Create a new ExifEntry using our allocator */ entry = exif_entry_new_mem (mem); if (entry) { /* Allocate memory to use for holding the tag data */ size = len * exif_format_get_size(exifFormat); buf = exif_mem_alloc(mem, size); if (buf) { /* Fill in the entry */ entry->data = (unsigned char*)buf; entry->size = size; entry->tag = tag; entry->components = len; entry->format = exifFormat; /* Attach the ExifEntry to an IFD */ exif_content_add_entry (content, entry); } exif_entry_unref(entry); } exif_mem_unref(mem); return entry; }
/* Set a libexif-formatted string entry. */ static void vips_exif_alloc_string( ExifEntry *entry, unsigned long components ) { ExifMem *mem; g_assert( !entry->data ); /* The string in the entry must be allocated with the same allocator * that was used to allocate the entry itself. We can't do this * because the allocator is private :( so we must assume the entry was * created with the default one. */ mem = exif_mem_new_default(); /* EXIF_FORMAT_UNDEFINED is correct for EXIF_TAG_USER_COMMENT, our * caller should change this if it wishes. */ entry->data = exif_mem_alloc( mem, components ); entry->size = components; entry->components = components; entry->format = EXIF_FORMAT_UNDEFINED; VIPS_FREEF( exif_mem_unref, mem ); }
static void exif_mnote_data_pentax_load (ExifMnoteData *en, const unsigned char *buf, unsigned int buf_size) { ExifMnoteDataPentax *n = (ExifMnoteDataPentax *) en; size_t i, tcount, o, datao, base = 0; ExifShort c; if (!n || !buf || !buf_size) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataPentax", "Short MakerNote"); return; } datao = 6 + n->offset; if ((datao + 8 < datao) || (datao + 8 < 8) || (datao + 8 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataPentax", "Short MakerNote"); return; } /* Detect variant of Pentax/Casio MakerNote found */ if (!memcmp(buf + datao, "AOC", 4)) { if ((buf[datao + 4] == 'I') && (buf[datao + 5] == 'I')) { n->version = pentaxV3; n->order = EXIF_BYTE_ORDER_INTEL; } else if ((buf[datao + 4] == 'M') && (buf[datao + 5] == 'M')) { n->version = pentaxV3; n->order = EXIF_BYTE_ORDER_MOTOROLA; } else { /* Uses Casio v2 tags */ n->version = pentaxV2; } exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax", "Parsing Pentax maker note v%d...", (int)n->version); datao += 4 + 2; base = MNOTE_PENTAX2_TAG_BASE; } else if (!memcmp(buf + datao, "QVC", 4)) { exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax", "Parsing Casio maker note v2..."); n->version = casioV2; base = MNOTE_CASIO2_TAG_BASE; datao += 4 + 2; } else { /* probably assert(!memcmp(buf + datao, "\x00\x1b", 2)) */ exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax", "Parsing Pentax maker note v1..."); n->version = pentaxV1; } /* Read the number of tags */ c = exif_get_short (buf + datao, n->order); datao += 2; /* Remove any old entries */ exif_mnote_data_pentax_clear (n); /* Reserve enough space for all the possible MakerNote tags */ n->entries = exif_mem_alloc (en->mem, sizeof (MnotePentaxEntry) * c); if (!n->entries) { EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataPentax", sizeof (MnotePentaxEntry) * c); return; } /* Parse all c entries, storing ones that are successfully parsed */ tcount = 0; for (i = c, o = datao; i; --i, o += 12) { size_t s; if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataPentax", "Short MakerNote"); break; } n->entries[tcount].tag = exif_get_short (buf + o + 0, n->order) + base; n->entries[tcount].format = exif_get_short (buf + o + 2, n->order); n->entries[tcount].components = exif_get_long (buf + o + 4, n->order); n->entries[tcount].order = n->order; exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnotePentax", "Loading entry 0x%x ('%s')...", n->entries[tcount].tag, mnote_pentax_tag_get_name (n->entries[tcount].tag)); /* * Size? If bigger than 4 bytes, the actual data is not * in the entry but somewhere else (offset). */ s = exif_format_get_size (n->entries[tcount].format) * n->entries[tcount].components; n->entries[tcount].size = s; if (s) { size_t dataofs = o + 8; if (s > 4) /* The data in this case is merely a pointer */ dataofs = exif_get_long (buf + dataofs, n->order) + 6; if ((dataofs + s < dataofs) || (dataofs + s < s) || (dataofs + s > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataPentax", "Tag data past end " "of buffer (%u > %u)", dataofs + s, buf_size); continue; } n->entries[tcount].data = exif_mem_alloc (en->mem, s); if (!n->entries[tcount].data) { EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataPentax", s); continue; } memcpy (n->entries[tcount].data, buf + dataofs, s); } /* Tag was successfully parsed */ ++tcount; } /* Store the count of successfully parsed tags */ n->count = tcount; }
static void exif_mnote_data_canon_save (ExifMnoteData *ne, unsigned char **buf, unsigned int *buf_size) { ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne; size_t i, o, s, doff; unsigned char *t; size_t ts; if (!n || !buf || !buf_size) return; /* * Allocate enough memory for all entries and the number * of entries. */ *buf_size = 2 + n->count * 12 + 4; *buf = exif_mem_alloc (ne->mem, sizeof (char) * *buf_size); if (!*buf) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", *buf_size); return; } /* Save the number of entries */ exif_set_short (*buf, n->order, (ExifShort) n->count); /* Save each entry */ for (i = 0; i < n->count; i++) { o = 2 + i * 12; exif_set_short (*buf + o + 0, n->order, (ExifShort) n->entries[i].tag); exif_set_short (*buf + o + 2, n->order, (ExifShort) n->entries[i].format); exif_set_long (*buf + o + 4, n->order, n->entries[i].components); o += 8; s = exif_format_get_size (n->entries[i].format) * n->entries[i].components; if (s > 65536) { /* Corrupt data: EXIF data size is limited to the * maximum size of a JPEG segment (64 kb). */ continue; } if (s > 4) { ts = *buf_size + s; /* Ensure even offsets. Set padding bytes to 0. */ if (s & 1) ts += 1; t = exif_mem_realloc (ne->mem, *buf, sizeof (char) * ts); if (!t) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", ts); return; } *buf = t; *buf_size = ts; doff = *buf_size - s; if (s & 1) { doff--; *(*buf + *buf_size - 1) = '\0'; } exif_set_long (*buf + o, n->order, n->offset + doff); } else doff = o; /* * Write the data. Fill unneeded bytes with 0. Do not * crash if data is NULL. */ if (!n->entries[i].data) memset (*buf + doff, 0, s); else memcpy (*buf + doff, n->entries[i].data, s); if (s < 4) memset (*buf + doff + s, 0, (4 - s)); } }
static void exif_mnote_data_olympus_load (ExifMnoteData *en, const unsigned char *buf, unsigned int buf_size) { ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) en; ExifShort c; unsigned int i, s, o, o2 = 0, datao = 6, base = 0; if (!n || !buf) return; /* Start of interesting data */ o2 = 6 + n->offset; /* * Olympus headers start with "OLYMP" and need to have at least * a size of 22 bytes (6 for 'OLYMP', 2 other bytes, 2 for the * number of entries, and 12 for one entry. * * Nikon headers start with "Nikon" (6 bytes including '\0'), * version number (1 or 2). * * Version 1 continues with 0, 1, 0, number_of_tags, * or just with number_of_tags (models D1H, D1X...). * * Version 2 continues with an unknown byte (0 or 10), * two unknown bytes (0), "MM" or "II", another byte 0 and * lastly 0x2A. */ if (buf_size - n->offset < 22) return; if (!memcmp (buf + o2, "OLYMP", 6)) { exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", "Parsing Olympus maker note v1..."); /* The number of entries is at position 8. */ n->version = olympusV1; if (buf[o2 + 6] == 1) n->order = EXIF_BYTE_ORDER_INTEL; else if (buf[o2 + 6 + 1] == 1) n->order = EXIF_BYTE_ORDER_MOTOROLA; o2 += 8; } else if (!memcmp (buf + o2, "OLYMPUS", 8)) { /* Olympus S760, S770 */ datao = o2; o2 += 8; exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", "Parsing Olympus maker note v2 (0x%02x, %02x, %02x, %02x)...", buf[o2], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3]); if ((buf[o2] == 'I') && (buf[o2 + 1] == 'I')) n->order = EXIF_BYTE_ORDER_INTEL; else if ((buf[o2] == 'M') && (buf[o2 + 1] == 'M')) n->order = EXIF_BYTE_ORDER_MOTOROLA; /* The number of entries is at position 8+4. */ n->version = olympusV2; o2 += 4; } else if (!memcmp (buf + o2, "Nikon", 6)) { o2 += 6; exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", "Parsing Nikon maker note (0x%02x, %02x, %02x, " "%02x, %02x, %02x, %02x, %02x)...", buf[o2 + 0], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3], buf[o2 + 4], buf[o2 + 5], buf[o2 + 6], buf[o2 + 7]); /* The first byte is the version. */ if (o2 >= buf_size) return; n->version = buf[o2]; o2 += 1; /* Skip an unknown byte (00 or 0A). */ o2 += 1; switch (n->version) { case nikonV1: base = MNOTE_NIKON1_TAG_BASE; break; case nikonV2: /* Skip 2 unknown bytes (00 00). */ o2 += 2; /* * Byte order. From here the data offset * gets calculated. */ datao = o2; if (o2 >= buf_size) return; if (!strncmp ((char *)&buf[o2], "II", 2)) n->order = EXIF_BYTE_ORDER_INTEL; else if (!strncmp ((char *)&buf[o2], "MM", 2)) n->order = EXIF_BYTE_ORDER_MOTOROLA; else { exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDatalympus", "Unknown " "byte order '%c%c'", buf[o2], buf[o2 + 1]); return; } o2 += 2; /* Skip 2 unknown bytes (00 2A). */ o2 += 2; /* Go to where the number of entries is. */ if (o2 >= buf_size) return; o2 = datao + exif_get_long (buf + o2, n->order); break; default: exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", "Unknown version " "number %i.", n->version); return; } } else if (!memcmp (buf + o2, "\0\x1b", 2)) { n->version = nikonV2; } else { return; } /* Number of entries */ if (o2 >= buf_size) return; c = exif_get_short (buf + o2, n->order); o2 += 2; /* Read the number of entries and remove old ones. */ exif_mnote_data_olympus_clear (n); n->entries = exif_mem_alloc (en->mem, sizeof (MnoteOlympusEntry) * c); if (!n->entries) return; /* Parse the entries */ for (i = 0; i < c; i++) { o = o2 + 12 * i; if (o + 12 > buf_size) return; n->count = i + 1; n->entries[i].tag = exif_get_short (buf + o, n->order) + base; n->entries[i].format = exif_get_short (buf + o + 2, n->order); n->entries[i].components = exif_get_long (buf + o + 4, n->order); n->entries[i].order = n->order; exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteOlympus", "Loading entry 0x%x ('%s')...", n->entries[i].tag, mnote_olympus_tag_get_name (n->entries[i].tag)); /* * Size? If bigger than 4 bytes, the actual data is not * in the entry but somewhere else (offset). */ s = exif_format_get_size (n->entries[i].format) * n->entries[i].components; if (!s) continue; o += 8; if (s > 4) o = exif_get_long (buf + o, n->order) + datao; if (o + s > buf_size) continue; /* Sanity check */ n->entries[i].data = exif_mem_alloc (en->mem, s); if (!n->entries[i].data) continue; n->entries[i].size = s; memcpy (n->entries[i].data, buf + o, s); } }
static void exif_mnote_data_canon_load (ExifMnoteData *ne, const unsigned char *buf, unsigned int buf_size) { ExifMnoteDataCanon *n = (ExifMnoteDataCanon *) ne; ExifShort c; size_t i, tcount, o, datao; if (!n || !buf || !buf_size) { exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteCanon", "Short MakerNote"); return; } datao = 6 + n->offset; if ((datao + 2 < datao) || (datao + 2 < 2) || (datao + 2 > buf_size)) { exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteCanon", "Short MakerNote"); return; } /* Read the number of tags */ c = exif_get_short (buf + datao, n->order); datao += 2; /* Remove any old entries */ exif_mnote_data_canon_clear (n); /* Reserve enough space for all the possible MakerNote tags */ n->entries = exif_mem_alloc (ne->mem, sizeof (MnoteCanonEntry) * c); if (!n->entries) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", sizeof (MnoteCanonEntry) * c); return; } /* Parse the entries */ tcount = 0; for (i = c, o = datao; i; --i, o += 12) { size_t s; if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteCanon", "Short MakerNote"); break; } n->entries[tcount].tag = exif_get_short (buf + o, n->order); n->entries[tcount].format = exif_get_short (buf + o + 2, n->order); n->entries[tcount].components = exif_get_long (buf + o + 4, n->order); n->entries[tcount].order = n->order; exif_log (ne->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteCanon", "Loading entry 0x%x ('%s')...", n->entries[tcount].tag, mnote_canon_tag_get_name (n->entries[tcount].tag)); /* * Size? If bigger than 4 bytes, the actual data is not * in the entry but somewhere else (offset). */ s = exif_format_get_size (n->entries[tcount].format) * n->entries[tcount].components; n->entries[tcount].size = s; if (!s) { exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteCanon", "Invalid zero-length tag size"); continue; } else { size_t dataofs = o + 8; if (s > 4) dataofs = exif_get_long (buf + dataofs, n->order) + 6; if ((dataofs + s < s) || (dataofs + s < dataofs) || (dataofs + s > buf_size)) { exif_log (ne->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteCanon", "Tag data past end of buffer (%u > %u)", dataofs + s, buf_size); continue; } n->entries[tcount].data = exif_mem_alloc (ne->mem, s); if (!n->entries[tcount].data) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteCanon", s); continue; } memcpy (n->entries[tcount].data, buf + dataofs, s); } /* Tag was successfully parsed */ ++tcount; } /* Store the count of successfully parsed tags */ n->count = tcount; }
static void exif_mnote_data_pentax_load (ExifMnoteData *en, const unsigned char *buf, unsigned int buf_size) { ExifMnoteDataPentax *n = (ExifMnoteDataPentax *) en; unsigned int i, o, s, datao = 6 + n->offset, base = 0; ExifShort c; /* Number of entries */ if (buf_size < datao + (4 + 2) + 2) return; if (!memcmp(buf + datao, "AOC", 4)) { if ((buf[datao + 4] == 'I') && (buf[datao + 5] == 'I')) { n->version = pentaxV3; n->order = EXIF_BYTE_ORDER_INTEL; } else if ((buf[datao + 4] == 'M') && (buf[datao + 5] == 'M')) { n->version = pentaxV3; n->order = EXIF_BYTE_ORDER_MOTOROLA; } else { /* Uses Casio v2 tags */ n->version = pentaxV2; } datao += 4 + 2; base = MNOTE_PENTAX2_TAG_BASE; } if (!memcmp(buf + datao, "QVC", 4)) { n->version = casioV2; base = MNOTE_CASIO2_TAG_BASE; datao += 4 + 2; } else { n->version = pentaxV1; } c = exif_get_short (buf + datao, n->order); n->entries = (MnotePentaxEntry *)exif_mem_alloc (en->mem, sizeof (MnotePentaxEntry) * c); if (!n->entries) return; for (i = 0; i < c; i++) { o = datao + 2 + 12 * i; if (o + 8 > buf_size) return; n->count = i + 1; n->entries[i].tag = exif_get_short (buf + o + 0, n->order) + base; n->entries[i].format = exif_get_short (buf + o + 2, n->order); n->entries[i].components = exif_get_long (buf + o + 4, n->order); n->entries[i].order = n->order; /* * Size? If bigger than 4 bytes, the actual data is not * in the entry but somewhere else (offset). */ s = exif_format_get_size (n->entries[i].format) * n->entries[i].components; if (!s) return; o += 8; if (s > 4) o = exif_get_long (buf + o, n->order) + 6; if (o + s > buf_size) return; /* Sanity check */ n->entries[i].data = (unsigned char *)exif_mem_alloc (en->mem, s); if (!n->entries[i].data) return; n->entries[i].size = s; memcpy (n->entries[i].data, buf + o, s); } }
static void exif_mnote_data_fuji_save (ExifMnoteData *ne, unsigned char **buf, unsigned int *buf_size) { ExifMnoteDataFuji *n = (ExifMnoteDataFuji *) ne; size_t i, o, s, doff; unsigned char *t; size_t ts; if (!n || !buf || !buf_size) return; /* * Allocate enough memory for all entries and the number * of entries. */ *buf_size = 8 + 4 + 2 + n->count * 12 + 4; *buf = exif_mem_alloc (ne->mem, *buf_size); if (!*buf) { *buf_size = 0; return; } /* * Header: "FUJIFILM" and 4 bytes offset to the first entry. * As the first entry will start right thereafter, the offset is 12. */ memcpy (*buf, "FUJIFILM", 8); exif_set_long (*buf + 8, n->order, 12); /* Save the number of entries */ exif_set_short (*buf + 8 + 4, n->order, (ExifShort) n->count); /* Save each entry */ for (i = 0; i < n->count; i++) { o = 8 + 4 + 2 + i * 12; exif_set_short (*buf + o + 0, n->order, (ExifShort) n->entries[i].tag); exif_set_short (*buf + o + 2, n->order, (ExifShort) n->entries[i].format); exif_set_long (*buf + o + 4, n->order, n->entries[i].components); o += 8; s = exif_format_get_size (n->entries[i].format) * n->entries[i].components; if (s > 65536) { /* Corrupt data: EXIF data size is limited to the * maximum size of a JPEG segment (64 kb). */ continue; } if (s > 4) { ts = *buf_size + s; /* Ensure even offsets. Set padding bytes to 0. */ if (s & 1) ts += 1; t = exif_mem_realloc (ne->mem, *buf, ts); if (!t) { return; } *buf = t; *buf_size = ts; doff = *buf_size - s; if (s & 1) { doff--; *(*buf + *buf_size - 1) = '\0'; } exif_set_long (*buf + o, n->order, doff); } else doff = o; /* * Write the data. Fill unneeded bytes with 0. Do not * crash if data is NULL. */ if (!n->entries[i].data) memset (*buf + doff, 0, s); else memcpy (*buf + doff, n->entries[i].data, s); } }
static void exif_mnote_data_olympus_load (ExifMnoteData *en, const unsigned char *buf, unsigned int buf_size) { ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) en; ExifShort c; size_t i, tcount, o, o2, datao = 6, base = 0; if (!n || !buf || !buf_size) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataOlympus", "Short MakerNote"); return; } o2 = 6 + n->offset; /* Start of interesting data */ if ((o2 + 10 < o2) || (o2 + 10 < 10) || (o2 + 10 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataOlympus", "Short MakerNote"); return; } /* * Olympus headers start with "OLYMP" and need to have at least * a size of 22 bytes (6 for 'OLYMP', 2 other bytes, 2 for the * number of entries, and 12 for one entry. * * Sanyo format is identical and uses identical tags except that * header starts with "SANYO". * * Epson format is identical and uses identical tags except that * header starts with "EPSON". * * Nikon headers start with "Nikon" (6 bytes including '\0'), * version number (1 or 2). * * Version 1 continues with 0, 1, 0, number_of_tags, * or just with number_of_tags (models D1H, D1X...). * * Version 2 continues with an unknown byte (0 or 10), * two unknown bytes (0), "MM" or "II", another byte 0 and * lastly 0x2A. */ if (!memcmp (buf + o2, "OLYMP", 6) || !memcmp (buf + o2, "SANYO", 6) || !memcmp (buf + o2, "EPSON", 6)) { exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", "Parsing Olympus/Sanyo/Epson maker note v1..."); /* The number of entries is at position 8. */ if (!memcmp (buf + o2, "SANYO", 6)) n->version = sanyoV1; else if (!memcmp (buf + o2, "EPSON", 6)) n->version = epsonV1; else n->version = olympusV1; if (buf[o2 + 6] == 1) n->order = EXIF_BYTE_ORDER_INTEL; else if (buf[o2 + 6 + 1] == 1) n->order = EXIF_BYTE_ORDER_MOTOROLA; o2 += 8; if (o2 + 2 > buf_size) return; c = exif_get_short (buf + o2, n->order); if ((!(c & 0xFF)) && (c > 0x500)) { if (n->order == EXIF_BYTE_ORDER_INTEL) { n->order = EXIF_BYTE_ORDER_MOTOROLA; } else { n->order = EXIF_BYTE_ORDER_INTEL; } } } else if (!memcmp (buf + o2, "OLYMPUS", 8)) { /* Olympus S760, S770 */ datao = o2; o2 += 8; exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", "Parsing Olympus maker note v2 (0x%02x, %02x, %02x, %02x)...", buf[o2], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3]); if ((buf[o2] == 'I') && (buf[o2 + 1] == 'I')) n->order = EXIF_BYTE_ORDER_INTEL; else if ((buf[o2] == 'M') && (buf[o2 + 1] == 'M')) n->order = EXIF_BYTE_ORDER_MOTOROLA; /* The number of entries is at position 8+4. */ n->version = olympusV2; o2 += 4; } else if (!memcmp (buf + o2, "Nikon", 6)) { o2 += 6; exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", "Parsing Nikon maker note (0x%02x, %02x, %02x, " "%02x, %02x, %02x, %02x, %02x)...", buf[o2 + 0], buf[o2 + 1], buf[o2 + 2], buf[o2 + 3], buf[o2 + 4], buf[o2 + 5], buf[o2 + 6], buf[o2 + 7]); /* The first byte is the version. */ if (o2 >= buf_size) return; n->version = buf[o2]; o2 += 1; /* Skip an unknown byte (00 or 0A). */ o2 += 1; switch (n->version) { case nikonV1: base = MNOTE_NIKON1_TAG_BASE; /* Fix endianness, if needed */ if (o2 + 2 > buf_size) return; c = exif_get_short (buf + o2, n->order); if ((!(c & 0xFF)) && (c > 0x500)) { if (n->order == EXIF_BYTE_ORDER_INTEL) { n->order = EXIF_BYTE_ORDER_MOTOROLA; } else { n->order = EXIF_BYTE_ORDER_INTEL; } } break; case nikonV2: /* Skip 2 unknown bytes (00 00). */ o2 += 2; /* * Byte order. From here the data offset * gets calculated. */ datao = o2; if (o2 >= buf_size) return; if (!strncmp ((char *)&buf[o2], "II", 2)) n->order = EXIF_BYTE_ORDER_INTEL; else if (!strncmp ((char *)&buf[o2], "MM", 2)) n->order = EXIF_BYTE_ORDER_MOTOROLA; else { exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDatalympus", "Unknown " "byte order '%c%c'", buf[o2], buf[o2 + 1]); return; } o2 += 2; /* Skip 2 unknown bytes (00 2A). */ o2 += 2; /* Go to where the number of entries is. */ if (o2 + 4 > buf_size) return; o2 = datao + exif_get_long (buf + o2, n->order); break; default: exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataOlympus", "Unknown version " "number %i.", n->version); return; } } else if (!memcmp (buf + o2, "\0\x1b", 2)) { n->version = nikonV2; /* 00 1b is # of entries in Motorola order - the rest should also be in MM order */ n->order = EXIF_BYTE_ORDER_MOTOROLA; } else { return; } /* Sanity check the offset */ if ((o2 + 2 < o2) || (o2 + 2 < 2) || (o2 + 2 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteOlympus", "Short MakerNote"); return; } /* Read the number of tags */ c = exif_get_short (buf + o2, n->order); o2 += 2; /* Remove any old entries */ exif_mnote_data_olympus_clear (n); /* Reserve enough space for all the possible MakerNote tags */ n->entries = exif_mem_alloc (en->mem, sizeof (MnoteOlympusEntry) * c); if (!n->entries) { EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteOlympus", sizeof (MnoteOlympusEntry) * c); return; } /* Parse all c entries, storing ones that are successfully parsed */ tcount = 0; for (i = c, o = o2; i; --i, o += 12) { size_t s; if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteOlympus", "Short MakerNote"); break; } n->entries[tcount].tag = exif_get_short (buf + o, n->order) + base; n->entries[tcount].format = exif_get_short (buf + o + 2, n->order); n->entries[tcount].components = exif_get_long (buf + o + 4, n->order); n->entries[tcount].order = n->order; exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteOlympus", "Loading entry 0x%x ('%s')...", n->entries[tcount].tag, mnote_olympus_tag_get_name (n->entries[tcount].tag)); /* exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteOlympus", "0x%x %d %ld*(%d)", n->entries[tcount].tag, n->entries[tcount].format, n->entries[tcount].components, (int)exif_format_get_size(n->entries[tcount].format)); */ /* * Size? If bigger than 4 bytes, the actual data is not * in the entry but somewhere else (offset). */ s = exif_format_get_size (n->entries[tcount].format) * n->entries[tcount].components; n->entries[tcount].size = s; if (s) { size_t dataofs = o + 8; if (s > 4) { /* The data in this case is merely a pointer */ dataofs = exif_get_long (buf + dataofs, n->order) + datao; #ifdef EXIF_OVERCOME_SANYO_OFFSET_BUG /* Some Sanyo models (e.g. VPC-C5, C40) suffer from a bug when * writing the offset for the MNOTE_OLYMPUS_TAG_THUMBNAILIMAGE * tag in its MakerNote. The offset is actually the absolute * position in the file instead of the position within the IFD. */ if (dataofs + s > buf_size && n->version == sanyoV1) { /* fix pointer */ dataofs -= datao + 6; exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteOlympus", "Inconsistent thumbnail tag offset; attempting to recover"); } #endif } if ((dataofs + s < dataofs) || (dataofs + s < s) || (dataofs + s > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteOlympus", "Tag data past end of buffer (%u > %u)", dataofs + s, buf_size); continue; } n->entries[tcount].data = exif_mem_alloc (en->mem, s); if (!n->entries[tcount].data) { EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteOlympus", s); continue; } memcpy (n->entries[tcount].data, buf + dataofs, s); } /* Tag was successfully parsed */ ++tcount; } /* Store the count of successfully parsed tags */ n->count = tcount; }
/** * @brief save the MnoteData from ne to buf * * @param ne extract the data from this structure * @param *buf write the mnoteData to this buffer (buffer will be allocated) * @param buf_size the final size of the buffer */ static void exif_mnote_data_pentax_save (ExifMnoteData *ne, unsigned char **buf, unsigned int *buf_size) { ExifMnoteDataPentax *n = (ExifMnoteDataPentax *) ne; size_t i, base = 0, /* internal MakerNote tag number offset */ o2 = 4 + 2; /* offset to first tag entry, past header */ size_t datao = n->offset; /* this MakerNote style uses offsets based on main IFD, not makernote IFD */ if (!n || !buf || !buf_size) return; /* * Allocate enough memory for header, the number of entries, entries, * and next IFD pointer */ *buf_size = o2 + 2 + n->count * 12 + 4; switch (n->version) { case casioV2: base = MNOTE_PENTAX2_TAG_BASE; *buf = exif_mem_alloc (ne->mem, *buf_size); if (!*buf) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size); return; } /* Write the magic header */ strcpy ((char *)*buf, "QVC"); exif_set_short (*buf + 4, n->order, (ExifShort) 0); break; case pentaxV3: base = MNOTE_PENTAX2_TAG_BASE; *buf = exif_mem_alloc (ne->mem, *buf_size); if (!*buf) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size); return; } /* Write the magic header */ strcpy ((char *)*buf, "AOC"); exif_set_short (*buf + 4, n->order, (ExifShort) ( (n->order == EXIF_BYTE_ORDER_INTEL) ? ('I' << 8) | 'I' : ('M' << 8) | 'M')); break; case pentaxV2: base = MNOTE_PENTAX2_TAG_BASE; *buf = exif_mem_alloc (ne->mem, *buf_size); if (!*buf) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size); return; } /* Write the magic header */ strcpy ((char *)*buf, "AOC"); exif_set_short (*buf + 4, n->order, (ExifShort) 0); break; case pentaxV1: /* It looks like this format doesn't have a magic header as * such, just has a fixed number of entries equal to 0x001b */ *buf_size -= 6; o2 -= 6; *buf = exif_mem_alloc (ne->mem, *buf_size); if (!*buf) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", *buf_size); return; } break; default: /* internal error */ return; } /* Write the number of entries. */ exif_set_short (*buf + o2, n->order, (ExifShort) n->count); o2 += 2; /* Save each entry */ for (i = 0; i < n->count; i++) { size_t doff; /* offset to current data portion of tag */ size_t s; unsigned char *t; size_t o = o2 + i * 12; /* current offset into output buffer */ exif_set_short (*buf + o + 0, n->order, (ExifShort) (n->entries[i].tag - base)); exif_set_short (*buf + o + 2, n->order, (ExifShort) n->entries[i].format); exif_set_long (*buf + o + 4, n->order, n->entries[i].components); o += 8; s = exif_format_get_size (n->entries[i].format) * n->entries[i].components; if (s > 65536) { /* Corrupt data: EXIF data size is limited to the * maximum size of a JPEG segment (64 kb). */ continue; } if (s > 4) { size_t ts = *buf_size + s; doff = *buf_size; t = exif_mem_realloc (ne->mem, *buf, sizeof (char) * ts); if (!t) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataPentax", ts); return; } *buf = t; *buf_size = ts; exif_set_long (*buf + o, n->order, datao + doff); } else doff = o; /* Write the data. */ if (n->entries[i].data) { memcpy (*buf + doff, n->entries[i].data, s); } else { /* Most certainly damaged input file */ memset (*buf + doff, 0, s); } } /* Sanity check the buffer size */ if (*buf_size < (o2 + n->count * 12 + 4)) { exif_log (ne->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataPentax", "Buffer overflow"); } /* Reset next IFD pointer */ exif_set_long (*buf + o2 + n->count * 12, n->order, 0); }
/** * @brief save the MnoteData from ne to buf * * @param ne extract the data from this structure * @param *buf write the mnoteData to this buffer (buffer will be allocated) * @param buf_size the size of the buffer */ static void exif_mnote_data_olympus_save (ExifMnoteData *ne, unsigned char **buf, unsigned int *buf_size) { ExifMnoteDataOlympus *n = (ExifMnoteDataOlympus *) ne; size_t i, o, s, doff, base = 0, o2 = 6 + 2; size_t datao = 0; unsigned char *t; size_t ts; if (!n || !buf || !buf_size) return; /* * Allocate enough memory for all entries and the number of entries. */ *buf_size = 6 + 2 + 2 + n->count * 12; switch (n->version) { case olympusV1: case sanyoV1: case epsonV1: *buf = exif_mem_alloc (ne->mem, *buf_size); if (!*buf) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataOlympus", *buf_size); return; } /* Write the header and the number of entries. */ strcpy ((char *)*buf, n->version==sanyoV1?"SANYO": (n->version==epsonV1?"EPSON":"OLYMP")); exif_set_short (*buf + 6, n->order, (ExifShort) 1); datao = n->offset; break; case olympusV2: *buf_size += 8-6 + 4; *buf = exif_mem_alloc (ne->mem, *buf_size); if (!*buf) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataOlympus", *buf_size); return; } /* Write the header and the number of entries. */ strcpy ((char *)*buf, "OLYMPUS"); exif_set_short (*buf + 8, n->order, (ExifShort) ( (n->order == EXIF_BYTE_ORDER_INTEL) ? ('I' << 8) | 'I' : ('M' << 8) | 'M')); exif_set_short (*buf + 10, n->order, (ExifShort) 3); o2 += 4; break; case nikonV1: base = MNOTE_NIKON1_TAG_BASE; /* v1 has offsets based to main IFD, not makernote IFD */ datao += n->offset + 10; /* subtract the size here, so the increment in the next case will not harm us */ *buf_size -= 8 + 2; /* Fall through */ case nikonV2: *buf_size += 8 + 2; *buf_size += 4; /* Next IFD pointer */ *buf = exif_mem_alloc (ne->mem, *buf_size); if (!*buf) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataOlympus", *buf_size); return; } /* Write the header and the number of entries. */ strcpy ((char *)*buf, "Nikon"); (*buf)[6] = n->version; if (n->version == nikonV2) { exif_set_short (*buf + 10, n->order, (ExifShort) ( (n->order == EXIF_BYTE_ORDER_INTEL) ? ('I' << 8) | 'I' : ('M' << 8) | 'M')); exif_set_short (*buf + 12, n->order, (ExifShort) 0x2A); exif_set_long (*buf + 14, n->order, (ExifShort) 8); o2 += 2 + 8; } datao -= 10; /* Reset next IFD pointer */ exif_set_long (*buf + o2 + 2 + n->count * 12, n->order, 0); break; default: return; } exif_set_short (*buf + o2, n->order, (ExifShort) n->count); o2 += 2; /* Save each entry */ for (i = 0; i < n->count; i++) { o = o2 + i * 12; exif_set_short (*buf + o + 0, n->order, (ExifShort) (n->entries[i].tag - base)); exif_set_short (*buf + o + 2, n->order, (ExifShort) n->entries[i].format); exif_set_long (*buf + o + 4, n->order, n->entries[i].components); o += 8; s = exif_format_get_size (n->entries[i].format) * n->entries[i].components; if (s > 65536) { /* Corrupt data: EXIF data size is limited to the * maximum size of a JPEG segment (64 kb). */ continue; } if (s > 4) { doff = *buf_size; ts = *buf_size + s; t = exif_mem_realloc (ne->mem, *buf, sizeof (char) * ts); if (!t) { EXIF_LOG_NO_MEMORY(ne->log, "ExifMnoteDataOlympus", ts); return; } *buf = t; *buf_size = ts; exif_set_long (*buf + o, n->order, datao + doff); } else doff = o; /* Write the data. */ if (n->entries[i].data) { memcpy (*buf + doff, n->entries[i].data, s); } else { /* Most certainly damaged input file */ memset (*buf + doff, 0, s); } } }
static void exif_mnote_data_fuji_load (ExifMnoteData *en, const unsigned char *buf, unsigned int buf_size) { ExifMnoteDataFuji *n = (ExifMnoteDataFuji*) en; ExifLong c; size_t i, tcount, o, datao; if (!n || !buf || !buf_size) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataFuji", "Short MakerNote"); return; } datao = 6 + n->offset; if ((datao + 12 < datao) || (datao + 12 < 12) || (datao + 12 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataFuji", "Short MakerNote"); return; } n->order = EXIF_BYTE_ORDER_INTEL; datao += exif_get_long (buf + datao + 8, EXIF_BYTE_ORDER_INTEL); if ((datao + 2 < datao) || (datao + 2 < 2) || (datao + 2 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataFuji", "Short MakerNote"); return; } /* Read the number of tags */ c = exif_get_short (buf + datao, EXIF_BYTE_ORDER_INTEL); datao += 2; /* Remove any old entries */ exif_mnote_data_fuji_clear (n); /* Reserve enough space for all the possible MakerNote tags */ n->entries = exif_mem_alloc (en->mem, sizeof (MnoteFujiEntry) * c); if (!n->entries) { EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataFuji", sizeof (MnoteFujiEntry) * c); return; } /* Parse all c entries, storing ones that are successfully parsed */ tcount = 0; for (i = c, o = datao; i; --i, o += 12) { size_t s; if ((o + 12 < o) || (o + 12 < 12) || (o + 12 > buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataFuji", "Short MakerNote"); break; } n->entries[tcount].tag = exif_get_short (buf + o, n->order); n->entries[tcount].format = exif_get_short (buf + o + 2, n->order); n->entries[tcount].components = exif_get_long (buf + o + 4, n->order); n->entries[tcount].order = n->order; exif_log (en->log, EXIF_LOG_CODE_DEBUG, "ExifMnoteDataFuji", "Loading entry 0x%x ('%s')...", n->entries[tcount].tag, mnote_fuji_tag_get_name (n->entries[tcount].tag)); /* * Size? If bigger than 4 bytes, the actual data is not * in the entry but somewhere else (offset). */ s = exif_format_get_size (n->entries[tcount].format) * n->entries[tcount].components; n->entries[tcount].size = s; if (s) { size_t dataofs = o + 8; if (s > 4) /* The data in this case is merely a pointer */ dataofs = exif_get_long (buf + dataofs, n->order) + 6 + n->offset; if ((dataofs + s < dataofs) || (dataofs + s < s) || (dataofs + s >= buf_size)) { exif_log (en->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifMnoteDataFuji", "Tag data past end of " "buffer (%zu >= %u)", dataofs + s, buf_size); continue; } n->entries[tcount].data = exif_mem_alloc (en->mem, s); if (!n->entries[tcount].data) { EXIF_LOG_NO_MEMORY(en->log, "ExifMnoteDataFuji", s); continue; } memcpy (n->entries[tcount].data, buf + dataofs, s); } /* Tag was successfully parsed */ ++tcount; } /* Store the count of successfully parsed tags */ n->count = tcount; }