18 lines
632 B
Diff
18 lines
632 B
Diff
--- tiff-4.0.6/libtiff/tif_pixarlog.c 2015-08-29 00:16:22.630733284 +0200
|
|
+++ tiff-4.0.6/libtiff/tif_pixarlog.c 2016-09-01 16:12:07.226933631 +0200
|
|
@@ -1131,6 +1131,13 @@
|
|
}
|
|
|
|
llen = sp->stride * td->td_imagewidth;
|
|
+ /* Check against the number of elements (of size uint16) of sp->tbuf */
|
|
+ if( n > (tmsize_t)(td->td_rowsperstrip * llen) )
|
|
+ {
|
|
+ TIFFErrorExt(tif->tif_clientdata, module,
|
|
+ "Too many input bytes provided");
|
|
+ return 0;
|
|
+ }
|
|
|
|
for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) {
|
|
switch (sp->user_datafmt) {
|
|
Only in tiff-4.0.6/libtiff: tif_pixarlog.c.orig
|