You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39 lines
1.3 KiB
39 lines
1.3 KiB
From c7153361a4041260719b340f73f2f76b0969235c Mon Sep 17 00:00:00 2001
|
|
From: erouault <erouault>
|
|
Date: Tue, 20 Dec 2016 17:28:17 +0000
|
|
Subject: [PATCH] * tools/tiff2pdf.c: avoid potential heap-based overflow in
|
|
t2p_readwrite_pdf_image_tile(). Fixes
|
|
http://bugzilla.maptools.org/show_bug.cgi?id=2640
|
|
|
|
---
|
|
ChangeLog | 6 ++++++
|
|
tools/tiff2pdf.c | 2 +-
|
|
2 files changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/ChangeLog b/ChangeLog
|
|
index 6be3602..91ba4e6 100644
|
|
--- a/ChangeLog
|
|
+++ b/ChangeLog
|
|
@@ -1,3 +1,9 @@
|
|
+2016-12-20 Even Rouault <even.rouault at spatialys.com>
|
|
+
|
|
+ * tools/tiff2pdf.c: avoid potential heap-based overflow in
|
|
+ t2p_readwrite_pdf_image_tile().
|
|
+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640
|
|
+
|
|
2016-12-13 Even Rouault <even.rouault at spatialys.com>
|
|
|
|
* libtiff/tif_fax3.h: revert change done on 2016-01-09 that made
|
|
diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
|
|
index 47d7629..db196e0 100644
|
|
--- a/tools/tiff2pdf.c
|
|
+++ b/tools/tiff2pdf.c
|
|
@@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P
|
|
return(0);
|
|
}
|
|
if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
|
|
- if (count >= 4) {
|
|
+ if (count > 4) {
|
|
/* Ignore EOI marker of JpegTables */
|
|
_TIFFmemcpy(buffer, jpt, count - 2);
|
|
bufferoffset += count - 2;
|