From 853e72d58e2c202a6bc2a25eefb6eae9cb273538 Mon Sep 17 00:00:00 2001 From: erouault Date: Mon, 23 Oct 2017 11:34:26 +0000 Subject: * libtiff/tif_getimage.c: avoid floating point division by zero in initCIELabConversion() Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3733 Credit to OSS Fuzz --- ChangeLog | 7 +++++++ libtiff/tif_getimage.c | 10 ++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 02873f2b..797b2317 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +2017-10-23 Even Rouault + + * libtiff/tif_getimage.c: avoid floating point division by zero in + initCIELabConversion() + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3733 + Credit to OSS Fuzz + 2017-10-17 Even Rouault * libtiff/tif_jpeg.c: add compatibility with libjpeg-turbo 1.5.2 that diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c index c51c8894..032d2781 100644 --- a/libtiff/tif_getimage.c +++ b/libtiff/tif_getimage.c @@ -1,4 +1,4 @@ -/* $Id: tif_getimage.c,v 1.112 2017-07-24 10:34:14 erouault Exp $ */ +/* $Id: tif_getimage.c,v 1.113 2017-10-23 11:34:26 erouault Exp $ */ /* * Copyright (c) 1991-1997 Sam Leffler @@ -2332,6 +2332,13 @@ initCIELabConversion(TIFFRGBAImage* img) float *whitePoint; float refWhite[3]; + TIFFGetFieldDefaulted(img->tif, TIFFTAG_WHITEPOINT, &whitePoint); + if (whitePoint[1] == 0.0f ) { + TIFFErrorExt(img->tif->tif_clientdata, module, + "Invalid value for WhitePoint tag."); + return NULL; + } + if (!img->cielab) { img->cielab = (TIFFCIELabToRGB *) _TIFFmalloc(sizeof(TIFFCIELabToRGB)); @@ -2342,7 +2349,6 @@ initCIELabConversion(TIFFRGBAImage* img) } } - TIFFGetFieldDefaulted(img->tif, TIFFTAG_WHITEPOINT, &whitePoint); refWhite[1] = 100.0F; refWhite[0] = whitePoint[0] / whitePoint[1] * refWhite[1]; refWhite[2] = (1.0F - whitePoint[0] - whitePoint[1]) -- cgit v1.2.1