1
From 5ef99cbffd5d5042fbd11f5e36d1b602e58c578d Mon Sep 17 00:00:00 2001
2
From: erouault <erouault>
3
Date: Sun, 7 Dec 2014 22:33:06 +0000
4
Subject: [PATCH] tools/thumbnail.c, tools/tiffcrop.c: fix heap read over-run
5
found with Valgrind and Address Sanitizer on test suite
9
tools/thumbnail.c | 7 ++++++-
10
tools/tiffcrop.c | 9 +++++++--
11
3 files changed, 18 insertions(+), 3 deletions(-)
13
Index: tiff-3.9.5/tools/thumbnail.c
14
===================================================================
15
--- tiff-3.9.5.orig/tools/thumbnail.c 2015-03-30 08:08:08.420065812 -0400
16
+++ tiff-3.9.5/tools/thumbnail.c 2015-03-30 08:08:08.416065777 -0400
18
rowsize = TIFFScanlineSize(in);
19
rastersize = sh * rowsize;
20
fprintf(stderr, "rastersize=%u\n", (unsigned int)rastersize);
21
- raster = (unsigned char*)_TIFFmalloc(rastersize);
22
+ /* +3 : add a few guard bytes since setrow() can read a bit */
23
+ /* outside buffer */
24
+ raster = (unsigned char*)_TIFFmalloc(rastersize+3);
26
TIFFError(TIFFFileName(in),
27
"Can't allocate space for raster buffer.");
30
+ raster[rastersize] = 0;
31
+ raster[rastersize+1] = 0;
32
+ raster[rastersize+2] = 0;
34
for (s = 0; s < ns; s++) {
35
(void) TIFFReadEncodedStrip(in, s, rp, -1);
36
Index: tiff-3.9.5/tools/tiffcrop.c
37
===================================================================
38
--- tiff-3.9.5.orig/tools/tiffcrop.c 2015-03-30 08:08:08.420065812 -0400
39
+++ tiff-3.9.5/tools/tiffcrop.c 2015-03-30 08:08:08.420065812 -0400
40
@@ -5996,8 +5996,10 @@
43
read_buff = *read_ptr;
44
+ /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit */
45
+ /* outside buffer */
47
- read_buff = (unsigned char *)_TIFFmalloc(buffsize);
48
+ read_buff = (unsigned char *)_TIFFmalloc(buffsize+3);
51
if (prev_readsize < buffsize)
52
@@ -6006,12 +6008,15 @@
56
- read_buff = (unsigned char *)_TIFFmalloc(buffsize);
57
+ read_buff = (unsigned char *)_TIFFmalloc(buffsize+3);
63
+ read_buff[buffsize] = 0;
64
+ read_buff[buffsize+1] = 0;
65
+ read_buff[buffsize+2] = 0;