incorporate a fix for possible fax3 decoding overflow (CVE-2011-0192)

author: Frank Warmerdam <warmerdam@pobox.com> 2011-03-03 01:38:25 +0000
committer: Frank Warmerdam <warmerdam@pobox.com> 2011-03-03 01:38:25 +0000
commit: 8e9fb979836e016c2031abd6d580db3252e4aa3b (patch)
tree: a7cf39cdcccf6e718af96d80c5622044ac03a1f1 /libtiff/tif_fax3.h
parent: 010a2645071fcf4546c20d12ee3530a7063a05cc (diff)
download: libtiff-git-8e9fb979836e016c2031abd6d580db3252e4aa3b.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/libtiff/tif_fax3.h b/libtiff/tif_fax3.h
index 581c122e..cd49f7c5 100644
--- a/libtiff/tif_fax3.h
+++ b/libtiff/tif_fax3.h
@@ -1,4 +1,4 @@
-/* $Id: tif_fax3.h,v 1.7 2010-03-10 18:56:48 bfriesen Exp $ */
+/* $Id: tif_fax3.h,v 1.8 2011-03-03 01:38:25 fwarmerdam Exp $ */
 
 /*
  * Copyright (c) 1990-1997 Sam Leffler
@@ -478,6 +478,10 @@ done1d:									\
 	    break;							\
 	case S_VL:							\
 	    CHECK_b1;							\
+	    if (b1 <= (int) (a0 + TabEnt->Param)) {			\
+		unexpected("VL", a0);					\
+		goto eol2d;						\
+	    }								\
 	    SETVALUE(b1 - a0 - TabEnt->Param);				\
 	    b1 -= *--pb;						\
 	    break;							\
author	Frank Warmerdam <warmerdam@pobox.com>	2011-03-03 01:38:25 +0000
committer	Frank Warmerdam <warmerdam@pobox.com>	2011-03-03 01:38:25 +0000
commit	8e9fb979836e016c2031abd6d580db3252e4aa3b (patch)
tree	a7cf39cdcccf6e718af96d80c5622044ac03a1f1 /libtiff/tif_fax3.h
parent	010a2645071fcf4546c20d12ee3530a7063a05cc (diff)
download	libtiff-git-8e9fb979836e016c2031abd6d580db3252e4aa3b.tar.gz