Petr Gajdos
75ad3872a9
* Add some TIFF/FX support in libtiff. * Fix bug rewriting image tiles in a compressed file. * Fix read past end of data buffer. * etc., see ChangeLog - removed upstreamed patches: * bigendian.patch * dont-fancy-upsampling.patch * CVE-2012-3401.patch - new patch: * test-jpeg-turbo.patch * CVE-2012-4564.patch [bnc#787892] OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=51
35 lines
1.1 KiB
Diff
35 lines
1.1 KiB
Diff
https://bugzilla.redhat.com/attachment.cgi?id=635949&action=diff
|
|
Index: tools/ppm2tiff.c
|
|
===================================================================
|
|
RCS file: /cvs/maptools/cvsroot/libtiff/tools/ppm2tiff.c,v
|
|
--- tools/ppm2tiff.c 10 Apr 2010 19:22:34 -0000 1.16
|
|
+++ tools/ppm2tiff.c 31 Oct 2012 06:25:13 -0000
|
|
@@ -89,6 +89,7 @@
|
|
int c;
|
|
extern int optind;
|
|
extern char* optarg;
|
|
+ tmsize_t scanline_size;
|
|
|
|
if (argc < 2) {
|
|
fprintf(stderr, "%s: Too few arguments\n", argv[0]);
|
|
@@ -237,8 +238,16 @@
|
|
}
|
|
if (TIFFScanlineSize(out) > linebytes)
|
|
buf = (unsigned char *)_TIFFmalloc(linebytes);
|
|
- else
|
|
- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
|
|
+ else {
|
|
+ scanline_size = TIFFScanlineSize(out);
|
|
+ if (scanline_size != 0)
|
|
+ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
|
|
+ else {
|
|
+ fprintf(stderr, "%s: scanline size overflow\n",infile);
|
|
+ (void) TIFFClose(out);
|
|
+ exit(-2);
|
|
+ }
|
|
+ }
|
|
if (resolution > 0) {
|
|
TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
|
|
TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
|
|
|