33 lines
1.1 KiB
Diff
33 lines
1.1 KiB
Diff
From 148b32d6d0d79641b73b75b48ccacda3d640b47d Mon Sep 17 00:00:00 2001
|
|
From: erouault <erouault>
|
|
Date: Wed, 11 Jan 2017 16:13:50 +0000
|
|
Subject: [PATCH 7/8] * libtiff/tif_jpeg.c: validate BitsPerSample in
|
|
JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
|
|
exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
|
|
|
|
---
|
|
libtiff/tif_jpeg.c | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
|
|
index 1508ce6..a223eea 100644
|
|
--- a/libtiff/tif_jpeg.c
|
|
+++ b/libtiff/tif_jpeg.c
|
|
@@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif)
|
|
"Invalig horizontal/vertical sampling value");
|
|
return (0);
|
|
}
|
|
+ if( td->td_bitspersample > 16 )
|
|
+ {
|
|
+ TIFFErrorExt(tif->tif_clientdata, module,
|
|
+ "BitsPerSample %d not allowed for JPEG",
|
|
+ td->td_bitspersample);
|
|
+ return (0);
|
|
+ }
|
|
|
|
/*
|
|
* A ReferenceBlackWhite field *must* be present since the
|
|
--
|
|
2.7.4
|
|
|