diff options
author | Even Rouault <even.rouault@spatialys.com> | 2020-02-01 18:11:08 +0100 |
---|---|---|
committer | Even Rouault <even.rouault@spatialys.com> | 2020-02-01 18:11:11 +0100 |
commit | 37a02ad493586bfd21a6fb15c5d8deeaaaffc41b (patch) | |
tree | 4884ad12ade199a50ed0f78caeeeea9c41b67bb9 | |
parent | 7a335a32ebbce103d429c82a8d60d25ead1ccf0e (diff) | |
download | libtiff-git-37a02ad493586bfd21a6fb15c5d8deeaaaffc41b.tar.gz |
TIFFSetupStrips: enforce 2GB limitation of Strip/Tile Offsets/ByteCounts arrays
TIFFWriteDirectoryTagData() has an assertion that checks that the
arrays are not larger than 2GB. So error out earlier if in that situation.
-rw-r--r-- | libtiff/tif_write.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/libtiff/tif_write.c b/libtiff/tif_write.c index 33e803c1..f79330e9 100644 --- a/libtiff/tif_write.c +++ b/libtiff/tif_write.c @@ -533,6 +533,13 @@ TIFFSetupStrips(TIFF* tif) isUnspecified(tif, FIELD_ROWSPERSTRIP) ? td->td_samplesperpixel : TIFFNumberOfStrips(tif); td->td_nstrips = td->td_stripsperimage; + /* TIFFWriteDirectoryTagData has a limitation to 0x80000000U bytes */ + if( td->td_nstrips >= 0x80000000U / ((tif->tif_flags&TIFF_BIGTIFF)?0x8U:0x4U) ) + { + TIFFErrorExt(tif->tif_clientdata, "TIFFSetupStrips", + "Too large Strip/Tile Offsets/ByteCounts arrays"); + return 0; + } if (td->td_planarconfig == PLANARCONFIG_SEPARATE) td->td_stripsperimage /= td->td_samplesperpixel; td->td_stripoffset_p = (uint64 *) |