242 lines
9.8 KiB
Plaintext
242 lines
9.8 KiB
Plaintext
$OpenBSD: patch-libtiff_tif_getimage_c,v 1.12 2017/05/26 20:50:57 naddy Exp $
|
|
|
|
This one is slightly problematic. If an application allocates less
|
|
room for its error buffer than the recommended 1024, the error message
|
|
buffer will still overflow.
|
|
|
|
Index: libtiff/tif_getimage.c
|
|
--- libtiff/tif_getimage.c.orig
|
|
+++ libtiff/tif_getimage.c
|
|
@@ -80,7 +80,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
int colorchannels;
|
|
|
|
if (!tif->tif_decodestatus) {
|
|
- sprintf(emsg, "Sorry, requested compression method is not configured");
|
|
+ snprintf(emsg, 1024, "Sorry, requested compression method is not configured");
|
|
return (0);
|
|
}
|
|
switch (td->td_bitspersample) {
|
|
@@ -91,12 +91,12 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
case 16:
|
|
break;
|
|
default:
|
|
- sprintf(emsg, "Sorry, can not handle images with %d-bit samples",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle images with %d-bit samples",
|
|
td->td_bitspersample);
|
|
return (0);
|
|
}
|
|
if (td->td_sampleformat == SAMPLEFORMAT_IEEEFP) {
|
|
- sprintf(emsg, "Sorry, can not handle images with IEEE floating-point samples");
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle images with IEEE floating-point samples");
|
|
return (0);
|
|
}
|
|
colorchannels = td->td_samplesperpixel - td->td_extrasamples;
|
|
@@ -109,7 +109,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
photometric = PHOTOMETRIC_RGB;
|
|
break;
|
|
default:
|
|
- sprintf(emsg, "Missing needed %s tag", photoTag);
|
|
+ snprintf(emsg, 1024, "Missing needed %s tag", photoTag);
|
|
return (0);
|
|
}
|
|
}
|
|
@@ -120,7 +120,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
if (td->td_planarconfig == PLANARCONFIG_CONTIG
|
|
&& td->td_samplesperpixel != 1
|
|
&& td->td_bitspersample < 8 ) {
|
|
- sprintf(emsg,
|
|
+ snprintf(emsg, 1024,
|
|
"Sorry, can not handle contiguous data with %s=%d, "
|
|
"and %s=%d and Bits/Sample=%d",
|
|
photoTag, photometric,
|
|
@@ -144,7 +144,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
break;
|
|
case PHOTOMETRIC_RGB:
|
|
if (colorchannels < 3) {
|
|
- sprintf(emsg, "Sorry, can not handle RGB image with %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle RGB image with %s=%d",
|
|
"Color channels", colorchannels);
|
|
return (0);
|
|
}
|
|
@@ -154,13 +154,13 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
uint16 inkset;
|
|
TIFFGetFieldDefaulted(tif, TIFFTAG_INKSET, &inkset);
|
|
if (inkset != INKSET_CMYK) {
|
|
- sprintf(emsg,
|
|
+ snprintf(emsg, 1024,
|
|
"Sorry, can not handle separated image with %s=%d",
|
|
"InkSet", inkset);
|
|
return 0;
|
|
}
|
|
if (td->td_samplesperpixel < 4) {
|
|
- sprintf(emsg,
|
|
+ snprintf(emsg, 1024,
|
|
"Sorry, can not handle separated image with %s=%d",
|
|
"Samples/pixel", td->td_samplesperpixel);
|
|
return 0;
|
|
@@ -169,7 +169,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
}
|
|
case PHOTOMETRIC_LOGL:
|
|
if (td->td_compression != COMPRESSION_SGILOG) {
|
|
- sprintf(emsg, "Sorry, LogL data must have %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, LogL data must have %s=%d",
|
|
"Compression", COMPRESSION_SGILOG);
|
|
return (0);
|
|
}
|
|
@@ -177,17 +177,17 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
case PHOTOMETRIC_LOGLUV:
|
|
if (td->td_compression != COMPRESSION_SGILOG &&
|
|
td->td_compression != COMPRESSION_SGILOG24) {
|
|
- sprintf(emsg, "Sorry, LogLuv data must have %s=%d or %d",
|
|
+ snprintf(emsg, 1024, "Sorry, LogLuv data must have %s=%d or %d",
|
|
"Compression", COMPRESSION_SGILOG, COMPRESSION_SGILOG24);
|
|
return (0);
|
|
}
|
|
if (td->td_planarconfig != PLANARCONFIG_CONTIG) {
|
|
- sprintf(emsg, "Sorry, can not handle LogLuv images with %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle LogLuv images with %s=%d",
|
|
"Planarconfiguration", td->td_planarconfig);
|
|
return (0);
|
|
}
|
|
if ( td->td_samplesperpixel != 3 || colorchannels != 3 ) {
|
|
- sprintf(emsg,
|
|
+ snprintf(emsg, 1024,
|
|
"Sorry, can not handle image with %s=%d, %s=%d",
|
|
"Samples/pixel", td->td_samplesperpixel,
|
|
"colorchannels", colorchannels);
|
|
@@ -196,7 +196,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
break;
|
|
case PHOTOMETRIC_CIELAB:
|
|
if ( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) {
|
|
- sprintf(emsg,
|
|
+ snprintf(emsg, 1024,
|
|
"Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
|
|
"Samples/pixel", td->td_samplesperpixel,
|
|
"colorchannels", colorchannels,
|
|
@@ -205,7 +205,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
|
|
}
|
|
break;
|
|
default:
|
|
- sprintf(emsg, "Sorry, can not handle image with %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle image with %s=%d",
|
|
photoTag, photometric);
|
|
return (0);
|
|
}
|
|
@@ -303,7 +303,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
case 16:
|
|
break;
|
|
default:
|
|
- sprintf(emsg, "Sorry, can not handle images with %d-bit samples",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle images with %d-bit samples",
|
|
img->bitspersample);
|
|
goto fail_return;
|
|
}
|
|
@@ -353,7 +353,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
img->photometric = PHOTOMETRIC_RGB;
|
|
break;
|
|
default:
|
|
- sprintf(emsg, "Missing needed %s tag", photoTag);
|
|
+ snprintf(emsg, 1024, "Missing needed %s tag", photoTag);
|
|
goto fail_return;
|
|
}
|
|
}
|
|
@@ -361,7 +361,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
case PHOTOMETRIC_PALETTE:
|
|
if (!TIFFGetField(tif, TIFFTAG_COLORMAP,
|
|
&red_orig, &green_orig, &blue_orig)) {
|
|
- sprintf(emsg, "Missing required \"Colormap\" tag");
|
|
+ snprintf(emsg, 1024, "Missing required \"Colormap\" tag");
|
|
goto fail_return;
|
|
}
|
|
|
|
@@ -371,7 +371,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
img->greencmap = (uint16 *) _TIFFmalloc(sizeof(uint16)*n_color);
|
|
img->bluecmap = (uint16 *) _TIFFmalloc(sizeof(uint16)*n_color);
|
|
if( !img->redcmap || !img->greencmap || !img->bluecmap ) {
|
|
- sprintf(emsg, "Out of memory for colormap copy");
|
|
+ snprintf(emsg, 1024, "Out of memory for colormap copy");
|
|
goto fail_return;
|
|
}
|
|
|
|
@@ -385,7 +385,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
if (planarconfig == PLANARCONFIG_CONTIG
|
|
&& img->samplesperpixel != 1
|
|
&& img->bitspersample < 8 ) {
|
|
- sprintf(emsg,
|
|
+ snprintf(emsg, 1024,
|
|
"Sorry, can not handle contiguous data with %s=%d, "
|
|
"and %s=%d and Bits/Sample=%d",
|
|
photoTag, img->photometric,
|
|
@@ -422,7 +422,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
break;
|
|
case PHOTOMETRIC_RGB:
|
|
if (colorchannels < 3) {
|
|
- sprintf(emsg, "Sorry, can not handle RGB image with %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle RGB image with %s=%d",
|
|
"Color channels", colorchannels);
|
|
goto fail_return;
|
|
}
|
|
@@ -432,12 +432,12 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
uint16 inkset;
|
|
TIFFGetFieldDefaulted(tif, TIFFTAG_INKSET, &inkset);
|
|
if (inkset != INKSET_CMYK) {
|
|
- sprintf(emsg, "Sorry, can not handle separated image with %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle separated image with %s=%d",
|
|
"InkSet", inkset);
|
|
goto fail_return;
|
|
}
|
|
if (img->samplesperpixel < 4) {
|
|
- sprintf(emsg, "Sorry, can not handle separated image with %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle separated image with %s=%d",
|
|
"Samples/pixel", img->samplesperpixel);
|
|
goto fail_return;
|
|
}
|
|
@@ -445,7 +445,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
break;
|
|
case PHOTOMETRIC_LOGL:
|
|
if (compress != COMPRESSION_SGILOG) {
|
|
- sprintf(emsg, "Sorry, LogL data must have %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, LogL data must have %s=%d",
|
|
"Compression", COMPRESSION_SGILOG);
|
|
goto fail_return;
|
|
}
|
|
@@ -455,12 +455,12 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
break;
|
|
case PHOTOMETRIC_LOGLUV:
|
|
if (compress != COMPRESSION_SGILOG && compress != COMPRESSION_SGILOG24) {
|
|
- sprintf(emsg, "Sorry, LogLuv data must have %s=%d or %d",
|
|
+ snprintf(emsg, 1024, "Sorry, LogLuv data must have %s=%d or %d",
|
|
"Compression", COMPRESSION_SGILOG, COMPRESSION_SGILOG24);
|
|
goto fail_return;
|
|
}
|
|
if (planarconfig != PLANARCONFIG_CONTIG) {
|
|
- sprintf(emsg, "Sorry, can not handle LogLuv images with %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle LogLuv images with %s=%d",
|
|
"Planarconfiguration", planarconfig);
|
|
return (0);
|
|
}
|
|
@@ -471,7 +471,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
case PHOTOMETRIC_CIELAB:
|
|
break;
|
|
default:
|
|
- sprintf(emsg, "Sorry, can not handle image with %s=%d",
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle image with %s=%d",
|
|
photoTag, img->photometric);
|
|
goto fail_return;
|
|
}
|
|
@@ -482,12 +482,12 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int
|
|
!(planarconfig == PLANARCONFIG_SEPARATE && img->samplesperpixel > 1);
|
|
if (img->isContig) {
|
|
if (!PickContigCase(img)) {
|
|
- sprintf(emsg, "Sorry, can not handle image");
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle image");
|
|
goto fail_return;
|
|
}
|
|
} else {
|
|
if (!PickSeparateCase(img)) {
|
|
- sprintf(emsg, "Sorry, can not handle image");
|
|
+ snprintf(emsg, 1024, "Sorry, can not handle image");
|
|
goto fail_return;
|
|
}
|
|
}
|