kumquat-buildroot/package/tiff/0012-libtiff-tif_jpeg.c-validate-BitsPerSample-in-JPEGSet.patch

From 0a76a8c765c7b8327c59646284fa78c3c27e5490 Mon Sep 17 00:00:00 2001
From: erouault <erouault>
Date: Wed, 11 Jan 2017 16:13:50 +0000
Subject: [PATCH] * libtiff/tif_jpeg.c: validate BitsPerSample in
 JPEGSetupEncode() to avoid undefined behaviour caused by invalid shift
 exponent. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2648

Fixes CVE-2017-7601

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 libtiff/tif_jpeg.c | 7 +++++++
 1 file changed, 13 insertions(+)

diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
index 6c17c388..192989a9 100644
--- a/libtiff/tif_jpeg.c
+++ b/libtiff/tif_jpeg.c
@@ -1632,6 +1632,13 @@ JPEGSetupEncode(TIFF* tif)
                             "Invalig horizontal/vertical sampling value");
                     return (0);
                 }
+                if( td->td_bitspersample > 16 )
+                {
+                    TIFFErrorExt(tif->tif_clientdata, module,
+                                 "BitsPerSample %d not allowed for JPEG",
+                                 td->td_bitspersample);
+                    return (0);
+                }
 
 		/*
 		 * A ReferenceBlackWhite field *must* be present since the
-- 
2.11.0