The Tor Browser: image/decoders/iccjpeg.c@ac0c01689b40 (annotated)

image/decoders/iccjpeg.c@ac0c01689b40 (annotated)

image/decoders/iccjpeg.c

Thu, 15 Jan 2015 15:59:08 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Thu, 15 Jan 2015 15:59:08 +0100
branch: TOR_BUG_9701
changeset 10: ac0c01689b40
permissions: -rw-r--r--

Implement a real Private Browsing Mode condition by changing the API/ABI;
This solves Tor bug #9701, complying with disk avoidance documented in
https://www.torproject.org/projects/torbrowser/design/#disk-avoidance.

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * iccprofile.c
  *
  * This file provides code to read and write International Color Consortium
  * (ICC) device profiles embedded in JFIF JPEG image files.  The ICC has
  * defined a standard format for including such data in JPEG "APP2" markers.
  * The code given here does not know anything about the internal structure
  * of the ICC profile data; it just knows how to put the profile data into
  * a JPEG file being written, or get it back out when reading.
  *
  * This code depends on new features added to the IJG JPEG library as of
  * IJG release 6b; it will not compile or work with older IJG versions.
  *
  * NOTE: this code would need surgery to work on 16-bit-int machines
  * with ICC profiles exceeding 64K bytes in size.  If you need to do that,
  * change all the "unsigned int" variables to "INT32".  You'll also need
  * to find a malloc() replacement that can allocate more than 64K.
  */
 #include "iccjpeg.h"
 #include <stdlib.h>			/* define malloc() */
 /*
  * Since an ICC profile can be larger than the maximum size of a JPEG marker
  * (64K), we need provisions to split it into multiple markers.  The format
  * defined by the ICC specifies one or more APP2 markers containing the
  * following data:
  *	Identifying string	ASCII "ICC_PROFILE\0"  (12 bytes)
  *	Marker sequence number	1 for first APP2, 2 for next, etc (1 byte)
  *	Number of markers	Total number of APP2's used (1 byte)
  *      Profile data		(remainder of APP2 data)
  * Decoders should use the marker sequence numbers to reassemble the profile,
  * rather than assuming that the APP2 markers appear in the correct sequence.
  */
 #define ICC_MARKER  (JPEG_APP0 + 2)	/* JPEG marker code for ICC */
 #define ICC_OVERHEAD_LEN  14		/* size of non-profile data in APP2 */
 #define MAX_BYTES_IN_MARKER  65533	/* maximum data len of a JPEG marker */
 #define MAX_DATA_BYTES_IN_MARKER  (MAX_BYTES_IN_MARKER - ICC_OVERHEAD_LEN)
 /*
  * Prepare for reading an ICC profile
  */
 void
 setup_read_icc_profile (j_decompress_ptr cinfo)
 {
   /* Tell the library to keep any APP2 data it may find */
   jpeg_save_markers(cinfo, ICC_MARKER, 0xFFFF);
 }
 /*
  * Handy subroutine to test whether a saved marker is an ICC profile marker.
  */
 static boolean
 marker_is_icc (jpeg_saved_marker_ptr marker)
 {
   return
     marker->marker == ICC_MARKER &&
     marker->data_length >= ICC_OVERHEAD_LEN &&
     /* verify the identifying string */
     GETJOCTET(marker->data[0]) == 0x49 &&
     GETJOCTET(marker->data[1]) == 0x43 &&
     GETJOCTET(marker->data[2]) == 0x43 &&
     GETJOCTET(marker->data[3]) == 0x5F &&
     GETJOCTET(marker->data[4]) == 0x50 &&
     GETJOCTET(marker->data[5]) == 0x52 &&
     GETJOCTET(marker->data[6]) == 0x4F &&
     GETJOCTET(marker->data[7]) == 0x46 &&
     GETJOCTET(marker->data[8]) == 0x49 &&
     GETJOCTET(marker->data[9]) == 0x4C &&
     GETJOCTET(marker->data[10]) == 0x45 &&
     GETJOCTET(marker->data[11]) == 0x0;
 }
 /*
  * See if there was an ICC profile in the JPEG file being read;
  * if so, reassemble and return the profile data.
  *
  * TRUE is returned if an ICC profile was found, FALSE if not.
  * If TRUE is returned, *icc_data_ptr is set to point to the
  * returned data, and *icc_data_len is set to its length.
  *
  * IMPORTANT: the data at **icc_data_ptr has been allocated with malloc()
  * and must be freed by the caller with free() when the caller no longer
  * needs it.  (Alternatively, we could write this routine to use the
  * IJG library's memory allocator, so that the data would be freed implicitly
  * at jpeg_finish_decompress() time.  But it seems likely that many apps
  * will prefer to have the data stick around after decompression finishes.)
  *
  * NOTE: if the file contains invalid ICC APP2 markers, we just silently
  * return FALSE.  You might want to issue an error message instead.
  */
 boolean
 read_icc_profile (j_decompress_ptr cinfo,
 		  JOCTET **icc_data_ptr,
 		  unsigned int *icc_data_len)
 {
   jpeg_saved_marker_ptr marker;
   int num_markers = 0;
   int seq_no;
   JOCTET *icc_data;
   unsigned int total_length;
 #define MAX_SEQ_NO  255		/* sufficient since marker numbers are bytes */
   char marker_present[MAX_SEQ_NO+1];	  /* 1 if marker found */
   unsigned int data_length[MAX_SEQ_NO+1]; /* size of profile data in marker */
   unsigned int data_offset[MAX_SEQ_NO+1]; /* offset for data in marker */
   *icc_data_ptr = NULL;		/* avoid confusion if FALSE return */
   *icc_data_len = 0;
   /* This first pass over the saved markers discovers whether there are
    * any ICC markers and verifies the consistency of the marker numbering.
    */
   for (seq_no = 1; seq_no <= MAX_SEQ_NO; seq_no++)
     marker_present[seq_no] = 0;
   for (marker = cinfo->marker_list; marker != NULL; marker = marker->next) {
     if (marker_is_icc(marker)) {
       if (num_markers == 0)
 	num_markers = GETJOCTET(marker->data[13]);
       else if (num_markers != GETJOCTET(marker->data[13]))
 	return FALSE;		/* inconsistent num_markers fields */
       seq_no = GETJOCTET(marker->data[12]);
       if (seq_no <= 0 || seq_no > num_markers)
 	return FALSE;		/* bogus sequence number */
       if (marker_present[seq_no])
 	return FALSE;		/* duplicate sequence numbers */
       marker_present[seq_no] = 1;
       data_length[seq_no] = marker->data_length - ICC_OVERHEAD_LEN;
     }
   }
   if (num_markers == 0)
     return FALSE;
   /* Check for missing markers, count total space needed,
    * compute offset of each marker's part of the data.
    */
   total_length = 0;
   for (seq_no = 1; seq_no <= num_markers; seq_no++) {
     if (marker_present[seq_no] == 0)
       return FALSE;		/* missing sequence number */
     data_offset[seq_no] = total_length;
     total_length += data_length[seq_no];
   }
   if (total_length <= 0)
     return FALSE;		/* found only empty markers? */
   /* Allocate space for assembled data */
   icc_data = (JOCTET *) malloc(total_length * sizeof(JOCTET));
   if (icc_data == NULL)
     return FALSE;		/* oops, out of memory */
   /* and fill it in */
   for (marker = cinfo->marker_list; marker != NULL; marker = marker->next) {
     if (marker_is_icc(marker)) {
       JOCTET FAR *src_ptr;
       JOCTET *dst_ptr;
       unsigned int length;
       seq_no = GETJOCTET(marker->data[12]);
       dst_ptr = icc_data + data_offset[seq_no];
       src_ptr = marker->data + ICC_OVERHEAD_LEN;
       length = data_length[seq_no];
       while (length--) {
 	*dst_ptr++ = *src_ptr++;
       }
     }
   }
   *icc_data_ptr = icc_data;
   *icc_data_len = total_length;
   return TRUE;
 }

The Tor Browser / annotate

image/decoders/iccjpeg.c@ac0c01689b40 (annotated)

image/decoders/iccjpeg.c