squash heap-buffer-overflow, PoC TIFF from Hardik

ImageMagick · Aug 27, 2022 · 1aea203 · 1aea203 · bastien-roucaries · Mar 17, 2024
1 parent 033ed11
commit 1aea203
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/coders/tiff.c b/coders/tiff.c
@@ -1798,7 +1798,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
         /*
           Convert stripped TIFF image.
         */
-        extent=4*(samples_per_pixel+1)*TIFFStripSize(tiff);
+        extent=4*((image->depth+7)/8)*(samples_per_pixel+1)*TIFFStripSize(tiff);
         strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
           sizeof(*strip_pixels));
         if (strip_pixels == (unsigned char *) NULL)