cheng/libtiff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for

Browse Source 
refBlackWhite coefficients values. To avoid invalid float->int32 conversion
(when refBlackWhite[0] == 2147483648.f)
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
Credit to OSS Fuzz
This commit is contained in:
Even Rouault 2017-05-29 11:29:06 +00:00
parent 4d3c3eec0c
commit ed38dcc52c
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog
View File

@ -1,3 +1,11 @@
2017-05-29 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_getimage.c: initYCbCrConversion(): stricter validation for
refBlackWhite coefficients values. To avoid invalid float->int32 conversion
(when refBlackWhite[0] == 2147483648.f)
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1907
Credit to OSS Fuzz
2017-05-29 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_color.c: TIFFYCbCrToRGBInit(): stricter clamping to avoid

4
libtiff/tif_getimage.c
View File

@ -1,4 +1,4 @@
/* $Id: tif_getimage.c,v 1.106 2017-05-20 11:29:02 erouault Exp $ */
/* $Id: tif_getimage.c,v 1.107 2017-05-29 11:29:06 erouault Exp $ */
/*
* Copyright (c) 1991-1997 Sam Leffler
@ -2241,7 +2241,7 @@ DECLARESepPutFunc(putseparate8bitYCbCr11tile)
static int isInRefBlackWhiteRange(float f)
{
return f >= (float)(-0x7FFFFFFF + 128) && f <= (float)0x7FFFFFFF;
return f > (float)(-0x7FFFFFFF + 128) && f < (float)0x7FFFFFFF;
}
static int