[Bug 48927] Heap buffer underflow in TiffFrameDecode_ReadTile when decoding 1x1 4bpp RGBA image
WineHQ Bugzilla
wine-bugs at winehq.org
Wed Apr 15 11:11:06 CDT 2020
https://bugs.winehq.org/show_bug.cgi?id=48927
--- Comment #4 from Dmitry Timoshkov <dmitry at baikal.ru> ---
I don't have a TIFF image in an appropriate format to test at the moment,
however does the following implementation fix the heap corruption?
/* 1 source byte expands to 2 BGRA samples */
count = This->decode_info.tile_width * This->decode_info.tile_height;
src = This->cached_tile + count / 2 - 1;
dst = This->cached_tile + This->decode_info.tile_size;
while (count >= 2)
{
BYTE b = *src--;
dst -= 8;
dst[2] = (b & 0x80) ? 0xff : 0; /* R */
dst[1] = (b & 0x40) ? 0xff : 0; /* G */
dst[0] = (b & 0x20) ? 0xff : 0; /* B */
dst[3] = (b & 0x10) ? 0xff : 0; /* A */
dst[6] = (b & 0x08) ? 0xff : 0; /* R */
dst[5] = (b & 0x04) ? 0xff : 0; /* G */
dst[4] = (b & 0x02) ? 0xff : 0; /* B */
dst[7] = (b & 0x01) ? 0xff : 0; /* A */
count -= 2;
}
if (count)
{
BYTE b = *src--;
dst -= 4;
dst[2] = (b & 0x80) ? 0xff : 0; /* R */
dst[1] = (b & 0x40) ? 0xff : 0; /* G */
dst[0] = (b & 0x20) ? 0xff : 0; /* B */
dst[3] = (b & 0x10) ? 0xff : 0; /* A */
}
--
Do not reply to this email, post in Bugzilla using the
above URL to reply.
You are receiving this mail because:
You are watching all bug changes.
More information about the wine-bugs
mailing list