42 lines
1.4 KiB
Diff
42 lines
1.4 KiB
Diff
|
--- libtiff/tif_lzw.c
|
||
|
|
+++ libtiff/tif_lzw.c
|
||
|
|
@@ -237,6 +237,11 @@
|
||
|
|
sp->dec_codetab[code].length = 1;
|
||
|
|
sp->dec_codetab[code].next = NULL;
|
||
|
|
} while (code--);
|
||
|
|
+ /*
|
||
|
|
+ * Zero-out the unused entries
|
||
|
|
+ */
|
||
|
|
+ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
|
||
|
|
+ (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
|
||
|
|
}
|
||
|
|
return (1);
|
||
|
|
}
|
||
|
|
@@ -416,6 +421,13 @@
|
||
|
|
NextCode(tif, sp, bp, code, GetNextCode);
|
||
|
|
if (code == CODE_EOI)
|
||
|
|
break;
|
||
|
|
+
|
||
|
|
+ if (code == CODE_CLEAR) {
|
||
|
|
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
|
||
|
|
+ "LZWDecode: Corrupted LZW table at scanline %d",
|
||
|
|
+ tif->tif_row);
|
||
|
|
+ return (0);
|
||
|
|
+ }
|
||
|
|
*op++ = (char)code, occ--;
|
||
|
|
oldcodep = sp->dec_codetab + code;
|
||
|
|
continue;
|
||
|
|
@@ -613,6 +625,12 @@
|
||
|
|
NextCode(tif, sp, bp, code, GetNextCodeCompat);
|
||
|
|
if (code == CODE_EOI)
|
||
|
|
break;
|
||
|
|
+ if (code == CODE_CLEAR) {
|
||
|
|
+ TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
|
||
|
|
+ "LZWDecode: Corrupted LZW table at scanline %d",
|
||
|
|
+ tif->tif_row);
|
||
|
|
+ return (0);
|
||
|
|
+ }
|
||
|
|
*op++ = code, occ--;
|
||
|
|
oldcodep = sp->dec_codetab + code;
|
||
|
|
continue;
|