22 lines
1.4 KiB
Diff
22 lines
1.4 KiB
Diff
diff --git a/third_party/libtiff/tif_dirread.c b/third_party/libtiff/tif_dirread.c
|
|
index 0e3f8ccd4..e0403aef3 100644
|
|
--- a/third_party/libtiff/tif_dirread.c
|
|
+++ b/third_party/libtiff/tif_dirread.c
|
|
@@ -3754,6 +3754,17 @@ TIFFReadDirectory(TIFF* tif)
|
|
fip ? fip->field_name : "unknown tagname");
|
|
continue;
|
|
}
|
|
+ /* ColorMap or TransferFunction for high bit */
|
|
+ /* depths do not make much sense and could be */
|
|
+ /* used as a denial of service vector */
|
|
+ if (tif->tif_dir.td_bitspersample > 24)
|
|
+ {
|
|
+ TIFFWarningExt(tif->tif_clientdata,module,
|
|
+ "Ignoring %s because BitsPerSample=%d>24",
|
|
+ fip ? fip->field_name : "unknown tagname",
|
|
+ tif->tif_dir.td_bitspersample);
|
|
+ continue;
|
|
+ }
|
|
countpersample=(1L<<tif->tif_dir.td_bitspersample);
|
|
if ((dp->tdir_tag==TIFFTAG_TRANSFERFUNCTION)&&(dp->tdir_count==(uint64)countpersample))
|
|
{
|