← Back to branch summary

~ubuntu-branches/ubuntu/precise/tiff/precise-security

« back to all changes in this revision

Viewing changes to tools/bmp2tiff.c

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-03-30 08:11:18 UTC
  • Revision ID: package-import@ubuntu.com-20150330081118-bvaoaii1act27voq
Tags: 3.9.5-2ubuntu1.7
* SECURITY UPDATE: Fix multiple security issues
  - debian/patches/CVE-2014-81xx-1.patch to CVE-2014-81xx-11.patch
  - debian/patches/CVE-2014-8128-5.patch
  - debian/patches/CVE-2014-9655-1.patch to CVE-2014-9655-3.patch
  - debian/patches/read_overrun.patch
  - debian/patches/CVE-2014-8130.patch
  - CVE-2014-8127 (partially)
  - CVE-2014-8128
  - CVE-2014-8129
  - CVE-2014-8130
  - CVE-2014-9330
  - CVE-2014-9655

Show diffs side-by-side

added added

removed removed

Lines of Context:
tools/bmp2tiff.c
399
399
 
400
400
                width = info_hdr.iWidth;
401
401
                length = (info_hdr.iHeight > 0) ? info_hdr.iHeight : -info_hdr.iHeight;
 
402
        if( width <= 0 || length <= 0 )
 
403
        {
 
404
            TIFFError(infilename,
 
405
                  "Invalid dimensions of BMP file" );
 
406
            close(fd);
 
407
            return -1;
 
408
        }
402
409
 
403
410
                switch (info_hdr.iBitCount)
404
411
                {
589
596
 
590
597
                        compr_size = file_hdr.iSize - file_hdr.iOffBits;
591
598
                        uncompr_size = width * length;
 
599
            /* Detect int overflow */
 
600
            if( uncompr_size / width != length )
 
601
            {
 
602
                TIFFError(infilename,
 
603
                    "Invalid dimensions of BMP file" );
 
604
                close(fd);
 
605
                return -1;
 
606
            }
592
607
                        comprbuf = (unsigned char *) _TIFFmalloc( compr_size );
593
608
                        if (!comprbuf) {
594
609
                                TIFFError(infilename,