File tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch of Package tiff

Overview Repositories Revisions Requests Users Attributes Meta

File tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch of Package tiff

--- libtiff/tif_lzw.c
+++ libtiff/tif_lzw.c
@@ -237,6 +237,11 @@
                     sp->dec_codetab[code].length = 1;
                     sp->dec_codetab[code].next = NULL;
                 } while (code--);
+               /*
+                * Zero-out the unused entries
+                */
+                _TIFFmemset(&sp->dec_codetab[CODE_CLEAR], 0,
+                (CODE_FIRST-CODE_CLEAR)*sizeof (code_t));
 	}
 	return (1);
 }
@@ -416,6 +421,13 @@
 			NextCode(tif, sp, bp, code, GetNextCode);
 			if (code == CODE_EOI)
 				break;
+
+                       if (code == CODE_CLEAR) {
+                               TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+                               "LZWDecode: Corrupted LZW table at scanline %d",
+                               tif->tif_row);
+                               return (0);
+                       }
 			*op++ = (char)code, occ--;
 			oldcodep = sp->dec_codetab + code;
 			continue;
@@ -613,6 +625,12 @@
 			NextCode(tif, sp, bp, code, GetNextCodeCompat);
 			if (code == CODE_EOI)
 				break;
+                       if (code == CODE_CLEAR) {
+                               TIFFErrorExt(tif->tif_clientdata, tif->tif_name,
+                               "LZWDecode: Corrupted LZW table at scanline %d",
+                               tif->tif_row);
+                               return (0);
+                       }
 			*op++ = code, occ--;
 			oldcodep = sp->dec_codetab + code;
 			continue;

Places

File tiff-3.8.2-tif_lzw.c-CVE-2008-2327-2.patch of Package tiff

Places