Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2:Test
tiff
tiff-3.9.5-CVE-2012-4447.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tiff-3.9.5-CVE-2012-4447.patch of Package tiff
Index: libtiff/tif_pixarlog.c =================================================================== --- libtiff/tif_pixarlog.c.orig +++ libtiff/tif_pixarlog.c @@ -93,6 +93,8 @@ #include <stdlib.h> #include <math.h> +#include <limits.h> + /* Tables for converting to/from 11 bit coded values */ #define TSIZE 2048 /* decode table size (11-bit tokens) */ @@ -664,7 +666,15 @@ PixarLogSetupDecode(TIFF* tif) td->td_rowsperstrip), sizeof(uint16)); if (tbuf_size == 0) return (0); - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); + + int i_stride = sp->stride * sizeof(uint16); + if (tbuf_size > (INT_MAX - i_stride)) { + TIFFErrorExt(tif->tif_clientdata, module, "%s: overflow!", + tif->tif_name); + return (0); + } + + sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size + i_stride); if (sp->tbuf == NULL) return (0); if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN) @@ -829,7 +839,15 @@ PixarLogSetupEncode(TIFF* tif) td->td_rowsperstrip), sizeof(uint16)); if (tbuf_size == 0) return (0); - sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size); + + int i_stride = sp->stride * sizeof(uint16); + if (tbuf_size > (INT_MAX - i_stride)) { + TIFFErrorExt(tif->tif_clientdata, module, "%s: overflow!", + tif->tif_name); + return (0); + } + + sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size + i_stride); if (sp->tbuf == NULL) return (0); if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor