Blob Blame History Raw
From c558baf01a97aed376a67ff4641f1c3c864ae3f0 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Thu, 8 Apr 2021 17:55:26 +0200
Subject: [PATCH 1/4] CVE-2021-25290

---
 src/libImaging/TiffDecode.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libImaging/TiffDecode.c b/src/libImaging/TiffDecode.c
index f292da3..d17b557 100644
--- a/src/libImaging/TiffDecode.c
+++ b/src/libImaging/TiffDecode.c
@@ -36,6 +36,11 @@ tsize_t _tiffReadProc(thandle_t hdata, tdata_t buf, tsize_t size) {
 	TRACE(("_tiffReadProc: %d \n", (int)size));
 	dump_state(state);
 
+    if (state->loc > state->eof) {
+        TIFFError("_tiffReadProc", "Invalid Read at loc %d, eof: %d", state->loc, state->eof);
+        return 0;
+    }
+
 	to_read = min(size, min(state->size, (tsize_t)state->eof) - (tsize_t)state->loc);
 	TRACE(("to_read: %d\n", (int)to_read));
 
-- 
2.30.2