File tiff-CVE-2015-8668.patch of Package tiff.34105

Based on tiff-CVE-2015-8668.patch from SLE11.
Which is based on attached patch attached to bsc#960589 with different else case.
Index: tiff-4.0.9/tools/bmp2tiff.c
===================================================================
--- tiff-4.0.9.orig/tools/bmp2tiff.c
+++ tiff-4.0.9/tools/bmp2tiff.c
@@ -648,18 +648,35 @@ main(int argc, char* argv[])
 			    || info_hdr.iCompression == BMPC_RLE4 ) {
 			uint32		i, j, k, runlength;
 			uint32		compr_size, uncompr_size;
+			uint32    bits = 0;
 			unsigned char   *comprbuf;
 			unsigned char   *uncomprbuf;
 
 			compr_size = file_hdr.iSize - file_hdr.iOffBits;
-			uncompr_size = width * length;
-                        /* Detect int overflow */
-                        if( uncompr_size / width != length ) {
-                                TIFFError(infilename,
-                                          "Invalid dimensions of BMP file" );
-                                close(fd);
-                                return -1;
-                        }
+
+			bits = info_hdr.iBitCount;
+
+			if (bits > 8) // bit depth is > 8bit, adjust size
+			{
+				uncompr_size = width * length * (bits / 8);
+				/* Detect int overflow */
+				if (uncompr_size / width / (bits / 8) != length) {
+					TIFFError(infilename,
+							   "Invalid dimensions of BMP file");
+					close(fd);
+					return -1;
+				}
+			} else {
+				uncompr_size = width * length;
+	                        /* Detect int overflow */
+	                        if( uncompr_size / width != length ) {
+	                                TIFFError(infilename,
+	                                          "Invalid dimensions of BMP file" );
+	                                close(fd);
+	                                return -1;
+	                        }
+			}
+
                         if ( (compr_size == 0) ||
                              (compr_size > ((uint32) ~0) >> 1) ||
                              (uncompr_size == 0) ||
openSUSE Build Service is sponsored by