From 5f92eab76505fc6be2e5373390591a55be489b21 Mon Sep 17 00:00:00 2001 From: Dan Sinclair Date: Mon, 9 Jan 2017 09:50:50 -0500 Subject: [libtiff] Validate refblackwhite values The td_refblackwhite value is currently assigned without validation. This may pose an issue as the image can specify the value as nan. This will cause problems later when we use the nan in calcluations. This CL validates each of the float values are not nan and if they are sets them to the default provided by the TIFF spec v6. BUG=chromium:632883 Change-Id: I17b01f744d3f5247c4bd3f42765a27b611dc7d8c Reviewed-on: https://pdfium-review.googlesource.com/2151 Commit-Queue: dsinclair Reviewed-by: Tom Sepez --- third_party/libtiff/0013-validate-refblackwhite.patch | 19 +++++++++++++++++++ third_party/libtiff/README.pdfium | 1 + third_party/libtiff/tif_dir.c | 8 ++++++++ 3 files changed, 28 insertions(+) create mode 100644 third_party/libtiff/0013-validate-refblackwhite.patch diff --git a/third_party/libtiff/0013-validate-refblackwhite.patch b/third_party/libtiff/0013-validate-refblackwhite.patch new file mode 100644 index 0000000000..a314fbdc3f --- /dev/null +++ b/third_party/libtiff/0013-validate-refblackwhite.patch @@ -0,0 +1,19 @@ +diff --git a/third_party/libtiff/tif_dir.c b/third_party/libtiff/tif_dir.c +index 73212c02d..16ce3d3ce 100644 +--- a/third_party/libtiff/tif_dir.c ++++ b/third_party/libtiff/tif_dir.c +@@ -426,6 +426,14 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) + case TIFFTAG_REFERENCEBLACKWHITE: + /* XXX should check for null range */ + _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6); ++ for (int i = 0; i < 6; i++) { ++ if (isnan(td->td_refblackwhite[i])) { ++ if (i % 2 == 0) ++ td->td_refblackwhite[i] = 0; ++ else ++ td->td_refblackwhite[i] = pow(2, td->td_bitspersample) - 1; ++ } ++ } + break; + case TIFFTAG_INKNAMES: + v = (uint16) va_arg(ap, uint16_vap); diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium index c55fc63f36..9acd4c7f63 100644 --- a/third_party/libtiff/README.pdfium +++ b/third_party/libtiff/README.pdfium @@ -22,3 +22,4 @@ Local Modifications: 0010-fix-leak-imagebegin: Fix a leak when TIFFRGBAImageBegin fails 0011-fix-leak-imagebegin2: Apply upstream fix related to our previous patch 0012-initialize-tif-rawdata.patch: Initialize tif_rawdata to guard against unitialized access +0013-validate-refblackwhite.patch: Make sure the refblackwhite values aren't nan. diff --git a/third_party/libtiff/tif_dir.c b/third_party/libtiff/tif_dir.c index 73212c02db..16ce3d3cee 100644 --- a/third_party/libtiff/tif_dir.c +++ b/third_party/libtiff/tif_dir.c @@ -426,6 +426,14 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap) case TIFFTAG_REFERENCEBLACKWHITE: /* XXX should check for null range */ _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6); + for (int i = 0; i < 6; i++) { + if (isnan(td->td_refblackwhite[i])) { + if (i % 2 == 0) + td->td_refblackwhite[i] = 0; + else + td->td_refblackwhite[i] = pow(2, td->td_bitspersample) - 1; + } + } break; case TIFFTAG_INKNAMES: v = (uint16) va_arg(ap, uint16_vap); -- cgit v1.2.3