summarylogtreecommitdiffstats
path: root/libtiff-CVE-2017-7601.patch
diff options
context:
space:
mode:
Diffstat (limited to 'libtiff-CVE-2017-7601.patch')
-rw-r--r--libtiff-CVE-2017-7601.patch32
1 files changed, 32 insertions, 0 deletions
diff --git a/libtiff-CVE-2017-7601.patch b/libtiff-CVE-2017-7601.patch
new file mode 100644
index 000000000000..3eaaa8cca9bf
--- /dev/null
+++ b/libtiff-CVE-2017-7601.patch
@@ -0,0 +1,32 @@
+From 148b32d6d0d79641b73b75b48ccacda3d640b47d Mon Sep 17 00:00:00 2001
+From: erouault <erouault>
+Date: Wed, 11 Jan 2017 16:13:50 +0000
+Subject: [PATCH 7/8] * libtiff/tif_jpeg.c: validate BitsPerSample in
+ JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
+ exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648
+
+---
+ libtiff/tif_jpeg.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
+index 1508ce6..a223eea 100644
+--- a/libtiff/tif_jpeg.c
++++ b/libtiff/tif_jpeg.c
+@@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif)
+ "Invalig horizontal/vertical sampling value");
+ return (0);
+ }
++ if( td->td_bitspersample > 16 )
++ {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "BitsPerSample %d not allowed for JPEG",
++ td->td_bitspersample);
++ return (0);
++ }
+
+ /*
+ * A ReferenceBlackWhite field *must* be present since the
+--
+2.7.4
+