tiff/erouault.2859.patch

---------------------
PatchSet 2859 
Date: 2014/12/21 20:07:48
Author: erouault
Branch: HEAD
Tag: (none) 
Log:
* libtiff/tif_next.c: check that BitsPerSample = 2. Fixes
http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129)

Members: 
	ChangeLog:1.963->1.964 
	libtiff/tif_next.c:1.14->1.15 


Index: libtiff/libtiff/tif_next.c
diff -u libtiff/libtiff/tif_next.c:1.14 libtiff/libtiff/tif_next.c:1.15
--- libtiff/libtiff/tif_next.c:1.14	Sun Dec 21 10:15:32 2014
+++ libtiff/libtiff/tif_next.c	Sun Dec 21 13:07:48 2014
@@ -141,10 +141,27 @@
 	return (0);
 }
 
+static int
+NeXTPreDecode(TIFF* tif, uint16 s)
+{
+	static const char module[] = "NeXTPreDecode";
+	TIFFDirectory *td = &tif->tif_dir;
+	(void)s;
+
+	if( td->td_bitspersample != 2 )
+	{
+		TIFFErrorExt(tif->tif_clientdata, module, "Unsupported BitsPerSample = %d",
+					 td->td_bitspersample);
+		return (0);
+	}
+	return (1);
+}
+	
 int
 TIFFInitNeXT(TIFF* tif, int scheme)
 {
 	(void) scheme;
+	tif->tif_predecode = NeXTPreDecode;  
 	tif->tif_decoderow = NeXTDecode;  
 	tif->tif_decodestrip = NeXTDecode;  
 	tif->tif_decodetile = NeXTDecode;