]> granicus.if.org Git - imagemagick/commitdiff
projects / imagemagick / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ae2e0fb)
Prevent possible buffer overflow when reading TIFF images (bug report from Shi Pu...
authorCristy <urban-warrior@imagemagick.org>
Thu, 14 Jul 2016 10:28:00 +0000 (06:28 -0400)
committerCristy <urban-warrior@imagemagick.org>
Thu, 14 Jul 2016 10:28:00 +0000 (06:28 -0400)
ChangeLog patch | blob | history
coders/tiff.c patch | blob | history

diff --git a/ChangeLog b/ChangeLog
index 640e37f49e28ba1000dfb2cecd073d605f09ef34..cd0e834b4dc192a7cbc6b5f4bcbab8c307dbf57c 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 2016-07-13  7.0.2-5 Cristy  <quetzlzacatenango@image...>
   * Fix MVG stroke-opacity (reference
     https://github.com/ImageMagick/ImageMagick/issues/229).
+  * Prevent possible buffer overflow when reading TIFF images (bug report from
+    Shi Pu of MS509 Team).
 
 2016-07-11  7.0.2-4 Cristy  <quetzlzacatenango@image...>
   * Release ImageMagick version 7.0.2-4, GIT revision 18591:50debe5:20160710.
diff --git a/coders/tiff.c b/coders/tiff.c
index 969de7093802800c27ef64a157000f7fd960fe2c..fd171099d37698fe48ff1808204aea464848a4c1 100644 (file)
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1629,7 +1629,8 @@ RestoreMSCWarning
               quantum_type=GrayQuantum;
               pad=(size_t) MagickMax((size_t) samples_per_pixel-1,0);
             }
-        status=SetQuantumPad(image,quantum_info,pad*((bits_per_sample+7) >> 3));
+        status=SetQuantumPad(image,quantum_info,pad*pow(2,ceil(log(
+          bits_per_sample)/log(2))));
         if (status == MagickFalse)
           {
             TIFFClose(tiff);
Unnamed repository; edit this file 'description' to name the repository.