source/l/libtiff/tiff-3.9.7_CVE-2013-4231.diff


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

From 5d19703933eaa59f97be9c88237fe00593f180ae Mon Sep 17 00:00:00 2001
From: mancha <mancha1@hush.com>
Date: Mon, 19 Aug 2013
Subject: CVE-2013-4231

* tools/gif2tiff.c: Be more careful about corrupt or
  hostile input files (#2450, CVE-2013-4231)

---
 gif2tiff.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/tools/gif2tiff.c	2013-08-20
+++ b/tools/gif2tiff.c	2013-08-20
@@ -329,6 +329,8 @@ readraster(void)
     int status = 1;
 
     datasize = getc(infile);
+    if (datasize > 12)
+       return 0;
     clear = 1 << datasize;
     eoi = clear + 1;
     avail = clear + 2;