https://github.com/libsdl-org/libtiff/commit/13a0a6cb2791236612c4b294476d58fc022871ba
From 13a0a6cb2791236612c4b294476d58fc022871ba Mon Sep 17 00:00:00 2001
From: Lee Howard <[EMAIL REDACTED]>
Date: Wed, 8 Dec 2010 17:44:35 +0000
Subject: [PATCH] fix crash when reading a badly-constructed TIFF per
http://bugzilla.maptools.org/show_bug.cgi?id=1994
---
ChangeLog | 16 ++++++++++++++++
libtiff/tif_dirread.c | 17 +++++++++++++++--
2 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 0bab3ae6..60ef7481 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2010-12-08 Lee Howard <faxguy@howardsilvan.com>
+
+ * libtiff/tif_dirread.c: fix crash when reading a badly-constructed
+ TIFF per http://bugzilla.maptools.org/show_bug.cgi?id=1994
+
+2010-12-07 Lee Howard <faxguy@howardsilvan.com>
+
+ * libtiff/tif_jpeg.c, libtiff/tif_strip.c: apply patch for
+ CVE-2010-3087 per bug
+ http://bugzilla.maptools.org/show_bug.cgi?id=2140
+
+2010-12-06 Lee Howard <faxguy@howardsilvan.com>
+
+ * libtiff/tif_open.c: Fix mode check before opening a file.
+ http://bugzilla.maptools.org/show_bug.cgi?id=1906
+
2010-09-25 Lee Howard <faxguy@howardsilvan.com>
* tools/tiff2ps.c: improvements and enhancements from Richard Nolde
diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
index 4b7f9311..8b6ecf96 100644
--- a/libtiff/tif_dirread.c
+++ b/libtiff/tif_dirread.c
@@ -1,4 +1,4 @@
-/* $Id: tif_dirread.c,v 1.92.2.10 2010-07-07 15:13:19 dron Exp $ */
+/* $Id: tif_dirread.c,v 1.92.2.11 2010-12-08 17:44:35 faxguy Exp $ */
/*
* Copyright (c) 1988-1997 Sam Leffler
@@ -105,7 +105,20 @@ TIFFReadDirectory(TIFF* tif)
tif->tif_name, tif->tif_nextdiroff);
return 0;
}
-
+ {
+ TIFFDirEntry* ma;
+ uint16 mb;
+ for (ma=dir, mb=0; mb<dircount; ma++, mb++)
+ {
+ TIFFDirEntry* na;
+ uint16 nb;
+ for (na=ma+1, nb=mb+1; nb<dircount; na++, nb++)
+ {
+ if (ma->tdir_tag==na->tdir_tag)
+ na->tdir_tag=IGNORE;
+ }
+ }
+ }
tif->tif_flags &= ~TIFF_BEENWRITING; /* reset before new dir */
/*
* Setup default value and then make a pass over