summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorerouault <erouault>2017-05-18 06:44:35 +0000
committererouault <erouault>2017-05-18 06:44:35 +0000
commit604c848d0323f738be59d9a3de860c831c98c880 (patch)
tree97f7fa596911d07e7d1b93b48edf8f35e9f02a67
parent2909825b24b4111362998856ddea08107c082645 (diff)
downloadlibtiff-604c848d0323f738be59d9a3de860c831c98c880.tar.gz
* libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is not zero
to avoid division by zero. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665 Credit to OSS Fuzz
Diffstat
-rw-r--r--ChangeLog7
-rw-r--r--libtiff/tif_getimage.c4
2 files changed, 10 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index ccafcfa9..0195d52a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-05-18 Even Rouault <even.rouault at spatialys.com>
+
+ * libtiff/tif_getimage.c: initYCbCrConversion(): check luma[1] is not zero
+ to avoid division by zero.
+ Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1665
+ Credit to OSS Fuzz
+
2017-05-17 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_read.c: _TIFFVSetField(): fix outside range cast of double to
diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
index b1363cc6..1d5f3046 100644
--- a/libtiff/tif_getimage.c
+++ b/libtiff/tif_getimage.c
@@ -1,4 +1,4 @@
-/* $Id: tif_getimage.c,v 1.104 2017-05-17 13:48:35 erouault Exp $ */
+/* $Id: tif_getimage.c,v 1.105 2017-05-18 06:44:35 erouault Exp $ */
/*
* Copyright (c) 1991-1997 Sam Leffler
@@ -2265,8 +2265,10 @@ initYCbCrConversion(TIFFRGBAImage* img)
&refBlackWhite);
/* Do some validation to avoid later issues. Detect NaN for now */
+ /* and also if lumaGreen is zero since we divide by it later */
if( luma[0] != luma[0] ||
luma[1] != luma[1] ||
+ luma[1] == 0.0 ||
luma[2] != luma[2] )
{
TIFFErrorExt(img->tif->tif_clientdata, module,
View Lorry Controller Status