From 6281927e03aed3fdaac4c25e1cd1a5ff7232bcd8 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Thu, 1 Jun 2017 12:44:04 +0000
Subject: =?UTF-8?q?*=20libtiff/tif=5Fdirinfo.c,=20tif=5Fdirread.c:=20add?=
 =?UTF-8?q?=20=5FTIFFCheckFieldIsValidForCodec(),=20and=20use=20it=20in=20?=
 =?UTF-8?q?TIFFReadDirectory()=20so=20as=20to=20ignore=20fields=20whose=20?=
 =?UTF-8?q?tag=20is=20a=20codec-specified=20tag=20but=20this=20codec=20is?=
 =?UTF-8?q?=20not=20enabled.=20This=20avoids=20TIFFGetField()=20to=20behav?=
 =?UTF-8?q?e=20differently=20depending=20on=20whether=20the=20codec=20is?=
 =?UTF-8?q?=20enabled=20or=20not,=20and=20thus=20can=20avoid=20stack=20bas?=
 =?UTF-8?q?ed=20buffer=20overflows=20in=20a=20number=20of=20TIFF=20utiliti?=
 =?UTF-8?q?es=20such=20as=20tiffsplit,=20tiffcmp,=20thumbnail,=20etc.=20Pa?=
 =?UTF-8?q?tch=20derived=20from=200063-Handle-properly-CODEC-specific-tags?=
 =?UTF-8?q?.patch=20(http://bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D25?=
 =?UTF-8?q?80)=20by=20Rapha=C3=ABl=20Hertzog.=20Fixes:=20http://bugzilla.m?=
 =?UTF-8?q?aptools.org/show=5Fbug.cgi=3Fid=3D2580=20http://bugzilla.maptoo?=
 =?UTF-8?q?ls.org/show=5Fbug.cgi=3Fid=3D2693=20http://bugzilla.maptools.or?=
 =?UTF-8?q?g/show=5Fbug.cgi=3Fid=3D2625=20(CVE-2016-10095)=20http://bugzil?=
 =?UTF-8?q?la.maptools.org/show=5Fbug.cgi=3Fid=3D2564=20(CVE-2015-7554)=20?=
 =?UTF-8?q?http://bugzilla.maptools.org/show=5Fbug.cgi=3Fid=3D2561=20(CVE-?=
 =?UTF-8?q?2016-5318)=20http://bugzilla.maptools.org/show=5Fbug.cgi=3Fid?=
 =?UTF-8?q?=3D2499=20(CVE-2014-8128)=20http://bugzilla.maptools.org/show?=
 =?UTF-8?q?=5Fbug.cgi=3Fid=3D2441=20http://bugzilla.maptools.org/show=5Fbu?=
 =?UTF-8?q?g.cgi=3Fid=3D2433?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 libtiff/tif_dirread.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'libtiff/tif_dirread.c')

diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 772ebaf7..acde78b5 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -1,4 +1,4 @@
-/* $Id: tif_dirread.c,v 1.208 2017-04-27 15:46:22 erouault Exp $ */
+/* $Id: tif_dirread.c,v 1.209 2017-06-01 12:44:04 erouault Exp $ */
 
 /*
  * Copyright (c) 1988-1997 Sam Leffler
@@ -3580,6 +3580,10 @@ TIFFReadDirectory(TIFF* tif)
 							goto bad;
 						dp->tdir_tag=IGNORE;
 						break;
+                                        default:
+                                            if( !_TIFFCheckFieldIsValidForCodec(tif, dp->tdir_tag) )
+                                                dp->tdir_tag=IGNORE;
+                                            break;
 				}
 			}
 		}
-- 
cgit v1.2.1