diff options
| author | fwarmerdam <fwarmerdam> | 2012-05-24 01:03:37 +0000 |
|---|---|---|
| committer | fwarmerdam <fwarmerdam> | 2012-05-24 01:03:37 +0000 |
| commit | 03db4cee9b536d5c3bb0e212b58707ff2f5b4f41 (patch) | |
| tree | 91ee644ed5e6d0a7429163254c4b2f9092bf4fd7 | |
| parent | bbace66e792dbafd865aefc2371e405ec0479499 (diff) | |
| download | libtiff-03db4cee9b536d5c3bb0e212b58707ff2f5b4f41.tar.gz | |
avoid one byte past end of ink names reading in some cases
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | libtiff/tif_dir.c | 12 |
2 files changed, 13 insertions, 4 deletions
@@ -1,3 +1,8 @@ +2012-05-23 Frank Warmerdam <warmerdam@google.com> + + * libtiff/tif_dir.c: avoid one byte past end of ink names reading + in some cases. + 2012-05-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> * man/TIFFGetField.3tiff: Correct the 'count' field type in the diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c index 401a080e..7c85f6c3 100644 --- a/libtiff/tif_dir.c +++ b/libtiff/tif_dir.c @@ -1,4 +1,4 @@ -/* $Id: tif_dir.c,v 1.108 2012-02-01 01:51:00 fwarmerdam Exp $ */ +/* $Id: tif_dir.c,v 1.109 2012-05-24 01:03:37 fwarmerdam Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -122,6 +122,10 @@ setExtraSamples(TIFFDirectory* td, va_list ap, uint32* v) #undef EXTRASAMPLE_COREL_UNASSALPHA } +/* + * Confirm we have "samplesperpixel" ink names separated by \0. Returns + * zero if the ink names are not as expected. + */ static uint32 checkInkNamesString(TIFF* tif, uint32 slen, const char* s) { @@ -132,9 +136,9 @@ checkInkNamesString(TIFF* tif, uint32 slen, const char* s) const char* ep = s+slen; const char* cp = s; for (; i > 0; i--) { - for (; *cp != '\0'; cp++) - if (cp >= ep) - goto bad; + for (; cp < ep && *cp != '\0'; cp++) {} + if (cp >= ep) + goto bad; cp++; /* skip \0 */ } return ((uint32)(cp-s)); |