* libtiff/tif_dirread.c: in TIFFReadDirEntryFloat(), check that a

double value can fit in a float before casting. Patch by Nicolas RUFF
author: erouault <erouault> 2017-06-27 13:44:44 +0000
committer: erouault <erouault> 2017-06-27 13:44:44 +0000
commit: 95290821b4b170309ce104f866bcd9adff24ab0a (patch)
tree: 64447fe1f5806022a0cefba4f61e5d2c125e7916
parent: da310a49942792adefd061f6f788ef293ffae415 (diff)
download: libtiff-95290821b4b170309ce104f866bcd9adff24ab0a.tar.gz
2 files changed, 8 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index ecd70534..ab792220 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-06-27  Even Rouault <even.rouault at spatialys.com>
+
+	* libtiff/tif_dirread.c: in TIFFReadDirEntryFloat(), check that a
+	double value can fit in a float before casting. Patch by Nicolas RUFF
+
 2017-06-26  Even Rouault <even.rouault at spatialys.com>
 
 	* libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 2e2cdccc..a3d0efd1 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -1,4 +1,4 @@
-/* $Id: tif_dirread.c,v 1.212 2017-06-18 10:31:50 erouault Exp $ */
+/* $Id: tif_dirread.c,v 1.213 2017-06-27 13:44:44 erouault Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -636,6 +636,8 @@ static enum TIFFReadDirEntryErr TIFFReadDirEntryFloat(TIFF* tif, TIFFDirEntry* d
 				err=TIFFReadDirEntryCheckedDouble(tif,direntry,&m);
 				if (err!=TIFFReadDirEntryErrOk)
 					return(err);
+				if ((m > FLT_MAX) || (m < FLT_MIN))
+					return(TIFFReadDirEntryErrRange);
 				*value=(float)m;
 				return(TIFFReadDirEntryErrOk);
 			}
author	erouault <erouault>	2017-06-27 13:44:44 +0000
committer	erouault <erouault>	2017-06-27 13:44:44 +0000
commit	95290821b4b170309ce104f866bcd9adff24ab0a (patch)
tree	64447fe1f5806022a0cefba4f61e5d2c125e7916
parent	da310a49942792adefd061f6f788ef293ffae415 (diff)
download	libtiff-95290821b4b170309ce104f866bcd9adff24ab0a.tar.gz