From fb0bc75826b860609c59848d85daa43beb7838d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
Date: Thu, 12 Jan 2017 15:34:59 +0100
Subject: [PATCH 5/5] Fix CVE-2015-8870

---
 tools/bmp2tiff.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tools/bmp2tiff.c b/tools/bmp2tiff.c
index c747c13..384cf96 100644
--- a/tools/bmp2tiff.c
+++ b/tools/bmp2tiff.c
@@ -634,7 +634,16 @@ main(int argc, char* argv[])
 				}
 			}
 			else
+			{
 				uncompr_size = width * length;
+				/* Detect int overflow */
+				if (uncompr_size / width != length) {
+					TIFFError(infilename,
+							   "Invalid dimensions of BMP file");
+					close(fd);
+					return -1;
+				}
+			}
 			comprbuf = (unsigned char *) _TIFFmalloc( compr_size );
 			if (!comprbuf) {
 				TIFFError(infilename,
-- 
2.7.4