blob: 48657e6aa4dea00549925c46ffa300de35e0a235 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Mon Sep 17 00:00:00 2001
From: Su_Laus <sulau@freenet.de>
Date: Thu, 16 Feb 2023 12:03:16 +0100
Subject: [PATCH] tif_luv: Check and correct for NaN data in uv_encode().
Closes #530
Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz]
CVE: CVE-2023-26966
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
libtiff/tif_luv.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/libtiff/tif_luv.c b/libtiff/tif_luv.c
index 6fe4858..8b2c5f1 100644
--- a/libtiff/tif_luv.c
+++ b/libtiff/tif_luv.c
@@ -923,6 +923,13 @@ uv_encode(double u, double v, int em) /* encode (u',v') coordinates */
{
register int vi, ui;
+ /* check for NaN */
+ if (u != u || v != v)
+ {
+ u = U_NEU;
+ v = V_NEU;
+ }
+
if (v < UV_VSTART)
return oog_encode(u, v);
vi = itrunc((v - UV_VSTART)*(1./UV_SQSIZ), em);
--
2.25.1
|