diff options
Diffstat (limited to 'libtiff-CVE-2017-7601.patch')
-rw-r--r-- | libtiff-CVE-2017-7601.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/libtiff-CVE-2017-7601.patch b/libtiff-CVE-2017-7601.patch new file mode 100644 index 000000000000..3eaaa8cca9bf --- /dev/null +++ b/libtiff-CVE-2017-7601.patch @@ -0,0 +1,32 @@ +From 148b32d6d0d79641b73b75b48ccacda3d640b47d Mon Sep 17 00:00:00 2001 +From: erouault <erouault> +Date: Wed, 11 Jan 2017 16:13:50 +0000 +Subject: [PATCH 7/8] * libtiff/tif_jpeg.c: validate BitsPerSample in + JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift + exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648 + +--- + libtiff/tif_jpeg.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c +index 1508ce6..a223eea 100644 +--- a/libtiff/tif_jpeg.c ++++ b/libtiff/tif_jpeg.c +@@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif) + "Invalig horizontal/vertical sampling value"); + return (0); + } ++ if( td->td_bitspersample > 16 ) ++ { ++ TIFFErrorExt(tif->tif_clientdata, module, ++ "BitsPerSample %d not allowed for JPEG", ++ td->td_bitspersample); ++ return (0); ++ } + + /* + * A ReferenceBlackWhite field *must* be present since the +-- +2.7.4 + |