summary refs log tree commit diff
path: root/gnu/packages/patches/libtiff-CVE-2014-8129.patch
blob: 091ec8f5739344edb1b75fb21aa22ac69ab59081 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Copied from Debian

From cd82b5267ad4c10eb91e4ee8a716a81362cf851c Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Sun, 21 Dec 2014 18:07:48 +0000
Subject: [PATCH] * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes
 http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129)

---
 ChangeLog          |  5 +++++
 libtiff/tif_next.c | 17 +++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
index a53c716..d834196 100644
--- a/libtiff/tif_next.c
+++ b/libtiff/tif_next.c
@@ -141,10 +141,27 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
 	return (0);
 }
 
+static int
+NeXTPreDecode(TIFF* tif, uint16 s)
+{
+	static const char module[] = "NeXTPreDecode";
+	TIFFDirectory *td = &tif->tif_dir;
+	(void)s;
+
+	if( td->td_bitspersample != 2 )
+	{
+		TIFFErrorExt(tif->tif_clientdata, module, "Unsupported BitsPerSample = %d",
+					 td->td_bitspersample);
+		return (0);
+	}
+	return (1);
+}
+	
 int
 TIFFInitNeXT(TIFF* tif, int scheme)
 {
 	(void) scheme;
+	tif->tif_predecode = NeXTPreDecode;  
 	tif->tif_decoderow = NeXTDecode;  
 	tif->tif_decodestrip = NeXTDecode;  
 	tif->tif_decodetile = NeXTDecode;