diff options
| author | Even Rouault <even.rouault@spatialys.com> | 2014-12-21 18:52:42 +0000 |
|---|---|---|
| committer | Even Rouault <even.rouault@spatialys.com> | 2014-12-21 18:52:42 +0000 |
| commit | 1246f97138b0d5c0cd44b643ca1ff7239a86daca (patch) | |
| tree | b2fd0339094023b01c741d2bf4428c3b85b3ddbd /tools | |
| parent | 7d3b9da6cb48d962934a0bbc34e751d9fb0d0d1e (diff) | |
| download | libtiff-git-1246f97138b0d5c0cd44b643ca1ff7239a86daca.tar.gz | |
* tools/thumbnail.c, tools/tiffcmp.c: only read/write TIFFTAG_GROUP3OPTIONS
or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or
COMPRESSION_CCITTFAX4
http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128)
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/thumbnail.c | 23 | ||||
| -rw-r--r-- | tools/tiffcmp.c | 19 |
2 files changed, 37 insertions, 5 deletions
diff --git a/tools/thumbnail.c b/tools/thumbnail.c index 47396988..673ac597 100644 --- a/tools/thumbnail.c +++ b/tools/thumbnail.c @@ -1,4 +1,4 @@ -/* $Id: thumbnail.c,v 1.17 2014-12-07 22:33:06 erouault Exp $ */ +/* $Id: thumbnail.c,v 1.18 2014-12-21 18:52:42 erouault Exp $ */ /* * Copyright (c) 1994-1997 Sam Leffler @@ -274,7 +274,26 @@ cpTags(TIFF* in, TIFF* out) { struct cpTag *p; for (p = tags; p < &tags[NTAGS]; p++) - cpTag(in, out, p->tag, p->count, p->type); + { + /* Horrible: but TIFFGetField() expects 2 arguments to be passed */ + /* if we request a tag that is defined in a codec, but that codec */ + /* isn't used */ + if( p->tag == TIFFTAG_GROUP3OPTIONS ) + { + uint16 compression; + if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || + compression != COMPRESSION_CCITTFAX3 ) + continue; + } + if( p->tag == TIFFTAG_GROUP4OPTIONS ) + { + uint16 compression; + if( !TIFFGetField(in, TIFFTAG_COMPRESSION, &compression) || + compression != COMPRESSION_CCITTFAX4 ) + continue; + } + cpTag(in, out, p->tag, p->count, p->type); + } } #undef NTAGS diff --git a/tools/tiffcmp.c b/tools/tiffcmp.c index bc7dac94..352fe122 100644 --- a/tools/tiffcmp.c +++ b/tools/tiffcmp.c @@ -1,4 +1,4 @@ -/* $Id: tiffcmp.c,v 1.16 2010-03-10 18:56:50 bfriesen Exp $ */ +/* $Id: tiffcmp.c,v 1.17 2014-12-21 18:52:42 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -260,6 +260,7 @@ bad1: static int cmptags(TIFF* tif1, TIFF* tif2) { + uint16 compression1, compression2; CmpLongField(TIFFTAG_SUBFILETYPE, "SubFileType"); CmpLongField(TIFFTAG_IMAGEWIDTH, "ImageWidth"); CmpLongField(TIFFTAG_IMAGELENGTH, "ImageLength"); @@ -276,8 +277,20 @@ cmptags(TIFF* tif1, TIFF* tif2) CmpShortField(TIFFTAG_SAMPLEFORMAT, "SampleFormat"); CmpFloatField(TIFFTAG_XRESOLUTION, "XResolution"); CmpFloatField(TIFFTAG_YRESOLUTION, "YResolution"); - CmpLongField(TIFFTAG_GROUP3OPTIONS, "Group3Options"); - CmpLongField(TIFFTAG_GROUP4OPTIONS, "Group4Options"); + if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) && + compression1 == COMPRESSION_CCITTFAX3 && + TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) && + compression2 == COMPRESSION_CCITTFAX3 ) + { + CmpLongField(TIFFTAG_GROUP3OPTIONS, "Group3Options"); + } + if( TIFFGetField(tif1, TIFFTAG_COMPRESSION, &compression1) && + compression1 == COMPRESSION_CCITTFAX4 && + TIFFGetField(tif2, TIFFTAG_COMPRESSION, &compression2) && + compression2 == COMPRESSION_CCITTFAX4 ) + { + CmpLongField(TIFFTAG_GROUP4OPTIONS, "Group4Options"); + } CmpShortField(TIFFTAG_RESOLUTIONUNIT, "ResolutionUnit"); CmpShortField(TIFFTAG_PLANARCONFIG, "PlanarConfiguration"); CmpLongField(TIFFTAG_ROWSPERSTRIP, "RowsPerStrip"); |