make more resistent to corrupt/hostile input files (#2450, CVE-2013-4231)

This commit is contained in:
Frank Warmerdam 2013-08-14 05:18:53 +00:00
parent 67d92d90f8
commit 44650c28f1
2 changed files with 6 additions and 1 deletions

View File

@ -1,5 +1,8 @@
2013-08-13 Frank Warmerdam <warmerdam@pobox.com> 2013-08-13 Frank Warmerdam <warmerdam@pobox.com>
* tools/gif2tiff.c: Be more careful about corrupt or
hostile input files (#2450, CVE-2013-4231)
* tools/tiff2pdf.c: terminate after failure of allocating * tools/tiff2pdf.c: terminate after failure of allocating
ycbcr buffer (bug #2449, CVE-2013-4232) ycbcr buffer (bug #2449, CVE-2013-4232)

View File

@ -1,4 +1,4 @@
/* $Id: gif2tiff.c,v 1.12 2010-12-15 00:22:44 faxguy Exp $ */ /* $Id: gif2tiff.c,v 1.13 2013-08-14 05:18:53 fwarmerdam Exp $ */
/* /*
* Copyright (c) 1990-1997 Sam Leffler * Copyright (c) 1990-1997 Sam Leffler
@ -333,6 +333,8 @@ readraster(void)
int status = 1; int status = 1;
datasize = getc(infile); datasize = getc(infile);
if (datasize > 12)
return 0;
clear = 1 << datasize; clear = 1 << datasize;
eoi = clear + 1; eoi = clear + 1;
avail = clear + 2; avail = clear + 2;