From c760024a54b92a2e091cfcae4d9bbb7d52e66374 Mon Sep 17 00:00:00 2001
From: Nicolas Pena <npm@chromium.org>
Date: Thu, 20 Jul 2017 14:35:29 -0400
Subject: Upgrade LibTIFF to 4.0.8
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This CL upgrades LibTIFF, removing patch files that correspond to bugs
that have been resolved in 4.0.8.

Change-Id: Id99d2fc9b3f25993dcb60cf1558b73674eb725bf
Reviewed-on: https://pdfium-review.googlesource.com/8490
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Nicolás Peña <npm@chromium.org>
---
 third_party/libtiff/tif_dirread.c | 119 ++++++++++++++++++++++----------------
 1 file changed, 68 insertions(+), 51 deletions(-)

(limited to 'third_party/libtiff/tif_dirread.c')

diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
index 0926e16254..385ed12db0 100644
--- a/third_party/libtiff/tif_dirread.c
+++ b/third_party/libtiff/tif_dirread.c
@@ -1,4 +1,4 @@
-/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */
+/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -791,43 +791,44 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryArray(TIFF* tif, TIFFDirEntry* d
 	*count=(uint32)direntry->tdir_count;
 	datasize=(*count)*typesize;
 	assert((tmsize_t)datasize>0);
-	const uint32 small_alloc_threshold=(tif->tif_flags&TIFF_BIGTIFF)? 8 : 4;
-	if (datasize <= small_alloc_threshold)
-	{
-		data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
-		if (data==0)
-			return(TIFFReadDirEntryErrAlloc);
-		_TIFFmemcpy(data,&direntry->tdir_offset,datasize);
-		*value=data;
-		return(TIFFReadDirEntryErrOk);
-	}
-	uint64 offset;
+	data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
+	if (data==0)
+		return(TIFFReadDirEntryErrAlloc);
 	if (!(tif->tif_flags&TIFF_BIGTIFF))
 	{
-		uint32 small_offset=direntry->tdir_offset.toff_long;
-		if (tif->tif_flags&TIFF_SWAB)
-			TIFFSwabLong(&small_offset);
-		offset=(uint64)small_offset;
+		if (datasize<=4)
+			_TIFFmemcpy(data,&direntry->tdir_offset,datasize);
+		else
+		{
+			enum TIFFReadDirEntryErr err;
+			uint32 offset = direntry->tdir_offset.toff_long;
+			if (tif->tif_flags&TIFF_SWAB)
+				TIFFSwabLong(&offset);
+			err=TIFFReadDirEntryData(tif,(uint64)offset,(tmsize_t)datasize,data);
+			if (err!=TIFFReadDirEntryErrOk)
+			{
+				_TIFFfree(data);
+				return(err);
+			}
+		}
 	}
 	else
 	{
-		offset = direntry->tdir_offset.toff_long8;
-		if (tif->tif_flags&TIFF_SWAB)
-			TIFFSwabLong8(&offset);
-	}
-	if ((uint64)(-1) - offset < datasize)
-		return(TIFFReadDirEntryErrIo);
-	const uint64 size=isMapped(tif)? (uint64)tif->tif_size : TIFFGetFileSize(tif);
-	if (offset + datasize > size)
-		return(TIFFReadDirEntryErrIo);
-	data=_TIFFCheckMalloc(tif, *count, typesize, "ReadDirEntryArray");
-	if (data==0)
-		return(TIFFReadDirEntryErrAlloc);
-	enum TIFFReadDirEntryErr err=TIFFReadDirEntryData(tif,offset,(tmsize_t)datasize,data);
-	if (err!=TIFFReadDirEntryErrOk)
-	{
-		_TIFFfree(data);
-		return(err);
+		if (datasize<=8)
+			_TIFFmemcpy(data,&direntry->tdir_offset,datasize);
+		else
+		{
+			enum TIFFReadDirEntryErr err;
+			uint64 offset = direntry->tdir_offset.toff_long8;
+			if (tif->tif_flags&TIFF_SWAB)
+				TIFFSwabLong8(&offset);
+			err=TIFFReadDirEntryData(tif,offset,(tmsize_t)datasize,data);
+			if (err!=TIFFReadDirEntryErrOk)
+			{
+				_TIFFfree(data);
+				return(err);
+			}
+		}
 	}
 	*value=data;
 	return(TIFFReadDirEntryErrOk);
@@ -2406,14 +2407,14 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryFloatArray(TIFF* tif, TIFFDirEnt
 				ma=(double*)origdata;
 				mb=data;
 				for (n=0; n<count; n++)
-				{
-					double val = *ma++;
-					if( val > FLT_MAX )
-						val = FLT_MAX;
-					else if( val < -FLT_MAX )
-						val = -FLT_MAX;
-					*mb++=(float)val;
-				}
+                                {
+                                    double val = *ma++;
+                                    if( val > FLT_MAX )
+                                        val = FLT_MAX;
+                                    else if( val < -FLT_MAX )
+                                        val = -FLT_MAX;
+                                    *mb++=(float)val;
+                                }
 			}
 			break;
 	}
@@ -2879,9 +2880,9 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedRational(TIFF* tif, TIFFD
 		m.l = direntry->tdir_offset.toff_long8;
 	if (tif->tif_flags&TIFF_SWAB)
 		TIFFSwabArrayOfLong(m.i,2);
-	/* Not completely sure what we should do when m.i[1]==0, but some */
-	/* sanitizers do not like division by 0.0: */
-	/* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
+        /* Not completely sure what we should do when m.i[1]==0, but some */
+        /* sanitizers do not like division by 0.0: */
+        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
 	if (m.i[0]==0 || m.i[1]==0)
 		*value=0.0;
 	else
@@ -2910,9 +2911,9 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryCheckedSrational(TIFF* tif, TIFF
 		m.l=direntry->tdir_offset.toff_long8;
 	if (tif->tif_flags&TIFF_SWAB)
 		TIFFSwabArrayOfLong(m.i,2);
-	/* Not completely sure what we should do when m.i[1]==0, but some */
-	/* sanitizers do not like division by 0.0: */
-	/* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
+        /* Not completely sure what we should do when m.i[1]==0, but some */
+        /* sanitizers do not like division by 0.0: */
+        /* http://bugzilla.maptools.org/show_bug.cgi?id=2644 */
 	if ((int32)m.i[0]==0 || m.i[1]==0)
 		*value=0.0;
 	else
@@ -3737,6 +3738,14 @@ TIFFReadDirectory(TIFF* tif)
                                 _TIFFmemcpy( &(tif->tif_dir.td_stripoffset_entry),
                                              dp, sizeof(TIFFDirEntry) );
 #else                          
+                                if( tif->tif_dir.td_stripoffset != NULL )
+                                {
+                                    TIFFErrorExt(tif->tif_clientdata, module,
+                                        "tif->tif_dir.td_stripoffset is "
+                                        "already allocated. Likely duplicated "
+                                        "StripOffsets/TileOffsets tag");
+                                    goto bad;
+                                }
 				if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripoffset))  
 					goto bad;
 #endif                                
@@ -3747,7 +3756,15 @@ TIFFReadDirectory(TIFF* tif)
                                 _TIFFmemcpy( &(tif->tif_dir.td_stripbytecount_entry),
                                              dp, sizeof(TIFFDirEntry) );
 #else                          
-				if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount))  
+                                if( tif->tif_dir.td_stripbytecount != NULL )
+                                {
+                                    TIFFErrorExt(tif->tif_clientdata, module,
+                                        "tif->tif_dir.td_stripbytecount is "
+                                        "already allocated. Likely duplicated "
+                                        "StripByteCounts/TileByteCounts tag");
+                                    goto bad;
+                                }
+                                if (!TIFFFetchStripThing(tif,dp,tif->tif_dir.td_nstrips,&tif->tif_dir.td_stripbytecount))  
 					goto bad;
 #endif                                
 				break;
@@ -5552,9 +5569,9 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
 	 */
 	if (rowsperstrip >= td->td_rowsperstrip)
 		return;
-	nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
-	if( nstrips == 0 )
-		return;
+        nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
+        if( nstrips == 0 )
+            return;
 
 	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
 				"for chopped \"StripByteCounts\" array");
-- 
cgit v1.2.3