1
/*
2
 * jdmarker.c
3
 *
4
 * This file was part of the Independent JPEG Group's software:
5
 * Copyright (C) 1991-1998, Thomas G. Lane.
6
 * libjpeg-turbo Modifications:
7
 * Copyright (C) 2012, 2015, D. R. Commander.
8
 * For conditions of distribution and use, see the accompanying README.ijg
9
 * file.
10
 *
11
 * This file contains routines to decode JPEG datastream markers.
12
 * Most of the complexity arises from our desire to support input
13
 * suspension: if not all of the data for a marker is available,
14
 * we must exit back to the application.  On resumption, we reprocess
15
 * the marker.
16
 */
17

18
#define JPEG_INTERNALS
19
#include "jinclude.h"
20
#include "jpeglib.h"
21

22

23
typedef enum {                  /* JPEG marker codes */
24
  M_SOF0  = 0xc0,
25
  M_SOF1  = 0xc1,
26
  M_SOF2  = 0xc2,
27
  M_SOF3  = 0xc3,
28

29
  M_SOF5  = 0xc5,
30
  M_SOF6  = 0xc6,
31
  M_SOF7  = 0xc7,
32

33
  M_JPG   = 0xc8,
34
  M_SOF9  = 0xc9,
35
  M_SOF10 = 0xca,
36
  M_SOF11 = 0xcb,
37

38
  M_SOF13 = 0xcd,
39
  M_SOF14 = 0xce,
40
  M_SOF15 = 0xcf,
41

42
  M_DHT   = 0xc4,
43

44
  M_DAC   = 0xcc,
45

46
  M_RST0  = 0xd0,
47
  M_RST1  = 0xd1,
48
  M_RST2  = 0xd2,
49
  M_RST3  = 0xd3,
50
  M_RST4  = 0xd4,
51
  M_RST5  = 0xd5,
52
  M_RST6  = 0xd6,
53
  M_RST7  = 0xd7,
54

55
  M_SOI   = 0xd8,
56
  M_EOI   = 0xd9,
57
  M_SOS   = 0xda,
58
  M_DQT   = 0xdb,
59
  M_DNL   = 0xdc,
60
  M_DRI   = 0xdd,
61
  M_DHP   = 0xde,
62
  M_EXP   = 0xdf,
63

64
  M_APP0  = 0xe0,
65
  M_APP1  = 0xe1,
66
  M_APP2  = 0xe2,
67
  M_APP3  = 0xe3,
68
  M_APP4  = 0xe4,
69
  M_APP5  = 0xe5,
70
  M_APP6  = 0xe6,
71
  M_APP7  = 0xe7,
72
  M_APP8  = 0xe8,
73
  M_APP9  = 0xe9,
74
  M_APP10 = 0xea,
75
  M_APP11 = 0xeb,
76
  M_APP12 = 0xec,
77
  M_APP13 = 0xed,
78
  M_APP14 = 0xee,
79
  M_APP15 = 0xef,
80

81
  M_JPG0  = 0xf0,
82
  M_JPG13 = 0xfd,
83
  M_COM   = 0xfe,
84

85
  M_TEM   = 0x01,
86

87
  M_ERROR = 0x100
88
} JPEG_MARKER;
89

90

91
/* Private state */
92

93
typedef struct {
94
  struct jpeg_marker_reader pub; /* public fields */
95

96
  /* Application-overridable marker processing methods */
97
  jpeg_marker_parser_method process_COM;
98
  jpeg_marker_parser_method process_APPn[16];
99

100
  /* Limit on marker data length to save for each marker type */
101
  unsigned int length_limit_COM;
102
  unsigned int length_limit_APPn[16];
103

104
  /* Status of COM/APPn marker saving */
105
  jpeg_saved_marker_ptr cur_marker;     /* NULL if not processing a marker */
106
  unsigned int bytes_read;              /* data bytes read so far in marker */
107
  /* Note: cur_marker is not linked into marker_list until it's all read. */
108
} my_marker_reader;
109

110
typedef my_marker_reader *my_marker_ptr;
111

112

113
/*
114
 * Macros for fetching data from the data source module.
115
 *
116
 * At all times, cinfo->src->next_input_byte and ->bytes_in_buffer reflect
117
 * the current restart point; we update them only when we have reached a
118
 * suitable place to restart if a suspension occurs.
119
 */
120

121
/* Declare and initialize local copies of input pointer/count */
122
#define INPUT_VARS(cinfo)  \
123
        struct jpeg_source_mgr *datasrc = (cinfo)->src;  \
124
        const JOCTET *next_input_byte = datasrc->next_input_byte;  \
125
        size_t bytes_in_buffer = datasrc->bytes_in_buffer
126

127
/* Unload the local copies --- do this only at a restart boundary */
128
#define INPUT_SYNC(cinfo)  \
129
        ( datasrc->next_input_byte = next_input_byte,  \
130
          datasrc->bytes_in_buffer = bytes_in_buffer )
131

132
/* Reload the local copies --- used only in MAKE_BYTE_AVAIL */
133
#define INPUT_RELOAD(cinfo)  \
134
        ( next_input_byte = datasrc->next_input_byte,  \
135
          bytes_in_buffer = datasrc->bytes_in_buffer )
136

137
/* Internal macro for INPUT_BYTE and INPUT_2BYTES: make a byte available.
138
 * Note we do *not* do INPUT_SYNC before calling fill_input_buffer,
139
 * but we must reload the local copies after a successful fill.
140
 */
141
#define MAKE_BYTE_AVAIL(cinfo,action)  \
142
        if (bytes_in_buffer == 0) {  \
143
          if (! (*datasrc->fill_input_buffer) (cinfo))  \
144
            { action; }  \
145
          INPUT_RELOAD(cinfo);  \
146
        }
147

148
/* Read a byte into variable V.
149
 * If must suspend, take the specified action (typically "return FALSE").
150
 */
151
#define INPUT_BYTE(cinfo,V,action)  \
152
        MAKESTMT( MAKE_BYTE_AVAIL(cinfo,action); \
153
                  bytes_in_buffer--; \
154
                  V = GETJOCTET(*next_input_byte++); )
155

156
/* As above, but read two bytes interpreted as an unsigned 16-bit integer.
157
 * V should be declared unsigned int or perhaps JLONG.
158
 */
159
#define INPUT_2BYTES(cinfo,V,action)  \
160
        MAKESTMT( MAKE_BYTE_AVAIL(cinfo,action); \
161
                  bytes_in_buffer--; \
162
                  V = ((unsigned int) GETJOCTET(*next_input_byte++)) << 8; \
163
                  MAKE_BYTE_AVAIL(cinfo,action); \
164
                  bytes_in_buffer--; \
165
                  V += GETJOCTET(*next_input_byte++); )
166

167

168
/*
169
 * Routines to process JPEG markers.
170
 *
171
 * Entry condition: JPEG marker itself has been read and its code saved
172
 *   in cinfo->unread_marker; input restart point is just after the marker.
173
 *
174
 * Exit: if return TRUE, have read and processed any parameters, and have
175
 *   updated the restart point to point after the parameters.
176
 *   If return FALSE, was forced to suspend before reaching end of
177
 *   marker parameters; restart point has not been moved.  Same routine
178
 *   will be called again after application supplies more input data.
179
 *
180
 * This approach to suspension assumes that all of a marker's parameters
181
 * can fit into a single input bufferload.  This should hold for "normal"
182
 * markers.  Some COM/APPn markers might have large parameter segments
183
 * that might not fit.  If we are simply dropping such a marker, we use
184
 * skip_input_data to get past it, and thereby put the problem on the
185
 * source manager's shoulders.  If we are saving the marker's contents
186
 * into memory, we use a slightly different convention: when forced to
187
 * suspend, the marker processor updates the restart point to the end of
188
 * what it's consumed (ie, the end of the buffer) before returning FALSE.
189
 * On resumption, cinfo->unread_marker still contains the marker code,
190
 * but the data source will point to the next chunk of marker data.
191
 * The marker processor must retain internal state to deal with this.
192
 *
193
 * Note that we don't bother to avoid duplicate trace messages if a
194
 * suspension occurs within marker parameters.  Other side effects
195
 * require more care.
196
 */
197

198

199
LOCAL(boolean)
200
get_soi (j_decompress_ptr cinfo)
201
/* Process an SOI marker */
202
{
203
  int i;
204

205
  TRACEMS(cinfo, 1, JTRC_SOI);
206

207
  if (cinfo->marker->saw_SOI)
208
    ERREXIT(cinfo, JERR_SOI_DUPLICATE);
209

210
  /* Reset all parameters that are defined to be reset by SOI */
211

212
  for (i = 0; i < NUM_ARITH_TBLS; i++) {
213
    cinfo->arith_dc_L[i] = 0;
214
    cinfo->arith_dc_U[i] = 1;
215
    cinfo->arith_ac_K[i] = 5;
216
  }
217
  cinfo->restart_interval = 0;
218

219
  /* Set initial assumptions for colorspace etc */
220

221
  cinfo->jpeg_color_space = JCS_UNKNOWN;
222
  cinfo->CCIR601_sampling = FALSE; /* Assume non-CCIR sampling??? */
223

224
  cinfo->saw_JFIF_marker = FALSE;
225
  cinfo->JFIF_major_version = 1; /* set default JFIF APP0 values */
226
  cinfo->JFIF_minor_version = 1;
227
  cinfo->density_unit = 0;
228
  cinfo->X_density = 1;
229
  cinfo->Y_density = 1;
230
  cinfo->saw_Adobe_marker = FALSE;
231
  cinfo->Adobe_transform = 0;
232

233
  cinfo->marker->saw_SOI = TRUE;
234

235
  return TRUE;
236
}
237

238

239
LOCAL(boolean)
240
get_sof (j_decompress_ptr cinfo, boolean is_prog, boolean is_arith)
241
/* Process a SOFn marker */
242
{
243
  JLONG length;
244
  int c, ci;
245
  jpeg_component_info *compptr;
246
  INPUT_VARS(cinfo);
247

248
  cinfo->progressive_mode = is_prog;
249
  cinfo->arith_code = is_arith;
250

251
  INPUT_2BYTES(cinfo, length, return FALSE);
252

253
  INPUT_BYTE(cinfo, cinfo->data_precision, return FALSE);
254
  INPUT_2BYTES(cinfo, cinfo->image_height, return FALSE);
255
  INPUT_2BYTES(cinfo, cinfo->image_width, return FALSE);
256
  INPUT_BYTE(cinfo, cinfo->num_components, return FALSE);
257

258
  length -= 8;
259

260
  TRACEMS4(cinfo, 1, JTRC_SOF, cinfo->unread_marker,
261
           (int) cinfo->image_width, (int) cinfo->image_height,
262
           cinfo->num_components);
263

264
  if (cinfo->marker->saw_SOF)
265
    ERREXIT(cinfo, JERR_SOF_DUPLICATE);
266

267
  /* We don't support files in which the image height is initially specified */
268
  /* as 0 and is later redefined by DNL.  As long as we have to check that,  */
269
  /* might as well have a general sanity check. */
270
  if (cinfo->image_height <= 0 || cinfo->image_width <= 0
271
      || cinfo->num_components <= 0)
272
    ERREXIT(cinfo, JERR_EMPTY_IMAGE);
273

274
  if (length != (cinfo->num_components * 3))
275
    ERREXIT(cinfo, JERR_BAD_LENGTH);
276

277
  if (cinfo->comp_info == NULL) /* do only once, even if suspend */
278
    cinfo->comp_info = (jpeg_component_info *) (*cinfo->mem->alloc_small)
279
                        ((j_common_ptr) cinfo, JPOOL_IMAGE,
280
                         cinfo->num_components * sizeof(jpeg_component_info));
281

282
  for (ci = 0, compptr = cinfo->comp_info; ci < cinfo->num_components;
283
       ci++, compptr++) {
284
    compptr->component_index = ci;
285
    INPUT_BYTE(cinfo, compptr->component_id, return FALSE);
286
    INPUT_BYTE(cinfo, c, return FALSE);
287
    compptr->h_samp_factor = (c >> 4) & 15;
288
    compptr->v_samp_factor = (c     ) & 15;
289
    INPUT_BYTE(cinfo, compptr->quant_tbl_no, return FALSE);
290

291
    TRACEMS4(cinfo, 1, JTRC_SOF_COMPONENT,
292
             compptr->component_id, compptr->h_samp_factor,
293
             compptr->v_samp_factor, compptr->quant_tbl_no);
294
  }
295

296
  cinfo->marker->saw_SOF = TRUE;
297

298
  INPUT_SYNC(cinfo);
299
  return TRUE;
300
}
301

302

303
LOCAL(boolean)
304
get_sos (j_decompress_ptr cinfo)
305
/* Process a SOS marker */
306
{
307
  JLONG length;
308
  int i, ci, n, c, cc, pi;
309
  jpeg_component_info *compptr;
310
  INPUT_VARS(cinfo);
311

312
  if (! cinfo->marker->saw_SOF)
313
    ERREXIT(cinfo, JERR_SOS_NO_SOF);
314

315
  INPUT_2BYTES(cinfo, length, return FALSE);
316

317
  INPUT_BYTE(cinfo, n, return FALSE); /* Number of components */
318

319
  TRACEMS1(cinfo, 1, JTRC_SOS, n);
320

321
  if (length != (n * 2 + 6) || n < 1 || n > MAX_COMPS_IN_SCAN)
322
    ERREXIT(cinfo, JERR_BAD_LENGTH);
323

324
  cinfo->comps_in_scan = n;
325

326
  /* Collect the component-spec parameters */
327

328
  for (i = 0; i < MAX_COMPS_IN_SCAN; i++)
329
    cinfo->cur_comp_info[i] = NULL;
330

331
  for (i = 0; i < n; i++) {
332
    INPUT_BYTE(cinfo, cc, return FALSE);
333
    INPUT_BYTE(cinfo, c, return FALSE);
334

335
    for (ci = 0, compptr = cinfo->comp_info;
336
         ci < cinfo->num_components && ci < MAX_COMPS_IN_SCAN;
337
         ci++, compptr++) {
338
      if (cc == compptr->component_id && !cinfo->cur_comp_info[ci])
339
        goto id_found;
340
    }
341

342
    ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
343

344
  id_found:
345

346
    cinfo->cur_comp_info[i] = compptr;
347
    compptr->dc_tbl_no = (c >> 4) & 15;
348
    compptr->ac_tbl_no = (c     ) & 15;
349

350
    TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
351
             compptr->dc_tbl_no, compptr->ac_tbl_no);
352

353
    /* This CSi (cc) should differ from the previous CSi */
354
    for (pi = 0; pi < i; pi++) {
355
      if (cinfo->cur_comp_info[pi] == compptr) {
356
        ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
357
      }
358
    }
359
  }
360

361
  /* Collect the additional scan parameters Ss, Se, Ah/Al. */
362
  INPUT_BYTE(cinfo, c, return FALSE);
363
  cinfo->Ss = c;
364
  INPUT_BYTE(cinfo, c, return FALSE);
365
  cinfo->Se = c;
366
  INPUT_BYTE(cinfo, c, return FALSE);
367
  cinfo->Ah = (c >> 4) & 15;
368
  cinfo->Al = (c     ) & 15;
369

370
  TRACEMS4(cinfo, 1, JTRC_SOS_PARAMS, cinfo->Ss, cinfo->Se,
371
           cinfo->Ah, cinfo->Al);
372

373
  /* Prepare to scan data & restart markers */
374
  cinfo->marker->next_restart_num = 0;
375

376
  /* Count another SOS marker */
377
  cinfo->input_scan_number++;
378

379
  INPUT_SYNC(cinfo);
380
  return TRUE;
381
}
382

383

384
#ifdef D_ARITH_CODING_SUPPORTED
385

386
LOCAL(boolean)
387
get_dac (j_decompress_ptr cinfo)
388
/* Process a DAC marker */
389
{
390
  JLONG length;
391
  int index, val;
392
  INPUT_VARS(cinfo);
393

394
  INPUT_2BYTES(cinfo, length, return FALSE);
395
  length -= 2;
396

397
  while (length > 0) {
398
    INPUT_BYTE(cinfo, index, return FALSE);
399
    INPUT_BYTE(cinfo, val, return FALSE);
400

401
    length -= 2;
402

403
    TRACEMS2(cinfo, 1, JTRC_DAC, index, val);
404

405
    if (index < 0 || index >= (2*NUM_ARITH_TBLS))
406
      ERREXIT1(cinfo, JERR_DAC_INDEX, index);
407

408
    if (index >= NUM_ARITH_TBLS) { /* define AC table */
409
      cinfo->arith_ac_K[index-NUM_ARITH_TBLS] = (UINT8) val;
410
    } else {                    /* define DC table */
411
      cinfo->arith_dc_L[index] = (UINT8) (val & 0x0F);
412
      cinfo->arith_dc_U[index] = (UINT8) (val >> 4);
413
      if (cinfo->arith_dc_L[index] > cinfo->arith_dc_U[index])
414
        ERREXIT1(cinfo, JERR_DAC_VALUE, val);
415
    }
416
  }
417

418
  if (length != 0)
419
    ERREXIT(cinfo, JERR_BAD_LENGTH);
420

421
  INPUT_SYNC(cinfo);
422
  return TRUE;
423
}
424

425
#else /* ! D_ARITH_CODING_SUPPORTED */
426

427
#define get_dac(cinfo)  skip_variable(cinfo)
428

429
#endif /* D_ARITH_CODING_SUPPORTED */
430

431

432
LOCAL(boolean)
433
get_dht (j_decompress_ptr cinfo)
434
/* Process a DHT marker */
435
{
436
  JLONG length;
437
  UINT8 bits[17];
438
  UINT8 huffval[256];
439
  int i, index, count;
440
  JHUFF_TBL **htblptr;
441
  INPUT_VARS(cinfo);
442

443
  INPUT_2BYTES(cinfo, length, return FALSE);
444
  length -= 2;
445

446
  while (length > 16) {
447
    INPUT_BYTE(cinfo, index, return FALSE);
448

449
    TRACEMS1(cinfo, 1, JTRC_DHT, index);
450

451
    bits[0] = 0;
452
    count = 0;
453
    for (i = 1; i <= 16; i++) {
454
      INPUT_BYTE(cinfo, bits[i], return FALSE);
455
      count += bits[i];
456
    }
457

458
    length -= 1 + 16;
459

460
    TRACEMS8(cinfo, 2, JTRC_HUFFBITS,
461
             bits[1], bits[2], bits[3], bits[4],
462
             bits[5], bits[6], bits[7], bits[8]);
463
    TRACEMS8(cinfo, 2, JTRC_HUFFBITS,
464
             bits[9], bits[10], bits[11], bits[12],
465
             bits[13], bits[14], bits[15], bits[16]);
466

467
    /* Here we just do minimal validation of the counts to avoid walking
468
     * off the end of our table space.  jdhuff.c will check more carefully.
469
     */
470
    if (count > 256 || ((JLONG) count) > length)
471
      ERREXIT(cinfo, JERR_BAD_HUFF_TABLE);
472

473
    for (i = 0; i < count; i++)
474
      INPUT_BYTE(cinfo, huffval[i], return FALSE);
475

476
    MEMZERO(&huffval[count], (256 - count) * sizeof(UINT8));
477

478
    length -= count;
479

480
    if (index & 0x10) {         /* AC table definition */
481
      index -= 0x10;
482
      if (index < 0 || index >= NUM_HUFF_TBLS)
483
        ERREXIT1(cinfo, JERR_DHT_INDEX, index);
484
      htblptr = &cinfo->ac_huff_tbl_ptrs[index];
485
    } else {                    /* DC table definition */
486
      if (index < 0 || index >= NUM_HUFF_TBLS)
487
        ERREXIT1(cinfo, JERR_DHT_INDEX, index);
488
      htblptr = &cinfo->dc_huff_tbl_ptrs[index];
489
    }
490

491
    if (*htblptr == NULL)
492
      *htblptr = jpeg_alloc_huff_table((j_common_ptr) cinfo);
493

494
    MEMCOPY((*htblptr)->bits, bits, sizeof((*htblptr)->bits));
495
    MEMCOPY((*htblptr)->huffval, huffval, sizeof((*htblptr)->huffval));
496
  }
497

498
  if (length != 0)
499
    ERREXIT(cinfo, JERR_BAD_LENGTH);
500

501
  INPUT_SYNC(cinfo);
502
  return TRUE;
503
}
504

505

506
LOCAL(boolean)
507
get_dqt (j_decompress_ptr cinfo)
508
/* Process a DQT marker */
509
{
510
  JLONG length;
511
  int n, i, prec;
512
  unsigned int tmp;
513
  JQUANT_TBL *quant_ptr;
514
  INPUT_VARS(cinfo);
515

516
  INPUT_2BYTES(cinfo, length, return FALSE);
517
  length -= 2;
518

519
  while (length > 0) {
520
    INPUT_BYTE(cinfo, n, return FALSE);
521
    prec = n >> 4;
522
    n &= 0x0F;
523

524
    TRACEMS2(cinfo, 1, JTRC_DQT, n, prec);
525

526
    if (n >= NUM_QUANT_TBLS)
527
      ERREXIT1(cinfo, JERR_DQT_INDEX, n);
528

529
    if (cinfo->quant_tbl_ptrs[n] == NULL)
530
      cinfo->quant_tbl_ptrs[n] = jpeg_alloc_quant_table((j_common_ptr) cinfo);
531
    quant_ptr = cinfo->quant_tbl_ptrs[n];
532

533
    for (i = 0; i < DCTSIZE2; i++) {
534
      if (prec)
535
        INPUT_2BYTES(cinfo, tmp, return FALSE);
536
      else
537
        INPUT_BYTE(cinfo, tmp, return FALSE);
538
      /* We convert the zigzag-order table to natural array order. */
539
      quant_ptr->quantval[jpeg_natural_order[i]] = (UINT16) tmp;
540
    }
541

542
    if (cinfo->err->trace_level >= 2) {
543
      for (i = 0; i < DCTSIZE2; i += 8) {
544
        TRACEMS8(cinfo, 2, JTRC_QUANTVALS,
545
                 quant_ptr->quantval[i],   quant_ptr->quantval[i+1],
546
                 quant_ptr->quantval[i+2], quant_ptr->quantval[i+3],
547
                 quant_ptr->quantval[i+4], quant_ptr->quantval[i+5],
548
                 quant_ptr->quantval[i+6], quant_ptr->quantval[i+7]);
549
      }
550
    }
551

552
    length -= DCTSIZE2+1;
553
    if (prec) length -= DCTSIZE2;
554
  }
555

556
  if (length != 0)
557
    ERREXIT(cinfo, JERR_BAD_LENGTH);
558

559
  INPUT_SYNC(cinfo);
560
  return TRUE;
561
}
562

563

564
LOCAL(boolean)
565
get_dri (j_decompress_ptr cinfo)
566
/* Process a DRI marker */
567
{
568
  JLONG length;
569
  unsigned int tmp;
570
  INPUT_VARS(cinfo);
571

572
  INPUT_2BYTES(cinfo, length, return FALSE);
573

574
  if (length != 4)
575
    ERREXIT(cinfo, JERR_BAD_LENGTH);
576

577
  INPUT_2BYTES(cinfo, tmp, return FALSE);
578

579
  TRACEMS1(cinfo, 1, JTRC_DRI, tmp);
580

581
  cinfo->restart_interval = tmp;
582

583
  INPUT_SYNC(cinfo);
584
  return TRUE;
585
}
586

587

588
/*
589
 * Routines for processing APPn and COM markers.
590
 * These are either saved in memory or discarded, per application request.
591
 * APP0 and APP14 are specially checked to see if they are
592
 * JFIF and Adobe markers, respectively.
593
 */
594

595
#define APP0_DATA_LEN   14      /* Length of interesting data in APP0 */
596
#define APP14_DATA_LEN  12      /* Length of interesting data in APP14 */
597
#define APPN_DATA_LEN   14      /* Must be the largest of the above!! */
598

599

600
LOCAL(void)
601
examine_app0 (j_decompress_ptr cinfo, JOCTET *data,
602
              unsigned int datalen, JLONG remaining)
603
/* Examine first few bytes from an APP0.
604
 * Take appropriate action if it is a JFIF marker.
605
 * datalen is # of bytes at data[], remaining is length of rest of marker data.
606
 */
607
{
608
  JLONG totallen = (JLONG) datalen + remaining;
609

610
  if (datalen >= APP0_DATA_LEN &&
611
      GETJOCTET(data[0]) == 0x4A &&
612
      GETJOCTET(data[1]) == 0x46 &&
613
      GETJOCTET(data[2]) == 0x49 &&
614
      GETJOCTET(data[3]) == 0x46 &&
615
      GETJOCTET(data[4]) == 0) {
616
    /* Found JFIF APP0 marker: save info */
617
    cinfo->saw_JFIF_marker = TRUE;
618
    cinfo->JFIF_major_version = GETJOCTET(data[5]);
619
    cinfo->JFIF_minor_version = GETJOCTET(data[6]);
620
    cinfo->density_unit = GETJOCTET(data[7]);
621
    cinfo->X_density = (GETJOCTET(data[8]) << 8) + GETJOCTET(data[9]);
622
    cinfo->Y_density = (GETJOCTET(data[10]) << 8) + GETJOCTET(data[11]);
623
    /* Check version.
624
     * Major version must be 1, anything else signals an incompatible change.
625
     * (We used to treat this as an error, but now it's a nonfatal warning,
626
     * because some bozo at Hijaak couldn't read the spec.)
627
     * Minor version should be 0..2, but process anyway if newer.
628
     */
629
    if (cinfo->JFIF_major_version != 1)
630
      WARNMS2(cinfo, JWRN_JFIF_MAJOR,
631
              cinfo->JFIF_major_version, cinfo->JFIF_minor_version);
632
    /* Generate trace messages */
633
    TRACEMS5(cinfo, 1, JTRC_JFIF,
634
             cinfo->JFIF_major_version, cinfo->JFIF_minor_version,
635
             cinfo->X_density, cinfo->Y_density, cinfo->density_unit);
636
    /* Validate thumbnail dimensions and issue appropriate messages */
637
    if (GETJOCTET(data[12]) | GETJOCTET(data[13]))
638
      TRACEMS2(cinfo, 1, JTRC_JFIF_THUMBNAIL,
639
               GETJOCTET(data[12]), GETJOCTET(data[13]));
640
    totallen -= APP0_DATA_LEN;
641
    if (totallen !=
642
        ((JLONG)GETJOCTET(data[12]) * (JLONG)GETJOCTET(data[13]) * (JLONG) 3))
643
      TRACEMS1(cinfo, 1, JTRC_JFIF_BADTHUMBNAILSIZE, (int) totallen);
644
  } else if (datalen >= 6 &&
645
      GETJOCTET(data[0]) == 0x4A &&
646
      GETJOCTET(data[1]) == 0x46 &&
647
      GETJOCTET(data[2]) == 0x58 &&
648
      GETJOCTET(data[3]) == 0x58 &&
649
      GETJOCTET(data[4]) == 0) {
650
    /* Found JFIF "JFXX" extension APP0 marker */
651
    /* The library doesn't actually do anything with these,
652
     * but we try to produce a helpful trace message.
653
     */
654
    switch (GETJOCTET(data[5])) {
655
    case 0x10:
656
      TRACEMS1(cinfo, 1, JTRC_THUMB_JPEG, (int) totallen);
657
      break;
658
    case 0x11:
659
      TRACEMS1(cinfo, 1, JTRC_THUMB_PALETTE, (int) totallen);
660
      break;
661
    case 0x13:
662
      TRACEMS1(cinfo, 1, JTRC_THUMB_RGB, (int) totallen);
663
      break;
664
    default:
665
      TRACEMS2(cinfo, 1, JTRC_JFIF_EXTENSION,
666
               GETJOCTET(data[5]), (int) totallen);
667
      break;
668
    }
669
  } else {
670
    /* Start of APP0 does not match "JFIF" or "JFXX", or too short */
671
    TRACEMS1(cinfo, 1, JTRC_APP0, (int) totallen);
672
  }
673
}
674

675

676
LOCAL(void)
677
examine_app14 (j_decompress_ptr cinfo, JOCTET *data,
678
               unsigned int datalen, JLONG remaining)
679
/* Examine first few bytes from an APP14.
680
 * Take appropriate action if it is an Adobe marker.
681
 * datalen is # of bytes at data[], remaining is length of rest of marker data.
682
 */
683
{
684
  unsigned int version, flags0, flags1, transform;
685

686
  if (datalen >= APP14_DATA_LEN &&
687
      GETJOCTET(data[0]) == 0x41 &&
688
      GETJOCTET(data[1]) == 0x64 &&
689
      GETJOCTET(data[2]) == 0x6F &&
690
      GETJOCTET(data[3]) == 0x62 &&
691
      GETJOCTET(data[4]) == 0x65) {
692
    /* Found Adobe APP14 marker */
693
    version = (GETJOCTET(data[5]) << 8) + GETJOCTET(data[6]);
694
    flags0 = (GETJOCTET(data[7]) << 8) + GETJOCTET(data[8]);
695
    flags1 = (GETJOCTET(data[9]) << 8) + GETJOCTET(data[10]);
696
    transform = GETJOCTET(data[11]);
697
    TRACEMS4(cinfo, 1, JTRC_ADOBE, version, flags0, flags1, transform);
698
    cinfo->saw_Adobe_marker = TRUE;
699
    cinfo->Adobe_transform = (UINT8) transform;
700
  } else {
701
    /* Start of APP14 does not match "Adobe", or too short */
702
    TRACEMS1(cinfo, 1, JTRC_APP14, (int) (datalen + remaining));
703
  }
704
}
705

706

707
METHODDEF(boolean)
708
get_interesting_appn (j_decompress_ptr cinfo)
709
/* Process an APP0 or APP14 marker without saving it */
710
{
711
  JLONG length;
712
  JOCTET b[APPN_DATA_LEN];
713
  unsigned int i, numtoread;
714
  INPUT_VARS(cinfo);
715

716
  INPUT_2BYTES(cinfo, length, return FALSE);
717
  length -= 2;
718

719
  /* get the interesting part of the marker data */
720
  if (length >= APPN_DATA_LEN)
721
    numtoread = APPN_DATA_LEN;
722
  else if (length > 0)
723
    numtoread = (unsigned int) length;
724
  else
725
    numtoread = 0;
726
  for (i = 0; i < numtoread; i++)
727
    INPUT_BYTE(cinfo, b[i], return FALSE);
728
  length -= numtoread;
729

730
  /* process it */
731
  switch (cinfo->unread_marker) {
732
  case M_APP0:
733
    examine_app0(cinfo, (JOCTET *) b, numtoread, length);
734
    break;
735
  case M_APP14:
736
    examine_app14(cinfo, (JOCTET *) b, numtoread, length);
737
    break;
738
  default:
739
    /* can't get here unless jpeg_save_markers chooses wrong processor */
740
    ERREXIT1(cinfo, JERR_UNKNOWN_MARKER, cinfo->unread_marker);
741
    break;
742
  }
743

744
  /* skip any remaining data -- could be lots */
745
  INPUT_SYNC(cinfo);
746
  if (length > 0)
747
    (*cinfo->src->skip_input_data) (cinfo, (long) length);
748

749
  return TRUE;
750
}
751

752

753
#ifdef SAVE_MARKERS_SUPPORTED
754

755
METHODDEF(boolean)
756
save_marker (j_decompress_ptr cinfo)
757
/* Save an APPn or COM marker into the marker list */
758
{
759
  my_marker_ptr marker = (my_marker_ptr) cinfo->marker;
760
  jpeg_saved_marker_ptr cur_marker = marker->cur_marker;
761
  unsigned int bytes_read, data_length;
762
  JOCTET *data;
763
  JLONG length = 0;
764
  INPUT_VARS(cinfo);
765

766
  if (cur_marker == NULL) {
767
    /* begin reading a marker */
768
    INPUT_2BYTES(cinfo, length, return FALSE);
769
    length -= 2;
770
    if (length >= 0) {          /* watch out for bogus length word */
771
      /* figure out how much we want to save */
772
      unsigned int limit;
773
      if (cinfo->unread_marker == (int) M_COM)
774
        limit = marker->length_limit_COM;
775
      else
776
        limit = marker->length_limit_APPn[cinfo->unread_marker - (int) M_APP0];
777
      if ((unsigned int) length < limit)
778
        limit = (unsigned int) length;
779
      /* allocate and initialize the marker item */
780
      cur_marker = (jpeg_saved_marker_ptr)
781
        (*cinfo->mem->alloc_large) ((j_common_ptr) cinfo, JPOOL_IMAGE,
782
                                    sizeof(struct jpeg_marker_struct) + limit);
783
      cur_marker->next = NULL;
784
      cur_marker->marker = (UINT8) cinfo->unread_marker;
785
      cur_marker->original_length = (unsigned int) length;
786
      cur_marker->data_length = limit;
787
      /* data area is just beyond the jpeg_marker_struct */
788
      data = cur_marker->data = (JOCTET *) (cur_marker + 1);
789
      marker->cur_marker = cur_marker;
790
      marker->bytes_read = 0;
791
      bytes_read = 0;
792
      data_length = limit;
793
    } else {
794
      /* deal with bogus length word */
795
      bytes_read = data_length = 0;
796
      data = NULL;
797
    }
798
  } else {
799
    /* resume reading a marker */
800
    bytes_read = marker->bytes_read;
801
    data_length = cur_marker->data_length;
802
    data = cur_marker->data + bytes_read;
803
  }
804

805
  while (bytes_read < data_length) {
806
    INPUT_SYNC(cinfo);          /* move the restart point to here */
807
    marker->bytes_read = bytes_read;
808
    /* If there's not at least one byte in buffer, suspend */
809
    MAKE_BYTE_AVAIL(cinfo, return FALSE);
810
    /* Copy bytes with reasonable rapidity */
811
    while (bytes_read < data_length && bytes_in_buffer > 0) {
812
      *data++ = *next_input_byte++;
813
      bytes_in_buffer--;
814
      bytes_read++;
815
    }
816
  }
817

818
  /* Done reading what we want to read */
819
  if (cur_marker != NULL) {     /* will be NULL if bogus length word */
820
    /* Add new marker to end of list */
821
    if (cinfo->marker_list == NULL) {
822
      cinfo->marker_list = cur_marker;
823
    } else {
824
      jpeg_saved_marker_ptr prev = cinfo->marker_list;
825
      while (prev->next != NULL)
826
        prev = prev->next;
827
      prev->next = cur_marker;
828
    }
829
    /* Reset pointer & calc remaining data length */
830
    data = cur_marker->data;
831
    length = cur_marker->original_length - data_length;
832
  }
833
  /* Reset to initial state for next marker */
834
  marker->cur_marker = NULL;
835

836
  /* Process the marker if interesting; else just make a generic trace msg */
837
  switch (cinfo->unread_marker) {
838
  case M_APP0:
839
    examine_app0(cinfo, data, data_length, length);
840
    break;
841
  case M_APP14:
842
    examine_app14(cinfo, data, data_length, length);
843
    break;
844
  default:
845
    TRACEMS2(cinfo, 1, JTRC_MISC_MARKER, cinfo->unread_marker,
846
             (int) (data_length + length));
847
    break;
848
  }
849

850
  /* skip any remaining data -- could be lots */
851
  INPUT_SYNC(cinfo);            /* do before skip_input_data */
852
  if (length > 0)
853
    (*cinfo->src->skip_input_data) (cinfo, (long) length);
854

855
  return TRUE;
856
}
857

858
#endif /* SAVE_MARKERS_SUPPORTED */
859

860

861
METHODDEF(boolean)
862
skip_variable (j_decompress_ptr cinfo)
863
/* Skip over an unknown or uninteresting variable-length marker */
864
{
865
  JLONG length;
866
  INPUT_VARS(cinfo);
867

868
  INPUT_2BYTES(cinfo, length, return FALSE);
869
  length -= 2;
870

871
  TRACEMS2(cinfo, 1, JTRC_MISC_MARKER, cinfo->unread_marker, (int) length);
872

873
  INPUT_SYNC(cinfo);            /* do before skip_input_data */
874
  if (length > 0)
875
    (*cinfo->src->skip_input_data) (cinfo, (long) length);
876

877
  return TRUE;
878
}
879

880

881
/*
882
 * Find the next JPEG marker, save it in cinfo->unread_marker.
883
 * Returns FALSE if had to suspend before reaching a marker;
884
 * in that case cinfo->unread_marker is unchanged.
885
 *
886
 * Note that the result might not be a valid marker code,
887
 * but it will never be 0 or FF.
888
 */
889

890
LOCAL(boolean)
891
next_marker (j_decompress_ptr cinfo)
892
{
893
  int c;
894
  INPUT_VARS(cinfo);
895

896
  for (;;) {
897
    INPUT_BYTE(cinfo, c, return FALSE);
898
    /* Skip any non-FF bytes.
899
     * This may look a bit inefficient, but it will not occur in a valid file.
900
     * We sync after each discarded byte so that a suspending data source
901
     * can discard the byte from its buffer.
902
     */
903
    while (c != 0xFF) {
904
      cinfo->marker->discarded_bytes++;
905
      INPUT_SYNC(cinfo);
906
      INPUT_BYTE(cinfo, c, return FALSE);
907
    }
908
    /* This loop swallows any duplicate FF bytes.  Extra FFs are legal as
909
     * pad bytes, so don't count them in discarded_bytes.  We assume there
910
     * will not be so many consecutive FF bytes as to overflow a suspending
911
     * data source's input buffer.
912
     */
913
    do {
914
      INPUT_BYTE(cinfo, c, return FALSE);
915
    } while (c == 0xFF);
916
    if (c != 0)
917
      break;                    /* found a valid marker, exit loop */
918
    /* Reach here if we found a stuffed-zero data sequence (FF/00).
919
     * Discard it and loop back to try again.
920
     */
921
    cinfo->marker->discarded_bytes += 2;
922
    INPUT_SYNC(cinfo);
923
  }
924

925
  if (cinfo->marker->discarded_bytes != 0) {
926
    WARNMS2(cinfo, JWRN_EXTRANEOUS_DATA, cinfo->marker->discarded_bytes, c);
927
    cinfo->marker->discarded_bytes = 0;
928
  }
929

930
  cinfo->unread_marker = c;
931

932
  INPUT_SYNC(cinfo);
933
  return TRUE;
934
}
935

936

937
LOCAL(boolean)
938
first_marker (j_decompress_ptr cinfo)
939
/* Like next_marker, but used to obtain the initial SOI marker. */
940
/* For this marker, we do not allow preceding garbage or fill; otherwise,
941
 * we might well scan an entire input file before realizing it ain't JPEG.
942
 * If an application wants to process non-JFIF files, it must seek to the
943
 * SOI before calling the JPEG library.
944
 */
945
{
946
  int c, c2;
947
  INPUT_VARS(cinfo);
948

949
  INPUT_BYTE(cinfo, c, return FALSE);
950
  INPUT_BYTE(cinfo, c2, return FALSE);
951
  if (c != 0xFF || c2 != (int) M_SOI)
952
    ERREXIT2(cinfo, JERR_NO_SOI, c, c2);
953

954
  cinfo->unread_marker = c2;
955

956
  INPUT_SYNC(cinfo);
957
  return TRUE;
958
}
959

960

961
/*
962
 * Read markers until SOS or EOI.
963
 *
964
 * Returns same codes as are defined for jpeg_consume_input:
965
 * JPEG_SUSPENDED, JPEG_REACHED_SOS, or JPEG_REACHED_EOI.
966
 */
967

968
METHODDEF(int)
969
read_markers (j_decompress_ptr cinfo)
970
{
971
  /* Outer loop repeats once for each marker. */
972
  for (;;) {
973
    /* Collect the marker proper, unless we already did. */
974
    /* NB: first_marker() enforces the requirement that SOI appear first. */
975
    if (cinfo->unread_marker == 0) {
976
      if (! cinfo->marker->saw_SOI) {
977
        if (! first_marker(cinfo))
978
          return JPEG_SUSPENDED;
979
      } else {
980
        if (! next_marker(cinfo))
981
          return JPEG_SUSPENDED;
982
      }
983
    }
984
    /* At this point cinfo->unread_marker contains the marker code and the
985
     * input point is just past the marker proper, but before any parameters.
986
     * A suspension will cause us to return with this state still true.
987
     */
988
    switch (cinfo->unread_marker) {
989
    case M_SOI:
990
      if (! get_soi(cinfo))
991
        return JPEG_SUSPENDED;
992
      break;
993

994
    case M_SOF0:                /* Baseline */
995
    case M_SOF1:                /* Extended sequential, Huffman */
996
      if (! get_sof(cinfo, FALSE, FALSE))
997
        return JPEG_SUSPENDED;
998
      break;
999

1000
    case M_SOF2:                /* Progressive, Huffman */
1001
      if (! get_sof(cinfo, TRUE, FALSE))
1002
        return JPEG_SUSPENDED;
1003
      break;
1004

1005
    case M_SOF9:                /* Extended sequential, arithmetic */
1006
      if (! get_sof(cinfo, FALSE, TRUE))
1007
        return JPEG_SUSPENDED;
1008
      break;
1009

1010
    case M_SOF10:               /* Progressive, arithmetic */
1011
      if (! get_sof(cinfo, TRUE, TRUE))
1012
        return JPEG_SUSPENDED;
1013
      break;
1014

1015
    /* Currently unsupported SOFn types */
1016
    case M_SOF3:                /* Lossless, Huffman */
1017
    case M_SOF5:                /* Differential sequential, Huffman */
1018
    case M_SOF6:                /* Differential progressive, Huffman */
1019
    case M_SOF7:                /* Differential lossless, Huffman */
1020
    case M_JPG:                 /* Reserved for JPEG extensions */
1021
    case M_SOF11:               /* Lossless, arithmetic */
1022
    case M_SOF13:               /* Differential sequential, arithmetic */
1023
    case M_SOF14:               /* Differential progressive, arithmetic */
1024
    case M_SOF15:               /* Differential lossless, arithmetic */
1025
      ERREXIT1(cinfo, JERR_SOF_UNSUPPORTED, cinfo->unread_marker);
1026
      break;
1027

1028
    case M_SOS:
1029
      if (! get_sos(cinfo))
1030
        return JPEG_SUSPENDED;
1031
      cinfo->unread_marker = 0; /* processed the marker */
1032
      return JPEG_REACHED_SOS;
1033

1034
    case M_EOI:
1035
      TRACEMS(cinfo, 1, JTRC_EOI);
1036
      cinfo->unread_marker = 0; /* processed the marker */
1037
      return JPEG_REACHED_EOI;
1038

1039
    case M_DAC:
1040
      if (! get_dac(cinfo))
1041
        return JPEG_SUSPENDED;
1042
      break;
1043

1044
    case M_DHT:
1045
      if (! get_dht(cinfo))
1046
        return JPEG_SUSPENDED;
1047
      break;
1048

1049
    case M_DQT:
1050
      if (! get_dqt(cinfo))
1051
        return JPEG_SUSPENDED;
1052
      break;
1053

1054
    case M_DRI:
1055
      if (! get_dri(cinfo))
1056
        return JPEG_SUSPENDED;
1057
      break;
1058

1059
    case M_APP0:
1060
    case M_APP1:
1061
    case M_APP2:
1062
    case M_APP3:
1063
    case M_APP4:
1064
    case M_APP5:
1065
    case M_APP6:
1066
    case M_APP7:
1067
    case M_APP8:
1068
    case M_APP9:
1069
    case M_APP10:
1070
    case M_APP11:
1071
    case M_APP12:
1072
    case M_APP13:
1073
    case M_APP14:
1074
    case M_APP15:
1075
      if (! (*((my_marker_ptr) cinfo->marker)->process_APPn[
1076
                cinfo->unread_marker - (int) M_APP0]) (cinfo))
1077
        return JPEG_SUSPENDED;
1078
      break;
1079

1080
    case M_COM:
1081
      if (! (*((my_marker_ptr) cinfo->marker)->process_COM) (cinfo))
1082
        return JPEG_SUSPENDED;
1083
      break;
1084

1085
    case M_RST0:                /* these are all parameterless */
1086
    case M_RST1:
1087
    case M_RST2:
1088
    case M_RST3:
1089
    case M_RST4:
1090
    case M_RST5:
1091
    case M_RST6:
1092
    case M_RST7:
1093
    case M_TEM:
1094
      TRACEMS1(cinfo, 1, JTRC_PARMLESS_MARKER, cinfo->unread_marker);
1095
      break;
1096

1097
    case M_DNL:                 /* Ignore DNL ... perhaps the wrong thing */
1098
      if (! skip_variable(cinfo))
1099
        return JPEG_SUSPENDED;
1100
      break;
1101

1102
    default:                    /* must be DHP, EXP, JPGn, or RESn */
1103
      /* For now, we treat the reserved markers as fatal errors since they are
1104
       * likely to be used to signal incompatible JPEG Part 3 extensions.
1105
       * Once the JPEG 3 version-number marker is well defined, this code
1106
       * ought to change!
1107
       */
1108
      ERREXIT1(cinfo, JERR_UNKNOWN_MARKER, cinfo->unread_marker);
1109
      break;
1110
    }
1111
    /* Successfully processed marker, so reset state variable */
1112
    cinfo->unread_marker = 0;
1113
  } /* end loop */
1114
}
1115

1116

1117
/*
1118
 * Read a restart marker, which is expected to appear next in the datastream;
1119
 * if the marker is not there, take appropriate recovery action.
1120
 * Returns FALSE if suspension is required.
1121
 *
1122
 * This is called by the entropy decoder after it has read an appropriate
1123
 * number of MCUs.  cinfo->unread_marker may be nonzero if the entropy decoder
1124
 * has already read a marker from the data source.  Under normal conditions
1125
 * cinfo->unread_marker will be reset to 0 before returning; if not reset,
1126
 * it holds a marker which the decoder will be unable to read past.
1127
 */
1128

1129
METHODDEF(boolean)
1130
read_restart_marker (j_decompress_ptr cinfo)
1131
{
1132
  /* Obtain a marker unless we already did. */
1133
  /* Note that next_marker will complain if it skips any data. */
1134
  if (cinfo->unread_marker == 0) {
1135
    if (! next_marker(cinfo))
1136
      return FALSE;
1137
  }
1138

1139
  if (cinfo->unread_marker ==
1140
      ((int) M_RST0 + cinfo->marker->next_restart_num)) {
1141
    /* Normal case --- swallow the marker and let entropy decoder continue */
1142
    TRACEMS1(cinfo, 3, JTRC_RST, cinfo->marker->next_restart_num);
1143
    cinfo->unread_marker = 0;
1144
  } else {
1145
    /* Uh-oh, the restart markers have been messed up. */
1146
    /* Let the data source manager determine how to resync. */
1147
    if (! (*cinfo->src->resync_to_restart) (cinfo,
1148
                                            cinfo->marker->next_restart_num))
1149
      return FALSE;
1150
  }
1151

1152
  /* Update next-restart state */
1153
  cinfo->marker->next_restart_num = (cinfo->marker->next_restart_num + 1) & 7;
1154

1155
  return TRUE;
1156
}
1157

1158

1159
/*
1160
 * This is the default resync_to_restart method for data source managers
1161
 * to use if they don't have any better approach.  Some data source managers
1162
 * may be able to back up, or may have additional knowledge about the data
1163
 * which permits a more intelligent recovery strategy; such managers would
1164
 * presumably supply their own resync method.
1165
 *
1166
 * read_restart_marker calls resync_to_restart if it finds a marker other than
1167
 * the restart marker it was expecting.  (This code is *not* used unless
1168
 * a nonzero restart interval has been declared.)  cinfo->unread_marker is
1169
 * the marker code actually found (might be anything, except 0 or FF).
1170
 * The desired restart marker number (0..7) is passed as a parameter.
1171
 * This routine is supposed to apply whatever error recovery strategy seems
1172
 * appropriate in order to position the input stream to the next data segment.
1173
 * Note that cinfo->unread_marker is treated as a marker appearing before
1174
 * the current data-source input point; usually it should be reset to zero
1175
 * before returning.
1176
 * Returns FALSE if suspension is required.
1177
 *
1178
 * This implementation is substantially constrained by wanting to treat the
1179
 * input as a data stream; this means we can't back up.  Therefore, we have
1180
 * only the following actions to work with:
1181
 *   1. Simply discard the marker and let the entropy decoder resume at next
1182
 *      byte of file.
1183
 *   2. Read forward until we find another marker, discarding intervening
1184
 *      data.  (In theory we could look ahead within the current bufferload,
1185
 *      without having to discard data if we don't find the desired marker.
1186
 *      This idea is not implemented here, in part because it makes behavior
1187
 *      dependent on buffer size and chance buffer-boundary positions.)
1188
 *   3. Leave the marker unread (by failing to zero cinfo->unread_marker).
1189
 *      This will cause the entropy decoder to process an empty data segment,
1190
 *      inserting dummy zeroes, and then we will reprocess the marker.
1191
 *
1192
 * #2 is appropriate if we think the desired marker lies ahead, while #3 is
1193
 * appropriate if the found marker is a future restart marker (indicating
1194
 * that we have missed the desired restart marker, probably because it got
1195
 * corrupted).
1196
 * We apply #2 or #3 if the found marker is a restart marker no more than
1197
 * two counts behind or ahead of the expected one.  We also apply #2 if the
1198
 * found marker is not a legal JPEG marker code (it's certainly bogus data).
1199
 * If the found marker is a restart marker more than 2 counts away, we do #1
1200
 * (too much risk that the marker is erroneous; with luck we will be able to
1201
 * resync at some future point).
1202
 * For any valid non-restart JPEG marker, we apply #3.  This keeps us from
1203
 * overrunning the end of a scan.  An implementation limited to single-scan
1204
 * files might find it better to apply #2 for markers other than EOI, since
1205
 * any other marker would have to be bogus data in that case.
1206
 */
1207

1208
GLOBAL(boolean)
1209
jpeg_resync_to_restart (j_decompress_ptr cinfo, int desired)
1210
{
1211
  int marker = cinfo->unread_marker;
1212
  int action = 1;
1213

1214
  /* Always put up a warning. */
1215
  WARNMS2(cinfo, JWRN_MUST_RESYNC, marker, desired);
1216

1217
  /* Outer loop handles repeated decision after scanning forward. */
1218
  for (;;) {
1219
    if (marker < (int) M_SOF0)
1220
      action = 2;               /* invalid marker */
1221
    else if (marker < (int) M_RST0 || marker > (int) M_RST7)
1222
      action = 3;               /* valid non-restart marker */
1223
    else {
1224
      if (marker == ((int) M_RST0 + ((desired+1) & 7)) ||
1225
          marker == ((int) M_RST0 + ((desired+2) & 7)))
1226
        action = 3;             /* one of the next two expected restarts */
1227
      else if (marker == ((int) M_RST0 + ((desired-1) & 7)) ||
1228
               marker == ((int) M_RST0 + ((desired-2) & 7)))
1229
        action = 2;             /* a prior restart, so advance */
1230
      else
1231
        action = 1;             /* desired restart or too far away */
1232
    }
1233
    TRACEMS2(cinfo, 4, JTRC_RECOVERY_ACTION, marker, action);
1234
    switch (action) {
1235
    case 1:
1236
      /* Discard marker and let entropy decoder resume processing. */
1237
      cinfo->unread_marker = 0;
1238
      return TRUE;
1239
    case 2:
1240
      /* Scan to the next marker, and repeat the decision loop. */
1241
      if (! next_marker(cinfo))
1242
        return FALSE;
1243
      marker = cinfo->unread_marker;
1244
      break;
1245
    case 3:
1246
      /* Return without advancing past this marker. */
1247
      /* Entropy decoder will be forced to process an empty segment. */
1248
      return TRUE;
1249
    }
1250
  } /* end loop */
1251
}
1252

1253

1254
/*
1255
 * Reset marker processing state to begin a fresh datastream.
1256
 */
1257

1258
METHODDEF(void)
1259
reset_marker_reader (j_decompress_ptr cinfo)
1260
{
1261
  my_marker_ptr marker = (my_marker_ptr) cinfo->marker;
1262

1263
  cinfo->comp_info = NULL;              /* until allocated by get_sof */
1264
  cinfo->input_scan_number = 0;         /* no SOS seen yet */
1265
  cinfo->unread_marker = 0;             /* no pending marker */
1266
  marker->pub.saw_SOI = FALSE;          /* set internal state too */
1267
  marker->pub.saw_SOF = FALSE;
1268
  marker->pub.discarded_bytes = 0;
1269
  marker->cur_marker = NULL;
1270
}
1271

1272

1273
/*
1274
 * Initialize the marker reader module.
1275
 * This is called only once, when the decompression object is created.
1276
 */
1277

1278
GLOBAL(void)
1279
jinit_marker_reader (j_decompress_ptr cinfo)
1280
{
1281
  my_marker_ptr marker;
1282
  int i;
1283

1284
  /* Create subobject in permanent pool */
1285
  marker = (my_marker_ptr)
1286
    (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_PERMANENT,
1287
                                sizeof(my_marker_reader));
1288
  cinfo->marker = (struct jpeg_marker_reader *) marker;
1289
  /* Initialize public method pointers */
1290
  marker->pub.reset_marker_reader = reset_marker_reader;
1291
  marker->pub.read_markers = read_markers;
1292
  marker->pub.read_restart_marker = read_restart_marker;
1293
  /* Initialize COM/APPn processing.
1294
   * By default, we examine and then discard APP0 and APP14,
1295
   * but simply discard COM and all other APPn.
1296
   */
1297
  marker->process_COM = skip_variable;
1298
  marker->length_limit_COM = 0;
1299
  for (i = 0; i < 16; i++) {
1300
    marker->process_APPn[i] = skip_variable;
1301
    marker->length_limit_APPn[i] = 0;
1302
  }
1303
  marker->process_APPn[0] = get_interesting_appn;
1304
  marker->process_APPn[14] = get_interesting_appn;
1305
  /* Reset marker processing state */
1306
  reset_marker_reader(cinfo);
1307
}
1308

1309

1310
/*
1311
 * Control saving of COM and APPn markers into marker_list.
1312
 */
1313

1314
#ifdef SAVE_MARKERS_SUPPORTED
1315

1316
GLOBAL(void)
1317
jpeg_save_markers (j_decompress_ptr cinfo, int marker_code,
1318
                   unsigned int length_limit)
1319
{
1320
  my_marker_ptr marker = (my_marker_ptr) cinfo->marker;
1321
  long maxlength;
1322
  jpeg_marker_parser_method processor;
1323

1324
  /* Length limit mustn't be larger than what we can allocate
1325
   * (should only be a concern in a 16-bit environment).
1326
   */
1327
  maxlength = cinfo->mem->max_alloc_chunk - sizeof(struct jpeg_marker_struct);
1328
  if (((long) length_limit) > maxlength)
1329
    length_limit = (unsigned int) maxlength;
1330

1331
  /* Choose processor routine to use.
1332
   * APP0/APP14 have special requirements.
1333
   */
1334
  if (length_limit) {
1335
    processor = save_marker;
1336
    /* If saving APP0/APP14, save at least enough for our internal use. */
1337
    if (marker_code == (int) M_APP0 && length_limit < APP0_DATA_LEN)
1338
      length_limit = APP0_DATA_LEN;
1339
    else if (marker_code == (int) M_APP14 && length_limit < APP14_DATA_LEN)
1340
      length_limit = APP14_DATA_LEN;
1341
  } else {
1342
    processor = skip_variable;
1343
    /* If discarding APP0/APP14, use our regular on-the-fly processor. */
1344
    if (marker_code == (int) M_APP0 || marker_code == (int) M_APP14)
1345
      processor = get_interesting_appn;
1346
  }
1347

1348
  if (marker_code == (int) M_COM) {
1349
    marker->process_COM = processor;
1350
    marker->length_limit_COM = length_limit;
1351
  } else if (marker_code >= (int) M_APP0 && marker_code <= (int) M_APP15) {
1352
    marker->process_APPn[marker_code - (int) M_APP0] = processor;
1353
    marker->length_limit_APPn[marker_code - (int) M_APP0] = length_limit;
1354
  } else
1355
    ERREXIT1(cinfo, JERR_UNKNOWN_MARKER, marker_code);
1356
}
1357

1358
#endif /* SAVE_MARKERS_SUPPORTED */
1359

1360

1361
/*
1362
 * Install a special processing method for COM or APPn markers.
1363
 */
1364

1365
GLOBAL(void)
1366
jpeg_set_marker_processor (j_decompress_ptr cinfo, int marker_code,
1367
                           jpeg_marker_parser_method routine)
1368
{
1369
  my_marker_ptr marker = (my_marker_ptr) cinfo->marker;
1370

1371
  if (marker_code == (int) M_COM)
1372
    marker->process_COM = routine;
1373
  else if (marker_code >= (int) M_APP0 && marker_code <= (int) M_APP15)
1374
    marker->process_APPn[marker_code - (int) M_APP0] = routine;
1375
  else
1376
    ERREXIT1(cinfo, JERR_UNKNOWN_MARKER, marker_code);
1377
}
1378

1379