diff --git a/ChangeLog b/ChangeLog index 042a4b53..3e980659 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,18 @@ 2015-05-30 Bob Friesenhahn + * tools/gif2tiff.c (readgifimage): Fix Coverity 1024222 "Untrusted + value as argument". + (checksignature): Fix Coverity 1024894 "Ignoring number of bytes + read". + (readextension): Fix Coverity 1024893 "Ignoring number of bytes + read". + (readgifimage): Fix Coverity 1024890 "Ignoring number of bytes + read". + (readraster): Fix Coverity 1024891 "Ignoring number of bytes + read". + (readgifimage): Fix Coverity 1024892 "Ignoring number of bytes + read". + * tools/tiff2pdf.c (t2p_readwrite_pdf_image): Fix Coverity 1024181 "Structurally dead code". diff --git a/Makefile.in b/Makefile.in index 74e9469f..cc1582ee 100644 --- a/Makefile.in +++ b/Makefile.in @@ -222,8 +222,8 @@ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/libtiff-4.pc.in \ $(top_srcdir)/config/missing \ $(top_srcdir)/config/mkinstalldirs ChangeLog README TODO \ config/compile config/config.guess config/config.sub \ - config/install-sh config/ltmain.sh config/missing \ - config/mkinstalldirs + config/depcomp config/install-sh config/ltmain.sh \ + config/missing config/mkinstalldirs DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) diff --git a/configure b/configure index a457def5..f8611630 100755 --- a/configure +++ b/configure @@ -17778,7 +17778,8 @@ _ACEOF fi -for ac_func in floor isascii memmove memset mmap pow setmode sqrt strchr strrchr strstr strtol strtoull +for ac_func in floor isascii memmove memset mmap pow setmode sqrt\ + strchr strrchr strstr strtol strtoull do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" diff --git a/configure.ac b/configure.ac index c9e7658f..d5e684c0 100644 --- a/configure.ac +++ b/configure.ac @@ -363,7 +363,8 @@ AC_CHECK_TYPES([int8, int16, int32],,, ]) dnl Checks for library functions. -AC_CHECK_FUNCS([floor isascii memmove memset mmap pow setmode sqrt strchr strrchr strstr strtol strtoull]) +AC_CHECK_FUNCS([floor isascii memmove memset mmap pow setmode sqrt\ + strchr strrchr strstr strtol strtoull]) dnl Will use local replacements for unavailable functions AC_REPLACE_FUNCS(getopt) diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c index 91439f76..cf6cb561 100644 --- a/tools/gif2tiff.c +++ b/tools/gif2tiff.c @@ -1,4 +1,4 @@ -/* $Id: gif2tiff.c,v 1.16 2014-11-20 16:47:21 erouault Exp $ */ +/* $Id: gif2tiff.c,v 1.17 2015-05-30 20:16:00 bfriesen Exp $ */ /* * Copyright (c) 1990-1997 Sam Leffler @@ -38,6 +38,7 @@ #include #include #include +#include #include #ifdef HAVE_UNISTD_H @@ -125,9 +126,9 @@ static int processCompressOptions(char*); int convert(void); int checksignature(void); -void readscreen(void); +int readscreen(void); int readgifimage(char*); -void readextension(void); +int readextension(void); int readraster(void); int process(int, unsigned char**); void initcolors(unsigned char [COLSIZE][3], int); @@ -206,7 +207,8 @@ convert(void) if (!checksignature()) return (-1); - readscreen(); + if (!readscreen()) + return (-1); while ((ch = getc(infile)) != ';' && ch != EOF) { switch (ch) { case '\0': break; /* this kludge for non-standard files */ @@ -214,7 +216,8 @@ convert(void) return (-1); mode = "a"; /* subsequent images append */ break; - case '!': readextension(); + case '!': if (!readextension()) + return (-1); break; default: fprintf(stderr, "illegal GIF block type\n"); return (-1); @@ -228,7 +231,11 @@ checksignature(void) { char buf[6]; - fread(buf,1,6,infile); + if (fread(buf,1,6,infile) != 6) { + fprintf(stderr, "short read from file %s (%s)\n", + filename, strerror(errno)); + return 0; + } if (strncmp(buf,"GIF",3)) { fprintf(stderr, "file is not a GIF file\n"); return 0; @@ -245,17 +252,27 @@ checksignature(void) * Get information which is global to all the images stored * in the file */ -void +int readscreen(void) { unsigned char buf[7]; - fread(buf,1,7,infile); + if (fread(buf,1,7,infile) != 7) { + fprintf(stderr, "short read from file %s (%s)\n", + filename, strerror(errno)); + return 0; + } global = buf[4] & 0x80; if (global) { globalbits = (buf[4] & 0x07) + 1; - fread(globalmap,3,((size_t)1)< 2000000000 / height) { + if (width == 0UL || height == 0UL || (width > 2000000000UL / height)) { fprintf(stderr, "Invalid value of width or height\n"); return(0); } @@ -283,8 +302,13 @@ readgifimage(char* mode) fprintf(stderr, "no colormap present for image\n"); return (0); } - - if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) { + raster_size=width*height; + if ((raster_size/width) == height) { + raster_size += EXTRAFUDGE; /* Add elbow room */ + } else { + raster_size=0; + } + if ((raster = (unsigned char*) _TIFFmalloc(raster_size)) == NULL) { fprintf(stderr, "not enough memory for image\n"); return (0); } @@ -293,7 +317,12 @@ readgifimage(char* mode) fprintf(stderr, " local colors: %d\n", 1< 0 && count <= 255; count = getc(infile)) { - fread(buf,1,count,infile); + if (fread(buf,1,count,infile) != (size_t)count) { + fprintf(stderr, "short read from file %s (%s)\n", + filename, strerror(errno)); + return 0; + } for (ch=buf; count-- > 0; ch++) { datum += (unsigned long) *ch << bits; bits += 8; @@ -542,7 +582,7 @@ rasterize(int interleaved, char* mode) /* * Local Variables: * mode: c - * c-basic-offset: 8 + * c-basic-offset: 4 * fill-column: 78 * End: */