diff options
| author | fwarmerdam <fwarmerdam> | 2010-06-13 19:18:41 +0000 |
|---|---|---|
| committer | fwarmerdam <fwarmerdam> | 2010-06-13 19:18:41 +0000 |
| commit | 069f5e424826920d4d831ad8bcfc2df706c03d1e (patch) | |
| tree | 883c5873b2bef4e39bdcc82270a7caf5c6ea3a4a | |
| parent | bd1a6b571f2ead4f28c1e294afcb58a47a734437 (diff) | |
| download | libtiff-069f5e424826920d4d831ad8bcfc2df706c03d1e.tar.gz | |
various fixes for tiff2pdf (#2211)
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | tools/tiff2pdf.c | 17 |
2 files changed, 18 insertions, 8 deletions
@@ -1,3 +1,12 @@ +2010-06-13 Frank Warmerdam <warmerdam@pobox.com> + + * tiff2pdf.c: Fix assorted bugs in tiff2pdf: missing "return" + in t2p_read_tiff_size() causes t2p->tiff_datasize to be set entirely + wrong for COMPRESSION_JPEG case, resulting in memory stomp if actual + size is larger. Also, there are a bunch of places that try to + memset() a malloc'd buffer before checking for malloc failure, which + would result in core dump if there actually were a failure. (#2211) + 2010-06-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> * tools/tiff2rgba.c: Applied portion of patch (from Tom Lane) diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c index 80d8c77e..b1886c6d 100644 --- a/tools/tiff2pdf.c +++ b/tools/tiff2pdf.c @@ -1,4 +1,4 @@ -/* $Id: tiff2pdf.c,v 1.37.2.9 2010-06-08 18:50:44 bfriesen Exp $ +/* $Id: tiff2pdf.c,v 1.37.2.10 2010-06-13 19:18:41 fwarmerdam Exp $ * * tiff2pdf - converts a TIFF image to a PDF document * @@ -1913,6 +1913,7 @@ void t2p_read_tiff_size(T2P* t2p, TIFF* input){ t2p->tiff_datasize -=4; /* don't use SOI or EOI of strip */ } t2p->tiff_datasize +=2; /* use EOI of last strip */ + return; } #endif (void) 0; @@ -2100,7 +2101,6 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ if (t2p->pdf_compression == T2P_COMPRESS_ZIP) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); - memset(buffer, 0, t2p->tiff_datasize); if(buffer == NULL){ TIFFError(TIFF2PDF_MODULE, "Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s", @@ -2109,6 +2109,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ t2p->t2p_error = T2P_ERR_ERROR; return(0); } + memset(buffer, 0, t2p->tiff_datasize); TIFFReadRawStrip(input, 0, (tdata_t) buffer, t2p->tiff_datasize); if (t2p->tiff_fillorder==FILLORDER_LSB2MSB) { @@ -2127,7 +2128,6 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ if(t2p->tiff_dataoffset != 0) { buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); - memset(buffer, 0, t2p->tiff_datasize); if(buffer == NULL) { TIFFError(TIFF2PDF_MODULE, "Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s", @@ -2136,6 +2136,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ t2p->t2p_error = T2P_ERR_ERROR; return(0); } + memset(buffer, 0, t2p->tiff_datasize); if(t2p->pdf_ojpegiflength==0){ inputoffset=t2pSeekFile(input, 0, SEEK_CUR); @@ -2203,7 +2204,6 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); - memset(buffer, 0, t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, "Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s", @@ -2212,6 +2212,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ t2p->t2p_error = T2P_ERR_ERROR; return(0); } + memset(buffer, 0, t2p->tiff_datasize); _TIFFmemcpy(buffer, t2p->pdf_ojpegdata, t2p->pdf_ojpegdatalength); bufferoffset=t2p->pdf_ojpegdatalength; stripcount=TIFFNumberOfStrips(input); @@ -2246,7 +2247,6 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ uint32 count = 0; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); - memset(buffer, 0, t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, "Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s", @@ -2255,6 +2255,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ t2p->t2p_error = T2P_ERR_ERROR; return(0); } + memset(buffer, 0, t2p->tiff_datasize); if (TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) { if(count > 4) { _TIFFmemcpy(buffer, jpt, count); @@ -2308,7 +2309,6 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ if(t2p->pdf_sample==T2P_SAMPLE_NOTHING){ buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); - memset(buffer, 0, t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, "Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s", @@ -2317,6 +2317,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ t2p->t2p_error = T2P_ERR_ERROR; return(0); } + memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;i<stripcount;i++){ @@ -2346,7 +2347,6 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ stripcount=sepstripcount/t2p->tiff_samplesperpixel; buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); - memset(buffer, 0, t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, "Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s", @@ -2355,6 +2355,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ t2p->t2p_error = T2P_ERR_ERROR; return(0); } + memset(buffer, 0, t2p->tiff_datasize); samplebuffer = (unsigned char*) _TIFFmalloc(stripsize); if(samplebuffer==NULL){ TIFFError(TIFF2PDF_MODULE, @@ -2395,7 +2396,6 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ } buffer = (unsigned char*) _TIFFmalloc(t2p->tiff_datasize); - memset(buffer, 0, t2p->tiff_datasize); if(buffer==NULL){ TIFFError(TIFF2PDF_MODULE, "Can't allocate %u bytes of memory for t2p_readwrite_pdf_image, %s", @@ -2404,6 +2404,7 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){ t2p->t2p_error = T2P_ERR_ERROR; return(0); } + memset(buffer, 0, t2p->tiff_datasize); stripsize=TIFFStripSize(input); stripcount=TIFFNumberOfStrips(input); for(i=0;i<stripcount;i++){ |