diff options
author | Nicolas Pena <npm@chromium.org> | 2017-05-15 14:57:02 -0400 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2017-05-15 19:10:54 +0000 |
commit | c4722a7a3b3274fb066c2aac4eb3717e648b3004 (patch) | |
tree | 96225b63556040c47f8d388187a19b675f83074d /third_party/libtiff/tif_packbits.c | |
parent | f5676902418f4914bacbe32ccf8f7ff562518554 (diff) | |
download | pdfium-c4722a7a3b3274fb066c2aac4eb3717e648b3004.tar.xz |
Libtiff: upstream fix for heap buffer overflow
Upstream patch:
https://github.com/vadz/libtiff/commit/5a4eceed8d2f28d05f49add9ce647684d59d461a
Bug: chromium:722071
Change-Id: Idef412edbeb3255375ab18c68721dbaf7c601119
Reviewed-on: https://pdfium-review.googlesource.com/5511
Commit-Queue: dsinclair <dsinclair@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'third_party/libtiff/tif_packbits.c')
-rw-r--r-- | third_party/libtiff/tif_packbits.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/third_party/libtiff/tif_packbits.c b/third_party/libtiff/tif_packbits.c index d2a0165de9..92185e7f74 100644 --- a/third_party/libtiff/tif_packbits.c +++ b/third_party/libtiff/tif_packbits.c @@ -244,6 +244,12 @@ PackBitsDecode(TIFF* tif, uint8* op, tmsize_t occ, uint16 s) (unsigned long) ((tmsize_t)n - occ)); n = (long)occ; } + if( cc == 0 ) + { + TIFFWarningExt(tif->tif_clientdata, module, + "Terminating PackBitsDecode due to lack of data."); + break; + } occ -= n; b = *bp++; cc--; |