[Geeqie-devel] [PATCH 1/1] Properly open and work with large TIFF files.

Martin Pelikán Sun, 19 Jun 2016 09:06:11 -0700

Any file between 2^31 and 2^32 bytes shouldn't have its size displayed
as a negative number. Viewing more than 32768 pixels in each dimension
is only a matter of using 64bit arithmetic when calculating allocation
sizes and pointers into that memory. Multiplying is always suspicious.


While there, make the error messages clearer about what went wrong.
---
 src/filedata.c        |  2 +-
 src/image_load_tiff.c | 24 +++++++++++++-----------
 src/pixbuf-renderer.c |  5 ++++-
 3 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/src/filedata.c b/src/filedata.c
index 33433c0..54de50f 100644
--- a/src/filedata.c
+++ b/src/filedata.c
@@ -64,7 +64,7 @@ gchar *text_from_size(gint64 size)
        /* what I would like to use is printf("%'d", size)
         * BUT: not supported on every libc :(
         */
-       if (size > G_MAXUINT)
+       if (size > G_MAXINT)
                {
                /* the %lld conversion is not valid in all libcs, so use a 
simple work-around */
                a = g_strdup_printf("%d%09d", (guint)(size / 1000000000), 
(guint)(size % 1000000000));
diff --git a/src/image_load_tiff.c b/src/image_load_tiff.c
index 33f238f..a3c8ce6 100644
--- a/src/image_load_tiff.c
+++ b/src/image_load_tiff.c
@@ -141,7 +141,8 @@ static gboolean image_loader_tiff_load (gpointer loader, 
const guchar *buf, gsiz
 
        TIFF *tiff;
        guchar *pixels = NULL;
-       gint width, height, rowstride, bytes;
+       gint width, height, rowstride;
+       size_t bytes;
        uint32 rowsperstrip;
 
        lt->buffer = buf;
@@ -186,15 +187,15 @@ static gboolean image_loader_tiff_load (gpointer loader, 
const guchar *buf, gsiz
        rowstride = width * 4;
        if (rowstride / 4 != width)
                { /* overflow */
-               DEBUG_1("Dimensions of TIFF image too large");
+               DEBUG_1("Dimensions of TIFF image too large: width %d", width);
                TIFFClose(tiff);
                return FALSE;
                }
 
-       bytes = height * rowstride;
-       if (bytes / rowstride != height)
+       bytes = (size_t) height * rowstride;
+       if (bytes / rowstride != (size_t) height)
                { /* overflow */
-               DEBUG_1("Dimensions of TIFF image too large");
+               DEBUG_1("Dimensions of TIFF image too large: height %d", 
height);
                TIFFClose(tiff);
                return FALSE;
                }
@@ -207,7 +208,7 @@ static gboolean image_loader_tiff_load (gpointer loader, 
const guchar *buf, gsiz
 
        if (!pixels)
                {
-               DEBUG_1("Insufficient memory to open TIFF file");
+               DEBUG_1("Insufficient memory to open TIFF file: need %zu", 
bytes);
                TIFFClose(tiff);
                return FALSE;
                }
@@ -228,8 +229,9 @@ static gboolean image_loader_tiff_load (gpointer loader, 
const guchar *buf, gsiz
        if (TIFFGetField(tiff, TIFFTAG_ROWSPERSTRIP, &rowsperstrip))
                {
                /* read by strip */
-               int row;
-               guchar *wrk_line = (guchar *)g_malloc(width * sizeof (uint32));
+               ptrdiff_t row;
+               const size_t line_bytes = width * sizeof(uint32);
+               guchar *wrk_line = (guchar *)g_malloc(line_bytes);
 
                for (row = 0; row < height; row += rowsperstrip)
                        {
@@ -263,9 +265,9 @@ static gboolean image_loader_tiff_load (gpointer loader, 
const guchar *buf, gsiz
                                top_line = pixels + (row + i_row) * rowstride;
                                bottom_line = pixels + (row + rows_to_write - 
i_row - 1) * rowstride;
 
-                               memcpy(wrk_line, top_line, 4*width);
-                               memcpy(top_line, bottom_line, 4*width);
-                               memcpy(bottom_line, wrk_line, 4*width);
+                               memcpy(wrk_line, top_line, line_bytes);
+                               memcpy(top_line, bottom_line, line_bytes);
+                               memcpy(bottom_line, wrk_line, line_bytes);
                                }
                        lt->area_updated_cb(loader, 0, row, width, 
rows_to_write, lt->data);
                        }
diff --git a/src/pixbuf-renderer.c b/src/pixbuf-renderer.c
index 8074e26..327e398 100644
--- a/src/pixbuf-renderer.c
+++ b/src/pixbuf-renderer.c
@@ -2769,6 +2769,7 @@ gboolean pixbuf_renderer_get_pixel_colors(PixbufRenderer 
*pr, gint x_pixel, gint
        gint p_alpha, prs;
        guchar *p_pix, *pp;
        gint map_x, map_y, map_w, map_h;
+       size_t xoff, yoff;
 
        g_return_val_if_fail(IS_PIXBUF_RENDERER(pr), FALSE);
        g_return_val_if_fail(r_mouse != NULL && g_mouse != NULL && b_mouse != 
NULL, FALSE);
@@ -2797,7 +2798,9 @@ gboolean pixbuf_renderer_get_pixel_colors(PixbufRenderer 
*pr, gint x_pixel, gint
        prs = gdk_pixbuf_get_rowstride(pb);
        p_pix = gdk_pixbuf_get_pixels(pb);
 
-       pp = p_pix + map_y * prs + (map_x * (p_alpha ? 4 : 3));
+       xoff = (size_t)map_x * (p_alpha ? 4 : 3);
+       yoff = (size_t)map_y * prs;
+       pp = p_pix + yoff + xoff;
        *r_mouse = *pp;
        pp++;
        *g_mouse = *pp;
-- 
2.8.0.rc3.226.g39d4020


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports. http://sdm.link/zohomanageengine
_______________________________________________
Geeqie-devel mailing list
Geeqie-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geeqie-devel

[Geeqie-devel] [PATCH 1/1] Properly open and work with large TIFF files.

Reply via email to