diff options
author | erouault <erouault> | 2017-05-18 06:44:35 +0000 |
---|---|---|
committer | erouault <erouault> | 2017-05-18 06:44:35 +0000 |
commit | 604c848d0323f738be59d9a3de860c831c98c880 (patch) | |
tree | 97f7fa596911d07e7d1b93b48edf8f35e9f02a67 | |
parent | 2909825b24b4111362998856ddea08107c082645 (diff) | |
download | libtiff-604c848d0323f738be59d9a3de860c831c98c880.tar.gz |
* libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is not zero
to avoid division by zero.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665
Credit to OSS Fuzz
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | libtiff/tif_getimage.c | 4 |
2 files changed, 10 insertions, 1 deletions
@@ -1,3 +1,10 @@ +2017-05-18 Even Rouault <even.rouault at spatialys.com> + + * libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is not zero + to avoid division by zero. + Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 + Credit to OSS Fuzz + 2017-05-17 Even Rouault <even.rouault at spatialys.com> * libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of double to diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c index b1363cc6..1d5f3046 100644 --- a/libtiff/tif_getimage.c +++ b/libtiff/tif_getimage.c @@ -1,4 +1,4 @@ -/* $Id: tif_getimage.c,v 1.104 2017-05-17 13:48:35 erouault Exp $ */ +/* $Id: tif_getimage.c,v 1.105 2017-05-18 06:44:35 erouault Exp $ */ /* * Copyright (c) 1991-1997 Sam Leffler @@ -2265,8 +2265,10 @@ initYCbCrConversion(TIFFRGBAImage* img) &refBlackWhite); /* Do some validation to avoid later issues. Detect NaN for now */ + /* and also if lumaGreen is zero since we divide by it later */ if( luma[0] != luma[0] || luma[1] != luma[1] || + luma[1] == 0.0 || luma[2] != luma[2] ) { TIFFErrorExt(img->tif->tif_clientdata, module, |