cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* libtiff/tif_ojpeg.c: plug leaks on OJPEG read failure path

Browse Source
This commit is contained in:
Bob Friesenhahn 2011-05-31 17:05:07 +00:00
parent d73e9e8b19
commit aacd29d141
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -1,5 +1,6 @@
2011-05-31 Jim Meyering <meyering@redhat.com>
* libtiff/tif_ojpeg.c: plug leaks on OJPEG read failure path
* tools/rgb2ycbcr.c (cvtRaster): unchecked malloc
* libtiff/tif_jpeg.c, tools/tiff2pdf.c, tools/tiff2ps.c: mark
NULL-deref and possible overflow

7
libtiff/tif_ojpeg.c
View File

@ -1,4 +1,4 @@
/* $Id: tif_ojpeg.c,v 1.53 2011-04-02 19:30:20 bfriesen Exp $ */
/* $Id: tif_ojpeg.c,v 1.54 2011-05-31 17:05:07 bfriesen Exp $ */
/* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
specification is now totally obsolete and deprecated for new applications and
@ -1433,12 +1433,15 @@ OJPEGReadHeaderInfoSecStreamDqt(TIFF* tif)
nb[sizeof(uint32)+1]=JPEG_MARKER_DQT;
nb[sizeof(uint32)+2]=0;
nb[sizeof(uint32)+3]=67;
if (OJPEGReadBlock(sp,65,&nb[sizeof(uint32)+4])==0)
if (OJPEGReadBlock(sp,65,&nb[sizeof(uint32)+4])==0) {
_TIFFfree(nb);
return(0);
}
o=nb[sizeof(uint32)+4]&15;
if (3<o)
{
TIFFErrorExt(tif->tif_clientdata,module,"Corrupt DQT marker in JPEG data");
_TIFFfree(nb);
return(0);
}
if (sp->qtable[o]!=0)