Sophie: ocaml-camlimages-3.0.2-1mdv2010.1 src

ocaml-camlimages-3.0.2-1mdv2010.1.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

--- camlimages-3.0.1.old/src/tiffread.c	2007-01-18 10:29:57.000000000 +0000
+++ camlimages-3.0.1/src/tiffread.c	2009-10-16 10:26:53.841258260 +0100
@@ -21,6 +21,13 @@
 #include <caml/memory.h>
 #include <caml/fail.h>
 
+#include <limits.h>
+#define oversized(x, y) \
+  ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
+
+#define failwith_oversized(lib) \
+  failwith("#lib error: image contains oversized or bogus width and height");
+
 /* These are defined in caml/config.h */
 #define int16 int16tiff
 #define uint16 uint16tiff
@@ -64,6 +71,10 @@
     TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
     TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric);
 
+    if (oversized (imagewidth, imagelength)) {
+      failwith_oversized("tiff");
+    }
+
     if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){
       if( imagebits != 8 ){
 	failwith("Sorry, tiff rgb file must be 24bit-color");