Petr Gajdos
02c9a4e927
* modified CVE-2011-0192.patch - fixed buffer overflow in thunder decoder [bnc#683337] * added CVE-2011-1167.patch OBS-URL: https://build.opensuse.org/package/show/graphics/tiff?expand=0&rev=27
69 lines
1.8 KiB
Diff
69 lines
1.8 KiB
Diff
Index: libtiff/tif_thunder.c
|
|
===================================================================
|
|
--- libtiff/tif_thunder.c.orig
|
|
+++ libtiff/tif_thunder.c
|
|
@@ -25,6 +25,7 @@
|
|
*/
|
|
|
|
#include "tiffiop.h"
|
|
+#include <assert.h>
|
|
#ifdef THUNDER_SUPPORT
|
|
/*
|
|
* TIFF Library.
|
|
@@ -55,12 +56,32 @@
|
|
static const int twobitdeltas[4] = { 0, 1, 0, -1 };
|
|
static const int threebitdeltas[8] = { 0, 1, 2, 3, 0, -3, -2, -1 };
|
|
|
|
-#define SETPIXEL(op, v) { \
|
|
- lastpixel = (v) & 0xf; \
|
|
- if (npixels++ & 1) \
|
|
- *op++ |= lastpixel; \
|
|
- else \
|
|
+#define SETPIXEL(op, v) { \
|
|
+ lastpixel = (v) & 0xf; \
|
|
+ if ( npixels < maxpixels ) \
|
|
+ { \
|
|
+ if (npixels++ & 1) \
|
|
+ *op++ |= lastpixel; \
|
|
+ else \
|
|
op[0] = (tidataval_t) (lastpixel << 4); \
|
|
+ } \
|
|
+}
|
|
+
|
|
+static int
|
|
+ThunderSetupDecode(TIFF* tif)
|
|
+{
|
|
+ static const char module[] = "ThunderSetupDecode";
|
|
+
|
|
+ if( tif->tif_dir.td_bitspersample != 4 )
|
|
+ {
|
|
+ TIFFErrorExt(tif->tif_clientdata, module,
|
|
+ "Wrong bitspersample value (%d), Thunder decoder only supports 4bits per sample.",
|
|
+ (int) tif->tif_dir.td_bitspersample );
|
|
+ return 0;
|
|
+ }
|
|
+
|
|
+
|
|
+ return (1);
|
|
}
|
|
|
|
static int
|
|
@@ -142,7 +163,8 @@ ThunderDecodeRow(TIFF* tif, tidata_t buf
|
|
occ -= tif->tif_scanlinesize;
|
|
row += tif->tif_scanlinesize;
|
|
}
|
|
- return (1);
|
|
+
|
|
+ return (1);
|
|
}
|
|
|
|
int
|
|
@@ -151,6 +173,7 @@ TIFFInitThunderScan(TIFF* tif, int schem
|
|
(void) scheme;
|
|
tif->tif_decoderow = ThunderDecodeRow;
|
|
tif->tif_decodestrip = ThunderDecodeRow;
|
|
+ tif->tif_setupdecode = ThunderSetupDecode;
|
|
return (1);
|
|
}
|
|
#endif /* THUNDER_SUPPORT */
|