From ff1022ac06319a52ab86533241486a9adc3fa3e9 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Sat, 3 Oct 2020 18:12:04 +0200 Subject: [PATCH] FAX/JPEG/LZMA/PixarLog/ZIP/ZSTD codecs: make sure to check TIFFFlushData1() return value --- libtiff/tif_fax3.c | 66 ++++++++++++++++++++++++++++++------------ libtiff/tif_jpeg.c | 3 +- libtiff/tif_lzma.c | 6 ++-- libtiff/tif_pixarlog.c | 6 ++-- libtiff/tif_zip.c | 6 ++-- libtiff/tif_zstd.c | 6 ++-- 6 files changed, 65 insertions(+), 28 deletions(-) diff --git a/libtiff/tif_fax3.c b/libtiff/tif_fax3.c index cd8e4ef2..9ab5b26a 100644 --- a/libtiff/tif_fax3.c +++ b/libtiff/tif_fax3.c @@ -610,15 +610,19 @@ Fax3SetupState(TIFF* tif) */ #define Fax3FlushBits(tif, sp) { \ - if ((tif)->tif_rawcc >= (tif)->tif_rawdatasize) \ - (void) TIFFFlushData1(tif); \ + if ((tif)->tif_rawcc >= (tif)->tif_rawdatasize) { \ + if( !TIFFFlushData1(tif) ) \ + return 0; \ + } \ *(tif)->tif_rawcp++ = (uint8) (sp)->data; \ (tif)->tif_rawcc++; \ (sp)->data = 0, (sp)->bit = 8; \ } #define _FlushBits(tif) { \ - if ((tif)->tif_rawcc >= (tif)->tif_rawdatasize) \ - (void) TIFFFlushData1(tif); \ + if ((tif)->tif_rawcc >= (tif)->tif_rawdatasize) { \ + if( !TIFFFlushData1(tif) ) \ + return 0; \ + } \ *(tif)->tif_rawcp++ = (uint8) data; \ (tif)->tif_rawcc++; \ data = 0, bit = 8; \ @@ -643,7 +647,7 @@ static const int _msbmask[9] = * the output stream. Values are * assumed to be at most 16 bits. */ -static void +static int Fax3PutBits(TIFF* tif, unsigned int bits, unsigned int length) { Fax3CodecState* sp = EncoderState(tif); @@ -654,6 +658,7 @@ Fax3PutBits(TIFF* tif, unsigned int bits, unsigned int length) sp->data = data; sp->bit = bit; + return 1; } /* @@ -678,7 +683,7 @@ Fax3PutBits(TIFF* tif, unsigned int bits, unsigned int length) * appropriate table that holds the make-up and * terminating codes is supplied. */ -static void +static int putspan(TIFF* tif, int32 span, const tableentry* tab) { Fax3CodecState* sp = EncoderState(tif); @@ -716,6 +721,8 @@ putspan(TIFF* tif, int32 span, const tableentry* tab) sp->data = data; sp->bit = bit; + + return 1; } /* @@ -724,7 +731,7 @@ putspan(TIFF* tif, int32 span, const tableentry* tab) * here. We also handle writing the tag bit for the next * scanline when doing 2d encoding. */ -static void +static int Fax3PutEOL(TIFF* tif) { Fax3CodecState* sp = EncoderState(tif); @@ -758,6 +765,8 @@ Fax3PutEOL(TIFF* tif) sp->data = data; sp->bit = bit; + + return 1; } /* @@ -1007,12 +1016,14 @@ Fax3Encode1DRow(TIFF* tif, unsigned char* bp, uint32 bits) for (;;) { span = find0span(bp, bs, bits); /* white span */ - putspan(tif, span, TIFFFaxWhiteCodes); + if( !putspan(tif, span, TIFFFaxWhiteCodes) ) + return 0; bs += span; if (bs >= bits) break; span = find1span(bp, bs, bits); /* black span */ - putspan(tif, span, TIFFFaxBlackCodes); + if( !putspan(tif, span, TIFFFaxBlackCodes) ) + return 0; bs += span; if (bs >= bits) break; @@ -1064,21 +1075,28 @@ Fax3Encode2DRow(TIFF* tif, unsigned char* bp, unsigned char* rp, uint32 bits) (b1 < a1 && a1 - b1 <= 3U) ? -(int32)(a1 - b1) : 0x7FFFFFFF; if (!(-3 <= d && d <= 3)) { /* horizontal mode */ a2 = finddiff2(bp, a1, bits, PIXEL(bp,a1)); - putcode(tif, &horizcode); + if( !putcode(tif, &horizcode) ) + return 0; if (a0+a1 == 0 || PIXEL(bp, a0) == 0) { - putspan(tif, a1-a0, TIFFFaxWhiteCodes); - putspan(tif, a2-a1, TIFFFaxBlackCodes); + if( !putspan(tif, a1-a0, TIFFFaxWhiteCodes) ) + return 0; + if( !putspan(tif, a2-a1, TIFFFaxBlackCodes) ) + return 0; } else { - putspan(tif, a1-a0, TIFFFaxBlackCodes); - putspan(tif, a2-a1, TIFFFaxWhiteCodes); + if( !putspan(tif, a1-a0, TIFFFaxBlackCodes) ) + return 0; + if( !putspan(tif, a2-a1, TIFFFaxWhiteCodes) ) + return 0; } a0 = a2; } else { /* vertical mode */ - putcode(tif, &vcodes[d+3]); + if( !putcode(tif, &vcodes[d+3]) ) + return 0; a0 = a1; } } else { /* pass mode */ - putcode(tif, &passcode); + if( !putcode(tif, &passcode) ) + return 0; a0 = b2; } if (a0 >= bits) @@ -1107,7 +1125,10 @@ Fax3Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) } while (cc > 0) { if ((sp->b.mode & FAXMODE_NOEOL) == 0) - Fax3PutEOL(tif); + { + if( !Fax3PutEOL(tif) ) + return 0; + } if (is2DEncoding(sp)) { if (sp->tag == G3_1D) { if (!Fax3Encode1DRow(tif, bp, sp->b.rowpixels)) @@ -1144,8 +1165,8 @@ Fax3PostEncode(TIFF* tif) return (1); } -static void -Fax3Close(TIFF* tif) +static int +_Fax3Close(TIFF* tif) { if ((Fax3State(tif)->mode & FAXMODE_NORTC) == 0 && tif->tif_rawcp) { Fax3CodecState* sp = EncoderState(tif); @@ -1161,6 +1182,13 @@ Fax3Close(TIFF* tif) Fax3PutBits(tif, code, length); Fax3FlushBits(tif, sp); } + return 1; +} + +static void +Fax3Close(TIFF* tif) +{ + _Fax3Close(tif); } static void diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c index 74fbb16e..28d08e37 100644 --- a/libtiff/tif_jpeg.c +++ b/libtiff/tif_jpeg.c @@ -466,7 +466,8 @@ std_empty_output_buffer(j_compress_ptr cinfo) } #endif - TIFFFlushData1(tif); + if( !TIFFFlushData1(tif) ) + return FALSE; sp->dest.next_output_byte = (JOCTET*) tif->tif_rawdata; sp->dest.free_in_buffer = (size_t) tif->tif_rawdatasize; diff --git a/libtiff/tif_lzma.c b/libtiff/tif_lzma.c index 3f6096b6..4e347c94 100644 --- a/libtiff/tif_lzma.c +++ b/libtiff/tif_lzma.c @@ -300,7 +300,8 @@ LZMAEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) } if (sp->stream.avail_out == 0) { tif->tif_rawcc = tif->tif_rawdatasize; - TIFFFlushData1(tif); + if (!TIFFFlushData1(tif)) + return 0; sp->stream.next_out = tif->tif_rawdata; sp->stream.avail_out = (size_t)tif->tif_rawdatasize; /* this is a safe typecast, as check is made already in LZMAPreEncode */ } @@ -328,7 +329,8 @@ LZMAPostEncode(TIFF* tif) if ((tmsize_t)sp->stream.avail_out != tif->tif_rawdatasize) { tif->tif_rawcc = tif->tif_rawdatasize - sp->stream.avail_out; - TIFFFlushData1(tif); + if (!TIFFFlushData1(tif)) + return 0; sp->stream.next_out = tif->tif_rawdata; sp->stream.avail_out = (size_t)tif->tif_rawdatasize; /* this is a safe typecast, as check is made already in ZIPPreEncode */ } diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c index 62640905..148ee619 100644 --- a/libtiff/tif_pixarlog.c +++ b/libtiff/tif_pixarlog.c @@ -1200,7 +1200,8 @@ PixarLogEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) } if (sp->stream.avail_out == 0) { tif->tif_rawcc = tif->tif_rawdatasize; - TIFFFlushData1(tif); + if (!TIFFFlushData1(tif)) + return 0; sp->stream.next_out = tif->tif_rawdata; sp->stream.avail_out = (uInt) tif->tif_rawdatasize; /* this is a safe typecast, as check is made already in PixarLogPreEncode */ } @@ -1230,7 +1231,8 @@ PixarLogPostEncode(TIFF* tif) if ((tmsize_t)sp->stream.avail_out != tif->tif_rawdatasize) { tif->tif_rawcc = tif->tif_rawdatasize - sp->stream.avail_out; - TIFFFlushData1(tif); + if (!TIFFFlushData1(tif)) + return 0; sp->stream.next_out = tif->tif_rawdata; sp->stream.avail_out = (uInt) tif->tif_rawdatasize; /* this is a safe typecast, as check is made already in PixarLogPreEncode */ } diff --git a/libtiff/tif_zip.c b/libtiff/tif_zip.c index 325222e5..d8fe919b 100644 --- a/libtiff/tif_zip.c +++ b/libtiff/tif_zip.c @@ -265,7 +265,8 @@ ZIPEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) } if (sp->stream.avail_out == 0) { tif->tif_rawcc = tif->tif_rawdatasize; - TIFFFlushData1(tif); + if (!TIFFFlushData1(tif)) + return 0; sp->stream.next_out = tif->tif_rawdata; sp->stream.avail_out = (uint64)tif->tif_rawdatasize <= 0xFFFFFFFFU ? (uInt)tif->tif_rawdatasize : 0xFFFFFFFFU; } @@ -294,7 +295,8 @@ ZIPPostEncode(TIFF* tif) if ((tmsize_t)sp->stream.avail_out != tif->tif_rawdatasize) { tif->tif_rawcc = tif->tif_rawdatasize - sp->stream.avail_out; - TIFFFlushData1(tif); + if (!TIFFFlushData1(tif)) + return 0; sp->stream.next_out = tif->tif_rawdata; sp->stream.avail_out = (uint64)tif->tif_rawdatasize <= 0xFFFFFFFFU ? (uInt)tif->tif_rawdatasize : 0xFFFFFFFFU; } diff --git a/libtiff/tif_zstd.c b/libtiff/tif_zstd.c index 21c935e2..66135e03 100644 --- a/libtiff/tif_zstd.c +++ b/libtiff/tif_zstd.c @@ -260,7 +260,8 @@ ZSTDEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s) } if( sp->out_buffer.pos == sp->out_buffer.size ) { tif->tif_rawcc = tif->tif_rawdatasize; - TIFFFlushData1(tif); + if (!TIFFFlushData1(tif)) + return 0; sp->out_buffer.dst = tif->tif_rawcp; sp->out_buffer.pos = 0; } @@ -289,7 +290,8 @@ ZSTDPostEncode(TIFF* tif) } if( sp->out_buffer.pos > 0 ) { tif->tif_rawcc = sp->out_buffer.pos; - TIFFFlushData1(tif); + if (!TIFFFlushData1(tif)) + return 0; sp->out_buffer.dst = tif->tif_rawcp; sp->out_buffer.pos = 0; }