[imager.git] / limits.c

/*
=head1 NAME

limits.c - manages data/functions for limiting the sizes of images read from files.

=head1 SYNOPSIS

  // user code
  if (!i_set_image_file_limits(max_width, max_height, max_bytes)) {
    // error
  }
  i_get_image_file_limits(&max_width, &max_height, &max_bytes);

  // file reader implementations
  if (!i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t))) {
    // error handling
  }

=head1 DESCRIPTION

Manage limits for image files read by Imager.

Setting a value of zero means that limit will be ignored.

=over

=cut
 */

#define IMAGER_NO_CONTEXT
#include "imageri.h"

/*
=item im_set_image_file_limits(ctx, width, height, bytes)
X<im_set_image_file_limits API>X<i_set_image_file_limits API>
=category Files
=synopsis im_set_image_file_limits(aIMCTX, 500, 500, 1000000);
=synopsis i_set_image_file_limits(500, 500, 1000000);

Set limits on the sizes of images read by Imager.

Setting a limit to 0 means that limit is ignored.

Negative limits result in failure.

Parameters:

=over

=item *

i_img_dim width, height - maximum width and height.

=item *

size_t bytes - maximum size in memory in bytes.  A value of zero sets
this limit to one gigabyte.

=back

Returns non-zero on success.

Also callable as C<i_set_image_file_limits(width, height, bytes)>.

=cut
*/

int
im_set_image_file_limits(pIMCTX, i_img_dim width, i_img_dim height, size_t bytes) {
  i_clear_error();

  if (width < 0) {
    i_push_error(0, "width must be non-negative");
    return 0;
  }
  if (height < 0) {
    i_push_error(0, "height must be non-negative");
    return 0;
  }
  if (bytes < 0) {
    i_push_error(0, "bytes must be non-negative");
    return 0;
  }

  aIMCTX->max_width = width;
  aIMCTX->max_height = height;
  aIMCTX->max_bytes = bytes ? bytes : DEF_BYTES_LIMIT;

  return 1;
}

/*
=item im_get_image_file_limits(ctx, &width, &height, &bytes)
X<im_get_image_file_limits API>X<i_get_image_file_limits>
=category Files
=synopsis im_get_image_file_limits(aIMCTX, &width, &height, &bytes)
=synopsis i_get_image_file_limits(&width, &height, &bytes)

Retrieves the file limits set by i_set_image_file_limits().

=over

=item *

i_img_dim *width, *height - the maximum width and height of the image.

=item *

size_t *bytes - size in memory of the image in bytes.

=back

Also callable as C<i_get_image_file_limits(&width, &height, &bytes)>.

=cut
*/

int
im_get_image_file_limits(pIMCTX, i_img_dim *width, i_img_dim *height, size_t *bytes) {
  im_clear_error(aIMCTX);

  *width = aIMCTX->max_width;
  *height = aIMCTX->max_height;
  *bytes = aIMCTX->max_bytes;

  return 1;
}

/*
=item im_int_check_image_file_limits(width, height, channels, sample_size)
X<im_int_check_image_file_limits API>X<i_int_check_image_file_limits>
=category Files
=synopsis im_int_check_image_file_limits(aIMCTX, width, height, channels, sizeof(i_sample_t))
=synopsis i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t))

Checks the size of a file in memory against the configured image file
limits.

This also range checks the values to those permitted by Imager and
checks for overflows in calculating the size.

Returns non-zero if the file is within limits.

This function is intended to be called by image file read functions.

Also callable as C<i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t)>.

=cut
*/

int
im_int_check_image_file_limits(pIMCTX, i_img_dim width, i_img_dim height, int channels, size_t sample_size) {
  size_t bytes;
  im_clear_error(aIMCTX);
  
  if (width <= 0) {
    im_push_errorf(aIMCTX, 0, "file size limit - image width of %" i_DF " is not positive",
		  i_DFc(width));
    return 0;
  }
  if (aIMCTX->max_width && width > aIMCTX->max_width) {
    im_push_errorf(aIMCTX, 0, "file size limit - image width of %" i_DF " exceeds limit of %" i_DF,
		  i_DFc(width), i_DFc(aIMCTX->max_width));
    return 0;
  }

  if (height <= 0) {
    im_push_errorf(aIMCTX, 0, "file size limit - image height of %" i_DF " is not positive",
		  i_DFc(height));
    return 0;
  }

  if (aIMCTX->max_height && height > aIMCTX->max_height) {
    im_push_errorf(aIMCTX, 0, "file size limit - image height of %" i_DF
		  " exceeds limit of %" i_DF, i_DFc(height), i_DFc(aIMCTX->max_height));
    return 0;
  }

  if (channels < 1 || channels > MAXCHANNELS) {
    im_push_errorf(aIMCTX, 0, "file size limit - channels %d out of range",
		  channels);
    return 0;
  }
  
  if (sample_size < 1 || sample_size > sizeof(long double)) {
    im_push_errorf(aIMCTX, 0, "file size limit - sample_size %ld out of range",
		  (long)sample_size);
    return 0;
  }

  /* This overflow check is a bit more paranoid than usual.
     We don't protect it under max_bytes since we always want to check 
     for overflow.
  */
  bytes = width * height * channels * sample_size;
  if (bytes / width != height * channels * sample_size
      || bytes / height != width * channels * sample_size) {
    im_push_error(aIMCTX, 0, "file size limit - integer overflow calculating storage");
    return 0;
  }
  if (aIMCTX->max_bytes) {
    if (bytes > aIMCTX->max_bytes) {
      im_push_errorf(aIMCTX, 0, "file size limit - storage size of %lu "
		    "exceeds limit of %lu", (unsigned long)bytes,
		    (unsigned long)aIMCTX->max_bytes);
      return 0;
    }
  }

  return 1;
}
Commit	Line	Data
77157728 TC	1	/*
	2	=head1 NAME
	3
	4	limits.c - manages data/functions for limiting the sizes of images read from files.
	5
	6	=head1 SYNOPSIS
	7
	8	// user code
	9	if (!i_set_image_file_limits(max_width, max_height, max_bytes)) {
	10	// error
	11	}
	12	i_get_image_file_limits(&max_width, &max_height, &max_bytes);
	13
	14	// file reader implementations
	15	if (!i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t))) {
	16	// error handling
	17	}
	18
	19	=head1 DESCRIPTION
	20
	21	Manage limits for image files read by Imager.
	22
	23	Setting a value of zero means that limit will be ignored.
12db268a TC	24
	25	=over
	26
	27	=cut
77157728 TC	28	*/
77157728 TC	29
d896d49c	30	#define IMAGER_NO_CONTEXT
92bda632	31	#include "imageri.h"
77157728	32
87deb14c	33	/*
abffffed TC	34	=item im_set_image_file_limits(ctx, width, height, bytes)
abffffed TC	35	X<im_set_image_file_limits API>X<i_set_image_file_limits API>
87deb14c	36	=category Files
abffffed	37	=synopsis im_set_image_file_limits(aIMCTX, 500, 500, 1000000);
87deb14c TC	38	=synopsis i_set_image_file_limits(500, 500, 1000000);
	39
	40	Set limits on the sizes of images read by Imager.
	41
	42	Setting a limit to 0 means that limit is ignored.
	43
	44	Negative limits result in failure.
	45
8d14daab TC	46	Parameters:
	47
	48	=over
	49
	50	=item *
	51
	52	i_img_dim width, height - maximum width and height.
	53
	54	=item *
	55
85cae6e7 TC	56	size_t bytes - maximum size in memory in bytes. A value of zero sets
85cae6e7 TC	57	this limit to one gigabyte.
8d14daab TC	58
	59	=back
	60
87deb14c TC	61	Returns non-zero on success.
87deb14c TC	62
abffffed TC	63	Also callable as C<i_set_image_file_limits(width, height, bytes)>.
abffffed TC	64
87deb14c TC	65	=cut
	66	*/
	67
77157728	68	int
d896d49c	69	im_set_image_file_limits(pIMCTX, i_img_dim width, i_img_dim height, size_t bytes) {
77157728 TC	70	i_clear_error();
	71
	72	if (width < 0) {
	73	i_push_error(0, "width must be non-negative");
	74	return 0;
	75	}
	76	if (height < 0) {
	77	i_push_error(0, "height must be non-negative");
	78	return 0;
	79	}
	80	if (bytes < 0) {
	81	i_push_error(0, "bytes must be non-negative");
	82	return 0;
	83	}
	84
d896d49c TC	85	aIMCTX->max_width = width;
	86	aIMCTX->max_height = height;
	87	aIMCTX->max_bytes = bytes ? bytes : DEF_BYTES_LIMIT;
77157728 TC	88
	89	return 1;
	90	}
	91
87deb14c	92	/*
abffffed TC	93	=item im_get_image_file_limits(ctx, &width, &height, &bytes)
abffffed TC	94	X<im_get_image_file_limits API>X<i_get_image_file_limits>
87deb14c	95	=category Files
abffffed	96	=synopsis im_get_image_file_limits(aIMCTX, &width, &height, &bytes)
87deb14c TC	97	=synopsis i_get_image_file_limits(&width, &height, &bytes)
	98
	99	Retrieves the file limits set by i_set_image_file_limits().
	100
8d14daab TC	101	=over
	102
	103	=item *
	104
	105	i_img_dim width, height - the maximum width and height of the image.
	106
	107	=item *
	108
	109	size_t *bytes - size in memory of the image in bytes.
	110
	111	=back
	112
abffffed TC	113	Also callable as C<i_get_image_file_limits(&width, &height, &bytes)>.
abffffed TC	114
87deb14c TC	115	=cut
	116	*/
	117
77157728	118	int
d896d49c TC	119	im_get_image_file_limits(pIMCTX, i_img_dim width, i_img_dim height, size_t *bytes) {
d896d49c TC	120	im_clear_error(aIMCTX);
77157728	121
d896d49c TC	122	*width = aIMCTX->max_width;
	123	*height = aIMCTX->max_height;
	124	*bytes = aIMCTX->max_bytes;
77157728 TC	125
	126	return 1;
	127	}
	128
87deb14c	129	/*
abffffed TC	130	=item im_int_check_image_file_limits(width, height, channels, sample_size)
abffffed TC	131	X<im_int_check_image_file_limits API>X<i_int_check_image_file_limits>
87deb14c	132	=category Files
abffffed TC	133	=synopsis im_int_check_image_file_limits(aIMCTX, width, height, channels, sizeof(i_sample_t))
abffffed TC	134	=synopsis i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t))
87deb14c TC	135
	136	Checks the size of a file in memory against the configured image file
	137	limits.
	138
	139	This also range checks the values to those permitted by Imager and
	140	checks for overflows in calculating the size.
	141
	142	Returns non-zero if the file is within limits.
	143
	144	This function is intended to be called by image file read functions.
	145
abffffed TC	146	Also callable as C<i_int_check_image_file_limits(width, height, channels, sizeof(i_sample_t)>.
abffffed TC	147
87deb14c TC	148	=cut
	149	*/
	150
77157728	151	int
d896d49c	152	im_int_check_image_file_limits(pIMCTX, i_img_dim width, i_img_dim height, int channels, size_t sample_size) {
8d14daab	153	size_t bytes;
d896d49c	154	im_clear_error(aIMCTX);
77157728 TC	155
77157728 TC	156	if (width <= 0) {
d896d49c	157	im_push_errorf(aIMCTX, 0, "file size limit - image width of %" i_DF " is not positive",
8d14daab	158	i_DFc(width));
77157728 TC	159	return 0;
77157728 TC	160	}
d896d49c TC	161	if (aIMCTX->max_width && width > aIMCTX->max_width) {
	162	im_push_errorf(aIMCTX, 0, "file size limit - image width of %" i_DF " exceeds limit of %" i_DF,
	163	i_DFc(width), i_DFc(aIMCTX->max_width));
77157728 TC	164	return 0;
	165	}
	166
	167	if (height <= 0) {
d896d49c	168	im_push_errorf(aIMCTX, 0, "file size limit - image height of %" i_DF " is not positive",
8d14daab	169	i_DFc(height));
77157728 TC	170	return 0;
	171	}
	172
d896d49c TC	173	if (aIMCTX->max_height && height > aIMCTX->max_height) {
	174	im_push_errorf(aIMCTX, 0, "file size limit - image height of %" i_DF
	175	" exceeds limit of %" i_DF, i_DFc(height), i_DFc(aIMCTX->max_height));
77157728 TC	176	return 0;
	177	}
	178
	179	if (channels < 1 \|\| channels > MAXCHANNELS) {
d896d49c	180	im_push_errorf(aIMCTX, 0, "file size limit - channels %d out of range",
77157728 TC	181	channels);
	182	return 0;
	183	}
	184
	185	if (sample_size < 1 \|\| sample_size > sizeof(long double)) {
d896d49c	186	im_push_errorf(aIMCTX, 0, "file size limit - sample_size %ld out of range",
8d14daab	187	(long)sample_size);
77157728 TC	188	return 0;
	189	}
	190
	191	/* This overflow check is a bit more paranoid than usual.
	192	We don't protect it under max_bytes since we always want to check
	193	for overflow.
	194	*/
5caa40a6	195	bytes = width * height * channels * sample_size;
77157728 TC	196	if (bytes / width != height * channels * sample_size
77157728 TC	197	\|\| bytes / height != width * channels * sample_size) {
d896d49c	198	im_push_error(aIMCTX, 0, "file size limit - integer overflow calculating storage");
77157728 TC	199	return 0;
77157728 TC	200	}
d896d49c TC	201	if (aIMCTX->max_bytes) {
	202	if (bytes > aIMCTX->max_bytes) {
	203	im_push_errorf(aIMCTX, 0, "file size limit - storage size of %lu "
8d14daab	204	"exceeds limit of %lu", (unsigned long)bytes,
d896d49c	205	(unsigned long)aIMCTX->max_bytes);
77157728 TC	206	return 0;
	207	}
	208	}
	209
	210	return 1;
	211	}