diff options
Diffstat (limited to 'tiff/libtiff/tif_lzw.c')
| -rw-r--r-- | tiff/libtiff/tif_lzw.c | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/tiff/libtiff/tif_lzw.c b/tiff/libtiff/tif_lzw.c index bc8f9c84..21064f29 100644 --- a/tiff/libtiff/tif_lzw.c +++ b/tiff/libtiff/tif_lzw.c @@ -1,5 +1,3 @@ -/* $Id: tif_lzw.c,v 1.57 2017-07-11 10:54:29 erouault Exp $ */ - /* * Copyright (c) 1988-1997 Sam Leffler * Copyright (c) 1991-1997 Silicon Graphics, Inc. @@ -135,6 +133,7 @@ typedef struct { long dec_restart; /* restart count */ #ifdef LZW_CHECKEOS uint64 dec_bitsleft; /* available bits in raw data */ + tmsize_t old_tif_rawcc; /* value of tif_rawcc at the end of the previous TIFLZWDecode() call */ #endif decodeFunc dec_decode; /* regular or backwards compatible */ code_t* dec_codep; /* current recognized code */ @@ -248,6 +247,8 @@ LZWSetupDecode(TIFF* tif) /* * Zero-out the unused entries */ + /* Silence false positive */ + /* coverity[overrun-buffer-arg] */ _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0, (CODE_FIRST - CODE_CLEAR) * sizeof (code_t)); } @@ -320,6 +321,7 @@ LZWPreDecode(TIFF* tif, uint16 s) sp->dec_nbitsmask = MAXCODE(BITS_MIN); #ifdef LZW_CHECKEOS sp->dec_bitsleft = 0; + sp->old_tif_rawcc = 0; #endif sp->dec_free_entp = sp->dec_codetab + CODE_FIRST; /* @@ -427,7 +429,7 @@ LZWDecode(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) bp = (unsigned char *)tif->tif_rawcp; #ifdef LZW_CHECKEOS - sp->dec_bitsleft = (((uint64)tif->tif_rawcc) << 3); + sp->dec_bitsleft += (((uint64)tif->tif_rawcc - sp->old_tif_rawcc) << 3); #endif nbits = sp->lzw_nbits; nextdata = sp->lzw_nextdata; @@ -555,6 +557,9 @@ LZWDecode(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) tif->tif_rawcc -= (tmsize_t)( (uint8*) bp - tif->tif_rawcp ); tif->tif_rawcp = (uint8*) bp; +#ifdef LZW_CHECKEOS + sp->old_tif_rawcc = tif->tif_rawcc; +#endif sp->lzw_nbits = (unsigned short) nbits; sp->lzw_nextdata = nextdata; sp->lzw_nextbits = nextbits; @@ -604,6 +609,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) char *tp; unsigned char *bp; int code, nbits; + int len; long nextbits, nextdata, nbitsmask; code_t *codep, *free_entp, *maxcodep, *oldcodep; @@ -657,7 +663,7 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) bp = (unsigned char *)tif->tif_rawcp; #ifdef LZW_CHECKEOS - sp->dec_bitsleft = (((uint64)tif->tif_rawcc) << 3); + sp->dec_bitsleft += (((uint64)tif->tif_rawcc - sp->old_tif_rawcc) << 3); #endif nbits = sp->lzw_nbits; nextdata = sp->lzw_nextdata; @@ -755,13 +761,18 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) } while (--occ); break; } - assert(occ >= codep->length); - op += codep->length; - occ -= codep->length; - tp = op; + len = codep->length; + tp = op + len; do { - *--tp = codep->value; - } while( (codep = codep->next) != NULL ); + int t; + --tp; + t = codep->value; + codep = codep->next; + *tp = (char)t; + } while (codep && tp > op); + assert(occ >= len); + op += len; + occ -= len; } else { *op++ = (char)code; occ--; @@ -770,6 +781,9 @@ LZWDecodeCompat(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s) tif->tif_rawcc -= (tmsize_t)( (uint8*) bp - tif->tif_rawcp ); tif->tif_rawcp = (uint8*) bp; +#ifdef LZW_CHECKEOS + sp->old_tif_rawcc = tif->tif_rawcc; +#endif sp->lzw_nbits = (unsigned short)nbits; sp->lzw_nextdata = nextdata; sp->lzw_nextbits = nextbits; |