Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

* tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that

can cause various issues, such as buffer overflows in the library.
Reported by Agostino Sarubbo.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598
  • Loading branch information...
erouault
erouault committed Dec 2, 2016
1 parent 438274f commit 5397a417e61258c69209904e652a1f409ec3b9df
Showing with 8 additions and 1 deletion.
  1. +7 −0 ChangeLog
  2. +1 −1 tools/tiffcp.c
@@ -1,3 +1,10 @@
2016-12-02 Even Rouault <even.rouault at spatialys.com>

* tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that
can cause various issues, such as buffer overflows in the library.
Reported by Agostino Sarubbo.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598

2016-12-02 Even Rouault <even.rouault at spatialys.com>

* libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
@@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips)
tstrip_t s, ns = TIFFNumberOfStrips(in);
uint32 row = 0;
_TIFFmemset(buf, 0, stripsize);
for (s = 0; s < ns; s++) {
for (s = 0; s < ns && row < imagelength; s++) {
tsize_t cc = (row + rowsperstrip > imagelength) ?
TIFFVStripSize(in, imagelength - row) : stripsize;
if (TIFFReadEncodedStrip(in, s, buf, cc) < 0

0 comments on commit 5397a41

Please sign in to comment.
You can’t perform that action at this time.