Overview

File tiff-4.0.6-CVE-2016-3990.patch of Package tiff.3178

--- tiff-4.0.6/libtiff/tif_pixarlog.c	2015-08-29 00:16:22.630733284 +0200
+++ tiff-4.0.6/libtiff/tif_pixarlog.c	2016-09-01 16:12:07.226933631 +0200
@@ -1131,6 +1131,13 @@
 	}
 
 	llen = sp->stride * td->td_imagewidth;
+    /* Check against the number of elements (of size uint16) of sp->tbuf */
+    if( n > (tmsize_t)(td->td_rowsperstrip * llen) )
+    {
+        TIFFErrorExt(tif->tif_clientdata, module,
+                     "Too many input bytes provided");
+        return 0;
+    }
 
 	for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) {
 		switch (sp->user_datafmt)  {
Only in tiff-4.0.6/libtiff: tif_pixarlog.c.orig
openSUSE Build Service is sponsored by
Places