AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

1998.06.08 13:53 "TIFFLib 3.4 beta 8, PackBits decoding", by Hansjoerg Oppermann

Hi,

i have found a problem in the tifflib V3.4 beta 37.

We have an image with corrupt PackBits compression. It faild to decompress with a memory injury. I have added some check before writing.

tif_packbits.c:
209a210
>       tidata_t end_op = op + occ;
214c215
<       while (cc > 0 && (long)occ > 0) {
---
>       while (cc > 0 && (long)occ > 0 && op < end_op) {
228c229
<                       while (n-- > 0)
---
>                       while (n-- > 0 && op < end_op)
231c232,233
<                       _TIFFmemcpy(op, bp, ++n);
---
>                       if (op + n + 1 < end_op)
>                               _TIFFmemcpy(op, bp, ++n);

Thanks for your great TIFF library,

Oppermann