diff options
author | Even Rouault <even.rouault@spatialys.com> | 2017-07-04 13:27:45 +0000 |
---|---|---|
committer | Even Rouault <even.rouault@spatialys.com> | 2017-07-04 13:27:45 +0000 |
commit | c2be1447d92307b29b6c800b9bdf3a495dfa349a (patch) | |
tree | 6c2c882c40e94e2ded58a7b3cce3d0f41d213ed6 | |
parent | 733109e5100a701d472e1ad67b35f185b2d1d617 (diff) | |
download | libtiff-git-c2be1447d92307b29b6c800b9bdf3a495dfa349a.tar.gz |
* libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedTileAndAllocBuffer()
and _TIFFReadTileAndAllocBuffer() variants of TIFFReadEncodedTile() and
TIFFReadTile() that allocates the decoded buffer only after a first
successful TIFFFillTile(). This avoids excessive memory allocation
on corrupted files.
* libtiff/tif_getimage.c: use _TIFFReadTileAndAllocBuffer().
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2470
Credit to OSS Fuzz.
-rw-r--r-- | ChangeLog | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -1,5 +1,16 @@ 2017-07-04 Even Rouault <even.rouault at spatialys.com> + * libtiff/tif_read.c, tiffiop.h: add a _TIFFReadEncodedTileAndAllocBuffer() + and _TIFFReadTileAndAllocBuffer() variants of TIFFReadEncodedTile() and + TIFFReadTile() that allocates the decoded buffer only after a first + successful TIFFFillTile(). This avoids excessive memory allocation + on corrupted files. + * libtiff/tif_getimage.c: use _TIFFReadTileAndAllocBuffer(). + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2470 + Credit to OSS Fuzz. + +2017-07-04 Even Rouault <even.rouault at spatialys.com> + * libtiff/tif_error.c, tif_warning.c: correctly use va_list when both an old-style and new-style warning/error handlers are installed. Patch by Paavo Helde (sent on the mailing list) |