[packages] libtiff: fix multiple buffer overflows (patches from Debian)
[openwrt/svn-archive/archive.git] / libs / tiff / patches / 903-cve-2009-2285.patch
1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285
2
3 --- a/libtiff/tif_lzw.c
4 +++ b/libtiff/tif_lzw.c
5 @@ -422,7 +422,7 @@ LZWDecode(TIFF* tif, tidata_t op0, tsize
6 NextCode(tif, sp, bp, code, GetNextCode);
7 if (code == CODE_EOI)
8 break;
9 - if (code == CODE_CLEAR) {
10 + if (code >= CODE_CLEAR) {
11 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
12 "LZWDecode: Corrupted LZW table at scanline %d",
13 tif->tif_row);
14 @@ -626,7 +626,7 @@ LZWDecodeCompat(TIFF* tif, tidata_t op0,
15 NextCode(tif, sp, bp, code, GetNextCodeCompat);
16 if (code == CODE_EOI)
17 break;
18 - if (code == CODE_CLEAR) {
19 + if (code >= CODE_CLEAR) {
20 TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
21 "LZWDecode: Corrupted LZW table at scanline %d",
22 tif->tif_row);