cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* libtiff/tif_read.c: TIFFStartTile(): set tif_rawcc to

Browse Source 
tif_rawdataloaded when it is set. Similarly to TIFFStartStrip().
This issue was revealed by the change of 2017-06-30 in TIFFFileTile(),
limiting the number of bytes read. But it could probably have been hit
too in CHUNKY_STRIP_READ_SUPPORT mode previously ?
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2454
Credit to OSS Fuzz
This commit is contained in:
Even Rouault 2017-07-02 14:13:39 +00:00
parent 0f83a86b7b
commit 8eff533db2
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -1,3 +1,13 @@
2017-07-02 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_read.c: TIFFStartTile(): set tif_rawcc to
tif_rawdataloaded when it is set. Similarly to TIFFStartStrip().
This issue was revealed by the change of 2017-06-30 in TIFFFileTile(),
limiting the number of bytes read. But it could probably have been hit
too in CHUNKY_STRIP_READ_SUPPORT mode previously ?
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2454
Credit to OSS Fuzz
2017-06-30 Even Rouault <even.rouault at spatialys.com>
* man: update documentation regarding SubIFD tag and

7
libtiff/tif_read.c
View File

@ -1,4 +1,4 @@
/* $Id: tif_read.c,v 1.62 2017-06-30 13:11:18 erouault Exp $ */
/* $Id: tif_read.c,v 1.63 2017-07-02 14:13:39 erouault Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@ -1421,7 +1421,10 @@ TIFFStartTile(TIFF* tif, uint32 tile)
else
{
tif->tif_rawcp = tif->tif_rawdata;
tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[tile];
if( tif->tif_rawdataloaded > 0 )
tif->tif_rawcc = tif->tif_rawdataloaded;
else
tif->tif_rawcc = (tmsize_t)td->td_stripbytecount[tile];
}
return ((*tif->tif_predecode)(tif,
(uint16)(tile/td->td_stripsperimage)));