074c5b8678
RHBZ#528732).
40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
--- camlimages-2.2.orig/tiff/tiffread.c 2004-09-21 22:56:44.000000000 +0100
|
|
+++ camlimages-2.2.tiff/tiff/tiffread.c 2009-10-16 10:47:32.515257997 +0100
|
|
@@ -18,6 +18,13 @@
|
|
#include <caml/memory.h>
|
|
#include <caml/fail.h>
|
|
|
|
+#include <limits.h>
|
|
+#define oversized(x, y) \
|
|
+ ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
|
|
+
|
|
+#define failwith_oversized(lib) \
|
|
+ failwith("#lib error: image contains oversized or bogus width and height");
|
|
+
|
|
#if HAVE_TIFF
|
|
|
|
/* These are defined in caml/config.h */
|
|
@@ -68,6 +75,10 @@
|
|
TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
|
|
TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric);
|
|
|
|
+ if (oversized (imagewidth, imagelength)) {
|
|
+ failwith_oversized("tiff");
|
|
+ }
|
|
+
|
|
if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){
|
|
if( imagebits != 8 ){
|
|
failwith("Sorry, tiff rgb file must be 24bit-color");
|
|
@@ -156,6 +167,11 @@
|
|
TIFFGetField(tif, TIFFTAG_RESOLUTIONUNIT, &runit);
|
|
TIFFGetField(tif, TIFFTAG_XRESOLUTION, &xres);
|
|
TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
|
|
+
|
|
+ if (oversized (imagewidth, imagelength)) {
|
|
+ failwith_oversized("tiff");
|
|
+ }
|
|
+
|
|
if( imagesample != 3 || imagebits != 8 ) {
|
|
failwith("tiff file is not in the 24 bit RGB format");
|
|
}
|