(get_histogram): Quiet Coverity 1024386 "Out-of-bounds read".

This was a benign mis-diagnosis but added code to enforce against buffer overflow.
2015-05-28 03:08:18 +00:00 · 2015-05-28 03:08:18 +00:00 · a80995a42b
commit a80995a42b
parent 73dcb5ee75
2 changed files with 13 additions and 4 deletions
--- a/3
+++ b/3
@ -2,6 +2,9 @@

 	* tools/tiffmedian.c (GetInputLine): Fix Coverity 1024795 "Nesting
 	level does not match indentation".
+	(get_histogram): Quiet Coverity 1024386 "Out-of-bounds read".
+	This was a benign mis-diagnosis but added code to enforce against
+	buffer overflow.

 	* tools/tiffcrop.c (ROTATE_ANY): Fix Coverity 1294542 "Logical
 	vs. bitwise operator".
--- a/tools/tiffmedian.c
+++ b/tools/tiffmedian.c
@ -1,4 +1,4 @@
-/* $Id: tiffmedian.c,v 1.11 2015-05-28 02:25:11 bfriesen Exp $ */
+/* $Id: tiffmedian.c,v 1.12 2015-05-28 03:08:18 bfriesen Exp $ */

 /*
 * Apply median cut on an image.
@ -371,9 +371,15 @@ get_histogram(TIFF* in, Colorbox* box)
 			break;
 		inptr = inputline;
 		for (j = imagewidth; j-- > 0;) {
-			red = *inptr++ >> COLOR_SHIFT;
-			green = *inptr++ >> COLOR_SHIFT;
-			blue = *inptr++ >> COLOR_SHIFT;
+			red = (*inptr++) & 0xff >> COLOR_SHIFT;
+			green = (*inptr++) & 0xff >> COLOR_SHIFT;
+			blue = (*inptr++) & 0xff >> COLOR_SHIFT;
+                        if ((red | green | blue) >= B_LEN) {
+                                fprintf(stderr,
+                                        "Logic error. "
+                                        "Histogram array overflow!\n");
+                                exit(-6);
+                        }
 			if (red < box->rmin)
 				box->rmin = red;
 		        if (red > box->rmax)