libs/tiff/patches/016-CVE-2013-4243.patch

   1 Index: tiff/tools/gif2tiff.c
   2 ===================================================================
   3 --- tiff.orig/tools/gif2tiff.c
   4 +++ tiff/tools/gif2tiff.c
   5 @@ -280,6 +280,10 @@ readgifimage(char* mode)
   6          fprintf(stderr, "no colormap present for image\n");
   7          return (0);
   8      }
   9 +    if (width == 0 || height == 0) {
  10 +        fprintf(stderr, "Invalid value of width or height\n");
  11 +        return(0);
  12 +    }
  13      if ((raster = (unsigned char*) _TIFFmalloc(width*height+EXTRAFUDGE)) == NULL) {
  14          fprintf(stderr, "not enough memory for image\n");
  15          return (0);
  16 @@ -404,6 +408,10 @@ process(register int code, unsigned char
  17              fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
  18              return 0;
  19          }
  20 +        if (*fill >= raster + width*height) {
  21 +            fprintf(stderr, "raster full before eoi code\n");
  22 +            return 0;
  23 +        }
  24         *(*fill)++ = suffix[code];
  25         firstchar = oldcode = code;
  26         return 1;
  27 @@ -434,6 +442,10 @@ process(register int code, unsigned char
  28      }
  29      oldcode = incode;
  30      do {
  31 +        if (*fill >= raster + width*height) {
  32 +            fprintf(stderr, "raster full before eoi code\n");
  33 +            return 0;
  34 +        }
  35         *(*fill)++ = *--stackp;
  36      } while (stackp > stack);
  37      return 1;