cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ChopUpSingleUncompressedStrip: avoid memory exhaustion (CVE-2017-11613)

Browse Source 
Rework fix done in 3719385a3f to work in more
cases like https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6979.
Credit to OSS Fuzz

Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2724
This commit is contained in:
Even Rouault 2018-03-17 09:36:29 +01:00
parent a621460666
commit 7a092f8af2
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libtiff/tif_dirread.c
View File

@ -5700,9 +5700,8 @@ ChopUpSingleUncompressedStrip(TIFF* tif)
/* file is as big as needed */
if( tif->tif_mode == O_RDONLY &&
nstrips > 1000000 &&
(tif->tif_dir.td_stripoffset[0] >= TIFFGetFileSize(tif) ||
tif->tif_dir.td_stripbytecount[0] >
TIFFGetFileSize(tif) - tif->tif_dir.td_stripoffset[0]) )
(offset >= TIFFGetFileSize(tif) ||
stripbytes > (TIFFGetFileSize(tif) - offset) / (nstrips - 1)) )
{
return;
}