main/tiff/CVE-2018-12900.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001
From: pgajdos <pgajdos@suse.cz>
Date: Tue, 13 Nov 2018 09:03:31 +0100
Subject: [PATCH] prevent integer overflow

---
 tools/tiffcp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/tiffcp.c b/tools/tiffcp.c
index 2f406e2d..ece7ba13 100644
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
             status = 0;
             goto done;
         }
+        if (0xFFFFFFFF / tilew < spp)
+        {
+            TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps);
+            status = 0;
+            goto done;
+        }
 	bytes_per_sample = bps/8;
 
 	for (row = 0; row < imagelength; row += tl) {
-- 
2.18.1