[imager.git] / limits.c

/*
=head1 NAME

limits.c - manages data/functions for limiting the sizes of images read from files.

=head1 SYNOPSIS

  // user code
  if (!i_set_image_file_limits(max_width, max_height, max_bytes)) {
    // error
  }
  i_get_image_file_limits(&max_width, &max_height, &max_bytes);

  // file reader implementations
  if (!i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t))) {
    // error handling
  }

=head1 DESCRIPTION

Manage limits for image files read by Imager.

Setting a value of zero means that limit will be ignored.
  
 */

#include "imageri.h"

/*
=item i_set_image_file_limits(width, height, bytes)

=category Files
=synopsis i_set_image_file_limits(500, 500, 1000000);

Set limits on the sizes of images read by Imager.

Setting a limit to 0 means that limit is ignored.

Negative limits result in failure.

Parameters:

=over

=item *

i_img_dim width, height - maximum width and height.

=item *

size_t bytes - maximum size in memory in bytes.  A value of zero sets
this limit to one gigabyte.

=back

Returns non-zero on success.

=cut
*/

int
im_set_image_file_limits(im_context_t ctx, i_img_dim width, i_img_dim height, size_t bytes) {
  i_clear_error();

  if (width < 0) {
    i_push_error(0, "width must be non-negative");
    return 0;
  }
  if (height < 0) {
    i_push_error(0, "height must be non-negative");
    return 0;
  }
  if (bytes < 0) {
    i_push_error(0, "bytes must be non-negative");
    return 0;
  }

  ctx->max_width = width;
  ctx->max_height = height;
  ctx->max_bytes = bytes ? bytes : DEF_BYTES_LIMIT;

  return 1;
}

/*
=item i_get_image_file_limits(&width, &height, &bytes)

=category Files
=synopsis i_get_image_file_limits(&width, &height, &bytes)

Retrieves the file limits set by i_set_image_file_limits().

=over

=item *

i_img_dim *width, *height - the maximum width and height of the image.

=item *

size_t *bytes - size in memory of the image in bytes.

=back

=cut
*/

int
im_get_image_file_limits(im_context_t ctx, i_img_dim *width, i_img_dim *height, size_t *bytes) {
  im_clear_error(ctx);

  *width = ctx->max_width;
  *height = ctx->max_height;
  *bytes = ctx->max_bytes;

  return 1;
}

/*
=item i_int_check_image_file_limits(width, height, channels, sample_size)

=category Files
=synopsis i_i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t))

Checks the size of a file in memory against the configured image file
limits.

This also range checks the values to those permitted by Imager and
checks for overflows in calculating the size.

Returns non-zero if the file is within limits.

This function is intended to be called by image file read functions.

=cut
*/

int
im_int_check_image_file_limits(im_context_t ctx, i_img_dim width, i_img_dim height, int channels, size_t sample_size) {
  size_t bytes;
  im_clear_error(ctx);
  
  if (width <= 0) {
    im_push_errorf(ctx, 0, "file size limit - image width of %" i_DF " is not positive",
		  i_DFc(width));
    return 0;
  }
  if (ctx->max_width && width > ctx->max_width) {
    im_push_errorf(ctx, 0, "file size limit - image width of %" i_DF " exceeds limit of %" i_DF,
		  i_DFc(width), i_DFc(ctx->max_width));
    return 0;
  }

  if (height <= 0) {
    im_push_errorf(ctx, 0, "file size limit - image height of %" i_DF " is not positive",
		  i_DFc(height));
    return 0;
  }

  if (ctx->max_height && height > ctx->max_height) {
    im_push_errorf(ctx, 0, "file size limit - image height of %" i_DF
		  " exceeds limit of %" i_DF, i_DFc(height), i_DFc(ctx->max_height));
    return 0;
  }

  if (channels < 1 || channels > MAXCHANNELS) {
    im_push_errorf(ctx, 0, "file size limit - channels %d out of range",
		  channels);
    return 0;
  }
  
  if (sample_size < 1 || sample_size > sizeof(long double)) {
    im_push_errorf(ctx, 0, "file size limit - sample_size %ld out of range",
		  (long)sample_size);
    return 0;
  }

  /* This overflow check is a bit more paranoid than usual.
     We don't protect it under max_bytes since we always want to check 
     for overflow.
  */
  bytes = width * height * channels * sample_size;
  if (bytes / width != height * channels * sample_size
      || bytes / height != width * channels * sample_size) {
    i_push_error(0, "file size limit - integer overflow calculating storage");
    return 0;
  }
  if (ctx->max_bytes) {
    if (bytes > ctx->max_bytes) {
      im_push_errorf(ctx, 0, "file size limit - storage size of %lu "
		    "exceeds limit of %lu", (unsigned long)bytes,
		    (unsigned long)ctx->max_bytes);
      return 0;
    }
  }

  return 1;
}
Commit	Line	Data
77157728 TC	1	/*
	2	=head1 NAME
	3
	4	limits.c - manages data/functions for limiting the sizes of images read from files.
	5
	6	=head1 SYNOPSIS
	7
	8	// user code
	9	if (!i_set_image_file_limits(max_width, max_height, max_bytes)) {
	10	// error
	11	}
	12	i_get_image_file_limits(&max_width, &max_height, &max_bytes);
	13
	14	// file reader implementations
	15	if (!i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t))) {
	16	// error handling
	17	}
	18
	19	=head1 DESCRIPTION
	20
	21	Manage limits for image files read by Imager.
	22
	23	Setting a value of zero means that limit will be ignored.
	24
	25	*/
	26
92bda632	27	#include "imageri.h"
77157728	28
87deb14c	29	/*
d03fd5a4 TC	30	=item i_set_image_file_limits(width, height, bytes)
d03fd5a4 TC	31
87deb14c TC	32	=category Files
	33	=synopsis i_set_image_file_limits(500, 500, 1000000);
	34
	35	Set limits on the sizes of images read by Imager.
	36
	37	Setting a limit to 0 means that limit is ignored.
	38
	39	Negative limits result in failure.
	40
8d14daab TC	41	Parameters:
	42
	43	=over
	44
	45	=item *
	46
	47	i_img_dim width, height - maximum width and height.
	48
	49	=item *
	50
85cae6e7 TC	51	size_t bytes - maximum size in memory in bytes. A value of zero sets
85cae6e7 TC	52	this limit to one gigabyte.
8d14daab TC	53
	54	=back
	55
87deb14c TC	56	Returns non-zero on success.
	57
	58	=cut
	59	*/
	60
77157728	61	int
44d86483	62	im_set_image_file_limits(im_context_t ctx, i_img_dim width, i_img_dim height, size_t bytes) {
77157728 TC	63	i_clear_error();
	64
	65	if (width < 0) {
	66	i_push_error(0, "width must be non-negative");
	67	return 0;
	68	}
	69	if (height < 0) {
	70	i_push_error(0, "height must be non-negative");
	71	return 0;
	72	}
	73	if (bytes < 0) {
	74	i_push_error(0, "bytes must be non-negative");
	75	return 0;
	76	}
	77
44d86483 TC	78	ctx->max_width = width;
	79	ctx->max_height = height;
	80	ctx->max_bytes = bytes ? bytes : DEF_BYTES_LIMIT;
77157728 TC	81
	82	return 1;
	83	}
	84
87deb14c	85	/*
d03fd5a4 TC	86	=item i_get_image_file_limits(&width, &height, &bytes)
d03fd5a4 TC	87
87deb14c TC	88	=category Files
	89	=synopsis i_get_image_file_limits(&width, &height, &bytes)
	90
	91	Retrieves the file limits set by i_set_image_file_limits().
	92
8d14daab TC	93	=over
	94
	95	=item *
	96
	97	i_img_dim width, height - the maximum width and height of the image.
	98
	99	=item *
	100
	101	size_t *bytes - size in memory of the image in bytes.
	102
	103	=back
	104
87deb14c TC	105	=cut
	106	*/
	107
77157728	108	int
44d86483 TC	109	im_get_image_file_limits(im_context_t ctx, i_img_dim width, i_img_dim height, size_t *bytes) {
44d86483 TC	110	im_clear_error(ctx);
77157728	111
44d86483 TC	112	*width = ctx->max_width;
	113	*height = ctx->max_height;
	114	*bytes = ctx->max_bytes;
77157728 TC	115
	116	return 1;
	117	}
	118
87deb14c	119	/*
d03fd5a4 TC	120	=item i_int_check_image_file_limits(width, height, channels, sample_size)
d03fd5a4 TC	121
87deb14c	122	=category Files
d03fd5a4	123	=synopsis i_i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t))
87deb14c TC	124
	125	Checks the size of a file in memory against the configured image file
	126	limits.
	127
	128	This also range checks the values to those permitted by Imager and
	129	checks for overflows in calculating the size.
	130
	131	Returns non-zero if the file is within limits.
	132
	133	This function is intended to be called by image file read functions.
	134
	135	=cut
	136	*/
	137
77157728	138	int
44d86483	139	im_int_check_image_file_limits(im_context_t ctx, i_img_dim width, i_img_dim height, int channels, size_t sample_size) {
8d14daab	140	size_t bytes;
44d86483	141	im_clear_error(ctx);
77157728 TC	142
77157728 TC	143	if (width <= 0) {
44d86483	144	im_push_errorf(ctx, 0, "file size limit - image width of %" i_DF " is not positive",
8d14daab	145	i_DFc(width));
77157728 TC	146	return 0;
77157728 TC	147	}
44d86483 TC	148	if (ctx->max_width && width > ctx->max_width) {
	149	im_push_errorf(ctx, 0, "file size limit - image width of %" i_DF " exceeds limit of %" i_DF,
	150	i_DFc(width), i_DFc(ctx->max_width));
77157728 TC	151	return 0;
	152	}
	153
	154	if (height <= 0) {
44d86483	155	im_push_errorf(ctx, 0, "file size limit - image height of %" i_DF " is not positive",
8d14daab	156	i_DFc(height));
77157728 TC	157	return 0;
	158	}
	159
44d86483 TC	160	if (ctx->max_height && height > ctx->max_height) {
	161	im_push_errorf(ctx, 0, "file size limit - image height of %" i_DF
	162	" exceeds limit of %" i_DF, i_DFc(height), i_DFc(ctx->max_height));
77157728 TC	163	return 0;
	164	}
	165
	166	if (channels < 1 \|\| channels > MAXCHANNELS) {
44d86483	167	im_push_errorf(ctx, 0, "file size limit - channels %d out of range",
77157728 TC	168	channels);
	169	return 0;
	170	}
	171
	172	if (sample_size < 1 \|\| sample_size > sizeof(long double)) {
44d86483	173	im_push_errorf(ctx, 0, "file size limit - sample_size %ld out of range",
8d14daab	174	(long)sample_size);
77157728 TC	175	return 0;
	176	}
	177
	178	/* This overflow check is a bit more paranoid than usual.
	179	We don't protect it under max_bytes since we always want to check
	180	for overflow.
	181	*/
5caa40a6	182	bytes = width * height * channels * sample_size;
77157728 TC	183	if (bytes / width != height * channels * sample_size
77157728 TC	184	\|\| bytes / height != width * channels * sample_size) {
d03fd5a4	185	i_push_error(0, "file size limit - integer overflow calculating storage");
77157728 TC	186	return 0;
77157728 TC	187	}
44d86483 TC	188	if (ctx->max_bytes) {
	189	if (bytes > ctx->max_bytes) {
	190	im_push_errorf(ctx, 0, "file size limit - storage size of %lu "
8d14daab	191	"exceeds limit of %lu", (unsigned long)bytes,
44d86483	192	(unsigned long)ctx->max_bytes);
77157728 TC	193	return 0;
	194	}
	195	}
	196
	197	return 1;
	198	}