File tiff-CVE-2016-5102.patch of Package tiff.34105

Index: tiff-4.0.9/tools/gif2tiff.c
===================================================================
--- tiff-4.0.9.orig/tools/gif2tiff.c	2019-02-12 18:55:24.165702297 +0100
+++ tiff-4.0.9/tools/gif2tiff.c	2019-02-12 19:28:46.438836078 +0100
@@ -376,7 +376,7 @@ readraster(void)
     int status = 1;
 
     datasize = getc(infile);
-    if (datasize > 12)
+    if (datasize >= 12)
 	return 0;
     clear = 1 << datasize;
     eoi = clear + 1;
@@ -459,6 +459,10 @@ process(register int code, unsigned char
 	firstchar = oldcode = code;
 	return 1;
     }
+    if (avail >= 4096) {
+	fprintf(stderr, "bad input: clear=%d too large\n", clear);
+	return 0; 
+    }
     if (code > avail) {
 	fprintf(stderr, "code %d too large for %d\n", code, avail);
 	return 0; 
openSUSE Build Service is sponsored by