1998.06.08 13:53 "TIFFLib 3.4 beta 8, PackBits decoding", by Hansjoerg Oppermann
Hi,
i have found a problem in the tifflib V3.4 beta 37.
We have an image with corrupt PackBits compression. It faild to decompress with a memory injury. I have added some check before writing.
tif_packbits.c:
209a210
> tidata_t end_op = op + occ;
214c215
< while (cc > 0 && (long)occ > 0) {
---
> while (cc > 0 && (long)occ > 0 && op < end_op) {
228c229
< while (n-- > 0)
---
> while (n-- > 0 && op < end_op)
231c232,233
< _TIFFmemcpy(op, bp, ++n);
---
> if (op + n + 1 < end_op)
> _TIFFmemcpy(op, bp, ++n);
Thanks for your great TIFF library,
Oppermann