(get_histogram): Quiet Coverity 1024386 "Out-of-bounds read".

This was a benign mis-diagnosis but added code to enforce against buffer overflow.
author: bfriesen <bfriesen> 2015-05-28 03:08:18 +0000
committer: bfriesen <bfriesen> 2015-05-28 03:08:18 +0000
commit: ef01883973d027e073f9c5b3fd48988b87e3f870 (patch)
tree: 4e1fc674b25095e942bec56c84f7fcd49d7d8667 /tools
parent: ae646fefaf65676aa5c98dcc148fffe1ef0d388d (diff)
download: libtiff-ef01883973d027e073f9c5b3fd48988b87e3f870.tar.gz
1 files changed, 10 insertions, 4 deletions
diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
index 2059a9e0..56eeb211 100644
--- a/tools/tiffmedian.c
+++ b/tools/tiffmedian.c
@@ -1,4 +1,4 @@
-/* $Id: tiffmedian.c,v 1.11 2015-05-28 02:25:11 bfriesen Exp $ */
+/* $Id: tiffmedian.c,v 1.12 2015-05-28 03:08:18 bfriesen Exp $ */
 
 /*
  * Apply median cut on an image.
@@ -371,9 +371,15 @@ get_histogram(TIFF* in, Colorbox* box)
 			break;
 		inptr = inputline;
 		for (j = imagewidth; j-- > 0;) {
-			red = *inptr++ >> COLOR_SHIFT;
-			green = *inptr++ >> COLOR_SHIFT;
-			blue = *inptr++ >> COLOR_SHIFT;
+			red = (*inptr++) & 0xff >> COLOR_SHIFT;
+			green = (*inptr++) & 0xff >> COLOR_SHIFT;
+			blue = (*inptr++) & 0xff >> COLOR_SHIFT;
+                        if ((red | green | blue) >= B_LEN) {
+                                fprintf(stderr,
+                                        "Logic error. "
+                                        "Histogram array overflow!\n");
+                                exit(-6);
+                        }
 			if (red < box->rmin)
 				box->rmin = red;
 		        if (red > box->rmax)
author	bfriesen <bfriesen>	2015-05-28 03:08:18 +0000
committer	bfriesen <bfriesen>	2015-05-28 03:08:18 +0000
commit	ef01883973d027e073f9c5b3fd48988b87e3f870 (patch)
tree	4e1fc674b25095e942bec56c84f7fcd49d7d8667 /tools
parent	ae646fefaf65676aa5c98dcc148fffe1ef0d388d (diff)
download	libtiff-ef01883973d027e073f9c5b3fd48988b87e3f870.tar.gz