cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TIFFReadAndRealloc(): avoid too large memory allocation attempts. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17244

Browse Source
This commit is contained in:
Even Rouault 2019-09-18 01:21:17 +02:00
parent 3519ab6c7f
commit e86d43caee
No known key found for this signature in database
GPG Key ID: 33EBBFC47B3DD87D
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libtiff/tif_read.c
View File

@ -60,6 +60,22 @@ static int TIFFReadAndRealloc( TIFF* tif, tmsize_t size,
#endif #endif
tmsize_t already_read = 0; tmsize_t already_read = 0;
#if SIZEOF_SIZE_T != 8
/* On 32 bit processes, if the request is large enough, check against */
/* file size */
if( size > 1000 * 1000 * 1000 )
{
uint64 filesize = TIFFGetFileSize(tif);
if( (uint64)size >= filesize )
{
TIFFErrorExt(tif->tif_clientdata, module,
"Chunk size requested is larger than file size.");
return 0;
}
}
#endif
/* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */ /* On 64 bit processes, read first a maximum of 1 MB, then 10 MB, etc */
/* so as to avoid allocating too much memory in case the file is too */ /* so as to avoid allocating too much memory in case the file is too */
/* short. We could ask for the file size, but this might be */ /* short. We could ask for the file size, but this might be */