Home Explore Help
Sign In
jimmy
/
ood-ports-lbsd
Watch 1
Star 0
Fork 1
Files Issues 1 Pull Requests 1 Wiki
Branch: master
Branches Tags
ood-ports-lbsd
/
graphics
/
tiff
/
patches
/
patch-libtiff_tif_getimage_c

patch-libtiff_tif_getimage_c 9.8 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242 
  1. $OpenBSD: patch-libtiff_tif_getimage_c,v 1.12 2017/05/26 20:50:57 naddy Exp $
    2. 

  2. 

  3. This one is slightly problematic.  If an application allocates less
    4. 

  4. room for its error buffer than the recommended 1024, the error message
    5. 

  5. buffer will still overflow.
    6. 

  6. 

  7. Index: libtiff/tif_getimage.c
    8. 

  8. --- libtiff/tif_getimage.c.orig
    9. 

  9. +++ libtiff/tif_getimage.c
    10. 

  10. @@ -80,7 +80,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    11. 

  11.  	int colorchannels;
    12. 

  12.  
    13. 

  13.  	if (!tif->tif_decodestatus) {
    14. 

  14. -		sprintf(emsg, "Sorry, requested compression method is not configured");
    15. 

  15. +		snprintf(emsg, 1024, "Sorry, requested compression method is not configured");
    16. 

  16.  		return (0);
    17. 

  17.  	}
    18. 

  18.  	switch (td->td_bitspersample) {
    19. 

  19. @@ -91,12 +91,12 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    20. 

  20.  		case 16:
    21. 

  21.  			break;
    22. 

  22.  		default:
    23. 

  23. -			sprintf(emsg, "Sorry, can not handle images with %d-bit samples",
    24. 

  24. +			snprintf(emsg, 1024, "Sorry, can not handle images with %d-bit samples",
    25. 

  25.  			    td->td_bitspersample);
    26. 

  26.  			return (0);
    27. 

  27.  	}
    28. 

  28.          if (td->td_sampleformat == SAMPLEFORMAT_IEEEFP) {
    29. 

  29. -                sprintf(emsg, "Sorry, can not handle images with IEEE floating-point samples");
    30. 

  30. +                snprintf(emsg, 1024, "Sorry, can not handle images with IEEE floating-point samples");
    31. 

  31.                  return (0);
    32. 

  32.          }
    33. 

  33.  	colorchannels = td->td_samplesperpixel - td->td_extrasamples;
    34. 

  34. @@ -109,7 +109,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    35. 

  35.  				photometric = PHOTOMETRIC_RGB;
    36. 

  36.  				break;
    37. 

  37.  			default:
    38. 

  38. -				sprintf(emsg, "Missing needed %s tag", photoTag);
    39. 

  39. +				snprintf(emsg, 1024, "Missing needed %s tag", photoTag);
    40. 

  40.  				return (0);
    41. 

  41.  		}
    42. 

  42.  	}
    43. 

  43. @@ -120,7 +120,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    44. 

  44.  			if (td->td_planarconfig == PLANARCONFIG_CONTIG
    45. 

  45.  			    && td->td_samplesperpixel != 1
    46. 

  46.  			    && td->td_bitspersample < 8 ) {
    47. 

  47. -				sprintf(emsg,
    48. 

  48. +				snprintf(emsg, 1024,
    49. 

  49.  				    "Sorry, can not handle contiguous data with %s=%d, "
    50. 

  50.  				    "and %s=%d and Bits/Sample=%d",
    51. 

  51.  				    photoTag, photometric,
    52. 

  52. @@ -144,7 +144,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    53. 

  53.  			break;
    54. 

  54.  		case PHOTOMETRIC_RGB:
    55. 

  55.  			if (colorchannels < 3) {
    56. 

  56. -				sprintf(emsg, "Sorry, can not handle RGB image with %s=%d",
    57. 

  57. +				snprintf(emsg, 1024, "Sorry, can not handle RGB image with %s=%d",
    58. 

  58.  				    "Color channels", colorchannels);
    59. 

  59.  				return (0);
    60. 

  60.  			}
    61. 

  61. @@ -154,13 +154,13 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    62. 

  62.  				uint16 inkset;
    63. 

  63.  				TIFFGetFieldDefaulted(tif, TIFFTAG_INKSET, &inkset);
    64. 

  64.  				if (inkset != INKSET_CMYK) {
    65. 

  65. -					sprintf(emsg,
    66. 

  66. +					snprintf(emsg, 1024,
    67. 

  67.  					    "Sorry, can not handle separated image with %s=%d",
    68. 

  68.  					    "InkSet", inkset);
    69. 

  69.  					return 0;
    70. 

  70.  				}
    71. 

  71.  				if (td->td_samplesperpixel < 4) {
    72. 

  72. -					sprintf(emsg,
    73. 

  73. +					snprintf(emsg, 1024,
    74. 

  74.  					    "Sorry, can not handle separated image with %s=%d",
    75. 

  75.  					    "Samples/pixel", td->td_samplesperpixel);
    76. 

  76.  					return 0;
    77. 

  77. @@ -169,7 +169,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    78. 

  78.  			}
    79. 

  79.  		case PHOTOMETRIC_LOGL:
    80. 

  80.  			if (td->td_compression != COMPRESSION_SGILOG) {
    81. 

  81. -				sprintf(emsg, "Sorry, LogL data must have %s=%d",
    82. 

  82. +				snprintf(emsg, 1024, "Sorry, LogL data must have %s=%d",
    83. 

  83.  				    "Compression", COMPRESSION_SGILOG);
    84. 

  84.  				return (0);
    85. 

  85.  			}
    86. 

  86. @@ -177,17 +177,17 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    87. 

  87.  		case PHOTOMETRIC_LOGLUV:
    88. 

  88.  			if (td->td_compression != COMPRESSION_SGILOG &&
    89. 

  89.  			    td->td_compression != COMPRESSION_SGILOG24) {
    90. 

  90. -				sprintf(emsg, "Sorry, LogLuv data must have %s=%d or %d",
    91. 

  91. +				snprintf(emsg, 1024, "Sorry, LogLuv data must have %s=%d or %d",
    92. 

  92.  				    "Compression", COMPRESSION_SGILOG, COMPRESSION_SGILOG24);
    93. 

  93.  				return (0);
    94. 

  94.  			}
    95. 

  95.  			if (td->td_planarconfig != PLANARCONFIG_CONTIG) {
    96. 

  96. -				sprintf(emsg, "Sorry, can not handle LogLuv images with %s=%d",
    97. 

  97. +				snprintf(emsg, 1024, "Sorry, can not handle LogLuv images with %s=%d",
    98. 

  98.  				    "Planarconfiguration", td->td_planarconfig);
    99. 

  99.  				return (0);
    100. 

  100.  			}
    101. 

  101.  			if ( td->td_samplesperpixel != 3 || colorchannels != 3 ) {
    102. 

  102. -                                sprintf(emsg,
    103. 

  103. +                                snprintf(emsg, 1024,
    104. 

  104.                                          "Sorry, can not handle image with %s=%d, %s=%d",
    105. 

  105.                                          "Samples/pixel", td->td_samplesperpixel,
    106. 

  106.                                          "colorchannels", colorchannels);
    107. 

  107. @@ -196,7 +196,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    108. 

  108.  			break;
    109. 

  109.  		case PHOTOMETRIC_CIELAB:
    110. 

  110.                          if ( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) {
    111. 

  111. -                                sprintf(emsg,
    112. 

  112. +                                snprintf(emsg, 1024,
    113. 

  113.                                          "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
    114. 

  114.                                          "Samples/pixel", td->td_samplesperpixel,
    115. 

  115.                                          "colorchannels", colorchannels,
    116. 

  116. @@ -205,7 +205,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
    117. 

  117.                          }
    118. 

  118.  			break;
    119. 

  119.                  default:
    120. 

  120. -			sprintf(emsg, "Sorry, can not handle image with %s=%d",
    121. 

  121. +			snprintf(emsg, 1024, "Sorry, can not handle image with %s=%d",
    122. 

  122.  			    photoTag, photometric);
    123. 

  123.  			return (0);
    124. 

  124.  	}
    125. 

  125. @@ -303,7 +303,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    126. 

  126.  		case 16:
    127. 

  127.  			break;
    128. 

  128.  		default:
    129. 

  129. -			sprintf(emsg, "Sorry, can not handle images with %d-bit samples",
    130. 

  130. +			snprintf(emsg, 1024, "Sorry, can not handle images with %d-bit samples",
    131. 

  131.  			    img->bitspersample);
    132. 

  132.  			goto fail_return;
    133. 

  133.  	}
    134. 

  134. @@ -353,7 +353,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    135. 

  135.  				img->photometric = PHOTOMETRIC_RGB;
    136. 

  136.  				break;
    137. 

  137.  			default:
    138. 

  138. -				sprintf(emsg, "Missing needed %s tag", photoTag);
    139. 

  139. +				snprintf(emsg, 1024, "Missing needed %s tag", photoTag);
    140. 

  140.                                  goto fail_return;
    141. 

  141.  		}
    142. 

  142.  	}
    143. 

  143. @@ -361,7 +361,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    144. 

  144.  		case PHOTOMETRIC_PALETTE:
    145. 

  145.  			if (!TIFFGetField(tif, TIFFTAG_COLORMAP,
    146. 

  146.  			    &red_orig, &green_orig, &blue_orig)) {
    147. 

  147. -				sprintf(emsg, "Missing required \"Colormap\" tag");
    148. 

  148. +				snprintf(emsg, 1024, "Missing required \"Colormap\" tag");
    149. 

  149.                                  goto fail_return;
    150. 

  150.  			}
    151. 

  151.  
    152. 

  152. @@ -371,7 +371,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    153. 

  153.  			img->greencmap = (uint16 *) _TIFFmalloc(sizeof(uint16)*n_color);
    154. 

  154.  			img->bluecmap = (uint16 *) _TIFFmalloc(sizeof(uint16)*n_color);
    155. 

  155.  			if( !img->redcmap || !img->greencmap || !img->bluecmap ) {
    156. 

  156. -				sprintf(emsg, "Out of memory for colormap copy");
    157. 

  157. +				snprintf(emsg, 1024, "Out of memory for colormap copy");
    158. 

  158.                                  goto fail_return;
    159. 

  159.  			}
    160. 

  160.  
    161. 

  161. @@ -385,7 +385,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    162. 

  162.  			if (planarconfig == PLANARCONFIG_CONTIG
    163. 

  163.  			    && img->samplesperpixel != 1
    164. 

  164.  			    && img->bitspersample < 8 ) {
    165. 

  165. -				sprintf(emsg,
    166. 

  166. +				snprintf(emsg, 1024,
    167. 

  167.  				    "Sorry, can not handle contiguous data with %s=%d, "
    168. 

  168.  				    "and %s=%d and Bits/Sample=%d",
    169. 

  169.  				    photoTag, img->photometric,
    170. 

  170. @@ -422,7 +422,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    171. 

  171.  			break;
    172. 

  172.  		case PHOTOMETRIC_RGB:
    173. 

  173.  			if (colorchannels < 3) {
    174. 

  174. -				sprintf(emsg, "Sorry, can not handle RGB image with %s=%d",
    175. 

  175. +				snprintf(emsg, 1024, "Sorry, can not handle RGB image with %s=%d",
    176. 

  176.  				    "Color channels", colorchannels);
    177. 

  177.                                  goto fail_return;
    178. 

  178.  			}
    179. 

  179. @@ -432,12 +432,12 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    180. 

  180.  				uint16 inkset;
    181. 

  181.  				TIFFGetFieldDefaulted(tif, TIFFTAG_INKSET, &inkset);
    182. 

  182.  				if (inkset != INKSET_CMYK) {
    183. 

  183. -					sprintf(emsg, "Sorry, can not handle separated image with %s=%d",
    184. 

  184. +					snprintf(emsg, 1024, "Sorry, can not handle separated image with %s=%d",
    185. 

  185.  					    "InkSet", inkset);
    186. 

  186.                                          goto fail_return;
    187. 

  187.  				}
    188. 

  188.  				if (img->samplesperpixel < 4) {
    189. 

  189. -					sprintf(emsg, "Sorry, can not handle separated image with %s=%d",
    190. 

  190. +					snprintf(emsg, 1024, "Sorry, can not handle separated image with %s=%d",
    191. 

  191.  					    "Samples/pixel", img->samplesperpixel);
    192. 

  192.                                          goto fail_return;
    193. 

  193.  				}
    194. 

  194. @@ -445,7 +445,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    195. 

  195.  			break;
    196. 

  196.  		case PHOTOMETRIC_LOGL:
    197. 

  197.  			if (compress != COMPRESSION_SGILOG) {
    198. 

  198. -				sprintf(emsg, "Sorry, LogL data must have %s=%d",
    199. 

  199. +				snprintf(emsg, 1024, "Sorry, LogL data must have %s=%d",
    200. 

  200.  				    "Compression", COMPRESSION_SGILOG);
    201. 

  201.                                  goto fail_return;
    202. 

  202.  			}
    203. 

  203. @@ -455,12 +455,12 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    204. 

  204.  			break;
    205. 

  205.  		case PHOTOMETRIC_LOGLUV:
    206. 

  206.  			if (compress != COMPRESSION_SGILOG && compress != COMPRESSION_SGILOG24) {
    207. 

  207. -				sprintf(emsg, "Sorry, LogLuv data must have %s=%d or %d",
    208. 

  208. +				snprintf(emsg, 1024, "Sorry, LogLuv data must have %s=%d or %d",
    209. 

  209.  				    "Compression", COMPRESSION_SGILOG, COMPRESSION_SGILOG24);
    210. 

  210.                                  goto fail_return;
    211. 

  211.  			}
    212. 

  212.  			if (planarconfig != PLANARCONFIG_CONTIG) {
    213. 

  213. -				sprintf(emsg, "Sorry, can not handle LogLuv images with %s=%d",
    214. 

  214. +				snprintf(emsg, 1024, "Sorry, can not handle LogLuv images with %s=%d",
    215. 

  215.  				    "Planarconfiguration", planarconfig);
    216. 

  216.  				return (0);
    217. 

  217.  			}
    218. 

  218. @@ -471,7 +471,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    219. 

  219.  		case PHOTOMETRIC_CIELAB:
    220. 

  220.  			break;
    221. 

  221.  		default:
    222. 

  222. -			sprintf(emsg, "Sorry, can not handle image with %s=%d",
    223. 

  223. +			snprintf(emsg, 1024, "Sorry, can not handle image with %s=%d",
    224. 

  224.  			    photoTag, img->photometric);
    225. 

  225.                          goto fail_return;
    226. 

  226.  	}
    227. 

  227. @@ -482,12 +482,12 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
    228. 

  228.  	    !(planarconfig == PLANARCONFIG_SEPARATE && img->samplesperpixel > 1);
    229. 

  229.  	if (img->isContig) {
    230. 

  230.  		if (!PickContigCase(img)) {
    231. 

  231. -			sprintf(emsg, "Sorry, can not handle image");
    232. 

  232. +			snprintf(emsg, 1024, "Sorry, can not handle image");
    233. 

  233.  			goto fail_return;
    234. 

  234.  		}
    235. 

  235.  	} else {
    236. 

  236.  		if (!PickSeparateCase(img)) {
    237. 

  237. -			sprintf(emsg, "Sorry, can not handle image");
    238. 

  238. +			snprintf(emsg, 1024, "Sorry, can not handle image");
    239. 

  239.  			goto fail_return;
    240. 

  240.  		}
    241. 

  241.  	}
    242. 

  242.