| From 8283e4d1b7e53340684d12932880cbcbaf23a8c1 Mon Sep 17 00:00:00 2001 |
| From: erouault <erouault> |
| Date: Thu, 12 Jan 2017 17:43:25 +0000 |
| Subject: [PATCH] libtiff/tif_ojpeg.c: fix leak in |
| OJPEGReadHeaderInfoSecTablesAcTable when read fails. |
| Patch by Nicolás Peña. |
| Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659 |
| MIME-Version: 1.0 |
| Content-Type: text/plain; charset=UTF-8 |
| Content-Transfer-Encoding: 8bit |
| |
| Fixes CVE-2017-7594 |
| |
| Signed-off-by: Peter Korsgaard <peter@korsgaard.com> |
| --- |
| libtiff/tif_ojpeg.c | 3 +++ |
| 1 file changed, 10 insertions(+) |
| |
| diff --git a/libtiff/tif_ojpeg.c b/libtiff/tif_ojpeg.c |
| index f19e8fd0..b92f0ebd 100644 |
| --- a/libtiff/tif_ojpeg.c |
| +++ b/libtiff/tif_ojpeg.c |
| @@ -1918,7 +1918,10 @@ OJPEGReadHeaderInfoSecTablesAcTable(TIFF* tif) |
| rb[sizeof(uint32)+5+n]=o[n]; |
| p=(uint32)TIFFReadFile(tif,&(rb[sizeof(uint32)+21]),q); |
| if (p!=q) |
| + { |
| + _TIFFfree(rb); |
| return(0); |
| + } |
| sp->actable[m]=rb; |
| sp->sos_tda[m]=(sp->sos_tda[m]|m); |
| } |
| -- |
| 2.11.0 |
| |