In tiff2pdf.c, fail when TIFFSetDirectory() fails.

author: tgl <tgl> 2012-07-18 15:08:09 +0000
committer: tgl <tgl> 2012-07-18 15:08:09 +0000
commit: 10f4a9820106630a93ee1da2c5e099997ac5dbd1 (patch)
tree: 8ca6e711e3b486fddef10b266d7d426c3d304717
parent: 1736e6ff7da11902c1d22b5b48a65356989b1d79 (diff)
download: libtiff-10f4a9820106630a93ee1da2c5e099997ac5dbd1.tar.gz
2 files changed, 8 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index de90dac3..0fc67737 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-07-18  Tom Lane  <tgl@sss.pgh.pa.us>
+
+	* tools/tiff2pdf.c: Fail when TIFFSetDirectory() fails.  This
+	prevents core dumps or perhaps even arbitrary code execution when
+	processing a corrupt input file (CVE-2012-3401).
+
 2012-06-15  Tom Lane  <tgl@sss.pgh.pa.us>
 
 	* libtiff/tif_strip.c, libtiff/tif_tile.c: Back-patch the 4.0
diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
index 1c923477..e2afe103 100644
--- a/tools/tiff2pdf.c
+++ b/tools/tiff2pdf.c
@@ -1,4 +1,4 @@
-/* $Id: tiff2pdf.c,v 1.37.2.20 2012-06-15 21:45:04 tgl Exp $
+/* $Id: tiff2pdf.c,v 1.37.2.21 2012-07-18 15:08:09 tgl Exp $
  *
  * tiff2pdf - converts a TIFF image to a PDF document
  *
@@ -1063,6 +1063,7 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
 				"Can't set directory %u of input file %s", 
 				i,
 				TIFFFileName(input));
+			t2p->t2p_error = T2P_ERR_ERROR;
 			return;
 		}
 		if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){
author	tgl <tgl>	2012-07-18 15:08:09 +0000
committer	tgl <tgl>	2012-07-18 15:08:09 +0000
commit	10f4a9820106630a93ee1da2c5e099997ac5dbd1 (patch)
tree	8ca6e711e3b486fddef10b266d7d426c3d304717
parent	1736e6ff7da11902c1d22b5b48a65356989b1d79 (diff)
download	libtiff-10f4a9820106630a93ee1da2c5e099997ac5dbd1.tar.gz