|
|
460672 |
From f4ee7a53cc422490986225c49f92935b3ba52866 Mon Sep 17 00:00:00 2001
|
|
|
460672 |
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
|
|
|
460672 |
Date: Thu, 13 Dec 2018 17:06:44 +0100
|
|
|
460672 |
Subject: [PATCH] Fix Covscan defects
|
|
|
460672 |
|
|
|
460672 |
---
|
|
|
460672 |
contrib/addtiffo/addtiffo.c | 3 ++-
|
|
|
460672 |
libtiff/tif_dir.c | 2 +-
|
|
|
460672 |
libtiff/tif_ojpeg.c | 7 ++++++-
|
|
|
460672 |
tools/gif2tiff.c | 21 +++++++++++++++------
|
|
|
460672 |
tools/ras2tiff.c | 22 +++++++++++++++++++++-
|
|
|
460672 |
tools/rasterfile.h | 16 +++++++++-------
|
|
|
460672 |
tools/tiffcrop.c | 4 ++++
|
|
|
460672 |
7 files changed, 58 insertions(+), 17 deletions(-)
|
|
|
460672 |
|
|
|
460672 |
diff --git a/contrib/addtiffo/addtiffo.c b/contrib/addtiffo/addtiffo.c
|
|
|
460672 |
index d3920e2..47f5fa8 100644
|
|
|
460672 |
--- a/contrib/addtiffo/addtiffo.c
|
|
|
460672 |
+++ b/contrib/addtiffo/addtiffo.c
|
|
|
460672 |
@@ -120,7 +120,8 @@ int main( int argc, char ** argv )
|
|
|
460672 |
while( nOverviewCount < argc - 2 && nOverviewCount < 100 )
|
|
|
460672 |
{
|
|
|
460672 |
anOverviews[nOverviewCount] = atoi(argv[nOverviewCount+2]);
|
|
|
460672 |
- if( anOverviews[nOverviewCount] <= 0)
|
|
|
460672 |
+ if( (anOverviews[nOverviewCount] <= 0) ||
|
|
|
460672 |
+ ((anOverviews[nOverviewCount] > 1024)))
|
|
|
460672 |
{
|
|
|
460672 |
fprintf( stderr, "Incorrect parameters\n" );
|
|
|
460672 |
return(1);
|
|
|
460672 |
diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c
|
|
|
460672 |
index f812fa2..9c613da 100644
|
|
|
460672 |
--- a/libtiff/tif_dir.c
|
|
|
460672 |
+++ b/libtiff/tif_dir.c
|
|
|
460672 |
@@ -706,7 +706,7 @@ badvaluedouble:
|
|
|
460672 |
TIFFErrorExt(tif->tif_clientdata, module,
|
|
|
460672 |
"%s: Bad value %f for \"%s\" tag",
|
|
|
460672 |
tif->tif_name, dblval,
|
|
|
460672 |
- fip->field_name);
|
|
|
460672 |
+ fip ? fip->field_name : "Unknown");
|
|
|
460672 |
va_end(ap);
|
|
|
460672 |
}
|
|
|
460672 |
return (0);
|
|
|
460672 |
diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
|
|
|
460672 |
index 6ea3c38..1d9c77c 100644
|
|
|
460672 |
--- a/libtiff/tif_ojpeg.c
|
|
|
460672 |
+++ b/libtiff/tif_ojpeg.c
|
|
|
460672 |
@@ -528,6 +528,8 @@ OJPEGVSetField(TIFF* tif, uint32 tag, va_list ap)
|
|
|
460672 |
uint32 ma;
|
|
|
460672 |
uint64* mb;
|
|
|
460672 |
uint32 n;
|
|
|
460672 |
+ const TIFFField* fip;
|
|
|
460672 |
+
|
|
|
460672 |
switch(tag)
|
|
|
460672 |
{
|
|
|
460672 |
case TIFFTAG_JPEGIFOFFSET:
|
|
|
460672 |
@@ -597,7 +599,10 @@ OJPEGVSetField(TIFF* tif, uint32 tag, va_list ap)
|
|
|
460672 |
default:
|
|
|
460672 |
return (*sp->vsetparent)(tif,tag,ap);
|
|
|
460672 |
}
|
|
|
460672 |
- TIFFSetFieldBit(tif,TIFFFieldWithTag(tif,tag)->field_bit);
|
|
|
460672 |
+ fip = TIFFFieldWithTag(tif,tag);
|
|
|
460672 |
+ if( fip == NULL ) /* shouldn't happen */
|
|
|
460672 |
+ return(0);
|
|
|
460672 |
+ TIFFSetFieldBit(tif,fip->field_bit);
|
|
|
460672 |
tif->tif_flags|=TIFF_DIRTYDIRECT;
|
|
|
460672 |
return(1);
|
|
|
460672 |
}
|
|
|
460672 |
diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c
|
|
|
460672 |
index e89ac5b..012345d 100644
|
|
|
460672 |
--- a/tools/gif2tiff.c
|
|
|
460672 |
+++ b/tools/gif2tiff.c
|
|
|
460672 |
@@ -38,6 +38,7 @@
|
|
|
460672 |
#include <stdio.h>
|
|
|
460672 |
#include <stdlib.h>
|
|
|
460672 |
#include <string.h>
|
|
|
460672 |
+#include <errno.h>
|
|
|
460672 |
#include <math.h>
|
|
|
460672 |
|
|
|
460672 |
#ifdef HAVE_UNISTD_H
|
|
|
460672 |
@@ -266,13 +267,15 @@ readgifimage(char* mode)
|
|
|
460672 |
unsigned char localmap[256][3];
|
|
|
460672 |
int localbits;
|
|
|
460672 |
int status;
|
|
|
460672 |
+ size_t raster_size;
|
|
|
460672 |
|
|
|
460672 |
- if (fread(buf, 1, 9, infile) == 0) {
|
|
|
460672 |
- perror(filename);
|
|
|
460672 |
+ if (fread(buf, 1, 9, infile) != 9) {
|
|
|
460672 |
+ fprintf(stderr, "short read from file %s (%s)\n",
|
|
|
460672 |
+ filename, strerror(errno));
|
|
|
460672 |
return (0);
|
|
|
460672 |
}
|
|
|
460672 |
- width = buf[4] + (buf[5] << 8);
|
|
|
460672 |
- height = buf[6] + (buf[7] << 8);
|
|
|
460672 |
+ width = (buf[4] + (buf[5] << 8)) & 0xffff; /* 16 bit */
|
|
|
460672 |
+ height = (buf[6] + (buf[7] << 8)) & 0xffff; /* 16 bit */
|
|
|
460672 |
local = buf[8] & 0x80;
|
|
|
460672 |
interleaved = buf[8] & 0x40;
|
|
|
460672 |
|
|
|
460672 |
@@ -280,11 +283,17 @@ readgifimage(char* mode)
|
|
|
460672 |
fprintf(stderr, "no colormap present for image\n");
|
|
|
460672 |
return (0);
|
|
|
460672 |
}
|
|
|
460672 |
- if (width == 0 || height == 0) {
|
|
|
460672 |
+ if (width == 0UL || height == 0UL || (width > 2000000000UL / height)) {
|
|
|
460672 |
fprintf(stderr, "Invalid value of width or height\n");
|
|
|
460672 |
return(0);
|
|
|
460672 |
}
|
|
|
460672 |
- if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
|
|
|
460672 |
+ raster_size=width*height;
|
|
|
460672 |
+ if ((raster_size/width) == height) {
|
|
|
460672 |
+ raster_size += EXTRAFUDGE; /* Add elbow room */
|
|
|
460672 |
+ } else {
|
|
|
460672 |
+ raster_size=0;
|
|
|
460672 |
+ }
|
|
|
460672 |
+ if ((raster = (unsigned char*) _TIFFmalloc(raster_size)) == NULL) {
|
|
|
460672 |
fprintf(stderr, "not enough memory for image\n");
|
|
|
460672 |
return (0);
|
|
|
460672 |
}
|
|
|
460672 |
diff --git a/tools/ras2tiff.c b/tools/ras2tiff.c
|
|
|
460672 |
index ec8a071..007dd8c 100644
|
|
|
460672 |
--- a/tools/ras2tiff.c
|
|
|
460672 |
+++ b/tools/ras2tiff.c
|
|
|
460672 |
@@ -30,6 +30,7 @@
|
|
|
460672 |
#include <stdlib.h>
|
|
|
460672 |
#include <string.h>
|
|
|
460672 |
#include <ctype.h>
|
|
|
460672 |
+#include <limits.h>
|
|
|
460672 |
|
|
|
460672 |
#ifdef HAVE_UNISTD_H
|
|
|
460672 |
# include <unistd.h>
|
|
|
460672 |
@@ -122,6 +123,25 @@ main(int argc, char* argv[])
|
|
|
460672 |
fclose(in);
|
|
|
460672 |
return (-3);
|
|
|
460672 |
}
|
|
|
460672 |
+ if ((h.ras_width <= 0) || (h.ras_width >= INT_MAX) ||
|
|
|
460672 |
+ (h.ras_height <= 0) || (h.ras_height >= INT_MAX) ||
|
|
|
460672 |
+ (h.ras_depth <= 0) || (h.ras_depth >= INT_MAX) ||
|
|
|
460672 |
+ (h.ras_length <= 0) || (h.ras_length >= INT_MAX) ||
|
|
|
460672 |
+ (h.ras_type < 0) ||
|
|
|
460672 |
+ (h.ras_maptype < 0) ||
|
|
|
460672 |
+ (h.ras_maplength < 0) || (h.ras_maplength >= INT_MAX)) {
|
|
|
460672 |
+ fprintf(stderr, "%s: Improper image header.\n", argv[optind]);
|
|
|
460672 |
+ fclose(in);
|
|
|
460672 |
+ return (-2);
|
|
|
460672 |
+ }
|
|
|
460672 |
+ if ((h.ras_depth != 1) &&
|
|
|
460672 |
+ (h.ras_depth != 8) &&
|
|
|
460672 |
+ (h.ras_depth != 24)) {
|
|
|
460672 |
+ fprintf(stderr, "%s: Improper image depth (%d).\n",
|
|
|
460672 |
+ argv[optind], h.ras_depth);
|
|
|
460672 |
+ fclose(in);
|
|
|
460672 |
+ return (-2);
|
|
|
460672 |
+ }
|
|
|
460672 |
out = TIFFOpen(argv[optind+1], "w");
|
|
|
460672 |
if (out == NULL)
|
|
|
460672 |
{
|
|
|
460672 |
@@ -153,7 +173,7 @@ main(int argc, char* argv[])
|
|
|
460672 |
mapsize = 1<
|
|
|
460672 |
if (h.ras_maplength > mapsize*3) {
|
|
|
460672 |
fprintf(stderr,
|
|
|
460672 |
- "%s: Huh, %ld colormap entries, should be %d?\n",
|
|
|
460672 |
+ "%s: Huh, %d colormap entries, should be %d?\n",
|
|
|
460672 |
argv[optind], h.ras_maplength, mapsize*3);
|
|
|
460672 |
return (-7);
|
|
|
460672 |
}
|
|
|
460672 |
diff --git a/tools/rasterfile.h b/tools/rasterfile.h
|
|
|
460672 |
index 833e095..33da707 100644
|
|
|
460672 |
--- a/tools/rasterfile.h
|
|
|
460672 |
+++ b/tools/rasterfile.h
|
|
|
460672 |
@@ -1,17 +1,19 @@
|
|
|
460672 |
/* $Header: /cvs/libtiff/tools/rasterfile.h,v 1.3 2003/11/12 19:14:33 dron Exp $ */
|
|
|
460672 |
|
|
|
460672 |
+#include "tiff.h"
|
|
|
460672 |
+
|
|
|
460672 |
/*
|
|
|
460672 |
* Description of header for files containing raster images
|
|
|
460672 |
*/
|
|
|
460672 |
struct rasterfile {
|
|
|
460672 |
char ras_magic[4]; /* magic number */
|
|
|
460672 |
- long ras_width; /* width (pixels) of image */
|
|
|
460672 |
- long ras_height; /* height (pixels) of image */
|
|
|
460672 |
- long ras_depth; /* depth (1, 8, or 24 bits) of pixel */
|
|
|
460672 |
- long ras_length; /* length (bytes) of image */
|
|
|
460672 |
- long ras_type; /* type of file; see RT_* below */
|
|
|
460672 |
- long ras_maptype; /* type of colormap; see RMT_* below */
|
|
|
460672 |
- long ras_maplength; /* length (bytes) of following map */
|
|
|
460672 |
+ int32 ras_width; /* width (pixels) of image */
|
|
|
460672 |
+ int32 ras_height; /* height (pixels) of image */
|
|
|
460672 |
+ int32 ras_depth; /* depth (1, 8, or 24 bits) of pixel */
|
|
|
460672 |
+ int32 ras_length; /* length (bytes) of image */
|
|
|
460672 |
+ int32 ras_type; /* type of file; see RT_* below */
|
|
|
460672 |
+ int32 ras_maptype; /* type of colormap; see RMT_* below */
|
|
|
460672 |
+ int32 ras_maplength; /* length (bytes) of following map */
|
|
|
460672 |
/* color map follows for ras_maplength bytes, followed by image */
|
|
|
460672 |
};
|
|
|
460672 |
#define RAS_MAGIC "\x59\xa6\x6a\x95"
|
|
|
460672 |
diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
|
|
|
460672 |
index 0192f3f..ae6ec1a 100644
|
|
|
460672 |
--- a/tools/tiffcrop.c
|
|
|
460672 |
+++ b/tools/tiffcrop.c
|
|
|
460672 |
@@ -2029,6 +2029,10 @@ void process_command_opts (int argc, char *argv[], char *mp, char *mode, uint32
|
|
|
460672 |
{
|
|
|
460672 |
crop_data->zones++;
|
|
|
460672 |
opt_offset = strchr(opt_ptr, ':');
|
|
|
460672 |
+ if (!opt_offset) {
|
|
|
460672 |
+ TIFFError("Wrong parameter syntax for -Z", "tiffcrop -h");
|
|
|
460672 |
+ exit(-1);
|
|
|
460672 |
+ }
|
|
|
460672 |
*opt_offset = '\0';
|
|
|
460672 |
crop_data->zonelist[i].position = atoi(opt_ptr);
|
|
|
460672 |
crop_data->zonelist[i].total = atoi(opt_offset + 1);
|
|
|
460672 |
--
|
|
|
460672 |
2.21.0
|
|
|
460672 |
|