1/* exif-data.c
2 *
3 * Copyright (c) 2001 Lutz Mueller <lutz@users.sourceforge.net>
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the
17 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
18 * Boston, MA  02110-1301  USA.
19 */
20
21#include <config.h>
22
23#include <libexif/exif-mnote-data.h>
24#include <libexif/exif-data.h>
25#include <libexif/exif-ifd.h>
26#include <libexif/exif-mnote-data-priv.h>
27#include <libexif/exif-utils.h>
28#include <libexif/exif-loader.h>
29#include <libexif/exif-log.h>
30#include <libexif/i18n.h>
31#include <libexif/exif-system.h>
32
33#include <libexif/canon/exif-mnote-data-canon.h>
34#include <libexif/fuji/exif-mnote-data-fuji.h>
35#include <libexif/olympus/exif-mnote-data-olympus.h>
36#include <libexif/pentax/exif-mnote-data-pentax.h>
37
38#include <stdlib.h>
39#include <stdio.h>
40#include <string.h>
41
42#undef JPEG_MARKER_SOI
43#define JPEG_MARKER_SOI  0xd8
44#undef JPEG_MARKER_APP0
45#define JPEG_MARKER_APP0 0xe0
46#undef JPEG_MARKER_APP1
47#define JPEG_MARKER_APP1 0xe1
48
49static const unsigned char ExifHeader[] = {0x45, 0x78, 0x69, 0x66, 0x00, 0x00};
50
51struct _ExifDataPrivate
52{
53	ExifByteOrder order;
54
55	ExifMnoteData *md;
56
57	ExifLog *log;
58	ExifMem *mem;
59
60	unsigned int ref_count;
61
62	/* Temporarily used while loading data */
63	unsigned int offset_mnote;
64
65	ExifDataOption options;
66	ExifDataType data_type;
67};
68
69static void *
70exif_data_alloc (ExifData *data, unsigned int i)
71{
72	void *d;
73
74	if (!data || !i)
75		return NULL;
76
77	d = exif_mem_alloc (data->priv->mem, i);
78	if (d)
79		return d;
80
81	EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData", i);
82	return NULL;
83}
84
85ExifMnoteData *
86exif_data_get_mnote_data (ExifData *d)
87{
88	return (d && d->priv) ? d->priv->md : NULL;
89}
90
91ExifData *
92exif_data_new (void)
93{
94	ExifMem *mem = exif_mem_new_default ();
95	ExifData *d = exif_data_new_mem (mem);
96
97	exif_mem_unref (mem);
98
99	return d;
100}
101
102ExifData *
103exif_data_new_mem (ExifMem *mem)
104{
105	ExifData *data;
106	unsigned int i;
107
108	if (!mem)
109		return NULL;
110
111	data = exif_mem_alloc (mem, sizeof (ExifData));
112	if (!data)
113		return (NULL);
114	data->priv = exif_mem_alloc (mem, sizeof (ExifDataPrivate));
115	if (!data->priv) {
116	  	exif_mem_free (mem, data);
117		return (NULL);
118	}
119	data->priv->ref_count = 1;
120
121	data->priv->mem = mem;
122	exif_mem_ref (mem);
123
124	for (i = 0; i < EXIF_IFD_COUNT; i++) {
125		data->ifd[i] = exif_content_new_mem (data->priv->mem);
126		if (!data->ifd[i]) {
127			exif_data_free (data);
128			return (NULL);
129		}
130		data->ifd[i]->parent = data;
131	}
132
133	/* Default options */
134#ifndef NO_VERBOSE_TAG_STRINGS
135	/*
136	 * When the tag list is compiled away, setting this option prevents
137	 * any tags from being loaded
138	 */
139	exif_data_set_option (data, EXIF_DATA_OPTION_IGNORE_UNKNOWN_TAGS);
140#endif
141	exif_data_set_option (data, EXIF_DATA_OPTION_FOLLOW_SPECIFICATION);
142
143	/* Default data type: none */
144	exif_data_set_data_type (data, EXIF_DATA_TYPE_COUNT);
145
146	return (data);
147}
148
149ExifData *
150exif_data_new_from_data (const unsigned char *data, unsigned int size)
151{
152	ExifData *edata;
153
154	edata = exif_data_new ();
155	exif_data_load_data (edata, data, size);
156	return (edata);
157}
158
159static int
160exif_data_load_data_entry (ExifData *data, ExifEntry *entry,
161			   const unsigned char *d,
162			   unsigned int size, unsigned int offset)
163{
164	unsigned int s, doff;
165
166	entry->tag        = exif_get_short (d + offset + 0, data->priv->order);
167	entry->format     = exif_get_short (d + offset + 2, data->priv->order);
168	entry->components = exif_get_long  (d + offset + 4, data->priv->order);
169
170	/* FIXME: should use exif_tag_get_name_in_ifd here but entry->parent
171	 * has not been set yet
172	 */
173	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
174		  "Loading entry 0x%x ('%s')...", entry->tag,
175		  exif_tag_get_name (entry->tag));
176
177	/* {0,1,2,4,8} x { 0x00000000 .. 0xffffffff }
178	 *   -> { 0x000000000 .. 0x7fffffff8 } */
179	s = exif_format_get_size(entry->format) * entry->components;
180	if ((s < entry->components) || (s == 0)){
181		return 0;
182	}
183
184	/*
185	 * Size? If bigger than 4 bytes, the actual data is not
186	 * in the entry but somewhere else (offset).
187	 */
188	if (s > 4)
189		doff = exif_get_long (d + offset + 8, data->priv->order);
190	else
191		doff = offset + 8;
192
193	/* Sanity checks */
194	if ((doff + s < doff) || (doff + s < s) || (doff + s > size)) {
195		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
196				  "Tag data past end of buffer (%u > %u)", doff+s, size);
197		return 0;
198	}
199
200	entry->data = exif_data_alloc (data, s);
201	if (entry->data) {
202		entry->size = s;
203		memcpy (entry->data, d + doff, s);
204	} else {
205		/* FIXME: What do our callers do if (entry->data == NULL)? */
206		EXIF_LOG_NO_MEMORY(data->priv->log, "ExifData", s);
207	}
208
209	/* If this is the MakerNote, remember the offset */
210	if (entry->tag == EXIF_TAG_MAKER_NOTE) {
211		if (!entry->data) {
212			exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
213					  "MakerNote found with empty data");
214		} else if (entry->size > 6) {
215			exif_log (data->priv->log,
216					       EXIF_LOG_CODE_DEBUG, "ExifData",
217					       "MakerNote found (%02x %02x %02x %02x "
218					       "%02x %02x %02x...).",
219					       entry->data[0], entry->data[1], entry->data[2],
220					       entry->data[3], entry->data[4], entry->data[5],
221					       entry->data[6]);
222		}
223		data->priv->offset_mnote = doff;
224	}
225	return 1;
226}
227
228static void
229exif_data_save_data_entry (ExifData *data, ExifEntry *e,
230			   unsigned char **d, unsigned int *ds,
231			   unsigned int offset)
232{
233	unsigned int doff, s;
234	unsigned int ts;
235
236	if (!data || !data->priv)
237		return;
238
239	/*
240	 * Each entry is 12 bytes long. The memory for the entry has
241	 * already been allocated.
242	 */
243	exif_set_short (*d + 6 + offset + 0,
244			data->priv->order, (ExifShort) e->tag);
245	exif_set_short (*d + 6 + offset + 2,
246			data->priv->order, (ExifShort) e->format);
247
248	if (!(data->priv->options & EXIF_DATA_OPTION_DONT_CHANGE_MAKER_NOTE)) {
249		/* If this is the maker note tag, update it. */
250		if ((e->tag == EXIF_TAG_MAKER_NOTE) && data->priv->md) {
251			/* TODO: this is using the wrong ExifMem to free e->data */
252			exif_mem_free (data->priv->mem, e->data);
253			e->data = NULL;
254			e->size = 0;
255			exif_mnote_data_set_offset (data->priv->md, *ds - 6);
256			exif_mnote_data_save (data->priv->md, &e->data, &e->size);
257			e->components = e->size;
258		}
259	}
260
261	exif_set_long  (*d + 6 + offset + 4,
262			data->priv->order, e->components);
263
264	/*
265	 * Size? If bigger than 4 bytes, the actual data is not in
266	 * the entry but somewhere else.
267	 */
268	s = exif_format_get_size (e->format) * e->components;
269	if (s > 4) {
270		unsigned char *t;
271		doff = *ds - 6;
272		ts = *ds + s;
273
274		/*
275		 * According to the TIFF specification,
276		 * the offset must be an even number. If we need to introduce
277		 * a padding byte, we set it to 0.
278		 */
279		if (s & 1)
280			ts++;
281		t = exif_mem_realloc (data->priv->mem, *d, ts);
282		if (!t) {
283			EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData", ts);
284		  	return;
285		}
286		*d = t;
287		*ds = ts;
288		exif_set_long (*d + 6 + offset + 8, data->priv->order, doff);
289		if (s & 1)
290			*(*d + *ds - 1) = '\0';
291
292	} else
293		doff = offset + 8;
294
295	/* Write the data. Fill unneeded bytes with 0. Do not crash with
296	 * e->data is NULL */
297	if (e->data) {
298		memcpy (*d + 6 + doff, e->data, s);
299	} else {
300		memset (*d + 6 + doff, 0, s);
301	}
302	if (s < 4)
303		memset (*d + 6 + doff + s, 0, (4 - s));
304}
305
306static void
307exif_data_load_data_thumbnail (ExifData *data, const unsigned char *d,
308			       unsigned int ds, ExifLong o, ExifLong s)
309{
310	/* Sanity checks */
311	if ((o + s < o) || (o + s < s) || (o + s > ds) || (o > ds)) {
312		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
313			  "Bogus thumbnail offset (%u) or size (%u).",
314			  o, s);
315		return;
316	}
317
318	if (data->data)
319		exif_mem_free (data->priv->mem, data->data);
320	if (!(data->data = exif_data_alloc (data, s))) {
321		EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData", s);
322		data->size = 0;
323		return;
324	}
325	data->size = s;
326	memcpy (data->data, d + o, s);
327}
328
329#undef CHECK_REC
330#define CHECK_REC(i) 					\
331if ((i) == ifd) {				\
332	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, \
333		"ExifData", "Recursive entry in IFD "	\
334		"'%s' detected. Skipping...",		\
335		exif_ifd_get_name (i));			\
336	break;						\
337}							\
338if (data->ifd[(i)]->count) {				\
339	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG,	\
340		"ExifData", "Attempt to load IFD "	\
341		"'%s' multiple times detected. "	\
342		"Skipping...",				\
343		exif_ifd_get_name (i));			\
344	break;						\
345}
346
347/*! Load data for an IFD.
348 *
349 * \param[in,out] data #ExifData
350 * \param[in] ifd IFD to load
351 * \param[in] d pointer to buffer containing raw IFD data
352 * \param[in] ds size of raw data in buffer at \c d
353 * \param[in] offset offset into buffer at \c d at which IFD starts
354 * \param[in] recursion_depth number of times this function has been
355 * recursively called without returning
356 */
357static void
358exif_data_load_data_content (ExifData *data, ExifIfd ifd,
359			     const unsigned char *d,
360			     unsigned int ds, unsigned int offset, unsigned int recursion_depth)
361{
362	ExifLong o, thumbnail_offset = 0, thumbnail_length = 0;
363	ExifShort n;
364	ExifEntry *entry;
365	unsigned int i;
366	ExifTag tag;
367
368	if (!data || !data->priv)
369		return;
370
371	/* check for valid ExifIfd enum range */
372	if ((((int)ifd) < 0) || ( ((int)ifd) >= EXIF_IFD_COUNT))
373	  return;
374
375	if (recursion_depth > 30) {
376		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
377			  "Deep recursion detected!");
378		return;
379	}
380
381	/* Read the number of entries */
382	if ((offset + 2 < offset) || (offset + 2 < 2) || (offset + 2 > ds)) {
383		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData",
384			  "Tag data past end of buffer (%u > %u)", offset+2, ds);
385		return;
386	}
387	n = exif_get_short (d + offset, data->priv->order);
388	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
389	          "Loading %hu entries...", n);
390	offset += 2;
391
392	/* Check if we have enough data. */
393	if (offset + 12 * n > ds) {
394		n = (ds - offset) / 12;
395		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
396				  "Short data; only loading %hu entries...", n);
397	}
398
399	for (i = 0; i < n; i++) {
400
401		tag = exif_get_short (d + offset + 12 * i, data->priv->order);
402		switch (tag) {
403		case EXIF_TAG_EXIF_IFD_POINTER:
404		case EXIF_TAG_GPS_INFO_IFD_POINTER:
405		case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
406		case EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH:
407		case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
408			o = exif_get_long (d + offset + 12 * i + 8,
409					   data->priv->order);
410			/* FIXME: IFD_POINTER tags aren't marked as being in a
411			 * specific IFD, so exif_tag_get_name_in_ifd won't work
412			 */
413			exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
414				  "Sub-IFD entry 0x%x ('%s') at %u.", tag,
415				  exif_tag_get_name(tag), o);
416			switch (tag) {
417			case EXIF_TAG_EXIF_IFD_POINTER:
418				CHECK_REC (EXIF_IFD_EXIF);
419				exif_data_load_data_content (data, EXIF_IFD_EXIF, d, ds, o, recursion_depth + 1);
420				break;
421			case EXIF_TAG_GPS_INFO_IFD_POINTER:
422				CHECK_REC (EXIF_IFD_GPS);
423				exif_data_load_data_content (data, EXIF_IFD_GPS, d, ds, o, recursion_depth + 1);
424				break;
425			case EXIF_TAG_INTEROPERABILITY_IFD_POINTER:
426				CHECK_REC (EXIF_IFD_INTEROPERABILITY);
427				exif_data_load_data_content (data, EXIF_IFD_INTEROPERABILITY, d, ds, o, recursion_depth + 1);
428				break;
429			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT:
430				thumbnail_offset = o;
431				if (thumbnail_offset && thumbnail_length)
432					exif_data_load_data_thumbnail (data, d,
433								       ds, thumbnail_offset,
434								       thumbnail_length);
435				break;
436			case EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH:
437				thumbnail_length = o;
438				if (thumbnail_offset && thumbnail_length)
439					exif_data_load_data_thumbnail (data, d,
440								       ds, thumbnail_offset,
441								       thumbnail_length);
442				break;
443			default:
444				return;
445			}
446			break;
447		default:
448
449			/*
450			 * If we don't know the tag, don't fail. It could be that new
451			 * versions of the standard have defined additional tags. Note that
452			 * 0 is a valid tag in the GPS IFD.
453			 */
454			if (!exif_tag_get_name_in_ifd (tag, ifd)) {
455
456				/*
457				 * Special case: Tag and format 0. That's against specification
458				 * (at least up to 2.2). But Photoshop writes it anyways.
459				 */
460				if (!memcmp (d + offset + 12 * i, "\0\0\0\0", 4)) {
461					exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
462						  "Skipping empty entry at position %u in '%s'.", i,
463						  exif_ifd_get_name (ifd));
464					break;
465				}
466				exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
467					  "Unknown tag 0x%04x (entry %u in '%s'). Please report this tag "
468					  "to <libexif-devel@lists.sourceforge.net>.", tag, i,
469					  exif_ifd_get_name (ifd));
470				if (data->priv->options & EXIF_DATA_OPTION_IGNORE_UNKNOWN_TAGS)
471					break;
472			}
473			entry = exif_entry_new_mem (data->priv->mem);
474			if (exif_data_load_data_entry (data, entry, d, ds,
475						   offset + 12 * i))
476				exif_content_add_entry (data->ifd[ifd], entry);
477			exif_entry_unref (entry);
478			break;
479		}
480	}
481}
482
483static int
484cmp_func (const unsigned char *p1, const unsigned char *p2, ExifByteOrder o)
485{
486	ExifShort tag1 = exif_get_short (p1, o);
487	ExifShort tag2 = exif_get_short (p2, o);
488
489	return (tag1 < tag2) ? -1 : (tag1 > tag2) ? 1 : 0;
490}
491
492static int
493cmp_func_intel (const void *elem1, const void *elem2)
494{
495	return cmp_func ((const unsigned char *) elem1,
496			 (const unsigned char *) elem2, EXIF_BYTE_ORDER_INTEL);
497}
498
499static int
500cmp_func_motorola (const void *elem1, const void *elem2)
501{
502	return cmp_func ((const unsigned char *) elem1,
503			 (const unsigned char *) elem2, EXIF_BYTE_ORDER_MOTOROLA);
504}
505
506static void
507exif_data_save_data_content (ExifData *data, ExifContent *ifd,
508			     unsigned char **d, unsigned int *ds,
509			     unsigned int offset)
510{
511	unsigned int j, n_ptr = 0, n_thumb = 0;
512	ExifIfd i;
513	unsigned char *t;
514	unsigned int ts;
515
516	if (!data || !data->priv || !ifd || !d || !ds)
517		return;
518
519	for (i = 0; i < EXIF_IFD_COUNT; i++)
520		if (ifd == data->ifd[i])
521			break;
522	if (i == EXIF_IFD_COUNT)
523		return;	/* error */
524
525	/*
526	 * Check if we need some extra entries for pointers or the thumbnail.
527	 */
528	switch (i) {
529	case EXIF_IFD_0:
530
531		/*
532		 * The pointer to IFD_EXIF is in IFD_0. The pointer to
533		 * IFD_INTEROPERABILITY is in IFD_EXIF.
534		 */
535		if (data->ifd[EXIF_IFD_EXIF]->count ||
536		    data->ifd[EXIF_IFD_INTEROPERABILITY]->count)
537			n_ptr++;
538
539		/* The pointer to IFD_GPS is in IFD_0. */
540		if (data->ifd[EXIF_IFD_GPS]->count)
541			n_ptr++;
542
543		break;
544	case EXIF_IFD_1:
545		if (data->size)
546			n_thumb = 2;
547		break;
548	case EXIF_IFD_EXIF:
549		if (data->ifd[EXIF_IFD_INTEROPERABILITY]->count)
550			n_ptr++;
551	default:
552		break;
553	}
554
555	/*
556	 * Allocate enough memory for all entries
557	 * and the number of entries.
558	 */
559	ts = *ds + (2 + (ifd->count + n_ptr + n_thumb) * 12 + 4);
560	t = exif_mem_realloc (data->priv->mem, *d, ts);
561	if (!t) {
562		EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData", ts);
563	  	return;
564	}
565	*d = t;
566	*ds = ts;
567
568	/* Save the number of entries */
569	exif_set_short (*d + 6 + offset, data->priv->order,
570			(ExifShort) (ifd->count + n_ptr + n_thumb));
571	offset += 2;
572
573	/*
574	 * Save each entry. Make sure that no memcpys from NULL pointers are
575	 * performed
576	 */
577	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
578		  "Saving %i entries (IFD '%s', offset: %i)...",
579		  ifd->count, exif_ifd_get_name (i), offset);
580	for (j = 0; j < ifd->count; j++) {
581		if (ifd->entries[j]) {
582			exif_data_save_data_entry (data, ifd->entries[j], d, ds,
583				offset + 12 * j);
584		}
585	}
586
587	offset += 12 * ifd->count;
588
589	/* Now save special entries. */
590	switch (i) {
591	case EXIF_IFD_0:
592
593		/*
594		 * The pointer to IFD_EXIF is in IFD_0.
595		 * However, the pointer to IFD_INTEROPERABILITY is in IFD_EXIF,
596		 * therefore, if IFD_INTEROPERABILITY is not empty, we need
597		 * IFD_EXIF even if latter is empty.
598		 */
599		if (data->ifd[EXIF_IFD_EXIF]->count ||
600		    data->ifd[EXIF_IFD_INTEROPERABILITY]->count) {
601			exif_set_short (*d + 6 + offset + 0, data->priv->order,
602					EXIF_TAG_EXIF_IFD_POINTER);
603			exif_set_short (*d + 6 + offset + 2, data->priv->order,
604					EXIF_FORMAT_LONG);
605			exif_set_long  (*d + 6 + offset + 4, data->priv->order,
606					1);
607			exif_set_long  (*d + 6 + offset + 8, data->priv->order,
608					*ds - 6);
609			exif_data_save_data_content (data,
610						     data->ifd[EXIF_IFD_EXIF], d, ds, *ds - 6);
611			offset += 12;
612		}
613
614		/* The pointer to IFD_GPS is in IFD_0, too. */
615		if (data->ifd[EXIF_IFD_GPS]->count) {
616			exif_set_short (*d + 6 + offset + 0, data->priv->order,
617					EXIF_TAG_GPS_INFO_IFD_POINTER);
618			exif_set_short (*d + 6 + offset + 2, data->priv->order,
619					EXIF_FORMAT_LONG);
620			exif_set_long  (*d + 6 + offset + 4, data->priv->order,
621					1);
622			exif_set_long  (*d + 6 + offset + 8, data->priv->order,
623					*ds - 6);
624			exif_data_save_data_content (data,
625						     data->ifd[EXIF_IFD_GPS], d, ds, *ds - 6);
626			offset += 12;
627		}
628
629		break;
630	case EXIF_IFD_EXIF:
631
632		/*
633		 * The pointer to IFD_INTEROPERABILITY is in IFD_EXIF.
634		 * See note above.
635		 */
636		if (data->ifd[EXIF_IFD_INTEROPERABILITY]->count) {
637			exif_set_short (*d + 6 + offset + 0, data->priv->order,
638					EXIF_TAG_INTEROPERABILITY_IFD_POINTER);
639			exif_set_short (*d + 6 + offset + 2, data->priv->order,
640					EXIF_FORMAT_LONG);
641			exif_set_long  (*d + 6 + offset + 4, data->priv->order,
642					1);
643			exif_set_long  (*d + 6 + offset + 8, data->priv->order,
644					*ds - 6);
645			exif_data_save_data_content (data,
646						     data->ifd[EXIF_IFD_INTEROPERABILITY], d, ds,
647						     *ds - 6);
648			offset += 12;
649		}
650
651		break;
652	case EXIF_IFD_1:
653
654		/*
655		 * Information about the thumbnail (if any) is saved in
656		 * IFD_1.
657		 */
658		if (data->size) {
659
660			/* EXIF_TAG_JPEG_INTERCHANGE_FORMAT */
661			exif_set_short (*d + 6 + offset + 0, data->priv->order,
662					EXIF_TAG_JPEG_INTERCHANGE_FORMAT);
663			exif_set_short (*d + 6 + offset + 2, data->priv->order,
664					EXIF_FORMAT_LONG);
665			exif_set_long  (*d + 6 + offset + 4, data->priv->order,
666					1);
667			exif_set_long  (*d + 6 + offset + 8, data->priv->order,
668					*ds - 6);
669			ts = *ds + data->size;
670			t = exif_mem_realloc (data->priv->mem, *d, ts);
671			if (!t) {
672				EXIF_LOG_NO_MEMORY (data->priv->log, "ExifData",
673						    ts);
674			  	return;
675			}
676			*d = t;
677			*ds = ts;
678			memcpy (*d + *ds - data->size, data->data, data->size);
679			offset += 12;
680
681			/* EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH */
682			exif_set_short (*d + 6 + offset + 0, data->priv->order,
683					EXIF_TAG_JPEG_INTERCHANGE_FORMAT_LENGTH);
684			exif_set_short (*d + 6 + offset + 2, data->priv->order,
685					EXIF_FORMAT_LONG);
686			exif_set_long  (*d + 6 + offset + 4, data->priv->order,
687					1);
688			exif_set_long  (*d + 6 + offset + 8, data->priv->order,
689					data->size);
690			offset += 12;
691		}
692
693		break;
694	default:
695		break;
696	}
697
698	/* Sort the directory according to TIFF specification */
699	qsort (*d + 6 + offset - (ifd->count + n_ptr + n_thumb) * 12,
700	       (ifd->count + n_ptr + n_thumb), 12,
701	       (data->priv->order == EXIF_BYTE_ORDER_INTEL) ? cmp_func_intel : cmp_func_motorola);
702
703	/* Correctly terminate the directory */
704	if (i == EXIF_IFD_0 && (data->ifd[EXIF_IFD_1]->count ||
705				data->size)) {
706
707		/*
708		 * We are saving IFD 0. Tell where IFD 1 starts and save
709		 * IFD 1.
710		 */
711		exif_set_long (*d + 6 + offset, data->priv->order, *ds - 6);
712		exif_data_save_data_content (data, data->ifd[EXIF_IFD_1], d, ds,
713					     *ds - 6);
714	} else
715		exif_set_long (*d + 6 + offset, data->priv->order, 0);
716}
717
718typedef enum {
719	EXIF_DATA_TYPE_MAKER_NOTE_NONE		= 0,
720	EXIF_DATA_TYPE_MAKER_NOTE_CANON		= 1,
721	EXIF_DATA_TYPE_MAKER_NOTE_OLYMPUS	= 2,
722	EXIF_DATA_TYPE_MAKER_NOTE_PENTAX	= 3,
723	EXIF_DATA_TYPE_MAKER_NOTE_NIKON		= 4,
724	EXIF_DATA_TYPE_MAKER_NOTE_CASIO		= 5,
725	EXIF_DATA_TYPE_MAKER_NOTE_FUJI 		= 6
726} ExifDataTypeMakerNote;
727
728/*! If MakerNote is recognized, load it.
729 *
730 * \param[in,out] data #ExifData
731 * \param[in] d pointer to raw EXIF data
732 * \param[in] ds length of data at d
733 */
734static void
735interpret_maker_note(ExifData *data, const unsigned char *d, unsigned int ds)
736{
737	int mnoteid;
738	ExifEntry* e = exif_data_get_entry (data, EXIF_TAG_MAKER_NOTE);
739	if (!e)
740		return;
741
742	if ((mnoteid = exif_mnote_data_olympus_identify (data, e)) != 0) {
743		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG,
744			"ExifData", "Olympus MakerNote variant type %d", mnoteid);
745		data->priv->md = exif_mnote_data_olympus_new (data->priv->mem);
746
747	} else if ((mnoteid = exif_mnote_data_canon_identify (data, e)) != 0) {
748		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG,
749			"ExifData", "Canon MakerNote variant type %d", mnoteid);
750		data->priv->md = exif_mnote_data_canon_new (data->priv->mem, data->priv->options);
751
752	} else if ((mnoteid = exif_mnote_data_fuji_identify (data, e)) != 0) {
753		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG,
754			"ExifData", "Fuji MakerNote variant type %d", mnoteid);
755		data->priv->md = exif_mnote_data_fuji_new (data->priv->mem);
756
757	/* NOTE: Must do Pentax detection last because some of the
758	 * heuristics are pretty general. */
759	} else if ((mnoteid = exif_mnote_data_pentax_identify (data, e)) != 0) {
760		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG,
761			"ExifData", "Pentax MakerNote variant type %d", mnoteid);
762		data->priv->md = exif_mnote_data_pentax_new (data->priv->mem);
763	}
764
765	/*
766	 * If we are able to interpret the maker note, do so.
767	 */
768	if (data->priv->md) {
769		exif_mnote_data_log (data->priv->md, data->priv->log);
770		exif_mnote_data_set_byte_order (data->priv->md,
771						data->priv->order);
772		exif_mnote_data_set_offset (data->priv->md,
773					    data->priv->offset_mnote);
774		exif_mnote_data_load (data->priv->md, d, ds);
775	}
776}
777
778#define LOG_TOO_SMALL \
779exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA, "ExifData", \
780		_("Size of data too small to allow for EXIF data."));
781
782void
783exif_data_load_data (ExifData *data, const unsigned char *d_orig,
784		     unsigned int ds)
785{
786	unsigned int l;
787	ExifLong offset;
788	ExifShort n;
789	const unsigned char *d = d_orig;
790	unsigned int len, fullds;
791
792	if (!data || !data->priv || !d || !ds)
793		return;
794
795	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
796		  "Parsing %i byte(s) EXIF data...\n", ds);
797
798	/*
799	 * It can be that the data starts with the EXIF header. If it does
800	 * not, search the EXIF marker.
801	 */
802	if (ds < 6) {
803		LOG_TOO_SMALL;
804		return;
805	}
806	if (!memcmp (d, ExifHeader, 6)) {
807		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
808			  "Found EXIF header.");
809	} else {
810		while (ds >= 3) {
811			while (ds && (d[0] == 0xff)) {
812				d++;
813				ds--;
814			}
815
816			/* JPEG_MARKER_SOI */
817			if (ds && d[0] == JPEG_MARKER_SOI) {
818				d++;
819				ds--;
820				continue;
821			}
822
823			/* JPEG_MARKER_APP0 */
824			if (ds >= 3 && d[0] == JPEG_MARKER_APP0) {
825				d++;
826				ds--;
827				l = (d[0] << 8) | d[1];
828				if (l > ds)
829					return;
830				d += l;
831				ds -= l;
832				continue;
833			}
834
835			/* JPEG_MARKER_APP1 */
836			if (ds && d[0] == JPEG_MARKER_APP1)
837				break;
838
839			/* Unknown marker or data. Give up. */
840			exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
841				  "ExifData", _("EXIF marker not found."));
842			return;
843		}
844		if (ds < 3) {
845			LOG_TOO_SMALL;
846			return;
847		}
848		d++;
849		ds--;
850		len = (d[0] << 8) | d[1];
851		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
852			  "We have to deal with %i byte(s) of EXIF data.",
853			  len);
854		d += 2;
855		ds -= 2;
856	}
857
858	/*
859	 * Verify the exif header
860	 * (offset 2, length 6).
861	 */
862	if (ds < 6) {
863		LOG_TOO_SMALL;
864		return;
865	}
866	if (memcmp (d, ExifHeader, 6)) {
867		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
868			  "ExifData", _("EXIF header not found."));
869		return;
870	}
871
872	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
873		  "Found EXIF header.");
874
875	/* Sanity check the data length */
876	if (ds < 14)
877		return;
878
879	/* The JPEG APP1 section can be no longer than 64 KiB (including a
880	   16-bit length), so cap the data length to protect against overflow
881	   in future offset calculations */
882	fullds = ds;
883	if (ds > 0xfffe)
884		ds = 0xfffe;
885
886	/* Byte order (offset 6, length 2) */
887	if (!memcmp (d + 6, "II", 2))
888		data->priv->order = EXIF_BYTE_ORDER_INTEL;
889	else if (!memcmp (d + 6, "MM", 2))
890		data->priv->order = EXIF_BYTE_ORDER_MOTOROLA;
891	else {
892		exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
893			  "ExifData", _("Unknown encoding."));
894		return;
895	}
896
897	/* Fixed value */
898	if (exif_get_short (d + 8, data->priv->order) != 0x002a)
899		return;
900
901	/* IFD 0 offset */
902	offset = exif_get_long (d + 10, data->priv->order);
903	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
904		  "IFD 0 at %i.", (int) offset);
905
906	/* Sanity check the offset, being careful about overflow */
907	if (offset > ds || offset + 6 + 2 > ds)
908		return;
909
910	/* Parse the actual exif data (usually offset 14 from start) */
911	exif_data_load_data_content (data, EXIF_IFD_0, d + 6, ds - 6, offset, 0);
912
913	/* IFD 1 offset */
914	n = exif_get_short (d + 6 + offset, data->priv->order);
915	if (offset + 6 + 2 + 12 * n + 4 > ds)
916		return;
917
918	offset = exif_get_long (d + 6 + offset + 2 + 12 * n, data->priv->order);
919	if (offset) {
920		exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
921			  "IFD 1 at %i.", (int) offset);
922
923		/* Sanity check. */
924		if (offset > ds || offset + 6 > ds) {
925			exif_log (data->priv->log, EXIF_LOG_CODE_CORRUPT_DATA,
926				  "ExifData", "Bogus offset of IFD1.");
927		} else {
928		   exif_data_load_data_content (data, EXIF_IFD_1, d + 6, ds - 6, offset, 0);
929		}
930	}
931
932	/*
933	 * If we got an EXIF_TAG_MAKER_NOTE, try to interpret it. Some
934	 * cameras use pointers in the maker note tag that point to the
935	 * space between IFDs. Here is the only place where we have access
936	 * to that data.
937	 */
938	interpret_maker_note(data, d, fullds);
939
940	/* Fixup tags if requested */
941	if (data->priv->options & EXIF_DATA_OPTION_FOLLOW_SPECIFICATION)
942		exif_data_fix (data);
943}
944
945void
946exif_data_save_data (ExifData *data, unsigned char **d, unsigned int *ds)
947{
948	if (ds)
949		*ds = 0;	/* This means something went wrong */
950
951	if (!data || !d || !ds)
952		return;
953
954	/* Header */
955	*ds = 14;
956	*d = exif_data_alloc (data, *ds);
957	if (!*d)  {
958		*ds = 0;
959		return;
960	}
961	memcpy (*d, ExifHeader, 6);
962
963	/* Order (offset 6) */
964	if (data->priv->order == EXIF_BYTE_ORDER_INTEL) {
965		memcpy (*d + 6, "II", 2);
966	} else {
967		memcpy (*d + 6, "MM", 2);
968	}
969
970	/* Fixed value (2 bytes, offset 8) */
971	exif_set_short (*d + 8, data->priv->order, 0x002a);
972
973	/*
974	 * IFD 0 offset (4 bytes, offset 10).
975	 * We will start 8 bytes after the
976	 * EXIF header (2 bytes for order, another 2 for the test, and
977	 * 4 bytes for the IFD 0 offset make 8 bytes together).
978	 */
979	exif_set_long (*d + 10, data->priv->order, 8);
980
981	/* Now save IFD 0. IFD 1 will be saved automatically. */
982	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
983		  "Saving IFDs...");
984	exif_data_save_data_content (data, data->ifd[EXIF_IFD_0], d, ds,
985				     *ds - 6);
986	exif_log (data->priv->log, EXIF_LOG_CODE_DEBUG, "ExifData",
987		  "Saved %i byte(s) EXIF data.", *ds);
988}
989
990ExifData *
991exif_data_new_from_file (const char *path)
992{
993	ExifData *edata;
994	ExifLoader *loader;
995
996	loader = exif_loader_new ();
997	exif_loader_write_file (loader, path);
998	edata = exif_loader_get_data (loader);
999	exif_loader_unref (loader);
1000
1001	return (edata);
1002}
1003
1004void
1005exif_data_ref (ExifData *data)
1006{
1007	if (!data)
1008		return;
1009
1010	data->priv->ref_count++;
1011}
1012
1013void
1014exif_data_unref (ExifData *data)
1015{
1016	if (!data)
1017		return;
1018
1019	data->priv->ref_count--;
1020	if (!data->priv->ref_count)
1021		exif_data_free (data);
1022}
1023
1024void
1025exif_data_free (ExifData *data)
1026{
1027	unsigned int i;
1028	ExifMem *mem = (data && data->priv) ? data->priv->mem : NULL;
1029
1030	if (!data)
1031		return;
1032
1033	for (i = 0; i < EXIF_IFD_COUNT; i++) {
1034		if (data->ifd[i]) {
1035			exif_content_unref (data->ifd[i]);
1036			data->ifd[i] = NULL;
1037		}
1038	}
1039
1040	if (data->data) {
1041		exif_mem_free (mem, data->data);
1042		data->data = NULL;
1043	}
1044
1045	if (data->priv) {
1046		if (data->priv->log) {
1047			exif_log_unref (data->priv->log);
1048			data->priv->log = NULL;
1049		}
1050		if (data->priv->md) {
1051			exif_mnote_data_unref (data->priv->md);
1052			data->priv->md = NULL;
1053		}
1054		exif_mem_free (mem, data->priv);
1055		exif_mem_free (mem, data);
1056	}
1057
1058	exif_mem_unref (mem);
1059}
1060
1061void
1062exif_data_dump (ExifData *data)
1063{
1064	unsigned int i;
1065
1066	if (!data)
1067		return;
1068
1069	for (i = 0; i < EXIF_IFD_COUNT; i++) {
1070		if (data->ifd[i] && data->ifd[i]->count) {
1071			printf ("Dumping IFD '%s'...\n",
1072				exif_ifd_get_name (i));
1073			exif_content_dump (data->ifd[i], 0);
1074		}
1075	}
1076
1077	if (data->data) {
1078		printf ("%i byte(s) thumbnail data available.", data->size);
1079		if (data->size >= 4) {
1080			printf ("0x%02x 0x%02x ... 0x%02x 0x%02x\n",
1081				data->data[0], data->data[1],
1082				data->data[data->size - 2],
1083				data->data[data->size - 1]);
1084		}
1085	}
1086}
1087
1088ExifByteOrder
1089exif_data_get_byte_order (ExifData *data)
1090{
1091	if (!data)
1092		return (0);
1093
1094	return (data->priv->order);
1095}
1096
1097void
1098exif_data_foreach_content (ExifData *data, ExifDataForeachContentFunc func,
1099			   void *user_data)
1100{
1101	unsigned int i;
1102
1103	if (!data || !func)
1104		return;
1105
1106	for (i = 0; i < EXIF_IFD_COUNT; i++)
1107		func (data->ifd[i], user_data);
1108}
1109
1110typedef struct _ByteOrderChangeData ByteOrderChangeData;
1111struct _ByteOrderChangeData {
1112	ExifByteOrder old, new;
1113};
1114
1115static void
1116entry_set_byte_order (ExifEntry *e, void *data)
1117{
1118	ByteOrderChangeData *d = data;
1119
1120	if (!e)
1121		return;
1122
1123	exif_array_set_byte_order (e->format, e->data, e->components, d->old, d->new);
1124}
1125
1126static void
1127content_set_byte_order (ExifContent *content, void *data)
1128{
1129	exif_content_foreach_entry (content, entry_set_byte_order, data);
1130}
1131
1132void
1133exif_data_set_byte_order (ExifData *data, ExifByteOrder order)
1134{
1135	ByteOrderChangeData d;
1136
1137	if (!data || (order == data->priv->order))
1138		return;
1139
1140	d.old = data->priv->order;
1141	d.new = order;
1142	exif_data_foreach_content (data, content_set_byte_order, &d);
1143	data->priv->order = order;
1144	if (data->priv->md)
1145		exif_mnote_data_set_byte_order (data->priv->md, order);
1146}
1147
1148void
1149exif_data_log (ExifData *data, ExifLog *log)
1150{
1151	unsigned int i;
1152
1153	if (!data || !data->priv)
1154		return;
1155	exif_log_unref (data->priv->log);
1156	data->priv->log = log;
1157	exif_log_ref (log);
1158
1159	for (i = 0; i < EXIF_IFD_COUNT; i++)
1160		exif_content_log (data->ifd[i], log);
1161}
1162
1163/* Used internally within libexif */
1164ExifLog *exif_data_get_log (ExifData *);
1165ExifLog *
1166exif_data_get_log (ExifData *data)
1167{
1168	if (!data || !data->priv)
1169		return NULL;
1170	return data->priv->log;
1171}
1172
1173static const struct {
1174	ExifDataOption option;
1175	const char *name;
1176	const char *description;
1177} exif_data_option[] = {
1178	{EXIF_DATA_OPTION_IGNORE_UNKNOWN_TAGS, N_("Ignore unknown tags"),
1179	 N_("Ignore unknown tags when loading EXIF data.")},
1180	{EXIF_DATA_OPTION_FOLLOW_SPECIFICATION, N_("Follow specification"),
1181	 N_("Add, correct and remove entries to get EXIF data that follows "
1182	    "the specification.")},
1183	{EXIF_DATA_OPTION_DONT_CHANGE_MAKER_NOTE, N_("Do not change maker note"),
1184	 N_("When loading and resaving Exif data, save the maker note unmodified."
1185	    " Be aware that the maker note can get corrupted.")},
1186	{0, NULL, NULL}
1187};
1188
1189const char *
1190exif_data_option_get_name (ExifDataOption o)
1191{
1192	unsigned int i;
1193
1194	for (i = 0; exif_data_option[i].name; i++)
1195		if (exif_data_option[i].option == o)
1196			break;
1197	return _(exif_data_option[i].name);
1198}
1199
1200const char *
1201exif_data_option_get_description (ExifDataOption o)
1202{
1203	unsigned int i;
1204
1205	for (i = 0; exif_data_option[i].description; i++)
1206		if (exif_data_option[i].option == o)
1207			break;
1208	return _(exif_data_option[i].description);
1209}
1210
1211void
1212exif_data_set_option (ExifData *d, ExifDataOption o)
1213{
1214	if (!d)
1215		return;
1216
1217	d->priv->options |= o;
1218}
1219
1220void
1221exif_data_unset_option (ExifData *d, ExifDataOption o)
1222{
1223	if (!d)
1224		return;
1225
1226	d->priv->options &= ~o;
1227}
1228
1229static void
1230fix_func (ExifContent *c, void *UNUSED(data))
1231{
1232	switch (exif_content_get_ifd (c)) {
1233	case EXIF_IFD_1:
1234		if (c->parent->data)
1235			exif_content_fix (c);
1236		else if (c->count) {
1237			exif_log (c->parent->priv->log, EXIF_LOG_CODE_DEBUG, "exif-data",
1238				  "No thumbnail but entries on thumbnail. These entries have been "
1239				  "removed.");
1240			while (c->count) {
1241				unsigned int cnt = c->count;
1242				exif_content_remove_entry (c, c->entries[c->count - 1]);
1243				if (cnt == c->count) {
1244					/* safety net */
1245					exif_log (c->parent->priv->log, EXIF_LOG_CODE_DEBUG, "exif-data",
1246					"failed to remove last entry from entries.");
1247					c->count--;
1248				}
1249			}
1250		}
1251		break;
1252	default:
1253		exif_content_fix (c);
1254	}
1255}
1256
1257void
1258exif_data_fix (ExifData *d)
1259{
1260	exif_data_foreach_content (d, fix_func, NULL);
1261}
1262
1263void
1264exif_data_set_data_type (ExifData *d, ExifDataType dt)
1265{
1266	if (!d || !d->priv)
1267		return;
1268
1269	d->priv->data_type = dt;
1270}
1271
1272ExifDataType
1273exif_data_get_data_type (ExifData *d)
1274{
1275	return (d && d->priv) ? d->priv->data_type : EXIF_DATA_TYPE_UNKNOWN;
1276}
1277