cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Properly zero out the string table. Fixes CVE-2008-2327 security issue.

Browse Source
This commit is contained in:
Andrey Kiselev 2008-09-03 07:07:22 +00:00
parent 9fa82bfb78
commit aef997530c
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libtiff/tif_lzw.c
View File

@ -1,4 +1,4 @@
/* $Id: tif_lzw.c,v 1.37 2007-11-02 00:25:25 fwarmerdam Exp $ */ /* $Id: tif_lzw.c,v 1.38 2008-09-03 07:07:22 dron Exp $ */
/* /*
* Copyright (c) 1988-1997 Sam Leffler * Copyright (c) 1988-1997 Sam Leffler
@ -423,6 +423,8 @@ LZWDecode(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
break; break;
if (code == CODE_CLEAR) { if (code == CODE_CLEAR) {
free_entp = sp->dec_codetab + CODE_FIRST; free_entp = sp->dec_codetab + CODE_FIRST;
_TIFFmemset(free_entp, 0,
(CSIZE - CODE_FIRST) * sizeof (code_t));
nbits = BITS_MIN; nbits = BITS_MIN;
nbitsmask = MAXCODE(BITS_MIN); nbitsmask = MAXCODE(BITS_MIN);
maxcodep = sp->dec_codetab + nbitsmask-1; maxcodep = sp->dec_codetab + nbitsmask-1;
@ -627,6 +629,8 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
break; break;
if (code == CODE_CLEAR) { if (code == CODE_CLEAR) {
free_entp = sp->dec_codetab + CODE_FIRST; free_entp = sp->dec_codetab + CODE_FIRST;
_TIFFmemset(free_entp, 0,
(CSIZE - CODE_FIRST) * sizeof (code_t));
nbits = BITS_MIN; nbits = BITS_MIN;
nbitsmask = MAXCODE(BITS_MIN); nbitsmask = MAXCODE(BITS_MIN);
maxcodep = sp->dec_codetab + nbitsmask; maxcodep = sp->dec_codetab + nbitsmask;