liz/rawTherapee
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix buffer overrun writing uncompressed tiff

Browse Source
This commit is contained in:
heckflosse
2016-07-03 16:06:07 +02:00
parent 2710bcdcec
commit 87e1914b9d
3 changed files with 20 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
rtexif/rtexif.cc
View File

@@ -2864,7 +2864,7 @@ int ExifManager::createJPEGMarker (const TagDirectory* root, const rtengine::pro
return size + 6;
}
int ExifManager::createTIFFHeader (const TagDirectory* root, const rtengine::procparams::ExifPairs& changeList, int W, int H, int bps, const char* profiledata, int profilelen, const char* iptcdata, int iptclen, unsigned char* buffer)
int ExifManager::createTIFFHeader (const TagDirectory* root, const rtengine::procparams::ExifPairs& changeList, int W, int H, int bps, const char* profiledata, int profilelen, const char* iptcdata, int iptclen, unsigned char *&buffer, unsigned &bufferSize)
{
// write tiff header
@@ -2875,13 +2875,6 @@ int ExifManager::createTIFFHeader (const TagDirectory* root, const rtengine::pro
order = root->getOrder ();
}
sset2 ((unsigned short)order, buffer + offs, order);
offs += 2;
sset2 (42, buffer + offs, order);
offs += 2;
sset4 (8, buffer + offs, order);
offs += 4;
TagDirectory* cl;
if (root) {
@@ -2956,6 +2949,15 @@ int ExifManager::createTIFFHeader (const TagDirectory* root, const rtengine::pro
}
cl->sort ();
bufferSize = cl->calculateSize() + 8;
buffer = new unsigned char[bufferSize]; // this has to be deleted in caller
sset2 ((unsigned short)order, buffer + offs, order);
offs += 2;
sset2 (42, buffer + offs, order);
offs += 2;
sset4 (8, buffer + offs, order);
offs += 4;
int endOffs = cl->write (8, buffer);
// cl->printAll();