diff options
author | erouault <erouault> | 2016-12-20 17:28:17 +0000 |
---|---|---|
committer | erouault <erouault> | 2016-12-20 17:28:17 +0000 |
commit | e3778f9e07463063e720ccc2f3d817e3692a678c (patch) | |
tree | 86b0bafd9e9e65269b3c47652d2459300ab13349 | |
parent | 378e69b78fb12fd6bdfc329bb8fbebea307ef723 (diff) | |
download | libtiff-e3778f9e07463063e720ccc2f3d817e3692a678c.tar.gz |
* tools/tiff2pdf.c: avoid potential heap-based overflow in
t2p_readwrite_pdf_image_tile().
Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | tools/tiff2pdf.c | 4 |
2 files changed, 8 insertions, 2 deletions
@@ -1,5 +1,11 @@ 2016-12-20 Even Rouault <even.rouault at spatialys.com> + * tools/tiff2pdf.c: avoid potential heap-based overflow in + t2p_readwrite_pdf_image_tile(). + Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640 + +2016-12-20 Even Rouault <even.rouault at spatialys.com> + * tools/tiff2pdf.c: avoid potential invalid memory read in t2p_writeproc. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639 diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c index 5348f1a7..8e4e24ef 100644 --- a/tools/tiff2pdf.c +++ b/tools/tiff2pdf.c @@ -1,4 +1,4 @@ -/* $Id: tiff2pdf.c,v 1.100 2016-12-20 17:24:35 erouault Exp $ +/* $Id: tiff2pdf.c,v 1.101 2016-12-20 17:28:17 erouault Exp $ * * tiff2pdf - converts a TIFF image to a PDF document * @@ -2895,7 +2895,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P* t2p, TIFF* input, TIFF* output, ttile_ return(0); } if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { - if (count >= 4) { + if (count > 4) { int retTIFFReadRawTile; /* Ignore EOI marker of JpegTables */ _TIFFmemcpy(buffer, jpt, count - 2); |