| Brad Bishop | d5ae7d9 | 2018-06-14 09:52:03 -0700 | [diff] [blame] | 1 | From de144fd228e4be8aa484c3caf3d814b6fa88c6d9 Mon Sep 17 00:00:00 2001 |
| 2 | From: Even Rouault <even.rouault@spatialys.com> |
| 3 | Date: Sat, 12 May 2018 14:24:15 +0200 |
| 4 | Subject: [PATCH] TIFFWriteDirectorySec: avoid assertion. Fixes |
| 5 | http://bugzilla.maptools.org/show_bug.cgi?id=2795. |
| 6 | CVE-2018-10963 |
| 7 | |
| 8 | --- |
| 9 | CVE: CVE-2018-10963 |
| 10 | |
| 11 | Upstream-Status: Backport [gitlab.com/libtiff/libtiff/commit/de144f...] |
| 12 | |
| 13 | Signed-off-by: Joe Slater <joe.slater@windriver.com> |
| 14 | |
| 15 | --- |
| 16 | libtiff/tif_dirwrite.c | 7 +++++-- |
| 17 | 1 file changed, 5 insertions(+), 2 deletions(-) |
| 18 | |
| 19 | diff --git a/libtiff/tif_dirwrite.c b/libtiff/tif_dirwrite.c |
| 20 | index 2430de6..c15a28d 100644 |
| 21 | --- a/libtiff/tif_dirwrite.c |
| 22 | +++ b/libtiff/tif_dirwrite.c |
| 23 | @@ -695,8 +695,11 @@ TIFFWriteDirectorySec(TIFF* tif, int isimage, int imagedone, uint64* pdiroff) |
| 24 | } |
| 25 | break; |
| 26 | default: |
| 27 | - assert(0); /* we should never get here */ |
| 28 | - break; |
| 29 | + TIFFErrorExt(tif->tif_clientdata,module, |
| 30 | + "Cannot write tag %d (%s)", |
| 31 | + TIFFFieldTag(o), |
| 32 | + o->field_name ? o->field_name : "unknown"); |
| 33 | + goto bad; |
| 34 | } |
| 35 | } |
| 36 | } |
| 37 | -- |
| 38 | 1.7.9.5 |
| 39 | |