Skip to content
This repository has been archived by the owner on Dec 1, 2017. It is now read-only.

Commit

Permalink
* tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that
Browse files Browse the repository at this point in the history 
can cause various issues, such as buffer overflows in the library.
Reported by Agostino Sarubbo.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598
  • Loading branch information
erouault committed Dec 2, 2016
1 parent 438274f commit 5397a41
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
7 changes: 7 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,10 @@
2016-12-02 Even Rouault <even.rouault at spatialys.com>

* tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that
can cause various issues, such as buffer overflows in the library.
Reported by Agostino Sarubbo.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598

2016-12-02 Even Rouault <even.rouault at spatialys.com>

* libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
Expand Down
2 changes: 1 addition & 1 deletion tools/tiffcp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips)
tstrip_t s, ns = TIFFNumberOfStrips(in);
uint32 row = 0;
_TIFFmemset(buf, 0, stripsize);
for (s = 0; s < ns; s++) {
for (s = 0; s < ns && row < imagelength; s++) {
tsize_t cc = (row + rowsperstrip > imagelength) ?
TIFFVStripSize(in, imagelength - row) : stripsize;
if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
Expand Down

0 comments on commit 5397a41

Please sign in to comment.