Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

* tools/tiffcp.c: fix out-of-bounds write on tiled images with odd

tile width vs image width. Reported as MSVR 35103
by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities &
Mitigations team.
  • Loading branch information...
erouault
erouault committed Oct 8, 2016
1 parent d295571 commit 5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
Showing with 9 additions and 2 deletions.
  1. +7 −0 ChangeLog
  2. +2 −2 tools/tiffcp.c
@@ -1,3 +1,10 @@
2016-10-08 Even Rouault <even.rouault at spatialys.com>

* tools/tiffcp.c: fix out-of-bounds write on tiled images with odd
tile width vs image width. Reported as MSVR 35103
by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities &
Mitigations team.

2016-10-08 Even Rouault <even.rouault at spatialys.com>

* tools/tiff2pdf.c: fix read -largely- outsize of buffer in
@@ -1338,7 +1338,7 @@ DECLAREreadFunc(readContigTilesIntoBuffer)
uint32 colb = 0;
uint32 col;

for (col = 0; col < imagewidth; col += tw) {
for (col = 0; col < imagewidth && colb < imagew; col += tw) {
if (TIFFReadTile(in, tilebuf, col, row, 0, 0) < 0
&& !ignore) {
TIFFError(TIFFFileName(in),
@@ -1523,7 +1523,7 @@ DECLAREwriteFunc(writeBufferToContigTiles)
uint32 colb = 0;
uint32 col;

for (col = 0; col < imagewidth; col += tw) {
for (col = 0; col < imagewidth && colb < imagew; col += tw) {
/*
* Tile is clipped horizontally. Calculate
* visible portion and skewing factors.

0 comments on commit 5ad9d80

Please sign in to comment.
You can’t perform that action at this time.