~ubuntu-branches/ubuntu/vivid/tiff/vivid-proposed
» Revision
34
: debian/patches/CVE-2013-1961.patch
« back to all changes in this revision
Viewing changes to debian/patches/CVE-2013-1961.patch
- browse files at revision 34
- compare with another revision
- download diff
- download tarball
- view history from revision 34
- Committer: Package Import Robot
- Author(s): Michael Gilbert
- Date: 2013-06-17 01:27:17 UTC
- Revision ID: package-import@ubuntu.com-20130617012717-s4yksbuv0ri97x5g
Tags: 4.0.2-6+nmu1
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
(closes: #706675).
* Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
(closes: #706674).
* Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
(closes: #706675).
* Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
(closes: #706674).
- files added:
- .pc/CVE-2013-1960.patch
- .pc/CVE-2013-1960.patch/tools
- .pc/CVE-2013-1961.patch
- .pc/CVE-2013-1961.patch/contrib
- .pc/CVE-2013-1961.patch/contrib/dbs
- .pc/CVE-2013-1961.patch/contrib/dbs/xtiff
- .pc/CVE-2013-1961.patch/libtiff
- .pc/CVE-2013-1961.patch/tools
- files modified:
- .pc/applied-patches
added
removed
debian/patches/CVE-2013-1961.patch
1
--- tiff-4.0.2.orig/contrib/dbs/xtiff/xtiff.c
2
+++ tiff-4.0.2/contrib/dbs/xtiff/xtiff.c
3
@@ -512,9 +512,9 @@ SetNameLabel()
4
Arg args[1];
5
6
if (tfMultiPage)
7
- sprintf(buffer, "%s - page %d", fileName, tfDirectory);
8
+ snprintf(buffer, sizeof(buffer), "%s - page %d", fileName, tfDirectory);
9
else
10
- strcpy(buffer, fileName);
11
+ snprintf(buffer, sizeof(buffer), "%s", fileName);
12
XtSetArg(args[0], XtNlabel, buffer);
13
XtSetValues(labelWidget, args, 1);
14
}
15
--- tiff-4.0.2.orig/libtiff/tif_dirinfo.c
16
+++ tiff-4.0.2/libtiff/tif_dirinfo.c
17
@@ -661,7 +661,7 @@ _TIFFCreateAnonField(TIFF *tif, uint32 t
18
* note that this name is a special sign to TIFFClose() and
19
* _TIFFSetupFields() to free the field
20
*/
21
- sprintf(fld->field_name, "Tag %d", (int) tag);
22
+ snprintf(fld->field_name, 32, "Tag %d", (int) tag);
23
24
return fld;
25
}
26
--- tiff-4.0.2.orig/libtiff/tif_codec.c
27
+++ tiff-4.0.2/libtiff/tif_codec.c
28
@@ -108,7 +108,8 @@ _notConfigured(TIFF* tif)
29
const TIFFCodec* c = TIFFFindCODEC(tif->tif_dir.td_compression);
30
char compression_code[20];
31
32
- sprintf( compression_code, "%d", tif->tif_dir.td_compression );
33
+ snprintf(compression_code, sizeof(compression_code), "%d",
34
+ tif->tif_dir.td_compression );
35
TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
36
"%s compression support is not configured",
37
c ? c->name : compression_code );
38
--- tiff-4.0.2.orig/tools/tiffdither.c
39
+++ tiff-4.0.2/tools/tiffdither.c
40
@@ -260,7 +260,7 @@ main(int argc, char* argv[])
41
TIFFSetField(out, TIFFTAG_FILLORDER, fillorder);
42
else
43
CopyField(TIFFTAG_FILLORDER, shortv);
44
- sprintf(thing, "Dithered B&W version of %s", argv[optind]);
45
+ snprintf(thing, sizeof(thing), "Dithered B&W version of %s", argv[optind]);
46
TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
47
CopyField(TIFFTAG_PHOTOMETRIC, shortv);
48
CopyField(TIFFTAG_ORIENTATION, shortv);
49
--- tiff-4.0.2.orig/tools/rgb2ycbcr.c
50
+++ tiff-4.0.2/tools/rgb2ycbcr.c
51
@@ -332,7 +332,8 @@ tiffcvt(TIFF* in, TIFF* out)
52
TIFFSetField(out, TIFFTAG_PLANARCONFIG, PLANARCONFIG_CONTIG);
53
{ char buf[2048];
54
char *cp = strrchr(TIFFFileName(in), '/');
55
- sprintf(buf, "YCbCr conversion of %s", cp ? cp+1 : TIFFFileName(in));
56
+ snprintf(buf, sizeof(buf), "YCbCr conversion of %s",
57
+ cp ? cp+1 : TIFFFileName(in));
58
TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, buf);
59
}
60
TIFFSetField(out, TIFFTAG_SOFTWARE, TIFFGetVersion());
61
--- tiff-4.0.2.orig/tools/tiff2pdf.c
62
+++ tiff-4.0.2/tools/tiff2pdf.c
63
@@ -3629,7 +3629,9 @@ tsize_t t2p_write_pdf_header(T2P* t2p, T
64
char buffer[16];
65
int buflen=0;
66
67
- buflen=sprintf(buffer, "%%PDF-%u.%u ", t2p->pdf_majorversion&0xff, t2p->pdf_minorversion&0xff);
68
+ buflen = snprintf(buffer, sizeof(buffer), "%%PDF-%u.%u ",
69
+ t2p->pdf_majorversion&0xff,
70
+ t2p->pdf_minorversion&0xff);
71
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
72
written += t2pWriteFile(output, (tdata_t)"\n%\342\343\317\323\n", 7);
73
74
@@ -3643,10 +3645,10 @@ tsize_t t2p_write_pdf_header(T2P* t2p, T
75
tsize_t t2p_write_pdf_obj_start(uint32 number, TIFF* output){
76
77
tsize_t written=0;
78
- char buffer[16];
79
+ char buffer[32];
80
int buflen=0;
81
82
- buflen=sprintf(buffer, "%lu", (unsigned long)number);
83
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number);
84
written += t2pWriteFile(output, (tdata_t) buffer, buflen );
85
written += t2pWriteFile(output, (tdata_t) " 0 obj\n", 7);
86
87
@@ -3685,13 +3687,13 @@ tsize_t t2p_write_pdf_name(unsigned char
88
written += t2pWriteFile(output, (tdata_t) "/", 1);
89
for (i=0;i<namelen;i++){
90
if ( ((unsigned char)name[i]) < 0x21){
91
- sprintf(buffer, "#%.2X", name[i]);
92
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
93
buffer[sizeof(buffer) - 1] = '\0';
94
written += t2pWriteFile(output, (tdata_t) buffer, 3);
95
nextchar=1;
96
}
97
if ( ((unsigned char)name[i]) > 0x7E){
98
- sprintf(buffer, "#%.2X", name[i]);
99
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
100
buffer[sizeof(buffer) - 1] = '\0';
101
written += t2pWriteFile(output, (tdata_t) buffer, 3);
102
nextchar=1;
103
@@ -3699,57 +3701,57 @@ tsize_t t2p_write_pdf_name(unsigned char
104
if (nextchar==0){
105
switch (name[i]){
106
case 0x23:
107
- sprintf(buffer, "#%.2X", name[i]);
108
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
109
buffer[sizeof(buffer) - 1] = '\0';
110
written += t2pWriteFile(output, (tdata_t) buffer, 3);
111
break;
112
case 0x25:
113
- sprintf(buffer, "#%.2X", name[i]);
114
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
115
buffer[sizeof(buffer) - 1] = '\0';
116
written += t2pWriteFile(output, (tdata_t) buffer, 3);
117
break;
118
case 0x28:
119
- sprintf(buffer, "#%.2X", name[i]);
120
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
121
buffer[sizeof(buffer) - 1] = '\0';
122
written += t2pWriteFile(output, (tdata_t) buffer, 3);
123
break;
124
case 0x29:
125
- sprintf(buffer, "#%.2X", name[i]);
126
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
127
buffer[sizeof(buffer) - 1] = '\0';
128
written += t2pWriteFile(output, (tdata_t) buffer, 3);
129
break;
130
case 0x2F:
131
- sprintf(buffer, "#%.2X", name[i]);
132
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
133
buffer[sizeof(buffer) - 1] = '\0';
134
written += t2pWriteFile(output, (tdata_t) buffer, 3);
135
break;
136
case 0x3C:
137
- sprintf(buffer, "#%.2X", name[i]);
138
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
139
buffer[sizeof(buffer) - 1] = '\0';
140
written += t2pWriteFile(output, (tdata_t) buffer, 3);
141
break;
142
case 0x3E:
143
- sprintf(buffer, "#%.2X", name[i]);
144
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
145
buffer[sizeof(buffer) - 1] = '\0';
146
written += t2pWriteFile(output, (tdata_t) buffer, 3);
147
break;
148
case 0x5B:
149
- sprintf(buffer, "#%.2X", name[i]);
150
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
151
buffer[sizeof(buffer) - 1] = '\0';
152
written += t2pWriteFile(output, (tdata_t) buffer, 3);
153
break;
154
case 0x5D:
155
- sprintf(buffer, "#%.2X", name[i]);
156
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
157
buffer[sizeof(buffer) - 1] = '\0';
158
written += t2pWriteFile(output, (tdata_t) buffer, 3);
159
break;
160
case 0x7B:
161
- sprintf(buffer, "#%.2X", name[i]);
162
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
163
buffer[sizeof(buffer) - 1] = '\0';
164
written += t2pWriteFile(output, (tdata_t) buffer, 3);
165
break;
166
case 0x7D:
167
- sprintf(buffer, "#%.2X", name[i]);
168
+ snprintf(buffer, sizeof(buffer), "#%.2X", name[i]);
169
buffer[sizeof(buffer) - 1] = '\0';
170
written += t2pWriteFile(output, (tdata_t) buffer, 3);
171
break;
172
@@ -3864,14 +3866,14 @@ tsize_t t2p_write_pdf_stream_end(TIFF* o
173
tsize_t t2p_write_pdf_stream_dict(tsize_t len, uint32 number, TIFF* output){
174
175
tsize_t written=0;
176
- char buffer[16];
177
+ char buffer[32];
178
int buflen=0;
179
180
written += t2pWriteFile(output, (tdata_t) "/Length ", 8);
181
if(len!=0){
182
written += t2p_write_pdf_stream_length(len, output);
183
} else {
184
- buflen=sprintf(buffer, "%lu", (unsigned long)number);
185
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)number);
186
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
187
written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
188
}
189
@@ -3912,10 +3914,10 @@ tsize_t t2p_write_pdf_stream_dict_end(TI
190
tsize_t t2p_write_pdf_stream_length(tsize_t len, TIFF* output){
191
192
tsize_t written=0;
193
- char buffer[16];
194
+ char buffer[32];
195
int buflen=0;
196
197
- buflen=sprintf(buffer, "%lu", (unsigned long)len);
198
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)len);
199
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
200
written += t2pWriteFile(output, (tdata_t) "\n", 1);
201
202
@@ -3929,7 +3931,7 @@ tsize_t t2p_write_pdf_stream_length(tsiz
203
tsize_t t2p_write_pdf_catalog(T2P* t2p, TIFF* output)
204
{
205
tsize_t written = 0;
206
- char buffer[16];
207
+ char buffer[32];
208
int buflen = 0;
209
210
written += t2pWriteFile(output,
211
@@ -3968,7 +3970,6 @@ tsize_t t2p_write_pdf_info(T2P* t2p, TIF
212
written += t2p_write_pdf_string(t2p->pdf_datetime, output);
213
}
214
written += t2pWriteFile(output, (tdata_t) "\n/Producer ", 11);
215
- _TIFFmemset((tdata_t)buffer, 0x00, sizeof(buffer));
216
snprintf(buffer, sizeof(buffer), "libtiff / tiff2pdf - %d", TIFFLIB_VERSION);
217
written += t2p_write_pdf_string(buffer, output);
218
written += t2pWriteFile(output, (tdata_t) "\n", 1);
219
@@ -4109,7 +4110,7 @@ tsize_t t2p_write_pdf_pages(T2P* t2p, TI
220
{
221
tsize_t written=0;
222
tdir_t i=0;
223
- char buffer[16];
224
+ char buffer[32];
225
int buflen=0;
226
227
int page=0;
228
@@ -4117,7 +4118,7 @@ tsize_t t2p_write_pdf_pages(T2P* t2p, TI
229
(tdata_t) "<< \n/Type /Pages \n/Kids [ ", 26);
230
page = t2p->pdf_pages+1;
231
for (i=0;i<t2p->tiff_pagecount;i++){
232
- buflen=sprintf(buffer, "%d", page);
233
+ buflen=snprintf(buffer, sizeof(buffer), "%d", page);
234
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
235
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
236
if ( ((i+1)%8)==0 ) {
237
@@ -4132,8 +4133,7 @@ tsize_t t2p_write_pdf_pages(T2P* t2p, TI
238
}
239
}
240
written += t2pWriteFile(output, (tdata_t) "] \n/Count ", 10);
241
- _TIFFmemset(buffer, 0x00, 16);
242
- buflen=sprintf(buffer, "%d", t2p->tiff_pagecount);
243
+ buflen=snprintf(buffer, sizeof(buffer), "%d", t2p->tiff_pagecount);
244
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
245
written += t2pWriteFile(output, (tdata_t) " \n>> \n", 6);
246
247
@@ -4148,28 +4148,28 @@ tsize_t t2p_write_pdf_page(uint32 object
248
249
unsigned int i=0;
250
tsize_t written=0;
251
- char buffer[16];
252
+ char buffer[256];
253
int buflen=0;
254
255
written += t2pWriteFile(output, (tdata_t) "<<\n/Type /Page \n/Parent ", 24);
256
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_pages);
257
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_pages);
258
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
259
written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
260
written += t2pWriteFile(output, (tdata_t) "/MediaBox [", 11);
261
- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x1);
262
+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x1);
263
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
264
written += t2pWriteFile(output, (tdata_t) " ", 1);
265
- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y1);
266
+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y1);
267
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
268
written += t2pWriteFile(output, (tdata_t) " ", 1);
269
- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.x2);
270
+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.x2);
271
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
272
written += t2pWriteFile(output, (tdata_t) " ", 1);
273
- buflen=sprintf(buffer, "%.4f",t2p->pdf_mediabox.y2);
274
+ buflen=snprintf(buffer, sizeof(buffer), "%.4f",t2p->pdf_mediabox.y2);
275
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
276
written += t2pWriteFile(output, (tdata_t) "] \n", 3);
277
written += t2pWriteFile(output, (tdata_t) "/Contents ", 10);
278
- buflen=sprintf(buffer, "%lu", (unsigned long)(object + 1));
279
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(object + 1));
280
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
281
written += t2pWriteFile(output, (tdata_t) " 0 R \n", 6);
282
written += t2pWriteFile(output, (tdata_t) "/Resources << \n", 15);
283
@@ -4177,15 +4177,13 @@ tsize_t t2p_write_pdf_page(uint32 object
284
written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12);
285
for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount;i++){
286
written += t2pWriteFile(output, (tdata_t) "/Im", 3);
287
- buflen = sprintf(buffer, "%u", t2p->pdf_page+1);
288
+ buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
289
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
290
written += t2pWriteFile(output, (tdata_t) "_", 1);
291
- buflen = sprintf(buffer, "%u", i+1);
292
+ buflen = snprintf(buffer, sizeof(buffer), "%u", i+1);
293
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
294
written += t2pWriteFile(output, (tdata_t) " ", 1);
295
- buflen = sprintf(
296
- buffer,
297
- "%lu",
298
+ buflen = snprintf(buffer, sizeof(buffer), "%lu",
299
(unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra));
300
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
301
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
302
@@ -4197,12 +4195,10 @@ tsize_t t2p_write_pdf_page(uint32 object
303
} else {
304
written += t2pWriteFile(output, (tdata_t) "/XObject <<\n", 12);
305
written += t2pWriteFile(output, (tdata_t) "/Im", 3);
306
- buflen = sprintf(buffer, "%u", t2p->pdf_page+1);
307
+ buflen = snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
308
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
309
written += t2pWriteFile(output, (tdata_t) " ", 1);
310
- buflen = sprintf(
311
- buffer,
312
- "%lu",
313
+ buflen = snprintf(buffer, sizeof(buffer), "%lu",
314
(unsigned long)(object+3+(2*i)+t2p->tiff_pages[t2p->pdf_page].page_extra));
315
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
316
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
317
@@ -4211,9 +4207,7 @@ tsize_t t2p_write_pdf_page(uint32 object
318
if(t2p->tiff_transferfunctioncount != 0) {
319
written += t2pWriteFile(output, (tdata_t) "/ExtGState <<", 13);
320
t2pWriteFile(output, (tdata_t) "/GS1 ", 5);
321
- buflen = sprintf(
322
- buffer,
323
- "%lu",
324
+ buflen = snprintf(buffer, sizeof(buffer), "%lu",
325
(unsigned long)(object + 3));
326
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
327
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
328
@@ -4586,7 +4580,7 @@ tsize_t t2p_write_pdf_page_content_strea
329
if(t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount>0){
330
for(i=0;i<t2p->tiff_tiles[t2p->pdf_page].tiles_tilecount; i++){
331
box=t2p->tiff_tiles[t2p->pdf_page].tiles_tiles[i].tile_box;
332
- buflen=sprintf(buffer,
333
+ buflen=snprintf(buffer, sizeof(buffer),
334
"q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d_%ld Do Q\n",
335
t2p->tiff_transferfunctioncount?"/GS1 gs ":"",
336
box.mat[0],
337
@@ -4601,7 +4595,7 @@ tsize_t t2p_write_pdf_page_content_strea
338
}
339
} else {
340
box=t2p->pdf_imagebox;
341
- buflen=sprintf(buffer,
342
+ buflen=snprintf(buffer, sizeof(buffer),
343
"q %s %.4f %.4f %.4f %.4f %.4f %.4f cm /Im%d Do Q\n",
344
t2p->tiff_transferfunctioncount?"/GS1 gs ":"",
345
box.mat[0],
346
@@ -4626,59 +4620,48 @@ tsize_t t2p_write_pdf_xobject_stream_dic
347
TIFF* output){
348
349
tsize_t written=0;
350
- char buffer[16];
351
+ char buffer[32];
352
int buflen=0;
353
354
written += t2p_write_pdf_stream_dict(0, t2p->pdf_xrefcount+1, output);
355
written += t2pWriteFile(output,
356
(tdata_t) "/Type /XObject \n/Subtype /Image \n/Name /Im",
357
42);
358
- buflen=sprintf(buffer, "%u", t2p->pdf_page+1);
359
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_page+1);
360
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
361
if(tile != 0){
362
written += t2pWriteFile(output, (tdata_t) "_", 1);
363
- buflen=sprintf(buffer, "%lu", (unsigned long)tile);
364
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)tile);
365
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
366
}
367
written += t2pWriteFile(output, (tdata_t) "\n/Width ", 8);
368
- _TIFFmemset((tdata_t)buffer, 0x00, 16);
369
if(tile==0){
370
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_width);
371
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_width);
372
} else {
373
if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){
374
- buflen=sprintf(
375
- buffer,
376
- "%lu",
377
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
378
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth);
379
} else {
380
- buflen=sprintf(
381
- buffer,
382
- "%lu",
383
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
384
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth);
385
}
386
}
387
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
388
written += t2pWriteFile(output, (tdata_t) "\n/Height ", 9);
389
- _TIFFmemset((tdata_t)buffer, 0x00, 16);
390
if(tile==0){
391
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->tiff_length);
392
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->tiff_length);
393
} else {
394
if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)!=0){
395
- buflen=sprintf(
396
- buffer,
397
- "%lu",
398
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
399
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength);
400
} else {
401
- buflen=sprintf(
402
- buffer,
403
- "%lu",
404
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
405
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength);
406
}
407
}
408
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
409
written += t2pWriteFile(output, (tdata_t) "\n/BitsPerComponent ", 19);
410
- _TIFFmemset((tdata_t)buffer, 0x00, 16);
411
- buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample);
412
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample);
413
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
414
written += t2pWriteFile(output, (tdata_t) "\n/ColorSpace ", 13);
415
written += t2p_write_pdf_xobject_cs(t2p, output);
416
@@ -4722,11 +4705,10 @@ tsize_t t2p_write_pdf_xobject_cs(T2P* t2
417
t2p->pdf_colorspace ^= T2P_CS_PALETTE;
418
written += t2p_write_pdf_xobject_cs(t2p, output);
419
t2p->pdf_colorspace |= T2P_CS_PALETTE;
420
- buflen=sprintf(buffer, "%u", (0x0001 << t2p->tiff_bitspersample)-1 );
421
+ buflen=snprintf(buffer, sizeof(buffer), "%u", (0x0001 << t2p->tiff_bitspersample)-1 );
422
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
423
written += t2pWriteFile(output, (tdata_t) " ", 1);
424
- _TIFFmemset(buffer, 0x00, 16);
425
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_palettecs );
426
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_palettecs );
427
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
428
written += t2pWriteFile(output, (tdata_t) " 0 R ]\n", 7);
429
return(written);
430
@@ -4760,10 +4742,10 @@ tsize_t t2p_write_pdf_xobject_cs(T2P* t2
431
X_W /= Y_W;
432
Z_W /= Y_W;
433
Y_W = 1.0F;
434
- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
435
+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
436
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
437
written += t2pWriteFile(output, (tdata_t) "/Range ", 7);
438
- buflen=sprintf(buffer, "[%d %d %d %d] \n",
439
+ buflen=snprintf(buffer, sizeof(buffer), "[%d %d %d %d] \n",
440
t2p->pdf_labrange[0],
441
t2p->pdf_labrange[1],
442
t2p->pdf_labrange[2],
443
@@ -4779,26 +4761,26 @@ tsize_t t2p_write_pdf_xobject_cs(T2P* t2
444
tsize_t t2p_write_pdf_transfer(T2P* t2p, TIFF* output){
445
446
tsize_t written=0;
447
- char buffer[16];
448
+ char buffer[32];
449
int buflen=0;
450
451
written += t2pWriteFile(output, (tdata_t) "<< /Type /ExtGState \n/TR ", 25);
452
if(t2p->tiff_transferfunctioncount == 1){
453
- buflen=sprintf(buffer, "%lu",
454
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
455
(unsigned long)(t2p->pdf_xrefcount + 1));
456
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
457
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
458
} else {
459
written += t2pWriteFile(output, (tdata_t) "[ ", 2);
460
- buflen=sprintf(buffer, "%lu",
461
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
462
(unsigned long)(t2p->pdf_xrefcount + 1));
463
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
464
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
465
- buflen=sprintf(buffer, "%lu",
466
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
467
(unsigned long)(t2p->pdf_xrefcount + 2));
468
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
469
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
470
- buflen=sprintf(buffer, "%lu",
471
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
472
(unsigned long)(t2p->pdf_xrefcount + 3));
473
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
474
written += t2pWriteFile(output, (tdata_t) " 0 R ", 5);
475
@@ -4820,7 +4802,7 @@ tsize_t t2p_write_pdf_transfer_dict(T2P*
476
written += t2pWriteFile(output, (tdata_t) "/FunctionType 0 \n", 17);
477
written += t2pWriteFile(output, (tdata_t) "/Domain [0.0 1.0] \n", 19);
478
written += t2pWriteFile(output, (tdata_t) "/Range [0.0 1.0] \n", 18);
479
- buflen=sprintf(buffer, "/Size [%u] \n", (1<<t2p->tiff_bitspersample));
480
+ buflen=snprintf(buffer, sizeof(buffer), "/Size [%u] \n", (1<<t2p->tiff_bitspersample));
481
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
482
written += t2pWriteFile(output, (tdata_t) "/BitsPerSample 16 \n", 19);
483
written += t2p_write_pdf_stream_dict(((tsize_t)1)<<(t2p->tiff_bitspersample+1), 0, output);
484
@@ -4847,7 +4829,7 @@ tsize_t t2p_write_pdf_transfer_stream(T2
485
tsize_t t2p_write_pdf_xobject_calcs(T2P* t2p, TIFF* output){
486
487
tsize_t written=0;
488
- char buffer[128];
489
+ char buffer[256];
490
int buflen=0;
491
492
float X_W=0.0;
493
@@ -4915,16 +4897,16 @@ tsize_t t2p_write_pdf_xobject_calcs(T2P*
494
written += t2pWriteFile(output, (tdata_t) "<< \n", 4);
495
if(t2p->pdf_colorspace & T2P_CS_CALGRAY){
496
written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12);
497
- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
498
+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
499
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
500
written += t2pWriteFile(output, (tdata_t) "/Gamma 2.2 \n", 12);
501
}
502
if(t2p->pdf_colorspace & T2P_CS_CALRGB){
503
written += t2pWriteFile(output, (tdata_t) "/WhitePoint ", 12);
504
- buflen=sprintf(buffer, "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
505
+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f] \n", X_W, Y_W, Z_W);
506
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
507
written += t2pWriteFile(output, (tdata_t) "/Matrix ", 8);
508
- buflen=sprintf(buffer, "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n",
509
+ buflen=snprintf(buffer, sizeof(buffer), "[%.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f %.4f] \n",
510
X_R, Y_R, Z_R,
511
X_G, Y_G, Z_G,
512
X_B, Y_B, Z_B);
513
@@ -4943,11 +4925,11 @@ tsize_t t2p_write_pdf_xobject_calcs(T2P*
514
tsize_t t2p_write_pdf_xobject_icccs(T2P* t2p, TIFF* output){
515
516
tsize_t written=0;
517
- char buffer[16];
518
+ char buffer[32];
519
int buflen=0;
520
521
written += t2pWriteFile(output, (tdata_t) "[/ICCBased ", 11);
522
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_icccs);
523
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_icccs);
524
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
525
written += t2pWriteFile(output, (tdata_t) " 0 R] \n", 7);
526
527
@@ -4957,11 +4939,11 @@ tsize_t t2p_write_pdf_xobject_icccs(T2P*
528
tsize_t t2p_write_pdf_xobject_icccs_dict(T2P* t2p, TIFF* output){
529
530
tsize_t written=0;
531
- char buffer[16];
532
+ char buffer[32];
533
int buflen=0;
534
535
written += t2pWriteFile(output, (tdata_t) "/N ", 3);
536
- buflen=sprintf(buffer, "%u \n", t2p->tiff_samplesperpixel);
537
+ buflen=snprintf(buffer, sizeof(buffer), "%u \n", t2p->tiff_samplesperpixel);
538
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
539
written += t2pWriteFile(output, (tdata_t) "/Alternate ", 11);
540
t2p->pdf_colorspace ^= T2P_CS_ICCBASED;
541
@@ -5026,7 +5008,7 @@ tsize_t t2p_write_pdf_xobject_decode(T2P
542
tsize_t t2p_write_pdf_xobject_stream_filter(ttile_t tile, T2P* t2p, TIFF* output){
543
544
tsize_t written=0;
545
- char buffer[16];
546
+ char buffer[32];
547
int buflen=0;
548
549
if(t2p->pdf_compression==T2P_COMPRESS_NONE){
550
@@ -5041,41 +5023,33 @@ tsize_t t2p_write_pdf_xobject_stream_fil
551
written += t2pWriteFile(output, (tdata_t) "<< /K -1 ", 9);
552
if(tile==0){
553
written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
554
- buflen=sprintf(buffer, "%lu",
555
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
556
(unsigned long)t2p->tiff_width);
557
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
558
written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
559
- buflen=sprintf(buffer, "%lu",
560
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
561
(unsigned long)t2p->tiff_length);
562
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
563
} else {
564
if(t2p_tile_is_right_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){
565
written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
566
- buflen=sprintf(
567
- buffer,
568
- "%lu",
569
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
570
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilewidth);
571
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
572
} else {
573
written += t2pWriteFile(output, (tdata_t) "/Columns ", 9);
574
- buflen=sprintf(
575
- buffer,
576
- "%lu",
577
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
578
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilewidth);
579
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
580
}
581
if(t2p_tile_is_bottom_edge(t2p->tiff_tiles[t2p->pdf_page], tile-1)==0){
582
written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
583
- buflen=sprintf(
584
- buffer,
585
- "%lu",
586
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
587
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_tilelength);
588
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
589
} else {
590
written += t2pWriteFile(output, (tdata_t) " /Rows ", 7);
591
- buflen=sprintf(
592
- buffer,
593
- "%lu",
594
+ buflen=snprintf(buffer, sizeof(buffer), "%lu",
595
(unsigned long)t2p->tiff_tiles[t2p->pdf_page].tiles_edgetilelength);
596
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
597
}
598
@@ -5102,21 +5076,17 @@ tsize_t t2p_write_pdf_xobject_stream_fil
599
if(t2p->pdf_compressionquality%100){
600
written += t2pWriteFile(output, (tdata_t) "/DecodeParms ", 13);
601
written += t2pWriteFile(output, (tdata_t) "<< /Predictor ", 14);
602
- _TIFFmemset(buffer, 0x00, 16);
603
- buflen=sprintf(buffer, "%u", t2p->pdf_compressionquality%100);
604
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->pdf_compressionquality%100);
605
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
606
written += t2pWriteFile(output, (tdata_t) " /Columns ", 10);
607
- _TIFFmemset(buffer, 0x00, 16);
608
- buflen = sprintf(buffer, "%lu",
609
+ buflen = snprintf(buffer, sizeof(buffer), "%lu",
610
(unsigned long)t2p->tiff_width);
611
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
612
written += t2pWriteFile(output, (tdata_t) " /Colors ", 9);
613
- _TIFFmemset(buffer, 0x00, 16);
614
- buflen=sprintf(buffer, "%u", t2p->tiff_samplesperpixel);
615
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_samplesperpixel);
616
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
617
written += t2pWriteFile(output, (tdata_t) " /BitsPerComponent ", 19);
618
- _TIFFmemset(buffer, 0x00, 16);
619
- buflen=sprintf(buffer, "%u", t2p->tiff_bitspersample);
620
+ buflen=snprintf(buffer, sizeof(buffer), "%u", t2p->tiff_bitspersample);
621
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
622
written += t2pWriteFile(output, (tdata_t) ">>\n", 3);
623
}
624
@@ -5136,16 +5106,16 @@ tsize_t t2p_write_pdf_xobject_stream_fil
625
tsize_t t2p_write_pdf_xreftable(T2P* t2p, TIFF* output){
626
627
tsize_t written=0;
628
- char buffer[21];
629
+ char buffer[64];
630
int buflen=0;
631
uint32 i=0;
632
633
written += t2pWriteFile(output, (tdata_t) "xref\n0 ", 7);
634
- buflen=sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount + 1));
635
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount + 1));
636
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
637
written += t2pWriteFile(output, (tdata_t) " \n0000000000 65535 f \n", 22);
638
for (i=0;i<t2p->pdf_xrefcount;i++){
639
- sprintf(buffer, "%.10lu 00000 n \n",
640
+ snprintf(buffer, sizeof(buffer), "%.10lu 00000 n \n",
641
(unsigned long)t2p->pdf_xrefoffsets[i]);
642
written += t2pWriteFile(output, (tdata_t) buffer, 20);
643
}
644
@@ -5169,17 +5139,14 @@ tsize_t t2p_write_pdf_trailer(T2P* t2p,
645
snprintf(t2p->pdf_fileid + i, 9, "%.8X", rand());
646
647
written += t2pWriteFile(output, (tdata_t) "trailer\n<<\n/Size ", 17);
648
- buflen = sprintf(buffer, "%lu", (unsigned long)(t2p->pdf_xrefcount+1));
649
+ buflen = snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)(t2p->pdf_xrefcount+1));
650
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
651
- _TIFFmemset(buffer, 0x00, 32);
652
written += t2pWriteFile(output, (tdata_t) "\n/Root ", 7);
653
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_catalog);
654
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_catalog);
655
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
656
- _TIFFmemset(buffer, 0x00, 32);
657
written += t2pWriteFile(output, (tdata_t) " 0 R \n/Info ", 12);
658
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_info);
659
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_info);
660
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
661
- _TIFFmemset(buffer, 0x00, 32);
662
written += t2pWriteFile(output, (tdata_t) " 0 R \n/ID[<", 11);
663
written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid,
664
sizeof(t2p->pdf_fileid) - 1);
665
@@ -5187,9 +5154,8 @@ tsize_t t2p_write_pdf_trailer(T2P* t2p,
666
written += t2pWriteFile(output, (tdata_t) t2p->pdf_fileid,
667
sizeof(t2p->pdf_fileid) - 1);
668
written += t2pWriteFile(output, (tdata_t) ">]\n>>\nstartxref\n", 16);
669
- buflen=sprintf(buffer, "%lu", (unsigned long)t2p->pdf_startxref);
670
+ buflen=snprintf(buffer, sizeof(buffer), "%lu", (unsigned long)t2p->pdf_startxref);
671
written += t2pWriteFile(output, (tdata_t) buffer, buflen);
672
- _TIFFmemset(buffer, 0x00, 32);
673
written += t2pWriteFile(output, (tdata_t) "\n%%EOF\n", 7);
674
675
return(written);
676
--- tiff-4.0.2.orig/tools/tiff2ps.c
677
+++ tiff-4.0.2/tools/tiff2ps.c
678
@@ -1781,8 +1781,8 @@ PS_Lvl2ImageDict(FILE* fd, TIFF* tif, ui
679
imageOp = "imagemask";
680
681
(void)strcpy(im_x, "0");
682
- (void)sprintf(im_y, "%lu", (long) h);
683
- (void)sprintf(im_h, "%lu", (long) h);
684
+ (void)snprintf(im_y, sizeof(im_y), "%lu", (long) h);
685
+ (void)snprintf(im_h, sizeof(im_h), "%lu", (long) h);
686
tile_width = w;
687
tile_height = h;
688
if (TIFFIsTiled(tif)) {
689
@@ -1803,7 +1803,7 @@ PS_Lvl2ImageDict(FILE* fd, TIFF* tif, ui
690
}
691
if (tile_height < h) {
692
fputs("/im_y 0 def\n", fd);
693
- (void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
694
+ (void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
695
}
696
} else {
697
repeat_count = tf_numberstrips;
698
@@ -1815,7 +1815,7 @@ PS_Lvl2ImageDict(FILE* fd, TIFF* tif, ui
699
fprintf(fd, "/im_h %lu def\n",
700
(unsigned long) tile_height);
701
(void)strcpy(im_h, "im_h");
702
- (void)sprintf(im_y, "%lu im_y sub", (unsigned long) h);
703
+ (void)snprintf(im_y, sizeof(im_y), "%lu im_y sub", (unsigned long) h);
704
}
705
}
706
707
--- tiff-4.0.2.orig/tools/tiffcrop.c
708
+++ tiff-4.0.2/tools/tiffcrop.c
709
@@ -2077,7 +2077,7 @@ update_output_file (TIFF **tiffout, char
710
return 1;
711
}
712
713
- sprintf (filenum, "-%03d%s", findex, export_ext);
714
+ snprintf(filenum, sizeof(filenum), "-%03d%s", findex, export_ext);
715
filenum[14] = '\0';
716
strncat (exportname, filenum, 15);
717
}
718
@@ -2230,8 +2230,8 @@ main(int argc, char* argv[])
719
720
/* dump.infilename is guaranteed to be NUL termimated and have 20 bytes
721
fewer than PATH_MAX */
722
- memset (temp_filename, '\0', PATH_MAX + 1);
723
- sprintf (temp_filename, "%s-read-%03d.%s", dump.infilename, dump_images,
724
+ snprintf(temp_filename, sizeof(temp_filename), "%s-read-%03d.%s",
725
+ dump.infilename, dump_images,
726
(dump.format == DUMP_TEXT) ? "txt" : "raw");
727
if ((dump.infile = fopen(temp_filename, dump.mode)) == NULL)
728
{
729
@@ -2249,8 +2249,8 @@ main(int argc, char* argv[])
730
731
/* dump.outfilename is guaranteed to be NUL termimated and have 20 bytes
732
fewer than PATH_MAX */
733
- memset (temp_filename, '\0', PATH_MAX + 1);
734
- sprintf (temp_filename, "%s-write-%03d.%s", dump.outfilename, dump_images,
735
+ snprintf(temp_filename, sizeof(temp_filename), "%s-write-%03d.%s",
736
+ dump.outfilename, dump_images,
737
(dump.format == DUMP_TEXT) ? "txt" : "raw");
738
if ((dump.outfile = fopen(temp_filename, dump.mode)) == NULL)
739
{
740
--- tiff-4.0.2.orig/tools/tiff2bw.c
741
+++ tiff-4.0.2/tools/tiff2bw.c
742
@@ -205,7 +205,7 @@ main(int argc, char* argv[])
743
}
744
}
745
TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_MINISBLACK);
746
- sprintf(thing, "B&W version of %s", argv[optind]);
747
+ snprintf(thing, sizeof(thing), "B&W version of %s", argv[optind]);
748
TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);
749
TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw");
750
outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
Loggerhead is a web-based interface for Breezy
Version: 2.0.1