1 diff -Naur tiff-4.0.3.orig/tools/tiff2pdf.c tiff-4.0.3/tools/tiff2pdf.c
2 --- tiff-4.0.3.orig/tools/tiff2pdf.c 2012-07-25 22:56:43.000000000 -0400
3 +++ tiff-4.0.3/tools/tiff2pdf.c 2013-05-02 12:04:49.057090227 -0400
4 @@ -3341,33 +3341,56 @@
5 uint32 height){
6
7 tsize_t i=0;
8 - uint16 ri =0;
9 - uint16 v_samp=1;
10 - uint16 h_samp=1;
11 - int j=0;
12 -
13 - i++;
14 -
15 - while(i<(*striplength)){
16 +
17 + while (i < *striplength) {
18 + tsize_t datalen;
19 + uint16 ri;
20 + uint16 v_samp;
21 + uint16 h_samp;
22 + int j;
23 + int ncomp;
24 +
25 + /* marker header: one or more FFs */
26 + if (strip[i] != 0xff)
27 + return(0);
28 + i++;
29 + while (i < *striplength && strip[i] == 0xff)
30 + i++;
31 + if (i >= *striplength)
32 + return(0);
33 + /* SOI is the only pre-SOS marker without a length word */
34 + if (strip[i] == 0xd8)
35 + datalen = 0;
36 + else {
37 + if ((*striplength - i) <= 2)
38 + return(0);
39 + datalen = (strip[i+1] << 8) | strip[i+2];
40 + if (datalen < 2 || datalen >= (*striplength - i))
41 + return(0);
42 + }
43 switch( strip[i] ){
44 - case 0xd8:
45 - /* SOI - start of image */
46 + case 0xd8: /* SOI - start of image */
47 _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
48 *bufferoffset+=2;
49 - i+=2;
50 break;
51 - case 0xc0:
52 - case 0xc1:
53 - case 0xc3:
54 - case 0xc9:
55 - case 0xca:
56 + case 0xc0: /* SOF0 */
57 + case 0xc1: /* SOF1 */
58 + case 0xc3: /* SOF3 */
59 + case 0xc9: /* SOF9 */
60 + case 0xca: /* SOF10 */
61 if(no==0){
62 - _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
63 - for(j=0;j<buffer[*bufferoffset+9];j++){
64 - if( (buffer[*bufferoffset+11+(2*j)]>>4) > h_samp)
65 - h_samp = (buffer[*bufferoffset+11+(2*j)]>>4);
66 - if( (buffer[*bufferoffset+11+(2*j)] & 0x0f) > v_samp)
67 - v_samp = (buffer[*bufferoffset+11+(2*j)] & 0x0f);
68 + _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
69 + ncomp = buffer[*bufferoffset+9];
70 + if (ncomp < 1 || ncomp > 4)
71 + return(0);
72 + v_samp=1;
73 + h_samp=1;
74 + for(j=0;j<ncomp;j++){
75 + uint16 samp = buffer[*bufferoffset+11+(3*j)];
76 + if( (samp>>4) > h_samp)
77 + h_samp = (samp>>4);
78 + if( (samp & 0x0f) > v_samp)
79 + v_samp = (samp & 0x0f);
80 }
81 v_samp*=8;
82 h_samp*=8;
83 @@ -3381,45 +3404,43 @@
84 (unsigned char) ((height>>8) & 0xff);
85 buffer[*bufferoffset+6]=
86 (unsigned char) (height & 0xff);
87 - *bufferoffset+=strip[i+2]+2;
88 - i+=strip[i+2]+2;
89 -
90 + *bufferoffset+=datalen+2;
91 + /* insert a DRI marker */
92 buffer[(*bufferoffset)++]=0xff;
93 buffer[(*bufferoffset)++]=0xdd;
94 buffer[(*bufferoffset)++]=0x00;
95 buffer[(*bufferoffset)++]=0x04;
96 buffer[(*bufferoffset)++]=(ri >> 8) & 0xff;
97 buffer[(*bufferoffset)++]= ri & 0xff;
98 - } else {
99 - i+=strip[i+2]+2;
100 }
101 break;
102 - case 0xc4:
103 - case 0xdb:
104 - _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
105 - *bufferoffset+=strip[i+2]+2;
106 - i+=strip[i+2]+2;
107 + case 0xc4: /* DHT */
108 + case 0xdb: /* DQT */
109 + _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
110 + *bufferoffset+=datalen+2;
111 break;
112 - case 0xda:
113 + case 0xda: /* SOS */
114 if(no==0){
115 - _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), strip[i+2]+2);
116 - *bufferoffset+=strip[i+2]+2;
117 - i+=strip[i+2]+2;
118 + _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
119 + *bufferoffset+=datalen+2;
120 } else {
121 buffer[(*bufferoffset)++]=0xff;
122 buffer[(*bufferoffset)++]=
123 (unsigned char)(0xd0 | ((no-1)%8));
124 - i+=strip[i+2]+2;
125 }
126 - _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), (*striplength)-i-1);
127 - *bufferoffset+=(*striplength)-i-1;
128 + i += datalen + 1;
129 + /* copy remainder of strip */
130 + _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
131 + *bufferoffset+= *striplength - i;
132 return(1);
133 default:
134 - i+=strip[i+2]+2;
135 + /* ignore any other marker */
136 + break;
137 }
138 + i += datalen + 1;
139 }
140 -
141
142 + /* failed to find SOS marker */
143 return(0);
144 }
145 #endif
|
