File tiff-3.8.2-bnc788741-mem-crash.patch of Package tiff3

Index: tiff-3.8.2/libtiff/tif_jpeg.c
===================================================================
--- tiff-3.8.2.orig/libtiff/tif_jpeg.c
+++ tiff-3.8.2/libtiff/tif_jpeg.c
@@ -954,8 +954,15 @@ JPEGDecodeRaw(TIFF* tif, tidata_t buf, t
     tsize_t nrows;
     (void) s;
 
+    nrows = cc / sp->bytesperline;
+    if (cc % sp->bytesperline)
+               TIFFWarningExt(tif->tif_clientdata, tif->tif_name, "fractional scanline not read");
+
+    if( nrows > (int) sp->cinfo.d.image_height )
+        nrows = sp->cinfo.d.image_height;
+
     /* data is expected to be read in multiples of a scanline */
-    if ( (nrows = sp->cinfo.d.image_height) ) {
+    if ( nrows ) {
         /* Cb,Cr both have sampling factors 1, so this is correct */
         JDIMENSION clumps_per_line = sp->cinfo.d.comp_info[1].downsampled_width;
         int samples_per_clump = sp->samplesperclump;
@@ -1047,11 +1054,12 @@ JPEGDecodeRaw(TIFF* tif, tidata_t buf, t
                 }
             }
 #endif
-
-            ++sp->scancount;
-            ++tif->tif_row;
-            buf += sp->bytesperline;
-            cc -= sp->bytesperline;
+           sp->scancount ++;
+           tif->tif_row += sp->v_sampling;
+           /* increment/decrement of buf and cc is still incorrect, but should not matter
+            * TODO: resolve this */
+           buf += sp->bytesperline;
+           cc -= sp->bytesperline;
         } while (--nrows > 0);
   
 #ifdef JPEG_LIB_MK1