Sophie: libtiff-3.9.4-4.fc13 src

libtiff-3.9.4-4.fc13.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

gif2tiff buffer overrun.  Filed upstream at
http://bugzilla.maptools.org/show_bug.cgi?id=2270

This appears not to be security critical: it's a read not a write
overrun, so the worst possible consequence is SIGSEGV, and even that
doesn't seem to happen on any popular architectures.


diff -Naur tiff-3.9.4.orig/tools/gif2tiff.c tiff-3.9.4/tools/gif2tiff.c
--- tiff-3.9.4.orig/tools/gif2tiff.c	2010-06-08 14:50:44.000000000 -0400
+++ tiff-3.9.4/tools/gif2tiff.c	2010-11-02 22:32:10.018264489 -0400
@@ -503,6 +503,10 @@
     strip = 0;
     stripsize = TIFFStripSize(tif);
     for (row=0; row<height; row += rowsperstrip) {
+	if (rowsperstrip > height-row) {
+	    rowsperstrip = height-row;
+	    stripsize = TIFFVStripSize(tif, rowsperstrip);
+	}
 	if (TIFFWriteEncodedStrip(tif, strip, newras+row*width, stripsize) < 0)
 	    break;
 	strip++;