Allocate working buffer one word larger since we "forward accumulate" and overwrite the end by one word in at least some cases.
This commit is contained in:
parent
c6d8cdcf29
commit
bcc1656171
@ -1,3 +1,8 @@
|
||||
2012-05-24 Frank Warmerdam <warmerdam@google.com>
|
||||
|
||||
* libtiff/tif_pixarlog.c: Allocate working buffer one word larger since we "forward
|
||||
accumulate" and overwrite the end by one word in at least some cases.
|
||||
|
||||
2012-05-23 Frank Warmerdam <warmerdam@google.com>
|
||||
|
||||
* libtiff/tif_pixarlog.c: avoid accessing out of the lookup arrays for out of range inputs.
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $Id: tif_pixarlog.c,v 1.36 2012-05-24 05:25:14 fwarmerdam Exp $ */
|
||||
/* $Id: tif_pixarlog.c,v 1.37 2012-05-24 23:21:45 fwarmerdam Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1996-1997 Sam Leffler
|
||||
@ -673,7 +673,7 @@ PixarLogSetupDecode(TIFF* tif)
|
||||
td->td_rowsperstrip), sizeof(uint16));
|
||||
if (tbuf_size == 0)
|
||||
return (0); /* TODO: this is an error return without error report through TIFFErrorExt */
|
||||
sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size);
|
||||
sp->tbuf = (uint16 *) _TIFFmalloc(tbuf_size+sizeof(uint16));
|
||||
if (sp->tbuf == NULL)
|
||||
return (0);
|
||||
if (sp->user_datafmt == PIXARLOGDATAFMT_UNKNOWN)
|
||||
|
Loading…
Reference in New Issue
Block a user