libs/tiff/patches/124-CVE-2017-7594_part1.patch

   1 From 8283e4d1b7e53340684d12932880cbcbaf23a8c1 Mon Sep 17 00:00:00 2001
   2 From: erouault <erouault>
   3 Date: Thu, 12 Jan 2017 17:43:25 +0000
   4 Subject: [PATCH] =?UTF-8?q?*=20libtiff/tif=5Fojpeg.c:=20fix=20leak=20in=20?=
   5  =?UTF-8?q?OJPEGReadHeaderInfoSecTablesAcTable=20when=20read=20fails.=20Pa?=
   6  =?UTF-8?q?tch=20by=20Nicol=C3=A1s=20Pe=C3=B1a.=20Fixes=20http://bugzilla.?=
   7  =?UTF-8?q?maptools.org/show=5Fbug.cgi=3Fid=3D2659?=
   8 MIME-Version: 1.0
   9 Content-Type: text/plain; charset=UTF-8
  10 Content-Transfer-Encoding: 8bit
  11
  12 ---
  13  ChangeLog           | 7 +++++++
  14  libtiff/tif_ojpeg.c | 3 +++
  15  2 files changed, 10 insertions(+)
  16
  17 diff --git a/ChangeLog b/ChangeLog
  18 index 6e6f3b0..12e0370 100644
  19 --- a/ChangeLog
  20 +++ b/ChangeLog
  21 @@ -1,3 +1,10 @@
  22 +2017-01-12 Even Rouault <even.rouault at spatialys.com>
  23 +
  24 +       * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
  25 +       when read fails.
  26 +       Patch by Nicolás Peña.
  27 +       Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659
  28 +
  29  2017-01-11 Even Rouault <even.rouault at spatialys.com>
  30
  31         * libtiff/tiffiop.h, tif_unix.c, tif_win32.c, tif_vms.c: add _TIFFcalloc()
  32 diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c
  33 index f19e8fd..b92f0eb 100644
  34 --- a/libtiff/tif_ojpeg.c
  35 +++ b/libtiff/tif_ojpeg.c
  36 @@ -1918,7 +1918,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif)
  37                                 rb[sizeof(uint32)+5+n]=o[n];
  38                         p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q);
  39                         if (p!=q)
  40 +                        {
  41 +                                _TIFFfree(rb);
  42                                 return(0);
  43 +                        }
  44                         sp->actable[m]=rb;
  45                         sp->sos_tda[m]=(sp->sos_tda[m]|m);
  46                 }