|
|
- From c7153361a4041260719b340f73f2f76b0969235c Mon Sep 17 00:00:00 2001
- From: erouault <erouault>
- Date: Tue, 20 Dec 2016 17:28:17 +0000
- Subject: [PATCH] * tools/tiff2pdf.c: avoid potential heap-based overflow in
- t2p_readwrite_pdf_image_tile(). Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2640
-
- ---
- ChangeLog | 6 ++++++
- tools/tiff2pdf.c | 2 +-
- 2 files changed, 7 insertions(+), 1 deletion(-)
-
- diff --git a/ChangeLog b/ChangeLog
- index 6be3602..91ba4e6 100644
- --- a/ChangeLog
- +++ b/ChangeLog
- @@ -1,3 +1,9 @@
- +2016-12-20 Even Rouault <even.rouault at spatialys.com>
- +
- + * tools/tiff2pdf.c: avoid potential heap-based overflow in
- + t2p_readwrite_pdf_image_tile().
- + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640
- +
- 2016-12-13 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_fax3.h: revert change done on 2016-01-09 that made
- diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
- index 47d7629..db196e0 100644
- --- a/tools/tiff2pdf.c
- +++ b/tools/tiff2pdf.c
- @@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P
- return(0);
- }
- if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
- - if (count >= 4) {
- + if (count > 4) {
- /* Ignore EOI marker of JpegTables */
- _TIFFmemcpy(buffer, jpt, count - 2);
- bufferoffset += count - 2;
|
