diff options
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | libtiff/tif_lzw.c | 5 |
2 files changed, 11 insertions, 2 deletions
@@ -1,5 +1,13 @@ 2017-07-11 Even Rouault <even.rouault at spatialys.com> + * libtiff/tif_lzw.c: fix potential out-of-buffer read on 1-byte LZW + strips. Crashing issue only on memory mapped files, where the strip + offset is the last byte of the file, and the file size is a multiple + of one page size on the CPU architecture (typically 4096). Credit + to myself :-) + +2017-07-11 Even Rouault <even.rouault at spatialys.com> + * test/tiffcp-lzw-compat.sh, test/images/quad-lzw-compat.tiff: new files to test old-style LZW decompression * test/common.sh, Makefile.am, CMakeList.txt: updated with above diff --git a/libtiff/tif_lzw.c b/libtiff/tif_lzw.c index 118ac696..bc8f9c84 100644 --- a/libtiff/tif_lzw.c +++ b/libtiff/tif_lzw.c @@ -1,4 +1,4 @@ -/* $Id: tif_lzw.c,v 1.56 2017-07-11 08:55:07 erouault Exp $ */ +/* $Id: tif_lzw.c,v 1.57 2017-07-11 10:54:29 erouault Exp $ */ /* * Copyright (c) 1988-1997 Sam Leffler @@ -275,7 +275,8 @@ LZWPreDecode(TIFF* tif, uint16 s) /* * Check for old bit-reversed codes. */ - if (tif->tif_rawdata[0] == 0 && (tif->tif_rawdata[1] & 0x1)) { + if (tif->tif_rawcc >= 2 && + tif->tif_rawdata[0] == 0 && (tif->tif_rawdata[1] & 0x1)) { #ifdef LZW_COMPAT if (!sp->dec_decode) { TIFFWarningExt(tif->tif_clientdata, module, |