Attachment 162356 Details for Bug 234080 – tiff-3.8.2-bug1929.patch

[patch] tiff-3.8.2-bug1929.patch

tiff-3.8.2-bug1929.patch (text/plain), 1.32 KB, created by Robert Buchholz (RETIRED) on 2008-08-06 12:44:51 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Robert Buchholz (RETIRED)

Created: 2008-08-06 12:44:51 UTC

Size: 1.32 KB

patch

obsolete

>Index: tiff-3.8.2/libtiff/tif_lzw.c
>===================================================================
>--- tiff-3.8.2.orig/libtiff/tif_lzw.c
>+++ tiff-3.8.2/libtiff/tif_lzw.c
>@@ -237,6 +237,12 @@ LZWSetupDecode(TIFF* tif)
>                     sp->dec_codetab[code].length = 1;
>                     sp->dec_codetab[code].next = NULL;
>                 } while (code--);
>+		/*
>+		* Zero-out the unused entries
>+		*/
>+		_TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
>+		(CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
>+
> 	}
> 	return (1);
> }
>@@ -415,6 +421,12 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
> 			NextCode(tif, sp, bp, code, GetNextCode);
> 			if (code == CODE_EOI)
> 				break;
>+			if (code == CODE_CLEAR) {
>+				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
>+				"LZWDecode: Corrupted LZW table at scanline %d",
>+				tif->tif_row);
>+				return (0);
>+			}
> 			*op++ = (char)code, occ--;
> 			oldcodep = sp->dec_codetab + code;
> 			continue;
>@@ -612,6 +624,12 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
> 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
> 			if (code == CODE_EOI)
> 				break;
>+			if (code == CODE_CLEAR) {
>+				TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
>+				"LZWDecode: Corrupted LZW table at scanline %d",
>+				tif->tif_row);
>+				return (0);
>+			}
> 			*op++ = code, occ--;
> 			oldcodep = sp->dec_codetab + code;
> 			continue;

Actions: View | Diff

Attachments on bug 234080: 162354 | 162356 | 163378