Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:9363
tiff.openSUSE_Leap_42.3_Update
tiff-CVE-2018-18661.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tiff-CVE-2018-18661.patch of Package tiff.openSUSE_Leap_42.3_Update
Index: tiff-4.0.9/tools/tiff2bw.c =================================================================== --- tiff-4.0.9.orig/tools/tiff2bw.c 2018-11-12 14:31:24.284773519 +0100 +++ tiff-4.0.9/tools/tiff2bw.c 2018-11-12 14:31:24.296773576 +0100 @@ -40,6 +40,7 @@ #endif #include "tiffio.h" +#include "tiffiop.h" #define streq(a,b) (strcmp((a),(b)) == 0) #define strneq(a,b,n) (strncmp(a,b,n) == 0) @@ -223,6 +224,11 @@ main(int argc, char* argv[]) TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing); TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw"); outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out)); + if( !outbuf ) + { + fprintf(stderr, "Out of memory\n"); + goto tiff2bw_error; + } TIFFSetField(out, TIFFTAG_ROWSPERSTRIP, TIFFDefaultStripSize(out, rowsperstrip)); @@ -246,6 +252,11 @@ main(int argc, char* argv[]) #undef CVT } inbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(in)); + if( !inbuf ) + { + fprintf(stderr, "Out of memory\n"); + goto tiff2bw_error; + } for (row = 0; row < h; row++) { if (TIFFReadScanline(in, inbuf, row, 0) < 0) break; @@ -256,6 +267,11 @@ main(int argc, char* argv[]) break; case pack(PHOTOMETRIC_RGB, PLANARCONFIG_CONTIG): inbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(in)); + if( !inbuf ) + { + fprintf(stderr, "Out of memory\n"); + goto tiff2bw_error; + } for (row = 0; row < h; row++) { if (TIFFReadScanline(in, inbuf, row, 0) < 0) break; @@ -265,8 +281,16 @@ main(int argc, char* argv[]) } break; case pack(PHOTOMETRIC_RGB, PLANARCONFIG_SEPARATE): + { + tmsize_t inbufsize; rowsize = TIFFScanlineSize(in); - inbuf = (unsigned char *)_TIFFmalloc(3*rowsize); + inbufsize = TIFFSafeMultiply(tmsize_t, 3, rowsize); + inbuf = (unsigned char *)_TIFFmalloc(inbufsize); + if( !inbuf ) + { + fprintf(stderr, "Out of memory\n"); + goto tiff2bw_error; + } for (row = 0; row < h; row++) { for (s = 0; s < 3; s++) if (TIFFReadScanline(in, @@ -278,6 +302,7 @@ main(int argc, char* argv[]) break; } break; + } } #undef pack if (inbuf)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
