summary refs log tree commit diff
path: root/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
blob: d3f1c2b60ed58da79230e6cb0eaad498f93e581e (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer():

http://bugzilla.maptools.org/show_bug.cgi?id=2597
http://bugzilla.maptools.org/show_bug.cgi?id=2607

2016-12-03 Even Rouault <even.rouault at spatialys.com>

        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
tag is
        missing.
        Reported by Agostino sarubbo.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597

/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1183; previous revision: 1.1182
/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
new revision: 1.57; previous revision: 1.56

Index: libtiff/tools/tiffcp.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
+++ libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
@@ -1,4 +1,4 @@
-/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
+/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -1378,7 +1378,7 @@
 	uint8* bufp = (uint8*) buf;
 	uint32 tw, tl;
 	uint32 row;
-	uint16 bps, bytes_per_sample;
+	uint16 bps = 0, bytes_per_sample;
 
 	tilebuf = _TIFFmalloc(tilesize);
 	if (tilebuf == 0)
@@ -1387,6 +1387,12 @@
 	(void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw);
 	(void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
 	(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
+        if( bps == 0 )
+        {
+            TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample");
+            status = 0;
+            goto done;
+        }
 	assert( bps % 8 == 0 );
 	bytes_per_sample = bps/8;

2016-12-03 Even Rouault <even.rouault at spatialys.com>

        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
tag is
        missing.
        Reported by Agostino Sarubbo.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607


/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1186; previous revision: 1.1185
/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
new revision: 1.58; previous revision: 1.57
 
Index: libtiff/tools/tiffcp.c
===================================================================
RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
+++ libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
@@ -1,4 +1,4 @@
-/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
+/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -1569,7 +1569,7 @@
 	uint8* bufp = (uint8*) buf;
 	uint32 tl, tw;
 	uint32 row;
-	uint16 bps, bytes_per_sample;
+	uint16 bps = 0, bytes_per_sample;
 
 	obuf = _TIFFmalloc(TIFFTileSize(out));
 	if (obuf == NULL)
@@ -1578,6 +1578,12 @@
 	(void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
 	(void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
 	(void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
+        if( bps == 0 )
+        {
+            TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
+            _TIFFfree(obuf);
+            return 0;
+        }
 	assert( bps % 8 == 0 );
 	bytes_per_sample = bps/8;