2000.04.04 10:21 "Suggested changes to tif_win32.c", by Arvan Pritchard
These changes to libtiff version 3.5.5 arise out of testing with BoundsChecker. There are two problems:
1) An overread of the mode in TIFFFdOpen()
155c155,157
< BOOL fSuppressMap = (mode[1] == 'u' || mode[2] == 'u');
---
> // Avoid reading uninitialised memory - note that this
> // use of 'u' does not match the spec
> BOOL fSuppressMap = (mode[1] == 'u' || (mode[1]!=0 && mode[2] == 'u'));
2) Overwriting in _TIFFrealloc() when reducing the size.
229,231c231,244
< if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
< CopyMemory(pvTmp, p, GlobalSize(p));
< GlobalFree(p);
---
> tsize_t old=GlobalSize(p);
> if (old>=s)
> {
> if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
> CopyMemory(pvTmp, p, s);
> GlobalFree(p);
> }
> }
> else
> {
> if ((pvTmp = GlobalAlloc(GMEM_FIXED, s)) != NULL) {
> CopyMemory(pvTmp, p, old);
> GlobalFree(p);
> }
Arvan Pritchard
Informatix Software International Limited
Daedalus House, Station Road, Cambridge, CB1 2RE
arvan.pritchard@informatix.co.uk