$OpenBSD: patch-libtiff_tif_getimage_c,v 1.12 2017/05/26 20:50:57 naddy Exp $

This one is slightly problematic.  If an application allocates less
room for its error buffer than the recommended 1024, the error message
buffer will still overflow.

Index: libtiff/tif_getimage.c
--- libtiff/tif_getimage.c.orig
+++ libtiff/tif_getimage.c
@@ -80,7 +80,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 	int colorchannels;
 
 	if (!tif->tif_decodestatus) {
-		sprintf(emsg, "Sorry, requested compression method is not configured");
+		snprintf(emsg, 1024, "Sorry, requested compression method is not configured");
 		return (0);
 	}
 	switch (td->td_bitspersample) {
@@ -91,12 +91,12 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 		case 16:
 			break;
 		default:
-			sprintf(emsg, "Sorry, can not handle images with %d-bit samples",
+			snprintf(emsg, 1024, "Sorry, can not handle images with %d-bit samples",
 			    td->td_bitspersample);
 			return (0);
 	}
         if (td->td_sampleformat == SAMPLEFORMAT_IEEEFP) {
-                sprintf(emsg, "Sorry, can not handle images with IEEE floating-point samples");
+                snprintf(emsg, 1024, "Sorry, can not handle images with IEEE floating-point samples");
                 return (0);
         }
 	colorchannels = td->td_samplesperpixel - td->td_extrasamples;
@@ -109,7 +109,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 				photometric = PHOTOMETRIC_RGB;
 				break;
 			default:
-				sprintf(emsg, "Missing needed %s tag", photoTag);
+				snprintf(emsg, 1024, "Missing needed %s tag", photoTag);
 				return (0);
 		}
 	}
@@ -120,7 +120,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 			if (td->td_planarconfig == PLANARCONFIG_CONTIG
 			    && td->td_samplesperpixel != 1
 			    && td->td_bitspersample < 8 ) {
-				sprintf(emsg,
+				snprintf(emsg, 1024,
 				    "Sorry, can not handle contiguous data with %s=%d, "
 				    "and %s=%d and Bits/Sample=%d",
 				    photoTag, photometric,
@@ -144,7 +144,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 			break;
 		case PHOTOMETRIC_RGB:
 			if (colorchannels < 3) {
-				sprintf(emsg, "Sorry, can not handle RGB image with %s=%d",
+				snprintf(emsg, 1024, "Sorry, can not handle RGB image with %s=%d",
 				    "Color channels", colorchannels);
 				return (0);
 			}
@@ -154,13 +154,13 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 				uint16 inkset;
 				TIFFGetFieldDefaulted(tif, TIFFTAG_INKSET, &inkset);
 				if (inkset != INKSET_CMYK) {
-					sprintf(emsg,
+					snprintf(emsg, 1024,
 					    "Sorry, can not handle separated image with %s=%d",
 					    "InkSet", inkset);
 					return 0;
 				}
 				if (td->td_samplesperpixel < 4) {
-					sprintf(emsg,
+					snprintf(emsg, 1024,
 					    "Sorry, can not handle separated image with %s=%d",
 					    "Samples/pixel", td->td_samplesperpixel);
 					return 0;
@@ -169,7 +169,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 			}
 		case PHOTOMETRIC_LOGL:
 			if (td->td_compression != COMPRESSION_SGILOG) {
-				sprintf(emsg, "Sorry, LogL data must have %s=%d",
+				snprintf(emsg, 1024, "Sorry, LogL data must have %s=%d",
 				    "Compression", COMPRESSION_SGILOG);
 				return (0);
 			}
@@ -177,17 +177,17 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 		case PHOTOMETRIC_LOGLUV:
 			if (td->td_compression != COMPRESSION_SGILOG &&
 			    td->td_compression != COMPRESSION_SGILOG24) {
-				sprintf(emsg, "Sorry, LogLuv data must have %s=%d or %d",
+				snprintf(emsg, 1024, "Sorry, LogLuv data must have %s=%d or %d",
 				    "Compression", COMPRESSION_SGILOG, COMPRESSION_SGILOG24);
 				return (0);
 			}
 			if (td->td_planarconfig != PLANARCONFIG_CONTIG) {
-				sprintf(emsg, "Sorry, can not handle LogLuv images with %s=%d",
+				snprintf(emsg, 1024, "Sorry, can not handle LogLuv images with %s=%d",
 				    "Planarconfiguration", td->td_planarconfig);
 				return (0);
 			}
 			if ( td->td_samplesperpixel != 3 || colorchannels != 3 ) {
-                                sprintf(emsg,
+                                snprintf(emsg, 1024,
                                         "Sorry, can not handle image with %s=%d, %s=%d",
                                         "Samples/pixel", td->td_samplesperpixel,
                                         "colorchannels", colorchannels);
@@ -196,7 +196,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
 			break;
 		case PHOTOMETRIC_CIELAB:
                         if ( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) {
-                                sprintf(emsg,
+                                snprintf(emsg, 1024,
                                         "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
                                         "Samples/pixel", td->td_samplesperpixel,
                                         "colorchannels", colorchannels,
@@ -205,7 +205,7 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
                         }
 			break;
                 default:
-			sprintf(emsg, "Sorry, can not handle image with %s=%d",
+			snprintf(emsg, 1024, "Sorry, can not handle image with %s=%d",
 			    photoTag, photometric);
 			return (0);
 	}
@@ -303,7 +303,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 		case 16:
 			break;
 		default:
-			sprintf(emsg, "Sorry, can not handle images with %d-bit samples",
+			snprintf(emsg, 1024, "Sorry, can not handle images with %d-bit samples",
 			    img->bitspersample);
 			goto fail_return;
 	}
@@ -353,7 +353,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 				img->photometric = PHOTOMETRIC_RGB;
 				break;
 			default:
-				sprintf(emsg, "Missing needed %s tag", photoTag);
+				snprintf(emsg, 1024, "Missing needed %s tag", photoTag);
                                 goto fail_return;
 		}
 	}
@@ -361,7 +361,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 		case PHOTOMETRIC_PALETTE:
 			if (!TIFFGetField(tif, TIFFTAG_COLORMAP,
 			    &red_orig, &green_orig, &blue_orig)) {
-				sprintf(emsg, "Missing required \"Colormap\" tag");
+				snprintf(emsg, 1024, "Missing required \"Colormap\" tag");
                                 goto fail_return;
 			}
 
@@ -371,7 +371,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 			img->greencmap = (uint16 *) _TIFFmalloc(sizeof(uint16)*n_color);
 			img->bluecmap = (uint16 *) _TIFFmalloc(sizeof(uint16)*n_color);
 			if( !img->redcmap || !img->greencmap || !img->bluecmap ) {
-				sprintf(emsg, "Out of memory for colormap copy");
+				snprintf(emsg, 1024, "Out of memory for colormap copy");
                                 goto fail_return;
 			}
 
@@ -385,7 +385,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 			if (planarconfig == PLANARCONFIG_CONTIG
 			    && img->samplesperpixel != 1
 			    && img->bitspersample < 8 ) {
-				sprintf(emsg,
+				snprintf(emsg, 1024,
 				    "Sorry, can not handle contiguous data with %s=%d, "
 				    "and %s=%d and Bits/Sample=%d",
 				    photoTag, img->photometric,
@@ -422,7 +422,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 			break;
 		case PHOTOMETRIC_RGB:
 			if (colorchannels < 3) {
-				sprintf(emsg, "Sorry, can not handle RGB image with %s=%d",
+				snprintf(emsg, 1024, "Sorry, can not handle RGB image with %s=%d",
 				    "Color channels", colorchannels);
                                 goto fail_return;
 			}
@@ -432,12 +432,12 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 				uint16 inkset;
 				TIFFGetFieldDefaulted(tif, TIFFTAG_INKSET, &inkset);
 				if (inkset != INKSET_CMYK) {
-					sprintf(emsg, "Sorry, can not handle separated image with %s=%d",
+					snprintf(emsg, 1024, "Sorry, can not handle separated image with %s=%d",
 					    "InkSet", inkset);
                                         goto fail_return;
 				}
 				if (img->samplesperpixel < 4) {
-					sprintf(emsg, "Sorry, can not handle separated image with %s=%d",
+					snprintf(emsg, 1024, "Sorry, can not handle separated image with %s=%d",
 					    "Samples/pixel", img->samplesperpixel);
                                         goto fail_return;
 				}
@@ -445,7 +445,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 			break;
 		case PHOTOMETRIC_LOGL:
 			if (compress != COMPRESSION_SGILOG) {
-				sprintf(emsg, "Sorry, LogL data must have %s=%d",
+				snprintf(emsg, 1024, "Sorry, LogL data must have %s=%d",
 				    "Compression", COMPRESSION_SGILOG);
                                 goto fail_return;
 			}
@@ -455,12 +455,12 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 			break;
 		case PHOTOMETRIC_LOGLUV:
 			if (compress != COMPRESSION_SGILOG && compress != COMPRESSION_SGILOG24) {
-				sprintf(emsg, "Sorry, LogLuv data must have %s=%d or %d",
+				snprintf(emsg, 1024, "Sorry, LogLuv data must have %s=%d or %d",
 				    "Compression", COMPRESSION_SGILOG, COMPRESSION_SGILOG24);
                                 goto fail_return;
 			}
 			if (planarconfig != PLANARCONFIG_CONTIG) {
-				sprintf(emsg, "Sorry, can not handle LogLuv images with %s=%d",
+				snprintf(emsg, 1024, "Sorry, can not handle LogLuv images with %s=%d",
 				    "Planarconfiguration", planarconfig);
 				return (0);
 			}
@@ -471,7 +471,7 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 		case PHOTOMETRIC_CIELAB:
 			break;
 		default:
-			sprintf(emsg, "Sorry, can not handle image with %s=%d",
+			snprintf(emsg, 1024, "Sorry, can not handle image with %s=%d",
 			    photoTag, img->photometric);
                         goto fail_return;
 	}
@@ -482,12 +482,12 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, TIFF* tif, int 
 	    !(planarconfig == PLANARCONFIG_SEPARATE && img->samplesperpixel > 1);
 	if (img->isContig) {
 		if (!PickContigCase(img)) {
-			sprintf(emsg, "Sorry, can not handle image");
+			snprintf(emsg, 1024, "Sorry, can not handle image");
 			goto fail_return;
 		}
 	} else {
 		if (!PickSeparateCase(img)) {
-			sprintf(emsg, "Sorry, can not handle image");
+			snprintf(emsg, 1024, "Sorry, can not handle image");
 			goto fail_return;
 		}
 	}
