AWARE [SYSTEMS] Imaging expertise for the Delphi developer
AWare Systems, Imaging expertise for the Delphi developer, Home TIFF and LibTiff Mailing List Archive

LibTiff Mailing List

TIFF and LibTiff Mailing List Archive
April 2000

Previous Thread
Next Thread

Previous by Thread
Next by Thread

Previous by Date
Next by Date

Contact

The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems



Valid HTML 4.01!



2000.04.04 10:21 "Suggested changes to tif_win32.c", by Arvan Pritchard

These changes to libtiff version 3.5.5 arise out of testing with BoundsChecker. There 
are two problems:

1) An overread of the mode in TIFFFdOpen()

155c155,157
<       BOOL fSuppressMap = (mode[1] == 'u' || mode[2] == 'u');
---
>     // Avoid reading uninitialised memory - note that this
>     // use of 'u' does not match the spec
>       BOOL fSuppressMap = (mode[1] == 'u' || (mode[1]!=0 && mode[2] == 'u'));


2) Overwriting in _TIFFrealloc() when reducing the size.

229,231c231,244
<               if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
<                       CopyMemory(pvTmp, p, GlobalSize(p));
<                       GlobalFree(p);
---
>         tsize_t old=GlobalSize(p);
>         if (old>=s)
>         {
>                   if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
>                           CopyMemory(pvTmp, p, s);
>                           GlobalFree(p);
>             }
>         }
>         else
>         {
>                   if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
>                           CopyMemory(pvTmp, p, old);
>                           GlobalFree(p);
>             }


-- 
Arvan Pritchard
Informatix Software International Limited
Daedalus House, Station Road, Cambridge, CB1 2RE
arvan.pritchard@informatix.co.uk