13 lines
425 B
Plaintext
13 lines
425 B
Plaintext
$OpenBSD: patch-libtiff_tif_next_c,v 1.1 2004/10/20 20:37:48 brad Exp $
|
|
--- libtiff/tif_next.c.orig Fri Jul 11 02:25:25 2003
|
|
+++ libtiff/tif_next.c Wed Oct 20 14:36:37 2004
|
|
@@ -87,7 +87,7 @@ NeXTDecode(TIFF* tif, tidata_t buf, tsiz
|
|
*/
|
|
off = (bp[0] * 256) + bp[1];
|
|
n = (bp[2] * 256) + bp[3];
|
|
- if (cc < 4+n)
|
|
+ if (cc < 4+n || off+n > scanline)
|
|
goto bad;
|
|
_TIFFmemcpy(row+off, bp+4, n);
|
|
bp += 4+n;
|