summaryrefslogtreecommitdiff
path: root/source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff
diff options
context:
space:
mode:
Diffstat (limited to 'source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff')
-rw-r--r--source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff24
1 files changed, 24 insertions, 0 deletions
diff --git a/source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff b/source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff
new file mode 100644
index 00000000..4f8c5432
--- /dev/null
+++ b/source/l/libtiff/tiff-3.9.7_CVE-2013-4244.diff
@@ -0,0 +1,24 @@
+From 7f4cfaec643863fcdc260da46af8d6581974101d Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Mon, 19 Aug 2013
+Subject: CVE-2013-4244
+
+* tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244)
+
+---
+ gif2tiff.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+--- a/tools/gif2tiff.c 2013-08-20
++++ b/tools/gif2tiff.c 2013-08-20
+@@ -396,6 +398,10 @@ process(register int code, unsigned char
+ }
+
+ if (oldcode == -1) {
++ if (code >= clear) {
++ fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
++ return 0;
++ }
+ *(*fill)++ = suffix[code];
+ firstchar = oldcode = code;
+ return 1;