openbsd-ports/graphics/tiff/patches/patch-libtiff_tif_dirwrite_c

$OpenBSD: patch-libtiff_tif_dirwrite_c,v 1.1 2004/10/20 20:37:48 brad Exp $
--- libtiff/tif_dirwrite.c.orig	Mon Dec 22 03:22:15 2003
+++ libtiff/tif_dirwrite.c	Wed Oct 20 14:38:11 2004
@@ -692,8 +692,14 @@ TIFFWritePerSampleShorts(TIFF* tif, ttag
 	uint16* w = buf;
 	int i, status, samples = tif->tif_dir.td_samplesperpixel;
 
-	if (samples > NITEMS(buf))
+	if (samples > NITEMS(buf)) {
 		w = (uint16*) _TIFFmalloc(samples * sizeof (uint16));
+		if (w == NULL) {
+			TIFFError(tif->tif_name,
+			    "No space to write per-sample shorts");
+			return (0);
+		}
+	}
 	TIFFGetField(tif, tag, &v);
 	for (i = 0; i < samples; i++)
 		w[i] = v;
@@ -717,8 +723,14 @@ TIFFWritePerSampleAnys(TIFF* tif,
 	int i, status;
 	int samples = (int) tif->tif_dir.td_samplesperpixel;
 
-	if (samples > NITEMS(buf))
+	if (samples > NITEMS(buf)) {
 		w = (double*) _TIFFmalloc(samples * sizeof (double));
+		if (w == NULL) {
+			TIFFError(tif->tif_name,
+			    "No space to write per-sample values");
+			return (0);
+		}
+	}
 	TIFFGetField(tif, tag, &v);
 	for (i = 0; i < samples; i++)
 		w[i] = v;
@@ -840,6 +852,11 @@ TIFFWriteRationalArray(TIFF* tif,
 	dir->tdir_type = (short) type;
 	dir->tdir_count = n;
 	t = (uint32*) _TIFFmalloc(2*n * sizeof (uint32));
+	if (t == NULL) {
+		TIFFError(tif->tif_name,
+		    "No space to write RATIONAL array");
+		return (0);
+	}
 	for (i = 0; i < n; i++) {
 		float fv = v[i];
 		int sign = 1;
@@ -910,8 +927,14 @@ TIFFWriteAnyArray(TIFF* tif,
 	char* w = buf;
 	int i, status = 0;
 
-	if (n * TIFFDataWidth(type) > sizeof buf)
+	if (n * TIFFDataWidth(type) > sizeof buf) {
 		w = (char*) _TIFFmalloc(n * TIFFDataWidth(type));
+		if (w == NULL) {
+			TIFFError(tif->tif_name,
+			    "No space to write array");
+			return (0);
+		}
+	}
 	switch (type) {
 	case TIFF_BYTE:
 		{ uint8* bp = (uint8*) w;