Overview

File erouault.2861.patch of Package tiff.openSUSE_13.2_Update

---------------------
PatchSet 2861 
Date: 2014/12/21 21:53:59
Author: erouault
Branch: HEAD
Tag: (none) 
Log:
* tools/thumbnail.c: fix out-of-buffer write
http://bugzilla.maptools.org/show_bug.cgi?id=2489 (CVE-2014-8128)

Members: 
	ChangeLog:1.965->1.966 
	tools/thumbnail.c:1.18->1.19 

Index: libtiff/tools/thumbnail.c
diff -u libtiff/tools/thumbnail.c:1.18 libtiff/tools/thumbnail.c:1.19
--- libtiff/tools/thumbnail.c:1.18	Sun Dec 21 13:52:42 2014
+++ libtiff/tools/thumbnail.c	Sun Dec 21 14:53:59 2014
@@ -568,7 +568,13 @@
 	    err -= limit;
 	    sy++;
 	    if (err >= limit)
-		rows[nrows++] = br + bpr*sy;
+		{
+			/* We should perhaps error loudly, but I can't make sense of that */
+			/* code... */
+			if( nrows == 256 )
+				break;
+			rows[nrows++] = br + bpr*sy;
+		}
 	}
 	setrow(row, nrows, rows);
 	row += tnw;
openSUSE Build Service is sponsored by
Places