46 lines
1.2 KiB
Diff
46 lines
1.2 KiB
Diff
Copied from Debian
|
|
|
|
From cd82b5267ad4c10eb91e4ee8a716a81362cf851c Mon Sep 17 00:00:00 2001
|
|
From: erouault <erouault>
|
|
Date: Sun, 21 Dec 2014 18:07:48 +0000
|
|
Subject: [PATCH] * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes
|
|
http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129)
|
|
|
|
---
|
|
ChangeLog | 5 +++++
|
|
libtiff/tif_next.c | 17 +++++++++++++++++
|
|
2 files changed, 22 insertions(+)
|
|
|
|
diff --git a/libtiff/tif_next.c b/libtiff/tif_next.c
|
|
index a53c716..d834196 100644
|
|
--- a/libtiff/tif_next.c
|
|
+++ b/libtiff/tif_next.c
|
|
@@ -141,10 +141,27 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize_t occ, uint16 s)
|
|
return (0);
|
|
}
|
|
|
|
+static int
|
|
+NeXTPreDecode(TIFF* tif, uint16 s)
|
|
+{
|
|
+ static const char module[] = "NeXTPreDecode";
|
|
+ TIFFDirectory *td = &tif->tif_dir;
|
|
+ (void)s;
|
|
+
|
|
+ if( td->td_bitspersample != 2 )
|
|
+ {
|
|
+ TIFFErrorExt(tif->tif_clientdata, module, "Unsupported BitsPerSample = %d",
|
|
+ td->td_bitspersample);
|
|
+ return (0);
|
|
+ }
|
|
+ return (1);
|
|
+}
|
|
+
|
|
int
|
|
TIFFInitNeXT(TIFF* tif, int scheme)
|
|
{
|
|
(void) scheme;
|
|
+ tif->tif_predecode = NeXTPreDecode;
|
|
tif->tif_decoderow = NeXTDecode;
|
|
tif->tif_decodestrip = NeXTDecode;
|
|
tif->tif_decodetile = NeXTDecode;
|