|
|
- From 69bfeec247899776b1b396651adb47436e5f1556 Mon Sep 17 00:00:00 2001
- From: Even Rouault <even.rouault@spatialys.com>
- Date: Sat, 15 Jul 2017 11:13:46 +0000
- Subject: [PATCH] * tools/tiff2pdf.c: prevent heap buffer overflow write in
- "Raw" mode on PlanarConfig=Contig input images. Fixes
- http://bugzilla.maptools.org/show_bug.cgi?id=2715 Reported by team OWL337
-
- ---
- ChangeLog | 7 +++++++
- tools/tiff2pdf.c | 7 ++++++-
- 2 files changed, 13 insertions(+), 1 deletion(-)
-
- diff --git a/ChangeLog b/ChangeLog
- index b4771234..1b5490f3 100644
- --- a/ChangeLog
- +++ b/ChangeLog
- @@ -1,3 +1,10 @@
- +2017-07-15 Even Rouault <even.rouault at spatialys.com>
- +
- + * tools/tiff2pdf.c: prevent heap buffer overflow write in "Raw"
- + mode on PlanarConfig=Contig input images.
- + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2715
- + Reported by team OWL337
- +
- 2017-07-11 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_lzw.c: fix 4.0.8 regression in the decoding of old-style LZW
- diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
- index db196e04..cd1e2358 100644
- --- a/tools/tiff2pdf.c
- +++ b/tools/tiff2pdf.c
- @@ -1737,7 +1737,12 @@ void t2p_read_tiff_data(T2P* t2p, TIFF* input){
- return;
-
- t2p->pdf_transcode = T2P_TRANSCODE_ENCODE;
- - if(t2p->pdf_nopassthrough==0){
- + /* It seems that T2P_TRANSCODE_RAW mode doesn't support separate->contig */
- + /* conversion. At least t2p_read_tiff_size and t2p_read_tiff_size_tile */
- + /* do not take into account the number of samples, and thus */
- + /* that can cause heap buffer overflows such as in */
- + /* http://bugzilla.maptools.org/show_bug.cgi?id=2715 */
- + if(t2p->pdf_nopassthrough==0 && t2p->tiff_planar!=PLANARCONFIG_SEPARATE){
- #ifdef CCITT_SUPPORT
- if(t2p->tiff_compression==COMPRESSION_CCITTFAX4
- ){
|
