libs/tiff/patches/010-CVE-2012-4564.patch

   1 Index: tiff-4.0.3/tools/ppm2tiff.c
   2 ===================================================================
   3 --- tiff-4.0.3.orig/tools/ppm2tiff.c    2013-06-23 10:36:50.779629492 -0400
   4 +++ tiff-4.0.3/tools/ppm2tiff.c 2013-06-23 10:36:50.775629494 -0400
   5 @@ -89,6 +89,7 @@
   6         int c;
   7         extern int optind;
   8         extern char* optarg;
   9 +       tmsize_t scanline_size;
  10
  11         if (argc < 2) {
  12             fprintf(stderr, "%s: Too few arguments\n", argv[0]);
  13 @@ -237,8 +238,16 @@
  14         }
  15         if (TIFFScanlineSize(out) > linebytes)
  16                 buf = (unsigned char *)_TIFFmalloc(linebytes);
  17 -       else
  18 -               buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
  19 +       else {
  20 +               scanline_size = TIFFScanlineSize(out);
  21 +               if (scanline_size != 0)
  22 +                       buf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));
  23 +               else {
  24 +                       fprintf(stderr, "%s: scanline size overflow\n",infile);
  25 +                       (void) TIFFClose(out);
  26 +                       exit(-2);
  27 +                       }
  28 +               }
  29         if (resolution > 0) {
  30                 TIFFSetField(out, TIFFTAG_XRESOLUTION, resolution);
  31                 TIFFSetField(out, TIFFTAG_YRESOLUTION, resolution);