Skip to content
This repository has been archived by the owner on Dec 1, 2017. It is now read-only.

Commit

Permalink
* tools/rgb2ycbcr.c: validate values of -v and -h parameters to
Browse files Browse the repository at this point in the history 
avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
  • Loading branch information
erouault committed Aug 15, 2016
1 parent e596d4e commit bd024f0
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
5 changes: 5 additions & 0 deletions ChangeLog
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,8 @@
2016-08-15 Even Rouault <even.rouault at spatialys.com>

* tools/rgb2ycbcr.c: validate values of -v and -h parameters to
avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)

2016-08-15 Even Rouault <even.rouault at spatialys.com>

* tools/tiffcrop.c: Fix out-of-bounds write in loadImage().
Expand Down
4 changes: 4 additions & 0 deletions tools/rgb2ycbcr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,9 +95,13 @@ main(int argc, char* argv[])
break;
case 'h':
horizSubSampling = atoi(optarg);
if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 )
usage(-1);
break;
case 'v':
vertSubSampling = atoi(optarg);
if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 )
usage(-1);
break;
case 'r':
rowsperstrip = atoi(optarg);
Expand Down

0 comments on commit bd024f0

Please sign in to comment.