rpms / compat-libtiff3

Clone
Source Code
GIT

Blame SOURCES/libtiff-ycbcr-clamp.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9-beta
  1.   c8s
  2.   SOURCES
  3.   libtiff-ycbcr-clamp.patch
Blob History Raw
8ca2e9 
Using an array to clamp translated YCbCr values is insecure, because if the
8ca2e9 
TIFF file contains bogus ReferenceBlackWhite parameters, the computed RGB
8ca2e9 
values could be very far out of range (much further than the current array
8ca2e9 
size, anyway), possibly resulting in SIGSEGV.  Just drop the whole idea in
8ca2e9 
favor of using a comparison-based macro to clamp.  See RH bug #583081.
8ca2e9
8ca2e9 
Filed upstream at http://bugzilla.maptools.org/show_bug.cgi?id=2208
8ca2e9
8ca2e9
8ca2e9 
diff -Naur tiff-3.9.2.orig/libtiff/tif_color.c tiff-3.9.2/libtiff/tif_color.c
8ca2e9 
--- tiff-3.9.2.orig/libtiff/tif_color.c	2006-02-09 10:42:20.000000000 -0500
8ca2e9 
+++ tiff-3.9.2/libtiff/tif_color.c	2010-06-10 15:53:24.000000000 -0400
8ca2e9 
@@ -183,13 +183,18 @@
8ca2e9 
 TIFFYCbCrtoRGB(TIFFYCbCrToRGB *ycbcr, uint32 Y, int32 Cb, int32 Cr,
8ca2e9 
 	       uint32 *r, uint32 *g, uint32 *b)
8ca2e9 
 {
8ca2e9 
+	int32 i;
8ca2e9 
+
8ca2e9 
 	/* XXX: Only 8-bit YCbCr input supported for now */
8ca2e9 
 	Y = HICLAMP(Y, 255), Cb = CLAMP(Cb, 0, 255), Cr = CLAMP(Cr, 0, 255);
8ca2e9
8ca2e9 
-	*r = ycbcr->clamptab[ycbcr->Y_tab[Y] + ycbcr->Cr_r_tab[Cr]];
8ca2e9 
-	*g = ycbcr->clamptab[ycbcr->Y_tab[Y]
8ca2e9 
-	    + (int)((ycbcr->Cb_g_tab[Cb] + ycbcr->Cr_g_tab[Cr]) >> SHIFT)];
8ca2e9 
-	*b = ycbcr->clamptab[ycbcr->Y_tab[Y] + ycbcr->Cb_b_tab[Cb]];
8ca2e9 
+	i = ycbcr->Y_tab[Y] + ycbcr->Cr_r_tab[Cr];
8ca2e9 
+	*r = CLAMP(i, 0, 255);
8ca2e9 
+	i = ycbcr->Y_tab[Y]
8ca2e9 
+	    + (int)((ycbcr->Cb_g_tab[Cb] + ycbcr->Cr_g_tab[Cr]) >> SHIFT);
8ca2e9 
+	*g = CLAMP(i, 0, 255);
8ca2e9 
+	i = ycbcr->Y_tab[Y] + ycbcr->Cb_b_tab[Cb];
8ca2e9 
+	*b = CLAMP(i, 0, 255);
8ca2e9 
 }
8ca2e9
8ca2e9 
 /*

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation