File tiff-CVE-2016-5102.patch of Package tiff.34105
Index: tiff-4.0.9/tools/gif2tiff.c
===================================================================
--- tiff-4.0.9.orig/tools/gif2tiff.c 2019-02-12 18:55:24.165702297 +0100
+++ tiff-4.0.9/tools/gif2tiff.c 2019-02-12 19:28:46.438836078 +0100
@@ -376,7 +376,7 @@ readraster(void)
int status = 1;
datasize = getc(infile);
- if (datasize > 12)
+ if (datasize >= 12)
return 0;
clear = 1 << datasize;
eoi = clear + 1;
@@ -459,6 +459,10 @@ process(register int code, unsigned char
firstchar = oldcode = code;
return 1;
}
+ if (avail >= 4096) {
+ fprintf(stderr, "bad input: clear=%d too large\n", clear);
+ return 0;
+ }
if (code > avail) {
fprintf(stderr, "code %d too large for %d\n", code, avail);
return 0;