57 lines
1.2 KiB
Diff
57 lines
1.2 KiB
Diff
From fb1db384959698edd6caeea84e28253d272a0f96 Mon Sep 17 00:00:00 2001
|
|
From: Su_Laus <sulau@freenet.de>
|
|
Date: Sat, 2 Apr 2022 22:33:31 +0200
|
|
Subject: [PATCH] tiffcp: avoid buffer overflow in "mode" string (fixes #400)
|
|
|
|
---
|
|
tools/tiffcp.c | 25 ++++++++++++++++++++-----
|
|
1 file changed, 20 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/tools/tiffcp.c b/tools/tiffcp.c
|
|
index 1c81322..83b3910 100644
|
|
--- a/tools/tiffcp.c
|
|
+++ b/tools/tiffcp.c
|
|
@@ -247,19 +247,34 @@ main(int argc, char* argv[])
|
|
deftilewidth = atoi(optarg);
|
|
break;
|
|
case 'B':
|
|
- *mp++ = 'b'; *mp = '\0';
|
|
+ if (strlen(mode) < (sizeof(mode) - 1))
|
|
+ {
|
|
+ *mp++ = 'b'; *mp = '\0';
|
|
+ }
|
|
break;
|
|
case 'L':
|
|
- *mp++ = 'l'; *mp = '\0';
|
|
+ if (strlen(mode) < (sizeof(mode) - 1))
|
|
+ {
|
|
+ *mp++ = 'l'; *mp = '\0';
|
|
+ }
|
|
break;
|
|
case 'M':
|
|
- *mp++ = 'm'; *mp = '\0';
|
|
+ if (strlen(mode) < (sizeof(mode) - 1))
|
|
+ {
|
|
+ *mp++ = 'm'; *mp = '\0';
|
|
+ }
|
|
break;
|
|
case 'C':
|
|
- *mp++ = 'c'; *mp = '\0';
|
|
+ if (strlen(mode) < (sizeof(mode) - 1))
|
|
+ {
|
|
+ *mp++ = 'c'; *mp = '\0';
|
|
+ }
|
|
break;
|
|
case '8':
|
|
- *mp++ = '8'; *mp = '\0';
|
|
+ if (strlen(mode) < (sizeof(mode)-1))
|
|
+ {
|
|
+ *mp++ = '8'; *mp = '\0';
|
|
+ }
|
|
break;
|
|
case 'x':
|
|
pageInSeq = 1;
|
|
--
|
|
2.27.0
|
|
|