* libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to avoid

undefined behaviour caused by invalid shift exponent.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
This commit is contained in:
Even Rouault 2017-01-11 16:13:50 +00:00
parent d2e6964efc
commit 153418c943
2 changed files with 14 additions and 1 deletions

View File

@ -1,3 +1,9 @@
2017-01-11 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_jpeg.c: validate BitsPerSample in JPEGSetupEncode() to avoid
undefined behaviour caused by invalid shift exponent.
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
2017-01-11 Even Rouault <even.rouault at spatialys.com> 2017-01-11 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various clampings * libtiff/tif_dir.c, tif_dirread.c, tif_dirwrite.c: implement various clampings

View File

@ -1,4 +1,4 @@
/* $Id: tif_jpeg.c,v 1.125 2017-01-11 12:15:01 erouault Exp $ */ /* $Id: tif_jpeg.c,v 1.126 2017-01-11 16:13:50 erouault Exp $ */
/* /*
* Copyright (c) 1994-1997 Sam Leffler * Copyright (c) 1994-1997 Sam Leffler
@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif)
"Invalig horizontal/vertical sampling value"); "Invalig horizontal/vertical sampling value");
return (0); return (0);
} }
if( td->td_bitspersample > 16 )
{
TIFFErrorExt(tif->tif_clientdata, module,
"BitsPerSample %d not allowed for JPEG",
td->td_bitspersample);
return (0);
}
/* /*
* A ReferenceBlackWhite field *must* be present since the * A ReferenceBlackWhite field *must* be present since the