CVE-2018-12900.patch 817 Bytes
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
From 86861b86f26be5301ccfa96f9bf765051f4e644a Mon Sep 17 00:00:00 2001
From: pgajdos <pgajdos@suse.cz>
Date: Tue, 13 Nov 2018 09:03:31 +0100
Subject: [PATCH] prevent integer overflow

---
 tools/tiffcp.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/tools/tiffcp.c b/tools/tiffcp.c
index 2f406e2d..ece7ba13 100644
--- a/tools/tiffcp.c
+++ b/tools/tiffcp.c
@@ -1435,6 +1435,12 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer)
             status = 0;
             goto done;
         }
+        if (0xFFFFFFFF / tilew < spp)
+        {
+            TIFFError(TIFFFileName(in), "Error, either TileWidth (%u) or BitsPerSample (%u) is too large", tilew, bps);
+            status = 0;
+            goto done;
+        }
 	bytes_per_sample = bps/8;
 
 	for (row = 0; row < imagelength; row += tl) {
-- 
2.18.1