From 7d0a920d34e9960b2dd2e3583172826b3a4db570 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Mu=C5=BEila?= Date: Tue, 8 Aug 2023 15:32:42 +0200 Subject: [PATCH] (CVE-2023-26966) tif_luv: Check and correct for NaN data in uv_encode(). Closes #530 See merge request libtiff/libtiff!473 (cherry picked from commit d1f658afa5ab5ed21a9e32e0f790f41b01506cd9) --- libtiff/tif_luv.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c index 72ab3668..93c76115 100644 --- a/libtiff/tif_luv.c +++ b/libtiff/tif_luv.c @@ -908,7 +908,14 @@ uv_encode(double u, double v, int em) /* encode (u',v') coordinates */ { register int vi, ui; - if (v < UV_VSTART) + /* check for NaN */ + if (u != u || v != v) + { + u = U_NEU; + v = V_NEU; + } + + if (v < UV_VSTART) return oog_encode(u, v); vi = tiff_itrunc((v - UV_VSTART)*(1./UV_SQSIZ), em); if (vi >= UV_NVS)