summary refs log tree commit diff
path: root/gnu/packages/patches/libtiff-CVE-2013-4244.patch
blob: be9c65c3119c56a9ae1bba754a2d6c72dccd74df (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Copied from Debian

Description: OOB write in gif2tiff
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=996468

Index: tiff-4.0.3/tools/gif2tiff.c
===================================================================
--- tiff-4.0.3.orig/tools/gif2tiff.c	2013-08-24 11:17:13.546447901 -0400
+++ tiff-4.0.3/tools/gif2tiff.c	2013-08-24 11:17:13.546447901 -0400
@@ -400,6 +400,10 @@
     }
 
     if (oldcode == -1) {
+        if (code >= clear) {
+            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+            return 0;
+        }
 	*(*fill)++ = suffix[code];
 	firstchar = oldcode = code;
 	return 1;