summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEven Rouault <even.rouault@spatialys.com>2016-08-15 21:26:56 +0000
committerEven Rouault <even.rouault@spatialys.com>2016-08-15 21:26:56 +0000
commitf18e33b3a5ab03d3c988aa367c2729c98edf163a (patch)
tree15daba8c6becadb72fb686ee03fff078b183ef64
parent5dd73c2b77798cebe22f8668187e502ad462c588 (diff)
downloadlibtiff-git-f18e33b3a5ab03d3c988aa367c2729c98edf163a.tar.gz
* tools/rgb2ycbcr.c: validate values of -v and -h parameters to
avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--tools/rgb2ycbcr.c6
2 files changed, 10 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index 5d606087..3e6642a3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2016-08-15 Even Rouault <even.rouault at spatialys.com>
+ * tools/rgb2ycbcr.c: validate values of -v and -h parameters to
+ avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
+
+2016-08-15 Even Rouault <even.rouault at spatialys.com>
+
* tools/tiffcrop.c: Fix out-of-bounds write in loadImage().
From patch libtiff-CVE-2016-3991.patch from
libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543)
diff --git a/tools/rgb2ycbcr.c b/tools/rgb2ycbcr.c
index 4a969c2c..7a9d705e 100644
--- a/tools/rgb2ycbcr.c
+++ b/tools/rgb2ycbcr.c
@@ -1,4 +1,4 @@
-/* $Id: rgb2ycbcr.c,v 1.16 2015-06-21 01:09:10 bfriesen Exp $ */
+/* $Id: rgb2ycbcr.c,v 1.17 2016-08-15 21:26:56 erouault Exp $ */
/*
* Copyright (c) 1991-1997 Sam Leffler
@@ -95,9 +95,13 @@ main(int argc, char* argv[])
break;
case 'h':
horizSubSampling = atoi(optarg);
+ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 )
+ usage(-1);
break;
case 'v':
vertSubSampling = atoi(optarg);
+ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 )
+ usage(-1);
break;
case 'r':
rowsperstrip = atoi(optarg);
View Lorry Controller Status