File tiff-4.0.7-CVE-2017-5225.patch of Package tiff

Overview Repositories Revisions Requests Users Attributes Meta

File tiff-4.0.7-CVE-2017-5225.patch of Package tiff

--- tiff-4.0.7/tools/tiffcp.c	2016-10-12 03:45:17.405273596 +0200
+++ tiff-4.0.7/tools/tiffcp.c	2017-01-13 10:56:23.389485957 +0100
@@ -592,7 +592,7 @@
 static int
 tiffcp(TIFF* in, TIFF* out)
 {
-	uint16 bitspersample, samplesperpixel = 1;
+	uint16 bitspersample = 1, samplesperpixel = 1;
 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
 	copyFunc cf;
 	uint32 width, length;
@@ -1068,6 +1068,16 @@
 	register uint32 n;
 	uint32 row;
 	tsample_t s;
+	uint16 bps = 0;
+
+	(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
+	if( bps != 8 )
+	{
+		TIFFError(TIFFFileName(in),
+		          "Error, can only handle BitsPerSample=8 in %s",
+		          "cpContig2SeparateByRow");
+		return 0;
+	}
 
 	inbuf = _TIFFmalloc(scanlinesizein);
 	outbuf = _TIFFmalloc(scanlinesizeout);
@@ -1121,6 +1131,16 @@
 	register uint32 n;
 	uint32 row;
 	tsample_t s;
+	uint16 bps = 0;
+
+	(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
+	if( bps != 8 )
+	{
+		TIFFError(TIFFFileName(in),
+		          "Error, can only handle BitsPerSample=8 in %s",
+		          "cpSeparate2ContigByRow");
+		return 0;
+	}
 
 	inbuf = _TIFFmalloc(scanlinesizein);
 	outbuf = _TIFFmalloc(scanlinesizeout);
@@ -1763,7 +1783,7 @@
 	uint32 w, l, tw, tl;
 	int bychunk;
 
-	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
+	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
 		fprintf(stderr,
 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",

Places

File tiff-4.0.7-CVE-2017-5225.patch of Package tiff

Places