cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TIFFSetupStrips(): avoid potential uint32 overflow on 32-bit systems with large number of strips. Probably relates to http://bugzilla.maptools.org/show_bug.cgi?id=2788 / CVE-2018-10779

Browse Source
This commit is contained in:
Even Rouault 2018-08-15 16:34:40 +02:00
parent 97a9e1a677
commit 981e43ecae
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libtiff/tif_write.c
View File

@ -538,9 +538,11 @@ TIFFSetupStrips(TIFF* tif)
if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
td->td_stripsperimage /= td->td_samplesperpixel;
td->td_stripoffset = (uint64 *)
_TIFFmalloc(td->td_nstrips * sizeof (uint64));
_TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
"for \"StripOffsets\" array");
td->td_stripbytecount = (uint64 *)
_TIFFmalloc(td->td_nstrips * sizeof (uint64));
_TIFFCheckMalloc(tif, td->td_nstrips, sizeof (uint64),
"for \"StripByteCounts\" array");
if (td->td_stripoffset == NULL || td->td_stripbytecount == NULL)
return (0);
/*