Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
tiff.31772
tiff-CVE-2017-17095.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tiff-CVE-2017-17095.patch of Package tiff.31772
Index: tiff-4.0.9/tools/pal2rgb.c =================================================================== --- tiff-4.0.9.orig/tools/pal2rgb.c +++ tiff-4.0.9/tools/pal2rgb.c @@ -189,8 +189,22 @@ main(int argc, char* argv[]) { unsigned char *ibuf, *obuf; register unsigned char* pp; register uint32 x; - ibuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(in)); - obuf = (unsigned char*)_TIFFmalloc(TIFFScanlineSize(out)); + tmsize_t tss_in = TIFFScanlineSize(in); + tmsize_t tss_out = TIFFScanlineSize(out); + if (tss_out / tss_in < 3) { + /* + * * BUG 2750: The following code does not know about chroma + * * subsampling of JPEG data. It assumes that the output buffer is 3x + * * the length of the input buffer due to exploding the palette into + * * RGB tuples. If this assumption is incorrect, it could lead to a + * * buffer overflow. Go ahead and fail now to prevent that. + * */ + fprintf(stderr, "Could not determine correct image size for output. Exiting.\n"); + return -1; + } + ibuf = (unsigned char*)_TIFFmalloc(tss_in); + obuf = (unsigned char*)_TIFFmalloc(tss_out); + switch (config) { case PLANARCONFIG_CONTIG: for (row = 0; row < imagelength; row++) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor