aboutsummaryrefslogtreecommitdiffstats
path: root/main/tiff/CVE-2017-9936.patch
blob: 4d1ac0c8235a96583af7a2cb368c312a42ec185d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
From fe8d7165956b88df4837034a9161dc5fd20cf67a Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 26 Jun 2017 15:19:59 +0000
Subject: [PATCH] * libtiff/tif_jbig.c: fix memory leak in error code path of
 JBIGDecode() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 Reported
 by team OWL337

* libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg
---
 ChangeLog          | 8 +++++++-
 libtiff/tif_jbig.c | 1 +
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index bc5096e7..ecd70534 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,12 @@
+2017-06-26  Even Rouault <even.rouault at spatialys.com>
+
+	* libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode()
+	Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706
+	Reported by team OWL337
+
 2017-06-24  Even Rouault <even.rouault at spatialys.com>
 
-	* libjpeg/tif_jpeg.c: error out at decoding time if anticipated libjpeg
+	* libtiff/tif_jpeg.c: error out at decoding time if anticipated libjpeg
 	memory allocation is above 100 MB. libjpeg in case of multiple scans,
 	which is allowed even in baseline JPEG, if components are spread over several
 	scans and not interleavedin a single one, needs to allocate memory (or
diff --git a/libtiff/tif_jbig.c b/libtiff/tif_jbig.c
index 5f5f75e2..c75f31d9 100644
--- a/libtiff/tif_jbig.c
+++ b/libtiff/tif_jbig.c
@@ -94,6 +94,7 @@ static int JBIGDecode(TIFF* tif, uint8* buffer, tmsize_t size, uint16 s)
 			     jbg_strerror(decodeStatus)
 #endif
 			     );
+		jbg_dec_free(&decoder);
 		return 0;
 	}