#! /bin/sh /usr/share/dpatch/dpatch-run
## tiffread.dpatch by Mehdi Dogguy <mehdi@debian.org>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix integer overflows in tiffread.c (CVE-2009-3296)
@DPATCH@
diff -urNad camlimages~/src/tiffread.c camlimages/src/tiffread.c
--- camlimages~/src/tiffread.c 2009-10-31 21:47:57.000000000 +0100
+++ camlimages/src/tiffread.c 2009-11-01 13:51:58.000000000 +0100
@@ -21,6 +21,8 @@
#include <caml/memory.h>
#include <caml/fail.h>
+#include "oversized.h"
+
/* These are defined in caml/config.h */
#define int16 int16tiff
#define uint16 uint16tiff
@@ -64,6 +66,10 @@
TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric);
+ if (oversized (imagewidth, imagelength)) {
+ failwith_oversized("tiff");
+ }
+
if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){
if( imagebits != 8 ){
failwith("Sorry, tiff rgb file must be 24bit-color");
![[patchlogo]](http://patch-tracker.debian.org/static/img/swirlpatch.png)