fix the FPE in tiffcrop (#415, #427, and #428) (!346) · Merge requests · libtiff / libtiff

4ugustus requested to merge waugustus/libtiff:issue-415+427+428 into master Jun 02, 2022

Fix #415 (closed), #427 (closed), and #428 (closed).

I have made two editions:

First, I created a convert function (_TIFFClampDoubleToUInt32) in tif_aux.c, and declared it in tiffiop.h. Then I called this function on all lines of code that convert double to uint32_t. I did this because converting double to uint32_t with (uint32_t) will cause some large double values to be truncated.

//tif_aux.c
uint32_t _TIFFClampDoubleToUInt32(double val)
{
    if( val < 0 )
        return 0;
    if( val > 0xFFFFFFFFU || val != val )
        return 0xFFFFFFFFU;
    return (uint32_t)val;
}

//tiffiop.h
extern float _TIFFClampDoubleToFloat(double);
extern uint32_t _TIFFClampDoubleToUInt32(double);

Second, I added a check for integer overflow in tiffcrop.c.

if (owidth == 0 || olength == 0)
{
    TIFFError("computeOutputPixelOffsets", "Integer overflow when calculating the number of pages");
    exit(EXIT_FAILURE);
}

fix the FPE in tiffcrop (#415, #427, and #428)

Merge request reports