From bb217acdca1cc0c16b704669dd6f91a1b509c406 Mon Sep 17 00:00:00 2001 From: Leon Scroggins III Date: Fri, 9 Mar 2018 16:23:15 -0500 Subject: Fix an uninitialized memory read in PIEX Author: kjlubic@google.com Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6293 --- src/tiff_parser.cc | 13 ++++++++----- src/tiff_parser.h | 2 +- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/src/tiff_parser.cc b/src/tiff_parser.cc index 6bf3bb4..f36c5ba 100644 --- a/src/tiff_parser.cc +++ b/src/tiff_parser.cc @@ -165,11 +165,14 @@ bool FillPreviewImageData(const TiffDirectory& tiff_directory, // Get color_space if (tiff_directory.Has(kExifTagColorSpace)) { std::uint32_t color_space; - success &= tiff_directory.Get(kExifTagColorSpace, &color_space); - if (color_space == 1) { - preview_image_data->color_space = PreviewImageData::kSrgb; - } else if (color_space == 65535 || color_space == 2) { - preview_image_data->color_space = PreviewImageData::kAdobeRgb; + if (tiff_directory.Get(kExifTagColorSpace, &color_space)) { + if (color_space == 1) { + preview_image_data->color_space = PreviewImageData::kSrgb; + } else if (color_space == 65535 || color_space == 2) { + preview_image_data->color_space = PreviewImageData::kAdobeRgb; + } + } else { + success = false; } } diff --git a/src/tiff_parser.h b/src/tiff_parser.h index 84b3fc6..e809274 100644 --- a/src/tiff_parser.h +++ b/src/tiff_parser.h @@ -163,7 +163,7 @@ bool GetFullDimension32(const tiff_directory::TiffDirectory& tiff_directory, std::uint32_t* width, std::uint32_t* height); // Reads the width and height of the crop information if available. -// Returns false if an error occured. +// Returns false if an error occurred. bool GetFullCropDimension(const tiff_directory::TiffDirectory& tiff_directory, std::uint32_t* width, std::uint32_t* height); -- cgit v1.2.3