In tiff2pdf.c, fail when TIFFSetDirectory() fails.

author: tgl <tgl> 2012-07-18 15:07:55 +0000
committer: tgl <tgl> 2012-07-18 15:07:55 +0000
commit: 86e5f6d6895e1e7c491fb133b7ed814ad25be59c (patch)
tree: 12d0c158a620ccf5f8374cb4fcbc4e87aea56474
parent: fd8ba1618be6cd92b151abf766a5c4e63869777a (diff)
download: libtiff-86e5f6d6895e1e7c491fb133b7ed814ad25be59c.tar.gz
2 files changed, 8 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index e711fe8e..918369c6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2012-07-18  Tom Lane  <tgl@sss.pgh.pa.us>
+
+	* tools/tiff2pdf.c: Fail when TIFFSetDirectory() fails.  This
+	prevents core dumps or perhaps even arbitrary code execution when
+	processing a corrupt input file (CVE-2012-3401).
+
 2012-07-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
 
 	* test/raw_decode.c (main): Test fixes to work with IJG JPEG 7+.
diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
index 81431436..a6b520f8 100644
--- a/tools/tiff2pdf.c
+++ b/tools/tiff2pdf.c
@@ -1,4 +1,4 @@
-/* $Id: tiff2pdf.c,v 1.67 2012-06-15 21:51:54 fwarmerdam Exp $
+/* $Id: tiff2pdf.c,v 1.68 2012-07-18 15:07:55 tgl Exp $
  *
  * tiff2pdf - converts a TIFF image to a PDF document
  *
@@ -1066,6 +1066,7 @@ void t2p_read_tiff_init(T2P* t2p, TIFF* input){
 				"Can't set directory %u of input file %s", 
 				i,
 				TIFFFileName(input));
+			t2p->t2p_error = T2P_ERR_ERROR;
 			return;
 		}
 		if(TIFFGetField(input, TIFFTAG_PAGENUMBER, &pagen, &paged)){
author	tgl <tgl>	2012-07-18 15:07:55 +0000
committer	tgl <tgl>	2012-07-18 15:07:55 +0000
commit	86e5f6d6895e1e7c491fb133b7ed814ad25be59c (patch)
tree	12d0c158a620ccf5f8374cb4fcbc4e87aea56474
parent	fd8ba1618be6cd92b151abf766a5c4e63869777a (diff)
download	libtiff-86e5f6d6895e1e7c491fb133b7ed814ad25be59c.tar.gz