cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tif_fax3.c: check buffer overflow in Fax4Decode()

Browse Source 
fixes #174
This commit is contained in:
Thomas Bernard 2020-02-16 18:51:49 +01:00
parent a6fa499e20
commit c4710ee226
No known key found for this signature in database
GPG Key ID: 0FF11B67A5C0863C
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libtiff/tif_fax3.c
View File

@ -1453,6 +1453,8 @@ Fax4Decode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
EXPAND2D(EOFG4);
if (EOLcnt)
goto EOFG4;
if (((lastx + 7) >> 3) > (int)occ) /* check for buffer overflow */
return -1;
(*sp->fill)(buf, thisrun, pa, lastx);
SETVALUE(0); /* imaginary change for reference */
SWAP(uint32*, sp->curruns, sp->refruns);
@ -1468,6 +1470,8 @@ Fax4Decode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
fputs( "Bad EOFB\n", stderr );
#endif
ClrBits( 13 );
if (((lastx + 7) >> 3) > (int)occ) /* check for buffer overflow */
return -1;
(*sp->fill)(buf, thisrun, pa, lastx);
UNCACHE_STATE(tif, sp);
return ( sp->line ? 1 : -1); /* don't error on badly-terminated strips */