xymp
/
exiv2
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #105 from Kicer86/bigtiff

Browse Source 
Work in progress - improvements for bigtiff
v0.27.3
Luis Díaz Más 8 years ago committed by GitHub
parent 8e4aff29c2 2e535d8a27
commit 4beb08e219
2 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File

2
include/exiv2/config.h
Unescape Escape View File

@ -81,6 +81,8 @@ typedef int pid_t;
#ifndef WIN32_LEAN_AND_MEAN
#define WIN32_LEAN_AND_MEAN
#endif
#define NOMINMAX
#include <windows.h>
#endif // _MSC_VER

21
src/bigtiffimage.cpp
Unescape Escape View File

@ -2,6 +2,7 @@
#include "bigtiffimage.hpp"
#include <cassert>
#include <limits>
#include "exif.hpp"
#include "image_int.hpp"
@ -226,13 +227,24 @@ namespace Exiv2
: is8ByteType(type) ? 8
: 1;
// #55 memory allocation crash test/data/POC8
long long allocate = (long long) size*count + pad;
if ( allocate > (long long) io.size() ) {
// #55 and #56 memory allocation crash test/data/POC8
// size * count > std::numeric_limits<uint64_t>::max()
// =>
// size > std::numeric_limits<uint64_t>::max() / count
if (size > std::numeric_limits<uint64_t>::max() / count)
throw Error(57); // we got number bigger than 2^64
// more than we can handle
if (size * count > std::numeric_limits<uint64_t>::max() - pad)
throw Error(57); // again more than 2^64
const uint64_t allocate = size*count + pad;
if ( allocate > io.size() ) {
throw Error(57);
}
DataBuf buf((long)allocate);
DataBuf buf(allocate);
const uint64_t offset = header_.format() == Header::StandardTiff?
byteSwap4(data, 0, doSwap_):
@ -313,7 +325,6 @@ namespace Exiv2
byteSwap8(buf, k*size, doSwap_):
byteSwap4(buf, k*size, doSwap_);
std::cerr << "tag = " << Internal::stringFormat("%#x",tag) << std::endl;
printIFD(out, option, ifdOffset, depth);
io.seek(restore, BasicIo::beg);
}

Write Preview
Loading…
Cancel
Save