Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package tiff for openSUSE:Factory checked in at 2022-05-10 15:11:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/tiff (Old) and /work/SRC/openSUSE:Factory/.tiff.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tiff" Tue May 10 15:11:29 2022 rev:82 rq:975780 version:4.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/tiff/tiff.changes 2021-04-29 01:36:59.422458523 +0200 +++ /work/SRC/openSUSE:Factory/.tiff.new.1538/tiff.changes 2022-05-10 15:11:41.603552113 +0200 @@ -1,0 +2,37 @@ +Mon May 9 10:50:34 UTC 2022 - Michael Vetter <mvet...@suse.com> + +- security update: + * CVE-2022-0907 [bsc#1197070] + + tiff-CVE-2022-0907.patch + +------------------------------------------------------------------- +Mon May 9 10:42:53 UTC 2022 - Michael Vetter <mvet...@suse.com> + +- security update + * CVE-2022-0561 [bsc#1195964] + + tiff-CVE-2022-0561.patch + * CVE-2022-0562 [bsc#1195965] + + tiff-CVE-2022-0562.patch + * CVE-2022-0865 [bsc#1197066] + + tiff-CVE-2022-0865.patch + * CVE-2022-0909 [bsc#1197072] + + tiff-CVE-2022-0909.patch + * CVE-2022-0924 [bsc#1197073] + + tiff-CVE-2022-0924.patch + * CVE-2022-0908 [bsc#1197074] + + tiff-CVE-2022-0908.patch + +------------------------------------------------------------------- +Fri May 6 09:08:09 UTC 2022 - Michael Vetter <mvet...@suse.com> + +- security update + * CVE-2022-1056 [bsc#1197631] + * CVE-2022-0891 [bsc#1197068] + + tiff-CVE-2022-1056,CVE-2022-0891.patch + +------------------------------------------------------------------- +Wed May 4 08:39:39 UTC 2022 - Marcus Meissner <meiss...@suse.com> + +- switch source url to https + +------------------------------------------------------------------- New: ---- tiff-CVE-2022-0561.patch tiff-CVE-2022-0562.patch tiff-CVE-2022-0865.patch tiff-CVE-2022-0907.patch tiff-CVE-2022-0908.patch tiff-CVE-2022-0909.patch tiff-CVE-2022-0924.patch tiff-CVE-2022-1056,CVE-2022-0891.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ tiff.spec ++++++ --- /var/tmp/diff_new_pack.hqpIM5/_old 2022-05-10 15:11:42.399553116 +0200 +++ /var/tmp/diff_new_pack.hqpIM5/_new 2022-05-10 15:11:42.403553122 +0200 @@ -1,7 +1,7 @@ # # spec file for package tiff # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,12 +25,20 @@ License: HPND Group: Productivity/Graphics/Convertors URL: http://www.simplesystems.org/libtiff/ -Source: http://download.osgeo.org/libtiff/tiff-%{version}.tar.gz +Source: https://download.osgeo.org/libtiff/tiff-%{version}.tar.gz Source2: README.SUSE Source3: baselibs.conf Patch0: tiff-4.0.3-seek.patch # http://bugzilla.maptools.org/show_bug.cgi?id=2442 Patch1: tiff-4.0.3-compress-warning.patch +Patch2: tiff-CVE-2022-1056,CVE-2022-0891.patch +Patch3: tiff-CVE-2022-0908.patch +Patch4: tiff-CVE-2022-0924.patch +Patch5: tiff-CVE-2022-0909.patch +Patch6: tiff-CVE-2022-0865.patch +Patch7: tiff-CVE-2022-0562.patch +Patch8: tiff-CVE-2022-0561.patch +Patch9: tiff-CVE-2022-0907.patch BuildRequires: gcc-c++ BuildRequires: libjbig-devel BuildRequires: libjpeg-devel @@ -70,6 +78,14 @@ %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 %build CFLAGS="%{optflags} -fPIE" ++++++ tiff-CVE-2022-0561.patch ++++++ >From eecb0712f4c3a5b449f70c57988260a667ddbdef Mon Sep 17 00:00:00 2001 From: Even Rouault <even.roua...@spatialys.com> Date: Sun, 6 Feb 2022 13:08:38 +0100 Subject: [PATCH] TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer and size of zero (fixes #362) --- libtiff/tif_dirread.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c index 23194ced..50ebf8ac 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c @@ -5777,8 +5777,9 @@ TIFFFetchStripThing(TIFF* tif, TIFFDirEntry* dir, uint32_t nstrips, uint64_t** l _TIFFfree(data); return(0); } - _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); - _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); + if( dir->tdir_count ) + _TIFFmemcpy(resizeddata,data, (uint32_t)dir->tdir_count * sizeof(uint64_t)); + _TIFFmemset(resizeddata+(uint32_t)dir->tdir_count, 0, (nstrips - (uint32_t)dir->tdir_count) * sizeof(uint64_t)); _TIFFfree(data); data=resizeddata; } -- GitLab ++++++ tiff-CVE-2022-0562.patch ++++++ >From 561599c99f987dc32ae110370cfdd7df7975586b Mon Sep 17 00:00:00 2001 From: Even Rouault <even.roua...@spatialys.com> Date: Sat, 5 Feb 2022 20:36:41 +0100 Subject: [PATCH] TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and size of zero (fixes #362) --- libtiff/tif_dirread.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c index 2bbc4585..23194ced 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c @@ -4177,7 +4177,8 @@ TIFFReadDirectory(TIFF* tif) goto bad; } - memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); + if (old_extrasamples > 0) + memcpy(new_sampleinfo, tif->tif_dir.td_sampleinfo, old_extrasamples * sizeof(uint16_t)); _TIFFsetShortArray(&tif->tif_dir.td_sampleinfo, new_sampleinfo, tif->tif_dir.td_extrasamples); _TIFFfree(new_sampleinfo); } -- GitLab ++++++ tiff-CVE-2022-0865.patch ++++++ >From a1c933dabd0e1c54a412f3f84ae0aa58115c6067 Mon Sep 17 00:00:00 2001 From: Even Rouault <even.roua...@spatialys.com> Date: Thu, 24 Feb 2022 22:26:02 +0100 Subject: [PATCH] tif_jbig.c: fix crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed (fixes #385) --- libtiff/tif_jbig.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c index 74086338..8bfa4cef 100644 --- a/libtiff/tif_jbig.c +++ b/libtiff/tif_jbig.c @@ -209,6 +209,16 @@ int TIFFInitJBIG(TIFF* tif, int scheme) */ tif->tif_flags |= TIFF_NOBITREV; tif->tif_flags &= ~TIFF_MAPPED; + /* We may have read from a previous IFD and thus set TIFF_BUFFERMMAP and + * cleared TIFF_MYBUFFER. It is necessary to restore them to their initial + * value to be consistent with the state of a non-memory mapped file. + */ + if (tif->tif_flags&TIFF_BUFFERMMAP) { + tif->tif_rawdata = NULL; + tif->tif_rawdatasize = 0; + tif->tif_flags &= ~TIFF_BUFFERMMAP; + tif->tif_flags |= TIFF_MYBUFFER; + } /* Setup the function pointers for encode, decode, and cleanup. */ tif->tif_setupdecode = JBIGSetupDecode; -- GitLab ++++++ tiff-CVE-2022-0907.patch ++++++ >From 40b00cfb32256d377608b4d4cd30fac338d0a0bc Mon Sep 17 00:00:00 2001 From: Augustus <wangdw.augus...@qq.com> Date: Mon, 7 Mar 2022 18:21:49 +0800 Subject: [PATCH] add checks for return value of limitMalloc (#392) --- tools/tiffcrop.c | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c index f2e5474a..9b8acc7e 100644 --- a/tools/tiffcrop.c +++ b/tools/tiffcrop.c @@ -7406,7 +7406,11 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) if (!sect_buff) { sect_buff = (unsigned char *)limitMalloc(sectsize); - *sect_buff_ptr = sect_buff; + if (!sect_buff) + { + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } _TIFFmemset(sect_buff, 0, sectsize); } else @@ -7422,15 +7426,15 @@ createImageSection(uint32_t sectsize, unsigned char **sect_buff_ptr) else sect_buff = new_buff; + if (!sect_buff) + { + TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); + return (-1); + } _TIFFmemset(sect_buff, 0, sectsize); } } - if (!sect_buff) - { - TIFFError("createImageSection", "Unable to allocate/reallocate section buffer"); - return (-1); - } prev_sectsize = sectsize; *sect_buff_ptr = sect_buff; @@ -7697,7 +7701,11 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, if (!crop_buff) { crop_buff = (unsigned char *)limitMalloc(cropsize); - *crop_buff_ptr = crop_buff; + if (!crop_buff) + { + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } _TIFFmemset(crop_buff, 0, cropsize); prev_cropsize = cropsize; } @@ -7713,15 +7721,15 @@ createCroppedImage(struct image_data *image, struct crop_mask *crop, } else crop_buff = new_buff; + if (!crop_buff) + { + TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); + return (-1); + } _TIFFmemset(crop_buff, 0, cropsize); } } - if (!crop_buff) - { - TIFFError("createCroppedImage", "Unable to allocate/reallocate crop buffer"); - return (-1); - } *crop_buff_ptr = crop_buff; if (crop->crop_mode & CROP_INVERT) @@ -9280,3 +9288,4 @@ invertImage(uint16_t photometric, uint16_t spp, uint16_t bps, uint32_t width, ui * fill-column: 78 * End: */ + -- GitLab ++++++ tiff-CVE-2022-0908.patch ++++++ >From a95b799f65064e4ba2e2dfc206808f86faf93e85 Mon Sep 17 00:00:00 2001 From: Even Rouault <even.roua...@spatialys.com> Date: Thu, 17 Feb 2022 15:28:43 +0100 Subject: [PATCH] TIFFFetchNormalTag(): avoid calling memcpy() with a null source pointer and size of zero (fixes #383) --- libtiff/tif_dirread.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c index 50ebf8ac..2ec44a4f 100644 --- a/libtiff/tif_dirread.c +++ b/libtiff/tif_dirread.c @@ -5091,7 +5091,10 @@ TIFFFetchNormalTag(TIFF* tif, TIFFDirEntry* dp, int recover) _TIFFfree(data); return(0); } - _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count); + if (dp->tdir_count > 0 ) + { + _TIFFmemcpy(o,data,(uint32_t)dp->tdir_count); + } o[(uint32_t)dp->tdir_count]=0; if (data!=0) _TIFFfree(data); -- GitLab ++++++ tiff-CVE-2022-0909.patch ++++++ >From 32ea0722ee68f503b7a3f9b2d557acb293fc8cde Mon Sep 17 00:00:00 2001 From: 4ugustus <wangdw.augus...@qq.com> Date: Tue, 8 Mar 2022 16:22:04 +0000 Subject: [PATCH] fix the FPE in tiffcrop (#393) --- libtiff/tif_dir.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c index 57055ca9..59b346ca 100644 --- a/libtiff/tif_dir.c +++ b/libtiff/tif_dir.c @@ -333,13 +333,13 @@ _TIFFVSetField(TIFF* tif, uint32_t tag, va_list ap) break; case TIFFTAG_XRESOLUTION: dblval = va_arg(ap, double); - if( dblval < 0 ) + if( dblval != dblval || dblval < 0 ) goto badvaluedouble; td->td_xresolution = _TIFFClampDoubleToFloat( dblval ); break; case TIFFTAG_YRESOLUTION: dblval = va_arg(ap, double); - if( dblval < 0 ) + if( dblval != dblval || dblval < 0 ) goto badvaluedouble; td->td_yresolution = _TIFFClampDoubleToFloat( dblval ); break; -- GitLab ++++++ tiff-CVE-2022-0924.patch ++++++ >From 88d79a45a31c74cba98c697892fed5f7db8b963a Mon Sep 17 00:00:00 2001 From: 4ugustus <wangdw.augus...@qq.com> Date: Thu, 10 Mar 2022 08:48:00 +0000 Subject: [PATCH] fix heap buffer overflow in tiffcp (#278) --- tools/tiffcp.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/tools/tiffcp.c b/tools/tiffcp.c index 224583e0..aa32b118 100644 --- a/tools/tiffcp.c +++ b/tools/tiffcp.c @@ -1667,12 +1667,27 @@ DECLAREwriteFunc(writeBufferToSeparateStrips) tdata_t obuf; tstrip_t strip = 0; tsample_t s; + uint16_t bps = 0, bytes_per_sample; obuf = limitMalloc(stripsize); if (obuf == NULL) return (0); _TIFFmemset(obuf, 0, stripsize); (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip); + (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps); + if( bps == 0 ) + { + TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample"); + _TIFFfree(obuf); + return 0; + } + if( (bps % 8) != 0 ) + { + TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8"); + _TIFFfree(obuf); + return 0; + } + bytes_per_sample = bps/8; for (s = 0; s < spp; s++) { uint32_t row; for (row = 0; row < imagelength; row += rowsperstrip) { @@ -1682,7 +1697,7 @@ DECLAREwriteFunc(writeBufferToSeparateStrips) cpContigBufToSeparateBuf( obuf, (uint8_t*) buf + row * rowsize + s, - nrows, imagewidth, 0, 0, spp, 1); + nrows, imagewidth, 0, 0, spp, bytes_per_sample); if (TIFFWriteEncodedStrip(out, strip++, obuf, stripsize) < 0) { TIFFError(TIFFFileName(out), "Error, can't write strip %"PRIu32, -- GitLab ++++++ tiff-CVE-2022-1056,CVE-2022-0891.patch ++++++ >From 232282fd8f9c21eefe8d2d2b96cdbbb172fe7b7c Mon Sep 17 00:00:00 2001 From: Su Laus <su...@freenet.de> Date: Tue, 8 Mar 2022 17:02:44 +0000 Subject: [PATCH] tiffcrop: fix issue #380 and #382 heap buffer overflow in extractImageSection --- tools/tiffcrop.c | 92 +++++++++++++++++++----------------------------- 1 file changed, 36 insertions(+), 56 deletions(-) diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c index f2e5474a..e62bcc71 100644 --- a/tools/tiffcrop.c +++ b/tools/tiffcrop.c @@ -105,8 +105,8 @@ * of messages to monitor progress without enabling dump logs. */ -static char tiffcrop_version_id[] = "2.4"; -static char tiffcrop_rev_date[] = "12-13-2010"; +static char tiffcrop_version_id[] = "2.4.1"; +static char tiffcrop_rev_date[] = "03-03-2010"; #include "tif_config.h" #include "libport.h" @@ -6739,10 +6739,10 @@ extractImageSection(struct image_data *image, struct pageseg *section, #ifdef DEVELMODE uint32_t img_length; #endif - uint32_t j, shift1, shift2, trailing_bits; + uint32_t j, shift1, trailing_bits; uint32_t row, first_row, last_row, first_col, last_col; uint32_t src_offset, dst_offset, row_offset, col_offset; - uint32_t offset1, offset2, full_bytes; + uint32_t offset1, full_bytes; uint32_t sect_width; #ifdef DEVELMODE uint32_t sect_length; @@ -6752,7 +6752,6 @@ extractImageSection(struct image_data *image, struct pageseg *section, #ifdef DEVELMODE int k; unsigned char bitset; - static char *bitarray = NULL; #endif img_width = image->width; @@ -6770,17 +6769,12 @@ extractImageSection(struct image_data *image, struct pageseg *section, dst_offset = 0; #ifdef DEVELMODE - if (bitarray == NULL) - { - if ((bitarray = (char *)malloc(img_width)) == NULL) - { - TIFFError ("", "DEBUG: Unable to allocate debugging bitarray"); - return (-1); - } - } + char bitarray[39]; #endif - /* rows, columns, width, length are expressed in pixels */ + /* rows, columns, width, length are expressed in pixels + * first_row, last_row, .. are index into image array starting at 0 to width-1, + * last_col shall be also extracted. */ first_row = section->y1; last_row = section->y2; first_col = section->x1; @@ -6790,9 +6784,14 @@ extractImageSection(struct image_data *image, struct pageseg *section, #ifdef DEVELMODE sect_length = last_row - first_row + 1; #endif - img_rowsize = ((img_width * bps + 7) / 8) * spp; - full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */ - trailing_bits = (sect_width * bps) % 8; + /* The read function loadImage() used copy separate plane data into a buffer as interleaved + * samples rather than separate planes so the same logic works to extract regions + * regardless of the way the data are organized in the input file. + * Furthermore, bytes and bits are arranged in buffer according to COMPRESSION=1 and FILLORDER=1 + */ + img_rowsize = (((img_width * spp * bps) + 7) / 8); /* row size in full bytes of source image */ + full_bytes = (sect_width * spp * bps) / 8; /* number of COMPLETE bytes per row in section */ + trailing_bits = (sect_width * spp * bps) % 8; /* trailing bits within the last byte of destination buffer */ #ifdef DEVELMODE TIFFError ("", "First row: %"PRIu32", last row: %"PRIu32", First col: %"PRIu32", last col: %"PRIu32"\n", @@ -6805,10 +6804,9 @@ extractImageSection(struct image_data *image, struct pageseg *section, if ((bps % 8) == 0) { - col_offset = first_col * spp * bps / 8; + col_offset = (first_col * spp * bps) / 8; for (row = first_row; row <= last_row; row++) { - /* row_offset = row * img_width * spp * bps / 8; */ row_offset = row * img_rowsize; src_offset = row_offset + col_offset; @@ -6821,14 +6819,12 @@ extractImageSection(struct image_data *image, struct pageseg *section, } else { /* bps != 8 */ - shift1 = spp * ((first_col * bps) % 8); - shift2 = spp * ((last_col * bps) % 8); + shift1 = ((first_col * spp * bps) % 8); /* shift1 = bits to skip in the first byte of source buffer*/ for (row = first_row; row <= last_row; row++) { /* pull out the first byte */ row_offset = row * img_rowsize; - offset1 = row_offset + (first_col * bps / 8); - offset2 = row_offset + (last_col * bps / 8); + offset1 = row_offset + ((first_col * spp * bps) / 8); /* offset1 = offset into source of byte with first bits to be extracted */ #ifdef DEVELMODE for (j = 0, k = 7; j < 8; j++, k--) @@ -6840,12 +6836,12 @@ extractImageSection(struct image_data *image, struct pageseg *section, sprintf(&bitarray[9], " "); for (j = 10, k = 7; j < 18; j++, k--) { - bitset = *(src_buff + offset2) & (((unsigned char)1 << k)) ? 1 : 0; + bitset = *(src_buff + offset1 + full_bytes) & (((unsigned char)1 << k)) ? 1 : 0; sprintf(&bitarray[j], (bitset) ? "1" : "0"); } bitarray[18] = '\0'; - TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Shift2: %"PRIu32"\n", - row, offset1, shift1, offset2, shift2); + TIFFError ("", "Row: %3d Offset1: %"PRIu32", Shift1: %"PRIu32", Offset2: %"PRIu32", Trailing_bits: %"PRIu32"\n", + row, offset1, shift1, offset1+full_bytes, trailing_bits); #endif bytebuff1 = bytebuff2 = 0; @@ -6869,11 +6865,12 @@ extractImageSection(struct image_data *image, struct pageseg *section, if (trailing_bits != 0) { - bytebuff2 = src_buff[offset2] & ((unsigned char)255 << (7 - shift2)); + /* Only copy higher bits of samples and mask lower bits of not wanted column samples to zero */ + bytebuff2 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (8 - trailing_bits)); sect_buff[dst_offset] = bytebuff2; #ifdef DEVELMODE TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", - offset2, dst_offset); + offset1 + full_bytes, dst_offset); for (j = 30, k = 7; j < 38; j++, k--) { bitset = *(sect_buff + dst_offset) & (((unsigned char)1 << k)) ? 1 : 0; @@ -6892,8 +6889,10 @@ extractImageSection(struct image_data *image, struct pageseg *section, #endif for (j = 0; j <= full_bytes; j++) { - bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1); - bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (7 - shift1)); + /* Skip the first shift1 bits and shift the source up by shift1 bits before save to destination.*/ + /* Attention: src_buff size needs to be some bytes larger than image size, because could read behind image here. */ + bytebuff1 = src_buff[offset1 + j] & ((unsigned char)255 >> shift1); + bytebuff2 = src_buff[offset1 + j + 1] & ((unsigned char)255 << (8 - shift1)); sect_buff[dst_offset + j] = (bytebuff1 << shift1) | (bytebuff2 >> (8 - shift1)); } #ifdef DEVELMODE @@ -6909,36 +6908,17 @@ extractImageSection(struct image_data *image, struct pageseg *section, #endif dst_offset += full_bytes; + /* Copy the trailing_bits for the last byte in the destination buffer. + Could come from one ore two bytes of the source buffer. */ if (trailing_bits != 0) { #ifdef DEVELMODE - TIFFError ("", " Trailing bits src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", offset1 + full_bytes, dst_offset); -#endif - if (shift2 > shift1) - { - bytebuff1 = src_buff[offset1 + full_bytes] & ((unsigned char)255 << (7 - shift2)); - bytebuff2 = bytebuff1 & ((unsigned char)255 << shift1); - sect_buff[dst_offset] = bytebuff2; -#ifdef DEVELMODE - TIFFError ("", " Shift2 > Shift1\n"); + TIFFError("", " Trailing bits %4"PRIu32" src offset: %8"PRIu32", Dst offset: %8"PRIu32"\n", trailing_bits, offset1 + full_bytes, dst_offset); #endif + /* More than necessary bits are already copied into last destination buffer, + * only masking of last byte in destination buffer is necessary.*/ + sect_buff[dst_offset] &= ((uint8_t)0xFF << (8 - trailing_bits)); } - else - { - if (shift2 < shift1) - { - bytebuff2 = ((unsigned char)255 << (shift1 - shift2 - 1)); - sect_buff[dst_offset] &= bytebuff2; -#ifdef DEVELMODE - TIFFError ("", " Shift2 < Shift1\n"); -#endif - } -#ifdef DEVELMODE - else - TIFFError ("", " Shift2 == Shift1\n"); -#endif - } - } #ifdef DEVELMODE sprintf(&bitarray[28], " "); sprintf(&bitarray[29], " "); @@ -7091,7 +7071,7 @@ writeImageSections(TIFF *in, TIFF *out, struct image_data *image, width = sections[i].x2 - sections[i].x1 + 1; length = sections[i].y2 - sections[i].y1 + 1; sectsize = (uint32_t) - ceil((width * image->bps + 7) / (double)8) * image->spp * length; + ceil((width * image->bps * image->spp + 7) / (double)8) * length; /* allocate a buffer if we don't have one already */ if (createImageSection(sectsize, sect_buff_ptr)) { -- GitLab
