From 728dc6a600cf4cbdac846964c85cc04339db8ac1 Mon Sep 17 00:00:00 2001 From: Cristy Date: Wed, 24 Aug 2016 09:45:35 -0400 Subject: [PATCH] Fix TIFF divide by zero (bug report from Donghai Zhu) --- ChangeLog | 4 ++-- coders/tiff.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 12c8c95f0..56e92f92e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,8 @@ 2016-08-15 7.0.2-10 Cristy * Prevent buffer overflow in BMP & SGI coders (bug report from pwchen&rayzhong of tencent). - * Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders (bug report - from Donghai Zhu). + * Prevent buffer overflow and other problems in SIXEL, PDB, MAP, TIFF and + CALS coders (bug report from Donghai Zhu). 2016-08-14 7.0.2-9 Cristy * Release ImageMagick version 7.0.2-9, GIT revision 18707:2c02f09:20160814. diff --git a/coders/tiff.c b/coders/tiff.c index 32ed20427..4d0334b62 100644 --- a/coders/tiff.c +++ b/coders/tiff.c @@ -3479,7 +3479,9 @@ static MagickBooleanType WriteTIFFImage(const ImageInfo *image_info, if ((image_info->interlace == PlaneInterlace) || (image_info->interlace == PartitionInterlace)) (void) TIFFSetField(tiff,TIFFTAG_PLANARCONFIG,PLANARCONFIG_SEPARATE); - rows_per_strip=TIFFDefaultStripSize(tiff,0); + rows_per_strip=1; + if (TIFFScanlineSize(tiff) != 0) + rows_per_strip=TIFFDefaultStripSize(tiff,0); option=GetImageOption(image_info,"tiff:rows-per-strip"); if (option != (const char *) NULL) rows_per_strip=(size_t) strtol(option,(char **) NULL,10); -- 2.40.0