Description: fix denial of service and possible code execution via crafted PPM image
Origin: backport, ppm2tiff.c,v 1.17
Index: tiff-3.9.5/tools/ppm2tiff.c
===================================================================
--- tiff-3.9.5.orig/tools/ppm2tiff.c 2012-11-14 11:38:04.607867919 -0500
+++ tiff-3.9.5/tools/ppm2tiff.c 2012-11-14 11:38:17.603868253 -0500
@@ -85,6 +85,7 @@
int c;
extern int optind;
extern char* optarg;
+ tsize_t scanline_size;
if (argc < 2) {
fprintf(stderr, "%s: Too few arguments\n", argv[0]);
@@ -233,8 +234,16 @@
}
if (TIFFScanlineSize(out) > linebytes)
buf = (unsigned char *)_TIFFmalloc(linebytes);
- else
- buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ else {
+ scanline_size = TIFFScanlineSize(out);
+ if (scanline_size != 0)
+ buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
+ else {
+ fprintf(stderr, "%s: scanline size overflow\n",infile);
+ (void) TIFFClose(out);
+ exit(-2);
+ }
+ }
if (resolution > 0) {
TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);
distrib
>
Mandriva
>
2011.0
>
i586
>
media
>
main-updates-src
>
by-pkgid
>
eb4a6afd7a0408b5a7715d5d49df8c4a
>
files
>
10
