cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix wrong file size checks for memory-mapped BigTIFF files that could lead to image rejection

Browse Source
This commit is contained in:
Even Rouault 2020-04-15 20:14:47 +02:00
parent 632f6a1a4f
commit c51400048e
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libtiff/tif_dirread.c
View File

@ -864,7 +864,7 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryArrayWithLimit(
datasize=(*count)*typesize;
assert((tmsize_t)datasize>0);
if( isMapped(tif) && datasize > (uint32)tif->tif_size )
if( isMapped(tif) && datasize > (uint64)tif->tif_size )
return TIFFReadDirEntryErrIo;
if( !isMapped(tif) &&
@ -3400,7 +3400,7 @@ TIFFReadDirEntryData(TIFF* tif, uint64 offset, tmsize_t size, void* dest)
return TIFFReadDirEntryErrIo;
}
mb=ma+size;
if (mb > (size_t)tif->tif_size)
if (mb > (uint64)tif->tif_size)
return(TIFFReadDirEntryErrIo);
_TIFFmemcpy(dest,tif->tif_base+ma,size);
}